{ "ClusterName": "microk8s-prod-01", "Resources": [ { "Kind": "ClusterRole", "Name": "admin", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/admin", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 52, "Failures": 12 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0041", "Title": "Manage secrets", "Description": "Viewing secrets at the cluster-scope is akin to cluster-admin in most clusters as there are typically at least one service accounts (their token stored in a secret) bound to cluster-admin directly or a role/clusterrole that gives similar permissions.", "Message": "ClusterRole 'admin' shouldn't have access to manage resource 'secrets'", "Namespace": "builtin.kubernetes.KSV041", "Query": "data.builtin.kubernetes.KSV041.deny", "Resolution": "Manage secrets are not allowed. Remove resource 'secrets' from cluster role", "Severity": "CRITICAL", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0041", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0041" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 65, "EndLine": 77, "Code": { "Lines": [ { "Number": 65, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 66, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 67, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 68, "Content": " - pods/attach", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods/attach", "FirstCause": false, "LastCause": false }, { "Number": 69, "Content": " - pods/exec", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods/exec", "FirstCause": false, "LastCause": false }, { "Number": 70, "Content": " - pods/portforward", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods/portforward", "FirstCause": false, "LastCause": false }, { "Number": 71, "Content": " - pods/proxy", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods/proxy", "FirstCause": false, "LastCause": false }, { "Number": 72, "Content": " - secrets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - secrets", "FirstCause": false, "LastCause": false }, { "Number": 73, "Content": " - services/proxy", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - services/proxy", "FirstCause": false, "LastCause": true }, { "Number": 74, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0041", "Title": "Manage secrets", "Description": "Viewing secrets at the cluster-scope is akin to cluster-admin in most clusters as there are typically at least one service accounts (their token stored in a secret) bound to cluster-admin directly or a role/clusterrole that gives similar permissions.", "Message": "ClusterRole 'admin' shouldn't have access to manage resource 'secrets'", "Namespace": "builtin.kubernetes.KSV041", "Query": "data.builtin.kubernetes.KSV041.deny", "Resolution": "Manage secrets are not allowed. Remove resource 'secrets' from cluster role", "Severity": "CRITICAL", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0041", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0041" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 104, "EndLine": 121, "Code": { "Lines": [ { "Number": 104, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 105, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 106, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 107, "Content": " - configmaps", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - configmaps", "FirstCause": false, "LastCause": false }, { "Number": 108, "Content": " - events", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - events", "FirstCause": false, "LastCause": false }, { "Number": 109, "Content": " - persistentvolumeclaims", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - persistentvolumeclaims", "FirstCause": false, "LastCause": false }, { "Number": 110, "Content": " - replicationcontrollers", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - replicationcontrollers", "FirstCause": false, "LastCause": false }, { "Number": 111, "Content": " - replicationcontrollers/scale", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - replicationcontrollers/scale", "FirstCause": false, "LastCause": false }, { "Number": 112, "Content": " - secrets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - secrets", "FirstCause": false, "LastCause": true }, { "Number": 113, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0048", "Title": "Manage Kubernetes workloads and pods", "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", "Message": "ClusterRole 'admin' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV048", "Query": "data.builtin.kubernetes.KSV048.deny", "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0048" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 84, "EndLine": 97, "Code": { "Lines": [ { "Number": 84, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 85, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 86, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 87, "Content": " - pods", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods", "FirstCause": false, "LastCause": false }, { "Number": 88, "Content": " - pods/attach", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods/attach", "FirstCause": false, "LastCause": false }, { "Number": 89, "Content": " - pods/exec", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods/exec", "FirstCause": false, "LastCause": false }, { "Number": 90, "Content": " - pods/portforward", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods/portforward", "FirstCause": false, "LastCause": false }, { "Number": 91, "Content": " - pods/proxy", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods/proxy", "FirstCause": false, "LastCause": false }, { "Number": 92, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 93, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0048", "Title": "Manage Kubernetes workloads and pods", "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", "Message": "ClusterRole 'admin' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV048", "Query": "data.builtin.kubernetes.KSV048.deny", "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0048" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 104, "EndLine": 121, "Code": { "Lines": [ { "Number": 104, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 105, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 106, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 107, "Content": " - configmaps", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - configmaps", "FirstCause": false, "LastCause": false }, { "Number": 108, "Content": " - events", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - events", "FirstCause": false, "LastCause": false }, { "Number": 109, "Content": " - persistentvolumeclaims", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - persistentvolumeclaims", "FirstCause": false, "LastCause": false }, { "Number": 110, "Content": " - replicationcontrollers", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - replicationcontrollers", "FirstCause": false, "LastCause": false }, { "Number": 111, "Content": " - replicationcontrollers/scale", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - replicationcontrollers/scale", "FirstCause": false, "LastCause": false }, { "Number": 112, "Content": " - secrets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - secrets", "FirstCause": false, "LastCause": true }, { "Number": 113, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0048", "Title": "Manage Kubernetes workloads and pods", "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", "Message": "ClusterRole 'admin' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV048", "Query": "data.builtin.kubernetes.KSV048.deny", "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0048" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 128, "EndLine": 144, "Code": { "Lines": [ { "Number": 128, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 129, "Content": " - apps", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - apps", "FirstCause": false, "LastCause": false }, { "Number": 130, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 131, "Content": " - daemonsets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - daemonsets", "FirstCause": false, "LastCause": false }, { "Number": 132, "Content": " - deployments", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - deployments", "FirstCause": false, "LastCause": false }, { "Number": 133, "Content": " - deployments/rollback", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - deployments/rollback", "FirstCause": false, "LastCause": false }, { "Number": 134, "Content": " - deployments/scale", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - deployments/scale", "FirstCause": false, "LastCause": false }, { "Number": 135, "Content": " - replicasets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - replicasets", "FirstCause": false, "LastCause": false }, { "Number": 136, "Content": " - replicasets/scale", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - replicasets/scale", "FirstCause": false, "LastCause": true }, { "Number": 137, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0048", "Title": "Manage Kubernetes workloads and pods", "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", "Message": "ClusterRole 'admin' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV048", "Query": "data.builtin.kubernetes.KSV048.deny", "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0048" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 155, "EndLine": 165, "Code": { "Lines": [ { "Number": 155, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 156, "Content": " - batch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - batch", "FirstCause": false, "LastCause": false }, { "Number": 157, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 158, "Content": " - cronjobs", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - cronjobs", "FirstCause": false, "LastCause": false }, { "Number": 159, "Content": " - jobs", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - jobs", "FirstCause": false, "LastCause": false }, { "Number": 160, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 161, "Content": " - create", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - create", "FirstCause": false, "LastCause": false }, { "Number": 162, "Content": " - delete", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - delete", "FirstCause": false, "LastCause": false }, { "Number": 163, "Content": " - deletecollection", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - deletecollection", "FirstCause": false, "LastCause": true }, { "Number": 164, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0048", "Title": "Manage Kubernetes workloads and pods", "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", "Message": "ClusterRole 'admin' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV048", "Query": "data.builtin.kubernetes.KSV048.deny", "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0048" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 166, "EndLine": 183, "Code": { "Lines": [ { "Number": 166, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 167, "Content": " - extensions", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - extensions", "FirstCause": false, "LastCause": false }, { "Number": 168, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 169, "Content": " - daemonsets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - daemonsets", "FirstCause": false, "LastCause": false }, { "Number": 170, "Content": " - deployments", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - deployments", "FirstCause": false, "LastCause": false }, { "Number": 171, "Content": " - deployments/rollback", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - deployments/rollback", "FirstCause": false, "LastCause": false }, { "Number": 172, "Content": " - deployments/scale", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - deployments/scale", "FirstCause": false, "LastCause": false }, { "Number": 173, "Content": " - ingresses", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - ingresses", "FirstCause": false, "LastCause": false }, { "Number": 174, "Content": " - networkpolicies", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - networkpolicies", "FirstCause": false, "LastCause": true }, { "Number": 175, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0049", "Title": "Manage configmaps", "Description": "Some workloads leverage configmaps to store sensitive data or configuration parameters that affect runtime behavior that can be modified by an attacker or combined with another issue to potentially lead to compromise.", "Message": "ClusterRole 'admin' should not have access to resource 'configmaps' for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV049", "Query": "data.builtin.kubernetes.KSV049.deny", "Resolution": "Remove write permission verbs for resource 'configmaps'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0049", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0049" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 104, "EndLine": 121, "Code": { "Lines": [ { "Number": 104, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 105, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 106, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 107, "Content": " - configmaps", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - configmaps", "FirstCause": false, "LastCause": false }, { "Number": 108, "Content": " - events", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - events", "FirstCause": false, "LastCause": false }, { "Number": 109, "Content": " - persistentvolumeclaims", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - persistentvolumeclaims", "FirstCause": false, "LastCause": false }, { "Number": 110, "Content": " - replicationcontrollers", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - replicationcontrollers", "FirstCause": false, "LastCause": false }, { "Number": 111, "Content": " - replicationcontrollers/scale", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - replicationcontrollers/scale", "FirstCause": false, "LastCause": false }, { "Number": 112, "Content": " - secrets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - secrets", "FirstCause": false, "LastCause": true }, { "Number": 113, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0053", "Title": "Exec into Pods", "Description": "The ability to exec into a container with privileged access to the host or with an attached SA with higher RBAC permissions is a common escalation path to cluster-admin.", "Message": "ClusterRole 'admin' should not have access to resource '[\"pods/exec\"]' for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV053", "Query": "data.builtin.kubernetes.KSV053.deny", "Resolution": "Remove write permission verbs for resource 'pods/exec'", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0053", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0053" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 84, "EndLine": 97, "Code": { "Lines": [ { "Number": 84, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 85, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 86, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 87, "Content": " - pods", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods", "FirstCause": false, "LastCause": false }, { "Number": 88, "Content": " - pods/attach", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods/attach", "FirstCause": false, "LastCause": false }, { "Number": 89, "Content": " - pods/exec", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods/exec", "FirstCause": false, "LastCause": false }, { "Number": 90, "Content": " - pods/portforward", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods/portforward", "FirstCause": false, "LastCause": false }, { "Number": 91, "Content": " - pods/proxy", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods/proxy", "FirstCause": false, "LastCause": false }, { "Number": 92, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 93, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0056", "Title": "Manage Kubernetes networking", "Description": "The ability to control which pods get service traffic directed to them allows for interception attacks. Controlling network policy allows for bypassing lateral movement restrictions.", "Message": "ClusterRole 'admin' should not have access to resources [\"services\", \"endpoints\", \"endpointslices\", \"networkpolicies\", \"ingresses\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV056", "Query": "data.builtin.kubernetes.KSV056.deny", "Resolution": "Networking resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0056", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0056" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 104, "EndLine": 121, "Code": { "Lines": [ { "Number": 104, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 105, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 106, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 107, "Content": " - configmaps", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - configmaps", "FirstCause": false, "LastCause": false }, { "Number": 108, "Content": " - events", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - events", "FirstCause": false, "LastCause": false }, { "Number": 109, "Content": " - persistentvolumeclaims", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - persistentvolumeclaims", "FirstCause": false, "LastCause": false }, { "Number": 110, "Content": " - replicationcontrollers", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - replicationcontrollers", "FirstCause": false, "LastCause": false }, { "Number": 111, "Content": " - replicationcontrollers/scale", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - replicationcontrollers/scale", "FirstCause": false, "LastCause": false }, { "Number": 112, "Content": " - secrets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - secrets", "FirstCause": false, "LastCause": true }, { "Number": 113, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0056", "Title": "Manage Kubernetes networking", "Description": "The ability to control which pods get service traffic directed to them allows for interception attacks. Controlling network policy allows for bypassing lateral movement restrictions.", "Message": "ClusterRole 'admin' should not have access to resources [\"services\", \"endpoints\", \"endpointslices\", \"networkpolicies\", \"ingresses\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV056", "Query": "data.builtin.kubernetes.KSV056.deny", "Resolution": "Networking resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0056", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0056" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 166, "EndLine": 183, "Code": { "Lines": [ { "Number": 166, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 167, "Content": " - extensions", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - extensions", "FirstCause": false, "LastCause": false }, { "Number": 168, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 169, "Content": " - daemonsets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - daemonsets", "FirstCause": false, "LastCause": false }, { "Number": 170, "Content": " - deployments", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - deployments", "FirstCause": false, "LastCause": false }, { "Number": 171, "Content": " - deployments/rollback", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - deployments/rollback", "FirstCause": false, "LastCause": false }, { "Number": 172, "Content": " - deployments/scale", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - deployments/scale", "FirstCause": false, "LastCause": false }, { "Number": 173, "Content": " - ingresses", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - ingresses", "FirstCause": false, "LastCause": false }, { "Number": 174, "Content": " - networkpolicies", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - networkpolicies", "FirstCause": false, "LastCause": true }, { "Number": 175, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0056", "Title": "Manage Kubernetes networking", "Description": "The ability to control which pods get service traffic directed to them allows for interception attacks. Controlling network policy allows for bypassing lateral movement restrictions.", "Message": "ClusterRole 'admin' should not have access to resources [\"services\", \"endpoints\", \"endpointslices\", \"networkpolicies\", \"ingresses\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV056", "Query": "data.builtin.kubernetes.KSV056.deny", "Resolution": "Networking resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0056", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0056" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 194, "EndLine": 204, "Code": { "Lines": [ { "Number": 194, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 195, "Content": " - networking.k8s.io", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - networking.k8s.io", "FirstCause": false, "LastCause": false }, { "Number": 196, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 197, "Content": " - ingresses", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - ingresses", "FirstCause": false, "LastCause": false }, { "Number": 198, "Content": " - networkpolicies", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - networkpolicies", "FirstCause": false, "LastCause": false }, { "Number": 199, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 200, "Content": " - create", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - create", "FirstCause": false, "LastCause": false }, { "Number": 201, "Content": " - delete", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - delete", "FirstCause": false, "LastCause": false }, { "Number": 202, "Content": " - deletecollection", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - deletecollection", "FirstCause": false, "LastCause": true }, { "Number": 203, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } } ] } ] }, { "Kind": "ClusterRole", "Name": "cert-manager-cainjector", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/cert-manager-cainjector", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 55, "Failures": 2 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0041", "Title": "Manage secrets", "Description": "Viewing secrets at the cluster-scope is akin to cluster-admin in most clusters as there are typically at least one service accounts (their token stored in a secret) bound to cluster-admin directly or a role/clusterrole that gives similar permissions.", "Message": "ClusterRole 'cert-manager-cainjector' shouldn't have access to manage resource 'secrets'", "Namespace": "builtin.kubernetes.KSV041", "Query": "data.builtin.kubernetes.KSV041.deny", "Resolution": "Manage secrets are not allowed. Remove resource 'secrets' from cluster role", "Severity": "CRITICAL", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0041", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0041" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 23, "EndLine": 30, "Code": { "Lines": [ { "Number": 23, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 24, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 25, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 26, "Content": " - secrets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - secrets", "FirstCause": false, "LastCause": false }, { "Number": 27, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 28, "Content": " - get", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - get", "FirstCause": false, "LastCause": false }, { "Number": 29, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": false }, { "Number": 30, "Content": " - watch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - watch", "FirstCause": false, "LastCause": true } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0114", "Title": "Manage webhookconfigurations", "Description": "Webhooks can silently intercept or actively mutate/block resources as they are being created or updated. This includes secrets and pod specs.", "Message": "ClusterRole 'cert-manager-cainjector' should not have access to resources [\"mutatingwebhookconfigurations\", \"validatingwebhookconfigurations\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV114", "Query": "data.builtin.kubernetes.KSV114.deny", "Resolution": "Remove webhook configuration resources/verbs, acceptable values for verbs ['get', 'list', 'watch']", "Severity": "CRITICAL", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0114", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0114" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 40, "EndLine": 50, "Code": { "Lines": [ { "Number": 40, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 41, "Content": " - admissionregistration.k8s.io", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - admissionregistration.k8s.io", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - validatingwebhookconfigurations", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - validatingwebhookconfigurations", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " - mutatingwebhookconfigurations", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - mutatingwebhookconfigurations", "FirstCause": false, "LastCause": false }, { "Number": 45, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 46, "Content": " - get", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - get", "FirstCause": false, "LastCause": false }, { "Number": 47, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": false }, { "Number": 48, "Content": " - watch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - watch", "FirstCause": false, "LastCause": true }, { "Number": 49, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } } ] } ] }, { "Kind": "ClusterRole", "Name": "cert-manager-cluster-view", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/cert-manager-cluster-view", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRole", "Name": "cert-manager-controller-approve:cert-manager-io", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/cert-manager-controller-approve:cert-manager-io", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRole", "Name": "cert-manager-controller-certificates", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/cert-manager-controller-certificates", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 1 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0041", "Title": "Manage secrets", "Description": "Viewing secrets at the cluster-scope is akin to cluster-admin in most clusters as there are typically at least one service accounts (their token stored in a secret) bound to cluster-admin directly or a role/clusterrole that gives similar permissions.", "Message": "ClusterRole 'cert-manager-controller-certificates' shouldn't have access to manage resource 'secrets'", "Namespace": "builtin.kubernetes.KSV041", "Query": "data.builtin.kubernetes.KSV041.deny", "Resolution": "Manage secrets are not allowed. Remove resource 'secrets' from cluster role", "Severity": "CRITICAL", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0041", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0041" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 53, "EndLine": 64, "Code": { "Lines": [ { "Number": 53, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 54, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 55, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 56, "Content": " - secrets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - secrets", "FirstCause": false, "LastCause": false }, { "Number": 57, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 58, "Content": " - get", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - get", "FirstCause": false, "LastCause": false }, { "Number": 59, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": false }, { "Number": 60, "Content": " - watch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - watch", "FirstCause": false, "LastCause": false }, { "Number": 61, "Content": " - create", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - create", "FirstCause": false, "LastCause": true }, { "Number": 62, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } } ] } ] }, { "Kind": "ClusterRole", "Name": "cert-manager-controller-certificatesigningrequests", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/cert-manager-controller-certificatesigningrequests", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRole", "Name": "cert-manager-controller-challenges", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/cert-manager-controller-challenges", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 54, "Failures": 5 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0041", "Title": "Manage secrets", "Description": "Viewing secrets at the cluster-scope is akin to cluster-admin in most clusters as there are typically at least one service accounts (their token stored in a secret) bound to cluster-admin directly or a role/clusterrole that gives similar permissions.", "Message": "ClusterRole 'cert-manager-controller-challenges' shouldn't have access to manage resource 'secrets'", "Namespace": "builtin.kubernetes.KSV041", "Query": "data.builtin.kubernetes.KSV041.deny", "Resolution": "Manage secrets are not allowed. Remove resource 'secrets' from cluster role", "Severity": "CRITICAL", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0041", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0041" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 40, "EndLine": 47, "Code": { "Lines": [ { "Number": 40, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 41, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - secrets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - secrets", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 45, "Content": " - get", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - get", "FirstCause": false, "LastCause": false }, { "Number": 46, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": false }, { "Number": 47, "Content": " - watch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - watch", "FirstCause": false, "LastCause": true } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0041", "Title": "Manage secrets", "Description": "Viewing secrets at the cluster-scope is akin to cluster-admin in most clusters as there are typically at least one service accounts (their token stored in a secret) bound to cluster-admin directly or a role/clusterrole that gives similar permissions.", "Message": "ClusterRole 'cert-manager-controller-challenges' shouldn't have access to manage resource 'secrets'", "Namespace": "builtin.kubernetes.KSV041", "Query": "data.builtin.kubernetes.KSV041.deny", "Resolution": "Manage secrets are not allowed. Remove resource 'secrets' from cluster role", "Severity": "CRITICAL", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0041", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0041" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 100, "EndLine": 107, "Code": { "Lines": [ { "Number": 100, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 101, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 102, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 103, "Content": " - secrets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - secrets", "FirstCause": false, "LastCause": false }, { "Number": 104, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 105, "Content": " - get", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - get", "FirstCause": false, "LastCause": false }, { "Number": 106, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": false }, { "Number": 107, "Content": " - watch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - watch", "FirstCause": false, "LastCause": true } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0048", "Title": "Manage Kubernetes workloads and pods", "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", "Message": "ClusterRole 'cert-manager-controller-challenges' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV048", "Query": "data.builtin.kubernetes.KSV048.deny", "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0048" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 55, "EndLine": 65, "Code": { "Lines": [ { "Number": 55, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 56, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 57, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 58, "Content": " - pods", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods", "FirstCause": false, "LastCause": false }, { "Number": 59, "Content": " - services", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - services", "FirstCause": false, "LastCause": false }, { "Number": 60, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 61, "Content": " - get", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - get", "FirstCause": false, "LastCause": false }, { "Number": 62, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": false }, { "Number": 63, "Content": " - watch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - watch", "FirstCause": false, "LastCause": true }, { "Number": 64, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0056", "Title": "Manage Kubernetes networking", "Description": "The ability to control which pods get service traffic directed to them allows for interception attacks. Controlling network policy allows for bypassing lateral movement restrictions.", "Message": "ClusterRole 'cert-manager-controller-challenges' should not have access to resources [\"services\", \"endpoints\", \"endpointslices\", \"networkpolicies\", \"ingresses\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV056", "Query": "data.builtin.kubernetes.KSV056.deny", "Resolution": "Networking resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0056", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0056" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 55, "EndLine": 65, "Code": { "Lines": [ { "Number": 55, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 56, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 57, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 58, "Content": " - pods", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods", "FirstCause": false, "LastCause": false }, { "Number": 59, "Content": " - services", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - services", "FirstCause": false, "LastCause": false }, { "Number": 60, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 61, "Content": " - get", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - get", "FirstCause": false, "LastCause": false }, { "Number": 62, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": false }, { "Number": 63, "Content": " - watch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - watch", "FirstCause": false, "LastCause": true }, { "Number": 64, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0056", "Title": "Manage Kubernetes networking", "Description": "The ability to control which pods get service traffic directed to them allows for interception attacks. Controlling network policy allows for bypassing lateral movement restrictions.", "Message": "ClusterRole 'cert-manager-controller-challenges' should not have access to resources [\"services\", \"endpoints\", \"endpointslices\", \"networkpolicies\", \"ingresses\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV056", "Query": "data.builtin.kubernetes.KSV056.deny", "Resolution": "Networking resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0056", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0056" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 66, "EndLine": 76, "Code": { "Lines": [ { "Number": 66, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 67, "Content": " - networking.k8s.io", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - networking.k8s.io", "FirstCause": false, "LastCause": false }, { "Number": 68, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 69, "Content": " - ingresses", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - ingresses", "FirstCause": false, "LastCause": false }, { "Number": 70, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 71, "Content": " - get", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - get", "FirstCause": false, "LastCause": false }, { "Number": 72, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": false }, { "Number": 73, "Content": " - watch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - watch", "FirstCause": false, "LastCause": false }, { "Number": 74, "Content": " - create", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - create", "FirstCause": false, "LastCause": true }, { "Number": 75, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } } ] } ] }, { "Kind": "ClusterRole", "Name": "cert-manager-controller-clusterissuers", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/cert-manager-controller-clusterissuers", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 1 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0041", "Title": "Manage secrets", "Description": "Viewing secrets at the cluster-scope is akin to cluster-admin in most clusters as there are typically at least one service accounts (their token stored in a secret) bound to cluster-admin directly or a role/clusterrole that gives similar permissions.", "Message": "ClusterRole 'cert-manager-controller-clusterissuers' shouldn't have access to manage resource 'secrets'", "Namespace": "builtin.kubernetes.KSV041", "Query": "data.builtin.kubernetes.KSV041.deny", "Resolution": "Manage secrets are not allowed. Remove resource 'secrets' from cluster role", "Severity": "CRITICAL", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0041", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0041" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 31, "EndLine": 41, "Code": { "Lines": [ { "Number": 31, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 32, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 33, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " - secrets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - secrets", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " - get", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - get", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " - watch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - watch", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " - create", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - create", "FirstCause": false, "LastCause": true }, { "Number": 40, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } } ] } ] }, { "Kind": "ClusterRole", "Name": "cert-manager-controller-ingress-shim", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/cert-manager-controller-ingress-shim", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRole", "Name": "cert-manager-controller-issuers", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/cert-manager-controller-issuers", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 1 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0041", "Title": "Manage secrets", "Description": "Viewing secrets at the cluster-scope is akin to cluster-admin in most clusters as there are typically at least one service accounts (their token stored in a secret) bound to cluster-admin directly or a role/clusterrole that gives similar permissions.", "Message": "ClusterRole 'cert-manager-controller-issuers' shouldn't have access to manage resource 'secrets'", "Namespace": "builtin.kubernetes.KSV041", "Query": "data.builtin.kubernetes.KSV041.deny", "Resolution": "Manage secrets are not allowed. Remove resource 'secrets' from cluster role", "Severity": "CRITICAL", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0041", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0041" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 31, "EndLine": 41, "Code": { "Lines": [ { "Number": 31, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 32, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 33, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " - secrets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - secrets", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " - get", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - get", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " - watch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - watch", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " - create", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - create", "FirstCause": false, "LastCause": true }, { "Number": 40, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } } ] } ] }, { "Kind": "ClusterRole", "Name": "cert-manager-controller-orders", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/cert-manager-controller-orders", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 1 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0041", "Title": "Manage secrets", "Description": "Viewing secrets at the cluster-scope is akin to cluster-admin in most clusters as there are typically at least one service accounts (their token stored in a secret) bound to cluster-admin directly or a role/clusterrole that gives similar permissions.", "Message": "ClusterRole 'cert-manager-controller-orders' shouldn't have access to manage resource 'secrets'", "Namespace": "builtin.kubernetes.KSV041", "Query": "data.builtin.kubernetes.KSV041.deny", "Resolution": "Manage secrets are not allowed. Remove resource 'secrets' from cluster role", "Severity": "CRITICAL", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0041", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0041" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 54, "EndLine": 61, "Code": { "Lines": [ { "Number": 54, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 55, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 56, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 57, "Content": " - secrets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - secrets", "FirstCause": false, "LastCause": false }, { "Number": 58, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 59, "Content": " - get", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - get", "FirstCause": false, "LastCause": false }, { "Number": 60, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": false }, { "Number": 61, "Content": " - watch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - watch", "FirstCause": false, "LastCause": true } ] } } } ] } ] }, { "Kind": "ClusterRole", "Name": "cert-manager-edit", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/cert-manager-edit", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRole", "Name": "cert-manager-view", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/cert-manager-view", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRole", "Name": "cert-manager-webhook:subjectaccessreviews", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/cert-manager-webhook:subjectaccessreviews", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRole", "Name": "cluster-admin", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/cluster-admin", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 55, "Failures": 2 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0044", "Title": "No wildcard verb and resource roles", "Description": "Check whether role permits wildcard verb on wildcard resource", "Message": "Role permits wildcard verb on wildcard resource", "Namespace": "builtin.kubernetes.KSV044", "Query": "data.builtin.kubernetes.KSV044.deny", "Resolution": "Create a role which does not permit wildcard verb on wildcard resource", "Severity": "CRITICAL", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0044", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0044" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 13, "EndLine": 18, "Code": { "Lines": [ { "Number": 13, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 14, "Content": " - '*'", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m'*'", "FirstCause": false, "LastCause": false }, { "Number": 15, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 16, "Content": " - '*'", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m'*'", "FirstCause": false, "LastCause": false }, { "Number": 17, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 18, "Content": " - '*'", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m'*'\u001b[0m", "FirstCause": false, "LastCause": true } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0046", "Title": "Manage all resources", "Description": "Full control of the cluster resources, and therefore also root on all nodes where workloads can run and has access to all pods, secrets, and data.", "Message": "ClusterRole 'cluster-admin' shouldn't manage all resources", "Namespace": "builtin.kubernetes.KSV046", "Query": "data.builtin.kubernetes.KSV046.deny", "Resolution": "Remove '*' from 'rules.resources'. Provide specific list of resources to be managed by cluster role", "Severity": "CRITICAL", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0046", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0046" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 13, "EndLine": 18, "Code": { "Lines": [ { "Number": 13, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 14, "Content": " - '*'", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m'*'", "FirstCause": false, "LastCause": false }, { "Number": 15, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 16, "Content": " - '*'", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m'*'", "FirstCause": false, "LastCause": false }, { "Number": 17, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 18, "Content": " - '*'", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m'*'\u001b[0m", "FirstCause": false, "LastCause": true } ] } } } ] } ] }, { "Kind": "ClusterRole", "Name": "coredns", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/coredns", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRole", "Name": "edit", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/edit", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 52, "Failures": 12 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0041", "Title": "Manage secrets", "Description": "Viewing secrets at the cluster-scope is akin to cluster-admin in most clusters as there are typically at least one service accounts (their token stored in a secret) bound to cluster-admin directly or a role/clusterrole that gives similar permissions.", "Message": "ClusterRole 'edit' shouldn't have access to manage resource 'secrets'", "Namespace": "builtin.kubernetes.KSV041", "Query": "data.builtin.kubernetes.KSV041.deny", "Resolution": "Manage secrets are not allowed. Remove resource 'secrets' from cluster role", "Severity": "CRITICAL", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0041", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0041" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 66, "EndLine": 78, "Code": { "Lines": [ { "Number": 66, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 67, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 68, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 69, "Content": " - pods/attach", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods/attach", "FirstCause": false, "LastCause": false }, { "Number": 70, "Content": " - pods/exec", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods/exec", "FirstCause": false, "LastCause": false }, { "Number": 71, "Content": " - pods/portforward", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods/portforward", "FirstCause": false, "LastCause": false }, { "Number": 72, "Content": " - pods/proxy", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods/proxy", "FirstCause": false, "LastCause": false }, { "Number": 73, "Content": " - secrets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - secrets", "FirstCause": false, "LastCause": false }, { "Number": 74, "Content": " - services/proxy", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - services/proxy", "FirstCause": false, "LastCause": true }, { "Number": 75, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0041", "Title": "Manage secrets", "Description": "Viewing secrets at the cluster-scope is akin to cluster-admin in most clusters as there are typically at least one service accounts (their token stored in a secret) bound to cluster-admin directly or a role/clusterrole that gives similar permissions.", "Message": "ClusterRole 'edit' shouldn't have access to manage resource 'secrets'", "Namespace": "builtin.kubernetes.KSV041", "Query": "data.builtin.kubernetes.KSV041.deny", "Resolution": "Manage secrets are not allowed. Remove resource 'secrets' from cluster role", "Severity": "CRITICAL", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0041", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0041" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 105, "EndLine": 122, "Code": { "Lines": [ { "Number": 105, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 106, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 107, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 108, "Content": " - configmaps", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - configmaps", "FirstCause": false, "LastCause": false }, { "Number": 109, "Content": " - events", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - events", "FirstCause": false, "LastCause": false }, { "Number": 110, "Content": " - persistentvolumeclaims", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - persistentvolumeclaims", "FirstCause": false, "LastCause": false }, { "Number": 111, "Content": " - replicationcontrollers", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - replicationcontrollers", "FirstCause": false, "LastCause": false }, { "Number": 112, "Content": " - replicationcontrollers/scale", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - replicationcontrollers/scale", "FirstCause": false, "LastCause": false }, { "Number": 113, "Content": " - secrets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - secrets", "FirstCause": false, "LastCause": true }, { "Number": 114, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0048", "Title": "Manage Kubernetes workloads and pods", "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", "Message": "ClusterRole 'edit' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV048", "Query": "data.builtin.kubernetes.KSV048.deny", "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0048" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 85, "EndLine": 98, "Code": { "Lines": [ { "Number": 85, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 86, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 87, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 88, "Content": " - pods", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods", "FirstCause": false, "LastCause": false }, { "Number": 89, "Content": " - pods/attach", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods/attach", "FirstCause": false, "LastCause": false }, { "Number": 90, "Content": " - pods/exec", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods/exec", "FirstCause": false, "LastCause": false }, { "Number": 91, "Content": " - pods/portforward", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods/portforward", "FirstCause": false, "LastCause": false }, { "Number": 92, "Content": " - pods/proxy", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods/proxy", "FirstCause": false, "LastCause": false }, { "Number": 93, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 94, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0048", "Title": "Manage Kubernetes workloads and pods", "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", "Message": "ClusterRole 'edit' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV048", "Query": "data.builtin.kubernetes.KSV048.deny", "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0048" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 105, "EndLine": 122, "Code": { "Lines": [ { "Number": 105, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 106, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 107, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 108, "Content": " - configmaps", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - configmaps", "FirstCause": false, "LastCause": false }, { "Number": 109, "Content": " - events", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - events", "FirstCause": false, "LastCause": false }, { "Number": 110, "Content": " - persistentvolumeclaims", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - persistentvolumeclaims", "FirstCause": false, "LastCause": false }, { "Number": 111, "Content": " - replicationcontrollers", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - replicationcontrollers", "FirstCause": false, "LastCause": false }, { "Number": 112, "Content": " - replicationcontrollers/scale", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - replicationcontrollers/scale", "FirstCause": false, "LastCause": false }, { "Number": 113, "Content": " - secrets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - secrets", "FirstCause": false, "LastCause": true }, { "Number": 114, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0048", "Title": "Manage Kubernetes workloads and pods", "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", "Message": "ClusterRole 'edit' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV048", "Query": "data.builtin.kubernetes.KSV048.deny", "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0048" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 129, "EndLine": 145, "Code": { "Lines": [ { "Number": 129, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 130, "Content": " - apps", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - apps", "FirstCause": false, "LastCause": false }, { "Number": 131, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 132, "Content": " - daemonsets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - daemonsets", "FirstCause": false, "LastCause": false }, { "Number": 133, "Content": " - deployments", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - deployments", "FirstCause": false, "LastCause": false }, { "Number": 134, "Content": " - deployments/rollback", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - deployments/rollback", "FirstCause": false, "LastCause": false }, { "Number": 135, "Content": " - deployments/scale", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - deployments/scale", "FirstCause": false, "LastCause": false }, { "Number": 136, "Content": " - replicasets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - replicasets", "FirstCause": false, "LastCause": false }, { "Number": 137, "Content": " - replicasets/scale", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - replicasets/scale", "FirstCause": false, "LastCause": true }, { "Number": 138, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0048", "Title": "Manage Kubernetes workloads and pods", "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", "Message": "ClusterRole 'edit' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV048", "Query": "data.builtin.kubernetes.KSV048.deny", "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0048" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 156, "EndLine": 166, "Code": { "Lines": [ { "Number": 156, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 157, "Content": " - batch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - batch", "FirstCause": false, "LastCause": false }, { "Number": 158, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 159, "Content": " - cronjobs", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - cronjobs", "FirstCause": false, "LastCause": false }, { "Number": 160, "Content": " - jobs", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - jobs", "FirstCause": false, "LastCause": false }, { "Number": 161, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 162, "Content": " - create", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - create", "FirstCause": false, "LastCause": false }, { "Number": 163, "Content": " - delete", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - delete", "FirstCause": false, "LastCause": false }, { "Number": 164, "Content": " - deletecollection", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - deletecollection", "FirstCause": false, "LastCause": true }, { "Number": 165, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0048", "Title": "Manage Kubernetes workloads and pods", "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", "Message": "ClusterRole 'edit' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV048", "Query": "data.builtin.kubernetes.KSV048.deny", "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0048" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 167, "EndLine": 184, "Code": { "Lines": [ { "Number": 167, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 168, "Content": " - extensions", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - extensions", "FirstCause": false, "LastCause": false }, { "Number": 169, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 170, "Content": " - daemonsets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - daemonsets", "FirstCause": false, "LastCause": false }, { "Number": 171, "Content": " - deployments", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - deployments", "FirstCause": false, "LastCause": false }, { "Number": 172, "Content": " - deployments/rollback", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - deployments/rollback", "FirstCause": false, "LastCause": false }, { "Number": 173, "Content": " - deployments/scale", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - deployments/scale", "FirstCause": false, "LastCause": false }, { "Number": 174, "Content": " - ingresses", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - ingresses", "FirstCause": false, "LastCause": false }, { "Number": 175, "Content": " - networkpolicies", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - networkpolicies", "FirstCause": false, "LastCause": true }, { "Number": 176, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0049", "Title": "Manage configmaps", "Description": "Some workloads leverage configmaps to store sensitive data or configuration parameters that affect runtime behavior that can be modified by an attacker or combined with another issue to potentially lead to compromise.", "Message": "ClusterRole 'edit' should not have access to resource 'configmaps' for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV049", "Query": "data.builtin.kubernetes.KSV049.deny", "Resolution": "Remove write permission verbs for resource 'configmaps'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0049", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0049" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 105, "EndLine": 122, "Code": { "Lines": [ { "Number": 105, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 106, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 107, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 108, "Content": " - configmaps", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - configmaps", "FirstCause": false, "LastCause": false }, { "Number": 109, "Content": " - events", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - events", "FirstCause": false, "LastCause": false }, { "Number": 110, "Content": " - persistentvolumeclaims", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - persistentvolumeclaims", "FirstCause": false, "LastCause": false }, { "Number": 111, "Content": " - replicationcontrollers", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - replicationcontrollers", "FirstCause": false, "LastCause": false }, { "Number": 112, "Content": " - replicationcontrollers/scale", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - replicationcontrollers/scale", "FirstCause": false, "LastCause": false }, { "Number": 113, "Content": " - secrets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - secrets", "FirstCause": false, "LastCause": true }, { "Number": 114, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0053", "Title": "Exec into Pods", "Description": "The ability to exec into a container with privileged access to the host or with an attached SA with higher RBAC permissions is a common escalation path to cluster-admin.", "Message": "ClusterRole 'edit' should not have access to resource '[\"pods/exec\"]' for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV053", "Query": "data.builtin.kubernetes.KSV053.deny", "Resolution": "Remove write permission verbs for resource 'pods/exec'", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0053", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0053" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 85, "EndLine": 98, "Code": { "Lines": [ { "Number": 85, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 86, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 87, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 88, "Content": " - pods", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods", "FirstCause": false, "LastCause": false }, { "Number": 89, "Content": " - pods/attach", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods/attach", "FirstCause": false, "LastCause": false }, { "Number": 90, "Content": " - pods/exec", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods/exec", "FirstCause": false, "LastCause": false }, { "Number": 91, "Content": " - pods/portforward", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods/portforward", "FirstCause": false, "LastCause": false }, { "Number": 92, "Content": " - pods/proxy", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods/proxy", "FirstCause": false, "LastCause": false }, { "Number": 93, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 94, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0056", "Title": "Manage Kubernetes networking", "Description": "The ability to control which pods get service traffic directed to them allows for interception attacks. Controlling network policy allows for bypassing lateral movement restrictions.", "Message": "ClusterRole 'edit' should not have access to resources [\"services\", \"endpoints\", \"endpointslices\", \"networkpolicies\", \"ingresses\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV056", "Query": "data.builtin.kubernetes.KSV056.deny", "Resolution": "Networking resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0056", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0056" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 105, "EndLine": 122, "Code": { "Lines": [ { "Number": 105, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 106, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 107, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 108, "Content": " - configmaps", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - configmaps", "FirstCause": false, "LastCause": false }, { "Number": 109, "Content": " - events", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - events", "FirstCause": false, "LastCause": false }, { "Number": 110, "Content": " - persistentvolumeclaims", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - persistentvolumeclaims", "FirstCause": false, "LastCause": false }, { "Number": 111, "Content": " - replicationcontrollers", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - replicationcontrollers", "FirstCause": false, "LastCause": false }, { "Number": 112, "Content": " - replicationcontrollers/scale", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - replicationcontrollers/scale", "FirstCause": false, "LastCause": false }, { "Number": 113, "Content": " - secrets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - secrets", "FirstCause": false, "LastCause": true }, { "Number": 114, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0056", "Title": "Manage Kubernetes networking", "Description": "The ability to control which pods get service traffic directed to them allows for interception attacks. Controlling network policy allows for bypassing lateral movement restrictions.", "Message": "ClusterRole 'edit' should not have access to resources [\"services\", \"endpoints\", \"endpointslices\", \"networkpolicies\", \"ingresses\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV056", "Query": "data.builtin.kubernetes.KSV056.deny", "Resolution": "Networking resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0056", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0056" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 167, "EndLine": 184, "Code": { "Lines": [ { "Number": 167, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 168, "Content": " - extensions", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - extensions", "FirstCause": false, "LastCause": false }, { "Number": 169, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 170, "Content": " - daemonsets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - daemonsets", "FirstCause": false, "LastCause": false }, { "Number": 171, "Content": " - deployments", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - deployments", "FirstCause": false, "LastCause": false }, { "Number": 172, "Content": " - deployments/rollback", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - deployments/rollback", "FirstCause": false, "LastCause": false }, { "Number": 173, "Content": " - deployments/scale", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - deployments/scale", "FirstCause": false, "LastCause": false }, { "Number": 174, "Content": " - ingresses", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - ingresses", "FirstCause": false, "LastCause": false }, { "Number": 175, "Content": " - networkpolicies", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - networkpolicies", "FirstCause": false, "LastCause": true }, { "Number": 176, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0056", "Title": "Manage Kubernetes networking", "Description": "The ability to control which pods get service traffic directed to them allows for interception attacks. Controlling network policy allows for bypassing lateral movement restrictions.", "Message": "ClusterRole 'edit' should not have access to resources [\"services\", \"endpoints\", \"endpointslices\", \"networkpolicies\", \"ingresses\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV056", "Query": "data.builtin.kubernetes.KSV056.deny", "Resolution": "Networking resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0056", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0056" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 195, "EndLine": 205, "Code": { "Lines": [ { "Number": 195, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 196, "Content": " - networking.k8s.io", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - networking.k8s.io", "FirstCause": false, "LastCause": false }, { "Number": 197, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 198, "Content": " - ingresses", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - ingresses", "FirstCause": false, "LastCause": false }, { "Number": 199, "Content": " - networkpolicies", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - networkpolicies", "FirstCause": false, "LastCause": false }, { "Number": 200, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 201, "Content": " - create", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - create", "FirstCause": false, "LastCause": false }, { "Number": 202, "Content": " - delete", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - delete", "FirstCause": false, "LastCause": false }, { "Number": 203, "Content": " - deletecollection", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - deletecollection", "FirstCause": false, "LastCause": true }, { "Number": 204, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } } ] } ] }, { "Kind": "ClusterRole", "Name": "metallb-system:controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/metallb-system:controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 1 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0114", "Title": "Manage webhookconfigurations", "Description": "Webhooks can silently intercept or actively mutate/block resources as they are being created or updated. This includes secrets and pod specs.", "Message": "ClusterRole 'metallb-system:controller' should not have access to resources [\"mutatingwebhookconfigurations\", \"validatingwebhookconfigurations\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV114", "Query": "data.builtin.kubernetes.KSV114.deny", "Resolution": "Remove webhook configuration resources/verbs, acceptable values for verbs ['get', 'list', 'watch']", "Severity": "CRITICAL", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0114", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0114" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 47, "EndLine": 60, "Code": { "Lines": [ { "Number": 47, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 48, "Content": " - admissionregistration.k8s.io", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - admissionregistration.k8s.io", "FirstCause": false, "LastCause": false }, { "Number": 49, "Content": " resourceNames:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresourceNames\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 50, "Content": " - metallb-webhook-configuration", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - metallb-webhook-configuration", "FirstCause": false, "LastCause": false }, { "Number": 51, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 52, "Content": " - validatingwebhookconfigurations", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - validatingwebhookconfigurations", "FirstCause": false, "LastCause": false }, { "Number": 53, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 54, "Content": " - create", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - create", "FirstCause": false, "LastCause": false }, { "Number": 55, "Content": " - delete", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - delete", "FirstCause": false, "LastCause": true }, { "Number": 56, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } } ] } ] }, { "Kind": "ClusterRole", "Name": "metallb-system:speaker", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/metallb-system:speaker", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRole", "Name": "microk8s-hostpath", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/microk8s-hostpath", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 55, "Failures": 2 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0048", "Title": "Manage Kubernetes workloads and pods", "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", "Message": "ClusterRole 'microk8s-hostpath' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV048", "Query": "data.builtin.kubernetes.KSV048.deny", "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0048" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 58, "EndLine": 65, "Code": { "Lines": [ { "Number": 58, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 59, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 60, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 61, "Content": " - pods", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods", "FirstCause": false, "LastCause": false }, { "Number": 62, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 63, "Content": " - get", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - get", "FirstCause": false, "LastCause": false }, { "Number": 64, "Content": " - create", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - create", "FirstCause": false, "LastCause": false }, { "Number": 65, "Content": " - delete", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - delete", "FirstCause": false, "LastCause": true } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0056", "Title": "Manage Kubernetes networking", "Description": "The ability to control which pods get service traffic directed to them allows for interception attacks. Controlling network policy allows for bypassing lateral movement restrictions.", "Message": "ClusterRole 'microk8s-hostpath' should not have access to resources [\"services\", \"endpoints\", \"endpointslices\", \"networkpolicies\", \"ingresses\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV056", "Query": "data.builtin.kubernetes.KSV056.deny", "Resolution": "Networking resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0056", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0056" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 32, "EndLine": 42, "Code": { "Lines": [ { "Number": 32, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 33, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " - endpoints", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - endpoints", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " - get", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - get", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " - update", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - update", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " - watch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - watch", "FirstCause": false, "LastCause": true }, { "Number": 41, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } } ] } ] }, { "Kind": "ClusterRole", "Name": "nginx-ingress-microk8s-clusterrole", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/nginx-ingress-microk8s-clusterrole", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 1 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0041", "Title": "Manage secrets", "Description": "Viewing secrets at the cluster-scope is akin to cluster-admin in most clusters as there are typically at least one service accounts (their token stored in a secret) bound to cluster-admin directly or a role/clusterrole that gives similar permissions.", "Message": "ClusterRole 'nginx-ingress-microk8s-clusterrole' shouldn't have access to manage resource 'secrets'", "Namespace": "builtin.kubernetes.KSV041", "Query": "data.builtin.kubernetes.KSV041.deny", "Resolution": "Manage secrets are not allowed. Remove resource 'secrets' from cluster role", "Severity": "CRITICAL", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0041", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0041" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 21, "EndLine": 31, "Code": { "Lines": [ { "Number": 21, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 22, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 23, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 24, "Content": " - configmaps", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - configmaps", "FirstCause": false, "LastCause": false }, { "Number": 25, "Content": " - endpoints", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - endpoints", "FirstCause": false, "LastCause": false }, { "Number": 26, "Content": " - nodes", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - nodes", "FirstCause": false, "LastCause": false }, { "Number": 27, "Content": " - pods", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods", "FirstCause": false, "LastCause": false }, { "Number": 28, "Content": " - secrets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - secrets", "FirstCause": false, "LastCause": false }, { "Number": 29, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 30, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } } ] } ] }, { "Kind": "ClusterRole", "Name": "operator-maintenance-role", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/operator-maintenance-role", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 2 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0048", "Title": "Manage Kubernetes workloads and pods", "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", "Message": "ClusterRole 'operator-maintenance-role' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV048", "Query": "data.builtin.kubernetes.KSV048.deny", "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0048" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 9, "EndLine": 21, "Code": { "Lines": [ { "Number": 9, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 10, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 11, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 12, "Content": " - pods", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods", "FirstCause": false, "LastCause": false }, { "Number": 13, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 14, "Content": " - get", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - get", "FirstCause": false, "LastCause": false }, { "Number": 15, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": false }, { "Number": 16, "Content": " - watch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - watch", "FirstCause": false, "LastCause": false }, { "Number": 17, "Content": " - create", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - create", "FirstCause": false, "LastCause": true }, { "Number": 18, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0048", "Title": "Manage Kubernetes workloads and pods", "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", "Message": "ClusterRole 'operator-maintenance-role' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV048", "Query": "data.builtin.kubernetes.KSV048.deny", "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0048" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 56, "EndLine": 67, "Code": { "Lines": [ { "Number": 56, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 57, "Content": " - batch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - batch", "FirstCause": false, "LastCause": false }, { "Number": 58, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 59, "Content": " - jobs", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - jobs", "FirstCause": false, "LastCause": false }, { "Number": 60, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 61, "Content": " - get", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - get", "FirstCause": false, "LastCause": false }, { "Number": 62, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": false }, { "Number": 63, "Content": " - watch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - watch", "FirstCause": false, "LastCause": false }, { "Number": 64, "Content": " - create", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - create", "FirstCause": false, "LastCause": true }, { "Number": 65, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } } ] } ] }, { "Kind": "ClusterRole", "Name": "prometheus", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/prometheus", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 1 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0047", "Title": "Do not allow privilege escalation from node proxy", "Description": "Check whether role permits privilege escalation from node proxy", "Message": "Role permits privilege escalation from node proxy", "Namespace": "builtin.kubernetes.KSV047", "Query": "data.builtin.kubernetes.KSV047.deny", "Resolution": "Create a role which does not permit privilege escalation from node proxy", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0047", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0047" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 9, "EndLine": 20, "Code": { "Lines": [ { "Number": 9, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 10, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 11, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 12, "Content": " - nodes", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - nodes", "FirstCause": false, "LastCause": false }, { "Number": 13, "Content": " - nodes/proxy", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - nodes/proxy", "FirstCause": false, "LastCause": false }, { "Number": 14, "Content": " - services", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - services", "FirstCause": false, "LastCause": false }, { "Number": 15, "Content": " - endpoints", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - endpoints", "FirstCause": false, "LastCause": false }, { "Number": 16, "Content": " - pods", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods", "FirstCause": false, "LastCause": false }, { "Number": 17, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 18, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } } ] } ] }, { "Kind": "ClusterRole", "Name": "system:aggregate-to-admin", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:aggregate-to-admin", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRole", "Name": "system:aggregate-to-edit", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:aggregate-to-edit", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 52, "Failures": 12 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0041", "Title": "Manage secrets", "Description": "Viewing secrets at the cluster-scope is akin to cluster-admin in most clusters as there are typically at least one service accounts (their token stored in a secret) bound to cluster-admin directly or a role/clusterrole that gives similar permissions.", "Message": "ClusterRole 'system:aggregate-to-edit' shouldn't have access to manage resource 'secrets'", "Namespace": "builtin.kubernetes.KSV041", "Query": "data.builtin.kubernetes.KSV041.deny", "Resolution": "Manage secrets are not allowed. Remove resource 'secrets' from cluster role", "Severity": "CRITICAL", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0041", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0041" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 14, "EndLine": 26, "Code": { "Lines": [ { "Number": 14, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 15, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 16, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 17, "Content": " - pods/attach", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods/attach", "FirstCause": false, "LastCause": false }, { "Number": 18, "Content": " - pods/exec", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods/exec", "FirstCause": false, "LastCause": false }, { "Number": 19, "Content": " - pods/portforward", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods/portforward", "FirstCause": false, "LastCause": false }, { "Number": 20, "Content": " - pods/proxy", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods/proxy", "FirstCause": false, "LastCause": false }, { "Number": 21, "Content": " - secrets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - secrets", "FirstCause": false, "LastCause": false }, { "Number": 22, "Content": " - services/proxy", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - services/proxy", "FirstCause": false, "LastCause": true }, { "Number": 23, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0041", "Title": "Manage secrets", "Description": "Viewing secrets at the cluster-scope is akin to cluster-admin in most clusters as there are typically at least one service accounts (their token stored in a secret) bound to cluster-admin directly or a role/clusterrole that gives similar permissions.", "Message": "ClusterRole 'system:aggregate-to-edit' shouldn't have access to manage resource 'secrets'", "Namespace": "builtin.kubernetes.KSV041", "Query": "data.builtin.kubernetes.KSV041.deny", "Resolution": "Manage secrets are not allowed. Remove resource 'secrets' from cluster role", "Severity": "CRITICAL", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0041", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0041" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 53, "EndLine": 70, "Code": { "Lines": [ { "Number": 53, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 54, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 55, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 56, "Content": " - configmaps", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - configmaps", "FirstCause": false, "LastCause": false }, { "Number": 57, "Content": " - events", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - events", "FirstCause": false, "LastCause": false }, { "Number": 58, "Content": " - persistentvolumeclaims", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - persistentvolumeclaims", "FirstCause": false, "LastCause": false }, { "Number": 59, "Content": " - replicationcontrollers", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - replicationcontrollers", "FirstCause": false, "LastCause": false }, { "Number": 60, "Content": " - replicationcontrollers/scale", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - replicationcontrollers/scale", "FirstCause": false, "LastCause": false }, { "Number": 61, "Content": " - secrets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - secrets", "FirstCause": false, "LastCause": true }, { "Number": 62, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0048", "Title": "Manage Kubernetes workloads and pods", "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", "Message": "ClusterRole 'system:aggregate-to-edit' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV048", "Query": "data.builtin.kubernetes.KSV048.deny", "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0048" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 33, "EndLine": 46, "Code": { "Lines": [ { "Number": 33, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 34, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " - pods", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " - pods/attach", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods/attach", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " - pods/exec", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods/exec", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " - pods/portforward", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods/portforward", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " - pods/proxy", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods/proxy", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 42, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0048", "Title": "Manage Kubernetes workloads and pods", "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", "Message": "ClusterRole 'system:aggregate-to-edit' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV048", "Query": "data.builtin.kubernetes.KSV048.deny", "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0048" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 53, "EndLine": 70, "Code": { "Lines": [ { "Number": 53, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 54, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 55, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 56, "Content": " - configmaps", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - configmaps", "FirstCause": false, "LastCause": false }, { "Number": 57, "Content": " - events", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - events", "FirstCause": false, "LastCause": false }, { "Number": 58, "Content": " - persistentvolumeclaims", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - persistentvolumeclaims", "FirstCause": false, "LastCause": false }, { "Number": 59, "Content": " - replicationcontrollers", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - replicationcontrollers", "FirstCause": false, "LastCause": false }, { "Number": 60, "Content": " - replicationcontrollers/scale", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - replicationcontrollers/scale", "FirstCause": false, "LastCause": false }, { "Number": 61, "Content": " - secrets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - secrets", "FirstCause": false, "LastCause": true }, { "Number": 62, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0048", "Title": "Manage Kubernetes workloads and pods", "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", "Message": "ClusterRole 'system:aggregate-to-edit' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV048", "Query": "data.builtin.kubernetes.KSV048.deny", "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0048" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 77, "EndLine": 93, "Code": { "Lines": [ { "Number": 77, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 78, "Content": " - apps", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - apps", "FirstCause": false, "LastCause": false }, { "Number": 79, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 80, "Content": " - daemonsets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - daemonsets", "FirstCause": false, "LastCause": false }, { "Number": 81, "Content": " - deployments", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - deployments", "FirstCause": false, "LastCause": false }, { "Number": 82, "Content": " - deployments/rollback", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - deployments/rollback", "FirstCause": false, "LastCause": false }, { "Number": 83, "Content": " - deployments/scale", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - deployments/scale", "FirstCause": false, "LastCause": false }, { "Number": 84, "Content": " - replicasets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - replicasets", "FirstCause": false, "LastCause": false }, { "Number": 85, "Content": " - replicasets/scale", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - replicasets/scale", "FirstCause": false, "LastCause": true }, { "Number": 86, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0048", "Title": "Manage Kubernetes workloads and pods", "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", "Message": "ClusterRole 'system:aggregate-to-edit' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV048", "Query": "data.builtin.kubernetes.KSV048.deny", "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0048" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 104, "EndLine": 114, "Code": { "Lines": [ { "Number": 104, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 105, "Content": " - batch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - batch", "FirstCause": false, "LastCause": false }, { "Number": 106, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 107, "Content": " - cronjobs", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - cronjobs", "FirstCause": false, "LastCause": false }, { "Number": 108, "Content": " - jobs", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - jobs", "FirstCause": false, "LastCause": false }, { "Number": 109, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 110, "Content": " - create", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - create", "FirstCause": false, "LastCause": false }, { "Number": 111, "Content": " - delete", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - delete", "FirstCause": false, "LastCause": false }, { "Number": 112, "Content": " - deletecollection", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - deletecollection", "FirstCause": false, "LastCause": true }, { "Number": 113, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0048", "Title": "Manage Kubernetes workloads and pods", "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", "Message": "ClusterRole 'system:aggregate-to-edit' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV048", "Query": "data.builtin.kubernetes.KSV048.deny", "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0048" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 115, "EndLine": 132, "Code": { "Lines": [ { "Number": 115, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 116, "Content": " - extensions", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - extensions", "FirstCause": false, "LastCause": false }, { "Number": 117, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 118, "Content": " - daemonsets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - daemonsets", "FirstCause": false, "LastCause": false }, { "Number": 119, "Content": " - deployments", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - deployments", "FirstCause": false, "LastCause": false }, { "Number": 120, "Content": " - deployments/rollback", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - deployments/rollback", "FirstCause": false, "LastCause": false }, { "Number": 121, "Content": " - deployments/scale", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - deployments/scale", "FirstCause": false, "LastCause": false }, { "Number": 122, "Content": " - ingresses", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - ingresses", "FirstCause": false, "LastCause": false }, { "Number": 123, "Content": " - networkpolicies", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - networkpolicies", "FirstCause": false, "LastCause": true }, { "Number": 124, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0049", "Title": "Manage configmaps", "Description": "Some workloads leverage configmaps to store sensitive data or configuration parameters that affect runtime behavior that can be modified by an attacker or combined with another issue to potentially lead to compromise.", "Message": "ClusterRole 'system:aggregate-to-edit' should not have access to resource 'configmaps' for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV049", "Query": "data.builtin.kubernetes.KSV049.deny", "Resolution": "Remove write permission verbs for resource 'configmaps'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0049", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0049" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 53, "EndLine": 70, "Code": { "Lines": [ { "Number": 53, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 54, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 55, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 56, "Content": " - configmaps", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - configmaps", "FirstCause": false, "LastCause": false }, { "Number": 57, "Content": " - events", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - events", "FirstCause": false, "LastCause": false }, { "Number": 58, "Content": " - persistentvolumeclaims", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - persistentvolumeclaims", "FirstCause": false, "LastCause": false }, { "Number": 59, "Content": " - replicationcontrollers", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - replicationcontrollers", "FirstCause": false, "LastCause": false }, { "Number": 60, "Content": " - replicationcontrollers/scale", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - replicationcontrollers/scale", "FirstCause": false, "LastCause": false }, { "Number": 61, "Content": " - secrets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - secrets", "FirstCause": false, "LastCause": true }, { "Number": 62, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0053", "Title": "Exec into Pods", "Description": "The ability to exec into a container with privileged access to the host or with an attached SA with higher RBAC permissions is a common escalation path to cluster-admin.", "Message": "ClusterRole 'system:aggregate-to-edit' should not have access to resource '[\"pods/exec\"]' for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV053", "Query": "data.builtin.kubernetes.KSV053.deny", "Resolution": "Remove write permission verbs for resource 'pods/exec'", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0053", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0053" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 33, "EndLine": 46, "Code": { "Lines": [ { "Number": 33, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 34, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " - pods", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " - pods/attach", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods/attach", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " - pods/exec", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods/exec", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " - pods/portforward", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods/portforward", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " - pods/proxy", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods/proxy", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 42, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0056", "Title": "Manage Kubernetes networking", "Description": "The ability to control which pods get service traffic directed to them allows for interception attacks. Controlling network policy allows for bypassing lateral movement restrictions.", "Message": "ClusterRole 'system:aggregate-to-edit' should not have access to resources [\"services\", \"endpoints\", \"endpointslices\", \"networkpolicies\", \"ingresses\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV056", "Query": "data.builtin.kubernetes.KSV056.deny", "Resolution": "Networking resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0056", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0056" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 53, "EndLine": 70, "Code": { "Lines": [ { "Number": 53, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 54, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 55, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 56, "Content": " - configmaps", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - configmaps", "FirstCause": false, "LastCause": false }, { "Number": 57, "Content": " - events", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - events", "FirstCause": false, "LastCause": false }, { "Number": 58, "Content": " - persistentvolumeclaims", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - persistentvolumeclaims", "FirstCause": false, "LastCause": false }, { "Number": 59, "Content": " - replicationcontrollers", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - replicationcontrollers", "FirstCause": false, "LastCause": false }, { "Number": 60, "Content": " - replicationcontrollers/scale", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - replicationcontrollers/scale", "FirstCause": false, "LastCause": false }, { "Number": 61, "Content": " - secrets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - secrets", "FirstCause": false, "LastCause": true }, { "Number": 62, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0056", "Title": "Manage Kubernetes networking", "Description": "The ability to control which pods get service traffic directed to them allows for interception attacks. Controlling network policy allows for bypassing lateral movement restrictions.", "Message": "ClusterRole 'system:aggregate-to-edit' should not have access to resources [\"services\", \"endpoints\", \"endpointslices\", \"networkpolicies\", \"ingresses\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV056", "Query": "data.builtin.kubernetes.KSV056.deny", "Resolution": "Networking resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0056", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0056" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 115, "EndLine": 132, "Code": { "Lines": [ { "Number": 115, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 116, "Content": " - extensions", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - extensions", "FirstCause": false, "LastCause": false }, { "Number": 117, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 118, "Content": " - daemonsets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - daemonsets", "FirstCause": false, "LastCause": false }, { "Number": 119, "Content": " - deployments", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - deployments", "FirstCause": false, "LastCause": false }, { "Number": 120, "Content": " - deployments/rollback", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - deployments/rollback", "FirstCause": false, "LastCause": false }, { "Number": 121, "Content": " - deployments/scale", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - deployments/scale", "FirstCause": false, "LastCause": false }, { "Number": 122, "Content": " - ingresses", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - ingresses", "FirstCause": false, "LastCause": false }, { "Number": 123, "Content": " - networkpolicies", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - networkpolicies", "FirstCause": false, "LastCause": true }, { "Number": 124, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0056", "Title": "Manage Kubernetes networking", "Description": "The ability to control which pods get service traffic directed to them allows for interception attacks. Controlling network policy allows for bypassing lateral movement restrictions.", "Message": "ClusterRole 'system:aggregate-to-edit' should not have access to resources [\"services\", \"endpoints\", \"endpointslices\", \"networkpolicies\", \"ingresses\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV056", "Query": "data.builtin.kubernetes.KSV056.deny", "Resolution": "Networking resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0056", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0056" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 143, "EndLine": 153, "Code": { "Lines": [ { "Number": 143, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 144, "Content": " - networking.k8s.io", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - networking.k8s.io", "FirstCause": false, "LastCause": false }, { "Number": 145, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 146, "Content": " - ingresses", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - ingresses", "FirstCause": false, "LastCause": false }, { "Number": 147, "Content": " - networkpolicies", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - networkpolicies", "FirstCause": false, "LastCause": false }, { "Number": 148, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 149, "Content": " - create", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - create", "FirstCause": false, "LastCause": false }, { "Number": 150, "Content": " - delete", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - delete", "FirstCause": false, "LastCause": false }, { "Number": 151, "Content": " - deletecollection", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - deletecollection", "FirstCause": false, "LastCause": true }, { "Number": 152, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } } ] } ] }, { "Kind": "ClusterRole", "Name": "system:aggregate-to-view", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:aggregate-to-view", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRole", "Name": "system:auth-delegator", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:auth-delegator", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRole", "Name": "system:basic-user", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:basic-user", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRole", "Name": "system:certificates.k8s.io:certificatesigningrequests:nodeclient", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:certificates.k8s.io:certificatesigningrequests:nodeclient", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRole", "Name": "system:certificates.k8s.io:certificatesigningrequests:selfnodeclient", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:certificates.k8s.io:certificatesigningrequests:selfnodeclient", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRole", "Name": "system:certificates.k8s.io:kube-apiserver-client-approver", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:certificates.k8s.io:kube-apiserver-client-approver", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRole", "Name": "system:certificates.k8s.io:kube-apiserver-client-kubelet-approver", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:certificates.k8s.io:kube-apiserver-client-kubelet-approver", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRole", "Name": "system:certificates.k8s.io:kubelet-serving-approver", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:certificates.k8s.io:kubelet-serving-approver", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRole", "Name": "system:certificates.k8s.io:legacy-unknown-approver", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:certificates.k8s.io:legacy-unknown-approver", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRole", "Name": "system:controller:attachdetach-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:controller:attachdetach-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRole", "Name": "system:controller:certificate-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:controller:certificate-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRole", "Name": "system:controller:clusterrole-aggregation-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:controller:clusterrole-aggregation-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRole", "Name": "system:controller:cronjob-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:controller:cronjob-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 3 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0048", "Title": "Manage Kubernetes workloads and pods", "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", "Message": "ClusterRole 'system:controller:cronjob-controller' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV048", "Query": "data.builtin.kubernetes.KSV048.deny", "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0048" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 13, "EndLine": 21, "Code": { "Lines": [ { "Number": 13, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 14, "Content": " - batch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - batch", "FirstCause": false, "LastCause": false }, { "Number": 15, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 16, "Content": " - cronjobs", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - cronjobs", "FirstCause": false, "LastCause": false }, { "Number": 17, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 18, "Content": " - get", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - get", "FirstCause": false, "LastCause": false }, { "Number": 19, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": false }, { "Number": 20, "Content": " - update", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - update", "FirstCause": false, "LastCause": false }, { "Number": 21, "Content": " - watch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - watch", "FirstCause": false, "LastCause": true } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0048", "Title": "Manage Kubernetes workloads and pods", "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", "Message": "ClusterRole 'system:controller:cronjob-controller' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV048", "Query": "data.builtin.kubernetes.KSV048.deny", "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0048" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 22, "EndLine": 33, "Code": { "Lines": [ { "Number": 22, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 23, "Content": " - batch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - batch", "FirstCause": false, "LastCause": false }, { "Number": 24, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 25, "Content": " - jobs", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - jobs", "FirstCause": false, "LastCause": false }, { "Number": 26, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 27, "Content": " - create", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - create", "FirstCause": false, "LastCause": false }, { "Number": 28, "Content": " - delete", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - delete", "FirstCause": false, "LastCause": false }, { "Number": 29, "Content": " - get", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - get", "FirstCause": false, "LastCause": false }, { "Number": 30, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": true }, { "Number": 31, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0048", "Title": "Manage Kubernetes workloads and pods", "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", "Message": "ClusterRole 'system:controller:cronjob-controller' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV048", "Query": "data.builtin.kubernetes.KSV048.deny", "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0048" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 46, "EndLine": 52, "Code": { "Lines": [ { "Number": 46, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 47, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 48, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 49, "Content": " - pods", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods", "FirstCause": false, "LastCause": false }, { "Number": 50, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 51, "Content": " - delete", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - delete", "FirstCause": false, "LastCause": false }, { "Number": 52, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": true } ] } } } ] } ] }, { "Kind": "ClusterRole", "Name": "system:controller:daemon-set-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:controller:daemon-set-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 1 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0048", "Title": "Manage Kubernetes workloads and pods", "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", "Message": "ClusterRole 'system:controller:daemon-set-controller' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV048", "Query": "data.builtin.kubernetes.KSV048.deny", "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0048" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 43, "EndLine": 52, "Code": { "Lines": [ { "Number": 43, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 44, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 45, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 46, "Content": " - pods", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods", "FirstCause": false, "LastCause": false }, { "Number": 47, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 48, "Content": " - create", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - create", "FirstCause": false, "LastCause": false }, { "Number": 49, "Content": " - delete", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - delete", "FirstCause": false, "LastCause": false }, { "Number": 50, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": false }, { "Number": 51, "Content": " - patch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - patch", "FirstCause": false, "LastCause": false }, { "Number": 52, "Content": " - watch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - watch", "FirstCause": false, "LastCause": true } ] } } } ] } ] }, { "Kind": "ClusterRole", "Name": "system:controller:deployment-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:controller:deployment-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 3 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0048", "Title": "Manage Kubernetes workloads and pods", "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", "Message": "ClusterRole 'system:controller:deployment-controller' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV048", "Query": "data.builtin.kubernetes.KSV048.deny", "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0048" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 13, "EndLine": 22, "Code": { "Lines": [ { "Number": 13, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 14, "Content": " - apps", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - apps", "FirstCause": false, "LastCause": false }, { "Number": 15, "Content": " - extensions", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - extensions", "FirstCause": false, "LastCause": false }, { "Number": 16, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 17, "Content": " - deployments", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - deployments", "FirstCause": false, "LastCause": false }, { "Number": 18, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 19, "Content": " - get", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - get", "FirstCause": false, "LastCause": false }, { "Number": 20, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": false }, { "Number": 21, "Content": " - update", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - update", "FirstCause": false, "LastCause": false }, { "Number": 22, "Content": " - watch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - watch", "FirstCause": false, "LastCause": true } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0048", "Title": "Manage Kubernetes workloads and pods", "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", "Message": "ClusterRole 'system:controller:deployment-controller' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV048", "Query": "data.builtin.kubernetes.KSV048.deny", "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0048" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 37, "EndLine": 49, "Code": { "Lines": [ { "Number": 37, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 38, "Content": " - apps", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - apps", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " - extensions", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - extensions", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " - replicasets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - replicasets", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - create", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - create", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " - delete", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - delete", "FirstCause": false, "LastCause": false }, { "Number": 45, "Content": " - get", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - get", "FirstCause": false, "LastCause": true }, { "Number": 46, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0048", "Title": "Manage Kubernetes workloads and pods", "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", "Message": "ClusterRole 'system:controller:deployment-controller' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV048", "Query": "data.builtin.kubernetes.KSV048.deny", "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0048" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 50, "EndLine": 58, "Code": { "Lines": [ { "Number": 50, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 51, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 52, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 53, "Content": " - pods", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods", "FirstCause": false, "LastCause": false }, { "Number": 54, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 55, "Content": " - get", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - get", "FirstCause": false, "LastCause": false }, { "Number": 56, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": false }, { "Number": 57, "Content": " - update", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - update", "FirstCause": false, "LastCause": false }, { "Number": 58, "Content": " - watch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - watch", "FirstCause": false, "LastCause": true } ] } } } ] } ] }, { "Kind": "ClusterRole", "Name": "system:controller:disruption-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:controller:disruption-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRole", "Name": "system:controller:endpoint-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:controller:endpoint-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 1 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0056", "Title": "Manage Kubernetes networking", "Description": "The ability to control which pods get service traffic directed to them allows for interception attacks. Controlling network policy allows for bypassing lateral movement restrictions.", "Message": "ClusterRole 'system:controller:endpoint-controller' should not have access to resources [\"services\", \"endpoints\", \"endpointslices\", \"networkpolicies\", \"ingresses\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV056", "Query": "data.builtin.kubernetes.KSV056.deny", "Resolution": "Networking resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0056", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0056" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 22, "EndLine": 31, "Code": { "Lines": [ { "Number": 22, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 23, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 24, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 25, "Content": " - endpoints", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - endpoints", "FirstCause": false, "LastCause": false }, { "Number": 26, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 27, "Content": " - create", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - create", "FirstCause": false, "LastCause": false }, { "Number": 28, "Content": " - delete", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - delete", "FirstCause": false, "LastCause": false }, { "Number": 29, "Content": " - get", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - get", "FirstCause": false, "LastCause": false }, { "Number": 30, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": false }, { "Number": 31, "Content": " - update", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - update", "FirstCause": false, "LastCause": true } ] } } } ] } ] }, { "Kind": "ClusterRole", "Name": "system:controller:endpointslice-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:controller:endpointslice-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 1 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0056", "Title": "Manage Kubernetes networking", "Description": "The ability to control which pods get service traffic directed to them allows for interception attacks. Controlling network policy allows for bypassing lateral movement restrictions.", "Message": "ClusterRole 'system:controller:endpointslice-controller' should not have access to resources [\"services\", \"endpoints\", \"endpointslices\", \"networkpolicies\", \"ingresses\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV056", "Query": "data.builtin.kubernetes.KSV056.deny", "Resolution": "Networking resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0056", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0056" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 29, "EndLine": 38, "Code": { "Lines": [ { "Number": 29, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 30, "Content": " - discovery.k8s.io", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - discovery.k8s.io", "FirstCause": false, "LastCause": false }, { "Number": 31, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 32, "Content": " - endpointslices", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - endpointslices", "FirstCause": false, "LastCause": false }, { "Number": 33, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " - create", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - create", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " - delete", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - delete", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " - get", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - get", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " - update", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - update", "FirstCause": false, "LastCause": true } ] } } } ] } ] }, { "Kind": "ClusterRole", "Name": "system:controller:endpointslicemirroring-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:controller:endpointslicemirroring-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 1 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0056", "Title": "Manage Kubernetes networking", "Description": "The ability to control which pods get service traffic directed to them allows for interception attacks. Controlling network policy allows for bypassing lateral movement restrictions.", "Message": "ClusterRole 'system:controller:endpointslicemirroring-controller' should not have access to resources [\"services\", \"endpoints\", \"endpointslices\", \"networkpolicies\", \"ingresses\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV056", "Query": "data.builtin.kubernetes.KSV056.deny", "Resolution": "Networking resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0056", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0056" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 34, "EndLine": 43, "Code": { "Lines": [ { "Number": 34, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 35, "Content": " - discovery.k8s.io", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - discovery.k8s.io", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " - endpointslices", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - endpointslices", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " - create", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - create", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " - delete", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - delete", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " - get", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - get", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - update", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - update", "FirstCause": false, "LastCause": true } ] } } } ] } ] }, { "Kind": "ClusterRole", "Name": "system:controller:ephemeral-volume-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:controller:ephemeral-volume-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRole", "Name": "system:controller:expand-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:controller:expand-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 1 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0041", "Title": "Manage secrets", "Description": "Viewing secrets at the cluster-scope is akin to cluster-admin in most clusters as there are typically at least one service accounts (their token stored in a secret) bound to cluster-admin directly or a role/clusterrole that gives similar permissions.", "Message": "ClusterRole 'system:controller:expand-controller' shouldn't have access to manage resource 'secrets'", "Namespace": "builtin.kubernetes.KSV041", "Query": "data.builtin.kubernetes.KSV041.deny", "Resolution": "Manage secrets are not allowed. Remove resource 'secrets' from cluster role", "Severity": "CRITICAL", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0041", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0041" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 53, "EndLine": 58, "Code": { "Lines": [ { "Number": 53, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 54, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 55, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 56, "Content": " - secrets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - secrets", "FirstCause": false, "LastCause": false }, { "Number": 57, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 58, "Content": " - get", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - get", "FirstCause": false, "LastCause": true } ] } } } ] } ] }, { "Kind": "ClusterRole", "Name": "system:controller:generic-garbage-collector", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:controller:generic-garbage-collector", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 1 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0046", "Title": "Manage all resources", "Description": "Full control of the cluster resources, and therefore also root on all nodes where workloads can run and has access to all pods, secrets, and data.", "Message": "ClusterRole 'system:controller:generic-garbage-collector' shouldn't manage all resources", "Namespace": "builtin.kubernetes.KSV046", "Query": "data.builtin.kubernetes.KSV046.deny", "Resolution": "Remove '*' from 'rules.resources'. Provide specific list of resources to be managed by cluster role", "Severity": "CRITICAL", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0046", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0046" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 13, "EndLine": 23, "Code": { "Lines": [ { "Number": 13, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 14, "Content": " - '*'", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m'*'", "FirstCause": false, "LastCause": false }, { "Number": 15, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 16, "Content": " - '*'", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m'*'", "FirstCause": false, "LastCause": false }, { "Number": 17, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 18, "Content": " - delete", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - delete", "FirstCause": false, "LastCause": false }, { "Number": 19, "Content": " - get", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - get", "FirstCause": false, "LastCause": false }, { "Number": 20, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": false }, { "Number": 21, "Content": " - patch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - patch", "FirstCause": false, "LastCause": true }, { "Number": 22, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } } ] } ] }, { "Kind": "ClusterRole", "Name": "system:controller:horizontal-pod-autoscaler", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:controller:horizontal-pod-autoscaler", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 2 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0046", "Title": "Manage all resources", "Description": "Full control of the cluster resources, and therefore also root on all nodes where workloads can run and has access to all pods, secrets, and data.", "Message": "ClusterRole 'system:controller:horizontal-pod-autoscaler' shouldn't manage all resources", "Namespace": "builtin.kubernetes.KSV046", "Query": "data.builtin.kubernetes.KSV046.deny", "Resolution": "Remove '*' from 'rules.resources'. Provide specific list of resources to be managed by cluster role", "Severity": "CRITICAL", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0046", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0046" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 46, "EndLine": 52, "Code": { "Lines": [ { "Number": 46, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 47, "Content": " - custom.metrics.k8s.io", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - custom.metrics.k8s.io", "FirstCause": false, "LastCause": false }, { "Number": 48, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 49, "Content": " - '*'", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m'*'", "FirstCause": false, "LastCause": false }, { "Number": 50, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 51, "Content": " - get", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - get", "FirstCause": false, "LastCause": false }, { "Number": 52, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": true } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0046", "Title": "Manage all resources", "Description": "Full control of the cluster resources, and therefore also root on all nodes where workloads can run and has access to all pods, secrets, and data.", "Message": "ClusterRole 'system:controller:horizontal-pod-autoscaler' shouldn't manage all resources", "Namespace": "builtin.kubernetes.KSV046", "Query": "data.builtin.kubernetes.KSV046.deny", "Resolution": "Remove '*' from 'rules.resources'. Provide specific list of resources to be managed by cluster role", "Severity": "CRITICAL", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0046", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0046" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 53, "EndLine": 59, "Code": { "Lines": [ { "Number": 53, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 54, "Content": " - external.metrics.k8s.io", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - external.metrics.k8s.io", "FirstCause": false, "LastCause": false }, { "Number": 55, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 56, "Content": " - '*'", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m'*'", "FirstCause": false, "LastCause": false }, { "Number": 57, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 58, "Content": " - get", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - get", "FirstCause": false, "LastCause": false }, { "Number": 59, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": true } ] } } } ] } ] }, { "Kind": "ClusterRole", "Name": "system:controller:job-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:controller:job-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 2 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0048", "Title": "Manage Kubernetes workloads and pods", "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", "Message": "ClusterRole 'system:controller:job-controller' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV048", "Query": "data.builtin.kubernetes.KSV048.deny", "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0048" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 13, "EndLine": 22, "Code": { "Lines": [ { "Number": 13, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 14, "Content": " - batch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - batch", "FirstCause": false, "LastCause": false }, { "Number": 15, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 16, "Content": " - jobs", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - jobs", "FirstCause": false, "LastCause": false }, { "Number": 17, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 18, "Content": " - get", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - get", "FirstCause": false, "LastCause": false }, { "Number": 19, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": false }, { "Number": 20, "Content": " - patch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - patch", "FirstCause": false, "LastCause": false }, { "Number": 21, "Content": " - update", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - update", "FirstCause": false, "LastCause": false }, { "Number": 22, "Content": " - watch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - watch", "FirstCause": false, "LastCause": true } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0048", "Title": "Manage Kubernetes workloads and pods", "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", "Message": "ClusterRole 'system:controller:job-controller' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV048", "Query": "data.builtin.kubernetes.KSV048.deny", "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0048" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 35, "EndLine": 44, "Code": { "Lines": [ { "Number": 35, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 36, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " - pods", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " - create", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - create", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " - delete", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - delete", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - patch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - patch", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " - watch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - watch", "FirstCause": false, "LastCause": true } ] } } } ] } ] }, { "Kind": "ClusterRole", "Name": "system:controller:legacy-service-account-token-cleaner", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:controller:legacy-service-account-token-cleaner", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 1 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0041", "Title": "Manage secrets", "Description": "Viewing secrets at the cluster-scope is akin to cluster-admin in most clusters as there are typically at least one service accounts (their token stored in a secret) bound to cluster-admin directly or a role/clusterrole that gives similar permissions.", "Message": "ClusterRole 'system:controller:legacy-service-account-token-cleaner' shouldn't have access to manage resource 'secrets'", "Namespace": "builtin.kubernetes.KSV041", "Query": "data.builtin.kubernetes.KSV041.deny", "Resolution": "Manage secrets are not allowed. Remove resource 'secrets' from cluster role", "Severity": "CRITICAL", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0041", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0041" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 21, "EndLine": 27, "Code": { "Lines": [ { "Number": 21, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 22, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 23, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 24, "Content": " - secrets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - secrets", "FirstCause": false, "LastCause": false }, { "Number": 25, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 26, "Content": " - delete", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - delete", "FirstCause": false, "LastCause": false }, { "Number": 27, "Content": " - patch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - patch", "FirstCause": false, "LastCause": true } ] } } } ] } ] }, { "Kind": "ClusterRole", "Name": "system:controller:namespace-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:controller:namespace-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 1 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0046", "Title": "Manage all resources", "Description": "Full control of the cluster resources, and therefore also root on all nodes where workloads can run and has access to all pods, secrets, and data.", "Message": "ClusterRole 'system:controller:namespace-controller' shouldn't manage all resources", "Namespace": "builtin.kubernetes.KSV046", "Query": "data.builtin.kubernetes.KSV046.deny", "Resolution": "Remove '*' from 'rules.resources'. Provide specific list of resources to be managed by cluster role", "Severity": "CRITICAL", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0046", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0046" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 29, "EndLine": 37, "Code": { "Lines": [ { "Number": 29, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 30, "Content": " - '*'", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m'*'", "FirstCause": false, "LastCause": false }, { "Number": 31, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 32, "Content": " - '*'", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m'*'", "FirstCause": false, "LastCause": false }, { "Number": 33, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " - delete", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - delete", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " - deletecollection", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - deletecollection", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " - get", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - get", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": true } ] } } } ] } ] }, { "Kind": "ClusterRole", "Name": "system:controller:node-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:controller:node-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 1 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0048", "Title": "Manage Kubernetes workloads and pods", "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", "Message": "ClusterRole 'system:controller:node-controller' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV048", "Query": "data.builtin.kubernetes.KSV048.deny", "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0048" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 37, "EndLine": 43, "Code": { "Lines": [ { "Number": 37, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 38, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " - pods", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " - delete", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - delete", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": true } ] } } } ] } ] }, { "Kind": "ClusterRole", "Name": "system:controller:persistent-volume-binder", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:controller:persistent-volume-binder", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 54, "Failures": 4 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0041", "Title": "Manage secrets", "Description": "Viewing secrets at the cluster-scope is akin to cluster-admin in most clusters as there are typically at least one service accounts (their token stored in a secret) bound to cluster-admin directly or a role/clusterrole that gives similar permissions.", "Message": "ClusterRole 'system:controller:persistent-volume-binder' shouldn't have access to manage resource 'secrets'", "Namespace": "builtin.kubernetes.KSV041", "Query": "data.builtin.kubernetes.KSV041.deny", "Resolution": "Manage secrets are not allowed. Remove resource 'secrets' from cluster role", "Severity": "CRITICAL", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0041", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0041" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 80, "EndLine": 85, "Code": { "Lines": [ { "Number": 80, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 81, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 82, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 83, "Content": " - secrets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - secrets", "FirstCause": false, "LastCause": false }, { "Number": 84, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 85, "Content": " - get", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - get", "FirstCause": false, "LastCause": true } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0048", "Title": "Manage Kubernetes workloads and pods", "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", "Message": "ClusterRole 'system:controller:persistent-volume-binder' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV048", "Query": "data.builtin.kubernetes.KSV048.deny", "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0048" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 45, "EndLine": 54, "Code": { "Lines": [ { "Number": 45, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 46, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 47, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 48, "Content": " - pods", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods", "FirstCause": false, "LastCause": false }, { "Number": 49, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 50, "Content": " - create", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - create", "FirstCause": false, "LastCause": false }, { "Number": 51, "Content": " - delete", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - delete", "FirstCause": false, "LastCause": false }, { "Number": 52, "Content": " - get", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - get", "FirstCause": false, "LastCause": false }, { "Number": 53, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": false }, { "Number": 54, "Content": " - watch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - watch", "FirstCause": false, "LastCause": true } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0056", "Title": "Manage Kubernetes networking", "Description": "The ability to control which pods get service traffic directed to them allows for interception attacks. Controlling network policy allows for bypassing lateral movement restrictions.", "Message": "ClusterRole 'system:controller:persistent-volume-binder' should not have access to resources [\"services\", \"endpoints\", \"endpointslices\", \"networkpolicies\", \"ingresses\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV056", "Query": "data.builtin.kubernetes.KSV056.deny", "Resolution": "Networking resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0056", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0056" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 63, "EndLine": 71, "Code": { "Lines": [ { "Number": 63, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 64, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 65, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 66, "Content": " - endpoints", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - endpoints", "FirstCause": false, "LastCause": false }, { "Number": 67, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 68, "Content": " - create", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - create", "FirstCause": false, "LastCause": false }, { "Number": 69, "Content": " - delete", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - delete", "FirstCause": false, "LastCause": false }, { "Number": 70, "Content": " - get", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - get", "FirstCause": false, "LastCause": false }, { "Number": 71, "Content": " - update", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - update", "FirstCause": false, "LastCause": true } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0056", "Title": "Manage Kubernetes networking", "Description": "The ability to control which pods get service traffic directed to them allows for interception attacks. Controlling network policy allows for bypassing lateral movement restrictions.", "Message": "ClusterRole 'system:controller:persistent-volume-binder' should not have access to resources [\"services\", \"endpoints\", \"endpointslices\", \"networkpolicies\", \"ingresses\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV056", "Query": "data.builtin.kubernetes.KSV056.deny", "Resolution": "Networking resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0056", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0056" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 72, "EndLine": 79, "Code": { "Lines": [ { "Number": 72, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 73, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 74, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 75, "Content": " - services", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - services", "FirstCause": false, "LastCause": false }, { "Number": 76, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 77, "Content": " - create", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - create", "FirstCause": false, "LastCause": false }, { "Number": 78, "Content": " - delete", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - delete", "FirstCause": false, "LastCause": false }, { "Number": 79, "Content": " - get", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - get", "FirstCause": false, "LastCause": true } ] } } } ] } ] }, { "Kind": "ClusterRole", "Name": "system:controller:pod-garbage-collector", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:controller:pod-garbage-collector", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 1 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0048", "Title": "Manage Kubernetes workloads and pods", "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", "Message": "ClusterRole 'system:controller:pod-garbage-collector' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV048", "Query": "data.builtin.kubernetes.KSV048.deny", "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0048" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 13, "EndLine": 20, "Code": { "Lines": [ { "Number": 13, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 14, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 15, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 16, "Content": " - pods", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods", "FirstCause": false, "LastCause": false }, { "Number": 17, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 18, "Content": " - delete", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - delete", "FirstCause": false, "LastCause": false }, { "Number": 19, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": false }, { "Number": 20, "Content": " - watch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - watch", "FirstCause": false, "LastCause": true } ] } } } ] } ] }, { "Kind": "ClusterRole", "Name": "system:controller:pv-protection-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:controller:pv-protection-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRole", "Name": "system:controller:pvc-protection-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:controller:pvc-protection-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRole", "Name": "system:controller:replicaset-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:controller:replicaset-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 2 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0048", "Title": "Manage Kubernetes workloads and pods", "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", "Message": "ClusterRole 'system:controller:replicaset-controller' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV048", "Query": "data.builtin.kubernetes.KSV048.deny", "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0048" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 13, "EndLine": 22, "Code": { "Lines": [ { "Number": 13, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 14, "Content": " - apps", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - apps", "FirstCause": false, "LastCause": false }, { "Number": 15, "Content": " - extensions", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - extensions", "FirstCause": false, "LastCause": false }, { "Number": 16, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 17, "Content": " - replicasets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - replicasets", "FirstCause": false, "LastCause": false }, { "Number": 18, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 19, "Content": " - get", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - get", "FirstCause": false, "LastCause": false }, { "Number": 20, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": false }, { "Number": 21, "Content": " - update", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - update", "FirstCause": false, "LastCause": false }, { "Number": 22, "Content": " - watch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - watch", "FirstCause": false, "LastCause": true } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0048", "Title": "Manage Kubernetes workloads and pods", "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", "Message": "ClusterRole 'system:controller:replicaset-controller' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV048", "Query": "data.builtin.kubernetes.KSV048.deny", "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0048" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 37, "EndLine": 46, "Code": { "Lines": [ { "Number": 37, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 38, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " - pods", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " - create", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - create", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - delete", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - delete", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": false }, { "Number": 45, "Content": " - patch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - patch", "FirstCause": false, "LastCause": false }, { "Number": 46, "Content": " - watch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - watch", "FirstCause": false, "LastCause": true } ] } } } ] } ] }, { "Kind": "ClusterRole", "Name": "system:controller:replication-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:controller:replication-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 2 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0048", "Title": "Manage Kubernetes workloads and pods", "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", "Message": "ClusterRole 'system:controller:replication-controller' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV048", "Query": "data.builtin.kubernetes.KSV048.deny", "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0048" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 13, "EndLine": 21, "Code": { "Lines": [ { "Number": 13, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 14, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 15, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 16, "Content": " - replicationcontrollers", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - replicationcontrollers", "FirstCause": false, "LastCause": false }, { "Number": 17, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 18, "Content": " - get", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - get", "FirstCause": false, "LastCause": false }, { "Number": 19, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": false }, { "Number": 20, "Content": " - update", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - update", "FirstCause": false, "LastCause": false }, { "Number": 21, "Content": " - watch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - watch", "FirstCause": false, "LastCause": true } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0048", "Title": "Manage Kubernetes workloads and pods", "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", "Message": "ClusterRole 'system:controller:replication-controller' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV048", "Query": "data.builtin.kubernetes.KSV048.deny", "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0048" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 34, "EndLine": 43, "Code": { "Lines": [ { "Number": 34, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 35, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " - pods", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " - create", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - create", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " - delete", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - delete", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " - patch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - patch", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - watch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - watch", "FirstCause": false, "LastCause": true } ] } } } ] } ] }, { "Kind": "ClusterRole", "Name": "system:controller:resourcequota-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:controller:resourcequota-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 1 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0046", "Title": "Manage all resources", "Description": "Full control of the cluster resources, and therefore also root on all nodes where workloads can run and has access to all pods, secrets, and data.", "Message": "ClusterRole 'system:controller:resourcequota-controller' shouldn't manage all resources", "Namespace": "builtin.kubernetes.KSV046", "Query": "data.builtin.kubernetes.KSV046.deny", "Resolution": "Remove '*' from 'rules.resources'. Provide specific list of resources to be managed by cluster role", "Severity": "CRITICAL", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0046", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0046" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 13, "EndLine": 19, "Code": { "Lines": [ { "Number": 13, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 14, "Content": " - '*'", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m'*'", "FirstCause": false, "LastCause": false }, { "Number": 15, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 16, "Content": " - '*'", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m'*'", "FirstCause": false, "LastCause": false }, { "Number": 17, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 18, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": false }, { "Number": 19, "Content": " - watch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - watch", "FirstCause": false, "LastCause": true } ] } } } ] } ] }, { "Kind": "ClusterRole", "Name": "system:controller:root-ca-cert-publisher", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:controller:root-ca-cert-publisher", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 1 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0049", "Title": "Manage configmaps", "Description": "Some workloads leverage configmaps to store sensitive data or configuration parameters that affect runtime behavior that can be modified by an attacker or combined with another issue to potentially lead to compromise.", "Message": "ClusterRole 'system:controller:root-ca-cert-publisher' should not have access to resource 'configmaps' for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV049", "Query": "data.builtin.kubernetes.KSV049.deny", "Resolution": "Remove write permission verbs for resource 'configmaps'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0049", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0049" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 13, "EndLine": 19, "Code": { "Lines": [ { "Number": 13, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 14, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 15, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 16, "Content": " - configmaps", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - configmaps", "FirstCause": false, "LastCause": false }, { "Number": 17, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 18, "Content": " - create", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - create", "FirstCause": false, "LastCause": false }, { "Number": 19, "Content": " - update", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - update", "FirstCause": false, "LastCause": true } ] } } } ] } ] }, { "Kind": "ClusterRole", "Name": "system:controller:route-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:controller:route-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRole", "Name": "system:controller:service-account-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:controller:service-account-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRole", "Name": "system:controller:service-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:controller:service-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRole", "Name": "system:controller:statefulset-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:controller:statefulset-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 1 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0048", "Title": "Manage Kubernetes workloads and pods", "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", "Message": "ClusterRole 'system:controller:statefulset-controller' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV048", "Query": "data.builtin.kubernetes.KSV048.deny", "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0048" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 40, "EndLine": 49, "Code": { "Lines": [ { "Number": 40, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 41, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - pods", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 45, "Content": " - create", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - create", "FirstCause": false, "LastCause": false }, { "Number": 46, "Content": " - delete", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - delete", "FirstCause": false, "LastCause": false }, { "Number": 47, "Content": " - get", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - get", "FirstCause": false, "LastCause": false }, { "Number": 48, "Content": " - patch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - patch", "FirstCause": false, "LastCause": false }, { "Number": 49, "Content": " - update", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - update", "FirstCause": false, "LastCause": true } ] } } } ] } ] }, { "Kind": "ClusterRole", "Name": "system:controller:ttl-after-finished-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:controller:ttl-after-finished-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 1 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0048", "Title": "Manage Kubernetes workloads and pods", "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", "Message": "ClusterRole 'system:controller:ttl-after-finished-controller' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV048", "Query": "data.builtin.kubernetes.KSV048.deny", "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0048" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 13, "EndLine": 21, "Code": { "Lines": [ { "Number": 13, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 14, "Content": " - batch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - batch", "FirstCause": false, "LastCause": false }, { "Number": 15, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 16, "Content": " - jobs", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - jobs", "FirstCause": false, "LastCause": false }, { "Number": 17, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 18, "Content": " - delete", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - delete", "FirstCause": false, "LastCause": false }, { "Number": 19, "Content": " - get", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - get", "FirstCause": false, "LastCause": false }, { "Number": 20, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": false }, { "Number": 21, "Content": " - watch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - watch", "FirstCause": false, "LastCause": true } ] } } } ] } ] }, { "Kind": "ClusterRole", "Name": "system:controller:ttl-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:controller:ttl-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRole", "Name": "system:discovery", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:discovery", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRole", "Name": "system:heapster", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:heapster", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRole", "Name": "system:kube-aggregator", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:kube-aggregator", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRole", "Name": "system:kube-controller-manager", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:kube-controller-manager", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 55, "Failures": 5 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0041", "Title": "Manage secrets", "Description": "Viewing secrets at the cluster-scope is akin to cluster-admin in most clusters as there are typically at least one service accounts (their token stored in a secret) bound to cluster-admin directly or a role/clusterrole that gives similar permissions.", "Message": "ClusterRole 'system:kube-controller-manager' shouldn't have access to manage resource 'secrets'", "Namespace": "builtin.kubernetes.KSV041", "Query": "data.builtin.kubernetes.KSV041.deny", "Resolution": "Manage secrets are not allowed. Remove resource 'secrets' from cluster role", "Severity": "CRITICAL", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0041", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0041" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 37, "EndLine": 43, "Code": { "Lines": [ { "Number": 37, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 38, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " - secrets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - secrets", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " - serviceaccounts", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - serviceaccounts", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - create", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - create", "FirstCause": false, "LastCause": true } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0041", "Title": "Manage secrets", "Description": "Viewing secrets at the cluster-scope is akin to cluster-admin in most clusters as there are typically at least one service accounts (their token stored in a secret) bound to cluster-admin directly or a role/clusterrole that gives similar permissions.", "Message": "ClusterRole 'system:kube-controller-manager' shouldn't have access to manage resource 'secrets'", "Namespace": "builtin.kubernetes.KSV041", "Query": "data.builtin.kubernetes.KSV041.deny", "Resolution": "Manage secrets are not allowed. Remove resource 'secrets' from cluster role", "Severity": "CRITICAL", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0041", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0041" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 44, "EndLine": 49, "Code": { "Lines": [ { "Number": 44, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 45, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 46, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 47, "Content": " - secrets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - secrets", "FirstCause": false, "LastCause": false }, { "Number": 48, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 49, "Content": " - delete", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - delete", "FirstCause": false, "LastCause": true } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0041", "Title": "Manage secrets", "Description": "Viewing secrets at the cluster-scope is akin to cluster-admin in most clusters as there are typically at least one service accounts (their token stored in a secret) bound to cluster-admin directly or a role/clusterrole that gives similar permissions.", "Message": "ClusterRole 'system:kube-controller-manager' shouldn't have access to manage resource 'secrets'", "Namespace": "builtin.kubernetes.KSV041", "Query": "data.builtin.kubernetes.KSV041.deny", "Resolution": "Manage secrets are not allowed. Remove resource 'secrets' from cluster role", "Severity": "CRITICAL", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0041", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0041" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 50, "EndLine": 58, "Code": { "Lines": [ { "Number": 50, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 51, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 52, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 53, "Content": " - configmaps", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - configmaps", "FirstCause": false, "LastCause": false }, { "Number": 54, "Content": " - namespaces", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - namespaces", "FirstCause": false, "LastCause": false }, { "Number": 55, "Content": " - secrets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - secrets", "FirstCause": false, "LastCause": false }, { "Number": 56, "Content": " - serviceaccounts", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - serviceaccounts", "FirstCause": false, "LastCause": false }, { "Number": 57, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 58, "Content": " - get", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - get", "FirstCause": false, "LastCause": true } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0041", "Title": "Manage secrets", "Description": "Viewing secrets at the cluster-scope is akin to cluster-admin in most clusters as there are typically at least one service accounts (their token stored in a secret) bound to cluster-admin directly or a role/clusterrole that gives similar permissions.", "Message": "ClusterRole 'system:kube-controller-manager' shouldn't have access to manage resource 'secrets'", "Namespace": "builtin.kubernetes.KSV041", "Query": "data.builtin.kubernetes.KSV041.deny", "Resolution": "Manage secrets are not allowed. Remove resource 'secrets' from cluster role", "Severity": "CRITICAL", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0041", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0041" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 59, "EndLine": 65, "Code": { "Lines": [ { "Number": 59, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 60, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 61, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 62, "Content": " - secrets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - secrets", "FirstCause": false, "LastCause": false }, { "Number": 63, "Content": " - serviceaccounts", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - serviceaccounts", "FirstCause": false, "LastCause": false }, { "Number": 64, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 65, "Content": " - update", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - update", "FirstCause": false, "LastCause": true } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0046", "Title": "Manage all resources", "Description": "Full control of the cluster resources, and therefore also root on all nodes where workloads can run and has access to all pods, secrets, and data.", "Message": "ClusterRole 'system:kube-controller-manager' shouldn't manage all resources", "Namespace": "builtin.kubernetes.KSV046", "Query": "data.builtin.kubernetes.KSV046.deny", "Resolution": "Remove '*' from 'rules.resources'. Provide specific list of resources to be managed by cluster role", "Severity": "CRITICAL", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0046", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0046" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 78, "EndLine": 84, "Code": { "Lines": [ { "Number": 78, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 79, "Content": " - '*'", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m'*'", "FirstCause": false, "LastCause": false }, { "Number": 80, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 81, "Content": " - '*'", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m'*'", "FirstCause": false, "LastCause": false }, { "Number": 82, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 83, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": false }, { "Number": 84, "Content": " - watch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - watch", "FirstCause": false, "LastCause": true } ] } } } ] } ] }, { "Kind": "ClusterRole", "Name": "system:kube-dns", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:kube-dns", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRole", "Name": "system:kube-scheduler", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:kube-scheduler", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 1 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0048", "Title": "Manage Kubernetes workloads and pods", "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", "Message": "ClusterRole 'system:kube-scheduler' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV048", "Query": "data.builtin.kubernetes.KSV048.deny", "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0048" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 45, "EndLine": 53, "Code": { "Lines": [ { "Number": 45, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 46, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 47, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 48, "Content": " - pods", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods", "FirstCause": false, "LastCause": false }, { "Number": 49, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 50, "Content": " - delete", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - delete", "FirstCause": false, "LastCause": false }, { "Number": 51, "Content": " - get", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - get", "FirstCause": false, "LastCause": false }, { "Number": 52, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": false }, { "Number": 53, "Content": " - watch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - watch", "FirstCause": false, "LastCause": true } ] } } } ] } ] }, { "Kind": "ClusterRole", "Name": "system:kubelet-api-admin", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:kubelet-api-admin", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRole", "Name": "system:monitoring", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:monitoring", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRole", "Name": "system:node", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:node", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 55, "Failures": 2 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0041", "Title": "Manage secrets", "Description": "Viewing secrets at the cluster-scope is akin to cluster-admin in most clusters as there are typically at least one service accounts (their token stored in a secret) bound to cluster-admin directly or a role/clusterrole that gives similar permissions.", "Message": "ClusterRole 'system:node' shouldn't have access to manage resource 'secrets'", "Namespace": "builtin.kubernetes.KSV041", "Query": "data.builtin.kubernetes.KSV041.deny", "Resolution": "Manage secrets are not allowed. Remove resource 'secrets' from cluster role", "Severity": "CRITICAL", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0041", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0041" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 93, "EndLine": 101, "Code": { "Lines": [ { "Number": 93, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 94, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 95, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 96, "Content": " - configmaps", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - configmaps", "FirstCause": false, "LastCause": false }, { "Number": 97, "Content": " - secrets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - secrets", "FirstCause": false, "LastCause": false }, { "Number": 98, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 99, "Content": " - get", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - get", "FirstCause": false, "LastCause": false }, { "Number": 100, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": false }, { "Number": 101, "Content": " - watch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - watch", "FirstCause": false, "LastCause": true } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0048", "Title": "Manage Kubernetes workloads and pods", "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", "Message": "ClusterRole 'system:node' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV048", "Query": "data.builtin.kubernetes.KSV048.deny", "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0048" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 73, "EndLine": 79, "Code": { "Lines": [ { "Number": 73, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 74, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 75, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 76, "Content": " - pods", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods", "FirstCause": false, "LastCause": false }, { "Number": 77, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 78, "Content": " - create", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - create", "FirstCause": false, "LastCause": false }, { "Number": 79, "Content": " - delete", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - delete", "FirstCause": false, "LastCause": true } ] } } } ] } ] }, { "Kind": "ClusterRole", "Name": "system:node-bootstrapper", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:node-bootstrapper", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRole", "Name": "system:node-problem-detector", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:node-problem-detector", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRole", "Name": "system:node-proxier", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:node-proxier", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRole", "Name": "system:persistent-volume-provisioner", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:persistent-volume-provisioner", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRole", "Name": "system:public-info-viewer", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:public-info-viewer", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRole", "Name": "system:service-account-issuer-discovery", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:service-account-issuer-discovery", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRole", "Name": "system:volume-scheduler", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/system:volume-scheduler", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRole", "Name": "trivy", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/trivy", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 2 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0046", "Title": "Manage all resources", "Description": "Full control of the cluster resources, and therefore also root on all nodes where workloads can run and has access to all pods, secrets, and data.", "Message": "ClusterRole 'trivy' shouldn't manage all resources", "Namespace": "builtin.kubernetes.KSV046", "Query": "data.builtin.kubernetes.KSV046.deny", "Resolution": "Remove '*' from 'rules.resources'. Provide specific list of resources to be managed by cluster role", "Severity": "CRITICAL", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0046", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0046" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 9, "EndLine": 14, "Code": { "Lines": [ { "Number": 9, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 10, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 11, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 12, "Content": " - '*'", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m'*'", "FirstCause": false, "LastCause": false }, { "Number": 13, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 14, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": true } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0046", "Title": "Manage all resources", "Description": "Full control of the cluster resources, and therefore also root on all nodes where workloads can run and has access to all pods, secrets, and data.", "Message": "ClusterRole 'trivy' shouldn't manage all resources", "Namespace": "builtin.kubernetes.KSV046", "Query": "data.builtin.kubernetes.KSV046.deny", "Resolution": "Remove '*' from 'rules.resources'. Provide specific list of resources to be managed by cluster role", "Severity": "CRITICAL", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0046", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0046" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 15, "EndLine": 23, "Code": { "Lines": [ { "Number": 15, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 16, "Content": " - apps", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - apps", "FirstCause": false, "LastCause": false }, { "Number": 17, "Content": " - batch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - batch", "FirstCause": false, "LastCause": false }, { "Number": 18, "Content": " - networking.k8s.io", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - networking.k8s.io", "FirstCause": false, "LastCause": false }, { "Number": 19, "Content": " - rbac.authorization.k8s.io", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - rbac.authorization.k8s.io", "FirstCause": false, "LastCause": false }, { "Number": 20, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 21, "Content": " - '*'", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m'*'", "FirstCause": false, "LastCause": false }, { "Number": 22, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 23, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": true } ] } } } ] } ] }, { "Kind": "ClusterRole", "Name": "view", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRole/view", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "admin-role-binding", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/admin-role-binding", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 1 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0111", "Title": "User with admin access", "Description": "Either cluster-admin or those granted powerful permissions.", "Message": "ClusterRoleBinding 'admin-role-binding' should not bind to roles [\"cluster-admin\", \"admin\", \"edit\"]", "Namespace": "builtin.kubernetes.KSV111", "Query": "data.builtin.kubernetes.KSV111.deny", "Resolution": "Remove binding for clusterrole 'cluster-admin', 'admin' or 'edit'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0111", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0111" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 3, "EndLine": 7, "Code": { "Lines": [ { "Number": 3, "Content": "metadata:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[38;5;33mmetadata\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 4, "Content": " creationTimestamp: \"2024-10-06T12:22:20Z\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mcreationTimestamp\u001b[0m: \u001b[38;5;37m\"2024-10-06T12:22:20Z\"", "FirstCause": false, "LastCause": false }, { "Number": 5, "Content": " name: admin-role-binding", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: admin-role-binding", "FirstCause": false, "LastCause": false }, { "Number": 6, "Content": " resourceVersion: \"1263\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresourceVersion\u001b[0m: \u001b[38;5;37m\"1263\"", "FirstCause": false, "LastCause": false }, { "Number": 7, "Content": " uid: 9f4a36bf-fe19-4933-86ab-7928ad8e010c", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33muid\u001b[0m: 9f4a36bf-fe19-4933-86ab-7928ad8e010c", "FirstCause": false, "LastCause": true } ] } } } ] } ] }, { "Kind": "ClusterRoleBinding", "Name": "cert-manager-cainjector", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/cert-manager-cainjector", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "cert-manager-controller-approve:cert-manager-io", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/cert-manager-controller-approve:cert-manager-io", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "cert-manager-controller-certificates", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/cert-manager-controller-certificates", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "cert-manager-controller-certificatesigningrequests", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/cert-manager-controller-certificatesigningrequests", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "cert-manager-controller-challenges", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/cert-manager-controller-challenges", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "cert-manager-controller-clusterissuers", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/cert-manager-controller-clusterissuers", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "cert-manager-controller-ingress-shim", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/cert-manager-controller-ingress-shim", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "cert-manager-controller-issuers", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/cert-manager-controller-issuers", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "cert-manager-controller-orders", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/cert-manager-controller-orders", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "cert-manager-webhook:subjectaccessreviews", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/cert-manager-webhook:subjectaccessreviews", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "cluster-admin", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/cluster-admin", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 1 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0111", "Title": "User with admin access", "Description": "Either cluster-admin or those granted powerful permissions.", "Message": "ClusterRoleBinding 'cluster-admin' should not bind to roles [\"cluster-admin\", \"admin\", \"edit\"]", "Namespace": "builtin.kubernetes.KSV111", "Query": "data.builtin.kubernetes.KSV111.deny", "Resolution": "Remove binding for clusterrole 'cluster-admin', 'admin' or 'edit'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0111", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0111" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 3, "EndLine": 11, "Code": { "Lines": [ { "Number": 3, "Content": "metadata:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[38;5;33mmetadata\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 4, "Content": " annotations:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mannotations\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 5, "Content": " rbac.authorization.kubernetes.io/autoupdate: \"true\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mrbac.authorization.kubernetes.io/autoupdate\u001b[0m: \u001b[38;5;37m\"true\"", "FirstCause": false, "LastCause": false }, { "Number": 6, "Content": " creationTimestamp: \"2024-10-06T12:16:54Z\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mcreationTimestamp\u001b[0m: \u001b[38;5;37m\"2024-10-06T12:16:54Z\"", "FirstCause": false, "LastCause": false }, { "Number": 7, "Content": " labels:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mlabels\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 8, "Content": " kubernetes.io/bootstrapping: rbac-defaults", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mkubernetes.io/bootstrapping\u001b[0m: rbac-defaults", "FirstCause": false, "LastCause": false }, { "Number": 9, "Content": " name: cluster-admin", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: cluster-admin", "FirstCause": false, "LastCause": false }, { "Number": 10, "Content": " resourceVersion: \"249\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresourceVersion\u001b[0m: \u001b[38;5;37m\"249\"", "FirstCause": false, "LastCause": false }, { "Number": 11, "Content": " uid: ed5d42db-ee9e-4739-acd3-e19671dabc78", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33muid\u001b[0m: ed5d42db-ee9e-4739-acd3-e19671dabc78", "FirstCause": false, "LastCause": true } ] } } } ] } ] }, { "Kind": "ClusterRoleBinding", "Name": "coredns", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/coredns", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "metallb-system:controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/metallb-system:controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "metallb-system:speaker", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/metallb-system:speaker", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "microk8s-hostpath", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/microk8s-hostpath", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "nginx-ingress-microk8s", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/nginx-ingress-microk8s", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "operator-maintenance-binding", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/operator-maintenance-binding", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "prometheus", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/prometheus", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "system:basic-user", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/system:basic-user", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "system:controller:attachdetach-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/system:controller:attachdetach-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "system:controller:certificate-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/system:controller:certificate-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "system:controller:clusterrole-aggregation-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/system:controller:clusterrole-aggregation-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "system:controller:cronjob-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/system:controller:cronjob-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "system:controller:daemon-set-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/system:controller:daemon-set-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "system:controller:deployment-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/system:controller:deployment-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "system:controller:disruption-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/system:controller:disruption-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "system:controller:endpoint-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/system:controller:endpoint-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "system:controller:endpointslice-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/system:controller:endpointslice-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "system:controller:endpointslicemirroring-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/system:controller:endpointslicemirroring-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "system:controller:ephemeral-volume-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/system:controller:ephemeral-volume-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "system:controller:expand-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/system:controller:expand-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "system:controller:generic-garbage-collector", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/system:controller:generic-garbage-collector", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "system:controller:horizontal-pod-autoscaler", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/system:controller:horizontal-pod-autoscaler", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "system:controller:job-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/system:controller:job-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "system:controller:legacy-service-account-token-cleaner", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/system:controller:legacy-service-account-token-cleaner", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "system:controller:namespace-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/system:controller:namespace-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "system:controller:node-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/system:controller:node-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "system:controller:persistent-volume-binder", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/system:controller:persistent-volume-binder", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "system:controller:pod-garbage-collector", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/system:controller:pod-garbage-collector", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "system:controller:pv-protection-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/system:controller:pv-protection-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "system:controller:pvc-protection-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/system:controller:pvc-protection-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "system:controller:replicaset-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/system:controller:replicaset-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "system:controller:replication-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/system:controller:replication-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "system:controller:resourcequota-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/system:controller:resourcequota-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "system:controller:root-ca-cert-publisher", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/system:controller:root-ca-cert-publisher", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "system:controller:route-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/system:controller:route-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "system:controller:service-account-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/system:controller:service-account-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "system:controller:service-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/system:controller:service-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "system:controller:statefulset-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/system:controller:statefulset-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "system:controller:ttl-after-finished-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/system:controller:ttl-after-finished-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "system:controller:ttl-controller", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/system:controller:ttl-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "system:discovery", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/system:discovery", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "system:kube-controller-manager", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/system:kube-controller-manager", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "system:kube-dns", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/system:kube-dns", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "system:kube-scheduler", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/system:kube-scheduler", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "system:monitoring", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/system:monitoring", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "system:node", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/system:node", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "system:node-proxier", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/system:node-proxier", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "system:public-info-viewer", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/system:public-info-viewer", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "system:service-account-issuer-discovery", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/system:service-account-issuer-discovery", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "system:volume-scheduler", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/system:volume-scheduler", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "ClusterRoleBinding", "Name": "trivy", "Metadata": [ {} ], "Results": [ { "Target": "ClusterRoleBinding/trivy", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Kind": "Node", "Name": "prod-01.alexpires.me", "Metadata": [ {} ], "Results": [ { "Target": "Node/prod-01.alexpires.me", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "cert-manager", "Kind": "ConfigMap", "Name": "kube-root-ca.crt", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/kube-root-ca.crt", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "cert-manager", "Kind": "Deployment", "Name": "cert-manager", "Metadata": [ {} ], "Results": [ { "Target": "Deployment/cert-manager", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 1 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0125", "Title": "Restrict container images to trusted registries", "Description": "Ensure that all containers use images only from trusted registry domains.", "Message": "Container cert-manager-controller in deployment cert-manager (namespace: cert-manager) uses an image from an untrusted registry.", "Namespace": "builtin.kubernetes.KSV0125", "Query": "data.builtin.kubernetes.KSV0125.deny", "Resolution": "Use images from trusted registries.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", "References": [ "https://cloud.google.com/container-registry/docs/overview#registries", "https://docs.aws.amazon.com/general/latest/gr/ecr.html", "https://avd.aquasec.com/misconfig/ksv-0125" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 48, "EndLine": 88, "Code": { "Lines": [ { "Number": 48, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 49, "Content": " - --v=2", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --v=2", "FirstCause": false, "LastCause": false }, { "Number": 50, "Content": " - --cluster-resource-namespace=$(POD_NAMESPACE)", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --cluster-resource-namespace=$(POD_NAMESPACE)", "FirstCause": false, "LastCause": false }, { "Number": 51, "Content": " - --leader-election-namespace=kube-system", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --leader-election-namespace=kube-system", "FirstCause": false, "LastCause": false }, { "Number": 52, "Content": " - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.14.5", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --acme-http01-solver-image=quay.io/jetstack/cert-manager-acmesolver:v1.14.5", "FirstCause": false, "LastCause": false }, { "Number": 53, "Content": " - --max-concurrent-challenges=60", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --max-concurrent-challenges=60", "FirstCause": false, "LastCause": false }, { "Number": 54, "Content": " env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 55, "Content": " - name: POD_NAMESPACE", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: POD_NAMESPACE", "FirstCause": false, "LastCause": false }, { "Number": 56, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 57, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } } ] } ] }, { "Namespace": "cert-manager", "Kind": "Deployment", "Name": "cert-manager-cainjector", "Metadata": [ {} ], "Results": [ { "Target": "Deployment/cert-manager-cainjector", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 1 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0125", "Title": "Restrict container images to trusted registries", "Description": "Ensure that all containers use images only from trusted registry domains.", "Message": "Container cert-manager-cainjector in deployment cert-manager-cainjector (namespace: cert-manager) uses an image from an untrusted registry.", "Namespace": "builtin.kubernetes.KSV0125", "Query": "data.builtin.kubernetes.KSV0125.deny", "Resolution": "Use images from trusted registries.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", "References": [ "https://cloud.google.com/container-registry/docs/overview#registries", "https://docs.aws.amazon.com/general/latest/gr/ecr.html", "https://avd.aquasec.com/misconfig/ksv-0125" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 45, "EndLine": 65, "Code": { "Lines": [ { "Number": 45, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 46, "Content": " - --v=2", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --v=2", "FirstCause": false, "LastCause": false }, { "Number": 47, "Content": " - --leader-election-namespace=kube-system", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --leader-election-namespace=kube-system", "FirstCause": false, "LastCause": false }, { "Number": 48, "Content": " env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 49, "Content": " - name: POD_NAMESPACE", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: POD_NAMESPACE", "FirstCause": false, "LastCause": false }, { "Number": 50, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 51, "Content": " fieldRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfieldRef\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 52, "Content": " apiVersion: v1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mapiVersion\u001b[0m: v1", "FirstCause": false, "LastCause": false }, { "Number": 53, "Content": " fieldPath: metadata.namespace", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfieldPath\u001b[0m: metadata.namespace", "FirstCause": false, "LastCause": true }, { "Number": 54, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } } ] } ] }, { "Namespace": "cert-manager", "Kind": "Deployment", "Name": "cert-manager-webhook", "Metadata": [ {} ], "Results": [ { "Target": "Deployment/cert-manager-webhook", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 1 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0125", "Title": "Restrict container images to trusted registries", "Description": "Ensure that all containers use images only from trusted registry domains.", "Message": "Container cert-manager-webhook in deployment cert-manager-webhook (namespace: cert-manager) uses an image from an untrusted registry.", "Namespace": "builtin.kubernetes.KSV0125", "Query": "data.builtin.kubernetes.KSV0125.deny", "Resolution": "Use images from trusted registries.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", "References": [ "https://cloud.google.com/container-registry/docs/overview#registries", "https://docs.aws.amazon.com/general/latest/gr/ecr.html", "https://avd.aquasec.com/misconfig/ksv-0125" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 45, "EndLine": 97, "Code": { "Lines": [ { "Number": 45, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 46, "Content": " - --v=2", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --v=2", "FirstCause": false, "LastCause": false }, { "Number": 47, "Content": " - --secure-port=10250", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --secure-port=10250", "FirstCause": false, "LastCause": false }, { "Number": 48, "Content": " - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE)", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --dynamic-serving-ca-secret-namespace=$(POD_NAMESPACE)", "FirstCause": false, "LastCause": false }, { "Number": 49, "Content": " - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --dynamic-serving-ca-secret-name=cert-manager-webhook-ca", "FirstCause": false, "LastCause": false }, { "Number": 50, "Content": " - --dynamic-serving-dns-names=cert-manager-webhook", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --dynamic-serving-dns-names=cert-manager-webhook", "FirstCause": false, "LastCause": false }, { "Number": 51, "Content": " - --dynamic-serving-dns-names=cert-manager-webhook.$(POD_NAMESPACE)", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --dynamic-serving-dns-names=cert-manager-webhook.$(POD_NAMESPACE)", "FirstCause": false, "LastCause": false }, { "Number": 52, "Content": " - --dynamic-serving-dns-names=cert-manager-webhook.$(POD_NAMESPACE).svc", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --dynamic-serving-dns-names=cert-manager-webhook.$(POD_NAMESPACE).svc", "FirstCause": false, "LastCause": false }, { "Number": 53, "Content": " env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 54, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } } ] } ] }, { "Namespace": "cert-manager", "Kind": "Role", "Name": "cert-manager-webhook:dynamic-serving", "Metadata": [ {} ], "Results": [ { "Target": "Role/cert-manager-webhook:dynamic-serving", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 2 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0113", "Title": "Manage namespace secrets", "Description": "Viewing secrets at the namespace scope can lead to escalation if another service account in that namespace has a higher privileged rolebinding or clusterrolebinding bound.", "Message": "Role 'cert-manager-webhook:dynamic-serving' shouldn't have access to manage secrets in namespace 'cert-manager'", "Namespace": "builtin.kubernetes.KSV113", "Query": "data.builtin.kubernetes.KSV113.deny", "Resolution": "Manage namespace secrets are not allowed. Remove resource 'secrets' from role", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0113", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0113" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 16, "EndLine": 26, "Code": { "Lines": [ { "Number": 16, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 17, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 18, "Content": " resourceNames:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresourceNames\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 19, "Content": " - cert-manager-webhook-ca", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - cert-manager-webhook-ca", "FirstCause": false, "LastCause": false }, { "Number": 20, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 21, "Content": " - secrets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - secrets", "FirstCause": false, "LastCause": false }, { "Number": 22, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 23, "Content": " - get", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - get", "FirstCause": false, "LastCause": false }, { "Number": 24, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": true }, { "Number": 25, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0113", "Title": "Manage namespace secrets", "Description": "Viewing secrets at the namespace scope can lead to escalation if another service account in that namespace has a higher privileged rolebinding or clusterrolebinding bound.", "Message": "Role 'cert-manager-webhook:dynamic-serving' shouldn't have access to manage secrets in namespace 'cert-manager'", "Namespace": "builtin.kubernetes.KSV113", "Query": "data.builtin.kubernetes.KSV113.deny", "Resolution": "Manage namespace secrets are not allowed. Remove resource 'secrets' from role", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0113", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0113" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 27, "EndLine": 32, "Code": { "Lines": [ { "Number": 27, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 28, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 29, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 30, "Content": " - secrets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - secrets", "FirstCause": false, "LastCause": false }, { "Number": 31, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 32, "Content": " - create", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - create", "FirstCause": false, "LastCause": true } ] } } } ] } ] }, { "Namespace": "cert-manager", "Kind": "RoleBinding", "Name": "cert-manager-webhook:dynamic-serving", "Metadata": [ {} ], "Results": [ { "Target": "RoleBinding/cert-manager-webhook:dynamic-serving", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "cert-manager", "Kind": "Service", "Name": "cert-manager", "Metadata": [ {} ], "Results": [ { "Target": "Service/cert-manager", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "cert-manager", "Kind": "Service", "Name": "cert-manager-webhook", "Metadata": [ {} ], "Results": [ { "Target": "Service/cert-manager-webhook", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "cert-manager", "Kind": "ServiceAccount", "Name": "cert-manager", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/cert-manager", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "cert-manager", "Kind": "ServiceAccount", "Name": "cert-manager-cainjector", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/cert-manager-cainjector", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "cert-manager", "Kind": "ServiceAccount", "Name": "cert-manager-webhook", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/cert-manager-webhook", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "cert-manager", "Kind": "ServiceAccount", "Name": "default", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/default", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "default", "Kind": "ConfigMap", "Name": "kube-root-ca.crt", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/kube-root-ca.crt", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "default", "Kind": "Service", "Name": "kubernetes", "Metadata": [ {} ], "Results": [ { "Target": "Service/kubernetes", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "default", "Kind": "ServiceAccount", "Name": "default", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/default", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "default", "Kind": "ServiceAccount", "Name": "operator", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/operator", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "default", "Kind": "ServiceAccount", "Name": "provision", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/provision", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "gitea", "Kind": "ConfigMap", "Name": "gitea-backup-script", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/gitea-backup-script", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "gitea", "Kind": "ConfigMap", "Name": "gitea-mariadb-config", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/gitea-mariadb-config", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 1 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-01010", "Title": "ConfigMap with sensitive content", "Description": "Storing sensitive content such as usernames and email addresses in configMaps is unsafe", "Message": "ConfigMap 'gitea-mariadb-config' in 'gitea' namespace stores sensitive contents in key(s) or value(s) '{\"ssl-key \"}'", "Namespace": "builtin.kubernetes.KSV01010", "Query": "data.builtin.kubernetes.KSV01010.deny", "Resolution": "Remove sensitive content from configMap data value", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-01010", "References": [ "https://avd.aquasec.com/misconfig/ksv-01010" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general" } } ] } ] }, { "Namespace": "gitea", "Kind": "ConfigMap", "Name": "gitea-sql-backup-script", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/gitea-sql-backup-script", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "gitea", "Kind": "ConfigMap", "Name": "kube-root-ca.crt", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/kube-root-ca.crt", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "gitea", "Kind": "ConfigMap", "Name": "rclone-config", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/rclone-config", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 1 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-01010", "Title": "ConfigMap with sensitive content", "Description": "Storing sensitive content such as usernames and email addresses in configMaps is unsafe", "Message": "ConfigMap 'rclone-config' in 'gitea' namespace stores sensitive contents in key(s) or value(s) '{\"secret_access_key \"}'", "Namespace": "builtin.kubernetes.KSV01010", "Query": "data.builtin.kubernetes.KSV01010.deny", "Resolution": "Remove sensitive content from configMap data value", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-01010", "References": [ "https://avd.aquasec.com/misconfig/ksv-01010" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general" } } ] } ] }, { "Namespace": "gitea", "Kind": "CronJob", "Name": "gitea-backup", "Metadata": [ {} ], "Results": [ { "Target": "CronJob/gitea-backup", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 52, "Failures": 5 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0012", "Title": "Runs as root user", "Description": "Force the running image to run as a non-root user to ensure least privileges.", "Message": "Container 'gitea-backup' of CronJob 'gitea-backup' should set 'securityContext.runAsNonRoot' to true", "Namespace": "builtin.kubernetes.KSV012", "Query": "data.builtin.kubernetes.KSV012.deny", "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0012", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", "https://avd.aquasec.com/misconfig/ksv-0012" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 32, "EndLine": 96, "Code": { "Lines": [ { "Number": 32, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 33, "Content": " - /tmp/scripts/backup.sh", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /tmp/scripts/backup.sh", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " command:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mcommand\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " - /bin/sh", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /bin/sh", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " - -c", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - -c", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " - name: SCW_ACCESS_KEY", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: SCW_ACCESS_KEY", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " secretKeyRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 41, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0014", "Title": "Root file system is not read-only", "Description": "An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.", "Message": "Container 'gitea-backup' of CronJob 'gitea-backup' should set 'securityContext.readOnlyRootFilesystem' to true", "Namespace": "builtin.kubernetes.KSV014", "Query": "data.builtin.kubernetes.KSV014.deny", "Resolution": "Change 'containers[].securityContext.readOnlyRootFilesystem' to 'true'.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0014", "References": [ "https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/", "https://avd.aquasec.com/misconfig/ksv-0014" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 32, "EndLine": 96, "Code": { "Lines": [ { "Number": 32, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 33, "Content": " - /tmp/scripts/backup.sh", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /tmp/scripts/backup.sh", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " command:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mcommand\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " - /bin/sh", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /bin/sh", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " - -c", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - -c", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " - name: SCW_ACCESS_KEY", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: SCW_ACCESS_KEY", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " secretKeyRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 41, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0023", "Title": "hostPath volumes mounted", "Description": "According to pod security standard 'HostPath Volumes', HostPath volumes must be forbidden.", "Message": "CronJob 'gitea-backup' should not set 'spec.template.volumes.hostPath'", "Namespace": "builtin.kubernetes.KSV023", "Query": "data.builtin.kubernetes.KSV023.deny", "Resolution": "Do not set 'spec.volumes[*].hostPath'.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0023", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0023" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 10, "EndLine": 131, "Code": { "Lines": [ { "Number": 10, "Content": "spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 11, "Content": " concurrencyPolicy: Forbid", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mconcurrencyPolicy\u001b[0m: Forbid", "FirstCause": false, "LastCause": false }, { "Number": 12, "Content": " failedJobsHistoryLimit: 2", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfailedJobsHistoryLimit\u001b[0m: \u001b[38;5;37m2", "FirstCause": false, "LastCause": false }, { "Number": 13, "Content": " jobTemplate:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mjobTemplate\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 14, "Content": " metadata:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mmetadata\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 15, "Content": " creationTimestamp: null", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mcreationTimestamp\u001b[0m: \u001b[38;5;166mnull", "FirstCause": false, "LastCause": false }, { "Number": 16, "Content": " labels:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mlabels\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 17, "Content": " app: gitea-backup", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mapp\u001b[0m: gitea-backup", "FirstCause": false, "LastCause": false }, { "Number": 18, "Content": " spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 19, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0104", "Title": "Seccomp policies disabled", "Description": "A program inside the container can bypass Seccomp protection policies.", "Message": "container \"gitea-backup\" of cronjob \"gitea-backup\" in \"gitea\" namespace should specify a seccomp profile", "Namespace": "builtin.kubernetes.KSV104", "Query": "data.builtin.kubernetes.KSV104.deny", "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0104" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 32, "EndLine": 96, "Code": { "Lines": [ { "Number": 32, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 33, "Content": " - /tmp/scripts/backup.sh", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /tmp/scripts/backup.sh", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " command:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mcommand\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " - /bin/sh", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /bin/sh", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " - -c", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - -c", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " - name: SCW_ACCESS_KEY", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: SCW_ACCESS_KEY", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " secretKeyRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 41, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0125", "Title": "Restrict container images to trusted registries", "Description": "Ensure that all containers use images only from trusted registry domains.", "Message": "Container gitea-backup in cronjob gitea-backup (namespace: gitea) uses an image from an untrusted registry.", "Namespace": "builtin.kubernetes.KSV0125", "Query": "data.builtin.kubernetes.KSV0125.deny", "Resolution": "Use images from trusted registries.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", "References": [ "https://cloud.google.com/container-registry/docs/overview#registries", "https://docs.aws.amazon.com/general/latest/gr/ecr.html", "https://avd.aquasec.com/misconfig/ksv-0125" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 32, "EndLine": 96, "Code": { "Lines": [ { "Number": 32, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 33, "Content": " - /tmp/scripts/backup.sh", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /tmp/scripts/backup.sh", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " command:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mcommand\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " - /bin/sh", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /bin/sh", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " - -c", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - -c", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " - name: SCW_ACCESS_KEY", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: SCW_ACCESS_KEY", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " secretKeyRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 41, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } } ] } ] }, { "Namespace": "gitea", "Kind": "CronJob", "Name": "mariadb-backup-job", "Metadata": [ {} ], "Results": [ { "Target": "CronJob/mariadb-backup-job", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 52, "Failures": 5 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0012", "Title": "Runs as root user", "Description": "Force the running image to run as a non-root user to ensure least privileges.", "Message": "Container 'sql-cron-job' of CronJob 'mariadb-backup-job' should set 'securityContext.runAsNonRoot' to true", "Namespace": "builtin.kubernetes.KSV012", "Query": "data.builtin.kubernetes.KSV012.deny", "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0012", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", "https://avd.aquasec.com/misconfig/ksv-0012" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 30, "EndLine": 75, "Code": { "Lines": [ { "Number": 30, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 31, "Content": " - /tmp/scripts/backup.sh", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /tmp/scripts/backup.sh", "FirstCause": false, "LastCause": false }, { "Number": 32, "Content": " command:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mcommand\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 33, "Content": " - /bin/sh", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /bin/sh", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " - -c", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - -c", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " - name: MARIADB_USER", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: MARIADB_USER", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " secretKeyRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 39, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0014", "Title": "Root file system is not read-only", "Description": "An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.", "Message": "Container 'sql-cron-job' of CronJob 'mariadb-backup-job' should set 'securityContext.readOnlyRootFilesystem' to true", "Namespace": "builtin.kubernetes.KSV014", "Query": "data.builtin.kubernetes.KSV014.deny", "Resolution": "Change 'containers[].securityContext.readOnlyRootFilesystem' to 'true'.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0014", "References": [ "https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/", "https://avd.aquasec.com/misconfig/ksv-0014" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 30, "EndLine": 75, "Code": { "Lines": [ { "Number": 30, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 31, "Content": " - /tmp/scripts/backup.sh", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /tmp/scripts/backup.sh", "FirstCause": false, "LastCause": false }, { "Number": 32, "Content": " command:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mcommand\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 33, "Content": " - /bin/sh", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /bin/sh", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " - -c", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - -c", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " - name: MARIADB_USER", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: MARIADB_USER", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " secretKeyRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 39, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0023", "Title": "hostPath volumes mounted", "Description": "According to pod security standard 'HostPath Volumes', HostPath volumes must be forbidden.", "Message": "CronJob 'mariadb-backup-job' should not set 'spec.template.volumes.hostPath'", "Namespace": "builtin.kubernetes.KSV023", "Query": "data.builtin.kubernetes.KSV023.deny", "Resolution": "Do not set 'spec.volumes[*].hostPath'.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0023", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0023" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 10, "EndLine": 97, "Code": { "Lines": [ { "Number": 10, "Content": "spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 11, "Content": " concurrencyPolicy: Forbid", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mconcurrencyPolicy\u001b[0m: Forbid", "FirstCause": false, "LastCause": false }, { "Number": 12, "Content": " failedJobsHistoryLimit: 2", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfailedJobsHistoryLimit\u001b[0m: \u001b[38;5;37m2", "FirstCause": false, "LastCause": false }, { "Number": 13, "Content": " jobTemplate:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mjobTemplate\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 14, "Content": " metadata:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mmetadata\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 15, "Content": " creationTimestamp: null", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mcreationTimestamp\u001b[0m: \u001b[38;5;166mnull", "FirstCause": false, "LastCause": false }, { "Number": 16, "Content": " labels:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mlabels\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 17, "Content": " app: mariadb", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mapp\u001b[0m: mariadb", "FirstCause": false, "LastCause": false }, { "Number": 18, "Content": " spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 19, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0104", "Title": "Seccomp policies disabled", "Description": "A program inside the container can bypass Seccomp protection policies.", "Message": "container \"sql-cron-job\" of cronjob \"mariadb-backup-job\" in \"gitea\" namespace should specify a seccomp profile", "Namespace": "builtin.kubernetes.KSV104", "Query": "data.builtin.kubernetes.KSV104.deny", "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0104" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 30, "EndLine": 75, "Code": { "Lines": [ { "Number": 30, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 31, "Content": " - /tmp/scripts/backup.sh", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /tmp/scripts/backup.sh", "FirstCause": false, "LastCause": false }, { "Number": 32, "Content": " command:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mcommand\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 33, "Content": " - /bin/sh", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /bin/sh", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " - -c", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - -c", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " - name: MARIADB_USER", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: MARIADB_USER", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " secretKeyRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 39, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0118", "Title": "Default security context configured", "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", "Message": "cronjob mariadb-backup-job in gitea namespace is using the default security context, which allows root privileges", "Namespace": "builtin.kubernetes.KSV118", "Query": "data.builtin.kubernetes.KSV118.deny", "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", "References": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://avd.aquasec.com/misconfig/ksv-0118" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 27, "EndLine": 94, "Code": { "Lines": [ { "Number": 27, "Content": " spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 28, "Content": " automountServiceAccountToken: true", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mautomountServiceAccountToken\u001b[0m: \u001b[38;5;166mtrue", "FirstCause": false, "LastCause": false }, { "Number": 29, "Content": " containers:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mcontainers\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 30, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 31, "Content": " - /tmp/scripts/backup.sh", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /tmp/scripts/backup.sh", "FirstCause": false, "LastCause": false }, { "Number": 32, "Content": " command:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mcommand\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 33, "Content": " - /bin/sh", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /bin/sh", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " - -c", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - -c", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 36, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } } ] } ] }, { "Namespace": "gitea", "Kind": "Deployment", "Name": "gitea-app", "Metadata": [ {} ], "Results": [ { "Target": "Deployment/gitea-app", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 52, "Failures": 5 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0012", "Title": "Runs as root user", "Description": "Force the running image to run as a non-root user to ensure least privileges.", "Message": "Container 'gitea' of Deployment 'gitea-app' should set 'securityContext.runAsNonRoot' to true", "Namespace": "builtin.kubernetes.KSV012", "Query": "data.builtin.kubernetes.KSV012.deny", "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0012", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", "https://avd.aquasec.com/misconfig/ksv-0012" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 32, "EndLine": 83, "Code": { "Lines": [ { "Number": 32, "Content": " - image: gitea/gitea:1.25-rootless", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: gitea/gitea:1.25-rootless", "FirstCause": true, "LastCause": false }, { "Number": 33, "Content": " imagePullPolicy: Always", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " livenessProbe:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " failureThreshold: 5", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfailureThreshold\u001b[0m: \u001b[38;5;37m5", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " httpGet:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mhttpGet\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " path: /api/healthz", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mpath\u001b[0m: /api/healthz", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " port: http", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mport\u001b[0m: http", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " scheme: HTTPS", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mscheme\u001b[0m: HTTPS", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " initialDelaySeconds: 200", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33minitialDelaySeconds\u001b[0m: \u001b[38;5;37m200", "FirstCause": false, "LastCause": true }, { "Number": 41, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0023", "Title": "hostPath volumes mounted", "Description": "According to pod security standard 'HostPath Volumes', HostPath volumes must be forbidden.", "Message": "Deployment 'gitea-app' should not set 'spec.template.volumes.hostPath'", "Namespace": "builtin.kubernetes.KSV023", "Query": "data.builtin.kubernetes.KSV023.deny", "Resolution": "Do not set 'spec.volumes[*].hostPath'.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0023", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0023" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 12, "EndLine": 118, "Code": { "Lines": [ { "Number": 12, "Content": "spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 13, "Content": " progressDeadlineSeconds: 600", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mprogressDeadlineSeconds\u001b[0m: \u001b[38;5;37m600", "FirstCause": false, "LastCause": false }, { "Number": 14, "Content": " replicas: 1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mreplicas\u001b[0m: \u001b[38;5;37m1", "FirstCause": false, "LastCause": false }, { "Number": 15, "Content": " revisionHistoryLimit: 10", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mrevisionHistoryLimit\u001b[0m: \u001b[38;5;37m10", "FirstCause": false, "LastCause": false }, { "Number": 16, "Content": " selector:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mselector\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 17, "Content": " matchLabels:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mmatchLabels\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 18, "Content": " app: gitea", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mapp\u001b[0m: gitea", "FirstCause": false, "LastCause": false }, { "Number": 19, "Content": " strategy:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mstrategy\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 20, "Content": " type: Recreate", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mtype\u001b[0m: Recreate", "FirstCause": false, "LastCause": true }, { "Number": 21, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0104", "Title": "Seccomp policies disabled", "Description": "A program inside the container can bypass Seccomp protection policies.", "Message": "container \"gitea\" of deployment \"gitea-app\" in \"gitea\" namespace should specify a seccomp profile", "Namespace": "builtin.kubernetes.KSV104", "Query": "data.builtin.kubernetes.KSV104.deny", "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0104" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 32, "EndLine": 83, "Code": { "Lines": [ { "Number": 32, "Content": " - image: gitea/gitea:1.25-rootless", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: gitea/gitea:1.25-rootless", "FirstCause": true, "LastCause": false }, { "Number": 33, "Content": " imagePullPolicy: Always", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " livenessProbe:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " failureThreshold: 5", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfailureThreshold\u001b[0m: \u001b[38;5;37m5", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " httpGet:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mhttpGet\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " path: /api/healthz", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mpath\u001b[0m: /api/healthz", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " port: http", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mport\u001b[0m: http", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " scheme: HTTPS", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mscheme\u001b[0m: HTTPS", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " initialDelaySeconds: 200", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33minitialDelaySeconds\u001b[0m: \u001b[38;5;37m200", "FirstCause": false, "LastCause": true }, { "Number": 41, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0118", "Title": "Default security context configured", "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", "Message": "deployment gitea-app in gitea namespace is using the default security context, which allows root privileges", "Namespace": "builtin.kubernetes.KSV118", "Query": "data.builtin.kubernetes.KSV118.deny", "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", "References": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://avd.aquasec.com/misconfig/ksv-0118" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 29, "EndLine": 118, "Code": { "Lines": [ { "Number": 29, "Content": " spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 30, "Content": " automountServiceAccountToken: true", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mautomountServiceAccountToken\u001b[0m: \u001b[38;5;166mtrue", "FirstCause": false, "LastCause": false }, { "Number": 31, "Content": " containers:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mcontainers\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 32, "Content": " - image: gitea/gitea:1.25-rootless", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: gitea/gitea:1.25-rootless", "FirstCause": false, "LastCause": false }, { "Number": 33, "Content": " imagePullPolicy: Always", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " livenessProbe:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " failureThreshold: 5", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfailureThreshold\u001b[0m: \u001b[38;5;37m5", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " httpGet:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mhttpGet\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " path: /api/healthz", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mpath\u001b[0m: /api/healthz", "FirstCause": false, "LastCause": true }, { "Number": 38, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0125", "Title": "Restrict container images to trusted registries", "Description": "Ensure that all containers use images only from trusted registry domains.", "Message": "Container gitea in deployment gitea-app (namespace: gitea) uses an image from an untrusted registry.", "Namespace": "builtin.kubernetes.KSV0125", "Query": "data.builtin.kubernetes.KSV0125.deny", "Resolution": "Use images from trusted registries.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", "References": [ "https://cloud.google.com/container-registry/docs/overview#registries", "https://docs.aws.amazon.com/general/latest/gr/ecr.html", "https://avd.aquasec.com/misconfig/ksv-0125" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 32, "EndLine": 83, "Code": { "Lines": [ { "Number": 32, "Content": " - image: gitea/gitea:1.25-rootless", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: gitea/gitea:1.25-rootless", "FirstCause": true, "LastCause": false }, { "Number": 33, "Content": " imagePullPolicy: Always", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " livenessProbe:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " failureThreshold: 5", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfailureThreshold\u001b[0m: \u001b[38;5;37m5", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " httpGet:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mhttpGet\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " path: /api/healthz", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mpath\u001b[0m: /api/healthz", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " port: http", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mport\u001b[0m: http", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " scheme: HTTPS", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mscheme\u001b[0m: HTTPS", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " initialDelaySeconds: 200", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33minitialDelaySeconds\u001b[0m: \u001b[38;5;37m200", "FirstCause": false, "LastCause": true }, { "Number": 41, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } } ] } ] }, { "Namespace": "gitea", "Kind": "Deployment", "Name": "mariadb", "Metadata": [ {} ], "Results": [ { "Target": "Deployment/mariadb", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 51, "Failures": 7 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0001", "Title": "Can elevate its own privileges", "Description": "A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.", "Message": "Container 'mariadb' of Deployment 'mariadb' should set 'securityContext.allowPrivilegeEscalation' to false", "Namespace": "builtin.kubernetes.KSV001", "Query": "data.builtin.kubernetes.KSV001.deny", "Resolution": "Set 'set containers[].securityContext.allowPrivilegeEscalation' to 'false'.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0001", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", "https://avd.aquasec.com/misconfig/ksv-0001" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 29, "EndLine": 101, "Code": { "Lines": [ { "Number": 29, "Content": " - env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 30, "Content": " - name: MARIADB_ROOT_PASSWORD", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: MARIADB_ROOT_PASSWORD", "FirstCause": false, "LastCause": false }, { "Number": 31, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 32, "Content": " secretKeyRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 33, "Content": " key: password", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mkey\u001b[0m: password", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " name: gitea-root-credentials", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: gitea-root-credentials", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " optional: false", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33moptional\u001b[0m: \u001b[38;5;166mfalse", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " - name: MARIADB_ROOT_HOST", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: MARIADB_ROOT_HOST", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " value: 10.%", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m10\u001b[0m.%", "FirstCause": false, "LastCause": true }, { "Number": 38, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0012", "Title": "Runs as root user", "Description": "Force the running image to run as a non-root user to ensure least privileges.", "Message": "Container 'mariadb' of Deployment 'mariadb' should set 'securityContext.runAsNonRoot' to true", "Namespace": "builtin.kubernetes.KSV012", "Query": "data.builtin.kubernetes.KSV012.deny", "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0012", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", "https://avd.aquasec.com/misconfig/ksv-0012" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 29, "EndLine": 101, "Code": { "Lines": [ { "Number": 29, "Content": " - env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 30, "Content": " - name: MARIADB_ROOT_PASSWORD", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: MARIADB_ROOT_PASSWORD", "FirstCause": false, "LastCause": false }, { "Number": 31, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 32, "Content": " secretKeyRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 33, "Content": " key: password", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mkey\u001b[0m: password", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " name: gitea-root-credentials", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: gitea-root-credentials", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " optional: false", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33moptional\u001b[0m: \u001b[38;5;166mfalse", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " - name: MARIADB_ROOT_HOST", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: MARIADB_ROOT_HOST", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " value: 10.%", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m10\u001b[0m.%", "FirstCause": false, "LastCause": true }, { "Number": 38, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0014", "Title": "Root file system is not read-only", "Description": "An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.", "Message": "Container 'mariadb' of Deployment 'mariadb' should set 'securityContext.readOnlyRootFilesystem' to true", "Namespace": "builtin.kubernetes.KSV014", "Query": "data.builtin.kubernetes.KSV014.deny", "Resolution": "Change 'containers[].securityContext.readOnlyRootFilesystem' to 'true'.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0014", "References": [ "https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/", "https://avd.aquasec.com/misconfig/ksv-0014" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 29, "EndLine": 101, "Code": { "Lines": [ { "Number": 29, "Content": " - env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 30, "Content": " - name: MARIADB_ROOT_PASSWORD", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: MARIADB_ROOT_PASSWORD", "FirstCause": false, "LastCause": false }, { "Number": 31, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 32, "Content": " secretKeyRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 33, "Content": " key: password", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mkey\u001b[0m: password", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " name: gitea-root-credentials", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: gitea-root-credentials", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " optional: false", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33moptional\u001b[0m: \u001b[38;5;166mfalse", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " - name: MARIADB_ROOT_HOST", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: MARIADB_ROOT_HOST", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " value: 10.%", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m10\u001b[0m.%", "FirstCause": false, "LastCause": true }, { "Number": 38, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0023", "Title": "hostPath volumes mounted", "Description": "According to pod security standard 'HostPath Volumes', HostPath volumes must be forbidden.", "Message": "Deployment 'mariadb' should not set 'spec.template.volumes.hostPath'", "Namespace": "builtin.kubernetes.KSV023", "Query": "data.builtin.kubernetes.KSV023.deny", "Resolution": "Do not set 'spec.volumes[*].hostPath'.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0023", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0023" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 12, "EndLine": 134, "Code": { "Lines": [ { "Number": 12, "Content": "spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 13, "Content": " progressDeadlineSeconds: 600", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mprogressDeadlineSeconds\u001b[0m: \u001b[38;5;37m600", "FirstCause": false, "LastCause": false }, { "Number": 14, "Content": " replicas: 1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mreplicas\u001b[0m: \u001b[38;5;37m1", "FirstCause": false, "LastCause": false }, { "Number": 15, "Content": " revisionHistoryLimit: 10", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mrevisionHistoryLimit\u001b[0m: \u001b[38;5;37m10", "FirstCause": false, "LastCause": false }, { "Number": 16, "Content": " selector:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mselector\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 17, "Content": " matchLabels:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mmatchLabels\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 18, "Content": " app: mariadb", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mapp\u001b[0m: mariadb", "FirstCause": false, "LastCause": false }, { "Number": 19, "Content": " strategy:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mstrategy\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 20, "Content": " type: Recreate", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mtype\u001b[0m: Recreate", "FirstCause": false, "LastCause": true }, { "Number": 21, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0104", "Title": "Seccomp policies disabled", "Description": "A program inside the container can bypass Seccomp protection policies.", "Message": "container \"mariadb\" of deployment \"mariadb\" in \"gitea\" namespace should specify a seccomp profile", "Namespace": "builtin.kubernetes.KSV104", "Query": "data.builtin.kubernetes.KSV104.deny", "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0104" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 29, "EndLine": 101, "Code": { "Lines": [ { "Number": 29, "Content": " - env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 30, "Content": " - name: MARIADB_ROOT_PASSWORD", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: MARIADB_ROOT_PASSWORD", "FirstCause": false, "LastCause": false }, { "Number": 31, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 32, "Content": " secretKeyRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 33, "Content": " key: password", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mkey\u001b[0m: password", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " name: gitea-root-credentials", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: gitea-root-credentials", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " optional: false", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33moptional\u001b[0m: \u001b[38;5;166mfalse", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " - name: MARIADB_ROOT_HOST", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: MARIADB_ROOT_HOST", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " value: 10.%", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m10\u001b[0m.%", "FirstCause": false, "LastCause": true }, { "Number": 38, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0118", "Title": "Default security context configured", "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", "Message": "container mariadb in gitea namespace is using the default security context", "Namespace": "builtin.kubernetes.KSV118", "Query": "data.builtin.kubernetes.KSV118.deny", "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", "References": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://avd.aquasec.com/misconfig/ksv-0118" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 29, "EndLine": 101, "Code": { "Lines": [ { "Number": 29, "Content": " - env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 30, "Content": " - name: MARIADB_ROOT_PASSWORD", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: MARIADB_ROOT_PASSWORD", "FirstCause": false, "LastCause": false }, { "Number": 31, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 32, "Content": " secretKeyRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 33, "Content": " key: password", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mkey\u001b[0m: password", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " name: gitea-root-credentials", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: gitea-root-credentials", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " optional: false", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33moptional\u001b[0m: \u001b[38;5;166mfalse", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " - name: MARIADB_ROOT_HOST", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: MARIADB_ROOT_HOST", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " value: 10.%", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m10\u001b[0m.%", "FirstCause": false, "LastCause": true }, { "Number": 38, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0118", "Title": "Default security context configured", "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", "Message": "deployment mariadb in gitea namespace is using the default security context, which allows root privileges", "Namespace": "builtin.kubernetes.KSV118", "Query": "data.builtin.kubernetes.KSV118.deny", "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", "References": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://avd.aquasec.com/misconfig/ksv-0118" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 26, "EndLine": 134, "Code": { "Lines": [ { "Number": 26, "Content": " spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 27, "Content": " automountServiceAccountToken: true", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mautomountServiceAccountToken\u001b[0m: \u001b[38;5;166mtrue", "FirstCause": false, "LastCause": false }, { "Number": 28, "Content": " containers:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mcontainers\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 29, "Content": " - env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 30, "Content": " - name: MARIADB_ROOT_PASSWORD", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: MARIADB_ROOT_PASSWORD", "FirstCause": false, "LastCause": false }, { "Number": 31, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 32, "Content": " secretKeyRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 33, "Content": " key: password", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mkey\u001b[0m: password", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " name: gitea-root-credentials", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: gitea-root-credentials", "FirstCause": false, "LastCause": true }, { "Number": 35, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } } ] } ] }, { "Namespace": "gitea", "Kind": "Ingress", "Name": "gitea-ingress", "Metadata": [ {} ], "Results": [ { "Target": "Ingress/gitea-ingress", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "gitea", "Kind": "Role", "Name": "gitea-ssh-access", "Metadata": [ {} ], "Results": [ { "Target": "Role/gitea-ssh-access", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 1 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0053", "Title": "Exec into Pods", "Description": "The ability to exec into a container with privileged access to the host or with an attached SA with higher RBAC permissions is a common escalation path to cluster-admin.", "Message": "Role 'gitea-ssh-access' should not have access to resource '[\"pods/exec\"]' for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV053", "Query": "data.builtin.kubernetes.KSV053.deny", "Resolution": "Remove write permission verbs for resource 'pods/exec'", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0053", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0053" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 18, "EndLine": 23, "Code": { "Lines": [ { "Number": 18, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 19, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 20, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 21, "Content": " - pods/exec", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods/exec", "FirstCause": false, "LastCause": false }, { "Number": 22, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 23, "Content": " - create", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - create", "FirstCause": false, "LastCause": true } ] } } } ] } ] }, { "Namespace": "gitea", "Kind": "RoleBinding", "Name": "gitea-ssh-access", "Metadata": [ {} ], "Results": [ { "Target": "RoleBinding/gitea-ssh-access", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "gitea", "Kind": "Service", "Name": "http", "Metadata": [ {} ], "Results": [ { "Target": "Service/http", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "gitea", "Kind": "Service", "Name": "mariadb", "Metadata": [ {} ], "Results": [ { "Target": "Service/mariadb", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "gitea", "Kind": "ServiceAccount", "Name": "default", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/default", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "gitea", "Kind": "ServiceAccount", "Name": "gitea-app-sa", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/gitea-app-sa", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "gitea", "Kind": "ServiceAccount", "Name": "gitea-backup-sa", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/gitea-backup-sa", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "gitea", "Kind": "ServiceAccount", "Name": "gitea-mariadb-sa", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/gitea-mariadb-sa", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "ingress", "Kind": "ConfigMap", "Name": "kube-root-ca.crt", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/kube-root-ca.crt", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "ingress", "Kind": "ConfigMap", "Name": "nginx-ingress-tcp-microk8s-conf", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/nginx-ingress-tcp-microk8s-conf", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "ingress", "Kind": "ConfigMap", "Name": "nginx-ingress-udp-microk8s-conf", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/nginx-ingress-udp-microk8s-conf", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "ingress", "Kind": "ConfigMap", "Name": "nginx-load-balancer-microk8s-conf", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/nginx-load-balancer-microk8s-conf", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "ingress", "Kind": "DaemonSet", "Name": "nginx-ingress-microk8s-controller", "Metadata": [ {} ], "Results": [ { "Target": "DaemonSet/nginx-ingress-microk8s-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 48, "Failures": 9 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0001", "Title": "Can elevate its own privileges", "Description": "A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.", "Message": "Container 'nginx-ingress-microk8s' of DaemonSet 'nginx-ingress-microk8s-controller' should set 'securityContext.allowPrivilegeEscalation' to false", "Namespace": "builtin.kubernetes.KSV001", "Query": "data.builtin.kubernetes.KSV001.deny", "Resolution": "Set 'set containers[].securityContext.allowPrivilegeEscalation' to 'false'.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0001", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", "https://avd.aquasec.com/misconfig/ksv-0001" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 30, "EndLine": 98, "Code": { "Lines": [ { "Number": 30, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 31, "Content": " - /nginx-ingress-controller", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /nginx-ingress-controller", "FirstCause": false, "LastCause": false }, { "Number": 32, "Content": " - --configmap=$(POD_NAMESPACE)/nginx-load-balancer-microk8s-conf", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --configmap=$(POD_NAMESPACE)/nginx-load-balancer-microk8s-conf", "FirstCause": false, "LastCause": false }, { "Number": 33, "Content": " - --tcp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-tcp-microk8s-conf", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --tcp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-tcp-microk8s-conf", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " - --udp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-udp-microk8s-conf", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --udp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-udp-microk8s-conf", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " - --ingress-class=public", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --ingress-class=public", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " - ' '", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m' '", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " - --publish-status-address=127.0.0.1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - --publish-status-address=127.0.0.1", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 39, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0012", "Title": "Runs as root user", "Description": "Force the running image to run as a non-root user to ensure least privileges.", "Message": "Container 'nginx-ingress-microk8s' of DaemonSet 'nginx-ingress-microk8s-controller' should set 'securityContext.runAsNonRoot' to true", "Namespace": "builtin.kubernetes.KSV012", "Query": "data.builtin.kubernetes.KSV012.deny", "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0012", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", "https://avd.aquasec.com/misconfig/ksv-0012" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 30, "EndLine": 98, "Code": { "Lines": [ { "Number": 30, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 31, "Content": " - /nginx-ingress-controller", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /nginx-ingress-controller", "FirstCause": false, "LastCause": false }, { "Number": 32, "Content": " - --configmap=$(POD_NAMESPACE)/nginx-load-balancer-microk8s-conf", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --configmap=$(POD_NAMESPACE)/nginx-load-balancer-microk8s-conf", "FirstCause": false, "LastCause": false }, { "Number": 33, "Content": " - --tcp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-tcp-microk8s-conf", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --tcp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-tcp-microk8s-conf", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " - --udp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-udp-microk8s-conf", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --udp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-udp-microk8s-conf", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " - --ingress-class=public", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --ingress-class=public", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " - ' '", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m' '", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " - --publish-status-address=127.0.0.1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - --publish-status-address=127.0.0.1", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 39, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0014", "Title": "Root file system is not read-only", "Description": "An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.", "Message": "Container 'nginx-ingress-microk8s' of DaemonSet 'nginx-ingress-microk8s-controller' should set 'securityContext.readOnlyRootFilesystem' to true", "Namespace": "builtin.kubernetes.KSV014", "Query": "data.builtin.kubernetes.KSV014.deny", "Resolution": "Change 'containers[].securityContext.readOnlyRootFilesystem' to 'true'.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0014", "References": [ "https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/", "https://avd.aquasec.com/misconfig/ksv-0014" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 30, "EndLine": 98, "Code": { "Lines": [ { "Number": 30, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 31, "Content": " - /nginx-ingress-controller", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /nginx-ingress-controller", "FirstCause": false, "LastCause": false }, { "Number": 32, "Content": " - --configmap=$(POD_NAMESPACE)/nginx-load-balancer-microk8s-conf", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --configmap=$(POD_NAMESPACE)/nginx-load-balancer-microk8s-conf", "FirstCause": false, "LastCause": false }, { "Number": 33, "Content": " - --tcp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-tcp-microk8s-conf", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --tcp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-tcp-microk8s-conf", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " - --udp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-udp-microk8s-conf", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --udp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-udp-microk8s-conf", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " - --ingress-class=public", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --ingress-class=public", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " - ' '", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m' '", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " - --publish-status-address=127.0.0.1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - --publish-status-address=127.0.0.1", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 39, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0022", "Title": "Specific capabilities added", "Description": "According to pod security standard 'Capabilities', capabilities beyond the default set must not be added.", "Message": "Container 'nginx-ingress-microk8s' of DaemonSet 'nginx-ingress-microk8s-controller' should not set 'securityContext.capabilities.add'", "Namespace": "builtin.kubernetes.KSV022", "Query": "data.builtin.kubernetes.KSV022.deny", "Resolution": "Do not set spec.containers[*].securityContext.capabilities.add and spec.initContainers[*].securityContext.capabilities.add.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0022", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0022" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 30, "EndLine": 98, "Code": { "Lines": [ { "Number": 30, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 31, "Content": " - /nginx-ingress-controller", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /nginx-ingress-controller", "FirstCause": false, "LastCause": false }, { "Number": 32, "Content": " - --configmap=$(POD_NAMESPACE)/nginx-load-balancer-microk8s-conf", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --configmap=$(POD_NAMESPACE)/nginx-load-balancer-microk8s-conf", "FirstCause": false, "LastCause": false }, { "Number": 33, "Content": " - --tcp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-tcp-microk8s-conf", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --tcp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-tcp-microk8s-conf", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " - --udp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-udp-microk8s-conf", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --udp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-udp-microk8s-conf", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " - --ingress-class=public", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --ingress-class=public", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " - ' '", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m' '", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " - --publish-status-address=127.0.0.1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - --publish-status-address=127.0.0.1", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 39, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0024", "Title": "Access to host ports", "Description": "According to pod security standard 'Host Ports', hostPorts should be disallowed, or at minimum restricted to a known list.", "Message": "Container 'nginx-ingress-microk8s' of DaemonSet 'nginx-ingress-microk8s-controller' should not set host ports, 'ports[*].hostPort'", "Namespace": "builtin.kubernetes.KSV024", "Query": "data.builtin.kubernetes.KSV024.deny", "Resolution": "Do not set spec.containers[*].ports[*].hostPort and spec.initContainers[*].ports[*].hostPort.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0024", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0024" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 30, "EndLine": 98, "Code": { "Lines": [ { "Number": 30, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 31, "Content": " - /nginx-ingress-controller", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /nginx-ingress-controller", "FirstCause": false, "LastCause": false }, { "Number": 32, "Content": " - --configmap=$(POD_NAMESPACE)/nginx-load-balancer-microk8s-conf", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --configmap=$(POD_NAMESPACE)/nginx-load-balancer-microk8s-conf", "FirstCause": false, "LastCause": false }, { "Number": 33, "Content": " - --tcp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-tcp-microk8s-conf", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --tcp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-tcp-microk8s-conf", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " - --udp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-udp-microk8s-conf", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --udp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-udp-microk8s-conf", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " - --ingress-class=public", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --ingress-class=public", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " - ' '", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m' '", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " - --publish-status-address=127.0.0.1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - --publish-status-address=127.0.0.1", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 39, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0104", "Title": "Seccomp policies disabled", "Description": "A program inside the container can bypass Seccomp protection policies.", "Message": "container \"nginx-ingress-microk8s\" of daemonset \"nginx-ingress-microk8s-controller\" in \"ingress\" namespace should specify a seccomp profile", "Namespace": "builtin.kubernetes.KSV104", "Query": "data.builtin.kubernetes.KSV104.deny", "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0104" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 30, "EndLine": 98, "Code": { "Lines": [ { "Number": 30, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 31, "Content": " - /nginx-ingress-controller", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /nginx-ingress-controller", "FirstCause": false, "LastCause": false }, { "Number": 32, "Content": " - --configmap=$(POD_NAMESPACE)/nginx-load-balancer-microk8s-conf", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --configmap=$(POD_NAMESPACE)/nginx-load-balancer-microk8s-conf", "FirstCause": false, "LastCause": false }, { "Number": 33, "Content": " - --tcp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-tcp-microk8s-conf", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --tcp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-tcp-microk8s-conf", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " - --udp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-udp-microk8s-conf", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --udp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-udp-microk8s-conf", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " - --ingress-class=public", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --ingress-class=public", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " - ' '", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m' '", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " - --publish-status-address=127.0.0.1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - --publish-status-address=127.0.0.1", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 39, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0117", "Title": "Prevent binding to privileged ports", "Description": "The ports which are lower than 1024 receive and transmit various sensitive and privileged data. Allowing containers to use them can bring serious implications.", "Message": "daemonset nginx-ingress-microk8s-controller in ingress namespace should not set spec.template.spec.containers.ports.containerPort to less than 1024", "Namespace": "builtin.kubernetes.KSV117", "Query": "data.builtin.kubernetes.KSV117.deny", "Resolution": "Do not map the container ports to privileged host ports when starting a container.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0117", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/", "https://www.stigviewer.com/stig/kubernetes/2022-12-02/finding/V-242414", "https://avd.aquasec.com/misconfig/ksv-0117" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general" } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0118", "Title": "Default security context configured", "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", "Message": "daemonset nginx-ingress-microk8s-controller in ingress namespace is using the default security context, which allows root privileges", "Namespace": "builtin.kubernetes.KSV118", "Query": "data.builtin.kubernetes.KSV118.deny", "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", "References": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://avd.aquasec.com/misconfig/ksv-0118" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 28, "EndLine": 105, "Code": { "Lines": [ { "Number": 28, "Content": " spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 29, "Content": " containers:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mcontainers\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 30, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 31, "Content": " - /nginx-ingress-controller", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /nginx-ingress-controller", "FirstCause": false, "LastCause": false }, { "Number": 32, "Content": " - --configmap=$(POD_NAMESPACE)/nginx-load-balancer-microk8s-conf", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --configmap=$(POD_NAMESPACE)/nginx-load-balancer-microk8s-conf", "FirstCause": false, "LastCause": false }, { "Number": 33, "Content": " - --tcp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-tcp-microk8s-conf", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --tcp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-tcp-microk8s-conf", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " - --udp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-udp-microk8s-conf", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --udp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-udp-microk8s-conf", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " - --ingress-class=public", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --ingress-class=public", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " - ' '", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m' '", "FirstCause": false, "LastCause": true }, { "Number": 37, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0125", "Title": "Restrict container images to trusted registries", "Description": "Ensure that all containers use images only from trusted registry domains.", "Message": "Container nginx-ingress-microk8s in daemonset nginx-ingress-microk8s-controller (namespace: ingress) uses an image from an untrusted registry.", "Namespace": "builtin.kubernetes.KSV0125", "Query": "data.builtin.kubernetes.KSV0125.deny", "Resolution": "Use images from trusted registries.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", "References": [ "https://cloud.google.com/container-registry/docs/overview#registries", "https://docs.aws.amazon.com/general/latest/gr/ecr.html", "https://avd.aquasec.com/misconfig/ksv-0125" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 30, "EndLine": 98, "Code": { "Lines": [ { "Number": 30, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 31, "Content": " - /nginx-ingress-controller", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /nginx-ingress-controller", "FirstCause": false, "LastCause": false }, { "Number": 32, "Content": " - --configmap=$(POD_NAMESPACE)/nginx-load-balancer-microk8s-conf", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --configmap=$(POD_NAMESPACE)/nginx-load-balancer-microk8s-conf", "FirstCause": false, "LastCause": false }, { "Number": 33, "Content": " - --tcp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-tcp-microk8s-conf", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --tcp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-tcp-microk8s-conf", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " - --udp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-udp-microk8s-conf", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --udp-services-configmap=$(POD_NAMESPACE)/nginx-ingress-udp-microk8s-conf", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " - --ingress-class=public", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --ingress-class=public", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " - ' '", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m' '", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " - --publish-status-address=127.0.0.1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - --publish-status-address=127.0.0.1", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 39, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } } ] } ] }, { "Namespace": "ingress", "Kind": "Role", "Name": "nginx-ingress-microk8s-role", "Metadata": [ {} ], "Results": [ { "Target": "Role/nginx-ingress-microk8s-role", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 55, "Failures": 3 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0049", "Title": "Manage configmaps", "Description": "Some workloads leverage configmaps to store sensitive data or configuration parameters that affect runtime behavior that can be modified by an attacker or combined with another issue to potentially lead to compromise.", "Message": "Role 'nginx-ingress-microk8s-role' should not have access to resource 'configmaps' for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV049", "Query": "data.builtin.kubernetes.KSV049.deny", "Resolution": "Remove write permission verbs for resource 'configmaps'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0049", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0049" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 22, "EndLine": 30, "Code": { "Lines": [ { "Number": 22, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 23, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 24, "Content": " resourceNames:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresourceNames\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 25, "Content": " - ingress-controller-leader", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - ingress-controller-leader", "FirstCause": false, "LastCause": false }, { "Number": 26, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 27, "Content": " - configmaps", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - configmaps", "FirstCause": false, "LastCause": false }, { "Number": 28, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 29, "Content": " - create", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - create", "FirstCause": false, "LastCause": false }, { "Number": 30, "Content": " - update", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - update", "FirstCause": false, "LastCause": true } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0049", "Title": "Manage configmaps", "Description": "Some workloads leverage configmaps to store sensitive data or configuration parameters that affect runtime behavior that can be modified by an attacker or combined with another issue to potentially lead to compromise.", "Message": "Role 'nginx-ingress-microk8s-role' should not have access to resource 'configmaps' for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV049", "Query": "data.builtin.kubernetes.KSV049.deny", "Resolution": "Remove write permission verbs for resource 'configmaps'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0049", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0049" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 31, "EndLine": 36, "Code": { "Lines": [ { "Number": 31, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 32, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 33, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " - configmaps", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - configmaps", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " - create", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - create", "FirstCause": false, "LastCause": true } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0113", "Title": "Manage namespace secrets", "Description": "Viewing secrets at the namespace scope can lead to escalation if another service account in that namespace has a higher privileged rolebinding or clusterrolebinding bound.", "Message": "Role 'nginx-ingress-microk8s-role' shouldn't have access to manage secrets in namespace 'ingress'", "Namespace": "builtin.kubernetes.KSV113", "Query": "data.builtin.kubernetes.KSV113.deny", "Resolution": "Manage namespace secrets are not allowed. Remove resource 'secrets' from role", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0113", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0113" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 13, "EndLine": 21, "Code": { "Lines": [ { "Number": 13, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 14, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 15, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 16, "Content": " - configmaps", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - configmaps", "FirstCause": false, "LastCause": false }, { "Number": 17, "Content": " - endpoints", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - endpoints", "FirstCause": false, "LastCause": false }, { "Number": 18, "Content": " - pods", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - pods", "FirstCause": false, "LastCause": false }, { "Number": 19, "Content": " - secrets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - secrets", "FirstCause": false, "LastCause": false }, { "Number": 20, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 21, "Content": " - get", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - get", "FirstCause": false, "LastCause": true } ] } } } ] } ] }, { "Namespace": "ingress", "Kind": "RoleBinding", "Name": "nginx-ingress-microk8s", "Metadata": [ {} ], "Results": [ { "Target": "RoleBinding/nginx-ingress-microk8s", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "ingress", "Kind": "Service", "Name": "ingress", "Metadata": [ {} ], "Results": [ { "Target": "Service/ingress", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "ingress", "Kind": "ServiceAccount", "Name": "default", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/default", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "ingress", "Kind": "ServiceAccount", "Name": "nginx-ingress-microk8s-serviceaccount", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/nginx-ingress-microk8s-serviceaccount", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-node-lease", "Kind": "ConfigMap", "Name": "kube-root-ca.crt", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/kube-root-ca.crt", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-node-lease", "Kind": "ServiceAccount", "Name": "default", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/default", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-public", "Kind": "ConfigMap", "Name": "kube-root-ca.crt", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/kube-root-ca.crt", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-public", "Kind": "ConfigMap", "Name": "local-registry-hosting", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/local-registry-hosting", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-public", "Kind": "Role", "Name": "system:controller:bootstrap-signer", "Metadata": [ {} ], "Results": [ { "Target": "Role/system:controller:bootstrap-signer", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 1 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0049", "Title": "Manage configmaps", "Description": "Some workloads leverage configmaps to store sensitive data or configuration parameters that affect runtime behavior that can be modified by an attacker or combined with another issue to potentially lead to compromise.", "Message": "Role 'system:controller:bootstrap-signer' should not have access to resource 'configmaps' for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV049", "Query": "data.builtin.kubernetes.KSV049.deny", "Resolution": "Remove write permission verbs for resource 'configmaps'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0049", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0049" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 22, "EndLine": 29, "Code": { "Lines": [ { "Number": 22, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 23, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 24, "Content": " resourceNames:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresourceNames\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 25, "Content": " - cluster-info", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - cluster-info", "FirstCause": false, "LastCause": false }, { "Number": 26, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 27, "Content": " - configmaps", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - configmaps", "FirstCause": false, "LastCause": false }, { "Number": 28, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 29, "Content": " - update", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - update", "FirstCause": false, "LastCause": true } ] } } } ] } ] }, { "Namespace": "kube-public", "Kind": "RoleBinding", "Name": "system:controller:bootstrap-signer", "Metadata": [ {} ], "Results": [ { "Target": "RoleBinding/system:controller:bootstrap-signer", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-public", "Kind": "ServiceAccount", "Name": "default", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/default", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-system", "Kind": "ConfigMap", "Name": "coredns", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/coredns", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-system", "Kind": "ConfigMap", "Name": "extension-apiserver-authentication", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/extension-apiserver-authentication", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 1 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-01010", "Title": "ConfigMap with sensitive content", "Description": "Storing sensitive content such as usernames and email addresses in configMaps is unsafe", "Message": "ConfigMap 'extension-apiserver-authentication' in 'kube-system' namespace stores sensitive contents in key(s) or value(s) '{\"requestheader-username-headers\"}'", "Namespace": "builtin.kubernetes.KSV01010", "Query": "data.builtin.kubernetes.KSV01010.deny", "Resolution": "Remove sensitive content from configMap data value", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-01010", "References": [ "https://avd.aquasec.com/misconfig/ksv-01010" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general" } } ] } ] }, { "Namespace": "kube-system", "Kind": "ConfigMap", "Name": "kube-apiserver-legacy-service-account-token-tracking", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/kube-apiserver-legacy-service-account-token-tracking", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-system", "Kind": "ConfigMap", "Name": "kube-root-ca.crt", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/kube-root-ca.crt", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-system", "Kind": "Deployment", "Name": "coredns", "Metadata": [ {} ], "Results": [ { "Target": "Deployment/coredns", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 50, "Failures": 7 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0012", "Title": "Runs as root user", "Description": "Force the running image to run as a non-root user to ensure least privileges.", "Message": "Container 'coredns' of Deployment 'coredns' should set 'securityContext.runAsNonRoot' to true", "Namespace": "builtin.kubernetes.KSV012", "Query": "data.builtin.kubernetes.KSV012.deny", "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0012", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", "https://avd.aquasec.com/misconfig/ksv-0012" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 41, "EndLine": 95, "Code": { "Lines": [ { "Number": 41, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 42, "Content": " - -conf", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - -conf", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - /etc/coredns/Corefile", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /etc/coredns/Corefile", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " image: coredns/coredns:1.10.1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: coredns/coredns:1.10.1", "FirstCause": false, "LastCause": false }, { "Number": 45, "Content": " imagePullPolicy: IfNotPresent", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", "FirstCause": false, "LastCause": false }, { "Number": 46, "Content": " livenessProbe:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 47, "Content": " failureThreshold: 5", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfailureThreshold\u001b[0m: \u001b[38;5;37m5", "FirstCause": false, "LastCause": false }, { "Number": 48, "Content": " httpGet:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mhttpGet\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 49, "Content": " path: /health", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mpath\u001b[0m: /health", "FirstCause": false, "LastCause": true }, { "Number": 50, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0022", "Title": "Specific capabilities added", "Description": "According to pod security standard 'Capabilities', capabilities beyond the default set must not be added.", "Message": "Container 'coredns' of Deployment 'coredns' should not set 'securityContext.capabilities.add'", "Namespace": "builtin.kubernetes.KSV022", "Query": "data.builtin.kubernetes.KSV022.deny", "Resolution": "Do not set spec.containers[*].securityContext.capabilities.add and spec.initContainers[*].securityContext.capabilities.add.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0022", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0022" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 41, "EndLine": 95, "Code": { "Lines": [ { "Number": 41, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 42, "Content": " - -conf", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - -conf", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - /etc/coredns/Corefile", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /etc/coredns/Corefile", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " image: coredns/coredns:1.10.1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: coredns/coredns:1.10.1", "FirstCause": false, "LastCause": false }, { "Number": 45, "Content": " imagePullPolicy: IfNotPresent", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", "FirstCause": false, "LastCause": false }, { "Number": 46, "Content": " livenessProbe:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 47, "Content": " failureThreshold: 5", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfailureThreshold\u001b[0m: \u001b[38;5;37m5", "FirstCause": false, "LastCause": false }, { "Number": 48, "Content": " httpGet:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mhttpGet\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 49, "Content": " path: /health", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mpath\u001b[0m: /health", "FirstCause": false, "LastCause": true }, { "Number": 50, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0037", "Title": "User resources should not be placed in kube-system namespace", "Description": "ensure that user resources are not placed in kube-system namespace", "Message": "Deployment 'coredns' should not be set with 'kube-system' namespace", "Namespace": "builtin.kubernetes.KSV037", "Query": "data.builtin.kubernetes.KSV037.deny", "Resolution": "Deploy the user resources into a designated namespace which is not kube-system.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0037", "References": [ "https://kubernetes.io/docs/reference/setup-tools/kubeadm/implementation-details/", "https://avd.aquasec.com/misconfig/ksv-0037" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 19, "EndLine": 114, "Code": { "Lines": [ { "Number": 19, "Content": "spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 20, "Content": " progressDeadlineSeconds: 600", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mprogressDeadlineSeconds\u001b[0m: \u001b[38;5;37m600", "FirstCause": false, "LastCause": false }, { "Number": 21, "Content": " replicas: 1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mreplicas\u001b[0m: \u001b[38;5;37m1", "FirstCause": false, "LastCause": false }, { "Number": 22, "Content": " revisionHistoryLimit: 10", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mrevisionHistoryLimit\u001b[0m: \u001b[38;5;37m10", "FirstCause": false, "LastCause": false }, { "Number": 23, "Content": " selector:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mselector\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 24, "Content": " matchLabels:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mmatchLabels\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 25, "Content": " k8s-app: kube-dns", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mk8s-app\u001b[0m: kube-dns", "FirstCause": false, "LastCause": false }, { "Number": 26, "Content": " strategy:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mstrategy\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 27, "Content": " rollingUpdate:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mrollingUpdate\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 28, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0104", "Title": "Seccomp policies disabled", "Description": "A program inside the container can bypass Seccomp protection policies.", "Message": "container \"coredns\" of deployment \"coredns\" in \"kube-system\" namespace should specify a seccomp profile", "Namespace": "builtin.kubernetes.KSV104", "Query": "data.builtin.kubernetes.KSV104.deny", "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0104" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 41, "EndLine": 95, "Code": { "Lines": [ { "Number": 41, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 42, "Content": " - -conf", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - -conf", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - /etc/coredns/Corefile", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /etc/coredns/Corefile", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " image: coredns/coredns:1.10.1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: coredns/coredns:1.10.1", "FirstCause": false, "LastCause": false }, { "Number": 45, "Content": " imagePullPolicy: IfNotPresent", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", "FirstCause": false, "LastCause": false }, { "Number": 46, "Content": " livenessProbe:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 47, "Content": " failureThreshold: 5", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfailureThreshold\u001b[0m: \u001b[38;5;37m5", "FirstCause": false, "LastCause": false }, { "Number": 48, "Content": " httpGet:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mhttpGet\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 49, "Content": " path: /health", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mpath\u001b[0m: /health", "FirstCause": false, "LastCause": true }, { "Number": 50, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0117", "Title": "Prevent binding to privileged ports", "Description": "The ports which are lower than 1024 receive and transmit various sensitive and privileged data. Allowing containers to use them can bring serious implications.", "Message": "deployment coredns in kube-system namespace should not set spec.template.spec.containers.ports.containerPort to less than 1024", "Namespace": "builtin.kubernetes.KSV117", "Query": "data.builtin.kubernetes.KSV117.deny", "Resolution": "Do not map the container ports to privileged host ports when starting a container.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0117", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/", "https://www.stigviewer.com/stig/kubernetes/2022-12-02/finding/V-242414", "https://avd.aquasec.com/misconfig/ksv-0117" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general" } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0118", "Title": "Default security context configured", "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", "Message": "deployment coredns in kube-system namespace is using the default security context, which allows root privileges", "Namespace": "builtin.kubernetes.KSV118", "Query": "data.builtin.kubernetes.KSV118.deny", "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", "References": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://avd.aquasec.com/misconfig/ksv-0118" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 39, "EndLine": 114, "Code": { "Lines": [ { "Number": 39, "Content": " spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 40, "Content": " containers:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mcontainers\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " - -conf", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - -conf", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - /etc/coredns/Corefile", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /etc/coredns/Corefile", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " image: coredns/coredns:1.10.1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: coredns/coredns:1.10.1", "FirstCause": false, "LastCause": false }, { "Number": 45, "Content": " imagePullPolicy: IfNotPresent", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", "FirstCause": false, "LastCause": false }, { "Number": 46, "Content": " livenessProbe:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 47, "Content": " failureThreshold: 5", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfailureThreshold\u001b[0m: \u001b[38;5;37m5", "FirstCause": false, "LastCause": true }, { "Number": 48, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0125", "Title": "Restrict container images to trusted registries", "Description": "Ensure that all containers use images only from trusted registry domains.", "Message": "Container coredns in deployment coredns (namespace: kube-system) uses an image from an untrusted registry.", "Namespace": "builtin.kubernetes.KSV0125", "Query": "data.builtin.kubernetes.KSV0125.deny", "Resolution": "Use images from trusted registries.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", "References": [ "https://cloud.google.com/container-registry/docs/overview#registries", "https://docs.aws.amazon.com/general/latest/gr/ecr.html", "https://avd.aquasec.com/misconfig/ksv-0125" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 41, "EndLine": 95, "Code": { "Lines": [ { "Number": 41, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 42, "Content": " - -conf", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - -conf", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - /etc/coredns/Corefile", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /etc/coredns/Corefile", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " image: coredns/coredns:1.10.1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: coredns/coredns:1.10.1", "FirstCause": false, "LastCause": false }, { "Number": 45, "Content": " imagePullPolicy: IfNotPresent", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", "FirstCause": false, "LastCause": false }, { "Number": 46, "Content": " livenessProbe:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 47, "Content": " failureThreshold: 5", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfailureThreshold\u001b[0m: \u001b[38;5;37m5", "FirstCause": false, "LastCause": false }, { "Number": 48, "Content": " httpGet:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mhttpGet\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 49, "Content": " path: /health", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mpath\u001b[0m: /health", "FirstCause": false, "LastCause": true }, { "Number": 50, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } } ] } ] }, { "Namespace": "kube-system", "Kind": "Deployment", "Name": "hostpath-provisioner", "Metadata": [ {} ], "Results": [ { "Target": "Deployment/hostpath-provisioner", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 49, "Failures": 9 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0001", "Title": "Can elevate its own privileges", "Description": "A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.", "Message": "Container 'hostpath-provisioner' of Deployment 'hostpath-provisioner' should set 'securityContext.allowPrivilegeEscalation' to false", "Namespace": "builtin.kubernetes.KSV001", "Query": "data.builtin.kubernetes.KSV001.deny", "Resolution": "Set 'set containers[].securityContext.allowPrivilegeEscalation' to 'false'.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0001", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", "https://avd.aquasec.com/misconfig/ksv-0001" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 37, "EndLine": 60, "Code": { "Lines": [ { "Number": 37, "Content": " - env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 38, "Content": " - name: NAMESPACE", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: NAMESPACE", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " fieldRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfieldRef\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " apiVersion: v1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mapiVersion\u001b[0m: v1", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " fieldPath: metadata.namespace", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfieldPath\u001b[0m: metadata.namespace", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - name: NODE_NAME", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: NODE_NAME", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 45, "Content": " fieldRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfieldRef\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 46, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0012", "Title": "Runs as root user", "Description": "Force the running image to run as a non-root user to ensure least privileges.", "Message": "Container 'hostpath-provisioner' of Deployment 'hostpath-provisioner' should set 'securityContext.runAsNonRoot' to true", "Namespace": "builtin.kubernetes.KSV012", "Query": "data.builtin.kubernetes.KSV012.deny", "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0012", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", "https://avd.aquasec.com/misconfig/ksv-0012" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 37, "EndLine": 60, "Code": { "Lines": [ { "Number": 37, "Content": " - env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 38, "Content": " - name: NAMESPACE", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: NAMESPACE", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " fieldRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfieldRef\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " apiVersion: v1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mapiVersion\u001b[0m: v1", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " fieldPath: metadata.namespace", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfieldPath\u001b[0m: metadata.namespace", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - name: NODE_NAME", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: NODE_NAME", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 45, "Content": " fieldRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfieldRef\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 46, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0014", "Title": "Root file system is not read-only", "Description": "An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.", "Message": "Container 'hostpath-provisioner' of Deployment 'hostpath-provisioner' should set 'securityContext.readOnlyRootFilesystem' to true", "Namespace": "builtin.kubernetes.KSV014", "Query": "data.builtin.kubernetes.KSV014.deny", "Resolution": "Change 'containers[].securityContext.readOnlyRootFilesystem' to 'true'.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0014", "References": [ "https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/", "https://avd.aquasec.com/misconfig/ksv-0014" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 37, "EndLine": 60, "Code": { "Lines": [ { "Number": 37, "Content": " - env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 38, "Content": " - name: NAMESPACE", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: NAMESPACE", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " fieldRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfieldRef\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " apiVersion: v1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mapiVersion\u001b[0m: v1", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " fieldPath: metadata.namespace", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfieldPath\u001b[0m: metadata.namespace", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - name: NODE_NAME", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: NODE_NAME", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 45, "Content": " fieldRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfieldRef\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 46, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0023", "Title": "hostPath volumes mounted", "Description": "According to pod security standard 'HostPath Volumes', HostPath volumes must be forbidden.", "Message": "Deployment 'hostpath-provisioner' should not set 'spec.template.volumes.hostPath'", "Namespace": "builtin.kubernetes.KSV023", "Query": "data.builtin.kubernetes.KSV023.deny", "Resolution": "Do not set 'spec.volumes[*].hostPath'.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0023", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0023" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 16, "EndLine": 72, "Code": { "Lines": [ { "Number": 16, "Content": "spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 17, "Content": " progressDeadlineSeconds: 600", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mprogressDeadlineSeconds\u001b[0m: \u001b[38;5;37m600", "FirstCause": false, "LastCause": false }, { "Number": 18, "Content": " replicas: 1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mreplicas\u001b[0m: \u001b[38;5;37m1", "FirstCause": false, "LastCause": false }, { "Number": 19, "Content": " revisionHistoryLimit: 0", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mrevisionHistoryLimit\u001b[0m: \u001b[38;5;37m0", "FirstCause": false, "LastCause": false }, { "Number": 20, "Content": " selector:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mselector\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 21, "Content": " matchLabels:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mmatchLabels\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 22, "Content": " k8s-app: hostpath-provisioner", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mk8s-app\u001b[0m: hostpath-provisioner", "FirstCause": false, "LastCause": false }, { "Number": 23, "Content": " strategy:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mstrategy\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 24, "Content": " rollingUpdate:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mrollingUpdate\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 25, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0037", "Title": "User resources should not be placed in kube-system namespace", "Description": "ensure that user resources are not placed in kube-system namespace", "Message": "Deployment 'hostpath-provisioner' should not be set with 'kube-system' namespace", "Namespace": "builtin.kubernetes.KSV037", "Query": "data.builtin.kubernetes.KSV037.deny", "Resolution": "Deploy the user resources into a designated namespace which is not kube-system.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0037", "References": [ "https://kubernetes.io/docs/reference/setup-tools/kubeadm/implementation-details/", "https://avd.aquasec.com/misconfig/ksv-0037" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 16, "EndLine": 72, "Code": { "Lines": [ { "Number": 16, "Content": "spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 17, "Content": " progressDeadlineSeconds: 600", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mprogressDeadlineSeconds\u001b[0m: \u001b[38;5;37m600", "FirstCause": false, "LastCause": false }, { "Number": 18, "Content": " replicas: 1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mreplicas\u001b[0m: \u001b[38;5;37m1", "FirstCause": false, "LastCause": false }, { "Number": 19, "Content": " revisionHistoryLimit: 0", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mrevisionHistoryLimit\u001b[0m: \u001b[38;5;37m0", "FirstCause": false, "LastCause": false }, { "Number": 20, "Content": " selector:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mselector\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 21, "Content": " matchLabels:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mmatchLabels\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 22, "Content": " k8s-app: hostpath-provisioner", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mk8s-app\u001b[0m: hostpath-provisioner", "FirstCause": false, "LastCause": false }, { "Number": 23, "Content": " strategy:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mstrategy\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 24, "Content": " rollingUpdate:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mrollingUpdate\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 25, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0104", "Title": "Seccomp policies disabled", "Description": "A program inside the container can bypass Seccomp protection policies.", "Message": "container \"hostpath-provisioner\" of deployment \"hostpath-provisioner\" in \"kube-system\" namespace should specify a seccomp profile", "Namespace": "builtin.kubernetes.KSV104", "Query": "data.builtin.kubernetes.KSV104.deny", "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0104" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 37, "EndLine": 60, "Code": { "Lines": [ { "Number": 37, "Content": " - env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 38, "Content": " - name: NAMESPACE", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: NAMESPACE", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " fieldRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfieldRef\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " apiVersion: v1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mapiVersion\u001b[0m: v1", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " fieldPath: metadata.namespace", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfieldPath\u001b[0m: metadata.namespace", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - name: NODE_NAME", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: NODE_NAME", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 45, "Content": " fieldRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfieldRef\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 46, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0118", "Title": "Default security context configured", "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", "Message": "container hostpath-provisioner in kube-system namespace is using the default security context", "Namespace": "builtin.kubernetes.KSV118", "Query": "data.builtin.kubernetes.KSV118.deny", "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", "References": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://avd.aquasec.com/misconfig/ksv-0118" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 37, "EndLine": 60, "Code": { "Lines": [ { "Number": 37, "Content": " - env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 38, "Content": " - name: NAMESPACE", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: NAMESPACE", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " fieldRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfieldRef\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " apiVersion: v1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mapiVersion\u001b[0m: v1", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " fieldPath: metadata.namespace", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfieldPath\u001b[0m: metadata.namespace", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - name: NODE_NAME", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: NODE_NAME", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 45, "Content": " fieldRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfieldRef\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 46, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0118", "Title": "Default security context configured", "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", "Message": "deployment hostpath-provisioner in kube-system namespace is using the default security context, which allows root privileges", "Namespace": "builtin.kubernetes.KSV118", "Query": "data.builtin.kubernetes.KSV118.deny", "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", "References": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://avd.aquasec.com/misconfig/ksv-0118" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 35, "EndLine": 72, "Code": { "Lines": [ { "Number": 35, "Content": " spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 36, "Content": " containers:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mcontainers\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " - env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " - name: NAMESPACE", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: NAMESPACE", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " fieldRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfieldRef\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " apiVersion: v1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mapiVersion\u001b[0m: v1", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " fieldPath: metadata.namespace", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfieldPath\u001b[0m: metadata.namespace", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - name: NODE_NAME", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: NODE_NAME", "FirstCause": false, "LastCause": true }, { "Number": 44, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0125", "Title": "Restrict container images to trusted registries", "Description": "Ensure that all containers use images only from trusted registry domains.", "Message": "Container hostpath-provisioner in deployment hostpath-provisioner (namespace: kube-system) uses an image from an untrusted registry.", "Namespace": "builtin.kubernetes.KSV0125", "Query": "data.builtin.kubernetes.KSV0125.deny", "Resolution": "Use images from trusted registries.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", "References": [ "https://cloud.google.com/container-registry/docs/overview#registries", "https://docs.aws.amazon.com/general/latest/gr/ecr.html", "https://avd.aquasec.com/misconfig/ksv-0125" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 37, "EndLine": 60, "Code": { "Lines": [ { "Number": 37, "Content": " - env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 38, "Content": " - name: NAMESPACE", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: NAMESPACE", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " fieldRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfieldRef\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " apiVersion: v1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mapiVersion\u001b[0m: v1", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " fieldPath: metadata.namespace", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfieldPath\u001b[0m: metadata.namespace", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - name: NODE_NAME", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: NODE_NAME", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 45, "Content": " fieldRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfieldRef\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 46, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } } ] } ] }, { "Namespace": "kube-system", "Kind": "Role", "Name": "cert-manager-cainjector:leaderelection", "Metadata": [ {} ], "Results": [ { "Target": "Role/cert-manager-cainjector:leaderelection", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-system", "Kind": "Role", "Name": "cert-manager:leaderelection", "Metadata": [ {} ], "Results": [ { "Target": "Role/cert-manager:leaderelection", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-system", "Kind": "Role", "Name": "extension-apiserver-authentication-reader", "Metadata": [ {} ], "Results": [ { "Target": "Role/extension-apiserver-authentication-reader", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-system", "Kind": "Role", "Name": "system::leader-locking-kube-controller-manager", "Metadata": [ {} ], "Results": [ { "Target": "Role/system::leader-locking-kube-controller-manager", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 1 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0049", "Title": "Manage configmaps", "Description": "Some workloads leverage configmaps to store sensitive data or configuration parameters that affect runtime behavior that can be modified by an attacker or combined with another issue to potentially lead to compromise.", "Message": "Role 'system::leader-locking-kube-controller-manager' should not have access to resource 'configmaps' for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV049", "Query": "data.builtin.kubernetes.KSV049.deny", "Resolution": "Remove write permission verbs for resource 'configmaps'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0049", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0049" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 20, "EndLine": 28, "Code": { "Lines": [ { "Number": 20, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 21, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 22, "Content": " resourceNames:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresourceNames\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 23, "Content": " - kube-controller-manager", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - kube-controller-manager", "FirstCause": false, "LastCause": false }, { "Number": 24, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 25, "Content": " - configmaps", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - configmaps", "FirstCause": false, "LastCause": false }, { "Number": 26, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 27, "Content": " - get", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - get", "FirstCause": false, "LastCause": false }, { "Number": 28, "Content": " - update", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - update", "FirstCause": false, "LastCause": true } ] } } } ] } ] }, { "Namespace": "kube-system", "Kind": "Role", "Name": "system::leader-locking-kube-scheduler", "Metadata": [ {} ], "Results": [ { "Target": "Role/system::leader-locking-kube-scheduler", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 1 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0049", "Title": "Manage configmaps", "Description": "Some workloads leverage configmaps to store sensitive data or configuration parameters that affect runtime behavior that can be modified by an attacker or combined with another issue to potentially lead to compromise.", "Message": "Role 'system::leader-locking-kube-scheduler' should not have access to resource 'configmaps' for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV049", "Query": "data.builtin.kubernetes.KSV049.deny", "Resolution": "Remove write permission verbs for resource 'configmaps'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0049", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0049" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 20, "EndLine": 28, "Code": { "Lines": [ { "Number": 20, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 21, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 22, "Content": " resourceNames:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresourceNames\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 23, "Content": " - kube-scheduler", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - kube-scheduler", "FirstCause": false, "LastCause": false }, { "Number": 24, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 25, "Content": " - configmaps", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - configmaps", "FirstCause": false, "LastCause": false }, { "Number": 26, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 27, "Content": " - get", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - get", "FirstCause": false, "LastCause": false }, { "Number": 28, "Content": " - update", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - update", "FirstCause": false, "LastCause": true } ] } } } ] } ] }, { "Namespace": "kube-system", "Kind": "Role", "Name": "system:controller:bootstrap-signer", "Metadata": [ {} ], "Results": [ { "Target": "Role/system:controller:bootstrap-signer", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 1 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0113", "Title": "Manage namespace secrets", "Description": "Viewing secrets at the namespace scope can lead to escalation if another service account in that namespace has a higher privileged rolebinding or clusterrolebinding bound.", "Message": "Role 'system:controller:bootstrap-signer' shouldn't have access to manage secrets in namespace 'kube-system'", "Namespace": "builtin.kubernetes.KSV113", "Query": "data.builtin.kubernetes.KSV113.deny", "Resolution": "Manage namespace secrets are not allowed. Remove resource 'secrets' from role", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0113", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0113" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 14, "EndLine": 21, "Code": { "Lines": [ { "Number": 14, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 15, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 16, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 17, "Content": " - secrets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - secrets", "FirstCause": false, "LastCause": false }, { "Number": 18, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 19, "Content": " - get", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - get", "FirstCause": false, "LastCause": false }, { "Number": 20, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": false }, { "Number": 21, "Content": " - watch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - watch", "FirstCause": false, "LastCause": true } ] } } } ] } ] }, { "Namespace": "kube-system", "Kind": "Role", "Name": "system:controller:cloud-provider", "Metadata": [ {} ], "Results": [ { "Target": "Role/system:controller:cloud-provider", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 1 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0049", "Title": "Manage configmaps", "Description": "Some workloads leverage configmaps to store sensitive data or configuration parameters that affect runtime behavior that can be modified by an attacker or combined with another issue to potentially lead to compromise.", "Message": "Role 'system:controller:cloud-provider' should not have access to resource 'configmaps' for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV049", "Query": "data.builtin.kubernetes.KSV049.deny", "Resolution": "Remove write permission verbs for resource 'configmaps'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0049", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0049" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 14, "EndLine": 22, "Code": { "Lines": [ { "Number": 14, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 15, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 16, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 17, "Content": " - configmaps", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - configmaps", "FirstCause": false, "LastCause": false }, { "Number": 18, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 19, "Content": " - create", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - create", "FirstCause": false, "LastCause": false }, { "Number": 20, "Content": " - get", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - get", "FirstCause": false, "LastCause": false }, { "Number": 21, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": false }, { "Number": 22, "Content": " - watch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - watch", "FirstCause": false, "LastCause": true } ] } } } ] } ] }, { "Namespace": "kube-system", "Kind": "Role", "Name": "system:controller:token-cleaner", "Metadata": [ {} ], "Results": [ { "Target": "Role/system:controller:token-cleaner", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 1 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0113", "Title": "Manage namespace secrets", "Description": "Viewing secrets at the namespace scope can lead to escalation if another service account in that namespace has a higher privileged rolebinding or clusterrolebinding bound.", "Message": "Role 'system:controller:token-cleaner' shouldn't have access to manage secrets in namespace 'kube-system'", "Namespace": "builtin.kubernetes.KSV113", "Query": "data.builtin.kubernetes.KSV113.deny", "Resolution": "Manage namespace secrets are not allowed. Remove resource 'secrets' from role", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0113", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0113" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 14, "EndLine": 22, "Code": { "Lines": [ { "Number": 14, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 15, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 16, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 17, "Content": " - secrets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - secrets", "FirstCause": false, "LastCause": false }, { "Number": 18, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 19, "Content": " - delete", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - delete", "FirstCause": false, "LastCause": false }, { "Number": 20, "Content": " - get", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - get", "FirstCause": false, "LastCause": false }, { "Number": 21, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": false }, { "Number": 22, "Content": " - watch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - watch", "FirstCause": false, "LastCause": true } ] } } } ] } ] }, { "Namespace": "kube-system", "Kind": "RoleBinding", "Name": "cert-manager-cainjector:leaderelection", "Metadata": [ {} ], "Results": [ { "Target": "RoleBinding/cert-manager-cainjector:leaderelection", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-system", "Kind": "RoleBinding", "Name": "cert-manager:leaderelection", "Metadata": [ {} ], "Results": [ { "Target": "RoleBinding/cert-manager:leaderelection", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-system", "Kind": "RoleBinding", "Name": "system::extension-apiserver-authentication-reader", "Metadata": [ {} ], "Results": [ { "Target": "RoleBinding/system::extension-apiserver-authentication-reader", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-system", "Kind": "RoleBinding", "Name": "system::leader-locking-kube-controller-manager", "Metadata": [ {} ], "Results": [ { "Target": "RoleBinding/system::leader-locking-kube-controller-manager", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-system", "Kind": "RoleBinding", "Name": "system::leader-locking-kube-scheduler", "Metadata": [ {} ], "Results": [ { "Target": "RoleBinding/system::leader-locking-kube-scheduler", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-system", "Kind": "RoleBinding", "Name": "system:controller:bootstrap-signer", "Metadata": [ {} ], "Results": [ { "Target": "RoleBinding/system:controller:bootstrap-signer", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-system", "Kind": "RoleBinding", "Name": "system:controller:cloud-provider", "Metadata": [ {} ], "Results": [ { "Target": "RoleBinding/system:controller:cloud-provider", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-system", "Kind": "RoleBinding", "Name": "system:controller:token-cleaner", "Metadata": [ {} ], "Results": [ { "Target": "RoleBinding/system:controller:token-cleaner", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-system", "Kind": "Service", "Name": "kube-dns", "Metadata": [ {} ], "Results": [ { "Target": "Service/kube-dns", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 1 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0037", "Title": "User resources should not be placed in kube-system namespace", "Description": "ensure that user resources are not placed in kube-system namespace", "Message": "Service 'kube-dns' should not be set with 'kube-system' namespace", "Namespace": "builtin.kubernetes.KSV037", "Query": "data.builtin.kubernetes.KSV037.deny", "Resolution": "Deploy the user resources into a designated namespace which is not kube-system.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0037", "References": [ "https://kubernetes.io/docs/reference/setup-tools/kubeadm/implementation-details/", "https://avd.aquasec.com/misconfig/ksv-0037" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 19, "EndLine": 43, "Code": { "Lines": [ { "Number": 19, "Content": "spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 20, "Content": " clusterIP: 10.152.183.10", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mclusterIP\u001b[0m: \u001b[38;5;37m10.152.183.10", "FirstCause": false, "LastCause": false }, { "Number": 21, "Content": " clusterIPs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mclusterIPs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 22, "Content": " - 10.152.183.10", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m10.152.183.10", "FirstCause": false, "LastCause": false }, { "Number": 23, "Content": " internalTrafficPolicy: Cluster", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33minternalTrafficPolicy\u001b[0m: Cluster", "FirstCause": false, "LastCause": false }, { "Number": 24, "Content": " ipFamilies:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mipFamilies\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 25, "Content": " - IPv4", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - IPv4", "FirstCause": false, "LastCause": false }, { "Number": 26, "Content": " ipFamilyPolicy: SingleStack", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mipFamilyPolicy\u001b[0m: SingleStack", "FirstCause": false, "LastCause": false }, { "Number": 27, "Content": " ports:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mports\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 28, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } } ] } ] }, { "Namespace": "kube-system", "Kind": "ServiceAccount", "Name": "attachdetach-controller", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/attachdetach-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-system", "Kind": "ServiceAccount", "Name": "certificate-controller", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/certificate-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-system", "Kind": "ServiceAccount", "Name": "clusterrole-aggregation-controller", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/clusterrole-aggregation-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-system", "Kind": "ServiceAccount", "Name": "coredns", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/coredns", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-system", "Kind": "ServiceAccount", "Name": "cronjob-controller", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/cronjob-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-system", "Kind": "ServiceAccount", "Name": "daemon-set-controller", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/daemon-set-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-system", "Kind": "ServiceAccount", "Name": "default", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/default", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-system", "Kind": "ServiceAccount", "Name": "deployment-controller", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/deployment-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-system", "Kind": "ServiceAccount", "Name": "disruption-controller", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/disruption-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-system", "Kind": "ServiceAccount", "Name": "endpoint-controller", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/endpoint-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-system", "Kind": "ServiceAccount", "Name": "endpointslice-controller", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/endpointslice-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-system", "Kind": "ServiceAccount", "Name": "endpointslicemirroring-controller", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/endpointslicemirroring-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-system", "Kind": "ServiceAccount", "Name": "ephemeral-volume-controller", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/ephemeral-volume-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-system", "Kind": "ServiceAccount", "Name": "expand-controller", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/expand-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-system", "Kind": "ServiceAccount", "Name": "generic-garbage-collector", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/generic-garbage-collector", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-system", "Kind": "ServiceAccount", "Name": "horizontal-pod-autoscaler", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/horizontal-pod-autoscaler", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-system", "Kind": "ServiceAccount", "Name": "job-controller", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/job-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-system", "Kind": "ServiceAccount", "Name": "legacy-service-account-token-cleaner", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/legacy-service-account-token-cleaner", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-system", "Kind": "ServiceAccount", "Name": "microk8s-hostpath", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/microk8s-hostpath", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-system", "Kind": "ServiceAccount", "Name": "namespace-controller", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/namespace-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-system", "Kind": "ServiceAccount", "Name": "node-controller", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/node-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-system", "Kind": "ServiceAccount", "Name": "persistent-volume-binder", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/persistent-volume-binder", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-system", "Kind": "ServiceAccount", "Name": "pod-garbage-collector", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/pod-garbage-collector", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-system", "Kind": "ServiceAccount", "Name": "pv-protection-controller", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/pv-protection-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-system", "Kind": "ServiceAccount", "Name": "pvc-protection-controller", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/pvc-protection-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-system", "Kind": "ServiceAccount", "Name": "replicaset-controller", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/replicaset-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-system", "Kind": "ServiceAccount", "Name": "replication-controller", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/replication-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-system", "Kind": "ServiceAccount", "Name": "resourcequota-controller", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/resourcequota-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-system", "Kind": "ServiceAccount", "Name": "root-ca-cert-publisher", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/root-ca-cert-publisher", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-system", "Kind": "ServiceAccount", "Name": "service-account-controller", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/service-account-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-system", "Kind": "ServiceAccount", "Name": "service-controller", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/service-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-system", "Kind": "ServiceAccount", "Name": "statefulset-controller", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/statefulset-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-system", "Kind": "ServiceAccount", "Name": "ttl-after-finished-controller", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/ttl-after-finished-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "kube-system", "Kind": "ServiceAccount", "Name": "ttl-controller", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/ttl-controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "m3uproxy", "Kind": "ConfigMap", "Name": "kube-root-ca.crt", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/kube-root-ca.crt", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "m3uproxy", "Kind": "ConfigMap", "Name": "m3uproxy-playlist", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/m3uproxy-playlist", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "m3uproxy", "Kind": "ConfigMap", "Name": "squid-config", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/squid-config", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "m3uproxy", "Kind": "ConfigMap", "Name": "wireguard-config", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/wireguard-config", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 1 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-01010", "Title": "ConfigMap with sensitive content", "Description": "Storing sensitive content such as usernames and email addresses in configMaps is unsafe", "Message": "ConfigMap 'wireguard-config' in 'm3uproxy' namespace stores sensitive contents in key(s) or value(s) '{\"PrivateKey \", \"PublicKey \"}'", "Namespace": "builtin.kubernetes.KSV01010", "Query": "data.builtin.kubernetes.KSV01010.deny", "Resolution": "Remove sensitive content from configMap data value", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-01010", "References": [ "https://avd.aquasec.com/misconfig/ksv-01010" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general" } } ] } ] }, { "Namespace": "m3uproxy", "Kind": "CronJob", "Name": "geoip-update", "Metadata": [ {} ], "Results": [ { "Target": "CronJob/geoip-update", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 49, "Failures": 8 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0001", "Title": "Can elevate its own privileges", "Description": "A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.", "Message": "Container 'geoip-update' of CronJob 'geoip-update' should set 'securityContext.allowPrivilegeEscalation' to false", "Namespace": "builtin.kubernetes.KSV001", "Query": "data.builtin.kubernetes.KSV001.deny", "Resolution": "Set 'set containers[].securityContext.allowPrivilegeEscalation' to 'false'.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0001", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", "https://avd.aquasec.com/misconfig/ksv-0001" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 30, "EndLine": 63, "Code": { "Lines": [ { "Number": 30, "Content": " - env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 31, "Content": " - name: GEOIPUPDATE_ACCOUNT_ID", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: GEOIPUPDATE_ACCOUNT_ID", "FirstCause": false, "LastCause": false }, { "Number": 32, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 33, "Content": " secretKeyRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " key: account_id", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mkey\u001b[0m: account_id", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " name: geoip-maxmind-credentials", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: geoip-maxmind-credentials", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " optional: false", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33moptional\u001b[0m: \u001b[38;5;166mfalse", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " - name: GEOIPUPDATE_LICENSE_KEY", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: GEOIPUPDATE_LICENSE_KEY", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 39, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0012", "Title": "Runs as root user", "Description": "Force the running image to run as a non-root user to ensure least privileges.", "Message": "Container 'geoip-update' of CronJob 'geoip-update' should set 'securityContext.runAsNonRoot' to true", "Namespace": "builtin.kubernetes.KSV012", "Query": "data.builtin.kubernetes.KSV012.deny", "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0012", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", "https://avd.aquasec.com/misconfig/ksv-0012" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 30, "EndLine": 63, "Code": { "Lines": [ { "Number": 30, "Content": " - env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 31, "Content": " - name: GEOIPUPDATE_ACCOUNT_ID", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: GEOIPUPDATE_ACCOUNT_ID", "FirstCause": false, "LastCause": false }, { "Number": 32, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 33, "Content": " secretKeyRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " key: account_id", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mkey\u001b[0m: account_id", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " name: geoip-maxmind-credentials", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: geoip-maxmind-credentials", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " optional: false", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33moptional\u001b[0m: \u001b[38;5;166mfalse", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " - name: GEOIPUPDATE_LICENSE_KEY", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: GEOIPUPDATE_LICENSE_KEY", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 39, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0013", "Title": "Image tag \":latest\" used", "Description": "It is best to avoid using the ':latest' image tag when deploying containers in production. Doing so makes it hard to track which version of the image is running, and hard to roll back the version.", "Message": "Container 'geoip-update' of CronJob 'geoip-update' should specify an image tag", "Namespace": "builtin.kubernetes.KSV013", "Query": "data.builtin.kubernetes.KSV013.deny", "Resolution": "Use a specific container image tag that is not 'latest'.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0013", "References": [ "https://kubernetes.io/docs/concepts/configuration/overview/#container-images", "https://avd.aquasec.com/misconfig/ksv-0013" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 30, "EndLine": 63, "Code": { "Lines": [ { "Number": 30, "Content": " - env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 31, "Content": " - name: GEOIPUPDATE_ACCOUNT_ID", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: GEOIPUPDATE_ACCOUNT_ID", "FirstCause": false, "LastCause": false }, { "Number": 32, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 33, "Content": " secretKeyRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " key: account_id", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mkey\u001b[0m: account_id", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " name: geoip-maxmind-credentials", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: geoip-maxmind-credentials", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " optional: false", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33moptional\u001b[0m: \u001b[38;5;166mfalse", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " - name: GEOIPUPDATE_LICENSE_KEY", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: GEOIPUPDATE_LICENSE_KEY", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 39, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0014", "Title": "Root file system is not read-only", "Description": "An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.", "Message": "Container 'geoip-update' of CronJob 'geoip-update' should set 'securityContext.readOnlyRootFilesystem' to true", "Namespace": "builtin.kubernetes.KSV014", "Query": "data.builtin.kubernetes.KSV014.deny", "Resolution": "Change 'containers[].securityContext.readOnlyRootFilesystem' to 'true'.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0014", "References": [ "https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/", "https://avd.aquasec.com/misconfig/ksv-0014" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 30, "EndLine": 63, "Code": { "Lines": [ { "Number": 30, "Content": " - env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 31, "Content": " - name: GEOIPUPDATE_ACCOUNT_ID", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: GEOIPUPDATE_ACCOUNT_ID", "FirstCause": false, "LastCause": false }, { "Number": 32, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 33, "Content": " secretKeyRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " key: account_id", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mkey\u001b[0m: account_id", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " name: geoip-maxmind-credentials", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: geoip-maxmind-credentials", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " optional: false", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33moptional\u001b[0m: \u001b[38;5;166mfalse", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " - name: GEOIPUPDATE_LICENSE_KEY", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: GEOIPUPDATE_LICENSE_KEY", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 39, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0023", "Title": "hostPath volumes mounted", "Description": "According to pod security standard 'HostPath Volumes', HostPath volumes must be forbidden.", "Message": "CronJob 'geoip-update' should not set 'spec.template.volumes.hostPath'", "Namespace": "builtin.kubernetes.KSV023", "Query": "data.builtin.kubernetes.KSV023.deny", "Resolution": "Do not set 'spec.volumes[*].hostPath'.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0023", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0023" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 10, "EndLine": 80, "Code": { "Lines": [ { "Number": 10, "Content": "spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 11, "Content": " concurrencyPolicy: Allow", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mconcurrencyPolicy\u001b[0m: Allow", "FirstCause": false, "LastCause": false }, { "Number": 12, "Content": " failedJobsHistoryLimit: 1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfailedJobsHistoryLimit\u001b[0m: \u001b[38;5;37m1", "FirstCause": false, "LastCause": false }, { "Number": 13, "Content": " jobTemplate:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mjobTemplate\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 14, "Content": " metadata:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mmetadata\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 15, "Content": " creationTimestamp: null", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mcreationTimestamp\u001b[0m: \u001b[38;5;166mnull", "FirstCause": false, "LastCause": false }, { "Number": 16, "Content": " name: geoip-update", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: geoip-update", "FirstCause": false, "LastCause": false }, { "Number": 17, "Content": " spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 18, "Content": " backoffLimit: 6", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mbackoffLimit\u001b[0m: \u001b[38;5;37m6", "FirstCause": false, "LastCause": true }, { "Number": 19, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0104", "Title": "Seccomp policies disabled", "Description": "A program inside the container can bypass Seccomp protection policies.", "Message": "container \"geoip-update\" of cronjob \"geoip-update\" in \"m3uproxy\" namespace should specify a seccomp profile", "Namespace": "builtin.kubernetes.KSV104", "Query": "data.builtin.kubernetes.KSV104.deny", "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0104" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 30, "EndLine": 63, "Code": { "Lines": [ { "Number": 30, "Content": " - env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 31, "Content": " - name: GEOIPUPDATE_ACCOUNT_ID", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: GEOIPUPDATE_ACCOUNT_ID", "FirstCause": false, "LastCause": false }, { "Number": 32, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 33, "Content": " secretKeyRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " key: account_id", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mkey\u001b[0m: account_id", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " name: geoip-maxmind-credentials", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: geoip-maxmind-credentials", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " optional: false", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33moptional\u001b[0m: \u001b[38;5;166mfalse", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " - name: GEOIPUPDATE_LICENSE_KEY", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: GEOIPUPDATE_LICENSE_KEY", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 39, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0118", "Title": "Default security context configured", "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", "Message": "cronjob geoip-update in m3uproxy namespace is using the default security context, which allows root privileges", "Namespace": "builtin.kubernetes.KSV118", "Query": "data.builtin.kubernetes.KSV118.deny", "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", "References": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://avd.aquasec.com/misconfig/ksv-0118" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 27, "EndLine": 77, "Code": { "Lines": [ { "Number": 27, "Content": " spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 28, "Content": " automountServiceAccountToken: true", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mautomountServiceAccountToken\u001b[0m: \u001b[38;5;166mtrue", "FirstCause": false, "LastCause": false }, { "Number": 29, "Content": " containers:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mcontainers\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 30, "Content": " - env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 31, "Content": " - name: GEOIPUPDATE_ACCOUNT_ID", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: GEOIPUPDATE_ACCOUNT_ID", "FirstCause": false, "LastCause": false }, { "Number": 32, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 33, "Content": " secretKeyRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " key: account_id", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mkey\u001b[0m: account_id", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " name: geoip-maxmind-credentials", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: geoip-maxmind-credentials", "FirstCause": false, "LastCause": true }, { "Number": 36, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0125", "Title": "Restrict container images to trusted registries", "Description": "Ensure that all containers use images only from trusted registry domains.", "Message": "Container geoip-update in cronjob geoip-update (namespace: m3uproxy) uses an image from an untrusted registry.", "Namespace": "builtin.kubernetes.KSV0125", "Query": "data.builtin.kubernetes.KSV0125.deny", "Resolution": "Use images from trusted registries.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", "References": [ "https://cloud.google.com/container-registry/docs/overview#registries", "https://docs.aws.amazon.com/general/latest/gr/ecr.html", "https://avd.aquasec.com/misconfig/ksv-0125" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 30, "EndLine": 63, "Code": { "Lines": [ { "Number": 30, "Content": " - env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 31, "Content": " - name: GEOIPUPDATE_ACCOUNT_ID", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: GEOIPUPDATE_ACCOUNT_ID", "FirstCause": false, "LastCause": false }, { "Number": 32, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 33, "Content": " secretKeyRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " key: account_id", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mkey\u001b[0m: account_id", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " name: geoip-maxmind-credentials", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: geoip-maxmind-credentials", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " optional: false", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33moptional\u001b[0m: \u001b[38;5;166mfalse", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " - name: GEOIPUPDATE_LICENSE_KEY", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: GEOIPUPDATE_LICENSE_KEY", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 39, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } } ] } ] }, { "Namespace": "m3uproxy", "Kind": "Deployment", "Name": "m3uproxy", "Metadata": [ {} ], "Results": [ { "Target": "Deployment/m3uproxy", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 51, "Failures": 6 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0012", "Title": "Runs as root user", "Description": "Force the running image to run as a non-root user to ensure least privileges.", "Message": "Container 'm3uproxy' of Deployment 'm3uproxy' should set 'securityContext.runAsNonRoot' to true", "Namespace": "builtin.kubernetes.KSV012", "Query": "data.builtin.kubernetes.KSV012.deny", "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0012", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", "https://avd.aquasec.com/misconfig/ksv-0012" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 36, "EndLine": 100, "Code": { "Lines": [ { "Number": 36, "Content": " - env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 37, "Content": " - name: LOG_LEVEL", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: LOG_LEVEL", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " value: warn", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: warn", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " - name: USERNAME", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: USERNAME", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " secretKeyRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " key: username", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mkey\u001b[0m: username", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " name: m3uproxy-credentials", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: m3uproxy-credentials", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " optional: false", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33moptional\u001b[0m: \u001b[38;5;166mfalse", "FirstCause": false, "LastCause": true }, { "Number": 45, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0013", "Title": "Image tag \":latest\" used", "Description": "It is best to avoid using the ':latest' image tag when deploying containers in production. Doing so makes it hard to track which version of the image is running, and hard to roll back the version.", "Message": "Container 'm3uproxy' of Deployment 'm3uproxy' should specify an image tag", "Namespace": "builtin.kubernetes.KSV013", "Query": "data.builtin.kubernetes.KSV013.deny", "Resolution": "Use a specific container image tag that is not 'latest'.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0013", "References": [ "https://kubernetes.io/docs/concepts/configuration/overview/#container-images", "https://avd.aquasec.com/misconfig/ksv-0013" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 36, "EndLine": 100, "Code": { "Lines": [ { "Number": 36, "Content": " - env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 37, "Content": " - name: LOG_LEVEL", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: LOG_LEVEL", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " value: warn", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: warn", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " - name: USERNAME", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: USERNAME", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " secretKeyRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " key: username", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mkey\u001b[0m: username", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " name: m3uproxy-credentials", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: m3uproxy-credentials", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " optional: false", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33moptional\u001b[0m: \u001b[38;5;166mfalse", "FirstCause": false, "LastCause": true }, { "Number": 45, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0023", "Title": "hostPath volumes mounted", "Description": "According to pod security standard 'HostPath Volumes', HostPath volumes must be forbidden.", "Message": "Deployment 'm3uproxy' should not set 'spec.template.volumes.hostPath'", "Namespace": "builtin.kubernetes.KSV023", "Query": "data.builtin.kubernetes.KSV023.deny", "Resolution": "Do not set 'spec.volumes[*].hostPath'.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0023", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0023" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 12, "EndLine": 136, "Code": { "Lines": [ { "Number": 12, "Content": "spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 13, "Content": " progressDeadlineSeconds: 600", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mprogressDeadlineSeconds\u001b[0m: \u001b[38;5;37m600", "FirstCause": false, "LastCause": false }, { "Number": 14, "Content": " replicas: 1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mreplicas\u001b[0m: \u001b[38;5;37m1", "FirstCause": false, "LastCause": false }, { "Number": 15, "Content": " revisionHistoryLimit: 10", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mrevisionHistoryLimit\u001b[0m: \u001b[38;5;37m10", "FirstCause": false, "LastCause": false }, { "Number": 16, "Content": " selector:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mselector\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 17, "Content": " matchLabels:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mmatchLabels\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 18, "Content": " app: m3uproxy", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mapp\u001b[0m: m3uproxy", "FirstCause": false, "LastCause": false }, { "Number": 19, "Content": " strategy:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mstrategy\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 20, "Content": " rollingUpdate:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mrollingUpdate\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 21, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0104", "Title": "Seccomp policies disabled", "Description": "A program inside the container can bypass Seccomp protection policies.", "Message": "container \"m3uproxy\" of deployment \"m3uproxy\" in \"m3uproxy\" namespace should specify a seccomp profile", "Namespace": "builtin.kubernetes.KSV104", "Query": "data.builtin.kubernetes.KSV104.deny", "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0104" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 36, "EndLine": 100, "Code": { "Lines": [ { "Number": 36, "Content": " - env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 37, "Content": " - name: LOG_LEVEL", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: LOG_LEVEL", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " value: warn", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: warn", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " - name: USERNAME", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: USERNAME", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " secretKeyRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " key: username", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mkey\u001b[0m: username", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " name: m3uproxy-credentials", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: m3uproxy-credentials", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " optional: false", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33moptional\u001b[0m: \u001b[38;5;166mfalse", "FirstCause": false, "LastCause": true }, { "Number": 45, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0118", "Title": "Default security context configured", "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", "Message": "deployment m3uproxy in m3uproxy namespace is using the default security context, which allows root privileges", "Namespace": "builtin.kubernetes.KSV118", "Query": "data.builtin.kubernetes.KSV118.deny", "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", "References": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://avd.aquasec.com/misconfig/ksv-0118" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 33, "EndLine": 136, "Code": { "Lines": [ { "Number": 33, "Content": " spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 34, "Content": " automountServiceAccountToken: true", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mautomountServiceAccountToken\u001b[0m: \u001b[38;5;166mtrue", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " containers:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mcontainers\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " - env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " - name: LOG_LEVEL", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: LOG_LEVEL", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " value: warn", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: warn", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " - name: USERNAME", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: USERNAME", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " secretKeyRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 42, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0125", "Title": "Restrict container images to trusted registries", "Description": "Ensure that all containers use images only from trusted registry domains.", "Message": "Container m3uproxy in deployment m3uproxy (namespace: m3uproxy) uses an image from an untrusted registry.", "Namespace": "builtin.kubernetes.KSV0125", "Query": "data.builtin.kubernetes.KSV0125.deny", "Resolution": "Use images from trusted registries.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", "References": [ "https://cloud.google.com/container-registry/docs/overview#registries", "https://docs.aws.amazon.com/general/latest/gr/ecr.html", "https://avd.aquasec.com/misconfig/ksv-0125" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 36, "EndLine": 100, "Code": { "Lines": [ { "Number": 36, "Content": " - env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 37, "Content": " - name: LOG_LEVEL", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: LOG_LEVEL", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " value: warn", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: warn", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " - name: USERNAME", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: USERNAME", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " secretKeyRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " key: username", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mkey\u001b[0m: username", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " name: m3uproxy-credentials", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: m3uproxy-credentials", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " optional: false", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33moptional\u001b[0m: \u001b[38;5;166mfalse", "FirstCause": false, "LastCause": true }, { "Number": 45, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } } ] } ] }, { "Namespace": "m3uproxy", "Kind": "Deployment", "Name": "proxy-pt", "Metadata": [ {} ], "Results": [ { "Target": "Deployment/proxy-pt", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 48, "Failures": 13 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0001", "Title": "Can elevate its own privileges", "Description": "A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.", "Message": "Container 'wireguard' of Deployment 'proxy-pt' should set 'securityContext.allowPrivilegeEscalation' to false", "Namespace": "builtin.kubernetes.KSV001", "Query": "data.builtin.kubernetes.KSV001.deny", "Resolution": "Set 'set containers[].securityContext.allowPrivilegeEscalation' to 'false'.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0001", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", "https://avd.aquasec.com/misconfig/ksv-0001" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 34, "EndLine": 76, "Code": { "Lines": [ { "Number": 34, "Content": " - env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 35, "Content": " - name: PUID", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: PUID", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " value: \"1000\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " - name: PGID", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: PGID", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " value: \"1000\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " - name: TZ", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: TZ", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " value: Europe/Berlin", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: Europe/Berlin", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " image: linuxserver/wireguard:1.0.20210914-r4-ls54", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: linuxserver/wireguard:1.0.20210914-r4-ls54", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " imagePullPolicy: IfNotPresent", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", "FirstCause": false, "LastCause": true }, { "Number": 43, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0012", "Title": "Runs as root user", "Description": "Force the running image to run as a non-root user to ensure least privileges.", "Message": "Container 'squid' of Deployment 'proxy-pt' should set 'securityContext.runAsNonRoot' to true", "Namespace": "builtin.kubernetes.KSV012", "Query": "data.builtin.kubernetes.KSV012.deny", "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0012", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", "https://avd.aquasec.com/misconfig/ksv-0012" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 77, "EndLine": 119, "Code": { "Lines": [ { "Number": 77, "Content": " - image: ubuntu/squid:6.1-23.10_edge", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: ubuntu/squid:6.1-23.10_edge", "FirstCause": true, "LastCause": false }, { "Number": 78, "Content": " imagePullPolicy: IfNotPresent", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", "FirstCause": false, "LastCause": false }, { "Number": 79, "Content": " livenessProbe:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 80, "Content": " failureThreshold: 3", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfailureThreshold\u001b[0m: \u001b[38;5;37m3", "FirstCause": false, "LastCause": false }, { "Number": 81, "Content": " initialDelaySeconds: 10", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33minitialDelaySeconds\u001b[0m: \u001b[38;5;37m10", "FirstCause": false, "LastCause": false }, { "Number": 82, "Content": " periodSeconds: 10", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mperiodSeconds\u001b[0m: \u001b[38;5;37m10", "FirstCause": false, "LastCause": false }, { "Number": 83, "Content": " successThreshold: 1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33msuccessThreshold\u001b[0m: \u001b[38;5;37m1", "FirstCause": false, "LastCause": false }, { "Number": 84, "Content": " tcpSocket:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mtcpSocket\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 85, "Content": " port: proxy", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mport\u001b[0m: proxy", "FirstCause": false, "LastCause": true }, { "Number": 86, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0012", "Title": "Runs as root user", "Description": "Force the running image to run as a non-root user to ensure least privileges.", "Message": "Container 'wireguard' of Deployment 'proxy-pt' should set 'securityContext.runAsNonRoot' to true", "Namespace": "builtin.kubernetes.KSV012", "Query": "data.builtin.kubernetes.KSV012.deny", "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0012", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", "https://avd.aquasec.com/misconfig/ksv-0012" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 34, "EndLine": 76, "Code": { "Lines": [ { "Number": 34, "Content": " - env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 35, "Content": " - name: PUID", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: PUID", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " value: \"1000\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " - name: PGID", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: PGID", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " value: \"1000\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " - name: TZ", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: TZ", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " value: Europe/Berlin", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: Europe/Berlin", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " image: linuxserver/wireguard:1.0.20210914-r4-ls54", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: linuxserver/wireguard:1.0.20210914-r4-ls54", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " imagePullPolicy: IfNotPresent", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", "FirstCause": false, "LastCause": true }, { "Number": 43, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0014", "Title": "Root file system is not read-only", "Description": "An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.", "Message": "Container 'squid' of Deployment 'proxy-pt' should set 'securityContext.readOnlyRootFilesystem' to true", "Namespace": "builtin.kubernetes.KSV014", "Query": "data.builtin.kubernetes.KSV014.deny", "Resolution": "Change 'containers[].securityContext.readOnlyRootFilesystem' to 'true'.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0014", "References": [ "https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/", "https://avd.aquasec.com/misconfig/ksv-0014" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 77, "EndLine": 119, "Code": { "Lines": [ { "Number": 77, "Content": " - image: ubuntu/squid:6.1-23.10_edge", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: ubuntu/squid:6.1-23.10_edge", "FirstCause": true, "LastCause": false }, { "Number": 78, "Content": " imagePullPolicy: IfNotPresent", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", "FirstCause": false, "LastCause": false }, { "Number": 79, "Content": " livenessProbe:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 80, "Content": " failureThreshold: 3", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfailureThreshold\u001b[0m: \u001b[38;5;37m3", "FirstCause": false, "LastCause": false }, { "Number": 81, "Content": " initialDelaySeconds: 10", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33minitialDelaySeconds\u001b[0m: \u001b[38;5;37m10", "FirstCause": false, "LastCause": false }, { "Number": 82, "Content": " periodSeconds: 10", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mperiodSeconds\u001b[0m: \u001b[38;5;37m10", "FirstCause": false, "LastCause": false }, { "Number": 83, "Content": " successThreshold: 1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33msuccessThreshold\u001b[0m: \u001b[38;5;37m1", "FirstCause": false, "LastCause": false }, { "Number": 84, "Content": " tcpSocket:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mtcpSocket\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 85, "Content": " port: proxy", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mport\u001b[0m: proxy", "FirstCause": false, "LastCause": true }, { "Number": 86, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0014", "Title": "Root file system is not read-only", "Description": "An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.", "Message": "Container 'wireguard' of Deployment 'proxy-pt' should set 'securityContext.readOnlyRootFilesystem' to true", "Namespace": "builtin.kubernetes.KSV014", "Query": "data.builtin.kubernetes.KSV014.deny", "Resolution": "Change 'containers[].securityContext.readOnlyRootFilesystem' to 'true'.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0014", "References": [ "https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/", "https://avd.aquasec.com/misconfig/ksv-0014" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 34, "EndLine": 76, "Code": { "Lines": [ { "Number": 34, "Content": " - env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 35, "Content": " - name: PUID", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: PUID", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " value: \"1000\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " - name: PGID", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: PGID", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " value: \"1000\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " - name: TZ", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: TZ", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " value: Europe/Berlin", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: Europe/Berlin", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " image: linuxserver/wireguard:1.0.20210914-r4-ls54", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: linuxserver/wireguard:1.0.20210914-r4-ls54", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " imagePullPolicy: IfNotPresent", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", "FirstCause": false, "LastCause": true }, { "Number": 43, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0017", "Title": "Privileged", "Description": "Privileged containers share namespaces with the host system and do not offer any security. They should be used exclusively for system containers that require high privileges.", "Message": "Container 'wireguard' of Deployment 'proxy-pt' should set 'securityContext.privileged' to false", "Namespace": "builtin.kubernetes.KSV017", "Query": "data.builtin.kubernetes.KSV017.deny", "Resolution": "Change 'containers[].securityContext.privileged' to 'false'.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0017", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0017" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 34, "EndLine": 76, "Code": { "Lines": [ { "Number": 34, "Content": " - env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 35, "Content": " - name: PUID", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: PUID", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " value: \"1000\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " - name: PGID", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: PGID", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " value: \"1000\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " - name: TZ", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: TZ", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " value: Europe/Berlin", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: Europe/Berlin", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " image: linuxserver/wireguard:1.0.20210914-r4-ls54", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: linuxserver/wireguard:1.0.20210914-r4-ls54", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " imagePullPolicy: IfNotPresent", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", "FirstCause": false, "LastCause": true }, { "Number": 43, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0022", "Title": "Specific capabilities added", "Description": "According to pod security standard 'Capabilities', capabilities beyond the default set must not be added.", "Message": "Container 'wireguard' of Deployment 'proxy-pt' should not set 'securityContext.capabilities.add'", "Namespace": "builtin.kubernetes.KSV022", "Query": "data.builtin.kubernetes.KSV022.deny", "Resolution": "Do not set spec.containers[*].securityContext.capabilities.add and spec.initContainers[*].securityContext.capabilities.add.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0022", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0022" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 34, "EndLine": 76, "Code": { "Lines": [ { "Number": 34, "Content": " - env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 35, "Content": " - name: PUID", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: PUID", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " value: \"1000\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " - name: PGID", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: PGID", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " value: \"1000\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " - name: TZ", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: TZ", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " value: Europe/Berlin", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: Europe/Berlin", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " image: linuxserver/wireguard:1.0.20210914-r4-ls54", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: linuxserver/wireguard:1.0.20210914-r4-ls54", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " imagePullPolicy: IfNotPresent", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", "FirstCause": false, "LastCause": true }, { "Number": 43, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0023", "Title": "hostPath volumes mounted", "Description": "According to pod security standard 'HostPath Volumes', HostPath volumes must be forbidden.", "Message": "Deployment 'proxy-pt' should not set 'spec.template.volumes.hostPath'", "Namespace": "builtin.kubernetes.KSV023", "Query": "data.builtin.kubernetes.KSV023.deny", "Resolution": "Do not set 'spec.volumes[*].hostPath'.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0023", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0023" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 13, "EndLine": 145, "Code": { "Lines": [ { "Number": 13, "Content": "spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 14, "Content": " progressDeadlineSeconds: 600", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mprogressDeadlineSeconds\u001b[0m: \u001b[38;5;37m600", "FirstCause": false, "LastCause": false }, { "Number": 15, "Content": " replicas: 1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mreplicas\u001b[0m: \u001b[38;5;37m1", "FirstCause": false, "LastCause": false }, { "Number": 16, "Content": " revisionHistoryLimit: 10", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mrevisionHistoryLimit\u001b[0m: \u001b[38;5;37m10", "FirstCause": false, "LastCause": false }, { "Number": 17, "Content": " selector:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mselector\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 18, "Content": " matchLabels:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mmatchLabels\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 19, "Content": " app: proxy-pt", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mapp\u001b[0m: proxy-pt", "FirstCause": false, "LastCause": false }, { "Number": 20, "Content": " strategy:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mstrategy\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 21, "Content": " type: Recreate", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mtype\u001b[0m: Recreate", "FirstCause": false, "LastCause": true }, { "Number": 22, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0104", "Title": "Seccomp policies disabled", "Description": "A program inside the container can bypass Seccomp protection policies.", "Message": "container \"squid\" of deployment \"proxy-pt\" in \"m3uproxy\" namespace should specify a seccomp profile", "Namespace": "builtin.kubernetes.KSV104", "Query": "data.builtin.kubernetes.KSV104.deny", "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0104" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 77, "EndLine": 119, "Code": { "Lines": [ { "Number": 77, "Content": " - image: ubuntu/squid:6.1-23.10_edge", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: ubuntu/squid:6.1-23.10_edge", "FirstCause": true, "LastCause": false }, { "Number": 78, "Content": " imagePullPolicy: IfNotPresent", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", "FirstCause": false, "LastCause": false }, { "Number": 79, "Content": " livenessProbe:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 80, "Content": " failureThreshold: 3", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfailureThreshold\u001b[0m: \u001b[38;5;37m3", "FirstCause": false, "LastCause": false }, { "Number": 81, "Content": " initialDelaySeconds: 10", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33minitialDelaySeconds\u001b[0m: \u001b[38;5;37m10", "FirstCause": false, "LastCause": false }, { "Number": 82, "Content": " periodSeconds: 10", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mperiodSeconds\u001b[0m: \u001b[38;5;37m10", "FirstCause": false, "LastCause": false }, { "Number": 83, "Content": " successThreshold: 1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33msuccessThreshold\u001b[0m: \u001b[38;5;37m1", "FirstCause": false, "LastCause": false }, { "Number": 84, "Content": " tcpSocket:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mtcpSocket\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 85, "Content": " port: proxy", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mport\u001b[0m: proxy", "FirstCause": false, "LastCause": true }, { "Number": 86, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0104", "Title": "Seccomp policies disabled", "Description": "A program inside the container can bypass Seccomp protection policies.", "Message": "container \"wireguard\" of deployment \"proxy-pt\" in \"m3uproxy\" namespace should specify a seccomp profile", "Namespace": "builtin.kubernetes.KSV104", "Query": "data.builtin.kubernetes.KSV104.deny", "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0104" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 34, "EndLine": 76, "Code": { "Lines": [ { "Number": 34, "Content": " - env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 35, "Content": " - name: PUID", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: PUID", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " value: \"1000\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " - name: PGID", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: PGID", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " value: \"1000\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " - name: TZ", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: TZ", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " value: Europe/Berlin", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: Europe/Berlin", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " image: linuxserver/wireguard:1.0.20210914-r4-ls54", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: linuxserver/wireguard:1.0.20210914-r4-ls54", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " imagePullPolicy: IfNotPresent", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", "FirstCause": false, "LastCause": true }, { "Number": 43, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0118", "Title": "Default security context configured", "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", "Message": "deployment proxy-pt in m3uproxy namespace is using the default security context, which allows root privileges", "Namespace": "builtin.kubernetes.KSV118", "Query": "data.builtin.kubernetes.KSV118.deny", "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", "References": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://avd.aquasec.com/misconfig/ksv-0118" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 31, "EndLine": 145, "Code": { "Lines": [ { "Number": 31, "Content": " spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 32, "Content": " automountServiceAccountToken: true", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mautomountServiceAccountToken\u001b[0m: \u001b[38;5;166mtrue", "FirstCause": false, "LastCause": false }, { "Number": 33, "Content": " containers:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mcontainers\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " - env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " - name: PUID", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: PUID", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " value: \"1000\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " - name: PGID", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: PGID", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " value: \"1000\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " - name: TZ", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: TZ", "FirstCause": false, "LastCause": true }, { "Number": 40, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0125", "Title": "Restrict container images to trusted registries", "Description": "Ensure that all containers use images only from trusted registry domains.", "Message": "Container squid in deployment proxy-pt (namespace: m3uproxy) uses an image from an untrusted registry.", "Namespace": "builtin.kubernetes.KSV0125", "Query": "data.builtin.kubernetes.KSV0125.deny", "Resolution": "Use images from trusted registries.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", "References": [ "https://cloud.google.com/container-registry/docs/overview#registries", "https://docs.aws.amazon.com/general/latest/gr/ecr.html", "https://avd.aquasec.com/misconfig/ksv-0125" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 77, "EndLine": 119, "Code": { "Lines": [ { "Number": 77, "Content": " - image: ubuntu/squid:6.1-23.10_edge", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: ubuntu/squid:6.1-23.10_edge", "FirstCause": true, "LastCause": false }, { "Number": 78, "Content": " imagePullPolicy: IfNotPresent", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", "FirstCause": false, "LastCause": false }, { "Number": 79, "Content": " livenessProbe:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 80, "Content": " failureThreshold: 3", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfailureThreshold\u001b[0m: \u001b[38;5;37m3", "FirstCause": false, "LastCause": false }, { "Number": 81, "Content": " initialDelaySeconds: 10", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33minitialDelaySeconds\u001b[0m: \u001b[38;5;37m10", "FirstCause": false, "LastCause": false }, { "Number": 82, "Content": " periodSeconds: 10", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mperiodSeconds\u001b[0m: \u001b[38;5;37m10", "FirstCause": false, "LastCause": false }, { "Number": 83, "Content": " successThreshold: 1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33msuccessThreshold\u001b[0m: \u001b[38;5;37m1", "FirstCause": false, "LastCause": false }, { "Number": 84, "Content": " tcpSocket:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mtcpSocket\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 85, "Content": " port: proxy", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mport\u001b[0m: proxy", "FirstCause": false, "LastCause": true }, { "Number": 86, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0125", "Title": "Restrict container images to trusted registries", "Description": "Ensure that all containers use images only from trusted registry domains.", "Message": "Container wireguard in deployment proxy-pt (namespace: m3uproxy) uses an image from an untrusted registry.", "Namespace": "builtin.kubernetes.KSV0125", "Query": "data.builtin.kubernetes.KSV0125.deny", "Resolution": "Use images from trusted registries.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", "References": [ "https://cloud.google.com/container-registry/docs/overview#registries", "https://docs.aws.amazon.com/general/latest/gr/ecr.html", "https://avd.aquasec.com/misconfig/ksv-0125" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 34, "EndLine": 76, "Code": { "Lines": [ { "Number": 34, "Content": " - env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 35, "Content": " - name: PUID", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: PUID", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " value: \"1000\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " - name: PGID", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: PGID", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " value: \"1000\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " - name: TZ", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: TZ", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " value: Europe/Berlin", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: Europe/Berlin", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " image: linuxserver/wireguard:1.0.20210914-r4-ls54", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: linuxserver/wireguard:1.0.20210914-r4-ls54", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " imagePullPolicy: IfNotPresent", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", "FirstCause": false, "LastCause": true }, { "Number": 43, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } } ] } ] }, { "Namespace": "m3uproxy", "Kind": "Ingress", "Name": "m3uproxy-ingress", "Metadata": [ {} ], "Results": [ { "Target": "Ingress/m3uproxy-ingress", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "m3uproxy", "Kind": "Service", "Name": "http", "Metadata": [ {} ], "Results": [ { "Target": "Service/http", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "m3uproxy", "Kind": "Service", "Name": "proxy-pt", "Metadata": [ {} ], "Results": [ { "Target": "Service/proxy-pt", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "m3uproxy", "Kind": "ServiceAccount", "Name": "default", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/default", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "m3uproxy", "Kind": "ServiceAccount", "Name": "m3uproxy-app-sa", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/m3uproxy-app-sa", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "mail", "Kind": "ConfigMap", "Name": "ca-pem", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/ca-pem", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "mail", "Kind": "ConfigMap", "Name": "cert-checker-config", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/cert-checker-config", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "mail", "Kind": "ConfigMap", "Name": "dovecot-config", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/dovecot-config", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "mail", "Kind": "ConfigMap", "Name": "dovecot-sieve", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/dovecot-sieve", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "mail", "Kind": "ConfigMap", "Name": "getmail-runner", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/getmail-runner", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "mail", "Kind": "ConfigMap", "Name": "kube-root-ca.crt", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/kube-root-ca.crt", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "mail", "Kind": "ConfigMap", "Name": "mail-backup-script", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/mail-backup-script", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "mail", "Kind": "ConfigMap", "Name": "postfix-config", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/postfix-config", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "mail", "Kind": "ConfigMap", "Name": "rclone-config", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/rclone-config", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 1 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-01010", "Title": "ConfigMap with sensitive content", "Description": "Storing sensitive content such as usernames and email addresses in configMaps is unsafe", "Message": "ConfigMap 'rclone-config' in 'mail' namespace stores sensitive contents in key(s) or value(s) '{\"secret_access_key \"}'", "Namespace": "builtin.kubernetes.KSV01010", "Query": "data.builtin.kubernetes.KSV01010.deny", "Resolution": "Remove sensitive content from configMap data value", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-01010", "References": [ "https://avd.aquasec.com/misconfig/ksv-01010" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general" } } ] } ] }, { "Namespace": "mail", "Kind": "ConfigMap", "Name": "stunnel-dovecot", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/stunnel-dovecot", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 1 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-01010", "Title": "ConfigMap with sensitive content", "Description": "Storing sensitive content such as usernames and email addresses in configMaps is unsafe", "Message": "ConfigMap 'stunnel-dovecot' in 'mail' namespace stores sensitive contents in key(s) or value(s) '{\"key \"}'", "Namespace": "builtin.kubernetes.KSV01010", "Query": "data.builtin.kubernetes.KSV01010.deny", "Resolution": "Remove sensitive content from configMap data value", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-01010", "References": [ "https://avd.aquasec.com/misconfig/ksv-01010" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general" } } ] } ] }, { "Namespace": "mail", "Kind": "ConfigMap", "Name": "stunnel-postfix", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/stunnel-postfix", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "mail", "Kind": "CronJob", "Name": "cert-checker-dovecot", "Metadata": [ {} ], "Results": [ { "Target": "CronJob/cert-checker-dovecot", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 54, "Failures": 3 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0023", "Title": "hostPath volumes mounted", "Description": "According to pod security standard 'HostPath Volumes', HostPath volumes must be forbidden.", "Message": "CronJob 'cert-checker-dovecot' should not set 'spec.template.volumes.hostPath'", "Namespace": "builtin.kubernetes.KSV023", "Query": "data.builtin.kubernetes.KSV023.deny", "Resolution": "Do not set 'spec.volumes[*].hostPath'.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0023", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0023" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 12, "EndLine": 99, "Code": { "Lines": [ { "Number": 12, "Content": "spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 13, "Content": " concurrencyPolicy: Allow", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mconcurrencyPolicy\u001b[0m: Allow", "FirstCause": false, "LastCause": false }, { "Number": 14, "Content": " failedJobsHistoryLimit: 1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfailedJobsHistoryLimit\u001b[0m: \u001b[38;5;37m1", "FirstCause": false, "LastCause": false }, { "Number": 15, "Content": " jobTemplate:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mjobTemplate\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 16, "Content": " metadata:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mmetadata\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 17, "Content": " creationTimestamp: null", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mcreationTimestamp\u001b[0m: \u001b[38;5;166mnull", "FirstCause": false, "LastCause": false }, { "Number": 18, "Content": " name: cert-checker", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: cert-checker", "FirstCause": false, "LastCause": false }, { "Number": 19, "Content": " spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 20, "Content": " backoffLimit: 1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mbackoffLimit\u001b[0m: \u001b[38;5;37m1", "FirstCause": false, "LastCause": true }, { "Number": 21, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0104", "Title": "Seccomp policies disabled", "Description": "A program inside the container can bypass Seccomp protection policies.", "Message": "container \"cert-checker\" of cronjob \"cert-checker-dovecot\" in \"mail\" namespace should specify a seccomp profile", "Namespace": "builtin.kubernetes.KSV104", "Query": "data.builtin.kubernetes.KSV104.deny", "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0104" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 32, "EndLine": 72, "Code": { "Lines": [ { "Number": 32, "Content": " - command:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcommand\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 33, "Content": " - sh", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - sh", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " - -c", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - -c", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " - python -m venv /tmp/venv \u0026\u0026 . /tmp/venv/bin/activate \u0026\u0026 pip install -r /config/requirements.txt \u0026\u0026 python /config/check.py", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - python -m venv /tmp/venv \u0026\u0026 . /tmp/venv/bin/activate \u0026\u0026 pip install -r /config/requirements.txt \u0026\u0026 python /config/check.py", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " - name: DEPLOYMENT_NAME", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: DEPLOYMENT_NAME", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " value: dovecot", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: dovecot", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " - name: NAMESPACE", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: NAMESPACE", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " value: mail", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: mail", "FirstCause": false, "LastCause": true }, { "Number": 41, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0118", "Title": "Default security context configured", "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", "Message": "cronjob cert-checker-dovecot in mail namespace is using the default security context, which allows root privileges", "Namespace": "builtin.kubernetes.KSV118", "Query": "data.builtin.kubernetes.KSV118.deny", "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", "References": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://avd.aquasec.com/misconfig/ksv-0118" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 29, "EndLine": 96, "Code": { "Lines": [ { "Number": 29, "Content": " spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 30, "Content": " automountServiceAccountToken: true", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mautomountServiceAccountToken\u001b[0m: \u001b[38;5;166mtrue", "FirstCause": false, "LastCause": false }, { "Number": 31, "Content": " containers:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mcontainers\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 32, "Content": " - command:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcommand\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 33, "Content": " - sh", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - sh", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " - -c", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - -c", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " - python -m venv /tmp/venv \u0026\u0026 . /tmp/venv/bin/activate \u0026\u0026 pip install -r /config/requirements.txt \u0026\u0026 python /config/check.py", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - python -m venv /tmp/venv \u0026\u0026 . /tmp/venv/bin/activate \u0026\u0026 pip install -r /config/requirements.txt \u0026\u0026 python /config/check.py", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " - name: DEPLOYMENT_NAME", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: DEPLOYMENT_NAME", "FirstCause": false, "LastCause": true }, { "Number": 38, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } } ] } ] }, { "Namespace": "mail", "Kind": "CronJob", "Name": "cert-checker-postfix", "Metadata": [ {} ], "Results": [ { "Target": "CronJob/cert-checker-postfix", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 54, "Failures": 3 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0023", "Title": "hostPath volumes mounted", "Description": "According to pod security standard 'HostPath Volumes', HostPath volumes must be forbidden.", "Message": "CronJob 'cert-checker-postfix' should not set 'spec.template.volumes.hostPath'", "Namespace": "builtin.kubernetes.KSV023", "Query": "data.builtin.kubernetes.KSV023.deny", "Resolution": "Do not set 'spec.volumes[*].hostPath'.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0023", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0023" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 12, "EndLine": 99, "Code": { "Lines": [ { "Number": 12, "Content": "spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 13, "Content": " concurrencyPolicy: Allow", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mconcurrencyPolicy\u001b[0m: Allow", "FirstCause": false, "LastCause": false }, { "Number": 14, "Content": " failedJobsHistoryLimit: 1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfailedJobsHistoryLimit\u001b[0m: \u001b[38;5;37m1", "FirstCause": false, "LastCause": false }, { "Number": 15, "Content": " jobTemplate:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mjobTemplate\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 16, "Content": " metadata:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mmetadata\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 17, "Content": " creationTimestamp: null", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mcreationTimestamp\u001b[0m: \u001b[38;5;166mnull", "FirstCause": false, "LastCause": false }, { "Number": 18, "Content": " name: cert-checker", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: cert-checker", "FirstCause": false, "LastCause": false }, { "Number": 19, "Content": " spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 20, "Content": " backoffLimit: 1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mbackoffLimit\u001b[0m: \u001b[38;5;37m1", "FirstCause": false, "LastCause": true }, { "Number": 21, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0104", "Title": "Seccomp policies disabled", "Description": "A program inside the container can bypass Seccomp protection policies.", "Message": "container \"cert-checker\" of cronjob \"cert-checker-postfix\" in \"mail\" namespace should specify a seccomp profile", "Namespace": "builtin.kubernetes.KSV104", "Query": "data.builtin.kubernetes.KSV104.deny", "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0104" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 32, "EndLine": 72, "Code": { "Lines": [ { "Number": 32, "Content": " - command:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcommand\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 33, "Content": " - sh", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - sh", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " - -c", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - -c", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " - python -m venv /tmp/venv \u0026\u0026 . /tmp/venv/bin/activate \u0026\u0026 pip install -r /config/requirements.txt \u0026\u0026 python /config/check.py", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - python -m venv /tmp/venv \u0026\u0026 . /tmp/venv/bin/activate \u0026\u0026 pip install -r /config/requirements.txt \u0026\u0026 python /config/check.py", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " - name: DEPLOYMENT_NAME", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: DEPLOYMENT_NAME", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " value: postfix", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: postfix", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " - name: NAMESPACE", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: NAMESPACE", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " value: mail", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: mail", "FirstCause": false, "LastCause": true }, { "Number": 41, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0118", "Title": "Default security context configured", "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", "Message": "cronjob cert-checker-postfix in mail namespace is using the default security context, which allows root privileges", "Namespace": "builtin.kubernetes.KSV118", "Query": "data.builtin.kubernetes.KSV118.deny", "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", "References": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://avd.aquasec.com/misconfig/ksv-0118" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 29, "EndLine": 96, "Code": { "Lines": [ { "Number": 29, "Content": " spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 30, "Content": " automountServiceAccountToken: true", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mautomountServiceAccountToken\u001b[0m: \u001b[38;5;166mtrue", "FirstCause": false, "LastCause": false }, { "Number": 31, "Content": " containers:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mcontainers\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 32, "Content": " - command:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcommand\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 33, "Content": " - sh", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - sh", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " - -c", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - -c", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " - python -m venv /tmp/venv \u0026\u0026 . /tmp/venv/bin/activate \u0026\u0026 pip install -r /config/requirements.txt \u0026\u0026 python /config/check.py", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - python -m venv /tmp/venv \u0026\u0026 . /tmp/venv/bin/activate \u0026\u0026 pip install -r /config/requirements.txt \u0026\u0026 python /config/check.py", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " - name: DEPLOYMENT_NAME", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: DEPLOYMENT_NAME", "FirstCause": false, "LastCause": true }, { "Number": 38, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } } ] } ] }, { "Namespace": "mail", "Kind": "CronJob", "Name": "mail-backup", "Metadata": [ {} ], "Results": [ { "Target": "CronJob/mail-backup", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 52, "Failures": 5 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0012", "Title": "Runs as root user", "Description": "Force the running image to run as a non-root user to ensure least privileges.", "Message": "Container 'mail-backup' of CronJob 'mail-backup' should set 'securityContext.runAsNonRoot' to true", "Namespace": "builtin.kubernetes.KSV012", "Query": "data.builtin.kubernetes.KSV012.deny", "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0012", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", "https://avd.aquasec.com/misconfig/ksv-0012" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 32, "EndLine": 96, "Code": { "Lines": [ { "Number": 32, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 33, "Content": " - /tmp/scripts/backup.sh", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /tmp/scripts/backup.sh", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " command:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mcommand\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " - /bin/sh", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /bin/sh", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " - -c", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - -c", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " - name: SCW_ACCESS_KEY", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: SCW_ACCESS_KEY", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " secretKeyRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 41, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0014", "Title": "Root file system is not read-only", "Description": "An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.", "Message": "Container 'mail-backup' of CronJob 'mail-backup' should set 'securityContext.readOnlyRootFilesystem' to true", "Namespace": "builtin.kubernetes.KSV014", "Query": "data.builtin.kubernetes.KSV014.deny", "Resolution": "Change 'containers[].securityContext.readOnlyRootFilesystem' to 'true'.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0014", "References": [ "https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/", "https://avd.aquasec.com/misconfig/ksv-0014" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 32, "EndLine": 96, "Code": { "Lines": [ { "Number": 32, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 33, "Content": " - /tmp/scripts/backup.sh", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /tmp/scripts/backup.sh", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " command:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mcommand\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " - /bin/sh", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /bin/sh", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " - -c", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - -c", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " - name: SCW_ACCESS_KEY", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: SCW_ACCESS_KEY", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " secretKeyRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 41, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0023", "Title": "hostPath volumes mounted", "Description": "According to pod security standard 'HostPath Volumes', HostPath volumes must be forbidden.", "Message": "CronJob 'mail-backup' should not set 'spec.template.volumes.hostPath'", "Namespace": "builtin.kubernetes.KSV023", "Query": "data.builtin.kubernetes.KSV023.deny", "Resolution": "Do not set 'spec.volumes[*].hostPath'.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0023", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0023" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 10, "EndLine": 131, "Code": { "Lines": [ { "Number": 10, "Content": "spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 11, "Content": " concurrencyPolicy: Forbid", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mconcurrencyPolicy\u001b[0m: Forbid", "FirstCause": false, "LastCause": false }, { "Number": 12, "Content": " failedJobsHistoryLimit: 2", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfailedJobsHistoryLimit\u001b[0m: \u001b[38;5;37m2", "FirstCause": false, "LastCause": false }, { "Number": 13, "Content": " jobTemplate:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mjobTemplate\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 14, "Content": " metadata:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mmetadata\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 15, "Content": " creationTimestamp: null", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mcreationTimestamp\u001b[0m: \u001b[38;5;166mnull", "FirstCause": false, "LastCause": false }, { "Number": 16, "Content": " labels:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mlabels\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 17, "Content": " app: mail-backup", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mapp\u001b[0m: mail-backup", "FirstCause": false, "LastCause": false }, { "Number": 18, "Content": " spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 19, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0104", "Title": "Seccomp policies disabled", "Description": "A program inside the container can bypass Seccomp protection policies.", "Message": "container \"mail-backup\" of cronjob \"mail-backup\" in \"mail\" namespace should specify a seccomp profile", "Namespace": "builtin.kubernetes.KSV104", "Query": "data.builtin.kubernetes.KSV104.deny", "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0104" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 32, "EndLine": 96, "Code": { "Lines": [ { "Number": 32, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 33, "Content": " - /tmp/scripts/backup.sh", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /tmp/scripts/backup.sh", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " command:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mcommand\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " - /bin/sh", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /bin/sh", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " - -c", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - -c", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " - name: SCW_ACCESS_KEY", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: SCW_ACCESS_KEY", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " secretKeyRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 41, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0125", "Title": "Restrict container images to trusted registries", "Description": "Ensure that all containers use images only from trusted registry domains.", "Message": "Container mail-backup in cronjob mail-backup (namespace: mail) uses an image from an untrusted registry.", "Namespace": "builtin.kubernetes.KSV0125", "Query": "data.builtin.kubernetes.KSV0125.deny", "Resolution": "Use images from trusted registries.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", "References": [ "https://cloud.google.com/container-registry/docs/overview#registries", "https://docs.aws.amazon.com/general/latest/gr/ecr.html", "https://avd.aquasec.com/misconfig/ksv-0125" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 32, "EndLine": 96, "Code": { "Lines": [ { "Number": 32, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 33, "Content": " - /tmp/scripts/backup.sh", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /tmp/scripts/backup.sh", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " command:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mcommand\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " - /bin/sh", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /bin/sh", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " - -c", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - -c", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " - name: SCW_ACCESS_KEY", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: SCW_ACCESS_KEY", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " secretKeyRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 41, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } } ] } ] }, { "Namespace": "mail", "Kind": "Deployment", "Name": "dovecot", "Metadata": [ {} ], "Results": [ { "Target": "Deployment/dovecot", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 48, "Failures": 18 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0001", "Title": "Can elevate its own privileges", "Description": "A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.", "Message": "Container 'dovecot' of Deployment 'dovecot' should set 'securityContext.allowPrivilegeEscalation' to false", "Namespace": "builtin.kubernetes.KSV001", "Query": "data.builtin.kubernetes.KSV001.deny", "Resolution": "Set 'set containers[].securityContext.allowPrivilegeEscalation' to 'false'.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0001", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", "https://avd.aquasec.com/misconfig/ksv-0001" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 36, "EndLine": 84, "Code": { "Lines": [ { "Number": 36, "Content": " - image: dovecot/dovecot:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: dovecot/dovecot:latest", "FirstCause": true, "LastCause": false }, { "Number": 37, "Content": " imagePullPolicy: Always", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " name: dovecot", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: dovecot", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " ports:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mports\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " - containerPort: 31993", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m31993", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " hostPort: 993", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mhostPort\u001b[0m: \u001b[38;5;37m993", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " protocol: TCP", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mprotocol\u001b[0m: TCP", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - containerPort: 31024", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m31024", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " name: lmtp", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: lmtp", "FirstCause": false, "LastCause": true }, { "Number": 45, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0001", "Title": "Can elevate its own privileges", "Description": "A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.", "Message": "Container 'stunnel' of Deployment 'dovecot' should set 'securityContext.allowPrivilegeEscalation' to false", "Namespace": "builtin.kubernetes.KSV001", "Query": "data.builtin.kubernetes.KSV001.deny", "Resolution": "Set 'set containers[].securityContext.allowPrivilegeEscalation' to 'false'.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0001", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", "https://avd.aquasec.com/misconfig/ksv-0001" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 85, "EndLine": 105, "Code": { "Lines": [ { "Number": 85, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 86, "Content": " - /etc/conf/stunnel.conf", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /etc/conf/stunnel.conf", "FirstCause": false, "LastCause": false }, { "Number": 87, "Content": " image: chainguard/stunnel:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: chainguard/stunnel:latest", "FirstCause": false, "LastCause": false }, { "Number": 88, "Content": " imagePullPolicy: Always", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", "FirstCause": false, "LastCause": false }, { "Number": 89, "Content": " name: stunnel", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: stunnel", "FirstCause": false, "LastCause": false }, { "Number": 90, "Content": " ports:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mports\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 91, "Content": " - containerPort: 31000", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m31000", "FirstCause": false, "LastCause": false }, { "Number": 92, "Content": " name: auth", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: auth", "FirstCause": false, "LastCause": false }, { "Number": 93, "Content": " protocol: TCP", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mprotocol\u001b[0m: TCP", "FirstCause": false, "LastCause": true }, { "Number": 94, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0012", "Title": "Runs as root user", "Description": "Force the running image to run as a non-root user to ensure least privileges.", "Message": "Container 'dovecot' of Deployment 'dovecot' should set 'securityContext.runAsNonRoot' to true", "Namespace": "builtin.kubernetes.KSV012", "Query": "data.builtin.kubernetes.KSV012.deny", "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0012", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", "https://avd.aquasec.com/misconfig/ksv-0012" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 36, "EndLine": 84, "Code": { "Lines": [ { "Number": 36, "Content": " - image: dovecot/dovecot:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: dovecot/dovecot:latest", "FirstCause": true, "LastCause": false }, { "Number": 37, "Content": " imagePullPolicy: Always", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " name: dovecot", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: dovecot", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " ports:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mports\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " - containerPort: 31993", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m31993", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " hostPort: 993", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mhostPort\u001b[0m: \u001b[38;5;37m993", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " protocol: TCP", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mprotocol\u001b[0m: TCP", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - containerPort: 31024", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m31024", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " name: lmtp", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: lmtp", "FirstCause": false, "LastCause": true }, { "Number": 45, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0012", "Title": "Runs as root user", "Description": "Force the running image to run as a non-root user to ensure least privileges.", "Message": "Container 'stunnel' of Deployment 'dovecot' should set 'securityContext.runAsNonRoot' to true", "Namespace": "builtin.kubernetes.KSV012", "Query": "data.builtin.kubernetes.KSV012.deny", "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0012", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", "https://avd.aquasec.com/misconfig/ksv-0012" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 85, "EndLine": 105, "Code": { "Lines": [ { "Number": 85, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 86, "Content": " - /etc/conf/stunnel.conf", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /etc/conf/stunnel.conf", "FirstCause": false, "LastCause": false }, { "Number": 87, "Content": " image: chainguard/stunnel:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: chainguard/stunnel:latest", "FirstCause": false, "LastCause": false }, { "Number": 88, "Content": " imagePullPolicy: Always", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", "FirstCause": false, "LastCause": false }, { "Number": 89, "Content": " name: stunnel", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: stunnel", "FirstCause": false, "LastCause": false }, { "Number": 90, "Content": " ports:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mports\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 91, "Content": " - containerPort: 31000", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m31000", "FirstCause": false, "LastCause": false }, { "Number": 92, "Content": " name: auth", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: auth", "FirstCause": false, "LastCause": false }, { "Number": 93, "Content": " protocol: TCP", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mprotocol\u001b[0m: TCP", "FirstCause": false, "LastCause": true }, { "Number": 94, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0013", "Title": "Image tag \":latest\" used", "Description": "It is best to avoid using the ':latest' image tag when deploying containers in production. Doing so makes it hard to track which version of the image is running, and hard to roll back the version.", "Message": "Container 'dovecot' of Deployment 'dovecot' should specify an image tag", "Namespace": "builtin.kubernetes.KSV013", "Query": "data.builtin.kubernetes.KSV013.deny", "Resolution": "Use a specific container image tag that is not 'latest'.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0013", "References": [ "https://kubernetes.io/docs/concepts/configuration/overview/#container-images", "https://avd.aquasec.com/misconfig/ksv-0013" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 36, "EndLine": 84, "Code": { "Lines": [ { "Number": 36, "Content": " - image: dovecot/dovecot:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: dovecot/dovecot:latest", "FirstCause": true, "LastCause": false }, { "Number": 37, "Content": " imagePullPolicy: Always", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " name: dovecot", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: dovecot", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " ports:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mports\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " - containerPort: 31993", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m31993", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " hostPort: 993", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mhostPort\u001b[0m: \u001b[38;5;37m993", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " protocol: TCP", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mprotocol\u001b[0m: TCP", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - containerPort: 31024", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m31024", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " name: lmtp", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: lmtp", "FirstCause": false, "LastCause": true }, { "Number": 45, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0013", "Title": "Image tag \":latest\" used", "Description": "It is best to avoid using the ':latest' image tag when deploying containers in production. Doing so makes it hard to track which version of the image is running, and hard to roll back the version.", "Message": "Container 'stunnel' of Deployment 'dovecot' should specify an image tag", "Namespace": "builtin.kubernetes.KSV013", "Query": "data.builtin.kubernetes.KSV013.deny", "Resolution": "Use a specific container image tag that is not 'latest'.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0013", "References": [ "https://kubernetes.io/docs/concepts/configuration/overview/#container-images", "https://avd.aquasec.com/misconfig/ksv-0013" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 85, "EndLine": 105, "Code": { "Lines": [ { "Number": 85, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 86, "Content": " - /etc/conf/stunnel.conf", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /etc/conf/stunnel.conf", "FirstCause": false, "LastCause": false }, { "Number": 87, "Content": " image: chainguard/stunnel:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: chainguard/stunnel:latest", "FirstCause": false, "LastCause": false }, { "Number": 88, "Content": " imagePullPolicy: Always", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", "FirstCause": false, "LastCause": false }, { "Number": 89, "Content": " name: stunnel", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: stunnel", "FirstCause": false, "LastCause": false }, { "Number": 90, "Content": " ports:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mports\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 91, "Content": " - containerPort: 31000", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m31000", "FirstCause": false, "LastCause": false }, { "Number": 92, "Content": " name: auth", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: auth", "FirstCause": false, "LastCause": false }, { "Number": 93, "Content": " protocol: TCP", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mprotocol\u001b[0m: TCP", "FirstCause": false, "LastCause": true }, { "Number": 94, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0014", "Title": "Root file system is not read-only", "Description": "An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.", "Message": "Container 'dovecot' of Deployment 'dovecot' should set 'securityContext.readOnlyRootFilesystem' to true", "Namespace": "builtin.kubernetes.KSV014", "Query": "data.builtin.kubernetes.KSV014.deny", "Resolution": "Change 'containers[].securityContext.readOnlyRootFilesystem' to 'true'.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0014", "References": [ "https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/", "https://avd.aquasec.com/misconfig/ksv-0014" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 36, "EndLine": 84, "Code": { "Lines": [ { "Number": 36, "Content": " - image: dovecot/dovecot:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: dovecot/dovecot:latest", "FirstCause": true, "LastCause": false }, { "Number": 37, "Content": " imagePullPolicy: Always", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " name: dovecot", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: dovecot", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " ports:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mports\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " - containerPort: 31993", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m31993", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " hostPort: 993", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mhostPort\u001b[0m: \u001b[38;5;37m993", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " protocol: TCP", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mprotocol\u001b[0m: TCP", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - containerPort: 31024", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m31024", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " name: lmtp", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: lmtp", "FirstCause": false, "LastCause": true }, { "Number": 45, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0014", "Title": "Root file system is not read-only", "Description": "An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.", "Message": "Container 'stunnel' of Deployment 'dovecot' should set 'securityContext.readOnlyRootFilesystem' to true", "Namespace": "builtin.kubernetes.KSV014", "Query": "data.builtin.kubernetes.KSV014.deny", "Resolution": "Change 'containers[].securityContext.readOnlyRootFilesystem' to 'true'.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0014", "References": [ "https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/", "https://avd.aquasec.com/misconfig/ksv-0014" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 85, "EndLine": 105, "Code": { "Lines": [ { "Number": 85, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 86, "Content": " - /etc/conf/stunnel.conf", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /etc/conf/stunnel.conf", "FirstCause": false, "LastCause": false }, { "Number": 87, "Content": " image: chainguard/stunnel:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: chainguard/stunnel:latest", "FirstCause": false, "LastCause": false }, { "Number": 88, "Content": " imagePullPolicy: Always", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", "FirstCause": false, "LastCause": false }, { "Number": 89, "Content": " name: stunnel", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: stunnel", "FirstCause": false, "LastCause": false }, { "Number": 90, "Content": " ports:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mports\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 91, "Content": " - containerPort: 31000", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m31000", "FirstCause": false, "LastCause": false }, { "Number": 92, "Content": " name: auth", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: auth", "FirstCause": false, "LastCause": false }, { "Number": 93, "Content": " protocol: TCP", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mprotocol\u001b[0m: TCP", "FirstCause": false, "LastCause": true }, { "Number": 94, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0023", "Title": "hostPath volumes mounted", "Description": "According to pod security standard 'HostPath Volumes', HostPath volumes must be forbidden.", "Message": "Deployment 'dovecot' should not set 'spec.template.volumes.hostPath'", "Namespace": "builtin.kubernetes.KSV023", "Query": "data.builtin.kubernetes.KSV023.deny", "Resolution": "Do not set 'spec.volumes[*].hostPath'.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0023", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0023" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 14, "EndLine": 167, "Code": { "Lines": [ { "Number": 14, "Content": "spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 15, "Content": " progressDeadlineSeconds: 600", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mprogressDeadlineSeconds\u001b[0m: \u001b[38;5;37m600", "FirstCause": false, "LastCause": false }, { "Number": 16, "Content": " replicas: 1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mreplicas\u001b[0m: \u001b[38;5;37m1", "FirstCause": false, "LastCause": false }, { "Number": 17, "Content": " revisionHistoryLimit: 10", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mrevisionHistoryLimit\u001b[0m: \u001b[38;5;37m10", "FirstCause": false, "LastCause": false }, { "Number": 18, "Content": " selector:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mselector\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 19, "Content": " matchLabels:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mmatchLabels\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 20, "Content": " app: dovecot", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mapp\u001b[0m: dovecot", "FirstCause": false, "LastCause": false }, { "Number": 21, "Content": " strategy:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mstrategy\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 22, "Content": " type: Recreate", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mtype\u001b[0m: Recreate", "FirstCause": false, "LastCause": true }, { "Number": 23, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0024", "Title": "Access to host ports", "Description": "According to pod security standard 'Host Ports', hostPorts should be disallowed, or at minimum restricted to a known list.", "Message": "Container 'dovecot' of Deployment 'dovecot' should not set host ports, 'ports[*].hostPort'", "Namespace": "builtin.kubernetes.KSV024", "Query": "data.builtin.kubernetes.KSV024.deny", "Resolution": "Do not set spec.containers[*].ports[*].hostPort and spec.initContainers[*].ports[*].hostPort.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0024", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0024" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 36, "EndLine": 84, "Code": { "Lines": [ { "Number": 36, "Content": " - image: dovecot/dovecot:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: dovecot/dovecot:latest", "FirstCause": true, "LastCause": false }, { "Number": 37, "Content": " imagePullPolicy: Always", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " name: dovecot", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: dovecot", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " ports:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mports\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " - containerPort: 31993", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m31993", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " hostPort: 993", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mhostPort\u001b[0m: \u001b[38;5;37m993", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " protocol: TCP", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mprotocol\u001b[0m: TCP", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - containerPort: 31024", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m31024", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " name: lmtp", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: lmtp", "FirstCause": false, "LastCause": true }, { "Number": 45, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0024", "Title": "Access to host ports", "Description": "According to pod security standard 'Host Ports', hostPorts should be disallowed, or at minimum restricted to a known list.", "Message": "Container 'dovecot' of Deployment 'dovecot' should not set host ports, 'ports[*].hostPort'", "Namespace": "builtin.kubernetes.KSV024", "Query": "data.builtin.kubernetes.KSV024.deny", "Resolution": "Do not set spec.containers[*].ports[*].hostPort and spec.initContainers[*].ports[*].hostPort.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0024", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0024" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 85, "EndLine": 105, "Code": { "Lines": [ { "Number": 85, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 86, "Content": " - /etc/conf/stunnel.conf", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /etc/conf/stunnel.conf", "FirstCause": false, "LastCause": false }, { "Number": 87, "Content": " image: chainguard/stunnel:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: chainguard/stunnel:latest", "FirstCause": false, "LastCause": false }, { "Number": 88, "Content": " imagePullPolicy: Always", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", "FirstCause": false, "LastCause": false }, { "Number": 89, "Content": " name: stunnel", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: stunnel", "FirstCause": false, "LastCause": false }, { "Number": 90, "Content": " ports:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mports\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 91, "Content": " - containerPort: 31000", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m31000", "FirstCause": false, "LastCause": false }, { "Number": 92, "Content": " name: auth", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: auth", "FirstCause": false, "LastCause": false }, { "Number": 93, "Content": " protocol: TCP", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mprotocol\u001b[0m: TCP", "FirstCause": false, "LastCause": true }, { "Number": 94, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0104", "Title": "Seccomp policies disabled", "Description": "A program inside the container can bypass Seccomp protection policies.", "Message": "container \"dovecot\" of deployment \"dovecot\" in \"mail\" namespace should specify a seccomp profile", "Namespace": "builtin.kubernetes.KSV104", "Query": "data.builtin.kubernetes.KSV104.deny", "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0104" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 36, "EndLine": 84, "Code": { "Lines": [ { "Number": 36, "Content": " - image: dovecot/dovecot:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: dovecot/dovecot:latest", "FirstCause": true, "LastCause": false }, { "Number": 37, "Content": " imagePullPolicy: Always", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " name: dovecot", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: dovecot", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " ports:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mports\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " - containerPort: 31993", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m31993", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " hostPort: 993", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mhostPort\u001b[0m: \u001b[38;5;37m993", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " protocol: TCP", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mprotocol\u001b[0m: TCP", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - containerPort: 31024", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m31024", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " name: lmtp", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: lmtp", "FirstCause": false, "LastCause": true }, { "Number": 45, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0104", "Title": "Seccomp policies disabled", "Description": "A program inside the container can bypass Seccomp protection policies.", "Message": "container \"stunnel\" of deployment \"dovecot\" in \"mail\" namespace should specify a seccomp profile", "Namespace": "builtin.kubernetes.KSV104", "Query": "data.builtin.kubernetes.KSV104.deny", "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0104" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 85, "EndLine": 105, "Code": { "Lines": [ { "Number": 85, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 86, "Content": " - /etc/conf/stunnel.conf", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /etc/conf/stunnel.conf", "FirstCause": false, "LastCause": false }, { "Number": 87, "Content": " image: chainguard/stunnel:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: chainguard/stunnel:latest", "FirstCause": false, "LastCause": false }, { "Number": 88, "Content": " imagePullPolicy: Always", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", "FirstCause": false, "LastCause": false }, { "Number": 89, "Content": " name: stunnel", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: stunnel", "FirstCause": false, "LastCause": false }, { "Number": 90, "Content": " ports:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mports\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 91, "Content": " - containerPort: 31000", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m31000", "FirstCause": false, "LastCause": false }, { "Number": 92, "Content": " name: auth", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: auth", "FirstCause": false, "LastCause": false }, { "Number": 93, "Content": " protocol: TCP", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mprotocol\u001b[0m: TCP", "FirstCause": false, "LastCause": true }, { "Number": 94, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0118", "Title": "Default security context configured", "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", "Message": "container dovecot in mail namespace is using the default security context", "Namespace": "builtin.kubernetes.KSV118", "Query": "data.builtin.kubernetes.KSV118.deny", "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", "References": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://avd.aquasec.com/misconfig/ksv-0118" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 85, "EndLine": 105, "Code": { "Lines": [ { "Number": 85, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 86, "Content": " - /etc/conf/stunnel.conf", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /etc/conf/stunnel.conf", "FirstCause": false, "LastCause": false }, { "Number": 87, "Content": " image: chainguard/stunnel:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: chainguard/stunnel:latest", "FirstCause": false, "LastCause": false }, { "Number": 88, "Content": " imagePullPolicy: Always", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", "FirstCause": false, "LastCause": false }, { "Number": 89, "Content": " name: stunnel", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: stunnel", "FirstCause": false, "LastCause": false }, { "Number": 90, "Content": " ports:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mports\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 91, "Content": " - containerPort: 31000", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m31000", "FirstCause": false, "LastCause": false }, { "Number": 92, "Content": " name: auth", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: auth", "FirstCause": false, "LastCause": false }, { "Number": 93, "Content": " protocol: TCP", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mprotocol\u001b[0m: TCP", "FirstCause": false, "LastCause": true }, { "Number": 94, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0118", "Title": "Default security context configured", "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", "Message": "container dovecot in mail namespace is using the default security context", "Namespace": "builtin.kubernetes.KSV118", "Query": "data.builtin.kubernetes.KSV118.deny", "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", "References": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://avd.aquasec.com/misconfig/ksv-0118" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 36, "EndLine": 84, "Code": { "Lines": [ { "Number": 36, "Content": " - image: dovecot/dovecot:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: dovecot/dovecot:latest", "FirstCause": true, "LastCause": false }, { "Number": 37, "Content": " imagePullPolicy: Always", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " name: dovecot", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: dovecot", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " ports:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mports\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " - containerPort: 31993", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m31993", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " hostPort: 993", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mhostPort\u001b[0m: \u001b[38;5;37m993", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " protocol: TCP", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mprotocol\u001b[0m: TCP", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - containerPort: 31024", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m31024", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " name: lmtp", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: lmtp", "FirstCause": false, "LastCause": true }, { "Number": 45, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0118", "Title": "Default security context configured", "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", "Message": "deployment dovecot in mail namespace is using the default security context, which allows root privileges", "Namespace": "builtin.kubernetes.KSV118", "Query": "data.builtin.kubernetes.KSV118.deny", "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", "References": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://avd.aquasec.com/misconfig/ksv-0118" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 33, "EndLine": 167, "Code": { "Lines": [ { "Number": 33, "Content": " spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 34, "Content": " automountServiceAccountToken: true", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mautomountServiceAccountToken\u001b[0m: \u001b[38;5;166mtrue", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " containers:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mcontainers\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " - image: dovecot/dovecot:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: dovecot/dovecot:latest", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " imagePullPolicy: Always", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " name: dovecot", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: dovecot", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " ports:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mports\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " - containerPort: 31993", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m31993", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " hostPort: 993", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mhostPort\u001b[0m: \u001b[38;5;37m993", "FirstCause": false, "LastCause": true }, { "Number": 42, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0125", "Title": "Restrict container images to trusted registries", "Description": "Ensure that all containers use images only from trusted registry domains.", "Message": "Container dovecot in deployment dovecot (namespace: mail) uses an image from an untrusted registry.", "Namespace": "builtin.kubernetes.KSV0125", "Query": "data.builtin.kubernetes.KSV0125.deny", "Resolution": "Use images from trusted registries.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", "References": [ "https://cloud.google.com/container-registry/docs/overview#registries", "https://docs.aws.amazon.com/general/latest/gr/ecr.html", "https://avd.aquasec.com/misconfig/ksv-0125" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 36, "EndLine": 84, "Code": { "Lines": [ { "Number": 36, "Content": " - image: dovecot/dovecot:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: dovecot/dovecot:latest", "FirstCause": true, "LastCause": false }, { "Number": 37, "Content": " imagePullPolicy: Always", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " name: dovecot", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: dovecot", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " ports:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mports\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " - containerPort: 31993", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m31993", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " hostPort: 993", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mhostPort\u001b[0m: \u001b[38;5;37m993", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " protocol: TCP", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mprotocol\u001b[0m: TCP", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - containerPort: 31024", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m31024", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " name: lmtp", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: lmtp", "FirstCause": false, "LastCause": true }, { "Number": 45, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0125", "Title": "Restrict container images to trusted registries", "Description": "Ensure that all containers use images only from trusted registry domains.", "Message": "Container stunnel in deployment dovecot (namespace: mail) uses an image from an untrusted registry.", "Namespace": "builtin.kubernetes.KSV0125", "Query": "data.builtin.kubernetes.KSV0125.deny", "Resolution": "Use images from trusted registries.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", "References": [ "https://cloud.google.com/container-registry/docs/overview#registries", "https://docs.aws.amazon.com/general/latest/gr/ecr.html", "https://avd.aquasec.com/misconfig/ksv-0125" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 85, "EndLine": 105, "Code": { "Lines": [ { "Number": 85, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 86, "Content": " - /etc/conf/stunnel.conf", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /etc/conf/stunnel.conf", "FirstCause": false, "LastCause": false }, { "Number": 87, "Content": " image: chainguard/stunnel:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: chainguard/stunnel:latest", "FirstCause": false, "LastCause": false }, { "Number": 88, "Content": " imagePullPolicy: Always", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", "FirstCause": false, "LastCause": false }, { "Number": 89, "Content": " name: stunnel", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: stunnel", "FirstCause": false, "LastCause": false }, { "Number": 90, "Content": " ports:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mports\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 91, "Content": " - containerPort: 31000", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m31000", "FirstCause": false, "LastCause": false }, { "Number": 92, "Content": " name: auth", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: auth", "FirstCause": false, "LastCause": false }, { "Number": 93, "Content": " protocol: TCP", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mprotocol\u001b[0m: TCP", "FirstCause": false, "LastCause": true }, { "Number": 94, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } } ] } ] }, { "Namespace": "mail", "Kind": "Deployment", "Name": "fetch-emails", "Metadata": [ {} ], "Results": [ { "Target": "Deployment/fetch-emails", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 51, "Failures": 6 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0001", "Title": "Can elevate its own privileges", "Description": "A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.", "Message": "Container 'getmail' of Deployment 'fetch-emails' should set 'securityContext.allowPrivilegeEscalation' to false", "Namespace": "builtin.kubernetes.KSV001", "Query": "data.builtin.kubernetes.KSV001.deny", "Resolution": "Set 'set containers[].securityContext.allowPrivilegeEscalation' to 'false'.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0001", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", "https://avd.aquasec.com/misconfig/ksv-0001" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 36, "EndLine": 86, "Code": { "Lines": [ { "Number": 36, "Content": " - command:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcommand\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 37, "Content": " - python3", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - python3", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " - /runner/runner.py", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /runner/runner.py", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " - name: FETCH_INTERVAL_SECONDS", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: FETCH_INTERVAL_SECONDS", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " value: \"120\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"120\"", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " image: a13labs/getmail6:v0.0.1-6.19.07", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mimage\u001b[0m: a13labs/getmail6:v0.0.1-6.19.07", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " imagePullPolicy: IfNotPresent", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " livenessProbe:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 45, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0012", "Title": "Runs as root user", "Description": "Force the running image to run as a non-root user to ensure least privileges.", "Message": "Container 'getmail' of Deployment 'fetch-emails' should set 'securityContext.runAsNonRoot' to true", "Namespace": "builtin.kubernetes.KSV012", "Query": "data.builtin.kubernetes.KSV012.deny", "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0012", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", "https://avd.aquasec.com/misconfig/ksv-0012" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 36, "EndLine": 86, "Code": { "Lines": [ { "Number": 36, "Content": " - command:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcommand\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 37, "Content": " - python3", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - python3", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " - /runner/runner.py", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /runner/runner.py", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " - name: FETCH_INTERVAL_SECONDS", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: FETCH_INTERVAL_SECONDS", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " value: \"120\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"120\"", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " image: a13labs/getmail6:v0.0.1-6.19.07", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mimage\u001b[0m: a13labs/getmail6:v0.0.1-6.19.07", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " imagePullPolicy: IfNotPresent", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " livenessProbe:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 45, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0023", "Title": "hostPath volumes mounted", "Description": "According to pod security standard 'HostPath Volumes', HostPath volumes must be forbidden.", "Message": "Deployment 'fetch-emails' should not set 'spec.template.volumes.hostPath'", "Namespace": "builtin.kubernetes.KSV023", "Query": "data.builtin.kubernetes.KSV023.deny", "Resolution": "Do not set 'spec.volumes[*].hostPath'.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0023", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0023" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 14, "EndLine": 124, "Code": { "Lines": [ { "Number": 14, "Content": "spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 15, "Content": " progressDeadlineSeconds: 600", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mprogressDeadlineSeconds\u001b[0m: \u001b[38;5;37m600", "FirstCause": false, "LastCause": false }, { "Number": 16, "Content": " replicas: 1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mreplicas\u001b[0m: \u001b[38;5;37m1", "FirstCause": false, "LastCause": false }, { "Number": 17, "Content": " revisionHistoryLimit: 10", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mrevisionHistoryLimit\u001b[0m: \u001b[38;5;37m10", "FirstCause": false, "LastCause": false }, { "Number": 18, "Content": " selector:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mselector\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 19, "Content": " matchLabels:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mmatchLabels\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 20, "Content": " app: fetch-emails", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mapp\u001b[0m: fetch-emails", "FirstCause": false, "LastCause": false }, { "Number": 21, "Content": " strategy:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mstrategy\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 22, "Content": " rollingUpdate:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mrollingUpdate\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 23, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0104", "Title": "Seccomp policies disabled", "Description": "A program inside the container can bypass Seccomp protection policies.", "Message": "container \"getmail\" of deployment \"fetch-emails\" in \"mail\" namespace should specify a seccomp profile", "Namespace": "builtin.kubernetes.KSV104", "Query": "data.builtin.kubernetes.KSV104.deny", "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0104" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 36, "EndLine": 86, "Code": { "Lines": [ { "Number": 36, "Content": " - command:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcommand\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 37, "Content": " - python3", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - python3", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " - /runner/runner.py", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /runner/runner.py", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " - name: FETCH_INTERVAL_SECONDS", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: FETCH_INTERVAL_SECONDS", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " value: \"120\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"120\"", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " image: a13labs/getmail6:v0.0.1-6.19.07", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mimage\u001b[0m: a13labs/getmail6:v0.0.1-6.19.07", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " imagePullPolicy: IfNotPresent", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " livenessProbe:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 45, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0118", "Title": "Default security context configured", "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", "Message": "deployment fetch-emails in mail namespace is using the default security context, which allows root privileges", "Namespace": "builtin.kubernetes.KSV118", "Query": "data.builtin.kubernetes.KSV118.deny", "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", "References": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://avd.aquasec.com/misconfig/ksv-0118" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 33, "EndLine": 124, "Code": { "Lines": [ { "Number": 33, "Content": " spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 34, "Content": " automountServiceAccountToken: true", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mautomountServiceAccountToken\u001b[0m: \u001b[38;5;166mtrue", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " containers:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mcontainers\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " - command:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcommand\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " - python3", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - python3", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " - /runner/runner.py", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /runner/runner.py", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " - name: FETCH_INTERVAL_SECONDS", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: FETCH_INTERVAL_SECONDS", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " value: \"120\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"120\"", "FirstCause": false, "LastCause": true }, { "Number": 42, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0125", "Title": "Restrict container images to trusted registries", "Description": "Ensure that all containers use images only from trusted registry domains.", "Message": "Container getmail in deployment fetch-emails (namespace: mail) uses an image from an untrusted registry.", "Namespace": "builtin.kubernetes.KSV0125", "Query": "data.builtin.kubernetes.KSV0125.deny", "Resolution": "Use images from trusted registries.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", "References": [ "https://cloud.google.com/container-registry/docs/overview#registries", "https://docs.aws.amazon.com/general/latest/gr/ecr.html", "https://avd.aquasec.com/misconfig/ksv-0125" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 36, "EndLine": 86, "Code": { "Lines": [ { "Number": 36, "Content": " - command:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcommand\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 37, "Content": " - python3", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - python3", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " - /runner/runner.py", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /runner/runner.py", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " - name: FETCH_INTERVAL_SECONDS", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: FETCH_INTERVAL_SECONDS", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " value: \"120\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"120\"", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " image: a13labs/getmail6:v0.0.1-6.19.07", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mimage\u001b[0m: a13labs/getmail6:v0.0.1-6.19.07", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " imagePullPolicy: IfNotPresent", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " livenessProbe:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 45, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } } ] } ] }, { "Namespace": "mail", "Kind": "Deployment", "Name": "postfix", "Metadata": [ {} ], "Results": [ { "Target": "Deployment/postfix", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 47, "Failures": 18 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0001", "Title": "Can elevate its own privileges", "Description": "A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.", "Message": "Container 'postfix' of Deployment 'postfix' should set 'securityContext.allowPrivilegeEscalation' to false", "Namespace": "builtin.kubernetes.KSV001", "Query": "data.builtin.kubernetes.KSV001.deny", "Resolution": "Set 'set containers[].securityContext.allowPrivilegeEscalation' to 'false'.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0001", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", "https://avd.aquasec.com/misconfig/ksv-0001" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 36, "EndLine": 97, "Code": { "Lines": [ { "Number": 36, "Content": " - env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 37, "Content": " - name: DOVECOT_LMTP_ADDRESS", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: DOVECOT_LMTP_ADDRESS", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " value: lmtp.mail.svc.cluster.local", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: lmtp.mail.svc.cluster.local", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " - name: DOVECOT_LMTP_PORT", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: DOVECOT_LMTP_PORT", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " value: \"31024\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"31024\"", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " - name: LOG_TO_STDOUT", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: LOG_TO_STDOUT", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " value: \"0\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"0\"", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - name: MAILNAME", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: MAILNAME", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " value: smtp.alexpires.me", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: smtp.alexpires.me", "FirstCause": false, "LastCause": true }, { "Number": 45, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0001", "Title": "Can elevate its own privileges", "Description": "A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.", "Message": "Container 'stunnel' of Deployment 'postfix' should set 'securityContext.allowPrivilegeEscalation' to false", "Namespace": "builtin.kubernetes.KSV001", "Query": "data.builtin.kubernetes.KSV001.deny", "Resolution": "Set 'set containers[].securityContext.allowPrivilegeEscalation' to 'false'.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0001", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", "https://avd.aquasec.com/misconfig/ksv-0001" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 98, "EndLine": 116, "Code": { "Lines": [ { "Number": 98, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 99, "Content": " - /etc/conf/stunnel.conf", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /etc/conf/stunnel.conf", "FirstCause": false, "LastCause": false }, { "Number": 100, "Content": " image: chainguard/stunnel:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: chainguard/stunnel:latest", "FirstCause": false, "LastCause": false }, { "Number": 101, "Content": " imagePullPolicy: Always", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", "FirstCause": false, "LastCause": false }, { "Number": 102, "Content": " name: stunnel", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: stunnel", "FirstCause": false, "LastCause": false }, { "Number": 103, "Content": " resources: {}", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m: {}", "FirstCause": false, "LastCause": false }, { "Number": 104, "Content": " terminationMessagePath: /dev/termination-log", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mterminationMessagePath\u001b[0m: /dev/termination-log", "FirstCause": false, "LastCause": false }, { "Number": 105, "Content": " terminationMessagePolicy: File", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mterminationMessagePolicy\u001b[0m: File", "FirstCause": false, "LastCause": false }, { "Number": 106, "Content": " volumeMounts:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvolumeMounts\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 107, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0012", "Title": "Runs as root user", "Description": "Force the running image to run as a non-root user to ensure least privileges.", "Message": "Container 'postfix' of Deployment 'postfix' should set 'securityContext.runAsNonRoot' to true", "Namespace": "builtin.kubernetes.KSV012", "Query": "data.builtin.kubernetes.KSV012.deny", "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0012", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", "https://avd.aquasec.com/misconfig/ksv-0012" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 36, "EndLine": 97, "Code": { "Lines": [ { "Number": 36, "Content": " - env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 37, "Content": " - name: DOVECOT_LMTP_ADDRESS", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: DOVECOT_LMTP_ADDRESS", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " value: lmtp.mail.svc.cluster.local", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: lmtp.mail.svc.cluster.local", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " - name: DOVECOT_LMTP_PORT", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: DOVECOT_LMTP_PORT", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " value: \"31024\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"31024\"", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " - name: LOG_TO_STDOUT", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: LOG_TO_STDOUT", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " value: \"0\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"0\"", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - name: MAILNAME", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: MAILNAME", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " value: smtp.alexpires.me", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: smtp.alexpires.me", "FirstCause": false, "LastCause": true }, { "Number": 45, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0012", "Title": "Runs as root user", "Description": "Force the running image to run as a non-root user to ensure least privileges.", "Message": "Container 'stunnel' of Deployment 'postfix' should set 'securityContext.runAsNonRoot' to true", "Namespace": "builtin.kubernetes.KSV012", "Query": "data.builtin.kubernetes.KSV012.deny", "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0012", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", "https://avd.aquasec.com/misconfig/ksv-0012" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 98, "EndLine": 116, "Code": { "Lines": [ { "Number": 98, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 99, "Content": " - /etc/conf/stunnel.conf", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /etc/conf/stunnel.conf", "FirstCause": false, "LastCause": false }, { "Number": 100, "Content": " image: chainguard/stunnel:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: chainguard/stunnel:latest", "FirstCause": false, "LastCause": false }, { "Number": 101, "Content": " imagePullPolicy: Always", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", "FirstCause": false, "LastCause": false }, { "Number": 102, "Content": " name: stunnel", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: stunnel", "FirstCause": false, "LastCause": false }, { "Number": 103, "Content": " resources: {}", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m: {}", "FirstCause": false, "LastCause": false }, { "Number": 104, "Content": " terminationMessagePath: /dev/termination-log", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mterminationMessagePath\u001b[0m: /dev/termination-log", "FirstCause": false, "LastCause": false }, { "Number": 105, "Content": " terminationMessagePolicy: File", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mterminationMessagePolicy\u001b[0m: File", "FirstCause": false, "LastCause": false }, { "Number": 106, "Content": " volumeMounts:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvolumeMounts\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 107, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0013", "Title": "Image tag \":latest\" used", "Description": "It is best to avoid using the ':latest' image tag when deploying containers in production. Doing so makes it hard to track which version of the image is running, and hard to roll back the version.", "Message": "Container 'stunnel' of Deployment 'postfix' should specify an image tag", "Namespace": "builtin.kubernetes.KSV013", "Query": "data.builtin.kubernetes.KSV013.deny", "Resolution": "Use a specific container image tag that is not 'latest'.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0013", "References": [ "https://kubernetes.io/docs/concepts/configuration/overview/#container-images", "https://avd.aquasec.com/misconfig/ksv-0013" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 98, "EndLine": 116, "Code": { "Lines": [ { "Number": 98, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 99, "Content": " - /etc/conf/stunnel.conf", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /etc/conf/stunnel.conf", "FirstCause": false, "LastCause": false }, { "Number": 100, "Content": " image: chainguard/stunnel:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: chainguard/stunnel:latest", "FirstCause": false, "LastCause": false }, { "Number": 101, "Content": " imagePullPolicy: Always", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", "FirstCause": false, "LastCause": false }, { "Number": 102, "Content": " name: stunnel", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: stunnel", "FirstCause": false, "LastCause": false }, { "Number": 103, "Content": " resources: {}", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m: {}", "FirstCause": false, "LastCause": false }, { "Number": 104, "Content": " terminationMessagePath: /dev/termination-log", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mterminationMessagePath\u001b[0m: /dev/termination-log", "FirstCause": false, "LastCause": false }, { "Number": 105, "Content": " terminationMessagePolicy: File", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mterminationMessagePolicy\u001b[0m: File", "FirstCause": false, "LastCause": false }, { "Number": 106, "Content": " volumeMounts:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvolumeMounts\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 107, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0014", "Title": "Root file system is not read-only", "Description": "An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.", "Message": "Container 'postfix' of Deployment 'postfix' should set 'securityContext.readOnlyRootFilesystem' to true", "Namespace": "builtin.kubernetes.KSV014", "Query": "data.builtin.kubernetes.KSV014.deny", "Resolution": "Change 'containers[].securityContext.readOnlyRootFilesystem' to 'true'.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0014", "References": [ "https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/", "https://avd.aquasec.com/misconfig/ksv-0014" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 36, "EndLine": 97, "Code": { "Lines": [ { "Number": 36, "Content": " - env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 37, "Content": " - name: DOVECOT_LMTP_ADDRESS", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: DOVECOT_LMTP_ADDRESS", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " value: lmtp.mail.svc.cluster.local", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: lmtp.mail.svc.cluster.local", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " - name: DOVECOT_LMTP_PORT", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: DOVECOT_LMTP_PORT", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " value: \"31024\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"31024\"", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " - name: LOG_TO_STDOUT", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: LOG_TO_STDOUT", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " value: \"0\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"0\"", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - name: MAILNAME", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: MAILNAME", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " value: smtp.alexpires.me", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: smtp.alexpires.me", "FirstCause": false, "LastCause": true }, { "Number": 45, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0014", "Title": "Root file system is not read-only", "Description": "An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.", "Message": "Container 'stunnel' of Deployment 'postfix' should set 'securityContext.readOnlyRootFilesystem' to true", "Namespace": "builtin.kubernetes.KSV014", "Query": "data.builtin.kubernetes.KSV014.deny", "Resolution": "Change 'containers[].securityContext.readOnlyRootFilesystem' to 'true'.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0014", "References": [ "https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/", "https://avd.aquasec.com/misconfig/ksv-0014" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 98, "EndLine": 116, "Code": { "Lines": [ { "Number": 98, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 99, "Content": " - /etc/conf/stunnel.conf", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /etc/conf/stunnel.conf", "FirstCause": false, "LastCause": false }, { "Number": 100, "Content": " image: chainguard/stunnel:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: chainguard/stunnel:latest", "FirstCause": false, "LastCause": false }, { "Number": 101, "Content": " imagePullPolicy: Always", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", "FirstCause": false, "LastCause": false }, { "Number": 102, "Content": " name: stunnel", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: stunnel", "FirstCause": false, "LastCause": false }, { "Number": 103, "Content": " resources: {}", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m: {}", "FirstCause": false, "LastCause": false }, { "Number": 104, "Content": " terminationMessagePath: /dev/termination-log", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mterminationMessagePath\u001b[0m: /dev/termination-log", "FirstCause": false, "LastCause": false }, { "Number": 105, "Content": " terminationMessagePolicy: File", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mterminationMessagePolicy\u001b[0m: File", "FirstCause": false, "LastCause": false }, { "Number": 106, "Content": " volumeMounts:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvolumeMounts\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 107, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0023", "Title": "hostPath volumes mounted", "Description": "According to pod security standard 'HostPath Volumes', HostPath volumes must be forbidden.", "Message": "Deployment 'postfix' should not set 'spec.template.volumes.hostPath'", "Namespace": "builtin.kubernetes.KSV023", "Query": "data.builtin.kubernetes.KSV023.deny", "Resolution": "Do not set 'spec.volumes[*].hostPath'.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0023", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0023" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 14, "EndLine": 159, "Code": { "Lines": [ { "Number": 14, "Content": "spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 15, "Content": " progressDeadlineSeconds: 600", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mprogressDeadlineSeconds\u001b[0m: \u001b[38;5;37m600", "FirstCause": false, "LastCause": false }, { "Number": 16, "Content": " replicas: 1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mreplicas\u001b[0m: \u001b[38;5;37m1", "FirstCause": false, "LastCause": false }, { "Number": 17, "Content": " revisionHistoryLimit: 10", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mrevisionHistoryLimit\u001b[0m: \u001b[38;5;37m10", "FirstCause": false, "LastCause": false }, { "Number": 18, "Content": " selector:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mselector\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 19, "Content": " matchLabels:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mmatchLabels\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 20, "Content": " app: postfix", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mapp\u001b[0m: postfix", "FirstCause": false, "LastCause": false }, { "Number": 21, "Content": " strategy:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mstrategy\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 22, "Content": " type: Recreate", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mtype\u001b[0m: Recreate", "FirstCause": false, "LastCause": true }, { "Number": 23, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0024", "Title": "Access to host ports", "Description": "According to pod security standard 'Host Ports', hostPorts should be disallowed, or at minimum restricted to a known list.", "Message": "Container 'postfix' of Deployment 'postfix' should not set host ports, 'ports[*].hostPort'", "Namespace": "builtin.kubernetes.KSV024", "Query": "data.builtin.kubernetes.KSV024.deny", "Resolution": "Do not set spec.containers[*].ports[*].hostPort and spec.initContainers[*].ports[*].hostPort.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0024", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0024" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 98, "EndLine": 116, "Code": { "Lines": [ { "Number": 98, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 99, "Content": " - /etc/conf/stunnel.conf", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /etc/conf/stunnel.conf", "FirstCause": false, "LastCause": false }, { "Number": 100, "Content": " image: chainguard/stunnel:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: chainguard/stunnel:latest", "FirstCause": false, "LastCause": false }, { "Number": 101, "Content": " imagePullPolicy: Always", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", "FirstCause": false, "LastCause": false }, { "Number": 102, "Content": " name: stunnel", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: stunnel", "FirstCause": false, "LastCause": false }, { "Number": 103, "Content": " resources: {}", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m: {}", "FirstCause": false, "LastCause": false }, { "Number": 104, "Content": " terminationMessagePath: /dev/termination-log", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mterminationMessagePath\u001b[0m: /dev/termination-log", "FirstCause": false, "LastCause": false }, { "Number": 105, "Content": " terminationMessagePolicy: File", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mterminationMessagePolicy\u001b[0m: File", "FirstCause": false, "LastCause": false }, { "Number": 106, "Content": " volumeMounts:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvolumeMounts\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 107, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0024", "Title": "Access to host ports", "Description": "According to pod security standard 'Host Ports', hostPorts should be disallowed, or at minimum restricted to a known list.", "Message": "Container 'postfix' of Deployment 'postfix' should not set host ports, 'ports[*].hostPort'", "Namespace": "builtin.kubernetes.KSV024", "Query": "data.builtin.kubernetes.KSV024.deny", "Resolution": "Do not set spec.containers[*].ports[*].hostPort and spec.initContainers[*].ports[*].hostPort.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0024", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0024" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 36, "EndLine": 97, "Code": { "Lines": [ { "Number": 36, "Content": " - env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 37, "Content": " - name: DOVECOT_LMTP_ADDRESS", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: DOVECOT_LMTP_ADDRESS", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " value: lmtp.mail.svc.cluster.local", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: lmtp.mail.svc.cluster.local", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " - name: DOVECOT_LMTP_PORT", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: DOVECOT_LMTP_PORT", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " value: \"31024\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"31024\"", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " - name: LOG_TO_STDOUT", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: LOG_TO_STDOUT", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " value: \"0\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"0\"", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - name: MAILNAME", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: MAILNAME", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " value: smtp.alexpires.me", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: smtp.alexpires.me", "FirstCause": false, "LastCause": true }, { "Number": 45, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0104", "Title": "Seccomp policies disabled", "Description": "A program inside the container can bypass Seccomp protection policies.", "Message": "container \"postfix\" of deployment \"postfix\" in \"mail\" namespace should specify a seccomp profile", "Namespace": "builtin.kubernetes.KSV104", "Query": "data.builtin.kubernetes.KSV104.deny", "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0104" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 36, "EndLine": 97, "Code": { "Lines": [ { "Number": 36, "Content": " - env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 37, "Content": " - name: DOVECOT_LMTP_ADDRESS", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: DOVECOT_LMTP_ADDRESS", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " value: lmtp.mail.svc.cluster.local", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: lmtp.mail.svc.cluster.local", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " - name: DOVECOT_LMTP_PORT", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: DOVECOT_LMTP_PORT", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " value: \"31024\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"31024\"", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " - name: LOG_TO_STDOUT", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: LOG_TO_STDOUT", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " value: \"0\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"0\"", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - name: MAILNAME", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: MAILNAME", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " value: smtp.alexpires.me", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: smtp.alexpires.me", "FirstCause": false, "LastCause": true }, { "Number": 45, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0104", "Title": "Seccomp policies disabled", "Description": "A program inside the container can bypass Seccomp protection policies.", "Message": "container \"stunnel\" of deployment \"postfix\" in \"mail\" namespace should specify a seccomp profile", "Namespace": "builtin.kubernetes.KSV104", "Query": "data.builtin.kubernetes.KSV104.deny", "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0104" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 98, "EndLine": 116, "Code": { "Lines": [ { "Number": 98, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 99, "Content": " - /etc/conf/stunnel.conf", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /etc/conf/stunnel.conf", "FirstCause": false, "LastCause": false }, { "Number": 100, "Content": " image: chainguard/stunnel:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: chainguard/stunnel:latest", "FirstCause": false, "LastCause": false }, { "Number": 101, "Content": " imagePullPolicy: Always", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", "FirstCause": false, "LastCause": false }, { "Number": 102, "Content": " name: stunnel", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: stunnel", "FirstCause": false, "LastCause": false }, { "Number": 103, "Content": " resources: {}", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m: {}", "FirstCause": false, "LastCause": false }, { "Number": 104, "Content": " terminationMessagePath: /dev/termination-log", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mterminationMessagePath\u001b[0m: /dev/termination-log", "FirstCause": false, "LastCause": false }, { "Number": 105, "Content": " terminationMessagePolicy: File", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mterminationMessagePolicy\u001b[0m: File", "FirstCause": false, "LastCause": false }, { "Number": 106, "Content": " volumeMounts:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvolumeMounts\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 107, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0117", "Title": "Prevent binding to privileged ports", "Description": "The ports which are lower than 1024 receive and transmit various sensitive and privileged data. Allowing containers to use them can bring serious implications.", "Message": "deployment postfix in mail namespace should not set spec.template.spec.containers.ports.containerPort to less than 1024", "Namespace": "builtin.kubernetes.KSV117", "Query": "data.builtin.kubernetes.KSV117.deny", "Resolution": "Do not map the container ports to privileged host ports when starting a container.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0117", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/", "https://www.stigviewer.com/stig/kubernetes/2022-12-02/finding/V-242414", "https://avd.aquasec.com/misconfig/ksv-0117" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general" } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0118", "Title": "Default security context configured", "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", "Message": "container postfix in mail namespace is using the default security context", "Namespace": "builtin.kubernetes.KSV118", "Query": "data.builtin.kubernetes.KSV118.deny", "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", "References": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://avd.aquasec.com/misconfig/ksv-0118" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 98, "EndLine": 116, "Code": { "Lines": [ { "Number": 98, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 99, "Content": " - /etc/conf/stunnel.conf", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /etc/conf/stunnel.conf", "FirstCause": false, "LastCause": false }, { "Number": 100, "Content": " image: chainguard/stunnel:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: chainguard/stunnel:latest", "FirstCause": false, "LastCause": false }, { "Number": 101, "Content": " imagePullPolicy: Always", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", "FirstCause": false, "LastCause": false }, { "Number": 102, "Content": " name: stunnel", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: stunnel", "FirstCause": false, "LastCause": false }, { "Number": 103, "Content": " resources: {}", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m: {}", "FirstCause": false, "LastCause": false }, { "Number": 104, "Content": " terminationMessagePath: /dev/termination-log", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mterminationMessagePath\u001b[0m: /dev/termination-log", "FirstCause": false, "LastCause": false }, { "Number": 105, "Content": " terminationMessagePolicy: File", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mterminationMessagePolicy\u001b[0m: File", "FirstCause": false, "LastCause": false }, { "Number": 106, "Content": " volumeMounts:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvolumeMounts\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 107, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0118", "Title": "Default security context configured", "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", "Message": "container postfix in mail namespace is using the default security context", "Namespace": "builtin.kubernetes.KSV118", "Query": "data.builtin.kubernetes.KSV118.deny", "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", "References": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://avd.aquasec.com/misconfig/ksv-0118" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 36, "EndLine": 97, "Code": { "Lines": [ { "Number": 36, "Content": " - env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 37, "Content": " - name: DOVECOT_LMTP_ADDRESS", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: DOVECOT_LMTP_ADDRESS", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " value: lmtp.mail.svc.cluster.local", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: lmtp.mail.svc.cluster.local", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " - name: DOVECOT_LMTP_PORT", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: DOVECOT_LMTP_PORT", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " value: \"31024\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"31024\"", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " - name: LOG_TO_STDOUT", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: LOG_TO_STDOUT", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " value: \"0\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"0\"", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - name: MAILNAME", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: MAILNAME", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " value: smtp.alexpires.me", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: smtp.alexpires.me", "FirstCause": false, "LastCause": true }, { "Number": 45, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0118", "Title": "Default security context configured", "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", "Message": "deployment postfix in mail namespace is using the default security context, which allows root privileges", "Namespace": "builtin.kubernetes.KSV118", "Query": "data.builtin.kubernetes.KSV118.deny", "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", "References": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://avd.aquasec.com/misconfig/ksv-0118" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 33, "EndLine": 159, "Code": { "Lines": [ { "Number": 33, "Content": " spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 34, "Content": " automountServiceAccountToken: true", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mautomountServiceAccountToken\u001b[0m: \u001b[38;5;166mtrue", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " containers:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mcontainers\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " - env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " - name: DOVECOT_LMTP_ADDRESS", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: DOVECOT_LMTP_ADDRESS", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " value: lmtp.mail.svc.cluster.local", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: lmtp.mail.svc.cluster.local", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " - name: DOVECOT_LMTP_PORT", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: DOVECOT_LMTP_PORT", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " value: \"31024\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"31024\"", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " - name: LOG_TO_STDOUT", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: LOG_TO_STDOUT", "FirstCause": false, "LastCause": true }, { "Number": 42, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0125", "Title": "Restrict container images to trusted registries", "Description": "Ensure that all containers use images only from trusted registry domains.", "Message": "Container postfix in deployment postfix (namespace: mail) uses an image from an untrusted registry.", "Namespace": "builtin.kubernetes.KSV0125", "Query": "data.builtin.kubernetes.KSV0125.deny", "Resolution": "Use images from trusted registries.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", "References": [ "https://cloud.google.com/container-registry/docs/overview#registries", "https://docs.aws.amazon.com/general/latest/gr/ecr.html", "https://avd.aquasec.com/misconfig/ksv-0125" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 36, "EndLine": 97, "Code": { "Lines": [ { "Number": 36, "Content": " - env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 37, "Content": " - name: DOVECOT_LMTP_ADDRESS", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: DOVECOT_LMTP_ADDRESS", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " value: lmtp.mail.svc.cluster.local", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: lmtp.mail.svc.cluster.local", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " - name: DOVECOT_LMTP_PORT", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: DOVECOT_LMTP_PORT", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " value: \"31024\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"31024\"", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " - name: LOG_TO_STDOUT", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: LOG_TO_STDOUT", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " value: \"0\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"0\"", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - name: MAILNAME", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: MAILNAME", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " value: smtp.alexpires.me", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: smtp.alexpires.me", "FirstCause": false, "LastCause": true }, { "Number": 45, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0125", "Title": "Restrict container images to trusted registries", "Description": "Ensure that all containers use images only from trusted registry domains.", "Message": "Container stunnel in deployment postfix (namespace: mail) uses an image from an untrusted registry.", "Namespace": "builtin.kubernetes.KSV0125", "Query": "data.builtin.kubernetes.KSV0125.deny", "Resolution": "Use images from trusted registries.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", "References": [ "https://cloud.google.com/container-registry/docs/overview#registries", "https://docs.aws.amazon.com/general/latest/gr/ecr.html", "https://avd.aquasec.com/misconfig/ksv-0125" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 98, "EndLine": 116, "Code": { "Lines": [ { "Number": 98, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 99, "Content": " - /etc/conf/stunnel.conf", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /etc/conf/stunnel.conf", "FirstCause": false, "LastCause": false }, { "Number": 100, "Content": " image: chainguard/stunnel:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: chainguard/stunnel:latest", "FirstCause": false, "LastCause": false }, { "Number": 101, "Content": " imagePullPolicy: Always", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", "FirstCause": false, "LastCause": false }, { "Number": 102, "Content": " name: stunnel", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: stunnel", "FirstCause": false, "LastCause": false }, { "Number": 103, "Content": " resources: {}", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m: {}", "FirstCause": false, "LastCause": false }, { "Number": 104, "Content": " terminationMessagePath: /dev/termination-log", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mterminationMessagePath\u001b[0m: /dev/termination-log", "FirstCause": false, "LastCause": false }, { "Number": 105, "Content": " terminationMessagePolicy: File", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mterminationMessagePolicy\u001b[0m: File", "FirstCause": false, "LastCause": false }, { "Number": 106, "Content": " volumeMounts:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvolumeMounts\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 107, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } } ] } ] }, { "Namespace": "mail", "Kind": "Role", "Name": "cert-checker-role", "Metadata": [ {} ], "Results": [ { "Target": "Role/cert-checker-role", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 1 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0048", "Title": "Manage Kubernetes workloads and pods", "Description": "Depending on the policies enforced by the admission controller, this permission ranges from the ability to steal compute (crypto) by running workloads or allowing for creating workloads that escape to the node as root and escalation to cluster-admin.", "Message": "Role 'cert-checker-role' should not have access to resources [\"pods\", \"deployments\", \"jobs\", \"cronjobs\", \"statefulsets\", \"daemonsets\", \"replicasets\", \"replicationcontrollers\"] for verbs [\"create\", \"update\", \"patch\", \"delete\", \"deletecollection\", \"impersonate\", \"*\"]", "Namespace": "builtin.kubernetes.KSV048", "Query": "data.builtin.kubernetes.KSV048.deny", "Resolution": "Kubernetes workloads resources are only allowed for verbs 'list', 'watch', 'get'", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0048", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0048" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 10, "EndLine": 18, "Code": { "Lines": [ { "Number": 10, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 11, "Content": " - apps", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - apps", "FirstCause": false, "LastCause": false }, { "Number": 12, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 13, "Content": " - deployments", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - deployments", "FirstCause": false, "LastCause": false }, { "Number": 14, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 15, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": false }, { "Number": 16, "Content": " - update", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - update", "FirstCause": false, "LastCause": false }, { "Number": 17, "Content": " - patch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - patch", "FirstCause": false, "LastCause": false }, { "Number": 18, "Content": " - get", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - get", "FirstCause": false, "LastCause": true } ] } } } ] } ] }, { "Namespace": "mail", "Kind": "RoleBinding", "Name": "cert-checker-biding", "Metadata": [ {} ], "Results": [ { "Target": "RoleBinding/cert-checker-biding", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "mail", "Kind": "Service", "Name": "auth", "Metadata": [ {} ], "Results": [ { "Target": "Service/auth", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "mail", "Kind": "Service", "Name": "imap", "Metadata": [ {} ], "Results": [ { "Target": "Service/imap", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "mail", "Kind": "Service", "Name": "lmtp", "Metadata": [ {} ], "Results": [ { "Target": "Service/lmtp", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "mail", "Kind": "Service", "Name": "smtps", "Metadata": [ {} ], "Results": [ { "Target": "Service/smtps", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "mail", "Kind": "ServiceAccount", "Name": "cert-checker-sa", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/cert-checker-sa", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "mail", "Kind": "ServiceAccount", "Name": "default", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/default", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "mail", "Kind": "ServiceAccount", "Name": "mail-app-sa", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/mail-app-sa", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "mail", "Kind": "ServiceAccount", "Name": "mail-backup-sa", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/mail-backup-sa", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "metallb-system", "Kind": "ConfigMap", "Name": "kube-root-ca.crt", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/kube-root-ca.crt", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "metallb-system", "Kind": "ConfigMap", "Name": "metallb-excludel2", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/metallb-excludel2", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "metallb-system", "Kind": "DaemonSet", "Name": "speaker", "Metadata": [ {} ], "Results": [ { "Target": "DaemonSet/speaker", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 50, "Failures": 7 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0009", "Title": "Access to host network", "Description": "Sharing the host’s network namespace permits processes in the pod to communicate with processes bound to the host’s loopback adapter.", "Message": "DaemonSet 'speaker' should not set 'spec.template.spec.hostNetwork' to true", "Namespace": "builtin.kubernetes.KSV009", "Query": "data.builtin.kubernetes.KSV009.deny", "Resolution": "Do not set 'spec.template.spec.hostNetwork' to true.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0009", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0009" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 15, "EndLine": 142, "Code": { "Lines": [ { "Number": 15, "Content": "spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 16, "Content": " revisionHistoryLimit: 10", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mrevisionHistoryLimit\u001b[0m: \u001b[38;5;37m10", "FirstCause": false, "LastCause": false }, { "Number": 17, "Content": " selector:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mselector\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 18, "Content": " matchLabels:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mmatchLabels\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 19, "Content": " app: metallb", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mapp\u001b[0m: metallb", "FirstCause": false, "LastCause": false }, { "Number": 20, "Content": " component: speaker", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mcomponent\u001b[0m: speaker", "FirstCause": false, "LastCause": false }, { "Number": 21, "Content": " template:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mtemplate\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 22, "Content": " metadata:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mmetadata\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 23, "Content": " annotations:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mannotations\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 24, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0012", "Title": "Runs as root user", "Description": "Force the running image to run as a non-root user to ensure least privileges.", "Message": "Container 'speaker' of DaemonSet 'speaker' should set 'securityContext.runAsNonRoot' to true", "Namespace": "builtin.kubernetes.KSV012", "Query": "data.builtin.kubernetes.KSV012.deny", "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0012", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", "https://avd.aquasec.com/misconfig/ksv-0012" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 33, "EndLine": 111, "Code": { "Lines": [ { "Number": 33, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 34, "Content": " - --port=7472", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --port=7472", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " - --log-level=info", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --log-level=info", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " - name: METALLB_NODE_NAME", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: METALLB_NODE_NAME", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " fieldRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfieldRef\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " apiVersion: v1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mapiVersion\u001b[0m: v1", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " fieldPath: spec.nodeName", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfieldPath\u001b[0m: spec.nodeName", "FirstCause": false, "LastCause": true }, { "Number": 42, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0022", "Title": "Specific capabilities added", "Description": "According to pod security standard 'Capabilities', capabilities beyond the default set must not be added.", "Message": "Container 'speaker' of DaemonSet 'speaker' should not set 'securityContext.capabilities.add'", "Namespace": "builtin.kubernetes.KSV022", "Query": "data.builtin.kubernetes.KSV022.deny", "Resolution": "Do not set spec.containers[*].securityContext.capabilities.add and spec.initContainers[*].securityContext.capabilities.add.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0022", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0022" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 33, "EndLine": 111, "Code": { "Lines": [ { "Number": 33, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 34, "Content": " - --port=7472", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --port=7472", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " - --log-level=info", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --log-level=info", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " - name: METALLB_NODE_NAME", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: METALLB_NODE_NAME", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " fieldRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfieldRef\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " apiVersion: v1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mapiVersion\u001b[0m: v1", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " fieldPath: spec.nodeName", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfieldPath\u001b[0m: spec.nodeName", "FirstCause": false, "LastCause": true }, { "Number": 42, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0104", "Title": "Seccomp policies disabled", "Description": "A program inside the container can bypass Seccomp protection policies.", "Message": "container \"speaker\" of daemonset \"speaker\" in \"metallb-system\" namespace should specify a seccomp profile", "Namespace": "builtin.kubernetes.KSV104", "Query": "data.builtin.kubernetes.KSV104.deny", "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0104" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 33, "EndLine": 111, "Code": { "Lines": [ { "Number": 33, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 34, "Content": " - --port=7472", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --port=7472", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " - --log-level=info", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --log-level=info", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " - name: METALLB_NODE_NAME", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: METALLB_NODE_NAME", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " fieldRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfieldRef\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " apiVersion: v1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mapiVersion\u001b[0m: v1", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " fieldPath: spec.nodeName", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfieldPath\u001b[0m: spec.nodeName", "FirstCause": false, "LastCause": true }, { "Number": 42, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0118", "Title": "Default security context configured", "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", "Message": "daemonset speaker in metallb-system namespace is using the default security context, which allows root privileges", "Namespace": "builtin.kubernetes.KSV118", "Query": "data.builtin.kubernetes.KSV118.deny", "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", "References": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://avd.aquasec.com/misconfig/ksv-0118" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 31, "EndLine": 137, "Code": { "Lines": [ { "Number": 31, "Content": " spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 32, "Content": " containers:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mcontainers\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 33, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " - --port=7472", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --port=7472", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " - --log-level=info", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --log-level=info", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " - name: METALLB_NODE_NAME", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: METALLB_NODE_NAME", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " fieldRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfieldRef\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 40, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0119", "Title": "NET_RAW capability added", "Description": "The NET_RAW capability grants attackers the ability to eavesdrop on network traffic or generate IP traffic with falsified source addresses, posing serious security risks.", "Message": "container speaker of daemonset speaker in metallb-system namespace should not include 'NET_RAW' in securityContext.capabilities.add", "Namespace": "builtin.kubernetes.KSV119", "Query": "data.builtin.kubernetes.KSV119.deny", "Resolution": "To mitigate potential security risks, it is strongly recommended to remove the NET_RAW capability from 'containers[].securityContext.capabilities.add'. It is advisable to follow the practice of dropping all capabilities and only adding the necessary ones.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0119", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/", "https://avd.aquasec.com/misconfig/ksv-0119" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general" } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0125", "Title": "Restrict container images to trusted registries", "Description": "Ensure that all containers use images only from trusted registry domains.", "Message": "Container speaker in daemonset speaker (namespace: metallb-system) uses an image from an untrusted registry.", "Namespace": "builtin.kubernetes.KSV0125", "Query": "data.builtin.kubernetes.KSV0125.deny", "Resolution": "Use images from trusted registries.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", "References": [ "https://cloud.google.com/container-registry/docs/overview#registries", "https://docs.aws.amazon.com/general/latest/gr/ecr.html", "https://avd.aquasec.com/misconfig/ksv-0125" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 33, "EndLine": 111, "Code": { "Lines": [ { "Number": 33, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 34, "Content": " - --port=7472", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --port=7472", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " - --log-level=info", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --log-level=info", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " - name: METALLB_NODE_NAME", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: METALLB_NODE_NAME", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " fieldRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfieldRef\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " apiVersion: v1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mapiVersion\u001b[0m: v1", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " fieldPath: spec.nodeName", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfieldPath\u001b[0m: spec.nodeName", "FirstCause": false, "LastCause": true }, { "Number": 42, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } } ] } ] }, { "Namespace": "metallb-system", "Kind": "Deployment", "Name": "controller", "Metadata": [ {} ], "Results": [ { "Target": "Deployment/controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 55, "Failures": 2 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0104", "Title": "Seccomp policies disabled", "Description": "A program inside the container can bypass Seccomp protection policies.", "Message": "container \"controller\" of deployment \"controller\" in \"metallb-system\" namespace should specify a seccomp profile", "Namespace": "builtin.kubernetes.KSV104", "Query": "data.builtin.kubernetes.KSV104.deny", "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0104" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 40, "EndLine": 91, "Code": { "Lines": [ { "Number": 40, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 41, "Content": " - --port=7472", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --port=7472", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " - --log-level=info", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --log-level=info", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - --tls-min-version=VersionTLS12", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --tls-min-version=VersionTLS12", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 45, "Content": " - name: METALLB_ML_SECRET_NAME", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: METALLB_ML_SECRET_NAME", "FirstCause": false, "LastCause": false }, { "Number": 46, "Content": " value: memberlist", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: memberlist", "FirstCause": false, "LastCause": false }, { "Number": 47, "Content": " - name: METALLB_DEPLOYMENT", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: METALLB_DEPLOYMENT", "FirstCause": false, "LastCause": false }, { "Number": 48, "Content": " value: controller", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: controller", "FirstCause": false, "LastCause": true }, { "Number": 49, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0125", "Title": "Restrict container images to trusted registries", "Description": "Ensure that all containers use images only from trusted registry domains.", "Message": "Container controller in deployment controller (namespace: metallb-system) uses an image from an untrusted registry.", "Namespace": "builtin.kubernetes.KSV0125", "Query": "data.builtin.kubernetes.KSV0125.deny", "Resolution": "Use images from trusted registries.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", "References": [ "https://cloud.google.com/container-registry/docs/overview#registries", "https://docs.aws.amazon.com/general/latest/gr/ecr.html", "https://avd.aquasec.com/misconfig/ksv-0125" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 40, "EndLine": 91, "Code": { "Lines": [ { "Number": 40, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 41, "Content": " - --port=7472", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --port=7472", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " - --log-level=info", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --log-level=info", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - --tls-min-version=VersionTLS12", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --tls-min-version=VersionTLS12", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 45, "Content": " - name: METALLB_ML_SECRET_NAME", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: METALLB_ML_SECRET_NAME", "FirstCause": false, "LastCause": false }, { "Number": 46, "Content": " value: memberlist", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: memberlist", "FirstCause": false, "LastCause": false }, { "Number": 47, "Content": " - name: METALLB_DEPLOYMENT", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: METALLB_DEPLOYMENT", "FirstCause": false, "LastCause": false }, { "Number": 48, "Content": " value: controller", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: controller", "FirstCause": false, "LastCause": true }, { "Number": 49, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } } ] } ] }, { "Namespace": "metallb-system", "Kind": "Role", "Name": "controller", "Metadata": [ {} ], "Results": [ { "Target": "Role/controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 2 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0113", "Title": "Manage namespace secrets", "Description": "Viewing secrets at the namespace scope can lead to escalation if another service account in that namespace has a higher privileged rolebinding or clusterrolebinding bound.", "Message": "Role 'controller' shouldn't have access to manage secrets in namespace 'metallb-system'", "Namespace": "builtin.kubernetes.KSV113", "Query": "data.builtin.kubernetes.KSV113.deny", "Resolution": "Manage namespace secrets are not allowed. Remove resource 'secrets' from role", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0113", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0113" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 12, "EndLine": 23, "Code": { "Lines": [ { "Number": 12, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 13, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 14, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 15, "Content": " - secrets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - secrets", "FirstCause": false, "LastCause": false }, { "Number": 16, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 17, "Content": " - create", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - create", "FirstCause": false, "LastCause": false }, { "Number": 18, "Content": " - delete", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - delete", "FirstCause": false, "LastCause": false }, { "Number": 19, "Content": " - get", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - get", "FirstCause": false, "LastCause": false }, { "Number": 20, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": true }, { "Number": 21, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0113", "Title": "Manage namespace secrets", "Description": "Viewing secrets at the namespace scope can lead to escalation if another service account in that namespace has a higher privileged rolebinding or clusterrolebinding bound.", "Message": "Role 'controller' shouldn't have access to manage secrets in namespace 'metallb-system'", "Namespace": "builtin.kubernetes.KSV113", "Query": "data.builtin.kubernetes.KSV113.deny", "Resolution": "Manage namespace secrets are not allowed. Remove resource 'secrets' from role", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0113", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0113" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 24, "EndLine": 31, "Code": { "Lines": [ { "Number": 24, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 25, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 26, "Content": " resourceNames:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresourceNames\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 27, "Content": " - memberlist", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - memberlist", "FirstCause": false, "LastCause": false }, { "Number": 28, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 29, "Content": " - secrets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - secrets", "FirstCause": false, "LastCause": false }, { "Number": 30, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 31, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": true } ] } } } ] } ] }, { "Namespace": "metallb-system", "Kind": "Role", "Name": "pod-lister", "Metadata": [ {} ], "Results": [ { "Target": "Role/pod-lister", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 1 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0113", "Title": "Manage namespace secrets", "Description": "Viewing secrets at the namespace scope can lead to escalation if another service account in that namespace has a higher privileged rolebinding or clusterrolebinding bound.", "Message": "Role 'pod-lister' shouldn't have access to manage secrets in namespace 'metallb-system'", "Namespace": "builtin.kubernetes.KSV113", "Query": "data.builtin.kubernetes.KSV113.deny", "Resolution": "Manage namespace secrets are not allowed. Remove resource 'secrets' from role", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0113", "References": [ "https://kubernetes.io/docs/concepts/security/rbac-good-practices/", "https://avd.aquasec.com/misconfig/ksv-0113" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 19, "EndLine": 26, "Code": { "Lines": [ { "Number": 19, "Content": " - apiGroups:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mapiGroups\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 20, "Content": " - \"\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;37m\"\"", "FirstCause": false, "LastCause": false }, { "Number": 21, "Content": " resources:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mresources\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 22, "Content": " - secrets", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - secrets", "FirstCause": false, "LastCause": false }, { "Number": 23, "Content": " verbs:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mverbs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 24, "Content": " - get", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - get", "FirstCause": false, "LastCause": false }, { "Number": 25, "Content": " - list", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - list", "FirstCause": false, "LastCause": false }, { "Number": 26, "Content": " - watch", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - watch", "FirstCause": false, "LastCause": true } ] } } } ] } ] }, { "Namespace": "metallb-system", "Kind": "RoleBinding", "Name": "controller", "Metadata": [ {} ], "Results": [ { "Target": "RoleBinding/controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "metallb-system", "Kind": "RoleBinding", "Name": "pod-lister", "Metadata": [ {} ], "Results": [ { "Target": "RoleBinding/pod-lister", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "metallb-system", "Kind": "Service", "Name": "metallb-webhook-service", "Metadata": [ {} ], "Results": [ { "Target": "Service/metallb-webhook-service", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "metallb-system", "Kind": "ServiceAccount", "Name": "controller", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/controller", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "metallb-system", "Kind": "ServiceAccount", "Name": "default", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/default", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "metallb-system", "Kind": "ServiceAccount", "Name": "speaker", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/speaker", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "prometheus", "Kind": "ConfigMap", "Name": "alertmanager-conf", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/alertmanager-conf", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 1 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-01010", "Title": "ConfigMap with sensitive content", "Description": "Storing sensitive content such as usernames and email addresses in configMaps is unsafe", "Message": "ConfigMap 'alertmanager-conf' in 'prometheus' namespace stores sensitive contents in key(s) or value(s) '{\" \\\"from\\\"\", \" \\\"to\\\"\"}'", "Namespace": "builtin.kubernetes.KSV01010", "Query": "data.builtin.kubernetes.KSV01010.deny", "Resolution": "Remove sensitive content from configMap data value", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-01010", "References": [ "https://avd.aquasec.com/misconfig/ksv-01010" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general" } } ] } ] }, { "Namespace": "prometheus", "Kind": "ConfigMap", "Name": "auth-exporter-config", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/auth-exporter-config", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 1 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-01010", "Title": "ConfigMap with sensitive content", "Description": "Storing sensitive content such as usernames and email addresses in configMaps is unsafe", "Message": "ConfigMap 'auth-exporter-config' in 'prometheus' namespace stores sensitive contents in key(s) or value(s) '{\" active_sessions_by_user.labels(source\", \" active_sessions_by_user.labels(source\", \" childu \", \" auth_sessions_by_user.labels(source\", \" username \", \"USERNAME \"}'", "Namespace": "builtin.kubernetes.KSV01010", "Query": "data.builtin.kubernetes.KSV01010.deny", "Resolution": "Remove sensitive content from configMap data value", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-01010", "References": [ "https://avd.aquasec.com/misconfig/ksv-01010" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general" } } ] } ] }, { "Namespace": "prometheus", "Kind": "ConfigMap", "Name": "kube-root-ca.crt", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/kube-root-ca.crt", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "prometheus", "Kind": "ConfigMap", "Name": "prometheus-server-conf", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/prometheus-server-conf", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "prometheus", "Kind": "Deployment", "Name": "alertmanager", "Metadata": [ {} ], "Results": [ { "Target": "Deployment/alertmanager", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 51, "Failures": 6 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0013", "Title": "Image tag \":latest\" used", "Description": "It is best to avoid using the ':latest' image tag when deploying containers in production. Doing so makes it hard to track which version of the image is running, and hard to roll back the version.", "Message": "Container 'alertmanager' of Deployment 'alertmanager' should specify an image tag", "Namespace": "builtin.kubernetes.KSV013", "Query": "data.builtin.kubernetes.KSV013.deny", "Resolution": "Use a specific container image tag that is not 'latest'.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0013", "References": [ "https://kubernetes.io/docs/concepts/configuration/overview/#container-images", "https://avd.aquasec.com/misconfig/ksv-0013" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 36, "EndLine": 62, "Code": { "Lines": [ { "Number": 36, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 37, "Content": " - --config.file=/etc/alertmanager/alertmanager.yml", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --config.file=/etc/alertmanager/alertmanager.yml", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " - --storage.path=/alertmanager", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --storage.path=/alertmanager", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " image: prom/alertmanager:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: prom/alertmanager:latest", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " imagePullPolicy: Always", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " name: alertmanager", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: alertmanager", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " ports:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mports\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - containerPort: 9093", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m9093", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " name: http", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: http", "FirstCause": false, "LastCause": true }, { "Number": 45, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0014", "Title": "Root file system is not read-only", "Description": "An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.", "Message": "Container 'alertmanager' of Deployment 'alertmanager' should set 'securityContext.readOnlyRootFilesystem' to true", "Namespace": "builtin.kubernetes.KSV014", "Query": "data.builtin.kubernetes.KSV014.deny", "Resolution": "Change 'containers[].securityContext.readOnlyRootFilesystem' to 'true'.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0014", "References": [ "https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/", "https://avd.aquasec.com/misconfig/ksv-0014" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 36, "EndLine": 62, "Code": { "Lines": [ { "Number": 36, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 37, "Content": " - --config.file=/etc/alertmanager/alertmanager.yml", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --config.file=/etc/alertmanager/alertmanager.yml", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " - --storage.path=/alertmanager", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --storage.path=/alertmanager", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " image: prom/alertmanager:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: prom/alertmanager:latest", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " imagePullPolicy: Always", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " name: alertmanager", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: alertmanager", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " ports:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mports\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - containerPort: 9093", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m9093", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " name: http", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: http", "FirstCause": false, "LastCause": true }, { "Number": 45, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0023", "Title": "hostPath volumes mounted", "Description": "According to pod security standard 'HostPath Volumes', HostPath volumes must be forbidden.", "Message": "Deployment 'alertmanager' should not set 'spec.template.volumes.hostPath'", "Namespace": "builtin.kubernetes.KSV023", "Query": "data.builtin.kubernetes.KSV023.deny", "Resolution": "Do not set 'spec.volumes[*].hostPath'.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0023", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0023" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 14, "EndLine": 79, "Code": { "Lines": [ { "Number": 14, "Content": "spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 15, "Content": " progressDeadlineSeconds: 600", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mprogressDeadlineSeconds\u001b[0m: \u001b[38;5;37m600", "FirstCause": false, "LastCause": false }, { "Number": 16, "Content": " replicas: 1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mreplicas\u001b[0m: \u001b[38;5;37m1", "FirstCause": false, "LastCause": false }, { "Number": 17, "Content": " revisionHistoryLimit: 10", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mrevisionHistoryLimit\u001b[0m: \u001b[38;5;37m10", "FirstCause": false, "LastCause": false }, { "Number": 18, "Content": " selector:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mselector\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 19, "Content": " matchLabels:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mmatchLabels\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 20, "Content": " app: alertmanager", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mapp\u001b[0m: alertmanager", "FirstCause": false, "LastCause": false }, { "Number": 21, "Content": " strategy:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mstrategy\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 22, "Content": " rollingUpdate:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mrollingUpdate\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 23, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0104", "Title": "Seccomp policies disabled", "Description": "A program inside the container can bypass Seccomp protection policies.", "Message": "container \"alertmanager\" of deployment \"alertmanager\" in \"prometheus\" namespace should specify a seccomp profile", "Namespace": "builtin.kubernetes.KSV104", "Query": "data.builtin.kubernetes.KSV104.deny", "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0104" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 36, "EndLine": 62, "Code": { "Lines": [ { "Number": 36, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 37, "Content": " - --config.file=/etc/alertmanager/alertmanager.yml", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --config.file=/etc/alertmanager/alertmanager.yml", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " - --storage.path=/alertmanager", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --storage.path=/alertmanager", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " image: prom/alertmanager:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: prom/alertmanager:latest", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " imagePullPolicy: Always", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " name: alertmanager", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: alertmanager", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " ports:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mports\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - containerPort: 9093", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m9093", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " name: http", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: http", "FirstCause": false, "LastCause": true }, { "Number": 45, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0118", "Title": "Default security context configured", "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", "Message": "deployment alertmanager in prometheus namespace is using the default security context, which allows root privileges", "Namespace": "builtin.kubernetes.KSV118", "Query": "data.builtin.kubernetes.KSV118.deny", "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", "References": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://avd.aquasec.com/misconfig/ksv-0118" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 33, "EndLine": 79, "Code": { "Lines": [ { "Number": 33, "Content": " spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 34, "Content": " automountServiceAccountToken: true", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mautomountServiceAccountToken\u001b[0m: \u001b[38;5;166mtrue", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " containers:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mcontainers\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " - --config.file=/etc/alertmanager/alertmanager.yml", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --config.file=/etc/alertmanager/alertmanager.yml", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " - --storage.path=/alertmanager", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --storage.path=/alertmanager", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " image: prom/alertmanager:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: prom/alertmanager:latest", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " imagePullPolicy: Always", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " name: alertmanager", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: alertmanager", "FirstCause": false, "LastCause": true }, { "Number": 42, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0125", "Title": "Restrict container images to trusted registries", "Description": "Ensure that all containers use images only from trusted registry domains.", "Message": "Container alertmanager in deployment alertmanager (namespace: prometheus) uses an image from an untrusted registry.", "Namespace": "builtin.kubernetes.KSV0125", "Query": "data.builtin.kubernetes.KSV0125.deny", "Resolution": "Use images from trusted registries.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", "References": [ "https://cloud.google.com/container-registry/docs/overview#registries", "https://docs.aws.amazon.com/general/latest/gr/ecr.html", "https://avd.aquasec.com/misconfig/ksv-0125" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 36, "EndLine": 62, "Code": { "Lines": [ { "Number": 36, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 37, "Content": " - --config.file=/etc/alertmanager/alertmanager.yml", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --config.file=/etc/alertmanager/alertmanager.yml", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " - --storage.path=/alertmanager", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --storage.path=/alertmanager", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " image: prom/alertmanager:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: prom/alertmanager:latest", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " imagePullPolicy: Always", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " name: alertmanager", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: alertmanager", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " ports:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mports\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - containerPort: 9093", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m9093", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " name: http", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: http", "FirstCause": false, "LastCause": true }, { "Number": 45, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } } ] } ] }, { "Namespace": "prometheus", "Kind": "Deployment", "Name": "auth-exporter", "Metadata": [ {} ], "Results": [ { "Target": "Deployment/auth-exporter", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 52, "Failures": 5 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0001", "Title": "Can elevate its own privileges", "Description": "A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.", "Message": "Container 'auth-exporter' of Deployment 'auth-exporter' should set 'securityContext.allowPrivilegeEscalation' to false", "Namespace": "builtin.kubernetes.KSV001", "Query": "data.builtin.kubernetes.KSV001.deny", "Resolution": "Set 'set containers[].securityContext.allowPrivilegeEscalation' to 'false'.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0001", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", "https://avd.aquasec.com/misconfig/ksv-0001" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 37, "EndLine": 69, "Code": { "Lines": [ { "Number": 37, "Content": " - command:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcommand\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 38, "Content": " - sh", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - sh", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " - -c", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - -c", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " - python -m venv /tmp/venv \u0026\u0026 . /tmp/venv/bin/activate \u0026\u0026 pip install -r /exporter/requirements.txt \u0026\u0026 python /exporter/exporter.py --export-usernames", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - python -m venv /tmp/venv \u0026\u0026 . /tmp/venv/bin/activate \u0026\u0026 pip install -r /exporter/requirements.txt \u0026\u0026 python /exporter/exporter.py --export-usernames", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " image: python:3.12-slim", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: python:3.12-slim", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " imagePullPolicy: IfNotPresent", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " name: auth-exporter", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: auth-exporter", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " ports:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mports\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 45, "Content": " - containerPort: 9100", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m9100", "FirstCause": false, "LastCause": true }, { "Number": 46, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0012", "Title": "Runs as root user", "Description": "Force the running image to run as a non-root user to ensure least privileges.", "Message": "Container 'auth-exporter' of Deployment 'auth-exporter' should set 'securityContext.runAsNonRoot' to true", "Namespace": "builtin.kubernetes.KSV012", "Query": "data.builtin.kubernetes.KSV012.deny", "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0012", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", "https://avd.aquasec.com/misconfig/ksv-0012" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 37, "EndLine": 69, "Code": { "Lines": [ { "Number": 37, "Content": " - command:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcommand\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 38, "Content": " - sh", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - sh", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " - -c", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - -c", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " - python -m venv /tmp/venv \u0026\u0026 . /tmp/venv/bin/activate \u0026\u0026 pip install -r /exporter/requirements.txt \u0026\u0026 python /exporter/exporter.py --export-usernames", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - python -m venv /tmp/venv \u0026\u0026 . /tmp/venv/bin/activate \u0026\u0026 pip install -r /exporter/requirements.txt \u0026\u0026 python /exporter/exporter.py --export-usernames", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " image: python:3.12-slim", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: python:3.12-slim", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " imagePullPolicy: IfNotPresent", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " name: auth-exporter", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: auth-exporter", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " ports:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mports\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 45, "Content": " - containerPort: 9100", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m9100", "FirstCause": false, "LastCause": true }, { "Number": 46, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0023", "Title": "hostPath volumes mounted", "Description": "According to pod security standard 'HostPath Volumes', HostPath volumes must be forbidden.", "Message": "Deployment 'auth-exporter' should not set 'spec.template.volumes.hostPath'", "Namespace": "builtin.kubernetes.KSV023", "Query": "data.builtin.kubernetes.KSV023.deny", "Resolution": "Do not set 'spec.volumes[*].hostPath'.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0023", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0023" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 14, "EndLine": 92, "Code": { "Lines": [ { "Number": 14, "Content": "spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 15, "Content": " progressDeadlineSeconds: 600", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mprogressDeadlineSeconds\u001b[0m: \u001b[38;5;37m600", "FirstCause": false, "LastCause": false }, { "Number": 16, "Content": " replicas: 1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mreplicas\u001b[0m: \u001b[38;5;37m1", "FirstCause": false, "LastCause": false }, { "Number": 17, "Content": " revisionHistoryLimit: 10", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mrevisionHistoryLimit\u001b[0m: \u001b[38;5;37m10", "FirstCause": false, "LastCause": false }, { "Number": 18, "Content": " selector:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mselector\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 19, "Content": " matchLabels:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mmatchLabels\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 20, "Content": " app: auth-exporter", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mapp\u001b[0m: auth-exporter", "FirstCause": false, "LastCause": false }, { "Number": 21, "Content": " strategy:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mstrategy\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 22, "Content": " rollingUpdate:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mrollingUpdate\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 23, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0104", "Title": "Seccomp policies disabled", "Description": "A program inside the container can bypass Seccomp protection policies.", "Message": "container \"auth-exporter\" of deployment \"auth-exporter\" in \"prometheus\" namespace should specify a seccomp profile", "Namespace": "builtin.kubernetes.KSV104", "Query": "data.builtin.kubernetes.KSV104.deny", "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0104" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 37, "EndLine": 69, "Code": { "Lines": [ { "Number": 37, "Content": " - command:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcommand\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 38, "Content": " - sh", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - sh", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " - -c", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - -c", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " - python -m venv /tmp/venv \u0026\u0026 . /tmp/venv/bin/activate \u0026\u0026 pip install -r /exporter/requirements.txt \u0026\u0026 python /exporter/exporter.py --export-usernames", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - python -m venv /tmp/venv \u0026\u0026 . /tmp/venv/bin/activate \u0026\u0026 pip install -r /exporter/requirements.txt \u0026\u0026 python /exporter/exporter.py --export-usernames", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " image: python:3.12-slim", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: python:3.12-slim", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " imagePullPolicy: IfNotPresent", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " name: auth-exporter", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: auth-exporter", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " ports:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mports\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 45, "Content": " - containerPort: 9100", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m9100", "FirstCause": false, "LastCause": true }, { "Number": 46, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0118", "Title": "Default security context configured", "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", "Message": "deployment auth-exporter in prometheus namespace is using the default security context, which allows root privileges", "Namespace": "builtin.kubernetes.KSV118", "Query": "data.builtin.kubernetes.KSV118.deny", "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", "References": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://avd.aquasec.com/misconfig/ksv-0118" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 34, "EndLine": 92, "Code": { "Lines": [ { "Number": 34, "Content": " spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 35, "Content": " automountServiceAccountToken: false", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mautomountServiceAccountToken\u001b[0m: \u001b[38;5;166mfalse", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " containers:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mcontainers\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " - command:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcommand\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " - sh", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - sh", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " - -c", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - -c", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " - python -m venv /tmp/venv \u0026\u0026 . /tmp/venv/bin/activate \u0026\u0026 pip install -r /exporter/requirements.txt \u0026\u0026 python /exporter/exporter.py --export-usernames", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - python -m venv /tmp/venv \u0026\u0026 . /tmp/venv/bin/activate \u0026\u0026 pip install -r /exporter/requirements.txt \u0026\u0026 python /exporter/exporter.py --export-usernames", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " image: python:3.12-slim", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: python:3.12-slim", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " imagePullPolicy: IfNotPresent", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", "FirstCause": false, "LastCause": true }, { "Number": 43, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } } ] } ] }, { "Namespace": "prometheus", "Kind": "Deployment", "Name": "fail2ban-exporter", "Metadata": [ {} ], "Results": [ { "Target": "Deployment/fail2ban-exporter", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 50, "Failures": 7 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0001", "Title": "Can elevate its own privileges", "Description": "A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.", "Message": "Container 'fail2ban-exporter' of Deployment 'fail2ban-exporter' should set 'securityContext.allowPrivilegeEscalation' to false", "Namespace": "builtin.kubernetes.KSV001", "Query": "data.builtin.kubernetes.KSV001.deny", "Resolution": "Set 'set containers[].securityContext.allowPrivilegeEscalation' to 'false'.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0001", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", "https://avd.aquasec.com/misconfig/ksv-0001" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 34, "EndLine": 56, "Code": { "Lines": [ { "Number": 34, "Content": " - image: registry.gitlab.com/hctrdev/fail2ban-prometheus-exporter:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: registry.gitlab.com/hctrdev/fail2ban-prometheus-exporter:latest", "FirstCause": true, "LastCause": false }, { "Number": 35, "Content": " imagePullPolicy: IfNotPresent", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " name: fail2ban-exporter", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: fail2ban-exporter", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " ports:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mports\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " - containerPort: 9191", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m9191", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " name: http", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: http", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " protocol: TCP", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mprotocol\u001b[0m: TCP", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " resources: {}", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m: {}", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " securityContext:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33msecurityContext\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 43, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0012", "Title": "Runs as root user", "Description": "Force the running image to run as a non-root user to ensure least privileges.", "Message": "Container 'fail2ban-exporter' of Deployment 'fail2ban-exporter' should set 'securityContext.runAsNonRoot' to true", "Namespace": "builtin.kubernetes.KSV012", "Query": "data.builtin.kubernetes.KSV012.deny", "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0012", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", "https://avd.aquasec.com/misconfig/ksv-0012" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 34, "EndLine": 56, "Code": { "Lines": [ { "Number": 34, "Content": " - image: registry.gitlab.com/hctrdev/fail2ban-prometheus-exporter:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: registry.gitlab.com/hctrdev/fail2ban-prometheus-exporter:latest", "FirstCause": true, "LastCause": false }, { "Number": 35, "Content": " imagePullPolicy: IfNotPresent", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " name: fail2ban-exporter", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: fail2ban-exporter", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " ports:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mports\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " - containerPort: 9191", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m9191", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " name: http", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: http", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " protocol: TCP", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mprotocol\u001b[0m: TCP", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " resources: {}", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m: {}", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " securityContext:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33msecurityContext\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 43, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0013", "Title": "Image tag \":latest\" used", "Description": "It is best to avoid using the ':latest' image tag when deploying containers in production. Doing so makes it hard to track which version of the image is running, and hard to roll back the version.", "Message": "Container 'fail2ban-exporter' of Deployment 'fail2ban-exporter' should specify an image tag", "Namespace": "builtin.kubernetes.KSV013", "Query": "data.builtin.kubernetes.KSV013.deny", "Resolution": "Use a specific container image tag that is not 'latest'.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0013", "References": [ "https://kubernetes.io/docs/concepts/configuration/overview/#container-images", "https://avd.aquasec.com/misconfig/ksv-0013" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 34, "EndLine": 56, "Code": { "Lines": [ { "Number": 34, "Content": " - image: registry.gitlab.com/hctrdev/fail2ban-prometheus-exporter:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: registry.gitlab.com/hctrdev/fail2ban-prometheus-exporter:latest", "FirstCause": true, "LastCause": false }, { "Number": 35, "Content": " imagePullPolicy: IfNotPresent", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " name: fail2ban-exporter", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: fail2ban-exporter", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " ports:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mports\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " - containerPort: 9191", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m9191", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " name: http", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: http", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " protocol: TCP", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mprotocol\u001b[0m: TCP", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " resources: {}", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m: {}", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " securityContext:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33msecurityContext\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 43, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0023", "Title": "hostPath volumes mounted", "Description": "According to pod security standard 'HostPath Volumes', HostPath volumes must be forbidden.", "Message": "Deployment 'fail2ban-exporter' should not set 'spec.template.volumes.hostPath'", "Namespace": "builtin.kubernetes.KSV023", "Query": "data.builtin.kubernetes.KSV023.deny", "Resolution": "Do not set 'spec.volumes[*].hostPath'.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0023", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0023" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 14, "EndLine": 72, "Code": { "Lines": [ { "Number": 14, "Content": "spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 15, "Content": " progressDeadlineSeconds: 600", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mprogressDeadlineSeconds\u001b[0m: \u001b[38;5;37m600", "FirstCause": false, "LastCause": false }, { "Number": 16, "Content": " replicas: 1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mreplicas\u001b[0m: \u001b[38;5;37m1", "FirstCause": false, "LastCause": false }, { "Number": 17, "Content": " revisionHistoryLimit: 10", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mrevisionHistoryLimit\u001b[0m: \u001b[38;5;37m10", "FirstCause": false, "LastCause": false }, { "Number": 18, "Content": " selector:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mselector\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 19, "Content": " matchLabels:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mmatchLabels\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 20, "Content": " k8s-app: fail2ban-exporter", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mk8s-app\u001b[0m: fail2ban-exporter", "FirstCause": false, "LastCause": false }, { "Number": 21, "Content": " strategy:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mstrategy\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 22, "Content": " rollingUpdate:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mrollingUpdate\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 23, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0104", "Title": "Seccomp policies disabled", "Description": "A program inside the container can bypass Seccomp protection policies.", "Message": "container \"fail2ban-exporter\" of deployment \"fail2ban-exporter\" in \"prometheus\" namespace should specify a seccomp profile", "Namespace": "builtin.kubernetes.KSV104", "Query": "data.builtin.kubernetes.KSV104.deny", "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0104" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 34, "EndLine": 56, "Code": { "Lines": [ { "Number": 34, "Content": " - image: registry.gitlab.com/hctrdev/fail2ban-prometheus-exporter:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: registry.gitlab.com/hctrdev/fail2ban-prometheus-exporter:latest", "FirstCause": true, "LastCause": false }, { "Number": 35, "Content": " imagePullPolicy: IfNotPresent", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " name: fail2ban-exporter", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: fail2ban-exporter", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " ports:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mports\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " - containerPort: 9191", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m9191", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " name: http", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: http", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " protocol: TCP", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mprotocol\u001b[0m: TCP", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " resources: {}", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m: {}", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " securityContext:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33msecurityContext\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 43, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0118", "Title": "Default security context configured", "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", "Message": "deployment fail2ban-exporter in prometheus namespace is using the default security context, which allows root privileges", "Namespace": "builtin.kubernetes.KSV118", "Query": "data.builtin.kubernetes.KSV118.deny", "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", "References": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://avd.aquasec.com/misconfig/ksv-0118" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 31, "EndLine": 72, "Code": { "Lines": [ { "Number": 31, "Content": " spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 32, "Content": " automountServiceAccountToken: false", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mautomountServiceAccountToken\u001b[0m: \u001b[38;5;166mfalse", "FirstCause": false, "LastCause": false }, { "Number": 33, "Content": " containers:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mcontainers\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " - image: registry.gitlab.com/hctrdev/fail2ban-prometheus-exporter:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: registry.gitlab.com/hctrdev/fail2ban-prometheus-exporter:latest", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " imagePullPolicy: IfNotPresent", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " name: fail2ban-exporter", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: fail2ban-exporter", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " ports:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mports\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " - containerPort: 9191", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m9191", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " name: http", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: http", "FirstCause": false, "LastCause": true }, { "Number": 40, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0125", "Title": "Restrict container images to trusted registries", "Description": "Ensure that all containers use images only from trusted registry domains.", "Message": "Container fail2ban-exporter in deployment fail2ban-exporter (namespace: prometheus) uses an image from an untrusted registry.", "Namespace": "builtin.kubernetes.KSV0125", "Query": "data.builtin.kubernetes.KSV0125.deny", "Resolution": "Use images from trusted registries.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", "References": [ "https://cloud.google.com/container-registry/docs/overview#registries", "https://docs.aws.amazon.com/general/latest/gr/ecr.html", "https://avd.aquasec.com/misconfig/ksv-0125" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 34, "EndLine": 56, "Code": { "Lines": [ { "Number": 34, "Content": " - image: registry.gitlab.com/hctrdev/fail2ban-prometheus-exporter:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: registry.gitlab.com/hctrdev/fail2ban-prometheus-exporter:latest", "FirstCause": true, "LastCause": false }, { "Number": 35, "Content": " imagePullPolicy: IfNotPresent", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " name: fail2ban-exporter", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: fail2ban-exporter", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " ports:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mports\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " - containerPort: 9191", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m9191", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " name: http", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: http", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " protocol: TCP", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mprotocol\u001b[0m: TCP", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " resources: {}", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mresources\u001b[0m: {}", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " securityContext:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33msecurityContext\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 43, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } } ] } ] }, { "Namespace": "prometheus", "Kind": "Deployment", "Name": "node-exporter", "Metadata": [ {} ], "Results": [ { "Target": "Deployment/node-exporter", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 49, "Failures": 8 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0001", "Title": "Can elevate its own privileges", "Description": "A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.", "Message": "Container 'node-exporter' of Deployment 'node-exporter' should set 'securityContext.allowPrivilegeEscalation' to false", "Namespace": "builtin.kubernetes.KSV001", "Query": "data.builtin.kubernetes.KSV001.deny", "Resolution": "Set 'set containers[].securityContext.allowPrivilegeEscalation' to 'false'.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0001", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", "https://avd.aquasec.com/misconfig/ksv-0001" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 34, "EndLine": 58, "Code": { "Lines": [ { "Number": 34, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 35, "Content": " - --path.rootfs=/host/root", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --path.rootfs=/host/root", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " image: quay.io/prometheus/node-exporter:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: quay.io/prometheus/node-exporter:latest", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " imagePullPolicy: IfNotPresent", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " name: node-exporter", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: node-exporter", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " ports:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mports\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " - containerPort: 9100", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m9100", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " name: http", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: http", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " protocol: TCP", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mprotocol\u001b[0m: TCP", "FirstCause": false, "LastCause": true }, { "Number": 43, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0012", "Title": "Runs as root user", "Description": "Force the running image to run as a non-root user to ensure least privileges.", "Message": "Container 'node-exporter' of Deployment 'node-exporter' should set 'securityContext.runAsNonRoot' to true", "Namespace": "builtin.kubernetes.KSV012", "Query": "data.builtin.kubernetes.KSV012.deny", "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0012", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", "https://avd.aquasec.com/misconfig/ksv-0012" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 34, "EndLine": 58, "Code": { "Lines": [ { "Number": 34, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 35, "Content": " - --path.rootfs=/host/root", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --path.rootfs=/host/root", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " image: quay.io/prometheus/node-exporter:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: quay.io/prometheus/node-exporter:latest", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " imagePullPolicy: IfNotPresent", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " name: node-exporter", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: node-exporter", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " ports:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mports\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " - containerPort: 9100", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m9100", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " name: http", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: http", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " protocol: TCP", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mprotocol\u001b[0m: TCP", "FirstCause": false, "LastCause": true }, { "Number": 43, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0013", "Title": "Image tag \":latest\" used", "Description": "It is best to avoid using the ':latest' image tag when deploying containers in production. Doing so makes it hard to track which version of the image is running, and hard to roll back the version.", "Message": "Container 'node-exporter' of Deployment 'node-exporter' should specify an image tag", "Namespace": "builtin.kubernetes.KSV013", "Query": "data.builtin.kubernetes.KSV013.deny", "Resolution": "Use a specific container image tag that is not 'latest'.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0013", "References": [ "https://kubernetes.io/docs/concepts/configuration/overview/#container-images", "https://avd.aquasec.com/misconfig/ksv-0013" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 34, "EndLine": 58, "Code": { "Lines": [ { "Number": 34, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 35, "Content": " - --path.rootfs=/host/root", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --path.rootfs=/host/root", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " image: quay.io/prometheus/node-exporter:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: quay.io/prometheus/node-exporter:latest", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " imagePullPolicy: IfNotPresent", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " name: node-exporter", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: node-exporter", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " ports:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mports\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " - containerPort: 9100", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m9100", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " name: http", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: http", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " protocol: TCP", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mprotocol\u001b[0m: TCP", "FirstCause": false, "LastCause": true }, { "Number": 43, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0023", "Title": "hostPath volumes mounted", "Description": "According to pod security standard 'HostPath Volumes', HostPath volumes must be forbidden.", "Message": "Deployment 'node-exporter' should not set 'spec.template.volumes.hostPath'", "Namespace": "builtin.kubernetes.KSV023", "Query": "data.builtin.kubernetes.KSV023.deny", "Resolution": "Do not set 'spec.volumes[*].hostPath'.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0023", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0023" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 14, "EndLine": 74, "Code": { "Lines": [ { "Number": 14, "Content": "spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 15, "Content": " progressDeadlineSeconds: 600", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mprogressDeadlineSeconds\u001b[0m: \u001b[38;5;37m600", "FirstCause": false, "LastCause": false }, { "Number": 16, "Content": " replicas: 1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mreplicas\u001b[0m: \u001b[38;5;37m1", "FirstCause": false, "LastCause": false }, { "Number": 17, "Content": " revisionHistoryLimit: 10", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mrevisionHistoryLimit\u001b[0m: \u001b[38;5;37m10", "FirstCause": false, "LastCause": false }, { "Number": 18, "Content": " selector:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mselector\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 19, "Content": " matchLabels:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mmatchLabels\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 20, "Content": " k8s-app: node-exporter", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mk8s-app\u001b[0m: node-exporter", "FirstCause": false, "LastCause": false }, { "Number": 21, "Content": " strategy:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mstrategy\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 22, "Content": " rollingUpdate:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mrollingUpdate\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 23, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0104", "Title": "Seccomp policies disabled", "Description": "A program inside the container can bypass Seccomp protection policies.", "Message": "container \"node-exporter\" of deployment \"node-exporter\" in \"prometheus\" namespace should specify a seccomp profile", "Namespace": "builtin.kubernetes.KSV104", "Query": "data.builtin.kubernetes.KSV104.deny", "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0104" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 34, "EndLine": 58, "Code": { "Lines": [ { "Number": 34, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 35, "Content": " - --path.rootfs=/host/root", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --path.rootfs=/host/root", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " image: quay.io/prometheus/node-exporter:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: quay.io/prometheus/node-exporter:latest", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " imagePullPolicy: IfNotPresent", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " name: node-exporter", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: node-exporter", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " ports:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mports\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " - containerPort: 9100", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m9100", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " name: http", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: http", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " protocol: TCP", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mprotocol\u001b[0m: TCP", "FirstCause": false, "LastCause": true }, { "Number": 43, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0118", "Title": "Default security context configured", "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", "Message": "deployment node-exporter in prometheus namespace is using the default security context, which allows root privileges", "Namespace": "builtin.kubernetes.KSV118", "Query": "data.builtin.kubernetes.KSV118.deny", "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", "References": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://avd.aquasec.com/misconfig/ksv-0118" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 31, "EndLine": 74, "Code": { "Lines": [ { "Number": 31, "Content": " spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 32, "Content": " automountServiceAccountToken: false", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mautomountServiceAccountToken\u001b[0m: \u001b[38;5;166mfalse", "FirstCause": false, "LastCause": false }, { "Number": 33, "Content": " containers:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mcontainers\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " - --path.rootfs=/host/root", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --path.rootfs=/host/root", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " image: quay.io/prometheus/node-exporter:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: quay.io/prometheus/node-exporter:latest", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " imagePullPolicy: IfNotPresent", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " name: node-exporter", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: node-exporter", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " ports:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mports\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 40, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0121", "Title": "Kubernetes resource with disallowed volumes mounted", "Description": "HostPath present many security risks and as a security practice it is better to avoid critical host paths mounts.", "Message": "deployment node-exporter in prometheus namespace shouldn't have volumes set to {\"/\"}", "Namespace": "builtin.kubernetes.KSV121", "Query": "data.builtin.kubernetes.KSV121.deny", "Resolution": "Do not Set 'spec.volumes[*].hostPath.path' to any of the disallowed volumes.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0121", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", "https://avd.aquasec.com/misconfig/ksv-0121" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 14, "EndLine": 74, "Code": { "Lines": [ { "Number": 14, "Content": "spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 15, "Content": " progressDeadlineSeconds: 600", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mprogressDeadlineSeconds\u001b[0m: \u001b[38;5;37m600", "FirstCause": false, "LastCause": false }, { "Number": 16, "Content": " replicas: 1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mreplicas\u001b[0m: \u001b[38;5;37m1", "FirstCause": false, "LastCause": false }, { "Number": 17, "Content": " revisionHistoryLimit: 10", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mrevisionHistoryLimit\u001b[0m: \u001b[38;5;37m10", "FirstCause": false, "LastCause": false }, { "Number": 18, "Content": " selector:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mselector\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 19, "Content": " matchLabels:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mmatchLabels\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 20, "Content": " k8s-app: node-exporter", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mk8s-app\u001b[0m: node-exporter", "FirstCause": false, "LastCause": false }, { "Number": 21, "Content": " strategy:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mstrategy\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 22, "Content": " rollingUpdate:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mrollingUpdate\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 23, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0125", "Title": "Restrict container images to trusted registries", "Description": "Ensure that all containers use images only from trusted registry domains.", "Message": "Container node-exporter in deployment node-exporter (namespace: prometheus) uses an image from an untrusted registry.", "Namespace": "builtin.kubernetes.KSV0125", "Query": "data.builtin.kubernetes.KSV0125.deny", "Resolution": "Use images from trusted registries.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", "References": [ "https://cloud.google.com/container-registry/docs/overview#registries", "https://docs.aws.amazon.com/general/latest/gr/ecr.html", "https://avd.aquasec.com/misconfig/ksv-0125" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 34, "EndLine": 58, "Code": { "Lines": [ { "Number": 34, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 35, "Content": " - --path.rootfs=/host/root", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --path.rootfs=/host/root", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " image: quay.io/prometheus/node-exporter:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: quay.io/prometheus/node-exporter:latest", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " imagePullPolicy: IfNotPresent", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " name: node-exporter", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: node-exporter", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " ports:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mports\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " - containerPort: 9100", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m9100", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " name: http", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mname\u001b[0m: http", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " protocol: TCP", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mprotocol\u001b[0m: TCP", "FirstCause": false, "LastCause": true }, { "Number": 43, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } } ] } ] }, { "Namespace": "prometheus", "Kind": "Deployment", "Name": "prometheus", "Metadata": [ {} ], "Results": [ { "Target": "Deployment/prometheus", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 51, "Failures": 6 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0013", "Title": "Image tag \":latest\" used", "Description": "It is best to avoid using the ':latest' image tag when deploying containers in production. Doing so makes it hard to track which version of the image is running, and hard to roll back the version.", "Message": "Container 'prometheus' of Deployment 'prometheus' should specify an image tag", "Namespace": "builtin.kubernetes.KSV013", "Query": "data.builtin.kubernetes.KSV013.deny", "Resolution": "Use a specific container image tag that is not 'latest'.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0013", "References": [ "https://kubernetes.io/docs/concepts/configuration/overview/#container-images", "https://avd.aquasec.com/misconfig/ksv-0013" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 35, "EndLine": 62, "Code": { "Lines": [ { "Number": 35, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 36, "Content": " - --config.file=/etc/prometheus/prometheus.yml", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --config.file=/etc/prometheus/prometheus.yml", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " - --storage.tsdb.path=/prometheus/", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --storage.tsdb.path=/prometheus/", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " - --storage.tsdb.retention.time=15d", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --storage.tsdb.retention.time=15d", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " image: prom/prometheus:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: prom/prometheus:latest", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " imagePullPolicy: Always", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " name: prometheus", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: prometheus", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " ports:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mports\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - containerPort: 9090", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m9090", "FirstCause": false, "LastCause": true }, { "Number": 44, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0014", "Title": "Root file system is not read-only", "Description": "An immutable root file system prevents applications from writing to their local disk. This can limit intrusions, as attackers will not be able to tamper with the file system or write foreign executables to disk.", "Message": "Container 'prometheus' of Deployment 'prometheus' should set 'securityContext.readOnlyRootFilesystem' to true", "Namespace": "builtin.kubernetes.KSV014", "Query": "data.builtin.kubernetes.KSV014.deny", "Resolution": "Change 'containers[].securityContext.readOnlyRootFilesystem' to 'true'.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0014", "References": [ "https://kubesec.io/basics/containers-securitycontext-readonlyrootfilesystem-true/", "https://avd.aquasec.com/misconfig/ksv-0014" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 35, "EndLine": 62, "Code": { "Lines": [ { "Number": 35, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 36, "Content": " - --config.file=/etc/prometheus/prometheus.yml", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --config.file=/etc/prometheus/prometheus.yml", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " - --storage.tsdb.path=/prometheus/", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --storage.tsdb.path=/prometheus/", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " - --storage.tsdb.retention.time=15d", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --storage.tsdb.retention.time=15d", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " image: prom/prometheus:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: prom/prometheus:latest", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " imagePullPolicy: Always", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " name: prometheus", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: prometheus", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " ports:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mports\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - containerPort: 9090", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m9090", "FirstCause": false, "LastCause": true }, { "Number": 44, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0023", "Title": "hostPath volumes mounted", "Description": "According to pod security standard 'HostPath Volumes', HostPath volumes must be forbidden.", "Message": "Deployment 'prometheus' should not set 'spec.template.volumes.hostPath'", "Namespace": "builtin.kubernetes.KSV023", "Query": "data.builtin.kubernetes.KSV023.deny", "Resolution": "Do not set 'spec.volumes[*].hostPath'.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0023", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0023" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 14, "EndLine": 81, "Code": { "Lines": [ { "Number": 14, "Content": "spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 15, "Content": " progressDeadlineSeconds: 600", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mprogressDeadlineSeconds\u001b[0m: \u001b[38;5;37m600", "FirstCause": false, "LastCause": false }, { "Number": 16, "Content": " replicas: 1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mreplicas\u001b[0m: \u001b[38;5;37m1", "FirstCause": false, "LastCause": false }, { "Number": 17, "Content": " revisionHistoryLimit: 10", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mrevisionHistoryLimit\u001b[0m: \u001b[38;5;37m10", "FirstCause": false, "LastCause": false }, { "Number": 18, "Content": " selector:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mselector\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 19, "Content": " matchLabels:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mmatchLabels\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 20, "Content": " app: prometheus", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mapp\u001b[0m: prometheus", "FirstCause": false, "LastCause": false }, { "Number": 21, "Content": " strategy:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mstrategy\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 22, "Content": " type: Recreate", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mtype\u001b[0m: Recreate", "FirstCause": false, "LastCause": true }, { "Number": 23, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0104", "Title": "Seccomp policies disabled", "Description": "A program inside the container can bypass Seccomp protection policies.", "Message": "container \"prometheus\" of deployment \"prometheus\" in \"prometheus\" namespace should specify a seccomp profile", "Namespace": "builtin.kubernetes.KSV104", "Query": "data.builtin.kubernetes.KSV104.deny", "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0104" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 35, "EndLine": 62, "Code": { "Lines": [ { "Number": 35, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 36, "Content": " - --config.file=/etc/prometheus/prometheus.yml", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --config.file=/etc/prometheus/prometheus.yml", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " - --storage.tsdb.path=/prometheus/", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --storage.tsdb.path=/prometheus/", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " - --storage.tsdb.retention.time=15d", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --storage.tsdb.retention.time=15d", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " image: prom/prometheus:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: prom/prometheus:latest", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " imagePullPolicy: Always", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " name: prometheus", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: prometheus", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " ports:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mports\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - containerPort: 9090", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m9090", "FirstCause": false, "LastCause": true }, { "Number": 44, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0118", "Title": "Default security context configured", "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", "Message": "deployment prometheus in prometheus namespace is using the default security context, which allows root privileges", "Namespace": "builtin.kubernetes.KSV118", "Query": "data.builtin.kubernetes.KSV118.deny", "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", "References": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://avd.aquasec.com/misconfig/ksv-0118" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 32, "EndLine": 81, "Code": { "Lines": [ { "Number": 32, "Content": " spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 33, "Content": " automountServiceAccountToken: true", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mautomountServiceAccountToken\u001b[0m: \u001b[38;5;166mtrue", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " containers:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mcontainers\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " - --config.file=/etc/prometheus/prometheus.yml", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --config.file=/etc/prometheus/prometheus.yml", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " - --storage.tsdb.path=/prometheus/", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --storage.tsdb.path=/prometheus/", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " - --storage.tsdb.retention.time=15d", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --storage.tsdb.retention.time=15d", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " image: prom/prometheus:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: prom/prometheus:latest", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " imagePullPolicy: Always", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", "FirstCause": false, "LastCause": true }, { "Number": 41, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0125", "Title": "Restrict container images to trusted registries", "Description": "Ensure that all containers use images only from trusted registry domains.", "Message": "Container prometheus in deployment prometheus (namespace: prometheus) uses an image from an untrusted registry.", "Namespace": "builtin.kubernetes.KSV0125", "Query": "data.builtin.kubernetes.KSV0125.deny", "Resolution": "Use images from trusted registries.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", "References": [ "https://cloud.google.com/container-registry/docs/overview#registries", "https://docs.aws.amazon.com/general/latest/gr/ecr.html", "https://avd.aquasec.com/misconfig/ksv-0125" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 35, "EndLine": 62, "Code": { "Lines": [ { "Number": 35, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 36, "Content": " - --config.file=/etc/prometheus/prometheus.yml", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --config.file=/etc/prometheus/prometheus.yml", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " - --storage.tsdb.path=/prometheus/", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --storage.tsdb.path=/prometheus/", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " - --storage.tsdb.retention.time=15d", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - --storage.tsdb.retention.time=15d", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " image: prom/prometheus:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: prom/prometheus:latest", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " imagePullPolicy: Always", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " name: prometheus", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: prometheus", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " ports:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mports\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - containerPort: 9090", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m9090", "FirstCause": false, "LastCause": true }, { "Number": 44, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } } ] } ] }, { "Namespace": "prometheus", "Kind": "Service", "Name": "alertmanager", "Metadata": [ {} ], "Results": [ { "Target": "Service/alertmanager", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "prometheus", "Kind": "Service", "Name": "auth-exporter", "Metadata": [ {} ], "Results": [ { "Target": "Service/auth-exporter", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "prometheus", "Kind": "Service", "Name": "fail2ban-exporter", "Metadata": [ {} ], "Results": [ { "Target": "Service/fail2ban-exporter", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "prometheus", "Kind": "Service", "Name": "node-exporter", "Metadata": [ {} ], "Results": [ { "Target": "Service/node-exporter", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "prometheus", "Kind": "Service", "Name": "prometheus", "Metadata": [ {} ], "Results": [ { "Target": "Service/prometheus", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "prometheus", "Kind": "ServiceAccount", "Name": "auth-exporter-sa", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/auth-exporter-sa", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "prometheus", "Kind": "ServiceAccount", "Name": "default", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/default", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "prometheus", "Kind": "ServiceAccount", "Name": "fail2ban-exporter", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/fail2ban-exporter", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "prometheus", "Kind": "ServiceAccount", "Name": "node-exporter", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/node-exporter", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "prometheus", "Kind": "ServiceAccount", "Name": "prometheus", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/prometheus", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "proxy", "Kind": "ConfigMap", "Name": "auth-script", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/auth-script", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 1 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0109", "Title": "ConfigMap with secrets", "Description": "Storing secrets in configMaps is unsafe", "Message": "ConfigMap 'auth-script' in 'proxy' namespace stores secrets in key(s) or value(s) '{\"EXPECTED_TOKEN \"}'", "Namespace": "builtin.kubernetes.KSV0109", "Query": "data.builtin.kubernetes.KSV0109.deny", "Resolution": "Remove password/secret from configMap data value", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0109", "References": [ "https://avd.aquasec.com/misconfig/ksv-0109" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general" } } ] } ] }, { "Namespace": "proxy", "Kind": "ConfigMap", "Name": "kube-root-ca.crt", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/kube-root-ca.crt", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "proxy", "Kind": "ConfigMap", "Name": "nginx-config", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/nginx-config", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "proxy", "Kind": "ConfigMap", "Name": "nginx-default-config", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/nginx-default-config", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "proxy", "Kind": "ConfigMap", "Name": "nginx-errors", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/nginx-errors", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "proxy", "Kind": "ConfigMap", "Name": "nginx-streams-config", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/nginx-streams-config", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "proxy", "Kind": "ConfigMap", "Name": "wireguard-config", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/wireguard-config", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 56, "Failures": 1 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-01010", "Title": "ConfigMap with sensitive content", "Description": "Storing sensitive content such as usernames and email addresses in configMaps is unsafe", "Message": "ConfigMap 'wireguard-config' in 'proxy' namespace stores sensitive contents in key(s) or value(s) '{\"PresharedKey \", \"PrivateKey \", \"PublicKey \"}'", "Namespace": "builtin.kubernetes.KSV01010", "Query": "data.builtin.kubernetes.KSV01010.deny", "Resolution": "Remove sensitive content from configMap data value", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-01010", "References": [ "https://avd.aquasec.com/misconfig/ksv-01010" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general" } } ] } ] }, { "Namespace": "proxy", "Kind": "Deployment", "Name": "proxy", "Metadata": [ {} ], "Results": [ { "Target": "Deployment/proxy", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 48, "Failures": 14 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0001", "Title": "Can elevate its own privileges", "Description": "A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node.", "Message": "Container 'wireguard' of Deployment 'proxy' should set 'securityContext.allowPrivilegeEscalation' to false", "Namespace": "builtin.kubernetes.KSV001", "Query": "data.builtin.kubernetes.KSV001.deny", "Resolution": "Set 'set containers[].securityContext.allowPrivilegeEscalation' to 'false'.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0001", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", "https://avd.aquasec.com/misconfig/ksv-0001" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 38, "EndLine": 83, "Code": { "Lines": [ { "Number": 38, "Content": " - env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 39, "Content": " - name: PUID", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: PUID", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " value: \"1000\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " - name: PGID", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: PGID", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " value: \"1000\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - name: TZ", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: TZ", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " value: Europe/Berlin", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: Europe/Berlin", "FirstCause": false, "LastCause": false }, { "Number": 45, "Content": " image: linuxserver/wireguard:1.0.20210914-r4-ls54", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: linuxserver/wireguard:1.0.20210914-r4-ls54", "FirstCause": false, "LastCause": false }, { "Number": 46, "Content": " imagePullPolicy: IfNotPresent", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", "FirstCause": false, "LastCause": true }, { "Number": 47, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0012", "Title": "Runs as root user", "Description": "Force the running image to run as a non-root user to ensure least privileges.", "Message": "Container 'proxy' of Deployment 'proxy' should set 'securityContext.runAsNonRoot' to true", "Namespace": "builtin.kubernetes.KSV012", "Query": "data.builtin.kubernetes.KSV012.deny", "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0012", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", "https://avd.aquasec.com/misconfig/ksv-0012" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 118, "EndLine": 210, "Code": { "Lines": [ { "Number": 118, "Content": " - image: nginx:stable-alpine", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: nginx:stable-alpine", "FirstCause": true, "LastCause": false }, { "Number": 119, "Content": " imagePullPolicy: IfNotPresent", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", "FirstCause": false, "LastCause": false }, { "Number": 120, "Content": " livenessProbe:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 121, "Content": " failureThreshold: 10", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfailureThreshold\u001b[0m: \u001b[38;5;37m10", "FirstCause": false, "LastCause": false }, { "Number": 122, "Content": " httpGet:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mhttpGet\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 123, "Content": " path: /health", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mpath\u001b[0m: /health", "FirstCause": false, "LastCause": false }, { "Number": 124, "Content": " port: 8888", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mport\u001b[0m: \u001b[38;5;37m8888", "FirstCause": false, "LastCause": false }, { "Number": 125, "Content": " scheme: HTTP", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mscheme\u001b[0m: HTTP", "FirstCause": false, "LastCause": false }, { "Number": 126, "Content": " initialDelaySeconds: 5", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33minitialDelaySeconds\u001b[0m: \u001b[38;5;37m5", "FirstCause": false, "LastCause": true }, { "Number": 127, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0012", "Title": "Runs as root user", "Description": "Force the running image to run as a non-root user to ensure least privileges.", "Message": "Container 'wireguard' of Deployment 'proxy' should set 'securityContext.runAsNonRoot' to true", "Namespace": "builtin.kubernetes.KSV012", "Query": "data.builtin.kubernetes.KSV012.deny", "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0012", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", "https://avd.aquasec.com/misconfig/ksv-0012" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 38, "EndLine": 83, "Code": { "Lines": [ { "Number": 38, "Content": " - env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 39, "Content": " - name: PUID", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: PUID", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " value: \"1000\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " - name: PGID", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: PGID", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " value: \"1000\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - name: TZ", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: TZ", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " value: Europe/Berlin", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: Europe/Berlin", "FirstCause": false, "LastCause": false }, { "Number": 45, "Content": " image: linuxserver/wireguard:1.0.20210914-r4-ls54", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: linuxserver/wireguard:1.0.20210914-r4-ls54", "FirstCause": false, "LastCause": false }, { "Number": 46, "Content": " imagePullPolicy: IfNotPresent", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", "FirstCause": false, "LastCause": true }, { "Number": 47, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0017", "Title": "Privileged", "Description": "Privileged containers share namespaces with the host system and do not offer any security. They should be used exclusively for system containers that require high privileges.", "Message": "Container 'wireguard' of Deployment 'proxy' should set 'securityContext.privileged' to false", "Namespace": "builtin.kubernetes.KSV017", "Query": "data.builtin.kubernetes.KSV017.deny", "Resolution": "Change 'containers[].securityContext.privileged' to 'false'.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0017", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0017" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 38, "EndLine": 83, "Code": { "Lines": [ { "Number": 38, "Content": " - env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 39, "Content": " - name: PUID", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: PUID", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " value: \"1000\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " - name: PGID", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: PGID", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " value: \"1000\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - name: TZ", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: TZ", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " value: Europe/Berlin", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: Europe/Berlin", "FirstCause": false, "LastCause": false }, { "Number": 45, "Content": " image: linuxserver/wireguard:1.0.20210914-r4-ls54", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: linuxserver/wireguard:1.0.20210914-r4-ls54", "FirstCause": false, "LastCause": false }, { "Number": 46, "Content": " imagePullPolicy: IfNotPresent", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", "FirstCause": false, "LastCause": true }, { "Number": 47, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0022", "Title": "Specific capabilities added", "Description": "According to pod security standard 'Capabilities', capabilities beyond the default set must not be added.", "Message": "Container 'wireguard' of Deployment 'proxy' should not set 'securityContext.capabilities.add'", "Namespace": "builtin.kubernetes.KSV022", "Query": "data.builtin.kubernetes.KSV022.deny", "Resolution": "Do not set spec.containers[*].securityContext.capabilities.add and spec.initContainers[*].securityContext.capabilities.add.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0022", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0022" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 38, "EndLine": 83, "Code": { "Lines": [ { "Number": 38, "Content": " - env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 39, "Content": " - name: PUID", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: PUID", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " value: \"1000\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " - name: PGID", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: PGID", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " value: \"1000\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - name: TZ", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: TZ", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " value: Europe/Berlin", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: Europe/Berlin", "FirstCause": false, "LastCause": false }, { "Number": 45, "Content": " image: linuxserver/wireguard:1.0.20210914-r4-ls54", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: linuxserver/wireguard:1.0.20210914-r4-ls54", "FirstCause": false, "LastCause": false }, { "Number": 46, "Content": " imagePullPolicy: IfNotPresent", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", "FirstCause": false, "LastCause": true }, { "Number": 47, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0023", "Title": "hostPath volumes mounted", "Description": "According to pod security standard 'HostPath Volumes', HostPath volumes must be forbidden.", "Message": "Deployment 'proxy' should not set 'spec.template.volumes.hostPath'", "Namespace": "builtin.kubernetes.KSV023", "Query": "data.builtin.kubernetes.KSV023.deny", "Resolution": "Do not set 'spec.volumes[*].hostPath'.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0023", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0023" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 13, "EndLine": 267, "Code": { "Lines": [ { "Number": 13, "Content": "spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 14, "Content": " progressDeadlineSeconds: 600", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mprogressDeadlineSeconds\u001b[0m: \u001b[38;5;37m600", "FirstCause": false, "LastCause": false }, { "Number": 15, "Content": " replicas: 1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mreplicas\u001b[0m: \u001b[38;5;37m1", "FirstCause": false, "LastCause": false }, { "Number": 16, "Content": " revisionHistoryLimit: 10", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mrevisionHistoryLimit\u001b[0m: \u001b[38;5;37m10", "FirstCause": false, "LastCause": false }, { "Number": 17, "Content": " selector:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mselector\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 18, "Content": " matchLabels:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mmatchLabels\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 19, "Content": " app: proxy", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mapp\u001b[0m: proxy", "FirstCause": false, "LastCause": false }, { "Number": 20, "Content": " strategy:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mstrategy\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 21, "Content": " type: Recreate", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mtype\u001b[0m: Recreate", "FirstCause": false, "LastCause": true }, { "Number": 22, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0024", "Title": "Access to host ports", "Description": "According to pod security standard 'Host Ports', hostPorts should be disallowed, or at minimum restricted to a known list.", "Message": "Container 'proxy' of Deployment 'proxy' should not set host ports, 'ports[*].hostPort'", "Namespace": "builtin.kubernetes.KSV024", "Query": "data.builtin.kubernetes.KSV024.deny", "Resolution": "Do not set spec.containers[*].ports[*].hostPort and spec.initContainers[*].ports[*].hostPort.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0024", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0024" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 84, "EndLine": 117, "Code": { "Lines": [ { "Number": 84, "Content": " - command:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcommand\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 85, "Content": " - python", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - python", "FirstCause": false, "LastCause": false }, { "Number": 86, "Content": " - /app/auth_server.py", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /app/auth_server.py", "FirstCause": false, "LastCause": false }, { "Number": 87, "Content": " env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 88, "Content": " - name: AUTH_TOKEN", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: AUTH_TOKEN", "FirstCause": false, "LastCause": false }, { "Number": 89, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 90, "Content": " secretKeyRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 91, "Content": " key: token", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mkey\u001b[0m: token", "FirstCause": false, "LastCause": false }, { "Number": 92, "Content": " name: auth-token-secret", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: auth-token-secret", "FirstCause": false, "LastCause": true }, { "Number": 93, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0024", "Title": "Access to host ports", "Description": "According to pod security standard 'Host Ports', hostPorts should be disallowed, or at minimum restricted to a known list.", "Message": "Container 'proxy' of Deployment 'proxy' should not set host ports, 'ports[*].hostPort'", "Namespace": "builtin.kubernetes.KSV024", "Query": "data.builtin.kubernetes.KSV024.deny", "Resolution": "Do not set spec.containers[*].ports[*].hostPort and spec.initContainers[*].ports[*].hostPort.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0024", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0024" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 38, "EndLine": 83, "Code": { "Lines": [ { "Number": 38, "Content": " - env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 39, "Content": " - name: PUID", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: PUID", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " value: \"1000\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " - name: PGID", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: PGID", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " value: \"1000\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - name: TZ", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: TZ", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " value: Europe/Berlin", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: Europe/Berlin", "FirstCause": false, "LastCause": false }, { "Number": 45, "Content": " image: linuxserver/wireguard:1.0.20210914-r4-ls54", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: linuxserver/wireguard:1.0.20210914-r4-ls54", "FirstCause": false, "LastCause": false }, { "Number": 46, "Content": " imagePullPolicy: IfNotPresent", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", "FirstCause": false, "LastCause": true }, { "Number": 47, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0024", "Title": "Access to host ports", "Description": "According to pod security standard 'Host Ports', hostPorts should be disallowed, or at minimum restricted to a known list.", "Message": "Container 'proxy' of Deployment 'proxy' should not set host ports, 'ports[*].hostPort'", "Namespace": "builtin.kubernetes.KSV024", "Query": "data.builtin.kubernetes.KSV024.deny", "Resolution": "Do not set spec.containers[*].ports[*].hostPort and spec.initContainers[*].ports[*].hostPort.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0024", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0024" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 118, "EndLine": 210, "Code": { "Lines": [ { "Number": 118, "Content": " - image: nginx:stable-alpine", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: nginx:stable-alpine", "FirstCause": true, "LastCause": false }, { "Number": 119, "Content": " imagePullPolicy: IfNotPresent", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", "FirstCause": false, "LastCause": false }, { "Number": 120, "Content": " livenessProbe:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 121, "Content": " failureThreshold: 10", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfailureThreshold\u001b[0m: \u001b[38;5;37m10", "FirstCause": false, "LastCause": false }, { "Number": 122, "Content": " httpGet:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mhttpGet\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 123, "Content": " path: /health", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mpath\u001b[0m: /health", "FirstCause": false, "LastCause": false }, { "Number": 124, "Content": " port: 8888", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mport\u001b[0m: \u001b[38;5;37m8888", "FirstCause": false, "LastCause": false }, { "Number": 125, "Content": " scheme: HTTP", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mscheme\u001b[0m: HTTP", "FirstCause": false, "LastCause": false }, { "Number": 126, "Content": " initialDelaySeconds: 5", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33minitialDelaySeconds\u001b[0m: \u001b[38;5;37m5", "FirstCause": false, "LastCause": true }, { "Number": 127, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0104", "Title": "Seccomp policies disabled", "Description": "A program inside the container can bypass Seccomp protection policies.", "Message": "container \"auth-sidecar\" of deployment \"proxy\" in \"proxy\" namespace should specify a seccomp profile", "Namespace": "builtin.kubernetes.KSV104", "Query": "data.builtin.kubernetes.KSV104.deny", "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0104" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 84, "EndLine": 117, "Code": { "Lines": [ { "Number": 84, "Content": " - command:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcommand\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 85, "Content": " - python", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - python", "FirstCause": false, "LastCause": false }, { "Number": 86, "Content": " - /app/auth_server.py", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /app/auth_server.py", "FirstCause": false, "LastCause": false }, { "Number": 87, "Content": " env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 88, "Content": " - name: AUTH_TOKEN", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: AUTH_TOKEN", "FirstCause": false, "LastCause": false }, { "Number": 89, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 90, "Content": " secretKeyRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33msecretKeyRef\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 91, "Content": " key: token", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mkey\u001b[0m: token", "FirstCause": false, "LastCause": false }, { "Number": 92, "Content": " name: auth-token-secret", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: auth-token-secret", "FirstCause": false, "LastCause": true }, { "Number": 93, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0104", "Title": "Seccomp policies disabled", "Description": "A program inside the container can bypass Seccomp protection policies.", "Message": "container \"proxy\" of deployment \"proxy\" in \"proxy\" namespace should specify a seccomp profile", "Namespace": "builtin.kubernetes.KSV104", "Query": "data.builtin.kubernetes.KSV104.deny", "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0104" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 118, "EndLine": 210, "Code": { "Lines": [ { "Number": 118, "Content": " - image: nginx:stable-alpine", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: nginx:stable-alpine", "FirstCause": true, "LastCause": false }, { "Number": 119, "Content": " imagePullPolicy: IfNotPresent", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", "FirstCause": false, "LastCause": false }, { "Number": 120, "Content": " livenessProbe:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 121, "Content": " failureThreshold: 10", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfailureThreshold\u001b[0m: \u001b[38;5;37m10", "FirstCause": false, "LastCause": false }, { "Number": 122, "Content": " httpGet:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mhttpGet\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 123, "Content": " path: /health", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mpath\u001b[0m: /health", "FirstCause": false, "LastCause": false }, { "Number": 124, "Content": " port: 8888", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mport\u001b[0m: \u001b[38;5;37m8888", "FirstCause": false, "LastCause": false }, { "Number": 125, "Content": " scheme: HTTP", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mscheme\u001b[0m: HTTP", "FirstCause": false, "LastCause": false }, { "Number": 126, "Content": " initialDelaySeconds: 5", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33minitialDelaySeconds\u001b[0m: \u001b[38;5;37m5", "FirstCause": false, "LastCause": true }, { "Number": 127, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0104", "Title": "Seccomp policies disabled", "Description": "A program inside the container can bypass Seccomp protection policies.", "Message": "container \"wireguard\" of deployment \"proxy\" in \"proxy\" namespace should specify a seccomp profile", "Namespace": "builtin.kubernetes.KSV104", "Query": "data.builtin.kubernetes.KSV104.deny", "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0104" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 38, "EndLine": 83, "Code": { "Lines": [ { "Number": 38, "Content": " - env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 39, "Content": " - name: PUID", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: PUID", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " value: \"1000\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " - name: PGID", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: PGID", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " value: \"1000\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - name: TZ", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: TZ", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " value: Europe/Berlin", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: Europe/Berlin", "FirstCause": false, "LastCause": false }, { "Number": 45, "Content": " image: linuxserver/wireguard:1.0.20210914-r4-ls54", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: linuxserver/wireguard:1.0.20210914-r4-ls54", "FirstCause": false, "LastCause": false }, { "Number": 46, "Content": " imagePullPolicy: IfNotPresent", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", "FirstCause": false, "LastCause": true }, { "Number": 47, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0118", "Title": "Default security context configured", "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", "Message": "deployment proxy in proxy namespace is using the default security context, which allows root privileges", "Namespace": "builtin.kubernetes.KSV118", "Query": "data.builtin.kubernetes.KSV118.deny", "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", "References": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://avd.aquasec.com/misconfig/ksv-0118" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 35, "EndLine": 267, "Code": { "Lines": [ { "Number": 35, "Content": " spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 36, "Content": " automountServiceAccountToken: true", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mautomountServiceAccountToken\u001b[0m: \u001b[38;5;166mtrue", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " containers:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mcontainers\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " - env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " - name: PUID", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: PUID", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " value: \"1000\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " - name: PGID", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: PGID", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " value: \"1000\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - name: TZ", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: TZ", "FirstCause": false, "LastCause": true }, { "Number": 44, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0125", "Title": "Restrict container images to trusted registries", "Description": "Ensure that all containers use images only from trusted registry domains.", "Message": "Container wireguard in deployment proxy (namespace: proxy) uses an image from an untrusted registry.", "Namespace": "builtin.kubernetes.KSV0125", "Query": "data.builtin.kubernetes.KSV0125.deny", "Resolution": "Use images from trusted registries.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", "References": [ "https://cloud.google.com/container-registry/docs/overview#registries", "https://docs.aws.amazon.com/general/latest/gr/ecr.html", "https://avd.aquasec.com/misconfig/ksv-0125" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 38, "EndLine": 83, "Code": { "Lines": [ { "Number": 38, "Content": " - env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menv\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 39, "Content": " - name: PUID", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: PUID", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " value: \"1000\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " - name: PGID", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: PGID", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " value: \"1000\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"1000\"", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " - name: TZ", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: TZ", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " value: Europe/Berlin", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: Europe/Berlin", "FirstCause": false, "LastCause": false }, { "Number": 45, "Content": " image: linuxserver/wireguard:1.0.20210914-r4-ls54", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimage\u001b[0m: linuxserver/wireguard:1.0.20210914-r4-ls54", "FirstCause": false, "LastCause": false }, { "Number": 46, "Content": " imagePullPolicy: IfNotPresent", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: IfNotPresent", "FirstCause": false, "LastCause": true }, { "Number": 47, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } } ] } ] }, { "Namespace": "proxy", "Kind": "Ingress", "Name": "nextcloud", "Metadata": [ {} ], "Results": [ { "Target": "Ingress/nextcloud", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "proxy", "Kind": "Ingress", "Name": "open-webui", "Metadata": [ {} ], "Results": [ { "Target": "Ingress/open-webui", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "proxy", "Kind": "Service", "Name": "nextcloud", "Metadata": [ {} ], "Results": [ { "Target": "Service/nextcloud", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "proxy", "Kind": "Service", "Name": "ollama", "Metadata": [ {} ], "Results": [ { "Target": "Service/ollama", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "proxy", "Kind": "Service", "Name": "open-webui", "Metadata": [ {} ], "Results": [ { "Target": "Service/open-webui", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "proxy", "Kind": "Service", "Name": "stream-21115-tc", "Metadata": [ {} ], "Results": [ { "Target": "Service/stream-21115-tc", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "proxy", "Kind": "Service", "Name": "stream-21116-tc", "Metadata": [ {} ], "Results": [ { "Target": "Service/stream-21116-tc", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "proxy", "Kind": "Service", "Name": "stream-21116-ud", "Metadata": [ {} ], "Results": [ { "Target": "Service/stream-21116-ud", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "proxy", "Kind": "Service", "Name": "stream-21117-tc", "Metadata": [ {} ], "Results": [ { "Target": "Service/stream-21117-tc", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "proxy", "Kind": "Service", "Name": "stream-9090-tcp", "Metadata": [ {} ], "Results": [ { "Target": "Service/stream-9090-tcp", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "proxy", "Kind": "ServiceAccount", "Name": "default", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/default", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "proxy", "Kind": "ServiceAccount", "Name": "proxy-app-sa", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/proxy-app-sa", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "rustdesk", "Kind": "ConfigMap", "Name": "kube-root-ca.crt", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/kube-root-ca.crt", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "rustdesk", "Kind": "ConfigMap", "Name": "rustdesk-config", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/rustdesk-config", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "rustdesk", "Kind": "Deployment", "Name": "rustdesk", "Metadata": [ {} ], "Results": [ { "Target": "Deployment/rustdesk", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 51, "Failures": 6 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0012", "Title": "Runs as root user", "Description": "Force the running image to run as a non-root user to ensure least privileges.", "Message": "Container 'rustdesk-container' of Deployment 'rustdesk' should set 'securityContext.runAsNonRoot' to true", "Namespace": "builtin.kubernetes.KSV012", "Query": "data.builtin.kubernetes.KSV012.deny", "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0012", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", "https://avd.aquasec.com/misconfig/ksv-0012" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 34, "EndLine": 78, "Code": { "Lines": [ { "Number": 34, "Content": " - envFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menvFrom\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 35, "Content": " - configMapRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mconfigMapRef\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " name: rustdesk-config", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: rustdesk-config", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " optional: false", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33moptional\u001b[0m: \u001b[38;5;166mfalse", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " image: rustdesk/rustdesk-server-s6:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mimage\u001b[0m: rustdesk/rustdesk-server-s6:latest", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " imagePullPolicy: Always", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " name: rustdesk-container", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: rustdesk-container", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " ports:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mports\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " - containerPort: 21115", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m21115", "FirstCause": false, "LastCause": true }, { "Number": 43, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0013", "Title": "Image tag \":latest\" used", "Description": "It is best to avoid using the ':latest' image tag when deploying containers in production. Doing so makes it hard to track which version of the image is running, and hard to roll back the version.", "Message": "Container 'rustdesk-container' of Deployment 'rustdesk' should specify an image tag", "Namespace": "builtin.kubernetes.KSV013", "Query": "data.builtin.kubernetes.KSV013.deny", "Resolution": "Use a specific container image tag that is not 'latest'.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0013", "References": [ "https://kubernetes.io/docs/concepts/configuration/overview/#container-images", "https://avd.aquasec.com/misconfig/ksv-0013" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 34, "EndLine": 78, "Code": { "Lines": [ { "Number": 34, "Content": " - envFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menvFrom\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 35, "Content": " - configMapRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mconfigMapRef\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " name: rustdesk-config", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: rustdesk-config", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " optional: false", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33moptional\u001b[0m: \u001b[38;5;166mfalse", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " image: rustdesk/rustdesk-server-s6:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mimage\u001b[0m: rustdesk/rustdesk-server-s6:latest", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " imagePullPolicy: Always", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " name: rustdesk-container", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: rustdesk-container", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " ports:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mports\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " - containerPort: 21115", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m21115", "FirstCause": false, "LastCause": true }, { "Number": 43, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0023", "Title": "hostPath volumes mounted", "Description": "According to pod security standard 'HostPath Volumes', HostPath volumes must be forbidden.", "Message": "Deployment 'rustdesk' should not set 'spec.template.volumes.hostPath'", "Namespace": "builtin.kubernetes.KSV023", "Query": "data.builtin.kubernetes.KSV023.deny", "Resolution": "Do not set 'spec.volumes[*].hostPath'.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0023", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0023" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 14, "EndLine": 100, "Code": { "Lines": [ { "Number": 14, "Content": "spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 15, "Content": " progressDeadlineSeconds: 600", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mprogressDeadlineSeconds\u001b[0m: \u001b[38;5;37m600", "FirstCause": false, "LastCause": false }, { "Number": 16, "Content": " replicas: 1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mreplicas\u001b[0m: \u001b[38;5;37m1", "FirstCause": false, "LastCause": false }, { "Number": 17, "Content": " revisionHistoryLimit: 10", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mrevisionHistoryLimit\u001b[0m: \u001b[38;5;37m10", "FirstCause": false, "LastCause": false }, { "Number": 18, "Content": " selector:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mselector\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 19, "Content": " matchLabels:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mmatchLabels\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 20, "Content": " app: rustdesk-app", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mapp\u001b[0m: rustdesk-app", "FirstCause": false, "LastCause": false }, { "Number": 21, "Content": " strategy:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mstrategy\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 22, "Content": " rollingUpdate:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mrollingUpdate\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 23, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0104", "Title": "Seccomp policies disabled", "Description": "A program inside the container can bypass Seccomp protection policies.", "Message": "container \"rustdesk-container\" of deployment \"rustdesk\" in \"rustdesk\" namespace should specify a seccomp profile", "Namespace": "builtin.kubernetes.KSV104", "Query": "data.builtin.kubernetes.KSV104.deny", "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0104" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 34, "EndLine": 78, "Code": { "Lines": [ { "Number": 34, "Content": " - envFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menvFrom\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 35, "Content": " - configMapRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mconfigMapRef\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " name: rustdesk-config", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: rustdesk-config", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " optional: false", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33moptional\u001b[0m: \u001b[38;5;166mfalse", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " image: rustdesk/rustdesk-server-s6:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mimage\u001b[0m: rustdesk/rustdesk-server-s6:latest", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " imagePullPolicy: Always", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " name: rustdesk-container", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: rustdesk-container", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " ports:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mports\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " - containerPort: 21115", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m21115", "FirstCause": false, "LastCause": true }, { "Number": 43, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0118", "Title": "Default security context configured", "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", "Message": "deployment rustdesk in rustdesk namespace is using the default security context, which allows root privileges", "Namespace": "builtin.kubernetes.KSV118", "Query": "data.builtin.kubernetes.KSV118.deny", "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", "References": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://avd.aquasec.com/misconfig/ksv-0118" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 31, "EndLine": 100, "Code": { "Lines": [ { "Number": 31, "Content": " spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 32, "Content": " automountServiceAccountToken: false", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mautomountServiceAccountToken\u001b[0m: \u001b[38;5;166mfalse", "FirstCause": false, "LastCause": false }, { "Number": 33, "Content": " containers:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mcontainers\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " - envFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menvFrom\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " - configMapRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mconfigMapRef\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " name: rustdesk-config", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: rustdesk-config", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " optional: false", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33moptional\u001b[0m: \u001b[38;5;166mfalse", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " image: rustdesk/rustdesk-server-s6:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mimage\u001b[0m: rustdesk/rustdesk-server-s6:latest", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " imagePullPolicy: Always", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", "FirstCause": false, "LastCause": true }, { "Number": 40, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0125", "Title": "Restrict container images to trusted registries", "Description": "Ensure that all containers use images only from trusted registry domains.", "Message": "Container rustdesk-container in deployment rustdesk (namespace: rustdesk) uses an image from an untrusted registry.", "Namespace": "builtin.kubernetes.KSV0125", "Query": "data.builtin.kubernetes.KSV0125.deny", "Resolution": "Use images from trusted registries.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", "References": [ "https://cloud.google.com/container-registry/docs/overview#registries", "https://docs.aws.amazon.com/general/latest/gr/ecr.html", "https://avd.aquasec.com/misconfig/ksv-0125" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 34, "EndLine": 78, "Code": { "Lines": [ { "Number": 34, "Content": " - envFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33menvFrom\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 35, "Content": " - configMapRef:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mconfigMapRef\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " name: rustdesk-config", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: rustdesk-config", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " optional: false", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33moptional\u001b[0m: \u001b[38;5;166mfalse", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " image: rustdesk/rustdesk-server-s6:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mimage\u001b[0m: rustdesk/rustdesk-server-s6:latest", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " imagePullPolicy: Always", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " name: rustdesk-container", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mname\u001b[0m: rustdesk-container", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " ports:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mports\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " - containerPort: 21115", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcontainerPort\u001b[0m: \u001b[38;5;37m21115", "FirstCause": false, "LastCause": true }, { "Number": 43, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } } ] } ] }, { "Namespace": "rustdesk", "Kind": "Service", "Name": "tcp", "Metadata": [ {} ], "Results": [ { "Target": "Service/tcp", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "rustdesk", "Kind": "Service", "Name": "udp", "Metadata": [ {} ], "Results": [ { "Target": "Service/udp", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "rustdesk", "Kind": "ServiceAccount", "Name": "default", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/default", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "rustdesk", "Kind": "ServiceAccount", "Name": "rustdesk-app-sa", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/rustdesk-app-sa", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "ssh-locker-web", "Kind": "ConfigMap", "Name": "kube-root-ca.crt", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/kube-root-ca.crt", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "ssh-locker-web", "Kind": "Deployment", "Name": "backend", "Metadata": [ {} ], "Results": [ { "Target": "Deployment/backend", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 53, "Failures": 4 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0013", "Title": "Image tag \":latest\" used", "Description": "It is best to avoid using the ':latest' image tag when deploying containers in production. Doing so makes it hard to track which version of the image is running, and hard to roll back the version.", "Message": "Container 'backend' of Deployment 'backend' should specify an image tag", "Namespace": "builtin.kubernetes.KSV013", "Query": "data.builtin.kubernetes.KSV013.deny", "Resolution": "Use a specific container image tag that is not 'latest'.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0013", "References": [ "https://kubernetes.io/docs/concepts/configuration/overview/#container-images", "https://avd.aquasec.com/misconfig/ksv-0013" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 35, "EndLine": 76, "Code": { "Lines": [ { "Number": 35, "Content": " - image: a13labs/ssh_locker_web:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: a13labs/ssh_locker_web:latest", "FirstCause": true, "LastCause": false }, { "Number": 36, "Content": " imagePullPolicy: Always", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " livenessProbe:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " failureThreshold: 3", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfailureThreshold\u001b[0m: \u001b[38;5;37m3", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " periodSeconds: 10", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mperiodSeconds\u001b[0m: \u001b[38;5;37m10", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " successThreshold: 1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33msuccessThreshold\u001b[0m: \u001b[38;5;37m1", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " tcpSocket:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mtcpSocket\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " port: 8443", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mport\u001b[0m: \u001b[38;5;37m8443", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " timeoutSeconds: 1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mtimeoutSeconds\u001b[0m: \u001b[38;5;37m1", "FirstCause": false, "LastCause": true }, { "Number": 44, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0023", "Title": "hostPath volumes mounted", "Description": "According to pod security standard 'HostPath Volumes', HostPath volumes must be forbidden.", "Message": "Deployment 'backend' should not set 'spec.template.volumes.hostPath'", "Namespace": "builtin.kubernetes.KSV023", "Query": "data.builtin.kubernetes.KSV023.deny", "Resolution": "Do not set 'spec.volumes[*].hostPath'.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0023", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0023" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 15, "EndLine": 112, "Code": { "Lines": [ { "Number": 15, "Content": "spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 16, "Content": " progressDeadlineSeconds: 600", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mprogressDeadlineSeconds\u001b[0m: \u001b[38;5;37m600", "FirstCause": false, "LastCause": false }, { "Number": 17, "Content": " replicas: 1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mreplicas\u001b[0m: \u001b[38;5;37m1", "FirstCause": false, "LastCause": false }, { "Number": 18, "Content": " revisionHistoryLimit: 10", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mrevisionHistoryLimit\u001b[0m: \u001b[38;5;37m10", "FirstCause": false, "LastCause": false }, { "Number": 19, "Content": " selector:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mselector\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 20, "Content": " matchLabels:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mmatchLabels\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 21, "Content": " app: backend", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mapp\u001b[0m: backend", "FirstCause": false, "LastCause": false }, { "Number": 22, "Content": " strategy:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mstrategy\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 23, "Content": " rollingUpdate:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mrollingUpdate\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 24, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0104", "Title": "Seccomp policies disabled", "Description": "A program inside the container can bypass Seccomp protection policies.", "Message": "container \"backend\" of deployment \"backend\" in \"ssh-locker-web\" namespace should specify a seccomp profile", "Namespace": "builtin.kubernetes.KSV104", "Query": "data.builtin.kubernetes.KSV104.deny", "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0104" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 35, "EndLine": 76, "Code": { "Lines": [ { "Number": 35, "Content": " - image: a13labs/ssh_locker_web:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: a13labs/ssh_locker_web:latest", "FirstCause": true, "LastCause": false }, { "Number": 36, "Content": " imagePullPolicy: Always", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " livenessProbe:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " failureThreshold: 3", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfailureThreshold\u001b[0m: \u001b[38;5;37m3", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " periodSeconds: 10", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mperiodSeconds\u001b[0m: \u001b[38;5;37m10", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " successThreshold: 1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33msuccessThreshold\u001b[0m: \u001b[38;5;37m1", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " tcpSocket:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mtcpSocket\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " port: 8443", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mport\u001b[0m: \u001b[38;5;37m8443", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " timeoutSeconds: 1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mtimeoutSeconds\u001b[0m: \u001b[38;5;37m1", "FirstCause": false, "LastCause": true }, { "Number": 44, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0125", "Title": "Restrict container images to trusted registries", "Description": "Ensure that all containers use images only from trusted registry domains.", "Message": "Container backend in deployment backend (namespace: ssh-locker-web) uses an image from an untrusted registry.", "Namespace": "builtin.kubernetes.KSV0125", "Query": "data.builtin.kubernetes.KSV0125.deny", "Resolution": "Use images from trusted registries.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", "References": [ "https://cloud.google.com/container-registry/docs/overview#registries", "https://docs.aws.amazon.com/general/latest/gr/ecr.html", "https://avd.aquasec.com/misconfig/ksv-0125" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 35, "EndLine": 76, "Code": { "Lines": [ { "Number": 35, "Content": " - image: a13labs/ssh_locker_web:latest", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: a13labs/ssh_locker_web:latest", "FirstCause": true, "LastCause": false }, { "Number": 36, "Content": " imagePullPolicy: Always", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " livenessProbe:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " failureThreshold: 3", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfailureThreshold\u001b[0m: \u001b[38;5;37m3", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " periodSeconds: 10", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mperiodSeconds\u001b[0m: \u001b[38;5;37m10", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " successThreshold: 1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33msuccessThreshold\u001b[0m: \u001b[38;5;37m1", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " tcpSocket:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mtcpSocket\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " port: 8443", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mport\u001b[0m: \u001b[38;5;37m8443", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " timeoutSeconds: 1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mtimeoutSeconds\u001b[0m: \u001b[38;5;37m1", "FirstCause": false, "LastCause": true }, { "Number": 44, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } } ] } ] }, { "Namespace": "ssh-locker-web", "Kind": "Service", "Name": "backend", "Metadata": [ {} ], "Results": [ { "Target": "Service/backend", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "ssh-locker-web", "Kind": "ServiceAccount", "Name": "default", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/default", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "ssh-locker-web", "Kind": "ServiceAccount", "Name": "ssh-locker-web", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/ssh-locker-web", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "trivy", "Kind": "ConfigMap", "Name": "kube-root-ca.crt", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/kube-root-ca.crt", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "trivy", "Kind": "ConfigMap", "Name": "trivy-scripts", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/trivy-scripts", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 55, "Failures": 2 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-01010", "Title": "ConfigMap with sensitive content", "Description": "Storing sensitive content such as usernames and email addresses in configMaps is unsafe", "Message": "ConfigMap 'trivy-scripts' in 'trivy' namespace stores sensitive contents in key(s) or value(s) '{\" msg[\\\"From\\\"] \", \" msg[\\\"To\\\"] \"}'", "Namespace": "builtin.kubernetes.KSV01010", "Query": "data.builtin.kubernetes.KSV01010.deny", "Resolution": "Remove sensitive content from configMap data value", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-01010", "References": [ "https://avd.aquasec.com/misconfig/ksv-01010" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general" } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0109", "Title": "ConfigMap with secrets", "Description": "Storing secrets in configMaps is unsafe", "Message": "ConfigMap 'trivy-scripts' in 'trivy' namespace stores secrets in key(s) or value(s) '{\" smtp_pass \"}'", "Namespace": "builtin.kubernetes.KSV0109", "Query": "data.builtin.kubernetes.KSV0109.deny", "Resolution": "Remove password/secret from configMap data value", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0109", "References": [ "https://avd.aquasec.com/misconfig/ksv-0109" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general" } } ] } ] }, { "Namespace": "trivy", "Kind": "CronJob", "Name": "trivy-scan", "Metadata": [ {} ], "Results": [ { "Target": "CronJob/trivy-scan", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 53, "Failures": 5 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0013", "Title": "Image tag \":latest\" used", "Description": "It is best to avoid using the ':latest' image tag when deploying containers in production. Doing so makes it hard to track which version of the image is running, and hard to roll back the version.", "Message": "Container 'trivy' of CronJob 'trivy-scan' should specify an image tag", "Namespace": "builtin.kubernetes.KSV013", "Query": "data.builtin.kubernetes.KSV013.deny", "Resolution": "Use a specific container image tag that is not 'latest'.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0013", "References": [ "https://kubernetes.io/docs/concepts/configuration/overview/#container-images", "https://avd.aquasec.com/misconfig/ksv-0013" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 31, "EndLine": 59, "Code": { "Lines": [ { "Number": 31, "Content": " - command:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcommand\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 32, "Content": " - /bin/sh", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /bin/sh", "FirstCause": false, "LastCause": false }, { "Number": 33, "Content": " - -c", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - -c", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " - /scripts/generate_report.sh", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /scripts/generate_report.sh", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " - name: REPORT_TYPE", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: REPORT_TYPE", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " value: all", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: all", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " - name: LEVELS", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: LEVELS", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " value: HIGH,CRITICAL", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: HIGH,CRITICAL", "FirstCause": false, "LastCause": true }, { "Number": 40, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0104", "Title": "Seccomp policies disabled", "Description": "A program inside the container can bypass Seccomp protection policies.", "Message": "container \"send-report\" of cronjob \"trivy-scan\" in \"trivy\" namespace should specify a seccomp profile", "Namespace": "builtin.kubernetes.KSV104", "Query": "data.builtin.kubernetes.KSV104.deny", "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0104" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 60, "EndLine": 102, "Code": { "Lines": [ { "Number": 60, "Content": " - args:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33margs\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 61, "Content": " - /scripts/send_report.py", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /scripts/send_report.py", "FirstCause": false, "LastCause": false }, { "Number": 62, "Content": " env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 63, "Content": " - name: SMTP_HOST", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: SMTP_HOST", "FirstCause": false, "LastCause": false }, { "Number": 64, "Content": " value: smtp.tem.scw.cloud", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: smtp.tem.scw.cloud", "FirstCause": false, "LastCause": false }, { "Number": 65, "Content": " - name: SMTP_PORT", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: SMTP_PORT", "FirstCause": false, "LastCause": false }, { "Number": 66, "Content": " value: \"587\"", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: \u001b[38;5;37m\"587\"", "FirstCause": false, "LastCause": false }, { "Number": 67, "Content": " - name: SMTP_USER", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m - \u001b[38;5;33mname\u001b[0m: SMTP_USER", "FirstCause": false, "LastCause": false }, { "Number": 68, "Content": " valueFrom:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalueFrom\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 69, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0104", "Title": "Seccomp policies disabled", "Description": "A program inside the container can bypass Seccomp protection policies.", "Message": "container \"trivy\" of cronjob \"trivy-scan\" in \"trivy\" namespace should specify a seccomp profile", "Namespace": "builtin.kubernetes.KSV104", "Query": "data.builtin.kubernetes.KSV104.deny", "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0104" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 31, "EndLine": 59, "Code": { "Lines": [ { "Number": 31, "Content": " - command:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcommand\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 32, "Content": " - /bin/sh", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /bin/sh", "FirstCause": false, "LastCause": false }, { "Number": 33, "Content": " - -c", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - -c", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " - /scripts/generate_report.sh", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /scripts/generate_report.sh", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " - name: REPORT_TYPE", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: REPORT_TYPE", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " value: all", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: all", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " - name: LEVELS", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: LEVELS", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " value: HIGH,CRITICAL", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: HIGH,CRITICAL", "FirstCause": false, "LastCause": true }, { "Number": 40, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0118", "Title": "Default security context configured", "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", "Message": "cronjob trivy-scan in trivy namespace is using the default security context, which allows root privileges", "Namespace": "builtin.kubernetes.KSV118", "Query": "data.builtin.kubernetes.KSV118.deny", "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", "References": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://avd.aquasec.com/misconfig/ksv-0118" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 28, "EndLine": 119, "Code": { "Lines": [ { "Number": 28, "Content": " spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 29, "Content": " automountServiceAccountToken: true", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mautomountServiceAccountToken\u001b[0m: \u001b[38;5;166mtrue", "FirstCause": false, "LastCause": false }, { "Number": 30, "Content": " containers:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mcontainers\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 31, "Content": " - command:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcommand\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 32, "Content": " - /bin/sh", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /bin/sh", "FirstCause": false, "LastCause": false }, { "Number": 33, "Content": " - -c", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - -c", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " - /scripts/generate_report.sh", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /scripts/generate_report.sh", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " - name: REPORT_TYPE", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: REPORT_TYPE", "FirstCause": false, "LastCause": true }, { "Number": 37, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0125", "Title": "Restrict container images to trusted registries", "Description": "Ensure that all containers use images only from trusted registry domains.", "Message": "Container trivy in cronjob trivy-scan (namespace: trivy) uses an image from an untrusted registry.", "Namespace": "builtin.kubernetes.KSV0125", "Query": "data.builtin.kubernetes.KSV0125.deny", "Resolution": "Use images from trusted registries.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0125", "References": [ "https://cloud.google.com/container-registry/docs/overview#registries", "https://docs.aws.amazon.com/general/latest/gr/ecr.html", "https://avd.aquasec.com/misconfig/ksv-0125" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 31, "EndLine": 59, "Code": { "Lines": [ { "Number": 31, "Content": " - command:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mcommand\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 32, "Content": " - /bin/sh", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /bin/sh", "FirstCause": false, "LastCause": false }, { "Number": 33, "Content": " - -c", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - -c", "FirstCause": false, "LastCause": false }, { "Number": 34, "Content": " - /scripts/generate_report.sh", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - /scripts/generate_report.sh", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " env:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33menv\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " - name: REPORT_TYPE", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: REPORT_TYPE", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " value: all", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: all", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " - name: LEVELS", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mname\u001b[0m: LEVELS", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " value: HIGH,CRITICAL", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mvalue\u001b[0m: HIGH,CRITICAL", "FirstCause": false, "LastCause": true }, { "Number": 40, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } } ] } ] }, { "Namespace": "trivy", "Kind": "ServiceAccount", "Name": "default", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/default", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "trivy", "Kind": "ServiceAccount", "Name": "trivy", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/trivy", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "website", "Kind": "ConfigMap", "Name": "kube-root-ca.crt", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/kube-root-ca.crt", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "website", "Kind": "ConfigMap", "Name": "nginx-config", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/nginx-config", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "website", "Kind": "ConfigMap", "Name": "website-alexpires-me-default", "Metadata": [ {} ], "Results": [ { "Target": "ConfigMap/website-alexpires-me-default", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "website", "Kind": "Deployment", "Name": "website-app", "Metadata": [ {} ], "Results": [ { "Target": "Deployment/website-app", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 53, "Failures": 4 }, "Misconfigurations": [ { "Type": "Kubernetes Security Check", "ID": "KSV-0012", "Title": "Runs as root user", "Description": "Force the running image to run as a non-root user to ensure least privileges.", "Message": "Container 'website' of Deployment 'website-app' should set 'securityContext.runAsNonRoot' to true", "Namespace": "builtin.kubernetes.KSV012", "Query": "data.builtin.kubernetes.KSV012.deny", "Resolution": "Set 'containers[].securityContext.runAsNonRoot' to true.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0012", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted", "https://avd.aquasec.com/misconfig/ksv-0012" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 36, "EndLine": 101, "Code": { "Lines": [ { "Number": 36, "Content": " - image: nginx:stable-alpine", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: nginx:stable-alpine", "FirstCause": true, "LastCause": false }, { "Number": 37, "Content": " imagePullPolicy: Always", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " livenessProbe:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " failureThreshold: 3", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfailureThreshold\u001b[0m: \u001b[38;5;37m3", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " httpGet:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mhttpGet\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " path: /", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mpath\u001b[0m: /", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " port: 8080", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mport\u001b[0m: \u001b[38;5;37m8080", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " scheme: HTTP", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mscheme\u001b[0m: HTTP", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " initialDelaySeconds: 5", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33minitialDelaySeconds\u001b[0m: \u001b[38;5;37m5", "FirstCause": false, "LastCause": true }, { "Number": 45, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0023", "Title": "hostPath volumes mounted", "Description": "According to pod security standard 'HostPath Volumes', HostPath volumes must be forbidden.", "Message": "Deployment 'website-app' should not set 'spec.template.volumes.hostPath'", "Namespace": "builtin.kubernetes.KSV023", "Query": "data.builtin.kubernetes.KSV023.deny", "Resolution": "Do not set 'spec.volumes[*].hostPath'.", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0023", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0023" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 12, "EndLine": 138, "Code": { "Lines": [ { "Number": 12, "Content": "spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 13, "Content": " progressDeadlineSeconds: 600", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mprogressDeadlineSeconds\u001b[0m: \u001b[38;5;37m600", "FirstCause": false, "LastCause": false }, { "Number": 14, "Content": " replicas: 1", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mreplicas\u001b[0m: \u001b[38;5;37m1", "FirstCause": false, "LastCause": false }, { "Number": 15, "Content": " revisionHistoryLimit: 10", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mrevisionHistoryLimit\u001b[0m: \u001b[38;5;37m10", "FirstCause": false, "LastCause": false }, { "Number": 16, "Content": " selector:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mselector\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 17, "Content": " matchLabels:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mmatchLabels\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 18, "Content": " app: website-alexpires-me", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mapp\u001b[0m: website-alexpires-me", "FirstCause": false, "LastCause": false }, { "Number": 19, "Content": " strategy:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mstrategy\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 20, "Content": " rollingUpdate:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mrollingUpdate\u001b[0m:", "FirstCause": false, "LastCause": true }, { "Number": 21, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0104", "Title": "Seccomp policies disabled", "Description": "A program inside the container can bypass Seccomp protection policies.", "Message": "container \"website\" of deployment \"website-app\" in \"website\" namespace should specify a seccomp profile", "Namespace": "builtin.kubernetes.KSV104", "Query": "data.builtin.kubernetes.KSV104.deny", "Resolution": "Specify seccomp either by annotation or by seccomp profile type having allowed values as per pod security standards", "Severity": "MEDIUM", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0104", "References": [ "https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline", "https://avd.aquasec.com/misconfig/ksv-0104" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 36, "EndLine": 101, "Code": { "Lines": [ { "Number": 36, "Content": " - image: nginx:stable-alpine", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: nginx:stable-alpine", "FirstCause": true, "LastCause": false }, { "Number": 37, "Content": " imagePullPolicy: Always", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " livenessProbe:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " failureThreshold: 3", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfailureThreshold\u001b[0m: \u001b[38;5;37m3", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " httpGet:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mhttpGet\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " path: /", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mpath\u001b[0m: /", "FirstCause": false, "LastCause": false }, { "Number": 42, "Content": " port: 8080", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mport\u001b[0m: \u001b[38;5;37m8080", "FirstCause": false, "LastCause": false }, { "Number": 43, "Content": " scheme: HTTP", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mscheme\u001b[0m: HTTP", "FirstCause": false, "LastCause": false }, { "Number": 44, "Content": " initialDelaySeconds: 5", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33minitialDelaySeconds\u001b[0m: \u001b[38;5;37m5", "FirstCause": false, "LastCause": true }, { "Number": 45, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } }, { "Type": "Kubernetes Security Check", "ID": "KSV-0118", "Title": "Default security context configured", "Description": "Security context controls the allocation of security parameters for the pod/container/volume, ensuring the appropriate level of protection. Relying on default security context may expose vulnerabilities to potential attacks that rely on privileged access.", "Message": "deployment website-app in website namespace is using the default security context, which allows root privileges", "Namespace": "builtin.kubernetes.KSV118", "Query": "data.builtin.kubernetes.KSV118.deny", "Resolution": "To enhance security, it is strongly recommended not to rely on the default security context. Instead, it is advisable to explicitly define the required security parameters (such as runAsNonRoot, capabilities, readOnlyRootFilesystem, etc.) within the security context.", "Severity": "HIGH", "PrimaryURL": "https://avd.aquasec.com/misconfig/ksv-0118", "References": [ "https://kubernetes.io/docs/tasks/configure-pod-container/security-context/", "https://avd.aquasec.com/misconfig/ksv-0118" ], "Status": "FAIL", "CauseMetadata": { "Provider": "Kubernetes", "Service": "general", "StartLine": 33, "EndLine": 138, "Code": { "Lines": [ { "Number": 33, "Content": " spec:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mspec\u001b[0m:", "FirstCause": true, "LastCause": false }, { "Number": 34, "Content": " automountServiceAccountToken: true", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mautomountServiceAccountToken\u001b[0m: \u001b[38;5;166mtrue", "FirstCause": false, "LastCause": false }, { "Number": 35, "Content": " containers:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mcontainers\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 36, "Content": " - image: nginx:stable-alpine", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " - \u001b[38;5;33mimage\u001b[0m: nginx:stable-alpine", "FirstCause": false, "LastCause": false }, { "Number": 37, "Content": " imagePullPolicy: Always", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mimagePullPolicy\u001b[0m: Always", "FirstCause": false, "LastCause": false }, { "Number": 38, "Content": " livenessProbe:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mlivenessProbe\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 39, "Content": " failureThreshold: 3", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mfailureThreshold\u001b[0m: \u001b[38;5;37m3", "FirstCause": false, "LastCause": false }, { "Number": 40, "Content": " httpGet:", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": "\u001b[0m \u001b[38;5;33mhttpGet\u001b[0m:", "FirstCause": false, "LastCause": false }, { "Number": 41, "Content": " path: /", "IsCause": true, "Annotation": "", "Truncated": false, "Highlighted": " \u001b[38;5;33mpath\u001b[0m: /", "FirstCause": false, "LastCause": true }, { "Number": 42, "Content": "", "IsCause": false, "Annotation": "", "Truncated": true, "FirstCause": false, "LastCause": false } ] } } } ] } ] }, { "Namespace": "website", "Kind": "Ingress", "Name": "website-ingress", "Metadata": [ {} ], "Results": [ { "Target": "Ingress/website-ingress", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "website", "Kind": "Service", "Name": "website-alexpires-me", "Metadata": [ {} ], "Results": [ { "Target": "Service/website-alexpires-me", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "website", "Kind": "ServiceAccount", "Name": "default", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/default", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "website", "Kind": "ServiceAccount", "Name": "website-app-sa", "Metadata": [ {} ], "Results": [ { "Target": "ServiceAccount/website-app-sa", "Class": "config", "Type": "kubernetes", "MisconfSummary": { "Successes": 57, "Failures": 0 } } ] }, { "Namespace": "cert-manager", "Kind": "Deployment", "Name": "cert-manager", "Metadata": [ { "Size": 67373056, "OS": { "Family": "debian", "Name": "12.5" }, "ImageID": "sha256:3d272ec03f9932dd3a2df7942d2476313d091442653a94d7d4a2664514ec8b81", "DiffIDs": [ "sha256:3d6fa0469044370439d20eaf7e0d25450e01335a93c13ba46e368d7785914c0c", "sha256:49626df344c912cfe9f8d8fcd635d301bd41127cd326914212cf2443a96cf421", "sha256:945d17be9a3e27af5ca1c671792bf1a8f2c3f4d13d3994665d95f084ed4f8a60", "sha256:4d049f83d9cf21d1f5cc0e11deaf36df02790d0e60c1a3829538fb4b61685368", "sha256:af5aa97ebe6ce1604747ec1e21af7136ded391bcabe4acef882e718a87c86bcc", "sha256:ac805962e47900b616b2f4b4584a34ac7b07d64ac1fd2c077478cf65311addcc", "sha256:bbb6cacb8c82e4da4e8143e03351e939eab5e21ce0ef333c42e637af86c5217b", "sha256:2a92d6ac9e4fcc274d5168b217ca4458a9fec6f094ead68d99c77073f08caac1", "sha256:1a73b54f556b477f0a8b939d13c504a3b4f4db71f7a09c63afbc10acb3de5849", "sha256:f4aee9e53c42a22ed82451218c3ea03d1eea8d6ca8fbe8eb4e950304ba8a8bb3", "sha256:b336e209998fa5cf0eec3dabf93a21194198a35f4f75612d8da03693f8c30217", "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718", "sha256:51c1e33e14008c93d157bf0f308494a7d0a421ce0693a232f92ef6e43eb29f90", "sha256:a7c10d30cf1ad3b67244a936515e38af0ece441e690e766e3eeca4227fc55f69" ], "RepoTags": [ "quay.io/jetstack/cert-manager-controller:v1.14.5" ], "RepoDigests": [ "quay.io/jetstack/cert-manager-controller@sha256:9c0527cab629b61bd60c20f0c25615a8593314d3504add968b42bc5b891b253a" ], "Reference": "quay.io/jetstack/cert-manager-controller:v1.14.5", "ImageConfig": { "architecture": "amd64", "created": "2024-04-25T10:51:17.011016371Z", "history": [ { "created": "0001-01-01T00:00:00Z" }, { "created": "0001-01-01T00:00:00Z" }, { "created": "0001-01-01T00:00:00Z" }, { "created": "0001-01-01T00:00:00Z" }, { "created": "0001-01-01T00:00:00Z" }, { "created": "0001-01-01T00:00:00Z" }, { "created": "0001-01-01T00:00:00Z" }, { "created": "0001-01-01T00:00:00Z" }, { "created": "0001-01-01T00:00:00Z" }, { "created": "0001-01-01T00:00:00Z" }, { "created": "0001-01-01T00:00:00Z" }, { "created": "2024-04-25T10:51:16.10172853Z", "created_by": "LABEL org.opencontainers.image.source=https://github.com/cert-manager/cert-manager", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2024-04-25T10:51:16.10172853Z", "created_by": "USER 1000", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2024-04-25T10:51:16.10172853Z", "created_by": "COPY controller /app/cmd/controller/controller # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2024-04-25T10:51:16.585230632Z", "created_by": "COPY cert-manager.license /licenses/LICENSE # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2024-04-25T10:51:17.011016371Z", "created_by": "COPY cert-manager.licenses_notice /licenses/LICENSES # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2024-04-25T10:51:17.011016371Z", "created_by": "ENTRYPOINT [\"/app/cmd/controller/controller\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true } ], "os": "linux", "rootfs": { "type": "layers", "diff_ids": [ "sha256:3d6fa0469044370439d20eaf7e0d25450e01335a93c13ba46e368d7785914c0c", "sha256:49626df344c912cfe9f8d8fcd635d301bd41127cd326914212cf2443a96cf421", "sha256:945d17be9a3e27af5ca1c671792bf1a8f2c3f4d13d3994665d95f084ed4f8a60", "sha256:4d049f83d9cf21d1f5cc0e11deaf36df02790d0e60c1a3829538fb4b61685368", "sha256:af5aa97ebe6ce1604747ec1e21af7136ded391bcabe4acef882e718a87c86bcc", "sha256:ac805962e47900b616b2f4b4584a34ac7b07d64ac1fd2c077478cf65311addcc", "sha256:bbb6cacb8c82e4da4e8143e03351e939eab5e21ce0ef333c42e637af86c5217b", "sha256:2a92d6ac9e4fcc274d5168b217ca4458a9fec6f094ead68d99c77073f08caac1", "sha256:1a73b54f556b477f0a8b939d13c504a3b4f4db71f7a09c63afbc10acb3de5849", "sha256:f4aee9e53c42a22ed82451218c3ea03d1eea8d6ca8fbe8eb4e950304ba8a8bb3", "sha256:b336e209998fa5cf0eec3dabf93a21194198a35f4f75612d8da03693f8c30217", "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718", "sha256:51c1e33e14008c93d157bf0f308494a7d0a421ce0693a232f92ef6e43eb29f90", "sha256:a7c10d30cf1ad3b67244a936515e38af0ece441e690e766e3eeca4227fc55f69" ] }, "config": { "Entrypoint": [ "/app/cmd/controller/controller" ], "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt" ], "Labels": { "org.opencontainers.image.source": "https://github.com/cert-manager/cert-manager" }, "User": "1000", "WorkingDir": "/" } }, "Layers": [ { "Size": 327680, "Digest": "sha256:286c61c9a31ace5fa0b8832c8e8e30d66bf32138f2f787463235aa0071f714ea", "DiffID": "sha256:3d6fa0469044370439d20eaf7e0d25450e01335a93c13ba46e368d7785914c0c" }, { "Size": 40960, "Digest": "sha256:2bdf44d7aa71bf3a0da2de0563ad0e3882948d699b4991edf8c0ab44e7f26ae3", "DiffID": "sha256:49626df344c912cfe9f8d8fcd635d301bd41127cd326914212cf2443a96cf421" }, { "Size": 2396160, "Digest": "sha256:452e9eed7ecfd0c2b44ac6fda20cee66ab98aec38ba30aa868e02445be7c8bb0", "DiffID": "sha256:945d17be9a3e27af5ca1c671792bf1a8f2c3f4d13d3994665d95f084ed4f8a60" }, { "Size": 1536, "Digest": "sha256:0f8b424aa0b96c1c388a5fd4d90735604459256336853082afb61733438872b5", "DiffID": "sha256:4d049f83d9cf21d1f5cc0e11deaf36df02790d0e60c1a3829538fb4b61685368" }, { "Size": 2560, "Digest": "sha256:d557676654e572af3e3173c90e7874644207fda32cd87e9d3d66b5d7b98a7b21", "DiffID": "sha256:af5aa97ebe6ce1604747ec1e21af7136ded391bcabe4acef882e718a87c86bcc" }, { "Size": 2560, "Digest": "sha256:c8022d07192eddbb2a548ba83be5e412f7ba863bbba158d133c9653bb8a47768", "DiffID": "sha256:ac805962e47900b616b2f4b4584a34ac7b07d64ac1fd2c077478cf65311addcc" }, { "Size": 2560, "Digest": "sha256:d858cbc252ade14879807ff8dbc3043a26bbdb92087da98cda831ee040b172b3", "DiffID": "sha256:bbb6cacb8c82e4da4e8143e03351e939eab5e21ce0ef333c42e637af86c5217b" }, { "Size": 1536, "Digest": "sha256:1069fc2daed1aceff7232f4b8ab21200dd3d8b04f61be9da86977a34a105dfdc", "DiffID": "sha256:2a92d6ac9e4fcc274d5168b217ca4458a9fec6f094ead68d99c77073f08caac1" }, { "Size": 10240, "Digest": "sha256:b40161cd83fc5d470d6abe50e87aa288481b6b89137012881d74187cfbf9f502", "DiffID": "sha256:1a73b54f556b477f0a8b939d13c504a3b4f4db71f7a09c63afbc10acb3de5849" }, { "Size": 3072, "Digest": "sha256:3f4e2c5863480125882d92060440a5250766bce764fee10acdbac18c872e4dc7", "DiffID": "sha256:f4aee9e53c42a22ed82451218c3ea03d1eea8d6ca8fbe8eb4e950304ba8a8bb3" }, { "Size": 238592, "Digest": "sha256:80a8c047508ae5cd6a591060fc43422cb8e3aea1bd908d913e8f0146e2297fea", "DiffID": "sha256:b336e209998fa5cf0eec3dabf93a21194198a35f4f75612d8da03693f8c30217" }, { "Size": 64339456, "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, { "Size": 3584, "Digest": "sha256:33838fd697f026879464ebe9f5ae6e0bec5289f689e97cf734da7837d33487f4", "DiffID": "sha256:51c1e33e14008c93d157bf0f308494a7d0a421ce0693a232f92ef6e43eb29f90" }, { "Size": 2560, "Digest": "sha256:dc114723bba03499030a454579abd5a5e68f2a10374a8917f82411b8dfd9ffc1", "DiffID": "sha256:a7c10d30cf1ad3b67244a936515e38af0ece441e690e766e3eeca4227fc55f69" } ] } ], "Results": [ { "Target": "quay.io/jetstack/cert-manager-controller:v1.14.5 (debian 12.5)", "Class": "os-pkgs", "Type": "debian", "Packages": [ { "ID": "base-files@12.4+deb12u5", "Name": "base-files", "Identifier": { "PURL": "pkg:deb/debian/base-files@12.4%2Bdeb12u5?arch=amd64\u0026distro=debian-12.5", "UID": "a027b06af87a4cc3" }, "Version": "12.4+deb12u5", "Arch": "amd64", "SrcName": "base-files", "SrcVersion": "12.4+deb12u5", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Santiago Vila \u003csanvila@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:286c61c9a31ace5fa0b8832c8e8e30d66bf32138f2f787463235aa0071f714ea", "DiffID": "sha256:3d6fa0469044370439d20eaf7e0d25450e01335a93c13ba46e368d7785914c0c" }, "InstalledFiles": [ "/usr/lib/os-release", "/usr/share/base-files/dot.bashrc", "/usr/share/base-files/dot.profile", "/usr/share/base-files/dot.profile.md5sums", "/usr/share/base-files/info.dir", "/usr/share/base-files/motd", "/usr/share/base-files/profile", "/usr/share/base-files/profile.md5sums", "/usr/share/base-files/staff-group-for-usr-local", "/usr/share/common-licenses/Apache-2.0", "/usr/share/common-licenses/Artistic", "/usr/share/common-licenses/BSD", "/usr/share/common-licenses/CC0-1.0", "/usr/share/common-licenses/GFDL-1.2", "/usr/share/common-licenses/GFDL-1.3", "/usr/share/common-licenses/GPL-1", "/usr/share/common-licenses/GPL-2", "/usr/share/common-licenses/GPL-3", "/usr/share/common-licenses/LGPL-2", "/usr/share/common-licenses/LGPL-2.1", "/usr/share/common-licenses/LGPL-3", "/usr/share/common-licenses/MPL-1.1", "/usr/share/common-licenses/MPL-2.0", "/usr/share/doc/base-files/README", "/usr/share/doc/base-files/README.FHS", "/usr/share/doc/base-files/changelog.gz", "/usr/share/doc/base-files/copyright", "/usr/share/lintian/overrides/base-files" ], "AnalyzedBy": "dpkg" }, { "ID": "netbase@6.4", "Name": "netbase", "Identifier": { "PURL": "pkg:deb/debian/netbase@6.4?arch=all\u0026distro=debian-12.5", "UID": "64adcbea2e4e887c" }, "Version": "6.4", "Arch": "all", "SrcName": "netbase", "SrcVersion": "6.4", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Marco d'Itri \u003cmd@linux.it\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:2bdf44d7aa71bf3a0da2de0563ad0e3882948d699b4991edf8c0ab44e7f26ae3", "DiffID": "sha256:49626df344c912cfe9f8d8fcd635d301bd41127cd326914212cf2443a96cf421" }, "InstalledFiles": [ "/usr/share/doc/netbase/changelog.gz", "/usr/share/doc/netbase/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "tzdata@2024a-0+deb12u1", "Name": "tzdata", "Identifier": { "PURL": "pkg:deb/debian/tzdata@2024a-0%2Bdeb12u1?arch=all\u0026distro=debian-12.5", "UID": "c32ff64571217b4a" }, "Version": "2024a", "Release": "0+deb12u1", "Arch": "all", "SrcName": "tzdata", "SrcVersion": "2024a", "SrcRelease": "0+deb12u1", "Licenses": [ "public-domain" ], "Maintainer": "GNU Libc Maintainers \u003cdebian-glibc@lists.debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:452e9eed7ecfd0c2b44ac6fda20cee66ab98aec38ba30aa868e02445be7c8bb0", "DiffID": "sha256:945d17be9a3e27af5ca1c671792bf1a8f2c3f4d13d3994665d95f084ed4f8a60" }, "InstalledFiles": [ "/usr/share/doc/tzdata/README.Debian", "/usr/share/doc/tzdata/changelog.Debian.gz", "/usr/share/doc/tzdata/changelog.gz", "/usr/share/doc/tzdata/copyright", "/usr/share/lintian/overrides/tzdata", "/usr/share/zoneinfo/Africa/Abidjan", "/usr/share/zoneinfo/Africa/Accra", "/usr/share/zoneinfo/Africa/Addis_Ababa", "/usr/share/zoneinfo/Africa/Algiers", "/usr/share/zoneinfo/Africa/Asmara", "/usr/share/zoneinfo/Africa/Bamako", "/usr/share/zoneinfo/Africa/Bangui", "/usr/share/zoneinfo/Africa/Banjul", "/usr/share/zoneinfo/Africa/Bissau", "/usr/share/zoneinfo/Africa/Blantyre", "/usr/share/zoneinfo/Africa/Brazzaville", "/usr/share/zoneinfo/Africa/Bujumbura", "/usr/share/zoneinfo/Africa/Cairo", "/usr/share/zoneinfo/Africa/Casablanca", "/usr/share/zoneinfo/Africa/Ceuta", "/usr/share/zoneinfo/Africa/Conakry", "/usr/share/zoneinfo/Africa/Dakar", "/usr/share/zoneinfo/Africa/Dar_es_Salaam", "/usr/share/zoneinfo/Africa/Djibouti", "/usr/share/zoneinfo/Africa/Douala", "/usr/share/zoneinfo/Africa/El_Aaiun", "/usr/share/zoneinfo/Africa/Freetown", "/usr/share/zoneinfo/Africa/Gaborone", "/usr/share/zoneinfo/Africa/Harare", "/usr/share/zoneinfo/Africa/Johannesburg", "/usr/share/zoneinfo/Africa/Juba", "/usr/share/zoneinfo/Africa/Kampala", "/usr/share/zoneinfo/Africa/Khartoum", "/usr/share/zoneinfo/Africa/Kigali", "/usr/share/zoneinfo/Africa/Kinshasa", "/usr/share/zoneinfo/Africa/Lagos", "/usr/share/zoneinfo/Africa/Libreville", "/usr/share/zoneinfo/Africa/Lome", "/usr/share/zoneinfo/Africa/Luanda", "/usr/share/zoneinfo/Africa/Lubumbashi", "/usr/share/zoneinfo/Africa/Lusaka", "/usr/share/zoneinfo/Africa/Malabo", "/usr/share/zoneinfo/Africa/Maputo", "/usr/share/zoneinfo/Africa/Maseru", "/usr/share/zoneinfo/Africa/Mbabane", "/usr/share/zoneinfo/Africa/Mogadishu", "/usr/share/zoneinfo/Africa/Monrovia", "/usr/share/zoneinfo/Africa/Nairobi", "/usr/share/zoneinfo/Africa/Ndjamena", "/usr/share/zoneinfo/Africa/Niamey", "/usr/share/zoneinfo/Africa/Nouakchott", "/usr/share/zoneinfo/Africa/Ouagadougou", "/usr/share/zoneinfo/Africa/Porto-Novo", "/usr/share/zoneinfo/Africa/Sao_Tome", "/usr/share/zoneinfo/Africa/Tripoli", "/usr/share/zoneinfo/Africa/Tunis", "/usr/share/zoneinfo/Africa/Windhoek", "/usr/share/zoneinfo/America/Adak", "/usr/share/zoneinfo/America/Anchorage", "/usr/share/zoneinfo/America/Anguilla", "/usr/share/zoneinfo/America/Antigua", "/usr/share/zoneinfo/America/Araguaina", "/usr/share/zoneinfo/America/Argentina/Buenos_Aires", "/usr/share/zoneinfo/America/Argentina/Catamarca", "/usr/share/zoneinfo/America/Argentina/Cordoba", "/usr/share/zoneinfo/America/Argentina/Jujuy", "/usr/share/zoneinfo/America/Argentina/La_Rioja", "/usr/share/zoneinfo/America/Argentina/Mendoza", "/usr/share/zoneinfo/America/Argentina/Rio_Gallegos", "/usr/share/zoneinfo/America/Argentina/Salta", "/usr/share/zoneinfo/America/Argentina/San_Juan", "/usr/share/zoneinfo/America/Argentina/San_Luis", "/usr/share/zoneinfo/America/Argentina/Tucuman", "/usr/share/zoneinfo/America/Argentina/Ushuaia", "/usr/share/zoneinfo/America/Aruba", "/usr/share/zoneinfo/America/Asuncion", "/usr/share/zoneinfo/America/Atikokan", "/usr/share/zoneinfo/America/Bahia", "/usr/share/zoneinfo/America/Bahia_Banderas", "/usr/share/zoneinfo/America/Barbados", "/usr/share/zoneinfo/America/Belem", "/usr/share/zoneinfo/America/Belize", "/usr/share/zoneinfo/America/Blanc-Sablon", "/usr/share/zoneinfo/America/Boa_Vista", "/usr/share/zoneinfo/America/Bogota", "/usr/share/zoneinfo/America/Boise", "/usr/share/zoneinfo/America/Cambridge_Bay", "/usr/share/zoneinfo/America/Campo_Grande", "/usr/share/zoneinfo/America/Cancun", "/usr/share/zoneinfo/America/Caracas", "/usr/share/zoneinfo/America/Cayenne", "/usr/share/zoneinfo/America/Cayman", "/usr/share/zoneinfo/America/Chicago", "/usr/share/zoneinfo/America/Chihuahua", "/usr/share/zoneinfo/America/Ciudad_Juarez", "/usr/share/zoneinfo/America/Costa_Rica", "/usr/share/zoneinfo/America/Creston", "/usr/share/zoneinfo/America/Cuiaba", "/usr/share/zoneinfo/America/Curacao", "/usr/share/zoneinfo/America/Danmarkshavn", "/usr/share/zoneinfo/America/Dawson", "/usr/share/zoneinfo/America/Dawson_Creek", "/usr/share/zoneinfo/America/Denver", "/usr/share/zoneinfo/America/Detroit", "/usr/share/zoneinfo/America/Dominica", "/usr/share/zoneinfo/America/Edmonton", "/usr/share/zoneinfo/America/Eirunepe", "/usr/share/zoneinfo/America/El_Salvador", "/usr/share/zoneinfo/America/Fort_Nelson", "/usr/share/zoneinfo/America/Fortaleza", "/usr/share/zoneinfo/America/Glace_Bay", "/usr/share/zoneinfo/America/Goose_Bay", "/usr/share/zoneinfo/America/Grand_Turk", "/usr/share/zoneinfo/America/Grenada", "/usr/share/zoneinfo/America/Guadeloupe", "/usr/share/zoneinfo/America/Guatemala", "/usr/share/zoneinfo/America/Guayaquil", "/usr/share/zoneinfo/America/Guyana", "/usr/share/zoneinfo/America/Halifax", "/usr/share/zoneinfo/America/Havana", "/usr/share/zoneinfo/America/Hermosillo", "/usr/share/zoneinfo/America/Indiana/Indianapolis", "/usr/share/zoneinfo/America/Indiana/Knox", "/usr/share/zoneinfo/America/Indiana/Marengo", "/usr/share/zoneinfo/America/Indiana/Petersburg", "/usr/share/zoneinfo/America/Indiana/Tell_City", "/usr/share/zoneinfo/America/Indiana/Vevay", "/usr/share/zoneinfo/America/Indiana/Vincennes", "/usr/share/zoneinfo/America/Indiana/Winamac", "/usr/share/zoneinfo/America/Inuvik", "/usr/share/zoneinfo/America/Iqaluit", "/usr/share/zoneinfo/America/Jamaica", "/usr/share/zoneinfo/America/Juneau", "/usr/share/zoneinfo/America/Kentucky/Louisville", "/usr/share/zoneinfo/America/Kentucky/Monticello", "/usr/share/zoneinfo/America/La_Paz", "/usr/share/zoneinfo/America/Lima", "/usr/share/zoneinfo/America/Los_Angeles", "/usr/share/zoneinfo/America/Maceio", "/usr/share/zoneinfo/America/Managua", "/usr/share/zoneinfo/America/Manaus", "/usr/share/zoneinfo/America/Martinique", "/usr/share/zoneinfo/America/Matamoros", "/usr/share/zoneinfo/America/Mazatlan", "/usr/share/zoneinfo/America/Menominee", "/usr/share/zoneinfo/America/Merida", "/usr/share/zoneinfo/America/Metlakatla", "/usr/share/zoneinfo/America/Mexico_City", "/usr/share/zoneinfo/America/Miquelon", "/usr/share/zoneinfo/America/Moncton", "/usr/share/zoneinfo/America/Monterrey", "/usr/share/zoneinfo/America/Montevideo", "/usr/share/zoneinfo/America/Montserrat", "/usr/share/zoneinfo/America/Nassau", "/usr/share/zoneinfo/America/New_York", "/usr/share/zoneinfo/America/Nome", "/usr/share/zoneinfo/America/Noronha", "/usr/share/zoneinfo/America/North_Dakota/Beulah", "/usr/share/zoneinfo/America/North_Dakota/Center", "/usr/share/zoneinfo/America/North_Dakota/New_Salem", "/usr/share/zoneinfo/America/Nuuk", "/usr/share/zoneinfo/America/Ojinaga", "/usr/share/zoneinfo/America/Panama", "/usr/share/zoneinfo/America/Paramaribo", "/usr/share/zoneinfo/America/Phoenix", "/usr/share/zoneinfo/America/Port-au-Prince", "/usr/share/zoneinfo/America/Port_of_Spain", "/usr/share/zoneinfo/America/Porto_Velho", "/usr/share/zoneinfo/America/Puerto_Rico", "/usr/share/zoneinfo/America/Punta_Arenas", "/usr/share/zoneinfo/America/Rankin_Inlet", "/usr/share/zoneinfo/America/Recife", "/usr/share/zoneinfo/America/Regina", "/usr/share/zoneinfo/America/Resolute", "/usr/share/zoneinfo/America/Rio_Branco", "/usr/share/zoneinfo/America/Santarem", "/usr/share/zoneinfo/America/Santiago", "/usr/share/zoneinfo/America/Santo_Domingo", "/usr/share/zoneinfo/America/Sao_Paulo", "/usr/share/zoneinfo/America/Scoresbysund", "/usr/share/zoneinfo/America/Sitka", "/usr/share/zoneinfo/America/St_Johns", "/usr/share/zoneinfo/America/St_Kitts", "/usr/share/zoneinfo/America/St_Lucia", "/usr/share/zoneinfo/America/St_Thomas", "/usr/share/zoneinfo/America/St_Vincent", "/usr/share/zoneinfo/America/Swift_Current", "/usr/share/zoneinfo/America/Tegucigalpa", "/usr/share/zoneinfo/America/Thule", "/usr/share/zoneinfo/America/Tijuana", "/usr/share/zoneinfo/America/Toronto", "/usr/share/zoneinfo/America/Tortola", "/usr/share/zoneinfo/America/Vancouver", "/usr/share/zoneinfo/America/Whitehorse", "/usr/share/zoneinfo/America/Winnipeg", "/usr/share/zoneinfo/America/Yakutat", "/usr/share/zoneinfo/Antarctica/Casey", "/usr/share/zoneinfo/Antarctica/Davis", "/usr/share/zoneinfo/Antarctica/DumontDUrville", "/usr/share/zoneinfo/Antarctica/Macquarie", "/usr/share/zoneinfo/Antarctica/Mawson", "/usr/share/zoneinfo/Antarctica/McMurdo", "/usr/share/zoneinfo/Antarctica/Palmer", "/usr/share/zoneinfo/Antarctica/Rothera", "/usr/share/zoneinfo/Antarctica/Syowa", "/usr/share/zoneinfo/Antarctica/Troll", "/usr/share/zoneinfo/Antarctica/Vostok", "/usr/share/zoneinfo/Asia/Aden", "/usr/share/zoneinfo/Asia/Almaty", "/usr/share/zoneinfo/Asia/Amman", "/usr/share/zoneinfo/Asia/Anadyr", "/usr/share/zoneinfo/Asia/Aqtau", "/usr/share/zoneinfo/Asia/Aqtobe", "/usr/share/zoneinfo/Asia/Ashgabat", "/usr/share/zoneinfo/Asia/Atyrau", "/usr/share/zoneinfo/Asia/Baghdad", "/usr/share/zoneinfo/Asia/Bahrain", "/usr/share/zoneinfo/Asia/Baku", "/usr/share/zoneinfo/Asia/Bangkok", "/usr/share/zoneinfo/Asia/Barnaul", "/usr/share/zoneinfo/Asia/Beirut", "/usr/share/zoneinfo/Asia/Bishkek", "/usr/share/zoneinfo/Asia/Brunei", "/usr/share/zoneinfo/Asia/Chita", "/usr/share/zoneinfo/Asia/Choibalsan", "/usr/share/zoneinfo/Asia/Colombo", "/usr/share/zoneinfo/Asia/Damascus", "/usr/share/zoneinfo/Asia/Dhaka", "/usr/share/zoneinfo/Asia/Dili", "/usr/share/zoneinfo/Asia/Dubai", "/usr/share/zoneinfo/Asia/Dushanbe", "/usr/share/zoneinfo/Asia/Famagusta", "/usr/share/zoneinfo/Asia/Gaza", "/usr/share/zoneinfo/Asia/Hebron", "/usr/share/zoneinfo/Asia/Ho_Chi_Minh", "/usr/share/zoneinfo/Asia/Hong_Kong", "/usr/share/zoneinfo/Asia/Hovd", "/usr/share/zoneinfo/Asia/Irkutsk", "/usr/share/zoneinfo/Asia/Jakarta", "/usr/share/zoneinfo/Asia/Jayapura", "/usr/share/zoneinfo/Asia/Jerusalem", "/usr/share/zoneinfo/Asia/Kabul", "/usr/share/zoneinfo/Asia/Kamchatka", "/usr/share/zoneinfo/Asia/Karachi", "/usr/share/zoneinfo/Asia/Kathmandu", "/usr/share/zoneinfo/Asia/Khandyga", "/usr/share/zoneinfo/Asia/Kolkata", "/usr/share/zoneinfo/Asia/Krasnoyarsk", "/usr/share/zoneinfo/Asia/Kuala_Lumpur", "/usr/share/zoneinfo/Asia/Kuching", "/usr/share/zoneinfo/Asia/Kuwait", "/usr/share/zoneinfo/Asia/Macau", "/usr/share/zoneinfo/Asia/Magadan", "/usr/share/zoneinfo/Asia/Makassar", "/usr/share/zoneinfo/Asia/Manila", "/usr/share/zoneinfo/Asia/Muscat", "/usr/share/zoneinfo/Asia/Nicosia", "/usr/share/zoneinfo/Asia/Novokuznetsk", "/usr/share/zoneinfo/Asia/Novosibirsk", "/usr/share/zoneinfo/Asia/Omsk", "/usr/share/zoneinfo/Asia/Oral", "/usr/share/zoneinfo/Asia/Phnom_Penh", "/usr/share/zoneinfo/Asia/Pontianak", "/usr/share/zoneinfo/Asia/Pyongyang", "/usr/share/zoneinfo/Asia/Qatar", "/usr/share/zoneinfo/Asia/Qostanay", "/usr/share/zoneinfo/Asia/Qyzylorda", "/usr/share/zoneinfo/Asia/Riyadh", "/usr/share/zoneinfo/Asia/Sakhalin", "/usr/share/zoneinfo/Asia/Samarkand", "/usr/share/zoneinfo/Asia/Seoul", "/usr/share/zoneinfo/Asia/Shanghai", "/usr/share/zoneinfo/Asia/Singapore", "/usr/share/zoneinfo/Asia/Srednekolymsk", "/usr/share/zoneinfo/Asia/Taipei", "/usr/share/zoneinfo/Asia/Tashkent", "/usr/share/zoneinfo/Asia/Tbilisi", "/usr/share/zoneinfo/Asia/Tehran", "/usr/share/zoneinfo/Asia/Thimphu", "/usr/share/zoneinfo/Asia/Tokyo", "/usr/share/zoneinfo/Asia/Tomsk", "/usr/share/zoneinfo/Asia/Ulaanbaatar", "/usr/share/zoneinfo/Asia/Urumqi", "/usr/share/zoneinfo/Asia/Ust-Nera", "/usr/share/zoneinfo/Asia/Vientiane", "/usr/share/zoneinfo/Asia/Vladivostok", "/usr/share/zoneinfo/Asia/Yakutsk", "/usr/share/zoneinfo/Asia/Yangon", "/usr/share/zoneinfo/Asia/Yekaterinburg", "/usr/share/zoneinfo/Asia/Yerevan", "/usr/share/zoneinfo/Atlantic/Azores", "/usr/share/zoneinfo/Atlantic/Bermuda", "/usr/share/zoneinfo/Atlantic/Canary", "/usr/share/zoneinfo/Atlantic/Cape_Verde", "/usr/share/zoneinfo/Atlantic/Faroe", "/usr/share/zoneinfo/Atlantic/Madeira", "/usr/share/zoneinfo/Atlantic/Reykjavik", "/usr/share/zoneinfo/Atlantic/South_Georgia", "/usr/share/zoneinfo/Atlantic/St_Helena", "/usr/share/zoneinfo/Atlantic/Stanley", "/usr/share/zoneinfo/Australia/Adelaide", "/usr/share/zoneinfo/Australia/Brisbane", "/usr/share/zoneinfo/Australia/Broken_Hill", "/usr/share/zoneinfo/Australia/Darwin", "/usr/share/zoneinfo/Australia/Eucla", "/usr/share/zoneinfo/Australia/Hobart", "/usr/share/zoneinfo/Australia/Lindeman", "/usr/share/zoneinfo/Australia/Lord_Howe", "/usr/share/zoneinfo/Australia/Melbourne", "/usr/share/zoneinfo/Australia/Perth", "/usr/share/zoneinfo/Australia/Sydney", "/usr/share/zoneinfo/CET", "/usr/share/zoneinfo/CST6CDT", "/usr/share/zoneinfo/EET", "/usr/share/zoneinfo/EST", "/usr/share/zoneinfo/EST5EDT", "/usr/share/zoneinfo/Etc/GMT", "/usr/share/zoneinfo/Etc/GMT+1", "/usr/share/zoneinfo/Etc/GMT+10", "/usr/share/zoneinfo/Etc/GMT+11", "/usr/share/zoneinfo/Etc/GMT+12", "/usr/share/zoneinfo/Etc/GMT+2", "/usr/share/zoneinfo/Etc/GMT+3", "/usr/share/zoneinfo/Etc/GMT+4", "/usr/share/zoneinfo/Etc/GMT+5", "/usr/share/zoneinfo/Etc/GMT+6", "/usr/share/zoneinfo/Etc/GMT+7", "/usr/share/zoneinfo/Etc/GMT+8", "/usr/share/zoneinfo/Etc/GMT+9", "/usr/share/zoneinfo/Etc/GMT-1", "/usr/share/zoneinfo/Etc/GMT-10", "/usr/share/zoneinfo/Etc/GMT-11", "/usr/share/zoneinfo/Etc/GMT-12", "/usr/share/zoneinfo/Etc/GMT-13", "/usr/share/zoneinfo/Etc/GMT-14", "/usr/share/zoneinfo/Etc/GMT-2", "/usr/share/zoneinfo/Etc/GMT-3", "/usr/share/zoneinfo/Etc/GMT-4", "/usr/share/zoneinfo/Etc/GMT-5", "/usr/share/zoneinfo/Etc/GMT-6", "/usr/share/zoneinfo/Etc/GMT-7", "/usr/share/zoneinfo/Etc/GMT-8", "/usr/share/zoneinfo/Etc/GMT-9", "/usr/share/zoneinfo/Etc/UTC", "/usr/share/zoneinfo/Europe/Amsterdam", "/usr/share/zoneinfo/Europe/Andorra", "/usr/share/zoneinfo/Europe/Astrakhan", "/usr/share/zoneinfo/Europe/Athens", "/usr/share/zoneinfo/Europe/Belgrade", "/usr/share/zoneinfo/Europe/Berlin", "/usr/share/zoneinfo/Europe/Brussels", "/usr/share/zoneinfo/Europe/Bucharest", "/usr/share/zoneinfo/Europe/Budapest", "/usr/share/zoneinfo/Europe/Chisinau", "/usr/share/zoneinfo/Europe/Copenhagen", "/usr/share/zoneinfo/Europe/Dublin", "/usr/share/zoneinfo/Europe/Gibraltar", "/usr/share/zoneinfo/Europe/Guernsey", "/usr/share/zoneinfo/Europe/Helsinki", "/usr/share/zoneinfo/Europe/Isle_of_Man", "/usr/share/zoneinfo/Europe/Istanbul", "/usr/share/zoneinfo/Europe/Jersey", "/usr/share/zoneinfo/Europe/Kaliningrad", "/usr/share/zoneinfo/Europe/Kirov", "/usr/share/zoneinfo/Europe/Kyiv", "/usr/share/zoneinfo/Europe/Lisbon", "/usr/share/zoneinfo/Europe/Ljubljana", "/usr/share/zoneinfo/Europe/London", "/usr/share/zoneinfo/Europe/Luxembourg", "/usr/share/zoneinfo/Europe/Madrid", "/usr/share/zoneinfo/Europe/Malta", "/usr/share/zoneinfo/Europe/Minsk", "/usr/share/zoneinfo/Europe/Monaco", "/usr/share/zoneinfo/Europe/Moscow", "/usr/share/zoneinfo/Europe/Oslo", "/usr/share/zoneinfo/Europe/Paris", "/usr/share/zoneinfo/Europe/Prague", "/usr/share/zoneinfo/Europe/Riga", "/usr/share/zoneinfo/Europe/Rome", "/usr/share/zoneinfo/Europe/Samara", "/usr/share/zoneinfo/Europe/Sarajevo", "/usr/share/zoneinfo/Europe/Saratov", "/usr/share/zoneinfo/Europe/Simferopol", "/usr/share/zoneinfo/Europe/Skopje", "/usr/share/zoneinfo/Europe/Sofia", "/usr/share/zoneinfo/Europe/Stockholm", "/usr/share/zoneinfo/Europe/Tallinn", "/usr/share/zoneinfo/Europe/Tirane", "/usr/share/zoneinfo/Europe/Ulyanovsk", "/usr/share/zoneinfo/Europe/Vaduz", "/usr/share/zoneinfo/Europe/Vienna", "/usr/share/zoneinfo/Europe/Vilnius", "/usr/share/zoneinfo/Europe/Volgograd", "/usr/share/zoneinfo/Europe/Warsaw", "/usr/share/zoneinfo/Europe/Zagreb", "/usr/share/zoneinfo/Europe/Zurich", "/usr/share/zoneinfo/Factory", "/usr/share/zoneinfo/HST", "/usr/share/zoneinfo/Indian/Antananarivo", "/usr/share/zoneinfo/Indian/Chagos", "/usr/share/zoneinfo/Indian/Christmas", "/usr/share/zoneinfo/Indian/Cocos", "/usr/share/zoneinfo/Indian/Comoro", "/usr/share/zoneinfo/Indian/Kerguelen", "/usr/share/zoneinfo/Indian/Mahe", "/usr/share/zoneinfo/Indian/Maldives", "/usr/share/zoneinfo/Indian/Mauritius", "/usr/share/zoneinfo/Indian/Mayotte", "/usr/share/zoneinfo/Indian/Reunion", "/usr/share/zoneinfo/MET", "/usr/share/zoneinfo/MST", "/usr/share/zoneinfo/MST7MDT", "/usr/share/zoneinfo/PST8PDT", "/usr/share/zoneinfo/Pacific/Apia", "/usr/share/zoneinfo/Pacific/Auckland", "/usr/share/zoneinfo/Pacific/Bougainville", "/usr/share/zoneinfo/Pacific/Chatham", "/usr/share/zoneinfo/Pacific/Chuuk", "/usr/share/zoneinfo/Pacific/Easter", "/usr/share/zoneinfo/Pacific/Efate", "/usr/share/zoneinfo/Pacific/Fakaofo", "/usr/share/zoneinfo/Pacific/Fiji", "/usr/share/zoneinfo/Pacific/Funafuti", "/usr/share/zoneinfo/Pacific/Galapagos", "/usr/share/zoneinfo/Pacific/Gambier", "/usr/share/zoneinfo/Pacific/Guadalcanal", "/usr/share/zoneinfo/Pacific/Guam", "/usr/share/zoneinfo/Pacific/Honolulu", "/usr/share/zoneinfo/Pacific/Kanton", "/usr/share/zoneinfo/Pacific/Kiritimati", "/usr/share/zoneinfo/Pacific/Kosrae", "/usr/share/zoneinfo/Pacific/Kwajalein", "/usr/share/zoneinfo/Pacific/Majuro", "/usr/share/zoneinfo/Pacific/Marquesas", "/usr/share/zoneinfo/Pacific/Midway", "/usr/share/zoneinfo/Pacific/Nauru", "/usr/share/zoneinfo/Pacific/Niue", "/usr/share/zoneinfo/Pacific/Norfolk", "/usr/share/zoneinfo/Pacific/Noumea", "/usr/share/zoneinfo/Pacific/Pago_Pago", "/usr/share/zoneinfo/Pacific/Palau", "/usr/share/zoneinfo/Pacific/Pitcairn", "/usr/share/zoneinfo/Pacific/Pohnpei", "/usr/share/zoneinfo/Pacific/Port_Moresby", "/usr/share/zoneinfo/Pacific/Rarotonga", "/usr/share/zoneinfo/Pacific/Saipan", "/usr/share/zoneinfo/Pacific/Tahiti", "/usr/share/zoneinfo/Pacific/Tarawa", "/usr/share/zoneinfo/Pacific/Tongatapu", "/usr/share/zoneinfo/Pacific/Wake", "/usr/share/zoneinfo/Pacific/Wallis", "/usr/share/zoneinfo/WET", "/usr/share/zoneinfo/iso3166.tab", "/usr/share/zoneinfo/leap-seconds.list", "/usr/share/zoneinfo/leapseconds", "/usr/share/zoneinfo/right/Africa/Abidjan", "/usr/share/zoneinfo/right/Africa/Accra", "/usr/share/zoneinfo/right/Africa/Addis_Ababa", "/usr/share/zoneinfo/right/Africa/Algiers", "/usr/share/zoneinfo/right/Africa/Asmara", "/usr/share/zoneinfo/right/Africa/Bamako", "/usr/share/zoneinfo/right/Africa/Bangui", "/usr/share/zoneinfo/right/Africa/Banjul", "/usr/share/zoneinfo/right/Africa/Bissau", "/usr/share/zoneinfo/right/Africa/Blantyre", "/usr/share/zoneinfo/right/Africa/Brazzaville", "/usr/share/zoneinfo/right/Africa/Bujumbura", "/usr/share/zoneinfo/right/Africa/Cairo", "/usr/share/zoneinfo/right/Africa/Casablanca", "/usr/share/zoneinfo/right/Africa/Ceuta", "/usr/share/zoneinfo/right/Africa/Conakry", "/usr/share/zoneinfo/right/Africa/Dakar", "/usr/share/zoneinfo/right/Africa/Dar_es_Salaam", "/usr/share/zoneinfo/right/Africa/Djibouti", "/usr/share/zoneinfo/right/Africa/Douala", "/usr/share/zoneinfo/right/Africa/El_Aaiun", "/usr/share/zoneinfo/right/Africa/Freetown", "/usr/share/zoneinfo/right/Africa/Gaborone", "/usr/share/zoneinfo/right/Africa/Harare", "/usr/share/zoneinfo/right/Africa/Johannesburg", "/usr/share/zoneinfo/right/Africa/Juba", "/usr/share/zoneinfo/right/Africa/Kampala", "/usr/share/zoneinfo/right/Africa/Khartoum", "/usr/share/zoneinfo/right/Africa/Kigali", "/usr/share/zoneinfo/right/Africa/Kinshasa", "/usr/share/zoneinfo/right/Africa/Lagos", "/usr/share/zoneinfo/right/Africa/Libreville", "/usr/share/zoneinfo/right/Africa/Lome", "/usr/share/zoneinfo/right/Africa/Luanda", "/usr/share/zoneinfo/right/Africa/Lubumbashi", "/usr/share/zoneinfo/right/Africa/Lusaka", "/usr/share/zoneinfo/right/Africa/Malabo", "/usr/share/zoneinfo/right/Africa/Maputo", "/usr/share/zoneinfo/right/Africa/Maseru", "/usr/share/zoneinfo/right/Africa/Mbabane", "/usr/share/zoneinfo/right/Africa/Mogadishu", "/usr/share/zoneinfo/right/Africa/Monrovia", "/usr/share/zoneinfo/right/Africa/Nairobi", "/usr/share/zoneinfo/right/Africa/Ndjamena", "/usr/share/zoneinfo/right/Africa/Niamey", "/usr/share/zoneinfo/right/Africa/Nouakchott", "/usr/share/zoneinfo/right/Africa/Ouagadougou", "/usr/share/zoneinfo/right/Africa/Porto-Novo", "/usr/share/zoneinfo/right/Africa/Sao_Tome", "/usr/share/zoneinfo/right/Africa/Tripoli", "/usr/share/zoneinfo/right/Africa/Tunis", "/usr/share/zoneinfo/right/Africa/Windhoek", "/usr/share/zoneinfo/right/America/Adak", "/usr/share/zoneinfo/right/America/Anchorage", "/usr/share/zoneinfo/right/America/Anguilla", "/usr/share/zoneinfo/right/America/Antigua", "/usr/share/zoneinfo/right/America/Araguaina", "/usr/share/zoneinfo/right/America/Argentina/Buenos_Aires", "/usr/share/zoneinfo/right/America/Argentina/Catamarca", "/usr/share/zoneinfo/right/America/Argentina/Cordoba", "/usr/share/zoneinfo/right/America/Argentina/Jujuy", "/usr/share/zoneinfo/right/America/Argentina/La_Rioja", "/usr/share/zoneinfo/right/America/Argentina/Mendoza", "/usr/share/zoneinfo/right/America/Argentina/Rio_Gallegos", "/usr/share/zoneinfo/right/America/Argentina/Salta", "/usr/share/zoneinfo/right/America/Argentina/San_Juan", "/usr/share/zoneinfo/right/America/Argentina/San_Luis", "/usr/share/zoneinfo/right/America/Argentina/Tucuman", "/usr/share/zoneinfo/right/America/Argentina/Ushuaia", "/usr/share/zoneinfo/right/America/Aruba", "/usr/share/zoneinfo/right/America/Asuncion", "/usr/share/zoneinfo/right/America/Atikokan", "/usr/share/zoneinfo/right/America/Bahia", "/usr/share/zoneinfo/right/America/Bahia_Banderas", "/usr/share/zoneinfo/right/America/Barbados", "/usr/share/zoneinfo/right/America/Belem", "/usr/share/zoneinfo/right/America/Belize", "/usr/share/zoneinfo/right/America/Blanc-Sablon", "/usr/share/zoneinfo/right/America/Boa_Vista", "/usr/share/zoneinfo/right/America/Bogota", "/usr/share/zoneinfo/right/America/Boise", "/usr/share/zoneinfo/right/America/Cambridge_Bay", "/usr/share/zoneinfo/right/America/Campo_Grande", "/usr/share/zoneinfo/right/America/Cancun", "/usr/share/zoneinfo/right/America/Caracas", "/usr/share/zoneinfo/right/America/Cayenne", "/usr/share/zoneinfo/right/America/Cayman", "/usr/share/zoneinfo/right/America/Chicago", "/usr/share/zoneinfo/right/America/Chihuahua", "/usr/share/zoneinfo/right/America/Ciudad_Juarez", "/usr/share/zoneinfo/right/America/Costa_Rica", "/usr/share/zoneinfo/right/America/Creston", "/usr/share/zoneinfo/right/America/Cuiaba", "/usr/share/zoneinfo/right/America/Curacao", "/usr/share/zoneinfo/right/America/Danmarkshavn", "/usr/share/zoneinfo/right/America/Dawson", "/usr/share/zoneinfo/right/America/Dawson_Creek", "/usr/share/zoneinfo/right/America/Denver", "/usr/share/zoneinfo/right/America/Detroit", "/usr/share/zoneinfo/right/America/Dominica", "/usr/share/zoneinfo/right/America/Edmonton", "/usr/share/zoneinfo/right/America/Eirunepe", "/usr/share/zoneinfo/right/America/El_Salvador", "/usr/share/zoneinfo/right/America/Fort_Nelson", "/usr/share/zoneinfo/right/America/Fortaleza", "/usr/share/zoneinfo/right/America/Glace_Bay", "/usr/share/zoneinfo/right/America/Goose_Bay", "/usr/share/zoneinfo/right/America/Grand_Turk", "/usr/share/zoneinfo/right/America/Grenada", "/usr/share/zoneinfo/right/America/Guadeloupe", "/usr/share/zoneinfo/right/America/Guatemala", "/usr/share/zoneinfo/right/America/Guayaquil", "/usr/share/zoneinfo/right/America/Guyana", "/usr/share/zoneinfo/right/America/Halifax", "/usr/share/zoneinfo/right/America/Havana", "/usr/share/zoneinfo/right/America/Hermosillo", "/usr/share/zoneinfo/right/America/Indiana/Indianapolis", "/usr/share/zoneinfo/right/America/Indiana/Knox", "/usr/share/zoneinfo/right/America/Indiana/Marengo", "/usr/share/zoneinfo/right/America/Indiana/Petersburg", "/usr/share/zoneinfo/right/America/Indiana/Tell_City", "/usr/share/zoneinfo/right/America/Indiana/Vevay", "/usr/share/zoneinfo/right/America/Indiana/Vincennes", "/usr/share/zoneinfo/right/America/Indiana/Winamac", "/usr/share/zoneinfo/right/America/Inuvik", "/usr/share/zoneinfo/right/America/Iqaluit", "/usr/share/zoneinfo/right/America/Jamaica", "/usr/share/zoneinfo/right/America/Juneau", "/usr/share/zoneinfo/right/America/Kentucky/Louisville", "/usr/share/zoneinfo/right/America/Kentucky/Monticello", "/usr/share/zoneinfo/right/America/La_Paz", "/usr/share/zoneinfo/right/America/Lima", "/usr/share/zoneinfo/right/America/Los_Angeles", "/usr/share/zoneinfo/right/America/Maceio", "/usr/share/zoneinfo/right/America/Managua", "/usr/share/zoneinfo/right/America/Manaus", "/usr/share/zoneinfo/right/America/Martinique", "/usr/share/zoneinfo/right/America/Matamoros", "/usr/share/zoneinfo/right/America/Mazatlan", "/usr/share/zoneinfo/right/America/Menominee", "/usr/share/zoneinfo/right/America/Merida", "/usr/share/zoneinfo/right/America/Metlakatla", "/usr/share/zoneinfo/right/America/Mexico_City", "/usr/share/zoneinfo/right/America/Miquelon", "/usr/share/zoneinfo/right/America/Moncton", "/usr/share/zoneinfo/right/America/Monterrey", "/usr/share/zoneinfo/right/America/Montevideo", "/usr/share/zoneinfo/right/America/Montserrat", "/usr/share/zoneinfo/right/America/Nassau", "/usr/share/zoneinfo/right/America/New_York", "/usr/share/zoneinfo/right/America/Nome", "/usr/share/zoneinfo/right/America/Noronha", "/usr/share/zoneinfo/right/America/North_Dakota/Beulah", "/usr/share/zoneinfo/right/America/North_Dakota/Center", "/usr/share/zoneinfo/right/America/North_Dakota/New_Salem", "/usr/share/zoneinfo/right/America/Nuuk", "/usr/share/zoneinfo/right/America/Ojinaga", "/usr/share/zoneinfo/right/America/Panama", "/usr/share/zoneinfo/right/America/Paramaribo", "/usr/share/zoneinfo/right/America/Phoenix", "/usr/share/zoneinfo/right/America/Port-au-Prince", "/usr/share/zoneinfo/right/America/Port_of_Spain", "/usr/share/zoneinfo/right/America/Porto_Velho", "/usr/share/zoneinfo/right/America/Puerto_Rico", "/usr/share/zoneinfo/right/America/Punta_Arenas", "/usr/share/zoneinfo/right/America/Rankin_Inlet", "/usr/share/zoneinfo/right/America/Recife", "/usr/share/zoneinfo/right/America/Regina", "/usr/share/zoneinfo/right/America/Resolute", "/usr/share/zoneinfo/right/America/Rio_Branco", "/usr/share/zoneinfo/right/America/Santarem", "/usr/share/zoneinfo/right/America/Santiago", "/usr/share/zoneinfo/right/America/Santo_Domingo", "/usr/share/zoneinfo/right/America/Sao_Paulo", "/usr/share/zoneinfo/right/America/Scoresbysund", "/usr/share/zoneinfo/right/America/Sitka", "/usr/share/zoneinfo/right/America/St_Johns", "/usr/share/zoneinfo/right/America/St_Kitts", "/usr/share/zoneinfo/right/America/St_Lucia", "/usr/share/zoneinfo/right/America/St_Thomas", "/usr/share/zoneinfo/right/America/St_Vincent", "/usr/share/zoneinfo/right/America/Swift_Current", "/usr/share/zoneinfo/right/America/Tegucigalpa", "/usr/share/zoneinfo/right/America/Thule", "/usr/share/zoneinfo/right/America/Tijuana", "/usr/share/zoneinfo/right/America/Toronto", "/usr/share/zoneinfo/right/America/Tortola", "/usr/share/zoneinfo/right/America/Vancouver", "/usr/share/zoneinfo/right/America/Whitehorse", "/usr/share/zoneinfo/right/America/Winnipeg", "/usr/share/zoneinfo/right/America/Yakutat", "/usr/share/zoneinfo/right/Antarctica/Casey", "/usr/share/zoneinfo/right/Antarctica/Davis", "/usr/share/zoneinfo/right/Antarctica/DumontDUrville", "/usr/share/zoneinfo/right/Antarctica/Macquarie", "/usr/share/zoneinfo/right/Antarctica/Mawson", "/usr/share/zoneinfo/right/Antarctica/McMurdo", "/usr/share/zoneinfo/right/Antarctica/Palmer", "/usr/share/zoneinfo/right/Antarctica/Rothera", "/usr/share/zoneinfo/right/Antarctica/Syowa", "/usr/share/zoneinfo/right/Antarctica/Troll", "/usr/share/zoneinfo/right/Antarctica/Vostok", "/usr/share/zoneinfo/right/Asia/Aden", "/usr/share/zoneinfo/right/Asia/Almaty", "/usr/share/zoneinfo/right/Asia/Amman", "/usr/share/zoneinfo/right/Asia/Anadyr", "/usr/share/zoneinfo/right/Asia/Aqtau", "/usr/share/zoneinfo/right/Asia/Aqtobe", "/usr/share/zoneinfo/right/Asia/Ashgabat", "/usr/share/zoneinfo/right/Asia/Atyrau", "/usr/share/zoneinfo/right/Asia/Baghdad", "/usr/share/zoneinfo/right/Asia/Bahrain", "/usr/share/zoneinfo/right/Asia/Baku", "/usr/share/zoneinfo/right/Asia/Bangkok", "/usr/share/zoneinfo/right/Asia/Barnaul", "/usr/share/zoneinfo/right/Asia/Beirut", "/usr/share/zoneinfo/right/Asia/Bishkek", "/usr/share/zoneinfo/right/Asia/Brunei", "/usr/share/zoneinfo/right/Asia/Chita", "/usr/share/zoneinfo/right/Asia/Choibalsan", "/usr/share/zoneinfo/right/Asia/Colombo", "/usr/share/zoneinfo/right/Asia/Damascus", "/usr/share/zoneinfo/right/Asia/Dhaka", "/usr/share/zoneinfo/right/Asia/Dili", "/usr/share/zoneinfo/right/Asia/Dubai", "/usr/share/zoneinfo/right/Asia/Dushanbe", "/usr/share/zoneinfo/right/Asia/Famagusta", "/usr/share/zoneinfo/right/Asia/Gaza", "/usr/share/zoneinfo/right/Asia/Hebron", "/usr/share/zoneinfo/right/Asia/Ho_Chi_Minh", "/usr/share/zoneinfo/right/Asia/Hong_Kong", "/usr/share/zoneinfo/right/Asia/Hovd", "/usr/share/zoneinfo/right/Asia/Irkutsk", "/usr/share/zoneinfo/right/Asia/Jakarta", "/usr/share/zoneinfo/right/Asia/Jayapura", "/usr/share/zoneinfo/right/Asia/Jerusalem", "/usr/share/zoneinfo/right/Asia/Kabul", "/usr/share/zoneinfo/right/Asia/Kamchatka", "/usr/share/zoneinfo/right/Asia/Karachi", "/usr/share/zoneinfo/right/Asia/Kathmandu", "/usr/share/zoneinfo/right/Asia/Khandyga", "/usr/share/zoneinfo/right/Asia/Kolkata", "/usr/share/zoneinfo/right/Asia/Krasnoyarsk", "/usr/share/zoneinfo/right/Asia/Kuala_Lumpur", "/usr/share/zoneinfo/right/Asia/Kuching", "/usr/share/zoneinfo/right/Asia/Kuwait", "/usr/share/zoneinfo/right/Asia/Macau", "/usr/share/zoneinfo/right/Asia/Magadan", "/usr/share/zoneinfo/right/Asia/Makassar", "/usr/share/zoneinfo/right/Asia/Manila", "/usr/share/zoneinfo/right/Asia/Muscat", "/usr/share/zoneinfo/right/Asia/Nicosia", "/usr/share/zoneinfo/right/Asia/Novokuznetsk", "/usr/share/zoneinfo/right/Asia/Novosibirsk", "/usr/share/zoneinfo/right/Asia/Omsk", "/usr/share/zoneinfo/right/Asia/Oral", "/usr/share/zoneinfo/right/Asia/Phnom_Penh", "/usr/share/zoneinfo/right/Asia/Pontianak", "/usr/share/zoneinfo/right/Asia/Pyongyang", "/usr/share/zoneinfo/right/Asia/Qatar", "/usr/share/zoneinfo/right/Asia/Qostanay", "/usr/share/zoneinfo/right/Asia/Qyzylorda", "/usr/share/zoneinfo/right/Asia/Riyadh", "/usr/share/zoneinfo/right/Asia/Sakhalin", "/usr/share/zoneinfo/right/Asia/Samarkand", "/usr/share/zoneinfo/right/Asia/Seoul", "/usr/share/zoneinfo/right/Asia/Shanghai", "/usr/share/zoneinfo/right/Asia/Singapore", "/usr/share/zoneinfo/right/Asia/Srednekolymsk", "/usr/share/zoneinfo/right/Asia/Taipei", "/usr/share/zoneinfo/right/Asia/Tashkent", "/usr/share/zoneinfo/right/Asia/Tbilisi", "/usr/share/zoneinfo/right/Asia/Tehran", "/usr/share/zoneinfo/right/Asia/Thimphu", "/usr/share/zoneinfo/right/Asia/Tokyo", "/usr/share/zoneinfo/right/Asia/Tomsk", "/usr/share/zoneinfo/right/Asia/Ulaanbaatar", "/usr/share/zoneinfo/right/Asia/Urumqi", "/usr/share/zoneinfo/right/Asia/Ust-Nera", "/usr/share/zoneinfo/right/Asia/Vientiane", "/usr/share/zoneinfo/right/Asia/Vladivostok", "/usr/share/zoneinfo/right/Asia/Yakutsk", "/usr/share/zoneinfo/right/Asia/Yangon", "/usr/share/zoneinfo/right/Asia/Yekaterinburg", "/usr/share/zoneinfo/right/Asia/Yerevan", "/usr/share/zoneinfo/right/Atlantic/Azores", "/usr/share/zoneinfo/right/Atlantic/Bermuda", "/usr/share/zoneinfo/right/Atlantic/Canary", "/usr/share/zoneinfo/right/Atlantic/Cape_Verde", "/usr/share/zoneinfo/right/Atlantic/Faroe", "/usr/share/zoneinfo/right/Atlantic/Madeira", "/usr/share/zoneinfo/right/Atlantic/Reykjavik", "/usr/share/zoneinfo/right/Atlantic/South_Georgia", "/usr/share/zoneinfo/right/Atlantic/St_Helena", "/usr/share/zoneinfo/right/Atlantic/Stanley", "/usr/share/zoneinfo/right/Australia/Adelaide", "/usr/share/zoneinfo/right/Australia/Brisbane", "/usr/share/zoneinfo/right/Australia/Broken_Hill", "/usr/share/zoneinfo/right/Australia/Darwin", "/usr/share/zoneinfo/right/Australia/Eucla", "/usr/share/zoneinfo/right/Australia/Hobart", "/usr/share/zoneinfo/right/Australia/Lindeman", "/usr/share/zoneinfo/right/Australia/Lord_Howe", "/usr/share/zoneinfo/right/Australia/Melbourne", "/usr/share/zoneinfo/right/Australia/Perth", "/usr/share/zoneinfo/right/Australia/Sydney", "/usr/share/zoneinfo/right/CET", "/usr/share/zoneinfo/right/CST6CDT", "/usr/share/zoneinfo/right/EET", "/usr/share/zoneinfo/right/EST", "/usr/share/zoneinfo/right/EST5EDT", "/usr/share/zoneinfo/right/Etc/GMT", "/usr/share/zoneinfo/right/Etc/GMT+1", "/usr/share/zoneinfo/right/Etc/GMT+10", "/usr/share/zoneinfo/right/Etc/GMT+11", "/usr/share/zoneinfo/right/Etc/GMT+12", "/usr/share/zoneinfo/right/Etc/GMT+2", "/usr/share/zoneinfo/right/Etc/GMT+3", "/usr/share/zoneinfo/right/Etc/GMT+4", "/usr/share/zoneinfo/right/Etc/GMT+5", "/usr/share/zoneinfo/right/Etc/GMT+6", "/usr/share/zoneinfo/right/Etc/GMT+7", "/usr/share/zoneinfo/right/Etc/GMT+8", "/usr/share/zoneinfo/right/Etc/GMT+9", "/usr/share/zoneinfo/right/Etc/GMT-1", "/usr/share/zoneinfo/right/Etc/GMT-10", "/usr/share/zoneinfo/right/Etc/GMT-11", "/usr/share/zoneinfo/right/Etc/GMT-12", "/usr/share/zoneinfo/right/Etc/GMT-13", "/usr/share/zoneinfo/right/Etc/GMT-14", "/usr/share/zoneinfo/right/Etc/GMT-2", "/usr/share/zoneinfo/right/Etc/GMT-3", "/usr/share/zoneinfo/right/Etc/GMT-4", "/usr/share/zoneinfo/right/Etc/GMT-5", "/usr/share/zoneinfo/right/Etc/GMT-6", "/usr/share/zoneinfo/right/Etc/GMT-7", "/usr/share/zoneinfo/right/Etc/GMT-8", "/usr/share/zoneinfo/right/Etc/GMT-9", "/usr/share/zoneinfo/right/Etc/UTC", "/usr/share/zoneinfo/right/Europe/Amsterdam", "/usr/share/zoneinfo/right/Europe/Andorra", "/usr/share/zoneinfo/right/Europe/Astrakhan", "/usr/share/zoneinfo/right/Europe/Athens", "/usr/share/zoneinfo/right/Europe/Belgrade", "/usr/share/zoneinfo/right/Europe/Berlin", "/usr/share/zoneinfo/right/Europe/Brussels", "/usr/share/zoneinfo/right/Europe/Bucharest", "/usr/share/zoneinfo/right/Europe/Budapest", "/usr/share/zoneinfo/right/Europe/Chisinau", "/usr/share/zoneinfo/right/Europe/Copenhagen", "/usr/share/zoneinfo/right/Europe/Dublin", "/usr/share/zoneinfo/right/Europe/Gibraltar", "/usr/share/zoneinfo/right/Europe/Guernsey", "/usr/share/zoneinfo/right/Europe/Helsinki", "/usr/share/zoneinfo/right/Europe/Isle_of_Man", "/usr/share/zoneinfo/right/Europe/Istanbul", "/usr/share/zoneinfo/right/Europe/Jersey", "/usr/share/zoneinfo/right/Europe/Kaliningrad", "/usr/share/zoneinfo/right/Europe/Kirov", "/usr/share/zoneinfo/right/Europe/Kyiv", "/usr/share/zoneinfo/right/Europe/Lisbon", "/usr/share/zoneinfo/right/Europe/Ljubljana", "/usr/share/zoneinfo/right/Europe/London", "/usr/share/zoneinfo/right/Europe/Luxembourg", "/usr/share/zoneinfo/right/Europe/Madrid", "/usr/share/zoneinfo/right/Europe/Malta", "/usr/share/zoneinfo/right/Europe/Minsk", "/usr/share/zoneinfo/right/Europe/Monaco", "/usr/share/zoneinfo/right/Europe/Moscow", "/usr/share/zoneinfo/right/Europe/Oslo", "/usr/share/zoneinfo/right/Europe/Paris", "/usr/share/zoneinfo/right/Europe/Prague", "/usr/share/zoneinfo/right/Europe/Riga", "/usr/share/zoneinfo/right/Europe/Rome", "/usr/share/zoneinfo/right/Europe/Samara", "/usr/share/zoneinfo/right/Europe/Sarajevo", "/usr/share/zoneinfo/right/Europe/Saratov", "/usr/share/zoneinfo/right/Europe/Simferopol", "/usr/share/zoneinfo/right/Europe/Skopje", "/usr/share/zoneinfo/right/Europe/Sofia", "/usr/share/zoneinfo/right/Europe/Stockholm", "/usr/share/zoneinfo/right/Europe/Tallinn", "/usr/share/zoneinfo/right/Europe/Tirane", "/usr/share/zoneinfo/right/Europe/Ulyanovsk", "/usr/share/zoneinfo/right/Europe/Vaduz", "/usr/share/zoneinfo/right/Europe/Vienna", "/usr/share/zoneinfo/right/Europe/Vilnius", "/usr/share/zoneinfo/right/Europe/Volgograd", "/usr/share/zoneinfo/right/Europe/Warsaw", "/usr/share/zoneinfo/right/Europe/Zagreb", "/usr/share/zoneinfo/right/Europe/Zurich", "/usr/share/zoneinfo/right/Factory", "/usr/share/zoneinfo/right/HST", "/usr/share/zoneinfo/right/Indian/Antananarivo", "/usr/share/zoneinfo/right/Indian/Chagos", "/usr/share/zoneinfo/right/Indian/Christmas", "/usr/share/zoneinfo/right/Indian/Cocos", "/usr/share/zoneinfo/right/Indian/Comoro", "/usr/share/zoneinfo/right/Indian/Kerguelen", "/usr/share/zoneinfo/right/Indian/Mahe", "/usr/share/zoneinfo/right/Indian/Maldives", "/usr/share/zoneinfo/right/Indian/Mauritius", "/usr/share/zoneinfo/right/Indian/Mayotte", "/usr/share/zoneinfo/right/Indian/Reunion", "/usr/share/zoneinfo/right/MET", "/usr/share/zoneinfo/right/MST", "/usr/share/zoneinfo/right/MST7MDT", "/usr/share/zoneinfo/right/PST8PDT", "/usr/share/zoneinfo/right/Pacific/Apia", "/usr/share/zoneinfo/right/Pacific/Auckland", "/usr/share/zoneinfo/right/Pacific/Bougainville", "/usr/share/zoneinfo/right/Pacific/Chatham", "/usr/share/zoneinfo/right/Pacific/Chuuk", "/usr/share/zoneinfo/right/Pacific/Easter", "/usr/share/zoneinfo/right/Pacific/Efate", "/usr/share/zoneinfo/right/Pacific/Fakaofo", "/usr/share/zoneinfo/right/Pacific/Fiji", "/usr/share/zoneinfo/right/Pacific/Funafuti", "/usr/share/zoneinfo/right/Pacific/Galapagos", "/usr/share/zoneinfo/right/Pacific/Gambier", "/usr/share/zoneinfo/right/Pacific/Guadalcanal", "/usr/share/zoneinfo/right/Pacific/Guam", "/usr/share/zoneinfo/right/Pacific/Honolulu", "/usr/share/zoneinfo/right/Pacific/Kanton", "/usr/share/zoneinfo/right/Pacific/Kiritimati", "/usr/share/zoneinfo/right/Pacific/Kosrae", "/usr/share/zoneinfo/right/Pacific/Kwajalein", "/usr/share/zoneinfo/right/Pacific/Majuro", "/usr/share/zoneinfo/right/Pacific/Marquesas", "/usr/share/zoneinfo/right/Pacific/Midway", "/usr/share/zoneinfo/right/Pacific/Nauru", "/usr/share/zoneinfo/right/Pacific/Niue", "/usr/share/zoneinfo/right/Pacific/Norfolk", "/usr/share/zoneinfo/right/Pacific/Noumea", "/usr/share/zoneinfo/right/Pacific/Pago_Pago", "/usr/share/zoneinfo/right/Pacific/Palau", "/usr/share/zoneinfo/right/Pacific/Pitcairn", "/usr/share/zoneinfo/right/Pacific/Pohnpei", "/usr/share/zoneinfo/right/Pacific/Port_Moresby", "/usr/share/zoneinfo/right/Pacific/Rarotonga", "/usr/share/zoneinfo/right/Pacific/Saipan", "/usr/share/zoneinfo/right/Pacific/Tahiti", "/usr/share/zoneinfo/right/Pacific/Tarawa", "/usr/share/zoneinfo/right/Pacific/Tongatapu", "/usr/share/zoneinfo/right/Pacific/Wake", "/usr/share/zoneinfo/right/Pacific/Wallis", "/usr/share/zoneinfo/right/WET", "/usr/share/zoneinfo/tzdata.zi", "/usr/share/zoneinfo/zone.tab", "/usr/share/zoneinfo/zone1970.tab" ], "AnalyzedBy": "dpkg" } ] }, { "Target": "app/cmd/controller/controller", "Class": "lang-pkgs", "Type": "gobinary", "Packages": [ { "ID": "stdlib@v1.21.9", "Name": "stdlib", "Identifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "8edc96ccfbd9e6cc" }, "Version": "v1.21.9", "Relationship": "direct", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "../../", "Name": "../../", "Identifier": { "UID": "de1afe16c16f3588" }, "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "cloud.google.com/go/compute/metadata@v0.2.3", "Name": "cloud.google.com/go/compute/metadata", "Identifier": { "PURL": "pkg:golang/cloud.google.com/go/compute/metadata@v0.2.3", "UID": "6184dbb5225aaf0e" }, "Version": "v0.2.3", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Azure/azure-sdk-for-go/sdk/azcore@v1.9.1", "Name": "github.com/Azure/azure-sdk-for-go/sdk/azcore", "Identifier": { "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/azcore@v1.9.1", "UID": "adb5084aa737b22c" }, "Version": "v1.9.1", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Azure/azure-sdk-for-go/sdk/azidentity@v1.4.0", "Name": "github.com/Azure/azure-sdk-for-go/sdk/azidentity", "Identifier": { "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/azidentity@v1.4.0", "UID": "3a24e7a4b81c6d6" }, "Version": "v1.4.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Azure/azure-sdk-for-go/sdk/internal@v1.5.1", "Name": "github.com/Azure/azure-sdk-for-go/sdk/internal", "Identifier": { "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/internal@v1.5.1", "UID": "fed59cf9edb6df3d" }, "Version": "v1.5.1", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns@v1.2.0", "Name": "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns", "Identifier": { "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/resourcemanager/dns/armdns@v1.2.0", "UID": "22777d5f4033bf72" }, "Version": "v1.2.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Azure/go-ntlmssp@v0.0.0-20221128193559-754e69321358", "Name": "github.com/Azure/go-ntlmssp", "Identifier": { "PURL": "pkg:golang/github.com/azure/go-ntlmssp@v0.0.0-20221128193559-754e69321358", "UID": "fa8edb00e0957101" }, "Version": "v0.0.0-20221128193559-754e69321358", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/AzureAD/microsoft-authentication-library-for-go@v1.1.1", "Name": "github.com/AzureAD/microsoft-authentication-library-for-go", "Identifier": { "PURL": "pkg:golang/github.com/azuread/microsoft-authentication-library-for-go@v1.1.1", "UID": "bf8e6a15f7a59a27" }, "Version": "v1.1.1", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Venafi/vcert/v5@v5.3.0", "Name": "github.com/Venafi/vcert/v5", "Identifier": { "PURL": "pkg:golang/github.com/venafi/vcert/v5@v5.3.0", "UID": "7a167574d8a4add" }, "Version": "v5.3.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/akamai/AkamaiOPEN-edgegrid-golang@v1.2.2", "Name": "github.com/akamai/AkamaiOPEN-edgegrid-golang", "Identifier": { "PURL": "pkg:golang/github.com/akamai/akamaiopen-edgegrid-golang@v1.2.2", "UID": "b3e0d49740ba2f70" }, "Version": "v1.2.2", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go@v1.49.13", "Name": "github.com/aws/aws-sdk-go", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go@v1.49.13", "UID": "606c1ee030bd7388" }, "Version": "v1.49.13", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/beorn7/perks@v1.0.1", "Name": "github.com/beorn7/perks", "Identifier": { "PURL": "pkg:golang/github.com/beorn7/perks@v1.0.1", "UID": "87358bf73fbab2a5" }, "Version": "v1.0.1", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/blang/semver/v4@v4.0.0", "Name": "github.com/blang/semver/v4", "Identifier": { "PURL": "pkg:golang/github.com/blang/semver/v4@v4.0.0", "UID": "ee086fd93a35c198" }, "Version": "v4.0.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cenkalti/backoff/v3@v3.2.2", "Name": "github.com/cenkalti/backoff/v3", "Identifier": { "PURL": "pkg:golang/github.com/cenkalti/backoff/v3@v3.2.2", "UID": "ad19c8e4124c2596" }, "Version": "v3.2.2", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cenkalti/backoff/v4@v4.2.1", "Name": "github.com/cenkalti/backoff/v4", "Identifier": { "PURL": "pkg:golang/github.com/cenkalti/backoff/v4@v4.2.1", "UID": "b2974e6980295feb" }, "Version": "v4.2.1", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cert-manager/cert-manager/controller-binary", "Name": "github.com/cert-manager/cert-manager/controller-binary", "Identifier": { "PURL": "pkg:golang/github.com/cert-manager/cert-manager/controller-binary", "UID": "3d413a2e4d4ec86e" }, "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cespare/xxhash/v2@v2.2.0", "Name": "github.com/cespare/xxhash/v2", "Identifier": { "PURL": "pkg:golang/github.com/cespare/xxhash/v2@v2.2.0", "UID": "3861f4515e2f3da3" }, "Version": "v2.2.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/coreos/go-semver@v0.3.1", "Name": "github.com/coreos/go-semver", "Identifier": { "PURL": "pkg:golang/github.com/coreos/go-semver@v0.3.1", "UID": "1d0478bdb8e089c9" }, "Version": "v0.3.1", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/coreos/go-systemd/v22@v22.5.0", "Name": "github.com/coreos/go-systemd/v22", "Identifier": { "PURL": "pkg:golang/github.com/coreos/go-systemd/v22@v22.5.0", "UID": "c133a621bb528410" }, "Version": "v22.5.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cpu/goacmedns@v0.1.1", "Name": "github.com/cpu/goacmedns", "Identifier": { "PURL": "pkg:golang/github.com/cpu/goacmedns@v0.1.1", "UID": "1b0514d009d22f42" }, "Version": "v0.1.1", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", "Name": "github.com/davecgh/go-spew", "Identifier": { "PURL": "pkg:golang/github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", "UID": "71bb34b9845c423d" }, "Version": "v1.1.2-0.20180830191138-d8f796af33cc", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/digitalocean/godo@v1.107.0", "Name": "github.com/digitalocean/godo", "Identifier": { "PURL": "pkg:golang/github.com/digitalocean/godo@v1.107.0", "UID": "206736ca0b2c66c1" }, "Version": "v1.107.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/emicklei/go-restful/v3@v3.11.0", "Name": "github.com/emicklei/go-restful/v3", "Identifier": { "PURL": "pkg:golang/github.com/emicklei/go-restful/v3@v3.11.0", "UID": "63dac7ff84becab9" }, "Version": "v3.11.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/felixge/httpsnoop@v1.0.4", "Name": "github.com/felixge/httpsnoop", "Identifier": { "PURL": "pkg:golang/github.com/felixge/httpsnoop@v1.0.4", "UID": "d960b7ec0d7eedbe" }, "Version": "v1.0.4", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-asn1-ber/asn1-ber@v1.5.5", "Name": "github.com/go-asn1-ber/asn1-ber", "Identifier": { "PURL": "pkg:golang/github.com/go-asn1-ber/asn1-ber@v1.5.5", "UID": "d129d9fafd5a5741" }, "Version": "v1.5.5", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-jose/go-jose/v3@v3.0.3", "Name": "github.com/go-jose/go-jose/v3", "Identifier": { "PURL": "pkg:golang/github.com/go-jose/go-jose/v3@v3.0.3", "UID": "373516391f2c053d" }, "Version": "v3.0.3", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-ldap/ldap/v3@v3.4.6", "Name": "github.com/go-ldap/ldap/v3", "Identifier": { "PURL": "pkg:golang/github.com/go-ldap/ldap/v3@v3.4.6", "UID": "3d18fb04c423fb38" }, "Version": "v3.4.6", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-logr/logr@v1.4.1", "Name": "github.com/go-logr/logr", "Identifier": { "PURL": "pkg:golang/github.com/go-logr/logr@v1.4.1", "UID": "3f48192f26f4c1e0" }, "Version": "v1.4.1", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-logr/stdr@v1.2.2", "Name": "github.com/go-logr/stdr", "Identifier": { "PURL": "pkg:golang/github.com/go-logr/stdr@v1.2.2", "UID": "194f42d2992ace21" }, "Version": "v1.2.2", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-logr/zapr@v1.3.0", "Name": "github.com/go-logr/zapr", "Identifier": { "PURL": "pkg:golang/github.com/go-logr/zapr@v1.3.0", "UID": "b9f03a01fe8f5ce9" }, "Version": "v1.3.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/jsonpointer@v0.20.2", "Name": "github.com/go-openapi/jsonpointer", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/jsonpointer@v0.20.2", "UID": "d083c176e443858b" }, "Version": "v0.20.2", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/jsonreference@v0.20.4", "Name": "github.com/go-openapi/jsonreference", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/jsonreference@v0.20.4", "UID": "ef7194a05df7f9d6" }, "Version": "v0.20.4", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag@v0.22.7", "Name": "github.com/go-openapi/swag", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag@v0.22.7", "UID": "c7e1cb408f4584c5" }, "Version": "v0.22.7", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/gogo/protobuf@v1.3.2", "Name": "github.com/gogo/protobuf", "Identifier": { "PURL": "pkg:golang/github.com/gogo/protobuf@v1.3.2", "UID": "e6b4681ee484082d" }, "Version": "v1.3.2", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/golang-jwt/jwt/v5@v5.0.0", "Name": "github.com/golang-jwt/jwt/v5", "Identifier": { "PURL": "pkg:golang/github.com/golang-jwt/jwt/v5@v5.0.0", "UID": "f2e87551a6c076a5" }, "Version": "v5.0.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/golang/groupcache@v0.0.0-20210331224755-41bb18bfe9da", "Name": "github.com/golang/groupcache", "Identifier": { "PURL": "pkg:golang/github.com/golang/groupcache@v0.0.0-20210331224755-41bb18bfe9da", "UID": "758e21253ffbca9" }, "Version": "v0.0.0-20210331224755-41bb18bfe9da", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/golang/protobuf@v1.5.3", "Name": "github.com/golang/protobuf", "Identifier": { "PURL": "pkg:golang/github.com/golang/protobuf@v1.5.3", "UID": "b076e5e09591d8f" }, "Version": "v1.5.3", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/golang/snappy@v0.0.4", "Name": "github.com/golang/snappy", "Identifier": { "PURL": "pkg:golang/github.com/golang/snappy@v0.0.4", "UID": "7e078c592c4b0322" }, "Version": "v0.0.4", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/gnostic-models@v0.6.8", "Name": "github.com/google/gnostic-models", "Identifier": { "PURL": "pkg:golang/github.com/google/gnostic-models@v0.6.8", "UID": "8a7c6a6cdec8309f" }, "Version": "v0.6.8", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/go-cmp@v0.6.0", "Name": "github.com/google/go-cmp", "Identifier": { "PURL": "pkg:golang/github.com/google/go-cmp@v0.6.0", "UID": "54b39525e7b92c0d" }, "Version": "v0.6.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/go-querystring@v1.1.0", "Name": "github.com/google/go-querystring", "Identifier": { "PURL": "pkg:golang/github.com/google/go-querystring@v1.1.0", "UID": "e19993adab7620c7" }, "Version": "v1.1.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/gofuzz@v1.2.0", "Name": "github.com/google/gofuzz", "Identifier": { "PURL": "pkg:golang/github.com/google/gofuzz@v1.2.0", "UID": "1fac4cc5a7a7f64a" }, "Version": "v1.2.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/s2a-go@v0.1.7", "Name": "github.com/google/s2a-go", "Identifier": { "PURL": "pkg:golang/github.com/google/s2a-go@v0.1.7", "UID": "5a0b4c7f9b1ed76" }, "Version": "v0.1.7", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/uuid@v1.5.0", "Name": "github.com/google/uuid", "Identifier": { "PURL": "pkg:golang/github.com/google/uuid@v1.5.0", "UID": "7f879838e5ad5034" }, "Version": "v1.5.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/googleapis/enterprise-certificate-proxy@v0.3.2", "Name": "github.com/googleapis/enterprise-certificate-proxy", "Identifier": { "PURL": "pkg:golang/github.com/googleapis/enterprise-certificate-proxy@v0.3.2", "UID": "d26a675653271353" }, "Version": "v0.3.2", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/googleapis/gax-go/v2@v2.12.0", "Name": "github.com/googleapis/gax-go/v2", "Identifier": { "PURL": "pkg:golang/github.com/googleapis/gax-go/v2@v2.12.0", "UID": "9acae0a552bcb8bc" }, "Version": "v2.12.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/grpc-ecosystem/go-grpc-prometheus@v1.2.0", "Name": "github.com/grpc-ecosystem/go-grpc-prometheus", "Identifier": { "PURL": "pkg:golang/github.com/grpc-ecosystem/go-grpc-prometheus@v1.2.0", "UID": "45e8215b10cf05ce" }, "Version": "v1.2.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/grpc-ecosystem/grpc-gateway/v2@v2.18.1", "Name": "github.com/grpc-ecosystem/grpc-gateway/v2", "Identifier": { "PURL": "pkg:golang/github.com/grpc-ecosystem/grpc-gateway/v2@v2.18.1", "UID": "280851d8bc6bfc6c" }, "Version": "v2.18.1", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/errwrap@v1.1.0", "Name": "github.com/hashicorp/errwrap", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/errwrap@v1.1.0", "UID": "5d1f31f82ed706f3" }, "Version": "v1.1.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/go-cleanhttp@v0.5.2", "Name": "github.com/hashicorp/go-cleanhttp", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/go-cleanhttp@v0.5.2", "UID": "5801c4e499a74427" }, "Version": "v0.5.2", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/go-multierror@v1.1.1", "Name": "github.com/hashicorp/go-multierror", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/go-multierror@v1.1.1", "UID": "accefdc013dd4949" }, "Version": "v1.1.1", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/go-retryablehttp@v0.7.5", "Name": "github.com/hashicorp/go-retryablehttp", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/go-retryablehttp@v0.7.5", "UID": "28e78537240ba17f" }, "Version": "v0.7.5", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/go-rootcerts@v1.0.2", "Name": "github.com/hashicorp/go-rootcerts", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/go-rootcerts@v1.0.2", "UID": "3292fb2ded472dd2" }, "Version": "v1.0.2", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/go-secure-stdlib/parseutil@v0.1.8", "Name": "github.com/hashicorp/go-secure-stdlib/parseutil", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/go-secure-stdlib/parseutil@v0.1.8", "UID": "83c60fdbff112cc2" }, "Version": "v0.1.8", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/go-secure-stdlib/strutil@v0.1.2", "Name": "github.com/hashicorp/go-secure-stdlib/strutil", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/go-secure-stdlib/strutil@v0.1.2", "UID": "e379de6b44a84e06" }, "Version": "v0.1.2", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/go-sockaddr@v1.0.6", "Name": "github.com/hashicorp/go-sockaddr", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/go-sockaddr@v1.0.6", "UID": "2da38f23dc0649fa" }, "Version": "v1.0.6", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/hcl@v1.0.1-vault-5", "Name": "github.com/hashicorp/hcl", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/hcl@v1.0.1-vault-5", "UID": "1ac47ba1b7e97835" }, "Version": "v1.0.1-vault-5", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/vault/api@v1.10.0", "Name": "github.com/hashicorp/vault/api", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/vault/api@v1.10.0", "UID": "758e0d8b44ffd49a" }, "Version": "v1.10.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/vault/sdk@v0.10.2", "Name": "github.com/hashicorp/vault/sdk", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/vault/sdk@v0.10.2", "UID": "613805a9dd8bbbae" }, "Version": "v0.10.2", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/imdario/mergo@v0.3.16", "Name": "github.com/imdario/mergo", "Identifier": { "PURL": "pkg:golang/github.com/imdario/mergo@v0.3.16", "UID": "53ff5d2e2fa5996d" }, "Version": "v0.3.16", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/jmespath/go-jmespath@v0.4.1-0.20220621161143-b0104c826a24", "Name": "github.com/jmespath/go-jmespath", "Identifier": { "PURL": "pkg:golang/github.com/jmespath/go-jmespath@v0.4.1-0.20220621161143-b0104c826a24", "UID": "6bed7fa4081794e2" }, "Version": "v0.4.1-0.20220621161143-b0104c826a24", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/josharian/intern@v1.0.0", "Name": "github.com/josharian/intern", "Identifier": { "PURL": "pkg:golang/github.com/josharian/intern@v1.0.0", "UID": "45a23162a0822329" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/json-iterator/go@v1.1.12", "Name": "github.com/json-iterator/go", "Identifier": { "PURL": "pkg:golang/github.com/json-iterator/go@v1.1.12", "UID": "223b96cdf6a71119" }, "Version": "v1.1.12", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/kr/pretty@v0.3.1", "Name": "github.com/kr/pretty", "Identifier": { "PURL": "pkg:golang/github.com/kr/pretty@v0.3.1", "UID": "3c2d28ace45256a3" }, "Version": "v0.3.1", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/kr/text@v0.2.0", "Name": "github.com/kr/text", "Identifier": { "PURL": "pkg:golang/github.com/kr/text@v0.2.0", "UID": "6ba44309ba29ec88" }, "Version": "v0.2.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/kylelemons/godebug@v1.1.0", "Name": "github.com/kylelemons/godebug", "Identifier": { "PURL": "pkg:golang/github.com/kylelemons/godebug@v1.1.0", "UID": "a86d2f2f4f246156" }, "Version": "v1.1.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mailru/easyjson@v0.7.7", "Name": "github.com/mailru/easyjson", "Identifier": { "PURL": "pkg:golang/github.com/mailru/easyjson@v0.7.7", "UID": "a5491098e3cbccf5" }, "Version": "v0.7.7", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/matttproud/golang_protobuf_extensions/v2@v2.0.0", "Name": "github.com/matttproud/golang_protobuf_extensions/v2", "Identifier": { "PURL": "pkg:golang/github.com/matttproud/golang_protobuf_extensions/v2@v2.0.0", "UID": "b5a44b9d1c6294f1" }, "Version": "v2.0.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/miekg/dns@v1.1.57", "Name": "github.com/miekg/dns", "Identifier": { "PURL": "pkg:golang/github.com/miekg/dns@v1.1.57", "UID": "d495a0c4ce11ad3a" }, "Version": "v1.1.57", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mitchellh/go-homedir@v1.1.0", "Name": "github.com/mitchellh/go-homedir", "Identifier": { "PURL": "pkg:golang/github.com/mitchellh/go-homedir@v1.1.0", "UID": "bc8f751bc72d580a" }, "Version": "v1.1.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mitchellh/mapstructure@v1.5.0", "Name": "github.com/mitchellh/mapstructure", "Identifier": { "PURL": "pkg:golang/github.com/mitchellh/mapstructure@v1.5.0", "UID": "4f54f236d4dc2313" }, "Version": "v1.5.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", "Name": "github.com/modern-go/concurrent", "Identifier": { "PURL": "pkg:golang/github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", "UID": "e89115163961c6ef" }, "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/modern-go/reflect2@v1.0.2", "Name": "github.com/modern-go/reflect2", "Identifier": { "PURL": "pkg:golang/github.com/modern-go/reflect2@v1.0.2", "UID": "1fca3983966c588b" }, "Version": "v1.0.2", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", "Name": "github.com/munnerz/goautoneg", "Identifier": { "PURL": "pkg:golang/github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", "UID": "d0016464c51c3b0d" }, "Version": "v0.0.0-20191010083416-a7dc8b61c822", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/patrickmn/go-cache@v2.1.0+incompatible", "Name": "github.com/patrickmn/go-cache", "Identifier": { "PURL": "pkg:golang/github.com/patrickmn/go-cache@v2.1.0%2Bincompatible", "UID": "d3d65881a29d92ab" }, "Version": "v2.1.0+incompatible", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/pavlo-v-chernykh/keystore-go/v4@v4.5.0", "Name": "github.com/pavlo-v-chernykh/keystore-go/v4", "Identifier": { "PURL": "pkg:golang/github.com/pavlo-v-chernykh/keystore-go/v4@v4.5.0", "UID": "71e6d9e17b4784b3" }, "Version": "v4.5.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/pierrec/lz4@v2.6.1+incompatible", "Name": "github.com/pierrec/lz4", "Identifier": { "PURL": "pkg:golang/github.com/pierrec/lz4@v2.6.1%2Bincompatible", "UID": "5385bb95c0ec991c" }, "Version": "v2.6.1+incompatible", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/pkg/browser@v0.0.0-20210911075715-681adbf594b8", "Name": "github.com/pkg/browser", "Identifier": { "PURL": "pkg:golang/github.com/pkg/browser@v0.0.0-20210911075715-681adbf594b8", "UID": "8729f43896363e5a" }, "Version": "v0.0.0-20210911075715-681adbf594b8", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/pkg/errors@v0.9.1", "Name": "github.com/pkg/errors", "Identifier": { "PURL": "pkg:golang/github.com/pkg/errors@v0.9.1", "UID": "d94c1278e904aa0f" }, "Version": "v0.9.1", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/client_golang@v1.18.0", "Name": "github.com/prometheus/client_golang", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/client_golang@v1.18.0", "UID": "22c2d88bc03e3200" }, "Version": "v1.18.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/client_model@v0.5.0", "Name": "github.com/prometheus/client_model", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/client_model@v0.5.0", "UID": "c499d6bf760ac096" }, "Version": "v0.5.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/common@v0.45.0", "Name": "github.com/prometheus/common", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/common@v0.45.0", "UID": "e3fb58abeb182bd4" }, "Version": "v0.45.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/procfs@v0.12.0", "Name": "github.com/prometheus/procfs", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/procfs@v0.12.0", "UID": "8852c3f50889c68e" }, "Version": "v0.12.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/rogpeppe/go-internal@v1.12.0", "Name": "github.com/rogpeppe/go-internal", "Identifier": { "PURL": "pkg:golang/github.com/rogpeppe/go-internal@v1.12.0", "UID": "11e2d55a801d4aed" }, "Version": "v1.12.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/ryanuber/go-glob@v1.0.0", "Name": "github.com/ryanuber/go-glob", "Identifier": { "PURL": "pkg:golang/github.com/ryanuber/go-glob@v1.0.0", "UID": "8046613387d35e29" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/sirupsen/logrus@v1.9.3", "Name": "github.com/sirupsen/logrus", "Identifier": { "PURL": "pkg:golang/github.com/sirupsen/logrus@v1.9.3", "UID": "e333932de5a0737d" }, "Version": "v1.9.3", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/sosodev/duration@v1.2.0", "Name": "github.com/sosodev/duration", "Identifier": { "PURL": "pkg:golang/github.com/sosodev/duration@v1.2.0", "UID": "22290ff139a2ae6" }, "Version": "v1.2.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/spf13/cobra@v1.8.0", "Name": "github.com/spf13/cobra", "Identifier": { "PURL": "pkg:golang/github.com/spf13/cobra@v1.8.0", "UID": "ca9fe2f7ce95ef0c" }, "Version": "v1.8.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/spf13/pflag@v1.0.5", "Name": "github.com/spf13/pflag", "Identifier": { "PURL": "pkg:golang/github.com/spf13/pflag@v1.0.5", "UID": "1227c848d7c08941" }, "Version": "v1.0.5", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/youmark/pkcs8@v0.0.0-20201027041543-1326539a0a0a", "Name": "github.com/youmark/pkcs8", "Identifier": { "PURL": "pkg:golang/github.com/youmark/pkcs8@v0.0.0-20201027041543-1326539a0a0a", "UID": "db1b0e66309d5828" }, "Version": "v0.0.0-20201027041543-1326539a0a0a", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "go.etcd.io/etcd/api/v3@v3.5.11", "Name": "go.etcd.io/etcd/api/v3", "Identifier": { "PURL": "pkg:golang/go.etcd.io/etcd/api/v3@v3.5.11", "UID": "2d4e24920c41c356" }, "Version": "v3.5.11", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "go.etcd.io/etcd/client/pkg/v3@v3.5.11", "Name": "go.etcd.io/etcd/client/pkg/v3", "Identifier": { "PURL": "pkg:golang/go.etcd.io/etcd/client/pkg/v3@v3.5.11", "UID": "7578eba5e8484c0b" }, "Version": "v3.5.11", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "go.etcd.io/etcd/client/v3@v3.5.11", "Name": "go.etcd.io/etcd/client/v3", "Identifier": { "PURL": "pkg:golang/go.etcd.io/etcd/client/v3@v3.5.11", "UID": "9a3ef074059cf5fa" }, "Version": "v3.5.11", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opencensus.io@v0.24.0", "Name": "go.opencensus.io", "Identifier": { "PURL": "pkg:golang/go.opencensus.io@v0.24.0", "UID": "c7166444cf1bb6e7" }, "Version": "v0.24.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@v0.46.1", "Name": "go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@v0.46.1", "UID": "61cabe9bbefbe519" }, "Version": "v0.46.1", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.46.1", "Name": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.46.1", "UID": "78b00331a041bf11" }, "Version": "v0.46.1", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/otel@v1.21.0", "Name": "go.opentelemetry.io/otel", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel@v1.21.0", "UID": "37d61c488341b72d" }, "Version": "v1.21.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/otel/exporters/otlp/otlptrace@v1.21.0", "Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlptrace@v1.21.0", "UID": "41499d863aa94a8c" }, "Version": "v1.21.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@v1.21.0", "Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@v1.21.0", "UID": "33eab2924be67587" }, "Version": "v1.21.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/otel/metric@v1.21.0", "Name": "go.opentelemetry.io/otel/metric", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel/metric@v1.21.0", "UID": "477dcff201530a6c" }, "Version": "v1.21.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/otel/sdk@v1.21.0", "Name": "go.opentelemetry.io/otel/sdk", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel/sdk@v1.21.0", "UID": "c7b17f2a3d58275f" }, "Version": "v1.21.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/otel/trace@v1.21.0", "Name": "go.opentelemetry.io/otel/trace", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel/trace@v1.21.0", "UID": "15041b7ca33550a8" }, "Version": "v1.21.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/proto/otlp@v1.0.0", "Name": "go.opentelemetry.io/proto/otlp", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/proto/otlp@v1.0.0", "UID": "943c0620e209a1d5" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "go.uber.org/multierr@v1.11.0", "Name": "go.uber.org/multierr", "Identifier": { "PURL": "pkg:golang/go.uber.org/multierr@v1.11.0", "UID": "c734498054f6a951" }, "Version": "v1.11.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "go.uber.org/zap@v1.26.0", "Name": "go.uber.org/zap", "Identifier": { "PURL": "pkg:golang/go.uber.org/zap@v1.26.0", "UID": "dc950a8f9bed7be6" }, "Version": "v1.26.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/crypto@v0.22.0", "Name": "golang.org/x/crypto", "Identifier": { "PURL": "pkg:golang/golang.org/x/crypto@v0.22.0", "UID": "5e14ca585b062f40" }, "Version": "v0.22.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/net@v0.24.0", "Name": "golang.org/x/net", "Identifier": { "PURL": "pkg:golang/golang.org/x/net@v0.24.0", "UID": "3dd087610d725263" }, "Version": "v0.24.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/oauth2@v0.15.0", "Name": "golang.org/x/oauth2", "Identifier": { "PURL": "pkg:golang/golang.org/x/oauth2@v0.15.0", "UID": "e7c0ced0e24d4259" }, "Version": "v0.15.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/sync@v0.5.0", "Name": "golang.org/x/sync", "Identifier": { "PURL": "pkg:golang/golang.org/x/sync@v0.5.0", "UID": "53e55d13a98a948" }, "Version": "v0.5.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/sys@v0.19.0", "Name": "golang.org/x/sys", "Identifier": { "PURL": "pkg:golang/golang.org/x/sys@v0.19.0", "UID": "b3f4f35ed893a933" }, "Version": "v0.19.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/term@v0.19.0", "Name": "golang.org/x/term", "Identifier": { "PURL": "pkg:golang/golang.org/x/term@v0.19.0", "UID": "9f6a8800524b2c77" }, "Version": "v0.19.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/text@v0.14.0", "Name": "golang.org/x/text", "Identifier": { "PURL": "pkg:golang/golang.org/x/text@v0.14.0", "UID": "69887f6c848b4561" }, "Version": "v0.14.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/time@v0.5.0", "Name": "golang.org/x/time", "Identifier": { "PURL": "pkg:golang/golang.org/x/time@v0.5.0", "UID": "e4d5c3456429d151" }, "Version": "v0.5.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/api@v0.154.0", "Name": "google.golang.org/api", "Identifier": { "PURL": "pkg:golang/google.golang.org/api@v0.154.0", "UID": "2d0cb857884164ff" }, "Version": "v0.154.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/genproto/googleapis/api@v0.0.0-20240102182953-50ed04b92917", "Name": "google.golang.org/genproto/googleapis/api", "Identifier": { "PURL": "pkg:golang/google.golang.org/genproto/googleapis/api@v0.0.0-20240102182953-50ed04b92917", "UID": "8f135aaab691d7ca" }, "Version": "v0.0.0-20240102182953-50ed04b92917", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/genproto/googleapis/rpc@v0.0.0-20240102182953-50ed04b92917", "Name": "google.golang.org/genproto/googleapis/rpc", "Identifier": { "PURL": "pkg:golang/google.golang.org/genproto/googleapis/rpc@v0.0.0-20240102182953-50ed04b92917", "UID": "6c088cce25d827ce" }, "Version": "v0.0.0-20240102182953-50ed04b92917", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/grpc@v1.60.1", "Name": "google.golang.org/grpc", "Identifier": { "PURL": "pkg:golang/google.golang.org/grpc@v1.60.1", "UID": "3b775a1a9b723c5f" }, "Version": "v1.60.1", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/protobuf@v1.33.0", "Name": "google.golang.org/protobuf", "Identifier": { "PURL": "pkg:golang/google.golang.org/protobuf@v1.33.0", "UID": "b6b6a24a7bbcde73" }, "Version": "v1.33.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/inf.v0@v0.9.1", "Name": "gopkg.in/inf.v0", "Identifier": { "PURL": "pkg:golang/gopkg.in/inf.v0@v0.9.1", "UID": "1f0b2021ba7d6f43" }, "Version": "v0.9.1", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/ini.v1@v1.67.0", "Name": "gopkg.in/ini.v1", "Identifier": { "PURL": "pkg:golang/gopkg.in/ini.v1@v1.67.0", "UID": "7aaadc35baa0e63e" }, "Version": "v1.67.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/yaml.v2@v2.4.0", "Name": "gopkg.in/yaml.v2", "Identifier": { "PURL": "pkg:golang/gopkg.in/yaml.v2@v2.4.0", "UID": "bf72a021aa7ca005" }, "Version": "v2.4.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/yaml.v3@v3.0.1", "Name": "gopkg.in/yaml.v3", "Identifier": { "PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1", "UID": "9702445cfb9e2049" }, "Version": "v3.0.1", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/api@v0.29.0", "Name": "k8s.io/api", "Identifier": { "PURL": "pkg:golang/k8s.io/api@v0.29.0", "UID": "278d95fba053c868" }, "Version": "v0.29.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/apiextensions-apiserver@v0.29.0", "Name": "k8s.io/apiextensions-apiserver", "Identifier": { "PURL": "pkg:golang/k8s.io/apiextensions-apiserver@v0.29.0", "UID": "bcb44e1e63094410" }, "Version": "v0.29.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/apimachinery@v0.29.0", "Name": "k8s.io/apimachinery", "Identifier": { "PURL": "pkg:golang/k8s.io/apimachinery@v0.29.0", "UID": "39de2f586ea55bac" }, "Version": "v0.29.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/apiserver@v0.29.0", "Name": "k8s.io/apiserver", "Identifier": { "PURL": "pkg:golang/k8s.io/apiserver@v0.29.0", "UID": "43b70b02d81d0d63" }, "Version": "v0.29.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/client-go@v0.29.0", "Name": "k8s.io/client-go", "Identifier": { "PURL": "pkg:golang/k8s.io/client-go@v0.29.0", "UID": "c434fafdb5a1c7ce" }, "Version": "v0.29.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/component-base@v0.29.0", "Name": "k8s.io/component-base", "Identifier": { "PURL": "pkg:golang/k8s.io/component-base@v0.29.0", "UID": "77587dc539808776" }, "Version": "v0.29.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/klog/v2@v2.110.1", "Name": "k8s.io/klog/v2", "Identifier": { "PURL": "pkg:golang/k8s.io/klog/v2@v2.110.1", "UID": "dc0a29adf634827b" }, "Version": "v2.110.1", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/kube-openapi@v0.0.0-20240103051144-eec4567ac022", "Name": "k8s.io/kube-openapi", "Identifier": { "PURL": "pkg:golang/k8s.io/kube-openapi@v0.0.0-20240103051144-eec4567ac022", "UID": "e030f9e9ceb0e0a2" }, "Version": "v0.0.0-20240103051144-eec4567ac022", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/utils@v0.0.0-20240102154912-e7106e64919e", "Name": "k8s.io/utils", "Identifier": { "PURL": "pkg:golang/k8s.io/utils@v0.0.0-20240102154912-e7106e64919e", "UID": "dc79ed9998c991aa" }, "Version": "v0.0.0-20240102154912-e7106e64919e", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/apiserver-network-proxy/konnectivity-client@v0.29.0", "Name": "sigs.k8s.io/apiserver-network-proxy/konnectivity-client", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/apiserver-network-proxy/konnectivity-client@v0.29.0", "UID": "c6171ea3cc584341" }, "Version": "v0.29.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/gateway-api@v1.0.0", "Name": "sigs.k8s.io/gateway-api", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/gateway-api@v1.0.0", "UID": "1cad5e565953c35b" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/json@v0.0.0-20221116044647-bc3834ca7abd", "Name": "sigs.k8s.io/json", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/json@v0.0.0-20221116044647-bc3834ca7abd", "UID": "64e2ddea624d801a" }, "Version": "v0.0.0-20221116044647-bc3834ca7abd", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/structured-merge-diff/v4@v4.4.1", "Name": "sigs.k8s.io/structured-merge-diff/v4", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/structured-merge-diff/v4@v4.4.1", "UID": "f17831a24d9717ea" }, "Version": "v4.4.1", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/yaml@v1.4.0", "Name": "sigs.k8s.io/yaml", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/yaml@v1.4.0", "UID": "ef6d918b3a755417" }, "Version": "v1.4.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" }, { "ID": "software.sslmate.com/src/go-pkcs12@v0.4.0", "Name": "software.sslmate.com/src/go-pkcs12", "Identifier": { "PURL": "pkg:golang/software.sslmate.com/src/go-pkcs12@v0.4.0", "UID": "18c957070ecf74c1" }, "Version": "v0.4.0", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "AnalyzedBy": "gobinary" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2024-35255", "VendorIDs": [ "GHSA-m5vv-6r4h-3vj9" ], "PkgID": "github.com/Azure/azure-sdk-for-go/sdk/azidentity@v1.4.0", "PkgName": "github.com/Azure/azure-sdk-for-go/sdk/azidentity", "PkgIdentifier": { "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/azidentity@v1.4.0", "UID": "3a24e7a4b81c6d6" }, "InstalledVersion": "v1.4.0", "FixedVersion": "1.6.0-beta.4.0.20240610221955-50774cd97099", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-35255", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:1605c38610e61dcf04c8d24ca0f41a21743105453a31d8cf9e75cbb90d232ad0", "Title": "azure-identity: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity", "Description": "Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "amazon": 3, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "V3Score": 5.5, "V40Score": 6.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-35255", "https://github.com/Azure/azure-sdk-for-go/commit/50774cd9709905523136fb05e8c85a50e8984499", "https://github.com/Azure/azure-sdk-for-java/commit/5bf020d6ea056de40e2738e3647a4e06f902c18d", "https://github.com/Azure/azure-sdk-for-js/commit/c6aa75d312ae463e744163cedfd8fc480cc8d492", "https://github.com/Azure/azure-sdk-for-net/commit/9279a4f38bf69b457cfb9b354f210e0a540a5c53", "https://github.com/Azure/azure-sdk-for-python/commit/cb065acd7d0f957327dc4f02d1646d4e51a94178", "https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/4806#issuecomment-2178960340", "https://github.com/advisories/GHSA-m5vv-6r4h-3vj9", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35255", "https://nvd.nist.gov/vuln/detail/CVE-2024-35255", "https://www.cve.org/CVERecord?id=CVE-2024-35255" ], "PublishedDate": "2024-06-11T17:16:03.55Z", "LastModifiedDate": "2024-11-21T09:20:01.923Z" }, { "VulnerabilityID": "CVE-2026-32952", "VendorIDs": [ "GHSA-pjcq-xvwq-hhpj" ], "PkgID": "github.com/Azure/go-ntlmssp@v0.0.0-20221128193559-754e69321358", "PkgName": "github.com/Azure/go-ntlmssp", "PkgIdentifier": { "PURL": "pkg:golang/github.com/azure/go-ntlmssp@v0.0.0-20221128193559-754e69321358", "UID": "fa8edb00e0957101" }, "InstalledVersion": "v0.0.0-20221128193559-754e69321358", "FixedVersion": "0.1.1", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32952", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:0ba31604bb1cf5496d34080b5ed0f6965435f7385083938175ff907422cb2706", "Title": "go-ntlmssp: go-ntlmssp: Denial of Service via malicious NTLM challenge", "Description": "go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using `ntlmssp.Negotiator` as an HTTP transport. Version 0.1.1 patches the issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "ghsa": 2, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32952", "https://github.com/Azure/go-ntlmssp", "https://github.com/Azure/go-ntlmssp/releases/tag/v0.1.1", "https://github.com/Azure/go-ntlmssp/security/advisories/GHSA-pjcq-xvwq-hhpj", "https://nvd.nist.gov/vuln/detail/CVE-2026-32952", "https://www.cve.org/CVERecord?id=CVE-2026-32952" ], "PublishedDate": "2026-04-24T03:16:07.833Z", "LastModifiedDate": "2026-05-21T18:22:06.247Z" }, { "VulnerabilityID": "CVE-2026-34986", "VendorIDs": [ "GHSA-78h2-9frx-2jm8" ], "PkgID": "github.com/go-jose/go-jose/v3@v3.0.3", "PkgName": "github.com/go-jose/go-jose/v3", "PkgIdentifier": { "PURL": "pkg:golang/github.com/go-jose/go-jose/v3@v3.0.3", "UID": "373516391f2c053d" }, "InstalledVersion": "v3.0.3", "FixedVersion": "3.0.5", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34986", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:e6c89074c69d5c59bf715943c6aa9aaebd738d629b935862ecd1616b553c6f93", "Title": "github.com/go-jose/go-jose/v3: github.com/go-jose/go-jose/v4: Go JOSE: Denial of Service via crafted JSON Web Encryption (JWE) object", "Description": "Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption (JWE) object will panic if the alg field indicates a key wrapping algorithm (one ending in KW, with the exception of A128GCMKW, A192GCMKW, and A256GCMKW) and the encrypted_key field is empty. The panic happens when cipher.KeyUnwrap() in key_wrap.go attempts to allocate a slice with a zero or negative length based on the length of the encrypted_key. This code path is reachable from ParseEncrypted() / ParseEncryptedJSON() / ParseEncryptedCompact() followed by Decrypt() on the resulting object. Note that the parse functions take a list of accepted key algorithms. If the accepted key algorithms do not include any key wrapping algorithms, parsing will fail and the application will be unaffected. This panic is also reachable by calling cipher.KeyUnwrap() directly with any ciphertext parameter less than 16 bytes long, but calling this function directly is less common. Panics can lead to denial of service. This vulnerability is fixed in 4.1.4 and 3.0.5.", "Severity": "HIGH", "CweIDs": [ "CWE-248" ], "VendorSeverity": { "alma": 3, "amazon": 3, "ghsa": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:10135", "https://access.redhat.com/security/cve/CVE-2026-34986", "https://bugzilla.redhat.com/2455470", "https://bugzilla.redhat.com/show_bug.cgi?id=2455470", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-34986", "https://errata.almalinux.org/9/ALSA-2026-10135.html", "https://errata.rockylinux.org/RLSA-2026:10135", "https://github.com/go-jose/go-jose", "https://github.com/go-jose/go-jose/security/advisories/GHSA-78h2-9frx-2jm8", "https://linux.oracle.com/cve/CVE-2026-34986.html", "https://linux.oracle.com/errata/ELSA-2026-10135.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-34986", "https://pkg.go.dev/github.com/go-jose/go-jose/v4#pkg-constants", "https://www.cve.org/CVERecord?id=CVE-2026-34986" ], "PublishedDate": "2026-04-06T17:17:11.87Z", "LastModifiedDate": "2026-05-04T15:20:44.337Z" }, { "VulnerabilityID": "CVE-2025-27144", "VendorIDs": [ "GHSA-c6gw-w398-hv78" ], "PkgID": "github.com/go-jose/go-jose/v3@v3.0.3", "PkgName": "github.com/go-jose/go-jose/v3", "PkgIdentifier": { "PURL": "pkg:golang/github.com/go-jose/go-jose/v3@v3.0.3", "UID": "373516391f2c053d" }, "InstalledVersion": "v3.0.3", "FixedVersion": "3.0.4", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-27144", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:dece0c88ca5f13b83041c846ce72cdd9f6be23f557838ab4913300b9120cb172", "Title": "go-jose: Go JOSE's Parsing Vulnerable to Denial of Service", "Description": "Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. In versions on the 4.x branch prior to version 4.0.5, when parsing compact JWS or JWE input, Go JOSE could use excessive memory. The code used strings.Split(token, \".\") to split JWT tokens, which is vulnerable to excessive memory consumption when processing maliciously crafted tokens with a large number of `.` characters. An attacker could exploit this by sending numerous malformed tokens, leading to memory exhaustion and a Denial of Service. Version 4.0.5 fixes this issue. As a workaround, applications could pre-validate that payloads passed to Go JOSE do not contain an excessive number of `.` characters.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "V40Score": 6.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:7397", "https://access.redhat.com/security/cve/CVE-2025-27144", "https://bugzilla.redhat.com/2347423", "https://bugzilla.redhat.com/show_bug.cgi?id=2347423", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27144", "https://errata.almalinux.org/9/ALSA-2025-7397.html", "https://errata.rockylinux.org/RLSA-2025:7397", "https://github.com/go-jose/go-jose", "https://github.com/go-jose/go-jose/commit/99b346cec4e86d102284642c5dcbe9bb0cacfc22", "https://github.com/go-jose/go-jose/releases/tag/v4.0.5", "https://github.com/go-jose/go-jose/security/advisories/GHSA-c6gw-w398-hv78", "https://github.com/golang/go/issues/71490", "https://go.dev/issue/71490", "https://linux.oracle.com/cve/CVE-2025-27144.html", "https://linux.oracle.com/errata/ELSA-2025-7467.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-27144", "https://www.cve.org/CVERecord?id=CVE-2025-27144" ], "PublishedDate": "2025-02-24T23:15:11.427Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-30204", "VendorIDs": [ "GHSA-mh63-6h87-95cp" ], "PkgID": "github.com/golang-jwt/jwt/v5@v5.0.0", "PkgName": "github.com/golang-jwt/jwt/v5", "PkgIdentifier": { "PURL": "pkg:golang/github.com/golang-jwt/jwt/v5@v5.0.0", "UID": "f2e87551a6c076a5" }, "InstalledVersion": "v5.0.0", "FixedVersion": "5.2.2", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-30204", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:a9664a5c00f70aaff63ae6825b48baf439f344bac67505498a4d782788017806", "Title": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing", "Description": "golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.", "Severity": "HIGH", "CweIDs": [ "CWE-405" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "cbl-mariner": 2, "ghsa": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "V3Score": 7.5, "V40Score": 8.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:7425", "https://access.redhat.com/security/cve/CVE-2025-30204", "https://bugzilla.redhat.com/2354195", "https://bugzilla.redhat.com/show_bug.cgi?id=2354195", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30204", "https://errata.almalinux.org/9/ALSA-2025-7425.html", "https://errata.rockylinux.org/RLSA-2025:3411", "https://github.com/golang-jwt/jwt", "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3", "https://github.com/golang-jwt/jwt/commit/bf316c48137a1212f8d0af9288cc9ce8e59f1afb", "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp", "https://linux.oracle.com/cve/CVE-2025-30204.html", "https://linux.oracle.com/errata/ELSA-2025-7967.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-30204", "https://pkg.go.dev/vuln/GO-2025-3553", "https://security.netapp.com/advisory/ntap-20250404-0002", "https://security.netapp.com/advisory/ntap-20250404-0002/", "https://www.cve.org/CVERecord?id=CVE-2025-30204" ], "PublishedDate": "2025-03-21T22:15:26.42Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-6104", "VendorIDs": [ "GHSA-v6v8-xj6m-xwqh" ], "PkgID": "github.com/hashicorp/go-retryablehttp@v0.7.5", "PkgName": "github.com/hashicorp/go-retryablehttp", "PkgIdentifier": { "PURL": "pkg:golang/github.com/hashicorp/go-retryablehttp@v0.7.5", "UID": "28e78537240ba17f" }, "InstalledVersion": "v0.7.5", "FixedVersion": "0.7.7", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-6104", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:d17a9a64403ac7870aa81fa54d6538df559ab8e5c3009f7abf774b799e201d95", "Title": "go-retryablehttp: url might write sensitive information to log file", "Description": "go-retryablehttp prior to 0.7.7 did not sanitize urls when writing them to its log file. This could lead to go-retryablehttp writing sensitive HTTP basic auth credentials to its log file. This vulnerability, CVE-2024-6104, was fixed in go-retryablehttp 0.7.7.", "Severity": "MEDIUM", "CweIDs": [ "CWE-532" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "nvd": 2, "oracle-oval": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "V3Score": 6 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "V3Score": 6 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:9115", "https://access.redhat.com/security/cve/CVE-2024-6104", "https://bugzilla.redhat.com/2279814", "https://bugzilla.redhat.com/2292668", "https://bugzilla.redhat.com/2292787", "https://bugzilla.redhat.com/2294000", "https://bugzilla.redhat.com/2295310", "https://bugzilla.redhat.com/show_bug.cgi?id=2262921", "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", "https://bugzilla.redhat.com/show_bug.cgi?id=2268021", "https://bugzilla.redhat.com/show_bug.cgi?id=2274767", "https://bugzilla.redhat.com/show_bug.cgi?id=2292668", "https://bugzilla.redhat.com/show_bug.cgi?id=2294000", "https://bugzilla.redhat.com/show_bug.cgi?id=2295010", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1394", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24784", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24789", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3727", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-37298", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6104", "https://discuss.hashicorp.com/c/security", "https://discuss.hashicorp.com/t/hcsec-2024-12-go-retryablehttp-can-leak-basic-auth-credentials-to-log-files/68027", "https://errata.almalinux.org/9/ALSA-2024-9115.html", "https://errata.rockylinux.org/RLSA-2024:5258", "https://github.com/advisories/GHSA-v6v8-xj6m-xwqh", "https://github.com/hashicorp/go-retryablehttp", "https://github.com/hashicorp/go-retryablehttp/commit/a99f07beb3c5faaa0a283617e6eb6bcf25f5049a", "https://github.com/hashicorp/go-retryablehttp/pull/158", "https://linux.oracle.com/cve/CVE-2024-6104.html", "https://linux.oracle.com/errata/ELSA-2024-9115.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-6104", "https://www.cve.org/CVERecord?id=CVE-2024-6104" ], "PublishedDate": "2024-06-24T17:15:11.087Z", "LastModifiedDate": "2024-11-21T09:48:58.263Z" }, { "VulnerabilityID": "CVE-2026-24051", "VendorIDs": [ "GHSA-9h8m-3fm2-qjrq" ], "PkgID": "go.opentelemetry.io/otel/sdk@v1.21.0", "PkgName": "go.opentelemetry.io/otel/sdk", "PkgIdentifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel/sdk@v1.21.0", "UID": "c7b17f2a3d58275f" }, "InstalledVersion": "v1.21.0", "FixedVersion": "1.40.0", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-24051", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:e71df8e48f11b55314833eb1478af69e0543a5700cb31ed32b5de0f72da7939c", "Title": "OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking", "Description": "OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking (Untrusted Search Paths) on macOS/Darwin systems. The resource detection code in sdk/resource/host_id.go executes the ioreg system command using a search path. An attacker with the ability to locally modify the PATH environment variable can achieve Arbitrary Code Execution (ACE) within the context of the application. A fix was released with v1.40.0.", "Severity": "HIGH", "CweIDs": [ "CWE-426" ], "VendorSeverity": { "ghsa": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://github.com/open-telemetry/opentelemetry-go", "https://github.com/open-telemetry/opentelemetry-go/commit/d45961bcda453fcbdb6469c22d6e88a1f9970a53", "https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-9h8m-3fm2-qjrq", "https://nvd.nist.gov/vuln/detail/CVE-2026-24051", "https://pkg.go.dev/vuln/GO-2026-4394" ], "PublishedDate": "2026-02-02T23:16:07.963Z", "LastModifiedDate": "2026-02-27T20:32:10.693Z" }, { "VulnerabilityID": "CVE-2026-39883", "VendorIDs": [ "GHSA-hfvc-g4fc-pqhx" ], "PkgID": "go.opentelemetry.io/otel/sdk@v1.21.0", "PkgName": "go.opentelemetry.io/otel/sdk", "PkgIdentifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel/sdk@v1.21.0", "UID": "c7b17f2a3d58275f" }, "InstalledVersion": "v1.21.0", "FixedVersion": "1.43.0", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39883", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:9da49c9fa07fdb73cf5c51b2bd05d1562ddb4a213627e1c0e71066a36a5a3d5e", "Title": "opentelemetry-go: BSD kenv command not using absolute path enables PATH hijacking", "Description": "OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This vulnerability is fixed in 1.43.0.", "Severity": "HIGH", "CweIDs": [ "CWE-426" ], "VendorSeverity": { "ghsa": 3, "nvd": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "V40Score": 7.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "http://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.43.0", "https://github.com/open-telemetry/opentelemetry-go", "https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-hfvc-g4fc-pqhx", "https://nvd.nist.gov/vuln/detail/CVE-2026-39883" ], "PublishedDate": "2026-04-08T21:17:00.697Z", "LastModifiedDate": "2026-04-10T21:16:27.12Z" }, { "VulnerabilityID": "CVE-2024-45337", "VendorIDs": [ "GHSA-v778-237x-gjrc" ], "PkgID": "golang.org/x/crypto@v0.22.0", "PkgName": "golang.org/x/crypto", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/crypto@v0.22.0", "UID": "5e14ca585b062f40" }, "InstalledVersion": "v0.22.0", "FixedVersion": "0.31.0", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-45337", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:7cd04fdef460c37237dc860487f572bc151e055ab248d389f723926e74ada509", "Title": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto", "Description": "Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that \"A call to this function does not guarantee that the key offered is in fact used to authenticate.\" Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/cry...@v0.31.0 enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.", "Severity": "CRITICAL", "VendorSeverity": { "amazon": 3, "azure": 4, "cbl-mariner": 4, "ghsa": 4, "redhat": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N", "V3Score": 8.2 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/12/11/2", "https://access.redhat.com/security/cve/CVE-2024-45337", "https://github.com/golang/crypto", "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909", "https://go-review.googlesource.com/c/crypto/+/635315/", "https://go.dev/cl/635315", "https://go.dev/issue/70779", "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ", "https://nvd.nist.gov/vuln/detail/CVE-2024-45337", "https://pkg.go.dev/vuln/GO-2024-3321", "https://security.netapp.com/advisory/ntap-20250131-0007", "https://security.netapp.com/advisory/ntap-20250131-0007/", "https://ubuntu.com/security/notices/USN-7839-1", "https://ubuntu.com/security/notices/USN-7839-2", "https://www.cve.org/CVERecord?id=CVE-2024-45337" ], "PublishedDate": "2024-12-12T02:02:07.97Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-22869", "VendorIDs": [ "GHSA-hcg3-q754-cr77" ], "PkgID": "golang.org/x/crypto@v0.22.0", "PkgName": "golang.org/x/crypto", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/crypto@v0.22.0", "UID": "5e14ca585b062f40" }, "InstalledVersion": "v0.22.0", "FixedVersion": "0.35.0", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22869", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:010b05ddc64dcca3c5f8d50e49f05557e3ce13e662db7917ecb248eea9c325f1", "Title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh", "Description": "SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "ghsa": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:3833", "https://access.redhat.com/security/cve/CVE-2025-22869", "https://bugzilla.redhat.com/2348367", "https://bugzilla.redhat.com/show_bug.cgi?id=2348367", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22869", "https://errata.almalinux.org/9/ALSA-2025-3833.html", "https://errata.rockylinux.org/RLSA-2025:7416", "https://github.com/golang/crypto", "https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22", "https://go-review.googlesource.com/c/crypto/+/652135", "https://go.dev/cl/652135", "https://go.dev/issue/71931", "https://linux.oracle.com/cve/CVE-2025-22869.html", "https://linux.oracle.com/errata/ELSA-2025-7484.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-22869", "https://pkg.go.dev/vuln/GO-2025-3487", "https://security.netapp.com/advisory/ntap-20250411-0010", "https://security.netapp.com/advisory/ntap-20250411-0010/", "https://www.cve.org/CVERecord?id=CVE-2025-22869" ], "PublishedDate": "2025-02-26T08:14:24.997Z", "LastModifiedDate": "2025-05-01T19:28:20.74Z" }, { "VulnerabilityID": "CVE-2025-47914", "VendorIDs": [ "GHSA-f6x5-jh6r-wrfv" ], "PkgID": "golang.org/x/crypto@v0.22.0", "PkgName": "golang.org/x/crypto", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/crypto@v0.22.0", "UID": "5e14ca585b062f40" }, "InstalledVersion": "v0.22.0", "FixedVersion": "0.45.0", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47914", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:0e869f1080f4f6d88d692c1b18db205d1e882c66fe6a86d0db8f327f10ebb5ff", "Title": "golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages", "Description": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "amazon": 2, "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-47914", "https://go.dev/cl/721960", "https://go.dev/issue/76364", "https://go.googlesource.com/crypto", "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA", "https://nvd.nist.gov/vuln/detail/CVE-2025-47914", "https://pkg.go.dev/vuln/GO-2025-4135", "https://www.cve.org/CVERecord?id=CVE-2025-47914" ], "PublishedDate": "2025-11-19T21:15:50.517Z", "LastModifiedDate": "2025-12-11T19:36:41.373Z" }, { "VulnerabilityID": "CVE-2025-58181", "VendorIDs": [ "GHSA-j5w8-q4qc-rx2x" ], "PkgID": "golang.org/x/crypto@v0.22.0", "PkgName": "golang.org/x/crypto", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/crypto@v0.22.0", "UID": "5e14ca585b062f40" }, "InstalledVersion": "v0.22.0", "FixedVersion": "0.45.0", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58181", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:c3e71a8462e1ef3beb8f2f60b28c6bff9453013c21e350abcbed168df0aa7b1a", "Title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication", "Description": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 2, "ghsa": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-58181", "https://github.com/golang/crypto/commit/e79546e28b85ea53dd37afe1c4102746ef553b9c", "https://github.com/golang/go/issues/76363", "https://go.dev/cl/721961", "https://go.dev/issue/76363", "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA", "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA?pli=1", "https://nvd.nist.gov/vuln/detail/CVE-2025-58181", "https://pkg.go.dev/vuln/GO-2025-4134", "https://ubuntu.com/security/notices/USN-7956-1", "https://www.cve.org/CVERecord?id=CVE-2025-58181" ], "PublishedDate": "2025-11-19T21:15:50.85Z", "LastModifiedDate": "2025-12-11T19:29:24.9Z" }, { "VulnerabilityID": "CVE-2025-22870", "VendorIDs": [ "GHSA-qxp5-gwg8-xv66" ], "PkgID": "golang.org/x/net@v0.24.0", "PkgName": "golang.org/x/net", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/net@v0.24.0", "UID": "3dd087610d725263" }, "InstalledVersion": "v0.24.0", "FixedVersion": "0.36.0", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:77570f66d268e4a416376470a7ef414a37a936feda35d9edadd37515e6c57135", "Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", "Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.", "Severity": "MEDIUM", "CweIDs": [ "CWE-115" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/03/07/2", "https://access.redhat.com/security/cve/CVE-2025-22870", "https://github.com/golang/go/issues/71984", "https://go-review.googlesource.com/q/project:net", "https://go.dev/cl/654697", "https://go.dev/issue/71984", "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", "https://nvd.nist.gov/vuln/detail/CVE-2025-22870", "https://pkg.go.dev/vuln/GO-2025-3503", "https://security.netapp.com/advisory/ntap-20250509-0007", "https://security.netapp.com/advisory/ntap-20250509-0007/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-22870" ], "PublishedDate": "2025-03-12T19:15:38.31Z", "LastModifiedDate": "2026-04-16T23:16:32.86Z" }, { "VulnerabilityID": "CVE-2025-22872", "VendorIDs": [ "GHSA-vvgc-356p-c3xw" ], "PkgID": "golang.org/x/net@v0.24.0", "PkgName": "golang.org/x/net", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/net@v0.24.0", "UID": "3dd087610d725263" }, "InstalledVersion": "v0.24.0", "FixedVersion": "0.38.0", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22872", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:515f671899047b7d27d0366fd78c870fc2857e5c98cc9c78074f8f8358a9b5e9", "Title": "golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net", "Description": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N", "V40Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22872", "https://github.com/TheDegenerateDev5150/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9", "https://github.com/advisories/GHSA-vvgc-356p-c3xw", "https://go.dev/cl/662715", "https://go.dev/issue/73070", "https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA", "https://nvd.nist.gov/vuln/detail/CVE-2025-22872", "https://pkg.go.dev/vuln/GO-2025-3595", "https://security.netapp.com/advisory/ntap-20250516-0007", "https://security.netapp.com/advisory/ntap-20250516-0007/", "https://ubuntu.com/security/notices/USN-8089-1", "https://ubuntu.com/security/notices/USN-8089-2", "https://ubuntu.com/security/notices/USN-8089-3", "https://www.cve.org/CVERecord?id=CVE-2025-22872" ], "PublishedDate": "2025-04-16T18:16:04.183Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-22868", "VendorIDs": [ "GHSA-6v2p-p543-phr9" ], "PkgID": "golang.org/x/oauth2@v0.15.0", "PkgName": "golang.org/x/oauth2", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/oauth2@v0.15.0", "UID": "e7c0ced0e24d4259" }, "InstalledVersion": "v0.15.0", "FixedVersion": "0.27.0", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22868", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:ab59231f61e5b7f8872a88fcbd687e98b2594cb8a5b54bda0e63ea219e9d0f93", "Title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws", "Description": "An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.", "Severity": "HIGH", "CweIDs": [ "CWE-1286" ], "VendorSeverity": { "amazon": 3, "azure": 3, "cbl-mariner": 3, "ghsa": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22868", "https://bugzilla.redhat.com/show_bug.cgi?id=2347423", "https://bugzilla.redhat.com/show_bug.cgi?id=2348366", "https://bugzilla.redhat.com/show_bug.cgi?id=2352914", "https://bugzilla.redhat.com/show_bug.cgi?id=2354195", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22868", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27144", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30204", "https://errata.rockylinux.org/RLSA-2025:7479", "https://go.dev/cl/652155", "https://go.dev/issue/71490", "https://nvd.nist.gov/vuln/detail/CVE-2025-22868", "https://pkg.go.dev/vuln/GO-2025-3488", "https://www.cve.org/CVERecord?id=CVE-2025-22868" ], "PublishedDate": "2025-02-26T08:14:24.897Z", "LastModifiedDate": "2025-05-01T19:27:10.43Z" }, { "VulnerabilityID": "CVE-2026-33186", "VendorIDs": [ "GHSA-p77j-4mvh-x3m3" ], "PkgID": "google.golang.org/grpc@v1.60.1", "PkgName": "google.golang.org/grpc", "PkgIdentifier": { "PURL": "pkg:golang/google.golang.org/grpc@v1.60.1", "UID": "3b775a1a9b723c5f" }, "InstalledVersion": "v1.60.1", "FixedVersion": "1.79.3", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33186", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:9f1d25c1ddcca113ac39b648ae3ec391955b85d6e27316e5df131fd4ce4f9434", "Title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation", "Description": "gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, \"deny\" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback \"allow\" rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific \"deny\" rules for canonical paths but allows other requests by default (a fallback \"allow\" rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening.", "Severity": "CRITICAL", "CweIDs": [ "CWE-285" ], "VendorSeverity": { "amazon": 3, "ghsa": 4, "photon": 4, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33186", "https://github.com/grpc/grpc-go", "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3", "https://nvd.nist.gov/vuln/detail/CVE-2026-33186", "https://www.cve.org/CVERecord?id=CVE-2026-33186" ], "PublishedDate": "2026-03-20T23:16:45.18Z", "LastModifiedDate": "2026-04-10T20:49:17.737Z" }, { "VulnerabilityID": "CVE-2024-24790", "VendorIDs": [ "GO-2024-2887" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "8edc96ccfbd9e6cc" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.21.11, 1.22.4", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24790", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:476fdaa1f0501c3c9bb45ac2c18146548029f60d3b89f73b3527bb71d0e51411", "Title": "golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses", "Description": "The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.", "Severity": "CRITICAL", "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 4, "cbl-mariner": 4, "nvd": 4, "oracle-oval": 2, "photon": 4, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 6.7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/06/04/1", "https://access.redhat.com/errata/RHSA-2025:7256", "https://access.redhat.com/security/cve/CVE-2024-24790", "https://bugzilla.redhat.com/2237777", "https://bugzilla.redhat.com/2237778", "https://bugzilla.redhat.com/2279814", "https://bugzilla.redhat.com/2292787", "https://bugzilla.redhat.com/2295310", "https://bugzilla.redhat.com/2315719", "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", "https://bugzilla.redhat.com/show_bug.cgi?id=2292787", "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", "https://bugzilla.redhat.com/show_bug.cgi?id=2315719", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9355", "https://errata.almalinux.org/9/ALSA-2025-7256.html", "https://errata.rockylinux.org/RLSA-2025:7256", "https://github.com/golang/go/commit/051bdf3fd12a40307606ff9381138039c5f452f0 (1.21)", "https://github.com/golang/go/commit/12d5810cdb1f73cf23d7a86462143e9463317fca (1.22)", "https://github.com/golang/go/issues/67680", "https://go.dev/cl/590316", "https://go.dev/issue/67680", "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k", "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ", "https://linux.oracle.com/cve/CVE-2024-24790.html", "https://linux.oracle.com/errata/ELSA-2025-7256.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-24790", "https://pkg.go.dev/vuln/GO-2024-2887", "https://security.netapp.com/advisory/ntap-20240905-0002/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://www.cve.org/CVERecord?id=CVE-2024-24790" ], "PublishedDate": "2024-06-05T16:15:10.56Z", "LastModifiedDate": "2024-11-21T08:59:42.813Z" }, { "VulnerabilityID": "CVE-2025-68121", "VendorIDs": [ "GO-2026-4337" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "8edc96ccfbd9e6cc" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68121", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:a2a09ba43988c010498e23b5b2132e66686e7f02467d0e51b3ec1dde85c8e022", "Title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption", "Description": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.", "Severity": "CRITICAL", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 4, "cbl-mariner": 2, "nvd": 4, "oracle-oval": 3, "photon": 4, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "V3Score": 10 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "V3Score": 10 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4177", "https://access.redhat.com/security/cve/CVE-2025-68121", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-4177.html", "https://errata.rockylinux.org/RLSA-2026:4177", "https://github.com/golang/go/issues/77113", "https://go.dev/cl/737700", "https://go.dev/issue/77217", "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-68121.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-68121", "https://pkg.go.dev/vuln/GO-2026-4337", "https://www.cve.org/CVERecord?id=CVE-2025-68121" ], "PublishedDate": "2026-02-05T18:16:10.857Z", "LastModifiedDate": "2026-04-29T14:16:16.17Z" }, { "VulnerabilityID": "CVE-2024-34156", "VendorIDs": [ "GO-2024-3106" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "8edc96ccfbd9e6cc" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.22.7, 1.23.1", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34156", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b6d21e982bda4aa2ce32b8d5df84001a1e7d93e8bb8b141841aca4309878840c", "Title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion", "Description": "Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "Severity": "HIGH", "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:3773", "https://access.redhat.com/security/cve/CVE-2024-34156", "https://bugzilla.redhat.com/2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", "https://errata.almalinux.org/9/ALSA-2025-3773.html", "https://errata.rockylinux.org/RLSA-2025:3773", "https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7)", "https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1)", "https://go.dev/cl/611239", "https://go.dev/issue/69139", "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "https://linux.oracle.com/cve/CVE-2024-34156.html", "https://linux.oracle.com/errata/ELSA-2025-3773.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-34156", "https://pkg.go.dev/vuln/GO-2024-3106", "https://security.netapp.com/advisory/ntap-20240926-0004/", "https://ubuntu.com/security/notices/USN-7081-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-34156" ], "PublishedDate": "2024-09-06T21:15:12.02Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-61726", "VendorIDs": [ "GO-2026-4341" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "8edc96ccfbd9e6cc" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61726", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:2df6be654bcd3a359ec0852ef32e8b69a51b2e3d38b16c1f67db107df92f2c71", "Title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url", "Description": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 3, "cbl-mariner": 2, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4177", "https://access.redhat.com/security/cve/CVE-2025-61726", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-4177.html", "https://errata.rockylinux.org/RLSA-2026:4177", "https://go.dev/cl/736712", "https://go.dev/issue/77101", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-61726.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61726", "https://pkg.go.dev/vuln/GO-2026-4341", "https://www.cve.org/CVERecord?id=CVE-2025-61726" ], "PublishedDate": "2026-01-28T20:16:09.713Z", "LastModifiedDate": "2026-02-06T18:47:34.52Z" }, { "VulnerabilityID": "CVE-2025-61729", "VendorIDs": [ "GO-2025-4155" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "8edc96ccfbd9e6cc" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.24.11, 1.25.5", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61729", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:468181ef47e8e6655b118b9f71650128eada63c625dd3fb0e2c7fdff21306d27", "Title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate", "Description": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 1, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:3928", "https://access.redhat.com/security/cve/CVE-2025-61729", "https://bugzilla.redhat.com/2418462", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-3928.html", "https://errata.rockylinux.org/RLSA-2026:3928", "https://go.dev/cl/725920", "https://go.dev/issue/76445", "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "https://linux.oracle.com/cve/CVE-2025-61729.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61729", "https://pkg.go.dev/vuln/GO-2025-4155", "https://www.cve.org/CVERecord?id=CVE-2025-61729" ], "PublishedDate": "2025-12-02T19:15:51.447Z", "LastModifiedDate": "2025-12-19T18:25:28.283Z" }, { "VulnerabilityID": "CVE-2026-25679", "VendorIDs": [ "GO-2026-4601" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "8edc96ccfbd9e6cc" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.25.8, 1.26.1", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25679", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b5539086965d7a86d71dac71f32ac5bd4bb9375a1ae62eaaa7e564153f3e5218", "Title": "net/url: Incorrect parsing of IPv6 host literals in net/url", "Description": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.", "Severity": "HIGH", "CweIDs": [ "CWE-425" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:9044", "https://access.redhat.com/security/cve/CVE-2026-25679", "https://bugzilla.redhat.com/2445356", "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", "https://errata.almalinux.org/9/ALSA-2026-9044.html", "https://errata.rockylinux.org/RLSA-2026:8841", "https://go.dev/cl/752180", "https://go.dev/issue/77578", "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "https://linux.oracle.com/cve/CVE-2026-25679.html", "https://linux.oracle.com/errata/ELSA-2026-9044.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", "https://pkg.go.dev/vuln/GO-2026-4601", "https://www.cve.org/CVERecord?id=CVE-2026-25679" ], "PublishedDate": "2026-03-06T22:16:00.72Z", "LastModifiedDate": "2026-04-21T14:43:03.8Z" }, { "VulnerabilityID": "CVE-2026-32280", "VendorIDs": [ "GO-2026-4947" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "8edc96ccfbd9e6cc" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:23852d8c0f0c2342b9f4687e5e4ff186ec933704c84924b078f227f2977c97ee", "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32280", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/758320", "https://go.dev/issue/78282", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32280.html", "https://linux.oracle.com/errata/ELSA-2026-16875.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", "https://pkg.go.dev/vuln/GO-2026-4947", "https://www.cve.org/CVERecord?id=CVE-2026-32280" ], "PublishedDate": "2026-04-08T02:16:03.247Z", "LastModifiedDate": "2026-04-16T19:16:42.18Z" }, { "VulnerabilityID": "CVE-2026-32281", "VendorIDs": [ "GO-2026-4946" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "8edc96ccfbd9e6cc" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:d0dba8542e6c8354ec5b4c006fe7826a210fe89856b4ab100203a8a31541bed1", "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32281", "https://go.dev/cl/758061", "https://go.dev/issue/78281", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", "https://pkg.go.dev/vuln/GO-2026-4946", "https://www.cve.org/CVERecord?id=CVE-2026-32281" ], "PublishedDate": "2026-04-08T02:16:03.35Z", "LastModifiedDate": "2026-04-16T19:15:57.75Z" }, { "VulnerabilityID": "CVE-2026-32283", "VendorIDs": [ "GO-2026-4870" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "8edc96ccfbd9e6cc" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:595eae3a310ad2344278ec605f2090e472e10e7d0dcaad83ad3e5986d6f449b3", "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "nvd": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32283", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763767", "https://go.dev/issue/78334", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32283.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", "https://pkg.go.dev/vuln/GO-2026-4870", "https://www.cve.org/CVERecord?id=CVE-2026-32283" ], "PublishedDate": "2026-04-08T02:16:03.58Z", "LastModifiedDate": "2026-04-16T19:12:10.54Z" }, { "VulnerabilityID": "CVE-2026-33811", "VendorIDs": [ "GO-2026-4981" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "8edc96ccfbd9e6cc" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:2dfed5af0b7ab633b41eef16d24194d1bc8c1b17a702070c1dc000ef656132a6", "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", "Severity": "HIGH", "CweIDs": [ "CWE-415" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/767860", "https://go.dev/issue/78803", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", "https://pkg.go.dev/vuln/GO-2026-4981" ], "PublishedDate": "2026-05-07T20:16:42.77Z", "LastModifiedDate": "2026-05-12T20:23:02.333Z" }, { "VulnerabilityID": "CVE-2026-33814", "VendorIDs": [ "GO-2026-4918" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "8edc96ccfbd9e6cc" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:46a2c6019e6986ce199b1d9373abb44747c15aeadc4ebb2735d8971e44d5f48f", "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", "Severity": "HIGH", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/761581", "https://go.dev/cl/761640", "https://go.dev/issue/78476", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", "https://pkg.go.dev/vuln/GO-2026-4918" ], "PublishedDate": "2026-05-07T20:16:42.88Z", "LastModifiedDate": "2026-05-13T14:41:59.52Z" }, { "VulnerabilityID": "CVE-2026-39820", "VendorIDs": [ "GO-2026-4986" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "8edc96ccfbd9e6cc" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c68606a8788145cde047431f42fcde450d9d4defd0adff6fad86d92dfccbc1eb", "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/759940", "https://go.dev/issue/78566", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", "https://pkg.go.dev/vuln/GO-2026-4986" ], "PublishedDate": "2026-05-07T20:16:43.187Z", "LastModifiedDate": "2026-05-13T15:10:58.65Z" }, { "VulnerabilityID": "CVE-2026-39836", "VendorIDs": [ "GO-2026-4971" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "8edc96ccfbd9e6cc" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:a23b62fd1fc86f547127cc0c9113bfbe1dd79a0160c5b075c5fbf933c333e714", "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/775320", "https://go.dev/issue/79006", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", "https://pkg.go.dev/vuln/GO-2026-4971" ], "PublishedDate": "2026-05-07T20:16:43.593Z", "LastModifiedDate": "2026-05-13T15:11:10.31Z" }, { "VulnerabilityID": "CVE-2026-42499", "VendorIDs": [ "GO-2026-4977" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "8edc96ccfbd9e6cc" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:0a9d34084568ec55b3f302d10cb2f60cdedcc2529c874ec55ccd11546e3d1927", "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", "Severity": "HIGH", "VendorSeverity": { "bitnami": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/771520", "https://go.dev/issue/78987", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", "https://pkg.go.dev/vuln/GO-2026-4977" ], "PublishedDate": "2026-05-07T20:16:44.54Z", "LastModifiedDate": "2026-05-13T16:59:17.563Z" }, { "VulnerabilityID": "CVE-2024-24789", "VendorIDs": [ "GO-2024-2888" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "8edc96ccfbd9e6cc" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.21.11, 1.22.4", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24789", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:6c059878d38ecca78f93c7d0f174b6769c0817821881633d932a8b3ddaafe0b6", "Title": "golang: archive/zip: Incorrect handling of certain ZIP files", "Description": "The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/06/04/1", "https://access.redhat.com/errata/RHSA-2024:9115", "https://access.redhat.com/security/cve/CVE-2024-24789", "https://bugzilla.redhat.com/2279814", "https://bugzilla.redhat.com/2292668", "https://bugzilla.redhat.com/2292787", "https://bugzilla.redhat.com/2294000", "https://bugzilla.redhat.com/2295310", "https://bugzilla.redhat.com/show_bug.cgi?id=2144983", "https://bugzilla.redhat.com/show_bug.cgi?id=2274767", "https://bugzilla.redhat.com/show_bug.cgi?id=2292668", "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4122", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24789", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3727", "https://errata.almalinux.org/9/ALSA-2024-9115.html", "https://errata.rockylinux.org/RLSA-2024:9102", "https://github.com/golang/go/commit/c8e40338cf00f3c1d86c8fb23863ad67a4c72bcc (1.21)", "https://github.com/golang/go/commit/cf501ac0c5fe351a8582d20b43562027927906e7 (1.22)", "https://github.com/golang/go/issues/66869", "https://go.dev/cl/585397", "https://go.dev/issue/66869", "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k", "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ", "https://linux.oracle.com/cve/CVE-2024-24789.html", "https://linux.oracle.com/errata/ELSA-2024-9115.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5YAEIA6IUHUNGJ7AIXXPQT6D2GYENX7/", "https://nvd.nist.gov/vuln/detail/CVE-2024-24789", "https://pkg.go.dev/vuln/GO-2024-2888", "https://security.netapp.com/advisory/ntap-20250131-0008/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-24789" ], "PublishedDate": "2024-06-05T16:15:10.47Z", "LastModifiedDate": "2025-01-31T15:15:12.74Z" }, { "VulnerabilityID": "CVE-2024-24791", "VendorIDs": [ "GO-2024-2963" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "8edc96ccfbd9e6cc" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.21.12, 1.22.5", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24791", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:2d689e6d31eb2469f7cac432b5564de5fc9ea697e042f85266b9a8ab85944fc7", "Title": "net/http: Denial of service due to improper 100-continue handling in net/http", "Description": "The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an \"Expect: 100-continue\" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending \"Expect: 100-continue\" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "bitnami": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:7256", "https://access.redhat.com/security/cve/CVE-2024-24791", "https://bugzilla.redhat.com/2237777", "https://bugzilla.redhat.com/2237778", "https://bugzilla.redhat.com/2279814", "https://bugzilla.redhat.com/2292787", "https://bugzilla.redhat.com/2295310", "https://bugzilla.redhat.com/2315719", "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", "https://bugzilla.redhat.com/show_bug.cgi?id=2292787", "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", "https://bugzilla.redhat.com/show_bug.cgi?id=2315719", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9355", "https://errata.almalinux.org/9/ALSA-2025-7256.html", "https://errata.rockylinux.org/RLSA-2025:7256", "https://go.dev/cl/591255", "https://go.dev/issue/67555", "https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ", "https://linux.oracle.com/cve/CVE-2024-24791.html", "https://linux.oracle.com/errata/ELSA-2025-7256.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-24791", "https://pkg.go.dev/vuln/GO-2024-2963", "https://security.netapp.com/advisory/ntap-20241004-0004/", "https://ubuntu.com/security/notices/USN-7081-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-24791" ], "PublishedDate": "2024-07-02T22:15:04.833Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-34155", "VendorIDs": [ "GO-2024-3105" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "8edc96ccfbd9e6cc" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.22.7, 1.23.1", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34155", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3e72d758cd16bd52890f329e4ad86114d3534225f94056823d36989816c38d6c", "Title": "go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion", "Description": "Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 4.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:9459", "https://access.redhat.com/security/cve/CVE-2024-34155", "https://bugzilla.redhat.com/2310527", "https://bugzilla.redhat.com/2310528", "https://bugzilla.redhat.com/2310529", "https://bugzilla.redhat.com/2315691", "https://bugzilla.redhat.com/2315887", "https://bugzilla.redhat.com/2317458", "https://bugzilla.redhat.com/2317467", "https://bugzilla.redhat.com/show_bug.cgi?id=2310527", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2310529", "https://bugzilla.redhat.com/show_bug.cgi?id=2315691", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341", "https://errata.almalinux.org/9/ALSA-2024-9459.html", "https://errata.rockylinux.org/RLSA-2024:8039", "https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1)", "https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7)", "https://go.dev/cl/611238", "https://go.dev/issue/69138", "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "https://linux.oracle.com/cve/CVE-2024-34155.html", "https://linux.oracle.com/errata/ELSA-2024-9459.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-34155", "https://pkg.go.dev/vuln/GO-2024-3105", "https://security.netapp.com/advisory/ntap-20240926-0005/", "https://ubuntu.com/security/notices/USN-7081-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-34155" ], "PublishedDate": "2024-09-06T21:15:11.947Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-34158", "VendorIDs": [ "GO-2024-3107" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "8edc96ccfbd9e6cc" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.22.7, 1.23.1", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34158", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:e1b0afbaabca139372915daa3348128dc1967184df39360856a6906a26671c42", "Title": "go/build/constraint: golang: Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion", "Description": "Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.", "Severity": "MEDIUM", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:7118", "https://access.redhat.com/security/cve/CVE-2024-34158", "https://bugzilla.redhat.com/2262921", "https://bugzilla.redhat.com/2310529", "https://bugzilla.redhat.com/2315719", "https://bugzilla.redhat.com/show_bug.cgi?id=2310527", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2310529", "https://bugzilla.redhat.com/show_bug.cgi?id=2315691", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341", "https://errata.almalinux.org/9/ALSA-2025-7118.html", "https://errata.rockylinux.org/RLSA-2024:8039", "https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1)", "https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7)", "https://go.dev/cl/611240", "https://go.dev/issue/69141", "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "https://linux.oracle.com/cve/CVE-2024-34158.html", "https://linux.oracle.com/errata/ELSA-2025-7118.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-34158", "https://pkg.go.dev/vuln/GO-2024-3107", "https://security.netapp.com/advisory/ntap-20241004-0003/", "https://ubuntu.com/security/notices/USN-7081-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-34158" ], "PublishedDate": "2024-09-06T21:15:12.083Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-45336", "VendorIDs": [ "GO-2025-3420" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "8edc96ccfbd9e6cc" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.22.11, 1.23.5, 1.24.0-rc.2", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-45336", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c37beb0a6102dd45b0c2a84d9b9674bdfe3baece0972b2dff3efda0aaacbf39c", "Title": "golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect", "Description": "The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "bitnami": 2, "cbl-mariner": 3, "oracle-oval": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:3772", "https://access.redhat.com/security/cve/CVE-2024-45336", "https://bugzilla.redhat.com/2341750", "https://bugzilla.redhat.com/2341751", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", "https://errata.almalinux.org/8/ALSA-2025-3772.html", "https://errata.rockylinux.org/RLSA-2025:3773", "https://github.com/golang/go/issues/70530", "https://go.dev/cl/643100", "https://go.dev/issue/70530", "https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI", "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ", "https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ", "https://linux.oracle.com/cve/CVE-2024-45336.html", "https://linux.oracle.com/errata/ELSA-2025-7592.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-45336", "https://pkg.go.dev/vuln/GO-2025-3420", "https://security.netapp.com/advisory/ntap-20250221-0003/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2024-45336" ], "PublishedDate": "2025-01-28T02:15:28.807Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-0913", "VendorIDs": [ "GO-2025-3750" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "8edc96ccfbd9e6cc" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.23.10, 1.24.4", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:9a78c13cd83980405e861fcc9404730281d66d651c5378e8a73314ec79f36b94", "Title": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", "Description": "os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 } }, "References": [ "https://go.dev/cl/672396", "https://go.dev/issue/73702", "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "https://nvd.nist.gov/vuln/detail/CVE-2025-0913", "https://pkg.go.dev/vuln/GO-2025-3750" ], "PublishedDate": "2025-06-11T18:15:24.627Z", "LastModifiedDate": "2025-08-08T14:53:03.55Z" }, { "VulnerabilityID": "CVE-2025-22866", "VendorIDs": [ "GO-2025-3447" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "8edc96ccfbd9e6cc" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.22.12, 1.23.6, 1.24.0-rc.3", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22866", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:2de7e49b573a103eec1a87e1a190da757b6165ed0f32f36790e80db6d8ebe5a3", "Title": "crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec", "Description": "Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.", "Severity": "MEDIUM", "VendorSeverity": { "bitnami": 2, "oracle-oval": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22866", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", "https://errata.rockylinux.org/RLSA-2025:3773", "https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12)", "https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6)", "https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3)", "https://github.com/golang/go/issues/71383", "https://go.dev/cl/643735", "https://go.dev/issue/71383", "https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k", "https://linux.oracle.com/cve/CVE-2025-22866.html", "https://linux.oracle.com/errata/ELSA-2025-7466.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-22866", "https://pkg.go.dev/vuln/GO-2025-3447", "https://security.netapp.com/advisory/ntap-20250221-0002/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-22866" ], "PublishedDate": "2025-02-06T17:15:21.41Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-22870", "VendorIDs": [ "GHSA-qxp5-gwg8-xv66", "GO-2025-3503" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "8edc96ccfbd9e6cc" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.23.7, 1.24.1", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:13b1417c820d5e1afb08e2e5d7b2b39bc6924913cd9c98006ba71deb0be39dbb", "Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", "Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.", "Severity": "MEDIUM", "CweIDs": [ "CWE-115" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/03/07/2", "https://access.redhat.com/security/cve/CVE-2025-22870", "https://github.com/golang/go/issues/71984", "https://go-review.googlesource.com/q/project:net", "https://go.dev/cl/654697", "https://go.dev/issue/71984", "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", "https://nvd.nist.gov/vuln/detail/CVE-2025-22870", "https://pkg.go.dev/vuln/GO-2025-3503", "https://security.netapp.com/advisory/ntap-20250509-0007", "https://security.netapp.com/advisory/ntap-20250509-0007/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-22870" ], "PublishedDate": "2025-03-12T19:15:38.31Z", "LastModifiedDate": "2026-04-16T23:16:32.86Z" }, { "VulnerabilityID": "CVE-2025-22871", "VendorIDs": [ "GO-2025-3563" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "8edc96ccfbd9e6cc" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.23.8, 1.24.2", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22871", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:272e62a31e953968f67290e9af2b08c3926832d649189277b6d6c9431e3d231c", "Title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http", "Description": "The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 4, "cbl-mariner": 3, "ghsa": 4, "oracle-oval": 2, "photon": 4, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/04/4", "https://access.redhat.com/errata/RHSA-2025:9635", "https://access.redhat.com/security/cve/CVE-2025-22871", "https://bugzilla.redhat.com/2358493", "https://bugzilla.redhat.com/show_bug.cgi?id=2358493", "https://cert-portal.siemens.com/productcert/html/ssa-783943.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871", "https://errata.almalinux.org/9/ALSA-2025-9635.html", "https://errata.rockylinux.org/RLSA-2025:9635", "https://github.com/roadrunner-server/roadrunner", "https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa", "https://github.com/roadrunner-server/roadrunner/issues/2166", "https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0", "https://go.dev/cl/652998", "https://go.dev/issue/71988", "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk", "https://linux.oracle.com/cve/CVE-2025-22871.html", "https://linux.oracle.com/errata/ELSA-2025-9845.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-22871", "https://pkg.go.dev/vuln/GO-2025-3563", "https://www.cve.org/CVERecord?id=CVE-2025-22871" ], "PublishedDate": "2025-04-08T20:15:20.183Z", "LastModifiedDate": "2026-05-12T13:16:39.897Z" }, { "VulnerabilityID": "CVE-2025-22873", "VendorIDs": [ "GO-2026-4403" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "8edc96ccfbd9e6cc" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.23.9, 1.24.3", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22873", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:077aa457cc3831246c41ef49723526417884836b99a5235e86327d249e6e317a", "Title": "os: os: Information disclosure via path traversal using specially crafted filenames", "Description": "It was possible to improperly access the parent directory of an os.Root by opening a filename ending in \"../\". For example, Root.Open(\"../\") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.", "Severity": "MEDIUM", "CweIDs": [ "CWE-23" ], "VendorSeverity": { "amazon": 2, "bitnami": 1, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "V3Score": 3.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/05/06/2", "https://access.redhat.com/security/cve/CVE-2025-22873", "https://go.dev/cl/670036", "https://go.dev/issue/73555", "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ", "https://nvd.nist.gov/vuln/detail/CVE-2025-22873", "https://pkg.go.dev/vuln/GO-2026-4403", "https://www.cve.org/CVERecord?id=CVE-2025-22873" ], "PublishedDate": "2026-02-04T23:15:54.22Z", "LastModifiedDate": "2026-02-10T15:16:40.057Z" }, { "VulnerabilityID": "CVE-2025-4673", "VendorIDs": [ "GO-2025-3751" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "8edc96ccfbd9e6cc" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.23.10, 1.24.4", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:fbb067c121e37ed079e80d9ef3d5c30c3f03063e08f8c54a4c0f5a7cbffc0b59", "Title": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", "Description": "Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "V3Score": 6.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "V3Score": 6.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:15887", "https://access.redhat.com/security/cve/CVE-2025-4673", "https://bugzilla.redhat.com/2373305", "https://bugzilla.redhat.com/show_bug.cgi?id=2373305", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673", "https://errata.almalinux.org/9/ALSA-2025-15887.html", "https://errata.rockylinux.org/RLSA-2025:15887", "https://go.dev/cl/679257", "https://go.dev/issue/73816", "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "https://linux.oracle.com/cve/CVE-2025-4673.html", "https://linux.oracle.com/errata/ELSA-2025-10677.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-4673", "https://pkg.go.dev/vuln/GO-2025-3751", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-4673" ], "PublishedDate": "2025-06-11T17:15:42.993Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-47906", "VendorIDs": [ "GO-2025-3956" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "8edc96ccfbd9e6cc" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.23.12, 1.24.6", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:2f4bca150cb7cac6faa7e13d731976d2dbc276b7b0eb4bb3fb9e16848d805596", "Title": "os/exec: Unexpected paths returned from LookPath in os/exec", "Description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/08/06/1", "https://access.redhat.com/errata/RHSA-2025:22005", "https://access.redhat.com/security/cve/CVE-2025-47906", "https://bugzilla.redhat.com/2396546", "https://bugzilla.redhat.com/show_bug.cgi?id=2396546", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906", "https://errata.almalinux.org/9/ALSA-2025-22005.html", "https://errata.rockylinux.org/RLSA-2025:22005", "https://go.dev/cl/691775", "https://go.dev/issue/74466", "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", "https://linux.oracle.com/cve/CVE-2025-47906.html", "https://linux.oracle.com/errata/ELSA-2025-22668.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-47906", "https://pkg.go.dev/vuln/GO-2025-3956", "https://www.cve.org/CVERecord?id=CVE-2025-47906" ], "PublishedDate": "2025-09-18T19:15:37.66Z", "LastModifiedDate": "2026-01-27T19:56:17.707Z" }, { "VulnerabilityID": "CVE-2025-47907", "VendorIDs": [ "GO-2025-3849" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "8edc96ccfbd9e6cc" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.23.12, 1.24.6", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c39315a308836b86f2b976314ae40e362c994508599d595a7199e82aef6bb904", "Title": "database/sql: Postgres Scan Race Condition", "Description": "Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "V3Score": 7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/08/06/1", "https://access.redhat.com/errata/RHSA-2025:20909", "https://access.redhat.com/security/cve/CVE-2025-47907", "https://bugzilla.redhat.com/2387083", "https://bugzilla.redhat.com/2393152", "https://errata.almalinux.org/9/ALSA-2025-20909.html", "https://go.dev/cl/693735", "https://go.dev/issue/74831", "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", "https://linux.oracle.com/cve/CVE-2025-47907.html", "https://linux.oracle.com/errata/ELSA-2025-20983.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-47907", "https://pkg.go.dev/vuln/GO-2025-3849", "https://www.cve.org/CVERecord?id=CVE-2025-47907" ], "PublishedDate": "2025-08-07T16:15:30.357Z", "LastModifiedDate": "2026-01-29T19:11:50.67Z" }, { "VulnerabilityID": "CVE-2025-47912", "VendorIDs": [ "GO-2025-4010" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "8edc96ccfbd9e6cc" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47912", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:8b119f1338f4b5c0417019f628c6f606707d479ffe60d8c3f8946ab3bffb2c60", "Title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url", "Description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-47912", "https://go.dev/cl/709857", "https://go.dev/issue/75678", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-47912", "https://pkg.go.dev/vuln/GO-2025-4010", "https://www.cve.org/CVERecord?id=CVE-2025-47912" ], "PublishedDate": "2025-10-29T23:16:18.187Z", "LastModifiedDate": "2026-01-29T13:57:18.69Z" }, { "VulnerabilityID": "CVE-2025-58183", "VendorIDs": [ "GO-2025-4014" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "8edc96ccfbd9e6cc" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58183", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:31b924af6a301f5242fd965e019e1144b533466100a09bd34f2b37546f097aaa", "Title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map", "Description": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/errata/RHSA-2026:1381", "https://access.redhat.com/security/cve/CVE-2025-58183", "https://bugzilla.redhat.com/2407258", "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", "https://errata.almalinux.org/9/ALSA-2026-1381.html", "https://errata.rockylinux.org/RLSA-2025:23326", "https://go.dev/cl/709861", "https://go.dev/issue/75677", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://linux.oracle.com/cve/CVE-2025-58183.html", "https://linux.oracle.com/errata/ELSA-2026-50076.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-58183", "https://pkg.go.dev/vuln/GO-2025-4014", "https://www.cve.org/CVERecord?id=CVE-2025-58183" ], "PublishedDate": "2025-10-29T23:16:19.357Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-58185", "VendorIDs": [ "GO-2025-4011" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "8edc96ccfbd9e6cc" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58185", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:2d4457a5122f21cfb48667433c524de03826bad48354f709fdd14d49416eeb9a", "Title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1", "Description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58185", "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd", "https://go.dev/cl/709856", "https://go.dev/issue/75671", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58185", "https://pkg.go.dev/vuln/GO-2025-4011", "https://www.cve.org/CVERecord?id=CVE-2025-58185" ], "PublishedDate": "2025-10-29T23:16:19.45Z", "LastModifiedDate": "2026-02-06T20:26:41.997Z" }, { "VulnerabilityID": "CVE-2025-58187", "VendorIDs": [ "GO-2025-4007" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "8edc96ccfbd9e6cc" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.24.9, 1.25.3", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58187", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b0a88df2215fafa37e63f6c8ef7fd6bbc1b11059720105aed3e6f5a7647d4ccc", "Title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509", "Description": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.", "Severity": "MEDIUM", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58187", "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4", "https://go.dev/cl/709854", "https://go.dev/issue/75681", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58187", "https://pkg.go.dev/vuln/GO-2025-4007", "https://www.cve.org/CVERecord?id=CVE-2025-58187" ], "PublishedDate": "2025-10-29T23:16:19.643Z", "LastModifiedDate": "2026-01-29T16:02:27.08Z" }, { "VulnerabilityID": "CVE-2025-58188", "VendorIDs": [ "GO-2025-4013" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "8edc96ccfbd9e6cc" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58188", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:087429ebc3e65ce85d444d6979dd9e1f1a7cda95125c20eb1a64b6a78ae0e308", "Title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509", "Description": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58188", "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9", "https://go.dev/cl/709853", "https://go.dev/issue/75675", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58188", "https://pkg.go.dev/vuln/GO-2025-4013", "https://www.cve.org/CVERecord?id=CVE-2025-58188" ], "PublishedDate": "2025-10-29T23:16:19.74Z", "LastModifiedDate": "2026-01-29T15:55:11.97Z" }, { "VulnerabilityID": "CVE-2025-58189", "VendorIDs": [ "GO-2025-4008" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "8edc96ccfbd9e6cc" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58189", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:44a8a1ee2375a8ad0aa89ed74041f18a680d58912138a5e0189f4f572c51d917", "Title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information", "Description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", "Severity": "MEDIUM", "CweIDs": [ "CWE-532" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58189", "https://go.dev/cl/707776", "https://go.dev/issue/75652", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58189", "https://pkg.go.dev/vuln/GO-2025-4008", "https://www.cve.org/CVERecord?id=CVE-2025-58189" ], "PublishedDate": "2025-10-29T23:16:19.833Z", "LastModifiedDate": "2026-01-29T15:49:24.543Z" }, { "VulnerabilityID": "CVE-2025-61723", "VendorIDs": [ "GO-2025-4009" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "8edc96ccfbd9e6cc" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61723", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c7337bb6d081ea297e5a6489248298e1a2a81613c3d5ccc87f261b9d6a78fa69", "Title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem", "Description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61723", "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b", "https://go.dev/cl/709858", "https://go.dev/issue/75676", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61723", "https://pkg.go.dev/vuln/GO-2025-4009", "https://www.cve.org/CVERecord?id=CVE-2025-61723" ], "PublishedDate": "2025-10-29T23:16:19.927Z", "LastModifiedDate": "2026-01-29T15:49:05.343Z" }, { "VulnerabilityID": "CVE-2025-61724", "VendorIDs": [ "GO-2025-4015" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "8edc96ccfbd9e6cc" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61724", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b5b06eeebf98a2054c48afc5dd777fe12f1096c9c47ba4aecf7912b88c6b06b6", "Title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto", "Description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61724", "https://go.dev/cl/709859", "https://go.dev/issue/75716", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61724", "https://pkg.go.dev/vuln/GO-2025-4015", "https://www.cve.org/CVERecord?id=CVE-2025-61724" ], "PublishedDate": "2025-10-29T23:16:20.02Z", "LastModifiedDate": "2026-01-29T15:30:53.69Z" }, { "VulnerabilityID": "CVE-2025-61725", "VendorIDs": [ "GO-2025-4006" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "8edc96ccfbd9e6cc" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61725", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:64f32487ca8d0bea1d236187b03829b56a349ffb6400085c1dc9585e0434b456", "Title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail", "Description": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61725", "https://go.dev/cl/709860", "https://go.dev/issue/75680", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61725", "https://pkg.go.dev/vuln/GO-2025-4006", "https://www.cve.org/CVERecord?id=CVE-2025-61725" ], "PublishedDate": "2025-10-29T23:16:20.113Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-61727", "VendorIDs": [ "GO-2025-4175" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "8edc96ccfbd9e6cc" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.24.11, 1.25.5", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61727", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:7254c2400a8869438e2934e27c270176ec8a99471d7483966792b91121bca57c", "Title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs", "Description": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-61727", "https://go.dev/cl/723900", "https://go.dev/issue/76442", "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "https://nvd.nist.gov/vuln/detail/CVE-2025-61727", "https://pkg.go.dev/vuln/GO-2025-4175", "https://www.cve.org/CVERecord?id=CVE-2025-61727" ], "PublishedDate": "2025-12-03T20:16:25.607Z", "LastModifiedDate": "2025-12-18T20:15:10.957Z" }, { "VulnerabilityID": "CVE-2025-61728", "VendorIDs": [ "GO-2026-4342" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "8edc96ccfbd9e6cc" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61728", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:7d6cf962b00a65a664818b9794d821af4d33a13a0de81ca899051c493610dc6f", "Title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip", "Description": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/15/4", "https://access.redhat.com/errata/RHSA-2026:3753", "https://access.redhat.com/security/cve/CVE-2025-61728", "https://bugzilla.redhat.com/2418462", "https://bugzilla.redhat.com/2434431", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", "https://bugzilla.redhat.com/show_bug.cgi?id=2434431", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-3753.html", "https://errata.rockylinux.org/RLSA-2026:3337", "https://go.dev/cl/736713", "https://go.dev/issue/77102", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-61728.html", "https://linux.oracle.com/errata/ELSA-2026-4672.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61728", "https://pkg.go.dev/vuln/GO-2026-4342", "https://www.cve.org/CVERecord?id=CVE-2025-61728" ], "PublishedDate": "2026-01-28T20:16:09.83Z", "LastModifiedDate": "2026-02-06T18:45:10.42Z" }, { "VulnerabilityID": "CVE-2025-61730", "VendorIDs": [ "GO-2026-4340" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "8edc96ccfbd9e6cc" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61730", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:80dcbc7234ca9441a6dfd8bea1e8352dc5f860f8d52e53b93ee42bf725f14faf", "Title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls", "Description": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 2, "azure": 1, "bitnami": 2, "cbl-mariner": 1, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-61730", "https://go.dev/cl/724120", "https://go.dev/issue/76443", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://nvd.nist.gov/vuln/detail/CVE-2025-61730", "https://pkg.go.dev/vuln/GO-2026-4340", "https://www.cve.org/CVERecord?id=CVE-2025-61730" ], "PublishedDate": "2026-01-28T20:16:09.94Z", "LastModifiedDate": "2026-02-03T20:36:41.3Z" }, { "VulnerabilityID": "CVE-2026-27142", "VendorIDs": [ "GO-2026-4603" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "8edc96ccfbd9e6cc" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.25.8, 1.26.1", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27142", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:a4c595778eb9c879456ce84cc279c06b5cbbf6d50193c08eb7c99eb8f2357d34", "Title": "html/template: URLs in meta content attribute actions are not escaped in html/template", "Description": "Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27142", "https://go.dev/cl/752081", "https://go.dev/issue/77954", "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "https://nvd.nist.gov/vuln/detail/CVE-2026-27142", "https://pkg.go.dev/vuln/GO-2026-4603", "https://www.cve.org/CVERecord?id=CVE-2026-27142" ], "PublishedDate": "2026-03-06T22:16:01.177Z", "LastModifiedDate": "2026-04-21T14:30:01.38Z" }, { "VulnerabilityID": "CVE-2026-32282", "VendorIDs": [ "GO-2026-4864" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "8edc96ccfbd9e6cc" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f0dbfbdec22cde7e7ca9192bd2b2d0ce610d30b62bd8f19c5f03c8fcb65ffb62", "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32282", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763761", "https://go.dev/issue/78293", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32282.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", "https://pkg.go.dev/vuln/GO-2026-4864", "https://www.cve.org/CVERecord?id=CVE-2026-32282" ], "PublishedDate": "2026-04-08T02:16:03.467Z", "LastModifiedDate": "2026-04-16T19:15:39.4Z" }, { "VulnerabilityID": "CVE-2026-32288", "VendorIDs": [ "GO-2026-4869" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "8edc96ccfbd9e6cc" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:8d0b9a6f9f44335ba5c5285471c5b29a99cdf36fa07262575027d258200f1d78", "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "azure": 2, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32288", "https://go.dev/cl/763766", "https://go.dev/issue/78301", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", "https://pkg.go.dev/vuln/GO-2026-4869", "https://www.cve.org/CVERecord?id=CVE-2026-32288" ], "PublishedDate": "2026-04-08T02:16:03.707Z", "LastModifiedDate": "2026-04-16T19:08:52.24Z" }, { "VulnerabilityID": "CVE-2026-32289", "VendorIDs": [ "GO-2026-4865" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "8edc96ccfbd9e6cc" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3cdbb1cd82e98f475a864c1862581c6711ee308e5729237ec1632829af357657", "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32289", "https://go.dev/cl/763762", "https://go.dev/issue/78331", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", "https://pkg.go.dev/vuln/GO-2026-4865", "https://www.cve.org/CVERecord?id=CVE-2026-32289" ], "PublishedDate": "2026-04-08T02:16:03.82Z", "LastModifiedDate": "2026-04-16T19:06:57.367Z" }, { "VulnerabilityID": "CVE-2026-39823", "VendorIDs": [ "GO-2026-4982" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "8edc96ccfbd9e6cc" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:65a098e51170a6ef7fd29f2c7f6975db1a0536639195756581826d0fdba7e199", "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/769920", "https://go.dev/issue/78913", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", "https://pkg.go.dev/vuln/GO-2026-4982" ], "PublishedDate": "2026-05-07T20:16:43.29Z", "LastModifiedDate": "2026-05-13T16:58:45.697Z" }, { "VulnerabilityID": "CVE-2026-39825", "VendorIDs": [ "GO-2026-4976" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "8edc96ccfbd9e6cc" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:6c2646447518e818dae25afde2026b796806b930b2307a8e51c31e6f92e60e8e", "Title": "ReverseProxy can forward queries containing parameters not visible to ...", "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", "Severity": "MEDIUM", "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://go.dev/cl/770541", "https://go.dev/issue/78948", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", "https://pkg.go.dev/vuln/GO-2026-4976" ], "PublishedDate": "2026-05-07T20:16:43.39Z", "LastModifiedDate": "2026-05-13T16:58:56.39Z" }, { "VulnerabilityID": "CVE-2026-39826", "VendorIDs": [ "GO-2026-4980" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "8edc96ccfbd9e6cc" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:0ca7f43cc7c17100ed4d314d9b48e819cfb76e257d32e7c1b5dac8e4b4b22bff", "DiffID": "sha256:2cf3ae1039e65cfac0a6b40599fd48ce8d11b29512aa7f0f956b00d7b6d8e718" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:901fb823fdaeedef70e2121dd92da55e0472f1888a738b18c0b8d7076462a3cf", "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", "Severity": "MEDIUM", "CweIDs": [ "CWE-116" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/771180", "https://go.dev/issue/78981", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", "https://pkg.go.dev/vuln/GO-2026-4980" ], "PublishedDate": "2026-05-07T20:16:43.49Z", "LastModifiedDate": "2026-05-13T16:59:07.48Z" } ] } ] }, { "Namespace": "cert-manager", "Kind": "Deployment", "Name": "cert-manager-cainjector", "Metadata": [ { "Size": 42694656, "OS": { "Family": "debian", "Name": "12.5" }, "ImageID": "sha256:67fe8c356b499e00c2844b58a67c20193a1a7e8de8cccc5651f3d47af7a8877c", "DiffIDs": [ "sha256:3d6fa0469044370439d20eaf7e0d25450e01335a93c13ba46e368d7785914c0c", "sha256:49626df344c912cfe9f8d8fcd635d301bd41127cd326914212cf2443a96cf421", "sha256:945d17be9a3e27af5ca1c671792bf1a8f2c3f4d13d3994665d95f084ed4f8a60", "sha256:4d049f83d9cf21d1f5cc0e11deaf36df02790d0e60c1a3829538fb4b61685368", "sha256:af5aa97ebe6ce1604747ec1e21af7136ded391bcabe4acef882e718a87c86bcc", "sha256:ac805962e47900b616b2f4b4584a34ac7b07d64ac1fd2c077478cf65311addcc", "sha256:bbb6cacb8c82e4da4e8143e03351e939eab5e21ce0ef333c42e637af86c5217b", "sha256:2a92d6ac9e4fcc274d5168b217ca4458a9fec6f094ead68d99c77073f08caac1", "sha256:1a73b54f556b477f0a8b939d13c504a3b4f4db71f7a09c63afbc10acb3de5849", "sha256:f4aee9e53c42a22ed82451218c3ea03d1eea8d6ca8fbe8eb4e950304ba8a8bb3", "sha256:b336e209998fa5cf0eec3dabf93a21194198a35f4f75612d8da03693f8c30217", "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b", "sha256:51c1e33e14008c93d157bf0f308494a7d0a421ce0693a232f92ef6e43eb29f90", "sha256:a7c10d30cf1ad3b67244a936515e38af0ece441e690e766e3eeca4227fc55f69" ], "RepoTags": [ "quay.io/jetstack/cert-manager-cainjector:v1.14.5" ], "RepoDigests": [ "quay.io/jetstack/cert-manager-cainjector@sha256:4ffda7facb4da16dab20a88e7607b75ebdab4e6c9069a840216a89f47261ee0b" ], "Reference": "quay.io/jetstack/cert-manager-cainjector:v1.14.5", "ImageConfig": { "architecture": "amd64", "created": "2024-04-25T10:51:16.664840837Z", "history": [ { "created": "0001-01-01T00:00:00Z" }, { "created": "0001-01-01T00:00:00Z" }, { "created": "0001-01-01T00:00:00Z" }, { "created": "0001-01-01T00:00:00Z" }, { "created": "0001-01-01T00:00:00Z" }, { "created": "0001-01-01T00:00:00Z" }, { "created": "0001-01-01T00:00:00Z" }, { "created": "0001-01-01T00:00:00Z" }, { "created": "0001-01-01T00:00:00Z" }, { "created": "0001-01-01T00:00:00Z" }, { "created": "0001-01-01T00:00:00Z" }, { "created": "2024-04-25T10:51:15.492583843Z", "created_by": "LABEL org.opencontainers.image.source=https://github.com/cert-manager/cert-manager", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2024-04-25T10:51:15.492583843Z", "created_by": "USER 1000", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2024-04-25T10:51:15.492583843Z", "created_by": "COPY cainjector /app/cmd/cainjector/cainjector # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2024-04-25T10:51:16.230346564Z", "created_by": "COPY cert-manager.license /licenses/LICENSE # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2024-04-25T10:51:16.664840837Z", "created_by": "COPY cert-manager.licenses_notice /licenses/LICENSES # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2024-04-25T10:51:16.664840837Z", "created_by": "ENTRYPOINT [\"/app/cmd/cainjector/cainjector\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true } ], "os": "linux", "rootfs": { "type": "layers", "diff_ids": [ "sha256:3d6fa0469044370439d20eaf7e0d25450e01335a93c13ba46e368d7785914c0c", "sha256:49626df344c912cfe9f8d8fcd635d301bd41127cd326914212cf2443a96cf421", "sha256:945d17be9a3e27af5ca1c671792bf1a8f2c3f4d13d3994665d95f084ed4f8a60", "sha256:4d049f83d9cf21d1f5cc0e11deaf36df02790d0e60c1a3829538fb4b61685368", "sha256:af5aa97ebe6ce1604747ec1e21af7136ded391bcabe4acef882e718a87c86bcc", "sha256:ac805962e47900b616b2f4b4584a34ac7b07d64ac1fd2c077478cf65311addcc", "sha256:bbb6cacb8c82e4da4e8143e03351e939eab5e21ce0ef333c42e637af86c5217b", "sha256:2a92d6ac9e4fcc274d5168b217ca4458a9fec6f094ead68d99c77073f08caac1", "sha256:1a73b54f556b477f0a8b939d13c504a3b4f4db71f7a09c63afbc10acb3de5849", "sha256:f4aee9e53c42a22ed82451218c3ea03d1eea8d6ca8fbe8eb4e950304ba8a8bb3", "sha256:b336e209998fa5cf0eec3dabf93a21194198a35f4f75612d8da03693f8c30217", "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b", "sha256:51c1e33e14008c93d157bf0f308494a7d0a421ce0693a232f92ef6e43eb29f90", "sha256:a7c10d30cf1ad3b67244a936515e38af0ece441e690e766e3eeca4227fc55f69" ] }, "config": { "Entrypoint": [ "/app/cmd/cainjector/cainjector" ], "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt" ], "Labels": { "org.opencontainers.image.source": "https://github.com/cert-manager/cert-manager" }, "User": "1000", "WorkingDir": "/" } }, "Layers": [ { "Size": 327680, "Digest": "sha256:286c61c9a31ace5fa0b8832c8e8e30d66bf32138f2f787463235aa0071f714ea", "DiffID": "sha256:3d6fa0469044370439d20eaf7e0d25450e01335a93c13ba46e368d7785914c0c" }, { "Size": 40960, "Digest": "sha256:2bdf44d7aa71bf3a0da2de0563ad0e3882948d699b4991edf8c0ab44e7f26ae3", "DiffID": "sha256:49626df344c912cfe9f8d8fcd635d301bd41127cd326914212cf2443a96cf421" }, { "Size": 2396160, "Digest": "sha256:452e9eed7ecfd0c2b44ac6fda20cee66ab98aec38ba30aa868e02445be7c8bb0", "DiffID": "sha256:945d17be9a3e27af5ca1c671792bf1a8f2c3f4d13d3994665d95f084ed4f8a60" }, { "Size": 1536, "Digest": "sha256:0f8b424aa0b96c1c388a5fd4d90735604459256336853082afb61733438872b5", "DiffID": "sha256:4d049f83d9cf21d1f5cc0e11deaf36df02790d0e60c1a3829538fb4b61685368" }, { "Size": 2560, "Digest": "sha256:d557676654e572af3e3173c90e7874644207fda32cd87e9d3d66b5d7b98a7b21", "DiffID": "sha256:af5aa97ebe6ce1604747ec1e21af7136ded391bcabe4acef882e718a87c86bcc" }, { "Size": 2560, "Digest": "sha256:c8022d07192eddbb2a548ba83be5e412f7ba863bbba158d133c9653bb8a47768", "DiffID": "sha256:ac805962e47900b616b2f4b4584a34ac7b07d64ac1fd2c077478cf65311addcc" }, { "Size": 2560, "Digest": "sha256:d858cbc252ade14879807ff8dbc3043a26bbdb92087da98cda831ee040b172b3", "DiffID": "sha256:bbb6cacb8c82e4da4e8143e03351e939eab5e21ce0ef333c42e637af86c5217b" }, { "Size": 1536, "Digest": "sha256:1069fc2daed1aceff7232f4b8ab21200dd3d8b04f61be9da86977a34a105dfdc", "DiffID": "sha256:2a92d6ac9e4fcc274d5168b217ca4458a9fec6f094ead68d99c77073f08caac1" }, { "Size": 10240, "Digest": "sha256:b40161cd83fc5d470d6abe50e87aa288481b6b89137012881d74187cfbf9f502", "DiffID": "sha256:1a73b54f556b477f0a8b939d13c504a3b4f4db71f7a09c63afbc10acb3de5849" }, { "Size": 3072, "Digest": "sha256:3f4e2c5863480125882d92060440a5250766bce764fee10acdbac18c872e4dc7", "DiffID": "sha256:f4aee9e53c42a22ed82451218c3ea03d1eea8d6ca8fbe8eb4e950304ba8a8bb3" }, { "Size": 238592, "Digest": "sha256:80a8c047508ae5cd6a591060fc43422cb8e3aea1bd908d913e8f0146e2297fea", "DiffID": "sha256:b336e209998fa5cf0eec3dabf93a21194198a35f4f75612d8da03693f8c30217" }, { "Size": 39661056, "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, { "Size": 3584, "Digest": "sha256:33838fd697f026879464ebe9f5ae6e0bec5289f689e97cf734da7837d33487f4", "DiffID": "sha256:51c1e33e14008c93d157bf0f308494a7d0a421ce0693a232f92ef6e43eb29f90" }, { "Size": 2560, "Digest": "sha256:dc114723bba03499030a454579abd5a5e68f2a10374a8917f82411b8dfd9ffc1", "DiffID": "sha256:a7c10d30cf1ad3b67244a936515e38af0ece441e690e766e3eeca4227fc55f69" } ] } ], "Results": [ { "Target": "quay.io/jetstack/cert-manager-cainjector:v1.14.5 (debian 12.5)", "Class": "os-pkgs", "Type": "debian", "Packages": [ { "ID": "base-files@12.4+deb12u5", "Name": "base-files", "Identifier": { "PURL": "pkg:deb/debian/base-files@12.4%2Bdeb12u5?arch=amd64\u0026distro=debian-12.5", "UID": "a027b06af87a4cc3" }, "Version": "12.4+deb12u5", "Arch": "amd64", "SrcName": "base-files", "SrcVersion": "12.4+deb12u5", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Santiago Vila \u003csanvila@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:286c61c9a31ace5fa0b8832c8e8e30d66bf32138f2f787463235aa0071f714ea", "DiffID": "sha256:3d6fa0469044370439d20eaf7e0d25450e01335a93c13ba46e368d7785914c0c" }, "InstalledFiles": [ "/usr/lib/os-release", "/usr/share/base-files/dot.bashrc", "/usr/share/base-files/dot.profile", "/usr/share/base-files/dot.profile.md5sums", "/usr/share/base-files/info.dir", "/usr/share/base-files/motd", "/usr/share/base-files/profile", "/usr/share/base-files/profile.md5sums", "/usr/share/base-files/staff-group-for-usr-local", "/usr/share/common-licenses/Apache-2.0", "/usr/share/common-licenses/Artistic", "/usr/share/common-licenses/BSD", "/usr/share/common-licenses/CC0-1.0", "/usr/share/common-licenses/GFDL-1.2", "/usr/share/common-licenses/GFDL-1.3", "/usr/share/common-licenses/GPL-1", "/usr/share/common-licenses/GPL-2", "/usr/share/common-licenses/GPL-3", "/usr/share/common-licenses/LGPL-2", "/usr/share/common-licenses/LGPL-2.1", "/usr/share/common-licenses/LGPL-3", "/usr/share/common-licenses/MPL-1.1", "/usr/share/common-licenses/MPL-2.0", "/usr/share/doc/base-files/README", "/usr/share/doc/base-files/README.FHS", "/usr/share/doc/base-files/changelog.gz", "/usr/share/doc/base-files/copyright", "/usr/share/lintian/overrides/base-files" ], "AnalyzedBy": "dpkg" }, { "ID": "netbase@6.4", "Name": "netbase", "Identifier": { "PURL": "pkg:deb/debian/netbase@6.4?arch=all\u0026distro=debian-12.5", "UID": "64adcbea2e4e887c" }, "Version": "6.4", "Arch": "all", "SrcName": "netbase", "SrcVersion": "6.4", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Marco d'Itri \u003cmd@linux.it\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:2bdf44d7aa71bf3a0da2de0563ad0e3882948d699b4991edf8c0ab44e7f26ae3", "DiffID": "sha256:49626df344c912cfe9f8d8fcd635d301bd41127cd326914212cf2443a96cf421" }, "InstalledFiles": [ "/usr/share/doc/netbase/changelog.gz", "/usr/share/doc/netbase/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "tzdata@2024a-0+deb12u1", "Name": "tzdata", "Identifier": { "PURL": "pkg:deb/debian/tzdata@2024a-0%2Bdeb12u1?arch=all\u0026distro=debian-12.5", "UID": "c32ff64571217b4a" }, "Version": "2024a", "Release": "0+deb12u1", "Arch": "all", "SrcName": "tzdata", "SrcVersion": "2024a", "SrcRelease": "0+deb12u1", "Licenses": [ "public-domain" ], "Maintainer": "GNU Libc Maintainers \u003cdebian-glibc@lists.debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:452e9eed7ecfd0c2b44ac6fda20cee66ab98aec38ba30aa868e02445be7c8bb0", "DiffID": "sha256:945d17be9a3e27af5ca1c671792bf1a8f2c3f4d13d3994665d95f084ed4f8a60" }, "InstalledFiles": [ "/usr/share/doc/tzdata/README.Debian", "/usr/share/doc/tzdata/changelog.Debian.gz", "/usr/share/doc/tzdata/changelog.gz", "/usr/share/doc/tzdata/copyright", "/usr/share/lintian/overrides/tzdata", "/usr/share/zoneinfo/Africa/Abidjan", "/usr/share/zoneinfo/Africa/Accra", "/usr/share/zoneinfo/Africa/Addis_Ababa", "/usr/share/zoneinfo/Africa/Algiers", "/usr/share/zoneinfo/Africa/Asmara", "/usr/share/zoneinfo/Africa/Bamako", "/usr/share/zoneinfo/Africa/Bangui", "/usr/share/zoneinfo/Africa/Banjul", "/usr/share/zoneinfo/Africa/Bissau", "/usr/share/zoneinfo/Africa/Blantyre", "/usr/share/zoneinfo/Africa/Brazzaville", "/usr/share/zoneinfo/Africa/Bujumbura", "/usr/share/zoneinfo/Africa/Cairo", "/usr/share/zoneinfo/Africa/Casablanca", "/usr/share/zoneinfo/Africa/Ceuta", "/usr/share/zoneinfo/Africa/Conakry", "/usr/share/zoneinfo/Africa/Dakar", "/usr/share/zoneinfo/Africa/Dar_es_Salaam", "/usr/share/zoneinfo/Africa/Djibouti", "/usr/share/zoneinfo/Africa/Douala", "/usr/share/zoneinfo/Africa/El_Aaiun", "/usr/share/zoneinfo/Africa/Freetown", "/usr/share/zoneinfo/Africa/Gaborone", "/usr/share/zoneinfo/Africa/Harare", "/usr/share/zoneinfo/Africa/Johannesburg", "/usr/share/zoneinfo/Africa/Juba", "/usr/share/zoneinfo/Africa/Kampala", "/usr/share/zoneinfo/Africa/Khartoum", "/usr/share/zoneinfo/Africa/Kigali", "/usr/share/zoneinfo/Africa/Kinshasa", "/usr/share/zoneinfo/Africa/Lagos", "/usr/share/zoneinfo/Africa/Libreville", "/usr/share/zoneinfo/Africa/Lome", "/usr/share/zoneinfo/Africa/Luanda", "/usr/share/zoneinfo/Africa/Lubumbashi", "/usr/share/zoneinfo/Africa/Lusaka", "/usr/share/zoneinfo/Africa/Malabo", "/usr/share/zoneinfo/Africa/Maputo", "/usr/share/zoneinfo/Africa/Maseru", "/usr/share/zoneinfo/Africa/Mbabane", "/usr/share/zoneinfo/Africa/Mogadishu", "/usr/share/zoneinfo/Africa/Monrovia", "/usr/share/zoneinfo/Africa/Nairobi", "/usr/share/zoneinfo/Africa/Ndjamena", "/usr/share/zoneinfo/Africa/Niamey", "/usr/share/zoneinfo/Africa/Nouakchott", "/usr/share/zoneinfo/Africa/Ouagadougou", "/usr/share/zoneinfo/Africa/Porto-Novo", "/usr/share/zoneinfo/Africa/Sao_Tome", "/usr/share/zoneinfo/Africa/Tripoli", "/usr/share/zoneinfo/Africa/Tunis", "/usr/share/zoneinfo/Africa/Windhoek", "/usr/share/zoneinfo/America/Adak", "/usr/share/zoneinfo/America/Anchorage", "/usr/share/zoneinfo/America/Anguilla", "/usr/share/zoneinfo/America/Antigua", "/usr/share/zoneinfo/America/Araguaina", "/usr/share/zoneinfo/America/Argentina/Buenos_Aires", "/usr/share/zoneinfo/America/Argentina/Catamarca", "/usr/share/zoneinfo/America/Argentina/Cordoba", "/usr/share/zoneinfo/America/Argentina/Jujuy", "/usr/share/zoneinfo/America/Argentina/La_Rioja", "/usr/share/zoneinfo/America/Argentina/Mendoza", "/usr/share/zoneinfo/America/Argentina/Rio_Gallegos", "/usr/share/zoneinfo/America/Argentina/Salta", "/usr/share/zoneinfo/America/Argentina/San_Juan", "/usr/share/zoneinfo/America/Argentina/San_Luis", "/usr/share/zoneinfo/America/Argentina/Tucuman", "/usr/share/zoneinfo/America/Argentina/Ushuaia", "/usr/share/zoneinfo/America/Aruba", "/usr/share/zoneinfo/America/Asuncion", "/usr/share/zoneinfo/America/Atikokan", "/usr/share/zoneinfo/America/Bahia", "/usr/share/zoneinfo/America/Bahia_Banderas", "/usr/share/zoneinfo/America/Barbados", "/usr/share/zoneinfo/America/Belem", "/usr/share/zoneinfo/America/Belize", "/usr/share/zoneinfo/America/Blanc-Sablon", "/usr/share/zoneinfo/America/Boa_Vista", "/usr/share/zoneinfo/America/Bogota", "/usr/share/zoneinfo/America/Boise", "/usr/share/zoneinfo/America/Cambridge_Bay", "/usr/share/zoneinfo/America/Campo_Grande", "/usr/share/zoneinfo/America/Cancun", "/usr/share/zoneinfo/America/Caracas", "/usr/share/zoneinfo/America/Cayenne", "/usr/share/zoneinfo/America/Cayman", "/usr/share/zoneinfo/America/Chicago", "/usr/share/zoneinfo/America/Chihuahua", "/usr/share/zoneinfo/America/Ciudad_Juarez", "/usr/share/zoneinfo/America/Costa_Rica", "/usr/share/zoneinfo/America/Creston", "/usr/share/zoneinfo/America/Cuiaba", "/usr/share/zoneinfo/America/Curacao", "/usr/share/zoneinfo/America/Danmarkshavn", "/usr/share/zoneinfo/America/Dawson", "/usr/share/zoneinfo/America/Dawson_Creek", "/usr/share/zoneinfo/America/Denver", "/usr/share/zoneinfo/America/Detroit", "/usr/share/zoneinfo/America/Dominica", "/usr/share/zoneinfo/America/Edmonton", "/usr/share/zoneinfo/America/Eirunepe", "/usr/share/zoneinfo/America/El_Salvador", "/usr/share/zoneinfo/America/Fort_Nelson", "/usr/share/zoneinfo/America/Fortaleza", "/usr/share/zoneinfo/America/Glace_Bay", "/usr/share/zoneinfo/America/Goose_Bay", "/usr/share/zoneinfo/America/Grand_Turk", "/usr/share/zoneinfo/America/Grenada", "/usr/share/zoneinfo/America/Guadeloupe", "/usr/share/zoneinfo/America/Guatemala", "/usr/share/zoneinfo/America/Guayaquil", "/usr/share/zoneinfo/America/Guyana", "/usr/share/zoneinfo/America/Halifax", "/usr/share/zoneinfo/America/Havana", "/usr/share/zoneinfo/America/Hermosillo", "/usr/share/zoneinfo/America/Indiana/Indianapolis", "/usr/share/zoneinfo/America/Indiana/Knox", "/usr/share/zoneinfo/America/Indiana/Marengo", "/usr/share/zoneinfo/America/Indiana/Petersburg", "/usr/share/zoneinfo/America/Indiana/Tell_City", "/usr/share/zoneinfo/America/Indiana/Vevay", "/usr/share/zoneinfo/America/Indiana/Vincennes", "/usr/share/zoneinfo/America/Indiana/Winamac", "/usr/share/zoneinfo/America/Inuvik", "/usr/share/zoneinfo/America/Iqaluit", "/usr/share/zoneinfo/America/Jamaica", "/usr/share/zoneinfo/America/Juneau", "/usr/share/zoneinfo/America/Kentucky/Louisville", "/usr/share/zoneinfo/America/Kentucky/Monticello", "/usr/share/zoneinfo/America/La_Paz", "/usr/share/zoneinfo/America/Lima", "/usr/share/zoneinfo/America/Los_Angeles", "/usr/share/zoneinfo/America/Maceio", "/usr/share/zoneinfo/America/Managua", "/usr/share/zoneinfo/America/Manaus", "/usr/share/zoneinfo/America/Martinique", "/usr/share/zoneinfo/America/Matamoros", "/usr/share/zoneinfo/America/Mazatlan", "/usr/share/zoneinfo/America/Menominee", "/usr/share/zoneinfo/America/Merida", "/usr/share/zoneinfo/America/Metlakatla", "/usr/share/zoneinfo/America/Mexico_City", "/usr/share/zoneinfo/America/Miquelon", "/usr/share/zoneinfo/America/Moncton", "/usr/share/zoneinfo/America/Monterrey", "/usr/share/zoneinfo/America/Montevideo", "/usr/share/zoneinfo/America/Montserrat", "/usr/share/zoneinfo/America/Nassau", "/usr/share/zoneinfo/America/New_York", "/usr/share/zoneinfo/America/Nome", "/usr/share/zoneinfo/America/Noronha", "/usr/share/zoneinfo/America/North_Dakota/Beulah", "/usr/share/zoneinfo/America/North_Dakota/Center", "/usr/share/zoneinfo/America/North_Dakota/New_Salem", "/usr/share/zoneinfo/America/Nuuk", "/usr/share/zoneinfo/America/Ojinaga", "/usr/share/zoneinfo/America/Panama", "/usr/share/zoneinfo/America/Paramaribo", "/usr/share/zoneinfo/America/Phoenix", "/usr/share/zoneinfo/America/Port-au-Prince", "/usr/share/zoneinfo/America/Port_of_Spain", "/usr/share/zoneinfo/America/Porto_Velho", "/usr/share/zoneinfo/America/Puerto_Rico", "/usr/share/zoneinfo/America/Punta_Arenas", "/usr/share/zoneinfo/America/Rankin_Inlet", "/usr/share/zoneinfo/America/Recife", "/usr/share/zoneinfo/America/Regina", "/usr/share/zoneinfo/America/Resolute", "/usr/share/zoneinfo/America/Rio_Branco", "/usr/share/zoneinfo/America/Santarem", "/usr/share/zoneinfo/America/Santiago", "/usr/share/zoneinfo/America/Santo_Domingo", "/usr/share/zoneinfo/America/Sao_Paulo", "/usr/share/zoneinfo/America/Scoresbysund", "/usr/share/zoneinfo/America/Sitka", "/usr/share/zoneinfo/America/St_Johns", "/usr/share/zoneinfo/America/St_Kitts", "/usr/share/zoneinfo/America/St_Lucia", "/usr/share/zoneinfo/America/St_Thomas", "/usr/share/zoneinfo/America/St_Vincent", "/usr/share/zoneinfo/America/Swift_Current", "/usr/share/zoneinfo/America/Tegucigalpa", "/usr/share/zoneinfo/America/Thule", "/usr/share/zoneinfo/America/Tijuana", "/usr/share/zoneinfo/America/Toronto", "/usr/share/zoneinfo/America/Tortola", "/usr/share/zoneinfo/America/Vancouver", "/usr/share/zoneinfo/America/Whitehorse", "/usr/share/zoneinfo/America/Winnipeg", "/usr/share/zoneinfo/America/Yakutat", "/usr/share/zoneinfo/Antarctica/Casey", "/usr/share/zoneinfo/Antarctica/Davis", "/usr/share/zoneinfo/Antarctica/DumontDUrville", "/usr/share/zoneinfo/Antarctica/Macquarie", "/usr/share/zoneinfo/Antarctica/Mawson", "/usr/share/zoneinfo/Antarctica/McMurdo", "/usr/share/zoneinfo/Antarctica/Palmer", "/usr/share/zoneinfo/Antarctica/Rothera", "/usr/share/zoneinfo/Antarctica/Syowa", "/usr/share/zoneinfo/Antarctica/Troll", "/usr/share/zoneinfo/Antarctica/Vostok", "/usr/share/zoneinfo/Asia/Aden", "/usr/share/zoneinfo/Asia/Almaty", "/usr/share/zoneinfo/Asia/Amman", "/usr/share/zoneinfo/Asia/Anadyr", "/usr/share/zoneinfo/Asia/Aqtau", "/usr/share/zoneinfo/Asia/Aqtobe", "/usr/share/zoneinfo/Asia/Ashgabat", "/usr/share/zoneinfo/Asia/Atyrau", "/usr/share/zoneinfo/Asia/Baghdad", "/usr/share/zoneinfo/Asia/Bahrain", "/usr/share/zoneinfo/Asia/Baku", "/usr/share/zoneinfo/Asia/Bangkok", "/usr/share/zoneinfo/Asia/Barnaul", "/usr/share/zoneinfo/Asia/Beirut", "/usr/share/zoneinfo/Asia/Bishkek", "/usr/share/zoneinfo/Asia/Brunei", "/usr/share/zoneinfo/Asia/Chita", "/usr/share/zoneinfo/Asia/Choibalsan", "/usr/share/zoneinfo/Asia/Colombo", "/usr/share/zoneinfo/Asia/Damascus", "/usr/share/zoneinfo/Asia/Dhaka", "/usr/share/zoneinfo/Asia/Dili", "/usr/share/zoneinfo/Asia/Dubai", "/usr/share/zoneinfo/Asia/Dushanbe", "/usr/share/zoneinfo/Asia/Famagusta", "/usr/share/zoneinfo/Asia/Gaza", "/usr/share/zoneinfo/Asia/Hebron", "/usr/share/zoneinfo/Asia/Ho_Chi_Minh", "/usr/share/zoneinfo/Asia/Hong_Kong", "/usr/share/zoneinfo/Asia/Hovd", "/usr/share/zoneinfo/Asia/Irkutsk", "/usr/share/zoneinfo/Asia/Jakarta", "/usr/share/zoneinfo/Asia/Jayapura", "/usr/share/zoneinfo/Asia/Jerusalem", "/usr/share/zoneinfo/Asia/Kabul", "/usr/share/zoneinfo/Asia/Kamchatka", "/usr/share/zoneinfo/Asia/Karachi", "/usr/share/zoneinfo/Asia/Kathmandu", "/usr/share/zoneinfo/Asia/Khandyga", "/usr/share/zoneinfo/Asia/Kolkata", "/usr/share/zoneinfo/Asia/Krasnoyarsk", "/usr/share/zoneinfo/Asia/Kuala_Lumpur", "/usr/share/zoneinfo/Asia/Kuching", "/usr/share/zoneinfo/Asia/Kuwait", "/usr/share/zoneinfo/Asia/Macau", "/usr/share/zoneinfo/Asia/Magadan", "/usr/share/zoneinfo/Asia/Makassar", "/usr/share/zoneinfo/Asia/Manila", "/usr/share/zoneinfo/Asia/Muscat", "/usr/share/zoneinfo/Asia/Nicosia", "/usr/share/zoneinfo/Asia/Novokuznetsk", "/usr/share/zoneinfo/Asia/Novosibirsk", "/usr/share/zoneinfo/Asia/Omsk", "/usr/share/zoneinfo/Asia/Oral", "/usr/share/zoneinfo/Asia/Phnom_Penh", "/usr/share/zoneinfo/Asia/Pontianak", "/usr/share/zoneinfo/Asia/Pyongyang", "/usr/share/zoneinfo/Asia/Qatar", "/usr/share/zoneinfo/Asia/Qostanay", "/usr/share/zoneinfo/Asia/Qyzylorda", "/usr/share/zoneinfo/Asia/Riyadh", "/usr/share/zoneinfo/Asia/Sakhalin", "/usr/share/zoneinfo/Asia/Samarkand", "/usr/share/zoneinfo/Asia/Seoul", "/usr/share/zoneinfo/Asia/Shanghai", "/usr/share/zoneinfo/Asia/Singapore", "/usr/share/zoneinfo/Asia/Srednekolymsk", "/usr/share/zoneinfo/Asia/Taipei", "/usr/share/zoneinfo/Asia/Tashkent", "/usr/share/zoneinfo/Asia/Tbilisi", "/usr/share/zoneinfo/Asia/Tehran", "/usr/share/zoneinfo/Asia/Thimphu", "/usr/share/zoneinfo/Asia/Tokyo", "/usr/share/zoneinfo/Asia/Tomsk", "/usr/share/zoneinfo/Asia/Ulaanbaatar", "/usr/share/zoneinfo/Asia/Urumqi", "/usr/share/zoneinfo/Asia/Ust-Nera", "/usr/share/zoneinfo/Asia/Vientiane", "/usr/share/zoneinfo/Asia/Vladivostok", "/usr/share/zoneinfo/Asia/Yakutsk", "/usr/share/zoneinfo/Asia/Yangon", "/usr/share/zoneinfo/Asia/Yekaterinburg", "/usr/share/zoneinfo/Asia/Yerevan", "/usr/share/zoneinfo/Atlantic/Azores", "/usr/share/zoneinfo/Atlantic/Bermuda", "/usr/share/zoneinfo/Atlantic/Canary", "/usr/share/zoneinfo/Atlantic/Cape_Verde", "/usr/share/zoneinfo/Atlantic/Faroe", "/usr/share/zoneinfo/Atlantic/Madeira", "/usr/share/zoneinfo/Atlantic/Reykjavik", "/usr/share/zoneinfo/Atlantic/South_Georgia", "/usr/share/zoneinfo/Atlantic/St_Helena", "/usr/share/zoneinfo/Atlantic/Stanley", "/usr/share/zoneinfo/Australia/Adelaide", "/usr/share/zoneinfo/Australia/Brisbane", "/usr/share/zoneinfo/Australia/Broken_Hill", "/usr/share/zoneinfo/Australia/Darwin", "/usr/share/zoneinfo/Australia/Eucla", "/usr/share/zoneinfo/Australia/Hobart", "/usr/share/zoneinfo/Australia/Lindeman", "/usr/share/zoneinfo/Australia/Lord_Howe", "/usr/share/zoneinfo/Australia/Melbourne", "/usr/share/zoneinfo/Australia/Perth", "/usr/share/zoneinfo/Australia/Sydney", "/usr/share/zoneinfo/CET", "/usr/share/zoneinfo/CST6CDT", "/usr/share/zoneinfo/EET", "/usr/share/zoneinfo/EST", "/usr/share/zoneinfo/EST5EDT", "/usr/share/zoneinfo/Etc/GMT", "/usr/share/zoneinfo/Etc/GMT+1", "/usr/share/zoneinfo/Etc/GMT+10", "/usr/share/zoneinfo/Etc/GMT+11", "/usr/share/zoneinfo/Etc/GMT+12", "/usr/share/zoneinfo/Etc/GMT+2", "/usr/share/zoneinfo/Etc/GMT+3", "/usr/share/zoneinfo/Etc/GMT+4", "/usr/share/zoneinfo/Etc/GMT+5", "/usr/share/zoneinfo/Etc/GMT+6", "/usr/share/zoneinfo/Etc/GMT+7", "/usr/share/zoneinfo/Etc/GMT+8", "/usr/share/zoneinfo/Etc/GMT+9", "/usr/share/zoneinfo/Etc/GMT-1", "/usr/share/zoneinfo/Etc/GMT-10", "/usr/share/zoneinfo/Etc/GMT-11", "/usr/share/zoneinfo/Etc/GMT-12", "/usr/share/zoneinfo/Etc/GMT-13", "/usr/share/zoneinfo/Etc/GMT-14", "/usr/share/zoneinfo/Etc/GMT-2", "/usr/share/zoneinfo/Etc/GMT-3", "/usr/share/zoneinfo/Etc/GMT-4", "/usr/share/zoneinfo/Etc/GMT-5", "/usr/share/zoneinfo/Etc/GMT-6", "/usr/share/zoneinfo/Etc/GMT-7", "/usr/share/zoneinfo/Etc/GMT-8", "/usr/share/zoneinfo/Etc/GMT-9", "/usr/share/zoneinfo/Etc/UTC", "/usr/share/zoneinfo/Europe/Amsterdam", "/usr/share/zoneinfo/Europe/Andorra", "/usr/share/zoneinfo/Europe/Astrakhan", "/usr/share/zoneinfo/Europe/Athens", "/usr/share/zoneinfo/Europe/Belgrade", "/usr/share/zoneinfo/Europe/Berlin", "/usr/share/zoneinfo/Europe/Brussels", "/usr/share/zoneinfo/Europe/Bucharest", "/usr/share/zoneinfo/Europe/Budapest", "/usr/share/zoneinfo/Europe/Chisinau", "/usr/share/zoneinfo/Europe/Copenhagen", "/usr/share/zoneinfo/Europe/Dublin", "/usr/share/zoneinfo/Europe/Gibraltar", "/usr/share/zoneinfo/Europe/Guernsey", "/usr/share/zoneinfo/Europe/Helsinki", "/usr/share/zoneinfo/Europe/Isle_of_Man", "/usr/share/zoneinfo/Europe/Istanbul", "/usr/share/zoneinfo/Europe/Jersey", "/usr/share/zoneinfo/Europe/Kaliningrad", "/usr/share/zoneinfo/Europe/Kirov", "/usr/share/zoneinfo/Europe/Kyiv", "/usr/share/zoneinfo/Europe/Lisbon", "/usr/share/zoneinfo/Europe/Ljubljana", "/usr/share/zoneinfo/Europe/London", "/usr/share/zoneinfo/Europe/Luxembourg", "/usr/share/zoneinfo/Europe/Madrid", "/usr/share/zoneinfo/Europe/Malta", "/usr/share/zoneinfo/Europe/Minsk", "/usr/share/zoneinfo/Europe/Monaco", "/usr/share/zoneinfo/Europe/Moscow", "/usr/share/zoneinfo/Europe/Oslo", "/usr/share/zoneinfo/Europe/Paris", "/usr/share/zoneinfo/Europe/Prague", "/usr/share/zoneinfo/Europe/Riga", "/usr/share/zoneinfo/Europe/Rome", "/usr/share/zoneinfo/Europe/Samara", "/usr/share/zoneinfo/Europe/Sarajevo", "/usr/share/zoneinfo/Europe/Saratov", "/usr/share/zoneinfo/Europe/Simferopol", "/usr/share/zoneinfo/Europe/Skopje", "/usr/share/zoneinfo/Europe/Sofia", "/usr/share/zoneinfo/Europe/Stockholm", "/usr/share/zoneinfo/Europe/Tallinn", "/usr/share/zoneinfo/Europe/Tirane", "/usr/share/zoneinfo/Europe/Ulyanovsk", "/usr/share/zoneinfo/Europe/Vaduz", "/usr/share/zoneinfo/Europe/Vienna", "/usr/share/zoneinfo/Europe/Vilnius", "/usr/share/zoneinfo/Europe/Volgograd", "/usr/share/zoneinfo/Europe/Warsaw", "/usr/share/zoneinfo/Europe/Zagreb", "/usr/share/zoneinfo/Europe/Zurich", "/usr/share/zoneinfo/Factory", "/usr/share/zoneinfo/HST", "/usr/share/zoneinfo/Indian/Antananarivo", "/usr/share/zoneinfo/Indian/Chagos", "/usr/share/zoneinfo/Indian/Christmas", "/usr/share/zoneinfo/Indian/Cocos", "/usr/share/zoneinfo/Indian/Comoro", "/usr/share/zoneinfo/Indian/Kerguelen", "/usr/share/zoneinfo/Indian/Mahe", "/usr/share/zoneinfo/Indian/Maldives", "/usr/share/zoneinfo/Indian/Mauritius", "/usr/share/zoneinfo/Indian/Mayotte", "/usr/share/zoneinfo/Indian/Reunion", "/usr/share/zoneinfo/MET", "/usr/share/zoneinfo/MST", "/usr/share/zoneinfo/MST7MDT", "/usr/share/zoneinfo/PST8PDT", "/usr/share/zoneinfo/Pacific/Apia", "/usr/share/zoneinfo/Pacific/Auckland", "/usr/share/zoneinfo/Pacific/Bougainville", "/usr/share/zoneinfo/Pacific/Chatham", "/usr/share/zoneinfo/Pacific/Chuuk", "/usr/share/zoneinfo/Pacific/Easter", "/usr/share/zoneinfo/Pacific/Efate", "/usr/share/zoneinfo/Pacific/Fakaofo", "/usr/share/zoneinfo/Pacific/Fiji", "/usr/share/zoneinfo/Pacific/Funafuti", "/usr/share/zoneinfo/Pacific/Galapagos", "/usr/share/zoneinfo/Pacific/Gambier", "/usr/share/zoneinfo/Pacific/Guadalcanal", "/usr/share/zoneinfo/Pacific/Guam", "/usr/share/zoneinfo/Pacific/Honolulu", "/usr/share/zoneinfo/Pacific/Kanton", "/usr/share/zoneinfo/Pacific/Kiritimati", "/usr/share/zoneinfo/Pacific/Kosrae", "/usr/share/zoneinfo/Pacific/Kwajalein", "/usr/share/zoneinfo/Pacific/Majuro", "/usr/share/zoneinfo/Pacific/Marquesas", "/usr/share/zoneinfo/Pacific/Midway", "/usr/share/zoneinfo/Pacific/Nauru", "/usr/share/zoneinfo/Pacific/Niue", "/usr/share/zoneinfo/Pacific/Norfolk", "/usr/share/zoneinfo/Pacific/Noumea", "/usr/share/zoneinfo/Pacific/Pago_Pago", "/usr/share/zoneinfo/Pacific/Palau", "/usr/share/zoneinfo/Pacific/Pitcairn", "/usr/share/zoneinfo/Pacific/Pohnpei", "/usr/share/zoneinfo/Pacific/Port_Moresby", "/usr/share/zoneinfo/Pacific/Rarotonga", "/usr/share/zoneinfo/Pacific/Saipan", "/usr/share/zoneinfo/Pacific/Tahiti", "/usr/share/zoneinfo/Pacific/Tarawa", "/usr/share/zoneinfo/Pacific/Tongatapu", "/usr/share/zoneinfo/Pacific/Wake", "/usr/share/zoneinfo/Pacific/Wallis", "/usr/share/zoneinfo/WET", "/usr/share/zoneinfo/iso3166.tab", "/usr/share/zoneinfo/leap-seconds.list", "/usr/share/zoneinfo/leapseconds", "/usr/share/zoneinfo/right/Africa/Abidjan", "/usr/share/zoneinfo/right/Africa/Accra", "/usr/share/zoneinfo/right/Africa/Addis_Ababa", "/usr/share/zoneinfo/right/Africa/Algiers", "/usr/share/zoneinfo/right/Africa/Asmara", "/usr/share/zoneinfo/right/Africa/Bamako", "/usr/share/zoneinfo/right/Africa/Bangui", "/usr/share/zoneinfo/right/Africa/Banjul", "/usr/share/zoneinfo/right/Africa/Bissau", "/usr/share/zoneinfo/right/Africa/Blantyre", "/usr/share/zoneinfo/right/Africa/Brazzaville", "/usr/share/zoneinfo/right/Africa/Bujumbura", "/usr/share/zoneinfo/right/Africa/Cairo", "/usr/share/zoneinfo/right/Africa/Casablanca", "/usr/share/zoneinfo/right/Africa/Ceuta", "/usr/share/zoneinfo/right/Africa/Conakry", "/usr/share/zoneinfo/right/Africa/Dakar", "/usr/share/zoneinfo/right/Africa/Dar_es_Salaam", "/usr/share/zoneinfo/right/Africa/Djibouti", "/usr/share/zoneinfo/right/Africa/Douala", "/usr/share/zoneinfo/right/Africa/El_Aaiun", "/usr/share/zoneinfo/right/Africa/Freetown", "/usr/share/zoneinfo/right/Africa/Gaborone", "/usr/share/zoneinfo/right/Africa/Harare", "/usr/share/zoneinfo/right/Africa/Johannesburg", "/usr/share/zoneinfo/right/Africa/Juba", "/usr/share/zoneinfo/right/Africa/Kampala", "/usr/share/zoneinfo/right/Africa/Khartoum", "/usr/share/zoneinfo/right/Africa/Kigali", "/usr/share/zoneinfo/right/Africa/Kinshasa", "/usr/share/zoneinfo/right/Africa/Lagos", "/usr/share/zoneinfo/right/Africa/Libreville", "/usr/share/zoneinfo/right/Africa/Lome", "/usr/share/zoneinfo/right/Africa/Luanda", "/usr/share/zoneinfo/right/Africa/Lubumbashi", "/usr/share/zoneinfo/right/Africa/Lusaka", "/usr/share/zoneinfo/right/Africa/Malabo", "/usr/share/zoneinfo/right/Africa/Maputo", "/usr/share/zoneinfo/right/Africa/Maseru", "/usr/share/zoneinfo/right/Africa/Mbabane", "/usr/share/zoneinfo/right/Africa/Mogadishu", "/usr/share/zoneinfo/right/Africa/Monrovia", "/usr/share/zoneinfo/right/Africa/Nairobi", "/usr/share/zoneinfo/right/Africa/Ndjamena", "/usr/share/zoneinfo/right/Africa/Niamey", "/usr/share/zoneinfo/right/Africa/Nouakchott", "/usr/share/zoneinfo/right/Africa/Ouagadougou", "/usr/share/zoneinfo/right/Africa/Porto-Novo", "/usr/share/zoneinfo/right/Africa/Sao_Tome", "/usr/share/zoneinfo/right/Africa/Tripoli", "/usr/share/zoneinfo/right/Africa/Tunis", "/usr/share/zoneinfo/right/Africa/Windhoek", "/usr/share/zoneinfo/right/America/Adak", "/usr/share/zoneinfo/right/America/Anchorage", "/usr/share/zoneinfo/right/America/Anguilla", "/usr/share/zoneinfo/right/America/Antigua", "/usr/share/zoneinfo/right/America/Araguaina", "/usr/share/zoneinfo/right/America/Argentina/Buenos_Aires", "/usr/share/zoneinfo/right/America/Argentina/Catamarca", "/usr/share/zoneinfo/right/America/Argentina/Cordoba", "/usr/share/zoneinfo/right/America/Argentina/Jujuy", "/usr/share/zoneinfo/right/America/Argentina/La_Rioja", "/usr/share/zoneinfo/right/America/Argentina/Mendoza", "/usr/share/zoneinfo/right/America/Argentina/Rio_Gallegos", "/usr/share/zoneinfo/right/America/Argentina/Salta", "/usr/share/zoneinfo/right/America/Argentina/San_Juan", "/usr/share/zoneinfo/right/America/Argentina/San_Luis", "/usr/share/zoneinfo/right/America/Argentina/Tucuman", "/usr/share/zoneinfo/right/America/Argentina/Ushuaia", "/usr/share/zoneinfo/right/America/Aruba", "/usr/share/zoneinfo/right/America/Asuncion", "/usr/share/zoneinfo/right/America/Atikokan", "/usr/share/zoneinfo/right/America/Bahia", "/usr/share/zoneinfo/right/America/Bahia_Banderas", "/usr/share/zoneinfo/right/America/Barbados", "/usr/share/zoneinfo/right/America/Belem", "/usr/share/zoneinfo/right/America/Belize", "/usr/share/zoneinfo/right/America/Blanc-Sablon", "/usr/share/zoneinfo/right/America/Boa_Vista", "/usr/share/zoneinfo/right/America/Bogota", "/usr/share/zoneinfo/right/America/Boise", "/usr/share/zoneinfo/right/America/Cambridge_Bay", "/usr/share/zoneinfo/right/America/Campo_Grande", "/usr/share/zoneinfo/right/America/Cancun", "/usr/share/zoneinfo/right/America/Caracas", "/usr/share/zoneinfo/right/America/Cayenne", "/usr/share/zoneinfo/right/America/Cayman", "/usr/share/zoneinfo/right/America/Chicago", "/usr/share/zoneinfo/right/America/Chihuahua", "/usr/share/zoneinfo/right/America/Ciudad_Juarez", "/usr/share/zoneinfo/right/America/Costa_Rica", "/usr/share/zoneinfo/right/America/Creston", "/usr/share/zoneinfo/right/America/Cuiaba", "/usr/share/zoneinfo/right/America/Curacao", "/usr/share/zoneinfo/right/America/Danmarkshavn", "/usr/share/zoneinfo/right/America/Dawson", "/usr/share/zoneinfo/right/America/Dawson_Creek", "/usr/share/zoneinfo/right/America/Denver", "/usr/share/zoneinfo/right/America/Detroit", "/usr/share/zoneinfo/right/America/Dominica", "/usr/share/zoneinfo/right/America/Edmonton", "/usr/share/zoneinfo/right/America/Eirunepe", "/usr/share/zoneinfo/right/America/El_Salvador", "/usr/share/zoneinfo/right/America/Fort_Nelson", "/usr/share/zoneinfo/right/America/Fortaleza", "/usr/share/zoneinfo/right/America/Glace_Bay", "/usr/share/zoneinfo/right/America/Goose_Bay", "/usr/share/zoneinfo/right/America/Grand_Turk", "/usr/share/zoneinfo/right/America/Grenada", "/usr/share/zoneinfo/right/America/Guadeloupe", "/usr/share/zoneinfo/right/America/Guatemala", "/usr/share/zoneinfo/right/America/Guayaquil", "/usr/share/zoneinfo/right/America/Guyana", "/usr/share/zoneinfo/right/America/Halifax", "/usr/share/zoneinfo/right/America/Havana", "/usr/share/zoneinfo/right/America/Hermosillo", "/usr/share/zoneinfo/right/America/Indiana/Indianapolis", "/usr/share/zoneinfo/right/America/Indiana/Knox", "/usr/share/zoneinfo/right/America/Indiana/Marengo", "/usr/share/zoneinfo/right/America/Indiana/Petersburg", "/usr/share/zoneinfo/right/America/Indiana/Tell_City", "/usr/share/zoneinfo/right/America/Indiana/Vevay", "/usr/share/zoneinfo/right/America/Indiana/Vincennes", "/usr/share/zoneinfo/right/America/Indiana/Winamac", "/usr/share/zoneinfo/right/America/Inuvik", "/usr/share/zoneinfo/right/America/Iqaluit", "/usr/share/zoneinfo/right/America/Jamaica", "/usr/share/zoneinfo/right/America/Juneau", "/usr/share/zoneinfo/right/America/Kentucky/Louisville", "/usr/share/zoneinfo/right/America/Kentucky/Monticello", "/usr/share/zoneinfo/right/America/La_Paz", "/usr/share/zoneinfo/right/America/Lima", "/usr/share/zoneinfo/right/America/Los_Angeles", "/usr/share/zoneinfo/right/America/Maceio", "/usr/share/zoneinfo/right/America/Managua", "/usr/share/zoneinfo/right/America/Manaus", "/usr/share/zoneinfo/right/America/Martinique", "/usr/share/zoneinfo/right/America/Matamoros", "/usr/share/zoneinfo/right/America/Mazatlan", "/usr/share/zoneinfo/right/America/Menominee", "/usr/share/zoneinfo/right/America/Merida", "/usr/share/zoneinfo/right/America/Metlakatla", "/usr/share/zoneinfo/right/America/Mexico_City", "/usr/share/zoneinfo/right/America/Miquelon", "/usr/share/zoneinfo/right/America/Moncton", "/usr/share/zoneinfo/right/America/Monterrey", "/usr/share/zoneinfo/right/America/Montevideo", "/usr/share/zoneinfo/right/America/Montserrat", "/usr/share/zoneinfo/right/America/Nassau", "/usr/share/zoneinfo/right/America/New_York", "/usr/share/zoneinfo/right/America/Nome", "/usr/share/zoneinfo/right/America/Noronha", "/usr/share/zoneinfo/right/America/North_Dakota/Beulah", "/usr/share/zoneinfo/right/America/North_Dakota/Center", "/usr/share/zoneinfo/right/America/North_Dakota/New_Salem", "/usr/share/zoneinfo/right/America/Nuuk", "/usr/share/zoneinfo/right/America/Ojinaga", "/usr/share/zoneinfo/right/America/Panama", "/usr/share/zoneinfo/right/America/Paramaribo", "/usr/share/zoneinfo/right/America/Phoenix", "/usr/share/zoneinfo/right/America/Port-au-Prince", "/usr/share/zoneinfo/right/America/Port_of_Spain", "/usr/share/zoneinfo/right/America/Porto_Velho", "/usr/share/zoneinfo/right/America/Puerto_Rico", "/usr/share/zoneinfo/right/America/Punta_Arenas", "/usr/share/zoneinfo/right/America/Rankin_Inlet", "/usr/share/zoneinfo/right/America/Recife", "/usr/share/zoneinfo/right/America/Regina", "/usr/share/zoneinfo/right/America/Resolute", "/usr/share/zoneinfo/right/America/Rio_Branco", "/usr/share/zoneinfo/right/America/Santarem", "/usr/share/zoneinfo/right/America/Santiago", "/usr/share/zoneinfo/right/America/Santo_Domingo", "/usr/share/zoneinfo/right/America/Sao_Paulo", "/usr/share/zoneinfo/right/America/Scoresbysund", "/usr/share/zoneinfo/right/America/Sitka", "/usr/share/zoneinfo/right/America/St_Johns", "/usr/share/zoneinfo/right/America/St_Kitts", "/usr/share/zoneinfo/right/America/St_Lucia", "/usr/share/zoneinfo/right/America/St_Thomas", "/usr/share/zoneinfo/right/America/St_Vincent", "/usr/share/zoneinfo/right/America/Swift_Current", "/usr/share/zoneinfo/right/America/Tegucigalpa", "/usr/share/zoneinfo/right/America/Thule", "/usr/share/zoneinfo/right/America/Tijuana", "/usr/share/zoneinfo/right/America/Toronto", "/usr/share/zoneinfo/right/America/Tortola", "/usr/share/zoneinfo/right/America/Vancouver", "/usr/share/zoneinfo/right/America/Whitehorse", "/usr/share/zoneinfo/right/America/Winnipeg", "/usr/share/zoneinfo/right/America/Yakutat", "/usr/share/zoneinfo/right/Antarctica/Casey", "/usr/share/zoneinfo/right/Antarctica/Davis", "/usr/share/zoneinfo/right/Antarctica/DumontDUrville", "/usr/share/zoneinfo/right/Antarctica/Macquarie", "/usr/share/zoneinfo/right/Antarctica/Mawson", "/usr/share/zoneinfo/right/Antarctica/McMurdo", "/usr/share/zoneinfo/right/Antarctica/Palmer", "/usr/share/zoneinfo/right/Antarctica/Rothera", "/usr/share/zoneinfo/right/Antarctica/Syowa", "/usr/share/zoneinfo/right/Antarctica/Troll", "/usr/share/zoneinfo/right/Antarctica/Vostok", "/usr/share/zoneinfo/right/Asia/Aden", "/usr/share/zoneinfo/right/Asia/Almaty", "/usr/share/zoneinfo/right/Asia/Amman", "/usr/share/zoneinfo/right/Asia/Anadyr", "/usr/share/zoneinfo/right/Asia/Aqtau", "/usr/share/zoneinfo/right/Asia/Aqtobe", "/usr/share/zoneinfo/right/Asia/Ashgabat", "/usr/share/zoneinfo/right/Asia/Atyrau", "/usr/share/zoneinfo/right/Asia/Baghdad", "/usr/share/zoneinfo/right/Asia/Bahrain", "/usr/share/zoneinfo/right/Asia/Baku", "/usr/share/zoneinfo/right/Asia/Bangkok", "/usr/share/zoneinfo/right/Asia/Barnaul", "/usr/share/zoneinfo/right/Asia/Beirut", "/usr/share/zoneinfo/right/Asia/Bishkek", "/usr/share/zoneinfo/right/Asia/Brunei", "/usr/share/zoneinfo/right/Asia/Chita", "/usr/share/zoneinfo/right/Asia/Choibalsan", "/usr/share/zoneinfo/right/Asia/Colombo", "/usr/share/zoneinfo/right/Asia/Damascus", "/usr/share/zoneinfo/right/Asia/Dhaka", "/usr/share/zoneinfo/right/Asia/Dili", "/usr/share/zoneinfo/right/Asia/Dubai", "/usr/share/zoneinfo/right/Asia/Dushanbe", "/usr/share/zoneinfo/right/Asia/Famagusta", "/usr/share/zoneinfo/right/Asia/Gaza", "/usr/share/zoneinfo/right/Asia/Hebron", "/usr/share/zoneinfo/right/Asia/Ho_Chi_Minh", "/usr/share/zoneinfo/right/Asia/Hong_Kong", "/usr/share/zoneinfo/right/Asia/Hovd", "/usr/share/zoneinfo/right/Asia/Irkutsk", "/usr/share/zoneinfo/right/Asia/Jakarta", "/usr/share/zoneinfo/right/Asia/Jayapura", "/usr/share/zoneinfo/right/Asia/Jerusalem", "/usr/share/zoneinfo/right/Asia/Kabul", "/usr/share/zoneinfo/right/Asia/Kamchatka", "/usr/share/zoneinfo/right/Asia/Karachi", "/usr/share/zoneinfo/right/Asia/Kathmandu", "/usr/share/zoneinfo/right/Asia/Khandyga", "/usr/share/zoneinfo/right/Asia/Kolkata", "/usr/share/zoneinfo/right/Asia/Krasnoyarsk", "/usr/share/zoneinfo/right/Asia/Kuala_Lumpur", "/usr/share/zoneinfo/right/Asia/Kuching", "/usr/share/zoneinfo/right/Asia/Kuwait", "/usr/share/zoneinfo/right/Asia/Macau", "/usr/share/zoneinfo/right/Asia/Magadan", "/usr/share/zoneinfo/right/Asia/Makassar", "/usr/share/zoneinfo/right/Asia/Manila", "/usr/share/zoneinfo/right/Asia/Muscat", "/usr/share/zoneinfo/right/Asia/Nicosia", "/usr/share/zoneinfo/right/Asia/Novokuznetsk", "/usr/share/zoneinfo/right/Asia/Novosibirsk", "/usr/share/zoneinfo/right/Asia/Omsk", "/usr/share/zoneinfo/right/Asia/Oral", "/usr/share/zoneinfo/right/Asia/Phnom_Penh", "/usr/share/zoneinfo/right/Asia/Pontianak", "/usr/share/zoneinfo/right/Asia/Pyongyang", "/usr/share/zoneinfo/right/Asia/Qatar", "/usr/share/zoneinfo/right/Asia/Qostanay", "/usr/share/zoneinfo/right/Asia/Qyzylorda", "/usr/share/zoneinfo/right/Asia/Riyadh", "/usr/share/zoneinfo/right/Asia/Sakhalin", "/usr/share/zoneinfo/right/Asia/Samarkand", "/usr/share/zoneinfo/right/Asia/Seoul", "/usr/share/zoneinfo/right/Asia/Shanghai", "/usr/share/zoneinfo/right/Asia/Singapore", "/usr/share/zoneinfo/right/Asia/Srednekolymsk", "/usr/share/zoneinfo/right/Asia/Taipei", "/usr/share/zoneinfo/right/Asia/Tashkent", "/usr/share/zoneinfo/right/Asia/Tbilisi", "/usr/share/zoneinfo/right/Asia/Tehran", "/usr/share/zoneinfo/right/Asia/Thimphu", "/usr/share/zoneinfo/right/Asia/Tokyo", "/usr/share/zoneinfo/right/Asia/Tomsk", "/usr/share/zoneinfo/right/Asia/Ulaanbaatar", "/usr/share/zoneinfo/right/Asia/Urumqi", "/usr/share/zoneinfo/right/Asia/Ust-Nera", "/usr/share/zoneinfo/right/Asia/Vientiane", "/usr/share/zoneinfo/right/Asia/Vladivostok", "/usr/share/zoneinfo/right/Asia/Yakutsk", "/usr/share/zoneinfo/right/Asia/Yangon", "/usr/share/zoneinfo/right/Asia/Yekaterinburg", "/usr/share/zoneinfo/right/Asia/Yerevan", "/usr/share/zoneinfo/right/Atlantic/Azores", "/usr/share/zoneinfo/right/Atlantic/Bermuda", "/usr/share/zoneinfo/right/Atlantic/Canary", "/usr/share/zoneinfo/right/Atlantic/Cape_Verde", "/usr/share/zoneinfo/right/Atlantic/Faroe", "/usr/share/zoneinfo/right/Atlantic/Madeira", "/usr/share/zoneinfo/right/Atlantic/Reykjavik", "/usr/share/zoneinfo/right/Atlantic/South_Georgia", "/usr/share/zoneinfo/right/Atlantic/St_Helena", "/usr/share/zoneinfo/right/Atlantic/Stanley", "/usr/share/zoneinfo/right/Australia/Adelaide", "/usr/share/zoneinfo/right/Australia/Brisbane", "/usr/share/zoneinfo/right/Australia/Broken_Hill", "/usr/share/zoneinfo/right/Australia/Darwin", "/usr/share/zoneinfo/right/Australia/Eucla", "/usr/share/zoneinfo/right/Australia/Hobart", "/usr/share/zoneinfo/right/Australia/Lindeman", "/usr/share/zoneinfo/right/Australia/Lord_Howe", "/usr/share/zoneinfo/right/Australia/Melbourne", "/usr/share/zoneinfo/right/Australia/Perth", "/usr/share/zoneinfo/right/Australia/Sydney", "/usr/share/zoneinfo/right/CET", "/usr/share/zoneinfo/right/CST6CDT", "/usr/share/zoneinfo/right/EET", "/usr/share/zoneinfo/right/EST", "/usr/share/zoneinfo/right/EST5EDT", "/usr/share/zoneinfo/right/Etc/GMT", "/usr/share/zoneinfo/right/Etc/GMT+1", "/usr/share/zoneinfo/right/Etc/GMT+10", "/usr/share/zoneinfo/right/Etc/GMT+11", "/usr/share/zoneinfo/right/Etc/GMT+12", "/usr/share/zoneinfo/right/Etc/GMT+2", "/usr/share/zoneinfo/right/Etc/GMT+3", "/usr/share/zoneinfo/right/Etc/GMT+4", "/usr/share/zoneinfo/right/Etc/GMT+5", "/usr/share/zoneinfo/right/Etc/GMT+6", "/usr/share/zoneinfo/right/Etc/GMT+7", "/usr/share/zoneinfo/right/Etc/GMT+8", "/usr/share/zoneinfo/right/Etc/GMT+9", "/usr/share/zoneinfo/right/Etc/GMT-1", "/usr/share/zoneinfo/right/Etc/GMT-10", "/usr/share/zoneinfo/right/Etc/GMT-11", "/usr/share/zoneinfo/right/Etc/GMT-12", "/usr/share/zoneinfo/right/Etc/GMT-13", "/usr/share/zoneinfo/right/Etc/GMT-14", "/usr/share/zoneinfo/right/Etc/GMT-2", "/usr/share/zoneinfo/right/Etc/GMT-3", "/usr/share/zoneinfo/right/Etc/GMT-4", "/usr/share/zoneinfo/right/Etc/GMT-5", "/usr/share/zoneinfo/right/Etc/GMT-6", "/usr/share/zoneinfo/right/Etc/GMT-7", "/usr/share/zoneinfo/right/Etc/GMT-8", "/usr/share/zoneinfo/right/Etc/GMT-9", "/usr/share/zoneinfo/right/Etc/UTC", "/usr/share/zoneinfo/right/Europe/Amsterdam", "/usr/share/zoneinfo/right/Europe/Andorra", "/usr/share/zoneinfo/right/Europe/Astrakhan", "/usr/share/zoneinfo/right/Europe/Athens", "/usr/share/zoneinfo/right/Europe/Belgrade", "/usr/share/zoneinfo/right/Europe/Berlin", "/usr/share/zoneinfo/right/Europe/Brussels", "/usr/share/zoneinfo/right/Europe/Bucharest", "/usr/share/zoneinfo/right/Europe/Budapest", "/usr/share/zoneinfo/right/Europe/Chisinau", "/usr/share/zoneinfo/right/Europe/Copenhagen", "/usr/share/zoneinfo/right/Europe/Dublin", "/usr/share/zoneinfo/right/Europe/Gibraltar", "/usr/share/zoneinfo/right/Europe/Guernsey", "/usr/share/zoneinfo/right/Europe/Helsinki", "/usr/share/zoneinfo/right/Europe/Isle_of_Man", "/usr/share/zoneinfo/right/Europe/Istanbul", "/usr/share/zoneinfo/right/Europe/Jersey", "/usr/share/zoneinfo/right/Europe/Kaliningrad", "/usr/share/zoneinfo/right/Europe/Kirov", "/usr/share/zoneinfo/right/Europe/Kyiv", "/usr/share/zoneinfo/right/Europe/Lisbon", "/usr/share/zoneinfo/right/Europe/Ljubljana", "/usr/share/zoneinfo/right/Europe/London", "/usr/share/zoneinfo/right/Europe/Luxembourg", "/usr/share/zoneinfo/right/Europe/Madrid", "/usr/share/zoneinfo/right/Europe/Malta", "/usr/share/zoneinfo/right/Europe/Minsk", "/usr/share/zoneinfo/right/Europe/Monaco", "/usr/share/zoneinfo/right/Europe/Moscow", "/usr/share/zoneinfo/right/Europe/Oslo", "/usr/share/zoneinfo/right/Europe/Paris", "/usr/share/zoneinfo/right/Europe/Prague", "/usr/share/zoneinfo/right/Europe/Riga", "/usr/share/zoneinfo/right/Europe/Rome", "/usr/share/zoneinfo/right/Europe/Samara", "/usr/share/zoneinfo/right/Europe/Sarajevo", "/usr/share/zoneinfo/right/Europe/Saratov", "/usr/share/zoneinfo/right/Europe/Simferopol", "/usr/share/zoneinfo/right/Europe/Skopje", "/usr/share/zoneinfo/right/Europe/Sofia", "/usr/share/zoneinfo/right/Europe/Stockholm", "/usr/share/zoneinfo/right/Europe/Tallinn", "/usr/share/zoneinfo/right/Europe/Tirane", "/usr/share/zoneinfo/right/Europe/Ulyanovsk", "/usr/share/zoneinfo/right/Europe/Vaduz", "/usr/share/zoneinfo/right/Europe/Vienna", "/usr/share/zoneinfo/right/Europe/Vilnius", "/usr/share/zoneinfo/right/Europe/Volgograd", "/usr/share/zoneinfo/right/Europe/Warsaw", "/usr/share/zoneinfo/right/Europe/Zagreb", "/usr/share/zoneinfo/right/Europe/Zurich", "/usr/share/zoneinfo/right/Factory", "/usr/share/zoneinfo/right/HST", "/usr/share/zoneinfo/right/Indian/Antananarivo", "/usr/share/zoneinfo/right/Indian/Chagos", "/usr/share/zoneinfo/right/Indian/Christmas", "/usr/share/zoneinfo/right/Indian/Cocos", "/usr/share/zoneinfo/right/Indian/Comoro", "/usr/share/zoneinfo/right/Indian/Kerguelen", "/usr/share/zoneinfo/right/Indian/Mahe", "/usr/share/zoneinfo/right/Indian/Maldives", "/usr/share/zoneinfo/right/Indian/Mauritius", "/usr/share/zoneinfo/right/Indian/Mayotte", "/usr/share/zoneinfo/right/Indian/Reunion", "/usr/share/zoneinfo/right/MET", "/usr/share/zoneinfo/right/MST", "/usr/share/zoneinfo/right/MST7MDT", "/usr/share/zoneinfo/right/PST8PDT", "/usr/share/zoneinfo/right/Pacific/Apia", "/usr/share/zoneinfo/right/Pacific/Auckland", "/usr/share/zoneinfo/right/Pacific/Bougainville", "/usr/share/zoneinfo/right/Pacific/Chatham", "/usr/share/zoneinfo/right/Pacific/Chuuk", "/usr/share/zoneinfo/right/Pacific/Easter", "/usr/share/zoneinfo/right/Pacific/Efate", "/usr/share/zoneinfo/right/Pacific/Fakaofo", "/usr/share/zoneinfo/right/Pacific/Fiji", "/usr/share/zoneinfo/right/Pacific/Funafuti", "/usr/share/zoneinfo/right/Pacific/Galapagos", "/usr/share/zoneinfo/right/Pacific/Gambier", "/usr/share/zoneinfo/right/Pacific/Guadalcanal", "/usr/share/zoneinfo/right/Pacific/Guam", "/usr/share/zoneinfo/right/Pacific/Honolulu", "/usr/share/zoneinfo/right/Pacific/Kanton", "/usr/share/zoneinfo/right/Pacific/Kiritimati", "/usr/share/zoneinfo/right/Pacific/Kosrae", "/usr/share/zoneinfo/right/Pacific/Kwajalein", "/usr/share/zoneinfo/right/Pacific/Majuro", "/usr/share/zoneinfo/right/Pacific/Marquesas", "/usr/share/zoneinfo/right/Pacific/Midway", "/usr/share/zoneinfo/right/Pacific/Nauru", "/usr/share/zoneinfo/right/Pacific/Niue", "/usr/share/zoneinfo/right/Pacific/Norfolk", "/usr/share/zoneinfo/right/Pacific/Noumea", "/usr/share/zoneinfo/right/Pacific/Pago_Pago", "/usr/share/zoneinfo/right/Pacific/Palau", "/usr/share/zoneinfo/right/Pacific/Pitcairn", "/usr/share/zoneinfo/right/Pacific/Pohnpei", "/usr/share/zoneinfo/right/Pacific/Port_Moresby", "/usr/share/zoneinfo/right/Pacific/Rarotonga", "/usr/share/zoneinfo/right/Pacific/Saipan", "/usr/share/zoneinfo/right/Pacific/Tahiti", "/usr/share/zoneinfo/right/Pacific/Tarawa", "/usr/share/zoneinfo/right/Pacific/Tongatapu", "/usr/share/zoneinfo/right/Pacific/Wake", "/usr/share/zoneinfo/right/Pacific/Wallis", "/usr/share/zoneinfo/right/WET", "/usr/share/zoneinfo/tzdata.zi", "/usr/share/zoneinfo/zone.tab", "/usr/share/zoneinfo/zone1970.tab" ], "AnalyzedBy": "dpkg" } ] }, { "Target": "app/cmd/cainjector/cainjector", "Class": "lang-pkgs", "Type": "gobinary", "Packages": [ { "ID": "stdlib@v1.21.9", "Name": "stdlib", "Identifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "a54ac219820d7cae" }, "Version": "v1.21.9", "Relationship": "direct", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "../../", "Name": "../../", "Identifier": { "UID": "585e3c2b0bf6f892" }, "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/beorn7/perks@v1.0.1", "Name": "github.com/beorn7/perks", "Identifier": { "PURL": "pkg:golang/github.com/beorn7/perks@v1.0.1", "UID": "ea9c649a2b7e06d7" }, "Version": "v1.0.1", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/blang/semver/v4@v4.0.0", "Name": "github.com/blang/semver/v4", "Identifier": { "PURL": "pkg:golang/github.com/blang/semver/v4@v4.0.0", "UID": "b31d593a26c9fac6" }, "Version": "v4.0.0", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cert-manager/cert-manager/cainjector-binary", "Name": "github.com/cert-manager/cert-manager/cainjector-binary", "Identifier": { "PURL": "pkg:golang/github.com/cert-manager/cert-manager/cainjector-binary", "UID": "9b38958129f5e534" }, "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cespare/xxhash/v2@v2.2.0", "Name": "github.com/cespare/xxhash/v2", "Identifier": { "PURL": "pkg:golang/github.com/cespare/xxhash/v2@v2.2.0", "UID": "4783837cb2931795" }, "Version": "v2.2.0", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", "Name": "github.com/davecgh/go-spew", "Identifier": { "PURL": "pkg:golang/github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", "UID": "c040176c7f7a7d03" }, "Version": "v1.1.2-0.20180830191138-d8f796af33cc", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/emicklei/go-restful/v3@v3.11.0", "Name": "github.com/emicklei/go-restful/v3", "Identifier": { "PURL": "pkg:golang/github.com/emicklei/go-restful/v3@v3.11.0", "UID": "f49b5b8a7b412a83" }, "Version": "v3.11.0", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/evanphx/json-patch/v5@v5.7.0", "Name": "github.com/evanphx/json-patch/v5", "Identifier": { "PURL": "pkg:golang/github.com/evanphx/json-patch/v5@v5.7.0", "UID": "52a575b3ce5085f5" }, "Version": "v5.7.0", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/fsnotify/fsnotify@v1.7.0", "Name": "github.com/fsnotify/fsnotify", "Identifier": { "PURL": "pkg:golang/github.com/fsnotify/fsnotify@v1.7.0", "UID": "84e89d27a842f928" }, "Version": "v1.7.0", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-logr/logr@v1.4.1", "Name": "github.com/go-logr/logr", "Identifier": { "PURL": "pkg:golang/github.com/go-logr/logr@v1.4.1", "UID": "43aa8d478ea3f2f2" }, "Version": "v1.4.1", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-logr/zapr@v1.3.0", "Name": "github.com/go-logr/zapr", "Identifier": { "PURL": "pkg:golang/github.com/go-logr/zapr@v1.3.0", "UID": "f284ea699703f1eb" }, "Version": "v1.3.0", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/jsonpointer@v0.20.2", "Name": "github.com/go-openapi/jsonpointer", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/jsonpointer@v0.20.2", "UID": "c0e02c373cd78a4d" }, "Version": "v0.20.2", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/jsonreference@v0.20.4", "Name": "github.com/go-openapi/jsonreference", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/jsonreference@v0.20.4", "UID": "7d18a033865712f8" }, "Version": "v0.20.4", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag@v0.22.7", "Name": "github.com/go-openapi/swag", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag@v0.22.7", "UID": "d0ba37698f5b5ccb" }, "Version": "v0.22.7", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/gogo/protobuf@v1.3.2", "Name": "github.com/gogo/protobuf", "Identifier": { "PURL": "pkg:golang/github.com/gogo/protobuf@v1.3.2", "UID": "76f1ba1c1cd8ebf" }, "Version": "v1.3.2", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/golang/groupcache@v0.0.0-20210331224755-41bb18bfe9da", "Name": "github.com/golang/groupcache", "Identifier": { "PURL": "pkg:golang/github.com/golang/groupcache@v0.0.0-20210331224755-41bb18bfe9da", "UID": "df84a8b2e9200c53" }, "Version": "v0.0.0-20210331224755-41bb18bfe9da", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/golang/protobuf@v1.5.3", "Name": "github.com/golang/protobuf", "Identifier": { "PURL": "pkg:golang/github.com/golang/protobuf@v1.5.3", "UID": "ba66aa9d5e6c906d" }, "Version": "v1.5.3", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/gnostic-models@v0.6.8", "Name": "github.com/google/gnostic-models", "Identifier": { "PURL": "pkg:golang/github.com/google/gnostic-models@v0.6.8", "UID": "5dbbff756c093651" }, "Version": "v0.6.8", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/go-cmp@v0.6.0", "Name": "github.com/google/go-cmp", "Identifier": { "PURL": "pkg:golang/github.com/google/go-cmp@v0.6.0", "UID": "87f0814d18e95fb" }, "Version": "v0.6.0", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/gofuzz@v1.2.0", "Name": "github.com/google/gofuzz", "Identifier": { "PURL": "pkg:golang/github.com/google/gofuzz@v1.2.0", "UID": "d7efe9a5c0ab848c" }, "Version": "v1.2.0", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/uuid@v1.5.0", "Name": "github.com/google/uuid", "Identifier": { "PURL": "pkg:golang/github.com/google/uuid@v1.5.0", "UID": "e670f1ac342f3f1a" }, "Version": "v1.5.0", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/imdario/mergo@v0.3.16", "Name": "github.com/imdario/mergo", "Identifier": { "PURL": "pkg:golang/github.com/imdario/mergo@v0.3.16", "UID": "9d4f0edd474e2b7b" }, "Version": "v0.3.16", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/josharian/intern@v1.0.0", "Name": "github.com/josharian/intern", "Identifier": { "PURL": "pkg:golang/github.com/josharian/intern@v1.0.0", "UID": "34c66735c0171d1b" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/json-iterator/go@v1.1.12", "Name": "github.com/json-iterator/go", "Identifier": { "PURL": "pkg:golang/github.com/json-iterator/go@v1.1.12", "UID": "238e6fc00cb49b7b" }, "Version": "v1.1.12", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mailru/easyjson@v0.7.7", "Name": "github.com/mailru/easyjson", "Identifier": { "PURL": "pkg:golang/github.com/mailru/easyjson@v0.7.7", "UID": "c7b3a610e560abf7" }, "Version": "v0.7.7", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/matttproud/golang_protobuf_extensions/v2@v2.0.0", "Name": "github.com/matttproud/golang_protobuf_extensions/v2", "Identifier": { "PURL": "pkg:golang/github.com/matttproud/golang_protobuf_extensions/v2@v2.0.0", "UID": "5e89f3ee955e13b3" }, "Version": "v2.0.0", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", "Name": "github.com/modern-go/concurrent", "Identifier": { "PURL": "pkg:golang/github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", "UID": "b869900c83767d81" }, "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/modern-go/reflect2@v1.0.2", "Name": "github.com/modern-go/reflect2", "Identifier": { "PURL": "pkg:golang/github.com/modern-go/reflect2@v1.0.2", "UID": "b9c21f0d3d1b4b15" }, "Version": "v1.0.2", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", "Name": "github.com/munnerz/goautoneg", "Identifier": { "PURL": "pkg:golang/github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", "UID": "dc1c5c3b144ee52f" }, "Version": "v0.0.0-20191010083416-a7dc8b61c822", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/pkg/errors@v0.9.1", "Name": "github.com/pkg/errors", "Identifier": { "PURL": "pkg:golang/github.com/pkg/errors@v0.9.1", "UID": "f297e125173e85d1" }, "Version": "v0.9.1", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/client_golang@v1.18.0", "Name": "github.com/prometheus/client_golang", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/client_golang@v1.18.0", "UID": "f09592b6066cf346" }, "Version": "v1.18.0", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/client_model@v0.5.0", "Name": "github.com/prometheus/client_model", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/client_model@v0.5.0", "UID": "83270ad055930f64" }, "Version": "v0.5.0", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/common@v0.45.0", "Name": "github.com/prometheus/common", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/common@v0.45.0", "UID": "861cbd6000a0fbae" }, "Version": "v0.45.0", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/procfs@v0.12.0", "Name": "github.com/prometheus/procfs", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/procfs@v0.12.0", "UID": "ca1ee438cc4b8028" }, "Version": "v0.12.0", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/spf13/cobra@v1.8.0", "Name": "github.com/spf13/cobra", "Identifier": { "PURL": "pkg:golang/github.com/spf13/cobra@v1.8.0", "UID": "d351cae1ececde62" }, "Version": "v1.8.0", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/spf13/pflag@v1.0.5", "Name": "github.com/spf13/pflag", "Identifier": { "PURL": "pkg:golang/github.com/spf13/pflag@v1.0.5", "UID": "ed0d5b70c7dc764b" }, "Version": "v1.0.5", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "go.uber.org/multierr@v1.11.0", "Name": "go.uber.org/multierr", "Identifier": { "PURL": "pkg:golang/go.uber.org/multierr@v1.11.0", "UID": "3718117b5eb8bca3" }, "Version": "v1.11.0", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "go.uber.org/zap@v1.26.0", "Name": "go.uber.org/zap", "Identifier": { "PURL": "pkg:golang/go.uber.org/zap@v1.26.0", "UID": "dcd7717be0b2e48" }, "Version": "v1.26.0", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/exp@v0.0.0-20231226003508-02704c960a9b", "Name": "golang.org/x/exp", "Identifier": { "PURL": "pkg:golang/golang.org/x/exp@v0.0.0-20231226003508-02704c960a9b", "UID": "c90a8399138f3995" }, "Version": "v0.0.0-20231226003508-02704c960a9b", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/net@v0.24.0", "Name": "golang.org/x/net", "Identifier": { "PURL": "pkg:golang/golang.org/x/net@v0.24.0", "UID": "38038b84884e0275" }, "Version": "v0.24.0", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/oauth2@v0.15.0", "Name": "golang.org/x/oauth2", "Identifier": { "PURL": "pkg:golang/golang.org/x/oauth2@v0.15.0", "UID": "ad0fa44a78e55797" }, "Version": "v0.15.0", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/sys@v0.19.0", "Name": "golang.org/x/sys", "Identifier": { "PURL": "pkg:golang/golang.org/x/sys@v0.19.0", "UID": "54f2c712666ba349" }, "Version": "v0.19.0", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/term@v0.19.0", "Name": "golang.org/x/term", "Identifier": { "PURL": "pkg:golang/golang.org/x/term@v0.19.0", "UID": "eb7f12fbf280e6d5" }, "Version": "v0.19.0", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/text@v0.14.0", "Name": "golang.org/x/text", "Identifier": { "PURL": "pkg:golang/golang.org/x/text@v0.14.0", "UID": "d03d38ef3842625f" }, "Version": "v0.14.0", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/time@v0.5.0", "Name": "golang.org/x/time", "Identifier": { "PURL": "pkg:golang/golang.org/x/time@v0.5.0", "UID": "317701560070c453" }, "Version": "v0.5.0", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "gomodules.xyz/jsonpatch/v2@v2.4.0", "Name": "gomodules.xyz/jsonpatch/v2", "Identifier": { "PURL": "pkg:golang/gomodules.xyz/jsonpatch/v2@v2.4.0", "UID": "4c95c2bcc1b34a31" }, "Version": "v2.4.0", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/protobuf@v1.33.0", "Name": "google.golang.org/protobuf", "Identifier": { "PURL": "pkg:golang/google.golang.org/protobuf@v1.33.0", "UID": "d9c29ade73d9eb65" }, "Version": "v1.33.0", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/inf.v0@v0.9.1", "Name": "gopkg.in/inf.v0", "Identifier": { "PURL": "pkg:golang/gopkg.in/inf.v0@v0.9.1", "UID": "6dcbaed342ffca2d" }, "Version": "v0.9.1", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/yaml.v2@v2.4.0", "Name": "gopkg.in/yaml.v2", "Identifier": { "PURL": "pkg:golang/gopkg.in/yaml.v2@v2.4.0", "UID": "56139e367c6bd42b" }, "Version": "v2.4.0", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/yaml.v3@v3.0.1", "Name": "gopkg.in/yaml.v3", "Identifier": { "PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1", "UID": "1ac44e62f817cea7" }, "Version": "v3.0.1", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/api@v0.29.0", "Name": "k8s.io/api", "Identifier": { "PURL": "pkg:golang/k8s.io/api@v0.29.0", "UID": "be5029bf8145fa96" }, "Version": "v0.29.0", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/apiextensions-apiserver@v0.29.0", "Name": "k8s.io/apiextensions-apiserver", "Identifier": { "PURL": "pkg:golang/k8s.io/apiextensions-apiserver@v0.29.0", "UID": "d0c0342ef88520ce" }, "Version": "v0.29.0", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/apimachinery@v0.29.0", "Name": "k8s.io/apimachinery", "Identifier": { "PURL": "pkg:golang/k8s.io/apimachinery@v0.29.0", "UID": "425d7c21f60a22a2" }, "Version": "v0.29.0", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/client-go@v0.29.0", "Name": "k8s.io/client-go", "Identifier": { "PURL": "pkg:golang/k8s.io/client-go@v0.29.0", "UID": "df886b69bd6d7830" }, "Version": "v0.29.0", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/component-base@v0.29.0", "Name": "k8s.io/component-base", "Identifier": { "PURL": "pkg:golang/k8s.io/component-base@v0.29.0", "UID": "2018b800e61c6fc4" }, "Version": "v0.29.0", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/klog/v2@v2.110.1", "Name": "k8s.io/klog/v2", "Identifier": { "PURL": "pkg:golang/k8s.io/klog/v2@v2.110.1", "UID": "dc4c9b146454637d" }, "Version": "v2.110.1", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/kube-aggregator@v0.29.0", "Name": "k8s.io/kube-aggregator", "Identifier": { "PURL": "pkg:golang/k8s.io/kube-aggregator@v0.29.0", "UID": "172f4e4b153a80c8" }, "Version": "v0.29.0", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/kube-openapi@v0.0.0-20240103051144-eec4567ac022", "Name": "k8s.io/kube-openapi", "Identifier": { "PURL": "pkg:golang/k8s.io/kube-openapi@v0.0.0-20240103051144-eec4567ac022", "UID": "be8e8eccb6d19da0" }, "Version": "v0.0.0-20240103051144-eec4567ac022", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/utils@v0.0.0-20240102154912-e7106e64919e", "Name": "k8s.io/utils", "Identifier": { "PURL": "pkg:golang/k8s.io/utils@v0.0.0-20240102154912-e7106e64919e", "UID": "834bd3cd20472f28" }, "Version": "v0.0.0-20240102154912-e7106e64919e", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/controller-runtime@v0.16.3", "Name": "sigs.k8s.io/controller-runtime", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/controller-runtime@v0.16.3", "UID": "27bba8446924be91" }, "Version": "v0.16.3", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/gateway-api@v1.0.0", "Name": "sigs.k8s.io/gateway-api", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/gateway-api@v1.0.0", "UID": "4a0180b6a3afb895" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/json@v0.0.0-20221116044647-bc3834ca7abd", "Name": "sigs.k8s.io/json", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/json@v0.0.0-20221116044647-bc3834ca7abd", "UID": "b7a668522d7ba140" }, "Version": "v0.0.0-20221116044647-bc3834ca7abd", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/structured-merge-diff/v4@v4.4.1", "Name": "sigs.k8s.io/structured-merge-diff/v4", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/structured-merge-diff/v4@v4.4.1", "UID": "a77ce80bb0ebb8d4" }, "Version": "v4.4.1", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/yaml@v1.4.0", "Name": "sigs.k8s.io/yaml", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/yaml@v1.4.0", "UID": "1ee52aa2448d32a5" }, "Version": "v1.4.0", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "AnalyzedBy": "gobinary" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2025-22870", "VendorIDs": [ "GHSA-qxp5-gwg8-xv66" ], "PkgID": "golang.org/x/net@v0.24.0", "PkgName": "golang.org/x/net", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/net@v0.24.0", "UID": "38038b84884e0275" }, "InstalledVersion": "v0.24.0", "FixedVersion": "0.36.0", "Status": "fixed", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:9bde9e4f9639f7b78888b87e79a82d30718f86f0860e20b3af094f769c12d0a5", "Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", "Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.", "Severity": "MEDIUM", "CweIDs": [ "CWE-115" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/03/07/2", "https://access.redhat.com/security/cve/CVE-2025-22870", "https://github.com/golang/go/issues/71984", "https://go-review.googlesource.com/q/project:net", "https://go.dev/cl/654697", "https://go.dev/issue/71984", "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", "https://nvd.nist.gov/vuln/detail/CVE-2025-22870", "https://pkg.go.dev/vuln/GO-2025-3503", "https://security.netapp.com/advisory/ntap-20250509-0007", "https://security.netapp.com/advisory/ntap-20250509-0007/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-22870" ], "PublishedDate": "2025-03-12T19:15:38.31Z", "LastModifiedDate": "2026-04-16T23:16:32.86Z" }, { "VulnerabilityID": "CVE-2025-22872", "VendorIDs": [ "GHSA-vvgc-356p-c3xw" ], "PkgID": "golang.org/x/net@v0.24.0", "PkgName": "golang.org/x/net", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/net@v0.24.0", "UID": "38038b84884e0275" }, "InstalledVersion": "v0.24.0", "FixedVersion": "0.38.0", "Status": "fixed", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22872", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:64ee41b0093948a0367bd081bd764718d6e77bf1d0c86ccfa129d0490b560055", "Title": "golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net", "Description": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N", "V40Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22872", "https://github.com/TheDegenerateDev5150/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9", "https://github.com/advisories/GHSA-vvgc-356p-c3xw", "https://go.dev/cl/662715", "https://go.dev/issue/73070", "https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA", "https://nvd.nist.gov/vuln/detail/CVE-2025-22872", "https://pkg.go.dev/vuln/GO-2025-3595", "https://security.netapp.com/advisory/ntap-20250516-0007", "https://security.netapp.com/advisory/ntap-20250516-0007/", "https://ubuntu.com/security/notices/USN-8089-1", "https://ubuntu.com/security/notices/USN-8089-2", "https://ubuntu.com/security/notices/USN-8089-3", "https://www.cve.org/CVERecord?id=CVE-2025-22872" ], "PublishedDate": "2025-04-16T18:16:04.183Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-22868", "VendorIDs": [ "GHSA-6v2p-p543-phr9" ], "PkgID": "golang.org/x/oauth2@v0.15.0", "PkgName": "golang.org/x/oauth2", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/oauth2@v0.15.0", "UID": "ad0fa44a78e55797" }, "InstalledVersion": "v0.15.0", "FixedVersion": "0.27.0", "Status": "fixed", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22868", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:732b8345bb146ccf5d20c081355cc9d3a9ec03af890924ed1491f46a1a8a953b", "Title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws", "Description": "An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.", "Severity": "HIGH", "CweIDs": [ "CWE-1286" ], "VendorSeverity": { "amazon": 3, "azure": 3, "cbl-mariner": 3, "ghsa": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22868", "https://bugzilla.redhat.com/show_bug.cgi?id=2347423", "https://bugzilla.redhat.com/show_bug.cgi?id=2348366", "https://bugzilla.redhat.com/show_bug.cgi?id=2352914", "https://bugzilla.redhat.com/show_bug.cgi?id=2354195", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22868", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27144", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30204", "https://errata.rockylinux.org/RLSA-2025:7479", "https://go.dev/cl/652155", "https://go.dev/issue/71490", "https://nvd.nist.gov/vuln/detail/CVE-2025-22868", "https://pkg.go.dev/vuln/GO-2025-3488", "https://www.cve.org/CVERecord?id=CVE-2025-22868" ], "PublishedDate": "2025-02-26T08:14:24.897Z", "LastModifiedDate": "2025-05-01T19:27:10.43Z" }, { "VulnerabilityID": "CVE-2024-24790", "VendorIDs": [ "GO-2024-2887" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "a54ac219820d7cae" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.21.11, 1.22.4", "Status": "fixed", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24790", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:7234b3cf0f7f9e1565309b90aa7085cb8c9b5a9636d94dd5ffd0c16a7da9e48f", "Title": "golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses", "Description": "The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.", "Severity": "CRITICAL", "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 4, "cbl-mariner": 4, "nvd": 4, "oracle-oval": 2, "photon": 4, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 6.7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/06/04/1", "https://access.redhat.com/errata/RHSA-2025:7256", "https://access.redhat.com/security/cve/CVE-2024-24790", "https://bugzilla.redhat.com/2237777", "https://bugzilla.redhat.com/2237778", "https://bugzilla.redhat.com/2279814", "https://bugzilla.redhat.com/2292787", "https://bugzilla.redhat.com/2295310", "https://bugzilla.redhat.com/2315719", "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", "https://bugzilla.redhat.com/show_bug.cgi?id=2292787", "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", "https://bugzilla.redhat.com/show_bug.cgi?id=2315719", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9355", "https://errata.almalinux.org/9/ALSA-2025-7256.html", "https://errata.rockylinux.org/RLSA-2025:7256", "https://github.com/golang/go/commit/051bdf3fd12a40307606ff9381138039c5f452f0 (1.21)", "https://github.com/golang/go/commit/12d5810cdb1f73cf23d7a86462143e9463317fca (1.22)", "https://github.com/golang/go/issues/67680", "https://go.dev/cl/590316", "https://go.dev/issue/67680", "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k", "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ", "https://linux.oracle.com/cve/CVE-2024-24790.html", "https://linux.oracle.com/errata/ELSA-2025-7256.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-24790", "https://pkg.go.dev/vuln/GO-2024-2887", "https://security.netapp.com/advisory/ntap-20240905-0002/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://www.cve.org/CVERecord?id=CVE-2024-24790" ], "PublishedDate": "2024-06-05T16:15:10.56Z", "LastModifiedDate": "2024-11-21T08:59:42.813Z" }, { "VulnerabilityID": "CVE-2025-68121", "VendorIDs": [ "GO-2026-4337" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "a54ac219820d7cae" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3", "Status": "fixed", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68121", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:256079eeb4096da77da1bc4e706270817f72de6586edd20b0a120b318f594513", "Title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption", "Description": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.", "Severity": "CRITICAL", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 4, "cbl-mariner": 2, "nvd": 4, "oracle-oval": 3, "photon": 4, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "V3Score": 10 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "V3Score": 10 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4177", "https://access.redhat.com/security/cve/CVE-2025-68121", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-4177.html", "https://errata.rockylinux.org/RLSA-2026:4177", "https://github.com/golang/go/issues/77113", "https://go.dev/cl/737700", "https://go.dev/issue/77217", "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-68121.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-68121", "https://pkg.go.dev/vuln/GO-2026-4337", "https://www.cve.org/CVERecord?id=CVE-2025-68121" ], "PublishedDate": "2026-02-05T18:16:10.857Z", "LastModifiedDate": "2026-04-29T14:16:16.17Z" }, { "VulnerabilityID": "CVE-2024-34156", "VendorIDs": [ "GO-2024-3106" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "a54ac219820d7cae" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.22.7, 1.23.1", "Status": "fixed", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34156", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b71faa4a1fc06278d6847fd5426cce37cdd39ce78ce9c2dcb2b5ad6861d0aed5", "Title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion", "Description": "Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "Severity": "HIGH", "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:3773", "https://access.redhat.com/security/cve/CVE-2024-34156", "https://bugzilla.redhat.com/2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", "https://errata.almalinux.org/9/ALSA-2025-3773.html", "https://errata.rockylinux.org/RLSA-2025:3773", "https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7)", "https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1)", "https://go.dev/cl/611239", "https://go.dev/issue/69139", "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "https://linux.oracle.com/cve/CVE-2024-34156.html", "https://linux.oracle.com/errata/ELSA-2025-3773.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-34156", "https://pkg.go.dev/vuln/GO-2024-3106", "https://security.netapp.com/advisory/ntap-20240926-0004/", "https://ubuntu.com/security/notices/USN-7081-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-34156" ], "PublishedDate": "2024-09-06T21:15:12.02Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-61726", "VendorIDs": [ "GO-2026-4341" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "a54ac219820d7cae" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61726", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3be83f7a6a1fa992b142b5737dc549620f49bbf08b3d97fbf3d212f028ca647d", "Title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url", "Description": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 3, "cbl-mariner": 2, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4177", "https://access.redhat.com/security/cve/CVE-2025-61726", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-4177.html", "https://errata.rockylinux.org/RLSA-2026:4177", "https://go.dev/cl/736712", "https://go.dev/issue/77101", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-61726.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61726", "https://pkg.go.dev/vuln/GO-2026-4341", "https://www.cve.org/CVERecord?id=CVE-2025-61726" ], "PublishedDate": "2026-01-28T20:16:09.713Z", "LastModifiedDate": "2026-02-06T18:47:34.52Z" }, { "VulnerabilityID": "CVE-2025-61729", "VendorIDs": [ "GO-2025-4155" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "a54ac219820d7cae" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.24.11, 1.25.5", "Status": "fixed", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61729", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:0835e8380182589b4d76fb64dcd2ec50ef1c11f74832639133d7d66809a7047a", "Title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate", "Description": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 1, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:3928", "https://access.redhat.com/security/cve/CVE-2025-61729", "https://bugzilla.redhat.com/2418462", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-3928.html", "https://errata.rockylinux.org/RLSA-2026:3928", "https://go.dev/cl/725920", "https://go.dev/issue/76445", "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "https://linux.oracle.com/cve/CVE-2025-61729.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61729", "https://pkg.go.dev/vuln/GO-2025-4155", "https://www.cve.org/CVERecord?id=CVE-2025-61729" ], "PublishedDate": "2025-12-02T19:15:51.447Z", "LastModifiedDate": "2025-12-19T18:25:28.283Z" }, { "VulnerabilityID": "CVE-2026-25679", "VendorIDs": [ "GO-2026-4601" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "a54ac219820d7cae" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.25.8, 1.26.1", "Status": "fixed", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25679", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c1beca055dc0443b3f57fccf6f1d7e11f8d8c64a9caf6f6d851a1ef0d3302598", "Title": "net/url: Incorrect parsing of IPv6 host literals in net/url", "Description": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.", "Severity": "HIGH", "CweIDs": [ "CWE-425" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:9044", "https://access.redhat.com/security/cve/CVE-2026-25679", "https://bugzilla.redhat.com/2445356", "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", "https://errata.almalinux.org/9/ALSA-2026-9044.html", "https://errata.rockylinux.org/RLSA-2026:8841", "https://go.dev/cl/752180", "https://go.dev/issue/77578", "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "https://linux.oracle.com/cve/CVE-2026-25679.html", "https://linux.oracle.com/errata/ELSA-2026-9044.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", "https://pkg.go.dev/vuln/GO-2026-4601", "https://www.cve.org/CVERecord?id=CVE-2026-25679" ], "PublishedDate": "2026-03-06T22:16:00.72Z", "LastModifiedDate": "2026-04-21T14:43:03.8Z" }, { "VulnerabilityID": "CVE-2026-32280", "VendorIDs": [ "GO-2026-4947" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "a54ac219820d7cae" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c5a42aac2307d747e0757f72e5358b94c1419c01e4f6db1a55a71eb1b866f6cf", "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32280", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/758320", "https://go.dev/issue/78282", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32280.html", "https://linux.oracle.com/errata/ELSA-2026-16875.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", "https://pkg.go.dev/vuln/GO-2026-4947", "https://www.cve.org/CVERecord?id=CVE-2026-32280" ], "PublishedDate": "2026-04-08T02:16:03.247Z", "LastModifiedDate": "2026-04-16T19:16:42.18Z" }, { "VulnerabilityID": "CVE-2026-32281", "VendorIDs": [ "GO-2026-4946" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "a54ac219820d7cae" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b2764271f98fa5b6e76e8fd54f49e75f53cc9da104cbc1ccf160868af453a89b", "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32281", "https://go.dev/cl/758061", "https://go.dev/issue/78281", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", "https://pkg.go.dev/vuln/GO-2026-4946", "https://www.cve.org/CVERecord?id=CVE-2026-32281" ], "PublishedDate": "2026-04-08T02:16:03.35Z", "LastModifiedDate": "2026-04-16T19:15:57.75Z" }, { "VulnerabilityID": "CVE-2026-32283", "VendorIDs": [ "GO-2026-4870" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "a54ac219820d7cae" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:4d16e011220767200bb70a086e3103ac37ad1cebeef50367c8b3c2e9ce8a4fd3", "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "nvd": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32283", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763767", "https://go.dev/issue/78334", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32283.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", "https://pkg.go.dev/vuln/GO-2026-4870", "https://www.cve.org/CVERecord?id=CVE-2026-32283" ], "PublishedDate": "2026-04-08T02:16:03.58Z", "LastModifiedDate": "2026-04-16T19:12:10.54Z" }, { "VulnerabilityID": "CVE-2026-33811", "VendorIDs": [ "GO-2026-4981" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "a54ac219820d7cae" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:9af64d47d128ac99a44d82049020b87b606917bf1ae0ebbc9bd71b1ebc49be6c", "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", "Severity": "HIGH", "CweIDs": [ "CWE-415" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/767860", "https://go.dev/issue/78803", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", "https://pkg.go.dev/vuln/GO-2026-4981" ], "PublishedDate": "2026-05-07T20:16:42.77Z", "LastModifiedDate": "2026-05-12T20:23:02.333Z" }, { "VulnerabilityID": "CVE-2026-33814", "VendorIDs": [ "GO-2026-4918" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "a54ac219820d7cae" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b70c1e4d7ba1fae0121e80d0964844157afa0ca9bc907f047cb293688099149b", "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", "Severity": "HIGH", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/761581", "https://go.dev/cl/761640", "https://go.dev/issue/78476", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", "https://pkg.go.dev/vuln/GO-2026-4918" ], "PublishedDate": "2026-05-07T20:16:42.88Z", "LastModifiedDate": "2026-05-13T14:41:59.52Z" }, { "VulnerabilityID": "CVE-2026-39820", "VendorIDs": [ "GO-2026-4986" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "a54ac219820d7cae" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:5698b7c38ccaffedb34115d4f9679fe76a9695c5a57a2f71c72944d3d6a725d9", "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/759940", "https://go.dev/issue/78566", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", "https://pkg.go.dev/vuln/GO-2026-4986" ], "PublishedDate": "2026-05-07T20:16:43.187Z", "LastModifiedDate": "2026-05-13T15:10:58.65Z" }, { "VulnerabilityID": "CVE-2026-39836", "VendorIDs": [ "GO-2026-4971" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "a54ac219820d7cae" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:1a77c63fcedc29e005d0d9e85aa8b7b106f79eb642348f4d0f85274dc666779c", "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/775320", "https://go.dev/issue/79006", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", "https://pkg.go.dev/vuln/GO-2026-4971" ], "PublishedDate": "2026-05-07T20:16:43.593Z", "LastModifiedDate": "2026-05-13T15:11:10.31Z" }, { "VulnerabilityID": "CVE-2026-42499", "VendorIDs": [ "GO-2026-4977" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "a54ac219820d7cae" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3dcadf87ec42abea576c5e36b5c6933f5e31d1bdc6b69b1618c6802c39cfaf28", "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", "Severity": "HIGH", "VendorSeverity": { "bitnami": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/771520", "https://go.dev/issue/78987", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", "https://pkg.go.dev/vuln/GO-2026-4977" ], "PublishedDate": "2026-05-07T20:16:44.54Z", "LastModifiedDate": "2026-05-13T16:59:17.563Z" }, { "VulnerabilityID": "CVE-2024-24789", "VendorIDs": [ "GO-2024-2888" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "a54ac219820d7cae" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.21.11, 1.22.4", "Status": "fixed", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24789", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:ce9730ecd0a468a0cc634f7ceebc5d36212a5dce9a9eb80a66820e958aafadac", "Title": "golang: archive/zip: Incorrect handling of certain ZIP files", "Description": "The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/06/04/1", "https://access.redhat.com/errata/RHSA-2024:9115", "https://access.redhat.com/security/cve/CVE-2024-24789", "https://bugzilla.redhat.com/2279814", "https://bugzilla.redhat.com/2292668", "https://bugzilla.redhat.com/2292787", "https://bugzilla.redhat.com/2294000", "https://bugzilla.redhat.com/2295310", "https://bugzilla.redhat.com/show_bug.cgi?id=2144983", "https://bugzilla.redhat.com/show_bug.cgi?id=2274767", "https://bugzilla.redhat.com/show_bug.cgi?id=2292668", "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4122", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24789", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3727", "https://errata.almalinux.org/9/ALSA-2024-9115.html", "https://errata.rockylinux.org/RLSA-2024:9102", "https://github.com/golang/go/commit/c8e40338cf00f3c1d86c8fb23863ad67a4c72bcc (1.21)", "https://github.com/golang/go/commit/cf501ac0c5fe351a8582d20b43562027927906e7 (1.22)", "https://github.com/golang/go/issues/66869", "https://go.dev/cl/585397", "https://go.dev/issue/66869", "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k", "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ", "https://linux.oracle.com/cve/CVE-2024-24789.html", "https://linux.oracle.com/errata/ELSA-2024-9115.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5YAEIA6IUHUNGJ7AIXXPQT6D2GYENX7/", "https://nvd.nist.gov/vuln/detail/CVE-2024-24789", "https://pkg.go.dev/vuln/GO-2024-2888", "https://security.netapp.com/advisory/ntap-20250131-0008/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-24789" ], "PublishedDate": "2024-06-05T16:15:10.47Z", "LastModifiedDate": "2025-01-31T15:15:12.74Z" }, { "VulnerabilityID": "CVE-2024-24791", "VendorIDs": [ "GO-2024-2963" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "a54ac219820d7cae" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.21.12, 1.22.5", "Status": "fixed", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24791", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:990f3c281586ec2e546cbece76954920322bd73a7bad08bd470e038f32ef776a", "Title": "net/http: Denial of service due to improper 100-continue handling in net/http", "Description": "The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an \"Expect: 100-continue\" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending \"Expect: 100-continue\" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "bitnami": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:7256", "https://access.redhat.com/security/cve/CVE-2024-24791", "https://bugzilla.redhat.com/2237777", "https://bugzilla.redhat.com/2237778", "https://bugzilla.redhat.com/2279814", "https://bugzilla.redhat.com/2292787", "https://bugzilla.redhat.com/2295310", "https://bugzilla.redhat.com/2315719", "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", "https://bugzilla.redhat.com/show_bug.cgi?id=2292787", "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", "https://bugzilla.redhat.com/show_bug.cgi?id=2315719", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9355", "https://errata.almalinux.org/9/ALSA-2025-7256.html", "https://errata.rockylinux.org/RLSA-2025:7256", "https://go.dev/cl/591255", "https://go.dev/issue/67555", "https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ", "https://linux.oracle.com/cve/CVE-2024-24791.html", "https://linux.oracle.com/errata/ELSA-2025-7256.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-24791", "https://pkg.go.dev/vuln/GO-2024-2963", "https://security.netapp.com/advisory/ntap-20241004-0004/", "https://ubuntu.com/security/notices/USN-7081-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-24791" ], "PublishedDate": "2024-07-02T22:15:04.833Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-34155", "VendorIDs": [ "GO-2024-3105" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "a54ac219820d7cae" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.22.7, 1.23.1", "Status": "fixed", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34155", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:5be261d6ce064b3e85c9c83b0ac72d038db8c8a77cc7df212603e302545b6076", "Title": "go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion", "Description": "Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 4.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:9459", "https://access.redhat.com/security/cve/CVE-2024-34155", "https://bugzilla.redhat.com/2310527", "https://bugzilla.redhat.com/2310528", "https://bugzilla.redhat.com/2310529", "https://bugzilla.redhat.com/2315691", "https://bugzilla.redhat.com/2315887", "https://bugzilla.redhat.com/2317458", "https://bugzilla.redhat.com/2317467", "https://bugzilla.redhat.com/show_bug.cgi?id=2310527", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2310529", "https://bugzilla.redhat.com/show_bug.cgi?id=2315691", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341", "https://errata.almalinux.org/9/ALSA-2024-9459.html", "https://errata.rockylinux.org/RLSA-2024:8039", "https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1)", "https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7)", "https://go.dev/cl/611238", "https://go.dev/issue/69138", "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "https://linux.oracle.com/cve/CVE-2024-34155.html", "https://linux.oracle.com/errata/ELSA-2024-9459.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-34155", "https://pkg.go.dev/vuln/GO-2024-3105", "https://security.netapp.com/advisory/ntap-20240926-0005/", "https://ubuntu.com/security/notices/USN-7081-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-34155" ], "PublishedDate": "2024-09-06T21:15:11.947Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-34158", "VendorIDs": [ "GO-2024-3107" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "a54ac219820d7cae" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.22.7, 1.23.1", "Status": "fixed", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34158", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:efef31a2510650fc1aa7d559d1232b8ed3daee04f4a37d2a9e94a553ede99589", "Title": "go/build/constraint: golang: Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion", "Description": "Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.", "Severity": "MEDIUM", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:7118", "https://access.redhat.com/security/cve/CVE-2024-34158", "https://bugzilla.redhat.com/2262921", "https://bugzilla.redhat.com/2310529", "https://bugzilla.redhat.com/2315719", "https://bugzilla.redhat.com/show_bug.cgi?id=2310527", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2310529", "https://bugzilla.redhat.com/show_bug.cgi?id=2315691", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341", "https://errata.almalinux.org/9/ALSA-2025-7118.html", "https://errata.rockylinux.org/RLSA-2024:8039", "https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1)", "https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7)", "https://go.dev/cl/611240", "https://go.dev/issue/69141", "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "https://linux.oracle.com/cve/CVE-2024-34158.html", "https://linux.oracle.com/errata/ELSA-2025-7118.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-34158", "https://pkg.go.dev/vuln/GO-2024-3107", "https://security.netapp.com/advisory/ntap-20241004-0003/", "https://ubuntu.com/security/notices/USN-7081-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-34158" ], "PublishedDate": "2024-09-06T21:15:12.083Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-45336", "VendorIDs": [ "GO-2025-3420" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "a54ac219820d7cae" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.22.11, 1.23.5, 1.24.0-rc.2", "Status": "fixed", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-45336", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:bf1c48834e7cd14c6e753df41ecad30e094c6dca2d1d1d143d4dca33b9885203", "Title": "golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect", "Description": "The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "bitnami": 2, "cbl-mariner": 3, "oracle-oval": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:3772", "https://access.redhat.com/security/cve/CVE-2024-45336", "https://bugzilla.redhat.com/2341750", "https://bugzilla.redhat.com/2341751", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", "https://errata.almalinux.org/8/ALSA-2025-3772.html", "https://errata.rockylinux.org/RLSA-2025:3773", "https://github.com/golang/go/issues/70530", "https://go.dev/cl/643100", "https://go.dev/issue/70530", "https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI", "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ", "https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ", "https://linux.oracle.com/cve/CVE-2024-45336.html", "https://linux.oracle.com/errata/ELSA-2025-7592.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-45336", "https://pkg.go.dev/vuln/GO-2025-3420", "https://security.netapp.com/advisory/ntap-20250221-0003/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2024-45336" ], "PublishedDate": "2025-01-28T02:15:28.807Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-0913", "VendorIDs": [ "GO-2025-3750" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "a54ac219820d7cae" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.23.10, 1.24.4", "Status": "fixed", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:acd863159b8b0ccca59b0a98872b23327e0dade14bf7cc6e5ee3ebf147e882a6", "Title": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", "Description": "os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 } }, "References": [ "https://go.dev/cl/672396", "https://go.dev/issue/73702", "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "https://nvd.nist.gov/vuln/detail/CVE-2025-0913", "https://pkg.go.dev/vuln/GO-2025-3750" ], "PublishedDate": "2025-06-11T18:15:24.627Z", "LastModifiedDate": "2025-08-08T14:53:03.55Z" }, { "VulnerabilityID": "CVE-2025-22866", "VendorIDs": [ "GO-2025-3447" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "a54ac219820d7cae" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.22.12, 1.23.6, 1.24.0-rc.3", "Status": "fixed", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22866", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:8a77482a942944bd164d1e28b5c9acf7494271e91e76ea8b6512d4ad8e532faa", "Title": "crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec", "Description": "Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.", "Severity": "MEDIUM", "VendorSeverity": { "bitnami": 2, "oracle-oval": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22866", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", "https://errata.rockylinux.org/RLSA-2025:3773", "https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12)", "https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6)", "https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3)", "https://github.com/golang/go/issues/71383", "https://go.dev/cl/643735", "https://go.dev/issue/71383", "https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k", "https://linux.oracle.com/cve/CVE-2025-22866.html", "https://linux.oracle.com/errata/ELSA-2025-7466.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-22866", "https://pkg.go.dev/vuln/GO-2025-3447", "https://security.netapp.com/advisory/ntap-20250221-0002/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-22866" ], "PublishedDate": "2025-02-06T17:15:21.41Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-22870", "VendorIDs": [ "GHSA-qxp5-gwg8-xv66", "GO-2025-3503" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "a54ac219820d7cae" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.23.7, 1.24.1", "Status": "fixed", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:51a11a4fad7b33c79f53d996ef6802f8bdf840a1d24682a361e953c0a6f201a3", "Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", "Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.", "Severity": "MEDIUM", "CweIDs": [ "CWE-115" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/03/07/2", "https://access.redhat.com/security/cve/CVE-2025-22870", "https://github.com/golang/go/issues/71984", "https://go-review.googlesource.com/q/project:net", "https://go.dev/cl/654697", "https://go.dev/issue/71984", "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", "https://nvd.nist.gov/vuln/detail/CVE-2025-22870", "https://pkg.go.dev/vuln/GO-2025-3503", "https://security.netapp.com/advisory/ntap-20250509-0007", "https://security.netapp.com/advisory/ntap-20250509-0007/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-22870" ], "PublishedDate": "2025-03-12T19:15:38.31Z", "LastModifiedDate": "2026-04-16T23:16:32.86Z" }, { "VulnerabilityID": "CVE-2025-22871", "VendorIDs": [ "GO-2025-3563" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "a54ac219820d7cae" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.23.8, 1.24.2", "Status": "fixed", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22871", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:bb047db1816be9653f23c623d85eeb9ca6f92213e3811e0e7188d61636bfe1cb", "Title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http", "Description": "The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 4, "cbl-mariner": 3, "ghsa": 4, "oracle-oval": 2, "photon": 4, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/04/4", "https://access.redhat.com/errata/RHSA-2025:9635", "https://access.redhat.com/security/cve/CVE-2025-22871", "https://bugzilla.redhat.com/2358493", "https://bugzilla.redhat.com/show_bug.cgi?id=2358493", "https://cert-portal.siemens.com/productcert/html/ssa-783943.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871", "https://errata.almalinux.org/9/ALSA-2025-9635.html", "https://errata.rockylinux.org/RLSA-2025:9635", "https://github.com/roadrunner-server/roadrunner", "https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa", "https://github.com/roadrunner-server/roadrunner/issues/2166", "https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0", "https://go.dev/cl/652998", "https://go.dev/issue/71988", "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk", "https://linux.oracle.com/cve/CVE-2025-22871.html", "https://linux.oracle.com/errata/ELSA-2025-9845.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-22871", "https://pkg.go.dev/vuln/GO-2025-3563", "https://www.cve.org/CVERecord?id=CVE-2025-22871" ], "PublishedDate": "2025-04-08T20:15:20.183Z", "LastModifiedDate": "2026-05-12T13:16:39.897Z" }, { "VulnerabilityID": "CVE-2025-22873", "VendorIDs": [ "GO-2026-4403" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "a54ac219820d7cae" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.23.9, 1.24.3", "Status": "fixed", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22873", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:14ceafd0b9a4b9d7a3f7f41caf946ae0774b077f62503cb1863913d2fd201140", "Title": "os: os: Information disclosure via path traversal using specially crafted filenames", "Description": "It was possible to improperly access the parent directory of an os.Root by opening a filename ending in \"../\". For example, Root.Open(\"../\") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.", "Severity": "MEDIUM", "CweIDs": [ "CWE-23" ], "VendorSeverity": { "amazon": 2, "bitnami": 1, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "V3Score": 3.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/05/06/2", "https://access.redhat.com/security/cve/CVE-2025-22873", "https://go.dev/cl/670036", "https://go.dev/issue/73555", "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ", "https://nvd.nist.gov/vuln/detail/CVE-2025-22873", "https://pkg.go.dev/vuln/GO-2026-4403", "https://www.cve.org/CVERecord?id=CVE-2025-22873" ], "PublishedDate": "2026-02-04T23:15:54.22Z", "LastModifiedDate": "2026-02-10T15:16:40.057Z" }, { "VulnerabilityID": "CVE-2025-4673", "VendorIDs": [ "GO-2025-3751" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "a54ac219820d7cae" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.23.10, 1.24.4", "Status": "fixed", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b50f6f2b9418e14b6634bfcd6175b6a6cc8985868dbf548bd751057567bb6922", "Title": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", "Description": "Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "V3Score": 6.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "V3Score": 6.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:15887", "https://access.redhat.com/security/cve/CVE-2025-4673", "https://bugzilla.redhat.com/2373305", "https://bugzilla.redhat.com/show_bug.cgi?id=2373305", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673", "https://errata.almalinux.org/9/ALSA-2025-15887.html", "https://errata.rockylinux.org/RLSA-2025:15887", "https://go.dev/cl/679257", "https://go.dev/issue/73816", "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "https://linux.oracle.com/cve/CVE-2025-4673.html", "https://linux.oracle.com/errata/ELSA-2025-10677.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-4673", "https://pkg.go.dev/vuln/GO-2025-3751", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-4673" ], "PublishedDate": "2025-06-11T17:15:42.993Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-47906", "VendorIDs": [ "GO-2025-3956" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "a54ac219820d7cae" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.23.12, 1.24.6", "Status": "fixed", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:28ca26b0d6c47970b09c076f9f85b3ceeed2746d922adc2059e73905bfd431f7", "Title": "os/exec: Unexpected paths returned from LookPath in os/exec", "Description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/08/06/1", "https://access.redhat.com/errata/RHSA-2025:22005", "https://access.redhat.com/security/cve/CVE-2025-47906", "https://bugzilla.redhat.com/2396546", "https://bugzilla.redhat.com/show_bug.cgi?id=2396546", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906", "https://errata.almalinux.org/9/ALSA-2025-22005.html", "https://errata.rockylinux.org/RLSA-2025:22005", "https://go.dev/cl/691775", "https://go.dev/issue/74466", "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", "https://linux.oracle.com/cve/CVE-2025-47906.html", "https://linux.oracle.com/errata/ELSA-2025-22668.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-47906", "https://pkg.go.dev/vuln/GO-2025-3956", "https://www.cve.org/CVERecord?id=CVE-2025-47906" ], "PublishedDate": "2025-09-18T19:15:37.66Z", "LastModifiedDate": "2026-01-27T19:56:17.707Z" }, { "VulnerabilityID": "CVE-2025-47907", "VendorIDs": [ "GO-2025-3849" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "a54ac219820d7cae" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.23.12, 1.24.6", "Status": "fixed", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:2c052f86042a3fdb2fc64ef2461839eca1e7a4bca629f998b1f0d0e8cd7fea96", "Title": "database/sql: Postgres Scan Race Condition", "Description": "Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "V3Score": 7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/08/06/1", "https://access.redhat.com/errata/RHSA-2025:20909", "https://access.redhat.com/security/cve/CVE-2025-47907", "https://bugzilla.redhat.com/2387083", "https://bugzilla.redhat.com/2393152", "https://errata.almalinux.org/9/ALSA-2025-20909.html", "https://go.dev/cl/693735", "https://go.dev/issue/74831", "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", "https://linux.oracle.com/cve/CVE-2025-47907.html", "https://linux.oracle.com/errata/ELSA-2025-20983.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-47907", "https://pkg.go.dev/vuln/GO-2025-3849", "https://www.cve.org/CVERecord?id=CVE-2025-47907" ], "PublishedDate": "2025-08-07T16:15:30.357Z", "LastModifiedDate": "2026-01-29T19:11:50.67Z" }, { "VulnerabilityID": "CVE-2025-47912", "VendorIDs": [ "GO-2025-4010" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "a54ac219820d7cae" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47912", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:e9d1ce79227c0fbc41f0f092e89fd6f43659965ab8b49a8532c0c0291a43e90c", "Title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url", "Description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-47912", "https://go.dev/cl/709857", "https://go.dev/issue/75678", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-47912", "https://pkg.go.dev/vuln/GO-2025-4010", "https://www.cve.org/CVERecord?id=CVE-2025-47912" ], "PublishedDate": "2025-10-29T23:16:18.187Z", "LastModifiedDate": "2026-01-29T13:57:18.69Z" }, { "VulnerabilityID": "CVE-2025-58183", "VendorIDs": [ "GO-2025-4014" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "a54ac219820d7cae" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58183", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:d11826d46434775872220da63a28642cd5bf2ab8fb4bf06ced313dad93c30856", "Title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map", "Description": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/errata/RHSA-2026:1381", "https://access.redhat.com/security/cve/CVE-2025-58183", "https://bugzilla.redhat.com/2407258", "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", "https://errata.almalinux.org/9/ALSA-2026-1381.html", "https://errata.rockylinux.org/RLSA-2025:23326", "https://go.dev/cl/709861", "https://go.dev/issue/75677", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://linux.oracle.com/cve/CVE-2025-58183.html", "https://linux.oracle.com/errata/ELSA-2026-50076.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-58183", "https://pkg.go.dev/vuln/GO-2025-4014", "https://www.cve.org/CVERecord?id=CVE-2025-58183" ], "PublishedDate": "2025-10-29T23:16:19.357Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-58185", "VendorIDs": [ "GO-2025-4011" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "a54ac219820d7cae" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58185", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:cec60347f8b9906a4892e6008c445a0cdc37ff8966aa0928cea252481bf1de51", "Title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1", "Description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58185", "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd", "https://go.dev/cl/709856", "https://go.dev/issue/75671", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58185", "https://pkg.go.dev/vuln/GO-2025-4011", "https://www.cve.org/CVERecord?id=CVE-2025-58185" ], "PublishedDate": "2025-10-29T23:16:19.45Z", "LastModifiedDate": "2026-02-06T20:26:41.997Z" }, { "VulnerabilityID": "CVE-2025-58187", "VendorIDs": [ "GO-2025-4007" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "a54ac219820d7cae" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.24.9, 1.25.3", "Status": "fixed", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58187", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:38a71c3b092ea50bcbe6788f57211bd50d6662f95b5e3e9a98bc3a00a3e0c20c", "Title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509", "Description": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.", "Severity": "MEDIUM", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58187", "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4", "https://go.dev/cl/709854", "https://go.dev/issue/75681", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58187", "https://pkg.go.dev/vuln/GO-2025-4007", "https://www.cve.org/CVERecord?id=CVE-2025-58187" ], "PublishedDate": "2025-10-29T23:16:19.643Z", "LastModifiedDate": "2026-01-29T16:02:27.08Z" }, { "VulnerabilityID": "CVE-2025-58188", "VendorIDs": [ "GO-2025-4013" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "a54ac219820d7cae" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58188", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3495fbeb4f33acb188fa6203b2b17bf77ffee88e665069892a750c7b53124305", "Title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509", "Description": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58188", "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9", "https://go.dev/cl/709853", "https://go.dev/issue/75675", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58188", "https://pkg.go.dev/vuln/GO-2025-4013", "https://www.cve.org/CVERecord?id=CVE-2025-58188" ], "PublishedDate": "2025-10-29T23:16:19.74Z", "LastModifiedDate": "2026-01-29T15:55:11.97Z" }, { "VulnerabilityID": "CVE-2025-58189", "VendorIDs": [ "GO-2025-4008" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "a54ac219820d7cae" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58189", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:032d7bb70ce8ce4f8cf25dd62d785ae1cdaf6e61986bb7f1afbf88cdc6a08288", "Title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information", "Description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", "Severity": "MEDIUM", "CweIDs": [ "CWE-532" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58189", "https://go.dev/cl/707776", "https://go.dev/issue/75652", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58189", "https://pkg.go.dev/vuln/GO-2025-4008", "https://www.cve.org/CVERecord?id=CVE-2025-58189" ], "PublishedDate": "2025-10-29T23:16:19.833Z", "LastModifiedDate": "2026-01-29T15:49:24.543Z" }, { "VulnerabilityID": "CVE-2025-61723", "VendorIDs": [ "GO-2025-4009" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "a54ac219820d7cae" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61723", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:64a9a6b882af4a58b2493055d7c508a46c8ef90f8fd2047a31642812ce893f95", "Title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem", "Description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61723", "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b", "https://go.dev/cl/709858", "https://go.dev/issue/75676", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61723", "https://pkg.go.dev/vuln/GO-2025-4009", "https://www.cve.org/CVERecord?id=CVE-2025-61723" ], "PublishedDate": "2025-10-29T23:16:19.927Z", "LastModifiedDate": "2026-01-29T15:49:05.343Z" }, { "VulnerabilityID": "CVE-2025-61724", "VendorIDs": [ "GO-2025-4015" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "a54ac219820d7cae" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61724", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:5174e24130eafbf163e4651bc782f49f90721f699dea06d4c273fea4b88229a9", "Title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto", "Description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61724", "https://go.dev/cl/709859", "https://go.dev/issue/75716", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61724", "https://pkg.go.dev/vuln/GO-2025-4015", "https://www.cve.org/CVERecord?id=CVE-2025-61724" ], "PublishedDate": "2025-10-29T23:16:20.02Z", "LastModifiedDate": "2026-01-29T15:30:53.69Z" }, { "VulnerabilityID": "CVE-2025-61725", "VendorIDs": [ "GO-2025-4006" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "a54ac219820d7cae" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61725", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:9036085003255d87d1ff846c019203db76778da8b3228168e04b4ca4b69ecd1c", "Title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail", "Description": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61725", "https://go.dev/cl/709860", "https://go.dev/issue/75680", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61725", "https://pkg.go.dev/vuln/GO-2025-4006", "https://www.cve.org/CVERecord?id=CVE-2025-61725" ], "PublishedDate": "2025-10-29T23:16:20.113Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-61727", "VendorIDs": [ "GO-2025-4175" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "a54ac219820d7cae" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.24.11, 1.25.5", "Status": "fixed", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61727", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c11f30623742fd9775b0aa4d8e4ff3953b04db3f0d29896d54fe0b584a0d7a93", "Title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs", "Description": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-61727", "https://go.dev/cl/723900", "https://go.dev/issue/76442", "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "https://nvd.nist.gov/vuln/detail/CVE-2025-61727", "https://pkg.go.dev/vuln/GO-2025-4175", "https://www.cve.org/CVERecord?id=CVE-2025-61727" ], "PublishedDate": "2025-12-03T20:16:25.607Z", "LastModifiedDate": "2025-12-18T20:15:10.957Z" }, { "VulnerabilityID": "CVE-2025-61728", "VendorIDs": [ "GO-2026-4342" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "a54ac219820d7cae" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61728", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:15b35221a46d63d85df5c8643fa0ac7b08f9933eb0a927b7aa3a3ac0dea8ffba", "Title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip", "Description": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/15/4", "https://access.redhat.com/errata/RHSA-2026:3753", "https://access.redhat.com/security/cve/CVE-2025-61728", "https://bugzilla.redhat.com/2418462", "https://bugzilla.redhat.com/2434431", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", "https://bugzilla.redhat.com/show_bug.cgi?id=2434431", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-3753.html", "https://errata.rockylinux.org/RLSA-2026:3337", "https://go.dev/cl/736713", "https://go.dev/issue/77102", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-61728.html", "https://linux.oracle.com/errata/ELSA-2026-4672.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61728", "https://pkg.go.dev/vuln/GO-2026-4342", "https://www.cve.org/CVERecord?id=CVE-2025-61728" ], "PublishedDate": "2026-01-28T20:16:09.83Z", "LastModifiedDate": "2026-02-06T18:45:10.42Z" }, { "VulnerabilityID": "CVE-2025-61730", "VendorIDs": [ "GO-2026-4340" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "a54ac219820d7cae" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61730", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:a796cc7b26013c744e810f96bfdde7025988c90199b6c5edc3fa96f370ae467a", "Title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls", "Description": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 2, "azure": 1, "bitnami": 2, "cbl-mariner": 1, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-61730", "https://go.dev/cl/724120", "https://go.dev/issue/76443", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://nvd.nist.gov/vuln/detail/CVE-2025-61730", "https://pkg.go.dev/vuln/GO-2026-4340", "https://www.cve.org/CVERecord?id=CVE-2025-61730" ], "PublishedDate": "2026-01-28T20:16:09.94Z", "LastModifiedDate": "2026-02-03T20:36:41.3Z" }, { "VulnerabilityID": "CVE-2026-27142", "VendorIDs": [ "GO-2026-4603" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "a54ac219820d7cae" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.25.8, 1.26.1", "Status": "fixed", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27142", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:23c996f61e07b6a68e80a3a8f5351d81301678dfbdd7243dd4e6c5377d994932", "Title": "html/template: URLs in meta content attribute actions are not escaped in html/template", "Description": "Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27142", "https://go.dev/cl/752081", "https://go.dev/issue/77954", "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "https://nvd.nist.gov/vuln/detail/CVE-2026-27142", "https://pkg.go.dev/vuln/GO-2026-4603", "https://www.cve.org/CVERecord?id=CVE-2026-27142" ], "PublishedDate": "2026-03-06T22:16:01.177Z", "LastModifiedDate": "2026-04-21T14:30:01.38Z" }, { "VulnerabilityID": "CVE-2026-32282", "VendorIDs": [ "GO-2026-4864" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "a54ac219820d7cae" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:4b9b087ed66137a271352b22ca93c2aa1062b5d084f7cdca55b3dd4eaf7d89ac", "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32282", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763761", "https://go.dev/issue/78293", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32282.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", "https://pkg.go.dev/vuln/GO-2026-4864", "https://www.cve.org/CVERecord?id=CVE-2026-32282" ], "PublishedDate": "2026-04-08T02:16:03.467Z", "LastModifiedDate": "2026-04-16T19:15:39.4Z" }, { "VulnerabilityID": "CVE-2026-32288", "VendorIDs": [ "GO-2026-4869" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "a54ac219820d7cae" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:1d077bd69dcc110a9e1764309a92e9c3bdd04c73f5bd89bd6496592e532a1d6b", "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "azure": 2, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32288", "https://go.dev/cl/763766", "https://go.dev/issue/78301", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", "https://pkg.go.dev/vuln/GO-2026-4869", "https://www.cve.org/CVERecord?id=CVE-2026-32288" ], "PublishedDate": "2026-04-08T02:16:03.707Z", "LastModifiedDate": "2026-04-16T19:08:52.24Z" }, { "VulnerabilityID": "CVE-2026-32289", "VendorIDs": [ "GO-2026-4865" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "a54ac219820d7cae" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:a67370f1a50cf41311461571a8405b8302f2f961c80cbfd5343b4638bf54e112", "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32289", "https://go.dev/cl/763762", "https://go.dev/issue/78331", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", "https://pkg.go.dev/vuln/GO-2026-4865", "https://www.cve.org/CVERecord?id=CVE-2026-32289" ], "PublishedDate": "2026-04-08T02:16:03.82Z", "LastModifiedDate": "2026-04-16T19:06:57.367Z" }, { "VulnerabilityID": "CVE-2026-39823", "VendorIDs": [ "GO-2026-4982" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "a54ac219820d7cae" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c129460825c7c7cc45ebccfca178367a2427a9d72bcdf04f797dfa613a487d34", "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/769920", "https://go.dev/issue/78913", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", "https://pkg.go.dev/vuln/GO-2026-4982" ], "PublishedDate": "2026-05-07T20:16:43.29Z", "LastModifiedDate": "2026-05-13T16:58:45.697Z" }, { "VulnerabilityID": "CVE-2026-39825", "VendorIDs": [ "GO-2026-4976" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "a54ac219820d7cae" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:15f2a17965fd0611eeadf639d20901b8b742c9f4d7cc7bf3d5f189bec64e2f1b", "Title": "ReverseProxy can forward queries containing parameters not visible to ...", "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", "Severity": "MEDIUM", "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://go.dev/cl/770541", "https://go.dev/issue/78948", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", "https://pkg.go.dev/vuln/GO-2026-4976" ], "PublishedDate": "2026-05-07T20:16:43.39Z", "LastModifiedDate": "2026-05-13T16:58:56.39Z" }, { "VulnerabilityID": "CVE-2026-39826", "VendorIDs": [ "GO-2026-4980" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "a54ac219820d7cae" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:53bace7b0471b865e1a1b7bf0b8864d1986942561301b443ed94c6a191261d35", "DiffID": "sha256:072f8e24b0f8d7edcdc017f46eb355e7e9105cf76827212387260a7599ae356b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:ac2e4d90724fe7625ff1e574abaf5b04be94b5d2d8a3425e03d5d9328d3cc952", "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", "Severity": "MEDIUM", "CweIDs": [ "CWE-116" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/771180", "https://go.dev/issue/78981", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", "https://pkg.go.dev/vuln/GO-2026-4980" ], "PublishedDate": "2026-05-07T20:16:43.49Z", "LastModifiedDate": "2026-05-13T16:59:07.48Z" } ] } ] }, { "Namespace": "cert-manager", "Kind": "Deployment", "Name": "cert-manager-webhook", "Metadata": [ { "Size": 55117824, "OS": { "Family": "debian", "Name": "12.5" }, "ImageID": "sha256:f37c09a3d900e0303e84a261ef3f8dc10d5380f14d589bca5ca52a8ea6ac1ce2", "DiffIDs": [ "sha256:3d6fa0469044370439d20eaf7e0d25450e01335a93c13ba46e368d7785914c0c", "sha256:49626df344c912cfe9f8d8fcd635d301bd41127cd326914212cf2443a96cf421", "sha256:945d17be9a3e27af5ca1c671792bf1a8f2c3f4d13d3994665d95f084ed4f8a60", "sha256:4d049f83d9cf21d1f5cc0e11deaf36df02790d0e60c1a3829538fb4b61685368", "sha256:af5aa97ebe6ce1604747ec1e21af7136ded391bcabe4acef882e718a87c86bcc", "sha256:ac805962e47900b616b2f4b4584a34ac7b07d64ac1fd2c077478cf65311addcc", "sha256:bbb6cacb8c82e4da4e8143e03351e939eab5e21ce0ef333c42e637af86c5217b", "sha256:2a92d6ac9e4fcc274d5168b217ca4458a9fec6f094ead68d99c77073f08caac1", "sha256:1a73b54f556b477f0a8b939d13c504a3b4f4db71f7a09c63afbc10acb3de5849", "sha256:f4aee9e53c42a22ed82451218c3ea03d1eea8d6ca8fbe8eb4e950304ba8a8bb3", "sha256:b336e209998fa5cf0eec3dabf93a21194198a35f4f75612d8da03693f8c30217", "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d", "sha256:51c1e33e14008c93d157bf0f308494a7d0a421ce0693a232f92ef6e43eb29f90", "sha256:a7c10d30cf1ad3b67244a936515e38af0ece441e690e766e3eeca4227fc55f69" ], "RepoTags": [ "quay.io/jetstack/cert-manager-webhook:v1.14.5" ], "RepoDigests": [ "quay.io/jetstack/cert-manager-webhook@sha256:ef419261a209c5409fb1539dbd45c805d05936e955b4530b8ec4ac780577f151" ], "Reference": "quay.io/jetstack/cert-manager-webhook:v1.14.5", "ImageConfig": { "architecture": "amd64", "created": "2024-04-25T10:51:16.605914556Z", "history": [ { "created": "0001-01-01T00:00:00Z" }, { "created": "0001-01-01T00:00:00Z" }, { "created": "0001-01-01T00:00:00Z" }, { "created": "0001-01-01T00:00:00Z" }, { "created": "0001-01-01T00:00:00Z" }, { "created": "0001-01-01T00:00:00Z" }, { "created": "0001-01-01T00:00:00Z" }, { "created": "0001-01-01T00:00:00Z" }, { "created": "0001-01-01T00:00:00Z" }, { "created": "0001-01-01T00:00:00Z" }, { "created": "0001-01-01T00:00:00Z" }, { "created": "2024-04-25T10:51:15.704426359Z", "created_by": "LABEL org.opencontainers.image.source=https://github.com/cert-manager/cert-manager", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2024-04-25T10:51:15.704426359Z", "created_by": "USER 1000", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2024-04-25T10:51:15.704426359Z", "created_by": "COPY webhook /app/cmd/webhook/webhook # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2024-04-25T10:51:16.186456226Z", "created_by": "COPY cert-manager.license /licenses/LICENSE # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2024-04-25T10:51:16.605914556Z", "created_by": "COPY cert-manager.licenses_notice /licenses/LICENSES # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2024-04-25T10:51:16.605914556Z", "created_by": "ENTRYPOINT [\"/app/cmd/webhook/webhook\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true } ], "os": "linux", "rootfs": { "type": "layers", "diff_ids": [ "sha256:3d6fa0469044370439d20eaf7e0d25450e01335a93c13ba46e368d7785914c0c", "sha256:49626df344c912cfe9f8d8fcd635d301bd41127cd326914212cf2443a96cf421", "sha256:945d17be9a3e27af5ca1c671792bf1a8f2c3f4d13d3994665d95f084ed4f8a60", "sha256:4d049f83d9cf21d1f5cc0e11deaf36df02790d0e60c1a3829538fb4b61685368", "sha256:af5aa97ebe6ce1604747ec1e21af7136ded391bcabe4acef882e718a87c86bcc", "sha256:ac805962e47900b616b2f4b4584a34ac7b07d64ac1fd2c077478cf65311addcc", "sha256:bbb6cacb8c82e4da4e8143e03351e939eab5e21ce0ef333c42e637af86c5217b", "sha256:2a92d6ac9e4fcc274d5168b217ca4458a9fec6f094ead68d99c77073f08caac1", "sha256:1a73b54f556b477f0a8b939d13c504a3b4f4db71f7a09c63afbc10acb3de5849", "sha256:f4aee9e53c42a22ed82451218c3ea03d1eea8d6ca8fbe8eb4e950304ba8a8bb3", "sha256:b336e209998fa5cf0eec3dabf93a21194198a35f4f75612d8da03693f8c30217", "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d", "sha256:51c1e33e14008c93d157bf0f308494a7d0a421ce0693a232f92ef6e43eb29f90", "sha256:a7c10d30cf1ad3b67244a936515e38af0ece441e690e766e3eeca4227fc55f69" ] }, "config": { "Entrypoint": [ "/app/cmd/webhook/webhook" ], "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt" ], "Labels": { "org.opencontainers.image.source": "https://github.com/cert-manager/cert-manager" }, "User": "1000", "WorkingDir": "/" } }, "Layers": [ { "Size": 327680, "Digest": "sha256:286c61c9a31ace5fa0b8832c8e8e30d66bf32138f2f787463235aa0071f714ea", "DiffID": "sha256:3d6fa0469044370439d20eaf7e0d25450e01335a93c13ba46e368d7785914c0c" }, { "Size": 40960, "Digest": "sha256:2bdf44d7aa71bf3a0da2de0563ad0e3882948d699b4991edf8c0ab44e7f26ae3", "DiffID": "sha256:49626df344c912cfe9f8d8fcd635d301bd41127cd326914212cf2443a96cf421" }, { "Size": 2396160, "Digest": "sha256:452e9eed7ecfd0c2b44ac6fda20cee66ab98aec38ba30aa868e02445be7c8bb0", "DiffID": "sha256:945d17be9a3e27af5ca1c671792bf1a8f2c3f4d13d3994665d95f084ed4f8a60" }, { "Size": 1536, "Digest": "sha256:0f8b424aa0b96c1c388a5fd4d90735604459256336853082afb61733438872b5", "DiffID": "sha256:4d049f83d9cf21d1f5cc0e11deaf36df02790d0e60c1a3829538fb4b61685368" }, { "Size": 2560, "Digest": "sha256:d557676654e572af3e3173c90e7874644207fda32cd87e9d3d66b5d7b98a7b21", "DiffID": "sha256:af5aa97ebe6ce1604747ec1e21af7136ded391bcabe4acef882e718a87c86bcc" }, { "Size": 2560, "Digest": "sha256:c8022d07192eddbb2a548ba83be5e412f7ba863bbba158d133c9653bb8a47768", "DiffID": "sha256:ac805962e47900b616b2f4b4584a34ac7b07d64ac1fd2c077478cf65311addcc" }, { "Size": 2560, "Digest": "sha256:d858cbc252ade14879807ff8dbc3043a26bbdb92087da98cda831ee040b172b3", "DiffID": "sha256:bbb6cacb8c82e4da4e8143e03351e939eab5e21ce0ef333c42e637af86c5217b" }, { "Size": 1536, "Digest": "sha256:1069fc2daed1aceff7232f4b8ab21200dd3d8b04f61be9da86977a34a105dfdc", "DiffID": "sha256:2a92d6ac9e4fcc274d5168b217ca4458a9fec6f094ead68d99c77073f08caac1" }, { "Size": 10240, "Digest": "sha256:b40161cd83fc5d470d6abe50e87aa288481b6b89137012881d74187cfbf9f502", "DiffID": "sha256:1a73b54f556b477f0a8b939d13c504a3b4f4db71f7a09c63afbc10acb3de5849" }, { "Size": 3072, "Digest": "sha256:3f4e2c5863480125882d92060440a5250766bce764fee10acdbac18c872e4dc7", "DiffID": "sha256:f4aee9e53c42a22ed82451218c3ea03d1eea8d6ca8fbe8eb4e950304ba8a8bb3" }, { "Size": 238592, "Digest": "sha256:80a8c047508ae5cd6a591060fc43422cb8e3aea1bd908d913e8f0146e2297fea", "DiffID": "sha256:b336e209998fa5cf0eec3dabf93a21194198a35f4f75612d8da03693f8c30217" }, { "Size": 52084224, "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, { "Size": 3584, "Digest": "sha256:33838fd697f026879464ebe9f5ae6e0bec5289f689e97cf734da7837d33487f4", "DiffID": "sha256:51c1e33e14008c93d157bf0f308494a7d0a421ce0693a232f92ef6e43eb29f90" }, { "Size": 2560, "Digest": "sha256:dc114723bba03499030a454579abd5a5e68f2a10374a8917f82411b8dfd9ffc1", "DiffID": "sha256:a7c10d30cf1ad3b67244a936515e38af0ece441e690e766e3eeca4227fc55f69" } ] } ], "Results": [ { "Target": "quay.io/jetstack/cert-manager-webhook:v1.14.5 (debian 12.5)", "Class": "os-pkgs", "Type": "debian", "Packages": [ { "ID": "base-files@12.4+deb12u5", "Name": "base-files", "Identifier": { "PURL": "pkg:deb/debian/base-files@12.4%2Bdeb12u5?arch=amd64\u0026distro=debian-12.5", "UID": "a027b06af87a4cc3" }, "Version": "12.4+deb12u5", "Arch": "amd64", "SrcName": "base-files", "SrcVersion": "12.4+deb12u5", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Santiago Vila \u003csanvila@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:286c61c9a31ace5fa0b8832c8e8e30d66bf32138f2f787463235aa0071f714ea", "DiffID": "sha256:3d6fa0469044370439d20eaf7e0d25450e01335a93c13ba46e368d7785914c0c" }, "InstalledFiles": [ "/usr/lib/os-release", "/usr/share/base-files/dot.bashrc", "/usr/share/base-files/dot.profile", "/usr/share/base-files/dot.profile.md5sums", "/usr/share/base-files/info.dir", "/usr/share/base-files/motd", "/usr/share/base-files/profile", "/usr/share/base-files/profile.md5sums", "/usr/share/base-files/staff-group-for-usr-local", "/usr/share/common-licenses/Apache-2.0", "/usr/share/common-licenses/Artistic", "/usr/share/common-licenses/BSD", "/usr/share/common-licenses/CC0-1.0", "/usr/share/common-licenses/GFDL-1.2", "/usr/share/common-licenses/GFDL-1.3", "/usr/share/common-licenses/GPL-1", "/usr/share/common-licenses/GPL-2", "/usr/share/common-licenses/GPL-3", "/usr/share/common-licenses/LGPL-2", "/usr/share/common-licenses/LGPL-2.1", "/usr/share/common-licenses/LGPL-3", "/usr/share/common-licenses/MPL-1.1", "/usr/share/common-licenses/MPL-2.0", "/usr/share/doc/base-files/README", "/usr/share/doc/base-files/README.FHS", "/usr/share/doc/base-files/changelog.gz", "/usr/share/doc/base-files/copyright", "/usr/share/lintian/overrides/base-files" ], "AnalyzedBy": "dpkg" }, { "ID": "netbase@6.4", "Name": "netbase", "Identifier": { "PURL": "pkg:deb/debian/netbase@6.4?arch=all\u0026distro=debian-12.5", "UID": "64adcbea2e4e887c" }, "Version": "6.4", "Arch": "all", "SrcName": "netbase", "SrcVersion": "6.4", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Marco d'Itri \u003cmd@linux.it\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:2bdf44d7aa71bf3a0da2de0563ad0e3882948d699b4991edf8c0ab44e7f26ae3", "DiffID": "sha256:49626df344c912cfe9f8d8fcd635d301bd41127cd326914212cf2443a96cf421" }, "InstalledFiles": [ "/usr/share/doc/netbase/changelog.gz", "/usr/share/doc/netbase/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "tzdata@2024a-0+deb12u1", "Name": "tzdata", "Identifier": { "PURL": "pkg:deb/debian/tzdata@2024a-0%2Bdeb12u1?arch=all\u0026distro=debian-12.5", "UID": "c32ff64571217b4a" }, "Version": "2024a", "Release": "0+deb12u1", "Arch": "all", "SrcName": "tzdata", "SrcVersion": "2024a", "SrcRelease": "0+deb12u1", "Licenses": [ "public-domain" ], "Maintainer": "GNU Libc Maintainers \u003cdebian-glibc@lists.debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:452e9eed7ecfd0c2b44ac6fda20cee66ab98aec38ba30aa868e02445be7c8bb0", "DiffID": "sha256:945d17be9a3e27af5ca1c671792bf1a8f2c3f4d13d3994665d95f084ed4f8a60" }, "InstalledFiles": [ "/usr/share/doc/tzdata/README.Debian", "/usr/share/doc/tzdata/changelog.Debian.gz", "/usr/share/doc/tzdata/changelog.gz", "/usr/share/doc/tzdata/copyright", "/usr/share/lintian/overrides/tzdata", "/usr/share/zoneinfo/Africa/Abidjan", "/usr/share/zoneinfo/Africa/Accra", "/usr/share/zoneinfo/Africa/Addis_Ababa", "/usr/share/zoneinfo/Africa/Algiers", "/usr/share/zoneinfo/Africa/Asmara", "/usr/share/zoneinfo/Africa/Bamako", "/usr/share/zoneinfo/Africa/Bangui", "/usr/share/zoneinfo/Africa/Banjul", "/usr/share/zoneinfo/Africa/Bissau", "/usr/share/zoneinfo/Africa/Blantyre", "/usr/share/zoneinfo/Africa/Brazzaville", "/usr/share/zoneinfo/Africa/Bujumbura", "/usr/share/zoneinfo/Africa/Cairo", "/usr/share/zoneinfo/Africa/Casablanca", "/usr/share/zoneinfo/Africa/Ceuta", "/usr/share/zoneinfo/Africa/Conakry", "/usr/share/zoneinfo/Africa/Dakar", "/usr/share/zoneinfo/Africa/Dar_es_Salaam", "/usr/share/zoneinfo/Africa/Djibouti", "/usr/share/zoneinfo/Africa/Douala", "/usr/share/zoneinfo/Africa/El_Aaiun", "/usr/share/zoneinfo/Africa/Freetown", "/usr/share/zoneinfo/Africa/Gaborone", "/usr/share/zoneinfo/Africa/Harare", "/usr/share/zoneinfo/Africa/Johannesburg", "/usr/share/zoneinfo/Africa/Juba", "/usr/share/zoneinfo/Africa/Kampala", "/usr/share/zoneinfo/Africa/Khartoum", "/usr/share/zoneinfo/Africa/Kigali", "/usr/share/zoneinfo/Africa/Kinshasa", "/usr/share/zoneinfo/Africa/Lagos", "/usr/share/zoneinfo/Africa/Libreville", "/usr/share/zoneinfo/Africa/Lome", "/usr/share/zoneinfo/Africa/Luanda", "/usr/share/zoneinfo/Africa/Lubumbashi", "/usr/share/zoneinfo/Africa/Lusaka", "/usr/share/zoneinfo/Africa/Malabo", "/usr/share/zoneinfo/Africa/Maputo", "/usr/share/zoneinfo/Africa/Maseru", "/usr/share/zoneinfo/Africa/Mbabane", "/usr/share/zoneinfo/Africa/Mogadishu", "/usr/share/zoneinfo/Africa/Monrovia", "/usr/share/zoneinfo/Africa/Nairobi", "/usr/share/zoneinfo/Africa/Ndjamena", "/usr/share/zoneinfo/Africa/Niamey", "/usr/share/zoneinfo/Africa/Nouakchott", "/usr/share/zoneinfo/Africa/Ouagadougou", "/usr/share/zoneinfo/Africa/Porto-Novo", "/usr/share/zoneinfo/Africa/Sao_Tome", "/usr/share/zoneinfo/Africa/Tripoli", "/usr/share/zoneinfo/Africa/Tunis", "/usr/share/zoneinfo/Africa/Windhoek", "/usr/share/zoneinfo/America/Adak", "/usr/share/zoneinfo/America/Anchorage", "/usr/share/zoneinfo/America/Anguilla", "/usr/share/zoneinfo/America/Antigua", "/usr/share/zoneinfo/America/Araguaina", "/usr/share/zoneinfo/America/Argentina/Buenos_Aires", "/usr/share/zoneinfo/America/Argentina/Catamarca", "/usr/share/zoneinfo/America/Argentina/Cordoba", "/usr/share/zoneinfo/America/Argentina/Jujuy", "/usr/share/zoneinfo/America/Argentina/La_Rioja", "/usr/share/zoneinfo/America/Argentina/Mendoza", "/usr/share/zoneinfo/America/Argentina/Rio_Gallegos", "/usr/share/zoneinfo/America/Argentina/Salta", "/usr/share/zoneinfo/America/Argentina/San_Juan", "/usr/share/zoneinfo/America/Argentina/San_Luis", "/usr/share/zoneinfo/America/Argentina/Tucuman", "/usr/share/zoneinfo/America/Argentina/Ushuaia", "/usr/share/zoneinfo/America/Aruba", "/usr/share/zoneinfo/America/Asuncion", "/usr/share/zoneinfo/America/Atikokan", "/usr/share/zoneinfo/America/Bahia", "/usr/share/zoneinfo/America/Bahia_Banderas", "/usr/share/zoneinfo/America/Barbados", "/usr/share/zoneinfo/America/Belem", "/usr/share/zoneinfo/America/Belize", "/usr/share/zoneinfo/America/Blanc-Sablon", "/usr/share/zoneinfo/America/Boa_Vista", "/usr/share/zoneinfo/America/Bogota", "/usr/share/zoneinfo/America/Boise", "/usr/share/zoneinfo/America/Cambridge_Bay", "/usr/share/zoneinfo/America/Campo_Grande", "/usr/share/zoneinfo/America/Cancun", "/usr/share/zoneinfo/America/Caracas", "/usr/share/zoneinfo/America/Cayenne", "/usr/share/zoneinfo/America/Cayman", "/usr/share/zoneinfo/America/Chicago", "/usr/share/zoneinfo/America/Chihuahua", "/usr/share/zoneinfo/America/Ciudad_Juarez", "/usr/share/zoneinfo/America/Costa_Rica", "/usr/share/zoneinfo/America/Creston", "/usr/share/zoneinfo/America/Cuiaba", "/usr/share/zoneinfo/America/Curacao", "/usr/share/zoneinfo/America/Danmarkshavn", "/usr/share/zoneinfo/America/Dawson", "/usr/share/zoneinfo/America/Dawson_Creek", "/usr/share/zoneinfo/America/Denver", "/usr/share/zoneinfo/America/Detroit", "/usr/share/zoneinfo/America/Dominica", "/usr/share/zoneinfo/America/Edmonton", "/usr/share/zoneinfo/America/Eirunepe", "/usr/share/zoneinfo/America/El_Salvador", "/usr/share/zoneinfo/America/Fort_Nelson", "/usr/share/zoneinfo/America/Fortaleza", "/usr/share/zoneinfo/America/Glace_Bay", "/usr/share/zoneinfo/America/Goose_Bay", "/usr/share/zoneinfo/America/Grand_Turk", "/usr/share/zoneinfo/America/Grenada", "/usr/share/zoneinfo/America/Guadeloupe", "/usr/share/zoneinfo/America/Guatemala", "/usr/share/zoneinfo/America/Guayaquil", "/usr/share/zoneinfo/America/Guyana", "/usr/share/zoneinfo/America/Halifax", "/usr/share/zoneinfo/America/Havana", "/usr/share/zoneinfo/America/Hermosillo", "/usr/share/zoneinfo/America/Indiana/Indianapolis", "/usr/share/zoneinfo/America/Indiana/Knox", "/usr/share/zoneinfo/America/Indiana/Marengo", "/usr/share/zoneinfo/America/Indiana/Petersburg", "/usr/share/zoneinfo/America/Indiana/Tell_City", "/usr/share/zoneinfo/America/Indiana/Vevay", "/usr/share/zoneinfo/America/Indiana/Vincennes", "/usr/share/zoneinfo/America/Indiana/Winamac", "/usr/share/zoneinfo/America/Inuvik", "/usr/share/zoneinfo/America/Iqaluit", "/usr/share/zoneinfo/America/Jamaica", "/usr/share/zoneinfo/America/Juneau", "/usr/share/zoneinfo/America/Kentucky/Louisville", "/usr/share/zoneinfo/America/Kentucky/Monticello", "/usr/share/zoneinfo/America/La_Paz", "/usr/share/zoneinfo/America/Lima", "/usr/share/zoneinfo/America/Los_Angeles", "/usr/share/zoneinfo/America/Maceio", "/usr/share/zoneinfo/America/Managua", "/usr/share/zoneinfo/America/Manaus", "/usr/share/zoneinfo/America/Martinique", "/usr/share/zoneinfo/America/Matamoros", "/usr/share/zoneinfo/America/Mazatlan", "/usr/share/zoneinfo/America/Menominee", "/usr/share/zoneinfo/America/Merida", "/usr/share/zoneinfo/America/Metlakatla", "/usr/share/zoneinfo/America/Mexico_City", "/usr/share/zoneinfo/America/Miquelon", "/usr/share/zoneinfo/America/Moncton", "/usr/share/zoneinfo/America/Monterrey", "/usr/share/zoneinfo/America/Montevideo", "/usr/share/zoneinfo/America/Montserrat", "/usr/share/zoneinfo/America/Nassau", "/usr/share/zoneinfo/America/New_York", "/usr/share/zoneinfo/America/Nome", "/usr/share/zoneinfo/America/Noronha", "/usr/share/zoneinfo/America/North_Dakota/Beulah", "/usr/share/zoneinfo/America/North_Dakota/Center", "/usr/share/zoneinfo/America/North_Dakota/New_Salem", "/usr/share/zoneinfo/America/Nuuk", "/usr/share/zoneinfo/America/Ojinaga", "/usr/share/zoneinfo/America/Panama", "/usr/share/zoneinfo/America/Paramaribo", "/usr/share/zoneinfo/America/Phoenix", "/usr/share/zoneinfo/America/Port-au-Prince", "/usr/share/zoneinfo/America/Port_of_Spain", "/usr/share/zoneinfo/America/Porto_Velho", "/usr/share/zoneinfo/America/Puerto_Rico", "/usr/share/zoneinfo/America/Punta_Arenas", "/usr/share/zoneinfo/America/Rankin_Inlet", "/usr/share/zoneinfo/America/Recife", "/usr/share/zoneinfo/America/Regina", "/usr/share/zoneinfo/America/Resolute", "/usr/share/zoneinfo/America/Rio_Branco", "/usr/share/zoneinfo/America/Santarem", "/usr/share/zoneinfo/America/Santiago", "/usr/share/zoneinfo/America/Santo_Domingo", "/usr/share/zoneinfo/America/Sao_Paulo", "/usr/share/zoneinfo/America/Scoresbysund", "/usr/share/zoneinfo/America/Sitka", "/usr/share/zoneinfo/America/St_Johns", "/usr/share/zoneinfo/America/St_Kitts", "/usr/share/zoneinfo/America/St_Lucia", "/usr/share/zoneinfo/America/St_Thomas", "/usr/share/zoneinfo/America/St_Vincent", "/usr/share/zoneinfo/America/Swift_Current", "/usr/share/zoneinfo/America/Tegucigalpa", "/usr/share/zoneinfo/America/Thule", "/usr/share/zoneinfo/America/Tijuana", "/usr/share/zoneinfo/America/Toronto", "/usr/share/zoneinfo/America/Tortola", "/usr/share/zoneinfo/America/Vancouver", "/usr/share/zoneinfo/America/Whitehorse", "/usr/share/zoneinfo/America/Winnipeg", "/usr/share/zoneinfo/America/Yakutat", "/usr/share/zoneinfo/Antarctica/Casey", "/usr/share/zoneinfo/Antarctica/Davis", "/usr/share/zoneinfo/Antarctica/DumontDUrville", "/usr/share/zoneinfo/Antarctica/Macquarie", "/usr/share/zoneinfo/Antarctica/Mawson", "/usr/share/zoneinfo/Antarctica/McMurdo", "/usr/share/zoneinfo/Antarctica/Palmer", "/usr/share/zoneinfo/Antarctica/Rothera", "/usr/share/zoneinfo/Antarctica/Syowa", "/usr/share/zoneinfo/Antarctica/Troll", "/usr/share/zoneinfo/Antarctica/Vostok", "/usr/share/zoneinfo/Asia/Aden", "/usr/share/zoneinfo/Asia/Almaty", "/usr/share/zoneinfo/Asia/Amman", "/usr/share/zoneinfo/Asia/Anadyr", "/usr/share/zoneinfo/Asia/Aqtau", "/usr/share/zoneinfo/Asia/Aqtobe", "/usr/share/zoneinfo/Asia/Ashgabat", "/usr/share/zoneinfo/Asia/Atyrau", "/usr/share/zoneinfo/Asia/Baghdad", "/usr/share/zoneinfo/Asia/Bahrain", "/usr/share/zoneinfo/Asia/Baku", "/usr/share/zoneinfo/Asia/Bangkok", "/usr/share/zoneinfo/Asia/Barnaul", "/usr/share/zoneinfo/Asia/Beirut", "/usr/share/zoneinfo/Asia/Bishkek", "/usr/share/zoneinfo/Asia/Brunei", "/usr/share/zoneinfo/Asia/Chita", "/usr/share/zoneinfo/Asia/Choibalsan", "/usr/share/zoneinfo/Asia/Colombo", "/usr/share/zoneinfo/Asia/Damascus", "/usr/share/zoneinfo/Asia/Dhaka", "/usr/share/zoneinfo/Asia/Dili", "/usr/share/zoneinfo/Asia/Dubai", "/usr/share/zoneinfo/Asia/Dushanbe", "/usr/share/zoneinfo/Asia/Famagusta", "/usr/share/zoneinfo/Asia/Gaza", "/usr/share/zoneinfo/Asia/Hebron", "/usr/share/zoneinfo/Asia/Ho_Chi_Minh", "/usr/share/zoneinfo/Asia/Hong_Kong", "/usr/share/zoneinfo/Asia/Hovd", "/usr/share/zoneinfo/Asia/Irkutsk", "/usr/share/zoneinfo/Asia/Jakarta", "/usr/share/zoneinfo/Asia/Jayapura", "/usr/share/zoneinfo/Asia/Jerusalem", "/usr/share/zoneinfo/Asia/Kabul", "/usr/share/zoneinfo/Asia/Kamchatka", "/usr/share/zoneinfo/Asia/Karachi", "/usr/share/zoneinfo/Asia/Kathmandu", "/usr/share/zoneinfo/Asia/Khandyga", "/usr/share/zoneinfo/Asia/Kolkata", "/usr/share/zoneinfo/Asia/Krasnoyarsk", "/usr/share/zoneinfo/Asia/Kuala_Lumpur", "/usr/share/zoneinfo/Asia/Kuching", "/usr/share/zoneinfo/Asia/Kuwait", "/usr/share/zoneinfo/Asia/Macau", "/usr/share/zoneinfo/Asia/Magadan", "/usr/share/zoneinfo/Asia/Makassar", "/usr/share/zoneinfo/Asia/Manila", "/usr/share/zoneinfo/Asia/Muscat", "/usr/share/zoneinfo/Asia/Nicosia", "/usr/share/zoneinfo/Asia/Novokuznetsk", "/usr/share/zoneinfo/Asia/Novosibirsk", "/usr/share/zoneinfo/Asia/Omsk", "/usr/share/zoneinfo/Asia/Oral", "/usr/share/zoneinfo/Asia/Phnom_Penh", "/usr/share/zoneinfo/Asia/Pontianak", "/usr/share/zoneinfo/Asia/Pyongyang", "/usr/share/zoneinfo/Asia/Qatar", "/usr/share/zoneinfo/Asia/Qostanay", "/usr/share/zoneinfo/Asia/Qyzylorda", "/usr/share/zoneinfo/Asia/Riyadh", "/usr/share/zoneinfo/Asia/Sakhalin", "/usr/share/zoneinfo/Asia/Samarkand", "/usr/share/zoneinfo/Asia/Seoul", "/usr/share/zoneinfo/Asia/Shanghai", "/usr/share/zoneinfo/Asia/Singapore", "/usr/share/zoneinfo/Asia/Srednekolymsk", "/usr/share/zoneinfo/Asia/Taipei", "/usr/share/zoneinfo/Asia/Tashkent", "/usr/share/zoneinfo/Asia/Tbilisi", "/usr/share/zoneinfo/Asia/Tehran", "/usr/share/zoneinfo/Asia/Thimphu", "/usr/share/zoneinfo/Asia/Tokyo", "/usr/share/zoneinfo/Asia/Tomsk", "/usr/share/zoneinfo/Asia/Ulaanbaatar", "/usr/share/zoneinfo/Asia/Urumqi", "/usr/share/zoneinfo/Asia/Ust-Nera", "/usr/share/zoneinfo/Asia/Vientiane", "/usr/share/zoneinfo/Asia/Vladivostok", "/usr/share/zoneinfo/Asia/Yakutsk", "/usr/share/zoneinfo/Asia/Yangon", "/usr/share/zoneinfo/Asia/Yekaterinburg", "/usr/share/zoneinfo/Asia/Yerevan", "/usr/share/zoneinfo/Atlantic/Azores", "/usr/share/zoneinfo/Atlantic/Bermuda", "/usr/share/zoneinfo/Atlantic/Canary", "/usr/share/zoneinfo/Atlantic/Cape_Verde", "/usr/share/zoneinfo/Atlantic/Faroe", "/usr/share/zoneinfo/Atlantic/Madeira", "/usr/share/zoneinfo/Atlantic/Reykjavik", "/usr/share/zoneinfo/Atlantic/South_Georgia", "/usr/share/zoneinfo/Atlantic/St_Helena", "/usr/share/zoneinfo/Atlantic/Stanley", "/usr/share/zoneinfo/Australia/Adelaide", "/usr/share/zoneinfo/Australia/Brisbane", "/usr/share/zoneinfo/Australia/Broken_Hill", "/usr/share/zoneinfo/Australia/Darwin", "/usr/share/zoneinfo/Australia/Eucla", "/usr/share/zoneinfo/Australia/Hobart", "/usr/share/zoneinfo/Australia/Lindeman", "/usr/share/zoneinfo/Australia/Lord_Howe", "/usr/share/zoneinfo/Australia/Melbourne", "/usr/share/zoneinfo/Australia/Perth", "/usr/share/zoneinfo/Australia/Sydney", "/usr/share/zoneinfo/CET", "/usr/share/zoneinfo/CST6CDT", "/usr/share/zoneinfo/EET", "/usr/share/zoneinfo/EST", "/usr/share/zoneinfo/EST5EDT", "/usr/share/zoneinfo/Etc/GMT", "/usr/share/zoneinfo/Etc/GMT+1", "/usr/share/zoneinfo/Etc/GMT+10", "/usr/share/zoneinfo/Etc/GMT+11", "/usr/share/zoneinfo/Etc/GMT+12", "/usr/share/zoneinfo/Etc/GMT+2", "/usr/share/zoneinfo/Etc/GMT+3", "/usr/share/zoneinfo/Etc/GMT+4", "/usr/share/zoneinfo/Etc/GMT+5", "/usr/share/zoneinfo/Etc/GMT+6", "/usr/share/zoneinfo/Etc/GMT+7", "/usr/share/zoneinfo/Etc/GMT+8", "/usr/share/zoneinfo/Etc/GMT+9", "/usr/share/zoneinfo/Etc/GMT-1", "/usr/share/zoneinfo/Etc/GMT-10", "/usr/share/zoneinfo/Etc/GMT-11", "/usr/share/zoneinfo/Etc/GMT-12", "/usr/share/zoneinfo/Etc/GMT-13", "/usr/share/zoneinfo/Etc/GMT-14", "/usr/share/zoneinfo/Etc/GMT-2", "/usr/share/zoneinfo/Etc/GMT-3", "/usr/share/zoneinfo/Etc/GMT-4", "/usr/share/zoneinfo/Etc/GMT-5", "/usr/share/zoneinfo/Etc/GMT-6", "/usr/share/zoneinfo/Etc/GMT-7", "/usr/share/zoneinfo/Etc/GMT-8", "/usr/share/zoneinfo/Etc/GMT-9", "/usr/share/zoneinfo/Etc/UTC", "/usr/share/zoneinfo/Europe/Amsterdam", "/usr/share/zoneinfo/Europe/Andorra", "/usr/share/zoneinfo/Europe/Astrakhan", "/usr/share/zoneinfo/Europe/Athens", "/usr/share/zoneinfo/Europe/Belgrade", "/usr/share/zoneinfo/Europe/Berlin", "/usr/share/zoneinfo/Europe/Brussels", "/usr/share/zoneinfo/Europe/Bucharest", "/usr/share/zoneinfo/Europe/Budapest", "/usr/share/zoneinfo/Europe/Chisinau", "/usr/share/zoneinfo/Europe/Copenhagen", "/usr/share/zoneinfo/Europe/Dublin", "/usr/share/zoneinfo/Europe/Gibraltar", "/usr/share/zoneinfo/Europe/Guernsey", "/usr/share/zoneinfo/Europe/Helsinki", "/usr/share/zoneinfo/Europe/Isle_of_Man", "/usr/share/zoneinfo/Europe/Istanbul", "/usr/share/zoneinfo/Europe/Jersey", "/usr/share/zoneinfo/Europe/Kaliningrad", "/usr/share/zoneinfo/Europe/Kirov", "/usr/share/zoneinfo/Europe/Kyiv", "/usr/share/zoneinfo/Europe/Lisbon", "/usr/share/zoneinfo/Europe/Ljubljana", "/usr/share/zoneinfo/Europe/London", "/usr/share/zoneinfo/Europe/Luxembourg", "/usr/share/zoneinfo/Europe/Madrid", "/usr/share/zoneinfo/Europe/Malta", "/usr/share/zoneinfo/Europe/Minsk", "/usr/share/zoneinfo/Europe/Monaco", "/usr/share/zoneinfo/Europe/Moscow", "/usr/share/zoneinfo/Europe/Oslo", "/usr/share/zoneinfo/Europe/Paris", "/usr/share/zoneinfo/Europe/Prague", "/usr/share/zoneinfo/Europe/Riga", "/usr/share/zoneinfo/Europe/Rome", "/usr/share/zoneinfo/Europe/Samara", "/usr/share/zoneinfo/Europe/Sarajevo", "/usr/share/zoneinfo/Europe/Saratov", "/usr/share/zoneinfo/Europe/Simferopol", "/usr/share/zoneinfo/Europe/Skopje", "/usr/share/zoneinfo/Europe/Sofia", "/usr/share/zoneinfo/Europe/Stockholm", "/usr/share/zoneinfo/Europe/Tallinn", "/usr/share/zoneinfo/Europe/Tirane", "/usr/share/zoneinfo/Europe/Ulyanovsk", "/usr/share/zoneinfo/Europe/Vaduz", "/usr/share/zoneinfo/Europe/Vienna", "/usr/share/zoneinfo/Europe/Vilnius", "/usr/share/zoneinfo/Europe/Volgograd", "/usr/share/zoneinfo/Europe/Warsaw", "/usr/share/zoneinfo/Europe/Zagreb", "/usr/share/zoneinfo/Europe/Zurich", "/usr/share/zoneinfo/Factory", "/usr/share/zoneinfo/HST", "/usr/share/zoneinfo/Indian/Antananarivo", "/usr/share/zoneinfo/Indian/Chagos", "/usr/share/zoneinfo/Indian/Christmas", "/usr/share/zoneinfo/Indian/Cocos", "/usr/share/zoneinfo/Indian/Comoro", "/usr/share/zoneinfo/Indian/Kerguelen", "/usr/share/zoneinfo/Indian/Mahe", "/usr/share/zoneinfo/Indian/Maldives", "/usr/share/zoneinfo/Indian/Mauritius", "/usr/share/zoneinfo/Indian/Mayotte", "/usr/share/zoneinfo/Indian/Reunion", "/usr/share/zoneinfo/MET", "/usr/share/zoneinfo/MST", "/usr/share/zoneinfo/MST7MDT", "/usr/share/zoneinfo/PST8PDT", "/usr/share/zoneinfo/Pacific/Apia", "/usr/share/zoneinfo/Pacific/Auckland", "/usr/share/zoneinfo/Pacific/Bougainville", "/usr/share/zoneinfo/Pacific/Chatham", "/usr/share/zoneinfo/Pacific/Chuuk", "/usr/share/zoneinfo/Pacific/Easter", "/usr/share/zoneinfo/Pacific/Efate", "/usr/share/zoneinfo/Pacific/Fakaofo", "/usr/share/zoneinfo/Pacific/Fiji", "/usr/share/zoneinfo/Pacific/Funafuti", "/usr/share/zoneinfo/Pacific/Galapagos", "/usr/share/zoneinfo/Pacific/Gambier", "/usr/share/zoneinfo/Pacific/Guadalcanal", "/usr/share/zoneinfo/Pacific/Guam", "/usr/share/zoneinfo/Pacific/Honolulu", "/usr/share/zoneinfo/Pacific/Kanton", "/usr/share/zoneinfo/Pacific/Kiritimati", "/usr/share/zoneinfo/Pacific/Kosrae", "/usr/share/zoneinfo/Pacific/Kwajalein", "/usr/share/zoneinfo/Pacific/Majuro", "/usr/share/zoneinfo/Pacific/Marquesas", "/usr/share/zoneinfo/Pacific/Midway", "/usr/share/zoneinfo/Pacific/Nauru", "/usr/share/zoneinfo/Pacific/Niue", "/usr/share/zoneinfo/Pacific/Norfolk", "/usr/share/zoneinfo/Pacific/Noumea", "/usr/share/zoneinfo/Pacific/Pago_Pago", "/usr/share/zoneinfo/Pacific/Palau", "/usr/share/zoneinfo/Pacific/Pitcairn", "/usr/share/zoneinfo/Pacific/Pohnpei", "/usr/share/zoneinfo/Pacific/Port_Moresby", "/usr/share/zoneinfo/Pacific/Rarotonga", "/usr/share/zoneinfo/Pacific/Saipan", "/usr/share/zoneinfo/Pacific/Tahiti", "/usr/share/zoneinfo/Pacific/Tarawa", "/usr/share/zoneinfo/Pacific/Tongatapu", "/usr/share/zoneinfo/Pacific/Wake", "/usr/share/zoneinfo/Pacific/Wallis", "/usr/share/zoneinfo/WET", "/usr/share/zoneinfo/iso3166.tab", "/usr/share/zoneinfo/leap-seconds.list", "/usr/share/zoneinfo/leapseconds", "/usr/share/zoneinfo/right/Africa/Abidjan", "/usr/share/zoneinfo/right/Africa/Accra", "/usr/share/zoneinfo/right/Africa/Addis_Ababa", "/usr/share/zoneinfo/right/Africa/Algiers", "/usr/share/zoneinfo/right/Africa/Asmara", "/usr/share/zoneinfo/right/Africa/Bamako", "/usr/share/zoneinfo/right/Africa/Bangui", "/usr/share/zoneinfo/right/Africa/Banjul", "/usr/share/zoneinfo/right/Africa/Bissau", "/usr/share/zoneinfo/right/Africa/Blantyre", "/usr/share/zoneinfo/right/Africa/Brazzaville", "/usr/share/zoneinfo/right/Africa/Bujumbura", "/usr/share/zoneinfo/right/Africa/Cairo", "/usr/share/zoneinfo/right/Africa/Casablanca", "/usr/share/zoneinfo/right/Africa/Ceuta", "/usr/share/zoneinfo/right/Africa/Conakry", "/usr/share/zoneinfo/right/Africa/Dakar", "/usr/share/zoneinfo/right/Africa/Dar_es_Salaam", "/usr/share/zoneinfo/right/Africa/Djibouti", "/usr/share/zoneinfo/right/Africa/Douala", "/usr/share/zoneinfo/right/Africa/El_Aaiun", "/usr/share/zoneinfo/right/Africa/Freetown", "/usr/share/zoneinfo/right/Africa/Gaborone", "/usr/share/zoneinfo/right/Africa/Harare", "/usr/share/zoneinfo/right/Africa/Johannesburg", "/usr/share/zoneinfo/right/Africa/Juba", "/usr/share/zoneinfo/right/Africa/Kampala", "/usr/share/zoneinfo/right/Africa/Khartoum", "/usr/share/zoneinfo/right/Africa/Kigali", "/usr/share/zoneinfo/right/Africa/Kinshasa", "/usr/share/zoneinfo/right/Africa/Lagos", "/usr/share/zoneinfo/right/Africa/Libreville", "/usr/share/zoneinfo/right/Africa/Lome", "/usr/share/zoneinfo/right/Africa/Luanda", "/usr/share/zoneinfo/right/Africa/Lubumbashi", "/usr/share/zoneinfo/right/Africa/Lusaka", "/usr/share/zoneinfo/right/Africa/Malabo", "/usr/share/zoneinfo/right/Africa/Maputo", "/usr/share/zoneinfo/right/Africa/Maseru", "/usr/share/zoneinfo/right/Africa/Mbabane", "/usr/share/zoneinfo/right/Africa/Mogadishu", "/usr/share/zoneinfo/right/Africa/Monrovia", "/usr/share/zoneinfo/right/Africa/Nairobi", "/usr/share/zoneinfo/right/Africa/Ndjamena", "/usr/share/zoneinfo/right/Africa/Niamey", "/usr/share/zoneinfo/right/Africa/Nouakchott", "/usr/share/zoneinfo/right/Africa/Ouagadougou", "/usr/share/zoneinfo/right/Africa/Porto-Novo", "/usr/share/zoneinfo/right/Africa/Sao_Tome", "/usr/share/zoneinfo/right/Africa/Tripoli", "/usr/share/zoneinfo/right/Africa/Tunis", "/usr/share/zoneinfo/right/Africa/Windhoek", "/usr/share/zoneinfo/right/America/Adak", "/usr/share/zoneinfo/right/America/Anchorage", "/usr/share/zoneinfo/right/America/Anguilla", "/usr/share/zoneinfo/right/America/Antigua", "/usr/share/zoneinfo/right/America/Araguaina", "/usr/share/zoneinfo/right/America/Argentina/Buenos_Aires", "/usr/share/zoneinfo/right/America/Argentina/Catamarca", "/usr/share/zoneinfo/right/America/Argentina/Cordoba", "/usr/share/zoneinfo/right/America/Argentina/Jujuy", "/usr/share/zoneinfo/right/America/Argentina/La_Rioja", "/usr/share/zoneinfo/right/America/Argentina/Mendoza", "/usr/share/zoneinfo/right/America/Argentina/Rio_Gallegos", "/usr/share/zoneinfo/right/America/Argentina/Salta", "/usr/share/zoneinfo/right/America/Argentina/San_Juan", "/usr/share/zoneinfo/right/America/Argentina/San_Luis", "/usr/share/zoneinfo/right/America/Argentina/Tucuman", "/usr/share/zoneinfo/right/America/Argentina/Ushuaia", "/usr/share/zoneinfo/right/America/Aruba", "/usr/share/zoneinfo/right/America/Asuncion", "/usr/share/zoneinfo/right/America/Atikokan", "/usr/share/zoneinfo/right/America/Bahia", "/usr/share/zoneinfo/right/America/Bahia_Banderas", "/usr/share/zoneinfo/right/America/Barbados", "/usr/share/zoneinfo/right/America/Belem", "/usr/share/zoneinfo/right/America/Belize", "/usr/share/zoneinfo/right/America/Blanc-Sablon", "/usr/share/zoneinfo/right/America/Boa_Vista", "/usr/share/zoneinfo/right/America/Bogota", "/usr/share/zoneinfo/right/America/Boise", "/usr/share/zoneinfo/right/America/Cambridge_Bay", "/usr/share/zoneinfo/right/America/Campo_Grande", "/usr/share/zoneinfo/right/America/Cancun", "/usr/share/zoneinfo/right/America/Caracas", "/usr/share/zoneinfo/right/America/Cayenne", "/usr/share/zoneinfo/right/America/Cayman", "/usr/share/zoneinfo/right/America/Chicago", "/usr/share/zoneinfo/right/America/Chihuahua", "/usr/share/zoneinfo/right/America/Ciudad_Juarez", "/usr/share/zoneinfo/right/America/Costa_Rica", "/usr/share/zoneinfo/right/America/Creston", "/usr/share/zoneinfo/right/America/Cuiaba", "/usr/share/zoneinfo/right/America/Curacao", "/usr/share/zoneinfo/right/America/Danmarkshavn", "/usr/share/zoneinfo/right/America/Dawson", "/usr/share/zoneinfo/right/America/Dawson_Creek", "/usr/share/zoneinfo/right/America/Denver", "/usr/share/zoneinfo/right/America/Detroit", "/usr/share/zoneinfo/right/America/Dominica", "/usr/share/zoneinfo/right/America/Edmonton", "/usr/share/zoneinfo/right/America/Eirunepe", "/usr/share/zoneinfo/right/America/El_Salvador", "/usr/share/zoneinfo/right/America/Fort_Nelson", "/usr/share/zoneinfo/right/America/Fortaleza", "/usr/share/zoneinfo/right/America/Glace_Bay", "/usr/share/zoneinfo/right/America/Goose_Bay", "/usr/share/zoneinfo/right/America/Grand_Turk", "/usr/share/zoneinfo/right/America/Grenada", "/usr/share/zoneinfo/right/America/Guadeloupe", "/usr/share/zoneinfo/right/America/Guatemala", "/usr/share/zoneinfo/right/America/Guayaquil", "/usr/share/zoneinfo/right/America/Guyana", "/usr/share/zoneinfo/right/America/Halifax", "/usr/share/zoneinfo/right/America/Havana", "/usr/share/zoneinfo/right/America/Hermosillo", "/usr/share/zoneinfo/right/America/Indiana/Indianapolis", "/usr/share/zoneinfo/right/America/Indiana/Knox", "/usr/share/zoneinfo/right/America/Indiana/Marengo", "/usr/share/zoneinfo/right/America/Indiana/Petersburg", "/usr/share/zoneinfo/right/America/Indiana/Tell_City", "/usr/share/zoneinfo/right/America/Indiana/Vevay", "/usr/share/zoneinfo/right/America/Indiana/Vincennes", "/usr/share/zoneinfo/right/America/Indiana/Winamac", "/usr/share/zoneinfo/right/America/Inuvik", "/usr/share/zoneinfo/right/America/Iqaluit", "/usr/share/zoneinfo/right/America/Jamaica", "/usr/share/zoneinfo/right/America/Juneau", "/usr/share/zoneinfo/right/America/Kentucky/Louisville", "/usr/share/zoneinfo/right/America/Kentucky/Monticello", "/usr/share/zoneinfo/right/America/La_Paz", "/usr/share/zoneinfo/right/America/Lima", "/usr/share/zoneinfo/right/America/Los_Angeles", "/usr/share/zoneinfo/right/America/Maceio", "/usr/share/zoneinfo/right/America/Managua", "/usr/share/zoneinfo/right/America/Manaus", "/usr/share/zoneinfo/right/America/Martinique", "/usr/share/zoneinfo/right/America/Matamoros", "/usr/share/zoneinfo/right/America/Mazatlan", "/usr/share/zoneinfo/right/America/Menominee", "/usr/share/zoneinfo/right/America/Merida", "/usr/share/zoneinfo/right/America/Metlakatla", "/usr/share/zoneinfo/right/America/Mexico_City", "/usr/share/zoneinfo/right/America/Miquelon", "/usr/share/zoneinfo/right/America/Moncton", "/usr/share/zoneinfo/right/America/Monterrey", "/usr/share/zoneinfo/right/America/Montevideo", "/usr/share/zoneinfo/right/America/Montserrat", "/usr/share/zoneinfo/right/America/Nassau", "/usr/share/zoneinfo/right/America/New_York", "/usr/share/zoneinfo/right/America/Nome", "/usr/share/zoneinfo/right/America/Noronha", "/usr/share/zoneinfo/right/America/North_Dakota/Beulah", "/usr/share/zoneinfo/right/America/North_Dakota/Center", "/usr/share/zoneinfo/right/America/North_Dakota/New_Salem", "/usr/share/zoneinfo/right/America/Nuuk", "/usr/share/zoneinfo/right/America/Ojinaga", "/usr/share/zoneinfo/right/America/Panama", "/usr/share/zoneinfo/right/America/Paramaribo", "/usr/share/zoneinfo/right/America/Phoenix", "/usr/share/zoneinfo/right/America/Port-au-Prince", "/usr/share/zoneinfo/right/America/Port_of_Spain", "/usr/share/zoneinfo/right/America/Porto_Velho", "/usr/share/zoneinfo/right/America/Puerto_Rico", "/usr/share/zoneinfo/right/America/Punta_Arenas", "/usr/share/zoneinfo/right/America/Rankin_Inlet", "/usr/share/zoneinfo/right/America/Recife", "/usr/share/zoneinfo/right/America/Regina", "/usr/share/zoneinfo/right/America/Resolute", "/usr/share/zoneinfo/right/America/Rio_Branco", "/usr/share/zoneinfo/right/America/Santarem", "/usr/share/zoneinfo/right/America/Santiago", "/usr/share/zoneinfo/right/America/Santo_Domingo", "/usr/share/zoneinfo/right/America/Sao_Paulo", "/usr/share/zoneinfo/right/America/Scoresbysund", "/usr/share/zoneinfo/right/America/Sitka", "/usr/share/zoneinfo/right/America/St_Johns", "/usr/share/zoneinfo/right/America/St_Kitts", "/usr/share/zoneinfo/right/America/St_Lucia", "/usr/share/zoneinfo/right/America/St_Thomas", "/usr/share/zoneinfo/right/America/St_Vincent", "/usr/share/zoneinfo/right/America/Swift_Current", "/usr/share/zoneinfo/right/America/Tegucigalpa", "/usr/share/zoneinfo/right/America/Thule", "/usr/share/zoneinfo/right/America/Tijuana", "/usr/share/zoneinfo/right/America/Toronto", "/usr/share/zoneinfo/right/America/Tortola", "/usr/share/zoneinfo/right/America/Vancouver", "/usr/share/zoneinfo/right/America/Whitehorse", "/usr/share/zoneinfo/right/America/Winnipeg", "/usr/share/zoneinfo/right/America/Yakutat", "/usr/share/zoneinfo/right/Antarctica/Casey", "/usr/share/zoneinfo/right/Antarctica/Davis", "/usr/share/zoneinfo/right/Antarctica/DumontDUrville", "/usr/share/zoneinfo/right/Antarctica/Macquarie", "/usr/share/zoneinfo/right/Antarctica/Mawson", "/usr/share/zoneinfo/right/Antarctica/McMurdo", "/usr/share/zoneinfo/right/Antarctica/Palmer", "/usr/share/zoneinfo/right/Antarctica/Rothera", "/usr/share/zoneinfo/right/Antarctica/Syowa", "/usr/share/zoneinfo/right/Antarctica/Troll", "/usr/share/zoneinfo/right/Antarctica/Vostok", "/usr/share/zoneinfo/right/Asia/Aden", "/usr/share/zoneinfo/right/Asia/Almaty", "/usr/share/zoneinfo/right/Asia/Amman", "/usr/share/zoneinfo/right/Asia/Anadyr", "/usr/share/zoneinfo/right/Asia/Aqtau", "/usr/share/zoneinfo/right/Asia/Aqtobe", "/usr/share/zoneinfo/right/Asia/Ashgabat", "/usr/share/zoneinfo/right/Asia/Atyrau", "/usr/share/zoneinfo/right/Asia/Baghdad", "/usr/share/zoneinfo/right/Asia/Bahrain", "/usr/share/zoneinfo/right/Asia/Baku", "/usr/share/zoneinfo/right/Asia/Bangkok", "/usr/share/zoneinfo/right/Asia/Barnaul", "/usr/share/zoneinfo/right/Asia/Beirut", "/usr/share/zoneinfo/right/Asia/Bishkek", "/usr/share/zoneinfo/right/Asia/Brunei", "/usr/share/zoneinfo/right/Asia/Chita", "/usr/share/zoneinfo/right/Asia/Choibalsan", "/usr/share/zoneinfo/right/Asia/Colombo", "/usr/share/zoneinfo/right/Asia/Damascus", "/usr/share/zoneinfo/right/Asia/Dhaka", "/usr/share/zoneinfo/right/Asia/Dili", "/usr/share/zoneinfo/right/Asia/Dubai", "/usr/share/zoneinfo/right/Asia/Dushanbe", "/usr/share/zoneinfo/right/Asia/Famagusta", "/usr/share/zoneinfo/right/Asia/Gaza", "/usr/share/zoneinfo/right/Asia/Hebron", "/usr/share/zoneinfo/right/Asia/Ho_Chi_Minh", "/usr/share/zoneinfo/right/Asia/Hong_Kong", "/usr/share/zoneinfo/right/Asia/Hovd", "/usr/share/zoneinfo/right/Asia/Irkutsk", "/usr/share/zoneinfo/right/Asia/Jakarta", "/usr/share/zoneinfo/right/Asia/Jayapura", "/usr/share/zoneinfo/right/Asia/Jerusalem", "/usr/share/zoneinfo/right/Asia/Kabul", "/usr/share/zoneinfo/right/Asia/Kamchatka", "/usr/share/zoneinfo/right/Asia/Karachi", "/usr/share/zoneinfo/right/Asia/Kathmandu", "/usr/share/zoneinfo/right/Asia/Khandyga", "/usr/share/zoneinfo/right/Asia/Kolkata", "/usr/share/zoneinfo/right/Asia/Krasnoyarsk", "/usr/share/zoneinfo/right/Asia/Kuala_Lumpur", "/usr/share/zoneinfo/right/Asia/Kuching", "/usr/share/zoneinfo/right/Asia/Kuwait", "/usr/share/zoneinfo/right/Asia/Macau", "/usr/share/zoneinfo/right/Asia/Magadan", "/usr/share/zoneinfo/right/Asia/Makassar", "/usr/share/zoneinfo/right/Asia/Manila", "/usr/share/zoneinfo/right/Asia/Muscat", "/usr/share/zoneinfo/right/Asia/Nicosia", "/usr/share/zoneinfo/right/Asia/Novokuznetsk", "/usr/share/zoneinfo/right/Asia/Novosibirsk", "/usr/share/zoneinfo/right/Asia/Omsk", "/usr/share/zoneinfo/right/Asia/Oral", "/usr/share/zoneinfo/right/Asia/Phnom_Penh", "/usr/share/zoneinfo/right/Asia/Pontianak", "/usr/share/zoneinfo/right/Asia/Pyongyang", "/usr/share/zoneinfo/right/Asia/Qatar", "/usr/share/zoneinfo/right/Asia/Qostanay", "/usr/share/zoneinfo/right/Asia/Qyzylorda", "/usr/share/zoneinfo/right/Asia/Riyadh", "/usr/share/zoneinfo/right/Asia/Sakhalin", "/usr/share/zoneinfo/right/Asia/Samarkand", "/usr/share/zoneinfo/right/Asia/Seoul", "/usr/share/zoneinfo/right/Asia/Shanghai", "/usr/share/zoneinfo/right/Asia/Singapore", "/usr/share/zoneinfo/right/Asia/Srednekolymsk", "/usr/share/zoneinfo/right/Asia/Taipei", "/usr/share/zoneinfo/right/Asia/Tashkent", "/usr/share/zoneinfo/right/Asia/Tbilisi", "/usr/share/zoneinfo/right/Asia/Tehran", "/usr/share/zoneinfo/right/Asia/Thimphu", "/usr/share/zoneinfo/right/Asia/Tokyo", "/usr/share/zoneinfo/right/Asia/Tomsk", "/usr/share/zoneinfo/right/Asia/Ulaanbaatar", "/usr/share/zoneinfo/right/Asia/Urumqi", "/usr/share/zoneinfo/right/Asia/Ust-Nera", "/usr/share/zoneinfo/right/Asia/Vientiane", "/usr/share/zoneinfo/right/Asia/Vladivostok", "/usr/share/zoneinfo/right/Asia/Yakutsk", "/usr/share/zoneinfo/right/Asia/Yangon", "/usr/share/zoneinfo/right/Asia/Yekaterinburg", "/usr/share/zoneinfo/right/Asia/Yerevan", "/usr/share/zoneinfo/right/Atlantic/Azores", "/usr/share/zoneinfo/right/Atlantic/Bermuda", "/usr/share/zoneinfo/right/Atlantic/Canary", "/usr/share/zoneinfo/right/Atlantic/Cape_Verde", "/usr/share/zoneinfo/right/Atlantic/Faroe", "/usr/share/zoneinfo/right/Atlantic/Madeira", "/usr/share/zoneinfo/right/Atlantic/Reykjavik", "/usr/share/zoneinfo/right/Atlantic/South_Georgia", "/usr/share/zoneinfo/right/Atlantic/St_Helena", "/usr/share/zoneinfo/right/Atlantic/Stanley", "/usr/share/zoneinfo/right/Australia/Adelaide", "/usr/share/zoneinfo/right/Australia/Brisbane", "/usr/share/zoneinfo/right/Australia/Broken_Hill", "/usr/share/zoneinfo/right/Australia/Darwin", "/usr/share/zoneinfo/right/Australia/Eucla", "/usr/share/zoneinfo/right/Australia/Hobart", "/usr/share/zoneinfo/right/Australia/Lindeman", "/usr/share/zoneinfo/right/Australia/Lord_Howe", "/usr/share/zoneinfo/right/Australia/Melbourne", "/usr/share/zoneinfo/right/Australia/Perth", "/usr/share/zoneinfo/right/Australia/Sydney", "/usr/share/zoneinfo/right/CET", "/usr/share/zoneinfo/right/CST6CDT", "/usr/share/zoneinfo/right/EET", "/usr/share/zoneinfo/right/EST", "/usr/share/zoneinfo/right/EST5EDT", "/usr/share/zoneinfo/right/Etc/GMT", "/usr/share/zoneinfo/right/Etc/GMT+1", "/usr/share/zoneinfo/right/Etc/GMT+10", "/usr/share/zoneinfo/right/Etc/GMT+11", "/usr/share/zoneinfo/right/Etc/GMT+12", "/usr/share/zoneinfo/right/Etc/GMT+2", "/usr/share/zoneinfo/right/Etc/GMT+3", "/usr/share/zoneinfo/right/Etc/GMT+4", "/usr/share/zoneinfo/right/Etc/GMT+5", "/usr/share/zoneinfo/right/Etc/GMT+6", "/usr/share/zoneinfo/right/Etc/GMT+7", "/usr/share/zoneinfo/right/Etc/GMT+8", "/usr/share/zoneinfo/right/Etc/GMT+9", "/usr/share/zoneinfo/right/Etc/GMT-1", "/usr/share/zoneinfo/right/Etc/GMT-10", "/usr/share/zoneinfo/right/Etc/GMT-11", "/usr/share/zoneinfo/right/Etc/GMT-12", "/usr/share/zoneinfo/right/Etc/GMT-13", "/usr/share/zoneinfo/right/Etc/GMT-14", "/usr/share/zoneinfo/right/Etc/GMT-2", "/usr/share/zoneinfo/right/Etc/GMT-3", "/usr/share/zoneinfo/right/Etc/GMT-4", "/usr/share/zoneinfo/right/Etc/GMT-5", "/usr/share/zoneinfo/right/Etc/GMT-6", "/usr/share/zoneinfo/right/Etc/GMT-7", "/usr/share/zoneinfo/right/Etc/GMT-8", "/usr/share/zoneinfo/right/Etc/GMT-9", "/usr/share/zoneinfo/right/Etc/UTC", "/usr/share/zoneinfo/right/Europe/Amsterdam", "/usr/share/zoneinfo/right/Europe/Andorra", "/usr/share/zoneinfo/right/Europe/Astrakhan", "/usr/share/zoneinfo/right/Europe/Athens", "/usr/share/zoneinfo/right/Europe/Belgrade", "/usr/share/zoneinfo/right/Europe/Berlin", "/usr/share/zoneinfo/right/Europe/Brussels", "/usr/share/zoneinfo/right/Europe/Bucharest", "/usr/share/zoneinfo/right/Europe/Budapest", "/usr/share/zoneinfo/right/Europe/Chisinau", "/usr/share/zoneinfo/right/Europe/Copenhagen", "/usr/share/zoneinfo/right/Europe/Dublin", "/usr/share/zoneinfo/right/Europe/Gibraltar", "/usr/share/zoneinfo/right/Europe/Guernsey", "/usr/share/zoneinfo/right/Europe/Helsinki", "/usr/share/zoneinfo/right/Europe/Isle_of_Man", "/usr/share/zoneinfo/right/Europe/Istanbul", "/usr/share/zoneinfo/right/Europe/Jersey", "/usr/share/zoneinfo/right/Europe/Kaliningrad", "/usr/share/zoneinfo/right/Europe/Kirov", "/usr/share/zoneinfo/right/Europe/Kyiv", "/usr/share/zoneinfo/right/Europe/Lisbon", "/usr/share/zoneinfo/right/Europe/Ljubljana", "/usr/share/zoneinfo/right/Europe/London", "/usr/share/zoneinfo/right/Europe/Luxembourg", "/usr/share/zoneinfo/right/Europe/Madrid", "/usr/share/zoneinfo/right/Europe/Malta", "/usr/share/zoneinfo/right/Europe/Minsk", "/usr/share/zoneinfo/right/Europe/Monaco", "/usr/share/zoneinfo/right/Europe/Moscow", "/usr/share/zoneinfo/right/Europe/Oslo", "/usr/share/zoneinfo/right/Europe/Paris", "/usr/share/zoneinfo/right/Europe/Prague", "/usr/share/zoneinfo/right/Europe/Riga", "/usr/share/zoneinfo/right/Europe/Rome", "/usr/share/zoneinfo/right/Europe/Samara", "/usr/share/zoneinfo/right/Europe/Sarajevo", "/usr/share/zoneinfo/right/Europe/Saratov", "/usr/share/zoneinfo/right/Europe/Simferopol", "/usr/share/zoneinfo/right/Europe/Skopje", "/usr/share/zoneinfo/right/Europe/Sofia", "/usr/share/zoneinfo/right/Europe/Stockholm", "/usr/share/zoneinfo/right/Europe/Tallinn", "/usr/share/zoneinfo/right/Europe/Tirane", "/usr/share/zoneinfo/right/Europe/Ulyanovsk", "/usr/share/zoneinfo/right/Europe/Vaduz", "/usr/share/zoneinfo/right/Europe/Vienna", "/usr/share/zoneinfo/right/Europe/Vilnius", "/usr/share/zoneinfo/right/Europe/Volgograd", "/usr/share/zoneinfo/right/Europe/Warsaw", "/usr/share/zoneinfo/right/Europe/Zagreb", "/usr/share/zoneinfo/right/Europe/Zurich", "/usr/share/zoneinfo/right/Factory", "/usr/share/zoneinfo/right/HST", "/usr/share/zoneinfo/right/Indian/Antananarivo", "/usr/share/zoneinfo/right/Indian/Chagos", "/usr/share/zoneinfo/right/Indian/Christmas", "/usr/share/zoneinfo/right/Indian/Cocos", "/usr/share/zoneinfo/right/Indian/Comoro", "/usr/share/zoneinfo/right/Indian/Kerguelen", "/usr/share/zoneinfo/right/Indian/Mahe", "/usr/share/zoneinfo/right/Indian/Maldives", "/usr/share/zoneinfo/right/Indian/Mauritius", "/usr/share/zoneinfo/right/Indian/Mayotte", "/usr/share/zoneinfo/right/Indian/Reunion", "/usr/share/zoneinfo/right/MET", "/usr/share/zoneinfo/right/MST", "/usr/share/zoneinfo/right/MST7MDT", "/usr/share/zoneinfo/right/PST8PDT", "/usr/share/zoneinfo/right/Pacific/Apia", "/usr/share/zoneinfo/right/Pacific/Auckland", "/usr/share/zoneinfo/right/Pacific/Bougainville", "/usr/share/zoneinfo/right/Pacific/Chatham", "/usr/share/zoneinfo/right/Pacific/Chuuk", "/usr/share/zoneinfo/right/Pacific/Easter", "/usr/share/zoneinfo/right/Pacific/Efate", "/usr/share/zoneinfo/right/Pacific/Fakaofo", "/usr/share/zoneinfo/right/Pacific/Fiji", "/usr/share/zoneinfo/right/Pacific/Funafuti", "/usr/share/zoneinfo/right/Pacific/Galapagos", "/usr/share/zoneinfo/right/Pacific/Gambier", "/usr/share/zoneinfo/right/Pacific/Guadalcanal", "/usr/share/zoneinfo/right/Pacific/Guam", "/usr/share/zoneinfo/right/Pacific/Honolulu", "/usr/share/zoneinfo/right/Pacific/Kanton", "/usr/share/zoneinfo/right/Pacific/Kiritimati", "/usr/share/zoneinfo/right/Pacific/Kosrae", "/usr/share/zoneinfo/right/Pacific/Kwajalein", "/usr/share/zoneinfo/right/Pacific/Majuro", "/usr/share/zoneinfo/right/Pacific/Marquesas", "/usr/share/zoneinfo/right/Pacific/Midway", "/usr/share/zoneinfo/right/Pacific/Nauru", "/usr/share/zoneinfo/right/Pacific/Niue", "/usr/share/zoneinfo/right/Pacific/Norfolk", "/usr/share/zoneinfo/right/Pacific/Noumea", "/usr/share/zoneinfo/right/Pacific/Pago_Pago", "/usr/share/zoneinfo/right/Pacific/Palau", "/usr/share/zoneinfo/right/Pacific/Pitcairn", "/usr/share/zoneinfo/right/Pacific/Pohnpei", "/usr/share/zoneinfo/right/Pacific/Port_Moresby", "/usr/share/zoneinfo/right/Pacific/Rarotonga", "/usr/share/zoneinfo/right/Pacific/Saipan", "/usr/share/zoneinfo/right/Pacific/Tahiti", "/usr/share/zoneinfo/right/Pacific/Tarawa", "/usr/share/zoneinfo/right/Pacific/Tongatapu", "/usr/share/zoneinfo/right/Pacific/Wake", "/usr/share/zoneinfo/right/Pacific/Wallis", "/usr/share/zoneinfo/right/WET", "/usr/share/zoneinfo/tzdata.zi", "/usr/share/zoneinfo/zone.tab", "/usr/share/zoneinfo/zone1970.tab" ], "AnalyzedBy": "dpkg" } ] }, { "Target": "app/cmd/webhook/webhook", "Class": "lang-pkgs", "Type": "gobinary", "Packages": [ { "ID": "stdlib@v1.21.9", "Name": "stdlib", "Identifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "d50878e2b1eec03c" }, "Version": "v1.21.9", "Relationship": "direct", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "../../", "Name": "../../", "Identifier": { "UID": "cbe3469b8d13950c" }, "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Azure/go-ntlmssp@v0.0.0-20221128193559-754e69321358", "Name": "github.com/Azure/go-ntlmssp", "Identifier": { "PURL": "pkg:golang/github.com/azure/go-ntlmssp@v0.0.0-20221128193559-754e69321358", "UID": "46b12919e66d1f4d" }, "Version": "v0.0.0-20221128193559-754e69321358", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/antlr/antlr4/runtime/Go/antlr/v4@v4.0.0-20230305170008-8188dc5388df", "Name": "github.com/antlr/antlr4/runtime/Go/antlr/v4", "Identifier": { "PURL": "pkg:golang/github.com/antlr/antlr4/runtime/go/antlr/v4@v4.0.0-20230305170008-8188dc5388df", "UID": "af913f55ec9c765d" }, "Version": "v4.0.0-20230305170008-8188dc5388df", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/beorn7/perks@v1.0.1", "Name": "github.com/beorn7/perks", "Identifier": { "PURL": "pkg:golang/github.com/beorn7/perks@v1.0.1", "UID": "e075a1434fd048d5" }, "Version": "v1.0.1", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/blang/semver/v4@v4.0.0", "Name": "github.com/blang/semver/v4", "Identifier": { "PURL": "pkg:golang/github.com/blang/semver/v4@v4.0.0", "UID": "d453ee4309150d24" }, "Version": "v4.0.0", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cenkalti/backoff/v4@v4.2.1", "Name": "github.com/cenkalti/backoff/v4", "Identifier": { "PURL": "pkg:golang/github.com/cenkalti/backoff/v4@v4.2.1", "UID": "87e9b53fe3899563" }, "Version": "v4.2.1", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cert-manager/cert-manager/webhook-binary", "Name": "github.com/cert-manager/cert-manager/webhook-binary", "Identifier": { "PURL": "pkg:golang/github.com/cert-manager/cert-manager/webhook-binary", "UID": "34ec461880221930" }, "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cespare/xxhash/v2@v2.2.0", "Name": "github.com/cespare/xxhash/v2", "Identifier": { "PURL": "pkg:golang/github.com/cespare/xxhash/v2@v2.2.0", "UID": "5d2fdbbb64ef2e87" }, "Version": "v2.2.0", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", "Name": "github.com/davecgh/go-spew", "Identifier": { "PURL": "pkg:golang/github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", "UID": "9b8587fb00d72c21" }, "Version": "v1.1.2-0.20180830191138-d8f796af33cc", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/emicklei/go-restful/v3@v3.11.0", "Name": "github.com/emicklei/go-restful/v3", "Identifier": { "PURL": "pkg:golang/github.com/emicklei/go-restful/v3@v3.11.0", "UID": "38940df4aa2eeb21" }, "Version": "v3.11.0", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/felixge/httpsnoop@v1.0.4", "Name": "github.com/felixge/httpsnoop", "Identifier": { "PURL": "pkg:golang/github.com/felixge/httpsnoop@v1.0.4", "UID": "59a5279d3fc93906" }, "Version": "v1.0.4", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-asn1-ber/asn1-ber@v1.5.5", "Name": "github.com/go-asn1-ber/asn1-ber", "Identifier": { "PURL": "pkg:golang/github.com/go-asn1-ber/asn1-ber@v1.5.5", "UID": "1c66d29be6521841" }, "Version": "v1.5.5", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-ldap/ldap/v3@v3.4.6", "Name": "github.com/go-ldap/ldap/v3", "Identifier": { "PURL": "pkg:golang/github.com/go-ldap/ldap/v3@v3.4.6", "UID": "1a67ca00ee03fe70" }, "Version": "v3.4.6", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-logr/logr@v1.4.1", "Name": "github.com/go-logr/logr", "Identifier": { "PURL": "pkg:golang/github.com/go-logr/logr@v1.4.1", "UID": "4ac79209f3d263ec" }, "Version": "v1.4.1", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-logr/stdr@v1.2.2", "Name": "github.com/go-logr/stdr", "Identifier": { "PURL": "pkg:golang/github.com/go-logr/stdr@v1.2.2", "UID": "126226392ad6531" }, "Version": "v1.2.2", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-logr/zapr@v1.3.0", "Name": "github.com/go-logr/zapr", "Identifier": { "PURL": "pkg:golang/github.com/go-logr/zapr@v1.3.0", "UID": "acd76a6ad561d639" }, "Version": "v1.3.0", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/jsonpointer@v0.20.2", "Name": "github.com/go-openapi/jsonpointer", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/jsonpointer@v0.20.2", "UID": "7cacce3cfde00e9b" }, "Version": "v0.20.2", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/jsonreference@v0.20.4", "Name": "github.com/go-openapi/jsonreference", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/jsonreference@v0.20.4", "UID": "da8bfa8913c967a2" }, "Version": "v0.20.4", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag@v0.22.7", "Name": "github.com/go-openapi/swag", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag@v0.22.7", "UID": "9f572ca2ff715721" }, "Version": "v0.22.7", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/gogo/protobuf@v1.3.2", "Name": "github.com/gogo/protobuf", "Identifier": { "PURL": "pkg:golang/github.com/gogo/protobuf@v1.3.2", "UID": "6817c71c31ffd2f9" }, "Version": "v1.3.2", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/golang/protobuf@v1.5.3", "Name": "github.com/golang/protobuf", "Identifier": { "PURL": "pkg:golang/github.com/golang/protobuf@v1.5.3", "UID": "4313385f167c2037" }, "Version": "v1.5.3", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/cel-go@v0.17.7", "Name": "github.com/google/cel-go", "Identifier": { "PURL": "pkg:golang/github.com/google/cel-go@v0.17.7", "UID": "54e5b84bcee66f3d" }, "Version": "v0.17.7", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/gnostic-models@v0.6.8", "Name": "github.com/google/gnostic-models", "Identifier": { "PURL": "pkg:golang/github.com/google/gnostic-models@v0.6.8", "UID": "c0f959de30597f77" }, "Version": "v0.6.8", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/go-cmp@v0.6.0", "Name": "github.com/google/go-cmp", "Identifier": { "PURL": "pkg:golang/github.com/google/go-cmp@v0.6.0", "UID": "1d7e283f0e50ce1d" }, "Version": "v0.6.0", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/gofuzz@v1.2.0", "Name": "github.com/google/gofuzz", "Identifier": { "PURL": "pkg:golang/github.com/google/gofuzz@v1.2.0", "UID": "af98cccff2bc45fe" }, "Version": "v1.2.0", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/uuid@v1.5.0", "Name": "github.com/google/uuid", "Identifier": { "PURL": "pkg:golang/github.com/google/uuid@v1.5.0", "UID": "3183f6914f8fe2a0" }, "Version": "v1.5.0", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/grpc-ecosystem/grpc-gateway/v2@v2.18.1", "Name": "github.com/grpc-ecosystem/grpc-gateway/v2", "Identifier": { "PURL": "pkg:golang/github.com/grpc-ecosystem/grpc-gateway/v2@v2.18.1", "UID": "d7a59ccbfd2dab28" }, "Version": "v2.18.1", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/imdario/mergo@v0.3.16", "Name": "github.com/imdario/mergo", "Identifier": { "PURL": "pkg:golang/github.com/imdario/mergo@v0.3.16", "UID": "77b9a7070a5db731" }, "Version": "v0.3.16", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/josharian/intern@v1.0.0", "Name": "github.com/josharian/intern", "Identifier": { "PURL": "pkg:golang/github.com/josharian/intern@v1.0.0", "UID": "5383d64de6d747c9" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/json-iterator/go@v1.1.12", "Name": "github.com/json-iterator/go", "Identifier": { "PURL": "pkg:golang/github.com/json-iterator/go@v1.1.12", "UID": "87a1fa3a1585f6dd" }, "Version": "v1.1.12", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mailru/easyjson@v0.7.7", "Name": "github.com/mailru/easyjson", "Identifier": { "PURL": "pkg:golang/github.com/mailru/easyjson@v0.7.7", "UID": "94aa2688c0b368f1" }, "Version": "v0.7.7", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/matttproud/golang_protobuf_extensions/v2@v2.0.0", "Name": "github.com/matttproud/golang_protobuf_extensions/v2", "Identifier": { "PURL": "pkg:golang/github.com/matttproud/golang_protobuf_extensions/v2@v2.0.0", "UID": "92283e11717c5295" }, "Version": "v2.0.0", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", "Name": "github.com/modern-go/concurrent", "Identifier": { "PURL": "pkg:golang/github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", "UID": "ea697799b0e0acff" }, "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/modern-go/reflect2@v1.0.2", "Name": "github.com/modern-go/reflect2", "Identifier": { "PURL": "pkg:golang/github.com/modern-go/reflect2@v1.0.2", "UID": "85bb678da1fda75f" }, "Version": "v1.0.2", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", "Name": "github.com/munnerz/goautoneg", "Identifier": { "PURL": "pkg:golang/github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", "UID": "494ed8356a524811" }, "Version": "v0.0.0-20191010083416-a7dc8b61c822", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/client_golang@v1.18.0", "Name": "github.com/prometheus/client_golang", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/client_golang@v1.18.0", "UID": "8ac3037b9227f34" }, "Version": "v1.18.0", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/client_model@v0.5.0", "Name": "github.com/prometheus/client_model", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/client_model@v0.5.0", "UID": "87452009911882ea" }, "Version": "v0.5.0", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/common@v0.45.0", "Name": "github.com/prometheus/common", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/common@v0.45.0", "UID": "703f757fa17ca548" }, "Version": "v0.45.0", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/procfs@v0.12.0", "Name": "github.com/prometheus/procfs", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/procfs@v0.12.0", "UID": "6f1595d86220fa66" }, "Version": "v0.12.0", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/spf13/cobra@v1.8.0", "Name": "github.com/spf13/cobra", "Identifier": { "PURL": "pkg:golang/github.com/spf13/cobra@v1.8.0", "UID": "ec756b42b7b8410" }, "Version": "v1.8.0", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/spf13/pflag@v1.0.5", "Name": "github.com/spf13/pflag", "Identifier": { "PURL": "pkg:golang/github.com/spf13/pflag@v1.0.5", "UID": "93b9595d6b572801" }, "Version": "v1.0.5", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/stoewer/go-strcase@v1.3.0", "Name": "github.com/stoewer/go-strcase", "Identifier": { "PURL": "pkg:golang/github.com/stoewer/go-strcase@v1.3.0", "UID": "9de2666b7373afcd" }, "Version": "v1.3.0", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.46.1", "Name": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.46.1", "UID": "88f66d467c87be0d" }, "Version": "v0.46.1", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/otel@v1.21.0", "Name": "go.opentelemetry.io/otel", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel@v1.21.0", "UID": "95fc6f1553a25e79" }, "Version": "v1.21.0", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/otel/exporters/otlp/otlptrace@v1.21.0", "Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlptrace@v1.21.0", "UID": "44a0c49795328ce0" }, "Version": "v1.21.0", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@v1.21.0", "Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@v1.21.0", "UID": "a41f1336f0103827" }, "Version": "v1.21.0", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/otel/metric@v1.21.0", "Name": "go.opentelemetry.io/otel/metric", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel/metric@v1.21.0", "UID": "bb9ce7417a941fb0" }, "Version": "v1.21.0", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/otel/sdk@v1.21.0", "Name": "go.opentelemetry.io/otel/sdk", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel/sdk@v1.21.0", "UID": "2f4ad0ce2f5f0b0f" }, "Version": "v1.21.0", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/otel/trace@v1.21.0", "Name": "go.opentelemetry.io/otel/trace", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel/trace@v1.21.0", "UID": "a417461a8880d21c" }, "Version": "v1.21.0", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/proto/otlp@v1.0.0", "Name": "go.opentelemetry.io/proto/otlp", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/proto/otlp@v1.0.0", "UID": "37e3209f026b9c2d" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "go.uber.org/multierr@v1.11.0", "Name": "go.uber.org/multierr", "Identifier": { "PURL": "pkg:golang/go.uber.org/multierr@v1.11.0", "UID": "58a5683997ba4bf5" }, "Version": "v1.11.0", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "go.uber.org/zap@v1.26.0", "Name": "go.uber.org/zap", "Identifier": { "PURL": "pkg:golang/go.uber.org/zap@v1.26.0", "UID": "7125050fdac6ff16" }, "Version": "v1.26.0", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/crypto@v0.22.0", "Name": "golang.org/x/crypto", "Identifier": { "PURL": "pkg:golang/golang.org/x/crypto@v0.22.0", "UID": "93378542a2b4094" }, "Version": "v0.22.0", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/exp@v0.0.0-20231226003508-02704c960a9b", "Name": "golang.org/x/exp", "Identifier": { "PURL": "pkg:golang/golang.org/x/exp@v0.0.0-20231226003508-02704c960a9b", "UID": "c8cac81d76beb2c3" }, "Version": "v0.0.0-20231226003508-02704c960a9b", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/net@v0.24.0", "Name": "golang.org/x/net", "Identifier": { "PURL": "pkg:golang/golang.org/x/net@v0.24.0", "UID": "9362a8ed9dae9887" }, "Version": "v0.24.0", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/oauth2@v0.15.0", "Name": "golang.org/x/oauth2", "Identifier": { "PURL": "pkg:golang/golang.org/x/oauth2@v0.15.0", "UID": "9f62332e8c2b70b9" }, "Version": "v0.15.0", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/sync@v0.5.0", "Name": "golang.org/x/sync", "Identifier": { "PURL": "pkg:golang/golang.org/x/sync@v0.5.0", "UID": "e72ba0f6763ab680" }, "Version": "v0.5.0", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/sys@v0.19.0", "Name": "golang.org/x/sys", "Identifier": { "PURL": "pkg:golang/golang.org/x/sys@v0.19.0", "UID": "c13054532fe44eeb" }, "Version": "v0.19.0", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/term@v0.19.0", "Name": "golang.org/x/term", "Identifier": { "PURL": "pkg:golang/golang.org/x/term@v0.19.0", "UID": "6c76a496d5480487" }, "Version": "v0.19.0", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/text@v0.14.0", "Name": "golang.org/x/text", "Identifier": { "PURL": "pkg:golang/golang.org/x/text@v0.14.0", "UID": "634c7c1bc8c4b995" }, "Version": "v0.14.0", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/time@v0.5.0", "Name": "golang.org/x/time", "Identifier": { "PURL": "pkg:golang/golang.org/x/time@v0.5.0", "UID": "133d1a35b9d9ecc1" }, "Version": "v0.5.0", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "gomodules.xyz/jsonpatch/v2@v2.4.0", "Name": "gomodules.xyz/jsonpatch/v2", "Identifier": { "PURL": "pkg:golang/gomodules.xyz/jsonpatch/v2@v2.4.0", "UID": "59d03678c6c49707" }, "Version": "v2.4.0", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/genproto/googleapis/api@v0.0.0-20240102182953-50ed04b92917", "Name": "google.golang.org/genproto/googleapis/api", "Identifier": { "PURL": "pkg:golang/google.golang.org/genproto/googleapis/api@v0.0.0-20240102182953-50ed04b92917", "UID": "d381e18d8608e162" }, "Version": "v0.0.0-20240102182953-50ed04b92917", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/genproto/googleapis/rpc@v0.0.0-20240102182953-50ed04b92917", "Name": "google.golang.org/genproto/googleapis/rpc", "Identifier": { "PURL": "pkg:golang/google.golang.org/genproto/googleapis/rpc@v0.0.0-20240102182953-50ed04b92917", "UID": "d5d724c8c01ddb0e" }, "Version": "v0.0.0-20240102182953-50ed04b92917", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/grpc@v1.60.1", "Name": "google.golang.org/grpc", "Identifier": { "PURL": "pkg:golang/google.golang.org/grpc@v1.60.1", "UID": "805fa757f72f9d63" }, "Version": "v1.60.1", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/protobuf@v1.33.0", "Name": "google.golang.org/protobuf", "Identifier": { "PURL": "pkg:golang/google.golang.org/protobuf@v1.33.0", "UID": "695df51d1af7fab" }, "Version": "v1.33.0", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/inf.v0@v0.9.1", "Name": "gopkg.in/inf.v0", "Identifier": { "PURL": "pkg:golang/gopkg.in/inf.v0@v0.9.1", "UID": "f475afea338db10f" }, "Version": "v0.9.1", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/yaml.v2@v2.4.0", "Name": "gopkg.in/yaml.v2", "Identifier": { "PURL": "pkg:golang/gopkg.in/yaml.v2@v2.4.0", "UID": "40457f45117de255" }, "Version": "v2.4.0", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/yaml.v3@v3.0.1", "Name": "gopkg.in/yaml.v3", "Identifier": { "PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1", "UID": "e16b4023db5ca8d5" }, "Version": "v3.0.1", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/api@v0.29.0", "Name": "k8s.io/api", "Identifier": { "PURL": "pkg:golang/k8s.io/api@v0.29.0", "UID": "e757f88ef2f669e4" }, "Version": "v0.29.0", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/apiextensions-apiserver@v0.29.0", "Name": "k8s.io/apiextensions-apiserver", "Identifier": { "PURL": "pkg:golang/k8s.io/apiextensions-apiserver@v0.29.0", "UID": "d39506b13caa5f30" }, "Version": "v0.29.0", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/apimachinery@v0.29.0", "Name": "k8s.io/apimachinery", "Identifier": { "PURL": "pkg:golang/k8s.io/apimachinery@v0.29.0", "UID": "6ac9987275c1f6a0" }, "Version": "v0.29.0", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/apiserver@v0.29.0", "Name": "k8s.io/apiserver", "Identifier": { "PURL": "pkg:golang/k8s.io/apiserver@v0.29.0", "UID": "2028a82b40caaf4f" }, "Version": "v0.29.0", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/client-go@v0.29.0", "Name": "k8s.io/client-go", "Identifier": { "PURL": "pkg:golang/k8s.io/client-go@v0.29.0", "UID": "57aea639087c47ba" }, "Version": "v0.29.0", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/component-base@v0.29.0", "Name": "k8s.io/component-base", "Identifier": { "PURL": "pkg:golang/k8s.io/component-base@v0.29.0", "UID": "33c98f512e5d35b6" }, "Version": "v0.29.0", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/klog/v2@v2.110.1", "Name": "k8s.io/klog/v2", "Identifier": { "PURL": "pkg:golang/k8s.io/klog/v2@v2.110.1", "UID": "a17560f4578edca7" }, "Version": "v2.110.1", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/kube-openapi@v0.0.0-20240103051144-eec4567ac022", "Name": "k8s.io/kube-openapi", "Identifier": { "PURL": "pkg:golang/k8s.io/kube-openapi@v0.0.0-20240103051144-eec4567ac022", "UID": "e39956b9507404f6" }, "Version": "v0.0.0-20240103051144-eec4567ac022", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/utils@v0.0.0-20240102154912-e7106e64919e", "Name": "k8s.io/utils", "Identifier": { "PURL": "pkg:golang/k8s.io/utils@v0.0.0-20240102154912-e7106e64919e", "UID": "326508c0594eb74e" }, "Version": "v0.0.0-20240102154912-e7106e64919e", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/apiserver-network-proxy/konnectivity-client@v0.29.0", "Name": "sigs.k8s.io/apiserver-network-proxy/konnectivity-client", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/apiserver-network-proxy/konnectivity-client@v0.29.0", "UID": "4daa3353e04a57b1" }, "Version": "v0.29.0", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/gateway-api@v1.0.0", "Name": "sigs.k8s.io/gateway-api", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/gateway-api@v1.0.0", "UID": "a25e569ee346c147" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/json@v0.0.0-20221116044647-bc3834ca7abd", "Name": "sigs.k8s.io/json", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/json@v0.0.0-20221116044647-bc3834ca7abd", "UID": "8bc154ea66ab0abe" }, "Version": "v0.0.0-20221116044647-bc3834ca7abd", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/structured-merge-diff/v4@v4.4.1", "Name": "sigs.k8s.io/structured-merge-diff/v4", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/structured-merge-diff/v4@v4.4.1", "UID": "98783f21e4d9e0da" }, "Version": "v4.4.1", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/yaml@v1.4.0", "Name": "sigs.k8s.io/yaml", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/yaml@v1.4.0", "UID": "b906661b6f2834d7" }, "Version": "v1.4.0", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "AnalyzedBy": "gobinary" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2026-32952", "VendorIDs": [ "GHSA-pjcq-xvwq-hhpj" ], "PkgID": "github.com/Azure/go-ntlmssp@v0.0.0-20221128193559-754e69321358", "PkgName": "github.com/Azure/go-ntlmssp", "PkgIdentifier": { "PURL": "pkg:golang/github.com/azure/go-ntlmssp@v0.0.0-20221128193559-754e69321358", "UID": "46b12919e66d1f4d" }, "InstalledVersion": "v0.0.0-20221128193559-754e69321358", "FixedVersion": "0.1.1", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32952", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:9c320282db2d420a569c389f7212295a23cbd9d4cbf814ed5fe6cd3b5aa64aac", "Title": "go-ntlmssp: go-ntlmssp: Denial of Service via malicious NTLM challenge", "Description": "go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using `ntlmssp.Negotiator` as an HTTP transport. Version 0.1.1 patches the issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "ghsa": 2, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32952", "https://github.com/Azure/go-ntlmssp", "https://github.com/Azure/go-ntlmssp/releases/tag/v0.1.1", "https://github.com/Azure/go-ntlmssp/security/advisories/GHSA-pjcq-xvwq-hhpj", "https://nvd.nist.gov/vuln/detail/CVE-2026-32952", "https://www.cve.org/CVERecord?id=CVE-2026-32952" ], "PublishedDate": "2026-04-24T03:16:07.833Z", "LastModifiedDate": "2026-05-21T18:22:06.247Z" }, { "VulnerabilityID": "CVE-2026-24051", "VendorIDs": [ "GHSA-9h8m-3fm2-qjrq" ], "PkgID": "go.opentelemetry.io/otel/sdk@v1.21.0", "PkgName": "go.opentelemetry.io/otel/sdk", "PkgIdentifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel/sdk@v1.21.0", "UID": "2f4ad0ce2f5f0b0f" }, "InstalledVersion": "v1.21.0", "FixedVersion": "1.40.0", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-24051", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:8ef6f88d6b2f46a832e2d98979541f7812a7d01389fd2393a77fa3287865d821", "Title": "OpenTelemetry Go SDK Vulnerable to Arbitrary Code Execution via PATH Hijacking", "Description": "OpenTelemetry-Go is the Go implementation of OpenTelemetry. The OpenTelemetry Go SDK in version v1.20.0-1.39.0 is vulnerable to Path Hijacking (Untrusted Search Paths) on macOS/Darwin systems. The resource detection code in sdk/resource/host_id.go executes the ioreg system command using a search path. An attacker with the ability to locally modify the PATH environment variable can achieve Arbitrary Code Execution (ACE) within the context of the application. A fix was released with v1.40.0.", "Severity": "HIGH", "CweIDs": [ "CWE-426" ], "VendorSeverity": { "ghsa": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://github.com/open-telemetry/opentelemetry-go", "https://github.com/open-telemetry/opentelemetry-go/commit/d45961bcda453fcbdb6469c22d6e88a1f9970a53", "https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-9h8m-3fm2-qjrq", "https://nvd.nist.gov/vuln/detail/CVE-2026-24051", "https://pkg.go.dev/vuln/GO-2026-4394" ], "PublishedDate": "2026-02-02T23:16:07.963Z", "LastModifiedDate": "2026-02-27T20:32:10.693Z" }, { "VulnerabilityID": "CVE-2026-39883", "VendorIDs": [ "GHSA-hfvc-g4fc-pqhx" ], "PkgID": "go.opentelemetry.io/otel/sdk@v1.21.0", "PkgName": "go.opentelemetry.io/otel/sdk", "PkgIdentifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel/sdk@v1.21.0", "UID": "2f4ad0ce2f5f0b0f" }, "InstalledVersion": "v1.21.0", "FixedVersion": "1.43.0", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39883", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:ee2bd99cd46a171e899d16bed01607b274f0823a0799b822fa31fb4cb8c46890", "Title": "opentelemetry-go: BSD kenv command not using absolute path enables PATH hijacking", "Description": "OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This vulnerability is fixed in 1.43.0.", "Severity": "HIGH", "CweIDs": [ "CWE-426" ], "VendorSeverity": { "ghsa": 3, "nvd": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "V40Score": 7.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "http://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.43.0", "https://github.com/open-telemetry/opentelemetry-go", "https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-hfvc-g4fc-pqhx", "https://nvd.nist.gov/vuln/detail/CVE-2026-39883" ], "PublishedDate": "2026-04-08T21:17:00.697Z", "LastModifiedDate": "2026-04-10T21:16:27.12Z" }, { "VulnerabilityID": "CVE-2024-45337", "VendorIDs": [ "GHSA-v778-237x-gjrc" ], "PkgID": "golang.org/x/crypto@v0.22.0", "PkgName": "golang.org/x/crypto", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/crypto@v0.22.0", "UID": "93378542a2b4094" }, "InstalledVersion": "v0.22.0", "FixedVersion": "0.31.0", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-45337", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:dfd8734ddda69c16191a86f1f3eacbe57ef8580e0ad42639071d2a8a3932bba1", "Title": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto", "Description": "Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that \"A call to this function does not guarantee that the key offered is in fact used to authenticate.\" Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/cry...@v0.31.0 enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.", "Severity": "CRITICAL", "VendorSeverity": { "amazon": 3, "azure": 4, "cbl-mariner": 4, "ghsa": 4, "redhat": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N", "V3Score": 8.2 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/12/11/2", "https://access.redhat.com/security/cve/CVE-2024-45337", "https://github.com/golang/crypto", "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909", "https://go-review.googlesource.com/c/crypto/+/635315/", "https://go.dev/cl/635315", "https://go.dev/issue/70779", "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ", "https://nvd.nist.gov/vuln/detail/CVE-2024-45337", "https://pkg.go.dev/vuln/GO-2024-3321", "https://security.netapp.com/advisory/ntap-20250131-0007", "https://security.netapp.com/advisory/ntap-20250131-0007/", "https://ubuntu.com/security/notices/USN-7839-1", "https://ubuntu.com/security/notices/USN-7839-2", "https://www.cve.org/CVERecord?id=CVE-2024-45337" ], "PublishedDate": "2024-12-12T02:02:07.97Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-22869", "VendorIDs": [ "GHSA-hcg3-q754-cr77" ], "PkgID": "golang.org/x/crypto@v0.22.0", "PkgName": "golang.org/x/crypto", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/crypto@v0.22.0", "UID": "93378542a2b4094" }, "InstalledVersion": "v0.22.0", "FixedVersion": "0.35.0", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22869", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:8896d698b612c9bd73b387e0aa0cbba921f4f56bf89bd89772dac44b27654831", "Title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh", "Description": "SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "ghsa": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:3833", "https://access.redhat.com/security/cve/CVE-2025-22869", "https://bugzilla.redhat.com/2348367", "https://bugzilla.redhat.com/show_bug.cgi?id=2348367", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22869", "https://errata.almalinux.org/9/ALSA-2025-3833.html", "https://errata.rockylinux.org/RLSA-2025:7416", "https://github.com/golang/crypto", "https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22", "https://go-review.googlesource.com/c/crypto/+/652135", "https://go.dev/cl/652135", "https://go.dev/issue/71931", "https://linux.oracle.com/cve/CVE-2025-22869.html", "https://linux.oracle.com/errata/ELSA-2025-7484.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-22869", "https://pkg.go.dev/vuln/GO-2025-3487", "https://security.netapp.com/advisory/ntap-20250411-0010", "https://security.netapp.com/advisory/ntap-20250411-0010/", "https://www.cve.org/CVERecord?id=CVE-2025-22869" ], "PublishedDate": "2025-02-26T08:14:24.997Z", "LastModifiedDate": "2025-05-01T19:28:20.74Z" }, { "VulnerabilityID": "CVE-2025-47914", "VendorIDs": [ "GHSA-f6x5-jh6r-wrfv" ], "PkgID": "golang.org/x/crypto@v0.22.0", "PkgName": "golang.org/x/crypto", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/crypto@v0.22.0", "UID": "93378542a2b4094" }, "InstalledVersion": "v0.22.0", "FixedVersion": "0.45.0", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47914", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:a593ce7ecd469b57c2fda539785f0ba628477a1157624f1693c5cbe79e14f2f6", "Title": "golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages", "Description": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "amazon": 2, "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-47914", "https://go.dev/cl/721960", "https://go.dev/issue/76364", "https://go.googlesource.com/crypto", "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA", "https://nvd.nist.gov/vuln/detail/CVE-2025-47914", "https://pkg.go.dev/vuln/GO-2025-4135", "https://www.cve.org/CVERecord?id=CVE-2025-47914" ], "PublishedDate": "2025-11-19T21:15:50.517Z", "LastModifiedDate": "2025-12-11T19:36:41.373Z" }, { "VulnerabilityID": "CVE-2025-58181", "VendorIDs": [ "GHSA-j5w8-q4qc-rx2x" ], "PkgID": "golang.org/x/crypto@v0.22.0", "PkgName": "golang.org/x/crypto", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/crypto@v0.22.0", "UID": "93378542a2b4094" }, "InstalledVersion": "v0.22.0", "FixedVersion": "0.45.0", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58181", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:a4293a0387990ca5c561593bcc8674c7ace6a587e554d51af98b3f7750fea204", "Title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication", "Description": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 2, "ghsa": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-58181", "https://github.com/golang/crypto/commit/e79546e28b85ea53dd37afe1c4102746ef553b9c", "https://github.com/golang/go/issues/76363", "https://go.dev/cl/721961", "https://go.dev/issue/76363", "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA", "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA?pli=1", "https://nvd.nist.gov/vuln/detail/CVE-2025-58181", "https://pkg.go.dev/vuln/GO-2025-4134", "https://ubuntu.com/security/notices/USN-7956-1", "https://www.cve.org/CVERecord?id=CVE-2025-58181" ], "PublishedDate": "2025-11-19T21:15:50.85Z", "LastModifiedDate": "2025-12-11T19:29:24.9Z" }, { "VulnerabilityID": "CVE-2025-22870", "VendorIDs": [ "GHSA-qxp5-gwg8-xv66" ], "PkgID": "golang.org/x/net@v0.24.0", "PkgName": "golang.org/x/net", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/net@v0.24.0", "UID": "9362a8ed9dae9887" }, "InstalledVersion": "v0.24.0", "FixedVersion": "0.36.0", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:b8580e667d3e648d8605b4b6ff69be47779b86baecd877ac88852112e51a13b1", "Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", "Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.", "Severity": "MEDIUM", "CweIDs": [ "CWE-115" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/03/07/2", "https://access.redhat.com/security/cve/CVE-2025-22870", "https://github.com/golang/go/issues/71984", "https://go-review.googlesource.com/q/project:net", "https://go.dev/cl/654697", "https://go.dev/issue/71984", "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", "https://nvd.nist.gov/vuln/detail/CVE-2025-22870", "https://pkg.go.dev/vuln/GO-2025-3503", "https://security.netapp.com/advisory/ntap-20250509-0007", "https://security.netapp.com/advisory/ntap-20250509-0007/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-22870" ], "PublishedDate": "2025-03-12T19:15:38.31Z", "LastModifiedDate": "2026-04-16T23:16:32.86Z" }, { "VulnerabilityID": "CVE-2025-22872", "VendorIDs": [ "GHSA-vvgc-356p-c3xw" ], "PkgID": "golang.org/x/net@v0.24.0", "PkgName": "golang.org/x/net", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/net@v0.24.0", "UID": "9362a8ed9dae9887" }, "InstalledVersion": "v0.24.0", "FixedVersion": "0.38.0", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22872", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:1ca32bc86271812d168151f9f31f5f47713fbd9f53645a8327d450f1227a96b2", "Title": "golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net", "Description": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N", "V40Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22872", "https://github.com/TheDegenerateDev5150/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9", "https://github.com/advisories/GHSA-vvgc-356p-c3xw", "https://go.dev/cl/662715", "https://go.dev/issue/73070", "https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA", "https://nvd.nist.gov/vuln/detail/CVE-2025-22872", "https://pkg.go.dev/vuln/GO-2025-3595", "https://security.netapp.com/advisory/ntap-20250516-0007", "https://security.netapp.com/advisory/ntap-20250516-0007/", "https://ubuntu.com/security/notices/USN-8089-1", "https://ubuntu.com/security/notices/USN-8089-2", "https://ubuntu.com/security/notices/USN-8089-3", "https://www.cve.org/CVERecord?id=CVE-2025-22872" ], "PublishedDate": "2025-04-16T18:16:04.183Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-22868", "VendorIDs": [ "GHSA-6v2p-p543-phr9" ], "PkgID": "golang.org/x/oauth2@v0.15.0", "PkgName": "golang.org/x/oauth2", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/oauth2@v0.15.0", "UID": "9f62332e8c2b70b9" }, "InstalledVersion": "v0.15.0", "FixedVersion": "0.27.0", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22868", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:388650ad97f4d0c70e434efc757d6ce5e7595a03090af87b1c976f7a6246a67d", "Title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws", "Description": "An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.", "Severity": "HIGH", "CweIDs": [ "CWE-1286" ], "VendorSeverity": { "amazon": 3, "azure": 3, "cbl-mariner": 3, "ghsa": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22868", "https://bugzilla.redhat.com/show_bug.cgi?id=2347423", "https://bugzilla.redhat.com/show_bug.cgi?id=2348366", "https://bugzilla.redhat.com/show_bug.cgi?id=2352914", "https://bugzilla.redhat.com/show_bug.cgi?id=2354195", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22868", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27144", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30204", "https://errata.rockylinux.org/RLSA-2025:7479", "https://go.dev/cl/652155", "https://go.dev/issue/71490", "https://nvd.nist.gov/vuln/detail/CVE-2025-22868", "https://pkg.go.dev/vuln/GO-2025-3488", "https://www.cve.org/CVERecord?id=CVE-2025-22868" ], "PublishedDate": "2025-02-26T08:14:24.897Z", "LastModifiedDate": "2025-05-01T19:27:10.43Z" }, { "VulnerabilityID": "CVE-2026-33186", "VendorIDs": [ "GHSA-p77j-4mvh-x3m3" ], "PkgID": "google.golang.org/grpc@v1.60.1", "PkgName": "google.golang.org/grpc", "PkgIdentifier": { "PURL": "pkg:golang/google.golang.org/grpc@v1.60.1", "UID": "805fa757f72f9d63" }, "InstalledVersion": "v1.60.1", "FixedVersion": "1.79.3", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33186", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:abb32c2586c61b9144b54cd5d962733e90c4a97d1ee930d30bccc4389535eb06", "Title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation", "Description": "gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, \"deny\" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback \"allow\" rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific \"deny\" rules for canonical paths but allows other requests by default (a fallback \"allow\" rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening.", "Severity": "CRITICAL", "CweIDs": [ "CWE-285" ], "VendorSeverity": { "amazon": 3, "ghsa": 4, "photon": 4, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33186", "https://github.com/grpc/grpc-go", "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3", "https://nvd.nist.gov/vuln/detail/CVE-2026-33186", "https://www.cve.org/CVERecord?id=CVE-2026-33186" ], "PublishedDate": "2026-03-20T23:16:45.18Z", "LastModifiedDate": "2026-04-10T20:49:17.737Z" }, { "VulnerabilityID": "CVE-2024-24790", "VendorIDs": [ "GO-2024-2887" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "d50878e2b1eec03c" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.21.11, 1.22.4", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24790", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:18769fcc5c4b7fbae9e9f0285b5abb0bc8bd68ccc70640ce4ddb13c57834a541", "Title": "golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses", "Description": "The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.", "Severity": "CRITICAL", "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 4, "cbl-mariner": 4, "nvd": 4, "oracle-oval": 2, "photon": 4, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 6.7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/06/04/1", "https://access.redhat.com/errata/RHSA-2025:7256", "https://access.redhat.com/security/cve/CVE-2024-24790", "https://bugzilla.redhat.com/2237777", "https://bugzilla.redhat.com/2237778", "https://bugzilla.redhat.com/2279814", "https://bugzilla.redhat.com/2292787", "https://bugzilla.redhat.com/2295310", "https://bugzilla.redhat.com/2315719", "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", "https://bugzilla.redhat.com/show_bug.cgi?id=2292787", "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", "https://bugzilla.redhat.com/show_bug.cgi?id=2315719", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9355", "https://errata.almalinux.org/9/ALSA-2025-7256.html", "https://errata.rockylinux.org/RLSA-2025:7256", "https://github.com/golang/go/commit/051bdf3fd12a40307606ff9381138039c5f452f0 (1.21)", "https://github.com/golang/go/commit/12d5810cdb1f73cf23d7a86462143e9463317fca (1.22)", "https://github.com/golang/go/issues/67680", "https://go.dev/cl/590316", "https://go.dev/issue/67680", "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k", "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ", "https://linux.oracle.com/cve/CVE-2024-24790.html", "https://linux.oracle.com/errata/ELSA-2025-7256.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-24790", "https://pkg.go.dev/vuln/GO-2024-2887", "https://security.netapp.com/advisory/ntap-20240905-0002/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://www.cve.org/CVERecord?id=CVE-2024-24790" ], "PublishedDate": "2024-06-05T16:15:10.56Z", "LastModifiedDate": "2024-11-21T08:59:42.813Z" }, { "VulnerabilityID": "CVE-2025-68121", "VendorIDs": [ "GO-2026-4337" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "d50878e2b1eec03c" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68121", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c56f256e7733c69b7d408510285a4d81572d6f49ebcf1d8fb4a606bf3f754dd8", "Title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption", "Description": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.", "Severity": "CRITICAL", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 4, "cbl-mariner": 2, "nvd": 4, "oracle-oval": 3, "photon": 4, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "V3Score": 10 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "V3Score": 10 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4177", "https://access.redhat.com/security/cve/CVE-2025-68121", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-4177.html", "https://errata.rockylinux.org/RLSA-2026:4177", "https://github.com/golang/go/issues/77113", "https://go.dev/cl/737700", "https://go.dev/issue/77217", "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-68121.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-68121", "https://pkg.go.dev/vuln/GO-2026-4337", "https://www.cve.org/CVERecord?id=CVE-2025-68121" ], "PublishedDate": "2026-02-05T18:16:10.857Z", "LastModifiedDate": "2026-04-29T14:16:16.17Z" }, { "VulnerabilityID": "CVE-2024-34156", "VendorIDs": [ "GO-2024-3106" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "d50878e2b1eec03c" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.22.7, 1.23.1", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34156", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:4818625fac3b9094f807b21b29aebcfcd0255f60a643bee35a9abe38ecfd98de", "Title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion", "Description": "Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "Severity": "HIGH", "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:3773", "https://access.redhat.com/security/cve/CVE-2024-34156", "https://bugzilla.redhat.com/2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", "https://errata.almalinux.org/9/ALSA-2025-3773.html", "https://errata.rockylinux.org/RLSA-2025:3773", "https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7)", "https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1)", "https://go.dev/cl/611239", "https://go.dev/issue/69139", "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "https://linux.oracle.com/cve/CVE-2024-34156.html", "https://linux.oracle.com/errata/ELSA-2025-3773.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-34156", "https://pkg.go.dev/vuln/GO-2024-3106", "https://security.netapp.com/advisory/ntap-20240926-0004/", "https://ubuntu.com/security/notices/USN-7081-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-34156" ], "PublishedDate": "2024-09-06T21:15:12.02Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-61726", "VendorIDs": [ "GO-2026-4341" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "d50878e2b1eec03c" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61726", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:a0febe353d3db101e926c3228a92ab2b69441f985884c3966ed7ceb7729d4866", "Title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url", "Description": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 3, "cbl-mariner": 2, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4177", "https://access.redhat.com/security/cve/CVE-2025-61726", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-4177.html", "https://errata.rockylinux.org/RLSA-2026:4177", "https://go.dev/cl/736712", "https://go.dev/issue/77101", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-61726.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61726", "https://pkg.go.dev/vuln/GO-2026-4341", "https://www.cve.org/CVERecord?id=CVE-2025-61726" ], "PublishedDate": "2026-01-28T20:16:09.713Z", "LastModifiedDate": "2026-02-06T18:47:34.52Z" }, { "VulnerabilityID": "CVE-2025-61729", "VendorIDs": [ "GO-2025-4155" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "d50878e2b1eec03c" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.24.11, 1.25.5", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61729", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:528c9bf30c46440e36700520de7f35932c8f74984d4ff7d23806a1675135d4ed", "Title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate", "Description": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 1, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:3928", "https://access.redhat.com/security/cve/CVE-2025-61729", "https://bugzilla.redhat.com/2418462", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-3928.html", "https://errata.rockylinux.org/RLSA-2026:3928", "https://go.dev/cl/725920", "https://go.dev/issue/76445", "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "https://linux.oracle.com/cve/CVE-2025-61729.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61729", "https://pkg.go.dev/vuln/GO-2025-4155", "https://www.cve.org/CVERecord?id=CVE-2025-61729" ], "PublishedDate": "2025-12-02T19:15:51.447Z", "LastModifiedDate": "2025-12-19T18:25:28.283Z" }, { "VulnerabilityID": "CVE-2026-25679", "VendorIDs": [ "GO-2026-4601" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "d50878e2b1eec03c" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.25.8, 1.26.1", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25679", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:85649ad28de0c072a5fa04c699887957a2e70909c9397b7e763d7b6ca05a904b", "Title": "net/url: Incorrect parsing of IPv6 host literals in net/url", "Description": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.", "Severity": "HIGH", "CweIDs": [ "CWE-425" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:9044", "https://access.redhat.com/security/cve/CVE-2026-25679", "https://bugzilla.redhat.com/2445356", "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", "https://errata.almalinux.org/9/ALSA-2026-9044.html", "https://errata.rockylinux.org/RLSA-2026:8841", "https://go.dev/cl/752180", "https://go.dev/issue/77578", "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "https://linux.oracle.com/cve/CVE-2026-25679.html", "https://linux.oracle.com/errata/ELSA-2026-9044.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", "https://pkg.go.dev/vuln/GO-2026-4601", "https://www.cve.org/CVERecord?id=CVE-2026-25679" ], "PublishedDate": "2026-03-06T22:16:00.72Z", "LastModifiedDate": "2026-04-21T14:43:03.8Z" }, { "VulnerabilityID": "CVE-2026-32280", "VendorIDs": [ "GO-2026-4947" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "d50878e2b1eec03c" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:de566d483fda9482d469ed23f0b40e5d933daced1e7be84cc3274e8189a53558", "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32280", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/758320", "https://go.dev/issue/78282", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32280.html", "https://linux.oracle.com/errata/ELSA-2026-16875.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", "https://pkg.go.dev/vuln/GO-2026-4947", "https://www.cve.org/CVERecord?id=CVE-2026-32280" ], "PublishedDate": "2026-04-08T02:16:03.247Z", "LastModifiedDate": "2026-04-16T19:16:42.18Z" }, { "VulnerabilityID": "CVE-2026-32281", "VendorIDs": [ "GO-2026-4946" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "d50878e2b1eec03c" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:728de18f898d692f6736a9b558d23e1a3ef620a37dd99f4dade3a031bee629ac", "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32281", "https://go.dev/cl/758061", "https://go.dev/issue/78281", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", "https://pkg.go.dev/vuln/GO-2026-4946", "https://www.cve.org/CVERecord?id=CVE-2026-32281" ], "PublishedDate": "2026-04-08T02:16:03.35Z", "LastModifiedDate": "2026-04-16T19:15:57.75Z" }, { "VulnerabilityID": "CVE-2026-32283", "VendorIDs": [ "GO-2026-4870" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "d50878e2b1eec03c" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:23cfab8e177207474620e25b4eaeb29122eef8389c3cb1a8fb2e551bab66a446", "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "nvd": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32283", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763767", "https://go.dev/issue/78334", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32283.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", "https://pkg.go.dev/vuln/GO-2026-4870", "https://www.cve.org/CVERecord?id=CVE-2026-32283" ], "PublishedDate": "2026-04-08T02:16:03.58Z", "LastModifiedDate": "2026-04-16T19:12:10.54Z" }, { "VulnerabilityID": "CVE-2026-33811", "VendorIDs": [ "GO-2026-4981" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "d50878e2b1eec03c" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:ecd2df380a6ceac93db39a1e14e36c212c50e12423ca2c6b232de532f141122b", "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", "Severity": "HIGH", "CweIDs": [ "CWE-415" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/767860", "https://go.dev/issue/78803", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", "https://pkg.go.dev/vuln/GO-2026-4981" ], "PublishedDate": "2026-05-07T20:16:42.77Z", "LastModifiedDate": "2026-05-12T20:23:02.333Z" }, { "VulnerabilityID": "CVE-2026-33814", "VendorIDs": [ "GO-2026-4918" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "d50878e2b1eec03c" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:2048dc9d88b1d7b3668409c92d2f5f246fe0cd9ebef94b15d9ea1c56806caf26", "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", "Severity": "HIGH", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/761581", "https://go.dev/cl/761640", "https://go.dev/issue/78476", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", "https://pkg.go.dev/vuln/GO-2026-4918" ], "PublishedDate": "2026-05-07T20:16:42.88Z", "LastModifiedDate": "2026-05-13T14:41:59.52Z" }, { "VulnerabilityID": "CVE-2026-39820", "VendorIDs": [ "GO-2026-4986" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "d50878e2b1eec03c" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:52e07251a62c9fc9487b06596badc9b6b364c14bde7824f14cd746b0bb26987c", "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/759940", "https://go.dev/issue/78566", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", "https://pkg.go.dev/vuln/GO-2026-4986" ], "PublishedDate": "2026-05-07T20:16:43.187Z", "LastModifiedDate": "2026-05-13T15:10:58.65Z" }, { "VulnerabilityID": "CVE-2026-39836", "VendorIDs": [ "GO-2026-4971" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "d50878e2b1eec03c" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:9052c2ab6218164b5e6447667afe5edf93895215ee817926ce22dfc4da33d389", "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/775320", "https://go.dev/issue/79006", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", "https://pkg.go.dev/vuln/GO-2026-4971" ], "PublishedDate": "2026-05-07T20:16:43.593Z", "LastModifiedDate": "2026-05-13T15:11:10.31Z" }, { "VulnerabilityID": "CVE-2026-42499", "VendorIDs": [ "GO-2026-4977" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "d50878e2b1eec03c" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:312684bc6a7b0d43ce39fc5f5110b9a660ddf890cb321449df790bb39814a45d", "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", "Severity": "HIGH", "VendorSeverity": { "bitnami": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/771520", "https://go.dev/issue/78987", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", "https://pkg.go.dev/vuln/GO-2026-4977" ], "PublishedDate": "2026-05-07T20:16:44.54Z", "LastModifiedDate": "2026-05-13T16:59:17.563Z" }, { "VulnerabilityID": "CVE-2024-24789", "VendorIDs": [ "GO-2024-2888" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "d50878e2b1eec03c" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.21.11, 1.22.4", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24789", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:123ac61005d47546c0b3198043741c86af4beea49dff4af284861461c6b44cd7", "Title": "golang: archive/zip: Incorrect handling of certain ZIP files", "Description": "The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/06/04/1", "https://access.redhat.com/errata/RHSA-2024:9115", "https://access.redhat.com/security/cve/CVE-2024-24789", "https://bugzilla.redhat.com/2279814", "https://bugzilla.redhat.com/2292668", "https://bugzilla.redhat.com/2292787", "https://bugzilla.redhat.com/2294000", "https://bugzilla.redhat.com/2295310", "https://bugzilla.redhat.com/show_bug.cgi?id=2144983", "https://bugzilla.redhat.com/show_bug.cgi?id=2274767", "https://bugzilla.redhat.com/show_bug.cgi?id=2292668", "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4122", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24789", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3727", "https://errata.almalinux.org/9/ALSA-2024-9115.html", "https://errata.rockylinux.org/RLSA-2024:9102", "https://github.com/golang/go/commit/c8e40338cf00f3c1d86c8fb23863ad67a4c72bcc (1.21)", "https://github.com/golang/go/commit/cf501ac0c5fe351a8582d20b43562027927906e7 (1.22)", "https://github.com/golang/go/issues/66869", "https://go.dev/cl/585397", "https://go.dev/issue/66869", "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k", "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ", "https://linux.oracle.com/cve/CVE-2024-24789.html", "https://linux.oracle.com/errata/ELSA-2024-9115.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5YAEIA6IUHUNGJ7AIXXPQT6D2GYENX7/", "https://nvd.nist.gov/vuln/detail/CVE-2024-24789", "https://pkg.go.dev/vuln/GO-2024-2888", "https://security.netapp.com/advisory/ntap-20250131-0008/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-24789" ], "PublishedDate": "2024-06-05T16:15:10.47Z", "LastModifiedDate": "2025-01-31T15:15:12.74Z" }, { "VulnerabilityID": "CVE-2024-24791", "VendorIDs": [ "GO-2024-2963" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "d50878e2b1eec03c" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.21.12, 1.22.5", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24791", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:a150ebd984d1d78bbc6b8d7459b3247bfd1da815da94299799c49f5e65587b33", "Title": "net/http: Denial of service due to improper 100-continue handling in net/http", "Description": "The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an \"Expect: 100-continue\" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending \"Expect: 100-continue\" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "bitnami": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:7256", "https://access.redhat.com/security/cve/CVE-2024-24791", "https://bugzilla.redhat.com/2237777", "https://bugzilla.redhat.com/2237778", "https://bugzilla.redhat.com/2279814", "https://bugzilla.redhat.com/2292787", "https://bugzilla.redhat.com/2295310", "https://bugzilla.redhat.com/2315719", "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", "https://bugzilla.redhat.com/show_bug.cgi?id=2292787", "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", "https://bugzilla.redhat.com/show_bug.cgi?id=2315719", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9355", "https://errata.almalinux.org/9/ALSA-2025-7256.html", "https://errata.rockylinux.org/RLSA-2025:7256", "https://go.dev/cl/591255", "https://go.dev/issue/67555", "https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ", "https://linux.oracle.com/cve/CVE-2024-24791.html", "https://linux.oracle.com/errata/ELSA-2025-7256.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-24791", "https://pkg.go.dev/vuln/GO-2024-2963", "https://security.netapp.com/advisory/ntap-20241004-0004/", "https://ubuntu.com/security/notices/USN-7081-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-24791" ], "PublishedDate": "2024-07-02T22:15:04.833Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-34155", "VendorIDs": [ "GO-2024-3105" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "d50878e2b1eec03c" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.22.7, 1.23.1", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34155", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:531f92d2fec542bf0e5e74a8764ba58b6f6c9ad31cac702b881d6c4cd4796b2c", "Title": "go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion", "Description": "Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 4.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:9459", "https://access.redhat.com/security/cve/CVE-2024-34155", "https://bugzilla.redhat.com/2310527", "https://bugzilla.redhat.com/2310528", "https://bugzilla.redhat.com/2310529", "https://bugzilla.redhat.com/2315691", "https://bugzilla.redhat.com/2315887", "https://bugzilla.redhat.com/2317458", "https://bugzilla.redhat.com/2317467", "https://bugzilla.redhat.com/show_bug.cgi?id=2310527", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2310529", "https://bugzilla.redhat.com/show_bug.cgi?id=2315691", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341", "https://errata.almalinux.org/9/ALSA-2024-9459.html", "https://errata.rockylinux.org/RLSA-2024:8039", "https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1)", "https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7)", "https://go.dev/cl/611238", "https://go.dev/issue/69138", "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "https://linux.oracle.com/cve/CVE-2024-34155.html", "https://linux.oracle.com/errata/ELSA-2024-9459.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-34155", "https://pkg.go.dev/vuln/GO-2024-3105", "https://security.netapp.com/advisory/ntap-20240926-0005/", "https://ubuntu.com/security/notices/USN-7081-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-34155" ], "PublishedDate": "2024-09-06T21:15:11.947Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-34158", "VendorIDs": [ "GO-2024-3107" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "d50878e2b1eec03c" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.22.7, 1.23.1", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34158", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:a27f06185b0093198811d55118b387de2309b64ac6c0ee529631e343defdfd44", "Title": "go/build/constraint: golang: Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion", "Description": "Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.", "Severity": "MEDIUM", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:7118", "https://access.redhat.com/security/cve/CVE-2024-34158", "https://bugzilla.redhat.com/2262921", "https://bugzilla.redhat.com/2310529", "https://bugzilla.redhat.com/2315719", "https://bugzilla.redhat.com/show_bug.cgi?id=2310527", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2310529", "https://bugzilla.redhat.com/show_bug.cgi?id=2315691", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341", "https://errata.almalinux.org/9/ALSA-2025-7118.html", "https://errata.rockylinux.org/RLSA-2024:8039", "https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1)", "https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7)", "https://go.dev/cl/611240", "https://go.dev/issue/69141", "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "https://linux.oracle.com/cve/CVE-2024-34158.html", "https://linux.oracle.com/errata/ELSA-2025-7118.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-34158", "https://pkg.go.dev/vuln/GO-2024-3107", "https://security.netapp.com/advisory/ntap-20241004-0003/", "https://ubuntu.com/security/notices/USN-7081-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-34158" ], "PublishedDate": "2024-09-06T21:15:12.083Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-45336", "VendorIDs": [ "GO-2025-3420" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "d50878e2b1eec03c" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.22.11, 1.23.5, 1.24.0-rc.2", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-45336", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f096cee810a2b1c6e3057cde37e9a4dc43d0fa2c9cf9c26df2094a5c0bcb22fe", "Title": "golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect", "Description": "The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "bitnami": 2, "cbl-mariner": 3, "oracle-oval": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:3772", "https://access.redhat.com/security/cve/CVE-2024-45336", "https://bugzilla.redhat.com/2341750", "https://bugzilla.redhat.com/2341751", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", "https://errata.almalinux.org/8/ALSA-2025-3772.html", "https://errata.rockylinux.org/RLSA-2025:3773", "https://github.com/golang/go/issues/70530", "https://go.dev/cl/643100", "https://go.dev/issue/70530", "https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI", "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ", "https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ", "https://linux.oracle.com/cve/CVE-2024-45336.html", "https://linux.oracle.com/errata/ELSA-2025-7592.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-45336", "https://pkg.go.dev/vuln/GO-2025-3420", "https://security.netapp.com/advisory/ntap-20250221-0003/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2024-45336" ], "PublishedDate": "2025-01-28T02:15:28.807Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-0913", "VendorIDs": [ "GO-2025-3750" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "d50878e2b1eec03c" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.23.10, 1.24.4", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:4cb585c9c43f732f6c57876f9acb59ccdab45e3cea81c810cbeef88603b19707", "Title": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", "Description": "os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 } }, "References": [ "https://go.dev/cl/672396", "https://go.dev/issue/73702", "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "https://nvd.nist.gov/vuln/detail/CVE-2025-0913", "https://pkg.go.dev/vuln/GO-2025-3750" ], "PublishedDate": "2025-06-11T18:15:24.627Z", "LastModifiedDate": "2025-08-08T14:53:03.55Z" }, { "VulnerabilityID": "CVE-2025-22866", "VendorIDs": [ "GO-2025-3447" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "d50878e2b1eec03c" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.22.12, 1.23.6, 1.24.0-rc.3", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22866", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:82059a878f49c67af96a81b534eade7bad1916020763c6b8805dab1f3888d33e", "Title": "crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec", "Description": "Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.", "Severity": "MEDIUM", "VendorSeverity": { "bitnami": 2, "oracle-oval": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22866", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", "https://errata.rockylinux.org/RLSA-2025:3773", "https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12)", "https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6)", "https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3)", "https://github.com/golang/go/issues/71383", "https://go.dev/cl/643735", "https://go.dev/issue/71383", "https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k", "https://linux.oracle.com/cve/CVE-2025-22866.html", "https://linux.oracle.com/errata/ELSA-2025-7466.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-22866", "https://pkg.go.dev/vuln/GO-2025-3447", "https://security.netapp.com/advisory/ntap-20250221-0002/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-22866" ], "PublishedDate": "2025-02-06T17:15:21.41Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-22870", "VendorIDs": [ "GHSA-qxp5-gwg8-xv66", "GO-2025-3503" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "d50878e2b1eec03c" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.23.7, 1.24.1", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:2a9f3b80095293f7f5e29890cb9b9a9fe4a1e677db280f144f24be2ff94f2be9", "Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", "Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.", "Severity": "MEDIUM", "CweIDs": [ "CWE-115" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/03/07/2", "https://access.redhat.com/security/cve/CVE-2025-22870", "https://github.com/golang/go/issues/71984", "https://go-review.googlesource.com/q/project:net", "https://go.dev/cl/654697", "https://go.dev/issue/71984", "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", "https://nvd.nist.gov/vuln/detail/CVE-2025-22870", "https://pkg.go.dev/vuln/GO-2025-3503", "https://security.netapp.com/advisory/ntap-20250509-0007", "https://security.netapp.com/advisory/ntap-20250509-0007/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-22870" ], "PublishedDate": "2025-03-12T19:15:38.31Z", "LastModifiedDate": "2026-04-16T23:16:32.86Z" }, { "VulnerabilityID": "CVE-2025-22871", "VendorIDs": [ "GO-2025-3563" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "d50878e2b1eec03c" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.23.8, 1.24.2", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22871", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:a78fce3cfe606bf829d783f458e4bac7d1e67dfd2ff933f38a2711a5bbf9225c", "Title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http", "Description": "The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 4, "cbl-mariner": 3, "ghsa": 4, "oracle-oval": 2, "photon": 4, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/04/4", "https://access.redhat.com/errata/RHSA-2025:9635", "https://access.redhat.com/security/cve/CVE-2025-22871", "https://bugzilla.redhat.com/2358493", "https://bugzilla.redhat.com/show_bug.cgi?id=2358493", "https://cert-portal.siemens.com/productcert/html/ssa-783943.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871", "https://errata.almalinux.org/9/ALSA-2025-9635.html", "https://errata.rockylinux.org/RLSA-2025:9635", "https://github.com/roadrunner-server/roadrunner", "https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa", "https://github.com/roadrunner-server/roadrunner/issues/2166", "https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0", "https://go.dev/cl/652998", "https://go.dev/issue/71988", "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk", "https://linux.oracle.com/cve/CVE-2025-22871.html", "https://linux.oracle.com/errata/ELSA-2025-9845.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-22871", "https://pkg.go.dev/vuln/GO-2025-3563", "https://www.cve.org/CVERecord?id=CVE-2025-22871" ], "PublishedDate": "2025-04-08T20:15:20.183Z", "LastModifiedDate": "2026-05-12T13:16:39.897Z" }, { "VulnerabilityID": "CVE-2025-22873", "VendorIDs": [ "GO-2026-4403" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "d50878e2b1eec03c" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.23.9, 1.24.3", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22873", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:df67f60b40065a7bc1857bba01c58101540d517b399a84c50f8f74d6c519cc84", "Title": "os: os: Information disclosure via path traversal using specially crafted filenames", "Description": "It was possible to improperly access the parent directory of an os.Root by opening a filename ending in \"../\". For example, Root.Open(\"../\") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.", "Severity": "MEDIUM", "CweIDs": [ "CWE-23" ], "VendorSeverity": { "amazon": 2, "bitnami": 1, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "V3Score": 3.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/05/06/2", "https://access.redhat.com/security/cve/CVE-2025-22873", "https://go.dev/cl/670036", "https://go.dev/issue/73555", "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ", "https://nvd.nist.gov/vuln/detail/CVE-2025-22873", "https://pkg.go.dev/vuln/GO-2026-4403", "https://www.cve.org/CVERecord?id=CVE-2025-22873" ], "PublishedDate": "2026-02-04T23:15:54.22Z", "LastModifiedDate": "2026-02-10T15:16:40.057Z" }, { "VulnerabilityID": "CVE-2025-4673", "VendorIDs": [ "GO-2025-3751" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "d50878e2b1eec03c" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.23.10, 1.24.4", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:1bd0152d6e9dc912457821567b508778c3b869c13c2c3015d5b366ad60a3164f", "Title": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", "Description": "Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "V3Score": 6.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "V3Score": 6.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:15887", "https://access.redhat.com/security/cve/CVE-2025-4673", "https://bugzilla.redhat.com/2373305", "https://bugzilla.redhat.com/show_bug.cgi?id=2373305", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673", "https://errata.almalinux.org/9/ALSA-2025-15887.html", "https://errata.rockylinux.org/RLSA-2025:15887", "https://go.dev/cl/679257", "https://go.dev/issue/73816", "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "https://linux.oracle.com/cve/CVE-2025-4673.html", "https://linux.oracle.com/errata/ELSA-2025-10677.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-4673", "https://pkg.go.dev/vuln/GO-2025-3751", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-4673" ], "PublishedDate": "2025-06-11T17:15:42.993Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-47906", "VendorIDs": [ "GO-2025-3956" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "d50878e2b1eec03c" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.23.12, 1.24.6", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:ccd0b8f2b76067503c3819ee16bbb7bbef1d2bed71e57cffa44d3f106a8f34cb", "Title": "os/exec: Unexpected paths returned from LookPath in os/exec", "Description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/08/06/1", "https://access.redhat.com/errata/RHSA-2025:22005", "https://access.redhat.com/security/cve/CVE-2025-47906", "https://bugzilla.redhat.com/2396546", "https://bugzilla.redhat.com/show_bug.cgi?id=2396546", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906", "https://errata.almalinux.org/9/ALSA-2025-22005.html", "https://errata.rockylinux.org/RLSA-2025:22005", "https://go.dev/cl/691775", "https://go.dev/issue/74466", "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", "https://linux.oracle.com/cve/CVE-2025-47906.html", "https://linux.oracle.com/errata/ELSA-2025-22668.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-47906", "https://pkg.go.dev/vuln/GO-2025-3956", "https://www.cve.org/CVERecord?id=CVE-2025-47906" ], "PublishedDate": "2025-09-18T19:15:37.66Z", "LastModifiedDate": "2026-01-27T19:56:17.707Z" }, { "VulnerabilityID": "CVE-2025-47907", "VendorIDs": [ "GO-2025-3849" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "d50878e2b1eec03c" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.23.12, 1.24.6", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:939136e02a8eafc8b2e14122927da9590b9beb1875642fba172e4040be5d9caf", "Title": "database/sql: Postgres Scan Race Condition", "Description": "Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "V3Score": 7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/08/06/1", "https://access.redhat.com/errata/RHSA-2025:20909", "https://access.redhat.com/security/cve/CVE-2025-47907", "https://bugzilla.redhat.com/2387083", "https://bugzilla.redhat.com/2393152", "https://errata.almalinux.org/9/ALSA-2025-20909.html", "https://go.dev/cl/693735", "https://go.dev/issue/74831", "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", "https://linux.oracle.com/cve/CVE-2025-47907.html", "https://linux.oracle.com/errata/ELSA-2025-20983.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-47907", "https://pkg.go.dev/vuln/GO-2025-3849", "https://www.cve.org/CVERecord?id=CVE-2025-47907" ], "PublishedDate": "2025-08-07T16:15:30.357Z", "LastModifiedDate": "2026-01-29T19:11:50.67Z" }, { "VulnerabilityID": "CVE-2025-47912", "VendorIDs": [ "GO-2025-4010" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "d50878e2b1eec03c" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47912", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b9980f2dcaadbab5ff6dffef56db4613cc0648fa7d648ebd8f7f2138fcfa8d7c", "Title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url", "Description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-47912", "https://go.dev/cl/709857", "https://go.dev/issue/75678", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-47912", "https://pkg.go.dev/vuln/GO-2025-4010", "https://www.cve.org/CVERecord?id=CVE-2025-47912" ], "PublishedDate": "2025-10-29T23:16:18.187Z", "LastModifiedDate": "2026-01-29T13:57:18.69Z" }, { "VulnerabilityID": "CVE-2025-58183", "VendorIDs": [ "GO-2025-4014" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "d50878e2b1eec03c" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58183", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b72f8b5499d583f730d210a7c7f943bc054aa75d905324dfc921836105791e41", "Title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map", "Description": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/errata/RHSA-2026:1381", "https://access.redhat.com/security/cve/CVE-2025-58183", "https://bugzilla.redhat.com/2407258", "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", "https://errata.almalinux.org/9/ALSA-2026-1381.html", "https://errata.rockylinux.org/RLSA-2025:23326", "https://go.dev/cl/709861", "https://go.dev/issue/75677", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://linux.oracle.com/cve/CVE-2025-58183.html", "https://linux.oracle.com/errata/ELSA-2026-50076.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-58183", "https://pkg.go.dev/vuln/GO-2025-4014", "https://www.cve.org/CVERecord?id=CVE-2025-58183" ], "PublishedDate": "2025-10-29T23:16:19.357Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-58185", "VendorIDs": [ "GO-2025-4011" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "d50878e2b1eec03c" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58185", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:666412277f40f9eea36e2fe4ebba27552d90ef4d3ee0c0ad1b7ea3b9f99c44ac", "Title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1", "Description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58185", "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd", "https://go.dev/cl/709856", "https://go.dev/issue/75671", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58185", "https://pkg.go.dev/vuln/GO-2025-4011", "https://www.cve.org/CVERecord?id=CVE-2025-58185" ], "PublishedDate": "2025-10-29T23:16:19.45Z", "LastModifiedDate": "2026-02-06T20:26:41.997Z" }, { "VulnerabilityID": "CVE-2025-58187", "VendorIDs": [ "GO-2025-4007" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "d50878e2b1eec03c" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.24.9, 1.25.3", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58187", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:58fdcd9740b6b5dd930d13366f814a859f11577bb32d9e30f346874146022d38", "Title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509", "Description": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.", "Severity": "MEDIUM", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58187", "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4", "https://go.dev/cl/709854", "https://go.dev/issue/75681", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58187", "https://pkg.go.dev/vuln/GO-2025-4007", "https://www.cve.org/CVERecord?id=CVE-2025-58187" ], "PublishedDate": "2025-10-29T23:16:19.643Z", "LastModifiedDate": "2026-01-29T16:02:27.08Z" }, { "VulnerabilityID": "CVE-2025-58188", "VendorIDs": [ "GO-2025-4013" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "d50878e2b1eec03c" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58188", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:69ef62013f74b1a4d9db03a2ba5981abc7d888fab1d47c6339382b13448c0701", "Title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509", "Description": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58188", "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9", "https://go.dev/cl/709853", "https://go.dev/issue/75675", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58188", "https://pkg.go.dev/vuln/GO-2025-4013", "https://www.cve.org/CVERecord?id=CVE-2025-58188" ], "PublishedDate": "2025-10-29T23:16:19.74Z", "LastModifiedDate": "2026-01-29T15:55:11.97Z" }, { "VulnerabilityID": "CVE-2025-58189", "VendorIDs": [ "GO-2025-4008" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "d50878e2b1eec03c" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58189", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:1e2b601f5efca5d4208d7a279a8e3a79a1e8d36994ddf31c62d41928f9f3c16b", "Title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information", "Description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", "Severity": "MEDIUM", "CweIDs": [ "CWE-532" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58189", "https://go.dev/cl/707776", "https://go.dev/issue/75652", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58189", "https://pkg.go.dev/vuln/GO-2025-4008", "https://www.cve.org/CVERecord?id=CVE-2025-58189" ], "PublishedDate": "2025-10-29T23:16:19.833Z", "LastModifiedDate": "2026-01-29T15:49:24.543Z" }, { "VulnerabilityID": "CVE-2025-61723", "VendorIDs": [ "GO-2025-4009" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "d50878e2b1eec03c" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61723", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:cc09a407862fcd7c0eb4ab15201bac652ac312713de22f4a6ba1626c39ac3cc7", "Title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem", "Description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61723", "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b", "https://go.dev/cl/709858", "https://go.dev/issue/75676", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61723", "https://pkg.go.dev/vuln/GO-2025-4009", "https://www.cve.org/CVERecord?id=CVE-2025-61723" ], "PublishedDate": "2025-10-29T23:16:19.927Z", "LastModifiedDate": "2026-01-29T15:49:05.343Z" }, { "VulnerabilityID": "CVE-2025-61724", "VendorIDs": [ "GO-2025-4015" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "d50878e2b1eec03c" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61724", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:bbaf1b575bb88275362736ba854da89d854113584c86b185df2673e822ff6dba", "Title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto", "Description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61724", "https://go.dev/cl/709859", "https://go.dev/issue/75716", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61724", "https://pkg.go.dev/vuln/GO-2025-4015", "https://www.cve.org/CVERecord?id=CVE-2025-61724" ], "PublishedDate": "2025-10-29T23:16:20.02Z", "LastModifiedDate": "2026-01-29T15:30:53.69Z" }, { "VulnerabilityID": "CVE-2025-61725", "VendorIDs": [ "GO-2025-4006" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "d50878e2b1eec03c" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61725", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:319f867f86ed4c53771a04500db20918ac2ffa5c40187f4158dea2d6590eaf80", "Title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail", "Description": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61725", "https://go.dev/cl/709860", "https://go.dev/issue/75680", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61725", "https://pkg.go.dev/vuln/GO-2025-4006", "https://www.cve.org/CVERecord?id=CVE-2025-61725" ], "PublishedDate": "2025-10-29T23:16:20.113Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-61727", "VendorIDs": [ "GO-2025-4175" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "d50878e2b1eec03c" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.24.11, 1.25.5", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61727", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3e27847b787860b878bc29539d7a225cc1a3f349fffc1613641d3713a97e0730", "Title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs", "Description": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-61727", "https://go.dev/cl/723900", "https://go.dev/issue/76442", "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "https://nvd.nist.gov/vuln/detail/CVE-2025-61727", "https://pkg.go.dev/vuln/GO-2025-4175", "https://www.cve.org/CVERecord?id=CVE-2025-61727" ], "PublishedDate": "2025-12-03T20:16:25.607Z", "LastModifiedDate": "2025-12-18T20:15:10.957Z" }, { "VulnerabilityID": "CVE-2025-61728", "VendorIDs": [ "GO-2026-4342" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "d50878e2b1eec03c" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61728", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:ab12694f823e5cf7c370f44f428cff3c79f391d3bc08dd1ddabb699dbb21a462", "Title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip", "Description": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/15/4", "https://access.redhat.com/errata/RHSA-2026:3753", "https://access.redhat.com/security/cve/CVE-2025-61728", "https://bugzilla.redhat.com/2418462", "https://bugzilla.redhat.com/2434431", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", "https://bugzilla.redhat.com/show_bug.cgi?id=2434431", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-3753.html", "https://errata.rockylinux.org/RLSA-2026:3337", "https://go.dev/cl/736713", "https://go.dev/issue/77102", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-61728.html", "https://linux.oracle.com/errata/ELSA-2026-4672.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61728", "https://pkg.go.dev/vuln/GO-2026-4342", "https://www.cve.org/CVERecord?id=CVE-2025-61728" ], "PublishedDate": "2026-01-28T20:16:09.83Z", "LastModifiedDate": "2026-02-06T18:45:10.42Z" }, { "VulnerabilityID": "CVE-2025-61730", "VendorIDs": [ "GO-2026-4340" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "d50878e2b1eec03c" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61730", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:7e0a41fe4ac50376d020dfe364092a639ad0c0d173497623133b49eb584f0029", "Title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls", "Description": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 2, "azure": 1, "bitnami": 2, "cbl-mariner": 1, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-61730", "https://go.dev/cl/724120", "https://go.dev/issue/76443", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://nvd.nist.gov/vuln/detail/CVE-2025-61730", "https://pkg.go.dev/vuln/GO-2026-4340", "https://www.cve.org/CVERecord?id=CVE-2025-61730" ], "PublishedDate": "2026-01-28T20:16:09.94Z", "LastModifiedDate": "2026-02-03T20:36:41.3Z" }, { "VulnerabilityID": "CVE-2026-27142", "VendorIDs": [ "GO-2026-4603" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "d50878e2b1eec03c" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.25.8, 1.26.1", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27142", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:ced173f1d9b27922fae13e85fb7dd4368b5842416de9449208842173c7780771", "Title": "html/template: URLs in meta content attribute actions are not escaped in html/template", "Description": "Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27142", "https://go.dev/cl/752081", "https://go.dev/issue/77954", "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "https://nvd.nist.gov/vuln/detail/CVE-2026-27142", "https://pkg.go.dev/vuln/GO-2026-4603", "https://www.cve.org/CVERecord?id=CVE-2026-27142" ], "PublishedDate": "2026-03-06T22:16:01.177Z", "LastModifiedDate": "2026-04-21T14:30:01.38Z" }, { "VulnerabilityID": "CVE-2026-32282", "VendorIDs": [ "GO-2026-4864" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "d50878e2b1eec03c" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b34a58d33f470419bfd68eb9aa9ba687659735039cbb014d2bbcbf5588d10102", "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32282", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763761", "https://go.dev/issue/78293", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32282.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", "https://pkg.go.dev/vuln/GO-2026-4864", "https://www.cve.org/CVERecord?id=CVE-2026-32282" ], "PublishedDate": "2026-04-08T02:16:03.467Z", "LastModifiedDate": "2026-04-16T19:15:39.4Z" }, { "VulnerabilityID": "CVE-2026-32288", "VendorIDs": [ "GO-2026-4869" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "d50878e2b1eec03c" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:0eec42a927b7ca036f3653c022f0a86fac684a0dcd2205c331b8d03fbf4f2577", "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "azure": 2, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32288", "https://go.dev/cl/763766", "https://go.dev/issue/78301", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", "https://pkg.go.dev/vuln/GO-2026-4869", "https://www.cve.org/CVERecord?id=CVE-2026-32288" ], "PublishedDate": "2026-04-08T02:16:03.707Z", "LastModifiedDate": "2026-04-16T19:08:52.24Z" }, { "VulnerabilityID": "CVE-2026-32289", "VendorIDs": [ "GO-2026-4865" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "d50878e2b1eec03c" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:0b26551f57bf9d6dba2502bbe0e7e399427bef6c649cf5febb9e8e0cb84652ef", "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32289", "https://go.dev/cl/763762", "https://go.dev/issue/78331", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", "https://pkg.go.dev/vuln/GO-2026-4865", "https://www.cve.org/CVERecord?id=CVE-2026-32289" ], "PublishedDate": "2026-04-08T02:16:03.82Z", "LastModifiedDate": "2026-04-16T19:06:57.367Z" }, { "VulnerabilityID": "CVE-2026-39823", "VendorIDs": [ "GO-2026-4982" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "d50878e2b1eec03c" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3c69f23b30799f71a4e3d797691e2d9c579b30bc1fb47133470171104800f798", "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/769920", "https://go.dev/issue/78913", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", "https://pkg.go.dev/vuln/GO-2026-4982" ], "PublishedDate": "2026-05-07T20:16:43.29Z", "LastModifiedDate": "2026-05-13T16:58:45.697Z" }, { "VulnerabilityID": "CVE-2026-39825", "VendorIDs": [ "GO-2026-4976" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "d50878e2b1eec03c" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:e9f7f7128be0efda429e3c393ab9264967a425cc14aec234545d6be2e31ce7b9", "Title": "ReverseProxy can forward queries containing parameters not visible to ...", "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", "Severity": "MEDIUM", "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://go.dev/cl/770541", "https://go.dev/issue/78948", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", "https://pkg.go.dev/vuln/GO-2026-4976" ], "PublishedDate": "2026-05-07T20:16:43.39Z", "LastModifiedDate": "2026-05-13T16:58:56.39Z" }, { "VulnerabilityID": "CVE-2026-39826", "VendorIDs": [ "GO-2026-4980" ], "PkgID": "stdlib@v1.21.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.9", "UID": "d50878e2b1eec03c" }, "InstalledVersion": "v1.21.9", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:566294b429823a40b102147b6742390ede89f1f30f9dd6c1f742aae4defe4504", "DiffID": "sha256:ded60b3e9b93a703db1dc465c4ce6623fca8d9b8a827f13ad79aed5331588f5d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:6be76a7ae8bb0732a2b3cd82c055721b66841df79ce0df81753a19b2a71b28ed", "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", "Severity": "MEDIUM", "CweIDs": [ "CWE-116" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/771180", "https://go.dev/issue/78981", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", "https://pkg.go.dev/vuln/GO-2026-4980" ], "PublishedDate": "2026-05-07T20:16:43.49Z", "LastModifiedDate": "2026-05-13T16:59:07.48Z" } ] } ] }, { "Namespace": "gitea", "Kind": "Deployment", "Name": "gitea-app", "Metadata": [ { "Size": 171248640, "OS": { "Family": "alpine", "Name": "3.22.3" }, "ImageID": "sha256:476b83ba1f90ded1b192380f9829cd1e8d4f9f598c106a9c4bab227f7b6c514d", "DiffIDs": [ "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987", "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808", "sha256:b7a7b0163293e904ca5e7bd4f54f2781f76caeb9491443f8004f5d97ef7966f8", "sha256:f7c3af9faa206d117caf130dcfc6e6da110a28a3fd6e7c312b129221b4bbe45e", "sha256:74c27b3d18269e3a9d528d266687e466819ce89978ff05df70c6e87a91654f35", "sha256:aa13c4c29cb82195e3b16195db4207ca1deb4ccbf379df709325c8d38a458714", "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f", "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0", "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef" ], "RepoTags": [ "gitea/gitea:1.25-rootless" ], "RepoDigests": [ "gitea/gitea@sha256:be0b89adf2fc8657df508303d919c3be33e6413605882919f702177d62960c9a" ], "Reference": "gitea/gitea:1.25-rootless", "ImageConfig": { "architecture": "amd64", "created": "2026-03-13T02:05:03.204367046Z", "history": [ { "created": "2026-01-28T01:18:40.620234319Z", "created_by": "ADD alpine-minirootfs-3.22.3-x86_64.tar.gz / # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-01-28T01:18:40.620234319Z", "created_by": "CMD [\"/bin/sh\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-03-13T01:50:44.591432219Z", "created_by": "LABEL maintainer=maintainers@gitea.io", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-03-13T01:50:44.591432219Z", "created_by": "EXPOSE [2222/tcp 3000/tcp]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-03-13T01:50:44.591432219Z", "created_by": "RUN /bin/sh -c apk --no-cache add bash ca-certificates dumb-init gettext git curl gnupg openssh-keygen \u0026\u0026 rm -rf /var/cache/apk/* # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-03-13T01:50:45.596842761Z", "created_by": "RUN /bin/sh -c addgroup -S -g 1000 git \u0026\u0026 adduser -S -H -D -h /var/lib/gitea/git -s /bin/bash -u 1000 -G git git # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-03-13T01:50:45.816497055Z", "created_by": "RUN /bin/sh -c mkdir -p /var/lib/gitea /etc/gitea # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-03-13T01:50:46.233554216Z", "created_by": "RUN /bin/sh -c chown git:git /var/lib/gitea /etc/gitea # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-03-13T02:05:03.107243602Z", "created_by": "COPY /tmp/local / # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-03-13T02:05:03.180061895Z", "created_by": "COPY --chown=root:root /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-03-13T02:05:03.197596547Z", "created_by": "COPY --chown=root:root /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-03-13T02:05:03.197596547Z", "created_by": "USER 1000:1000", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-03-13T02:05:03.197596547Z", "created_by": "ENV GITEA_WORK_DIR=/var/lib/gitea", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-03-13T02:05:03.197596547Z", "created_by": "ENV GITEA_CUSTOM=/var/lib/gitea/custom", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-03-13T02:05:03.197596547Z", "created_by": "ENV GITEA_TEMP=/tmp/gitea", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-03-13T02:05:03.197596547Z", "created_by": "ENV TMPDIR=/tmp/gitea", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-03-13T02:05:03.197596547Z", "created_by": "ENV GITEA_APP_INI=/etc/gitea/app.ini", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-03-13T02:05:03.197596547Z", "created_by": "ENV HOME=/var/lib/gitea/git", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-03-13T02:05:03.197596547Z", "created_by": "VOLUME [/var/lib/gitea /etc/gitea]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-03-13T02:05:03.204367046Z", "created_by": "WORKDIR /var/lib/gitea", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-03-13T02:05:03.204367046Z", "created_by": "ENTRYPOINT [\"/usr/bin/dumb-init\" \"--\" \"/usr/local/bin/docker-entrypoint.sh\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-03-13T02:05:03.204367046Z", "created_by": "CMD []", "comment": "buildkit.dockerfile.v0", "empty_layer": true } ], "os": "linux", "rootfs": { "type": "layers", "diff_ids": [ "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987", "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808", "sha256:b7a7b0163293e904ca5e7bd4f54f2781f76caeb9491443f8004f5d97ef7966f8", "sha256:f7c3af9faa206d117caf130dcfc6e6da110a28a3fd6e7c312b129221b4bbe45e", "sha256:74c27b3d18269e3a9d528d266687e466819ce89978ff05df70c6e87a91654f35", "sha256:aa13c4c29cb82195e3b16195db4207ca1deb4ccbf379df709325c8d38a458714", "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f", "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0", "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef" ] }, "config": { "Entrypoint": [ "/usr/bin/dumb-init", "--", "/usr/local/bin/docker-entrypoint.sh" ], "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "GITEA_WORK_DIR=/var/lib/gitea", "GITEA_CUSTOM=/var/lib/gitea/custom", "GITEA_TEMP=/tmp/gitea", "TMPDIR=/tmp/gitea", "GITEA_APP_INI=/etc/gitea/app.ini", "HOME=/var/lib/gitea/git" ], "Labels": { "maintainer": "maintainers@gitea.io", "org.opencontainers.image.created": "2026-03-13T01:50:36.229Z", "org.opencontainers.image.description": "Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD", "org.opencontainers.image.licenses": "MIT", "org.opencontainers.image.revision": "f913d90ab664c1deccdfbe8c563abb13e897d62b", "org.opencontainers.image.source": "https://github.com/go-gitea/gitea", "org.opencontainers.image.title": "gitea", "org.opencontainers.image.url": "https://github.com/go-gitea/gitea", "org.opencontainers.image.version": "1.25.5-rootless" }, "User": "1000:1000", "Volumes": { "/etc/gitea": {}, "/var/lib/gitea": {} }, "WorkingDir": "/var/lib/gitea", "ExposedPorts": { "2222/tcp": {}, "3000/tcp": {} }, "ArgsEscaped": true } }, "Layers": [ { "Size": 8607232, "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" }, { "Size": 35396608, "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, { "Size": 9728, "Digest": "sha256:026cb0df68c6b584098e008de6e94e5122693f511724ffcc6b1e06665f5a49ce", "DiffID": "sha256:b7a7b0163293e904ca5e7bd4f54f2781f76caeb9491443f8004f5d97ef7966f8" }, { "Size": 3584, "Digest": "sha256:17bb4f92cc3a79943bfc0c1eac46331bbbcbf4417d93b445fc7e70b4fc1621ca", "DiffID": "sha256:f7c3af9faa206d117caf130dcfc6e6da110a28a3fd6e7c312b129221b4bbe45e" }, { "Size": 3584, "Digest": "sha256:b4b6cbff235b6e2b885766e99571600723ebdf71d08a1dae6eedf9f5a0e24eb7", "DiffID": "sha256:74c27b3d18269e3a9d528d266687e466819ce89978ff05df70c6e87a91654f35" }, { "Size": 10752, "Digest": "sha256:0b839ac7942e18ba2e486eb7eb68f175a105f5032975152e974e6067480cfee8", "DiffID": "sha256:aa13c4c29cb82195e3b16195db4207ca1deb4ccbf379df709325c8d38a458714" }, { "Size": 114008576, "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, { "Size": 13207552, "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" }, { "Size": 1024, "Digest": "sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1", "DiffID": "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef" } ] } ], "Results": [ { "Target": "gitea/gitea:1.25-rootless (alpine 3.22.3)", "Class": "os-pkgs", "Type": "alpine", "Packages": [ { "ID": "alpine-baselayout@3.7.0-r0", "Name": "alpine-baselayout", "Identifier": { "PURL": "pkg:apk/alpine/alpine-baselayout@3.7.0-r0?arch=x86_64\u0026distro=3.22.3", "UID": "5d7e59cb3cf460c9" }, "Version": "3.7.0-r0", "Arch": "x86_64", "SrcName": "alpine-baselayout", "SrcVersion": "3.7.0-r0", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "alpine-baselayout-data@3.7.0-r0", "busybox-binsh@1.37.0-r20" ], "Layer": { "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" }, "Digest": "sha1:29f99748eea1ffe01f70b34024dc45c46d211f8d", "InstalledFiles": [ "etc/motd", "etc/crontabs/root", "etc/modprobe.d/aliases.conf", "etc/modprobe.d/blacklist.conf", "etc/modprobe.d/i386.conf", "etc/profile.d/20locale.sh", "etc/profile.d/README", "etc/profile.d/color_prompt.sh.disabled", "usr/lib/sysctl.d/00-alpine.conf", "var/lock", "var/run", "var/spool/mail", "var/spool/cron/crontabs" ], "AnalyzedBy": "apk" }, { "ID": "alpine-baselayout-data@3.7.0-r0", "Name": "alpine-baselayout-data", "Identifier": { "PURL": "pkg:apk/alpine/alpine-baselayout-data@3.7.0-r0?arch=x86_64\u0026distro=3.22.3", "UID": "ab78613e89e34197" }, "Version": "3.7.0-r0", "Arch": "x86_64", "SrcName": "alpine-baselayout", "SrcVersion": "3.7.0-r0", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" }, "Digest": "sha1:73f5ef65f8333a1784102df973c076d5a7d5b5fe", "InstalledFiles": [ "etc/fstab", "etc/group", "etc/hostname", "etc/hosts", "etc/inittab", "etc/modules", "etc/mtab", "etc/nsswitch.conf", "etc/passwd", "etc/profile", "etc/protocols", "etc/services", "etc/shadow", "etc/shells", "etc/sysctl.conf" ], "AnalyzedBy": "apk" }, { "ID": "alpine-keys@2.5-r0", "Name": "alpine-keys", "Identifier": { "PURL": "pkg:apk/alpine/alpine-keys@2.5-r0?arch=x86_64\u0026distro=3.22.3", "UID": "82fba6933d3c7e01" }, "Version": "2.5-r0", "Arch": "x86_64", "SrcName": "alpine-keys", "SrcVersion": "2.5-r0", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" }, "Digest": "sha1:b175e48144ebad03d6ba11d45b25aafc2de310c1", "InstalledFiles": [ "etc/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-66ba20fe.rsa.pub", "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", "usr/share/apk/keys/loongarch64/alpine-devel@lists.alpinelinux.org-66ba20fe.rsa.pub", "usr/share/apk/keys/mips64/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub" ], "AnalyzedBy": "apk" }, { "ID": "alpine-release@3.22.3-r0", "Name": "alpine-release", "Identifier": { "PURL": "pkg:apk/alpine/alpine-release@3.22.3-r0?arch=x86_64\u0026distro=3.22.3", "UID": "558236c4b75545a0" }, "Version": "3.22.3-r0", "Arch": "x86_64", "SrcName": "alpine-base", "SrcVersion": "3.22.3-r0", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "alpine-keys@2.5-r0" ], "Layer": { "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" }, "Digest": "sha1:4e3e3b4ce2653fc796f9608418f31687e6296a7b", "InstalledFiles": [ "etc/alpine-release", "etc/issue", "etc/os-release", "etc/secfixes.d/alpine", "usr/lib/os-release" ], "AnalyzedBy": "apk" }, { "ID": "apk-tools@2.14.9-r3", "Name": "apk-tools", "Identifier": { "PURL": "pkg:apk/alpine/apk-tools@2.14.9-r3?arch=x86_64\u0026distro=3.22.3", "UID": "8806c59682a9c33b" }, "Version": "2.14.9-r3", "Arch": "x86_64", "SrcName": "apk-tools", "SrcVersion": "2.14.9-r3", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "ca-certificates-bundle@20250911-r0", "libapk2@2.14.9-r3", "libcrypto3@3.5.5-r0", "musl@1.2.5-r10", "zlib@1.3.1-r2" ], "Layer": { "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" }, "Digest": "sha1:992f5e39b0d45f326c9ed2e9b1fe737809c23ed9", "InstalledFiles": [ "sbin/apk" ], "AnalyzedBy": "apk" }, { "ID": "bash@5.2.37-r0", "Name": "bash", "Identifier": { "PURL": "pkg:apk/alpine/bash@5.2.37-r0?arch=x86_64\u0026distro=3.22.3", "UID": "e34f62a2b52d4560" }, "Version": "5.2.37-r0", "Arch": "x86_64", "SrcName": "bash", "SrcVersion": "5.2.37-r0", "Licenses": [ "GPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "busybox-binsh@1.37.0-r20", "musl@1.2.5-r10", "readline@8.2.13-r1" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:e2e7691628b43701a0fe7228b8d986a7aeb58aa9", "InstalledFiles": [ "bin/bash", "etc/bash/bashrc", "etc/profile.d/00-bashrc.sh", "usr/lib/bash/accept", "usr/lib/bash/basename", "usr/lib/bash/csv", "usr/lib/bash/cut", "usr/lib/bash/dirname", "usr/lib/bash/dsv", "usr/lib/bash/fdflags", "usr/lib/bash/finfo", "usr/lib/bash/getconf", "usr/lib/bash/head", "usr/lib/bash/id", "usr/lib/bash/ln", "usr/lib/bash/logname", "usr/lib/bash/mkdir", "usr/lib/bash/mkfifo", "usr/lib/bash/mktemp", "usr/lib/bash/mypid", "usr/lib/bash/pathchk", "usr/lib/bash/print", "usr/lib/bash/printenv", "usr/lib/bash/push", "usr/lib/bash/realpath", "usr/lib/bash/rm", "usr/lib/bash/rmdir", "usr/lib/bash/seq", "usr/lib/bash/setpgid", "usr/lib/bash/sleep", "usr/lib/bash/stat", "usr/lib/bash/strftime", "usr/lib/bash/sync", "usr/lib/bash/tee", "usr/lib/bash/truefalse", "usr/lib/bash/tty", "usr/lib/bash/uname", "usr/lib/bash/unlink", "usr/lib/bash/whoami" ], "AnalyzedBy": "apk" }, { "ID": "brotli-libs@1.1.0-r2", "Name": "brotli-libs", "Identifier": { "PURL": "pkg:apk/alpine/brotli-libs@1.1.0-r2?arch=x86_64\u0026distro=3.22.3", "UID": "da69ac3787a8a478" }, "Version": "1.1.0-r2", "Arch": "x86_64", "SrcName": "brotli", "SrcVersion": "1.1.0-r2", "Licenses": [ "MIT" ], "Maintainer": "prspkt \u003cprspkt@protonmail.com\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:889fa02c5f7cdd90283ce2b68959e9c44e5dfbf2", "InstalledFiles": [ "usr/lib/libbrotlicommon.so.1", "usr/lib/libbrotlicommon.so.1.1.0", "usr/lib/libbrotlidec.so.1", "usr/lib/libbrotlidec.so.1.1.0", "usr/lib/libbrotlienc.so.1", "usr/lib/libbrotlienc.so.1.1.0" ], "AnalyzedBy": "apk" }, { "ID": "busybox@1.37.0-r20", "Name": "busybox", "Identifier": { "PURL": "pkg:apk/alpine/busybox@1.37.0-r20?arch=x86_64\u0026distro=3.22.3", "UID": "329f63ee83a55d44" }, "Version": "1.37.0-r20", "Arch": "x86_64", "SrcName": "busybox", "SrcVersion": "1.37.0-r20", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" }, "Digest": "sha1:3e9d75288280b3c492e91f30e126c2400d1701b3", "InstalledFiles": [ "bin/busybox", "etc/securetty", "etc/busybox-paths.d/busybox", "etc/logrotate.d/acpid", "etc/network/if-up.d/dad", "etc/udhcpc/udhcpc.conf", "usr/share/udhcpc/default.script" ], "AnalyzedBy": "apk" }, { "ID": "busybox-binsh@1.37.0-r20", "Name": "busybox-binsh", "Identifier": { "PURL": "pkg:apk/alpine/busybox-binsh@1.37.0-r20?arch=x86_64\u0026distro=3.22.3", "UID": "82cca645a20a4c54" }, "Version": "1.37.0-r20", "Arch": "x86_64", "SrcName": "busybox", "SrcVersion": "1.37.0-r20", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", "DependsOn": [ "busybox@1.37.0-r20" ], "Layer": { "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" }, "Digest": "sha1:acd495b3054831a7a33137aa5a2ba6193a08a2d2", "InstalledFiles": [ "bin/sh" ], "AnalyzedBy": "apk" }, { "ID": "c-ares@1.34.6-r0", "Name": "c-ares", "Identifier": { "PURL": "pkg:apk/alpine/c-ares@1.34.6-r0?arch=x86_64\u0026distro=3.22.3", "UID": "ddba0e5c7c762900" }, "Version": "1.34.6-r0", "Arch": "x86_64", "SrcName": "c-ares", "SrcVersion": "1.34.6-r0", "Licenses": [ "MIT" ], "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:157fc2522aff3f3f0faa2cb3d16ac9aff8b8ed9a", "InstalledFiles": [ "usr/lib/libcares.so.2", "usr/lib/libcares.so.2.19.5" ], "AnalyzedBy": "apk" }, { "ID": "ca-certificates@20250911-r0", "Name": "ca-certificates", "Identifier": { "PURL": "pkg:apk/alpine/ca-certificates@20250911-r0?arch=x86_64\u0026distro=3.22.3", "UID": "ad809ce3b6df4e46" }, "Version": "20250911-r0", "Arch": "x86_64", "SrcName": "ca-certificates", "SrcVersion": "20250911-r0", "Licenses": [ "MPL-2.0", "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "busybox-binsh@1.37.0-r20", "libcrypto3@3.5.5-r0", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:04905c8ed0de23926e7f151791fb17503e6ebf16", "InstalledFiles": [ "etc/ca-certificates.conf", "etc/apk/protected_paths.d/ca-certificates.list", "etc/ca-certificates/update.d/certhash", "usr/bin/c_rehash", "usr/sbin/update-ca-certificates", "usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt", "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt", "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt", "usr/share/ca-certificates/mozilla/ANF_Secure_Server_Root_CA.crt", "usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt", "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt", "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.crt", "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.crt", "usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt", "usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA1.crt", "usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA2.crt", "usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt", "usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt", "usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt", "usr/share/ca-certificates/mozilla/CFCA_EV_ROOT.crt", "usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Certainly_Root_E1.crt", "usr/share/ca-certificates/mozilla/Certainly_Root_R1.crt", "usr/share/ca-certificates/mozilla/Certigna.crt", "usr/share/ca-certificates/mozilla/Certigna_Root_CA.crt", "usr/share/ca-certificates/mozilla/Certum_EC-384_CA.crt", "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt", "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt", "usr/share/ca-certificates/mozilla/Certum_Trusted_Root_CA.crt", "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-01.crt", "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-02.crt", "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-01.crt", "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-02.crt", "usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_1_2020.crt", "usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_2_2023.crt", "usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_1_2020.crt", "usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_2_2023.crt", "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt", "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt", "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt", "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt", "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt", "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt", "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt", "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt", "usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt", "usr/share/ca-certificates/mozilla/DigiCert_TLS_ECC_P384_Root_G5.crt", "usr/share/ca-certificates/mozilla/DigiCert_TLS_RSA4096_Root_G5.crt", "usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt", "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt", "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/FIRMAPROFESIONAL_CA_ROOT-A_WEB.crt", "usr/share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt", "usr/share/ca-certificates/mozilla/GLOBALTRUST_2020.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R1.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R2.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R3.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R4.crt", "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt", "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_E46.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_R46.crt", "usr/share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/HARICA_TLS_ECC_Root_CA_2021.crt", "usr/share/ca-certificates/mozilla/HARICA_TLS_RSA_Root_CA_2021.crt", "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt", "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt", "usr/share/ca-certificates/mozilla/HiPKI_Root_CA_-_G1.crt", "usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt", "usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt", "usr/share/ca-certificates/mozilla/ISRG_Root_X2.crt", "usr/share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt", "usr/share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt", "usr/share/ca-certificates/mozilla/Izenpe.com.crt", "usr/share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt", "usr/share/ca-certificates/mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt", "usr/share/ca-certificates/mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt", "usr/share/ca-certificates/mozilla/NAVER_Global_Root_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt", "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt", "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt", "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt", "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt", "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt", "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt", "usr/share/ca-certificates/mozilla/SSL.com_TLS_ECC_Root_CA_2022.crt", "usr/share/ca-certificates/mozilla/SSL.com_TLS_RSA_Root_CA_2022.crt", "usr/share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt", "usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_E46.crt", "usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_R46.crt", "usr/share/ca-certificates/mozilla/SecureSign_Root_CA12.crt", "usr/share/ca-certificates/mozilla/SecureSign_Root_CA14.crt", "usr/share/ca-certificates/mozilla/SecureSign_Root_CA15.crt", "usr/share/ca-certificates/mozilla/SecureTrust_CA.crt", "usr/share/ca-certificates/mozilla/Secure_Global_CA.crt", "usr/share/ca-certificates/mozilla/Security_Communication_ECC_RootCA1.crt", "usr/share/ca-certificates/mozilla/Security_Communication_RootCA2.crt", "usr/share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt", "usr/share/ca-certificates/mozilla/SwissSign_RSA_TLS_Root_CA_2022_-_1.crt", "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt", "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt", "usr/share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt", "usr/share/ca-certificates/mozilla/TWCA_CYBER_Root_CA.crt", "usr/share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt", "usr/share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Telekom_Security_TLS_ECC_Root_2020.crt", "usr/share/ca-certificates/mozilla/Telekom_Security_TLS_RSA_Root_2023.crt", "usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt", "usr/share/ca-certificates/mozilla/Telia_Root_CA_v2.crt", "usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G3.crt", "usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G4.crt", "usr/share/ca-certificates/mozilla/TrustAsia_TLS_ECC_Root_CA.crt", "usr/share/ca-certificates/mozilla/TrustAsia_TLS_RSA_Root_CA.crt", "usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/TunTrust_Root_CA.crt", "usr/share/ca-certificates/mozilla/UCA_Extended_Validation_Root.crt", "usr/share/ca-certificates/mozilla/UCA_Global_G2_Root.crt", "usr/share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt", "usr/share/ca-certificates/mozilla/certSIGN_Root_CA_G2.crt", "usr/share/ca-certificates/mozilla/e-Szigno_Root_CA_2017.crt", "usr/share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_C3.crt", "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_G3.crt", "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_C1.crt", "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_G1.crt", "usr/share/ca-certificates/mozilla/vTrus_ECC_Root_CA.crt", "usr/share/ca-certificates/mozilla/vTrus_Root_CA.crt" ], "AnalyzedBy": "apk" }, { "ID": "ca-certificates-bundle@20250911-r0", "Name": "ca-certificates-bundle", "Identifier": { "PURL": "pkg:apk/alpine/ca-certificates-bundle@20250911-r0?arch=x86_64\u0026distro=3.22.3", "UID": "a0566429a9621a8b" }, "Version": "20250911-r0", "Arch": "x86_64", "SrcName": "ca-certificates", "SrcVersion": "20250911-r0", "Licenses": [ "MPL-2.0", "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" }, "Digest": "sha1:8c7ee968419fcd92d5342cde0c5540a695a4ac2d", "InstalledFiles": [ "etc/ssl/cert.pem", "etc/ssl/certs/ca-certificates.crt", "etc/ssl1.1/cert.pem", "etc/ssl1.1/certs" ], "AnalyzedBy": "apk" }, { "ID": "curl@8.14.1-r2", "Name": "curl", "Identifier": { "PURL": "pkg:apk/alpine/curl@8.14.1-r2?arch=x86_64\u0026distro=3.22.3", "UID": "9401601091acd8a8" }, "Version": "8.14.1-r2", "Arch": "x86_64", "SrcName": "curl", "SrcVersion": "8.14.1-r2", "Licenses": [ "curl" ], "Maintainer": "fossdd \u003cfossdd@pwned.life\u003e", "DependsOn": [ "libcurl@8.14.1-r2", "musl@1.2.5-r10", "zlib@1.3.1-r2" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:e34713fe1adcd194fb3982f97d1d194a413759d4", "InstalledFiles": [ "usr/bin/curl", "usr/bin/wcurl" ], "AnalyzedBy": "apk" }, { "ID": "dumb-init@1.2.5-r3", "Name": "dumb-init", "Identifier": { "PURL": "pkg:apk/alpine/dumb-init@1.2.5-r3?arch=x86_64\u0026distro=3.22.3", "UID": "fe96bfb9df359b25" }, "Version": "1.2.5-r3", "Arch": "x86_64", "SrcName": "dumb-init", "SrcVersion": "1.2.5-r3", "Licenses": [ "MIT" ], "Maintainer": "Celeste \u003ccielesti@protonmail.com\u003e", "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:2be141d88c68977d1e379cb1400f29022610037f", "InstalledFiles": [ "usr/bin/dumb-init" ], "AnalyzedBy": "apk" }, { "ID": "gdbm@1.24-r0", "Name": "gdbm", "Identifier": { "PURL": "pkg:apk/alpine/gdbm@1.24-r0?arch=x86_64\u0026distro=3.22.3", "UID": "52df25146f8073db" }, "Version": "1.24-r0", "Arch": "x86_64", "SrcName": "gdbm", "SrcVersion": "1.24-r0", "Licenses": [ "GPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:248e0fcce23357408afa5b82137e97b781ecb790", "InstalledFiles": [ "usr/lib/libgdbm.so.6", "usr/lib/libgdbm.so.6.0.0", "usr/lib/libgdbm_compat.so.4", "usr/lib/libgdbm_compat.so.4.0.0" ], "AnalyzedBy": "apk" }, { "ID": "gettext@0.24.1-r0", "Name": "gettext", "Identifier": { "PURL": "pkg:apk/alpine/gettext@0.24.1-r0?arch=x86_64\u0026distro=3.22.3", "UID": "8a47e1d84a52437c" }, "Version": "0.24.1-r0", "Arch": "x86_64", "SrcName": "gettext", "SrcVersion": "0.24.1-r0", "Licenses": [ "GPL-3.0-or-later", "LGPL-2.1-or-later", "MIT" ], "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", "DependsOn": [ "gettext-envsubst@0.24.1-r0", "gettext-libs@0.24.1-r0", "libgomp@14.2.0-r6", "libintl@0.24.1-r0", "libunistring@1.3-r0", "libxml2@2.13.9-r0", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:a77a397b7571adccdae71a87d817e60f504b7af8", "InstalledFiles": [ "usr/bin/autopoint", "usr/bin/gettext", "usr/bin/gettext.sh", "usr/bin/gettextize", "usr/bin/msgattrib", "usr/bin/msgcat", "usr/bin/msgcmp", "usr/bin/msgcomm", "usr/bin/msgconv", "usr/bin/msgen", "usr/bin/msgexec", "usr/bin/msgfilter", "usr/bin/msgfmt", "usr/bin/msggrep", "usr/bin/msginit", "usr/bin/msgmerge", "usr/bin/msgunfmt", "usr/bin/msguniq", "usr/bin/ngettext", "usr/bin/recode-sr-latin", "usr/bin/xgettext", "usr/lib/libgettextlib-0.24.1.so", "usr/lib/libgettextsrc-0.24.1.so", "usr/libexec/gettext/cldr-plurals", "usr/libexec/gettext/hostname", "usr/libexec/gettext/project-id", "usr/libexec/gettext/urlget", "usr/libexec/gettext/user-email", "usr/share/gettext-0.24.1/its/docbook.loc", "usr/share/gettext-0.24.1/its/docbook4.its", "usr/share/gettext-0.24.1/its/docbook5.its", "usr/share/gettext-0.24.1/its/glade.loc", "usr/share/gettext-0.24.1/its/glade1.its", "usr/share/gettext-0.24.1/its/glade2.its", "usr/share/gettext-0.24.1/its/gsettings.its", "usr/share/gettext-0.24.1/its/gsettings.loc", "usr/share/gettext-0.24.1/its/gtkbuilder.its", "usr/share/gettext-0.24.1/its/metainfo.its", "usr/share/gettext-0.24.1/its/metainfo.loc" ], "AnalyzedBy": "apk" }, { "ID": "gettext-envsubst@0.24.1-r0", "Name": "gettext-envsubst", "Identifier": { "PURL": "pkg:apk/alpine/gettext-envsubst@0.24.1-r0?arch=x86_64\u0026distro=3.22.3", "UID": "b352b94f7858e5f0" }, "Version": "0.24.1-r0", "Arch": "x86_64", "SrcName": "gettext", "SrcVersion": "0.24.1-r0", "Licenses": [ "GPL-3.0-or-later", "LGPL-2.1-or-later", "MIT" ], "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", "DependsOn": [ "libintl@0.24.1-r0", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:8e48d4e81518696607a4fae33aae16ea1a0e8c1b", "InstalledFiles": [ "usr/bin/envsubst" ], "AnalyzedBy": "apk" }, { "ID": "gettext-libs@0.24.1-r0", "Name": "gettext-libs", "Identifier": { "PURL": "pkg:apk/alpine/gettext-libs@0.24.1-r0?arch=x86_64\u0026distro=3.22.3", "UID": "95c6d45fb0f8725f" }, "Version": "0.24.1-r0", "Arch": "x86_64", "SrcName": "gettext", "SrcVersion": "0.24.1-r0", "Licenses": [ "GPL-3.0-or-later", "LGPL-2.1-or-later", "MIT" ], "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", "DependsOn": [ "libintl@0.24.1-r0", "libncursesw@6.5_p20250503-r0", "libunistring@1.3-r0", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:c4922cab28004729190f90c85d0ad943e8b3bea6", "InstalledFiles": [ "usr/lib/libgettextpo.so.0", "usr/lib/libgettextpo.so.0.5.13", "usr/lib/libtextstyle.so.0", "usr/lib/libtextstyle.so.0.2.4" ], "AnalyzedBy": "apk" }, { "ID": "git@2.49.1-r0", "Name": "git", "Identifier": { "PURL": "pkg:apk/alpine/git@2.49.1-r0?arch=x86_64\u0026distro=3.22.3", "UID": "67deb3b770d1970b" }, "Version": "2.49.1-r0", "Arch": "x86_64", "SrcName": "git", "SrcVersion": "2.49.1-r0", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libcurl@8.14.1-r2", "libexpat@2.7.4-r0", "musl@1.2.5-r10", "pcre2@10.46-r0", "zlib@1.3.1-r2" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:e00bb845ffcc73292eb04812da536feb5252a0b2", "InstalledFiles": [ "usr/bin/git", "usr/bin/git-receive-pack", "usr/bin/git-shell", "usr/bin/git-upload-archive", "usr/bin/git-upload-pack", "usr/libexec/git-core/git", "usr/libexec/git-core/git-add", "usr/libexec/git-core/git-am", "usr/libexec/git-core/git-annotate", "usr/libexec/git-core/git-apply", "usr/libexec/git-core/git-archive", "usr/libexec/git-core/git-backfill", "usr/libexec/git-core/git-bisect", "usr/libexec/git-core/git-blame", "usr/libexec/git-core/git-branch", "usr/libexec/git-core/git-bugreport", "usr/libexec/git-core/git-bundle", "usr/libexec/git-core/git-cat-file", "usr/libexec/git-core/git-check-attr", "usr/libexec/git-core/git-check-ignore", "usr/libexec/git-core/git-check-mailmap", "usr/libexec/git-core/git-check-ref-format", "usr/libexec/git-core/git-checkout", "usr/libexec/git-core/git-checkout--worker", "usr/libexec/git-core/git-checkout-index", "usr/libexec/git-core/git-cherry", "usr/libexec/git-core/git-cherry-pick", "usr/libexec/git-core/git-clean", "usr/libexec/git-core/git-clone", "usr/libexec/git-core/git-column", "usr/libexec/git-core/git-commit", "usr/libexec/git-core/git-commit-graph", "usr/libexec/git-core/git-commit-tree", "usr/libexec/git-core/git-config", "usr/libexec/git-core/git-count-objects", "usr/libexec/git-core/git-credential", "usr/libexec/git-core/git-credential-cache", "usr/libexec/git-core/git-credential-cache--daemon", "usr/libexec/git-core/git-credential-store", "usr/libexec/git-core/git-describe", "usr/libexec/git-core/git-diagnose", "usr/libexec/git-core/git-diff", "usr/libexec/git-core/git-diff-files", "usr/libexec/git-core/git-diff-index", "usr/libexec/git-core/git-diff-tree", "usr/libexec/git-core/git-difftool", "usr/libexec/git-core/git-difftool--helper", "usr/libexec/git-core/git-fast-export", "usr/libexec/git-core/git-fetch", "usr/libexec/git-core/git-fetch-pack", "usr/libexec/git-core/git-filter-branch", "usr/libexec/git-core/git-fmt-merge-msg", "usr/libexec/git-core/git-for-each-ref", "usr/libexec/git-core/git-for-each-repo", "usr/libexec/git-core/git-format-patch", "usr/libexec/git-core/git-fsck", "usr/libexec/git-core/git-fsck-objects", "usr/libexec/git-core/git-fsmonitor--daemon", "usr/libexec/git-core/git-gc", "usr/libexec/git-core/git-get-tar-commit-id", "usr/libexec/git-core/git-grep", "usr/libexec/git-core/git-hash-object", "usr/libexec/git-core/git-help", "usr/libexec/git-core/git-hook", "usr/libexec/git-core/git-http-fetch", "usr/libexec/git-core/git-http-push", "usr/libexec/git-core/git-index-pack", "usr/libexec/git-core/git-init", "usr/libexec/git-core/git-init-db", "usr/libexec/git-core/git-interpret-trailers", "usr/libexec/git-core/git-log", "usr/libexec/git-core/git-ls-files", "usr/libexec/git-core/git-ls-remote", "usr/libexec/git-core/git-ls-tree", "usr/libexec/git-core/git-mailinfo", "usr/libexec/git-core/git-mailsplit", "usr/libexec/git-core/git-maintenance", "usr/libexec/git-core/git-merge", "usr/libexec/git-core/git-merge-base", "usr/libexec/git-core/git-merge-file", "usr/libexec/git-core/git-merge-index", "usr/libexec/git-core/git-merge-octopus", "usr/libexec/git-core/git-merge-one-file", "usr/libexec/git-core/git-merge-ours", "usr/libexec/git-core/git-merge-recursive", "usr/libexec/git-core/git-merge-resolve", "usr/libexec/git-core/git-merge-subtree", "usr/libexec/git-core/git-merge-tree", "usr/libexec/git-core/git-mergetool", "usr/libexec/git-core/git-mergetool--lib", "usr/libexec/git-core/git-mktag", "usr/libexec/git-core/git-mktree", "usr/libexec/git-core/git-multi-pack-index", "usr/libexec/git-core/git-mv", "usr/libexec/git-core/git-name-rev", "usr/libexec/git-core/git-notes", "usr/libexec/git-core/git-pack-objects", "usr/libexec/git-core/git-pack-redundant", "usr/libexec/git-core/git-pack-refs", "usr/libexec/git-core/git-patch-id", "usr/libexec/git-core/git-prune", "usr/libexec/git-core/git-prune-packed", "usr/libexec/git-core/git-pull", "usr/libexec/git-core/git-push", "usr/libexec/git-core/git-quiltimport", "usr/libexec/git-core/git-range-diff", "usr/libexec/git-core/git-read-tree", "usr/libexec/git-core/git-rebase", "usr/libexec/git-core/git-receive-pack", "usr/libexec/git-core/git-reflog", "usr/libexec/git-core/git-refs", "usr/libexec/git-core/git-remote", "usr/libexec/git-core/git-remote-ext", "usr/libexec/git-core/git-remote-fd", "usr/libexec/git-core/git-remote-ftp", "usr/libexec/git-core/git-remote-ftps", "usr/libexec/git-core/git-remote-http", "usr/libexec/git-core/git-remote-https", "usr/libexec/git-core/git-repack", "usr/libexec/git-core/git-replace", "usr/libexec/git-core/git-replay", "usr/libexec/git-core/git-request-pull", "usr/libexec/git-core/git-rerere", "usr/libexec/git-core/git-reset", "usr/libexec/git-core/git-restore", "usr/libexec/git-core/git-rev-list", "usr/libexec/git-core/git-rev-parse", "usr/libexec/git-core/git-revert", "usr/libexec/git-core/git-rm", "usr/libexec/git-core/git-send-pack", "usr/libexec/git-core/git-sh-i18n", "usr/libexec/git-core/git-sh-i18n--envsubst", "usr/libexec/git-core/git-sh-setup", "usr/libexec/git-core/git-shortlog", "usr/libexec/git-core/git-show", "usr/libexec/git-core/git-show-branch", "usr/libexec/git-core/git-show-index", "usr/libexec/git-core/git-show-ref", "usr/libexec/git-core/git-sparse-checkout", "usr/libexec/git-core/git-stage", "usr/libexec/git-core/git-stash", "usr/libexec/git-core/git-status", "usr/libexec/git-core/git-stripspace", "usr/libexec/git-core/git-submodule", "usr/libexec/git-core/git-submodule--helper", "usr/libexec/git-core/git-switch", "usr/libexec/git-core/git-symbolic-ref", "usr/libexec/git-core/git-tag", "usr/libexec/git-core/git-unpack-file", "usr/libexec/git-core/git-unpack-objects", "usr/libexec/git-core/git-update-index", "usr/libexec/git-core/git-update-ref", "usr/libexec/git-core/git-update-server-info", "usr/libexec/git-core/git-upload-archive", "usr/libexec/git-core/git-upload-pack", "usr/libexec/git-core/git-var", "usr/libexec/git-core/git-verify-commit", "usr/libexec/git-core/git-verify-pack", "usr/libexec/git-core/git-verify-tag", "usr/libexec/git-core/git-version", "usr/libexec/git-core/git-web--browse", "usr/libexec/git-core/git-whatchanged", "usr/libexec/git-core/git-worktree", "usr/libexec/git-core/git-write-tree", "usr/libexec/git-core/mergetools/araxis", "usr/libexec/git-core/mergetools/bc", "usr/libexec/git-core/mergetools/codecompare", "usr/libexec/git-core/mergetools/deltawalker", "usr/libexec/git-core/mergetools/diffmerge", "usr/libexec/git-core/mergetools/diffuse", "usr/libexec/git-core/mergetools/ecmerge", "usr/libexec/git-core/mergetools/emerge", "usr/libexec/git-core/mergetools/examdiff", "usr/libexec/git-core/mergetools/guiffy", "usr/libexec/git-core/mergetools/gvimdiff", "usr/libexec/git-core/mergetools/kdiff3", "usr/libexec/git-core/mergetools/kompare", "usr/libexec/git-core/mergetools/meld", "usr/libexec/git-core/mergetools/nvimdiff", "usr/libexec/git-core/mergetools/opendiff", "usr/libexec/git-core/mergetools/smerge", "usr/libexec/git-core/mergetools/tkdiff", "usr/libexec/git-core/mergetools/tortoisemerge", "usr/libexec/git-core/mergetools/vimdiff", "usr/libexec/git-core/mergetools/vscode", "usr/libexec/git-core/mergetools/winmerge", "usr/libexec/git-core/mergetools/xxdiff" ], "AnalyzedBy": "apk" }, { "ID": "git-init-template@2.49.1-r0", "Name": "git-init-template", "Identifier": { "PURL": "pkg:apk/alpine/git-init-template@2.49.1-r0?arch=x86_64\u0026distro=3.22.3", "UID": "d472fd7a80f6fd7e" }, "Version": "2.49.1-r0", "Arch": "x86_64", "SrcName": "git", "SrcVersion": "2.49.1-r0", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:fb088b46ca75b28e1cfd815182b41fc5d82ea3cc", "InstalledFiles": [ "usr/share/git-core/templates/description", "usr/share/git-core/templates/hooks/applypatch-msg.sample", "usr/share/git-core/templates/hooks/commit-msg.sample", "usr/share/git-core/templates/hooks/post-update.sample", "usr/share/git-core/templates/hooks/pre-applypatch.sample", "usr/share/git-core/templates/hooks/pre-commit.sample", "usr/share/git-core/templates/hooks/pre-merge-commit.sample", "usr/share/git-core/templates/hooks/pre-push.sample", "usr/share/git-core/templates/hooks/pre-rebase.sample", "usr/share/git-core/templates/hooks/pre-receive.sample", "usr/share/git-core/templates/hooks/prepare-commit-msg.sample", "usr/share/git-core/templates/hooks/push-to-checkout.sample", "usr/share/git-core/templates/hooks/sendemail-validate.sample", "usr/share/git-core/templates/hooks/update.sample", "usr/share/git-core/templates/info/exclude" ], "AnalyzedBy": "apk" }, { "ID": "gmp@6.3.0-r3", "Name": "gmp", "Identifier": { "PURL": "pkg:apk/alpine/gmp@6.3.0-r3?arch=x86_64\u0026distro=3.22.3", "UID": "c7fc9df6028d68fb" }, "Version": "6.3.0-r3", "Arch": "x86_64", "SrcName": "gmp", "SrcVersion": "6.3.0-r3", "Licenses": [ "LGPL-3.0-or-later", "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:85d27e1f746bd18a063e35cdc54446521aa0c0d9", "InstalledFiles": [ "usr/lib/libgmp.so.10", "usr/lib/libgmp.so.10.5.0" ], "AnalyzedBy": "apk" }, { "ID": "gnupg@2.4.9-r0", "Name": "gnupg", "Identifier": { "PURL": "pkg:apk/alpine/gnupg@2.4.9-r0?arch=x86_64\u0026distro=3.22.3", "UID": "d367a557b4a3bc97" }, "Version": "2.4.9-r0", "Arch": "x86_64", "SrcName": "gnupg", "SrcVersion": "2.4.9-r0", "Licenses": [ "GPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "gnupg-dirmngr@2.4.9-r0", "gnupg-utils@2.4.9-r0", "gnupg-wks-client@2.4.9-r0", "gpg-agent@2.4.9-r0", "gpg-wks-server@2.4.9-r0", "gpg@2.4.9-r0", "gpgsm@2.4.9-r0", "gpgv@2.4.9-r0" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:955c97b34e112cabe7983d67a2253bc81c69fa87", "AnalyzedBy": "apk" }, { "ID": "gnupg-dirmngr@2.4.9-r0", "Name": "gnupg-dirmngr", "Identifier": { "PURL": "pkg:apk/alpine/gnupg-dirmngr@2.4.9-r0?arch=x86_64\u0026distro=3.22.3", "UID": "625f0b6eac94c1c5" }, "Version": "2.4.9-r0", "Arch": "x86_64", "SrcName": "gnupg", "SrcVersion": "2.4.9-r0", "Licenses": [ "GPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "gnupg-gpgconf@2.4.9-r0", "gnutls@3.8.12-r0", "libassuan@2.5.7-r0", "libgcrypt@1.10.3-r1", "libgpg-error@1.55-r0", "libksba@1.6.7-r0", "libldap@2.6.8-r0", "musl@1.2.5-r10", "npth@1.8-r0" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:a9c3a340e84ad28a905043e43e3468ef8e948cce", "InstalledFiles": [ "usr/bin/dirmngr", "usr/bin/dirmngr-client", "usr/libexec/dirmngr_ldap", "usr/share/gnupg/sks-keyservers.netCA.pem" ], "AnalyzedBy": "apk" }, { "ID": "gnupg-gpgconf@2.4.9-r0", "Name": "gnupg-gpgconf", "Identifier": { "PURL": "pkg:apk/alpine/gnupg-gpgconf@2.4.9-r0?arch=x86_64\u0026distro=3.22.3", "UID": "6e9b3778956025e6" }, "Version": "2.4.9-r0", "Arch": "x86_64", "SrcName": "gnupg", "SrcVersion": "2.4.9-r0", "Licenses": [ "GPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libassuan@2.5.7-r0", "libgcrypt@1.10.3-r1", "libgpg-error@1.55-r0", "musl@1.2.5-r10", "pinentry@1.3.1-r0" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:42477a7332cfab68681745f70b9ef8d1820db9a4", "InstalledFiles": [ "usr/bin/gpg-connect-agent", "usr/bin/gpgconf", "usr/share/gnupg/distsigkey.gpg" ], "AnalyzedBy": "apk" }, { "ID": "gnupg-keyboxd@2.4.9-r0", "Name": "gnupg-keyboxd", "Identifier": { "PURL": "pkg:apk/alpine/gnupg-keyboxd@2.4.9-r0?arch=x86_64\u0026distro=3.22.3", "UID": "161a9c6e89795cf0" }, "Version": "2.4.9-r0", "Arch": "x86_64", "SrcName": "gnupg", "SrcVersion": "2.4.9-r0", "Licenses": [ "GPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libassuan@2.5.7-r0", "libgcrypt@1.10.3-r1", "libgpg-error@1.55-r0", "libksba@1.6.7-r0", "musl@1.2.5-r10", "npth@1.8-r0", "sqlite-libs@3.49.2-r1" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:ed938b8081b029da7fa77bb13515ea5e052a4cb9", "InstalledFiles": [ "usr/libexec/keyboxd" ], "AnalyzedBy": "apk" }, { "ID": "gnupg-utils@2.4.9-r0", "Name": "gnupg-utils", "Identifier": { "PURL": "pkg:apk/alpine/gnupg-utils@2.4.9-r0?arch=x86_64\u0026distro=3.22.3", "UID": "33e3a05fa753c98a" }, "Version": "2.4.9-r0", "Arch": "x86_64", "SrcName": "gnupg", "SrcVersion": "2.4.9-r0", "Licenses": [ "GPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libassuan@2.5.7-r0", "libbz2@1.0.8-r6", "libgcrypt@1.10.3-r1", "libgpg-error@1.55-r0", "libksba@1.6.7-r0", "musl@1.2.5-r10", "zlib@1.3.1-r2" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:af7d7a1f4e04e507f6c42fce6ab7862e13685199", "InstalledFiles": [ "usr/bin/gpg-card", "usr/bin/gpg-mail-tube", "usr/bin/gpgparsemail", "usr/bin/gpgsplit", "usr/bin/gpgtar", "usr/bin/kbxutil", "usr/bin/watchgnupg", "usr/libexec/gpg-auth", "usr/libexec/gpg-pair-tool", "usr/sbin/addgnupghome", "usr/sbin/applygnupgdefaults" ], "AnalyzedBy": "apk" }, { "ID": "gnupg-wks-client@2.4.9-r0", "Name": "gnupg-wks-client", "Identifier": { "PURL": "pkg:apk/alpine/gnupg-wks-client@2.4.9-r0?arch=x86_64\u0026distro=3.22.3", "UID": "360b79408926e25c" }, "Version": "2.4.9-r0", "Arch": "x86_64", "SrcName": "gnupg", "SrcVersion": "2.4.9-r0", "Licenses": [ "GPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "gnupg-dirmngr@2.4.9-r0", "gpg-agent@2.4.9-r0", "gpg@2.4.9-r0", "libassuan@2.5.7-r0", "libgcrypt@1.10.3-r1", "libgpg-error@1.55-r0", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:01fc4a3219bd5ac7535c56f1ec137ee1c19b5842", "InstalledFiles": [ "usr/bin/gpg-wks-client", "usr/libexec/gpg-wks-client" ], "AnalyzedBy": "apk" }, { "ID": "gnutls@3.8.12-r0", "Name": "gnutls", "Identifier": { "PURL": "pkg:apk/alpine/gnutls@3.8.12-r0?arch=x86_64\u0026distro=3.22.3", "UID": "67fc64258c96d1b" }, "Version": "3.8.12-r0", "Arch": "x86_64", "SrcName": "gnutls", "SrcVersion": "3.8.12-r0", "Licenses": [ "LGPL-2.1-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "gmp@6.3.0-r3", "libidn2@2.3.7-r0", "libtasn1@4.21.0-r0", "libunistring@1.3-r0", "musl@1.2.5-r10", "nettle@3.10.2-r0", "p11-kit@0.25.5-r2", "zlib@1.3.1-r2" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:709f21fa9e8b1952d27c68cd4201e92b2e15d43d", "InstalledFiles": [ "usr/lib/libgnutls.so.30", "usr/lib/libgnutls.so.30.41.1" ], "AnalyzedBy": "apk" }, { "ID": "gpg@2.4.9-r0", "Name": "gpg", "Identifier": { "PURL": "pkg:apk/alpine/gpg@2.4.9-r0?arch=x86_64\u0026distro=3.22.3", "UID": "f4f976e9b62952fe" }, "Version": "2.4.9-r0", "Arch": "x86_64", "SrcName": "gnupg", "SrcVersion": "2.4.9-r0", "Licenses": [ "GPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "gnupg-dirmngr@2.4.9-r0", "gnupg-gpgconf@2.4.9-r0", "gnupg-keyboxd@2.4.9-r0", "libassuan@2.5.7-r0", "libbz2@1.0.8-r6", "libgcrypt@1.10.3-r1", "libgpg-error@1.55-r0", "musl@1.2.5-r10", "npth@1.8-r0", "sqlite-libs@3.49.2-r1", "zlib@1.3.1-r2" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:b0707ece8f005a4907e4a6ecfedfa48bf6ec0f73", "InstalledFiles": [ "usr/bin/gpg", "usr/bin/gpg2" ], "AnalyzedBy": "apk" }, { "ID": "gpg-agent@2.4.9-r0", "Name": "gpg-agent", "Identifier": { "PURL": "pkg:apk/alpine/gpg-agent@2.4.9-r0?arch=x86_64\u0026distro=3.22.3", "UID": "dc4a41374594da89" }, "Version": "2.4.9-r0", "Arch": "x86_64", "SrcName": "gnupg", "SrcVersion": "2.4.9-r0", "Licenses": [ "GPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "gnupg-gpgconf@2.4.9-r0", "libassuan@2.5.7-r0", "libgcrypt@1.10.3-r1", "libgpg-error@1.55-r0", "musl@1.2.5-r10", "npth@1.8-r0" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:0fb7ceede84c703cf249fe67f63415e6dc1bcd80", "InstalledFiles": [ "usr/bin/gpg-agent", "usr/libexec/gpg-check-pattern", "usr/libexec/gpg-preset-passphrase", "usr/libexec/gpg-protect-tool", "usr/share/gnupg/help.txt" ], "AnalyzedBy": "apk" }, { "ID": "gpg-wks-server@2.4.9-r0", "Name": "gpg-wks-server", "Identifier": { "PURL": "pkg:apk/alpine/gpg-wks-server@2.4.9-r0?arch=x86_64\u0026distro=3.22.3", "UID": "e02e3f328708e669" }, "Version": "2.4.9-r0", "Arch": "x86_64", "SrcName": "gnupg", "SrcVersion": "2.4.9-r0", "Licenses": [ "GPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "gpg-agent@2.4.9-r0", "gpg@2.4.9-r0", "libgcrypt@1.10.3-r1", "libgpg-error@1.55-r0", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:87ba87d6337d62306b4b94ac9be7fc1c94f793e5", "InstalledFiles": [ "usr/bin/gpg-wks-server" ], "AnalyzedBy": "apk" }, { "ID": "gpgsm@2.4.9-r0", "Name": "gpgsm", "Identifier": { "PURL": "pkg:apk/alpine/gpgsm@2.4.9-r0?arch=x86_64\u0026distro=3.22.3", "UID": "8a344af68ac904d6" }, "Version": "2.4.9-r0", "Arch": "x86_64", "SrcName": "gnupg", "SrcVersion": "2.4.9-r0", "Licenses": [ "GPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "gnupg-gpgconf@2.4.9-r0", "libassuan@2.5.7-r0", "libgcrypt@1.10.3-r1", "libgpg-error@1.55-r0", "libksba@1.6.7-r0", "musl@1.2.5-r10", "npth@1.8-r0" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:109b68a29686a3c45592b6040a00f54eba174a6a", "InstalledFiles": [ "usr/bin/gpgsm" ], "AnalyzedBy": "apk" }, { "ID": "gpgv@2.4.9-r0", "Name": "gpgv", "Identifier": { "PURL": "pkg:apk/alpine/gpgv@2.4.9-r0?arch=x86_64\u0026distro=3.22.3", "UID": "b24b251655758a54" }, "Version": "2.4.9-r0", "Arch": "x86_64", "SrcName": "gnupg", "SrcVersion": "2.4.9-r0", "Licenses": [ "GPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libassuan@2.5.7-r0", "libbz2@1.0.8-r6", "libgcrypt@1.10.3-r1", "libgpg-error@1.55-r0", "musl@1.2.5-r10", "npth@1.8-r0", "zlib@1.3.1-r2" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:464566ebd2fd660bfeb91176bbdaf3dace4f42e1", "InstalledFiles": [ "usr/bin/gpgv", "usr/bin/gpgv2" ], "AnalyzedBy": "apk" }, { "ID": "libapk2@2.14.9-r3", "Name": "libapk2", "Identifier": { "PURL": "pkg:apk/alpine/libapk2@2.14.9-r3?arch=x86_64\u0026distro=3.22.3", "UID": "a914b9d20e57673a" }, "Version": "2.14.9-r3", "Arch": "x86_64", "SrcName": "apk-tools", "SrcVersion": "2.14.9-r3", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "ca-certificates-bundle@20250911-r0", "libcrypto3@3.5.5-r0", "libssl3@3.5.5-r0", "musl@1.2.5-r10", "zlib@1.3.1-r2" ], "Layer": { "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" }, "Digest": "sha1:902fd71646d6e087e472c67b0f634c043a2195bc", "InstalledFiles": [ "usr/lib/libapk.so.2.14.9" ], "AnalyzedBy": "apk" }, { "ID": "libassuan@2.5.7-r0", "Name": "libassuan", "Identifier": { "PURL": "pkg:apk/alpine/libassuan@2.5.7-r0?arch=x86_64\u0026distro=3.22.3", "UID": "99ec2f81c1478242" }, "Version": "2.5.7-r0", "Arch": "x86_64", "SrcName": "libassuan", "SrcVersion": "2.5.7-r0", "Licenses": [ "LGPL-2.1-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libgpg-error@1.55-r0", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:3b1d9ed6d84eccbc9c7e3e00f53196df212966b8", "InstalledFiles": [ "usr/lib/libassuan.so.0", "usr/lib/libassuan.so.0.8.7" ], "AnalyzedBy": "apk" }, { "ID": "libbz2@1.0.8-r6", "Name": "libbz2", "Identifier": { "PURL": "pkg:apk/alpine/libbz2@1.0.8-r6?arch=x86_64\u0026distro=3.22.3", "UID": "723292282ebbd061" }, "Version": "1.0.8-r6", "Arch": "x86_64", "SrcName": "bzip2", "SrcVersion": "1.0.8-r6", "Licenses": [ "bzip-2-1.0.6" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:1c8732214d0947cdbca8b7905576c0d0bc3deb3b", "InstalledFiles": [ "usr/lib/libbz2.so.1", "usr/lib/libbz2.so.1.0.8" ], "AnalyzedBy": "apk" }, { "ID": "libcrypto3@3.5.5-r0", "Name": "libcrypto3", "Identifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.5-r0?arch=x86_64\u0026distro=3.22.3", "UID": "ed0ef3c0494f7b12" }, "Version": "3.5.5-r0", "Arch": "x86_64", "SrcName": "openssl", "SrcVersion": "3.5.5-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" }, "Digest": "sha1:69f2e10ba246c41930285851af67ce5af75ecbe5", "InstalledFiles": [ "etc/ssl/ct_log_list.cnf", "etc/ssl/ct_log_list.cnf.dist", "etc/ssl/openssl.cnf", "etc/ssl/openssl.cnf.dist", "usr/lib/libcrypto.so.3", "usr/lib/engines-3/afalg.so", "usr/lib/engines-3/capi.so", "usr/lib/engines-3/loader_attic.so", "usr/lib/engines-3/padlock.so", "usr/lib/ossl-modules/legacy.so" ], "AnalyzedBy": "apk" }, { "ID": "libcurl@8.14.1-r2", "Name": "libcurl", "Identifier": { "PURL": "pkg:apk/alpine/libcurl@8.14.1-r2?arch=x86_64\u0026distro=3.22.3", "UID": "86bea2fc744fdc14" }, "Version": "8.14.1-r2", "Arch": "x86_64", "SrcName": "curl", "SrcVersion": "8.14.1-r2", "Licenses": [ "curl" ], "Maintainer": "fossdd \u003cfossdd@pwned.life\u003e", "DependsOn": [ "brotli-libs@1.1.0-r2", "c-ares@1.34.6-r0", "ca-certificates-bundle@20250911-r0", "libcrypto3@3.5.5-r0", "libidn2@2.3.7-r0", "libpsl@0.21.5-r3", "libssl3@3.5.5-r0", "musl@1.2.5-r10", "nghttp2-libs@1.65.0-r0", "zlib@1.3.1-r2", "zstd-libs@1.5.7-r0" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:d0c265e4db3a95d6e31e13e5ea29dd20b19ea768", "InstalledFiles": [ "usr/lib/libcurl.so.4", "usr/lib/libcurl.so.4.8.0" ], "AnalyzedBy": "apk" }, { "ID": "libexpat@2.7.4-r0", "Name": "libexpat", "Identifier": { "PURL": "pkg:apk/alpine/libexpat@2.7.4-r0?arch=x86_64\u0026distro=3.22.3", "UID": "3880c6da81ca34e8" }, "Version": "2.7.4-r0", "Arch": "x86_64", "SrcName": "expat", "SrcVersion": "2.7.4-r0", "Licenses": [ "MIT" ], "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:17199f1cef3f187f2bffd689e2085284b95885d9", "InstalledFiles": [ "usr/lib/libexpat.so.1", "usr/lib/libexpat.so.1.11.2" ], "AnalyzedBy": "apk" }, { "ID": "libffi@3.4.8-r0", "Name": "libffi", "Identifier": { "PURL": "pkg:apk/alpine/libffi@3.4.8-r0?arch=x86_64\u0026distro=3.22.3", "UID": "8338231f91849d33" }, "Version": "3.4.8-r0", "Arch": "x86_64", "SrcName": "libffi", "SrcVersion": "3.4.8-r0", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:e5d01118f5ad008bb2df07635af364933b4ff20f", "InstalledFiles": [ "usr/lib/libffi.so.8", "usr/lib/libffi.so.8.1.4" ], "AnalyzedBy": "apk" }, { "ID": "libgcrypt@1.10.3-r1", "Name": "libgcrypt", "Identifier": { "PURL": "pkg:apk/alpine/libgcrypt@1.10.3-r1?arch=x86_64\u0026distro=3.22.3", "UID": "d16b260610062e29" }, "Version": "1.10.3-r1", "Arch": "x86_64", "SrcName": "libgcrypt", "SrcVersion": "1.10.3-r1", "Licenses": [ "LGPL-2.1-or-later", "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libgpg-error@1.55-r0", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:d9bca23bad50499a7a459e19e50256dbf1c0f5aa", "InstalledFiles": [ "usr/lib/libgcrypt.so.20", "usr/lib/libgcrypt.so.20.4.3" ], "AnalyzedBy": "apk" }, { "ID": "libgomp@14.2.0-r6", "Name": "libgomp", "Identifier": { "PURL": "pkg:apk/alpine/libgomp@14.2.0-r6?arch=x86_64\u0026distro=3.22.3", "UID": "465d8155c1b59fb0" }, "Version": "14.2.0-r6", "Arch": "x86_64", "SrcName": "gcc", "SrcVersion": "14.2.0-r6", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.1-or-later" ], "Maintainer": "Ariadne Conill \u003cariadne@dereferenced.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:7a22cab723a2deab744718c41eb10fe5601646b1", "InstalledFiles": [ "usr/lib/libgomp.so.1", "usr/lib/libgomp.so.1.0.0" ], "AnalyzedBy": "apk" }, { "ID": "libgpg-error@1.55-r0", "Name": "libgpg-error", "Identifier": { "PURL": "pkg:apk/alpine/libgpg-error@1.55-r0?arch=x86_64\u0026distro=3.22.3", "UID": "6f51fc1a3225ebd7" }, "Version": "1.55-r0", "Arch": "x86_64", "SrcName": "libgpg-error", "SrcVersion": "1.55-r0", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.1-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:f02c0ba1c71291307b6f92de33f0ee4ef4f78339", "InstalledFiles": [ "usr/bin/gpg-error", "usr/lib/libgpg-error.so.0", "usr/lib/libgpg-error.so.0.39.3" ], "AnalyzedBy": "apk" }, { "ID": "libidn2@2.3.7-r0", "Name": "libidn2", "Identifier": { "PURL": "pkg:apk/alpine/libidn2@2.3.7-r0?arch=x86_64\u0026distro=3.22.3", "UID": "62dfaa175b3f84e5" }, "Version": "2.3.7-r0", "Arch": "x86_64", "SrcName": "libidn2", "SrcVersion": "2.3.7-r0", "Licenses": [ "GPL-2.0-or-later", "LGPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libunistring@1.3-r0", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:e2e93b247187a15a2164f4b7e5f4a725a3b5d488", "InstalledFiles": [ "usr/lib/libidn2.so.0", "usr/lib/libidn2.so.0.4.0" ], "AnalyzedBy": "apk" }, { "ID": "libintl@0.24.1-r0", "Name": "libintl", "Identifier": { "PURL": "pkg:apk/alpine/libintl@0.24.1-r0?arch=x86_64\u0026distro=3.22.3", "UID": "5335e41c5d85c80" }, "Version": "0.24.1-r0", "Arch": "x86_64", "SrcName": "gettext", "SrcVersion": "0.24.1-r0", "Licenses": [ "LGPL-2.1-or-later" ], "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:8f44275c3149194ffa1b7bae29469289f758ed3d", "InstalledFiles": [ "usr/lib/libintl.so.8", "usr/lib/libintl.so.8.4.3" ], "AnalyzedBy": "apk" }, { "ID": "libksba@1.6.7-r0", "Name": "libksba", "Identifier": { "PURL": "pkg:apk/alpine/libksba@1.6.7-r0?arch=x86_64\u0026distro=3.22.3", "UID": "2915c9af8ec519dc" }, "Version": "1.6.7-r0", "Arch": "x86_64", "SrcName": "libksba", "SrcVersion": "1.6.7-r0", "Licenses": [ "LGPL-3.0-only", "GPL-2.0-only", "GPL-3.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libgpg-error@1.55-r0", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:24b41953b7165e9327c9e392e085951da427bd3d", "InstalledFiles": [ "usr/lib/libksba.so.8", "usr/lib/libksba.so.8.14.7" ], "AnalyzedBy": "apk" }, { "ID": "libldap@2.6.8-r0", "Name": "libldap", "Identifier": { "PURL": "pkg:apk/alpine/libldap@2.6.8-r0?arch=x86_64\u0026distro=3.22.3", "UID": "da145041bc2d7d47" }, "Version": "2.6.8-r0", "Arch": "x86_64", "SrcName": "openldap", "SrcVersion": "2.6.8-r0", "Licenses": [ "OLDAP-2.8" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libcrypto3@3.5.5-r0", "libsasl@2.1.28-r8", "libssl3@3.5.5-r0", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:7d8736383926aa215da508f88cafb428fd4fa20f", "InstalledFiles": [ "etc/openldap/ldap.conf", "usr/lib/liblber.so.2", "usr/lib/liblber.so.2.0.200", "usr/lib/libldap.so.2", "usr/lib/libldap.so.2.0.200" ], "AnalyzedBy": "apk" }, { "ID": "libncursesw@6.5_p20250503-r0", "Name": "libncursesw", "Identifier": { "PURL": "pkg:apk/alpine/libncursesw@6.5_p20250503-r0?arch=x86_64\u0026distro=3.22.3", "UID": "e6be237484e23875" }, "Version": "6.5_p20250503-r0", "Arch": "x86_64", "SrcName": "ncurses", "SrcVersion": "6.5_p20250503-r0", "Licenses": [ "X-11" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10", "ncurses-terminfo-base@6.5_p20250503-r0" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:42901f1528399d67e07e14085ee53f1a369b240a", "InstalledFiles": [ "usr/lib/libncursesw.so.6", "usr/lib/libncursesw.so.6.5" ], "AnalyzedBy": "apk" }, { "ID": "libpsl@0.21.5-r3", "Name": "libpsl", "Identifier": { "PURL": "pkg:apk/alpine/libpsl@0.21.5-r3?arch=x86_64\u0026distro=3.22.3", "UID": "e3d3e0725ec78534" }, "Version": "0.21.5-r3", "Arch": "x86_64", "SrcName": "libpsl", "SrcVersion": "0.21.5-r3", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libidn2@2.3.7-r0", "libunistring@1.3-r0", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:351ae123ebf705f090c43fc793996dba2fa21ebb", "InstalledFiles": [ "usr/lib/libpsl.so.5", "usr/lib/libpsl.so.5.3.5" ], "AnalyzedBy": "apk" }, { "ID": "libsasl@2.1.28-r8", "Name": "libsasl", "Identifier": { "PURL": "pkg:apk/alpine/libsasl@2.1.28-r8?arch=x86_64\u0026distro=3.22.3", "UID": "6b674155e4c14e5" }, "Version": "2.1.28-r8", "Arch": "x86_64", "SrcName": "cyrus-sasl", "SrcVersion": "2.1.28-r8", "Licenses": [ "BSD-3-Clause-Attribution", "BSD-4-Clause" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "gdbm@1.24-r0", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:6318f8a8d76801400f56b8aaefa9fc6654565cda", "InstalledFiles": [ "usr/lib/libsasl2.so.3", "usr/lib/libsasl2.so.3.0.0", "usr/lib/sasl2/libanonymous.so", "usr/lib/sasl2/libanonymous.so.3", "usr/lib/sasl2/libanonymous.so.3.0.0", "usr/lib/sasl2/libplain.so", "usr/lib/sasl2/libplain.so.3", "usr/lib/sasl2/libplain.so.3.0.0", "usr/lib/sasl2/libsasldb.so", "usr/lib/sasl2/libsasldb.so.3", "usr/lib/sasl2/libsasldb.so.3.0.0" ], "AnalyzedBy": "apk" }, { "ID": "libssl3@3.5.5-r0", "Name": "libssl3", "Identifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.5-r0?arch=x86_64\u0026distro=3.22.3", "UID": "1bea070325a2bc82" }, "Version": "3.5.5-r0", "Arch": "x86_64", "SrcName": "openssl", "SrcVersion": "3.5.5-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libcrypto3@3.5.5-r0", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" }, "Digest": "sha1:cccea10b0bf05b03f19640b4a35dbd4326d34073", "InstalledFiles": [ "usr/lib/libssl.so.3" ], "AnalyzedBy": "apk" }, { "ID": "libtasn1@4.21.0-r0", "Name": "libtasn1", "Identifier": { "PURL": "pkg:apk/alpine/libtasn1@4.21.0-r0?arch=x86_64\u0026distro=3.22.3", "UID": "11d7d4e927554a96" }, "Version": "4.21.0-r0", "Arch": "x86_64", "SrcName": "libtasn1", "SrcVersion": "4.21.0-r0", "Licenses": [ "LGPL-2.1-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:a20a0138f828954be57c16ac4263918bf1b1fa36", "InstalledFiles": [ "usr/lib/libtasn1.so.6", "usr/lib/libtasn1.so.6.6.5" ], "AnalyzedBy": "apk" }, { "ID": "libunistring@1.3-r0", "Name": "libunistring", "Identifier": { "PURL": "pkg:apk/alpine/libunistring@1.3-r0?arch=x86_64\u0026distro=3.22.3", "UID": "c85bd5adae736524" }, "Version": "1.3-r0", "Arch": "x86_64", "SrcName": "libunistring", "SrcVersion": "1.3-r0", "Licenses": [ "GPL-2.0-or-later", "LGPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:9472d9ab2b634a61ad5edc9b4754fdb1e34bdef9", "InstalledFiles": [ "usr/lib/libunistring.so.5", "usr/lib/libunistring.so.5.2.0" ], "AnalyzedBy": "apk" }, { "ID": "libxml2@2.13.9-r0", "Name": "libxml2", "Identifier": { "PURL": "pkg:apk/alpine/libxml2@2.13.9-r0?arch=x86_64\u0026distro=3.22.3", "UID": "c0b0bc9143ed75ae" }, "Version": "2.13.9-r0", "Arch": "x86_64", "SrcName": "libxml2", "SrcVersion": "2.13.9-r0", "Licenses": [ "MIT" ], "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10", "xz-libs@5.8.1-r0", "zlib@1.3.1-r2" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:6ddad9a7b827ee30cd620f78e10a693464853d82", "InstalledFiles": [ "usr/lib/libxml2.so.2", "usr/lib/libxml2.so.2.13.9" ], "AnalyzedBy": "apk" }, { "ID": "musl@1.2.5-r10", "Name": "musl", "Identifier": { "PURL": "pkg:apk/alpine/musl@1.2.5-r10?arch=x86_64\u0026distro=3.22.3", "UID": "55e7e479f5580f45" }, "Version": "1.2.5-r10", "Arch": "x86_64", "SrcName": "musl", "SrcVersion": "1.2.5-r10", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" }, "Digest": "sha1:59283b61db830a0a0309c98f4db906a2d8fa342b", "InstalledFiles": [ "lib/ld-musl-x86_64.so.1", "lib/libc.musl-x86_64.so.1" ], "AnalyzedBy": "apk" }, { "ID": "musl-utils@1.2.5-r10", "Name": "musl-utils", "Identifier": { "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r10?arch=x86_64\u0026distro=3.22.3", "UID": "73256102bfd5faee" }, "Version": "1.2.5-r10", "Arch": "x86_64", "SrcName": "musl", "SrcVersion": "1.2.5-r10", "Licenses": [ "MIT", "BSD-2-Clause", "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10", "scanelf@1.3.8-r1" ], "Layer": { "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" }, "Digest": "sha1:7e60d0820813baa8ac266bee158394c0a69f104a", "InstalledFiles": [ "sbin/ldconfig", "usr/bin/getconf", "usr/bin/getent", "usr/bin/iconv", "usr/bin/ldd" ], "AnalyzedBy": "apk" }, { "ID": "ncurses-terminfo-base@6.5_p20250503-r0", "Name": "ncurses-terminfo-base", "Identifier": { "PURL": "pkg:apk/alpine/ncurses-terminfo-base@6.5_p20250503-r0?arch=x86_64\u0026distro=3.22.3", "UID": "894c1596a3cf9412" }, "Version": "6.5_p20250503-r0", "Arch": "x86_64", "SrcName": "ncurses", "SrcVersion": "6.5_p20250503-r0", "Licenses": [ "X-11" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:fea2cc088f02df2feb5da718e70123647f0ef8f7", "InstalledFiles": [ "etc/terminfo/a/alacritty", "etc/terminfo/a/ansi", "etc/terminfo/d/dumb", "etc/terminfo/g/gnome", "etc/terminfo/g/gnome-256color", "etc/terminfo/k/konsole", "etc/terminfo/k/konsole-256color", "etc/terminfo/k/konsole-linux", "etc/terminfo/l/linux", "etc/terminfo/p/putty", "etc/terminfo/p/putty-256color", "etc/terminfo/r/rxvt", "etc/terminfo/r/rxvt-256color", "etc/terminfo/s/screen", "etc/terminfo/s/screen-256color", "etc/terminfo/s/st-0.6", "etc/terminfo/s/st-0.7", "etc/terminfo/s/st-0.8", "etc/terminfo/s/st-0.8.5", "etc/terminfo/s/st-16color", "etc/terminfo/s/st-256color", "etc/terminfo/s/st-direct", "etc/terminfo/s/sun", "etc/terminfo/t/terminator", "etc/terminfo/t/terminology", "etc/terminfo/t/terminology-0.6.1", "etc/terminfo/t/terminology-1.0.0", "etc/terminfo/t/terminology-1.8.1", "etc/terminfo/t/tmux", "etc/terminfo/t/tmux-256color", "etc/terminfo/v/vt100", "etc/terminfo/v/vt102", "etc/terminfo/v/vt200", "etc/terminfo/v/vt220", "etc/terminfo/v/vt52", "etc/terminfo/v/vte", "etc/terminfo/v/vte-256color", "etc/terminfo/x/xterm", "etc/terminfo/x/xterm-256color", "etc/terminfo/x/xterm-color", "etc/terminfo/x/xterm-xfree86" ], "AnalyzedBy": "apk" }, { "ID": "nettle@3.10.2-r0", "Name": "nettle", "Identifier": { "PURL": "pkg:apk/alpine/nettle@3.10.2-r0?arch=x86_64\u0026distro=3.22.3", "UID": "d7016a30888c7b4c" }, "Version": "3.10.2-r0", "Arch": "x86_64", "SrcName": "nettle", "SrcVersion": "3.10.2-r0", "Licenses": [ "GPL-2.0-or-later", "LGPL-3.0-or-later" ], "Maintainer": "Patrycja Rosa \u003calpine@ptrcnull.me\u003e", "DependsOn": [ "gmp@6.3.0-r3", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:21d72934d1697ae0138cadc28a140b9a3880768e", "InstalledFiles": [ "usr/lib/libhogweed.so.6", "usr/lib/libhogweed.so.6.11", "usr/lib/libnettle.so.8", "usr/lib/libnettle.so.8.11" ], "AnalyzedBy": "apk" }, { "ID": "nghttp2-libs@1.65.0-r0", "Name": "nghttp2-libs", "Identifier": { "PURL": "pkg:apk/alpine/nghttp2-libs@1.65.0-r0?arch=x86_64\u0026distro=3.22.3", "UID": "9a7f544dd9c7674" }, "Version": "1.65.0-r0", "Arch": "x86_64", "SrcName": "nghttp2", "SrcVersion": "1.65.0-r0", "Licenses": [ "MIT" ], "Maintainer": "Francesco Colista \u003cfcolista@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:25feb492160beba9dd4bea4a169a65fd2eccc493", "InstalledFiles": [ "usr/lib/libnghttp2.so.14", "usr/lib/libnghttp2.so.14.28.4" ], "AnalyzedBy": "apk" }, { "ID": "npth@1.8-r0", "Name": "npth", "Identifier": { "PURL": "pkg:apk/alpine/npth@1.8-r0?arch=x86_64\u0026distro=3.22.3", "UID": "73135ebdb90cc0ab" }, "Version": "1.8-r0", "Arch": "x86_64", "SrcName": "npth", "SrcVersion": "1.8-r0", "Licenses": [ "LGPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:45c2d6ed25cdc77d9e450e8e641805bf12e14bd2", "InstalledFiles": [ "usr/lib/libnpth.so.0", "usr/lib/libnpth.so.0.3.0" ], "AnalyzedBy": "apk" }, { "ID": "openssh-keygen@10.0_p1-r10", "Name": "openssh-keygen", "Identifier": { "PURL": "pkg:apk/alpine/openssh-keygen@10.0_p1-r10?arch=x86_64\u0026distro=3.22.3", "UID": "5cc9c3878b3b4135" }, "Version": "10.0_p1-r10", "Arch": "x86_64", "SrcName": "openssh", "SrcVersion": "10.0_p1-r10", "Licenses": [ "SSH-OpenSSH" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libcrypto3@3.5.5-r0", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:6872859bfccc9800f978efefdc8ab1a11cef7405", "InstalledFiles": [ "usr/bin/ssh-keygen" ], "AnalyzedBy": "apk" }, { "ID": "p11-kit@0.25.5-r2", "Name": "p11-kit", "Identifier": { "PURL": "pkg:apk/alpine/p11-kit@0.25.5-r2?arch=x86_64\u0026distro=3.22.3", "UID": "fb995d433d340301" }, "Version": "0.25.5-r2", "Arch": "x86_64", "SrcName": "p11-kit", "SrcVersion": "0.25.5-r2", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Patrycja Rosa \u003calpine@ptrcnull.me\u003e", "DependsOn": [ "libffi@3.4.8-r0", "libtasn1@4.21.0-r0", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:755b408e886fdbf4428612a6f47dfadf9a8513f7", "InstalledFiles": [ "etc/pkcs11/pkcs11.conf.example", "usr/bin/p11-kit", "usr/lib/libp11-kit.so.0", "usr/lib/libp11-kit.so.0.4.1", "usr/libexec/p11-kit/p11-kit-remote", "usr/libexec/p11-kit/trust-extract-compat" ], "AnalyzedBy": "apk" }, { "ID": "pcre2@10.46-r0", "Name": "pcre2", "Identifier": { "PURL": "pkg:apk/alpine/pcre2@10.46-r0?arch=x86_64\u0026distro=3.22.3", "UID": "5122fda3f4fd0f49" }, "Version": "10.46-r0", "Arch": "x86_64", "SrcName": "pcre2", "SrcVersion": "10.46-r0", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Jakub Jirutka \u003cjakub@jirutka.cz\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:8237724bdc50c57c16e64eb0d522d85abc500d10", "InstalledFiles": [ "usr/lib/libpcre2-8.so.0", "usr/lib/libpcre2-8.so.0.14.0", "usr/lib/libpcre2-posix.so.3", "usr/lib/libpcre2-posix.so.3.0.6" ], "AnalyzedBy": "apk" }, { "ID": "pinentry@1.3.1-r0", "Name": "pinentry", "Identifier": { "PURL": "pkg:apk/alpine/pinentry@1.3.1-r0?arch=x86_64\u0026distro=3.22.3", "UID": "b44d7d7e47279be" }, "Version": "1.3.1-r0", "Arch": "x86_64", "SrcName": "pinentry", "SrcVersion": "1.3.1-r0", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "busybox-binsh@1.37.0-r20", "libassuan@2.5.7-r0", "libgpg-error@1.55-r0", "libncursesw@6.5_p20250503-r0", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:f8fb731ee4d791e846261457bdd2ae485cd0f8ff", "InstalledFiles": [ "usr/bin/pinentry-curses" ], "AnalyzedBy": "apk" }, { "ID": "readline@8.2.13-r1", "Name": "readline", "Identifier": { "PURL": "pkg:apk/alpine/readline@8.2.13-r1?arch=x86_64\u0026distro=3.22.3", "UID": "37d71f5ec630233b" }, "Version": "8.2.13-r1", "Arch": "x86_64", "SrcName": "readline", "SrcVersion": "8.2.13-r1", "Licenses": [ "GPL-3.0-or-later" ], "Maintainer": "Celeste \u003ccielesti@protonmail.com\u003e", "DependsOn": [ "libncursesw@6.5_p20250503-r0", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:d305640121793fd79a7636ed10fcc6cb10155e38", "InstalledFiles": [ "etc/inputrc", "usr/lib/libreadline.so.8", "usr/lib/libreadline.so.8.2" ], "AnalyzedBy": "apk" }, { "ID": "scanelf@1.3.8-r1", "Name": "scanelf", "Identifier": { "PURL": "pkg:apk/alpine/scanelf@1.3.8-r1?arch=x86_64\u0026distro=3.22.3", "UID": "be156a8575875ef7" }, "Version": "1.3.8-r1", "Arch": "x86_64", "SrcName": "pax-utils", "SrcVersion": "1.3.8-r1", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" }, "Digest": "sha1:bd6dd1c820d476bcdf8ee38f003bcf2a73323b13", "InstalledFiles": [ "usr/bin/scanelf" ], "AnalyzedBy": "apk" }, { "ID": "sqlite-libs@3.49.2-r1", "Name": "sqlite-libs", "Identifier": { "PURL": "pkg:apk/alpine/sqlite-libs@3.49.2-r1?arch=x86_64\u0026distro=3.22.3", "UID": "a525f82829f5678f" }, "Version": "3.49.2-r1", "Arch": "x86_64", "SrcName": "sqlite", "SrcVersion": "3.49.2-r1", "Licenses": [ "blessing" ], "Maintainer": "Celeste \u003ccielesti@protonmail.com\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:cb31ad275293ff9e705f41d1c8626e771a589e45", "InstalledFiles": [ "usr/lib/libsqlite3.so.0", "usr/lib/libsqlite3.so.3.49.2" ], "AnalyzedBy": "apk" }, { "ID": "ssl_client@1.37.0-r20", "Name": "ssl_client", "Identifier": { "PURL": "pkg:apk/alpine/ssl_client@1.37.0-r20?arch=x86_64\u0026distro=3.22.3", "UID": "9f2fd2c2f40578a7" }, "Version": "1.37.0-r20", "Arch": "x86_64", "SrcName": "busybox", "SrcVersion": "1.37.0-r20", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", "DependsOn": [ "libcrypto3@3.5.5-r0", "libssl3@3.5.5-r0", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" }, "Digest": "sha1:8bdfbaab4c99a5d77844ca989971c87161126784", "InstalledFiles": [ "usr/bin/ssl_client" ], "AnalyzedBy": "apk" }, { "ID": "xz-libs@5.8.1-r0", "Name": "xz-libs", "Identifier": { "PURL": "pkg:apk/alpine/xz-libs@5.8.1-r0?arch=x86_64\u0026distro=3.22.3", "UID": "8bd18e17467b35f2" }, "Version": "5.8.1-r0", "Arch": "x86_64", "SrcName": "xz", "SrcVersion": "5.8.1-r0", "Licenses": [ "GPL-2.0-or-later", "0BSD", "Public-Domain", "LGPL-2.1-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:fdcdb7d0dc44dd546165ae313122b01d6a20f931", "InstalledFiles": [ "usr/lib/liblzma.so.5", "usr/lib/liblzma.so.5.8.1" ], "AnalyzedBy": "apk" }, { "ID": "zlib@1.3.1-r2", "Name": "zlib", "Identifier": { "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.22.3", "UID": "23095b6210429e11" }, "Version": "1.3.1-r2", "Arch": "x86_64", "SrcName": "zlib", "SrcVersion": "1.3.1-r2", "Licenses": [ "Zlib" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" }, "Digest": "sha1:bf7d90d89e5429c18167b91ab8d7e6256cfc7fdf", "InstalledFiles": [ "usr/lib/libz.so.1", "usr/lib/libz.so.1.3.1" ], "AnalyzedBy": "apk" }, { "ID": "zstd-libs@1.5.7-r0", "Name": "zstd-libs", "Identifier": { "PURL": "pkg:apk/alpine/zstd-libs@1.5.7-r0?arch=x86_64\u0026distro=3.22.3", "UID": "cd528bce493c7221" }, "Version": "1.5.7-r0", "Arch": "x86_64", "SrcName": "zstd", "SrcVersion": "1.5.7-r0", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "Digest": "sha1:50c83112b5619f48d36d69190a4cb7c71f15c7d2", "InstalledFiles": [ "usr/lib/libzstd.so.1", "usr/lib/libzstd.so.1.5.7" ], "AnalyzedBy": "apk" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2026-33845", "PkgID": "gnutls@3.8.12-r0", "PkgName": "gnutls", "PkgIdentifier": { "PURL": "pkg:apk/alpine/gnutls@3.8.12-r0?arch=x86_64\u0026distro=3.22.3", "UID": "67fc64258c96d1b" }, "InstalledVersion": "3.8.12-r0", "FixedVersion": "3.8.13-r0", "Status": "fixed", "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33845", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:bdf79e241138d8d4c75b799d86031560fb0542a1054688b4f0ebde2b9659d756", "Title": "gnutls: GnuTLS: Denial of Service via DTLS zero-length fragment", "Description": "A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.", "Severity": "CRITICAL", "CweIDs": [ "CWE-191" ], "VendorSeverity": { "azure": 3, "nvd": 4, "photon": 4, "redhat": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "V3Score": 9.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:13274", "https://access.redhat.com/security/cve/CVE-2026-33845", "https://bugzilla.redhat.com/show_bug.cgi?id=2450624", "https://nvd.nist.gov/vuln/detail/CVE-2026-33845", "https://ubuntu.com/security/notices/USN-8284-1", "https://www.cve.org/CVERecord?id=CVE-2026-33845", "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-3" ], "PublishedDate": "2026-04-30T18:16:28.003Z", "LastModifiedDate": "2026-05-05T03:03:19.247Z" }, { "VulnerabilityID": "CVE-2026-42010", "PkgID": "gnutls@3.8.12-r0", "PkgName": "gnutls", "PkgIdentifier": { "PURL": "pkg:apk/alpine/gnutls@3.8.12-r0?arch=x86_64\u0026distro=3.22.3", "UID": "67fc64258c96d1b" }, "InstalledVersion": "3.8.12-r0", "FixedVersion": "3.8.13-r0", "Status": "fixed", "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42010", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:264cce4c3c12bac722771060fb8cc862abd80807a7512da45827058b0f8deb60", "Title": "gnutls: gnutls: Authentication Bypass via NUL Character in Username", "Description": "A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.", "Severity": "CRITICAL", "CweIDs": [ "CWE-626" ], "VendorSeverity": { "nvd": 4, "photon": 4, "redhat": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:13274", "https://access.redhat.com/security/cve/CVE-2026-42010", "https://bugzilla.redhat.com/show_bug.cgi?id=2467289", "https://nvd.nist.gov/vuln/detail/CVE-2026-42010", "https://ubuntu.com/security/notices/USN-8284-1", "https://www.cve.org/CVERecord?id=CVE-2026-42010", "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-4" ], "PublishedDate": "2026-05-07T12:16:17.977Z", "LastModifiedDate": "2026-05-14T23:16:36.52Z" }, { "VulnerabilityID": "CVE-2026-33846", "PkgID": "gnutls@3.8.12-r0", "PkgName": "gnutls", "PkgIdentifier": { "PURL": "pkg:apk/alpine/gnutls@3.8.12-r0?arch=x86_64\u0026distro=3.22.3", "UID": "67fc64258c96d1b" }, "InstalledVersion": "3.8.12-r0", "FixedVersion": "3.8.13-r0", "Status": "fixed", "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33846", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:9da6cfd5dd6c1291eb82d319871ff4ff31641281f819d3a2899042a5a55e3235", "Title": "gnutls: GnuTLS: Denial of Service via heap buffer overflow in DTLS handshake fragment reassembly", "Description": "A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption.", "Severity": "HIGH", "CweIDs": [ "CWE-130" ], "VendorSeverity": { "redhat": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:13274", "https://access.redhat.com/security/cve/CVE-2026-33846", "https://bugzilla.redhat.com/show_bug.cgi?id=2450625", "https://nvd.nist.gov/vuln/detail/CVE-2026-33846", "https://ubuntu.com/security/notices/USN-8284-1", "https://www.cve.org/CVERecord?id=CVE-2026-33846", "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-1" ], "PublishedDate": "2026-05-04T10:15:59.69Z", "LastModifiedDate": "2026-05-04T15:22:52.85Z" }, { "VulnerabilityID": "CVE-2026-3833", "PkgID": "gnutls@3.8.12-r0", "PkgName": "gnutls", "PkgIdentifier": { "PURL": "pkg:apk/alpine/gnutls@3.8.12-r0?arch=x86_64\u0026distro=3.22.3", "UID": "67fc64258c96d1b" }, "InstalledVersion": "3.8.12-r0", "FixedVersion": "3.8.13-r0", "Status": "fixed", "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3833", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:23836401c8781c0f0d260142609cba6466b439f51b51743d978fe24543140e69", "Title": "gnutls: GnuTLS: Policy bypass due to case-sensitive nameConstraints comparison", "Description": "A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically for `dNSName` (DNS) or `rfc822Name` (email) constraints within `excludedSubtrees` or `permittedSubtrees`. A remote attacker can exploit this by crafting a leaf certificate with casing differences in the Subject Alternative Name (SAN), leading to a policy bypass where a certificate that should be rejected is instead accepted. This could result in unauthorized access or information disclosure.", "Severity": "HIGH", "CweIDs": [ "CWE-178" ], "VendorSeverity": { "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:13274", "https://access.redhat.com/security/cve/CVE-2026-3833", "https://bugzilla.redhat.com/show_bug.cgi?id=2445763", "https://gitlab.com/gnutls/gnutls/-/issues/1803", "https://nvd.nist.gov/vuln/detail/CVE-2026-3833", "https://ubuntu.com/security/notices/USN-8284-1", "https://www.cve.org/CVERecord?id=CVE-2026-3833", "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-5" ], "PublishedDate": "2026-04-30T18:16:30.577Z", "LastModifiedDate": "2026-05-07T02:09:04.47Z" }, { "VulnerabilityID": "CVE-2026-42009", "PkgID": "gnutls@3.8.12-r0", "PkgName": "gnutls", "PkgIdentifier": { "PURL": "pkg:apk/alpine/gnutls@3.8.12-r0?arch=x86_64\u0026distro=3.22.3", "UID": "67fc64258c96d1b" }, "InstalledVersion": "3.8.12-r0", "FixedVersion": "3.8.13-r0", "Status": "fixed", "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42009", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:9624632bbae6a6f0f55a8dd2f10d7776fdfd362c2c37ee70c91985f49f3f6e1e", "Title": "gnutls: gnutls: Denial of Service via DTLS packet reordering vulnerability", "Description": "A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service.", "Severity": "HIGH", "CweIDs": [ "CWE-475" ], "VendorSeverity": { "redhat": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-42009", "https://bugzilla.redhat.com/show_bug.cgi?id=2467279", "https://nvd.nist.gov/vuln/detail/CVE-2026-42009", "https://ubuntu.com/security/notices/USN-8284-1", "https://www.cve.org/CVERecord?id=CVE-2026-42009", "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-2" ], "PublishedDate": "2026-05-18T13:16:32.707Z", "LastModifiedDate": "2026-05-18T19:32:38.777Z" }, { "VulnerabilityID": "CVE-2026-42011", "PkgID": "gnutls@3.8.12-r0", "PkgName": "gnutls", "PkgIdentifier": { "PURL": "pkg:apk/alpine/gnutls@3.8.12-r0?arch=x86_64\u0026distro=3.22.3", "UID": "67fc64258c96d1b" }, "InstalledVersion": "3.8.12-r0", "FixedVersion": "3.8.13-r0", "Status": "fixed", "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42011", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:0ca22261bdf7a67b2907ab666f9229014861384d1431546a60cc048722eb8f8b", "Title": "gnutls: gnutls: Security bypass due to incorrect name constraint handling", "Description": "A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during certificate validation. This bypass could lead to the acceptance of invalid certificates, potentially enabling spoofing or man-in-the-middle attacks against affected systems.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:13274", "https://access.redhat.com/security/cve/CVE-2026-42011", "https://bugzilla.redhat.com/show_bug.cgi?id=2467437", "https://nvd.nist.gov/vuln/detail/CVE-2026-42011", "https://ubuntu.com/security/notices/USN-8284-1", "https://www.cve.org/CVERecord?id=CVE-2026-42011", "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-6" ], "PublishedDate": "2026-05-07T15:16:09.76Z", "LastModifiedDate": "2026-05-14T23:16:36.667Z" }, { "VulnerabilityID": "CVE-2026-42012", "PkgID": "gnutls@3.8.12-r0", "PkgName": "gnutls", "PkgIdentifier": { "PURL": "pkg:apk/alpine/gnutls@3.8.12-r0?arch=x86_64\u0026distro=3.22.3", "UID": "67fc64258c96d1b" }, "InstalledVersion": "3.8.12-r0", "FixedVersion": "3.8.13-r0", "Status": "fixed", "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42012", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:ba5bd6e65ad3196aff668ee8f1a04949052f4fee917f7a09a26035d2064a3d89", "Description": "Certificates containing URI or SRV Subject Alternative Names would fall back to checking DNS hostnames against Common Name, allowing potential misuse of such certificates beyond their original purpose.", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://ubuntu.com/security/notices/USN-8284-1", "https://www.cve.org/CVERecord?id=CVE-2026-42012", "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-7" ] }, { "VulnerabilityID": "CVE-2026-42013", "PkgID": "gnutls@3.8.12-r0", "PkgName": "gnutls", "PkgIdentifier": { "PURL": "pkg:apk/alpine/gnutls@3.8.12-r0?arch=x86_64\u0026distro=3.22.3", "UID": "67fc64258c96d1b" }, "InstalledVersion": "3.8.12-r0", "FixedVersion": "3.8.13-r0", "Status": "fixed", "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42013", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:9394da35d85c1e48bb1cd4ca357d490af46212f171ccd85b02894f34c1512985", "Description": "Validation of certificates with oversized Subject Alternative Names would fall back to checking DNS hostnames against Common Name.", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://ubuntu.com/security/notices/USN-8284-1", "https://www.cve.org/CVERecord?id=CVE-2026-42013", "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-8" ] }, { "VulnerabilityID": "CVE-2026-42014", "PkgID": "gnutls@3.8.12-r0", "PkgName": "gnutls", "PkgIdentifier": { "PURL": "pkg:apk/alpine/gnutls@3.8.12-r0?arch=x86_64\u0026distro=3.22.3", "UID": "67fc64258c96d1b" }, "InstalledVersion": "3.8.12-r0", "FixedVersion": "3.8.13-r0", "Status": "fixed", "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42014", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:728884f160b267fa6632b1e0748519ca2bcfdefc97075627ed6f7b110b3160da", "Description": "Changing the Security Officer PIN with gnutls_pkcs11_token_set_pin() with oldpin == NULL for a token lacking a protected authentication path led to a use-after-free.", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://ubuntu.com/security/notices/USN-8284-1", "https://www.cve.org/CVERecord?id=CVE-2026-42014", "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-9" ] }, { "VulnerabilityID": "CVE-2026-42015", "PkgID": "gnutls@3.8.12-r0", "PkgName": "gnutls", "PkgIdentifier": { "PURL": "pkg:apk/alpine/gnutls@3.8.12-r0?arch=x86_64\u0026distro=3.22.3", "UID": "67fc64258c96d1b" }, "InstalledVersion": "3.8.12-r0", "FixedVersion": "3.8.13-r0", "Status": "fixed", "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42015", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:f552beac406e6b1c99c5c1c4fb0455f2248388d7f7e590bebe6bc9254a6cf242", "Description": "Appending to a PKCS#12 bag that already contained 32 elements could write past the bag's internal array.", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://ubuntu.com/security/notices/USN-8284-1", "https://www.cve.org/CVERecord?id=CVE-2026-42015", "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-11" ] }, { "VulnerabilityID": "CVE-2026-5260", "PkgID": "gnutls@3.8.12-r0", "PkgName": "gnutls", "PkgIdentifier": { "PURL": "pkg:apk/alpine/gnutls@3.8.12-r0?arch=x86_64\u0026distro=3.22.3", "UID": "67fc64258c96d1b" }, "InstalledVersion": "3.8.12-r0", "FixedVersion": "3.8.13-r0", "Status": "fixed", "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5260", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:06faf058c768a40b4757da46b9e49c174d956cb3729a4d03d708d53f64360d87", "Description": "For a server using an RSA key backed by a PKCS#11 token, a client sending an extremely short premaster secret during an RSA key exchange could trigger a short heap overread.", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://ubuntu.com/security/notices/USN-8284-1", "https://www.cve.org/CVERecord?id=CVE-2026-5260", "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-10" ] }, { "VulnerabilityID": "CVE-2026-5419", "PkgID": "gnutls@3.8.12-r0", "PkgName": "gnutls", "PkgIdentifier": { "PURL": "pkg:apk/alpine/gnutls@3.8.12-r0?arch=x86_64\u0026distro=3.22.3", "UID": "67fc64258c96d1b" }, "InstalledVersion": "3.8.12-r0", "FixedVersion": "3.8.13-r0", "Status": "fixed", "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5419", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:8bb75fc6489f3872b8c3244319d02fffe646ebc31cfefd3c3a558af18cd4b5dc", "Description": "The PKCS#7 padding check performed during decryption was not constant-time, potentially leaking information about the padding bytes through timing differences.", "Severity": "MEDIUM", "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://ubuntu.com/security/notices/USN-8284-1", "https://www.cve.org/CVERecord?id=CVE-2026-5419", "https://www.gnutls.org/security-new.html#GNUTLS-SA-2026-04-29-13" ] }, { "VulnerabilityID": "CVE-2026-31789", "PkgID": "libcrypto3@3.5.5-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.5-r0?arch=x86_64\u0026distro=3.22.3", "UID": "ed0ef3c0494f7b12" }, "InstalledVersion": "3.5.5-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31789", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:d2ecf2fc357c3d929e01a1749f12baaadd3e8683ad277d19c0f16e27900f7c77", "Title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing", "Description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "CRITICAL", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "azure": 2, "nvd": 4, "photon": 4, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", "V3Score": 5.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31789", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-j79m-9jxq-788r", "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-31789", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.617Z", "LastModifiedDate": "2026-05-12T13:17:34.57Z" }, { "VulnerabilityID": "CVE-2026-28387", "PkgID": "libcrypto3@3.5.5-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.5-r0?arch=x86_64\u0026distro=3.22.3", "UID": "ed0ef3c0494f7b12" }, "InstalledVersion": "3.5.5-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28387", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:9b0ad412153160963a83a17f90f3cfb063a1ed815e5f4036f82004c40edb6153", "Title": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication", "Description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as 'unusable' any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28387", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b", "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe", "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3", "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7", "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177", "https://nvd.nist.gov/vuln/detail/CVE-2026-28387", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28387", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:20.7Z", "LastModifiedDate": "2026-05-12T13:17:33.27Z" }, { "VulnerabilityID": "CVE-2026-28388", "PkgID": "libcrypto3@3.5.5-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.5-r0?arch=x86_64\u0026distro=3.22.3", "UID": "ed0ef3c0494f7b12" }, "InstalledVersion": "3.5.5-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28388", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:09cef8b6c53adc1bbdef396dac41e0773faf2bb570a4c502852c5d04f4b3096c", "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing", "Description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28388", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28388", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:20.863Z", "LastModifiedDate": "2026-05-12T13:17:33.453Z" }, { "VulnerabilityID": "CVE-2026-28389", "PkgID": "libcrypto3@3.5.5-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.5-r0?arch=x86_64\u0026distro=3.22.3", "UID": "ed0ef3c0494f7b12" }, "InstalledVersion": "3.5.5-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28389", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:a0a233624da77ad604d827bdcbe04acc23a825ffa322cdb7f3307137f5b75f6a", "Title": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing", "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28389", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/advisories/GHSA-7x88-9hgc-69gf", "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28389", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.03Z", "LastModifiedDate": "2026-05-12T13:17:33.637Z" }, { "VulnerabilityID": "CVE-2026-28390", "PkgID": "libcrypto3@3.5.5-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.5-r0?arch=x86_64\u0026distro=3.22.3", "UID": "ed0ef3c0494f7b12" }, "InstalledVersion": "3.5.5-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28390", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:16c2cc152cd01d493300539eecfd1010538012b4810327399711cb9f339a0fd0", "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing", "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28390", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", "https://nvd.nist.gov/vuln/detail/CVE-2026-28390", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28390", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.19Z", "LastModifiedDate": "2026-05-12T13:17:33.81Z" }, { "VulnerabilityID": "CVE-2026-2673", "PkgID": "libcrypto3@3.5.5-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.5-r0?arch=x86_64\u0026distro=3.22.3", "UID": "ed0ef3c0494f7b12" }, "InstalledVersion": "3.5.5-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-2673", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:cb5dab7426ea33c7ed5038d2d09a6faabdc6e60df94846b6830126e53deea196", "Title": "openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group", "Description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-757" ], "VendorSeverity": { "amazon": 1, "julia": 3, "redhat": 2, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/13/3", "https://access.redhat.com/security/cve/CVE-2026-2673", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-wj64-gh9j-xm82", "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "https://openssl-library.org/news/secadv/20260313.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-2673" ], "PublishedDate": "2026-03-13T19:54:34.033Z", "LastModifiedDate": "2026-05-18T20:16:37.763Z" }, { "VulnerabilityID": "CVE-2026-31790", "PkgID": "libcrypto3@3.5.5-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.5-r0?arch=x86_64\u0026distro=3.22.3", "UID": "ed0ef3c0494f7b12" }, "InstalledVersion": "3.5.5-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31790", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:0eb9cb7f3dfae1e2fcd5ea7b70f78eeab1875c50b05ac2ee693452ea8bb916ca", "Title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key", "Description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-754" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31790", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-vgxx-5xj5-q97x", "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-31790", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.77Z", "LastModifiedDate": "2026-05-12T13:17:34.75Z" }, { "VulnerabilityID": "CVE-2026-32776", "PkgID": "libexpat@2.7.4-r0", "PkgName": "libexpat", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libexpat@2.7.4-r0?arch=x86_64\u0026distro=3.22.3", "UID": "3880c6da81ca34e8" }, "InstalledVersion": "2.7.4-r0", "FixedVersion": "2.7.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32776", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:0cc612974c9b74e93b306a08845e73ef5f8bfd2e58d73833a57f228a910419df", "Title": "libexpat: libexpat: Denial of Service due to NULL pointer dereference", "Description": "libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 2, "azure": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32776", "https://github.com/libexpat/libexpat/pull/1158", "https://github.com/libexpat/libexpat/pull/1159", "https://nvd.nist.gov/vuln/detail/CVE-2026-32776", "https://www.cve.org/CVERecord?id=CVE-2026-32776" ], "PublishedDate": "2026-03-16T14:19:44.6Z", "LastModifiedDate": "2026-03-17T15:52:09.023Z" }, { "VulnerabilityID": "CVE-2026-32777", "PkgID": "libexpat@2.7.4-r0", "PkgName": "libexpat", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libexpat@2.7.4-r0?arch=x86_64\u0026distro=3.22.3", "UID": "3880c6da81ca34e8" }, "InstalledVersion": "2.7.4-r0", "FixedVersion": "2.7.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32777", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:93951fc94218dcb7c35789ced16d777705cd26ae66060d7e825fe3ffa75acbd8", "Title": "libexpat: libexpat: Denial of Service via infinite loop in DTD content parsing", "Description": "libexpat before 2.7.5 allows an infinite loop while parsing DTD content.", "Severity": "MEDIUM", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "amazon": 2, "azure": 1, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32777", "https://github.com/libexpat/libexpat/issues/1161", "https://github.com/libexpat/libexpat/pull/1159", "https://github.com/libexpat/libexpat/pull/1162", "https://issues.oss-fuzz.com/issues/486993411", "https://nvd.nist.gov/vuln/detail/CVE-2026-32777", "https://www.cve.org/CVERecord?id=CVE-2026-32777" ], "PublishedDate": "2026-03-16T14:19:44.78Z", "LastModifiedDate": "2026-03-17T15:52:34.357Z" }, { "VulnerabilityID": "CVE-2026-32778", "PkgID": "libexpat@2.7.4-r0", "PkgName": "libexpat", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libexpat@2.7.4-r0?arch=x86_64\u0026distro=3.22.3", "UID": "3880c6da81ca34e8" }, "InstalledVersion": "2.7.4-r0", "FixedVersion": "2.7.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32778", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:5d2091ef346c5e39af796766cb7af175f6d503dd6744d635548d2b12944a66f6", "Title": "libexpat: libexpat: Denial of Service via NULL pointer dereference after out-of-memory condition", "Description": "libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 2, "azure": 1, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32778", "https://github.com/libexpat/libexpat/pull/1159", "https://github.com/libexpat/libexpat/pull/1163", "https://nvd.nist.gov/vuln/detail/CVE-2026-32778", "https://www.cve.org/CVERecord?id=CVE-2026-32778" ], "PublishedDate": "2026-03-16T14:19:44.97Z", "LastModifiedDate": "2026-03-17T15:52:53.16Z" }, { "VulnerabilityID": "CVE-2026-31789", "PkgID": "libssl3@3.5.5-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.5-r0?arch=x86_64\u0026distro=3.22.3", "UID": "1bea070325a2bc82" }, "InstalledVersion": "3.5.5-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31789", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:be634179647d2d6bf28bd7650859577d3856be24ca1e407408b075af498be6f5", "Title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing", "Description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "CRITICAL", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "azure": 2, "nvd": 4, "photon": 4, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", "V3Score": 5.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31789", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-j79m-9jxq-788r", "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-31789", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.617Z", "LastModifiedDate": "2026-05-12T13:17:34.57Z" }, { "VulnerabilityID": "CVE-2026-28387", "PkgID": "libssl3@3.5.5-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.5-r0?arch=x86_64\u0026distro=3.22.3", "UID": "1bea070325a2bc82" }, "InstalledVersion": "3.5.5-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28387", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:049ea0fd359bbb21b9ec368226288bc864c03f3947393386c75becb97c8f9b0c", "Title": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication", "Description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as 'unusable' any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28387", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b", "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe", "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3", "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7", "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177", "https://nvd.nist.gov/vuln/detail/CVE-2026-28387", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28387", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:20.7Z", "LastModifiedDate": "2026-05-12T13:17:33.27Z" }, { "VulnerabilityID": "CVE-2026-28388", "PkgID": "libssl3@3.5.5-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.5-r0?arch=x86_64\u0026distro=3.22.3", "UID": "1bea070325a2bc82" }, "InstalledVersion": "3.5.5-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28388", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:3e6aa5f4563a463c85e4da935432615145301baa1db2d407fa23a05acb843d60", "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing", "Description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28388", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28388", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:20.863Z", "LastModifiedDate": "2026-05-12T13:17:33.453Z" }, { "VulnerabilityID": "CVE-2026-28389", "PkgID": "libssl3@3.5.5-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.5-r0?arch=x86_64\u0026distro=3.22.3", "UID": "1bea070325a2bc82" }, "InstalledVersion": "3.5.5-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28389", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:ddc36e8bac9281fc869c307d239c9e08d5cc96f81b43389a1fad958738ce108b", "Title": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing", "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28389", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/advisories/GHSA-7x88-9hgc-69gf", "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28389", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.03Z", "LastModifiedDate": "2026-05-12T13:17:33.637Z" }, { "VulnerabilityID": "CVE-2026-28390", "PkgID": "libssl3@3.5.5-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.5-r0?arch=x86_64\u0026distro=3.22.3", "UID": "1bea070325a2bc82" }, "InstalledVersion": "3.5.5-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28390", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:8b9bab504c4ea9f3882f4deebbb91277243933f4b3dff33673bd65d46ecf1649", "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing", "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28390", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", "https://nvd.nist.gov/vuln/detail/CVE-2026-28390", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28390", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.19Z", "LastModifiedDate": "2026-05-12T13:17:33.81Z" }, { "VulnerabilityID": "CVE-2026-2673", "PkgID": "libssl3@3.5.5-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.5-r0?arch=x86_64\u0026distro=3.22.3", "UID": "1bea070325a2bc82" }, "InstalledVersion": "3.5.5-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-2673", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:5fc45d73145f34ca02e0e99914e1b435eb08c49a5dff44c4dc431a09953fee44", "Title": "openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group", "Description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-757" ], "VendorSeverity": { "amazon": 1, "julia": 3, "redhat": 2, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/13/3", "https://access.redhat.com/security/cve/CVE-2026-2673", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-wj64-gh9j-xm82", "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "https://openssl-library.org/news/secadv/20260313.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-2673" ], "PublishedDate": "2026-03-13T19:54:34.033Z", "LastModifiedDate": "2026-05-18T20:16:37.763Z" }, { "VulnerabilityID": "CVE-2026-31790", "PkgID": "libssl3@3.5.5-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.5-r0?arch=x86_64\u0026distro=3.22.3", "UID": "1bea070325a2bc82" }, "InstalledVersion": "3.5.5-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31790", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:9270ffa7e75a9db08122818b50397c6efb37d67692422c588fd0555622889608", "Title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key", "Description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-754" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31790", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-vgxx-5xj5-q97x", "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-31790", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.77Z", "LastModifiedDate": "2026-05-12T13:17:34.75Z" }, { "VulnerabilityID": "CVE-2026-40200", "PkgID": "musl@1.2.5-r10", "PkgName": "musl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl@1.2.5-r10?arch=x86_64\u0026distro=3.22.3", "UID": "55e7e479f5580f45" }, "InstalledVersion": "1.2.5-r10", "FixedVersion": "1.2.5-r12", "Status": "fixed", "Layer": { "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40200", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:43afa579712c03c64f9c2272098fb76d56d5391f1ebf34ff8a2c63ef6493de2f", "Title": "musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort", "Description": "An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).", "Severity": "HIGH", "CweIDs": [ "CWE-670" ], "VendorSeverity": { "redhat": 3 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/10/13", "https://access.redhat.com/security/cve/CVE-2026-40200", "https://musl.libc.org/releases.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-40200", "https://www.cve.org/CVERecord?id=CVE-2026-40200", "https://www.openwall.com/lists/oss-security/2026/04/10/13" ], "PublishedDate": "2026-04-10T17:17:14.107Z", "LastModifiedDate": "2026-04-27T19:18:46.69Z" }, { "VulnerabilityID": "CVE-2026-6042", "PkgID": "musl@1.2.5-r10", "PkgName": "musl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl@1.2.5-r10?arch=x86_64\u0026distro=3.22.3", "UID": "55e7e479f5580f45" }, "InstalledVersion": "1.2.5-r10", "FixedVersion": "1.2.5-r11", "Status": "fixed", "Layer": { "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6042", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:1d95c99a8b94850cd81b35e0f28e89e8d88ff9d26f3e8866077cb0cfc863e1aa", "Title": "musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv", "Description": "A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.", "Severity": "MEDIUM", "CweIDs": [ "CWE-404", "CWE-407" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/09/19", "https://access.redhat.com/security/cve/CVE-2026-6042", "https://nvd.nist.gov/vuln/detail/CVE-2026-6042", "https://vuldb.com/submit/796352", "https://vuldb.com/vuln/356620", "https://vuldb.com/vuln/356620/cti", "https://www.cve.org/CVERecord?id=CVE-2026-6042", "https://www.openwall.com/lists/oss-security/2026/04/02/10", "https://www.openwall.com/lists/oss-security/2026/04/03/2" ], "PublishedDate": "2026-04-10T09:16:25.45Z", "LastModifiedDate": "2026-04-24T18:01:13.913Z" }, { "VulnerabilityID": "CVE-2026-40200", "PkgID": "musl-utils@1.2.5-r10", "PkgName": "musl-utils", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r10?arch=x86_64\u0026distro=3.22.3", "UID": "73256102bfd5faee" }, "InstalledVersion": "1.2.5-r10", "FixedVersion": "1.2.5-r12", "Status": "fixed", "Layer": { "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40200", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:ab510d0f412ca4e0a46924139c6d6d61cf73f74c2a6cdca7022b4061b138202c", "Title": "musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort", "Description": "An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).", "Severity": "HIGH", "CweIDs": [ "CWE-670" ], "VendorSeverity": { "redhat": 3 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/10/13", "https://access.redhat.com/security/cve/CVE-2026-40200", "https://musl.libc.org/releases.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-40200", "https://www.cve.org/CVERecord?id=CVE-2026-40200", "https://www.openwall.com/lists/oss-security/2026/04/10/13" ], "PublishedDate": "2026-04-10T17:17:14.107Z", "LastModifiedDate": "2026-04-27T19:18:46.69Z" }, { "VulnerabilityID": "CVE-2026-6042", "PkgID": "musl-utils@1.2.5-r10", "PkgName": "musl-utils", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r10?arch=x86_64\u0026distro=3.22.3", "UID": "73256102bfd5faee" }, "InstalledVersion": "1.2.5-r10", "FixedVersion": "1.2.5-r11", "Status": "fixed", "Layer": { "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6042", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:ccdacb7232308bac553c7d4624d5104564ab17aef11af4bbd38e0f79d0fd3be2", "Title": "musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv", "Description": "A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.", "Severity": "MEDIUM", "CweIDs": [ "CWE-404", "CWE-407" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/09/19", "https://access.redhat.com/security/cve/CVE-2026-6042", "https://nvd.nist.gov/vuln/detail/CVE-2026-6042", "https://vuldb.com/submit/796352", "https://vuldb.com/vuln/356620", "https://vuldb.com/vuln/356620/cti", "https://www.cve.org/CVERecord?id=CVE-2026-6042", "https://www.openwall.com/lists/oss-security/2026/04/02/10", "https://www.openwall.com/lists/oss-security/2026/04/03/2" ], "PublishedDate": "2026-04-10T09:16:25.45Z", "LastModifiedDate": "2026-04-24T18:01:13.913Z" }, { "VulnerabilityID": "CVE-2026-27135", "PkgID": "nghttp2-libs@1.65.0-r0", "PkgName": "nghttp2-libs", "PkgIdentifier": { "PURL": "pkg:apk/alpine/nghttp2-libs@1.65.0-r0?arch=x86_64\u0026distro=3.22.3", "UID": "9a7f544dd9c7674" }, "InstalledVersion": "1.65.0-r0", "FixedVersion": "1.68.1", "Status": "fixed", "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27135", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:802df03a9353ea29ea8733367af7701142c9a652bbab793272db18002050aee6", "Title": "nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination", "Description": "nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_terminate_session2` is called by the application. They might be called internally by the library when it detects the situation that is subject to connection error. Due to the missing internal state validation, the library keeps reading the rest of the data after one of those APIs is called. Then receiving a malformed frame that causes FRAME_SIZE_ERROR causes assertion failure. nghttp2 v1.68.1 adds missing state validation to avoid assertion failure. No known workarounds are available.", "Severity": "HIGH", "CweIDs": [ "CWE-617" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/20/3", "https://access.redhat.com/errata/RHSA-2026:7896", "https://access.redhat.com/security/cve/CVE-2026-27135", "https://bugzilla.redhat.com/2441268", "https://bugzilla.redhat.com/2442922", "https://bugzilla.redhat.com/2448754", "https://bugzilla.redhat.com/2453151", "https://bugzilla.redhat.com/show_bug.cgi?id=2448754", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27135", "https://errata.almalinux.org/9/ALSA-2026-7896.html", "https://errata.rockylinux.org/RLSA-2026:7668", "https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1", "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6", "https://linux.oracle.com/cve/CVE-2026-27135.html", "https://linux.oracle.com/errata/ELSA-2026-8339.html", "https://lists.debian.org/debian-lts-announce/2026/05/msg00025.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-27135", "https://ubuntu.com/security/notices/USN-8233-1", "https://ubuntu.com/security/notices/USN-8233-2", "https://www.cve.org/CVERecord?id=CVE-2026-27135" ], "PublishedDate": "2026-03-18T18:16:26.723Z", "LastModifiedDate": "2026-05-13T22:16:42.337Z" }, { "VulnerabilityID": "CVE-2026-34743", "PkgID": "xz-libs@5.8.1-r0", "PkgName": "xz-libs", "PkgIdentifier": { "PURL": "pkg:apk/alpine/xz-libs@5.8.1-r0?arch=x86_64\u0026distro=3.22.3", "UID": "8bd18e17467b35f2" }, "InstalledVersion": "5.8.1-r0", "FixedVersion": "5.8.3-r0", "Status": "fixed", "Layer": { "Digest": "sha256:1fcbc7e2173b002129155d6a49c72902ecd77697450af95d5b95fa2c8ab2840e", "DiffID": "sha256:ed3e961f6af3136616d62dee9260aa610e1c789076ace3a021e0f719c3e8a808" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34743", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:211ea29ca499d86ee48931936edc92682a7aed1406746fb43d43240ba5722546", "Title": "xz: XZ Utils: Denial of Service via buffer overflow in index decoding", "Description": "XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.", "Severity": "MEDIUM", "CweIDs": [ "CWE-122" ], "VendorSeverity": { "azure": 1, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/31/13", "https://access.redhat.com/security/cve/CVE-2026-34743", "https://github.com/tukaani-project/xz/commit/c8c22869e780ff57c96b46939c3d79ff99395f87", "https://github.com/tukaani-project/xz/releases/tag/v5.8.3", "https://github.com/tukaani-project/xz/security/advisories/GHSA-x872-m794-cxhv", "https://nvd.nist.gov/vuln/detail/CVE-2026-34743", "https://www.cve.org/CVERecord?id=CVE-2026-34743" ], "PublishedDate": "2026-04-02T19:21:33.187Z", "LastModifiedDate": "2026-04-15T17:33:17.68Z" }, { "VulnerabilityID": "CVE-2026-22184", "PkgID": "zlib@1.3.1-r2", "PkgName": "zlib", "PkgIdentifier": { "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.22.3", "UID": "23095b6210429e11" }, "InstalledVersion": "1.3.1-r2", "FixedVersion": "1.3.2-r0", "Status": "fixed", "Layer": { "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22184", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:e7d4426f62c0daddea1e5dbc5ddea15667bc07e867676a895f8c54a60d36a617", "Title": "zlib: zlib: Arbitrary code execution via buffer overflow in untgz utility", "Description": "zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "nvd": 3, "redhat": 3 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "V3Score": 8.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-22184", "https://github.com/madler/zlib", "https://github.com/madler/zlib/issues/1142", "https://nvd.nist.gov/vuln/detail/CVE-2026-22184", "https://seclists.org/fulldisclosure/2026/Jan/3", "https://www.cve.org/CVERecord?id=CVE-2026-22184", "https://www.vulncheck.com/advisories/zlib-untgz-global-buffer-overflow-in-tgzfname", "https://zlib.net/" ], "PublishedDate": "2026-01-07T21:16:01.563Z", "LastModifiedDate": "2026-03-18T16:26:31.14Z" }, { "VulnerabilityID": "CVE-2026-27171", "PkgID": "zlib@1.3.1-r2", "PkgName": "zlib", "PkgIdentifier": { "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.22.3", "UID": "23095b6210429e11" }, "InstalledVersion": "1.3.1-r2", "FixedVersion": "1.3.2-r0", "Status": "fixed", "Layer": { "Digest": "sha256:d49a2dee86fb12766dd648402d010ca105846a41bd58738454e53780d4bb8e97", "DiffID": "sha256:cce92674e98722970ab3fdce76a2566f54db535beeb24f0b4397f070ab5f6987" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27171", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:c46dc11f46382d99d09b989c40591aada072802649b54e6cda41d56b73a3b33d", "Title": "zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions", "Description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", "Severity": "MEDIUM", "CweIDs": [ "CWE-1284" ], "VendorSeverity": { "amazon": 1, "azure": 1, "cbl-mariner": 1, "julia": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 2.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit", "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", "https://access.redhat.com/security/cve/CVE-2026-27171", "https://github.com/advisories/GHSA-h858-mf2m-8jf4", "https://github.com/madler/zlib/issues/904", "https://github.com/madler/zlib/releases/tag/v1.3.2", "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", "https://ostif.org/zlib-audit-complete", "https://ostif.org/zlib-audit-complete/", "https://www.cve.org/CVERecord?id=CVE-2026-27171" ], "PublishedDate": "2026-02-18T04:16:01.263Z", "LastModifiedDate": "2026-03-25T21:27:04.603Z" } ] }, { "Target": "app/gitea/gitea", "Class": "lang-pkgs", "Type": "gobinary", "Packages": [ { "ID": "code.gitea.io/gitea@v1.25.5", "Name": "code.gitea.io/gitea", "Identifier": { "PURL": "pkg:golang/code.gitea.io/gitea@v1.25.5", "UID": "ee9ef9432b153018" }, "Version": "v1.25.5", "Relationship": "root", "DependsOn": [ "cloud.google.com/go/compute/metadata@v0.8.0", "code.gitea.io/actions-proto-go@v0.4.1", "code.gitea.io/sdk/gitea@v0.22.0", "codeberg.org/gusted/mcaptcha@v0.0.0-20220723083913-4f3072e1d570", "connectrpc.com/connect@v1.18.1", "dario.cat/mergo@v1.0.2", "filippo.io/edwards25519@v1.1.0", "gitea.com/gitea/act@v0.261.7-0.20251003180512-ac6e4b751763", "gitea.com/gitea/go-xsd-duration@v0.0.0-20220703122237-02e73435a078", "gitea.com/go-chi/binding@v0.0.0-20240430071103-39a851e106ed", "gitea.com/go-chi/cache@v0.2.1", "gitea.com/go-chi/captcha@v0.0.0-20240315150714-fb487f629098", "gitea.com/go-chi/session@v0.0.0-20240316035857-16768d98ec96", "gitea.com/lunny/dingtalk_webhook@v0.0.0-20171025031554-e3534c89ef96", "gitea.com/lunny/levelqueue@v0.4.2-0.20230414023320-3c0159fe0fe4", "github.com/42wim/httpsig@v1.2.3", "github.com/42wim/sshsig@v0.0.0-20250502153856-5100632e8920", "github.com/6543/go-version@v1.3.1", "github.com/Azure/azure-sdk-for-go/sdk/azcore@v1.19.0", "github.com/Azure/azure-sdk-for-go/sdk/internal@v1.11.2", "github.com/Azure/azure-sdk-for-go/sdk/storage/azblob@v1.6.2", "github.com/Azure/go-ntlmssp@v0.0.0-20221128193559-754e69321358", "github.com/DataDog/zstd@v1.5.7", "github.com/Necoro/html2text@v0.0.0-20250804200300-7bf1ce1c7347", "github.com/ProtonMail/go-crypto@v1.3.0", "github.com/RoaringBitmap/roaring/v2@v2.10.0", "github.com/STARRY-S/zip@v0.2.3", "github.com/SaveTheRbtz/zstd-seekable-format-go/pkg@v0.8.0", "github.com/alecthomas/chroma/v2@v2.20.0", "github.com/andybalholm/brotli@v1.2.0", "github.com/anmitsu/go-shlex@v0.0.0-20200514113438-38f4b401e2be", "github.com/aws/aws-sdk-go-v2/credentials@v1.18.10", "github.com/aws/aws-sdk-go-v2/internal/configsources@v1.4.6", "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.7.6", "github.com/aws/aws-sdk-go-v2/service/codecommit@v1.32.2", "github.com/aws/aws-sdk-go-v2@v1.38.3", "github.com/aws/smithy-go@v1.23.0", "github.com/aymerick/douceur@v0.2.0", "github.com/beorn7/perks@v1.0.1", "github.com/bits-and-blooms/bitset@v1.24.0", "github.com/blakesmith/ar@v0.0.0-20190502131153-809d4375e1fb", "github.com/blevesearch/bleve/v2@v2.5.3", "github.com/blevesearch/bleve_index_api@v1.2.9", "github.com/blevesearch/geo@v0.2.4", "github.com/blevesearch/go-porterstemmer@v1.0.3", "github.com/blevesearch/gtreap@v0.1.1", "github.com/blevesearch/mmap-go@v1.0.4", "github.com/blevesearch/scorch_segment_api/v2@v2.3.11", "github.com/blevesearch/segment@v0.9.1", "github.com/blevesearch/snowballstem@v0.9.0", "github.com/blevesearch/upsidedown_store_api@v1.0.2", "github.com/blevesearch/vellum@v1.1.0", "github.com/blevesearch/zapx/v11@v11.4.2", "github.com/blevesearch/zapx/v12@v12.4.2", "github.com/blevesearch/zapx/v13@v13.4.2", "github.com/blevesearch/zapx/v14@v14.4.2", "github.com/blevesearch/zapx/v15@v15.4.2", "github.com/blevesearch/zapx/v16@v16.2.4", "github.com/bmatcuk/doublestar/v4@v4.9.1", "github.com/bodgit/plumbing@v1.3.0", "github.com/bodgit/sevenzip@v1.6.1", "github.com/bodgit/windows@v1.0.1", "github.com/bohde/codel@v0.2.0", "github.com/boombuler/barcode@v1.1.0", "github.com/bradfitz/gomemcache@v0.0.0-20250403215159-8d39553ac7cf", "github.com/buildkite/terminal-to-html/v3@v3.16.8", "github.com/caddyserver/certmagic@v0.24.0", "github.com/caddyserver/zerossl@v0.1.3", "github.com/cention-sany/utf7@v0.0.0-20170124080048-26cad61bd60a", "github.com/cespare/xxhash/v2@v2.3.0", "github.com/charmbracelet/git-lfs-transfer@v0.1.1-0.20251013092601-6327009efd21", "github.com/chi-middleware/proxy@v1.1.1", "github.com/cloudflare/circl@v1.6.3", "github.com/couchbase/go-couchbase@v0.1.1", "github.com/couchbase/gomemcached@v0.3.3", "github.com/couchbase/goutils@v0.1.2", "github.com/cpuguy83/go-md2man/v2@v2.0.7", "github.com/cyphar/filepath-securejoin@v0.4.1", "github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", "github.com/dgryski/go-rendezvous@v0.0.0-20200823014737-9f7001d12a5f", "github.com/dimiro1/reply@v0.0.0-20200315094148-d0136a4c9e21", "github.com/djherbis/buffer@v1.2.0", "github.com/djherbis/nio/v3@v3.0.1", "github.com/dlclark/regexp2@v1.11.5", "github.com/dsnet/compress@v0.0.2-0.20230904184137-39efe44ab707", "github.com/dustin/go-humanize@v1.0.1", "github.com/editorconfig/editorconfig-core-go/v2@v2.6.3", "github.com/emersion/go-imap@v1.2.1", "github.com/emersion/go-sasl@v0.0.0-20241020182733-b788ff22d5a6", "github.com/emirpasic/gods@v1.18.1", "github.com/ethantkoenig/rupture@v1.0.1", "github.com/fatih/color@v1.18.0", "github.com/felixge/fgprof@v0.9.5", "github.com/fsnotify/fsnotify@v1.9.0", "github.com/fxamacker/cbor/v2@v2.9.0", "github.com/git-lfs/pktline@v0.0.0-20230103162542-ca444d533ef1", "github.com/gliderlabs/ssh@v0.3.8", "github.com/go-ap/activitypub@v0.0.0-20250810115208-cb73b20a1742", "github.com/go-ap/errors@v0.0.0-20250527110557-c8db454e53fd", "github.com/go-ap/jsonld@v0.0.0-20221030091449-f2a191312c73", "github.com/go-asn1-ber/asn1-ber@v1.5.8-0.20250403174932-29230038a667", "github.com/go-chi/chi/v5@v5.2.3", "github.com/go-chi/cors@v1.2.2", "github.com/go-co-op/gocron@v1.37.0", "github.com/go-enry/go-enry/v2@v2.9.2", "github.com/go-fed/httpsig@v1.1.1-0.20201223112313-55836744818e", "github.com/go-git/gcfg@v1.5.1-0.20230307220236-3a3c6141e376", "github.com/go-git/go-billy/v5@v5.6.2", "github.com/go-git/go-git/v5@v5.16.5", "github.com/go-ini/ini@v1.67.0", "github.com/go-ldap/ldap/v3@v3.4.11", "github.com/go-redsync/redsync/v4@v4.13.0", "github.com/go-sql-driver/mysql@v1.9.3", "github.com/go-webauthn/webauthn@v0.13.4", "github.com/go-webauthn/x@v0.1.24", "github.com/goccy/go-json@v0.10.5", "github.com/gogs/chardet@v0.0.0-20211120154057-b7413eaefb8f", "github.com/gogs/go-gogs-client@v0.0.0-20210131175652-1d7215cd8d85", "github.com/golang-jwt/jwt/v4@v4.5.2", "github.com/golang-jwt/jwt/v5@v5.3.0", "github.com/golang-sql/civil@v0.0.0-20220223132316-b832511892a9", "github.com/golang-sql/sqlexp@v0.1.0", "github.com/golang/groupcache@v0.0.0-20241129210726-2c02b8208cf8", "github.com/golang/protobuf@v1.5.4", "github.com/golang/snappy@v1.0.0", "github.com/google/btree@v1.1.3", "github.com/google/flatbuffers@v25.2.10+incompatible", "github.com/google/go-github/v74@v74.0.0", "github.com/google/go-querystring@v1.1.0", "github.com/google/go-tpm@v0.9.5", "github.com/google/licenseclassifier/v2@v2.0.0", "github.com/google/pprof@v0.0.0-20250820193118-f64d9cf942d6", "github.com/google/uuid@v1.6.0", "github.com/gorilla/css@v1.0.1", "github.com/gorilla/feeds@v1.2.0", "github.com/gorilla/mux@v1.8.1", "github.com/gorilla/securecookie@v1.1.2", "github.com/gorilla/sessions@v1.4.0", "github.com/hashicorp/errwrap@v1.1.0", "github.com/hashicorp/go-cleanhttp@v0.5.2", "github.com/hashicorp/go-multierror@v1.1.1", "github.com/hashicorp/go-retryablehttp@v0.7.8", "github.com/hashicorp/golang-lru/v2@v2.0.7", "github.com/huandu/xstrings@v1.5.0", "github.com/jbenet/go-context@v0.0.0-20150711004518-d14ea06fba99", "github.com/jhillyerd/enmime@v1.3.0", "github.com/josharian/intern@v1.0.0", "github.com/json-iterator/go@v1.1.12", "github.com/kballard/go-shellquote@v0.0.0-20180428030007-95032a82bc51", "github.com/kevinburke/ssh_config@v1.4.0", "github.com/klauspost/compress@v1.18.0", "github.com/klauspost/cpuid/v2@v2.3.0", "github.com/klauspost/pgzip@v1.2.6", "github.com/lib/pq@v1.10.9", "github.com/libdns/libdns@v1.1.1", "github.com/mailru/easyjson@v0.9.0", "github.com/markbates/going@v1.0.3", "github.com/markbates/goth@v1.82.0", "github.com/mattn/go-colorable@v0.1.14", "github.com/mattn/go-isatty@v0.0.20", "github.com/mattn/go-runewidth@v0.0.16", "github.com/mattn/go-shellwords@v1.0.12", "github.com/mattn/go-sqlite3@v1.14.32", "github.com/meilisearch/meilisearch-go@v0.33.2", "github.com/mholt/acmez/v3@v3.1.2", "github.com/mholt/archives@v0.1.5-0.20251009205813-e30ac6010726", "github.com/microcosm-cc/bluemonday@v1.0.27", "github.com/microsoft/go-mssqldb@v1.9.3", "github.com/miekg/dns@v1.1.68", "github.com/mikelolasagasti/xz@v1.0.1", "github.com/minio/crc64nvme@v1.1.1", "github.com/minio/md5-simd@v1.1.2", "github.com/minio/minio-go/v7@v7.0.95", "github.com/minio/minlz@v1.0.1", "github.com/mitchellh/mapstructure@v1.5.0", "github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", "github.com/modern-go/reflect2@v1.0.2", "github.com/mrjones/oauth@v0.0.0-20190623134757-126b35219450", "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", "github.com/niklasfasching/go-org@v1.9.1", "github.com/nwaples/rardecode/v2@v2.2.0", "github.com/olekukonko/cat@v0.0.0-20250817074551-3280053e4e00", "github.com/olekukonko/errors@v1.1.0", "github.com/olekukonko/ll@v0.1.0", "github.com/olekukonko/tablewriter@v1.0.9", "github.com/olivere/elastic/v7@v7.0.32", "github.com/opencontainers/go-digest@v1.0.0", "github.com/opencontainers/image-spec@v1.1.1", "github.com/philhofer/fwd@v1.2.0", "github.com/pierrec/lz4/v4@v4.1.22", "github.com/pjbgf/sha1cd@v0.4.0", "github.com/pkg/errors@v0.9.1", "github.com/pmezard/go-difflib@v1.0.1-0.20181226105442-5d4384ee4fb2", "github.com/pquerna/otp@v1.5.0", "github.com/prometheus/client_golang@v1.23.0", "github.com/prometheus/client_model@v0.6.2", "github.com/prometheus/common@v0.65.0", "github.com/prometheus/procfs@v0.17.0", "github.com/redis/go-redis/v9@v9.12.1", "github.com/rhysd/actionlint@v1.7.7", "github.com/rivo/uniseg@v0.4.7", "github.com/robfig/cron/v3@v3.0.1", "github.com/rs/xid@v1.6.0", "github.com/russross/blackfriday/v2@v2.1.0", "github.com/santhosh-tekuri/jsonschema/v5@v5.3.1", "github.com/sassoftware/go-rpmutils@v0.4.0", "github.com/sergi/go-diff@v1.4.0", "github.com/sirupsen/logrus@v1.9.3", "github.com/skeema/knownhosts@v1.3.1", "github.com/sorairolake/lzip-go@v0.3.8", "github.com/spf13/afero@v1.15.0", "github.com/ssor/bom@v0.0.0-20170718123548-6386211fdfcf", "github.com/stretchr/testify@v1.11.1", "github.com/syndtr/goleveldb@v1.0.0", "github.com/tinylib/msgp@v1.4.0", "github.com/tstranex/u2f@v1.0.0", "github.com/ulikunitz/xz@v0.5.15", "github.com/unknwon/com@v1.0.1", "github.com/urfave/cli-docs/v3@v3.0.0-alpha6", "github.com/urfave/cli/v3@v3.4.1", "github.com/valyala/fastjson@v1.6.4", "github.com/wneessen/go-mail@v0.7.2", "github.com/x448/float16@v0.8.4", "github.com/xanzy/ssh-agent@v0.3.3", "github.com/xi2/xz@v0.0.0-20171230120015-48954b6210f8", "github.com/yohcop/openid-go@v1.0.1", "github.com/yuin/goldmark-highlighting/v2@v2.0.0-20230729083705-37449abec8cc", "github.com/yuin/goldmark-meta@v1.1.0", "github.com/yuin/goldmark@v1.7.13", "github.com/zeebo/blake3@v0.2.4", "gitlab.com/gitlab-org/api/client-go@v0.142.4", "go.etcd.io/bbolt@v1.4.3", "go.uber.org/atomic@v1.11.0", "go.uber.org/multierr@v1.11.0", "go.uber.org/zap/exp@v0.3.0", "go.uber.org/zap@v1.27.0", "go4.org@v0.0.0-20230225012048-214862532bf5", "golang.org/x/crypto@v0.45.0", "golang.org/x/image@v0.30.0", "golang.org/x/mod@v0.29.0", "golang.org/x/net@v0.47.0", "golang.org/x/oauth2@v0.30.0", "golang.org/x/sync@v0.18.0", "golang.org/x/sys@v0.38.0", "golang.org/x/text@v0.31.0", "golang.org/x/time@v0.12.0", "google.golang.org/genproto/googleapis/rpc@v0.0.0-20250826171959-ef028d996bc1", "google.golang.org/grpc@v1.75.0", "google.golang.org/protobuf@v1.36.8", "gopkg.in/ini.v1@v1.67.0", "gopkg.in/warnings.v0@v0.1.2", "gopkg.in/yaml.v2@v2.4.0", "gopkg.in/yaml.v3@v3.0.1", "mvdan.cc/xurls/v2@v2.6.0", "stdlib@v1.25.8", "strk.kbt.io/projects/go/libravatar@v0.0.0-20191008002943-06d1c002b251", "xorm.io/builder@v0.3.13", "xorm.io/xorm@v1.3.10" ], "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "stdlib@v1.25.8", "Name": "stdlib", "Identifier": { "PURL": "pkg:golang/stdlib@v1.25.8", "UID": "48e381d4b7a397b1" }, "Version": "v1.25.8", "Relationship": "direct", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "cloud.google.com/go/compute/metadata@v0.8.0", "Name": "cloud.google.com/go/compute/metadata", "Identifier": { "PURL": "pkg:golang/cloud.google.com/go/compute/metadata@v0.8.0", "UID": "a1374c3f58da8f2" }, "Version": "v0.8.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "code.gitea.io/actions-proto-go@v0.4.1", "Name": "code.gitea.io/actions-proto-go", "Identifier": { "PURL": "pkg:golang/code.gitea.io/actions-proto-go@v0.4.1", "UID": "e7d10fcb2ed9beb6" }, "Version": "v0.4.1", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "code.gitea.io/sdk/gitea@v0.22.0", "Name": "code.gitea.io/sdk/gitea", "Identifier": { "PURL": "pkg:golang/code.gitea.io/sdk/gitea@v0.22.0", "UID": "d1cc0c27e4f8f93f" }, "Version": "v0.22.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "codeberg.org/gusted/mcaptcha@v0.0.0-20220723083913-4f3072e1d570", "Name": "codeberg.org/gusted/mcaptcha", "Identifier": { "PURL": "pkg:golang/codeberg.org/gusted/mcaptcha@v0.0.0-20220723083913-4f3072e1d570", "UID": "86b6f6e56145d90c" }, "Version": "v0.0.0-20220723083913-4f3072e1d570", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "connectrpc.com/connect@v1.18.1", "Name": "connectrpc.com/connect", "Identifier": { "PURL": "pkg:golang/connectrpc.com/connect@v1.18.1", "UID": "bb90c3ef117523ad" }, "Version": "v1.18.1", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "dario.cat/mergo@v1.0.2", "Name": "dario.cat/mergo", "Identifier": { "PURL": "pkg:golang/dario.cat/mergo@v1.0.2", "UID": "931b76ee6604dbca" }, "Version": "v1.0.2", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "filippo.io/edwards25519@v1.1.0", "Name": "filippo.io/edwards25519", "Identifier": { "PURL": "pkg:golang/filippo.io/edwards25519@v1.1.0", "UID": "81960def009390a4" }, "Version": "v1.1.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "gitea.com/gitea/act@v0.261.7-0.20251003180512-ac6e4b751763", "Name": "gitea.com/gitea/act", "Identifier": { "PURL": "pkg:golang/gitea.com/gitea/act@v0.261.7-0.20251003180512-ac6e4b751763", "UID": "1c3d762b179616e3" }, "Version": "v0.261.7-0.20251003180512-ac6e4b751763", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "gitea.com/gitea/go-xsd-duration@v0.0.0-20220703122237-02e73435a078", "Name": "gitea.com/gitea/go-xsd-duration", "Identifier": { "PURL": "pkg:golang/gitea.com/gitea/go-xsd-duration@v0.0.0-20220703122237-02e73435a078", "UID": "11f0beead28b3d99" }, "Version": "v0.0.0-20220703122237-02e73435a078", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "gitea.com/go-chi/binding@v0.0.0-20240430071103-39a851e106ed", "Name": "gitea.com/go-chi/binding", "Identifier": { "PURL": "pkg:golang/gitea.com/go-chi/binding@v0.0.0-20240430071103-39a851e106ed", "UID": "12aa68bc2c369c5c" }, "Version": "v0.0.0-20240430071103-39a851e106ed", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "gitea.com/go-chi/cache@v0.2.1", "Name": "gitea.com/go-chi/cache", "Identifier": { "PURL": "pkg:golang/gitea.com/go-chi/cache@v0.2.1", "UID": "b0f7913bbccfba39" }, "Version": "v0.2.1", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "gitea.com/go-chi/captcha@v0.0.0-20240315150714-fb487f629098", "Name": "gitea.com/go-chi/captcha", "Identifier": { "PURL": "pkg:golang/gitea.com/go-chi/captcha@v0.0.0-20240315150714-fb487f629098", "UID": "1541aae19f3e388e" }, "Version": "v0.0.0-20240315150714-fb487f629098", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "gitea.com/go-chi/session@v0.0.0-20240316035857-16768d98ec96", "Name": "gitea.com/go-chi/session", "Identifier": { "PURL": "pkg:golang/gitea.com/go-chi/session@v0.0.0-20240316035857-16768d98ec96", "UID": "9a89165ee887d9dd" }, "Version": "v0.0.0-20240316035857-16768d98ec96", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "gitea.com/lunny/dingtalk_webhook@v0.0.0-20171025031554-e3534c89ef96", "Name": "gitea.com/lunny/dingtalk_webhook", "Identifier": { "PURL": "pkg:golang/gitea.com/lunny/dingtalk_webhook@v0.0.0-20171025031554-e3534c89ef96", "UID": "277bf731faa6664" }, "Version": "v0.0.0-20171025031554-e3534c89ef96", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "gitea.com/lunny/levelqueue@v0.4.2-0.20230414023320-3c0159fe0fe4", "Name": "gitea.com/lunny/levelqueue", "Identifier": { "PURL": "pkg:golang/gitea.com/lunny/levelqueue@v0.4.2-0.20230414023320-3c0159fe0fe4", "UID": "4000bf38b639f59d" }, "Version": "v0.4.2-0.20230414023320-3c0159fe0fe4", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/42wim/httpsig@v1.2.3", "Name": "github.com/42wim/httpsig", "Identifier": { "PURL": "pkg:golang/github.com/42wim/httpsig@v1.2.3", "UID": "fa253ca68fffb508" }, "Version": "v1.2.3", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/42wim/sshsig@v0.0.0-20250502153856-5100632e8920", "Name": "github.com/42wim/sshsig", "Identifier": { "PURL": "pkg:golang/github.com/42wim/sshsig@v0.0.0-20250502153856-5100632e8920", "UID": "88941c4f39f2218e" }, "Version": "v0.0.0-20250502153856-5100632e8920", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/6543/go-version@v1.3.1", "Name": "github.com/6543/go-version", "Identifier": { "PURL": "pkg:golang/github.com/6543/go-version@v1.3.1", "UID": "5968a06875d2e10a" }, "Version": "v1.3.1", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Azure/azure-sdk-for-go/sdk/azcore@v1.19.0", "Name": "github.com/Azure/azure-sdk-for-go/sdk/azcore", "Identifier": { "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/azcore@v1.19.0", "UID": "f4e76d20650770bb" }, "Version": "v1.19.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Azure/azure-sdk-for-go/sdk/internal@v1.11.2", "Name": "github.com/Azure/azure-sdk-for-go/sdk/internal", "Identifier": { "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/internal@v1.11.2", "UID": "3d76a60401cec655" }, "Version": "v1.11.2", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Azure/azure-sdk-for-go/sdk/storage/azblob@v1.6.2", "Name": "github.com/Azure/azure-sdk-for-go/sdk/storage/azblob", "Identifier": { "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/storage/azblob@v1.6.2", "UID": "5d90f750159f77c1" }, "Version": "v1.6.2", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Azure/go-ntlmssp@v0.0.0-20221128193559-754e69321358", "Name": "github.com/Azure/go-ntlmssp", "Identifier": { "PURL": "pkg:golang/github.com/azure/go-ntlmssp@v0.0.0-20221128193559-754e69321358", "UID": "89db9f082fcddcb4" }, "Version": "v0.0.0-20221128193559-754e69321358", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/DataDog/zstd@v1.5.7", "Name": "github.com/DataDog/zstd", "Identifier": { "PURL": "pkg:golang/github.com/datadog/zstd@v1.5.7", "UID": "701dc2de3a15122a" }, "Version": "v1.5.7", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Necoro/html2text@v0.0.0-20250804200300-7bf1ce1c7347", "Name": "github.com/Necoro/html2text", "Identifier": { "PURL": "pkg:golang/github.com/necoro/html2text@v0.0.0-20250804200300-7bf1ce1c7347", "UID": "d68a480b0db7827f" }, "Version": "v0.0.0-20250804200300-7bf1ce1c7347", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/ProtonMail/go-crypto@v1.3.0", "Name": "github.com/ProtonMail/go-crypto", "Identifier": { "PURL": "pkg:golang/github.com/protonmail/go-crypto@v1.3.0", "UID": "1debc130e8e4abda" }, "Version": "v1.3.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/RoaringBitmap/roaring/v2@v2.10.0", "Name": "github.com/RoaringBitmap/roaring/v2", "Identifier": { "PURL": "pkg:golang/github.com/roaringbitmap/roaring/v2@v2.10.0", "UID": "b709874801eea9f4" }, "Version": "v2.10.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/STARRY-S/zip@v0.2.3", "Name": "github.com/STARRY-S/zip", "Identifier": { "PURL": "pkg:golang/github.com/starry-s/zip@v0.2.3", "UID": "c15698ff9922f9d7" }, "Version": "v0.2.3", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/SaveTheRbtz/zstd-seekable-format-go/pkg@v0.8.0", "Name": "github.com/SaveTheRbtz/zstd-seekable-format-go/pkg", "Identifier": { "PURL": "pkg:golang/github.com/savetherbtz/zstd-seekable-format-go/pkg@v0.8.0", "UID": "cdccc7229a055094" }, "Version": "v0.8.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/alecthomas/chroma/v2@v2.20.0", "Name": "github.com/alecthomas/chroma/v2", "Identifier": { "PURL": "pkg:golang/github.com/alecthomas/chroma/v2@v2.20.0", "UID": "bf7447923fb18a08" }, "Version": "v2.20.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/andybalholm/brotli@v1.2.0", "Name": "github.com/andybalholm/brotli", "Identifier": { "PURL": "pkg:golang/github.com/andybalholm/brotli@v1.2.0", "UID": "c8a2557ebc0c78c0" }, "Version": "v1.2.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/anmitsu/go-shlex@v0.0.0-20200514113438-38f4b401e2be", "Name": "github.com/anmitsu/go-shlex", "Identifier": { "PURL": "pkg:golang/github.com/anmitsu/go-shlex@v0.0.0-20200514113438-38f4b401e2be", "UID": "64bf08fcda7c059e" }, "Version": "v0.0.0-20200514113438-38f4b401e2be", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2@v1.38.3", "Name": "github.com/aws/aws-sdk-go-v2", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2@v1.38.3", "UID": "c6b3ca3ece72dc7" }, "Version": "v1.38.3", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/credentials@v1.18.10", "Name": "github.com/aws/aws-sdk-go-v2/credentials", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/credentials@v1.18.10", "UID": "59d11dbca8c179eb" }, "Version": "v1.18.10", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/internal/configsources@v1.4.6", "Name": "github.com/aws/aws-sdk-go-v2/internal/configsources", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/internal/configsources@v1.4.6", "UID": "5ab86077bc4dedbc" }, "Version": "v1.4.6", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.7.6", "Name": "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.7.6", "UID": "c422f5124ba33bbe" }, "Version": "v2.7.6", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/service/codecommit@v1.32.2", "Name": "github.com/aws/aws-sdk-go-v2/service/codecommit", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/codecommit@v1.32.2", "UID": "5992d55a25669ad8" }, "Version": "v1.32.2", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/smithy-go@v1.23.0", "Name": "github.com/aws/smithy-go", "Identifier": { "PURL": "pkg:golang/github.com/aws/smithy-go@v1.23.0", "UID": "cf485a487b450159" }, "Version": "v1.23.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aymerick/douceur@v0.2.0", "Name": "github.com/aymerick/douceur", "Identifier": { "PURL": "pkg:golang/github.com/aymerick/douceur@v0.2.0", "UID": "8d05df4e9f659af3" }, "Version": "v0.2.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/beorn7/perks@v1.0.1", "Name": "github.com/beorn7/perks", "Identifier": { "PURL": "pkg:golang/github.com/beorn7/perks@v1.0.1", "UID": "59949fd7aa86cd5c" }, "Version": "v1.0.1", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/bits-and-blooms/bitset@v1.24.0", "Name": "github.com/bits-and-blooms/bitset", "Identifier": { "PURL": "pkg:golang/github.com/bits-and-blooms/bitset@v1.24.0", "UID": "f1d261715287bd5" }, "Version": "v1.24.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/blakesmith/ar@v0.0.0-20190502131153-809d4375e1fb", "Name": "github.com/blakesmith/ar", "Identifier": { "PURL": "pkg:golang/github.com/blakesmith/ar@v0.0.0-20190502131153-809d4375e1fb", "UID": "bbc5f68e5b8f94bf" }, "Version": "v0.0.0-20190502131153-809d4375e1fb", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/blevesearch/bleve/v2@v2.5.3", "Name": "github.com/blevesearch/bleve/v2", "Identifier": { "PURL": "pkg:golang/github.com/blevesearch/bleve/v2@v2.5.3", "UID": "4b0badda3220b460" }, "Version": "v2.5.3", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/blevesearch/bleve_index_api@v1.2.9", "Name": "github.com/blevesearch/bleve_index_api", "Identifier": { "PURL": "pkg:golang/github.com/blevesearch/bleve_index_api@v1.2.9", "UID": "e96336b7d9e5de41" }, "Version": "v1.2.9", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/blevesearch/geo@v0.2.4", "Name": "github.com/blevesearch/geo", "Identifier": { "PURL": "pkg:golang/github.com/blevesearch/geo@v0.2.4", "UID": "e41c5edff739225f" }, "Version": "v0.2.4", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/blevesearch/go-porterstemmer@v1.0.3", "Name": "github.com/blevesearch/go-porterstemmer", "Identifier": { "PURL": "pkg:golang/github.com/blevesearch/go-porterstemmer@v1.0.3", "UID": "90dce8dcad02a53a" }, "Version": "v1.0.3", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/blevesearch/gtreap@v0.1.1", "Name": "github.com/blevesearch/gtreap", "Identifier": { "PURL": "pkg:golang/github.com/blevesearch/gtreap@v0.1.1", "UID": "11f175438f27cd5" }, "Version": "v0.1.1", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/blevesearch/mmap-go@v1.0.4", "Name": "github.com/blevesearch/mmap-go", "Identifier": { "PURL": "pkg:golang/github.com/blevesearch/mmap-go@v1.0.4", "UID": "41f60e68aa1909fb" }, "Version": "v1.0.4", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/blevesearch/scorch_segment_api/v2@v2.3.11", "Name": "github.com/blevesearch/scorch_segment_api/v2", "Identifier": { "PURL": "pkg:golang/github.com/blevesearch/scorch_segment_api/v2@v2.3.11", "UID": "1e5a2321da3197bd" }, "Version": "v2.3.11", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/blevesearch/segment@v0.9.1", "Name": "github.com/blevesearch/segment", "Identifier": { "PURL": "pkg:golang/github.com/blevesearch/segment@v0.9.1", "UID": "ec1d5a1cfbcc7eb9" }, "Version": "v0.9.1", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/blevesearch/snowballstem@v0.9.0", "Name": "github.com/blevesearch/snowballstem", "Identifier": { "PURL": "pkg:golang/github.com/blevesearch/snowballstem@v0.9.0", "UID": "75ebb74450b5cf29" }, "Version": "v0.9.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/blevesearch/upsidedown_store_api@v1.0.2", "Name": "github.com/blevesearch/upsidedown_store_api", "Identifier": { "PURL": "pkg:golang/github.com/blevesearch/upsidedown_store_api@v1.0.2", "UID": "a9056ff3c17e826c" }, "Version": "v1.0.2", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/blevesearch/vellum@v1.1.0", "Name": "github.com/blevesearch/vellum", "Identifier": { "PURL": "pkg:golang/github.com/blevesearch/vellum@v1.1.0", "UID": "aca6f5f651b89045" }, "Version": "v1.1.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/blevesearch/zapx/v11@v11.4.2", "Name": "github.com/blevesearch/zapx/v11", "Identifier": { "PURL": "pkg:golang/github.com/blevesearch/zapx/v11@v11.4.2", "UID": "b372607eddba6496" }, "Version": "v11.4.2", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/blevesearch/zapx/v12@v12.4.2", "Name": "github.com/blevesearch/zapx/v12", "Identifier": { "PURL": "pkg:golang/github.com/blevesearch/zapx/v12@v12.4.2", "UID": "7ca270076f5db225" }, "Version": "v12.4.2", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/blevesearch/zapx/v13@v13.4.2", "Name": "github.com/blevesearch/zapx/v13", "Identifier": { "PURL": "pkg:golang/github.com/blevesearch/zapx/v13@v13.4.2", "UID": "b29e59d72edbda88" }, "Version": "v13.4.2", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/blevesearch/zapx/v14@v14.4.2", "Name": "github.com/blevesearch/zapx/v14", "Identifier": { "PURL": "pkg:golang/github.com/blevesearch/zapx/v14@v14.4.2", "UID": "39918f56fdf26790" }, "Version": "v14.4.2", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/blevesearch/zapx/v15@v15.4.2", "Name": "github.com/blevesearch/zapx/v15", "Identifier": { "PURL": "pkg:golang/github.com/blevesearch/zapx/v15@v15.4.2", "UID": "5e4203896f47c5d7" }, "Version": "v15.4.2", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/blevesearch/zapx/v16@v16.2.4", "Name": "github.com/blevesearch/zapx/v16", "Identifier": { "PURL": "pkg:golang/github.com/blevesearch/zapx/v16@v16.2.4", "UID": "4fb6c837bc06a5b9" }, "Version": "v16.2.4", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/bmatcuk/doublestar/v4@v4.9.1", "Name": "github.com/bmatcuk/doublestar/v4", "Identifier": { "PURL": "pkg:golang/github.com/bmatcuk/doublestar/v4@v4.9.1", "UID": "9d93a58c72b700f5" }, "Version": "v4.9.1", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/bodgit/plumbing@v1.3.0", "Name": "github.com/bodgit/plumbing", "Identifier": { "PURL": "pkg:golang/github.com/bodgit/plumbing@v1.3.0", "UID": "17bc5892826d6c1d" }, "Version": "v1.3.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/bodgit/sevenzip@v1.6.1", "Name": "github.com/bodgit/sevenzip", "Identifier": { "PURL": "pkg:golang/github.com/bodgit/sevenzip@v1.6.1", "UID": "6a1765a102b75ce4" }, "Version": "v1.6.1", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/bodgit/windows@v1.0.1", "Name": "github.com/bodgit/windows", "Identifier": { "PURL": "pkg:golang/github.com/bodgit/windows@v1.0.1", "UID": "9dc97aadf21a31c6" }, "Version": "v1.0.1", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/bohde/codel@v0.2.0", "Name": "github.com/bohde/codel", "Identifier": { "PURL": "pkg:golang/github.com/bohde/codel@v0.2.0", "UID": "a6017cd3f762c6a4" }, "Version": "v0.2.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/boombuler/barcode@v1.1.0", "Name": "github.com/boombuler/barcode", "Identifier": { "PURL": "pkg:golang/github.com/boombuler/barcode@v1.1.0", "UID": "ee840fdce8a9faa" }, "Version": "v1.1.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/bradfitz/gomemcache@v0.0.0-20250403215159-8d39553ac7cf", "Name": "github.com/bradfitz/gomemcache", "Identifier": { "PURL": "pkg:golang/github.com/bradfitz/gomemcache@v0.0.0-20250403215159-8d39553ac7cf", "UID": "68198f1ee3374cca" }, "Version": "v0.0.0-20250403215159-8d39553ac7cf", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/buildkite/terminal-to-html/v3@v3.16.8", "Name": "github.com/buildkite/terminal-to-html/v3", "Identifier": { "PURL": "pkg:golang/github.com/buildkite/terminal-to-html/v3@v3.16.8", "UID": "f284a2008b6cfd98" }, "Version": "v3.16.8", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/caddyserver/certmagic@v0.24.0", "Name": "github.com/caddyserver/certmagic", "Identifier": { "PURL": "pkg:golang/github.com/caddyserver/certmagic@v0.24.0", "UID": "f29c69c9a807138f" }, "Version": "v0.24.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/caddyserver/zerossl@v0.1.3", "Name": "github.com/caddyserver/zerossl", "Identifier": { "PURL": "pkg:golang/github.com/caddyserver/zerossl@v0.1.3", "UID": "feaad9405f23dbed" }, "Version": "v0.1.3", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cention-sany/utf7@v0.0.0-20170124080048-26cad61bd60a", "Name": "github.com/cention-sany/utf7", "Identifier": { "PURL": "pkg:golang/github.com/cention-sany/utf7@v0.0.0-20170124080048-26cad61bd60a", "UID": "bf0bd4839f073fe8" }, "Version": "v0.0.0-20170124080048-26cad61bd60a", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cespare/xxhash/v2@v2.3.0", "Name": "github.com/cespare/xxhash/v2", "Identifier": { "PURL": "pkg:golang/github.com/cespare/xxhash/v2@v2.3.0", "UID": "5f16bc7a7758cd8d" }, "Version": "v2.3.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/charmbracelet/git-lfs-transfer@v0.1.1-0.20251013092601-6327009efd21", "Name": "github.com/charmbracelet/git-lfs-transfer", "Identifier": { "PURL": "pkg:golang/github.com/charmbracelet/git-lfs-transfer@v0.1.1-0.20251013092601-6327009efd21", "UID": "2956e175a5df4a69" }, "Version": "v0.1.1-0.20251013092601-6327009efd21", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/chi-middleware/proxy@v1.1.1", "Name": "github.com/chi-middleware/proxy", "Identifier": { "PURL": "pkg:golang/github.com/chi-middleware/proxy@v1.1.1", "UID": "46a4f6b9b50f329a" }, "Version": "v1.1.1", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cloudflare/circl@v1.6.3", "Name": "github.com/cloudflare/circl", "Identifier": { "PURL": "pkg:golang/github.com/cloudflare/circl@v1.6.3", "UID": "da92f3bfe44246ad" }, "Version": "v1.6.3", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/couchbase/go-couchbase@v0.1.1", "Name": "github.com/couchbase/go-couchbase", "Identifier": { "PURL": "pkg:golang/github.com/couchbase/go-couchbase@v0.1.1", "UID": "bb2bf9982fbc414f" }, "Version": "v0.1.1", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/couchbase/gomemcached@v0.3.3", "Name": "github.com/couchbase/gomemcached", "Identifier": { "PURL": "pkg:golang/github.com/couchbase/gomemcached@v0.3.3", "UID": "d40d8bf989b62fdb" }, "Version": "v0.3.3", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/couchbase/goutils@v0.1.2", "Name": "github.com/couchbase/goutils", "Identifier": { "PURL": "pkg:golang/github.com/couchbase/goutils@v0.1.2", "UID": "92b7fe2e0bdaf36" }, "Version": "v0.1.2", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cpuguy83/go-md2man/v2@v2.0.7", "Name": "github.com/cpuguy83/go-md2man/v2", "Identifier": { "PURL": "pkg:golang/github.com/cpuguy83/go-md2man/v2@v2.0.7", "UID": "5625eb6e48d02555" }, "Version": "v2.0.7", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cyphar/filepath-securejoin@v0.4.1", "Name": "github.com/cyphar/filepath-securejoin", "Identifier": { "PURL": "pkg:golang/github.com/cyphar/filepath-securejoin@v0.4.1", "UID": "ca519a256d79d9a6" }, "Version": "v0.4.1", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", "Name": "github.com/davecgh/go-spew", "Identifier": { "PURL": "pkg:golang/github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", "UID": "756beb4e27c6cbb8" }, "Version": "v1.1.2-0.20180830191138-d8f796af33cc", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/dgryski/go-rendezvous@v0.0.0-20200823014737-9f7001d12a5f", "Name": "github.com/dgryski/go-rendezvous", "Identifier": { "PURL": "pkg:golang/github.com/dgryski/go-rendezvous@v0.0.0-20200823014737-9f7001d12a5f", "UID": "6389067d0e340633" }, "Version": "v0.0.0-20200823014737-9f7001d12a5f", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/dimiro1/reply@v0.0.0-20200315094148-d0136a4c9e21", "Name": "github.com/dimiro1/reply", "Identifier": { "PURL": "pkg:golang/github.com/dimiro1/reply@v0.0.0-20200315094148-d0136a4c9e21", "UID": "d3a6f66151f2b8e3" }, "Version": "v0.0.0-20200315094148-d0136a4c9e21", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/djherbis/buffer@v1.2.0", "Name": "github.com/djherbis/buffer", "Identifier": { "PURL": "pkg:golang/github.com/djherbis/buffer@v1.2.0", "UID": "7917ab0ec08d18bc" }, "Version": "v1.2.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/djherbis/nio/v3@v3.0.1", "Name": "github.com/djherbis/nio/v3", "Identifier": { "PURL": "pkg:golang/github.com/djherbis/nio/v3@v3.0.1", "UID": "e10a2bf701b5b422" }, "Version": "v3.0.1", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/dlclark/regexp2@v1.11.5", "Name": "github.com/dlclark/regexp2", "Identifier": { "PURL": "pkg:golang/github.com/dlclark/regexp2@v1.11.5", "UID": "5269d628f733eb06" }, "Version": "v1.11.5", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/dsnet/compress@v0.0.2-0.20230904184137-39efe44ab707", "Name": "github.com/dsnet/compress", "Identifier": { "PURL": "pkg:golang/github.com/dsnet/compress@v0.0.2-0.20230904184137-39efe44ab707", "UID": "351d189b19033141" }, "Version": "v0.0.2-0.20230904184137-39efe44ab707", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/dustin/go-humanize@v1.0.1", "Name": "github.com/dustin/go-humanize", "Identifier": { "PURL": "pkg:golang/github.com/dustin/go-humanize@v1.0.1", "UID": "d44766e4cad2b386" }, "Version": "v1.0.1", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/editorconfig/editorconfig-core-go/v2@v2.6.3", "Name": "github.com/editorconfig/editorconfig-core-go/v2", "Identifier": { "PURL": "pkg:golang/github.com/editorconfig/editorconfig-core-go/v2@v2.6.3", "UID": "bf422f232c334188" }, "Version": "v2.6.3", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/emersion/go-imap@v1.2.1", "Name": "github.com/emersion/go-imap", "Identifier": { "PURL": "pkg:golang/github.com/emersion/go-imap@v1.2.1", "UID": "73690b7057fa7f24" }, "Version": "v1.2.1", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/emersion/go-sasl@v0.0.0-20241020182733-b788ff22d5a6", "Name": "github.com/emersion/go-sasl", "Identifier": { "PURL": "pkg:golang/github.com/emersion/go-sasl@v0.0.0-20241020182733-b788ff22d5a6", "UID": "8f825e4de02df8c1" }, "Version": "v0.0.0-20241020182733-b788ff22d5a6", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/emirpasic/gods@v1.18.1", "Name": "github.com/emirpasic/gods", "Identifier": { "PURL": "pkg:golang/github.com/emirpasic/gods@v1.18.1", "UID": "bb4f93acbb2aebe9" }, "Version": "v1.18.1", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/ethantkoenig/rupture@v1.0.1", "Name": "github.com/ethantkoenig/rupture", "Identifier": { "PURL": "pkg:golang/github.com/ethantkoenig/rupture@v1.0.1", "UID": "873ff08486403b7b" }, "Version": "v1.0.1", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/fatih/color@v1.18.0", "Name": "github.com/fatih/color", "Identifier": { "PURL": "pkg:golang/github.com/fatih/color@v1.18.0", "UID": "3267bac4ab3acf4a" }, "Version": "v1.18.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/felixge/fgprof@v0.9.5", "Name": "github.com/felixge/fgprof", "Identifier": { "PURL": "pkg:golang/github.com/felixge/fgprof@v0.9.5", "UID": "afbf431486955ca9" }, "Version": "v0.9.5", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/fsnotify/fsnotify@v1.9.0", "Name": "github.com/fsnotify/fsnotify", "Identifier": { "PURL": "pkg:golang/github.com/fsnotify/fsnotify@v1.9.0", "UID": "3d6d432a4c95adee" }, "Version": "v1.9.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/fxamacker/cbor/v2@v2.9.0", "Name": "github.com/fxamacker/cbor/v2", "Identifier": { "PURL": "pkg:golang/github.com/fxamacker/cbor/v2@v2.9.0", "UID": "c3df033c11af1336" }, "Version": "v2.9.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/git-lfs/pktline@v0.0.0-20230103162542-ca444d533ef1", "Name": "github.com/git-lfs/pktline", "Identifier": { "PURL": "pkg:golang/github.com/git-lfs/pktline@v0.0.0-20230103162542-ca444d533ef1", "UID": "5892bf7e6c534549" }, "Version": "v0.0.0-20230103162542-ca444d533ef1", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/gliderlabs/ssh@v0.3.8", "Name": "github.com/gliderlabs/ssh", "Identifier": { "PURL": "pkg:golang/github.com/gliderlabs/ssh@v0.3.8", "UID": "d6944f8b9c15014a" }, "Version": "v0.3.8", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-ap/activitypub@v0.0.0-20250810115208-cb73b20a1742", "Name": "github.com/go-ap/activitypub", "Identifier": { "PURL": "pkg:golang/github.com/go-ap/activitypub@v0.0.0-20250810115208-cb73b20a1742", "UID": "74f555f627d50dc6" }, "Version": "v0.0.0-20250810115208-cb73b20a1742", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-ap/errors@v0.0.0-20250527110557-c8db454e53fd", "Name": "github.com/go-ap/errors", "Identifier": { "PURL": "pkg:golang/github.com/go-ap/errors@v0.0.0-20250527110557-c8db454e53fd", "UID": "bd0382596c38d3ea" }, "Version": "v0.0.0-20250527110557-c8db454e53fd", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-ap/jsonld@v0.0.0-20221030091449-f2a191312c73", "Name": "github.com/go-ap/jsonld", "Identifier": { "PURL": "pkg:golang/github.com/go-ap/jsonld@v0.0.0-20221030091449-f2a191312c73", "UID": "f352ea46ca733308" }, "Version": "v0.0.0-20221030091449-f2a191312c73", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-asn1-ber/asn1-ber@v1.5.8-0.20250403174932-29230038a667", "Name": "github.com/go-asn1-ber/asn1-ber", "Identifier": { "PURL": "pkg:golang/github.com/go-asn1-ber/asn1-ber@v1.5.8-0.20250403174932-29230038a667", "UID": "cb8026144c824c05" }, "Version": "v1.5.8-0.20250403174932-29230038a667", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-chi/chi/v5@v5.2.3", "Name": "github.com/go-chi/chi/v5", "Identifier": { "PURL": "pkg:golang/github.com/go-chi/chi/v5@v5.2.3", "UID": "3ce7ed70f7059d75" }, "Version": "v5.2.3", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-chi/cors@v1.2.2", "Name": "github.com/go-chi/cors", "Identifier": { "PURL": "pkg:golang/github.com/go-chi/cors@v1.2.2", "UID": "f5cb6d7a497dcd1c" }, "Version": "v1.2.2", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-co-op/gocron@v1.37.0", "Name": "github.com/go-co-op/gocron", "Identifier": { "PURL": "pkg:golang/github.com/go-co-op/gocron@v1.37.0", "UID": "91902bae9eada84a" }, "Version": "v1.37.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-enry/go-enry/v2@v2.9.2", "Name": "github.com/go-enry/go-enry/v2", "Identifier": { "PURL": "pkg:golang/github.com/go-enry/go-enry/v2@v2.9.2", "UID": "719131dbe907b120" }, "Version": "v2.9.2", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-fed/httpsig@v1.1.1-0.20201223112313-55836744818e", "Name": "github.com/go-fed/httpsig", "Identifier": { "PURL": "pkg:golang/github.com/go-fed/httpsig@v1.1.1-0.20201223112313-55836744818e", "UID": "3cc79f2671a014ef" }, "Version": "v1.1.1-0.20201223112313-55836744818e", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-git/gcfg@v1.5.1-0.20230307220236-3a3c6141e376", "Name": "github.com/go-git/gcfg", "Identifier": { "PURL": "pkg:golang/github.com/go-git/gcfg@v1.5.1-0.20230307220236-3a3c6141e376", "UID": "1752d3461b2a3c8c" }, "Version": "v1.5.1-0.20230307220236-3a3c6141e376", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-git/go-billy/v5@v5.6.2", "Name": "github.com/go-git/go-billy/v5", "Identifier": { "PURL": "pkg:golang/github.com/go-git/go-billy/v5@v5.6.2", "UID": "b26c271ca2b04f93" }, "Version": "v5.6.2", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-git/go-git/v5@v5.16.5", "Name": "github.com/go-git/go-git/v5", "Identifier": { "PURL": "pkg:golang/github.com/go-git/go-git/v5@v5.16.5", "UID": "19d984b6d8e0b0e5" }, "Version": "v5.16.5", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-ini/ini@v1.67.0", "Name": "github.com/go-ini/ini", "Identifier": { "PURL": "pkg:golang/github.com/go-ini/ini@v1.67.0", "UID": "9b50a5d2df154e60" }, "Version": "v1.67.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-ldap/ldap/v3@v3.4.11", "Name": "github.com/go-ldap/ldap/v3", "Identifier": { "PURL": "pkg:golang/github.com/go-ldap/ldap/v3@v3.4.11", "UID": "e1172f156af8b41a" }, "Version": "v3.4.11", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-redsync/redsync/v4@v4.13.0", "Name": "github.com/go-redsync/redsync/v4", "Identifier": { "PURL": "pkg:golang/github.com/go-redsync/redsync/v4@v4.13.0", "UID": "a39934f401f20d6f" }, "Version": "v4.13.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-sql-driver/mysql@v1.9.3", "Name": "github.com/go-sql-driver/mysql", "Identifier": { "PURL": "pkg:golang/github.com/go-sql-driver/mysql@v1.9.3", "UID": "30aca95dcc344a8c" }, "Version": "v1.9.3", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-webauthn/webauthn@v0.13.4", "Name": "github.com/go-webauthn/webauthn", "Identifier": { "PURL": "pkg:golang/github.com/go-webauthn/webauthn@v0.13.4", "UID": "27d5f4e1cecffef9" }, "Version": "v0.13.4", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-webauthn/x@v0.1.24", "Name": "github.com/go-webauthn/x", "Identifier": { "PURL": "pkg:golang/github.com/go-webauthn/x@v0.1.24", "UID": "346fda911e146b15" }, "Version": "v0.1.24", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/goccy/go-json@v0.10.5", "Name": "github.com/goccy/go-json", "Identifier": { "PURL": "pkg:golang/github.com/goccy/go-json@v0.10.5", "UID": "d0dcb83148419c6f" }, "Version": "v0.10.5", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/gogs/chardet@v0.0.0-20211120154057-b7413eaefb8f", "Name": "github.com/gogs/chardet", "Identifier": { "PURL": "pkg:golang/github.com/gogs/chardet@v0.0.0-20211120154057-b7413eaefb8f", "UID": "600c6a5d21c3aa34" }, "Version": "v0.0.0-20211120154057-b7413eaefb8f", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/gogs/go-gogs-client@v0.0.0-20210131175652-1d7215cd8d85", "Name": "github.com/gogs/go-gogs-client", "Identifier": { "PURL": "pkg:golang/github.com/gogs/go-gogs-client@v0.0.0-20210131175652-1d7215cd8d85", "UID": "345beb1995cdc70b" }, "Version": "v0.0.0-20210131175652-1d7215cd8d85", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/golang-jwt/jwt/v4@v4.5.2", "Name": "github.com/golang-jwt/jwt/v4", "Identifier": { "PURL": "pkg:golang/github.com/golang-jwt/jwt/v4@v4.5.2", "UID": "9776503ec3676a4e" }, "Version": "v4.5.2", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/golang-jwt/jwt/v5@v5.3.0", "Name": "github.com/golang-jwt/jwt/v5", "Identifier": { "PURL": "pkg:golang/github.com/golang-jwt/jwt/v5@v5.3.0", "UID": "a5269811bd709f1b" }, "Version": "v5.3.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/golang-sql/civil@v0.0.0-20220223132316-b832511892a9", "Name": "github.com/golang-sql/civil", "Identifier": { "PURL": "pkg:golang/github.com/golang-sql/civil@v0.0.0-20220223132316-b832511892a9", "UID": "b3a7dd665d3e5161" }, "Version": "v0.0.0-20220223132316-b832511892a9", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/golang-sql/sqlexp@v0.1.0", "Name": "github.com/golang-sql/sqlexp", "Identifier": { "PURL": "pkg:golang/github.com/golang-sql/sqlexp@v0.1.0", "UID": "c049db56715848cc" }, "Version": "v0.1.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/golang/groupcache@v0.0.0-20241129210726-2c02b8208cf8", "Name": "github.com/golang/groupcache", "Identifier": { "PURL": "pkg:golang/github.com/golang/groupcache@v0.0.0-20241129210726-2c02b8208cf8", "UID": "edbc9c754d1fe5f" }, "Version": "v0.0.0-20241129210726-2c02b8208cf8", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/golang/protobuf@v1.5.4", "Name": "github.com/golang/protobuf", "Identifier": { "PURL": "pkg:golang/github.com/golang/protobuf@v1.5.4", "UID": "340a3ab4d24f17c2" }, "Version": "v1.5.4", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/golang/snappy@v1.0.0", "Name": "github.com/golang/snappy", "Identifier": { "PURL": "pkg:golang/github.com/golang/snappy@v1.0.0", "UID": "d532f688a97303e3" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/btree@v1.1.3", "Name": "github.com/google/btree", "Identifier": { "PURL": "pkg:golang/github.com/google/btree@v1.1.3", "UID": "c28fd74e1e8ba3d4" }, "Version": "v1.1.3", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/flatbuffers@v25.2.10+incompatible", "Name": "github.com/google/flatbuffers", "Identifier": { "PURL": "pkg:golang/github.com/google/flatbuffers@v25.2.10%2Bincompatible", "UID": "4dc4b6260e208a9b" }, "Version": "v25.2.10+incompatible", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/go-github/v74@v74.0.0", "Name": "github.com/google/go-github/v74", "Identifier": { "PURL": "pkg:golang/github.com/google/go-github/v74@v74.0.0", "UID": "fc59501262a7f7c7" }, "Version": "v74.0.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/go-querystring@v1.1.0", "Name": "github.com/google/go-querystring", "Identifier": { "PURL": "pkg:golang/github.com/google/go-querystring@v1.1.0", "UID": "fdfcfe93cd67c826" }, "Version": "v1.1.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/go-tpm@v0.9.5", "Name": "github.com/google/go-tpm", "Identifier": { "PURL": "pkg:golang/github.com/google/go-tpm@v0.9.5", "UID": "f75acf1b27a916f3" }, "Version": "v0.9.5", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/licenseclassifier/v2@v2.0.0", "Name": "github.com/google/licenseclassifier/v2", "Identifier": { "PURL": "pkg:golang/github.com/google/licenseclassifier/v2@v2.0.0", "UID": "767649745b849fdf" }, "Version": "v2.0.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/pprof@v0.0.0-20250820193118-f64d9cf942d6", "Name": "github.com/google/pprof", "Identifier": { "PURL": "pkg:golang/github.com/google/pprof@v0.0.0-20250820193118-f64d9cf942d6", "UID": "3fa4c630fc8f4dbc" }, "Version": "v0.0.0-20250820193118-f64d9cf942d6", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/uuid@v1.6.0", "Name": "github.com/google/uuid", "Identifier": { "PURL": "pkg:golang/github.com/google/uuid@v1.6.0", "UID": "8c8cc436863d2c7e" }, "Version": "v1.6.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/gorilla/css@v1.0.1", "Name": "github.com/gorilla/css", "Identifier": { "PURL": "pkg:golang/github.com/gorilla/css@v1.0.1", "UID": "6f622f15dbc5b4c1" }, "Version": "v1.0.1", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/gorilla/feeds@v1.2.0", "Name": "github.com/gorilla/feeds", "Identifier": { "PURL": "pkg:golang/github.com/gorilla/feeds@v1.2.0", "UID": "d9ab964a7f2ad25d" }, "Version": "v1.2.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/gorilla/mux@v1.8.1", "Name": "github.com/gorilla/mux", "Identifier": { "PURL": "pkg:golang/github.com/gorilla/mux@v1.8.1", "UID": "749bc43d277d65e5" }, "Version": "v1.8.1", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/gorilla/securecookie@v1.1.2", "Name": "github.com/gorilla/securecookie", "Identifier": { "PURL": "pkg:golang/github.com/gorilla/securecookie@v1.1.2", "UID": "f8c7c4a52724f371" }, "Version": "v1.1.2", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/gorilla/sessions@v1.4.0", "Name": "github.com/gorilla/sessions", "Identifier": { "PURL": "pkg:golang/github.com/gorilla/sessions@v1.4.0", "UID": "13411e79b9107b5a" }, "Version": "v1.4.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/errwrap@v1.1.0", "Name": "github.com/hashicorp/errwrap", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/errwrap@v1.1.0", "UID": "99150288ed2f7502" }, "Version": "v1.1.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/go-cleanhttp@v0.5.2", "Name": "github.com/hashicorp/go-cleanhttp", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/go-cleanhttp@v0.5.2", "UID": "9dceb42b739c5c32" }, "Version": "v0.5.2", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/go-multierror@v1.1.1", "Name": "github.com/hashicorp/go-multierror", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/go-multierror@v1.1.1", "UID": "2e2205ae400e9e2c" }, "Version": "v1.1.1", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/go-retryablehttp@v0.7.8", "Name": "github.com/hashicorp/go-retryablehttp", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/go-retryablehttp@v0.7.8", "UID": "51aff31f0bf036c9" }, "Version": "v0.7.8", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/golang-lru/v2@v2.0.7", "Name": "github.com/hashicorp/golang-lru/v2", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/golang-lru/v2@v2.0.7", "UID": "3d7230f08ac97925" }, "Version": "v2.0.7", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/huandu/xstrings@v1.5.0", "Name": "github.com/huandu/xstrings", "Identifier": { "PURL": "pkg:golang/github.com/huandu/xstrings@v1.5.0", "UID": "fc730a2e8fdc95df" }, "Version": "v1.5.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/jbenet/go-context@v0.0.0-20150711004518-d14ea06fba99", "Name": "github.com/jbenet/go-context", "Identifier": { "PURL": "pkg:golang/github.com/jbenet/go-context@v0.0.0-20150711004518-d14ea06fba99", "UID": "38f3c474922312f6" }, "Version": "v0.0.0-20150711004518-d14ea06fba99", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/jhillyerd/enmime@v1.3.0", "Name": "github.com/jhillyerd/enmime", "Identifier": { "PURL": "pkg:golang/github.com/jhillyerd/enmime@v1.3.0", "UID": "438dc7d3f2694148" }, "Version": "v1.3.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/josharian/intern@v1.0.0", "Name": "github.com/josharian/intern", "Identifier": { "PURL": "pkg:golang/github.com/josharian/intern@v1.0.0", "UID": "683d62df42b25580" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/json-iterator/go@v1.1.12", "Name": "github.com/json-iterator/go", "Identifier": { "PURL": "pkg:golang/github.com/json-iterator/go@v1.1.12", "UID": "6b5fe979748b1454" }, "Version": "v1.1.12", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/kballard/go-shellquote@v0.0.0-20180428030007-95032a82bc51", "Name": "github.com/kballard/go-shellquote", "Identifier": { "PURL": "pkg:golang/github.com/kballard/go-shellquote@v0.0.0-20180428030007-95032a82bc51", "UID": "46b223931d2610be" }, "Version": "v0.0.0-20180428030007-95032a82bc51", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/kevinburke/ssh_config@v1.4.0", "Name": "github.com/kevinburke/ssh_config", "Identifier": { "PURL": "pkg:golang/github.com/kevinburke/ssh_config@v1.4.0", "UID": "40312f870fa29ea1" }, "Version": "v1.4.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/klauspost/compress@v1.18.0", "Name": "github.com/klauspost/compress", "Identifier": { "PURL": "pkg:golang/github.com/klauspost/compress@v1.18.0", "UID": "e9593a261542048f" }, "Version": "v1.18.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/klauspost/cpuid/v2@v2.3.0", "Name": "github.com/klauspost/cpuid/v2", "Identifier": { "PURL": "pkg:golang/github.com/klauspost/cpuid/v2@v2.3.0", "UID": "d3178f29042e061d" }, "Version": "v2.3.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/klauspost/pgzip@v1.2.6", "Name": "github.com/klauspost/pgzip", "Identifier": { "PURL": "pkg:golang/github.com/klauspost/pgzip@v1.2.6", "UID": "be981cef4960f202" }, "Version": "v1.2.6", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/lib/pq@v1.10.9", "Name": "github.com/lib/pq", "Identifier": { "PURL": "pkg:golang/github.com/lib/pq@v1.10.9", "UID": "98c1b380d34f5874" }, "Version": "v1.10.9", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/libdns/libdns@v1.1.1", "Name": "github.com/libdns/libdns", "Identifier": { "PURL": "pkg:golang/github.com/libdns/libdns@v1.1.1", "UID": "a3c4b881340baa7f" }, "Version": "v1.1.1", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mailru/easyjson@v0.9.0", "Name": "github.com/mailru/easyjson", "Identifier": { "PURL": "pkg:golang/github.com/mailru/easyjson@v0.9.0", "UID": "5d388e95f2fb59d8" }, "Version": "v0.9.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/markbates/going@v1.0.3", "Name": "github.com/markbates/going", "Identifier": { "PURL": "pkg:golang/github.com/markbates/going@v1.0.3", "UID": "ab8266f09f71283b" }, "Version": "v1.0.3", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/markbates/goth@v1.82.0", "Name": "github.com/markbates/goth", "Identifier": { "PURL": "pkg:golang/github.com/markbates/goth@v1.82.0", "UID": "976b3ebdf5190c6" }, "Version": "v1.82.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mattn/go-colorable@v0.1.14", "Name": "github.com/mattn/go-colorable", "Identifier": { "PURL": "pkg:golang/github.com/mattn/go-colorable@v0.1.14", "UID": "c16cf45c06e79acf" }, "Version": "v0.1.14", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mattn/go-isatty@v0.0.20", "Name": "github.com/mattn/go-isatty", "Identifier": { "PURL": "pkg:golang/github.com/mattn/go-isatty@v0.0.20", "UID": "2f5421b35bf75eab" }, "Version": "v0.0.20", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mattn/go-runewidth@v0.0.16", "Name": "github.com/mattn/go-runewidth", "Identifier": { "PURL": "pkg:golang/github.com/mattn/go-runewidth@v0.0.16", "UID": "730b4c1aa6ab9a2c" }, "Version": "v0.0.16", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mattn/go-shellwords@v1.0.12", "Name": "github.com/mattn/go-shellwords", "Identifier": { "PURL": "pkg:golang/github.com/mattn/go-shellwords@v1.0.12", "UID": "651d43a59d70bb03" }, "Version": "v1.0.12", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mattn/go-sqlite3@v1.14.32", "Name": "github.com/mattn/go-sqlite3", "Identifier": { "PURL": "pkg:golang/github.com/mattn/go-sqlite3@v1.14.32", "UID": "d812557c824c0278" }, "Version": "v1.14.32", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/meilisearch/meilisearch-go@v0.33.2", "Name": "github.com/meilisearch/meilisearch-go", "Identifier": { "PURL": "pkg:golang/github.com/meilisearch/meilisearch-go@v0.33.2", "UID": "7bdf2519fd05b261" }, "Version": "v0.33.2", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mholt/acmez/v3@v3.1.2", "Name": "github.com/mholt/acmez/v3", "Identifier": { "PURL": "pkg:golang/github.com/mholt/acmez/v3@v3.1.2", "UID": "3d703958381f87b5" }, "Version": "v3.1.2", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mholt/archives@v0.1.5-0.20251009205813-e30ac6010726", "Name": "github.com/mholt/archives", "Identifier": { "PURL": "pkg:golang/github.com/mholt/archives@v0.1.5-0.20251009205813-e30ac6010726", "UID": "b4bec91e6f0464b1" }, "Version": "v0.1.5-0.20251009205813-e30ac6010726", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/microcosm-cc/bluemonday@v1.0.27", "Name": "github.com/microcosm-cc/bluemonday", "Identifier": { "PURL": "pkg:golang/github.com/microcosm-cc/bluemonday@v1.0.27", "UID": "c3081e460ee872b" }, "Version": "v1.0.27", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/microsoft/go-mssqldb@v1.9.3", "Name": "github.com/microsoft/go-mssqldb", "Identifier": { "PURL": "pkg:golang/github.com/microsoft/go-mssqldb@v1.9.3", "UID": "867425ab113e0b58" }, "Version": "v1.9.3", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/miekg/dns@v1.1.68", "Name": "github.com/miekg/dns", "Identifier": { "PURL": "pkg:golang/github.com/miekg/dns@v1.1.68", "UID": "21c28a435c08b0c7" }, "Version": "v1.1.68", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mikelolasagasti/xz@v1.0.1", "Name": "github.com/mikelolasagasti/xz", "Identifier": { "PURL": "pkg:golang/github.com/mikelolasagasti/xz@v1.0.1", "UID": "2ed169776af7fbc6" }, "Version": "v1.0.1", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/minio/crc64nvme@v1.1.1", "Name": "github.com/minio/crc64nvme", "Identifier": { "PURL": "pkg:golang/github.com/minio/crc64nvme@v1.1.1", "UID": "91523945c88cf673" }, "Version": "v1.1.1", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/minio/md5-simd@v1.1.2", "Name": "github.com/minio/md5-simd", "Identifier": { "PURL": "pkg:golang/github.com/minio/md5-simd@v1.1.2", "UID": "52e869d999bd1a00" }, "Version": "v1.1.2", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/minio/minio-go/v7@v7.0.95", "Name": "github.com/minio/minio-go/v7", "Identifier": { "PURL": "pkg:golang/github.com/minio/minio-go/v7@v7.0.95", "UID": "b74c6f09172ed964" }, "Version": "v7.0.95", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/minio/minlz@v1.0.1", "Name": "github.com/minio/minlz", "Identifier": { "PURL": "pkg:golang/github.com/minio/minlz@v1.0.1", "UID": "70986ca2657d5626" }, "Version": "v1.0.1", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mitchellh/mapstructure@v1.5.0", "Name": "github.com/mitchellh/mapstructure", "Identifier": { "PURL": "pkg:golang/github.com/mitchellh/mapstructure@v1.5.0", "UID": "eba2e637f6073fe6" }, "Version": "v1.5.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", "Name": "github.com/modern-go/concurrent", "Identifier": { "PURL": "pkg:golang/github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", "UID": "6305581188e51b76" }, "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/modern-go/reflect2@v1.0.2", "Name": "github.com/modern-go/reflect2", "Identifier": { "PURL": "pkg:golang/github.com/modern-go/reflect2@v1.0.2", "UID": "fbe5ef02230e6de" }, "Version": "v1.0.2", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mrjones/oauth@v0.0.0-20190623134757-126b35219450", "Name": "github.com/mrjones/oauth", "Identifier": { "PURL": "pkg:golang/github.com/mrjones/oauth@v0.0.0-20190623134757-126b35219450", "UID": "ea2ebc4184e6e6a8" }, "Version": "v0.0.0-20190623134757-126b35219450", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", "Name": "github.com/munnerz/goautoneg", "Identifier": { "PURL": "pkg:golang/github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", "UID": "de98a7e62139db3c" }, "Version": "v0.0.0-20191010083416-a7dc8b61c822", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/niklasfasching/go-org@v1.9.1", "Name": "github.com/niklasfasching/go-org", "Identifier": { "PURL": "pkg:golang/github.com/niklasfasching/go-org@v1.9.1", "UID": "50a2ce6a4d90e986" }, "Version": "v1.9.1", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/nwaples/rardecode/v2@v2.2.0", "Name": "github.com/nwaples/rardecode/v2", "Identifier": { "PURL": "pkg:golang/github.com/nwaples/rardecode/v2@v2.2.0", "UID": "bc82081f58df82fa" }, "Version": "v2.2.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/olekukonko/cat@v0.0.0-20250817074551-3280053e4e00", "Name": "github.com/olekukonko/cat", "Identifier": { "PURL": "pkg:golang/github.com/olekukonko/cat@v0.0.0-20250817074551-3280053e4e00", "UID": "7f639fb6ffb974ca" }, "Version": "v0.0.0-20250817074551-3280053e4e00", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/olekukonko/errors@v1.1.0", "Name": "github.com/olekukonko/errors", "Identifier": { "PURL": "pkg:golang/github.com/olekukonko/errors@v1.1.0", "UID": "9c2e2e875cf8622b" }, "Version": "v1.1.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/olekukonko/ll@v0.1.0", "Name": "github.com/olekukonko/ll", "Identifier": { "PURL": "pkg:golang/github.com/olekukonko/ll@v0.1.0", "UID": "aef0ba04369cab32" }, "Version": "v0.1.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/olekukonko/tablewriter@v1.0.9", "Name": "github.com/olekukonko/tablewriter", "Identifier": { "PURL": "pkg:golang/github.com/olekukonko/tablewriter@v1.0.9", "UID": "ebbc3c0e0d0d202e" }, "Version": "v1.0.9", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/olivere/elastic/v7@v7.0.32", "Name": "github.com/olivere/elastic/v7", "Identifier": { "PURL": "pkg:golang/github.com/olivere/elastic/v7@v7.0.32", "UID": "a7a747869de845e0" }, "Version": "v7.0.32", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/opencontainers/go-digest@v1.0.0", "Name": "github.com/opencontainers/go-digest", "Identifier": { "PURL": "pkg:golang/github.com/opencontainers/go-digest@v1.0.0", "UID": "cef9935fb56bb114" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/opencontainers/image-spec@v1.1.1", "Name": "github.com/opencontainers/image-spec", "Identifier": { "PURL": "pkg:golang/github.com/opencontainers/image-spec@v1.1.1", "UID": "dad715a0f107d65a" }, "Version": "v1.1.1", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/philhofer/fwd@v1.2.0", "Name": "github.com/philhofer/fwd", "Identifier": { "PURL": "pkg:golang/github.com/philhofer/fwd@v1.2.0", "UID": "d41105b52ec6ab29" }, "Version": "v1.2.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/pierrec/lz4/v4@v4.1.22", "Name": "github.com/pierrec/lz4/v4", "Identifier": { "PURL": "pkg:golang/github.com/pierrec/lz4/v4@v4.1.22", "UID": "8a086cb9d35763f0" }, "Version": "v4.1.22", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/pjbgf/sha1cd@v0.4.0", "Name": "github.com/pjbgf/sha1cd", "Identifier": { "PURL": "pkg:golang/github.com/pjbgf/sha1cd@v0.4.0", "UID": "d31211086459f93" }, "Version": "v0.4.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/pkg/errors@v0.9.1", "Name": "github.com/pkg/errors", "Identifier": { "PURL": "pkg:golang/github.com/pkg/errors@v0.9.1", "UID": "630373933ae4be8e" }, "Version": "v0.9.1", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/pmezard/go-difflib@v1.0.1-0.20181226105442-5d4384ee4fb2", "Name": "github.com/pmezard/go-difflib", "Identifier": { "PURL": "pkg:golang/github.com/pmezard/go-difflib@v1.0.1-0.20181226105442-5d4384ee4fb2", "UID": "5c4e5147c9d7f474" }, "Version": "v1.0.1-0.20181226105442-5d4384ee4fb2", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/pquerna/otp@v1.5.0", "Name": "github.com/pquerna/otp", "Identifier": { "PURL": "pkg:golang/github.com/pquerna/otp@v1.5.0", "UID": "d7ea19c9d40abaa4" }, "Version": "v1.5.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/client_golang@v1.23.0", "Name": "github.com/prometheus/client_golang", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/client_golang@v1.23.0", "UID": "a855b0d0450649b0" }, "Version": "v1.23.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/client_model@v0.6.2", "Name": "github.com/prometheus/client_model", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/client_model@v0.6.2", "UID": "bf6f406a5a1b6a00" }, "Version": "v0.6.2", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/common@v0.65.0", "Name": "github.com/prometheus/common", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/common@v0.65.0", "UID": "a1f86cf77d168074" }, "Version": "v0.65.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/procfs@v0.17.0", "Name": "github.com/prometheus/procfs", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/procfs@v0.17.0", "UID": "80eba20cb2dd3bc6" }, "Version": "v0.17.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/redis/go-redis/v9@v9.12.1", "Name": "github.com/redis/go-redis/v9", "Identifier": { "PURL": "pkg:golang/github.com/redis/go-redis/v9@v9.12.1", "UID": "52212cb78249e7e9" }, "Version": "v9.12.1", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/rhysd/actionlint@v1.7.7", "Name": "github.com/rhysd/actionlint", "Identifier": { "PURL": "pkg:golang/github.com/rhysd/actionlint@v1.7.7", "UID": "f1f1f12dd2a1f843" }, "Version": "v1.7.7", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/rivo/uniseg@v0.4.7", "Name": "github.com/rivo/uniseg", "Identifier": { "PURL": "pkg:golang/github.com/rivo/uniseg@v0.4.7", "UID": "92b705614a85ed3a" }, "Version": "v0.4.7", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/robfig/cron/v3@v3.0.1", "Name": "github.com/robfig/cron/v3", "Identifier": { "PURL": "pkg:golang/github.com/robfig/cron/v3@v3.0.1", "UID": "e9476a1ba8da1e3d" }, "Version": "v3.0.1", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/rs/xid@v1.6.0", "Name": "github.com/rs/xid", "Identifier": { "PURL": "pkg:golang/github.com/rs/xid@v1.6.0", "UID": "6f237e952d57ba52" }, "Version": "v1.6.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/russross/blackfriday/v2@v2.1.0", "Name": "github.com/russross/blackfriday/v2", "Identifier": { "PURL": "pkg:golang/github.com/russross/blackfriday/v2@v2.1.0", "UID": "1965da1e0269c38" }, "Version": "v2.1.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/santhosh-tekuri/jsonschema/v5@v5.3.1", "Name": "github.com/santhosh-tekuri/jsonschema/v5", "Identifier": { "PURL": "pkg:golang/github.com/santhosh-tekuri/jsonschema/v5@v5.3.1", "UID": "883591b47af86c84" }, "Version": "v5.3.1", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/sassoftware/go-rpmutils@v0.4.0", "Name": "github.com/sassoftware/go-rpmutils", "Identifier": { "PURL": "pkg:golang/github.com/sassoftware/go-rpmutils@v0.4.0", "UID": "ddfe2bd426ee695f" }, "Version": "v0.4.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/sergi/go-diff@v1.4.0", "Name": "github.com/sergi/go-diff", "Identifier": { "PURL": "pkg:golang/github.com/sergi/go-diff@v1.4.0", "UID": "228ee6daeb9eb27c" }, "Version": "v1.4.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/sirupsen/logrus@v1.9.3", "Name": "github.com/sirupsen/logrus", "Identifier": { "PURL": "pkg:golang/github.com/sirupsen/logrus@v1.9.3", "UID": "1c5350ce10229010" }, "Version": "v1.9.3", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/skeema/knownhosts@v1.3.1", "Name": "github.com/skeema/knownhosts", "Identifier": { "PURL": "pkg:golang/github.com/skeema/knownhosts@v1.3.1", "UID": "112a16619e000685" }, "Version": "v1.3.1", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/sorairolake/lzip-go@v0.3.8", "Name": "github.com/sorairolake/lzip-go", "Identifier": { "PURL": "pkg:golang/github.com/sorairolake/lzip-go@v0.3.8", "UID": "a4ea81b766d21218" }, "Version": "v0.3.8", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/spf13/afero@v1.15.0", "Name": "github.com/spf13/afero", "Identifier": { "PURL": "pkg:golang/github.com/spf13/afero@v1.15.0", "UID": "dafc9067f97a7f50" }, "Version": "v1.15.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/ssor/bom@v0.0.0-20170718123548-6386211fdfcf", "Name": "github.com/ssor/bom", "Identifier": { "PURL": "pkg:golang/github.com/ssor/bom@v0.0.0-20170718123548-6386211fdfcf", "UID": "de98add724d0f7af" }, "Version": "v0.0.0-20170718123548-6386211fdfcf", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/stretchr/testify@v1.11.1", "Name": "github.com/stretchr/testify", "Identifier": { "PURL": "pkg:golang/github.com/stretchr/testify@v1.11.1", "UID": "3d7fd043e7928a6" }, "Version": "v1.11.1", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/syndtr/goleveldb@v1.0.0", "Name": "github.com/syndtr/goleveldb", "Identifier": { "PURL": "pkg:golang/github.com/syndtr/goleveldb@v1.0.0", "UID": "4143ac8552ecc6a" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/tinylib/msgp@v1.4.0", "Name": "github.com/tinylib/msgp", "Identifier": { "PURL": "pkg:golang/github.com/tinylib/msgp@v1.4.0", "UID": "9afd4d890adb7da4" }, "Version": "v1.4.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/tstranex/u2f@v1.0.0", "Name": "github.com/tstranex/u2f", "Identifier": { "PURL": "pkg:golang/github.com/tstranex/u2f@v1.0.0", "UID": "1ec13501ebf37f0a" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/ulikunitz/xz@v0.5.15", "Name": "github.com/ulikunitz/xz", "Identifier": { "PURL": "pkg:golang/github.com/ulikunitz/xz@v0.5.15", "UID": "589091b7da9a1bab" }, "Version": "v0.5.15", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/unknwon/com@v1.0.1", "Name": "github.com/unknwon/com", "Identifier": { "PURL": "pkg:golang/github.com/unknwon/com@v1.0.1", "UID": "1415a07c6059fe3e" }, "Version": "v1.0.1", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/urfave/cli-docs/v3@v3.0.0-alpha6", "Name": "github.com/urfave/cli-docs/v3", "Identifier": { "PURL": "pkg:golang/github.com/urfave/cli-docs/v3@v3.0.0-alpha6", "UID": "91cc1d20b3286434" }, "Version": "v3.0.0-alpha6", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/urfave/cli/v3@v3.4.1", "Name": "github.com/urfave/cli/v3", "Identifier": { "PURL": "pkg:golang/github.com/urfave/cli/v3@v3.4.1", "UID": "e538b3a8e33d40e6" }, "Version": "v3.4.1", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/valyala/fastjson@v1.6.4", "Name": "github.com/valyala/fastjson", "Identifier": { "PURL": "pkg:golang/github.com/valyala/fastjson@v1.6.4", "UID": "a86484f75ce841a1" }, "Version": "v1.6.4", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/wneessen/go-mail@v0.7.2", "Name": "github.com/wneessen/go-mail", "Identifier": { "PURL": "pkg:golang/github.com/wneessen/go-mail@v0.7.2", "UID": "f94565e816fb3904" }, "Version": "v0.7.2", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/x448/float16@v0.8.4", "Name": "github.com/x448/float16", "Identifier": { "PURL": "pkg:golang/github.com/x448/float16@v0.8.4", "UID": "26da15d581047392" }, "Version": "v0.8.4", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/xanzy/ssh-agent@v0.3.3", "Name": "github.com/xanzy/ssh-agent", "Identifier": { "PURL": "pkg:golang/github.com/xanzy/ssh-agent@v0.3.3", "UID": "a681331c1410154f" }, "Version": "v0.3.3", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/xi2/xz@v0.0.0-20171230120015-48954b6210f8", "Name": "github.com/xi2/xz", "Identifier": { "PURL": "pkg:golang/github.com/xi2/xz@v0.0.0-20171230120015-48954b6210f8", "UID": "ae1836dded0e6b85" }, "Version": "v0.0.0-20171230120015-48954b6210f8", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/yohcop/openid-go@v1.0.1", "Name": "github.com/yohcop/openid-go", "Identifier": { "PURL": "pkg:golang/github.com/yohcop/openid-go@v1.0.1", "UID": "99b23f6617d53037" }, "Version": "v1.0.1", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/yuin/goldmark@v1.7.13", "Name": "github.com/yuin/goldmark", "Identifier": { "PURL": "pkg:golang/github.com/yuin/goldmark@v1.7.13", "UID": "e0c4cd07007fc1b5" }, "Version": "v1.7.13", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/yuin/goldmark-highlighting/v2@v2.0.0-20230729083705-37449abec8cc", "Name": "github.com/yuin/goldmark-highlighting/v2", "Identifier": { "PURL": "pkg:golang/github.com/yuin/goldmark-highlighting/v2@v2.0.0-20230729083705-37449abec8cc", "UID": "2b9f4ed0815c8f1c" }, "Version": "v2.0.0-20230729083705-37449abec8cc", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/yuin/goldmark-meta@v1.1.0", "Name": "github.com/yuin/goldmark-meta", "Identifier": { "PURL": "pkg:golang/github.com/yuin/goldmark-meta@v1.1.0", "UID": "548380fabffe9129" }, "Version": "v1.1.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/zeebo/blake3@v0.2.4", "Name": "github.com/zeebo/blake3", "Identifier": { "PURL": "pkg:golang/github.com/zeebo/blake3@v0.2.4", "UID": "ae0224140088738b" }, "Version": "v0.2.4", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "gitlab.com/gitlab-org/api/client-go@v0.142.4", "Name": "gitlab.com/gitlab-org/api/client-go", "Identifier": { "PURL": "pkg:golang/gitlab.com/gitlab-org/api/client-go@v0.142.4", "UID": "2c36a1fe0e5f84c7" }, "Version": "v0.142.4", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "go.etcd.io/bbolt@v1.4.3", "Name": "go.etcd.io/bbolt", "Identifier": { "PURL": "pkg:golang/go.etcd.io/bbolt@v1.4.3", "UID": "63f997ce564ddd15" }, "Version": "v1.4.3", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "go.uber.org/atomic@v1.11.0", "Name": "go.uber.org/atomic", "Identifier": { "PURL": "pkg:golang/go.uber.org/atomic@v1.11.0", "UID": "cc20ac8bfb4b1665" }, "Version": "v1.11.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "go.uber.org/multierr@v1.11.0", "Name": "go.uber.org/multierr", "Identifier": { "PURL": "pkg:golang/go.uber.org/multierr@v1.11.0", "UID": "c57afca7ad2449b0" }, "Version": "v1.11.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "go.uber.org/zap@v1.27.0", "Name": "go.uber.org/zap", "Identifier": { "PURL": "pkg:golang/go.uber.org/zap@v1.27.0", "UID": "b422d88c86059b2a" }, "Version": "v1.27.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "go.uber.org/zap/exp@v0.3.0", "Name": "go.uber.org/zap/exp", "Identifier": { "PURL": "pkg:golang/go.uber.org/zap/exp@v0.3.0", "UID": "ef542e6d7f415eda" }, "Version": "v0.3.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "go4.org@v0.0.0-20230225012048-214862532bf5", "Name": "go4.org", "Identifier": { "PURL": "pkg:golang/go4.org@v0.0.0-20230225012048-214862532bf5", "UID": "9b1c5946e54e85be" }, "Version": "v0.0.0-20230225012048-214862532bf5", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/crypto@v0.45.0", "Name": "golang.org/x/crypto", "Identifier": { "PURL": "pkg:golang/golang.org/x/crypto@v0.45.0", "UID": "1f440c2c2fa951e7" }, "Version": "v0.45.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/image@v0.30.0", "Name": "golang.org/x/image", "Identifier": { "PURL": "pkg:golang/golang.org/x/image@v0.30.0", "UID": "9b2532576c73aebf" }, "Version": "v0.30.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/mod@v0.29.0", "Name": "golang.org/x/mod", "Identifier": { "PURL": "pkg:golang/golang.org/x/mod@v0.29.0", "UID": "1247e1f6196001e0" }, "Version": "v0.29.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/net@v0.47.0", "Name": "golang.org/x/net", "Identifier": { "PURL": "pkg:golang/golang.org/x/net@v0.47.0", "UID": "5de9c3342d9820b4" }, "Version": "v0.47.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/oauth2@v0.30.0", "Name": "golang.org/x/oauth2", "Identifier": { "PURL": "pkg:golang/golang.org/x/oauth2@v0.30.0", "UID": "8599f6247242b74d" }, "Version": "v0.30.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/sync@v0.18.0", "Name": "golang.org/x/sync", "Identifier": { "PURL": "pkg:golang/golang.org/x/sync@v0.18.0", "UID": "675ef8dd6c383af3" }, "Version": "v0.18.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/sys@v0.38.0", "Name": "golang.org/x/sys", "Identifier": { "PURL": "pkg:golang/golang.org/x/sys@v0.38.0", "UID": "a879bab7c8848b13" }, "Version": "v0.38.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/text@v0.31.0", "Name": "golang.org/x/text", "Identifier": { "PURL": "pkg:golang/golang.org/x/text@v0.31.0", "UID": "2395d72b1df0ba47" }, "Version": "v0.31.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/time@v0.12.0", "Name": "golang.org/x/time", "Identifier": { "PURL": "pkg:golang/golang.org/x/time@v0.12.0", "UID": "623a235a883c9107" }, "Version": "v0.12.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/genproto/googleapis/rpc@v0.0.0-20250826171959-ef028d996bc1", "Name": "google.golang.org/genproto/googleapis/rpc", "Identifier": { "PURL": "pkg:golang/google.golang.org/genproto/googleapis/rpc@v0.0.0-20250826171959-ef028d996bc1", "UID": "1b0f095ccbeb12cf" }, "Version": "v0.0.0-20250826171959-ef028d996bc1", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/grpc@v1.75.0", "Name": "google.golang.org/grpc", "Identifier": { "PURL": "pkg:golang/google.golang.org/grpc@v1.75.0", "UID": "c8f4871c465ee2e0" }, "Version": "v1.75.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/protobuf@v1.36.8", "Name": "google.golang.org/protobuf", "Identifier": { "PURL": "pkg:golang/google.golang.org/protobuf@v1.36.8", "UID": "9238da984147a719" }, "Version": "v1.36.8", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/ini.v1@v1.67.0", "Name": "gopkg.in/ini.v1", "Identifier": { "PURL": "pkg:golang/gopkg.in/ini.v1@v1.67.0", "UID": "58404be1b22dc8ff" }, "Version": "v1.67.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/warnings.v0@v0.1.2", "Name": "gopkg.in/warnings.v0", "Identifier": { "PURL": "pkg:golang/gopkg.in/warnings.v0@v0.1.2", "UID": "2f1c893bd7c1260f" }, "Version": "v0.1.2", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/yaml.v2@v2.4.0", "Name": "gopkg.in/yaml.v2", "Identifier": { "PURL": "pkg:golang/gopkg.in/yaml.v2@v2.4.0", "UID": "55354a85c7b90f74" }, "Version": "v2.4.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/yaml.v3@v3.0.1", "Name": "gopkg.in/yaml.v3", "Identifier": { "PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1", "UID": "2f53344b8637529c" }, "Version": "v3.0.1", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "mvdan.cc/xurls/v2@v2.6.0", "Name": "mvdan.cc/xurls/v2", "Identifier": { "PURL": "pkg:golang/mvdan.cc/xurls/v2@v2.6.0", "UID": "eb2cf88580067ccb" }, "Version": "v2.6.0", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "strk.kbt.io/projects/go/libravatar@v0.0.0-20191008002943-06d1c002b251", "Name": "strk.kbt.io/projects/go/libravatar", "Identifier": { "PURL": "pkg:golang/strk.kbt.io/projects/go/libravatar@v0.0.0-20191008002943-06d1c002b251", "UID": "4160f80d94cebd73" }, "Version": "v0.0.0-20191008002943-06d1c002b251", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "xorm.io/builder@v0.3.13", "Name": "xorm.io/builder", "Identifier": { "PURL": "pkg:golang/xorm.io/builder@v0.3.13", "UID": "f2afd6ba8607dbb4" }, "Version": "v0.3.13", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" }, { "ID": "xorm.io/xorm@v1.3.10", "Name": "xorm.io/xorm", "Identifier": { "PURL": "pkg:golang/xorm.io/xorm@v1.3.10", "UID": "10238fd85d61c61b" }, "Version": "v1.3.10", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "AnalyzedBy": "gobinary" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2026-32952", "VendorIDs": [ "GHSA-pjcq-xvwq-hhpj" ], "PkgID": "github.com/Azure/go-ntlmssp@v0.0.0-20221128193559-754e69321358", "PkgName": "github.com/Azure/go-ntlmssp", "PkgIdentifier": { "PURL": "pkg:golang/github.com/azure/go-ntlmssp@v0.0.0-20221128193559-754e69321358", "UID": "89db9f082fcddcb4" }, "InstalledVersion": "v0.0.0-20221128193559-754e69321358", "FixedVersion": "0.1.1", "Status": "fixed", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32952", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:efff73654d1d85cf440c39f4374cc462d3c6046bc6c1e3f664ae0c8a77340af4", "Title": "go-ntlmssp: go-ntlmssp: Denial of Service via malicious NTLM challenge", "Description": "go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using `ntlmssp.Negotiator` as an HTTP transport. Version 0.1.1 patches the issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "ghsa": 2, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32952", "https://github.com/Azure/go-ntlmssp", "https://github.com/Azure/go-ntlmssp/releases/tag/v0.1.1", "https://github.com/Azure/go-ntlmssp/security/advisories/GHSA-pjcq-xvwq-hhpj", "https://nvd.nist.gov/vuln/detail/CVE-2026-32952", "https://www.cve.org/CVERecord?id=CVE-2026-32952" ], "PublishedDate": "2026-04-24T03:16:07.833Z", "LastModifiedDate": "2026-05-21T18:22:06.247Z" }, { "VulnerabilityID": "CVE-2026-44973", "VendorIDs": [ "GHSA-qw64-3x98-g7q2" ], "PkgID": "github.com/go-git/go-billy/v5@v5.6.2", "PkgName": "github.com/go-git/go-billy/v5", "PkgIdentifier": { "PURL": "pkg:golang/github.com/go-git/go-billy/v5@v5.6.2", "UID": "b26c271ca2b04f93" }, "InstalledVersion": "v5.6.2", "FixedVersion": "5.9.0", "Status": "fixed", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-44973", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:b70b4da5dd2a4b814e74e409dd56ecddb0ee60a705bac6742dda82d15ea8d4a9", "Title": "go-billy has path traversal vulnerabilities", "Description": "### Impact\nMultiple path traversal issues exist across different components of `go-billy`. Insufficient path sanitization and boundary enforcement may allow crafted paths (e.g., using `..`) to escape intended base directories.\n\nWhile go-billy was not originally designed to provide a strong security boundary, some of these issues were inconsistent across some of the built-in implementations. This results in scenarios where applications relying on `go-billy` for some level of isolation may inadvertently expose access to unintended filesystem locations.\n\nThe `osfs.ChrootOS` implementation is notably affected by this vulnerability and is now deprecated in `v5`, removed at `v6`. Users are recommended to move on to `osfs.BoundOS` instead: `osfs.New(path, WithBoundOS())`.\n\nUsers requiring stronger security boundary enforcement are recommended to upgrade to `v6`, where the `osfs` implementation are backed by the [traversal-resistant](https://go.dev/blog/osroot) primitive [os.Root](https://pkg.go.dev/os#Root).\n\n### Patches\nUsers should upgrade to a patched version in order to mitigate this vulnerability. Versions prior to `v5` are likely to be affected, users are recommended to upgrade to a supported `go-billy` version.\n\n### Credits\nThanks to @faran66 and @vnykmshr for finding and separately reporting this issue privately to the go-git project. 🙇", "Severity": "HIGH", "VendorSeverity": { "ghsa": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "V3Score": 8.1 } }, "References": [ "https://github.com/go-git/go-billy", "https://github.com/go-git/go-billy/releases/tag/v5.9.0", "https://github.com/go-git/go-billy/releases/tag/v6.0.0-alpha.1", "https://github.com/go-git/go-billy/security/advisories/GHSA-qw64-3x98-g7q2" ] }, { "VulnerabilityID": "CVE-2026-44740", "VendorIDs": [ "GHSA-m3xc-h892-ggx6" ], "PkgID": "github.com/go-git/go-billy/v5@v5.6.2", "PkgName": "github.com/go-git/go-billy/v5", "PkgIdentifier": { "PURL": "pkg:golang/github.com/go-git/go-billy/v5@v5.6.2", "UID": "b26c271ca2b04f93" }, "InstalledVersion": "v5.6.2", "FixedVersion": "5.9.0", "Status": "fixed", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-44740", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:88246ec9989697e665e8ce73174cbc0127722373fba30b567bf75165719c56ee", "Title": "go-billy: Lack of depth and cycle detection in symlink resolution may lead to infinite loops and resource exhaustion", "Description": "### Impact\nMultiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption.\n\nThese issues arise from insufficient validation and missing safety mechanisms such as cycle detection, recursion limits, or defensive handling of unexpected states when processing untrusted repository data and filesystem structures.\n\n### Patches\nUsers should upgrade to a patched version in order to mitigate this vulnerability. Versions prior to `v5` are likely to be affected, users are recommended to upgrade to a supported `go-billy` version.\n\n### Credits\nThanks to @faran66 for finding and reporting this issue privately to the go-git project. 🙇", "Severity": "MEDIUM", "VendorSeverity": { "ghsa": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://github.com/go-git/go-billy", "https://github.com/go-git/go-billy/releases/tag/v5.9.0", "https://github.com/go-git/go-billy/releases/tag/v6.0.0-alpha.1", "https://github.com/go-git/go-billy/security/advisories/GHSA-m3xc-h892-ggx6" ] }, { "VulnerabilityID": "CVE-2026-45022", "VendorIDs": [ "GHSA-389r-gv7p-r3rp" ], "PkgID": "github.com/go-git/go-git/v5@v5.16.5", "PkgName": "github.com/go-git/go-git/v5", "PkgIdentifier": { "PURL": "pkg:golang/github.com/go-git/go-git/v5@v5.16.5", "UID": "19d984b6d8e0b0e5" }, "InstalledVersion": "v5.16.5", "FixedVersion": "5.19.0", "Status": "fixed", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-45022", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:41a9b492965232c43eb711ac3ac7a2dcccb68886c5ff001b2e4efc2c6fbf10fc", "Title": "go-git's improper parsing of specially crafted objects may lead to inconsistent interpretation compared to upstream Git", "Description": "### Impact\n`go-git` may parse malformed Git objects in a way that differs from upstream Git. When `commit` or `tag` objects contain ambiguous or malformed headers, `go-git`’s decoded representation may expose values differently from how Git itself would interpret or reject the same object.\n\nAdditionally, `go-git`’s commit signing and verification logic operates over commit data reconstructed from `go-git`’s parsed representation rather than the original raw object bytes. As a result, `go-git` may sign or verify a commit payload that is not byte-for-byte equivalent to the object stored in the repository.\n\nThis can cause a signature to appear valid for a commit whose displayed or effective metadata differs from the object that was intended to be signed.\n\n### Patches\nUsers should upgrade to a patched version in order to mitigate this vulnerability. Versions prior to v5 are likely to be affected, users are recommended to upgrade to a supported `go-git` version.\n\n### Credit\n\nThanks to @bugbunny-research (https://bugbunny.ai/) for reporting this to `sigstore/gitsign`, and to @wlynch, @patzielinski and @adityasaky for coordinating the disclosure with the `go-git` project. :bow: :1st_place_medal: \n\nThanks to @wayphinder for reporting this to the `go-git` project. :bow:", "Severity": "HIGH", "VendorSeverity": { "ghsa": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N", "V40Score": 7 } }, "References": [ "https://github.com/go-git/go-git", "https://github.com/go-git/go-git/security/advisories/GHSA-389r-gv7p-r3rp" ] }, { "VulnerabilityID": "CVE-2026-34165", "VendorIDs": [ "GHSA-jhf3-xxhw-2wpp" ], "PkgID": "github.com/go-git/go-git/v5@v5.16.5", "PkgName": "github.com/go-git/go-git/v5", "PkgIdentifier": { "PURL": "pkg:golang/github.com/go-git/go-git/v5@v5.16.5", "UID": "19d984b6d8e0b0e5" }, "InstalledVersion": "v5.16.5", "FixedVersion": "5.17.1", "Status": "fixed", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34165", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:02058a2aea2669d514647177be68c9a0c23446452f807ea48e78bcf3d94e1160", "Title": "github.com/go-git/go-git/v5: go-git: Denial of Service via crafted .idx file", "Description": "go-git is an extensible git implementation library written in pure Go. From version 5.0.0 to before version 5.17.1, a vulnerability has been identified in which a maliciously crafted .idx file can cause asymmetric memory consumption, potentially exhausting available memory and resulting in a denial-of-service (DoS) condition. Exploitation requires write access to the local repository's .git directory, it order to create or alter existing .idx files. This issue has been patched in version 5.17.1.", "Severity": "MEDIUM", "CweIDs": [ "CWE-191", "CWE-770" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-34165", "https://github.com/go-git/go-git", "https://github.com/go-git/go-git/releases/tag/v5.17.1", "https://github.com/go-git/go-git/security/advisories/GHSA-jhf3-xxhw-2wpp", "https://nvd.nist.gov/vuln/detail/CVE-2026-34165", "https://www.cve.org/CVERecord?id=CVE-2026-34165" ], "PublishedDate": "2026-03-31T15:16:17.343Z", "LastModifiedDate": "2026-04-02T16:49:16.047Z" }, { "VulnerabilityID": "CVE-2026-41506", "VendorIDs": [ "GHSA-3xc5-wrhm-f963" ], "PkgID": "github.com/go-git/go-git/v5@v5.16.5", "PkgName": "github.com/go-git/go-git/v5", "PkgIdentifier": { "PURL": "pkg:golang/github.com/go-git/go-git/v5@v5.16.5", "UID": "19d984b6d8e0b0e5" }, "InstalledVersion": "v5.16.5", "FixedVersion": "5.18.0", "Status": "fixed", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-41506", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:353ce0145752fe89ea72fcb6bea51996b47dd1381724df57b122f43aba3a64c6", "Title": "golang: github.com/go-git/go-git: go-git: Information disclosure of HTTP authentication credentials via redirects", "Description": "go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. This issue has been patched in versions 5.18.0 and 6.0.0-alpha.2.", "Severity": "MEDIUM", "CweIDs": [ "CWE-522" ], "VendorSeverity": { "ghsa": 2, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", "V3Score": 4.7 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "V3Score": 7.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-41506", "https://github.com/go-git/go-git", "https://github.com/go-git/go-git/releases/tag/v5.18.0", "https://github.com/go-git/go-git/releases/tag/v6.0.0-alpha.2", "https://github.com/go-git/go-git/security/advisories/GHSA-3xc5-wrhm-f963", "https://nvd.nist.gov/vuln/detail/CVE-2026-41506", "https://www.cve.org/CVERecord?id=CVE-2026-41506" ], "PublishedDate": "2026-05-08T14:16:33.983Z", "LastModifiedDate": "2026-05-12T14:33:02.04Z" }, { "VulnerabilityID": "CVE-2026-45571", "VendorIDs": [ "GHSA-crhj-59gh-8x96" ], "PkgID": "github.com/go-git/go-git/v5@v5.16.5", "PkgName": "github.com/go-git/go-git/v5", "PkgIdentifier": { "PURL": "pkg:golang/github.com/go-git/go-git/v5@v5.16.5", "UID": "19d984b6d8e0b0e5" }, "InstalledVersion": "v5.16.5", "FixedVersion": "5.19.1", "Status": "fixed", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-45571", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:47c8e6807a26888f798607bc21f8c3563e6d942e16fc9a18143b2f564af41c13", "Title": "go-git: Crafted repositories may modify main and submodule .git directories", "Description": "### Impact\nA path validation issue in `go-git` could allow crafted repository data to affect files outside the intended checkout target, including the repository's `.git` directory.\n\nThese validations were introduced in upstream Git years ago, so the vulnerability arose from go-git drifting from those checks. Some attack vectors were platform-specific: certain payloads affected only Windows users, others affected only macOS users, and some applied across all supported platforms.\n\nUsing non-descendant `go-billy` filesystem instances, or different filesystem types, for the `Storer` and `Worktree` may provide some isolation against `.git` directory manipulation. For example, users that store the `.git` directory through `memfs` while using `osfs` for the worktree are not affected by this vulnerability in the main repository, because repository metadata is not materialized inside the worktree filesystem.\n\nHowever, this isolation does not necessarily apply when the repository contains submodules, since submodule dotgit directories may still be represented or materialized within the worktree context.\n\nIt is important to note that exploitation requires a maliciously crafted repository payload. Users should always exercise caution when interacting with repositories or Git servers they do not trust.\n\n### Patches\nUsers should upgrade to a patched version in order to mitigate this vulnerability. Versions prior to `v5` are likely to be affected, users are recommended to upgrade to a supported go-git version.\n\n### Credits\nThanks to @kodareef5, @AyushParkara and @N0zoM1z0 for reporting this to the go-git project in three separate reports. 🙇", "Severity": "MEDIUM", "VendorSeverity": { "ghsa": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "V3Score": 5.4 } }, "References": [ "https://github.com/go-git/go-git", "https://github.com/go-git/go-git/security/advisories/GHSA-crhj-59gh-8x96" ] }, { "VulnerabilityID": "CVE-2026-33809", "VendorIDs": [ "GHSA-44p7-9xx4-hf2g" ], "PkgID": "golang.org/x/image@v0.30.0", "PkgName": "golang.org/x/image", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/image@v0.30.0", "UID": "9b2532576c73aebf" }, "InstalledVersion": "v0.30.0", "FixedVersion": "0.38.0", "Status": "fixed", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33809", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:f2f409313c25ffd2b0a0d6e87e96f89f4e2cef3cdc2dd5857cd3c9bbd0b68a23", "Title": "golang: golang.org/x/image/tiff: golang.org/x/image/tiff: Denial of Service via maliciously crafted TIFF file", "Description": "A maliciously crafted TIFF file can cause image decoding to attempt to allocate up 4GiB of memory, causing either excessive resource consumption or an out-of-memory error.", "Severity": "MEDIUM", "CweIDs": [ "CWE-434" ], "VendorSeverity": { "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33809", "https://cs.opensource.google/go/x/image", "https://go.dev/cl/757660", "https://go.dev/issue/78267", "https://nvd.nist.gov/vuln/detail/CVE-2026-33809", "https://pkg.go.dev/vuln/GO-2026-4815", "https://www.cve.org/CVERecord?id=CVE-2026-33809" ], "PublishedDate": "2026-03-25T19:16:51.83Z", "LastModifiedDate": "2026-04-21T16:30:41.977Z" }, { "VulnerabilityID": "CVE-2026-33186", "VendorIDs": [ "GHSA-p77j-4mvh-x3m3" ], "PkgID": "google.golang.org/grpc@v1.75.0", "PkgName": "google.golang.org/grpc", "PkgIdentifier": { "PURL": "pkg:golang/google.golang.org/grpc@v1.75.0", "UID": "c8f4871c465ee2e0" }, "InstalledVersion": "v1.75.0", "FixedVersion": "1.79.3", "Status": "fixed", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33186", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:21922d46e544244690e95a8c056701ed2b2139df7308bd610bc652cdb4953b0f", "Title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation", "Description": "gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, \"deny\" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback \"allow\" rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific \"deny\" rules for canonical paths but allows other requests by default (a fallback \"allow\" rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening.", "Severity": "CRITICAL", "CweIDs": [ "CWE-285" ], "VendorSeverity": { "amazon": 3, "ghsa": 4, "photon": 4, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33186", "https://github.com/grpc/grpc-go", "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3", "https://nvd.nist.gov/vuln/detail/CVE-2026-33186", "https://www.cve.org/CVERecord?id=CVE-2026-33186" ], "PublishedDate": "2026-03-20T23:16:45.18Z", "LastModifiedDate": "2026-04-10T20:49:17.737Z" }, { "VulnerabilityID": "CVE-2026-32280", "VendorIDs": [ "GO-2026-4947" ], "PkgID": "stdlib@v1.25.8", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.8", "UID": "48e381d4b7a397b1" }, "InstalledVersion": "v1.25.8", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:e9a19d5f0ed173203e1a784840500eb5b12f82b241ddb1eb558e695141ad11d2", "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32280", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/758320", "https://go.dev/issue/78282", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32280.html", "https://linux.oracle.com/errata/ELSA-2026-16875.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", "https://pkg.go.dev/vuln/GO-2026-4947", "https://www.cve.org/CVERecord?id=CVE-2026-32280" ], "PublishedDate": "2026-04-08T02:16:03.247Z", "LastModifiedDate": "2026-04-16T19:16:42.18Z" }, { "VulnerabilityID": "CVE-2026-32281", "VendorIDs": [ "GO-2026-4946" ], "PkgID": "stdlib@v1.25.8", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.8", "UID": "48e381d4b7a397b1" }, "InstalledVersion": "v1.25.8", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:d7d5fa4689a76f4b0d91cbca3b62f32b767b6f33512e2fbebdfc1e7b53a82a7a", "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32281", "https://go.dev/cl/758061", "https://go.dev/issue/78281", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", "https://pkg.go.dev/vuln/GO-2026-4946", "https://www.cve.org/CVERecord?id=CVE-2026-32281" ], "PublishedDate": "2026-04-08T02:16:03.35Z", "LastModifiedDate": "2026-04-16T19:15:57.75Z" }, { "VulnerabilityID": "CVE-2026-32283", "VendorIDs": [ "GO-2026-4870" ], "PkgID": "stdlib@v1.25.8", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.8", "UID": "48e381d4b7a397b1" }, "InstalledVersion": "v1.25.8", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:2b5238b9056910719b7df5720f6860adf8f0b462ab1a240d54ec389b7c34cfa2", "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "nvd": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32283", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763767", "https://go.dev/issue/78334", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32283.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", "https://pkg.go.dev/vuln/GO-2026-4870", "https://www.cve.org/CVERecord?id=CVE-2026-32283" ], "PublishedDate": "2026-04-08T02:16:03.58Z", "LastModifiedDate": "2026-04-16T19:12:10.54Z" }, { "VulnerabilityID": "CVE-2026-33811", "VendorIDs": [ "GO-2026-4981" ], "PkgID": "stdlib@v1.25.8", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.8", "UID": "48e381d4b7a397b1" }, "InstalledVersion": "v1.25.8", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b063afe974298a065db22ffb6b25e47ce358bbfdac44406cd6e7bd77e981f7e9", "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", "Severity": "HIGH", "CweIDs": [ "CWE-415" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/767860", "https://go.dev/issue/78803", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", "https://pkg.go.dev/vuln/GO-2026-4981" ], "PublishedDate": "2026-05-07T20:16:42.77Z", "LastModifiedDate": "2026-05-12T20:23:02.333Z" }, { "VulnerabilityID": "CVE-2026-33814", "VendorIDs": [ "GO-2026-4918" ], "PkgID": "stdlib@v1.25.8", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.8", "UID": "48e381d4b7a397b1" }, "InstalledVersion": "v1.25.8", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b01754f20d1dc52d29d0b721bf31f8a121fd35d8e609520775d743095fbe962e", "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", "Severity": "HIGH", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/761581", "https://go.dev/cl/761640", "https://go.dev/issue/78476", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", "https://pkg.go.dev/vuln/GO-2026-4918" ], "PublishedDate": "2026-05-07T20:16:42.88Z", "LastModifiedDate": "2026-05-13T14:41:59.52Z" }, { "VulnerabilityID": "CVE-2026-39820", "VendorIDs": [ "GO-2026-4986" ], "PkgID": "stdlib@v1.25.8", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.8", "UID": "48e381d4b7a397b1" }, "InstalledVersion": "v1.25.8", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b19c5e3608c5809aee15d843e0a3de8ac165f0839803a5db4cc3b2d8a8c7bb5c", "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/759940", "https://go.dev/issue/78566", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", "https://pkg.go.dev/vuln/GO-2026-4986" ], "PublishedDate": "2026-05-07T20:16:43.187Z", "LastModifiedDate": "2026-05-13T15:10:58.65Z" }, { "VulnerabilityID": "CVE-2026-39836", "VendorIDs": [ "GO-2026-4971" ], "PkgID": "stdlib@v1.25.8", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.8", "UID": "48e381d4b7a397b1" }, "InstalledVersion": "v1.25.8", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:d6dbf5dbc8c48414636229df213e28b37c407bd396ad43e0233c40de023f2ad7", "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/775320", "https://go.dev/issue/79006", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", "https://pkg.go.dev/vuln/GO-2026-4971" ], "PublishedDate": "2026-05-07T20:16:43.593Z", "LastModifiedDate": "2026-05-13T15:11:10.31Z" }, { "VulnerabilityID": "CVE-2026-42499", "VendorIDs": [ "GO-2026-4977" ], "PkgID": "stdlib@v1.25.8", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.8", "UID": "48e381d4b7a397b1" }, "InstalledVersion": "v1.25.8", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:17c581332d9dd388983ea1900991df3743bbe4d2c4a990db6dcab5754806ace0", "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", "Severity": "HIGH", "VendorSeverity": { "bitnami": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/771520", "https://go.dev/issue/78987", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", "https://pkg.go.dev/vuln/GO-2026-4977" ], "PublishedDate": "2026-05-07T20:16:44.54Z", "LastModifiedDate": "2026-05-13T16:59:17.563Z" }, { "VulnerabilityID": "CVE-2026-32282", "VendorIDs": [ "GO-2026-4864" ], "PkgID": "stdlib@v1.25.8", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.8", "UID": "48e381d4b7a397b1" }, "InstalledVersion": "v1.25.8", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:5aa8adec631e2c849a25ac12e6e65851f86f43f28a7a4033a1938fc983d41255", "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32282", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763761", "https://go.dev/issue/78293", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32282.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", "https://pkg.go.dev/vuln/GO-2026-4864", "https://www.cve.org/CVERecord?id=CVE-2026-32282" ], "PublishedDate": "2026-04-08T02:16:03.467Z", "LastModifiedDate": "2026-04-16T19:15:39.4Z" }, { "VulnerabilityID": "CVE-2026-32288", "VendorIDs": [ "GO-2026-4869" ], "PkgID": "stdlib@v1.25.8", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.8", "UID": "48e381d4b7a397b1" }, "InstalledVersion": "v1.25.8", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:08c234c55feb2cafd1430140e206663f2c312b0dee0dc38ce5c630ea802e038e", "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "azure": 2, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32288", "https://go.dev/cl/763766", "https://go.dev/issue/78301", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", "https://pkg.go.dev/vuln/GO-2026-4869", "https://www.cve.org/CVERecord?id=CVE-2026-32288" ], "PublishedDate": "2026-04-08T02:16:03.707Z", "LastModifiedDate": "2026-04-16T19:08:52.24Z" }, { "VulnerabilityID": "CVE-2026-32289", "VendorIDs": [ "GO-2026-4865" ], "PkgID": "stdlib@v1.25.8", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.8", "UID": "48e381d4b7a397b1" }, "InstalledVersion": "v1.25.8", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:13915bffa5b89706d24917807f5767baf88802bcf570cb4a91c3725e63443694", "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32289", "https://go.dev/cl/763762", "https://go.dev/issue/78331", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", "https://pkg.go.dev/vuln/GO-2026-4865", "https://www.cve.org/CVERecord?id=CVE-2026-32289" ], "PublishedDate": "2026-04-08T02:16:03.82Z", "LastModifiedDate": "2026-04-16T19:06:57.367Z" }, { "VulnerabilityID": "CVE-2026-39823", "VendorIDs": [ "GO-2026-4982" ], "PkgID": "stdlib@v1.25.8", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.8", "UID": "48e381d4b7a397b1" }, "InstalledVersion": "v1.25.8", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b907ba39afc3a8ef73679c18900ada732dece3c10d40d6bbd5ed1b7ef72f50e3", "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/769920", "https://go.dev/issue/78913", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", "https://pkg.go.dev/vuln/GO-2026-4982" ], "PublishedDate": "2026-05-07T20:16:43.29Z", "LastModifiedDate": "2026-05-13T16:58:45.697Z" }, { "VulnerabilityID": "CVE-2026-39825", "VendorIDs": [ "GO-2026-4976" ], "PkgID": "stdlib@v1.25.8", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.8", "UID": "48e381d4b7a397b1" }, "InstalledVersion": "v1.25.8", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b079e2cdd32720d3068d713dea424c221011250bcb434ab7dd393145c3521405", "Title": "ReverseProxy can forward queries containing parameters not visible to ...", "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", "Severity": "MEDIUM", "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://go.dev/cl/770541", "https://go.dev/issue/78948", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", "https://pkg.go.dev/vuln/GO-2026-4976" ], "PublishedDate": "2026-05-07T20:16:43.39Z", "LastModifiedDate": "2026-05-13T16:58:56.39Z" }, { "VulnerabilityID": "CVE-2026-39826", "VendorIDs": [ "GO-2026-4980" ], "PkgID": "stdlib@v1.25.8", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.8", "UID": "48e381d4b7a397b1" }, "InstalledVersion": "v1.25.8", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:bc27b7a454f3eadd218b1ccd7789b95c1b5c831c4a39fa4109e99b6c2e8056cd", "DiffID": "sha256:0429021892c24f4ea779cd768a097f5f0227a772ed8a9b785e8426259bd56c9f" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:1e362cca596b7bf74a0377e56aaf3ae61a830cbfb4720910069b74940ec619b9", "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", "Severity": "MEDIUM", "CweIDs": [ "CWE-116" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/771180", "https://go.dev/issue/78981", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", "https://pkg.go.dev/vuln/GO-2026-4980" ], "PublishedDate": "2026-05-07T20:16:43.49Z", "LastModifiedDate": "2026-05-13T16:59:07.48Z" } ] }, { "Target": "usr/local/bin/environment-to-ini", "Class": "lang-pkgs", "Type": "gobinary", "Packages": [ { "ID": "stdlib@v1.25.8", "Name": "stdlib", "Identifier": { "PURL": "pkg:golang/stdlib@v1.25.8", "UID": "912b40e30cb9ace0" }, "Version": "v1.25.8", "Relationship": "direct", "Layer": { "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" }, "AnalyzedBy": "gobinary" }, { "ID": "code.gitea.io/gitea", "Name": "code.gitea.io/gitea", "Identifier": { "PURL": "pkg:golang/code.gitea.io/gitea", "UID": "ee34e164d344cd99" }, "Layer": { "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/42wim/httpsig@v1.2.3", "Name": "github.com/42wim/httpsig", "Identifier": { "PURL": "pkg:golang/github.com/42wim/httpsig@v1.2.3", "UID": "1364469af026f631" }, "Version": "v1.2.3", "Layer": { "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cespare/xxhash/v2@v2.3.0", "Name": "github.com/cespare/xxhash/v2", "Identifier": { "PURL": "pkg:golang/github.com/cespare/xxhash/v2@v2.3.0", "UID": "48bbd16df0a0e334" }, "Version": "v2.3.0", "Layer": { "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/dgryski/go-rendezvous@v0.0.0-20200823014737-9f7001d12a5f", "Name": "github.com/dgryski/go-rendezvous", "Identifier": { "PURL": "pkg:golang/github.com/dgryski/go-rendezvous@v0.0.0-20200823014737-9f7001d12a5f", "UID": "79101bf75f4312ce" }, "Version": "v0.0.0-20200823014737-9f7001d12a5f", "Layer": { "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/dustin/go-humanize@v1.0.1", "Name": "github.com/dustin/go-humanize", "Identifier": { "PURL": "pkg:golang/github.com/dustin/go-humanize@v1.0.1", "UID": "7310dd411f501d17" }, "Version": "v1.0.1", "Layer": { "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/golang-jwt/jwt/v5@v5.3.0", "Name": "github.com/golang-jwt/jwt/v5", "Identifier": { "PURL": "pkg:golang/github.com/golang-jwt/jwt/v5@v5.3.0", "UID": "e9fb684cdb2473be" }, "Version": "v5.3.0", "Layer": { "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/golang/snappy@v1.0.0", "Name": "github.com/golang/snappy", "Identifier": { "PURL": "pkg:golang/github.com/golang/snappy@v1.0.0", "UID": "bde5663b1a7e5b5a" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/pprof@v0.0.0-20250820193118-f64d9cf942d6", "Name": "github.com/google/pprof", "Identifier": { "PURL": "pkg:golang/github.com/google/pprof@v0.0.0-20250820193118-f64d9cf942d6", "UID": "683ccbbeeb09effd" }, "Version": "v0.0.0-20250820193118-f64d9cf942d6", "Layer": { "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/json-iterator/go@v1.1.12", "Name": "github.com/json-iterator/go", "Identifier": { "PURL": "pkg:golang/github.com/json-iterator/go@v1.1.12", "UID": "d2a661718cc9b041" }, "Version": "v1.1.12", "Layer": { "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/kballard/go-shellquote@v0.0.0-20180428030007-95032a82bc51", "Name": "github.com/kballard/go-shellquote", "Identifier": { "PURL": "pkg:golang/github.com/kballard/go-shellquote@v0.0.0-20180428030007-95032a82bc51", "UID": "82ddf88129710983" }, "Version": "v0.0.0-20180428030007-95032a82bc51", "Layer": { "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mattn/go-isatty@v0.0.20", "Name": "github.com/mattn/go-isatty", "Identifier": { "PURL": "pkg:golang/github.com/mattn/go-isatty@v0.0.20", "UID": "ca7670589870f76e" }, "Version": "v0.0.20", "Layer": { "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", "Name": "github.com/modern-go/concurrent", "Identifier": { "PURL": "pkg:golang/github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", "UID": "30359a11e0f879a3" }, "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", "Layer": { "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/modern-go/reflect2@v1.0.2", "Name": "github.com/modern-go/reflect2", "Identifier": { "PURL": "pkg:golang/github.com/modern-go/reflect2@v1.0.2", "UID": "281901c7cf9c200b" }, "Version": "v1.0.2", "Layer": { "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/redis/go-redis/v9@v9.12.1", "Name": "github.com/redis/go-redis/v9", "Identifier": { "PURL": "pkg:golang/github.com/redis/go-redis/v9@v9.12.1", "UID": "3c58e0188554f478" }, "Version": "v9.12.1", "Layer": { "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/syndtr/goleveldb@v1.0.0", "Name": "github.com/syndtr/goleveldb", "Identifier": { "PURL": "pkg:golang/github.com/syndtr/goleveldb@v1.0.0", "UID": "d9eaeca2446ee9f3" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/urfave/cli/v3@v3.4.1", "Name": "github.com/urfave/cli/v3", "Identifier": { "PURL": "pkg:golang/github.com/urfave/cli/v3@v3.4.1", "UID": "bb6076dc2df4dd77" }, "Version": "v3.4.1", "Layer": { "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/crypto@v0.45.0", "Name": "golang.org/x/crypto", "Identifier": { "PURL": "pkg:golang/golang.org/x/crypto@v0.45.0", "UID": "4b7dace885adfe3e" }, "Version": "v0.45.0", "Layer": { "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/sys@v0.38.0", "Name": "golang.org/x/sys", "Identifier": { "PURL": "pkg:golang/golang.org/x/sys@v0.38.0", "UID": "e4444b45f316b6c2" }, "Version": "v0.38.0", "Layer": { "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/text@v0.31.0", "Name": "golang.org/x/text", "Identifier": { "PURL": "pkg:golang/golang.org/x/text@v0.31.0", "UID": "339dc2208c235e72" }, "Version": "v0.31.0", "Layer": { "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/ini.v1@v1.67.0", "Name": "gopkg.in/ini.v1", "Identifier": { "PURL": "pkg:golang/gopkg.in/ini.v1@v1.67.0", "UID": "8ef3045981e6415e" }, "Version": "v1.67.0", "Layer": { "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/yaml.v3@v3.0.1", "Name": "gopkg.in/yaml.v3", "Identifier": { "PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1", "UID": "4adaf895b0d059bd" }, "Version": "v3.0.1", "Layer": { "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" }, "AnalyzedBy": "gobinary" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2026-32280", "VendorIDs": [ "GO-2026-4947" ], "PkgID": "stdlib@v1.25.8", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.8", "UID": "912b40e30cb9ace0" }, "InstalledVersion": "v1.25.8", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:838013b814294632e1ab54ce7322d87b0393ab0edd26a456cc194588c6f3bbb0", "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32280", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/758320", "https://go.dev/issue/78282", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32280.html", "https://linux.oracle.com/errata/ELSA-2026-16875.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", "https://pkg.go.dev/vuln/GO-2026-4947", "https://www.cve.org/CVERecord?id=CVE-2026-32280" ], "PublishedDate": "2026-04-08T02:16:03.247Z", "LastModifiedDate": "2026-04-16T19:16:42.18Z" }, { "VulnerabilityID": "CVE-2026-32281", "VendorIDs": [ "GO-2026-4946" ], "PkgID": "stdlib@v1.25.8", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.8", "UID": "912b40e30cb9ace0" }, "InstalledVersion": "v1.25.8", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:0161ff024d84c79ba021e7563281bcda3c10f6e4c9728302679c2e5a7f37cb88", "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32281", "https://go.dev/cl/758061", "https://go.dev/issue/78281", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", "https://pkg.go.dev/vuln/GO-2026-4946", "https://www.cve.org/CVERecord?id=CVE-2026-32281" ], "PublishedDate": "2026-04-08T02:16:03.35Z", "LastModifiedDate": "2026-04-16T19:15:57.75Z" }, { "VulnerabilityID": "CVE-2026-32283", "VendorIDs": [ "GO-2026-4870" ], "PkgID": "stdlib@v1.25.8", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.8", "UID": "912b40e30cb9ace0" }, "InstalledVersion": "v1.25.8", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:5c2bffe448edca66a773f104349e7c7656d3d0ce05b79367a30b5330202fb837", "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "nvd": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32283", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763767", "https://go.dev/issue/78334", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32283.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", "https://pkg.go.dev/vuln/GO-2026-4870", "https://www.cve.org/CVERecord?id=CVE-2026-32283" ], "PublishedDate": "2026-04-08T02:16:03.58Z", "LastModifiedDate": "2026-04-16T19:12:10.54Z" }, { "VulnerabilityID": "CVE-2026-33811", "VendorIDs": [ "GO-2026-4981" ], "PkgID": "stdlib@v1.25.8", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.8", "UID": "912b40e30cb9ace0" }, "InstalledVersion": "v1.25.8", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:d7d58b21193400a1bcf4c20d8eb17d4d3a4279a1e524174baf09c0c8c9c4621f", "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", "Severity": "HIGH", "CweIDs": [ "CWE-415" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/767860", "https://go.dev/issue/78803", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", "https://pkg.go.dev/vuln/GO-2026-4981" ], "PublishedDate": "2026-05-07T20:16:42.77Z", "LastModifiedDate": "2026-05-12T20:23:02.333Z" }, { "VulnerabilityID": "CVE-2026-33814", "VendorIDs": [ "GO-2026-4918" ], "PkgID": "stdlib@v1.25.8", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.8", "UID": "912b40e30cb9ace0" }, "InstalledVersion": "v1.25.8", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:261f4e7277d8d9093eba02451363fa616f722d7fd59c882d0064a24bc5d690fd", "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", "Severity": "HIGH", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/761581", "https://go.dev/cl/761640", "https://go.dev/issue/78476", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", "https://pkg.go.dev/vuln/GO-2026-4918" ], "PublishedDate": "2026-05-07T20:16:42.88Z", "LastModifiedDate": "2026-05-13T14:41:59.52Z" }, { "VulnerabilityID": "CVE-2026-39820", "VendorIDs": [ "GO-2026-4986" ], "PkgID": "stdlib@v1.25.8", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.8", "UID": "912b40e30cb9ace0" }, "InstalledVersion": "v1.25.8", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:264a5f2acb22932e033e6fdbe296426c5e703a2e4dd6fde2966813e6c07e6840", "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/759940", "https://go.dev/issue/78566", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", "https://pkg.go.dev/vuln/GO-2026-4986" ], "PublishedDate": "2026-05-07T20:16:43.187Z", "LastModifiedDate": "2026-05-13T15:10:58.65Z" }, { "VulnerabilityID": "CVE-2026-39836", "VendorIDs": [ "GO-2026-4971" ], "PkgID": "stdlib@v1.25.8", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.8", "UID": "912b40e30cb9ace0" }, "InstalledVersion": "v1.25.8", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:426743724c080c7f02bb2580b7210cfb725ff61fe3daa540d266faad816bff81", "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/775320", "https://go.dev/issue/79006", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", "https://pkg.go.dev/vuln/GO-2026-4971" ], "PublishedDate": "2026-05-07T20:16:43.593Z", "LastModifiedDate": "2026-05-13T15:11:10.31Z" }, { "VulnerabilityID": "CVE-2026-42499", "VendorIDs": [ "GO-2026-4977" ], "PkgID": "stdlib@v1.25.8", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.8", "UID": "912b40e30cb9ace0" }, "InstalledVersion": "v1.25.8", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:a555697ecde202d92cb784c9f2cd4832ed91f63d5edc3672661aed001b2921bf", "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", "Severity": "HIGH", "VendorSeverity": { "bitnami": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/771520", "https://go.dev/issue/78987", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", "https://pkg.go.dev/vuln/GO-2026-4977" ], "PublishedDate": "2026-05-07T20:16:44.54Z", "LastModifiedDate": "2026-05-13T16:59:17.563Z" }, { "VulnerabilityID": "CVE-2026-32282", "VendorIDs": [ "GO-2026-4864" ], "PkgID": "stdlib@v1.25.8", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.8", "UID": "912b40e30cb9ace0" }, "InstalledVersion": "v1.25.8", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:cb50d1c4ba644c18b2a0e1a88a879a30f3bed3da21f66f8092ae103625aa2aa9", "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32282", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763761", "https://go.dev/issue/78293", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32282.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", "https://pkg.go.dev/vuln/GO-2026-4864", "https://www.cve.org/CVERecord?id=CVE-2026-32282" ], "PublishedDate": "2026-04-08T02:16:03.467Z", "LastModifiedDate": "2026-04-16T19:15:39.4Z" }, { "VulnerabilityID": "CVE-2026-32288", "VendorIDs": [ "GO-2026-4869" ], "PkgID": "stdlib@v1.25.8", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.8", "UID": "912b40e30cb9ace0" }, "InstalledVersion": "v1.25.8", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:ea36c7ed2cce028b75bdbecbdd4897500454a5e956d0f5bae4f220f351cf86c1", "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "azure": 2, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32288", "https://go.dev/cl/763766", "https://go.dev/issue/78301", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", "https://pkg.go.dev/vuln/GO-2026-4869", "https://www.cve.org/CVERecord?id=CVE-2026-32288" ], "PublishedDate": "2026-04-08T02:16:03.707Z", "LastModifiedDate": "2026-04-16T19:08:52.24Z" }, { "VulnerabilityID": "CVE-2026-32289", "VendorIDs": [ "GO-2026-4865" ], "PkgID": "stdlib@v1.25.8", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.8", "UID": "912b40e30cb9ace0" }, "InstalledVersion": "v1.25.8", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:65db8303502f49e35aab7e2ea739de5516499f87396ee691f46f922ff33bcd8c", "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32289", "https://go.dev/cl/763762", "https://go.dev/issue/78331", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", "https://pkg.go.dev/vuln/GO-2026-4865", "https://www.cve.org/CVERecord?id=CVE-2026-32289" ], "PublishedDate": "2026-04-08T02:16:03.82Z", "LastModifiedDate": "2026-04-16T19:06:57.367Z" }, { "VulnerabilityID": "CVE-2026-39823", "VendorIDs": [ "GO-2026-4982" ], "PkgID": "stdlib@v1.25.8", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.8", "UID": "912b40e30cb9ace0" }, "InstalledVersion": "v1.25.8", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b3b7a9da64d22d497e75660256092cfdb0846a55c41066c17ca3827664b4d30a", "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/769920", "https://go.dev/issue/78913", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", "https://pkg.go.dev/vuln/GO-2026-4982" ], "PublishedDate": "2026-05-07T20:16:43.29Z", "LastModifiedDate": "2026-05-13T16:58:45.697Z" }, { "VulnerabilityID": "CVE-2026-39825", "VendorIDs": [ "GO-2026-4976" ], "PkgID": "stdlib@v1.25.8", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.8", "UID": "912b40e30cb9ace0" }, "InstalledVersion": "v1.25.8", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:147c43ae078e8b83e38b5d20225a970338d9309f0a23d87dccc11601d50a2642", "Title": "ReverseProxy can forward queries containing parameters not visible to ...", "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", "Severity": "MEDIUM", "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://go.dev/cl/770541", "https://go.dev/issue/78948", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", "https://pkg.go.dev/vuln/GO-2026-4976" ], "PublishedDate": "2026-05-07T20:16:43.39Z", "LastModifiedDate": "2026-05-13T16:58:56.39Z" }, { "VulnerabilityID": "CVE-2026-39826", "VendorIDs": [ "GO-2026-4980" ], "PkgID": "stdlib@v1.25.8", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.8", "UID": "912b40e30cb9ace0" }, "InstalledVersion": "v1.25.8", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:a255c3e759c5eb267ef20c0a84d300e7bb93d6fd7b2329417bcd5c6ab5fc996c", "DiffID": "sha256:01e16d79b5d871f4b6932b952a5503d59466085f5dd025e86195b51b16fa1da0" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:5893df144df5962be6771e177458445bc413e6e5dc76d0fdcdc6ab8a06821d01", "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", "Severity": "MEDIUM", "CweIDs": [ "CWE-116" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/771180", "https://go.dev/issue/78981", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", "https://pkg.go.dev/vuln/GO-2026-4980" ], "PublishedDate": "2026-05-07T20:16:43.49Z", "LastModifiedDate": "2026-05-13T16:59:07.48Z" } ] } ] }, { "Namespace": "gitea", "Kind": "Deployment", "Name": "mariadb", "Metadata": [ { "Size": 401847808, "OS": { "Family": "ubuntu", "Name": "20.04", "EOSL": true }, "ImageID": "sha256:895b6c8829c35f8081afd5229fe4a2e179a646fd96b807e5fb784cd09fd2483b", "DiffIDs": [ "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20", "sha256:e5e0f54fc85f7dd4bb1311ea35493d640d9719c2facc78564a3c2eaae0ebc462", "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227", "sha256:b03ce6585035a7adcce2a273ac32c43e38ab714d791e5e1a67078c836ccc375b", "sha256:992908eeb145870620987b7a9ecd1538fab185fe01e3a9ec38766480c7dc0f10", "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d", "sha256:7cf9fe3aa27d644bd193db2cdd9319617e8bdcded73f5bf257a1495d8b57ea92", "sha256:1c44195f988bba0f2987beb739f7285d767671f28dbb816fc259c9b1c21d0cf9" ], "RepoTags": [ "mariadb:10.7.8" ], "RepoDigests": [ "mariadb@sha256:9a48ac9f196f3d4fd6fea2cab59a49df9e7ca459bf14b2f7b85a0e38a5454571" ], "Reference": "mariadb:10.7.8", "ImageConfig": { "architecture": "amd64", "container": "8b22bdca404ecc0b289883de74130ad53c4db8207f83e1a3eba910d5c9a18969", "created": "2023-04-18T02:26:04.354855496Z", "docker_version": "20.10.23", "history": [ { "created": "2023-04-13T13:05:13.496726073Z", "created_by": "/bin/sh -c #(nop) ARG RELEASE", "empty_layer": true }, { "created": "2023-04-13T13:05:13.557712287Z", "created_by": "/bin/sh -c #(nop) ARG LAUNCHPAD_BUILD_ARCH", "empty_layer": true }, { "created": "2023-04-13T13:05:13.637326115Z", "created_by": "/bin/sh -c #(nop) LABEL org.opencontainers.image.ref.name=ubuntu", "empty_layer": true }, { "created": "2023-04-13T13:05:13.704319522Z", "created_by": "/bin/sh -c #(nop) LABEL org.opencontainers.image.version=20.04", "empty_layer": true }, { "created": "2023-04-13T13:05:15.451478418Z", "created_by": "/bin/sh -c #(nop) ADD file:d05d1c0936b046937bd5755876db2f8da3ed8ccbcf464bb56c312fbc7ed78589 in / " }, { "created": "2023-04-13T13:05:15.714908196Z", "created_by": "/bin/sh -c #(nop) CMD [\"/bin/bash\"]", "empty_layer": true }, { "created": "2023-04-18T02:25:16.913240864Z", "created_by": "/bin/sh -c groupadd -r mysql \u0026\u0026 useradd -r -g mysql mysql" }, { "created": "2023-04-18T02:25:16.997468606Z", "created_by": "/bin/sh -c #(nop) ENV GOSU_VERSION=1.14", "empty_layer": true }, { "created": "2023-04-18T02:25:17.08103298Z", "created_by": "/bin/sh -c #(nop) ARG GPG_KEYS=177F4010FE56CA3336300305F1656F24C74CD1D8", "empty_layer": true }, { "created": "2023-04-18T02:25:35.975629558Z", "created_by": "|1 GPG_KEYS=177F4010FE56CA3336300305F1656F24C74CD1D8 /bin/sh -c set -eux; \tapt-get update; \tDEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \t\tca-certificates \t\tgpg \t\tgpgv \t\tlibjemalloc2 \t\tpwgen \t\ttzdata \t\txz-utils \t\tzstd ; \tsavedAptMark=\"$(apt-mark showmanual)\"; \tapt-get install -y --no-install-recommends \t\tdirmngr \t\tgpg-agent \t\twget; \trm -rf /var/lib/apt/lists/*; \tdpkgArch=\"$(dpkg --print-architecture | awk -F- '{ print $NF }')\"; \twget -q -O /usr/local/bin/gosu \"https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch\"; \twget -q -O /usr/local/bin/gosu.asc \"https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc\"; \tGNUPGHOME=\"$(mktemp -d)\"; \texport GNUPGHOME; \tgpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \tfor key in $GPG_KEYS; do \t\tgpg --batch --keyserver keyserver.ubuntu.com --recv-keys \"$key\"; \tdone; \tgpg --batch --export \"$GPG_KEYS\" \u003e /etc/apt/trusted.gpg.d/mariadb.gpg; \tif command -v gpgconf \u003e/dev/null; then \t\tgpgconf --kill all; \tfi; \tgpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \tgpgconf --kill all; \trm -rf \"$GNUPGHOME\" /usr/local/bin/gosu.asc; \tapt-mark auto '.*' \u003e /dev/null; \t[ -z \"$savedAptMark\" ] ||\tapt-mark manual $savedAptMark \u003e/dev/null; \tapt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \tchmod +x /usr/local/bin/gosu; \tgosu --version; \tgosu nobody true" }, { "created": "2023-04-18T02:25:36.54142562Z", "created_by": "|1 GPG_KEYS=177F4010FE56CA3336300305F1656F24C74CD1D8 /bin/sh -c mkdir /docker-entrypoint-initdb.d" }, { "created": "2023-04-18T02:25:36.622581314Z", "created_by": "/bin/sh -c #(nop) ENV LANG=C.UTF-8", "empty_layer": true }, { "created": "2023-04-18T02:25:36.704840537Z", "created_by": "/bin/sh -c #(nop) LABEL org.opencontainers.image.authors=MariaDB Community org.opencontainers.image.title=MariaDB Database org.opencontainers.image.description=MariaDB Database for relational SQL org.opencontainers.image.documentation=https://hub.docker.com/_/mariadb/ org.opencontainers.image.base.name=docker.io/library/ubuntu:focal org.opencontainers.image.licenses=GPL-2.0 org.opencontainers.image.source=https://github.com/MariaDB/mariadb-docker org.opencontainers.image.vendor=MariaDB Community org.opencontainers.image.version=10.7.8 org.opencontainers.image.url=https://github.com/MariaDB/mariadb-docker", "empty_layer": true }, { "created": "2023-04-18T02:25:36.790323935Z", "created_by": "/bin/sh -c #(nop) ARG MARIADB_MAJOR=10.7", "empty_layer": true }, { "created": "2023-04-18T02:25:36.876741874Z", "created_by": "/bin/sh -c #(nop) ENV MARIADB_MAJOR=10.7", "empty_layer": true }, { "created": "2023-04-18T02:25:36.965346145Z", "created_by": "/bin/sh -c #(nop) ARG MARIADB_VERSION=1:10.7.8+maria~ubu2004", "empty_layer": true }, { "created": "2023-04-18T02:25:37.049419355Z", "created_by": "/bin/sh -c #(nop) ENV MARIADB_VERSION=1:10.7.8+maria~ubu2004", "empty_layer": true }, { "created": "2023-04-18T02:25:37.132419958Z", "created_by": "/bin/sh -c #(nop) ARG REPOSITORY=http://archive.mariadb.org/mariadb-10.7.8/repo/ubuntu/ focal main", "empty_layer": true }, { "created": "2023-04-18T02:25:37.636803336Z", "created_by": "|2 GPG_KEYS=177F4010FE56CA3336300305F1656F24C74CD1D8 REPOSITORY=http://archive.mariadb.org/mariadb-10.7.8/repo/ubuntu/ focal main /bin/sh -c set -e;\techo \"deb ${REPOSITORY}\" \u003e /etc/apt/sources.list.d/mariadb.list; \t{ \t\techo 'Package: *'; \t\techo 'Pin: release o=MariaDB'; \t\techo 'Pin-Priority: 999'; \t} \u003e /etc/apt/preferences.d/mariadb" }, { "created": "2023-04-18T02:26:03.284314995Z", "created_by": "|2 GPG_KEYS=177F4010FE56CA3336300305F1656F24C74CD1D8 REPOSITORY=http://archive.mariadb.org/mariadb-10.7.8/repo/ubuntu/ focal main /bin/sh -c set -ex; \t{ \t\techo \"mariadb-server-$MARIADB_MAJOR\" mysql-server/root_password password 'unused'; \t\techo \"mariadb-server-$MARIADB_MAJOR\" mysql-server/root_password_again password 'unused'; \t} | debconf-set-selections; \tapt-get update; \tapt-get install -y --no-install-recommends mariadb-server=\"$MARIADB_VERSION\" mariadb-backup socat \t; \trm -rf /var/lib/apt/lists/*; \trm -rf /var/lib/mysql; \tmkdir -p /var/lib/mysql /var/run/mysqld; \tchown -R mysql:mysql /var/lib/mysql /var/run/mysqld; \tchmod 777 /var/run/mysqld; \tfind /etc/mysql/ -name '*.cnf' -print0 \t\t| xargs -0 grep -lZE '^(bind-address|log|user\\s)' \t\t| xargs -rt -0 sed -Ei 's/^(bind-address|log|user\\s)/#\u0026/'; \tprintf \"[mariadb]\\nhost-cache-size=0\\nskip-name-resolve\\n\" \u003e /etc/mysql/mariadb.conf.d/05-skipcache.cnf; \tif [ -L /etc/mysql/my.cnf ]; then \t\tsed -i -e '/includedir/ {N;s/\\(.*\\)\\n\\(.*\\)/\\n\\2\\n\\1/}' /etc/mysql/mariadb.cnf; \tfi" }, { "created": "2023-04-18T02:26:03.894441855Z", "created_by": "/bin/sh -c #(nop) VOLUME [/var/lib/mysql]", "empty_layer": true }, { "created": "2023-04-18T02:26:03.995686971Z", "created_by": "/bin/sh -c #(nop) COPY file:cee75098a882f7d33ad2c4c4325b29adc56fc66450e6cee3711d5a1af1bda714 in /usr/local/bin/healthcheck.sh " }, { "created": "2023-04-18T02:26:04.091124973Z", "created_by": "/bin/sh -c #(nop) COPY file:ebdfbcbc74dda1874f1c75d86e1c32733edb402d13440b2b7140a952010bc21f in /usr/local/bin/ " }, { "created": "2023-04-18T02:26:04.176557383Z", "created_by": "/bin/sh -c #(nop) ENTRYPOINT [\"docker-entrypoint.sh\"]", "empty_layer": true }, { "created": "2023-04-18T02:26:04.26544875Z", "created_by": "/bin/sh -c #(nop) EXPOSE 3306", "empty_layer": true }, { "created": "2023-04-18T02:26:04.354855496Z", "created_by": "/bin/sh -c #(nop) CMD [\"mariadbd\"]", "empty_layer": true } ], "os": "linux", "rootfs": { "type": "layers", "diff_ids": [ "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20", "sha256:e5e0f54fc85f7dd4bb1311ea35493d640d9719c2facc78564a3c2eaae0ebc462", "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227", "sha256:b03ce6585035a7adcce2a273ac32c43e38ab714d791e5e1a67078c836ccc375b", "sha256:992908eeb145870620987b7a9ecd1538fab185fe01e3a9ec38766480c7dc0f10", "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d", "sha256:7cf9fe3aa27d644bd193db2cdd9319617e8bdcded73f5bf257a1495d8b57ea92", "sha256:1c44195f988bba0f2987beb739f7285d767671f28dbb816fc259c9b1c21d0cf9" ] }, "config": { "Cmd": [ "mariadbd" ], "Entrypoint": [ "docker-entrypoint.sh" ], "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "GOSU_VERSION=1.14", "LANG=C.UTF-8", "MARIADB_MAJOR=10.7", "MARIADB_VERSION=1:10.7.8+maria~ubu2004" ], "Image": "sha256:debc8f5123f31a10ce40605b47621d700f71022f610514046e34b9530cf8415b", "Labels": { "org.opencontainers.image.authors": "MariaDB Community", "org.opencontainers.image.base.name": "docker.io/library/ubuntu:focal", "org.opencontainers.image.description": "MariaDB Database for relational SQL", "org.opencontainers.image.documentation": "https://hub.docker.com/_/mariadb/", "org.opencontainers.image.licenses": "GPL-2.0", "org.opencontainers.image.ref.name": "ubuntu", "org.opencontainers.image.source": "https://github.com/MariaDB/mariadb-docker", "org.opencontainers.image.title": "MariaDB Database", "org.opencontainers.image.url": "https://github.com/MariaDB/mariadb-docker", "org.opencontainers.image.vendor": "MariaDB Community", "org.opencontainers.image.version": "10.7.8" }, "Volumes": { "/var/lib/mysql": {} }, "ExposedPorts": { "3306/tcp": {} } } }, "Layers": [ { "Size": 75160576, "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, { "Size": 338432, "Digest": "sha256:b8bc823a83fdf1329ae53f092d8f3641a60f92ee9f69e8785f5a3fd046eee30f", "DiffID": "sha256:e5e0f54fc85f7dd4bb1311ea35493d640d9719c2facc78564a3c2eaae0ebc462" }, { "Size": 19365376, "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, { "Size": 2048, "Digest": "sha256:b5660ff630580a5fee05c112e916f0bbca3234820aea68e604a23dba51f23d65", "DiffID": "sha256:b03ce6585035a7adcce2a273ac32c43e38ab714d791e5e1a67078c836ccc375b" }, { "Size": 5120, "Digest": "sha256:8b13582f0741982078be0add491f4d0662adad57d09a34a8abb34b7bc5be8896", "DiffID": "sha256:992908eeb145870620987b7a9ecd1538fab185fe01e3a9ec38766480c7dc0f10" }, { "Size": 306940928, "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, { "Size": 12288, "Digest": "sha256:6e4fbbea63e0936e45c5f62878243de963a19e359da68f8c9c9a189fd8568420", "DiffID": "sha256:7cf9fe3aa27d644bd193db2cdd9319617e8bdcded73f5bf257a1495d8b57ea92" }, { "Size": 23040, "Digest": "sha256:d3da1767155997ce7c8d108928c0ef1e3f3395a12cb611f0858d12a80c8af674", "DiffID": "sha256:1c44195f988bba0f2987beb739f7285d767671f28dbb816fc259c9b1c21d0cf9" } ] } ], "Results": [ { "Target": "mariadb:10.7.8 (ubuntu 20.04)", "Class": "os-pkgs", "Type": "ubuntu", "Packages": [ { "ID": "adduser@3.118ubuntu2", "Name": "adduser", "Identifier": { "PURL": "pkg:deb/ubuntu/adduser@3.118ubuntu2?arch=all\u0026distro=ubuntu-20.04", "UID": "1305e599e05e2743" }, "Version": "3.118ubuntu2", "Arch": "all", "SrcName": "adduser", "SrcVersion": "3.118ubuntu2", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Ubuntu Core Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debconf@1.5.73", "passwd@1:4.8.1-1ubuntu5.20.04.4" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/sbin/adduser", "/usr/sbin/deluser", "/usr/share/adduser/adduser.conf", "/usr/share/doc/adduser/TODO", "/usr/share/doc/adduser/changelog.gz", "/usr/share/doc/adduser/copyright", "/usr/share/doc/adduser/examples/INSTALL", "/usr/share/doc/adduser/examples/README.gz", "/usr/share/doc/adduser/examples/adduser.local", "/usr/share/doc/adduser/examples/adduser.local.conf", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/adduser.conf", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/bash.bashrc", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/profile", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel.other/index.html", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bash_logout", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bash_profile", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bashrc", "/usr/share/man/da/man5/adduser.conf.5.gz", "/usr/share/man/da/man5/deluser.conf.5.gz", "/usr/share/man/da/man8/adduser.8.gz", "/usr/share/man/da/man8/deluser.8.gz", "/usr/share/man/de/man5/adduser.conf.5.gz", "/usr/share/man/de/man5/deluser.conf.5.gz", "/usr/share/man/de/man8/adduser.8.gz", "/usr/share/man/de/man8/deluser.8.gz", "/usr/share/man/es/man5/adduser.conf.5.gz", "/usr/share/man/es/man5/deluser.conf.5.gz", "/usr/share/man/es/man8/adduser.8.gz", "/usr/share/man/es/man8/deluser.8.gz", "/usr/share/man/fr/man5/adduser.conf.5.gz", "/usr/share/man/fr/man5/deluser.conf.5.gz", "/usr/share/man/fr/man8/adduser.8.gz", "/usr/share/man/fr/man8/deluser.8.gz", "/usr/share/man/it/man5/adduser.conf.5.gz", "/usr/share/man/it/man5/deluser.conf.5.gz", "/usr/share/man/it/man8/adduser.8.gz", "/usr/share/man/it/man8/deluser.8.gz", "/usr/share/man/man5/adduser.conf.5.gz", "/usr/share/man/man5/deluser.conf.5.gz", "/usr/share/man/man8/adduser.8.gz", "/usr/share/man/man8/deluser.8.gz", "/usr/share/man/pl/man5/adduser.conf.5.gz", "/usr/share/man/pl/man5/deluser.conf.5.gz", "/usr/share/man/pl/man8/adduser.8.gz", "/usr/share/man/pl/man8/deluser.8.gz", "/usr/share/man/pt/man5/adduser.conf.5.gz", "/usr/share/man/pt/man5/deluser.conf.5.gz", "/usr/share/man/pt/man8/adduser.8.gz", "/usr/share/man/pt/man8/deluser.8.gz", "/usr/share/man/ru/man5/adduser.conf.5.gz", "/usr/share/man/ru/man5/deluser.conf.5.gz", "/usr/share/man/ru/man8/adduser.8.gz", "/usr/share/man/ru/man8/deluser.8.gz", "/usr/share/man/sv/man5/adduser.conf.5.gz", "/usr/share/man/sv/man5/deluser.conf.5.gz", "/usr/share/man/sv/man8/adduser.8.gz", "/usr/share/man/sv/man8/deluser.8.gz", "/usr/share/perl5/Debian/AdduserCommon.pm" ], "AnalyzedBy": "dpkg" }, { "ID": "apt@2.0.9", "Name": "apt", "Identifier": { "PURL": "pkg:deb/ubuntu/apt@2.0.9?arch=amd64\u0026distro=ubuntu-20.04", "UID": "a4e6a5232e3c5d53" }, "Version": "2.0.9", "Arch": "amd64", "SrcName": "apt", "SrcVersion": "2.0.9", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "adduser@3.118ubuntu2", "gpgv@2.2.19-3ubuntu2.2", "libapt-pkg6.0@2.0.9", "libc6@2.31-0ubuntu9.9", "libgcc-s1@10.3.0-1ubuntu1~20.04", "libgnutls30@3.6.13-2ubuntu1.8", "libseccomp2@2.5.1-1ubuntu1~20.04.2", "libstdc++6@10.3.0-1ubuntu1~20.04", "libsystemd0@245.4-4ubuntu3.21", "ubuntu-keyring@2020.02.11.4" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/systemd/system/apt-daily-upgrade.service", "/lib/systemd/system/apt-daily-upgrade.timer", "/lib/systemd/system/apt-daily.service", "/lib/systemd/system/apt-daily.timer", "/usr/bin/apt", "/usr/bin/apt-cache", "/usr/bin/apt-cdrom", "/usr/bin/apt-config", "/usr/bin/apt-get", "/usr/bin/apt-key", "/usr/bin/apt-mark", "/usr/lib/apt/apt-helper", "/usr/lib/apt/apt.systemd.daily", "/usr/lib/apt/methods/cdrom", "/usr/lib/apt/methods/copy", "/usr/lib/apt/methods/file", "/usr/lib/apt/methods/ftp", "/usr/lib/apt/methods/gpgv", "/usr/lib/apt/methods/http", "/usr/lib/apt/methods/mirror", "/usr/lib/apt/methods/rred", "/usr/lib/apt/methods/rsh", "/usr/lib/apt/methods/store", "/usr/lib/apt/solvers/dump", "/usr/lib/dpkg/methods/apt/desc.apt", "/usr/lib/dpkg/methods/apt/install", "/usr/lib/dpkg/methods/apt/names", "/usr/lib/dpkg/methods/apt/setup", "/usr/lib/dpkg/methods/apt/update", "/usr/lib/x86_64-linux-gnu/libapt-private.so.0.0.0", "/usr/share/bash-completion/completions/apt", "/usr/share/bug/apt/script", "/usr/share/doc/apt/copyright", "/usr/share/doc/apt/examples/apt.conf", "/usr/share/doc/apt/examples/configure-index", "/usr/share/doc/apt/examples/preferences", "/usr/share/doc/apt/examples/sources.list", "/usr/share/lintian/overrides/apt", "/usr/share/locale/ar/LC_MESSAGES/apt.mo", "/usr/share/locale/ast/LC_MESSAGES/apt.mo", "/usr/share/locale/bg/LC_MESSAGES/apt.mo", "/usr/share/locale/bs/LC_MESSAGES/apt.mo", "/usr/share/locale/ca/LC_MESSAGES/apt.mo", "/usr/share/locale/cs/LC_MESSAGES/apt.mo", "/usr/share/locale/cy/LC_MESSAGES/apt.mo", "/usr/share/locale/da/LC_MESSAGES/apt.mo", "/usr/share/locale/de/LC_MESSAGES/apt.mo", "/usr/share/locale/dz/LC_MESSAGES/apt.mo", "/usr/share/locale/el/LC_MESSAGES/apt.mo", "/usr/share/locale/es/LC_MESSAGES/apt.mo", "/usr/share/locale/eu/LC_MESSAGES/apt.mo", "/usr/share/locale/fi/LC_MESSAGES/apt.mo", "/usr/share/locale/fr/LC_MESSAGES/apt.mo", "/usr/share/locale/gl/LC_MESSAGES/apt.mo", "/usr/share/locale/hu/LC_MESSAGES/apt.mo", "/usr/share/locale/it/LC_MESSAGES/apt.mo", "/usr/share/locale/ja/LC_MESSAGES/apt.mo", "/usr/share/locale/km/LC_MESSAGES/apt.mo", "/usr/share/locale/ko/LC_MESSAGES/apt.mo", "/usr/share/locale/ku/LC_MESSAGES/apt.mo", "/usr/share/locale/lt/LC_MESSAGES/apt.mo", "/usr/share/locale/mr/LC_MESSAGES/apt.mo", "/usr/share/locale/nb/LC_MESSAGES/apt.mo", "/usr/share/locale/ne/LC_MESSAGES/apt.mo", "/usr/share/locale/nl/LC_MESSAGES/apt.mo", "/usr/share/locale/nn/LC_MESSAGES/apt.mo", "/usr/share/locale/pl/LC_MESSAGES/apt.mo", "/usr/share/locale/pt/LC_MESSAGES/apt.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/apt.mo", "/usr/share/locale/ro/LC_MESSAGES/apt.mo", "/usr/share/locale/ru/LC_MESSAGES/apt.mo", "/usr/share/locale/sk/LC_MESSAGES/apt.mo", "/usr/share/locale/sl/LC_MESSAGES/apt.mo", "/usr/share/locale/sv/LC_MESSAGES/apt.mo", "/usr/share/locale/th/LC_MESSAGES/apt.mo", "/usr/share/locale/tl/LC_MESSAGES/apt.mo", "/usr/share/locale/tr/LC_MESSAGES/apt.mo", "/usr/share/locale/uk/LC_MESSAGES/apt.mo", "/usr/share/locale/vi/LC_MESSAGES/apt.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/apt.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/apt.mo", "/usr/share/man/de/man1/apt-transport-http.1.gz", "/usr/share/man/de/man1/apt-transport-https.1.gz", "/usr/share/man/de/man1/apt-transport-mirror.1.gz", "/usr/share/man/de/man5/apt.conf.5.gz", "/usr/share/man/de/man5/apt_auth.conf.5.gz", "/usr/share/man/de/man5/apt_preferences.5.gz", "/usr/share/man/de/man5/sources.list.5.gz", "/usr/share/man/de/man8/apt-cache.8.gz", "/usr/share/man/de/man8/apt-cdrom.8.gz", "/usr/share/man/de/man8/apt-config.8.gz", "/usr/share/man/de/man8/apt-get.8.gz", "/usr/share/man/de/man8/apt-key.8.gz", "/usr/share/man/de/man8/apt-mark.8.gz", "/usr/share/man/de/man8/apt-secure.8.gz", "/usr/share/man/de/man8/apt.8.gz", "/usr/share/man/es/man5/apt_preferences.5.gz", "/usr/share/man/es/man8/apt-cache.8.gz", "/usr/share/man/es/man8/apt-cdrom.8.gz", "/usr/share/man/es/man8/apt-config.8.gz", "/usr/share/man/fr/man1/apt-transport-http.1.gz", "/usr/share/man/fr/man1/apt-transport-https.1.gz", "/usr/share/man/fr/man1/apt-transport-mirror.1.gz", "/usr/share/man/fr/man5/apt.conf.5.gz", "/usr/share/man/fr/man5/apt_auth.conf.5.gz", "/usr/share/man/fr/man5/apt_preferences.5.gz", "/usr/share/man/fr/man5/sources.list.5.gz", "/usr/share/man/fr/man8/apt-cache.8.gz", "/usr/share/man/fr/man8/apt-cdrom.8.gz", "/usr/share/man/fr/man8/apt-config.8.gz", "/usr/share/man/fr/man8/apt-get.8.gz", "/usr/share/man/fr/man8/apt-key.8.gz", "/usr/share/man/fr/man8/apt-mark.8.gz", "/usr/share/man/fr/man8/apt-secure.8.gz", "/usr/share/man/fr/man8/apt.8.gz", "/usr/share/man/it/man5/apt.conf.5.gz", "/usr/share/man/it/man5/apt_preferences.5.gz", "/usr/share/man/it/man5/sources.list.5.gz", "/usr/share/man/it/man8/apt-cache.8.gz", "/usr/share/man/it/man8/apt-cdrom.8.gz", "/usr/share/man/it/man8/apt-config.8.gz", "/usr/share/man/it/man8/apt-get.8.gz", "/usr/share/man/it/man8/apt-key.8.gz", "/usr/share/man/it/man8/apt-mark.8.gz", "/usr/share/man/it/man8/apt-secure.8.gz", "/usr/share/man/it/man8/apt.8.gz", "/usr/share/man/ja/man5/apt.conf.5.gz", "/usr/share/man/ja/man5/apt_preferences.5.gz", "/usr/share/man/ja/man5/sources.list.5.gz", "/usr/share/man/ja/man8/apt-cache.8.gz", "/usr/share/man/ja/man8/apt-cdrom.8.gz", "/usr/share/man/ja/man8/apt-config.8.gz", "/usr/share/man/ja/man8/apt-get.8.gz", "/usr/share/man/ja/man8/apt-key.8.gz", "/usr/share/man/ja/man8/apt-mark.8.gz", "/usr/share/man/ja/man8/apt-secure.8.gz", "/usr/share/man/ja/man8/apt.8.gz", "/usr/share/man/man1/apt-transport-http.1.gz", "/usr/share/man/man1/apt-transport-https.1.gz", "/usr/share/man/man1/apt-transport-mirror.1.gz", "/usr/share/man/man5/apt.conf.5.gz", "/usr/share/man/man5/apt_auth.conf.5.gz", "/usr/share/man/man5/apt_preferences.5.gz", "/usr/share/man/man5/sources.list.5.gz", "/usr/share/man/man7/apt-patterns.7.gz", "/usr/share/man/man8/apt-cache.8.gz", "/usr/share/man/man8/apt-cdrom.8.gz", "/usr/share/man/man8/apt-config.8.gz", "/usr/share/man/man8/apt-get.8.gz", "/usr/share/man/man8/apt-key.8.gz", "/usr/share/man/man8/apt-mark.8.gz", "/usr/share/man/man8/apt-secure.8.gz", "/usr/share/man/man8/apt.8.gz", "/usr/share/man/nl/man1/apt-transport-http.1.gz", "/usr/share/man/nl/man1/apt-transport-https.1.gz", "/usr/share/man/nl/man1/apt-transport-mirror.1.gz", "/usr/share/man/nl/man5/apt.conf.5.gz", "/usr/share/man/nl/man5/apt_auth.conf.5.gz", "/usr/share/man/nl/man5/apt_preferences.5.gz", "/usr/share/man/nl/man5/sources.list.5.gz", "/usr/share/man/nl/man8/apt-cache.8.gz", "/usr/share/man/nl/man8/apt-cdrom.8.gz", "/usr/share/man/nl/man8/apt-config.8.gz", "/usr/share/man/nl/man8/apt-get.8.gz", "/usr/share/man/nl/man8/apt-key.8.gz", "/usr/share/man/nl/man8/apt-mark.8.gz", "/usr/share/man/nl/man8/apt-secure.8.gz", "/usr/share/man/nl/man8/apt.8.gz", "/usr/share/man/pl/man5/apt_preferences.5.gz", "/usr/share/man/pl/man8/apt-cache.8.gz", "/usr/share/man/pl/man8/apt-cdrom.8.gz", "/usr/share/man/pl/man8/apt-config.8.gz", "/usr/share/man/pt/man1/apt-transport-http.1.gz", "/usr/share/man/pt/man1/apt-transport-https.1.gz", "/usr/share/man/pt/man1/apt-transport-mirror.1.gz", "/usr/share/man/pt/man5/apt.conf.5.gz", "/usr/share/man/pt/man5/apt_auth.conf.5.gz", "/usr/share/man/pt/man5/apt_preferences.5.gz", "/usr/share/man/pt/man5/sources.list.5.gz", "/usr/share/man/pt/man8/apt-cache.8.gz", "/usr/share/man/pt/man8/apt-cdrom.8.gz", "/usr/share/man/pt/man8/apt-config.8.gz", "/usr/share/man/pt/man8/apt-get.8.gz", "/usr/share/man/pt/man8/apt-key.8.gz", "/usr/share/man/pt/man8/apt-mark.8.gz", "/usr/share/man/pt/man8/apt-secure.8.gz", "/usr/share/man/pt/man8/apt.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "base-files@11ubuntu5.7", "Name": "base-files", "Identifier": { "PURL": "pkg:deb/ubuntu/base-files@11ubuntu5.7?arch=amd64\u0026distro=ubuntu-20.04", "UID": "a5180b5a90fc72da" }, "Version": "11ubuntu5.7", "Arch": "amd64", "SrcName": "base-files", "SrcVersion": "11ubuntu5.7", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libcrypt1@1:4.4.10-10ubuntu4" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/systemd/system/motd-news.service", "/lib/systemd/system/motd-news.timer", "/usr/bin/locale-check", "/usr/lib/os-release", "/usr/share/base-files/dot.bashrc", "/usr/share/base-files/dot.profile", "/usr/share/base-files/dot.profile.md5sums", "/usr/share/base-files/info.dir", "/usr/share/base-files/motd", "/usr/share/base-files/networks", "/usr/share/base-files/profile", "/usr/share/base-files/profile.md5sums", "/usr/share/base-files/staff-group-for-usr-local", "/usr/share/common-licenses/Apache-2.0", "/usr/share/common-licenses/Artistic", "/usr/share/common-licenses/BSD", "/usr/share/common-licenses/CC0-1.0", "/usr/share/common-licenses/GFDL-1.2", "/usr/share/common-licenses/GFDL-1.3", "/usr/share/common-licenses/GPL-1", "/usr/share/common-licenses/GPL-2", "/usr/share/common-licenses/GPL-3", "/usr/share/common-licenses/LGPL-2", "/usr/share/common-licenses/LGPL-2.1", "/usr/share/common-licenses/LGPL-3", "/usr/share/common-licenses/MPL-1.1", "/usr/share/common-licenses/MPL-2.0", "/usr/share/doc/base-files/README", "/usr/share/doc/base-files/README.FHS", "/usr/share/doc/base-files/changelog.gz", "/usr/share/doc/base-files/copyright", "/usr/share/lintian/overrides/base-files" ], "AnalyzedBy": "dpkg" }, { "ID": "base-passwd@3.5.47", "Name": "base-passwd", "Identifier": { "PURL": "pkg:deb/ubuntu/base-passwd@3.5.47?arch=amd64\u0026distro=ubuntu-20.04", "UID": "39e258627f1fe698" }, "Version": "3.5.47", "Arch": "amd64", "SrcName": "base-passwd", "SrcVersion": "3.5.47", "Licenses": [ "GPL-2.0-only", "PD" ], "Maintainer": "Colin Watson \u003ccjwatson@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libdebconfclient0@0.251ubuntu1" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/sbin/update-passwd", "/usr/share/base-passwd/group.master", "/usr/share/base-passwd/passwd.master", "/usr/share/doc-base/users-and-groups", "/usr/share/doc/base-passwd/README", "/usr/share/doc/base-passwd/changelog.gz", "/usr/share/doc/base-passwd/copyright", "/usr/share/doc/base-passwd/users-and-groups.html", "/usr/share/doc/base-passwd/users-and-groups.txt.gz", "/usr/share/lintian/overrides/base-passwd", "/usr/share/man/de/man8/update-passwd.8.gz", "/usr/share/man/es/man8/update-passwd.8.gz", "/usr/share/man/fr/man8/update-passwd.8.gz", "/usr/share/man/ja/man8/update-passwd.8.gz", "/usr/share/man/man8/update-passwd.8.gz", "/usr/share/man/pl/man8/update-passwd.8.gz", "/usr/share/man/ru/man8/update-passwd.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "bash@5.0-6ubuntu1.2", "Name": "bash", "Identifier": { "PURL": "pkg:deb/ubuntu/bash@5.0-6ubuntu1.2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "63630bb56302d371" }, "Version": "5.0", "Release": "6ubuntu1.2", "Arch": "amd64", "SrcName": "bash", "SrcVersion": "5.0", "SrcRelease": "6ubuntu1.2", "Licenses": [ "GPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "base-files@11ubuntu5.7", "debianutils@4.9.1" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/bin/bash", "/usr/bin/bashbug", "/usr/bin/clear_console", "/usr/share/doc/bash/COMPAT.gz", "/usr/share/doc/bash/INTRO.gz", "/usr/share/doc/bash/NEWS.gz", "/usr/share/doc/bash/POSIX.gz", "/usr/share/doc/bash/RBASH", "/usr/share/doc/bash/README.Debian.gz", "/usr/share/doc/bash/README.abs-guide", "/usr/share/doc/bash/README.commands.gz", "/usr/share/doc/bash/README.gz", "/usr/share/doc/bash/changelog.Debian.gz", "/usr/share/doc/bash/copyright", "/usr/share/doc/bash/inputrc.arrows", "/usr/share/lintian/overrides/bash", "/usr/share/man/man1/bash.1.gz", "/usr/share/man/man1/bashbug.1.gz", "/usr/share/man/man1/clear_console.1.gz", "/usr/share/man/man1/rbash.1.gz", "/usr/share/man/man7/bash-builtins.7.gz", "/usr/share/menu/bash" ], "AnalyzedBy": "dpkg" }, { "ID": "bsdutils@1:2.34-0.1ubuntu9.3", "Name": "bsdutils", "Identifier": { "PURL": "pkg:deb/ubuntu/bsdutils@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "c2f19fe3db589c3b" }, "Version": "2.34", "Release": "0.1ubuntu9.3", "Epoch": 1, "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.34", "SrcRelease": "0.1ubuntu9.3", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "public-domain", "BSD-4-Clause", "MIT", "BSD-2-Clause", "BSD-3-Clause", "LGPL-2.0-or-later", "LGPL-2.1-or-later", "GPL-3.0-or-later", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/bin/logger", "/usr/bin/renice", "/usr/bin/script", "/usr/bin/scriptreplay", "/usr/bin/wall", "/usr/share/bash-completion/completions/logger", "/usr/share/bash-completion/completions/renice", "/usr/share/bash-completion/completions/script", "/usr/share/bash-completion/completions/scriptreplay", "/usr/share/bash-completion/completions/wall", "/usr/share/doc/bsdutils/changelog.Debian.gz", "/usr/share/doc/bsdutils/copyright", "/usr/share/lintian/overrides/bsdutils", "/usr/share/man/man1/logger.1.gz", "/usr/share/man/man1/renice.1.gz", "/usr/share/man/man1/script.1.gz", "/usr/share/man/man1/scriptreplay.1.gz", "/usr/share/man/man1/wall.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "bzip2@1.0.8-2", "Name": "bzip2", "Identifier": { "PURL": "pkg:deb/ubuntu/bzip2@1.0.8-2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "8421c1f7cecd080f" }, "Version": "1.0.8", "Release": "2", "Arch": "amd64", "SrcName": "bzip2", "SrcVersion": "1.0.8", "SrcRelease": "2", "Licenses": [ "BSD-3-Clause", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libbz2-1.0@1.0.8-2", "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/bin/bunzip2", "/bin/bzcat", "/bin/bzdiff", "/bin/bzexe", "/bin/bzgrep", "/bin/bzip2", "/bin/bzip2recover", "/bin/bzmore", "/usr/share/doc/bzip2/copyright", "/usr/share/man/man1/bzdiff.1.gz", "/usr/share/man/man1/bzexe.1.gz", "/usr/share/man/man1/bzgrep.1.gz", "/usr/share/man/man1/bzip2.1.gz", "/usr/share/man/man1/bzmore.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "ca-certificates@20211016ubuntu0.20.04.1", "Name": "ca-certificates", "Identifier": { "PURL": "pkg:deb/ubuntu/ca-certificates@20211016ubuntu0.20.04.1?arch=all\u0026distro=ubuntu-20.04", "UID": "ef025fc6e4caa49c" }, "Version": "20211016ubuntu0.20.04.1", "Arch": "all", "SrcName": "ca-certificates", "SrcVersion": "20211016ubuntu0.20.04.1", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "MPL-2.0" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debconf@1.5.73", "openssl@1.1.1f-1ubuntu2.17" ], "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "InstalledFiles": [ "/usr/sbin/update-ca-certificates", "/usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt", "/usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt", "/usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt", "/usr/share/ca-certificates/mozilla/ANF_Secure_Server_Root_CA.crt", "/usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt", "/usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt", "/usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt", "/usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt", "/usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt", "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt", "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt", "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt", "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt", "/usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt", "/usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt", "/usr/share/ca-certificates/mozilla/Baltimore_CyberTrust_Root.crt", "/usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt", "/usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt", "/usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt", "/usr/share/ca-certificates/mozilla/CFCA_EV_ROOT.crt", "/usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/Certigna.crt", "/usr/share/ca-certificates/mozilla/Certigna_Root_CA.crt", "/usr/share/ca-certificates/mozilla/Certum_EC-384_CA.crt", "/usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt", "/usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt", "/usr/share/ca-certificates/mozilla/Certum_Trusted_Root_CA.crt", "/usr/share/ca-certificates/mozilla/Comodo_AAA_Services_root.crt", "/usr/share/ca-certificates/mozilla/Cybertrust_Global_Root.crt", "/usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt", "/usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt", "/usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt", "/usr/share/ca-certificates/mozilla/E-Tugra_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/EC-ACC.crt", "/usr/share/ca-certificates/mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt", "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt", "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt", "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G4.crt", "/usr/share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt", "/usr/share/ca-certificates/mozilla/GLOBALTRUST_2020.crt", "/usr/share/ca-certificates/mozilla/GTS_Root_R1.crt", "/usr/share/ca-certificates/mozilla/GTS_Root_R2.crt", "/usr/share/ca-certificates/mozilla/GTS_Root_R3.crt", "/usr/share/ca-certificates/mozilla/GTS_Root_R4.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R2.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_Root_E46.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_Root_R46.crt", "/usr/share/ca-certificates/mozilla/Go_Daddy_Class_2_CA.crt", "/usr/share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt", "/usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt", "/usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt", "/usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt", "/usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_1.crt", "/usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt", "/usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt", "/usr/share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt", "/usr/share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt", "/usr/share/ca-certificates/mozilla/Izenpe.com.crt", "/usr/share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt", "/usr/share/ca-certificates/mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt", "/usr/share/ca-certificates/mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt", "/usr/share/ca-certificates/mozilla/NAVER_Global_Root_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt", "/usr/share/ca-certificates/mozilla/Network_Solutions_Certificate_Authority.crt", "/usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt", "/usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt", "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt", "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt", "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt", "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt", "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt", "/usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt", "/usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt", "/usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt", "/usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt", "/usr/share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt", "/usr/share/ca-certificates/mozilla/SecureSign_RootCA11.crt", "/usr/share/ca-certificates/mozilla/SecureTrust_CA.crt", "/usr/share/ca-certificates/mozilla/Secure_Global_CA.crt", "/usr/share/ca-certificates/mozilla/Security_Communication_RootCA2.crt", "/usr/share/ca-certificates/mozilla/Security_Communication_Root_CA.crt", "/usr/share/ca-certificates/mozilla/Staat_der_Nederlanden_EV_Root_CA.crt", "/usr/share/ca-certificates/mozilla/Starfield_Class_2_CA.crt", "/usr/share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt", "/usr/share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt", "/usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt", "/usr/share/ca-certificates/mozilla/SwissSign_Silver_CA_-_G2.crt", "/usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt", "/usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt", "/usr/share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt", "/usr/share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt", "/usr/share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt", "/usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/UCA_Extended_Validation_Root.crt", "/usr/share/ca-certificates/mozilla/UCA_Global_G2_Root.crt", "/usr/share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/XRamp_Global_CA_Root.crt", "/usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt", "/usr/share/ca-certificates/mozilla/certSIGN_Root_CA_G2.crt", "/usr/share/ca-certificates/mozilla/e-Szigno_Root_CA_2017.crt", "/usr/share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_C3.crt", "/usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_G3.crt", "/usr/share/ca-certificates/mozilla/emSign_Root_CA_-_C1.crt", "/usr/share/ca-certificates/mozilla/emSign_Root_CA_-_G1.crt", "/usr/share/doc/ca-certificates/README.Debian", "/usr/share/doc/ca-certificates/changelog.gz", "/usr/share/doc/ca-certificates/copyright", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/Makefile", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/README", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/ca-certificates-local.triggers", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/changelog", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/compat", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/control", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/copyright", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/postrm", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/rules", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/source/format", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/local/Local_Root_CA.crt", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/local/Makefile", "/usr/share/man/man8/update-ca-certificates.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "coreutils@8.30-3ubuntu2", "Name": "coreutils", "Identifier": { "PURL": "pkg:deb/ubuntu/coreutils@8.30-3ubuntu2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "186bbd0abf222082" }, "Version": "8.30", "Release": "3ubuntu2", "Arch": "amd64", "SrcName": "coreutils", "SrcVersion": "8.30", "SrcRelease": "3ubuntu2", "Licenses": [ "GPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/bin/cat", "/bin/chgrp", "/bin/chmod", "/bin/chown", "/bin/cp", "/bin/date", "/bin/dd", "/bin/df", "/bin/dir", "/bin/echo", "/bin/false", "/bin/ln", "/bin/ls", "/bin/mkdir", "/bin/mknod", "/bin/mktemp", "/bin/mv", "/bin/pwd", "/bin/readlink", "/bin/rm", "/bin/rmdir", "/bin/sleep", "/bin/stty", "/bin/sync", "/bin/touch", "/bin/true", "/bin/uname", "/bin/vdir", "/usr/bin/[", "/usr/bin/arch", "/usr/bin/b2sum", "/usr/bin/base32", "/usr/bin/base64", "/usr/bin/basename", "/usr/bin/chcon", "/usr/bin/cksum", "/usr/bin/comm", "/usr/bin/csplit", "/usr/bin/cut", "/usr/bin/dircolors", "/usr/bin/dirname", "/usr/bin/du", "/usr/bin/env", "/usr/bin/expand", "/usr/bin/expr", "/usr/bin/factor", "/usr/bin/fmt", "/usr/bin/fold", "/usr/bin/groups", "/usr/bin/head", "/usr/bin/hostid", "/usr/bin/id", "/usr/bin/install", "/usr/bin/join", "/usr/bin/link", "/usr/bin/logname", "/usr/bin/md5sum", "/usr/bin/mkfifo", "/usr/bin/nice", "/usr/bin/nl", "/usr/bin/nohup", "/usr/bin/nproc", "/usr/bin/numfmt", "/usr/bin/od", "/usr/bin/paste", "/usr/bin/pathchk", "/usr/bin/pinky", "/usr/bin/pr", "/usr/bin/printenv", "/usr/bin/printf", "/usr/bin/ptx", "/usr/bin/realpath", "/usr/bin/runcon", "/usr/bin/seq", "/usr/bin/sha1sum", "/usr/bin/sha224sum", "/usr/bin/sha256sum", "/usr/bin/sha384sum", "/usr/bin/sha512sum", "/usr/bin/shred", "/usr/bin/shuf", "/usr/bin/sort", "/usr/bin/split", "/usr/bin/stat", "/usr/bin/stdbuf", "/usr/bin/sum", "/usr/bin/tac", "/usr/bin/tail", "/usr/bin/tee", "/usr/bin/test", "/usr/bin/timeout", "/usr/bin/tr", "/usr/bin/truncate", "/usr/bin/tsort", "/usr/bin/tty", "/usr/bin/unexpand", "/usr/bin/uniq", "/usr/bin/unlink", "/usr/bin/users", "/usr/bin/wc", "/usr/bin/who", "/usr/bin/whoami", "/usr/bin/yes", "/usr/lib/x86_64-linux-gnu/coreutils/libstdbuf.so", "/usr/sbin/chroot", "/usr/share/doc/coreutils/AUTHORS", "/usr/share/doc/coreutils/NEWS.Debian.gz", "/usr/share/doc/coreutils/NEWS.gz", "/usr/share/doc/coreutils/README.Debian", "/usr/share/doc/coreutils/README.gz", "/usr/share/doc/coreutils/THANKS.gz", "/usr/share/doc/coreutils/TODO.gz", "/usr/share/doc/coreutils/changelog.Debian.gz", "/usr/share/doc/coreutils/copyright", "/usr/share/info/coreutils.info.gz", "/usr/share/man/man1/arch.1.gz", "/usr/share/man/man1/b2sum.1.gz", "/usr/share/man/man1/base32.1.gz", "/usr/share/man/man1/base64.1.gz", "/usr/share/man/man1/basename.1.gz", "/usr/share/man/man1/cat.1.gz", "/usr/share/man/man1/chcon.1.gz", "/usr/share/man/man1/chgrp.1.gz", "/usr/share/man/man1/chmod.1.gz", "/usr/share/man/man1/chown.1.gz", "/usr/share/man/man1/cksum.1.gz", "/usr/share/man/man1/comm.1.gz", "/usr/share/man/man1/cp.1.gz", "/usr/share/man/man1/csplit.1.gz", "/usr/share/man/man1/cut.1.gz", "/usr/share/man/man1/date.1.gz", "/usr/share/man/man1/dd.1.gz", "/usr/share/man/man1/df.1.gz", "/usr/share/man/man1/dir.1.gz", "/usr/share/man/man1/dircolors.1.gz", "/usr/share/man/man1/dirname.1.gz", "/usr/share/man/man1/du.1.gz", "/usr/share/man/man1/echo.1.gz", "/usr/share/man/man1/env.1.gz", "/usr/share/man/man1/expand.1.gz", "/usr/share/man/man1/expr.1.gz", "/usr/share/man/man1/factor.1.gz", "/usr/share/man/man1/false.1.gz", "/usr/share/man/man1/fmt.1.gz", "/usr/share/man/man1/fold.1.gz", "/usr/share/man/man1/groups.1.gz", "/usr/share/man/man1/head.1.gz", "/usr/share/man/man1/hostid.1.gz", "/usr/share/man/man1/id.1.gz", "/usr/share/man/man1/install.1.gz", "/usr/share/man/man1/join.1.gz", "/usr/share/man/man1/link.1.gz", "/usr/share/man/man1/ln.1.gz", "/usr/share/man/man1/logname.1.gz", "/usr/share/man/man1/ls.1.gz", "/usr/share/man/man1/md5sum.1.gz", "/usr/share/man/man1/mkdir.1.gz", "/usr/share/man/man1/mkfifo.1.gz", "/usr/share/man/man1/mknod.1.gz", "/usr/share/man/man1/mktemp.1.gz", "/usr/share/man/man1/mv.1.gz", "/usr/share/man/man1/nice.1.gz", "/usr/share/man/man1/nl.1.gz", "/usr/share/man/man1/nohup.1.gz", "/usr/share/man/man1/nproc.1.gz", "/usr/share/man/man1/numfmt.1.gz", "/usr/share/man/man1/od.1.gz", "/usr/share/man/man1/paste.1.gz", "/usr/share/man/man1/pathchk.1.gz", "/usr/share/man/man1/pinky.1.gz", "/usr/share/man/man1/pr.1.gz", "/usr/share/man/man1/printenv.1.gz", "/usr/share/man/man1/printf.1.gz", "/usr/share/man/man1/ptx.1.gz", "/usr/share/man/man1/pwd.1.gz", "/usr/share/man/man1/readlink.1.gz", "/usr/share/man/man1/realpath.1.gz", "/usr/share/man/man1/rm.1.gz", "/usr/share/man/man1/rmdir.1.gz", "/usr/share/man/man1/runcon.1.gz", "/usr/share/man/man1/seq.1.gz", "/usr/share/man/man1/sha1sum.1.gz", "/usr/share/man/man1/sha224sum.1.gz", "/usr/share/man/man1/sha256sum.1.gz", "/usr/share/man/man1/sha384sum.1.gz", "/usr/share/man/man1/sha512sum.1.gz", "/usr/share/man/man1/shred.1.gz", "/usr/share/man/man1/shuf.1.gz", "/usr/share/man/man1/sleep.1.gz", "/usr/share/man/man1/sort.1.gz", "/usr/share/man/man1/split.1.gz", "/usr/share/man/man1/stat.1.gz", "/usr/share/man/man1/stdbuf.1.gz", "/usr/share/man/man1/stty.1.gz", "/usr/share/man/man1/sum.1.gz", "/usr/share/man/man1/sync.1.gz", "/usr/share/man/man1/tac.1.gz", "/usr/share/man/man1/tail.1.gz", "/usr/share/man/man1/tee.1.gz", "/usr/share/man/man1/test.1.gz", "/usr/share/man/man1/timeout.1.gz", "/usr/share/man/man1/touch.1.gz", "/usr/share/man/man1/tr.1.gz", "/usr/share/man/man1/true.1.gz", "/usr/share/man/man1/truncate.1.gz", "/usr/share/man/man1/tsort.1.gz", "/usr/share/man/man1/tty.1.gz", "/usr/share/man/man1/uname.1.gz", "/usr/share/man/man1/unexpand.1.gz", "/usr/share/man/man1/uniq.1.gz", "/usr/share/man/man1/unlink.1.gz", "/usr/share/man/man1/users.1.gz", "/usr/share/man/man1/vdir.1.gz", "/usr/share/man/man1/wc.1.gz", "/usr/share/man/man1/who.1.gz", "/usr/share/man/man1/whoami.1.gz", "/usr/share/man/man1/yes.1.gz", "/usr/share/man/man8/chroot.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "dash@0.5.10.2-6", "Name": "dash", "Identifier": { "PURL": "pkg:deb/ubuntu/dash@0.5.10.2-6?arch=amd64\u0026distro=ubuntu-20.04", "UID": "339907d4c6dfa92b" }, "Version": "0.5.10.2", "Release": "6", "Arch": "amd64", "SrcName": "dash", "SrcVersion": "0.5.10.2", "SrcRelease": "6", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debconf@1.5.73", "debianutils@4.9.1", "dpkg@1.19.7ubuntu3.2" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/bin/dash", "/usr/share/doc/dash/NEWS.Debian.gz", "/usr/share/doc/dash/README.Debian.diet", "/usr/share/doc/dash/README.source", "/usr/share/doc/dash/changelog.Debian.gz", "/usr/share/doc/dash/copyright", "/usr/share/lintian/overrides/dash", "/usr/share/man/man1/dash.1.gz", "/usr/share/menu/dash" ], "AnalyzedBy": "dpkg" }, { "ID": "debconf@1.5.73", "Name": "debconf", "Identifier": { "PURL": "pkg:deb/ubuntu/debconf@1.5.73?arch=all\u0026distro=ubuntu-20.04", "UID": "e57d99b341400824" }, "Version": "1.5.73", "Arch": "all", "SrcName": "debconf", "SrcVersion": "1.5.73", "Licenses": [ "BSD-2-Clause" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/bin/debconf", "/usr/bin/debconf-apt-progress", "/usr/bin/debconf-communicate", "/usr/bin/debconf-copydb", "/usr/bin/debconf-escape", "/usr/bin/debconf-set-selections", "/usr/bin/debconf-show", "/usr/sbin/dpkg-preconfigure", "/usr/sbin/dpkg-reconfigure", "/usr/share/bash-completion/completions/debconf", "/usr/share/debconf/confmodule", "/usr/share/debconf/confmodule.sh", "/usr/share/debconf/debconf.conf", "/usr/share/debconf/fix_db.pl", "/usr/share/debconf/frontend", "/usr/share/debconf/transition_db.pl", "/usr/share/doc/debconf/NEWS.Debian.gz", "/usr/share/doc/debconf/README.Debian", "/usr/share/doc/debconf/changelog.gz", "/usr/share/doc/debconf/copyright", "/usr/share/lintian/overrides/debconf", "/usr/share/man/man1/debconf-apt-progress.1.gz", "/usr/share/man/man1/debconf-communicate.1.gz", "/usr/share/man/man1/debconf-copydb.1.gz", "/usr/share/man/man1/debconf-escape.1.gz", "/usr/share/man/man1/debconf-set-selections.1.gz", "/usr/share/man/man1/debconf-show.1.gz", "/usr/share/man/man1/debconf.1.gz", "/usr/share/man/man8/dpkg-preconfigure.8.gz", "/usr/share/man/man8/dpkg-reconfigure.8.gz", "/usr/share/perl5/Debconf/AutoSelect.pm", "/usr/share/perl5/Debconf/Base.pm", "/usr/share/perl5/Debconf/Client/ConfModule.pm", "/usr/share/perl5/Debconf/ConfModule.pm", "/usr/share/perl5/Debconf/Config.pm", "/usr/share/perl5/Debconf/Db.pm", "/usr/share/perl5/Debconf/DbDriver.pm", "/usr/share/perl5/Debconf/DbDriver/Backup.pm", "/usr/share/perl5/Debconf/DbDriver/Cache.pm", "/usr/share/perl5/Debconf/DbDriver/Copy.pm", "/usr/share/perl5/Debconf/DbDriver/Debug.pm", "/usr/share/perl5/Debconf/DbDriver/DirTree.pm", "/usr/share/perl5/Debconf/DbDriver/Directory.pm", "/usr/share/perl5/Debconf/DbDriver/File.pm", "/usr/share/perl5/Debconf/DbDriver/LDAP.pm", "/usr/share/perl5/Debconf/DbDriver/PackageDir.pm", "/usr/share/perl5/Debconf/DbDriver/Pipe.pm", "/usr/share/perl5/Debconf/DbDriver/Stack.pm", "/usr/share/perl5/Debconf/Element.pm", "/usr/share/perl5/Debconf/Element/Dialog/Boolean.pm", "/usr/share/perl5/Debconf/Element/Dialog/Error.pm", "/usr/share/perl5/Debconf/Element/Dialog/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Dialog/Note.pm", "/usr/share/perl5/Debconf/Element/Dialog/Password.pm", "/usr/share/perl5/Debconf/Element/Dialog/Progress.pm", "/usr/share/perl5/Debconf/Element/Dialog/Select.pm", "/usr/share/perl5/Debconf/Element/Dialog/String.pm", "/usr/share/perl5/Debconf/Element/Dialog/Text.pm", "/usr/share/perl5/Debconf/Element/Editor/Boolean.pm", "/usr/share/perl5/Debconf/Element/Editor/Error.pm", "/usr/share/perl5/Debconf/Element/Editor/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Editor/Note.pm", "/usr/share/perl5/Debconf/Element/Editor/Password.pm", "/usr/share/perl5/Debconf/Element/Editor/Progress.pm", "/usr/share/perl5/Debconf/Element/Editor/Select.pm", "/usr/share/perl5/Debconf/Element/Editor/String.pm", "/usr/share/perl5/Debconf/Element/Editor/Text.pm", "/usr/share/perl5/Debconf/Element/Gnome.pm", "/usr/share/perl5/Debconf/Element/Gnome/Boolean.pm", "/usr/share/perl5/Debconf/Element/Gnome/Error.pm", "/usr/share/perl5/Debconf/Element/Gnome/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Gnome/Note.pm", "/usr/share/perl5/Debconf/Element/Gnome/Password.pm", "/usr/share/perl5/Debconf/Element/Gnome/Progress.pm", "/usr/share/perl5/Debconf/Element/Gnome/Select.pm", "/usr/share/perl5/Debconf/Element/Gnome/String.pm", "/usr/share/perl5/Debconf/Element/Gnome/Text.pm", "/usr/share/perl5/Debconf/Element/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Noninteractive.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Boolean.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Error.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Note.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Password.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Progress.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Select.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/String.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Text.pm", "/usr/share/perl5/Debconf/Element/Select.pm", "/usr/share/perl5/Debconf/Element/Teletype/Boolean.pm", "/usr/share/perl5/Debconf/Element/Teletype/Error.pm", "/usr/share/perl5/Debconf/Element/Teletype/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Teletype/Note.pm", "/usr/share/perl5/Debconf/Element/Teletype/Password.pm", "/usr/share/perl5/Debconf/Element/Teletype/Progress.pm", "/usr/share/perl5/Debconf/Element/Teletype/Select.pm", "/usr/share/perl5/Debconf/Element/Teletype/String.pm", "/usr/share/perl5/Debconf/Element/Teletype/Text.pm", "/usr/share/perl5/Debconf/Element/Web/Boolean.pm", "/usr/share/perl5/Debconf/Element/Web/Error.pm", "/usr/share/perl5/Debconf/Element/Web/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Web/Note.pm", "/usr/share/perl5/Debconf/Element/Web/Password.pm", "/usr/share/perl5/Debconf/Element/Web/Progress.pm", "/usr/share/perl5/Debconf/Element/Web/Select.pm", "/usr/share/perl5/Debconf/Element/Web/String.pm", "/usr/share/perl5/Debconf/Element/Web/Text.pm", "/usr/share/perl5/Debconf/Encoding.pm", "/usr/share/perl5/Debconf/Format.pm", "/usr/share/perl5/Debconf/Format/822.pm", "/usr/share/perl5/Debconf/FrontEnd.pm", "/usr/share/perl5/Debconf/FrontEnd/Dialog.pm", "/usr/share/perl5/Debconf/FrontEnd/Editor.pm", "/usr/share/perl5/Debconf/FrontEnd/Gnome.pm", "/usr/share/perl5/Debconf/FrontEnd/Kde.pm", "/usr/share/perl5/Debconf/FrontEnd/Noninteractive.pm", "/usr/share/perl5/Debconf/FrontEnd/Passthrough.pm", "/usr/share/perl5/Debconf/FrontEnd/Readline.pm", "/usr/share/perl5/Debconf/FrontEnd/ScreenSize.pm", "/usr/share/perl5/Debconf/FrontEnd/Teletype.pm", "/usr/share/perl5/Debconf/FrontEnd/Text.pm", "/usr/share/perl5/Debconf/FrontEnd/Web.pm", "/usr/share/perl5/Debconf/Gettext.pm", "/usr/share/perl5/Debconf/Iterator.pm", "/usr/share/perl5/Debconf/Log.pm", "/usr/share/perl5/Debconf/Path.pm", "/usr/share/perl5/Debconf/Priority.pm", "/usr/share/perl5/Debconf/Question.pm", "/usr/share/perl5/Debconf/Template.pm", "/usr/share/perl5/Debconf/Template/Transient.pm", "/usr/share/perl5/Debconf/TmpFile.pm", "/usr/share/perl5/Debian/DebConf/Client/ConfModule.pm", "/usr/share/pixmaps/debian-logo.png" ], "AnalyzedBy": "dpkg" }, { "ID": "debianutils@4.9.1", "Name": "debianutils", "Identifier": { "PURL": "pkg:deb/ubuntu/debianutils@4.9.1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "33c033894c33c0a9" }, "Version": "4.9.1", "Arch": "amd64", "SrcName": "debianutils", "SrcVersion": "4.9.1", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/bin/run-parts", "/bin/tempfile", "/bin/which", "/sbin/installkernel", "/usr/bin/ischroot", "/usr/bin/savelog", "/usr/sbin/add-shell", "/usr/sbin/remove-shell", "/usr/share/debianutils/shells", "/usr/share/doc/debianutils/README.shells.gz", "/usr/share/doc/debianutils/changelog.gz", "/usr/share/doc/debianutils/copyright", "/usr/share/man/de/man1/tempfile.1.gz", "/usr/share/man/de/man1/which.1.gz", "/usr/share/man/de/man8/add-shell.8.gz", "/usr/share/man/de/man8/installkernel.8.gz", "/usr/share/man/de/man8/remove-shell.8.gz", "/usr/share/man/de/man8/run-parts.8.gz", "/usr/share/man/de/man8/savelog.8.gz", "/usr/share/man/es/man1/tempfile.1.gz", "/usr/share/man/es/man1/which.1.gz", "/usr/share/man/es/man8/add-shell.8.gz", "/usr/share/man/es/man8/installkernel.8.gz", "/usr/share/man/es/man8/remove-shell.8.gz", "/usr/share/man/es/man8/run-parts.8.gz", "/usr/share/man/es/man8/savelog.8.gz", "/usr/share/man/fr/man1/tempfile.1.gz", "/usr/share/man/fr/man1/which.1.gz", "/usr/share/man/fr/man8/add-shell.8.gz", "/usr/share/man/fr/man8/installkernel.8.gz", "/usr/share/man/fr/man8/remove-shell.8.gz", "/usr/share/man/fr/man8/run-parts.8.gz", "/usr/share/man/fr/man8/savelog.8.gz", "/usr/share/man/it/man1/tempfile.1.gz", "/usr/share/man/it/man1/which.1.gz", "/usr/share/man/it/man8/add-shell.8.gz", "/usr/share/man/it/man8/installkernel.8.gz", "/usr/share/man/it/man8/remove-shell.8.gz", "/usr/share/man/it/man8/run-parts.8.gz", "/usr/share/man/it/man8/savelog.8.gz", "/usr/share/man/ja/man1/tempfile.1.gz", "/usr/share/man/ja/man1/which.1.gz", "/usr/share/man/ja/man8/add-shell.8.gz", "/usr/share/man/ja/man8/installkernel.8.gz", "/usr/share/man/ja/man8/remove-shell.8.gz", "/usr/share/man/ja/man8/run-parts.8.gz", "/usr/share/man/ja/man8/savelog.8.gz", "/usr/share/man/man1/ischroot.1.gz", "/usr/share/man/man1/tempfile.1.gz", "/usr/share/man/man1/which.1.gz", "/usr/share/man/man8/add-shell.8.gz", "/usr/share/man/man8/installkernel.8.gz", "/usr/share/man/man8/remove-shell.8.gz", "/usr/share/man/man8/run-parts.8.gz", "/usr/share/man/man8/savelog.8.gz", "/usr/share/man/pl/man1/tempfile.1.gz", "/usr/share/man/pl/man1/which.1.gz", "/usr/share/man/pl/man8/add-shell.8.gz", "/usr/share/man/pl/man8/installkernel.8.gz", "/usr/share/man/pl/man8/remove-shell.8.gz", "/usr/share/man/pl/man8/run-parts.8.gz", "/usr/share/man/pl/man8/savelog.8.gz", "/usr/share/man/sl/man1/tempfile.1.gz", "/usr/share/man/sl/man1/which.1.gz", "/usr/share/man/sl/man8/add-shell.8.gz", "/usr/share/man/sl/man8/installkernel.8.gz", "/usr/share/man/sl/man8/remove-shell.8.gz", "/usr/share/man/sl/man8/run-parts.8.gz", "/usr/share/man/sl/man8/savelog.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "diffutils@1:3.7-3", "Name": "diffutils", "Identifier": { "PURL": "pkg:deb/ubuntu/diffutils@3.7-3?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "20a16873c3eab51c" }, "Version": "3.7", "Release": "3", "Epoch": 1, "Arch": "amd64", "SrcName": "diffutils", "SrcVersion": "3.7", "SrcRelease": "3", "SrcEpoch": 1, "Licenses": [ "GPL-2.0-or-later", "GFDL-1.3-or-later" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/bin/cmp", "/usr/bin/diff", "/usr/bin/diff3", "/usr/bin/sdiff", "/usr/share/doc/diffutils/NEWS.gz", "/usr/share/doc/diffutils/changelog.Debian.gz", "/usr/share/doc/diffutils/copyright", "/usr/share/info/diffutils.info.gz", "/usr/share/man/man1/cmp.1.gz", "/usr/share/man/man1/diff.1.gz", "/usr/share/man/man1/diff3.1.gz", "/usr/share/man/man1/sdiff.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "dpkg@1.19.7ubuntu3.2", "Name": "dpkg", "Identifier": { "PURL": "pkg:deb/ubuntu/dpkg@1.19.7ubuntu3.2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "ee837475a82dbbe7" }, "Version": "1.19.7ubuntu3.2", "Arch": "amd64", "SrcName": "dpkg", "SrcVersion": "1.19.7ubuntu3.2", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "BSD-2-Clause", "public-domain-s-s-d", "public-domain-md5" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "tar@1.30+dfsg-7ubuntu0.20.04.3" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/sbin/start-stop-daemon", "/usr/bin/dpkg", "/usr/bin/dpkg-deb", "/usr/bin/dpkg-divert", "/usr/bin/dpkg-maintscript-helper", "/usr/bin/dpkg-query", "/usr/bin/dpkg-split", "/usr/bin/dpkg-statoverride", "/usr/bin/dpkg-trigger", "/usr/bin/update-alternatives", "/usr/share/bug/dpkg", "/usr/share/doc/dpkg/AUTHORS", "/usr/share/doc/dpkg/README.feature-removal-schedule.gz", "/usr/share/doc/dpkg/THANKS.gz", "/usr/share/doc/dpkg/changelog.Debian.gz", "/usr/share/doc/dpkg/copyright", "/usr/share/doc/dpkg/usertags.gz", "/usr/share/dpkg/abitable", "/usr/share/dpkg/cputable", "/usr/share/dpkg/ostable", "/usr/share/dpkg/tupletable", "/usr/share/lintian/overrides/dpkg", "/usr/share/lintian/profiles/dpkg/main.profile", "/usr/share/locale/ast/LC_MESSAGES/dpkg.mo", "/usr/share/locale/bs/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ca/LC_MESSAGES/dpkg.mo", "/usr/share/locale/cs/LC_MESSAGES/dpkg.mo", "/usr/share/locale/da/LC_MESSAGES/dpkg.mo", "/usr/share/locale/de/LC_MESSAGES/dpkg.mo", "/usr/share/locale/dz/LC_MESSAGES/dpkg.mo", "/usr/share/locale/el/LC_MESSAGES/dpkg.mo", "/usr/share/locale/eo/LC_MESSAGES/dpkg.mo", "/usr/share/locale/es/LC_MESSAGES/dpkg.mo", "/usr/share/locale/et/LC_MESSAGES/dpkg.mo", "/usr/share/locale/eu/LC_MESSAGES/dpkg.mo", "/usr/share/locale/fr/LC_MESSAGES/dpkg.mo", "/usr/share/locale/gl/LC_MESSAGES/dpkg.mo", "/usr/share/locale/hu/LC_MESSAGES/dpkg.mo", "/usr/share/locale/id/LC_MESSAGES/dpkg.mo", "/usr/share/locale/it/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ja/LC_MESSAGES/dpkg.mo", "/usr/share/locale/km/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ko/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ku/LC_MESSAGES/dpkg.mo", "/usr/share/locale/lt/LC_MESSAGES/dpkg.mo", "/usr/share/locale/mr/LC_MESSAGES/dpkg.mo", "/usr/share/locale/nb/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ne/LC_MESSAGES/dpkg.mo", "/usr/share/locale/nl/LC_MESSAGES/dpkg.mo", "/usr/share/locale/nn/LC_MESSAGES/dpkg.mo", "/usr/share/locale/pa/LC_MESSAGES/dpkg.mo", "/usr/share/locale/pl/LC_MESSAGES/dpkg.mo", "/usr/share/locale/pt/LC_MESSAGES/dpkg.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ro/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ru/LC_MESSAGES/dpkg.mo", "/usr/share/locale/sk/LC_MESSAGES/dpkg.mo", "/usr/share/locale/sv/LC_MESSAGES/dpkg.mo", "/usr/share/locale/th/LC_MESSAGES/dpkg.mo", "/usr/share/locale/tl/LC_MESSAGES/dpkg.mo", "/usr/share/locale/tr/LC_MESSAGES/dpkg.mo", "/usr/share/locale/vi/LC_MESSAGES/dpkg.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/dpkg.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/dpkg.mo", "/usr/share/man/de/man1/dpkg-deb.1.gz", "/usr/share/man/de/man1/dpkg-divert.1.gz", "/usr/share/man/de/man1/dpkg-maintscript-helper.1.gz", "/usr/share/man/de/man1/dpkg-query.1.gz", "/usr/share/man/de/man1/dpkg-split.1.gz", "/usr/share/man/de/man1/dpkg-statoverride.1.gz", "/usr/share/man/de/man1/dpkg-trigger.1.gz", "/usr/share/man/de/man1/dpkg.1.gz", "/usr/share/man/de/man1/update-alternatives.1.gz", "/usr/share/man/de/man5/dpkg.cfg.5.gz", "/usr/share/man/de/man8/start-stop-daemon.8.gz", "/usr/share/man/es/man1/dpkg-split.1.gz", "/usr/share/man/es/man1/update-alternatives.1.gz", "/usr/share/man/fr/man1/dpkg-deb.1.gz", "/usr/share/man/fr/man1/dpkg-divert.1.gz", "/usr/share/man/fr/man1/dpkg-maintscript-helper.1.gz", "/usr/share/man/fr/man1/dpkg-query.1.gz", "/usr/share/man/fr/man1/dpkg-split.1.gz", "/usr/share/man/fr/man1/dpkg-statoverride.1.gz", "/usr/share/man/fr/man1/dpkg-trigger.1.gz", "/usr/share/man/fr/man1/dpkg.1.gz", "/usr/share/man/fr/man1/update-alternatives.1.gz", "/usr/share/man/fr/man5/dpkg.cfg.5.gz", "/usr/share/man/fr/man8/start-stop-daemon.8.gz", "/usr/share/man/it/man1/dpkg-maintscript-helper.1.gz", "/usr/share/man/it/man1/dpkg-split.1.gz", "/usr/share/man/it/man1/update-alternatives.1.gz", "/usr/share/man/ja/man1/dpkg-split.1.gz", "/usr/share/man/ja/man1/update-alternatives.1.gz", "/usr/share/man/man1/dpkg-deb.1.gz", "/usr/share/man/man1/dpkg-divert.1.gz", "/usr/share/man/man1/dpkg-maintscript-helper.1.gz", "/usr/share/man/man1/dpkg-query.1.gz", "/usr/share/man/man1/dpkg-split.1.gz", "/usr/share/man/man1/dpkg-statoverride.1.gz", "/usr/share/man/man1/dpkg-trigger.1.gz", "/usr/share/man/man1/dpkg.1.gz", "/usr/share/man/man1/update-alternatives.1.gz", "/usr/share/man/man5/dpkg.cfg.5.gz", "/usr/share/man/man8/start-stop-daemon.8.gz", "/usr/share/man/nl/man1/dpkg-deb.1.gz", "/usr/share/man/nl/man1/dpkg-divert.1.gz", "/usr/share/man/nl/man1/dpkg-maintscript-helper.1.gz", "/usr/share/man/nl/man1/dpkg-query.1.gz", "/usr/share/man/nl/man1/dpkg-split.1.gz", "/usr/share/man/nl/man1/dpkg-statoverride.1.gz", "/usr/share/man/nl/man1/dpkg-trigger.1.gz", "/usr/share/man/nl/man1/dpkg.1.gz", "/usr/share/man/nl/man1/update-alternatives.1.gz", "/usr/share/man/nl/man5/dpkg.cfg.5.gz", "/usr/share/man/nl/man8/start-stop-daemon.8.gz", "/usr/share/man/pl/man1/dpkg-split.1.gz", "/usr/share/man/pl/man1/update-alternatives.1.gz", "/usr/share/man/sv/man1/dpkg-maintscript-helper.1.gz", "/usr/share/man/sv/man1/dpkg-split.1.gz", "/usr/share/man/sv/man1/dpkg-trigger.1.gz", "/usr/share/man/sv/man1/update-alternatives.1.gz", "/usr/share/polkit-1/actions/org.dpkg.pkexec.update-alternatives.policy" ], "AnalyzedBy": "dpkg" }, { "ID": "e2fsprogs@1.45.5-2ubuntu1.1", "Name": "e2fsprogs", "Identifier": { "PURL": "pkg:deb/ubuntu/e2fsprogs@1.45.5-2ubuntu1.1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "837d9bdbf71f5a70" }, "Version": "1.45.5", "Release": "2ubuntu1.1", "Arch": "amd64", "SrcName": "e2fsprogs", "SrcVersion": "1.45.5", "SrcRelease": "2ubuntu1.1", "Licenses": [ "GPL-2.0-only", "LGPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "logsave@1.45.5-2ubuntu1.1" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/systemd/system/e2scrub@.service", "/lib/systemd/system/e2scrub_all.service", "/lib/systemd/system/e2scrub_all.timer", "/lib/systemd/system/e2scrub_fail@.service", "/lib/systemd/system/e2scrub_reap.service", "/lib/udev/rules.d/96-e2scrub.rules", "/sbin/badblocks", "/sbin/debugfs", "/sbin/dumpe2fs", "/sbin/e2fsck", "/sbin/e2image", "/sbin/e2scrub", "/sbin/e2scrub_all", "/sbin/e2undo", "/sbin/mke2fs", "/sbin/resize2fs", "/sbin/tune2fs", "/usr/bin/chattr", "/usr/bin/lsattr", "/usr/lib/x86_64-linux-gnu/e2fsprogs/e2scrub_all_cron", "/usr/lib/x86_64-linux-gnu/e2fsprogs/e2scrub_fail", "/usr/sbin/e2freefrag", "/usr/sbin/e4crypt", "/usr/sbin/e4defrag", "/usr/sbin/filefrag", "/usr/sbin/mklost+found", "/usr/share/doc/e2fsprogs/NEWS.gz", "/usr/share/doc/e2fsprogs/README", "/usr/share/doc/e2fsprogs/copyright", "/usr/share/lintian/overrides/e2fsprogs", "/usr/share/man/man1/chattr.1.gz", "/usr/share/man/man1/lsattr.1.gz", "/usr/share/man/man5/e2fsck.conf.5.gz", "/usr/share/man/man5/ext4.5.gz", "/usr/share/man/man5/mke2fs.conf.5.gz", "/usr/share/man/man8/badblocks.8.gz", "/usr/share/man/man8/debugfs.8.gz", "/usr/share/man/man8/dumpe2fs.8.gz", "/usr/share/man/man8/e2freefrag.8.gz", "/usr/share/man/man8/e2fsck.8.gz", "/usr/share/man/man8/e2image.8.gz", "/usr/share/man/man8/e2label.8.gz", "/usr/share/man/man8/e2mmpstatus.8.gz", "/usr/share/man/man8/e2scrub.8.gz", "/usr/share/man/man8/e2scrub_all.8.gz", "/usr/share/man/man8/e2undo.8.gz", "/usr/share/man/man8/e4crypt.8.gz", "/usr/share/man/man8/e4defrag.8.gz", "/usr/share/man/man8/filefrag.8.gz", "/usr/share/man/man8/mke2fs.8.gz", "/usr/share/man/man8/mklost+found.8.gz", "/usr/share/man/man8/resize2fs.8.gz", "/usr/share/man/man8/tune2fs.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "fdisk@2.34-0.1ubuntu9.3", "Name": "fdisk", "Identifier": { "PURL": "pkg:deb/ubuntu/fdisk@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "e93cc0834325a9d6" }, "Version": "2.34", "Release": "0.1ubuntu9.3", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.34", "SrcRelease": "0.1ubuntu9.3", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "public-domain", "BSD-4-Clause", "MIT", "BSD-2-Clause", "BSD-3-Clause", "LGPL-2.0-or-later", "LGPL-2.1-or-later", "GPL-3.0-or-later", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libfdisk1@2.34-0.1ubuntu9.3", "libmount1@2.34-0.1ubuntu9.3", "libncursesw6@6.2-0ubuntu2", "libsmartcols1@2.34-0.1ubuntu9.3", "libtinfo6@6.2-0ubuntu2" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/sbin/cfdisk", "/sbin/fdisk", "/sbin/sfdisk", "/usr/share/bash-completion/completions/cfdisk", "/usr/share/bash-completion/completions/fdisk", "/usr/share/bash-completion/completions/sfdisk", "/usr/share/doc/fdisk/copyright", "/usr/share/man/man8/cfdisk.8.gz", "/usr/share/man/man8/fdisk.8.gz", "/usr/share/man/man8/sfdisk.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "findutils@4.7.0-1ubuntu1", "Name": "findutils", "Identifier": { "PURL": "pkg:deb/ubuntu/findutils@4.7.0-1ubuntu1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "cf6c12ae56df7c0c" }, "Version": "4.7.0", "Release": "1ubuntu1", "Arch": "amd64", "SrcName": "findutils", "SrcVersion": "4.7.0", "SrcRelease": "1ubuntu1", "Licenses": [ "GPL-3.0-only", "GFDL-1.3-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/bin/find", "/usr/bin/xargs", "/usr/share/doc-base/findutils", "/usr/share/doc/findutils/NEWS.Debian.gz", "/usr/share/doc/findutils/NEWS.gz", "/usr/share/doc/findutils/README.gz", "/usr/share/doc/findutils/TODO", "/usr/share/doc/findutils/changelog.Debian.gz", "/usr/share/doc/findutils/copyright", "/usr/share/info/find-maint.info.gz", "/usr/share/info/find.info-1.gz", "/usr/share/info/find.info-2.gz", "/usr/share/info/find.info.gz", "/usr/share/man/man1/find.1.gz", "/usr/share/man/man1/xargs.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "galera-4@26.4.14-ubu2004", "Name": "galera-4", "Identifier": { "PURL": "pkg:deb/ubuntu/galera-4@26.4.14-ubu2004?arch=amd64\u0026distro=ubuntu-20.04", "UID": "75c6738053f429f6" }, "Version": "26.4.14", "Release": "ubu2004", "Arch": "amd64", "SrcName": "galera-4", "SrcVersion": "26.4.14", "SrcRelease": "ubu2004", "Licenses": [ "GPL-2.0-only", "other", "GFDL-1.1-or-later", "CC-BY-SA-3.0", "GFDL-1.2-only" ], "Maintainer": "Codership Oy \u003cinfo@codership.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libgcc-s1@10.3.0-1ubuntu1~20.04", "libssl1.1@1.1.1f-1ubuntu2.17", "libstdc++6@10.3.0-1ubuntu1~20.04" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/lib/libgalera_smm.so", "/usr/share/doc/galera-4/AUTHORS", "/usr/share/doc/galera-4/README.gz", "/usr/share/doc/galera-4/changelog.Debian.gz", "/usr/share/doc/galera-4/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "gawk@1:5.0.1+dfsg-1", "Name": "gawk", "Identifier": { "PURL": "pkg:deb/ubuntu/gawk@5.0.1%2Bdfsg-1?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "e7d9fd5e0ccccae5" }, "Version": "5.0.1+dfsg", "Release": "1", "Epoch": 1, "Arch": "amd64", "SrcName": "gawk", "SrcVersion": "5.0.1+dfsg", "SrcRelease": "1", "SrcEpoch": 1, "Licenses": [ "GPL-3.0-or-later", "GPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/bin/gawk", "/usr/include/gawkapi.h", "/usr/lib/x86_64-linux-gnu/awk/grcat", "/usr/lib/x86_64-linux-gnu/awk/pwcat", "/usr/lib/x86_64-linux-gnu/gawk/filefuncs.so", "/usr/lib/x86_64-linux-gnu/gawk/fnmatch.so", "/usr/lib/x86_64-linux-gnu/gawk/fork.so", "/usr/lib/x86_64-linux-gnu/gawk/inplace.so", "/usr/lib/x86_64-linux-gnu/gawk/intdiv.so", "/usr/lib/x86_64-linux-gnu/gawk/ordchr.so", "/usr/lib/x86_64-linux-gnu/gawk/readdir.so", "/usr/lib/x86_64-linux-gnu/gawk/readfile.so", "/usr/lib/x86_64-linux-gnu/gawk/revoutput.so", "/usr/lib/x86_64-linux-gnu/gawk/revtwoway.so", "/usr/lib/x86_64-linux-gnu/gawk/rwarray.so", "/usr/lib/x86_64-linux-gnu/gawk/time.so", "/usr/share/awk/assert.awk", "/usr/share/awk/bits2str.awk", "/usr/share/awk/cliff_rand.awk", "/usr/share/awk/ctime.awk", "/usr/share/awk/ftrans.awk", "/usr/share/awk/getopt.awk", "/usr/share/awk/gettime.awk", "/usr/share/awk/group.awk", "/usr/share/awk/have_mpfr.awk", "/usr/share/awk/inplace.awk", "/usr/share/awk/intdiv0.awk", "/usr/share/awk/join.awk", "/usr/share/awk/libintl.awk", "/usr/share/awk/noassign.awk", "/usr/share/awk/ns_passwd.awk", "/usr/share/awk/ord.awk", "/usr/share/awk/passwd.awk", "/usr/share/awk/processarray.awk", "/usr/share/awk/quicksort.awk", "/usr/share/awk/readable.awk", "/usr/share/awk/readfile.awk", "/usr/share/awk/rewind.awk", "/usr/share/awk/round.awk", "/usr/share/awk/shellquote.awk", "/usr/share/awk/strtonum.awk", "/usr/share/awk/walkarray.awk", "/usr/share/awk/zerofile.awk", "/usr/share/doc/gawk/AUTHORS", "/usr/share/doc/gawk/NEWS.gz", "/usr/share/doc/gawk/POSIX.STD", "/usr/share/doc/gawk/README", "/usr/share/doc/gawk/changelog.Debian.gz", "/usr/share/doc/gawk/copyright", "/usr/share/doc/gawk/examples/data/class_data1", "/usr/share/doc/gawk/examples/data/class_data2", "/usr/share/doc/gawk/examples/data/guide-mellow.po", "/usr/share/doc/gawk/examples/data/guide.po", "/usr/share/doc/gawk/examples/data/inventory-shipped", "/usr/share/doc/gawk/examples/data/mail-list", "/usr/share/doc/gawk/examples/lib/assert.awk", "/usr/share/doc/gawk/examples/lib/bits2str.awk", "/usr/share/doc/gawk/examples/lib/cliff_rand.awk", "/usr/share/doc/gawk/examples/lib/ctime.awk", "/usr/share/doc/gawk/examples/lib/ftrans.awk", "/usr/share/doc/gawk/examples/lib/getopt.awk", "/usr/share/doc/gawk/examples/lib/gettime.awk", "/usr/share/doc/gawk/examples/lib/grcat.c", "/usr/share/doc/gawk/examples/lib/groupawk.in", "/usr/share/doc/gawk/examples/lib/have_mpfr.awk", "/usr/share/doc/gawk/examples/lib/inplace.awk", "/usr/share/doc/gawk/examples/lib/intdiv0.awk", "/usr/share/doc/gawk/examples/lib/join.awk", "/usr/share/doc/gawk/examples/lib/libintl.awk", "/usr/share/doc/gawk/examples/lib/noassign.awk", "/usr/share/doc/gawk/examples/lib/ns_passwd.awk", "/usr/share/doc/gawk/examples/lib/ord.awk", "/usr/share/doc/gawk/examples/lib/passwdawk.in", "/usr/share/doc/gawk/examples/lib/processarray.awk", "/usr/share/doc/gawk/examples/lib/pwcat.c", "/usr/share/doc/gawk/examples/lib/quicksort.awk", "/usr/share/doc/gawk/examples/lib/readable.awk", "/usr/share/doc/gawk/examples/lib/readfile.awk", "/usr/share/doc/gawk/examples/lib/rewind.awk", "/usr/share/doc/gawk/examples/lib/round.awk", "/usr/share/doc/gawk/examples/lib/shellquote.awk", "/usr/share/doc/gawk/examples/lib/strtonum.awk", "/usr/share/doc/gawk/examples/lib/walkarray.awk", "/usr/share/doc/gawk/examples/lib/zerofile.awk", "/usr/share/doc/gawk/examples/misc/addresses.csv", "/usr/share/doc/gawk/examples/misc/arraymax.awk", "/usr/share/doc/gawk/examples/misc/arraymax.data", "/usr/share/doc/gawk/examples/misc/findpat.awk", "/usr/share/doc/gawk/examples/misc/findpat.data", "/usr/share/doc/gawk/examples/misc/simple-csv.awk", "/usr/share/doc/gawk/examples/network/PostAgent.sh", "/usr/share/doc/gawk/examples/network/coreserv.awk", "/usr/share/doc/gawk/examples/network/eliza.awk", "/usr/share/doc/gawk/examples/network/fingerclient.awk", "/usr/share/doc/gawk/examples/network/geturl.awk", "/usr/share/doc/gawk/examples/network/hello-serv.awk", "/usr/share/doc/gawk/examples/network/maze.awk", "/usr/share/doc/gawk/examples/network/mobag.awk", "/usr/share/doc/gawk/examples/network/panic.awk", "/usr/share/doc/gawk/examples/network/protbase.awk", "/usr/share/doc/gawk/examples/network/protbase.request", "/usr/share/doc/gawk/examples/network/protbase.result", "/usr/share/doc/gawk/examples/network/remconf.awk", "/usr/share/doc/gawk/examples/network/statist.awk", "/usr/share/doc/gawk/examples/network/stoxdata.txt", "/usr/share/doc/gawk/examples/network/stoxpred.awk", "/usr/share/doc/gawk/examples/network/testserv.awk", "/usr/share/doc/gawk/examples/network/urlchk.awk", "/usr/share/doc/gawk/examples/network/webgrab.awk", "/usr/share/doc/gawk/examples/prog/alarm.awk", "/usr/share/doc/gawk/examples/prog/anagram.awk", "/usr/share/doc/gawk/examples/prog/awksed.awk", "/usr/share/doc/gawk/examples/prog/cut.awk", "/usr/share/doc/gawk/examples/prog/dupword.awk", "/usr/share/doc/gawk/examples/prog/egrep.awk", "/usr/share/doc/gawk/examples/prog/extract.awk", "/usr/share/doc/gawk/examples/prog/guide.awk", "/usr/share/doc/gawk/examples/prog/histsort.awk", "/usr/share/doc/gawk/examples/prog/id.awk", "/usr/share/doc/gawk/examples/prog/igawk.sh", "/usr/share/doc/gawk/examples/prog/indirectcall.awk", "/usr/share/doc/gawk/examples/prog/labels.awk", "/usr/share/doc/gawk/examples/prog/pi.awk", "/usr/share/doc/gawk/examples/prog/split.awk", "/usr/share/doc/gawk/examples/prog/tee.awk", "/usr/share/doc/gawk/examples/prog/testbits.awk", "/usr/share/doc/gawk/examples/prog/translate.awk", "/usr/share/doc/gawk/examples/prog/uniq.awk", "/usr/share/doc/gawk/examples/prog/wc.awk", "/usr/share/doc/gawk/examples/prog/wordfreq.awk", "/usr/share/man/man1/gawk.1.gz", "/usr/share/man/man3/filefuncs.3am.gz", "/usr/share/man/man3/fnmatch.3am.gz", "/usr/share/man/man3/fork.3am.gz", "/usr/share/man/man3/inplace.3am.gz", "/usr/share/man/man3/ordchr.3am.gz", "/usr/share/man/man3/readdir.3am.gz", "/usr/share/man/man3/readfile.3am.gz", "/usr/share/man/man3/revoutput.3am.gz", "/usr/share/man/man3/revtwoway.3am.gz", "/usr/share/man/man3/rwarray.3am.gz", "/usr/share/man/man3/time.3am.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "gcc-10-base@10.3.0-1ubuntu1~20.04", "Name": "gcc-10-base", "Identifier": { "PURL": "pkg:deb/ubuntu/gcc-10-base@10.3.0-1ubuntu1~20.04?arch=amd64\u0026distro=ubuntu-20.04", "UID": "df235c8a65403143" }, "Version": "10.3.0", "Release": "1ubuntu1~20.04", "Arch": "amd64", "SrcName": "gcc-10", "SrcVersion": "10.3.0", "SrcRelease": "1ubuntu1~20.04", "Licenses": [ "GPL-2.0-or-later", "GPL-3.0-only", "GFDL-1.2-only", "GPL-2.0-only", "Artistic-2.0", "LGPL-2.0-or-later" ], "Maintainer": "Ubuntu Core developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/share/doc/gcc-10-base/README.Debian.amd64.gz", "/usr/share/doc/gcc-10-base/TODO.Debian", "/usr/share/doc/gcc-10-base/changelog.Debian.gz", "/usr/share/doc/gcc-10-base/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "gpg@2.2.19-3ubuntu2.2", "Name": "gpg", "Identifier": { "PURL": "pkg:deb/ubuntu/gpg@2.2.19-3ubuntu2.2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "c3f3b0f55f5d5301" }, "Version": "2.2.19", "Release": "3ubuntu2.2", "Arch": "amd64", "SrcName": "gnupg2", "SrcVersion": "2.2.19", "SrcRelease": "3ubuntu2.2", "Licenses": [ "GPL-3.0-or-later", "permissive", "LGPL-2.1-or-later", "MIT", "BSD-3-Clause", "LGPL-3.0-or-later", "RFC-Reference", "TinySCHEME", "CC0-1.0", "GPL-3.0-only", "LGPL-3.0-only", "LGPL-2.1-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "gpgconf@2.2.19-3ubuntu2.2", "libassuan0@2.5.3-7ubuntu2", "libbz2-1.0@1.0.8-2", "libc6@2.31-0ubuntu9.9", "libgcrypt20@1.8.5-5ubuntu1.1", "libgpg-error0@1.37-1", "libreadline8@8.0-4", "libsqlite3-0@3.31.1-4ubuntu0.5", "zlib1g@1:1.2.11.dfsg-2ubuntu1.5" ], "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "InstalledFiles": [ "/usr/bin/gpg", "/usr/share/doc/gpg/copyright", "/usr/share/man/man1/gpg.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "gpgconf@2.2.19-3ubuntu2.2", "Name": "gpgconf", "Identifier": { "PURL": "pkg:deb/ubuntu/gpgconf@2.2.19-3ubuntu2.2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "fc417bd7bd03106c" }, "Version": "2.2.19", "Release": "3ubuntu2.2", "Arch": "amd64", "SrcName": "gnupg2", "SrcVersion": "2.2.19", "SrcRelease": "3ubuntu2.2", "Licenses": [ "GPL-3.0-or-later", "permissive", "LGPL-2.1-or-later", "MIT", "BSD-3-Clause", "LGPL-3.0-or-later", "RFC-Reference", "TinySCHEME", "CC0-1.0", "GPL-3.0-only", "LGPL-3.0-only", "LGPL-2.1-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libassuan0@2.5.3-7ubuntu2", "libc6@2.31-0ubuntu9.9", "libgcrypt20@1.8.5-5ubuntu1.1", "libgpg-error0@1.37-1", "libreadline8@8.0-4" ], "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "InstalledFiles": [ "/usr/bin/gpg-connect-agent", "/usr/bin/gpgconf", "/usr/share/doc/gpgconf/NEWS.Debian.gz", "/usr/share/doc/gpgconf/changelog.Debian.gz", "/usr/share/doc/gpgconf/copyright", "/usr/share/doc/gpgconf/examples/gpgconf.conf", "/usr/share/gnupg/distsigkey.gpg", "/usr/share/man/man1/gpg-connect-agent.1.gz", "/usr/share/man/man1/gpgconf.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "gpgv@2.2.19-3ubuntu2.2", "Name": "gpgv", "Identifier": { "PURL": "pkg:deb/ubuntu/gpgv@2.2.19-3ubuntu2.2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "94c47271b8f35208" }, "Version": "2.2.19", "Release": "3ubuntu2.2", "Arch": "amd64", "SrcName": "gnupg2", "SrcVersion": "2.2.19", "SrcRelease": "3ubuntu2.2", "Licenses": [ "GPL-3.0-or-later", "permissive", "LGPL-2.1-or-later", "MIT", "BSD-3-Clause", "LGPL-3.0-or-later", "RFC-Reference", "TinySCHEME", "CC0-1.0", "GPL-3.0-only", "LGPL-3.0-only", "LGPL-2.1-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libbz2-1.0@1.0.8-2", "libc6@2.31-0ubuntu9.9", "libgcrypt20@1.8.5-5ubuntu1.1", "libgpg-error0@1.37-1", "zlib1g@1:1.2.11.dfsg-2ubuntu1.5" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/bin/gpgv", "/usr/share/doc/gpgv/NEWS.Debian.gz", "/usr/share/doc/gpgv/changelog.Debian.gz", "/usr/share/doc/gpgv/copyright", "/usr/share/man/man1/gpgv.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "grep@3.4-1", "Name": "grep", "Identifier": { "PURL": "pkg:deb/ubuntu/grep@3.4-1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "7a64eb88e96b3c53" }, "Version": "3.4", "Release": "1", "Arch": "amd64", "SrcName": "grep", "SrcVersion": "3.4", "SrcRelease": "1", "Licenses": [ "GPL-3.0-or-later", "GPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "dpkg@1.19.7ubuntu3.2" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/bin/egrep", "/bin/fgrep", "/bin/grep", "/usr/bin/rgrep", "/usr/share/doc/grep/AUTHORS", "/usr/share/doc/grep/NEWS.gz", "/usr/share/doc/grep/README", "/usr/share/doc/grep/THANKS.gz", "/usr/share/doc/grep/TODO.gz", "/usr/share/doc/grep/changelog.Debian.gz", "/usr/share/doc/grep/copyright", "/usr/share/info/grep.info.gz", "/usr/share/man/man1/grep.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "gzip@1.10-0ubuntu4.1", "Name": "gzip", "Identifier": { "PURL": "pkg:deb/ubuntu/gzip@1.10-0ubuntu4.1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "e900beb6c8058551" }, "Version": "1.10", "Release": "0ubuntu4.1", "Arch": "amd64", "SrcName": "gzip", "SrcVersion": "1.10", "SrcRelease": "0ubuntu4.1", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "dpkg@1.19.7ubuntu3.2" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/bin/gunzip", "/bin/gzexe", "/bin/gzip", "/bin/uncompress", "/bin/zcat", "/bin/zcmp", "/bin/zdiff", "/bin/zegrep", "/bin/zfgrep", "/bin/zforce", "/bin/zgrep", "/bin/zless", "/bin/zmore", "/bin/znew", "/usr/share/doc/gzip/NEWS.gz", "/usr/share/doc/gzip/README.gz", "/usr/share/doc/gzip/TODO", "/usr/share/doc/gzip/changelog.Debian.gz", "/usr/share/doc/gzip/copyright", "/usr/share/info/gzip.info.gz", "/usr/share/man/man1/gzexe.1.gz", "/usr/share/man/man1/gzip.1.gz", "/usr/share/man/man1/zdiff.1.gz", "/usr/share/man/man1/zforce.1.gz", "/usr/share/man/man1/zgrep.1.gz", "/usr/share/man/man1/zless.1.gz", "/usr/share/man/man1/zmore.1.gz", "/usr/share/man/man1/znew.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "hostname@3.23", "Name": "hostname", "Identifier": { "PURL": "pkg:deb/ubuntu/hostname@3.23?arch=amd64\u0026distro=ubuntu-20.04", "UID": "293246be199a9132" }, "Version": "3.23", "Arch": "amd64", "SrcName": "hostname", "SrcVersion": "3.23", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/bin/hostname", "/usr/share/doc/hostname/changelog.gz", "/usr/share/doc/hostname/copyright", "/usr/share/man/man1/hostname.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "init-system-helpers@1.57", "Name": "init-system-helpers", "Identifier": { "PURL": "pkg:deb/ubuntu/init-system-helpers@1.57?arch=all\u0026distro=ubuntu-20.04", "UID": "f62a7ab2bd759edf" }, "Version": "1.57", "Arch": "all", "SrcName": "init-system-helpers", "SrcVersion": "1.57", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "perl-base@5.30.0-9ubuntu0.3" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/bin/deb-systemd-helper", "/usr/bin/deb-systemd-invoke", "/usr/sbin/invoke-rc.d", "/usr/sbin/service", "/usr/sbin/update-rc.d", "/usr/share/bug/init-system-helpers/control", "/usr/share/doc/init-system-helpers/README.invoke-rc.d.gz", "/usr/share/doc/init-system-helpers/README.policy-rc.d.gz", "/usr/share/doc/init-system-helpers/changelog.gz", "/usr/share/doc/init-system-helpers/copyright", "/usr/share/lintian/overrides/init-system-helpers", "/usr/share/man/man1/deb-systemd-helper.1p.gz", "/usr/share/man/man1/deb-systemd-invoke.1p.gz", "/usr/share/man/man8/invoke-rc.d.8.gz", "/usr/share/man/man8/service.8.gz", "/usr/share/man/man8/update-rc.d.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "iproute2@5.5.0-1ubuntu1", "Name": "iproute2", "Identifier": { "PURL": "pkg:deb/ubuntu/iproute2@5.5.0-1ubuntu1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "8bf7bfdbafc1af2e" }, "Version": "5.5.0", "Release": "1ubuntu1", "Arch": "amd64", "SrcName": "iproute2", "SrcVersion": "5.5.0", "SrcRelease": "1ubuntu1", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debconf@1.5.73", "libbsd0@0.10.0-1", "libc6@2.31-0ubuntu9.9", "libcap2-bin@1:2.32-1", "libcap2@1:2.32-1", "libdb5.3@5.3.28+dfsg1-0.6ubuntu2", "libelf1@0.176-1.1build1", "libmnl0@1.0.4-2", "libselinux1@3.0-1build2", "libxtables12@1.8.4-3ubuntu2" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/bin/ip", "/bin/ss", "/sbin/bridge", "/sbin/devlink", "/sbin/rtacct", "/sbin/rtmon", "/sbin/tc", "/sbin/tipc", "/usr/bin/lnstat", "/usr/bin/nstat", "/usr/bin/rdma", "/usr/bin/routef", "/usr/bin/routel", "/usr/include/iproute2/bpf_elf.h", "/usr/lib/tc/experimental.dist", "/usr/lib/tc/m_xt.so", "/usr/lib/tc/normal.dist", "/usr/lib/tc/pareto.dist", "/usr/lib/tc/paretonormal.dist", "/usr/lib/tc/q_atm.so", "/usr/sbin/arpd", "/usr/sbin/genl", "/usr/share/bash-completion/completions/tc", "/usr/share/doc/iproute2/README.Debian", "/usr/share/doc/iproute2/changelog.Debian.gz", "/usr/share/doc/iproute2/copyright", "/usr/share/man/man3/libnetlink.3.gz", "/usr/share/man/man7/tc-hfsc.7.gz", "/usr/share/man/man8/arpd.8.gz", "/usr/share/man/man8/bridge.8.gz", "/usr/share/man/man8/devlink-dev.8.gz", "/usr/share/man/man8/devlink-health.8.gz", "/usr/share/man/man8/devlink-monitor.8.gz", "/usr/share/man/man8/devlink-port.8.gz", "/usr/share/man/man8/devlink-region.8.gz", "/usr/share/man/man8/devlink-resource.8.gz", "/usr/share/man/man8/devlink-sb.8.gz", "/usr/share/man/man8/devlink-trap.8.gz", "/usr/share/man/man8/devlink.8.gz", "/usr/share/man/man8/genl.8.gz", "/usr/share/man/man8/ifcfg.8.gz", "/usr/share/man/man8/ip-address.8.gz", "/usr/share/man/man8/ip-addrlabel.8.gz", "/usr/share/man/man8/ip-fou.8.gz", "/usr/share/man/man8/ip-l2tp.8.gz", "/usr/share/man/man8/ip-link.8.gz", "/usr/share/man/man8/ip-macsec.8.gz", "/usr/share/man/man8/ip-maddress.8.gz", "/usr/share/man/man8/ip-monitor.8.gz", "/usr/share/man/man8/ip-mroute.8.gz", "/usr/share/man/man8/ip-neighbour.8.gz", "/usr/share/man/man8/ip-netconf.8.gz", "/usr/share/man/man8/ip-netns.8.gz", "/usr/share/man/man8/ip-nexthop.8.gz", "/usr/share/man/man8/ip-ntable.8.gz", "/usr/share/man/man8/ip-route.8.gz", "/usr/share/man/man8/ip-rule.8.gz", "/usr/share/man/man8/ip-sr.8.gz", "/usr/share/man/man8/ip-tcp_metrics.8.gz", "/usr/share/man/man8/ip-token.8.gz", "/usr/share/man/man8/ip-tunnel.8.gz", "/usr/share/man/man8/ip-vrf.8.gz", "/usr/share/man/man8/ip-xfrm.8.gz", "/usr/share/man/man8/ip.8.gz", "/usr/share/man/man8/lnstat.8.gz", "/usr/share/man/man8/rdma-dev.8.gz", "/usr/share/man/man8/rdma-link.8.gz", "/usr/share/man/man8/rdma-resource.8.gz", "/usr/share/man/man8/rdma-statistic.8.gz", "/usr/share/man/man8/rdma-system.8.gz", "/usr/share/man/man8/rdma.8.gz", "/usr/share/man/man8/routel.8.gz", "/usr/share/man/man8/rtacct.8.gz", "/usr/share/man/man8/rtmon.8.gz", "/usr/share/man/man8/rtpr.8.gz", "/usr/share/man/man8/ss.8.gz", "/usr/share/man/man8/tc-actions.8.gz", "/usr/share/man/man8/tc-basic.8.gz", "/usr/share/man/man8/tc-bfifo.8.gz", "/usr/share/man/man8/tc-bpf.8.gz", "/usr/share/man/man8/tc-cake.8.gz", "/usr/share/man/man8/tc-cbq-details.8.gz", "/usr/share/man/man8/tc-cbq.8.gz", "/usr/share/man/man8/tc-cbs.8.gz", "/usr/share/man/man8/tc-cgroup.8.gz", "/usr/share/man/man8/tc-choke.8.gz", "/usr/share/man/man8/tc-codel.8.gz", "/usr/share/man/man8/tc-connmark.8.gz", "/usr/share/man/man8/tc-csum.8.gz", "/usr/share/man/man8/tc-ctinfo.8.gz", "/usr/share/man/man8/tc-drr.8.gz", "/usr/share/man/man8/tc-ematch.8.gz", "/usr/share/man/man8/tc-etf.8.gz", "/usr/share/man/man8/tc-flow.8.gz", "/usr/share/man/man8/tc-flower.8.gz", "/usr/share/man/man8/tc-fq.8.gz", "/usr/share/man/man8/tc-fq_codel.8.gz", "/usr/share/man/man8/tc-fw.8.gz", "/usr/share/man/man8/tc-hfsc.8.gz", "/usr/share/man/man8/tc-htb.8.gz", "/usr/share/man/man8/tc-ife.8.gz", "/usr/share/man/man8/tc-matchall.8.gz", "/usr/share/man/man8/tc-mirred.8.gz", "/usr/share/man/man8/tc-mpls.8.gz", "/usr/share/man/man8/tc-mqprio.8.gz", "/usr/share/man/man8/tc-nat.8.gz", "/usr/share/man/man8/tc-netem.8.gz", "/usr/share/man/man8/tc-pedit.8.gz", "/usr/share/man/man8/tc-pfifo_fast.8.gz", "/usr/share/man/man8/tc-pie.8.gz", "/usr/share/man/man8/tc-police.8.gz", "/usr/share/man/man8/tc-prio.8.gz", "/usr/share/man/man8/tc-red.8.gz", "/usr/share/man/man8/tc-route.8.gz", "/usr/share/man/man8/tc-sample.8.gz", "/usr/share/man/man8/tc-sfb.8.gz", "/usr/share/man/man8/tc-sfq.8.gz", "/usr/share/man/man8/tc-simple.8.gz", "/usr/share/man/man8/tc-skbedit.8.gz", "/usr/share/man/man8/tc-skbmod.8.gz", "/usr/share/man/man8/tc-skbprio.8.gz", "/usr/share/man/man8/tc-stab.8.gz", "/usr/share/man/man8/tc-taprio.8.gz", "/usr/share/man/man8/tc-tbf.8.gz", "/usr/share/man/man8/tc-tcindex.8.gz", "/usr/share/man/man8/tc-tunnel_key.8.gz", "/usr/share/man/man8/tc-u32.8.gz", "/usr/share/man/man8/tc-vlan.8.gz", "/usr/share/man/man8/tc-xt.8.gz", "/usr/share/man/man8/tc.8.gz", "/usr/share/man/man8/tipc-bearer.8.gz", "/usr/share/man/man8/tipc-link.8.gz", "/usr/share/man/man8/tipc-media.8.gz", "/usr/share/man/man8/tipc-nametable.8.gz", "/usr/share/man/man8/tipc-node.8.gz", "/usr/share/man/man8/tipc-peer.8.gz", "/usr/share/man/man8/tipc-socket.8.gz", "/usr/share/man/man8/tipc.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "libacl1@2.2.53-6", "Name": "libacl1", "Identifier": { "PURL": "pkg:deb/ubuntu/libacl1@2.2.53-6?arch=amd64\u0026distro=ubuntu-20.04", "UID": "ec9a773bcdb37f83" }, "Version": "2.2.53", "Release": "6", "Arch": "amd64", "SrcName": "acl", "SrcVersion": "2.2.53", "SrcRelease": "6", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "LGPL-2.0-or-later", "LGPL-2.1-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libacl.so.1.1.2253", "/usr/share/doc/libacl1/changelog.Debian.gz", "/usr/share/doc/libacl1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libaio1@0.3.112-5", "Name": "libaio1", "Identifier": { "PURL": "pkg:deb/ubuntu/libaio1@0.3.112-5?arch=amd64\u0026distro=ubuntu-20.04", "UID": "fbe69978497c82ad" }, "Version": "0.3.112", "Release": "5", "Arch": "amd64", "SrcName": "libaio", "SrcVersion": "0.3.112", "SrcRelease": "5", "Licenses": [ "LGPL-2.1-or-later", "LGPL-2.1-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libaio.so.1.0.1", "/usr/share/doc/libaio1/changelog.Debian.gz", "/usr/share/doc/libaio1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libapt-pkg6.0@2.0.9", "Name": "libapt-pkg6.0", "Identifier": { "PURL": "pkg:deb/ubuntu/libapt-pkg6.0@2.0.9?arch=amd64\u0026distro=ubuntu-20.04", "UID": "dbbcdbf32458636f" }, "Version": "2.0.9", "Arch": "amd64", "SrcName": "apt", "SrcVersion": "2.0.9", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libbz2-1.0@1.0.8-2", "libc6@2.31-0ubuntu9.9", "libgcc-s1@10.3.0-1ubuntu1~20.04", "libgcrypt20@1.8.5-5ubuntu1.1", "liblz4-1@1.9.2-2ubuntu0.20.04.1", "liblzma5@5.2.4-1ubuntu1.1", "libstdc++6@10.3.0-1ubuntu1~20.04", "libsystemd0@245.4-4ubuntu3.21", "libudev1@245.4-4ubuntu3.21", "libzstd1@1.4.4+dfsg-3ubuntu0.1", "zlib1g@1:1.2.11.dfsg-2ubuntu1.5" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libapt-pkg.so.6.0.0", "/usr/share/doc/libapt-pkg6.0/NEWS.Debian.gz", "/usr/share/doc/libapt-pkg6.0/changelog.gz", "/usr/share/doc/libapt-pkg6.0/copyright", "/usr/share/locale/ar/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/ast/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/bg/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/bs/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/ca/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/cs/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/cy/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/da/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/de/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/dz/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/el/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/es/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/eu/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/fi/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/fr/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/gl/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/hu/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/it/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/ja/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/km/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/ko/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/ku/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/lt/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/mr/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/nb/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/ne/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/nl/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/nn/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/pl/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/pt/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/ro/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/ru/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/sk/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/sl/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/sv/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/th/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/tl/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/tr/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/uk/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/vi/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/libapt-pkg6.0.mo" ], "AnalyzedBy": "dpkg" }, { "ID": "libassuan0@2.5.3-7ubuntu2", "Name": "libassuan0", "Identifier": { "PURL": "pkg:deb/ubuntu/libassuan0@2.5.3-7ubuntu2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "c29dfbde852c14ee" }, "Version": "2.5.3", "Release": "7ubuntu2", "Arch": "amd64", "SrcName": "libassuan", "SrcVersion": "2.5.3", "SrcRelease": "7ubuntu2", "Licenses": [ "LGPL-2.1-or-later", "GAP~FSF", "LGPL-3.0-or-later", "LGPL-3.0-only", "GPL-2+ with libtool exception", "GPL-2.0-only", "GPL-3.0-or-later", "GPL-3.0-only", "GAP", "GPL-2.0-or-later", "LGPL-2.1-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libgpg-error0@1.37-1" ], "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libassuan.so.0.8.3", "/usr/share/doc/libassuan0/changelog.Debian.gz", "/usr/share/doc/libassuan0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libattr1@1:2.4.48-5", "Name": "libattr1", "Identifier": { "PURL": "pkg:deb/ubuntu/libattr1@2.4.48-5?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "9898a89fadd05f28" }, "Version": "2.4.48", "Release": "5", "Epoch": 1, "Arch": "amd64", "SrcName": "attr", "SrcVersion": "2.4.48", "SrcRelease": "5", "SrcEpoch": 1, "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "LGPL-2.0-or-later", "LGPL-2.1-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libattr.so.1.1.2448", "/usr/share/doc/libattr1/changelog.Debian.gz", "/usr/share/doc/libattr1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libaudit-common@1:2.8.5-2ubuntu6", "Name": "libaudit-common", "Identifier": { "PURL": "pkg:deb/ubuntu/libaudit-common@2.8.5-2ubuntu6?arch=all\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "f4ed5d0e78145801" }, "Version": "2.8.5", "Release": "2ubuntu6", "Epoch": 1, "Arch": "all", "SrcName": "audit", "SrcVersion": "2.8.5", "SrcRelease": "2ubuntu6", "SrcEpoch": 1, "Licenses": [ "GPL-2.0-only", "LGPL-2.1-only", "GPL-1.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/share/doc/libaudit-common/changelog.Debian.gz", "/usr/share/doc/libaudit-common/copyright", "/usr/share/man/man5/libaudit.conf.5.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "libaudit1@1:2.8.5-2ubuntu6", "Name": "libaudit1", "Identifier": { "PURL": "pkg:deb/ubuntu/libaudit1@2.8.5-2ubuntu6?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "cf583359012b0cc0" }, "Version": "2.8.5", "Release": "2ubuntu6", "Epoch": 1, "Arch": "amd64", "SrcName": "audit", "SrcVersion": "2.8.5", "SrcRelease": "2ubuntu6", "SrcEpoch": 1, "Licenses": [ "GPL-2.0-only", "LGPL-2.1-only", "GPL-1.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libaudit-common@1:2.8.5-2ubuntu6", "libc6@2.31-0ubuntu9.9", "libcap-ng0@0.7.9-2.1build1" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libaudit.so.1.0.0", "/usr/share/doc/libaudit1/changelog.Debian.gz", "/usr/share/doc/libaudit1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libblkid1@2.34-0.1ubuntu9.3", "Name": "libblkid1", "Identifier": { "PURL": "pkg:deb/ubuntu/libblkid1@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "97537d4ff7af8af0" }, "Version": "2.34", "Release": "0.1ubuntu9.3", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.34", "SrcRelease": "0.1ubuntu9.3", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "public-domain", "BSD-4-Clause", "MIT", "BSD-2-Clause", "BSD-3-Clause", "LGPL-2.0-or-later", "LGPL-2.1-or-later", "GPL-3.0-or-later", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libblkid.so.1.1.0", "/usr/share/doc/libblkid1/changelog.Debian.gz", "/usr/share/doc/libblkid1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libbsd0@0.10.0-1", "Name": "libbsd0", "Identifier": { "PURL": "pkg:deb/ubuntu/libbsd0@0.10.0-1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "a3df79191315c8dc" }, "Version": "0.10.0", "Release": "1", "Arch": "amd64", "SrcName": "libbsd", "SrcVersion": "0.10.0", "SrcRelease": "1", "Licenses": [ "BSD-3-Clause", "BSD-4-clause-Niels-Provos", "BSD-4-clause-Christopher-G-Demetriou", "BSD-3-clause-Regents", "BSD-2-Clause-NetBSD", "BSD-3-clause-author", "BSD-3-clause-John-Birrell", "BSD-5-clause-Peter-Wemm", "BSD-2-Clause", "BSD-2-clause-verbatim", "BSD-2-clause-author", "ISC", "ISC-Original", "MIT", "public-domain-Colin-Plumb", "public-domain", "Beerware" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libbsd.so.0.10.0", "/usr/share/doc/libbsd0/changelog.Debian.gz", "/usr/share/doc/libbsd0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libbz2-1.0@1.0.8-2", "Name": "libbz2-1.0", "Identifier": { "PURL": "pkg:deb/ubuntu/libbz2-1.0@1.0.8-2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "25645d614e464d4" }, "Version": "1.0.8", "Release": "2", "Arch": "amd64", "SrcName": "bzip2", "SrcVersion": "1.0.8", "SrcRelease": "2", "Licenses": [ "BSD-3-Clause", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libbz2.so.1.0.4", "/usr/share/doc/libbz2-1.0/changelog.Debian.gz", "/usr/share/doc/libbz2-1.0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libc-bin@2.31-0ubuntu9.9", "Name": "libc-bin", "Identifier": { "PURL": "pkg:deb/ubuntu/libc-bin@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", "UID": "e0f705ec068d1f26" }, "Version": "2.31", "Release": "0ubuntu9.9", "Arch": "amd64", "SrcName": "glibc", "SrcVersion": "2.31", "SrcRelease": "0ubuntu9.9", "Licenses": [ "LGPL-2.1-only", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/sbin/ldconfig", "/sbin/ldconfig.real", "/usr/bin/catchsegv", "/usr/bin/getconf", "/usr/bin/getent", "/usr/bin/iconv", "/usr/bin/ldd", "/usr/bin/locale", "/usr/bin/localedef", "/usr/bin/pldd", "/usr/bin/tzselect", "/usr/bin/zdump", "/usr/lib/locale/C.UTF-8/LC_ADDRESS", "/usr/lib/locale/C.UTF-8/LC_COLLATE", "/usr/lib/locale/C.UTF-8/LC_CTYPE", "/usr/lib/locale/C.UTF-8/LC_IDENTIFICATION", "/usr/lib/locale/C.UTF-8/LC_MEASUREMENT", "/usr/lib/locale/C.UTF-8/LC_MESSAGES/SYS_LC_MESSAGES", "/usr/lib/locale/C.UTF-8/LC_MONETARY", "/usr/lib/locale/C.UTF-8/LC_NAME", "/usr/lib/locale/C.UTF-8/LC_NUMERIC", "/usr/lib/locale/C.UTF-8/LC_PAPER", "/usr/lib/locale/C.UTF-8/LC_TELEPHONE", "/usr/lib/locale/C.UTF-8/LC_TIME", "/usr/sbin/iconvconfig", "/usr/sbin/zic", "/usr/share/doc/libc-bin/copyright", "/usr/share/libc-bin/nsswitch.conf", "/usr/share/lintian/overrides/libc-bin", "/usr/share/man/man1/catchsegv.1.gz", "/usr/share/man/man1/getconf.1.gz", "/usr/share/man/man1/tzselect.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "libc6@2.31-0ubuntu9.9", "Name": "libc6", "Identifier": { "PURL": "pkg:deb/ubuntu/libc6@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", "UID": "6938ab7eef7e556c" }, "Version": "2.31", "Release": "0ubuntu9.9", "Arch": "amd64", "SrcName": "glibc", "SrcVersion": "2.31", "SrcRelease": "0ubuntu9.9", "Licenses": [ "LGPL-2.1-only", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libcrypt1@1:4.4.10-10ubuntu4", "libgcc-s1@10.3.0-1ubuntu1~20.04" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/ld-2.31.so", "/lib/x86_64-linux-gnu/libBrokenLocale-2.31.so", "/lib/x86_64-linux-gnu/libSegFault.so", "/lib/x86_64-linux-gnu/libanl-2.31.so", "/lib/x86_64-linux-gnu/libc-2.31.so", "/lib/x86_64-linux-gnu/libdl-2.31.so", "/lib/x86_64-linux-gnu/libm-2.31.so", "/lib/x86_64-linux-gnu/libmemusage.so", "/lib/x86_64-linux-gnu/libmvec-2.31.so", "/lib/x86_64-linux-gnu/libnsl-2.31.so", "/lib/x86_64-linux-gnu/libnss_compat-2.31.so", "/lib/x86_64-linux-gnu/libnss_dns-2.31.so", "/lib/x86_64-linux-gnu/libnss_files-2.31.so", "/lib/x86_64-linux-gnu/libnss_hesiod-2.31.so", "/lib/x86_64-linux-gnu/libnss_nis-2.31.so", "/lib/x86_64-linux-gnu/libnss_nisplus-2.31.so", "/lib/x86_64-linux-gnu/libpcprofile.so", "/lib/x86_64-linux-gnu/libpthread-2.31.so", "/lib/x86_64-linux-gnu/libresolv-2.31.so", "/lib/x86_64-linux-gnu/librt-2.31.so", "/lib/x86_64-linux-gnu/libthread_db-1.0.so", "/lib/x86_64-linux-gnu/libutil-2.31.so", "/usr/lib/x86_64-linux-gnu/audit/sotruss-lib.so", "/usr/lib/x86_64-linux-gnu/gconv/ANSI_X3.110.so", "/usr/lib/x86_64-linux-gnu/gconv/ARMSCII-8.so", "/usr/lib/x86_64-linux-gnu/gconv/ASMO_449.so", "/usr/lib/x86_64-linux-gnu/gconv/BIG5.so", "/usr/lib/x86_64-linux-gnu/gconv/BIG5HKSCS.so", "/usr/lib/x86_64-linux-gnu/gconv/BRF.so", "/usr/lib/x86_64-linux-gnu/gconv/CP10007.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1125.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1250.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1251.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1252.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1253.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1254.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1255.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1256.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1257.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1258.so", "/usr/lib/x86_64-linux-gnu/gconv/CP737.so", "/usr/lib/x86_64-linux-gnu/gconv/CP770.so", "/usr/lib/x86_64-linux-gnu/gconv/CP771.so", "/usr/lib/x86_64-linux-gnu/gconv/CP772.so", "/usr/lib/x86_64-linux-gnu/gconv/CP773.so", "/usr/lib/x86_64-linux-gnu/gconv/CP774.so", "/usr/lib/x86_64-linux-gnu/gconv/CP775.so", "/usr/lib/x86_64-linux-gnu/gconv/CP932.so", "/usr/lib/x86_64-linux-gnu/gconv/CSN_369103.so", "/usr/lib/x86_64-linux-gnu/gconv/CWI.so", "/usr/lib/x86_64-linux-gnu/gconv/DEC-MCS.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-AT-DE-A.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-AT-DE.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-CA-FR.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-DK-NO-A.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-DK-NO.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES-A.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES-S.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FI-SE-A.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FI-SE.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FR.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-IS-FRISS.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-IT.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-PT.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-UK.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-US.so", "/usr/lib/x86_64-linux-gnu/gconv/ECMA-CYRILLIC.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-CN.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-JISX0213.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-JP-MS.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-JP.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-KR.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-TW.so", "/usr/lib/x86_64-linux-gnu/gconv/GB18030.so", "/usr/lib/x86_64-linux-gnu/gconv/GBBIG5.so", "/usr/lib/x86_64-linux-gnu/gconv/GBGBK.so", "/usr/lib/x86_64-linux-gnu/gconv/GBK.so", "/usr/lib/x86_64-linux-gnu/gconv/GEORGIAN-ACADEMY.so", "/usr/lib/x86_64-linux-gnu/gconv/GEORGIAN-PS.so", "/usr/lib/x86_64-linux-gnu/gconv/GOST_19768-74.so", "/usr/lib/x86_64-linux-gnu/gconv/GREEK-CCITT.so", "/usr/lib/x86_64-linux-gnu/gconv/GREEK7-OLD.so", "/usr/lib/x86_64-linux-gnu/gconv/GREEK7.so", "/usr/lib/x86_64-linux-gnu/gconv/HP-GREEK8.so", "/usr/lib/x86_64-linux-gnu/gconv/HP-ROMAN8.so", "/usr/lib/x86_64-linux-gnu/gconv/HP-ROMAN9.so", "/usr/lib/x86_64-linux-gnu/gconv/HP-THAI8.so", "/usr/lib/x86_64-linux-gnu/gconv/HP-TURKISH8.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM037.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM038.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1004.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1008.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1008_420.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1025.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1026.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1046.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1047.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1097.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1112.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1122.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1123.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1124.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1129.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1130.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1132.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1133.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1137.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1140.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1141.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1142.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1143.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1144.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1145.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1146.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1147.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1148.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1149.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1153.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1154.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1155.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1156.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1157.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1158.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1160.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1161.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1162.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1163.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1164.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1166.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1167.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM12712.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1364.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1371.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1388.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1390.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1399.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM16804.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM256.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM273.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM274.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM275.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM277.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM278.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM280.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM281.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM284.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM285.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM290.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM297.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM420.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM423.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM424.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM437.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM4517.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM4899.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM4909.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM4971.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM500.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM5347.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM803.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM850.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM851.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM852.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM855.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM856.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM857.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM858.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM860.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM861.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM862.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM863.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM864.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM865.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM866.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM866NAV.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM868.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM869.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM870.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM871.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM874.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM875.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM880.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM891.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM901.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM902.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM903.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM9030.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM904.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM905.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM9066.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM918.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM921.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM922.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM930.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM932.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM933.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM935.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM937.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM939.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM943.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM9448.so", "/usr/lib/x86_64-linux-gnu/gconv/IEC_P27-1.so", "/usr/lib/x86_64-linux-gnu/gconv/INIS-8.so", "/usr/lib/x86_64-linux-gnu/gconv/INIS-CYRILLIC.so", "/usr/lib/x86_64-linux-gnu/gconv/INIS.so", "/usr/lib/x86_64-linux-gnu/gconv/ISIRI-3342.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-CN-EXT.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-CN.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-JP-3.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-JP.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-KR.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-IR-197.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-IR-209.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO646.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-1.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-10.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-11.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-13.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-14.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-15.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-16.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-2.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-3.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-4.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-5.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-6.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-7.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-8.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-9.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-9E.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_10367-BOX.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_11548-1.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_2033.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_5427-EXT.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_5427.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_5428.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_6937-2.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_6937.so", "/usr/lib/x86_64-linux-gnu/gconv/JOHAB.so", "/usr/lib/x86_64-linux-gnu/gconv/KOI-8.so", "/usr/lib/x86_64-linux-gnu/gconv/KOI8-R.so", "/usr/lib/x86_64-linux-gnu/gconv/KOI8-RU.so", "/usr/lib/x86_64-linux-gnu/gconv/KOI8-T.so", "/usr/lib/x86_64-linux-gnu/gconv/KOI8-U.so", "/usr/lib/x86_64-linux-gnu/gconv/LATIN-GREEK-1.so", "/usr/lib/x86_64-linux-gnu/gconv/LATIN-GREEK.so", "/usr/lib/x86_64-linux-gnu/gconv/MAC-CENTRALEUROPE.so", "/usr/lib/x86_64-linux-gnu/gconv/MAC-IS.so", "/usr/lib/x86_64-linux-gnu/gconv/MAC-SAMI.so", "/usr/lib/x86_64-linux-gnu/gconv/MAC-UK.so", "/usr/lib/x86_64-linux-gnu/gconv/MACINTOSH.so", "/usr/lib/x86_64-linux-gnu/gconv/MIK.so", "/usr/lib/x86_64-linux-gnu/gconv/NATS-DANO.so", "/usr/lib/x86_64-linux-gnu/gconv/NATS-SEFI.so", "/usr/lib/x86_64-linux-gnu/gconv/PT154.so", "/usr/lib/x86_64-linux-gnu/gconv/RK1048.so", "/usr/lib/x86_64-linux-gnu/gconv/SAMI-WS2.so", "/usr/lib/x86_64-linux-gnu/gconv/SHIFT_JISX0213.so", "/usr/lib/x86_64-linux-gnu/gconv/SJIS.so", "/usr/lib/x86_64-linux-gnu/gconv/T.61.so", "/usr/lib/x86_64-linux-gnu/gconv/TCVN5712-1.so", "/usr/lib/x86_64-linux-gnu/gconv/TIS-620.so", "/usr/lib/x86_64-linux-gnu/gconv/TSCII.so", "/usr/lib/x86_64-linux-gnu/gconv/UHC.so", "/usr/lib/x86_64-linux-gnu/gconv/UNICODE.so", "/usr/lib/x86_64-linux-gnu/gconv/UTF-16.so", "/usr/lib/x86_64-linux-gnu/gconv/UTF-32.so", "/usr/lib/x86_64-linux-gnu/gconv/UTF-7.so", "/usr/lib/x86_64-linux-gnu/gconv/VISCII.so", "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules", "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache", "/usr/lib/x86_64-linux-gnu/gconv/libCNS.so", "/usr/lib/x86_64-linux-gnu/gconv/libGB.so", "/usr/lib/x86_64-linux-gnu/gconv/libISOIR165.so", "/usr/lib/x86_64-linux-gnu/gconv/libJIS.so", "/usr/lib/x86_64-linux-gnu/gconv/libJISX0213.so", "/usr/lib/x86_64-linux-gnu/gconv/libKSC.so", "/usr/share/doc/libc6/NEWS.Debian.gz", "/usr/share/doc/libc6/NEWS.gz", "/usr/share/doc/libc6/README.Debian.gz", "/usr/share/doc/libc6/README.hesiod.gz", "/usr/share/doc/libc6/changelog.Debian.gz", "/usr/share/doc/libc6/copyright", "/usr/share/lintian/overrides/libc6" ], "AnalyzedBy": "dpkg" }, { "ID": "libcap-ng0@0.7.9-2.1build1", "Name": "libcap-ng0", "Identifier": { "PURL": "pkg:deb/ubuntu/libcap-ng0@0.7.9-2.1build1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "e6957a49e8589507" }, "Version": "0.7.9", "Release": "2.1build1", "Arch": "amd64", "SrcName": "libcap-ng", "SrcVersion": "0.7.9", "SrcRelease": "2.1build1", "Licenses": [ "LGPL-2.1-only", "GPL-2.0-only", "GPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libcap-ng.so.0.0.0", "/usr/share/doc/libcap-ng0/changelog.Debian.gz", "/usr/share/doc/libcap-ng0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libcap2@1:2.32-1", "Name": "libcap2", "Identifier": { "PURL": "pkg:deb/ubuntu/libcap2@2.32-1?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "f3ac8127b4642fab" }, "Version": "2.32", "Release": "1", "Epoch": 1, "Arch": "amd64", "SrcName": "libcap2", "SrcVersion": "2.32", "SrcRelease": "1", "SrcEpoch": 1, "Licenses": [ "BSD-3-Clause", "GPL-2.0-only", "GPL-2.0-or-later" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libcap.so.2.32", "/usr/share/doc/libcap2/changelog.Debian.gz", "/usr/share/doc/libcap2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libcap2-bin@1:2.32-1", "Name": "libcap2-bin", "Identifier": { "PURL": "pkg:deb/ubuntu/libcap2-bin@2.32-1?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "e90e2456a8d78be" }, "Version": "2.32", "Release": "1", "Epoch": 1, "Arch": "amd64", "SrcName": "libcap2", "SrcVersion": "2.32", "SrcRelease": "1", "SrcEpoch": 1, "Licenses": [ "BSD-3-Clause", "GPL-2.0-only", "GPL-2.0-or-later" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libcap2@1:2.32-1" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/sbin/capsh", "/sbin/getcap", "/sbin/getpcaps", "/sbin/setcap", "/usr/share/doc/libcap2-bin/README.Debian", "/usr/share/doc/libcap2-bin/copyright", "/usr/share/lintian/overrides/libcap2-bin", "/usr/share/man/man1/capsh.1.gz", "/usr/share/man/man1/getpcaps.1.gz", "/usr/share/man/man5/capability.conf.5.gz", "/usr/share/man/man8/getcap.8.gz", "/usr/share/man/man8/getpcaps.8.gz", "/usr/share/man/man8/pam_cap.8.gz", "/usr/share/man/man8/setcap.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "libcom-err2@1.45.5-2ubuntu1.1", "Name": "libcom-err2", "Identifier": { "PURL": "pkg:deb/ubuntu/libcom-err2@1.45.5-2ubuntu1.1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "36e525f208a3e1fd" }, "Version": "1.45.5", "Release": "2ubuntu1.1", "Arch": "amd64", "SrcName": "e2fsprogs", "SrcVersion": "1.45.5", "SrcRelease": "2ubuntu1.1", "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libcom_err.so.2.1", "/usr/share/doc/libcom-err2/changelog.Debian.gz", "/usr/share/doc/libcom-err2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libconfig-inifiles-perl@3.000002-1", "Name": "libconfig-inifiles-perl", "Identifier": { "PURL": "pkg:deb/ubuntu/libconfig-inifiles-perl@3.000002-1?arch=all\u0026distro=ubuntu-20.04", "UID": "cd3bc5c431f610b3" }, "Version": "3.000002", "Release": "1", "Arch": "all", "SrcName": "libconfig-inifiles-perl", "SrcVersion": "3.000002", "SrcRelease": "1", "Licenses": [ "Artistic-2.0", "GPL-1.0-or-later", "MIT", "GPL-3.0-or-later", "GPL-1.0-only", "GPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/share/doc/libconfig-inifiles-perl/changelog.Debian.gz", "/usr/share/doc/libconfig-inifiles-perl/copyright", "/usr/share/man/man3/Config::IniFiles.3pm.gz", "/usr/share/perl5/Config/IniFiles.pm" ], "AnalyzedBy": "dpkg" }, { "ID": "libcrypt1@1:4.4.10-10ubuntu4", "Name": "libcrypt1", "Identifier": { "PURL": "pkg:deb/ubuntu/libcrypt1@4.4.10-10ubuntu4?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "e08bb2dc0672c92e" }, "Version": "4.4.10", "Release": "10ubuntu4", "Epoch": 1, "Arch": "amd64", "SrcName": "libxcrypt", "SrcVersion": "4.4.10", "SrcRelease": "10ubuntu4", "SrcEpoch": 1, "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libcrypt.so.1.1.0", "/usr/share/doc/libcrypt1/changelog.Debian.gz", "/usr/share/doc/libcrypt1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libdb5.3@5.3.28+dfsg1-0.6ubuntu2", "Name": "libdb5.3", "Identifier": { "PURL": "pkg:deb/ubuntu/libdb5.3@5.3.28%2Bdfsg1-0.6ubuntu2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "3b12cbcbfee838db" }, "Version": "5.3.28+dfsg1", "Release": "0.6ubuntu2", "Arch": "amd64", "SrcName": "db5.3", "SrcVersion": "5.3.28+dfsg1", "SrcRelease": "0.6ubuntu2", "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libdb-5.3.so", "/usr/share/doc/libdb5.3/build_signature_amd64.txt", "/usr/share/doc/libdb5.3/changelog.Debian.gz", "/usr/share/doc/libdb5.3/copyright", "/usr/share/lintian/overrides/libdb5.3" ], "AnalyzedBy": "dpkg" }, { "ID": "libdbi-perl@1.643-1ubuntu0.1", "Name": "libdbi-perl", "Identifier": { "PURL": "pkg:deb/ubuntu/libdbi-perl@1.643-1ubuntu0.1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "d12390ca45ce189d" }, "Version": "1.643", "Release": "1ubuntu0.1", "Arch": "amd64", "SrcName": "libdbi-perl", "SrcVersion": "1.643", "SrcRelease": "1ubuntu0.1", "Licenses": [ "Artistic-2.0", "GPL-1.0-or-later", "GPL-1.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "perl@5.30.0-9ubuntu0.3" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/bin/dbilogstrip", "/usr/bin/dbiprof", "/usr/bin/dbiproxy", "/usr/bin/dh_perl_dbi", "/usr/lib/x86_64-linux-gnu/perl5/5.30/Bundle/DBI.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/DBM.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/ExampleP.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/File.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/File/Developers.pod", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/File/HowTo.pod", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/File/Roadmap.pod", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Gofer.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Gofer/Policy/Base.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Gofer/Policy/classic.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Gofer/Policy/pedantic.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Gofer/Policy/rush.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Gofer/Transport/Base.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Gofer/Transport/corostream.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Gofer/Transport/null.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Gofer/Transport/pipeone.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Gofer/Transport/stream.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Mem.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/NullP.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Proxy.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Sponge.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Changes.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Const/GetInfo/ANSI.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Const/GetInfo/ODBC.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Const/GetInfoReturn.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Const/GetInfoType.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/DBD.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/DBD/Metadata.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/DBD/SqlEngine.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/DBD/SqlEngine/Developers.pod", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/DBD/SqlEngine/HowTo.pod", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Gofer/Execute.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Gofer/Request.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Gofer/Response.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Gofer/Serializer/Base.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Gofer/Serializer/DataDumper.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Gofer/Serializer/Storable.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Gofer/Transport/Base.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Gofer/Transport/pipeone.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Gofer/Transport/stream.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Profile.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/ProfileData.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/ProfileDumper.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/ProfileDumper/Apache.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/ProfileSubs.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/ProxyServer.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/PurePerl.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/SQL/Nano.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Util/CacheMemory.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Util/_accessor.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/W32ODBC.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/Win32/DBIODBC.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/auto/DBI/DBI.so", "/usr/lib/x86_64-linux-gnu/perl5/5.30/auto/DBI/DBIXS.h", "/usr/lib/x86_64-linux-gnu/perl5/5.30/auto/DBI/Driver.xst", "/usr/lib/x86_64-linux-gnu/perl5/5.30/auto/DBI/Driver_xst.h", "/usr/lib/x86_64-linux-gnu/perl5/5.30/auto/DBI/dbd_xsh.h", "/usr/lib/x86_64-linux-gnu/perl5/5.30/auto/DBI/dbi_sql.h", "/usr/lib/x86_64-linux-gnu/perl5/5.30/auto/DBI/dbipport.h", "/usr/lib/x86_64-linux-gnu/perl5/5.30/auto/DBI/dbivport.h", "/usr/lib/x86_64-linux-gnu/perl5/5.30/auto/DBI/dbixs_rev.h", "/usr/lib/x86_64-linux-gnu/perl5/5.30/dbixs_rev.pl", "/usr/share/doc/libdbi-perl/NEWS.Developer.gz", "/usr/share/doc/libdbi-perl/README.Debian", "/usr/share/doc/libdbi-perl/changelog.Debian.gz", "/usr/share/doc/libdbi-perl/copyright", "/usr/share/doc/libdbi-perl/examples/corogofer.pl", "/usr/share/doc/libdbi-perl/examples/perl_dbi_nulls_test.pl", "/usr/share/doc/libdbi-perl/examples/profile.pl", "/usr/share/doc/libdbi-perl/examples/test.pl", "/usr/share/libdbi-perl/perl-dbdabi.make", "/usr/share/lintian/overrides/libdbi-perl", "/usr/share/man/man1/dbilogstrip.1p.gz", "/usr/share/man/man1/dbiprof.1p.gz", "/usr/share/man/man1/dbiproxy.1p.gz", "/usr/share/man/man1/dh_perl_dbi.1.gz", "/usr/share/man/man3/Bundle::DBI.3pm.gz", "/usr/share/man/man3/DBD::DBM.3pm.gz", "/usr/share/man/man3/DBD::File.3pm.gz", "/usr/share/man/man3/DBD::File::Developers.3pm.gz", "/usr/share/man/man3/DBD::File::HowTo.3pm.gz", "/usr/share/man/man3/DBD::File::Roadmap.3pm.gz", "/usr/share/man/man3/DBD::Gofer.3pm.gz", "/usr/share/man/man3/DBD::Gofer::Policy::Base.3pm.gz", "/usr/share/man/man3/DBD::Gofer::Policy::classic.3pm.gz", "/usr/share/man/man3/DBD::Gofer::Policy::pedantic.3pm.gz", "/usr/share/man/man3/DBD::Gofer::Policy::rush.3pm.gz", "/usr/share/man/man3/DBD::Gofer::Transport::Base.3pm.gz", "/usr/share/man/man3/DBD::Gofer::Transport::corostream.3pm.gz", "/usr/share/man/man3/DBD::Gofer::Transport::null.3pm.gz", "/usr/share/man/man3/DBD::Gofer::Transport::pipeone.3pm.gz", "/usr/share/man/man3/DBD::Gofer::Transport::stream.3pm.gz", "/usr/share/man/man3/DBD::Mem.3pm.gz", "/usr/share/man/man3/DBD::Proxy.3pm.gz", "/usr/share/man/man3/DBD::Sponge.3pm.gz", "/usr/share/man/man3/DBI.3pm.gz", "/usr/share/man/man3/DBI::Const::GetInfo::ANSI.3pm.gz", "/usr/share/man/man3/DBI::Const::GetInfo::ODBC.3pm.gz", "/usr/share/man/man3/DBI::Const::GetInfoReturn.3pm.gz", "/usr/share/man/man3/DBI::Const::GetInfoType.3pm.gz", "/usr/share/man/man3/DBI::DBD.3pm.gz", "/usr/share/man/man3/DBI::DBD::Metadata.3pm.gz", "/usr/share/man/man3/DBI::DBD::SqlEngine.3pm.gz", "/usr/share/man/man3/DBI::DBD::SqlEngine::Developers.3pm.gz", "/usr/share/man/man3/DBI::DBD::SqlEngine::HowTo.3pm.gz", "/usr/share/man/man3/DBI::Gofer::Execute.3pm.gz", "/usr/share/man/man3/DBI::Gofer::Request.3pm.gz", "/usr/share/man/man3/DBI::Gofer::Response.3pm.gz", "/usr/share/man/man3/DBI::Gofer::Serializer::Base.3pm.gz", "/usr/share/man/man3/DBI::Gofer::Serializer::DataDumper.3pm.gz", "/usr/share/man/man3/DBI::Gofer::Serializer::Storable.3pm.gz", "/usr/share/man/man3/DBI::Gofer::Transport::Base.3pm.gz", "/usr/share/man/man3/DBI::Gofer::Transport::pipeone.3pm.gz", "/usr/share/man/man3/DBI::Gofer::Transport::stream.3pm.gz", "/usr/share/man/man3/DBI::Profile.3pm.gz", "/usr/share/man/man3/DBI::ProfileData.3pm.gz", "/usr/share/man/man3/DBI::ProfileDumper.3pm.gz", "/usr/share/man/man3/DBI::ProfileDumper::Apache.3pm.gz", "/usr/share/man/man3/DBI::ProfileSubs.3pm.gz", "/usr/share/man/man3/DBI::ProxyServer.3pm.gz", "/usr/share/man/man3/DBI::PurePerl.3pm.gz", "/usr/share/man/man3/DBI::SQL::Nano.3pm.gz", "/usr/share/man/man3/DBI::Util::CacheMemory.3pm.gz", "/usr/share/man/man3/DBI::W32ODBC.3pm.gz", "/usr/share/man/man3/Win32::DBIODBC.3pm.gz", "/usr/share/perl5/Debian/Debhelper/Sequence/perl_dbi.pm" ], "AnalyzedBy": "dpkg" }, { "ID": "libdebconfclient0@0.251ubuntu1", "Name": "libdebconfclient0", "Identifier": { "PURL": "pkg:deb/ubuntu/libdebconfclient0@0.251ubuntu1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "2e3d9c7fd6546037" }, "Version": "0.251ubuntu1", "Arch": "amd64", "SrcName": "cdebconf", "SrcVersion": "0.251ubuntu1", "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libdebconfclient.so.0.0.0", "/usr/share/doc/libdebconfclient0/changelog.gz", "/usr/share/doc/libdebconfclient0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libelf1@0.176-1.1build1", "Name": "libelf1", "Identifier": { "PURL": "pkg:deb/ubuntu/libelf1@0.176-1.1build1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "a3374c93655a9823" }, "Version": "0.176", "Release": "1.1build1", "Arch": "amd64", "SrcName": "elfutils", "SrcVersion": "0.176", "SrcRelease": "1.1build1", "Licenses": [ "GPL-2.0-only", "GPL-3.0-only", "LGPL-2.0-or-later" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "zlib1g@1:1.2.11.dfsg-2ubuntu1.5" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libelf-0.176.so", "/usr/share/doc/libelf1/changelog.Debian.gz", "/usr/share/doc/libelf1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libext2fs2@1.45.5-2ubuntu1.1", "Name": "libext2fs2", "Identifier": { "PURL": "pkg:deb/ubuntu/libext2fs2@1.45.5-2ubuntu1.1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "534dde847f051859" }, "Version": "1.45.5", "Release": "2ubuntu1.1", "Arch": "amd64", "SrcName": "e2fsprogs", "SrcVersion": "1.45.5", "SrcRelease": "2ubuntu1.1", "Licenses": [ "GPL-2.0-only", "LGPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libe2p.so.2.3", "/lib/x86_64-linux-gnu/libext2fs.so.2.4", "/usr/share/doc/libext2fs2/changelog.Debian.gz", "/usr/share/doc/libext2fs2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libfdisk1@2.34-0.1ubuntu9.3", "Name": "libfdisk1", "Identifier": { "PURL": "pkg:deb/ubuntu/libfdisk1@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "d7ae8926642fd1bc" }, "Version": "2.34", "Release": "0.1ubuntu9.3", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.34", "SrcRelease": "0.1ubuntu9.3", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "public-domain", "BSD-4-Clause", "MIT", "BSD-2-Clause", "BSD-3-Clause", "LGPL-2.0-or-later", "LGPL-2.1-or-later", "GPL-3.0-or-later", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libblkid1@2.34-0.1ubuntu9.3", "libc6@2.31-0ubuntu9.9", "libuuid1@2.34-0.1ubuntu9.3" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libfdisk.so.1.1.0", "/usr/share/doc/libfdisk1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libffi7@3.3-4", "Name": "libffi7", "Identifier": { "PURL": "pkg:deb/ubuntu/libffi7@3.3-4?arch=amd64\u0026distro=ubuntu-20.04", "UID": "9cb3138802972730" }, "Version": "3.3", "Release": "4", "Arch": "amd64", "SrcName": "libffi", "SrcVersion": "3.3", "SrcRelease": "4", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libffi.so.7.1.0", "/usr/share/doc/libffi7/changelog.Debian.gz", "/usr/share/doc/libffi7/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libgcc-s1@10.3.0-1ubuntu1~20.04", "Name": "libgcc-s1", "Identifier": { "PURL": "pkg:deb/ubuntu/libgcc-s1@10.3.0-1ubuntu1~20.04?arch=amd64\u0026distro=ubuntu-20.04", "UID": "307d7f89e43985bb" }, "Version": "10.3.0", "Release": "1ubuntu1~20.04", "Arch": "amd64", "SrcName": "gcc-10", "SrcVersion": "10.3.0", "SrcRelease": "1ubuntu1~20.04", "Maintainer": "Ubuntu Core developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "gcc-10-base@10.3.0-1ubuntu1~20.04", "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libgcc_s.so.1", "/usr/share/lintian/overrides/libgcc-s1" ], "AnalyzedBy": "dpkg" }, { "ID": "libgcrypt20@1.8.5-5ubuntu1.1", "Name": "libgcrypt20", "Identifier": { "PURL": "pkg:deb/ubuntu/libgcrypt20@1.8.5-5ubuntu1.1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "736a4f36c99fbc42" }, "Version": "1.8.5", "Release": "5ubuntu1.1", "Arch": "amd64", "SrcName": "libgcrypt20", "SrcVersion": "1.8.5", "SrcRelease": "5ubuntu1.1", "Licenses": [ "LGPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libgpg-error0@1.37-1" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libgcrypt.so.20.2.5", "/usr/share/doc/libgcrypt20/AUTHORS.gz", "/usr/share/doc/libgcrypt20/NEWS.gz", "/usr/share/doc/libgcrypt20/README.gz", "/usr/share/doc/libgcrypt20/THANKS.gz", "/usr/share/doc/libgcrypt20/changelog.Debian.gz", "/usr/share/doc/libgcrypt20/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libgdbm-compat4@1.18.1-5", "Name": "libgdbm-compat4", "Identifier": { "PURL": "pkg:deb/ubuntu/libgdbm-compat4@1.18.1-5?arch=amd64\u0026distro=ubuntu-20.04", "UID": "90f68a4641003772" }, "Version": "1.18.1", "Release": "5", "Arch": "amd64", "SrcName": "gdbm", "SrcVersion": "1.18.1", "SrcRelease": "5", "Licenses": [ "GPL-3.0-or-later", "GPL-2.0-or-later", "GFDL-1.3-no-invariants-or-later", "GPL-3.0-only", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libgdbm6@1.18.1-5" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libgdbm_compat.so.4.0.0", "/usr/share/doc/libgdbm-compat4/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libgdbm6@1.18.1-5", "Name": "libgdbm6", "Identifier": { "PURL": "pkg:deb/ubuntu/libgdbm6@1.18.1-5?arch=amd64\u0026distro=ubuntu-20.04", "UID": "7194f66c9d05cbb6" }, "Version": "1.18.1", "Release": "5", "Arch": "amd64", "SrcName": "gdbm", "SrcVersion": "1.18.1", "SrcRelease": "5", "Licenses": [ "GPL-3.0-or-later", "GPL-2.0-or-later", "GFDL-1.3-no-invariants-or-later", "GPL-3.0-only", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libgdbm.so.6.0.0", "/usr/share/doc/libgdbm6/changelog.Debian.gz", "/usr/share/doc/libgdbm6/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libgmp10@2:6.2.0+dfsg-4ubuntu0.1", "Name": "libgmp10", "Identifier": { "PURL": "pkg:deb/ubuntu/libgmp10@6.2.0%2Bdfsg-4ubuntu0.1?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=2", "UID": "986ac56e16e89784" }, "Version": "6.2.0+dfsg", "Release": "4ubuntu0.1", "Epoch": 2, "Arch": "amd64", "SrcName": "gmp", "SrcVersion": "6.2.0+dfsg", "SrcRelease": "4ubuntu0.1", "SrcEpoch": 2, "Licenses": [ "LGPL-3.0-only", "GPL-2.0-only", "GPL-3.0-only", "GPL-2.0-or-later" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libgmp.so.10.4.0", "/usr/share/doc/libgmp10/README.Debian", "/usr/share/doc/libgmp10/changelog.Debian.gz", "/usr/share/doc/libgmp10/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libgnutls30@3.6.13-2ubuntu1.8", "Name": "libgnutls30", "Identifier": { "PURL": "pkg:deb/ubuntu/libgnutls30@3.6.13-2ubuntu1.8?arch=amd64\u0026distro=ubuntu-20.04", "UID": "601976e667e60bf5" }, "Version": "3.6.13", "Release": "2ubuntu1.8", "Arch": "amd64", "SrcName": "gnutls28", "SrcVersion": "3.6.13", "SrcRelease": "2ubuntu1.8", "Licenses": [ "LGPL-2.1-only", "LGPL-2.0-or-later", "LGPL-3.0-only", "GPL-2.0-or-later", "GPL-3.0-only", "GFDL-1.3-only", "CC0-1.0", "MIT", "Apache-2.0", "LGPL-3.0-or-later", "LGPL-2.1-or-later", "GPL-3.0-or-later", "BSD-3-Clause" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libgmp10@2:6.2.0+dfsg-4ubuntu0.1", "libhogweed5@3.5.1+really3.5.1-2ubuntu0.2", "libidn2-0@2.2.0-2", "libnettle7@3.5.1+really3.5.1-2ubuntu0.2", "libp11-kit0@0.23.20-1ubuntu0.1", "libtasn1-6@4.16.0-2", "libunistring2@0.9.10-2" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libgnutls.so.30.27.0", "/usr/share/doc/libgnutls30/AUTHORS.gz", "/usr/share/doc/libgnutls30/NEWS.Debian.gz", "/usr/share/doc/libgnutls30/NEWS.gz", "/usr/share/doc/libgnutls30/README.md.gz", "/usr/share/doc/libgnutls30/THANKS.gz", "/usr/share/doc/libgnutls30/changelog.Debian.gz", "/usr/share/doc/libgnutls30/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libgpg-error0@1.37-1", "Name": "libgpg-error0", "Identifier": { "PURL": "pkg:deb/ubuntu/libgpg-error0@1.37-1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "119f68f873331ca8" }, "Version": "1.37", "Release": "1", "Arch": "amd64", "SrcName": "libgpg-error", "SrcVersion": "1.37", "SrcRelease": "1", "Licenses": [ "LGPL-2.1-or-later", "BSD-3-Clause", "g10-permissive", "GPL-3.0-or-later", "LGPL-2.1-only", "GPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libgpg-error.so.0.28.0", "/usr/share/doc/libgpg-error0/README.gz", "/usr/share/doc/libgpg-error0/changelog.Debian.gz", "/usr/share/doc/libgpg-error0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libhogweed5@3.5.1+really3.5.1-2ubuntu0.2", "Name": "libhogweed5", "Identifier": { "PURL": "pkg:deb/ubuntu/libhogweed5@3.5.1%2Breally3.5.1-2ubuntu0.2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "5173cc2e9efda0fe" }, "Version": "3.5.1+really3.5.1", "Release": "2ubuntu0.2", "Arch": "amd64", "SrcName": "nettle", "SrcVersion": "3.5.1+really3.5.1", "SrcRelease": "2ubuntu0.2", "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libgmp10@2:6.2.0+dfsg-4ubuntu0.1", "libnettle7@3.5.1+really3.5.1-2ubuntu0.2" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libhogweed.so.5.0" ], "AnalyzedBy": "dpkg" }, { "ID": "libidn2-0@2.2.0-2", "Name": "libidn2-0", "Identifier": { "PURL": "pkg:deb/ubuntu/libidn2-0@2.2.0-2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "a4d22b46c8b443be" }, "Version": "2.2.0", "Release": "2", "Arch": "amd64", "SrcName": "libidn2", "SrcVersion": "2.2.0", "SrcRelease": "2", "Licenses": [ "GPL-3.0-or-later", "LGPL-3.0-or-later", "GPL-2.0-or-later", "Unicode", "GPL-3.0-only", "GPL-2.0-only", "LGPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libunistring2@0.9.10-2" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libidn2.so.0.3.6", "/usr/share/doc/libidn2-0/AUTHORS", "/usr/share/doc/libidn2-0/NEWS.gz", "/usr/share/doc/libidn2-0/README.md.gz", "/usr/share/doc/libidn2-0/changelog.Debian.gz", "/usr/share/doc/libidn2-0/copyright", "/usr/share/lintian/overrides/libidn2-0" ], "AnalyzedBy": "dpkg" }, { "ID": "libjemalloc2@5.2.1-1ubuntu1", "Name": "libjemalloc2", "Identifier": { "PURL": "pkg:deb/ubuntu/libjemalloc2@5.2.1-1ubuntu1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "dfa342d22c9cd4aa" }, "Version": "5.2.1", "Release": "1ubuntu1", "Arch": "amd64", "SrcName": "jemalloc", "SrcVersion": "5.2.1", "SrcRelease": "1ubuntu1", "Licenses": [ "BSD-2-Clause", "BSD-2-Clause-Chemeris", "BSD-3-Clause-Google", "MIT", "BSD-3-Clause-Hiroshima-University", "BSD-3-Clause" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libgcc-s1@10.3.0-1ubuntu1~20.04", "libstdc++6@10.3.0-1ubuntu1~20.04" ], "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libjemalloc.so.2", "/usr/share/doc/libjemalloc2/README", "/usr/share/doc/libjemalloc2/changelog.Debian.gz", "/usr/share/doc/libjemalloc2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "liblz4-1@1.9.2-2ubuntu0.20.04.1", "Name": "liblz4-1", "Identifier": { "PURL": "pkg:deb/ubuntu/liblz4-1@1.9.2-2ubuntu0.20.04.1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "360de62e84e688a2" }, "Version": "1.9.2", "Release": "2ubuntu0.20.04.1", "Arch": "amd64", "SrcName": "lz4", "SrcVersion": "1.9.2", "SrcRelease": "2ubuntu0.20.04.1", "Licenses": [ "BSD-2-Clause", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/liblz4.so.1.9.2", "/usr/share/doc/liblz4-1/changelog.Debian.gz", "/usr/share/doc/liblz4-1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "liblzma5@5.2.4-1ubuntu1.1", "Name": "liblzma5", "Identifier": { "PURL": "pkg:deb/ubuntu/liblzma5@5.2.4-1ubuntu1.1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "c2ae5f7a21c980c7" }, "Version": "5.2.4", "Release": "1ubuntu1.1", "Arch": "amd64", "SrcName": "xz-utils", "SrcVersion": "5.2.4", "SrcRelease": "1ubuntu1.1", "Licenses": [ "PD", "probably-PD", "GPL-2.0-or-later", "LGPL-2.1-or-later", "permissive-fsf", "Autoconf", "permissive-nowarranty", "GPL-2.0-only", "none", "config-h", "LGPL-2.0-only", "LGPL-2.1-only", "noderivs", "PD-debian", "GPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/liblzma.so.5.2.4", "/usr/share/doc/liblzma5/AUTHORS", "/usr/share/doc/liblzma5/NEWS.gz", "/usr/share/doc/liblzma5/THANKS", "/usr/share/doc/liblzma5/changelog.Debian.gz", "/usr/share/doc/liblzma5/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libmariadb3@1:10.7.8+maria~ubu2004", "Name": "libmariadb3", "Identifier": { "PURL": "pkg:deb/ubuntu/libmariadb3@10.7.8%2Bmaria~ubu2004?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "3b5ea273e7b67371" }, "Version": "10.7.8+maria~ubu2004", "Epoch": 1, "Arch": "amd64", "SrcName": "mariadb-10.7", "SrcVersion": "10.7.8+maria~ubu2004", "SrcEpoch": 1, "Maintainer": "MariaDB Developers \u003cmaria-developers@lists.launchpad.net\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libssl1.1@1.1.1f-1ubuntu2.17", "mariadb-common@1:10.7.8+maria~ubu2004", "zlib1g@1:1.2.11.dfsg-2ubuntu1.5" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libmariadb.so.3", "/usr/lib/x86_64-linux-gnu/libmariadb3/plugin/caching_sha2_password.so", "/usr/lib/x86_64-linux-gnu/libmariadb3/plugin/client_ed25519.so", "/usr/lib/x86_64-linux-gnu/libmariadb3/plugin/dialog.so", "/usr/lib/x86_64-linux-gnu/libmariadb3/plugin/mysql_clear_password.so", "/usr/lib/x86_64-linux-gnu/libmariadb3/plugin/sha256_password.so", "/usr/share/doc/libmariadb3/changelog.gz", "/usr/share/doc/libmariadb3/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libmnl0@1.0.4-2", "Name": "libmnl0", "Identifier": { "PURL": "pkg:deb/ubuntu/libmnl0@1.0.4-2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "f052539b06152f0c" }, "Version": "1.0.4", "Release": "2", "Arch": "amd64", "SrcName": "libmnl", "SrcVersion": "1.0.4", "SrcRelease": "2", "Licenses": [ "LGPL-2.1-only", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libmnl.so.0.2.0", "/usr/share/doc/libmnl0/changelog.Debian.gz", "/usr/share/doc/libmnl0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libmount1@2.34-0.1ubuntu9.3", "Name": "libmount1", "Identifier": { "PURL": "pkg:deb/ubuntu/libmount1@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "149aad062a67d915" }, "Version": "2.34", "Release": "0.1ubuntu9.3", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.34", "SrcRelease": "0.1ubuntu9.3", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "public-domain", "BSD-4-Clause", "MIT", "BSD-2-Clause", "BSD-3-Clause", "LGPL-2.0-or-later", "LGPL-2.1-or-later", "GPL-3.0-or-later", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libblkid1@2.34-0.1ubuntu9.3", "libc6@2.31-0ubuntu9.9", "libselinux1@3.0-1build2" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libmount.so.1.1.0", "/usr/share/doc/libmount1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libmpfr6@4.0.2-1", "Name": "libmpfr6", "Identifier": { "PURL": "pkg:deb/ubuntu/libmpfr6@4.0.2-1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "cbee374cc2146325" }, "Version": "4.0.2", "Release": "1", "Arch": "amd64", "SrcName": "mpfr4", "SrcVersion": "4.0.2", "SrcRelease": "1", "Licenses": [ "LGPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libgmp10@2:6.2.0+dfsg-4ubuntu0.1" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libmpfr.so.6.0.2", "/usr/share/doc/libmpfr6/AUTHORS", "/usr/share/doc/libmpfr6/BUGS", "/usr/share/doc/libmpfr6/NEWS.gz", "/usr/share/doc/libmpfr6/README", "/usr/share/doc/libmpfr6/TODO.gz", "/usr/share/doc/libmpfr6/changelog.Debian.gz", "/usr/share/doc/libmpfr6/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libncurses6@6.2-0ubuntu2", "Name": "libncurses6", "Identifier": { "PURL": "pkg:deb/ubuntu/libncurses6@6.2-0ubuntu2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "daf9ae3f810ae3f0" }, "Version": "6.2", "Release": "0ubuntu2", "Arch": "amd64", "SrcName": "ncurses", "SrcVersion": "6.2", "SrcRelease": "0ubuntu2", "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libtinfo6@6.2-0ubuntu2" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libncurses.so.6.2", "/usr/lib/x86_64-linux-gnu/libform.so.6.2", "/usr/lib/x86_64-linux-gnu/libmenu.so.6.2", "/usr/lib/x86_64-linux-gnu/libpanel.so.6.2" ], "AnalyzedBy": "dpkg" }, { "ID": "libncursesw6@6.2-0ubuntu2", "Name": "libncursesw6", "Identifier": { "PURL": "pkg:deb/ubuntu/libncursesw6@6.2-0ubuntu2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "dca50c9cdd5fdd35" }, "Version": "6.2", "Release": "0ubuntu2", "Arch": "amd64", "SrcName": "ncurses", "SrcVersion": "6.2", "SrcRelease": "0ubuntu2", "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libtinfo6@6.2-0ubuntu2" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libncursesw.so.6.2", "/usr/lib/x86_64-linux-gnu/libformw.so.6.2", "/usr/lib/x86_64-linux-gnu/libmenuw.so.6.2", "/usr/lib/x86_64-linux-gnu/libpanelw.so.6.2" ], "AnalyzedBy": "dpkg" }, { "ID": "libnettle7@3.5.1+really3.5.1-2ubuntu0.2", "Name": "libnettle7", "Identifier": { "PURL": "pkg:deb/ubuntu/libnettle7@3.5.1%2Breally3.5.1-2ubuntu0.2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "2056b6e9d75f6357" }, "Version": "3.5.1+really3.5.1", "Release": "2ubuntu0.2", "Arch": "amd64", "SrcName": "nettle", "SrcVersion": "3.5.1+really3.5.1", "SrcRelease": "2ubuntu0.2", "Licenses": [ "LGPL-2.1-or-later", "LGPL-2.0-or-later", "LGPL-2.0-only", "other", "GPL-2.0-or-later", "GPL-2.0-with-autoconf-exception+", "public-domain", "GPL-2.0-only", "GAP" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libnettle.so.7.0", "/usr/share/doc/libnettle7/NEWS.gz", "/usr/share/doc/libnettle7/README", "/usr/share/doc/libnettle7/changelog.Debian.gz", "/usr/share/doc/libnettle7/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libp11-kit0@0.23.20-1ubuntu0.1", "Name": "libp11-kit0", "Identifier": { "PURL": "pkg:deb/ubuntu/libp11-kit0@0.23.20-1ubuntu0.1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "10976beda344eb50" }, "Version": "0.23.20", "Release": "1ubuntu0.1", "Arch": "amd64", "SrcName": "p11-kit", "SrcVersion": "0.23.20", "SrcRelease": "1ubuntu0.1", "Licenses": [ "BSD-3-Clause", "permissive-like-automake-output", "ISC", "ISC+IBM", "same-as-rest-of-p11kit" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libffi7@3.3-4" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libp11-kit.so.0.3.0", "/usr/share/doc/libp11-kit0/changelog.Debian.gz", "/usr/share/doc/libp11-kit0/copyright", "/usr/share/doc/libp11-kit0/examples/pkcs11.conf.example" ], "AnalyzedBy": "dpkg" }, { "ID": "libpam-modules@1.3.1-5ubuntu4.6", "Name": "libpam-modules", "Identifier": { "PURL": "pkg:deb/ubuntu/libpam-modules@1.3.1-5ubuntu4.6?arch=amd64\u0026distro=ubuntu-20.04", "UID": "8238c76ab6208fd" }, "Version": "1.3.1", "Release": "5ubuntu4.6", "Arch": "amd64", "SrcName": "pam", "SrcVersion": "1.3.1", "SrcRelease": "5ubuntu4.6", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/security/pam_access.so", "/lib/x86_64-linux-gnu/security/pam_debug.so", "/lib/x86_64-linux-gnu/security/pam_deny.so", "/lib/x86_64-linux-gnu/security/pam_echo.so", "/lib/x86_64-linux-gnu/security/pam_env.so", "/lib/x86_64-linux-gnu/security/pam_exec.so", "/lib/x86_64-linux-gnu/security/pam_extrausers.so", "/lib/x86_64-linux-gnu/security/pam_faildelay.so", "/lib/x86_64-linux-gnu/security/pam_faillock.so", "/lib/x86_64-linux-gnu/security/pam_filter.so", "/lib/x86_64-linux-gnu/security/pam_ftp.so", "/lib/x86_64-linux-gnu/security/pam_group.so", "/lib/x86_64-linux-gnu/security/pam_issue.so", "/lib/x86_64-linux-gnu/security/pam_keyinit.so", "/lib/x86_64-linux-gnu/security/pam_lastlog.so", "/lib/x86_64-linux-gnu/security/pam_limits.so", "/lib/x86_64-linux-gnu/security/pam_listfile.so", "/lib/x86_64-linux-gnu/security/pam_localuser.so", "/lib/x86_64-linux-gnu/security/pam_loginuid.so", "/lib/x86_64-linux-gnu/security/pam_mail.so", "/lib/x86_64-linux-gnu/security/pam_mkhomedir.so", "/lib/x86_64-linux-gnu/security/pam_motd.so", "/lib/x86_64-linux-gnu/security/pam_namespace.so", "/lib/x86_64-linux-gnu/security/pam_nologin.so", "/lib/x86_64-linux-gnu/security/pam_permit.so", "/lib/x86_64-linux-gnu/security/pam_pwhistory.so", "/lib/x86_64-linux-gnu/security/pam_rhosts.so", "/lib/x86_64-linux-gnu/security/pam_rootok.so", "/lib/x86_64-linux-gnu/security/pam_securetty.so", "/lib/x86_64-linux-gnu/security/pam_selinux.so", "/lib/x86_64-linux-gnu/security/pam_sepermit.so", "/lib/x86_64-linux-gnu/security/pam_shells.so", "/lib/x86_64-linux-gnu/security/pam_stress.so", "/lib/x86_64-linux-gnu/security/pam_succeed_if.so", "/lib/x86_64-linux-gnu/security/pam_tally.so", "/lib/x86_64-linux-gnu/security/pam_tally2.so", "/lib/x86_64-linux-gnu/security/pam_time.so", "/lib/x86_64-linux-gnu/security/pam_timestamp.so", "/lib/x86_64-linux-gnu/security/pam_tty_audit.so", "/lib/x86_64-linux-gnu/security/pam_umask.so", "/lib/x86_64-linux-gnu/security/pam_unix.so", "/lib/x86_64-linux-gnu/security/pam_userdb.so", "/lib/x86_64-linux-gnu/security/pam_warn.so", "/lib/x86_64-linux-gnu/security/pam_wheel.so", "/lib/x86_64-linux-gnu/security/pam_xauth.so", "/usr/share/doc/libpam-modules/copyright", "/usr/share/doc/libpam-modules/examples/upperLOWER.c", "/usr/share/lintian/overrides/libpam-modules", "/usr/share/man/man5/access.conf.5.gz", "/usr/share/man/man5/faillock.conf.5.gz", "/usr/share/man/man5/group.conf.5.gz", "/usr/share/man/man5/limits.conf.5.gz", "/usr/share/man/man5/namespace.conf.5.gz", "/usr/share/man/man5/pam_env.conf.5.gz", "/usr/share/man/man5/sepermit.conf.5.gz", "/usr/share/man/man5/time.conf.5.gz", "/usr/share/man/man5/update-motd.5.gz", "/usr/share/man/man7/pam_env.7.gz", "/usr/share/man/man7/pam_selinux.7.gz", "/usr/share/man/man8/pam_access.8.gz", "/usr/share/man/man8/pam_debug.8.gz", "/usr/share/man/man8/pam_deny.8.gz", "/usr/share/man/man8/pam_echo.8.gz", "/usr/share/man/man8/pam_exec.8.gz", "/usr/share/man/man8/pam_extrausers.8.gz", "/usr/share/man/man8/pam_faildelay.8.gz", "/usr/share/man/man8/pam_faillock.8.gz", "/usr/share/man/man8/pam_filter.8.gz", "/usr/share/man/man8/pam_ftp.8.gz", "/usr/share/man/man8/pam_group.8.gz", "/usr/share/man/man8/pam_issue.8.gz", "/usr/share/man/man8/pam_keyinit.8.gz", "/usr/share/man/man8/pam_lastlog.8.gz", "/usr/share/man/man8/pam_limits.8.gz", "/usr/share/man/man8/pam_listfile.8.gz", "/usr/share/man/man8/pam_localuser.8.gz", "/usr/share/man/man8/pam_loginuid.8.gz", "/usr/share/man/man8/pam_mail.8.gz", "/usr/share/man/man8/pam_mkhomedir.8.gz", "/usr/share/man/man8/pam_motd.8.gz", "/usr/share/man/man8/pam_namespace.8.gz", "/usr/share/man/man8/pam_nologin.8.gz", "/usr/share/man/man8/pam_permit.8.gz", "/usr/share/man/man8/pam_pwhistory.8.gz", "/usr/share/man/man8/pam_rhosts.8.gz", "/usr/share/man/man8/pam_rootok.8.gz", "/usr/share/man/man8/pam_securetty.8.gz", "/usr/share/man/man8/pam_sepermit.8.gz", "/usr/share/man/man8/pam_shells.8.gz", "/usr/share/man/man8/pam_succeed_if.8.gz", "/usr/share/man/man8/pam_tally.8.gz", "/usr/share/man/man8/pam_tally2.8.gz", "/usr/share/man/man8/pam_time.8.gz", "/usr/share/man/man8/pam_timestamp.8.gz", "/usr/share/man/man8/pam_tty_audit.8.gz", "/usr/share/man/man8/pam_umask.8.gz", "/usr/share/man/man8/pam_unix.8.gz", "/usr/share/man/man8/pam_userdb.8.gz", "/usr/share/man/man8/pam_warn.8.gz", "/usr/share/man/man8/pam_wheel.8.gz", "/usr/share/man/man8/pam_xauth.8.gz", "/usr/share/pam-configs/mkhomedir" ], "AnalyzedBy": "dpkg" }, { "ID": "libpam-modules-bin@1.3.1-5ubuntu4.6", "Name": "libpam-modules-bin", "Identifier": { "PURL": "pkg:deb/ubuntu/libpam-modules-bin@1.3.1-5ubuntu4.6?arch=amd64\u0026distro=ubuntu-20.04", "UID": "92c88fd5e3403ef2" }, "Version": "1.3.1", "Release": "5ubuntu4.6", "Arch": "amd64", "SrcName": "pam", "SrcVersion": "1.3.1", "SrcRelease": "5ubuntu4.6", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libaudit1@1:2.8.5-2ubuntu6", "libc6@2.31-0ubuntu9.9", "libcrypt1@1:4.4.10-10ubuntu4", "libpam0g@1.3.1-5ubuntu4.6", "libselinux1@3.0-1build2" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/sbin/mkhomedir_helper", "/sbin/pam_extrausers_chkpwd", "/sbin/pam_extrausers_update", "/sbin/pam_tally", "/sbin/pam_tally2", "/sbin/unix_chkpwd", "/sbin/unix_update", "/usr/sbin/faillock", "/usr/sbin/pam_timestamp_check", "/usr/share/doc/libpam-modules-bin/copyright", "/usr/share/lintian/overrides/libpam-modules-bin", "/usr/share/man/man8/faillock.8.gz", "/usr/share/man/man8/mkhomedir_helper.8.gz", "/usr/share/man/man8/pam_timestamp_check.8.gz", "/usr/share/man/man8/unix_chkpwd.8.gz", "/usr/share/man/man8/unix_update.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "libpam-runtime@1.3.1-5ubuntu4.6", "Name": "libpam-runtime", "Identifier": { "PURL": "pkg:deb/ubuntu/libpam-runtime@1.3.1-5ubuntu4.6?arch=all\u0026distro=ubuntu-20.04", "UID": "815077e96d38fc4a" }, "Version": "1.3.1", "Release": "5ubuntu4.6", "Arch": "all", "SrcName": "pam", "SrcVersion": "1.3.1", "SrcRelease": "5ubuntu4.6", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debconf@1.5.73", "libpam-modules@1.3.1-5ubuntu4.6" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/sbin/pam-auth-update", "/usr/sbin/pam_getenv", "/usr/share/doc/libpam-runtime/copyright", "/usr/share/lintian/overrides/libpam-runtime", "/usr/share/man/man5/pam.conf.5.gz", "/usr/share/man/man7/PAM.7.gz", "/usr/share/man/man8/pam-auth-update.8.gz", "/usr/share/man/man8/pam_getenv.8.gz", "/usr/share/pam-configs/unix", "/usr/share/pam/common-account", "/usr/share/pam/common-account.md5sums", "/usr/share/pam/common-auth", "/usr/share/pam/common-auth.md5sums", "/usr/share/pam/common-password", "/usr/share/pam/common-password.md5sums", "/usr/share/pam/common-session", "/usr/share/pam/common-session-noninteractive", "/usr/share/pam/common-session-noninteractive.md5sums", "/usr/share/pam/common-session.md5sums" ], "AnalyzedBy": "dpkg" }, { "ID": "libpam0g@1.3.1-5ubuntu4.6", "Name": "libpam0g", "Identifier": { "PURL": "pkg:deb/ubuntu/libpam0g@1.3.1-5ubuntu4.6?arch=amd64\u0026distro=ubuntu-20.04", "UID": "65460bc2f0872763" }, "Version": "1.3.1", "Release": "5ubuntu4.6", "Arch": "amd64", "SrcName": "pam", "SrcVersion": "1.3.1", "SrcRelease": "5ubuntu4.6", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debconf@1.5.73", "libaudit1@1:2.8.5-2ubuntu6", "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libpam.so.0.84.2", "/lib/x86_64-linux-gnu/libpam_misc.so.0.82.1", "/lib/x86_64-linux-gnu/libpamc.so.0.82.1", "/usr/share/doc/libpam0g/Debian-PAM-MiniPolicy.gz", "/usr/share/doc/libpam0g/NEWS.Debian.gz", "/usr/share/doc/libpam0g/README", "/usr/share/doc/libpam0g/README.Debian", "/usr/share/doc/libpam0g/TODO.Debian", "/usr/share/doc/libpam0g/changelog.Debian.gz", "/usr/share/doc/libpam0g/copyright", "/usr/share/lintian/overrides/libpam0g" ], "AnalyzedBy": "dpkg" }, { "ID": "libpcre2-8-0@10.34-7ubuntu0.1", "Name": "libpcre2-8-0", "Identifier": { "PURL": "pkg:deb/ubuntu/libpcre2-8-0@10.34-7ubuntu0.1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "a2ff44836db84cd4" }, "Version": "10.34", "Release": "7ubuntu0.1", "Arch": "amd64", "SrcName": "pcre2", "SrcVersion": "10.34", "SrcRelease": "7ubuntu0.1", "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libpcre2-8.so.0.9.0", "/usr/share/doc/libpcre2-8-0/README.Debian", "/usr/share/doc/libpcre2-8-0/changelog.Debian.gz", "/usr/share/doc/libpcre2-8-0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libpcre3@2:8.39-12ubuntu0.1", "Name": "libpcre3", "Identifier": { "PURL": "pkg:deb/ubuntu/libpcre3@8.39-12ubuntu0.1?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=2", "UID": "27d387d3c4e2fd01" }, "Version": "8.39", "Release": "12ubuntu0.1", "Epoch": 2, "Arch": "amd64", "SrcName": "pcre3", "SrcVersion": "8.39", "SrcRelease": "12ubuntu0.1", "SrcEpoch": 2, "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libpcre.so.3.13.3", "/usr/lib/x86_64-linux-gnu/libpcreposix.so.3.13.3", "/usr/share/doc/libpcre3/AUTHORS", "/usr/share/doc/libpcre3/NEWS.gz", "/usr/share/doc/libpcre3/README.Debian", "/usr/share/doc/libpcre3/README.gz", "/usr/share/doc/libpcre3/changelog.Debian.gz", "/usr/share/doc/libpcre3/copyright", "/usr/share/man/man3/pcrepattern.3.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "libperl5.30@5.30.0-9ubuntu0.3", "Name": "libperl5.30", "Identifier": { "PURL": "pkg:deb/ubuntu/libperl5.30@5.30.0-9ubuntu0.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "a3acb4d09929d454" }, "Version": "5.30.0", "Release": "9ubuntu0.3", "Arch": "amd64", "SrcName": "perl", "SrcVersion": "5.30.0", "SrcRelease": "9ubuntu0.3", "Licenses": [ "GPL-1.0-or-later", "Artistic-2.0", "MIT", "REGCOMP", "GPL-2.0-with-bison-exception+", "Unicode", "BZIP", "Zlib", "GPL-2.0-or-later", "RRA-KEEP-THIS-NOTICE", "BSD-3-clause-with-weird-numbering", "CC0-1.0", "TEXT-TABS", "BSD-4-clause-POWERDOG", "BSD-3-clause-GENERIC", "BSD-3-Clause", "SDBM-PUBLIC-DOMAIN", "DONT-CHANGE-THE-GPL", "Artistic-dist", "LGPL-2.1-only", "GPL-1.0-only", "GPL-2.0-only", "Artistic-2", "HSIEH-DERIVATIVE", "HSIEH-BSD" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libbz2-1.0@1.0.8-2", "libc6@2.31-0ubuntu9.9", "libcrypt1@1:4.4.10-10ubuntu4", "libdb5.3@5.3.28+dfsg1-0.6ubuntu2", "libgdbm-compat4@1.18.1-5", "libgdbm6@1.18.1-5", "perl-modules-5.30@5.30.0-9ubuntu0.3", "zlib1g@1:1.2.11.dfsg-2ubuntu1.5" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/bin/cpan5.30-x86_64-linux-gnu", "/usr/bin/perl5.30-x86_64-linux-gnu", "/usr/lib/x86_64-linux-gnu/libperl.so.5.30.0", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/B.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/B/Concise.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/B/Showlex.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/B/Terse.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/B/Xref.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/EXTERN.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/INTERN.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/XSUB.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/av.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/bitcount.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/charclass_invlists.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/config.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/cop.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/cv.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/dosish.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/dquote_inline.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/ebcdic_tables.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/embed.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/embedvar.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/fakesdio.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/feature.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/form.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/git_version.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/gv.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/handy.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/hv.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/hv_func.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/hv_macro.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/inline.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/intrpvar.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/invlist_inline.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/iperlsys.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/keywords.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/l1_char_class_tab.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/malloc_ctl.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/metaconfig.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/mg.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/mg_data.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/mg_raw.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/mg_vtable.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/mydtrace.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/nostdio.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/op.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/op_reg_common.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/opcode.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/opnames.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/overload.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/pad.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/parser.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/patchlevel-debian.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/patchlevel.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/perl.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/perl_inc_macro.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/perl_langinfo.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/perlapi.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/perlio.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/perliol.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/perlsdio.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/perlvars.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/perly.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/pp.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/pp_proto.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/proto.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/reentr.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/regcharclass.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/regcomp.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/regexp.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/regnodes.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/sbox32_hash.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/scope.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/stadtx_hash.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/sv.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/thread.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/time64.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/time64_config.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/uconfig.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/uni_keywords.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/unicode_constants.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/unixish.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/utf8.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/utfebcdic.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/util.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/uudmap.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/vutil.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/warnings.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/zaphod32_hash.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Compress/Raw/Bzip2.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Compress/Raw/Zlib.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Config.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Config.pod", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Config_git.pl", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Config_heavy.pl", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Cwd.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/DB_File.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Data/Dumper.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Devel/PPPort.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Devel/Peek.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Digest/MD5.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Digest/SHA.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/DynaLoader.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/Alias.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/Byte.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/CJKConstants.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/CN.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/CN/HZ.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/Config.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/EBCDIC.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/Encoder.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/Encoding.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/GSM0338.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/Guess.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/JP.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/JP/H2Z.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/JP/JIS7.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/KR.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/KR/2022_KR.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/MIME/Header.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/MIME/Header/ISO_2022_JP.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/MIME/Name.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/Symbol.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/TW.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/Unicode.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/Unicode/UTF7.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Errno.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Fcntl.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/File/DosGlob.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/File/Glob.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/File/Spec.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/File/Spec/AmigaOS.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/File/Spec/Cygwin.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/File/Spec/Epoc.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/File/Spec/Functions.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/File/Spec/Mac.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/File/Spec/OS2.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/File/Spec/Unix.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/File/Spec/VMS.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/File/Spec/Win32.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Filter/Util/Call.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/GDBM_File.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Hash/Util.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Hash/Util/FieldHash.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/I18N/Langinfo.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IO.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IO/Dir.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IO/File.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IO/Handle.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IO/Pipe.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IO/Poll.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IO/Seekable.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IO/Select.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IO/Socket.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IO/Socket/INET.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IO/Socket/UNIX.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IPC/Msg.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IPC/Semaphore.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IPC/SharedMem.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IPC/SysV.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/List/Util.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/List/Util/XS.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/MIME/Base64.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/MIME/QuotedPrint.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Math/BigInt/FastCalc.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/NDBM_File.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/O.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/ODBM_File.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Opcode.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/POSIX.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/POSIX.pod", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/PerlIO/encoding.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/PerlIO/mmap.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/PerlIO/scalar.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/PerlIO/via.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/SDBM_File.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Scalar/Util.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Socket.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Storable.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Sub/Util.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Sys/Hostname.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Sys/Syslog.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Tie/Hash/NamedCapture.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Time/HiRes.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Time/Piece.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Time/Seconds.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Unicode/Collate.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Unicode/Collate/Locale.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Unicode/Normalize.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/_h2ph_pre.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm-generic/bitsperlong.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm-generic/ioctl.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm-generic/ioctls.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm-generic/posix_types.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm-generic/socket.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm-generic/sockios.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm-generic/termbits.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm-generic/termios.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/bitsperlong.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/ioctl.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/ioctls.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/posix_types.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/posix_types_32.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/posix_types_64.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/posix_types_x32.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/socket.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/sockios.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/termbits.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/termios.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/unistd.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/unistd_32.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/unistd_64.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/unistd_x32.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/attributes.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/B/B.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Compress/Raw/Bzip2/Bzip2.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Compress/Raw/Zlib/Zlib.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Cwd/Cwd.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/DB_File/DB_File.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Data/Dumper/Dumper.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Devel/Peek/Peek.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Digest/MD5/MD5.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Digest/SHA/SHA.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Encode/Byte/Byte.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Encode/CN/CN.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Encode/EBCDIC/EBCDIC.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Encode/Encode.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Encode/JP/JP.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Encode/KR/KR.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Encode/Symbol/Symbol.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Encode/TW/TW.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Encode/Unicode/Unicode.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Fcntl/Fcntl.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/File/DosGlob/DosGlob.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/File/Glob/Glob.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Filter/Util/Call/Call.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/GDBM_File/GDBM_File.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Hash/Util/FieldHash/FieldHash.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Hash/Util/Util.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/I18N/Langinfo/Langinfo.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/IO/IO.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/IPC/SysV/SysV.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/List/Util/Util.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/MIME/Base64/Base64.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Math/BigInt/FastCalc/FastCalc.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/NDBM_File/NDBM_File.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/ODBM_File/ODBM_File.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Opcode/Opcode.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/POSIX/POSIX.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/PerlIO/encoding/encoding.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/PerlIO/mmap/mmap.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/PerlIO/scalar/scalar.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/PerlIO/via/via.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/SDBM_File/SDBM_File.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Socket/Socket.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Storable/Storable.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Sys/Hostname/Hostname.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Sys/Syslog/Syslog.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Tie/Hash/NamedCapture/NamedCapture.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Time/HiRes/HiRes.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Time/Piece/Piece.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Unicode/Collate/Collate.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Unicode/Normalize/Normalize.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/attributes/attributes.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/mro/mro.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/re/re.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/threads/shared/shared.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/threads/threads.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/byteswap.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/endian.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/endianness.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/ioctl-types.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/ioctls.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/long-double.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/pthreadtypes-arch.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/pthreadtypes.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/select.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/select2.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/sigaction.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/sigcontext.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/sigevent-consts.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/siginfo-arch.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/siginfo-consts-arch.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/siginfo-consts.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/signal_ext.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/signum-generic.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/signum.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/sigstack.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/sigthread.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/sockaddr.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/socket-constants.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/socket.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/socket2.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/socket_type.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/ss_flags.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/stdint-intn.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/struct_mutex.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/struct_rwlock.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/syscall.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/syslog-ldbl.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/syslog-path.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/syslog.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/thread-shared-types.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/time64.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/timesize.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/__sigset_t.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/__sigval_t.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/clock_t.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/clockid_t.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/sig_atomic_t.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/sigevent_t.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/siginfo_t.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/sigset_t.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/sigval_t.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/stack_t.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/struct_iovec.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/struct_osockaddr.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/struct_rusage.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/struct_sigstack.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/struct_timespec.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/struct_timeval.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/time_t.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/timer_t.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/typesizes.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/uintn-identity.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/waitflags.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/waitstatus.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/wordsize.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/encoding.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/endian.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/errno.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/features.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/gnu/stubs-64.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/gnu/stubs.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/lib.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/linux/ioctl.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/linux/posix_types.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/linux/stddef.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/mro.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/ops.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/re.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/signal.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/stdarg.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/stdc-predef.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/stddef.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/sys/cdefs.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/sys/ioctl.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/sys/select.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/sys/socket.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/sys/syscall.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/sys/syslog.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/sys/time.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/sys/ttydefaults.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/sys/types.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/sys/ucontext.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/sys/wait.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/syscall.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/sysexits.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/syslimits.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/syslog.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/threads.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/threads/shared.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/wait.ph", "/usr/lib/x86_64-linux-gnu/perl/debian-config-data-5.30.0/README", "/usr/lib/x86_64-linux-gnu/perl/debian-config-data-5.30.0/config.sh.debug.gz", "/usr/lib/x86_64-linux-gnu/perl/debian-config-data-5.30.0/config.sh.shared.gz", "/usr/lib/x86_64-linux-gnu/perl/debian-config-data-5.30.0/config.sh.static.gz", "/usr/share/doc/libperl5.30/changelog.Debian.gz", "/usr/share/doc/libperl5.30/copyright", "/usr/share/man/man1/cpan5.30-x86_64-linux-gnu.1.gz", "/usr/share/man/man1/perl5.30-x86_64-linux-gnu.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "libpmem1@1.8-1ubuntu1", "Name": "libpmem1", "Identifier": { "PURL": "pkg:deb/ubuntu/libpmem1@1.8-1ubuntu1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "b5e316fd5e28e714" }, "Version": "1.8", "Release": "1ubuntu1", "Arch": "amd64", "SrcName": "pmdk", "SrcVersion": "1.8", "SrcRelease": "1ubuntu1", "Licenses": [ "BSD-3-Clause", "CDDL-1.0" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libpmem.so.1.0.0", "/usr/share/doc/libpmem1/NEWS.Debian.gz", "/usr/share/doc/libpmem1/changelog.Debian.gz", "/usr/share/doc/libpmem1/copyright", "/usr/share/man/man5/poolset.5.gz", "/usr/share/pmdk/pmdk.magic" ], "AnalyzedBy": "dpkg" }, { "ID": "libpopt0@1.16-14", "Name": "libpopt0", "Identifier": { "PURL": "pkg:deb/ubuntu/libpopt0@1.16-14?arch=amd64\u0026distro=ubuntu-20.04", "UID": "6a08802bc0d6d486" }, "Version": "1.16", "Release": "14", "Arch": "amd64", "SrcName": "popt", "SrcVersion": "1.16", "SrcRelease": "14", "Licenses": [ "X-Consortium", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libpopt.so.0.0.0", "/usr/share/doc/libpopt0/README", "/usr/share/doc/libpopt0/changelog.Debian.gz", "/usr/share/doc/libpopt0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libprocps8@2:3.3.16-1ubuntu2.3", "Name": "libprocps8", "Identifier": { "PURL": "pkg:deb/ubuntu/libprocps8@3.3.16-1ubuntu2.3?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=2", "UID": "75a220dc5c5b9715" }, "Version": "3.3.16", "Release": "1ubuntu2.3", "Epoch": 2, "Arch": "amd64", "SrcName": "procps", "SrcVersion": "3.3.16", "SrcRelease": "1ubuntu2.3", "SrcEpoch": 2, "Licenses": [ "LGPL-2.1-or-later", "LGPL-2.0-or-later", "GPL-2.0-or-later", "GPL-2.0-only", "LGPL-2.0-only", "LGPL-2.1-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libsystemd0@245.4-4ubuntu3.21" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libprocps.so.8.0.2", "/usr/share/doc/libprocps8/NEWS.Debian.gz", "/usr/share/doc/libprocps8/changelog.Debian.gz", "/usr/share/doc/libprocps8/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libreadline5@5.2+dfsg-3build3", "Name": "libreadline5", "Identifier": { "PURL": "pkg:deb/ubuntu/libreadline5@5.2%2Bdfsg-3build3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "234af31bdc63d43c" }, "Version": "5.2+dfsg", "Release": "3build3", "Arch": "amd64", "SrcName": "readline5", "SrcVersion": "5.2+dfsg", "SrcRelease": "3build3", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libtinfo6@6.2-0ubuntu2", "readline-common@8.0-4" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libhistory.so.5.2", "/lib/x86_64-linux-gnu/libreadline.so.5.2", "/usr/share/doc/libreadline5/README.Debian", "/usr/share/doc/libreadline5/USAGE", "/usr/share/doc/libreadline5/changelog.Debian.gz", "/usr/share/doc/libreadline5/copyright", "/usr/share/doc/libreadline5/examples/Inputrc", "/usr/share/doc/libreadline5/inputrc.arrows" ], "AnalyzedBy": "dpkg" }, { "ID": "libreadline8@8.0-4", "Name": "libreadline8", "Identifier": { "PURL": "pkg:deb/ubuntu/libreadline8@8.0-4?arch=amd64\u0026distro=ubuntu-20.04", "UID": "f9e655d4edc2d8e2" }, "Version": "8.0", "Release": "4", "Arch": "amd64", "SrcName": "readline", "SrcVersion": "8.0", "SrcRelease": "4", "Licenses": [ "GPL-3.0-only", "GFDL-1.3-or-later" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libtinfo6@6.2-0ubuntu2", "readline-common@8.0-4" ], "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libhistory.so.8.0", "/lib/x86_64-linux-gnu/libreadline.so.8.0", "/usr/share/doc/libreadline8/README.Debian", "/usr/share/doc/libreadline8/USAGE", "/usr/share/doc/libreadline8/changelog.Debian.gz", "/usr/share/doc/libreadline8/copyright", "/usr/share/doc/libreadline8/examples/Inputrc", "/usr/share/doc/libreadline8/inputrc.arrows" ], "AnalyzedBy": "dpkg" }, { "ID": "libseccomp2@2.5.1-1ubuntu1~20.04.2", "Name": "libseccomp2", "Identifier": { "PURL": "pkg:deb/ubuntu/libseccomp2@2.5.1-1ubuntu1~20.04.2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "db3912914568b1ad" }, "Version": "2.5.1", "Release": "1ubuntu1~20.04.2", "Arch": "amd64", "SrcName": "libseccomp", "SrcVersion": "2.5.1", "SrcRelease": "1ubuntu1~20.04.2", "Licenses": [ "LGPL-2.1-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libseccomp.so.2.5.1", "/usr/share/doc/libseccomp2/changelog.Debian.gz", "/usr/share/doc/libseccomp2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libselinux1@3.0-1build2", "Name": "libselinux1", "Identifier": { "PURL": "pkg:deb/ubuntu/libselinux1@3.0-1build2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "a9c070ddf7ca5ca6" }, "Version": "3.0", "Release": "1build2", "Arch": "amd64", "SrcName": "libselinux", "SrcVersion": "3.0", "SrcRelease": "1build2", "Licenses": [ "LGPL-2.1-only", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libpcre2-8-0@10.34-7ubuntu0.1" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libselinux.so.1", "/usr/share/doc/libselinux1/changelog.Debian.gz", "/usr/share/doc/libselinux1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libsemanage-common@3.0-1build2", "Name": "libsemanage-common", "Identifier": { "PURL": "pkg:deb/ubuntu/libsemanage-common@3.0-1build2?arch=all\u0026distro=ubuntu-20.04", "UID": "f8b9732e3155b5b4" }, "Version": "3.0", "Release": "1build2", "Arch": "all", "SrcName": "libsemanage", "SrcVersion": "3.0", "SrcRelease": "1build2", "Licenses": [ "LGPL-2.0-or-later", "GPL-2.0-or-later" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/share/doc/libsemanage-common/changelog.Debian.gz", "/usr/share/doc/libsemanage-common/copyright", "/usr/share/man/man5/semanage.conf.5.gz", "/usr/share/man/ru/man5/semanage.conf.5.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "libsemanage1@3.0-1build2", "Name": "libsemanage1", "Identifier": { "PURL": "pkg:deb/ubuntu/libsemanage1@3.0-1build2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "eeefe3ed36f03f79" }, "Version": "3.0", "Release": "1build2", "Arch": "amd64", "SrcName": "libsemanage", "SrcVersion": "3.0", "SrcRelease": "1build2", "Licenses": [ "LGPL-2.0-or-later", "GPL-2.0-or-later" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libaudit1@1:2.8.5-2ubuntu6", "libbz2-1.0@1.0.8-2", "libc6@2.31-0ubuntu9.9", "libselinux1@3.0-1build2", "libsemanage-common@3.0-1build2", "libsepol1@3.0-1ubuntu0.1" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libsemanage.so.1", "/usr/share/doc/libsemanage1/changelog.Debian.gz", "/usr/share/doc/libsemanage1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libsepol1@3.0-1ubuntu0.1", "Name": "libsepol1", "Identifier": { "PURL": "pkg:deb/ubuntu/libsepol1@3.0-1ubuntu0.1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "2c4a00b1d72fefc9" }, "Version": "3.0", "Release": "1ubuntu0.1", "Arch": "amd64", "SrcName": "libsepol", "SrcVersion": "3.0", "SrcRelease": "1ubuntu0.1", "Licenses": [ "LGPL-2.0-or-later", "GPL-2.0-or-later" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libsepol.so.1", "/usr/share/doc/libsepol1/changelog.Debian.gz", "/usr/share/doc/libsepol1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libsigsegv2@2.12-2", "Name": "libsigsegv2", "Identifier": { "PURL": "pkg:deb/ubuntu/libsigsegv2@2.12-2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "7e770d77096955f1" }, "Version": "2.12", "Release": "2", "Arch": "amd64", "SrcName": "libsigsegv", "SrcVersion": "2.12", "SrcRelease": "2", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-with-autoconf-exception+", "GPL-2.0-only", "permissive-fsf", "permissive-other" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libsigsegv.so.2.0.5", "/usr/share/doc/libsigsegv2/NEWS.gz", "/usr/share/doc/libsigsegv2/README.gz", "/usr/share/doc/libsigsegv2/changelog.Debian.gz", "/usr/share/doc/libsigsegv2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libsmartcols1@2.34-0.1ubuntu9.3", "Name": "libsmartcols1", "Identifier": { "PURL": "pkg:deb/ubuntu/libsmartcols1@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "e0fe2b0ba0e3d931" }, "Version": "2.34", "Release": "0.1ubuntu9.3", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.34", "SrcRelease": "0.1ubuntu9.3", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "public-domain", "BSD-4-Clause", "MIT", "BSD-2-Clause", "BSD-3-Clause", "LGPL-2.0-or-later", "LGPL-2.1-or-later", "GPL-3.0-or-later", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libsmartcols.so.1.1.0", "/usr/share/doc/libsmartcols1/changelog.Debian.gz", "/usr/share/doc/libsmartcols1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libsqlite3-0@3.31.1-4ubuntu0.5", "Name": "libsqlite3-0", "Identifier": { "PURL": "pkg:deb/ubuntu/libsqlite3-0@3.31.1-4ubuntu0.5?arch=amd64\u0026distro=ubuntu-20.04", "UID": "a3370ed119e5344f" }, "Version": "3.31.1", "Release": "4ubuntu0.5", "Arch": "amd64", "SrcName": "sqlite3", "SrcVersion": "3.31.1", "SrcRelease": "4ubuntu0.5", "Licenses": [ "public-domain", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libsqlite3.so.0.8.6", "/usr/share/doc/libsqlite3-0/README.Debian", "/usr/share/doc/libsqlite3-0/changelog.Debian.gz", "/usr/share/doc/libsqlite3-0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libss2@1.45.5-2ubuntu1.1", "Name": "libss2", "Identifier": { "PURL": "pkg:deb/ubuntu/libss2@1.45.5-2ubuntu1.1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "3e46290b129f0387" }, "Version": "1.45.5", "Release": "2ubuntu1.1", "Arch": "amd64", "SrcName": "e2fsprogs", "SrcVersion": "1.45.5", "SrcRelease": "2ubuntu1.1", "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libcom-err2@1.45.5-2ubuntu1.1" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libss.so.2.0", "/usr/share/doc/libss2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libssl1.1@1.1.1f-1ubuntu2.17", "Name": "libssl1.1", "Identifier": { "PURL": "pkg:deb/ubuntu/libssl1.1@1.1.1f-1ubuntu2.17?arch=amd64\u0026distro=ubuntu-20.04", "UID": "b87ebee76c1b0f05" }, "Version": "1.1.1f", "Release": "1ubuntu2.17", "Arch": "amd64", "SrcName": "openssl", "SrcVersion": "1.1.1f", "SrcRelease": "1ubuntu2.17", "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debconf@1.5.73", "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/engines-1.1/afalg.so", "/usr/lib/x86_64-linux-gnu/engines-1.1/capi.so", "/usr/lib/x86_64-linux-gnu/engines-1.1/padlock.so", "/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1", "/usr/lib/x86_64-linux-gnu/libssl.so.1.1", "/usr/share/doc/libssl1.1/NEWS.Debian.gz", "/usr/share/doc/libssl1.1/changelog.Debian.gz", "/usr/share/doc/libssl1.1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libstdc++6@10.3.0-1ubuntu1~20.04", "Name": "libstdc++6", "Identifier": { "PURL": "pkg:deb/ubuntu/libstdc%2B%2B6@10.3.0-1ubuntu1~20.04?arch=amd64\u0026distro=ubuntu-20.04", "UID": "fcbb911f1af25c92" }, "Version": "10.3.0", "Release": "1ubuntu1~20.04", "Arch": "amd64", "SrcName": "gcc-10", "SrcVersion": "10.3.0", "SrcRelease": "1ubuntu1~20.04", "Maintainer": "Ubuntu Core developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "gcc-10-base@10.3.0-1ubuntu1~20.04", "libc6@2.31-0ubuntu9.9", "libgcc-s1@10.3.0-1ubuntu1~20.04" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.28", "/usr/share/gcc/python/libstdcxx/__init__.py", "/usr/share/gcc/python/libstdcxx/v6/__init__.py", "/usr/share/gcc/python/libstdcxx/v6/printers.py", "/usr/share/gcc/python/libstdcxx/v6/xmethods.py", "/usr/share/gdb/auto-load/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.28-gdb.py" ], "AnalyzedBy": "dpkg" }, { "ID": "libsystemd0@245.4-4ubuntu3.21", "Name": "libsystemd0", "Identifier": { "PURL": "pkg:deb/ubuntu/libsystemd0@245.4-4ubuntu3.21?arch=amd64\u0026distro=ubuntu-20.04", "UID": "2ca4bda860660f7" }, "Version": "245.4", "Release": "4ubuntu3.21", "Arch": "amd64", "SrcName": "systemd", "SrcVersion": "245.4", "SrcRelease": "4ubuntu3.21", "Licenses": [ "LGPL-2.1-or-later", "CC0-1.0", "GPL-2.0-only", "GPL-2 with Linux-syscall-note exception", "MIT", "public-domain", "GPL-2.0-or-later", "LGPL-2.1-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libsystemd.so.0.28.0", "/usr/share/doc/libsystemd0/changelog.Debian.gz", "/usr/share/doc/libsystemd0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libtasn1-6@4.16.0-2", "Name": "libtasn1-6", "Identifier": { "PURL": "pkg:deb/ubuntu/libtasn1-6@4.16.0-2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "1f3fac8fa7795921" }, "Version": "4.16.0", "Release": "2", "Arch": "amd64", "SrcName": "libtasn1-6", "SrcVersion": "4.16.0", "SrcRelease": "2", "Licenses": [ "LGPL-2.0-or-later", "LGPL-2.1-only", "GPL-3.0-only", "GFDL-1.3-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libtasn1.so.6.6.0", "/usr/share/doc/libtasn1-6/AUTHORS", "/usr/share/doc/libtasn1-6/README.md", "/usr/share/doc/libtasn1-6/THANKS", "/usr/share/doc/libtasn1-6/changelog.Debian.gz", "/usr/share/doc/libtasn1-6/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libtinfo6@6.2-0ubuntu2", "Name": "libtinfo6", "Identifier": { "PURL": "pkg:deb/ubuntu/libtinfo6@6.2-0ubuntu2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "a7882c12b2088277" }, "Version": "6.2", "Release": "0ubuntu2", "Arch": "amd64", "SrcName": "ncurses", "SrcVersion": "6.2", "SrcRelease": "0ubuntu2", "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libtinfo.so.6.2", "/usr/lib/x86_64-linux-gnu/libtic.so.6.2", "/usr/share/doc/libtinfo6/FAQ", "/usr/share/doc/libtinfo6/TODO.Debian", "/usr/share/doc/libtinfo6/changelog.Debian.gz", "/usr/share/doc/libtinfo6/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libudev1@245.4-4ubuntu3.21", "Name": "libudev1", "Identifier": { "PURL": "pkg:deb/ubuntu/libudev1@245.4-4ubuntu3.21?arch=amd64\u0026distro=ubuntu-20.04", "UID": "f95ec49e3ef20df4" }, "Version": "245.4", "Release": "4ubuntu3.21", "Arch": "amd64", "SrcName": "systemd", "SrcVersion": "245.4", "SrcRelease": "4ubuntu3.21", "Licenses": [ "LGPL-2.1-or-later", "CC0-1.0", "GPL-2.0-only", "GPL-2 with Linux-syscall-note exception", "MIT", "public-domain", "GPL-2.0-or-later", "LGPL-2.1-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libudev.so.1.6.17", "/usr/share/doc/libudev1/changelog.Debian.gz", "/usr/share/doc/libudev1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libunistring2@0.9.10-2", "Name": "libunistring2", "Identifier": { "PURL": "pkg:deb/ubuntu/libunistring2@0.9.10-2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "d67bce3ae373329f" }, "Version": "0.9.10", "Release": "2", "Arch": "amd64", "SrcName": "libunistring", "SrcVersion": "0.9.10", "SrcRelease": "2", "Licenses": [ "LGPL-3.0-or-later", "GPL-2.0-or-later", "FreeSoftware", "GPL-2+ with distribution exception", "GPL-3.0-or-later", "GFDL-1.2-or-later", "MIT", "LGPL-3.0-only", "GPL-3.0-only", "GPL-2.0-only", "GFDL-1.2-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libunistring.so.2.1.0", "/usr/share/doc/libunistring2/changelog.Debian.gz", "/usr/share/doc/libunistring2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libuuid1@2.34-0.1ubuntu9.3", "Name": "libuuid1", "Identifier": { "PURL": "pkg:deb/ubuntu/libuuid1@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "51a8ab06722bbc14" }, "Version": "2.34", "Release": "0.1ubuntu9.3", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.34", "SrcRelease": "0.1ubuntu9.3", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "public-domain", "BSD-4-Clause", "MIT", "BSD-2-Clause", "BSD-3-Clause", "LGPL-2.0-or-later", "LGPL-2.1-or-later", "GPL-3.0-or-later", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libuuid.so.1.3.0", "/usr/share/doc/libuuid1/changelog.Debian.gz", "/usr/share/doc/libuuid1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libwrap0@7.6.q-30", "Name": "libwrap0", "Identifier": { "PURL": "pkg:deb/ubuntu/libwrap0@7.6.q-30?arch=amd64\u0026distro=ubuntu-20.04", "UID": "5018efec0f7a250d" }, "Version": "7.6.q", "Release": "30", "Arch": "amd64", "SrcName": "tcp-wrappers", "SrcVersion": "7.6.q", "SrcRelease": "30", "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libwrap.so.0.7.6", "/usr/share/doc/libwrap0/README.Debian", "/usr/share/doc/libwrap0/README.gz", "/usr/share/doc/libwrap0/changelog.Debian.gz", "/usr/share/doc/libwrap0/copyright", "/usr/share/man/man5/hosts_access.5.gz", "/usr/share/man/man5/hosts_options.5.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "libxtables12@1.8.4-3ubuntu2", "Name": "libxtables12", "Identifier": { "PURL": "pkg:deb/ubuntu/libxtables12@1.8.4-3ubuntu2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "e8e30686839cc4b5" }, "Version": "1.8.4", "Release": "3ubuntu2", "Arch": "amd64", "SrcName": "iptables", "SrcVersion": "1.8.4", "SrcRelease": "3ubuntu2", "Licenses": [ "GPL-2.0-only", "Artistic-2.0", "GPL-2.0-or-later", "custom" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libxtables.so.12.2.0", "/usr/share/doc/libxtables12/NEWS.Debian.gz", "/usr/share/doc/libxtables12/changelog.Debian.gz", "/usr/share/doc/libxtables12/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libzstd1@1.4.4+dfsg-3ubuntu0.1", "Name": "libzstd1", "Identifier": { "PURL": "pkg:deb/ubuntu/libzstd1@1.4.4%2Bdfsg-3ubuntu0.1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "f4f84047570c3dd6" }, "Version": "1.4.4+dfsg", "Release": "3ubuntu0.1", "Arch": "amd64", "SrcName": "libzstd", "SrcVersion": "1.4.4+dfsg", "SrcRelease": "3ubuntu0.1", "Licenses": [ "BSD-3-Clause", "GPL-2.0-only", "Zlib", "GPL-2.0-or-later", "MIT" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libzstd.so.1.4.4", "/usr/share/doc/libzstd1/changelog.Debian.gz", "/usr/share/doc/libzstd1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "login@1:4.8.1-1ubuntu5.20.04.4", "Name": "login", "Identifier": { "PURL": "pkg:deb/ubuntu/login@4.8.1-1ubuntu5.20.04.4?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "a79aae34849faa64" }, "Version": "4.8.1", "Release": "1ubuntu5.20.04.4", "Epoch": 1, "Arch": "amd64", "SrcName": "shadow", "SrcVersion": "4.8.1", "SrcRelease": "1ubuntu5.20.04.4", "SrcEpoch": 1, "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/bin/login", "/usr/bin/faillog", "/usr/bin/lastlog", "/usr/bin/newgrp", "/usr/sbin/nologin", "/usr/share/apport/package-hooks/source_shadow.py", "/usr/share/doc/login/NEWS.Debian.gz", "/usr/share/doc/login/changelog.Debian.gz", "/usr/share/doc/login/copyright", "/usr/share/lintian/overrides/login", "/usr/share/man/cs/man5/faillog.5.gz", "/usr/share/man/cs/man8/faillog.8.gz", "/usr/share/man/cs/man8/lastlog.8.gz", "/usr/share/man/cs/man8/nologin.8.gz", "/usr/share/man/da/man1/newgrp.1.gz", "/usr/share/man/da/man1/sg.1.gz", "/usr/share/man/da/man8/nologin.8.gz", "/usr/share/man/de/man1/login.1.gz", "/usr/share/man/de/man1/newgrp.1.gz", "/usr/share/man/de/man1/sg.1.gz", "/usr/share/man/de/man5/faillog.5.gz", "/usr/share/man/de/man5/login.defs.5.gz", "/usr/share/man/de/man8/faillog.8.gz", "/usr/share/man/de/man8/lastlog.8.gz", "/usr/share/man/de/man8/nologin.8.gz", "/usr/share/man/fr/man1/login.1.gz", "/usr/share/man/fr/man1/newgrp.1.gz", "/usr/share/man/fr/man1/sg.1.gz", "/usr/share/man/fr/man5/faillog.5.gz", "/usr/share/man/fr/man5/login.defs.5.gz", "/usr/share/man/fr/man8/faillog.8.gz", "/usr/share/man/fr/man8/lastlog.8.gz", "/usr/share/man/fr/man8/nologin.8.gz", "/usr/share/man/hu/man1/login.1.gz", "/usr/share/man/hu/man1/newgrp.1.gz", "/usr/share/man/hu/man8/lastlog.8.gz", "/usr/share/man/id/man1/login.1.gz", "/usr/share/man/it/man1/login.1.gz", "/usr/share/man/it/man1/newgrp.1.gz", "/usr/share/man/it/man1/sg.1.gz", "/usr/share/man/it/man5/faillog.5.gz", "/usr/share/man/it/man5/login.defs.5.gz", "/usr/share/man/it/man8/faillog.8.gz", "/usr/share/man/it/man8/lastlog.8.gz", "/usr/share/man/it/man8/nologin.8.gz", "/usr/share/man/ja/man1/login.1.gz", "/usr/share/man/ja/man1/newgrp.1.gz", "/usr/share/man/ja/man5/faillog.5.gz", "/usr/share/man/ja/man5/login.defs.5.gz", "/usr/share/man/ja/man8/faillog.8.gz", "/usr/share/man/ja/man8/lastlog.8.gz", "/usr/share/man/ko/man1/login.1.gz", "/usr/share/man/man1/login.1.gz", "/usr/share/man/man1/newgrp.1.gz", "/usr/share/man/man1/sg.1.gz", "/usr/share/man/man5/faillog.5.gz", "/usr/share/man/man5/login.defs.5.gz", "/usr/share/man/man8/faillog.8.gz", "/usr/share/man/man8/lastlog.8.gz", "/usr/share/man/man8/nologin.8.gz", "/usr/share/man/pl/man1/newgrp.1.gz", "/usr/share/man/pl/man1/sg.1.gz", "/usr/share/man/pl/man5/faillog.5.gz", "/usr/share/man/pl/man8/faillog.8.gz", "/usr/share/man/pl/man8/lastlog.8.gz", "/usr/share/man/ru/man1/login.1.gz", "/usr/share/man/ru/man1/newgrp.1.gz", "/usr/share/man/ru/man1/sg.1.gz", "/usr/share/man/ru/man5/faillog.5.gz", "/usr/share/man/ru/man5/login.defs.5.gz", "/usr/share/man/ru/man8/faillog.8.gz", "/usr/share/man/ru/man8/lastlog.8.gz", "/usr/share/man/ru/man8/nologin.8.gz", "/usr/share/man/sv/man1/newgrp.1.gz", "/usr/share/man/sv/man1/sg.1.gz", "/usr/share/man/sv/man5/faillog.5.gz", "/usr/share/man/sv/man8/faillog.8.gz", "/usr/share/man/sv/man8/lastlog.8.gz", "/usr/share/man/sv/man8/nologin.8.gz", "/usr/share/man/tr/man1/login.1.gz", "/usr/share/man/zh_CN/man1/login.1.gz", "/usr/share/man/zh_CN/man1/newgrp.1.gz", "/usr/share/man/zh_CN/man1/sg.1.gz", "/usr/share/man/zh_CN/man5/faillog.5.gz", "/usr/share/man/zh_CN/man5/login.defs.5.gz", "/usr/share/man/zh_CN/man8/faillog.8.gz", "/usr/share/man/zh_CN/man8/lastlog.8.gz", "/usr/share/man/zh_CN/man8/nologin.8.gz", "/usr/share/man/zh_TW/man1/newgrp.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "logsave@1.45.5-2ubuntu1.1", "Name": "logsave", "Identifier": { "PURL": "pkg:deb/ubuntu/logsave@1.45.5-2ubuntu1.1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "8308a2b238c2c56" }, "Version": "1.45.5", "Release": "2ubuntu1.1", "Arch": "amd64", "SrcName": "e2fsprogs", "SrcVersion": "1.45.5", "SrcRelease": "2ubuntu1.1", "Licenses": [ "GPL-2.0-only", "LGPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/sbin/logsave", "/usr/share/doc/logsave/changelog.Debian.gz", "/usr/share/doc/logsave/copyright", "/usr/share/man/man8/logsave.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "lsb-base@11.1.0ubuntu2", "Name": "lsb-base", "Identifier": { "PURL": "pkg:deb/ubuntu/lsb-base@11.1.0ubuntu2?arch=all\u0026distro=ubuntu-20.04", "UID": "b3b9f72789fe717e" }, "Version": "11.1.0ubuntu2", "Arch": "all", "SrcName": "lsb", "SrcVersion": "11.1.0ubuntu2", "Licenses": [ "GPL-2.0-only", "BSD-3-Clause" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/lsb/init-functions", "/lib/lsb/init-functions.d/00-verbose", "/lib/lsb/init-functions.d/50-ubuntu-logging", "/usr/share/doc/lsb-base/NEWS.Debian.gz", "/usr/share/doc/lsb-base/README.Debian.gz", "/usr/share/doc/lsb-base/changelog.gz", "/usr/share/doc/lsb-base/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "lsof@4.93.2+dfsg-1ubuntu0.20.04.1", "Name": "lsof", "Identifier": { "PURL": "pkg:deb/ubuntu/lsof@4.93.2%2Bdfsg-1ubuntu0.20.04.1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "3ca8feeece8ad23d" }, "Version": "4.93.2+dfsg", "Release": "1ubuntu0.20.04.1", "Arch": "amd64", "SrcName": "lsof", "SrcVersion": "4.93.2+dfsg", "SrcRelease": "1ubuntu0.20.04.1", "Licenses": [ "Purdue", "BSD-4-Clause", "GPL-2.0-or-later", "LGPL-2.0-or-later", "Sendmail", "LGPL-2.0-only", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libselinux1@3.0-1build2" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/bin/lsof", "/usr/share/doc/lsof/00FAQ.gz", "/usr/share/doc/lsof/00LSOF-L", "/usr/share/doc/lsof/00QUICKSTART.gz", "/usr/share/doc/lsof/README.Debian", "/usr/share/doc/lsof/changelog.Debian.gz", "/usr/share/doc/lsof/copyright", "/usr/share/doc/lsof/examples/00MANIFEST", "/usr/share/doc/lsof/examples/00README", "/usr/share/doc/lsof/examples/big_brother.perl5.gz", "/usr/share/doc/lsof/examples/count_pf.perl", "/usr/share/doc/lsof/examples/count_pf.perl5", "/usr/share/doc/lsof/examples/identd.perl5", "/usr/share/doc/lsof/examples/idrlogin.perl.gz", "/usr/share/doc/lsof/examples/idrlogin.perl5.gz", "/usr/share/doc/lsof/examples/list_NULf.perl5.gz", "/usr/share/doc/lsof/examples/list_fields.awk.gz", "/usr/share/doc/lsof/examples/list_fields.perl.gz", "/usr/share/doc/lsof/examples/shared.perl5.gz", "/usr/share/doc/lsof/examples/sort_res.perl5", "/usr/share/doc/lsof/examples/watch_a_file.perl", "/usr/share/doc/lsof/examples/xusers.awk", "/usr/share/man/man8/lsof.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "mariadb-backup@1:10.7.8+maria~ubu2004", "Name": "mariadb-backup", "Identifier": { "PURL": "pkg:deb/ubuntu/mariadb-backup@10.7.8%2Bmaria~ubu2004?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "a46abd81895bde74" }, "Version": "10.7.8+maria~ubu2004", "Epoch": 1, "Arch": "amd64", "SrcName": "mariadb-10.7", "SrcVersion": "10.7.8+maria~ubu2004", "SrcEpoch": 1, "Maintainer": "MariaDB Developers \u003cmaria-developers@lists.launchpad.net\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libaio1@0.3.112-5", "libc6@2.31-0ubuntu9.9", "libcrypt1@1:4.4.10-10ubuntu4", "libpcre2-8-0@10.34-7ubuntu0.1", "libpmem1@1.8-1ubuntu1", "libssl1.1@1.1.1f-1ubuntu2.17", "libstdc++6@10.3.0-1ubuntu1~20.04", "libsystemd0@245.4-4ubuntu3.21", "mariadb-client-core-10.7@1:10.7.8+maria~ubu2004", "zlib1g@1:1.2.11.dfsg-2ubuntu1.5" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/bin/mariadb-backup", "/usr/bin/mbstream", "/usr/share/doc/mariadb-backup/changelog.gz", "/usr/share/doc/mariadb-backup/copyright", "/usr/share/man/man1/mariabackup.1.gz", "/usr/share/man/man1/mbstream.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "mariadb-client-10.7@1:10.7.8+maria~ubu2004", "Name": "mariadb-client-10.7", "Identifier": { "PURL": "pkg:deb/ubuntu/mariadb-client-10.7@10.7.8%2Bmaria~ubu2004?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "ce20d725795d726c" }, "Version": "10.7.8+maria~ubu2004", "Epoch": 1, "Arch": "amd64", "SrcName": "mariadb-10.7", "SrcVersion": "10.7.8+maria~ubu2004", "SrcEpoch": 1, "Maintainer": "MariaDB Developers \u003cmaria-developers@lists.launchpad.net\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debianutils@4.9.1", "libc6@2.31-0ubuntu9.9", "libconfig-inifiles-perl@3.000002-1", "libssl1.1@1.1.1f-1ubuntu2.17", "libstdc++6@10.3.0-1ubuntu1~20.04", "mariadb-client-core-10.7@1:10.7.8+maria~ubu2004", "mariadb-common@1:10.7.8+maria~ubu2004", "zlib1g@1:1.2.11.dfsg-2ubuntu1.5" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/bin/innotop", "/usr/bin/mariadb-access", "/usr/bin/mariadb-admin", "/usr/bin/mariadb-binlog", "/usr/bin/mariadb-conv", "/usr/bin/mariadb-convert-table-format", "/usr/bin/mariadb-dump", "/usr/bin/mariadb-dumpslow", "/usr/bin/mariadb-find-rows", "/usr/bin/mariadb-fix-extensions", "/usr/bin/mariadb-hotcopy", "/usr/bin/mariadb-import", "/usr/bin/mariadb-plugin", "/usr/bin/mariadb-report", "/usr/bin/mariadb-secure-installation", "/usr/bin/mariadb-setpermission", "/usr/bin/mariadb-show", "/usr/bin/mariadb-slap", "/usr/bin/mariadb-tzinfo-to-sql", "/usr/bin/mariadb-waitpid", "/usr/bin/msql2mysql", "/usr/bin/mytop", "/usr/bin/perror", "/usr/bin/replace", "/usr/bin/resolve_stack_dump", "/usr/share/doc/mariadb-client-10.7/README.Debian", "/usr/share/doc/mariadb-client-10.7/README.md", "/usr/share/doc/mariadb-client-10.7/changelog.gz", "/usr/share/doc/mariadb-client-10.7/changelog.innotop.gz", "/usr/share/doc/mariadb-client-10.7/copyright", "/usr/share/man/man1/innotop.1.gz", "/usr/share/man/man1/mariadb-conv.1.gz", "/usr/share/man/man1/mariadb-report.1.gz", "/usr/share/man/man1/msql2mysql.1.gz", "/usr/share/man/man1/mysql_convert_table_format.1.gz", "/usr/share/man/man1/mysql_find_rows.1.gz", "/usr/share/man/man1/mysql_fix_extensions.1.gz", "/usr/share/man/man1/mysql_plugin.1.gz", "/usr/share/man/man1/mysql_secure_installation.1.gz", "/usr/share/man/man1/mysql_setpermission.1.gz", "/usr/share/man/man1/mysql_tzinfo_to_sql.1.gz", "/usr/share/man/man1/mysql_waitpid.1.gz", "/usr/share/man/man1/mysqlaccess.1.gz", "/usr/share/man/man1/mysqladmin.1.gz", "/usr/share/man/man1/mysqlbinlog.1.gz", "/usr/share/man/man1/mysqldump.1.gz", "/usr/share/man/man1/mysqldumpslow.1.gz", "/usr/share/man/man1/mysqlhotcopy.1.gz", "/usr/share/man/man1/mysqlimport.1.gz", "/usr/share/man/man1/mysqlshow.1.gz", "/usr/share/man/man1/mysqlslap.1.gz", "/usr/share/man/man1/mytop.1.gz", "/usr/share/man/man1/perror.1.gz", "/usr/share/man/man1/replace.1.gz", "/usr/share/man/man1/resolve_stack_dump.1.gz", "/usr/share/menu/mariadb-client-10.7" ], "AnalyzedBy": "dpkg" }, { "ID": "mariadb-client-core-10.7@1:10.7.8+maria~ubu2004", "Name": "mariadb-client-core-10.7", "Identifier": { "PURL": "pkg:deb/ubuntu/mariadb-client-core-10.7@10.7.8%2Bmaria~ubu2004?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "d75d249eff74841" }, "Version": "10.7.8+maria~ubu2004", "Epoch": 1, "Arch": "amd64", "SrcName": "mariadb-10.7", "SrcVersion": "10.7.8+maria~ubu2004", "SrcEpoch": 1, "Maintainer": "MariaDB Developers \u003cmaria-developers@lists.launchpad.net\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libmariadb3@1:10.7.8+maria~ubu2004", "libncurses6@6.2-0ubuntu2", "libreadline5@5.2+dfsg-3build3", "libssl1.1@1.1.1f-1ubuntu2.17", "libstdc++6@10.3.0-1ubuntu1~20.04", "libtinfo6@6.2-0ubuntu2", "mariadb-common@1:10.7.8+maria~ubu2004", "zlib1g@1:1.2.11.dfsg-2ubuntu1.5" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/bin/mariadb", "/usr/bin/mariadb-check", "/usr/bin/my_print_defaults", "/usr/share/doc/mariadb-client-core-10.7/changelog.gz", "/usr/share/doc/mariadb-client-core-10.7/copyright", "/usr/share/man/man1/my_print_defaults.1.gz", "/usr/share/man/man1/mysql.1.gz", "/usr/share/man/man1/mysqlcheck.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "mariadb-common@1:10.7.8+maria~ubu2004", "Name": "mariadb-common", "Identifier": { "PURL": "pkg:deb/ubuntu/mariadb-common@10.7.8%2Bmaria~ubu2004?arch=all\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "328c7a59af1dc0f8" }, "Version": "10.7.8+maria~ubu2004", "Epoch": 1, "Arch": "all", "SrcName": "mariadb-10.7", "SrcVersion": "10.7.8+maria~ubu2004", "SrcEpoch": 1, "Maintainer": "MariaDB Developers \u003cmaria-developers@lists.launchpad.net\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "mysql-common@1:10.7.8+maria~ubu2004" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/share/doc/mariadb-common/changelog.gz", "/usr/share/doc/mariadb-common/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "mariadb-server@1:10.7.8+maria~ubu2004", "Name": "mariadb-server", "Identifier": { "PURL": "pkg:deb/ubuntu/mariadb-server@10.7.8%2Bmaria~ubu2004?arch=all\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "cec014dd99a06d48" }, "Version": "10.7.8+maria~ubu2004", "Epoch": 1, "Arch": "all", "SrcName": "mariadb-10.7", "SrcVersion": "10.7.8+maria~ubu2004", "SrcEpoch": 1, "Maintainer": "MariaDB Developers \u003cmaria-developers@lists.launchpad.net\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "mariadb-server-10.7@1:10.7.8+maria~ubu2004" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/share/doc/mariadb-server/changelog.gz", "/usr/share/doc/mariadb-server/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "mariadb-server-10.7@1:10.7.8+maria~ubu2004", "Name": "mariadb-server-10.7", "Identifier": { "PURL": "pkg:deb/ubuntu/mariadb-server-10.7@10.7.8%2Bmaria~ubu2004?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "a0491ccb107eab6a" }, "Version": "10.7.8+maria~ubu2004", "Epoch": 1, "Arch": "amd64", "SrcName": "mariadb-10.7", "SrcVersion": "10.7.8+maria~ubu2004", "SrcEpoch": 1, "Maintainer": "MariaDB Developers \u003cmaria-developers@lists.launchpad.net\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debconf@1.5.73", "galera-4@26.4.14-ubu2004", "gawk@1:5.0.1+dfsg-1", "iproute2@5.5.0-1ubuntu1", "libc6@2.31-0ubuntu9.9", "libdbi-perl@1.643-1ubuntu0.1", "libpam0g@1.3.1-5ubuntu4.6", "libssl1.1@1.1.1f-1ubuntu2.17", "libstdc++6@10.3.0-1ubuntu1~20.04", "lsb-base@11.1.0ubuntu2", "lsof@4.93.2+dfsg-1ubuntu0.20.04.1", "mariadb-client-10.7@1:10.7.8+maria~ubu2004", "mariadb-server-core-10.7@1:10.7.8+maria~ubu2004", "passwd@1:4.8.1-1ubuntu5.20.04.4", "perl@5.30.0-9ubuntu0.3", "procps@2:3.3.16-1ubuntu2.3", "psmisc@23.3-1", "rsync@3.1.3-8ubuntu0.5", "socat@1.7.3.3-2", "zlib1g@1:1.2.11.dfsg-2ubuntu1.5" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/lib/systemd/system/mariadb-extra.socket", "/lib/systemd/system/mariadb-extra@.socket", "/lib/systemd/system/mariadb.service", "/lib/systemd/system/mariadb.socket", "/lib/systemd/system/mariadb@.service", "/lib/systemd/system/mariadb@.socket", "/lib/systemd/system/mariadb@bootstrap.service.d/use_galera_new_cluster.conf", "/lib/x86_64-linux-gnu/security/pam_user_map.so", "/usr/bin/aria_chk", "/usr/bin/aria_dump_log", "/usr/bin/aria_ftdump", "/usr/bin/aria_pack", "/usr/bin/aria_read_log", "/usr/bin/galera_new_cluster", "/usr/bin/galera_recovery", "/usr/bin/mariadb-service-convert", "/usr/bin/mariadbd-multi", "/usr/bin/mariadbd-safe", "/usr/bin/mariadbd-safe-helper", "/usr/bin/myisam_ftdump", "/usr/bin/myisamchk", "/usr/bin/myisamlog", "/usr/bin/myisampack", "/usr/bin/wsrep_sst_common", "/usr/bin/wsrep_sst_mariabackup", "/usr/bin/wsrep_sst_mysqldump", "/usr/bin/wsrep_sst_rsync", "/usr/lib/mysql/plugin/auth_ed25519.so", "/usr/lib/mysql/plugin/auth_pam.so", "/usr/lib/mysql/plugin/auth_pam_tool_dir/auth_pam_tool", "/usr/lib/mysql/plugin/auth_pam_v1.so", "/usr/lib/mysql/plugin/disks.so", "/usr/lib/mysql/plugin/file_key_management.so", "/usr/lib/mysql/plugin/ha_archive.so", "/usr/lib/mysql/plugin/ha_blackhole.so", "/usr/lib/mysql/plugin/ha_federated.so", "/usr/lib/mysql/plugin/ha_federatedx.so", "/usr/lib/mysql/plugin/ha_sphinx.so", "/usr/lib/mysql/plugin/handlersocket.so", "/usr/lib/mysql/plugin/locales.so", "/usr/lib/mysql/plugin/metadata_lock_info.so", "/usr/lib/mysql/plugin/password_reuse_check.so", "/usr/lib/mysql/plugin/query_cache_info.so", "/usr/lib/mysql/plugin/query_response_time.so", "/usr/lib/mysql/plugin/server_audit.so", "/usr/lib/mysql/plugin/simple_password_check.so", "/usr/lib/mysql/plugin/sql_errlog.so", "/usr/lib/mysql/plugin/type_mysql_json.so", "/usr/lib/mysql/plugin/wsrep_info.so", "/usr/share/apport/package-hooks/source_mariadb-10.7.py", "/usr/share/doc/mariadb-server-10.7/README.Debian.gz", "/usr/share/doc/mariadb-server-10.7/changelog.gz", "/usr/share/doc/mariadb-server-10.7/copyright", "/usr/share/doc/mariadb-server-10.7/mariadbd.sym.gz", "/usr/share/man/man1/aria_chk.1.gz", "/usr/share/man/man1/aria_dump_log.1.gz", "/usr/share/man/man1/aria_ftdump.1.gz", "/usr/share/man/man1/aria_pack.1.gz", "/usr/share/man/man1/aria_read_log.1.gz", "/usr/share/man/man1/galera_new_cluster.1.gz", "/usr/share/man/man1/galera_recovery.1.gz", "/usr/share/man/man1/mariadb-service-convert.1.gz", "/usr/share/man/man1/myisam_ftdump.1.gz", "/usr/share/man/man1/myisamchk.1.gz", "/usr/share/man/man1/myisamlog.1.gz", "/usr/share/man/man1/myisampack.1.gz", "/usr/share/man/man1/mysqld_multi.1.gz", "/usr/share/man/man1/mysqld_safe.1.gz", "/usr/share/man/man1/mysqld_safe_helper.1.gz", "/usr/share/man/man1/wsrep_sst_common.1.gz", "/usr/share/man/man1/wsrep_sst_mariabackup.1.gz", "/usr/share/man/man1/wsrep_sst_mysqldump.1.gz", "/usr/share/man/man1/wsrep_sst_rsync.1.gz", "/usr/share/man/man1/wsrep_sst_rsync_wan.1.gz", "/usr/share/mysql/debian-start.inc.sh", "/usr/share/mysql/echo_stderr", "/usr/share/mysql/errmsg-utf8.txt", "/usr/share/mysql/wsrep.cnf", "/usr/share/mysql/wsrep_notify" ], "AnalyzedBy": "dpkg" }, { "ID": "mariadb-server-core-10.7@1:10.7.8+maria~ubu2004", "Name": "mariadb-server-core-10.7", "Identifier": { "PURL": "pkg:deb/ubuntu/mariadb-server-core-10.7@10.7.8%2Bmaria~ubu2004?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "919704cfe08b9b7b" }, "Version": "10.7.8+maria~ubu2004", "Epoch": 1, "Arch": "amd64", "SrcName": "mariadb-10.7", "SrcVersion": "10.7.8+maria~ubu2004", "SrcEpoch": 1, "Maintainer": "MariaDB Developers \u003cmaria-developers@lists.launchpad.net\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libaio1@0.3.112-5", "libc6@2.31-0ubuntu9.9", "libcrypt1@1:4.4.10-10ubuntu4", "libpcre2-8-0@10.34-7ubuntu0.1", "libpmem1@1.8-1ubuntu1", "libssl1.1@1.1.1f-1ubuntu2.17", "libstdc++6@10.3.0-1ubuntu1~20.04", "libsystemd0@245.4-4ubuntu3.21", "mariadb-common@1:10.7.8+maria~ubu2004", "zlib1g@1:1.2.11.dfsg-2ubuntu1.5" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/bin/innochecksum", "/usr/bin/mariadb-install-db", "/usr/bin/mariadb-upgrade", "/usr/bin/resolveip", "/usr/sbin/mariadbd", "/usr/share/doc/mariadb-server-core-10.7/changelog.gz", "/usr/share/doc/mariadb-server-core-10.7/copyright", "/usr/share/man/man1/innochecksum.1.gz", "/usr/share/man/man1/mysql_install_db.1.gz", "/usr/share/man/man1/mysql_upgrade.1.gz", "/usr/share/man/man1/resolveip.1.gz", "/usr/share/man/man8/mysqld.8.gz", "/usr/share/mysql/bulgarian/errmsg.sys", "/usr/share/mysql/charsets/Index.xml", "/usr/share/mysql/charsets/README", "/usr/share/mysql/charsets/armscii8.xml", "/usr/share/mysql/charsets/ascii.xml", "/usr/share/mysql/charsets/cp1250.xml", "/usr/share/mysql/charsets/cp1251.xml", "/usr/share/mysql/charsets/cp1256.xml", "/usr/share/mysql/charsets/cp1257.xml", "/usr/share/mysql/charsets/cp850.xml", "/usr/share/mysql/charsets/cp852.xml", "/usr/share/mysql/charsets/cp866.xml", "/usr/share/mysql/charsets/dec8.xml", "/usr/share/mysql/charsets/geostd8.xml", "/usr/share/mysql/charsets/greek.xml", "/usr/share/mysql/charsets/hebrew.xml", "/usr/share/mysql/charsets/hp8.xml", "/usr/share/mysql/charsets/keybcs2.xml", "/usr/share/mysql/charsets/koi8r.xml", "/usr/share/mysql/charsets/koi8u.xml", "/usr/share/mysql/charsets/latin1.xml", "/usr/share/mysql/charsets/latin2.xml", "/usr/share/mysql/charsets/latin5.xml", "/usr/share/mysql/charsets/latin7.xml", "/usr/share/mysql/charsets/macce.xml", "/usr/share/mysql/charsets/macroman.xml", "/usr/share/mysql/charsets/swe7.xml", "/usr/share/mysql/chinese/errmsg.sys", "/usr/share/mysql/czech/errmsg.sys", "/usr/share/mysql/danish/errmsg.sys", "/usr/share/mysql/dutch/errmsg.sys", "/usr/share/mysql/english/errmsg.sys", "/usr/share/mysql/estonian/errmsg.sys", "/usr/share/mysql/fill_help_tables.sql", "/usr/share/mysql/french/errmsg.sys", "/usr/share/mysql/german/errmsg.sys", "/usr/share/mysql/greek/errmsg.sys", "/usr/share/mysql/hindi/errmsg.sys", "/usr/share/mysql/hungarian/errmsg.sys", "/usr/share/mysql/italian/errmsg.sys", "/usr/share/mysql/japanese/errmsg.sys", "/usr/share/mysql/korean/errmsg.sys", "/usr/share/mysql/maria_add_gis_sp_bootstrap.sql", "/usr/share/mysql/mysql_performance_tables.sql", "/usr/share/mysql/mysql_sys_schema.sql", "/usr/share/mysql/mysql_system_tables.sql", "/usr/share/mysql/mysql_system_tables_data.sql", "/usr/share/mysql/mysql_test_data_timezone.sql", "/usr/share/mysql/mysql_test_db.sql", "/usr/share/mysql/norwegian-ny/errmsg.sys", "/usr/share/mysql/norwegian/errmsg.sys", "/usr/share/mysql/polish/errmsg.sys", "/usr/share/mysql/portuguese/errmsg.sys", "/usr/share/mysql/romanian/errmsg.sys", "/usr/share/mysql/russian/errmsg.sys", "/usr/share/mysql/serbian/errmsg.sys", "/usr/share/mysql/slovak/errmsg.sys", "/usr/share/mysql/spanish/errmsg.sys", "/usr/share/mysql/swedish/errmsg.sys", "/usr/share/mysql/ukrainian/errmsg.sys" ], "AnalyzedBy": "dpkg" }, { "ID": "mawk@1.3.4.20200120-2", "Name": "mawk", "Identifier": { "PURL": "pkg:deb/ubuntu/mawk@1.3.4.20200120-2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "7247efd69179ae3d" }, "Version": "1.3.4.20200120", "Release": "2", "Arch": "amd64", "SrcName": "mawk", "SrcVersion": "1.3.4.20200120", "SrcRelease": "2", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/bin/mawk", "/usr/share/doc/mawk/ACKNOWLEDGMENT", "/usr/share/doc/mawk/README", "/usr/share/doc/mawk/changelog.Debian.gz", "/usr/share/doc/mawk/copyright", "/usr/share/doc/mawk/examples/ct_length.awk", "/usr/share/doc/mawk/examples/decl.awk", "/usr/share/doc/mawk/examples/deps.awk", "/usr/share/doc/mawk/examples/eatc.awk", "/usr/share/doc/mawk/examples/gdecl.awk", "/usr/share/doc/mawk/examples/hcal", "/usr/share/doc/mawk/examples/hical", "/usr/share/doc/mawk/examples/nocomment.awk", "/usr/share/doc/mawk/examples/primes.awk", "/usr/share/doc/mawk/examples/qsort.awk", "/usr/share/man/man1/mawk.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "mount@2.34-0.1ubuntu9.3", "Name": "mount", "Identifier": { "PURL": "pkg:deb/ubuntu/mount@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "5dec57b54f278111" }, "Version": "2.34", "Release": "0.1ubuntu9.3", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.34", "SrcRelease": "0.1ubuntu9.3", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "public-domain", "BSD-4-Clause", "MIT", "BSD-2-Clause", "BSD-3-Clause", "LGPL-2.0-or-later", "LGPL-2.1-or-later", "GPL-3.0-or-later", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "util-linux@2.34-0.1ubuntu9.3" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/bin/mount", "/bin/umount", "/sbin/losetup", "/sbin/swapoff", "/sbin/swapon", "/usr/share/bash-completion/completions/losetup", "/usr/share/bash-completion/completions/mount", "/usr/share/bash-completion/completions/swapoff", "/usr/share/bash-completion/completions/swapon", "/usr/share/bash-completion/completions/umount", "/usr/share/doc/mount/NEWS.Debian.gz", "/usr/share/doc/mount/copyright", "/usr/share/doc/mount/examples/mount.fstab", "/usr/share/lintian/overrides/mount", "/usr/share/man/man5/fstab.5.gz", "/usr/share/man/man8/losetup.8.gz", "/usr/share/man/man8/mount.8.gz", "/usr/share/man/man8/swapon.8.gz", "/usr/share/man/man8/umount.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "mysql-common@1:10.7.8+maria~ubu2004", "Name": "mysql-common", "Identifier": { "PURL": "pkg:deb/ubuntu/mysql-common@10.7.8%2Bmaria~ubu2004?arch=all\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "7a316d77b6050a6b" }, "Version": "10.7.8+maria~ubu2004", "Epoch": 1, "Arch": "all", "SrcName": "mariadb-10.7", "SrcVersion": "10.7.8+maria~ubu2004", "SrcEpoch": 1, "Maintainer": "MariaDB Developers \u003cmaria-developers@lists.launchpad.net\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/share/doc/mysql-common/changelog.gz", "/usr/share/doc/mysql-common/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "ncurses-base@6.2-0ubuntu2", "Name": "ncurses-base", "Identifier": { "PURL": "pkg:deb/ubuntu/ncurses-base@6.2-0ubuntu2?arch=all\u0026distro=ubuntu-20.04", "UID": "11c3ebabbf3b213f" }, "Version": "6.2", "Release": "0ubuntu2", "Arch": "all", "SrcName": "ncurses", "SrcVersion": "6.2", "SrcRelease": "0ubuntu2", "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/terminfo/E/Eterm", "/lib/terminfo/a/ansi", "/lib/terminfo/c/cons25", "/lib/terminfo/c/cons25-debian", "/lib/terminfo/c/cygwin", "/lib/terminfo/d/dumb", "/lib/terminfo/h/hurd", "/lib/terminfo/l/linux", "/lib/terminfo/m/mach", "/lib/terminfo/m/mach-bold", "/lib/terminfo/m/mach-color", "/lib/terminfo/m/mach-gnu", "/lib/terminfo/m/mach-gnu-color", "/lib/terminfo/p/pcansi", "/lib/terminfo/r/rxvt", "/lib/terminfo/r/rxvt-basic", "/lib/terminfo/r/rxvt-unicode", "/lib/terminfo/r/rxvt-unicode-256color", "/lib/terminfo/s/screen", "/lib/terminfo/s/screen-256color", "/lib/terminfo/s/screen-256color-bce", "/lib/terminfo/s/screen-bce", "/lib/terminfo/s/screen-s", "/lib/terminfo/s/screen-w", "/lib/terminfo/s/screen.xterm-256color", "/lib/terminfo/s/sun", "/lib/terminfo/t/tmux", "/lib/terminfo/t/tmux-256color", "/lib/terminfo/v/vt100", "/lib/terminfo/v/vt102", "/lib/terminfo/v/vt220", "/lib/terminfo/v/vt52", "/lib/terminfo/w/wsvt25", "/lib/terminfo/w/wsvt25m", "/lib/terminfo/x/xterm", "/lib/terminfo/x/xterm-256color", "/lib/terminfo/x/xterm-color", "/lib/terminfo/x/xterm-mono", "/lib/terminfo/x/xterm-r5", "/lib/terminfo/x/xterm-r6", "/lib/terminfo/x/xterm-vt220", "/lib/terminfo/x/xterm-xfree86", "/usr/share/doc/ncurses-base/changelog.Debian.gz", "/usr/share/doc/ncurses-base/copyright", "/usr/share/lintian/overrides/ncurses-base", "/usr/share/tabset/std", "/usr/share/tabset/stdcrt", "/usr/share/tabset/vt100", "/usr/share/tabset/vt300" ], "AnalyzedBy": "dpkg" }, { "ID": "ncurses-bin@6.2-0ubuntu2", "Name": "ncurses-bin", "Identifier": { "PURL": "pkg:deb/ubuntu/ncurses-bin@6.2-0ubuntu2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "f840bf3c896244a7" }, "Version": "6.2", "Release": "0ubuntu2", "Arch": "amd64", "SrcName": "ncurses", "SrcVersion": "6.2", "SrcRelease": "0ubuntu2", "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/bin/clear", "/usr/bin/infocmp", "/usr/bin/tabs", "/usr/bin/tic", "/usr/bin/toe", "/usr/bin/tput", "/usr/bin/tset", "/usr/share/doc/ncurses-bin/copyright", "/usr/share/man/man1/captoinfo.1.gz", "/usr/share/man/man1/clear.1.gz", "/usr/share/man/man1/infocmp.1.gz", "/usr/share/man/man1/infotocap.1.gz", "/usr/share/man/man1/tabs.1.gz", "/usr/share/man/man1/tic.1.gz", "/usr/share/man/man1/toe.1.gz", "/usr/share/man/man1/tput.1.gz", "/usr/share/man/man1/tset.1.gz", "/usr/share/man/man5/scr_dump.5.gz", "/usr/share/man/man5/term.5.gz", "/usr/share/man/man5/terminfo.5.gz", "/usr/share/man/man5/user_caps.5.gz", "/usr/share/man/man7/term.7.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "openssl@1.1.1f-1ubuntu2.17", "Name": "openssl", "Identifier": { "PURL": "pkg:deb/ubuntu/openssl@1.1.1f-1ubuntu2.17?arch=amd64\u0026distro=ubuntu-20.04", "UID": "d05522de581addaf" }, "Version": "1.1.1f", "Release": "1ubuntu2.17", "Arch": "amd64", "SrcName": "openssl", "SrcVersion": "1.1.1f", "SrcRelease": "1ubuntu2.17", "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libssl1.1@1.1.1f-1ubuntu2.17" ], "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "InstalledFiles": [ "/usr/bin/c_rehash", "/usr/bin/openssl", "/usr/lib/ssl/misc/CA.pl", "/usr/lib/ssl/misc/tsget.pl", "/usr/share/doc/openssl/FAQ", "/usr/share/doc/openssl/HOWTO/certificates.txt.gz", "/usr/share/doc/openssl/HOWTO/keys.txt", "/usr/share/doc/openssl/NEWS.Debian.gz", "/usr/share/doc/openssl/NEWS.gz", "/usr/share/doc/openssl/README", "/usr/share/doc/openssl/README.Debian", "/usr/share/doc/openssl/README.ENGINE.gz", "/usr/share/doc/openssl/README.optimization", "/usr/share/doc/openssl/fingerprints.txt", "/usr/share/lintian/overrides/openssl", "/usr/share/man/man1/CA.pl.1ssl.gz", "/usr/share/man/man1/asn1parse.1ssl.gz", "/usr/share/man/man1/ca.1ssl.gz", "/usr/share/man/man1/ciphers.1ssl.gz", "/usr/share/man/man1/cms.1ssl.gz", "/usr/share/man/man1/crl.1ssl.gz", "/usr/share/man/man1/crl2pkcs7.1ssl.gz", "/usr/share/man/man1/dgst.1ssl.gz", "/usr/share/man/man1/dhparam.1ssl.gz", "/usr/share/man/man1/dsa.1ssl.gz", "/usr/share/man/man1/dsaparam.1ssl.gz", "/usr/share/man/man1/ec.1ssl.gz", "/usr/share/man/man1/ecparam.1ssl.gz", "/usr/share/man/man1/enc.1ssl.gz", "/usr/share/man/man1/engine.1ssl.gz", "/usr/share/man/man1/errstr.1ssl.gz", "/usr/share/man/man1/gendsa.1ssl.gz", "/usr/share/man/man1/genpkey.1ssl.gz", "/usr/share/man/man1/genrsa.1ssl.gz", "/usr/share/man/man1/list.1ssl.gz", "/usr/share/man/man1/nseq.1ssl.gz", "/usr/share/man/man1/ocsp.1ssl.gz", "/usr/share/man/man1/openssl.1ssl.gz", "/usr/share/man/man1/passwd.1ssl.gz", "/usr/share/man/man1/pkcs12.1ssl.gz", "/usr/share/man/man1/pkcs7.1ssl.gz", "/usr/share/man/man1/pkcs8.1ssl.gz", "/usr/share/man/man1/pkey.1ssl.gz", "/usr/share/man/man1/pkeyparam.1ssl.gz", "/usr/share/man/man1/pkeyutl.1ssl.gz", "/usr/share/man/man1/prime.1ssl.gz", "/usr/share/man/man1/rand.1ssl.gz", "/usr/share/man/man1/rehash.1ssl.gz", "/usr/share/man/man1/req.1ssl.gz", "/usr/share/man/man1/rsa.1ssl.gz", "/usr/share/man/man1/rsautl.1ssl.gz", "/usr/share/man/man1/s_client.1ssl.gz", "/usr/share/man/man1/s_server.1ssl.gz", "/usr/share/man/man1/s_time.1ssl.gz", "/usr/share/man/man1/sess_id.1ssl.gz", "/usr/share/man/man1/smime.1ssl.gz", "/usr/share/man/man1/speed.1ssl.gz", "/usr/share/man/man1/spkac.1ssl.gz", "/usr/share/man/man1/srp.1ssl.gz", "/usr/share/man/man1/storeutl.1ssl.gz", "/usr/share/man/man1/ts.1ssl.gz", "/usr/share/man/man1/tsget.1ssl.gz", "/usr/share/man/man1/verify.1ssl.gz", "/usr/share/man/man1/version.1ssl.gz", "/usr/share/man/man1/x509.1ssl.gz", "/usr/share/man/man5/config.5ssl.gz", "/usr/share/man/man5/x509v3_config.5ssl.gz", "/usr/share/man/man7/Ed25519.7ssl.gz", "/usr/share/man/man7/RAND.7ssl.gz", "/usr/share/man/man7/RAND_DRBG.7ssl.gz", "/usr/share/man/man7/RSA-PSS.7ssl.gz", "/usr/share/man/man7/SM2.7ssl.gz", "/usr/share/man/man7/X25519.7ssl.gz", "/usr/share/man/man7/bio.7ssl.gz", "/usr/share/man/man7/crypto.7ssl.gz", "/usr/share/man/man7/ct.7ssl.gz", "/usr/share/man/man7/des_modes.7ssl.gz", "/usr/share/man/man7/evp.7ssl.gz", "/usr/share/man/man7/ossl_store-file.7ssl.gz", "/usr/share/man/man7/ossl_store.7ssl.gz", "/usr/share/man/man7/passphrase-encoding.7ssl.gz", "/usr/share/man/man7/proxy-certificates.7ssl.gz", "/usr/share/man/man7/scrypt.7ssl.gz", "/usr/share/man/man7/ssl.7ssl.gz", "/usr/share/man/man7/x509.7ssl.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "passwd@1:4.8.1-1ubuntu5.20.04.4", "Name": "passwd", "Identifier": { "PURL": "pkg:deb/ubuntu/passwd@4.8.1-1ubuntu5.20.04.4?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "d3a91d4da26b7b0b" }, "Version": "4.8.1", "Release": "1ubuntu5.20.04.4", "Epoch": 1, "Arch": "amd64", "SrcName": "shadow", "SrcVersion": "4.8.1", "SrcRelease": "1ubuntu5.20.04.4", "SrcEpoch": 1, "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libaudit1@1:2.8.5-2ubuntu6", "libc6@2.31-0ubuntu9.9", "libcrypt1@1:4.4.10-10ubuntu4", "libpam-modules@1.3.1-5ubuntu4.6", "libpam0g@1.3.1-5ubuntu4.6", "libselinux1@3.0-1build2", "libsemanage1@3.0-1build2" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/sbin/shadowconfig", "/usr/bin/chage", "/usr/bin/chfn", "/usr/bin/chsh", "/usr/bin/expiry", "/usr/bin/gpasswd", "/usr/bin/passwd", "/usr/lib/tmpfiles.d/passwd.conf", "/usr/sbin/chgpasswd", "/usr/sbin/chpasswd", "/usr/sbin/cppw", "/usr/sbin/groupadd", "/usr/sbin/groupdel", "/usr/sbin/groupmems", "/usr/sbin/groupmod", "/usr/sbin/grpck", "/usr/sbin/grpconv", "/usr/sbin/grpunconv", "/usr/sbin/newusers", "/usr/sbin/pwck", "/usr/sbin/pwconv", "/usr/sbin/pwunconv", "/usr/sbin/useradd", "/usr/sbin/userdel", "/usr/sbin/usermod", "/usr/sbin/vipw", "/usr/share/doc/passwd/NEWS.Debian.gz", "/usr/share/doc/passwd/README.Debian", "/usr/share/doc/passwd/TODO.Debian", "/usr/share/doc/passwd/changelog.Debian.gz", "/usr/share/doc/passwd/copyright", "/usr/share/doc/passwd/examples/passwd.expire.cron", "/usr/share/lintian/overrides/passwd", "/usr/share/man/cs/man1/expiry.1.gz", "/usr/share/man/cs/man1/gpasswd.1.gz", "/usr/share/man/cs/man5/gshadow.5.gz", "/usr/share/man/cs/man5/passwd.5.gz", "/usr/share/man/cs/man5/shadow.5.gz", "/usr/share/man/cs/man8/groupadd.8.gz", "/usr/share/man/cs/man8/groupdel.8.gz", "/usr/share/man/cs/man8/groupmod.8.gz", "/usr/share/man/cs/man8/grpck.8.gz", "/usr/share/man/cs/man8/vipw.8.gz", "/usr/share/man/da/man1/chfn.1.gz", "/usr/share/man/da/man5/gshadow.5.gz", "/usr/share/man/da/man8/groupdel.8.gz", "/usr/share/man/da/man8/vipw.8.gz", "/usr/share/man/de/man1/chage.1.gz", "/usr/share/man/de/man1/chfn.1.gz", "/usr/share/man/de/man1/chsh.1.gz", "/usr/share/man/de/man1/expiry.1.gz", "/usr/share/man/de/man1/gpasswd.1.gz", "/usr/share/man/de/man1/passwd.1.gz", "/usr/share/man/de/man5/gshadow.5.gz", "/usr/share/man/de/man5/passwd.5.gz", "/usr/share/man/de/man5/shadow.5.gz", "/usr/share/man/de/man8/chpasswd.8.gz", "/usr/share/man/de/man8/groupadd.8.gz", "/usr/share/man/de/man8/groupdel.8.gz", "/usr/share/man/de/man8/groupmems.8.gz", "/usr/share/man/de/man8/groupmod.8.gz", "/usr/share/man/de/man8/grpck.8.gz", "/usr/share/man/de/man8/newusers.8.gz", "/usr/share/man/de/man8/pwck.8.gz", "/usr/share/man/de/man8/pwconv.8.gz", "/usr/share/man/de/man8/useradd.8.gz", "/usr/share/man/de/man8/userdel.8.gz", "/usr/share/man/de/man8/usermod.8.gz", "/usr/share/man/de/man8/vipw.8.gz", "/usr/share/man/fi/man1/chfn.1.gz", "/usr/share/man/fi/man1/chsh.1.gz", "/usr/share/man/fr/man1/chage.1.gz", "/usr/share/man/fr/man1/chfn.1.gz", "/usr/share/man/fr/man1/chsh.1.gz", "/usr/share/man/fr/man1/expiry.1.gz", "/usr/share/man/fr/man1/gpasswd.1.gz", "/usr/share/man/fr/man1/passwd.1.gz", "/usr/share/man/fr/man5/gshadow.5.gz", "/usr/share/man/fr/man5/passwd.5.gz", "/usr/share/man/fr/man5/shadow.5.gz", "/usr/share/man/fr/man8/chpasswd.8.gz", "/usr/share/man/fr/man8/groupadd.8.gz", "/usr/share/man/fr/man8/groupdel.8.gz", "/usr/share/man/fr/man8/groupmems.8.gz", "/usr/share/man/fr/man8/groupmod.8.gz", "/usr/share/man/fr/man8/grpck.8.gz", "/usr/share/man/fr/man8/newusers.8.gz", "/usr/share/man/fr/man8/pwck.8.gz", "/usr/share/man/fr/man8/pwconv.8.gz", "/usr/share/man/fr/man8/useradd.8.gz", "/usr/share/man/fr/man8/userdel.8.gz", "/usr/share/man/fr/man8/usermod.8.gz", "/usr/share/man/fr/man8/vipw.8.gz", "/usr/share/man/hu/man1/chsh.1.gz", "/usr/share/man/hu/man1/gpasswd.1.gz", "/usr/share/man/hu/man1/passwd.1.gz", "/usr/share/man/hu/man5/passwd.5.gz", "/usr/share/man/id/man1/chsh.1.gz", "/usr/share/man/id/man8/useradd.8.gz", "/usr/share/man/it/man1/chage.1.gz", "/usr/share/man/it/man1/chfn.1.gz", "/usr/share/man/it/man1/chsh.1.gz", "/usr/share/man/it/man1/expiry.1.gz", "/usr/share/man/it/man1/gpasswd.1.gz", "/usr/share/man/it/man1/passwd.1.gz", "/usr/share/man/it/man5/gshadow.5.gz", "/usr/share/man/it/man5/passwd.5.gz", "/usr/share/man/it/man5/shadow.5.gz", "/usr/share/man/it/man8/chpasswd.8.gz", "/usr/share/man/it/man8/groupadd.8.gz", "/usr/share/man/it/man8/groupdel.8.gz", "/usr/share/man/it/man8/groupmems.8.gz", "/usr/share/man/it/man8/groupmod.8.gz", "/usr/share/man/it/man8/grpck.8.gz", "/usr/share/man/it/man8/newusers.8.gz", "/usr/share/man/it/man8/pwck.8.gz", "/usr/share/man/it/man8/pwconv.8.gz", "/usr/share/man/it/man8/useradd.8.gz", "/usr/share/man/it/man8/userdel.8.gz", "/usr/share/man/it/man8/usermod.8.gz", "/usr/share/man/it/man8/vipw.8.gz", "/usr/share/man/ja/man1/chage.1.gz", "/usr/share/man/ja/man1/chfn.1.gz", "/usr/share/man/ja/man1/chsh.1.gz", "/usr/share/man/ja/man1/expiry.1.gz", "/usr/share/man/ja/man1/gpasswd.1.gz", "/usr/share/man/ja/man1/passwd.1.gz", "/usr/share/man/ja/man5/passwd.5.gz", "/usr/share/man/ja/man5/shadow.5.gz", "/usr/share/man/ja/man8/chpasswd.8.gz", "/usr/share/man/ja/man8/groupadd.8.gz", "/usr/share/man/ja/man8/groupdel.8.gz", "/usr/share/man/ja/man8/groupmod.8.gz", "/usr/share/man/ja/man8/grpck.8.gz", "/usr/share/man/ja/man8/newusers.8.gz", "/usr/share/man/ja/man8/pwck.8.gz", "/usr/share/man/ja/man8/pwconv.8.gz", "/usr/share/man/ja/man8/useradd.8.gz", "/usr/share/man/ja/man8/userdel.8.gz", "/usr/share/man/ja/man8/usermod.8.gz", "/usr/share/man/ja/man8/vipw.8.gz", "/usr/share/man/ko/man1/chfn.1.gz", "/usr/share/man/ko/man1/chsh.1.gz", "/usr/share/man/ko/man5/passwd.5.gz", "/usr/share/man/ko/man8/vipw.8.gz", "/usr/share/man/man1/chage.1.gz", "/usr/share/man/man1/chfn.1.gz", "/usr/share/man/man1/chsh.1.gz", "/usr/share/man/man1/expiry.1.gz", "/usr/share/man/man1/gpasswd.1.gz", "/usr/share/man/man1/passwd.1.gz", "/usr/share/man/man5/gshadow.5.gz", "/usr/share/man/man5/passwd.5.gz", "/usr/share/man/man5/shadow.5.gz", "/usr/share/man/man5/subgid.5.gz", "/usr/share/man/man5/subuid.5.gz", "/usr/share/man/man8/chgpasswd.8.gz", "/usr/share/man/man8/chpasswd.8.gz", "/usr/share/man/man8/cppw.8.gz", "/usr/share/man/man8/groupadd.8.gz", "/usr/share/man/man8/groupdel.8.gz", "/usr/share/man/man8/groupmems.8.gz", "/usr/share/man/man8/groupmod.8.gz", "/usr/share/man/man8/grpck.8.gz", "/usr/share/man/man8/newusers.8.gz", "/usr/share/man/man8/pwck.8.gz", "/usr/share/man/man8/pwconv.8.gz", "/usr/share/man/man8/useradd.8.gz", "/usr/share/man/man8/userdel.8.gz", "/usr/share/man/man8/usermod.8.gz", "/usr/share/man/man8/vipw.8.gz", "/usr/share/man/pl/man1/chage.1.gz", "/usr/share/man/pl/man1/chsh.1.gz", "/usr/share/man/pl/man1/expiry.1.gz", "/usr/share/man/pl/man8/groupadd.8.gz", "/usr/share/man/pl/man8/groupdel.8.gz", "/usr/share/man/pl/man8/groupmems.8.gz", "/usr/share/man/pl/man8/groupmod.8.gz", "/usr/share/man/pl/man8/grpck.8.gz", "/usr/share/man/pl/man8/userdel.8.gz", "/usr/share/man/pl/man8/usermod.8.gz", "/usr/share/man/pl/man8/vipw.8.gz", "/usr/share/man/pt_BR/man1/gpasswd.1.gz", "/usr/share/man/pt_BR/man5/passwd.5.gz", "/usr/share/man/pt_BR/man5/shadow.5.gz", "/usr/share/man/pt_BR/man8/groupadd.8.gz", "/usr/share/man/pt_BR/man8/groupdel.8.gz", "/usr/share/man/pt_BR/man8/groupmod.8.gz", "/usr/share/man/ru/man1/chage.1.gz", "/usr/share/man/ru/man1/chfn.1.gz", "/usr/share/man/ru/man1/chsh.1.gz", "/usr/share/man/ru/man1/expiry.1.gz", "/usr/share/man/ru/man1/gpasswd.1.gz", "/usr/share/man/ru/man1/passwd.1.gz", "/usr/share/man/ru/man5/gshadow.5.gz", "/usr/share/man/ru/man5/passwd.5.gz", "/usr/share/man/ru/man5/shadow.5.gz", "/usr/share/man/ru/man8/chpasswd.8.gz", "/usr/share/man/ru/man8/groupadd.8.gz", "/usr/share/man/ru/man8/groupdel.8.gz", "/usr/share/man/ru/man8/groupmems.8.gz", "/usr/share/man/ru/man8/groupmod.8.gz", "/usr/share/man/ru/man8/grpck.8.gz", "/usr/share/man/ru/man8/newusers.8.gz", "/usr/share/man/ru/man8/pwck.8.gz", "/usr/share/man/ru/man8/pwconv.8.gz", "/usr/share/man/ru/man8/useradd.8.gz", "/usr/share/man/ru/man8/userdel.8.gz", "/usr/share/man/ru/man8/usermod.8.gz", "/usr/share/man/ru/man8/vipw.8.gz", "/usr/share/man/sv/man1/chage.1.gz", "/usr/share/man/sv/man1/chsh.1.gz", "/usr/share/man/sv/man1/expiry.1.gz", "/usr/share/man/sv/man1/passwd.1.gz", "/usr/share/man/sv/man5/gshadow.5.gz", "/usr/share/man/sv/man5/passwd.5.gz", "/usr/share/man/sv/man8/groupadd.8.gz", "/usr/share/man/sv/man8/groupdel.8.gz", "/usr/share/man/sv/man8/groupmems.8.gz", "/usr/share/man/sv/man8/groupmod.8.gz", "/usr/share/man/sv/man8/grpck.8.gz", "/usr/share/man/sv/man8/pwck.8.gz", "/usr/share/man/sv/man8/userdel.8.gz", "/usr/share/man/sv/man8/vipw.8.gz", "/usr/share/man/tr/man1/chage.1.gz", "/usr/share/man/tr/man1/chfn.1.gz", "/usr/share/man/tr/man1/passwd.1.gz", "/usr/share/man/tr/man5/passwd.5.gz", "/usr/share/man/tr/man5/shadow.5.gz", "/usr/share/man/tr/man8/groupadd.8.gz", "/usr/share/man/tr/man8/groupdel.8.gz", "/usr/share/man/tr/man8/groupmod.8.gz", "/usr/share/man/tr/man8/useradd.8.gz", "/usr/share/man/tr/man8/userdel.8.gz", "/usr/share/man/tr/man8/usermod.8.gz", "/usr/share/man/zh_CN/man1/chage.1.gz", "/usr/share/man/zh_CN/man1/chfn.1.gz", "/usr/share/man/zh_CN/man1/chsh.1.gz", "/usr/share/man/zh_CN/man1/expiry.1.gz", "/usr/share/man/zh_CN/man1/gpasswd.1.gz", "/usr/share/man/zh_CN/man1/passwd.1.gz", "/usr/share/man/zh_CN/man5/gshadow.5.gz", "/usr/share/man/zh_CN/man5/passwd.5.gz", "/usr/share/man/zh_CN/man5/shadow.5.gz", "/usr/share/man/zh_CN/man8/chpasswd.8.gz", "/usr/share/man/zh_CN/man8/groupadd.8.gz", "/usr/share/man/zh_CN/man8/groupdel.8.gz", "/usr/share/man/zh_CN/man8/groupmems.8.gz", "/usr/share/man/zh_CN/man8/groupmod.8.gz", "/usr/share/man/zh_CN/man8/grpck.8.gz", "/usr/share/man/zh_CN/man8/newusers.8.gz", "/usr/share/man/zh_CN/man8/pwck.8.gz", "/usr/share/man/zh_CN/man8/pwconv.8.gz", "/usr/share/man/zh_CN/man8/useradd.8.gz", "/usr/share/man/zh_CN/man8/userdel.8.gz", "/usr/share/man/zh_CN/man8/usermod.8.gz", "/usr/share/man/zh_CN/man8/vipw.8.gz", "/usr/share/man/zh_TW/man1/chfn.1.gz", "/usr/share/man/zh_TW/man1/chsh.1.gz", "/usr/share/man/zh_TW/man5/passwd.5.gz", "/usr/share/man/zh_TW/man8/chpasswd.8.gz", "/usr/share/man/zh_TW/man8/groupadd.8.gz", "/usr/share/man/zh_TW/man8/groupdel.8.gz", "/usr/share/man/zh_TW/man8/groupmod.8.gz", "/usr/share/man/zh_TW/man8/useradd.8.gz", "/usr/share/man/zh_TW/man8/userdel.8.gz", "/usr/share/man/zh_TW/man8/usermod.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "perl@5.30.0-9ubuntu0.3", "Name": "perl", "Identifier": { "PURL": "pkg:deb/ubuntu/perl@5.30.0-9ubuntu0.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "e4ac000ef35e9648" }, "Version": "5.30.0", "Release": "9ubuntu0.3", "Arch": "amd64", "SrcName": "perl", "SrcVersion": "5.30.0", "SrcRelease": "9ubuntu0.3", "Licenses": [ "GPL-1.0-or-later", "Artistic-2.0", "MIT", "REGCOMP", "GPL-2.0-with-bison-exception+", "Unicode", "BZIP", "Zlib", "GPL-2.0-or-later", "RRA-KEEP-THIS-NOTICE", "BSD-3-clause-with-weird-numbering", "CC0-1.0", "TEXT-TABS", "BSD-4-clause-POWERDOG", "BSD-3-clause-GENERIC", "BSD-3-Clause", "SDBM-PUBLIC-DOMAIN", "DONT-CHANGE-THE-GPL", "Artistic-dist", "LGPL-2.1-only", "GPL-1.0-only", "GPL-2.0-only", "Artistic-2", "HSIEH-DERIVATIVE", "HSIEH-BSD" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libperl5.30@5.30.0-9ubuntu0.3", "perl-base@5.30.0-9ubuntu0.3", "perl-modules-5.30@5.30.0-9ubuntu0.3" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/bin/corelist", "/usr/bin/cpan", "/usr/bin/enc2xs", "/usr/bin/encguess", "/usr/bin/h2ph", "/usr/bin/h2xs", "/usr/bin/instmodsh", "/usr/bin/json_pp", "/usr/bin/libnetcfg", "/usr/bin/perlbug", "/usr/bin/perldoc", "/usr/bin/perlivp", "/usr/bin/perlthanks", "/usr/bin/piconv", "/usr/bin/pl2pm", "/usr/bin/pod2html", "/usr/bin/pod2man", "/usr/bin/pod2text", "/usr/bin/pod2usage", "/usr/bin/podchecker", "/usr/bin/podselect", "/usr/bin/prove", "/usr/bin/ptar", "/usr/bin/ptardiff", "/usr/bin/ptargrep", "/usr/bin/shasum", "/usr/bin/splain", "/usr/bin/xsubpp", "/usr/bin/zipdetails", "/usr/share/doc/perl/README.Debian", "/usr/share/doc/perl/copyright", "/usr/share/lintian/overrides/perl", "/usr/share/man/man1/corelist.1.gz", "/usr/share/man/man1/cpan.1.gz", "/usr/share/man/man1/enc2xs.1.gz", "/usr/share/man/man1/encguess.1.gz", "/usr/share/man/man1/h2ph.1.gz", "/usr/share/man/man1/h2xs.1.gz", "/usr/share/man/man1/instmodsh.1.gz", "/usr/share/man/man1/json_pp.1.gz", "/usr/share/man/man1/libnetcfg.1.gz", "/usr/share/man/man1/perlbug.1.gz", "/usr/share/man/man1/perlivp.1.gz", "/usr/share/man/man1/piconv.1.gz", "/usr/share/man/man1/pl2pm.1.gz", "/usr/share/man/man1/pod2html.1.gz", "/usr/share/man/man1/pod2man.1.gz", "/usr/share/man/man1/pod2text.1.gz", "/usr/share/man/man1/pod2usage.1.gz", "/usr/share/man/man1/podchecker.1.gz", "/usr/share/man/man1/podselect.1.gz", "/usr/share/man/man1/prove.1.gz", "/usr/share/man/man1/ptar.1.gz", "/usr/share/man/man1/ptardiff.1.gz", "/usr/share/man/man1/ptargrep.1.gz", "/usr/share/man/man1/shasum.1.gz", "/usr/share/man/man1/splain.1.gz", "/usr/share/man/man1/xsubpp.1.gz", "/usr/share/man/man1/zipdetails.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "perl-base@5.30.0-9ubuntu0.3", "Name": "perl-base", "Identifier": { "PURL": "pkg:deb/ubuntu/perl-base@5.30.0-9ubuntu0.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "2289117557075356" }, "Version": "5.30.0", "Release": "9ubuntu0.3", "Arch": "amd64", "SrcName": "perl", "SrcVersion": "5.30.0", "SrcRelease": "9ubuntu0.3", "Licenses": [ "GPL-1.0-or-later", "Artistic-2.0", "MIT", "REGCOMP", "GPL-2.0-with-bison-exception+", "Unicode", "BZIP", "Zlib", "GPL-2.0-or-later", "RRA-KEEP-THIS-NOTICE", "BSD-3-clause-with-weird-numbering", "CC0-1.0", "TEXT-TABS", "BSD-4-clause-POWERDOG", "BSD-3-clause-GENERIC", "BSD-3-Clause", "SDBM-PUBLIC-DOMAIN", "DONT-CHANGE-THE-GPL", "Artistic-dist", "LGPL-2.1-only", "GPL-1.0-only", "GPL-2.0-only", "Artistic-2", "HSIEH-DERIVATIVE", "HSIEH-BSD" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/bin/perl", "/usr/bin/perl5.30.0", "/usr/lib/x86_64-linux-gnu/perl-base/AutoLoader.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Carp.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Carp/Heavy.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Config.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Config_git.pl", "/usr/lib/x86_64-linux-gnu/perl-base/Config_heavy.pl", "/usr/lib/x86_64-linux-gnu/perl-base/Cwd.pm", "/usr/lib/x86_64-linux-gnu/perl-base/DynaLoader.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Errno.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Exporter.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Exporter/Heavy.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Fcntl.pm", "/usr/lib/x86_64-linux-gnu/perl-base/File/Basename.pm", "/usr/lib/x86_64-linux-gnu/perl-base/File/Glob.pm", "/usr/lib/x86_64-linux-gnu/perl-base/File/Path.pm", "/usr/lib/x86_64-linux-gnu/perl-base/File/Spec.pm", "/usr/lib/x86_64-linux-gnu/perl-base/File/Spec/Unix.pm", "/usr/lib/x86_64-linux-gnu/perl-base/File/Temp.pm", "/usr/lib/x86_64-linux-gnu/perl-base/FileHandle.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Getopt/Long.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Hash/Util.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/File.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Handle.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Pipe.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Seekable.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Select.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket/INET.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket/IP.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket/UNIX.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IPC/Open2.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IPC/Open3.pm", "/usr/lib/x86_64-linux-gnu/perl-base/List/Util.pm", "/usr/lib/x86_64-linux-gnu/perl-base/POSIX.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Scalar/Util.pm", "/usr/lib/x86_64-linux-gnu/perl-base/SelectSaver.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Socket.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Symbol.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Text/ParseWords.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Text/Tabs.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Text/Wrap.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Tie/Hash.pm", "/usr/lib/x86_64-linux-gnu/perl-base/XSLoader.pm", "/usr/lib/x86_64-linux-gnu/perl-base/attributes.pm", "/usr/lib/x86_64-linux-gnu/perl-base/auto/Cwd/Cwd.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/Fcntl/Fcntl.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/File/Glob/Glob.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/Hash/Util/Util.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/IO/IO.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/List/Util/Util.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/POSIX/POSIX.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/Socket/Socket.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/attributes/attributes.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/re/re.so", "/usr/lib/x86_64-linux-gnu/perl-base/base.pm", "/usr/lib/x86_64-linux-gnu/perl-base/bytes.pm", "/usr/lib/x86_64-linux-gnu/perl-base/bytes_heavy.pl", "/usr/lib/x86_64-linux-gnu/perl-base/constant.pm", "/usr/lib/x86_64-linux-gnu/perl-base/feature.pm", "/usr/lib/x86_64-linux-gnu/perl-base/fields.pm", "/usr/lib/x86_64-linux-gnu/perl-base/integer.pm", "/usr/lib/x86_64-linux-gnu/perl-base/lib.pm", "/usr/lib/x86_64-linux-gnu/perl-base/locale.pm", "/usr/lib/x86_64-linux-gnu/perl-base/overload.pm", "/usr/lib/x86_64-linux-gnu/perl-base/overloading.pm", "/usr/lib/x86_64-linux-gnu/perl-base/parent.pm", "/usr/lib/x86_64-linux-gnu/perl-base/re.pm", "/usr/lib/x86_64-linux-gnu/perl-base/strict.pm", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/Heavy.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Age.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bmg.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bpb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bpt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Cf.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Digit.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Ea.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/EqUIdeo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Fold.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/GCB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Gc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Hst.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/InPC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/InSC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Isc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Jg.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Jt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Lb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Lc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Lower.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFCQC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFDQC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFKCCF.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFKCQC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFKDQC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Na1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NameAlia.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Nt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Nv.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/PerlDeci.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/SB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Sc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Scx.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Tc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Title.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Uc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Upper.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Vo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/WB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/_PerlLB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/_PerlSCX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/NA.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V100.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V11.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V110.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V120.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V20.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V30.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V31.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V32.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V40.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V41.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V50.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V51.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V52.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V60.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V61.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V70.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V80.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V90.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Alpha/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/AL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/AN.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/B.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/BN.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/CS.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/EN.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/ES.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/ET.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/L.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/NSM.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/ON.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/R.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/WS.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/BidiC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/BidiM/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Blk/NB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bpt/C.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bpt/N.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bpt/O.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CE/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CI/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWCF/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWCM/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWKCF/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWL/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWT/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWU/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Cased/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/A.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/AL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/AR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/ATAR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/B.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/BR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/DB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/NK.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/NR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/OV.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/VR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CompEx/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/DI/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dash/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dep/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dia/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Com.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Enc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Fin.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Font.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Init.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Iso.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Med.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Nar.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Nb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/NonCanon.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Sqr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Sub.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Sup.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Vert.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/A.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/H.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/N.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/Na.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/W.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ext/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/CN.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/EX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/LV.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/LVT.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/PP.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/SM.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/XX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/C.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Cf.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Cn.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/L.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/LC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Ll.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Lm.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Lo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Lu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/M.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Mc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Me.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Mn.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/N.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Nd.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Nl.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/No.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/P.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pd.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pe.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pf.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Po.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Ps.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/S.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Sc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Sk.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Sm.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/So.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Z.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Zs.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GrBase/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GrExt/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Hex/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Hst/NA.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Hyphen/T.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IDC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IDS/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ideo/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/10_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/11_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/12_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/12_1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/2_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/2_1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/3_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/3_1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/3_2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/4_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/4_1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/5_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/5_1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/5_2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_3.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/7_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/8_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/9_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Bottom.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Left.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/LeftAndR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/NA.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Overstru.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Right.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Top.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndBo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndL2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndLe.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndRi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/VisualOr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Avagraha.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Bindu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Cantilla.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona3.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona4.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona5.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona6.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona7.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consonan.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Invisibl.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Nukta.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Number.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Other.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/PureKill.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Syllable.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/ToneMark.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Virama.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Visarga.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Vowel.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/VowelDep.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/VowelInd.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Ain.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Alef.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Beh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Dal.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/FarsiYeh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Feh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Gaf.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Hah.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/HanifiRo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Kaf.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Lam.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/NoJoinin.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Qaf.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Reh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Sad.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Seen.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Waw.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Yeh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/C.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/D.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/L.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/R.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/T.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/U.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/AI.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/AL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/BA.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/BB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/CJ.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/CL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/CM.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/EB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/EX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/GL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/ID.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/IN.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/IS.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/NS.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/NU.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/OP.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/PO.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/PR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/QU.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/SA.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/XX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lower/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Math/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFCQC/M.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFCQC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFDQC/N.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFDQC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKCQC/N.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKCQC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKDQC/N.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKDQC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nt/Di.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nt/None.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nt/Nu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/10.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/100.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/10000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/100000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/11.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/12.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/13.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/14.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/15.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/16.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/17.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/18.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/19.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_16.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_3.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_4.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_6.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_8.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/20.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/200.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/2000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/20000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/2_3.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/30.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/300.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/30000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3_16.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3_4.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/4.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/40.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/400.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/4000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/40000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/5.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/50.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/500.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/5000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/50000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/6.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/60.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/600.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/6000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/60000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/7.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/70.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/700.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/7000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/70000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/8.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/80.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/800.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/8000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/80000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/9.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/90.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/900.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/9000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/90000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/PCM/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/PatSyn/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Alnum.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Assigned.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Blank.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Graph.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/PerlWord.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/PosixPun.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Print.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/SpacePer.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Title.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Word.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/XPosixPu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlAny.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlCh2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlCha.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlFol.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlIDC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlIDS.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlIsI.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlNch.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlNon.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlPat.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlPr2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlPro.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlQuo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/QMark/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/AT.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/CL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/EX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/FO.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/LE.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/LO.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/NU.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/SC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/ST.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/Sp.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/UP.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/XX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SD/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/STerm/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Arab.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Armn.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Beng.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Cprt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Cyrl.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Deva.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Dupl.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Geor.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Glag.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gong.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gonm.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gran.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Grek.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gujr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Guru.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Han.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Hang.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Hira.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Kana.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Knda.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Latn.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Limb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Linb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Mlym.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Mong.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Mult.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Orya.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Sinh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Syrc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Taml.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Telu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Zinh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Zyyy.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Adlm.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Arab.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Armn.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Beng.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Bhks.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Bopo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cakm.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cham.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Copt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cprt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cyrl.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Deva.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Dupl.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Ethi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Geor.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Glag.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gong.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gonm.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gran.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Grek.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gujr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Guru.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Han.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hang.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hebr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hira.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hmng.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hmnp.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Kana.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Khar.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Khmr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Khoj.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Knda.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Kthi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Lana.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Lao.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Latn.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Limb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Lina.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Linb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mlym.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mong.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mult.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mymr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Nand.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Orya.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Phlp.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Rohg.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Shrd.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Sind.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Sinh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Syrc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tagb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Takr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Talu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Taml.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Telu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Thaa.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tibt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tirh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Xsux.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Yi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Zinh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Zyyy.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Zzzz.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Term/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/UIdeo/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Upper/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/R.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/Tr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/Tu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/U.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/EX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/Extend.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/FO.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/HL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/KA.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/LE.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/MB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/ML.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/MN.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/NU.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/WSegSpac.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/XX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/XIDC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/XIDS/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/utf8.pm", "/usr/lib/x86_64-linux-gnu/perl-base/utf8_heavy.pl", "/usr/lib/x86_64-linux-gnu/perl-base/vars.pm", "/usr/lib/x86_64-linux-gnu/perl-base/warnings.pm", "/usr/lib/x86_64-linux-gnu/perl-base/warnings/register.pm", "/usr/share/doc/perl-base/changelog.Debian.gz", "/usr/share/doc/perl-base/copyright", "/usr/share/doc/perl/AUTHORS.gz", "/usr/share/doc/perl/Documentation", "/usr/share/lintian/overrides/perl-base", "/usr/share/man/man1/perl.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "perl-modules-5.30@5.30.0-9ubuntu0.3", "Name": "perl-modules-5.30", "Identifier": { "PURL": "pkg:deb/ubuntu/perl-modules-5.30@5.30.0-9ubuntu0.3?arch=all\u0026distro=ubuntu-20.04", "UID": "23ac15a776adbce9" }, "Version": "5.30.0", "Release": "9ubuntu0.3", "Arch": "all", "SrcName": "perl", "SrcVersion": "5.30.0", "SrcRelease": "9ubuntu0.3", "Licenses": [ "GPL-1.0-or-later", "Artistic-2.0", "MIT", "REGCOMP", "GPL-2.0-with-bison-exception+", "Unicode", "BZIP", "Zlib", "GPL-2.0-or-later", "RRA-KEEP-THIS-NOTICE", "BSD-3-clause-with-weird-numbering", "CC0-1.0", "TEXT-TABS", "BSD-4-clause-POWERDOG", "BSD-3-clause-GENERIC", "BSD-3-Clause", "SDBM-PUBLIC-DOMAIN", "DONT-CHANGE-THE-GPL", "Artistic-dist", "LGPL-2.1-only", "GPL-1.0-only", "GPL-2.0-only", "Artistic-2", "HSIEH-DERIVATIVE", "HSIEH-BSD" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "perl-base@5.30.0-9ubuntu0.3" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/share/doc/perl-modules-5.30/README.Debian", "/usr/share/doc/perl-modules-5.30/copyright", "/usr/share/lintian/overrides/perl-modules-5.30", "/usr/share/perl/5.30.0/AnyDBM_File.pm", "/usr/share/perl/5.30.0/App/Cpan.pm", "/usr/share/perl/5.30.0/App/Prove.pm", "/usr/share/perl/5.30.0/App/Prove/State.pm", "/usr/share/perl/5.30.0/App/Prove/State/Result.pm", "/usr/share/perl/5.30.0/App/Prove/State/Result/Test.pm", "/usr/share/perl/5.30.0/Archive/Tar.pm", "/usr/share/perl/5.30.0/Archive/Tar/Constant.pm", "/usr/share/perl/5.30.0/Archive/Tar/File.pm", "/usr/share/perl/5.30.0/Attribute/Handlers.pm", "/usr/share/perl/5.30.0/AutoLoader.pm", "/usr/share/perl/5.30.0/AutoSplit.pm", "/usr/share/perl/5.30.0/B/Deparse.pm", "/usr/share/perl/5.30.0/B/Op_private.pm", "/usr/share/perl/5.30.0/Benchmark.pm", "/usr/share/perl/5.30.0/CORE.pod", "/usr/share/perl/5.30.0/CPAN.pm", "/usr/share/perl/5.30.0/CPAN/API/HOWTO.pod", "/usr/share/perl/5.30.0/CPAN/Author.pm", "/usr/share/perl/5.30.0/CPAN/Bundle.pm", "/usr/share/perl/5.30.0/CPAN/CacheMgr.pm", "/usr/share/perl/5.30.0/CPAN/Complete.pm", "/usr/share/perl/5.30.0/CPAN/Debug.pm", "/usr/share/perl/5.30.0/CPAN/DeferredCode.pm", "/usr/share/perl/5.30.0/CPAN/Distribution.pm", "/usr/share/perl/5.30.0/CPAN/Distroprefs.pm", "/usr/share/perl/5.30.0/CPAN/Distrostatus.pm", "/usr/share/perl/5.30.0/CPAN/Exception/RecursiveDependency.pm", "/usr/share/perl/5.30.0/CPAN/Exception/blocked_urllist.pm", "/usr/share/perl/5.30.0/CPAN/Exception/yaml_not_installed.pm", "/usr/share/perl/5.30.0/CPAN/Exception/yaml_process_error.pm", "/usr/share/perl/5.30.0/CPAN/FTP.pm", "/usr/share/perl/5.30.0/CPAN/FTP/netrc.pm", "/usr/share/perl/5.30.0/CPAN/FirstTime.pm", "/usr/share/perl/5.30.0/CPAN/HTTP/Client.pm", "/usr/share/perl/5.30.0/CPAN/HTTP/Credentials.pm", "/usr/share/perl/5.30.0/CPAN/HandleConfig.pm", "/usr/share/perl/5.30.0/CPAN/Index.pm", "/usr/share/perl/5.30.0/CPAN/InfoObj.pm", "/usr/share/perl/5.30.0/CPAN/Kwalify.pm", "/usr/share/perl/5.30.0/CPAN/Kwalify/distroprefs.dd", "/usr/share/perl/5.30.0/CPAN/Kwalify/distroprefs.yml", "/usr/share/perl/5.30.0/CPAN/LWP/UserAgent.pm", "/usr/share/perl/5.30.0/CPAN/Meta.pm", "/usr/share/perl/5.30.0/CPAN/Meta/Converter.pm", "/usr/share/perl/5.30.0/CPAN/Meta/Feature.pm", "/usr/share/perl/5.30.0/CPAN/Meta/History.pm", "/usr/share/perl/5.30.0/CPAN/Meta/History/Meta_1_0.pod", "/usr/share/perl/5.30.0/CPAN/Meta/History/Meta_1_1.pod", "/usr/share/perl/5.30.0/CPAN/Meta/History/Meta_1_2.pod", "/usr/share/perl/5.30.0/CPAN/Meta/History/Meta_1_3.pod", "/usr/share/perl/5.30.0/CPAN/Meta/History/Meta_1_4.pod", "/usr/share/perl/5.30.0/CPAN/Meta/Merge.pm", "/usr/share/perl/5.30.0/CPAN/Meta/Prereqs.pm", "/usr/share/perl/5.30.0/CPAN/Meta/Requirements.pm", "/usr/share/perl/5.30.0/CPAN/Meta/Spec.pm", "/usr/share/perl/5.30.0/CPAN/Meta/Validator.pm", "/usr/share/perl/5.30.0/CPAN/Meta/YAML.pm", "/usr/share/perl/5.30.0/CPAN/Mirrors.pm", "/usr/share/perl/5.30.0/CPAN/Module.pm", "/usr/share/perl/5.30.0/CPAN/Nox.pm", "/usr/share/perl/5.30.0/CPAN/Plugin.pm", "/usr/share/perl/5.30.0/CPAN/Plugin/Specfile.pm", "/usr/share/perl/5.30.0/CPAN/Prompt.pm", "/usr/share/perl/5.30.0/CPAN/Queue.pm", "/usr/share/perl/5.30.0/CPAN/Shell.pm", "/usr/share/perl/5.30.0/CPAN/Tarzip.pm", "/usr/share/perl/5.30.0/CPAN/URL.pm", "/usr/share/perl/5.30.0/CPAN/Version.pm", "/usr/share/perl/5.30.0/Carp.pm", "/usr/share/perl/5.30.0/Carp/Heavy.pm", "/usr/share/perl/5.30.0/Class/Struct.pm", "/usr/share/perl/5.30.0/Compress/Zlib.pm", "/usr/share/perl/5.30.0/Config/Extensions.pm", "/usr/share/perl/5.30.0/Config/Perl/V.pm", "/usr/share/perl/5.30.0/DB.pm", "/usr/share/perl/5.30.0/DBM_Filter.pm", "/usr/share/perl/5.30.0/DBM_Filter/compress.pm", "/usr/share/perl/5.30.0/DBM_Filter/encode.pm", "/usr/share/perl/5.30.0/DBM_Filter/int32.pm", "/usr/share/perl/5.30.0/DBM_Filter/null.pm", "/usr/share/perl/5.30.0/DBM_Filter/utf8.pm", "/usr/share/perl/5.30.0/Devel/SelfStubber.pm", "/usr/share/perl/5.30.0/Digest.pm", "/usr/share/perl/5.30.0/Digest/base.pm", "/usr/share/perl/5.30.0/Digest/file.pm", "/usr/share/perl/5.30.0/DirHandle.pm", "/usr/share/perl/5.30.0/Dumpvalue.pm", "/usr/share/perl/5.30.0/Encode/Changes.e2x", "/usr/share/perl/5.30.0/Encode/ConfigLocal_PM.e2x", "/usr/share/perl/5.30.0/Encode/Makefile_PL.e2x", "/usr/share/perl/5.30.0/Encode/PerlIO.pod", "/usr/share/perl/5.30.0/Encode/README.e2x", "/usr/share/perl/5.30.0/Encode/Supported.pod", "/usr/share/perl/5.30.0/Encode/_PM.e2x", "/usr/share/perl/5.30.0/Encode/_T.e2x", "/usr/share/perl/5.30.0/Encode/encode.h", "/usr/share/perl/5.30.0/English.pm", "/usr/share/perl/5.30.0/Env.pm", "/usr/share/perl/5.30.0/Exporter.pm", "/usr/share/perl/5.30.0/Exporter/Heavy.pm", "/usr/share/perl/5.30.0/ExtUtils/CBuilder.pm", "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Base.pm", "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Platform/Unix.pm", "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Platform/VMS.pm", "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Platform/Windows.pm", "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Platform/Windows/BCC.pm", "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Platform/Windows/GCC.pm", "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Platform/Windows/MSVC.pm", "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Platform/aix.pm", "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Platform/android.pm", "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Platform/cygwin.pm", "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Platform/darwin.pm", "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Platform/dec_osf.pm", "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Platform/os2.pm", "/usr/share/perl/5.30.0/ExtUtils/Command.pm", "/usr/share/perl/5.30.0/ExtUtils/Command/MM.pm", "/usr/share/perl/5.30.0/ExtUtils/Constant.pm", "/usr/share/perl/5.30.0/ExtUtils/Constant/Base.pm", "/usr/share/perl/5.30.0/ExtUtils/Constant/ProxySubs.pm", "/usr/share/perl/5.30.0/ExtUtils/Constant/Utils.pm", "/usr/share/perl/5.30.0/ExtUtils/Constant/XS.pm", "/usr/share/perl/5.30.0/ExtUtils/Embed.pm", "/usr/share/perl/5.30.0/ExtUtils/Install.pm", "/usr/share/perl/5.30.0/ExtUtils/Installed.pm", "/usr/share/perl/5.30.0/ExtUtils/Liblist.pm", "/usr/share/perl/5.30.0/ExtUtils/Liblist/Kid.pm", "/usr/share/perl/5.30.0/ExtUtils/MANIFEST.SKIP", "/usr/share/perl/5.30.0/ExtUtils/MM.pm", "/usr/share/perl/5.30.0/ExtUtils/MM_AIX.pm", "/usr/share/perl/5.30.0/ExtUtils/MM_Any.pm", "/usr/share/perl/5.30.0/ExtUtils/MM_BeOS.pm", "/usr/share/perl/5.30.0/ExtUtils/MM_Cygwin.pm", "/usr/share/perl/5.30.0/ExtUtils/MM_DOS.pm", "/usr/share/perl/5.30.0/ExtUtils/MM_Darwin.pm", "/usr/share/perl/5.30.0/ExtUtils/MM_MacOS.pm", "/usr/share/perl/5.30.0/ExtUtils/MM_NW5.pm", "/usr/share/perl/5.30.0/ExtUtils/MM_OS2.pm", "/usr/share/perl/5.30.0/ExtUtils/MM_QNX.pm", "/usr/share/perl/5.30.0/ExtUtils/MM_UWIN.pm", "/usr/share/perl/5.30.0/ExtUtils/MM_Unix.pm", "/usr/share/perl/5.30.0/ExtUtils/MM_VMS.pm", "/usr/share/perl/5.30.0/ExtUtils/MM_VOS.pm", "/usr/share/perl/5.30.0/ExtUtils/MM_Win32.pm", "/usr/share/perl/5.30.0/ExtUtils/MM_Win95.pm", "/usr/share/perl/5.30.0/ExtUtils/MY.pm", "/usr/share/perl/5.30.0/ExtUtils/MakeMaker.pm", "/usr/share/perl/5.30.0/ExtUtils/MakeMaker/Config.pm", "/usr/share/perl/5.30.0/ExtUtils/MakeMaker/FAQ.pod", "/usr/share/perl/5.30.0/ExtUtils/MakeMaker/Locale.pm", "/usr/share/perl/5.30.0/ExtUtils/MakeMaker/Tutorial.pod", "/usr/share/perl/5.30.0/ExtUtils/MakeMaker/version.pm", "/usr/share/perl/5.30.0/ExtUtils/Manifest.pm", "/usr/share/perl/5.30.0/ExtUtils/Miniperl.pm", "/usr/share/perl/5.30.0/ExtUtils/Mkbootstrap.pm", "/usr/share/perl/5.30.0/ExtUtils/Mksymlists.pm", "/usr/share/perl/5.30.0/ExtUtils/Packlist.pm", "/usr/share/perl/5.30.0/ExtUtils/ParseXS.pm", "/usr/share/perl/5.30.0/ExtUtils/ParseXS.pod", "/usr/share/perl/5.30.0/ExtUtils/ParseXS/Constants.pm", "/usr/share/perl/5.30.0/ExtUtils/ParseXS/CountLines.pm", "/usr/share/perl/5.30.0/ExtUtils/ParseXS/Eval.pm", "/usr/share/perl/5.30.0/ExtUtils/ParseXS/Utilities.pm", "/usr/share/perl/5.30.0/ExtUtils/Typemaps.pm", "/usr/share/perl/5.30.0/ExtUtils/Typemaps/Cmd.pm", "/usr/share/perl/5.30.0/ExtUtils/Typemaps/InputMap.pm", "/usr/share/perl/5.30.0/ExtUtils/Typemaps/OutputMap.pm", "/usr/share/perl/5.30.0/ExtUtils/Typemaps/Type.pm", "/usr/share/perl/5.30.0/ExtUtils/testlib.pm", "/usr/share/perl/5.30.0/ExtUtils/typemap", "/usr/share/perl/5.30.0/ExtUtils/xsubpp", "/usr/share/perl/5.30.0/Fatal.pm", "/usr/share/perl/5.30.0/File/Basename.pm", "/usr/share/perl/5.30.0/File/Compare.pm", "/usr/share/perl/5.30.0/File/Copy.pm", "/usr/share/perl/5.30.0/File/Fetch.pm", "/usr/share/perl/5.30.0/File/Find.pm", "/usr/share/perl/5.30.0/File/GlobMapper.pm", "/usr/share/perl/5.30.0/File/Path.pm", "/usr/share/perl/5.30.0/File/Temp.pm", "/usr/share/perl/5.30.0/File/stat.pm", "/usr/share/perl/5.30.0/FileCache.pm", "/usr/share/perl/5.30.0/FileHandle.pm", "/usr/share/perl/5.30.0/Filter/Simple.pm", "/usr/share/perl/5.30.0/FindBin.pm", "/usr/share/perl/5.30.0/Getopt/Long.pm", "/usr/share/perl/5.30.0/Getopt/Std.pm", "/usr/share/perl/5.30.0/HTTP/Tiny.pm", "/usr/share/perl/5.30.0/I18N/Collate.pm", "/usr/share/perl/5.30.0/I18N/LangTags.pm", "/usr/share/perl/5.30.0/I18N/LangTags/Detect.pm", "/usr/share/perl/5.30.0/I18N/LangTags/List.pm", "/usr/share/perl/5.30.0/IO/Compress/Adapter/Bzip2.pm", "/usr/share/perl/5.30.0/IO/Compress/Adapter/Deflate.pm", "/usr/share/perl/5.30.0/IO/Compress/Adapter/Identity.pm", "/usr/share/perl/5.30.0/IO/Compress/Base.pm", "/usr/share/perl/5.30.0/IO/Compress/Base/Common.pm", "/usr/share/perl/5.30.0/IO/Compress/Bzip2.pm", "/usr/share/perl/5.30.0/IO/Compress/Deflate.pm", "/usr/share/perl/5.30.0/IO/Compress/FAQ.pod", "/usr/share/perl/5.30.0/IO/Compress/Gzip.pm", "/usr/share/perl/5.30.0/IO/Compress/Gzip/Constants.pm", "/usr/share/perl/5.30.0/IO/Compress/RawDeflate.pm", "/usr/share/perl/5.30.0/IO/Compress/Zip.pm", "/usr/share/perl/5.30.0/IO/Compress/Zip/Constants.pm", "/usr/share/perl/5.30.0/IO/Compress/Zlib/Constants.pm", "/usr/share/perl/5.30.0/IO/Compress/Zlib/Extra.pm", "/usr/share/perl/5.30.0/IO/Socket/IP.pm", "/usr/share/perl/5.30.0/IO/Uncompress/Adapter/Bunzip2.pm", "/usr/share/perl/5.30.0/IO/Uncompress/Adapter/Identity.pm", "/usr/share/perl/5.30.0/IO/Uncompress/Adapter/Inflate.pm", "/usr/share/perl/5.30.0/IO/Uncompress/AnyInflate.pm", "/usr/share/perl/5.30.0/IO/Uncompress/AnyUncompress.pm", "/usr/share/perl/5.30.0/IO/Uncompress/Base.pm", "/usr/share/perl/5.30.0/IO/Uncompress/Bunzip2.pm", "/usr/share/perl/5.30.0/IO/Uncompress/Gunzip.pm", "/usr/share/perl/5.30.0/IO/Uncompress/Inflate.pm", "/usr/share/perl/5.30.0/IO/Uncompress/RawInflate.pm", "/usr/share/perl/5.30.0/IO/Uncompress/Unzip.pm", "/usr/share/perl/5.30.0/IO/Zlib.pm", "/usr/share/perl/5.30.0/IPC/Cmd.pm", "/usr/share/perl/5.30.0/IPC/Open2.pm", "/usr/share/perl/5.30.0/IPC/Open3.pm", "/usr/share/perl/5.30.0/Internals.pod", "/usr/share/perl/5.30.0/JSON/PP.pm", "/usr/share/perl/5.30.0/JSON/PP/Boolean.pm", "/usr/share/perl/5.30.0/Locale/Maketext.pm", "/usr/share/perl/5.30.0/Locale/Maketext.pod", "/usr/share/perl/5.30.0/Locale/Maketext/Cookbook.pod", "/usr/share/perl/5.30.0/Locale/Maketext/Guts.pm", "/usr/share/perl/5.30.0/Locale/Maketext/GutsLoader.pm", "/usr/share/perl/5.30.0/Locale/Maketext/Simple.pm", "/usr/share/perl/5.30.0/Locale/Maketext/TPJ13.pod", "/usr/share/perl/5.30.0/Math/BigFloat.pm", "/usr/share/perl/5.30.0/Math/BigFloat/Trace.pm", "/usr/share/perl/5.30.0/Math/BigInt.pm", "/usr/share/perl/5.30.0/Math/BigInt/Calc.pm", "/usr/share/perl/5.30.0/Math/BigInt/Lib.pm", "/usr/share/perl/5.30.0/Math/BigInt/Trace.pm", "/usr/share/perl/5.30.0/Math/BigRat.pm", "/usr/share/perl/5.30.0/Math/Complex.pm", "/usr/share/perl/5.30.0/Math/Trig.pm", "/usr/share/perl/5.30.0/Memoize.pm", "/usr/share/perl/5.30.0/Memoize/AnyDBM_File.pm", "/usr/share/perl/5.30.0/Memoize/Expire.pm", "/usr/share/perl/5.30.0/Memoize/ExpireFile.pm", "/usr/share/perl/5.30.0/Memoize/ExpireTest.pm", "/usr/share/perl/5.30.0/Memoize/NDBM_File.pm", "/usr/share/perl/5.30.0/Memoize/SDBM_File.pm", "/usr/share/perl/5.30.0/Memoize/Storable.pm", "/usr/share/perl/5.30.0/Module/CoreList.pm", "/usr/share/perl/5.30.0/Module/CoreList.pod", "/usr/share/perl/5.30.0/Module/CoreList/Utils.pm", "/usr/share/perl/5.30.0/Module/Load.pm", "/usr/share/perl/5.30.0/Module/Load/Conditional.pm", "/usr/share/perl/5.30.0/Module/Loaded.pm", "/usr/share/perl/5.30.0/Module/Metadata.pm", "/usr/share/perl/5.30.0/NEXT.pm", "/usr/share/perl/5.30.0/Net/Cmd.pm", "/usr/share/perl/5.30.0/Net/Config.pm", "/usr/share/perl/5.30.0/Net/Domain.pm", "/usr/share/perl/5.30.0/Net/FTP.pm", "/usr/share/perl/5.30.0/Net/FTP/A.pm", "/usr/share/perl/5.30.0/Net/FTP/E.pm", "/usr/share/perl/5.30.0/Net/FTP/I.pm", "/usr/share/perl/5.30.0/Net/FTP/L.pm", "/usr/share/perl/5.30.0/Net/FTP/dataconn.pm", "/usr/share/perl/5.30.0/Net/NNTP.pm", "/usr/share/perl/5.30.0/Net/Netrc.pm", "/usr/share/perl/5.30.0/Net/POP3.pm", "/usr/share/perl/5.30.0/Net/Ping.pm", "/usr/share/perl/5.30.0/Net/SMTP.pm", "/usr/share/perl/5.30.0/Net/Time.pm", "/usr/share/perl/5.30.0/Net/hostent.pm", "/usr/share/perl/5.30.0/Net/libnetFAQ.pod", "/usr/share/perl/5.30.0/Net/netent.pm", "/usr/share/perl/5.30.0/Net/protoent.pm", "/usr/share/perl/5.30.0/Net/servent.pm", "/usr/share/perl/5.30.0/Params/Check.pm", "/usr/share/perl/5.30.0/Parse/CPAN/Meta.pm", "/usr/share/perl/5.30.0/Perl/OSType.pm", "/usr/share/perl/5.30.0/PerlIO.pm", "/usr/share/perl/5.30.0/PerlIO/via/QuotedPrint.pm", "/usr/share/perl/5.30.0/Pod/Checker.pm", "/usr/share/perl/5.30.0/Pod/Escapes.pm", "/usr/share/perl/5.30.0/Pod/Find.pm", "/usr/share/perl/5.30.0/Pod/Functions.pm", "/usr/share/perl/5.30.0/Pod/Html.pm", "/usr/share/perl/5.30.0/Pod/InputObjects.pm", "/usr/share/perl/5.30.0/Pod/Man.pm", "/usr/share/perl/5.30.0/Pod/ParseLink.pm", "/usr/share/perl/5.30.0/Pod/ParseUtils.pm", "/usr/share/perl/5.30.0/Pod/Parser.pm", "/usr/share/perl/5.30.0/Pod/Perldoc.pm", "/usr/share/perl/5.30.0/Pod/Perldoc/BaseTo.pm", "/usr/share/perl/5.30.0/Pod/Perldoc/GetOptsOO.pm", "/usr/share/perl/5.30.0/Pod/Perldoc/ToANSI.pm", "/usr/share/perl/5.30.0/Pod/Perldoc/ToChecker.pm", "/usr/share/perl/5.30.0/Pod/Perldoc/ToMan.pm", "/usr/share/perl/5.30.0/Pod/Perldoc/ToNroff.pm", "/usr/share/perl/5.30.0/Pod/Perldoc/ToPod.pm", "/usr/share/perl/5.30.0/Pod/Perldoc/ToRtf.pm", "/usr/share/perl/5.30.0/Pod/Perldoc/ToTerm.pm", "/usr/share/perl/5.30.0/Pod/Perldoc/ToText.pm", "/usr/share/perl/5.30.0/Pod/Perldoc/ToTk.pm", "/usr/share/perl/5.30.0/Pod/Perldoc/ToXml.pm", "/usr/share/perl/5.30.0/Pod/PlainText.pm", "/usr/share/perl/5.30.0/Pod/Select.pm", "/usr/share/perl/5.30.0/Pod/Simple.pm", "/usr/share/perl/5.30.0/Pod/Simple.pod", "/usr/share/perl/5.30.0/Pod/Simple/BlackBox.pm", "/usr/share/perl/5.30.0/Pod/Simple/Checker.pm", "/usr/share/perl/5.30.0/Pod/Simple/Debug.pm", "/usr/share/perl/5.30.0/Pod/Simple/DumpAsText.pm", "/usr/share/perl/5.30.0/Pod/Simple/DumpAsXML.pm", "/usr/share/perl/5.30.0/Pod/Simple/HTML.pm", "/usr/share/perl/5.30.0/Pod/Simple/HTMLBatch.pm", "/usr/share/perl/5.30.0/Pod/Simple/HTMLLegacy.pm", "/usr/share/perl/5.30.0/Pod/Simple/LinkSection.pm", "/usr/share/perl/5.30.0/Pod/Simple/Methody.pm", "/usr/share/perl/5.30.0/Pod/Simple/Progress.pm", "/usr/share/perl/5.30.0/Pod/Simple/PullParser.pm", "/usr/share/perl/5.30.0/Pod/Simple/PullParserEndToken.pm", "/usr/share/perl/5.30.0/Pod/Simple/PullParserStartToken.pm", "/usr/share/perl/5.30.0/Pod/Simple/PullParserTextToken.pm", "/usr/share/perl/5.30.0/Pod/Simple/PullParserToken.pm", "/usr/share/perl/5.30.0/Pod/Simple/RTF.pm", "/usr/share/perl/5.30.0/Pod/Simple/Search.pm", "/usr/share/perl/5.30.0/Pod/Simple/SimpleTree.pm", "/usr/share/perl/5.30.0/Pod/Simple/Subclassing.pod", "/usr/share/perl/5.30.0/Pod/Simple/Text.pm", "/usr/share/perl/5.30.0/Pod/Simple/TextContent.pm", "/usr/share/perl/5.30.0/Pod/Simple/TiedOutFH.pm", "/usr/share/perl/5.30.0/Pod/Simple/Transcode.pm", "/usr/share/perl/5.30.0/Pod/Simple/TranscodeDumb.pm", "/usr/share/perl/5.30.0/Pod/Simple/TranscodeSmart.pm", "/usr/share/perl/5.30.0/Pod/Simple/XHTML.pm", "/usr/share/perl/5.30.0/Pod/Simple/XMLOutStream.pm", "/usr/share/perl/5.30.0/Pod/Text.pm", "/usr/share/perl/5.30.0/Pod/Text/Color.pm", "/usr/share/perl/5.30.0/Pod/Text/Overstrike.pm", "/usr/share/perl/5.30.0/Pod/Text/Termcap.pm", "/usr/share/perl/5.30.0/Pod/Usage.pm", "/usr/share/perl/5.30.0/Safe.pm", "/usr/share/perl/5.30.0/Search/Dict.pm", "/usr/share/perl/5.30.0/SelectSaver.pm", "/usr/share/perl/5.30.0/SelfLoader.pm", "/usr/share/perl/5.30.0/Symbol.pm", "/usr/share/perl/5.30.0/TAP/Base.pm", "/usr/share/perl/5.30.0/TAP/Formatter/Base.pm", "/usr/share/perl/5.30.0/TAP/Formatter/Color.pm", "/usr/share/perl/5.30.0/TAP/Formatter/Console.pm", "/usr/share/perl/5.30.0/TAP/Formatter/Console/ParallelSession.pm", "/usr/share/perl/5.30.0/TAP/Formatter/Console/Session.pm", "/usr/share/perl/5.30.0/TAP/Formatter/File.pm", "/usr/share/perl/5.30.0/TAP/Formatter/File/Session.pm", "/usr/share/perl/5.30.0/TAP/Formatter/Session.pm", "/usr/share/perl/5.30.0/TAP/Harness.pm", "/usr/share/perl/5.30.0/TAP/Harness/Beyond.pod", "/usr/share/perl/5.30.0/TAP/Harness/Env.pm", "/usr/share/perl/5.30.0/TAP/Object.pm", "/usr/share/perl/5.30.0/TAP/Parser.pm", "/usr/share/perl/5.30.0/TAP/Parser/Aggregator.pm", "/usr/share/perl/5.30.0/TAP/Parser/Grammar.pm", "/usr/share/perl/5.30.0/TAP/Parser/Iterator.pm", "/usr/share/perl/5.30.0/TAP/Parser/Iterator/Array.pm", "/usr/share/perl/5.30.0/TAP/Parser/Iterator/Process.pm", "/usr/share/perl/5.30.0/TAP/Parser/Iterator/Stream.pm", "/usr/share/perl/5.30.0/TAP/Parser/IteratorFactory.pm", "/usr/share/perl/5.30.0/TAP/Parser/Multiplexer.pm", "/usr/share/perl/5.30.0/TAP/Parser/Result.pm", "/usr/share/perl/5.30.0/TAP/Parser/Result/Bailout.pm", "/usr/share/perl/5.30.0/TAP/Parser/Result/Comment.pm", "/usr/share/perl/5.30.0/TAP/Parser/Result/Plan.pm", "/usr/share/perl/5.30.0/TAP/Parser/Result/Pragma.pm", "/usr/share/perl/5.30.0/TAP/Parser/Result/Test.pm", "/usr/share/perl/5.30.0/TAP/Parser/Result/Unknown.pm", "/usr/share/perl/5.30.0/TAP/Parser/Result/Version.pm", "/usr/share/perl/5.30.0/TAP/Parser/Result/YAML.pm", "/usr/share/perl/5.30.0/TAP/Parser/ResultFactory.pm", "/usr/share/perl/5.30.0/TAP/Parser/Scheduler.pm", "/usr/share/perl/5.30.0/TAP/Parser/Scheduler/Job.pm", "/usr/share/perl/5.30.0/TAP/Parser/Scheduler/Spinner.pm", "/usr/share/perl/5.30.0/TAP/Parser/Source.pm", "/usr/share/perl/5.30.0/TAP/Parser/SourceHandler.pm", "/usr/share/perl/5.30.0/TAP/Parser/SourceHandler/Executable.pm", "/usr/share/perl/5.30.0/TAP/Parser/SourceHandler/File.pm", "/usr/share/perl/5.30.0/TAP/Parser/SourceHandler/Handle.pm", "/usr/share/perl/5.30.0/TAP/Parser/SourceHandler/Perl.pm", "/usr/share/perl/5.30.0/TAP/Parser/SourceHandler/RawTAP.pm", "/usr/share/perl/5.30.0/TAP/Parser/YAMLish/Reader.pm", "/usr/share/perl/5.30.0/TAP/Parser/YAMLish/Writer.pm", "/usr/share/perl/5.30.0/Term/ANSIColor.pm", "/usr/share/perl/5.30.0/Term/Cap.pm", "/usr/share/perl/5.30.0/Term/Complete.pm", "/usr/share/perl/5.30.0/Term/ReadLine.pm", "/usr/share/perl/5.30.0/Test.pm", "/usr/share/perl/5.30.0/Test/Builder.pm", "/usr/share/perl/5.30.0/Test/Builder/Formatter.pm", "/usr/share/perl/5.30.0/Test/Builder/IO/Scalar.pm", "/usr/share/perl/5.30.0/Test/Builder/Module.pm", "/usr/share/perl/5.30.0/Test/Builder/Tester.pm", "/usr/share/perl/5.30.0/Test/Builder/Tester/Color.pm", "/usr/share/perl/5.30.0/Test/Builder/TodoDiag.pm", "/usr/share/perl/5.30.0/Test/Harness.pm", "/usr/share/perl/5.30.0/Test/More.pm", "/usr/share/perl/5.30.0/Test/Simple.pm", "/usr/share/perl/5.30.0/Test/Tester.pm", "/usr/share/perl/5.30.0/Test/Tester/Capture.pm", "/usr/share/perl/5.30.0/Test/Tester/CaptureRunner.pm", "/usr/share/perl/5.30.0/Test/Tester/Delegate.pm", "/usr/share/perl/5.30.0/Test/Tutorial.pod", "/usr/share/perl/5.30.0/Test/use/ok.pm", "/usr/share/perl/5.30.0/Test2.pm", "/usr/share/perl/5.30.0/Test2/API.pm", "/usr/share/perl/5.30.0/Test2/API/Breakage.pm", "/usr/share/perl/5.30.0/Test2/API/Context.pm", "/usr/share/perl/5.30.0/Test2/API/Instance.pm", "/usr/share/perl/5.30.0/Test2/API/Stack.pm", "/usr/share/perl/5.30.0/Test2/Event.pm", "/usr/share/perl/5.30.0/Test2/Event/Bail.pm", "/usr/share/perl/5.30.0/Test2/Event/Diag.pm", "/usr/share/perl/5.30.0/Test2/Event/Encoding.pm", "/usr/share/perl/5.30.0/Test2/Event/Exception.pm", "/usr/share/perl/5.30.0/Test2/Event/Fail.pm", "/usr/share/perl/5.30.0/Test2/Event/Generic.pm", "/usr/share/perl/5.30.0/Test2/Event/Note.pm", "/usr/share/perl/5.30.0/Test2/Event/Ok.pm", "/usr/share/perl/5.30.0/Test2/Event/Pass.pm", "/usr/share/perl/5.30.0/Test2/Event/Plan.pm", "/usr/share/perl/5.30.0/Test2/Event/Skip.pm", "/usr/share/perl/5.30.0/Test2/Event/Subtest.pm", "/usr/share/perl/5.30.0/Test2/Event/TAP/Version.pm", "/usr/share/perl/5.30.0/Test2/Event/V2.pm", "/usr/share/perl/5.30.0/Test2/Event/Waiting.pm", "/usr/share/perl/5.30.0/Test2/EventFacet.pm", "/usr/share/perl/5.30.0/Test2/EventFacet/About.pm", "/usr/share/perl/5.30.0/Test2/EventFacet/Amnesty.pm", "/usr/share/perl/5.30.0/Test2/EventFacet/Assert.pm", "/usr/share/perl/5.30.0/Test2/EventFacet/Control.pm", "/usr/share/perl/5.30.0/Test2/EventFacet/Error.pm", "/usr/share/perl/5.30.0/Test2/EventFacet/Hub.pm", "/usr/share/perl/5.30.0/Test2/EventFacet/Info.pm", "/usr/share/perl/5.30.0/Test2/EventFacet/Info/Table.pm", "/usr/share/perl/5.30.0/Test2/EventFacet/Meta.pm", "/usr/share/perl/5.30.0/Test2/EventFacet/Parent.pm", "/usr/share/perl/5.30.0/Test2/EventFacet/Plan.pm", "/usr/share/perl/5.30.0/Test2/EventFacet/Render.pm", "/usr/share/perl/5.30.0/Test2/EventFacet/Trace.pm", "/usr/share/perl/5.30.0/Test2/Formatter.pm", "/usr/share/perl/5.30.0/Test2/Formatter/TAP.pm", "/usr/share/perl/5.30.0/Test2/Hub.pm", "/usr/share/perl/5.30.0/Test2/Hub/Interceptor.pm", "/usr/share/perl/5.30.0/Test2/Hub/Interceptor/Terminator.pm", "/usr/share/perl/5.30.0/Test2/Hub/Subtest.pm", "/usr/share/perl/5.30.0/Test2/IPC.pm", "/usr/share/perl/5.30.0/Test2/IPC/Driver.pm", "/usr/share/perl/5.30.0/Test2/IPC/Driver/Files.pm", "/usr/share/perl/5.30.0/Test2/Tools/Tiny.pm", "/usr/share/perl/5.30.0/Test2/Transition.pod", "/usr/share/perl/5.30.0/Test2/Util.pm", "/usr/share/perl/5.30.0/Test2/Util/ExternalMeta.pm", "/usr/share/perl/5.30.0/Test2/Util/Facets2Legacy.pm", "/usr/share/perl/5.30.0/Test2/Util/HashBase.pm", "/usr/share/perl/5.30.0/Test2/Util/Trace.pm", "/usr/share/perl/5.30.0/Text/Abbrev.pm", "/usr/share/perl/5.30.0/Text/Balanced.pm", "/usr/share/perl/5.30.0/Text/ParseWords.pm", "/usr/share/perl/5.30.0/Text/Tabs.pm", "/usr/share/perl/5.30.0/Text/Wrap.pm", "/usr/share/perl/5.30.0/Thread.pm", "/usr/share/perl/5.30.0/Thread/Queue.pm", "/usr/share/perl/5.30.0/Thread/Semaphore.pm", "/usr/share/perl/5.30.0/Tie/Array.pm", "/usr/share/perl/5.30.0/Tie/File.pm", "/usr/share/perl/5.30.0/Tie/Handle.pm", "/usr/share/perl/5.30.0/Tie/Hash.pm", "/usr/share/perl/5.30.0/Tie/Memoize.pm", "/usr/share/perl/5.30.0/Tie/RefHash.pm", "/usr/share/perl/5.30.0/Tie/Scalar.pm", "/usr/share/perl/5.30.0/Tie/StdHandle.pm", "/usr/share/perl/5.30.0/Tie/SubstrHash.pm", "/usr/share/perl/5.30.0/Time/Local.pm", "/usr/share/perl/5.30.0/Time/gmtime.pm", "/usr/share/perl/5.30.0/Time/localtime.pm", "/usr/share/perl/5.30.0/Time/tm.pm", "/usr/share/perl/5.30.0/UNIVERSAL.pm", "/usr/share/perl/5.30.0/Unicode/Collate/CJK/Big5.pm", "/usr/share/perl/5.30.0/Unicode/Collate/CJK/GB2312.pm", "/usr/share/perl/5.30.0/Unicode/Collate/CJK/JISX0208.pm", "/usr/share/perl/5.30.0/Unicode/Collate/CJK/Korean.pm", "/usr/share/perl/5.30.0/Unicode/Collate/CJK/Pinyin.pm", "/usr/share/perl/5.30.0/Unicode/Collate/CJK/Stroke.pm", "/usr/share/perl/5.30.0/Unicode/Collate/CJK/Zhuyin.pm", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/af.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ar.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/as.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/az.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/be.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/bn.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ca.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/cs.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/cu.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/cy.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/da.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/de_at_ph.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/de_phone.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/dsb.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ee.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/eo.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/es.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/es_trad.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/et.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/fa.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/fi.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/fi_phone.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/fil.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/fo.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/fr_ca.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/gu.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ha.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/haw.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/he.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/hi.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/hr.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/hu.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/hy.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ig.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/is.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ja.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/kk.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/kl.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/kn.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ko.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/kok.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/lkt.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ln.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/lt.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/lv.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/mk.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ml.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/mr.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/mt.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/nb.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/nn.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/nso.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/om.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/or.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/pa.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/pl.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ro.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/sa.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/se.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/si.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/si_dict.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/sk.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/sl.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/sq.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/sr.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/sv.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/sv_refo.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ta.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/te.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/th.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/tn.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/to.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/tr.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ug_cyrl.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/uk.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ur.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/vi.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/vo.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/wae.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/wo.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/yo.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/zh.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/zh_big5.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/zh_gb.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/zh_pin.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/zh_strk.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/zh_zhu.pl", "/usr/share/perl/5.30.0/Unicode/Collate/allkeys.txt", "/usr/share/perl/5.30.0/Unicode/Collate/keys.txt", "/usr/share/perl/5.30.0/Unicode/UCD.pm", "/usr/share/perl/5.30.0/User/grent.pm", "/usr/share/perl/5.30.0/User/pwent.pm", "/usr/share/perl/5.30.0/XSLoader.pm", "/usr/share/perl/5.30.0/_charnames.pm", "/usr/share/perl/5.30.0/autodie.pm", "/usr/share/perl/5.30.0/autodie/Scope/Guard.pm", "/usr/share/perl/5.30.0/autodie/Scope/GuardStack.pm", "/usr/share/perl/5.30.0/autodie/Util.pm", "/usr/share/perl/5.30.0/autodie/exception.pm", "/usr/share/perl/5.30.0/autodie/exception/system.pm", "/usr/share/perl/5.30.0/autodie/hints.pm", "/usr/share/perl/5.30.0/autodie/skip.pm", "/usr/share/perl/5.30.0/autouse.pm", "/usr/share/perl/5.30.0/base.pm", "/usr/share/perl/5.30.0/bigint.pm", "/usr/share/perl/5.30.0/bignum.pm", "/usr/share/perl/5.30.0/bigrat.pm", "/usr/share/perl/5.30.0/blib.pm", "/usr/share/perl/5.30.0/bytes.pm", "/usr/share/perl/5.30.0/bytes_heavy.pl", "/usr/share/perl/5.30.0/charnames.pm", "/usr/share/perl/5.30.0/constant.pm", "/usr/share/perl/5.30.0/deprecate.pm", "/usr/share/perl/5.30.0/diagnostics.pm", "/usr/share/perl/5.30.0/dumpvar.pl", "/usr/share/perl/5.30.0/encoding/warnings.pm", "/usr/share/perl/5.30.0/experimental.pm", "/usr/share/perl/5.30.0/feature.pm", "/usr/share/perl/5.30.0/fields.pm", "/usr/share/perl/5.30.0/filetest.pm", "/usr/share/perl/5.30.0/if.pm", "/usr/share/perl/5.30.0/integer.pm", "/usr/share/perl/5.30.0/less.pm", "/usr/share/perl/5.30.0/locale.pm", "/usr/share/perl/5.30.0/meta_notation.pm", "/usr/share/perl/5.30.0/ok.pm", "/usr/share/perl/5.30.0/open.pm", "/usr/share/perl/5.30.0/overload.pm", "/usr/share/perl/5.30.0/overload/numbers.pm", "/usr/share/perl/5.30.0/overloading.pm", "/usr/share/perl/5.30.0/parent.pm", "/usr/share/perl/5.30.0/perl5db.pl", "/usr/share/perl/5.30.0/perlfaq.pm", "/usr/share/perl/5.30.0/pod/perldiag.pod", "/usr/share/perl/5.30.0/sigtrap.pm", "/usr/share/perl/5.30.0/sort.pm", "/usr/share/perl/5.30.0/strict.pm", "/usr/share/perl/5.30.0/subs.pm", "/usr/share/perl/5.30.0/unicore/Blocks.txt", "/usr/share/perl/5.30.0/unicore/CombiningClass.pl", "/usr/share/perl/5.30.0/unicore/Decomposition.pl", "/usr/share/perl/5.30.0/unicore/Heavy.pl", "/usr/share/perl/5.30.0/unicore/Name.pl", "/usr/share/perl/5.30.0/unicore/Name.pm", "/usr/share/perl/5.30.0/unicore/NamedSequences.txt", "/usr/share/perl/5.30.0/unicore/SpecialCasing.txt", "/usr/share/perl/5.30.0/unicore/To/Age.pl", "/usr/share/perl/5.30.0/unicore/To/Bc.pl", "/usr/share/perl/5.30.0/unicore/To/Bmg.pl", "/usr/share/perl/5.30.0/unicore/To/Bpb.pl", "/usr/share/perl/5.30.0/unicore/To/Bpt.pl", "/usr/share/perl/5.30.0/unicore/To/Cf.pl", "/usr/share/perl/5.30.0/unicore/To/Digit.pl", "/usr/share/perl/5.30.0/unicore/To/Ea.pl", "/usr/share/perl/5.30.0/unicore/To/EqUIdeo.pl", "/usr/share/perl/5.30.0/unicore/To/Fold.pl", "/usr/share/perl/5.30.0/unicore/To/GCB.pl", "/usr/share/perl/5.30.0/unicore/To/Gc.pl", "/usr/share/perl/5.30.0/unicore/To/Hst.pl", "/usr/share/perl/5.30.0/unicore/To/InPC.pl", "/usr/share/perl/5.30.0/unicore/To/InSC.pl", "/usr/share/perl/5.30.0/unicore/To/Isc.pl", "/usr/share/perl/5.30.0/unicore/To/Jg.pl", "/usr/share/perl/5.30.0/unicore/To/Jt.pl", "/usr/share/perl/5.30.0/unicore/To/Lb.pl", "/usr/share/perl/5.30.0/unicore/To/Lc.pl", "/usr/share/perl/5.30.0/unicore/To/Lower.pl", "/usr/share/perl/5.30.0/unicore/To/NFCQC.pl", "/usr/share/perl/5.30.0/unicore/To/NFDQC.pl", "/usr/share/perl/5.30.0/unicore/To/NFKCCF.pl", "/usr/share/perl/5.30.0/unicore/To/NFKCQC.pl", "/usr/share/perl/5.30.0/unicore/To/NFKDQC.pl", "/usr/share/perl/5.30.0/unicore/To/Na1.pl", "/usr/share/perl/5.30.0/unicore/To/NameAlia.pl", "/usr/share/perl/5.30.0/unicore/To/Nt.pl", "/usr/share/perl/5.30.0/unicore/To/Nv.pl", "/usr/share/perl/5.30.0/unicore/To/PerlDeci.pl", "/usr/share/perl/5.30.0/unicore/To/SB.pl", "/usr/share/perl/5.30.0/unicore/To/Sc.pl", "/usr/share/perl/5.30.0/unicore/To/Scx.pl", "/usr/share/perl/5.30.0/unicore/To/Tc.pl", "/usr/share/perl/5.30.0/unicore/To/Title.pl", "/usr/share/perl/5.30.0/unicore/To/Uc.pl", "/usr/share/perl/5.30.0/unicore/To/Upper.pl", "/usr/share/perl/5.30.0/unicore/To/Vo.pl", "/usr/share/perl/5.30.0/unicore/To/WB.pl", "/usr/share/perl/5.30.0/unicore/To/_PerlLB.pl", "/usr/share/perl/5.30.0/unicore/To/_PerlSCX.pl", "/usr/share/perl/5.30.0/unicore/UCD.pl", "/usr/share/perl/5.30.0/unicore/lib/Age/NA.pl", "/usr/share/perl/5.30.0/unicore/lib/Age/V100.pl", "/usr/share/perl/5.30.0/unicore/lib/Age/V11.pl", "/usr/share/perl/5.30.0/unicore/lib/Age/V110.pl", "/usr/share/perl/5.30.0/unicore/lib/Age/V120.pl", "/usr/share/perl/5.30.0/unicore/lib/Age/V20.pl", "/usr/share/perl/5.30.0/unicore/lib/Age/V30.pl", "/usr/share/perl/5.30.0/unicore/lib/Age/V31.pl", "/usr/share/perl/5.30.0/unicore/lib/Age/V32.pl", "/usr/share/perl/5.30.0/unicore/lib/Age/V40.pl", "/usr/share/perl/5.30.0/unicore/lib/Age/V41.pl", "/usr/share/perl/5.30.0/unicore/lib/Age/V50.pl", "/usr/share/perl/5.30.0/unicore/lib/Age/V51.pl", "/usr/share/perl/5.30.0/unicore/lib/Age/V52.pl", "/usr/share/perl/5.30.0/unicore/lib/Age/V60.pl", "/usr/share/perl/5.30.0/unicore/lib/Age/V61.pl", "/usr/share/perl/5.30.0/unicore/lib/Age/V70.pl", "/usr/share/perl/5.30.0/unicore/lib/Age/V80.pl", "/usr/share/perl/5.30.0/unicore/lib/Age/V90.pl", "/usr/share/perl/5.30.0/unicore/lib/Alpha/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/Bc/AL.pl", "/usr/share/perl/5.30.0/unicore/lib/Bc/AN.pl", "/usr/share/perl/5.30.0/unicore/lib/Bc/B.pl", "/usr/share/perl/5.30.0/unicore/lib/Bc/BN.pl", "/usr/share/perl/5.30.0/unicore/lib/Bc/CS.pl", "/usr/share/perl/5.30.0/unicore/lib/Bc/EN.pl", "/usr/share/perl/5.30.0/unicore/lib/Bc/ES.pl", "/usr/share/perl/5.30.0/unicore/lib/Bc/ET.pl", "/usr/share/perl/5.30.0/unicore/lib/Bc/L.pl", "/usr/share/perl/5.30.0/unicore/lib/Bc/NSM.pl", "/usr/share/perl/5.30.0/unicore/lib/Bc/ON.pl", "/usr/share/perl/5.30.0/unicore/lib/Bc/R.pl", "/usr/share/perl/5.30.0/unicore/lib/Bc/WS.pl", "/usr/share/perl/5.30.0/unicore/lib/BidiC/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/BidiM/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/Blk/NB.pl", "/usr/share/perl/5.30.0/unicore/lib/Bpt/C.pl", "/usr/share/perl/5.30.0/unicore/lib/Bpt/N.pl", "/usr/share/perl/5.30.0/unicore/lib/Bpt/O.pl", "/usr/share/perl/5.30.0/unicore/lib/CE/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/CI/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/CWCF/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/CWCM/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/CWKCF/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/CWL/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/CWT/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/CWU/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/Cased/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/Ccc/A.pl", "/usr/share/perl/5.30.0/unicore/lib/Ccc/AL.pl", "/usr/share/perl/5.30.0/unicore/lib/Ccc/AR.pl", "/usr/share/perl/5.30.0/unicore/lib/Ccc/ATAR.pl", "/usr/share/perl/5.30.0/unicore/lib/Ccc/B.pl", "/usr/share/perl/5.30.0/unicore/lib/Ccc/BR.pl", "/usr/share/perl/5.30.0/unicore/lib/Ccc/DB.pl", "/usr/share/perl/5.30.0/unicore/lib/Ccc/NK.pl", "/usr/share/perl/5.30.0/unicore/lib/Ccc/NR.pl", "/usr/share/perl/5.30.0/unicore/lib/Ccc/OV.pl", "/usr/share/perl/5.30.0/unicore/lib/Ccc/VR.pl", "/usr/share/perl/5.30.0/unicore/lib/CompEx/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/DI/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/Dash/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/Dep/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/Dia/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/Dt/Com.pl", "/usr/share/perl/5.30.0/unicore/lib/Dt/Enc.pl", "/usr/share/perl/5.30.0/unicore/lib/Dt/Fin.pl", "/usr/share/perl/5.30.0/unicore/lib/Dt/Font.pl", "/usr/share/perl/5.30.0/unicore/lib/Dt/Init.pl", "/usr/share/perl/5.30.0/unicore/lib/Dt/Iso.pl", "/usr/share/perl/5.30.0/unicore/lib/Dt/Med.pl", "/usr/share/perl/5.30.0/unicore/lib/Dt/Nar.pl", "/usr/share/perl/5.30.0/unicore/lib/Dt/Nb.pl", "/usr/share/perl/5.30.0/unicore/lib/Dt/NonCanon.pl", "/usr/share/perl/5.30.0/unicore/lib/Dt/Sqr.pl", "/usr/share/perl/5.30.0/unicore/lib/Dt/Sub.pl", "/usr/share/perl/5.30.0/unicore/lib/Dt/Sup.pl", "/usr/share/perl/5.30.0/unicore/lib/Dt/Vert.pl", "/usr/share/perl/5.30.0/unicore/lib/Ea/A.pl", "/usr/share/perl/5.30.0/unicore/lib/Ea/H.pl", "/usr/share/perl/5.30.0/unicore/lib/Ea/N.pl", "/usr/share/perl/5.30.0/unicore/lib/Ea/Na.pl", "/usr/share/perl/5.30.0/unicore/lib/Ea/W.pl", "/usr/share/perl/5.30.0/unicore/lib/Ext/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/GCB/CN.pl", "/usr/share/perl/5.30.0/unicore/lib/GCB/EX.pl", "/usr/share/perl/5.30.0/unicore/lib/GCB/LV.pl", "/usr/share/perl/5.30.0/unicore/lib/GCB/LVT.pl", "/usr/share/perl/5.30.0/unicore/lib/GCB/PP.pl", "/usr/share/perl/5.30.0/unicore/lib/GCB/SM.pl", "/usr/share/perl/5.30.0/unicore/lib/GCB/XX.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/C.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/Cf.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/Cn.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/L.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/LC.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/Ll.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/Lm.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/Lo.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/Lu.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/M.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/Mc.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/Me.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/Mn.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/N.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/Nd.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/Nl.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/No.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/P.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/Pc.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/Pd.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/Pe.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/Pf.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/Pi.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/Po.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/Ps.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/S.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/Sc.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/Sk.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/Sm.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/So.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/Z.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/Zs.pl", "/usr/share/perl/5.30.0/unicore/lib/GrBase/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/GrExt/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/Hex/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/Hst/NA.pl", "/usr/share/perl/5.30.0/unicore/lib/Hyphen/T.pl", "/usr/share/perl/5.30.0/unicore/lib/IDC/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/IDS/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/Ideo/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/In/10_0.pl", "/usr/share/perl/5.30.0/unicore/lib/In/11_0.pl", "/usr/share/perl/5.30.0/unicore/lib/In/12_0.pl", "/usr/share/perl/5.30.0/unicore/lib/In/12_1.pl", "/usr/share/perl/5.30.0/unicore/lib/In/2_0.pl", "/usr/share/perl/5.30.0/unicore/lib/In/2_1.pl", "/usr/share/perl/5.30.0/unicore/lib/In/3_0.pl", "/usr/share/perl/5.30.0/unicore/lib/In/3_1.pl", "/usr/share/perl/5.30.0/unicore/lib/In/3_2.pl", "/usr/share/perl/5.30.0/unicore/lib/In/4_0.pl", "/usr/share/perl/5.30.0/unicore/lib/In/4_1.pl", "/usr/share/perl/5.30.0/unicore/lib/In/5_0.pl", "/usr/share/perl/5.30.0/unicore/lib/In/5_1.pl", "/usr/share/perl/5.30.0/unicore/lib/In/5_2.pl", "/usr/share/perl/5.30.0/unicore/lib/In/6_0.pl", "/usr/share/perl/5.30.0/unicore/lib/In/6_1.pl", "/usr/share/perl/5.30.0/unicore/lib/In/6_2.pl", "/usr/share/perl/5.30.0/unicore/lib/In/6_3.pl", "/usr/share/perl/5.30.0/unicore/lib/In/7_0.pl", "/usr/share/perl/5.30.0/unicore/lib/In/8_0.pl", "/usr/share/perl/5.30.0/unicore/lib/In/9_0.pl", "/usr/share/perl/5.30.0/unicore/lib/InPC/Bottom.pl", "/usr/share/perl/5.30.0/unicore/lib/InPC/Left.pl", "/usr/share/perl/5.30.0/unicore/lib/InPC/LeftAndR.pl", "/usr/share/perl/5.30.0/unicore/lib/InPC/NA.pl", "/usr/share/perl/5.30.0/unicore/lib/InPC/Overstru.pl", "/usr/share/perl/5.30.0/unicore/lib/InPC/Right.pl", "/usr/share/perl/5.30.0/unicore/lib/InPC/Top.pl", "/usr/share/perl/5.30.0/unicore/lib/InPC/TopAndBo.pl", "/usr/share/perl/5.30.0/unicore/lib/InPC/TopAndL2.pl", "/usr/share/perl/5.30.0/unicore/lib/InPC/TopAndLe.pl", "/usr/share/perl/5.30.0/unicore/lib/InPC/TopAndRi.pl", "/usr/share/perl/5.30.0/unicore/lib/InPC/VisualOr.pl", "/usr/share/perl/5.30.0/unicore/lib/InSC/Avagraha.pl", "/usr/share/perl/5.30.0/unicore/lib/InSC/Bindu.pl", "/usr/share/perl/5.30.0/unicore/lib/InSC/Cantilla.pl", "/usr/share/perl/5.30.0/unicore/lib/InSC/Consona2.pl", "/usr/share/perl/5.30.0/unicore/lib/InSC/Consona3.pl", "/usr/share/perl/5.30.0/unicore/lib/InSC/Consona4.pl", "/usr/share/perl/5.30.0/unicore/lib/InSC/Consona5.pl", "/usr/share/perl/5.30.0/unicore/lib/InSC/Consona6.pl", "/usr/share/perl/5.30.0/unicore/lib/InSC/Consona7.pl", "/usr/share/perl/5.30.0/unicore/lib/InSC/Consonan.pl", "/usr/share/perl/5.30.0/unicore/lib/InSC/Invisibl.pl", "/usr/share/perl/5.30.0/unicore/lib/InSC/Nukta.pl", "/usr/share/perl/5.30.0/unicore/lib/InSC/Number.pl", "/usr/share/perl/5.30.0/unicore/lib/InSC/Other.pl", "/usr/share/perl/5.30.0/unicore/lib/InSC/PureKill.pl", "/usr/share/perl/5.30.0/unicore/lib/InSC/Syllable.pl", "/usr/share/perl/5.30.0/unicore/lib/InSC/ToneMark.pl", "/usr/share/perl/5.30.0/unicore/lib/InSC/Virama.pl", "/usr/share/perl/5.30.0/unicore/lib/InSC/Visarga.pl", "/usr/share/perl/5.30.0/unicore/lib/InSC/Vowel.pl", "/usr/share/perl/5.30.0/unicore/lib/InSC/VowelDep.pl", "/usr/share/perl/5.30.0/unicore/lib/InSC/VowelInd.pl", "/usr/share/perl/5.30.0/unicore/lib/Jg/Ain.pl", "/usr/share/perl/5.30.0/unicore/lib/Jg/Alef.pl", "/usr/share/perl/5.30.0/unicore/lib/Jg/Beh.pl", "/usr/share/perl/5.30.0/unicore/lib/Jg/Dal.pl", "/usr/share/perl/5.30.0/unicore/lib/Jg/FarsiYeh.pl", "/usr/share/perl/5.30.0/unicore/lib/Jg/Feh.pl", "/usr/share/perl/5.30.0/unicore/lib/Jg/Gaf.pl", "/usr/share/perl/5.30.0/unicore/lib/Jg/Hah.pl", "/usr/share/perl/5.30.0/unicore/lib/Jg/HanifiRo.pl", "/usr/share/perl/5.30.0/unicore/lib/Jg/Kaf.pl", "/usr/share/perl/5.30.0/unicore/lib/Jg/Lam.pl", "/usr/share/perl/5.30.0/unicore/lib/Jg/NoJoinin.pl", "/usr/share/perl/5.30.0/unicore/lib/Jg/Qaf.pl", "/usr/share/perl/5.30.0/unicore/lib/Jg/Reh.pl", "/usr/share/perl/5.30.0/unicore/lib/Jg/Sad.pl", "/usr/share/perl/5.30.0/unicore/lib/Jg/Seen.pl", "/usr/share/perl/5.30.0/unicore/lib/Jg/Waw.pl", "/usr/share/perl/5.30.0/unicore/lib/Jg/Yeh.pl", "/usr/share/perl/5.30.0/unicore/lib/Jt/C.pl", "/usr/share/perl/5.30.0/unicore/lib/Jt/D.pl", "/usr/share/perl/5.30.0/unicore/lib/Jt/L.pl", "/usr/share/perl/5.30.0/unicore/lib/Jt/R.pl", "/usr/share/perl/5.30.0/unicore/lib/Jt/T.pl", "/usr/share/perl/5.30.0/unicore/lib/Jt/U.pl", "/usr/share/perl/5.30.0/unicore/lib/Lb/AI.pl", "/usr/share/perl/5.30.0/unicore/lib/Lb/AL.pl", "/usr/share/perl/5.30.0/unicore/lib/Lb/BA.pl", "/usr/share/perl/5.30.0/unicore/lib/Lb/BB.pl", "/usr/share/perl/5.30.0/unicore/lib/Lb/CJ.pl", "/usr/share/perl/5.30.0/unicore/lib/Lb/CL.pl", "/usr/share/perl/5.30.0/unicore/lib/Lb/CM.pl", "/usr/share/perl/5.30.0/unicore/lib/Lb/EB.pl", "/usr/share/perl/5.30.0/unicore/lib/Lb/EX.pl", "/usr/share/perl/5.30.0/unicore/lib/Lb/GL.pl", "/usr/share/perl/5.30.0/unicore/lib/Lb/ID.pl", "/usr/share/perl/5.30.0/unicore/lib/Lb/IN.pl", "/usr/share/perl/5.30.0/unicore/lib/Lb/IS.pl", "/usr/share/perl/5.30.0/unicore/lib/Lb/NS.pl", "/usr/share/perl/5.30.0/unicore/lib/Lb/NU.pl", "/usr/share/perl/5.30.0/unicore/lib/Lb/OP.pl", "/usr/share/perl/5.30.0/unicore/lib/Lb/PO.pl", "/usr/share/perl/5.30.0/unicore/lib/Lb/PR.pl", "/usr/share/perl/5.30.0/unicore/lib/Lb/QU.pl", "/usr/share/perl/5.30.0/unicore/lib/Lb/SA.pl", "/usr/share/perl/5.30.0/unicore/lib/Lb/XX.pl", "/usr/share/perl/5.30.0/unicore/lib/Lower/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/Math/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/NFCQC/M.pl", "/usr/share/perl/5.30.0/unicore/lib/NFCQC/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/NFDQC/N.pl", "/usr/share/perl/5.30.0/unicore/lib/NFDQC/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/NFKCQC/N.pl", "/usr/share/perl/5.30.0/unicore/lib/NFKCQC/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/NFKDQC/N.pl", "/usr/share/perl/5.30.0/unicore/lib/NFKDQC/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/Nt/Di.pl", "/usr/share/perl/5.30.0/unicore/lib/Nt/None.pl", "/usr/share/perl/5.30.0/unicore/lib/Nt/Nu.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/0.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/1.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/10.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/100.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/1000.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/10000.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/100000.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/11.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/12.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/13.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/14.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/15.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/16.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/17.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/18.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/19.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/1_16.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/1_2.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/1_3.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/1_4.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/1_6.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/1_8.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/2.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/20.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/200.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/2000.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/20000.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/2_3.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/3.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/30.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/300.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/3000.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/30000.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/3_16.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/3_4.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/4.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/40.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/400.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/4000.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/40000.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/5.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/50.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/500.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/5000.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/50000.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/6.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/60.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/600.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/6000.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/60000.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/7.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/70.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/700.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/7000.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/70000.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/8.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/80.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/800.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/8000.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/80000.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/9.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/90.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/900.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/9000.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/90000.pl", "/usr/share/perl/5.30.0/unicore/lib/PCM/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/PatSyn/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/Perl/Alnum.pl", "/usr/share/perl/5.30.0/unicore/lib/Perl/Assigned.pl", "/usr/share/perl/5.30.0/unicore/lib/Perl/Blank.pl", "/usr/share/perl/5.30.0/unicore/lib/Perl/Graph.pl", "/usr/share/perl/5.30.0/unicore/lib/Perl/PerlWord.pl", "/usr/share/perl/5.30.0/unicore/lib/Perl/PosixPun.pl", "/usr/share/perl/5.30.0/unicore/lib/Perl/Print.pl", "/usr/share/perl/5.30.0/unicore/lib/Perl/SpacePer.pl", "/usr/share/perl/5.30.0/unicore/lib/Perl/Title.pl", "/usr/share/perl/5.30.0/unicore/lib/Perl/Word.pl", "/usr/share/perl/5.30.0/unicore/lib/Perl/XPosixPu.pl", "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlAny.pl", "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlCh2.pl", "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlCha.pl", "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlFol.pl", "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlIDC.pl", "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlIDS.pl", "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlIsI.pl", "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlNch.pl", "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlNon.pl", "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlPat.pl", "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlPr2.pl", "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlPro.pl", "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlQuo.pl", "/usr/share/perl/5.30.0/unicore/lib/QMark/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/SB/AT.pl", "/usr/share/perl/5.30.0/unicore/lib/SB/CL.pl", "/usr/share/perl/5.30.0/unicore/lib/SB/EX.pl", "/usr/share/perl/5.30.0/unicore/lib/SB/FO.pl", "/usr/share/perl/5.30.0/unicore/lib/SB/LE.pl", "/usr/share/perl/5.30.0/unicore/lib/SB/LO.pl", "/usr/share/perl/5.30.0/unicore/lib/SB/NU.pl", "/usr/share/perl/5.30.0/unicore/lib/SB/SC.pl", "/usr/share/perl/5.30.0/unicore/lib/SB/ST.pl", "/usr/share/perl/5.30.0/unicore/lib/SB/Sp.pl", "/usr/share/perl/5.30.0/unicore/lib/SB/UP.pl", "/usr/share/perl/5.30.0/unicore/lib/SB/XX.pl", "/usr/share/perl/5.30.0/unicore/lib/SD/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/STerm/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Arab.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Armn.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Beng.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Cprt.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Cyrl.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Deva.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Dupl.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Geor.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Glag.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Gong.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Gonm.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Gran.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Grek.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Gujr.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Guru.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Han.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Hang.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Hira.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Kana.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Knda.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Latn.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Limb.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Linb.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Mlym.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Mong.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Mult.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Orya.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Sinh.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Syrc.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Taml.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Telu.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Zinh.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Zyyy.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Adlm.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Arab.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Armn.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Beng.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Bhks.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Bopo.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Cakm.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Cham.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Copt.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Cprt.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Cyrl.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Deva.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Dupl.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Ethi.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Geor.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Glag.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Gong.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Gonm.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Gran.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Grek.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Gujr.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Guru.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Han.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Hang.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Hebr.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Hira.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Hmng.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Hmnp.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Kana.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Khar.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Khmr.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Khoj.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Knda.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Kthi.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Lana.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Lao.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Latn.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Limb.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Lina.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Linb.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Mlym.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Mong.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Mult.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Mymr.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Nand.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Orya.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Phlp.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Rohg.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Shrd.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Sind.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Sinh.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Syrc.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Tagb.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Takr.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Talu.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Taml.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Telu.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Thaa.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Tibt.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Tirh.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Xsux.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Yi.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Zinh.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Zyyy.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Zzzz.pl", "/usr/share/perl/5.30.0/unicore/lib/Term/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/UIdeo/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/Upper/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/Vo/R.pl", "/usr/share/perl/5.30.0/unicore/lib/Vo/Tr.pl", "/usr/share/perl/5.30.0/unicore/lib/Vo/Tu.pl", "/usr/share/perl/5.30.0/unicore/lib/Vo/U.pl", "/usr/share/perl/5.30.0/unicore/lib/WB/EX.pl", "/usr/share/perl/5.30.0/unicore/lib/WB/Extend.pl", "/usr/share/perl/5.30.0/unicore/lib/WB/FO.pl", "/usr/share/perl/5.30.0/unicore/lib/WB/HL.pl", "/usr/share/perl/5.30.0/unicore/lib/WB/KA.pl", "/usr/share/perl/5.30.0/unicore/lib/WB/LE.pl", "/usr/share/perl/5.30.0/unicore/lib/WB/MB.pl", "/usr/share/perl/5.30.0/unicore/lib/WB/ML.pl", "/usr/share/perl/5.30.0/unicore/lib/WB/MN.pl", "/usr/share/perl/5.30.0/unicore/lib/WB/NU.pl", "/usr/share/perl/5.30.0/unicore/lib/WB/WSegSpac.pl", "/usr/share/perl/5.30.0/unicore/lib/WB/XX.pl", "/usr/share/perl/5.30.0/unicore/lib/XIDC/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/XIDS/Y.pl", "/usr/share/perl/5.30.0/unicore/uni_keywords.pl", "/usr/share/perl/5.30.0/unicore/version", "/usr/share/perl/5.30.0/utf8.pm", "/usr/share/perl/5.30.0/utf8_heavy.pl", "/usr/share/perl/5.30.0/vars.pm", "/usr/share/perl/5.30.0/version.pm", "/usr/share/perl/5.30.0/version.pod", "/usr/share/perl/5.30.0/version/Internals.pod", "/usr/share/perl/5.30.0/version/regex.pm", "/usr/share/perl/5.30.0/vmsish.pm", "/usr/share/perl/5.30.0/warnings.pm", "/usr/share/perl/5.30.0/warnings/register.pm" ], "AnalyzedBy": "dpkg" }, { "ID": "procps@2:3.3.16-1ubuntu2.3", "Name": "procps", "Identifier": { "PURL": "pkg:deb/ubuntu/procps@3.3.16-1ubuntu2.3?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=2", "UID": "2e438941f5c4c412" }, "Version": "3.3.16", "Release": "1ubuntu2.3", "Epoch": 2, "Arch": "amd64", "SrcName": "procps", "SrcVersion": "3.3.16", "SrcRelease": "1ubuntu2.3", "SrcEpoch": 2, "Licenses": [ "LGPL-2.1-or-later", "LGPL-2.0-or-later", "GPL-2.0-or-later", "GPL-2.0-only", "LGPL-2.0-only", "LGPL-2.1-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "init-system-helpers@1.57", "libc6@2.31-0ubuntu9.9", "libncurses6@6.2-0ubuntu2", "libncursesw6@6.2-0ubuntu2", "libprocps8@2:3.3.16-1ubuntu2.3", "libtinfo6@6.2-0ubuntu2", "lsb-base@11.1.0ubuntu2" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/bin/kill", "/bin/ps", "/sbin/sysctl", "/usr/bin/free", "/usr/bin/pgrep", "/usr/bin/pmap", "/usr/bin/pwdx", "/usr/bin/skill", "/usr/bin/slabtop", "/usr/bin/tload", "/usr/bin/top", "/usr/bin/uptime", "/usr/bin/vmstat", "/usr/bin/w.procps", "/usr/bin/watch", "/usr/lib/sysctl.d/protect-links.conf", "/usr/share/bug/procps/presubj", "/usr/share/doc/procps/FAQ.gz", "/usr/share/doc/procps/README.Debian", "/usr/share/doc/procps/TODO.gz", "/usr/share/doc/procps/bugs.md", "/usr/share/doc/procps/copyright", "/usr/share/doc/procps/examples/sysctl.conf", "/usr/share/lintian/overrides/procps", "/usr/share/man/de/man1/w.1.gz", "/usr/share/man/man1/free.1.gz", "/usr/share/man/man1/kill.1.gz", "/usr/share/man/man1/pgrep.1.gz", "/usr/share/man/man1/pmap.1.gz", "/usr/share/man/man1/procps.1.gz", "/usr/share/man/man1/ps.1.gz", "/usr/share/man/man1/pwdx.1.gz", "/usr/share/man/man1/skill.1.gz", "/usr/share/man/man1/slabtop.1.gz", "/usr/share/man/man1/tload.1.gz", "/usr/share/man/man1/top.1.gz", "/usr/share/man/man1/uptime.1.gz", "/usr/share/man/man1/w.procps.1.gz", "/usr/share/man/man1/watch.1.gz", "/usr/share/man/man3/openproc.3.gz", "/usr/share/man/man3/readproc.3.gz", "/usr/share/man/man3/readproctab.3.gz", "/usr/share/man/man5/sysctl.conf.5.gz", "/usr/share/man/man8/sysctl.8.gz", "/usr/share/man/man8/vmstat.8.gz", "/usr/share/menu/procps" ], "AnalyzedBy": "dpkg" }, { "ID": "psmisc@23.3-1", "Name": "psmisc", "Identifier": { "PURL": "pkg:deb/ubuntu/psmisc@23.3-1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "d4b50a8f897d1f4" }, "Version": "23.3", "Release": "1", "Arch": "amd64", "SrcName": "psmisc", "SrcVersion": "23.3", "SrcRelease": "1", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libselinux1@3.0-1build2", "libtinfo6@6.2-0ubuntu2" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/bin/fuser", "/usr/bin/killall", "/usr/bin/peekfd", "/usr/bin/prtstat", "/usr/bin/pslog", "/usr/bin/pstree", "/usr/share/doc/psmisc/README.Debian", "/usr/share/doc/psmisc/README.md", "/usr/share/doc/psmisc/changelog.Debian.gz", "/usr/share/doc/psmisc/copyright", "/usr/share/man/man1/fuser.1.gz", "/usr/share/man/man1/killall.1.gz", "/usr/share/man/man1/peekfd.1.gz", "/usr/share/man/man1/prtstat.1.gz", "/usr/share/man/man1/pslog.1.gz", "/usr/share/man/man1/pstree.1.gz", "/usr/share/menu/psmisc", "/usr/share/pixmaps/pstree16.xpm", "/usr/share/pixmaps/pstree32.xpm" ], "AnalyzedBy": "dpkg" }, { "ID": "pwgen@2.08-2", "Name": "pwgen", "Identifier": { "PURL": "pkg:deb/ubuntu/pwgen@2.08-2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "4a7a5c2fdec829c3" }, "Version": "2.08", "Release": "2", "Arch": "amd64", "SrcName": "pwgen", "SrcVersion": "2.08", "SrcRelease": "2", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "InstalledFiles": [ "/usr/bin/pwgen", "/usr/share/doc/pwgen/changelog.Debian.gz", "/usr/share/doc/pwgen/copyright", "/usr/share/man/man1/pwgen.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "readline-common@8.0-4", "Name": "readline-common", "Identifier": { "PURL": "pkg:deb/ubuntu/readline-common@8.0-4?arch=all\u0026distro=ubuntu-20.04", "UID": "f219905ad569d7cb" }, "Version": "8.0", "Release": "4", "Arch": "all", "SrcName": "readline", "SrcVersion": "8.0", "SrcRelease": "4", "Licenses": [ "GPL-3.0-only", "GFDL-1.3-or-later" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "dpkg@1.19.7ubuntu3.2" ], "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "InstalledFiles": [ "/usr/share/doc/readline-common/changelog.Debian.gz", "/usr/share/doc/readline-common/copyright", "/usr/share/doc/readline-common/inputrc.arrows", "/usr/share/info/rluserman.info.gz", "/usr/share/lintian/overrides/readline-common", "/usr/share/man/man3/history.3readline.gz", "/usr/share/man/man3/readline.3readline.gz", "/usr/share/readline/inputrc" ], "AnalyzedBy": "dpkg" }, { "ID": "rsync@3.1.3-8ubuntu0.5", "Name": "rsync", "Identifier": { "PURL": "pkg:deb/ubuntu/rsync@3.1.3-8ubuntu0.5?arch=amd64\u0026distro=ubuntu-20.04", "UID": "9f4dd363bd033b68" }, "Version": "3.1.3", "Release": "8ubuntu0.5", "Arch": "amd64", "SrcName": "rsync", "SrcVersion": "3.1.3", "SrcRelease": "8ubuntu0.5", "Licenses": [ "GPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libacl1@2.2.53-6", "libc6@2.31-0ubuntu9.9", "libpopt0@1.16-14", "lsb-base@11.1.0ubuntu2" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/lib/systemd/system/rsync.service", "/usr/bin/rsync", "/usr/share/doc/rsync/NEWS.Debian.gz", "/usr/share/doc/rsync/README.Debian", "/usr/share/doc/rsync/changelog.Debian.gz", "/usr/share/doc/rsync/copyright", "/usr/share/doc/rsync/examples/logrotate.conf.rsync", "/usr/share/doc/rsync/examples/rsyncd.conf", "/usr/share/lintian/overrides/rsync", "/usr/share/man/man1/rsync.1.gz", "/usr/share/man/man5/rsyncd.conf.5.gz", "/usr/share/rsync/scripts/atomic-rsync", "/usr/share/rsync/scripts/cull_options", "/usr/share/rsync/scripts/cvs2includes", "/usr/share/rsync/scripts/file-attr-restore", "/usr/share/rsync/scripts/files-to-excludes", "/usr/share/rsync/scripts/git-set-file-times", "/usr/share/rsync/scripts/logfilter", "/usr/share/rsync/scripts/lsh", "/usr/share/rsync/scripts/mnt-excl", "/usr/share/rsync/scripts/munge-symlinks", "/usr/share/rsync/scripts/rrsync", "/usr/share/rsync/scripts/rsyncstats" ], "AnalyzedBy": "dpkg" }, { "ID": "sed@4.7-1", "Name": "sed", "Identifier": { "PURL": "pkg:deb/ubuntu/sed@4.7-1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "7b2d46e37a3b9f9f" }, "Version": "4.7", "Release": "1", "Arch": "amd64", "SrcName": "sed", "SrcVersion": "4.7", "SrcRelease": "1", "Licenses": [ "GPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/bin/sed", "/usr/share/doc/sed/AUTHORS", "/usr/share/doc/sed/BUGS.gz", "/usr/share/doc/sed/NEWS.gz", "/usr/share/doc/sed/README", "/usr/share/doc/sed/THANKS.gz", "/usr/share/doc/sed/changelog.Debian.gz", "/usr/share/doc/sed/copyright", "/usr/share/doc/sed/examples/dc.sed.gz", "/usr/share/doc/sed/sedfaq.txt.gz", "/usr/share/info/sed.info.gz", "/usr/share/man/man1/sed.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "sensible-utils@0.0.12+nmu1", "Name": "sensible-utils", "Identifier": { "PURL": "pkg:deb/ubuntu/sensible-utils@0.0.12%2Bnmu1?arch=all\u0026distro=ubuntu-20.04", "UID": "ead6f16917c55499" }, "Version": "0.0.12+nmu1", "Arch": "all", "SrcName": "sensible-utils", "SrcVersion": "0.0.12+nmu1", "Licenses": [ "GPL-2.0-or-later", "All-permissive", "configure", "installsh", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/bin/select-editor", "/usr/bin/sensible-browser", "/usr/bin/sensible-editor", "/usr/bin/sensible-pager", "/usr/lib/mime/packages/sensible-utils", "/usr/share/doc/sensible-utils/changelog.gz", "/usr/share/doc/sensible-utils/copyright", "/usr/share/man/cs/man1/sensible-editor.1.gz", "/usr/share/man/de/man1/sensible-editor.1.gz", "/usr/share/man/es/man1/sensible-editor.1.gz", "/usr/share/man/fr/man1/sensible-editor.1.gz", "/usr/share/man/it/man1/sensible-editor.1.gz", "/usr/share/man/ja/man1/sensible-editor.1.gz", "/usr/share/man/man1/select-editor.1.gz", "/usr/share/man/man1/sensible-browser.1.gz", "/usr/share/man/man1/sensible-editor.1.gz", "/usr/share/man/man1/sensible-pager.1.gz", "/usr/share/man/pl/man1/sensible-editor.1.gz", "/usr/share/man/pt/man1/sensible-editor.1.gz", "/usr/share/sensible-utils/bin/gettext" ], "AnalyzedBy": "dpkg" }, { "ID": "socat@1.7.3.3-2", "Name": "socat", "Identifier": { "PURL": "pkg:deb/ubuntu/socat@1.7.3.3-2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "5a107641e68652a2" }, "Version": "1.7.3.3", "Release": "2", "Arch": "amd64", "SrcName": "socat", "SrcVersion": "1.7.3.3", "SrcRelease": "2", "Licenses": [ "GPL-2.0-only", "GPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libssl1.1@1.1.1f-1ubuntu2.17", "libwrap0@7.6.q-30" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/bin/filan", "/usr/bin/procan", "/usr/bin/socat", "/usr/share/doc-base/socat", "/usr/share/doc/socat/BUGREPORTS", "/usr/share/doc/socat/DEVELOPMENT.gz", "/usr/share/doc/socat/EXAMPLES.gz", "/usr/share/doc/socat/FAQ", "/usr/share/doc/socat/NEWS.Debian.gz", "/usr/share/doc/socat/PORTING", "/usr/share/doc/socat/README.Debian", "/usr/share/doc/socat/README.FIPS", "/usr/share/doc/socat/README.gz", "/usr/share/doc/socat/SECURITY", "/usr/share/doc/socat/changelog.Debian.gz", "/usr/share/doc/socat/copyright", "/usr/share/doc/socat/dest-unreach.css", "/usr/share/doc/socat/examples/daemon.sh", "/usr/share/doc/socat/examples/ftp.sh", "/usr/share/doc/socat/examples/mail.sh", "/usr/share/doc/socat/examples/proxy.sh", "/usr/share/doc/socat/examples/proxyecho.sh", "/usr/share/doc/socat/examples/readline-test.sh", "/usr/share/doc/socat/examples/readline.sh", "/usr/share/doc/socat/examples/socks4a-echo.sh", "/usr/share/doc/socat/examples/socks4echo.sh", "/usr/share/doc/socat/examples/test.sh", "/usr/share/doc/socat/index.html", "/usr/share/doc/socat/socat-genericsocket.html", "/usr/share/doc/socat/socat-multicast.html", "/usr/share/doc/socat/socat-openssltunnel.html", "/usr/share/doc/socat/socat-tun.html", "/usr/share/doc/socat/socat.html", "/usr/share/doc/socat/xio.help.gz", "/usr/share/lintian/overrides/socat", "/usr/share/man/man1/socat.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "sysvinit-utils@2.96-2.1ubuntu1", "Name": "sysvinit-utils", "Identifier": { "PURL": "pkg:deb/ubuntu/sysvinit-utils@2.96-2.1ubuntu1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "4abc2fedcb9de463" }, "Version": "2.96", "Release": "2.1ubuntu1", "Arch": "amd64", "SrcName": "sysvinit", "SrcVersion": "2.96", "SrcRelease": "2.1ubuntu1", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "init-system-helpers@1.57", "libc6@2.31-0ubuntu9.9", "lsb-base@11.1.0ubuntu2", "util-linux@2.34-0.1ubuntu9.3" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/init/init-d-script", "/lib/init/vars.sh", "/sbin/fstab-decode", "/sbin/killall5", "/usr/share/doc/sysvinit-utils/copyright", "/usr/share/man/man5/init-d-script.5.gz", "/usr/share/man/man8/fstab-decode.8.gz", "/usr/share/man/man8/killall5.8.gz", "/usr/share/man/man8/pidof.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "tar@1.30+dfsg-7ubuntu0.20.04.3", "Name": "tar", "Identifier": { "PURL": "pkg:deb/ubuntu/tar@1.30%2Bdfsg-7ubuntu0.20.04.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "9e3a2b3027b922ad" }, "Version": "1.30+dfsg", "Release": "7ubuntu0.20.04.3", "Arch": "amd64", "SrcName": "tar", "SrcVersion": "1.30+dfsg", "SrcRelease": "7ubuntu0.20.04.3", "Licenses": [ "GPL-3.0-only", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/bin/tar", "/usr/lib/mime/packages/tar", "/usr/sbin/rmt-tar", "/usr/sbin/tarcat", "/usr/share/doc/tar/AUTHORS", "/usr/share/doc/tar/NEWS.gz", "/usr/share/doc/tar/README.Debian", "/usr/share/doc/tar/THANKS.gz", "/usr/share/doc/tar/changelog.Debian.gz", "/usr/share/doc/tar/copyright", "/usr/share/man/man1/tar.1.gz", "/usr/share/man/man1/tarcat.1.gz", "/usr/share/man/man8/rmt-tar.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "tzdata@2023c-0ubuntu0.20.04.0", "Name": "tzdata", "Identifier": { "PURL": "pkg:deb/ubuntu/tzdata@2023c-0ubuntu0.20.04.0?arch=all\u0026distro=ubuntu-20.04", "UID": "89e162f2934a9272" }, "Version": "2023c", "Release": "0ubuntu0.20.04.0", "Arch": "all", "SrcName": "tzdata", "SrcVersion": "2023c", "SrcRelease": "0ubuntu0.20.04.0", "Licenses": [ "ICU" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debconf@1.5.73" ], "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "InstalledFiles": [ "/usr/sbin/tzconfig", "/usr/share/doc/tzdata/README.Debian", "/usr/share/doc/tzdata/changelog.Debian.gz", "/usr/share/doc/tzdata/copyright", "/usr/share/zoneinfo-icu/44/be/metaZones.res", "/usr/share/zoneinfo-icu/44/be/timezoneTypes.res", "/usr/share/zoneinfo-icu/44/be/windowsZones.res", "/usr/share/zoneinfo-icu/44/be/zoneinfo64.res", "/usr/share/zoneinfo-icu/44/le/metaZones.res", "/usr/share/zoneinfo-icu/44/le/timezoneTypes.res", "/usr/share/zoneinfo-icu/44/le/windowsZones.res", "/usr/share/zoneinfo-icu/44/le/zoneinfo64.res", "/usr/share/zoneinfo/Africa/Abidjan", "/usr/share/zoneinfo/Africa/Algiers", "/usr/share/zoneinfo/Africa/Bissau", "/usr/share/zoneinfo/Africa/Cairo", "/usr/share/zoneinfo/Africa/Casablanca", "/usr/share/zoneinfo/Africa/Ceuta", "/usr/share/zoneinfo/Africa/El_Aaiun", "/usr/share/zoneinfo/Africa/Johannesburg", "/usr/share/zoneinfo/Africa/Juba", "/usr/share/zoneinfo/Africa/Khartoum", "/usr/share/zoneinfo/Africa/Lagos", "/usr/share/zoneinfo/Africa/Maputo", "/usr/share/zoneinfo/Africa/Monrovia", "/usr/share/zoneinfo/Africa/Nairobi", "/usr/share/zoneinfo/Africa/Ndjamena", "/usr/share/zoneinfo/Africa/Sao_Tome", "/usr/share/zoneinfo/Africa/Tripoli", "/usr/share/zoneinfo/Africa/Tunis", "/usr/share/zoneinfo/Africa/Windhoek", "/usr/share/zoneinfo/America/Adak", "/usr/share/zoneinfo/America/Anchorage", "/usr/share/zoneinfo/America/Araguaina", "/usr/share/zoneinfo/America/Argentina/Buenos_Aires", "/usr/share/zoneinfo/America/Argentina/Catamarca", "/usr/share/zoneinfo/America/Argentina/Cordoba", "/usr/share/zoneinfo/America/Argentina/Jujuy", "/usr/share/zoneinfo/America/Argentina/La_Rioja", "/usr/share/zoneinfo/America/Argentina/Mendoza", "/usr/share/zoneinfo/America/Argentina/Rio_Gallegos", "/usr/share/zoneinfo/America/Argentina/Salta", "/usr/share/zoneinfo/America/Argentina/San_Juan", "/usr/share/zoneinfo/America/Argentina/San_Luis", "/usr/share/zoneinfo/America/Argentina/Tucuman", "/usr/share/zoneinfo/America/Argentina/Ushuaia", "/usr/share/zoneinfo/America/Asuncion", "/usr/share/zoneinfo/America/Bahia", "/usr/share/zoneinfo/America/Bahia_Banderas", "/usr/share/zoneinfo/America/Barbados", "/usr/share/zoneinfo/America/Belem", "/usr/share/zoneinfo/America/Belize", "/usr/share/zoneinfo/America/Boa_Vista", "/usr/share/zoneinfo/America/Bogota", "/usr/share/zoneinfo/America/Boise", "/usr/share/zoneinfo/America/Cambridge_Bay", "/usr/share/zoneinfo/America/Campo_Grande", "/usr/share/zoneinfo/America/Cancun", "/usr/share/zoneinfo/America/Caracas", "/usr/share/zoneinfo/America/Cayenne", "/usr/share/zoneinfo/America/Chicago", "/usr/share/zoneinfo/America/Chihuahua", "/usr/share/zoneinfo/America/Ciudad_Juarez", "/usr/share/zoneinfo/America/Costa_Rica", "/usr/share/zoneinfo/America/Cuiaba", "/usr/share/zoneinfo/America/Danmarkshavn", "/usr/share/zoneinfo/America/Dawson", "/usr/share/zoneinfo/America/Dawson_Creek", "/usr/share/zoneinfo/America/Denver", "/usr/share/zoneinfo/America/Detroit", "/usr/share/zoneinfo/America/Edmonton", "/usr/share/zoneinfo/America/Eirunepe", "/usr/share/zoneinfo/America/El_Salvador", "/usr/share/zoneinfo/America/Fort_Nelson", "/usr/share/zoneinfo/America/Fortaleza", "/usr/share/zoneinfo/America/Glace_Bay", "/usr/share/zoneinfo/America/Goose_Bay", "/usr/share/zoneinfo/America/Grand_Turk", "/usr/share/zoneinfo/America/Guatemala", "/usr/share/zoneinfo/America/Guayaquil", "/usr/share/zoneinfo/America/Guyana", "/usr/share/zoneinfo/America/Halifax", "/usr/share/zoneinfo/America/Havana", "/usr/share/zoneinfo/America/Hermosillo", "/usr/share/zoneinfo/America/Indiana/Indianapolis", "/usr/share/zoneinfo/America/Indiana/Knox", "/usr/share/zoneinfo/America/Indiana/Marengo", "/usr/share/zoneinfo/America/Indiana/Petersburg", "/usr/share/zoneinfo/America/Indiana/Tell_City", "/usr/share/zoneinfo/America/Indiana/Vevay", "/usr/share/zoneinfo/America/Indiana/Vincennes", "/usr/share/zoneinfo/America/Indiana/Winamac", "/usr/share/zoneinfo/America/Inuvik", "/usr/share/zoneinfo/America/Iqaluit", "/usr/share/zoneinfo/America/Jamaica", "/usr/share/zoneinfo/America/Juneau", "/usr/share/zoneinfo/America/Kentucky/Louisville", "/usr/share/zoneinfo/America/Kentucky/Monticello", "/usr/share/zoneinfo/America/La_Paz", "/usr/share/zoneinfo/America/Lima", "/usr/share/zoneinfo/America/Los_Angeles", "/usr/share/zoneinfo/America/Maceio", "/usr/share/zoneinfo/America/Managua", "/usr/share/zoneinfo/America/Manaus", "/usr/share/zoneinfo/America/Martinique", "/usr/share/zoneinfo/America/Matamoros", "/usr/share/zoneinfo/America/Mazatlan", "/usr/share/zoneinfo/America/Menominee", "/usr/share/zoneinfo/America/Merida", "/usr/share/zoneinfo/America/Metlakatla", "/usr/share/zoneinfo/America/Mexico_City", "/usr/share/zoneinfo/America/Miquelon", "/usr/share/zoneinfo/America/Moncton", "/usr/share/zoneinfo/America/Monterrey", "/usr/share/zoneinfo/America/Montevideo", "/usr/share/zoneinfo/America/New_York", "/usr/share/zoneinfo/America/Nome", "/usr/share/zoneinfo/America/Noronha", "/usr/share/zoneinfo/America/North_Dakota/Beulah", "/usr/share/zoneinfo/America/North_Dakota/Center", "/usr/share/zoneinfo/America/North_Dakota/New_Salem", "/usr/share/zoneinfo/America/Nuuk", "/usr/share/zoneinfo/America/Ojinaga", "/usr/share/zoneinfo/America/Panama", "/usr/share/zoneinfo/America/Paramaribo", "/usr/share/zoneinfo/America/Phoenix", "/usr/share/zoneinfo/America/Port-au-Prince", "/usr/share/zoneinfo/America/Porto_Velho", "/usr/share/zoneinfo/America/Puerto_Rico", "/usr/share/zoneinfo/America/Punta_Arenas", "/usr/share/zoneinfo/America/Rankin_Inlet", "/usr/share/zoneinfo/America/Recife", "/usr/share/zoneinfo/America/Regina", "/usr/share/zoneinfo/America/Resolute", "/usr/share/zoneinfo/America/Rio_Branco", "/usr/share/zoneinfo/America/Santarem", "/usr/share/zoneinfo/America/Santiago", "/usr/share/zoneinfo/America/Santo_Domingo", "/usr/share/zoneinfo/America/Sao_Paulo", "/usr/share/zoneinfo/America/Scoresbysund", "/usr/share/zoneinfo/America/Sitka", "/usr/share/zoneinfo/America/St_Johns", "/usr/share/zoneinfo/America/Swift_Current", "/usr/share/zoneinfo/America/Tegucigalpa", "/usr/share/zoneinfo/America/Thule", "/usr/share/zoneinfo/America/Tijuana", "/usr/share/zoneinfo/America/Toronto", "/usr/share/zoneinfo/America/Vancouver", "/usr/share/zoneinfo/America/Whitehorse", "/usr/share/zoneinfo/America/Winnipeg", "/usr/share/zoneinfo/America/Yakutat", "/usr/share/zoneinfo/Antarctica/Casey", "/usr/share/zoneinfo/Antarctica/Davis", "/usr/share/zoneinfo/Antarctica/Macquarie", "/usr/share/zoneinfo/Antarctica/Mawson", "/usr/share/zoneinfo/Antarctica/Palmer", "/usr/share/zoneinfo/Antarctica/Rothera", "/usr/share/zoneinfo/Antarctica/Troll", "/usr/share/zoneinfo/Asia/Almaty", "/usr/share/zoneinfo/Asia/Amman", "/usr/share/zoneinfo/Asia/Anadyr", "/usr/share/zoneinfo/Asia/Aqtau", "/usr/share/zoneinfo/Asia/Aqtobe", "/usr/share/zoneinfo/Asia/Ashgabat", "/usr/share/zoneinfo/Asia/Atyrau", "/usr/share/zoneinfo/Asia/Baghdad", "/usr/share/zoneinfo/Asia/Baku", "/usr/share/zoneinfo/Asia/Bangkok", "/usr/share/zoneinfo/Asia/Barnaul", "/usr/share/zoneinfo/Asia/Beirut", "/usr/share/zoneinfo/Asia/Bishkek", "/usr/share/zoneinfo/Asia/Chita", "/usr/share/zoneinfo/Asia/Choibalsan", "/usr/share/zoneinfo/Asia/Colombo", "/usr/share/zoneinfo/Asia/Damascus", "/usr/share/zoneinfo/Asia/Dhaka", "/usr/share/zoneinfo/Asia/Dili", "/usr/share/zoneinfo/Asia/Dubai", "/usr/share/zoneinfo/Asia/Dushanbe", "/usr/share/zoneinfo/Asia/Famagusta", "/usr/share/zoneinfo/Asia/Gaza", "/usr/share/zoneinfo/Asia/Hebron", "/usr/share/zoneinfo/Asia/Ho_Chi_Minh", "/usr/share/zoneinfo/Asia/Hong_Kong", "/usr/share/zoneinfo/Asia/Hovd", "/usr/share/zoneinfo/Asia/Irkutsk", "/usr/share/zoneinfo/Asia/Jakarta", "/usr/share/zoneinfo/Asia/Jayapura", "/usr/share/zoneinfo/Asia/Jerusalem", "/usr/share/zoneinfo/Asia/Kabul", "/usr/share/zoneinfo/Asia/Kamchatka", "/usr/share/zoneinfo/Asia/Karachi", "/usr/share/zoneinfo/Asia/Kathmandu", "/usr/share/zoneinfo/Asia/Khandyga", "/usr/share/zoneinfo/Asia/Kolkata", "/usr/share/zoneinfo/Asia/Krasnoyarsk", "/usr/share/zoneinfo/Asia/Kuching", "/usr/share/zoneinfo/Asia/Macau", "/usr/share/zoneinfo/Asia/Magadan", "/usr/share/zoneinfo/Asia/Makassar", "/usr/share/zoneinfo/Asia/Manila", "/usr/share/zoneinfo/Asia/Nicosia", "/usr/share/zoneinfo/Asia/Novokuznetsk", "/usr/share/zoneinfo/Asia/Novosibirsk", "/usr/share/zoneinfo/Asia/Omsk", "/usr/share/zoneinfo/Asia/Oral", "/usr/share/zoneinfo/Asia/Pontianak", "/usr/share/zoneinfo/Asia/Pyongyang", "/usr/share/zoneinfo/Asia/Qatar", "/usr/share/zoneinfo/Asia/Qostanay", "/usr/share/zoneinfo/Asia/Qyzylorda", "/usr/share/zoneinfo/Asia/Riyadh", "/usr/share/zoneinfo/Asia/Sakhalin", "/usr/share/zoneinfo/Asia/Samarkand", "/usr/share/zoneinfo/Asia/Seoul", "/usr/share/zoneinfo/Asia/Shanghai", "/usr/share/zoneinfo/Asia/Singapore", "/usr/share/zoneinfo/Asia/Srednekolymsk", "/usr/share/zoneinfo/Asia/Taipei", "/usr/share/zoneinfo/Asia/Tashkent", "/usr/share/zoneinfo/Asia/Tbilisi", "/usr/share/zoneinfo/Asia/Tehran", "/usr/share/zoneinfo/Asia/Thimphu", "/usr/share/zoneinfo/Asia/Tokyo", "/usr/share/zoneinfo/Asia/Tomsk", "/usr/share/zoneinfo/Asia/Ulaanbaatar", "/usr/share/zoneinfo/Asia/Urumqi", "/usr/share/zoneinfo/Asia/Ust-Nera", "/usr/share/zoneinfo/Asia/Vladivostok", "/usr/share/zoneinfo/Asia/Yakutsk", "/usr/share/zoneinfo/Asia/Yangon", "/usr/share/zoneinfo/Asia/Yekaterinburg", "/usr/share/zoneinfo/Asia/Yerevan", "/usr/share/zoneinfo/Atlantic/Azores", "/usr/share/zoneinfo/Atlantic/Bermuda", "/usr/share/zoneinfo/Atlantic/Canary", "/usr/share/zoneinfo/Atlantic/Cape_Verde", "/usr/share/zoneinfo/Atlantic/Faroe", "/usr/share/zoneinfo/Atlantic/Madeira", "/usr/share/zoneinfo/Atlantic/South_Georgia", "/usr/share/zoneinfo/Atlantic/Stanley", "/usr/share/zoneinfo/Australia/Adelaide", "/usr/share/zoneinfo/Australia/Brisbane", "/usr/share/zoneinfo/Australia/Broken_Hill", "/usr/share/zoneinfo/Australia/Darwin", "/usr/share/zoneinfo/Australia/Eucla", "/usr/share/zoneinfo/Australia/Hobart", "/usr/share/zoneinfo/Australia/Lindeman", "/usr/share/zoneinfo/Australia/Lord_Howe", "/usr/share/zoneinfo/Australia/Melbourne", "/usr/share/zoneinfo/Australia/Perth", "/usr/share/zoneinfo/Australia/Sydney", "/usr/share/zoneinfo/CET", "/usr/share/zoneinfo/CST6CDT", "/usr/share/zoneinfo/EET", "/usr/share/zoneinfo/EST", "/usr/share/zoneinfo/EST5EDT", "/usr/share/zoneinfo/Etc/GMT", "/usr/share/zoneinfo/Etc/GMT+1", "/usr/share/zoneinfo/Etc/GMT+10", "/usr/share/zoneinfo/Etc/GMT+11", "/usr/share/zoneinfo/Etc/GMT+12", "/usr/share/zoneinfo/Etc/GMT+2", "/usr/share/zoneinfo/Etc/GMT+3", "/usr/share/zoneinfo/Etc/GMT+4", "/usr/share/zoneinfo/Etc/GMT+5", "/usr/share/zoneinfo/Etc/GMT+6", "/usr/share/zoneinfo/Etc/GMT+7", "/usr/share/zoneinfo/Etc/GMT+8", "/usr/share/zoneinfo/Etc/GMT+9", "/usr/share/zoneinfo/Etc/GMT-1", "/usr/share/zoneinfo/Etc/GMT-10", "/usr/share/zoneinfo/Etc/GMT-11", "/usr/share/zoneinfo/Etc/GMT-12", "/usr/share/zoneinfo/Etc/GMT-13", "/usr/share/zoneinfo/Etc/GMT-14", "/usr/share/zoneinfo/Etc/GMT-2", "/usr/share/zoneinfo/Etc/GMT-3", "/usr/share/zoneinfo/Etc/GMT-4", "/usr/share/zoneinfo/Etc/GMT-5", "/usr/share/zoneinfo/Etc/GMT-6", "/usr/share/zoneinfo/Etc/GMT-7", "/usr/share/zoneinfo/Etc/GMT-8", "/usr/share/zoneinfo/Etc/GMT-9", "/usr/share/zoneinfo/Etc/UTC", "/usr/share/zoneinfo/Europe/Andorra", "/usr/share/zoneinfo/Europe/Astrakhan", "/usr/share/zoneinfo/Europe/Athens", "/usr/share/zoneinfo/Europe/Belgrade", "/usr/share/zoneinfo/Europe/Berlin", "/usr/share/zoneinfo/Europe/Brussels", "/usr/share/zoneinfo/Europe/Bucharest", "/usr/share/zoneinfo/Europe/Budapest", "/usr/share/zoneinfo/Europe/Chisinau", "/usr/share/zoneinfo/Europe/Dublin", "/usr/share/zoneinfo/Europe/Gibraltar", "/usr/share/zoneinfo/Europe/Helsinki", "/usr/share/zoneinfo/Europe/Istanbul", "/usr/share/zoneinfo/Europe/Kaliningrad", "/usr/share/zoneinfo/Europe/Kirov", "/usr/share/zoneinfo/Europe/Kyiv", "/usr/share/zoneinfo/Europe/Lisbon", "/usr/share/zoneinfo/Europe/London", "/usr/share/zoneinfo/Europe/Madrid", "/usr/share/zoneinfo/Europe/Malta", "/usr/share/zoneinfo/Europe/Minsk", "/usr/share/zoneinfo/Europe/Moscow", "/usr/share/zoneinfo/Europe/Paris", "/usr/share/zoneinfo/Europe/Prague", "/usr/share/zoneinfo/Europe/Riga", "/usr/share/zoneinfo/Europe/Rome", "/usr/share/zoneinfo/Europe/Samara", "/usr/share/zoneinfo/Europe/Saratov", "/usr/share/zoneinfo/Europe/Simferopol", "/usr/share/zoneinfo/Europe/Sofia", "/usr/share/zoneinfo/Europe/Tallinn", "/usr/share/zoneinfo/Europe/Tirane", "/usr/share/zoneinfo/Europe/Ulyanovsk", "/usr/share/zoneinfo/Europe/Vienna", "/usr/share/zoneinfo/Europe/Vilnius", "/usr/share/zoneinfo/Europe/Volgograd", "/usr/share/zoneinfo/Europe/Warsaw", "/usr/share/zoneinfo/Europe/Zurich", "/usr/share/zoneinfo/Factory", "/usr/share/zoneinfo/HST", "/usr/share/zoneinfo/Indian/Chagos", "/usr/share/zoneinfo/Indian/Maldives", "/usr/share/zoneinfo/Indian/Mauritius", "/usr/share/zoneinfo/MET", "/usr/share/zoneinfo/MST", "/usr/share/zoneinfo/MST7MDT", "/usr/share/zoneinfo/PST8PDT", "/usr/share/zoneinfo/Pacific/Apia", "/usr/share/zoneinfo/Pacific/Auckland", "/usr/share/zoneinfo/Pacific/Bougainville", "/usr/share/zoneinfo/Pacific/Chatham", "/usr/share/zoneinfo/Pacific/Easter", "/usr/share/zoneinfo/Pacific/Efate", "/usr/share/zoneinfo/Pacific/Fakaofo", "/usr/share/zoneinfo/Pacific/Fiji", "/usr/share/zoneinfo/Pacific/Galapagos", "/usr/share/zoneinfo/Pacific/Gambier", "/usr/share/zoneinfo/Pacific/Guadalcanal", "/usr/share/zoneinfo/Pacific/Guam", "/usr/share/zoneinfo/Pacific/Honolulu", "/usr/share/zoneinfo/Pacific/Kanton", "/usr/share/zoneinfo/Pacific/Kiritimati", "/usr/share/zoneinfo/Pacific/Kosrae", "/usr/share/zoneinfo/Pacific/Kwajalein", "/usr/share/zoneinfo/Pacific/Marquesas", "/usr/share/zoneinfo/Pacific/Nauru", "/usr/share/zoneinfo/Pacific/Niue", "/usr/share/zoneinfo/Pacific/Norfolk", "/usr/share/zoneinfo/Pacific/Noumea", "/usr/share/zoneinfo/Pacific/Pago_Pago", "/usr/share/zoneinfo/Pacific/Palau", "/usr/share/zoneinfo/Pacific/Pitcairn", "/usr/share/zoneinfo/Pacific/Port_Moresby", "/usr/share/zoneinfo/Pacific/Rarotonga", "/usr/share/zoneinfo/Pacific/Tahiti", "/usr/share/zoneinfo/Pacific/Tarawa", "/usr/share/zoneinfo/Pacific/Tongatapu", "/usr/share/zoneinfo/WET", "/usr/share/zoneinfo/iso3166.tab", "/usr/share/zoneinfo/leap-seconds.list", "/usr/share/zoneinfo/leapseconds", "/usr/share/zoneinfo/posix/Africa/Abidjan", "/usr/share/zoneinfo/posix/Africa/Algiers", "/usr/share/zoneinfo/posix/Africa/Bissau", "/usr/share/zoneinfo/posix/Africa/Cairo", "/usr/share/zoneinfo/posix/Africa/Casablanca", "/usr/share/zoneinfo/posix/Africa/Ceuta", "/usr/share/zoneinfo/posix/Africa/El_Aaiun", "/usr/share/zoneinfo/posix/Africa/Johannesburg", "/usr/share/zoneinfo/posix/Africa/Juba", "/usr/share/zoneinfo/posix/Africa/Khartoum", "/usr/share/zoneinfo/posix/Africa/Lagos", "/usr/share/zoneinfo/posix/Africa/Maputo", "/usr/share/zoneinfo/posix/Africa/Monrovia", "/usr/share/zoneinfo/posix/Africa/Nairobi", "/usr/share/zoneinfo/posix/Africa/Ndjamena", "/usr/share/zoneinfo/posix/Africa/Sao_Tome", "/usr/share/zoneinfo/posix/Africa/Tripoli", "/usr/share/zoneinfo/posix/Africa/Tunis", "/usr/share/zoneinfo/posix/Africa/Windhoek", "/usr/share/zoneinfo/posix/America/Adak", "/usr/share/zoneinfo/posix/America/Anchorage", "/usr/share/zoneinfo/posix/America/Araguaina", "/usr/share/zoneinfo/posix/America/Argentina/Buenos_Aires", "/usr/share/zoneinfo/posix/America/Argentina/Catamarca", "/usr/share/zoneinfo/posix/America/Argentina/Cordoba", "/usr/share/zoneinfo/posix/America/Argentina/Jujuy", "/usr/share/zoneinfo/posix/America/Argentina/La_Rioja", "/usr/share/zoneinfo/posix/America/Argentina/Mendoza", "/usr/share/zoneinfo/posix/America/Argentina/Rio_Gallegos", "/usr/share/zoneinfo/posix/America/Argentina/Salta", "/usr/share/zoneinfo/posix/America/Argentina/San_Juan", "/usr/share/zoneinfo/posix/America/Argentina/San_Luis", "/usr/share/zoneinfo/posix/America/Argentina/Tucuman", "/usr/share/zoneinfo/posix/America/Argentina/Ushuaia", "/usr/share/zoneinfo/posix/America/Asuncion", "/usr/share/zoneinfo/posix/America/Bahia", "/usr/share/zoneinfo/posix/America/Bahia_Banderas", "/usr/share/zoneinfo/posix/America/Barbados", "/usr/share/zoneinfo/posix/America/Belem", "/usr/share/zoneinfo/posix/America/Belize", "/usr/share/zoneinfo/posix/America/Boa_Vista", "/usr/share/zoneinfo/posix/America/Bogota", "/usr/share/zoneinfo/posix/America/Boise", "/usr/share/zoneinfo/posix/America/Cambridge_Bay", "/usr/share/zoneinfo/posix/America/Campo_Grande", "/usr/share/zoneinfo/posix/America/Cancun", "/usr/share/zoneinfo/posix/America/Caracas", "/usr/share/zoneinfo/posix/America/Cayenne", "/usr/share/zoneinfo/posix/America/Chicago", "/usr/share/zoneinfo/posix/America/Chihuahua", "/usr/share/zoneinfo/posix/America/Ciudad_Juarez", "/usr/share/zoneinfo/posix/America/Costa_Rica", "/usr/share/zoneinfo/posix/America/Cuiaba", "/usr/share/zoneinfo/posix/America/Danmarkshavn", "/usr/share/zoneinfo/posix/America/Dawson", "/usr/share/zoneinfo/posix/America/Dawson_Creek", "/usr/share/zoneinfo/posix/America/Denver", "/usr/share/zoneinfo/posix/America/Detroit", "/usr/share/zoneinfo/posix/America/Edmonton", "/usr/share/zoneinfo/posix/America/Eirunepe", "/usr/share/zoneinfo/posix/America/El_Salvador", "/usr/share/zoneinfo/posix/America/Fort_Nelson", "/usr/share/zoneinfo/posix/America/Fortaleza", "/usr/share/zoneinfo/posix/America/Glace_Bay", "/usr/share/zoneinfo/posix/America/Goose_Bay", "/usr/share/zoneinfo/posix/America/Grand_Turk", "/usr/share/zoneinfo/posix/America/Guatemala", "/usr/share/zoneinfo/posix/America/Guayaquil", "/usr/share/zoneinfo/posix/America/Guyana", "/usr/share/zoneinfo/posix/America/Halifax", "/usr/share/zoneinfo/posix/America/Havana", "/usr/share/zoneinfo/posix/America/Hermosillo", "/usr/share/zoneinfo/posix/America/Indiana/Indianapolis", "/usr/share/zoneinfo/posix/America/Indiana/Knox", "/usr/share/zoneinfo/posix/America/Indiana/Marengo", "/usr/share/zoneinfo/posix/America/Indiana/Petersburg", "/usr/share/zoneinfo/posix/America/Indiana/Tell_City", "/usr/share/zoneinfo/posix/America/Indiana/Vevay", "/usr/share/zoneinfo/posix/America/Indiana/Vincennes", "/usr/share/zoneinfo/posix/America/Indiana/Winamac", "/usr/share/zoneinfo/posix/America/Inuvik", "/usr/share/zoneinfo/posix/America/Iqaluit", "/usr/share/zoneinfo/posix/America/Jamaica", "/usr/share/zoneinfo/posix/America/Juneau", "/usr/share/zoneinfo/posix/America/Kentucky/Louisville", "/usr/share/zoneinfo/posix/America/Kentucky/Monticello", "/usr/share/zoneinfo/posix/America/La_Paz", "/usr/share/zoneinfo/posix/America/Lima", "/usr/share/zoneinfo/posix/America/Los_Angeles", "/usr/share/zoneinfo/posix/America/Maceio", "/usr/share/zoneinfo/posix/America/Managua", "/usr/share/zoneinfo/posix/America/Manaus", "/usr/share/zoneinfo/posix/America/Martinique", "/usr/share/zoneinfo/posix/America/Matamoros", "/usr/share/zoneinfo/posix/America/Mazatlan", "/usr/share/zoneinfo/posix/America/Menominee", "/usr/share/zoneinfo/posix/America/Merida", "/usr/share/zoneinfo/posix/America/Metlakatla", "/usr/share/zoneinfo/posix/America/Mexico_City", "/usr/share/zoneinfo/posix/America/Miquelon", "/usr/share/zoneinfo/posix/America/Moncton", "/usr/share/zoneinfo/posix/America/Monterrey", "/usr/share/zoneinfo/posix/America/Montevideo", "/usr/share/zoneinfo/posix/America/New_York", "/usr/share/zoneinfo/posix/America/Nome", "/usr/share/zoneinfo/posix/America/Noronha", "/usr/share/zoneinfo/posix/America/North_Dakota/Beulah", "/usr/share/zoneinfo/posix/America/North_Dakota/Center", "/usr/share/zoneinfo/posix/America/North_Dakota/New_Salem", "/usr/share/zoneinfo/posix/America/Nuuk", "/usr/share/zoneinfo/posix/America/Ojinaga", "/usr/share/zoneinfo/posix/America/Panama", "/usr/share/zoneinfo/posix/America/Paramaribo", "/usr/share/zoneinfo/posix/America/Phoenix", "/usr/share/zoneinfo/posix/America/Port-au-Prince", "/usr/share/zoneinfo/posix/America/Porto_Velho", "/usr/share/zoneinfo/posix/America/Puerto_Rico", "/usr/share/zoneinfo/posix/America/Punta_Arenas", "/usr/share/zoneinfo/posix/America/Rankin_Inlet", "/usr/share/zoneinfo/posix/America/Recife", "/usr/share/zoneinfo/posix/America/Regina", "/usr/share/zoneinfo/posix/America/Resolute", "/usr/share/zoneinfo/posix/America/Rio_Branco", "/usr/share/zoneinfo/posix/America/Santarem", "/usr/share/zoneinfo/posix/America/Santiago", "/usr/share/zoneinfo/posix/America/Santo_Domingo", "/usr/share/zoneinfo/posix/America/Sao_Paulo", "/usr/share/zoneinfo/posix/America/Scoresbysund", "/usr/share/zoneinfo/posix/America/Sitka", "/usr/share/zoneinfo/posix/America/St_Johns", "/usr/share/zoneinfo/posix/America/Swift_Current", "/usr/share/zoneinfo/posix/America/Tegucigalpa", "/usr/share/zoneinfo/posix/America/Thule", "/usr/share/zoneinfo/posix/America/Tijuana", "/usr/share/zoneinfo/posix/America/Toronto", "/usr/share/zoneinfo/posix/America/Vancouver", "/usr/share/zoneinfo/posix/America/Whitehorse", "/usr/share/zoneinfo/posix/America/Winnipeg", "/usr/share/zoneinfo/posix/America/Yakutat", "/usr/share/zoneinfo/posix/Antarctica/Casey", "/usr/share/zoneinfo/posix/Antarctica/Davis", "/usr/share/zoneinfo/posix/Antarctica/Macquarie", "/usr/share/zoneinfo/posix/Antarctica/Mawson", "/usr/share/zoneinfo/posix/Antarctica/Palmer", "/usr/share/zoneinfo/posix/Antarctica/Rothera", "/usr/share/zoneinfo/posix/Antarctica/Troll", "/usr/share/zoneinfo/posix/Asia/Almaty", "/usr/share/zoneinfo/posix/Asia/Amman", "/usr/share/zoneinfo/posix/Asia/Anadyr", "/usr/share/zoneinfo/posix/Asia/Aqtau", "/usr/share/zoneinfo/posix/Asia/Aqtobe", "/usr/share/zoneinfo/posix/Asia/Ashgabat", "/usr/share/zoneinfo/posix/Asia/Atyrau", "/usr/share/zoneinfo/posix/Asia/Baghdad", "/usr/share/zoneinfo/posix/Asia/Baku", "/usr/share/zoneinfo/posix/Asia/Bangkok", "/usr/share/zoneinfo/posix/Asia/Barnaul", "/usr/share/zoneinfo/posix/Asia/Beirut", "/usr/share/zoneinfo/posix/Asia/Bishkek", "/usr/share/zoneinfo/posix/Asia/Chita", "/usr/share/zoneinfo/posix/Asia/Choibalsan", "/usr/share/zoneinfo/posix/Asia/Colombo", "/usr/share/zoneinfo/posix/Asia/Damascus", "/usr/share/zoneinfo/posix/Asia/Dhaka", "/usr/share/zoneinfo/posix/Asia/Dili", "/usr/share/zoneinfo/posix/Asia/Dubai", "/usr/share/zoneinfo/posix/Asia/Dushanbe", "/usr/share/zoneinfo/posix/Asia/Famagusta", "/usr/share/zoneinfo/posix/Asia/Gaza", "/usr/share/zoneinfo/posix/Asia/Hebron", "/usr/share/zoneinfo/posix/Asia/Ho_Chi_Minh", "/usr/share/zoneinfo/posix/Asia/Hong_Kong", "/usr/share/zoneinfo/posix/Asia/Hovd", "/usr/share/zoneinfo/posix/Asia/Irkutsk", "/usr/share/zoneinfo/posix/Asia/Jakarta", "/usr/share/zoneinfo/posix/Asia/Jayapura", "/usr/share/zoneinfo/posix/Asia/Jerusalem", "/usr/share/zoneinfo/posix/Asia/Kabul", "/usr/share/zoneinfo/posix/Asia/Kamchatka", "/usr/share/zoneinfo/posix/Asia/Karachi", "/usr/share/zoneinfo/posix/Asia/Kathmandu", "/usr/share/zoneinfo/posix/Asia/Khandyga", "/usr/share/zoneinfo/posix/Asia/Kolkata", "/usr/share/zoneinfo/posix/Asia/Krasnoyarsk", "/usr/share/zoneinfo/posix/Asia/Kuching", "/usr/share/zoneinfo/posix/Asia/Macau", "/usr/share/zoneinfo/posix/Asia/Magadan", "/usr/share/zoneinfo/posix/Asia/Makassar", "/usr/share/zoneinfo/posix/Asia/Manila", "/usr/share/zoneinfo/posix/Asia/Nicosia", "/usr/share/zoneinfo/posix/Asia/Novokuznetsk", "/usr/share/zoneinfo/posix/Asia/Novosibirsk", "/usr/share/zoneinfo/posix/Asia/Omsk", "/usr/share/zoneinfo/posix/Asia/Oral", "/usr/share/zoneinfo/posix/Asia/Pontianak", "/usr/share/zoneinfo/posix/Asia/Pyongyang", "/usr/share/zoneinfo/posix/Asia/Qatar", "/usr/share/zoneinfo/posix/Asia/Qostanay", "/usr/share/zoneinfo/posix/Asia/Qyzylorda", "/usr/share/zoneinfo/posix/Asia/Riyadh", "/usr/share/zoneinfo/posix/Asia/Sakhalin", "/usr/share/zoneinfo/posix/Asia/Samarkand", "/usr/share/zoneinfo/posix/Asia/Seoul", "/usr/share/zoneinfo/posix/Asia/Shanghai", "/usr/share/zoneinfo/posix/Asia/Singapore", "/usr/share/zoneinfo/posix/Asia/Srednekolymsk", "/usr/share/zoneinfo/posix/Asia/Taipei", "/usr/share/zoneinfo/posix/Asia/Tashkent", "/usr/share/zoneinfo/posix/Asia/Tbilisi", "/usr/share/zoneinfo/posix/Asia/Tehran", "/usr/share/zoneinfo/posix/Asia/Thimphu", "/usr/share/zoneinfo/posix/Asia/Tokyo", "/usr/share/zoneinfo/posix/Asia/Tomsk", "/usr/share/zoneinfo/posix/Asia/Ulaanbaatar", "/usr/share/zoneinfo/posix/Asia/Urumqi", "/usr/share/zoneinfo/posix/Asia/Ust-Nera", "/usr/share/zoneinfo/posix/Asia/Vladivostok", "/usr/share/zoneinfo/posix/Asia/Yakutsk", "/usr/share/zoneinfo/posix/Asia/Yangon", "/usr/share/zoneinfo/posix/Asia/Yekaterinburg", "/usr/share/zoneinfo/posix/Asia/Yerevan", "/usr/share/zoneinfo/posix/Atlantic/Azores", "/usr/share/zoneinfo/posix/Atlantic/Bermuda", "/usr/share/zoneinfo/posix/Atlantic/Canary", "/usr/share/zoneinfo/posix/Atlantic/Cape_Verde", "/usr/share/zoneinfo/posix/Atlantic/Faroe", "/usr/share/zoneinfo/posix/Atlantic/Madeira", "/usr/share/zoneinfo/posix/Atlantic/South_Georgia", "/usr/share/zoneinfo/posix/Atlantic/Stanley", "/usr/share/zoneinfo/posix/Australia/Adelaide", "/usr/share/zoneinfo/posix/Australia/Brisbane", "/usr/share/zoneinfo/posix/Australia/Broken_Hill", "/usr/share/zoneinfo/posix/Australia/Darwin", "/usr/share/zoneinfo/posix/Australia/Eucla", "/usr/share/zoneinfo/posix/Australia/Hobart", "/usr/share/zoneinfo/posix/Australia/Lindeman", "/usr/share/zoneinfo/posix/Australia/Lord_Howe", "/usr/share/zoneinfo/posix/Australia/Melbourne", "/usr/share/zoneinfo/posix/Australia/Perth", "/usr/share/zoneinfo/posix/Australia/Sydney", "/usr/share/zoneinfo/posix/CET", "/usr/share/zoneinfo/posix/CST6CDT", "/usr/share/zoneinfo/posix/EET", "/usr/share/zoneinfo/posix/EST", "/usr/share/zoneinfo/posix/EST5EDT", "/usr/share/zoneinfo/posix/Etc/GMT", "/usr/share/zoneinfo/posix/Etc/GMT+1", "/usr/share/zoneinfo/posix/Etc/GMT+10", "/usr/share/zoneinfo/posix/Etc/GMT+11", "/usr/share/zoneinfo/posix/Etc/GMT+12", "/usr/share/zoneinfo/posix/Etc/GMT+2", "/usr/share/zoneinfo/posix/Etc/GMT+3", "/usr/share/zoneinfo/posix/Etc/GMT+4", "/usr/share/zoneinfo/posix/Etc/GMT+5", "/usr/share/zoneinfo/posix/Etc/GMT+6", "/usr/share/zoneinfo/posix/Etc/GMT+7", "/usr/share/zoneinfo/posix/Etc/GMT+8", "/usr/share/zoneinfo/posix/Etc/GMT+9", "/usr/share/zoneinfo/posix/Etc/GMT-1", "/usr/share/zoneinfo/posix/Etc/GMT-10", "/usr/share/zoneinfo/posix/Etc/GMT-11", "/usr/share/zoneinfo/posix/Etc/GMT-12", "/usr/share/zoneinfo/posix/Etc/GMT-13", "/usr/share/zoneinfo/posix/Etc/GMT-14", "/usr/share/zoneinfo/posix/Etc/GMT-2", "/usr/share/zoneinfo/posix/Etc/GMT-3", "/usr/share/zoneinfo/posix/Etc/GMT-4", "/usr/share/zoneinfo/posix/Etc/GMT-5", "/usr/share/zoneinfo/posix/Etc/GMT-6", "/usr/share/zoneinfo/posix/Etc/GMT-7", "/usr/share/zoneinfo/posix/Etc/GMT-8", "/usr/share/zoneinfo/posix/Etc/GMT-9", "/usr/share/zoneinfo/posix/Etc/UTC", "/usr/share/zoneinfo/posix/Europe/Andorra", "/usr/share/zoneinfo/posix/Europe/Astrakhan", "/usr/share/zoneinfo/posix/Europe/Athens", "/usr/share/zoneinfo/posix/Europe/Belgrade", "/usr/share/zoneinfo/posix/Europe/Berlin", "/usr/share/zoneinfo/posix/Europe/Brussels", "/usr/share/zoneinfo/posix/Europe/Bucharest", "/usr/share/zoneinfo/posix/Europe/Budapest", "/usr/share/zoneinfo/posix/Europe/Chisinau", "/usr/share/zoneinfo/posix/Europe/Dublin", "/usr/share/zoneinfo/posix/Europe/Gibraltar", "/usr/share/zoneinfo/posix/Europe/Helsinki", "/usr/share/zoneinfo/posix/Europe/Istanbul", "/usr/share/zoneinfo/posix/Europe/Kaliningrad", "/usr/share/zoneinfo/posix/Europe/Kirov", "/usr/share/zoneinfo/posix/Europe/Kyiv", "/usr/share/zoneinfo/posix/Europe/Lisbon", "/usr/share/zoneinfo/posix/Europe/London", "/usr/share/zoneinfo/posix/Europe/Madrid", "/usr/share/zoneinfo/posix/Europe/Malta", "/usr/share/zoneinfo/posix/Europe/Minsk", "/usr/share/zoneinfo/posix/Europe/Moscow", "/usr/share/zoneinfo/posix/Europe/Paris", "/usr/share/zoneinfo/posix/Europe/Prague", "/usr/share/zoneinfo/posix/Europe/Riga", "/usr/share/zoneinfo/posix/Europe/Rome", "/usr/share/zoneinfo/posix/Europe/Samara", "/usr/share/zoneinfo/posix/Europe/Saratov", "/usr/share/zoneinfo/posix/Europe/Simferopol", "/usr/share/zoneinfo/posix/Europe/Sofia", "/usr/share/zoneinfo/posix/Europe/Tallinn", "/usr/share/zoneinfo/posix/Europe/Tirane", "/usr/share/zoneinfo/posix/Europe/Ulyanovsk", "/usr/share/zoneinfo/posix/Europe/Vienna", "/usr/share/zoneinfo/posix/Europe/Vilnius", "/usr/share/zoneinfo/posix/Europe/Volgograd", "/usr/share/zoneinfo/posix/Europe/Warsaw", "/usr/share/zoneinfo/posix/Europe/Zurich", "/usr/share/zoneinfo/posix/Factory", "/usr/share/zoneinfo/posix/HST", "/usr/share/zoneinfo/posix/Indian/Chagos", "/usr/share/zoneinfo/posix/Indian/Maldives", "/usr/share/zoneinfo/posix/Indian/Mauritius", "/usr/share/zoneinfo/posix/MET", "/usr/share/zoneinfo/posix/MST", "/usr/share/zoneinfo/posix/MST7MDT", "/usr/share/zoneinfo/posix/PST8PDT", "/usr/share/zoneinfo/posix/Pacific/Apia", "/usr/share/zoneinfo/posix/Pacific/Auckland", "/usr/share/zoneinfo/posix/Pacific/Bougainville", "/usr/share/zoneinfo/posix/Pacific/Chatham", "/usr/share/zoneinfo/posix/Pacific/Easter", "/usr/share/zoneinfo/posix/Pacific/Efate", "/usr/share/zoneinfo/posix/Pacific/Fakaofo", "/usr/share/zoneinfo/posix/Pacific/Fiji", "/usr/share/zoneinfo/posix/Pacific/Galapagos", "/usr/share/zoneinfo/posix/Pacific/Gambier", "/usr/share/zoneinfo/posix/Pacific/Guadalcanal", "/usr/share/zoneinfo/posix/Pacific/Guam", "/usr/share/zoneinfo/posix/Pacific/Honolulu", "/usr/share/zoneinfo/posix/Pacific/Kanton", "/usr/share/zoneinfo/posix/Pacific/Kiritimati", "/usr/share/zoneinfo/posix/Pacific/Kosrae", "/usr/share/zoneinfo/posix/Pacific/Kwajalein", "/usr/share/zoneinfo/posix/Pacific/Marquesas", "/usr/share/zoneinfo/posix/Pacific/Nauru", "/usr/share/zoneinfo/posix/Pacific/Niue", "/usr/share/zoneinfo/posix/Pacific/Norfolk", "/usr/share/zoneinfo/posix/Pacific/Noumea", "/usr/share/zoneinfo/posix/Pacific/Pago_Pago", "/usr/share/zoneinfo/posix/Pacific/Palau", "/usr/share/zoneinfo/posix/Pacific/Pitcairn", "/usr/share/zoneinfo/posix/Pacific/Port_Moresby", "/usr/share/zoneinfo/posix/Pacific/Rarotonga", "/usr/share/zoneinfo/posix/Pacific/Tahiti", "/usr/share/zoneinfo/posix/Pacific/Tarawa", "/usr/share/zoneinfo/posix/Pacific/Tongatapu", "/usr/share/zoneinfo/posix/WET", "/usr/share/zoneinfo/right/Africa/Abidjan", "/usr/share/zoneinfo/right/Africa/Algiers", "/usr/share/zoneinfo/right/Africa/Bissau", "/usr/share/zoneinfo/right/Africa/Cairo", "/usr/share/zoneinfo/right/Africa/Casablanca", "/usr/share/zoneinfo/right/Africa/Ceuta", "/usr/share/zoneinfo/right/Africa/El_Aaiun", "/usr/share/zoneinfo/right/Africa/Johannesburg", "/usr/share/zoneinfo/right/Africa/Juba", "/usr/share/zoneinfo/right/Africa/Khartoum", "/usr/share/zoneinfo/right/Africa/Lagos", "/usr/share/zoneinfo/right/Africa/Maputo", "/usr/share/zoneinfo/right/Africa/Monrovia", "/usr/share/zoneinfo/right/Africa/Nairobi", "/usr/share/zoneinfo/right/Africa/Ndjamena", "/usr/share/zoneinfo/right/Africa/Sao_Tome", "/usr/share/zoneinfo/right/Africa/Tripoli", "/usr/share/zoneinfo/right/Africa/Tunis", "/usr/share/zoneinfo/right/Africa/Windhoek", "/usr/share/zoneinfo/right/America/Adak", "/usr/share/zoneinfo/right/America/Anchorage", "/usr/share/zoneinfo/right/America/Araguaina", "/usr/share/zoneinfo/right/America/Argentina/Buenos_Aires", "/usr/share/zoneinfo/right/America/Argentina/Catamarca", "/usr/share/zoneinfo/right/America/Argentina/Cordoba", "/usr/share/zoneinfo/right/America/Argentina/Jujuy", "/usr/share/zoneinfo/right/America/Argentina/La_Rioja", "/usr/share/zoneinfo/right/America/Argentina/Mendoza", "/usr/share/zoneinfo/right/America/Argentina/Rio_Gallegos", "/usr/share/zoneinfo/right/America/Argentina/Salta", "/usr/share/zoneinfo/right/America/Argentina/San_Juan", "/usr/share/zoneinfo/right/America/Argentina/San_Luis", "/usr/share/zoneinfo/right/America/Argentina/Tucuman", "/usr/share/zoneinfo/right/America/Argentina/Ushuaia", "/usr/share/zoneinfo/right/America/Asuncion", "/usr/share/zoneinfo/right/America/Bahia", "/usr/share/zoneinfo/right/America/Bahia_Banderas", "/usr/share/zoneinfo/right/America/Barbados", "/usr/share/zoneinfo/right/America/Belem", "/usr/share/zoneinfo/right/America/Belize", "/usr/share/zoneinfo/right/America/Boa_Vista", "/usr/share/zoneinfo/right/America/Bogota", "/usr/share/zoneinfo/right/America/Boise", "/usr/share/zoneinfo/right/America/Cambridge_Bay", "/usr/share/zoneinfo/right/America/Campo_Grande", "/usr/share/zoneinfo/right/America/Cancun", "/usr/share/zoneinfo/right/America/Caracas", "/usr/share/zoneinfo/right/America/Cayenne", "/usr/share/zoneinfo/right/America/Chicago", "/usr/share/zoneinfo/right/America/Chihuahua", "/usr/share/zoneinfo/right/America/Ciudad_Juarez", "/usr/share/zoneinfo/right/America/Costa_Rica", "/usr/share/zoneinfo/right/America/Cuiaba", "/usr/share/zoneinfo/right/America/Danmarkshavn", "/usr/share/zoneinfo/right/America/Dawson", "/usr/share/zoneinfo/right/America/Dawson_Creek", "/usr/share/zoneinfo/right/America/Denver", "/usr/share/zoneinfo/right/America/Detroit", "/usr/share/zoneinfo/right/America/Edmonton", "/usr/share/zoneinfo/right/America/Eirunepe", "/usr/share/zoneinfo/right/America/El_Salvador", "/usr/share/zoneinfo/right/America/Fort_Nelson", "/usr/share/zoneinfo/right/America/Fortaleza", "/usr/share/zoneinfo/right/America/Glace_Bay", "/usr/share/zoneinfo/right/America/Goose_Bay", "/usr/share/zoneinfo/right/America/Grand_Turk", "/usr/share/zoneinfo/right/America/Guatemala", "/usr/share/zoneinfo/right/America/Guayaquil", "/usr/share/zoneinfo/right/America/Guyana", "/usr/share/zoneinfo/right/America/Halifax", "/usr/share/zoneinfo/right/America/Havana", "/usr/share/zoneinfo/right/America/Hermosillo", "/usr/share/zoneinfo/right/America/Indiana/Indianapolis", "/usr/share/zoneinfo/right/America/Indiana/Knox", "/usr/share/zoneinfo/right/America/Indiana/Marengo", "/usr/share/zoneinfo/right/America/Indiana/Petersburg", "/usr/share/zoneinfo/right/America/Indiana/Tell_City", "/usr/share/zoneinfo/right/America/Indiana/Vevay", "/usr/share/zoneinfo/right/America/Indiana/Vincennes", "/usr/share/zoneinfo/right/America/Indiana/Winamac", "/usr/share/zoneinfo/right/America/Inuvik", "/usr/share/zoneinfo/right/America/Iqaluit", "/usr/share/zoneinfo/right/America/Jamaica", "/usr/share/zoneinfo/right/America/Juneau", "/usr/share/zoneinfo/right/America/Kentucky/Louisville", "/usr/share/zoneinfo/right/America/Kentucky/Monticello", "/usr/share/zoneinfo/right/America/La_Paz", "/usr/share/zoneinfo/right/America/Lima", "/usr/share/zoneinfo/right/America/Los_Angeles", "/usr/share/zoneinfo/right/America/Maceio", "/usr/share/zoneinfo/right/America/Managua", "/usr/share/zoneinfo/right/America/Manaus", "/usr/share/zoneinfo/right/America/Martinique", "/usr/share/zoneinfo/right/America/Matamoros", "/usr/share/zoneinfo/right/America/Mazatlan", "/usr/share/zoneinfo/right/America/Menominee", "/usr/share/zoneinfo/right/America/Merida", "/usr/share/zoneinfo/right/America/Metlakatla", "/usr/share/zoneinfo/right/America/Mexico_City", "/usr/share/zoneinfo/right/America/Miquelon", "/usr/share/zoneinfo/right/America/Moncton", "/usr/share/zoneinfo/right/America/Monterrey", "/usr/share/zoneinfo/right/America/Montevideo", "/usr/share/zoneinfo/right/America/New_York", "/usr/share/zoneinfo/right/America/Nome", "/usr/share/zoneinfo/right/America/Noronha", "/usr/share/zoneinfo/right/America/North_Dakota/Beulah", "/usr/share/zoneinfo/right/America/North_Dakota/Center", "/usr/share/zoneinfo/right/America/North_Dakota/New_Salem", "/usr/share/zoneinfo/right/America/Nuuk", "/usr/share/zoneinfo/right/America/Ojinaga", "/usr/share/zoneinfo/right/America/Panama", "/usr/share/zoneinfo/right/America/Paramaribo", "/usr/share/zoneinfo/right/America/Phoenix", "/usr/share/zoneinfo/right/America/Port-au-Prince", "/usr/share/zoneinfo/right/America/Porto_Velho", "/usr/share/zoneinfo/right/America/Puerto_Rico", "/usr/share/zoneinfo/right/America/Punta_Arenas", "/usr/share/zoneinfo/right/America/Rankin_Inlet", "/usr/share/zoneinfo/right/America/Recife", "/usr/share/zoneinfo/right/America/Regina", "/usr/share/zoneinfo/right/America/Resolute", "/usr/share/zoneinfo/right/America/Rio_Branco", "/usr/share/zoneinfo/right/America/Santarem", "/usr/share/zoneinfo/right/America/Santiago", "/usr/share/zoneinfo/right/America/Santo_Domingo", "/usr/share/zoneinfo/right/America/Sao_Paulo", "/usr/share/zoneinfo/right/America/Scoresbysund", "/usr/share/zoneinfo/right/America/Sitka", "/usr/share/zoneinfo/right/America/St_Johns", "/usr/share/zoneinfo/right/America/Swift_Current", "/usr/share/zoneinfo/right/America/Tegucigalpa", "/usr/share/zoneinfo/right/America/Thule", "/usr/share/zoneinfo/right/America/Tijuana", "/usr/share/zoneinfo/right/America/Toronto", "/usr/share/zoneinfo/right/America/Vancouver", "/usr/share/zoneinfo/right/America/Whitehorse", "/usr/share/zoneinfo/right/America/Winnipeg", "/usr/share/zoneinfo/right/America/Yakutat", "/usr/share/zoneinfo/right/Antarctica/Casey", "/usr/share/zoneinfo/right/Antarctica/Davis", "/usr/share/zoneinfo/right/Antarctica/Macquarie", "/usr/share/zoneinfo/right/Antarctica/Mawson", "/usr/share/zoneinfo/right/Antarctica/Palmer", "/usr/share/zoneinfo/right/Antarctica/Rothera", "/usr/share/zoneinfo/right/Antarctica/Troll", "/usr/share/zoneinfo/right/Asia/Almaty", "/usr/share/zoneinfo/right/Asia/Amman", "/usr/share/zoneinfo/right/Asia/Anadyr", "/usr/share/zoneinfo/right/Asia/Aqtau", "/usr/share/zoneinfo/right/Asia/Aqtobe", "/usr/share/zoneinfo/right/Asia/Ashgabat", "/usr/share/zoneinfo/right/Asia/Atyrau", "/usr/share/zoneinfo/right/Asia/Baghdad", "/usr/share/zoneinfo/right/Asia/Baku", "/usr/share/zoneinfo/right/Asia/Bangkok", "/usr/share/zoneinfo/right/Asia/Barnaul", "/usr/share/zoneinfo/right/Asia/Beirut", "/usr/share/zoneinfo/right/Asia/Bishkek", "/usr/share/zoneinfo/right/Asia/Chita", "/usr/share/zoneinfo/right/Asia/Choibalsan", "/usr/share/zoneinfo/right/Asia/Colombo", "/usr/share/zoneinfo/right/Asia/Damascus", "/usr/share/zoneinfo/right/Asia/Dhaka", "/usr/share/zoneinfo/right/Asia/Dili", "/usr/share/zoneinfo/right/Asia/Dubai", "/usr/share/zoneinfo/right/Asia/Dushanbe", "/usr/share/zoneinfo/right/Asia/Famagusta", "/usr/share/zoneinfo/right/Asia/Gaza", "/usr/share/zoneinfo/right/Asia/Hebron", "/usr/share/zoneinfo/right/Asia/Ho_Chi_Minh", "/usr/share/zoneinfo/right/Asia/Hong_Kong", "/usr/share/zoneinfo/right/Asia/Hovd", "/usr/share/zoneinfo/right/Asia/Irkutsk", "/usr/share/zoneinfo/right/Asia/Jakarta", "/usr/share/zoneinfo/right/Asia/Jayapura", "/usr/share/zoneinfo/right/Asia/Jerusalem", "/usr/share/zoneinfo/right/Asia/Kabul", "/usr/share/zoneinfo/right/Asia/Kamchatka", "/usr/share/zoneinfo/right/Asia/Karachi", "/usr/share/zoneinfo/right/Asia/Kathmandu", "/usr/share/zoneinfo/right/Asia/Khandyga", "/usr/share/zoneinfo/right/Asia/Kolkata", "/usr/share/zoneinfo/right/Asia/Krasnoyarsk", "/usr/share/zoneinfo/right/Asia/Kuching", "/usr/share/zoneinfo/right/Asia/Macau", "/usr/share/zoneinfo/right/Asia/Magadan", "/usr/share/zoneinfo/right/Asia/Makassar", "/usr/share/zoneinfo/right/Asia/Manila", "/usr/share/zoneinfo/right/Asia/Nicosia", "/usr/share/zoneinfo/right/Asia/Novokuznetsk", "/usr/share/zoneinfo/right/Asia/Novosibirsk", "/usr/share/zoneinfo/right/Asia/Omsk", "/usr/share/zoneinfo/right/Asia/Oral", "/usr/share/zoneinfo/right/Asia/Pontianak", "/usr/share/zoneinfo/right/Asia/Pyongyang", "/usr/share/zoneinfo/right/Asia/Qatar", "/usr/share/zoneinfo/right/Asia/Qostanay", "/usr/share/zoneinfo/right/Asia/Qyzylorda", "/usr/share/zoneinfo/right/Asia/Riyadh", "/usr/share/zoneinfo/right/Asia/Sakhalin", "/usr/share/zoneinfo/right/Asia/Samarkand", "/usr/share/zoneinfo/right/Asia/Seoul", "/usr/share/zoneinfo/right/Asia/Shanghai", "/usr/share/zoneinfo/right/Asia/Singapore", "/usr/share/zoneinfo/right/Asia/Srednekolymsk", "/usr/share/zoneinfo/right/Asia/Taipei", "/usr/share/zoneinfo/right/Asia/Tashkent", "/usr/share/zoneinfo/right/Asia/Tbilisi", "/usr/share/zoneinfo/right/Asia/Tehran", "/usr/share/zoneinfo/right/Asia/Thimphu", "/usr/share/zoneinfo/right/Asia/Tokyo", "/usr/share/zoneinfo/right/Asia/Tomsk", "/usr/share/zoneinfo/right/Asia/Ulaanbaatar", "/usr/share/zoneinfo/right/Asia/Urumqi", "/usr/share/zoneinfo/right/Asia/Ust-Nera", "/usr/share/zoneinfo/right/Asia/Vladivostok", "/usr/share/zoneinfo/right/Asia/Yakutsk", "/usr/share/zoneinfo/right/Asia/Yangon", "/usr/share/zoneinfo/right/Asia/Yekaterinburg", "/usr/share/zoneinfo/right/Asia/Yerevan", "/usr/share/zoneinfo/right/Atlantic/Azores", "/usr/share/zoneinfo/right/Atlantic/Bermuda", "/usr/share/zoneinfo/right/Atlantic/Canary", "/usr/share/zoneinfo/right/Atlantic/Cape_Verde", "/usr/share/zoneinfo/right/Atlantic/Faroe", "/usr/share/zoneinfo/right/Atlantic/Madeira", "/usr/share/zoneinfo/right/Atlantic/South_Georgia", "/usr/share/zoneinfo/right/Atlantic/Stanley", "/usr/share/zoneinfo/right/Australia/Adelaide", "/usr/share/zoneinfo/right/Australia/Brisbane", "/usr/share/zoneinfo/right/Australia/Broken_Hill", "/usr/share/zoneinfo/right/Australia/Darwin", "/usr/share/zoneinfo/right/Australia/Eucla", "/usr/share/zoneinfo/right/Australia/Hobart", "/usr/share/zoneinfo/right/Australia/Lindeman", "/usr/share/zoneinfo/right/Australia/Lord_Howe", "/usr/share/zoneinfo/right/Australia/Melbourne", "/usr/share/zoneinfo/right/Australia/Perth", "/usr/share/zoneinfo/right/Australia/Sydney", "/usr/share/zoneinfo/right/CET", "/usr/share/zoneinfo/right/CST6CDT", "/usr/share/zoneinfo/right/EET", "/usr/share/zoneinfo/right/EST", "/usr/share/zoneinfo/right/EST5EDT", "/usr/share/zoneinfo/right/Etc/GMT", "/usr/share/zoneinfo/right/Etc/GMT+1", "/usr/share/zoneinfo/right/Etc/GMT+10", "/usr/share/zoneinfo/right/Etc/GMT+11", "/usr/share/zoneinfo/right/Etc/GMT+12", "/usr/share/zoneinfo/right/Etc/GMT+2", "/usr/share/zoneinfo/right/Etc/GMT+3", "/usr/share/zoneinfo/right/Etc/GMT+4", "/usr/share/zoneinfo/right/Etc/GMT+5", "/usr/share/zoneinfo/right/Etc/GMT+6", "/usr/share/zoneinfo/right/Etc/GMT+7", "/usr/share/zoneinfo/right/Etc/GMT+8", "/usr/share/zoneinfo/right/Etc/GMT+9", "/usr/share/zoneinfo/right/Etc/GMT-1", "/usr/share/zoneinfo/right/Etc/GMT-10", "/usr/share/zoneinfo/right/Etc/GMT-11", "/usr/share/zoneinfo/right/Etc/GMT-12", "/usr/share/zoneinfo/right/Etc/GMT-13", "/usr/share/zoneinfo/right/Etc/GMT-14", "/usr/share/zoneinfo/right/Etc/GMT-2", "/usr/share/zoneinfo/right/Etc/GMT-3", "/usr/share/zoneinfo/right/Etc/GMT-4", "/usr/share/zoneinfo/right/Etc/GMT-5", "/usr/share/zoneinfo/right/Etc/GMT-6", "/usr/share/zoneinfo/right/Etc/GMT-7", "/usr/share/zoneinfo/right/Etc/GMT-8", "/usr/share/zoneinfo/right/Etc/GMT-9", "/usr/share/zoneinfo/right/Etc/UTC", "/usr/share/zoneinfo/right/Europe/Andorra", "/usr/share/zoneinfo/right/Europe/Astrakhan", "/usr/share/zoneinfo/right/Europe/Athens", "/usr/share/zoneinfo/right/Europe/Belgrade", "/usr/share/zoneinfo/right/Europe/Berlin", "/usr/share/zoneinfo/right/Europe/Brussels", "/usr/share/zoneinfo/right/Europe/Bucharest", "/usr/share/zoneinfo/right/Europe/Budapest", "/usr/share/zoneinfo/right/Europe/Chisinau", "/usr/share/zoneinfo/right/Europe/Dublin", "/usr/share/zoneinfo/right/Europe/Gibraltar", "/usr/share/zoneinfo/right/Europe/Helsinki", "/usr/share/zoneinfo/right/Europe/Istanbul", "/usr/share/zoneinfo/right/Europe/Kaliningrad", "/usr/share/zoneinfo/right/Europe/Kirov", "/usr/share/zoneinfo/right/Europe/Kyiv", "/usr/share/zoneinfo/right/Europe/Lisbon", "/usr/share/zoneinfo/right/Europe/London", "/usr/share/zoneinfo/right/Europe/Madrid", "/usr/share/zoneinfo/right/Europe/Malta", "/usr/share/zoneinfo/right/Europe/Minsk", "/usr/share/zoneinfo/right/Europe/Moscow", "/usr/share/zoneinfo/right/Europe/Paris", "/usr/share/zoneinfo/right/Europe/Prague", "/usr/share/zoneinfo/right/Europe/Riga", "/usr/share/zoneinfo/right/Europe/Rome", "/usr/share/zoneinfo/right/Europe/Samara", "/usr/share/zoneinfo/right/Europe/Saratov", "/usr/share/zoneinfo/right/Europe/Simferopol", "/usr/share/zoneinfo/right/Europe/Sofia", "/usr/share/zoneinfo/right/Europe/Tallinn", "/usr/share/zoneinfo/right/Europe/Tirane", "/usr/share/zoneinfo/right/Europe/Ulyanovsk", "/usr/share/zoneinfo/right/Europe/Vienna", "/usr/share/zoneinfo/right/Europe/Vilnius", "/usr/share/zoneinfo/right/Europe/Volgograd", "/usr/share/zoneinfo/right/Europe/Warsaw", "/usr/share/zoneinfo/right/Europe/Zurich", "/usr/share/zoneinfo/right/Factory", "/usr/share/zoneinfo/right/HST", "/usr/share/zoneinfo/right/Indian/Chagos", "/usr/share/zoneinfo/right/Indian/Maldives", "/usr/share/zoneinfo/right/Indian/Mauritius", "/usr/share/zoneinfo/right/MET", "/usr/share/zoneinfo/right/MST", "/usr/share/zoneinfo/right/MST7MDT", "/usr/share/zoneinfo/right/PST8PDT", "/usr/share/zoneinfo/right/Pacific/Apia", "/usr/share/zoneinfo/right/Pacific/Auckland", "/usr/share/zoneinfo/right/Pacific/Bougainville", "/usr/share/zoneinfo/right/Pacific/Chatham", "/usr/share/zoneinfo/right/Pacific/Easter", "/usr/share/zoneinfo/right/Pacific/Efate", "/usr/share/zoneinfo/right/Pacific/Fakaofo", "/usr/share/zoneinfo/right/Pacific/Fiji", "/usr/share/zoneinfo/right/Pacific/Galapagos", "/usr/share/zoneinfo/right/Pacific/Gambier", "/usr/share/zoneinfo/right/Pacific/Guadalcanal", "/usr/share/zoneinfo/right/Pacific/Guam", "/usr/share/zoneinfo/right/Pacific/Honolulu", "/usr/share/zoneinfo/right/Pacific/Kanton", "/usr/share/zoneinfo/right/Pacific/Kiritimati", "/usr/share/zoneinfo/right/Pacific/Kosrae", "/usr/share/zoneinfo/right/Pacific/Kwajalein", "/usr/share/zoneinfo/right/Pacific/Marquesas", "/usr/share/zoneinfo/right/Pacific/Nauru", "/usr/share/zoneinfo/right/Pacific/Niue", "/usr/share/zoneinfo/right/Pacific/Norfolk", "/usr/share/zoneinfo/right/Pacific/Noumea", "/usr/share/zoneinfo/right/Pacific/Pago_Pago", "/usr/share/zoneinfo/right/Pacific/Palau", "/usr/share/zoneinfo/right/Pacific/Pitcairn", "/usr/share/zoneinfo/right/Pacific/Port_Moresby", "/usr/share/zoneinfo/right/Pacific/Rarotonga", "/usr/share/zoneinfo/right/Pacific/Tahiti", "/usr/share/zoneinfo/right/Pacific/Tarawa", "/usr/share/zoneinfo/right/Pacific/Tongatapu", "/usr/share/zoneinfo/right/WET", "/usr/share/zoneinfo/tzdata.zi", "/usr/share/zoneinfo/zone.tab", "/usr/share/zoneinfo/zone1970.tab" ], "AnalyzedBy": "dpkg" }, { "ID": "ubuntu-keyring@2020.02.11.4", "Name": "ubuntu-keyring", "Identifier": { "PURL": "pkg:deb/ubuntu/ubuntu-keyring@2020.02.11.4?arch=all\u0026distro=ubuntu-20.04", "UID": "171f129b474e838b" }, "Version": "2020.02.11.4", "Arch": "all", "SrcName": "ubuntu-keyring", "SrcVersion": "2020.02.11.4", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Dimitri John Ledkov \u003cdimitri.ledkov@canonical.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg", "/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg", "/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg", "/usr/share/doc/ubuntu-keyring/changelog.gz", "/usr/share/doc/ubuntu-keyring/copyright", "/usr/share/keyrings/ubuntu-archive-keyring.gpg", "/usr/share/keyrings/ubuntu-archive-removed-keys.gpg", "/usr/share/keyrings/ubuntu-cloudimage-keyring.gpg", "/usr/share/keyrings/ubuntu-cloudimage-removed-keys.gpg", "/usr/share/keyrings/ubuntu-master-keyring.gpg" ], "AnalyzedBy": "dpkg" }, { "ID": "util-linux@2.34-0.1ubuntu9.3", "Name": "util-linux", "Identifier": { "PURL": "pkg:deb/ubuntu/util-linux@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "7e27c675dec861ed" }, "Version": "2.34", "Release": "0.1ubuntu9.3", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.34", "SrcRelease": "0.1ubuntu9.3", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "public-domain", "BSD-4-Clause", "MIT", "BSD-2-Clause", "BSD-3-Clause", "LGPL-2.0-or-later", "LGPL-2.1-or-later", "GPL-3.0-or-later", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "login@1:4.8.1-1ubuntu5.20.04.4" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/bin/dmesg", "/bin/findmnt", "/bin/lsblk", "/bin/more", "/bin/mountpoint", "/bin/su", "/bin/wdctl", "/lib/systemd/system/fstrim.service", "/lib/systemd/system/fstrim.timer", "/lib/udev/hwclock-set", "/sbin/agetty", "/sbin/blkdiscard", "/sbin/blkid", "/sbin/blkzone", "/sbin/blockdev", "/sbin/chcpu", "/sbin/ctrlaltdel", "/sbin/findfs", "/sbin/fsck", "/sbin/fsck.cramfs", "/sbin/fsck.minix", "/sbin/fsfreeze", "/sbin/fstrim", "/sbin/hwclock", "/sbin/isosize", "/sbin/mkfs", "/sbin/mkfs.bfs", "/sbin/mkfs.cramfs", "/sbin/mkfs.minix", "/sbin/mkswap", "/sbin/pivot_root", "/sbin/raw", "/sbin/runuser", "/sbin/sulogin", "/sbin/swaplabel", "/sbin/switch_root", "/sbin/wipefs", "/sbin/zramctl", "/usr/bin/addpart", "/usr/bin/choom", "/usr/bin/chrt", "/usr/bin/delpart", "/usr/bin/fallocate", "/usr/bin/fincore", "/usr/bin/flock", "/usr/bin/getopt", "/usr/bin/ionice", "/usr/bin/ipcmk", "/usr/bin/ipcrm", "/usr/bin/ipcs", "/usr/bin/last", "/usr/bin/lscpu", "/usr/bin/lsipc", "/usr/bin/lslocks", "/usr/bin/lslogins", "/usr/bin/lsmem", "/usr/bin/lsns", "/usr/bin/mcookie", "/usr/bin/mesg", "/usr/bin/namei", "/usr/bin/nsenter", "/usr/bin/partx", "/usr/bin/prlimit", "/usr/bin/rename.ul", "/usr/bin/resizepart", "/usr/bin/rev", "/usr/bin/setarch", "/usr/bin/setpriv", "/usr/bin/setsid", "/usr/bin/setterm", "/usr/bin/taskset", "/usr/bin/unshare", "/usr/bin/utmpdump", "/usr/bin/whereis", "/usr/lib/mime/packages/util-linux", "/usr/sbin/chmem", "/usr/sbin/fdformat", "/usr/sbin/ldattach", "/usr/sbin/readprofile", "/usr/sbin/rtcwake", "/usr/share/bash-completion/completions/addpart", "/usr/share/bash-completion/completions/blkdiscard", "/usr/share/bash-completion/completions/blkid", "/usr/share/bash-completion/completions/blkzone", "/usr/share/bash-completion/completions/blockdev", "/usr/share/bash-completion/completions/chcpu", "/usr/share/bash-completion/completions/chmem", "/usr/share/bash-completion/completions/chrt", "/usr/share/bash-completion/completions/ctrlaltdel", "/usr/share/bash-completion/completions/delpart", "/usr/share/bash-completion/completions/dmesg", "/usr/share/bash-completion/completions/fallocate", "/usr/share/bash-completion/completions/fdformat", "/usr/share/bash-completion/completions/fincore", "/usr/share/bash-completion/completions/findfs", "/usr/share/bash-completion/completions/findmnt", "/usr/share/bash-completion/completions/flock", "/usr/share/bash-completion/completions/fsck", "/usr/share/bash-completion/completions/fsck.cramfs", "/usr/share/bash-completion/completions/fsck.minix", "/usr/share/bash-completion/completions/fsfreeze", "/usr/share/bash-completion/completions/fstrim", "/usr/share/bash-completion/completions/getopt", "/usr/share/bash-completion/completions/hwclock", "/usr/share/bash-completion/completions/ionice", "/usr/share/bash-completion/completions/ipcmk", "/usr/share/bash-completion/completions/ipcrm", "/usr/share/bash-completion/completions/ipcs", "/usr/share/bash-completion/completions/isosize", "/usr/share/bash-completion/completions/last", "/usr/share/bash-completion/completions/ldattach", "/usr/share/bash-completion/completions/lsblk", "/usr/share/bash-completion/completions/lscpu", "/usr/share/bash-completion/completions/lsipc", "/usr/share/bash-completion/completions/lslocks", "/usr/share/bash-completion/completions/lslogins", "/usr/share/bash-completion/completions/lsmem", "/usr/share/bash-completion/completions/lsns", "/usr/share/bash-completion/completions/mcookie", "/usr/share/bash-completion/completions/mesg", "/usr/share/bash-completion/completions/mkfs", "/usr/share/bash-completion/completions/mkfs.bfs", "/usr/share/bash-completion/completions/mkfs.cramfs", "/usr/share/bash-completion/completions/mkfs.minix", "/usr/share/bash-completion/completions/mkswap", "/usr/share/bash-completion/completions/more", "/usr/share/bash-completion/completions/mountpoint", "/usr/share/bash-completion/completions/namei", "/usr/share/bash-completion/completions/nsenter", "/usr/share/bash-completion/completions/partx", "/usr/share/bash-completion/completions/pivot_root", "/usr/share/bash-completion/completions/prlimit", "/usr/share/bash-completion/completions/raw", "/usr/share/bash-completion/completions/readprofile", "/usr/share/bash-completion/completions/resizepart", "/usr/share/bash-completion/completions/rev", "/usr/share/bash-completion/completions/rtcwake", "/usr/share/bash-completion/completions/setarch", "/usr/share/bash-completion/completions/setpriv", "/usr/share/bash-completion/completions/setsid", "/usr/share/bash-completion/completions/setterm", "/usr/share/bash-completion/completions/su", "/usr/share/bash-completion/completions/swaplabel", "/usr/share/bash-completion/completions/taskset", "/usr/share/bash-completion/completions/unshare", "/usr/share/bash-completion/completions/utmpdump", "/usr/share/bash-completion/completions/wdctl", "/usr/share/bash-completion/completions/whereis", "/usr/share/bash-completion/completions/wipefs", "/usr/share/bash-completion/completions/zramctl", "/usr/share/doc/util-linux/00-about-docs.txt", "/usr/share/doc/util-linux/AUTHORS.gz", "/usr/share/doc/util-linux/NEWS.Debian.gz", "/usr/share/doc/util-linux/PAM-configuration.txt", "/usr/share/doc/util-linux/README.Debian", "/usr/share/doc/util-linux/blkid.txt", "/usr/share/doc/util-linux/cal.txt", "/usr/share/doc/util-linux/col.txt", "/usr/share/doc/util-linux/copyright", "/usr/share/doc/util-linux/deprecated.txt", "/usr/share/doc/util-linux/examples/filesystems", "/usr/share/doc/util-linux/examples/fstab", "/usr/share/doc/util-linux/examples/fstab.example2", "/usr/share/doc/util-linux/examples/getopt-parse.bash", "/usr/share/doc/util-linux/examples/getopt-parse.tcsh", "/usr/share/doc/util-linux/examples/motd", "/usr/share/doc/util-linux/examples/securetty", "/usr/share/doc/util-linux/examples/shells", "/usr/share/doc/util-linux/examples/udev-raw.rules", "/usr/share/doc/util-linux/getopt.txt", "/usr/share/doc/util-linux/getopt_changelog.txt", "/usr/share/doc/util-linux/howto-build-sys.txt", "/usr/share/doc/util-linux/howto-compilation.txt", "/usr/share/doc/util-linux/howto-contribute.txt.gz", "/usr/share/doc/util-linux/howto-debug.txt", "/usr/share/doc/util-linux/howto-man-page.txt.gz", "/usr/share/doc/util-linux/howto-pull-request.txt.gz", "/usr/share/doc/util-linux/howto-tests.txt", "/usr/share/doc/util-linux/howto-usage-function.txt.gz", "/usr/share/doc/util-linux/hwclock.txt", "/usr/share/doc/util-linux/modems-with-agetty.txt", "/usr/share/doc/util-linux/mount.txt", "/usr/share/doc/util-linux/parse-date.txt.gz", "/usr/share/doc/util-linux/pg.txt", "/usr/share/doc/util-linux/poeigl.txt.gz", "/usr/share/doc/util-linux/release-schedule.txt", "/usr/share/doc/util-linux/releases/v2.13-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.14-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.15-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.16-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.17-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.18-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.19-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.20-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.21-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.22-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.23-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.24-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.25-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.26-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.27-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.28-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.29-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.30-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.31-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.32-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.33-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.34-ReleaseNotes.gz", "/usr/share/lintian/overrides/util-linux", "/usr/share/man/man1/choom.1.gz", "/usr/share/man/man1/chrt.1.gz", "/usr/share/man/man1/dmesg.1.gz", "/usr/share/man/man1/fallocate.1.gz", "/usr/share/man/man1/fincore.1.gz", "/usr/share/man/man1/flock.1.gz", "/usr/share/man/man1/getopt.1.gz", "/usr/share/man/man1/ionice.1.gz", "/usr/share/man/man1/ipcmk.1.gz", "/usr/share/man/man1/ipcrm.1.gz", "/usr/share/man/man1/ipcs.1.gz", "/usr/share/man/man1/last.1.gz", "/usr/share/man/man1/lscpu.1.gz", "/usr/share/man/man1/lsipc.1.gz", "/usr/share/man/man1/lslogins.1.gz", "/usr/share/man/man1/lsmem.1.gz", "/usr/share/man/man1/mcookie.1.gz", "/usr/share/man/man1/mesg.1.gz", "/usr/share/man/man1/more.1.gz", "/usr/share/man/man1/mountpoint.1.gz", "/usr/share/man/man1/namei.1.gz", "/usr/share/man/man1/nsenter.1.gz", "/usr/share/man/man1/prlimit.1.gz", "/usr/share/man/man1/rename.ul.1.gz", "/usr/share/man/man1/rev.1.gz", "/usr/share/man/man1/runuser.1.gz", "/usr/share/man/man1/setpriv.1.gz", "/usr/share/man/man1/setsid.1.gz", "/usr/share/man/man1/setterm.1.gz", "/usr/share/man/man1/su.1.gz", "/usr/share/man/man1/taskset.1.gz", "/usr/share/man/man1/unshare.1.gz", "/usr/share/man/man1/utmpdump.1.gz", "/usr/share/man/man1/whereis.1.gz", "/usr/share/man/man5/adjtime_config.5.gz", "/usr/share/man/man5/hwclock.5.gz", "/usr/share/man/man5/terminal-colors.d.5.gz", "/usr/share/man/man8/addpart.8.gz", "/usr/share/man/man8/agetty.8.gz", "/usr/share/man/man8/blkdiscard.8.gz", "/usr/share/man/man8/blkid.8.gz", "/usr/share/man/man8/blkzone.8.gz", "/usr/share/man/man8/blockdev.8.gz", "/usr/share/man/man8/chcpu.8.gz", "/usr/share/man/man8/chmem.8.gz", "/usr/share/man/man8/ctrlaltdel.8.gz", "/usr/share/man/man8/delpart.8.gz", "/usr/share/man/man8/fdformat.8.gz", "/usr/share/man/man8/findfs.8.gz", "/usr/share/man/man8/findmnt.8.gz", "/usr/share/man/man8/fsck.8.gz", "/usr/share/man/man8/fsck.cramfs.8.gz", "/usr/share/man/man8/fsck.minix.8.gz", "/usr/share/man/man8/fsfreeze.8.gz", "/usr/share/man/man8/fstrim.8.gz", "/usr/share/man/man8/hwclock.8.gz", "/usr/share/man/man8/isosize.8.gz", "/usr/share/man/man8/ldattach.8.gz", "/usr/share/man/man8/lsblk.8.gz", "/usr/share/man/man8/lslocks.8.gz", "/usr/share/man/man8/lsns.8.gz", "/usr/share/man/man8/mkfs.8.gz", "/usr/share/man/man8/mkfs.bfs.8.gz", "/usr/share/man/man8/mkfs.cramfs.8.gz", "/usr/share/man/man8/mkfs.minix.8.gz", "/usr/share/man/man8/mkswap.8.gz", "/usr/share/man/man8/partx.8.gz", "/usr/share/man/man8/pivot_root.8.gz", "/usr/share/man/man8/raw.8.gz", "/usr/share/man/man8/readprofile.8.gz", "/usr/share/man/man8/resizepart.8.gz", "/usr/share/man/man8/rtcwake.8.gz", "/usr/share/man/man8/setarch.8.gz", "/usr/share/man/man8/sulogin.8.gz", "/usr/share/man/man8/swaplabel.8.gz", "/usr/share/man/man8/switch_root.8.gz", "/usr/share/man/man8/wdctl.8.gz", "/usr/share/man/man8/wipefs.8.gz", "/usr/share/man/man8/zramctl.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "xz-utils@5.2.4-1ubuntu1.1", "Name": "xz-utils", "Identifier": { "PURL": "pkg:deb/ubuntu/xz-utils@5.2.4-1ubuntu1.1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "974d966ce8465f86" }, "Version": "5.2.4", "Release": "1ubuntu1.1", "Arch": "amd64", "SrcName": "xz-utils", "SrcVersion": "5.2.4", "SrcRelease": "1ubuntu1.1", "Licenses": [ "PD", "probably-PD", "GPL-2.0-or-later", "LGPL-2.1-or-later", "permissive-fsf", "Autoconf", "permissive-nowarranty", "GPL-2.0-only", "none", "config-h", "LGPL-2.0-only", "LGPL-2.1-only", "noderivs", "PD-debian", "GPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "liblzma5@5.2.4-1ubuntu1.1" ], "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "InstalledFiles": [ "/usr/bin/lzmainfo", "/usr/bin/xz", "/usr/bin/xzdiff", "/usr/bin/xzgrep", "/usr/bin/xzless", "/usr/bin/xzmore", "/usr/share/doc/xz-utils/README.Debian", "/usr/share/doc/xz-utils/README.gz", "/usr/share/doc/xz-utils/copyright", "/usr/share/doc/xz-utils/extra/7z2lzma/7z2lzma.bash", "/usr/share/doc/xz-utils/extra/scanlzma/scanlzma.c", "/usr/share/doc/xz-utils/faq.txt.gz", "/usr/share/doc/xz-utils/history.txt.gz", "/usr/share/man/man1/lzmainfo.1.gz", "/usr/share/man/man1/xz.1.gz", "/usr/share/man/man1/xzdiff.1.gz", "/usr/share/man/man1/xzgrep.1.gz", "/usr/share/man/man1/xzless.1.gz", "/usr/share/man/man1/xzmore.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "zlib1g@1:1.2.11.dfsg-2ubuntu1.5", "Name": "zlib1g", "Identifier": { "PURL": "pkg:deb/ubuntu/zlib1g@1.2.11.dfsg-2ubuntu1.5?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "cfc4093dfe4613c8" }, "Version": "1.2.11.dfsg", "Release": "2ubuntu1.5", "Epoch": 1, "Arch": "amd64", "SrcName": "zlib", "SrcVersion": "1.2.11.dfsg", "SrcRelease": "2ubuntu1.5", "SrcEpoch": 1, "Licenses": [ "Zlib" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libz.so.1.2.11", "/usr/share/doc/zlib1g/changelog.Debian.gz", "/usr/share/doc/zlib1g/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "zstd@1.4.4+dfsg-3ubuntu0.1", "Name": "zstd", "Identifier": { "PURL": "pkg:deb/ubuntu/zstd@1.4.4%2Bdfsg-3ubuntu0.1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "c241c66ea148cdc1" }, "Version": "1.4.4+dfsg", "Release": "3ubuntu0.1", "Arch": "amd64", "SrcName": "libzstd", "SrcVersion": "1.4.4+dfsg", "SrcRelease": "3ubuntu0.1", "Licenses": [ "BSD-3-Clause", "GPL-2.0-only", "Zlib", "GPL-2.0-or-later", "MIT" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libgcc-s1@10.3.0-1ubuntu1~20.04", "liblz4-1@1.9.2-2ubuntu0.20.04.1", "liblzma5@5.2.4-1ubuntu1.1", "libstdc++6@10.3.0-1ubuntu1~20.04", "zlib1g@1:1.2.11.dfsg-2ubuntu1.5" ], "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "InstalledFiles": [ "/usr/bin/pzstd", "/usr/bin/zstd", "/usr/bin/zstdgrep", "/usr/bin/zstdless", "/usr/share/doc/zstd/CODE_OF_CONDUCT.md", "/usr/share/doc/zstd/CONTRIBUTING.md", "/usr/share/doc/zstd/README.md.gz", "/usr/share/doc/zstd/TESTING.md", "/usr/share/doc/zstd/changelog.Debian.gz", "/usr/share/doc/zstd/copyright", "/usr/share/man/man1/pzstd.1.gz", "/usr/share/man/man1/unzstd.1.gz", "/usr/share/man/man1/zstd.1.gz", "/usr/share/man/man1/zstdcat.1.gz", "/usr/share/man/man1/zstdgrep.1.gz", "/usr/share/man/man1/zstdless.1.gz", "/usr/share/man/man1/zstdmt.1.gz" ], "AnalyzedBy": "dpkg" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2024-28085", "PkgID": "bsdutils@1:2.34-0.1ubuntu9.3", "PkgName": "bsdutils", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/bsdutils@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "c2f19fe3db589c3b" }, "InstalledVersion": "1:2.34-0.1ubuntu9.3", "FixedVersion": "2.34-0.1ubuntu9.6", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28085", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:dcc86debc2625a2205e72ae130e4acb371c763f9526934b0f197a308b03528ba", "Title": "util-linux: CVE-2024-28085: wall: escape sequence injection", "Description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "Severity": "MEDIUM", "CweIDs": [ "CWE-150" ], "VendorSeverity": { "azure": 1, "cbl-mariner": 1, "photon": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.4 } }, "References": [ "http://seclists.org/fulldisclosure/2024/Mar/35", "http://www.openwall.com/lists/oss-security/2024/03/27/5", "http://www.openwall.com/lists/oss-security/2024/03/27/6", "http://www.openwall.com/lists/oss-security/2024/03/27/7", "http://www.openwall.com/lists/oss-security/2024/03/27/8", "http://www.openwall.com/lists/oss-security/2024/03/27/9", "http://www.openwall.com/lists/oss-security/2024/03/28/1", "http://www.openwall.com/lists/oss-security/2024/03/28/2", "http://www.openwall.com/lists/oss-security/2024/03/28/3", "https://access.redhat.com/security/cve/CVE-2024-28085", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-202008.html", "https://github.com/skyler-ferrante/CVE-2024-28085", "https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq", "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", "https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/", "https://nvd.nist.gov/vuln/detail/CVE-2024-28085", "https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt", "https://security.netapp.com/advisory/ntap-20240531-0003/", "https://ubuntu.com/security/notices/USN-6719-1", "https://ubuntu.com/security/notices/USN-6719-2", "https://www.cve.org/CVERecord?id=CVE-2024-28085", "https://www.openwall.com/lists/oss-security/2024/03/27/5" ], "PublishedDate": "2024-03-27T19:15:48.367Z", "LastModifiedDate": "2026-05-12T12:16:33.7Z" }, { "VulnerabilityID": "CVE-2024-28085", "PkgID": "fdisk@2.34-0.1ubuntu9.3", "PkgName": "fdisk", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/fdisk@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "e93cc0834325a9d6" }, "InstalledVersion": "2.34-0.1ubuntu9.3", "FixedVersion": "2.34-0.1ubuntu9.6", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28085", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8c6d839b16d74a99a59a1c5e87c95b3646588a7a0c3049e1be96153369d3f7cc", "Title": "util-linux: CVE-2024-28085: wall: escape sequence injection", "Description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "Severity": "MEDIUM", "CweIDs": [ "CWE-150" ], "VendorSeverity": { "azure": 1, "cbl-mariner": 1, "photon": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.4 } }, "References": [ "http://seclists.org/fulldisclosure/2024/Mar/35", "http://www.openwall.com/lists/oss-security/2024/03/27/5", "http://www.openwall.com/lists/oss-security/2024/03/27/6", "http://www.openwall.com/lists/oss-security/2024/03/27/7", "http://www.openwall.com/lists/oss-security/2024/03/27/8", "http://www.openwall.com/lists/oss-security/2024/03/27/9", "http://www.openwall.com/lists/oss-security/2024/03/28/1", "http://www.openwall.com/lists/oss-security/2024/03/28/2", "http://www.openwall.com/lists/oss-security/2024/03/28/3", "https://access.redhat.com/security/cve/CVE-2024-28085", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-202008.html", "https://github.com/skyler-ferrante/CVE-2024-28085", "https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq", "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", "https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/", "https://nvd.nist.gov/vuln/detail/CVE-2024-28085", "https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt", "https://security.netapp.com/advisory/ntap-20240531-0003/", "https://ubuntu.com/security/notices/USN-6719-1", "https://ubuntu.com/security/notices/USN-6719-2", "https://www.cve.org/CVERecord?id=CVE-2024-28085", "https://www.openwall.com/lists/oss-security/2024/03/27/5" ], "PublishedDate": "2024-03-27T19:15:48.367Z", "LastModifiedDate": "2026-05-12T12:16:33.7Z" }, { "VulnerabilityID": "CVE-2023-4156", "PkgID": "gawk@1:5.0.1+dfsg-1", "PkgName": "gawk", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/gawk@5.0.1%2Bdfsg-1?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "e7d9fd5e0ccccae5" }, "InstalledVersion": "1:5.0.1+dfsg-1", "FixedVersion": "1:5.0.1+dfsg-1ubuntu0.1", "Status": "fixed", "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-4156", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a5586142305ed8f70b5c5b8742c0eda9264fc5ad7e521a2f24bc30b4b64403cc", "Title": "gawk: heap out of bound read in builtin.c", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "amazon": 1, "cbl-mariner": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-4156", "https://bugzilla.redhat.com/show_bug.cgi?id=2215930", "https://git.savannah.gnu.org/gitweb/?p=gawk.git;a=commitdiff;h=e709eb829448ce040087a3fc5481db6bfcaae212 (gawk-5.2.0)", "https://mail.gnu.org/archive/html/bug-gawk/2022-08/msg00000.html", "https://mail.gnu.org/archive/html/bug-gawk/2022-08/msg00023.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "https://ubuntu.com/security/notices/USN-6373-1", "https://www.cve.org/CVERecord?id=CVE-2023-4156" ], "PublishedDate": "2023-09-25T18:15:11.013Z", "LastModifiedDate": "2024-11-21T08:34:30.16Z" }, { "VulnerabilityID": "CVE-2025-30258", "PkgID": "gpg@2.2.19-3ubuntu2.2", "PkgName": "gpg", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/gpg@2.2.19-3ubuntu2.2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "c3f3b0f55f5d5301" }, "InstalledVersion": "2.2.19-3ubuntu2.2", "FixedVersion": "2.2.19-3ubuntu2.4", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:50bd8b9ac64aae0c6357ec1b119ba46be2753a04929fa5b368def5c3face3ade", "Title": "gnupg: verification DoS due to a malicious subkey in the keyring", "Description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "Severity": "MEDIUM", "CweIDs": [ "CWE-754" ], "VendorSeverity": { "amazon": 1, "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "V3Score": 2.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-30258", "https://dev.gnupg.org/T7527", "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "https://ubuntu.com/security/notices/USN-7412-1", "https://ubuntu.com/security/notices/USN-7412-3", "https://www.cve.org/CVERecord?id=CVE-2025-30258" ], "PublishedDate": "2025-03-19T20:15:20.14Z", "LastModifiedDate": "2025-10-16T16:53:07.557Z" }, { "VulnerabilityID": "CVE-2025-30258", "PkgID": "gpgconf@2.2.19-3ubuntu2.2", "PkgName": "gpgconf", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/gpgconf@2.2.19-3ubuntu2.2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "fc417bd7bd03106c" }, "InstalledVersion": "2.2.19-3ubuntu2.2", "FixedVersion": "2.2.19-3ubuntu2.4", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:67958bf0bc9cf0c596f07ea49621022d056aabf5c0f3483160f6bcf0ee04b33b", "Title": "gnupg: verification DoS due to a malicious subkey in the keyring", "Description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "Severity": "MEDIUM", "CweIDs": [ "CWE-754" ], "VendorSeverity": { "amazon": 1, "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "V3Score": 2.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-30258", "https://dev.gnupg.org/T7527", "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "https://ubuntu.com/security/notices/USN-7412-1", "https://ubuntu.com/security/notices/USN-7412-3", "https://www.cve.org/CVERecord?id=CVE-2025-30258" ], "PublishedDate": "2025-03-19T20:15:20.14Z", "LastModifiedDate": "2025-10-16T16:53:07.557Z" }, { "VulnerabilityID": "CVE-2025-30258", "PkgID": "gpgv@2.2.19-3ubuntu2.2", "PkgName": "gpgv", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/gpgv@2.2.19-3ubuntu2.2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "94c47271b8f35208" }, "InstalledVersion": "2.2.19-3ubuntu2.2", "FixedVersion": "2.2.19-3ubuntu2.4", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d0a360b33ea7a53f366e8c6b8fa3910517df123cad4e0649ee9a3c6ad95b8ab1", "Title": "gnupg: verification DoS due to a malicious subkey in the keyring", "Description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "Severity": "MEDIUM", "CweIDs": [ "CWE-754" ], "VendorSeverity": { "amazon": 1, "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "V3Score": 2.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-30258", "https://dev.gnupg.org/T7527", "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "https://ubuntu.com/security/notices/USN-7412-1", "https://ubuntu.com/security/notices/USN-7412-3", "https://www.cve.org/CVERecord?id=CVE-2025-30258" ], "PublishedDate": "2025-03-19T20:15:20.14Z", "LastModifiedDate": "2025-10-16T16:53:07.557Z" }, { "VulnerabilityID": "CVE-2024-28085", "PkgID": "libblkid1@2.34-0.1ubuntu9.3", "PkgName": "libblkid1", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libblkid1@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "97537d4ff7af8af0" }, "InstalledVersion": "2.34-0.1ubuntu9.3", "FixedVersion": "2.34-0.1ubuntu9.6", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28085", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2bc304354120fa98c9e0875a3d760707d9b4fcea877568abf9b330193b15ce10", "Title": "util-linux: CVE-2024-28085: wall: escape sequence injection", "Description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "Severity": "MEDIUM", "CweIDs": [ "CWE-150" ], "VendorSeverity": { "azure": 1, "cbl-mariner": 1, "photon": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.4 } }, "References": [ "http://seclists.org/fulldisclosure/2024/Mar/35", "http://www.openwall.com/lists/oss-security/2024/03/27/5", "http://www.openwall.com/lists/oss-security/2024/03/27/6", "http://www.openwall.com/lists/oss-security/2024/03/27/7", "http://www.openwall.com/lists/oss-security/2024/03/27/8", "http://www.openwall.com/lists/oss-security/2024/03/27/9", "http://www.openwall.com/lists/oss-security/2024/03/28/1", "http://www.openwall.com/lists/oss-security/2024/03/28/2", "http://www.openwall.com/lists/oss-security/2024/03/28/3", "https://access.redhat.com/security/cve/CVE-2024-28085", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-202008.html", "https://github.com/skyler-ferrante/CVE-2024-28085", "https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq", "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", "https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/", "https://nvd.nist.gov/vuln/detail/CVE-2024-28085", "https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt", "https://security.netapp.com/advisory/ntap-20240531-0003/", "https://ubuntu.com/security/notices/USN-6719-1", "https://ubuntu.com/security/notices/USN-6719-2", "https://www.cve.org/CVERecord?id=CVE-2024-28085", "https://www.openwall.com/lists/oss-security/2024/03/27/5" ], "PublishedDate": "2024-03-27T19:15:48.367Z", "LastModifiedDate": "2026-05-12T12:16:33.7Z" }, { "VulnerabilityID": "CVE-2024-2961", "PkgID": "libc-bin@2.31-0ubuntu9.9", "PkgName": "libc-bin", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libc-bin@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", "UID": "e0f705ec068d1f26" }, "InstalledVersion": "2.31-0ubuntu9.9", "FixedVersion": "2.31-0ubuntu9.15", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-2961", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1f2b6349b89ac60d1388c9bd6ee6f113b4a2c859ea30810d8efed362d102cc57", "Title": "glibc: Out of bounds write in iconv may lead to remote code execution", "Description": "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/04/17/9", "http://www.openwall.com/lists/oss-security/2024/04/18/4", "http://www.openwall.com/lists/oss-security/2024/04/24/2", "http://www.openwall.com/lists/oss-security/2024/05/27/1", "http://www.openwall.com/lists/oss-security/2024/05/27/2", "http://www.openwall.com/lists/oss-security/2024/05/27/3", "http://www.openwall.com/lists/oss-security/2024/05/27/4", "http://www.openwall.com/lists/oss-security/2024/05/27/5", "http://www.openwall.com/lists/oss-security/2024/05/27/6", "http://www.openwall.com/lists/oss-security/2024/07/22/5", "https://access.redhat.com/errata/RHSA-2024:3339", "https://access.redhat.com/security/cve/CVE-2024-2961", "https://bugzilla.redhat.com/2273404", "https://bugzilla.redhat.com/2277202", "https://bugzilla.redhat.com/2277204", "https://bugzilla.redhat.com/2277205", "https://bugzilla.redhat.com/2277206", "https://bugzilla.redhat.com/show_bug.cgi?id=2273404", "https://bugzilla.redhat.com/show_bug.cgi?id=2277202", "https://bugzilla.redhat.com/show_bug.cgi?id=2277204", "https://bugzilla.redhat.com/show_bug.cgi?id=2277205", "https://bugzilla.redhat.com/show_bug.cgi?id=2277206", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602", "https://errata.almalinux.org/9/ALSA-2024-3339.html", "https://errata.rockylinux.org/RLSA-2024:3339", "https://linux.oracle.com/cve/CVE-2024-2961.html", "https://linux.oracle.com/errata/ELSA-2024-3588.html", "https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/", "https://nvd.nist.gov/vuln/detail/CVE-2024-2961", "https://security.netapp.com/advisory/ntap-20240531-0002/", "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004", "https://ubuntu.com/security/notices/USN-6737-1", "https://ubuntu.com/security/notices/USN-6737-2", "https://ubuntu.com/security/notices/USN-6762-1", "https://www.ambionics.io/blog/iconv-cve-2024-2961-p1", "https://www.ambionics.io/blog/iconv-cve-2024-2961-p2", "https://www.ambionics.io/blog/iconv-cve-2024-2961-p3", "https://www.cve.org/CVERecord?id=CVE-2024-2961", "https://www.openwall.com/lists/oss-security/2024/04/17/9" ], "PublishedDate": "2024-04-17T18:15:15.833Z", "LastModifiedDate": "2026-05-12T12:16:34.22Z" }, { "VulnerabilityID": "CVE-2024-33599", "PkgID": "libc-bin@2.31-0ubuntu9.9", "PkgName": "libc-bin", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libc-bin@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", "UID": "e0f705ec068d1f26" }, "InstalledVersion": "2.31-0ubuntu9.9", "FixedVersion": "2.31-0ubuntu9.16", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-33599", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a0e7d6b2813e32d617abe362bd6a5fba363f14cb80e9966d8178c3a1db196b9d", "Title": "glibc: stack-based buffer overflow in netgroup cache", "Description": "nscd: Stack-based buffer overflow in netgroup cache\n\nIf the Name Service Cache Daemon's (nscd) fixed size cache is exhausted\nby client requests then a subsequent client request for netgroup data\nmay result in a stack-based buffer overflow. This flaw was introduced\nin glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.", "Severity": "MEDIUM", "CweIDs": [ "CWE-121" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "V3Score": 7.6 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/07/22/5", "https://access.redhat.com/errata/RHSA-2024:3339", "https://access.redhat.com/security/cve/CVE-2024-33599", "https://bugzilla.redhat.com/2273404", "https://bugzilla.redhat.com/2277202", "https://bugzilla.redhat.com/2277204", "https://bugzilla.redhat.com/2277205", "https://bugzilla.redhat.com/2277206", "https://bugzilla.redhat.com/show_bug.cgi?id=2273404", "https://bugzilla.redhat.com/show_bug.cgi?id=2277202", "https://bugzilla.redhat.com/show_bug.cgi?id=2277204", "https://bugzilla.redhat.com/show_bug.cgi?id=2277205", "https://bugzilla.redhat.com/show_bug.cgi?id=2277206", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602", "https://errata.almalinux.org/9/ALSA-2024-3339.html", "https://errata.rockylinux.org/RLSA-2024:3339", "https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/", "https://linux.oracle.com/cve/CVE-2024-33599.html", "https://linux.oracle.com/errata/ELSA-2024-3588.html", "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-33599", "https://security.netapp.com/advisory/ntap-20240524-0011/", "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0005", "https://ubuntu.com/security/notices/USN-6804-1", "https://www.cve.org/CVERecord?id=CVE-2024-33599", "https://www.openwall.com/lists/oss-security/2024/04/24/2" ], "PublishedDate": "2024-05-06T20:15:11.437Z", "LastModifiedDate": "2026-05-12T12:16:34.477Z" }, { "VulnerabilityID": "CVE-2024-33600", "PkgID": "libc-bin@2.31-0ubuntu9.9", "PkgName": "libc-bin", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libc-bin@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", "UID": "e0f705ec068d1f26" }, "InstalledVersion": "2.31-0ubuntu9.9", "FixedVersion": "2.31-0ubuntu9.16", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-33600", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:efebe046bdb4ad4a453378598d50cc2e9b87f6fd8d5938cae1581dde3532546c", "Title": "glibc: null pointer dereferences after failed netgroup cache insertion", "Description": "nscd: Null pointer crashes after notfound response\n\nIf the Name Service Cache Daemon's (nscd) cache fails to add a not-found\nnetgroup response to the cache, the client request can result in a null\npointer dereference. This flaw was introduced in glibc 2.15 when the\ncache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "cbl-mariner": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/07/22/5", "https://access.redhat.com/errata/RHSA-2024:3339", "https://access.redhat.com/security/cve/CVE-2024-33600", "https://bugzilla.redhat.com/2273404", "https://bugzilla.redhat.com/2277202", "https://bugzilla.redhat.com/2277204", "https://bugzilla.redhat.com/2277205", "https://bugzilla.redhat.com/2277206", "https://bugzilla.redhat.com/show_bug.cgi?id=2273404", "https://bugzilla.redhat.com/show_bug.cgi?id=2277202", "https://bugzilla.redhat.com/show_bug.cgi?id=2277204", "https://bugzilla.redhat.com/show_bug.cgi?id=2277205", "https://bugzilla.redhat.com/show_bug.cgi?id=2277206", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602", "https://errata.almalinux.org/9/ALSA-2024-3339.html", "https://errata.rockylinux.org/RLSA-2024:3339", "https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/", "https://linux.oracle.com/cve/CVE-2024-33600.html", "https://linux.oracle.com/errata/ELSA-2024-3588.html", "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-33600", "https://security.netapp.com/advisory/ntap-20240524-0013/", "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0006", "https://ubuntu.com/security/notices/USN-6804-1", "https://www.cve.org/CVERecord?id=CVE-2024-33600", "https://www.openwall.com/lists/oss-security/2024/04/24/2" ], "PublishedDate": "2024-05-06T20:15:11.523Z", "LastModifiedDate": "2026-05-12T12:16:34.687Z" }, { "VulnerabilityID": "CVE-2024-33601", "PkgID": "libc-bin@2.31-0ubuntu9.9", "PkgName": "libc-bin", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libc-bin@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", "UID": "e0f705ec068d1f26" }, "InstalledVersion": "2.31-0ubuntu9.9", "FixedVersion": "2.31-0ubuntu9.16", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-33601", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3cfa8d003e22285ea0551a5bcce8137199273c64b3b3fc0348bcdab5b2a46dc3", "Title": "glibc: netgroup cache may terminate daemon on memory allocation failure", "Description": "nscd: netgroup cache may terminate daemon on memory allocation failure\n\nThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or\nxrealloc and these functions may terminate the process due to a memory\nallocation failure resulting in a denial of service to the clients. The\nflaw was introduced in glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.", "Severity": "MEDIUM", "CweIDs": [ "CWE-617" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 1, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/07/22/5", "https://access.redhat.com/errata/RHSA-2024:3339", "https://access.redhat.com/security/cve/CVE-2024-33601", "https://bugzilla.redhat.com/2273404", "https://bugzilla.redhat.com/2277202", "https://bugzilla.redhat.com/2277204", "https://bugzilla.redhat.com/2277205", "https://bugzilla.redhat.com/2277206", "https://bugzilla.redhat.com/show_bug.cgi?id=2273404", "https://bugzilla.redhat.com/show_bug.cgi?id=2277202", "https://bugzilla.redhat.com/show_bug.cgi?id=2277204", "https://bugzilla.redhat.com/show_bug.cgi?id=2277205", "https://bugzilla.redhat.com/show_bug.cgi?id=2277206", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602", "https://errata.almalinux.org/9/ALSA-2024-3339.html", "https://errata.rockylinux.org/RLSA-2024:3339", "https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/", "https://linux.oracle.com/cve/CVE-2024-33601.html", "https://linux.oracle.com/errata/ELSA-2024-3588.html", "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-33601", "https://security.netapp.com/advisory/ntap-20240524-0014/", "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007", "https://ubuntu.com/security/notices/USN-6804-1", "https://www.cve.org/CVERecord?id=CVE-2024-33601", "https://www.openwall.com/lists/oss-security/2024/04/24/2" ], "PublishedDate": "2024-05-06T20:15:11.603Z", "LastModifiedDate": "2026-05-12T12:16:34.87Z" }, { "VulnerabilityID": "CVE-2024-33602", "PkgID": "libc-bin@2.31-0ubuntu9.9", "PkgName": "libc-bin", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libc-bin@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", "UID": "e0f705ec068d1f26" }, "InstalledVersion": "2.31-0ubuntu9.9", "FixedVersion": "2.31-0ubuntu9.16", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-33602", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9ae2ecfe27586e7c26fcb978b7d1e9b91cf7a5706c5d50d0d8785cc7da6ed685", "Title": "glibc: netgroup cache assumes NSS callback uses in-buffer strings", "Description": "nscd: netgroup cache assumes NSS callback uses in-buffer strings\n\nThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory\nwhen the NSS callback does not store all strings in the provided buffer.\nThe flaw was introduced in glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.", "Severity": "MEDIUM", "CweIDs": [ "CWE-466" ], "VendorSeverity": { "alma": 3, "amazon": 2, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 1, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/07/22/5", "https://access.redhat.com/errata/RHSA-2024:3339", "https://access.redhat.com/security/cve/CVE-2024-33602", "https://bugzilla.redhat.com/2273404", "https://bugzilla.redhat.com/2277202", "https://bugzilla.redhat.com/2277204", "https://bugzilla.redhat.com/2277205", "https://bugzilla.redhat.com/2277206", "https://bugzilla.redhat.com/show_bug.cgi?id=2273404", "https://bugzilla.redhat.com/show_bug.cgi?id=2277202", "https://bugzilla.redhat.com/show_bug.cgi?id=2277204", "https://bugzilla.redhat.com/show_bug.cgi?id=2277205", "https://bugzilla.redhat.com/show_bug.cgi?id=2277206", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602", "https://errata.almalinux.org/9/ALSA-2024-3339.html", "https://errata.rockylinux.org/RLSA-2024:3339", "https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/", "https://linux.oracle.com/cve/CVE-2024-33602.html", "https://linux.oracle.com/errata/ELSA-2024-3588.html", "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-33602", "https://security.netapp.com/advisory/ntap-20240524-0012/", "https://sourceware.org/bugzilla/show_bug.cgi?id=31680", "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008", "https://ubuntu.com/security/notices/USN-6804-1", "https://www.cve.org/CVERecord?id=CVE-2024-33602", "https://www.openwall.com/lists/oss-security/2024/04/24/2" ], "PublishedDate": "2024-05-06T20:15:11.68Z", "LastModifiedDate": "2026-05-12T12:16:35.07Z" }, { "VulnerabilityID": "CVE-2025-0395", "PkgID": "libc-bin@2.31-0ubuntu9.9", "PkgName": "libc-bin", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libc-bin@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", "UID": "e0f705ec068d1f26" }, "InstalledVersion": "2.31-0ubuntu9.9", "FixedVersion": "2.31-0ubuntu9.17", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-0395", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:85e15b000ca9835a279b8ce1f6891d26a97feaf6cfa9a2811b3badc4bbeaa744", "Title": "glibc: buffer overflow in the GNU C Library's assert()", "Description": "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "Severity": "MEDIUM", "CweIDs": [ "CWE-131" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 1, "cbl-mariner": 1, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/01/22/4", "http://www.openwall.com/lists/oss-security/2025/01/23/2", "http://www.openwall.com/lists/oss-security/2025/04/13/1", "http://www.openwall.com/lists/oss-security/2025/04/24/7", "https://access.redhat.com/errata/RHSA-2025:4244", "https://access.redhat.com/security/cve/CVE-2025-0395", "https://bugzilla.redhat.com/2339460", "https://bugzilla.redhat.com/show_bug.cgi?id=2339460", "https://cert-portal.siemens.com/productcert/html/ssa-398330.html", "https://cert-portal.siemens.com/productcert/html/ssa-577017.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0395", "https://errata.almalinux.org/9/ALSA-2025-4244.html", "https://errata.rockylinux.org/RLSA-2025:4244", "https://linux.oracle.com/cve/CVE-2025-0395.html", "https://linux.oracle.com/errata/ELSA-2025-4244.html", "https://lists.debian.org/debian-lts-announce/2025/04/msg00039.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-0395", "https://security.netapp.com/advisory/ntap-20250228-0006/", "https://sourceware.org/bugzilla/show_bug.cgi?id=32582", "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2025-0001", "https://sourceware.org/pipermail/libc-announce/2025/000044.html", "https://ubuntu.com/security/notices/USN-7259-1", "https://ubuntu.com/security/notices/USN-7259-2", "https://ubuntu.com/security/notices/USN-7259-3", "https://www.cve.org/CVERecord?id=CVE-2025-0395", "https://www.openwall.com/lists/oss-security/2025/01/22/4" ], "PublishedDate": "2025-01-22T13:15:20.933Z", "LastModifiedDate": "2026-05-12T13:16:27.947Z" }, { "VulnerabilityID": "CVE-2025-4802", "PkgID": "libc-bin@2.31-0ubuntu9.9", "PkgName": "libc-bin", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libc-bin@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", "UID": "e0f705ec068d1f26" }, "InstalledVersion": "2.31-0ubuntu9.9", "FixedVersion": "2.31-0ubuntu9.18", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4802", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6382b637e2a5ac61bb24bf8bc5964288d1772cd670d2af4c8cd108aa17f1f7b0", "Title": "glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH", "Description": "Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).", "Severity": "MEDIUM", "CweIDs": [ "CWE-426" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/05/16/7", "http://www.openwall.com/lists/oss-security/2025/05/17/2", "https://access.redhat.com/errata/RHSA-2025:8655", "https://access.redhat.com/security/cve/CVE-2025-4802", "https://bugzilla.redhat.com/2367468", "https://bugzilla.redhat.com/show_bug.cgi?id=2367468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4802", "https://errata.almalinux.org/9/ALSA-2025-8655.html", "https://errata.rockylinux.org/RLSA-2025:8655", "https://inbox.sourceware.org/libc-announce/3ac997b0-28a5-4129-af53-675efe4c2dec@redhat.com/T/#u", "https://linux.oracle.com/cve/CVE-2025-4802.html", "https://linux.oracle.com/errata/ELSA-2025-8686.html", "https://lists.debian.org/debian-lts-announce/2025/05/msg00033.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-4802", "https://sourceware.org/bugzilla/show_bug.cgi?id=32976", "https://sourceware.org/cgit/glibc/commit/?id=1e18586c5820e329f741d5c710275e165581380e", "https://sourceware.org/cgit/glibc/commit/?id=5451fa962cd0a90a0e2ec1d8910a559ace02bba0", "https://ubuntu.com/security/notices/USN-7541-1", "https://www.cve.org/CVERecord?id=CVE-2025-4802", "https://www.openwall.com/lists/oss-security/2025/05/16/7", "https://www.openwall.com/lists/oss-security/2025/05/17/2" ], "PublishedDate": "2025-05-16T20:15:22.28Z", "LastModifiedDate": "2025-11-03T20:19:11.153Z" }, { "VulnerabilityID": "CVE-2024-2961", "PkgID": "libc6@2.31-0ubuntu9.9", "PkgName": "libc6", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libc6@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", "UID": "6938ab7eef7e556c" }, "InstalledVersion": "2.31-0ubuntu9.9", "FixedVersion": "2.31-0ubuntu9.15", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-2961", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a4483c5c905c58cca72650a0ccd0f013b853cc842c0ad49280823a315385b0f8", "Title": "glibc: Out of bounds write in iconv may lead to remote code execution", "Description": "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/04/17/9", "http://www.openwall.com/lists/oss-security/2024/04/18/4", "http://www.openwall.com/lists/oss-security/2024/04/24/2", "http://www.openwall.com/lists/oss-security/2024/05/27/1", "http://www.openwall.com/lists/oss-security/2024/05/27/2", "http://www.openwall.com/lists/oss-security/2024/05/27/3", "http://www.openwall.com/lists/oss-security/2024/05/27/4", "http://www.openwall.com/lists/oss-security/2024/05/27/5", "http://www.openwall.com/lists/oss-security/2024/05/27/6", "http://www.openwall.com/lists/oss-security/2024/07/22/5", "https://access.redhat.com/errata/RHSA-2024:3339", "https://access.redhat.com/security/cve/CVE-2024-2961", "https://bugzilla.redhat.com/2273404", "https://bugzilla.redhat.com/2277202", "https://bugzilla.redhat.com/2277204", "https://bugzilla.redhat.com/2277205", "https://bugzilla.redhat.com/2277206", "https://bugzilla.redhat.com/show_bug.cgi?id=2273404", "https://bugzilla.redhat.com/show_bug.cgi?id=2277202", "https://bugzilla.redhat.com/show_bug.cgi?id=2277204", "https://bugzilla.redhat.com/show_bug.cgi?id=2277205", "https://bugzilla.redhat.com/show_bug.cgi?id=2277206", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602", "https://errata.almalinux.org/9/ALSA-2024-3339.html", "https://errata.rockylinux.org/RLSA-2024:3339", "https://linux.oracle.com/cve/CVE-2024-2961.html", "https://linux.oracle.com/errata/ELSA-2024-3588.html", "https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/", "https://nvd.nist.gov/vuln/detail/CVE-2024-2961", "https://security.netapp.com/advisory/ntap-20240531-0002/", "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004", "https://ubuntu.com/security/notices/USN-6737-1", "https://ubuntu.com/security/notices/USN-6737-2", "https://ubuntu.com/security/notices/USN-6762-1", "https://www.ambionics.io/blog/iconv-cve-2024-2961-p1", "https://www.ambionics.io/blog/iconv-cve-2024-2961-p2", "https://www.ambionics.io/blog/iconv-cve-2024-2961-p3", "https://www.cve.org/CVERecord?id=CVE-2024-2961", "https://www.openwall.com/lists/oss-security/2024/04/17/9" ], "PublishedDate": "2024-04-17T18:15:15.833Z", "LastModifiedDate": "2026-05-12T12:16:34.22Z" }, { "VulnerabilityID": "CVE-2024-33599", "PkgID": "libc6@2.31-0ubuntu9.9", "PkgName": "libc6", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libc6@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", "UID": "6938ab7eef7e556c" }, "InstalledVersion": "2.31-0ubuntu9.9", "FixedVersion": "2.31-0ubuntu9.16", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-33599", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ba8e58b689de97b9e613def5aff744e895d3fedb00caf73b27f3085b02392a63", "Title": "glibc: stack-based buffer overflow in netgroup cache", "Description": "nscd: Stack-based buffer overflow in netgroup cache\n\nIf the Name Service Cache Daemon's (nscd) fixed size cache is exhausted\nby client requests then a subsequent client request for netgroup data\nmay result in a stack-based buffer overflow. This flaw was introduced\nin glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.", "Severity": "MEDIUM", "CweIDs": [ "CWE-121" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "V3Score": 7.6 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/07/22/5", "https://access.redhat.com/errata/RHSA-2024:3339", "https://access.redhat.com/security/cve/CVE-2024-33599", "https://bugzilla.redhat.com/2273404", "https://bugzilla.redhat.com/2277202", "https://bugzilla.redhat.com/2277204", "https://bugzilla.redhat.com/2277205", "https://bugzilla.redhat.com/2277206", "https://bugzilla.redhat.com/show_bug.cgi?id=2273404", "https://bugzilla.redhat.com/show_bug.cgi?id=2277202", "https://bugzilla.redhat.com/show_bug.cgi?id=2277204", "https://bugzilla.redhat.com/show_bug.cgi?id=2277205", "https://bugzilla.redhat.com/show_bug.cgi?id=2277206", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602", "https://errata.almalinux.org/9/ALSA-2024-3339.html", "https://errata.rockylinux.org/RLSA-2024:3339", "https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/", "https://linux.oracle.com/cve/CVE-2024-33599.html", "https://linux.oracle.com/errata/ELSA-2024-3588.html", "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-33599", "https://security.netapp.com/advisory/ntap-20240524-0011/", "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0005", "https://ubuntu.com/security/notices/USN-6804-1", "https://www.cve.org/CVERecord?id=CVE-2024-33599", "https://www.openwall.com/lists/oss-security/2024/04/24/2" ], "PublishedDate": "2024-05-06T20:15:11.437Z", "LastModifiedDate": "2026-05-12T12:16:34.477Z" }, { "VulnerabilityID": "CVE-2024-33600", "PkgID": "libc6@2.31-0ubuntu9.9", "PkgName": "libc6", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libc6@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", "UID": "6938ab7eef7e556c" }, "InstalledVersion": "2.31-0ubuntu9.9", "FixedVersion": "2.31-0ubuntu9.16", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-33600", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:17b234455a979b22bac53ca8114639e70dd26978b4d5e40875069e3441de23aa", "Title": "glibc: null pointer dereferences after failed netgroup cache insertion", "Description": "nscd: Null pointer crashes after notfound response\n\nIf the Name Service Cache Daemon's (nscd) cache fails to add a not-found\nnetgroup response to the cache, the client request can result in a null\npointer dereference. This flaw was introduced in glibc 2.15 when the\ncache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "cbl-mariner": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/07/22/5", "https://access.redhat.com/errata/RHSA-2024:3339", "https://access.redhat.com/security/cve/CVE-2024-33600", "https://bugzilla.redhat.com/2273404", "https://bugzilla.redhat.com/2277202", "https://bugzilla.redhat.com/2277204", "https://bugzilla.redhat.com/2277205", "https://bugzilla.redhat.com/2277206", "https://bugzilla.redhat.com/show_bug.cgi?id=2273404", "https://bugzilla.redhat.com/show_bug.cgi?id=2277202", "https://bugzilla.redhat.com/show_bug.cgi?id=2277204", "https://bugzilla.redhat.com/show_bug.cgi?id=2277205", "https://bugzilla.redhat.com/show_bug.cgi?id=2277206", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602", "https://errata.almalinux.org/9/ALSA-2024-3339.html", "https://errata.rockylinux.org/RLSA-2024:3339", "https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/", "https://linux.oracle.com/cve/CVE-2024-33600.html", "https://linux.oracle.com/errata/ELSA-2024-3588.html", "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-33600", "https://security.netapp.com/advisory/ntap-20240524-0013/", "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0006", "https://ubuntu.com/security/notices/USN-6804-1", "https://www.cve.org/CVERecord?id=CVE-2024-33600", "https://www.openwall.com/lists/oss-security/2024/04/24/2" ], "PublishedDate": "2024-05-06T20:15:11.523Z", "LastModifiedDate": "2026-05-12T12:16:34.687Z" }, { "VulnerabilityID": "CVE-2024-33601", "PkgID": "libc6@2.31-0ubuntu9.9", "PkgName": "libc6", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libc6@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", "UID": "6938ab7eef7e556c" }, "InstalledVersion": "2.31-0ubuntu9.9", "FixedVersion": "2.31-0ubuntu9.16", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-33601", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6f15f413c0efd0602a23f01c4c2cc251ebb66e853063810e34e7667e480a6a0c", "Title": "glibc: netgroup cache may terminate daemon on memory allocation failure", "Description": "nscd: netgroup cache may terminate daemon on memory allocation failure\n\nThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or\nxrealloc and these functions may terminate the process due to a memory\nallocation failure resulting in a denial of service to the clients. The\nflaw was introduced in glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.", "Severity": "MEDIUM", "CweIDs": [ "CWE-617" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 1, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/07/22/5", "https://access.redhat.com/errata/RHSA-2024:3339", "https://access.redhat.com/security/cve/CVE-2024-33601", "https://bugzilla.redhat.com/2273404", "https://bugzilla.redhat.com/2277202", "https://bugzilla.redhat.com/2277204", "https://bugzilla.redhat.com/2277205", "https://bugzilla.redhat.com/2277206", "https://bugzilla.redhat.com/show_bug.cgi?id=2273404", "https://bugzilla.redhat.com/show_bug.cgi?id=2277202", "https://bugzilla.redhat.com/show_bug.cgi?id=2277204", "https://bugzilla.redhat.com/show_bug.cgi?id=2277205", "https://bugzilla.redhat.com/show_bug.cgi?id=2277206", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602", "https://errata.almalinux.org/9/ALSA-2024-3339.html", "https://errata.rockylinux.org/RLSA-2024:3339", "https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/", "https://linux.oracle.com/cve/CVE-2024-33601.html", "https://linux.oracle.com/errata/ELSA-2024-3588.html", "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-33601", "https://security.netapp.com/advisory/ntap-20240524-0014/", "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007", "https://ubuntu.com/security/notices/USN-6804-1", "https://www.cve.org/CVERecord?id=CVE-2024-33601", "https://www.openwall.com/lists/oss-security/2024/04/24/2" ], "PublishedDate": "2024-05-06T20:15:11.603Z", "LastModifiedDate": "2026-05-12T12:16:34.87Z" }, { "VulnerabilityID": "CVE-2024-33602", "PkgID": "libc6@2.31-0ubuntu9.9", "PkgName": "libc6", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libc6@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", "UID": "6938ab7eef7e556c" }, "InstalledVersion": "2.31-0ubuntu9.9", "FixedVersion": "2.31-0ubuntu9.16", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-33602", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a36507878d8eebf931b3feaa4fa907fc7f18bd0aadec0f0cef7247a2c3267333", "Title": "glibc: netgroup cache assumes NSS callback uses in-buffer strings", "Description": "nscd: netgroup cache assumes NSS callback uses in-buffer strings\n\nThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory\nwhen the NSS callback does not store all strings in the provided buffer.\nThe flaw was introduced in glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.", "Severity": "MEDIUM", "CweIDs": [ "CWE-466" ], "VendorSeverity": { "alma": 3, "amazon": 2, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 1, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/07/22/5", "https://access.redhat.com/errata/RHSA-2024:3339", "https://access.redhat.com/security/cve/CVE-2024-33602", "https://bugzilla.redhat.com/2273404", "https://bugzilla.redhat.com/2277202", "https://bugzilla.redhat.com/2277204", "https://bugzilla.redhat.com/2277205", "https://bugzilla.redhat.com/2277206", "https://bugzilla.redhat.com/show_bug.cgi?id=2273404", "https://bugzilla.redhat.com/show_bug.cgi?id=2277202", "https://bugzilla.redhat.com/show_bug.cgi?id=2277204", "https://bugzilla.redhat.com/show_bug.cgi?id=2277205", "https://bugzilla.redhat.com/show_bug.cgi?id=2277206", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602", "https://errata.almalinux.org/9/ALSA-2024-3339.html", "https://errata.rockylinux.org/RLSA-2024:3339", "https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/", "https://linux.oracle.com/cve/CVE-2024-33602.html", "https://linux.oracle.com/errata/ELSA-2024-3588.html", "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-33602", "https://security.netapp.com/advisory/ntap-20240524-0012/", "https://sourceware.org/bugzilla/show_bug.cgi?id=31680", "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008", "https://ubuntu.com/security/notices/USN-6804-1", "https://www.cve.org/CVERecord?id=CVE-2024-33602", "https://www.openwall.com/lists/oss-security/2024/04/24/2" ], "PublishedDate": "2024-05-06T20:15:11.68Z", "LastModifiedDate": "2026-05-12T12:16:35.07Z" }, { "VulnerabilityID": "CVE-2025-0395", "PkgID": "libc6@2.31-0ubuntu9.9", "PkgName": "libc6", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libc6@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", "UID": "6938ab7eef7e556c" }, "InstalledVersion": "2.31-0ubuntu9.9", "FixedVersion": "2.31-0ubuntu9.17", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-0395", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:25646668e82b3be8e55b17cceaf3d35499ed8da2c4075e14cbaa3e1dbf758b35", "Title": "glibc: buffer overflow in the GNU C Library's assert()", "Description": "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "Severity": "MEDIUM", "CweIDs": [ "CWE-131" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 1, "cbl-mariner": 1, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/01/22/4", "http://www.openwall.com/lists/oss-security/2025/01/23/2", "http://www.openwall.com/lists/oss-security/2025/04/13/1", "http://www.openwall.com/lists/oss-security/2025/04/24/7", "https://access.redhat.com/errata/RHSA-2025:4244", "https://access.redhat.com/security/cve/CVE-2025-0395", "https://bugzilla.redhat.com/2339460", "https://bugzilla.redhat.com/show_bug.cgi?id=2339460", "https://cert-portal.siemens.com/productcert/html/ssa-398330.html", "https://cert-portal.siemens.com/productcert/html/ssa-577017.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0395", "https://errata.almalinux.org/9/ALSA-2025-4244.html", "https://errata.rockylinux.org/RLSA-2025:4244", "https://linux.oracle.com/cve/CVE-2025-0395.html", "https://linux.oracle.com/errata/ELSA-2025-4244.html", "https://lists.debian.org/debian-lts-announce/2025/04/msg00039.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-0395", "https://security.netapp.com/advisory/ntap-20250228-0006/", "https://sourceware.org/bugzilla/show_bug.cgi?id=32582", "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2025-0001", "https://sourceware.org/pipermail/libc-announce/2025/000044.html", "https://ubuntu.com/security/notices/USN-7259-1", "https://ubuntu.com/security/notices/USN-7259-2", "https://ubuntu.com/security/notices/USN-7259-3", "https://www.cve.org/CVERecord?id=CVE-2025-0395", "https://www.openwall.com/lists/oss-security/2025/01/22/4" ], "PublishedDate": "2025-01-22T13:15:20.933Z", "LastModifiedDate": "2026-05-12T13:16:27.947Z" }, { "VulnerabilityID": "CVE-2025-4802", "PkgID": "libc6@2.31-0ubuntu9.9", "PkgName": "libc6", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libc6@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", "UID": "6938ab7eef7e556c" }, "InstalledVersion": "2.31-0ubuntu9.9", "FixedVersion": "2.31-0ubuntu9.18", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4802", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:04a137b9e7256443c0e3870e0e442da747c4cb0130e5a4d342fbe5c3935667c1", "Title": "glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH", "Description": "Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).", "Severity": "MEDIUM", "CweIDs": [ "CWE-426" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/05/16/7", "http://www.openwall.com/lists/oss-security/2025/05/17/2", "https://access.redhat.com/errata/RHSA-2025:8655", "https://access.redhat.com/security/cve/CVE-2025-4802", "https://bugzilla.redhat.com/2367468", "https://bugzilla.redhat.com/show_bug.cgi?id=2367468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4802", "https://errata.almalinux.org/9/ALSA-2025-8655.html", "https://errata.rockylinux.org/RLSA-2025:8655", "https://inbox.sourceware.org/libc-announce/3ac997b0-28a5-4129-af53-675efe4c2dec@redhat.com/T/#u", "https://linux.oracle.com/cve/CVE-2025-4802.html", "https://linux.oracle.com/errata/ELSA-2025-8686.html", "https://lists.debian.org/debian-lts-announce/2025/05/msg00033.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-4802", "https://sourceware.org/bugzilla/show_bug.cgi?id=32976", "https://sourceware.org/cgit/glibc/commit/?id=1e18586c5820e329f741d5c710275e165581380e", "https://sourceware.org/cgit/glibc/commit/?id=5451fa962cd0a90a0e2ec1d8910a559ace02bba0", "https://ubuntu.com/security/notices/USN-7541-1", "https://www.cve.org/CVERecord?id=CVE-2025-4802", "https://www.openwall.com/lists/oss-security/2025/05/16/7", "https://www.openwall.com/lists/oss-security/2025/05/17/2" ], "PublishedDate": "2025-05-16T20:15:22.28Z", "LastModifiedDate": "2025-11-03T20:19:11.153Z" }, { "VulnerabilityID": "CVE-2023-2603", "PkgID": "libcap2@1:2.32-1", "PkgName": "libcap2", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libcap2@2.32-1?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "f3ac8127b4642fab" }, "InstalledVersion": "1:2.32-1", "FixedVersion": "1:2.32-1ubuntu0.1", "Status": "fixed", "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2603", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1b3dac737ee463f4476c95ca96f0adfdebc0dbd9971dd2cb4a9d2bbaf607d5aa", "Title": "libcap: Integer Overflow in _libcap_strdup()", "Description": "A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "alma": 2, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:5071", "https://access.redhat.com/security/cve/CVE-2023-2603", "https://bugzilla.redhat.com/2209113", "https://bugzilla.redhat.com/2209114", "https://bugzilla.redhat.com/show_bug.cgi?id=2209113", "https://bugzilla.redhat.com/show_bug.cgi?id=2209114", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2602", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2603", "https://errata.almalinux.org/9/ALSA-2023-5071.html", "https://errata.rockylinux.org/RLSA-2023:4524", "https://linux.oracle.com/cve/CVE-2023-2603.html", "https://linux.oracle.com/errata/ELSA-2023-5071.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ57ICDLMVYEREXQGZWL4GWI7FRJCRQT/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPEGCFMCN5KGCFX5Y2VTKR732TTD4ADW/", "https://nvd.nist.gov/vuln/detail/CVE-2023-2603", "https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.iuvg7sbjg8pe", "https://ubuntu.com/security/notices/USN-6166-1", "https://ubuntu.com/security/notices/USN-6166-2", "https://www.cve.org/CVERecord?id=CVE-2023-2603", "https://www.openwall.com/lists/oss-security/2023/05/15/4", "https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf" ], "PublishedDate": "2023-06-06T20:15:13.187Z", "LastModifiedDate": "2025-12-02T21:15:51.163Z" }, { "VulnerabilityID": "CVE-2025-1390", "PkgID": "libcap2@1:2.32-1", "PkgName": "libcap2", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libcap2@2.32-1?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "f3ac8127b4642fab" }, "InstalledVersion": "1:2.32-1", "FixedVersion": "1:2.32-1ubuntu0.2", "Status": "fixed", "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1390", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8446c0d98f147a632b0f8b18c4ff9c0e714945af931829fbb2754df903a5152b", "Title": "libcap: pam_cap: Fix potential configuration parsing error", "Description": "The PAM module pam_cap.so of libcap configuration supports group names starting with “@”, during actual parsing, configurations not starting with “@” are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potentially leading to security risks. Attackers can exploit this vulnerability to achieve local privilege escalation on systems where /etc/security/capability.conf is used to configure user inherited privileges by constructing specific usernames.", "Severity": "MEDIUM", "CweIDs": [ "CWE-284" ], "VendorSeverity": { "amazon": 3, "azure": 2, "cbl-mariner": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1390", "https://bugzilla.openanolis.cn/show_bug.cgi?id=18804", "https://nvd.nist.gov/vuln/detail/CVE-2025-1390", "https://ubuntu.com/security/notices/USN-7287-1", "https://www.cve.org/CVERecord?id=CVE-2025-1390" ], "PublishedDate": "2025-02-18T03:15:10.447Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2023-2603", "PkgID": "libcap2-bin@1:2.32-1", "PkgName": "libcap2-bin", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libcap2-bin@2.32-1?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "e90e2456a8d78be" }, "InstalledVersion": "1:2.32-1", "FixedVersion": "1:2.32-1ubuntu0.1", "Status": "fixed", "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2603", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:50cf6604bf4a3ad601aff7496250206abf136607ce27b2daadd7ab0171d8e185", "Title": "libcap: Integer Overflow in _libcap_strdup()", "Description": "A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "alma": 2, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:5071", "https://access.redhat.com/security/cve/CVE-2023-2603", "https://bugzilla.redhat.com/2209113", "https://bugzilla.redhat.com/2209114", "https://bugzilla.redhat.com/show_bug.cgi?id=2209113", "https://bugzilla.redhat.com/show_bug.cgi?id=2209114", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2602", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2603", "https://errata.almalinux.org/9/ALSA-2023-5071.html", "https://errata.rockylinux.org/RLSA-2023:4524", "https://linux.oracle.com/cve/CVE-2023-2603.html", "https://linux.oracle.com/errata/ELSA-2023-5071.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ57ICDLMVYEREXQGZWL4GWI7FRJCRQT/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPEGCFMCN5KGCFX5Y2VTKR732TTD4ADW/", "https://nvd.nist.gov/vuln/detail/CVE-2023-2603", "https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.iuvg7sbjg8pe", "https://ubuntu.com/security/notices/USN-6166-1", "https://ubuntu.com/security/notices/USN-6166-2", "https://www.cve.org/CVERecord?id=CVE-2023-2603", "https://www.openwall.com/lists/oss-security/2023/05/15/4", "https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf" ], "PublishedDate": "2023-06-06T20:15:13.187Z", "LastModifiedDate": "2025-12-02T21:15:51.163Z" }, { "VulnerabilityID": "CVE-2025-1390", "PkgID": "libcap2-bin@1:2.32-1", "PkgName": "libcap2-bin", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libcap2-bin@2.32-1?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "e90e2456a8d78be" }, "InstalledVersion": "1:2.32-1", "FixedVersion": "1:2.32-1ubuntu0.2", "Status": "fixed", "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1390", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1ec65cfbf2954b014fdbb47ced333986079f68d2aeffbb65570e6fc58963eee9", "Title": "libcap: pam_cap: Fix potential configuration parsing error", "Description": "The PAM module pam_cap.so of libcap configuration supports group names starting with “@”, during actual parsing, configurations not starting with “@” are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potentially leading to security risks. Attackers can exploit this vulnerability to achieve local privilege escalation on systems where /etc/security/capability.conf is used to configure user inherited privileges by constructing specific usernames.", "Severity": "MEDIUM", "CweIDs": [ "CWE-284" ], "VendorSeverity": { "amazon": 3, "azure": 2, "cbl-mariner": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1390", "https://bugzilla.openanolis.cn/show_bug.cgi?id=18804", "https://nvd.nist.gov/vuln/detail/CVE-2025-1390", "https://ubuntu.com/security/notices/USN-7287-1", "https://www.cve.org/CVERecord?id=CVE-2025-1390" ], "PublishedDate": "2025-02-18T03:15:10.447Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2020-21047", "PkgID": "libelf1@0.176-1.1build1", "PkgName": "libelf1", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libelf1@0.176-1.1build1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "a3374c93655a9823" }, "InstalledVersion": "0.176-1.1build1", "FixedVersion": "0.176-1.1ubuntu0.1", "Status": "fixed", "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-21047", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:54a621d5128ff9d0541636414038349a61eb16b968995815f3d016300795e2b3", "Title": "The libcpu component which is used by libasm of elfutils version 0.177 ...", "Description": "The libcpu component which is used by libasm of elfutils version 0.177 (git 47780c9e), suffers from denial-of-service vulnerability caused by application crashes due to out-of-bounds write (CWE-787), off-by-one error (CWE-193) and reachable assertion (CWE-617); to exploit the vulnerability, the attackers need to craft certain ELF files which bypass the missing bound checks.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "amazon": 2, "nvd": 2, "photon": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://lists.debian.org/debian-lts-announce/2023/09/msg00026.html", "https://sourceware.org/bugzilla/show_bug.cgi?id=25068", "https://sourceware.org/git/?p=elfutils.git%3Ba=commitdiff%3Bh=99dc63b10b3878616b85df2dfd2e4e7103e414b8", "https://sourceware.org/git/?p=elfutils.git;a=commitdiff;h=99dc63b10b3878616b85df2dfd2e4e7103e414b8", "https://ubuntu.com/security/notices/USN-6322-1", "https://www.cve.org/CVERecord?id=CVE-2020-21047" ], "PublishedDate": "2023-08-22T19:16:09.657Z", "LastModifiedDate": "2024-11-21T05:12:23.31Z" }, { "VulnerabilityID": "CVE-2024-28085", "PkgID": "libfdisk1@2.34-0.1ubuntu9.3", "PkgName": "libfdisk1", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libfdisk1@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "d7ae8926642fd1bc" }, "InstalledVersion": "2.34-0.1ubuntu9.3", "FixedVersion": "2.34-0.1ubuntu9.6", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28085", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ca592a8a34aed4eef0e38e48edfed53d50f668db29c82e2e9cea90241071fe89", "Title": "util-linux: CVE-2024-28085: wall: escape sequence injection", "Description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "Severity": "MEDIUM", "CweIDs": [ "CWE-150" ], "VendorSeverity": { "azure": 1, "cbl-mariner": 1, "photon": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.4 } }, "References": [ "http://seclists.org/fulldisclosure/2024/Mar/35", "http://www.openwall.com/lists/oss-security/2024/03/27/5", "http://www.openwall.com/lists/oss-security/2024/03/27/6", "http://www.openwall.com/lists/oss-security/2024/03/27/7", "http://www.openwall.com/lists/oss-security/2024/03/27/8", "http://www.openwall.com/lists/oss-security/2024/03/27/9", "http://www.openwall.com/lists/oss-security/2024/03/28/1", "http://www.openwall.com/lists/oss-security/2024/03/28/2", "http://www.openwall.com/lists/oss-security/2024/03/28/3", "https://access.redhat.com/security/cve/CVE-2024-28085", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-202008.html", "https://github.com/skyler-ferrante/CVE-2024-28085", "https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq", "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", "https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/", "https://nvd.nist.gov/vuln/detail/CVE-2024-28085", "https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt", "https://security.netapp.com/advisory/ntap-20240531-0003/", "https://ubuntu.com/security/notices/USN-6719-1", "https://ubuntu.com/security/notices/USN-6719-2", "https://www.cve.org/CVERecord?id=CVE-2024-28085", "https://www.openwall.com/lists/oss-security/2024/03/27/5" ], "PublishedDate": "2024-03-27T19:15:48.367Z", "LastModifiedDate": "2026-05-12T12:16:33.7Z" }, { "VulnerabilityID": "CVE-2023-5981", "PkgID": "libgnutls30@3.6.13-2ubuntu1.8", "PkgName": "libgnutls30", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libgnutls30@3.6.13-2ubuntu1.8?arch=amd64\u0026distro=ubuntu-20.04", "UID": "601976e667e60bf5" }, "InstalledVersion": "3.6.13-2ubuntu1.8", "FixedVersion": "3.6.13-2ubuntu1.9", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-5981", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b7a5bdd6870d925e64b2a011129e45d04c0d9b4aaa99ac8fadabdc1f39ce4e4d", "Title": "gnutls: timing side-channel in the RSA-PSK authentication", "Description": "A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.", "Severity": "MEDIUM", "CweIDs": [ "CWE-208", "CWE-203" ], "VendorSeverity": { "alma": 2, "amazon": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/01/19/3", "https://access.redhat.com/errata/RHSA-2024:0155", "https://access.redhat.com/errata/RHSA-2024:0319", "https://access.redhat.com/errata/RHSA-2024:0399", "https://access.redhat.com/errata/RHSA-2024:0451", "https://access.redhat.com/errata/RHSA-2024:0533", "https://access.redhat.com/errata/RHSA-2024:1383", "https://access.redhat.com/errata/RHSA-2024:2094", "https://access.redhat.com/security/cve/CVE-2023-5981", "https://bugzilla.redhat.com/2248445", "https://bugzilla.redhat.com/2258412", "https://bugzilla.redhat.com/2258544", "https://bugzilla.redhat.com/show_bug.cgi?id=2248445", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5981", "https://errata.almalinux.org/9/ALSA-2024-0533.html", "https://errata.rockylinux.org/RLSA-2024:0155", "https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23", "https://linux.oracle.com/cve/CVE-2023-5981.html", "https://linux.oracle.com/errata/ELSA-2024-12336.html", "https://lists.debian.org/debian-lts-announce/2023/11/msg00016.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/", "https://lists.gnupg.org/pipermail/gnutls-help/2023-November/004837.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-5981", "https://ubuntu.com/security/notices/USN-6499-1", "https://ubuntu.com/security/notices/USN-6499-2", "https://www.cve.org/CVERecord?id=CVE-2023-5981" ], "PublishedDate": "2023-11-28T12:15:07.04Z", "LastModifiedDate": "2026-03-25T20:01:09.507Z" }, { "VulnerabilityID": "CVE-2024-0553", "PkgID": "libgnutls30@3.6.13-2ubuntu1.8", "PkgName": "libgnutls30", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libgnutls30@3.6.13-2ubuntu1.8?arch=amd64\u0026distro=ubuntu-20.04", "UID": "601976e667e60bf5" }, "InstalledVersion": "3.6.13-2ubuntu1.8", "FixedVersion": "3.6.13-2ubuntu1.10", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-0553", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1df6c7342f33be1d73a447e14069958ed1c973b417b3d949fe608e486ab9453f", "Title": "gnutls: incomplete fix for CVE-2023-5981", "Description": "A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.", "Severity": "MEDIUM", "CweIDs": [ "CWE-203" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/01/19/3", "https://access.redhat.com/errata/RHSA-2024:0533", "https://access.redhat.com/errata/RHSA-2024:0627", "https://access.redhat.com/errata/RHSA-2024:0796", "https://access.redhat.com/errata/RHSA-2024:1082", "https://access.redhat.com/errata/RHSA-2024:1108", "https://access.redhat.com/errata/RHSA-2024:1383", "https://access.redhat.com/errata/RHSA-2024:2094", "https://access.redhat.com/security/cve/CVE-2024-0553", "https://bugzilla.redhat.com/2248445", "https://bugzilla.redhat.com/2258412", "https://bugzilla.redhat.com/2258544", "https://bugzilla.redhat.com/show_bug.cgi?id=2258412", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0553", "https://errata.almalinux.org/9/ALSA-2024-0533.html", "https://errata.rockylinux.org/RLSA-2024:0627", "https://gitlab.com/gnutls/gnutls/-/issues/1522", "https://gnutls.org/security-new.html#GNUTLS-SA-2024-01-14", "https://linux.oracle.com/cve/CVE-2024-0553.html", "https://linux.oracle.com/errata/ELSA-2024-12336.html", "https://lists.debian.org/debian-lts-announce/2024/02/msg00010.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/", "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-0553", "https://security.netapp.com/advisory/ntap-20240202-0011/", "https://ubuntu.com/security/notices/USN-6593-1", "https://www.cve.org/CVERecord?id=CVE-2024-0553" ], "PublishedDate": "2024-01-16T12:15:45.557Z", "LastModifiedDate": "2026-03-24T12:16:10.683Z" }, { "VulnerabilityID": "CVE-2024-12243", "PkgID": "libgnutls30@3.6.13-2ubuntu1.8", "PkgName": "libgnutls30", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libgnutls30@3.6.13-2ubuntu1.8?arch=amd64\u0026distro=ubuntu-20.04", "UID": "601976e667e60bf5" }, "InstalledVersion": "3.6.13-2ubuntu1.8", "FixedVersion": "3.6.13-2ubuntu1.12", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-12243", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:053a1bc135949797afd708491f67c8f9481bf892687df14212de00002f053e38", "Title": "gnutls: GnuTLS Impacted by Inefficient DER Decoding in libtasn1 Leading to Remote DoS", "Description": "A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.", "Severity": "MEDIUM", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:17361", "https://access.redhat.com/errata/RHSA-2025:4051", "https://access.redhat.com/errata/RHSA-2025:7076", "https://access.redhat.com/errata/RHSA-2025:8020", "https://access.redhat.com/errata/RHSA-2025:8385", "https://access.redhat.com/security/cve/CVE-2024-12243", "https://bugzilla.redhat.com/2344615", "https://bugzilla.redhat.com/show_bug.cgi?id=2344615", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-202008.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12243", "https://errata.almalinux.org/9/ALSA-2025-7076.html", "https://errata.rockylinux.org/RLSA-2025:7076", "https://gitlab.com/gnutls/gnutls/-/issues/1553", "https://gitlab.com/gnutls/libtasn1/-/issues/52", "https://linux.oracle.com/cve/CVE-2024-12243.html", "https://linux.oracle.com/errata/ELSA-2025-7076.html", "https://lists.debian.org/debian-lts-announce/2025/02/msg00027.html", "https://lists.gnupg.org/pipermail/gnutls-help/2025-February/004875.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-12243", "https://security.netapp.com/advisory/ntap-20250523-0002/", "https://ubuntu.com/security/notices/USN-7281-1", "https://www.cve.org/CVERecord?id=CVE-2024-12243", "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-02-07" ], "PublishedDate": "2025-02-10T16:15:37.423Z", "LastModifiedDate": "2026-05-12T12:16:17.007Z" }, { "VulnerabilityID": "CVE-2024-28834", "PkgID": "libgnutls30@3.6.13-2ubuntu1.8", "PkgName": "libgnutls30", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libgnutls30@3.6.13-2ubuntu1.8?arch=amd64\u0026distro=ubuntu-20.04", "UID": "601976e667e60bf5" }, "InstalledVersion": "3.6.13-2ubuntu1.8", "FixedVersion": "3.6.13-2ubuntu1.11", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28834", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ad1200dea4e8c648e5db545bbfd27658dc9ab16f6305f99f949ec7463cf05ad7", "Title": "gnutls: vulnerable to Minerva side-channel information leak", "Description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "Severity": "MEDIUM", "CweIDs": [ "CWE-327" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/22/1", "http://www.openwall.com/lists/oss-security/2024/03/22/2", "https://access.redhat.com/errata/RHSA-2024:1784", "https://access.redhat.com/errata/RHSA-2024:1879", "https://access.redhat.com/errata/RHSA-2024:1997", "https://access.redhat.com/errata/RHSA-2024:2044", "https://access.redhat.com/errata/RHSA-2024:2570", "https://access.redhat.com/errata/RHSA-2024:2889", "https://access.redhat.com/security/cve/CVE-2024-28834", "https://bugzilla.redhat.com/2269084", "https://bugzilla.redhat.com/2269228", "https://bugzilla.redhat.com/show_bug.cgi?id=2269084", "https://bugzilla.redhat.com/show_bug.cgi?id=2269228", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28834", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28835", "https://errata.almalinux.org/9/ALSA-2024-2570.html", "https://errata.rockylinux.org/RLSA-2024:2570", "https://linux.oracle.com/cve/CVE-2024-28834.html", "https://linux.oracle.com/errata/ELSA-2024-2570.html", "https://lists.debian.org/debian-lts-announce/2024/09/msg00019.html", "https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html", "https://minerva.crocs.fi.muni.cz/", "https://nvd.nist.gov/vuln/detail/CVE-2024-28834", "https://people.redhat.com/~hkario/marvin/", "https://security.netapp.com/advisory/ntap-20240524-0004/", "https://ubuntu.com/security/notices/USN-6733-1", "https://ubuntu.com/security/notices/USN-6733-2", "https://www.cve.org/CVERecord?id=CVE-2024-28834", "https://www.gnutls.org/security-new.html#GNUTLS-SA-2023-12-04" ], "PublishedDate": "2024-03-21T14:15:07.547Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-28085", "PkgID": "libmount1@2.34-0.1ubuntu9.3", "PkgName": "libmount1", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libmount1@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "149aad062a67d915" }, "InstalledVersion": "2.34-0.1ubuntu9.3", "FixedVersion": "2.34-0.1ubuntu9.6", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28085", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d58cd328ba4a3a8620b7b3c682a503228a03967b24d01d65c1d2a1f183919ecd", "Title": "util-linux: CVE-2024-28085: wall: escape sequence injection", "Description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "Severity": "MEDIUM", "CweIDs": [ "CWE-150" ], "VendorSeverity": { "azure": 1, "cbl-mariner": 1, "photon": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.4 } }, "References": [ "http://seclists.org/fulldisclosure/2024/Mar/35", "http://www.openwall.com/lists/oss-security/2024/03/27/5", "http://www.openwall.com/lists/oss-security/2024/03/27/6", "http://www.openwall.com/lists/oss-security/2024/03/27/7", "http://www.openwall.com/lists/oss-security/2024/03/27/8", "http://www.openwall.com/lists/oss-security/2024/03/27/9", "http://www.openwall.com/lists/oss-security/2024/03/28/1", "http://www.openwall.com/lists/oss-security/2024/03/28/2", "http://www.openwall.com/lists/oss-security/2024/03/28/3", "https://access.redhat.com/security/cve/CVE-2024-28085", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-202008.html", "https://github.com/skyler-ferrante/CVE-2024-28085", "https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq", "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", "https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/", "https://nvd.nist.gov/vuln/detail/CVE-2024-28085", "https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt", "https://security.netapp.com/advisory/ntap-20240531-0003/", "https://ubuntu.com/security/notices/USN-6719-1", "https://ubuntu.com/security/notices/USN-6719-2", "https://www.cve.org/CVERecord?id=CVE-2024-28085", "https://www.openwall.com/lists/oss-security/2024/03/27/5" ], "PublishedDate": "2024-03-27T19:15:48.367Z", "LastModifiedDate": "2026-05-12T12:16:33.7Z" }, { "VulnerabilityID": "CVE-2023-29491", "PkgID": "libncurses6@6.2-0ubuntu2", "PkgName": "libncurses6", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libncurses6@6.2-0ubuntu2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "daf9ae3f810ae3f0" }, "InstalledVersion": "6.2-0ubuntu2", "FixedVersion": "6.2-0ubuntu2.1", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29491", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c17ef77e3337af3e0c82132a6e10585d996ce4ebaa3abdac8b912046b6e1a383", "Title": "ncurses: Local users can trigger security-relevant memory corruption via malformed data", "Description": "ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://ncurses.scripts.mit.edu/?p=ncurses.git%3Ba=commit%3Bh=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", "http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commit;h=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", "http://www.openwall.com/lists/oss-security/2023/04/19/10", "http://www.openwall.com/lists/oss-security/2023/04/19/11", "https://access.redhat.com/errata/RHSA-2023:6698", "https://access.redhat.com/security/cve/CVE-2023-29491", "https://bugzilla.redhat.com/2191704", "https://errata.almalinux.org/9/ALSA-2023-6698.html", "https://invisible-island.net/ncurses/NEWS.html#index-t20230408", "https://linux.oracle.com/cve/CVE-2023-29491.html", "https://linux.oracle.com/errata/ELSA-2023-6698.html", "https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", "https://nvd.nist.gov/vuln/detail/CVE-2023-29491", "https://security.netapp.com/advisory/ntap-20230517-0009/", "https://support.apple.com/kb/HT213843", "https://support.apple.com/kb/HT213844", "https://support.apple.com/kb/HT213845", "https://ubuntu.com/security/notices/USN-6099-1", "https://www.cve.org/CVERecord?id=CVE-2023-29491", "https://www.openwall.com/lists/oss-security/2023/04/12/5", "https://www.openwall.com/lists/oss-security/2023/04/13/4" ], "PublishedDate": "2023-04-14T01:15:08.57Z", "LastModifiedDate": "2025-11-04T19:15:42.307Z" }, { "VulnerabilityID": "CVE-2023-29491", "PkgID": "libncursesw6@6.2-0ubuntu2", "PkgName": "libncursesw6", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libncursesw6@6.2-0ubuntu2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "dca50c9cdd5fdd35" }, "InstalledVersion": "6.2-0ubuntu2", "FixedVersion": "6.2-0ubuntu2.1", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29491", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:300f996cb37a8b19355d852145b2afc1698895332f75bfb67a4ff9f41e7e4a70", "Title": "ncurses: Local users can trigger security-relevant memory corruption via malformed data", "Description": "ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://ncurses.scripts.mit.edu/?p=ncurses.git%3Ba=commit%3Bh=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", "http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commit;h=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", "http://www.openwall.com/lists/oss-security/2023/04/19/10", "http://www.openwall.com/lists/oss-security/2023/04/19/11", "https://access.redhat.com/errata/RHSA-2023:6698", "https://access.redhat.com/security/cve/CVE-2023-29491", "https://bugzilla.redhat.com/2191704", "https://errata.almalinux.org/9/ALSA-2023-6698.html", "https://invisible-island.net/ncurses/NEWS.html#index-t20230408", "https://linux.oracle.com/cve/CVE-2023-29491.html", "https://linux.oracle.com/errata/ELSA-2023-6698.html", "https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", "https://nvd.nist.gov/vuln/detail/CVE-2023-29491", "https://security.netapp.com/advisory/ntap-20230517-0009/", "https://support.apple.com/kb/HT213843", "https://support.apple.com/kb/HT213844", "https://support.apple.com/kb/HT213845", "https://ubuntu.com/security/notices/USN-6099-1", "https://www.cve.org/CVERecord?id=CVE-2023-29491", "https://www.openwall.com/lists/oss-security/2023/04/12/5", "https://www.openwall.com/lists/oss-security/2023/04/13/4" ], "PublishedDate": "2023-04-14T01:15:08.57Z", "LastModifiedDate": "2025-11-04T19:15:42.307Z" }, { "VulnerabilityID": "CVE-2024-22365", "PkgID": "libpam-modules@1.3.1-5ubuntu4.6", "PkgName": "libpam-modules", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libpam-modules@1.3.1-5ubuntu4.6?arch=amd64\u0026distro=ubuntu-20.04", "UID": "8238c76ab6208fd" }, "InstalledVersion": "1.3.1-5ubuntu4.6", "FixedVersion": "1.3.1-5ubuntu4.7", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-22365", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a03f2ae9a99b374e08cc99118b1f0a1db05124c307c5e0c4fd5522304a1d61db", "Title": "pam: allowing unprivileged user to block another user namespace", "Description": "linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.", "Severity": "MEDIUM", "CweIDs": [ "CWE-664" ], "VendorSeverity": { "alma": 2, "amazon": 1, "azure": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/01/18/3", "https://access.redhat.com/errata/RHSA-2024:2438", "https://access.redhat.com/security/cve/CVE-2024-22365", "https://bugzilla.redhat.com/2257722", "https://bugzilla.redhat.com/show_bug.cgi?id=2257722", "https://cert-portal.siemens.com/productcert/html/ssa-577017.html", "https://cert-portal.siemens.com/productcert/html/ssa-794697.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22365", "https://errata.almalinux.org/9/ALSA-2024-2438.html", "https://errata.rockylinux.org/RLSA-2024:3163", "https://github.com/linux-pam/linux-pam", "https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb", "https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0", "https://linux.oracle.com/cve/CVE-2024-22365.html", "https://linux.oracle.com/errata/ELSA-2024-3163.html", "https://lists.debian.org/debian-lts-announce/2025/09/msg00021.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-22365", "https://ubuntu.com/security/notices/USN-6588-1", "https://ubuntu.com/security/notices/USN-6588-2", "https://www.cve.org/CVERecord?id=CVE-2024-22365", "https://www.openwall.com/lists/oss-security/2024/01/18/3" ], "PublishedDate": "2024-02-06T08:15:52.203Z", "LastModifiedDate": "2026-05-12T12:16:17.363Z" }, { "VulnerabilityID": "CVE-2024-22365", "PkgID": "libpam-modules-bin@1.3.1-5ubuntu4.6", "PkgName": "libpam-modules-bin", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libpam-modules-bin@1.3.1-5ubuntu4.6?arch=amd64\u0026distro=ubuntu-20.04", "UID": "92c88fd5e3403ef2" }, "InstalledVersion": "1.3.1-5ubuntu4.6", "FixedVersion": "1.3.1-5ubuntu4.7", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-22365", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1e515484b616575eb85086cba33c1316a74b048f516f8cc823056666c60a60f5", "Title": "pam: allowing unprivileged user to block another user namespace", "Description": "linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.", "Severity": "MEDIUM", "CweIDs": [ "CWE-664" ], "VendorSeverity": { "alma": 2, "amazon": 1, "azure": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/01/18/3", "https://access.redhat.com/errata/RHSA-2024:2438", "https://access.redhat.com/security/cve/CVE-2024-22365", "https://bugzilla.redhat.com/2257722", "https://bugzilla.redhat.com/show_bug.cgi?id=2257722", "https://cert-portal.siemens.com/productcert/html/ssa-577017.html", "https://cert-portal.siemens.com/productcert/html/ssa-794697.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22365", "https://errata.almalinux.org/9/ALSA-2024-2438.html", "https://errata.rockylinux.org/RLSA-2024:3163", "https://github.com/linux-pam/linux-pam", "https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb", "https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0", "https://linux.oracle.com/cve/CVE-2024-22365.html", "https://linux.oracle.com/errata/ELSA-2024-3163.html", "https://lists.debian.org/debian-lts-announce/2025/09/msg00021.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-22365", "https://ubuntu.com/security/notices/USN-6588-1", "https://ubuntu.com/security/notices/USN-6588-2", "https://www.cve.org/CVERecord?id=CVE-2024-22365", "https://www.openwall.com/lists/oss-security/2024/01/18/3" ], "PublishedDate": "2024-02-06T08:15:52.203Z", "LastModifiedDate": "2026-05-12T12:16:17.363Z" }, { "VulnerabilityID": "CVE-2024-22365", "PkgID": "libpam-runtime@1.3.1-5ubuntu4.6", "PkgName": "libpam-runtime", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libpam-runtime@1.3.1-5ubuntu4.6?arch=all\u0026distro=ubuntu-20.04", "UID": "815077e96d38fc4a" }, "InstalledVersion": "1.3.1-5ubuntu4.6", "FixedVersion": "1.3.1-5ubuntu4.7", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-22365", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a606e3839ff7ec9ec9e605b5b0d975838b3a372cb16312ef45bfe5dbeef3554e", "Title": "pam: allowing unprivileged user to block another user namespace", "Description": "linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.", "Severity": "MEDIUM", "CweIDs": [ "CWE-664" ], "VendorSeverity": { "alma": 2, "amazon": 1, "azure": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/01/18/3", "https://access.redhat.com/errata/RHSA-2024:2438", "https://access.redhat.com/security/cve/CVE-2024-22365", "https://bugzilla.redhat.com/2257722", "https://bugzilla.redhat.com/show_bug.cgi?id=2257722", "https://cert-portal.siemens.com/productcert/html/ssa-577017.html", "https://cert-portal.siemens.com/productcert/html/ssa-794697.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22365", "https://errata.almalinux.org/9/ALSA-2024-2438.html", "https://errata.rockylinux.org/RLSA-2024:3163", "https://github.com/linux-pam/linux-pam", "https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb", "https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0", "https://linux.oracle.com/cve/CVE-2024-22365.html", "https://linux.oracle.com/errata/ELSA-2024-3163.html", "https://lists.debian.org/debian-lts-announce/2025/09/msg00021.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-22365", "https://ubuntu.com/security/notices/USN-6588-1", "https://ubuntu.com/security/notices/USN-6588-2", "https://www.cve.org/CVERecord?id=CVE-2024-22365", "https://www.openwall.com/lists/oss-security/2024/01/18/3" ], "PublishedDate": "2024-02-06T08:15:52.203Z", "LastModifiedDate": "2026-05-12T12:16:17.363Z" }, { "VulnerabilityID": "CVE-2024-22365", "PkgID": "libpam0g@1.3.1-5ubuntu4.6", "PkgName": "libpam0g", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libpam0g@1.3.1-5ubuntu4.6?arch=amd64\u0026distro=ubuntu-20.04", "UID": "65460bc2f0872763" }, "InstalledVersion": "1.3.1-5ubuntu4.6", "FixedVersion": "1.3.1-5ubuntu4.7", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-22365", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3b1a8c54fc9d867d0adc15cda701f3f0ffaace3d8cad138262619870974f91f0", "Title": "pam: allowing unprivileged user to block another user namespace", "Description": "linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.", "Severity": "MEDIUM", "CweIDs": [ "CWE-664" ], "VendorSeverity": { "alma": 2, "amazon": 1, "azure": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/01/18/3", "https://access.redhat.com/errata/RHSA-2024:2438", "https://access.redhat.com/security/cve/CVE-2024-22365", "https://bugzilla.redhat.com/2257722", "https://bugzilla.redhat.com/show_bug.cgi?id=2257722", "https://cert-portal.siemens.com/productcert/html/ssa-577017.html", "https://cert-portal.siemens.com/productcert/html/ssa-794697.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22365", "https://errata.almalinux.org/9/ALSA-2024-2438.html", "https://errata.rockylinux.org/RLSA-2024:3163", "https://github.com/linux-pam/linux-pam", "https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb", "https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0", "https://linux.oracle.com/cve/CVE-2024-22365.html", "https://linux.oracle.com/errata/ELSA-2024-3163.html", "https://lists.debian.org/debian-lts-announce/2025/09/msg00021.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-22365", "https://ubuntu.com/security/notices/USN-6588-1", "https://ubuntu.com/security/notices/USN-6588-2", "https://www.cve.org/CVERecord?id=CVE-2024-22365", "https://www.openwall.com/lists/oss-security/2024/01/18/3" ], "PublishedDate": "2024-02-06T08:15:52.203Z", "LastModifiedDate": "2026-05-12T12:16:17.363Z" }, { "VulnerabilityID": "CVE-2023-31484", "PkgID": "libperl5.30@5.30.0-9ubuntu0.3", "PkgName": "libperl5.30", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libperl5.30@5.30.0-9ubuntu0.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "a3acb4d09929d454" }, "InstalledVersion": "5.30.0-9ubuntu0.3", "FixedVersion": "5.30.0-9ubuntu0.4", "Status": "fixed", "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31484", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:35cbc69f39d5cc2eb7edbeaa87027fa6a982b93a0e70308cd765782db965f9c5", "Title": "perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS", "Description": "CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 2, "amazon": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/04/29/1", "http://www.openwall.com/lists/oss-security/2023/05/03/3", "http://www.openwall.com/lists/oss-security/2023/05/03/5", "http://www.openwall.com/lists/oss-security/2023/05/07/2", "https://access.redhat.com/errata/RHSA-2023:6539", "https://access.redhat.com/security/cve/CVE-2023-31484", "https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/", "https://bugzilla.redhat.com/2218667", "https://bugzilla.redhat.com/show_bug.cgi?id=2218667", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31484", "https://errata.almalinux.org/9/ALSA-2023-6539.html", "https://errata.rockylinux.org/RLSA-2023:6539", "https://github.com/andk/cpanpm/commit/9c98370287f4e709924aee7c58ef21c85289a7f0 (2.35-TRIAL)", "https://github.com/andk/cpanpm/pull/175", "https://linux.oracle.com/cve/CVE-2023-31484.html", "https://linux.oracle.com/errata/ELSA-2026-0079.html", "https://lists.debian.org/debian-lts-announce/2024/10/msg00017.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/", "https://metacpan.org/dist/CPAN/changes", "https://nvd.nist.gov/vuln/detail/CVE-2023-31484", "https://security.netapp.com/advisory/ntap-20240621-0007/", "https://ubuntu.com/security/notices/USN-6112-1", "https://ubuntu.com/security/notices/USN-6112-2", "https://www.cve.org/CVERecord?id=CVE-2023-31484", "https://www.openwall.com/lists/oss-security/2023/04/18/14" ], "PublishedDate": "2023-04-29T00:15:09Z", "LastModifiedDate": "2025-11-03T22:16:19.47Z" }, { "VulnerabilityID": "CVE-2023-47038", "PkgID": "libperl5.30@5.30.0-9ubuntu0.3", "PkgName": "libperl5.30", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libperl5.30@5.30.0-9ubuntu0.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "a3acb4d09929d454" }, "InstalledVersion": "5.30.0-9ubuntu0.3", "FixedVersion": "5.30.0-9ubuntu0.5", "Status": "fixed", "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-47038", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8aaee366230042651d6d28762fe976621fc6a1e4e77cbbb1a504531d1f4f3a89", "Title": "perl: Write past buffer end via illegal user-defined Unicode property", "Description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "Severity": "MEDIUM", "CweIDs": [ "CWE-122", "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 2, "nvd": 3, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:2228", "https://access.redhat.com/errata/RHSA-2024:3128", "https://access.redhat.com/security/cve/CVE-2023-47038", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746", "https://bugzilla.redhat.com/2249523", "https://bugzilla.redhat.com/show_bug.cgi?id=2249523", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47038", "https://errata.almalinux.org/9/ALSA-2024-2228.html", "https://errata.rockylinux.org/RLSA-2024:2228", "https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010", "https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6", "https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3", "https://github.com/aquasecurity/trivy/discussions/8400", "https://linux.oracle.com/cve/CVE-2023-47038.html", "https://linux.oracle.com/errata/ELSA-2024-3128.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNEEWAACXQCEEAKSG7XX2D5YDRWLCIZJ/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMDZZ4SCEW6FRWZDMXGAKZ35THTAWFG6/", "https://nvd.nist.gov/vuln/detail/CVE-2023-47038", "https://perldoc.perl.org/perl5382delta#CVE-2023-47038-Write-past-buffer-end-via-illegal-user-defined-Unicode-property", "https://ubuntu.com/security/CVE-2023-47100", "https://ubuntu.com/security/notices/USN-6517-1", "https://www.cve.org/CVERecord?id=CVE-2023-47038", "https://www.suse.com/security/cve/CVE-2023-47100.html" ], "PublishedDate": "2023-12-18T14:15:08.933Z", "LastModifiedDate": "2025-11-04T19:16:05.573Z" }, { "VulnerabilityID": "CVE-2024-28085", "PkgID": "libsmartcols1@2.34-0.1ubuntu9.3", "PkgName": "libsmartcols1", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libsmartcols1@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "e0fe2b0ba0e3d931" }, "InstalledVersion": "2.34-0.1ubuntu9.3", "FixedVersion": "2.34-0.1ubuntu9.6", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28085", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:73f04dd6b4e03922d44eb3bc8d6ba47d23909833555cf6698863f5d900d161d6", "Title": "util-linux: CVE-2024-28085: wall: escape sequence injection", "Description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "Severity": "MEDIUM", "CweIDs": [ "CWE-150" ], "VendorSeverity": { "azure": 1, "cbl-mariner": 1, "photon": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.4 } }, "References": [ "http://seclists.org/fulldisclosure/2024/Mar/35", "http://www.openwall.com/lists/oss-security/2024/03/27/5", "http://www.openwall.com/lists/oss-security/2024/03/27/6", "http://www.openwall.com/lists/oss-security/2024/03/27/7", "http://www.openwall.com/lists/oss-security/2024/03/27/8", "http://www.openwall.com/lists/oss-security/2024/03/27/9", "http://www.openwall.com/lists/oss-security/2024/03/28/1", "http://www.openwall.com/lists/oss-security/2024/03/28/2", "http://www.openwall.com/lists/oss-security/2024/03/28/3", "https://access.redhat.com/security/cve/CVE-2024-28085", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-202008.html", "https://github.com/skyler-ferrante/CVE-2024-28085", "https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq", "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", "https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/", "https://nvd.nist.gov/vuln/detail/CVE-2024-28085", "https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt", "https://security.netapp.com/advisory/ntap-20240531-0003/", "https://ubuntu.com/security/notices/USN-6719-1", "https://ubuntu.com/security/notices/USN-6719-2", "https://www.cve.org/CVERecord?id=CVE-2024-28085", "https://www.openwall.com/lists/oss-security/2024/03/27/5" ], "PublishedDate": "2024-03-27T19:15:48.367Z", "LastModifiedDate": "2026-05-12T12:16:33.7Z" }, { "VulnerabilityID": "CVE-2023-7104", "PkgID": "libsqlite3-0@3.31.1-4ubuntu0.5", "PkgName": "libsqlite3-0", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libsqlite3-0@3.31.1-4ubuntu0.5?arch=amd64\u0026distro=ubuntu-20.04", "UID": "a3370ed119e5344f" }, "InstalledVersion": "3.31.1-4ubuntu0.5", "FixedVersion": "3.31.1-4ubuntu0.6", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-7104", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a7ef5fdd30f5253a93ae8132db5595e51c01c28bfc92f346ae8e8df81740218c", "Title": "sqlite: heap-buffer-overflow at sessionfuzz", "Description": "A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.", "Severity": "MEDIUM", "CweIDs": [ "CWE-122", "CWE-119" ], "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 7.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 7.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 7.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:0465", "https://access.redhat.com/security/cve/CVE-2023-7104", "https://bugzilla.redhat.com/2256194", "https://bugzilla.redhat.com/show_bug.cgi?id=2256194", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7104", "https://errata.almalinux.org/9/ALSA-2024-0465.html", "https://errata.rockylinux.org/RLSA-2024:0465", "https://linux.oracle.com/cve/CVE-2023-7104.html", "https://linux.oracle.com/errata/ELSA-2024-0465.html", "https://lists.debian.org/debian-lts-announce/2024/09/msg00050.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/", "https://nvd.nist.gov/vuln/detail/CVE-2023-7104", "https://security.netapp.com/advisory/ntap-20240112-0008/", "https://sqlite.org/forum/forumpost/5bcbf4571c", "https://sqlite.org/src/info/0e4e7a05c4204b47", "https://ubuntu.com/security/notices/USN-6566-1", "https://ubuntu.com/security/notices/USN-6566-2", "https://vuldb.com/?ctiid.248999", "https://vuldb.com/?id.248999", "https://www.cve.org/CVERecord?id=CVE-2023-7104" ], "PublishedDate": "2023-12-29T10:15:13.89Z", "LastModifiedDate": "2025-11-03T22:16:33.307Z" }, { "VulnerabilityID": "CVE-2025-29088", "PkgID": "libsqlite3-0@3.31.1-4ubuntu0.5", "PkgName": "libsqlite3-0", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libsqlite3-0@3.31.1-4ubuntu0.5?arch=amd64\u0026distro=ubuntu-20.04", "UID": "a3370ed119e5344f" }, "InstalledVersion": "3.31.1-4ubuntu0.5", "FixedVersion": "3.31.1-4ubuntu0.7", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-29088", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3821036529667ae99046d5980ef6b28ba44f9dc66cb6b60c703e89b0215c9b69", "Title": "sqlite: Denial of Service in SQLite", "Description": "In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect.", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-29088", "https://gist.github.com/ylwango613/d3883fb9f6ba8a78086356779ce88248", "https://github.com/sqlite/sqlite/commit/56d2fd008b108109f489339f5fd55212bb50afd4", "https://nvd.nist.gov/vuln/detail/CVE-2025-29088", "https://sqlite.org/forum/forumpost/48f365daec", "https://sqlite.org/releaselog/3_49_1.html", "https://ubuntu.com/security/notices/USN-7528-1", "https://ubuntu.com/security/notices/USN-7679-1", "https://www.cve.org/CVERecord?id=CVE-2025-29088", "https://www.sqlite.org/cves.html" ], "PublishedDate": "2025-04-10T14:15:27.163Z", "LastModifiedDate": "2025-09-30T16:59:27.32Z" }, { "VulnerabilityID": "CVE-2023-2650", "PkgID": "libssl1.1@1.1.1f-1ubuntu2.17", "PkgName": "libssl1.1", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libssl1.1@1.1.1f-1ubuntu2.17?arch=amd64\u0026distro=ubuntu-20.04", "UID": "b87ebee76c1b0f05" }, "InstalledVersion": "1.1.1f-1ubuntu2.17", "FixedVersion": "1.1.1f-1ubuntu2.19", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2650", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:03bc9ea1810b09c88e08bb4950d3535f09ceba2f6c477a08030579ebf0936fd2", "Title": "openssl: Possible DoS translating ASN.1 object identifiers", "Description": "Issue summary: Processing some specially crafted ASN.1 object identifiers or\ndata containing them may be very slow.\n\nImpact summary: Applications that use OBJ_obj2txt() directly, or use any of\nthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message\nsize limit may experience notable to very long delays when processing those\nmessages, which may lead to a Denial of Service.\n\nAn OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -\nmost of which have no size limit. OBJ_obj2txt() may be used to translate\nan ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL\ntype ASN1_OBJECT) to its canonical numeric text form, which are the\nsub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by\nperiods.\n\nWhen one of the sub-identifiers in the OBJECT IDENTIFIER is very large\n(these are sizes that are seen as absurdly large, taking up tens or hundreds\nof KiBs), the translation to a decimal number in text may take a very long\ntime. The time complexity is O(n^2) with 'n' being the size of the\nsub-identifiers in bytes (*).\n\nWith OpenSSL 3.0, support to fetch cryptographic algorithms using names /\nidentifiers in string form was introduced. This includes using OBJECT\nIDENTIFIERs in canonical numeric text form as identifiers for fetching\nalgorithms.\n\nSuch OBJECT IDENTIFIERs may be received through the ASN.1 structure\nAlgorithmIdentifier, which is commonly used in multiple protocols to specify\nwhat cryptographic algorithm should be used to sign or verify, encrypt or\ndecrypt, or digest passed data.\n\nApplications that call OBJ_obj2txt() directly with untrusted data are\naffected, with any version of OpenSSL. If the use is for the mere purpose\nof display, the severity is considered low.\n\nIn OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,\nCMS, CMP/CRMF or TS. It also impacts anything that processes X.509\ncertificates, including simple things like verifying its signature.\n\nThe impact on TLS is relatively low, because all versions of OpenSSL have a\n100KiB limit on the peer's certificate chain. Additionally, this only\nimpacts clients, or servers that have explicitly enabled client\nauthentication.\n\nIn OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,\nsuch as X.509 certificates. This is assumed to not happen in such a way\nthat it would cause a Denial of Service, so these versions are considered\nnot affected by this issue in such a way that it would be cause for concern,\nand the severity is therefore considered low.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "cbl-mariner": 2, "julia": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/05/30/1", "https://access.redhat.com/errata/RHSA-2023:6330", "https://access.redhat.com/security/cve/CVE-2023-2650", "https://bugzilla.redhat.com/1858038", "https://bugzilla.redhat.com/2207947", "https://errata.almalinux.org/9/ALSA-2023-6330.html", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=423a2bc737a908ad0c77bda470b2b59dc879936b", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=853c5e56ee0b8650c73140816bb8b91d6163422c", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9e209944b35cf82368071f160a744b6178f9b098", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a", "https://github.com/advisories/GHSA-gqxg-9vfr-p9cg", "https://linux.oracle.com/cve/CVE-2023-2650.html", "https://linux.oracle.com/errata/ELSA-2023-6330.html", "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-2650", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0009", "https://security.gentoo.org/glsa/202402-08", "https://security.netapp.com/advisory/ntap-20230703-0001/", "https://security.netapp.com/advisory/ntap-20231027-0009/", "https://ubuntu.com/security/notices/USN-6119-1", "https://ubuntu.com/security/notices/USN-6188-1", "https://ubuntu.com/security/notices/USN-6672-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2023-2650", "https://www.debian.org/security/2023/dsa-5417", "https://www.openssl.org/news/secadv/20230530.txt" ], "PublishedDate": "2023-05-30T14:15:09.683Z", "LastModifiedDate": "2025-03-19T16:15:21.89Z" }, { "VulnerabilityID": "CVE-2024-12133", "PkgID": "libtasn1-6@4.16.0-2", "PkgName": "libtasn1-6", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libtasn1-6@4.16.0-2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "1f3fac8fa7795921" }, "InstalledVersion": "4.16.0-2", "FixedVersion": "4.16.0-2ubuntu0.1", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-12133", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:cbdd707e25661c3cfe25b7a620ec346f4c9f8334bfb694ba5bfaee373639a856", "Title": "libtasn1: Inefficient DER Decoding in libtasn1 Leading to Potential Remote DoS", "Description": "A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.", "Severity": "MEDIUM", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/02/06/6", "https://access.redhat.com/errata/RHSA-2025:17347", "https://access.redhat.com/errata/RHSA-2025:4049", "https://access.redhat.com/errata/RHSA-2025:7077", "https://access.redhat.com/errata/RHSA-2025:8021", "https://access.redhat.com/errata/RHSA-2025:8385", "https://access.redhat.com/security/cve/CVE-2024-12133", "https://bugzilla.redhat.com/2344611", "https://bugzilla.redhat.com/show_bug.cgi?id=2344611", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-202008.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12133", "https://errata.almalinux.org/9/ALSA-2025-7077.html", "https://errata.rockylinux.org/RLSA-2025:7077", "https://gitlab.com/gnutls/libtasn1/-/blob/master/doc/security/CVE-2024-12133.md", "https://gitlab.com/gnutls/libtasn1/-/blob/master/doc/security/CVE-2024-12133.md?ref_type=heads", "https://gitlab.com/gnutls/libtasn1/-/issues/52", "https://linux.oracle.com/cve/CVE-2024-12133.html", "https://linux.oracle.com/errata/ELSA-2025-7077.html", "https://lists.debian.org/debian-lts-announce/2025/02/msg00025.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-12133", "https://security.netapp.com/advisory/ntap-20250523-0003/", "https://ubuntu.com/security/notices/USN-7275-1", "https://ubuntu.com/security/notices/USN-7275-2", "https://www.cve.org/CVERecord?id=CVE-2024-12133" ], "PublishedDate": "2025-02-10T16:15:37.26Z", "LastModifiedDate": "2026-05-12T12:16:16.793Z" }, { "VulnerabilityID": "CVE-2023-29491", "PkgID": "libtinfo6@6.2-0ubuntu2", "PkgName": "libtinfo6", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libtinfo6@6.2-0ubuntu2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "a7882c12b2088277" }, "InstalledVersion": "6.2-0ubuntu2", "FixedVersion": "6.2-0ubuntu2.1", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29491", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:7f9e7b78ef03929beda03dc515dbafd02fd6fcb3576d4289eca9975628470cb8", "Title": "ncurses: Local users can trigger security-relevant memory corruption via malformed data", "Description": "ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://ncurses.scripts.mit.edu/?p=ncurses.git%3Ba=commit%3Bh=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", "http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commit;h=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", "http://www.openwall.com/lists/oss-security/2023/04/19/10", "http://www.openwall.com/lists/oss-security/2023/04/19/11", "https://access.redhat.com/errata/RHSA-2023:6698", "https://access.redhat.com/security/cve/CVE-2023-29491", "https://bugzilla.redhat.com/2191704", "https://errata.almalinux.org/9/ALSA-2023-6698.html", "https://invisible-island.net/ncurses/NEWS.html#index-t20230408", "https://linux.oracle.com/cve/CVE-2023-29491.html", "https://linux.oracle.com/errata/ELSA-2023-6698.html", "https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", "https://nvd.nist.gov/vuln/detail/CVE-2023-29491", "https://security.netapp.com/advisory/ntap-20230517-0009/", "https://support.apple.com/kb/HT213843", "https://support.apple.com/kb/HT213844", "https://support.apple.com/kb/HT213845", "https://ubuntu.com/security/notices/USN-6099-1", "https://www.cve.org/CVERecord?id=CVE-2023-29491", "https://www.openwall.com/lists/oss-security/2023/04/12/5", "https://www.openwall.com/lists/oss-security/2023/04/13/4" ], "PublishedDate": "2023-04-14T01:15:08.57Z", "LastModifiedDate": "2025-11-04T19:15:42.307Z" }, { "VulnerabilityID": "CVE-2024-28085", "PkgID": "libuuid1@2.34-0.1ubuntu9.3", "PkgName": "libuuid1", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libuuid1@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "51a8ab06722bbc14" }, "InstalledVersion": "2.34-0.1ubuntu9.3", "FixedVersion": "2.34-0.1ubuntu9.6", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28085", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d67929107a1932cbad609c90607fde6329b6348e5b651ea005ee4ed00313ac26", "Title": "util-linux: CVE-2024-28085: wall: escape sequence injection", "Description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "Severity": "MEDIUM", "CweIDs": [ "CWE-150" ], "VendorSeverity": { "azure": 1, "cbl-mariner": 1, "photon": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.4 } }, "References": [ "http://seclists.org/fulldisclosure/2024/Mar/35", "http://www.openwall.com/lists/oss-security/2024/03/27/5", "http://www.openwall.com/lists/oss-security/2024/03/27/6", "http://www.openwall.com/lists/oss-security/2024/03/27/7", "http://www.openwall.com/lists/oss-security/2024/03/27/8", "http://www.openwall.com/lists/oss-security/2024/03/27/9", "http://www.openwall.com/lists/oss-security/2024/03/28/1", "http://www.openwall.com/lists/oss-security/2024/03/28/2", "http://www.openwall.com/lists/oss-security/2024/03/28/3", "https://access.redhat.com/security/cve/CVE-2024-28085", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-202008.html", "https://github.com/skyler-ferrante/CVE-2024-28085", "https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq", "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", "https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/", "https://nvd.nist.gov/vuln/detail/CVE-2024-28085", "https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt", "https://security.netapp.com/advisory/ntap-20240531-0003/", "https://ubuntu.com/security/notices/USN-6719-1", "https://ubuntu.com/security/notices/USN-6719-2", "https://www.cve.org/CVERecord?id=CVE-2024-28085", "https://www.openwall.com/lists/oss-security/2024/03/27/5" ], "PublishedDate": "2024-03-27T19:15:48.367Z", "LastModifiedDate": "2026-05-12T12:16:33.7Z" }, { "VulnerabilityID": "CVE-2024-28085", "PkgID": "mount@2.34-0.1ubuntu9.3", "PkgName": "mount", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/mount@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "5dec57b54f278111" }, "InstalledVersion": "2.34-0.1ubuntu9.3", "FixedVersion": "2.34-0.1ubuntu9.6", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28085", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ceb0714dc862dd302222c985a047b427dda610e90eb58d9b954bf6e7049f0090", "Title": "util-linux: CVE-2024-28085: wall: escape sequence injection", "Description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "Severity": "MEDIUM", "CweIDs": [ "CWE-150" ], "VendorSeverity": { "azure": 1, "cbl-mariner": 1, "photon": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.4 } }, "References": [ "http://seclists.org/fulldisclosure/2024/Mar/35", "http://www.openwall.com/lists/oss-security/2024/03/27/5", "http://www.openwall.com/lists/oss-security/2024/03/27/6", "http://www.openwall.com/lists/oss-security/2024/03/27/7", "http://www.openwall.com/lists/oss-security/2024/03/27/8", "http://www.openwall.com/lists/oss-security/2024/03/27/9", "http://www.openwall.com/lists/oss-security/2024/03/28/1", "http://www.openwall.com/lists/oss-security/2024/03/28/2", "http://www.openwall.com/lists/oss-security/2024/03/28/3", "https://access.redhat.com/security/cve/CVE-2024-28085", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-202008.html", "https://github.com/skyler-ferrante/CVE-2024-28085", "https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq", "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", "https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/", "https://nvd.nist.gov/vuln/detail/CVE-2024-28085", "https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt", "https://security.netapp.com/advisory/ntap-20240531-0003/", "https://ubuntu.com/security/notices/USN-6719-1", "https://ubuntu.com/security/notices/USN-6719-2", "https://www.cve.org/CVERecord?id=CVE-2024-28085", "https://www.openwall.com/lists/oss-security/2024/03/27/5" ], "PublishedDate": "2024-03-27T19:15:48.367Z", "LastModifiedDate": "2026-05-12T12:16:33.7Z" }, { "VulnerabilityID": "CVE-2023-29491", "PkgID": "ncurses-base@6.2-0ubuntu2", "PkgName": "ncurses-base", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/ncurses-base@6.2-0ubuntu2?arch=all\u0026distro=ubuntu-20.04", "UID": "11c3ebabbf3b213f" }, "InstalledVersion": "6.2-0ubuntu2", "FixedVersion": "6.2-0ubuntu2.1", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29491", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:7698d8c3a532211a152f70974ef4d923f583a6f4ed2f1bdf0d344e2f7f961c41", "Title": "ncurses: Local users can trigger security-relevant memory corruption via malformed data", "Description": "ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://ncurses.scripts.mit.edu/?p=ncurses.git%3Ba=commit%3Bh=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", "http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commit;h=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", "http://www.openwall.com/lists/oss-security/2023/04/19/10", "http://www.openwall.com/lists/oss-security/2023/04/19/11", "https://access.redhat.com/errata/RHSA-2023:6698", "https://access.redhat.com/security/cve/CVE-2023-29491", "https://bugzilla.redhat.com/2191704", "https://errata.almalinux.org/9/ALSA-2023-6698.html", "https://invisible-island.net/ncurses/NEWS.html#index-t20230408", "https://linux.oracle.com/cve/CVE-2023-29491.html", "https://linux.oracle.com/errata/ELSA-2023-6698.html", "https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", "https://nvd.nist.gov/vuln/detail/CVE-2023-29491", "https://security.netapp.com/advisory/ntap-20230517-0009/", "https://support.apple.com/kb/HT213843", "https://support.apple.com/kb/HT213844", "https://support.apple.com/kb/HT213845", "https://ubuntu.com/security/notices/USN-6099-1", "https://www.cve.org/CVERecord?id=CVE-2023-29491", "https://www.openwall.com/lists/oss-security/2023/04/12/5", "https://www.openwall.com/lists/oss-security/2023/04/13/4" ], "PublishedDate": "2023-04-14T01:15:08.57Z", "LastModifiedDate": "2025-11-04T19:15:42.307Z" }, { "VulnerabilityID": "CVE-2023-29491", "PkgID": "ncurses-bin@6.2-0ubuntu2", "PkgName": "ncurses-bin", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/ncurses-bin@6.2-0ubuntu2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "f840bf3c896244a7" }, "InstalledVersion": "6.2-0ubuntu2", "FixedVersion": "6.2-0ubuntu2.1", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29491", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:aadc18fa84a45be374f61b8f9e978f891dd907bb47c91d2d29980e4c4b923ccd", "Title": "ncurses: Local users can trigger security-relevant memory corruption via malformed data", "Description": "ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://ncurses.scripts.mit.edu/?p=ncurses.git%3Ba=commit%3Bh=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", "http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commit;h=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", "http://www.openwall.com/lists/oss-security/2023/04/19/10", "http://www.openwall.com/lists/oss-security/2023/04/19/11", "https://access.redhat.com/errata/RHSA-2023:6698", "https://access.redhat.com/security/cve/CVE-2023-29491", "https://bugzilla.redhat.com/2191704", "https://errata.almalinux.org/9/ALSA-2023-6698.html", "https://invisible-island.net/ncurses/NEWS.html#index-t20230408", "https://linux.oracle.com/cve/CVE-2023-29491.html", "https://linux.oracle.com/errata/ELSA-2023-6698.html", "https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", "https://nvd.nist.gov/vuln/detail/CVE-2023-29491", "https://security.netapp.com/advisory/ntap-20230517-0009/", "https://support.apple.com/kb/HT213843", "https://support.apple.com/kb/HT213844", "https://support.apple.com/kb/HT213845", "https://ubuntu.com/security/notices/USN-6099-1", "https://www.cve.org/CVERecord?id=CVE-2023-29491", "https://www.openwall.com/lists/oss-security/2023/04/12/5", "https://www.openwall.com/lists/oss-security/2023/04/13/4" ], "PublishedDate": "2023-04-14T01:15:08.57Z", "LastModifiedDate": "2025-11-04T19:15:42.307Z" }, { "VulnerabilityID": "CVE-2023-2650", "PkgID": "openssl@1.1.1f-1ubuntu2.17", "PkgName": "openssl", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/openssl@1.1.1f-1ubuntu2.17?arch=amd64\u0026distro=ubuntu-20.04", "UID": "d05522de581addaf" }, "InstalledVersion": "1.1.1f-1ubuntu2.17", "FixedVersion": "1.1.1f-1ubuntu2.19", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2650", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:abf1c7876d89ebc6e675c79849155ece11c2aa148b727e64d58150ac7a322a20", "Title": "openssl: Possible DoS translating ASN.1 object identifiers", "Description": "Issue summary: Processing some specially crafted ASN.1 object identifiers or\ndata containing them may be very slow.\n\nImpact summary: Applications that use OBJ_obj2txt() directly, or use any of\nthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message\nsize limit may experience notable to very long delays when processing those\nmessages, which may lead to a Denial of Service.\n\nAn OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -\nmost of which have no size limit. OBJ_obj2txt() may be used to translate\nan ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL\ntype ASN1_OBJECT) to its canonical numeric text form, which are the\nsub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by\nperiods.\n\nWhen one of the sub-identifiers in the OBJECT IDENTIFIER is very large\n(these are sizes that are seen as absurdly large, taking up tens or hundreds\nof KiBs), the translation to a decimal number in text may take a very long\ntime. The time complexity is O(n^2) with 'n' being the size of the\nsub-identifiers in bytes (*).\n\nWith OpenSSL 3.0, support to fetch cryptographic algorithms using names /\nidentifiers in string form was introduced. This includes using OBJECT\nIDENTIFIERs in canonical numeric text form as identifiers for fetching\nalgorithms.\n\nSuch OBJECT IDENTIFIERs may be received through the ASN.1 structure\nAlgorithmIdentifier, which is commonly used in multiple protocols to specify\nwhat cryptographic algorithm should be used to sign or verify, encrypt or\ndecrypt, or digest passed data.\n\nApplications that call OBJ_obj2txt() directly with untrusted data are\naffected, with any version of OpenSSL. If the use is for the mere purpose\nof display, the severity is considered low.\n\nIn OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,\nCMS, CMP/CRMF or TS. It also impacts anything that processes X.509\ncertificates, including simple things like verifying its signature.\n\nThe impact on TLS is relatively low, because all versions of OpenSSL have a\n100KiB limit on the peer's certificate chain. Additionally, this only\nimpacts clients, or servers that have explicitly enabled client\nauthentication.\n\nIn OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,\nsuch as X.509 certificates. This is assumed to not happen in such a way\nthat it would cause a Denial of Service, so these versions are considered\nnot affected by this issue in such a way that it would be cause for concern,\nand the severity is therefore considered low.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "cbl-mariner": 2, "julia": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/05/30/1", "https://access.redhat.com/errata/RHSA-2023:6330", "https://access.redhat.com/security/cve/CVE-2023-2650", "https://bugzilla.redhat.com/1858038", "https://bugzilla.redhat.com/2207947", "https://errata.almalinux.org/9/ALSA-2023-6330.html", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=423a2bc737a908ad0c77bda470b2b59dc879936b", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=853c5e56ee0b8650c73140816bb8b91d6163422c", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9e209944b35cf82368071f160a744b6178f9b098", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a", "https://github.com/advisories/GHSA-gqxg-9vfr-p9cg", "https://linux.oracle.com/cve/CVE-2023-2650.html", "https://linux.oracle.com/errata/ELSA-2023-6330.html", "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-2650", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0009", "https://security.gentoo.org/glsa/202402-08", "https://security.netapp.com/advisory/ntap-20230703-0001/", "https://security.netapp.com/advisory/ntap-20231027-0009/", "https://ubuntu.com/security/notices/USN-6119-1", "https://ubuntu.com/security/notices/USN-6188-1", "https://ubuntu.com/security/notices/USN-6672-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2023-2650", "https://www.debian.org/security/2023/dsa-5417", "https://www.openssl.org/news/secadv/20230530.txt" ], "PublishedDate": "2023-05-30T14:15:09.683Z", "LastModifiedDate": "2025-03-19T16:15:21.89Z" }, { "VulnerabilityID": "CVE-2023-31484", "PkgID": "perl@5.30.0-9ubuntu0.3", "PkgName": "perl", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/perl@5.30.0-9ubuntu0.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "e4ac000ef35e9648" }, "InstalledVersion": "5.30.0-9ubuntu0.3", "FixedVersion": "5.30.0-9ubuntu0.4", "Status": "fixed", "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31484", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c581e71dd9498d31833e08451482d794b9dca4fbe0d984e84d2ca045579597d1", "Title": "perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS", "Description": "CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 2, "amazon": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/04/29/1", "http://www.openwall.com/lists/oss-security/2023/05/03/3", "http://www.openwall.com/lists/oss-security/2023/05/03/5", "http://www.openwall.com/lists/oss-security/2023/05/07/2", "https://access.redhat.com/errata/RHSA-2023:6539", "https://access.redhat.com/security/cve/CVE-2023-31484", "https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/", "https://bugzilla.redhat.com/2218667", "https://bugzilla.redhat.com/show_bug.cgi?id=2218667", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31484", "https://errata.almalinux.org/9/ALSA-2023-6539.html", "https://errata.rockylinux.org/RLSA-2023:6539", "https://github.com/andk/cpanpm/commit/9c98370287f4e709924aee7c58ef21c85289a7f0 (2.35-TRIAL)", "https://github.com/andk/cpanpm/pull/175", "https://linux.oracle.com/cve/CVE-2023-31484.html", "https://linux.oracle.com/errata/ELSA-2026-0079.html", "https://lists.debian.org/debian-lts-announce/2024/10/msg00017.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/", "https://metacpan.org/dist/CPAN/changes", "https://nvd.nist.gov/vuln/detail/CVE-2023-31484", "https://security.netapp.com/advisory/ntap-20240621-0007/", "https://ubuntu.com/security/notices/USN-6112-1", "https://ubuntu.com/security/notices/USN-6112-2", "https://www.cve.org/CVERecord?id=CVE-2023-31484", "https://www.openwall.com/lists/oss-security/2023/04/18/14" ], "PublishedDate": "2023-04-29T00:15:09Z", "LastModifiedDate": "2025-11-03T22:16:19.47Z" }, { "VulnerabilityID": "CVE-2023-47038", "PkgID": "perl@5.30.0-9ubuntu0.3", "PkgName": "perl", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/perl@5.30.0-9ubuntu0.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "e4ac000ef35e9648" }, "InstalledVersion": "5.30.0-9ubuntu0.3", "FixedVersion": "5.30.0-9ubuntu0.5", "Status": "fixed", "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-47038", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e321f1290d681502c27e967380483e41f8d097b5dd5887156e08fc782011a769", "Title": "perl: Write past buffer end via illegal user-defined Unicode property", "Description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "Severity": "MEDIUM", "CweIDs": [ "CWE-122", "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 2, "nvd": 3, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:2228", "https://access.redhat.com/errata/RHSA-2024:3128", "https://access.redhat.com/security/cve/CVE-2023-47038", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746", "https://bugzilla.redhat.com/2249523", "https://bugzilla.redhat.com/show_bug.cgi?id=2249523", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47038", "https://errata.almalinux.org/9/ALSA-2024-2228.html", "https://errata.rockylinux.org/RLSA-2024:2228", "https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010", "https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6", "https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3", "https://github.com/aquasecurity/trivy/discussions/8400", "https://linux.oracle.com/cve/CVE-2023-47038.html", "https://linux.oracle.com/errata/ELSA-2024-3128.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNEEWAACXQCEEAKSG7XX2D5YDRWLCIZJ/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMDZZ4SCEW6FRWZDMXGAKZ35THTAWFG6/", "https://nvd.nist.gov/vuln/detail/CVE-2023-47038", "https://perldoc.perl.org/perl5382delta#CVE-2023-47038-Write-past-buffer-end-via-illegal-user-defined-Unicode-property", "https://ubuntu.com/security/CVE-2023-47100", "https://ubuntu.com/security/notices/USN-6517-1", "https://www.cve.org/CVERecord?id=CVE-2023-47038", "https://www.suse.com/security/cve/CVE-2023-47100.html" ], "PublishedDate": "2023-12-18T14:15:08.933Z", "LastModifiedDate": "2025-11-04T19:16:05.573Z" }, { "VulnerabilityID": "CVE-2023-31484", "PkgID": "perl-base@5.30.0-9ubuntu0.3", "PkgName": "perl-base", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/perl-base@5.30.0-9ubuntu0.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "2289117557075356" }, "InstalledVersion": "5.30.0-9ubuntu0.3", "FixedVersion": "5.30.0-9ubuntu0.4", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31484", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:83aa268dbcedb9eba21938b2c8331b13b67a149ad18591ec3c3fcd68e8df14f2", "Title": "perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS", "Description": "CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 2, "amazon": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/04/29/1", "http://www.openwall.com/lists/oss-security/2023/05/03/3", "http://www.openwall.com/lists/oss-security/2023/05/03/5", "http://www.openwall.com/lists/oss-security/2023/05/07/2", "https://access.redhat.com/errata/RHSA-2023:6539", "https://access.redhat.com/security/cve/CVE-2023-31484", "https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/", "https://bugzilla.redhat.com/2218667", "https://bugzilla.redhat.com/show_bug.cgi?id=2218667", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31484", "https://errata.almalinux.org/9/ALSA-2023-6539.html", "https://errata.rockylinux.org/RLSA-2023:6539", "https://github.com/andk/cpanpm/commit/9c98370287f4e709924aee7c58ef21c85289a7f0 (2.35-TRIAL)", "https://github.com/andk/cpanpm/pull/175", "https://linux.oracle.com/cve/CVE-2023-31484.html", "https://linux.oracle.com/errata/ELSA-2026-0079.html", "https://lists.debian.org/debian-lts-announce/2024/10/msg00017.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/", "https://metacpan.org/dist/CPAN/changes", "https://nvd.nist.gov/vuln/detail/CVE-2023-31484", "https://security.netapp.com/advisory/ntap-20240621-0007/", "https://ubuntu.com/security/notices/USN-6112-1", "https://ubuntu.com/security/notices/USN-6112-2", "https://www.cve.org/CVERecord?id=CVE-2023-31484", "https://www.openwall.com/lists/oss-security/2023/04/18/14" ], "PublishedDate": "2023-04-29T00:15:09Z", "LastModifiedDate": "2025-11-03T22:16:19.47Z" }, { "VulnerabilityID": "CVE-2023-47038", "PkgID": "perl-base@5.30.0-9ubuntu0.3", "PkgName": "perl-base", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/perl-base@5.30.0-9ubuntu0.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "2289117557075356" }, "InstalledVersion": "5.30.0-9ubuntu0.3", "FixedVersion": "5.30.0-9ubuntu0.5", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-47038", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6219a076250c5b9f87e1722ca07ac6a7c46d0b4bf60900f0813deb110a1da954", "Title": "perl: Write past buffer end via illegal user-defined Unicode property", "Description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "Severity": "MEDIUM", "CweIDs": [ "CWE-122", "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 2, "nvd": 3, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:2228", "https://access.redhat.com/errata/RHSA-2024:3128", "https://access.redhat.com/security/cve/CVE-2023-47038", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746", "https://bugzilla.redhat.com/2249523", "https://bugzilla.redhat.com/show_bug.cgi?id=2249523", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47038", "https://errata.almalinux.org/9/ALSA-2024-2228.html", "https://errata.rockylinux.org/RLSA-2024:2228", "https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010", "https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6", "https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3", "https://github.com/aquasecurity/trivy/discussions/8400", "https://linux.oracle.com/cve/CVE-2023-47038.html", "https://linux.oracle.com/errata/ELSA-2024-3128.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNEEWAACXQCEEAKSG7XX2D5YDRWLCIZJ/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMDZZ4SCEW6FRWZDMXGAKZ35THTAWFG6/", "https://nvd.nist.gov/vuln/detail/CVE-2023-47038", "https://perldoc.perl.org/perl5382delta#CVE-2023-47038-Write-past-buffer-end-via-illegal-user-defined-Unicode-property", "https://ubuntu.com/security/CVE-2023-47100", "https://ubuntu.com/security/notices/USN-6517-1", "https://www.cve.org/CVERecord?id=CVE-2023-47038", "https://www.suse.com/security/cve/CVE-2023-47100.html" ], "PublishedDate": "2023-12-18T14:15:08.933Z", "LastModifiedDate": "2025-11-04T19:16:05.573Z" }, { "VulnerabilityID": "CVE-2023-31484", "PkgID": "perl-modules-5.30@5.30.0-9ubuntu0.3", "PkgName": "perl-modules-5.30", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/perl-modules-5.30@5.30.0-9ubuntu0.3?arch=all\u0026distro=ubuntu-20.04", "UID": "23ac15a776adbce9" }, "InstalledVersion": "5.30.0-9ubuntu0.3", "FixedVersion": "5.30.0-9ubuntu0.4", "Status": "fixed", "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31484", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9723ee8d6e5e76f2d08cf46e4e841f620af3780a50c4fc2fcca4c6c81b3e1d24", "Title": "perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS", "Description": "CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 2, "amazon": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/04/29/1", "http://www.openwall.com/lists/oss-security/2023/05/03/3", "http://www.openwall.com/lists/oss-security/2023/05/03/5", "http://www.openwall.com/lists/oss-security/2023/05/07/2", "https://access.redhat.com/errata/RHSA-2023:6539", "https://access.redhat.com/security/cve/CVE-2023-31484", "https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/", "https://bugzilla.redhat.com/2218667", "https://bugzilla.redhat.com/show_bug.cgi?id=2218667", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31484", "https://errata.almalinux.org/9/ALSA-2023-6539.html", "https://errata.rockylinux.org/RLSA-2023:6539", "https://github.com/andk/cpanpm/commit/9c98370287f4e709924aee7c58ef21c85289a7f0 (2.35-TRIAL)", "https://github.com/andk/cpanpm/pull/175", "https://linux.oracle.com/cve/CVE-2023-31484.html", "https://linux.oracle.com/errata/ELSA-2026-0079.html", "https://lists.debian.org/debian-lts-announce/2024/10/msg00017.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/", "https://metacpan.org/dist/CPAN/changes", "https://nvd.nist.gov/vuln/detail/CVE-2023-31484", "https://security.netapp.com/advisory/ntap-20240621-0007/", "https://ubuntu.com/security/notices/USN-6112-1", "https://ubuntu.com/security/notices/USN-6112-2", "https://www.cve.org/CVERecord?id=CVE-2023-31484", "https://www.openwall.com/lists/oss-security/2023/04/18/14" ], "PublishedDate": "2023-04-29T00:15:09Z", "LastModifiedDate": "2025-11-03T22:16:19.47Z" }, { "VulnerabilityID": "CVE-2023-47038", "PkgID": "perl-modules-5.30@5.30.0-9ubuntu0.3", "PkgName": "perl-modules-5.30", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/perl-modules-5.30@5.30.0-9ubuntu0.3?arch=all\u0026distro=ubuntu-20.04", "UID": "23ac15a776adbce9" }, "InstalledVersion": "5.30.0-9ubuntu0.3", "FixedVersion": "5.30.0-9ubuntu0.5", "Status": "fixed", "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-47038", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:060d5145657351635861c52c235e66c3f393fb2fd0879840c8e17754f355504d", "Title": "perl: Write past buffer end via illegal user-defined Unicode property", "Description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "Severity": "MEDIUM", "CweIDs": [ "CWE-122", "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 2, "nvd": 3, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:2228", "https://access.redhat.com/errata/RHSA-2024:3128", "https://access.redhat.com/security/cve/CVE-2023-47038", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746", "https://bugzilla.redhat.com/2249523", "https://bugzilla.redhat.com/show_bug.cgi?id=2249523", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47038", "https://errata.almalinux.org/9/ALSA-2024-2228.html", "https://errata.rockylinux.org/RLSA-2024:2228", "https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010", "https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6", "https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3", "https://github.com/aquasecurity/trivy/discussions/8400", "https://linux.oracle.com/cve/CVE-2023-47038.html", "https://linux.oracle.com/errata/ELSA-2024-3128.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNEEWAACXQCEEAKSG7XX2D5YDRWLCIZJ/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMDZZ4SCEW6FRWZDMXGAKZ35THTAWFG6/", "https://nvd.nist.gov/vuln/detail/CVE-2023-47038", "https://perldoc.perl.org/perl5382delta#CVE-2023-47038-Write-past-buffer-end-via-illegal-user-defined-Unicode-property", "https://ubuntu.com/security/CVE-2023-47100", "https://ubuntu.com/security/notices/USN-6517-1", "https://www.cve.org/CVERecord?id=CVE-2023-47038", "https://www.suse.com/security/cve/CVE-2023-47100.html" ], "PublishedDate": "2023-12-18T14:15:08.933Z", "LastModifiedDate": "2025-11-04T19:16:05.573Z" }, { "VulnerabilityID": "CVE-2024-12085", "PkgID": "rsync@3.1.3-8ubuntu0.5", "PkgName": "rsync", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/rsync@3.1.3-8ubuntu0.5?arch=amd64\u0026distro=ubuntu-20.04", "UID": "9f4dd363bd033b68" }, "InstalledVersion": "3.1.3-8ubuntu0.5", "FixedVersion": "3.1.3-8ubuntu0.8", "Status": "fixed", "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-12085", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:82ddf8beab0a68e5a1eaf9a1da587e80bd48217229ec1d3c16af160b632b3060", "Title": "rsync: Info Leak via Uninitialized Stack Contents", "Description": "A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.", "Severity": "MEDIUM", "CweIDs": [ "CWE-908" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHBA-2025:6470", "https://access.redhat.com/errata/RHSA-2025:0324", "https://access.redhat.com/errata/RHSA-2025:0325", "https://access.redhat.com/errata/RHSA-2025:0637", "https://access.redhat.com/errata/RHSA-2025:0688", "https://access.redhat.com/errata/RHSA-2025:0714", "https://access.redhat.com/errata/RHSA-2025:0774", "https://access.redhat.com/errata/RHSA-2025:0787", "https://access.redhat.com/errata/RHSA-2025:0790", "https://access.redhat.com/errata/RHSA-2025:0849", "https://access.redhat.com/errata/RHSA-2025:0884", "https://access.redhat.com/errata/RHSA-2025:0885", "https://access.redhat.com/errata/RHSA-2025:1120", "https://access.redhat.com/errata/RHSA-2025:1123", "https://access.redhat.com/errata/RHSA-2025:1128", "https://access.redhat.com/errata/RHSA-2025:1225", "https://access.redhat.com/errata/RHSA-2025:1227", "https://access.redhat.com/errata/RHSA-2025:1242", "https://access.redhat.com/errata/RHSA-2025:1451", "https://access.redhat.com/errata/RHSA-2025:21885", "https://access.redhat.com/errata/RHSA-2025:2701", "https://access.redhat.com/security/cve/CVE-2024-12085", "https://bugzilla.redhat.com/2330539", "https://bugzilla.redhat.com/show_bug.cgi?id=2330539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12085", "https://errata.almalinux.org/9/ALSA-2025-0324.html", "https://errata.rockylinux.org/RLSA-2025:0324", "https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj", "https://kb.cert.org/vince/comm/case/2083/", "https://kb.cert.org/vuls/id/952657", "https://linux.oracle.com/cve/CVE-2024-12085.html", "https://linux.oracle.com/errata/ELSA-2025-0714.html", "https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-12085", "https://security.netapp.com/advisory/ntap-20250131-0002/", "https://ubuntu.com/security/notices/USN-7206-1", "https://ubuntu.com/security/notices/USN-7206-3", "https://www.cve.org/CVERecord?id=CVE-2024-12085", "https://www.kb.cert.org/vuls/id/952657" ], "PublishedDate": "2025-01-14T18:15:25.123Z", "LastModifiedDate": "2026-04-14T22:16:24.497Z" }, { "VulnerabilityID": "CVE-2024-12086", "PkgID": "rsync@3.1.3-8ubuntu0.5", "PkgName": "rsync", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/rsync@3.1.3-8ubuntu0.5?arch=amd64\u0026distro=ubuntu-20.04", "UID": "9f4dd363bd033b68" }, "InstalledVersion": "3.1.3-8ubuntu0.5", "FixedVersion": "3.1.3-8ubuntu0.8", "Status": "fixed", "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-12086", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:20ba46ddc7c0f2657d494d1ee7ce27baf776c56cd1a85c9f33b0e1b1b4051cea", "Title": "rsync: rsync server leaks arbitrary client files", "Description": "A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.", "Severity": "MEDIUM", "CweIDs": [ "CWE-390" ], "VendorSeverity": { "amazon": 3, "azure": 2, "cbl-mariner": 2, "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "V3Score": 6.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/errata/RHBA-2025:6470", "https://access.redhat.com/errata/RHSA-2026:19368", "https://access.redhat.com/security/cve/CVE-2024-12086", "https://bugzilla.redhat.com/show_bug.cgi?id=2330577", "https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj", "https://kb.cert.org/vince/comm/case/2083/", "https://kb.cert.org/vuls/id/952657", "https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-12086", "https://security.netapp.com/advisory/ntap-20250131-0002/", "https://ubuntu.com/security/notices/USN-7206-1", "https://ubuntu.com/security/notices/USN-7206-3", "https://www.cve.org/CVERecord?id=CVE-2024-12086", "https://www.kb.cert.org/vuls/id/952657" ], "PublishedDate": "2025-01-14T18:15:25.297Z", "LastModifiedDate": "2026-05-20T04:16:31.217Z" }, { "VulnerabilityID": "CVE-2024-12087", "PkgID": "rsync@3.1.3-8ubuntu0.5", "PkgName": "rsync", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/rsync@3.1.3-8ubuntu0.5?arch=amd64\u0026distro=ubuntu-20.04", "UID": "9f4dd363bd033b68" }, "InstalledVersion": "3.1.3-8ubuntu0.5", "FixedVersion": "3.1.3-8ubuntu0.8", "Status": "fixed", "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-12087", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a94e14429b5d76dc4e62f5b39f13fef6e6e0d4b533a00519d43e42b0558618e1", "Title": "rsync: Path traversal vulnerability in rsync", "Description": "A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.", "Severity": "MEDIUM", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "cbl-mariner": 2, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHBA-2025:6470", "https://access.redhat.com/errata/RHSA-2025:23154", "https://access.redhat.com/errata/RHSA-2025:23235", "https://access.redhat.com/errata/RHSA-2025:23407", "https://access.redhat.com/errata/RHSA-2025:23415", "https://access.redhat.com/errata/RHSA-2025:23416", "https://access.redhat.com/errata/RHSA-2025:23842", "https://access.redhat.com/errata/RHSA-2025:23853", "https://access.redhat.com/errata/RHSA-2025:23854", "https://access.redhat.com/errata/RHSA-2025:23858", "https://access.redhat.com/errata/RHSA-2025:2600", "https://access.redhat.com/errata/RHSA-2025:7050", "https://access.redhat.com/errata/RHSA-2025:8385", "https://access.redhat.com/security/cve/CVE-2024-12087", "https://bugzilla.redhat.com/2330672", "https://bugzilla.redhat.com/2330676", "https://bugzilla.redhat.com/2332968", "https://bugzilla.redhat.com/show_bug.cgi?id=2330672", "https://bugzilla.redhat.com/show_bug.cgi?id=2330676", "https://bugzilla.redhat.com/show_bug.cgi?id=2332968", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12087", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12088", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12747", "https://errata.almalinux.org/9/ALSA-2025-7050.html", "https://errata.rockylinux.org/RLSA-2025:7050", "https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj", "https://kb.cert.org/vince/comm/case/2083/", "https://kb.cert.org/vuls/id/952657", "https://linux.oracle.com/cve/CVE-2024-12087.html", "https://linux.oracle.com/errata/ELSA-2025-7050.html", "https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-12087", "https://security.netapp.com/advisory/ntap-20250131-0002/", "https://ubuntu.com/security/notices/USN-7206-1", "https://ubuntu.com/security/notices/USN-7206-3", "https://www.cve.org/CVERecord?id=CVE-2024-12087", "https://www.kb.cert.org/vuls/id/952657" ], "PublishedDate": "2025-01-14T18:15:25.467Z", "LastModifiedDate": "2026-04-14T22:16:26.837Z" }, { "VulnerabilityID": "CVE-2024-12088", "PkgID": "rsync@3.1.3-8ubuntu0.5", "PkgName": "rsync", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/rsync@3.1.3-8ubuntu0.5?arch=amd64\u0026distro=ubuntu-20.04", "UID": "9f4dd363bd033b68" }, "InstalledVersion": "3.1.3-8ubuntu0.5", "FixedVersion": "3.1.3-8ubuntu0.8", "Status": "fixed", "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-12088", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d044336f5b9f5c962b2389d6b4dec877a8248ba29dcfb58e789b22ecef4ddab2", "Title": "rsync: --safe-links option bypass leads to path traversal", "Description": "A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.", "Severity": "MEDIUM", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "cbl-mariner": 2, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHBA-2025:6470", "https://access.redhat.com/errata/RHSA-2025:2600", "https://access.redhat.com/errata/RHSA-2025:7050", "https://access.redhat.com/errata/RHSA-2025:8385", "https://access.redhat.com/security/cve/CVE-2024-12088", "https://bugzilla.redhat.com/2330672", "https://bugzilla.redhat.com/2330676", "https://bugzilla.redhat.com/2332968", "https://bugzilla.redhat.com/show_bug.cgi?id=2330672", "https://bugzilla.redhat.com/show_bug.cgi?id=2330676", "https://bugzilla.redhat.com/show_bug.cgi?id=2332968", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12087", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12088", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12747", "https://errata.almalinux.org/9/ALSA-2025-7050.html", "https://errata.rockylinux.org/RLSA-2025:7050", "https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj", "https://kb.cert.org/vince/comm/case/2083/", "https://kb.cert.org/vuls/id/952657", "https://linux.oracle.com/cve/CVE-2024-12088.html", "https://linux.oracle.com/errata/ELSA-2025-7050.html", "https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-12088", "https://security.netapp.com/advisory/ntap-20250131-0002/", "https://ubuntu.com/security/notices/USN-7206-1", "https://ubuntu.com/security/notices/USN-7206-3", "https://www.cve.org/CVERecord?id=CVE-2024-12088", "https://www.kb.cert.org/vuls/id/952657" ], "PublishedDate": "2025-01-14T18:15:25.643Z", "LastModifiedDate": "2026-04-14T22:16:27.247Z" }, { "VulnerabilityID": "CVE-2024-12747", "PkgID": "rsync@3.1.3-8ubuntu0.5", "PkgName": "rsync", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/rsync@3.1.3-8ubuntu0.5?arch=amd64\u0026distro=ubuntu-20.04", "UID": "9f4dd363bd033b68" }, "InstalledVersion": "3.1.3-8ubuntu0.5", "FixedVersion": "3.1.3-8ubuntu0.8", "Status": "fixed", "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-12747", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d474ba9aec1fd9fa7a30fb58023d7271df57b174348b7b46b4347024e07e5c7a", "Title": "rsync: Race Condition in rsync Handling Symbolic Links", "Description": "A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "V3Score": 5.6 } }, "References": [ "https://access.redhat.com/errata/RHBA-2025:6470", "https://access.redhat.com/errata/RHSA-2025:2600", "https://access.redhat.com/errata/RHSA-2025:7050", "https://access.redhat.com/errata/RHSA-2025:8385", "https://access.redhat.com/security/cve/CVE-2024-12747", "https://bugzilla.redhat.com/2330672", "https://bugzilla.redhat.com/2330676", "https://bugzilla.redhat.com/2332968", "https://bugzilla.redhat.com/show_bug.cgi?id=2330672", "https://bugzilla.redhat.com/show_bug.cgi?id=2330676", "https://bugzilla.redhat.com/show_bug.cgi?id=2332968", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12087", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12088", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12747", "https://errata.almalinux.org/9/ALSA-2025-7050.html", "https://errata.rockylinux.org/RLSA-2025:7050", "https://kb.cert.org/vince/comm/case/2083/", "https://kb.cert.org/vuls/id/952657", "https://linux.oracle.com/cve/CVE-2024-12747.html", "https://linux.oracle.com/errata/ELSA-2025-7050.html", "https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-12747", "https://security.netapp.com/advisory/ntap-20250131-0002/", "https://ubuntu.com/security/notices/USN-7206-1", "https://ubuntu.com/security/notices/USN-7206-3", "https://www.cve.org/CVERecord?id=CVE-2024-12747", "https://www.kb.cert.org/vuls/id/952657" ], "PublishedDate": "2025-01-14T18:15:25.83Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2023-39804", "PkgID": "tar@1.30+dfsg-7ubuntu0.20.04.3", "PkgName": "tar", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/tar@1.30%2Bdfsg-7ubuntu0.20.04.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "9e3a2b3027b922ad" }, "InstalledVersion": "1.30+dfsg-7ubuntu0.20.04.3", "FixedVersion": "1.30+dfsg-7ubuntu0.20.04.4", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39804", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f77174d302da2e8fbf6e8be732c14315efdc788cc572912263e2749399652450", "Title": "tar: Incorrectly handled extension attributes in PAX archives can lead to a crash", "Description": "In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 1, "cbl-mariner": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-39804", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058079", "https://git.savannah.gnu.org/cgit/tar.git/commit/?id=a339f05cd269013fa133d2f148d73f6f7d4247e4", "https://git.savannah.gnu.org/cgit/tar.git/tree/src/xheader.c?h=release_1_34#n1723", "https://lists.debian.org/debian-lts-announce/2024/03/msg00008.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-39804", "https://ubuntu.com/security/notices/USN-6543-1", "https://www.cve.org/CVERecord?id=CVE-2023-39804" ], "PublishedDate": "2024-03-27T04:15:08.897Z", "LastModifiedDate": "2025-11-04T19:15:55.43Z" }, { "VulnerabilityID": "CVE-2024-28085", "PkgID": "util-linux@2.34-0.1ubuntu9.3", "PkgName": "util-linux", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/util-linux@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "7e27c675dec861ed" }, "InstalledVersion": "2.34-0.1ubuntu9.3", "FixedVersion": "2.34-0.1ubuntu9.6", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28085", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:04d44a51ed719412d0116319893d8420281b00a6054cca1ccc7df684a5dfe2d5", "Title": "util-linux: CVE-2024-28085: wall: escape sequence injection", "Description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "Severity": "MEDIUM", "CweIDs": [ "CWE-150" ], "VendorSeverity": { "azure": 1, "cbl-mariner": 1, "photon": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.4 } }, "References": [ "http://seclists.org/fulldisclosure/2024/Mar/35", "http://www.openwall.com/lists/oss-security/2024/03/27/5", "http://www.openwall.com/lists/oss-security/2024/03/27/6", "http://www.openwall.com/lists/oss-security/2024/03/27/7", "http://www.openwall.com/lists/oss-security/2024/03/27/8", "http://www.openwall.com/lists/oss-security/2024/03/27/9", "http://www.openwall.com/lists/oss-security/2024/03/28/1", "http://www.openwall.com/lists/oss-security/2024/03/28/2", "http://www.openwall.com/lists/oss-security/2024/03/28/3", "https://access.redhat.com/security/cve/CVE-2024-28085", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-202008.html", "https://github.com/skyler-ferrante/CVE-2024-28085", "https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq", "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", "https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/", "https://nvd.nist.gov/vuln/detail/CVE-2024-28085", "https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt", "https://security.netapp.com/advisory/ntap-20240531-0003/", "https://ubuntu.com/security/notices/USN-6719-1", "https://ubuntu.com/security/notices/USN-6719-2", "https://www.cve.org/CVERecord?id=CVE-2024-28085", "https://www.openwall.com/lists/oss-security/2024/03/27/5" ], "PublishedDate": "2024-03-27T19:15:48.367Z", "LastModifiedDate": "2026-05-12T12:16:33.7Z" } ] }, { "Target": "usr/local/bin/gosu", "Class": "lang-pkgs", "Type": "gobinary", "Packages": [ { "ID": "github.com/tianon/gosu", "Name": "github.com/tianon/gosu", "Identifier": { "PURL": "pkg:golang/github.com/tianon/gosu", "UID": "f8be0ac9ee9f0640" }, "Relationship": "root", "DependsOn": [ "github.com/opencontainers/runc@v1.0.1", "golang.org/x/sys@v0.0.0-20210817142637-7d9622a276b7", "stdlib@v1.16.7" ], "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "AnalyzedBy": "gobinary" }, { "ID": "stdlib@v1.16.7", "Name": "stdlib", "Identifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "Version": "v1.16.7", "Relationship": "direct", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/opencontainers/runc@v1.0.1", "Name": "github.com/opencontainers/runc", "Identifier": { "PURL": "pkg:golang/github.com/opencontainers/runc@v1.0.1", "UID": "393c951d0b8eb33d" }, "Version": "v1.0.1", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/sys@v0.0.0-20210817142637-7d9622a276b7", "Name": "golang.org/x/sys", "Identifier": { "PURL": "pkg:golang/golang.org/x/sys@v0.0.0-20210817142637-7d9622a276b7", "UID": "9f8e6d3b2db2ec49" }, "Version": "v0.0.0-20210817142637-7d9622a276b7", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "AnalyzedBy": "gobinary" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2023-27561", "VendorIDs": [ "GHSA-vpvm-3wq2-2wvm" ], "PkgID": "github.com/opencontainers/runc@v1.0.1", "PkgName": "github.com/opencontainers/runc", "PkgIdentifier": { "PURL": "pkg:golang/github.com/opencontainers/runc@v1.0.1", "UID": "393c951d0b8eb33d" }, "InstalledVersion": "v1.0.1", "FixedVersion": "1.1.5", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:6803b92b4954fcff324a846c6596339a7f6eec534d769c2ea6d16ddae676df64", "Title": "runc: volume mount race condition (regression of CVE-2019-19921)", "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", "Severity": "HIGH", "CweIDs": [ "CWE-706" ], "VendorSeverity": { "alma": 2, "amazon": 3, "cbl-mariner": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6380", "https://access.redhat.com/security/cve/CVE-2023-27561", "https://bugzilla.redhat.com/2029439", "https://bugzilla.redhat.com/2175721", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2182883", "https://bugzilla.redhat.com/2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6380.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", "https://github.com/opencontainers/runc", "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", "https://github.com/opencontainers/runc/issues/3751", "https://github.com/opencontainers/runc/pull/3785", "https://github.com/opencontainers/runc/releases/tag/v1.1.5", "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", "https://security.netapp.com/advisory/ntap-20241206-0004", "https://security.netapp.com/advisory/ntap-20241206-0004/", "https://ubuntu.com/security/notices/USN-6088-1", "https://ubuntu.com/security/notices/USN-6088-2", "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:11.33Z", "LastModifiedDate": "2024-12-06T14:15:19.037Z" }, { "VulnerabilityID": "CVE-2024-21626", "VendorIDs": [ "GHSA-xr7r-f8xq-vfvv" ], "PkgID": "github.com/opencontainers/runc@v1.0.1", "PkgName": "github.com/opencontainers/runc", "PkgIdentifier": { "PURL": "pkg:golang/github.com/opencontainers/runc@v1.0.1", "UID": "393c951d0b8eb33d" }, "InstalledVersion": "v1.0.1", "FixedVersion": "1.1.12", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-21626", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:c25ce5d902cd400e0e1e8612784e5451080a86de1b3e2892fa915e277c48937f", "Title": "runc: file descriptor leak", "Description": "runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem (\"attack 2\"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run (\"attack 1\"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes (\"attack 3a\" and \"attack 3b\"). runc 1.1.12 includes patches for this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-403", "CWE-668" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "V3Score": 8.6 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "V3Score": 8.6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "V3Score": 8.6 } }, "References": [ "http://packetstormsecurity.com/files/176993/runc-1.1.11-File-Descriptor-Leak-Privilege-Escalation.html", "http://www.openwall.com/lists/oss-security/2024/02/01/1", "http://www.openwall.com/lists/oss-security/2024/02/02/3", "https://access.redhat.com/errata/RHSA-2024:0670", "https://access.redhat.com/security/cve/CVE-2024-21626", "https://bugzilla.redhat.com/2258725", "https://bugzilla.redhat.com/show_bug.cgi?id=2258725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21626", "https://errata.almalinux.org/9/ALSA-2024-0670.html", "https://errata.rockylinux.org/RLSA-2024:0752", "https://github.com/opencontainers/runc", "https://github.com/opencontainers/runc/commit/02120488a4c0fc487d1ed2867e901eeed7ce8ecf", "https://github.com/opencontainers/runc/releases/tag/v1.1.12", "https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv", "https://linux.oracle.com/cve/CVE-2024-21626.html", "https://linux.oracle.com/errata/ELSA-2024-17931.html", "https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NLXNE23Q5ESQUAI22Z7A63JX2WMPJ2J", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NLXNE23Q5ESQUAI22Z7A63JX2WMPJ2J/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SYMO3BANINS6RGFQFKPRG4FIOJ7GWYTL", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SYMO3BANINS6RGFQFKPRG4FIOJ7GWYTL/", "https://nvd.nist.gov/vuln/detail/CVE-2024-21626", "https://ubuntu.com/security/notices/USN-6619-1", "https://www.cve.org/CVERecord?id=CVE-2024-21626", "https://www.vicarius.io/vsociety/posts/leaky-vessels-part-1-cve-2024-21626" ], "PublishedDate": "2024-01-31T22:15:53.78Z", "LastModifiedDate": "2024-11-21T08:54:45.18Z" }, { "VulnerabilityID": "CVE-2025-31133", "VendorIDs": [ "GHSA-9493-h29p-rfm2" ], "PkgID": "github.com/opencontainers/runc@v1.0.1", "PkgName": "github.com/opencontainers/runc", "PkgIdentifier": { "PURL": "pkg:golang/github.com/opencontainers/runc@v1.0.1", "UID": "393c951d0b8eb33d" }, "InstalledVersion": "v1.0.1", "FixedVersion": "1.2.8, 1.3.3, 1.4.0-rc.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-31133", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:13665e3c39489164fa3631f04801910a84728adfd0322b4726c0fe6cd7302163", "Title": "runc: container escape via 'masked path' abuse due to mount race conditions", "Description": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container's /dev/null) was actually a real /dev/null inode when using the container's /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.", "Severity": "HIGH", "CweIDs": [ "CWE-61", "CWE-363" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "V40Score": 7.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "V3Score": 8.2 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:20957", "https://access.redhat.com/security/cve/CVE-2025-31133", "https://bugzilla.redhat.com/2404705", "https://bugzilla.redhat.com/2404708", "https://bugzilla.redhat.com/2404715", "https://bugzilla.redhat.com/show_bug.cgi?id=2404705", "https://bugzilla.redhat.com/show_bug.cgi?id=2404708", "https://bugzilla.redhat.com/show_bug.cgi?id=2404715", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31133", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52565", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52881", "https://errata.almalinux.org/9/ALSA-2025-20957.html", "https://errata.rockylinux.org/RLSA-2025:20957", "https://github.com/opencontainers/runc", "https://github.com/opencontainers/runc/commit/1a30a8f3d921acbbb6a4bb7e99da2c05f8d48522", "https://github.com/opencontainers/runc/commit/5d7b2424072449872d1cd0c937f2ca25f418eb66", "https://github.com/opencontainers/runc/commit/8476df83b534a2522b878c0507b3491def48db9f", "https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64", "https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2", "https://linux.oracle.com/cve/CVE-2025-31133.html", "https://linux.oracle.com/errata/ELSA-2025-21232.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-31133", "https://ubuntu.com/security/notices/USN-7851-1", "https://www.cve.org/CVERecord?id=CVE-2025-31133" ], "PublishedDate": "2025-11-06T19:15:41.343Z", "LastModifiedDate": "2025-12-03T18:30:15.43Z" }, { "VulnerabilityID": "CVE-2025-52565", "VendorIDs": [ "GHSA-qw9x-cqr3-wc7r" ], "PkgID": "github.com/opencontainers/runc@v1.0.1", "PkgName": "github.com/opencontainers/runc", "PkgIdentifier": { "PURL": "pkg:golang/github.com/opencontainers/runc@v1.0.1", "UID": "393c951d0b8eb33d" }, "InstalledVersion": "v1.0.1", "FixedVersion": "1.2.8, 1.3.3, 1.4.0-rc.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-52565", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:9bf5ac549932065f84ac95fb64379b2b2ecf56ce45a1c21b9abdd74427ab4cf8", "Title": "runc: container escape with malicious config due to /dev/console mount and related races", "Description": "runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively). This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.", "Severity": "HIGH", "CweIDs": [ "CWE-61", "CWE-363" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "V40Score": 7.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "V3Score": 8.2 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:20957", "https://access.redhat.com/security/cve/CVE-2025-52565", "https://bugzilla.redhat.com/2404705", "https://bugzilla.redhat.com/2404708", "https://bugzilla.redhat.com/2404715", "https://bugzilla.redhat.com/show_bug.cgi?id=2404705", "https://bugzilla.redhat.com/show_bug.cgi?id=2404708", "https://bugzilla.redhat.com/show_bug.cgi?id=2404715", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31133", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52565", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52881", "https://errata.almalinux.org/9/ALSA-2025-20957.html", "https://errata.rockylinux.org/RLSA-2025:20957", "https://github.com/opencontainers/runc", "https://github.com/opencontainers/runc/commit/01de9d65dc72f67b256ef03f9bfb795a2bf143b4", "https://github.com/opencontainers/runc/commit/398955bccb7f20565c224a3064d331c19e422398", "https://github.com/opencontainers/runc/commit/531ef794e4ecd628006a865ad334a048ee2b4b2e", "https://github.com/opencontainers/runc/commit/9be1dbf4ac67d9840a043ebd2df5c68f36705d1d", "https://github.com/opencontainers/runc/commit/aee7d3fe355dd02939d44155e308ea0052e0d53a", "https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64", "https://github.com/opencontainers/runc/commit/de87203e625cd7a27141fb5f2ad00a320c69c5e8", "https://github.com/opencontainers/runc/commit/ff94f9991bd32076c871ef0ad8bc1b763458e480", "https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r", "https://linux.oracle.com/cve/CVE-2025-52565.html", "https://linux.oracle.com/errata/ELSA-2025-21232.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-52565", "https://ubuntu.com/security/notices/USN-7851-1", "https://www.cve.org/CVERecord?id=CVE-2025-52565" ], "PublishedDate": "2025-11-06T20:15:49.24Z", "LastModifiedDate": "2025-12-03T18:33:33.357Z" }, { "VulnerabilityID": "CVE-2025-52881", "VendorIDs": [ "GHSA-cgrx-mc8f-2prm" ], "PkgID": "github.com/opencontainers/runc@v1.0.1", "PkgName": "github.com/opencontainers/runc", "PkgIdentifier": { "PURL": "pkg:golang/github.com/opencontainers/runc@v1.0.1", "UID": "393c951d0b8eb33d" }, "InstalledVersion": "v1.0.1", "FixedVersion": "1.2.8, 1.3.3, 1.4.0-rc.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-52881", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:251926c142387b6deacfca4536b5807557c1cec0bc296211e140b48524ebfc11", "Title": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects", "Description": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.", "Severity": "HIGH", "CweIDs": [ "CWE-61", "CWE-363" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "cbl-mariner": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "V40Score": 7.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "V3Score": 8.2 } }, "References": [ "http://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322", "http://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3", "https://access.redhat.com/errata/RHSA-2025:22011", "https://access.redhat.com/security/cve/CVE-2025-52881", "https://bugzilla.redhat.com/2404715", "https://bugzilla.redhat.com/2407258", "https://bugzilla.redhat.com/show_bug.cgi?id=2404715", "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52881", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", "https://errata.almalinux.org/9/ALSA-2025-22011.html", "https://errata.rockylinux.org/RLSA-2025:22011", "https://github.com/opencontainers/runc", "https://github.com/opencontainers/runc/blob/v1.4.0-rc.2/RELEASES.md", "https://github.com/opencontainers/runc/commit/3f925525b44d247e390e529e772a0dc0c0bc3557", "https://github.com/opencontainers/runc/commit/435cc81be6b79cdec73b4002c0dae549b2f6ae6d", "https://github.com/opencontainers/runc/commit/44a0fcf685db051c80b8c269812bb177f5802c58", "https://github.com/opencontainers/runc/commit/4b37cd93f86e72feac866442988b549b5b7bf3e6", "https://github.com/opencontainers/runc/commit/6fc191449109ea14bb7d61238f24a33fe08c651f", "https://github.com/opencontainers/runc/commit/77889b56db939c323d29d1130f28f9aea2edb544", "https://github.com/opencontainers/runc/commit/77d217c7c3775d8ca5af89e477e81568ef4572db", "https://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322", "https://github.com/opencontainers/runc/commit/b3dd1bc562ed9996d1a0f249e056c16624046d28", "https://github.com/opencontainers/runc/commit/d40b3439a9614a86e87b81a94c6811ec6fa2d7d2", "https://github.com/opencontainers/runc/commit/d61fd29d854b416feaaf128bf650325cd2182165", "https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64", "https://github.com/opencontainers/runc/commit/ed6b1693b8b3ae7eb0250a7e76fc888cdacf98c1", "https://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3", "https://github.com/opencontainers/runc/commit/ff6fe1324663538167eca8b3d3eec61e1bd4fa51", "https://github.com/opencontainers/runc/commit/ff94f9991bd32076c871ef0ad8bc1b763458e480", "https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2", "https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm", "https://github.com/opencontainers/runc/security/advisories/GHSA-fh74-hm69-rqjw", "https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r", "https://github.com/opencontainers/selinux/pull/237", "https://github.com/opencontainers/selinux/releases/tag/v1.13.0", "https://linux.oracle.com/cve/CVE-2025-52881.html", "https://linux.oracle.com/errata/ELSA-2025-23543.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-52881", "https://pkg.go.dev/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs", "https://ubuntu.com/security/notices/USN-7851-1", "https://www.cve.org/CVERecord?id=CVE-2025-52881", "https://youtu.be/tGseJW_uBB8", "https://youtu.be/y1PaBzxwRWQ" ], "PublishedDate": "2025-11-06T21:15:42.817Z", "LastModifiedDate": "2025-12-03T18:37:17.917Z" }, { "VulnerabilityID": "CVE-2021-43784", "VendorIDs": [ "GHSA-v95c-p5hm-xq8f" ], "PkgID": "github.com/opencontainers/runc@v1.0.1", "PkgName": "github.com/opencontainers/runc", "PkgIdentifier": { "PURL": "pkg:golang/github.com/opencontainers/runc@v1.0.1", "UID": "393c951d0b8eb33d" }, "InstalledVersion": "v1.0.1", "FixedVersion": "1.0.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-43784", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:ce6650dbfa114abae5db2c90134ba032100d7765e550d12747025a7def687277", "Title": "runc: integer overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration", "Description": "runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug.", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "alma": 2, "cbl-mariner": 2, "ghsa": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L", "V3Score": 6 }, "nvd": { "V2Vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "V2Score": 6, "V3Score": 5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6380", "https://access.redhat.com/security/cve/CVE-2021-43784", "https://bugs.chromium.org/p/project-zero/issues/detail?id=2241", "https://bugzilla.redhat.com/2029439", "https://bugzilla.redhat.com/2175721", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2182883", "https://bugzilla.redhat.com/2182884", "https://errata.almalinux.org/9/ALSA-2023-6380.html", "https://github.com/opencontainers/runc", "https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554", "https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae", "https://github.com/opencontainers/runc/commit/dde509df4e28cec33b3c99c6cda3d4fd5beafc77", "https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed", "https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f", "https://linux.oracle.com/cve/CVE-2021-43784.html", "https://linux.oracle.com/errata/ELSA-2023-6380.html", "https://lists.debian.org/debian-lts-announce/2021/12/msg00005.html", "https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-43784", "https://pkg.go.dev/vuln/GO-2022-0274", "https://ubuntu.com/security/notices/USN-6088-2", "https://www.cve.org/CVERecord?id=CVE-2021-43784", "https://www.openwall.com/lists/oss-security/2021/12/06/1" ], "PublishedDate": "2021-12-06T18:15:08.24Z", "LastModifiedDate": "2024-11-21T06:29:46.873Z" }, { "VulnerabilityID": "CVE-2022-29162", "VendorIDs": [ "GHSA-f3fp-gc8g-vw66" ], "PkgID": "github.com/opencontainers/runc@v1.0.1", "PkgName": "github.com/opencontainers/runc", "PkgIdentifier": { "PURL": "pkg:golang/github.com/opencontainers/runc@v1.0.1", "UID": "393c951d0b8eb33d" }, "InstalledVersion": "v1.0.1", "FixedVersion": "1.1.2", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-29162", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:cfba7434a916e00b5f196ad3952fed146bd82230b5ad485f6966013113393fe7", "Title": "runc: incorrect handling of inheritable capabilities", "Description": "runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in runc 1.1.2. This fix changes `runc exec --cap` behavior such that the additional capabilities granted to the process being executed (as specified via `--cap` arguments) do not include inheritable capabilities. In addition, `runc spec` is changed to not set any inheritable capabilities in the created example OCI spec (`config.json`) file.", "Severity": "MEDIUM", "CweIDs": [ "CWE-276" ], "VendorSeverity": { "alma": 1, "amazon": 1, "cbl-mariner": 3, "ghsa": 2, "nvd": 3, "oracle-oval": 1, "photon": 3, "redhat": 1, "rocky": 1, "ubuntu": 1 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.9 }, "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V2Score": 4.6, "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.6 } }, "References": [ "github.com/opencontainers/runc", "https://access.redhat.com/errata/RHSA-2022:8090", "https://access.redhat.com/security/cve/CVE-2022-29162", "https://bugzilla.redhat.com/2086398", "https://bugzilla.redhat.com/show_bug.cgi?id=2086398", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29162", "https://errata.almalinux.org/9/ALSA-2022-8090.html", "https://errata.rockylinux.org/RLSA-2022:8090", "https://github.com/opencontainers/runc/commit/98fe566c527479195ce3c8167136d2a555fe6b65", "https://github.com/opencontainers/runc/commit/d04de3a9b72d7a2455c1885fc75eb36d02cd17b5", "https://github.com/opencontainers/runc/releases/tag/v1.1.2", "https://github.com/opencontainers/runc/security/advisories/GHSA-f3fp-gc8g-vw66", "https://linux.oracle.com/cve/CVE-2022-29162.html", "https://linux.oracle.com/errata/ELSA-2022-8090.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVPZBV7ISA7QKRPTC7ZXWKMIQI2HZEBB/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D77CKD3AXPMU4PMQIQI5Q74SI4JATNND/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GPQU4YC4AAY54JDXGDQHJEYKSXXG5T2Y/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVPZBV7ISA7QKRPTC7ZXWKMIQI2HZEBB", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D77CKD3AXPMU4PMQIQI5Q74SI4JATNND", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPQU4YC4AAY54JDXGDQHJEYKSXXG5T2Y", "https://nvd.nist.gov/vuln/detail/CVE-2022-29162", "https://ubuntu.com/security/notices/USN-6088-2", "https://www.cve.org/CVERecord?id=CVE-2022-29162", "https://www.openwall.com/lists/oss-security/2022/05/12/1" ], "PublishedDate": "2022-05-17T21:15:08.32Z", "LastModifiedDate": "2024-11-21T06:58:36.893Z" }, { "VulnerabilityID": "CVE-2023-28642", "VendorIDs": [ "GHSA-g2j6-57v7-gm8c" ], "PkgID": "github.com/opencontainers/runc@v1.0.1", "PkgName": "github.com/opencontainers/runc", "PkgIdentifier": { "PURL": "pkg:golang/github.com/opencontainers/runc@v1.0.1", "UID": "393c951d0b8eb33d" }, "InstalledVersion": "v1.0.1", "FixedVersion": "1.1.5", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-28642", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:baeba50ed00bccb64eeb21147c04cd162d5df57787d2e22415bbefd1dd60fe57", "Title": "runc: AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration", "Description": "runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image.\n\n", "Severity": "MEDIUM", "CweIDs": [ "CWE-281", "CWE-59" ], "VendorSeverity": { "alma": 2, "amazon": 3, "cbl-mariner": 3, "ghsa": 2, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "V3Score": 6.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6380", "https://access.redhat.com/security/cve/CVE-2023-28642", "https://bugzilla.redhat.com/2029439", "https://bugzilla.redhat.com/2175721", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2182883", "https://bugzilla.redhat.com/2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6380.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://github.com/advisories/GHSA-g2j6-57v7-gm8c", "https://github.com/opencontainers/runc", "https://github.com/opencontainers/runc/pull/3785", "https://github.com/opencontainers/runc/security/advisories/GHSA-g2j6-57v7-gm8c", "https://linux.oracle.com/cve/CVE-2023-28642.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-28642", "https://security.netapp.com/advisory/ntap-20241206-0005", "https://security.netapp.com/advisory/ntap-20241206-0005/", "https://ubuntu.com/security/notices/USN-6088-1", "https://ubuntu.com/security/notices/USN-6088-2", "https://www.cve.org/CVERecord?id=CVE-2023-28642" ], "PublishedDate": "2023-03-29T19:15:22.397Z", "LastModifiedDate": "2024-12-06T14:15:19.25Z" }, { "VulnerabilityID": "CVE-2024-45310", "VendorIDs": [ "GHSA-jfvp-7x6p-h2pv" ], "PkgID": "github.com/opencontainers/runc@v1.0.1", "PkgName": "github.com/opencontainers/runc", "PkgIdentifier": { "PURL": "pkg:golang/github.com/opencontainers/runc@v1.0.1", "UID": "393c951d0b8eb33d" }, "InstalledVersion": "v1.0.1", "FixedVersion": "1.1.14, 1.2.0-rc.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-45310", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:05aef3760112253d5b156ed1f3879105aad792c9f20daa3384b68b553898fc69", "Title": "runc: runc can be tricked into creating empty files/directories on host", "Description": "runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers and exploiting a race with `os.MkdirAll`. While this could be used to create empty files, existing files would not be truncated. An attacker must have the ability to start containers using some kind of custom volume configuration. Containers using user namespaces are still affected, but the scope of places an attacker can create inodes can be significantly reduced. Sufficiently strict LSM policies (SELinux/Apparmor) can also in principle block this attack -- we suspect the industry standard SELinux policy may restrict this attack's scope but the exact scope of protection hasn't been analysed. This is exploitable using runc directly as well as through Docker and Kubernetes. The issue is fixed in runc v1.1.14 and v1.2.0-rc3.\n\nSome workarounds are available. Using user namespaces restricts this attack fairly significantly such that the attacker can only create inodes in directories that the remapped root user/group has write access to. Unless the root user is remapped to an actual\nuser on the host (such as with rootless containers that don't use `/etc/sub[ug]id`), this in practice means that an attacker would only be able to create inodes in world-writable directories. A strict enough SELinux or AppArmor policy could in principle also restrict the scope if a specific label is applied to the runc runtime, though neither the extent to which the standard existing policies block this attack nor what exact policies are needed to sufficiently restrict this attack have been thoroughly tested.", "Severity": "MEDIUM", "CweIDs": [ "CWE-61", "CWE-363" ], "VendorSeverity": { "amazon": 1, "azure": 1, "cbl-mariner": 1, "ghsa": 2, "nvd": 1, "photon": 1, "redhat": 1, "ubuntu": 1 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/U:Green", "V3Score": 3.6, "V40Score": 4.8 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", "V3Score": 3.6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", "V3Score": 3.6 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/09/03/1", "https://access.redhat.com/security/cve/CVE-2024-45310", "https://github.com/opencontainers/runc", "https://github.com/opencontainers/runc/commit/63c2908164f3a1daea455bf5bcd8d363d70328c7", "https://github.com/opencontainers/runc/commit/8781993968fd964ac723ff5f360b6f259e809a3e", "https://github.com/opencontainers/runc/commit/f0b652ea61ff6750a8fcc69865d45a7abf37accf", "https://github.com/opencontainers/runc/pull/4359", "https://github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv", "https://nvd.nist.gov/vuln/detail/CVE-2024-45310", "https://security.netapp.com/advisory/ntap-20250221-0008", "https://security.netapp.com/advisory/ntap-20250221-0008/", "https://www.cve.org/CVERecord?id=CVE-2024-45310", "https://www.openwall.com/lists/oss-security/2024/09/03/1" ], "PublishedDate": "2024-09-03T19:15:15.243Z", "LastModifiedDate": "2025-11-25T14:07:27.74Z" }, { "VulnerabilityID": "CVE-2022-29526", "VendorIDs": [ "GHSA-p782-xgp4-8hr8" ], "PkgID": "golang.org/x/sys@v0.0.0-20210817142637-7d9622a276b7", "PkgName": "golang.org/x/sys", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/sys@v0.0.0-20210817142637-7d9622a276b7", "UID": "9f8e6d3b2db2ec49" }, "InstalledVersion": "v0.0.0-20210817142637-7d9622a276b7", "FixedVersion": "0.0.0-20220412211240-33da011f77ad", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-29526", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:7077e32ac241117b3be3937a652d44c8dbce7d5c7d6e69a4862ac48590d170fe", "Title": "golang: syscall: faccessat checks wrong group", "Description": "Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.", "Severity": "MEDIUM", "CweIDs": [ "CWE-269" ], "VendorSeverity": { "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "ghsa": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V2Score": 5, "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-29526", "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1962", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24675", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24921", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28131", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28327", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29526", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30629", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30633", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", "https://errata.rockylinux.org/RLSA-2022:5799", "https://github.com/golang/go", "https://github.com/golang/go/commit/f66925e854e71e0c54b581885380a490d7afa30c", "https://github.com/golang/go/issues/52313", "https://go.dev/cl/399539", "https://go.dev/cl/400074", "https://go.dev/issue/52313", "https://groups.google.com/g/golang-announce", "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU", "https://linux.oracle.com/cve/CVE-2022-29526.html", "https://linux.oracle.com/errata/ELSA-2022-5337.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6GE5EQGE4L2KRVGW4T75QVIYAXCLO5X/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q6GE5EQGE4L2KRVGW4T75QVIYAXCLO5X", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR", "https://nvd.nist.gov/vuln/detail/CVE-2022-29526", "https://pkg.go.dev/vuln/GO-2022-0493", "https://security.gentoo.org/glsa/202208-02", "https://security.netapp.com/advisory/ntap-20220729-0001", "https://security.netapp.com/advisory/ntap-20220729-0001/", "https://ubuntu.com/security/notices/USN-6038-1", "https://ubuntu.com/security/notices/USN-6038-2", "https://www.cve.org/CVERecord?id=CVE-2022-29526" ], "PublishedDate": "2022-06-23T17:15:12.747Z", "LastModifiedDate": "2024-11-21T06:59:15.563Z" }, { "VulnerabilityID": "CVE-2022-23806", "VendorIDs": [ "GO-2021-0319" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.16.14, 1.17.7", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-23806", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:9cbae64c748e8eed132183466377c2865dc249f54dcbac4af51ac00967729870", "Title": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements", "Description": "Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.", "Severity": "CRITICAL", "CweIDs": [ "CWE-252" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 4, "bitnami": 4, "cbl-mariner": 4, "nvd": 4, "oracle-oval": 2, "photon": 4, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "V3Score": 9.1 }, "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "V2Score": 6.4, "V3Score": 9.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38297.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39293.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41771.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41772.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23772.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23773.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23806.json", "https://access.redhat.com/security/cve/CVE-2022-23806", "https://errata.almalinux.org/8/ALSA-2022-1819.html", "https://go.dev/cl/382455", "https://go.dev/issue/50974", "https://go.googlesource.com/go/+/7f9494c277a471f6f47f4af3036285c0b1419816", "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", "https://linux.oracle.com/cve/CVE-2022-23806.html", "https://linux.oracle.com/errata/ELSA-2022-1819.html", "https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html", "https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html", "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-23806", "https://pkg.go.dev/vuln/GO-2021-0319", "https://security.gentoo.org/glsa/202208-02", "https://security.netapp.com/advisory/ntap-20220225-0006/", "https://www.cve.org/CVERecord?id=CVE-2022-23806", "https://www.oracle.com/security-alerts/cpujul2022.html" ], "PublishedDate": "2022-02-11T01:15:07.747Z", "LastModifiedDate": "2024-11-21T06:49:17.407Z" }, { "VulnerabilityID": "CVE-2023-24538", "VendorIDs": [ "GO-2023-1703" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.19.8, 1.20.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24538", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:ba13741997a8cf16d0f4e20a7dbf2704e4688620e6c0ed7ed38a3acc9aee0cb3", "Title": "golang: html/template: backticks not treated as string delimiters", "Description": "Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g. \"var a = {{.}}\"), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template.Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported, but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution.", "Severity": "CRITICAL", "CweIDs": [ "CWE-94" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 4, "bitnami": 4, "cbl-mariner": 4, "nvd": 4, "oracle-oval": 2, "photon": 4, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2023-24538", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://github.com/golang/go/commit/20374d1d759bc4e17486bde1cb9dca5be37d9e52 (go1.20.3)", "https://github.com/golang/go/commit/b1e3ecfa06b67014429a197ec5e134ce4303ad9b (go1.19.8)", "https://github.com/golang/go/issues/59234", "https://go.dev/cl/482079", "https://go.dev/issue/59234", "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", "https://linux.oracle.com/cve/CVE-2023-24538.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-24538", "https://pkg.go.dev/vuln/GO-2023-1703", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20241115-0007/", "https://ubuntu.com/security/notices/USN-6038-1", "https://ubuntu.com/security/notices/USN-6038-2", "https://ubuntu.com/security/notices/USN-6140-1", "https://ubuntu.com/security/notices/USN-7061-1", "https://www.cve.org/CVERecord?id=CVE-2023-24538" ], "PublishedDate": "2023-04-06T16:15:07.8Z", "LastModifiedDate": "2025-02-12T17:15:14.19Z" }, { "VulnerabilityID": "CVE-2023-24540", "VendorIDs": [ "GO-2023-1752" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.19.9, 1.20.4", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24540", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:d4aaf45671e59cbf1bdc0301ecea3ed227cf55fb7677fc0c815b8baa80d27d4e", "Title": "golang: html/template: improper handling of JavaScript whitespace", "Description": "Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set \"\\t\\n\\f\\r\\u0020\\u2028\\u2029\" in JavaScript contexts that also contain actions may not be properly sanitized during execution.", "Severity": "CRITICAL", "CweIDs": [ "CWE-77" ], "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 4, "cbl-mariner": 4, "nvd": 4, "oracle-oval": 2, "photon": 4, "redhat": 3, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2023-24540", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://github.com/golang/go/commit/4a28cad66655ee01c6e944271e23c33cab021765 (go1.20.4)", "https://github.com/golang/go/commit/ce7bd33345416e6d8cac901792060591cafc2797 (go1.19.9)", "https://github.com/golang/go/issues/59721", "https://go.dev/cl/491616", "https://go.dev/issue/59721", "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU", "https://linux.oracle.com/cve/CVE-2023-24540.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-24540", "https://pkg.go.dev/vuln/GO-2023-1752", "https://security.netapp.com/advisory/ntap-20241115-0008/", "https://ubuntu.com/security/notices/USN-6140-1", "https://www.cve.org/CVERecord?id=CVE-2023-24540" ], "PublishedDate": "2023-05-11T16:15:09.687Z", "LastModifiedDate": "2025-01-24T17:15:10.893Z" }, { "VulnerabilityID": "CVE-2024-24790", "VendorIDs": [ "GO-2024-2887" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.21.11, 1.22.4", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24790", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:60b31dc984c9612b6f157002820f95fb662b3614c6914369ecd1c2810aad0eb1", "Title": "golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses", "Description": "The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.", "Severity": "CRITICAL", "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 4, "cbl-mariner": 4, "nvd": 4, "oracle-oval": 2, "photon": 4, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 6.7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/06/04/1", "https://access.redhat.com/errata/RHSA-2025:7256", "https://access.redhat.com/security/cve/CVE-2024-24790", "https://bugzilla.redhat.com/2237777", "https://bugzilla.redhat.com/2237778", "https://bugzilla.redhat.com/2279814", "https://bugzilla.redhat.com/2292787", "https://bugzilla.redhat.com/2295310", "https://bugzilla.redhat.com/2315719", "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", "https://bugzilla.redhat.com/show_bug.cgi?id=2292787", "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", "https://bugzilla.redhat.com/show_bug.cgi?id=2315719", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9355", "https://errata.almalinux.org/9/ALSA-2025-7256.html", "https://errata.rockylinux.org/RLSA-2025:7256", "https://github.com/golang/go/commit/051bdf3fd12a40307606ff9381138039c5f452f0 (1.21)", "https://github.com/golang/go/commit/12d5810cdb1f73cf23d7a86462143e9463317fca (1.22)", "https://github.com/golang/go/issues/67680", "https://go.dev/cl/590316", "https://go.dev/issue/67680", "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k", "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ", "https://linux.oracle.com/cve/CVE-2024-24790.html", "https://linux.oracle.com/errata/ELSA-2025-7256.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-24790", "https://pkg.go.dev/vuln/GO-2024-2887", "https://security.netapp.com/advisory/ntap-20240905-0002/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://www.cve.org/CVERecord?id=CVE-2024-24790" ], "PublishedDate": "2024-06-05T16:15:10.56Z", "LastModifiedDate": "2024-11-21T08:59:42.813Z" }, { "VulnerabilityID": "CVE-2025-68121", "VendorIDs": [ "GO-2026-4337" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68121", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c459470ee439dc9e6152908a75cb25dfdef47c1168eee506295be62533fb1bd4", "Title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption", "Description": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.", "Severity": "CRITICAL", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 4, "cbl-mariner": 2, "nvd": 4, "oracle-oval": 3, "photon": 4, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "V3Score": 10 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "V3Score": 10 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4177", "https://access.redhat.com/security/cve/CVE-2025-68121", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-4177.html", "https://errata.rockylinux.org/RLSA-2026:4177", "https://github.com/golang/go/issues/77113", "https://go.dev/cl/737700", "https://go.dev/issue/77217", "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-68121.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-68121", "https://pkg.go.dev/vuln/GO-2026-4337", "https://www.cve.org/CVERecord?id=CVE-2025-68121" ], "PublishedDate": "2026-02-05T18:16:10.857Z", "LastModifiedDate": "2026-04-29T14:16:16.17Z" }, { "VulnerabilityID": "CVE-2021-39293", "VendorIDs": [ "GO-2022-0273" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.16.8, 1.17.1", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-39293", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:99569ae912f003f3c8086b9059682006ff5586edfbec582a405e4c98b3a27db3", "Title": "golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196)", "Description": "In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38297.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39293.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41771.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41772.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23772.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23773.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23806.json", "https://access.redhat.com/security/cve/CVE-2021-39293", "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf", "https://errata.almalinux.org/8/ALSA-2022-1819.html", "https://go.dev/cl/343434", "https://go.dev/issue/47801", "https://go.googlesource.com/go/+/bacbc33439b124ffd7392c91a5f5d96eca8c0c0b", "https://groups.google.com/g/golang-announce/c/dx9d7IOseHw", "https://linux.oracle.com/cve/CVE-2021-39293.html", "https://linux.oracle.com/errata/ELSA-2022-1819.html", "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-39293", "https://pkg.go.dev/vuln/GO-2022-0273", "https://security.netapp.com/advisory/ntap-20220217-0009/", "https://www.cve.org/CVERecord?id=CVE-2021-39293" ], "PublishedDate": "2022-01-24T01:15:07.92Z", "LastModifiedDate": "2024-11-21T06:19:08.18Z" }, { "VulnerabilityID": "CVE-2021-41771", "VendorIDs": [ "GO-2021-0263" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.16.10, 1.17.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-41771", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:62b6e7e510f71e5bf6592f72bcb0d5669c5c4b112e1e009d732383e996fbc9ca", "Title": "golang: debug/macho: invalid dynamic symbol table command can cause panic", "Description": "ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.", "Severity": "HIGH", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38297.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39293.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41771.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41772.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23772.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23773.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23806.json", "https://access.redhat.com/security/cve/CVE-2021-41771", "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf", "https://errata.almalinux.org/8/ALSA-2022-1819.html", "https://go.dev/cl/367075", "https://go.dev/issue/48990", "https://go.googlesource.com/go/+/61536ec03063b4951163bd09609c86d82631fa27", "https://groups.google.com/g/golang-announce/c/0fM21h43arc", "https://linux.oracle.com/cve/CVE-2021-41771.html", "https://linux.oracle.com/errata/ELSA-2022-1819.html", "https://lists.debian.org/debian-lts-announce/2022/01/msg00016.html", "https://lists.debian.org/debian-lts-announce/2022/01/msg00017.html", "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OFS3M3OFB24SWPTIAPARKGPUMQVUY6Z/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ON7BQRRJZBOR5TJHURBAB3WLF4YXFC6Z/", "https://nvd.nist.gov/vuln/detail/CVE-2021-41771", "https://pkg.go.dev/vuln/GO-2021-0263", "https://security.gentoo.org/glsa/202208-02", "https://security.netapp.com/advisory/ntap-20211210-0003/", "https://www.cve.org/CVERecord?id=CVE-2021-41771", "https://www.oracle.com/security-alerts/cpujul2022.html" ], "PublishedDate": "2021-11-08T06:15:08.057Z", "LastModifiedDate": "2024-11-21T06:26:44.027Z" }, { "VulnerabilityID": "CVE-2021-41772", "VendorIDs": [ "GO-2021-0264" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.16.10, 1.17.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-41772", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3825f9aae9819a3f9386596ac617c1878dc1ede5412bdbf94b63705ac13e35be", "Title": "golang: archive/zip: Reader.Open panics on empty string", "Description": "Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field.", "Severity": "HIGH", "CweIDs": [ "CWE-20" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38297.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39293.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41771.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41772.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23772.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23773.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23806.json", "https://access.redhat.com/security/cve/CVE-2021-41772", "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf", "https://errata.almalinux.org/8/ALSA-2022-1819.html", "https://go.dev/cl/349770", "https://go.dev/issue/48085", "https://go.googlesource.com/go/+/b24687394b55a93449e2be4e6892ead58ea9a10f", "https://groups.google.com/g/golang-announce/c/0fM21h43arc", "https://linux.oracle.com/cve/CVE-2021-41772.html", "https://linux.oracle.com/errata/ELSA-2022-1819.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OFS3M3OFB24SWPTIAPARKGPUMQVUY6Z/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ON7BQRRJZBOR5TJHURBAB3WLF4YXFC6Z/", "https://nvd.nist.gov/vuln/detail/CVE-2021-41772", "https://pkg.go.dev/vuln/GO-2021-0264", "https://security.gentoo.org/glsa/202208-02", "https://security.netapp.com/advisory/ntap-20211210-0003/", "https://www.cve.org/CVERecord?id=CVE-2021-41772", "https://www.oracle.com/security-alerts/cpujul2022.html" ], "PublishedDate": "2021-11-08T06:15:08.107Z", "LastModifiedDate": "2024-11-21T06:26:44.223Z" }, { "VulnerabilityID": "CVE-2021-44716", "VendorIDs": [ "GHSA-vc3p-29h2-gpcp", "GO-2022-0288" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.16.12, 1.17.5", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-44716", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:5c90dfbb0e5e652218c2a09559411dd43eb276a3f461b75f4d37c2613075182d", "Title": "golang: net/http: limit growth of header canonicalization cache", "Description": "net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.", "Severity": "HIGH", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-44716", "https://bugzilla.redhat.com/show_bug.cgi?id=2030801", "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44716", "https://errata.rockylinux.org/RLSA-2022:0001", "https://github.com/golang/go/commit/48d948963c5ce7add72af5665a871caff6c1d35a (go1.17.5)", "https://github.com/golang/net/commit/491a49abca63de5e07ef554052d180a1b5fe2d70", "https://go.dev/cl/369794", "https://go.dev/issue/50058", "https://groups.google.com/g/golang-announce/c/hcmEScgc00k", "https://groups.google.com/g/golang-announce/c/hcmEScgc00k/m/ZWnOjeY4CQAJ", "https://linux.oracle.com/cve/CVE-2021-44716.html", "https://linux.oracle.com/errata/ELSA-2022-0001.html", "https://lists.debian.org/debian-lts-announce/2022/01/msg00016.html", "https://lists.debian.org/debian-lts-announce/2022/01/msg00017.html", "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-44716", "https://pkg.go.dev/vuln/GO-2022-0288", "https://security.gentoo.org/glsa/202208-02", "https://security.netapp.com/advisory/ntap-20220121-0002", "https://security.netapp.com/advisory/ntap-20220121-0002/", "https://www.cve.org/CVERecord?id=CVE-2021-44716" ], "PublishedDate": "2022-01-01T05:15:08.307Z", "LastModifiedDate": "2024-11-21T06:31:26.96Z" }, { "VulnerabilityID": "CVE-2022-23772", "VendorIDs": [ "GO-2021-0317" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.16.14, 1.17.7", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-23772", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:1cf6103b28c2858c5460e4a73846c144b45e7b3e667d5e979dcb28ef7de5211c", "Title": "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString", "Description": "Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.", "Severity": "HIGH", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 7.8, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38297.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39293.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41771.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41772.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23772.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23773.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23806.json", "https://access.redhat.com/security/cve/CVE-2022-23772", "https://errata.almalinux.org/8/ALSA-2022-1819.html", "https://go.dev/cl/379537", "https://go.dev/issue/50699", "https://go.googlesource.com/go/+/ad345c265916bbf6c646865e4642eafce6d39e78", "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", "https://linux.oracle.com/cve/CVE-2022-23772.html", "https://linux.oracle.com/errata/ELSA-2022-1819.html", "https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html", "https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-23772", "https://pkg.go.dev/vuln/GO-2021-0317", "https://security.gentoo.org/glsa/202208-02", "https://security.netapp.com/advisory/ntap-20220225-0006/", "https://www.cve.org/CVERecord?id=CVE-2022-23772", "https://www.oracle.com/security-alerts/cpujul2022.html" ], "PublishedDate": "2022-02-11T01:15:07.657Z", "LastModifiedDate": "2024-11-21T06:49:15.127Z" }, { "VulnerabilityID": "CVE-2022-24675", "VendorIDs": [ "GO-2022-0433" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.17.9, 1.18.1", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-24675", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:9965f691f18dbfea9d6fc41f3749753b748639835c59b8f630cc483973b1a302", "Title": "golang: encoding/pem: fix stack overflow in Decode", "Description": "encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.", "Severity": "HIGH", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-24675", "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1962", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24675", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24921", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28131", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28327", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29526", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30629", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30633", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", "https://errata.rockylinux.org/RLSA-2022:5799", "https://go.dev/cl/399820", "https://go.dev/issue/51853", "https://go.googlesource.com/go/+/45c3387d777caf28f4b992ad9a6216e3085bb8fe", "https://groups.google.com/g/golang-announce", "https://groups.google.com/g/golang-announce/c/oecdBNLOml8", "https://linux.oracle.com/cve/CVE-2022-24675.html", "https://linux.oracle.com/errata/ELSA-2022-5337.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TYZC4OAY54TO75FBEFAPV5G7O4D5TM/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3BMW5QGX53CMIJIZWKXFKBJX2C5GWTY/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RCRSABD6CUDIZULZPZL5BJ3ET3A2NEJP/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/", "https://nvd.nist.gov/vuln/detail/CVE-2022-24675", "https://pkg.go.dev/vuln/GO-2022-0433", "https://security.gentoo.org/glsa/202208-02", "https://security.netapp.com/advisory/ntap-20220915-0010/", "https://www.cve.org/CVERecord?id=CVE-2022-24675" ], "PublishedDate": "2022-04-20T10:15:07.93Z", "LastModifiedDate": "2024-11-21T06:50:50.78Z" }, { "VulnerabilityID": "CVE-2022-24921", "VendorIDs": [ "GO-2021-0347" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.16.15, 1.17.8", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-24921", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:58676bdef07a0196016da531117327096b1c27806e8e2c817df010bd79704904", "Title": "golang: regexp: stack exhaustion via a deeply nested expression", "Description": "regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.", "Severity": "HIGH", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-24921", "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1962", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24675", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24921", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28131", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28327", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29526", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30629", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30633", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", "https://errata.rockylinux.org/RLSA-2022:5799", "https://go.dev/cl/384616", "https://go.dev/issue/51112", "https://go.googlesource.com/go/+/452f24ae94f38afa3704d4361d91d51218405c0a", "https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk", "https://linux.oracle.com/cve/CVE-2022-24921.html", "https://linux.oracle.com/errata/ELSA-2022-9363.html", "https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html", "https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html", "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-24921", "https://pkg.go.dev/vuln/GO-2021-0347", "https://security.gentoo.org/glsa/202208-02", "https://security.netapp.com/advisory/ntap-20220325-0010/", "https://www.cve.org/CVERecord?id=CVE-2022-24921" ], "PublishedDate": "2022-03-05T20:15:08.323Z", "LastModifiedDate": "2024-11-21T06:51:23.59Z" }, { "VulnerabilityID": "CVE-2022-27664", "VendorIDs": [ "GHSA-69cg-p879-7622", "GO-2022-0969" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.18.6, 1.19.1", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27664", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:87afd35453b7aa9bb00f993eeee667bf03cdd6a21e02000b3b7d20175d4e128d", "Title": "golang: net/http: handle server errors after sending GOAWAY", "Description": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.", "Severity": "HIGH", "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:2357", "https://access.redhat.com/security/cve/CVE-2022-27664", "https://bugzilla.redhat.com/2107371", "https://bugzilla.redhat.com/2107374", "https://bugzilla.redhat.com/2107383", "https://bugzilla.redhat.com/2107386", "https://bugzilla.redhat.com/2107388", "https://bugzilla.redhat.com/2113814", "https://bugzilla.redhat.com/2124669", "https://bugzilla.redhat.com/2132868", "https://bugzilla.redhat.com/2132872", "https://bugzilla.redhat.com/2161274", "https://bugzilla.redhat.com/show_bug.cgi?id=1913333", "https://bugzilla.redhat.com/show_bug.cgi?id=1913338", "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", "https://bugzilla.redhat.com/show_bug.cgi?id=2113814", "https://bugzilla.redhat.com/show_bug.cgi?id=2124669", "https://cs.opensource.google/go/x/net", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28851", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28852", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189", "https://errata.almalinux.org/9/ALSA-2023-2357.html", "https://errata.rockylinux.org/RLSA-2022:7129", "https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479 (go1.18.6)", "https://github.com/golang/go/commit/9cfe4e258b1c9d4a04a42539c21c7bdb2e227824 (go1.19.1)", "https://github.com/golang/go/issues/54658", "https://go.dev/cl/428735", "https://go.dev/issue/54658", "https://groups.google.com/g/golang-announce", "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s", "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ", "https://linux.oracle.com/cve/CVE-2022-27664.html", "https://linux.oracle.com/errata/ELSA-2024-0121.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX", "https://nvd.nist.gov/vuln/detail/CVE-2022-27664", "https://pkg.go.dev/vuln/GO-2022-0969", "https://security.gentoo.org/glsa/202209-26", "https://security.netapp.com/advisory/ntap-20220923-0004", "https://security.netapp.com/advisory/ntap-20220923-0004/", "https://ubuntu.com/security/notices/USN-6038-1", "https://ubuntu.com/security/notices/USN-6038-2", "https://ubuntu.com/security/notices/USN-8089-1", "https://ubuntu.com/security/notices/USN-8089-2", "https://ubuntu.com/security/notices/USN-8089-3", "https://www.cve.org/CVERecord?id=CVE-2022-27664" ], "PublishedDate": "2022-09-06T18:15:12.747Z", "LastModifiedDate": "2024-11-21T06:56:07.703Z" }, { "VulnerabilityID": "CVE-2022-28131", "VendorIDs": [ "GO-2022-0521" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.17.12, 1.18.4", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-28131", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:ead4cef14ebdd659423a18f57136db99211cefeefbbaec63afaf32291516bcf4", "Title": "golang: encoding/xml: stack exhaustion in Decoder.Skip", "Description": "Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.", "Severity": "HIGH", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "V3Score": 7.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2022:8057", "https://access.redhat.com/security/cve/CVE-2022-28131", "https://bugzilla.redhat.com/2044628", "https://bugzilla.redhat.com/2045880", "https://bugzilla.redhat.com/2050648", "https://bugzilla.redhat.com/2050742", "https://bugzilla.redhat.com/2050743", "https://bugzilla.redhat.com/2065290", "https://bugzilla.redhat.com/2107342", "https://bugzilla.redhat.com/2107371", "https://bugzilla.redhat.com/2107374", "https://bugzilla.redhat.com/2107376", "https://bugzilla.redhat.com/2107383", "https://bugzilla.redhat.com/2107386", "https://bugzilla.redhat.com/2107388", "https://bugzilla.redhat.com/2107390", "https://bugzilla.redhat.com/2107392", "https://bugzilla.redhat.com/show_bug.cgi?id=2044628", "https://bugzilla.redhat.com/show_bug.cgi?id=2045880", "https://bugzilla.redhat.com/show_bug.cgi?id=2050648", "https://bugzilla.redhat.com/show_bug.cgi?id=2050742", "https://bugzilla.redhat.com/show_bug.cgi?id=2050743", "https://bugzilla.redhat.com/show_bug.cgi?id=2055349", "https://bugzilla.redhat.com/show_bug.cgi?id=2065290", "https://bugzilla.redhat.com/show_bug.cgi?id=2104367", "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1962", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21673", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21698", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21702", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21703", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21713", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28131", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30633", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", "https://errata.almalinux.org/9/ALSA-2022-8057.html", "https://errata.rockylinux.org/RLSA-2022:8057", "https://github.com/golang/go/commit/90f040ec510dd678b7860d70ca77e5682f4c7e96", "https://go.dev/cl/417062", "https://go.dev/issue/53614", "https://go.googlesource.com/go/+/08c46ed43d80bbb67cb904944ea3417989be4af3", "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "https://linux.oracle.com/cve/CVE-2022-28131.html", "https://linux.oracle.com/errata/ELSA-2023-2802.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-28131", "https://pkg.go.dev/vuln/GO-2022-0521", "https://ubuntu.com/security/notices/USN-6038-1", "https://ubuntu.com/security/notices/USN-6038-2", "https://www.cve.org/CVERecord?id=CVE-2022-28131" ], "PublishedDate": "2022-08-10T20:15:32.767Z", "LastModifiedDate": "2024-11-21T06:56:48.57Z" }, { "VulnerabilityID": "CVE-2022-28327", "VendorIDs": [ "GO-2022-0435" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.17.9, 1.18.1", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-28327", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:ca44594540f3dc4840863e4b27396c86bd908785967fd032f9733724e8d50689", "Title": "golang: crypto/elliptic: panic caused by oversized scalar", "Description": "The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.", "Severity": "HIGH", "VendorSeverity": { "amazon": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-28327", "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1962", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24675", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24921", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28131", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28327", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29526", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30629", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30633", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", "https://errata.rockylinux.org/RLSA-2022:5799", "https://go.dev/cl/397135", "https://go.dev/issue/52075", "https://go.googlesource.com/go/+/37065847d87df92b5eb246c88ba2085efcf0b331", "https://groups.google.com/g/golang-announce", "https://groups.google.com/g/golang-announce/c/oecdBNLOml8", "https://linux.oracle.com/cve/CVE-2022-28327.html", "https://linux.oracle.com/errata/ELSA-2022-5337.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TYZC4OAY54TO75FBEFAPV5G7O4D5TM/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3BMW5QGX53CMIJIZWKXFKBJX2C5GWTY/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NY6GEAJMNKKMU5H46QO4D7D6A24KSPXE/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RCRSABD6CUDIZULZPZL5BJ3ET3A2NEJP/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/", "https://nvd.nist.gov/vuln/detail/CVE-2022-28327", "https://pkg.go.dev/vuln/GO-2022-0435", "https://security.gentoo.org/glsa/202208-02", "https://security.netapp.com/advisory/ntap-20220915-0010/", "https://www.cve.org/CVERecord?id=CVE-2022-28327" ], "PublishedDate": "2022-04-20T10:15:08.03Z", "LastModifiedDate": "2024-11-21T06:57:10.2Z" }, { "VulnerabilityID": "CVE-2022-2879", "VendorIDs": [ "GO-2022-1037" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.18.7, 1.19.2", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-2879", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:42766c2a9617363abd27436b723c3109e43d2704e429be31044fc32f144582e0", "Title": "golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers", "Description": "Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:2204", "https://access.redhat.com/security/cve/CVE-2022-2879", "https://bugzilla.redhat.com/2124669", "https://bugzilla.redhat.com/2132867", "https://bugzilla.redhat.com/2132868", "https://bugzilla.redhat.com/2132872", "https://bugzilla.redhat.com/2161274", "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", "https://bugzilla.redhat.com/show_bug.cgi?id=2149311", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", "https://errata.almalinux.org/9/ALSA-2023-2204.html", "https://errata.rockylinux.org/RLSA-2023:0328", "https://github.com/golang/go/commit/0a723816cd205576945fa57fbdde7e6532d59d08 (go1.18.7)", "https://github.com/golang/go/commit/4fa773cdefd20be093c84f731be7d4febf5536fa (go1.19.2)", "https://github.com/golang/go/issues/54853", "https://github.com/vbatts/tar-split/releases/tag/v0.12.1", "https://go.dev/cl/439355", "https://go.dev/issue/54853", "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU", "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1", "https://linux.oracle.com/cve/CVE-2022-2879.html", "https://linux.oracle.com/errata/ELSA-2024-2988.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-2879", "https://pkg.go.dev/vuln/GO-2022-1037", "https://security.gentoo.org/glsa/202311-09", "https://ubuntu.com/security/notices/USN-6038-1", "https://ubuntu.com/security/notices/USN-6038-2", "https://www.cve.org/CVERecord?id=CVE-2022-2879" ], "PublishedDate": "2022-10-14T15:15:17.647Z", "LastModifiedDate": "2024-11-21T07:01:51.487Z" }, { "VulnerabilityID": "CVE-2022-2880", "VendorIDs": [ "GO-2022-1038" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.18.7, 1.19.2", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-2880", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b2c717c2361d4d5cb8762f5a4f94004ee958ddaaa08f0f1ad3c97b3e02f07ead", "Title": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters", "Description": "Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound request's Form field is set after the ReverseProxy. Director function returns, indicating that the proxy has parsed the query parameters. Proxies which do not parse query parameters continue to forward the original query parameters unchanged.", "Severity": "HIGH", "CweIDs": [ "CWE-444" ], "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:2357", "https://access.redhat.com/security/cve/CVE-2022-2880", "https://bugzilla.redhat.com/2107371", "https://bugzilla.redhat.com/2107374", "https://bugzilla.redhat.com/2107383", "https://bugzilla.redhat.com/2107386", "https://bugzilla.redhat.com/2107388", "https://bugzilla.redhat.com/2113814", "https://bugzilla.redhat.com/2124669", "https://bugzilla.redhat.com/2132868", "https://bugzilla.redhat.com/2132872", "https://bugzilla.redhat.com/2161274", "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", "https://bugzilla.redhat.com/show_bug.cgi?id=2149311", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", "https://errata.almalinux.org/9/ALSA-2023-2357.html", "https://errata.rockylinux.org/RLSA-2023:0328", "https://github.com/golang/go/commit/9d2c73a9fd69e45876509bb3bdb2af99bf77da1e (go1.18.7)", "https://github.com/golang/go/commit/f6d844510d5f1e3b3098eba255d9b633d45eac3b (go1.19.2)", "https://github.com/golang/go/issues/54663", "https://go.dev/cl/432976", "https://go.dev/issue/54663", "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU", "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1", "https://linux.oracle.com/cve/CVE-2022-2880.html", "https://linux.oracle.com/errata/ELSA-2024-3254.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-2880", "https://pkg.go.dev/vuln/GO-2022-1038", "https://security.gentoo.org/glsa/202311-09", "https://ubuntu.com/security/notices/USN-6038-1", "https://ubuntu.com/security/notices/USN-6038-2", "https://www.cve.org/CVERecord?id=CVE-2022-2880" ], "PublishedDate": "2022-10-14T15:15:18.09Z", "LastModifiedDate": "2024-11-21T07:01:51.61Z" }, { "VulnerabilityID": "CVE-2022-29804", "VendorIDs": [ "GO-2022-0533" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.17.11, 1.18.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-29804", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:70ca816504b69e64be8ff94c09e0b504417317fc89d55a0f3ec0f68304727cd8", "Title": "ELSA-2022-17957: ol8addon security update (IMPORTANT)", "Description": "Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack.", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "bitnami": 3, "nvd": 3, "oracle-oval": 3, "photon": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/401595", "https://go.dev/issue/52476", "https://go.googlesource.com/go/+/9cd1818a7d019c02fa4898b3e45a323e35033290", "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ", "https://linux.oracle.com/cve/CVE-2022-29804.html", "https://linux.oracle.com/errata/ELSA-2022-17957.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-29804", "https://pkg.go.dev/vuln/GO-2022-0533" ], "PublishedDate": "2022-08-10T20:15:34.89Z", "LastModifiedDate": "2024-11-21T06:59:42.8Z" }, { "VulnerabilityID": "CVE-2022-30580", "VendorIDs": [ "GO-2022-0532" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.17.11, 1.18.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-30580", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:342b9814a7093362462314331ae3dfc7388f6bc5f092e07f82a7d4ca59dbd74a", "Title": "golang: os/exec: Code injection in Cmd.Start", "Description": "Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either \"..com\" or \"..exe\" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset.", "Severity": "HIGH", "CweIDs": [ "CWE-94" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-30580", "https://go.dev/cl/403759", "https://go.dev/issue/52574", "https://go.googlesource.com/go/+/960ffa98ce73ef2c2060c84c7ac28d37a83f345e", "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ", "https://linux.oracle.com/cve/CVE-2022-30580.html", "https://linux.oracle.com/errata/ELSA-2022-17957.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-30580", "https://pkg.go.dev/vuln/GO-2022-0532", "https://www.cve.org/CVERecord?id=CVE-2022-30580" ], "PublishedDate": "2022-08-10T20:15:40.227Z", "LastModifiedDate": "2026-03-06T18:16:11.913Z" }, { "VulnerabilityID": "CVE-2022-30630", "VendorIDs": [ "GO-2022-0527" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.17.12, 1.18.4", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-30630", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:7a023b35951286e85c4038b39893da626d510cb9cfb0b26620be0ff44b6df68c", "Title": "golang: io/fs: stack exhaustion in Glob", "Description": "Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators.", "Severity": "HIGH", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:2180", "https://access.redhat.com/security/cve/CVE-2022-30630", "https://bugzilla.redhat.com/2107342", "https://bugzilla.redhat.com/2107371", "https://bugzilla.redhat.com/2107386", "https://bugzilla.redhat.com/2253193", "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", "https://errata.almalinux.org/9/ALSA-2024-2180.html", "https://errata.rockylinux.org/RLSA-2022:8250", "https://github.com/golang/go/commit/315e80d293b684ac2902819e58f618f1b5a14d49 (1.18)", "https://go.dev/cl/417065", "https://go.dev/issue/53415", "https://go.googlesource.com/go/+/fa2d41d0ca736f3ad6b200b2a4e134364e9acc59", "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "https://linux.oracle.com/cve/CVE-2022-30630.html", "https://linux.oracle.com/errata/ELSA-2024-2180.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-30630", "https://pkg.go.dev/vuln/GO-2022-0527", "https://ubuntu.com/security/notices/USN-6038-1", "https://ubuntu.com/security/notices/USN-6038-2", "https://www.cve.org/CVERecord?id=CVE-2022-30630" ], "PublishedDate": "2022-08-10T20:15:40.977Z", "LastModifiedDate": "2026-03-06T18:16:13.45Z" }, { "VulnerabilityID": "CVE-2022-30631", "VendorIDs": [ "GO-2022-0524" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.17.12, 1.18.4", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-30631", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:7cb7508b8641ecd44b0922ebe4aa2c7a93061572a27376a8ce60df24b74adfbe", "Title": "golang: compress/gzip: stack exhaustion in Reader.Read", "Description": "Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files.", "Severity": "HIGH", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:2180", "https://access.redhat.com/security/cve/CVE-2022-30631", "https://bugzilla.redhat.com/2107342", "https://bugzilla.redhat.com/2107371", "https://bugzilla.redhat.com/2107386", "https://bugzilla.redhat.com/2253193", "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", "https://errata.almalinux.org/9/ALSA-2024-2180.html", "https://errata.rockylinux.org/RLSA-2022:8250", "https://github.com/golang/go/commit/8e27a8ac4c001c27713810b75925aa3794049c48 (1.18)", "https://go.dev/cl/417067", "https://go.dev/issue/53168", "https://go.googlesource.com/go/+/b2b8872c876201eac2d0707276c6999ff3eb185e", "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "https://linux.oracle.com/cve/CVE-2022-30631.html", "https://linux.oracle.com/errata/ELSA-2024-2180.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-30631", "https://pkg.go.dev/vuln/GO-2022-0524", "https://ubuntu.com/security/notices/USN-6038-1", "https://ubuntu.com/security/notices/USN-6038-2", "https://www.cve.org/CVERecord?id=CVE-2022-30631" ], "PublishedDate": "2022-08-10T20:15:41.373Z", "LastModifiedDate": "2025-10-20T18:15:36.863Z" }, { "VulnerabilityID": "CVE-2022-30632", "VendorIDs": [ "GO-2022-0522" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.17.12, 1.18.4", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-30632", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f27af4e81eeb8da72d20085930b838365f5f8642343bec4db07151b7f43f3d64", "Title": "golang: path/filepath: stack exhaustion in Glob", "Description": "Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.", "Severity": "HIGH", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:2180", "https://access.redhat.com/security/cve/CVE-2022-30632", "https://bugzilla.redhat.com/2107342", "https://bugzilla.redhat.com/2107371", "https://bugzilla.redhat.com/2107386", "https://bugzilla.redhat.com/2253193", "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", "https://errata.almalinux.org/9/ALSA-2024-2180.html", "https://errata.rockylinux.org/RLSA-2022:8250", "https://github.com/golang/go/commit/5ebd862b1714dad1544bd10a24c47cdb53ad7f46 (1.18)", "https://go.dev/cl/417066", "https://go.dev/issue/53416", "https://go.googlesource.com/go/+/ac68c6c683409f98250d34ad282b9e1b0c9095ef", "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "https://linux.oracle.com/cve/CVE-2022-30632.html", "https://linux.oracle.com/errata/ELSA-2024-2180.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-30632", "https://pkg.go.dev/vuln/GO-2022-0522", "https://ubuntu.com/security/notices/USN-6038-1", "https://ubuntu.com/security/notices/USN-6038-2", "https://www.cve.org/CVERecord?id=CVE-2022-30632" ], "PublishedDate": "2022-08-10T20:15:41.877Z", "LastModifiedDate": "2024-11-21T07:03:04.097Z" }, { "VulnerabilityID": "CVE-2022-30633", "VendorIDs": [ "GO-2022-0523" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.17.12, 1.18.4", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-30633", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c8cabc3f0806d68609c66a4a661740b76b4d5e91bedbfe163918efd0a1dde75e", "Title": "golang: encoding/xml: stack exhaustion in Unmarshal", "Description": "Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag.", "Severity": "HIGH", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2022:8057", "https://access.redhat.com/security/cve/CVE-2022-30633", "https://bugzilla.redhat.com/2044628", "https://bugzilla.redhat.com/2045880", "https://bugzilla.redhat.com/2050648", "https://bugzilla.redhat.com/2050742", "https://bugzilla.redhat.com/2050743", "https://bugzilla.redhat.com/2065290", "https://bugzilla.redhat.com/2107342", "https://bugzilla.redhat.com/2107371", "https://bugzilla.redhat.com/2107374", "https://bugzilla.redhat.com/2107376", "https://bugzilla.redhat.com/2107383", "https://bugzilla.redhat.com/2107386", "https://bugzilla.redhat.com/2107388", "https://bugzilla.redhat.com/2107390", "https://bugzilla.redhat.com/2107392", "https://bugzilla.redhat.com/show_bug.cgi?id=2044628", "https://bugzilla.redhat.com/show_bug.cgi?id=2045880", "https://bugzilla.redhat.com/show_bug.cgi?id=2050648", "https://bugzilla.redhat.com/show_bug.cgi?id=2050742", "https://bugzilla.redhat.com/show_bug.cgi?id=2050743", "https://bugzilla.redhat.com/show_bug.cgi?id=2055349", "https://bugzilla.redhat.com/show_bug.cgi?id=2065290", "https://bugzilla.redhat.com/show_bug.cgi?id=2104367", "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1962", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21673", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21698", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21702", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21703", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21713", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28131", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30633", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", "https://errata.almalinux.org/9/ALSA-2022-8057.html", "https://errata.rockylinux.org/RLSA-2022:8057", "https://github.com/golang/go/commit/2924ced71d16297320e8ff18829c2038e6ad8d9b (1.18)", "https://go.dev/cl/417061", "https://go.dev/issue/53611", "https://go.googlesource.com/go/+/c4c1993fd2a5b26fe45c09592af6d3388a3b2e08", "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "https://linux.oracle.com/cve/CVE-2022-30633.html", "https://linux.oracle.com/errata/ELSA-2023-2802.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-30633", "https://pkg.go.dev/vuln/GO-2022-0523", "https://ubuntu.com/security/notices/USN-6038-1", "https://ubuntu.com/security/notices/USN-6038-2", "https://www.cve.org/CVERecord?id=CVE-2022-30633" ], "PublishedDate": "2022-08-10T20:15:42.21Z", "LastModifiedDate": "2026-03-06T18:16:13.833Z" }, { "VulnerabilityID": "CVE-2022-30634", "VendorIDs": [ "GO-2022-0477" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.17.11, 1.18.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-30634", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:26f822c19ebc8bcbecfb72bc8129009d326719638096c4296044e824d0504f92", "Title": "ELSA-2022-17957: ol8addon security update (IMPORTANT)", "Description": "Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 \u003c\u003c 32 - 1 bytes.", "Severity": "HIGH", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "nvd": 3, "oracle-oval": 3, "photon": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/402257", "https://go.dev/issue/52561", "https://go.googlesource.com/go/+/bb1f4416180511231de6d17a1f2f55c82aafc863", "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ", "https://linux.oracle.com/cve/CVE-2022-30634.html", "https://linux.oracle.com/errata/ELSA-2022-17957.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-30634", "https://pkg.go.dev/vuln/GO-2022-0477" ], "PublishedDate": "2022-07-15T20:15:08.597Z", "LastModifiedDate": "2024-11-21T07:03:04.353Z" }, { "VulnerabilityID": "CVE-2022-30635", "VendorIDs": [ "GO-2022-0526" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.17.12, 1.18.4", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-30635", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:21be5ea0594f60724b6511f5ab6f7dd3bcbee7de5051043f873110782bb49da7", "Title": "golang: encoding/gob: stack exhaustion in Decoder.Decode", "Description": "Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures.", "Severity": "HIGH", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:2357", "https://access.redhat.com/security/cve/CVE-2022-30635", "https://bugzilla.redhat.com/2107371", "https://bugzilla.redhat.com/2107374", "https://bugzilla.redhat.com/2107383", "https://bugzilla.redhat.com/2107386", "https://bugzilla.redhat.com/2107388", "https://bugzilla.redhat.com/2113814", "https://bugzilla.redhat.com/2124669", "https://bugzilla.redhat.com/2132868", "https://bugzilla.redhat.com/2132872", "https://bugzilla.redhat.com/2161274", "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", "https://errata.almalinux.org/9/ALSA-2023-2357.html", "https://errata.rockylinux.org/RLSA-2022:8250", "https://github.com/golang/go/commit/fb979a50823e5a0575cf6166b3f17a13364cbf81 (1.18)", "https://go.dev/cl/417064", "https://go.dev/issue/53615", "https://go.googlesource.com/go/+/6fa37e98ea4382bf881428ee0c150ce591500eb7", "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "https://linux.oracle.com/cve/CVE-2022-30635.html", "https://linux.oracle.com/errata/ELSA-2023-2802.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-30635", "https://pkg.go.dev/vuln/GO-2022-0526", "https://ubuntu.com/security/notices/USN-6038-1", "https://ubuntu.com/security/notices/USN-6038-2", "https://www.cve.org/CVERecord?id=CVE-2022-30635" ], "PublishedDate": "2022-08-10T20:15:42.64Z", "LastModifiedDate": "2026-03-06T18:16:14.177Z" }, { "VulnerabilityID": "CVE-2022-32189", "VendorIDs": [ "GO-2022-0537" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.17.13, 1.18.5", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-32189", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:0b9e226d42faf8c63037263f1ab92fd4e9e3fa1aba61630b6db7fa1f5c28f33d", "Title": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service", "Description": "A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service.", "Severity": "HIGH", "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 1, "rocky": 1, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:2357", "https://access.redhat.com/security/cve/CVE-2022-32189", "https://bugzilla.redhat.com/2107371", "https://bugzilla.redhat.com/2107374", "https://bugzilla.redhat.com/2107383", "https://bugzilla.redhat.com/2107386", "https://bugzilla.redhat.com/2107388", "https://bugzilla.redhat.com/2113814", "https://bugzilla.redhat.com/2124669", "https://bugzilla.redhat.com/2132868", "https://bugzilla.redhat.com/2132872", "https://bugzilla.redhat.com/2161274", "https://bugzilla.redhat.com/show_bug.cgi?id=2059869", "https://bugzilla.redhat.com/show_bug.cgi?id=2059870", "https://bugzilla.redhat.com/show_bug.cgi?id=2060061", "https://bugzilla.redhat.com/show_bug.cgi?id=2062597", "https://bugzilla.redhat.com/show_bug.cgi?id=2064087", "https://bugzilla.redhat.com/show_bug.cgi?id=2088459", "https://bugzilla.redhat.com/show_bug.cgi?id=2105961", "https://bugzilla.redhat.com/show_bug.cgi?id=2110864", "https://bugzilla.redhat.com/show_bug.cgi?id=2113814", "https://bugzilla.redhat.com/show_bug.cgi?id=2118831", "https://bugzilla.redhat.com/show_bug.cgi?id=2123055", "https://bugzilla.redhat.com/show_bug.cgi?id=2123210", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189", "https://errata.almalinux.org/9/ALSA-2023-2357.html", "https://errata.rockylinux.org/RLSA-2022:7950", "https://github.com/golang/go/commit/9240558e4f342fc6e98fec22de17c04b45089349 (1.18)", "https://go.dev/cl/417774", "https://go.dev/issue/53871", "https://go.googlesource.com/go/+/055113ef364337607e3e72ed7d48df67fde6fc66", "https://groups.google.com/g/golang-announce/c/YqYYG87xB10", "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU", "https://linux.oracle.com/cve/CVE-2022-32189.html", "https://linux.oracle.com/errata/ELSA-2023-2802.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-32189", "https://pkg.go.dev/vuln/GO-2022-0537", "https://ubuntu.com/security/notices/USN-6038-1", "https://ubuntu.com/security/notices/USN-6038-2", "https://www.cve.org/CVERecord?id=CVE-2022-32189" ], "PublishedDate": "2022-08-10T20:15:47.507Z", "LastModifiedDate": "2024-11-21T07:05:53.513Z" }, { "VulnerabilityID": "CVE-2022-41715", "VendorIDs": [ "GO-2022-1039" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.18.7, 1.19.2", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41715", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:2b3b2b59280e67cf4591a1c7e1eccf50c52bb1444faf79abc4a8ae4453ed17f0", "Title": "golang: regexp/syntax: limit memory used by parsing regexps", "Description": "Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected.", "Severity": "HIGH", "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:2592", "https://access.redhat.com/security/cve/CVE-2022-41715", "https://bugzilla.redhat.com/2132872", "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", "https://bugzilla.redhat.com/show_bug.cgi?id=2149311", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", "https://errata.almalinux.org/9/ALSA-2023-2592.html", "https://errata.rockylinux.org/RLSA-2023:0328", "https://github.com/golang/go/commit/645abfe529dc325e16daa17210640c2907d1c17a (go1.19.2)", "https://github.com/golang/go/commit/e9017c2416ad0ef642f5e0c2eab2dbf3cba4d997 (go1.18.7)", "https://github.com/golang/go/issues/55949", "https://go.dev/cl/439356", "https://go.dev/issue/55949", "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU", "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1", "https://linux.oracle.com/cve/CVE-2022-41715.html", "https://linux.oracle.com/errata/ELSA-2024-3254.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-41715", "https://pkg.go.dev/vuln/GO-2022-1039", "https://security.gentoo.org/glsa/202311-09", "https://ubuntu.com/security/notices/USN-6038-1", "https://www.cve.org/CVERecord?id=CVE-2022-41715" ], "PublishedDate": "2022-10-14T15:16:20.78Z", "LastModifiedDate": "2024-11-21T07:23:43.367Z" }, { "VulnerabilityID": "CVE-2022-41716", "VendorIDs": [ "GO-2022-1095" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.18.8, 1.19.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41716", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:7b94f78ee26c9699e11eff028fbede52a2dadcb657f32b7db932a056fb086c63", "Title": "Due to unsanitized NUL values, attackers may be able to maliciously se ...", "Description": "Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string \"A=B\\x00C=D\" sets the variables \"A=B\" and \"C=D\".", "Severity": "HIGH", "VendorSeverity": { "amazon": 3, "bitnami": 3, "nvd": 3, "oracle-oval": 3, "photon": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/446916", "https://go.dev/issue/56284", "https://groups.google.com/g/golang-announce/c/mbHY1UY3BaM/m/hSpmRzk-AgAJ", "https://linux.oracle.com/cve/CVE-2022-41716.html", "https://linux.oracle.com/errata/ELSA-2023-18908.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-41716", "https://pkg.go.dev/vuln/GO-2022-1095", "https://security.netapp.com/advisory/ntap-20230120-0007/" ], "PublishedDate": "2022-11-02T16:15:11.15Z", "LastModifiedDate": "2024-11-21T07:23:43.507Z" }, { "VulnerabilityID": "CVE-2022-41720", "VendorIDs": [ "GO-2022-1143" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.18.9, 1.19.4", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41720", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:4c0b38e344d59b3fe15077bf550dda699b9138a28e432240a4e748fba5e7d678", "Title": "golang: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows", "Description": "On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS(\"C:/tmp\").Open(\"COM1\") opens the COM1 device. Both os.DirFS and http.Dir only provide read-only filesystem access. In addition, on Windows, an os.DirFS for the directory (the root of the current drive) can permit a maliciously crafted path to escape from the drive and access any path on the system. With fix applied, the behavior of os.DirFS(\"\") has changed. Previously, an empty root was treated equivalently to \"/\", so os.DirFS(\"\").Open(\"tmp\") would open the path \"/tmp\". This now returns an error.", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "bitnami": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-41720", "https://go.dev/cl/455716", "https://go.dev/issue/56694", "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ", "https://linux.oracle.com/cve/CVE-2022-41720.html", "https://linux.oracle.com/errata/ELSA-2023-18908.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-41720", "https://pkg.go.dev/vuln/GO-2022-1143", "https://www.cve.org/CVERecord?id=CVE-2022-41720" ], "PublishedDate": "2022-12-07T17:15:10.293Z", "LastModifiedDate": "2025-04-23T16:15:25.373Z" }, { "VulnerabilityID": "CVE-2022-41722", "VendorIDs": [ "GO-2023-1568" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.19.6, 1.20.1", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41722", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:5c1818eb503635e192d7073b8a815be223ecbd563c2221de2f1ad7a5ec46acd3", "Title": "golang: path/filepath: path-filepath filepath.Clean path traversal", "Description": "A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as \"a/../c:/b\" into the valid path \"c:\\b\". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path \".\\c:\\b\".", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-41722", "https://go.dev/cl/468123", "https://go.dev/issue/57274", "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "https://nvd.nist.gov/vuln/detail/CVE-2022-41722", "https://pkg.go.dev/vuln/GO-2023-1568", "https://www.cve.org/CVERecord?id=CVE-2022-41722" ], "PublishedDate": "2023-02-28T18:15:09.887Z", "LastModifiedDate": "2024-11-21T07:23:44.303Z" }, { "VulnerabilityID": "CVE-2022-41723", "VendorIDs": [ "GHSA-vvpx-j8f3-3w6h", "GO-2023-1571" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.19.6, 1.20.1", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:5d07c115f59a9ae3c92d1aaa91771e45d9dbe4be27e9a7564a1ee4b628cdfbe5", "Title": "golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding", "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", "Severity": "HIGH", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2022-41723", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", "https://go.dev/cl/468135", "https://go.dev/cl/468295", "https://go.dev/issue/57855", "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "https://linux.oracle.com/cve/CVE-2022-41723.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", "https://pkg.go.dev/vuln/GO-2023-1571", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20230331-0010/", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://ubuntu.com/security/notices/USN-8089-1", "https://ubuntu.com/security/notices/USN-8089-2", "https://ubuntu.com/security/notices/USN-8089-3", "https://vuln.go.dev/ID/GO-2023-1571.json", "https://www.couchbase.com/alerts", "https://www.couchbase.com/alerts/", "https://www.cve.org/CVERecord?id=CVE-2022-41723" ], "PublishedDate": "2023-02-28T18:15:09.98Z", "LastModifiedDate": "2025-05-05T16:15:20.433Z" }, { "VulnerabilityID": "CVE-2022-41724", "VendorIDs": [ "GO-2023-1570" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.19.6, 1.20.1", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41724", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:fcf971526bbc647e429c4795eeb0e396758ac0a88e1d643a5424effad7fe02dd", "Title": "golang: crypto/tls: large handshake records may cause panics", "Description": "Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth \u003e= RequestClientCert).", "Severity": "HIGH", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2022-41724", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://go.dev/cl/468125", "https://go.dev/issue/58001", "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "https://linux.oracle.com/cve/CVE-2022-41724.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-41724", "https://pkg.go.dev/vuln/GO-2023-1570", "https://security.gentoo.org/glsa/202311-09", "https://ubuntu.com/security/notices/USN-6140-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2022-41724" ], "PublishedDate": "2023-02-28T18:15:10.043Z", "LastModifiedDate": "2024-11-21T07:23:44.603Z" }, { "VulnerabilityID": "CVE-2022-41725", "VendorIDs": [ "GO-2023-1569" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.19.6, 1.20.1", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41725", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:78f833dac11e22b716598b9aab6ebd699f872e59ed5daaaec29d62262442702e", "Title": "golang: net/http, mime/multipart: denial of service from excessive resource consumption", "Description": "A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. ReadForm takes a maxMemory parameter, and is documented as storing \"up to maxMemory bytes +10MB (reserved for non-file parts) in memory\". File parts which cannot be stored in memory are stored on disk in temporary files. The unconfigurable 10MB reserved for non-file parts is excessively large and can potentially open a denial of service vector on its own. However, ReadForm did not properly account for all memory consumed by a parsed form, such as map entry overhead, part names, and MIME headers, permitting a maliciously crafted form to consume well over 10MB. In addition, ReadForm contained no limit on the number of disk files created, permitting a relatively small request body to create a large number of disk temporary files. With fix, ReadForm now properly accounts for various forms of memory overhead, and should now stay within its documented limit of 10MB + maxMemory bytes of memory consumption. Users should still be aware that this limit is high and may still be hazardous. In addition, ReadForm now creates at most one on-disk temporary file, combining multiple form parts into a single temporary file. The mime/multipart.File interface type's documentation states, \"If stored on disk, the File's underlying concrete type will be an *os.File.\". This is no longer the case when a form contains more than one file part, due to this coalescing of parts into a single file. The previous behavior of using distinct files for each form part may be reenabled with the environment variable GODEBUG=multipartfiles=distinct. Users should be aware that multipart.ReadForm and the http.Request methods that call it do not limit the amount of disk consumed by temporary files. Callers can limit the size of form data with http.MaxBytesReader.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2022-41725", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://github.com/golang/go/commit/5c55ac9bf1e5f779220294c843526536605f42ab [1.19]", "https://go.dev/cl/468124", "https://go.dev/issue/58006", "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "https://linux.oracle.com/cve/CVE-2022-41725.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-41725", "https://pkg.go.dev/vuln/GO-2023-1569", "https://security.gentoo.org/glsa/202311-09", "https://ubuntu.com/security/notices/USN-6140-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2022-41725" ], "PublishedDate": "2023-02-28T18:15:10.12Z", "LastModifiedDate": "2024-11-21T07:23:44.733Z" }, { "VulnerabilityID": "CVE-2023-24534", "VendorIDs": [ "GO-2023-1704" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.19.8, 1.20.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24534", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:4ef6a8e9761fd2694eba1ef38494db1cf4e96102c188166298a2d551a6b67cae", "Title": "golang: net/http, net/textproto: denial of service from excessive memory allocation", "Description": "HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than required to hold the parsed headers. An attacker can exploit this behavior to cause an HTTP server to allocate large amounts of memory from a small request, potentially leading to memory exhaustion and a denial of service. With fix, header parsing now correctly allocates only the memory required to hold parsed headers.", "Severity": "HIGH", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2023-24534", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://github.com/golang/go/commit/3991f6c41c7dfd167e889234c0cf1d840475e93c (go1.20.3)", "https://github.com/golang/go/commit/d6759e7a059f4208f07aa781402841d7ddaaef96 (go1.19.8)", "https://go.dev/cl/481994", "https://go.dev/issue/58975", "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", "https://linux.oracle.com/cve/CVE-2023-24534.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-24534", "https://pkg.go.dev/vuln/GO-2023-1704", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20230526-0007/", "https://ubuntu.com/security/notices/USN-6038-1", "https://ubuntu.com/security/notices/USN-6038-2", "https://ubuntu.com/security/notices/USN-6140-1", "https://www.cve.org/CVERecord?id=CVE-2023-24534" ], "PublishedDate": "2023-04-06T16:15:07.657Z", "LastModifiedDate": "2025-02-12T18:15:19.837Z" }, { "VulnerabilityID": "CVE-2023-24536", "VendorIDs": [ "GO-2023-1705" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.19.8, 1.20.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24536", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:38c1cc86fff275157c1d02a8131aa92eab0d7fba6b02b3d8bf31934c4ee2d5c2", "Title": "golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption", "Description": "Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount of memory consumed, leading it to accept larger inputs than intended. 2. Limiting total memory does not account for increased pressure on the garbage collector from large numbers of small allocations in forms with many parts. 3. ReadForm can allocate a large number of short-lived buffers, further increasing pressure on the garbage collector. The combination of these factors can permit an attacker to cause an program that parses multipart forms to consume large amounts of CPU and memory, potentially resulting in a denial of service. This affects programs that use mime/multipart.Reader.ReadForm, as well as form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. With fix, ReadForm now does a better job of estimating the memory consumption of parsed forms, and performs many fewer short-lived allocations. In addition, the fixed mime/multipart.Reader imposes the following limits on the size of parsed forms: 1. Forms parsed with ReadForm may contain no more than 1000 parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxparts=. 2. Form parts parsed with NextPart and NextRawPart may contain no more than 10,000 header fields. In addition, forms parsed with ReadForm may contain no more than 10,000 header fields across all parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxheaders=.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2023-24536", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://github.com/golang/go/commit/7917b5f31204528ea72e0629f0b7d52b35b27538 (go.1.19.8)", "https://github.com/golang/go/commit/bf8c7c575c8a552d9d79deb29e80854dc88528d0 (go1.20.3)", "https://go.dev/cl/482075", "https://go.dev/cl/482076", "https://go.dev/cl/482077", "https://go.dev/issue/59153", "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", "https://linux.oracle.com/cve/CVE-2023-24536.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-24536", "https://pkg.go.dev/vuln/GO-2023-1705", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20230526-0007/", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2023-24536" ], "PublishedDate": "2023-04-06T16:15:07.71Z", "LastModifiedDate": "2025-02-12T18:15:20.083Z" }, { "VulnerabilityID": "CVE-2023-24537", "VendorIDs": [ "GO-2023-1702" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.19.8, 1.20.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24537", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:830fbec9d37c8045eaf6e00967380bc594f593ce9fecabbe39323ffbc9e2aea6", "Title": "golang: go/parser: Infinite loop in parsing", "Description": "Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.", "Severity": "HIGH", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2023-24537", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://github.com/golang/go/commit/126a1d02da82f93ede7ce0bd8d3c51ef627f2104 (go1.19.8)", "https://github.com/golang/go/commit/e7c4b07ecf6b367f1afc9cc48cde963829dd0aab (go1.20.3)", "https://github.com/golang/go/issues/59180", "https://go.dev/cl/482078", "https://go.dev/issue/59180", "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", "https://linux.oracle.com/cve/CVE-2023-24537.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-24537", "https://pkg.go.dev/vuln/GO-2023-1702", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20241129-0004/", "https://ubuntu.com/security/notices/USN-6038-1", "https://ubuntu.com/security/notices/USN-6038-2", "https://ubuntu.com/security/notices/USN-6140-1", "https://www.cve.org/CVERecord?id=CVE-2023-24537" ], "PublishedDate": "2023-04-06T16:15:07.753Z", "LastModifiedDate": "2025-02-12T17:15:13.973Z" }, { "VulnerabilityID": "CVE-2023-24539", "VendorIDs": [ "GO-2023-1751" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.19.9, 1.20.4", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24539", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:72e9653f27e79605c69824822f4aa24b74e1ae44d2ef5ecbe201d134291eb64b", "Title": "golang: html/template: improper sanitization of CSS values", "Description": "Angle brackets (\u003c\u003e) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input.", "Severity": "HIGH", "CweIDs": [ "CWE-74", "CWE-94" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 7.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 7.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 7.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2023-24539", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://github.com/golang/go/commit/090590fdccc8442728aa31601927da1bf2ef1288 (go1.20.4)", "https://github.com/golang/go/commit/e49282327b05192e46086bf25fd3ac691205fe80 (go1.19.9)", "https://github.com/golang/go/issues/59720", "https://go.dev/cl/491615", "https://go.dev/issue/59720", "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU", "https://linux.oracle.com/cve/CVE-2023-24539.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-24539", "https://pkg.go.dev/vuln/GO-2023-1751", "https://security.netapp.com/advisory/ntap-20241129-0005/", "https://ubuntu.com/security/notices/USN-6140-1", "https://www.cve.org/CVERecord?id=CVE-2023-24539" ], "PublishedDate": "2023-05-11T16:15:09.6Z", "LastModifiedDate": "2025-01-24T17:15:10.67Z" }, { "VulnerabilityID": "CVE-2023-29400", "VendorIDs": [ "GO-2023-1753" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.19.9, 1.20.4", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29400", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:e2d71cac62575ad4343cb8f83ca96c12f8d8dd2e5fbff9a32f6b80b39a77101a", "Title": "golang: html/template: improper handling of empty HTML attributes", "Description": "Templates containing actions in unquoted HTML attributes (e.g. \"attr={{.}}\") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.", "Severity": "HIGH", "CweIDs": [ "CWE-74", "CWE-94" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 7.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 7.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 7.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2023-29400", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://github.com/golang/go/commit/337dd75343145b74ed2073d793322eb4103b56ad (go1.20.4)", "https://github.com/golang/go/commit/9db0e74f606b8afb28cc71d4b1c8b4ed24cabbf5 (go1.19.9)", "https://github.com/golang/go/issues/59722", "https://go.dev/cl/491617", "https://go.dev/issue/59722", "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU", "https://linux.oracle.com/cve/CVE-2023-29400.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-29400", "https://pkg.go.dev/vuln/GO-2023-1753", "https://security.netapp.com/advisory/ntap-20241213-0005/", "https://ubuntu.com/security/notices/USN-6140-1", "https://www.cve.org/CVERecord?id=CVE-2023-29400" ], "PublishedDate": "2023-05-11T16:15:09.85Z", "LastModifiedDate": "2025-01-24T17:15:12.747Z" }, { "VulnerabilityID": "CVE-2023-29403", "VendorIDs": [ "GO-2023-1840" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.19.10, 1.20.5", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29403", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:76e5afe10c7625d790f1819b62886af77e4b932ac7643b576d1f1b518ec55c55", "Title": "golang: runtime: unexpected behavior of setuid/setgid binaries", "Description": "On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.", "Severity": "HIGH", "CweIDs": [ "CWE-668" ], "VendorSeverity": { "alma": 4, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 4, "photon": 3, "redhat": 3, "rocky": 4, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:3923", "https://access.redhat.com/security/cve/CVE-2023-29403", "https://bugzilla.redhat.com/2216965", "https://bugzilla.redhat.com/2217562", "https://bugzilla.redhat.com/2217565", "https://bugzilla.redhat.com/2217569", "https://bugzilla.redhat.com/show_bug.cgi?id=2216965", "https://bugzilla.redhat.com/show_bug.cgi?id=2217562", "https://bugzilla.redhat.com/show_bug.cgi?id=2217565", "https://bugzilla.redhat.com/show_bug.cgi?id=2217569", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29402", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29403", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29404", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29405", "https://errata.almalinux.org/9/ALSA-2023-3923.html", "https://errata.rockylinux.org/RLSA-2023:3923", "https://github.com/golang/go/commit/36144ba429ef2650940c72e7a0b932af3612d420 (go1.20.5)", "https://github.com/golang/go/commit/a7b1cd452ddc69a6606c2f35ac5786dc892e62cb (go1.19.10)", "https://github.com/golang/go/issues/60272", "https://go.dev/cl/501223", "https://go.dev/issue/60272", "https://groups.google.com/g/golang-announce/c/q5135a9d924", "https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ", "https://linux.oracle.com/cve/CVE-2023-29403.html", "https://linux.oracle.com/errata/ELSA-2023-3923.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZ2O6YCO2IZMZJELQGZYR2WAUNEDLYV6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBS3IIK6ADV24C5ULQU55QLT2UE762ZX/", "https://nvd.nist.gov/vuln/detail/CVE-2023-29403", "https://pkg.go.dev/vuln/GO-2023-1840", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20241220-0009/", "https://ubuntu.com/security/notices/USN-7061-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://www.cve.org/CVERecord?id=CVE-2023-29403" ], "PublishedDate": "2023-06-08T21:15:16.927Z", "LastModifiedDate": "2025-01-06T20:15:25.82Z" }, { "VulnerabilityID": "CVE-2023-39325", "VendorIDs": [ "GHSA-4374-p667-p6c8", "GO-2023-2102" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.20.10, 1.21.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39325", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:12d710ff6a5075c72b494e08e169e02cd1c2ed22e45fd24abfb2cfa14fd9b172", "Title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)", "Description": "A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 2, "redhat": 3, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "golang.org/x/net", "https://access.redhat.com/errata/RHSA-2023:6077", "https://access.redhat.com/security/cve/CVE-2023-39325", "https://access.redhat.com/security/cve/CVE-2023-44487", "https://bugzilla.redhat.com/2242803", "https://bugzilla.redhat.com/2243296", "https://bugzilla.redhat.com/show_bug.cgi?id=2242803", "https://bugzilla.redhat.com/show_bug.cgi?id=2243296", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39325", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487", "https://errata.almalinux.org/9/ALSA-2023-6077.html", "https://errata.rockylinux.org/RLSA-2023:6077", "https://github.com/golang/go/commit/24ae2d927285c697440fdde3ad7f26028354bcf3 [golang- 1.21]", "https://github.com/golang/go/commit/e175f27f58aa7b9cd4d79607ae65d2cd5baaee68 [golang-1.20]", "https://github.com/golang/go/issues/63417", "https://go.dev/cl/534215", "https://go.dev/cl/534235", "https://go.dev/issue/63417", "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ", "https://linux.oracle.com/cve/CVE-2023-39325.html", "https://linux.oracle.com/errata/ELSA-2023-5867.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/", "https://nvd.nist.gov/vuln/detail/CVE-2023-39325", "https://pkg.go.dev/vuln/GO-2023-2102", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20231110-0008", "https://security.netapp.com/advisory/ntap-20231110-0008/", "https://ubuntu.com/security/notices/USN-6574-1", "https://ubuntu.com/security/notices/USN-7061-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", "https://www.cve.org/CVERecord?id=CVE-2023-39325" ], "PublishedDate": "2023-10-11T22:15:09.88Z", "LastModifiedDate": "2024-11-21T08:15:09.627Z" }, { "VulnerabilityID": "CVE-2023-45283", "VendorIDs": [ "GO-2023-2185" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.20.11, 1.21.4, 1.20.12, 1.21.5", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45283", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:165df9d6435c3737e8c3e12db298e7001717a445f4bd71eff2bb88f5cf3b3977", "Title": "The filepath package does not recognize paths with a \\??\\ prefix as sp ...", "Description": "The filepath package does not recognize paths with a \\??\\ prefix as special. On Windows, a path beginning with \\??\\ is a Root Local Device path equivalent to a path beginning with \\\\?\\. Paths with a \\??\\ prefix may be used to access arbitrary locations on the system. For example, the path \\??\\c:\\x is equivalent to the more common path c:\\x. Before fix, Clean could convert a rooted path such as \\a\\..\\??\\b into the root local device path \\??\\b. Clean will now convert this to .\\??\\b. Similarly, Join(\\, ??, b) could convert a seemingly innocent sequence of path elements into the root local device path \\??\\b. Join will now convert this to \\.\\??\\b. In addition, with fix, IsAbs now correctly reports paths beginning with \\??\\ as absolute, and VolumeName correctly reports the \\??\\ prefix as a volume name. UPDATE: Go 1.20.11 and Go 1.21.4 inadvertently changed the definition of the volume name in Windows paths starting with \\?, resulting in filepath.Clean(\\?\\c:) returning \\?\\c: rather than \\?\\c:\\ (among other effects). The previous behavior has been restored.", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "amazon": 2, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "photon": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/12/05/2", "https://go.dev/cl/540277", "https://go.dev/cl/541175", "https://go.dev/issue/63713", "https://go.dev/issue/64028", "https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY", "https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ", "https://nvd.nist.gov/vuln/detail/CVE-2023-45283", "https://pkg.go.dev/vuln/GO-2023-2185", "https://security.netapp.com/advisory/ntap-20231214-0008/" ], "PublishedDate": "2023-11-09T17:15:08.757Z", "LastModifiedDate": "2024-11-21T08:26:41.567Z" }, { "VulnerabilityID": "CVE-2023-45287", "VendorIDs": [ "GO-2023-2375" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.20.0", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45287", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f6e3e75c0ccdf7442b7c5d25bfd468d263fb887c52373604bd239f39aa272704", "Title": "golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges.", "Description": "Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS#1 padding may leak timing information, which in turn could be used to recover session key bits. In Go 1.20, the crypto/tls library switched to a fully constant time RSA implementation, which we do not believe exhibits any timing side channels.", "Severity": "HIGH", "CweIDs": [ "CWE-203" ], "VendorSeverity": { "alma": 2, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:2272", "https://access.redhat.com/security/cve/CVE-2023-45287", "https://bugzilla.redhat.com/2253193", "https://bugzilla.redhat.com/2253330", "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", "https://bugzilla.redhat.com/show_bug.cgi?id=2244340", "https://bugzilla.redhat.com/show_bug.cgi?id=2246840", "https://bugzilla.redhat.com/show_bug.cgi?id=2253193", "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", "https://bugzilla.redhat.com/show_bug.cgi?id=2262272", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39326", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650", "https://errata.almalinux.org/9/ALSA-2024-2272.html", "https://errata.rockylinux.org/RLSA-2024:2988", "https://go.dev/cl/326012/26", "https://go.dev/issue/20654", "https://groups.google.com/g/golang-announce/c/QMK8IQALDvA", "https://linux.oracle.com/cve/CVE-2023-45287.html", "https://linux.oracle.com/errata/ELSA-2024-2988.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-45287", "https://people.redhat.com/~hkario/marvin/", "https://pkg.go.dev/vuln/GO-2023-2375", "https://security.netapp.com/advisory/ntap-20240112-0005/", "https://www.cve.org/CVERecord?id=CVE-2023-45287" ], "PublishedDate": "2023-12-05T17:15:08.57Z", "LastModifiedDate": "2024-11-21T08:26:42.25Z" }, { "VulnerabilityID": "CVE-2023-45288", "VendorIDs": [ "GHSA-4v7x-pqxf-cx7m", "GO-2024-2687" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.21.9, 1.22.2", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45288", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:33e3e6cec2e0a8a14801eeb1d8716f05423232c7f15daf971ef304384e9c0e93", "Title": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS", "Description": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.", "Severity": "HIGH", "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "ghsa": 2, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/04/03/16", "http://www.openwall.com/lists/oss-security/2024/04/05/4", "https://access.redhat.com/errata/RHSA-2024:2724", "https://access.redhat.com/security/cve/CVE-2023-45288", "https://bugzilla.redhat.com/2268017", "https://bugzilla.redhat.com/2268018", "https://bugzilla.redhat.com/2268019", "https://bugzilla.redhat.com/2268273", "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", "https://errata.almalinux.org/9/ALSA-2024-2724.html", "https://errata.rockylinux.org/RLSA-2024:2724", "https://go.dev/cl/576155", "https://go.dev/issue/65051", "https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M", "https://kb.cert.org/vuls/id/421644", "https://linux.oracle.com/cve/CVE-2023-45288.html", "https://linux.oracle.com/errata/ELSA-2024-3346.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/", "https://nowotarski.info/http2-continuation-flood-technical-details", "https://nowotarski.info/http2-continuation-flood/", "https://nvd.nist.gov/vuln/detail/CVE-2023-45288", "https://pkg.go.dev/vuln/GO-2024-2687", "https://security.netapp.com/advisory/ntap-20240419-0009", "https://security.netapp.com/advisory/ntap-20240419-0009/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2023-45288", "https://www.kb.cert.org/vuls/id/421644" ], "PublishedDate": "2024-04-04T21:15:16.113Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-34156", "VendorIDs": [ "GO-2024-3106" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.22.7, 1.23.1", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34156", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:bdcaa72a77b65cfd3f0147d8b775934cd536f804cefec54d833409673b1321df", "Title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion", "Description": "Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "Severity": "HIGH", "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:3773", "https://access.redhat.com/security/cve/CVE-2024-34156", "https://bugzilla.redhat.com/2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", "https://errata.almalinux.org/9/ALSA-2025-3773.html", "https://errata.rockylinux.org/RLSA-2025:3773", "https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7)", "https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1)", "https://go.dev/cl/611239", "https://go.dev/issue/69139", "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "https://linux.oracle.com/cve/CVE-2024-34156.html", "https://linux.oracle.com/errata/ELSA-2025-3773.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-34156", "https://pkg.go.dev/vuln/GO-2024-3106", "https://security.netapp.com/advisory/ntap-20240926-0004/", "https://ubuntu.com/security/notices/USN-7081-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-34156" ], "PublishedDate": "2024-09-06T21:15:12.02Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-61726", "VendorIDs": [ "GO-2026-4341" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61726", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:9ffda6afe921799e41373fb5ceb7374cd72eef03510d02a6a098521764d408f8", "Title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url", "Description": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 3, "cbl-mariner": 2, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4177", "https://access.redhat.com/security/cve/CVE-2025-61726", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-4177.html", "https://errata.rockylinux.org/RLSA-2026:4177", "https://go.dev/cl/736712", "https://go.dev/issue/77101", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-61726.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61726", "https://pkg.go.dev/vuln/GO-2026-4341", "https://www.cve.org/CVERecord?id=CVE-2025-61726" ], "PublishedDate": "2026-01-28T20:16:09.713Z", "LastModifiedDate": "2026-02-06T18:47:34.52Z" }, { "VulnerabilityID": "CVE-2025-61729", "VendorIDs": [ "GO-2025-4155" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.24.11, 1.25.5", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61729", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b435c4f50c1fc7deecad6df9c48227db683e3da32eead6d16c174b13683048f1", "Title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate", "Description": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 1, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:3928", "https://access.redhat.com/security/cve/CVE-2025-61729", "https://bugzilla.redhat.com/2418462", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-3928.html", "https://errata.rockylinux.org/RLSA-2026:3928", "https://go.dev/cl/725920", "https://go.dev/issue/76445", "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "https://linux.oracle.com/cve/CVE-2025-61729.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61729", "https://pkg.go.dev/vuln/GO-2025-4155", "https://www.cve.org/CVERecord?id=CVE-2025-61729" ], "PublishedDate": "2025-12-02T19:15:51.447Z", "LastModifiedDate": "2025-12-19T18:25:28.283Z" }, { "VulnerabilityID": "CVE-2026-25679", "VendorIDs": [ "GO-2026-4601" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.25.8, 1.26.1", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25679", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:6ee63655d232783a957627b31a9c2be2f11ae29a5ebfaf8880756565584e4c89", "Title": "net/url: Incorrect parsing of IPv6 host literals in net/url", "Description": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.", "Severity": "HIGH", "CweIDs": [ "CWE-425" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:9044", "https://access.redhat.com/security/cve/CVE-2026-25679", "https://bugzilla.redhat.com/2445356", "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", "https://errata.almalinux.org/9/ALSA-2026-9044.html", "https://errata.rockylinux.org/RLSA-2026:8841", "https://go.dev/cl/752180", "https://go.dev/issue/77578", "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "https://linux.oracle.com/cve/CVE-2026-25679.html", "https://linux.oracle.com/errata/ELSA-2026-9044.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", "https://pkg.go.dev/vuln/GO-2026-4601", "https://www.cve.org/CVERecord?id=CVE-2026-25679" ], "PublishedDate": "2026-03-06T22:16:00.72Z", "LastModifiedDate": "2026-04-21T14:43:03.8Z" }, { "VulnerabilityID": "CVE-2026-32280", "VendorIDs": [ "GO-2026-4947" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:2f13f7c4dac3ce333bf8bf9d62d636c3bae4d8aeb95f06c433b729e6fd6312bb", "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32280", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/758320", "https://go.dev/issue/78282", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32280.html", "https://linux.oracle.com/errata/ELSA-2026-16875.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", "https://pkg.go.dev/vuln/GO-2026-4947", "https://www.cve.org/CVERecord?id=CVE-2026-32280" ], "PublishedDate": "2026-04-08T02:16:03.247Z", "LastModifiedDate": "2026-04-16T19:16:42.18Z" }, { "VulnerabilityID": "CVE-2026-32281", "VendorIDs": [ "GO-2026-4946" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:14e2962bfcc4c6f26c1101e787b2f26b98d8fbab641b21e3d5dcfe0b993a8a64", "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32281", "https://go.dev/cl/758061", "https://go.dev/issue/78281", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", "https://pkg.go.dev/vuln/GO-2026-4946", "https://www.cve.org/CVERecord?id=CVE-2026-32281" ], "PublishedDate": "2026-04-08T02:16:03.35Z", "LastModifiedDate": "2026-04-16T19:15:57.75Z" }, { "VulnerabilityID": "CVE-2026-32283", "VendorIDs": [ "GO-2026-4870" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3a70f3bf90c64722e30f9842c041ef3418f7395073fe425e6c234de028f3272c", "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "nvd": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32283", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763767", "https://go.dev/issue/78334", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32283.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", "https://pkg.go.dev/vuln/GO-2026-4870", "https://www.cve.org/CVERecord?id=CVE-2026-32283" ], "PublishedDate": "2026-04-08T02:16:03.58Z", "LastModifiedDate": "2026-04-16T19:12:10.54Z" }, { "VulnerabilityID": "CVE-2026-33811", "VendorIDs": [ "GO-2026-4981" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:5d493121e766550a8bab956bf2c54b2f69aefd525cdbf3cba053bf90a4f72fc8", "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", "Severity": "HIGH", "CweIDs": [ "CWE-415" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/767860", "https://go.dev/issue/78803", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", "https://pkg.go.dev/vuln/GO-2026-4981" ], "PublishedDate": "2026-05-07T20:16:42.77Z", "LastModifiedDate": "2026-05-12T20:23:02.333Z" }, { "VulnerabilityID": "CVE-2026-33814", "VendorIDs": [ "GO-2026-4918" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3fa6302a4c4910efc40ab28d954f71a44ba458dee644bf8655b556bd3b8693e3", "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", "Severity": "HIGH", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/761581", "https://go.dev/cl/761640", "https://go.dev/issue/78476", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", "https://pkg.go.dev/vuln/GO-2026-4918" ], "PublishedDate": "2026-05-07T20:16:42.88Z", "LastModifiedDate": "2026-05-13T14:41:59.52Z" }, { "VulnerabilityID": "CVE-2026-39820", "VendorIDs": [ "GO-2026-4986" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:ac084dc68ec056a40664808035b454458215fd1f8efec3299325c96cb229218b", "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/759940", "https://go.dev/issue/78566", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", "https://pkg.go.dev/vuln/GO-2026-4986" ], "PublishedDate": "2026-05-07T20:16:43.187Z", "LastModifiedDate": "2026-05-13T15:10:58.65Z" }, { "VulnerabilityID": "CVE-2026-39836", "VendorIDs": [ "GO-2026-4971" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:2f31defc56731108f7ff6ff598a6da131dd3a11964c92132ba07596c2f04dfed", "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/775320", "https://go.dev/issue/79006", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", "https://pkg.go.dev/vuln/GO-2026-4971" ], "PublishedDate": "2026-05-07T20:16:43.593Z", "LastModifiedDate": "2026-05-13T15:11:10.31Z" }, { "VulnerabilityID": "CVE-2026-42499", "VendorIDs": [ "GO-2026-4977" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:881cdb92f6c2ff8c4c6b419047daa15c282752b216c0687077d9df22c056a096", "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", "Severity": "HIGH", "VendorSeverity": { "bitnami": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/771520", "https://go.dev/issue/78987", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", "https://pkg.go.dev/vuln/GO-2026-4977" ], "PublishedDate": "2026-05-07T20:16:44.54Z", "LastModifiedDate": "2026-05-13T16:59:17.563Z" }, { "VulnerabilityID": "CVE-2021-44717", "VendorIDs": [ "GO-2022-0289" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.16.12, 1.17.5", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-44717", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f3915de774619f28cdf3f5915d9e3550d2bc575964605f1425fc22b544c59bc0", "Title": "golang: syscall: don't close fd 0 on ForkExec error", "Description": "Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.", "Severity": "MEDIUM", "CweIDs": [ "CWE-404" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.8 }, "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "V2Score": 5.8, "V3Score": 4.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-44717", "https://bugzilla.redhat.com/show_bug.cgi?id=2030801", "https://bugzilla.redhat.com/show_bug.cgi?id=2030806", "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44716", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44717", "https://errata.rockylinux.org/RLSA-2021:5160", "https://github.com/golang/go/commit/44a3fb49d99cc8a4de4925b69650f97bb07faf1d (go1.17.5)", "https://github.com/golang/go/issues/50057", "https://go.dev/cl/370576", "https://go.dev/cl/370577", "https://go.dev/cl/370795", "https://go.dev/issue/50057", "https://go.googlesource.com/go/+/a76511f3a40ea69ee4f5cd86e735e1c8a84f0aa2", "https://groups.google.com/g/golang-announce/c/hcmEScgc00k", "https://groups.google.com/g/golang-announce/c/hcmEScgc00k/m/ZWnOjeY4CQAJ", "https://linux.oracle.com/cve/CVE-2021-44717.html", "https://linux.oracle.com/errata/ELSA-2021-5160.html", "https://lists.debian.org/debian-lts-announce/2022/01/msg00016.html", "https://lists.debian.org/debian-lts-announce/2022/01/msg00017.html", "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-44717", "https://pkg.go.dev/vuln/GO-2022-0289", "https://security.gentoo.org/glsa/202208-02", "https://www.cve.org/CVERecord?id=CVE-2021-44717" ], "PublishedDate": "2022-01-01T05:15:08.367Z", "LastModifiedDate": "2024-11-21T06:31:27.117Z" }, { "VulnerabilityID": "CVE-2022-1705", "VendorIDs": [ "GO-2022-0525" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.17.12, 1.18.4", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-1705", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3cd3a66542b1cd87133e944a9c0fca7a603a58ab7934ce035b042b153c86bf47", "Title": "golang: net/http: improper sanitization of Transfer-Encoding header", "Description": "Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.", "Severity": "MEDIUM", "CweIDs": [ "CWE-444" ], "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:2357", "https://access.redhat.com/security/cve/CVE-2022-1705", "https://bugzilla.redhat.com/2107371", "https://bugzilla.redhat.com/2107374", "https://bugzilla.redhat.com/2107383", "https://bugzilla.redhat.com/2107386", "https://bugzilla.redhat.com/2107388", "https://bugzilla.redhat.com/2113814", "https://bugzilla.redhat.com/2124669", "https://bugzilla.redhat.com/2132868", "https://bugzilla.redhat.com/2132872", "https://bugzilla.redhat.com/2161274", "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", "https://errata.almalinux.org/9/ALSA-2023-2357.html", "https://errata.rockylinux.org/RLSA-2022:8250", "https://github.com/golang/go/commit/e5017a93fcde94f09836200bca55324af037ee5f", "https://go.dev/cl/409874", "https://go.dev/cl/410714", "https://go.dev/issue/53188", "https://go.googlesource.com/go/+/e5017a93fcde94f09836200bca55324af037ee5f", "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "https://linux.oracle.com/cve/CVE-2022-1705.html", "https://linux.oracle.com/errata/ELSA-2023-2802.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-1705", "https://pkg.go.dev/vuln/GO-2022-0525", "https://ubuntu.com/security/notices/USN-6038-1", "https://ubuntu.com/security/notices/USN-6038-2", "https://www.cve.org/CVERecord?id=CVE-2022-1705" ], "PublishedDate": "2022-08-10T20:15:25.353Z", "LastModifiedDate": "2026-03-06T18:16:10.133Z" }, { "VulnerabilityID": "CVE-2022-1962", "VendorIDs": [ "GO-2022-0515" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.17.12, 1.18.4", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-1962", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:5013335449f280a81fb5c3c9aeb2c6001d21b3c949fc34e8bc44459ac881fe04", "Title": "golang: go/parser: stack exhaustion in all Parse* functions", "Description": "Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations.", "Severity": "MEDIUM", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2022:8057", "https://access.redhat.com/security/cve/CVE-2022-1962", "https://bugzilla.redhat.com/2044628", "https://bugzilla.redhat.com/2045880", "https://bugzilla.redhat.com/2050648", "https://bugzilla.redhat.com/2050742", "https://bugzilla.redhat.com/2050743", "https://bugzilla.redhat.com/2065290", "https://bugzilla.redhat.com/2107342", "https://bugzilla.redhat.com/2107371", "https://bugzilla.redhat.com/2107374", "https://bugzilla.redhat.com/2107376", "https://bugzilla.redhat.com/2107383", "https://bugzilla.redhat.com/2107386", "https://bugzilla.redhat.com/2107388", "https://bugzilla.redhat.com/2107390", "https://bugzilla.redhat.com/2107392", "https://bugzilla.redhat.com/show_bug.cgi?id=2044628", "https://bugzilla.redhat.com/show_bug.cgi?id=2045880", "https://bugzilla.redhat.com/show_bug.cgi?id=2050648", "https://bugzilla.redhat.com/show_bug.cgi?id=2050742", "https://bugzilla.redhat.com/show_bug.cgi?id=2050743", "https://bugzilla.redhat.com/show_bug.cgi?id=2055349", "https://bugzilla.redhat.com/show_bug.cgi?id=2065290", "https://bugzilla.redhat.com/show_bug.cgi?id=2104367", "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1962", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21673", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21698", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21702", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21703", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21713", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28131", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30633", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", "https://errata.almalinux.org/9/ALSA-2022-8057.html", "https://errata.rockylinux.org/RLSA-2022:8057", "https://github.com/golang/go/commit/695be961d57508da5a82217f7415200a11845879", "https://go.dev/cl/417063", "https://go.dev/issue/53616", "https://go.googlesource.com/go/+/695be961d57508da5a82217f7415200a11845879", "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "https://linux.oracle.com/cve/CVE-2022-1962.html", "https://linux.oracle.com/errata/ELSA-2023-2802.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-1962", "https://pkg.go.dev/vuln/GO-2022-0515", "https://ubuntu.com/security/notices/USN-6038-1", "https://www.cve.org/CVERecord?id=CVE-2022-1962" ], "PublishedDate": "2022-08-10T20:15:26.25Z", "LastModifiedDate": "2026-03-06T20:16:09.373Z" }, { "VulnerabilityID": "CVE-2022-29526", "VendorIDs": [ "GHSA-p782-xgp4-8hr8", "GO-2022-0493" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.17.10, 1.18.2", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-29526", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:9708d907ace5d079cf43b525dd6cc48ade871e3826cb19d33936d8d93a256d72", "Title": "golang: syscall: faccessat checks wrong group", "Description": "Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.", "Severity": "MEDIUM", "CweIDs": [ "CWE-269" ], "VendorSeverity": { "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "ghsa": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V2Score": 5, "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-29526", "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1962", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24675", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24921", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28131", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28327", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29526", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30629", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30633", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", "https://errata.rockylinux.org/RLSA-2022:5799", "https://github.com/golang/go", "https://github.com/golang/go/commit/f66925e854e71e0c54b581885380a490d7afa30c", "https://github.com/golang/go/issues/52313", "https://go.dev/cl/399539", "https://go.dev/cl/400074", "https://go.dev/issue/52313", "https://groups.google.com/g/golang-announce", "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU", "https://linux.oracle.com/cve/CVE-2022-29526.html", "https://linux.oracle.com/errata/ELSA-2022-5337.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6GE5EQGE4L2KRVGW4T75QVIYAXCLO5X/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q6GE5EQGE4L2KRVGW4T75QVIYAXCLO5X", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR", "https://nvd.nist.gov/vuln/detail/CVE-2022-29526", "https://pkg.go.dev/vuln/GO-2022-0493", "https://security.gentoo.org/glsa/202208-02", "https://security.netapp.com/advisory/ntap-20220729-0001", "https://security.netapp.com/advisory/ntap-20220729-0001/", "https://ubuntu.com/security/notices/USN-6038-1", "https://ubuntu.com/security/notices/USN-6038-2", "https://www.cve.org/CVERecord?id=CVE-2022-29526" ], "PublishedDate": "2022-06-23T17:15:12.747Z", "LastModifiedDate": "2024-11-21T06:59:15.563Z" }, { "VulnerabilityID": "CVE-2022-32148", "VendorIDs": [ "GO-2022-0520" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.17.12, 1.18.4", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-32148", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:27df03e5cd15a51661ee796e22cbd5dd8c5ffc60be9bce740b351d726f49d115", "Title": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working", "Description": "Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:2357", "https://access.redhat.com/security/cve/CVE-2022-32148", "https://bugzilla.redhat.com/2107371", "https://bugzilla.redhat.com/2107374", "https://bugzilla.redhat.com/2107383", "https://bugzilla.redhat.com/2107386", "https://bugzilla.redhat.com/2107388", "https://bugzilla.redhat.com/2113814", "https://bugzilla.redhat.com/2124669", "https://bugzilla.redhat.com/2132868", "https://bugzilla.redhat.com/2132872", "https://bugzilla.redhat.com/2161274", "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", "https://errata.almalinux.org/9/ALSA-2023-2357.html", "https://errata.rockylinux.org/RLSA-2022:8250", "https://github.com/golang/go/commit/ebea1e3353fa766025aa5190b9c7cc05cf069187 (1.18)", "https://go.dev/cl/412857", "https://go.dev/issue/53423", "https://go.googlesource.com/go/+/b2cc0fecc2ccd80e6d5d16542cc684f97b3a9c8a", "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "https://linux.oracle.com/cve/CVE-2022-32148.html", "https://linux.oracle.com/errata/ELSA-2023-2802.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-32148", "https://pkg.go.dev/vuln/GO-2022-0520", "https://ubuntu.com/security/notices/USN-6038-1", "https://ubuntu.com/security/notices/USN-6038-2", "https://www.cve.org/CVERecord?id=CVE-2022-32148" ], "PublishedDate": "2022-08-10T20:15:47.133Z", "LastModifiedDate": "2026-03-06T20:16:10.927Z" }, { "VulnerabilityID": "CVE-2022-41717", "VendorIDs": [ "GHSA-xrjj-mj9h-534m", "GO-2022-1144" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.18.9, 1.19.4", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41717", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:d8e1483200f49c5b02562d1d5c4f8253ee92920ab045a68904b217132eb98758", "Title": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests", "Description": "An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "ghsa": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6420", "https://access.redhat.com/security/cve/CVE-2022-41717", "https://bugzilla.redhat.com/2131146", "https://bugzilla.redhat.com/2131147", "https://bugzilla.redhat.com/2131148", "https://bugzilla.redhat.com/2138014", "https://bugzilla.redhat.com/2138015", "https://bugzilla.redhat.com/2148252", "https://bugzilla.redhat.com/2158420", "https://bugzilla.redhat.com/2161274", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", "https://bugzilla.redhat.com/show_bug.cgi?id=2113814", "https://bugzilla.redhat.com/show_bug.cgi?id=2121445", "https://bugzilla.redhat.com/show_bug.cgi?id=2124669", "https://bugzilla.redhat.com/show_bug.cgi?id=2161274", "https://bugzilla.redhat.com/show_bug.cgi?id=2168256", "https://cs.opensource.google/go/x/net", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1962", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28131", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2989", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30633", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41717", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0778", "https://errata.almalinux.org/9/ALSA-2023-6420.html", "https://errata.rockylinux.org/RLSA-2023:2802", "https://github.com/golang/go/commit/618120c165669c00a1606505defea6ca755cdc27 (go1.19.4)", "https://github.com/golang/go/commit/76cad4edc29d28432a7a0aa27e87385d3d7db7a1 (go1.18.9)", "https://go.dev/cl/455635", "https://go.dev/cl/455717", "https://go.dev/issue/56350", "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU", "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ", "https://linux.oracle.com/cve/CVE-2022-41717.html", "https://linux.oracle.com/errata/ELSA-2023-6420.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/", "https://nvd.nist.gov/vuln/detail/CVE-2022-41717", "https://pkg.go.dev/vuln/GO-2022-1144", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20230120-0008/", "https://ubuntu.com/security/notices/USN-6038-1", "https://ubuntu.com/security/notices/USN-6038-2", "https://www.cve.org/CVERecord?id=CVE-2022-41717" ], "PublishedDate": "2022-12-08T20:15:10.33Z", "LastModifiedDate": "2024-11-21T07:23:43.713Z" }, { "VulnerabilityID": "CVE-2023-24532", "VendorIDs": [ "GO-2023-1621" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.19.7, 1.20.2", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24532", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:bafcaa013819d6566c66aa96159651af7606fb6c60c218507dd6d939d94af43b", "Title": "golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results", "Description": "The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages of crypto/ecdsa or crypto/ecdh.", "Severity": "MEDIUM", "CweIDs": [ "CWE-682" ], "VendorSeverity": { "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-24532", "https://go.dev/cl/471255", "https://go.dev/issue/58647", "https://groups.google.com/g/golang-announce/c/3-TpUx48iQY", "https://nvd.nist.gov/vuln/detail/CVE-2023-24532", "https://pkg.go.dev/vuln/GO-2023-1621", "https://security.netapp.com/advisory/ntap-20230331-0011/", "https://www.cve.org/CVERecord?id=CVE-2023-24532" ], "PublishedDate": "2023-03-08T20:15:09.413Z", "LastModifiedDate": "2024-11-21T07:48:04.383Z" }, { "VulnerabilityID": "CVE-2023-29406", "VendorIDs": [ "GO-2023-1878" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.19.11, 1.20.6", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29406", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:55a5565d6ceb101d96d8d128191d5aa5cab53d19ff3ba05ea9761fcf388c3e7e", "Title": "golang: net/http: insufficient sanitization of Host header", "Description": "The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.", "Severity": "MEDIUM", "CweIDs": [ "CWE-436" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "V3Score": 6.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2023-29406", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2242871", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:7202", "https://github.com/golang/go/commit/312920c00aac9897b2a0693e752390b5b0711a5a (go1.20.6)", "https://github.com/golang/go/commit/5fa6923b1ea891400153d04ddf1545e23b40041b (go1.19.11)", "https://github.com/golang/go/issues/60374", "https://go.dev/cl/506996", "https://go.dev/issue/60374", "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0", "https://linux.oracle.com/cve/CVE-2023-29406.html", "https://linux.oracle.com/errata/ELSA-2023-7202.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-29406", "https://pkg.go.dev/vuln/GO-2023-1878", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20230814-0002/", "https://ubuntu.com/security/notices/USN-7061-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://www.cve.org/CVERecord?id=CVE-2023-29406" ], "PublishedDate": "2023-07-11T20:15:10.643Z", "LastModifiedDate": "2024-11-21T07:56:59.913Z" }, { "VulnerabilityID": "CVE-2023-29409", "VendorIDs": [ "GO-2023-1987" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.19.12, 1.20.7, 1.21.0-rc.4", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29409", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:ec065511e36172b45d84be88ce411e08f67c47a15ce94eda1f5c9d698de1a2d7", "Title": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys", "Description": "Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to \u003c= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable.", "Severity": "MEDIUM", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:7766", "https://access.redhat.com/security/cve/CVE-2023-29409", "https://bugzilla.redhat.com/2228743", "https://bugzilla.redhat.com/2237773", "https://bugzilla.redhat.com/2237776", "https://bugzilla.redhat.com/2237777", "https://bugzilla.redhat.com/2237778", "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", "https://bugzilla.redhat.com/show_bug.cgi?id=2244340", "https://bugzilla.redhat.com/show_bug.cgi?id=2246840", "https://bugzilla.redhat.com/show_bug.cgi?id=2253193", "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", "https://bugzilla.redhat.com/show_bug.cgi?id=2262272", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39326", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650", "https://errata.almalinux.org/9/ALSA-2023-7766.html", "https://errata.rockylinux.org/RLSA-2024:2988", "https://go.dev/cl/515257", "https://go.dev/issue/61460", "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ", "https://linux.oracle.com/cve/CVE-2023-29409.html", "https://linux.oracle.com/errata/ELSA-2024-2988.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-29409", "https://pkg.go.dev/vuln/GO-2023-1987", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20230831-0010/", "https://www.cve.org/CVERecord?id=CVE-2023-29409" ], "PublishedDate": "2023-08-02T20:15:11.94Z", "LastModifiedDate": "2024-11-21T07:57:00.287Z" }, { "VulnerabilityID": "CVE-2023-39318", "VendorIDs": [ "GO-2023-2041" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.20.8, 1.21.1", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39318", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3c7d75ca72905eb28d783c82764f9e7992cd0dc08bcb2f9346fc1e4fe2a82b85", "Title": "golang: html/template: improper handling of HTML-like comments within script contexts", "Description": "The html/template package does not properly handle HTML-like \"\" comment tokens, nor hashbang \"#!\" comment tokens, in \u003cscript\u003e contexts. This may cause the template parser to improperly interpret the contents of \u003cscript\u003e contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:2160", "https://access.redhat.com/security/cve/CVE-2023-39318", "https://bugzilla.redhat.com/2237773", "https://bugzilla.redhat.com/2237776", "https://bugzilla.redhat.com/2253330", "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", "https://bugzilla.redhat.com/show_bug.cgi?id=2244340", "https://bugzilla.redhat.com/show_bug.cgi?id=2246840", "https://bugzilla.redhat.com/show_bug.cgi?id=2253193", "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", "https://bugzilla.redhat.com/show_bug.cgi?id=2262272", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39326", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650", "https://errata.almalinux.org/9/ALSA-2024-2160.html", "https://errata.rockylinux.org/RLSA-2024:2988", "https://github.com/golang/go/commit/023b542edf38e2a1f87fcefb9f75ff2f99401b4c (go1.20.8)", "https://github.com/golang/go/commit/b0e1d3ea26e8e8fce7726690c9ef0597e60739fb (go1.21.1)", "https://go.dev/cl/526156", "https://go.dev/issue/62196", "https://groups.google.com/g/golang-announce/c/Fm51GRLNRvM", "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", "https://linux.oracle.com/cve/CVE-2023-39318.html", "https://linux.oracle.com/errata/ELSA-2024-2988.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-39318", "https://pkg.go.dev/vuln/GO-2023-2041", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20231020-0009/", "https://ubuntu.com/security/notices/USN-6574-1", "https://ubuntu.com/security/notices/USN-7061-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://vuln.go.dev/ID/GO-2023-2041.json", "https://www.cve.org/CVERecord?id=CVE-2023-39318" ], "PublishedDate": "2023-09-08T17:15:27.823Z", "LastModifiedDate": "2024-11-21T08:15:08.737Z" }, { "VulnerabilityID": "CVE-2023-39319", "VendorIDs": [ "GO-2023-2043" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.20.8, 1.21.1", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39319", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:bb45f155fd7caffa1c2d3d0fbba06c06cd3e628d2f5bfa847b32cce406b1b48b", "Title": "golang: html/template: improper handling of special tags within script contexts", "Description": "The html/template package does not apply the proper rules for handling occurrences of \"\u003cscript\", \"\u003c!--\", and \"\u003c/script\" within JS literals in \u003cscript\u003e contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:2160", "https://access.redhat.com/security/cve/CVE-2023-39319", "https://bugzilla.redhat.com/2237773", "https://bugzilla.redhat.com/2237776", "https://bugzilla.redhat.com/2253330", "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", "https://bugzilla.redhat.com/show_bug.cgi?id=2244340", "https://bugzilla.redhat.com/show_bug.cgi?id=2246840", "https://bugzilla.redhat.com/show_bug.cgi?id=2253193", "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", "https://bugzilla.redhat.com/show_bug.cgi?id=2262272", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39326", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650", "https://errata.almalinux.org/9/ALSA-2024-2160.html", "https://errata.rockylinux.org/RLSA-2024:2988", "https://github.com/golang/go/commit/2070531d2f53df88e312edace6c8dfc9686ab2f5 (go1.20.8)", "https://github.com/golang/go/commit/bbd043ff0d6d59f1a9232d31ecd5eacf6507bf6a (go1.21.1)", "https://go.dev/cl/526157", "https://go.dev/issue/62197", "https://groups.google.com/g/golang-announce/c/Fm51GRLNRvM", "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", "https://linux.oracle.com/cve/CVE-2023-39319.html", "https://linux.oracle.com/errata/ELSA-2024-2988.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-39319", "https://pkg.go.dev/vuln/GO-2023-2043", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20231020-0009/", "https://ubuntu.com/security/notices/USN-6574-1", "https://ubuntu.com/security/notices/USN-7061-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://vuln.go.dev/ID/GO-2023-2043.json", "https://www.cve.org/CVERecord?id=CVE-2023-39319" ], "PublishedDate": "2023-09-08T17:15:27.91Z", "LastModifiedDate": "2024-11-21T08:15:08.89Z" }, { "VulnerabilityID": "CVE-2023-39326", "VendorIDs": [ "GO-2023-2382" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.20.12, 1.21.5", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39326", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:ae2aebc72a72a7e2a72eb25adc4b59b78b249c4dde261544c4b4d72199e2ae38", "Title": "golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests", "Description": "A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:2272", "https://access.redhat.com/security/cve/CVE-2023-39326", "https://bugzilla.redhat.com/2253193", "https://bugzilla.redhat.com/2253330", "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", "https://bugzilla.redhat.com/show_bug.cgi?id=2244340", "https://bugzilla.redhat.com/show_bug.cgi?id=2246840", "https://bugzilla.redhat.com/show_bug.cgi?id=2253193", "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", "https://bugzilla.redhat.com/show_bug.cgi?id=2262272", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39326", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650", "https://errata.almalinux.org/9/ALSA-2024-2272.html", "https://errata.rockylinux.org/RLSA-2024:2988", "https://github.com/golang/go/commit/6446af942e2e2b161c4ec1b60d9703a2b55dc4dd (go1.20.12)", "https://github.com/golang/go/commit/ec8c526e4be720e94b98ca509e6364f0efaf28f7 (go1.21.5)", "https://go.dev/cl/547335", "https://go.dev/issue/64433", "https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ", "https://linux.oracle.com/cve/CVE-2023-39326.html", "https://linux.oracle.com/errata/ELSA-2024-2988.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UIU6HOGV6RRIKWM57LOXQA75BGZSIH6G/", "https://nvd.nist.gov/vuln/detail/CVE-2023-39326", "https://pkg.go.dev/vuln/GO-2023-2382", "https://ubuntu.com/security/notices/USN-6574-1", "https://www.cve.org/CVERecord?id=CVE-2023-39326" ], "PublishedDate": "2023-12-06T17:15:07.147Z", "LastModifiedDate": "2024-11-21T08:15:09.89Z" }, { "VulnerabilityID": "CVE-2023-45284", "VendorIDs": [ "GO-2023-2186" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.20.11, 1.21.4", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45284", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:1a0ebbd8ffc902c7e6695b3c2c230ff18263440c45725cf22bb23d7916599564", "Title": "On Windows, The IsLocal function does not correctly detect reserved de ...", "Description": "On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as \"COM1 \", and reserved names \"COM\" and \"LPT\" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "photon": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://go.dev/cl/540277", "https://go.dev/issue/63713", "https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY", "https://nvd.nist.gov/vuln/detail/CVE-2023-45284", "https://pkg.go.dev/vuln/GO-2023-2186" ], "PublishedDate": "2023-11-09T17:15:08.813Z", "LastModifiedDate": "2024-11-21T08:26:41.737Z" }, { "VulnerabilityID": "CVE-2023-45289", "VendorIDs": [ "GO-2024-2600" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.21.8, 1.22.1", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45289", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:7240ce9aa087588f666e7b7f3c6989a0b30a2b67c4cb3a04eb35af0f83f3325e", "Title": "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect", "Description": "When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 3, "amazon": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "V3Score": 4.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/08/4", "https://access.redhat.com/errata/RHSA-2024:2724", "https://access.redhat.com/security/cve/CVE-2023-45289", "https://bugzilla.redhat.com/2268017", "https://bugzilla.redhat.com/2268018", "https://bugzilla.redhat.com/2268019", "https://bugzilla.redhat.com/2268273", "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", "https://errata.almalinux.org/9/ALSA-2024-2724.html", "https://errata.rockylinux.org/RLSA-2024:2724", "https://github.com/golang/go/commit/20586c0dbe03d144f914155f879fa5ee287591a1 (go1.21.8)", "https://github.com/golang/go/commit/3a855208e3efed2e9d7c20ad023f1fa78afcc0be (go1.22.1)", "https://github.com/golang/go/issues/65065", "https://go.dev/cl/569340", "https://go.dev/issue/65065", "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "https://linux.oracle.com/cve/CVE-2023-45289.html", "https://linux.oracle.com/errata/ELSA-2024-3346.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-45289", "https://pkg.go.dev/vuln/GO-2024-2600", "https://security.netapp.com/advisory/ntap-20240329-0006/", "https://ubuntu.com/security/notices/USN-6886-1", "https://www.cve.org/CVERecord?id=CVE-2023-45289" ], "PublishedDate": "2024-03-05T23:15:07.137Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2023-45290", "VendorIDs": [ "GO-2024-2599" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.21.8, 1.22.1", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45290", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:bc286a66f570ecb062d5ab156f03d2e5690bdff35c40d4078236978230eccb60", "Title": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm", "Description": "When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 2, "amazon": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/08/4", "https://access.redhat.com/errata/RHSA-2024:9135", "https://access.redhat.com/security/cve/CVE-2023-45290", "https://bugzilla.redhat.com/2268017", "https://bugzilla.redhat.com/2268022", "https://bugzilla.redhat.com/2279814", "https://bugzilla.redhat.com/2295310", "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24785", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", "https://errata.almalinux.org/9/ALSA-2024-9135.html", "https://errata.rockylinux.org/RLSA-2024:9135", "https://github.com/golang/go/commit/041a47712e765e94f86d841c3110c840e76d8f82 (go1.22.1)", "https://github.com/golang/go/commit/bf80213b121074f4ad9b449410a4d13bae5e9be0 (go1.21.8)", "https://github.com/golang/go/issues/65383", "https://go.dev/cl/569341", "https://go.dev/issue/65383", "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "https://linux.oracle.com/cve/CVE-2023-45290.html", "https://linux.oracle.com/errata/ELSA-2024-8038.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-45290", "https://pkg.go.dev/vuln/GO-2024-2599", "https://security.netapp.com/advisory/ntap-20240329-0004", "https://security.netapp.com/advisory/ntap-20240329-0004/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2023-45290" ], "PublishedDate": "2024-03-05T23:15:07.21Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-24783", "VendorIDs": [ "GO-2024-2598" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.21.8, 1.22.1", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24783", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b3101838f2bc40a624b23862b46b726e02c12a68e5c1af31222e76869f71fecf", "Title": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm", "Description": "Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 2, "amazon": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/08/4", "https://access.redhat.com/errata/RHSA-2024:6195", "https://access.redhat.com/security/cve/CVE-2024-24783", "https://bugzilla.redhat.com/2268019", "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", "https://errata.almalinux.org/9/ALSA-2024-6195.html", "https://errata.rockylinux.org/RLSA-2024:2724", "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp", "https://github.com/golang/go/commit/337b8e9cbfa749d9d5c899e0dc358e2208d5e54f (go1.22.1)", "https://github.com/golang/go/commit/be5b52bea674190ef7de272664be6c7ae93ec5a0 (go1.21.8)", "https://github.com/golang/go/issues/65390", "https://go.dev/cl/569339", "https://go.dev/issue/65390", "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "https://linux.oracle.com/cve/CVE-2024-24783.html", "https://linux.oracle.com/errata/ELSA-2024-6969.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-24783", "https://pkg.go.dev/vuln/GO-2024-2598", "https://security.netapp.com/advisory/ntap-20240329-0005", "https://security.netapp.com/advisory/ntap-20240329-0005/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-24783" ], "PublishedDate": "2024-03-05T23:15:07.683Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-24784", "VendorIDs": [ "GO-2024-2609" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.21.8, 1.22.1", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24784", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c2c15fde57f2dd529cad85660f5b192916f1340998779461ce41e33fea341987", "Title": "golang: net/mail: comments in display names are incorrectly handled", "Description": "The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 3, "amazon": 2, "bitnami": 3, "cbl-mariner": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/08/4", "https://access.redhat.com/errata/RHSA-2024:2562", "https://access.redhat.com/security/cve/CVE-2024-24784", "https://bugzilla.redhat.com/2262921", "https://bugzilla.redhat.com/2268017", "https://bugzilla.redhat.com/2268018", "https://bugzilla.redhat.com/2268019", "https://bugzilla.redhat.com/2268021", "https://bugzilla.redhat.com/2268022", "https://bugzilla.redhat.com/2268273", "https://bugzilla.redhat.com/show_bug.cgi?id=2262921", "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", "https://bugzilla.redhat.com/show_bug.cgi?id=2268021", "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1394", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24784", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24785", "https://errata.almalinux.org/9/ALSA-2024-2562.html", "https://errata.rockylinux.org/RLSA-2024:2562", "https://github.com/golang/go/commit/263c059b09fdd40d9dd945f2ecb20c89ea28efe5 (go1.21.8)", "https://github.com/golang/go/commit/5330cd225ba54c7dc78c1b46dcdf61a4671a632c (go1.22.1)", "https://github.com/golang/go/issues/65083", "https://go.dev/cl/555596", "https://go.dev/issue/65083", "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "https://linux.oracle.com/cve/CVE-2024-24784.html", "https://linux.oracle.com/errata/ELSA-2024-6969.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-24784", "https://pkg.go.dev/vuln/GO-2024-2609", "https://security.netapp.com/advisory/ntap-20240329-0007/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-24784" ], "PublishedDate": "2024-03-05T23:15:07.733Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-24785", "VendorIDs": [ "GO-2024-2610" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.21.8, 1.22.1", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24785", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:713e37b2951b5b8b8dc030ffed78b41649e8e2b7f2d015ef64db5d8e8b889591", "Title": "golang: html/template: errors returned from MarshalJSON methods may break template escaping", "Description": "If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "V3Score": 5.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/08/4", "https://access.redhat.com/errata/RHSA-2024:9135", "https://access.redhat.com/security/cve/CVE-2024-24785", "https://bugzilla.redhat.com/2268017", "https://bugzilla.redhat.com/2268022", "https://bugzilla.redhat.com/2279814", "https://bugzilla.redhat.com/2295310", "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24785", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", "https://errata.almalinux.org/9/ALSA-2024-9135.html", "https://errata.rockylinux.org/RLSA-2024:9135", "https://github.com/golang/go/commit/056b0edcb8c152152021eebf4cf42adbfbe77992 (go1.22.1)", "https://github.com/golang/go/commit/3643147a29352ca2894fd5d0d2069bc4b4335a7e (go1.21.8)", "https://github.com/golang/go/issues/65697", "https://go.dev/cl/564196", "https://go.dev/issue/65697", "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "https://linux.oracle.com/cve/CVE-2024-24785.html", "https://linux.oracle.com/errata/ELSA-2026-3428.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-24785", "https://pkg.go.dev/vuln/GO-2024-2610", "https://security.netapp.com/advisory/ntap-20240329-0008/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7061-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://vuln.go.dev/ID/GO-2024-2610.json", "https://www.cve.org/CVERecord?id=CVE-2024-24785" ], "PublishedDate": "2024-03-05T23:15:07.777Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-24789", "VendorIDs": [ "GO-2024-2888" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.21.11, 1.22.4", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24789", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:7729a47f99c6a6f90adfc0dc1792f13a03e22f8f54df9581ddb0e68d2a950ecd", "Title": "golang: archive/zip: Incorrect handling of certain ZIP files", "Description": "The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/06/04/1", "https://access.redhat.com/errata/RHSA-2024:9115", "https://access.redhat.com/security/cve/CVE-2024-24789", "https://bugzilla.redhat.com/2279814", "https://bugzilla.redhat.com/2292668", "https://bugzilla.redhat.com/2292787", "https://bugzilla.redhat.com/2294000", "https://bugzilla.redhat.com/2295310", "https://bugzilla.redhat.com/show_bug.cgi?id=2144983", "https://bugzilla.redhat.com/show_bug.cgi?id=2274767", "https://bugzilla.redhat.com/show_bug.cgi?id=2292668", "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4122", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24789", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3727", "https://errata.almalinux.org/9/ALSA-2024-9115.html", "https://errata.rockylinux.org/RLSA-2024:9102", "https://github.com/golang/go/commit/c8e40338cf00f3c1d86c8fb23863ad67a4c72bcc (1.21)", "https://github.com/golang/go/commit/cf501ac0c5fe351a8582d20b43562027927906e7 (1.22)", "https://github.com/golang/go/issues/66869", "https://go.dev/cl/585397", "https://go.dev/issue/66869", "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k", "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ", "https://linux.oracle.com/cve/CVE-2024-24789.html", "https://linux.oracle.com/errata/ELSA-2024-9115.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5YAEIA6IUHUNGJ7AIXXPQT6D2GYENX7/", "https://nvd.nist.gov/vuln/detail/CVE-2024-24789", "https://pkg.go.dev/vuln/GO-2024-2888", "https://security.netapp.com/advisory/ntap-20250131-0008/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-24789" ], "PublishedDate": "2024-06-05T16:15:10.47Z", "LastModifiedDate": "2025-01-31T15:15:12.74Z" }, { "VulnerabilityID": "CVE-2024-24791", "VendorIDs": [ "GO-2024-2963" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.21.12, 1.22.5", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24791", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:1340cf8d1aacfff2212daaef053cfd71ce02c142ceaff31fbf1013b17f95cef9", "Title": "net/http: Denial of service due to improper 100-continue handling in net/http", "Description": "The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an \"Expect: 100-continue\" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending \"Expect: 100-continue\" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "bitnami": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:7256", "https://access.redhat.com/security/cve/CVE-2024-24791", "https://bugzilla.redhat.com/2237777", "https://bugzilla.redhat.com/2237778", "https://bugzilla.redhat.com/2279814", "https://bugzilla.redhat.com/2292787", "https://bugzilla.redhat.com/2295310", "https://bugzilla.redhat.com/2315719", "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", "https://bugzilla.redhat.com/show_bug.cgi?id=2292787", "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", "https://bugzilla.redhat.com/show_bug.cgi?id=2315719", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9355", "https://errata.almalinux.org/9/ALSA-2025-7256.html", "https://errata.rockylinux.org/RLSA-2025:7256", "https://go.dev/cl/591255", "https://go.dev/issue/67555", "https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ", "https://linux.oracle.com/cve/CVE-2024-24791.html", "https://linux.oracle.com/errata/ELSA-2025-7256.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-24791", "https://pkg.go.dev/vuln/GO-2024-2963", "https://security.netapp.com/advisory/ntap-20241004-0004/", "https://ubuntu.com/security/notices/USN-7081-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-24791" ], "PublishedDate": "2024-07-02T22:15:04.833Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-34155", "VendorIDs": [ "GO-2024-3105" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.22.7, 1.23.1", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34155", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:05ef7c7347c7db2b9bb17045b7d28fca7be773add5ca8abb3a16a5a51a42445f", "Title": "go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion", "Description": "Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 4.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:9459", "https://access.redhat.com/security/cve/CVE-2024-34155", "https://bugzilla.redhat.com/2310527", "https://bugzilla.redhat.com/2310528", "https://bugzilla.redhat.com/2310529", "https://bugzilla.redhat.com/2315691", "https://bugzilla.redhat.com/2315887", "https://bugzilla.redhat.com/2317458", "https://bugzilla.redhat.com/2317467", "https://bugzilla.redhat.com/show_bug.cgi?id=2310527", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2310529", "https://bugzilla.redhat.com/show_bug.cgi?id=2315691", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341", "https://errata.almalinux.org/9/ALSA-2024-9459.html", "https://errata.rockylinux.org/RLSA-2024:8039", "https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1)", "https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7)", "https://go.dev/cl/611238", "https://go.dev/issue/69138", "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "https://linux.oracle.com/cve/CVE-2024-34155.html", "https://linux.oracle.com/errata/ELSA-2024-9459.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-34155", "https://pkg.go.dev/vuln/GO-2024-3105", "https://security.netapp.com/advisory/ntap-20240926-0005/", "https://ubuntu.com/security/notices/USN-7081-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-34155" ], "PublishedDate": "2024-09-06T21:15:11.947Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-34158", "VendorIDs": [ "GO-2024-3107" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.22.7, 1.23.1", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34158", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:a68dda0de4ec86c4e8a264b8f27e15b8177d1222063c907636ba820ae641a948", "Title": "go/build/constraint: golang: Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion", "Description": "Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.", "Severity": "MEDIUM", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:7118", "https://access.redhat.com/security/cve/CVE-2024-34158", "https://bugzilla.redhat.com/2262921", "https://bugzilla.redhat.com/2310529", "https://bugzilla.redhat.com/2315719", "https://bugzilla.redhat.com/show_bug.cgi?id=2310527", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2310529", "https://bugzilla.redhat.com/show_bug.cgi?id=2315691", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341", "https://errata.almalinux.org/9/ALSA-2025-7118.html", "https://errata.rockylinux.org/RLSA-2024:8039", "https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1)", "https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7)", "https://go.dev/cl/611240", "https://go.dev/issue/69141", "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "https://linux.oracle.com/cve/CVE-2024-34158.html", "https://linux.oracle.com/errata/ELSA-2025-7118.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-34158", "https://pkg.go.dev/vuln/GO-2024-3107", "https://security.netapp.com/advisory/ntap-20241004-0003/", "https://ubuntu.com/security/notices/USN-7081-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-34158" ], "PublishedDate": "2024-09-06T21:15:12.083Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-45336", "VendorIDs": [ "GO-2025-3420" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.22.11, 1.23.5, 1.24.0-rc.2", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-45336", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:65325ca53709d2a4a1ee76f49c59aac20bd16e88d47ea0582dbf823a7873405e", "Title": "golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect", "Description": "The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "bitnami": 2, "cbl-mariner": 3, "oracle-oval": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:3772", "https://access.redhat.com/security/cve/CVE-2024-45336", "https://bugzilla.redhat.com/2341750", "https://bugzilla.redhat.com/2341751", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", "https://errata.almalinux.org/8/ALSA-2025-3772.html", "https://errata.rockylinux.org/RLSA-2025:3773", "https://github.com/golang/go/issues/70530", "https://go.dev/cl/643100", "https://go.dev/issue/70530", "https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI", "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ", "https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ", "https://linux.oracle.com/cve/CVE-2024-45336.html", "https://linux.oracle.com/errata/ELSA-2025-7592.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-45336", "https://pkg.go.dev/vuln/GO-2025-3420", "https://security.netapp.com/advisory/ntap-20250221-0003/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2024-45336" ], "PublishedDate": "2025-01-28T02:15:28.807Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-0913", "VendorIDs": [ "GO-2025-3750" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.23.10, 1.24.4", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b87af4df90f90c65e5fef0db8cda1c3702200724ff28c7cfbaca2c7786060295", "Title": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", "Description": "os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 } }, "References": [ "https://go.dev/cl/672396", "https://go.dev/issue/73702", "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "https://nvd.nist.gov/vuln/detail/CVE-2025-0913", "https://pkg.go.dev/vuln/GO-2025-3750" ], "PublishedDate": "2025-06-11T18:15:24.627Z", "LastModifiedDate": "2025-08-08T14:53:03.55Z" }, { "VulnerabilityID": "CVE-2025-22866", "VendorIDs": [ "GO-2025-3447" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.22.12, 1.23.6, 1.24.0-rc.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22866", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:258bf93f0929c32ac94547437025a98a62834eef3fe548a5edce473cf3c19412", "Title": "crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec", "Description": "Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.", "Severity": "MEDIUM", "VendorSeverity": { "bitnami": 2, "oracle-oval": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22866", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", "https://errata.rockylinux.org/RLSA-2025:3773", "https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12)", "https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6)", "https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3)", "https://github.com/golang/go/issues/71383", "https://go.dev/cl/643735", "https://go.dev/issue/71383", "https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k", "https://linux.oracle.com/cve/CVE-2025-22866.html", "https://linux.oracle.com/errata/ELSA-2025-7466.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-22866", "https://pkg.go.dev/vuln/GO-2025-3447", "https://security.netapp.com/advisory/ntap-20250221-0002/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-22866" ], "PublishedDate": "2025-02-06T17:15:21.41Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-22870", "VendorIDs": [ "GHSA-qxp5-gwg8-xv66", "GO-2025-3503" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.23.7, 1.24.1", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:5b5550d8d9f10001a2808329e62d447e0d9e03f826fff76af2ffb15af4240ef0", "Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", "Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.", "Severity": "MEDIUM", "CweIDs": [ "CWE-115" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/03/07/2", "https://access.redhat.com/security/cve/CVE-2025-22870", "https://github.com/golang/go/issues/71984", "https://go-review.googlesource.com/q/project:net", "https://go.dev/cl/654697", "https://go.dev/issue/71984", "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", "https://nvd.nist.gov/vuln/detail/CVE-2025-22870", "https://pkg.go.dev/vuln/GO-2025-3503", "https://security.netapp.com/advisory/ntap-20250509-0007", "https://security.netapp.com/advisory/ntap-20250509-0007/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-22870" ], "PublishedDate": "2025-03-12T19:15:38.31Z", "LastModifiedDate": "2026-04-16T23:16:32.86Z" }, { "VulnerabilityID": "CVE-2025-22871", "VendorIDs": [ "GO-2025-3563" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.23.8, 1.24.2", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22871", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:6858011badccfe4078bac8e2f4aab450902640e84e399945c6b16fee1805bfd0", "Title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http", "Description": "The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 4, "cbl-mariner": 3, "ghsa": 4, "oracle-oval": 2, "photon": 4, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/04/4", "https://access.redhat.com/errata/RHSA-2025:9635", "https://access.redhat.com/security/cve/CVE-2025-22871", "https://bugzilla.redhat.com/2358493", "https://bugzilla.redhat.com/show_bug.cgi?id=2358493", "https://cert-portal.siemens.com/productcert/html/ssa-783943.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871", "https://errata.almalinux.org/9/ALSA-2025-9635.html", "https://errata.rockylinux.org/RLSA-2025:9635", "https://github.com/roadrunner-server/roadrunner", "https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa", "https://github.com/roadrunner-server/roadrunner/issues/2166", "https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0", "https://go.dev/cl/652998", "https://go.dev/issue/71988", "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk", "https://linux.oracle.com/cve/CVE-2025-22871.html", "https://linux.oracle.com/errata/ELSA-2025-9845.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-22871", "https://pkg.go.dev/vuln/GO-2025-3563", "https://www.cve.org/CVERecord?id=CVE-2025-22871" ], "PublishedDate": "2025-04-08T20:15:20.183Z", "LastModifiedDate": "2026-05-12T13:16:39.897Z" }, { "VulnerabilityID": "CVE-2025-22873", "VendorIDs": [ "GO-2026-4403" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.23.9, 1.24.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22873", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c1293b90729ecaf702a01a0f37bb2c813b5c5b7aefc49def44efa8af582eb910", "Title": "os: os: Information disclosure via path traversal using specially crafted filenames", "Description": "It was possible to improperly access the parent directory of an os.Root by opening a filename ending in \"../\". For example, Root.Open(\"../\") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.", "Severity": "MEDIUM", "CweIDs": [ "CWE-23" ], "VendorSeverity": { "amazon": 2, "bitnami": 1, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "V3Score": 3.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/05/06/2", "https://access.redhat.com/security/cve/CVE-2025-22873", "https://go.dev/cl/670036", "https://go.dev/issue/73555", "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ", "https://nvd.nist.gov/vuln/detail/CVE-2025-22873", "https://pkg.go.dev/vuln/GO-2026-4403", "https://www.cve.org/CVERecord?id=CVE-2025-22873" ], "PublishedDate": "2026-02-04T23:15:54.22Z", "LastModifiedDate": "2026-02-10T15:16:40.057Z" }, { "VulnerabilityID": "CVE-2025-4673", "VendorIDs": [ "GO-2025-3751" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.23.10, 1.24.4", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:04950be515e97208f8858f80763c111618cbb49f93c738babcb40c569677ba38", "Title": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", "Description": "Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "V3Score": 6.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "V3Score": 6.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:15887", "https://access.redhat.com/security/cve/CVE-2025-4673", "https://bugzilla.redhat.com/2373305", "https://bugzilla.redhat.com/show_bug.cgi?id=2373305", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673", "https://errata.almalinux.org/9/ALSA-2025-15887.html", "https://errata.rockylinux.org/RLSA-2025:15887", "https://go.dev/cl/679257", "https://go.dev/issue/73816", "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "https://linux.oracle.com/cve/CVE-2025-4673.html", "https://linux.oracle.com/errata/ELSA-2025-10677.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-4673", "https://pkg.go.dev/vuln/GO-2025-3751", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-4673" ], "PublishedDate": "2025-06-11T17:15:42.993Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-47906", "VendorIDs": [ "GO-2025-3956" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.23.12, 1.24.6", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c91525bcd5643394fe3e9779e299a8eab3559de97044221894f2ecbb6c5c83fe", "Title": "os/exec: Unexpected paths returned from LookPath in os/exec", "Description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/08/06/1", "https://access.redhat.com/errata/RHSA-2025:22005", "https://access.redhat.com/security/cve/CVE-2025-47906", "https://bugzilla.redhat.com/2396546", "https://bugzilla.redhat.com/show_bug.cgi?id=2396546", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906", "https://errata.almalinux.org/9/ALSA-2025-22005.html", "https://errata.rockylinux.org/RLSA-2025:22005", "https://go.dev/cl/691775", "https://go.dev/issue/74466", "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", "https://linux.oracle.com/cve/CVE-2025-47906.html", "https://linux.oracle.com/errata/ELSA-2025-22668.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-47906", "https://pkg.go.dev/vuln/GO-2025-3956", "https://www.cve.org/CVERecord?id=CVE-2025-47906" ], "PublishedDate": "2025-09-18T19:15:37.66Z", "LastModifiedDate": "2026-01-27T19:56:17.707Z" }, { "VulnerabilityID": "CVE-2025-47907", "VendorIDs": [ "GO-2025-3849" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.23.12, 1.24.6", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:44a134cdbbf06250470ed0522690f43de09fa40d68a03e0fd92b0a85cdc6f100", "Title": "database/sql: Postgres Scan Race Condition", "Description": "Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "V3Score": 7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/08/06/1", "https://access.redhat.com/errata/RHSA-2025:20909", "https://access.redhat.com/security/cve/CVE-2025-47907", "https://bugzilla.redhat.com/2387083", "https://bugzilla.redhat.com/2393152", "https://errata.almalinux.org/9/ALSA-2025-20909.html", "https://go.dev/cl/693735", "https://go.dev/issue/74831", "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", "https://linux.oracle.com/cve/CVE-2025-47907.html", "https://linux.oracle.com/errata/ELSA-2025-20983.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-47907", "https://pkg.go.dev/vuln/GO-2025-3849", "https://www.cve.org/CVERecord?id=CVE-2025-47907" ], "PublishedDate": "2025-08-07T16:15:30.357Z", "LastModifiedDate": "2026-01-29T19:11:50.67Z" }, { "VulnerabilityID": "CVE-2025-47912", "VendorIDs": [ "GO-2025-4010" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47912", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:68b5939d4cdb1194b5b55b14ce2246f3637a3e6e30d7671c17d1a01fa4130bd0", "Title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url", "Description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-47912", "https://go.dev/cl/709857", "https://go.dev/issue/75678", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-47912", "https://pkg.go.dev/vuln/GO-2025-4010", "https://www.cve.org/CVERecord?id=CVE-2025-47912" ], "PublishedDate": "2025-10-29T23:16:18.187Z", "LastModifiedDate": "2026-01-29T13:57:18.69Z" }, { "VulnerabilityID": "CVE-2025-58183", "VendorIDs": [ "GO-2025-4014" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58183", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:ce6d0bc7680092205141ce6ee1116888e2e043a31dff7a9c00f43f97981e6e69", "Title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map", "Description": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/errata/RHSA-2026:1381", "https://access.redhat.com/security/cve/CVE-2025-58183", "https://bugzilla.redhat.com/2407258", "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", "https://errata.almalinux.org/9/ALSA-2026-1381.html", "https://errata.rockylinux.org/RLSA-2025:23326", "https://go.dev/cl/709861", "https://go.dev/issue/75677", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://linux.oracle.com/cve/CVE-2025-58183.html", "https://linux.oracle.com/errata/ELSA-2026-50076.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-58183", "https://pkg.go.dev/vuln/GO-2025-4014", "https://www.cve.org/CVERecord?id=CVE-2025-58183" ], "PublishedDate": "2025-10-29T23:16:19.357Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-58185", "VendorIDs": [ "GO-2025-4011" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58185", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f5cf5f81e613eb1dfa52b88d392d64c2075fe7e4320a31d8b5a2b12220065829", "Title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1", "Description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58185", "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd", "https://go.dev/cl/709856", "https://go.dev/issue/75671", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58185", "https://pkg.go.dev/vuln/GO-2025-4011", "https://www.cve.org/CVERecord?id=CVE-2025-58185" ], "PublishedDate": "2025-10-29T23:16:19.45Z", "LastModifiedDate": "2026-02-06T20:26:41.997Z" }, { "VulnerabilityID": "CVE-2025-58187", "VendorIDs": [ "GO-2025-4007" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.24.9, 1.25.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58187", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:bbcba2352edd6d942d7123f021a28cf563577da314fdde33990ff2bf8fed8fb1", "Title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509", "Description": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.", "Severity": "MEDIUM", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58187", "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4", "https://go.dev/cl/709854", "https://go.dev/issue/75681", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58187", "https://pkg.go.dev/vuln/GO-2025-4007", "https://www.cve.org/CVERecord?id=CVE-2025-58187" ], "PublishedDate": "2025-10-29T23:16:19.643Z", "LastModifiedDate": "2026-01-29T16:02:27.08Z" }, { "VulnerabilityID": "CVE-2025-58188", "VendorIDs": [ "GO-2025-4013" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58188", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:bee973e1ccbf3bd422399a7a5656b226f862ca1b0d1c099df7a02906ed337de4", "Title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509", "Description": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58188", "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9", "https://go.dev/cl/709853", "https://go.dev/issue/75675", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58188", "https://pkg.go.dev/vuln/GO-2025-4013", "https://www.cve.org/CVERecord?id=CVE-2025-58188" ], "PublishedDate": "2025-10-29T23:16:19.74Z", "LastModifiedDate": "2026-01-29T15:55:11.97Z" }, { "VulnerabilityID": "CVE-2025-58189", "VendorIDs": [ "GO-2025-4008" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58189", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:00da960d62aabcc580c3480402caedc2ba66ad9b7af790d53ac2fdc1592d8c62", "Title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information", "Description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", "Severity": "MEDIUM", "CweIDs": [ "CWE-532" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58189", "https://go.dev/cl/707776", "https://go.dev/issue/75652", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58189", "https://pkg.go.dev/vuln/GO-2025-4008", "https://www.cve.org/CVERecord?id=CVE-2025-58189" ], "PublishedDate": "2025-10-29T23:16:19.833Z", "LastModifiedDate": "2026-01-29T15:49:24.543Z" }, { "VulnerabilityID": "CVE-2025-61723", "VendorIDs": [ "GO-2025-4009" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61723", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:1738df9520b519789d56e37ec8f7635857bbe98fe65e909d720daad3009cbeae", "Title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem", "Description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61723", "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b", "https://go.dev/cl/709858", "https://go.dev/issue/75676", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61723", "https://pkg.go.dev/vuln/GO-2025-4009", "https://www.cve.org/CVERecord?id=CVE-2025-61723" ], "PublishedDate": "2025-10-29T23:16:19.927Z", "LastModifiedDate": "2026-01-29T15:49:05.343Z" }, { "VulnerabilityID": "CVE-2025-61724", "VendorIDs": [ "GO-2025-4015" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61724", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f39764349d5d15a275aa1f5e729f0ef85e32e2c9013520238139a2a0fa336c57", "Title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto", "Description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61724", "https://go.dev/cl/709859", "https://go.dev/issue/75716", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61724", "https://pkg.go.dev/vuln/GO-2025-4015", "https://www.cve.org/CVERecord?id=CVE-2025-61724" ], "PublishedDate": "2025-10-29T23:16:20.02Z", "LastModifiedDate": "2026-01-29T15:30:53.69Z" }, { "VulnerabilityID": "CVE-2025-61725", "VendorIDs": [ "GO-2025-4006" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61725", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:86dba3886dda4f257f8ed37e9135a833eb6558d43cdf03a5e881b1789c1c9747", "Title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail", "Description": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61725", "https://go.dev/cl/709860", "https://go.dev/issue/75680", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61725", "https://pkg.go.dev/vuln/GO-2025-4006", "https://www.cve.org/CVERecord?id=CVE-2025-61725" ], "PublishedDate": "2025-10-29T23:16:20.113Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-61727", "VendorIDs": [ "GO-2025-4175" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.24.11, 1.25.5", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61727", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3f84dfe8a7541f46eaf48731e2f88c425d948ef5f68da5c8e0a0d497b344e92d", "Title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs", "Description": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-61727", "https://go.dev/cl/723900", "https://go.dev/issue/76442", "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "https://nvd.nist.gov/vuln/detail/CVE-2025-61727", "https://pkg.go.dev/vuln/GO-2025-4175", "https://www.cve.org/CVERecord?id=CVE-2025-61727" ], "PublishedDate": "2025-12-03T20:16:25.607Z", "LastModifiedDate": "2025-12-18T20:15:10.957Z" }, { "VulnerabilityID": "CVE-2025-61728", "VendorIDs": [ "GO-2026-4342" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61728", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:053d2524af94a204c04caf2398b8847cd157f8763afab7c117823d56427ecb48", "Title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip", "Description": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/15/4", "https://access.redhat.com/errata/RHSA-2026:3753", "https://access.redhat.com/security/cve/CVE-2025-61728", "https://bugzilla.redhat.com/2418462", "https://bugzilla.redhat.com/2434431", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", "https://bugzilla.redhat.com/show_bug.cgi?id=2434431", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-3753.html", "https://errata.rockylinux.org/RLSA-2026:3337", "https://go.dev/cl/736713", "https://go.dev/issue/77102", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-61728.html", "https://linux.oracle.com/errata/ELSA-2026-4672.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61728", "https://pkg.go.dev/vuln/GO-2026-4342", "https://www.cve.org/CVERecord?id=CVE-2025-61728" ], "PublishedDate": "2026-01-28T20:16:09.83Z", "LastModifiedDate": "2026-02-06T18:45:10.42Z" }, { "VulnerabilityID": "CVE-2025-61730", "VendorIDs": [ "GO-2026-4340" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61730", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b9ee830a115cc19c2ceac762bb6084d4a2d6ab4c2ffd22557059df5d480f513d", "Title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls", "Description": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 2, "azure": 1, "bitnami": 2, "cbl-mariner": 1, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-61730", "https://go.dev/cl/724120", "https://go.dev/issue/76443", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://nvd.nist.gov/vuln/detail/CVE-2025-61730", "https://pkg.go.dev/vuln/GO-2026-4340", "https://www.cve.org/CVERecord?id=CVE-2025-61730" ], "PublishedDate": "2026-01-28T20:16:09.94Z", "LastModifiedDate": "2026-02-03T20:36:41.3Z" }, { "VulnerabilityID": "CVE-2026-27142", "VendorIDs": [ "GO-2026-4603" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.25.8, 1.26.1", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27142", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:6fddd0ccb942b6635289b13a2e5fc7f8cfcf7e88556a0f1af7d7ddc4415ddf11", "Title": "html/template: URLs in meta content attribute actions are not escaped in html/template", "Description": "Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27142", "https://go.dev/cl/752081", "https://go.dev/issue/77954", "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "https://nvd.nist.gov/vuln/detail/CVE-2026-27142", "https://pkg.go.dev/vuln/GO-2026-4603", "https://www.cve.org/CVERecord?id=CVE-2026-27142" ], "PublishedDate": "2026-03-06T22:16:01.177Z", "LastModifiedDate": "2026-04-21T14:30:01.38Z" }, { "VulnerabilityID": "CVE-2026-32282", "VendorIDs": [ "GO-2026-4864" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:cb3c313b174dc07bc2ec3e3f0a2ede18eb93cd9b5f8aa7dbe34cd4ab666d6590", "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32282", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763761", "https://go.dev/issue/78293", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32282.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", "https://pkg.go.dev/vuln/GO-2026-4864", "https://www.cve.org/CVERecord?id=CVE-2026-32282" ], "PublishedDate": "2026-04-08T02:16:03.467Z", "LastModifiedDate": "2026-04-16T19:15:39.4Z" }, { "VulnerabilityID": "CVE-2026-32288", "VendorIDs": [ "GO-2026-4869" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:bff6319f0195a747007b15235b0cee1c5bf25826ce03a4e6068cc3047061132c", "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "azure": 2, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32288", "https://go.dev/cl/763766", "https://go.dev/issue/78301", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", "https://pkg.go.dev/vuln/GO-2026-4869", "https://www.cve.org/CVERecord?id=CVE-2026-32288" ], "PublishedDate": "2026-04-08T02:16:03.707Z", "LastModifiedDate": "2026-04-16T19:08:52.24Z" }, { "VulnerabilityID": "CVE-2026-32289", "VendorIDs": [ "GO-2026-4865" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:afb3468447b09de481871673ffefd4a4431c7d946a92f25b4e9a88d083b202da", "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32289", "https://go.dev/cl/763762", "https://go.dev/issue/78331", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", "https://pkg.go.dev/vuln/GO-2026-4865", "https://www.cve.org/CVERecord?id=CVE-2026-32289" ], "PublishedDate": "2026-04-08T02:16:03.82Z", "LastModifiedDate": "2026-04-16T19:06:57.367Z" }, { "VulnerabilityID": "CVE-2026-39823", "VendorIDs": [ "GO-2026-4982" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:d20f93a1f12bde8dfe7a1cd125bc7a1e1f8fb9eafdfc7f9d06890f248b62c077", "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/769920", "https://go.dev/issue/78913", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", "https://pkg.go.dev/vuln/GO-2026-4982" ], "PublishedDate": "2026-05-07T20:16:43.29Z", "LastModifiedDate": "2026-05-13T16:58:45.697Z" }, { "VulnerabilityID": "CVE-2026-39825", "VendorIDs": [ "GO-2026-4976" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f1b23859f09ef74a55dc825f4478cd99ec293ed3ec6b5b5eeff4e28117c764ce", "Title": "ReverseProxy can forward queries containing parameters not visible to ...", "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", "Severity": "MEDIUM", "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://go.dev/cl/770541", "https://go.dev/issue/78948", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", "https://pkg.go.dev/vuln/GO-2026-4976" ], "PublishedDate": "2026-05-07T20:16:43.39Z", "LastModifiedDate": "2026-05-13T16:58:56.39Z" }, { "VulnerabilityID": "CVE-2026-39826", "VendorIDs": [ "GO-2026-4980" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:4b024e76e5bc69b3939f6dc0c27ab2674dc1bb108622cf26c56a09489de644c2", "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", "Severity": "MEDIUM", "CweIDs": [ "CWE-116" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/771180", "https://go.dev/issue/78981", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", "https://pkg.go.dev/vuln/GO-2026-4980" ], "PublishedDate": "2026-05-07T20:16:43.49Z", "LastModifiedDate": "2026-05-13T16:59:07.48Z" } ] } ] }, { "Namespace": "kube-system", "Kind": "Deployment", "Name": "coredns", "Metadata": [ { "Size": 53617152, "ImageID": "sha256:ead0a4a53df89fd173874b46093b6e62d8c72967bbf606d672c9e8c9b601a4fc", "DiffIDs": [ "sha256:6a4a177e62f374d68e6889ffa22b644db056e1d47ee4085c88408fa1d153871d", "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" ], "RepoTags": [ "coredns/coredns:1.10.1" ], "RepoDigests": [ "coredns/coredns@sha256:a0ead06651cf580044aeb0a0feba63591858fb2e43ade8c9dea45a6a89ae7e5e" ], "Reference": "coredns/coredns:1.10.1", "ImageConfig": { "architecture": "amd64", "created": "2023-02-06T18:31:00.426815885Z", "history": [ { "created": "2023-02-06T18:31:00.19534776Z", "created_by": "COPY /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2023-02-06T18:31:00.426815885Z", "created_by": "ADD coredns /coredns # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2023-02-06T18:31:00.426815885Z", "created_by": "EXPOSE map[53/tcp:{} 53/udp:{}]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2023-02-06T18:31:00.426815885Z", "created_by": "ENTRYPOINT [\"/coredns\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true } ], "os": "linux", "rootfs": { "type": "layers", "diff_ids": [ "sha256:6a4a177e62f374d68e6889ffa22b644db056e1d47ee4085c88408fa1d153871d", "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" ] }, "config": { "Entrypoint": [ "/coredns" ], "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ], "WorkingDir": "/", "ExposedPorts": { "53/tcp": {}, "53/udp": {} } } }, "Layers": [ { "Size": 203776, "Digest": "sha256:25b7032c281a433b92d09930f3a03c0f7382c27eb69ae7f35addf2e3853dbba7", "DiffID": "sha256:6a4a177e62f374d68e6889ffa22b644db056e1d47ee4085c88408fa1d153871d" }, { "Size": 53413376, "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" } ] } ], "Results": [ { "Target": "coredns", "Class": "lang-pkgs", "Type": "gobinary", "Packages": [ { "ID": "github.com/coredns/coredns", "Name": "github.com/coredns/coredns", "Identifier": { "PURL": "pkg:golang/github.com/coredns/coredns", "UID": "b62db72f37da0b3" }, "Relationship": "root", "DependsOn": [ "cloud.google.com/go/compute/metadata@v0.2.3", "github.com/Azure/azure-sdk-for-go@v68.0.0+incompatible", "github.com/Azure/go-autorest/autorest/adal@v0.9.18", "github.com/Azure/go-autorest/autorest/azure/auth@v0.5.12", "github.com/Azure/go-autorest/autorest/azure/cli@v0.4.5", "github.com/Azure/go-autorest/autorest/date@v0.3.0", "github.com/Azure/go-autorest/autorest/to@v0.2.0", "github.com/Azure/go-autorest/autorest@v0.11.28", "github.com/Azure/go-autorest/logger@v0.2.1", "github.com/Azure/go-autorest/tracing@v0.6.0", "github.com/DataDog/datadog-agent/pkg/obfuscate@v0.0.0-20211129110424-6491aa3bf583", "github.com/DataDog/datadog-agent/pkg/remoteconfig/state@v0.42.0-rc.1", "github.com/DataDog/datadog-go/v5@v5.0.2", "github.com/DataDog/datadog-go@v4.8.2+incompatible", "github.com/DataDog/go-tuf@v0.3.0--fix-localmeta-fork", "github.com/DataDog/sketches-go@v1.2.1", "github.com/antonmedv/expr@v1.12.0", "github.com/apparentlymart/go-cidr@v1.1.0", "github.com/aws/aws-sdk-go@v1.44.194", "github.com/beorn7/perks@v1.0.1", "github.com/cespare/xxhash/v2@v2.1.2", "github.com/coredns/caddy@v1.1.1", "github.com/coreos/go-semver@v0.3.0", "github.com/coreos/go-systemd/v22@v22.3.2", "github.com/davecgh/go-spew@v1.1.1", "github.com/dgraph-io/ristretto@v0.1.0", "github.com/dimchansky/utfbom@v1.1.1", "github.com/dnstap/golang-dnstap@v0.4.0", "github.com/dustin/go-humanize@v1.0.0", "github.com/emicklei/go-restful/v3@v3.9.0", "github.com/farsightsec/golang-framestream@v0.3.0", "github.com/flynn/go-shlex@v0.0.0-20150515145356-3f9db97f8568", "github.com/go-logr/logr@v1.2.3", "github.com/go-openapi/jsonpointer@v0.19.5", "github.com/go-openapi/jsonreference@v0.20.0", "github.com/go-openapi/swag@v0.19.14", "github.com/gogo/protobuf@v1.3.2", "github.com/golang-jwt/jwt/v4@v4.2.0", "github.com/golang/glog@v0.0.0-20160126235308-23def4e6c14b", "github.com/golang/groupcache@v0.0.0-20210331224755-41bb18bfe9da", "github.com/golang/protobuf@v1.5.2", "github.com/google/gnostic@v0.5.7-v3refs", "github.com/google/go-cmp@v0.5.9", "github.com/google/gofuzz@v1.2.0", "github.com/google/uuid@v1.3.0", "github.com/googleapis/enterprise-certificate-proxy@v0.2.1", "github.com/googleapis/gax-go/v2@v2.7.0", "github.com/grpc-ecosystem/grpc-opentracing@v0.0.0-20180507213350-8e809c8a8645", "github.com/imdario/mergo@v0.3.12", "github.com/infobloxopen/go-trees@v0.0.0-20200715205103-96a057b8dfb9", "github.com/jmespath/go-jmespath@v0.4.0", "github.com/josharian/intern@v1.0.0", "github.com/json-iterator/go@v1.1.12", "github.com/mailru/easyjson@v0.7.7", "github.com/matttproud/golang_protobuf_extensions@v1.0.4", "github.com/miekg/dns@v1.1.50", "github.com/mitchellh/go-homedir@v1.1.0", "github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", "github.com/modern-go/reflect2@v1.0.2", "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", "github.com/opentracing-contrib/go-observer@v0.0.0-20170622124052-a52f23424492", "github.com/opentracing/opentracing-go@v1.2.0", "github.com/openzipkin-contrib/zipkin-go-opentracing@v0.5.0", "github.com/openzipkin/zipkin-go@v0.4.1", "github.com/oschwald/geoip2-golang@v1.8.0", "github.com/oschwald/maxminddb-golang@v1.10.0", "github.com/philhofer/fwd@v1.1.1", "github.com/pkg/errors@v0.9.1", "github.com/prometheus/client_golang@v1.14.0", "github.com/prometheus/client_model@v0.3.0", "github.com/prometheus/common@v0.39.0", "github.com/prometheus/procfs@v0.8.0", "github.com/secure-systems-lab/go-securesystemslib@v0.4.0", "github.com/spf13/pflag@v1.0.5", "github.com/tinylib/msgp@v1.1.6", "go.etcd.io/etcd/api/v3@v3.5.7", "go.etcd.io/etcd/client/pkg/v3@v3.5.7", "go.etcd.io/etcd/client/v3@v3.5.7", "go.opencensus.io@v0.24.0", "go.uber.org/atomic@v1.9.0", "go.uber.org/multierr@v1.6.0", "go.uber.org/zap@v1.17.0", "golang.org/x/crypto@v0.0.0-20221010152910-d6f0a8c073c2", "golang.org/x/net@v0.4.0", "golang.org/x/oauth2@v0.3.0", "golang.org/x/sys@v0.4.0", "golang.org/x/term@v0.3.0", "golang.org/x/text@v0.5.0", "golang.org/x/time@v0.0.0-20220210224613-90d013bbcef8", "golang.org/x/xerrors@v0.0.0-20220907171357-04be3eba64a2", "google.golang.org/api@v0.109.0", "google.golang.org/genproto@v0.0.0-20221227171554-f9683d7f8bef", "google.golang.org/grpc@v1.52.3", "google.golang.org/protobuf@v1.28.1", "gopkg.in/DataDog/dd-trace-go.v1@v1.47.0", "gopkg.in/inf.v0@v0.9.1", "gopkg.in/yaml.v2@v2.4.0", "gopkg.in/yaml.v3@v3.0.1", "k8s.io/api@v0.26.1", "k8s.io/apimachinery@v0.26.1", "k8s.io/client-go@v0.26.1", "k8s.io/klog/v2@v2.90.0", "k8s.io/kube-openapi@v0.0.0-20221012153701-172d655c2280", "k8s.io/utils@v0.0.0-20221107191617-1a15be271d1d", "sigs.k8s.io/json@v0.0.0-20220713155537-f223a00ba0e2", "sigs.k8s.io/structured-merge-diff/v4@v4.2.3", "sigs.k8s.io/yaml@v1.3.0", "stdlib@v1.20" ], "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "stdlib@v1.20", "Name": "stdlib", "Identifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "Version": "v1.20", "Relationship": "direct", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "cloud.google.com/go/compute/metadata@v0.2.3", "Name": "cloud.google.com/go/compute/metadata", "Identifier": { "PURL": "pkg:golang/cloud.google.com/go/compute/metadata@v0.2.3", "UID": "40e7df92b55c7174" }, "Version": "v0.2.3", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Azure/azure-sdk-for-go@v68.0.0+incompatible", "Name": "github.com/Azure/azure-sdk-for-go", "Identifier": { "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go@v68.0.0%2Bincompatible", "UID": "89dc7a6f0e41dbb" }, "Version": "v68.0.0+incompatible", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Azure/go-autorest/autorest@v0.11.28", "Name": "github.com/Azure/go-autorest/autorest", "Identifier": { "PURL": "pkg:golang/github.com/azure/go-autorest/autorest@v0.11.28", "UID": "ebf17b77057c452d" }, "Version": "v0.11.28", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Azure/go-autorest/autorest/adal@v0.9.18", "Name": "github.com/Azure/go-autorest/autorest/adal", "Identifier": { "PURL": "pkg:golang/github.com/azure/go-autorest/autorest/adal@v0.9.18", "UID": "30c7d48822125e75" }, "Version": "v0.9.18", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Azure/go-autorest/autorest/azure/auth@v0.5.12", "Name": "github.com/Azure/go-autorest/autorest/azure/auth", "Identifier": { "PURL": "pkg:golang/github.com/azure/go-autorest/autorest/azure/auth@v0.5.12", "UID": "9888652de048a07" }, "Version": "v0.5.12", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Azure/go-autorest/autorest/azure/cli@v0.4.5", "Name": "github.com/Azure/go-autorest/autorest/azure/cli", "Identifier": { "PURL": "pkg:golang/github.com/azure/go-autorest/autorest/azure/cli@v0.4.5", "UID": "bc7fda8387130e01" }, "Version": "v0.4.5", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Azure/go-autorest/autorest/date@v0.3.0", "Name": "github.com/Azure/go-autorest/autorest/date", "Identifier": { "PURL": "pkg:golang/github.com/azure/go-autorest/autorest/date@v0.3.0", "UID": "77d1071b03fa440b" }, "Version": "v0.3.0", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Azure/go-autorest/autorest/to@v0.2.0", "Name": "github.com/Azure/go-autorest/autorest/to", "Identifier": { "PURL": "pkg:golang/github.com/azure/go-autorest/autorest/to@v0.2.0", "UID": "f23eb029b8bd352e" }, "Version": "v0.2.0", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Azure/go-autorest/logger@v0.2.1", "Name": "github.com/Azure/go-autorest/logger", "Identifier": { "PURL": "pkg:golang/github.com/azure/go-autorest/logger@v0.2.1", "UID": "1c1b79d9e6a8b68d" }, "Version": "v0.2.1", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Azure/go-autorest/tracing@v0.6.0", "Name": "github.com/Azure/go-autorest/tracing", "Identifier": { "PURL": "pkg:golang/github.com/azure/go-autorest/tracing@v0.6.0", "UID": "460ae50c31da97f0" }, "Version": "v0.6.0", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/DataDog/datadog-agent/pkg/obfuscate@v0.0.0-20211129110424-6491aa3bf583", "Name": "github.com/DataDog/datadog-agent/pkg/obfuscate", "Identifier": { "PURL": "pkg:golang/github.com/datadog/datadog-agent/pkg/obfuscate@v0.0.0-20211129110424-6491aa3bf583", "UID": "fc91580e9b0c3a87" }, "Version": "v0.0.0-20211129110424-6491aa3bf583", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/DataDog/datadog-agent/pkg/remoteconfig/state@v0.42.0-rc.1", "Name": "github.com/DataDog/datadog-agent/pkg/remoteconfig/state", "Identifier": { "PURL": "pkg:golang/github.com/datadog/datadog-agent/pkg/remoteconfig/state@v0.42.0-rc.1", "UID": "56a86becaf94a3ee" }, "Version": "v0.42.0-rc.1", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/DataDog/datadog-go@v4.8.2+incompatible", "Name": "github.com/DataDog/datadog-go", "Identifier": { "PURL": "pkg:golang/github.com/datadog/datadog-go@v4.8.2%2Bincompatible", "UID": "c28ce4c3c3db4c2a" }, "Version": "v4.8.2+incompatible", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/DataDog/datadog-go/v5@v5.0.2", "Name": "github.com/DataDog/datadog-go/v5", "Identifier": { "PURL": "pkg:golang/github.com/datadog/datadog-go/v5@v5.0.2", "UID": "88617249dc9cf4ac" }, "Version": "v5.0.2", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/DataDog/go-tuf@v0.3.0--fix-localmeta-fork", "Name": "github.com/DataDog/go-tuf", "Identifier": { "PURL": "pkg:golang/github.com/datadog/go-tuf@v0.3.0--fix-localmeta-fork", "UID": "38d118b2ec11c543" }, "Version": "v0.3.0--fix-localmeta-fork", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/DataDog/sketches-go@v1.2.1", "Name": "github.com/DataDog/sketches-go", "Identifier": { "PURL": "pkg:golang/github.com/datadog/sketches-go@v1.2.1", "UID": "4fb014cac45cf6a4" }, "Version": "v1.2.1", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/antonmedv/expr@v1.12.0", "Name": "github.com/antonmedv/expr", "Identifier": { "PURL": "pkg:golang/github.com/antonmedv/expr@v1.12.0", "UID": "ed7346a1ceef590c" }, "Version": "v1.12.0", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/apparentlymart/go-cidr@v1.1.0", "Name": "github.com/apparentlymart/go-cidr", "Identifier": { "PURL": "pkg:golang/github.com/apparentlymart/go-cidr@v1.1.0", "UID": "e67a78672b2f7c3a" }, "Version": "v1.1.0", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go@v1.44.194", "Name": "github.com/aws/aws-sdk-go", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go@v1.44.194", "UID": "b284a1b1b344e726" }, "Version": "v1.44.194", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/beorn7/perks@v1.0.1", "Name": "github.com/beorn7/perks", "Identifier": { "PURL": "pkg:golang/github.com/beorn7/perks@v1.0.1", "UID": "ed2d59ce5503e0af" }, "Version": "v1.0.1", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cespare/xxhash/v2@v2.1.2", "Name": "github.com/cespare/xxhash/v2", "Identifier": { "PURL": "pkg:golang/github.com/cespare/xxhash/v2@v2.1.2", "UID": "c67d0802c761660f" }, "Version": "v2.1.2", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/coredns/caddy@v1.1.1", "Name": "github.com/coredns/caddy", "Identifier": { "PURL": "pkg:golang/github.com/coredns/caddy@v1.1.1", "UID": "97d63c5e9bec3e8d" }, "Version": "v1.1.1", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/coreos/go-semver@v0.3.0", "Name": "github.com/coreos/go-semver", "Identifier": { "PURL": "pkg:golang/github.com/coreos/go-semver@v0.3.0", "UID": "14c7ae5f90df00aa" }, "Version": "v0.3.0", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/coreos/go-systemd/v22@v22.3.2", "Name": "github.com/coreos/go-systemd/v22", "Identifier": { "PURL": "pkg:golang/github.com/coreos/go-systemd/v22@v22.3.2", "UID": "2504f71e209cb426" }, "Version": "v22.3.2", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/davecgh/go-spew@v1.1.1", "Name": "github.com/davecgh/go-spew", "Identifier": { "PURL": "pkg:golang/github.com/davecgh/go-spew@v1.1.1", "UID": "d673d275319c6a1d" }, "Version": "v1.1.1", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/dgraph-io/ristretto@v0.1.0", "Name": "github.com/dgraph-io/ristretto", "Identifier": { "PURL": "pkg:golang/github.com/dgraph-io/ristretto@v0.1.0", "UID": "64d074cf4902dfce" }, "Version": "v0.1.0", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/dimchansky/utfbom@v1.1.1", "Name": "github.com/dimchansky/utfbom", "Identifier": { "PURL": "pkg:golang/github.com/dimchansky/utfbom@v1.1.1", "UID": "c90020b4e5559b2b" }, "Version": "v1.1.1", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/dnstap/golang-dnstap@v0.4.0", "Name": "github.com/dnstap/golang-dnstap", "Identifier": { "PURL": "pkg:golang/github.com/dnstap/golang-dnstap@v0.4.0", "UID": "735f7eb0f59e35ee" }, "Version": "v0.4.0", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/dustin/go-humanize@v1.0.0", "Name": "github.com/dustin/go-humanize", "Identifier": { "PURL": "pkg:golang/github.com/dustin/go-humanize@v1.0.0", "UID": "56571c0e7976f774" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/emicklei/go-restful/v3@v3.9.0", "Name": "github.com/emicklei/go-restful/v3", "Identifier": { "PURL": "pkg:golang/github.com/emicklei/go-restful/v3@v3.9.0", "UID": "5ada931948b7c9" }, "Version": "v3.9.0", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/farsightsec/golang-framestream@v0.3.0", "Name": "github.com/farsightsec/golang-framestream", "Identifier": { "PURL": "pkg:golang/github.com/farsightsec/golang-framestream@v0.3.0", "UID": "7516aa501168aee3" }, "Version": "v0.3.0", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/flynn/go-shlex@v0.0.0-20150515145356-3f9db97f8568", "Name": "github.com/flynn/go-shlex", "Identifier": { "PURL": "pkg:golang/github.com/flynn/go-shlex@v0.0.0-20150515145356-3f9db97f8568", "UID": "228eb21bc0f83523" }, "Version": "v0.0.0-20150515145356-3f9db97f8568", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-logr/logr@v1.2.3", "Name": "github.com/go-logr/logr", "Identifier": { "PURL": "pkg:golang/github.com/go-logr/logr@v1.2.3", "UID": "42d891e2b557eafa" }, "Version": "v1.2.3", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/jsonpointer@v0.19.5", "Name": "github.com/go-openapi/jsonpointer", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/jsonpointer@v0.19.5", "UID": "8969399c694942ea" }, "Version": "v0.19.5", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/jsonreference@v0.20.0", "Name": "github.com/go-openapi/jsonreference", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/jsonreference@v0.20.0", "UID": "6b9c8bf8d689e73d" }, "Version": "v0.20.0", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag@v0.19.14", "Name": "github.com/go-openapi/swag", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag@v0.19.14", "UID": "af9f7052a4a2d6f1" }, "Version": "v0.19.14", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/gogo/protobuf@v1.3.2", "Name": "github.com/gogo/protobuf", "Identifier": { "PURL": "pkg:golang/github.com/gogo/protobuf@v1.3.2", "UID": "272364e50043f4d3" }, "Version": "v1.3.2", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/golang-jwt/jwt/v4@v4.2.0", "Name": "github.com/golang-jwt/jwt/v4", "Identifier": { "PURL": "pkg:golang/github.com/golang-jwt/jwt/v4@v4.2.0", "UID": "a0436ebc5a39db0a" }, "Version": "v4.2.0", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/golang/glog@v0.0.0-20160126235308-23def4e6c14b", "Name": "github.com/golang/glog", "Identifier": { "PURL": "pkg:golang/github.com/golang/glog@v0.0.0-20160126235308-23def4e6c14b", "UID": "4c5035812177d7a1" }, "Version": "v0.0.0-20160126235308-23def4e6c14b", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/golang/groupcache@v0.0.0-20210331224755-41bb18bfe9da", "Name": "github.com/golang/groupcache", "Identifier": { "PURL": "pkg:golang/github.com/golang/groupcache@v0.0.0-20210331224755-41bb18bfe9da", "UID": "ba0a75d4bee7fa63" }, "Version": "v0.0.0-20210331224755-41bb18bfe9da", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/golang/protobuf@v1.5.2", "Name": "github.com/golang/protobuf", "Identifier": { "PURL": "pkg:golang/github.com/golang/protobuf@v1.5.2", "UID": "444057d29b74a75e" }, "Version": "v1.5.2", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/gnostic@v0.5.7-v3refs", "Name": "github.com/google/gnostic", "Identifier": { "PURL": "pkg:golang/github.com/google/gnostic@v0.5.7-v3refs", "UID": "b60c65ef1c536d4a" }, "Version": "v0.5.7-v3refs", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/go-cmp@v0.5.9", "Name": "github.com/google/go-cmp", "Identifier": { "PURL": "pkg:golang/github.com/google/go-cmp@v0.5.9", "UID": "8b1cf3399c0449b2" }, "Version": "v0.5.9", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/gofuzz@v1.2.0", "Name": "github.com/google/gofuzz", "Identifier": { "PURL": "pkg:golang/github.com/google/gofuzz@v1.2.0", "UID": "f2a738b54888522c" }, "Version": "v1.2.0", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/uuid@v1.3.0", "Name": "github.com/google/uuid", "Identifier": { "PURL": "pkg:golang/github.com/google/uuid@v1.3.0", "UID": "f3503841a6842204" }, "Version": "v1.3.0", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/googleapis/enterprise-certificate-proxy@v0.2.1", "Name": "github.com/googleapis/enterprise-certificate-proxy", "Identifier": { "PURL": "pkg:golang/github.com/googleapis/enterprise-certificate-proxy@v0.2.1", "UID": "7c2328e46ac2b714" }, "Version": "v0.2.1", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/googleapis/gax-go/v2@v2.7.0", "Name": "github.com/googleapis/gax-go/v2", "Identifier": { "PURL": "pkg:golang/github.com/googleapis/gax-go/v2@v2.7.0", "UID": "616de5a35e095119" }, "Version": "v2.7.0", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/grpc-ecosystem/grpc-opentracing@v0.0.0-20180507213350-8e809c8a8645", "Name": "github.com/grpc-ecosystem/grpc-opentracing", "Identifier": { "PURL": "pkg:golang/github.com/grpc-ecosystem/grpc-opentracing@v0.0.0-20180507213350-8e809c8a8645", "UID": "c5313ec904dbee38" }, "Version": "v0.0.0-20180507213350-8e809c8a8645", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/imdario/mergo@v0.3.12", "Name": "github.com/imdario/mergo", "Identifier": { "PURL": "pkg:golang/github.com/imdario/mergo@v0.3.12", "UID": "e32ec750a019133f" }, "Version": "v0.3.12", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/infobloxopen/go-trees@v0.0.0-20200715205103-96a057b8dfb9", "Name": "github.com/infobloxopen/go-trees", "Identifier": { "PURL": "pkg:golang/github.com/infobloxopen/go-trees@v0.0.0-20200715205103-96a057b8dfb9", "UID": "a62a274e18b713e7" }, "Version": "v0.0.0-20200715205103-96a057b8dfb9", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/jmespath/go-jmespath@v0.4.0", "Name": "github.com/jmespath/go-jmespath", "Identifier": { "PURL": "pkg:golang/github.com/jmespath/go-jmespath@v0.4.0", "UID": "481e93b248907cfe" }, "Version": "v0.4.0", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/josharian/intern@v1.0.0", "Name": "github.com/josharian/intern", "Identifier": { "PURL": "pkg:golang/github.com/josharian/intern@v1.0.0", "UID": "1b8737e6ae5b1ac3" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/json-iterator/go@v1.1.12", "Name": "github.com/json-iterator/go", "Identifier": { "PURL": "pkg:golang/github.com/json-iterator/go@v1.1.12", "UID": "c304cb176cadb01f" }, "Version": "v1.1.12", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mailru/easyjson@v0.7.7", "Name": "github.com/mailru/easyjson", "Identifier": { "PURL": "pkg:golang/github.com/mailru/easyjson@v0.7.7", "UID": "2aadc7d33b0153ff" }, "Version": "v0.7.7", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/matttproud/golang_protobuf_extensions@v1.0.4", "Name": "github.com/matttproud/golang_protobuf_extensions", "Identifier": { "PURL": "pkg:golang/github.com/matttproud/golang_protobuf_extensions@v1.0.4", "UID": "4047ce534ef14433" }, "Version": "v1.0.4", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/miekg/dns@v1.1.50", "Name": "github.com/miekg/dns", "Identifier": { "PURL": "pkg:golang/github.com/miekg/dns@v1.1.50", "UID": "a52c7fbb2fb5a86f" }, "Version": "v1.1.50", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mitchellh/go-homedir@v1.1.0", "Name": "github.com/mitchellh/go-homedir", "Identifier": { "PURL": "pkg:golang/github.com/mitchellh/go-homedir@v1.1.0", "UID": "652413b1a3803534" }, "Version": "v1.1.0", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", "Name": "github.com/modern-go/concurrent", "Identifier": { "PURL": "pkg:golang/github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", "UID": "f1872d5873ff7a89" }, "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/modern-go/reflect2@v1.0.2", "Name": "github.com/modern-go/reflect2", "Identifier": { "PURL": "pkg:golang/github.com/modern-go/reflect2@v1.0.2", "UID": "79a485af668b0675" }, "Version": "v1.0.2", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", "Name": "github.com/munnerz/goautoneg", "Identifier": { "PURL": "pkg:golang/github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", "UID": "85c6914d15bf56b" }, "Version": "v0.0.0-20191010083416-a7dc8b61c822", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/opentracing-contrib/go-observer@v0.0.0-20170622124052-a52f23424492", "Name": "github.com/opentracing-contrib/go-observer", "Identifier": { "PURL": "pkg:golang/github.com/opentracing-contrib/go-observer@v0.0.0-20170622124052-a52f23424492", "UID": "af2e427d5fdb447d" }, "Version": "v0.0.0-20170622124052-a52f23424492", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/opentracing/opentracing-go@v1.2.0", "Name": "github.com/opentracing/opentracing-go", "Identifier": { "PURL": "pkg:golang/github.com/opentracing/opentracing-go@v1.2.0", "UID": "5b84cb309313d88c" }, "Version": "v1.2.0", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/openzipkin-contrib/zipkin-go-opentracing@v0.5.0", "Name": "github.com/openzipkin-contrib/zipkin-go-opentracing", "Identifier": { "PURL": "pkg:golang/github.com/openzipkin-contrib/zipkin-go-opentracing@v0.5.0", "UID": "46b9ff34c77e62d3" }, "Version": "v0.5.0", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/openzipkin/zipkin-go@v0.4.1", "Name": "github.com/openzipkin/zipkin-go", "Identifier": { "PURL": "pkg:golang/github.com/openzipkin/zipkin-go@v0.4.1", "UID": "7d7991913ae60ebc" }, "Version": "v0.4.1", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/oschwald/geoip2-golang@v1.8.0", "Name": "github.com/oschwald/geoip2-golang", "Identifier": { "PURL": "pkg:golang/github.com/oschwald/geoip2-golang@v1.8.0", "UID": "e82fac3de874cd80" }, "Version": "v1.8.0", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/oschwald/maxminddb-golang@v1.10.0", "Name": "github.com/oschwald/maxminddb-golang", "Identifier": { "PURL": "pkg:golang/github.com/oschwald/maxminddb-golang@v1.10.0", "UID": "4cbdbc41ccb06315" }, "Version": "v1.10.0", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/philhofer/fwd@v1.1.1", "Name": "github.com/philhofer/fwd", "Identifier": { "PURL": "pkg:golang/github.com/philhofer/fwd@v1.1.1", "UID": "b2341ed794e2167a" }, "Version": "v1.1.1", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/pkg/errors@v0.9.1", "Name": "github.com/pkg/errors", "Identifier": { "PURL": "pkg:golang/github.com/pkg/errors@v0.9.1", "UID": "d9103528f8ab4195" }, "Version": "v0.9.1", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/client_golang@v1.14.0", "Name": "github.com/prometheus/client_golang", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/client_golang@v1.14.0", "UID": "452c38c95e215e1b" }, "Version": "v1.14.0", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/client_model@v0.3.0", "Name": "github.com/prometheus/client_model", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/client_model@v0.3.0", "UID": "da9338f7ff78d7cc" }, "Version": "v0.3.0", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/common@v0.39.0", "Name": "github.com/prometheus/common", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/common@v0.39.0", "UID": "95f5213efd64d198" }, "Version": "v0.39.0", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/procfs@v0.8.0", "Name": "github.com/prometheus/procfs", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/procfs@v0.8.0", "UID": "4da8aae406816037" }, "Version": "v0.8.0", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/secure-systems-lab/go-securesystemslib@v0.4.0", "Name": "github.com/secure-systems-lab/go-securesystemslib", "Identifier": { "PURL": "pkg:golang/github.com/secure-systems-lab/go-securesystemslib@v0.4.0", "UID": "4c14b2341a68e90" }, "Version": "v0.4.0", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/spf13/pflag@v1.0.5", "Name": "github.com/spf13/pflag", "Identifier": { "PURL": "pkg:golang/github.com/spf13/pflag@v1.0.5", "UID": "e9018954bb1fcc9f" }, "Version": "v1.0.5", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/tinylib/msgp@v1.1.6", "Name": "github.com/tinylib/msgp", "Identifier": { "PURL": "pkg:golang/github.com/tinylib/msgp@v1.1.6", "UID": "da3a75186e666ec6" }, "Version": "v1.1.6", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "go.etcd.io/etcd/api/v3@v3.5.7", "Name": "go.etcd.io/etcd/api/v3", "Identifier": { "PURL": "pkg:golang/go.etcd.io/etcd/api/v3@v3.5.7", "UID": "4f2686e35ef561d2" }, "Version": "v3.5.7", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "go.etcd.io/etcd/client/pkg/v3@v3.5.7", "Name": "go.etcd.io/etcd/client/pkg/v3", "Identifier": { "PURL": "pkg:golang/go.etcd.io/etcd/client/pkg/v3@v3.5.7", "UID": "caef276825ce292" }, "Version": "v3.5.7", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "go.etcd.io/etcd/client/v3@v3.5.7", "Name": "go.etcd.io/etcd/client/v3", "Identifier": { "PURL": "pkg:golang/go.etcd.io/etcd/client/v3@v3.5.7", "UID": "36f188811aff6e89" }, "Version": "v3.5.7", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opencensus.io@v0.24.0", "Name": "go.opencensus.io", "Identifier": { "PURL": "pkg:golang/go.opencensus.io@v0.24.0", "UID": "2a05c94785a21d51" }, "Version": "v0.24.0", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "go.uber.org/atomic@v1.9.0", "Name": "go.uber.org/atomic", "Identifier": { "PURL": "pkg:golang/go.uber.org/atomic@v1.9.0", "UID": "2b4302cdebe9c535" }, "Version": "v1.9.0", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "go.uber.org/multierr@v1.6.0", "Name": "go.uber.org/multierr", "Identifier": { "PURL": "pkg:golang/go.uber.org/multierr@v1.6.0", "UID": "32c1b040b1551524" }, "Version": "v1.6.0", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "go.uber.org/zap@v1.17.0", "Name": "go.uber.org/zap", "Identifier": { "PURL": "pkg:golang/go.uber.org/zap@v1.17.0", "UID": "8bcfe1637ece248e" }, "Version": "v1.17.0", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/crypto@v0.0.0-20221010152910-d6f0a8c073c2", "Name": "golang.org/x/crypto", "Identifier": { "PURL": "pkg:golang/golang.org/x/crypto@v0.0.0-20221010152910-d6f0a8c073c2", "UID": "57cfb22d6de356dd" }, "Version": "v0.0.0-20221010152910-d6f0a8c073c2", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/net@v0.4.0", "Name": "golang.org/x/net", "Identifier": { "PURL": "pkg:golang/golang.org/x/net@v0.4.0", "UID": "90a87ca4c9a5b5b2" }, "Version": "v0.4.0", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/oauth2@v0.3.0", "Name": "golang.org/x/oauth2", "Identifier": { "PURL": "pkg:golang/golang.org/x/oauth2@v0.3.0", "UID": "2e14f7e924c34a2d" }, "Version": "v0.3.0", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/sys@v0.4.0", "Name": "golang.org/x/sys", "Identifier": { "PURL": "pkg:golang/golang.org/x/sys@v0.4.0", "UID": "5aab9f5c7ba5ed0" }, "Version": "v0.4.0", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/term@v0.3.0", "Name": "golang.org/x/term", "Identifier": { "PURL": "pkg:golang/golang.org/x/term@v0.3.0", "UID": "a5e2b9aca3d6a494" }, "Version": "v0.3.0", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/text@v0.5.0", "Name": "golang.org/x/text", "Identifier": { "PURL": "pkg:golang/golang.org/x/text@v0.5.0", "UID": "8128046374103a2a" }, "Version": "v0.5.0", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/time@v0.0.0-20220210224613-90d013bbcef8", "Name": "golang.org/x/time", "Identifier": { "PURL": "pkg:golang/golang.org/x/time@v0.0.0-20220210224613-90d013bbcef8", "UID": "5c6c573ff087d264" }, "Version": "v0.0.0-20220210224613-90d013bbcef8", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/xerrors@v0.0.0-20220907171357-04be3eba64a2", "Name": "golang.org/x/xerrors", "Identifier": { "PURL": "pkg:golang/golang.org/x/xerrors@v0.0.0-20220907171357-04be3eba64a2", "UID": "9983ce545227c56f" }, "Version": "v0.0.0-20220907171357-04be3eba64a2", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/api@v0.109.0", "Name": "google.golang.org/api", "Identifier": { "PURL": "pkg:golang/google.golang.org/api@v0.109.0", "UID": "5f0ef80a5138df23" }, "Version": "v0.109.0", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/genproto@v0.0.0-20221227171554-f9683d7f8bef", "Name": "google.golang.org/genproto", "Identifier": { "PURL": "pkg:golang/google.golang.org/genproto@v0.0.0-20221227171554-f9683d7f8bef", "UID": "bd7ef60107ee48f7" }, "Version": "v0.0.0-20221227171554-f9683d7f8bef", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/grpc@v1.52.3", "Name": "google.golang.org/grpc", "Identifier": { "PURL": "pkg:golang/google.golang.org/grpc@v1.52.3", "UID": "c5945c89e3ea5ba0" }, "Version": "v1.52.3", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/protobuf@v1.28.1", "Name": "google.golang.org/protobuf", "Identifier": { "PURL": "pkg:golang/google.golang.org/protobuf@v1.28.1", "UID": "dca4acce715bb108" }, "Version": "v1.28.1", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/DataDog/dd-trace-go.v1@v1.47.0", "Name": "gopkg.in/DataDog/dd-trace-go.v1", "Identifier": { "PURL": "pkg:golang/gopkg.in/datadog/dd-trace-go.v1@v1.47.0", "UID": "7311beb9b4a13417" }, "Version": "v1.47.0", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/inf.v0@v0.9.1", "Name": "gopkg.in/inf.v0", "Identifier": { "PURL": "pkg:golang/gopkg.in/inf.v0@v0.9.1", "UID": "cc0cd5c6a8bddc5" }, "Version": "v0.9.1", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/yaml.v2@v2.4.0", "Name": "gopkg.in/yaml.v2", "Identifier": { "PURL": "pkg:golang/gopkg.in/yaml.v2@v2.4.0", "UID": "31119b4641da59cf" }, "Version": "v2.4.0", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/yaml.v3@v3.0.1", "Name": "gopkg.in/yaml.v3", "Identifier": { "PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1", "UID": "3320351793603727" }, "Version": "v3.0.1", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/api@v0.26.1", "Name": "k8s.io/api", "Identifier": { "PURL": "pkg:golang/k8s.io/api@v0.26.1", "UID": "9087b63b2107bd4" }, "Version": "v0.26.1", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/apimachinery@v0.26.1", "Name": "k8s.io/apimachinery", "Identifier": { "PURL": "pkg:golang/k8s.io/apimachinery@v0.26.1", "UID": "4eee8c937889ad0d" }, "Version": "v0.26.1", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/client-go@v0.26.1", "Name": "k8s.io/client-go", "Identifier": { "PURL": "pkg:golang/k8s.io/client-go@v0.26.1", "UID": "c53ae8d0b95a04b" }, "Version": "v0.26.1", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/klog/v2@v2.90.0", "Name": "k8s.io/klog/v2", "Identifier": { "PURL": "pkg:golang/k8s.io/klog/v2@v2.90.0", "UID": "ef7b4b24cca5ee7c" }, "Version": "v2.90.0", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/kube-openapi@v0.0.0-20221012153701-172d655c2280", "Name": "k8s.io/kube-openapi", "Identifier": { "PURL": "pkg:golang/k8s.io/kube-openapi@v0.0.0-20221012153701-172d655c2280", "UID": "6ca0c8aceae3714f" }, "Version": "v0.0.0-20221012153701-172d655c2280", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/utils@v0.0.0-20221107191617-1a15be271d1d", "Name": "k8s.io/utils", "Identifier": { "PURL": "pkg:golang/k8s.io/utils@v0.0.0-20221107191617-1a15be271d1d", "UID": "3fecc9882ba74ba1" }, "Version": "v0.0.0-20221107191617-1a15be271d1d", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/json@v0.0.0-20220713155537-f223a00ba0e2", "Name": "sigs.k8s.io/json", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/json@v0.0.0-20220713155537-f223a00ba0e2", "UID": "f9eaa8923e5b1c56" }, "Version": "v0.0.0-20220713155537-f223a00ba0e2", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/structured-merge-diff/v4@v4.2.3", "Name": "sigs.k8s.io/structured-merge-diff/v4", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/structured-merge-diff/v4@v4.2.3", "UID": "455d90c7b072085b" }, "Version": "v4.2.3", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/yaml@v1.3.0", "Name": "sigs.k8s.io/yaml", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/yaml@v1.3.0", "UID": "8feaf0a724280a87" }, "Version": "v1.3.0", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "AnalyzedBy": "gobinary" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2025-30204", "VendorIDs": [ "GHSA-mh63-6h87-95cp" ], "PkgID": "github.com/golang-jwt/jwt/v4@v4.2.0", "PkgName": "github.com/golang-jwt/jwt/v4", "PkgIdentifier": { "PURL": "pkg:golang/github.com/golang-jwt/jwt/v4@v4.2.0", "UID": "a0436ebc5a39db0a" }, "InstalledVersion": "v4.2.0", "FixedVersion": "4.5.2", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-30204", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:4bf91a438b40d356527e074344b2049401e053f11b2c608278790ed70dc58840", "Title": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing", "Description": "golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.", "Severity": "HIGH", "CweIDs": [ "CWE-405" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "cbl-mariner": 2, "ghsa": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "V3Score": 7.5, "V40Score": 8.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:7425", "https://access.redhat.com/security/cve/CVE-2025-30204", "https://bugzilla.redhat.com/2354195", "https://bugzilla.redhat.com/show_bug.cgi?id=2354195", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30204", "https://errata.almalinux.org/9/ALSA-2025-7425.html", "https://errata.rockylinux.org/RLSA-2025:3411", "https://github.com/golang-jwt/jwt", "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3", "https://github.com/golang-jwt/jwt/commit/bf316c48137a1212f8d0af9288cc9ce8e59f1afb", "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp", "https://linux.oracle.com/cve/CVE-2025-30204.html", "https://linux.oracle.com/errata/ELSA-2025-7967.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-30204", "https://pkg.go.dev/vuln/GO-2025-3553", "https://security.netapp.com/advisory/ntap-20250404-0002", "https://security.netapp.com/advisory/ntap-20250404-0002/", "https://www.cve.org/CVERecord?id=CVE-2025-30204" ], "PublishedDate": "2025-03-21T22:15:26.42Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-45339", "VendorIDs": [ "GHSA-6wxm-mpqj-6jpf" ], "PkgID": "github.com/golang/glog@v0.0.0-20160126235308-23def4e6c14b", "PkgName": "github.com/golang/glog", "PkgIdentifier": { "PURL": "pkg:golang/github.com/golang/glog@v0.0.0-20160126235308-23def4e6c14b", "UID": "4c5035812177d7a1" }, "InstalledVersion": "v0.0.0-20160126235308-23def4e6c14b", "FixedVersion": "1.2.4", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-45339", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:14455e717ef6e4193682fd8370e48cfef256f2125ade9a0181a3a8304cec1ca1", "Title": "github.com/golang/glog: Vulnerability when creating log files in github.com/golang/glog", "Description": "When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that sensitive file. To fix that, glog now causes the program to exit (with status code 2) when it finds that the configured log file already exists.", "Severity": "MEDIUM", "VendorSeverity": { "azure": 3, "cbl-mariner": 3, "ghsa": 2, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U", "V3Score": 7.1, "V40Score": 4.1 }, "redhat": { "V3Vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-45339", "https://github.com/golang/glog", "https://github.com/golang/glog/pull/74", "https://github.com/golang/glog/pull/74/commits/b8741656e406e66d6992bc2c9575e460ecaa0ec2", "https://groups.google.com/g/golang-announce/c/H-Q4ouHWyKs", "https://lists.debian.org/debian-lts-announce/2025/02/msg00019.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-45339", "https://owasp.org/www-community/vulnerabilities/Insecure_Temporary_File", "https://pkg.go.dev/vuln/GO-2025-3372", "https://www.cve.org/CVERecord?id=CVE-2024-45339" ], "PublishedDate": "2025-01-28T02:15:28.927Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-45337", "VendorIDs": [ "GHSA-v778-237x-gjrc" ], "PkgID": "golang.org/x/crypto@v0.0.0-20221010152910-d6f0a8c073c2", "PkgName": "golang.org/x/crypto", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/crypto@v0.0.0-20221010152910-d6f0a8c073c2", "UID": "57cfb22d6de356dd" }, "InstalledVersion": "v0.0.0-20221010152910-d6f0a8c073c2", "FixedVersion": "0.31.0", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-45337", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:1e093cc24528cfdf9bee2f0164015f1bee332b5288a7062df764724d1566e2f9", "Title": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto", "Description": "Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that \"A call to this function does not guarantee that the key offered is in fact used to authenticate.\" Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/cry...@v0.31.0 enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.", "Severity": "CRITICAL", "VendorSeverity": { "amazon": 3, "azure": 4, "cbl-mariner": 4, "ghsa": 4, "redhat": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N", "V3Score": 8.2 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/12/11/2", "https://access.redhat.com/security/cve/CVE-2024-45337", "https://github.com/golang/crypto", "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909", "https://go-review.googlesource.com/c/crypto/+/635315/", "https://go.dev/cl/635315", "https://go.dev/issue/70779", "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ", "https://nvd.nist.gov/vuln/detail/CVE-2024-45337", "https://pkg.go.dev/vuln/GO-2024-3321", "https://security.netapp.com/advisory/ntap-20250131-0007", "https://security.netapp.com/advisory/ntap-20250131-0007/", "https://ubuntu.com/security/notices/USN-7839-1", "https://ubuntu.com/security/notices/USN-7839-2", "https://www.cve.org/CVERecord?id=CVE-2024-45337" ], "PublishedDate": "2024-12-12T02:02:07.97Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-22869", "VendorIDs": [ "GHSA-hcg3-q754-cr77" ], "PkgID": "golang.org/x/crypto@v0.0.0-20221010152910-d6f0a8c073c2", "PkgName": "golang.org/x/crypto", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/crypto@v0.0.0-20221010152910-d6f0a8c073c2", "UID": "57cfb22d6de356dd" }, "InstalledVersion": "v0.0.0-20221010152910-d6f0a8c073c2", "FixedVersion": "0.35.0", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22869", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:359e7defaafabce0b4a5245e534331ba7ee2fb04b601c6a02e0337ba8128c5da", "Title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh", "Description": "SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "ghsa": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:3833", "https://access.redhat.com/security/cve/CVE-2025-22869", "https://bugzilla.redhat.com/2348367", "https://bugzilla.redhat.com/show_bug.cgi?id=2348367", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22869", "https://errata.almalinux.org/9/ALSA-2025-3833.html", "https://errata.rockylinux.org/RLSA-2025:7416", "https://github.com/golang/crypto", "https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22", "https://go-review.googlesource.com/c/crypto/+/652135", "https://go.dev/cl/652135", "https://go.dev/issue/71931", "https://linux.oracle.com/cve/CVE-2025-22869.html", "https://linux.oracle.com/errata/ELSA-2025-7484.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-22869", "https://pkg.go.dev/vuln/GO-2025-3487", "https://security.netapp.com/advisory/ntap-20250411-0010", "https://security.netapp.com/advisory/ntap-20250411-0010/", "https://www.cve.org/CVERecord?id=CVE-2025-22869" ], "PublishedDate": "2025-02-26T08:14:24.997Z", "LastModifiedDate": "2025-05-01T19:28:20.74Z" }, { "VulnerabilityID": "CVE-2023-48795", "VendorIDs": [ "GHSA-45x7-px36-x8w8" ], "PkgID": "golang.org/x/crypto@v0.0.0-20221010152910-d6f0a8c073c2", "PkgName": "golang.org/x/crypto", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/crypto@v0.0.0-20221010152910-d6f0a8c073c2", "UID": "57cfb22d6de356dd" }, "InstalledVersion": "v0.0.0-20221010152910-d6f0a8c073c2", "FixedVersion": "0.17.0, 0.0.0-20231218163308-9d2ee975ef9f", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-48795", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:83c3d170bac8ab5a00ed617d41cba5dc93314f6490b800c49866cfaa6c0a2a24", "Title": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)", "Description": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.", "Severity": "MEDIUM", "CweIDs": [ "CWE-354" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.9 } }, "References": [ "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html", "http://seclists.org/fulldisclosure/2024/Mar/21", "http://www.openwall.com/lists/oss-security/2023/12/18/3", "http://www.openwall.com/lists/oss-security/2023/12/19/5", "http://www.openwall.com/lists/oss-security/2023/12/20/3", "http://www.openwall.com/lists/oss-security/2024/03/06/3", "http://www.openwall.com/lists/oss-security/2024/04/17/8", "https://access.redhat.com/errata/RHSA-2024:1150", "https://access.redhat.com/security/cve/CVE-2023-48795", "https://access.redhat.com/security/cve/cve-2023-48795", "https://access.redhat.com/solutions/7071748", "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack", "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/", "https://bugs.gentoo.org/920280", "https://bugzilla.redhat.com/2254210", "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", "https://bugzilla.suse.com/show_bug.cgi?id=1217950", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-364175.html", "https://cert-portal.siemens.com/productcert/html/ssa-769027.html", "https://cert-portal.siemens.com/productcert/html/ssa-794697.html", "https://cert-portal.siemens.com/productcert/html/ssa-915275.html", "https://crates.io/crates/thrussh/versions", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", "https://errata.almalinux.org/9/ALSA-2024-1150.html", "https://errata.rockylinux.org/RLSA-2024:0628", "https://filezilla-project.org/versions.php", "https://forum.netgate.com/topic/184941/terrapin-ssh-attack", "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10\u0026id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6", "https://github.com/NixOS/nixpkgs/pull/275249", "https://github.com/PowerShell/Win32-OpenSSH/issues/2189", "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta", "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0", "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1", "https://github.com/advisories/GHSA-45x7-px36-x8w8", "https://github.com/apache/mina-sshd/issues/445", "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab", "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22", "https://github.com/cyd01/KiTTY/issues/520", "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6", "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42", "https://github.com/erlang/otp/releases/tag/OTP-26.2.1", "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d", "https://github.com/hierynomus/sshj/issues/916", "https://github.com/janmojzis/tinyssh/issues/81", "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5", "https://github.com/libssh2/libssh2/pull/1291", "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25", "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3", "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15", "https://github.com/mwiede/jsch/issues/457", "https://github.com/mwiede/jsch/pull/461", "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16", "https://github.com/openssh/openssh-portable/commits/master", "https://github.com/paramiko/paramiko/issues/2337", "https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773", "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES", "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES", "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES", "https://github.com/proftpd/proftpd/issues/456", "https://github.com/rapier1/hpn-ssh/releases", "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst", "https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55", "https://github.com/ronf/asyncssh/tags", "https://github.com/ssh-mitm/ssh-mitm/issues/165", "https://github.com/warp-tech/russh", "https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951", "https://github.com/warp-tech/russh/releases/tag/v0.40.2", "https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8", "https://gitlab.com/libssh/libssh-mirror/-/tags", "https://go.dev/cl/550715", "https://go.dev/issue/64784", "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ", "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg", "https://help.panic.com/releasenotes/transmit5", "https://help.panic.com/releasenotes/transmit5/", "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795", "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/", "https://linux.oracle.com/cve/CVE-2023-48795.html", "https://linux.oracle.com/errata/ELSA-2024-2988.html", "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html", "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html", "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html", "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html", "https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html", "https://lists.debian.org/debian-lts-announce/2024/11/msg00032.html", "https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/", "https://matt.ucc.asn.au/dropbear/CHANGES", "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC", "https://news.ycombinator.com/item?id=38684904", "https://news.ycombinator.com/item?id=38685286", "https://news.ycombinator.com/item?id=38732005", "https://nova.app/releases/#v11.8", "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", "https://oryx-embedded.com/download/#changelog", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002", "https://roumenpetrov.info/secsh/#news20231220", "https://security-tracker.debian.org/tracker/CVE-2023-48795", "https://security-tracker.debian.org/tracker/source-package/libssh2", "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg", "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2", "https://security.gentoo.org/glsa/202312-16", "https://security.gentoo.org/glsa/202312-17", "https://security.netapp.com/advisory/ntap-20240105-0004", "https://security.netapp.com/advisory/ntap-20240105-0004/", "https://support.apple.com/kb/HT214084", "https://terrapin-attack.com/", "https://thorntech.com/cve-2023-48795-and-sftp-gateway", "https://thorntech.com/cve-2023-48795-and-sftp-gateway/", "https://twitter.com/TrueSkrillor/status/1736774389725565005", "https://ubuntu.com/security/CVE-2023-48795", "https://ubuntu.com/security/notices/USN-6560-1", "https://ubuntu.com/security/notices/USN-6560-2", "https://ubuntu.com/security/notices/USN-6561-1", "https://ubuntu.com/security/notices/USN-6585-1", "https://ubuntu.com/security/notices/USN-6589-1", "https://ubuntu.com/security/notices/USN-6598-1", "https://ubuntu.com/security/notices/USN-6738-1", "https://ubuntu.com/security/notices/USN-7051-1", "https://ubuntu.com/security/notices/USN-7292-1", "https://ubuntu.com/security/notices/USN-7297-1", "https://winscp.net/eng/docs/history#6.2.2", "https://www.bitvise.com/ssh-client-version-history#933", "https://www.bitvise.com/ssh-server-version-history", "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html", "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update", "https://www.cve.org/CVERecord?id=CVE-2023-48795", "https://www.debian.org/security/2023/dsa-5586", "https://www.debian.org/security/2023/dsa-5588", "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc", "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508", "https://www.netsarang.com/en/xshell-update-history", "https://www.netsarang.com/en/xshell-update-history/", "https://www.openssh.com/openbsd.html", "https://www.openssh.com/txt/release-9.6", "https://www.openwall.com/lists/oss-security/2023/12/18/2", "https://www.openwall.com/lists/oss-security/2023/12/18/3", "https://www.openwall.com/lists/oss-security/2023/12/20/3", "https://www.paramiko.org/changelog.html", "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed", "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/", "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795", "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/", "https://www.terrapin-attack.com", "https://www.theregister.com/2023/12/20/terrapin_attack_ssh", "https://www.vandyke.com/products/securecrt/history.txt", "https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit", "https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability" ], "PublishedDate": "2023-12-18T16:15:10.897Z", "LastModifiedDate": "2026-05-12T11:16:15.01Z" }, { "VulnerabilityID": "CVE-2025-47914", "VendorIDs": [ "GHSA-f6x5-jh6r-wrfv" ], "PkgID": "golang.org/x/crypto@v0.0.0-20221010152910-d6f0a8c073c2", "PkgName": "golang.org/x/crypto", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/crypto@v0.0.0-20221010152910-d6f0a8c073c2", "UID": "57cfb22d6de356dd" }, "InstalledVersion": "v0.0.0-20221010152910-d6f0a8c073c2", "FixedVersion": "0.45.0", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47914", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:55989b03586dabcb1df7e3e3625778566de6feb96346e837296c79932a952b11", "Title": "golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages", "Description": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "amazon": 2, "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-47914", "https://go.dev/cl/721960", "https://go.dev/issue/76364", "https://go.googlesource.com/crypto", "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA", "https://nvd.nist.gov/vuln/detail/CVE-2025-47914", "https://pkg.go.dev/vuln/GO-2025-4135", "https://www.cve.org/CVERecord?id=CVE-2025-47914" ], "PublishedDate": "2025-11-19T21:15:50.517Z", "LastModifiedDate": "2025-12-11T19:36:41.373Z" }, { "VulnerabilityID": "CVE-2025-58181", "VendorIDs": [ "GHSA-j5w8-q4qc-rx2x" ], "PkgID": "golang.org/x/crypto@v0.0.0-20221010152910-d6f0a8c073c2", "PkgName": "golang.org/x/crypto", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/crypto@v0.0.0-20221010152910-d6f0a8c073c2", "UID": "57cfb22d6de356dd" }, "InstalledVersion": "v0.0.0-20221010152910-d6f0a8c073c2", "FixedVersion": "0.45.0", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58181", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:106821e33c48343d25b2ba561403dc5c2d3dd5b73c6e71ef6befa20319fa2256", "Title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication", "Description": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 2, "ghsa": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-58181", "https://github.com/golang/crypto/commit/e79546e28b85ea53dd37afe1c4102746ef553b9c", "https://github.com/golang/go/issues/76363", "https://go.dev/cl/721961", "https://go.dev/issue/76363", "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA", "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA?pli=1", "https://nvd.nist.gov/vuln/detail/CVE-2025-58181", "https://pkg.go.dev/vuln/GO-2025-4134", "https://ubuntu.com/security/notices/USN-7956-1", "https://www.cve.org/CVERecord?id=CVE-2025-58181" ], "PublishedDate": "2025-11-19T21:15:50.85Z", "LastModifiedDate": "2025-12-11T19:29:24.9Z" }, { "VulnerabilityID": "CVE-2022-41723", "VendorIDs": [ "GHSA-vvpx-j8f3-3w6h" ], "PkgID": "golang.org/x/net@v0.4.0", "PkgName": "golang.org/x/net", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/net@v0.4.0", "UID": "90a87ca4c9a5b5b2" }, "InstalledVersion": "v0.4.0", "FixedVersion": "0.7.0", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:02ebf86e6a379ad7db41d040b1996ab946e77051174028170bfbc4e50e949215", "Title": "golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding", "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", "Severity": "HIGH", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2022-41723", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", "https://go.dev/cl/468135", "https://go.dev/cl/468295", "https://go.dev/issue/57855", "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "https://linux.oracle.com/cve/CVE-2022-41723.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", "https://pkg.go.dev/vuln/GO-2023-1571", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20230331-0010/", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://ubuntu.com/security/notices/USN-8089-1", "https://ubuntu.com/security/notices/USN-8089-2", "https://ubuntu.com/security/notices/USN-8089-3", "https://vuln.go.dev/ID/GO-2023-1571.json", "https://www.couchbase.com/alerts", "https://www.couchbase.com/alerts/", "https://www.cve.org/CVERecord?id=CVE-2022-41723" ], "PublishedDate": "2023-02-28T18:15:09.98Z", "LastModifiedDate": "2025-05-05T16:15:20.433Z" }, { "VulnerabilityID": "CVE-2023-39325", "VendorIDs": [ "GHSA-4374-p667-p6c8" ], "PkgID": "golang.org/x/net@v0.4.0", "PkgName": "golang.org/x/net", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/net@v0.4.0", "UID": "90a87ca4c9a5b5b2" }, "InstalledVersion": "v0.4.0", "FixedVersion": "0.17.0", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39325", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:5d5b8b3c2deef48bc5e88997722842ca5c4cf4b6a5f6ac2bf6add55051cb60b5", "Title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)", "Description": "A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 2, "redhat": 3, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "golang.org/x/net", "https://access.redhat.com/errata/RHSA-2023:6077", "https://access.redhat.com/security/cve/CVE-2023-39325", "https://access.redhat.com/security/cve/CVE-2023-44487", "https://bugzilla.redhat.com/2242803", "https://bugzilla.redhat.com/2243296", "https://bugzilla.redhat.com/show_bug.cgi?id=2242803", "https://bugzilla.redhat.com/show_bug.cgi?id=2243296", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39325", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487", "https://errata.almalinux.org/9/ALSA-2023-6077.html", "https://errata.rockylinux.org/RLSA-2023:6077", "https://github.com/golang/go/commit/24ae2d927285c697440fdde3ad7f26028354bcf3 [golang- 1.21]", "https://github.com/golang/go/commit/e175f27f58aa7b9cd4d79607ae65d2cd5baaee68 [golang-1.20]", "https://github.com/golang/go/issues/63417", "https://go.dev/cl/534215", "https://go.dev/cl/534235", "https://go.dev/issue/63417", "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ", "https://linux.oracle.com/cve/CVE-2023-39325.html", "https://linux.oracle.com/errata/ELSA-2023-5867.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/", "https://nvd.nist.gov/vuln/detail/CVE-2023-39325", "https://pkg.go.dev/vuln/GO-2023-2102", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20231110-0008", "https://security.netapp.com/advisory/ntap-20231110-0008/", "https://ubuntu.com/security/notices/USN-6574-1", "https://ubuntu.com/security/notices/USN-7061-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", "https://www.cve.org/CVERecord?id=CVE-2023-39325" ], "PublishedDate": "2023-10-11T22:15:09.88Z", "LastModifiedDate": "2024-11-21T08:15:09.627Z" }, { "VulnerabilityID": "CVE-2023-3978", "VendorIDs": [ "GHSA-2wrh-6pvc-2jm9" ], "PkgID": "golang.org/x/net@v0.4.0", "PkgName": "golang.org/x/net", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/net@v0.4.0", "UID": "90a87ca4c9a5b5b2" }, "InstalledVersion": "v0.4.0", "FixedVersion": "0.13.0", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3978", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:7275542aa6c747089a79bea3dcbf569605f26257e6da248ae8c95eab714f89e7", "Title": "golang.org/x/net/html: Cross site scripting", "Description": "Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "nvd": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2023-3978", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://go.dev/cl/514896", "https://go.dev/issue/61615", "https://linux.oracle.com/cve/CVE-2023-3978.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3978", "https://pkg.go.dev/vuln/GO-2023-1988", "https://ubuntu.com/security/notices/USN-8089-1", "https://ubuntu.com/security/notices/USN-8089-2", "https://ubuntu.com/security/notices/USN-8089-3", "https://www.cve.org/CVERecord?id=CVE-2023-3978" ], "PublishedDate": "2023-08-02T20:15:12.097Z", "LastModifiedDate": "2024-11-21T08:18:27.68Z" }, { "VulnerabilityID": "CVE-2023-44487", "VendorIDs": [ "GHSA-qppj-fm5r-hxr3" ], "PkgID": "golang.org/x/net@v0.4.0", "PkgName": "golang.org/x/net", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/net@v0.4.0", "UID": "90a87ca4c9a5b5b2" }, "InstalledVersion": "v0.4.0", "FixedVersion": "0.17.0", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-44487", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:2012086540e3d515e362348aac009308e56d0dddfb64455d7a01dc1591ef77df", "Title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)", "Description": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.", "Severity": "MEDIUM", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "ghsa": 2, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:H", "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:A", "V3Score": 5.3, "V40Score": 6.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/10/10/6", "http://www.openwall.com/lists/oss-security/2023/10/10/7", "http://www.openwall.com/lists/oss-security/2023/10/13/4", "http://www.openwall.com/lists/oss-security/2023/10/13/9", "http://www.openwall.com/lists/oss-security/2023/10/18/4", "http://www.openwall.com/lists/oss-security/2023/10/18/8", "http://www.openwall.com/lists/oss-security/2023/10/19/6", "http://www.openwall.com/lists/oss-security/2023/10/20/8", "http://www.openwall.com/lists/oss-security/2025/08/13/6", "https://access.redhat.com/errata/RHSA-2023:6746", "https://access.redhat.com/security/cve/CVE-2023-44487", "https://access.redhat.com/security/cve/cve-2023-44487", "https://akka.io/security/akka-http-cve-2023-44487.html", "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size", "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/", "https://aws.amazon.com/security/security-bulletins/AWS-2023-011", "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/", "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack", "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/", "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack", "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/", "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty", "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/", "https://blog.powerdns.com/2024/02/16/powerdns-dnsdist-1.9.0-released", "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack", "https://blog.vespa.ai/cve-2023-44487", "https://blog.vespa.ai/cve-2023-44487/", "https://bugzilla.proxmox.com/show_bug.cgi?id=4988", "https://bugzilla.redhat.com/2242803", "https://bugzilla.redhat.com/show_bug.cgi?id=2242803", "https://bugzilla.suse.com/show_bug.cgi?id=1216123", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-341067.html", "https://cert-portal.siemens.com/productcert/html/ssa-784301.html", "https://cert-portal.siemens.com/productcert/html/ssa-832273.html", "https://cert-portal.siemens.com/productcert/html/ssa-915275.html", "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9", "https://chaos.social/@icing/111210915918780532", "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps", "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/", "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack", "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487", "https://devblogs.microsoft.com/dotnet/october-2023-updates/", "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715", "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve", "https://errata.almalinux.org/9/ALSA-2023-6746.html", "https://errata.rockylinux.org/RLSA-2023:5838", "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764", "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088", "https://github.com/Azure/AKS/issues/3947", "https://github.com/Kong/kong/discussions/11741", "https://github.com/advisories/GHSA-qppj-fm5r-hxr3", "https://github.com/advisories/GHSA-vx74-f528-fxqg", "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p", "https://github.com/akka/akka-http/issues/4323", "https://github.com/akka/akka-http/pull/4324", "https://github.com/akka/akka-http/pull/4325", "https://github.com/alibaba/tengine/issues/1872", "https://github.com/apache/apisix/issues/10320", "https://github.com/apache/httpd-site/pull/10", "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113", "https://github.com/apache/tomcat/commit/944332bb15bd2f3bf76ec2caeb1ff0a58a3bc628", "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2", "https://github.com/apache/trafficserver/pull/10564", "https://github.com/apple/swift-nio-http2", "https://github.com/apple/swift-nio-http2/security/advisories/GHSA-qppj-fm5r-hxr3", "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487", "https://github.com/bcdannyboy/CVE-2023-44487", "https://github.com/caddyserver/caddy/issues/5877", "https://github.com/caddyserver/caddy/releases/tag/v2.7.5", "https://github.com/dotnet/announcements/issues/277", "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73", "https://github.com/eclipse/jetty.project/issues/10679", "https://github.com/envoyproxy/envoy/pull/30055", "https://github.com/envoyproxy/envoy/security/advisories/GHSA-jhv4-f7mr-xx76", "https://github.com/etcd-io/etcd/issues/16740", "https://github.com/facebook/proxygen/pull/466", "https://github.com/golang/go/issues/63417", "https://github.com/grpc/grpc-go/pull/6703", "https://github.com/grpc/grpc-go/releases", "https://github.com/grpc/grpc/releases/tag/v1.59.2", "https://github.com/h2o/h2o/pull/3291", "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf", "https://github.com/haproxy/haproxy/issues/2312", "https://github.com/hyperium/hyper/issues/3337", "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244", "https://github.com/junkurihara/rust-rpxy/issues/97", "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1", "https://github.com/kazu-yamamoto/http2/issues/93", "https://github.com/kubernetes/ingress-nginx/blob/4b5c5efe2508dc915a48c54de7f23912ff2ec695/changelog/controller-1.9.3.md?plain=1#L15", "https://github.com/kubernetes/kubernetes/pull/121120", "https://github.com/line/armeria/pull/5232", "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632", "https://github.com/micrictor/http2-rst-stream", "https://github.com/microsoft/CBL-Mariner/pull/6381", "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61", "https://github.com/nghttp2/nghttp2/pull/1961", "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0", "https://github.com/ninenines/cowboy/issues/1615", "https://github.com/nodejs/node/pull/50121", "https://github.com/openresty/openresty/issues/930", "https://github.com/opensearch-project/data-prepper/issues/3474", "https://github.com/oqtane/oqtane.framework/discussions/3367", "https://github.com/projectcontour/contour/pull/5826", "https://github.com/tempesta-tech/tempesta/issues/1986", "https://github.com/varnishcache/varnish-cache/issues/3996", "https://go.dev/cl/534215", "https://go.dev/cl/534235", "https://go.dev/issue/63417", "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo", "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ", "https://istio.io/latest/news/security/istio-security-2023-004", "https://istio.io/latest/news/security/istio-security-2023-004/", "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487", "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/", "https://linux.oracle.com/cve/CVE-2023-44487.html", "https://linux.oracle.com/errata/ELSA-2024-1444.html", "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q", "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html", "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html", "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html", "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html", "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html", "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html", "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/", "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html", "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html", "https://mailman.powerdns.com/pipermail/dnsdist/2023-October/001409.html", "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html", "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2", "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487", "https://my.f5.com/manage/s/article/K000137106", "https://netty.io/news/2023/10/10/4-1-100-Final.html", "https://news.ycombinator.com/item?id=37830987", "https://news.ycombinator.com/item?id=37830998", "https://news.ycombinator.com/item?id=37831062", "https://news.ycombinator.com/item?id=37837043", "https://nodejs.org/en/blog/vulnerability/october-2023-security-releases", "https://nvd.nist.gov/vuln/detail/CVE-2023-44487", "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response", "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/", "https://pkg.go.dev/vuln/GO-2023-2102", "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected", "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20231016-0001", "https://security.netapp.com/advisory/ntap-20231016-0001/", "https://security.netapp.com/advisory/ntap-20240426-0007", "https://security.netapp.com/advisory/ntap-20240426-0007/", "https://security.netapp.com/advisory/ntap-20240621-0006", "https://security.netapp.com/advisory/ntap-20240621-0006/", "https://security.netapp.com/advisory/ntap-20240621-0007", "https://security.netapp.com/advisory/ntap-20240621-0007/", "https://security.paloaltonetworks.com/CVE-2023-44487", "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14", "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.0-M12", "https://tomcat.apache.org/security-8.html", "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.94", "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.81", "https://ubuntu.com/security/CVE-2023-44487", "https://ubuntu.com/security/notices/USN-6427-1", "https://ubuntu.com/security/notices/USN-6427-2", "https://ubuntu.com/security/notices/USN-6438-1", "https://ubuntu.com/security/notices/USN-6505-1", "https://ubuntu.com/security/notices/USN-6574-1", "https://ubuntu.com/security/notices/USN-6754-1", "https://ubuntu.com/security/notices/USN-6994-1", "https://ubuntu.com/security/notices/USN-7067-1", "https://ubuntu.com/security/notices/USN-7410-1", "https://ubuntu.com/security/notices/USN-7469-1", "https://ubuntu.com/security/notices/USN-7469-2", "https://ubuntu.com/security/notices/USN-7469-3", "https://ubuntu.com/security/notices/USN-7469-4", "https://ubuntu.com/security/notices/USN-7892-1", "https://varnish-cache.org/releases/rel6.0.12.html#rel6-0-12", "https://varnish-cache.org/releases/rel7.3.1.html#rel7-3-1", "https://varnish-cache.org/releases/rel7.4.2.html#rel7-4-2", "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records", "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/", "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487", "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", "https://www.cve.org/CVERecord?id=CVE-2023-44487", "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event", "https://www.debian.org/security/2023/dsa-5521", "https://www.debian.org/security/2023/dsa-5522", "https://www.debian.org/security/2023/dsa-5540", "https://www.debian.org/security/2023/dsa-5549", "https://www.debian.org/security/2023/dsa-5558", "https://www.debian.org/security/2023/dsa-5570", "https://www.eclipse.org/lists/jetty-announce/msg00181.html", "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487", "https://www.mail-archive.com/haproxy@formilux.org/msg44134.html", "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487", "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/", "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products", "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/", "https://www.openwall.com/lists/oss-security/2023/10/10/6", "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack", "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday", "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/", "https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause" ], "PublishedDate": "2023-10-10T14:15:10.883Z", "LastModifiedDate": "2026-05-12T15:10:32.26Z" }, { "VulnerabilityID": "CVE-2023-45288", "VendorIDs": [ "GHSA-4v7x-pqxf-cx7m" ], "PkgID": "golang.org/x/net@v0.4.0", "PkgName": "golang.org/x/net", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/net@v0.4.0", "UID": "90a87ca4c9a5b5b2" }, "InstalledVersion": "v0.4.0", "FixedVersion": "0.23.0", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45288", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:bb01cc93c0a07064cf3d25e892042c2aab4b54bc73223e8738fd29e75fbf24e9", "Title": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS", "Description": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "ghsa": 2, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/04/03/16", "http://www.openwall.com/lists/oss-security/2024/04/05/4", "https://access.redhat.com/errata/RHSA-2024:2724", "https://access.redhat.com/security/cve/CVE-2023-45288", "https://bugzilla.redhat.com/2268017", "https://bugzilla.redhat.com/2268018", "https://bugzilla.redhat.com/2268019", "https://bugzilla.redhat.com/2268273", "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", "https://errata.almalinux.org/9/ALSA-2024-2724.html", "https://errata.rockylinux.org/RLSA-2024:2724", "https://go.dev/cl/576155", "https://go.dev/issue/65051", "https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M", "https://kb.cert.org/vuls/id/421644", "https://linux.oracle.com/cve/CVE-2023-45288.html", "https://linux.oracle.com/errata/ELSA-2024-3346.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/", "https://nowotarski.info/http2-continuation-flood-technical-details", "https://nowotarski.info/http2-continuation-flood/", "https://nvd.nist.gov/vuln/detail/CVE-2023-45288", "https://pkg.go.dev/vuln/GO-2024-2687", "https://security.netapp.com/advisory/ntap-20240419-0009", "https://security.netapp.com/advisory/ntap-20240419-0009/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2023-45288", "https://www.kb.cert.org/vuls/id/421644" ], "PublishedDate": "2024-04-04T21:15:16.113Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-22870", "VendorIDs": [ "GHSA-qxp5-gwg8-xv66" ], "PkgID": "golang.org/x/net@v0.4.0", "PkgName": "golang.org/x/net", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/net@v0.4.0", "UID": "90a87ca4c9a5b5b2" }, "InstalledVersion": "v0.4.0", "FixedVersion": "0.36.0", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:b18adfccfa6bc74a289674c4531534e3b44ffd9eb1cd37d0e8370c8430c4d324", "Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", "Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.", "Severity": "MEDIUM", "CweIDs": [ "CWE-115" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/03/07/2", "https://access.redhat.com/security/cve/CVE-2025-22870", "https://github.com/golang/go/issues/71984", "https://go-review.googlesource.com/q/project:net", "https://go.dev/cl/654697", "https://go.dev/issue/71984", "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", "https://nvd.nist.gov/vuln/detail/CVE-2025-22870", "https://pkg.go.dev/vuln/GO-2025-3503", "https://security.netapp.com/advisory/ntap-20250509-0007", "https://security.netapp.com/advisory/ntap-20250509-0007/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-22870" ], "PublishedDate": "2025-03-12T19:15:38.31Z", "LastModifiedDate": "2026-04-16T23:16:32.86Z" }, { "VulnerabilityID": "CVE-2025-22872", "VendorIDs": [ "GHSA-vvgc-356p-c3xw" ], "PkgID": "golang.org/x/net@v0.4.0", "PkgName": "golang.org/x/net", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/net@v0.4.0", "UID": "90a87ca4c9a5b5b2" }, "InstalledVersion": "v0.4.0", "FixedVersion": "0.38.0", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22872", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:38989026cf764a78fe51921e3294bcb93decec13e26d12ce5be20f5f6c0bee19", "Title": "golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net", "Description": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N", "V40Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22872", "https://github.com/TheDegenerateDev5150/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9", "https://github.com/advisories/GHSA-vvgc-356p-c3xw", "https://go.dev/cl/662715", "https://go.dev/issue/73070", "https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA", "https://nvd.nist.gov/vuln/detail/CVE-2025-22872", "https://pkg.go.dev/vuln/GO-2025-3595", "https://security.netapp.com/advisory/ntap-20250516-0007", "https://security.netapp.com/advisory/ntap-20250516-0007/", "https://ubuntu.com/security/notices/USN-8089-1", "https://ubuntu.com/security/notices/USN-8089-2", "https://ubuntu.com/security/notices/USN-8089-3", "https://www.cve.org/CVERecord?id=CVE-2025-22872" ], "PublishedDate": "2025-04-16T18:16:04.183Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-22868", "VendorIDs": [ "GHSA-6v2p-p543-phr9" ], "PkgID": "golang.org/x/oauth2@v0.3.0", "PkgName": "golang.org/x/oauth2", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/oauth2@v0.3.0", "UID": "2e14f7e924c34a2d" }, "InstalledVersion": "v0.3.0", "FixedVersion": "0.27.0", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22868", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:a0281dbcff2fc70b5975ff9b4363293eef18a3abd36bbb78ee090a803bb83d67", "Title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws", "Description": "An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.", "Severity": "HIGH", "CweIDs": [ "CWE-1286" ], "VendorSeverity": { "amazon": 3, "azure": 3, "cbl-mariner": 3, "ghsa": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22868", "https://bugzilla.redhat.com/show_bug.cgi?id=2347423", "https://bugzilla.redhat.com/show_bug.cgi?id=2348366", "https://bugzilla.redhat.com/show_bug.cgi?id=2352914", "https://bugzilla.redhat.com/show_bug.cgi?id=2354195", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22868", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27144", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30204", "https://errata.rockylinux.org/RLSA-2025:7479", "https://go.dev/cl/652155", "https://go.dev/issue/71490", "https://nvd.nist.gov/vuln/detail/CVE-2025-22868", "https://pkg.go.dev/vuln/GO-2025-3488", "https://www.cve.org/CVERecord?id=CVE-2025-22868" ], "PublishedDate": "2025-02-26T08:14:24.897Z", "LastModifiedDate": "2025-05-01T19:27:10.43Z" }, { "VulnerabilityID": "CVE-2026-33186", "VendorIDs": [ "GHSA-p77j-4mvh-x3m3" ], "PkgID": "google.golang.org/grpc@v1.52.3", "PkgName": "google.golang.org/grpc", "PkgIdentifier": { "PURL": "pkg:golang/google.golang.org/grpc@v1.52.3", "UID": "c5945c89e3ea5ba0" }, "InstalledVersion": "v1.52.3", "FixedVersion": "1.79.3", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33186", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:3d2147c87702ccc5333e1f9dd106424efc4e47ffd76a5ab980e077282d350a23", "Title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation", "Description": "gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, \"deny\" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback \"allow\" rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific \"deny\" rules for canonical paths but allows other requests by default (a fallback \"allow\" rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening.", "Severity": "CRITICAL", "CweIDs": [ "CWE-285" ], "VendorSeverity": { "amazon": 3, "ghsa": 4, "photon": 4, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33186", "https://github.com/grpc/grpc-go", "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3", "https://nvd.nist.gov/vuln/detail/CVE-2026-33186", "https://www.cve.org/CVERecord?id=CVE-2026-33186" ], "PublishedDate": "2026-03-20T23:16:45.18Z", "LastModifiedDate": "2026-04-10T20:49:17.737Z" }, { "VulnerabilityID": "GHSA-m425-mq94-257g", "PkgID": "google.golang.org/grpc@v1.52.3", "PkgName": "google.golang.org/grpc", "PkgIdentifier": { "PURL": "pkg:golang/google.golang.org/grpc@v1.52.3", "UID": "c5945c89e3ea5ba0" }, "InstalledVersion": "v1.52.3", "FixedVersion": "1.56.3, 1.57.1, 1.58.3", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "ghsa", "PrimaryURL": "https://github.com/advisories/GHSA-m425-mq94-257g", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:b450187c7b1cc8b22306139dc53d4f078374e7080b2b7d9f5b9b04a67217d344", "Title": "gRPC-Go HTTP/2 Rapid Reset vulnerability", "Description": "### Impact\nIn affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit.\n\n### Patches\nThis vulnerability was addressed by #6703 and has been included in patch releases: 1.56.3, 1.57.1, 1.58.3. It is also included in the latest release, 1.59.0.\n\nAlong with applying the patch, users should also ensure they are using the `grpc.MaxConcurrentStreams` server option to apply a limit to the server's resources used for any single connection.\n\n### Workarounds\nNone.\n\n### References\n#6703\n", "Severity": "HIGH", "VendorSeverity": { "ghsa": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://github.com/grpc/grpc-go", "https://github.com/grpc/grpc-go/commit/f2180b4d5403d2210b30b93098eb7da31c05c721", "https://github.com/grpc/grpc-go/pull/6703", "https://github.com/grpc/grpc-go/security/advisories/GHSA-m425-mq94-257g", "https://nvd.nist.gov/vuln/detail/CVE-2023-44487" ], "PublishedDate": "2023-10-25T21:17:37Z", "LastModifiedDate": "2024-07-19T16:32:30Z" }, { "VulnerabilityID": "CVE-2024-24786", "VendorIDs": [ "GHSA-8r3f-844c-mc37" ], "PkgID": "google.golang.org/protobuf@v1.28.1", "PkgName": "google.golang.org/protobuf", "PkgIdentifier": { "PURL": "pkg:golang/google.golang.org/protobuf@v1.28.1", "UID": "dca4acce715bb108" }, "InstalledVersion": "v1.28.1", "FixedVersion": "1.33.0", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24786", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:e2aea706ddd973de2ae6710c3e231d1130e80b8c24edae3dbccac70539587e5e", "Title": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", "Description": "The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "cbl-mariner": 3, "ghsa": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U", "V3Score": 7.5, "V40Score": 6.6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/08/4", "https://access.redhat.com/errata/RHSA-2024:2550", "https://access.redhat.com/security/cve/CVE-2024-24786", "https://bugzilla.redhat.com/2268046", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24786", "https://errata.almalinux.org/9/ALSA-2024-2550.html", "https://errata.rockylinux.org/RLSA-2024:2550", "https://github.com/protocolbuffers/protobuf-go", "https://github.com/protocolbuffers/protobuf-go/commit/f01a588e5810b90996452eec4a28f22a0afae023", "https://github.com/protocolbuffers/protobuf-go/releases/tag/v1.33.0", "https://go-review.googlesource.com/c/protobuf/+/569356", "https://go.dev/cl/569356", "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/", "https://linux.oracle.com/cve/CVE-2024-24786.html", "https://linux.oracle.com/errata/ELSA-2024-4246.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU/", "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", "https://pkg.go.dev/vuln/GO-2024-2611", "https://security.netapp.com/advisory/ntap-20240517-0002", "https://security.netapp.com/advisory/ntap-20240517-0002/", "https://ubuntu.com/security/notices/USN-6746-1", "https://ubuntu.com/security/notices/USN-6746-2", "https://www.cve.org/CVERecord?id=CVE-2024-24786" ], "PublishedDate": "2024-03-05T23:15:07.82Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2023-24538", "VendorIDs": [ "GO-2023-1703" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.19.8, 1.20.3", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24538", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:d59bbc715e1784172b144d38415694ba5e39e65967007307e6e3ce91b12105e2", "Title": "golang: html/template: backticks not treated as string delimiters", "Description": "Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g. \"var a = {{.}}\"), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template.Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported, but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution.", "Severity": "CRITICAL", "CweIDs": [ "CWE-94" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 4, "bitnami": 4, "cbl-mariner": 4, "nvd": 4, "oracle-oval": 2, "photon": 4, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2023-24538", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://github.com/golang/go/commit/20374d1d759bc4e17486bde1cb9dca5be37d9e52 (go1.20.3)", "https://github.com/golang/go/commit/b1e3ecfa06b67014429a197ec5e134ce4303ad9b (go1.19.8)", "https://github.com/golang/go/issues/59234", "https://go.dev/cl/482079", "https://go.dev/issue/59234", "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", "https://linux.oracle.com/cve/CVE-2023-24538.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-24538", "https://pkg.go.dev/vuln/GO-2023-1703", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20241115-0007/", "https://ubuntu.com/security/notices/USN-6038-1", "https://ubuntu.com/security/notices/USN-6038-2", "https://ubuntu.com/security/notices/USN-6140-1", "https://ubuntu.com/security/notices/USN-7061-1", "https://www.cve.org/CVERecord?id=CVE-2023-24538" ], "PublishedDate": "2023-04-06T16:15:07.8Z", "LastModifiedDate": "2025-02-12T17:15:14.19Z" }, { "VulnerabilityID": "CVE-2023-24540", "VendorIDs": [ "GO-2023-1752" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.19.9, 1.20.4", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24540", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3a4aba208e9d0dbd5ad607fec66389719f75b59ef527122ef4202057671fe689", "Title": "golang: html/template: improper handling of JavaScript whitespace", "Description": "Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set \"\\t\\n\\f\\r\\u0020\\u2028\\u2029\" in JavaScript contexts that also contain actions may not be properly sanitized during execution.", "Severity": "CRITICAL", "CweIDs": [ "CWE-77" ], "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 4, "cbl-mariner": 4, "nvd": 4, "oracle-oval": 2, "photon": 4, "redhat": 3, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2023-24540", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://github.com/golang/go/commit/4a28cad66655ee01c6e944271e23c33cab021765 (go1.20.4)", "https://github.com/golang/go/commit/ce7bd33345416e6d8cac901792060591cafc2797 (go1.19.9)", "https://github.com/golang/go/issues/59721", "https://go.dev/cl/491616", "https://go.dev/issue/59721", "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU", "https://linux.oracle.com/cve/CVE-2023-24540.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-24540", "https://pkg.go.dev/vuln/GO-2023-1752", "https://security.netapp.com/advisory/ntap-20241115-0008/", "https://ubuntu.com/security/notices/USN-6140-1", "https://www.cve.org/CVERecord?id=CVE-2023-24540" ], "PublishedDate": "2023-05-11T16:15:09.687Z", "LastModifiedDate": "2025-01-24T17:15:10.893Z" }, { "VulnerabilityID": "CVE-2024-24790", "VendorIDs": [ "GO-2024-2887" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.21.11, 1.22.4", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24790", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:eadc05c5789bf85ee638dc158a4f3e80a84d5f699e513414c52bd2d8f01365c1", "Title": "golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses", "Description": "The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.", "Severity": "CRITICAL", "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 4, "cbl-mariner": 4, "nvd": 4, "oracle-oval": 2, "photon": 4, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 6.7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/06/04/1", "https://access.redhat.com/errata/RHSA-2025:7256", "https://access.redhat.com/security/cve/CVE-2024-24790", "https://bugzilla.redhat.com/2237777", "https://bugzilla.redhat.com/2237778", "https://bugzilla.redhat.com/2279814", "https://bugzilla.redhat.com/2292787", "https://bugzilla.redhat.com/2295310", "https://bugzilla.redhat.com/2315719", "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", "https://bugzilla.redhat.com/show_bug.cgi?id=2292787", "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", "https://bugzilla.redhat.com/show_bug.cgi?id=2315719", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9355", "https://errata.almalinux.org/9/ALSA-2025-7256.html", "https://errata.rockylinux.org/RLSA-2025:7256", "https://github.com/golang/go/commit/051bdf3fd12a40307606ff9381138039c5f452f0 (1.21)", "https://github.com/golang/go/commit/12d5810cdb1f73cf23d7a86462143e9463317fca (1.22)", "https://github.com/golang/go/issues/67680", "https://go.dev/cl/590316", "https://go.dev/issue/67680", "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k", "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ", "https://linux.oracle.com/cve/CVE-2024-24790.html", "https://linux.oracle.com/errata/ELSA-2025-7256.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-24790", "https://pkg.go.dev/vuln/GO-2024-2887", "https://security.netapp.com/advisory/ntap-20240905-0002/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://www.cve.org/CVERecord?id=CVE-2024-24790" ], "PublishedDate": "2024-06-05T16:15:10.56Z", "LastModifiedDate": "2024-11-21T08:59:42.813Z" }, { "VulnerabilityID": "CVE-2025-68121", "VendorIDs": [ "GO-2026-4337" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68121", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:2e64036c687b6783f4436dba8eb6a1085c495e8cb60631ea806b97b1fa3239b4", "Title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption", "Description": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.", "Severity": "CRITICAL", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 4, "cbl-mariner": 2, "nvd": 4, "oracle-oval": 3, "photon": 4, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "V3Score": 10 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "V3Score": 10 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4177", "https://access.redhat.com/security/cve/CVE-2025-68121", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-4177.html", "https://errata.rockylinux.org/RLSA-2026:4177", "https://github.com/golang/go/issues/77113", "https://go.dev/cl/737700", "https://go.dev/issue/77217", "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-68121.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-68121", "https://pkg.go.dev/vuln/GO-2026-4337", "https://www.cve.org/CVERecord?id=CVE-2025-68121" ], "PublishedDate": "2026-02-05T18:16:10.857Z", "LastModifiedDate": "2026-04-29T14:16:16.17Z" }, { "VulnerabilityID": "CVE-2022-41722", "VendorIDs": [ "GO-2023-1568" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.19.6, 1.20.1", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41722", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f00917acb7126076493e654bc39e8d93e88894ec18b118554ef040c12d6c4f3f", "Title": "golang: path/filepath: path-filepath filepath.Clean path traversal", "Description": "A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as \"a/../c:/b\" into the valid path \"c:\\b\". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path \".\\c:\\b\".", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-41722", "https://go.dev/cl/468123", "https://go.dev/issue/57274", "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "https://nvd.nist.gov/vuln/detail/CVE-2022-41722", "https://pkg.go.dev/vuln/GO-2023-1568", "https://www.cve.org/CVERecord?id=CVE-2022-41722" ], "PublishedDate": "2023-02-28T18:15:09.887Z", "LastModifiedDate": "2024-11-21T07:23:44.303Z" }, { "VulnerabilityID": "CVE-2022-41723", "VendorIDs": [ "GHSA-vvpx-j8f3-3w6h", "GO-2023-1571" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.19.6, 1.20.1", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:1450ec5b88bcfebbcd6fc956a149f6e7169b142c6de40ea36c22946645537774", "Title": "golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding", "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", "Severity": "HIGH", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2022-41723", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", "https://go.dev/cl/468135", "https://go.dev/cl/468295", "https://go.dev/issue/57855", "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "https://linux.oracle.com/cve/CVE-2022-41723.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", "https://pkg.go.dev/vuln/GO-2023-1571", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20230331-0010/", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://ubuntu.com/security/notices/USN-8089-1", "https://ubuntu.com/security/notices/USN-8089-2", "https://ubuntu.com/security/notices/USN-8089-3", "https://vuln.go.dev/ID/GO-2023-1571.json", "https://www.couchbase.com/alerts", "https://www.couchbase.com/alerts/", "https://www.cve.org/CVERecord?id=CVE-2022-41723" ], "PublishedDate": "2023-02-28T18:15:09.98Z", "LastModifiedDate": "2025-05-05T16:15:20.433Z" }, { "VulnerabilityID": "CVE-2022-41724", "VendorIDs": [ "GO-2023-1570" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.19.6, 1.20.1", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41724", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:23ba4cc9f8dcb84294f805da6e1fd30e7ba5ef7c8d6bddf1b388d9b83c4941d1", "Title": "golang: crypto/tls: large handshake records may cause panics", "Description": "Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth \u003e= RequestClientCert).", "Severity": "HIGH", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2022-41724", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://go.dev/cl/468125", "https://go.dev/issue/58001", "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "https://linux.oracle.com/cve/CVE-2022-41724.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-41724", "https://pkg.go.dev/vuln/GO-2023-1570", "https://security.gentoo.org/glsa/202311-09", "https://ubuntu.com/security/notices/USN-6140-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2022-41724" ], "PublishedDate": "2023-02-28T18:15:10.043Z", "LastModifiedDate": "2024-11-21T07:23:44.603Z" }, { "VulnerabilityID": "CVE-2022-41725", "VendorIDs": [ "GO-2023-1569" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.19.6, 1.20.1", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41725", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:fa54eede844ac4993ae8eff4792a2e9db97bf03f9cd516409d1e70a87b22fa7f", "Title": "golang: net/http, mime/multipart: denial of service from excessive resource consumption", "Description": "A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. ReadForm takes a maxMemory parameter, and is documented as storing \"up to maxMemory bytes +10MB (reserved for non-file parts) in memory\". File parts which cannot be stored in memory are stored on disk in temporary files. The unconfigurable 10MB reserved for non-file parts is excessively large and can potentially open a denial of service vector on its own. However, ReadForm did not properly account for all memory consumed by a parsed form, such as map entry overhead, part names, and MIME headers, permitting a maliciously crafted form to consume well over 10MB. In addition, ReadForm contained no limit on the number of disk files created, permitting a relatively small request body to create a large number of disk temporary files. With fix, ReadForm now properly accounts for various forms of memory overhead, and should now stay within its documented limit of 10MB + maxMemory bytes of memory consumption. Users should still be aware that this limit is high and may still be hazardous. In addition, ReadForm now creates at most one on-disk temporary file, combining multiple form parts into a single temporary file. The mime/multipart.File interface type's documentation states, \"If stored on disk, the File's underlying concrete type will be an *os.File.\". This is no longer the case when a form contains more than one file part, due to this coalescing of parts into a single file. The previous behavior of using distinct files for each form part may be reenabled with the environment variable GODEBUG=multipartfiles=distinct. Users should be aware that multipart.ReadForm and the http.Request methods that call it do not limit the amount of disk consumed by temporary files. Callers can limit the size of form data with http.MaxBytesReader.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2022-41725", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://github.com/golang/go/commit/5c55ac9bf1e5f779220294c843526536605f42ab [1.19]", "https://go.dev/cl/468124", "https://go.dev/issue/58006", "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "https://linux.oracle.com/cve/CVE-2022-41725.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-41725", "https://pkg.go.dev/vuln/GO-2023-1569", "https://security.gentoo.org/glsa/202311-09", "https://ubuntu.com/security/notices/USN-6140-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2022-41725" ], "PublishedDate": "2023-02-28T18:15:10.12Z", "LastModifiedDate": "2024-11-21T07:23:44.733Z" }, { "VulnerabilityID": "CVE-2023-24534", "VendorIDs": [ "GO-2023-1704" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.19.8, 1.20.3", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24534", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:d3eda123d6bd3bfd812904af7cde925c4b1a6d12143f7b43cea352dc37f04e15", "Title": "golang: net/http, net/textproto: denial of service from excessive memory allocation", "Description": "HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than required to hold the parsed headers. An attacker can exploit this behavior to cause an HTTP server to allocate large amounts of memory from a small request, potentially leading to memory exhaustion and a denial of service. With fix, header parsing now correctly allocates only the memory required to hold parsed headers.", "Severity": "HIGH", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2023-24534", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://github.com/golang/go/commit/3991f6c41c7dfd167e889234c0cf1d840475e93c (go1.20.3)", "https://github.com/golang/go/commit/d6759e7a059f4208f07aa781402841d7ddaaef96 (go1.19.8)", "https://go.dev/cl/481994", "https://go.dev/issue/58975", "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", "https://linux.oracle.com/cve/CVE-2023-24534.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-24534", "https://pkg.go.dev/vuln/GO-2023-1704", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20230526-0007/", "https://ubuntu.com/security/notices/USN-6038-1", "https://ubuntu.com/security/notices/USN-6038-2", "https://ubuntu.com/security/notices/USN-6140-1", "https://www.cve.org/CVERecord?id=CVE-2023-24534" ], "PublishedDate": "2023-04-06T16:15:07.657Z", "LastModifiedDate": "2025-02-12T18:15:19.837Z" }, { "VulnerabilityID": "CVE-2023-24536", "VendorIDs": [ "GO-2023-1705" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.19.8, 1.20.3", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24536", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:9d221f5d5e247bdcaafdea6926bbce2a7fc9f840bd07d76024ac3f23af8d94c0", "Title": "golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption", "Description": "Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount of memory consumed, leading it to accept larger inputs than intended. 2. Limiting total memory does not account for increased pressure on the garbage collector from large numbers of small allocations in forms with many parts. 3. ReadForm can allocate a large number of short-lived buffers, further increasing pressure on the garbage collector. The combination of these factors can permit an attacker to cause an program that parses multipart forms to consume large amounts of CPU and memory, potentially resulting in a denial of service. This affects programs that use mime/multipart.Reader.ReadForm, as well as form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. With fix, ReadForm now does a better job of estimating the memory consumption of parsed forms, and performs many fewer short-lived allocations. In addition, the fixed mime/multipart.Reader imposes the following limits on the size of parsed forms: 1. Forms parsed with ReadForm may contain no more than 1000 parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxparts=. 2. Form parts parsed with NextPart and NextRawPart may contain no more than 10,000 header fields. In addition, forms parsed with ReadForm may contain no more than 10,000 header fields across all parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxheaders=.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2023-24536", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://github.com/golang/go/commit/7917b5f31204528ea72e0629f0b7d52b35b27538 (go.1.19.8)", "https://github.com/golang/go/commit/bf8c7c575c8a552d9d79deb29e80854dc88528d0 (go1.20.3)", "https://go.dev/cl/482075", "https://go.dev/cl/482076", "https://go.dev/cl/482077", "https://go.dev/issue/59153", "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", "https://linux.oracle.com/cve/CVE-2023-24536.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-24536", "https://pkg.go.dev/vuln/GO-2023-1705", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20230526-0007/", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2023-24536" ], "PublishedDate": "2023-04-06T16:15:07.71Z", "LastModifiedDate": "2025-02-12T18:15:20.083Z" }, { "VulnerabilityID": "CVE-2023-24537", "VendorIDs": [ "GO-2023-1702" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.19.8, 1.20.3", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24537", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b7834dbbb31f9244e2824b6f286ac2cab1ad546bfc221dbd5a34f6c86636cfbf", "Title": "golang: go/parser: Infinite loop in parsing", "Description": "Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.", "Severity": "HIGH", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2023-24537", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://github.com/golang/go/commit/126a1d02da82f93ede7ce0bd8d3c51ef627f2104 (go1.19.8)", "https://github.com/golang/go/commit/e7c4b07ecf6b367f1afc9cc48cde963829dd0aab (go1.20.3)", "https://github.com/golang/go/issues/59180", "https://go.dev/cl/482078", "https://go.dev/issue/59180", "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", "https://linux.oracle.com/cve/CVE-2023-24537.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-24537", "https://pkg.go.dev/vuln/GO-2023-1702", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20241129-0004/", "https://ubuntu.com/security/notices/USN-6038-1", "https://ubuntu.com/security/notices/USN-6038-2", "https://ubuntu.com/security/notices/USN-6140-1", "https://www.cve.org/CVERecord?id=CVE-2023-24537" ], "PublishedDate": "2023-04-06T16:15:07.753Z", "LastModifiedDate": "2025-02-12T17:15:13.973Z" }, { "VulnerabilityID": "CVE-2023-24539", "VendorIDs": [ "GO-2023-1751" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.19.9, 1.20.4", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24539", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:ad37a681c622742275844b9e30d0becdc55096094310427645f07d58a69bbe96", "Title": "golang: html/template: improper sanitization of CSS values", "Description": "Angle brackets (\u003c\u003e) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input.", "Severity": "HIGH", "CweIDs": [ "CWE-74", "CWE-94" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 7.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 7.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 7.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2023-24539", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://github.com/golang/go/commit/090590fdccc8442728aa31601927da1bf2ef1288 (go1.20.4)", "https://github.com/golang/go/commit/e49282327b05192e46086bf25fd3ac691205fe80 (go1.19.9)", "https://github.com/golang/go/issues/59720", "https://go.dev/cl/491615", "https://go.dev/issue/59720", "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU", "https://linux.oracle.com/cve/CVE-2023-24539.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-24539", "https://pkg.go.dev/vuln/GO-2023-1751", "https://security.netapp.com/advisory/ntap-20241129-0005/", "https://ubuntu.com/security/notices/USN-6140-1", "https://www.cve.org/CVERecord?id=CVE-2023-24539" ], "PublishedDate": "2023-05-11T16:15:09.6Z", "LastModifiedDate": "2025-01-24T17:15:10.67Z" }, { "VulnerabilityID": "CVE-2023-29400", "VendorIDs": [ "GO-2023-1753" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.19.9, 1.20.4", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29400", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:e485d1faf10793c1784ec6a5c75e5a8a9a985e6cd6cd8321a00c28084dbb8398", "Title": "golang: html/template: improper handling of empty HTML attributes", "Description": "Templates containing actions in unquoted HTML attributes (e.g. \"attr={{.}}\") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.", "Severity": "HIGH", "CweIDs": [ "CWE-74", "CWE-94" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 7.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 7.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 7.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2023-29400", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://github.com/golang/go/commit/337dd75343145b74ed2073d793322eb4103b56ad (go1.20.4)", "https://github.com/golang/go/commit/9db0e74f606b8afb28cc71d4b1c8b4ed24cabbf5 (go1.19.9)", "https://github.com/golang/go/issues/59722", "https://go.dev/cl/491617", "https://go.dev/issue/59722", "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU", "https://linux.oracle.com/cve/CVE-2023-29400.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-29400", "https://pkg.go.dev/vuln/GO-2023-1753", "https://security.netapp.com/advisory/ntap-20241213-0005/", "https://ubuntu.com/security/notices/USN-6140-1", "https://www.cve.org/CVERecord?id=CVE-2023-29400" ], "PublishedDate": "2023-05-11T16:15:09.85Z", "LastModifiedDate": "2025-01-24T17:15:12.747Z" }, { "VulnerabilityID": "CVE-2023-29403", "VendorIDs": [ "GO-2023-1840" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.19.10, 1.20.5", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29403", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:05c6e1942b4b20650ac2dc31424393ae37de6ce2c0c89cec239d7894383d6976", "Title": "golang: runtime: unexpected behavior of setuid/setgid binaries", "Description": "On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.", "Severity": "HIGH", "CweIDs": [ "CWE-668" ], "VendorSeverity": { "alma": 4, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 4, "photon": 3, "redhat": 3, "rocky": 4, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:3923", "https://access.redhat.com/security/cve/CVE-2023-29403", "https://bugzilla.redhat.com/2216965", "https://bugzilla.redhat.com/2217562", "https://bugzilla.redhat.com/2217565", "https://bugzilla.redhat.com/2217569", "https://bugzilla.redhat.com/show_bug.cgi?id=2216965", "https://bugzilla.redhat.com/show_bug.cgi?id=2217562", "https://bugzilla.redhat.com/show_bug.cgi?id=2217565", "https://bugzilla.redhat.com/show_bug.cgi?id=2217569", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29402", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29403", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29404", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29405", "https://errata.almalinux.org/9/ALSA-2023-3923.html", "https://errata.rockylinux.org/RLSA-2023:3923", "https://github.com/golang/go/commit/36144ba429ef2650940c72e7a0b932af3612d420 (go1.20.5)", "https://github.com/golang/go/commit/a7b1cd452ddc69a6606c2f35ac5786dc892e62cb (go1.19.10)", "https://github.com/golang/go/issues/60272", "https://go.dev/cl/501223", "https://go.dev/issue/60272", "https://groups.google.com/g/golang-announce/c/q5135a9d924", "https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ", "https://linux.oracle.com/cve/CVE-2023-29403.html", "https://linux.oracle.com/errata/ELSA-2023-3923.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZ2O6YCO2IZMZJELQGZYR2WAUNEDLYV6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBS3IIK6ADV24C5ULQU55QLT2UE762ZX/", "https://nvd.nist.gov/vuln/detail/CVE-2023-29403", "https://pkg.go.dev/vuln/GO-2023-1840", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20241220-0009/", "https://ubuntu.com/security/notices/USN-7061-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://www.cve.org/CVERecord?id=CVE-2023-29403" ], "PublishedDate": "2023-06-08T21:15:16.927Z", "LastModifiedDate": "2025-01-06T20:15:25.82Z" }, { "VulnerabilityID": "CVE-2023-39325", "VendorIDs": [ "GHSA-4374-p667-p6c8", "GO-2023-2102" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.20.10, 1.21.3", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39325", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:67cfdb097e45b62a263909aa65897b211a252af88a8a3557da869f9a5f99fbdb", "Title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)", "Description": "A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 2, "redhat": 3, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "golang.org/x/net", "https://access.redhat.com/errata/RHSA-2023:6077", "https://access.redhat.com/security/cve/CVE-2023-39325", "https://access.redhat.com/security/cve/CVE-2023-44487", "https://bugzilla.redhat.com/2242803", "https://bugzilla.redhat.com/2243296", "https://bugzilla.redhat.com/show_bug.cgi?id=2242803", "https://bugzilla.redhat.com/show_bug.cgi?id=2243296", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39325", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487", "https://errata.almalinux.org/9/ALSA-2023-6077.html", "https://errata.rockylinux.org/RLSA-2023:6077", "https://github.com/golang/go/commit/24ae2d927285c697440fdde3ad7f26028354bcf3 [golang- 1.21]", "https://github.com/golang/go/commit/e175f27f58aa7b9cd4d79607ae65d2cd5baaee68 [golang-1.20]", "https://github.com/golang/go/issues/63417", "https://go.dev/cl/534215", "https://go.dev/cl/534235", "https://go.dev/issue/63417", "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ", "https://linux.oracle.com/cve/CVE-2023-39325.html", "https://linux.oracle.com/errata/ELSA-2023-5867.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/", "https://nvd.nist.gov/vuln/detail/CVE-2023-39325", "https://pkg.go.dev/vuln/GO-2023-2102", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20231110-0008", "https://security.netapp.com/advisory/ntap-20231110-0008/", "https://ubuntu.com/security/notices/USN-6574-1", "https://ubuntu.com/security/notices/USN-7061-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", "https://www.cve.org/CVERecord?id=CVE-2023-39325" ], "PublishedDate": "2023-10-11T22:15:09.88Z", "LastModifiedDate": "2024-11-21T08:15:09.627Z" }, { "VulnerabilityID": "CVE-2023-45283", "VendorIDs": [ "GO-2023-2185" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.20.11, 1.21.4, 1.20.12, 1.21.5", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45283", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:44b6a2cdc290ca9914b14d7d4d12661509f47e2642509751884b8b0972c1603c", "Title": "The filepath package does not recognize paths with a \\??\\ prefix as sp ...", "Description": "The filepath package does not recognize paths with a \\??\\ prefix as special. On Windows, a path beginning with \\??\\ is a Root Local Device path equivalent to a path beginning with \\\\?\\. Paths with a \\??\\ prefix may be used to access arbitrary locations on the system. For example, the path \\??\\c:\\x is equivalent to the more common path c:\\x. Before fix, Clean could convert a rooted path such as \\a\\..\\??\\b into the root local device path \\??\\b. Clean will now convert this to .\\??\\b. Similarly, Join(\\, ??, b) could convert a seemingly innocent sequence of path elements into the root local device path \\??\\b. Join will now convert this to \\.\\??\\b. In addition, with fix, IsAbs now correctly reports paths beginning with \\??\\ as absolute, and VolumeName correctly reports the \\??\\ prefix as a volume name. UPDATE: Go 1.20.11 and Go 1.21.4 inadvertently changed the definition of the volume name in Windows paths starting with \\?, resulting in filepath.Clean(\\?\\c:) returning \\?\\c: rather than \\?\\c:\\ (among other effects). The previous behavior has been restored.", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "amazon": 2, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "photon": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/12/05/2", "https://go.dev/cl/540277", "https://go.dev/cl/541175", "https://go.dev/issue/63713", "https://go.dev/issue/64028", "https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY", "https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ", "https://nvd.nist.gov/vuln/detail/CVE-2023-45283", "https://pkg.go.dev/vuln/GO-2023-2185", "https://security.netapp.com/advisory/ntap-20231214-0008/" ], "PublishedDate": "2023-11-09T17:15:08.757Z", "LastModifiedDate": "2024-11-21T08:26:41.567Z" }, { "VulnerabilityID": "CVE-2023-45288", "VendorIDs": [ "GHSA-4v7x-pqxf-cx7m", "GO-2024-2687" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.21.9, 1.22.2", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45288", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:6152ab42d03e71959bd291094d7fc0cd9e8847046ea7a751791999f1b0c6d846", "Title": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS", "Description": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.", "Severity": "HIGH", "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "ghsa": 2, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/04/03/16", "http://www.openwall.com/lists/oss-security/2024/04/05/4", "https://access.redhat.com/errata/RHSA-2024:2724", "https://access.redhat.com/security/cve/CVE-2023-45288", "https://bugzilla.redhat.com/2268017", "https://bugzilla.redhat.com/2268018", "https://bugzilla.redhat.com/2268019", "https://bugzilla.redhat.com/2268273", "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", "https://errata.almalinux.org/9/ALSA-2024-2724.html", "https://errata.rockylinux.org/RLSA-2024:2724", "https://go.dev/cl/576155", "https://go.dev/issue/65051", "https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M", "https://kb.cert.org/vuls/id/421644", "https://linux.oracle.com/cve/CVE-2023-45288.html", "https://linux.oracle.com/errata/ELSA-2024-3346.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/", "https://nowotarski.info/http2-continuation-flood-technical-details", "https://nowotarski.info/http2-continuation-flood/", "https://nvd.nist.gov/vuln/detail/CVE-2023-45288", "https://pkg.go.dev/vuln/GO-2024-2687", "https://security.netapp.com/advisory/ntap-20240419-0009", "https://security.netapp.com/advisory/ntap-20240419-0009/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2023-45288", "https://www.kb.cert.org/vuls/id/421644" ], "PublishedDate": "2024-04-04T21:15:16.113Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-34156", "VendorIDs": [ "GO-2024-3106" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.22.7, 1.23.1", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34156", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:eba67e03e9aada70f06c121d7fff30e0ff4ab2dce6ea58a03abed22727968d1b", "Title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion", "Description": "Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "Severity": "HIGH", "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:3773", "https://access.redhat.com/security/cve/CVE-2024-34156", "https://bugzilla.redhat.com/2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", "https://errata.almalinux.org/9/ALSA-2025-3773.html", "https://errata.rockylinux.org/RLSA-2025:3773", "https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7)", "https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1)", "https://go.dev/cl/611239", "https://go.dev/issue/69139", "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "https://linux.oracle.com/cve/CVE-2024-34156.html", "https://linux.oracle.com/errata/ELSA-2025-3773.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-34156", "https://pkg.go.dev/vuln/GO-2024-3106", "https://security.netapp.com/advisory/ntap-20240926-0004/", "https://ubuntu.com/security/notices/USN-7081-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-34156" ], "PublishedDate": "2024-09-06T21:15:12.02Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-61726", "VendorIDs": [ "GO-2026-4341" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61726", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:77f9f45fdbae5040b5ea22dc357e5c83a6d13ed554c78d6f4bef9757454d39c9", "Title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url", "Description": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 3, "cbl-mariner": 2, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4177", "https://access.redhat.com/security/cve/CVE-2025-61726", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-4177.html", "https://errata.rockylinux.org/RLSA-2026:4177", "https://go.dev/cl/736712", "https://go.dev/issue/77101", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-61726.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61726", "https://pkg.go.dev/vuln/GO-2026-4341", "https://www.cve.org/CVERecord?id=CVE-2025-61726" ], "PublishedDate": "2026-01-28T20:16:09.713Z", "LastModifiedDate": "2026-02-06T18:47:34.52Z" }, { "VulnerabilityID": "CVE-2025-61729", "VendorIDs": [ "GO-2025-4155" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.24.11, 1.25.5", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61729", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:e901cbbda71512a2075a8bb04b0d3bba7ca5b604479a0509437ef8d82f58168f", "Title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate", "Description": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 1, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:3928", "https://access.redhat.com/security/cve/CVE-2025-61729", "https://bugzilla.redhat.com/2418462", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-3928.html", "https://errata.rockylinux.org/RLSA-2026:3928", "https://go.dev/cl/725920", "https://go.dev/issue/76445", "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "https://linux.oracle.com/cve/CVE-2025-61729.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61729", "https://pkg.go.dev/vuln/GO-2025-4155", "https://www.cve.org/CVERecord?id=CVE-2025-61729" ], "PublishedDate": "2025-12-02T19:15:51.447Z", "LastModifiedDate": "2025-12-19T18:25:28.283Z" }, { "VulnerabilityID": "CVE-2026-25679", "VendorIDs": [ "GO-2026-4601" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.25.8, 1.26.1", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25679", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:1f2b7547367c55cc2a9963601256771a5652d769457be9befd9467c8506aaa60", "Title": "net/url: Incorrect parsing of IPv6 host literals in net/url", "Description": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.", "Severity": "HIGH", "CweIDs": [ "CWE-425" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:9044", "https://access.redhat.com/security/cve/CVE-2026-25679", "https://bugzilla.redhat.com/2445356", "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", "https://errata.almalinux.org/9/ALSA-2026-9044.html", "https://errata.rockylinux.org/RLSA-2026:8841", "https://go.dev/cl/752180", "https://go.dev/issue/77578", "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "https://linux.oracle.com/cve/CVE-2026-25679.html", "https://linux.oracle.com/errata/ELSA-2026-9044.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", "https://pkg.go.dev/vuln/GO-2026-4601", "https://www.cve.org/CVERecord?id=CVE-2026-25679" ], "PublishedDate": "2026-03-06T22:16:00.72Z", "LastModifiedDate": "2026-04-21T14:43:03.8Z" }, { "VulnerabilityID": "CVE-2026-32280", "VendorIDs": [ "GO-2026-4947" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:6fc5fa68b5fe369bb5a0d85e61a313feac842a106caff8647cfab8a6d24e5f95", "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32280", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/758320", "https://go.dev/issue/78282", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32280.html", "https://linux.oracle.com/errata/ELSA-2026-16875.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", "https://pkg.go.dev/vuln/GO-2026-4947", "https://www.cve.org/CVERecord?id=CVE-2026-32280" ], "PublishedDate": "2026-04-08T02:16:03.247Z", "LastModifiedDate": "2026-04-16T19:16:42.18Z" }, { "VulnerabilityID": "CVE-2026-32281", "VendorIDs": [ "GO-2026-4946" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3e485dc855e7e490665d0dae45de39d95f50f1defbf1c287a1c368dfee4a4c75", "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32281", "https://go.dev/cl/758061", "https://go.dev/issue/78281", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", "https://pkg.go.dev/vuln/GO-2026-4946", "https://www.cve.org/CVERecord?id=CVE-2026-32281" ], "PublishedDate": "2026-04-08T02:16:03.35Z", "LastModifiedDate": "2026-04-16T19:15:57.75Z" }, { "VulnerabilityID": "CVE-2026-32283", "VendorIDs": [ "GO-2026-4870" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:d612bc4fa5eb5185dff410041963df6c68202e68a5d1be80a077816421e1b4b8", "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "nvd": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32283", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763767", "https://go.dev/issue/78334", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32283.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", "https://pkg.go.dev/vuln/GO-2026-4870", "https://www.cve.org/CVERecord?id=CVE-2026-32283" ], "PublishedDate": "2026-04-08T02:16:03.58Z", "LastModifiedDate": "2026-04-16T19:12:10.54Z" }, { "VulnerabilityID": "CVE-2026-33811", "VendorIDs": [ "GO-2026-4981" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:d7e82490b5cc909a98ab89fc999e166f7c5cc09c66cae876d6b32212f26a21ca", "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", "Severity": "HIGH", "CweIDs": [ "CWE-415" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/767860", "https://go.dev/issue/78803", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", "https://pkg.go.dev/vuln/GO-2026-4981" ], "PublishedDate": "2026-05-07T20:16:42.77Z", "LastModifiedDate": "2026-05-12T20:23:02.333Z" }, { "VulnerabilityID": "CVE-2026-33814", "VendorIDs": [ "GO-2026-4918" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:11b006492709143ef82d5a537215ca74de0c23089100d4bbd55a61b57a843262", "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", "Severity": "HIGH", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/761581", "https://go.dev/cl/761640", "https://go.dev/issue/78476", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", "https://pkg.go.dev/vuln/GO-2026-4918" ], "PublishedDate": "2026-05-07T20:16:42.88Z", "LastModifiedDate": "2026-05-13T14:41:59.52Z" }, { "VulnerabilityID": "CVE-2026-39820", "VendorIDs": [ "GO-2026-4986" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:40a907d338f1e8788266347a567488b537ce5bc0ce7f9111f0681f75988f7534", "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/759940", "https://go.dev/issue/78566", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", "https://pkg.go.dev/vuln/GO-2026-4986" ], "PublishedDate": "2026-05-07T20:16:43.187Z", "LastModifiedDate": "2026-05-13T15:10:58.65Z" }, { "VulnerabilityID": "CVE-2026-39836", "VendorIDs": [ "GO-2026-4971" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:e107e12593298515cdbb599d863dcf0962127bc746e7b278bfbd198ca51a1f66", "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/775320", "https://go.dev/issue/79006", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", "https://pkg.go.dev/vuln/GO-2026-4971" ], "PublishedDate": "2026-05-07T20:16:43.593Z", "LastModifiedDate": "2026-05-13T15:11:10.31Z" }, { "VulnerabilityID": "CVE-2026-42499", "VendorIDs": [ "GO-2026-4977" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:d945ef631c6080fe2656c79f71147fc8255a945f38b62d7fb7f41613860fd694", "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", "Severity": "HIGH", "VendorSeverity": { "bitnami": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/771520", "https://go.dev/issue/78987", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", "https://pkg.go.dev/vuln/GO-2026-4977" ], "PublishedDate": "2026-05-07T20:16:44.54Z", "LastModifiedDate": "2026-05-13T16:59:17.563Z" }, { "VulnerabilityID": "CVE-2023-24532", "VendorIDs": [ "GO-2023-1621" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.19.7, 1.20.2", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24532", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:2d95b0cfb42d8a996eddfc36598e3d3c2324e52b6fa9d459f130038ff387044c", "Title": "golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results", "Description": "The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages of crypto/ecdsa or crypto/ecdh.", "Severity": "MEDIUM", "CweIDs": [ "CWE-682" ], "VendorSeverity": { "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-24532", "https://go.dev/cl/471255", "https://go.dev/issue/58647", "https://groups.google.com/g/golang-announce/c/3-TpUx48iQY", "https://nvd.nist.gov/vuln/detail/CVE-2023-24532", "https://pkg.go.dev/vuln/GO-2023-1621", "https://security.netapp.com/advisory/ntap-20230331-0011/", "https://www.cve.org/CVERecord?id=CVE-2023-24532" ], "PublishedDate": "2023-03-08T20:15:09.413Z", "LastModifiedDate": "2024-11-21T07:48:04.383Z" }, { "VulnerabilityID": "CVE-2023-29406", "VendorIDs": [ "GO-2023-1878" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.19.11, 1.20.6", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29406", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:ea3bace34e969279606b6d1d5b5bbd238065cff2b1a2a6ed13c1f47c8e21ea7e", "Title": "golang: net/http: insufficient sanitization of Host header", "Description": "The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.", "Severity": "MEDIUM", "CweIDs": [ "CWE-436" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "V3Score": 6.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2023-29406", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2242871", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:7202", "https://github.com/golang/go/commit/312920c00aac9897b2a0693e752390b5b0711a5a (go1.20.6)", "https://github.com/golang/go/commit/5fa6923b1ea891400153d04ddf1545e23b40041b (go1.19.11)", "https://github.com/golang/go/issues/60374", "https://go.dev/cl/506996", "https://go.dev/issue/60374", "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0", "https://linux.oracle.com/cve/CVE-2023-29406.html", "https://linux.oracle.com/errata/ELSA-2023-7202.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-29406", "https://pkg.go.dev/vuln/GO-2023-1878", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20230814-0002/", "https://ubuntu.com/security/notices/USN-7061-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://www.cve.org/CVERecord?id=CVE-2023-29406" ], "PublishedDate": "2023-07-11T20:15:10.643Z", "LastModifiedDate": "2024-11-21T07:56:59.913Z" }, { "VulnerabilityID": "CVE-2023-29409", "VendorIDs": [ "GO-2023-1987" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.19.12, 1.20.7, 1.21.0-rc.4", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29409", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:73deed3e34a1ed1433cfa8046506210b7183fdacd5718d2db88df5a925ea7d88", "Title": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys", "Description": "Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to \u003c= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable.", "Severity": "MEDIUM", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:7766", "https://access.redhat.com/security/cve/CVE-2023-29409", "https://bugzilla.redhat.com/2228743", "https://bugzilla.redhat.com/2237773", "https://bugzilla.redhat.com/2237776", "https://bugzilla.redhat.com/2237777", "https://bugzilla.redhat.com/2237778", "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", "https://bugzilla.redhat.com/show_bug.cgi?id=2244340", "https://bugzilla.redhat.com/show_bug.cgi?id=2246840", "https://bugzilla.redhat.com/show_bug.cgi?id=2253193", "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", "https://bugzilla.redhat.com/show_bug.cgi?id=2262272", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39326", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650", "https://errata.almalinux.org/9/ALSA-2023-7766.html", "https://errata.rockylinux.org/RLSA-2024:2988", "https://go.dev/cl/515257", "https://go.dev/issue/61460", "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ", "https://linux.oracle.com/cve/CVE-2023-29409.html", "https://linux.oracle.com/errata/ELSA-2024-2988.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-29409", "https://pkg.go.dev/vuln/GO-2023-1987", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20230831-0010/", "https://www.cve.org/CVERecord?id=CVE-2023-29409" ], "PublishedDate": "2023-08-02T20:15:11.94Z", "LastModifiedDate": "2024-11-21T07:57:00.287Z" }, { "VulnerabilityID": "CVE-2023-39318", "VendorIDs": [ "GO-2023-2041" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.20.8, 1.21.1", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39318", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:d06344db7fe057bb732278939563bc75dc42e692d83e0c59418f1774074fbd2b", "Title": "golang: html/template: improper handling of HTML-like comments within script contexts", "Description": "The html/template package does not properly handle HTML-like \"\" comment tokens, nor hashbang \"#!\" comment tokens, in \u003cscript\u003e contexts. This may cause the template parser to improperly interpret the contents of \u003cscript\u003e contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:2160", "https://access.redhat.com/security/cve/CVE-2023-39318", "https://bugzilla.redhat.com/2237773", "https://bugzilla.redhat.com/2237776", "https://bugzilla.redhat.com/2253330", "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", "https://bugzilla.redhat.com/show_bug.cgi?id=2244340", "https://bugzilla.redhat.com/show_bug.cgi?id=2246840", "https://bugzilla.redhat.com/show_bug.cgi?id=2253193", "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", "https://bugzilla.redhat.com/show_bug.cgi?id=2262272", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39326", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650", "https://errata.almalinux.org/9/ALSA-2024-2160.html", "https://errata.rockylinux.org/RLSA-2024:2988", "https://github.com/golang/go/commit/023b542edf38e2a1f87fcefb9f75ff2f99401b4c (go1.20.8)", "https://github.com/golang/go/commit/b0e1d3ea26e8e8fce7726690c9ef0597e60739fb (go1.21.1)", "https://go.dev/cl/526156", "https://go.dev/issue/62196", "https://groups.google.com/g/golang-announce/c/Fm51GRLNRvM", "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", "https://linux.oracle.com/cve/CVE-2023-39318.html", "https://linux.oracle.com/errata/ELSA-2024-2988.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-39318", "https://pkg.go.dev/vuln/GO-2023-2041", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20231020-0009/", "https://ubuntu.com/security/notices/USN-6574-1", "https://ubuntu.com/security/notices/USN-7061-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://vuln.go.dev/ID/GO-2023-2041.json", "https://www.cve.org/CVERecord?id=CVE-2023-39318" ], "PublishedDate": "2023-09-08T17:15:27.823Z", "LastModifiedDate": "2024-11-21T08:15:08.737Z" }, { "VulnerabilityID": "CVE-2023-39319", "VendorIDs": [ "GO-2023-2043" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.20.8, 1.21.1", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39319", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:90853f2b8da7b67fe3c5c7a0268c1101ec9d4132a1c7822b08eae1070dcb5997", "Title": "golang: html/template: improper handling of special tags within script contexts", "Description": "The html/template package does not apply the proper rules for handling occurrences of \"\u003cscript\", \"\u003c!--\", and \"\u003c/script\" within JS literals in \u003cscript\u003e contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:2160", "https://access.redhat.com/security/cve/CVE-2023-39319", "https://bugzilla.redhat.com/2237773", "https://bugzilla.redhat.com/2237776", "https://bugzilla.redhat.com/2253330", "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", "https://bugzilla.redhat.com/show_bug.cgi?id=2244340", "https://bugzilla.redhat.com/show_bug.cgi?id=2246840", "https://bugzilla.redhat.com/show_bug.cgi?id=2253193", "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", "https://bugzilla.redhat.com/show_bug.cgi?id=2262272", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39326", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650", "https://errata.almalinux.org/9/ALSA-2024-2160.html", "https://errata.rockylinux.org/RLSA-2024:2988", "https://github.com/golang/go/commit/2070531d2f53df88e312edace6c8dfc9686ab2f5 (go1.20.8)", "https://github.com/golang/go/commit/bbd043ff0d6d59f1a9232d31ecd5eacf6507bf6a (go1.21.1)", "https://go.dev/cl/526157", "https://go.dev/issue/62197", "https://groups.google.com/g/golang-announce/c/Fm51GRLNRvM", "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", "https://linux.oracle.com/cve/CVE-2023-39319.html", "https://linux.oracle.com/errata/ELSA-2024-2988.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-39319", "https://pkg.go.dev/vuln/GO-2023-2043", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20231020-0009/", "https://ubuntu.com/security/notices/USN-6574-1", "https://ubuntu.com/security/notices/USN-7061-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://vuln.go.dev/ID/GO-2023-2043.json", "https://www.cve.org/CVERecord?id=CVE-2023-39319" ], "PublishedDate": "2023-09-08T17:15:27.91Z", "LastModifiedDate": "2024-11-21T08:15:08.89Z" }, { "VulnerabilityID": "CVE-2023-39326", "VendorIDs": [ "GO-2023-2382" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.20.12, 1.21.5", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39326", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c99ad590fd664a18edc8895cad73c926e5ee41302668d5124674fb87086c6edd", "Title": "golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests", "Description": "A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:2272", "https://access.redhat.com/security/cve/CVE-2023-39326", "https://bugzilla.redhat.com/2253193", "https://bugzilla.redhat.com/2253330", "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", "https://bugzilla.redhat.com/show_bug.cgi?id=2244340", "https://bugzilla.redhat.com/show_bug.cgi?id=2246840", "https://bugzilla.redhat.com/show_bug.cgi?id=2253193", "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", "https://bugzilla.redhat.com/show_bug.cgi?id=2262272", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39326", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650", "https://errata.almalinux.org/9/ALSA-2024-2272.html", "https://errata.rockylinux.org/RLSA-2024:2988", "https://github.com/golang/go/commit/6446af942e2e2b161c4ec1b60d9703a2b55dc4dd (go1.20.12)", "https://github.com/golang/go/commit/ec8c526e4be720e94b98ca509e6364f0efaf28f7 (go1.21.5)", "https://go.dev/cl/547335", "https://go.dev/issue/64433", "https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ", "https://linux.oracle.com/cve/CVE-2023-39326.html", "https://linux.oracle.com/errata/ELSA-2024-2988.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UIU6HOGV6RRIKWM57LOXQA75BGZSIH6G/", "https://nvd.nist.gov/vuln/detail/CVE-2023-39326", "https://pkg.go.dev/vuln/GO-2023-2382", "https://ubuntu.com/security/notices/USN-6574-1", "https://www.cve.org/CVERecord?id=CVE-2023-39326" ], "PublishedDate": "2023-12-06T17:15:07.147Z", "LastModifiedDate": "2024-11-21T08:15:09.89Z" }, { "VulnerabilityID": "CVE-2023-45284", "VendorIDs": [ "GO-2023-2186" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.20.11, 1.21.4", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45284", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:28e01f466e0def344f7b91a245b41c454544467aa4aa115f800f7ed44aed7bc3", "Title": "On Windows, The IsLocal function does not correctly detect reserved de ...", "Description": "On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as \"COM1 \", and reserved names \"COM\" and \"LPT\" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "photon": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://go.dev/cl/540277", "https://go.dev/issue/63713", "https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY", "https://nvd.nist.gov/vuln/detail/CVE-2023-45284", "https://pkg.go.dev/vuln/GO-2023-2186" ], "PublishedDate": "2023-11-09T17:15:08.813Z", "LastModifiedDate": "2024-11-21T08:26:41.737Z" }, { "VulnerabilityID": "CVE-2023-45289", "VendorIDs": [ "GO-2024-2600" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.21.8, 1.22.1", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45289", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:aa2846b37786db8965607176624b786819f99a86e62d295cbcbe9928560c6e89", "Title": "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect", "Description": "When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 3, "amazon": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "V3Score": 4.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/08/4", "https://access.redhat.com/errata/RHSA-2024:2724", "https://access.redhat.com/security/cve/CVE-2023-45289", "https://bugzilla.redhat.com/2268017", "https://bugzilla.redhat.com/2268018", "https://bugzilla.redhat.com/2268019", "https://bugzilla.redhat.com/2268273", "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", "https://errata.almalinux.org/9/ALSA-2024-2724.html", "https://errata.rockylinux.org/RLSA-2024:2724", "https://github.com/golang/go/commit/20586c0dbe03d144f914155f879fa5ee287591a1 (go1.21.8)", "https://github.com/golang/go/commit/3a855208e3efed2e9d7c20ad023f1fa78afcc0be (go1.22.1)", "https://github.com/golang/go/issues/65065", "https://go.dev/cl/569340", "https://go.dev/issue/65065", "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "https://linux.oracle.com/cve/CVE-2023-45289.html", "https://linux.oracle.com/errata/ELSA-2024-3346.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-45289", "https://pkg.go.dev/vuln/GO-2024-2600", "https://security.netapp.com/advisory/ntap-20240329-0006/", "https://ubuntu.com/security/notices/USN-6886-1", "https://www.cve.org/CVERecord?id=CVE-2023-45289" ], "PublishedDate": "2024-03-05T23:15:07.137Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2023-45290", "VendorIDs": [ "GO-2024-2599" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.21.8, 1.22.1", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45290", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:431ced200b22b615a696af874a78d1c24054ebd030ad017450f2da71b65ded44", "Title": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm", "Description": "When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 2, "amazon": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/08/4", "https://access.redhat.com/errata/RHSA-2024:9135", "https://access.redhat.com/security/cve/CVE-2023-45290", "https://bugzilla.redhat.com/2268017", "https://bugzilla.redhat.com/2268022", "https://bugzilla.redhat.com/2279814", "https://bugzilla.redhat.com/2295310", "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24785", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", "https://errata.almalinux.org/9/ALSA-2024-9135.html", "https://errata.rockylinux.org/RLSA-2024:9135", "https://github.com/golang/go/commit/041a47712e765e94f86d841c3110c840e76d8f82 (go1.22.1)", "https://github.com/golang/go/commit/bf80213b121074f4ad9b449410a4d13bae5e9be0 (go1.21.8)", "https://github.com/golang/go/issues/65383", "https://go.dev/cl/569341", "https://go.dev/issue/65383", "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "https://linux.oracle.com/cve/CVE-2023-45290.html", "https://linux.oracle.com/errata/ELSA-2024-8038.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-45290", "https://pkg.go.dev/vuln/GO-2024-2599", "https://security.netapp.com/advisory/ntap-20240329-0004", "https://security.netapp.com/advisory/ntap-20240329-0004/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2023-45290" ], "PublishedDate": "2024-03-05T23:15:07.21Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-24783", "VendorIDs": [ "GO-2024-2598" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.21.8, 1.22.1", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24783", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b31b41171d4b9009f81d18bcc5541a6e3cc596cedbba8974901ae2e68c75fe42", "Title": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm", "Description": "Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 2, "amazon": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/08/4", "https://access.redhat.com/errata/RHSA-2024:6195", "https://access.redhat.com/security/cve/CVE-2024-24783", "https://bugzilla.redhat.com/2268019", "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", "https://errata.almalinux.org/9/ALSA-2024-6195.html", "https://errata.rockylinux.org/RLSA-2024:2724", "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp", "https://github.com/golang/go/commit/337b8e9cbfa749d9d5c899e0dc358e2208d5e54f (go1.22.1)", "https://github.com/golang/go/commit/be5b52bea674190ef7de272664be6c7ae93ec5a0 (go1.21.8)", "https://github.com/golang/go/issues/65390", "https://go.dev/cl/569339", "https://go.dev/issue/65390", "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "https://linux.oracle.com/cve/CVE-2024-24783.html", "https://linux.oracle.com/errata/ELSA-2024-6969.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-24783", "https://pkg.go.dev/vuln/GO-2024-2598", "https://security.netapp.com/advisory/ntap-20240329-0005", "https://security.netapp.com/advisory/ntap-20240329-0005/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-24783" ], "PublishedDate": "2024-03-05T23:15:07.683Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-24784", "VendorIDs": [ "GO-2024-2609" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.21.8, 1.22.1", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24784", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:1e3d32aa2db998066382ac3b02b464d459e1898a86651d08b7fed5cd8057fb1d", "Title": "golang: net/mail: comments in display names are incorrectly handled", "Description": "The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 3, "amazon": 2, "bitnami": 3, "cbl-mariner": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/08/4", "https://access.redhat.com/errata/RHSA-2024:2562", "https://access.redhat.com/security/cve/CVE-2024-24784", "https://bugzilla.redhat.com/2262921", "https://bugzilla.redhat.com/2268017", "https://bugzilla.redhat.com/2268018", "https://bugzilla.redhat.com/2268019", "https://bugzilla.redhat.com/2268021", "https://bugzilla.redhat.com/2268022", "https://bugzilla.redhat.com/2268273", "https://bugzilla.redhat.com/show_bug.cgi?id=2262921", "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", "https://bugzilla.redhat.com/show_bug.cgi?id=2268021", "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1394", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24784", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24785", "https://errata.almalinux.org/9/ALSA-2024-2562.html", "https://errata.rockylinux.org/RLSA-2024:2562", "https://github.com/golang/go/commit/263c059b09fdd40d9dd945f2ecb20c89ea28efe5 (go1.21.8)", "https://github.com/golang/go/commit/5330cd225ba54c7dc78c1b46dcdf61a4671a632c (go1.22.1)", "https://github.com/golang/go/issues/65083", "https://go.dev/cl/555596", "https://go.dev/issue/65083", "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "https://linux.oracle.com/cve/CVE-2024-24784.html", "https://linux.oracle.com/errata/ELSA-2024-6969.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-24784", "https://pkg.go.dev/vuln/GO-2024-2609", "https://security.netapp.com/advisory/ntap-20240329-0007/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-24784" ], "PublishedDate": "2024-03-05T23:15:07.733Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-24785", "VendorIDs": [ "GO-2024-2610" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.21.8, 1.22.1", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24785", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:19f3ca3c79ba55894735e17fb9e78641296ad53efbe51b0fe499ea0d08f0257a", "Title": "golang: html/template: errors returned from MarshalJSON methods may break template escaping", "Description": "If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "V3Score": 5.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/08/4", "https://access.redhat.com/errata/RHSA-2024:9135", "https://access.redhat.com/security/cve/CVE-2024-24785", "https://bugzilla.redhat.com/2268017", "https://bugzilla.redhat.com/2268022", "https://bugzilla.redhat.com/2279814", "https://bugzilla.redhat.com/2295310", "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24785", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", "https://errata.almalinux.org/9/ALSA-2024-9135.html", "https://errata.rockylinux.org/RLSA-2024:9135", "https://github.com/golang/go/commit/056b0edcb8c152152021eebf4cf42adbfbe77992 (go1.22.1)", "https://github.com/golang/go/commit/3643147a29352ca2894fd5d0d2069bc4b4335a7e (go1.21.8)", "https://github.com/golang/go/issues/65697", "https://go.dev/cl/564196", "https://go.dev/issue/65697", "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "https://linux.oracle.com/cve/CVE-2024-24785.html", "https://linux.oracle.com/errata/ELSA-2026-3428.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-24785", "https://pkg.go.dev/vuln/GO-2024-2610", "https://security.netapp.com/advisory/ntap-20240329-0008/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7061-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://vuln.go.dev/ID/GO-2024-2610.json", "https://www.cve.org/CVERecord?id=CVE-2024-24785" ], "PublishedDate": "2024-03-05T23:15:07.777Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-24789", "VendorIDs": [ "GO-2024-2888" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.21.11, 1.22.4", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24789", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:2291c23a767dc92534aeda1eb4e8430011c22697d3f1bbe1da472d08fd2e2de1", "Title": "golang: archive/zip: Incorrect handling of certain ZIP files", "Description": "The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/06/04/1", "https://access.redhat.com/errata/RHSA-2024:9115", "https://access.redhat.com/security/cve/CVE-2024-24789", "https://bugzilla.redhat.com/2279814", "https://bugzilla.redhat.com/2292668", "https://bugzilla.redhat.com/2292787", "https://bugzilla.redhat.com/2294000", "https://bugzilla.redhat.com/2295310", "https://bugzilla.redhat.com/show_bug.cgi?id=2144983", "https://bugzilla.redhat.com/show_bug.cgi?id=2274767", "https://bugzilla.redhat.com/show_bug.cgi?id=2292668", "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4122", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24789", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3727", "https://errata.almalinux.org/9/ALSA-2024-9115.html", "https://errata.rockylinux.org/RLSA-2024:9102", "https://github.com/golang/go/commit/c8e40338cf00f3c1d86c8fb23863ad67a4c72bcc (1.21)", "https://github.com/golang/go/commit/cf501ac0c5fe351a8582d20b43562027927906e7 (1.22)", "https://github.com/golang/go/issues/66869", "https://go.dev/cl/585397", "https://go.dev/issue/66869", "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k", "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ", "https://linux.oracle.com/cve/CVE-2024-24789.html", "https://linux.oracle.com/errata/ELSA-2024-9115.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5YAEIA6IUHUNGJ7AIXXPQT6D2GYENX7/", "https://nvd.nist.gov/vuln/detail/CVE-2024-24789", "https://pkg.go.dev/vuln/GO-2024-2888", "https://security.netapp.com/advisory/ntap-20250131-0008/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-24789" ], "PublishedDate": "2024-06-05T16:15:10.47Z", "LastModifiedDate": "2025-01-31T15:15:12.74Z" }, { "VulnerabilityID": "CVE-2024-24791", "VendorIDs": [ "GO-2024-2963" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.21.12, 1.22.5", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24791", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:e81e9dfffdfe01dee83b2baa47ba187d8ad08ac89059e4bf19e79c5e3a9e9b59", "Title": "net/http: Denial of service due to improper 100-continue handling in net/http", "Description": "The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an \"Expect: 100-continue\" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending \"Expect: 100-continue\" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "bitnami": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:7256", "https://access.redhat.com/security/cve/CVE-2024-24791", "https://bugzilla.redhat.com/2237777", "https://bugzilla.redhat.com/2237778", "https://bugzilla.redhat.com/2279814", "https://bugzilla.redhat.com/2292787", "https://bugzilla.redhat.com/2295310", "https://bugzilla.redhat.com/2315719", "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", "https://bugzilla.redhat.com/show_bug.cgi?id=2292787", "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", "https://bugzilla.redhat.com/show_bug.cgi?id=2315719", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9355", "https://errata.almalinux.org/9/ALSA-2025-7256.html", "https://errata.rockylinux.org/RLSA-2025:7256", "https://go.dev/cl/591255", "https://go.dev/issue/67555", "https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ", "https://linux.oracle.com/cve/CVE-2024-24791.html", "https://linux.oracle.com/errata/ELSA-2025-7256.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-24791", "https://pkg.go.dev/vuln/GO-2024-2963", "https://security.netapp.com/advisory/ntap-20241004-0004/", "https://ubuntu.com/security/notices/USN-7081-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-24791" ], "PublishedDate": "2024-07-02T22:15:04.833Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-34155", "VendorIDs": [ "GO-2024-3105" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.22.7, 1.23.1", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34155", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:8d0ea999f216e275ce0f79df94bbaf05d432af22ee744a1928acb690e084e350", "Title": "go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion", "Description": "Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 4.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:9459", "https://access.redhat.com/security/cve/CVE-2024-34155", "https://bugzilla.redhat.com/2310527", "https://bugzilla.redhat.com/2310528", "https://bugzilla.redhat.com/2310529", "https://bugzilla.redhat.com/2315691", "https://bugzilla.redhat.com/2315887", "https://bugzilla.redhat.com/2317458", "https://bugzilla.redhat.com/2317467", "https://bugzilla.redhat.com/show_bug.cgi?id=2310527", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2310529", "https://bugzilla.redhat.com/show_bug.cgi?id=2315691", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341", "https://errata.almalinux.org/9/ALSA-2024-9459.html", "https://errata.rockylinux.org/RLSA-2024:8039", "https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1)", "https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7)", "https://go.dev/cl/611238", "https://go.dev/issue/69138", "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "https://linux.oracle.com/cve/CVE-2024-34155.html", "https://linux.oracle.com/errata/ELSA-2024-9459.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-34155", "https://pkg.go.dev/vuln/GO-2024-3105", "https://security.netapp.com/advisory/ntap-20240926-0005/", "https://ubuntu.com/security/notices/USN-7081-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-34155" ], "PublishedDate": "2024-09-06T21:15:11.947Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-34158", "VendorIDs": [ "GO-2024-3107" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.22.7, 1.23.1", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34158", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:94e55c76d2183a6e39acdf27ba1ef903eaf5bd4f88dbf43423f4202b9d85db1f", "Title": "go/build/constraint: golang: Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion", "Description": "Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.", "Severity": "MEDIUM", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:7118", "https://access.redhat.com/security/cve/CVE-2024-34158", "https://bugzilla.redhat.com/2262921", "https://bugzilla.redhat.com/2310529", "https://bugzilla.redhat.com/2315719", "https://bugzilla.redhat.com/show_bug.cgi?id=2310527", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2310529", "https://bugzilla.redhat.com/show_bug.cgi?id=2315691", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341", "https://errata.almalinux.org/9/ALSA-2025-7118.html", "https://errata.rockylinux.org/RLSA-2024:8039", "https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1)", "https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7)", "https://go.dev/cl/611240", "https://go.dev/issue/69141", "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "https://linux.oracle.com/cve/CVE-2024-34158.html", "https://linux.oracle.com/errata/ELSA-2025-7118.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-34158", "https://pkg.go.dev/vuln/GO-2024-3107", "https://security.netapp.com/advisory/ntap-20241004-0003/", "https://ubuntu.com/security/notices/USN-7081-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-34158" ], "PublishedDate": "2024-09-06T21:15:12.083Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-45336", "VendorIDs": [ "GO-2025-3420" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.22.11, 1.23.5, 1.24.0-rc.2", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-45336", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c5133c8b05d3c8b38b644648d714dcd2d4329acee3d910478cf00901dfdb9cfa", "Title": "golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect", "Description": "The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "bitnami": 2, "cbl-mariner": 3, "oracle-oval": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:3772", "https://access.redhat.com/security/cve/CVE-2024-45336", "https://bugzilla.redhat.com/2341750", "https://bugzilla.redhat.com/2341751", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", "https://errata.almalinux.org/8/ALSA-2025-3772.html", "https://errata.rockylinux.org/RLSA-2025:3773", "https://github.com/golang/go/issues/70530", "https://go.dev/cl/643100", "https://go.dev/issue/70530", "https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI", "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ", "https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ", "https://linux.oracle.com/cve/CVE-2024-45336.html", "https://linux.oracle.com/errata/ELSA-2025-7592.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-45336", "https://pkg.go.dev/vuln/GO-2025-3420", "https://security.netapp.com/advisory/ntap-20250221-0003/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2024-45336" ], "PublishedDate": "2025-01-28T02:15:28.807Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-0913", "VendorIDs": [ "GO-2025-3750" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.23.10, 1.24.4", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:813b40915153ccbe85e93542b343fe34b85012ce8879b41948ba38d8efbdf5d5", "Title": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", "Description": "os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 } }, "References": [ "https://go.dev/cl/672396", "https://go.dev/issue/73702", "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "https://nvd.nist.gov/vuln/detail/CVE-2025-0913", "https://pkg.go.dev/vuln/GO-2025-3750" ], "PublishedDate": "2025-06-11T18:15:24.627Z", "LastModifiedDate": "2025-08-08T14:53:03.55Z" }, { "VulnerabilityID": "CVE-2025-22866", "VendorIDs": [ "GO-2025-3447" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.22.12, 1.23.6, 1.24.0-rc.3", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22866", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:77f86765528adb03b1f775d6ac89c20f7ffa83fcc5128f5b14456bc35102a749", "Title": "crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec", "Description": "Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.", "Severity": "MEDIUM", "VendorSeverity": { "bitnami": 2, "oracle-oval": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22866", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", "https://errata.rockylinux.org/RLSA-2025:3773", "https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12)", "https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6)", "https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3)", "https://github.com/golang/go/issues/71383", "https://go.dev/cl/643735", "https://go.dev/issue/71383", "https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k", "https://linux.oracle.com/cve/CVE-2025-22866.html", "https://linux.oracle.com/errata/ELSA-2025-7466.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-22866", "https://pkg.go.dev/vuln/GO-2025-3447", "https://security.netapp.com/advisory/ntap-20250221-0002/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-22866" ], "PublishedDate": "2025-02-06T17:15:21.41Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-22870", "VendorIDs": [ "GHSA-qxp5-gwg8-xv66", "GO-2025-3503" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.23.7, 1.24.1", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:772bb2e56aab5c095bcf2c048fe2a6b6638248e36cf8c4ef43858b0433a266c7", "Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", "Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.", "Severity": "MEDIUM", "CweIDs": [ "CWE-115" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/03/07/2", "https://access.redhat.com/security/cve/CVE-2025-22870", "https://github.com/golang/go/issues/71984", "https://go-review.googlesource.com/q/project:net", "https://go.dev/cl/654697", "https://go.dev/issue/71984", "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", "https://nvd.nist.gov/vuln/detail/CVE-2025-22870", "https://pkg.go.dev/vuln/GO-2025-3503", "https://security.netapp.com/advisory/ntap-20250509-0007", "https://security.netapp.com/advisory/ntap-20250509-0007/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-22870" ], "PublishedDate": "2025-03-12T19:15:38.31Z", "LastModifiedDate": "2026-04-16T23:16:32.86Z" }, { "VulnerabilityID": "CVE-2025-22871", "VendorIDs": [ "GO-2025-3563" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.23.8, 1.24.2", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22871", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:0f047058bc84b11b3c6c2e33c6e3d9b1d0720b9a45fc40f1e4f15561ce892754", "Title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http", "Description": "The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 4, "cbl-mariner": 3, "ghsa": 4, "oracle-oval": 2, "photon": 4, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/04/4", "https://access.redhat.com/errata/RHSA-2025:9635", "https://access.redhat.com/security/cve/CVE-2025-22871", "https://bugzilla.redhat.com/2358493", "https://bugzilla.redhat.com/show_bug.cgi?id=2358493", "https://cert-portal.siemens.com/productcert/html/ssa-783943.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871", "https://errata.almalinux.org/9/ALSA-2025-9635.html", "https://errata.rockylinux.org/RLSA-2025:9635", "https://github.com/roadrunner-server/roadrunner", "https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa", "https://github.com/roadrunner-server/roadrunner/issues/2166", "https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0", "https://go.dev/cl/652998", "https://go.dev/issue/71988", "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk", "https://linux.oracle.com/cve/CVE-2025-22871.html", "https://linux.oracle.com/errata/ELSA-2025-9845.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-22871", "https://pkg.go.dev/vuln/GO-2025-3563", "https://www.cve.org/CVERecord?id=CVE-2025-22871" ], "PublishedDate": "2025-04-08T20:15:20.183Z", "LastModifiedDate": "2026-05-12T13:16:39.897Z" }, { "VulnerabilityID": "CVE-2025-22873", "VendorIDs": [ "GO-2026-4403" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.23.9, 1.24.3", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22873", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:6bb8c24f857f23e043985ec6f09242ee3681b3430853af63099f6b73a93b86b1", "Title": "os: os: Information disclosure via path traversal using specially crafted filenames", "Description": "It was possible to improperly access the parent directory of an os.Root by opening a filename ending in \"../\". For example, Root.Open(\"../\") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.", "Severity": "MEDIUM", "CweIDs": [ "CWE-23" ], "VendorSeverity": { "amazon": 2, "bitnami": 1, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "V3Score": 3.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/05/06/2", "https://access.redhat.com/security/cve/CVE-2025-22873", "https://go.dev/cl/670036", "https://go.dev/issue/73555", "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ", "https://nvd.nist.gov/vuln/detail/CVE-2025-22873", "https://pkg.go.dev/vuln/GO-2026-4403", "https://www.cve.org/CVERecord?id=CVE-2025-22873" ], "PublishedDate": "2026-02-04T23:15:54.22Z", "LastModifiedDate": "2026-02-10T15:16:40.057Z" }, { "VulnerabilityID": "CVE-2025-4673", "VendorIDs": [ "GO-2025-3751" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.23.10, 1.24.4", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:2fa39b37a2c35a7d569e4e7acfb5fc755f1e58c5517d208f0f49cface6d75d80", "Title": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", "Description": "Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "V3Score": 6.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "V3Score": 6.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:15887", "https://access.redhat.com/security/cve/CVE-2025-4673", "https://bugzilla.redhat.com/2373305", "https://bugzilla.redhat.com/show_bug.cgi?id=2373305", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673", "https://errata.almalinux.org/9/ALSA-2025-15887.html", "https://errata.rockylinux.org/RLSA-2025:15887", "https://go.dev/cl/679257", "https://go.dev/issue/73816", "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "https://linux.oracle.com/cve/CVE-2025-4673.html", "https://linux.oracle.com/errata/ELSA-2025-10677.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-4673", "https://pkg.go.dev/vuln/GO-2025-3751", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-4673" ], "PublishedDate": "2025-06-11T17:15:42.993Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-47906", "VendorIDs": [ "GO-2025-3956" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.23.12, 1.24.6", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:9bdaea9dbc3788cce4b32ff32848f3b953abc92a8cd76719e51851eb4832209a", "Title": "os/exec: Unexpected paths returned from LookPath in os/exec", "Description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/08/06/1", "https://access.redhat.com/errata/RHSA-2025:22005", "https://access.redhat.com/security/cve/CVE-2025-47906", "https://bugzilla.redhat.com/2396546", "https://bugzilla.redhat.com/show_bug.cgi?id=2396546", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906", "https://errata.almalinux.org/9/ALSA-2025-22005.html", "https://errata.rockylinux.org/RLSA-2025:22005", "https://go.dev/cl/691775", "https://go.dev/issue/74466", "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", "https://linux.oracle.com/cve/CVE-2025-47906.html", "https://linux.oracle.com/errata/ELSA-2025-22668.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-47906", "https://pkg.go.dev/vuln/GO-2025-3956", "https://www.cve.org/CVERecord?id=CVE-2025-47906" ], "PublishedDate": "2025-09-18T19:15:37.66Z", "LastModifiedDate": "2026-01-27T19:56:17.707Z" }, { "VulnerabilityID": "CVE-2025-47907", "VendorIDs": [ "GO-2025-3849" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.23.12, 1.24.6", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:8a7777591a9f6ca36ba932c3debb690a68181a218ac32fac0df1cbd50f93397b", "Title": "database/sql: Postgres Scan Race Condition", "Description": "Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "V3Score": 7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/08/06/1", "https://access.redhat.com/errata/RHSA-2025:20909", "https://access.redhat.com/security/cve/CVE-2025-47907", "https://bugzilla.redhat.com/2387083", "https://bugzilla.redhat.com/2393152", "https://errata.almalinux.org/9/ALSA-2025-20909.html", "https://go.dev/cl/693735", "https://go.dev/issue/74831", "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", "https://linux.oracle.com/cve/CVE-2025-47907.html", "https://linux.oracle.com/errata/ELSA-2025-20983.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-47907", "https://pkg.go.dev/vuln/GO-2025-3849", "https://www.cve.org/CVERecord?id=CVE-2025-47907" ], "PublishedDate": "2025-08-07T16:15:30.357Z", "LastModifiedDate": "2026-01-29T19:11:50.67Z" }, { "VulnerabilityID": "CVE-2025-47912", "VendorIDs": [ "GO-2025-4010" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47912", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:83cbe5a24421123452023de238572cb8ab9c00df7e76ab2f23d3d9d298fe04ab", "Title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url", "Description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-47912", "https://go.dev/cl/709857", "https://go.dev/issue/75678", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-47912", "https://pkg.go.dev/vuln/GO-2025-4010", "https://www.cve.org/CVERecord?id=CVE-2025-47912" ], "PublishedDate": "2025-10-29T23:16:18.187Z", "LastModifiedDate": "2026-01-29T13:57:18.69Z" }, { "VulnerabilityID": "CVE-2025-58183", "VendorIDs": [ "GO-2025-4014" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58183", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3d7a30ab2067439f8e4ac7fcbb56da84cd0b67e0eb5dee3cff760c994c9b8cb7", "Title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map", "Description": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/errata/RHSA-2026:1381", "https://access.redhat.com/security/cve/CVE-2025-58183", "https://bugzilla.redhat.com/2407258", "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", "https://errata.almalinux.org/9/ALSA-2026-1381.html", "https://errata.rockylinux.org/RLSA-2025:23326", "https://go.dev/cl/709861", "https://go.dev/issue/75677", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://linux.oracle.com/cve/CVE-2025-58183.html", "https://linux.oracle.com/errata/ELSA-2026-50076.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-58183", "https://pkg.go.dev/vuln/GO-2025-4014", "https://www.cve.org/CVERecord?id=CVE-2025-58183" ], "PublishedDate": "2025-10-29T23:16:19.357Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-58185", "VendorIDs": [ "GO-2025-4011" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58185", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:51decae7d0edf8d3d80cafdc3e4dbca25dad10bec6e00a62a41cc11429ffed20", "Title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1", "Description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58185", "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd", "https://go.dev/cl/709856", "https://go.dev/issue/75671", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58185", "https://pkg.go.dev/vuln/GO-2025-4011", "https://www.cve.org/CVERecord?id=CVE-2025-58185" ], "PublishedDate": "2025-10-29T23:16:19.45Z", "LastModifiedDate": "2026-02-06T20:26:41.997Z" }, { "VulnerabilityID": "CVE-2025-58187", "VendorIDs": [ "GO-2025-4007" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.24.9, 1.25.3", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58187", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:4c07664475ad95c3980bb0b06eb024754b81d2dd97b9866a65f5fcc3794133f1", "Title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509", "Description": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.", "Severity": "MEDIUM", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58187", "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4", "https://go.dev/cl/709854", "https://go.dev/issue/75681", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58187", "https://pkg.go.dev/vuln/GO-2025-4007", "https://www.cve.org/CVERecord?id=CVE-2025-58187" ], "PublishedDate": "2025-10-29T23:16:19.643Z", "LastModifiedDate": "2026-01-29T16:02:27.08Z" }, { "VulnerabilityID": "CVE-2025-58188", "VendorIDs": [ "GO-2025-4013" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58188", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:71d13511d25f9270ac562a8d652773ef35beb469a51f8ec9a3e0c946d42e2bc0", "Title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509", "Description": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58188", "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9", "https://go.dev/cl/709853", "https://go.dev/issue/75675", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58188", "https://pkg.go.dev/vuln/GO-2025-4013", "https://www.cve.org/CVERecord?id=CVE-2025-58188" ], "PublishedDate": "2025-10-29T23:16:19.74Z", "LastModifiedDate": "2026-01-29T15:55:11.97Z" }, { "VulnerabilityID": "CVE-2025-58189", "VendorIDs": [ "GO-2025-4008" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58189", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:bc1af84fd94d0d3cab009b9d97c07194d6536788531faed8aa644fc924411d39", "Title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information", "Description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", "Severity": "MEDIUM", "CweIDs": [ "CWE-532" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58189", "https://go.dev/cl/707776", "https://go.dev/issue/75652", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58189", "https://pkg.go.dev/vuln/GO-2025-4008", "https://www.cve.org/CVERecord?id=CVE-2025-58189" ], "PublishedDate": "2025-10-29T23:16:19.833Z", "LastModifiedDate": "2026-01-29T15:49:24.543Z" }, { "VulnerabilityID": "CVE-2025-61723", "VendorIDs": [ "GO-2025-4009" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61723", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:25288e28ecaf1ed07f58174624c90065ebe6f874a8f81123fa949358d55f306a", "Title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem", "Description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61723", "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b", "https://go.dev/cl/709858", "https://go.dev/issue/75676", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61723", "https://pkg.go.dev/vuln/GO-2025-4009", "https://www.cve.org/CVERecord?id=CVE-2025-61723" ], "PublishedDate": "2025-10-29T23:16:19.927Z", "LastModifiedDate": "2026-01-29T15:49:05.343Z" }, { "VulnerabilityID": "CVE-2025-61724", "VendorIDs": [ "GO-2025-4015" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61724", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:7260730f163b48142032ad66132f60a65ecda81a5231e2dbed568ca851e75e15", "Title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto", "Description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61724", "https://go.dev/cl/709859", "https://go.dev/issue/75716", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61724", "https://pkg.go.dev/vuln/GO-2025-4015", "https://www.cve.org/CVERecord?id=CVE-2025-61724" ], "PublishedDate": "2025-10-29T23:16:20.02Z", "LastModifiedDate": "2026-01-29T15:30:53.69Z" }, { "VulnerabilityID": "CVE-2025-61725", "VendorIDs": [ "GO-2025-4006" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61725", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:4626c23dfdd831854d5eeff03c22ece80190119dabc7e5be66c37cbbe9159e9d", "Title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail", "Description": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61725", "https://go.dev/cl/709860", "https://go.dev/issue/75680", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61725", "https://pkg.go.dev/vuln/GO-2025-4006", "https://www.cve.org/CVERecord?id=CVE-2025-61725" ], "PublishedDate": "2025-10-29T23:16:20.113Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-61727", "VendorIDs": [ "GO-2025-4175" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.24.11, 1.25.5", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61727", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:417e58a69435a4c32bb4165f76044538dc9b672c552a761996635b55b3fafa13", "Title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs", "Description": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-61727", "https://go.dev/cl/723900", "https://go.dev/issue/76442", "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "https://nvd.nist.gov/vuln/detail/CVE-2025-61727", "https://pkg.go.dev/vuln/GO-2025-4175", "https://www.cve.org/CVERecord?id=CVE-2025-61727" ], "PublishedDate": "2025-12-03T20:16:25.607Z", "LastModifiedDate": "2025-12-18T20:15:10.957Z" }, { "VulnerabilityID": "CVE-2025-61728", "VendorIDs": [ "GO-2026-4342" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61728", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:91924d1ba26219581a0a4302fe3bd303da513f6cbde113a3b0aaa1bf621e127d", "Title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip", "Description": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/15/4", "https://access.redhat.com/errata/RHSA-2026:3753", "https://access.redhat.com/security/cve/CVE-2025-61728", "https://bugzilla.redhat.com/2418462", "https://bugzilla.redhat.com/2434431", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", "https://bugzilla.redhat.com/show_bug.cgi?id=2434431", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-3753.html", "https://errata.rockylinux.org/RLSA-2026:3337", "https://go.dev/cl/736713", "https://go.dev/issue/77102", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-61728.html", "https://linux.oracle.com/errata/ELSA-2026-4672.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61728", "https://pkg.go.dev/vuln/GO-2026-4342", "https://www.cve.org/CVERecord?id=CVE-2025-61728" ], "PublishedDate": "2026-01-28T20:16:09.83Z", "LastModifiedDate": "2026-02-06T18:45:10.42Z" }, { "VulnerabilityID": "CVE-2025-61730", "VendorIDs": [ "GO-2026-4340" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61730", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:e298be8f5dbd672b6ff395b09ef49bb1931d8d91344d24dccd013f1339721644", "Title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls", "Description": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 2, "azure": 1, "bitnami": 2, "cbl-mariner": 1, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-61730", "https://go.dev/cl/724120", "https://go.dev/issue/76443", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://nvd.nist.gov/vuln/detail/CVE-2025-61730", "https://pkg.go.dev/vuln/GO-2026-4340", "https://www.cve.org/CVERecord?id=CVE-2025-61730" ], "PublishedDate": "2026-01-28T20:16:09.94Z", "LastModifiedDate": "2026-02-03T20:36:41.3Z" }, { "VulnerabilityID": "CVE-2026-27142", "VendorIDs": [ "GO-2026-4603" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.25.8, 1.26.1", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27142", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:063d728233b2c2f8d3d95da0c633d49d630c2718488b4eeccdf677f5aa5f6d70", "Title": "html/template: URLs in meta content attribute actions are not escaped in html/template", "Description": "Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27142", "https://go.dev/cl/752081", "https://go.dev/issue/77954", "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "https://nvd.nist.gov/vuln/detail/CVE-2026-27142", "https://pkg.go.dev/vuln/GO-2026-4603", "https://www.cve.org/CVERecord?id=CVE-2026-27142" ], "PublishedDate": "2026-03-06T22:16:01.177Z", "LastModifiedDate": "2026-04-21T14:30:01.38Z" }, { "VulnerabilityID": "CVE-2026-32282", "VendorIDs": [ "GO-2026-4864" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:7ac3acd43c3f5a008a36ccb6012a1695dda52ca2dc4c398044d7992afdbf6d57", "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32282", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763761", "https://go.dev/issue/78293", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32282.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", "https://pkg.go.dev/vuln/GO-2026-4864", "https://www.cve.org/CVERecord?id=CVE-2026-32282" ], "PublishedDate": "2026-04-08T02:16:03.467Z", "LastModifiedDate": "2026-04-16T19:15:39.4Z" }, { "VulnerabilityID": "CVE-2026-32288", "VendorIDs": [ "GO-2026-4869" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:76030144cacc1640467cb0712c6d1f57c42b9c796b3bcbb067fa3c10743571be", "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "azure": 2, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32288", "https://go.dev/cl/763766", "https://go.dev/issue/78301", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", "https://pkg.go.dev/vuln/GO-2026-4869", "https://www.cve.org/CVERecord?id=CVE-2026-32288" ], "PublishedDate": "2026-04-08T02:16:03.707Z", "LastModifiedDate": "2026-04-16T19:08:52.24Z" }, { "VulnerabilityID": "CVE-2026-32289", "VendorIDs": [ "GO-2026-4865" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:32f47b55e3750d505f66421df87a86ad7f9d79c5af63f839b7cde85d0130fe9d", "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32289", "https://go.dev/cl/763762", "https://go.dev/issue/78331", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", "https://pkg.go.dev/vuln/GO-2026-4865", "https://www.cve.org/CVERecord?id=CVE-2026-32289" ], "PublishedDate": "2026-04-08T02:16:03.82Z", "LastModifiedDate": "2026-04-16T19:06:57.367Z" }, { "VulnerabilityID": "CVE-2026-39823", "VendorIDs": [ "GO-2026-4982" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3cf978cdd38051732e1a60d1d8058a903c86e921954edce339e503bc04529761", "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/769920", "https://go.dev/issue/78913", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", "https://pkg.go.dev/vuln/GO-2026-4982" ], "PublishedDate": "2026-05-07T20:16:43.29Z", "LastModifiedDate": "2026-05-13T16:58:45.697Z" }, { "VulnerabilityID": "CVE-2026-39825", "VendorIDs": [ "GO-2026-4976" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:e89110d08022c028f9c1f0909a76a4a70368f62e6196bd221ffcfe5a6161fdf7", "Title": "ReverseProxy can forward queries containing parameters not visible to ...", "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", "Severity": "MEDIUM", "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://go.dev/cl/770541", "https://go.dev/issue/78948", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", "https://pkg.go.dev/vuln/GO-2026-4976" ], "PublishedDate": "2026-05-07T20:16:43.39Z", "LastModifiedDate": "2026-05-13T16:58:56.39Z" }, { "VulnerabilityID": "CVE-2026-39826", "VendorIDs": [ "GO-2026-4980" ], "PkgID": "stdlib@v1.20", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.20", "UID": "14578b2201a6c352" }, "InstalledVersion": "v1.20", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:3799eae1a077913c39123d0f4fe4e16243237e7ee94cd84874ea755ec930805a", "DiffID": "sha256:398c9baff0cedc8a35520742c35f0c216f9fd7f300f5f1e5e469504a93dc03bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:7c839e73cf4c8172e7eab2715dbb8956ed2f517545bb98373920359e0661ef98", "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", "Severity": "MEDIUM", "CweIDs": [ "CWE-116" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/771180", "https://go.dev/issue/78981", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", "https://pkg.go.dev/vuln/GO-2026-4980" ], "PublishedDate": "2026-05-07T20:16:43.49Z", "LastModifiedDate": "2026-05-13T16:59:07.48Z" } ] } ] }, { "Namespace": "kube-system", "Kind": "Deployment", "Name": "hostpath-provisioner", "Metadata": [ { "Size": 38462976, "ImageID": "sha256:8a5982865ab3a663fb30ecbc7c0fd1ed1f395fabe4be2385d8a1a1bebc3a9d18", "DiffIDs": [ "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" ], "RepoTags": [ "cdkbot/hostpath-provisioner:1.5.0" ], "RepoDigests": [ "cdkbot/hostpath-provisioner@sha256:ac51e50e32b70e47077fe90928a7fe4d3fc8dd49192db4932c2643c49729c2eb" ], "Reference": "cdkbot/hostpath-provisioner:1.5.0", "ImageConfig": { "architecture": "amd64", "created": "2023-11-24T15:02:44.113520697+03:00", "history": [ { "created": "2023-11-24T15:02:44.113520697+03:00", "created_by": "COPY /hostpath-provisioner /hostpath-provisioner # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2023-11-24T15:02:44.113520697+03:00", "created_by": "CMD [\"/hostpath-provisioner\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true } ], "os": "linux", "rootfs": { "type": "layers", "diff_ids": [ "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" ] }, "config": { "Cmd": [ "/hostpath-provisioner" ], "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ], "WorkingDir": "/", "ArgsEscaped": true } }, "Layers": [ { "Size": 38462976, "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" } ] } ], "Results": [ { "Target": "hostpath-provisioner", "Class": "lang-pkgs", "Type": "gobinary", "Packages": [ { "ID": "github.com/juju-solutions/hostpath-provisioner", "Name": "github.com/juju-solutions/hostpath-provisioner", "Identifier": { "PURL": "pkg:golang/github.com/juju-solutions/hostpath-provisioner", "UID": "a53253256e52557c" }, "Relationship": "root", "DependsOn": [ "github.com/beorn7/perks@v1.0.1", "github.com/cespare/xxhash/v2@v2.2.0", "github.com/davecgh/go-spew@v1.1.1", "github.com/emicklei/go-restful/v3@v3.11.0", "github.com/go-logr/logr@v1.3.0", "github.com/go-openapi/jsonpointer@v0.20.0", "github.com/go-openapi/jsonreference@v0.20.2", "github.com/go-openapi/swag@v0.22.4", "github.com/gogo/protobuf@v1.3.2", "github.com/golang/groupcache@v0.0.0-20210331224755-41bb18bfe9da", "github.com/golang/protobuf@v1.5.3", "github.com/google/gnostic-models@v0.6.9-0.20230804172637-c7be7c783f49", "github.com/google/gnostic@v0.7.0", "github.com/google/go-cmp@v0.6.0", "github.com/google/gofuzz@v1.2.0", "github.com/google/uuid@v1.4.0", "github.com/imdario/mergo@v0.3.16", "github.com/josharian/intern@v1.0.0", "github.com/json-iterator/go@v1.1.12", "github.com/mailru/easyjson@v0.7.7", "github.com/matttproud/golang_protobuf_extensions/v2@v2.0.0", "github.com/miekg/dns@v1.1.57", "github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", "github.com/modern-go/reflect2@v1.0.2", "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", "github.com/prometheus/client_golang@v1.17.0", "github.com/prometheus/client_model@v0.5.0", "github.com/prometheus/common@v0.45.0", "github.com/prometheus/procfs@v0.12.0", "github.com/spf13/pflag@v1.0.5", "golang.org/x/net@v0.18.0", "golang.org/x/oauth2@v0.14.0", "golang.org/x/sys@v0.14.0", "golang.org/x/term@v0.14.0", "golang.org/x/text@v0.14.0", "golang.org/x/time@v0.4.0", "google.golang.org/protobuf@v1.31.0", "gopkg.in/inf.v0@v0.9.1", "gopkg.in/yaml.v2@v2.4.0", "gopkg.in/yaml.v3@v3.0.1", "k8s.io/api@v0.27.8", "k8s.io/apimachinery@v0.27.8", "k8s.io/client-go@v0.27.8", "k8s.io/klog/v2@v2.110.1", "k8s.io/kube-openapi@v0.0.0-20231113174909-778a5567bc1e", "k8s.io/utils@v0.0.0-20231121161247-cf03d44ff3cf", "sigs.k8s.io/json@v0.0.0-20221116044647-bc3834ca7abd", "sigs.k8s.io/sig-storage-lib-external-provisioner/v9@v9.0.3", "sigs.k8s.io/structured-merge-diff/v4@v4.4.1", "sigs.k8s.io/yaml@v1.4.0", "stdlib@v1.21.4" ], "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "stdlib@v1.21.4", "Name": "stdlib", "Identifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "Version": "v1.21.4", "Relationship": "direct", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/beorn7/perks@v1.0.1", "Name": "github.com/beorn7/perks", "Identifier": { "PURL": "pkg:golang/github.com/beorn7/perks@v1.0.1", "UID": "b37d56416c08e3b7" }, "Version": "v1.0.1", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cespare/xxhash/v2@v2.2.0", "Name": "github.com/cespare/xxhash/v2", "Identifier": { "PURL": "pkg:golang/github.com/cespare/xxhash/v2@v2.2.0", "UID": "dde2f8486161c5d" }, "Version": "v2.2.0", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/davecgh/go-spew@v1.1.1", "Name": "github.com/davecgh/go-spew", "Identifier": { "PURL": "pkg:golang/github.com/davecgh/go-spew@v1.1.1", "UID": "c8d29bd635723889" }, "Version": "v1.1.1", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/emicklei/go-restful/v3@v3.11.0", "Name": "github.com/emicklei/go-restful/v3", "Identifier": { "PURL": "pkg:golang/github.com/emicklei/go-restful/v3@v3.11.0", "UID": "3a5a54a7944880c7" }, "Version": "v3.11.0", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-logr/logr@v1.3.0", "Name": "github.com/go-logr/logr", "Identifier": { "PURL": "pkg:golang/github.com/go-logr/logr@v1.3.0", "UID": "241233e523337b7d" }, "Version": "v1.3.0", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/jsonpointer@v0.20.0", "Name": "github.com/go-openapi/jsonpointer", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/jsonpointer@v0.20.0", "UID": "dae3c89392eb7b7c" }, "Version": "v0.20.0", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/jsonreference@v0.20.2", "Name": "github.com/go-openapi/jsonreference", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/jsonreference@v0.20.2", "UID": "641c6f2cdead4f7" }, "Version": "v0.20.2", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag@v0.22.4", "Name": "github.com/go-openapi/swag", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag@v0.22.4", "UID": "ba2044afcf6b5c1" }, "Version": "v0.22.4", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/gogo/protobuf@v1.3.2", "Name": "github.com/gogo/protobuf", "Identifier": { "PURL": "pkg:golang/github.com/gogo/protobuf@v1.3.2", "UID": "a8e07de17d06475f" }, "Version": "v1.3.2", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/golang/groupcache@v0.0.0-20210331224755-41bb18bfe9da", "Name": "github.com/golang/groupcache", "Identifier": { "PURL": "pkg:golang/github.com/golang/groupcache@v0.0.0-20210331224755-41bb18bfe9da", "UID": "babfdc33561baf8b" }, "Version": "v0.0.0-20210331224755-41bb18bfe9da", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/golang/protobuf@v1.5.3", "Name": "github.com/golang/protobuf", "Identifier": { "PURL": "pkg:golang/github.com/golang/protobuf@v1.5.3", "UID": "6bb8375cd1f87021" }, "Version": "v1.5.3", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/gnostic@v0.7.0", "Name": "github.com/google/gnostic", "Identifier": { "PURL": "pkg:golang/github.com/google/gnostic@v0.7.0", "UID": "d9fb32986e5ef272" }, "Version": "v0.7.0", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/gnostic-models@v0.6.9-0.20230804172637-c7be7c783f49", "Name": "github.com/google/gnostic-models", "Identifier": { "PURL": "pkg:golang/github.com/google/gnostic-models@v0.6.9-0.20230804172637-c7be7c783f49", "UID": "ce3a62b499631f6f" }, "Version": "v0.6.9-0.20230804172637-c7be7c783f49", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/go-cmp@v0.6.0", "Name": "github.com/google/go-cmp", "Identifier": { "PURL": "pkg:golang/github.com/google/go-cmp@v0.6.0", "UID": "c7aebcdde44bdd23" }, "Version": "v0.6.0", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/gofuzz@v1.2.0", "Name": "github.com/google/gofuzz", "Identifier": { "PURL": "pkg:golang/github.com/google/gofuzz@v1.2.0", "UID": "d9039c7a004c1a58" }, "Version": "v1.2.0", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/uuid@v1.4.0", "Name": "github.com/google/uuid", "Identifier": { "PURL": "pkg:golang/github.com/google/uuid@v1.4.0", "UID": "458ea5c7d01dd84e" }, "Version": "v1.4.0", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/imdario/mergo@v0.3.16", "Name": "github.com/imdario/mergo", "Identifier": { "PURL": "pkg:golang/github.com/imdario/mergo@v0.3.16", "UID": "d8a1e7cec42c49ef" }, "Version": "v0.3.16", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/josharian/intern@v1.0.0", "Name": "github.com/josharian/intern", "Identifier": { "PURL": "pkg:golang/github.com/josharian/intern@v1.0.0", "UID": "a5fe3871cd24938f" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/json-iterator/go@v1.1.12", "Name": "github.com/json-iterator/go", "Identifier": { "PURL": "pkg:golang/github.com/json-iterator/go@v1.1.12", "UID": "62cdc3c17a3a7317" }, "Version": "v1.1.12", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mailru/easyjson@v0.7.7", "Name": "github.com/mailru/easyjson", "Identifier": { "PURL": "pkg:golang/github.com/mailru/easyjson@v0.7.7", "UID": "19379f8ce256689b" }, "Version": "v0.7.7", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/matttproud/golang_protobuf_extensions/v2@v2.0.0", "Name": "github.com/matttproud/golang_protobuf_extensions/v2", "Identifier": { "PURL": "pkg:golang/github.com/matttproud/golang_protobuf_extensions/v2@v2.0.0", "UID": "487546c4925ff3eb" }, "Version": "v2.0.0", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/miekg/dns@v1.1.57", "Name": "github.com/miekg/dns", "Identifier": { "PURL": "pkg:golang/github.com/miekg/dns@v1.1.57", "UID": "58f85808309a6bec" }, "Version": "v1.1.57", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", "Name": "github.com/modern-go/concurrent", "Identifier": { "PURL": "pkg:golang/github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", "UID": "5bad8bc5b86d3ab5" }, "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/modern-go/reflect2@v1.0.2", "Name": "github.com/modern-go/reflect2", "Identifier": { "PURL": "pkg:golang/github.com/modern-go/reflect2@v1.0.2", "UID": "57fe4c1a39f6042d" }, "Version": "v1.0.2", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", "Name": "github.com/munnerz/goautoneg", "Identifier": { "PURL": "pkg:golang/github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", "UID": "cfb66ac14866c113" }, "Version": "v0.0.0-20191010083416-a7dc8b61c822", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/client_golang@v1.17.0", "Name": "github.com/prometheus/client_golang", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/client_golang@v1.17.0", "UID": "b66d092e830ec000" }, "Version": "v1.17.0", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/client_model@v0.5.0", "Name": "github.com/prometheus/client_model", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/client_model@v0.5.0", "UID": "115ae7eaee9385d4" }, "Version": "v0.5.0", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/common@v0.45.0", "Name": "github.com/prometheus/common", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/common@v0.45.0", "UID": "443da62fcae92dfe" }, "Version": "v0.45.0", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/procfs@v0.12.0", "Name": "github.com/prometheus/procfs", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/procfs@v0.12.0", "UID": "20137dc0252d389c" }, "Version": "v0.12.0", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/spf13/pflag@v1.0.5", "Name": "github.com/spf13/pflag", "Identifier": { "PURL": "pkg:golang/github.com/spf13/pflag@v1.0.5", "UID": "3425350620c8647b" }, "Version": "v1.0.5", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/net@v0.18.0", "Name": "golang.org/x/net", "Identifier": { "PURL": "pkg:golang/golang.org/x/net@v0.18.0", "UID": "6166b3abc7d767f0" }, "Version": "v0.18.0", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/oauth2@v0.14.0", "Name": "golang.org/x/oauth2", "Identifier": { "PURL": "pkg:golang/golang.org/x/oauth2@v0.14.0", "UID": "bf39b99c4814bd1e" }, "Version": "v0.14.0", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/sys@v0.14.0", "Name": "golang.org/x/sys", "Identifier": { "PURL": "pkg:golang/golang.org/x/sys@v0.14.0", "UID": "da158971f86f6ee3" }, "Version": "v0.14.0", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/term@v0.14.0", "Name": "golang.org/x/term", "Identifier": { "PURL": "pkg:golang/golang.org/x/term@v0.14.0", "UID": "840e448552c52a50" }, "Version": "v0.14.0", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/text@v0.14.0", "Name": "golang.org/x/text", "Identifier": { "PURL": "pkg:golang/golang.org/x/text@v0.14.0", "UID": "e838d45a91c414c7" }, "Version": "v0.14.0", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/time@v0.4.0", "Name": "golang.org/x/time", "Identifier": { "PURL": "pkg:golang/golang.org/x/time@v0.4.0", "UID": "a3d0a1f7bbfc5248" }, "Version": "v0.4.0", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/protobuf@v1.31.0", "Name": "google.golang.org/protobuf", "Identifier": { "PURL": "pkg:golang/google.golang.org/protobuf@v1.31.0", "UID": "47a522248564d8e2" }, "Version": "v1.31.0", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/inf.v0@v0.9.1", "Name": "gopkg.in/inf.v0", "Identifier": { "PURL": "pkg:golang/gopkg.in/inf.v0@v0.9.1", "UID": "9bdd52762b56d601" }, "Version": "v0.9.1", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/yaml.v2@v2.4.0", "Name": "gopkg.in/yaml.v2", "Identifier": { "PURL": "pkg:golang/gopkg.in/yaml.v2@v2.4.0", "UID": "2c6d26d74d064127" }, "Version": "v2.4.0", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/yaml.v3@v3.0.1", "Name": "gopkg.in/yaml.v3", "Identifier": { "PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1", "UID": "d6c9a1096fcf94af" }, "Version": "v3.0.1", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/api@v0.27.8", "Name": "k8s.io/api", "Identifier": { "PURL": "pkg:golang/k8s.io/api@v0.27.8", "UID": "44a2e793d900e707" }, "Version": "v0.27.8", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/apimachinery@v0.27.8", "Name": "k8s.io/apimachinery", "Identifier": { "PURL": "pkg:golang/k8s.io/apimachinery@v0.27.8", "UID": "57d3e9da14f07e81" }, "Version": "v0.27.8", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/client-go@v0.27.8", "Name": "k8s.io/client-go", "Identifier": { "PURL": "pkg:golang/k8s.io/client-go@v0.27.8", "UID": "5430313fcc16d66a" }, "Version": "v0.27.8", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/klog/v2@v2.110.1", "Name": "k8s.io/klog/v2", "Identifier": { "PURL": "pkg:golang/k8s.io/klog/v2@v2.110.1", "UID": "3e0d14ee24f9e31d" }, "Version": "v2.110.1", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/kube-openapi@v0.0.0-20231113174909-778a5567bc1e", "Name": "k8s.io/kube-openapi", "Identifier": { "PURL": "pkg:golang/k8s.io/kube-openapi@v0.0.0-20231113174909-778a5567bc1e", "UID": "e7e64fba1506ed61" }, "Version": "v0.0.0-20231113174909-778a5567bc1e", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/utils@v0.0.0-20231121161247-cf03d44ff3cf", "Name": "k8s.io/utils", "Identifier": { "PURL": "pkg:golang/k8s.io/utils@v0.0.0-20231121161247-cf03d44ff3cf", "UID": "8b85bcaf8b4978c9" }, "Version": "v0.0.0-20231121161247-cf03d44ff3cf", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/json@v0.0.0-20221116044647-bc3834ca7abd", "Name": "sigs.k8s.io/json", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/json@v0.0.0-20221116044647-bc3834ca7abd", "UID": "34c2393ef90a83f8" }, "Version": "v0.0.0-20221116044647-bc3834ca7abd", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/sig-storage-lib-external-provisioner/v9@v9.0.3", "Name": "sigs.k8s.io/sig-storage-lib-external-provisioner/v9", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/sig-storage-lib-external-provisioner/v9@v9.0.3", "UID": "ea7570393642bcf7" }, "Version": "v9.0.3", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/structured-merge-diff/v4@v4.4.1", "Name": "sigs.k8s.io/structured-merge-diff/v4", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/structured-merge-diff/v4@v4.4.1", "UID": "2c968e2b8282c818" }, "Version": "v4.4.1", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/yaml@v1.4.0", "Name": "sigs.k8s.io/yaml", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/yaml@v1.4.0", "UID": "bc212fda08a70041" }, "Version": "v1.4.0", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "AnalyzedBy": "gobinary" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2023-45288", "VendorIDs": [ "GHSA-4v7x-pqxf-cx7m" ], "PkgID": "golang.org/x/net@v0.18.0", "PkgName": "golang.org/x/net", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/net@v0.18.0", "UID": "6166b3abc7d767f0" }, "InstalledVersion": "v0.18.0", "FixedVersion": "0.23.0", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45288", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:7bf935d9c1838d35eb8b91612602fb11dcacf27ea44204dc3e47346b32ecbd2e", "Title": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS", "Description": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "ghsa": 2, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/04/03/16", "http://www.openwall.com/lists/oss-security/2024/04/05/4", "https://access.redhat.com/errata/RHSA-2024:2724", "https://access.redhat.com/security/cve/CVE-2023-45288", "https://bugzilla.redhat.com/2268017", "https://bugzilla.redhat.com/2268018", "https://bugzilla.redhat.com/2268019", "https://bugzilla.redhat.com/2268273", "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", "https://errata.almalinux.org/9/ALSA-2024-2724.html", "https://errata.rockylinux.org/RLSA-2024:2724", "https://go.dev/cl/576155", "https://go.dev/issue/65051", "https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M", "https://kb.cert.org/vuls/id/421644", "https://linux.oracle.com/cve/CVE-2023-45288.html", "https://linux.oracle.com/errata/ELSA-2024-3346.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/", "https://nowotarski.info/http2-continuation-flood-technical-details", "https://nowotarski.info/http2-continuation-flood/", "https://nvd.nist.gov/vuln/detail/CVE-2023-45288", "https://pkg.go.dev/vuln/GO-2024-2687", "https://security.netapp.com/advisory/ntap-20240419-0009", "https://security.netapp.com/advisory/ntap-20240419-0009/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2023-45288", "https://www.kb.cert.org/vuls/id/421644" ], "PublishedDate": "2024-04-04T21:15:16.113Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-22870", "VendorIDs": [ "GHSA-qxp5-gwg8-xv66" ], "PkgID": "golang.org/x/net@v0.18.0", "PkgName": "golang.org/x/net", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/net@v0.18.0", "UID": "6166b3abc7d767f0" }, "InstalledVersion": "v0.18.0", "FixedVersion": "0.36.0", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:2c9f742e7b88d3e39169af0e6f38722fb76dd2a1928835c9ff084295db23d583", "Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", "Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.", "Severity": "MEDIUM", "CweIDs": [ "CWE-115" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/03/07/2", "https://access.redhat.com/security/cve/CVE-2025-22870", "https://github.com/golang/go/issues/71984", "https://go-review.googlesource.com/q/project:net", "https://go.dev/cl/654697", "https://go.dev/issue/71984", "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", "https://nvd.nist.gov/vuln/detail/CVE-2025-22870", "https://pkg.go.dev/vuln/GO-2025-3503", "https://security.netapp.com/advisory/ntap-20250509-0007", "https://security.netapp.com/advisory/ntap-20250509-0007/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-22870" ], "PublishedDate": "2025-03-12T19:15:38.31Z", "LastModifiedDate": "2026-04-16T23:16:32.86Z" }, { "VulnerabilityID": "CVE-2025-22872", "VendorIDs": [ "GHSA-vvgc-356p-c3xw" ], "PkgID": "golang.org/x/net@v0.18.0", "PkgName": "golang.org/x/net", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/net@v0.18.0", "UID": "6166b3abc7d767f0" }, "InstalledVersion": "v0.18.0", "FixedVersion": "0.38.0", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22872", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:4f857a0d94c5970a15d040f7056c55f8d5efad736758fb44f84f6169d5c57889", "Title": "golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net", "Description": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N", "V40Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22872", "https://github.com/TheDegenerateDev5150/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9", "https://github.com/advisories/GHSA-vvgc-356p-c3xw", "https://go.dev/cl/662715", "https://go.dev/issue/73070", "https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA", "https://nvd.nist.gov/vuln/detail/CVE-2025-22872", "https://pkg.go.dev/vuln/GO-2025-3595", "https://security.netapp.com/advisory/ntap-20250516-0007", "https://security.netapp.com/advisory/ntap-20250516-0007/", "https://ubuntu.com/security/notices/USN-8089-1", "https://ubuntu.com/security/notices/USN-8089-2", "https://ubuntu.com/security/notices/USN-8089-3", "https://www.cve.org/CVERecord?id=CVE-2025-22872" ], "PublishedDate": "2025-04-16T18:16:04.183Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-22868", "VendorIDs": [ "GHSA-6v2p-p543-phr9" ], "PkgID": "golang.org/x/oauth2@v0.14.0", "PkgName": "golang.org/x/oauth2", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/oauth2@v0.14.0", "UID": "bf39b99c4814bd1e" }, "InstalledVersion": "v0.14.0", "FixedVersion": "0.27.0", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22868", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:3912f0f5c5c7642fad0b5ab12f284f6f154849db71fba5950d05c8f48b7a0def", "Title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws", "Description": "An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.", "Severity": "HIGH", "CweIDs": [ "CWE-1286" ], "VendorSeverity": { "amazon": 3, "azure": 3, "cbl-mariner": 3, "ghsa": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22868", "https://bugzilla.redhat.com/show_bug.cgi?id=2347423", "https://bugzilla.redhat.com/show_bug.cgi?id=2348366", "https://bugzilla.redhat.com/show_bug.cgi?id=2352914", "https://bugzilla.redhat.com/show_bug.cgi?id=2354195", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22868", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27144", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30204", "https://errata.rockylinux.org/RLSA-2025:7479", "https://go.dev/cl/652155", "https://go.dev/issue/71490", "https://nvd.nist.gov/vuln/detail/CVE-2025-22868", "https://pkg.go.dev/vuln/GO-2025-3488", "https://www.cve.org/CVERecord?id=CVE-2025-22868" ], "PublishedDate": "2025-02-26T08:14:24.897Z", "LastModifiedDate": "2025-05-01T19:27:10.43Z" }, { "VulnerabilityID": "CVE-2024-24786", "VendorIDs": [ "GHSA-8r3f-844c-mc37" ], "PkgID": "google.golang.org/protobuf@v1.31.0", "PkgName": "google.golang.org/protobuf", "PkgIdentifier": { "PURL": "pkg:golang/google.golang.org/protobuf@v1.31.0", "UID": "47a522248564d8e2" }, "InstalledVersion": "v1.31.0", "FixedVersion": "1.33.0", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24786", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:8bb77aebcc3b25adb87293038c218048b452d92a4e8ff1bc1ee7d0f9260042f3", "Title": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", "Description": "The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "cbl-mariner": 3, "ghsa": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U", "V3Score": 7.5, "V40Score": 6.6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/08/4", "https://access.redhat.com/errata/RHSA-2024:2550", "https://access.redhat.com/security/cve/CVE-2024-24786", "https://bugzilla.redhat.com/2268046", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24786", "https://errata.almalinux.org/9/ALSA-2024-2550.html", "https://errata.rockylinux.org/RLSA-2024:2550", "https://github.com/protocolbuffers/protobuf-go", "https://github.com/protocolbuffers/protobuf-go/commit/f01a588e5810b90996452eec4a28f22a0afae023", "https://github.com/protocolbuffers/protobuf-go/releases/tag/v1.33.0", "https://go-review.googlesource.com/c/protobuf/+/569356", "https://go.dev/cl/569356", "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/", "https://linux.oracle.com/cve/CVE-2024-24786.html", "https://linux.oracle.com/errata/ELSA-2024-4246.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU/", "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", "https://pkg.go.dev/vuln/GO-2024-2611", "https://security.netapp.com/advisory/ntap-20240517-0002", "https://security.netapp.com/advisory/ntap-20240517-0002/", "https://ubuntu.com/security/notices/USN-6746-1", "https://ubuntu.com/security/notices/USN-6746-2", "https://www.cve.org/CVERecord?id=CVE-2024-24786" ], "PublishedDate": "2024-03-05T23:15:07.82Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-24790", "VendorIDs": [ "GO-2024-2887" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.21.11, 1.22.4", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24790", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:88f7ec1eb9856ca3c5090f86d48734bc274dd173254f8f53084a2d947f38823b", "Title": "golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses", "Description": "The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.", "Severity": "CRITICAL", "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 4, "cbl-mariner": 4, "nvd": 4, "oracle-oval": 2, "photon": 4, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 6.7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/06/04/1", "https://access.redhat.com/errata/RHSA-2025:7256", "https://access.redhat.com/security/cve/CVE-2024-24790", "https://bugzilla.redhat.com/2237777", "https://bugzilla.redhat.com/2237778", "https://bugzilla.redhat.com/2279814", "https://bugzilla.redhat.com/2292787", "https://bugzilla.redhat.com/2295310", "https://bugzilla.redhat.com/2315719", "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", "https://bugzilla.redhat.com/show_bug.cgi?id=2292787", "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", "https://bugzilla.redhat.com/show_bug.cgi?id=2315719", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9355", "https://errata.almalinux.org/9/ALSA-2025-7256.html", "https://errata.rockylinux.org/RLSA-2025:7256", "https://github.com/golang/go/commit/051bdf3fd12a40307606ff9381138039c5f452f0 (1.21)", "https://github.com/golang/go/commit/12d5810cdb1f73cf23d7a86462143e9463317fca (1.22)", "https://github.com/golang/go/issues/67680", "https://go.dev/cl/590316", "https://go.dev/issue/67680", "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k", "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ", "https://linux.oracle.com/cve/CVE-2024-24790.html", "https://linux.oracle.com/errata/ELSA-2025-7256.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-24790", "https://pkg.go.dev/vuln/GO-2024-2887", "https://security.netapp.com/advisory/ntap-20240905-0002/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://www.cve.org/CVERecord?id=CVE-2024-24790" ], "PublishedDate": "2024-06-05T16:15:10.56Z", "LastModifiedDate": "2024-11-21T08:59:42.813Z" }, { "VulnerabilityID": "CVE-2025-68121", "VendorIDs": [ "GO-2026-4337" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68121", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f0cffd7fd30e1cbda89eb6dee9cc336f91e9b0cf35867daa4f85fc94b2b1dfae", "Title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption", "Description": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.", "Severity": "CRITICAL", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 4, "cbl-mariner": 2, "nvd": 4, "oracle-oval": 3, "photon": 4, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "V3Score": 10 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "V3Score": 10 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4177", "https://access.redhat.com/security/cve/CVE-2025-68121", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-4177.html", "https://errata.rockylinux.org/RLSA-2026:4177", "https://github.com/golang/go/issues/77113", "https://go.dev/cl/737700", "https://go.dev/issue/77217", "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-68121.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-68121", "https://pkg.go.dev/vuln/GO-2026-4337", "https://www.cve.org/CVERecord?id=CVE-2025-68121" ], "PublishedDate": "2026-02-05T18:16:10.857Z", "LastModifiedDate": "2026-04-29T14:16:16.17Z" }, { "VulnerabilityID": "CVE-2023-45288", "VendorIDs": [ "GHSA-4v7x-pqxf-cx7m", "GO-2024-2687" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.21.9, 1.22.2", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45288", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f61b25ba7c881784695c070c4bf61fffd0a7df889bb90ffa1c047ebd17f4d200", "Title": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS", "Description": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.", "Severity": "HIGH", "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "ghsa": 2, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/04/03/16", "http://www.openwall.com/lists/oss-security/2024/04/05/4", "https://access.redhat.com/errata/RHSA-2024:2724", "https://access.redhat.com/security/cve/CVE-2023-45288", "https://bugzilla.redhat.com/2268017", "https://bugzilla.redhat.com/2268018", "https://bugzilla.redhat.com/2268019", "https://bugzilla.redhat.com/2268273", "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", "https://errata.almalinux.org/9/ALSA-2024-2724.html", "https://errata.rockylinux.org/RLSA-2024:2724", "https://go.dev/cl/576155", "https://go.dev/issue/65051", "https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M", "https://kb.cert.org/vuls/id/421644", "https://linux.oracle.com/cve/CVE-2023-45288.html", "https://linux.oracle.com/errata/ELSA-2024-3346.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/", "https://nowotarski.info/http2-continuation-flood-technical-details", "https://nowotarski.info/http2-continuation-flood/", "https://nvd.nist.gov/vuln/detail/CVE-2023-45288", "https://pkg.go.dev/vuln/GO-2024-2687", "https://security.netapp.com/advisory/ntap-20240419-0009", "https://security.netapp.com/advisory/ntap-20240419-0009/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2023-45288", "https://www.kb.cert.org/vuls/id/421644" ], "PublishedDate": "2024-04-04T21:15:16.113Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-34156", "VendorIDs": [ "GO-2024-3106" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.22.7, 1.23.1", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34156", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:0d8b78350d19ac6205aabb2a409a5553b56efc677c84472011134e6db8fbca63", "Title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion", "Description": "Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "Severity": "HIGH", "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:3773", "https://access.redhat.com/security/cve/CVE-2024-34156", "https://bugzilla.redhat.com/2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", "https://errata.almalinux.org/9/ALSA-2025-3773.html", "https://errata.rockylinux.org/RLSA-2025:3773", "https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7)", "https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1)", "https://go.dev/cl/611239", "https://go.dev/issue/69139", "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "https://linux.oracle.com/cve/CVE-2024-34156.html", "https://linux.oracle.com/errata/ELSA-2025-3773.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-34156", "https://pkg.go.dev/vuln/GO-2024-3106", "https://security.netapp.com/advisory/ntap-20240926-0004/", "https://ubuntu.com/security/notices/USN-7081-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-34156" ], "PublishedDate": "2024-09-06T21:15:12.02Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-61726", "VendorIDs": [ "GO-2026-4341" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61726", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:6bbd1e4dfcc24e3af68c452d1c6edf40cfdd49af8f5fde6cf1102afa6a0ee32c", "Title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url", "Description": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 3, "cbl-mariner": 2, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4177", "https://access.redhat.com/security/cve/CVE-2025-61726", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-4177.html", "https://errata.rockylinux.org/RLSA-2026:4177", "https://go.dev/cl/736712", "https://go.dev/issue/77101", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-61726.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61726", "https://pkg.go.dev/vuln/GO-2026-4341", "https://www.cve.org/CVERecord?id=CVE-2025-61726" ], "PublishedDate": "2026-01-28T20:16:09.713Z", "LastModifiedDate": "2026-02-06T18:47:34.52Z" }, { "VulnerabilityID": "CVE-2025-61729", "VendorIDs": [ "GO-2025-4155" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.24.11, 1.25.5", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61729", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:cd6dca9492a6f7cc9c22810db4cf89adf752e5bf25f711162313f9a7b756ea1b", "Title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate", "Description": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 1, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:3928", "https://access.redhat.com/security/cve/CVE-2025-61729", "https://bugzilla.redhat.com/2418462", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-3928.html", "https://errata.rockylinux.org/RLSA-2026:3928", "https://go.dev/cl/725920", "https://go.dev/issue/76445", "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "https://linux.oracle.com/cve/CVE-2025-61729.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61729", "https://pkg.go.dev/vuln/GO-2025-4155", "https://www.cve.org/CVERecord?id=CVE-2025-61729" ], "PublishedDate": "2025-12-02T19:15:51.447Z", "LastModifiedDate": "2025-12-19T18:25:28.283Z" }, { "VulnerabilityID": "CVE-2026-25679", "VendorIDs": [ "GO-2026-4601" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.25.8, 1.26.1", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25679", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:8c32daa355d6937bc9c2bdc4ed4f4474938932aa31df75886329f8b8cb2109f7", "Title": "net/url: Incorrect parsing of IPv6 host literals in net/url", "Description": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.", "Severity": "HIGH", "CweIDs": [ "CWE-425" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:9044", "https://access.redhat.com/security/cve/CVE-2026-25679", "https://bugzilla.redhat.com/2445356", "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", "https://errata.almalinux.org/9/ALSA-2026-9044.html", "https://errata.rockylinux.org/RLSA-2026:8841", "https://go.dev/cl/752180", "https://go.dev/issue/77578", "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "https://linux.oracle.com/cve/CVE-2026-25679.html", "https://linux.oracle.com/errata/ELSA-2026-9044.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", "https://pkg.go.dev/vuln/GO-2026-4601", "https://www.cve.org/CVERecord?id=CVE-2026-25679" ], "PublishedDate": "2026-03-06T22:16:00.72Z", "LastModifiedDate": "2026-04-21T14:43:03.8Z" }, { "VulnerabilityID": "CVE-2026-32280", "VendorIDs": [ "GO-2026-4947" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:d31be94b5d196c3772c4fe4657d010e2156a6274d0e3ee01ca37e30416f1b1ab", "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32280", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/758320", "https://go.dev/issue/78282", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32280.html", "https://linux.oracle.com/errata/ELSA-2026-16875.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", "https://pkg.go.dev/vuln/GO-2026-4947", "https://www.cve.org/CVERecord?id=CVE-2026-32280" ], "PublishedDate": "2026-04-08T02:16:03.247Z", "LastModifiedDate": "2026-04-16T19:16:42.18Z" }, { "VulnerabilityID": "CVE-2026-32281", "VendorIDs": [ "GO-2026-4946" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:bfae458e0cc12d1cbfd5e5652864f602f7dbd10426876e774e212a40780c6249", "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32281", "https://go.dev/cl/758061", "https://go.dev/issue/78281", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", "https://pkg.go.dev/vuln/GO-2026-4946", "https://www.cve.org/CVERecord?id=CVE-2026-32281" ], "PublishedDate": "2026-04-08T02:16:03.35Z", "LastModifiedDate": "2026-04-16T19:15:57.75Z" }, { "VulnerabilityID": "CVE-2026-32283", "VendorIDs": [ "GO-2026-4870" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:d28b8dbbfaf8cc0eb81a424729f047f617c3ff0d00dd5b8230707d34a8ff5eea", "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "nvd": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32283", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763767", "https://go.dev/issue/78334", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32283.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", "https://pkg.go.dev/vuln/GO-2026-4870", "https://www.cve.org/CVERecord?id=CVE-2026-32283" ], "PublishedDate": "2026-04-08T02:16:03.58Z", "LastModifiedDate": "2026-04-16T19:12:10.54Z" }, { "VulnerabilityID": "CVE-2026-33811", "VendorIDs": [ "GO-2026-4981" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c18048cdf3bb97a4563b7ee21d1813bf965a399d8a68d5656c8e35ccc29f75f4", "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", "Severity": "HIGH", "CweIDs": [ "CWE-415" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/767860", "https://go.dev/issue/78803", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", "https://pkg.go.dev/vuln/GO-2026-4981" ], "PublishedDate": "2026-05-07T20:16:42.77Z", "LastModifiedDate": "2026-05-12T20:23:02.333Z" }, { "VulnerabilityID": "CVE-2026-33814", "VendorIDs": [ "GO-2026-4918" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:dceb5b3d807dddce4ffc5d7d2ecdbbc4ccfbbf3866bb9b75780462702313eea9", "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", "Severity": "HIGH", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/761581", "https://go.dev/cl/761640", "https://go.dev/issue/78476", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", "https://pkg.go.dev/vuln/GO-2026-4918" ], "PublishedDate": "2026-05-07T20:16:42.88Z", "LastModifiedDate": "2026-05-13T14:41:59.52Z" }, { "VulnerabilityID": "CVE-2026-39820", "VendorIDs": [ "GO-2026-4986" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:e08ef269cc2e92dcb1d85ab9a583c1167cc5dfaba1a7dedd1821b064618c5c66", "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/759940", "https://go.dev/issue/78566", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", "https://pkg.go.dev/vuln/GO-2026-4986" ], "PublishedDate": "2026-05-07T20:16:43.187Z", "LastModifiedDate": "2026-05-13T15:10:58.65Z" }, { "VulnerabilityID": "CVE-2026-39836", "VendorIDs": [ "GO-2026-4971" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:75292f5d09b05283b5aff1d0c3e6ce777f6096427d1379926c0c84ea8a6b9aa6", "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/775320", "https://go.dev/issue/79006", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", "https://pkg.go.dev/vuln/GO-2026-4971" ], "PublishedDate": "2026-05-07T20:16:43.593Z", "LastModifiedDate": "2026-05-13T15:11:10.31Z" }, { "VulnerabilityID": "CVE-2026-42499", "VendorIDs": [ "GO-2026-4977" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:ba9f72d8f28e5bd5ef66466aab6e892fe2f57f6f156b9709f0976c47353dde72", "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", "Severity": "HIGH", "VendorSeverity": { "bitnami": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/771520", "https://go.dev/issue/78987", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", "https://pkg.go.dev/vuln/GO-2026-4977" ], "PublishedDate": "2026-05-07T20:16:44.54Z", "LastModifiedDate": "2026-05-13T16:59:17.563Z" }, { "VulnerabilityID": "CVE-2023-39326", "VendorIDs": [ "GO-2023-2382" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.20.12, 1.21.5", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39326", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:da37524b9e2c5e792d1d5a9a2b70e00b6b1f6de59a236ad3c997d9cfdee5370f", "Title": "golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests", "Description": "A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:2272", "https://access.redhat.com/security/cve/CVE-2023-39326", "https://bugzilla.redhat.com/2253193", "https://bugzilla.redhat.com/2253330", "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", "https://bugzilla.redhat.com/show_bug.cgi?id=2244340", "https://bugzilla.redhat.com/show_bug.cgi?id=2246840", "https://bugzilla.redhat.com/show_bug.cgi?id=2253193", "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", "https://bugzilla.redhat.com/show_bug.cgi?id=2262272", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39326", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650", "https://errata.almalinux.org/9/ALSA-2024-2272.html", "https://errata.rockylinux.org/RLSA-2024:2988", "https://github.com/golang/go/commit/6446af942e2e2b161c4ec1b60d9703a2b55dc4dd (go1.20.12)", "https://github.com/golang/go/commit/ec8c526e4be720e94b98ca509e6364f0efaf28f7 (go1.21.5)", "https://go.dev/cl/547335", "https://go.dev/issue/64433", "https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ", "https://linux.oracle.com/cve/CVE-2023-39326.html", "https://linux.oracle.com/errata/ELSA-2024-2988.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UIU6HOGV6RRIKWM57LOXQA75BGZSIH6G/", "https://nvd.nist.gov/vuln/detail/CVE-2023-39326", "https://pkg.go.dev/vuln/GO-2023-2382", "https://ubuntu.com/security/notices/USN-6574-1", "https://www.cve.org/CVERecord?id=CVE-2023-39326" ], "PublishedDate": "2023-12-06T17:15:07.147Z", "LastModifiedDate": "2024-11-21T08:15:09.89Z" }, { "VulnerabilityID": "CVE-2023-45289", "VendorIDs": [ "GO-2024-2600" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.21.8, 1.22.1", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45289", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:bd16f091159a68ab3d357ce29ee43e66974605b9995c184347b579d09b70579c", "Title": "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect", "Description": "When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 3, "amazon": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "V3Score": 4.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/08/4", "https://access.redhat.com/errata/RHSA-2024:2724", "https://access.redhat.com/security/cve/CVE-2023-45289", "https://bugzilla.redhat.com/2268017", "https://bugzilla.redhat.com/2268018", "https://bugzilla.redhat.com/2268019", "https://bugzilla.redhat.com/2268273", "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", "https://errata.almalinux.org/9/ALSA-2024-2724.html", "https://errata.rockylinux.org/RLSA-2024:2724", "https://github.com/golang/go/commit/20586c0dbe03d144f914155f879fa5ee287591a1 (go1.21.8)", "https://github.com/golang/go/commit/3a855208e3efed2e9d7c20ad023f1fa78afcc0be (go1.22.1)", "https://github.com/golang/go/issues/65065", "https://go.dev/cl/569340", "https://go.dev/issue/65065", "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "https://linux.oracle.com/cve/CVE-2023-45289.html", "https://linux.oracle.com/errata/ELSA-2024-3346.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-45289", "https://pkg.go.dev/vuln/GO-2024-2600", "https://security.netapp.com/advisory/ntap-20240329-0006/", "https://ubuntu.com/security/notices/USN-6886-1", "https://www.cve.org/CVERecord?id=CVE-2023-45289" ], "PublishedDate": "2024-03-05T23:15:07.137Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2023-45290", "VendorIDs": [ "GO-2024-2599" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.21.8, 1.22.1", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45290", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:1b5ce95a98885f0f198293f69138d314f54e82e326f7f3008a6135448e1db608", "Title": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm", "Description": "When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 2, "amazon": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/08/4", "https://access.redhat.com/errata/RHSA-2024:9135", "https://access.redhat.com/security/cve/CVE-2023-45290", "https://bugzilla.redhat.com/2268017", "https://bugzilla.redhat.com/2268022", "https://bugzilla.redhat.com/2279814", "https://bugzilla.redhat.com/2295310", "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24785", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", "https://errata.almalinux.org/9/ALSA-2024-9135.html", "https://errata.rockylinux.org/RLSA-2024:9135", "https://github.com/golang/go/commit/041a47712e765e94f86d841c3110c840e76d8f82 (go1.22.1)", "https://github.com/golang/go/commit/bf80213b121074f4ad9b449410a4d13bae5e9be0 (go1.21.8)", "https://github.com/golang/go/issues/65383", "https://go.dev/cl/569341", "https://go.dev/issue/65383", "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "https://linux.oracle.com/cve/CVE-2023-45290.html", "https://linux.oracle.com/errata/ELSA-2024-8038.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-45290", "https://pkg.go.dev/vuln/GO-2024-2599", "https://security.netapp.com/advisory/ntap-20240329-0004", "https://security.netapp.com/advisory/ntap-20240329-0004/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2023-45290" ], "PublishedDate": "2024-03-05T23:15:07.21Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-24783", "VendorIDs": [ "GO-2024-2598" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.21.8, 1.22.1", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24783", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:90bf865c3a8ccea09fa476c341a19771ced7a011f32283821fbf73a08292d7bf", "Title": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm", "Description": "Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 2, "amazon": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/08/4", "https://access.redhat.com/errata/RHSA-2024:6195", "https://access.redhat.com/security/cve/CVE-2024-24783", "https://bugzilla.redhat.com/2268019", "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", "https://errata.almalinux.org/9/ALSA-2024-6195.html", "https://errata.rockylinux.org/RLSA-2024:2724", "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp", "https://github.com/golang/go/commit/337b8e9cbfa749d9d5c899e0dc358e2208d5e54f (go1.22.1)", "https://github.com/golang/go/commit/be5b52bea674190ef7de272664be6c7ae93ec5a0 (go1.21.8)", "https://github.com/golang/go/issues/65390", "https://go.dev/cl/569339", "https://go.dev/issue/65390", "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "https://linux.oracle.com/cve/CVE-2024-24783.html", "https://linux.oracle.com/errata/ELSA-2024-6969.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-24783", "https://pkg.go.dev/vuln/GO-2024-2598", "https://security.netapp.com/advisory/ntap-20240329-0005", "https://security.netapp.com/advisory/ntap-20240329-0005/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-24783" ], "PublishedDate": "2024-03-05T23:15:07.683Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-24784", "VendorIDs": [ "GO-2024-2609" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.21.8, 1.22.1", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24784", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:5dad41e94c59c8af26cd469ba34b36d2c612523c3cf76d2aca67e2187aa392c8", "Title": "golang: net/mail: comments in display names are incorrectly handled", "Description": "The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 3, "amazon": 2, "bitnami": 3, "cbl-mariner": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/08/4", "https://access.redhat.com/errata/RHSA-2024:2562", "https://access.redhat.com/security/cve/CVE-2024-24784", "https://bugzilla.redhat.com/2262921", "https://bugzilla.redhat.com/2268017", "https://bugzilla.redhat.com/2268018", "https://bugzilla.redhat.com/2268019", "https://bugzilla.redhat.com/2268021", "https://bugzilla.redhat.com/2268022", "https://bugzilla.redhat.com/2268273", "https://bugzilla.redhat.com/show_bug.cgi?id=2262921", "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", "https://bugzilla.redhat.com/show_bug.cgi?id=2268021", "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1394", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24784", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24785", "https://errata.almalinux.org/9/ALSA-2024-2562.html", "https://errata.rockylinux.org/RLSA-2024:2562", "https://github.com/golang/go/commit/263c059b09fdd40d9dd945f2ecb20c89ea28efe5 (go1.21.8)", "https://github.com/golang/go/commit/5330cd225ba54c7dc78c1b46dcdf61a4671a632c (go1.22.1)", "https://github.com/golang/go/issues/65083", "https://go.dev/cl/555596", "https://go.dev/issue/65083", "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "https://linux.oracle.com/cve/CVE-2024-24784.html", "https://linux.oracle.com/errata/ELSA-2024-6969.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-24784", "https://pkg.go.dev/vuln/GO-2024-2609", "https://security.netapp.com/advisory/ntap-20240329-0007/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-24784" ], "PublishedDate": "2024-03-05T23:15:07.733Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-24785", "VendorIDs": [ "GO-2024-2610" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.21.8, 1.22.1", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24785", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:624da2e29874caba3a832d8d18ebabef31897538e99f3deeb696b7900099495b", "Title": "golang: html/template: errors returned from MarshalJSON methods may break template escaping", "Description": "If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "V3Score": 5.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/08/4", "https://access.redhat.com/errata/RHSA-2024:9135", "https://access.redhat.com/security/cve/CVE-2024-24785", "https://bugzilla.redhat.com/2268017", "https://bugzilla.redhat.com/2268022", "https://bugzilla.redhat.com/2279814", "https://bugzilla.redhat.com/2295310", "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24785", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", "https://errata.almalinux.org/9/ALSA-2024-9135.html", "https://errata.rockylinux.org/RLSA-2024:9135", "https://github.com/golang/go/commit/056b0edcb8c152152021eebf4cf42adbfbe77992 (go1.22.1)", "https://github.com/golang/go/commit/3643147a29352ca2894fd5d0d2069bc4b4335a7e (go1.21.8)", "https://github.com/golang/go/issues/65697", "https://go.dev/cl/564196", "https://go.dev/issue/65697", "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "https://linux.oracle.com/cve/CVE-2024-24785.html", "https://linux.oracle.com/errata/ELSA-2026-3428.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-24785", "https://pkg.go.dev/vuln/GO-2024-2610", "https://security.netapp.com/advisory/ntap-20240329-0008/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7061-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://vuln.go.dev/ID/GO-2024-2610.json", "https://www.cve.org/CVERecord?id=CVE-2024-24785" ], "PublishedDate": "2024-03-05T23:15:07.777Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-24789", "VendorIDs": [ "GO-2024-2888" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.21.11, 1.22.4", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24789", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:449783ac9bbd77e99cafe8688633086615830e0f064fe110964eab488954d6c9", "Title": "golang: archive/zip: Incorrect handling of certain ZIP files", "Description": "The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/06/04/1", "https://access.redhat.com/errata/RHSA-2024:9115", "https://access.redhat.com/security/cve/CVE-2024-24789", "https://bugzilla.redhat.com/2279814", "https://bugzilla.redhat.com/2292668", "https://bugzilla.redhat.com/2292787", "https://bugzilla.redhat.com/2294000", "https://bugzilla.redhat.com/2295310", "https://bugzilla.redhat.com/show_bug.cgi?id=2144983", "https://bugzilla.redhat.com/show_bug.cgi?id=2274767", "https://bugzilla.redhat.com/show_bug.cgi?id=2292668", "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4122", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24789", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3727", "https://errata.almalinux.org/9/ALSA-2024-9115.html", "https://errata.rockylinux.org/RLSA-2024:9102", "https://github.com/golang/go/commit/c8e40338cf00f3c1d86c8fb23863ad67a4c72bcc (1.21)", "https://github.com/golang/go/commit/cf501ac0c5fe351a8582d20b43562027927906e7 (1.22)", "https://github.com/golang/go/issues/66869", "https://go.dev/cl/585397", "https://go.dev/issue/66869", "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k", "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ", "https://linux.oracle.com/cve/CVE-2024-24789.html", "https://linux.oracle.com/errata/ELSA-2024-9115.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5YAEIA6IUHUNGJ7AIXXPQT6D2GYENX7/", "https://nvd.nist.gov/vuln/detail/CVE-2024-24789", "https://pkg.go.dev/vuln/GO-2024-2888", "https://security.netapp.com/advisory/ntap-20250131-0008/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-24789" ], "PublishedDate": "2024-06-05T16:15:10.47Z", "LastModifiedDate": "2025-01-31T15:15:12.74Z" }, { "VulnerabilityID": "CVE-2024-24791", "VendorIDs": [ "GO-2024-2963" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.21.12, 1.22.5", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24791", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:ba82ff5f84c447668e9ba48880a3c80e51b9b11d684162e337cbe9b0802a680a", "Title": "net/http: Denial of service due to improper 100-continue handling in net/http", "Description": "The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an \"Expect: 100-continue\" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending \"Expect: 100-continue\" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "bitnami": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:7256", "https://access.redhat.com/security/cve/CVE-2024-24791", "https://bugzilla.redhat.com/2237777", "https://bugzilla.redhat.com/2237778", "https://bugzilla.redhat.com/2279814", "https://bugzilla.redhat.com/2292787", "https://bugzilla.redhat.com/2295310", "https://bugzilla.redhat.com/2315719", "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", "https://bugzilla.redhat.com/show_bug.cgi?id=2292787", "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", "https://bugzilla.redhat.com/show_bug.cgi?id=2315719", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9355", "https://errata.almalinux.org/9/ALSA-2025-7256.html", "https://errata.rockylinux.org/RLSA-2025:7256", "https://go.dev/cl/591255", "https://go.dev/issue/67555", "https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ", "https://linux.oracle.com/cve/CVE-2024-24791.html", "https://linux.oracle.com/errata/ELSA-2025-7256.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-24791", "https://pkg.go.dev/vuln/GO-2024-2963", "https://security.netapp.com/advisory/ntap-20241004-0004/", "https://ubuntu.com/security/notices/USN-7081-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-24791" ], "PublishedDate": "2024-07-02T22:15:04.833Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-34155", "VendorIDs": [ "GO-2024-3105" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.22.7, 1.23.1", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34155", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:70f20b719dcdb020aaa82e1e492d4af8d34ce4eb0f2164a15ae5dd30977a87a5", "Title": "go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion", "Description": "Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 4.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:9459", "https://access.redhat.com/security/cve/CVE-2024-34155", "https://bugzilla.redhat.com/2310527", "https://bugzilla.redhat.com/2310528", "https://bugzilla.redhat.com/2310529", "https://bugzilla.redhat.com/2315691", "https://bugzilla.redhat.com/2315887", "https://bugzilla.redhat.com/2317458", "https://bugzilla.redhat.com/2317467", "https://bugzilla.redhat.com/show_bug.cgi?id=2310527", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2310529", "https://bugzilla.redhat.com/show_bug.cgi?id=2315691", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341", "https://errata.almalinux.org/9/ALSA-2024-9459.html", "https://errata.rockylinux.org/RLSA-2024:8039", "https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1)", "https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7)", "https://go.dev/cl/611238", "https://go.dev/issue/69138", "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "https://linux.oracle.com/cve/CVE-2024-34155.html", "https://linux.oracle.com/errata/ELSA-2024-9459.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-34155", "https://pkg.go.dev/vuln/GO-2024-3105", "https://security.netapp.com/advisory/ntap-20240926-0005/", "https://ubuntu.com/security/notices/USN-7081-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-34155" ], "PublishedDate": "2024-09-06T21:15:11.947Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-34158", "VendorIDs": [ "GO-2024-3107" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.22.7, 1.23.1", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34158", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:4f1ee40664cc240bc8bbf074bdc3abea0e02d8dafc4cf63b1f136ea68fc692fd", "Title": "go/build/constraint: golang: Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion", "Description": "Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.", "Severity": "MEDIUM", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:7118", "https://access.redhat.com/security/cve/CVE-2024-34158", "https://bugzilla.redhat.com/2262921", "https://bugzilla.redhat.com/2310529", "https://bugzilla.redhat.com/2315719", "https://bugzilla.redhat.com/show_bug.cgi?id=2310527", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2310529", "https://bugzilla.redhat.com/show_bug.cgi?id=2315691", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341", "https://errata.almalinux.org/9/ALSA-2025-7118.html", "https://errata.rockylinux.org/RLSA-2024:8039", "https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1)", "https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7)", "https://go.dev/cl/611240", "https://go.dev/issue/69141", "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "https://linux.oracle.com/cve/CVE-2024-34158.html", "https://linux.oracle.com/errata/ELSA-2025-7118.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-34158", "https://pkg.go.dev/vuln/GO-2024-3107", "https://security.netapp.com/advisory/ntap-20241004-0003/", "https://ubuntu.com/security/notices/USN-7081-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-34158" ], "PublishedDate": "2024-09-06T21:15:12.083Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-45336", "VendorIDs": [ "GO-2025-3420" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.22.11, 1.23.5, 1.24.0-rc.2", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-45336", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:8caf910f46b9a3f93bf90d73da3e4cbbddbfc5b2a10edd0e10db2e883e16838d", "Title": "golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect", "Description": "The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "bitnami": 2, "cbl-mariner": 3, "oracle-oval": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:3772", "https://access.redhat.com/security/cve/CVE-2024-45336", "https://bugzilla.redhat.com/2341750", "https://bugzilla.redhat.com/2341751", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", "https://errata.almalinux.org/8/ALSA-2025-3772.html", "https://errata.rockylinux.org/RLSA-2025:3773", "https://github.com/golang/go/issues/70530", "https://go.dev/cl/643100", "https://go.dev/issue/70530", "https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI", "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ", "https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ", "https://linux.oracle.com/cve/CVE-2024-45336.html", "https://linux.oracle.com/errata/ELSA-2025-7592.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-45336", "https://pkg.go.dev/vuln/GO-2025-3420", "https://security.netapp.com/advisory/ntap-20250221-0003/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2024-45336" ], "PublishedDate": "2025-01-28T02:15:28.807Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-0913", "VendorIDs": [ "GO-2025-3750" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.23.10, 1.24.4", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:03785c33fc0859902086a5552c22817b9d516cb964dd701534e283f96fb8e1b9", "Title": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", "Description": "os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 } }, "References": [ "https://go.dev/cl/672396", "https://go.dev/issue/73702", "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "https://nvd.nist.gov/vuln/detail/CVE-2025-0913", "https://pkg.go.dev/vuln/GO-2025-3750" ], "PublishedDate": "2025-06-11T18:15:24.627Z", "LastModifiedDate": "2025-08-08T14:53:03.55Z" }, { "VulnerabilityID": "CVE-2025-22866", "VendorIDs": [ "GO-2025-3447" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.22.12, 1.23.6, 1.24.0-rc.3", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22866", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:6b5680acf5f945a7a2fb63a4f03baeefbe484a263fa9586431f1414e122acd06", "Title": "crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec", "Description": "Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.", "Severity": "MEDIUM", "VendorSeverity": { "bitnami": 2, "oracle-oval": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22866", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", "https://errata.rockylinux.org/RLSA-2025:3773", "https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12)", "https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6)", "https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3)", "https://github.com/golang/go/issues/71383", "https://go.dev/cl/643735", "https://go.dev/issue/71383", "https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k", "https://linux.oracle.com/cve/CVE-2025-22866.html", "https://linux.oracle.com/errata/ELSA-2025-7466.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-22866", "https://pkg.go.dev/vuln/GO-2025-3447", "https://security.netapp.com/advisory/ntap-20250221-0002/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-22866" ], "PublishedDate": "2025-02-06T17:15:21.41Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-22870", "VendorIDs": [ "GHSA-qxp5-gwg8-xv66", "GO-2025-3503" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.23.7, 1.24.1", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b7c1171d439f752f17c215f45696818bbaae3952611168e1c6eea6eb4e456421", "Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", "Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.", "Severity": "MEDIUM", "CweIDs": [ "CWE-115" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/03/07/2", "https://access.redhat.com/security/cve/CVE-2025-22870", "https://github.com/golang/go/issues/71984", "https://go-review.googlesource.com/q/project:net", "https://go.dev/cl/654697", "https://go.dev/issue/71984", "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", "https://nvd.nist.gov/vuln/detail/CVE-2025-22870", "https://pkg.go.dev/vuln/GO-2025-3503", "https://security.netapp.com/advisory/ntap-20250509-0007", "https://security.netapp.com/advisory/ntap-20250509-0007/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-22870" ], "PublishedDate": "2025-03-12T19:15:38.31Z", "LastModifiedDate": "2026-04-16T23:16:32.86Z" }, { "VulnerabilityID": "CVE-2025-22871", "VendorIDs": [ "GO-2025-3563" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.23.8, 1.24.2", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22871", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:5ad2d3ad489b9a8152a1a621b7fbd4b82c4f3db864ec0617a112b41fba13e648", "Title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http", "Description": "The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 4, "cbl-mariner": 3, "ghsa": 4, "oracle-oval": 2, "photon": 4, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/04/4", "https://access.redhat.com/errata/RHSA-2025:9635", "https://access.redhat.com/security/cve/CVE-2025-22871", "https://bugzilla.redhat.com/2358493", "https://bugzilla.redhat.com/show_bug.cgi?id=2358493", "https://cert-portal.siemens.com/productcert/html/ssa-783943.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871", "https://errata.almalinux.org/9/ALSA-2025-9635.html", "https://errata.rockylinux.org/RLSA-2025:9635", "https://github.com/roadrunner-server/roadrunner", "https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa", "https://github.com/roadrunner-server/roadrunner/issues/2166", "https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0", "https://go.dev/cl/652998", "https://go.dev/issue/71988", "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk", "https://linux.oracle.com/cve/CVE-2025-22871.html", "https://linux.oracle.com/errata/ELSA-2025-9845.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-22871", "https://pkg.go.dev/vuln/GO-2025-3563", "https://www.cve.org/CVERecord?id=CVE-2025-22871" ], "PublishedDate": "2025-04-08T20:15:20.183Z", "LastModifiedDate": "2026-05-12T13:16:39.897Z" }, { "VulnerabilityID": "CVE-2025-22873", "VendorIDs": [ "GO-2026-4403" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.23.9, 1.24.3", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22873", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:d8af583a0ce720ca2f0a83e28b8a16fa6cc3fab639283a1195dff43b80f2549a", "Title": "os: os: Information disclosure via path traversal using specially crafted filenames", "Description": "It was possible to improperly access the parent directory of an os.Root by opening a filename ending in \"../\". For example, Root.Open(\"../\") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.", "Severity": "MEDIUM", "CweIDs": [ "CWE-23" ], "VendorSeverity": { "amazon": 2, "bitnami": 1, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "V3Score": 3.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/05/06/2", "https://access.redhat.com/security/cve/CVE-2025-22873", "https://go.dev/cl/670036", "https://go.dev/issue/73555", "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ", "https://nvd.nist.gov/vuln/detail/CVE-2025-22873", "https://pkg.go.dev/vuln/GO-2026-4403", "https://www.cve.org/CVERecord?id=CVE-2025-22873" ], "PublishedDate": "2026-02-04T23:15:54.22Z", "LastModifiedDate": "2026-02-10T15:16:40.057Z" }, { "VulnerabilityID": "CVE-2025-4673", "VendorIDs": [ "GO-2025-3751" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.23.10, 1.24.4", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:9f1ca9908e4c8a038819038f9ede8b8f856d29f070e80e4bc6acdcef71ddd38f", "Title": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", "Description": "Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "V3Score": 6.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "V3Score": 6.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:15887", "https://access.redhat.com/security/cve/CVE-2025-4673", "https://bugzilla.redhat.com/2373305", "https://bugzilla.redhat.com/show_bug.cgi?id=2373305", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673", "https://errata.almalinux.org/9/ALSA-2025-15887.html", "https://errata.rockylinux.org/RLSA-2025:15887", "https://go.dev/cl/679257", "https://go.dev/issue/73816", "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "https://linux.oracle.com/cve/CVE-2025-4673.html", "https://linux.oracle.com/errata/ELSA-2025-10677.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-4673", "https://pkg.go.dev/vuln/GO-2025-3751", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-4673" ], "PublishedDate": "2025-06-11T17:15:42.993Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-47906", "VendorIDs": [ "GO-2025-3956" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.23.12, 1.24.6", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b98f644f7549edb6ce5a6b00b8f262188202288fb2dc5d83436ec7b6f92fac24", "Title": "os/exec: Unexpected paths returned from LookPath in os/exec", "Description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/08/06/1", "https://access.redhat.com/errata/RHSA-2025:22005", "https://access.redhat.com/security/cve/CVE-2025-47906", "https://bugzilla.redhat.com/2396546", "https://bugzilla.redhat.com/show_bug.cgi?id=2396546", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906", "https://errata.almalinux.org/9/ALSA-2025-22005.html", "https://errata.rockylinux.org/RLSA-2025:22005", "https://go.dev/cl/691775", "https://go.dev/issue/74466", "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", "https://linux.oracle.com/cve/CVE-2025-47906.html", "https://linux.oracle.com/errata/ELSA-2025-22668.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-47906", "https://pkg.go.dev/vuln/GO-2025-3956", "https://www.cve.org/CVERecord?id=CVE-2025-47906" ], "PublishedDate": "2025-09-18T19:15:37.66Z", "LastModifiedDate": "2026-01-27T19:56:17.707Z" }, { "VulnerabilityID": "CVE-2025-47907", "VendorIDs": [ "GO-2025-3849" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.23.12, 1.24.6", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:53cf4843a799751651c14831ba832b7f35de02f8117ae0272606ef873ce67557", "Title": "database/sql: Postgres Scan Race Condition", "Description": "Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "V3Score": 7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/08/06/1", "https://access.redhat.com/errata/RHSA-2025:20909", "https://access.redhat.com/security/cve/CVE-2025-47907", "https://bugzilla.redhat.com/2387083", "https://bugzilla.redhat.com/2393152", "https://errata.almalinux.org/9/ALSA-2025-20909.html", "https://go.dev/cl/693735", "https://go.dev/issue/74831", "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", "https://linux.oracle.com/cve/CVE-2025-47907.html", "https://linux.oracle.com/errata/ELSA-2025-20983.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-47907", "https://pkg.go.dev/vuln/GO-2025-3849", "https://www.cve.org/CVERecord?id=CVE-2025-47907" ], "PublishedDate": "2025-08-07T16:15:30.357Z", "LastModifiedDate": "2026-01-29T19:11:50.67Z" }, { "VulnerabilityID": "CVE-2025-47912", "VendorIDs": [ "GO-2025-4010" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47912", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:210edc8fa75fd24c18f6c6d49fa2fbc56dd3d2985200903a8af8a9ff4afc4b98", "Title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url", "Description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-47912", "https://go.dev/cl/709857", "https://go.dev/issue/75678", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-47912", "https://pkg.go.dev/vuln/GO-2025-4010", "https://www.cve.org/CVERecord?id=CVE-2025-47912" ], "PublishedDate": "2025-10-29T23:16:18.187Z", "LastModifiedDate": "2026-01-29T13:57:18.69Z" }, { "VulnerabilityID": "CVE-2025-58183", "VendorIDs": [ "GO-2025-4014" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58183", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:4e042c8a0461b9ab3834379fbf694e7bacafa6d9be1c928b26199369c5fbe3fe", "Title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map", "Description": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/errata/RHSA-2026:1381", "https://access.redhat.com/security/cve/CVE-2025-58183", "https://bugzilla.redhat.com/2407258", "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", "https://errata.almalinux.org/9/ALSA-2026-1381.html", "https://errata.rockylinux.org/RLSA-2025:23326", "https://go.dev/cl/709861", "https://go.dev/issue/75677", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://linux.oracle.com/cve/CVE-2025-58183.html", "https://linux.oracle.com/errata/ELSA-2026-50076.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-58183", "https://pkg.go.dev/vuln/GO-2025-4014", "https://www.cve.org/CVERecord?id=CVE-2025-58183" ], "PublishedDate": "2025-10-29T23:16:19.357Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-58185", "VendorIDs": [ "GO-2025-4011" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58185", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3e5b5849481473f16b02d21e71c40bec5e9ef3fbb2eceba710b7b4ee8efac274", "Title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1", "Description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58185", "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd", "https://go.dev/cl/709856", "https://go.dev/issue/75671", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58185", "https://pkg.go.dev/vuln/GO-2025-4011", "https://www.cve.org/CVERecord?id=CVE-2025-58185" ], "PublishedDate": "2025-10-29T23:16:19.45Z", "LastModifiedDate": "2026-02-06T20:26:41.997Z" }, { "VulnerabilityID": "CVE-2025-58187", "VendorIDs": [ "GO-2025-4007" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.24.9, 1.25.3", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58187", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:92506bdaf4016bc7529c2cc1e25341678459740f7185ac37d0eddc167caa62cc", "Title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509", "Description": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.", "Severity": "MEDIUM", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58187", "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4", "https://go.dev/cl/709854", "https://go.dev/issue/75681", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58187", "https://pkg.go.dev/vuln/GO-2025-4007", "https://www.cve.org/CVERecord?id=CVE-2025-58187" ], "PublishedDate": "2025-10-29T23:16:19.643Z", "LastModifiedDate": "2026-01-29T16:02:27.08Z" }, { "VulnerabilityID": "CVE-2025-58188", "VendorIDs": [ "GO-2025-4013" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58188", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:da41ee956818e1a6983893c517ab4d90013b7340e08d108964d3a5bd9f4ea9c6", "Title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509", "Description": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58188", "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9", "https://go.dev/cl/709853", "https://go.dev/issue/75675", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58188", "https://pkg.go.dev/vuln/GO-2025-4013", "https://www.cve.org/CVERecord?id=CVE-2025-58188" ], "PublishedDate": "2025-10-29T23:16:19.74Z", "LastModifiedDate": "2026-01-29T15:55:11.97Z" }, { "VulnerabilityID": "CVE-2025-58189", "VendorIDs": [ "GO-2025-4008" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58189", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:0d65f2faed1e73121b63613226ceeb12d96cc615f881cc93abdbb87112db62ee", "Title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information", "Description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", "Severity": "MEDIUM", "CweIDs": [ "CWE-532" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58189", "https://go.dev/cl/707776", "https://go.dev/issue/75652", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58189", "https://pkg.go.dev/vuln/GO-2025-4008", "https://www.cve.org/CVERecord?id=CVE-2025-58189" ], "PublishedDate": "2025-10-29T23:16:19.833Z", "LastModifiedDate": "2026-01-29T15:49:24.543Z" }, { "VulnerabilityID": "CVE-2025-61723", "VendorIDs": [ "GO-2025-4009" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61723", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:d96d682d8ca3160f59e669e076f9ffda5354e7d1b681ef608371761960353d55", "Title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem", "Description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61723", "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b", "https://go.dev/cl/709858", "https://go.dev/issue/75676", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61723", "https://pkg.go.dev/vuln/GO-2025-4009", "https://www.cve.org/CVERecord?id=CVE-2025-61723" ], "PublishedDate": "2025-10-29T23:16:19.927Z", "LastModifiedDate": "2026-01-29T15:49:05.343Z" }, { "VulnerabilityID": "CVE-2025-61724", "VendorIDs": [ "GO-2025-4015" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61724", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:1573ddfdbbd8a12077edb2aadc7f6447f80df0b17bc1341f0d0b12aacc637420", "Title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto", "Description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61724", "https://go.dev/cl/709859", "https://go.dev/issue/75716", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61724", "https://pkg.go.dev/vuln/GO-2025-4015", "https://www.cve.org/CVERecord?id=CVE-2025-61724" ], "PublishedDate": "2025-10-29T23:16:20.02Z", "LastModifiedDate": "2026-01-29T15:30:53.69Z" }, { "VulnerabilityID": "CVE-2025-61725", "VendorIDs": [ "GO-2025-4006" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61725", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:807c8567e2e9f1649cb4349cc75f01043b23108a1dd7b9e0bc56e3f71f53f10c", "Title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail", "Description": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61725", "https://go.dev/cl/709860", "https://go.dev/issue/75680", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61725", "https://pkg.go.dev/vuln/GO-2025-4006", "https://www.cve.org/CVERecord?id=CVE-2025-61725" ], "PublishedDate": "2025-10-29T23:16:20.113Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-61727", "VendorIDs": [ "GO-2025-4175" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.24.11, 1.25.5", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61727", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:e86eeba00a00e6c770754adc0109469c612f66e72f326149e7f39cc863e32ee3", "Title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs", "Description": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-61727", "https://go.dev/cl/723900", "https://go.dev/issue/76442", "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "https://nvd.nist.gov/vuln/detail/CVE-2025-61727", "https://pkg.go.dev/vuln/GO-2025-4175", "https://www.cve.org/CVERecord?id=CVE-2025-61727" ], "PublishedDate": "2025-12-03T20:16:25.607Z", "LastModifiedDate": "2025-12-18T20:15:10.957Z" }, { "VulnerabilityID": "CVE-2025-61728", "VendorIDs": [ "GO-2026-4342" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61728", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:a715f06b50f9bd610dc0d35e2052785181c4fa8eb56d743625c910fadf419b22", "Title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip", "Description": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/15/4", "https://access.redhat.com/errata/RHSA-2026:3753", "https://access.redhat.com/security/cve/CVE-2025-61728", "https://bugzilla.redhat.com/2418462", "https://bugzilla.redhat.com/2434431", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", "https://bugzilla.redhat.com/show_bug.cgi?id=2434431", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-3753.html", "https://errata.rockylinux.org/RLSA-2026:3337", "https://go.dev/cl/736713", "https://go.dev/issue/77102", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-61728.html", "https://linux.oracle.com/errata/ELSA-2026-4672.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61728", "https://pkg.go.dev/vuln/GO-2026-4342", "https://www.cve.org/CVERecord?id=CVE-2025-61728" ], "PublishedDate": "2026-01-28T20:16:09.83Z", "LastModifiedDate": "2026-02-06T18:45:10.42Z" }, { "VulnerabilityID": "CVE-2025-61730", "VendorIDs": [ "GO-2026-4340" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61730", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:5daa1d005a3eb11c9e03f5ce6b44347ffd73f072dc0bda00730850ac890f54da", "Title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls", "Description": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 2, "azure": 1, "bitnami": 2, "cbl-mariner": 1, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-61730", "https://go.dev/cl/724120", "https://go.dev/issue/76443", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://nvd.nist.gov/vuln/detail/CVE-2025-61730", "https://pkg.go.dev/vuln/GO-2026-4340", "https://www.cve.org/CVERecord?id=CVE-2025-61730" ], "PublishedDate": "2026-01-28T20:16:09.94Z", "LastModifiedDate": "2026-02-03T20:36:41.3Z" }, { "VulnerabilityID": "CVE-2026-27142", "VendorIDs": [ "GO-2026-4603" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.25.8, 1.26.1", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27142", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c03abe566764149ad0bd7eed852975477f453503355fd19b6264714dd3fcfafc", "Title": "html/template: URLs in meta content attribute actions are not escaped in html/template", "Description": "Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27142", "https://go.dev/cl/752081", "https://go.dev/issue/77954", "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "https://nvd.nist.gov/vuln/detail/CVE-2026-27142", "https://pkg.go.dev/vuln/GO-2026-4603", "https://www.cve.org/CVERecord?id=CVE-2026-27142" ], "PublishedDate": "2026-03-06T22:16:01.177Z", "LastModifiedDate": "2026-04-21T14:30:01.38Z" }, { "VulnerabilityID": "CVE-2026-32282", "VendorIDs": [ "GO-2026-4864" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:9f375ba06f2db40ddf760f71b27eb38eb8c0806ec9219386179409810e7e5afc", "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32282", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763761", "https://go.dev/issue/78293", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32282.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", "https://pkg.go.dev/vuln/GO-2026-4864", "https://www.cve.org/CVERecord?id=CVE-2026-32282" ], "PublishedDate": "2026-04-08T02:16:03.467Z", "LastModifiedDate": "2026-04-16T19:15:39.4Z" }, { "VulnerabilityID": "CVE-2026-32288", "VendorIDs": [ "GO-2026-4869" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:04dc2e11af7f267d2e19d3cf5a01646d6d004c7aa99db053db40b8ce87ca0e80", "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "azure": 2, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32288", "https://go.dev/cl/763766", "https://go.dev/issue/78301", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", "https://pkg.go.dev/vuln/GO-2026-4869", "https://www.cve.org/CVERecord?id=CVE-2026-32288" ], "PublishedDate": "2026-04-08T02:16:03.707Z", "LastModifiedDate": "2026-04-16T19:08:52.24Z" }, { "VulnerabilityID": "CVE-2026-32289", "VendorIDs": [ "GO-2026-4865" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c73c6635a7490cec4cc8316b5ebbe9263b5ca37ed7b1751c8ed2fa171efcdbe2", "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32289", "https://go.dev/cl/763762", "https://go.dev/issue/78331", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", "https://pkg.go.dev/vuln/GO-2026-4865", "https://www.cve.org/CVERecord?id=CVE-2026-32289" ], "PublishedDate": "2026-04-08T02:16:03.82Z", "LastModifiedDate": "2026-04-16T19:06:57.367Z" }, { "VulnerabilityID": "CVE-2026-39823", "VendorIDs": [ "GO-2026-4982" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:0a13c78a871c468c9c000ef73489f995741d2cee0ed2022ab9a942c1445442e3", "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/769920", "https://go.dev/issue/78913", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", "https://pkg.go.dev/vuln/GO-2026-4982" ], "PublishedDate": "2026-05-07T20:16:43.29Z", "LastModifiedDate": "2026-05-13T16:58:45.697Z" }, { "VulnerabilityID": "CVE-2026-39825", "VendorIDs": [ "GO-2026-4976" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:56e3756223fdd92c39d2b9da865e9899850d53a3f5ea5ac96d70219a08ae7e5f", "Title": "ReverseProxy can forward queries containing parameters not visible to ...", "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", "Severity": "MEDIUM", "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://go.dev/cl/770541", "https://go.dev/issue/78948", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", "https://pkg.go.dev/vuln/GO-2026-4976" ], "PublishedDate": "2026-05-07T20:16:43.39Z", "LastModifiedDate": "2026-05-13T16:58:56.39Z" }, { "VulnerabilityID": "CVE-2026-39826", "VendorIDs": [ "GO-2026-4980" ], "PkgID": "stdlib@v1.21.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.21.4", "UID": "d364216c61456e6a" }, "InstalledVersion": "v1.21.4", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:3b2c80360c7f9a372f159b116f4db3f009fac758109706ea260d21e7077f38fe", "DiffID": "sha256:6824f0f479b245a0e250208539ac3ad0ca05f796ff1775b4fc5e3c45ccc0c0bb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:5dd6447e702e960bb3efeb06851b8de0f653cf7545edf41dcb19c511d9b552ba", "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", "Severity": "MEDIUM", "CweIDs": [ "CWE-116" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/771180", "https://go.dev/issue/78981", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", "https://pkg.go.dev/vuln/GO-2026-4980" ], "PublishedDate": "2026-05-07T20:16:43.49Z", "LastModifiedDate": "2026-05-13T16:59:07.48Z" } ] } ] }, { "Namespace": "m3uproxy", "Kind": "Deployment", "Name": "m3uproxy", "Metadata": [ { "Size": 171802112, "OS": { "Family": "alpine", "Name": "3.22.1" }, "ImageID": "sha256:879beb147d4da23c34c4fd2d68c51f516c749314f7b0bffe27d4ea2d72803495", "DiffIDs": [ "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35", "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9", "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694", "sha256:dd2dcbdf70426ec069676f8d050fefdc7dabb4d9582458d08d104ab49a4cc91b", "sha256:597e548b3624574eaaca9e8acafc23c26fdec4ba0011a3162d0be1d333a45318", "sha256:0b0a50d3b5b0f6981272c465104eb9d1fd9d31325348eb5d05668c11ae9e22b7", "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18", "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef" ], "RepoTags": [ "a13labs/m3uproxy:latest" ], "RepoDigests": [ "a13labs/m3uproxy@sha256:830fa57fe59cd18f4656bb2c46d47355da2f1a2557098110e3ac52d60fd30b6b" ], "Reference": "a13labs/m3uproxy:latest", "ImageConfig": { "architecture": "amd64", "created": "2025-09-07T18:52:25.746443655Z", "history": [ { "created": "2025-07-15T11:01:16Z", "created_by": "ADD alpine-minirootfs-3.22.1-x86_64.tar.gz / # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-07-15T11:01:16Z", "created_by": "CMD [\"/bin/sh\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-09-07T18:52:23.020538492Z", "created_by": "COPY /app/m3uproxy /app/m3uproxy # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-09-07T18:52:23.046260219Z", "created_by": "COPY /app/m3uproxy-cli /app/m3uproxy-cli # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-09-07T18:52:23.057825012Z", "created_by": "COPY /app/conf /app/conf # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-09-07T18:52:23.067201341Z", "created_by": "COPY /app/scripts/entrypoint.sh /app/entrypoint.sh # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-09-07T18:52:23.43507988Z", "created_by": "COPY /app/player.zip /app/assets/player.zip # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-09-07T18:52:25.729295883Z", "created_by": "RUN /bin/sh -c apk --no-cache add ca-certificates ffmpeg bash \u0026\u0026 mkdir -p /app/cache # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-09-07T18:52:25.746443655Z", "created_by": "WORKDIR /app", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-09-07T18:52:25.746443655Z", "created_by": "EXPOSE map[8080/tcp:{}]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-09-07T18:52:25.746443655Z", "created_by": "CMD [\"/app/entrypoint.sh\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true } ], "os": "linux", "rootfs": { "type": "layers", "diff_ids": [ "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35", "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9", "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694", "sha256:dd2dcbdf70426ec069676f8d050fefdc7dabb4d9582458d08d104ab49a4cc91b", "sha256:597e548b3624574eaaca9e8acafc23c26fdec4ba0011a3162d0be1d333a45318", "sha256:0b0a50d3b5b0f6981272c465104eb9d1fd9d31325348eb5d05668c11ae9e22b7", "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18", "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef" ] }, "config": { "Cmd": [ "/app/entrypoint.sh" ], "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ], "Labels": { "org.opencontainers.image.created": "2025-09-07T18:51:37.868Z", "org.opencontainers.image.description": "A simple M3U streams proxy.", "org.opencontainers.image.licenses": "MIT", "org.opencontainers.image.revision": "b8db63703575ae29a95fb6599f2447b0d1de1bcb", "org.opencontainers.image.source": "https://github.com/a13labs/m3uproxy", "org.opencontainers.image.title": "m3uproxy", "org.opencontainers.image.url": "https://github.com/a13labs/m3uproxy", "org.opencontainers.image.version": "0.0.30" }, "WorkingDir": "/app", "ExposedPorts": { "8080/tcp": {} }, "ArgsEscaped": true } }, "Layers": [ { "Size": 8596480, "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, { "Size": 16915456, "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, { "Size": 11891200, "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" }, { "Size": 4608, "Digest": "sha256:8aa8374db3c7f12172875626cd522adec6d023c93f65a0fbb59b1f510e0259f5", "DiffID": "sha256:dd2dcbdf70426ec069676f8d050fefdc7dabb4d9582458d08d104ab49a4cc91b" }, { "Size": 4096, "Digest": "sha256:a67065a52c1a982f0496ec43e56b0e367c17e5d57d7161734e6dde8d804e3914", "DiffID": "sha256:597e548b3624574eaaca9e8acafc23c26fdec4ba0011a3162d0be1d333a45318" }, { "Size": 1025024, "Digest": "sha256:81925f9feab22674a0aa895bc9654edbb579c7824dc8f3923b527c68a77f3870", "DiffID": "sha256:0b0a50d3b5b0f6981272c465104eb9d1fd9d31325348eb5d05668c11ae9e22b7" }, { "Size": 133364224, "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, { "Size": 1024, "Digest": "sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1", "DiffID": "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef" } ] } ], "Results": [ { "Target": "a13labs/m3uproxy:latest (alpine 3.22.1)", "Class": "os-pkgs", "Type": "alpine", "Packages": [ { "ID": "alpine-baselayout@3.7.0-r0", "Name": "alpine-baselayout", "Identifier": { "PURL": "pkg:apk/alpine/alpine-baselayout@3.7.0-r0?arch=x86_64\u0026distro=3.22.1", "UID": "e1b004c7909e5e42" }, "Version": "3.7.0-r0", "Arch": "x86_64", "SrcName": "alpine-baselayout", "SrcVersion": "3.7.0-r0", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "alpine-baselayout-data@3.7.0-r0", "busybox-binsh@1.37.0-r18" ], "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "Digest": "sha1:29f99748eea1ffe01f70b34024dc45c46d211f8d", "InstalledFiles": [ "etc/motd", "etc/crontabs/root", "etc/modprobe.d/aliases.conf", "etc/modprobe.d/blacklist.conf", "etc/modprobe.d/i386.conf", "etc/profile.d/20locale.sh", "etc/profile.d/README", "etc/profile.d/color_prompt.sh.disabled", "usr/lib/sysctl.d/00-alpine.conf", "var/lock", "var/run", "var/spool/mail", "var/spool/cron/crontabs" ], "AnalyzedBy": "apk" }, { "ID": "alpine-baselayout-data@3.7.0-r0", "Name": "alpine-baselayout-data", "Identifier": { "PURL": "pkg:apk/alpine/alpine-baselayout-data@3.7.0-r0?arch=x86_64\u0026distro=3.22.1", "UID": "ab78613e89e34197" }, "Version": "3.7.0-r0", "Arch": "x86_64", "SrcName": "alpine-baselayout", "SrcVersion": "3.7.0-r0", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "Digest": "sha1:73f5ef65f8333a1784102df973c076d5a7d5b5fe", "InstalledFiles": [ "etc/fstab", "etc/group", "etc/hostname", "etc/hosts", "etc/inittab", "etc/modules", "etc/mtab", "etc/nsswitch.conf", "etc/passwd", "etc/profile", "etc/protocols", "etc/services", "etc/shadow", "etc/shells", "etc/sysctl.conf" ], "AnalyzedBy": "apk" }, { "ID": "alpine-keys@2.5-r0", "Name": "alpine-keys", "Identifier": { "PURL": "pkg:apk/alpine/alpine-keys@2.5-r0?arch=x86_64\u0026distro=3.22.1", "UID": "82fba6933d3c7e01" }, "Version": "2.5-r0", "Arch": "x86_64", "SrcName": "alpine-keys", "SrcVersion": "2.5-r0", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "Digest": "sha1:b175e48144ebad03d6ba11d45b25aafc2de310c1", "InstalledFiles": [ "etc/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-66ba20fe.rsa.pub", "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", "usr/share/apk/keys/loongarch64/alpine-devel@lists.alpinelinux.org-66ba20fe.rsa.pub", "usr/share/apk/keys/mips64/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub" ], "AnalyzedBy": "apk" }, { "ID": "alpine-release@3.22.1-r0", "Name": "alpine-release", "Identifier": { "PURL": "pkg:apk/alpine/alpine-release@3.22.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "b919f62743ce52a6" }, "Version": "3.22.1-r0", "Arch": "x86_64", "SrcName": "alpine-base", "SrcVersion": "3.22.1-r0", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "alpine-keys@2.5-r0" ], "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "Digest": "sha1:20af3bbd2f59403c19b22576e458428bf8c09c12", "InstalledFiles": [ "etc/alpine-release", "etc/issue", "etc/os-release", "etc/secfixes.d/alpine", "usr/lib/os-release" ], "AnalyzedBy": "apk" }, { "ID": "alsa-lib@1.2.14-r0", "Name": "alsa-lib", "Identifier": { "PURL": "pkg:apk/alpine/alsa-lib@1.2.14-r0?arch=x86_64\u0026distro=3.22.1", "UID": "b44bd32890ed9ca6" }, "Version": "1.2.14-r0", "Arch": "x86_64", "SrcName": "alsa-lib", "SrcVersion": "1.2.14-r0", "Licenses": [ "LGPL-2.1-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:78767e048658238059fbf96ee592852a4068254e", "InstalledFiles": [ "usr/bin/aserver", "usr/lib/libasound.so.2", "usr/lib/libasound.so.2.0.0", "usr/lib/libatopology.so.2", "usr/lib/libatopology.so.2.0.0", "usr/share/alsa/alsa.conf", "usr/share/alsa/cards/AACI.conf", "usr/share/alsa/cards/ATIIXP-MODEM.conf", "usr/share/alsa/cards/ATIIXP-SPDMA.conf", "usr/share/alsa/cards/ATIIXP.conf", "usr/share/alsa/cards/AU8810.conf", "usr/share/alsa/cards/AU8820.conf", "usr/share/alsa/cards/AU8830.conf", "usr/share/alsa/cards/Audigy.conf", "usr/share/alsa/cards/Audigy2.conf", "usr/share/alsa/cards/Aureon51.conf", "usr/share/alsa/cards/Aureon71.conf", "usr/share/alsa/cards/CA0106.conf", "usr/share/alsa/cards/CMI8338-SWIEC.conf", "usr/share/alsa/cards/CMI8338.conf", "usr/share/alsa/cards/CMI8738-MC6.conf", "usr/share/alsa/cards/CMI8738-MC8.conf", "usr/share/alsa/cards/CMI8788.conf", "usr/share/alsa/cards/CS46xx.conf", "usr/share/alsa/cards/EMU10K1.conf", "usr/share/alsa/cards/EMU10K1X.conf", "usr/share/alsa/cards/ENS1370.conf", "usr/share/alsa/cards/ENS1371.conf", "usr/share/alsa/cards/ES1968.conf", "usr/share/alsa/cards/Echo_Echo3G.conf", "usr/share/alsa/cards/FM801.conf", "usr/share/alsa/cards/FWSpeakers.conf", "usr/share/alsa/cards/FireWave.conf", "usr/share/alsa/cards/GUS.conf", "usr/share/alsa/cards/HDA-Intel.conf", "usr/share/alsa/cards/HdmiLpeAudio.conf", "usr/share/alsa/cards/ICE1712.conf", "usr/share/alsa/cards/ICE1724.conf", "usr/share/alsa/cards/ICH-MODEM.conf", "usr/share/alsa/cards/ICH.conf", "usr/share/alsa/cards/ICH4.conf", "usr/share/alsa/cards/Loopback.conf", "usr/share/alsa/cards/Maestro3.conf", "usr/share/alsa/cards/NFORCE.conf", "usr/share/alsa/cards/PC-Speaker.conf", "usr/share/alsa/cards/PMac.conf", "usr/share/alsa/cards/PMacToonie.conf", "usr/share/alsa/cards/PS3.conf", "usr/share/alsa/cards/RME9636.conf", "usr/share/alsa/cards/RME9652.conf", "usr/share/alsa/cards/SB-XFi.conf", "usr/share/alsa/cards/SI7018.conf", "usr/share/alsa/cards/TRID4DWAVENX.conf", "usr/share/alsa/cards/USB-Audio.conf", "usr/share/alsa/cards/VIA686A.conf", "usr/share/alsa/cards/VIA8233.conf", "usr/share/alsa/cards/VIA8233A.conf", "usr/share/alsa/cards/VIA8237.conf", "usr/share/alsa/cards/VX222.conf", "usr/share/alsa/cards/VXPocket.conf", "usr/share/alsa/cards/VXPocket440.conf", "usr/share/alsa/cards/YMF744.conf", "usr/share/alsa/cards/aliases.conf", "usr/share/alsa/cards/pistachio-card.conf", "usr/share/alsa/cards/vc4-hdmi.conf", "usr/share/alsa/ctl/default.conf", "usr/share/alsa/pcm/center_lfe.conf", "usr/share/alsa/pcm/default.conf", "usr/share/alsa/pcm/dmix.conf", "usr/share/alsa/pcm/dpl.conf", "usr/share/alsa/pcm/dsnoop.conf", "usr/share/alsa/pcm/front.conf", "usr/share/alsa/pcm/hdmi.conf", "usr/share/alsa/pcm/iec958.conf", "usr/share/alsa/pcm/modem.conf", "usr/share/alsa/pcm/rear.conf", "usr/share/alsa/pcm/side.conf", "usr/share/alsa/pcm/surround21.conf", "usr/share/alsa/pcm/surround40.conf", "usr/share/alsa/pcm/surround41.conf", "usr/share/alsa/pcm/surround50.conf", "usr/share/alsa/pcm/surround51.conf", "usr/share/alsa/pcm/surround71.conf" ], "AnalyzedBy": "apk" }, { "ID": "aom-libs@3.12.1-r0", "Name": "aom-libs", "Identifier": { "PURL": "pkg:apk/alpine/aom-libs@3.12.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "a57838e0d527f49c" }, "Version": "3.12.1-r0", "Arch": "x86_64", "SrcName": "aom", "SrcVersion": "3.12.1-r0", "Licenses": [ "BSD-2-Clause", "custom" ], "Maintainer": "Oleg Titov \u003coleg.titov@gmail.com\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:e91d6c62643fd698b33834963d893547520ca622", "InstalledFiles": [ "usr/lib/libaom.so.3", "usr/lib/libaom.so.3.12.1" ], "AnalyzedBy": "apk" }, { "ID": "apk-tools@2.14.9-r2", "Name": "apk-tools", "Identifier": { "PURL": "pkg:apk/alpine/apk-tools@2.14.9-r2?arch=x86_64\u0026distro=3.22.1", "UID": "adde765a3a34534e" }, "Version": "2.14.9-r2", "Arch": "x86_64", "SrcName": "apk-tools", "SrcVersion": "2.14.9-r2", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "ca-certificates-bundle@20250619-r0", "libapk2@2.14.9-r2", "libcrypto3@3.5.1-r0", "musl@1.2.5-r10", "zlib@1.3.1-r2" ], "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "Digest": "sha1:2a8910d00ac31df2e1ccd94127488ea3a06e2d48", "InstalledFiles": [ "sbin/apk" ], "AnalyzedBy": "apk" }, { "ID": "bash@5.2.37-r0", "Name": "bash", "Identifier": { "PURL": "pkg:apk/alpine/bash@5.2.37-r0?arch=x86_64\u0026distro=3.22.1", "UID": "f62bb3d72621b61b" }, "Version": "5.2.37-r0", "Arch": "x86_64", "SrcName": "bash", "SrcVersion": "5.2.37-r0", "Licenses": [ "GPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "busybox-binsh@1.37.0-r18", "musl@1.2.5-r10", "readline@8.2.13-r1" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:e2e7691628b43701a0fe7228b8d986a7aeb58aa9", "InstalledFiles": [ "bin/bash", "etc/bash/bashrc", "etc/profile.d/00-bashrc.sh", "usr/lib/bash/accept", "usr/lib/bash/basename", "usr/lib/bash/csv", "usr/lib/bash/cut", "usr/lib/bash/dirname", "usr/lib/bash/dsv", "usr/lib/bash/fdflags", "usr/lib/bash/finfo", "usr/lib/bash/getconf", "usr/lib/bash/head", "usr/lib/bash/id", "usr/lib/bash/ln", "usr/lib/bash/logname", "usr/lib/bash/mkdir", "usr/lib/bash/mkfifo", "usr/lib/bash/mktemp", "usr/lib/bash/mypid", "usr/lib/bash/pathchk", "usr/lib/bash/print", "usr/lib/bash/printenv", "usr/lib/bash/push", "usr/lib/bash/realpath", "usr/lib/bash/rm", "usr/lib/bash/rmdir", "usr/lib/bash/seq", "usr/lib/bash/setpgid", "usr/lib/bash/sleep", "usr/lib/bash/stat", "usr/lib/bash/strftime", "usr/lib/bash/sync", "usr/lib/bash/tee", "usr/lib/bash/truefalse", "usr/lib/bash/tty", "usr/lib/bash/uname", "usr/lib/bash/unlink", "usr/lib/bash/whoami" ], "AnalyzedBy": "apk" }, { "ID": "brotli-libs@1.1.0-r2", "Name": "brotli-libs", "Identifier": { "PURL": "pkg:apk/alpine/brotli-libs@1.1.0-r2?arch=x86_64\u0026distro=3.22.1", "UID": "da69ac3787a8a478" }, "Version": "1.1.0-r2", "Arch": "x86_64", "SrcName": "brotli", "SrcVersion": "1.1.0-r2", "Licenses": [ "MIT" ], "Maintainer": "prspkt \u003cprspkt@protonmail.com\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:889fa02c5f7cdd90283ce2b68959e9c44e5dfbf2", "InstalledFiles": [ "usr/lib/libbrotlicommon.so.1", "usr/lib/libbrotlicommon.so.1.1.0", "usr/lib/libbrotlidec.so.1", "usr/lib/libbrotlidec.so.1.1.0", "usr/lib/libbrotlienc.so.1", "usr/lib/libbrotlienc.so.1.1.0" ], "AnalyzedBy": "apk" }, { "ID": "busybox@1.37.0-r18", "Name": "busybox", "Identifier": { "PURL": "pkg:apk/alpine/busybox@1.37.0-r18?arch=x86_64\u0026distro=3.22.1", "UID": "3da78128164dbbc4" }, "Version": "1.37.0-r18", "Arch": "x86_64", "SrcName": "busybox", "SrcVersion": "1.37.0-r18", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "Digest": "sha1:21558d4968f31dcc377c0f27dae9bb0f32bb25d2", "InstalledFiles": [ "bin/busybox", "etc/securetty", "etc/busybox-paths.d/busybox", "etc/logrotate.d/acpid", "etc/network/if-up.d/dad", "etc/udhcpc/udhcpc.conf", "usr/share/udhcpc/default.script" ], "AnalyzedBy": "apk" }, { "ID": "busybox-binsh@1.37.0-r18", "Name": "busybox-binsh", "Identifier": { "PURL": "pkg:apk/alpine/busybox-binsh@1.37.0-r18?arch=x86_64\u0026distro=3.22.1", "UID": "c66405e3f8ffde54" }, "Version": "1.37.0-r18", "Arch": "x86_64", "SrcName": "busybox", "SrcVersion": "1.37.0-r18", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", "DependsOn": [ "busybox@1.37.0-r18" ], "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "Digest": "sha1:4bcdab5f9122afb4de71bfe8b1125c0c02796793", "InstalledFiles": [ "bin/sh" ], "AnalyzedBy": "apk" }, { "ID": "ca-certificates@20250619-r0", "Name": "ca-certificates", "Identifier": { "PURL": "pkg:apk/alpine/ca-certificates@20250619-r0?arch=x86_64\u0026distro=3.22.1", "UID": "854fde5eb11f246f" }, "Version": "20250619-r0", "Arch": "x86_64", "SrcName": "ca-certificates", "SrcVersion": "20250619-r0", "Licenses": [ "MPL-2.0", "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "busybox-binsh@1.37.0-r18", "libcrypto3@3.5.1-r0", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:3b7c32ecd4342d100cf04ca9a4a27702896461e3", "InstalledFiles": [ "etc/ca-certificates.conf", "etc/apk/protected_paths.d/ca-certificates.list", "etc/ca-certificates/update.d/certhash", "usr/bin/c_rehash", "usr/sbin/update-ca-certificates", "usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt", "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt", "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt", "usr/share/ca-certificates/mozilla/ANF_Secure_Server_Root_CA.crt", "usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt", "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt", "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.crt", "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.crt", "usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt", "usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA1.crt", "usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA2.crt", "usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt", "usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt", "usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt", "usr/share/ca-certificates/mozilla/CFCA_EV_ROOT.crt", "usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Certainly_Root_E1.crt", "usr/share/ca-certificates/mozilla/Certainly_Root_R1.crt", "usr/share/ca-certificates/mozilla/Certigna.crt", "usr/share/ca-certificates/mozilla/Certigna_Root_CA.crt", "usr/share/ca-certificates/mozilla/Certum_EC-384_CA.crt", "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt", "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt", "usr/share/ca-certificates/mozilla/Certum_Trusted_Root_CA.crt", "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-01.crt", "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-02.crt", "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-01.crt", "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-02.crt", "usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_1_2020.crt", "usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_2_2023.crt", "usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_1_2020.crt", "usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_2_2023.crt", "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt", "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt", "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt", "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt", "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt", "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt", "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt", "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt", "usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt", "usr/share/ca-certificates/mozilla/DigiCert_TLS_ECC_P384_Root_G5.crt", "usr/share/ca-certificates/mozilla/DigiCert_TLS_RSA4096_Root_G5.crt", "usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt", "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt", "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/FIRMAPROFESIONAL_CA_ROOT-A_WEB.crt", "usr/share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt", "usr/share/ca-certificates/mozilla/GLOBALTRUST_2020.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R1.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R2.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R3.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R4.crt", "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt", "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_E46.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_R46.crt", "usr/share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/HARICA_TLS_ECC_Root_CA_2021.crt", "usr/share/ca-certificates/mozilla/HARICA_TLS_RSA_Root_CA_2021.crt", "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt", "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt", "usr/share/ca-certificates/mozilla/HiPKI_Root_CA_-_G1.crt", "usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt", "usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt", "usr/share/ca-certificates/mozilla/ISRG_Root_X2.crt", "usr/share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt", "usr/share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt", "usr/share/ca-certificates/mozilla/Izenpe.com.crt", "usr/share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt", "usr/share/ca-certificates/mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt", "usr/share/ca-certificates/mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt", "usr/share/ca-certificates/mozilla/NAVER_Global_Root_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt", "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt", "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt", "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt", "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt", "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt", "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt", "usr/share/ca-certificates/mozilla/SSL.com_TLS_ECC_Root_CA_2022.crt", "usr/share/ca-certificates/mozilla/SSL.com_TLS_RSA_Root_CA_2022.crt", "usr/share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt", "usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_E46.crt", "usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_R46.crt", "usr/share/ca-certificates/mozilla/SecureSign_Root_CA12.crt", "usr/share/ca-certificates/mozilla/SecureSign_Root_CA14.crt", "usr/share/ca-certificates/mozilla/SecureSign_Root_CA15.crt", "usr/share/ca-certificates/mozilla/SecureTrust_CA.crt", "usr/share/ca-certificates/mozilla/Secure_Global_CA.crt", "usr/share/ca-certificates/mozilla/Security_Communication_ECC_RootCA1.crt", "usr/share/ca-certificates/mozilla/Security_Communication_RootCA2.crt", "usr/share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt", "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt", "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt", "usr/share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt", "usr/share/ca-certificates/mozilla/TWCA_CYBER_Root_CA.crt", "usr/share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt", "usr/share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Telekom_Security_TLS_ECC_Root_2020.crt", "usr/share/ca-certificates/mozilla/Telekom_Security_TLS_RSA_Root_2023.crt", "usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt", "usr/share/ca-certificates/mozilla/Telia_Root_CA_v2.crt", "usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G3.crt", "usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G4.crt", "usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/TunTrust_Root_CA.crt", "usr/share/ca-certificates/mozilla/UCA_Extended_Validation_Root.crt", "usr/share/ca-certificates/mozilla/UCA_Global_G2_Root.crt", "usr/share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt", "usr/share/ca-certificates/mozilla/certSIGN_Root_CA_G2.crt", "usr/share/ca-certificates/mozilla/e-Szigno_Root_CA_2017.crt", "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_C3.crt", "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_G3.crt", "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_C1.crt", "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_G1.crt", "usr/share/ca-certificates/mozilla/vTrus_ECC_Root_CA.crt", "usr/share/ca-certificates/mozilla/vTrus_Root_CA.crt" ], "AnalyzedBy": "apk" }, { "ID": "ca-certificates-bundle@20250619-r0", "Name": "ca-certificates-bundle", "Identifier": { "PURL": "pkg:apk/alpine/ca-certificates-bundle@20250619-r0?arch=x86_64\u0026distro=3.22.1", "UID": "dad0d13eb03c8270" }, "Version": "20250619-r0", "Arch": "x86_64", "SrcName": "ca-certificates", "SrcVersion": "20250619-r0", "Licenses": [ "MPL-2.0", "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "Digest": "sha1:32be9117f1879f48b44823fbbd2d9e26a6a9a500", "InstalledFiles": [ "etc/ssl/cert.pem", "etc/ssl/certs/ca-certificates.crt", "etc/ssl1.1/cert.pem", "etc/ssl1.1/certs" ], "AnalyzedBy": "apk" }, { "ID": "cjson@1.7.18-r1", "Name": "cjson", "Identifier": { "PURL": "pkg:apk/alpine/cjson@1.7.18-r1?arch=x86_64\u0026distro=3.22.1", "UID": "93f520d50c2b1445" }, "Version": "1.7.18-r1", "Arch": "x86_64", "SrcName": "cjson", "SrcVersion": "1.7.18-r1", "Licenses": [ "MIT" ], "Maintainer": "Jakub Jirutka \u003cjakub@jirutka.cz\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:ccce25f36fea419804c9fb59e52fbcb4abb396eb", "InstalledFiles": [ "usr/lib/libcjson.so.1", "usr/lib/libcjson.so.1.7.18" ], "AnalyzedBy": "apk" }, { "ID": "dbus-libs@1.16.2-r1", "Name": "dbus-libs", "Identifier": { "PURL": "pkg:apk/alpine/dbus-libs@1.16.2-r1?arch=x86_64\u0026distro=3.22.1", "UID": "65fe7f7eaea482a8" }, "Version": "1.16.2-r1", "Arch": "x86_64", "SrcName": "dbus", "SrcVersion": "1.16.2-r1", "Licenses": [ "AFL-2.1", "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:0890976ca17a33dede33013561523b49f123810c", "InstalledFiles": [ "usr/lib/libdbus-1.so.3", "usr/lib/libdbus-1.so.3.38.3" ], "AnalyzedBy": "apk" }, { "ID": "ffmpeg@6.1.2-r2", "Name": "ffmpeg", "Identifier": { "PURL": "pkg:apk/alpine/ffmpeg@6.1.2-r2?arch=x86_64\u0026distro=3.22.1", "UID": "d1ca681eff3d8b6d" }, "Version": "6.1.2-r2", "Arch": "x86_64", "SrcName": "ffmpeg", "SrcVersion": "6.1.2-r2", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.1-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "ffmpeg-libavcodec@6.1.2-r2", "ffmpeg-libavdevice@6.1.2-r2", "ffmpeg-libavfilter@6.1.2-r2", "ffmpeg-libavformat@6.1.2-r2", "ffmpeg-libavutil@6.1.2-r2", "ffmpeg-libpostproc@6.1.2-r2", "ffmpeg-libswresample@6.1.2-r2", "ffmpeg-libswscale@6.1.2-r2", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:492342de466f1aeb5964f1f4342ea9f30de74513", "InstalledFiles": [ "usr/bin/ffmpeg", "usr/bin/ffprobe", "usr/bin/qt-faststart", "usr/share/ffmpeg/ffprobe.xsd", "usr/share/ffmpeg/libvpx-1080p.ffpreset", "usr/share/ffmpeg/libvpx-1080p50_60.ffpreset", "usr/share/ffmpeg/libvpx-360p.ffpreset", "usr/share/ffmpeg/libvpx-720p.ffpreset", "usr/share/ffmpeg/libvpx-720p50_60.ffpreset" ], "AnalyzedBy": "apk" }, { "ID": "ffmpeg-libavcodec@6.1.2-r2", "Name": "ffmpeg-libavcodec", "Identifier": { "PURL": "pkg:apk/alpine/ffmpeg-libavcodec@6.1.2-r2?arch=x86_64\u0026distro=3.22.1", "UID": "e5ed44d91064dacb" }, "Version": "6.1.2-r2", "Arch": "x86_64", "SrcName": "ffmpeg", "SrcVersion": "6.1.2-r2", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.1-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "aom-libs@3.12.1-r0", "ffmpeg-libavutil@6.1.2-r2", "ffmpeg-libswresample@6.1.2-r2", "lame-libs@3.100-r5", "libSvtAv1Enc@2.3.0-r0", "libdav1d@1.5.1-r0", "libjxl@0.10.3-r2", "libtheora@1.1.1-r18", "libva@2.22.0-r1", "libvorbis@1.3.7-r2", "libvpx@1.15.0-r0", "libwebp@1.5.0-r0", "libwebpmux@1.5.0-r0", "musl@1.2.5-r10", "onevpl-libs@2023.3.1-r2", "opus@1.5.2-r1", "rav1e-libs@0.7.1-r0", "x264-libs@0.164.3108-r0", "x265-libs@3.6-r0", "xvidcore@1.3.7-r2", "zlib@1.3.1-r2" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:3e2966a56be26d7f5c92ffa9d643f14f60aabe84", "InstalledFiles": [ "usr/lib/libavcodec.so.60", "usr/lib/libavcodec.so.60.31.102" ], "AnalyzedBy": "apk" }, { "ID": "ffmpeg-libavdevice@6.1.2-r2", "Name": "ffmpeg-libavdevice", "Identifier": { "PURL": "pkg:apk/alpine/ffmpeg-libavdevice@6.1.2-r2?arch=x86_64\u0026distro=3.22.1", "UID": "70803b8e66f2e4ce" }, "Version": "6.1.2-r2", "Arch": "x86_64", "SrcName": "ffmpeg", "SrcVersion": "6.1.2-r2", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.1-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "alsa-lib@1.2.14-r0", "ffmpeg-libavcodec@6.1.2-r2", "ffmpeg-libavfilter@6.1.2-r2", "ffmpeg-libavformat@6.1.2-r2", "ffmpeg-libavutil@6.1.2-r2", "libdrm@2.4.124-r0", "libpulse@17.0-r5", "libxcb@1.17.0-r0", "musl@1.2.5-r10", "sdl2-compat@2.32.56-r0", "v4l-utils-libs@1.28.1-r1" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:e06358482f161e7d8f943e1a48a24acbc54c54a1", "InstalledFiles": [ "usr/lib/libavdevice.so.60", "usr/lib/libavdevice.so.60.3.100" ], "AnalyzedBy": "apk" }, { "ID": "ffmpeg-libavfilter@6.1.2-r2", "Name": "ffmpeg-libavfilter", "Identifier": { "PURL": "pkg:apk/alpine/ffmpeg-libavfilter@6.1.2-r2?arch=x86_64\u0026distro=3.22.1", "UID": "466c7033174a2418" }, "Version": "6.1.2-r2", "Arch": "x86_64", "SrcName": "ffmpeg", "SrcVersion": "6.1.2-r2", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.1-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "ffmpeg-libavcodec@6.1.2-r2", "ffmpeg-libavformat@6.1.2-r2", "ffmpeg-libavutil@6.1.2-r2", "ffmpeg-libpostproc@6.1.2-r2", "ffmpeg-libswresample@6.1.2-r2", "ffmpeg-libswscale@6.1.2-r2", "fontconfig@2.15.0-r3", "freetype@2.13.3-r0", "fribidi@1.0.16-r1", "harfbuzz@11.2.1-r0", "libass@0.17.3-r0", "libplacebo@6.338.2-r3", "libva@2.22.0-r1", "libzmq@4.3.5-r2", "lilv-libs@0.24.26-r0", "musl@1.2.5-r10", "onevpl-libs@2023.3.1-r2", "vidstab@1.1.1-r0", "zimg@3.0.5-r3" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:9904e42e74096c296ddfc50af33a4c91493b3063", "InstalledFiles": [ "usr/lib/libavfilter.so.9", "usr/lib/libavfilter.so.9.12.100" ], "AnalyzedBy": "apk" }, { "ID": "ffmpeg-libavformat@6.1.2-r2", "Name": "ffmpeg-libavformat", "Identifier": { "PURL": "pkg:apk/alpine/ffmpeg-libavformat@6.1.2-r2?arch=x86_64\u0026distro=3.22.1", "UID": "265c5401a59f5d24" }, "Version": "6.1.2-r2", "Arch": "x86_64", "SrcName": "ffmpeg", "SrcVersion": "6.1.2-r2", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.1-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "ffmpeg-libavcodec@6.1.2-r2", "ffmpeg-libavutil@6.1.2-r2", "libbluray@1.3.4-r1", "libbz2@1.0.8-r6", "libcrypto3@3.5.1-r0", "libopenmpt@0.7.15-r0", "librist@0.2.10-r1", "libsrt@1.5.3-r1", "libssh@0.11.2-r0", "libssl3@3.5.1-r0", "libxml2@2.13.8-r0", "libzmq@4.3.5-r2", "musl@1.2.5-r10", "zlib@1.3.1-r2" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:f15642b0118f1918511577b2d5383799f801d347", "InstalledFiles": [ "usr/lib/libavformat.so.60", "usr/lib/libavformat.so.60.16.100" ], "AnalyzedBy": "apk" }, { "ID": "ffmpeg-libavutil@6.1.2-r2", "Name": "ffmpeg-libavutil", "Identifier": { "PURL": "pkg:apk/alpine/ffmpeg-libavutil@6.1.2-r2?arch=x86_64\u0026distro=3.22.1", "UID": "b41b47b3e7d93bc5" }, "Version": "6.1.2-r2", "Arch": "x86_64", "SrcName": "ffmpeg", "SrcVersion": "6.1.2-r2", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.1-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libcrypto3@3.5.1-r0", "libdrm@2.4.124-r0", "libva@2.22.0-r1", "libvdpau@1.5-r4", "libx11@1.8.11-r0", "musl@1.2.5-r10", "onevpl-libs@2023.3.1-r2" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:723f928d4f1caf8f8b652ff3f6e5e39f904a786d", "InstalledFiles": [ "usr/lib/libavutil.so.58", "usr/lib/libavutil.so.58.29.100" ], "AnalyzedBy": "apk" }, { "ID": "ffmpeg-libpostproc@6.1.2-r2", "Name": "ffmpeg-libpostproc", "Identifier": { "PURL": "pkg:apk/alpine/ffmpeg-libpostproc@6.1.2-r2?arch=x86_64\u0026distro=3.22.1", "UID": "ee05b603ec483cff" }, "Version": "6.1.2-r2", "Arch": "x86_64", "SrcName": "ffmpeg", "SrcVersion": "6.1.2-r2", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.1-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "ffmpeg-libavutil@6.1.2-r2", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:80dc50f3a2afb9ee39e89511a803351f73657cc3", "InstalledFiles": [ "usr/lib/libpostproc.so.57", "usr/lib/libpostproc.so.57.3.100" ], "AnalyzedBy": "apk" }, { "ID": "ffmpeg-libswresample@6.1.2-r2", "Name": "ffmpeg-libswresample", "Identifier": { "PURL": "pkg:apk/alpine/ffmpeg-libswresample@6.1.2-r2?arch=x86_64\u0026distro=3.22.1", "UID": "5b978893cb236500" }, "Version": "6.1.2-r2", "Arch": "x86_64", "SrcName": "ffmpeg", "SrcVersion": "6.1.2-r2", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.1-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "ffmpeg-libavutil@6.1.2-r2", "musl@1.2.5-r10", "soxr@0.1.3-r7" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:5e61829e7c7995eb31cae6988cdb3b6b6660f3b3", "InstalledFiles": [ "usr/lib/libswresample.so.4", "usr/lib/libswresample.so.4.12.100" ], "AnalyzedBy": "apk" }, { "ID": "ffmpeg-libswscale@6.1.2-r2", "Name": "ffmpeg-libswscale", "Identifier": { "PURL": "pkg:apk/alpine/ffmpeg-libswscale@6.1.2-r2?arch=x86_64\u0026distro=3.22.1", "UID": "81ff89bcccefc8a3" }, "Version": "6.1.2-r2", "Arch": "x86_64", "SrcName": "ffmpeg", "SrcVersion": "6.1.2-r2", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.1-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "ffmpeg-libavutil@6.1.2-r2", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:bbc326b76337451146bdb5d25dcf24f3d58d7bbf", "InstalledFiles": [ "usr/lib/libswscale.so.7", "usr/lib/libswscale.so.7.5.100" ], "AnalyzedBy": "apk" }, { "ID": "fontconfig@2.15.0-r3", "Name": "fontconfig", "Identifier": { "PURL": "pkg:apk/alpine/fontconfig@2.15.0-r3?arch=x86_64\u0026distro=3.22.1", "UID": "fbbf679eb09d7bca" }, "Version": "2.15.0-r3", "Arch": "x86_64", "SrcName": "fontconfig", "SrcVersion": "2.15.0-r3", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "busybox-binsh@1.37.0-r18", "freetype@2.13.3-r0", "libexpat@2.7.1-r0", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:f8a4adf353c174e5287521b7893ce54b4c5f4d86", "InstalledFiles": [ "etc/fonts/fonts.conf", "etc/fonts/conf.d/10-hinting-slight.conf", "etc/fonts/conf.d/10-scale-bitmap-fonts.conf", "etc/fonts/conf.d/10-sub-pixel-none.conf", "etc/fonts/conf.d/10-yes-antialias.conf", "etc/fonts/conf.d/11-lcdfilter-default.conf", "etc/fonts/conf.d/20-unhint-small-vera.conf", "etc/fonts/conf.d/30-metric-aliases.conf", "etc/fonts/conf.d/40-nonlatin.conf", "etc/fonts/conf.d/45-generic.conf", "etc/fonts/conf.d/45-latin.conf", "etc/fonts/conf.d/48-spacing.conf", "etc/fonts/conf.d/49-sansserif.conf", "etc/fonts/conf.d/50-user.conf", "etc/fonts/conf.d/51-local.conf", "etc/fonts/conf.d/60-generic.conf", "etc/fonts/conf.d/60-latin.conf", "etc/fonts/conf.d/65-fonts-persian.conf", "etc/fonts/conf.d/65-nonlatin.conf", "etc/fonts/conf.d/69-unifont.conf", "etc/fonts/conf.d/80-delicious.conf", "etc/fonts/conf.d/90-synthetic.conf", "etc/fonts/conf.d/README", "usr/bin/fc-cache", "usr/bin/fc-cat", "usr/bin/fc-conflist", "usr/bin/fc-list", "usr/bin/fc-match", "usr/bin/fc-pattern", "usr/bin/fc-query", "usr/bin/fc-scan", "usr/bin/fc-validate", "usr/lib/libfontconfig.so.1", "usr/lib/libfontconfig.so.1.12.1", "usr/share/fontconfig/conf.avail/05-reset-dirs-sample.conf", "usr/share/fontconfig/conf.avail/09-autohint-if-no-hinting.conf", "usr/share/fontconfig/conf.avail/10-autohint.conf", "usr/share/fontconfig/conf.avail/10-hinting-full.conf", "usr/share/fontconfig/conf.avail/10-hinting-medium.conf", "usr/share/fontconfig/conf.avail/10-hinting-none.conf", "usr/share/fontconfig/conf.avail/10-hinting-slight.conf", "usr/share/fontconfig/conf.avail/10-no-antialias.conf", "usr/share/fontconfig/conf.avail/10-scale-bitmap-fonts.conf", "usr/share/fontconfig/conf.avail/10-sub-pixel-bgr.conf", "usr/share/fontconfig/conf.avail/10-sub-pixel-none.conf", "usr/share/fontconfig/conf.avail/10-sub-pixel-rgb.conf", "usr/share/fontconfig/conf.avail/10-sub-pixel-vbgr.conf", "usr/share/fontconfig/conf.avail/10-sub-pixel-vrgb.conf", "usr/share/fontconfig/conf.avail/10-unhinted.conf", "usr/share/fontconfig/conf.avail/10-yes-antialias.conf", "usr/share/fontconfig/conf.avail/11-lcdfilter-default.conf", "usr/share/fontconfig/conf.avail/11-lcdfilter-legacy.conf", "usr/share/fontconfig/conf.avail/11-lcdfilter-light.conf", "usr/share/fontconfig/conf.avail/11-lcdfilter-none.conf", "usr/share/fontconfig/conf.avail/20-unhint-small-vera.conf", "usr/share/fontconfig/conf.avail/25-unhint-nonlatin.conf", "usr/share/fontconfig/conf.avail/30-metric-aliases.conf", "usr/share/fontconfig/conf.avail/35-lang-normalize.conf", "usr/share/fontconfig/conf.avail/40-nonlatin.conf", "usr/share/fontconfig/conf.avail/45-generic.conf", "usr/share/fontconfig/conf.avail/45-latin.conf", "usr/share/fontconfig/conf.avail/48-spacing.conf", "usr/share/fontconfig/conf.avail/49-sansserif.conf", "usr/share/fontconfig/conf.avail/50-user.conf", "usr/share/fontconfig/conf.avail/51-local.conf", "usr/share/fontconfig/conf.avail/60-generic.conf", "usr/share/fontconfig/conf.avail/60-latin.conf", "usr/share/fontconfig/conf.avail/65-fonts-persian.conf", "usr/share/fontconfig/conf.avail/65-khmer.conf", "usr/share/fontconfig/conf.avail/65-nonlatin.conf", "usr/share/fontconfig/conf.avail/69-unifont.conf", "usr/share/fontconfig/conf.avail/70-no-bitmaps.conf", "usr/share/fontconfig/conf.avail/70-yes-bitmaps.conf", "usr/share/fontconfig/conf.avail/80-delicious.conf", "usr/share/fontconfig/conf.avail/90-synthetic.conf", "usr/share/xml/fontconfig/fonts.dtd" ], "AnalyzedBy": "apk" }, { "ID": "freetype@2.13.3-r0", "Name": "freetype", "Identifier": { "PURL": "pkg:apk/alpine/freetype@2.13.3-r0?arch=x86_64\u0026distro=3.22.1", "UID": "a8c78f3bc3b3e08a" }, "Version": "2.13.3-r0", "Arch": "x86_64", "SrcName": "freetype", "SrcVersion": "2.13.3-r0", "Licenses": [ "FTL", "GPL-2.0-or-later" ], "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", "DependsOn": [ "brotli-libs@1.1.0-r2", "libbz2@1.0.8-r6", "libpng@1.6.47-r0", "musl@1.2.5-r10", "zlib@1.3.1-r2" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:bf31020f338d745eda4d86c72190cbe0b5d58bbf", "InstalledFiles": [ "usr/lib/libfreetype.so.6", "usr/lib/libfreetype.so.6.20.2" ], "AnalyzedBy": "apk" }, { "ID": "fribidi@1.0.16-r1", "Name": "fribidi", "Identifier": { "PURL": "pkg:apk/alpine/fribidi@1.0.16-r1?arch=x86_64\u0026distro=3.22.1", "UID": "99e685a068e3f0d6" }, "Version": "1.0.16-r1", "Arch": "x86_64", "SrcName": "fribidi", "SrcVersion": "1.0.16-r1", "Licenses": [ "LGPL-2.1-or-later" ], "Maintainer": "Celeste \u003ccielesti@protonmail.com\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:976d40d9a6f4c37f5edc9d6a5c90eee860ab33c4", "InstalledFiles": [ "usr/bin/fribidi", "usr/lib/libfribidi.so.0", "usr/lib/libfribidi.so.0.4.0" ], "AnalyzedBy": "apk" }, { "ID": "giflib@5.2.2-r1", "Name": "giflib", "Identifier": { "PURL": "pkg:apk/alpine/giflib@5.2.2-r1?arch=x86_64\u0026distro=3.22.1", "UID": "7d9c79c46a24584b" }, "Version": "5.2.2-r1", "Arch": "x86_64", "SrcName": "giflib", "SrcVersion": "5.2.2-r1", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:3e2274b34db77db02f605cf242c696438d5587cc", "InstalledFiles": [ "usr/lib/libgif.so.7", "usr/lib/libgif.so.7.2.0" ], "AnalyzedBy": "apk" }, { "ID": "glib@2.84.4-r0", "Name": "glib", "Identifier": { "PURL": "pkg:apk/alpine/glib@2.84.4-r0?arch=x86_64\u0026distro=3.22.1", "UID": "97acd79b8c3414dc" }, "Version": "2.84.4-r0", "Arch": "x86_64", "SrcName": "glib", "SrcVersion": "2.84.4-r0", "Licenses": [ "LGPL-2.1-or-later" ], "Maintainer": "team/gnome \u003cpabloyoyoista@postmarketos.org\u003e", "DependsOn": [ "busybox-binsh@1.37.0-r18", "libffi@3.4.8-r0", "libintl@0.24.1-r0", "libmount@2.41-r9", "musl@1.2.5-r10", "pcre2@10.43-r1", "zlib@1.3.1-r2" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:fcad0997b4cb10ff97e2d88b0b37120fa08070c7", "InstalledFiles": [ "usr/bin/gapplication", "usr/bin/gdbus", "usr/bin/gi-compile-repository", "usr/bin/gi-decompile-typelib", "usr/bin/gi-inspect-typelib", "usr/bin/gio", "usr/bin/gio-querymodules", "usr/bin/glib-compile-schemas", "usr/bin/gsettings", "usr/lib/libgio-2.0.so.0", "usr/lib/libgio-2.0.so.0.8400.4", "usr/lib/libgirepository-2.0.so.0", "usr/lib/libgirepository-2.0.so.0.8400.4", "usr/lib/libglib-2.0.so.0", "usr/lib/libglib-2.0.so.0.8400.4", "usr/lib/libgmodule-2.0.so.0", "usr/lib/libgmodule-2.0.so.0.8400.4", "usr/lib/libgobject-2.0.so.0", "usr/lib/libgobject-2.0.so.0.8400.4", "usr/lib/libgthread-2.0.so.0", "usr/lib/libgthread-2.0.so.0.8400.4", "usr/lib/girepository-1.0/GIRepository-3.0.typelib", "usr/lib/girepository-1.0/GLib-2.0.typelib", "usr/lib/girepository-1.0/GLibUnix-2.0.typelib", "usr/lib/girepository-1.0/GModule-2.0.typelib", "usr/lib/girepository-1.0/GObject-2.0.typelib", "usr/lib/girepository-1.0/Gio-2.0.typelib", "usr/lib/girepository-1.0/GioUnix-2.0.typelib", "usr/libexec/gio-launch-desktop" ], "AnalyzedBy": "apk" }, { "ID": "glslang-libs@1.4.309.0-r0", "Name": "glslang-libs", "Identifier": { "PURL": "pkg:apk/alpine/glslang-libs@1.4.309.0-r0?arch=x86_64\u0026distro=3.22.1", "UID": "23cb78973eb2fdbd" }, "Version": "1.4.309.0-r0", "Arch": "x86_64", "SrcName": "glslang", "SrcVersion": "1.4.309.0-r0", "Licenses": [ "BSD-3-Clause", "BSD-2-Clause", "MIT", "Apache-2.0", "GPL-3.0-or-later" ], "Maintainer": "Simon Zeni \u003csimon@bl4ckb0ne.ca\u003e", "DependsOn": [ "libstdc++@14.2.0-r6", "musl@1.2.5-r10", "spirv-tools@1.4.313.0-r0" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:760f638aebdf76192c8038dc156c1f666312f9d6", "InstalledFiles": [ "usr/lib/libSPIRV.so.15", "usr/lib/libSPIRV.so.15.2.0", "usr/lib/libSPVRemapper.so.15", "usr/lib/libSPVRemapper.so.15.2.0", "usr/lib/libglslang-default-resource-limits.so.15", "usr/lib/libglslang-default-resource-limits.so.15.2.0", "usr/lib/libglslang.so.15", "usr/lib/libglslang.so.15.2.0" ], "AnalyzedBy": "apk" }, { "ID": "graphite2@1.3.14-r6", "Name": "graphite2", "Identifier": { "PURL": "pkg:apk/alpine/graphite2@1.3.14-r6?arch=x86_64\u0026distro=3.22.1", "UID": "83cb7342420e1a92" }, "Version": "1.3.14-r6", "Arch": "x86_64", "SrcName": "graphite2", "SrcVersion": "1.3.14-r6", "Licenses": [ "LGPL-2.1-or-later", "MPL-1.1" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:b3c23f25373bbed90c06e1c93c04f7cde4837a2d", "InstalledFiles": [ "usr/lib/libgraphite2.so.3", "usr/lib/libgraphite2.so.3.2.1" ], "AnalyzedBy": "apk" }, { "ID": "harfbuzz@11.2.1-r0", "Name": "harfbuzz", "Identifier": { "PURL": "pkg:apk/alpine/harfbuzz@11.2.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "ff21ad88e39d89d7" }, "Version": "11.2.1-r0", "Arch": "x86_64", "SrcName": "harfbuzz", "SrcVersion": "11.2.1-r0", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "freetype@2.13.3-r0", "glib@2.84.4-r0", "graphite2@1.3.14-r6", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:caade18d8ed5bc0e5a5e6fe8e5f389604b519328", "InstalledFiles": [ "usr/lib/libharfbuzz.so.0", "usr/lib/libharfbuzz.so.0.61121.0", "usr/lib/girepository-1.0/HarfBuzz-0.0.typelib" ], "AnalyzedBy": "apk" }, { "ID": "hwdata-pci@0.395-r0", "Name": "hwdata-pci", "Identifier": { "PURL": "pkg:apk/alpine/hwdata-pci@0.395-r0?arch=x86_64\u0026distro=3.22.1", "UID": "f889a40741a95d66" }, "Version": "0.395-r0", "Arch": "x86_64", "SrcName": "hwdata", "SrcVersion": "0.395-r0", "Licenses": [ "GPL-2.0-or-later", "XFree-86-1.1" ], "Maintainer": "Simon Zeni \u003csimon@bl4ckb0ne.ca\u003e", "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:3b98bc1e6b77d744018ce83ef8eb4f5d673ead0f", "InstalledFiles": [ "usr/share/hwdata/pci.ids" ], "AnalyzedBy": "apk" }, { "ID": "imath@3.1.12-r0", "Name": "imath", "Identifier": { "PURL": "pkg:apk/alpine/imath@3.1.12-r0?arch=x86_64\u0026distro=3.22.1", "UID": "35bb3ce914ebf619" }, "Version": "3.1.12-r0", "Arch": "x86_64", "SrcName": "imath", "SrcVersion": "3.1.12-r0", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Krassy Boykinov \u003ckboykinov@teamcentrixx.com\u003e", "DependsOn": [ "libstdc++@14.2.0-r6", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:d2d3778f82bc8211e140fa773bb331ba758738d6", "InstalledFiles": [ "usr/lib/libImath-3_1.so.29", "usr/lib/libImath-3_1.so.29.11.0" ], "AnalyzedBy": "apk" }, { "ID": "lame-libs@3.100-r5", "Name": "lame-libs", "Identifier": { "PURL": "pkg:apk/alpine/lame-libs@3.100-r5?arch=x86_64\u0026distro=3.22.1", "UID": "84eb35ecd836e15a" }, "Version": "3.100-r5", "Arch": "x86_64", "SrcName": "lame", "SrcVersion": "3.100-r5", "Licenses": [ "LGPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:74044d63bfb1fd2455e5ae84c1b9efd8ab8d1f17", "InstalledFiles": [ "usr/lib/libmp3lame.so.0", "usr/lib/libmp3lame.so.0.0.0" ], "AnalyzedBy": "apk" }, { "ID": "lcms2@2.16-r0", "Name": "lcms2", "Identifier": { "PURL": "pkg:apk/alpine/lcms2@2.16-r0?arch=x86_64\u0026distro=3.22.1", "UID": "37892de0d9654e69" }, "Version": "2.16-r0", "Arch": "x86_64", "SrcName": "lcms2", "SrcVersion": "2.16-r0", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:141310f5165a9e8f7f6e7673e2737c0369ff7a8a", "InstalledFiles": [ "usr/lib/liblcms2.so.2", "usr/lib/liblcms2.so.2.0.16" ], "AnalyzedBy": "apk" }, { "ID": "libSvtAv1Enc@2.3.0-r0", "Name": "libSvtAv1Enc", "Identifier": { "PURL": "pkg:apk/alpine/libsvtav1enc@2.3.0-r0?arch=x86_64\u0026distro=3.22.1", "UID": "38b005e0765eeea" }, "Version": "2.3.0-r0", "Arch": "x86_64", "SrcName": "svt-av1", "SrcVersion": "2.3.0-r0", "Licenses": [ "BSD-3-Clause-Clear" ], "Maintainer": "Oleg Titov \u003coleg.titov@gmail.com\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:a967a1360c0a5accb93b1ef7055bb6ca6de0601c", "InstalledFiles": [ "usr/lib/libSvtAv1Enc.so.2", "usr/lib/libSvtAv1Enc.so.2.3.0" ], "AnalyzedBy": "apk" }, { "ID": "libapk2@2.14.9-r2", "Name": "libapk2", "Identifier": { "PURL": "pkg:apk/alpine/libapk2@2.14.9-r2?arch=x86_64\u0026distro=3.22.1", "UID": "fc5150123bb2dd6a" }, "Version": "2.14.9-r2", "Arch": "x86_64", "SrcName": "apk-tools", "SrcVersion": "2.14.9-r2", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "ca-certificates-bundle@20250619-r0", "libcrypto3@3.5.1-r0", "libssl3@3.5.1-r0", "musl@1.2.5-r10", "zlib@1.3.1-r2" ], "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "Digest": "sha1:d3a20797fcda1b5742c119ffc146c1e110ed418e", "InstalledFiles": [ "usr/lib/libapk.so.2.14.9" ], "AnalyzedBy": "apk" }, { "ID": "libass@0.17.3-r0", "Name": "libass", "Identifier": { "PURL": "pkg:apk/alpine/libass@0.17.3-r0?arch=x86_64\u0026distro=3.22.1", "UID": "1cd3fda25201e5db" }, "Version": "0.17.3-r0", "Arch": "x86_64", "SrcName": "libass", "SrcVersion": "0.17.3-r0", "Licenses": [ "ISC" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "fontconfig@2.15.0-r3", "freetype@2.13.3-r0", "fribidi@1.0.16-r1", "harfbuzz@11.2.1-r0", "libunibreak@6.1-r0", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:e77ee5214f686dd94d0e38468203aafa5db8707f", "InstalledFiles": [ "usr/lib/libass.so.9", "usr/lib/libass.so.9.3.1" ], "AnalyzedBy": "apk" }, { "ID": "libasyncns@0.8-r4", "Name": "libasyncns", "Identifier": { "PURL": "pkg:apk/alpine/libasyncns@0.8-r4?arch=x86_64\u0026distro=3.22.1", "UID": "dcfbf5bc8def9135" }, "Version": "0.8-r4", "Arch": "x86_64", "SrcName": "libasyncns", "SrcVersion": "0.8-r4", "Licenses": [ "LGPL-2.0-or-later" ], "Maintainer": "Celeste \u003ccielesti@protonmail.com\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:df01e91b1b7419ccbda3b589581739a42a1148b8", "InstalledFiles": [ "usr/lib/libasyncns.so.0", "usr/lib/libasyncns.so.0.3.1" ], "AnalyzedBy": "apk" }, { "ID": "libblkid@2.41-r9", "Name": "libblkid", "Identifier": { "PURL": "pkg:apk/alpine/libblkid@2.41-r9?arch=x86_64\u0026distro=3.22.1", "UID": "b6bab395577e9c31" }, "Version": "2.41-r9", "Arch": "x86_64", "SrcName": "util-linux", "SrcVersion": "2.41-r9", "Licenses": [ "LGPL-2.1-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libeconf@0.6.3-r0", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:da7a104ebe1e7f00b56527f1423fcd8193ef1aab", "InstalledFiles": [ "usr/lib/libblkid.so.1", "usr/lib/libblkid.so.1.1.0" ], "AnalyzedBy": "apk" }, { "ID": "libbluray@1.3.4-r1", "Name": "libbluray", "Identifier": { "PURL": "pkg:apk/alpine/libbluray@1.3.4-r1?arch=x86_64\u0026distro=3.22.1", "UID": "9a57b71f00918228" }, "Version": "1.3.4-r1", "Arch": "x86_64", "SrcName": "libbluray", "SrcVersion": "1.3.4-r1", "Licenses": [ "LGPL-2.1-or-later" ], "Maintainer": "Timo Teräs \u003ctimo.teras@iki.fi\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:b27480d977caa780fcebac4aeb7506fad3577c41", "InstalledFiles": [ "usr/bin/bd_info", "usr/bin/bd_list_titles", "usr/bin/bd_splice", "usr/lib/libbluray.so.2", "usr/lib/libbluray.so.2.4.3" ], "AnalyzedBy": "apk" }, { "ID": "libbsd@0.12.2-r0", "Name": "libbsd", "Identifier": { "PURL": "pkg:apk/alpine/libbsd@0.12.2-r0?arch=x86_64\u0026distro=3.22.1", "UID": "f87b6b8c1bdedefd" }, "Version": "0.12.2-r0", "Arch": "x86_64", "SrcName": "libbsd", "SrcVersion": "0.12.2-r0", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libmd@1.1.0-r0", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:8c3724586ce305e5e6552acf4b89004f7fc05dd9", "InstalledFiles": [ "usr/lib/libbsd.so.0", "usr/lib/libbsd.so.0.12.2" ], "AnalyzedBy": "apk" }, { "ID": "libbz2@1.0.8-r6", "Name": "libbz2", "Identifier": { "PURL": "pkg:apk/alpine/libbz2@1.0.8-r6?arch=x86_64\u0026distro=3.22.1", "UID": "723292282ebbd061" }, "Version": "1.0.8-r6", "Arch": "x86_64", "SrcName": "bzip2", "SrcVersion": "1.0.8-r6", "Licenses": [ "bzip-2-1.0.6" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:1c8732214d0947cdbca8b7905576c0d0bc3deb3b", "InstalledFiles": [ "usr/lib/libbz2.so.1", "usr/lib/libbz2.so.1.0.8" ], "AnalyzedBy": "apk" }, { "ID": "libcrypto3@3.5.1-r0", "Name": "libcrypto3", "Identifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "d1c0fc0b189b35f2" }, "Version": "3.5.1-r0", "Arch": "x86_64", "SrcName": "openssl", "SrcVersion": "3.5.1-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "Digest": "sha1:cdc005cdb0f91d9f652d17b337b5b9ad0ffa2012", "InstalledFiles": [ "etc/ssl/ct_log_list.cnf", "etc/ssl/ct_log_list.cnf.dist", "etc/ssl/openssl.cnf", "etc/ssl/openssl.cnf.dist", "usr/lib/libcrypto.so.3", "usr/lib/engines-3/afalg.so", "usr/lib/engines-3/capi.so", "usr/lib/engines-3/loader_attic.so", "usr/lib/engines-3/padlock.so", "usr/lib/ossl-modules/legacy.so" ], "AnalyzedBy": "apk" }, { "ID": "libdav1d@1.5.1-r0", "Name": "libdav1d", "Identifier": { "PURL": "pkg:apk/alpine/libdav1d@1.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "3c665267f5ccec62" }, "Version": "1.5.1-r0", "Arch": "x86_64", "SrcName": "dav1d", "SrcVersion": "1.5.1-r0", "Licenses": [ "BSD-2-Clause" ], "Maintainer": "Bart Ribbers \u003cbribbers@disroot.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:77ae2dcc6ce1090ad524fe1c4b1d70e34e330db7", "InstalledFiles": [ "usr/lib/libdav1d.so.7", "usr/lib/libdav1d.so.7.0.0" ], "AnalyzedBy": "apk" }, { "ID": "libdeflate@1.23-r0", "Name": "libdeflate", "Identifier": { "PURL": "pkg:apk/alpine/libdeflate@1.23-r0?arch=x86_64\u0026distro=3.22.1", "UID": "da980bde61ff1bc6" }, "Version": "1.23-r0", "Arch": "x86_64", "SrcName": "libdeflate", "SrcVersion": "1.23-r0", "Licenses": [ "MIT" ], "Maintainer": "Holger Jaekel \u003cholger.jaekel@gmx.de\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:21dec753a78ca26b92bf183d786aac61a8eca622", "InstalledFiles": [ "usr/lib/libdeflate.so.0" ], "AnalyzedBy": "apk" }, { "ID": "libdovi@3.3.1-r1", "Name": "libdovi", "Identifier": { "PURL": "pkg:apk/alpine/libdovi@3.3.1-r1?arch=x86_64\u0026distro=3.22.1", "UID": "e2b542938ef3bd26" }, "Version": "3.3.1-r1", "Arch": "x86_64", "SrcName": "libdovi", "SrcVersion": "3.3.1-r1", "Licenses": [ "MIT" ], "Maintainer": "Krassy Boykinov \u003ckboykinov@teamcentrixx.com\u003e", "DependsOn": [ "libgcc@14.2.0-r6", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:e187efbef72d47ee378237b147f0a054332879e9", "InstalledFiles": [ "usr/lib/libdovi.so.3", "usr/lib/libdovi.so.3.3.1" ], "AnalyzedBy": "apk" }, { "ID": "libdrm@2.4.124-r0", "Name": "libdrm", "Identifier": { "PURL": "pkg:apk/alpine/libdrm@2.4.124-r0?arch=x86_64\u0026distro=3.22.1", "UID": "264f3083bdba6e86" }, "Version": "2.4.124-r0", "Arch": "x86_64", "SrcName": "libdrm", "SrcVersion": "2.4.124-r0", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libpciaccess@0.18.1-r0", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:09a85a6a02e935299576de4377c6438635b46c72", "InstalledFiles": [ "usr/lib/libdrm.so.2", "usr/lib/libdrm.so.2.124.0", "usr/lib/libdrm_amdgpu.so.1", "usr/lib/libdrm_amdgpu.so.1.124.0", "usr/lib/libdrm_etnaviv.so.1", "usr/lib/libdrm_etnaviv.so.1.124.0", "usr/lib/libdrm_exynos.so.1", "usr/lib/libdrm_exynos.so.1.124.0", "usr/lib/libdrm_freedreno.so.1", "usr/lib/libdrm_freedreno.so.1.124.0", "usr/lib/libdrm_intel.so.1", "usr/lib/libdrm_intel.so.1.124.0", "usr/lib/libdrm_nouveau.so.2", "usr/lib/libdrm_nouveau.so.2.124.0", "usr/lib/libdrm_omap.so.1", "usr/lib/libdrm_omap.so.1.124.0", "usr/lib/libdrm_radeon.so.1", "usr/lib/libdrm_radeon.so.1.124.0", "usr/lib/libdrm_tegra.so.0", "usr/lib/libdrm_tegra.so.0.124.0", "usr/share/libdrm/amdgpu.ids" ], "AnalyzedBy": "apk" }, { "ID": "libeconf@0.6.3-r0", "Name": "libeconf", "Identifier": { "PURL": "pkg:apk/alpine/libeconf@0.6.3-r0?arch=x86_64\u0026distro=3.22.1", "UID": "d4dedf76559a1a23" }, "Version": "0.6.3-r0", "Arch": "x86_64", "SrcName": "libeconf", "SrcVersion": "0.6.3-r0", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:194e60221ae9601f42f6c7a859ef8f447857415d", "InstalledFiles": [ "usr/bin/econftool", "usr/lib/libeconf.so.0", "usr/lib/libeconf.so.0.6.2" ], "AnalyzedBy": "apk" }, { "ID": "libexpat@2.7.1-r0", "Name": "libexpat", "Identifier": { "PURL": "pkg:apk/alpine/libexpat@2.7.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "3f5e1118b4fa3f46" }, "Version": "2.7.1-r0", "Arch": "x86_64", "SrcName": "expat", "SrcVersion": "2.7.1-r0", "Licenses": [ "MIT" ], "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:249bf47cc6f2a67a4307f21daddb103a5108ded5", "InstalledFiles": [ "usr/lib/libexpat.so.1", "usr/lib/libexpat.so.1.10.2" ], "AnalyzedBy": "apk" }, { "ID": "libffi@3.4.8-r0", "Name": "libffi", "Identifier": { "PURL": "pkg:apk/alpine/libffi@3.4.8-r0?arch=x86_64\u0026distro=3.22.1", "UID": "8338231f91849d33" }, "Version": "3.4.8-r0", "Arch": "x86_64", "SrcName": "libffi", "SrcVersion": "3.4.8-r0", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:e5d01118f5ad008bb2df07635af364933b4ff20f", "InstalledFiles": [ "usr/lib/libffi.so.8", "usr/lib/libffi.so.8.1.4" ], "AnalyzedBy": "apk" }, { "ID": "libflac@1.4.3-r1", "Name": "libflac", "Identifier": { "PURL": "pkg:apk/alpine/libflac@1.4.3-r1?arch=x86_64\u0026distro=3.22.1", "UID": "54ffcd689fe3a9bb" }, "Version": "1.4.3-r1", "Arch": "x86_64", "SrcName": "flac", "SrcVersion": "1.4.3-r1", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libogg@1.3.5-r5", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:cd1c9bda715cb675f5385f43afb7b80eb04077f1", "InstalledFiles": [ "usr/lib/libFLAC.so.12", "usr/lib/libFLAC.so.12.1.0" ], "AnalyzedBy": "apk" }, { "ID": "libgcc@14.2.0-r6", "Name": "libgcc", "Identifier": { "PURL": "pkg:apk/alpine/libgcc@14.2.0-r6?arch=x86_64\u0026distro=3.22.1", "UID": "41a80f62e6ea827d" }, "Version": "14.2.0-r6", "Arch": "x86_64", "SrcName": "gcc", "SrcVersion": "14.2.0-r6", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.1-or-later" ], "Maintainer": "Ariadne Conill \u003cariadne@dereferenced.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:6945911dc2b13485e97460d9df2716ad1a0aa32d", "InstalledFiles": [ "usr/lib/libgcc_s.so.1" ], "AnalyzedBy": "apk" }, { "ID": "libgomp@14.2.0-r6", "Name": "libgomp", "Identifier": { "PURL": "pkg:apk/alpine/libgomp@14.2.0-r6?arch=x86_64\u0026distro=3.22.1", "UID": "465d8155c1b59fb0" }, "Version": "14.2.0-r6", "Arch": "x86_64", "SrcName": "gcc", "SrcVersion": "14.2.0-r6", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.1-or-later" ], "Maintainer": "Ariadne Conill \u003cariadne@dereferenced.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:7a22cab723a2deab744718c41eb10fe5601646b1", "InstalledFiles": [ "usr/lib/libgomp.so.1", "usr/lib/libgomp.so.1.0.0" ], "AnalyzedBy": "apk" }, { "ID": "libhwy@1.0.7-r1", "Name": "libhwy", "Identifier": { "PURL": "pkg:apk/alpine/libhwy@1.0.7-r1?arch=x86_64\u0026distro=3.22.1", "UID": "4d626c6f23c88adc" }, "Version": "1.0.7-r1", "Arch": "x86_64", "SrcName": "highway", "SrcVersion": "1.0.7-r1", "Licenses": [ "Apache-2.0" ], "Maintainer": "Alex Xu (Hello71) \u003calex_y_xu@yahoo.ca\u003e", "DependsOn": [ "libgcc@14.2.0-r6", "libstdc++@14.2.0-r6", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:75c297146d6c5527e31bebf15342eb037d7ae6f3", "InstalledFiles": [ "usr/lib/libhwy.so.1", "usr/lib/libhwy.so.1.0.7" ], "AnalyzedBy": "apk" }, { "ID": "libintl@0.24.1-r0", "Name": "libintl", "Identifier": { "PURL": "pkg:apk/alpine/libintl@0.24.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "5335e41c5d85c80" }, "Version": "0.24.1-r0", "Arch": "x86_64", "SrcName": "gettext", "SrcVersion": "0.24.1-r0", "Licenses": [ "LGPL-2.1-or-later" ], "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:8f44275c3149194ffa1b7bae29469289f758ed3d", "InstalledFiles": [ "usr/lib/libintl.so.8", "usr/lib/libintl.so.8.4.3" ], "AnalyzedBy": "apk" }, { "ID": "libjpeg-turbo@3.1.0-r0", "Name": "libjpeg-turbo", "Identifier": { "PURL": "pkg:apk/alpine/libjpeg-turbo@3.1.0-r0?arch=x86_64\u0026distro=3.22.1", "UID": "e95b13144780a0f2" }, "Version": "3.1.0-r0", "Arch": "x86_64", "SrcName": "libjpeg-turbo", "SrcVersion": "3.1.0-r0", "Licenses": [ "BSD-3-Clause", "IJG", "Zlib" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:1afd9c6c695403a3b67000f0099d8a302eb3aed9", "InstalledFiles": [ "usr/lib/libjpeg.so.8", "usr/lib/libjpeg.so.8.3.2" ], "AnalyzedBy": "apk" }, { "ID": "libjxl@0.10.3-r2", "Name": "libjxl", "Identifier": { "PURL": "pkg:apk/alpine/libjxl@0.10.3-r2?arch=x86_64\u0026distro=3.22.1", "UID": "11a432964da0cfc1" }, "Version": "0.10.3-r2", "Arch": "x86_64", "SrcName": "libjxl", "SrcVersion": "0.10.3-r2", "Licenses": [ "Apache-2.0" ], "Maintainer": "Alex Xu (Hello71) \u003calex_y_xu@yahoo.ca\u003e", "DependsOn": [ "brotli-libs@1.1.0-r2", "giflib@5.2.2-r1", "lcms2@2.16-r0", "libgcc@14.2.0-r6", "libhwy@1.0.7-r1", "libjpeg-turbo@3.1.0-r0", "libpng@1.6.47-r0", "libstdc++@14.2.0-r6", "musl@1.2.5-r10", "openexr-libopenexr@3.3.2-r0" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:1f7f820642a91b74080480fe32fc50e3974776cd", "InstalledFiles": [ "usr/lib/libjxl.so.0.10", "usr/lib/libjxl.so.0.10.3", "usr/lib/libjxl_cms.so.0.10", "usr/lib/libjxl_cms.so.0.10.3", "usr/lib/libjxl_extras_codec.so.0.10", "usr/lib/libjxl_extras_codec.so.0.10.3", "usr/lib/libjxl_threads.so.0.10", "usr/lib/libjxl_threads.so.0.10.3" ], "AnalyzedBy": "apk" }, { "ID": "libltdl@2.5.4-r1", "Name": "libltdl", "Identifier": { "PURL": "pkg:apk/alpine/libltdl@2.5.4-r1?arch=x86_64\u0026distro=3.22.1", "UID": "98f9450bdf76e116" }, "Version": "2.5.4-r1", "Arch": "x86_64", "SrcName": "libtool", "SrcVersion": "2.5.4-r1", "Licenses": [ "LGPL-2.0-or-later", "GPL-2.0-or-later" ], "Maintainer": "Celeste \u003ccielesti@protonmail.com\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:6970bf366a42daff8b7dca40583e6039a90fc9c3", "InstalledFiles": [ "usr/lib/libltdl.so", "usr/lib/libltdl.so.7", "usr/lib/libltdl.so.7.3.3" ], "AnalyzedBy": "apk" }, { "ID": "libmd@1.1.0-r0", "Name": "libmd", "Identifier": { "PURL": "pkg:apk/alpine/libmd@1.1.0-r0?arch=x86_64\u0026distro=3.22.1", "UID": "af650d454a3544f2" }, "Version": "1.1.0-r0", "Arch": "x86_64", "SrcName": "libmd", "SrcVersion": "1.1.0-r0", "Licenses": [ "BSD-3-Clause", "BSD-2-Clause", "ISC", "Beerware", "Public", "Domain" ], "Maintainer": "omni \u003comni+alpine@hack.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:65a135e641ef9b082f98f70ba100e8617a319042", "InstalledFiles": [ "usr/lib/libmd.so.0", "usr/lib/libmd.so.0.1.0" ], "AnalyzedBy": "apk" }, { "ID": "libmount@2.41-r9", "Name": "libmount", "Identifier": { "PURL": "pkg:apk/alpine/libmount@2.41-r9?arch=x86_64\u0026distro=3.22.1", "UID": "4a0984bbdba43fb1" }, "Version": "2.41-r9", "Arch": "x86_64", "SrcName": "util-linux", "SrcVersion": "2.41-r9", "Licenses": [ "LGPL-2.1-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libblkid@2.41-r9", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:9abc2e49772236dab2bbf506488ebdd500d4c1d6", "InstalledFiles": [ "usr/lib/libmount.so.1", "usr/lib/libmount.so.1.1.0" ], "AnalyzedBy": "apk" }, { "ID": "libncursesw@6.5_p20250503-r0", "Name": "libncursesw", "Identifier": { "PURL": "pkg:apk/alpine/libncursesw@6.5_p20250503-r0?arch=x86_64\u0026distro=3.22.1", "UID": "e6be237484e23875" }, "Version": "6.5_p20250503-r0", "Arch": "x86_64", "SrcName": "ncurses", "SrcVersion": "6.5_p20250503-r0", "Licenses": [ "X-11" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10", "ncurses-terminfo-base@6.5_p20250503-r0" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:42901f1528399d67e07e14085ee53f1a369b240a", "InstalledFiles": [ "usr/lib/libncursesw.so.6", "usr/lib/libncursesw.so.6.5" ], "AnalyzedBy": "apk" }, { "ID": "libogg@1.3.5-r5", "Name": "libogg", "Identifier": { "PURL": "pkg:apk/alpine/libogg@1.3.5-r5?arch=x86_64\u0026distro=3.22.1", "UID": "41d9c41a5625d3c7" }, "Version": "1.3.5-r5", "Arch": "x86_64", "SrcName": "libogg", "SrcVersion": "1.3.5-r5", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:b168d44ff7f94007b756c83e00794d5bc969644f", "InstalledFiles": [ "usr/lib/libogg.so.0", "usr/lib/libogg.so.0.8.5" ], "AnalyzedBy": "apk" }, { "ID": "libopenmpt@0.7.15-r0", "Name": "libopenmpt", "Identifier": { "PURL": "pkg:apk/alpine/libopenmpt@0.7.15-r0?arch=x86_64\u0026distro=3.22.1", "UID": "db01fc988593c613" }, "Version": "0.7.15-r0", "Arch": "x86_64", "SrcName": "libopenmpt", "SrcVersion": "0.7.15-r0", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "knuxify \u003cknuxify@gmail.com\u003e", "DependsOn": [ "libgcc@14.2.0-r6", "libstdc++@14.2.0-r6", "libvorbis@1.3.7-r2", "mpg123-libs@1.32.10-r0", "musl@1.2.5-r10", "zlib@1.3.1-r2" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:11a241087258caa95080cba8eedc53b61c8fec67", "InstalledFiles": [ "usr/lib/libopenmpt.so.0", "usr/lib/libopenmpt.so.0.4.4" ], "AnalyzedBy": "apk" }, { "ID": "libpciaccess@0.18.1-r0", "Name": "libpciaccess", "Identifier": { "PURL": "pkg:apk/alpine/libpciaccess@0.18.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "c8054f627183027b" }, "Version": "0.18.1-r0", "Arch": "x86_64", "SrcName": "libpciaccess", "SrcVersion": "0.18.1-r0", "Licenses": [ "X-11" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "hwdata-pci@0.395-r0", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:801b4af5da9bcd3b01d512a5ca8eafb3257e6e7a", "InstalledFiles": [ "usr/lib/libpciaccess.so.0", "usr/lib/libpciaccess.so.0.11.1" ], "AnalyzedBy": "apk" }, { "ID": "libplacebo@6.338.2-r3", "Name": "libplacebo", "Identifier": { "PURL": "pkg:apk/alpine/libplacebo@6.338.2-r3?arch=x86_64\u0026distro=3.22.1", "UID": "3d3c44157c83e002" }, "Version": "6.338.2-r3", "Arch": "x86_64", "SrcName": "libplacebo", "SrcVersion": "6.338.2-r3", "Licenses": [ "LGPL-2.1-or-later" ], "Maintainer": "Simon Zeni \u003csimon@bl4ckb0ne.ca\u003e", "DependsOn": [ "glslang-libs@1.4.309.0-r0", "lcms2@2.16-r0", "libdovi@3.3.1-r1", "libgcc@14.2.0-r6", "libstdc++@14.2.0-r6", "musl@1.2.5-r10", "shaderc@2024.4-r0", "vulkan-loader@1.4.313.0-r0" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:4f8594fac1a21f2918f1b7a2f0b1ac3ab6bfc0f5", "InstalledFiles": [ "usr/lib/libplacebo.so.338" ], "AnalyzedBy": "apk" }, { "ID": "libpng@1.6.47-r0", "Name": "libpng", "Identifier": { "PURL": "pkg:apk/alpine/libpng@1.6.47-r0?arch=x86_64\u0026distro=3.22.1", "UID": "e3b6a2717c0ec76d" }, "Version": "1.6.47-r0", "Arch": "x86_64", "SrcName": "libpng", "SrcVersion": "1.6.47-r0", "Licenses": [ "Libpng" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10", "zlib@1.3.1-r2" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:40a4d0e8c5e7cb6f8858b30a4ff9da1770b32604", "InstalledFiles": [ "usr/lib/libpng16.so.16", "usr/lib/libpng16.so.16.47.0" ], "AnalyzedBy": "apk" }, { "ID": "libpulse@17.0-r5", "Name": "libpulse", "Identifier": { "PURL": "pkg:apk/alpine/libpulse@17.0-r5?arch=x86_64\u0026distro=3.22.1", "UID": "b03d4ae95e5d53db" }, "Version": "17.0-r5", "Arch": "x86_64", "SrcName": "pulseaudio", "SrcVersion": "17.0-r5", "Licenses": [ "LGPL-2.1-or-later" ], "Maintainer": "Pablo Correa Gomez \u003cpabloyoyoista@postmarketos.org\u003e", "DependsOn": [ "dbus-libs@1.16.2-r1", "libasyncns@0.8-r4", "libintl@0.24.1-r0", "libltdl@2.5.4-r1", "libsndfile@1.2.2-r2", "libx11@1.8.11-r0", "libxcb@1.17.0-r0", "musl@1.2.5-r10", "orc@0.4.40-r1", "soxr@0.1.3-r7", "speexdsp@1.2.1-r2", "tdb-libs@1.4.12-r0" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:26afa10395c4b79010d3ce3910dcd6cda3277418", "InstalledFiles": [ "etc/pulse/client.conf", "usr/lib/libpulse-simple.so.0", "usr/lib/libpulse-simple.so.0.1.1", "usr/lib/libpulse.so.0", "usr/lib/libpulse.so.0.24.3", "usr/lib/pulseaudio/libpulsecommon-17.0.so", "usr/lib/pulseaudio/libpulsecore-17.0.so", "usr/lib/pulseaudio/libpulsedsp.so" ], "AnalyzedBy": "apk" }, { "ID": "librist@0.2.10-r1", "Name": "librist", "Identifier": { "PURL": "pkg:apk/alpine/librist@0.2.10-r1?arch=x86_64\u0026distro=3.22.1", "UID": "b6f7f7ee700914d4" }, "Version": "0.2.10-r1", "Arch": "x86_64", "SrcName": "librist", "SrcVersion": "0.2.10-r1", "Licenses": [ "BSD-2-Clause" ], "Maintainer": "Kevin Wang \u003ckevin@muxable.com\u003e", "DependsOn": [ "cjson@1.7.18-r1", "mbedtls@3.6.4-r0", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:d9af57e9045971bab0f0106c939e8474b36dd940", "InstalledFiles": [ "usr/lib/librist.so.4", "usr/lib/librist.so.4.3.1" ], "AnalyzedBy": "apk" }, { "ID": "libsharpyuv@1.5.0-r0", "Name": "libsharpyuv", "Identifier": { "PURL": "pkg:apk/alpine/libsharpyuv@1.5.0-r0?arch=x86_64\u0026distro=3.22.1", "UID": "6df87ed44310fe1b" }, "Version": "1.5.0-r0", "Arch": "x86_64", "SrcName": "libwebp", "SrcVersion": "1.5.0-r0", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:e8bf6a7b6110eaed365ba0b5a38b81e94d48d2bb", "InstalledFiles": [ "usr/lib/libsharpyuv.so.0", "usr/lib/libsharpyuv.so.0.1.1" ], "AnalyzedBy": "apk" }, { "ID": "libsndfile@1.2.2-r2", "Name": "libsndfile", "Identifier": { "PURL": "pkg:apk/alpine/libsndfile@1.2.2-r2?arch=x86_64\u0026distro=3.22.1", "UID": "bc9e0f27ba28c45b" }, "Version": "1.2.2-r2", "Arch": "x86_64", "SrcName": "libsndfile", "SrcVersion": "1.2.2-r2", "Licenses": [ "LGPL-2.1-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "alsa-lib@1.2.14-r0", "lame-libs@3.100-r5", "libflac@1.4.3-r1", "libogg@1.3.5-r5", "libvorbis@1.3.7-r2", "mpg123-libs@1.32.10-r0", "musl@1.2.5-r10", "opus@1.5.2-r1" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:74ef7633ec0e66b551757bb34fda7a24bed98f91", "InstalledFiles": [ "usr/bin/sndfile-cmp", "usr/bin/sndfile-concat", "usr/bin/sndfile-convert", "usr/bin/sndfile-deinterleave", "usr/bin/sndfile-info", "usr/bin/sndfile-interleave", "usr/bin/sndfile-metadata-get", "usr/bin/sndfile-metadata-set", "usr/bin/sndfile-play", "usr/bin/sndfile-salvage", "usr/lib/libsndfile.so.1", "usr/lib/libsndfile.so.1.0.37" ], "AnalyzedBy": "apk" }, { "ID": "libsodium@1.0.20-r0", "Name": "libsodium", "Identifier": { "PURL": "pkg:apk/alpine/libsodium@1.0.20-r0?arch=x86_64\u0026distro=3.22.1", "UID": "d13383d8fc4236f0" }, "Version": "1.0.20-r0", "Arch": "x86_64", "SrcName": "libsodium", "SrcVersion": "1.0.20-r0", "Licenses": [ "ISC" ], "Maintainer": "Stuart Cardall \u003cdeveloper@it-offshore.co.uk\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:3b2df4cca664705b64f0051a4988904a3ba68c5c", "InstalledFiles": [ "usr/lib/libsodium.so.26", "usr/lib/libsodium.so.26.2.0" ], "AnalyzedBy": "apk" }, { "ID": "libsrt@1.5.3-r1", "Name": "libsrt", "Identifier": { "PURL": "pkg:apk/alpine/libsrt@1.5.3-r1?arch=x86_64\u0026distro=3.22.1", "UID": "a43f45e26335c73" }, "Version": "1.5.3-r1", "Arch": "x86_64", "SrcName": "libsrt", "SrcVersion": "1.5.3-r1", "Licenses": [ "MPL-2.0" ], "Maintainer": "Yohann DANELLO \u003cyohann.danello@crans.org\u003e", "DependsOn": [ "libcrypto3@3.5.1-r0", "libgcc@14.2.0-r6", "libstdc++@14.2.0-r6", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:faa8d62e6444f572925468c2d52ced81a7e873ad", "InstalledFiles": [ "usr/lib/libsrt.so.1.5", "usr/lib/libsrt.so.1.5.3" ], "AnalyzedBy": "apk" }, { "ID": "libssh@0.11.2-r0", "Name": "libssh", "Identifier": { "PURL": "pkg:apk/alpine/libssh@0.11.2-r0?arch=x86_64\u0026distro=3.22.1", "UID": "4655d1342032fe93" }, "Version": "0.11.2-r0", "Arch": "x86_64", "SrcName": "libssh", "SrcVersion": "0.11.2-r0", "Licenses": [ "LGPL-2.1-or-later", "BSD-2-Clause" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libcrypto3@3.5.1-r0", "musl@1.2.5-r10", "zlib@1.3.1-r2" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:e881b27ec5156153b63f141a426f3869d859e50a", "InstalledFiles": [ "usr/lib/libssh.so.4", "usr/lib/libssh.so.4.10.2" ], "AnalyzedBy": "apk" }, { "ID": "libssl3@3.5.1-r0", "Name": "libssl3", "Identifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "bba7017a0fcca05c" }, "Version": "3.5.1-r0", "Arch": "x86_64", "SrcName": "openssl", "SrcVersion": "3.5.1-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libcrypto3@3.5.1-r0", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "Digest": "sha1:fc89917981adb0b33a5ccf84e4168e4256b5065b", "InstalledFiles": [ "usr/lib/libssl.so.3" ], "AnalyzedBy": "apk" }, { "ID": "libstdc++@14.2.0-r6", "Name": "libstdc++", "Identifier": { "PURL": "pkg:apk/alpine/libstdc%2B%2B@14.2.0-r6?arch=x86_64\u0026distro=3.22.1", "UID": "5dce1d8e581537ac" }, "Version": "14.2.0-r6", "Arch": "x86_64", "SrcName": "gcc", "SrcVersion": "14.2.0-r6", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.1-or-later" ], "Maintainer": "Ariadne Conill \u003cariadne@dereferenced.org\u003e", "DependsOn": [ "libgcc@14.2.0-r6", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:edf5cac1e98ffe4fb3609f48ded83b35bec14c9d", "InstalledFiles": [ "usr/lib/libstdc++.so.6", "usr/lib/libstdc++.so.6.0.33" ], "AnalyzedBy": "apk" }, { "ID": "libtheora@1.1.1-r18", "Name": "libtheora", "Identifier": { "PURL": "pkg:apk/alpine/libtheora@1.1.1-r18?arch=x86_64\u0026distro=3.22.1", "UID": "6bd81239841dc789" }, "Version": "1.1.1-r18", "Arch": "x86_64", "SrcName": "libtheora", "SrcVersion": "1.1.1-r18", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libogg@1.3.5-r5", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:733abff8a3a1e9e1d9896314818c54a99ef1cbfc", "InstalledFiles": [ "usr/lib/libtheora.so.0", "usr/lib/libtheora.so.0.3.10", "usr/lib/libtheoradec.so.1", "usr/lib/libtheoradec.so.1.1.4", "usr/lib/libtheoraenc.so.1", "usr/lib/libtheoraenc.so.1.1.2" ], "AnalyzedBy": "apk" }, { "ID": "libunibreak@6.1-r0", "Name": "libunibreak", "Identifier": { "PURL": "pkg:apk/alpine/libunibreak@6.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "5280ed8babbac5f5" }, "Version": "6.1-r0", "Arch": "x86_64", "SrcName": "libunibreak", "SrcVersion": "6.1-r0", "Licenses": [ "Zlib" ], "Maintainer": "Krassy Boykinov \u003ckboykinov@teamcentrixx.com\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:c3eb8d63c0bd5954921f82a7caea22af85aa3d46", "InstalledFiles": [ "usr/lib/libunibreak.so.6", "usr/lib/libunibreak.so.6.0.1" ], "AnalyzedBy": "apk" }, { "ID": "libva@2.22.0-r1", "Name": "libva", "Identifier": { "PURL": "pkg:apk/alpine/libva@2.22.0-r1?arch=x86_64\u0026distro=3.22.1", "UID": "12ec6c4146a0065a" }, "Version": "2.22.0-r1", "Arch": "x86_64", "SrcName": "libva", "SrcVersion": "2.22.0-r1", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libdrm@2.4.124-r0", "libx11@1.8.11-r0", "libxcb@1.17.0-r0", "libxext@1.3.6-r2", "libxfixes@6.0.1-r4", "musl@1.2.5-r10", "wayland-libs-client@1.23.1-r3" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:a7c242a3168d0c241c2bb0d32cce96a026654a7e", "InstalledFiles": [ "usr/lib/libva-drm.so.2", "usr/lib/libva-drm.so.2.2200.0", "usr/lib/libva-wayland.so.2", "usr/lib/libva-wayland.so.2.2200.0", "usr/lib/libva-x11.so.2", "usr/lib/libva-x11.so.2.2200.0", "usr/lib/libva.so.2", "usr/lib/libva.so.2.2200.0" ], "AnalyzedBy": "apk" }, { "ID": "libvdpau@1.5-r4", "Name": "libvdpau", "Identifier": { "PURL": "pkg:apk/alpine/libvdpau@1.5-r4?arch=x86_64\u0026distro=3.22.1", "UID": "375f8563a40ed4e3" }, "Version": "1.5-r4", "Arch": "x86_64", "SrcName": "libvdpau", "SrcVersion": "1.5-r4", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libx11@1.8.11-r0", "libxext@1.3.6-r2", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:e0b0f8ea1bb3de0766b1881a1a6b6d48ce0fb7f3", "InstalledFiles": [ "etc/vdpau_wrapper.cfg", "usr/lib/libvdpau.so.1", "usr/lib/libvdpau.so.1.0.0", "usr/lib/vdpau/libvdpau_trace.so", "usr/lib/vdpau/libvdpau_trace.so.1", "usr/lib/vdpau/libvdpau_trace.so.1.0.0" ], "AnalyzedBy": "apk" }, { "ID": "libvorbis@1.3.7-r2", "Name": "libvorbis", "Identifier": { "PURL": "pkg:apk/alpine/libvorbis@1.3.7-r2?arch=x86_64\u0026distro=3.22.1", "UID": "f7be6badf96359dc" }, "Version": "1.3.7-r2", "Arch": "x86_64", "SrcName": "libvorbis", "SrcVersion": "1.3.7-r2", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libogg@1.3.5-r5", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:e71e2d64675fe9500854bdb5237b53c410a4b4c8", "InstalledFiles": [ "usr/lib/libvorbis.so.0", "usr/lib/libvorbis.so.0.4.9", "usr/lib/libvorbisenc.so.2", "usr/lib/libvorbisenc.so.2.0.12", "usr/lib/libvorbisfile.so.3", "usr/lib/libvorbisfile.so.3.3.8" ], "AnalyzedBy": "apk" }, { "ID": "libvpx@1.15.0-r0", "Name": "libvpx", "Identifier": { "PURL": "pkg:apk/alpine/libvpx@1.15.0-r0?arch=x86_64\u0026distro=3.22.1", "UID": "b7c3eecb2cb60c0b" }, "Version": "1.15.0-r0", "Arch": "x86_64", "SrcName": "libvpx", "SrcVersion": "1.15.0-r0", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:e680e51b3787cd6510bf4e0dca2afd2a9454e857", "InstalledFiles": [ "usr/lib/libvpx.so.9", "usr/lib/libvpx.so.9.1", "usr/lib/libvpx.so.9.1.0" ], "AnalyzedBy": "apk" }, { "ID": "libwebp@1.5.0-r0", "Name": "libwebp", "Identifier": { "PURL": "pkg:apk/alpine/libwebp@1.5.0-r0?arch=x86_64\u0026distro=3.22.1", "UID": "f79d7132e70d7690" }, "Version": "1.5.0-r0", "Arch": "x86_64", "SrcName": "libwebp", "SrcVersion": "1.5.0-r0", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libsharpyuv@1.5.0-r0", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:b493c8c7e5838ebd63dd68c5414bff9ebef45942", "InstalledFiles": [ "usr/lib/libwebp.so.7", "usr/lib/libwebp.so.7.1.10" ], "AnalyzedBy": "apk" }, { "ID": "libwebpmux@1.5.0-r0", "Name": "libwebpmux", "Identifier": { "PURL": "pkg:apk/alpine/libwebpmux@1.5.0-r0?arch=x86_64\u0026distro=3.22.1", "UID": "2c7c718c14f98d9f" }, "Version": "1.5.0-r0", "Arch": "x86_64", "SrcName": "libwebp", "SrcVersion": "1.5.0-r0", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libwebp@1.5.0-r0", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:edc7bd50a5f3a146ef11c8e370564ea52a300123", "InstalledFiles": [ "usr/lib/libwebpmux.so.3", "usr/lib/libwebpmux.so.3.1.1" ], "AnalyzedBy": "apk" }, { "ID": "libx11@1.8.11-r0", "Name": "libx11", "Identifier": { "PURL": "pkg:apk/alpine/libx11@1.8.11-r0?arch=x86_64\u0026distro=3.22.1", "UID": "4e43a457eb13191" }, "Version": "1.8.11-r0", "Arch": "x86_64", "SrcName": "libx11", "SrcVersion": "1.8.11-r0", "Licenses": [ "X-11" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libxcb@1.17.0-r0", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:65356d06ac940f03c80adacfedb2d4b4a95a1a03", "InstalledFiles": [ "usr/lib/libX11-xcb.so.1", "usr/lib/libX11-xcb.so.1.0.0", "usr/lib/libX11.so.6", "usr/lib/libX11.so.6.4.0", "usr/share/X11/XErrorDB", "usr/share/X11/Xcms.txt", "usr/share/X11/locale/compose.dir", "usr/share/X11/locale/locale.alias", "usr/share/X11/locale/locale.dir", "usr/share/X11/locale/C/Compose", "usr/share/X11/locale/C/XI18N_OBJS", "usr/share/X11/locale/C/XLC_LOCALE", "usr/share/X11/locale/am_ET.UTF-8/Compose", "usr/share/X11/locale/am_ET.UTF-8/XI18N_OBJS", "usr/share/X11/locale/am_ET.UTF-8/XLC_LOCALE", "usr/share/X11/locale/armscii-8/Compose", "usr/share/X11/locale/armscii-8/XI18N_OBJS", "usr/share/X11/locale/armscii-8/XLC_LOCALE", "usr/share/X11/locale/cs_CZ.UTF-8/Compose", "usr/share/X11/locale/cs_CZ.UTF-8/XI18N_OBJS", "usr/share/X11/locale/cs_CZ.UTF-8/XLC_LOCALE", "usr/share/X11/locale/el_GR.UTF-8/Compose", "usr/share/X11/locale/el_GR.UTF-8/XI18N_OBJS", "usr/share/X11/locale/el_GR.UTF-8/XLC_LOCALE", "usr/share/X11/locale/en_US.UTF-8/Compose", "usr/share/X11/locale/en_US.UTF-8/XI18N_OBJS", "usr/share/X11/locale/en_US.UTF-8/XLC_LOCALE", "usr/share/X11/locale/fi_FI.UTF-8/Compose", "usr/share/X11/locale/fi_FI.UTF-8/XI18N_OBJS", "usr/share/X11/locale/fi_FI.UTF-8/XLC_LOCALE", "usr/share/X11/locale/georgian-academy/Compose", "usr/share/X11/locale/georgian-academy/XI18N_OBJS", "usr/share/X11/locale/georgian-academy/XLC_LOCALE", "usr/share/X11/locale/georgian-ps/Compose", "usr/share/X11/locale/georgian-ps/XI18N_OBJS", "usr/share/X11/locale/georgian-ps/XLC_LOCALE", "usr/share/X11/locale/ibm-cp1133/Compose", "usr/share/X11/locale/ibm-cp1133/XI18N_OBJS", "usr/share/X11/locale/ibm-cp1133/XLC_LOCALE", "usr/share/X11/locale/iscii-dev/Compose", "usr/share/X11/locale/iscii-dev/XI18N_OBJS", "usr/share/X11/locale/iscii-dev/XLC_LOCALE", "usr/share/X11/locale/isiri-3342/Compose", "usr/share/X11/locale/isiri-3342/XI18N_OBJS", "usr/share/X11/locale/isiri-3342/XLC_LOCALE", "usr/share/X11/locale/iso8859-1/Compose", "usr/share/X11/locale/iso8859-1/XI18N_OBJS", "usr/share/X11/locale/iso8859-1/XLC_LOCALE", "usr/share/X11/locale/iso8859-10/Compose", "usr/share/X11/locale/iso8859-10/XI18N_OBJS", "usr/share/X11/locale/iso8859-10/XLC_LOCALE", "usr/share/X11/locale/iso8859-11/Compose", "usr/share/X11/locale/iso8859-11/XI18N_OBJS", "usr/share/X11/locale/iso8859-11/XLC_LOCALE", "usr/share/X11/locale/iso8859-13/Compose", "usr/share/X11/locale/iso8859-13/XI18N_OBJS", "usr/share/X11/locale/iso8859-13/XLC_LOCALE", "usr/share/X11/locale/iso8859-14/Compose", "usr/share/X11/locale/iso8859-14/XI18N_OBJS", "usr/share/X11/locale/iso8859-14/XLC_LOCALE", "usr/share/X11/locale/iso8859-15/Compose", "usr/share/X11/locale/iso8859-15/XI18N_OBJS", "usr/share/X11/locale/iso8859-15/XLC_LOCALE", "usr/share/X11/locale/iso8859-2/Compose", "usr/share/X11/locale/iso8859-2/XI18N_OBJS", "usr/share/X11/locale/iso8859-2/XLC_LOCALE", "usr/share/X11/locale/iso8859-3/Compose", "usr/share/X11/locale/iso8859-3/XI18N_OBJS", "usr/share/X11/locale/iso8859-3/XLC_LOCALE", "usr/share/X11/locale/iso8859-4/Compose", "usr/share/X11/locale/iso8859-4/XI18N_OBJS", "usr/share/X11/locale/iso8859-4/XLC_LOCALE", "usr/share/X11/locale/iso8859-5/Compose", "usr/share/X11/locale/iso8859-5/XI18N_OBJS", "usr/share/X11/locale/iso8859-5/XLC_LOCALE", "usr/share/X11/locale/iso8859-6/Compose", "usr/share/X11/locale/iso8859-6/XI18N_OBJS", "usr/share/X11/locale/iso8859-6/XLC_LOCALE", "usr/share/X11/locale/iso8859-7/Compose", "usr/share/X11/locale/iso8859-7/XI18N_OBJS", "usr/share/X11/locale/iso8859-7/XLC_LOCALE", "usr/share/X11/locale/iso8859-8/Compose", "usr/share/X11/locale/iso8859-8/XI18N_OBJS", "usr/share/X11/locale/iso8859-8/XLC_LOCALE", "usr/share/X11/locale/iso8859-9/Compose", "usr/share/X11/locale/iso8859-9/XI18N_OBJS", "usr/share/X11/locale/iso8859-9/XLC_LOCALE", "usr/share/X11/locale/iso8859-9e/Compose", "usr/share/X11/locale/iso8859-9e/XI18N_OBJS", "usr/share/X11/locale/iso8859-9e/XLC_LOCALE", "usr/share/X11/locale/ja/Compose", "usr/share/X11/locale/ja/XI18N_OBJS", "usr/share/X11/locale/ja/XLC_LOCALE", "usr/share/X11/locale/ja.JIS/Compose", "usr/share/X11/locale/ja.JIS/XI18N_OBJS", "usr/share/X11/locale/ja.JIS/XLC_LOCALE", "usr/share/X11/locale/ja.SJIS/Compose", "usr/share/X11/locale/ja.SJIS/XI18N_OBJS", "usr/share/X11/locale/ja.SJIS/XLC_LOCALE", "usr/share/X11/locale/ja_JP.UTF-8/Compose", "usr/share/X11/locale/ja_JP.UTF-8/XI18N_OBJS", "usr/share/X11/locale/ja_JP.UTF-8/XLC_LOCALE", "usr/share/X11/locale/km_KH.UTF-8/Compose", "usr/share/X11/locale/km_KH.UTF-8/XI18N_OBJS", "usr/share/X11/locale/km_KH.UTF-8/XLC_LOCALE", "usr/share/X11/locale/ko/Compose", "usr/share/X11/locale/ko/XI18N_OBJS", "usr/share/X11/locale/ko/XLC_LOCALE", "usr/share/X11/locale/ko_KR.UTF-8/Compose", "usr/share/X11/locale/ko_KR.UTF-8/XI18N_OBJS", "usr/share/X11/locale/ko_KR.UTF-8/XLC_LOCALE", "usr/share/X11/locale/koi8-c/Compose", "usr/share/X11/locale/koi8-c/XI18N_OBJS", "usr/share/X11/locale/koi8-c/XLC_LOCALE", "usr/share/X11/locale/koi8-r/Compose", "usr/share/X11/locale/koi8-r/XI18N_OBJS", "usr/share/X11/locale/koi8-r/XLC_LOCALE", "usr/share/X11/locale/koi8-u/Compose", "usr/share/X11/locale/koi8-u/XI18N_OBJS", "usr/share/X11/locale/koi8-u/XLC_LOCALE", "usr/share/X11/locale/microsoft-cp1251/Compose", "usr/share/X11/locale/microsoft-cp1251/XI18N_OBJS", "usr/share/X11/locale/microsoft-cp1251/XLC_LOCALE", "usr/share/X11/locale/microsoft-cp1255/Compose", "usr/share/X11/locale/microsoft-cp1255/XI18N_OBJS", "usr/share/X11/locale/microsoft-cp1255/XLC_LOCALE", "usr/share/X11/locale/microsoft-cp1256/Compose", "usr/share/X11/locale/microsoft-cp1256/XI18N_OBJS", "usr/share/X11/locale/microsoft-cp1256/XLC_LOCALE", "usr/share/X11/locale/mulelao-1/Compose", "usr/share/X11/locale/mulelao-1/XI18N_OBJS", "usr/share/X11/locale/mulelao-1/XLC_LOCALE", "usr/share/X11/locale/nokhchi-1/Compose", "usr/share/X11/locale/nokhchi-1/XI18N_OBJS", "usr/share/X11/locale/nokhchi-1/XLC_LOCALE", "usr/share/X11/locale/pt_BR.UTF-8/Compose", "usr/share/X11/locale/pt_BR.UTF-8/XI18N_OBJS", "usr/share/X11/locale/pt_BR.UTF-8/XLC_LOCALE", "usr/share/X11/locale/pt_PT.UTF-8/Compose", "usr/share/X11/locale/pt_PT.UTF-8/XI18N_OBJS", "usr/share/X11/locale/pt_PT.UTF-8/XLC_LOCALE", "usr/share/X11/locale/ru_RU.UTF-8/Compose", "usr/share/X11/locale/ru_RU.UTF-8/XI18N_OBJS", "usr/share/X11/locale/ru_RU.UTF-8/XLC_LOCALE", "usr/share/X11/locale/sr_RS.UTF-8/Compose", "usr/share/X11/locale/sr_RS.UTF-8/XI18N_OBJS", "usr/share/X11/locale/sr_RS.UTF-8/XLC_LOCALE", "usr/share/X11/locale/tatar-cyr/Compose", "usr/share/X11/locale/tatar-cyr/XI18N_OBJS", "usr/share/X11/locale/tatar-cyr/XLC_LOCALE", "usr/share/X11/locale/th_TH/Compose", "usr/share/X11/locale/th_TH/XI18N_OBJS", "usr/share/X11/locale/th_TH/XLC_LOCALE", "usr/share/X11/locale/th_TH.UTF-8/Compose", "usr/share/X11/locale/th_TH.UTF-8/XI18N_OBJS", "usr/share/X11/locale/th_TH.UTF-8/XLC_LOCALE", "usr/share/X11/locale/tscii-0/Compose", "usr/share/X11/locale/tscii-0/XI18N_OBJS", "usr/share/X11/locale/tscii-0/XLC_LOCALE", "usr/share/X11/locale/vi_VN.tcvn/Compose", "usr/share/X11/locale/vi_VN.tcvn/XI18N_OBJS", "usr/share/X11/locale/vi_VN.tcvn/XLC_LOCALE", "usr/share/X11/locale/vi_VN.viscii/Compose", "usr/share/X11/locale/vi_VN.viscii/XI18N_OBJS", "usr/share/X11/locale/vi_VN.viscii/XLC_LOCALE", "usr/share/X11/locale/zh_CN/Compose", "usr/share/X11/locale/zh_CN/XI18N_OBJS", "usr/share/X11/locale/zh_CN/XLC_LOCALE", "usr/share/X11/locale/zh_CN.UTF-8/Compose", "usr/share/X11/locale/zh_CN.UTF-8/XI18N_OBJS", "usr/share/X11/locale/zh_CN.UTF-8/XLC_LOCALE", "usr/share/X11/locale/zh_CN.gb18030/Compose", "usr/share/X11/locale/zh_CN.gb18030/XI18N_OBJS", "usr/share/X11/locale/zh_CN.gb18030/XLC_LOCALE", "usr/share/X11/locale/zh_CN.gbk/Compose", "usr/share/X11/locale/zh_CN.gbk/XI18N_OBJS", "usr/share/X11/locale/zh_CN.gbk/XLC_LOCALE", "usr/share/X11/locale/zh_HK.UTF-8/Compose", "usr/share/X11/locale/zh_HK.UTF-8/XI18N_OBJS", "usr/share/X11/locale/zh_HK.UTF-8/XLC_LOCALE", "usr/share/X11/locale/zh_HK.big5/Compose", "usr/share/X11/locale/zh_HK.big5/XI18N_OBJS", "usr/share/X11/locale/zh_HK.big5/XLC_LOCALE", "usr/share/X11/locale/zh_HK.big5hkscs/Compose", "usr/share/X11/locale/zh_HK.big5hkscs/XI18N_OBJS", "usr/share/X11/locale/zh_HK.big5hkscs/XLC_LOCALE", "usr/share/X11/locale/zh_TW/Compose", "usr/share/X11/locale/zh_TW/XI18N_OBJS", "usr/share/X11/locale/zh_TW/XLC_LOCALE", "usr/share/X11/locale/zh_TW.UTF-8/Compose", "usr/share/X11/locale/zh_TW.UTF-8/XI18N_OBJS", "usr/share/X11/locale/zh_TW.UTF-8/XLC_LOCALE", "usr/share/X11/locale/zh_TW.big5/Compose", "usr/share/X11/locale/zh_TW.big5/XI18N_OBJS", "usr/share/X11/locale/zh_TW.big5/XLC_LOCALE" ], "AnalyzedBy": "apk" }, { "ID": "libxau@1.0.12-r0", "Name": "libxau", "Identifier": { "PURL": "pkg:apk/alpine/libxau@1.0.12-r0?arch=x86_64\u0026distro=3.22.1", "UID": "f316d58177763d31" }, "Version": "1.0.12-r0", "Arch": "x86_64", "SrcName": "libxau", "SrcVersion": "1.0.12-r0", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:0b1fc4b588f11e15acb33344849a797b1b76b196", "InstalledFiles": [ "usr/lib/libXau.so.6", "usr/lib/libXau.so.6.0.0" ], "AnalyzedBy": "apk" }, { "ID": "libxcb@1.17.0-r0", "Name": "libxcb", "Identifier": { "PURL": "pkg:apk/alpine/libxcb@1.17.0-r0?arch=x86_64\u0026distro=3.22.1", "UID": "3caf7544e25261b1" }, "Version": "1.17.0-r0", "Arch": "x86_64", "SrcName": "libxcb", "SrcVersion": "1.17.0-r0", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libxau@1.0.12-r0", "libxdmcp@1.1.5-r1", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:1bce85e6488dabca4ddef7578f29d14647d252ae", "InstalledFiles": [ "usr/lib/libxcb-composite.so.0", "usr/lib/libxcb-composite.so.0.0.0", "usr/lib/libxcb-damage.so.0", "usr/lib/libxcb-damage.so.0.0.0", "usr/lib/libxcb-dbe.so.0", "usr/lib/libxcb-dbe.so.0.0.0", "usr/lib/libxcb-dpms.so.0", "usr/lib/libxcb-dpms.so.0.0.0", "usr/lib/libxcb-dri2.so.0", "usr/lib/libxcb-dri2.so.0.0.0", "usr/lib/libxcb-dri3.so.0", "usr/lib/libxcb-dri3.so.0.1.0", "usr/lib/libxcb-glx.so.0", "usr/lib/libxcb-glx.so.0.0.0", "usr/lib/libxcb-present.so.0", "usr/lib/libxcb-present.so.0.0.0", "usr/lib/libxcb-randr.so.0", "usr/lib/libxcb-randr.so.0.1.0", "usr/lib/libxcb-record.so.0", "usr/lib/libxcb-record.so.0.0.0", "usr/lib/libxcb-render.so.0", "usr/lib/libxcb-render.so.0.0.0", "usr/lib/libxcb-res.so.0", "usr/lib/libxcb-res.so.0.0.0", "usr/lib/libxcb-screensaver.so.0", "usr/lib/libxcb-screensaver.so.0.0.0", "usr/lib/libxcb-shape.so.0", "usr/lib/libxcb-shape.so.0.0.0", "usr/lib/libxcb-shm.so.0", "usr/lib/libxcb-shm.so.0.0.0", "usr/lib/libxcb-sync.so.1", "usr/lib/libxcb-sync.so.1.0.0", "usr/lib/libxcb-xf86dri.so.0", "usr/lib/libxcb-xf86dri.so.0.0.0", "usr/lib/libxcb-xfixes.so.0", "usr/lib/libxcb-xfixes.so.0.0.0", "usr/lib/libxcb-xinerama.so.0", "usr/lib/libxcb-xinerama.so.0.0.0", "usr/lib/libxcb-xinput.so.0", "usr/lib/libxcb-xinput.so.0.1.0", "usr/lib/libxcb-xkb.so.1", "usr/lib/libxcb-xkb.so.1.0.0", "usr/lib/libxcb-xtest.so.0", "usr/lib/libxcb-xtest.so.0.0.0", "usr/lib/libxcb-xv.so.0", "usr/lib/libxcb-xv.so.0.0.0", "usr/lib/libxcb-xvmc.so.0", "usr/lib/libxcb-xvmc.so.0.0.0", "usr/lib/libxcb.so.1", "usr/lib/libxcb.so.1.1.0" ], "AnalyzedBy": "apk" }, { "ID": "libxdmcp@1.1.5-r1", "Name": "libxdmcp", "Identifier": { "PURL": "pkg:apk/alpine/libxdmcp@1.1.5-r1?arch=x86_64\u0026distro=3.22.1", "UID": "5fbdc4eba65a3276" }, "Version": "1.1.5-r1", "Arch": "x86_64", "SrcName": "libxdmcp", "SrcVersion": "1.1.5-r1", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libbsd@0.12.2-r0", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:93b3045edc2bc6b6c9bff981705293a465c9c3b6", "InstalledFiles": [ "usr/lib/libXdmcp.so.6", "usr/lib/libXdmcp.so.6.0.0" ], "AnalyzedBy": "apk" }, { "ID": "libxext@1.3.6-r2", "Name": "libxext", "Identifier": { "PURL": "pkg:apk/alpine/libxext@1.3.6-r2?arch=x86_64\u0026distro=3.22.1", "UID": "256f99c308ce7622" }, "Version": "1.3.6-r2", "Arch": "x86_64", "SrcName": "libxext", "SrcVersion": "1.3.6-r2", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libx11@1.8.11-r0", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:0c16fb7e4b6352c59985ddf17099df039df36bbe", "InstalledFiles": [ "usr/lib/libXext.so.6", "usr/lib/libXext.so.6.4.0" ], "AnalyzedBy": "apk" }, { "ID": "libxfixes@6.0.1-r4", "Name": "libxfixes", "Identifier": { "PURL": "pkg:apk/alpine/libxfixes@6.0.1-r4?arch=x86_64\u0026distro=3.22.1", "UID": "ff38dac5765788" }, "Version": "6.0.1-r4", "Arch": "x86_64", "SrcName": "libxfixes", "SrcVersion": "6.0.1-r4", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libx11@1.8.11-r0", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:c0a8f886165929ed128380e9faf8e894c5aa5462", "InstalledFiles": [ "usr/lib/libXfixes.so.3", "usr/lib/libXfixes.so.3.1.0" ], "AnalyzedBy": "apk" }, { "ID": "libxml2@2.13.8-r0", "Name": "libxml2", "Identifier": { "PURL": "pkg:apk/alpine/libxml2@2.13.8-r0?arch=x86_64\u0026distro=3.22.1", "UID": "d157fbe9fab04a71" }, "Version": "2.13.8-r0", "Arch": "x86_64", "SrcName": "libxml2", "SrcVersion": "2.13.8-r0", "Licenses": [ "MIT" ], "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10", "xz-libs@5.8.1-r0", "zlib@1.3.1-r2" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:0b927e56e207430656606848bfc2b87d56e47144", "InstalledFiles": [ "usr/lib/libxml2.so.2", "usr/lib/libxml2.so.2.13.8" ], "AnalyzedBy": "apk" }, { "ID": "libzmq@4.3.5-r2", "Name": "libzmq", "Identifier": { "PURL": "pkg:apk/alpine/libzmq@4.3.5-r2?arch=x86_64\u0026distro=3.22.1", "UID": "640d4863c07f4753" }, "Version": "4.3.5-r2", "Arch": "x86_64", "SrcName": "zeromq", "SrcVersion": "4.3.5-r2", "Licenses": [ "MPL-2.0" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libgcc@14.2.0-r6", "libsodium@1.0.20-r0", "libstdc++@14.2.0-r6", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:ed8f67b1864f055872e951d0c30d51c217c499e1", "InstalledFiles": [ "usr/lib/libzmq.so.5", "usr/lib/libzmq.so.5.2.5" ], "AnalyzedBy": "apk" }, { "ID": "lilv-libs@0.24.26-r0", "Name": "lilv-libs", "Identifier": { "PURL": "pkg:apk/alpine/lilv-libs@0.24.26-r0?arch=x86_64\u0026distro=3.22.1", "UID": "5b057c4db55f61d8" }, "Version": "0.24.26-r0", "Arch": "x86_64", "SrcName": "lilv", "SrcVersion": "0.24.26-r0", "Licenses": [ "ISC" ], "Maintainer": "David Demelier \u003cmarkand@malikania.fr\u003e", "DependsOn": [ "musl@1.2.5-r10", "serd-libs@0.32.4-r0", "sord-libs@0.16.18-r0", "sratom@0.6.18-r0", "zix-libs@0.6.2-r0" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:c473fdf3abe428db511357acd31cdfabe8f4d9b1", "InstalledFiles": [ "usr/lib/liblilv-0.so.0", "usr/lib/liblilv-0.so.0.24.26" ], "AnalyzedBy": "apk" }, { "ID": "mbedtls@3.6.4-r0", "Name": "mbedtls", "Identifier": { "PURL": "pkg:apk/alpine/mbedtls@3.6.4-r0?arch=x86_64\u0026distro=3.22.1", "UID": "fd9fb762c16491f4" }, "Version": "3.6.4-r0", "Arch": "x86_64", "SrcName": "mbedtls", "SrcVersion": "3.6.4-r0", "Licenses": [ "Apache-2.0", "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:a09cf007d6047636cddb41623f796edaef93ce68", "InstalledFiles": [ "usr/lib/libmbedcrypto.so.16", "usr/lib/libmbedcrypto.so.3.6.4", "usr/lib/libmbedtls.so.21", "usr/lib/libmbedtls.so.3.6.4", "usr/lib/libmbedx509.so.3.6.4", "usr/lib/libmbedx509.so.7" ], "AnalyzedBy": "apk" }, { "ID": "mpg123-libs@1.32.10-r0", "Name": "mpg123-libs", "Identifier": { "PURL": "pkg:apk/alpine/mpg123-libs@1.32.10-r0?arch=x86_64\u0026distro=3.22.1", "UID": "70065c214c3e1e19" }, "Version": "1.32.10-r0", "Arch": "x86_64", "SrcName": "mpg123", "SrcVersion": "1.32.10-r0", "Licenses": [ "LGPL-2.1-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:6fb13a2ff0bf13e67dc416f63012a3dc4d1b388f", "InstalledFiles": [ "usr/lib/libmpg123.so.0", "usr/lib/libmpg123.so.0.48.3", "usr/lib/libout123.so.0", "usr/lib/libout123.so.0.5.1", "usr/lib/libsyn123.so.0", "usr/lib/libsyn123.so.0.2.3" ], "AnalyzedBy": "apk" }, { "ID": "musl@1.2.5-r10", "Name": "musl", "Identifier": { "PURL": "pkg:apk/alpine/musl@1.2.5-r10?arch=x86_64\u0026distro=3.22.1", "UID": "55e7e479f5580f45" }, "Version": "1.2.5-r10", "Arch": "x86_64", "SrcName": "musl", "SrcVersion": "1.2.5-r10", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "Digest": "sha1:59283b61db830a0a0309c98f4db906a2d8fa342b", "InstalledFiles": [ "lib/ld-musl-x86_64.so.1", "lib/libc.musl-x86_64.so.1" ], "AnalyzedBy": "apk" }, { "ID": "musl-utils@1.2.5-r10", "Name": "musl-utils", "Identifier": { "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r10?arch=x86_64\u0026distro=3.22.1", "UID": "73256102bfd5faee" }, "Version": "1.2.5-r10", "Arch": "x86_64", "SrcName": "musl", "SrcVersion": "1.2.5-r10", "Licenses": [ "MIT", "BSD-2-Clause", "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10", "scanelf@1.3.8-r1" ], "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "Digest": "sha1:7e60d0820813baa8ac266bee158394c0a69f104a", "InstalledFiles": [ "sbin/ldconfig", "usr/bin/getconf", "usr/bin/getent", "usr/bin/iconv", "usr/bin/ldd" ], "AnalyzedBy": "apk" }, { "ID": "ncurses-terminfo-base@6.5_p20250503-r0", "Name": "ncurses-terminfo-base", "Identifier": { "PURL": "pkg:apk/alpine/ncurses-terminfo-base@6.5_p20250503-r0?arch=x86_64\u0026distro=3.22.1", "UID": "894c1596a3cf9412" }, "Version": "6.5_p20250503-r0", "Arch": "x86_64", "SrcName": "ncurses", "SrcVersion": "6.5_p20250503-r0", "Licenses": [ "X-11" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:fea2cc088f02df2feb5da718e70123647f0ef8f7", "InstalledFiles": [ "etc/terminfo/a/alacritty", "etc/terminfo/a/ansi", "etc/terminfo/d/dumb", "etc/terminfo/g/gnome", "etc/terminfo/g/gnome-256color", "etc/terminfo/k/konsole", "etc/terminfo/k/konsole-256color", "etc/terminfo/k/konsole-linux", "etc/terminfo/l/linux", "etc/terminfo/p/putty", "etc/terminfo/p/putty-256color", "etc/terminfo/r/rxvt", "etc/terminfo/r/rxvt-256color", "etc/terminfo/s/screen", "etc/terminfo/s/screen-256color", "etc/terminfo/s/st-0.6", "etc/terminfo/s/st-0.7", "etc/terminfo/s/st-0.8", "etc/terminfo/s/st-0.8.5", "etc/terminfo/s/st-16color", "etc/terminfo/s/st-256color", "etc/terminfo/s/st-direct", "etc/terminfo/s/sun", "etc/terminfo/t/terminator", "etc/terminfo/t/terminology", "etc/terminfo/t/terminology-0.6.1", "etc/terminfo/t/terminology-1.0.0", "etc/terminfo/t/terminology-1.8.1", "etc/terminfo/t/tmux", "etc/terminfo/t/tmux-256color", "etc/terminfo/v/vt100", "etc/terminfo/v/vt102", "etc/terminfo/v/vt200", "etc/terminfo/v/vt220", "etc/terminfo/v/vt52", "etc/terminfo/v/vte", "etc/terminfo/v/vte-256color", "etc/terminfo/x/xterm", "etc/terminfo/x/xterm-256color", "etc/terminfo/x/xterm-color", "etc/terminfo/x/xterm-xfree86" ], "AnalyzedBy": "apk" }, { "ID": "numactl@2.0.18-r0", "Name": "numactl", "Identifier": { "PURL": "pkg:apk/alpine/numactl@2.0.18-r0?arch=x86_64\u0026distro=3.22.1", "UID": "3c885693f1a7427e" }, "Version": "2.0.18-r0", "Arch": "x86_64", "SrcName": "numactl", "SrcVersion": "2.0.18-r0", "Licenses": [ "LGPL-2.1-only" ], "Maintainer": "Daniel Sabogal \u003cdsabogalcc@gmail.com\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:4cf3db7db6738f08a16ab05d10aefe621a564a13", "InstalledFiles": [ "usr/lib/libnuma.so.1", "usr/lib/libnuma.so.1.0.0" ], "AnalyzedBy": "apk" }, { "ID": "onevpl-libs@2023.3.1-r2", "Name": "onevpl-libs", "Identifier": { "PURL": "pkg:apk/alpine/onevpl-libs@2023.3.1-r2?arch=x86_64\u0026distro=3.22.1", "UID": "30c7ccb581540253" }, "Version": "2023.3.1-r2", "Arch": "x86_64", "SrcName": "onevpl", "SrcVersion": "2023.3.1-r2", "Licenses": [ "MIT" ], "Maintainer": "Krassy Boykinov \u003ckboykinov@teamcentrixx.com\u003e", "DependsOn": [ "libgcc@14.2.0-r6", "libstdc++@14.2.0-r6", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:ecbcde31409026999dc154ddab6a3dedab77225f", "InstalledFiles": [ "usr/lib/libvpl.so.2", "usr/lib/libvpl.so.2.9" ], "AnalyzedBy": "apk" }, { "ID": "openexr-libiex@3.3.2-r0", "Name": "openexr-libiex", "Identifier": { "PURL": "pkg:apk/alpine/openexr-libiex@3.3.2-r0?arch=x86_64\u0026distro=3.22.1", "UID": "cdfd616d63baaa93" }, "Version": "3.3.2-r0", "Arch": "x86_64", "SrcName": "openexr", "SrcVersion": "3.3.2-r0", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Mark Riedesel \u003cmark+alpine@klowner.com\u003e", "DependsOn": [ "libgcc@14.2.0-r6", "libstdc++@14.2.0-r6", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:8d5e760f5a09a28ee61778965aec042c7f45c902", "InstalledFiles": [ "usr/lib/libIex-3_3.so.32", "usr/lib/libIex-3_3.so.32.3.3.2" ], "AnalyzedBy": "apk" }, { "ID": "openexr-libilmthread@3.3.2-r0", "Name": "openexr-libilmthread", "Identifier": { "PURL": "pkg:apk/alpine/openexr-libilmthread@3.3.2-r0?arch=x86_64\u0026distro=3.22.1", "UID": "10a5ce8857a62438" }, "Version": "3.3.2-r0", "Arch": "x86_64", "SrcName": "openexr", "SrcVersion": "3.3.2-r0", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Mark Riedesel \u003cmark+alpine@klowner.com\u003e", "DependsOn": [ "libgcc@14.2.0-r6", "libstdc++@14.2.0-r6", "musl@1.2.5-r10", "openexr-libiex@3.3.2-r0" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:1225087ab126d99506e0254cc4c5fe61f4ac3674", "InstalledFiles": [ "usr/lib/libIlmThread-3_3.so.32", "usr/lib/libIlmThread-3_3.so.32.3.3.2" ], "AnalyzedBy": "apk" }, { "ID": "openexr-libopenexr@3.3.2-r0", "Name": "openexr-libopenexr", "Identifier": { "PURL": "pkg:apk/alpine/openexr-libopenexr@3.3.2-r0?arch=x86_64\u0026distro=3.22.1", "UID": "c36eb059c4b7492d" }, "Version": "3.3.2-r0", "Arch": "x86_64", "SrcName": "openexr", "SrcVersion": "3.3.2-r0", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Mark Riedesel \u003cmark+alpine@klowner.com\u003e", "DependsOn": [ "imath@3.1.12-r0", "libgcc@14.2.0-r6", "libstdc++@14.2.0-r6", "musl@1.2.5-r10", "openexr-libiex@3.3.2-r0", "openexr-libilmthread@3.3.2-r0", "openexr-libopenexrcore@3.3.2-r0" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:edc0b9680d83ea250eaa5400dd146ecd479e01e5", "InstalledFiles": [ "usr/lib/libOpenEXR-3_3.so.32", "usr/lib/libOpenEXR-3_3.so.32.3.3.2" ], "AnalyzedBy": "apk" }, { "ID": "openexr-libopenexrcore@3.3.2-r0", "Name": "openexr-libopenexrcore", "Identifier": { "PURL": "pkg:apk/alpine/openexr-libopenexrcore@3.3.2-r0?arch=x86_64\u0026distro=3.22.1", "UID": "7854bb25ca2dab72" }, "Version": "3.3.2-r0", "Arch": "x86_64", "SrcName": "openexr", "SrcVersion": "3.3.2-r0", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Mark Riedesel \u003cmark+alpine@klowner.com\u003e", "DependsOn": [ "libdeflate@1.23-r0", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:22aeb8074b8f3e6d1244eb6b84da4e17b3f0a80d", "InstalledFiles": [ "usr/lib/libOpenEXRCore-3_3.so.32", "usr/lib/libOpenEXRCore-3_3.so.32.3.3.2" ], "AnalyzedBy": "apk" }, { "ID": "opus@1.5.2-r1", "Name": "opus", "Identifier": { "PURL": "pkg:apk/alpine/opus@1.5.2-r1?arch=x86_64\u0026distro=3.22.1", "UID": "adba5282ef27d4d2" }, "Version": "1.5.2-r1", "Arch": "x86_64", "SrcName": "opus", "SrcVersion": "1.5.2-r1", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Francesco Colista \u003cfcolista@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:c63abe84baa398cc5b1c8ad016918d4329b708bb", "InstalledFiles": [ "usr/lib/libopus.so.0", "usr/lib/libopus.so.0.10.1" ], "AnalyzedBy": "apk" }, { "ID": "orc@0.4.40-r1", "Name": "orc", "Identifier": { "PURL": "pkg:apk/alpine/orc@0.4.40-r1?arch=x86_64\u0026distro=3.22.1", "UID": "ce424ac67d05a3d5" }, "Version": "0.4.40-r1", "Arch": "x86_64", "SrcName": "orc", "SrcVersion": "0.4.40-r1", "Licenses": [ "BSD-2-Clause" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:b6bfb5e4dc21d791861e4c4a11702c6344078c6b", "InstalledFiles": [ "usr/lib/liborc-0.4.so.0", "usr/lib/liborc-0.4.so.0.40.0" ], "AnalyzedBy": "apk" }, { "ID": "pcre2@10.43-r1", "Name": "pcre2", "Identifier": { "PURL": "pkg:apk/alpine/pcre2@10.43-r1?arch=x86_64\u0026distro=3.22.1", "UID": "286dcfd16f9648c3" }, "Version": "10.43-r1", "Arch": "x86_64", "SrcName": "pcre2", "SrcVersion": "10.43-r1", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Jakub Jirutka \u003cjakub@jirutka.cz\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:b3ef6da02d09ea70001e9770b314b6adf3586c7a", "InstalledFiles": [ "usr/lib/libpcre2-8.so.0", "usr/lib/libpcre2-8.so.0.12.0", "usr/lib/libpcre2-posix.so.3", "usr/lib/libpcre2-posix.so.3.0.5" ], "AnalyzedBy": "apk" }, { "ID": "rav1e-libs@0.7.1-r0", "Name": "rav1e-libs", "Identifier": { "PURL": "pkg:apk/alpine/rav1e-libs@0.7.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "fc985aa0b2eef854" }, "Version": "0.7.1-r0", "Arch": "x86_64", "SrcName": "rav1e", "SrcVersion": "0.7.1-r0", "Licenses": [ "BSD-2-Clause", "custom" ], "Maintainer": "Oleg Titov \u003coleg.titov@gmail.com\u003e", "DependsOn": [ "libgcc@14.2.0-r6", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:5d64139ca90da77d86e9ff6e11c75d82b10a2319", "InstalledFiles": [ "usr/lib/librav1e.so.0.7", "usr/lib/librav1e.so.0.7.1" ], "AnalyzedBy": "apk" }, { "ID": "readline@8.2.13-r1", "Name": "readline", "Identifier": { "PURL": "pkg:apk/alpine/readline@8.2.13-r1?arch=x86_64\u0026distro=3.22.1", "UID": "37d71f5ec630233b" }, "Version": "8.2.13-r1", "Arch": "x86_64", "SrcName": "readline", "SrcVersion": "8.2.13-r1", "Licenses": [ "GPL-3.0-or-later" ], "Maintainer": "Celeste \u003ccielesti@protonmail.com\u003e", "DependsOn": [ "libncursesw@6.5_p20250503-r0", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:d305640121793fd79a7636ed10fcc6cb10155e38", "InstalledFiles": [ "etc/inputrc", "usr/lib/libreadline.so.8", "usr/lib/libreadline.so.8.2" ], "AnalyzedBy": "apk" }, { "ID": "scanelf@1.3.8-r1", "Name": "scanelf", "Identifier": { "PURL": "pkg:apk/alpine/scanelf@1.3.8-r1?arch=x86_64\u0026distro=3.22.1", "UID": "be156a8575875ef7" }, "Version": "1.3.8-r1", "Arch": "x86_64", "SrcName": "pax-utils", "SrcVersion": "1.3.8-r1", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "Digest": "sha1:bd6dd1c820d476bcdf8ee38f003bcf2a73323b13", "InstalledFiles": [ "usr/bin/scanelf" ], "AnalyzedBy": "apk" }, { "ID": "sdl2-compat@2.32.56-r0", "Name": "sdl2-compat", "Identifier": { "PURL": "pkg:apk/alpine/sdl2-compat@2.32.56-r0?arch=x86_64\u0026distro=3.22.1", "UID": "cbf7fcda86c2eeba" }, "Version": "2.32.56-r0", "Arch": "x86_64", "SrcName": "sdl2-compat", "SrcVersion": "2.32.56-r0", "Licenses": [ "Zlib" ], "Maintainer": "fossdd \u003cfossdd@pwned.life\u003e", "DependsOn": [ "musl@1.2.5-r10", "sdl3@3.2.16-r0" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:88501c8077a06e7a4bf7bd9df9807651671c8b86", "InstalledFiles": [ "usr/lib/libSDL2-2.0.so.0", "usr/lib/libSDL2-2.0.so.0.3200.56" ], "AnalyzedBy": "apk" }, { "ID": "sdl3@3.2.16-r0", "Name": "sdl3", "Identifier": { "PURL": "pkg:apk/alpine/sdl3@3.2.16-r0?arch=x86_64\u0026distro=3.22.1", "UID": "f2cd1287a58879a0" }, "Version": "3.2.16-r0", "Arch": "x86_64", "SrcName": "sdl3", "SrcVersion": "3.2.16-r0", "Licenses": [ "Zlib" ], "Maintainer": "Simon Zeni \u003csimon@bl4ckb0ne.ca\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:845b90008b7a4b5034142406bcd55f0a24232d9f", "InstalledFiles": [ "usr/lib/libSDL3.so.0", "usr/lib/libSDL3.so.0.2.16" ], "AnalyzedBy": "apk" }, { "ID": "serd-libs@0.32.4-r0", "Name": "serd-libs", "Identifier": { "PURL": "pkg:apk/alpine/serd-libs@0.32.4-r0?arch=x86_64\u0026distro=3.22.1", "UID": "83ade4869c48e765" }, "Version": "0.32.4-r0", "Arch": "x86_64", "SrcName": "serd", "SrcVersion": "0.32.4-r0", "Licenses": [ "ISC" ], "Maintainer": "David Demelier \u003cmarkand@malikania.fr\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:bd0858718d309370e3b0f318b97c967463502710", "InstalledFiles": [ "usr/lib/libserd-0.so.0", "usr/lib/libserd-0.so.0.32.4" ], "AnalyzedBy": "apk" }, { "ID": "shaderc@2024.4-r0", "Name": "shaderc", "Identifier": { "PURL": "pkg:apk/alpine/shaderc@2024.4-r0?arch=x86_64\u0026distro=3.22.1", "UID": "a08ec1e6674176ec" }, "Version": "2024.4-r0", "Arch": "x86_64", "SrcName": "shaderc", "SrcVersion": "2024.4-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Simon Zeni \u003csimon@bl4ckb0ne.ca\u003e", "DependsOn": [ "glslang-libs@1.4.309.0-r0", "libgcc@14.2.0-r6", "libstdc++@14.2.0-r6", "musl@1.2.5-r10", "spirv-tools@1.4.313.0-r0" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:de6e3cae196219c80e8982261759e2ff528e97bc", "InstalledFiles": [ "usr/bin/glslc", "usr/lib/libshaderc_shared.so.1" ], "AnalyzedBy": "apk" }, { "ID": "sord-libs@0.16.18-r0", "Name": "sord-libs", "Identifier": { "PURL": "pkg:apk/alpine/sord-libs@0.16.18-r0?arch=x86_64\u0026distro=3.22.1", "UID": "c6282dde530d39a9" }, "Version": "0.16.18-r0", "Arch": "x86_64", "SrcName": "sord", "SrcVersion": "0.16.18-r0", "Licenses": [ "ISC" ], "Maintainer": "David Demelier \u003cmarkand@malikania.fr\u003e", "DependsOn": [ "musl@1.2.5-r10", "serd-libs@0.32.4-r0", "zix-libs@0.6.2-r0" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:b48db46612779b6a9be5cb3af165d5373a5b745c", "InstalledFiles": [ "usr/lib/libsord-0.so.0", "usr/lib/libsord-0.so.0.16.18" ], "AnalyzedBy": "apk" }, { "ID": "soxr@0.1.3-r7", "Name": "soxr", "Identifier": { "PURL": "pkg:apk/alpine/soxr@0.1.3-r7?arch=x86_64\u0026distro=3.22.1", "UID": "279cea8fe7557214" }, "Version": "0.1.3-r7", "Arch": "x86_64", "SrcName": "soxr", "SrcVersion": "0.1.3-r7", "Licenses": [ "LGPL-2.1-or-later" ], "Maintainer": "Francesco Colista \u003cfcolista@alpinelinux.org\u003e", "DependsOn": [ "libgomp@14.2.0-r6", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:16bb3ea5933a59f13f92d1f465171d6536253562", "InstalledFiles": [ "usr/lib/libsoxr-lsr.so.0", "usr/lib/libsoxr-lsr.so.0.1.9", "usr/lib/libsoxr.so.0", "usr/lib/libsoxr.so.0.1.2" ], "AnalyzedBy": "apk" }, { "ID": "speexdsp@1.2.1-r2", "Name": "speexdsp", "Identifier": { "PURL": "pkg:apk/alpine/speexdsp@1.2.1-r2?arch=x86_64\u0026distro=3.22.1", "UID": "dad5b9c7c312d2f7" }, "Version": "1.2.1-r2", "Arch": "x86_64", "SrcName": "speexdsp", "SrcVersion": "1.2.1-r2", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:8cfae83eccab259534a079b99e9f55d3c02381d0", "InstalledFiles": [ "usr/lib/libspeexdsp.so.1", "usr/lib/libspeexdsp.so.1.5.2" ], "AnalyzedBy": "apk" }, { "ID": "spirv-tools@1.4.313.0-r0", "Name": "spirv-tools", "Identifier": { "PURL": "pkg:apk/alpine/spirv-tools@1.4.313.0-r0?arch=x86_64\u0026distro=3.22.1", "UID": "e1f71a0eb1f840c7" }, "Version": "1.4.313.0-r0", "Arch": "x86_64", "SrcName": "spirv-tools", "SrcVersion": "1.4.313.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Simon Zeni \u003csimon@bl4ckb0ne.ca\u003e", "DependsOn": [ "libstdc++@14.2.0-r6", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:529d4e6685ae605340e6e45bdb032cc5327ce68a", "InstalledFiles": [ "usr/bin/spirv-as", "usr/bin/spirv-cfg", "usr/bin/spirv-dis", "usr/bin/spirv-lesspipe.sh", "usr/bin/spirv-link", "usr/bin/spirv-lint", "usr/bin/spirv-objdump", "usr/bin/spirv-opt", "usr/bin/spirv-reduce", "usr/bin/spirv-val", "usr/lib/libSPIRV-Tools-diff.so", "usr/lib/libSPIRV-Tools-link.so", "usr/lib/libSPIRV-Tools-lint.so", "usr/lib/libSPIRV-Tools-opt.so", "usr/lib/libSPIRV-Tools-reduce.so", "usr/lib/libSPIRV-Tools-shared.so", "usr/lib/libSPIRV-Tools.so" ], "AnalyzedBy": "apk" }, { "ID": "sratom@0.6.18-r0", "Name": "sratom", "Identifier": { "PURL": "pkg:apk/alpine/sratom@0.6.18-r0?arch=x86_64\u0026distro=3.22.1", "UID": "2bdef87fa45c89f" }, "Version": "0.6.18-r0", "Arch": "x86_64", "SrcName": "sratom", "SrcVersion": "0.6.18-r0", "Licenses": [ "ISC" ], "Maintainer": "David Demelier \u003cmarkand@malikania.fr\u003e", "DependsOn": [ "musl@1.2.5-r10", "serd-libs@0.32.4-r0", "sord-libs@0.16.18-r0" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:d04868e23bab2ac601678268b5a897d763500efc", "InstalledFiles": [ "usr/lib/libsratom-0.so.0", "usr/lib/libsratom-0.so.0.6.18" ], "AnalyzedBy": "apk" }, { "ID": "ssl_client@1.37.0-r18", "Name": "ssl_client", "Identifier": { "PURL": "pkg:apk/alpine/ssl_client@1.37.0-r18?arch=x86_64\u0026distro=3.22.1", "UID": "24ada6e59ed92743" }, "Version": "1.37.0-r18", "Arch": "x86_64", "SrcName": "busybox", "SrcVersion": "1.37.0-r18", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", "DependsOn": [ "libcrypto3@3.5.1-r0", "libssl3@3.5.1-r0", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "Digest": "sha1:7fa2e0f5a78d7061d18653bc5e38cb83c42d2f3a", "InstalledFiles": [ "usr/bin/ssl_client" ], "AnalyzedBy": "apk" }, { "ID": "tdb-libs@1.4.12-r0", "Name": "tdb-libs", "Identifier": { "PURL": "pkg:apk/alpine/tdb-libs@1.4.12-r0?arch=x86_64\u0026distro=3.22.1", "UID": "1ea01a44df9b1720" }, "Version": "1.4.12-r0", "Arch": "x86_64", "SrcName": "tdb", "SrcVersion": "1.4.12-r0", "Licenses": [ "LGPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:b13ec109b8310e7735717c35996fcfe3f760516e", "InstalledFiles": [ "usr/lib/libtdb.so.1", "usr/lib/libtdb.so.1.4.12" ], "AnalyzedBy": "apk" }, { "ID": "v4l-utils-libs@1.28.1-r1", "Name": "v4l-utils-libs", "Identifier": { "PURL": "pkg:apk/alpine/v4l-utils-libs@1.28.1-r1?arch=x86_64\u0026distro=3.22.1", "UID": "a1413bd07970e59f" }, "Version": "1.28.1-r1", "Arch": "x86_64", "SrcName": "v4l-utils", "SrcVersion": "1.28.1-r1", "Licenses": [ "LGPL-2.0-or-later" ], "Maintainer": "Francesco Colista \u003cfcolista@alpinelinux.org\u003e", "DependsOn": [ "libjpeg-turbo@3.1.0-r0", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:0a0a8c823b9a8afbfc3070349a19fa1af3b0990c", "InstalledFiles": [ "usr/lib/libv4l1.so.0", "usr/lib/libv4l1.so.0.0.0", "usr/lib/libv4l2.so.0", "usr/lib/libv4l2.so.0.0.0", "usr/lib/libv4l2rds.so.0", "usr/lib/libv4l2rds.so.0.0.0", "usr/lib/libv4lconvert.so.0", "usr/lib/libv4lconvert.so.0.0.0", "usr/lib/libv4l/ov511-decomp", "usr/lib/libv4l/ov518-decomp", "usr/lib/libv4l/v4l1compat.so", "usr/lib/libv4l/v4l2convert.so", "usr/lib/libv4l/plugins/libv4l-mplane.so" ], "AnalyzedBy": "apk" }, { "ID": "vidstab@1.1.1-r0", "Name": "vidstab", "Identifier": { "PURL": "pkg:apk/alpine/vidstab@1.1.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "9f3489bf5937dee1" }, "Version": "1.1.1-r0", "Arch": "x86_64", "SrcName": "vidstab", "SrcVersion": "1.1.1-r0", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Bart Ribbers \u003cbribbers@disroot.org\u003e", "DependsOn": [ "libgomp@14.2.0-r6", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:446c2c17e1406d1490fe18b6782fb24b406dbab4", "InstalledFiles": [ "usr/lib/libvidstab.so.1.2" ], "AnalyzedBy": "apk" }, { "ID": "vulkan-loader@1.4.313.0-r0", "Name": "vulkan-loader", "Identifier": { "PURL": "pkg:apk/alpine/vulkan-loader@1.4.313.0-r0?arch=x86_64\u0026distro=3.22.1", "UID": "712f70d4023f6b42" }, "Version": "1.4.313.0-r0", "Arch": "x86_64", "SrcName": "vulkan-loader", "SrcVersion": "1.4.313.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Simon Zeni \u003csimon@bl4ckb0ne.ca\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:ff5dff6998e9912a5ac8fbd92951a927d7530823", "InstalledFiles": [ "usr/lib/libvulkan.so.1", "usr/lib/libvulkan.so.1.4.313" ], "AnalyzedBy": "apk" }, { "ID": "wayland-libs-client@1.23.1-r3", "Name": "wayland-libs-client", "Identifier": { "PURL": "pkg:apk/alpine/wayland-libs-client@1.23.1-r3?arch=x86_64\u0026distro=3.22.1", "UID": "c75592ea31efaa50" }, "Version": "1.23.1-r3", "Arch": "x86_64", "SrcName": "wayland", "SrcVersion": "1.23.1-r3", "Licenses": [ "MIT" ], "Maintainer": "Peter Shkenev \u003csanturysim@gmail.com\u003e", "DependsOn": [ "libffi@3.4.8-r0", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:ea0f307c796d5b52e9996c072aa933db00e4fc25", "InstalledFiles": [ "usr/lib/libwayland-client.so.0", "usr/lib/libwayland-client.so.0.23.1" ], "AnalyzedBy": "apk" }, { "ID": "x264-libs@0.164.3108-r0", "Name": "x264-libs", "Identifier": { "PURL": "pkg:apk/alpine/x264-libs@0.164.3108-r0?arch=x86_64\u0026distro=3.22.1", "UID": "e1c4c5322a975f30" }, "Version": "0.164.3108-r0", "Arch": "x86_64", "SrcName": "x264", "SrcVersion": "0.164.3108-r0", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:29f301cb84137811e40bc5ebda2a31e8a13e0f12", "InstalledFiles": [ "usr/lib/libx264.so.164" ], "AnalyzedBy": "apk" }, { "ID": "x265-libs@3.6-r0", "Name": "x265-libs", "Identifier": { "PURL": "pkg:apk/alpine/x265-libs@3.6-r0?arch=x86_64\u0026distro=3.22.1", "UID": "2e0b049afaf8eff0" }, "Version": "3.6-r0", "Arch": "x86_64", "SrcName": "x265", "SrcVersion": "3.6-r0", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libstdc++@14.2.0-r6", "musl@1.2.5-r10", "numactl@2.0.18-r0" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:e3c0ce1f33d509174d2fe6cc0be7d5959f0d488f", "InstalledFiles": [ "usr/lib/libx265.so.209" ], "AnalyzedBy": "apk" }, { "ID": "xvidcore@1.3.7-r2", "Name": "xvidcore", "Identifier": { "PURL": "pkg:apk/alpine/xvidcore@1.3.7-r2?arch=x86_64\u0026distro=3.22.1", "UID": "97e9305976b03af5" }, "Version": "1.3.7-r2", "Arch": "x86_64", "SrcName": "xvidcore", "SrcVersion": "1.3.7-r2", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:1624be47f94fb6f2506170a2a74e52f75bd26c06", "InstalledFiles": [ "usr/lib/libxvidcore.so.4", "usr/lib/libxvidcore.so.4.3" ], "AnalyzedBy": "apk" }, { "ID": "xz-libs@5.8.1-r0", "Name": "xz-libs", "Identifier": { "PURL": "pkg:apk/alpine/xz-libs@5.8.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "8bd18e17467b35f2" }, "Version": "5.8.1-r0", "Arch": "x86_64", "SrcName": "xz", "SrcVersion": "5.8.1-r0", "Licenses": [ "GPL-2.0-or-later", "0BSD", "Public-Domain", "LGPL-2.1-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:fdcdb7d0dc44dd546165ae313122b01d6a20f931", "InstalledFiles": [ "usr/lib/liblzma.so.5", "usr/lib/liblzma.so.5.8.1" ], "AnalyzedBy": "apk" }, { "ID": "zimg@3.0.5-r3", "Name": "zimg", "Identifier": { "PURL": "pkg:apk/alpine/zimg@3.0.5-r3?arch=x86_64\u0026distro=3.22.1", "UID": "342b4007301215ac" }, "Version": "3.0.5-r3", "Arch": "x86_64", "SrcName": "zimg", "SrcVersion": "3.0.5-r3", "Licenses": [ "WTFPL" ], "Maintainer": "Patrycja Rosa \u003calpine@ptrcnull.me\u003e", "DependsOn": [ "libgcc@14.2.0-r6", "libstdc++@14.2.0-r6", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:65f09609dfce68494573a1dd2098d3bc1f871de8", "InstalledFiles": [ "usr/lib/libzimg.so.2", "usr/lib/libzimg.so.2.0.0" ], "AnalyzedBy": "apk" }, { "ID": "zix-libs@0.6.2-r0", "Name": "zix-libs", "Identifier": { "PURL": "pkg:apk/alpine/zix-libs@0.6.2-r0?arch=x86_64\u0026distro=3.22.1", "UID": "7b1f5f25bcde443a" }, "Version": "0.6.2-r0", "Arch": "x86_64", "SrcName": "zix", "SrcVersion": "0.6.2-r0", "Licenses": [ "ISC" ], "Maintainer": "David Demelier \u003cmarkand@malikania.fr\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "Digest": "sha1:9f5f2ea24f8a9917e45d8dd640a1a95e47c748ac", "InstalledFiles": [ "usr/lib/libzix-0.so.0", "usr/lib/libzix-0.so.0.6.2" ], "AnalyzedBy": "apk" }, { "ID": "zlib@1.3.1-r2", "Name": "zlib", "Identifier": { "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.22.1", "UID": "23095b6210429e11" }, "Version": "1.3.1-r2", "Arch": "x86_64", "SrcName": "zlib", "SrcVersion": "1.3.1-r2", "Licenses": [ "Zlib" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "Digest": "sha1:bf7d90d89e5429c18167b91ab8d7e6256cfc7fdf", "InstalledFiles": [ "usr/lib/libz.so.1", "usr/lib/libz.so.1.3.1" ], "AnalyzedBy": "apk" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2024-58251", "PkgID": "busybox@1.37.0-r18", "PkgName": "busybox", "PkgIdentifier": { "PURL": "pkg:apk/alpine/busybox@1.37.0-r18?arch=x86_64\u0026distro=3.22.1", "UID": "3da78128164dbbc4" }, "InstalledVersion": "1.37.0-r18", "FixedVersion": "1.37.0-r20", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:44426e3e02c1ad173d8897fd4b46a1ddcf0c921036e699e838936dfc6ad35059", "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", "Severity": "MEDIUM", "CweIDs": [ "CWE-150" ], "VendorSeverity": { "ubuntu": 2 }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/23/6", "https://bugs.busybox.net/show_bug.cgi?id=15922", "https://www.busybox.net", "https://www.busybox.net/downloads/", "https://www.cve.org/CVERecord?id=CVE-2024-58251" ], "PublishedDate": "2025-04-23T18:16:03.057Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-58251", "PkgID": "busybox-binsh@1.37.0-r18", "PkgName": "busybox-binsh", "PkgIdentifier": { "PURL": "pkg:apk/alpine/busybox-binsh@1.37.0-r18?arch=x86_64\u0026distro=3.22.1", "UID": "c66405e3f8ffde54" }, "InstalledVersion": "1.37.0-r18", "FixedVersion": "1.37.0-r20", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:101c58323064811982af6420b392fac541257c05506da621b78daffa05b9f80f", "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", "Severity": "MEDIUM", "CweIDs": [ "CWE-150" ], "VendorSeverity": { "ubuntu": 2 }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/23/6", "https://bugs.busybox.net/show_bug.cgi?id=15922", "https://www.busybox.net", "https://www.busybox.net/downloads/", "https://www.cve.org/CVERecord?id=CVE-2024-58251" ], "PublishedDate": "2025-04-23T18:16:03.057Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-57052", "PkgID": "cjson@1.7.18-r1", "PkgName": "cjson", "PkgIdentifier": { "PURL": "pkg:apk/alpine/cjson@1.7.18-r1?arch=x86_64\u0026distro=3.22.1", "UID": "93f520d50c2b1445" }, "InstalledVersion": "1.7.18-r1", "FixedVersion": "1.7.19-r0", "Status": "fixed", "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-57052", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:85db3c576fd4c9ddeee2dcbbabaed6cf8048a00456603d155c979c4b445e3071", "Title": "cJSON: out-of-bounds access in decode_array_index_from_pointer() in cJSON_Utils.c via crafted JSON pointer strings", "Description": "cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters.", "Severity": "HIGH", "CweIDs": [ "CWE-125", "CWE-129" ], "VendorSeverity": { "redhat": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-57052", "https://github.com/DaveGamble/cJSON/commit/74e1ff4994aa4139126967f6d289b675b4b36fef", "https://github.com/DaveGamble/cJSON/pull/957", "https://lists.debian.org/debian-lts-announce/2025/09/msg00019.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-57052", "https://ubuntu.com/security/notices/USN-7973-1", "https://www.cve.org/CVERecord?id=CVE-2025-57052", "https://x-0r.com/posts/cJSON-Array-Index-Parsing-Vulnerability" ], "PublishedDate": "2025-09-03T15:15:38.25Z", "LastModifiedDate": "2025-11-03T19:16:12.46Z" }, { "VulnerabilityID": "CVE-2026-41254", "PkgID": "lcms2@2.16-r0", "PkgName": "lcms2", "PkgIdentifier": { "PURL": "pkg:apk/alpine/lcms2@2.16-r0?arch=x86_64\u0026distro=3.22.1", "UID": "37892de0d9654e69" }, "InstalledVersion": "2.16-r0", "FixedVersion": "2.19-r0", "Status": "fixed", "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-41254", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:2bf9c1bfc727df905c1bad479d6c1a347c9cb33f880e20db07564b6c0e5a0f06", "Title": "Little CMS: lcms2: mm2/Little-CMS: Little CMS: Information disclosure or denial of service via integer overflow in CubeSize", "Description": "Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication.", "Severity": "HIGH", "CweIDs": [ "CWE-696", "CWE-190" ], "VendorSeverity": { "amazon": 2, "azure": 2, "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "V3Score": 6.1 } }, "References": [ "https://abhinavagarwal07.github.io/posts/lcms2-cubesize-overflow/", "https://access.redhat.com/security/cve/CVE-2026-41254", "https://github.com/mm2/Little-CMS/commit/da6110b1d14abc394633a388209abd5ebedd7ab0", "https://github.com/mm2/Little-CMS/commit/e0641b1828d0a1af5ecb1b11fe22f24fceefd4bc", "https://github.com/mm2/Little-CMS/security/advisories/GHSA-4xp6-rcgg-m9qq", "https://lists.debian.org/debian-lts-announce/2026/05/msg00014.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-41254", "https://ubuntu.com/security/notices/USN-8209-1", "https://www.cve.org/CVERecord?id=CVE-2026-41254", "https://www.openwall.com/lists/oss-security/2026/04/17/16" ], "PublishedDate": "2026-04-18T07:16:10.807Z", "LastModifiedDate": "2026-05-07T18:16:19.3Z" }, { "VulnerabilityID": "CVE-2026-31789", "PkgID": "libcrypto3@3.5.1-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "d1c0fc0b189b35f2" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31789", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:61a955f305d08dc7cdf6911e9334752655a166797ad7d2f2de6ccbbeb562c517", "Title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing", "Description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "CRITICAL", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "azure": 2, "nvd": 4, "photon": 4, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", "V3Score": 5.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31789", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-j79m-9jxq-788r", "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-31789", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.617Z", "LastModifiedDate": "2026-05-12T13:17:34.57Z" }, { "VulnerabilityID": "CVE-2025-15467", "PkgID": "libcrypto3@3.5.1-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "d1c0fc0b189b35f2" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15467", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:66f890174c4eafe27262cc7cdf727cf862a47d293588b08bd6e9988d8be40674", "Title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing", "Description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 4, "julia": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 8.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/27/10", "http://www.openwall.com/lists/oss-security/2026/02/25/6", "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-15467", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-wvhq-3h88-rf6g", "https://github.com/guiimoraes/CVE-2025-15467", "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://linux.oracle.com/cve/CVE-2025-15467.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://www.cve.org/CVERecord?id=CVE-2025-15467" ], "PublishedDate": "2026-01-27T16:16:14.257Z", "LastModifiedDate": "2026-05-07T18:12:43.253Z" }, { "VulnerabilityID": "CVE-2025-69421", "PkgID": "libcrypto3@3.5.1-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "d1c0fc0b189b35f2" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69421", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:965f3fc5e9cb65c84b0dde0e9aadd25dd04821c68022cf49e3f3c95bd3dd575e", "Title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing", "Description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "cbl-mariner": 2, "julia": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 1, "rocky": 3, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-69421", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-w9rv-xc8m-cmqp", "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://linux.oracle.com/cve/CVE-2025-69421.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69421" ], "PublishedDate": "2026-01-27T16:16:34.437Z", "LastModifiedDate": "2026-05-12T13:17:26.71Z" }, { "VulnerabilityID": "CVE-2026-28387", "PkgID": "libcrypto3@3.5.1-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "d1c0fc0b189b35f2" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28387", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:c1b103957265fac1aa5ab998743320a9d4381119d75c8ae16de127688b14237d", "Title": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication", "Description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as 'unusable' any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28387", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b", "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe", "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3", "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7", "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177", "https://nvd.nist.gov/vuln/detail/CVE-2026-28387", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28387", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:20.7Z", "LastModifiedDate": "2026-05-12T13:17:33.27Z" }, { "VulnerabilityID": "CVE-2026-28388", "PkgID": "libcrypto3@3.5.1-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "d1c0fc0b189b35f2" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28388", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:016902b64d5014ac01de1ddb59ad685822c3d6f4476b7756cba6d5a0c6629475", "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing", "Description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28388", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28388", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:20.863Z", "LastModifiedDate": "2026-05-12T13:17:33.453Z" }, { "VulnerabilityID": "CVE-2026-28389", "PkgID": "libcrypto3@3.5.1-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "d1c0fc0b189b35f2" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28389", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:04f7c798493ba35260ac5031f9b4f915c075a11bf4c70c7d8dacd0d8c584cf7d", "Title": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing", "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28389", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/advisories/GHSA-7x88-9hgc-69gf", "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28389", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.03Z", "LastModifiedDate": "2026-05-12T13:17:33.637Z" }, { "VulnerabilityID": "CVE-2026-28390", "PkgID": "libcrypto3@3.5.1-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "d1c0fc0b189b35f2" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28390", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:a9f24bcbd588a6d0b452e9e33e8e22683444e6cd1ece9a06d144cce6e07c5f0d", "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing", "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28390", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", "https://nvd.nist.gov/vuln/detail/CVE-2026-28390", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28390", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.19Z", "LastModifiedDate": "2026-05-12T13:17:33.81Z" }, { "VulnerabilityID": "CVE-2025-11187", "PkgID": "libcrypto3@3.5.1-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "d1c0fc0b189b35f2" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11187", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:7f3e385fe0f5f888d80223201d5454f510523bbd53b543c7fc3f9b3fbb5fd542", "Title": "openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file", "Description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476", "CWE-787" ], "VendorSeverity": { "alma": 3, "julia": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-11187", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-hpc7-gcqm-58fv", "https://github.com/metadust/CVE-2025-11187", "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", "https://linux.oracle.com/cve/CVE-2025-11187.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://www.cve.org/CVERecord?id=CVE-2025-11187" ], "PublishedDate": "2026-01-27T16:16:14.093Z", "LastModifiedDate": "2026-03-20T14:16:13.89Z" }, { "VulnerabilityID": "CVE-2025-69419", "PkgID": "libcrypto3@3.5.1-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "d1c0fc0b189b35f2" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69419", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:80a04902af38c24ad935142ea58b184e8a6507b30291badee24ce50bd990c379", "Title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing", "Description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "cbl-mariner": 3, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4472", "https://access.redhat.com/security/cve/CVE-2025-69419", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-4472.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-x77r-97gw-wh89", "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", "https://linux.oracle.com/cve/CVE-2025-69419.html", "https://linux.oracle.com/errata/ELSA-2026-50131.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69419" ], "PublishedDate": "2026-01-27T16:16:34.113Z", "LastModifiedDate": "2026-05-12T13:17:26.19Z" }, { "VulnerabilityID": "CVE-2025-9230", "PkgID": "libcrypto3@3.5.1-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "d1c0fc0b189b35f2" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.4-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:d75205c36d8e4df3ee96c1d60e51a5cd5a18ce1a97a6f941256a6ce1aa510310", "Title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap", "Description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125", "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "cbl-mariner": 3, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.6 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/09/30/5", "https://access.redhat.com/errata/RHSA-2026:2776", "https://access.redhat.com/security/cve/CVE-2025-9230", "https://bugzilla.redhat.com/2396054", "https://bugzilla.redhat.com/show_bug.cgi?id=2396054", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cert-portal.siemens.com/productcert/html/ssa-485750.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230", "https://errata.almalinux.org/9/ALSA-2026-2776.html", "https://errata.rockylinux.org/RLSA-2025:21255", "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", "https://linux.oracle.com/cve/CVE-2025-9230.html", "https://linux.oracle.com/errata/ELSA-2026-50114.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "https://openssl-library.org/news/secadv/20250930.txt", "https://ubuntu.com/security/notices/USN-7786-1", "https://www.cve.org/CVERecord?id=CVE-2025-9230" ], "PublishedDate": "2025-09-30T14:15:41.05Z", "LastModifiedDate": "2026-05-12T13:17:29.767Z" }, { "VulnerabilityID": "CVE-2025-9231", "PkgID": "libcrypto3@3.5.1-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "d1c0fc0b189b35f2" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.4-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:1a16068bd40ade8ea0090a1d426775c09b6872bead2ad860c45ca66004a83627", "Title": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", "Description": "Issue summary: A timing side-channel which could potentially allow remote\nrecovery of the private key exists in the SM2 algorithm implementation on 64 bit\nARM platforms.\n\nImpact summary: A timing side-channel in SM2 signature computations on 64 bit\nARM platforms could allow recovering the private key by an attacker..\n\nWhile remote key recovery over a network was not attempted by the reporter,\ntiming measurements revealed a timing signal which may allow such an attack.\n\nOpenSSL does not directly support certificates with SM2 keys in TLS, and so\nthis CVE is not relevant in most TLS contexts. However, given that it is\npossible to add support for such certificates via a custom provider, coupled\nwith the fact that in such a custom provider context the private key may be\nrecoverable via remote timing measurements, we consider this to be a Moderate\nseverity issue.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as SM2 is not an approved algorithm.", "Severity": "MEDIUM", "CweIDs": [ "CWE-385" ], "VendorSeverity": { "amazon": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/09/30/5", "http://www.openwall.com/lists/oss-security/2026/05/11/11", "https://access.redhat.com/security/cve/CVE-2025-9231", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", "https://github.com/advisories/GHSA-9mrx-mqmg-gwj9", "https://github.com/openssl/openssl/commit/567f64386e43683888212226824b6a179885a0fe", "https://github.com/openssl/openssl/commit/cba616c26ac8e7b37de5e77762e505ba5ca51698", "https://github.com/openssl/openssl/commit/eed5adc9f969d77c94f213767acbb41ff923b6f4", "https://github.com/openssl/openssl/commit/fc47a2ec078912b3e914fab5734535e76c4820c2", "https://nvd.nist.gov/vuln/detail/CVE-2025-9231", "https://openssl-library.org/news/secadv/20250930.txt", "https://ubuntu.com/security/notices/USN-7786-1", "https://www.cve.org/CVERecord?id=CVE-2025-9231" ], "PublishedDate": "2025-09-30T14:15:41.19Z", "LastModifiedDate": "2026-05-12T13:17:29.927Z" }, { "VulnerabilityID": "CVE-2026-2673", "PkgID": "libcrypto3@3.5.1-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "d1c0fc0b189b35f2" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-2673", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:39c5c0c089635ce2c63ef7a1a3de69047e0c4e7182ee97f60e7d4a788323e0ed", "Title": "openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group", "Description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-757" ], "VendorSeverity": { "amazon": 1, "julia": 3, "redhat": 2, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/13/3", "https://access.redhat.com/security/cve/CVE-2026-2673", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-wj64-gh9j-xm82", "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "https://openssl-library.org/news/secadv/20260313.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-2673" ], "PublishedDate": "2026-03-13T19:54:34.033Z", "LastModifiedDate": "2026-05-18T20:16:37.763Z" }, { "VulnerabilityID": "CVE-2026-31790", "PkgID": "libcrypto3@3.5.1-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "d1c0fc0b189b35f2" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31790", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:e5e68f80618acd33c9fc5a44625be0cfefb3450e502d075800cfbdfac089b0bf", "Title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key", "Description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-754" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31790", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-vgxx-5xj5-q97x", "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-31790", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.77Z", "LastModifiedDate": "2026-05-12T13:17:34.75Z" }, { "VulnerabilityID": "CVE-2025-59375", "PkgID": "libexpat@2.7.1-r0", "PkgName": "libexpat", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libexpat@2.7.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "3f5e1118b4fa3f46" }, "InstalledVersion": "2.7.1-r0", "FixedVersion": "2.7.2-r0", "Status": "fixed", "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-59375", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:47a95dcd734dc978385c14e7e3a71e0e61870d8fe28c8b891da7386093ac82c2", "Title": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing", "Description": "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "cbl-mariner": 2, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/09/16/2", "http://www.openwall.com/lists/oss-security/2026/05/01/5", "https://access.redhat.com/errata/RHSA-2025:22175", "https://access.redhat.com/security/cve/CVE-2025-59375", "https://bugzilla.redhat.com/2395108", "https://bugzilla.redhat.com/show_bug.cgi?id=2395108", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59375", "https://errata.almalinux.org/9/ALSA-2025-22175.html", "https://errata.rockylinux.org/RLSA-2025:22175", "https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74", "https://github.com/libexpat/libexpat/blob/R_2_7_2/expat/Changes", "https://github.com/libexpat/libexpat/issues/1018", "https://github.com/libexpat/libexpat/pull/1034", "https://issues.oss-fuzz.com/issues/439133977", "https://linux.oracle.com/cve/CVE-2025-59375.html", "https://linux.oracle.com/errata/ELSA-2026-3407.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-59375", "https://ubuntu.com/security/notices/USN-8022-1", "https://www.cve.org/CVERecord?id=CVE-2025-59375", "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375", "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375" ], "PublishedDate": "2025-09-15T03:15:40.92Z", "LastModifiedDate": "2026-05-12T13:17:22.64Z" }, { "VulnerabilityID": "CVE-2026-25210", "PkgID": "libexpat@2.7.1-r0", "PkgName": "libexpat", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libexpat@2.7.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "3f5e1118b4fa3f46" }, "InstalledVersion": "2.7.1-r0", "FixedVersion": "2.7.4-r0", "Status": "fixed", "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25210", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:4c67c731df9312adcf71304673c9fc654d153ebc02795c6c16052536d41b1ea4", "Title": "libexpat: libexpat: Information disclosure and data integrity issues due to integer overflow in buffer reallocation", "Description": "In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.", "Severity": "HIGH", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L", "V3Score": 6.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-25210", "https://github.com/libexpat/libexpat/pull/1075", "https://github.com/libexpat/libexpat/pull/1075/commits/9c2d990389e6abe2e44527eeaa8b39f16fe859c7", "https://nvd.nist.gov/vuln/detail/CVE-2026-25210", "https://ubuntu.com/security/notices/USN-8022-1", "https://ubuntu.com/security/notices/USN-8022-2", "https://ubuntu.com/security/notices/USN-8023-1", "https://www.cve.org/CVERecord?id=CVE-2026-25210" ], "PublishedDate": "2026-01-30T07:16:15.57Z", "LastModifiedDate": "2026-03-10T18:17:12.78Z" }, { "VulnerabilityID": "CVE-2026-32776", "PkgID": "libexpat@2.7.1-r0", "PkgName": "libexpat", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libexpat@2.7.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "3f5e1118b4fa3f46" }, "InstalledVersion": "2.7.1-r0", "FixedVersion": "2.7.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32776", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:f5fafb2287e60f3dc39a8f5347de91f965c15be779d875612beb4082acfe7c56", "Title": "libexpat: libexpat: Denial of Service due to NULL pointer dereference", "Description": "libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 2, "azure": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32776", "https://github.com/libexpat/libexpat/pull/1158", "https://github.com/libexpat/libexpat/pull/1159", "https://nvd.nist.gov/vuln/detail/CVE-2026-32776", "https://www.cve.org/CVERecord?id=CVE-2026-32776" ], "PublishedDate": "2026-03-16T14:19:44.6Z", "LastModifiedDate": "2026-03-17T15:52:09.023Z" }, { "VulnerabilityID": "CVE-2026-32777", "PkgID": "libexpat@2.7.1-r0", "PkgName": "libexpat", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libexpat@2.7.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "3f5e1118b4fa3f46" }, "InstalledVersion": "2.7.1-r0", "FixedVersion": "2.7.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32777", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:b1f70f92f590b618fd59105133b5e64599c6467aff455b46840237d24c815bc3", "Title": "libexpat: libexpat: Denial of Service via infinite loop in DTD content parsing", "Description": "libexpat before 2.7.5 allows an infinite loop while parsing DTD content.", "Severity": "MEDIUM", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "amazon": 2, "azure": 1, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32777", "https://github.com/libexpat/libexpat/issues/1161", "https://github.com/libexpat/libexpat/pull/1159", "https://github.com/libexpat/libexpat/pull/1162", "https://issues.oss-fuzz.com/issues/486993411", "https://nvd.nist.gov/vuln/detail/CVE-2026-32777", "https://www.cve.org/CVERecord?id=CVE-2026-32777" ], "PublishedDate": "2026-03-16T14:19:44.78Z", "LastModifiedDate": "2026-03-17T15:52:34.357Z" }, { "VulnerabilityID": "CVE-2026-32778", "PkgID": "libexpat@2.7.1-r0", "PkgName": "libexpat", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libexpat@2.7.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "3f5e1118b4fa3f46" }, "InstalledVersion": "2.7.1-r0", "FixedVersion": "2.7.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32778", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:cda34989eddfc80e09b4c6bd7fedd934f16eb48fc3b407376dc64ce3c5069094", "Title": "libexpat: libexpat: Denial of Service via NULL pointer dereference after out-of-memory condition", "Description": "libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 2, "azure": 1, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32778", "https://github.com/libexpat/libexpat/pull/1159", "https://github.com/libexpat/libexpat/pull/1163", "https://nvd.nist.gov/vuln/detail/CVE-2026-32778", "https://www.cve.org/CVERecord?id=CVE-2026-32778" ], "PublishedDate": "2026-03-16T14:19:44.97Z", "LastModifiedDate": "2026-03-17T15:52:53.16Z" }, { "VulnerabilityID": "CVE-2025-64720", "PkgID": "libpng@1.6.47-r0", "PkgName": "libpng", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libpng@1.6.47-r0?arch=x86_64\u0026distro=3.22.1", "UID": "e3b6a2717c0ec76d" }, "InstalledVersion": "1.6.47-r0", "FixedVersion": "1.6.51-r0", "Status": "fixed", "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-64720", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:89ba8047de90184bf9349c387b68fdc9c06b0b862713cb75a8e834df7a9591b5", "Title": "libpng: LIBPNG buffer overflow", "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.", "Severity": "HIGH", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:0933", "https://access.redhat.com/security/cve/CVE-2025-64720", "https://bugzilla.redhat.com/show_bug.cgi?id=2416904", "https://bugzilla.redhat.com/show_bug.cgi?id=2416907", "https://bugzilla.redhat.com/show_bug.cgi?id=2418711", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64720", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65018", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66293", "https://errata.almalinux.org/9/ALSA-2026-0933.html", "https://errata.rockylinux.org/RLSA-2026:0238", "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643", "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643 (v1.6.51)", "https://github.com/pnggroup/libpng/issues/686", "https://github.com/pnggroup/libpng/pull/751", "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww", "https://linux.oracle.com/cve/CVE-2025-64720.html", "https://linux.oracle.com/errata/ELSA-2026-0932.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-64720", "https://ubuntu.com/security/notices/USN-7924-1", "https://www.cve.org/CVERecord?id=CVE-2025-64720", "https://www.openwall.com/lists/oss-security/2025/11/22/1" ], "PublishedDate": "2025-11-25T00:15:47.46Z", "LastModifiedDate": "2025-11-26T18:35:18.253Z" }, { "VulnerabilityID": "CVE-2025-65018", "PkgID": "libpng@1.6.47-r0", "PkgName": "libpng", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libpng@1.6.47-r0?arch=x86_64\u0026distro=3.22.1", "UID": "e3b6a2717c0ec76d" }, "InstalledVersion": "1.6.47-r0", "FixedVersion": "1.6.51-r0", "Status": "fixed", "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-65018", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:cd62ab93d1992f9714fdac65f7b6cde27bb8e34e9eaa61ef5d980da684e338a3", "Title": "libpng: LIBPNG heap buffer overflow", "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.", "Severity": "HIGH", "CweIDs": [ "CWE-122", "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:0933", "https://access.redhat.com/security/cve/CVE-2025-65018", "https://bugzilla.redhat.com/show_bug.cgi?id=2416904", "https://bugzilla.redhat.com/show_bug.cgi?id=2416907", "https://bugzilla.redhat.com/show_bug.cgi?id=2418711", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64720", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65018", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66293", "https://errata.almalinux.org/9/ALSA-2026-0933.html", "https://errata.rockylinux.org/RLSA-2026:0238", "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d", "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d (v1.6.51)", "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea", "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea (v1.6.51)", "https://github.com/pnggroup/libpng/issues/755", "https://github.com/pnggroup/libpng/pull/757", "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g", "https://linux.oracle.com/cve/CVE-2025-65018.html", "https://linux.oracle.com/errata/ELSA-2026-0932.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-65018", "https://ubuntu.com/security/notices/USN-7924-1", "https://www.cve.org/CVERecord?id=CVE-2025-65018", "https://www.openwall.com/lists/oss-security/2025/11/22/1" ], "PublishedDate": "2025-11-25T00:15:47.61Z", "LastModifiedDate": "2025-11-26T18:34:53.65Z" }, { "VulnerabilityID": "CVE-2025-66293", "PkgID": "libpng@1.6.47-r0", "PkgName": "libpng", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libpng@1.6.47-r0?arch=x86_64\u0026distro=3.22.1", "UID": "e3b6a2717c0ec76d" }, "InstalledVersion": "1.6.47-r0", "FixedVersion": "1.6.53-r0", "Status": "fixed", "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-66293", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:53cd2c9b86c1a37a56785b479a0e4860cae144cb7dab7298a8227c1a9715f4e0", "Title": "libpng: LIBPNG out-of-bounds read in png_image_read_composite", "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later.", "Severity": "HIGH", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "V3Score": 7.1 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/12/03/6", "http://www.openwall.com/lists/oss-security/2025/12/03/7", "http://www.openwall.com/lists/oss-security/2025/12/03/8", "https://access.redhat.com/errata/RHSA-2026:0238", "https://access.redhat.com/security/cve/CVE-2025-66293", "https://bugzilla.redhat.com/2416904", "https://bugzilla.redhat.com/2416907", "https://bugzilla.redhat.com/2418711", "https://bugzilla.redhat.com/show_bug.cgi?id=2416904", "https://bugzilla.redhat.com/show_bug.cgi?id=2416907", "https://bugzilla.redhat.com/show_bug.cgi?id=2418711", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64720", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65018", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66293", "https://errata.almalinux.org/9/ALSA-2026-0238.html", "https://errata.rockylinux.org/RLSA-2026:0238", "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1", "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a", "https://github.com/pnggroup/libpng/issues/764", "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f", "https://linux.oracle.com/cve/CVE-2025-66293.html", "https://linux.oracle.com/errata/ELSA-2026-0241.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-66293", "https://ubuntu.com/security/notices/USN-7963-1", "https://ubuntu.com/security/notices/USN-8035-1", "https://www.cve.org/CVERecord?id=CVE-2025-66293" ], "PublishedDate": "2025-12-03T21:15:53.06Z", "LastModifiedDate": "2025-12-16T19:12:50.35Z" }, { "VulnerabilityID": "CVE-2026-22695", "PkgID": "libpng@1.6.47-r0", "PkgName": "libpng", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libpng@1.6.47-r0?arch=x86_64\u0026distro=3.22.1", "UID": "e3b6a2717c0ec76d" }, "InstalledVersion": "1.6.47-r0", "FixedVersion": "1.6.54-r0", "Status": "fixed", "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22695", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:20c24f50b535b0cebaae67286d586645520f35e70a94764297026285e2a16f45", "Title": "libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read", "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlaced 16-bit PNGs with 8-bit output format and non-minimal row stride. This is a regression introduced by the fix for CVE-2025-65018. This vulnerability is fixed in 1.6.54.", "Severity": "HIGH", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "cbl-mariner": 2, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:3405", "https://access.redhat.com/security/cve/CVE-2026-22695", "https://bugzilla.redhat.com/2428824", "https://bugzilla.redhat.com/2428825", "https://bugzilla.redhat.com/2438542", "https://bugzilla.redhat.com/show_bug.cgi?id=2428824", "https://bugzilla.redhat.com/show_bug.cgi?id=2428825", "https://bugzilla.redhat.com/show_bug.cgi?id=2438542", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22695", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22801", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25646", "https://errata.almalinux.org/9/ALSA-2026-3405.html", "https://errata.rockylinux.org/RLSA-2026:3405", "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea", "https://github.com/pnggroup/libpng/commit/e4f7ad4ea2", "https://github.com/pnggroup/libpng/issues/778", "https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp", "https://linux.oracle.com/cve/CVE-2026-22695.html", "https://linux.oracle.com/errata/ELSA-2026-4728.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-22695", "https://ubuntu.com/security/notices/USN-7963-1", "https://ubuntu.com/security/notices/USN-8035-1", "https://www.cve.org/CVERecord?id=CVE-2026-22695", "https://www.openwall.com/lists/oss-security/2026/01/12/7" ], "PublishedDate": "2026-01-12T23:15:52.597Z", "LastModifiedDate": "2026-01-21T18:58:55.787Z" }, { "VulnerabilityID": "CVE-2026-22801", "PkgID": "libpng@1.6.47-r0", "PkgName": "libpng", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libpng@1.6.47-r0?arch=x86_64\u0026distro=3.22.1", "UID": "e3b6a2717c0ec76d" }, "InstalledVersion": "1.6.47-r0", "FixedVersion": "1.6.54-r0", "Status": "fixed", "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22801", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:bfbd41cb4f348f87584257428ad82583541deb202fc3a10dbfb21a6de71fcebb", "Title": "libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API", "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image_8bit causes heap buffer over-read when the caller provides a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes. The bug was introduced in libpng 1.6.26 (October 2016) by casts added to silence compiler warnings on 16-bit systems. This vulnerability is fixed in 1.6.54.", "Severity": "HIGH", "CweIDs": [ "CWE-125", "CWE-190" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "cbl-mariner": 2, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "V3Score": 6.6 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:3405", "https://access.redhat.com/security/cve/CVE-2026-22801", "https://bugzilla.redhat.com/2428824", "https://bugzilla.redhat.com/2428825", "https://bugzilla.redhat.com/2438542", "https://bugzilla.redhat.com/show_bug.cgi?id=2428824", "https://bugzilla.redhat.com/show_bug.cgi?id=2428825", "https://bugzilla.redhat.com/show_bug.cgi?id=2438542", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22695", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22801", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25646", "https://errata.almalinux.org/9/ALSA-2026-3405.html", "https://errata.rockylinux.org/RLSA-2026:3405", "https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8", "https://linux.oracle.com/cve/CVE-2026-22801.html", "https://linux.oracle.com/errata/ELSA-2026-4728.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-22801", "https://ubuntu.com/security/notices/USN-7963-1", "https://ubuntu.com/security/notices/USN-8035-1", "https://www.cve.org/CVERecord?id=CVE-2026-22801", "https://www.openwall.com/lists/oss-security/2026/01/12/7" ], "PublishedDate": "2026-01-12T23:15:52.907Z", "LastModifiedDate": "2026-01-21T18:58:18.27Z" }, { "VulnerabilityID": "CVE-2026-25646", "PkgID": "libpng@1.6.47-r0", "PkgName": "libpng", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libpng@1.6.47-r0?arch=x86_64\u0026distro=3.22.1", "UID": "e3b6a2717c0ec76d" }, "InstalledVersion": "1.6.47-r0", "FixedVersion": "1.6.55-r0", "Status": "fixed", "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25646", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:896b52ceeca8b00f49cfa8fcb69f06b81a96257fbd73c8496f227df870144b3b", "Title": "libpng: LIBPNG has a heap buffer overflow in png_set_quantize", "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55.", "Severity": "HIGH", "CweIDs": [ "CWE-122", "CWE-126" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "V3Score": 7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/02/09/7", "https://access.redhat.com/errata/RHSA-2026:3405", "https://access.redhat.com/security/cve/CVE-2026-25646", "https://bugzilla.redhat.com/2428824", "https://bugzilla.redhat.com/2428825", "https://bugzilla.redhat.com/2438542", "https://bugzilla.redhat.com/show_bug.cgi?id=2428824", "https://bugzilla.redhat.com/show_bug.cgi?id=2428825", "https://bugzilla.redhat.com/show_bug.cgi?id=2438542", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22695", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22801", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25646", "https://errata.almalinux.org/9/ALSA-2026-3405.html", "https://errata.rockylinux.org/RLSA-2026:3405", "https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88", "https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3", "https://linux.oracle.com/cve/CVE-2026-25646.html", "https://linux.oracle.com/errata/ELSA-2026-7032.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-25646", "https://ubuntu.com/security/notices/USN-8035-1", "https://ubuntu.com/security/notices/USN-8039-1", "https://ubuntu.com/security/notices/USN-8081-1", "https://www.cve.org/CVERecord?id=CVE-2026-25646" ], "PublishedDate": "2026-02-10T18:16:37.817Z", "LastModifiedDate": "2026-02-13T20:43:44.69Z" }, { "VulnerabilityID": "CVE-2025-64505", "PkgID": "libpng@1.6.47-r0", "PkgName": "libpng", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libpng@1.6.47-r0?arch=x86_64\u0026distro=3.22.1", "UID": "e3b6a2717c0ec76d" }, "InstalledVersion": "1.6.47-r0", "FixedVersion": "1.6.51-r0", "Status": "fixed", "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-64505", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:09e58162f85fe77d14ff3edbb670f880d6f8b024741770c539b587b85e42da3a", "Title": "libpng: LIBPNG heap buffer overflow via malformed palette index", "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access. This issue has been patched in version 1.6.51.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-64505", "https://github.com/pnggroup/libpng/commit/6a528eb5fd0dd7f6de1c39d30de0e41473431c37", "https://github.com/pnggroup/libpng/commit/6a528eb5fd0dd7f6de1c39d30de0e41473431c37 (v1.6.51)", "https://github.com/pnggroup/libpng/pull/748", "https://github.com/pnggroup/libpng/security/advisories/GHSA-4952-h5wq-4m42", "https://nvd.nist.gov/vuln/detail/CVE-2025-64505", "https://ubuntu.com/security/notices/USN-7924-1", "https://ubuntu.com/security/notices/USN-8081-1", "https://www.cve.org/CVERecord?id=CVE-2025-64505", "https://www.openwall.com/lists/oss-security/2025/11/22/1" ], "PublishedDate": "2025-11-25T00:15:47.133Z", "LastModifiedDate": "2025-11-26T18:28:32.22Z" }, { "VulnerabilityID": "CVE-2025-64506", "PkgID": "libpng@1.6.47-r0", "PkgName": "libpng", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libpng@1.6.47-r0?arch=x86_64\u0026distro=3.22.1", "UID": "e3b6a2717c0ec76d" }, "InstalledVersion": "1.6.47-r0", "FixedVersion": "1.6.51-r0", "Status": "fixed", "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-64506", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:be63768c2b8660f68dd99397d69e189ba93d31c161435e7b5c71c3e9a2cd1f77", "Title": "libpng: LIBPNG heap buffer over-read", "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enabled. The vulnerability affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data. A conditional guard incorrectly allows 8-bit input to enter code expecting 16-bit input, causing reads up to 2 bytes beyond allocated buffer boundaries. This issue has been patched in version 1.6.51.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "amazon": 3, "azure": 2, "cbl-mariner": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-64506", "https://github.com/pnggroup/libpng/commit/2bd84c019c300b78e811743fbcddb67c9d9bf821", "https://github.com/pnggroup/libpng/commit/2bd84c019c300b78e811743fbcddb67c9d9bf821 (v1.6.51)", "https://github.com/pnggroup/libpng/pull/749", "https://github.com/pnggroup/libpng/security/advisories/GHSA-qpr4-xm66-hww6", "https://nvd.nist.gov/vuln/detail/CVE-2025-64506", "https://ubuntu.com/security/notices/USN-7924-1", "https://www.cve.org/CVERecord?id=CVE-2025-64506", "https://www.openwall.com/lists/oss-security/2025/11/22/1" ], "PublishedDate": "2025-11-25T00:15:47.3Z", "LastModifiedDate": "2025-11-26T18:34:38.24Z" }, { "VulnerabilityID": "CVE-2026-33416", "PkgID": "libpng@1.6.47-r0", "PkgName": "libpng", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libpng@1.6.47-r0?arch=x86_64\u0026distro=3.22.1", "UID": "e3b6a2717c0ec76d" }, "InstalledVersion": "1.6.47-r0", "FixedVersion": "1.6.56-r0", "Status": "fixed", "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33416", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:9f7d989650a1292db4e2c6b73befe2dc284a57fbe4c9777a03bfd491f8833062", "Title": "libpng: libpng: Arbitrary code execution due to use-after-free vulnerability", "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.2.1 through 1.6.55, `png_set_tRNS` and `png_set_PLTE` each alias a heap-allocated buffer between `png_struct` and `png_info`, sharing a single allocation across two structs with independent lifetimes. The `trans_alpha` aliasing has been present since at least libpng 1.0, and the `palette` aliasing since at least 1.2.1. Both affect all prior release lines `png_set_tRNS` sets `png_ptr-\u003etrans_alpha = info_ptr-\u003etrans_alpha` (256-byte buffer) and `png_set_PLTE` sets `info_ptr-\u003epalette = png_ptr-\u003epalette` (768-byte buffer). In both cases, calling `png_free_data` (with `PNG_FREE_TRNS` or `PNG_FREE_PLTE`) frees the buffer through `info_ptr` while the corresponding `png_ptr` pointer remains dangling. Subsequent row-transform functions dereference and, in some code paths, write to the freed memory. A second call to `png_set_tRNS` or `png_set_PLTE` has the same effect, because both functions call `png_free_data` internally before reallocating the `info_ptr` buffer. Version 1.6.56 fixes the issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:9693", "https://access.redhat.com/security/cve/CVE-2026-33416", "https://bugzilla.redhat.com/show_bug.cgi?id=2451805", "https://bugzilla.redhat.com/show_bug.cgi?id=2451819", "https://bugzilla.redhat.com/show_bug.cgi?id=2455897", "https://bugzilla.redhat.com/show_bug.cgi?id=2455901", "https://bugzilla.redhat.com/show_bug.cgi?id=2455908", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33416", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33636", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5731", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5732", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5734", "https://errata.almalinux.org/9/ALSA-2026-9693.html", "https://errata.rockylinux.org/RLSA-2026:8459", "https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb", "https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667", "https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25", "https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1", "https://github.com/pnggroup/libpng/pull/824", "https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j", "https://linux.oracle.com/cve/CVE-2026-33416.html", "https://linux.oracle.com/errata/ELSA-2026-9693.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-33416", "https://ubuntu.com/security/notices/USN-8251-1", "https://www.cve.org/CVERecord?id=CVE-2026-33416" ], "PublishedDate": "2026-03-26T17:16:38.443Z", "LastModifiedDate": "2026-04-02T20:28:33.973Z" }, { "VulnerabilityID": "CVE-2026-33636", "PkgID": "libpng@1.6.47-r0", "PkgName": "libpng", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libpng@1.6.47-r0?arch=x86_64\u0026distro=3.22.1", "UID": "e3b6a2717c0ec76d" }, "InstalledVersion": "1.6.47-r0", "FixedVersion": "1.6.56-r0", "Status": "fixed", "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33636", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:85c4bb85ae06060102b2ed8d32fe4d930f7e31818c9d57c05387052f17e636d9", "Title": "libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion", "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds read and write exists in libpng's ARM/AArch64 Neon-optimized palette expansion path. When expanding 8-bit paletted rows to RGB or RGBA, the Neon loop processes a final partial chunk without verifying that enough input pixels remain. Because the implementation works backward from the end of the row, the final iteration dereferences pointers before the start of the row buffer (OOB read) and writes expanded pixel data to the same underflowed positions (OOB write). This is reachable via normal decoding of attacker-controlled PNG input if Neon is enabled. Version 1.6.56 fixes the issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125", "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "V3Score": 7.6 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:9693", "https://access.redhat.com/security/cve/CVE-2026-33636", "https://bugzilla.redhat.com/show_bug.cgi?id=2451819", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33636", "https://errata.almalinux.org/9/ALSA-2026-9693.html", "https://errata.rockylinux.org/RLSA-2026:14791", "https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869", "https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3", "https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2", "https://linux.oracle.com/cve/CVE-2026-33636.html", "https://linux.oracle.com/errata/ELSA-2026-9693.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-33636", "https://ubuntu.com/security/notices/USN-8251-1", "https://www.cve.org/CVERecord?id=CVE-2026-33636" ], "PublishedDate": "2026-03-26T17:16:41.477Z", "LastModifiedDate": "2026-04-02T18:42:02.667Z" }, { "VulnerabilityID": "CVE-2026-34757", "PkgID": "libpng@1.6.47-r0", "PkgName": "libpng", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libpng@1.6.47-r0?arch=x86_64\u0026distro=3.22.1", "UID": "e3b6a2717c0ec76d" }, "InstalledVersion": "1.6.47-r0", "FixedVersion": "1.6.57-r0", "Status": "fixed", "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34757", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:191f1fc83b177480d326cff62c24dff23b2fd858f44d430dadc5bd7ec31b6e11", "Title": "libpng: libpng: Information disclosure and data corruption via use-after-free vulnerability", "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from png_get_PLTE, png_get_tRNS, or png_get_hIST back into the corresponding setter on the same png_struct/png_info pair causes the setter to read from freed memory and copy its contents into the replacement buffer. The setter frees the internal buffer before copying from the caller-supplied pointer, which now dangles. The freed region may contain stale data (producing silently corrupted chunk metadata) or data from subsequent heap allocations (leaking unrelated heap contents into the chunk struct). This vulnerability is fixed in 1.6.57.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 2, "azure": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-34757", "https://github.com/pnggroup/libpng/commit/398cbe3df03f4e11bb031e07f416dfdde3684e8a", "https://github.com/pnggroup/libpng/commit/55d20aaa322c9274491cda82c5cd4f99b48c6bcc", "https://github.com/pnggroup/libpng/issues/836", "https://github.com/pnggroup/libpng/issues/837", "https://github.com/pnggroup/libpng/security/advisories/GHSA-6fr7-g8h7-v645", "https://lists.debian.org/debian-lts-announce/2026/05/msg00017.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-34757", "https://ubuntu.com/security/notices/USN-8251-1", "https://www.cve.org/CVERecord?id=CVE-2026-34757" ], "PublishedDate": "2026-04-09T15:16:11.003Z", "LastModifiedDate": "2026-05-13T23:07:51.863Z" }, { "VulnerabilityID": "CVE-2025-69277", "PkgID": "libsodium@1.0.20-r0", "PkgName": "libsodium", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libsodium@1.0.20-r0?arch=x86_64\u0026distro=3.22.1", "UID": "d13383d8fc4236f0" }, "InstalledVersion": "1.0.20-r0", "FixedVersion": "1.0.20-r1", "Status": "fixed", "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69277", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:9ffce9cbf57968b84ffec320cec3acfe4139bfc418076dd36f0268ff041186a6", "Title": "libsodium: pynacl: libsodium: Improper validation of elliptic curve points could lead to data integrity or information disclosure.", "Description": "libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.", "Severity": "MEDIUM", "CweIDs": [ "CWE-184" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "V3Score": 4.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "V3Score": 4.5 } }, "References": [ "https://00f.net/2025/12/30/libsodium-vulnerability", "https://00f.net/2025/12/30/libsodium-vulnerability/", "https://access.redhat.com/security/cve/CVE-2025-69277", "https://github.com/FriendsOfPHP/security-advisories/blob/master/paragonie/sodium_compat/2025-12-30.yaml", "https://github.com/hdwallet-io/python-hdwallet/pull/124", "https://github.com/jedisct1/libsodium/commit/ad3004ec8731730e93fcfbbc824e67eadc1c1bae", "https://github.com/paragonie/sodium_compat", "https://github.com/paragonie/sodium_compat/commit/2cb48f26130919f92f30650bdcc30e6f4ebe45ac", "https://github.com/paragonie/sodium_compat/commit/4714da6efdc782c06690bc72ce34fae7941c2d9f", "https://github.com/pyca/pynacl/commit/96314884d88d1089ff5f336dba61d7abbcddbbf7", "https://github.com/pyca/pynacl/commit/ecf41f55a3d8f1e10ce89c61c4b4d67f3f4467cf", "https://github.com/pyca/pynacl/issues/920", "https://ianix.com/pub/ed25519-deployment.html", "https://lists.debian.org/debian-lts-announce/2026/01/msg00004.html", "https://news.ycombinator.com/item?id=46435614", "https://nvd.nist.gov/vuln/detail/CVE-2025-69277", "https://ubuntu.com/security/notices/USN-7949-1", "https://www.cve.org/CVERecord?id=CVE-2025-69277" ], "PublishedDate": "2025-12-31T06:15:41.513Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2026-31789", "PkgID": "libssl3@3.5.1-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "bba7017a0fcca05c" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31789", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:e43a59e88ab23eb5024bdf3cb0c416a3ed020931e517ddbfb21e2ca93dba467b", "Title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing", "Description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "CRITICAL", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "azure": 2, "nvd": 4, "photon": 4, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", "V3Score": 5.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31789", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-j79m-9jxq-788r", "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-31789", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.617Z", "LastModifiedDate": "2026-05-12T13:17:34.57Z" }, { "VulnerabilityID": "CVE-2025-15467", "PkgID": "libssl3@3.5.1-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "bba7017a0fcca05c" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15467", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:80ea5bbc6dec6b88f1277d1de53b0479c31924f07acdf46ac7538e8a0dc91c47", "Title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing", "Description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 4, "julia": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 8.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/27/10", "http://www.openwall.com/lists/oss-security/2026/02/25/6", "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-15467", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-wvhq-3h88-rf6g", "https://github.com/guiimoraes/CVE-2025-15467", "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://linux.oracle.com/cve/CVE-2025-15467.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://www.cve.org/CVERecord?id=CVE-2025-15467" ], "PublishedDate": "2026-01-27T16:16:14.257Z", "LastModifiedDate": "2026-05-07T18:12:43.253Z" }, { "VulnerabilityID": "CVE-2025-69421", "PkgID": "libssl3@3.5.1-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "bba7017a0fcca05c" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69421", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:b412dd8f792aa31b86895486c25f263730d7f43ee09919a60c424a00d08d7482", "Title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing", "Description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "cbl-mariner": 2, "julia": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 1, "rocky": 3, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-69421", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-w9rv-xc8m-cmqp", "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://linux.oracle.com/cve/CVE-2025-69421.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69421" ], "PublishedDate": "2026-01-27T16:16:34.437Z", "LastModifiedDate": "2026-05-12T13:17:26.71Z" }, { "VulnerabilityID": "CVE-2026-28387", "PkgID": "libssl3@3.5.1-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "bba7017a0fcca05c" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28387", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:83e1ab3f238ce205ff905ec10fba474ea7a5311e5c6c1eb0c79531d252215c52", "Title": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication", "Description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as 'unusable' any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28387", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b", "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe", "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3", "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7", "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177", "https://nvd.nist.gov/vuln/detail/CVE-2026-28387", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28387", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:20.7Z", "LastModifiedDate": "2026-05-12T13:17:33.27Z" }, { "VulnerabilityID": "CVE-2026-28388", "PkgID": "libssl3@3.5.1-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "bba7017a0fcca05c" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28388", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:0dd2b285db12e9007da0bdd7424a0c522d5e0a1ad5f663025d255856493dca93", "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing", "Description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28388", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28388", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:20.863Z", "LastModifiedDate": "2026-05-12T13:17:33.453Z" }, { "VulnerabilityID": "CVE-2026-28389", "PkgID": "libssl3@3.5.1-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "bba7017a0fcca05c" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28389", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:2518a02b2e79098ae2e2d1b5e195f4e87bd3fb7cd5609f011c9cf96a856bd139", "Title": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing", "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28389", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/advisories/GHSA-7x88-9hgc-69gf", "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28389", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.03Z", "LastModifiedDate": "2026-05-12T13:17:33.637Z" }, { "VulnerabilityID": "CVE-2026-28390", "PkgID": "libssl3@3.5.1-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "bba7017a0fcca05c" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28390", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:e3d6ba5fc766fd0dcad84462a3454664d8bfc5d73618da27ace2463ce3b7510f", "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing", "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28390", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", "https://nvd.nist.gov/vuln/detail/CVE-2026-28390", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28390", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.19Z", "LastModifiedDate": "2026-05-12T13:17:33.81Z" }, { "VulnerabilityID": "CVE-2025-11187", "PkgID": "libssl3@3.5.1-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "bba7017a0fcca05c" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11187", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:844373c3015f48dd939a991339a10c354e61df8e94f54e858460b40652c67f58", "Title": "openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file", "Description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476", "CWE-787" ], "VendorSeverity": { "alma": 3, "julia": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-11187", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-hpc7-gcqm-58fv", "https://github.com/metadust/CVE-2025-11187", "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", "https://linux.oracle.com/cve/CVE-2025-11187.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://www.cve.org/CVERecord?id=CVE-2025-11187" ], "PublishedDate": "2026-01-27T16:16:14.093Z", "LastModifiedDate": "2026-03-20T14:16:13.89Z" }, { "VulnerabilityID": "CVE-2025-69419", "PkgID": "libssl3@3.5.1-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "bba7017a0fcca05c" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69419", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:26ee5822a5cba9f08f2c506b7405da48485332454d0397e872253e7367f73e1a", "Title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing", "Description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "cbl-mariner": 3, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4472", "https://access.redhat.com/security/cve/CVE-2025-69419", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-4472.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-x77r-97gw-wh89", "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", "https://linux.oracle.com/cve/CVE-2025-69419.html", "https://linux.oracle.com/errata/ELSA-2026-50131.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69419" ], "PublishedDate": "2026-01-27T16:16:34.113Z", "LastModifiedDate": "2026-05-12T13:17:26.19Z" }, { "VulnerabilityID": "CVE-2025-9230", "PkgID": "libssl3@3.5.1-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "bba7017a0fcca05c" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.4-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:3393a31fd9a462c566438dd64b9ffb645a6967ae64c39dfa39570d14aebb1817", "Title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap", "Description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125", "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "cbl-mariner": 3, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.6 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/09/30/5", "https://access.redhat.com/errata/RHSA-2026:2776", "https://access.redhat.com/security/cve/CVE-2025-9230", "https://bugzilla.redhat.com/2396054", "https://bugzilla.redhat.com/show_bug.cgi?id=2396054", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cert-portal.siemens.com/productcert/html/ssa-485750.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230", "https://errata.almalinux.org/9/ALSA-2026-2776.html", "https://errata.rockylinux.org/RLSA-2025:21255", "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", "https://linux.oracle.com/cve/CVE-2025-9230.html", "https://linux.oracle.com/errata/ELSA-2026-50114.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "https://openssl-library.org/news/secadv/20250930.txt", "https://ubuntu.com/security/notices/USN-7786-1", "https://www.cve.org/CVERecord?id=CVE-2025-9230" ], "PublishedDate": "2025-09-30T14:15:41.05Z", "LastModifiedDate": "2026-05-12T13:17:29.767Z" }, { "VulnerabilityID": "CVE-2025-9231", "PkgID": "libssl3@3.5.1-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "bba7017a0fcca05c" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.4-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:99563b830cfd15c814112071ef81ed8ca3427acc2ec353831798a97694b52d3e", "Title": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", "Description": "Issue summary: A timing side-channel which could potentially allow remote\nrecovery of the private key exists in the SM2 algorithm implementation on 64 bit\nARM platforms.\n\nImpact summary: A timing side-channel in SM2 signature computations on 64 bit\nARM platforms could allow recovering the private key by an attacker..\n\nWhile remote key recovery over a network was not attempted by the reporter,\ntiming measurements revealed a timing signal which may allow such an attack.\n\nOpenSSL does not directly support certificates with SM2 keys in TLS, and so\nthis CVE is not relevant in most TLS contexts. However, given that it is\npossible to add support for such certificates via a custom provider, coupled\nwith the fact that in such a custom provider context the private key may be\nrecoverable via remote timing measurements, we consider this to be a Moderate\nseverity issue.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as SM2 is not an approved algorithm.", "Severity": "MEDIUM", "CweIDs": [ "CWE-385" ], "VendorSeverity": { "amazon": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/09/30/5", "http://www.openwall.com/lists/oss-security/2026/05/11/11", "https://access.redhat.com/security/cve/CVE-2025-9231", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", "https://github.com/advisories/GHSA-9mrx-mqmg-gwj9", "https://github.com/openssl/openssl/commit/567f64386e43683888212226824b6a179885a0fe", "https://github.com/openssl/openssl/commit/cba616c26ac8e7b37de5e77762e505ba5ca51698", "https://github.com/openssl/openssl/commit/eed5adc9f969d77c94f213767acbb41ff923b6f4", "https://github.com/openssl/openssl/commit/fc47a2ec078912b3e914fab5734535e76c4820c2", "https://nvd.nist.gov/vuln/detail/CVE-2025-9231", "https://openssl-library.org/news/secadv/20250930.txt", "https://ubuntu.com/security/notices/USN-7786-1", "https://www.cve.org/CVERecord?id=CVE-2025-9231" ], "PublishedDate": "2025-09-30T14:15:41.19Z", "LastModifiedDate": "2026-05-12T13:17:29.927Z" }, { "VulnerabilityID": "CVE-2026-2673", "PkgID": "libssl3@3.5.1-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "bba7017a0fcca05c" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-2673", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:3de0bf83fb89d607e2b913af7a97bd345789be340d25fd56336afe0b634ef3b4", "Title": "openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group", "Description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-757" ], "VendorSeverity": { "amazon": 1, "julia": 3, "redhat": 2, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/13/3", "https://access.redhat.com/security/cve/CVE-2026-2673", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-wj64-gh9j-xm82", "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "https://openssl-library.org/news/secadv/20260313.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-2673" ], "PublishedDate": "2026-03-13T19:54:34.033Z", "LastModifiedDate": "2026-05-18T20:16:37.763Z" }, { "VulnerabilityID": "CVE-2026-31790", "PkgID": "libssl3@3.5.1-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "bba7017a0fcca05c" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31790", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:b0bfc4a0769fe2e6e6cd5016e1c088d980b563686e160cf2a840cac9922ea948", "Title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key", "Description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-754" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31790", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-vgxx-5xj5-q97x", "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-31790", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.77Z", "LastModifiedDate": "2026-05-12T13:17:34.75Z" }, { "VulnerabilityID": "CVE-2025-49794", "PkgID": "libxml2@2.13.8-r0", "PkgName": "libxml2", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libxml2@2.13.8-r0?arch=x86_64\u0026distro=3.22.1", "UID": "d157fbe9fab04a71" }, "InstalledVersion": "2.13.8-r0", "FixedVersion": "2.13.9-r0", "Status": "fixed", "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-49794", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:5619b802496b5a5bff2d89f4279f1959588a051ab9dee07987e137ccad19d241", "Title": "libxml: Heap use after free (UAF) leads to Denial of service (DoS)", "Description": "A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the \u003csch:name path=\"...\"/\u003e schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.", "Severity": "HIGH", "CweIDs": [ "CWE-825" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 4, "cbl-mariner": 4, "oracle-oval": 3, "photon": 4, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "V3Score": 9.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:10630", "https://access.redhat.com/errata/RHSA-2025:10698", "https://access.redhat.com/errata/RHSA-2025:10699", "https://access.redhat.com/errata/RHSA-2025:11580", "https://access.redhat.com/errata/RHSA-2025:12098", "https://access.redhat.com/errata/RHSA-2025:12099", "https://access.redhat.com/errata/RHSA-2025:12199", "https://access.redhat.com/errata/RHSA-2025:12237", "https://access.redhat.com/errata/RHSA-2025:12239", "https://access.redhat.com/errata/RHSA-2025:12240", "https://access.redhat.com/errata/RHSA-2025:12241", "https://access.redhat.com/errata/RHSA-2025:13335", "https://access.redhat.com/errata/RHSA-2025:15397", "https://access.redhat.com/errata/RHSA-2025:15827", "https://access.redhat.com/errata/RHSA-2025:15828", "https://access.redhat.com/errata/RHSA-2025:18217", "https://access.redhat.com/errata/RHSA-2025:18218", "https://access.redhat.com/errata/RHSA-2025:18219", "https://access.redhat.com/errata/RHSA-2025:18240", "https://access.redhat.com/errata/RHSA-2025:19020", "https://access.redhat.com/errata/RHSA-2025:19041", "https://access.redhat.com/errata/RHSA-2025:19046", "https://access.redhat.com/errata/RHSA-2025:19894", "https://access.redhat.com/errata/RHSA-2025:21913", "https://access.redhat.com/errata/RHSA-2026:0934", "https://access.redhat.com/errata/RHSA-2026:7519", "https://access.redhat.com/security/cve/CVE-2025-49794", "https://bugzilla.redhat.com/2372373", "https://bugzilla.redhat.com/2372385", "https://bugzilla.redhat.com/2372406", "https://bugzilla.redhat.com/show_bug.cgi?id=2372373", "https://bugzilla.redhat.com/show_bug.cgi?id=2372385", "https://bugzilla.redhat.com/show_bug.cgi?id=2372406", "https://cert-portal.siemens.com/productcert/html/ssa-577017.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49794", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6021", "https://errata.almalinux.org/9/ALSA-2025-10699.html", "https://errata.rockylinux.org/RLSA-2025:10699", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/931", "https://linux.oracle.com/cve/CVE-2025-49794.html", "https://linux.oracle.com/errata/ELSA-2025-12240.html", "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-49794", "https://ubuntu.com/security/notices/USN-7694-1", "https://www.cve.org/CVERecord?id=CVE-2025-49794" ], "PublishedDate": "2025-06-16T16:15:18.997Z", "LastModifiedDate": "2026-05-12T13:17:20.283Z" }, { "VulnerabilityID": "CVE-2025-49795", "PkgID": "libxml2@2.13.8-r0", "PkgName": "libxml2", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libxml2@2.13.8-r0?arch=x86_64\u0026distro=3.22.1", "UID": "d157fbe9fab04a71" }, "InstalledVersion": "2.13.8-r0", "FixedVersion": "2.13.9-r0", "Status": "fixed", "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-49795", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:e7a2caf290b703c7f73f5f614b9c69c592956c86f7499f5180d610ab51c05115", "Title": "libxml: Null pointer dereference leads to Denial of service (DoS)", "Description": "A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service.", "Severity": "HIGH", "CweIDs": [ "CWE-825" ], "VendorSeverity": { "amazon": 3, "azure": 2, "cbl-mariner": 2, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:10630", "https://access.redhat.com/errata/RHSA-2025:19020", "https://access.redhat.com/errata/RHSA-2026:7519", "https://access.redhat.com/security/cve/CVE-2025-49795", "https://bugzilla.redhat.com/show_bug.cgi?id=2372373", "https://bugzilla.redhat.com/show_bug.cgi?id=2372379", "https://bugzilla.redhat.com/show_bug.cgi?id=2372385", "https://bugzilla.redhat.com/show_bug.cgi?id=2372406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49794", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6021", "https://errata.rockylinux.org/RLSA-2025:10630", "https://gitlab.gnome.org/GNOME/libxml2/-/commit/24d7e15914588cb45e7fb41cbe4fcf785e1a4861 (master)", "https://gitlab.gnome.org/GNOME/libxml2/-/commit/499bcb78ab389f60c2fd634ce410d4bb85c18765 (master)", "https://gitlab.gnome.org/GNOME/libxml2/-/commit/c24909ba2601848825b49a60f988222da3019667 (2.14)", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/932", "https://linux.oracle.com/cve/CVE-2025-49795.html", "https://linux.oracle.com/errata/ELSA-2025-10630.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-49795", "https://www.cve.org/CVERecord?id=CVE-2025-49795" ], "PublishedDate": "2025-06-16T16:15:19.203Z", "LastModifiedDate": "2026-04-19T20:16:21.54Z" }, { "VulnerabilityID": "CVE-2025-49796", "PkgID": "libxml2@2.13.8-r0", "PkgName": "libxml2", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libxml2@2.13.8-r0?arch=x86_64\u0026distro=3.22.1", "UID": "d157fbe9fab04a71" }, "InstalledVersion": "2.13.8-r0", "FixedVersion": "2.13.9-r0", "Status": "fixed", "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-49796", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:7f542290951949e805740ecf5ae61d77a01a3d6d991d1a3dff9518d8450b7462", "Title": "libxml: Type confusion leads to Denial of service (DoS)", "Description": "A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.", "Severity": "HIGH", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 4, "cbl-mariner": 4, "oracle-oval": 3, "photon": 4, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "V3Score": 9.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:10630", "https://access.redhat.com/errata/RHSA-2025:10698", "https://access.redhat.com/errata/RHSA-2025:10699", "https://access.redhat.com/errata/RHSA-2025:11580", "https://access.redhat.com/errata/RHSA-2025:12098", "https://access.redhat.com/errata/RHSA-2025:12099", "https://access.redhat.com/errata/RHSA-2025:12199", "https://access.redhat.com/errata/RHSA-2025:12237", "https://access.redhat.com/errata/RHSA-2025:12239", "https://access.redhat.com/errata/RHSA-2025:12240", "https://access.redhat.com/errata/RHSA-2025:12241", "https://access.redhat.com/errata/RHSA-2025:13267", "https://access.redhat.com/errata/RHSA-2025:13335", "https://access.redhat.com/errata/RHSA-2025:15397", "https://access.redhat.com/errata/RHSA-2025:15827", "https://access.redhat.com/errata/RHSA-2025:15828", "https://access.redhat.com/errata/RHSA-2025:18217", "https://access.redhat.com/errata/RHSA-2025:18218", "https://access.redhat.com/errata/RHSA-2025:18219", "https://access.redhat.com/errata/RHSA-2025:18240", "https://access.redhat.com/errata/RHSA-2025:19020", "https://access.redhat.com/errata/RHSA-2025:19041", "https://access.redhat.com/errata/RHSA-2025:19046", "https://access.redhat.com/errata/RHSA-2025:19894", "https://access.redhat.com/errata/RHSA-2025:21913", "https://access.redhat.com/errata/RHSA-2026:0934", "https://access.redhat.com/errata/RHSA-2026:7519", "https://access.redhat.com/security/cve/CVE-2025-49796", "https://bugzilla.redhat.com/2372373", "https://bugzilla.redhat.com/2372385", "https://bugzilla.redhat.com/2372406", "https://bugzilla.redhat.com/show_bug.cgi?id=2372373", "https://bugzilla.redhat.com/show_bug.cgi?id=2372385", "https://bugzilla.redhat.com/show_bug.cgi?id=2372406", "https://cert-portal.siemens.com/productcert/html/ssa-577017.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49794", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6021", "https://errata.almalinux.org/9/ALSA-2025-10699.html", "https://errata.rockylinux.org/RLSA-2025:10699", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/933", "https://linux.oracle.com/cve/CVE-2025-49796.html", "https://linux.oracle.com/errata/ELSA-2025-12240.html", "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-49796", "https://ubuntu.com/security/notices/USN-7694-1", "https://www.cve.org/CVERecord?id=CVE-2025-49796" ], "PublishedDate": "2025-06-16T16:15:19.37Z", "LastModifiedDate": "2026-05-12T13:17:20.66Z" }, { "VulnerabilityID": "CVE-2025-6021", "PkgID": "libxml2@2.13.8-r0", "PkgName": "libxml2", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libxml2@2.13.8-r0?arch=x86_64\u0026distro=3.22.1", "UID": "d157fbe9fab04a71" }, "InstalledVersion": "2.13.8-r0", "FixedVersion": "2.13.9-r0", "Status": "fixed", "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-6021", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:de20ae4d61be7017962e46cbd5a0f0f1bc3bf527ac867db7fc1ebe55bf318882", "Title": "libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2", "Description": "A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "bitnami": 3, "cbl-mariner": 2, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:10630", "https://access.redhat.com/errata/RHSA-2025:10698", "https://access.redhat.com/errata/RHSA-2025:10699", "https://access.redhat.com/errata/RHSA-2025:11580", "https://access.redhat.com/errata/RHSA-2025:11673", "https://access.redhat.com/errata/RHSA-2025:12098", "https://access.redhat.com/errata/RHSA-2025:12099", "https://access.redhat.com/errata/RHSA-2025:12199", "https://access.redhat.com/errata/RHSA-2025:12237", "https://access.redhat.com/errata/RHSA-2025:12239", "https://access.redhat.com/errata/RHSA-2025:12240", "https://access.redhat.com/errata/RHSA-2025:12241", "https://access.redhat.com/errata/RHSA-2025:13267", "https://access.redhat.com/errata/RHSA-2025:13289", "https://access.redhat.com/errata/RHSA-2025:13325", "https://access.redhat.com/errata/RHSA-2025:13335", "https://access.redhat.com/errata/RHSA-2025:13336", "https://access.redhat.com/errata/RHSA-2025:14059", "https://access.redhat.com/errata/RHSA-2025:14396", "https://access.redhat.com/errata/RHSA-2025:15308", "https://access.redhat.com/errata/RHSA-2025:15672", "https://access.redhat.com/errata/RHSA-2025:19020", "https://access.redhat.com/errata/RHSA-2026:7519", "https://access.redhat.com/security/cve/CVE-2025-6021", "https://bugzilla.redhat.com/2372373", "https://bugzilla.redhat.com/2372385", "https://bugzilla.redhat.com/2372406", "https://bugzilla.redhat.com/show_bug.cgi?id=2372373", "https://bugzilla.redhat.com/show_bug.cgi?id=2372385", "https://bugzilla.redhat.com/show_bug.cgi?id=2372406", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49794", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6021", "https://errata.almalinux.org/9/ALSA-2025-10699.html", "https://errata.rockylinux.org/RLSA-2025:10699", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/926", "https://linux.oracle.com/cve/CVE-2025-6021.html", "https://linux.oracle.com/errata/ELSA-2025-12240.html", "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-6021", "https://ubuntu.com/security/notices/USN-7694-1", "https://www.cve.org/CVERecord?id=CVE-2025-6021" ], "PublishedDate": "2025-06-12T13:15:25.59Z", "LastModifiedDate": "2026-05-12T13:17:27.99Z" }, { "VulnerabilityID": "CVE-2026-25835", "PkgID": "mbedtls@3.6.4-r0", "PkgName": "mbedtls", "PkgIdentifier": { "PURL": "pkg:apk/alpine/mbedtls@3.6.4-r0?arch=x86_64\u0026distro=3.22.1", "UID": "fd9fb762c16491f4" }, "InstalledVersion": "3.6.4-r0", "FixedVersion": "3.6.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25835", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:fe224ae5328b3d5b343b9ee9fcdecdaa118ef9b299a3a10b286b3afb0a9d903e", "Title": "Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a ...", "Description": "Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG).", "Severity": "HIGH", "CweIDs": [ "CWE-335" ], "VendorSeverity": { "julia": 3 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.7 } }, "References": [ "https://mbed-tls.readthedocs.io/en/latest/security-advisories/", "https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-rng-cloning/" ], "PublishedDate": "2026-04-01T19:16:28.663Z", "LastModifiedDate": "2026-04-06T14:29:47Z" }, { "VulnerabilityID": "CVE-2025-54764", "PkgID": "mbedtls@3.6.4-r0", "PkgName": "mbedtls", "PkgIdentifier": { "PURL": "pkg:apk/alpine/mbedtls@3.6.4-r0?arch=x86_64\u0026distro=3.22.1", "UID": "fd9fb762c16491f4" }, "InstalledVersion": "3.6.4-r0", "FixedVersion": "3.6.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-54764", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:d0491a35b5431e70b4309f981ba7dbbc6535f6ba13e76b1703e72f0a614930be", "Title": "Mbed TLS before 3.6.5 allows a local timing attack against certain RSA ...", "Description": "Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct calls to mbedtls_mpi_mod_inv or mbedtls_mpi_gcd.", "Severity": "MEDIUM", "CweIDs": [ "CWE-208" ], "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://github.com/Mbed-TLS/mbedtls/compare/246d86b941ef2d2bdeabd7035efe7200bc609b91..30f073236922fe4e528fdf82eb442babb50516fa", "https://github.com/Mbed-TLS/mbedtls/compare/246d86b941ef2d2bdeabd7035efe7200bc609b91..a08faf90700e46f6aa2a6e3fee8a6a71ddb816ce", "https://github.com/Mbed-TLS/mbedtls/compare/8f4779c6fa40374f88404787bebad85cc7e9969b..eb346801263ba4612b5e29633bd55fe18943ca65", "https://github.com/Mbed-TLS/mbedtls/compare/9b54f934588bc373f3c3f5d45b5a3ad0ae003082..99270322ffac3546f813b1069fd6efb667cdce3f", "https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-10-ssbleed-mstep/", "https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/", "https://www.cve.org/CVERecord?id=CVE-2025-54764" ], "PublishedDate": "2025-10-20T22:15:37.06Z", "LastModifiedDate": "2025-10-31T15:09:59.62Z" }, { "VulnerabilityID": "CVE-2025-59438", "PkgID": "mbedtls@3.6.4-r0", "PkgName": "mbedtls", "PkgIdentifier": { "PURL": "pkg:apk/alpine/mbedtls@3.6.4-r0?arch=x86_64\u0026distro=3.22.1", "UID": "fd9fb762c16491f4" }, "InstalledVersion": "3.6.4-r0", "FixedVersion": "3.6.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-59438", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:9f6240710d82b7dd066112eff7e57dbc69a41baf591e9833ab6f9945a9008ef2", "Title": "Mbed TLS through 3.6.4 has an Observable Timing Discrepancy.", "Description": "Mbed TLS through 3.6.4 has an Observable Timing Discrepancy.", "Severity": "MEDIUM", "CweIDs": [ "CWE-208" ], "VendorSeverity": { "ubuntu": 2 }, "References": [ "https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2025-10-invalid-padding-error/", "https://mbed-tls.readthedocs.io/en/latest/tech-updates/security-advisories/", "https://www.cve.org/CVERecord?id=CVE-2025-59438" ], "PublishedDate": "2025-10-21T15:15:39.103Z", "LastModifiedDate": "2025-10-23T12:35:35.187Z" }, { "VulnerabilityID": "CVE-2026-25834", "PkgID": "mbedtls@3.6.4-r0", "PkgName": "mbedtls", "PkgIdentifier": { "PURL": "pkg:apk/alpine/mbedtls@3.6.4-r0?arch=x86_64\u0026distro=3.22.1", "UID": "fd9fb762c16491f4" }, "InstalledVersion": "3.6.4-r0", "FixedVersion": "3.6.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25834", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:94cbccc927454496757ab7eba02f13046592de395c96fbee42c2177f4d6f9abd", "Title": "mbedtls: Mbed TLS: Algorithm downgrade vulnerability", "Description": "Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295", "CWE-327" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-25834", "https://mbed-tls.readthedocs.io/en/latest/security-advisories/", "https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2026-03-sigalg-injection/", "https://nvd.nist.gov/vuln/detail/CVE-2026-25834", "https://www.cve.org/CVERecord?id=CVE-2026-25834" ], "PublishedDate": "2026-04-01T18:16:28.127Z", "LastModifiedDate": "2026-04-06T14:17:14.727Z" }, { "VulnerabilityID": "CVE-2026-40200", "PkgID": "musl@1.2.5-r10", "PkgName": "musl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl@1.2.5-r10?arch=x86_64\u0026distro=3.22.1", "UID": "55e7e479f5580f45" }, "InstalledVersion": "1.2.5-r10", "FixedVersion": "1.2.5-r12", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40200", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:32f07fc8acc8067f153891712efa3c4dc2378f1eec0866b3923617d537e486cd", "Title": "musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort", "Description": "An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).", "Severity": "HIGH", "CweIDs": [ "CWE-670" ], "VendorSeverity": { "redhat": 3 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/10/13", "https://access.redhat.com/security/cve/CVE-2026-40200", "https://musl.libc.org/releases.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-40200", "https://www.cve.org/CVERecord?id=CVE-2026-40200", "https://www.openwall.com/lists/oss-security/2026/04/10/13" ], "PublishedDate": "2026-04-10T17:17:14.107Z", "LastModifiedDate": "2026-04-27T19:18:46.69Z" }, { "VulnerabilityID": "CVE-2026-6042", "PkgID": "musl@1.2.5-r10", "PkgName": "musl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl@1.2.5-r10?arch=x86_64\u0026distro=3.22.1", "UID": "55e7e479f5580f45" }, "InstalledVersion": "1.2.5-r10", "FixedVersion": "1.2.5-r11", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6042", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:2afc541de1333f8be4041e2151dcf11e22e589886e171f62a8c4d39738350473", "Title": "musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv", "Description": "A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.", "Severity": "MEDIUM", "CweIDs": [ "CWE-404", "CWE-407" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/09/19", "https://access.redhat.com/security/cve/CVE-2026-6042", "https://nvd.nist.gov/vuln/detail/CVE-2026-6042", "https://vuldb.com/submit/796352", "https://vuldb.com/vuln/356620", "https://vuldb.com/vuln/356620/cti", "https://www.cve.org/CVERecord?id=CVE-2026-6042", "https://www.openwall.com/lists/oss-security/2026/04/02/10", "https://www.openwall.com/lists/oss-security/2026/04/03/2" ], "PublishedDate": "2026-04-10T09:16:25.45Z", "LastModifiedDate": "2026-04-24T18:01:13.913Z" }, { "VulnerabilityID": "CVE-2026-40200", "PkgID": "musl-utils@1.2.5-r10", "PkgName": "musl-utils", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r10?arch=x86_64\u0026distro=3.22.1", "UID": "73256102bfd5faee" }, "InstalledVersion": "1.2.5-r10", "FixedVersion": "1.2.5-r12", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40200", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:ce1237873e387342e1a346e876f5ee2f669dbda156eb48292a4b5bb695beecc7", "Title": "musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort", "Description": "An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).", "Severity": "HIGH", "CweIDs": [ "CWE-670" ], "VendorSeverity": { "redhat": 3 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/10/13", "https://access.redhat.com/security/cve/CVE-2026-40200", "https://musl.libc.org/releases.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-40200", "https://www.cve.org/CVERecord?id=CVE-2026-40200", "https://www.openwall.com/lists/oss-security/2026/04/10/13" ], "PublishedDate": "2026-04-10T17:17:14.107Z", "LastModifiedDate": "2026-04-27T19:18:46.69Z" }, { "VulnerabilityID": "CVE-2026-6042", "PkgID": "musl-utils@1.2.5-r10", "PkgName": "musl-utils", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r10?arch=x86_64\u0026distro=3.22.1", "UID": "73256102bfd5faee" }, "InstalledVersion": "1.2.5-r10", "FixedVersion": "1.2.5-r11", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6042", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:50a75a2bcafe2d01f8540b41f62fdbe1c6b119012f3295c99bbf51ba084f3fe1", "Title": "musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv", "Description": "A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.", "Severity": "MEDIUM", "CweIDs": [ "CWE-404", "CWE-407" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/09/19", "https://access.redhat.com/security/cve/CVE-2026-6042", "https://nvd.nist.gov/vuln/detail/CVE-2026-6042", "https://vuldb.com/submit/796352", "https://vuldb.com/vuln/356620", "https://vuldb.com/vuln/356620/cti", "https://www.cve.org/CVERecord?id=CVE-2026-6042", "https://www.openwall.com/lists/oss-security/2026/04/02/10", "https://www.openwall.com/lists/oss-security/2026/04/03/2" ], "PublishedDate": "2026-04-10T09:16:25.45Z", "LastModifiedDate": "2026-04-24T18:01:13.913Z" }, { "VulnerabilityID": "CVE-2025-58050", "PkgID": "pcre2@10.43-r1", "PkgName": "pcre2", "PkgIdentifier": { "PURL": "pkg:apk/alpine/pcre2@10.43-r1?arch=x86_64\u0026distro=3.22.1", "UID": "286dcfd16f9648c3" }, "InstalledVersion": "10.43-r1", "FixedVersion": "10.46-r0", "Status": "fixed", "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58050", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:62478b9b49a8059f2fe125d42da065b25c168f399c2c3b16e0eeb4bd32b53e5d", "Title": "pcre2: PCRE2: heap-buffer-overflow read in match_ref due to missing boundary restoration in SCS", "Description": "The PCRE2 library is a set of C functions that implement regular expression pattern matching. In version 10.45, a heap-buffer-overflow read vulnerability exists in the PCRE2 regular expression matching engine, specifically within the handling of the (*scs:...) (Scan SubString) verb when combined with (*ACCEPT) in src/pcre2_match.c. This vulnerability may potentially lead to information disclosure if the out-of-bounds data read during the memcmp affects the final match result in a way observable by the attacker. This issue has been resolved in version 10.46.", "Severity": "CRITICAL", "CweIDs": [ "CWE-122", "CWE-125", "CWE-787" ], "VendorSeverity": { "julia": 2, "nvd": 4, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:L/SI:N/SA:L", "V40Score": 6.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "V3Score": 9.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-58050", "https://github.com/PCRE2Project/pcre2/commit/a141712e5967d448c7ce13090ab530c8e3d82254", "https://github.com/PCRE2Project/pcre2/releases/tag/pcre2-10.46", "https://github.com/PCRE2Project/pcre2/security/advisories/GHSA-c2gv-xgf5-5cc2", "https://nvd.nist.gov/vuln/detail/CVE-2025-58050", "https://ubuntu.com/security/notices/USN-7777-1", "https://www.cve.org/CVERecord?id=CVE-2025-58050" ], "PublishedDate": "2025-08-27T19:15:37.56Z", "LastModifiedDate": "2025-09-09T15:27:39.573Z" }, { "VulnerabilityID": "CVE-2024-58251", "PkgID": "ssl_client@1.37.0-r18", "PkgName": "ssl_client", "PkgIdentifier": { "PURL": "pkg:apk/alpine/ssl_client@1.37.0-r18?arch=x86_64\u0026distro=3.22.1", "UID": "24ada6e59ed92743" }, "InstalledVersion": "1.37.0-r18", "FixedVersion": "1.37.0-r20", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:5cf8db6e291078255b54f92483c51ff776e7e19365ceaf6e5f278e20e7f0d6a0", "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", "Severity": "MEDIUM", "CweIDs": [ "CWE-150" ], "VendorSeverity": { "ubuntu": 2 }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/23/6", "https://bugs.busybox.net/show_bug.cgi?id=15922", "https://www.busybox.net", "https://www.busybox.net/downloads/", "https://www.cve.org/CVERecord?id=CVE-2024-58251" ], "PublishedDate": "2025-04-23T18:16:03.057Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2026-34743", "PkgID": "xz-libs@5.8.1-r0", "PkgName": "xz-libs", "PkgIdentifier": { "PURL": "pkg:apk/alpine/xz-libs@5.8.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "8bd18e17467b35f2" }, "InstalledVersion": "5.8.1-r0", "FixedVersion": "5.8.3-r0", "Status": "fixed", "Layer": { "Digest": "sha256:24ce8ecf297cdde4e40816ae353d149c51d11518db468f9259c85b5b1d94d298", "DiffID": "sha256:c0b3f65d11f1b4cad52bd01e2fe89e093b21a9246b0466a0c0a8df647d4f6b18" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34743", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:383cc927609138c7e73c67cee779152e6bac1c696c27c5540c1490d5d4fb468d", "Title": "xz: XZ Utils: Denial of Service via buffer overflow in index decoding", "Description": "XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.", "Severity": "MEDIUM", "CweIDs": [ "CWE-122" ], "VendorSeverity": { "azure": 1, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/31/13", "https://access.redhat.com/security/cve/CVE-2026-34743", "https://github.com/tukaani-project/xz/commit/c8c22869e780ff57c96b46939c3d79ff99395f87", "https://github.com/tukaani-project/xz/releases/tag/v5.8.3", "https://github.com/tukaani-project/xz/security/advisories/GHSA-x872-m794-cxhv", "https://nvd.nist.gov/vuln/detail/CVE-2026-34743", "https://www.cve.org/CVERecord?id=CVE-2026-34743" ], "PublishedDate": "2026-04-02T19:21:33.187Z", "LastModifiedDate": "2026-04-15T17:33:17.68Z" }, { "VulnerabilityID": "CVE-2026-22184", "PkgID": "zlib@1.3.1-r2", "PkgName": "zlib", "PkgIdentifier": { "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.22.1", "UID": "23095b6210429e11" }, "InstalledVersion": "1.3.1-r2", "FixedVersion": "1.3.2-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22184", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:a2692ba9a588413e2fdd4093df3fa3c8c5e4abfbf4204a5bf916dd4d1bfd6759", "Title": "zlib: zlib: Arbitrary code execution via buffer overflow in untgz utility", "Description": "zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "nvd": 3, "redhat": 3 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "V3Score": 8.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-22184", "https://github.com/madler/zlib", "https://github.com/madler/zlib/issues/1142", "https://nvd.nist.gov/vuln/detail/CVE-2026-22184", "https://seclists.org/fulldisclosure/2026/Jan/3", "https://www.cve.org/CVERecord?id=CVE-2026-22184", "https://www.vulncheck.com/advisories/zlib-untgz-global-buffer-overflow-in-tgzfname", "https://zlib.net/" ], "PublishedDate": "2026-01-07T21:16:01.563Z", "LastModifiedDate": "2026-03-18T16:26:31.14Z" }, { "VulnerabilityID": "CVE-2026-27171", "PkgID": "zlib@1.3.1-r2", "PkgName": "zlib", "PkgIdentifier": { "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.22.1", "UID": "23095b6210429e11" }, "InstalledVersion": "1.3.1-r2", "FixedVersion": "1.3.2-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27171", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:b82ef2c6312fabb5760940297ff062c6578a76126bab5fec7de24dc6716b6566", "Title": "zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions", "Description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", "Severity": "MEDIUM", "CweIDs": [ "CWE-1284" ], "VendorSeverity": { "amazon": 1, "azure": 1, "cbl-mariner": 1, "julia": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 2.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit", "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", "https://access.redhat.com/security/cve/CVE-2026-27171", "https://github.com/advisories/GHSA-h858-mf2m-8jf4", "https://github.com/madler/zlib/issues/904", "https://github.com/madler/zlib/releases/tag/v1.3.2", "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", "https://ostif.org/zlib-audit-complete", "https://ostif.org/zlib-audit-complete/", "https://www.cve.org/CVERecord?id=CVE-2026-27171" ], "PublishedDate": "2026-02-18T04:16:01.263Z", "LastModifiedDate": "2026-03-25T21:27:04.603Z" } ] }, { "Target": "app/m3uproxy", "Class": "lang-pkgs", "Type": "gobinary", "Packages": [ { "ID": "stdlib@v1.24.0", "Name": "stdlib", "Identifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "d8e498cd18912e2c" }, "Version": "v1.24.0", "Relationship": "direct", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/a13labs/m3uproxy", "Name": "github.com/a13labs/m3uproxy", "Identifier": { "PURL": "pkg:golang/github.com/a13labs/m3uproxy", "UID": "e82f25e8ebf9f697" }, "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/andybalholm/brotli@v1.1.1", "Name": "github.com/andybalholm/brotli", "Identifier": { "PURL": "pkg:golang/github.com/andybalholm/brotli@v1.1.1", "UID": "aa21bb14c4db0ed5" }, "Version": "v1.1.1", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/elnormous/contenttype@v1.0.4", "Name": "github.com/elnormous/contenttype", "Identifier": { "PURL": "pkg:golang/github.com/elnormous/contenttype@v1.0.4", "UID": "b39c7440c0c72ca6" }, "Version": "v1.0.4", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/golang-jwt/jwt/v5@v5.2.2", "Name": "github.com/golang-jwt/jwt/v5", "Identifier": { "PURL": "pkg:golang/github.com/golang-jwt/jwt/v5@v5.2.2", "UID": "60c4aee87dd7e365" }, "Version": "v5.2.2", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/gorilla/mux@v1.8.1", "Name": "github.com/gorilla/mux", "Identifier": { "PURL": "pkg:golang/github.com/gorilla/mux@v1.8.1", "UID": "3eb0f1da81c9a6d3" }, "Version": "v1.8.1", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/klauspost/compress@v1.18.0", "Name": "github.com/klauspost/compress", "Identifier": { "PURL": "pkg:golang/github.com/klauspost/compress@v1.18.0", "UID": "f7dc88e03d48242d" }, "Version": "v1.18.0", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/oschwald/geoip2-golang@v1.11.0", "Name": "github.com/oschwald/geoip2-golang", "Identifier": { "PURL": "pkg:golang/github.com/oschwald/geoip2-golang@v1.11.0", "UID": "50840e6e6e5c39" }, "Version": "v1.11.0", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/oschwald/maxminddb-golang@v1.13.0", "Name": "github.com/oschwald/maxminddb-golang", "Identifier": { "PURL": "pkg:golang/github.com/oschwald/maxminddb-golang@v1.13.0", "UID": "92493563d0441048" }, "Version": "v1.13.0", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/sirupsen/logrus@v1.9.3", "Name": "github.com/sirupsen/logrus", "Identifier": { "PURL": "pkg:golang/github.com/sirupsen/logrus@v1.9.3", "UID": "459fb477a256bc9a" }, "Version": "v1.9.3", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/spf13/cobra@v1.8.1", "Name": "github.com/spf13/cobra", "Identifier": { "PURL": "pkg:golang/github.com/spf13/cobra@v1.8.1", "UID": "ca6997cd33fe5e87" }, "Version": "v1.8.1", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/spf13/pflag@v1.0.5", "Name": "github.com/spf13/pflag", "Identifier": { "PURL": "pkg:golang/github.com/spf13/pflag@v1.0.5", "UID": "91607759da97b0c6" }, "Version": "v1.0.5", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/unki2aut/go-xsd-types@v0.0.0-20200220223938-30e5405398f8", "Name": "github.com/unki2aut/go-xsd-types", "Identifier": { "PURL": "pkg:golang/github.com/unki2aut/go-xsd-types@v0.0.0-20200220223938-30e5405398f8", "UID": "5ec43ffe612284c7" }, "Version": "v0.0.0-20200220223938-30e5405398f8", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/valyala/bytebufferpool@v1.0.0", "Name": "github.com/valyala/bytebufferpool", "Identifier": { "PURL": "pkg:golang/github.com/valyala/bytebufferpool@v1.0.0", "UID": "4e6e6c311a90edfe" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/valyala/fasthttp@v1.60.0", "Name": "github.com/valyala/fasthttp", "Identifier": { "PURL": "pkg:golang/github.com/valyala/fasthttp@v1.60.0", "UID": "25a63296535f58be" }, "Version": "v1.60.0", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/net@v0.38.0", "Name": "golang.org/x/net", "Identifier": { "PURL": "pkg:golang/golang.org/x/net@v0.38.0", "UID": "f7a8718f20faf776" }, "Version": "v0.38.0", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/sys@v0.31.0", "Name": "golang.org/x/sys", "Identifier": { "PURL": "pkg:golang/golang.org/x/sys@v0.31.0", "UID": "c62d9fb9c5818707" }, "Version": "v0.31.0", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/text@v0.23.0", "Name": "golang.org/x/text", "Identifier": { "PURL": "pkg:golang/golang.org/x/text@v0.23.0", "UID": "a97e78ba9de0c52e" }, "Version": "v0.23.0", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "AnalyzedBy": "gobinary" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2025-68121", "VendorIDs": [ "GO-2026-4337" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "d8e498cd18912e2c" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3", "Status": "fixed", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68121", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:65609583a3c1102cd3ecf73c562514e5f58dc8a2c095c5c913b0e26c002603f6", "Title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption", "Description": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.", "Severity": "CRITICAL", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 4, "cbl-mariner": 2, "nvd": 4, "oracle-oval": 3, "photon": 4, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "V3Score": 10 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "V3Score": 10 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4177", "https://access.redhat.com/security/cve/CVE-2025-68121", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-4177.html", "https://errata.rockylinux.org/RLSA-2026:4177", "https://github.com/golang/go/issues/77113", "https://go.dev/cl/737700", "https://go.dev/issue/77217", "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-68121.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-68121", "https://pkg.go.dev/vuln/GO-2026-4337", "https://www.cve.org/CVERecord?id=CVE-2025-68121" ], "PublishedDate": "2026-02-05T18:16:10.857Z", "LastModifiedDate": "2026-04-29T14:16:16.17Z" }, { "VulnerabilityID": "CVE-2025-22874", "VendorIDs": [ "GO-2025-3749" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "d8e498cd18912e2c" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.24.4", "Status": "fixed", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22874", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:1c2d7048c5f2a36b74a4e8e02372379c40d585dfd6c08918ee1444fb1182f806", "Title": "crypto/x509: Usage of ExtKeyUsageAny disables policy validation in crypto/x509", "Description": "Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.", "Severity": "HIGH", "VendorSeverity": { "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "redhat": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22874", "https://go.dev/cl/670375", "https://go.dev/issue/73612", "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "https://nvd.nist.gov/vuln/detail/CVE-2025-22874", "https://pkg.go.dev/vuln/GO-2025-3749", "https://www.cve.org/CVERecord?id=CVE-2025-22874" ], "PublishedDate": "2025-06-11T17:15:42.167Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-61726", "VendorIDs": [ "GO-2026-4341" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "d8e498cd18912e2c" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61726", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:0d3b909e4296e46f8257f1b95d0a4df7d8ffa4f290a752be61301f0bcb03a8c8", "Title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url", "Description": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 3, "cbl-mariner": 2, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4177", "https://access.redhat.com/security/cve/CVE-2025-61726", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-4177.html", "https://errata.rockylinux.org/RLSA-2026:4177", "https://go.dev/cl/736712", "https://go.dev/issue/77101", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-61726.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61726", "https://pkg.go.dev/vuln/GO-2026-4341", "https://www.cve.org/CVERecord?id=CVE-2025-61726" ], "PublishedDate": "2026-01-28T20:16:09.713Z", "LastModifiedDate": "2026-02-06T18:47:34.52Z" }, { "VulnerabilityID": "CVE-2025-61729", "VendorIDs": [ "GO-2025-4155" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "d8e498cd18912e2c" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.24.11, 1.25.5", "Status": "fixed", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61729", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:99970e3664e99ddc9bf2f50c827c32544977a2265ea807e2a5df8a9df3410258", "Title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate", "Description": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 1, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:3928", "https://access.redhat.com/security/cve/CVE-2025-61729", "https://bugzilla.redhat.com/2418462", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-3928.html", "https://errata.rockylinux.org/RLSA-2026:3928", "https://go.dev/cl/725920", "https://go.dev/issue/76445", "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "https://linux.oracle.com/cve/CVE-2025-61729.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61729", "https://pkg.go.dev/vuln/GO-2025-4155", "https://www.cve.org/CVERecord?id=CVE-2025-61729" ], "PublishedDate": "2025-12-02T19:15:51.447Z", "LastModifiedDate": "2025-12-19T18:25:28.283Z" }, { "VulnerabilityID": "CVE-2026-25679", "VendorIDs": [ "GO-2026-4601" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "d8e498cd18912e2c" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.25.8, 1.26.1", "Status": "fixed", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25679", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:a4dfc198d480876c9ffe40782e9895cda84c0c2a65808f6a68438110342d43e8", "Title": "net/url: Incorrect parsing of IPv6 host literals in net/url", "Description": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.", "Severity": "HIGH", "CweIDs": [ "CWE-425" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:9044", "https://access.redhat.com/security/cve/CVE-2026-25679", "https://bugzilla.redhat.com/2445356", "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", "https://errata.almalinux.org/9/ALSA-2026-9044.html", "https://errata.rockylinux.org/RLSA-2026:8841", "https://go.dev/cl/752180", "https://go.dev/issue/77578", "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "https://linux.oracle.com/cve/CVE-2026-25679.html", "https://linux.oracle.com/errata/ELSA-2026-9044.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", "https://pkg.go.dev/vuln/GO-2026-4601", "https://www.cve.org/CVERecord?id=CVE-2026-25679" ], "PublishedDate": "2026-03-06T22:16:00.72Z", "LastModifiedDate": "2026-04-21T14:43:03.8Z" }, { "VulnerabilityID": "CVE-2026-32280", "VendorIDs": [ "GO-2026-4947" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "d8e498cd18912e2c" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:894c885a2daa89a312dc78b3a5273d31f8a015ff354dee9757b5a457c284e91d", "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32280", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/758320", "https://go.dev/issue/78282", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32280.html", "https://linux.oracle.com/errata/ELSA-2026-16875.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", "https://pkg.go.dev/vuln/GO-2026-4947", "https://www.cve.org/CVERecord?id=CVE-2026-32280" ], "PublishedDate": "2026-04-08T02:16:03.247Z", "LastModifiedDate": "2026-04-16T19:16:42.18Z" }, { "VulnerabilityID": "CVE-2026-32281", "VendorIDs": [ "GO-2026-4946" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "d8e498cd18912e2c" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:450874959519c58b34b3009c1c5d7a7dbc1fd5fc6e5c7f742a425acc53c18f01", "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32281", "https://go.dev/cl/758061", "https://go.dev/issue/78281", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", "https://pkg.go.dev/vuln/GO-2026-4946", "https://www.cve.org/CVERecord?id=CVE-2026-32281" ], "PublishedDate": "2026-04-08T02:16:03.35Z", "LastModifiedDate": "2026-04-16T19:15:57.75Z" }, { "VulnerabilityID": "CVE-2026-32283", "VendorIDs": [ "GO-2026-4870" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "d8e498cd18912e2c" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:4eed36f53c0244e01fcce449dc1eeb366b34c1de08b1764b510986d362427007", "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "nvd": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32283", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763767", "https://go.dev/issue/78334", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32283.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", "https://pkg.go.dev/vuln/GO-2026-4870", "https://www.cve.org/CVERecord?id=CVE-2026-32283" ], "PublishedDate": "2026-04-08T02:16:03.58Z", "LastModifiedDate": "2026-04-16T19:12:10.54Z" }, { "VulnerabilityID": "CVE-2026-33811", "VendorIDs": [ "GO-2026-4981" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "d8e498cd18912e2c" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:1b0791d4a45ee4b88dfd253ad2aa711e28d864f6cdd20da4eef19e519f7c0f5f", "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", "Severity": "HIGH", "CweIDs": [ "CWE-415" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/767860", "https://go.dev/issue/78803", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", "https://pkg.go.dev/vuln/GO-2026-4981" ], "PublishedDate": "2026-05-07T20:16:42.77Z", "LastModifiedDate": "2026-05-12T20:23:02.333Z" }, { "VulnerabilityID": "CVE-2026-33814", "VendorIDs": [ "GO-2026-4918" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "d8e498cd18912e2c" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:4c7b7e3cf7e3fe1ffc5603637cd6ad4c4c08333080d9db4baeb42cf08298e401", "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", "Severity": "HIGH", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/761581", "https://go.dev/cl/761640", "https://go.dev/issue/78476", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", "https://pkg.go.dev/vuln/GO-2026-4918" ], "PublishedDate": "2026-05-07T20:16:42.88Z", "LastModifiedDate": "2026-05-13T14:41:59.52Z" }, { "VulnerabilityID": "CVE-2026-39820", "VendorIDs": [ "GO-2026-4986" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "d8e498cd18912e2c" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:4dda448053c5224f6f1a4a78923c5181f8f1715165a7e0b763e434bdd0518bce", "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/759940", "https://go.dev/issue/78566", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", "https://pkg.go.dev/vuln/GO-2026-4986" ], "PublishedDate": "2026-05-07T20:16:43.187Z", "LastModifiedDate": "2026-05-13T15:10:58.65Z" }, { "VulnerabilityID": "CVE-2026-39836", "VendorIDs": [ "GO-2026-4971" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "d8e498cd18912e2c" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:70e036f33704ee31fef244083923e01a2a7d026e04022aa42bfc022e8a62929d", "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/775320", "https://go.dev/issue/79006", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", "https://pkg.go.dev/vuln/GO-2026-4971" ], "PublishedDate": "2026-05-07T20:16:43.593Z", "LastModifiedDate": "2026-05-13T15:11:10.31Z" }, { "VulnerabilityID": "CVE-2026-42499", "VendorIDs": [ "GO-2026-4977" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "d8e498cd18912e2c" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:511acf869e9bb6f0fecef9ad37575b0e45e63a134d2452f080a438501ed79b26", "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", "Severity": "HIGH", "VendorSeverity": { "bitnami": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/771520", "https://go.dev/issue/78987", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", "https://pkg.go.dev/vuln/GO-2026-4977" ], "PublishedDate": "2026-05-07T20:16:44.54Z", "LastModifiedDate": "2026-05-13T16:59:17.563Z" }, { "VulnerabilityID": "CVE-2025-0913", "VendorIDs": [ "GO-2025-3750" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "d8e498cd18912e2c" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.23.10, 1.24.4", "Status": "fixed", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:a465d8da16659b70614c2b0a32a3081c331a19ae277bff8c677eaafa84ce3b29", "Title": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", "Description": "os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 } }, "References": [ "https://go.dev/cl/672396", "https://go.dev/issue/73702", "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "https://nvd.nist.gov/vuln/detail/CVE-2025-0913", "https://pkg.go.dev/vuln/GO-2025-3750" ], "PublishedDate": "2025-06-11T18:15:24.627Z", "LastModifiedDate": "2025-08-08T14:53:03.55Z" }, { "VulnerabilityID": "CVE-2025-22870", "VendorIDs": [ "GHSA-qxp5-gwg8-xv66", "GO-2025-3503" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "d8e498cd18912e2c" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.23.7, 1.24.1", "Status": "fixed", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:08d19842b24eeb3732d1212f70ac78ac802b3b371fc3d6657113f50bb6cd91a2", "Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", "Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.", "Severity": "MEDIUM", "CweIDs": [ "CWE-115" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/03/07/2", "https://access.redhat.com/security/cve/CVE-2025-22870", "https://github.com/golang/go/issues/71984", "https://go-review.googlesource.com/q/project:net", "https://go.dev/cl/654697", "https://go.dev/issue/71984", "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", "https://nvd.nist.gov/vuln/detail/CVE-2025-22870", "https://pkg.go.dev/vuln/GO-2025-3503", "https://security.netapp.com/advisory/ntap-20250509-0007", "https://security.netapp.com/advisory/ntap-20250509-0007/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-22870" ], "PublishedDate": "2025-03-12T19:15:38.31Z", "LastModifiedDate": "2026-04-16T23:16:32.86Z" }, { "VulnerabilityID": "CVE-2025-22871", "VendorIDs": [ "GO-2025-3563" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "d8e498cd18912e2c" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.23.8, 1.24.2", "Status": "fixed", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22871", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:1de48d5090e9f1cf3e65fbaba8b8c9b25c81062c208e68d88fc169126c0da996", "Title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http", "Description": "The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 4, "cbl-mariner": 3, "ghsa": 4, "oracle-oval": 2, "photon": 4, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/04/4", "https://access.redhat.com/errata/RHSA-2025:9635", "https://access.redhat.com/security/cve/CVE-2025-22871", "https://bugzilla.redhat.com/2358493", "https://bugzilla.redhat.com/show_bug.cgi?id=2358493", "https://cert-portal.siemens.com/productcert/html/ssa-783943.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871", "https://errata.almalinux.org/9/ALSA-2025-9635.html", "https://errata.rockylinux.org/RLSA-2025:9635", "https://github.com/roadrunner-server/roadrunner", "https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa", "https://github.com/roadrunner-server/roadrunner/issues/2166", "https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0", "https://go.dev/cl/652998", "https://go.dev/issue/71988", "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk", "https://linux.oracle.com/cve/CVE-2025-22871.html", "https://linux.oracle.com/errata/ELSA-2025-9845.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-22871", "https://pkg.go.dev/vuln/GO-2025-3563", "https://www.cve.org/CVERecord?id=CVE-2025-22871" ], "PublishedDate": "2025-04-08T20:15:20.183Z", "LastModifiedDate": "2026-05-12T13:16:39.897Z" }, { "VulnerabilityID": "CVE-2025-22873", "VendorIDs": [ "GO-2026-4403" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "d8e498cd18912e2c" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.23.9, 1.24.3", "Status": "fixed", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22873", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3cbe7dafd3c723b4d88294b71ea7bda49eeb8b957aac56f30674e33b9424d1d0", "Title": "os: os: Information disclosure via path traversal using specially crafted filenames", "Description": "It was possible to improperly access the parent directory of an os.Root by opening a filename ending in \"../\". For example, Root.Open(\"../\") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.", "Severity": "MEDIUM", "CweIDs": [ "CWE-23" ], "VendorSeverity": { "amazon": 2, "bitnami": 1, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "V3Score": 3.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/05/06/2", "https://access.redhat.com/security/cve/CVE-2025-22873", "https://go.dev/cl/670036", "https://go.dev/issue/73555", "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ", "https://nvd.nist.gov/vuln/detail/CVE-2025-22873", "https://pkg.go.dev/vuln/GO-2026-4403", "https://www.cve.org/CVERecord?id=CVE-2025-22873" ], "PublishedDate": "2026-02-04T23:15:54.22Z", "LastModifiedDate": "2026-02-10T15:16:40.057Z" }, { "VulnerabilityID": "CVE-2025-4673", "VendorIDs": [ "GO-2025-3751" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "d8e498cd18912e2c" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.23.10, 1.24.4", "Status": "fixed", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3e0cc6d3b80b138067d335af1e98893d34762bda534ef44c61d0cc57a1eba00e", "Title": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", "Description": "Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "V3Score": 6.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "V3Score": 6.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:15887", "https://access.redhat.com/security/cve/CVE-2025-4673", "https://bugzilla.redhat.com/2373305", "https://bugzilla.redhat.com/show_bug.cgi?id=2373305", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673", "https://errata.almalinux.org/9/ALSA-2025-15887.html", "https://errata.rockylinux.org/RLSA-2025:15887", "https://go.dev/cl/679257", "https://go.dev/issue/73816", "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "https://linux.oracle.com/cve/CVE-2025-4673.html", "https://linux.oracle.com/errata/ELSA-2025-10677.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-4673", "https://pkg.go.dev/vuln/GO-2025-3751", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-4673" ], "PublishedDate": "2025-06-11T17:15:42.993Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-47906", "VendorIDs": [ "GO-2025-3956" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "d8e498cd18912e2c" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.23.12, 1.24.6", "Status": "fixed", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:45d36eb7e367894a52e35771e75c15dde4f576a16c0ba3ab2f7cf4bddddbb92d", "Title": "os/exec: Unexpected paths returned from LookPath in os/exec", "Description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/08/06/1", "https://access.redhat.com/errata/RHSA-2025:22005", "https://access.redhat.com/security/cve/CVE-2025-47906", "https://bugzilla.redhat.com/2396546", "https://bugzilla.redhat.com/show_bug.cgi?id=2396546", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906", "https://errata.almalinux.org/9/ALSA-2025-22005.html", "https://errata.rockylinux.org/RLSA-2025:22005", "https://go.dev/cl/691775", "https://go.dev/issue/74466", "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", "https://linux.oracle.com/cve/CVE-2025-47906.html", "https://linux.oracle.com/errata/ELSA-2025-22668.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-47906", "https://pkg.go.dev/vuln/GO-2025-3956", "https://www.cve.org/CVERecord?id=CVE-2025-47906" ], "PublishedDate": "2025-09-18T19:15:37.66Z", "LastModifiedDate": "2026-01-27T19:56:17.707Z" }, { "VulnerabilityID": "CVE-2025-47907", "VendorIDs": [ "GO-2025-3849" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "d8e498cd18912e2c" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.23.12, 1.24.6", "Status": "fixed", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:a6e4fc6e10ccd252c6442afb6f6042834c691432701e4456495b53b6b72ebd9f", "Title": "database/sql: Postgres Scan Race Condition", "Description": "Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "V3Score": 7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/08/06/1", "https://access.redhat.com/errata/RHSA-2025:20909", "https://access.redhat.com/security/cve/CVE-2025-47907", "https://bugzilla.redhat.com/2387083", "https://bugzilla.redhat.com/2393152", "https://errata.almalinux.org/9/ALSA-2025-20909.html", "https://go.dev/cl/693735", "https://go.dev/issue/74831", "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", "https://linux.oracle.com/cve/CVE-2025-47907.html", "https://linux.oracle.com/errata/ELSA-2025-20983.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-47907", "https://pkg.go.dev/vuln/GO-2025-3849", "https://www.cve.org/CVERecord?id=CVE-2025-47907" ], "PublishedDate": "2025-08-07T16:15:30.357Z", "LastModifiedDate": "2026-01-29T19:11:50.67Z" }, { "VulnerabilityID": "CVE-2025-47912", "VendorIDs": [ "GO-2025-4010" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "d8e498cd18912e2c" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47912", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c3ef3f73294473347bade3fe54ff81bb1c7707582ff8ec8642a7804eb71d783a", "Title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url", "Description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-47912", "https://go.dev/cl/709857", "https://go.dev/issue/75678", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-47912", "https://pkg.go.dev/vuln/GO-2025-4010", "https://www.cve.org/CVERecord?id=CVE-2025-47912" ], "PublishedDate": "2025-10-29T23:16:18.187Z", "LastModifiedDate": "2026-01-29T13:57:18.69Z" }, { "VulnerabilityID": "CVE-2025-58183", "VendorIDs": [ "GO-2025-4014" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "d8e498cd18912e2c" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58183", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:5eb2bd4bb2e394d321a1f5d71e3e9be6629c9384b221c6d3dadffc2b09c36567", "Title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map", "Description": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/errata/RHSA-2026:1381", "https://access.redhat.com/security/cve/CVE-2025-58183", "https://bugzilla.redhat.com/2407258", "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", "https://errata.almalinux.org/9/ALSA-2026-1381.html", "https://errata.rockylinux.org/RLSA-2025:23326", "https://go.dev/cl/709861", "https://go.dev/issue/75677", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://linux.oracle.com/cve/CVE-2025-58183.html", "https://linux.oracle.com/errata/ELSA-2026-50076.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-58183", "https://pkg.go.dev/vuln/GO-2025-4014", "https://www.cve.org/CVERecord?id=CVE-2025-58183" ], "PublishedDate": "2025-10-29T23:16:19.357Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-58185", "VendorIDs": [ "GO-2025-4011" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "d8e498cd18912e2c" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58185", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:1926bcffb74ecb99a43495fa59617d6f85fa4f02867eb45ea7da68335a382949", "Title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1", "Description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58185", "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd", "https://go.dev/cl/709856", "https://go.dev/issue/75671", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58185", "https://pkg.go.dev/vuln/GO-2025-4011", "https://www.cve.org/CVERecord?id=CVE-2025-58185" ], "PublishedDate": "2025-10-29T23:16:19.45Z", "LastModifiedDate": "2026-02-06T20:26:41.997Z" }, { "VulnerabilityID": "CVE-2025-58187", "VendorIDs": [ "GO-2025-4007" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "d8e498cd18912e2c" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.24.9, 1.25.3", "Status": "fixed", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58187", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:5ff8e998b0cc41c9d9e0537b8937a25725a3779c05caef5508eb80d70bd3db0d", "Title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509", "Description": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.", "Severity": "MEDIUM", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58187", "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4", "https://go.dev/cl/709854", "https://go.dev/issue/75681", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58187", "https://pkg.go.dev/vuln/GO-2025-4007", "https://www.cve.org/CVERecord?id=CVE-2025-58187" ], "PublishedDate": "2025-10-29T23:16:19.643Z", "LastModifiedDate": "2026-01-29T16:02:27.08Z" }, { "VulnerabilityID": "CVE-2025-58188", "VendorIDs": [ "GO-2025-4013" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "d8e498cd18912e2c" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58188", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:084ff6b88696845df2bbe3411f592730affab0e3fe22de78aa47659f612f2051", "Title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509", "Description": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58188", "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9", "https://go.dev/cl/709853", "https://go.dev/issue/75675", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58188", "https://pkg.go.dev/vuln/GO-2025-4013", "https://www.cve.org/CVERecord?id=CVE-2025-58188" ], "PublishedDate": "2025-10-29T23:16:19.74Z", "LastModifiedDate": "2026-01-29T15:55:11.97Z" }, { "VulnerabilityID": "CVE-2025-58189", "VendorIDs": [ "GO-2025-4008" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "d8e498cd18912e2c" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58189", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:4426b40f2ae35922550f333855c69f823f939ef6967604f1a768a36dc46fcecf", "Title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information", "Description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", "Severity": "MEDIUM", "CweIDs": [ "CWE-532" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58189", "https://go.dev/cl/707776", "https://go.dev/issue/75652", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58189", "https://pkg.go.dev/vuln/GO-2025-4008", "https://www.cve.org/CVERecord?id=CVE-2025-58189" ], "PublishedDate": "2025-10-29T23:16:19.833Z", "LastModifiedDate": "2026-01-29T15:49:24.543Z" }, { "VulnerabilityID": "CVE-2025-61723", "VendorIDs": [ "GO-2025-4009" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "d8e498cd18912e2c" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61723", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:d56542f2b9ba9fdf396e183fc8f2fd5735f0fe3c80ea655811d6c69a1557c862", "Title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem", "Description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61723", "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b", "https://go.dev/cl/709858", "https://go.dev/issue/75676", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61723", "https://pkg.go.dev/vuln/GO-2025-4009", "https://www.cve.org/CVERecord?id=CVE-2025-61723" ], "PublishedDate": "2025-10-29T23:16:19.927Z", "LastModifiedDate": "2026-01-29T15:49:05.343Z" }, { "VulnerabilityID": "CVE-2025-61724", "VendorIDs": [ "GO-2025-4015" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "d8e498cd18912e2c" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61724", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:e17b0d92a0006e67b59ae7b8cbecb82ca014df7291be6c3d7e7319d46d29624f", "Title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto", "Description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61724", "https://go.dev/cl/709859", "https://go.dev/issue/75716", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61724", "https://pkg.go.dev/vuln/GO-2025-4015", "https://www.cve.org/CVERecord?id=CVE-2025-61724" ], "PublishedDate": "2025-10-29T23:16:20.02Z", "LastModifiedDate": "2026-01-29T15:30:53.69Z" }, { "VulnerabilityID": "CVE-2025-61725", "VendorIDs": [ "GO-2025-4006" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "d8e498cd18912e2c" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61725", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:ec6002aac82cbc4a3957e80f4960fc18f0afe4e4f162a4b7bdd94aae74010485", "Title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail", "Description": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61725", "https://go.dev/cl/709860", "https://go.dev/issue/75680", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61725", "https://pkg.go.dev/vuln/GO-2025-4006", "https://www.cve.org/CVERecord?id=CVE-2025-61725" ], "PublishedDate": "2025-10-29T23:16:20.113Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-61727", "VendorIDs": [ "GO-2025-4175" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "d8e498cd18912e2c" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.24.11, 1.25.5", "Status": "fixed", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61727", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:a9005eb274a3da19ad1d7bc033a3ff298d0fff62f243f1bc6750d8ed57ea6ed6", "Title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs", "Description": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-61727", "https://go.dev/cl/723900", "https://go.dev/issue/76442", "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "https://nvd.nist.gov/vuln/detail/CVE-2025-61727", "https://pkg.go.dev/vuln/GO-2025-4175", "https://www.cve.org/CVERecord?id=CVE-2025-61727" ], "PublishedDate": "2025-12-03T20:16:25.607Z", "LastModifiedDate": "2025-12-18T20:15:10.957Z" }, { "VulnerabilityID": "CVE-2025-61728", "VendorIDs": [ "GO-2026-4342" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "d8e498cd18912e2c" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61728", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:2ff8710812fd184f57370e0f96de732dad11fbd1936598e149bd5dc21d59efee", "Title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip", "Description": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/15/4", "https://access.redhat.com/errata/RHSA-2026:3753", "https://access.redhat.com/security/cve/CVE-2025-61728", "https://bugzilla.redhat.com/2418462", "https://bugzilla.redhat.com/2434431", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", "https://bugzilla.redhat.com/show_bug.cgi?id=2434431", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-3753.html", "https://errata.rockylinux.org/RLSA-2026:3337", "https://go.dev/cl/736713", "https://go.dev/issue/77102", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-61728.html", "https://linux.oracle.com/errata/ELSA-2026-4672.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61728", "https://pkg.go.dev/vuln/GO-2026-4342", "https://www.cve.org/CVERecord?id=CVE-2025-61728" ], "PublishedDate": "2026-01-28T20:16:09.83Z", "LastModifiedDate": "2026-02-06T18:45:10.42Z" }, { "VulnerabilityID": "CVE-2025-61730", "VendorIDs": [ "GO-2026-4340" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "d8e498cd18912e2c" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61730", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:11ddfe222bb3b62ec53b8cb54143dc07d69b639d2da055b65741c6de1df8f830", "Title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls", "Description": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 2, "azure": 1, "bitnami": 2, "cbl-mariner": 1, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-61730", "https://go.dev/cl/724120", "https://go.dev/issue/76443", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://nvd.nist.gov/vuln/detail/CVE-2025-61730", "https://pkg.go.dev/vuln/GO-2026-4340", "https://www.cve.org/CVERecord?id=CVE-2025-61730" ], "PublishedDate": "2026-01-28T20:16:09.94Z", "LastModifiedDate": "2026-02-03T20:36:41.3Z" }, { "VulnerabilityID": "CVE-2026-27142", "VendorIDs": [ "GO-2026-4603" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "d8e498cd18912e2c" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.25.8, 1.26.1", "Status": "fixed", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27142", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:35b4eaaf41e187807c08ee8edca675ca37a1d89bf5930e622dc9d6afec4e1427", "Title": "html/template: URLs in meta content attribute actions are not escaped in html/template", "Description": "Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27142", "https://go.dev/cl/752081", "https://go.dev/issue/77954", "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "https://nvd.nist.gov/vuln/detail/CVE-2026-27142", "https://pkg.go.dev/vuln/GO-2026-4603", "https://www.cve.org/CVERecord?id=CVE-2026-27142" ], "PublishedDate": "2026-03-06T22:16:01.177Z", "LastModifiedDate": "2026-04-21T14:30:01.38Z" }, { "VulnerabilityID": "CVE-2026-32282", "VendorIDs": [ "GO-2026-4864" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "d8e498cd18912e2c" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:73c7868fa52286a7cb1830ce94fa2ef4e498c68e0c9e8a6d75cf0347e4945578", "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32282", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763761", "https://go.dev/issue/78293", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32282.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", "https://pkg.go.dev/vuln/GO-2026-4864", "https://www.cve.org/CVERecord?id=CVE-2026-32282" ], "PublishedDate": "2026-04-08T02:16:03.467Z", "LastModifiedDate": "2026-04-16T19:15:39.4Z" }, { "VulnerabilityID": "CVE-2026-32288", "VendorIDs": [ "GO-2026-4869" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "d8e498cd18912e2c" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:8e550396038349ecbe3bc934d1fb297c3a24a4b53473f8aa16113c498ce715b7", "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "azure": 2, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32288", "https://go.dev/cl/763766", "https://go.dev/issue/78301", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", "https://pkg.go.dev/vuln/GO-2026-4869", "https://www.cve.org/CVERecord?id=CVE-2026-32288" ], "PublishedDate": "2026-04-08T02:16:03.707Z", "LastModifiedDate": "2026-04-16T19:08:52.24Z" }, { "VulnerabilityID": "CVE-2026-32289", "VendorIDs": [ "GO-2026-4865" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "d8e498cd18912e2c" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c732c9153c3a9ebfa8a30aa36ac65b167ddae0d36aa5642b6a0aa298362d0c54", "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32289", "https://go.dev/cl/763762", "https://go.dev/issue/78331", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", "https://pkg.go.dev/vuln/GO-2026-4865", "https://www.cve.org/CVERecord?id=CVE-2026-32289" ], "PublishedDate": "2026-04-08T02:16:03.82Z", "LastModifiedDate": "2026-04-16T19:06:57.367Z" }, { "VulnerabilityID": "CVE-2026-39823", "VendorIDs": [ "GO-2026-4982" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "d8e498cd18912e2c" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:61708ba8269ff9283b6d76a9d0e5b27dae15ccde2bd8c67b5419d4e03a18efd9", "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/769920", "https://go.dev/issue/78913", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", "https://pkg.go.dev/vuln/GO-2026-4982" ], "PublishedDate": "2026-05-07T20:16:43.29Z", "LastModifiedDate": "2026-05-13T16:58:45.697Z" }, { "VulnerabilityID": "CVE-2026-39825", "VendorIDs": [ "GO-2026-4976" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "d8e498cd18912e2c" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:ec38297b5cffcfac8d4c100d27b8a8c48c4357ba648e59b66360efd0d49820d5", "Title": "ReverseProxy can forward queries containing parameters not visible to ...", "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", "Severity": "MEDIUM", "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://go.dev/cl/770541", "https://go.dev/issue/78948", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", "https://pkg.go.dev/vuln/GO-2026-4976" ], "PublishedDate": "2026-05-07T20:16:43.39Z", "LastModifiedDate": "2026-05-13T16:58:56.39Z" }, { "VulnerabilityID": "CVE-2026-39826", "VendorIDs": [ "GO-2026-4980" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "d8e498cd18912e2c" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:9bda1b44799215d0ad8ca024319cc3477a43aada721c5fd20d0f2cf58d57d2bc", "DiffID": "sha256:7728d138c3da36f5ebeaf6d14dfbafa7b11f87c76c88d6e7a86b5182a6f524c9" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f1f8b92069bcbfcdd598648949164194c8b8c213b601f579c4a9384550289e8c", "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", "Severity": "MEDIUM", "CweIDs": [ "CWE-116" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/771180", "https://go.dev/issue/78981", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", "https://pkg.go.dev/vuln/GO-2026-4980" ], "PublishedDate": "2026-05-07T20:16:43.49Z", "LastModifiedDate": "2026-05-13T16:59:07.48Z" } ] }, { "Target": "app/m3uproxy-cli", "Class": "lang-pkgs", "Type": "gobinary", "Packages": [ { "ID": "stdlib@v1.24.0", "Name": "stdlib", "Identifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "5c95850c72f6e0cb" }, "Version": "v1.24.0", "Relationship": "direct", "Layer": { "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/a13labs/m3uproxy", "Name": "github.com/a13labs/m3uproxy", "Identifier": { "PURL": "pkg:golang/github.com/a13labs/m3uproxy", "UID": "43deb43cf675a76c" }, "Layer": { "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/spf13/cobra@v1.8.1", "Name": "github.com/spf13/cobra", "Identifier": { "PURL": "pkg:golang/github.com/spf13/cobra@v1.8.1", "UID": "77fdda28177155f0" }, "Version": "v1.8.1", "Layer": { "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/spf13/pflag@v1.0.5", "Name": "github.com/spf13/pflag", "Identifier": { "PURL": "pkg:golang/github.com/spf13/pflag@v1.0.5", "UID": "a2f013c6d2492a69" }, "Version": "v1.0.5", "Layer": { "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" }, "AnalyzedBy": "gobinary" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2025-68121", "VendorIDs": [ "GO-2026-4337" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "5c95850c72f6e0cb" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3", "Status": "fixed", "Layer": { "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68121", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:fbac25abb02c9a507983e541be3f260baeef92d21c0b57c4602da456a40ccd61", "Title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption", "Description": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.", "Severity": "CRITICAL", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 4, "cbl-mariner": 2, "nvd": 4, "oracle-oval": 3, "photon": 4, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "V3Score": 10 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "V3Score": 10 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4177", "https://access.redhat.com/security/cve/CVE-2025-68121", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-4177.html", "https://errata.rockylinux.org/RLSA-2026:4177", "https://github.com/golang/go/issues/77113", "https://go.dev/cl/737700", "https://go.dev/issue/77217", "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-68121.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-68121", "https://pkg.go.dev/vuln/GO-2026-4337", "https://www.cve.org/CVERecord?id=CVE-2025-68121" ], "PublishedDate": "2026-02-05T18:16:10.857Z", "LastModifiedDate": "2026-04-29T14:16:16.17Z" }, { "VulnerabilityID": "CVE-2025-22874", "VendorIDs": [ "GO-2025-3749" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "5c95850c72f6e0cb" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.24.4", "Status": "fixed", "Layer": { "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22874", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:aa5987b5b18772ba9a6c763b6006a0ed32e94433b8e8cf82a9e9dcd3417f19a0", "Title": "crypto/x509: Usage of ExtKeyUsageAny disables policy validation in crypto/x509", "Description": "Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.", "Severity": "HIGH", "VendorSeverity": { "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "redhat": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22874", "https://go.dev/cl/670375", "https://go.dev/issue/73612", "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "https://nvd.nist.gov/vuln/detail/CVE-2025-22874", "https://pkg.go.dev/vuln/GO-2025-3749", "https://www.cve.org/CVERecord?id=CVE-2025-22874" ], "PublishedDate": "2025-06-11T17:15:42.167Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-61726", "VendorIDs": [ "GO-2026-4341" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "5c95850c72f6e0cb" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61726", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3e001ff441ee4865f85d04d59ab14e593de90444156ec2d3a4f515b6b10c43c4", "Title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url", "Description": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 3, "cbl-mariner": 2, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4177", "https://access.redhat.com/security/cve/CVE-2025-61726", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-4177.html", "https://errata.rockylinux.org/RLSA-2026:4177", "https://go.dev/cl/736712", "https://go.dev/issue/77101", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-61726.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61726", "https://pkg.go.dev/vuln/GO-2026-4341", "https://www.cve.org/CVERecord?id=CVE-2025-61726" ], "PublishedDate": "2026-01-28T20:16:09.713Z", "LastModifiedDate": "2026-02-06T18:47:34.52Z" }, { "VulnerabilityID": "CVE-2025-61729", "VendorIDs": [ "GO-2025-4155" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "5c95850c72f6e0cb" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.24.11, 1.25.5", "Status": "fixed", "Layer": { "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61729", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c0d82433b4af91c9a6f25649267dafcf7cfe2f7169d50ef5658d1c1bde579191", "Title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate", "Description": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 1, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:3928", "https://access.redhat.com/security/cve/CVE-2025-61729", "https://bugzilla.redhat.com/2418462", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-3928.html", "https://errata.rockylinux.org/RLSA-2026:3928", "https://go.dev/cl/725920", "https://go.dev/issue/76445", "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "https://linux.oracle.com/cve/CVE-2025-61729.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61729", "https://pkg.go.dev/vuln/GO-2025-4155", "https://www.cve.org/CVERecord?id=CVE-2025-61729" ], "PublishedDate": "2025-12-02T19:15:51.447Z", "LastModifiedDate": "2025-12-19T18:25:28.283Z" }, { "VulnerabilityID": "CVE-2026-25679", "VendorIDs": [ "GO-2026-4601" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "5c95850c72f6e0cb" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.25.8, 1.26.1", "Status": "fixed", "Layer": { "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25679", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:18dce9195bacaa7a9b28b15bb851fd47b475e4e7d99931529dd556a1050c8d8d", "Title": "net/url: Incorrect parsing of IPv6 host literals in net/url", "Description": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.", "Severity": "HIGH", "CweIDs": [ "CWE-425" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:9044", "https://access.redhat.com/security/cve/CVE-2026-25679", "https://bugzilla.redhat.com/2445356", "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", "https://errata.almalinux.org/9/ALSA-2026-9044.html", "https://errata.rockylinux.org/RLSA-2026:8841", "https://go.dev/cl/752180", "https://go.dev/issue/77578", "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "https://linux.oracle.com/cve/CVE-2026-25679.html", "https://linux.oracle.com/errata/ELSA-2026-9044.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", "https://pkg.go.dev/vuln/GO-2026-4601", "https://www.cve.org/CVERecord?id=CVE-2026-25679" ], "PublishedDate": "2026-03-06T22:16:00.72Z", "LastModifiedDate": "2026-04-21T14:43:03.8Z" }, { "VulnerabilityID": "CVE-2026-32280", "VendorIDs": [ "GO-2026-4947" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "5c95850c72f6e0cb" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:4a0f74a8c1486265e9d44ead77ce2014a56863b68662fd1c9b8f1eeb50118855", "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32280", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/758320", "https://go.dev/issue/78282", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32280.html", "https://linux.oracle.com/errata/ELSA-2026-16875.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", "https://pkg.go.dev/vuln/GO-2026-4947", "https://www.cve.org/CVERecord?id=CVE-2026-32280" ], "PublishedDate": "2026-04-08T02:16:03.247Z", "LastModifiedDate": "2026-04-16T19:16:42.18Z" }, { "VulnerabilityID": "CVE-2026-32281", "VendorIDs": [ "GO-2026-4946" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "5c95850c72f6e0cb" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:9b7e4d050412a68ace70e17cb53a8a22c84253b698171db18704752477953a17", "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32281", "https://go.dev/cl/758061", "https://go.dev/issue/78281", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", "https://pkg.go.dev/vuln/GO-2026-4946", "https://www.cve.org/CVERecord?id=CVE-2026-32281" ], "PublishedDate": "2026-04-08T02:16:03.35Z", "LastModifiedDate": "2026-04-16T19:15:57.75Z" }, { "VulnerabilityID": "CVE-2026-32283", "VendorIDs": [ "GO-2026-4870" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "5c95850c72f6e0cb" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:7f9146101a80da5b3edb9c494a7230b39f8d36bb877decaa2d4dffcf25eff6f7", "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "nvd": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32283", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763767", "https://go.dev/issue/78334", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32283.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", "https://pkg.go.dev/vuln/GO-2026-4870", "https://www.cve.org/CVERecord?id=CVE-2026-32283" ], "PublishedDate": "2026-04-08T02:16:03.58Z", "LastModifiedDate": "2026-04-16T19:12:10.54Z" }, { "VulnerabilityID": "CVE-2026-33811", "VendorIDs": [ "GO-2026-4981" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "5c95850c72f6e0cb" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:ecb9723d162dccfffb1bffa75cd832564f5d2db51aa91da967028c170ab26d9c", "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", "Severity": "HIGH", "CweIDs": [ "CWE-415" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/767860", "https://go.dev/issue/78803", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", "https://pkg.go.dev/vuln/GO-2026-4981" ], "PublishedDate": "2026-05-07T20:16:42.77Z", "LastModifiedDate": "2026-05-12T20:23:02.333Z" }, { "VulnerabilityID": "CVE-2026-33814", "VendorIDs": [ "GO-2026-4918" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "5c95850c72f6e0cb" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:eb6247f67a2a363dc09ce03ae1f42fa838700aab09a6e77d3e5f2a77c0c08508", "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", "Severity": "HIGH", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/761581", "https://go.dev/cl/761640", "https://go.dev/issue/78476", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", "https://pkg.go.dev/vuln/GO-2026-4918" ], "PublishedDate": "2026-05-07T20:16:42.88Z", "LastModifiedDate": "2026-05-13T14:41:59.52Z" }, { "VulnerabilityID": "CVE-2026-39820", "VendorIDs": [ "GO-2026-4986" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "5c95850c72f6e0cb" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:43e8f6eca08cf98a4582965b2a51a56cd2340feb94a846b87757f632e12e7e85", "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/759940", "https://go.dev/issue/78566", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", "https://pkg.go.dev/vuln/GO-2026-4986" ], "PublishedDate": "2026-05-07T20:16:43.187Z", "LastModifiedDate": "2026-05-13T15:10:58.65Z" }, { "VulnerabilityID": "CVE-2026-39836", "VendorIDs": [ "GO-2026-4971" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "5c95850c72f6e0cb" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:678b21486f095a29ffa06cab824448b3481b28d607060d85e6b4482a87154032", "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/775320", "https://go.dev/issue/79006", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", "https://pkg.go.dev/vuln/GO-2026-4971" ], "PublishedDate": "2026-05-07T20:16:43.593Z", "LastModifiedDate": "2026-05-13T15:11:10.31Z" }, { "VulnerabilityID": "CVE-2026-42499", "VendorIDs": [ "GO-2026-4977" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "5c95850c72f6e0cb" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:145d465d6ec6c41f3591817511ac91f92c361b91284b4e9cb94fe9c4111dbedb", "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", "Severity": "HIGH", "VendorSeverity": { "bitnami": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/771520", "https://go.dev/issue/78987", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", "https://pkg.go.dev/vuln/GO-2026-4977" ], "PublishedDate": "2026-05-07T20:16:44.54Z", "LastModifiedDate": "2026-05-13T16:59:17.563Z" }, { "VulnerabilityID": "CVE-2025-0913", "VendorIDs": [ "GO-2025-3750" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "5c95850c72f6e0cb" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.23.10, 1.24.4", "Status": "fixed", "Layer": { "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:14e3559fa69db9ab44fc77e8f5df050b6e470e6f62e4c6174cf81dc90f9ba974", "Title": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", "Description": "os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 } }, "References": [ "https://go.dev/cl/672396", "https://go.dev/issue/73702", "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "https://nvd.nist.gov/vuln/detail/CVE-2025-0913", "https://pkg.go.dev/vuln/GO-2025-3750" ], "PublishedDate": "2025-06-11T18:15:24.627Z", "LastModifiedDate": "2025-08-08T14:53:03.55Z" }, { "VulnerabilityID": "CVE-2025-22870", "VendorIDs": [ "GHSA-qxp5-gwg8-xv66", "GO-2025-3503" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "5c95850c72f6e0cb" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.23.7, 1.24.1", "Status": "fixed", "Layer": { "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:717f776616c32d76723cfcf69cf2859251c68a19d322fe5affce91964231a0c7", "Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", "Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.", "Severity": "MEDIUM", "CweIDs": [ "CWE-115" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/03/07/2", "https://access.redhat.com/security/cve/CVE-2025-22870", "https://github.com/golang/go/issues/71984", "https://go-review.googlesource.com/q/project:net", "https://go.dev/cl/654697", "https://go.dev/issue/71984", "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", "https://nvd.nist.gov/vuln/detail/CVE-2025-22870", "https://pkg.go.dev/vuln/GO-2025-3503", "https://security.netapp.com/advisory/ntap-20250509-0007", "https://security.netapp.com/advisory/ntap-20250509-0007/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-22870" ], "PublishedDate": "2025-03-12T19:15:38.31Z", "LastModifiedDate": "2026-04-16T23:16:32.86Z" }, { "VulnerabilityID": "CVE-2025-22871", "VendorIDs": [ "GO-2025-3563" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "5c95850c72f6e0cb" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.23.8, 1.24.2", "Status": "fixed", "Layer": { "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22871", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:de8abcce0137efb655f8f19a38f9a1f6d55769a02bfbe3cae20d1493e95e7061", "Title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http", "Description": "The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 4, "cbl-mariner": 3, "ghsa": 4, "oracle-oval": 2, "photon": 4, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/04/4", "https://access.redhat.com/errata/RHSA-2025:9635", "https://access.redhat.com/security/cve/CVE-2025-22871", "https://bugzilla.redhat.com/2358493", "https://bugzilla.redhat.com/show_bug.cgi?id=2358493", "https://cert-portal.siemens.com/productcert/html/ssa-783943.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871", "https://errata.almalinux.org/9/ALSA-2025-9635.html", "https://errata.rockylinux.org/RLSA-2025:9635", "https://github.com/roadrunner-server/roadrunner", "https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa", "https://github.com/roadrunner-server/roadrunner/issues/2166", "https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0", "https://go.dev/cl/652998", "https://go.dev/issue/71988", "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk", "https://linux.oracle.com/cve/CVE-2025-22871.html", "https://linux.oracle.com/errata/ELSA-2025-9845.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-22871", "https://pkg.go.dev/vuln/GO-2025-3563", "https://www.cve.org/CVERecord?id=CVE-2025-22871" ], "PublishedDate": "2025-04-08T20:15:20.183Z", "LastModifiedDate": "2026-05-12T13:16:39.897Z" }, { "VulnerabilityID": "CVE-2025-22873", "VendorIDs": [ "GO-2026-4403" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "5c95850c72f6e0cb" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.23.9, 1.24.3", "Status": "fixed", "Layer": { "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22873", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:a493997dea8b81ebe8d034fbf7229f7f126f53f2772f8615fee2478783ec5f7e", "Title": "os: os: Information disclosure via path traversal using specially crafted filenames", "Description": "It was possible to improperly access the parent directory of an os.Root by opening a filename ending in \"../\". For example, Root.Open(\"../\") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.", "Severity": "MEDIUM", "CweIDs": [ "CWE-23" ], "VendorSeverity": { "amazon": 2, "bitnami": 1, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "V3Score": 3.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/05/06/2", "https://access.redhat.com/security/cve/CVE-2025-22873", "https://go.dev/cl/670036", "https://go.dev/issue/73555", "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ", "https://nvd.nist.gov/vuln/detail/CVE-2025-22873", "https://pkg.go.dev/vuln/GO-2026-4403", "https://www.cve.org/CVERecord?id=CVE-2025-22873" ], "PublishedDate": "2026-02-04T23:15:54.22Z", "LastModifiedDate": "2026-02-10T15:16:40.057Z" }, { "VulnerabilityID": "CVE-2025-4673", "VendorIDs": [ "GO-2025-3751" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "5c95850c72f6e0cb" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.23.10, 1.24.4", "Status": "fixed", "Layer": { "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c6949a3b8fdd364bc51be9fb819c02a2b6aa0cfab481f47bb7f81391cfa9680d", "Title": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", "Description": "Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "V3Score": 6.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "V3Score": 6.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:15887", "https://access.redhat.com/security/cve/CVE-2025-4673", "https://bugzilla.redhat.com/2373305", "https://bugzilla.redhat.com/show_bug.cgi?id=2373305", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673", "https://errata.almalinux.org/9/ALSA-2025-15887.html", "https://errata.rockylinux.org/RLSA-2025:15887", "https://go.dev/cl/679257", "https://go.dev/issue/73816", "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "https://linux.oracle.com/cve/CVE-2025-4673.html", "https://linux.oracle.com/errata/ELSA-2025-10677.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-4673", "https://pkg.go.dev/vuln/GO-2025-3751", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-4673" ], "PublishedDate": "2025-06-11T17:15:42.993Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-47906", "VendorIDs": [ "GO-2025-3956" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "5c95850c72f6e0cb" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.23.12, 1.24.6", "Status": "fixed", "Layer": { "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:7f4f227afe5f9b7628aa6c7d42dbbe77a4347afdd3e85d4a99cd0133b381970f", "Title": "os/exec: Unexpected paths returned from LookPath in os/exec", "Description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/08/06/1", "https://access.redhat.com/errata/RHSA-2025:22005", "https://access.redhat.com/security/cve/CVE-2025-47906", "https://bugzilla.redhat.com/2396546", "https://bugzilla.redhat.com/show_bug.cgi?id=2396546", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906", "https://errata.almalinux.org/9/ALSA-2025-22005.html", "https://errata.rockylinux.org/RLSA-2025:22005", "https://go.dev/cl/691775", "https://go.dev/issue/74466", "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", "https://linux.oracle.com/cve/CVE-2025-47906.html", "https://linux.oracle.com/errata/ELSA-2025-22668.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-47906", "https://pkg.go.dev/vuln/GO-2025-3956", "https://www.cve.org/CVERecord?id=CVE-2025-47906" ], "PublishedDate": "2025-09-18T19:15:37.66Z", "LastModifiedDate": "2026-01-27T19:56:17.707Z" }, { "VulnerabilityID": "CVE-2025-47907", "VendorIDs": [ "GO-2025-3849" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "5c95850c72f6e0cb" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.23.12, 1.24.6", "Status": "fixed", "Layer": { "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:e11c372d76c60b84e415ccf50ff96248104c4776090e36a6bbdf3bdf31f85839", "Title": "database/sql: Postgres Scan Race Condition", "Description": "Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "V3Score": 7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/08/06/1", "https://access.redhat.com/errata/RHSA-2025:20909", "https://access.redhat.com/security/cve/CVE-2025-47907", "https://bugzilla.redhat.com/2387083", "https://bugzilla.redhat.com/2393152", "https://errata.almalinux.org/9/ALSA-2025-20909.html", "https://go.dev/cl/693735", "https://go.dev/issue/74831", "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", "https://linux.oracle.com/cve/CVE-2025-47907.html", "https://linux.oracle.com/errata/ELSA-2025-20983.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-47907", "https://pkg.go.dev/vuln/GO-2025-3849", "https://www.cve.org/CVERecord?id=CVE-2025-47907" ], "PublishedDate": "2025-08-07T16:15:30.357Z", "LastModifiedDate": "2026-01-29T19:11:50.67Z" }, { "VulnerabilityID": "CVE-2025-47912", "VendorIDs": [ "GO-2025-4010" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "5c95850c72f6e0cb" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47912", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:face088446f3df012712c6c89a339dd15ce032c359d25f2630571b85efaa2fa9", "Title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url", "Description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-47912", "https://go.dev/cl/709857", "https://go.dev/issue/75678", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-47912", "https://pkg.go.dev/vuln/GO-2025-4010", "https://www.cve.org/CVERecord?id=CVE-2025-47912" ], "PublishedDate": "2025-10-29T23:16:18.187Z", "LastModifiedDate": "2026-01-29T13:57:18.69Z" }, { "VulnerabilityID": "CVE-2025-58183", "VendorIDs": [ "GO-2025-4014" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "5c95850c72f6e0cb" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58183", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:87a7a369757e3b9a804eb0cb2edcc13e3fce327f0255041ad6058f87b570431f", "Title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map", "Description": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/errata/RHSA-2026:1381", "https://access.redhat.com/security/cve/CVE-2025-58183", "https://bugzilla.redhat.com/2407258", "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", "https://errata.almalinux.org/9/ALSA-2026-1381.html", "https://errata.rockylinux.org/RLSA-2025:23326", "https://go.dev/cl/709861", "https://go.dev/issue/75677", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://linux.oracle.com/cve/CVE-2025-58183.html", "https://linux.oracle.com/errata/ELSA-2026-50076.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-58183", "https://pkg.go.dev/vuln/GO-2025-4014", "https://www.cve.org/CVERecord?id=CVE-2025-58183" ], "PublishedDate": "2025-10-29T23:16:19.357Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-58185", "VendorIDs": [ "GO-2025-4011" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "5c95850c72f6e0cb" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58185", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:7e2799a1412409911152595e8bd69925a3c36e7576bb626a987b7ac2513775d6", "Title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1", "Description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58185", "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd", "https://go.dev/cl/709856", "https://go.dev/issue/75671", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58185", "https://pkg.go.dev/vuln/GO-2025-4011", "https://www.cve.org/CVERecord?id=CVE-2025-58185" ], "PublishedDate": "2025-10-29T23:16:19.45Z", "LastModifiedDate": "2026-02-06T20:26:41.997Z" }, { "VulnerabilityID": "CVE-2025-58187", "VendorIDs": [ "GO-2025-4007" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "5c95850c72f6e0cb" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.24.9, 1.25.3", "Status": "fixed", "Layer": { "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58187", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:03957168aed607e69765663e7bacec042f249ec78bfe1e97eb9c7a6a41ab7e31", "Title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509", "Description": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.", "Severity": "MEDIUM", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58187", "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4", "https://go.dev/cl/709854", "https://go.dev/issue/75681", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58187", "https://pkg.go.dev/vuln/GO-2025-4007", "https://www.cve.org/CVERecord?id=CVE-2025-58187" ], "PublishedDate": "2025-10-29T23:16:19.643Z", "LastModifiedDate": "2026-01-29T16:02:27.08Z" }, { "VulnerabilityID": "CVE-2025-58188", "VendorIDs": [ "GO-2025-4013" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "5c95850c72f6e0cb" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58188", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:404fc244b1683893db2c6fdcb36179d1793a77bf989171881d77d9bcea053719", "Title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509", "Description": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58188", "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9", "https://go.dev/cl/709853", "https://go.dev/issue/75675", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58188", "https://pkg.go.dev/vuln/GO-2025-4013", "https://www.cve.org/CVERecord?id=CVE-2025-58188" ], "PublishedDate": "2025-10-29T23:16:19.74Z", "LastModifiedDate": "2026-01-29T15:55:11.97Z" }, { "VulnerabilityID": "CVE-2025-58189", "VendorIDs": [ "GO-2025-4008" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "5c95850c72f6e0cb" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58189", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:95d9879797a1465d90cf731e7b325f35477025ef1c00b4e57d9c5b1299ab0fd7", "Title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information", "Description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", "Severity": "MEDIUM", "CweIDs": [ "CWE-532" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58189", "https://go.dev/cl/707776", "https://go.dev/issue/75652", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58189", "https://pkg.go.dev/vuln/GO-2025-4008", "https://www.cve.org/CVERecord?id=CVE-2025-58189" ], "PublishedDate": "2025-10-29T23:16:19.833Z", "LastModifiedDate": "2026-01-29T15:49:24.543Z" }, { "VulnerabilityID": "CVE-2025-61723", "VendorIDs": [ "GO-2025-4009" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "5c95850c72f6e0cb" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61723", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:32b2929f15af00e6ae112e4006a9669579d2e460e288c9393a8a04f4dacfbb30", "Title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem", "Description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61723", "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b", "https://go.dev/cl/709858", "https://go.dev/issue/75676", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61723", "https://pkg.go.dev/vuln/GO-2025-4009", "https://www.cve.org/CVERecord?id=CVE-2025-61723" ], "PublishedDate": "2025-10-29T23:16:19.927Z", "LastModifiedDate": "2026-01-29T15:49:05.343Z" }, { "VulnerabilityID": "CVE-2025-61724", "VendorIDs": [ "GO-2025-4015" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "5c95850c72f6e0cb" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61724", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:a541e53d698e78e8f9a2d826369936799168dfb36160f0a68d261ffedfac8d46", "Title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto", "Description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61724", "https://go.dev/cl/709859", "https://go.dev/issue/75716", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61724", "https://pkg.go.dev/vuln/GO-2025-4015", "https://www.cve.org/CVERecord?id=CVE-2025-61724" ], "PublishedDate": "2025-10-29T23:16:20.02Z", "LastModifiedDate": "2026-01-29T15:30:53.69Z" }, { "VulnerabilityID": "CVE-2025-61725", "VendorIDs": [ "GO-2025-4006" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "5c95850c72f6e0cb" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61725", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:fd45d9824687058455dfd85503f1e3cb6d15bcb87d407a6d7c8d1708a70b53c3", "Title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail", "Description": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61725", "https://go.dev/cl/709860", "https://go.dev/issue/75680", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61725", "https://pkg.go.dev/vuln/GO-2025-4006", "https://www.cve.org/CVERecord?id=CVE-2025-61725" ], "PublishedDate": "2025-10-29T23:16:20.113Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-61727", "VendorIDs": [ "GO-2025-4175" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "5c95850c72f6e0cb" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.24.11, 1.25.5", "Status": "fixed", "Layer": { "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61727", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:9fb1d27247822288e34ac76d0f825aacf33084ae3cb34ce2b9798eb71b18b852", "Title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs", "Description": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-61727", "https://go.dev/cl/723900", "https://go.dev/issue/76442", "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "https://nvd.nist.gov/vuln/detail/CVE-2025-61727", "https://pkg.go.dev/vuln/GO-2025-4175", "https://www.cve.org/CVERecord?id=CVE-2025-61727" ], "PublishedDate": "2025-12-03T20:16:25.607Z", "LastModifiedDate": "2025-12-18T20:15:10.957Z" }, { "VulnerabilityID": "CVE-2025-61728", "VendorIDs": [ "GO-2026-4342" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "5c95850c72f6e0cb" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61728", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:36635ce6da88608bd289d58d014f6884c5810897d6c8c3ee969a9175fde6b53b", "Title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip", "Description": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/15/4", "https://access.redhat.com/errata/RHSA-2026:3753", "https://access.redhat.com/security/cve/CVE-2025-61728", "https://bugzilla.redhat.com/2418462", "https://bugzilla.redhat.com/2434431", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", "https://bugzilla.redhat.com/show_bug.cgi?id=2434431", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-3753.html", "https://errata.rockylinux.org/RLSA-2026:3337", "https://go.dev/cl/736713", "https://go.dev/issue/77102", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-61728.html", "https://linux.oracle.com/errata/ELSA-2026-4672.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61728", "https://pkg.go.dev/vuln/GO-2026-4342", "https://www.cve.org/CVERecord?id=CVE-2025-61728" ], "PublishedDate": "2026-01-28T20:16:09.83Z", "LastModifiedDate": "2026-02-06T18:45:10.42Z" }, { "VulnerabilityID": "CVE-2025-61730", "VendorIDs": [ "GO-2026-4340" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "5c95850c72f6e0cb" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61730", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:d4e17988ed3e2de0ced4c39f9cbe761cc1607d815406eaceac26e37868867d3b", "Title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls", "Description": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 2, "azure": 1, "bitnami": 2, "cbl-mariner": 1, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-61730", "https://go.dev/cl/724120", "https://go.dev/issue/76443", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://nvd.nist.gov/vuln/detail/CVE-2025-61730", "https://pkg.go.dev/vuln/GO-2026-4340", "https://www.cve.org/CVERecord?id=CVE-2025-61730" ], "PublishedDate": "2026-01-28T20:16:09.94Z", "LastModifiedDate": "2026-02-03T20:36:41.3Z" }, { "VulnerabilityID": "CVE-2026-27142", "VendorIDs": [ "GO-2026-4603" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "5c95850c72f6e0cb" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.25.8, 1.26.1", "Status": "fixed", "Layer": { "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27142", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:e702650c51171694124bc498fc34fc5c50835aa1e8c7b912be99fd7325d44b93", "Title": "html/template: URLs in meta content attribute actions are not escaped in html/template", "Description": "Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27142", "https://go.dev/cl/752081", "https://go.dev/issue/77954", "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "https://nvd.nist.gov/vuln/detail/CVE-2026-27142", "https://pkg.go.dev/vuln/GO-2026-4603", "https://www.cve.org/CVERecord?id=CVE-2026-27142" ], "PublishedDate": "2026-03-06T22:16:01.177Z", "LastModifiedDate": "2026-04-21T14:30:01.38Z" }, { "VulnerabilityID": "CVE-2026-32282", "VendorIDs": [ "GO-2026-4864" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "5c95850c72f6e0cb" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:4758cd4bf2e5ce48ddb2568fde21fca967cef3f52d475f3576ee12610a3d5697", "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32282", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763761", "https://go.dev/issue/78293", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32282.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", "https://pkg.go.dev/vuln/GO-2026-4864", "https://www.cve.org/CVERecord?id=CVE-2026-32282" ], "PublishedDate": "2026-04-08T02:16:03.467Z", "LastModifiedDate": "2026-04-16T19:15:39.4Z" }, { "VulnerabilityID": "CVE-2026-32288", "VendorIDs": [ "GO-2026-4869" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "5c95850c72f6e0cb" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:117344d0a968378231743d4a6287031b7f8e8d2568ad4616cd25a8b66b341b3f", "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "azure": 2, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32288", "https://go.dev/cl/763766", "https://go.dev/issue/78301", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", "https://pkg.go.dev/vuln/GO-2026-4869", "https://www.cve.org/CVERecord?id=CVE-2026-32288" ], "PublishedDate": "2026-04-08T02:16:03.707Z", "LastModifiedDate": "2026-04-16T19:08:52.24Z" }, { "VulnerabilityID": "CVE-2026-32289", "VendorIDs": [ "GO-2026-4865" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "5c95850c72f6e0cb" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:01a1732855fd357407fed60243b1e453c7fae9dae007a017d2f1384684d271a7", "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32289", "https://go.dev/cl/763762", "https://go.dev/issue/78331", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", "https://pkg.go.dev/vuln/GO-2026-4865", "https://www.cve.org/CVERecord?id=CVE-2026-32289" ], "PublishedDate": "2026-04-08T02:16:03.82Z", "LastModifiedDate": "2026-04-16T19:06:57.367Z" }, { "VulnerabilityID": "CVE-2026-39823", "VendorIDs": [ "GO-2026-4982" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "5c95850c72f6e0cb" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:80fb167a7b7090045b03f986c6cb4d558e489c826553356f444ed6f021434288", "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/769920", "https://go.dev/issue/78913", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", "https://pkg.go.dev/vuln/GO-2026-4982" ], "PublishedDate": "2026-05-07T20:16:43.29Z", "LastModifiedDate": "2026-05-13T16:58:45.697Z" }, { "VulnerabilityID": "CVE-2026-39825", "VendorIDs": [ "GO-2026-4976" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "5c95850c72f6e0cb" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:77eaa6b9975a6ad0215702dcf457032e9c745f866d44c3ccb4d636546bd33703", "Title": "ReverseProxy can forward queries containing parameters not visible to ...", "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", "Severity": "MEDIUM", "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://go.dev/cl/770541", "https://go.dev/issue/78948", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", "https://pkg.go.dev/vuln/GO-2026-4976" ], "PublishedDate": "2026-05-07T20:16:43.39Z", "LastModifiedDate": "2026-05-13T16:58:56.39Z" }, { "VulnerabilityID": "CVE-2026-39826", "VendorIDs": [ "GO-2026-4980" ], "PkgID": "stdlib@v1.24.0", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.0", "UID": "5c95850c72f6e0cb" }, "InstalledVersion": "v1.24.0", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:d96e659db1cd49feb4b8433da6a4e857e941e4834443437f73969dd071884d6c", "DiffID": "sha256:2e47b73f903350870c9796d03fa3d0323397c6e7662689e593da33cc9a4fc694" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:2e78e6ad436e7f73f0851b5d38780a3bc38bee64aa8b07b2b9916a72bbca7be2", "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", "Severity": "MEDIUM", "CweIDs": [ "CWE-116" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/771180", "https://go.dev/issue/78981", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", "https://pkg.go.dev/vuln/GO-2026-4980" ], "PublishedDate": "2026-05-07T20:16:43.49Z", "LastModifiedDate": "2026-05-13T16:59:07.48Z" } ] } ] }, { "Namespace": "m3uproxy", "Kind": "Deployment", "Name": "proxy-pt", "Metadata": [ { "Size": 100374016, "OS": { "Family": "alpine", "Name": "3.20.3", "EOSL": true }, "ImageID": "sha256:373cc84d6ce9052d80e22a8c80f1c2a80a66eb5982a2dcc020af13e7d5520439", "DiffIDs": [ "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33", "sha256:8cf796425b7c1aeb4db19c2affb3e8d833cbad96e0b47d693b2ff19276400368", "sha256:799b24214ac2010c522653a3ba544da09a3ea51fb09fda7f60ca77b378b7a451", "sha256:1e9ddb120aa5a56687ddde743fba8a3da4c427a38935482869582e94c6b73ae8", "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746", "sha256:1636f1be3bfe0cb31548ddfc2af2d6a2a3f43b039e8eeebedce33033bbeb5efb", "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a", "sha256:2f00568f63073659c16e501b74cc9a288bf09def94387087e5866ffab2958516" ], "RepoTags": [ "linuxserver/wireguard:1.0.20210914-r4-ls54" ], "RepoDigests": [ "linuxserver/wireguard@sha256:366b3fb35663fcc58991a7681c2d714465b61de0e99f0ed32d1903213ef900de" ], "Reference": "linuxserver/wireguard:1.0.20210914-r4-ls54", "ImageConfig": { "architecture": "amd64", "created": "2024-10-03T11:28:28.684432957Z", "history": [ { "created": "2024-09-28T13:38:40.331226732Z", "created_by": "COPY /root-out/ / # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2024-09-28T13:38:40.40557434Z", "created_by": "ARG BUILD_DATE=2024-09-28T13:36:59+00:00", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2024-09-28T13:38:40.40557434Z", "created_by": "ARG VERSION=2a6ecb14-ls14", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2024-09-28T13:38:40.40557434Z", "created_by": "ARG MODS_VERSION=v3", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2024-09-28T13:38:40.40557434Z", "created_by": "ARG PKG_INST_VERSION=v1", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2024-09-28T13:38:40.40557434Z", "created_by": "ARG LSIOWN_VERSION=v1", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2024-09-28T13:38:40.40557434Z", "created_by": "LABEL build_version=Linuxserver.io version:- 2a6ecb14-ls14 Build-date:- 2024-09-28T13:36:59+00:00", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2024-09-28T13:38:40.40557434Z", "created_by": "LABEL maintainer=TheLamer", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2024-09-28T13:38:40.40557434Z", "created_by": "ADD --chmod=755 https://raw.githubusercontent.com/linuxserver/docker-mods/mod-scripts/docker-mods.v3 /docker-mods # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2024-09-28T13:38:40.449099667Z", "created_by": "ADD --chmod=755 https://raw.githubusercontent.com/linuxserver/docker-mods/mod-scripts/package-install.v1 /etc/s6-overlay/s6-rc.d/init-mods-package-install/run # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2024-09-28T13:38:40.480697404Z", "created_by": "ADD --chmod=755 https://raw.githubusercontent.com/linuxserver/docker-mods/mod-scripts/lsiown.v1 /usr/bin/lsiown # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2024-09-28T13:38:40.480697404Z", "created_by": "ENV PS1=$(whoami)@$(hostname):$(pwd)\\$ HOME=/root TERM=xterm S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0 S6_VERBOSITY=1 S6_STAGE2_HOOK=/docker-mods VIRTUAL_ENV=/lsiopy PATH=/lsiopy/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2024-09-28T13:38:42.461191Z", "created_by": "RUN |5 BUILD_DATE=2024-09-28T13:36:59+00:00 VERSION=2a6ecb14-ls14 MODS_VERSION=v3 PKG_INST_VERSION=v1 LSIOWN_VERSION=v1 /bin/sh -c echo \"**** install runtime packages ****\" \u0026\u0026 apk add --no-cache alpine-release bash ca-certificates catatonit coreutils curl findutils jq netcat-openbsd procps-ng shadow tzdata \u0026\u0026 echo \"**** create abc user and make our folders ****\" \u0026\u0026 groupmod -g 1000 users \u0026\u0026 useradd -u 911 -U -d /config -s /bin/false abc \u0026\u0026 usermod -G users abc \u0026\u0026 mkdir -p /app /config /defaults /lsiopy \u0026\u0026 echo \"**** cleanup ****\" \u0026\u0026 rm -rf /tmp/* # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2024-09-28T13:38:42.53035672Z", "created_by": "COPY root/ / # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2024-09-28T13:38:42.53035672Z", "created_by": "ENTRYPOINT [\"/init\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2024-10-03T11:28:28.643277213Z", "created_by": "ENV LSIO_FIRST_PARTY=true", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2024-10-03T11:28:28.643277213Z", "created_by": "ARG BUILD_DATE=2024-10-03T11:27:04+00:00", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2024-10-03T11:28:28.643277213Z", "created_by": "ARG VERSION=1.0.20210914-r4-ls54", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2024-10-03T11:28:28.643277213Z", "created_by": "ARG WIREGUARD_RELEASE", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2024-10-03T11:28:28.643277213Z", "created_by": "LABEL build_version=Linuxserver.io version:- 1.0.20210914-r4-ls54 Build-date:- 2024-10-03T11:27:04+00:00", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2024-10-03T11:28:28.643277213Z", "created_by": "LABEL maintainer=thespad", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2024-10-03T11:28:28.643277213Z", "created_by": "RUN |3 BUILD_DATE=2024-10-03T11:27:04+00:00 VERSION=1.0.20210914-r4-ls54 WIREGUARD_RELEASE= /bin/sh -c echo \"**** install dependencies ****\" \u0026\u0026 apk add --no-cache bc coredns grep iproute2 iptables iptables-legacy ip6tables iputils kmod libcap-utils libqrencode-tools net-tools openresolv wireguard-tools \u0026\u0026 echo \"wireguard\" \u003e\u003e /etc/modules \u0026\u0026 cd /sbin \u0026\u0026 for i in ! !-save !-restore; do rm -rf iptables$(echo \"${i}\" | cut -c2-) \u0026\u0026 rm -rf ip6tables$(echo \"${i}\" | cut -c2-) \u0026\u0026 ln -s iptables-legacy$(echo \"${i}\" | cut -c2-) iptables$(echo \"${i}\" | cut -c2-) \u0026\u0026 ln -s ip6tables-legacy$(echo \"${i}\" | cut -c2-) ip6tables$(echo \"${i}\" | cut -c2-); done \u0026\u0026 sed -i 's|\\[\\[ $proto == -4 \\]\\] \u0026\u0026 cmd sysctl -q net\\.ipv4\\.conf\\.all\\.src_valid_mark=1|[[ $proto == -4 ]] \\\u0026\\\u0026 [[ $(sysctl -n net.ipv4.conf.all.src_valid_mark) != 1 ]] \\\u0026\\\u0026 cmd sysctl -q net.ipv4.conf.all.src_valid_mark=1|' /usr/bin/wg-quick \u0026\u0026 rm -rf /etc/wireguard \u0026\u0026 ln -s /config/wg_confs /etc/wireguard \u0026\u0026 printf \"Linuxserver.io version: ${VERSION}\\nBuild-date: ${BUILD_DATE}\" \u003e /build_version \u0026\u0026 echo \"**** clean up ****\" \u0026\u0026 rm -rf /tmp/* # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2024-10-03T11:28:28.684432957Z", "created_by": "COPY /root / # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2024-10-03T11:28:28.684432957Z", "created_by": "EXPOSE map[51820/udp:{}]", "comment": "buildkit.dockerfile.v0", "empty_layer": true } ], "os": "linux", "rootfs": { "type": "layers", "diff_ids": [ "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33", "sha256:8cf796425b7c1aeb4db19c2affb3e8d833cbad96e0b47d693b2ff19276400368", "sha256:799b24214ac2010c522653a3ba544da09a3ea51fb09fda7f60ca77b378b7a451", "sha256:1e9ddb120aa5a56687ddde743fba8a3da4c427a38935482869582e94c6b73ae8", "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746", "sha256:1636f1be3bfe0cb31548ddfc2af2d6a2a3f43b039e8eeebedce33033bbeb5efb", "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a", "sha256:2f00568f63073659c16e501b74cc9a288bf09def94387087e5866ffab2958516" ] }, "config": { "Entrypoint": [ "/init" ], "Env": [ "PATH=/lsiopy/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "PS1=$(whoami)@$(hostname):$(pwd)\\$ ", "HOME=/root", "TERM=xterm", "S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0", "S6_VERBOSITY=1", "S6_STAGE2_HOOK=/docker-mods", "VIRTUAL_ENV=/lsiopy", "LSIO_FIRST_PARTY=true" ], "Labels": { "build_version": "Linuxserver.io version:- 1.0.20210914-r4-ls54 Build-date:- 2024-10-03T11:27:04+00:00", "maintainer": "thespad", "org.opencontainers.image.authors": "linuxserver.io", "org.opencontainers.image.created": "2024-10-03T11:27:04+00:00", "org.opencontainers.image.description": "[WireGuard®](https://www.wireguard.com/) is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry.", "org.opencontainers.image.documentation": "https://docs.linuxserver.io/images/docker-wireguard", "org.opencontainers.image.licenses": "GPL-3.0-only", "org.opencontainers.image.ref.name": "b4f31ddcf8373009a86a723b3ec2e3662c82b535", "org.opencontainers.image.revision": "b4f31ddcf8373009a86a723b3ec2e3662c82b535", "org.opencontainers.image.source": "https://github.com/linuxserver/docker-wireguard", "org.opencontainers.image.title": "Wireguard", "org.opencontainers.image.url": "https://github.com/linuxserver/docker-wireguard/packages", "org.opencontainers.image.vendor": "linuxserver.io", "org.opencontainers.image.version": "1.0.20210914-r4-ls54" }, "WorkingDir": "/", "ExposedPorts": { "51820/udp": {} } } }, "Layers": [ { "Size": 13608960, "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, { "Size": 27136, "Digest": "sha256:df25a931801a3f099815b275c9959fb0ab6affd88255040d202d9317338dea43", "DiffID": "sha256:8cf796425b7c1aeb4db19c2affb3e8d833cbad96e0b47d693b2ff19276400368" }, { "Size": 8192, "Digest": "sha256:ab0ddebe54a67a1fcdf3f9536a9e869be50b5205d556c8a646496a8e1ca6a048", "DiffID": "sha256:799b24214ac2010c522653a3ba544da09a3ea51fb09fda7f60ca77b378b7a451" }, { "Size": 3584, "Digest": "sha256:19f39f464468ce65076a4d16a10067f5c016e48ed60b7576328a4b89d79b9ed7", "DiffID": "sha256:1e9ddb120aa5a56687ddde743fba8a3da4c427a38935482869582e94c6b73ae8" }, { "Size": 14794240, "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, { "Size": 74240, "Digest": "sha256:339ecd878087fb7b73b438de330b942245fe18c8275fc5bedc34e1542b91eca9", "DiffID": "sha256:1636f1be3bfe0cb31548ddfc2af2d6a2a3f43b039e8eeebedce33033bbeb5efb" }, { "Size": 71812608, "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, { "Size": 45056, "Digest": "sha256:fcae2373559cdc79d2a5f9e0cde437c82fddde7061e711dd5b1cf66de0a76f22", "DiffID": "sha256:2f00568f63073659c16e501b74cc9a288bf09def94387087e5866ffab2958516" } ] } ], "Results": [ { "Target": "linuxserver/wireguard:1.0.20210914-r4-ls54 (alpine 3.20.3)", "Class": "os-pkgs", "Type": "alpine", "Packages": [ { "ID": "alpine-baselayout@3.6.5-r0", "Name": "alpine-baselayout", "Identifier": { "PURL": "pkg:apk/alpine/alpine-baselayout@3.6.5-r0?arch=x86_64\u0026distro=3.20.3", "UID": "f831425e4ab9f6ea" }, "Version": "3.6.5-r0", "Arch": "x86_64", "SrcName": "alpine-baselayout", "SrcVersion": "3.6.5-r0", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "alpine-baselayout-data@3.6.5-r0", "busybox-binsh@1.36.1-r29" ], "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "Digest": "sha1:a8a719fa3db7c6cb005e681086438ef1d1e76d6c", "InstalledFiles": [ "etc/motd", "etc/crontabs/root", "etc/modprobe.d/aliases.conf", "etc/modprobe.d/blacklist.conf", "etc/modprobe.d/i386.conf", "etc/modprobe.d/kms.conf", "etc/profile.d/20locale.sh", "etc/profile.d/README", "etc/profile.d/color_prompt.sh.disabled", "lib/sysctl.d/00-alpine.conf", "var/run", "var/spool/mail", "var/spool/cron/crontabs" ], "AnalyzedBy": "apk" }, { "ID": "alpine-baselayout-data@3.6.5-r0", "Name": "alpine-baselayout-data", "Identifier": { "PURL": "pkg:apk/alpine/alpine-baselayout-data@3.6.5-r0?arch=x86_64\u0026distro=3.20.3", "UID": "85afdab525a9fa9b" }, "Version": "3.6.5-r0", "Arch": "x86_64", "SrcName": "alpine-baselayout", "SrcVersion": "3.6.5-r0", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "Digest": "sha1:ee68a6fb02f7e62304b428b0404a2fc1e2fc353d", "InstalledFiles": [ "etc/fstab", "etc/group", "etc/hostname", "etc/hosts", "etc/inittab", "etc/modules", "etc/mtab", "etc/nsswitch.conf", "etc/passwd", "etc/profile", "etc/protocols", "etc/services", "etc/shadow", "etc/shells", "etc/sysctl.conf" ], "AnalyzedBy": "apk" }, { "ID": "alpine-keys@2.4-r1", "Name": "alpine-keys", "Identifier": { "PURL": "pkg:apk/alpine/alpine-keys@2.4-r1?arch=x86_64\u0026distro=3.20.3", "UID": "b576915115d327d5" }, "Version": "2.4-r1", "Arch": "x86_64", "SrcName": "alpine-keys", "SrcVersion": "2.4-r1", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "Digest": "sha1:78ab5150a3919e474204e0f91972d1cf0a344f9d", "InstalledFiles": [ "etc/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", "usr/share/apk/keys/mips64/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub" ], "AnalyzedBy": "apk" }, { "ID": "alpine-release@3.20.3-r0", "Name": "alpine-release", "Identifier": { "PURL": "pkg:apk/alpine/alpine-release@3.20.3-r0?arch=x86_64\u0026distro=3.20.3", "UID": "77afb69bae9a106b" }, "Version": "3.20.3-r0", "Arch": "x86_64", "SrcName": "alpine-base", "SrcVersion": "3.20.3-r0", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "alpine-keys@2.4-r1" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:c56929e1a65a8322cff95f5766591fafd09aed9e", "InstalledFiles": [ "etc/alpine-release", "etc/issue", "etc/os-release", "etc/secfixes.d/alpine" ], "AnalyzedBy": "apk" }, { "ID": "apk-tools@2.14.4-r0", "Name": "apk-tools", "Identifier": { "PURL": "pkg:apk/alpine/apk-tools@2.14.4-r0?arch=x86_64\u0026distro=3.20.3", "UID": "53f26058667c8622" }, "Version": "2.14.4-r0", "Arch": "x86_64", "SrcName": "apk-tools", "SrcVersion": "2.14.4-r0", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "ca-certificates-bundle@20240705-r0", "libcrypto3@3.3.2-r0", "libssl3@3.3.2-r0", "musl@1.2.5-r0", "zlib@1.3.1-r1" ], "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "Digest": "sha1:a8c5ec2451b123ac57e39b0cb6ceccdaf26d5099", "InstalledFiles": [ "lib/libapk.so.2.14.0", "sbin/apk" ], "AnalyzedBy": "apk" }, { "ID": "bash@5.2.26-r0", "Name": "bash", "Identifier": { "PURL": "pkg:apk/alpine/bash@5.2.26-r0?arch=x86_64\u0026distro=3.20.3", "UID": "fd910c89ac2ef2b5" }, "Version": "5.2.26-r0", "Arch": "x86_64", "SrcName": "bash", "SrcVersion": "5.2.26-r0", "Licenses": [ "GPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "busybox-binsh@1.36.1-r29", "musl@1.2.5-r0", "readline@8.2.10-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:4fbc9b6abbbb735f61cbd80d59b40d75d5a2c853", "InstalledFiles": [ "bin/bash", "etc/bash/bashrc", "etc/profile.d/00-bashrc.sh", "usr/lib/bash/accept", "usr/lib/bash/basename", "usr/lib/bash/csv", "usr/lib/bash/cut", "usr/lib/bash/dirname", "usr/lib/bash/dsv", "usr/lib/bash/fdflags", "usr/lib/bash/finfo", "usr/lib/bash/getconf", "usr/lib/bash/head", "usr/lib/bash/id", "usr/lib/bash/ln", "usr/lib/bash/logname", "usr/lib/bash/mkdir", "usr/lib/bash/mkfifo", "usr/lib/bash/mktemp", "usr/lib/bash/mypid", "usr/lib/bash/pathchk", "usr/lib/bash/print", "usr/lib/bash/printenv", "usr/lib/bash/push", "usr/lib/bash/realpath", "usr/lib/bash/rm", "usr/lib/bash/rmdir", "usr/lib/bash/seq", "usr/lib/bash/setpgid", "usr/lib/bash/sleep", "usr/lib/bash/stat", "usr/lib/bash/strftime", "usr/lib/bash/sync", "usr/lib/bash/tee", "usr/lib/bash/truefalse", "usr/lib/bash/tty", "usr/lib/bash/uname", "usr/lib/bash/unlink", "usr/lib/bash/whoami" ], "AnalyzedBy": "apk" }, { "ID": "bc@1.07.1-r4", "Name": "bc", "Identifier": { "PURL": "pkg:apk/alpine/bc@1.07.1-r4?arch=x86_64\u0026distro=3.20.3", "UID": "23a0fb72a9dd6e2" }, "Version": "1.07.1-r4", "Arch": "x86_64", "SrcName": "bc", "SrcVersion": "1.07.1-r4", "Licenses": [ "GPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0", "readline@8.2.10-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:5845bbf3f89b03778a7629ce23dc9d692bafa364", "InstalledFiles": [ "usr/bin/bc", "usr/bin/dc" ], "AnalyzedBy": "apk" }, { "ID": "brotli-libs@1.1.0-r2", "Name": "brotli-libs", "Identifier": { "PURL": "pkg:apk/alpine/brotli-libs@1.1.0-r2?arch=x86_64\u0026distro=3.20.3", "UID": "5d43ec95bd9b8f91" }, "Version": "1.1.0-r2", "Arch": "x86_64", "SrcName": "brotli", "SrcVersion": "1.1.0-r2", "Licenses": [ "MIT" ], "Maintainer": "prspkt \u003cprspkt@protonmail.com\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:bc58ba1128a8703ca7ab3d7097a07bf095d9ddcd", "InstalledFiles": [ "usr/lib/libbrotlicommon.so.1", "usr/lib/libbrotlicommon.so.1.1.0", "usr/lib/libbrotlidec.so.1", "usr/lib/libbrotlidec.so.1.1.0", "usr/lib/libbrotlienc.so.1", "usr/lib/libbrotlienc.so.1.1.0" ], "AnalyzedBy": "apk" }, { "ID": "busybox@1.36.1-r29", "Name": "busybox", "Identifier": { "PURL": "pkg:apk/alpine/busybox@1.36.1-r29?arch=x86_64\u0026distro=3.20.3", "UID": "9dbf157a22e0026b" }, "Version": "1.36.1-r29", "Arch": "x86_64", "SrcName": "busybox", "SrcVersion": "1.36.1-r29", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "Digest": "sha1:c98f2584c17556181e8098247177ea68d69b0c9c", "InstalledFiles": [ "bin/busybox", "etc/securetty", "etc/busybox-paths.d/busybox", "etc/logrotate.d/acpid", "etc/network/if-up.d/dad", "etc/udhcpc/udhcpc.conf", "usr/share/udhcpc/default.script" ], "AnalyzedBy": "apk" }, { "ID": "busybox-binsh@1.36.1-r29", "Name": "busybox-binsh", "Identifier": { "PURL": "pkg:apk/alpine/busybox-binsh@1.36.1-r29?arch=x86_64\u0026distro=3.20.3", "UID": "4c63f123e59f14cd" }, "Version": "1.36.1-r29", "Arch": "x86_64", "SrcName": "busybox", "SrcVersion": "1.36.1-r29", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", "DependsOn": [ "busybox@1.36.1-r29" ], "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "Digest": "sha1:8758e1e06605e5818449aff862e105b80b6f34bf", "InstalledFiles": [ "bin/sh" ], "AnalyzedBy": "apk" }, { "ID": "c-ares@1.33.1-r0", "Name": "c-ares", "Identifier": { "PURL": "pkg:apk/alpine/c-ares@1.33.1-r0?arch=x86_64\u0026distro=3.20.3", "UID": "4248b5f3df939df6" }, "Version": "1.33.1-r0", "Arch": "x86_64", "SrcName": "c-ares", "SrcVersion": "1.33.1-r0", "Licenses": [ "MIT" ], "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:53a5a70bfac8242c69a0c0e46fbdf16648e4cfd7", "InstalledFiles": [ "usr/lib/libcares.so.2", "usr/lib/libcares.so.2.18.1" ], "AnalyzedBy": "apk" }, { "ID": "ca-certificates@20240705-r0", "Name": "ca-certificates", "Identifier": { "PURL": "pkg:apk/alpine/ca-certificates@20240705-r0?arch=x86_64\u0026distro=3.20.3", "UID": "17625b661ccac1a8" }, "Version": "20240705-r0", "Arch": "x86_64", "SrcName": "ca-certificates", "SrcVersion": "20240705-r0", "Licenses": [ "MPL-2.0", "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "busybox-binsh@1.36.1-r29", "libcrypto3@3.3.2-r0", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:f87752f100dc5cd7cd220fb0acc7ef2a8dce64ec", "InstalledFiles": [ "etc/ca-certificates.conf", "etc/apk/protected_paths.d/ca-certificates.list", "etc/ca-certificates/update.d/certhash", "usr/bin/c_rehash", "usr/sbin/update-ca-certificates", "usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt", "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt", "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt", "usr/share/ca-certificates/mozilla/ANF_Secure_Server_Root_CA.crt", "usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt", "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt", "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.crt", "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.crt", "usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt", "usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA1.crt", "usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA2.crt", "usr/share/ca-certificates/mozilla/Baltimore_CyberTrust_Root.crt", "usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt", "usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt", "usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt", "usr/share/ca-certificates/mozilla/CFCA_EV_ROOT.crt", "usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Certainly_Root_E1.crt", "usr/share/ca-certificates/mozilla/Certainly_Root_R1.crt", "usr/share/ca-certificates/mozilla/Certigna.crt", "usr/share/ca-certificates/mozilla/Certigna_Root_CA.crt", "usr/share/ca-certificates/mozilla/Certum_EC-384_CA.crt", "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt", "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt", "usr/share/ca-certificates/mozilla/Certum_Trusted_Root_CA.crt", "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-01.crt", "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-02.crt", "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-01.crt", "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-02.crt", "usr/share/ca-certificates/mozilla/Comodo_AAA_Services_root.crt", "usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_1_2020.crt", "usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_1_2020.crt", "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt", "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt", "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt", "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt", "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt", "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt", "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt", "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt", "usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt", "usr/share/ca-certificates/mozilla/DigiCert_TLS_ECC_P384_Root_G5.crt", "usr/share/ca-certificates/mozilla/DigiCert_TLS_RSA4096_Root_G5.crt", "usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt", "usr/share/ca-certificates/mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt", "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt", "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G4.crt", "usr/share/ca-certificates/mozilla/FIRMAPROFESIONAL_CA_ROOT-A_WEB.crt", "usr/share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R1.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R2.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R3.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R4.crt", "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt", "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_E46.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_R46.crt", "usr/share/ca-certificates/mozilla/Go_Daddy_Class_2_CA.crt", "usr/share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/HARICA_TLS_ECC_Root_CA_2021.crt", "usr/share/ca-certificates/mozilla/HARICA_TLS_RSA_Root_CA_2021.crt", "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt", "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt", "usr/share/ca-certificates/mozilla/HiPKI_Root_CA_-_G1.crt", "usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt", "usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt", "usr/share/ca-certificates/mozilla/ISRG_Root_X2.crt", "usr/share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt", "usr/share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt", "usr/share/ca-certificates/mozilla/Izenpe.com.crt", "usr/share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt", "usr/share/ca-certificates/mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt", "usr/share/ca-certificates/mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt", "usr/share/ca-certificates/mozilla/NAVER_Global_Root_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt", "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt", "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt", "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt", "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt", "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt", "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt", "usr/share/ca-certificates/mozilla/SSL.com_TLS_ECC_Root_CA_2022.crt", "usr/share/ca-certificates/mozilla/SSL.com_TLS_RSA_Root_CA_2022.crt", "usr/share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt", "usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_E46.crt", "usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_R46.crt", "usr/share/ca-certificates/mozilla/SecureSign_RootCA11.crt", "usr/share/ca-certificates/mozilla/SecureTrust_CA.crt", "usr/share/ca-certificates/mozilla/Secure_Global_CA.crt", "usr/share/ca-certificates/mozilla/Security_Communication_ECC_RootCA1.crt", "usr/share/ca-certificates/mozilla/Security_Communication_RootCA2.crt", "usr/share/ca-certificates/mozilla/Security_Communication_RootCA3.crt", "usr/share/ca-certificates/mozilla/Starfield_Class_2_CA.crt", "usr/share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt", "usr/share/ca-certificates/mozilla/SwissSign_Silver_CA_-_G2.crt", "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt", "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt", "usr/share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt", "usr/share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt", "usr/share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Telekom_Security_TLS_ECC_Root_2020.crt", "usr/share/ca-certificates/mozilla/Telekom_Security_TLS_RSA_Root_2023.crt", "usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt", "usr/share/ca-certificates/mozilla/Telia_Root_CA_v2.crt", "usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G3.crt", "usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G4.crt", "usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/TunTrust_Root_CA.crt", "usr/share/ca-certificates/mozilla/UCA_Extended_Validation_Root.crt", "usr/share/ca-certificates/mozilla/UCA_Global_G2_Root.crt", "usr/share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/XRamp_Global_CA_Root.crt", "usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt", "usr/share/ca-certificates/mozilla/certSIGN_Root_CA_G2.crt", "usr/share/ca-certificates/mozilla/e-Szigno_Root_CA_2017.crt", "usr/share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_C3.crt", "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_G3.crt", "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_C1.crt", "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_G1.crt", "usr/share/ca-certificates/mozilla/vTrus_ECC_Root_CA.crt", "usr/share/ca-certificates/mozilla/vTrus_Root_CA.crt" ], "AnalyzedBy": "apk" }, { "ID": "ca-certificates-bundle@20240705-r0", "Name": "ca-certificates-bundle", "Identifier": { "PURL": "pkg:apk/alpine/ca-certificates-bundle@20240705-r0?arch=x86_64\u0026distro=3.20.3", "UID": "3eee7d032ad5ff1a" }, "Version": "20240705-r0", "Arch": "x86_64", "SrcName": "ca-certificates", "SrcVersion": "20240705-r0", "Licenses": [ "MPL-2.0", "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "Digest": "sha1:a927e8d0fd49c6cff7692a115ce237ed1bd62894", "InstalledFiles": [ "etc/ssl/cert.pem", "etc/ssl/certs/ca-certificates.crt", "etc/ssl1.1/cert.pem", "etc/ssl1.1/certs" ], "AnalyzedBy": "apk" }, { "ID": "catatonit@0.2.0-r0", "Name": "catatonit", "Identifier": { "PURL": "pkg:apk/alpine/catatonit@0.2.0-r0?arch=x86_64\u0026distro=3.20.3", "UID": "def5b7093e46f779" }, "Version": "0.2.0-r0", "Arch": "x86_64", "SrcName": "catatonit", "SrcVersion": "0.2.0-r0", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Michał Polański \u003cmichal@polanski.me\u003e", "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:a70336616355d8a7a3958e9047690f9c4803e158", "InstalledFiles": [ "usr/bin/catatonit", "usr/libexec/podman/catatonit" ], "AnalyzedBy": "apk" }, { "ID": "coredns@1.11.1-r9", "Name": "coredns", "Identifier": { "PURL": "pkg:apk/alpine/coredns@1.11.1-r9?arch=x86_64\u0026distro=3.20.3", "UID": "b4571c5dd52cb45d" }, "Version": "1.11.1-r9", "Arch": "x86_64", "SrcName": "coredns", "SrcVersion": "1.11.1-r9", "Licenses": [ "Apache-2.0" ], "Maintainer": "Mark Pashmfouroush \u003cmark@markpash.me\u003e", "DependsOn": [ "busybox-binsh@1.36.1-r29", "musl@1.2.5-r0", "unbound-libs@1.20.0-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:8bcef7f97e9d63be2e0e8369bb12336148aa9c49", "InstalledFiles": [ "etc/logrotate.d/coredns", "usr/bin/coredns" ], "AnalyzedBy": "apk" }, { "ID": "coreutils@9.5-r1", "Name": "coreutils", "Identifier": { "PURL": "pkg:apk/alpine/coreutils@9.5-r1?arch=x86_64\u0026distro=3.20.3", "UID": "9b1e19fe4f22a77e" }, "Version": "9.5-r1", "Arch": "x86_64", "SrcName": "coreutils", "SrcVersion": "9.5-r1", "Licenses": [ "GPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "busybox-binsh@1.36.1-r29", "coreutils-env@9.5-r1", "coreutils-fmt@9.5-r1", "coreutils-sha512sum@9.5-r1", "libacl@2.3.2-r0", "libattr@2.5.2-r0", "libcrypto3@3.3.2-r0", "musl@1.2.5-r0", "utmps-libs@0.1.2.2-r1" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:db95b051914f9628b6dfa966ae44e2c3f7166a34", "InstalledFiles": [ "bin/base64", "bin/cat", "bin/chgrp", "bin/chmod", "bin/chown", "bin/cp", "bin/date", "bin/dd", "bin/df", "bin/echo", "bin/false", "bin/ln", "bin/ls", "bin/mkdir", "bin/mknod", "bin/mktemp", "bin/mv", "bin/nice", "bin/printenv", "bin/pwd", "bin/rm", "bin/rmdir", "bin/sleep", "bin/stat", "bin/stty", "bin/sync", "bin/touch", "bin/true", "bin/uname", "usr/bin/[", "usr/bin/b2sum", "usr/bin/base32", "usr/bin/basename", "usr/bin/basenc", "usr/bin/chcon", "usr/bin/cksum", "usr/bin/comm", "usr/bin/coreutils", "usr/bin/csplit", "usr/bin/cut", "usr/bin/dir", "usr/bin/dircolors", "usr/bin/dirname", "usr/bin/du", "usr/bin/expand", "usr/bin/expr", "usr/bin/factor", "usr/bin/fold", "usr/bin/head", "usr/bin/hostid", "usr/bin/id", "usr/bin/install", "usr/bin/join", "usr/bin/link", "usr/bin/logname", "usr/bin/md5sum", "usr/bin/mkfifo", "usr/bin/nl", "usr/bin/nohup", "usr/bin/nproc", "usr/bin/numfmt", "usr/bin/od", "usr/bin/paste", "usr/bin/pathchk", "usr/bin/pinky", "usr/bin/pr", "usr/bin/printf", "usr/bin/ptx", "usr/bin/readlink", "usr/bin/realpath", "usr/bin/runcon", "usr/bin/seq", "usr/bin/sha1sum", "usr/bin/sha224sum", "usr/bin/sha256sum", "usr/bin/sha384sum", "usr/bin/shred", "usr/bin/shuf", "usr/bin/sort", "usr/bin/split", "usr/bin/stdbuf", "usr/bin/sum", "usr/bin/tac", "usr/bin/tail", "usr/bin/tee", "usr/bin/test", "usr/bin/timeout", "usr/bin/tr", "usr/bin/truncate", "usr/bin/tsort", "usr/bin/tty", "usr/bin/unexpand", "usr/bin/uniq", "usr/bin/unlink", "usr/bin/users", "usr/bin/vdir", "usr/bin/wc", "usr/bin/who", "usr/bin/whoami", "usr/bin/yes", "usr/libexec/coreutils/libstdbuf.so", "usr/sbin/chroot" ], "AnalyzedBy": "apk" }, { "ID": "coreutils-env@9.5-r1", "Name": "coreutils-env", "Identifier": { "PURL": "pkg:apk/alpine/coreutils-env@9.5-r1?arch=x86_64\u0026distro=3.20.3", "UID": "ada6b68ffa41274d" }, "Version": "9.5-r1", "Arch": "x86_64", "SrcName": "coreutils", "SrcVersion": "9.5-r1", "Licenses": [ "GPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:cdda6e18d01984c0cfd3a4f18be2772f7c92b6e5", "InstalledFiles": [ "usr/bin/env" ], "AnalyzedBy": "apk" }, { "ID": "coreutils-fmt@9.5-r1", "Name": "coreutils-fmt", "Identifier": { "PURL": "pkg:apk/alpine/coreutils-fmt@9.5-r1?arch=x86_64\u0026distro=3.20.3", "UID": "310e73e52c943d35" }, "Version": "9.5-r1", "Arch": "x86_64", "SrcName": "coreutils", "SrcVersion": "9.5-r1", "Licenses": [ "GPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:63bdcf190a57d58c3f9dd1d7c2932b9927086b76", "InstalledFiles": [ "usr/bin/fmt" ], "AnalyzedBy": "apk" }, { "ID": "coreutils-sha512sum@9.5-r1", "Name": "coreutils-sha512sum", "Identifier": { "PURL": "pkg:apk/alpine/coreutils-sha512sum@9.5-r1?arch=x86_64\u0026distro=3.20.3", "UID": "b7d05cd9913379f3" }, "Version": "9.5-r1", "Arch": "x86_64", "SrcName": "coreutils", "SrcVersion": "9.5-r1", "Licenses": [ "GPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libcrypto3@3.3.2-r0", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:11a4c5db93f9d6f84b54b7f3b1f6227db8d35420", "InstalledFiles": [ "usr/bin/sha512sum" ], "AnalyzedBy": "apk" }, { "ID": "curl@8.9.1-r2", "Name": "curl", "Identifier": { "PURL": "pkg:apk/alpine/curl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", "UID": "3590c6e28b7cc208" }, "Version": "8.9.1-r2", "Arch": "x86_64", "SrcName": "curl", "SrcVersion": "8.9.1-r2", "Licenses": [ "curl" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libcurl@8.9.1-r2", "musl@1.2.5-r0", "zlib@1.3.1-r1" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:2a4b115a7fd1c8180708f71ae319308ffb1eee0d", "InstalledFiles": [ "usr/bin/curl" ], "AnalyzedBy": "apk" }, { "ID": "findutils@4.9.0-r5", "Name": "findutils", "Identifier": { "PURL": "pkg:apk/alpine/findutils@4.9.0-r5?arch=x86_64\u0026distro=3.20.3", "UID": "895d07a512653278" }, "Version": "4.9.0-r5", "Arch": "x86_64", "SrcName": "findutils", "SrcVersion": "4.9.0-r5", "Licenses": [ "GPL-3.0-or-later" ], "Maintainer": "Michael Mason \u003cms13sp@gmail.com\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:9f33bd1b173b7164905b88cb5f31b8cd208031bf", "InstalledFiles": [ "usr/bin/find", "usr/bin/xargs" ], "AnalyzedBy": "apk" }, { "ID": "grep@3.11-r0", "Name": "grep", "Identifier": { "PURL": "pkg:apk/alpine/grep@3.11-r0?arch=x86_64\u0026distro=3.20.3", "UID": "27e3ce194d349dd2" }, "Version": "3.11-r0", "Arch": "x86_64", "SrcName": "grep", "SrcVersion": "3.11-r0", "Licenses": [ "GPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0", "pcre2@10.43-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:af0146702fdff30812908c4a6ea007da0e66e54f", "InstalledFiles": [ "bin/egrep", "bin/fgrep", "bin/grep" ], "AnalyzedBy": "apk" }, { "ID": "iproute2@6.9.0-r0", "Name": "iproute2", "Identifier": { "PURL": "pkg:apk/alpine/iproute2@6.9.0-r0?arch=x86_64\u0026distro=3.20.3", "UID": "dbf5c47b541c8fb3" }, "Version": "6.9.0-r0", "Arch": "x86_64", "SrcName": "iproute2", "SrcVersion": "6.9.0-r0", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "busybox-binsh@1.36.1-r29", "iproute2-minimal@6.9.0-r0", "iproute2-ss@6.9.0-r0", "iproute2-tc@6.9.0-r0", "libcap2@2.70-r0", "libmnl@1.0.5-r2", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:c61e61589360afecd6134600fb8da0dd4afd3deb", "InstalledFiles": [ "sbin/bridge", "sbin/ctstat", "sbin/genl", "sbin/ifstat", "sbin/lnstat", "sbin/nstat", "sbin/routel", "sbin/rtacct", "sbin/rtmon", "sbin/rtstat" ], "AnalyzedBy": "apk" }, { "ID": "iproute2-minimal@6.9.0-r0", "Name": "iproute2-minimal", "Identifier": { "PURL": "pkg:apk/alpine/iproute2-minimal@6.9.0-r0?arch=x86_64\u0026distro=3.20.3", "UID": "19c3070ab9981b5d" }, "Version": "6.9.0-r0", "Arch": "x86_64", "SrcName": "iproute2", "SrcVersion": "6.9.0-r0", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libcap2@2.70-r0", "libelf@0.191-r0", "libmnl@1.0.5-r2", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:bbed2277bad93f8cb2f265814225c5a9a148b222", "InstalledFiles": [ "sbin/ip", "usr/share/iproute2/bpf_pinning", "usr/share/iproute2/ematch_map", "usr/share/iproute2/group", "usr/share/iproute2/nl_protos", "usr/share/iproute2/rt_dsfield", "usr/share/iproute2/rt_protos", "usr/share/iproute2/rt_realms", "usr/share/iproute2/rt_scopes", "usr/share/iproute2/rt_tables" ], "AnalyzedBy": "apk" }, { "ID": "iproute2-ss@6.9.0-r0", "Name": "iproute2-ss", "Identifier": { "PURL": "pkg:apk/alpine/iproute2-ss@6.9.0-r0?arch=x86_64\u0026distro=3.20.3", "UID": "ce3157d6b7f793c7" }, "Version": "6.9.0-r0", "Arch": "x86_64", "SrcName": "iproute2", "SrcVersion": "6.9.0-r0", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libcap2@2.70-r0", "libmnl@1.0.5-r2", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:5c562a5e764b55c92ad3f363980b442fbf7db2e2", "InstalledFiles": [ "sbin/ss" ], "AnalyzedBy": "apk" }, { "ID": "iproute2-tc@6.9.0-r0", "Name": "iproute2-tc", "Identifier": { "PURL": "pkg:apk/alpine/iproute2-tc@6.9.0-r0?arch=x86_64\u0026distro=3.20.3", "UID": "1dbfc76aa5be1ed3" }, "Version": "6.9.0-r0", "Arch": "x86_64", "SrcName": "iproute2", "SrcVersion": "6.9.0-r0", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libcap2@2.70-r0", "libelf@0.191-r0", "libmnl@1.0.5-r2", "libxtables@1.8.10-r3", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:bd55f18d1e0e626ebc32a6db124ff015fcc0fcad", "InstalledFiles": [ "sbin/tc", "usr/lib/tc/experimental.dist", "usr/lib/tc/normal.dist", "usr/lib/tc/pareto.dist", "usr/lib/tc/paretonormal.dist" ], "AnalyzedBy": "apk" }, { "ID": "iptables@1.8.10-r3", "Name": "iptables", "Identifier": { "PURL": "pkg:apk/alpine/iptables@1.8.10-r3?arch=x86_64\u0026distro=3.20.3", "UID": "9f102aa6e7718fb6" }, "Version": "1.8.10-r3", "Arch": "x86_64", "SrcName": "iptables", "SrcVersion": "1.8.10-r3", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "busybox-binsh@1.36.1-r29", "libmnl@1.0.5-r2", "libnftnl@1.2.6-r0", "libxtables@1.8.10-r3", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:a4bc81e3f91510205018e0166d4ce93507f572c8", "InstalledFiles": [ "etc/ethertypes", "sbin/arptables", "sbin/arptables-nft", "sbin/arptables-nft-restore", "sbin/arptables-nft-save", "sbin/arptables-restore", "sbin/arptables-save", "sbin/ebtables", "sbin/ebtables-nft", "sbin/ebtables-nft-restore", "sbin/ebtables-nft-save", "sbin/ebtables-restore", "sbin/ebtables-save", "sbin/ebtables-translate", "sbin/ip6tables", "sbin/ip6tables-apply", "sbin/ip6tables-nft", "sbin/ip6tables-nft-restore", "sbin/ip6tables-nft-save", "sbin/ip6tables-restore", "sbin/ip6tables-restore-translate", "sbin/ip6tables-save", "sbin/ip6tables-translate", "sbin/iptables", "sbin/iptables-apply", "sbin/iptables-nft", "sbin/iptables-nft-restore", "sbin/iptables-nft-save", "sbin/iptables-restore", "sbin/iptables-restore-translate", "sbin/iptables-save", "sbin/iptables-translate", "sbin/xtables-monitor", "sbin/xtables-nft-multi", "usr/lib/xtables/libarpt_mangle.so", "usr/lib/xtables/libebt_802_3.so", "usr/lib/xtables/libebt_among.so", "usr/lib/xtables/libebt_arp.so", "usr/lib/xtables/libebt_arpreply.so", "usr/lib/xtables/libebt_dnat.so", "usr/lib/xtables/libebt_ip.so", "usr/lib/xtables/libebt_ip6.so", "usr/lib/xtables/libebt_log.so", "usr/lib/xtables/libebt_mark.so", "usr/lib/xtables/libebt_mark_m.so", "usr/lib/xtables/libebt_nflog.so", "usr/lib/xtables/libebt_pkttype.so", "usr/lib/xtables/libebt_redirect.so", "usr/lib/xtables/libebt_snat.so", "usr/lib/xtables/libebt_stp.so", "usr/lib/xtables/libebt_vlan.so", "usr/lib/xtables/libip6t_DNPT.so", "usr/lib/xtables/libip6t_HL.so", "usr/lib/xtables/libip6t_NETMAP.so", "usr/lib/xtables/libip6t_REJECT.so", "usr/lib/xtables/libip6t_SNPT.so", "usr/lib/xtables/libip6t_ah.so", "usr/lib/xtables/libip6t_dst.so", "usr/lib/xtables/libip6t_eui64.so", "usr/lib/xtables/libip6t_frag.so", "usr/lib/xtables/libip6t_hbh.so", "usr/lib/xtables/libip6t_hl.so", "usr/lib/xtables/libip6t_icmp6.so", "usr/lib/xtables/libip6t_ipv6header.so", "usr/lib/xtables/libip6t_mh.so", "usr/lib/xtables/libip6t_rt.so", "usr/lib/xtables/libip6t_srh.so", "usr/lib/xtables/libipt_CLUSTERIP.so", "usr/lib/xtables/libipt_ECN.so", "usr/lib/xtables/libipt_NETMAP.so", "usr/lib/xtables/libipt_REJECT.so", "usr/lib/xtables/libipt_TTL.so", "usr/lib/xtables/libipt_ULOG.so", "usr/lib/xtables/libipt_ah.so", "usr/lib/xtables/libipt_icmp.so", "usr/lib/xtables/libipt_realm.so", "usr/lib/xtables/libipt_ttl.so", "usr/lib/xtables/libxt_AUDIT.so", "usr/lib/xtables/libxt_CHECKSUM.so", "usr/lib/xtables/libxt_CLASSIFY.so", "usr/lib/xtables/libxt_CONNMARK.so", "usr/lib/xtables/libxt_CONNSECMARK.so", "usr/lib/xtables/libxt_CT.so", "usr/lib/xtables/libxt_DNAT.so", "usr/lib/xtables/libxt_DSCP.so", "usr/lib/xtables/libxt_HMARK.so", "usr/lib/xtables/libxt_IDLETIMER.so", "usr/lib/xtables/libxt_LED.so", "usr/lib/xtables/libxt_LOG.so", "usr/lib/xtables/libxt_MARK.so", "usr/lib/xtables/libxt_MASQUERADE.so", "usr/lib/xtables/libxt_NAT.so", "usr/lib/xtables/libxt_NFLOG.so", "usr/lib/xtables/libxt_NFQUEUE.so", "usr/lib/xtables/libxt_NOTRACK.so", "usr/lib/xtables/libxt_RATEEST.so", "usr/lib/xtables/libxt_REDIRECT.so", "usr/lib/xtables/libxt_SECMARK.so", "usr/lib/xtables/libxt_SET.so", "usr/lib/xtables/libxt_SNAT.so", "usr/lib/xtables/libxt_SYNPROXY.so", "usr/lib/xtables/libxt_TCPMSS.so", "usr/lib/xtables/libxt_TCPOPTSTRIP.so", "usr/lib/xtables/libxt_TEE.so", "usr/lib/xtables/libxt_TOS.so", "usr/lib/xtables/libxt_TPROXY.so", "usr/lib/xtables/libxt_TRACE.so", "usr/lib/xtables/libxt_addrtype.so", "usr/lib/xtables/libxt_bpf.so", "usr/lib/xtables/libxt_cgroup.so", "usr/lib/xtables/libxt_cluster.so", "usr/lib/xtables/libxt_comment.so", "usr/lib/xtables/libxt_connbytes.so", "usr/lib/xtables/libxt_connlimit.so", "usr/lib/xtables/libxt_connmark.so", "usr/lib/xtables/libxt_conntrack.so", "usr/lib/xtables/libxt_cpu.so", "usr/lib/xtables/libxt_dccp.so", "usr/lib/xtables/libxt_devgroup.so", "usr/lib/xtables/libxt_dscp.so", "usr/lib/xtables/libxt_ecn.so", "usr/lib/xtables/libxt_esp.so", "usr/lib/xtables/libxt_hashlimit.so", "usr/lib/xtables/libxt_helper.so", "usr/lib/xtables/libxt_ipcomp.so", "usr/lib/xtables/libxt_iprange.so", "usr/lib/xtables/libxt_ipvs.so", "usr/lib/xtables/libxt_length.so", "usr/lib/xtables/libxt_limit.so", "usr/lib/xtables/libxt_mac.so", "usr/lib/xtables/libxt_mark.so", "usr/lib/xtables/libxt_multiport.so", "usr/lib/xtables/libxt_nfacct.so", "usr/lib/xtables/libxt_osf.so", "usr/lib/xtables/libxt_owner.so", "usr/lib/xtables/libxt_physdev.so", "usr/lib/xtables/libxt_pkttype.so", "usr/lib/xtables/libxt_policy.so", "usr/lib/xtables/libxt_quota.so", "usr/lib/xtables/libxt_rateest.so", "usr/lib/xtables/libxt_recent.so", "usr/lib/xtables/libxt_rpfilter.so", "usr/lib/xtables/libxt_sctp.so", "usr/lib/xtables/libxt_set.so", "usr/lib/xtables/libxt_socket.so", "usr/lib/xtables/libxt_standard.so", "usr/lib/xtables/libxt_state.so", "usr/lib/xtables/libxt_statistic.so", "usr/lib/xtables/libxt_string.so", "usr/lib/xtables/libxt_tcp.so", "usr/lib/xtables/libxt_tcpmss.so", "usr/lib/xtables/libxt_time.so", "usr/lib/xtables/libxt_tos.so", "usr/lib/xtables/libxt_u32.so", "usr/lib/xtables/libxt_udp.so", "usr/share/xtables/iptables.xslt" ], "AnalyzedBy": "apk" }, { "ID": "iptables-legacy@1.8.10-r3", "Name": "iptables-legacy", "Identifier": { "PURL": "pkg:apk/alpine/iptables-legacy@1.8.10-r3?arch=x86_64\u0026distro=3.20.3", "UID": "21184db795b7fbff" }, "Version": "1.8.10-r3", "Arch": "x86_64", "SrcName": "iptables", "SrcVersion": "1.8.10-r3", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libip4tc@1.8.10-r3", "libip6tc@1.8.10-r3", "libxtables@1.8.10-r3", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:7455abb73317d7e992f8590cac0166922d7f96b4", "InstalledFiles": [ "sbin/ip6tables-legacy", "sbin/ip6tables-legacy-restore", "sbin/ip6tables-legacy-save", "sbin/iptables-legacy", "sbin/iptables-legacy-restore", "sbin/iptables-legacy-save", "sbin/xtables-legacy-multi", "usr/bin/iptables-xml" ], "AnalyzedBy": "apk" }, { "ID": "iputils@20240117-r0", "Name": "iputils", "Identifier": { "PURL": "pkg:apk/alpine/iputils@20240117-r0?arch=x86_64\u0026distro=3.20.3", "UID": "5c4776212e1969ec" }, "Version": "20240117-r0", "Arch": "x86_64", "SrcName": "iputils", "SrcVersion": "20240117-r0", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "iputils-arping@20240117-r0", "iputils-clockdiff@20240117-r0", "iputils-ping@20240117-r0", "iputils-tracepath@20240117-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:b39e39ae31e5cd4633267f337741c32834ea1293", "AnalyzedBy": "apk" }, { "ID": "iputils-arping@20240117-r0", "Name": "iputils-arping", "Identifier": { "PURL": "pkg:apk/alpine/iputils-arping@20240117-r0?arch=x86_64\u0026distro=3.20.3", "UID": "b3ff37a971d0df9b" }, "Version": "20240117-r0", "Arch": "x86_64", "SrcName": "iputils", "SrcVersion": "20240117-r0", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libcap2@2.70-r0", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:dc4a98cc56e312ee02c7ed28ae86d682f05f9ac9", "InstalledFiles": [ "usr/sbin/arping" ], "AnalyzedBy": "apk" }, { "ID": "iputils-clockdiff@20240117-r0", "Name": "iputils-clockdiff", "Identifier": { "PURL": "pkg:apk/alpine/iputils-clockdiff@20240117-r0?arch=x86_64\u0026distro=3.20.3", "UID": "ce3e815897ad006a" }, "Version": "20240117-r0", "Arch": "x86_64", "SrcName": "iputils", "SrcVersion": "20240117-r0", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libcap2@2.70-r0", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:d7e78c70bf179f70f129758c2e4c59e91228aca5", "InstalledFiles": [ "usr/sbin/clockdiff" ], "AnalyzedBy": "apk" }, { "ID": "iputils-ping@20240117-r0", "Name": "iputils-ping", "Identifier": { "PURL": "pkg:apk/alpine/iputils-ping@20240117-r0?arch=x86_64\u0026distro=3.20.3", "UID": "88fd811ce687ea71" }, "Version": "20240117-r0", "Arch": "x86_64", "SrcName": "iputils", "SrcVersion": "20240117-r0", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libcap2@2.70-r0", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:ea41b4dc2da620da895c18d8dbf791b70e2a6bd1", "InstalledFiles": [ "bin/ping", "bin/ping6" ], "AnalyzedBy": "apk" }, { "ID": "iputils-tracepath@20240117-r0", "Name": "iputils-tracepath", "Identifier": { "PURL": "pkg:apk/alpine/iputils-tracepath@20240117-r0?arch=x86_64\u0026distro=3.20.3", "UID": "b5f8bd1ce890fdd9" }, "Version": "20240117-r0", "Arch": "x86_64", "SrcName": "iputils", "SrcVersion": "20240117-r0", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:04ab8a74626348da18b329a8aaf12d41bdfe34bb", "InstalledFiles": [ "usr/sbin/tracepath", "usr/sbin/tracepath6" ], "AnalyzedBy": "apk" }, { "ID": "jq@1.7.1-r0", "Name": "jq", "Identifier": { "PURL": "pkg:apk/alpine/jq@1.7.1-r0?arch=x86_64\u0026distro=3.20.3", "UID": "a85e7d55b2203540" }, "Version": "1.7.1-r0", "Arch": "x86_64", "SrcName": "jq", "SrcVersion": "1.7.1-r0", "Licenses": [ "MIT" ], "Maintainer": "Patrycja Rosa \u003calpine@ptrcnull.me\u003e", "DependsOn": [ "musl@1.2.5-r0", "oniguruma@6.9.9-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:db874e07e38cd4863d8cf235966dbb713eb0bc4c", "InstalledFiles": [ "usr/bin/jq", "usr/lib/libjq.so.1", "usr/lib/libjq.so.1.0.4" ], "AnalyzedBy": "apk" }, { "ID": "kmod@32-r0", "Name": "kmod", "Identifier": { "PURL": "pkg:apk/alpine/kmod@32-r0?arch=x86_64\u0026distro=3.20.3", "UID": "399102bb7b20c1a6" }, "Version": "32-r0", "Arch": "x86_64", "SrcName": "kmod", "SrcVersion": "32-r0", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "busybox-binsh@1.36.1-r29", "libcrypto3@3.3.2-r0", "musl@1.2.5-r0", "xz-libs@5.6.2-r0", "zlib@1.3.1-r1", "zstd-libs@1.5.6-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:2c573c8376a20498a8e870af2aaf02e462caf785", "InstalledFiles": [ "bin/depmod", "bin/insmod", "bin/kmod", "bin/lsmod", "bin/modinfo", "bin/modprobe", "bin/rmmod", "sbin/depmod", "sbin/insmod", "sbin/lsmod", "sbin/modinfo", "sbin/modprobe", "sbin/rmmod" ], "AnalyzedBy": "apk" }, { "ID": "libacl@2.3.2-r0", "Name": "libacl", "Identifier": { "PURL": "pkg:apk/alpine/libacl@2.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "3aef225ef60a107f" }, "Version": "2.3.2-r0", "Arch": "x86_64", "SrcName": "acl", "SrcVersion": "2.3.2-r0", "Licenses": [ "LGPL-2.1-or-later", "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:eac92152414664eed36c39ea29c97360b1194867", "InstalledFiles": [ "lib/libacl.so.1", "lib/libacl.so.1.1.2302" ], "AnalyzedBy": "apk" }, { "ID": "libattr@2.5.2-r0", "Name": "libattr", "Identifier": { "PURL": "pkg:apk/alpine/libattr@2.5.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "687b918a456213c8" }, "Version": "2.5.2-r0", "Arch": "x86_64", "SrcName": "attr", "SrcVersion": "2.5.2-r0", "Licenses": [ "LGPL-2.1-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:358e2a6078f8cf6625bc58d181380f42fdfc342b", "InstalledFiles": [ "lib/libattr.so.1", "lib/libattr.so.1.1.2502" ], "AnalyzedBy": "apk" }, { "ID": "libbsd@0.12.2-r0", "Name": "libbsd", "Identifier": { "PURL": "pkg:apk/alpine/libbsd@0.12.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "172597f0b99393b" }, "Version": "0.12.2-r0", "Arch": "x86_64", "SrcName": "libbsd", "SrcVersion": "0.12.2-r0", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libmd@1.1.0-r0", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:77cdd05ac1f7daa54b2331c822265cf6542c8f6f", "InstalledFiles": [ "usr/lib/libbsd.so.0", "usr/lib/libbsd.so.0.12.2" ], "AnalyzedBy": "apk" }, { "ID": "libcap-getcap@2.70-r0", "Name": "libcap-getcap", "Identifier": { "PURL": "pkg:apk/alpine/libcap-getcap@2.70-r0?arch=x86_64\u0026distro=3.20.3", "UID": "2e9f7399f8a4acb1" }, "Version": "2.70-r0", "Arch": "x86_64", "SrcName": "libcap", "SrcVersion": "2.70-r0", "Licenses": [ "BSD-3-Clause", "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libcap2@2.70-r0", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:9f5949c3759156dd0c4ddd51b77c7eeb1827a522", "InstalledFiles": [ "usr/sbin/getcap" ], "AnalyzedBy": "apk" }, { "ID": "libcap-setcap@2.70-r0", "Name": "libcap-setcap", "Identifier": { "PURL": "pkg:apk/alpine/libcap-setcap@2.70-r0?arch=x86_64\u0026distro=3.20.3", "UID": "7ead01c20c7fdb89" }, "Version": "2.70-r0", "Arch": "x86_64", "SrcName": "libcap", "SrcVersion": "2.70-r0", "Licenses": [ "BSD-3-Clause", "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libcap2@2.70-r0", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:1b481865bb62ccad132e974eed1b2bcf91974a84", "InstalledFiles": [ "usr/sbin/setcap" ], "AnalyzedBy": "apk" }, { "ID": "libcap-utils@2.70-r0", "Name": "libcap-utils", "Identifier": { "PURL": "pkg:apk/alpine/libcap-utils@2.70-r0?arch=x86_64\u0026distro=3.20.3", "UID": "2af2246a4520124f" }, "Version": "2.70-r0", "Arch": "x86_64", "SrcName": "libcap", "SrcVersion": "2.70-r0", "Licenses": [ "BSD-3-Clause", "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libcap-getcap@2.70-r0", "libcap-setcap@2.70-r0", "libcap2@2.70-r0", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:9d0846422786d2955f9a2e6b8bd082753daefedd", "InstalledFiles": [ "usr/sbin/capsh", "usr/sbin/getpcaps" ], "AnalyzedBy": "apk" }, { "ID": "libcap2@2.70-r0", "Name": "libcap2", "Identifier": { "PURL": "pkg:apk/alpine/libcap2@2.70-r0?arch=x86_64\u0026distro=3.20.3", "UID": "fdb8fa1749c0da49" }, "Version": "2.70-r0", "Arch": "x86_64", "SrcName": "libcap", "SrcVersion": "2.70-r0", "Licenses": [ "BSD-3-Clause", "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:36d62e0793057eade6594a1dfd7e0fe6fdbc26e1", "InstalledFiles": [ "usr/lib/libcap.so.2", "usr/lib/libcap.so.2.70", "usr/lib/libpsx.so.2", "usr/lib/libpsx.so.2.70" ], "AnalyzedBy": "apk" }, { "ID": "libcrypto3@3.3.2-r0", "Name": "libcrypto3", "Identifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "1f07265a9a4c81e3" }, "Version": "3.3.2-r0", "Arch": "x86_64", "SrcName": "openssl", "SrcVersion": "3.3.2-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "Digest": "sha1:9bf0618d6c5fa68e03e5c2bb47d179320f7576ba", "InstalledFiles": [ "etc/ssl/ct_log_list.cnf", "etc/ssl/ct_log_list.cnf.dist", "etc/ssl/openssl.cnf", "etc/ssl/openssl.cnf.dist", "lib/libcrypto.so.3", "usr/lib/libcrypto.so.3", "usr/lib/engines-3/afalg.so", "usr/lib/engines-3/capi.so", "usr/lib/engines-3/loader_attic.so", "usr/lib/engines-3/padlock.so", "usr/lib/ossl-modules/legacy.so" ], "AnalyzedBy": "apk" }, { "ID": "libcurl@8.9.1-r2", "Name": "libcurl", "Identifier": { "PURL": "pkg:apk/alpine/libcurl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", "UID": "2ba374c8fc8f948f" }, "Version": "8.9.1-r2", "Arch": "x86_64", "SrcName": "curl", "SrcVersion": "8.9.1-r2", "Licenses": [ "curl" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "brotli-libs@1.1.0-r2", "c-ares@1.33.1-r0", "ca-certificates@20240705-r0", "libcrypto3@3.3.2-r0", "libidn2@2.3.7-r0", "libpsl@0.21.5-r1", "libssl3@3.3.2-r0", "musl@1.2.5-r0", "nghttp2-libs@1.62.1-r0", "zlib@1.3.1-r1", "zstd-libs@1.5.6-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:a09d55380a33f12aa82f49e3fae0e53f7e433587", "InstalledFiles": [ "usr/lib/libcurl.so.4", "usr/lib/libcurl.so.4.8.0" ], "AnalyzedBy": "apk" }, { "ID": "libelf@0.191-r0", "Name": "libelf", "Identifier": { "PURL": "pkg:apk/alpine/libelf@0.191-r0?arch=x86_64\u0026distro=3.20.3", "UID": "7d393dcfda903529" }, "Version": "0.191-r0", "Arch": "x86_64", "SrcName": "elfutils", "SrcVersion": "0.191-r0", "Licenses": [ "GPL-3.0-or-later", "GPL-2.0-or-later", "LGPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0", "zlib@1.3.1-r1", "zstd-libs@1.5.6-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:981d29d25f7ebd2043c571afebfb59675245c9bf", "InstalledFiles": [ "usr/lib/libelf-0.191.so", "usr/lib/libelf.so.1" ], "AnalyzedBy": "apk" }, { "ID": "libevent@2.1.12-r7", "Name": "libevent", "Identifier": { "PURL": "pkg:apk/alpine/libevent@2.1.12-r7?arch=x86_64\u0026distro=3.20.3", "UID": "8ec3d0ad20194f50" }, "Version": "2.1.12-r7", "Arch": "x86_64", "SrcName": "libevent", "SrcVersion": "2.1.12-r7", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libcrypto3@3.3.2-r0", "libssl3@3.3.2-r0", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:7c30b99dcb6359ecb8167c46c3a2a28a9e33aca5", "InstalledFiles": [ "usr/lib/libevent-2.1.so.7", "usr/lib/libevent-2.1.so.7.0.1", "usr/lib/libevent_core-2.1.so.7", "usr/lib/libevent_core-2.1.so.7.0.1", "usr/lib/libevent_extra-2.1.so.7", "usr/lib/libevent_extra-2.1.so.7.0.1", "usr/lib/libevent_openssl-2.1.so.7", "usr/lib/libevent_openssl-2.1.so.7.0.1", "usr/lib/libevent_pthreads-2.1.so.7", "usr/lib/libevent_pthreads-2.1.so.7.0.1" ], "AnalyzedBy": "apk" }, { "ID": "libidn2@2.3.7-r0", "Name": "libidn2", "Identifier": { "PURL": "pkg:apk/alpine/libidn2@2.3.7-r0?arch=x86_64\u0026distro=3.20.3", "UID": "a36f92905da9a0" }, "Version": "2.3.7-r0", "Arch": "x86_64", "SrcName": "libidn2", "SrcVersion": "2.3.7-r0", "Licenses": [ "GPL-2.0-or-later", "LGPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libunistring@1.2-r0", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:02629e610eec8b3f8fc422bec27b3b2359d5c962", "InstalledFiles": [ "usr/lib/libidn2.so.0", "usr/lib/libidn2.so.0.4.0" ], "AnalyzedBy": "apk" }, { "ID": "libintl@0.22.5-r0", "Name": "libintl", "Identifier": { "PURL": "pkg:apk/alpine/libintl@0.22.5-r0?arch=x86_64\u0026distro=3.20.3", "UID": "b2aa65e57d55fe51" }, "Version": "0.22.5-r0", "Arch": "x86_64", "SrcName": "gettext", "SrcVersion": "0.22.5-r0", "Licenses": [ "LGPL-2.1-or-later" ], "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:e4653097ace0aed3ee1d0189be1155684458880d", "InstalledFiles": [ "usr/lib/libintl.so.8", "usr/lib/libintl.so.8.4.0" ], "AnalyzedBy": "apk" }, { "ID": "libip4tc@1.8.10-r3", "Name": "libip4tc", "Identifier": { "PURL": "pkg:apk/alpine/libip4tc@1.8.10-r3?arch=x86_64\u0026distro=3.20.3", "UID": "4b93dfc0c4c88429" }, "Version": "1.8.10-r3", "Arch": "x86_64", "SrcName": "iptables", "SrcVersion": "1.8.10-r3", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:d27e94f20872901b4c22fd0c0966c7ca3fd67716", "InstalledFiles": [ "usr/lib/libip4tc.so.2", "usr/lib/libip4tc.so.2.0.0" ], "AnalyzedBy": "apk" }, { "ID": "libip6tc@1.8.10-r3", "Name": "libip6tc", "Identifier": { "PURL": "pkg:apk/alpine/libip6tc@1.8.10-r3?arch=x86_64\u0026distro=3.20.3", "UID": "f38fbd2df9cd613" }, "Version": "1.8.10-r3", "Arch": "x86_64", "SrcName": "iptables", "SrcVersion": "1.8.10-r3", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:07b3cf845fdad8da6cb26c1318a1e73c1486a3e2", "InstalledFiles": [ "usr/lib/libip6tc.so.2", "usr/lib/libip6tc.so.2.0.0" ], "AnalyzedBy": "apk" }, { "ID": "libmd@1.1.0-r0", "Name": "libmd", "Identifier": { "PURL": "pkg:apk/alpine/libmd@1.1.0-r0?arch=x86_64\u0026distro=3.20.3", "UID": "965d6d33e5a44093" }, "Version": "1.1.0-r0", "Arch": "x86_64", "SrcName": "libmd", "SrcVersion": "1.1.0-r0", "Licenses": [ "BSD-3-Clause", "BSD-2-Clause", "ISC", "Beerware", "Public", "Domain" ], "Maintainer": "omni \u003comni+alpine@hack.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:9f88c37987a5d25c3e536e0aaab3ecea413e4d94", "InstalledFiles": [ "usr/lib/libmd.so.0", "usr/lib/libmd.so.0.1.0" ], "AnalyzedBy": "apk" }, { "ID": "libmnl@1.0.5-r2", "Name": "libmnl", "Identifier": { "PURL": "pkg:apk/alpine/libmnl@1.0.5-r2?arch=x86_64\u0026distro=3.20.3", "UID": "f254bead19a6f1a1" }, "Version": "1.0.5-r2", "Arch": "x86_64", "SrcName": "libmnl", "SrcVersion": "1.0.5-r2", "Licenses": [ "LGPL-2.1-or-later" ], "Maintainer": "Francesco Colista \u003cfcolista@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:c8f07f901cbe6e64dd1c0346056483aa5bf6494b", "InstalledFiles": [ "usr/lib/libmnl.so.0", "usr/lib/libmnl.so.0.2.0" ], "AnalyzedBy": "apk" }, { "ID": "libncursesw@6.4_p20240420-r1", "Name": "libncursesw", "Identifier": { "PURL": "pkg:apk/alpine/libncursesw@6.4_p20240420-r1?arch=x86_64\u0026distro=3.20.3", "UID": "380e2483755d26ce" }, "Version": "6.4_p20240420-r1", "Arch": "x86_64", "SrcName": "ncurses", "SrcVersion": "6.4_p20240420-r1", "Licenses": [ "X-11" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0", "ncurses-terminfo-base@6.4_p20240420-r1" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:ea11d954db1aef9ade8abe50bf3870c994a39c70", "InstalledFiles": [ "usr/lib/libncursesw.so.6", "usr/lib/libncursesw.so.6.4" ], "AnalyzedBy": "apk" }, { "ID": "libnftnl@1.2.6-r0", "Name": "libnftnl", "Identifier": { "PURL": "pkg:apk/alpine/libnftnl@1.2.6-r0?arch=x86_64\u0026distro=3.20.3", "UID": "cdc849f7051784d0" }, "Version": "1.2.6-r0", "Arch": "x86_64", "SrcName": "libnftnl", "SrcVersion": "1.2.6-r0", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Jakub Jirutka \u003cjakub@jirutka.cz\u003e", "DependsOn": [ "libmnl@1.0.5-r2", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:fb069ebafae8c7cc06a6dbed27724714d5cfa57b", "InstalledFiles": [ "usr/lib/libnftnl.so.11", "usr/lib/libnftnl.so.11.6.0" ], "AnalyzedBy": "apk" }, { "ID": "libpng@1.6.44-r0", "Name": "libpng", "Identifier": { "PURL": "pkg:apk/alpine/libpng@1.6.44-r0?arch=x86_64\u0026distro=3.20.3", "UID": "e29ba48026f32d89" }, "Version": "1.6.44-r0", "Arch": "x86_64", "SrcName": "libpng", "SrcVersion": "1.6.44-r0", "Licenses": [ "Libpng" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0", "zlib@1.3.1-r1" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:3fc66dc77509d5afcd2aac36cb2f92108fdfcc23", "InstalledFiles": [ "usr/lib/libpng16.so.16", "usr/lib/libpng16.so.16.44.0" ], "AnalyzedBy": "apk" }, { "ID": "libproc2@4.0.4-r0", "Name": "libproc2", "Identifier": { "PURL": "pkg:apk/alpine/libproc2@4.0.4-r0?arch=x86_64\u0026distro=3.20.3", "UID": "70ae2163926d9037" }, "Version": "4.0.4-r0", "Arch": "x86_64", "SrcName": "procps-ng", "SrcVersion": "4.0.4-r0", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.1-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:9cca2d1b39191864fe89116bf9c3b3aab5d0ccb9", "InstalledFiles": [ "lib/libproc2.so.0", "lib/libproc2.so.0.0.2" ], "AnalyzedBy": "apk" }, { "ID": "libpsl@0.21.5-r1", "Name": "libpsl", "Identifier": { "PURL": "pkg:apk/alpine/libpsl@0.21.5-r1?arch=x86_64\u0026distro=3.20.3", "UID": "8760b1e6c7f9e61c" }, "Version": "0.21.5-r1", "Arch": "x86_64", "SrcName": "libpsl", "SrcVersion": "0.21.5-r1", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libidn2@2.3.7-r0", "libunistring@1.2-r0", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:1f1e660c761dadb2614c0f573ea6ef2be8649206", "InstalledFiles": [ "usr/lib/libpsl.so.5", "usr/lib/libpsl.so.5.3.5" ], "AnalyzedBy": "apk" }, { "ID": "libqrencode@4.1.1-r2", "Name": "libqrencode", "Identifier": { "PURL": "pkg:apk/alpine/libqrencode@4.1.1-r2?arch=x86_64\u0026distro=3.20.3", "UID": "6a6294b6dbd10ecf" }, "Version": "4.1.1-r2", "Arch": "x86_64", "SrcName": "libqrencode", "SrcVersion": "4.1.1-r2", "Licenses": [ "LGPL-2.1-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:8ab385c2b299cdcf51e0a72c848edc9428b4c0a0", "InstalledFiles": [ "usr/lib/libqrencode.so.4", "usr/lib/libqrencode.so.4.1.1" ], "AnalyzedBy": "apk" }, { "ID": "libqrencode-tools@4.1.1-r2", "Name": "libqrencode-tools", "Identifier": { "PURL": "pkg:apk/alpine/libqrencode-tools@4.1.1-r2?arch=x86_64\u0026distro=3.20.3", "UID": "2b353137288f0b74" }, "Version": "4.1.1-r2", "Arch": "x86_64", "SrcName": "libqrencode", "SrcVersion": "4.1.1-r2", "Licenses": [ "LGPL-2.1-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libpng@1.6.44-r0", "libqrencode@4.1.1-r2", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:de64bbf0ee1af6f8ef7626d5ec235726f3a37411", "InstalledFiles": [ "usr/bin/qrencode" ], "AnalyzedBy": "apk" }, { "ID": "libssl3@3.3.2-r0", "Name": "libssl3", "Identifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "c6ddd7b4b8d1fc36" }, "Version": "3.3.2-r0", "Arch": "x86_64", "SrcName": "openssl", "SrcVersion": "3.3.2-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libcrypto3@3.3.2-r0", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "Digest": "sha1:f81052a84c5e1028fe4db48e94c94ab1a826a898", "InstalledFiles": [ "lib/libssl.so.3", "usr/lib/libssl.so.3" ], "AnalyzedBy": "apk" }, { "ID": "libunistring@1.2-r0", "Name": "libunistring", "Identifier": { "PURL": "pkg:apk/alpine/libunistring@1.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "ae41cff06c3deb9e" }, "Version": "1.2-r0", "Arch": "x86_64", "SrcName": "libunistring", "SrcVersion": "1.2-r0", "Licenses": [ "GPL-2.0-or-later", "LGPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:1ff86ed40752102a6c84ece085ae89ac88c74c5a", "InstalledFiles": [ "usr/lib/libunistring.so.5", "usr/lib/libunistring.so.5.1.0" ], "AnalyzedBy": "apk" }, { "ID": "libxtables@1.8.10-r3", "Name": "libxtables", "Identifier": { "PURL": "pkg:apk/alpine/libxtables@1.8.10-r3?arch=x86_64\u0026distro=3.20.3", "UID": "ac7531315c20e326" }, "Version": "1.8.10-r3", "Arch": "x86_64", "SrcName": "iptables", "SrcVersion": "1.8.10-r3", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:3f331bf2d5660c02a82152f272b8d11c3744221d", "InstalledFiles": [ "usr/lib/libxtables.so.12", "usr/lib/libxtables.so.12.7.0" ], "AnalyzedBy": "apk" }, { "ID": "linux-pam@1.6.0-r0", "Name": "linux-pam", "Identifier": { "PURL": "pkg:apk/alpine/linux-pam@1.6.0-r0?arch=x86_64\u0026distro=3.20.3", "UID": "e75124828b58d10e" }, "Version": "1.6.0-r0", "Arch": "x86_64", "SrcName": "linux-pam", "SrcVersion": "1.6.0-r0", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0", "utmps-libs@0.1.2.2-r1" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:3e55a9b590f857dd12a1fca8b31d9db184fc74f0", "InstalledFiles": [ "etc/environment", "etc/pam.d/base-account", "etc/pam.d/base-auth", "etc/pam.d/base-password", "etc/pam.d/base-session", "etc/pam.d/base-session-noninteractive", "etc/pam.d/login", "etc/pam.d/other", "etc/pam.d/su", "etc/security/access.conf", "etc/security/faillock.conf", "etc/security/group.conf", "etc/security/limits.conf", "etc/security/namespace.conf", "etc/security/namespace.init", "etc/security/pam_env.conf", "etc/security/pwhistory.conf", "etc/security/time.conf", "lib/libpam.so.0", "lib/libpam.so.0.85.1", "lib/libpam_misc.so.0", "lib/libpam_misc.so.0.82.1", "lib/libpamc.so.0", "lib/libpamc.so.0.82.1", "lib/security/pam_access.so", "lib/security/pam_canonicalize_user.so", "lib/security/pam_debug.so", "lib/security/pam_deny.so", "lib/security/pam_echo.so", "lib/security/pam_env.so", "lib/security/pam_exec.so", "lib/security/pam_faildelay.so", "lib/security/pam_faillock.so", "lib/security/pam_filter.so", "lib/security/pam_ftp.so", "lib/security/pam_group.so", "lib/security/pam_issue.so", "lib/security/pam_keyinit.so", "lib/security/pam_limits.so", "lib/security/pam_listfile.so", "lib/security/pam_localuser.so", "lib/security/pam_loginuid.so", "lib/security/pam_mail.so", "lib/security/pam_mkhomedir.so", "lib/security/pam_motd.so", "lib/security/pam_namespace.so", "lib/security/pam_nologin.so", "lib/security/pam_permit.so", "lib/security/pam_pwhistory.so", "lib/security/pam_rootok.so", "lib/security/pam_securetty.so", "lib/security/pam_setquota.so", "lib/security/pam_shells.so", "lib/security/pam_stress.so", "lib/security/pam_succeed_if.so", "lib/security/pam_time.so", "lib/security/pam_timestamp.so", "lib/security/pam_umask.so", "lib/security/pam_unix.so", "lib/security/pam_usertype.so", "lib/security/pam_warn.so", "lib/security/pam_wheel.so", "lib/security/pam_xauth.so", "lib/security/pam_filter/upperLOWER", "sbin/faillock", "sbin/mkhomedir_helper", "sbin/pam_namespace_helper", "sbin/pam_timestamp_check", "sbin/pwhistory_helper", "sbin/unix_chkpwd", "sbin/unix_update" ], "AnalyzedBy": "apk" }, { "ID": "mii-tool@2.10-r3", "Name": "mii-tool", "Identifier": { "PURL": "pkg:apk/alpine/mii-tool@2.10-r3?arch=x86_64\u0026distro=3.20.3", "UID": "f018b55be68ae905" }, "Version": "2.10-r3", "Arch": "x86_64", "SrcName": "net-tools", "SrcVersion": "2.10-r3", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:49238c70fc68ee52895c53b4943cd323efd4e29d", "InstalledFiles": [ "sbin/mii-tool" ], "AnalyzedBy": "apk" }, { "ID": "musl@1.2.5-r0", "Name": "musl", "Identifier": { "PURL": "pkg:apk/alpine/musl@1.2.5-r0?arch=x86_64\u0026distro=3.20.3", "UID": "d76e86ca8c96b6ac" }, "Version": "1.2.5-r0", "Arch": "x86_64", "SrcName": "musl", "SrcVersion": "1.2.5-r0", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "Digest": "sha1:3d2da235e1c31f7045e9382a48cbbfa5c7375c86", "InstalledFiles": [ "lib/ld-musl-x86_64.so.1", "lib/libc.musl-x86_64.so.1" ], "AnalyzedBy": "apk" }, { "ID": "musl-utils@1.2.5-r0", "Name": "musl-utils", "Identifier": { "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r0?arch=x86_64\u0026distro=3.20.3", "UID": "a313fc68c87a2f4d" }, "Version": "1.2.5-r0", "Arch": "x86_64", "SrcName": "musl", "SrcVersion": "1.2.5-r0", "Licenses": [ "MIT", "BSD-2-Clause", "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0", "scanelf@1.3.7-r2" ], "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "Digest": "sha1:e11671e426dc2d8189155906d007c39be1eb1367", "InstalledFiles": [ "sbin/ldconfig", "usr/bin/getconf", "usr/bin/getent", "usr/bin/iconv", "usr/bin/ldd" ], "AnalyzedBy": "apk" }, { "ID": "ncurses-terminfo-base@6.4_p20240420-r1", "Name": "ncurses-terminfo-base", "Identifier": { "PURL": "pkg:apk/alpine/ncurses-terminfo-base@6.4_p20240420-r1?arch=x86_64\u0026distro=3.20.3", "UID": "fb917cecc9ff879e" }, "Version": "6.4_p20240420-r1", "Arch": "x86_64", "SrcName": "ncurses", "SrcVersion": "6.4_p20240420-r1", "Licenses": [ "X-11" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:b94ecaed3ab420de295b36edb80b60ce311c4239", "InstalledFiles": [ "etc/terminfo/a/alacritty", "etc/terminfo/a/ansi", "etc/terminfo/d/dumb", "etc/terminfo/g/gnome", "etc/terminfo/g/gnome-256color", "etc/terminfo/k/konsole", "etc/terminfo/k/konsole-256color", "etc/terminfo/k/konsole-linux", "etc/terminfo/l/linux", "etc/terminfo/p/putty", "etc/terminfo/p/putty-256color", "etc/terminfo/r/rxvt", "etc/terminfo/r/rxvt-256color", "etc/terminfo/s/screen", "etc/terminfo/s/screen-256color", "etc/terminfo/s/st-0.6", "etc/terminfo/s/st-0.7", "etc/terminfo/s/st-0.8", "etc/terminfo/s/st-16color", "etc/terminfo/s/st-256color", "etc/terminfo/s/st-direct", "etc/terminfo/s/sun", "etc/terminfo/t/terminator", "etc/terminfo/t/terminology", "etc/terminfo/t/terminology-0.6.1", "etc/terminfo/t/terminology-1.0.0", "etc/terminfo/t/terminology-1.8.1", "etc/terminfo/t/tmux", "etc/terminfo/t/tmux-256color", "etc/terminfo/v/vt100", "etc/terminfo/v/vt102", "etc/terminfo/v/vt200", "etc/terminfo/v/vt220", "etc/terminfo/v/vt52", "etc/terminfo/v/vte", "etc/terminfo/v/vte-256color", "etc/terminfo/x/xterm", "etc/terminfo/x/xterm-256color", "etc/terminfo/x/xterm-color", "etc/terminfo/x/xterm-xfree86" ], "AnalyzedBy": "apk" }, { "ID": "net-tools@2.10-r3", "Name": "net-tools", "Identifier": { "PURL": "pkg:apk/alpine/net-tools@2.10-r3?arch=x86_64\u0026distro=3.20.3", "UID": "6902e73bb63d23c2" }, "Version": "2.10-r3", "Arch": "x86_64", "SrcName": "net-tools", "SrcVersion": "2.10-r3", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "mii-tool@2.10-r3", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:7477f3fc0aab7592d8fab926630b0b14171f7702", "InstalledFiles": [ "bin/dnsdomainname", "bin/domainname", "bin/hostname", "bin/netstat", "bin/nisdomainname", "bin/route", "bin/ypdomainname", "sbin/arp", "sbin/ifconfig", "sbin/ipmaddr", "sbin/iptunnel", "sbin/nameif", "sbin/plipconfig", "sbin/rarp", "sbin/slattach" ], "AnalyzedBy": "apk" }, { "ID": "netcat-openbsd@1.226-r0", "Name": "netcat-openbsd", "Identifier": { "PURL": "pkg:apk/alpine/netcat-openbsd@1.226-r0?arch=x86_64\u0026distro=3.20.3", "UID": "9a32d2978a7cdc46" }, "Version": "1.226-r0", "Arch": "x86_64", "SrcName": "netcat-openbsd", "SrcVersion": "1.226-r0", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Leonardo Arena \u003crnalrd@alpinelinux.org\u003e", "DependsOn": [ "libbsd@0.12.2-r0", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:05e1a042c544d3117b1dc96391e1b6d543e269fe", "InstalledFiles": [ "usr/bin/nc" ], "AnalyzedBy": "apk" }, { "ID": "nghttp2-libs@1.62.1-r0", "Name": "nghttp2-libs", "Identifier": { "PURL": "pkg:apk/alpine/nghttp2-libs@1.62.1-r0?arch=x86_64\u0026distro=3.20.3", "UID": "42b2705c1dbc8035" }, "Version": "1.62.1-r0", "Arch": "x86_64", "SrcName": "nghttp2", "SrcVersion": "1.62.1-r0", "Licenses": [ "MIT" ], "Maintainer": "Francesco Colista \u003cfcolista@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:2c38b5b57527b4b61a9e954543ade9367c9663f9", "InstalledFiles": [ "usr/lib/libnghttp2.so.14", "usr/lib/libnghttp2.so.14.28.1" ], "AnalyzedBy": "apk" }, { "ID": "oniguruma@6.9.9-r0", "Name": "oniguruma", "Identifier": { "PURL": "pkg:apk/alpine/oniguruma@6.9.9-r0?arch=x86_64\u0026distro=3.20.3", "UID": "ab491550022f752b" }, "Version": "6.9.9-r0", "Arch": "x86_64", "SrcName": "oniguruma", "SrcVersion": "6.9.9-r0", "Licenses": [ "BSD-2-Clause" ], "Maintainer": "Francesco Colista \u003cfcolista@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:2c29b1278471ca8cc10785dfd7a1a4c84444fe05", "InstalledFiles": [ "usr/lib/libonig.so.5", "usr/lib/libonig.so.5.4.0" ], "AnalyzedBy": "apk" }, { "ID": "openresolv@3.13.2-r0", "Name": "openresolv", "Identifier": { "PURL": "pkg:apk/alpine/openresolv@3.13.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "50f378b73a425ca" }, "Version": "3.13.2-r0", "Arch": "x86_64", "SrcName": "openresolv", "SrcVersion": "3.13.2-r0", "Licenses": [ "BSD-2-Clause" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:cbe9ba4c51769f47315127ce2a17c3317583d3ce", "InstalledFiles": [ "etc/resolvconf.conf", "lib/resolvconf/dnsmasq", "lib/resolvconf/libc", "lib/resolvconf/named", "lib/resolvconf/pdns_recursor", "lib/resolvconf/pdnsd", "lib/resolvconf/unbound", "lib/resolvconf/libc.d/avahi-daemon", "lib/resolvconf/libc.d/mdnsd", "sbin/resolvconf" ], "AnalyzedBy": "apk" }, { "ID": "pcre2@10.43-r0", "Name": "pcre2", "Identifier": { "PURL": "pkg:apk/alpine/pcre2@10.43-r0?arch=x86_64\u0026distro=3.20.3", "UID": "fe49afecbfd3c35b" }, "Version": "10.43-r0", "Arch": "x86_64", "SrcName": "pcre2", "SrcVersion": "10.43-r0", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Jakub Jirutka \u003cjakub@jirutka.cz\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:447266b2ae4cb2b6ac25f42b07486a496dc71d25", "InstalledFiles": [ "usr/lib/libpcre2-8.so.0", "usr/lib/libpcre2-8.so.0.12.0", "usr/lib/libpcre2-posix.so.3", "usr/lib/libpcre2-posix.so.3.0.5" ], "AnalyzedBy": "apk" }, { "ID": "procps-ng@4.0.4-r0", "Name": "procps-ng", "Identifier": { "PURL": "pkg:apk/alpine/procps-ng@4.0.4-r0?arch=x86_64\u0026distro=3.20.3", "UID": "5b6d07cf92054959" }, "Version": "4.0.4-r0", "Arch": "x86_64", "SrcName": "procps-ng", "SrcVersion": "4.0.4-r0", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.1-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libintl@0.22.5-r0", "libncursesw@6.4_p20240420-r1", "libproc2@4.0.4-r0", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:1ba8b62fcd9d1b49b8362bc58c2d24695d194076", "InstalledFiles": [ "bin/pidof", "bin/pidwait", "bin/ps", "bin/slabtop", "bin/tload", "bin/vmstat", "bin/w", "bin/watch", "sbin/sysctl", "usr/bin/free", "usr/bin/pgrep", "usr/bin/pkill", "usr/bin/pmap", "usr/bin/pwdx", "usr/bin/top", "usr/bin/uptime" ], "AnalyzedBy": "apk" }, { "ID": "protobuf-c@1.5.0-r0", "Name": "protobuf-c", "Identifier": { "PURL": "pkg:apk/alpine/protobuf-c@1.5.0-r0?arch=x86_64\u0026distro=3.20.3", "UID": "9c236bd89ac9e4cd" }, "Version": "1.5.0-r0", "Arch": "x86_64", "SrcName": "protobuf-c", "SrcVersion": "1.5.0-r0", "Licenses": [ "BSD-2-Clause" ], "Maintainer": "Leonardo Arena \u003crnalrd@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:70e92079dc99f9cb2ed013b321f72a35e1b4b893", "InstalledFiles": [ "usr/lib/libprotobuf-c.so.1", "usr/lib/libprotobuf-c.so.1.0.0" ], "AnalyzedBy": "apk" }, { "ID": "readline@8.2.10-r0", "Name": "readline", "Identifier": { "PURL": "pkg:apk/alpine/readline@8.2.10-r0?arch=x86_64\u0026distro=3.20.3", "UID": "8545917dc127fb65" }, "Version": "8.2.10-r0", "Arch": "x86_64", "SrcName": "readline", "SrcVersion": "8.2.10-r0", "Licenses": [ "GPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libncursesw@6.4_p20240420-r1", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:4a9a680cad09eaf9918906e628376c4ad8269731", "InstalledFiles": [ "etc/inputrc", "usr/lib/libreadline.so.8", "usr/lib/libreadline.so.8.2" ], "AnalyzedBy": "apk" }, { "ID": "scanelf@1.3.7-r2", "Name": "scanelf", "Identifier": { "PURL": "pkg:apk/alpine/scanelf@1.3.7-r2?arch=x86_64\u0026distro=3.20.3", "UID": "d28800ba35f564bd" }, "Version": "1.3.7-r2", "Arch": "x86_64", "SrcName": "pax-utils", "SrcVersion": "1.3.7-r2", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "Digest": "sha1:c84b0b49111485cb08744822f9b34a9fa9524fcc", "InstalledFiles": [ "usr/bin/scanelf" ], "AnalyzedBy": "apk" }, { "ID": "shadow@4.15.1-r0", "Name": "shadow", "Identifier": { "PURL": "pkg:apk/alpine/shadow@4.15.1-r0?arch=x86_64\u0026distro=3.20.3", "UID": "607e65e775be821f" }, "Version": "4.15.1-r0", "Arch": "x86_64", "SrcName": "shadow", "SrcVersion": "4.15.1-r0", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Stuart Cardall \u003cdeveloper@it-offshore.co.uk\u003e", "DependsOn": [ "busybox-binsh@1.36.1-r29", "libbsd@0.12.2-r0", "linux-pam@1.6.0-r0", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:bc531fce90f73500eee767bf67a26ec6c0cadded", "InstalledFiles": [ "bin/groups", "etc/login.defs", "etc/pam.d/chfn", "etc/pam.d/chpasswd", "etc/pam.d/chsh", "etc/pam.d/groupmems", "etc/pam.d/newusers", "etc/pam.d/shadow-utils", "usr/bin/chage", "usr/bin/chfn", "usr/bin/chsh", "usr/bin/expiry", "usr/bin/gpasswd", "usr/bin/passwd", "usr/sbin/chgpasswd", "usr/sbin/chpasswd", "usr/sbin/groupadd", "usr/sbin/groupdel", "usr/sbin/groupmems", "usr/sbin/groupmod", "usr/sbin/grpck", "usr/sbin/logoutd", "usr/sbin/newusers", "usr/sbin/pwck", "usr/sbin/useradd", "usr/sbin/userdel", "usr/sbin/usermod", "usr/sbin/vigr", "usr/sbin/vipw" ], "AnalyzedBy": "apk" }, { "ID": "skalibs@2.14.1.1-r0", "Name": "skalibs", "Identifier": { "PURL": "pkg:apk/alpine/skalibs@2.14.1.1-r0?arch=x86_64\u0026distro=3.20.3", "UID": "6116e2b7ad3fa0a" }, "Version": "2.14.1.1-r0", "Arch": "x86_64", "SrcName": "skalibs", "SrcVersion": "2.14.1.1-r0", "Licenses": [ "ISC" ], "Maintainer": "Laurent Bercot \u003cska-devel@skarnet.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:e9f4cc78e767f77e9b76d4ca1be2c95891d660da", "InstalledFiles": [ "lib/libskarnet.so.2.14", "lib/libskarnet.so.2.14.1.1" ], "AnalyzedBy": "apk" }, { "ID": "ssl_client@1.36.1-r29", "Name": "ssl_client", "Identifier": { "PURL": "pkg:apk/alpine/ssl_client@1.36.1-r29?arch=x86_64\u0026distro=3.20.3", "UID": "98ff5cbbbcd05de1" }, "Version": "1.36.1-r29", "Arch": "x86_64", "SrcName": "busybox", "SrcVersion": "1.36.1-r29", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", "DependsOn": [ "libcrypto3@3.3.2-r0", "libssl3@3.3.2-r0", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "Digest": "sha1:7e2867092a0edee7436f70e4430b6b7dde363094", "InstalledFiles": [ "usr/bin/ssl_client" ], "AnalyzedBy": "apk" }, { "ID": "tzdata@2024b-r0", "Name": "tzdata", "Identifier": { "PURL": "pkg:apk/alpine/tzdata@2024b-r0?arch=x86_64\u0026distro=3.20.3", "UID": "f2d144c7f989a952" }, "Version": "2024b-r0", "Arch": "x86_64", "SrcName": "tzdata", "SrcVersion": "2024b-r0", "Licenses": [ "Public-Domain" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:78fa61c4d1307cb88216bd8a6a45236f1d2ed6eb", "InstalledFiles": [ "usr/share/zoneinfo/CET", "usr/share/zoneinfo/CST6CDT", "usr/share/zoneinfo/Cuba", "usr/share/zoneinfo/EET", "usr/share/zoneinfo/EST", "usr/share/zoneinfo/EST5EDT", "usr/share/zoneinfo/Egypt", "usr/share/zoneinfo/Eire", "usr/share/zoneinfo/Factory", "usr/share/zoneinfo/GB", "usr/share/zoneinfo/GB-Eire", "usr/share/zoneinfo/GMT", "usr/share/zoneinfo/GMT+0", "usr/share/zoneinfo/GMT-0", "usr/share/zoneinfo/GMT0", "usr/share/zoneinfo/Greenwich", "usr/share/zoneinfo/HST", "usr/share/zoneinfo/Hongkong", "usr/share/zoneinfo/Iceland", "usr/share/zoneinfo/Iran", "usr/share/zoneinfo/Israel", "usr/share/zoneinfo/Jamaica", "usr/share/zoneinfo/Japan", "usr/share/zoneinfo/Kwajalein", "usr/share/zoneinfo/Libya", "usr/share/zoneinfo/MET", "usr/share/zoneinfo/MST", "usr/share/zoneinfo/MST7MDT", "usr/share/zoneinfo/NZ", "usr/share/zoneinfo/NZ-CHAT", "usr/share/zoneinfo/Navajo", "usr/share/zoneinfo/PRC", "usr/share/zoneinfo/PST8PDT", "usr/share/zoneinfo/Poland", "usr/share/zoneinfo/Portugal", "usr/share/zoneinfo/ROC", "usr/share/zoneinfo/ROK", "usr/share/zoneinfo/Singapore", "usr/share/zoneinfo/Turkey", "usr/share/zoneinfo/UCT", "usr/share/zoneinfo/UTC", "usr/share/zoneinfo/Universal", "usr/share/zoneinfo/W-SU", "usr/share/zoneinfo/WET", "usr/share/zoneinfo/Zulu", "usr/share/zoneinfo/iso3166.tab", "usr/share/zoneinfo/leap-seconds.list", "usr/share/zoneinfo/posixrules", "usr/share/zoneinfo/zone.tab", "usr/share/zoneinfo/zone1970.tab", "usr/share/zoneinfo/Africa/Abidjan", "usr/share/zoneinfo/Africa/Accra", "usr/share/zoneinfo/Africa/Addis_Ababa", "usr/share/zoneinfo/Africa/Algiers", "usr/share/zoneinfo/Africa/Asmara", "usr/share/zoneinfo/Africa/Asmera", "usr/share/zoneinfo/Africa/Bamako", "usr/share/zoneinfo/Africa/Bangui", "usr/share/zoneinfo/Africa/Banjul", "usr/share/zoneinfo/Africa/Bissau", "usr/share/zoneinfo/Africa/Blantyre", "usr/share/zoneinfo/Africa/Brazzaville", "usr/share/zoneinfo/Africa/Bujumbura", "usr/share/zoneinfo/Africa/Cairo", "usr/share/zoneinfo/Africa/Casablanca", "usr/share/zoneinfo/Africa/Ceuta", "usr/share/zoneinfo/Africa/Conakry", "usr/share/zoneinfo/Africa/Dakar", "usr/share/zoneinfo/Africa/Dar_es_Salaam", "usr/share/zoneinfo/Africa/Djibouti", "usr/share/zoneinfo/Africa/Douala", "usr/share/zoneinfo/Africa/El_Aaiun", "usr/share/zoneinfo/Africa/Freetown", "usr/share/zoneinfo/Africa/Gaborone", "usr/share/zoneinfo/Africa/Harare", "usr/share/zoneinfo/Africa/Johannesburg", "usr/share/zoneinfo/Africa/Juba", "usr/share/zoneinfo/Africa/Kampala", "usr/share/zoneinfo/Africa/Khartoum", "usr/share/zoneinfo/Africa/Kigali", "usr/share/zoneinfo/Africa/Kinshasa", "usr/share/zoneinfo/Africa/Lagos", "usr/share/zoneinfo/Africa/Libreville", "usr/share/zoneinfo/Africa/Lome", "usr/share/zoneinfo/Africa/Luanda", "usr/share/zoneinfo/Africa/Lubumbashi", "usr/share/zoneinfo/Africa/Lusaka", "usr/share/zoneinfo/Africa/Malabo", "usr/share/zoneinfo/Africa/Maputo", "usr/share/zoneinfo/Africa/Maseru", "usr/share/zoneinfo/Africa/Mbabane", "usr/share/zoneinfo/Africa/Mogadishu", "usr/share/zoneinfo/Africa/Monrovia", "usr/share/zoneinfo/Africa/Nairobi", "usr/share/zoneinfo/Africa/Ndjamena", "usr/share/zoneinfo/Africa/Niamey", "usr/share/zoneinfo/Africa/Nouakchott", "usr/share/zoneinfo/Africa/Ouagadougou", "usr/share/zoneinfo/Africa/Porto-Novo", "usr/share/zoneinfo/Africa/Sao_Tome", "usr/share/zoneinfo/Africa/Timbuktu", "usr/share/zoneinfo/Africa/Tripoli", "usr/share/zoneinfo/Africa/Tunis", "usr/share/zoneinfo/Africa/Windhoek", "usr/share/zoneinfo/America/Adak", "usr/share/zoneinfo/America/Anchorage", "usr/share/zoneinfo/America/Anguilla", "usr/share/zoneinfo/America/Antigua", "usr/share/zoneinfo/America/Araguaina", "usr/share/zoneinfo/America/Aruba", "usr/share/zoneinfo/America/Asuncion", "usr/share/zoneinfo/America/Atikokan", "usr/share/zoneinfo/America/Atka", "usr/share/zoneinfo/America/Bahia", "usr/share/zoneinfo/America/Bahia_Banderas", "usr/share/zoneinfo/America/Barbados", "usr/share/zoneinfo/America/Belem", "usr/share/zoneinfo/America/Belize", "usr/share/zoneinfo/America/Blanc-Sablon", "usr/share/zoneinfo/America/Boa_Vista", "usr/share/zoneinfo/America/Bogota", "usr/share/zoneinfo/America/Boise", "usr/share/zoneinfo/America/Buenos_Aires", "usr/share/zoneinfo/America/Cambridge_Bay", "usr/share/zoneinfo/America/Campo_Grande", "usr/share/zoneinfo/America/Cancun", "usr/share/zoneinfo/America/Caracas", "usr/share/zoneinfo/America/Catamarca", "usr/share/zoneinfo/America/Cayenne", "usr/share/zoneinfo/America/Cayman", "usr/share/zoneinfo/America/Chicago", "usr/share/zoneinfo/America/Chihuahua", "usr/share/zoneinfo/America/Ciudad_Juarez", "usr/share/zoneinfo/America/Coral_Harbour", "usr/share/zoneinfo/America/Cordoba", "usr/share/zoneinfo/America/Costa_Rica", "usr/share/zoneinfo/America/Creston", "usr/share/zoneinfo/America/Cuiaba", "usr/share/zoneinfo/America/Curacao", "usr/share/zoneinfo/America/Danmarkshavn", "usr/share/zoneinfo/America/Dawson", "usr/share/zoneinfo/America/Dawson_Creek", "usr/share/zoneinfo/America/Denver", "usr/share/zoneinfo/America/Detroit", "usr/share/zoneinfo/America/Dominica", "usr/share/zoneinfo/America/Edmonton", "usr/share/zoneinfo/America/Eirunepe", "usr/share/zoneinfo/America/El_Salvador", "usr/share/zoneinfo/America/Ensenada", "usr/share/zoneinfo/America/Fort_Nelson", "usr/share/zoneinfo/America/Fort_Wayne", "usr/share/zoneinfo/America/Fortaleza", "usr/share/zoneinfo/America/Glace_Bay", "usr/share/zoneinfo/America/Godthab", "usr/share/zoneinfo/America/Goose_Bay", "usr/share/zoneinfo/America/Grand_Turk", "usr/share/zoneinfo/America/Grenada", "usr/share/zoneinfo/America/Guadeloupe", "usr/share/zoneinfo/America/Guatemala", "usr/share/zoneinfo/America/Guayaquil", "usr/share/zoneinfo/America/Guyana", "usr/share/zoneinfo/America/Halifax", "usr/share/zoneinfo/America/Havana", "usr/share/zoneinfo/America/Hermosillo", "usr/share/zoneinfo/America/Indianapolis", "usr/share/zoneinfo/America/Inuvik", "usr/share/zoneinfo/America/Iqaluit", "usr/share/zoneinfo/America/Jamaica", "usr/share/zoneinfo/America/Jujuy", "usr/share/zoneinfo/America/Juneau", "usr/share/zoneinfo/America/Knox_IN", "usr/share/zoneinfo/America/Kralendijk", "usr/share/zoneinfo/America/La_Paz", "usr/share/zoneinfo/America/Lima", "usr/share/zoneinfo/America/Los_Angeles", "usr/share/zoneinfo/America/Louisville", "usr/share/zoneinfo/America/Lower_Princes", "usr/share/zoneinfo/America/Maceio", "usr/share/zoneinfo/America/Managua", "usr/share/zoneinfo/America/Manaus", "usr/share/zoneinfo/America/Marigot", "usr/share/zoneinfo/America/Martinique", "usr/share/zoneinfo/America/Matamoros", "usr/share/zoneinfo/America/Mazatlan", "usr/share/zoneinfo/America/Mendoza", "usr/share/zoneinfo/America/Menominee", "usr/share/zoneinfo/America/Merida", "usr/share/zoneinfo/America/Metlakatla", "usr/share/zoneinfo/America/Mexico_City", "usr/share/zoneinfo/America/Miquelon", "usr/share/zoneinfo/America/Moncton", "usr/share/zoneinfo/America/Monterrey", "usr/share/zoneinfo/America/Montevideo", "usr/share/zoneinfo/America/Montreal", "usr/share/zoneinfo/America/Montserrat", "usr/share/zoneinfo/America/Nassau", "usr/share/zoneinfo/America/New_York", "usr/share/zoneinfo/America/Nipigon", "usr/share/zoneinfo/America/Nome", "usr/share/zoneinfo/America/Noronha", "usr/share/zoneinfo/America/Nuuk", "usr/share/zoneinfo/America/Ojinaga", "usr/share/zoneinfo/America/Panama", "usr/share/zoneinfo/America/Pangnirtung", "usr/share/zoneinfo/America/Paramaribo", "usr/share/zoneinfo/America/Phoenix", "usr/share/zoneinfo/America/Port-au-Prince", "usr/share/zoneinfo/America/Port_of_Spain", "usr/share/zoneinfo/America/Porto_Acre", "usr/share/zoneinfo/America/Porto_Velho", "usr/share/zoneinfo/America/Puerto_Rico", "usr/share/zoneinfo/America/Punta_Arenas", "usr/share/zoneinfo/America/Rainy_River", "usr/share/zoneinfo/America/Rankin_Inlet", "usr/share/zoneinfo/America/Recife", "usr/share/zoneinfo/America/Regina", "usr/share/zoneinfo/America/Resolute", "usr/share/zoneinfo/America/Rio_Branco", "usr/share/zoneinfo/America/Rosario", "usr/share/zoneinfo/America/Santa_Isabel", "usr/share/zoneinfo/America/Santarem", "usr/share/zoneinfo/America/Santiago", "usr/share/zoneinfo/America/Santo_Domingo", "usr/share/zoneinfo/America/Sao_Paulo", "usr/share/zoneinfo/America/Scoresbysund", "usr/share/zoneinfo/America/Shiprock", "usr/share/zoneinfo/America/Sitka", "usr/share/zoneinfo/America/St_Barthelemy", "usr/share/zoneinfo/America/St_Johns", "usr/share/zoneinfo/America/St_Kitts", "usr/share/zoneinfo/America/St_Lucia", "usr/share/zoneinfo/America/St_Thomas", "usr/share/zoneinfo/America/St_Vincent", "usr/share/zoneinfo/America/Swift_Current", "usr/share/zoneinfo/America/Tegucigalpa", "usr/share/zoneinfo/America/Thule", "usr/share/zoneinfo/America/Thunder_Bay", "usr/share/zoneinfo/America/Tijuana", "usr/share/zoneinfo/America/Toronto", "usr/share/zoneinfo/America/Tortola", "usr/share/zoneinfo/America/Vancouver", "usr/share/zoneinfo/America/Virgin", "usr/share/zoneinfo/America/Whitehorse", "usr/share/zoneinfo/America/Winnipeg", "usr/share/zoneinfo/America/Yakutat", "usr/share/zoneinfo/America/Yellowknife", "usr/share/zoneinfo/America/Argentina/Buenos_Aires", "usr/share/zoneinfo/America/Argentina/Catamarca", "usr/share/zoneinfo/America/Argentina/ComodRivadavia", "usr/share/zoneinfo/America/Argentina/Cordoba", "usr/share/zoneinfo/America/Argentina/Jujuy", "usr/share/zoneinfo/America/Argentina/La_Rioja", "usr/share/zoneinfo/America/Argentina/Mendoza", "usr/share/zoneinfo/America/Argentina/Rio_Gallegos", "usr/share/zoneinfo/America/Argentina/Salta", "usr/share/zoneinfo/America/Argentina/San_Juan", "usr/share/zoneinfo/America/Argentina/San_Luis", "usr/share/zoneinfo/America/Argentina/Tucuman", "usr/share/zoneinfo/America/Argentina/Ushuaia", "usr/share/zoneinfo/America/Indiana/Indianapolis", "usr/share/zoneinfo/America/Indiana/Knox", "usr/share/zoneinfo/America/Indiana/Marengo", "usr/share/zoneinfo/America/Indiana/Petersburg", "usr/share/zoneinfo/America/Indiana/Tell_City", "usr/share/zoneinfo/America/Indiana/Vevay", "usr/share/zoneinfo/America/Indiana/Vincennes", "usr/share/zoneinfo/America/Indiana/Winamac", "usr/share/zoneinfo/America/Kentucky/Louisville", "usr/share/zoneinfo/America/Kentucky/Monticello", "usr/share/zoneinfo/America/North_Dakota/Beulah", "usr/share/zoneinfo/America/North_Dakota/Center", "usr/share/zoneinfo/America/North_Dakota/New_Salem", "usr/share/zoneinfo/Antarctica/Casey", "usr/share/zoneinfo/Antarctica/Davis", "usr/share/zoneinfo/Antarctica/DumontDUrville", "usr/share/zoneinfo/Antarctica/Macquarie", "usr/share/zoneinfo/Antarctica/Mawson", "usr/share/zoneinfo/Antarctica/McMurdo", "usr/share/zoneinfo/Antarctica/Palmer", "usr/share/zoneinfo/Antarctica/Rothera", "usr/share/zoneinfo/Antarctica/South_Pole", "usr/share/zoneinfo/Antarctica/Syowa", "usr/share/zoneinfo/Antarctica/Troll", "usr/share/zoneinfo/Antarctica/Vostok", "usr/share/zoneinfo/Arctic/Longyearbyen", "usr/share/zoneinfo/Asia/Aden", "usr/share/zoneinfo/Asia/Almaty", "usr/share/zoneinfo/Asia/Amman", "usr/share/zoneinfo/Asia/Anadyr", "usr/share/zoneinfo/Asia/Aqtau", "usr/share/zoneinfo/Asia/Aqtobe", "usr/share/zoneinfo/Asia/Ashgabat", "usr/share/zoneinfo/Asia/Ashkhabad", "usr/share/zoneinfo/Asia/Atyrau", "usr/share/zoneinfo/Asia/Baghdad", "usr/share/zoneinfo/Asia/Bahrain", "usr/share/zoneinfo/Asia/Baku", "usr/share/zoneinfo/Asia/Bangkok", "usr/share/zoneinfo/Asia/Barnaul", "usr/share/zoneinfo/Asia/Beirut", "usr/share/zoneinfo/Asia/Bishkek", "usr/share/zoneinfo/Asia/Brunei", "usr/share/zoneinfo/Asia/Calcutta", "usr/share/zoneinfo/Asia/Chita", "usr/share/zoneinfo/Asia/Choibalsan", "usr/share/zoneinfo/Asia/Chongqing", "usr/share/zoneinfo/Asia/Chungking", "usr/share/zoneinfo/Asia/Colombo", "usr/share/zoneinfo/Asia/Dacca", "usr/share/zoneinfo/Asia/Damascus", "usr/share/zoneinfo/Asia/Dhaka", "usr/share/zoneinfo/Asia/Dili", "usr/share/zoneinfo/Asia/Dubai", "usr/share/zoneinfo/Asia/Dushanbe", "usr/share/zoneinfo/Asia/Famagusta", "usr/share/zoneinfo/Asia/Gaza", "usr/share/zoneinfo/Asia/Harbin", "usr/share/zoneinfo/Asia/Hebron", "usr/share/zoneinfo/Asia/Ho_Chi_Minh", "usr/share/zoneinfo/Asia/Hong_Kong", "usr/share/zoneinfo/Asia/Hovd", "usr/share/zoneinfo/Asia/Irkutsk", "usr/share/zoneinfo/Asia/Istanbul", "usr/share/zoneinfo/Asia/Jakarta", "usr/share/zoneinfo/Asia/Jayapura", "usr/share/zoneinfo/Asia/Jerusalem", "usr/share/zoneinfo/Asia/Kabul", "usr/share/zoneinfo/Asia/Kamchatka", "usr/share/zoneinfo/Asia/Karachi", "usr/share/zoneinfo/Asia/Kashgar", "usr/share/zoneinfo/Asia/Kathmandu", "usr/share/zoneinfo/Asia/Katmandu", "usr/share/zoneinfo/Asia/Khandyga", "usr/share/zoneinfo/Asia/Kolkata", "usr/share/zoneinfo/Asia/Krasnoyarsk", "usr/share/zoneinfo/Asia/Kuala_Lumpur", "usr/share/zoneinfo/Asia/Kuching", "usr/share/zoneinfo/Asia/Kuwait", "usr/share/zoneinfo/Asia/Macao", "usr/share/zoneinfo/Asia/Macau", "usr/share/zoneinfo/Asia/Magadan", "usr/share/zoneinfo/Asia/Makassar", "usr/share/zoneinfo/Asia/Manila", "usr/share/zoneinfo/Asia/Muscat", "usr/share/zoneinfo/Asia/Nicosia", "usr/share/zoneinfo/Asia/Novokuznetsk", "usr/share/zoneinfo/Asia/Novosibirsk", "usr/share/zoneinfo/Asia/Omsk", "usr/share/zoneinfo/Asia/Oral", "usr/share/zoneinfo/Asia/Phnom_Penh", "usr/share/zoneinfo/Asia/Pontianak", "usr/share/zoneinfo/Asia/Pyongyang", "usr/share/zoneinfo/Asia/Qatar", "usr/share/zoneinfo/Asia/Qostanay", "usr/share/zoneinfo/Asia/Qyzylorda", "usr/share/zoneinfo/Asia/Rangoon", "usr/share/zoneinfo/Asia/Riyadh", "usr/share/zoneinfo/Asia/Saigon", "usr/share/zoneinfo/Asia/Sakhalin", "usr/share/zoneinfo/Asia/Samarkand", "usr/share/zoneinfo/Asia/Seoul", "usr/share/zoneinfo/Asia/Shanghai", "usr/share/zoneinfo/Asia/Singapore", "usr/share/zoneinfo/Asia/Srednekolymsk", "usr/share/zoneinfo/Asia/Taipei", "usr/share/zoneinfo/Asia/Tashkent", "usr/share/zoneinfo/Asia/Tbilisi", "usr/share/zoneinfo/Asia/Tehran", "usr/share/zoneinfo/Asia/Tel_Aviv", "usr/share/zoneinfo/Asia/Thimbu", "usr/share/zoneinfo/Asia/Thimphu", "usr/share/zoneinfo/Asia/Tokyo", "usr/share/zoneinfo/Asia/Tomsk", "usr/share/zoneinfo/Asia/Ujung_Pandang", "usr/share/zoneinfo/Asia/Ulaanbaatar", "usr/share/zoneinfo/Asia/Ulan_Bator", "usr/share/zoneinfo/Asia/Urumqi", "usr/share/zoneinfo/Asia/Ust-Nera", "usr/share/zoneinfo/Asia/Vientiane", "usr/share/zoneinfo/Asia/Vladivostok", "usr/share/zoneinfo/Asia/Yakutsk", "usr/share/zoneinfo/Asia/Yangon", "usr/share/zoneinfo/Asia/Yekaterinburg", "usr/share/zoneinfo/Asia/Yerevan", "usr/share/zoneinfo/Atlantic/Azores", "usr/share/zoneinfo/Atlantic/Bermuda", "usr/share/zoneinfo/Atlantic/Canary", "usr/share/zoneinfo/Atlantic/Cape_Verde", "usr/share/zoneinfo/Atlantic/Faeroe", "usr/share/zoneinfo/Atlantic/Faroe", "usr/share/zoneinfo/Atlantic/Jan_Mayen", "usr/share/zoneinfo/Atlantic/Madeira", "usr/share/zoneinfo/Atlantic/Reykjavik", "usr/share/zoneinfo/Atlantic/South_Georgia", "usr/share/zoneinfo/Atlantic/St_Helena", "usr/share/zoneinfo/Atlantic/Stanley", "usr/share/zoneinfo/Australia/ACT", "usr/share/zoneinfo/Australia/Adelaide", "usr/share/zoneinfo/Australia/Brisbane", "usr/share/zoneinfo/Australia/Broken_Hill", "usr/share/zoneinfo/Australia/Canberra", "usr/share/zoneinfo/Australia/Currie", "usr/share/zoneinfo/Australia/Darwin", "usr/share/zoneinfo/Australia/Eucla", "usr/share/zoneinfo/Australia/Hobart", "usr/share/zoneinfo/Australia/LHI", "usr/share/zoneinfo/Australia/Lindeman", "usr/share/zoneinfo/Australia/Lord_Howe", "usr/share/zoneinfo/Australia/Melbourne", "usr/share/zoneinfo/Australia/NSW", "usr/share/zoneinfo/Australia/North", "usr/share/zoneinfo/Australia/Perth", "usr/share/zoneinfo/Australia/Queensland", "usr/share/zoneinfo/Australia/South", "usr/share/zoneinfo/Australia/Sydney", "usr/share/zoneinfo/Australia/Tasmania", "usr/share/zoneinfo/Australia/Victoria", "usr/share/zoneinfo/Australia/West", "usr/share/zoneinfo/Australia/Yancowinna", "usr/share/zoneinfo/Brazil/Acre", "usr/share/zoneinfo/Brazil/DeNoronha", "usr/share/zoneinfo/Brazil/East", "usr/share/zoneinfo/Brazil/West", "usr/share/zoneinfo/Canada/Atlantic", "usr/share/zoneinfo/Canada/Central", "usr/share/zoneinfo/Canada/Eastern", "usr/share/zoneinfo/Canada/Mountain", "usr/share/zoneinfo/Canada/Newfoundland", "usr/share/zoneinfo/Canada/Pacific", "usr/share/zoneinfo/Canada/Saskatchewan", "usr/share/zoneinfo/Canada/Yukon", "usr/share/zoneinfo/Chile/Continental", "usr/share/zoneinfo/Chile/EasterIsland", "usr/share/zoneinfo/Etc/GMT", "usr/share/zoneinfo/Etc/GMT+0", "usr/share/zoneinfo/Etc/GMT+1", "usr/share/zoneinfo/Etc/GMT+10", "usr/share/zoneinfo/Etc/GMT+11", "usr/share/zoneinfo/Etc/GMT+12", "usr/share/zoneinfo/Etc/GMT+2", "usr/share/zoneinfo/Etc/GMT+3", "usr/share/zoneinfo/Etc/GMT+4", "usr/share/zoneinfo/Etc/GMT+5", "usr/share/zoneinfo/Etc/GMT+6", "usr/share/zoneinfo/Etc/GMT+7", "usr/share/zoneinfo/Etc/GMT+8", "usr/share/zoneinfo/Etc/GMT+9", "usr/share/zoneinfo/Etc/GMT-0", "usr/share/zoneinfo/Etc/GMT-1", "usr/share/zoneinfo/Etc/GMT-10", "usr/share/zoneinfo/Etc/GMT-11", "usr/share/zoneinfo/Etc/GMT-12", "usr/share/zoneinfo/Etc/GMT-13", "usr/share/zoneinfo/Etc/GMT-14", "usr/share/zoneinfo/Etc/GMT-2", "usr/share/zoneinfo/Etc/GMT-3", "usr/share/zoneinfo/Etc/GMT-4", "usr/share/zoneinfo/Etc/GMT-5", "usr/share/zoneinfo/Etc/GMT-6", "usr/share/zoneinfo/Etc/GMT-7", "usr/share/zoneinfo/Etc/GMT-8", "usr/share/zoneinfo/Etc/GMT-9", "usr/share/zoneinfo/Etc/GMT0", "usr/share/zoneinfo/Etc/Greenwich", "usr/share/zoneinfo/Etc/UCT", "usr/share/zoneinfo/Etc/UTC", "usr/share/zoneinfo/Etc/Universal", "usr/share/zoneinfo/Etc/Zulu", "usr/share/zoneinfo/Europe/Amsterdam", "usr/share/zoneinfo/Europe/Andorra", "usr/share/zoneinfo/Europe/Astrakhan", "usr/share/zoneinfo/Europe/Athens", "usr/share/zoneinfo/Europe/Belfast", "usr/share/zoneinfo/Europe/Belgrade", "usr/share/zoneinfo/Europe/Berlin", "usr/share/zoneinfo/Europe/Bratislava", "usr/share/zoneinfo/Europe/Brussels", "usr/share/zoneinfo/Europe/Bucharest", "usr/share/zoneinfo/Europe/Budapest", "usr/share/zoneinfo/Europe/Busingen", "usr/share/zoneinfo/Europe/Chisinau", "usr/share/zoneinfo/Europe/Copenhagen", "usr/share/zoneinfo/Europe/Dublin", "usr/share/zoneinfo/Europe/Gibraltar", "usr/share/zoneinfo/Europe/Guernsey", "usr/share/zoneinfo/Europe/Helsinki", "usr/share/zoneinfo/Europe/Isle_of_Man", "usr/share/zoneinfo/Europe/Istanbul", "usr/share/zoneinfo/Europe/Jersey", "usr/share/zoneinfo/Europe/Kaliningrad", "usr/share/zoneinfo/Europe/Kiev", "usr/share/zoneinfo/Europe/Kirov", "usr/share/zoneinfo/Europe/Kyiv", "usr/share/zoneinfo/Europe/Lisbon", "usr/share/zoneinfo/Europe/Ljubljana", "usr/share/zoneinfo/Europe/London", "usr/share/zoneinfo/Europe/Luxembourg", "usr/share/zoneinfo/Europe/Madrid", "usr/share/zoneinfo/Europe/Malta", "usr/share/zoneinfo/Europe/Mariehamn", "usr/share/zoneinfo/Europe/Minsk", "usr/share/zoneinfo/Europe/Monaco", "usr/share/zoneinfo/Europe/Moscow", "usr/share/zoneinfo/Europe/Nicosia", "usr/share/zoneinfo/Europe/Oslo", "usr/share/zoneinfo/Europe/Paris", "usr/share/zoneinfo/Europe/Podgorica", "usr/share/zoneinfo/Europe/Prague", "usr/share/zoneinfo/Europe/Riga", "usr/share/zoneinfo/Europe/Rome", "usr/share/zoneinfo/Europe/Samara", "usr/share/zoneinfo/Europe/San_Marino", "usr/share/zoneinfo/Europe/Sarajevo", "usr/share/zoneinfo/Europe/Saratov", "usr/share/zoneinfo/Europe/Simferopol", "usr/share/zoneinfo/Europe/Skopje", "usr/share/zoneinfo/Europe/Sofia", "usr/share/zoneinfo/Europe/Stockholm", "usr/share/zoneinfo/Europe/Tallinn", "usr/share/zoneinfo/Europe/Tirane", "usr/share/zoneinfo/Europe/Tiraspol", "usr/share/zoneinfo/Europe/Ulyanovsk", "usr/share/zoneinfo/Europe/Uzhgorod", "usr/share/zoneinfo/Europe/Vaduz", "usr/share/zoneinfo/Europe/Vatican", "usr/share/zoneinfo/Europe/Vienna", "usr/share/zoneinfo/Europe/Vilnius", "usr/share/zoneinfo/Europe/Volgograd", "usr/share/zoneinfo/Europe/Warsaw", "usr/share/zoneinfo/Europe/Zagreb", "usr/share/zoneinfo/Europe/Zaporozhye", "usr/share/zoneinfo/Europe/Zurich", "usr/share/zoneinfo/Indian/Antananarivo", "usr/share/zoneinfo/Indian/Chagos", "usr/share/zoneinfo/Indian/Christmas", "usr/share/zoneinfo/Indian/Cocos", "usr/share/zoneinfo/Indian/Comoro", "usr/share/zoneinfo/Indian/Kerguelen", "usr/share/zoneinfo/Indian/Mahe", "usr/share/zoneinfo/Indian/Maldives", "usr/share/zoneinfo/Indian/Mauritius", "usr/share/zoneinfo/Indian/Mayotte", "usr/share/zoneinfo/Indian/Reunion", "usr/share/zoneinfo/Mexico/BajaNorte", "usr/share/zoneinfo/Mexico/BajaSur", "usr/share/zoneinfo/Mexico/General", "usr/share/zoneinfo/Pacific/Apia", "usr/share/zoneinfo/Pacific/Auckland", "usr/share/zoneinfo/Pacific/Bougainville", "usr/share/zoneinfo/Pacific/Chatham", "usr/share/zoneinfo/Pacific/Chuuk", "usr/share/zoneinfo/Pacific/Easter", "usr/share/zoneinfo/Pacific/Efate", "usr/share/zoneinfo/Pacific/Enderbury", "usr/share/zoneinfo/Pacific/Fakaofo", "usr/share/zoneinfo/Pacific/Fiji", "usr/share/zoneinfo/Pacific/Funafuti", "usr/share/zoneinfo/Pacific/Galapagos", "usr/share/zoneinfo/Pacific/Gambier", "usr/share/zoneinfo/Pacific/Guadalcanal", "usr/share/zoneinfo/Pacific/Guam", "usr/share/zoneinfo/Pacific/Honolulu", "usr/share/zoneinfo/Pacific/Johnston", "usr/share/zoneinfo/Pacific/Kanton", "usr/share/zoneinfo/Pacific/Kiritimati", "usr/share/zoneinfo/Pacific/Kosrae", "usr/share/zoneinfo/Pacific/Kwajalein", "usr/share/zoneinfo/Pacific/Majuro", "usr/share/zoneinfo/Pacific/Marquesas", "usr/share/zoneinfo/Pacific/Midway", "usr/share/zoneinfo/Pacific/Nauru", "usr/share/zoneinfo/Pacific/Niue", "usr/share/zoneinfo/Pacific/Norfolk", "usr/share/zoneinfo/Pacific/Noumea", "usr/share/zoneinfo/Pacific/Pago_Pago", "usr/share/zoneinfo/Pacific/Palau", "usr/share/zoneinfo/Pacific/Pitcairn", "usr/share/zoneinfo/Pacific/Pohnpei", "usr/share/zoneinfo/Pacific/Ponape", "usr/share/zoneinfo/Pacific/Port_Moresby", "usr/share/zoneinfo/Pacific/Rarotonga", "usr/share/zoneinfo/Pacific/Saipan", "usr/share/zoneinfo/Pacific/Samoa", "usr/share/zoneinfo/Pacific/Tahiti", "usr/share/zoneinfo/Pacific/Tarawa", "usr/share/zoneinfo/Pacific/Tongatapu", "usr/share/zoneinfo/Pacific/Truk", "usr/share/zoneinfo/Pacific/Wake", "usr/share/zoneinfo/Pacific/Wallis", "usr/share/zoneinfo/Pacific/Yap", "usr/share/zoneinfo/US/Alaska", "usr/share/zoneinfo/US/Aleutian", "usr/share/zoneinfo/US/Arizona", "usr/share/zoneinfo/US/Central", "usr/share/zoneinfo/US/East-Indiana", "usr/share/zoneinfo/US/Eastern", "usr/share/zoneinfo/US/Hawaii", "usr/share/zoneinfo/US/Indiana-Starke", "usr/share/zoneinfo/US/Michigan", "usr/share/zoneinfo/US/Mountain", "usr/share/zoneinfo/US/Pacific", "usr/share/zoneinfo/US/Samoa" ], "AnalyzedBy": "apk" }, { "ID": "unbound-libs@1.20.0-r0", "Name": "unbound-libs", "Identifier": { "PURL": "pkg:apk/alpine/unbound-libs@1.20.0-r0?arch=x86_64\u0026distro=3.20.3", "UID": "3b561481a45e3738" }, "Version": "1.20.0-r0", "Arch": "x86_64", "SrcName": "unbound", "SrcVersion": "1.20.0-r0", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Jakub Jirutka \u003cjakub@jirutka.cz\u003e", "DependsOn": [ "libcrypto3@3.3.2-r0", "libevent@2.1.12-r7", "libssl3@3.3.2-r0", "musl@1.2.5-r0", "protobuf-c@1.5.0-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:958a772ca06cb74759e760fc803f8aa12e723c6a", "InstalledFiles": [ "usr/lib/libunbound.so.8", "usr/lib/libunbound.so.8.1.27" ], "AnalyzedBy": "apk" }, { "ID": "utmps-libs@0.1.2.2-r1", "Name": "utmps-libs", "Identifier": { "PURL": "pkg:apk/alpine/utmps-libs@0.1.2.2-r1?arch=x86_64\u0026distro=3.20.3", "UID": "fc6db068f10560d3" }, "Version": "0.1.2.2-r1", "Arch": "x86_64", "SrcName": "utmps", "SrcVersion": "0.1.2.2-r1", "Licenses": [ "ISC" ], "Maintainer": "Laurent Bercot \u003cska-devel@skarnet.org\u003e", "DependsOn": [ "musl@1.2.5-r0", "skalibs@2.14.1.1-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:b9878c4ee776fd97a317a468c157317fe8c1091b", "InstalledFiles": [ "lib/libutmps.so.0.1", "lib/libutmps.so.0.1.2.2" ], "AnalyzedBy": "apk" }, { "ID": "wireguard-tools@1.0.20210914-r4", "Name": "wireguard-tools", "Identifier": { "PURL": "pkg:apk/alpine/wireguard-tools@1.0.20210914-r4?arch=x86_64\u0026distro=3.20.3", "UID": "c9e05a3374082f34" }, "Version": "1.0.20210914-r4", "Arch": "x86_64", "SrcName": "wireguard-tools", "SrcVersion": "1.0.20210914-r4", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Stuart Cardall \u003cdeveloper@it-offshore.co.uk\u003e", "DependsOn": [ "wireguard-tools-wg-quick@1.0.20210914-r4", "wireguard-tools-wg@1.0.20210914-r4" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:d5359c52411ae44c023a64ae8b82dfb5ce45d6ba", "AnalyzedBy": "apk" }, { "ID": "wireguard-tools-wg@1.0.20210914-r4", "Name": "wireguard-tools-wg", "Identifier": { "PURL": "pkg:apk/alpine/wireguard-tools-wg@1.0.20210914-r4?arch=x86_64\u0026distro=3.20.3", "UID": "55c956455e4b6589" }, "Version": "1.0.20210914-r4", "Arch": "x86_64", "SrcName": "wireguard-tools", "SrcVersion": "1.0.20210914-r4", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Stuart Cardall \u003cdeveloper@it-offshore.co.uk\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:aca8005854e38a252338d9f5b0059136fb973641", "InstalledFiles": [ "usr/bin/wg" ], "AnalyzedBy": "apk" }, { "ID": "wireguard-tools-wg-quick@1.0.20210914-r4", "Name": "wireguard-tools-wg-quick", "Identifier": { "PURL": "pkg:apk/alpine/wireguard-tools-wg-quick@1.0.20210914-r4?arch=x86_64\u0026distro=3.20.3", "UID": "50de1d6f23943b31" }, "Version": "1.0.20210914-r4", "Arch": "x86_64", "SrcName": "wireguard-tools", "SrcVersion": "1.0.20210914-r4", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Stuart Cardall \u003cdeveloper@it-offshore.co.uk\u003e", "DependsOn": [ "bash@5.2.26-r0", "iproute2@6.9.0-r0", "openresolv@3.13.2-r0", "wireguard-tools-wg@1.0.20210914-r4" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:080736c18bc2a84ae794533298119bc6c5901524", "InstalledFiles": [ "usr/bin/wg-quick" ], "AnalyzedBy": "apk" }, { "ID": "xz-libs@5.6.2-r0", "Name": "xz-libs", "Identifier": { "PURL": "pkg:apk/alpine/xz-libs@5.6.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "e1c0785d9b1550b7" }, "Version": "5.6.2-r0", "Arch": "x86_64", "SrcName": "xz", "SrcVersion": "5.6.2-r0", "Licenses": [ "GPL-2.0-or-later", "0BSD", "Public-Domain", "LGPL-2.1-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:d59b22ae174c5a75d84c1c558e25de93d9c792b0", "InstalledFiles": [ "usr/lib/liblzma.so.5", "usr/lib/liblzma.so.5.6.2" ], "AnalyzedBy": "apk" }, { "ID": "zlib@1.3.1-r1", "Name": "zlib", "Identifier": { "PURL": "pkg:apk/alpine/zlib@1.3.1-r1?arch=x86_64\u0026distro=3.20.3", "UID": "d805a98dcdd1a894" }, "Version": "1.3.1-r1", "Arch": "x86_64", "SrcName": "zlib", "SrcVersion": "1.3.1-r1", "Licenses": [ "Zlib" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "Digest": "sha1:9ba6f253e2982e0e6e71cb4187e3d6b6c4bbae99", "InstalledFiles": [ "lib/libz.so.1", "lib/libz.so.1.3.1" ], "AnalyzedBy": "apk" }, { "ID": "zstd-libs@1.5.6-r0", "Name": "zstd-libs", "Identifier": { "PURL": "pkg:apk/alpine/zstd-libs@1.5.6-r0?arch=x86_64\u0026distro=3.20.3", "UID": "d210b79fe91a7abc" }, "Version": "1.5.6-r0", "Arch": "x86_64", "SrcName": "zstd", "SrcVersion": "1.5.6-r0", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:4d60614645192deddc80e6e568fe535b38c315c1", "InstalledFiles": [ "usr/lib/libzstd.so.1", "usr/lib/libzstd.so.1.5.6" ], "AnalyzedBy": "apk" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2024-58251", "PkgID": "busybox@1.36.1-r29", "PkgName": "busybox", "PkgIdentifier": { "PURL": "pkg:apk/alpine/busybox@1.36.1-r29?arch=x86_64\u0026distro=3.20.3", "UID": "9dbf157a22e0026b" }, "InstalledVersion": "1.36.1-r29", "FixedVersion": "1.36.1-r31", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:5086af9baccab29110ed4ac7906e86f130b3dbde9f278c93a13fc49a62d7b3e3", "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", "Severity": "MEDIUM", "CweIDs": [ "CWE-150" ], "VendorSeverity": { "ubuntu": 2 }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/23/6", "https://bugs.busybox.net/show_bug.cgi?id=15922", "https://www.busybox.net", "https://www.busybox.net/downloads/", "https://www.cve.org/CVERecord?id=CVE-2024-58251" ], "PublishedDate": "2025-04-23T18:16:03.057Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-58251", "PkgID": "busybox-binsh@1.36.1-r29", "PkgName": "busybox-binsh", "PkgIdentifier": { "PURL": "pkg:apk/alpine/busybox-binsh@1.36.1-r29?arch=x86_64\u0026distro=3.20.3", "UID": "4c63f123e59f14cd" }, "InstalledVersion": "1.36.1-r29", "FixedVersion": "1.36.1-r31", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:6bc1b30c1986a156941cd7864b7588efb425619039a18ac9a5c75f68c293f7fa", "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", "Severity": "MEDIUM", "CweIDs": [ "CWE-150" ], "VendorSeverity": { "ubuntu": 2 }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/23/6", "https://bugs.busybox.net/show_bug.cgi?id=15922", "https://www.busybox.net", "https://www.busybox.net/downloads/", "https://www.cve.org/CVERecord?id=CVE-2024-58251" ], "PublishedDate": "2025-04-23T18:16:03.057Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-8096", "PkgID": "curl@8.9.1-r2", "PkgName": "curl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/curl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", "UID": "3590c6e28b7cc208" }, "InstalledVersion": "8.9.1-r2", "FixedVersion": "8.10.0-r0", "Status": "fixed", "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-8096", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:d03da98932292dd508963d668b00e68539efa6efc9b496507fe4835e664f457d", "Title": "curl: OCSP stapling bypass with GnuTLS", "Description": "When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "julia": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/09/11/1", "https://access.redhat.com/security/cve/CVE-2024-8096", "https://curl.se/docs/CVE-2024-8096.html", "https://curl.se/docs/CVE-2024-8096.json", "https://github.com/advisories/GHSA-gv3v-x3f3-7fxm", "https://hackerone.com/reports/2669852", "https://lists.debian.org/debian-lts-announce/2024/11/msg00008.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-8096", "https://security.netapp.com/advisory/ntap-20241011-0005", "https://security.netapp.com/advisory/ntap-20241011-0005/", "https://ubuntu.com/security/notices/USN-7012-1", "https://www.cve.org/CVERecord?id=CVE-2024-8096" ], "PublishedDate": "2024-09-11T10:15:02.883Z", "LastModifiedDate": "2025-07-30T19:42:16.87Z" }, { "VulnerabilityID": "CVE-2024-9681", "PkgID": "curl@8.9.1-r2", "PkgName": "curl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/curl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", "UID": "3590c6e28b7cc208" }, "InstalledVersion": "8.9.1-r2", "FixedVersion": "8.11.0-r0", "Status": "fixed", "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-9681", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:729c20311539029a0777d1c1846c128667583c37d329f659686846ddbf720950", "Title": "curl: HSTS subdomain overwrites parent cache entry", "Description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "Severity": "MEDIUM", "CweIDs": [ "CWE-697" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "julia": 2, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "V3Score": 3.9 } }, "References": [ "http://seclists.org/fulldisclosure/2025/Apr/10", "http://seclists.org/fulldisclosure/2025/Apr/11", "http://seclists.org/fulldisclosure/2025/Apr/12", "http://seclists.org/fulldisclosure/2025/Apr/13", "http://seclists.org/fulldisclosure/2025/Apr/4", "http://seclists.org/fulldisclosure/2025/Apr/5", "http://seclists.org/fulldisclosure/2025/Apr/8", "http://seclists.org/fulldisclosure/2025/Apr/9", "http://www.openwall.com/lists/oss-security/2024/11/06/2", "https://access.redhat.com/security/cve/CVE-2024-9681", "https://curl.se/docs/CVE-2024-9681.html", "https://curl.se/docs/CVE-2024-9681.json", "https://github.com/advisories/GHSA-g337-g667-mjvw", "https://hackerone.com/reports/2764830", "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "https://security.netapp.com/advisory/ntap-20241213-0006", "https://security.netapp.com/advisory/ntap-20241213-0006/", "https://ubuntu.com/security/notices/USN-7104-1", "https://www.cve.org/CVERecord?id=CVE-2024-9681" ], "PublishedDate": "2024-11-06T08:15:03.74Z", "LastModifiedDate": "2025-11-03T21:18:48.67Z" }, { "VulnerabilityID": "CVE-2025-4947", "PkgID": "curl@8.9.1-r2", "PkgName": "curl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/curl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", "UID": "3590c6e28b7cc208" }, "InstalledVersion": "8.9.1-r2", "FixedVersion": "8.14.0-r0", "Status": "fixed", "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4947", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:eaa2d3e3f014a56a62b89e73c38d659c5f436cfa0285b63acd4f503c0f2d27bb", "Title": "libcurl: curl: QUIC certificate check skip with wolfSSL", "Description": "libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "azure": 2, "julia": 2, "photon": 2, "redhat": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/05/28/4", "https://access.redhat.com/security/cve/CVE-2025-4947", "https://curl.se/docs/CVE-2025-4947.html", "https://curl.se/docs/CVE-2025-4947.json", "https://github.com/advisories/GHSA-ppfq-jg49-mqj4", "https://hackerone.com/reports/3150884", "https://nvd.nist.gov/vuln/detail/CVE-2025-4947", "https://www.cve.org/CVERecord?id=CVE-2025-4947" ], "PublishedDate": "2025-05-28T07:15:24.78Z", "LastModifiedDate": "2025-06-26T15:08:21.52Z" }, { "VulnerabilityID": "CVE-2025-5025", "PkgID": "curl@8.9.1-r2", "PkgName": "curl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/curl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", "UID": "3590c6e28b7cc208" }, "InstalledVersion": "8.9.1-r2", "FixedVersion": "8.14.0-r0", "Status": "fixed", "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5025", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:3c9aa6cdb4585e79d9966f754bd654daa7220a21af6fa50aaf58a694055c10a5", "Title": "curl: libcurl: QUIC Certificate Pinning Bypass", "Description": "libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC and HTTP/3. Since pinning makes the transfer succeed if the pin is fine, users could unwittingly connect to an impostor server without noticing.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "azure": 2, "julia": 2, "photon": 2, "redhat": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/05/28/5", "https://access.redhat.com/security/cve/CVE-2025-5025", "https://curl.se/docs/CVE-2025-5025.html", "https://curl.se/docs/CVE-2025-5025.json", "https://github.com/advisories/GHSA-x8ch-h5vv-q6cm", "https://hackerone.com/reports/3153497", "https://nvd.nist.gov/vuln/detail/CVE-2025-5025", "https://www.cve.org/CVERecord?id=CVE-2025-5025" ], "PublishedDate": "2025-05-28T07:15:24.91Z", "LastModifiedDate": "2025-07-30T19:41:37.987Z" }, { "VulnerabilityID": "CVE-2025-5399", "PkgID": "curl@8.9.1-r2", "PkgName": "curl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/curl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", "UID": "3590c6e28b7cc208" }, "InstalledVersion": "8.9.1-r2", "FixedVersion": "8.14.1-r0", "Status": "fixed", "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5399", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:1ea64a010f0303dd04251d86f35f2f89fbb44c892e4c8f07990990bf8eea51e5", "Title": "curl: libcurl: WebSocket endless loop", "Description": "Due to a mistake in libcurl's WebSocket code, a malicious server can send a\nparticularly crafted packet which makes libcurl get trapped in an endless\nbusy-loop.\n\nThere is no other way for the application to escape or exit this loop other\nthan killing the thread/process.\n\nThis might be used to DoS libcurl-using application.", "Severity": "MEDIUM", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "alma": 2, "julia": 3, "oracle-oval": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/06/04/2", "https://access.redhat.com/errata/RHSA-2025:16046", "https://access.redhat.com/security/cve/CVE-2025-5399", "https://bugzilla.redhat.com/2359885", "https://bugzilla.redhat.com/2359888", "https://bugzilla.redhat.com/2359892", "https://bugzilla.redhat.com/2359894", "https://bugzilla.redhat.com/2359895", "https://bugzilla.redhat.com/2359899", "https://bugzilla.redhat.com/2359900", "https://bugzilla.redhat.com/2359902", "https://bugzilla.redhat.com/2359903", "https://bugzilla.redhat.com/2359911", "https://bugzilla.redhat.com/2359918", "https://bugzilla.redhat.com/2359920", "https://bugzilla.redhat.com/2359924", "https://bugzilla.redhat.com/2359928", "https://bugzilla.redhat.com/2359930", "https://bugzilla.redhat.com/2359932", "https://bugzilla.redhat.com/2359934", "https://bugzilla.redhat.com/2359938", "https://bugzilla.redhat.com/2359940", "https://bugzilla.redhat.com/2359943", "https://bugzilla.redhat.com/2359944", "https://bugzilla.redhat.com/2359945", "https://bugzilla.redhat.com/2359947", "https://bugzilla.redhat.com/2359950", "https://bugzilla.redhat.com/2359963", "https://bugzilla.redhat.com/2359964", "https://bugzilla.redhat.com/2359972", "https://bugzilla.redhat.com/2370920", "https://bugzilla.redhat.com/2380264", "https://bugzilla.redhat.com/2380273", "https://bugzilla.redhat.com/2380274", "https://bugzilla.redhat.com/2380278", "https://bugzilla.redhat.com/2380280", "https://bugzilla.redhat.com/2380283", "https://bugzilla.redhat.com/2380284", "https://bugzilla.redhat.com/2380290", "https://bugzilla.redhat.com/2380291", "https://bugzilla.redhat.com/2380295", "https://bugzilla.redhat.com/2380298", "https://bugzilla.redhat.com/2380306", "https://bugzilla.redhat.com/2380308", "https://bugzilla.redhat.com/2380309", "https://bugzilla.redhat.com/2380310", "https://bugzilla.redhat.com/2380312", "https://bugzilla.redhat.com/2380313", "https://bugzilla.redhat.com/2380320", "https://bugzilla.redhat.com/2380321", "https://bugzilla.redhat.com/2380322", "https://bugzilla.redhat.com/2380326", "https://bugzilla.redhat.com/2380327", "https://bugzilla.redhat.com/2380334", "https://bugzilla.redhat.com/2380335", "https://bugzilla.redhat.com/show_bug.cgi?id=2338999", "https://bugzilla.redhat.com/show_bug.cgi?id=2359885", "https://bugzilla.redhat.com/show_bug.cgi?id=2359888", "https://bugzilla.redhat.com/show_bug.cgi?id=2359892", "https://bugzilla.redhat.com/show_bug.cgi?id=2359894", "https://bugzilla.redhat.com/show_bug.cgi?id=2359895", "https://bugzilla.redhat.com/show_bug.cgi?id=2359899", "https://bugzilla.redhat.com/show_bug.cgi?id=2359900", "https://bugzilla.redhat.com/show_bug.cgi?id=2359902", "https://bugzilla.redhat.com/show_bug.cgi?id=2359903", "https://bugzilla.redhat.com/show_bug.cgi?id=2359911", "https://bugzilla.redhat.com/show_bug.cgi?id=2359918", "https://bugzilla.redhat.com/show_bug.cgi?id=2359920", "https://bugzilla.redhat.com/show_bug.cgi?id=2359924", "https://bugzilla.redhat.com/show_bug.cgi?id=2359928", "https://bugzilla.redhat.com/show_bug.cgi?id=2359930", "https://bugzilla.redhat.com/show_bug.cgi?id=2359932", "https://bugzilla.redhat.com/show_bug.cgi?id=2359934", "https://bugzilla.redhat.com/show_bug.cgi?id=2359938", "https://bugzilla.redhat.com/show_bug.cgi?id=2359940", "https://bugzilla.redhat.com/show_bug.cgi?id=2359943", "https://bugzilla.redhat.com/show_bug.cgi?id=2359944", "https://bugzilla.redhat.com/show_bug.cgi?id=2359945", "https://bugzilla.redhat.com/show_bug.cgi?id=2359947", "https://bugzilla.redhat.com/show_bug.cgi?id=2359950", "https://bugzilla.redhat.com/show_bug.cgi?id=2359963", "https://bugzilla.redhat.com/show_bug.cgi?id=2359964", "https://bugzilla.redhat.com/show_bug.cgi?id=2359972", "https://bugzilla.redhat.com/show_bug.cgi?id=2370920", "https://bugzilla.redhat.com/show_bug.cgi?id=2380264", "https://bugzilla.redhat.com/show_bug.cgi?id=2380273", "https://bugzilla.redhat.com/show_bug.cgi?id=2380274", "https://bugzilla.redhat.com/show_bug.cgi?id=2380278", "https://bugzilla.redhat.com/show_bug.cgi?id=2380280", "https://bugzilla.redhat.com/show_bug.cgi?id=2380283", "https://bugzilla.redhat.com/show_bug.cgi?id=2380284", "https://bugzilla.redhat.com/show_bug.cgi?id=2380290", "https://bugzilla.redhat.com/show_bug.cgi?id=2380291", "https://bugzilla.redhat.com/show_bug.cgi?id=2380295", "https://bugzilla.redhat.com/show_bug.cgi?id=2380298", "https://bugzilla.redhat.com/show_bug.cgi?id=2380306", "https://bugzilla.redhat.com/show_bug.cgi?id=2380308", "https://bugzilla.redhat.com/show_bug.cgi?id=2380309", "https://bugzilla.redhat.com/show_bug.cgi?id=2380310", "https://bugzilla.redhat.com/show_bug.cgi?id=2380312", "https://bugzilla.redhat.com/show_bug.cgi?id=2380313", "https://bugzilla.redhat.com/show_bug.cgi?id=2380320", "https://bugzilla.redhat.com/show_bug.cgi?id=2380321", "https://bugzilla.redhat.com/show_bug.cgi?id=2380322", "https://bugzilla.redhat.com/show_bug.cgi?id=2380326", "https://bugzilla.redhat.com/show_bug.cgi?id=2380327", "https://bugzilla.redhat.com/show_bug.cgi?id=2380334", "https://bugzilla.redhat.com/show_bug.cgi?id=2380335", "https://curl.se/docs/CVE-2025-5399.html", "https://curl.se/docs/CVE-2025-5399.json", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21574", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21575", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21577", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21579", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21580", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21581", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21584", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21585", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21588", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30681", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30682", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30683", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30684", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30685", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30687", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30688", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30693", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30695", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30696", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30699", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30703", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30704", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30705", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30715", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30721", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30722", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50077", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50078", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50079", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50080", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50081", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50082", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50083", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50084", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50085", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50086", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50087", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50088", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50091", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50092", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50093", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50094", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50096", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50097", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50098", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50099", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50100", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50101", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50102", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50104", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5399", "https://errata.almalinux.org/9/ALSA-2025-16046.html", "https://errata.rockylinux.org/RLSA-2025:15699", "https://github.com/advisories/GHSA-8h93-38hx-vv92", "https://hackerone.com/reports/3168039", "https://linux.oracle.com/cve/CVE-2025-5399.html", "https://linux.oracle.com/errata/ELSA-2025-16046.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-5399", "https://www.cve.org/CVERecord?id=CVE-2025-5399", "https://www.oracle.com/security-alerts/cpujul2025.html#AppendixMSQL" ], "PublishedDate": "2025-06-07T08:15:20.687Z", "LastModifiedDate": "2025-07-30T19:41:33.457Z" }, { "VulnerabilityID": "CVE-2025-9086", "PkgID": "curl@8.9.1-r2", "PkgName": "curl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/curl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", "UID": "3590c6e28b7cc208" }, "InstalledVersion": "8.9.1-r2", "FixedVersion": "8.14.1-r2", "Status": "fixed", "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9086", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:69503a3727f3efc5db3d40e81d09f4889afb0a2a94e5a90720bf4c54319c0c6d", "Title": "curl: libcurl: Curl out of bounds read for cookie path", "Description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "alma": 2, "amazon": 1, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/09/10/1", "https://access.redhat.com/errata/RHSA-2026:1350", "https://access.redhat.com/security/cve/CVE-2025-9086", "https://bugzilla.redhat.com/2394750", "https://bugzilla.redhat.com/show_bug.cgi?id=2394750", "https://curl.se/docs/CVE-2025-9086.html", "https://curl.se/docs/CVE-2025-9086.json", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086", "https://errata.almalinux.org/9/ALSA-2026-1350.html", "https://errata.rockylinux.org/RLSA-2026:1350", "https://github.com/advisories/GHSA-v676-f8gm-92r9", "https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6", "https://hackerone.com/reports/3294999", "https://linux.oracle.com/cve/CVE-2025-9086.html", "https://linux.oracle.com/errata/ELSA-2026-1825.html", "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "https://ubuntu.com/security/notices/USN-8062-1", "https://www.cve.org/CVERecord?id=CVE-2025-9086" ], "PublishedDate": "2025-09-12T06:15:44.1Z", "LastModifiedDate": "2026-01-20T14:58:01.347Z" }, { "VulnerabilityID": "CVE-2026-4878", "PkgID": "libcap-getcap@2.70-r0", "PkgName": "libcap-getcap", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcap-getcap@2.70-r0?arch=x86_64\u0026distro=3.20.3", "UID": "2e9f7399f8a4acb1" }, "InstalledVersion": "2.70-r0", "FixedVersion": "2.78-r0", "Status": "fixed", "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4878", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:0c3b148570e0fc8d15a454cb319724a4aa8a265f2a308929304014f84e3b84a2", "Title": "libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file()", "Description": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.", "Severity": "HIGH", "CweIDs": [ "CWE-367" ], "VendorSeverity": { "alma": 3, "azure": 2, "nvd": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "V3Score": 6.7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/07/14", "http://www.openwall.com/lists/oss-security/2026/04/07/4", "http://www.openwall.com/lists/oss-security/2026/04/08/9", "http://www.openwall.com/lists/oss-security/2026/04/09/5", "http://www.openwall.com/lists/oss-security/2026/04/09/6", "https://access.redhat.com/errata/RHSA-2026:12423", "https://access.redhat.com/errata/RHSA-2026:12441", "https://access.redhat.com/errata/RHSA-2026:13285", "https://access.redhat.com/errata/RHSA-2026:14162", "https://access.redhat.com/errata/RHSA-2026:14937", "https://access.redhat.com/errata/RHSA-2026:19130", "https://access.redhat.com/errata/RHSA-2026:19346", "https://access.redhat.com/errata/RHSA-2026:19456", "https://access.redhat.com/errata/RHSA-2026:19458", "https://access.redhat.com/errata/RHSA-2026:7473", "https://access.redhat.com/security/cve/CVE-2026-4878", "https://bugzilla.redhat.com/2451615", "https://bugzilla.redhat.com/show_bug.cgi?id=2447554", "https://bugzilla.redhat.com/show_bug.cgi?id=2451615", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4878", "https://errata.almalinux.org/9/ALSA-2026-12441.html", "https://errata.rockylinux.org/RLSA-2026:12441", "https://github.com/AndrewGMorgan/libcap_mirror/security/advisories/GHSA-f78v-p5hx-m7hh", "https://linux.oracle.com/cve/CVE-2026-4878.html", "https://linux.oracle.com/errata/ELSA-2026-13285.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-4878", "https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.x4zn8j3lss6r", "https://ubuntu.com/security/notices/USN-8193-1", "https://www.cve.org/CVERecord?id=CVE-2026-4878" ], "PublishedDate": "2026-04-09T16:16:31.987Z", "LastModifiedDate": "2026-05-20T05:16:21.907Z" }, { "VulnerabilityID": "CVE-2026-4878", "PkgID": "libcap-setcap@2.70-r0", "PkgName": "libcap-setcap", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcap-setcap@2.70-r0?arch=x86_64\u0026distro=3.20.3", "UID": "7ead01c20c7fdb89" }, "InstalledVersion": "2.70-r0", "FixedVersion": "2.78-r0", "Status": "fixed", "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4878", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:8d5360b4d5dd40e56107211b1a4c8efc96c4e0395dfb3fbbb353f95ba9dce23b", "Title": "libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file()", "Description": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.", "Severity": "HIGH", "CweIDs": [ "CWE-367" ], "VendorSeverity": { "alma": 3, "azure": 2, "nvd": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "V3Score": 6.7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/07/14", "http://www.openwall.com/lists/oss-security/2026/04/07/4", "http://www.openwall.com/lists/oss-security/2026/04/08/9", "http://www.openwall.com/lists/oss-security/2026/04/09/5", "http://www.openwall.com/lists/oss-security/2026/04/09/6", "https://access.redhat.com/errata/RHSA-2026:12423", "https://access.redhat.com/errata/RHSA-2026:12441", "https://access.redhat.com/errata/RHSA-2026:13285", "https://access.redhat.com/errata/RHSA-2026:14162", "https://access.redhat.com/errata/RHSA-2026:14937", "https://access.redhat.com/errata/RHSA-2026:19130", "https://access.redhat.com/errata/RHSA-2026:19346", "https://access.redhat.com/errata/RHSA-2026:19456", "https://access.redhat.com/errata/RHSA-2026:19458", "https://access.redhat.com/errata/RHSA-2026:7473", "https://access.redhat.com/security/cve/CVE-2026-4878", "https://bugzilla.redhat.com/2451615", "https://bugzilla.redhat.com/show_bug.cgi?id=2447554", "https://bugzilla.redhat.com/show_bug.cgi?id=2451615", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4878", "https://errata.almalinux.org/9/ALSA-2026-12441.html", "https://errata.rockylinux.org/RLSA-2026:12441", "https://github.com/AndrewGMorgan/libcap_mirror/security/advisories/GHSA-f78v-p5hx-m7hh", "https://linux.oracle.com/cve/CVE-2026-4878.html", "https://linux.oracle.com/errata/ELSA-2026-13285.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-4878", "https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.x4zn8j3lss6r", "https://ubuntu.com/security/notices/USN-8193-1", "https://www.cve.org/CVERecord?id=CVE-2026-4878" ], "PublishedDate": "2026-04-09T16:16:31.987Z", "LastModifiedDate": "2026-05-20T05:16:21.907Z" }, { "VulnerabilityID": "CVE-2026-4878", "PkgID": "libcap-utils@2.70-r0", "PkgName": "libcap-utils", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcap-utils@2.70-r0?arch=x86_64\u0026distro=3.20.3", "UID": "2af2246a4520124f" }, "InstalledVersion": "2.70-r0", "FixedVersion": "2.78-r0", "Status": "fixed", "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4878", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:3d8a1c9e9be89abab84cdf220c4e8cc1c080e4749f82a4390bf8d8d634a6c725", "Title": "libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file()", "Description": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.", "Severity": "HIGH", "CweIDs": [ "CWE-367" ], "VendorSeverity": { "alma": 3, "azure": 2, "nvd": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "V3Score": 6.7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/07/14", "http://www.openwall.com/lists/oss-security/2026/04/07/4", "http://www.openwall.com/lists/oss-security/2026/04/08/9", "http://www.openwall.com/lists/oss-security/2026/04/09/5", "http://www.openwall.com/lists/oss-security/2026/04/09/6", "https://access.redhat.com/errata/RHSA-2026:12423", "https://access.redhat.com/errata/RHSA-2026:12441", "https://access.redhat.com/errata/RHSA-2026:13285", "https://access.redhat.com/errata/RHSA-2026:14162", "https://access.redhat.com/errata/RHSA-2026:14937", "https://access.redhat.com/errata/RHSA-2026:19130", "https://access.redhat.com/errata/RHSA-2026:19346", "https://access.redhat.com/errata/RHSA-2026:19456", "https://access.redhat.com/errata/RHSA-2026:19458", "https://access.redhat.com/errata/RHSA-2026:7473", "https://access.redhat.com/security/cve/CVE-2026-4878", "https://bugzilla.redhat.com/2451615", "https://bugzilla.redhat.com/show_bug.cgi?id=2447554", "https://bugzilla.redhat.com/show_bug.cgi?id=2451615", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4878", "https://errata.almalinux.org/9/ALSA-2026-12441.html", "https://errata.rockylinux.org/RLSA-2026:12441", "https://github.com/AndrewGMorgan/libcap_mirror/security/advisories/GHSA-f78v-p5hx-m7hh", "https://linux.oracle.com/cve/CVE-2026-4878.html", "https://linux.oracle.com/errata/ELSA-2026-13285.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-4878", "https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.x4zn8j3lss6r", "https://ubuntu.com/security/notices/USN-8193-1", "https://www.cve.org/CVERecord?id=CVE-2026-4878" ], "PublishedDate": "2026-04-09T16:16:31.987Z", "LastModifiedDate": "2026-05-20T05:16:21.907Z" }, { "VulnerabilityID": "CVE-2026-4878", "PkgID": "libcap2@2.70-r0", "PkgName": "libcap2", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcap2@2.70-r0?arch=x86_64\u0026distro=3.20.3", "UID": "fdb8fa1749c0da49" }, "InstalledVersion": "2.70-r0", "FixedVersion": "2.78-r0", "Status": "fixed", "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4878", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:635b077196e89cf29fe6649789b439761731b8e63a0fc1f0077b473cc0ac0232", "Title": "libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file()", "Description": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.", "Severity": "HIGH", "CweIDs": [ "CWE-367" ], "VendorSeverity": { "alma": 3, "azure": 2, "nvd": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "V3Score": 6.7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/07/14", "http://www.openwall.com/lists/oss-security/2026/04/07/4", "http://www.openwall.com/lists/oss-security/2026/04/08/9", "http://www.openwall.com/lists/oss-security/2026/04/09/5", "http://www.openwall.com/lists/oss-security/2026/04/09/6", "https://access.redhat.com/errata/RHSA-2026:12423", "https://access.redhat.com/errata/RHSA-2026:12441", "https://access.redhat.com/errata/RHSA-2026:13285", "https://access.redhat.com/errata/RHSA-2026:14162", "https://access.redhat.com/errata/RHSA-2026:14937", "https://access.redhat.com/errata/RHSA-2026:19130", "https://access.redhat.com/errata/RHSA-2026:19346", "https://access.redhat.com/errata/RHSA-2026:19456", "https://access.redhat.com/errata/RHSA-2026:19458", "https://access.redhat.com/errata/RHSA-2026:7473", "https://access.redhat.com/security/cve/CVE-2026-4878", "https://bugzilla.redhat.com/2451615", "https://bugzilla.redhat.com/show_bug.cgi?id=2447554", "https://bugzilla.redhat.com/show_bug.cgi?id=2451615", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4878", "https://errata.almalinux.org/9/ALSA-2026-12441.html", "https://errata.rockylinux.org/RLSA-2026:12441", "https://github.com/AndrewGMorgan/libcap_mirror/security/advisories/GHSA-f78v-p5hx-m7hh", "https://linux.oracle.com/cve/CVE-2026-4878.html", "https://linux.oracle.com/errata/ELSA-2026-13285.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-4878", "https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.x4zn8j3lss6r", "https://ubuntu.com/security/notices/USN-8193-1", "https://www.cve.org/CVERecord?id=CVE-2026-4878" ], "PublishedDate": "2026-04-09T16:16:31.987Z", "LastModifiedDate": "2026-05-20T05:16:21.907Z" }, { "VulnerabilityID": "CVE-2026-31789", "PkgID": "libcrypto3@3.3.2-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "1f07265a9a4c81e3" }, "InstalledVersion": "3.3.2-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31789", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:50b22a44cf146aed76aae9fbd8f2e457781b0677c9582a2d3c916936cd56c03f", "Title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing", "Description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "CRITICAL", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "azure": 2, "nvd": 4, "photon": 4, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", "V3Score": 5.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31789", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-j79m-9jxq-788r", "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-31789", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.617Z", "LastModifiedDate": "2026-05-12T13:17:34.57Z" }, { "VulnerabilityID": "CVE-2024-12797", "PkgID": "libcrypto3@3.3.2-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "1f07265a9a4c81e3" }, "InstalledVersion": "3.3.2-r0", "FixedVersion": "3.3.3-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-12797", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:76243d702514a2991c5107d3fa2114a85ff2a3911b49c2a7ee9603aaa20a1285", "Title": "openssl: RFC7250 handshakes with unauthenticated servers don't abort as expected", "Description": "Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a\nserver may fail to notice that the server was not authenticated, because\nhandshakes don't abort as expected when the SSL_VERIFY_PEER verification mode\nis set.\n\nImpact summary: TLS and DTLS connections using raw public keys may be\nvulnerable to man-in-middle attacks when server authentication failure is not\ndetected by clients.\n\nRPKs are disabled by default in both TLS clients and TLS servers. The issue\nonly arises when TLS clients explicitly enable RPK use by the server, and the\nserver, likewise, enables sending of an RPK instead of an X.509 certificate\nchain. The affected clients are those that then rely on the handshake to\nfail when the server's RPK fails to match one of the expected public keys,\nby setting the verification mode to SSL_VERIFY_PEER.\n\nClients that enable server-side raw public keys can still find out that raw\npublic key verification failed by calling SSL_get_verify_result(), and those\nthat do, and take appropriate action, are not affected. This issue was\nintroduced in the initial implementation of RPK support in OpenSSL 3.2.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-392" ], "VendorSeverity": { "alma": 3, "azure": 3, "cbl-mariner": 3, "ghsa": 1, "oracle-oval": 3, "redhat": 3, "rocky": 3, "ubuntu": 3 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/02/11/3", "http://www.openwall.com/lists/oss-security/2025/02/11/4", "https://access.redhat.com/errata/RHSA-2025:1330", "https://access.redhat.com/security/cve/CVE-2024-12797", "https://bugzilla.redhat.com/2342757", "https://bugzilla.redhat.com/show_bug.cgi?id=2342757", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12797", "https://errata.almalinux.org/9/ALSA-2025-1330.html", "https://errata.rockylinux.org/RLSA-2025:1330", "https://github.com/openssl/openssl/commit/738d4f9fdeaad57660dcba50a619fafced3fd5e9", "https://github.com/openssl/openssl/commit/798779d43494549b611233f92652f0da5328fbe7", "https://github.com/openssl/openssl/commit/87ebd203feffcf92ad5889df92f90bb0ee10a699", "https://github.com/pyca/cryptography", "https://github.com/pyca/cryptography/security/advisories/GHSA-79v4-65xg-pq4g", "https://linux.oracle.com/cve/CVE-2024-12797.html", "https://linux.oracle.com/errata/ELSA-2025-1330.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-12797", "https://openssl-library.org/news/secadv/20250211.txt", "https://security.netapp.com/advisory/ntap-20250214-0001/", "https://ubuntu.com/security/notices/USN-7264-1", "https://www.cve.org/CVERecord?id=CVE-2024-12797" ], "PublishedDate": "2025-02-11T16:15:38.827Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-15467", "PkgID": "libcrypto3@3.3.2-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "1f07265a9a4c81e3" }, "InstalledVersion": "3.3.2-r0", "FixedVersion": "3.3.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15467", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:2af0077040dc2bc64b52d8cc2b4cc3ad80e07ae5b7de40593e3936f119c1d9ca", "Title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing", "Description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 4, "julia": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 8.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/27/10", "http://www.openwall.com/lists/oss-security/2026/02/25/6", "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-15467", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-wvhq-3h88-rf6g", "https://github.com/guiimoraes/CVE-2025-15467", "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://linux.oracle.com/cve/CVE-2025-15467.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://www.cve.org/CVERecord?id=CVE-2025-15467" ], "PublishedDate": "2026-01-27T16:16:14.257Z", "LastModifiedDate": "2026-05-07T18:12:43.253Z" }, { "VulnerabilityID": "CVE-2025-69421", "PkgID": "libcrypto3@3.3.2-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "1f07265a9a4c81e3" }, "InstalledVersion": "3.3.2-r0", "FixedVersion": "3.3.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69421", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:174734f9e5c7e5ab4a6c6c413d0ff5e1ffef49f9ca4fa90822e27cfa378616b9", "Title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing", "Description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "cbl-mariner": 2, "julia": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 1, "rocky": 3, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-69421", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-w9rv-xc8m-cmqp", "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://linux.oracle.com/cve/CVE-2025-69421.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69421" ], "PublishedDate": "2026-01-27T16:16:34.437Z", "LastModifiedDate": "2026-05-12T13:17:26.71Z" }, { "VulnerabilityID": "CVE-2026-28387", "PkgID": "libcrypto3@3.3.2-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "1f07265a9a4c81e3" }, "InstalledVersion": "3.3.2-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28387", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:2947dbbe3d602a7f1e10fe5292bd388b00a0b525e3f9195c85956ad019c4a95b", "Title": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication", "Description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as 'unusable' any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28387", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b", "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe", "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3", "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7", "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177", "https://nvd.nist.gov/vuln/detail/CVE-2026-28387", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28387", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:20.7Z", "LastModifiedDate": "2026-05-12T13:17:33.27Z" }, { "VulnerabilityID": "CVE-2026-28388", "PkgID": "libcrypto3@3.3.2-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "1f07265a9a4c81e3" }, "InstalledVersion": "3.3.2-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28388", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:cf76010796e77e865567ddddd933de884e2404fff383161c180e95b5d5f94fd4", "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing", "Description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28388", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28388", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:20.863Z", "LastModifiedDate": "2026-05-12T13:17:33.453Z" }, { "VulnerabilityID": "CVE-2026-28389", "PkgID": "libcrypto3@3.3.2-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "1f07265a9a4c81e3" }, "InstalledVersion": "3.3.2-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28389", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:23b82e1cd848348c2017666c96d03949cf4ae60881ea8e6d677432a1409a8fca", "Title": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing", "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28389", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/advisories/GHSA-7x88-9hgc-69gf", "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28389", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.03Z", "LastModifiedDate": "2026-05-12T13:17:33.637Z" }, { "VulnerabilityID": "CVE-2026-28390", "PkgID": "libcrypto3@3.3.2-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "1f07265a9a4c81e3" }, "InstalledVersion": "3.3.2-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28390", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:8d6fdc015784f396d2b02a393c557169c9b9c0d608d6582827f1d7040609bcb0", "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing", "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28390", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", "https://nvd.nist.gov/vuln/detail/CVE-2026-28390", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28390", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.19Z", "LastModifiedDate": "2026-05-12T13:17:33.81Z" }, { "VulnerabilityID": "CVE-2025-69419", "PkgID": "libcrypto3@3.3.2-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "1f07265a9a4c81e3" }, "InstalledVersion": "3.3.2-r0", "FixedVersion": "3.3.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69419", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:beddf5664e29c0fcc1f947bd20eb4c3495efb2e6f1635c80db697c04c6f3241f", "Title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing", "Description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "cbl-mariner": 3, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4472", "https://access.redhat.com/security/cve/CVE-2025-69419", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-4472.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-x77r-97gw-wh89", "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", "https://linux.oracle.com/cve/CVE-2025-69419.html", "https://linux.oracle.com/errata/ELSA-2026-50131.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69419" ], "PublishedDate": "2026-01-27T16:16:34.113Z", "LastModifiedDate": "2026-05-12T13:17:26.19Z" }, { "VulnerabilityID": "CVE-2025-9230", "PkgID": "libcrypto3@3.3.2-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "1f07265a9a4c81e3" }, "InstalledVersion": "3.3.2-r0", "FixedVersion": "3.3.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:571e9f1afd0f2aae95b1baa5b7c9a6f184f78a980029071dac0ffcf24fcf074f", "Title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap", "Description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125", "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "cbl-mariner": 3, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.6 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/09/30/5", "https://access.redhat.com/errata/RHSA-2026:2776", "https://access.redhat.com/security/cve/CVE-2025-9230", "https://bugzilla.redhat.com/2396054", "https://bugzilla.redhat.com/show_bug.cgi?id=2396054", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cert-portal.siemens.com/productcert/html/ssa-485750.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230", "https://errata.almalinux.org/9/ALSA-2026-2776.html", "https://errata.rockylinux.org/RLSA-2025:21255", "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", "https://linux.oracle.com/cve/CVE-2025-9230.html", "https://linux.oracle.com/errata/ELSA-2026-50114.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "https://openssl-library.org/news/secadv/20250930.txt", "https://ubuntu.com/security/notices/USN-7786-1", "https://www.cve.org/CVERecord?id=CVE-2025-9230" ], "PublishedDate": "2025-09-30T14:15:41.05Z", "LastModifiedDate": "2026-05-12T13:17:29.767Z" }, { "VulnerabilityID": "CVE-2025-9231", "PkgID": "libcrypto3@3.3.2-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "1f07265a9a4c81e3" }, "InstalledVersion": "3.3.2-r0", "FixedVersion": "3.3.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:fc571513e320f7d8d81a1f6d2ccd046f6fbcf9d27edde0dcf97cb249b63973af", "Title": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", "Description": "Issue summary: A timing side-channel which could potentially allow remote\nrecovery of the private key exists in the SM2 algorithm implementation on 64 bit\nARM platforms.\n\nImpact summary: A timing side-channel in SM2 signature computations on 64 bit\nARM platforms could allow recovering the private key by an attacker..\n\nWhile remote key recovery over a network was not attempted by the reporter,\ntiming measurements revealed a timing signal which may allow such an attack.\n\nOpenSSL does not directly support certificates with SM2 keys in TLS, and so\nthis CVE is not relevant in most TLS contexts. However, given that it is\npossible to add support for such certificates via a custom provider, coupled\nwith the fact that in such a custom provider context the private key may be\nrecoverable via remote timing measurements, we consider this to be a Moderate\nseverity issue.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as SM2 is not an approved algorithm.", "Severity": "MEDIUM", "CweIDs": [ "CWE-385" ], "VendorSeverity": { "amazon": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/09/30/5", "http://www.openwall.com/lists/oss-security/2026/05/11/11", "https://access.redhat.com/security/cve/CVE-2025-9231", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", "https://github.com/advisories/GHSA-9mrx-mqmg-gwj9", "https://github.com/openssl/openssl/commit/567f64386e43683888212226824b6a179885a0fe", "https://github.com/openssl/openssl/commit/cba616c26ac8e7b37de5e77762e505ba5ca51698", "https://github.com/openssl/openssl/commit/eed5adc9f969d77c94f213767acbb41ff923b6f4", "https://github.com/openssl/openssl/commit/fc47a2ec078912b3e914fab5734535e76c4820c2", "https://nvd.nist.gov/vuln/detail/CVE-2025-9231", "https://openssl-library.org/news/secadv/20250930.txt", "https://ubuntu.com/security/notices/USN-7786-1", "https://www.cve.org/CVERecord?id=CVE-2025-9231" ], "PublishedDate": "2025-09-30T14:15:41.19Z", "LastModifiedDate": "2026-05-12T13:17:29.927Z" }, { "VulnerabilityID": "CVE-2026-31790", "PkgID": "libcrypto3@3.3.2-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "1f07265a9a4c81e3" }, "InstalledVersion": "3.3.2-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31790", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:2c7cfa700eb04aaa899a020a8692effa01b20f06f6a4419e8aad0708e3e2a4b7", "Title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key", "Description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-754" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31790", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-vgxx-5xj5-q97x", "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-31790", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.77Z", "LastModifiedDate": "2026-05-12T13:17:34.75Z" }, { "VulnerabilityID": "CVE-2024-8096", "PkgID": "libcurl@8.9.1-r2", "PkgName": "libcurl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcurl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", "UID": "2ba374c8fc8f948f" }, "InstalledVersion": "8.9.1-r2", "FixedVersion": "8.10.0-r0", "Status": "fixed", "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-8096", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:53c44a7d6b5d47fb1bc6eccf444ab8c9b0892e66bab84406697d30cb52985fe7", "Title": "curl: OCSP stapling bypass with GnuTLS", "Description": "When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "julia": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/09/11/1", "https://access.redhat.com/security/cve/CVE-2024-8096", "https://curl.se/docs/CVE-2024-8096.html", "https://curl.se/docs/CVE-2024-8096.json", "https://github.com/advisories/GHSA-gv3v-x3f3-7fxm", "https://hackerone.com/reports/2669852", "https://lists.debian.org/debian-lts-announce/2024/11/msg00008.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-8096", "https://security.netapp.com/advisory/ntap-20241011-0005", "https://security.netapp.com/advisory/ntap-20241011-0005/", "https://ubuntu.com/security/notices/USN-7012-1", "https://www.cve.org/CVERecord?id=CVE-2024-8096" ], "PublishedDate": "2024-09-11T10:15:02.883Z", "LastModifiedDate": "2025-07-30T19:42:16.87Z" }, { "VulnerabilityID": "CVE-2024-9681", "PkgID": "libcurl@8.9.1-r2", "PkgName": "libcurl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcurl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", "UID": "2ba374c8fc8f948f" }, "InstalledVersion": "8.9.1-r2", "FixedVersion": "8.11.0-r0", "Status": "fixed", "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-9681", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:ad89ef2ade3f4e5594d83f07f9f19b30987b3255c891a80114f4147c42bc5ac3", "Title": "curl: HSTS subdomain overwrites parent cache entry", "Description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "Severity": "MEDIUM", "CweIDs": [ "CWE-697" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "julia": 2, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "V3Score": 3.9 } }, "References": [ "http://seclists.org/fulldisclosure/2025/Apr/10", "http://seclists.org/fulldisclosure/2025/Apr/11", "http://seclists.org/fulldisclosure/2025/Apr/12", "http://seclists.org/fulldisclosure/2025/Apr/13", "http://seclists.org/fulldisclosure/2025/Apr/4", "http://seclists.org/fulldisclosure/2025/Apr/5", "http://seclists.org/fulldisclosure/2025/Apr/8", "http://seclists.org/fulldisclosure/2025/Apr/9", "http://www.openwall.com/lists/oss-security/2024/11/06/2", "https://access.redhat.com/security/cve/CVE-2024-9681", "https://curl.se/docs/CVE-2024-9681.html", "https://curl.se/docs/CVE-2024-9681.json", "https://github.com/advisories/GHSA-g337-g667-mjvw", "https://hackerone.com/reports/2764830", "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "https://security.netapp.com/advisory/ntap-20241213-0006", "https://security.netapp.com/advisory/ntap-20241213-0006/", "https://ubuntu.com/security/notices/USN-7104-1", "https://www.cve.org/CVERecord?id=CVE-2024-9681" ], "PublishedDate": "2024-11-06T08:15:03.74Z", "LastModifiedDate": "2025-11-03T21:18:48.67Z" }, { "VulnerabilityID": "CVE-2025-4947", "PkgID": "libcurl@8.9.1-r2", "PkgName": "libcurl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcurl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", "UID": "2ba374c8fc8f948f" }, "InstalledVersion": "8.9.1-r2", "FixedVersion": "8.14.0-r0", "Status": "fixed", "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4947", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:4356e654aa130320842fafdcea2b28718798fd84a33e67bc127f31a4cb435cbc", "Title": "libcurl: curl: QUIC certificate check skip with wolfSSL", "Description": "libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "azure": 2, "julia": 2, "photon": 2, "redhat": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/05/28/4", "https://access.redhat.com/security/cve/CVE-2025-4947", "https://curl.se/docs/CVE-2025-4947.html", "https://curl.se/docs/CVE-2025-4947.json", "https://github.com/advisories/GHSA-ppfq-jg49-mqj4", "https://hackerone.com/reports/3150884", "https://nvd.nist.gov/vuln/detail/CVE-2025-4947", "https://www.cve.org/CVERecord?id=CVE-2025-4947" ], "PublishedDate": "2025-05-28T07:15:24.78Z", "LastModifiedDate": "2025-06-26T15:08:21.52Z" }, { "VulnerabilityID": "CVE-2025-5025", "PkgID": "libcurl@8.9.1-r2", "PkgName": "libcurl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcurl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", "UID": "2ba374c8fc8f948f" }, "InstalledVersion": "8.9.1-r2", "FixedVersion": "8.14.0-r0", "Status": "fixed", "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5025", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:fce71c9fdcdfd44fa4324612dd8d92817e4637ec757d7182ed78aa9fc3d505a8", "Title": "curl: libcurl: QUIC Certificate Pinning Bypass", "Description": "libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC and HTTP/3. Since pinning makes the transfer succeed if the pin is fine, users could unwittingly connect to an impostor server without noticing.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "azure": 2, "julia": 2, "photon": 2, "redhat": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/05/28/5", "https://access.redhat.com/security/cve/CVE-2025-5025", "https://curl.se/docs/CVE-2025-5025.html", "https://curl.se/docs/CVE-2025-5025.json", "https://github.com/advisories/GHSA-x8ch-h5vv-q6cm", "https://hackerone.com/reports/3153497", "https://nvd.nist.gov/vuln/detail/CVE-2025-5025", "https://www.cve.org/CVERecord?id=CVE-2025-5025" ], "PublishedDate": "2025-05-28T07:15:24.91Z", "LastModifiedDate": "2025-07-30T19:41:37.987Z" }, { "VulnerabilityID": "CVE-2025-5399", "PkgID": "libcurl@8.9.1-r2", "PkgName": "libcurl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcurl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", "UID": "2ba374c8fc8f948f" }, "InstalledVersion": "8.9.1-r2", "FixedVersion": "8.14.1-r0", "Status": "fixed", "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5399", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:d67df0860ef3b6911e4664099e77163353cdbaf44821e04f3590aff576617c7c", "Title": "curl: libcurl: WebSocket endless loop", "Description": "Due to a mistake in libcurl's WebSocket code, a malicious server can send a\nparticularly crafted packet which makes libcurl get trapped in an endless\nbusy-loop.\n\nThere is no other way for the application to escape or exit this loop other\nthan killing the thread/process.\n\nThis might be used to DoS libcurl-using application.", "Severity": "MEDIUM", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "alma": 2, "julia": 3, "oracle-oval": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/06/04/2", "https://access.redhat.com/errata/RHSA-2025:16046", "https://access.redhat.com/security/cve/CVE-2025-5399", "https://bugzilla.redhat.com/2359885", "https://bugzilla.redhat.com/2359888", "https://bugzilla.redhat.com/2359892", "https://bugzilla.redhat.com/2359894", "https://bugzilla.redhat.com/2359895", "https://bugzilla.redhat.com/2359899", "https://bugzilla.redhat.com/2359900", "https://bugzilla.redhat.com/2359902", "https://bugzilla.redhat.com/2359903", "https://bugzilla.redhat.com/2359911", "https://bugzilla.redhat.com/2359918", "https://bugzilla.redhat.com/2359920", "https://bugzilla.redhat.com/2359924", "https://bugzilla.redhat.com/2359928", "https://bugzilla.redhat.com/2359930", "https://bugzilla.redhat.com/2359932", "https://bugzilla.redhat.com/2359934", "https://bugzilla.redhat.com/2359938", "https://bugzilla.redhat.com/2359940", "https://bugzilla.redhat.com/2359943", "https://bugzilla.redhat.com/2359944", "https://bugzilla.redhat.com/2359945", "https://bugzilla.redhat.com/2359947", "https://bugzilla.redhat.com/2359950", "https://bugzilla.redhat.com/2359963", "https://bugzilla.redhat.com/2359964", "https://bugzilla.redhat.com/2359972", "https://bugzilla.redhat.com/2370920", "https://bugzilla.redhat.com/2380264", "https://bugzilla.redhat.com/2380273", "https://bugzilla.redhat.com/2380274", "https://bugzilla.redhat.com/2380278", "https://bugzilla.redhat.com/2380280", "https://bugzilla.redhat.com/2380283", "https://bugzilla.redhat.com/2380284", "https://bugzilla.redhat.com/2380290", "https://bugzilla.redhat.com/2380291", "https://bugzilla.redhat.com/2380295", "https://bugzilla.redhat.com/2380298", "https://bugzilla.redhat.com/2380306", "https://bugzilla.redhat.com/2380308", "https://bugzilla.redhat.com/2380309", "https://bugzilla.redhat.com/2380310", "https://bugzilla.redhat.com/2380312", "https://bugzilla.redhat.com/2380313", "https://bugzilla.redhat.com/2380320", "https://bugzilla.redhat.com/2380321", "https://bugzilla.redhat.com/2380322", "https://bugzilla.redhat.com/2380326", "https://bugzilla.redhat.com/2380327", "https://bugzilla.redhat.com/2380334", "https://bugzilla.redhat.com/2380335", "https://bugzilla.redhat.com/show_bug.cgi?id=2338999", "https://bugzilla.redhat.com/show_bug.cgi?id=2359885", "https://bugzilla.redhat.com/show_bug.cgi?id=2359888", "https://bugzilla.redhat.com/show_bug.cgi?id=2359892", "https://bugzilla.redhat.com/show_bug.cgi?id=2359894", "https://bugzilla.redhat.com/show_bug.cgi?id=2359895", "https://bugzilla.redhat.com/show_bug.cgi?id=2359899", "https://bugzilla.redhat.com/show_bug.cgi?id=2359900", "https://bugzilla.redhat.com/show_bug.cgi?id=2359902", "https://bugzilla.redhat.com/show_bug.cgi?id=2359903", "https://bugzilla.redhat.com/show_bug.cgi?id=2359911", "https://bugzilla.redhat.com/show_bug.cgi?id=2359918", "https://bugzilla.redhat.com/show_bug.cgi?id=2359920", "https://bugzilla.redhat.com/show_bug.cgi?id=2359924", "https://bugzilla.redhat.com/show_bug.cgi?id=2359928", "https://bugzilla.redhat.com/show_bug.cgi?id=2359930", "https://bugzilla.redhat.com/show_bug.cgi?id=2359932", "https://bugzilla.redhat.com/show_bug.cgi?id=2359934", "https://bugzilla.redhat.com/show_bug.cgi?id=2359938", "https://bugzilla.redhat.com/show_bug.cgi?id=2359940", "https://bugzilla.redhat.com/show_bug.cgi?id=2359943", "https://bugzilla.redhat.com/show_bug.cgi?id=2359944", "https://bugzilla.redhat.com/show_bug.cgi?id=2359945", "https://bugzilla.redhat.com/show_bug.cgi?id=2359947", "https://bugzilla.redhat.com/show_bug.cgi?id=2359950", "https://bugzilla.redhat.com/show_bug.cgi?id=2359963", "https://bugzilla.redhat.com/show_bug.cgi?id=2359964", "https://bugzilla.redhat.com/show_bug.cgi?id=2359972", "https://bugzilla.redhat.com/show_bug.cgi?id=2370920", "https://bugzilla.redhat.com/show_bug.cgi?id=2380264", "https://bugzilla.redhat.com/show_bug.cgi?id=2380273", "https://bugzilla.redhat.com/show_bug.cgi?id=2380274", "https://bugzilla.redhat.com/show_bug.cgi?id=2380278", "https://bugzilla.redhat.com/show_bug.cgi?id=2380280", "https://bugzilla.redhat.com/show_bug.cgi?id=2380283", "https://bugzilla.redhat.com/show_bug.cgi?id=2380284", "https://bugzilla.redhat.com/show_bug.cgi?id=2380290", "https://bugzilla.redhat.com/show_bug.cgi?id=2380291", "https://bugzilla.redhat.com/show_bug.cgi?id=2380295", "https://bugzilla.redhat.com/show_bug.cgi?id=2380298", "https://bugzilla.redhat.com/show_bug.cgi?id=2380306", "https://bugzilla.redhat.com/show_bug.cgi?id=2380308", "https://bugzilla.redhat.com/show_bug.cgi?id=2380309", "https://bugzilla.redhat.com/show_bug.cgi?id=2380310", "https://bugzilla.redhat.com/show_bug.cgi?id=2380312", "https://bugzilla.redhat.com/show_bug.cgi?id=2380313", "https://bugzilla.redhat.com/show_bug.cgi?id=2380320", "https://bugzilla.redhat.com/show_bug.cgi?id=2380321", "https://bugzilla.redhat.com/show_bug.cgi?id=2380322", "https://bugzilla.redhat.com/show_bug.cgi?id=2380326", "https://bugzilla.redhat.com/show_bug.cgi?id=2380327", "https://bugzilla.redhat.com/show_bug.cgi?id=2380334", "https://bugzilla.redhat.com/show_bug.cgi?id=2380335", "https://curl.se/docs/CVE-2025-5399.html", "https://curl.se/docs/CVE-2025-5399.json", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21574", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21575", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21577", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21579", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21580", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21581", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21584", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21585", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21588", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30681", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30682", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30683", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30684", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30685", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30687", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30688", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30693", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30695", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30696", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30699", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30703", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30704", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30705", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30715", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30721", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30722", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50077", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50078", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50079", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50080", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50081", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50082", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50083", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50084", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50085", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50086", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50087", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50088", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50091", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50092", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50093", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50094", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50096", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50097", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50098", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50099", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50100", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50101", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50102", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50104", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5399", "https://errata.almalinux.org/9/ALSA-2025-16046.html", "https://errata.rockylinux.org/RLSA-2025:15699", "https://github.com/advisories/GHSA-8h93-38hx-vv92", "https://hackerone.com/reports/3168039", "https://linux.oracle.com/cve/CVE-2025-5399.html", "https://linux.oracle.com/errata/ELSA-2025-16046.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-5399", "https://www.cve.org/CVERecord?id=CVE-2025-5399", "https://www.oracle.com/security-alerts/cpujul2025.html#AppendixMSQL" ], "PublishedDate": "2025-06-07T08:15:20.687Z", "LastModifiedDate": "2025-07-30T19:41:33.457Z" }, { "VulnerabilityID": "CVE-2025-9086", "PkgID": "libcurl@8.9.1-r2", "PkgName": "libcurl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcurl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", "UID": "2ba374c8fc8f948f" }, "InstalledVersion": "8.9.1-r2", "FixedVersion": "8.14.1-r2", "Status": "fixed", "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9086", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:1c46cb8ff7069fc21bb20542d74278ec83a9594fc214f598b73c9cd04e87799e", "Title": "curl: libcurl: Curl out of bounds read for cookie path", "Description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "alma": 2, "amazon": 1, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/09/10/1", "https://access.redhat.com/errata/RHSA-2026:1350", "https://access.redhat.com/security/cve/CVE-2025-9086", "https://bugzilla.redhat.com/2394750", "https://bugzilla.redhat.com/show_bug.cgi?id=2394750", "https://curl.se/docs/CVE-2025-9086.html", "https://curl.se/docs/CVE-2025-9086.json", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086", "https://errata.almalinux.org/9/ALSA-2026-1350.html", "https://errata.rockylinux.org/RLSA-2026:1350", "https://github.com/advisories/GHSA-v676-f8gm-92r9", "https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6", "https://hackerone.com/reports/3294999", "https://linux.oracle.com/cve/CVE-2025-9086.html", "https://linux.oracle.com/errata/ELSA-2026-1825.html", "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "https://ubuntu.com/security/notices/USN-8062-1", "https://www.cve.org/CVERecord?id=CVE-2025-9086" ], "PublishedDate": "2025-09-12T06:15:44.1Z", "LastModifiedDate": "2026-01-20T14:58:01.347Z" }, { "VulnerabilityID": "CVE-2025-64720", "PkgID": "libpng@1.6.44-r0", "PkgName": "libpng", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libpng@1.6.44-r0?arch=x86_64\u0026distro=3.20.3", "UID": "e29ba48026f32d89" }, "InstalledVersion": "1.6.44-r0", "FixedVersion": "1.6.53-r0", "Status": "fixed", "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-64720", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:04666bb95f53b42d9637a877dfe34942a8290f633ba0570ee28589a5decb3562", "Title": "libpng: LIBPNG buffer overflow", "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.", "Severity": "HIGH", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:0933", "https://access.redhat.com/security/cve/CVE-2025-64720", "https://bugzilla.redhat.com/show_bug.cgi?id=2416904", "https://bugzilla.redhat.com/show_bug.cgi?id=2416907", "https://bugzilla.redhat.com/show_bug.cgi?id=2418711", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64720", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65018", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66293", "https://errata.almalinux.org/9/ALSA-2026-0933.html", "https://errata.rockylinux.org/RLSA-2026:0238", "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643", "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643 (v1.6.51)", "https://github.com/pnggroup/libpng/issues/686", "https://github.com/pnggroup/libpng/pull/751", "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww", "https://linux.oracle.com/cve/CVE-2025-64720.html", "https://linux.oracle.com/errata/ELSA-2026-0932.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-64720", "https://ubuntu.com/security/notices/USN-7924-1", "https://www.cve.org/CVERecord?id=CVE-2025-64720", "https://www.openwall.com/lists/oss-security/2025/11/22/1" ], "PublishedDate": "2025-11-25T00:15:47.46Z", "LastModifiedDate": "2025-11-26T18:35:18.253Z" }, { "VulnerabilityID": "CVE-2025-65018", "PkgID": "libpng@1.6.44-r0", "PkgName": "libpng", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libpng@1.6.44-r0?arch=x86_64\u0026distro=3.20.3", "UID": "e29ba48026f32d89" }, "InstalledVersion": "1.6.44-r0", "FixedVersion": "1.6.53-r0", "Status": "fixed", "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-65018", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:86f925624b42a3bcc476777af730a9e3665744f5010a9ed80a145c9ef97ad3f6", "Title": "libpng: LIBPNG heap buffer overflow", "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.", "Severity": "HIGH", "CweIDs": [ "CWE-122", "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:0933", "https://access.redhat.com/security/cve/CVE-2025-65018", "https://bugzilla.redhat.com/show_bug.cgi?id=2416904", "https://bugzilla.redhat.com/show_bug.cgi?id=2416907", "https://bugzilla.redhat.com/show_bug.cgi?id=2418711", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64720", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65018", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66293", "https://errata.almalinux.org/9/ALSA-2026-0933.html", "https://errata.rockylinux.org/RLSA-2026:0238", "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d", "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d (v1.6.51)", "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea", "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea (v1.6.51)", "https://github.com/pnggroup/libpng/issues/755", "https://github.com/pnggroup/libpng/pull/757", "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g", "https://linux.oracle.com/cve/CVE-2025-65018.html", "https://linux.oracle.com/errata/ELSA-2026-0932.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-65018", "https://ubuntu.com/security/notices/USN-7924-1", "https://www.cve.org/CVERecord?id=CVE-2025-65018", "https://www.openwall.com/lists/oss-security/2025/11/22/1" ], "PublishedDate": "2025-11-25T00:15:47.61Z", "LastModifiedDate": "2025-11-26T18:34:53.65Z" }, { "VulnerabilityID": "CVE-2025-66293", "PkgID": "libpng@1.6.44-r0", "PkgName": "libpng", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libpng@1.6.44-r0?arch=x86_64\u0026distro=3.20.3", "UID": "e29ba48026f32d89" }, "InstalledVersion": "1.6.44-r0", "FixedVersion": "1.6.53-r0", "Status": "fixed", "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-66293", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:04d987a12397922ab23429cefdd18b90b65c29e35c2f0bf654aa3a72a68f4492", "Title": "libpng: LIBPNG out-of-bounds read in png_image_read_composite", "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later.", "Severity": "HIGH", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "V3Score": 7.1 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/12/03/6", "http://www.openwall.com/lists/oss-security/2025/12/03/7", "http://www.openwall.com/lists/oss-security/2025/12/03/8", "https://access.redhat.com/errata/RHSA-2026:0238", "https://access.redhat.com/security/cve/CVE-2025-66293", "https://bugzilla.redhat.com/2416904", "https://bugzilla.redhat.com/2416907", "https://bugzilla.redhat.com/2418711", "https://bugzilla.redhat.com/show_bug.cgi?id=2416904", "https://bugzilla.redhat.com/show_bug.cgi?id=2416907", "https://bugzilla.redhat.com/show_bug.cgi?id=2418711", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64720", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65018", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66293", "https://errata.almalinux.org/9/ALSA-2026-0238.html", "https://errata.rockylinux.org/RLSA-2026:0238", "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1", "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a", "https://github.com/pnggroup/libpng/issues/764", "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f", "https://linux.oracle.com/cve/CVE-2025-66293.html", "https://linux.oracle.com/errata/ELSA-2026-0241.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-66293", "https://ubuntu.com/security/notices/USN-7963-1", "https://ubuntu.com/security/notices/USN-8035-1", "https://www.cve.org/CVERecord?id=CVE-2025-66293" ], "PublishedDate": "2025-12-03T21:15:53.06Z", "LastModifiedDate": "2025-12-16T19:12:50.35Z" }, { "VulnerabilityID": "CVE-2026-22695", "PkgID": "libpng@1.6.44-r0", "PkgName": "libpng", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libpng@1.6.44-r0?arch=x86_64\u0026distro=3.20.3", "UID": "e29ba48026f32d89" }, "InstalledVersion": "1.6.44-r0", "FixedVersion": "1.6.54-r0", "Status": "fixed", "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22695", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:36c2a4f2b70a0b9b1661e638ba26377d62fa536fc51de4c79cb68a7ba2a8cc30", "Title": "libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read", "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlaced 16-bit PNGs with 8-bit output format and non-minimal row stride. This is a regression introduced by the fix for CVE-2025-65018. This vulnerability is fixed in 1.6.54.", "Severity": "HIGH", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "cbl-mariner": 2, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:3405", "https://access.redhat.com/security/cve/CVE-2026-22695", "https://bugzilla.redhat.com/2428824", "https://bugzilla.redhat.com/2428825", "https://bugzilla.redhat.com/2438542", "https://bugzilla.redhat.com/show_bug.cgi?id=2428824", "https://bugzilla.redhat.com/show_bug.cgi?id=2428825", "https://bugzilla.redhat.com/show_bug.cgi?id=2438542", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22695", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22801", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25646", "https://errata.almalinux.org/9/ALSA-2026-3405.html", "https://errata.rockylinux.org/RLSA-2026:3405", "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea", "https://github.com/pnggroup/libpng/commit/e4f7ad4ea2", "https://github.com/pnggroup/libpng/issues/778", "https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp", "https://linux.oracle.com/cve/CVE-2026-22695.html", "https://linux.oracle.com/errata/ELSA-2026-4728.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-22695", "https://ubuntu.com/security/notices/USN-7963-1", "https://ubuntu.com/security/notices/USN-8035-1", "https://www.cve.org/CVERecord?id=CVE-2026-22695", "https://www.openwall.com/lists/oss-security/2026/01/12/7" ], "PublishedDate": "2026-01-12T23:15:52.597Z", "LastModifiedDate": "2026-01-21T18:58:55.787Z" }, { "VulnerabilityID": "CVE-2026-22801", "PkgID": "libpng@1.6.44-r0", "PkgName": "libpng", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libpng@1.6.44-r0?arch=x86_64\u0026distro=3.20.3", "UID": "e29ba48026f32d89" }, "InstalledVersion": "1.6.44-r0", "FixedVersion": "1.6.54-r0", "Status": "fixed", "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22801", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:9a9a8e3cb9cf88bff61c9305c689f57738bf4b95d33ceb6be0d3b72a6c46ace4", "Title": "libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API", "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image_8bit causes heap buffer over-read when the caller provides a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes. The bug was introduced in libpng 1.6.26 (October 2016) by casts added to silence compiler warnings on 16-bit systems. This vulnerability is fixed in 1.6.54.", "Severity": "HIGH", "CweIDs": [ "CWE-125", "CWE-190" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "cbl-mariner": 2, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "V3Score": 6.6 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:3405", "https://access.redhat.com/security/cve/CVE-2026-22801", "https://bugzilla.redhat.com/2428824", "https://bugzilla.redhat.com/2428825", "https://bugzilla.redhat.com/2438542", "https://bugzilla.redhat.com/show_bug.cgi?id=2428824", "https://bugzilla.redhat.com/show_bug.cgi?id=2428825", "https://bugzilla.redhat.com/show_bug.cgi?id=2438542", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22695", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22801", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25646", "https://errata.almalinux.org/9/ALSA-2026-3405.html", "https://errata.rockylinux.org/RLSA-2026:3405", "https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8", "https://linux.oracle.com/cve/CVE-2026-22801.html", "https://linux.oracle.com/errata/ELSA-2026-4728.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-22801", "https://ubuntu.com/security/notices/USN-7963-1", "https://ubuntu.com/security/notices/USN-8035-1", "https://www.cve.org/CVERecord?id=CVE-2026-22801", "https://www.openwall.com/lists/oss-security/2026/01/12/7" ], "PublishedDate": "2026-01-12T23:15:52.907Z", "LastModifiedDate": "2026-01-21T18:58:18.27Z" }, { "VulnerabilityID": "CVE-2026-25646", "PkgID": "libpng@1.6.44-r0", "PkgName": "libpng", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libpng@1.6.44-r0?arch=x86_64\u0026distro=3.20.3", "UID": "e29ba48026f32d89" }, "InstalledVersion": "1.6.44-r0", "FixedVersion": "1.6.55-r0", "Status": "fixed", "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25646", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:85e41518a186f195db1bbfcdd98c897d6f187b31a23b89258328ced00d1e91d1", "Title": "libpng: LIBPNG has a heap buffer overflow in png_set_quantize", "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55.", "Severity": "HIGH", "CweIDs": [ "CWE-122", "CWE-126" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "V3Score": 7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/02/09/7", "https://access.redhat.com/errata/RHSA-2026:3405", "https://access.redhat.com/security/cve/CVE-2026-25646", "https://bugzilla.redhat.com/2428824", "https://bugzilla.redhat.com/2428825", "https://bugzilla.redhat.com/2438542", "https://bugzilla.redhat.com/show_bug.cgi?id=2428824", "https://bugzilla.redhat.com/show_bug.cgi?id=2428825", "https://bugzilla.redhat.com/show_bug.cgi?id=2438542", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22695", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22801", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25646", "https://errata.almalinux.org/9/ALSA-2026-3405.html", "https://errata.rockylinux.org/RLSA-2026:3405", "https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88", "https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3", "https://linux.oracle.com/cve/CVE-2026-25646.html", "https://linux.oracle.com/errata/ELSA-2026-7032.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-25646", "https://ubuntu.com/security/notices/USN-8035-1", "https://ubuntu.com/security/notices/USN-8039-1", "https://ubuntu.com/security/notices/USN-8081-1", "https://www.cve.org/CVERecord?id=CVE-2026-25646" ], "PublishedDate": "2026-02-10T18:16:37.817Z", "LastModifiedDate": "2026-02-13T20:43:44.69Z" }, { "VulnerabilityID": "CVE-2025-64505", "PkgID": "libpng@1.6.44-r0", "PkgName": "libpng", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libpng@1.6.44-r0?arch=x86_64\u0026distro=3.20.3", "UID": "e29ba48026f32d89" }, "InstalledVersion": "1.6.44-r0", "FixedVersion": "1.6.53-r0", "Status": "fixed", "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-64505", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:78e074ffd25d850c85fe6e6abc43c84ecec3d3f3b4153a3e371153f3694ce6cf", "Title": "libpng: LIBPNG heap buffer overflow via malformed palette index", "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access. This issue has been patched in version 1.6.51.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-64505", "https://github.com/pnggroup/libpng/commit/6a528eb5fd0dd7f6de1c39d30de0e41473431c37", "https://github.com/pnggroup/libpng/commit/6a528eb5fd0dd7f6de1c39d30de0e41473431c37 (v1.6.51)", "https://github.com/pnggroup/libpng/pull/748", "https://github.com/pnggroup/libpng/security/advisories/GHSA-4952-h5wq-4m42", "https://nvd.nist.gov/vuln/detail/CVE-2025-64505", "https://ubuntu.com/security/notices/USN-7924-1", "https://ubuntu.com/security/notices/USN-8081-1", "https://www.cve.org/CVERecord?id=CVE-2025-64505", "https://www.openwall.com/lists/oss-security/2025/11/22/1" ], "PublishedDate": "2025-11-25T00:15:47.133Z", "LastModifiedDate": "2025-11-26T18:28:32.22Z" }, { "VulnerabilityID": "CVE-2025-64506", "PkgID": "libpng@1.6.44-r0", "PkgName": "libpng", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libpng@1.6.44-r0?arch=x86_64\u0026distro=3.20.3", "UID": "e29ba48026f32d89" }, "InstalledVersion": "1.6.44-r0", "FixedVersion": "1.6.53-r0", "Status": "fixed", "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-64506", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:0fc39b69047b3f7bc637e716eca9c85001c852edb562b2d6c3a15ef15cf0efc3", "Title": "libpng: LIBPNG heap buffer over-read", "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enabled. The vulnerability affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data. A conditional guard incorrectly allows 8-bit input to enter code expecting 16-bit input, causing reads up to 2 bytes beyond allocated buffer boundaries. This issue has been patched in version 1.6.51.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "amazon": 3, "azure": 2, "cbl-mariner": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-64506", "https://github.com/pnggroup/libpng/commit/2bd84c019c300b78e811743fbcddb67c9d9bf821", "https://github.com/pnggroup/libpng/commit/2bd84c019c300b78e811743fbcddb67c9d9bf821 (v1.6.51)", "https://github.com/pnggroup/libpng/pull/749", "https://github.com/pnggroup/libpng/security/advisories/GHSA-qpr4-xm66-hww6", "https://nvd.nist.gov/vuln/detail/CVE-2025-64506", "https://ubuntu.com/security/notices/USN-7924-1", "https://www.cve.org/CVERecord?id=CVE-2025-64506", "https://www.openwall.com/lists/oss-security/2025/11/22/1" ], "PublishedDate": "2025-11-25T00:15:47.3Z", "LastModifiedDate": "2025-11-26T18:34:38.24Z" }, { "VulnerabilityID": "CVE-2026-33416", "PkgID": "libpng@1.6.44-r0", "PkgName": "libpng", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libpng@1.6.44-r0?arch=x86_64\u0026distro=3.20.3", "UID": "e29ba48026f32d89" }, "InstalledVersion": "1.6.44-r0", "FixedVersion": "1.6.56-r0", "Status": "fixed", "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33416", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:269acfff291a9aa56bb4397f191d0e37906d9bc5eb133fc9073cbbf6aab99ee4", "Title": "libpng: libpng: Arbitrary code execution due to use-after-free vulnerability", "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.2.1 through 1.6.55, `png_set_tRNS` and `png_set_PLTE` each alias a heap-allocated buffer between `png_struct` and `png_info`, sharing a single allocation across two structs with independent lifetimes. The `trans_alpha` aliasing has been present since at least libpng 1.0, and the `palette` aliasing since at least 1.2.1. Both affect all prior release lines `png_set_tRNS` sets `png_ptr-\u003etrans_alpha = info_ptr-\u003etrans_alpha` (256-byte buffer) and `png_set_PLTE` sets `info_ptr-\u003epalette = png_ptr-\u003epalette` (768-byte buffer). In both cases, calling `png_free_data` (with `PNG_FREE_TRNS` or `PNG_FREE_PLTE`) frees the buffer through `info_ptr` while the corresponding `png_ptr` pointer remains dangling. Subsequent row-transform functions dereference and, in some code paths, write to the freed memory. A second call to `png_set_tRNS` or `png_set_PLTE` has the same effect, because both functions call `png_free_data` internally before reallocating the `info_ptr` buffer. Version 1.6.56 fixes the issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:9693", "https://access.redhat.com/security/cve/CVE-2026-33416", "https://bugzilla.redhat.com/show_bug.cgi?id=2451805", "https://bugzilla.redhat.com/show_bug.cgi?id=2451819", "https://bugzilla.redhat.com/show_bug.cgi?id=2455897", "https://bugzilla.redhat.com/show_bug.cgi?id=2455901", "https://bugzilla.redhat.com/show_bug.cgi?id=2455908", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33416", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33636", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5731", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5732", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5734", "https://errata.almalinux.org/9/ALSA-2026-9693.html", "https://errata.rockylinux.org/RLSA-2026:8459", "https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb", "https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667", "https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25", "https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1", "https://github.com/pnggroup/libpng/pull/824", "https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j", "https://linux.oracle.com/cve/CVE-2026-33416.html", "https://linux.oracle.com/errata/ELSA-2026-9693.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-33416", "https://ubuntu.com/security/notices/USN-8251-1", "https://www.cve.org/CVERecord?id=CVE-2026-33416" ], "PublishedDate": "2026-03-26T17:16:38.443Z", "LastModifiedDate": "2026-04-02T20:28:33.973Z" }, { "VulnerabilityID": "CVE-2026-33636", "PkgID": "libpng@1.6.44-r0", "PkgName": "libpng", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libpng@1.6.44-r0?arch=x86_64\u0026distro=3.20.3", "UID": "e29ba48026f32d89" }, "InstalledVersion": "1.6.44-r0", "FixedVersion": "1.6.56-r0", "Status": "fixed", "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33636", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:d1798360723eacea8651a6ac09b94e12f167c01d095c31534ebfcd1448ce7e83", "Title": "libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion", "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds read and write exists in libpng's ARM/AArch64 Neon-optimized palette expansion path. When expanding 8-bit paletted rows to RGB or RGBA, the Neon loop processes a final partial chunk without verifying that enough input pixels remain. Because the implementation works backward from the end of the row, the final iteration dereferences pointers before the start of the row buffer (OOB read) and writes expanded pixel data to the same underflowed positions (OOB write). This is reachable via normal decoding of attacker-controlled PNG input if Neon is enabled. Version 1.6.56 fixes the issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125", "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "V3Score": 7.6 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:9693", "https://access.redhat.com/security/cve/CVE-2026-33636", "https://bugzilla.redhat.com/show_bug.cgi?id=2451819", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33636", "https://errata.almalinux.org/9/ALSA-2026-9693.html", "https://errata.rockylinux.org/RLSA-2026:14791", "https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869", "https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3", "https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2", "https://linux.oracle.com/cve/CVE-2026-33636.html", "https://linux.oracle.com/errata/ELSA-2026-9693.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-33636", "https://ubuntu.com/security/notices/USN-8251-1", "https://www.cve.org/CVERecord?id=CVE-2026-33636" ], "PublishedDate": "2026-03-26T17:16:41.477Z", "LastModifiedDate": "2026-04-02T18:42:02.667Z" }, { "VulnerabilityID": "CVE-2026-34757", "PkgID": "libpng@1.6.44-r0", "PkgName": "libpng", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libpng@1.6.44-r0?arch=x86_64\u0026distro=3.20.3", "UID": "e29ba48026f32d89" }, "InstalledVersion": "1.6.44-r0", "FixedVersion": "1.6.57-r0", "Status": "fixed", "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34757", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:8cbe2d00ff1387ed30628b4c0f5a887c6918973f33799a6fd61a2f93f742abbc", "Title": "libpng: libpng: Information disclosure and data corruption via use-after-free vulnerability", "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from png_get_PLTE, png_get_tRNS, or png_get_hIST back into the corresponding setter on the same png_struct/png_info pair causes the setter to read from freed memory and copy its contents into the replacement buffer. The setter frees the internal buffer before copying from the caller-supplied pointer, which now dangles. The freed region may contain stale data (producing silently corrupted chunk metadata) or data from subsequent heap allocations (leaking unrelated heap contents into the chunk struct). This vulnerability is fixed in 1.6.57.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 2, "azure": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-34757", "https://github.com/pnggroup/libpng/commit/398cbe3df03f4e11bb031e07f416dfdde3684e8a", "https://github.com/pnggroup/libpng/commit/55d20aaa322c9274491cda82c5cd4f99b48c6bcc", "https://github.com/pnggroup/libpng/issues/836", "https://github.com/pnggroup/libpng/issues/837", "https://github.com/pnggroup/libpng/security/advisories/GHSA-6fr7-g8h7-v645", "https://lists.debian.org/debian-lts-announce/2026/05/msg00017.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-34757", "https://ubuntu.com/security/notices/USN-8251-1", "https://www.cve.org/CVERecord?id=CVE-2026-34757" ], "PublishedDate": "2026-04-09T15:16:11.003Z", "LastModifiedDate": "2026-05-13T23:07:51.863Z" }, { "VulnerabilityID": "CVE-2026-31789", "PkgID": "libssl3@3.3.2-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "c6ddd7b4b8d1fc36" }, "InstalledVersion": "3.3.2-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31789", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:3192f6e7ad34cbbd5041d70e667f0914365e935741108b37e9db8ce9a8b0b446", "Title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing", "Description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "CRITICAL", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "azure": 2, "nvd": 4, "photon": 4, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", "V3Score": 5.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31789", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-j79m-9jxq-788r", "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-31789", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.617Z", "LastModifiedDate": "2026-05-12T13:17:34.57Z" }, { "VulnerabilityID": "CVE-2024-12797", "PkgID": "libssl3@3.3.2-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "c6ddd7b4b8d1fc36" }, "InstalledVersion": "3.3.2-r0", "FixedVersion": "3.3.3-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-12797", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:e8b334e54f7abec2f2f14f0152ec3e01d5b24c3d2c8edcbe87234338a769279f", "Title": "openssl: RFC7250 handshakes with unauthenticated servers don't abort as expected", "Description": "Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a\nserver may fail to notice that the server was not authenticated, because\nhandshakes don't abort as expected when the SSL_VERIFY_PEER verification mode\nis set.\n\nImpact summary: TLS and DTLS connections using raw public keys may be\nvulnerable to man-in-middle attacks when server authentication failure is not\ndetected by clients.\n\nRPKs are disabled by default in both TLS clients and TLS servers. The issue\nonly arises when TLS clients explicitly enable RPK use by the server, and the\nserver, likewise, enables sending of an RPK instead of an X.509 certificate\nchain. The affected clients are those that then rely on the handshake to\nfail when the server's RPK fails to match one of the expected public keys,\nby setting the verification mode to SSL_VERIFY_PEER.\n\nClients that enable server-side raw public keys can still find out that raw\npublic key verification failed by calling SSL_get_verify_result(), and those\nthat do, and take appropriate action, are not affected. This issue was\nintroduced in the initial implementation of RPK support in OpenSSL 3.2.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-392" ], "VendorSeverity": { "alma": 3, "azure": 3, "cbl-mariner": 3, "ghsa": 1, "oracle-oval": 3, "redhat": 3, "rocky": 3, "ubuntu": 3 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/02/11/3", "http://www.openwall.com/lists/oss-security/2025/02/11/4", "https://access.redhat.com/errata/RHSA-2025:1330", "https://access.redhat.com/security/cve/CVE-2024-12797", "https://bugzilla.redhat.com/2342757", "https://bugzilla.redhat.com/show_bug.cgi?id=2342757", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12797", "https://errata.almalinux.org/9/ALSA-2025-1330.html", "https://errata.rockylinux.org/RLSA-2025:1330", "https://github.com/openssl/openssl/commit/738d4f9fdeaad57660dcba50a619fafced3fd5e9", "https://github.com/openssl/openssl/commit/798779d43494549b611233f92652f0da5328fbe7", "https://github.com/openssl/openssl/commit/87ebd203feffcf92ad5889df92f90bb0ee10a699", "https://github.com/pyca/cryptography", "https://github.com/pyca/cryptography/security/advisories/GHSA-79v4-65xg-pq4g", "https://linux.oracle.com/cve/CVE-2024-12797.html", "https://linux.oracle.com/errata/ELSA-2025-1330.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-12797", "https://openssl-library.org/news/secadv/20250211.txt", "https://security.netapp.com/advisory/ntap-20250214-0001/", "https://ubuntu.com/security/notices/USN-7264-1", "https://www.cve.org/CVERecord?id=CVE-2024-12797" ], "PublishedDate": "2025-02-11T16:15:38.827Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-15467", "PkgID": "libssl3@3.3.2-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "c6ddd7b4b8d1fc36" }, "InstalledVersion": "3.3.2-r0", "FixedVersion": "3.3.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15467", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:3e4b9631d37814c8165d5cb05cf2f04ad428535d8259103309b8e848ecc52f78", "Title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing", "Description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 4, "julia": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 8.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/27/10", "http://www.openwall.com/lists/oss-security/2026/02/25/6", "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-15467", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-wvhq-3h88-rf6g", "https://github.com/guiimoraes/CVE-2025-15467", "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://linux.oracle.com/cve/CVE-2025-15467.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://www.cve.org/CVERecord?id=CVE-2025-15467" ], "PublishedDate": "2026-01-27T16:16:14.257Z", "LastModifiedDate": "2026-05-07T18:12:43.253Z" }, { "VulnerabilityID": "CVE-2025-69421", "PkgID": "libssl3@3.3.2-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "c6ddd7b4b8d1fc36" }, "InstalledVersion": "3.3.2-r0", "FixedVersion": "3.3.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69421", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:ea6b0a9d64210b3ae7a2c3c9edc7e4456d00ce56676c5361b2df3cfdb6531b23", "Title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing", "Description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "cbl-mariner": 2, "julia": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 1, "rocky": 3, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-69421", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-w9rv-xc8m-cmqp", "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://linux.oracle.com/cve/CVE-2025-69421.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69421" ], "PublishedDate": "2026-01-27T16:16:34.437Z", "LastModifiedDate": "2026-05-12T13:17:26.71Z" }, { "VulnerabilityID": "CVE-2026-28387", "PkgID": "libssl3@3.3.2-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "c6ddd7b4b8d1fc36" }, "InstalledVersion": "3.3.2-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28387", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:84adba333700bc4765c878b821cab1238e683cd6025f41190a6d101cd3a63839", "Title": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication", "Description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as 'unusable' any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28387", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b", "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe", "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3", "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7", "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177", "https://nvd.nist.gov/vuln/detail/CVE-2026-28387", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28387", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:20.7Z", "LastModifiedDate": "2026-05-12T13:17:33.27Z" }, { "VulnerabilityID": "CVE-2026-28388", "PkgID": "libssl3@3.3.2-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "c6ddd7b4b8d1fc36" }, "InstalledVersion": "3.3.2-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28388", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:92f3a1d31fbb98645ce72c3dc55966dd583316cce6a99208a1bfae4f47ab35a0", "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing", "Description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28388", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28388", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:20.863Z", "LastModifiedDate": "2026-05-12T13:17:33.453Z" }, { "VulnerabilityID": "CVE-2026-28389", "PkgID": "libssl3@3.3.2-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "c6ddd7b4b8d1fc36" }, "InstalledVersion": "3.3.2-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28389", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:4eb5b3bb6f305566c5b3f981164095e9fdf939fc9bf2159110f35a2697a6ef3e", "Title": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing", "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28389", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/advisories/GHSA-7x88-9hgc-69gf", "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28389", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.03Z", "LastModifiedDate": "2026-05-12T13:17:33.637Z" }, { "VulnerabilityID": "CVE-2026-28390", "PkgID": "libssl3@3.3.2-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "c6ddd7b4b8d1fc36" }, "InstalledVersion": "3.3.2-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28390", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:773fde7e774ab8a52786717be3e989c0b90a1b1993a95c8f9aa0174719dda535", "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing", "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28390", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", "https://nvd.nist.gov/vuln/detail/CVE-2026-28390", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28390", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.19Z", "LastModifiedDate": "2026-05-12T13:17:33.81Z" }, { "VulnerabilityID": "CVE-2025-69419", "PkgID": "libssl3@3.3.2-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "c6ddd7b4b8d1fc36" }, "InstalledVersion": "3.3.2-r0", "FixedVersion": "3.3.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69419", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:d8dcb9892c8a0702ecd8c040e1c2e582ae19dbf0354078321256d9fad0f628a9", "Title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing", "Description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "cbl-mariner": 3, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4472", "https://access.redhat.com/security/cve/CVE-2025-69419", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-4472.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-x77r-97gw-wh89", "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", "https://linux.oracle.com/cve/CVE-2025-69419.html", "https://linux.oracle.com/errata/ELSA-2026-50131.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69419" ], "PublishedDate": "2026-01-27T16:16:34.113Z", "LastModifiedDate": "2026-05-12T13:17:26.19Z" }, { "VulnerabilityID": "CVE-2025-9230", "PkgID": "libssl3@3.3.2-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "c6ddd7b4b8d1fc36" }, "InstalledVersion": "3.3.2-r0", "FixedVersion": "3.3.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:9ec7e2f99720ef8080aa90597d7c48f748af6d55adeeaa42ab60933fddd9d13a", "Title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap", "Description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125", "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "cbl-mariner": 3, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.6 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/09/30/5", "https://access.redhat.com/errata/RHSA-2026:2776", "https://access.redhat.com/security/cve/CVE-2025-9230", "https://bugzilla.redhat.com/2396054", "https://bugzilla.redhat.com/show_bug.cgi?id=2396054", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cert-portal.siemens.com/productcert/html/ssa-485750.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230", "https://errata.almalinux.org/9/ALSA-2026-2776.html", "https://errata.rockylinux.org/RLSA-2025:21255", "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", "https://linux.oracle.com/cve/CVE-2025-9230.html", "https://linux.oracle.com/errata/ELSA-2026-50114.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "https://openssl-library.org/news/secadv/20250930.txt", "https://ubuntu.com/security/notices/USN-7786-1", "https://www.cve.org/CVERecord?id=CVE-2025-9230" ], "PublishedDate": "2025-09-30T14:15:41.05Z", "LastModifiedDate": "2026-05-12T13:17:29.767Z" }, { "VulnerabilityID": "CVE-2025-9231", "PkgID": "libssl3@3.3.2-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "c6ddd7b4b8d1fc36" }, "InstalledVersion": "3.3.2-r0", "FixedVersion": "3.3.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:1b755f8cff5cfbfd8ff0cfde0572183551f69923dee1f45be52a929f451bfbcd", "Title": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", "Description": "Issue summary: A timing side-channel which could potentially allow remote\nrecovery of the private key exists in the SM2 algorithm implementation on 64 bit\nARM platforms.\n\nImpact summary: A timing side-channel in SM2 signature computations on 64 bit\nARM platforms could allow recovering the private key by an attacker..\n\nWhile remote key recovery over a network was not attempted by the reporter,\ntiming measurements revealed a timing signal which may allow such an attack.\n\nOpenSSL does not directly support certificates with SM2 keys in TLS, and so\nthis CVE is not relevant in most TLS contexts. However, given that it is\npossible to add support for such certificates via a custom provider, coupled\nwith the fact that in such a custom provider context the private key may be\nrecoverable via remote timing measurements, we consider this to be a Moderate\nseverity issue.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as SM2 is not an approved algorithm.", "Severity": "MEDIUM", "CweIDs": [ "CWE-385" ], "VendorSeverity": { "amazon": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/09/30/5", "http://www.openwall.com/lists/oss-security/2026/05/11/11", "https://access.redhat.com/security/cve/CVE-2025-9231", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", "https://github.com/advisories/GHSA-9mrx-mqmg-gwj9", "https://github.com/openssl/openssl/commit/567f64386e43683888212226824b6a179885a0fe", "https://github.com/openssl/openssl/commit/cba616c26ac8e7b37de5e77762e505ba5ca51698", "https://github.com/openssl/openssl/commit/eed5adc9f969d77c94f213767acbb41ff923b6f4", "https://github.com/openssl/openssl/commit/fc47a2ec078912b3e914fab5734535e76c4820c2", "https://nvd.nist.gov/vuln/detail/CVE-2025-9231", "https://openssl-library.org/news/secadv/20250930.txt", "https://ubuntu.com/security/notices/USN-7786-1", "https://www.cve.org/CVERecord?id=CVE-2025-9231" ], "PublishedDate": "2025-09-30T14:15:41.19Z", "LastModifiedDate": "2026-05-12T13:17:29.927Z" }, { "VulnerabilityID": "CVE-2026-31790", "PkgID": "libssl3@3.3.2-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "c6ddd7b4b8d1fc36" }, "InstalledVersion": "3.3.2-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31790", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:86dbb7f3c64a42ce7056e3cb8a41c1fef658945041a797af1e797686a1ac24c8", "Title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key", "Description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-754" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31790", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-vgxx-5xj5-q97x", "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-31790", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.77Z", "LastModifiedDate": "2026-05-12T13:17:34.75Z" }, { "VulnerabilityID": "CVE-2025-26519", "PkgID": "musl@1.2.5-r0", "PkgName": "musl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl@1.2.5-r0?arch=x86_64\u0026distro=3.20.3", "UID": "d76e86ca8c96b6ac" }, "InstalledVersion": "1.2.5-r0", "FixedVersion": "1.2.5-r1", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-26519", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:a727aa52cbae014532be6b432c52d4bc6f278c46952fc210526842c880c7d88d", "Title": "musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write ...", "Description": "musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "nvd": 3 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/02/13/2", "http://www.openwall.com/lists/oss-security/2025/02/13/3", "http://www.openwall.com/lists/oss-security/2025/02/13/4", "http://www.openwall.com/lists/oss-security/2025/02/13/5", "http://www.openwall.com/lists/oss-security/2025/02/14/5", "http://www.openwall.com/lists/oss-security/2025/02/14/6", "https://git.musl-libc.org/cgit/musl/commit/?id=c47ad25ea3b484e10326f933e927c0bc8cded3da", "https://git.musl-libc.org/cgit/musl/commit/?id=e5adcd97b5196e29991b524237381a0202a60659", "https://www.openwall.com/lists/oss-security/2025/02/13/2" ], "PublishedDate": "2025-02-14T04:15:09.05Z", "LastModifiedDate": "2025-12-10T20:03:59.273Z" }, { "VulnerabilityID": "CVE-2026-40200", "PkgID": "musl@1.2.5-r0", "PkgName": "musl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl@1.2.5-r0?arch=x86_64\u0026distro=3.20.3", "UID": "d76e86ca8c96b6ac" }, "InstalledVersion": "1.2.5-r0", "FixedVersion": "1.2.5-r3", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40200", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:240b4b1b174030ab0bc7b47f7acb1c00fd1ed5ceaf9c644fd1d57998f29a9eb8", "Title": "musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort", "Description": "An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).", "Severity": "HIGH", "CweIDs": [ "CWE-670" ], "VendorSeverity": { "redhat": 3 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/10/13", "https://access.redhat.com/security/cve/CVE-2026-40200", "https://musl.libc.org/releases.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-40200", "https://www.cve.org/CVERecord?id=CVE-2026-40200", "https://www.openwall.com/lists/oss-security/2026/04/10/13" ], "PublishedDate": "2026-04-10T17:17:14.107Z", "LastModifiedDate": "2026-04-27T19:18:46.69Z" }, { "VulnerabilityID": "CVE-2026-6042", "PkgID": "musl@1.2.5-r0", "PkgName": "musl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl@1.2.5-r0?arch=x86_64\u0026distro=3.20.3", "UID": "d76e86ca8c96b6ac" }, "InstalledVersion": "1.2.5-r0", "FixedVersion": "1.2.5-r2", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6042", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:4225097f346fb36e5e66ffc15adff5168cd762c2a51f67dd889aee22ad839594", "Title": "musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv", "Description": "A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.", "Severity": "MEDIUM", "CweIDs": [ "CWE-404", "CWE-407" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/09/19", "https://access.redhat.com/security/cve/CVE-2026-6042", "https://nvd.nist.gov/vuln/detail/CVE-2026-6042", "https://vuldb.com/submit/796352", "https://vuldb.com/vuln/356620", "https://vuldb.com/vuln/356620/cti", "https://www.cve.org/CVERecord?id=CVE-2026-6042", "https://www.openwall.com/lists/oss-security/2026/04/02/10", "https://www.openwall.com/lists/oss-security/2026/04/03/2" ], "PublishedDate": "2026-04-10T09:16:25.45Z", "LastModifiedDate": "2026-04-24T18:01:13.913Z" }, { "VulnerabilityID": "CVE-2025-26519", "PkgID": "musl-utils@1.2.5-r0", "PkgName": "musl-utils", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r0?arch=x86_64\u0026distro=3.20.3", "UID": "a313fc68c87a2f4d" }, "InstalledVersion": "1.2.5-r0", "FixedVersion": "1.2.5-r1", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-26519", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:cf18e324e2464871d5e1c1fe0e1af0fba498ed096111bab7cc2aa3c071eb319f", "Title": "musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write ...", "Description": "musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "nvd": 3 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/02/13/2", "http://www.openwall.com/lists/oss-security/2025/02/13/3", "http://www.openwall.com/lists/oss-security/2025/02/13/4", "http://www.openwall.com/lists/oss-security/2025/02/13/5", "http://www.openwall.com/lists/oss-security/2025/02/14/5", "http://www.openwall.com/lists/oss-security/2025/02/14/6", "https://git.musl-libc.org/cgit/musl/commit/?id=c47ad25ea3b484e10326f933e927c0bc8cded3da", "https://git.musl-libc.org/cgit/musl/commit/?id=e5adcd97b5196e29991b524237381a0202a60659", "https://www.openwall.com/lists/oss-security/2025/02/13/2" ], "PublishedDate": "2025-02-14T04:15:09.05Z", "LastModifiedDate": "2025-12-10T20:03:59.273Z" }, { "VulnerabilityID": "CVE-2026-40200", "PkgID": "musl-utils@1.2.5-r0", "PkgName": "musl-utils", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r0?arch=x86_64\u0026distro=3.20.3", "UID": "a313fc68c87a2f4d" }, "InstalledVersion": "1.2.5-r0", "FixedVersion": "1.2.5-r3", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40200", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:62a59bae1df40f0ae3d8f5a8718ffcfa79bf1a9b60ddbf4bb4bd7f8a6eec76a4", "Title": "musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort", "Description": "An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).", "Severity": "HIGH", "CweIDs": [ "CWE-670" ], "VendorSeverity": { "redhat": 3 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/10/13", "https://access.redhat.com/security/cve/CVE-2026-40200", "https://musl.libc.org/releases.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-40200", "https://www.cve.org/CVERecord?id=CVE-2026-40200", "https://www.openwall.com/lists/oss-security/2026/04/10/13" ], "PublishedDate": "2026-04-10T17:17:14.107Z", "LastModifiedDate": "2026-04-27T19:18:46.69Z" }, { "VulnerabilityID": "CVE-2026-6042", "PkgID": "musl-utils@1.2.5-r0", "PkgName": "musl-utils", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r0?arch=x86_64\u0026distro=3.20.3", "UID": "a313fc68c87a2f4d" }, "InstalledVersion": "1.2.5-r0", "FixedVersion": "1.2.5-r2", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6042", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:99236924f1de4590f536151146e93a73979976e94f5efca2132b6daf3a1111b8", "Title": "musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv", "Description": "A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.", "Severity": "MEDIUM", "CweIDs": [ "CWE-404", "CWE-407" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/09/19", "https://access.redhat.com/security/cve/CVE-2026-6042", "https://nvd.nist.gov/vuln/detail/CVE-2026-6042", "https://vuldb.com/submit/796352", "https://vuldb.com/vuln/356620", "https://vuldb.com/vuln/356620/cti", "https://www.cve.org/CVERecord?id=CVE-2026-6042", "https://www.openwall.com/lists/oss-security/2026/04/02/10", "https://www.openwall.com/lists/oss-security/2026/04/03/2" ], "PublishedDate": "2026-04-10T09:16:25.45Z", "LastModifiedDate": "2026-04-24T18:01:13.913Z" }, { "VulnerabilityID": "CVE-2024-58251", "PkgID": "ssl_client@1.36.1-r29", "PkgName": "ssl_client", "PkgIdentifier": { "PURL": "pkg:apk/alpine/ssl_client@1.36.1-r29?arch=x86_64\u0026distro=3.20.3", "UID": "98ff5cbbbcd05de1" }, "InstalledVersion": "1.36.1-r29", "FixedVersion": "1.36.1-r31", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:fd3dcaefe79eeb607142505e9afa1284bc3ef9d44b47444d630bcbc7154022b2", "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", "Severity": "MEDIUM", "CweIDs": [ "CWE-150" ], "VendorSeverity": { "ubuntu": 2 }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/23/6", "https://bugs.busybox.net/show_bug.cgi?id=15922", "https://www.busybox.net", "https://www.busybox.net/downloads/", "https://www.cve.org/CVERecord?id=CVE-2024-58251" ], "PublishedDate": "2025-04-23T18:16:03.057Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-5994", "PkgID": "unbound-libs@1.20.0-r0", "PkgName": "unbound-libs", "PkgIdentifier": { "PURL": "pkg:apk/alpine/unbound-libs@1.20.0-r0?arch=x86_64\u0026distro=3.20.3", "UID": "3b561481a45e3738" }, "InstalledVersion": "1.20.0-r0", "FixedVersion": "1.20.0-r2", "Status": "fixed", "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5994", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:53dd13085d6fe62b0f9526d029cea91a70c8c2d72be113aaaf0c39c65b24488a", "Title": "unbound: Unbound Cache poisoning", "Description": "A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet (ECS). Unbound is also vulnerable when compiled with ECS support, i.e., '--enable-subnet', AND configured to send ECS information along with queries to upstream name servers, i.e., at least one of the 'send-client-subnet', 'client-subnet-zone' or 'client-subnet-always-forward' options is used. Resolvers supporting ECS need to segregate outgoing queries to accommodate for different outgoing ECS information. This re-opens up resolvers to a birthday paradox attack (Rebirthday Attack) that tries to match the DNS transaction ID in order to cache non-ECS poisonous replies.", "Severity": "HIGH", "CweIDs": [ "CWE-349" ], "VendorSeverity": { "alma": 3, "amazon": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:11849", "https://access.redhat.com/security/cve/CVE-2025-5994", "https://bugzilla.redhat.com/2380949", "https://bugzilla.redhat.com/show_bug.cgi?id=2380949", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5994", "https://errata.almalinux.org/9/ALSA-2025-11849.html", "https://errata.rockylinux.org/RLSA-2025:11849", "https://linux.oracle.com/cve/CVE-2025-5994.html", "https://linux.oracle.com/errata/ELSA-2025-12064.html", "https://lists.debian.org/debian-lts-announce/2025/08/msg00019.html", "https://nlnetlabs.nl/downloads/unbound/CVE-2025-5994.txt", "https://nvd.nist.gov/vuln/detail/CVE-2025-5994", "https://ubuntu.com/security/notices/USN-7666-1", "https://www.cve.org/CVERecord?id=CVE-2025-5994" ], "PublishedDate": "2025-07-16T15:15:33.49Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-8508", "PkgID": "unbound-libs@1.20.0-r0", "PkgName": "unbound-libs", "PkgIdentifier": { "PURL": "pkg:apk/alpine/unbound-libs@1.20.0-r0?arch=x86_64\u0026distro=3.20.3", "UID": "3b561481a45e3738" }, "InstalledVersion": "1.20.0-r0", "FixedVersion": "1.20.0-r1", "Status": "fixed", "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-8508", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:31c274f0cab65582a62c51c117e3f46d61a787ae829728b66a62d2723376ab9b", "Title": "unbound: Unbounded name compression could lead to Denial of Service", "Description": "NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to degraded performance and eventually denial of service in well orchestrated attacks. The vulnerability can be exploited by a malicious actor querying Unbound for the specially crafted contents of a malicious zone with very large RRsets. Before Unbound replies to the query it will try to apply name compression which was an unbounded operation that could lock the CPU until the whole packet was complete. Unbound version 1.21.1 introduces a hard limit on the number of name compression calculations it is willing to do per packet. Packets that need more compression will result in semi-compressed packets or truncated packets, even on TCP for huge messages, to avoid locking the CPU for long. This change should not affect normal DNS traffic.", "Severity": "MEDIUM", "CweIDs": [ "CWE-606", "CWE-1284" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/10/04/5", "https://access.redhat.com/errata/RHSA-2024:11232", "https://access.redhat.com/security/cve/CVE-2024-8508", "https://bugzilla.redhat.com/2316321", "https://bugzilla.redhat.com/show_bug.cgi?id=2316321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8508", "https://errata.almalinux.org/9/ALSA-2024-11232.html", "https://errata.rockylinux.org/RLSA-2025:8197", "https://linux.oracle.com/cve/CVE-2024-8508.html", "https://linux.oracle.com/errata/ELSA-2025-8197.html", "https://lists.debian.org/debian-lts-announce/2024/11/msg00009.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-8508", "https://ubuntu.com/security/notices/USN-7080-1", "https://www.cve.org/CVERecord?id=CVE-2024-8508", "https://www.nlnetlabs.nl/downloads/unbound/CVE-2024-8508.txt" ], "PublishedDate": "2024-10-03T17:15:15.323Z", "LastModifiedDate": "2024-12-17T19:28:03.767Z" }, { "VulnerabilityID": "CVE-2025-11411", "PkgID": "unbound-libs@1.20.0-r0", "PkgName": "unbound-libs", "PkgIdentifier": { "PURL": "pkg:apk/alpine/unbound-libs@1.20.0-r0?arch=x86_64\u0026distro=3.20.3", "UID": "3b561481a45e3738" }, "InstalledVersion": "1.20.0-r0", "FixedVersion": "1.20.0-r2", "Status": "fixed", "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11411", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:017265aeb5be1ca7e0051e04b4e126617b7df4c51fb372903187b73e4879d26f", "Title": "unbound: Unbound domain hijacking via promiscuous records", "Description": "NLnet Labs Unbound up to and including version 1.24.1 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement positive DNS replies in the authority section can be used to trick resolvers to update their delegation information for the zone. Usually these RRSets are used to update the resolver's knowledge of the zone's name servers. A malicious actor can exploit the possible poisonous effect by injecting NS RRSets (and possibly their respective address records) in a reply. This could be done for example by trying to spoof a packet or fragmentation attacks. Unbound would then proceed to update the NS RRSet data it already has since the new data has enough trust for it, i.e., in-zone data for the delegation point. Unbound 1.24.1 includes a fix that scrubs unsolicited NS RRSets (and their respective address records) from replies mitigating the possible poison effect. Unbound 1.24.2 includes an additional fix that scrubs unsolicited NS RRSets (and their respective address records) from YXDOMAIN and non-referral nodata replies, further mitigating the possible poison effect.", "Severity": "MEDIUM", "CweIDs": [ "CWE-349" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "V3Score": 6.1 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/11/26/4", "https://access.redhat.com/security/cve/CVE-2025-11411", "https://lists.debian.org/debian-lts-announce/2025/11/msg00008.html", "https://lists.debian.org/debian-lts-announce/2025/11/msg00032.html", "https://nlnetlabs.nl/news/2025/Nov/26/unbound-1.24.2-released/", "https://nvd.nist.gov/vuln/detail/CVE-2025-11411", "https://ubuntu.com/security/notices/USN-7855-1", "https://ubuntu.com/security/notices/USN-7855-2", "https://www.cve.org/CVERecord?id=CVE-2025-11411", "https://www.nlnetlabs.nl/downloads/unbound/CVE-2025-11411.txt" ], "PublishedDate": "2025-10-22T13:15:29.21Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-31115", "PkgID": "xz-libs@5.6.2-r0", "PkgName": "xz-libs", "PkgIdentifier": { "PURL": "pkg:apk/alpine/xz-libs@5.6.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "e1c0785d9b1550b7" }, "InstalledVersion": "5.6.2-r0", "FixedVersion": "5.6.2-r1", "Status": "fixed", "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-31115", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:f8e0b716ad5eb291eb7fbe7916e31f6e148c45ea2aed8a81301be807a2c74381", "Title": "xz: XZ has a heap-use-after-free bug in threaded .xz decoder", "Description": "XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on the null pointer plus an offset. Applications and libraries that use the lzma_stream_decoder_mt function are affected. The bug has been fixed in XZ Utils 5.8.1, and the fix has been committed to the v5.4, v5.6, v5.8, and master branches in the xz Git repository. No new release packages will be made from the old stable branches, but a standalone patch is available that applies to all affected releases.", "Severity": "HIGH", "CweIDs": [ "CWE-366", "CWE-416", "CWE-476", "CWE-826" ], "VendorSeverity": { "azure": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/03/1", "http://www.openwall.com/lists/oss-security/2025/04/03/2", "http://www.openwall.com/lists/oss-security/2025/04/03/3", "https://access.redhat.com/security/cve/CVE-2025-31115", "https://bugzilla.redhat.com/show_bug.cgi?id=2357249", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31115", "https://errata.rockylinux.org/RLSA-2025:7524", "https://github.com/tukaani-project/xz/commit/d5a2ffe41bb77b918a8c96084885d4dbe4bf6480", "https://github.com/tukaani-project/xz/security/advisories/GHSA-6cc8-p5mm-29w2", "https://linux.oracle.com/cve/CVE-2025-31115.html", "https://linux.oracle.com/errata/ELSA-2025-7524.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-31115", "https://tukaani.org/xz/xz-cve-2025-31115.patch", "https://ubuntu.com/security/notices/USN-7414-1", "https://www.cve.org/CVERecord?id=CVE-2025-31115" ], "PublishedDate": "2025-04-03T17:15:30.54Z", "LastModifiedDate": "2026-05-12T13:16:40.627Z" }, { "VulnerabilityID": "CVE-2026-34743", "PkgID": "xz-libs@5.6.2-r0", "PkgName": "xz-libs", "PkgIdentifier": { "PURL": "pkg:apk/alpine/xz-libs@5.6.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "e1c0785d9b1550b7" }, "InstalledVersion": "5.6.2-r0", "FixedVersion": "5.8.3-r0", "Status": "fixed", "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34743", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:4570b773257acd5519a44989ea96ea2101a4ee89c804ce616cb5dc3915e091c0", "Title": "xz: XZ Utils: Denial of Service via buffer overflow in index decoding", "Description": "XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.", "Severity": "MEDIUM", "CweIDs": [ "CWE-122" ], "VendorSeverity": { "azure": 1, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/31/13", "https://access.redhat.com/security/cve/CVE-2026-34743", "https://github.com/tukaani-project/xz/commit/c8c22869e780ff57c96b46939c3d79ff99395f87", "https://github.com/tukaani-project/xz/releases/tag/v5.8.3", "https://github.com/tukaani-project/xz/security/advisories/GHSA-x872-m794-cxhv", "https://nvd.nist.gov/vuln/detail/CVE-2026-34743", "https://www.cve.org/CVERecord?id=CVE-2026-34743" ], "PublishedDate": "2026-04-02T19:21:33.187Z", "LastModifiedDate": "2026-04-15T17:33:17.68Z" }, { "VulnerabilityID": "CVE-2026-22184", "PkgID": "zlib@1.3.1-r1", "PkgName": "zlib", "PkgIdentifier": { "PURL": "pkg:apk/alpine/zlib@1.3.1-r1?arch=x86_64\u0026distro=3.20.3", "UID": "d805a98dcdd1a894" }, "InstalledVersion": "1.3.1-r1", "FixedVersion": "1.3.2-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22184", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:9d24c6ec2447be94b0317a9e843d58818d4cb3cd10bbf10a9933851fb7ac9e41", "Title": "zlib: zlib: Arbitrary code execution via buffer overflow in untgz utility", "Description": "zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "nvd": 3, "redhat": 3 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "V3Score": 8.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-22184", "https://github.com/madler/zlib", "https://github.com/madler/zlib/issues/1142", "https://nvd.nist.gov/vuln/detail/CVE-2026-22184", "https://seclists.org/fulldisclosure/2026/Jan/3", "https://www.cve.org/CVERecord?id=CVE-2026-22184", "https://www.vulncheck.com/advisories/zlib-untgz-global-buffer-overflow-in-tgzfname", "https://zlib.net/" ], "PublishedDate": "2026-01-07T21:16:01.563Z", "LastModifiedDate": "2026-03-18T16:26:31.14Z" }, { "VulnerabilityID": "CVE-2026-27171", "PkgID": "zlib@1.3.1-r1", "PkgName": "zlib", "PkgIdentifier": { "PURL": "pkg:apk/alpine/zlib@1.3.1-r1?arch=x86_64\u0026distro=3.20.3", "UID": "d805a98dcdd1a894" }, "InstalledVersion": "1.3.1-r1", "FixedVersion": "1.3.2-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27171", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:30eb18a082f4f8ba43eea88a3c709ed9a8e58ebab438c6ce5f962a8690a63e9a", "Title": "zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions", "Description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", "Severity": "MEDIUM", "CweIDs": [ "CWE-1284" ], "VendorSeverity": { "amazon": 1, "azure": 1, "cbl-mariner": 1, "julia": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 2.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit", "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", "https://access.redhat.com/security/cve/CVE-2026-27171", "https://github.com/advisories/GHSA-h858-mf2m-8jf4", "https://github.com/madler/zlib/issues/904", "https://github.com/madler/zlib/releases/tag/v1.3.2", "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", "https://ostif.org/zlib-audit-complete", "https://ostif.org/zlib-audit-complete/", "https://www.cve.org/CVERecord?id=CVE-2026-27171" ], "PublishedDate": "2026-02-18T04:16:01.263Z", "LastModifiedDate": "2026-03-25T21:27:04.603Z" } ] } ] }, { "Namespace": "m3uproxy", "Kind": "Deployment", "Name": "proxy-pt", "Metadata": [ { "Size": 152998912, "OS": { "Family": "ubuntu", "Name": "23.10", "EOSL": true }, "ImageID": "sha256:34b6bbbcf74bffac279dc2c6e42a403fcf0963589870c7cf73e4116762d886b5", "DiffIDs": [ "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c", "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207", "sha256:f590a84ac2286242e45259579f97e2131afc87e915afb97db679f4b7243e3533" ], "RepoTags": [ "ubuntu/squid:6.1-23.10_edge" ], "RepoDigests": [ "ubuntu/squid@sha256:fbc0312a9b7069c28a8505aa9a34fd92dd8f8542f95b5a35ad8225c8032f4ecd" ], "Reference": "ubuntu/squid:6.1-23.10_edge", "ImageConfig": { "architecture": "amd64", "container": "3fe65e8d480682fa921f43f86d769fe645114e099e11516864c8e808c5d3f8b9", "created": "2024-06-10T12:03:05.791205674Z", "docker_version": "24.0.7", "history": [ { "created": "2024-05-30T04:40:48.646512179Z", "created_by": "/bin/sh -c #(nop) ARG RELEASE", "empty_layer": true }, { "created": "2024-05-30T04:40:48.670133508Z", "created_by": "/bin/sh -c #(nop) ARG LAUNCHPAD_BUILD_ARCH", "empty_layer": true }, { "created": "2024-05-30T04:40:48.688533113Z", "created_by": "/bin/sh -c #(nop) LABEL org.opencontainers.image.ref.name=ubuntu", "empty_layer": true }, { "created": "2024-05-30T04:40:48.720654592Z", "created_by": "/bin/sh -c #(nop) LABEL org.opencontainers.image.version=23.10", "empty_layer": true }, { "created": "2024-05-30T04:40:50.619872861Z", "created_by": "/bin/sh -c #(nop) ADD file:432d92758637d8e71c4a18c3b453d3c8130fd1fa31fd3cb9e60ecd32cdd17e07 in / " }, { "created": "2024-05-30T04:40:50.784239043Z", "created_by": "/bin/sh -c #(nop) CMD [\"/bin/bash\"]", "empty_layer": true }, { "created": "2024-06-10T12:02:48.788510088Z", "created_by": "/bin/sh -c #(nop) ENV TZ=UTC", "empty_layer": true }, { "created": "2024-06-10T12:02:48.819660632Z", "created_by": "/bin/sh -c #(nop) LABEL maintainer=Ubuntu Server team \u003cubuntu-server@lists.ubuntu.com\u003e", "empty_layer": true }, { "created": "2024-06-10T12:03:05.353733772Z", "created_by": "|0 /bin/sh -c set -eux; \tapt-get update; \tDEBIAN_FRONTEND=noninteractive apt-get full-upgrade -y; \tDEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \t\tsquid ca-certificates tzdata; \tDEBIAN_FRONTEND=noninteractive apt-get remove --purge --auto-remove -y; \trm -rf /var/lib/apt/lists/*; \tsed -i 's/^#http_access allow localnet$/http_access allow localnet/' /etc/squid/conf.d/debian.conf; \techo \"# Set max_filedescriptors to avoid using system's RLIMIT_NOFILE. See LP: #1978272\" \u003e /etc/squid/conf.d/rock.conf; \techo 'max_filedescriptors 1024' \u003e\u003e /etc/squid/conf.d/rock.conf; \trm -f /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/ssl/private/ssl-cert-snakeoil.key; \t/usr/sbin/squid --version; \tmkdir -p /usr/share/rocks; \t(echo \"# os-release\" \u0026\u0026 cat /etc/os-release \u0026\u0026 echo \"# dpkg-query\" \u0026\u0026 dpkg-query -f '${db:Status-Abbrev},${binary:Package},${Version},${source:Package},${Source:Version}\\n' -W) \u003e /usr/share/rocks/dpkg.query" }, { "created": "2024-06-10T12:03:05.659890596Z", "created_by": "/bin/sh -c #(nop) EXPOSE 3128", "empty_layer": true }, { "created": "2024-06-10T12:03:05.691728028Z", "created_by": "/bin/sh -c #(nop) VOLUME [/var/log/squid /var/spool/squid]", "empty_layer": true }, { "created": "2024-06-10T12:03:05.716512286Z", "created_by": "/bin/sh -c #(nop) COPY file:92a37a48347cc9af6f7e07752e4a63d99e143811e53197c6e1b1c56ab4297227 in /usr/local/bin/entrypoint.sh " }, { "created": "2024-06-10T12:03:05.758304777Z", "created_by": "/bin/sh -c #(nop) ENTRYPOINT [\"entrypoint.sh\"]", "empty_layer": true }, { "created": "2024-06-10T12:03:05.791205674Z", "created_by": "/bin/sh -c #(nop) CMD [\"-f\" \"/etc/squid/squid.conf\" \"-NYC\"]", "empty_layer": true } ], "os": "linux", "rootfs": { "type": "layers", "diff_ids": [ "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c", "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207", "sha256:f590a84ac2286242e45259579f97e2131afc87e915afb97db679f4b7243e3533" ] }, "config": { "Cmd": [ "-f", "/etc/squid/squid.conf", "-NYC" ], "Entrypoint": [ "entrypoint.sh" ], "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "TZ=UTC" ], "Image": "sha256:d7f28d160f4052cce082d6902a12db577c20fec31fe22aab52bd21618e4f5683", "Labels": { "maintainer": "Ubuntu Server team \u003cubuntu-server@lists.ubuntu.com\u003e", "org.opencontainers.image.ref.name": "ubuntu", "org.opencontainers.image.version": "23.10" }, "Volumes": { "/var/log/squid": {}, "/var/spool/squid": {} }, "ExposedPorts": { "3128/tcp": {} } } }, "Layers": [ { "Size": 73580032, "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, { "Size": 79414272, "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" }, { "Size": 4608, "Digest": "sha256:60992b49e2a2450d9912621df4edd1409b2229f17d0435ffeed45834ee4fc585", "DiffID": "sha256:f590a84ac2286242e45259579f97e2131afc87e915afb97db679f4b7243e3533" } ] } ], "Results": [ { "Target": "ubuntu/squid:6.1-23.10_edge (ubuntu 23.10)", "Class": "os-pkgs", "Type": "ubuntu", "Packages": [ { "ID": "adduser@3.137ubuntu1", "Name": "adduser", "Identifier": { "PURL": "pkg:deb/ubuntu/adduser@3.137ubuntu1?arch=all\u0026distro=ubuntu-23.10", "UID": "29afaa61cb48d379" }, "Version": "3.137ubuntu1", "Arch": "all", "SrcName": "adduser", "SrcVersion": "3.137ubuntu1", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "passwd@1:4.13+dfsg1-1ubuntu1.1" ], "Layer": { "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" }, "InstalledFiles": [ "/usr/sbin/adduser", "/usr/sbin/deluser", "/usr/share/doc/adduser/NEWS.Debian.gz", "/usr/share/doc/adduser/README.gz", "/usr/share/doc/adduser/TODO", "/usr/share/doc/adduser/changelog.gz", "/usr/share/doc/adduser/copyright", "/usr/share/doc/adduser/examples/INSTALL", "/usr/share/doc/adduser/examples/README", "/usr/share/doc/adduser/examples/adduser.conf", "/usr/share/doc/adduser/examples/adduser.local", "/usr/share/doc/adduser/examples/adduser.local.conf", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/bash.bashrc", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/profile", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel.other/index.html", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bash_logout", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bash_profile", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bashrc", "/usr/share/doc/adduser/examples/deluser.conf", "/usr/share/man/de/man5/adduser.conf.5.gz", "/usr/share/man/de/man5/deluser.conf.5.gz", "/usr/share/man/fr/man5/adduser.conf.5.gz", "/usr/share/man/fr/man5/deluser.conf.5.gz", "/usr/share/man/man5/adduser.conf.5.gz", "/usr/share/man/man5/deluser.conf.5.gz", "/usr/share/man/man8/adduser.8.gz", "/usr/share/man/man8/adduser.local.8.gz", "/usr/share/man/man8/deluser.8.gz", "/usr/share/man/nl/man5/adduser.conf.5.gz", "/usr/share/man/nl/man5/deluser.conf.5.gz", "/usr/share/man/pt/man5/adduser.conf.5.gz", "/usr/share/man/pt/man5/deluser.conf.5.gz", "/usr/share/perl5/Debian/AdduserCommon.pm", "/usr/share/perl5/Debian/AdduserLogging.pm", "/usr/share/perl5/Debian/AdduserRetvalues.pm" ], "AnalyzedBy": "dpkg" }, { "ID": "apt@2.7.3ubuntu0.1", "Name": "apt", "Identifier": { "PURL": "pkg:deb/ubuntu/apt@2.7.3ubuntu0.1?arch=amd64\u0026distro=ubuntu-23.10", "UID": "cab488ccc228becb" }, "Version": "2.7.3ubuntu0.1", "Arch": "amd64", "SrcName": "apt", "SrcVersion": "2.7.3ubuntu0.1", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "BSD-3-Clause", "MIT" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "adduser@3.137ubuntu1", "base-passwd@3.6.1", "gpgv@2.2.40-1.1ubuntu1", "libapt-pkg6.0@2.7.3ubuntu0.1", "libc6@2.38-1ubuntu6.3", "libgcc-s1@13.2.0-4ubuntu3", "libgnutls30@3.8.1-4ubuntu1.3", "libseccomp2@2.5.4-1ubuntu3", "libstdc++6@13.2.0-4ubuntu3", "libsystemd0@253.5-1ubuntu6.1", "ubuntu-keyring@2021.03.26" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/lib/systemd/system/apt-daily-upgrade.service", "/lib/systemd/system/apt-daily-upgrade.timer", "/lib/systemd/system/apt-daily.service", "/lib/systemd/system/apt-daily.timer", "/usr/bin/apt", "/usr/bin/apt-cache", "/usr/bin/apt-cdrom", "/usr/bin/apt-config", "/usr/bin/apt-get", "/usr/bin/apt-key", "/usr/bin/apt-mark", "/usr/lib/apt/apt-helper", "/usr/lib/apt/apt.systemd.daily", "/usr/lib/apt/methods/cdrom", "/usr/lib/apt/methods/copy", "/usr/lib/apt/methods/file", "/usr/lib/apt/methods/ftp", "/usr/lib/apt/methods/gpgv", "/usr/lib/apt/methods/http", "/usr/lib/apt/methods/mirror", "/usr/lib/apt/methods/rred", "/usr/lib/apt/methods/rsh", "/usr/lib/apt/methods/store", "/usr/lib/apt/solvers/dump", "/usr/lib/dpkg/methods/apt/desc.apt", "/usr/lib/dpkg/methods/apt/install", "/usr/lib/dpkg/methods/apt/names", "/usr/lib/dpkg/methods/apt/setup", "/usr/lib/dpkg/methods/apt/update", "/usr/lib/x86_64-linux-gnu/libapt-private.so.0.0.0", "/usr/share/bash-completion/completions/apt", "/usr/share/bug/apt/script", "/usr/share/doc/apt/README.md.gz", "/usr/share/doc/apt/copyright", "/usr/share/doc/apt/examples/apt.conf", "/usr/share/doc/apt/examples/configure-index", "/usr/share/doc/apt/examples/preferences", "/usr/share/doc/apt/examples/sources.list", "/usr/share/lintian/overrides/apt", "/usr/share/locale/ar/LC_MESSAGES/apt.mo", "/usr/share/locale/ast/LC_MESSAGES/apt.mo", "/usr/share/locale/bg/LC_MESSAGES/apt.mo", "/usr/share/locale/bs/LC_MESSAGES/apt.mo", "/usr/share/locale/ca/LC_MESSAGES/apt.mo", "/usr/share/locale/cs/LC_MESSAGES/apt.mo", "/usr/share/locale/cy/LC_MESSAGES/apt.mo", "/usr/share/locale/da/LC_MESSAGES/apt.mo", "/usr/share/locale/de/LC_MESSAGES/apt.mo", "/usr/share/locale/dz/LC_MESSAGES/apt.mo", "/usr/share/locale/el/LC_MESSAGES/apt.mo", "/usr/share/locale/es/LC_MESSAGES/apt.mo", "/usr/share/locale/eu/LC_MESSAGES/apt.mo", "/usr/share/locale/fi/LC_MESSAGES/apt.mo", "/usr/share/locale/fr/LC_MESSAGES/apt.mo", "/usr/share/locale/gl/LC_MESSAGES/apt.mo", "/usr/share/locale/hu/LC_MESSAGES/apt.mo", "/usr/share/locale/it/LC_MESSAGES/apt.mo", "/usr/share/locale/ja/LC_MESSAGES/apt.mo", "/usr/share/locale/km/LC_MESSAGES/apt.mo", "/usr/share/locale/ko/LC_MESSAGES/apt.mo", "/usr/share/locale/ku/LC_MESSAGES/apt.mo", "/usr/share/locale/lt/LC_MESSAGES/apt.mo", "/usr/share/locale/mr/LC_MESSAGES/apt.mo", "/usr/share/locale/nb/LC_MESSAGES/apt.mo", "/usr/share/locale/ne/LC_MESSAGES/apt.mo", "/usr/share/locale/nl/LC_MESSAGES/apt.mo", "/usr/share/locale/nn/LC_MESSAGES/apt.mo", "/usr/share/locale/pl/LC_MESSAGES/apt.mo", "/usr/share/locale/pt/LC_MESSAGES/apt.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/apt.mo", "/usr/share/locale/ro/LC_MESSAGES/apt.mo", "/usr/share/locale/ru/LC_MESSAGES/apt.mo", "/usr/share/locale/sk/LC_MESSAGES/apt.mo", "/usr/share/locale/sl/LC_MESSAGES/apt.mo", "/usr/share/locale/sv/LC_MESSAGES/apt.mo", "/usr/share/locale/th/LC_MESSAGES/apt.mo", "/usr/share/locale/tl/LC_MESSAGES/apt.mo", "/usr/share/locale/tr/LC_MESSAGES/apt.mo", "/usr/share/locale/uk/LC_MESSAGES/apt.mo", "/usr/share/locale/vi/LC_MESSAGES/apt.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/apt.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/apt.mo", "/usr/share/man/de/man1/apt-transport-http.1.gz", "/usr/share/man/de/man1/apt-transport-https.1.gz", "/usr/share/man/de/man1/apt-transport-mirror.1.gz", "/usr/share/man/de/man5/apt.conf.5.gz", "/usr/share/man/de/man5/apt_auth.conf.5.gz", "/usr/share/man/de/man5/apt_preferences.5.gz", "/usr/share/man/de/man5/sources.list.5.gz", "/usr/share/man/de/man7/apt-patterns.7.gz", "/usr/share/man/de/man8/apt-cache.8.gz", "/usr/share/man/de/man8/apt-cdrom.8.gz", "/usr/share/man/de/man8/apt-config.8.gz", "/usr/share/man/de/man8/apt-get.8.gz", "/usr/share/man/de/man8/apt-mark.8.gz", "/usr/share/man/de/man8/apt-secure.8.gz", "/usr/share/man/de/man8/apt.8.gz", "/usr/share/man/es/man5/apt_preferences.5.gz", "/usr/share/man/es/man8/apt-cache.8.gz", "/usr/share/man/es/man8/apt-cdrom.8.gz", "/usr/share/man/es/man8/apt-config.8.gz", "/usr/share/man/fr/man1/apt-transport-http.1.gz", "/usr/share/man/fr/man1/apt-transport-https.1.gz", "/usr/share/man/fr/man1/apt-transport-mirror.1.gz", "/usr/share/man/fr/man5/apt.conf.5.gz", "/usr/share/man/fr/man5/apt_auth.conf.5.gz", "/usr/share/man/fr/man5/apt_preferences.5.gz", "/usr/share/man/fr/man5/sources.list.5.gz", "/usr/share/man/fr/man8/apt-cache.8.gz", "/usr/share/man/fr/man8/apt-cdrom.8.gz", "/usr/share/man/fr/man8/apt-config.8.gz", "/usr/share/man/fr/man8/apt-get.8.gz", "/usr/share/man/fr/man8/apt-mark.8.gz", "/usr/share/man/fr/man8/apt-secure.8.gz", "/usr/share/man/fr/man8/apt.8.gz", "/usr/share/man/it/man5/apt.conf.5.gz", "/usr/share/man/it/man5/apt_preferences.5.gz", "/usr/share/man/it/man8/apt-cache.8.gz", "/usr/share/man/it/man8/apt-cdrom.8.gz", "/usr/share/man/it/man8/apt-config.8.gz", "/usr/share/man/it/man8/apt-mark.8.gz", "/usr/share/man/it/man8/apt-secure.8.gz", "/usr/share/man/it/man8/apt.8.gz", "/usr/share/man/ja/man5/apt.conf.5.gz", "/usr/share/man/ja/man5/apt_preferences.5.gz", "/usr/share/man/ja/man8/apt-cache.8.gz", "/usr/share/man/ja/man8/apt-cdrom.8.gz", "/usr/share/man/ja/man8/apt-config.8.gz", "/usr/share/man/ja/man8/apt-mark.8.gz", "/usr/share/man/ja/man8/apt-secure.8.gz", "/usr/share/man/ja/man8/apt.8.gz", "/usr/share/man/man1/apt-transport-http.1.gz", "/usr/share/man/man1/apt-transport-https.1.gz", "/usr/share/man/man1/apt-transport-mirror.1.gz", "/usr/share/man/man5/apt.conf.5.gz", "/usr/share/man/man5/apt_auth.conf.5.gz", "/usr/share/man/man5/apt_preferences.5.gz", "/usr/share/man/man5/sources.list.5.gz", "/usr/share/man/man7/apt-patterns.7.gz", "/usr/share/man/man8/apt-cache.8.gz", "/usr/share/man/man8/apt-cdrom.8.gz", "/usr/share/man/man8/apt-config.8.gz", "/usr/share/man/man8/apt-get.8.gz", "/usr/share/man/man8/apt-key.8.gz", "/usr/share/man/man8/apt-mark.8.gz", "/usr/share/man/man8/apt-secure.8.gz", "/usr/share/man/man8/apt.8.gz", "/usr/share/man/nl/man1/apt-transport-http.1.gz", "/usr/share/man/nl/man1/apt-transport-https.1.gz", "/usr/share/man/nl/man1/apt-transport-mirror.1.gz", "/usr/share/man/nl/man5/apt.conf.5.gz", "/usr/share/man/nl/man5/apt_auth.conf.5.gz", "/usr/share/man/nl/man5/apt_preferences.5.gz", "/usr/share/man/nl/man5/sources.list.5.gz", "/usr/share/man/nl/man7/apt-patterns.7.gz", "/usr/share/man/nl/man8/apt-cache.8.gz", "/usr/share/man/nl/man8/apt-cdrom.8.gz", "/usr/share/man/nl/man8/apt-config.8.gz", "/usr/share/man/nl/man8/apt-get.8.gz", "/usr/share/man/nl/man8/apt-key.8.gz", "/usr/share/man/nl/man8/apt-mark.8.gz", "/usr/share/man/nl/man8/apt-secure.8.gz", "/usr/share/man/nl/man8/apt.8.gz", "/usr/share/man/pl/man5/apt_preferences.5.gz", "/usr/share/man/pl/man8/apt-cache.8.gz", "/usr/share/man/pl/man8/apt-cdrom.8.gz", "/usr/share/man/pl/man8/apt-config.8.gz", "/usr/share/man/pt/man1/apt-transport-http.1.gz", "/usr/share/man/pt/man1/apt-transport-https.1.gz", "/usr/share/man/pt/man1/apt-transport-mirror.1.gz", "/usr/share/man/pt/man5/apt.conf.5.gz", "/usr/share/man/pt/man5/apt_auth.conf.5.gz", "/usr/share/man/pt/man5/apt_preferences.5.gz", "/usr/share/man/pt/man5/sources.list.5.gz", "/usr/share/man/pt/man7/apt-patterns.7.gz", "/usr/share/man/pt/man8/apt-cache.8.gz", "/usr/share/man/pt/man8/apt-cdrom.8.gz", "/usr/share/man/pt/man8/apt-config.8.gz", "/usr/share/man/pt/man8/apt-get.8.gz", "/usr/share/man/pt/man8/apt-key.8.gz", "/usr/share/man/pt/man8/apt-mark.8.gz", "/usr/share/man/pt/man8/apt-secure.8.gz", "/usr/share/man/pt/man8/apt.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "base-files@13ubuntu2.1", "Name": "base-files", "Identifier": { "PURL": "pkg:deb/ubuntu/base-files@13ubuntu2.1?arch=amd64\u0026distro=ubuntu-23.10", "UID": "a27d50c900a6d75a" }, "Version": "13ubuntu2.1", "Arch": "amd64", "SrcName": "base-files", "SrcVersion": "13ubuntu2.1", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3", "libcrypt1@1:4.4.36-2" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/lib/systemd/system/motd-news.service", "/lib/systemd/system/motd-news.timer", "/usr/bin/locale-check", "/usr/lib/os-release", "/usr/share/base-files/dot.bashrc", "/usr/share/base-files/dot.profile", "/usr/share/base-files/dot.profile.md5sums", "/usr/share/base-files/info.dir", "/usr/share/base-files/motd", "/usr/share/base-files/networks", "/usr/share/base-files/profile", "/usr/share/base-files/profile.md5sums", "/usr/share/base-files/staff-group-for-usr-local", "/usr/share/common-licenses/Apache-2.0", "/usr/share/common-licenses/Artistic", "/usr/share/common-licenses/BSD", "/usr/share/common-licenses/CC0-1.0", "/usr/share/common-licenses/GFDL-1.2", "/usr/share/common-licenses/GFDL-1.3", "/usr/share/common-licenses/GPL-1", "/usr/share/common-licenses/GPL-2", "/usr/share/common-licenses/GPL-3", "/usr/share/common-licenses/LGPL-2", "/usr/share/common-licenses/LGPL-2.1", "/usr/share/common-licenses/LGPL-3", "/usr/share/common-licenses/MPL-1.1", "/usr/share/common-licenses/MPL-2.0", "/usr/share/doc/base-files/README", "/usr/share/doc/base-files/README.FHS", "/usr/share/doc/base-files/changelog.gz", "/usr/share/doc/base-files/copyright", "/usr/share/dot.bashrc", "/usr/share/dot.profile", "/usr/share/dot.profile.md5sums", "/usr/share/info.dir", "/usr/share/lintian/overrides/base-files", "/usr/share/motd", "/usr/share/networks", "/usr/share/pixmaps/ubuntu-logo-text-dark.png", "/usr/share/pixmaps/ubuntu-logo-text.png", "/usr/share/pixmaps/ubuntu-logo.svg", "/usr/share/profile", "/usr/share/profile.md5sums", "/usr/share/staff-group-for-usr-local" ], "AnalyzedBy": "dpkg" }, { "ID": "base-passwd@3.6.1", "Name": "base-passwd", "Identifier": { "PURL": "pkg:deb/ubuntu/base-passwd@3.6.1?arch=amd64\u0026distro=ubuntu-23.10", "UID": "42c01a2817d0f948" }, "Version": "3.6.1", "Arch": "amd64", "SrcName": "base-passwd", "SrcVersion": "3.6.1", "Licenses": [ "GPL-2.0-only", "public-domain" ], "Maintainer": "Colin Watson \u003ccjwatson@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3", "libdebconfclient0@0.270ubuntu1", "libselinux1@3.5-1" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/usr/sbin/update-passwd", "/usr/share/base-passwd/group.master", "/usr/share/base-passwd/passwd.master", "/usr/share/doc-base/base-passwd.users-and-groups", "/usr/share/doc/base-passwd/README", "/usr/share/doc/base-passwd/changelog.gz", "/usr/share/doc/base-passwd/copyright", "/usr/share/doc/base-passwd/users-and-groups.html", "/usr/share/doc/base-passwd/users-and-groups.txt.gz", "/usr/share/lintian/overrides/base-passwd", "/usr/share/man/de/man8/update-passwd.8.gz", "/usr/share/man/es/man8/update-passwd.8.gz", "/usr/share/man/fr/man8/update-passwd.8.gz", "/usr/share/man/ja/man8/update-passwd.8.gz", "/usr/share/man/man8/update-passwd.8.gz", "/usr/share/man/pl/man8/update-passwd.8.gz", "/usr/share/man/ru/man8/update-passwd.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "bash@5.2.15-2ubuntu1", "Name": "bash", "Identifier": { "PURL": "pkg:deb/ubuntu/bash@5.2.15-2ubuntu1?arch=amd64\u0026distro=ubuntu-23.10", "UID": "a08a526b702ead60" }, "Version": "5.2.15", "Release": "2ubuntu1", "Arch": "amd64", "SrcName": "bash", "SrcVersion": "5.2.15", "SrcRelease": "2ubuntu1", "Licenses": [ "GPL-3.0-or-later", "GPL-3.0-only", "GPL-3+ with Bison exception", "GPL-2.0-or-later", "GPL-2.0-only", "GFDL-1.3-no-invariants-only", "GFDL-1.3-only", "Latex2e", "BSD-4-Clause-UC", "MIT", "permissive" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "base-files@13ubuntu2.1", "debianutils@5.8-1" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/bin/bash", "/usr/bin/bashbug", "/usr/bin/clear_console", "/usr/share/debianutils/shells.d/bash", "/usr/share/doc/bash/COMPAT.gz", "/usr/share/doc/bash/INTRO.gz", "/usr/share/doc/bash/NEWS.gz", "/usr/share/doc/bash/POSIX.gz", "/usr/share/doc/bash/RBASH", "/usr/share/doc/bash/README.Debian.gz", "/usr/share/doc/bash/README.abs-guide", "/usr/share/doc/bash/README.commands.gz", "/usr/share/doc/bash/README.gz", "/usr/share/doc/bash/changelog.Debian.gz", "/usr/share/doc/bash/copyright", "/usr/share/doc/bash/inputrc.arrows", "/usr/share/lintian/overrides/bash", "/usr/share/man/man1/bash.1.gz", "/usr/share/man/man1/bashbug.1.gz", "/usr/share/man/man1/clear_console.1.gz", "/usr/share/man/man1/rbash.1.gz", "/usr/share/man/man7/bash-builtins.7.gz", "/usr/share/menu/bash" ], "AnalyzedBy": "dpkg" }, { "ID": "bsdutils@1:2.39.1-4ubuntu2.2", "Name": "bsdutils", "Identifier": { "PURL": "pkg:deb/ubuntu/bsdutils@2.39.1-4ubuntu2.2?arch=amd64\u0026distro=ubuntu-23.10\u0026epoch=1", "UID": "cf5c850ec400000c" }, "Version": "2.39.1", "Release": "4ubuntu2.2", "Epoch": 1, "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.39.1", "SrcRelease": "4ubuntu2.2", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "public-domain", "BSD-4-Clause", "MIT", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "LGPL-2.1-or-later", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/usr/bin/logger", "/usr/bin/renice", "/usr/bin/script", "/usr/bin/scriptlive", "/usr/bin/scriptreplay", "/usr/bin/wall", "/usr/share/bash-completion/completions/logger", "/usr/share/bash-completion/completions/renice", "/usr/share/bash-completion/completions/script", "/usr/share/bash-completion/completions/scriptlive", "/usr/share/bash-completion/completions/scriptreplay", "/usr/share/bash-completion/completions/wall", "/usr/share/doc/bsdutils/changelog.Debian.gz", "/usr/share/doc/bsdutils/copyright", "/usr/share/lintian/overrides/bsdutils", "/usr/share/man/man1/logger.1.gz", "/usr/share/man/man1/renice.1.gz", "/usr/share/man/man1/script.1.gz", "/usr/share/man/man1/scriptlive.1.gz", "/usr/share/man/man1/scriptreplay.1.gz", "/usr/share/man/man1/wall.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "ca-certificates@20230311ubuntu1", "Name": "ca-certificates", "Identifier": { "PURL": "pkg:deb/ubuntu/ca-certificates@20230311ubuntu1?arch=all\u0026distro=ubuntu-23.10", "UID": "82c1d4b51764260a" }, "Version": "20230311ubuntu1", "Arch": "all", "SrcName": "ca-certificates", "SrcVersion": "20230311ubuntu1", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "MPL-2.0" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debconf@1.5.82", "openssl@3.0.10-1ubuntu2.3" ], "Layer": { "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" }, "InstalledFiles": [ "/usr/sbin/update-ca-certificates", "/usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt", "/usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt", "/usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt", "/usr/share/ca-certificates/mozilla/ANF_Secure_Server_Root_CA.crt", "/usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt", "/usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt", "/usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt", "/usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt", "/usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt", "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt", "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt", "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt", "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt", "/usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt", "/usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt", "/usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068_2.crt", "/usr/share/ca-certificates/mozilla/Baltimore_CyberTrust_Root.crt", "/usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt", "/usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt", "/usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt", "/usr/share/ca-certificates/mozilla/CFCA_EV_ROOT.crt", "/usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/Certainly_Root_E1.crt", "/usr/share/ca-certificates/mozilla/Certainly_Root_R1.crt", "/usr/share/ca-certificates/mozilla/Certigna.crt", "/usr/share/ca-certificates/mozilla/Certigna_Root_CA.crt", "/usr/share/ca-certificates/mozilla/Certum_EC-384_CA.crt", "/usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt", "/usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt", "/usr/share/ca-certificates/mozilla/Certum_Trusted_Root_CA.crt", "/usr/share/ca-certificates/mozilla/Comodo_AAA_Services_root.crt", "/usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_1_2020.crt", "/usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_1_2020.crt", "/usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt", "/usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt", "/usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt", "/usr/share/ca-certificates/mozilla/DigiCert_TLS_ECC_P384_Root_G5.crt", "/usr/share/ca-certificates/mozilla/DigiCert_TLS_RSA4096_Root_G5.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt", "/usr/share/ca-certificates/mozilla/E-Tugra_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/E-Tugra_Global_Root_CA_ECC_v3.crt", "/usr/share/ca-certificates/mozilla/E-Tugra_Global_Root_CA_RSA_v3.crt", "/usr/share/ca-certificates/mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt", "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt", "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt", "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G4.crt", "/usr/share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt", "/usr/share/ca-certificates/mozilla/GLOBALTRUST_2020.crt", "/usr/share/ca-certificates/mozilla/GTS_Root_R1.crt", "/usr/share/ca-certificates/mozilla/GTS_Root_R2.crt", "/usr/share/ca-certificates/mozilla/GTS_Root_R3.crt", "/usr/share/ca-certificates/mozilla/GTS_Root_R4.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_Root_E46.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_Root_R46.crt", "/usr/share/ca-certificates/mozilla/Go_Daddy_Class_2_CA.crt", "/usr/share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt", "/usr/share/ca-certificates/mozilla/HARICA_TLS_ECC_Root_CA_2021.crt", "/usr/share/ca-certificates/mozilla/HARICA_TLS_RSA_Root_CA_2021.crt", "/usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt", "/usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt", "/usr/share/ca-certificates/mozilla/HiPKI_Root_CA_-_G1.crt", "/usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_1.crt", "/usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt", "/usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt", "/usr/share/ca-certificates/mozilla/ISRG_Root_X2.crt", "/usr/share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt", "/usr/share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt", "/usr/share/ca-certificates/mozilla/Izenpe.com.crt", "/usr/share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt", "/usr/share/ca-certificates/mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt", "/usr/share/ca-certificates/mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt", "/usr/share/ca-certificates/mozilla/NAVER_Global_Root_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt", "/usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt", "/usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt", "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt", "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt", "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt", "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt", "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt", "/usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt", "/usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt", "/usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt", "/usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt", "/usr/share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt", "/usr/share/ca-certificates/mozilla/SecureSign_RootCA11.crt", "/usr/share/ca-certificates/mozilla/SecureTrust_CA.crt", "/usr/share/ca-certificates/mozilla/Secure_Global_CA.crt", "/usr/share/ca-certificates/mozilla/Security_Communication_ECC_RootCA1.crt", "/usr/share/ca-certificates/mozilla/Security_Communication_RootCA2.crt", "/usr/share/ca-certificates/mozilla/Security_Communication_RootCA3.crt", "/usr/share/ca-certificates/mozilla/Security_Communication_Root_CA.crt", "/usr/share/ca-certificates/mozilla/Starfield_Class_2_CA.crt", "/usr/share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt", "/usr/share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt", "/usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt", "/usr/share/ca-certificates/mozilla/SwissSign_Silver_CA_-_G2.crt", "/usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt", "/usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt", "/usr/share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt", "/usr/share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt", "/usr/share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt", "/usr/share/ca-certificates/mozilla/Telia_Root_CA_v2.crt", "/usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/TunTrust_Root_CA.crt", "/usr/share/ca-certificates/mozilla/UCA_Extended_Validation_Root.crt", "/usr/share/ca-certificates/mozilla/UCA_Global_G2_Root.crt", "/usr/share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/XRamp_Global_CA_Root.crt", "/usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt", "/usr/share/ca-certificates/mozilla/certSIGN_Root_CA_G2.crt", "/usr/share/ca-certificates/mozilla/e-Szigno_Root_CA_2017.crt", "/usr/share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_C3.crt", "/usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_G3.crt", "/usr/share/ca-certificates/mozilla/emSign_Root_CA_-_C1.crt", "/usr/share/ca-certificates/mozilla/emSign_Root_CA_-_G1.crt", "/usr/share/ca-certificates/mozilla/vTrus_ECC_Root_CA.crt", "/usr/share/ca-certificates/mozilla/vTrus_Root_CA.crt", "/usr/share/doc/ca-certificates/README.Debian", "/usr/share/doc/ca-certificates/changelog.gz", "/usr/share/doc/ca-certificates/copyright", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/Makefile", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/README", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/ca-certificates-local.triggers", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/changelog", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/compat", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/control", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/copyright", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/postrm", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/rules", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/source/format", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/local/Local_Root_CA.crt", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/local/Makefile", "/usr/share/man/man8/update-ca-certificates.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "coreutils@9.1-1ubuntu2.23.10.1", "Name": "coreutils", "Identifier": { "PURL": "pkg:deb/ubuntu/coreutils@9.1-1ubuntu2.23.10.1?arch=amd64\u0026distro=ubuntu-23.10", "UID": "b60503b506a79722" }, "Version": "9.1", "Release": "1ubuntu2.23.10.1", "Arch": "amd64", "SrcName": "coreutils", "SrcVersion": "9.1", "SrcRelease": "1ubuntu2.23.10.1", "Licenses": [ "GPL-3.0-or-later", "BSD-4-Clause-UC", "GPL-3.0-only", "ISC", "FSFULLR", "GFDL-1.3-no-invariants-only", "GFDL-1.3-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/bin/cat", "/bin/chgrp", "/bin/chmod", "/bin/chown", "/bin/cp", "/bin/date", "/bin/dd", "/bin/df", "/bin/dir", "/bin/echo", "/bin/false", "/bin/ln", "/bin/ls", "/bin/mkdir", "/bin/mknod", "/bin/mktemp", "/bin/mv", "/bin/pwd", "/bin/readlink", "/bin/rm", "/bin/rmdir", "/bin/sleep", "/bin/stty", "/bin/sync", "/bin/touch", "/bin/true", "/bin/uname", "/bin/vdir", "/usr/bin/[", "/usr/bin/arch", "/usr/bin/b2sum", "/usr/bin/base32", "/usr/bin/base64", "/usr/bin/basename", "/usr/bin/basenc", "/usr/bin/chcon", "/usr/bin/cksum", "/usr/bin/comm", "/usr/bin/csplit", "/usr/bin/cut", "/usr/bin/dircolors", "/usr/bin/dirname", "/usr/bin/du", "/usr/bin/env", "/usr/bin/expand", "/usr/bin/expr", "/usr/bin/factor", "/usr/bin/fmt", "/usr/bin/fold", "/usr/bin/groups", "/usr/bin/head", "/usr/bin/hostid", "/usr/bin/id", "/usr/bin/install", "/usr/bin/join", "/usr/bin/link", "/usr/bin/logname", "/usr/bin/md5sum", "/usr/bin/mkfifo", "/usr/bin/nice", "/usr/bin/nl", "/usr/bin/nohup", "/usr/bin/nproc", "/usr/bin/numfmt", "/usr/bin/od", "/usr/bin/paste", "/usr/bin/pathchk", "/usr/bin/pinky", "/usr/bin/pr", "/usr/bin/printenv", "/usr/bin/printf", "/usr/bin/ptx", "/usr/bin/realpath", "/usr/bin/runcon", "/usr/bin/seq", "/usr/bin/sha1sum", "/usr/bin/sha224sum", "/usr/bin/sha256sum", "/usr/bin/sha384sum", "/usr/bin/sha512sum", "/usr/bin/shred", "/usr/bin/shuf", "/usr/bin/sort", "/usr/bin/split", "/usr/bin/stat", "/usr/bin/stdbuf", "/usr/bin/sum", "/usr/bin/tac", "/usr/bin/tail", "/usr/bin/tee", "/usr/bin/test", "/usr/bin/timeout", "/usr/bin/tr", "/usr/bin/truncate", "/usr/bin/tsort", "/usr/bin/tty", "/usr/bin/unexpand", "/usr/bin/uniq", "/usr/bin/unlink", "/usr/bin/users", "/usr/bin/wc", "/usr/bin/who", "/usr/bin/whoami", "/usr/bin/yes", "/usr/libexec/coreutils/libstdbuf.so", "/usr/sbin/chroot", "/usr/share/doc/coreutils/AUTHORS", "/usr/share/doc/coreutils/NEWS.Debian.gz", "/usr/share/doc/coreutils/NEWS.gz", "/usr/share/doc/coreutils/README.Debian", "/usr/share/doc/coreutils/README.gz", "/usr/share/doc/coreutils/THANKS.gz", "/usr/share/doc/coreutils/TODO.gz", "/usr/share/doc/coreutils/changelog.Debian.gz", "/usr/share/doc/coreutils/copyright", "/usr/share/info/coreutils.info.gz", "/usr/share/man/man1/arch.1.gz", "/usr/share/man/man1/b2sum.1.gz", "/usr/share/man/man1/base32.1.gz", "/usr/share/man/man1/base64.1.gz", "/usr/share/man/man1/basename.1.gz", "/usr/share/man/man1/basenc.1.gz", "/usr/share/man/man1/cat.1.gz", "/usr/share/man/man1/chcon.1.gz", "/usr/share/man/man1/chgrp.1.gz", "/usr/share/man/man1/chmod.1.gz", "/usr/share/man/man1/chown.1.gz", "/usr/share/man/man1/cksum.1.gz", "/usr/share/man/man1/comm.1.gz", "/usr/share/man/man1/cp.1.gz", "/usr/share/man/man1/csplit.1.gz", "/usr/share/man/man1/cut.1.gz", "/usr/share/man/man1/date.1.gz", "/usr/share/man/man1/dd.1.gz", "/usr/share/man/man1/df.1.gz", "/usr/share/man/man1/dir.1.gz", "/usr/share/man/man1/dircolors.1.gz", "/usr/share/man/man1/dirname.1.gz", "/usr/share/man/man1/du.1.gz", "/usr/share/man/man1/echo.1.gz", "/usr/share/man/man1/env.1.gz", "/usr/share/man/man1/expand.1.gz", "/usr/share/man/man1/expr.1.gz", "/usr/share/man/man1/factor.1.gz", "/usr/share/man/man1/false.1.gz", "/usr/share/man/man1/fmt.1.gz", "/usr/share/man/man1/fold.1.gz", "/usr/share/man/man1/groups.1.gz", "/usr/share/man/man1/head.1.gz", "/usr/share/man/man1/hostid.1.gz", "/usr/share/man/man1/id.1.gz", "/usr/share/man/man1/install.1.gz", "/usr/share/man/man1/join.1.gz", "/usr/share/man/man1/link.1.gz", "/usr/share/man/man1/ln.1.gz", "/usr/share/man/man1/logname.1.gz", "/usr/share/man/man1/ls.1.gz", "/usr/share/man/man1/md5sum.1.gz", "/usr/share/man/man1/mkdir.1.gz", "/usr/share/man/man1/mkfifo.1.gz", "/usr/share/man/man1/mknod.1.gz", "/usr/share/man/man1/mktemp.1.gz", "/usr/share/man/man1/mv.1.gz", "/usr/share/man/man1/nice.1.gz", "/usr/share/man/man1/nl.1.gz", "/usr/share/man/man1/nohup.1.gz", "/usr/share/man/man1/nproc.1.gz", "/usr/share/man/man1/numfmt.1.gz", "/usr/share/man/man1/od.1.gz", "/usr/share/man/man1/paste.1.gz", "/usr/share/man/man1/pathchk.1.gz", "/usr/share/man/man1/pinky.1.gz", "/usr/share/man/man1/pr.1.gz", "/usr/share/man/man1/printenv.1.gz", "/usr/share/man/man1/printf.1.gz", "/usr/share/man/man1/ptx.1.gz", "/usr/share/man/man1/pwd.1.gz", "/usr/share/man/man1/readlink.1.gz", "/usr/share/man/man1/realpath.1.gz", "/usr/share/man/man1/rm.1.gz", "/usr/share/man/man1/rmdir.1.gz", "/usr/share/man/man1/runcon.1.gz", "/usr/share/man/man1/seq.1.gz", "/usr/share/man/man1/sha1sum.1.gz", "/usr/share/man/man1/sha224sum.1.gz", "/usr/share/man/man1/sha256sum.1.gz", "/usr/share/man/man1/sha384sum.1.gz", "/usr/share/man/man1/sha512sum.1.gz", "/usr/share/man/man1/shred.1.gz", "/usr/share/man/man1/shuf.1.gz", "/usr/share/man/man1/sleep.1.gz", "/usr/share/man/man1/sort.1.gz", "/usr/share/man/man1/split.1.gz", "/usr/share/man/man1/stat.1.gz", "/usr/share/man/man1/stdbuf.1.gz", "/usr/share/man/man1/stty.1.gz", "/usr/share/man/man1/sum.1.gz", "/usr/share/man/man1/sync.1.gz", "/usr/share/man/man1/tac.1.gz", "/usr/share/man/man1/tail.1.gz", "/usr/share/man/man1/tee.1.gz", "/usr/share/man/man1/test.1.gz", "/usr/share/man/man1/timeout.1.gz", "/usr/share/man/man1/touch.1.gz", "/usr/share/man/man1/tr.1.gz", "/usr/share/man/man1/true.1.gz", "/usr/share/man/man1/truncate.1.gz", "/usr/share/man/man1/tsort.1.gz", "/usr/share/man/man1/tty.1.gz", "/usr/share/man/man1/uname.1.gz", "/usr/share/man/man1/unexpand.1.gz", "/usr/share/man/man1/uniq.1.gz", "/usr/share/man/man1/unlink.1.gz", "/usr/share/man/man1/users.1.gz", "/usr/share/man/man1/vdir.1.gz", "/usr/share/man/man1/wc.1.gz", "/usr/share/man/man1/who.1.gz", "/usr/share/man/man1/whoami.1.gz", "/usr/share/man/man1/yes.1.gz", "/usr/share/man/man8/chroot.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "cron@3.0pl1-163ubuntu1", "Name": "cron", "Identifier": { "PURL": "pkg:deb/ubuntu/cron@3.0pl1-163ubuntu1?arch=amd64\u0026distro=ubuntu-23.10", "UID": "a8b149a5e4ffe681" }, "Version": "3.0pl1", "Release": "163ubuntu1", "Arch": "amd64", "SrcName": "cron", "SrcVersion": "3.0pl1", "SrcRelease": "163ubuntu1", "Licenses": [ "Paul-Vixie's-license", "GPL-2.0-or-later", "ISC", "Artistic-2.0", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3", "libpam-runtime@1.5.2-6ubuntu1.1", "libpam0g@1.5.2-6ubuntu1.1", "libselinux1@3.5-1", "sensible-utils@0.0.20" ], "Layer": { "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" }, "InstalledFiles": [ "/lib/systemd/system/cron.service", "/usr/bin/crontab", "/usr/sbin/cron", "/usr/share/bug/cron/control", "/usr/share/bug/cron/script", "/usr/share/doc/cron/FEATURES", "/usr/share/doc/cron/NEWS.Debian.gz", "/usr/share/doc/cron/README", "/usr/share/doc/cron/README.Debian", "/usr/share/doc/cron/README.anacron", "/usr/share/doc/cron/THANKS", "/usr/share/doc/cron/TODO.Debian", "/usr/share/doc/cron/changelog.Debian.gz", "/usr/share/doc/cron/copyright", "/usr/share/doc/cron/examples/cron-stats.pl", "/usr/share/doc/cron/examples/cron-tasks-review.sh", "/usr/share/doc/cron/examples/crontab2english.pl", "/usr/share/man/man1/crontab.1.gz", "/usr/share/man/man5/crontab.5.gz", "/usr/share/man/man8/cron.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "cron-daemon-common@3.0pl1-163ubuntu1", "Name": "cron-daemon-common", "Identifier": { "PURL": "pkg:deb/ubuntu/cron-daemon-common@3.0pl1-163ubuntu1?arch=all\u0026distro=ubuntu-23.10", "UID": "6873c68c7fdce523" }, "Version": "3.0pl1", "Release": "163ubuntu1", "Arch": "all", "SrcName": "cron", "SrcVersion": "3.0pl1", "SrcRelease": "163ubuntu1", "Licenses": [ "Paul-Vixie's-license", "GPL-2.0-or-later", "ISC", "Artistic-2.0", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "adduser@3.137ubuntu1" ], "Layer": { "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" }, "InstalledFiles": [ "/usr/share/doc/cron-daemon-common/changelog.Debian.gz", "/usr/share/doc/cron-daemon-common/copyright", "/usr/share/lintian/overrides/cron-daemon-common" ], "AnalyzedBy": "dpkg" }, { "ID": "dash@0.5.12-6ubuntu1", "Name": "dash", "Identifier": { "PURL": "pkg:deb/ubuntu/dash@0.5.12-6ubuntu1?arch=amd64\u0026distro=ubuntu-23.10", "UID": "9af40653eb1f4fbc" }, "Version": "0.5.12", "Release": "6ubuntu1", "Arch": "amd64", "SrcName": "dash", "SrcVersion": "0.5.12", "SrcRelease": "6ubuntu1", "Licenses": [ "BSD-3-Clause", "public-domain", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debianutils@5.8-1", "dpkg@1.22.0ubuntu1.1" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/bin/dash", "/usr/share/debianutils/shells.d/dash", "/usr/share/doc/dash/NEWS.Debian.gz", "/usr/share/doc/dash/README.Debian.diet", "/usr/share/doc/dash/README.source", "/usr/share/doc/dash/changelog.Debian.gz", "/usr/share/doc/dash/copyright", "/usr/share/lintian/overrides/dash", "/usr/share/man/man1/dash.1.gz", "/usr/share/menu/dash" ], "AnalyzedBy": "dpkg" }, { "ID": "debconf@1.5.82", "Name": "debconf", "Identifier": { "PURL": "pkg:deb/ubuntu/debconf@1.5.82?arch=all\u0026distro=ubuntu-23.10", "UID": "7c128688623e452f" }, "Version": "1.5.82", "Arch": "all", "SrcName": "debconf", "SrcVersion": "1.5.82", "Licenses": [ "BSD-2-Clause" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/usr/bin/debconf", "/usr/bin/debconf-apt-progress", "/usr/bin/debconf-communicate", "/usr/bin/debconf-copydb", "/usr/bin/debconf-escape", "/usr/bin/debconf-set-selections", "/usr/bin/debconf-show", "/usr/sbin/dpkg-preconfigure", "/usr/sbin/dpkg-reconfigure", "/usr/share/bash-completion/completions/debconf", "/usr/share/debconf/confmodule", "/usr/share/debconf/confmodule.sh", "/usr/share/debconf/debconf.conf", "/usr/share/debconf/fix_db.pl", "/usr/share/debconf/frontend", "/usr/share/doc/debconf/NEWS.Debian.gz", "/usr/share/doc/debconf/README.Debian", "/usr/share/doc/debconf/changelog.gz", "/usr/share/doc/debconf/copyright", "/usr/share/lintian/overrides/debconf", "/usr/share/man/man1/debconf-apt-progress.1.gz", "/usr/share/man/man1/debconf-communicate.1.gz", "/usr/share/man/man1/debconf-copydb.1.gz", "/usr/share/man/man1/debconf-escape.1.gz", "/usr/share/man/man1/debconf-set-selections.1.gz", "/usr/share/man/man1/debconf-show.1.gz", "/usr/share/man/man1/debconf.1.gz", "/usr/share/man/man8/dpkg-preconfigure.8.gz", "/usr/share/man/man8/dpkg-reconfigure.8.gz", "/usr/share/perl5/Debconf/AutoSelect.pm", "/usr/share/perl5/Debconf/Base.pm", "/usr/share/perl5/Debconf/Client/ConfModule.pm", "/usr/share/perl5/Debconf/ConfModule.pm", "/usr/share/perl5/Debconf/Config.pm", "/usr/share/perl5/Debconf/Db.pm", "/usr/share/perl5/Debconf/DbDriver.pm", "/usr/share/perl5/Debconf/DbDriver/Backup.pm", "/usr/share/perl5/Debconf/DbDriver/Cache.pm", "/usr/share/perl5/Debconf/DbDriver/Copy.pm", "/usr/share/perl5/Debconf/DbDriver/Debug.pm", "/usr/share/perl5/Debconf/DbDriver/DirTree.pm", "/usr/share/perl5/Debconf/DbDriver/Directory.pm", "/usr/share/perl5/Debconf/DbDriver/File.pm", "/usr/share/perl5/Debconf/DbDriver/LDAP.pm", "/usr/share/perl5/Debconf/DbDriver/PackageDir.pm", "/usr/share/perl5/Debconf/DbDriver/Pipe.pm", "/usr/share/perl5/Debconf/DbDriver/Stack.pm", "/usr/share/perl5/Debconf/Element.pm", "/usr/share/perl5/Debconf/Element/Dialog/Boolean.pm", "/usr/share/perl5/Debconf/Element/Dialog/Error.pm", "/usr/share/perl5/Debconf/Element/Dialog/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Dialog/Note.pm", "/usr/share/perl5/Debconf/Element/Dialog/Password.pm", "/usr/share/perl5/Debconf/Element/Dialog/Progress.pm", "/usr/share/perl5/Debconf/Element/Dialog/Select.pm", "/usr/share/perl5/Debconf/Element/Dialog/String.pm", "/usr/share/perl5/Debconf/Element/Dialog/Text.pm", "/usr/share/perl5/Debconf/Element/Editor/Boolean.pm", "/usr/share/perl5/Debconf/Element/Editor/Error.pm", "/usr/share/perl5/Debconf/Element/Editor/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Editor/Note.pm", "/usr/share/perl5/Debconf/Element/Editor/Password.pm", "/usr/share/perl5/Debconf/Element/Editor/Progress.pm", "/usr/share/perl5/Debconf/Element/Editor/Select.pm", "/usr/share/perl5/Debconf/Element/Editor/String.pm", "/usr/share/perl5/Debconf/Element/Editor/Text.pm", "/usr/share/perl5/Debconf/Element/Gnome.pm", "/usr/share/perl5/Debconf/Element/Gnome/Boolean.pm", "/usr/share/perl5/Debconf/Element/Gnome/Error.pm", "/usr/share/perl5/Debconf/Element/Gnome/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Gnome/Note.pm", "/usr/share/perl5/Debconf/Element/Gnome/Password.pm", "/usr/share/perl5/Debconf/Element/Gnome/Progress.pm", "/usr/share/perl5/Debconf/Element/Gnome/Select.pm", "/usr/share/perl5/Debconf/Element/Gnome/String.pm", "/usr/share/perl5/Debconf/Element/Gnome/Text.pm", "/usr/share/perl5/Debconf/Element/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Noninteractive.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Boolean.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Error.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Note.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Password.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Progress.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Select.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/String.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Text.pm", "/usr/share/perl5/Debconf/Element/Select.pm", "/usr/share/perl5/Debconf/Element/Teletype/Boolean.pm", "/usr/share/perl5/Debconf/Element/Teletype/Error.pm", "/usr/share/perl5/Debconf/Element/Teletype/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Teletype/Note.pm", "/usr/share/perl5/Debconf/Element/Teletype/Password.pm", "/usr/share/perl5/Debconf/Element/Teletype/Progress.pm", "/usr/share/perl5/Debconf/Element/Teletype/Select.pm", "/usr/share/perl5/Debconf/Element/Teletype/String.pm", "/usr/share/perl5/Debconf/Element/Teletype/Text.pm", "/usr/share/perl5/Debconf/Element/Web/Boolean.pm", "/usr/share/perl5/Debconf/Element/Web/Error.pm", "/usr/share/perl5/Debconf/Element/Web/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Web/Note.pm", "/usr/share/perl5/Debconf/Element/Web/Password.pm", "/usr/share/perl5/Debconf/Element/Web/Progress.pm", "/usr/share/perl5/Debconf/Element/Web/Select.pm", "/usr/share/perl5/Debconf/Element/Web/String.pm", "/usr/share/perl5/Debconf/Element/Web/Text.pm", "/usr/share/perl5/Debconf/Encoding.pm", "/usr/share/perl5/Debconf/Format.pm", "/usr/share/perl5/Debconf/Format/822.pm", "/usr/share/perl5/Debconf/FrontEnd.pm", "/usr/share/perl5/Debconf/FrontEnd/Dialog.pm", "/usr/share/perl5/Debconf/FrontEnd/Editor.pm", "/usr/share/perl5/Debconf/FrontEnd/Gnome.pm", "/usr/share/perl5/Debconf/FrontEnd/Kde.pm", "/usr/share/perl5/Debconf/FrontEnd/Noninteractive.pm", "/usr/share/perl5/Debconf/FrontEnd/Passthrough.pm", "/usr/share/perl5/Debconf/FrontEnd/Readline.pm", "/usr/share/perl5/Debconf/FrontEnd/ScreenSize.pm", "/usr/share/perl5/Debconf/FrontEnd/Teletype.pm", "/usr/share/perl5/Debconf/FrontEnd/Text.pm", "/usr/share/perl5/Debconf/FrontEnd/Web.pm", "/usr/share/perl5/Debconf/Gettext.pm", "/usr/share/perl5/Debconf/Iterator.pm", "/usr/share/perl5/Debconf/Log.pm", "/usr/share/perl5/Debconf/Path.pm", "/usr/share/perl5/Debconf/Priority.pm", "/usr/share/perl5/Debconf/Question.pm", "/usr/share/perl5/Debconf/Template.pm", "/usr/share/perl5/Debconf/Template/Transient.pm", "/usr/share/perl5/Debconf/TmpFile.pm", "/usr/share/perl5/Debian/DebConf/Client/ConfModule.pm", "/usr/share/pixmaps/debian-logo.png" ], "AnalyzedBy": "dpkg" }, { "ID": "debianutils@5.8-1", "Name": "debianutils", "Identifier": { "PURL": "pkg:deb/ubuntu/debianutils@5.8-1?arch=amd64\u0026distro=ubuntu-23.10", "UID": "2bfb326eef7dbf5b" }, "Version": "5.8", "Release": "1", "Arch": "amd64", "SrcName": "debianutils", "SrcVersion": "5.8", "SrcRelease": "1", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "public-domain", "SMAIL-GPL" ], "Maintainer": "Bastian Germann \u003cbage@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/bin/run-parts", "/bin/tempfile", "/sbin/installkernel", "/usr/bin/ischroot", "/usr/bin/savelog", "/usr/bin/which.debianutils", "/usr/sbin/add-shell", "/usr/sbin/remove-shell", "/usr/sbin/update-shells", "/usr/share/debianutils/shells", "/usr/share/doc/debianutils/README.shells.gz", "/usr/share/doc/debianutils/changelog.Debian.gz", "/usr/share/doc/debianutils/changelog.gz", "/usr/share/doc/debianutils/copyright", "/usr/share/man/de/man1/which.debianutils.1.gz", "/usr/share/man/de/man8/add-shell.8.gz", "/usr/share/man/de/man8/installkernel.8.gz", "/usr/share/man/de/man8/remove-shell.8.gz", "/usr/share/man/de/man8/run-parts.8.gz", "/usr/share/man/de/man8/savelog.8.gz", "/usr/share/man/es/man1/which.debianutils.1.gz", "/usr/share/man/es/man8/add-shell.8.gz", "/usr/share/man/es/man8/installkernel.8.gz", "/usr/share/man/es/man8/remove-shell.8.gz", "/usr/share/man/es/man8/run-parts.8.gz", "/usr/share/man/es/man8/savelog.8.gz", "/usr/share/man/fr/man1/which.debianutils.1.gz", "/usr/share/man/fr/man8/add-shell.8.gz", "/usr/share/man/fr/man8/installkernel.8.gz", "/usr/share/man/fr/man8/remove-shell.8.gz", "/usr/share/man/fr/man8/run-parts.8.gz", "/usr/share/man/fr/man8/savelog.8.gz", "/usr/share/man/it/man1/which.debianutils.1.gz", "/usr/share/man/it/man8/add-shell.8.gz", "/usr/share/man/it/man8/installkernel.8.gz", "/usr/share/man/it/man8/remove-shell.8.gz", "/usr/share/man/it/man8/run-parts.8.gz", "/usr/share/man/it/man8/savelog.8.gz", "/usr/share/man/ja/man1/which.debianutils.1.gz", "/usr/share/man/ja/man8/add-shell.8.gz", "/usr/share/man/ja/man8/installkernel.8.gz", "/usr/share/man/ja/man8/remove-shell.8.gz", "/usr/share/man/ja/man8/run-parts.8.gz", "/usr/share/man/ja/man8/savelog.8.gz", "/usr/share/man/man1/ischroot.1.gz", "/usr/share/man/man1/tempfile.1.gz", "/usr/share/man/man1/which.debianutils.1.gz", "/usr/share/man/man8/add-shell.8.gz", "/usr/share/man/man8/installkernel.8.gz", "/usr/share/man/man8/remove-shell.8.gz", "/usr/share/man/man8/run-parts.8.gz", "/usr/share/man/man8/savelog.8.gz", "/usr/share/man/man8/update-shells.8.gz", "/usr/share/man/pl/man1/which.debianutils.1.gz", "/usr/share/man/pl/man8/add-shell.8.gz", "/usr/share/man/pl/man8/installkernel.8.gz", "/usr/share/man/pl/man8/remove-shell.8.gz", "/usr/share/man/pl/man8/run-parts.8.gz", "/usr/share/man/pl/man8/savelog.8.gz", "/usr/share/man/pt/man1/which.1.gz", "/usr/share/man/pt/man8/add-shell.8.gz", "/usr/share/man/pt/man8/installkernel.8.gz", "/usr/share/man/pt/man8/remove-shell.8.gz", "/usr/share/man/pt/man8/run-parts.8.gz", "/usr/share/man/pt/man8/savelog.8.gz", "/usr/share/man/sl/man1/which.debianutils.1.gz", "/usr/share/man/sl/man8/add-shell.8.gz", "/usr/share/man/sl/man8/installkernel.8.gz", "/usr/share/man/sl/man8/remove-shell.8.gz", "/usr/share/man/sl/man8/run-parts.8.gz", "/usr/share/man/sl/man8/savelog.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "diffutils@1:3.8-4", "Name": "diffutils", "Identifier": { "PURL": "pkg:deb/ubuntu/diffutils@3.8-4?arch=amd64\u0026distro=ubuntu-23.10\u0026epoch=1", "UID": "fb1e939c69a9266d" }, "Version": "3.8", "Release": "4", "Epoch": 1, "Arch": "amd64", "SrcName": "diffutils", "SrcVersion": "3.8", "SrcRelease": "4", "SrcEpoch": 1, "Licenses": [ "GPL-3.0-or-later", "FSFULLR", "LGPL-2.1-or-later", "GPL-3.0-with-autoconf-exception+", "GPL-3.0-only", "GPL-3+ with texinfo exception", "LGPL-2.0-or-later", "GPL-2.0-or-later", "X11", "FSFAP", "GFDL-1.3-no-invariants-only", "LGPL-3.0-or-later", "LGPL-3.0-only", "public-domain", "LGPL-2.0-only", "LGPL-2.1-only", "GPL-2.0-only", "GFDL-1.3-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/usr/bin/cmp", "/usr/bin/diff", "/usr/bin/diff3", "/usr/bin/sdiff", "/usr/share/doc/diffutils/NEWS.gz", "/usr/share/doc/diffutils/changelog.Debian.gz", "/usr/share/doc/diffutils/copyright", "/usr/share/info/diffutils.info.gz", "/usr/share/man/man1/cmp.1.gz", "/usr/share/man/man1/diff.1.gz", "/usr/share/man/man1/diff3.1.gz", "/usr/share/man/man1/sdiff.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "dpkg@1.22.0ubuntu1.1", "Name": "dpkg", "Identifier": { "PURL": "pkg:deb/ubuntu/dpkg@1.22.0ubuntu1.1?arch=amd64\u0026distro=ubuntu-23.10", "UID": "d494dd4367156fd7" }, "Version": "1.22.0ubuntu1.1", "Arch": "amd64", "SrcName": "dpkg", "SrcVersion": "1.22.0ubuntu1.1", "Licenses": [ "GPL-2.0-or-later", "public-domain-s-s-d", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "tar@1.34+dfsg-1.2ubuntu1.1" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/lib/systemd/system/dpkg-db-backup.service", "/lib/systemd/system/dpkg-db-backup.timer", "/sbin/start-stop-daemon", "/usr/bin/dpkg", "/usr/bin/dpkg-deb", "/usr/bin/dpkg-divert", "/usr/bin/dpkg-maintscript-helper", "/usr/bin/dpkg-query", "/usr/bin/dpkg-realpath", "/usr/bin/dpkg-split", "/usr/bin/dpkg-statoverride", "/usr/bin/dpkg-trigger", "/usr/bin/update-alternatives", "/usr/libexec/dpkg/dpkg-db-backup", "/usr/libexec/dpkg/dpkg-db-keeper", "/usr/share/bug/dpkg", "/usr/share/doc/dpkg/AUTHORS", "/usr/share/doc/dpkg/README.api", "/usr/share/doc/dpkg/README.bug-usertags.gz", "/usr/share/doc/dpkg/README.feature-removal-schedule.gz", "/usr/share/doc/dpkg/THANKS.gz", "/usr/share/doc/dpkg/changelog.gz", "/usr/share/doc/dpkg/copyright", "/usr/share/dpkg/abitable", "/usr/share/dpkg/cputable", "/usr/share/dpkg/ostable", "/usr/share/dpkg/sh/dpkg-error.sh", "/usr/share/dpkg/tupletable", "/usr/share/lintian/overrides/dpkg", "/usr/share/lintian/profiles/dpkg/main.profile", "/usr/share/locale/ast/LC_MESSAGES/dpkg.mo", "/usr/share/locale/bs/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ca/LC_MESSAGES/dpkg.mo", "/usr/share/locale/cs/LC_MESSAGES/dpkg.mo", "/usr/share/locale/da/LC_MESSAGES/dpkg.mo", "/usr/share/locale/de/LC_MESSAGES/dpkg.mo", "/usr/share/locale/dz/LC_MESSAGES/dpkg.mo", "/usr/share/locale/el/LC_MESSAGES/dpkg.mo", "/usr/share/locale/eo/LC_MESSAGES/dpkg.mo", "/usr/share/locale/es/LC_MESSAGES/dpkg.mo", "/usr/share/locale/et/LC_MESSAGES/dpkg.mo", "/usr/share/locale/eu/LC_MESSAGES/dpkg.mo", "/usr/share/locale/fr/LC_MESSAGES/dpkg.mo", "/usr/share/locale/gl/LC_MESSAGES/dpkg.mo", "/usr/share/locale/hu/LC_MESSAGES/dpkg.mo", "/usr/share/locale/id/LC_MESSAGES/dpkg.mo", "/usr/share/locale/it/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ja/LC_MESSAGES/dpkg.mo", "/usr/share/locale/km/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ko/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ku/LC_MESSAGES/dpkg.mo", "/usr/share/locale/lt/LC_MESSAGES/dpkg.mo", "/usr/share/locale/mr/LC_MESSAGES/dpkg.mo", "/usr/share/locale/nb/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ne/LC_MESSAGES/dpkg.mo", "/usr/share/locale/nl/LC_MESSAGES/dpkg.mo", "/usr/share/locale/nn/LC_MESSAGES/dpkg.mo", "/usr/share/locale/oc/LC_MESSAGES/dpkg.mo", "/usr/share/locale/pa/LC_MESSAGES/dpkg.mo", "/usr/share/locale/pl/LC_MESSAGES/dpkg.mo", "/usr/share/locale/pt/LC_MESSAGES/dpkg.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ro/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ru/LC_MESSAGES/dpkg.mo", "/usr/share/locale/sk/LC_MESSAGES/dpkg.mo", "/usr/share/locale/sv/LC_MESSAGES/dpkg.mo", "/usr/share/locale/th/LC_MESSAGES/dpkg.mo", "/usr/share/locale/tl/LC_MESSAGES/dpkg.mo", "/usr/share/locale/tr/LC_MESSAGES/dpkg.mo", "/usr/share/locale/vi/LC_MESSAGES/dpkg.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/dpkg.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/dpkg.mo", "/usr/share/man/de/man1/dpkg-deb.1.gz", "/usr/share/man/de/man1/dpkg-divert.1.gz", "/usr/share/man/de/man1/dpkg-maintscript-helper.1.gz", "/usr/share/man/de/man1/dpkg-query.1.gz", "/usr/share/man/de/man1/dpkg-realpath.1.gz", "/usr/share/man/de/man1/dpkg-split.1.gz", "/usr/share/man/de/man1/dpkg-statoverride.1.gz", "/usr/share/man/de/man1/dpkg-trigger.1.gz", "/usr/share/man/de/man1/dpkg.1.gz", "/usr/share/man/de/man1/update-alternatives.1.gz", "/usr/share/man/de/man5/dpkg.cfg.5.gz", "/usr/share/man/de/man8/start-stop-daemon.8.gz", "/usr/share/man/es/man5/dpkg.cfg.5.gz", "/usr/share/man/fr/man1/dpkg-deb.1.gz", "/usr/share/man/fr/man1/dpkg-divert.1.gz", "/usr/share/man/fr/man1/dpkg-maintscript-helper.1.gz", "/usr/share/man/fr/man1/dpkg-query.1.gz", "/usr/share/man/fr/man1/dpkg-realpath.1.gz", "/usr/share/man/fr/man1/dpkg-split.1.gz", "/usr/share/man/fr/man1/dpkg-statoverride.1.gz", "/usr/share/man/fr/man1/dpkg-trigger.1.gz", "/usr/share/man/fr/man1/dpkg.1.gz", "/usr/share/man/fr/man1/update-alternatives.1.gz", "/usr/share/man/fr/man5/dpkg.cfg.5.gz", "/usr/share/man/fr/man8/start-stop-daemon.8.gz", "/usr/share/man/hu/man5/dpkg.cfg.5.gz", "/usr/share/man/it/man5/dpkg.cfg.5.gz", "/usr/share/man/ja/man5/dpkg.cfg.5.gz", "/usr/share/man/man1/dpkg-deb.1.gz", "/usr/share/man/man1/dpkg-divert.1.gz", "/usr/share/man/man1/dpkg-maintscript-helper.1.gz", "/usr/share/man/man1/dpkg-query.1.gz", "/usr/share/man/man1/dpkg-realpath.1.gz", "/usr/share/man/man1/dpkg-split.1.gz", "/usr/share/man/man1/dpkg-statoverride.1.gz", "/usr/share/man/man1/dpkg-trigger.1.gz", "/usr/share/man/man1/dpkg.1.gz", "/usr/share/man/man1/update-alternatives.1.gz", "/usr/share/man/man5/dpkg.cfg.5.gz", "/usr/share/man/man8/start-stop-daemon.8.gz", "/usr/share/man/nl/man1/dpkg-deb.1.gz", "/usr/share/man/nl/man1/dpkg-divert.1.gz", "/usr/share/man/nl/man1/dpkg-maintscript-helper.1.gz", "/usr/share/man/nl/man1/dpkg-query.1.gz", "/usr/share/man/nl/man1/dpkg-realpath.1.gz", "/usr/share/man/nl/man1/dpkg-split.1.gz", "/usr/share/man/nl/man1/dpkg-statoverride.1.gz", "/usr/share/man/nl/man1/dpkg-trigger.1.gz", "/usr/share/man/nl/man1/dpkg.1.gz", "/usr/share/man/nl/man1/update-alternatives.1.gz", "/usr/share/man/nl/man5/dpkg.cfg.5.gz", "/usr/share/man/nl/man8/start-stop-daemon.8.gz", "/usr/share/man/pl/man5/dpkg.cfg.5.gz", "/usr/share/man/pt/man1/dpkg-deb.1.gz", "/usr/share/man/pt/man1/dpkg-divert.1.gz", "/usr/share/man/pt/man1/dpkg-maintscript-helper.1.gz", "/usr/share/man/pt/man1/dpkg-query.1.gz", "/usr/share/man/pt/man1/dpkg-realpath.1.gz", "/usr/share/man/pt/man1/dpkg-split.1.gz", "/usr/share/man/pt/man1/dpkg-statoverride.1.gz", "/usr/share/man/pt/man1/dpkg-trigger.1.gz", "/usr/share/man/pt/man1/dpkg.1.gz", "/usr/share/man/pt/man1/update-alternatives.1.gz", "/usr/share/man/pt/man5/dpkg.cfg.5.gz", "/usr/share/man/pt/man8/start-stop-daemon.8.gz", "/usr/share/man/sv/man1/dpkg-deb.1.gz", "/usr/share/man/sv/man1/dpkg-divert.1.gz", "/usr/share/man/sv/man1/dpkg-maintscript-helper.1.gz", "/usr/share/man/sv/man1/dpkg-query.1.gz", "/usr/share/man/sv/man1/dpkg-realpath.1.gz", "/usr/share/man/sv/man1/dpkg-split.1.gz", "/usr/share/man/sv/man1/dpkg-statoverride.1.gz", "/usr/share/man/sv/man1/dpkg-trigger.1.gz", "/usr/share/man/sv/man1/dpkg.1.gz", "/usr/share/man/sv/man1/update-alternatives.1.gz", "/usr/share/man/sv/man5/dpkg.cfg.5.gz", "/usr/share/man/sv/man8/start-stop-daemon.8.gz", "/usr/share/polkit-1/actions/org.dpkg.pkexec.update-alternatives.policy" ], "AnalyzedBy": "dpkg" }, { "ID": "e2fsprogs@1.47.0-2ubuntu1", "Name": "e2fsprogs", "Identifier": { "PURL": "pkg:deb/ubuntu/e2fsprogs@1.47.0-2ubuntu1?arch=amd64\u0026distro=ubuntu-23.10", "UID": "93f65def7a88bc18" }, "Version": "1.47.0", "Release": "2ubuntu1", "Arch": "amd64", "SrcName": "e2fsprogs", "SrcVersion": "1.47.0", "SrcRelease": "2ubuntu1", "Licenses": [ "GPL-2.0-only", "LGPL-2.0-only", "BSD-3-Clause", "Apache-2.0", "ISC", "GPL-2.0-or-later", "MIT-US-export", "Kazlib", "Latex2e", "GPL-2+ with Texinfo exception" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "logsave@1.47.0-2ubuntu1" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/lib/systemd/system/e2scrub@.service", "/lib/systemd/system/e2scrub_all.service", "/lib/systemd/system/e2scrub_all.timer", "/lib/systemd/system/e2scrub_fail@.service", "/lib/systemd/system/e2scrub_reap.service", "/lib/udev/rules.d/96-e2scrub.rules", "/sbin/badblocks", "/sbin/debugfs", "/sbin/dumpe2fs", "/sbin/e2fsck", "/sbin/e2image", "/sbin/e2scrub", "/sbin/e2scrub_all", "/sbin/e2undo", "/sbin/mke2fs", "/sbin/resize2fs", "/sbin/tune2fs", "/usr/bin/chattr", "/usr/bin/lsattr", "/usr/lib/x86_64-linux-gnu/e2fsprogs/e2scrub_all_cron", "/usr/lib/x86_64-linux-gnu/e2fsprogs/e2scrub_fail", "/usr/sbin/e2freefrag", "/usr/sbin/e4crypt", "/usr/sbin/e4defrag", "/usr/sbin/filefrag", "/usr/sbin/mklost+found", "/usr/share/doc/e2fsprogs/NEWS.gz", "/usr/share/doc/e2fsprogs/README", "/usr/share/doc/e2fsprogs/copyright", "/usr/share/lintian/overrides/e2fsprogs", "/usr/share/man/man1/chattr.1.gz", "/usr/share/man/man1/lsattr.1.gz", "/usr/share/man/man5/e2fsck.conf.5.gz", "/usr/share/man/man5/ext4.5.gz", "/usr/share/man/man5/mke2fs.conf.5.gz", "/usr/share/man/man8/badblocks.8.gz", "/usr/share/man/man8/debugfs.8.gz", "/usr/share/man/man8/dumpe2fs.8.gz", "/usr/share/man/man8/e2freefrag.8.gz", "/usr/share/man/man8/e2fsck.8.gz", "/usr/share/man/man8/e2image.8.gz", "/usr/share/man/man8/e2label.8.gz", "/usr/share/man/man8/e2mmpstatus.8.gz", "/usr/share/man/man8/e2scrub.8.gz", "/usr/share/man/man8/e2scrub_all.8.gz", "/usr/share/man/man8/e2undo.8.gz", "/usr/share/man/man8/e4crypt.8.gz", "/usr/share/man/man8/e4defrag.8.gz", "/usr/share/man/man8/filefrag.8.gz", "/usr/share/man/man8/mke2fs.8.gz", "/usr/share/man/man8/mklost+found.8.gz", "/usr/share/man/man8/resize2fs.8.gz", "/usr/share/man/man8/tune2fs.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "findutils@4.9.0-5", "Name": "findutils", "Identifier": { "PURL": "pkg:deb/ubuntu/findutils@4.9.0-5?arch=amd64\u0026distro=ubuntu-23.10", "UID": "eb60580587b05254" }, "Version": "4.9.0", "Release": "5", "Arch": "amd64", "SrcName": "findutils", "SrcVersion": "4.9.0", "SrcRelease": "5", "Licenses": [ "GFDL-1.3-no-invariants-or-later", "GPL-3.0-or-later", "FSFAP", "GPL-3+ with Autoconf-data exception", "FSFULLR", "GPL-2+ with Autoconf-data exception", "GPL-2.0-or-later", "X11", "public-domain", "GPL with automake exception", "LGPL-2.1-or-later", "LGPL-2.0-or-later", "LGPL-3.0-or-later", "BSD-3-clause and/or GPL-3+", "GPL-3+ with Bison-2.2 exception", "LGPL-3.0-only", "ISC and/or LGPL-2.1+", "BSD-3-Clause", "GFDL-1.3-only", "GPL-2.0-only", "GPL-3.0-only", "ISC", "LGPL-2.0-only", "LGPL-2.1-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/usr/bin/find", "/usr/bin/xargs", "/usr/share/doc-base/findutils.findutils", "/usr/share/doc/findutils/NEWS.Debian.gz", "/usr/share/doc/findutils/NEWS.gz", "/usr/share/doc/findutils/README.gz", "/usr/share/doc/findutils/TODO", "/usr/share/doc/findutils/changelog.Debian.gz", "/usr/share/doc/findutils/copyright", "/usr/share/info/find-maint.info.gz", "/usr/share/info/find.info-1.gz", "/usr/share/info/find.info-2.gz", "/usr/share/info/find.info.gz", "/usr/share/man/man1/find.1.gz", "/usr/share/man/man1/xargs.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "gcc-13-base@13.2.0-4ubuntu3", "Name": "gcc-13-base", "Identifier": { "PURL": "pkg:deb/ubuntu/gcc-13-base@13.2.0-4ubuntu3?arch=amd64\u0026distro=ubuntu-23.10", "UID": "b5e02b596bb76b4c" }, "Version": "13.2.0", "Release": "4ubuntu3", "Arch": "amd64", "SrcName": "gcc-13", "SrcVersion": "13.2.0", "SrcRelease": "4ubuntu3", "Licenses": [ "GPL-2.0-or-later", "GPL-3.0-only", "GFDL-1.2-only", "GPL-2.0-only", "Artistic-2.0", "LGPL-2.0-or-later" ], "Maintainer": "Ubuntu Core developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/usr/share/doc/gcc-13-base/README.Debian.amd64.gz", "/usr/share/doc/gcc-13-base/TODO.Debian", "/usr/share/doc/gcc-13-base/changelog.Debian.gz", "/usr/share/doc/gcc-13-base/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "gpgv@2.2.40-1.1ubuntu1", "Name": "gpgv", "Identifier": { "PURL": "pkg:deb/ubuntu/gpgv@2.2.40-1.1ubuntu1?arch=amd64\u0026distro=ubuntu-23.10", "UID": "9a4f54e83006f6c0" }, "Version": "2.2.40", "Release": "1.1ubuntu1", "Arch": "amd64", "SrcName": "gnupg2", "SrcVersion": "2.2.40", "SrcRelease": "1.1ubuntu1", "Licenses": [ "GPL-3.0-or-later", "permissive", "LGPL-2.1-or-later", "MIT", "BSD-3-Clause", "LGPL-3.0-or-later", "RFC-Reference", "TinySCHEME", "CC0-1.0", "GPL-3.0-only", "LGPL-3.0-only", "LGPL-2.1-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libbz2-1.0@1.0.8-5build1", "libc6@2.38-1ubuntu6.3", "libgcrypt20@1.10.2-3ubuntu1", "libgpg-error0@1.47-2", "zlib1g@1:1.2.13.dfsg-1ubuntu5" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/usr/bin/gpgv", "/usr/share/doc/gpgv/NEWS.Debian.gz", "/usr/share/doc/gpgv/changelog.Debian.gz", "/usr/share/doc/gpgv/copyright", "/usr/share/man/man1/gpgv.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "grep@3.11-2", "Name": "grep", "Identifier": { "PURL": "pkg:deb/ubuntu/grep@3.11-2?arch=amd64\u0026distro=ubuntu-23.10", "UID": "6acdd681813578f7" }, "Version": "3.11", "Release": "2", "Arch": "amd64", "SrcName": "grep", "SrcVersion": "3.11", "SrcRelease": "2", "Licenses": [ "GPL-3.0-or-later", "GPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/bin/egrep", "/bin/fgrep", "/bin/grep", "/usr/bin/rgrep", "/usr/share/doc/grep/AUTHORS", "/usr/share/doc/grep/NEWS.Debian.gz", "/usr/share/doc/grep/NEWS.gz", "/usr/share/doc/grep/README", "/usr/share/doc/grep/THANKS.gz", "/usr/share/doc/grep/TODO.gz", "/usr/share/doc/grep/changelog.Debian.gz", "/usr/share/doc/grep/copyright", "/usr/share/info/grep.info.gz", "/usr/share/man/man1/grep.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "gzip@1.12-1ubuntu1", "Name": "gzip", "Identifier": { "PURL": "pkg:deb/ubuntu/gzip@1.12-1ubuntu1?arch=amd64\u0026distro=ubuntu-23.10", "UID": "7ba5615b2bdf3f2f" }, "Version": "1.12", "Release": "1ubuntu1", "Arch": "amd64", "SrcName": "gzip", "SrcVersion": "1.12", "SrcRelease": "1ubuntu1", "Licenses": [ "GPL-3.0-or-later", "GFDL-1.3+-no-invariant", "FSF-manpages", "GPL-3.0-only", "GFDL-3" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "dpkg@1.22.0ubuntu1.1" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/bin/gunzip", "/bin/gzexe", "/bin/gzip", "/bin/uncompress", "/bin/zcat", "/bin/zcmp", "/bin/zdiff", "/bin/zegrep", "/bin/zfgrep", "/bin/zforce", "/bin/zgrep", "/bin/zless", "/bin/zmore", "/bin/znew", "/usr/share/doc/gzip/NEWS.gz", "/usr/share/doc/gzip/README.gz", "/usr/share/doc/gzip/TODO", "/usr/share/doc/gzip/changelog.Debian.gz", "/usr/share/doc/gzip/copyright", "/usr/share/info/gzip.info.gz", "/usr/share/man/man1/gzexe.1.gz", "/usr/share/man/man1/gzip.1.gz", "/usr/share/man/man1/zdiff.1.gz", "/usr/share/man/man1/zforce.1.gz", "/usr/share/man/man1/zgrep.1.gz", "/usr/share/man/man1/zless.1.gz", "/usr/share/man/man1/zmore.1.gz", "/usr/share/man/man1/znew.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "hostname@3.23+nmu1ubuntu1", "Name": "hostname", "Identifier": { "PURL": "pkg:deb/ubuntu/hostname@3.23%2Bnmu1ubuntu1?arch=amd64\u0026distro=ubuntu-23.10", "UID": "7460255cb8aeb4f5" }, "Version": "3.23+nmu1ubuntu1", "Arch": "amd64", "SrcName": "hostname", "SrcVersion": "3.23+nmu1ubuntu1", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/bin/hostname", "/usr/share/doc/hostname/changelog.gz", "/usr/share/doc/hostname/copyright", "/usr/share/man/man1/hostname.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "init-system-helpers@1.65.2ubuntu1", "Name": "init-system-helpers", "Identifier": { "PURL": "pkg:deb/ubuntu/init-system-helpers@1.65.2ubuntu1?arch=all\u0026distro=ubuntu-23.10", "UID": "efdd542c03a3784d" }, "Version": "1.65.2ubuntu1", "Arch": "all", "SrcName": "init-system-helpers", "SrcVersion": "1.65.2ubuntu1", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/usr/bin/deb-systemd-helper", "/usr/bin/deb-systemd-invoke", "/usr/sbin/invoke-rc.d", "/usr/sbin/service", "/usr/sbin/update-rc.d", "/usr/share/bug/init-system-helpers/control", "/usr/share/doc/init-system-helpers/README.invoke-rc.d.gz", "/usr/share/doc/init-system-helpers/README.policy-rc.d.gz", "/usr/share/doc/init-system-helpers/changelog.gz", "/usr/share/doc/init-system-helpers/copyright", "/usr/share/man/man1/deb-systemd-helper.1p.gz", "/usr/share/man/man1/deb-systemd-invoke.1p.gz", "/usr/share/man/man8/invoke-rc.d.8.gz", "/usr/share/man/man8/service.8.gz", "/usr/share/man/man8/update-rc.d.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "libacl1@2.3.1-3", "Name": "libacl1", "Identifier": { "PURL": "pkg:deb/ubuntu/libacl1@2.3.1-3?arch=amd64\u0026distro=ubuntu-23.10", "UID": "16eaf4ba78d1ba24" }, "Version": "2.3.1", "Release": "3", "Arch": "amd64", "SrcName": "acl", "SrcVersion": "2.3.1", "SrcRelease": "3", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "LGPL-2.0-or-later", "LGPL-2.1-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libacl.so.1.1.2301", "/usr/share/doc/libacl1/changelog.Debian.gz", "/usr/share/doc/libacl1/copyright", "/usr/share/lintian/overrides/libacl1" ], "AnalyzedBy": "dpkg" }, { "ID": "libapt-pkg6.0@2.7.3ubuntu0.1", "Name": "libapt-pkg6.0", "Identifier": { "PURL": "pkg:deb/ubuntu/libapt-pkg6.0@2.7.3ubuntu0.1?arch=amd64\u0026distro=ubuntu-23.10", "UID": "326de5eaff5b9ca9" }, "Version": "2.7.3ubuntu0.1", "Arch": "amd64", "SrcName": "apt", "SrcVersion": "2.7.3ubuntu0.1", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "BSD-3-Clause", "MIT" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libbz2-1.0@1.0.8-5build1", "libc6@2.38-1ubuntu6.3", "libgcc-s1@13.2.0-4ubuntu3", "libgcrypt20@1.10.2-3ubuntu1", "liblz4-1@1.9.4-1", "liblzma5@5.4.1-0.2", "libstdc++6@13.2.0-4ubuntu3", "libsystemd0@253.5-1ubuntu6.1", "libudev1@253.5-1ubuntu6.1", "libxxhash0@0.8.1-1", "libzstd1@1.5.5+dfsg2-1ubuntu2", "zlib1g@1:1.2.13.dfsg-1ubuntu5" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libapt-pkg.so.6.0.0", "/usr/share/doc/libapt-pkg6.0/NEWS.Debian.gz", "/usr/share/doc/libapt-pkg6.0/changelog.gz", "/usr/share/doc/libapt-pkg6.0/copyright", "/usr/share/locale/ar/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/ast/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/bg/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/bs/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/ca/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/cs/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/cy/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/da/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/de/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/dz/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/el/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/es/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/eu/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/fi/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/fr/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/gl/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/hu/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/it/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/ja/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/km/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/ko/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/ku/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/lt/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/mr/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/nb/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/ne/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/nl/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/nn/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/pl/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/pt/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/ro/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/ru/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/sk/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/sl/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/sv/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/th/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/tl/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/tr/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/uk/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/vi/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/libapt-pkg6.0.mo" ], "AnalyzedBy": "dpkg" }, { "ID": "libattr1@1:2.5.1-4", "Name": "libattr1", "Identifier": { "PURL": "pkg:deb/ubuntu/libattr1@2.5.1-4?arch=amd64\u0026distro=ubuntu-23.10\u0026epoch=1", "UID": "eba7f45ea60648ef" }, "Version": "2.5.1", "Release": "4", "Epoch": 1, "Arch": "amd64", "SrcName": "attr", "SrcVersion": "2.5.1", "SrcRelease": "4", "SrcEpoch": 1, "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "LGPL-2.0-or-later", "LGPL-2.1-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libattr.so.1.1.2501", "/usr/share/doc/libattr1/changelog.Debian.gz", "/usr/share/doc/libattr1/copyright", "/usr/share/lintian/overrides/libattr1" ], "AnalyzedBy": "dpkg" }, { "ID": "libaudit-common@1:3.1.1-1", "Name": "libaudit-common", "Identifier": { "PURL": "pkg:deb/ubuntu/libaudit-common@3.1.1-1?arch=all\u0026distro=ubuntu-23.10\u0026epoch=1", "UID": "d5d2b5d6d82eb5e0" }, "Version": "3.1.1", "Release": "1", "Epoch": 1, "Arch": "all", "SrcName": "audit", "SrcVersion": "3.1.1", "SrcRelease": "1", "SrcEpoch": 1, "Licenses": [ "GPL-2.0-only", "LGPL-2.1-only", "GPL-1.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/usr/share/doc/libaudit-common/changelog.Debian.gz", "/usr/share/doc/libaudit-common/copyright", "/usr/share/man/man5/libaudit.conf.5.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "libaudit1@1:3.1.1-1", "Name": "libaudit1", "Identifier": { "PURL": "pkg:deb/ubuntu/libaudit1@3.1.1-1?arch=amd64\u0026distro=ubuntu-23.10\u0026epoch=1", "UID": "22ffab6ad06e1b24" }, "Version": "3.1.1", "Release": "1", "Epoch": 1, "Arch": "amd64", "SrcName": "audit", "SrcVersion": "3.1.1", "SrcRelease": "1", "SrcEpoch": 1, "Licenses": [ "GPL-2.0-only", "LGPL-2.1-only", "GPL-1.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libaudit-common@1:3.1.1-1", "libc6@2.38-1ubuntu6.3", "libcap-ng0@0.8.3-1build2" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libaudit.so.1.0.0", "/usr/share/doc/libaudit1/changelog.Debian.gz", "/usr/share/doc/libaudit1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libblkid1@2.39.1-4ubuntu2.2", "Name": "libblkid1", "Identifier": { "PURL": "pkg:deb/ubuntu/libblkid1@2.39.1-4ubuntu2.2?arch=amd64\u0026distro=ubuntu-23.10", "UID": "f3d6437c5f894a84" }, "Version": "2.39.1", "Release": "4ubuntu2.2", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.39.1", "SrcRelease": "4ubuntu2.2", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "public-domain", "BSD-4-Clause", "MIT", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "LGPL-2.1-or-later", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libblkid.so.1.1.0", "/usr/share/doc/libblkid1/changelog.Debian.gz", "/usr/share/doc/libblkid1/copyright", "/usr/share/lintian/overrides/libblkid1" ], "AnalyzedBy": "dpkg" }, { "ID": "libbz2-1.0@1.0.8-5build1", "Name": "libbz2-1.0", "Identifier": { "PURL": "pkg:deb/ubuntu/libbz2-1.0@1.0.8-5build1?arch=amd64\u0026distro=ubuntu-23.10", "UID": "c0fea80fd44d3485" }, "Version": "1.0.8", "Release": "5build1", "Arch": "amd64", "SrcName": "bzip2", "SrcVersion": "1.0.8", "SrcRelease": "5build1", "Licenses": [ "BSD-3-Clause", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libbz2.so.1.0.4", "/usr/share/doc/libbz2-1.0/changelog.Debian.gz", "/usr/share/doc/libbz2-1.0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libc-bin@2.38-1ubuntu6.3", "Name": "libc-bin", "Identifier": { "PURL": "pkg:deb/ubuntu/libc-bin@2.38-1ubuntu6.3?arch=amd64\u0026distro=ubuntu-23.10", "UID": "fad6e8575bbba0cc" }, "Version": "2.38", "Release": "1ubuntu6.3", "Arch": "amd64", "SrcName": "glibc", "SrcVersion": "2.38", "SrcRelease": "1ubuntu6.3", "Licenses": [ "LGPL-2.1-only", "GPL-2.0-only", "GFDL-1.3-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/sbin/ldconfig", "/sbin/ldconfig.real", "/usr/bin/getconf", "/usr/bin/getent", "/usr/bin/iconv", "/usr/bin/ldd", "/usr/bin/locale", "/usr/bin/localedef", "/usr/bin/pldd", "/usr/bin/tzselect", "/usr/bin/zdump", "/usr/lib/locale/C.utf8/LC_ADDRESS", "/usr/lib/locale/C.utf8/LC_COLLATE", "/usr/lib/locale/C.utf8/LC_CTYPE", "/usr/lib/locale/C.utf8/LC_IDENTIFICATION", "/usr/lib/locale/C.utf8/LC_MEASUREMENT", "/usr/lib/locale/C.utf8/LC_MESSAGES/SYS_LC_MESSAGES", "/usr/lib/locale/C.utf8/LC_MONETARY", "/usr/lib/locale/C.utf8/LC_NAME", "/usr/lib/locale/C.utf8/LC_NUMERIC", "/usr/lib/locale/C.utf8/LC_PAPER", "/usr/lib/locale/C.utf8/LC_TELEPHONE", "/usr/lib/locale/C.utf8/LC_TIME", "/usr/sbin/iconvconfig", "/usr/sbin/zic", "/usr/share/doc/libc-bin/copyright", "/usr/share/libc-bin/nsswitch.conf", "/usr/share/lintian/overrides/libc-bin", "/usr/share/man/man1/getconf.1.gz", "/usr/share/man/man1/tzselect.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "libc6@2.38-1ubuntu6.3", "Name": "libc6", "Identifier": { "PURL": "pkg:deb/ubuntu/libc6@2.38-1ubuntu6.3?arch=amd64\u0026distro=ubuntu-23.10", "UID": "4fc4121121ebc6af" }, "Version": "2.38", "Release": "1ubuntu6.3", "Arch": "amd64", "SrcName": "glibc", "SrcVersion": "2.38", "SrcRelease": "1ubuntu6.3", "Licenses": [ "LGPL-2.1-only", "GPL-2.0-only", "GFDL-1.3-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libgcc-s1@13.2.0-4ubuntu3" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2", "/lib/x86_64-linux-gnu/libBrokenLocale.so.1", "/lib/x86_64-linux-gnu/libanl.so.1", "/lib/x86_64-linux-gnu/libc.so.6", "/lib/x86_64-linux-gnu/libc_malloc_debug.so.0", "/lib/x86_64-linux-gnu/libdl.so.2", "/lib/x86_64-linux-gnu/libm.so.6", "/lib/x86_64-linux-gnu/libmemusage.so", "/lib/x86_64-linux-gnu/libmvec.so.1", "/lib/x86_64-linux-gnu/libnsl.so.1", "/lib/x86_64-linux-gnu/libnss_compat.so.2", "/lib/x86_64-linux-gnu/libnss_dns.so.2", "/lib/x86_64-linux-gnu/libnss_files.so.2", "/lib/x86_64-linux-gnu/libnss_hesiod.so.2", "/lib/x86_64-linux-gnu/libpcprofile.so", "/lib/x86_64-linux-gnu/libpthread.so.0", "/lib/x86_64-linux-gnu/libresolv.so.2", "/lib/x86_64-linux-gnu/librt.so.1", "/lib/x86_64-linux-gnu/libthread_db.so.1", "/lib/x86_64-linux-gnu/libutil.so.1", "/usr/lib/x86_64-linux-gnu/gconv/ANSI_X3.110.so", "/usr/lib/x86_64-linux-gnu/gconv/ARMSCII-8.so", "/usr/lib/x86_64-linux-gnu/gconv/ASMO_449.so", "/usr/lib/x86_64-linux-gnu/gconv/BIG5.so", "/usr/lib/x86_64-linux-gnu/gconv/BIG5HKSCS.so", "/usr/lib/x86_64-linux-gnu/gconv/BRF.so", "/usr/lib/x86_64-linux-gnu/gconv/CP10007.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1125.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1250.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1251.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1252.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1253.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1254.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1255.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1256.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1257.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1258.so", "/usr/lib/x86_64-linux-gnu/gconv/CP737.so", "/usr/lib/x86_64-linux-gnu/gconv/CP770.so", "/usr/lib/x86_64-linux-gnu/gconv/CP771.so", "/usr/lib/x86_64-linux-gnu/gconv/CP772.so", "/usr/lib/x86_64-linux-gnu/gconv/CP773.so", "/usr/lib/x86_64-linux-gnu/gconv/CP774.so", "/usr/lib/x86_64-linux-gnu/gconv/CP775.so", "/usr/lib/x86_64-linux-gnu/gconv/CP932.so", "/usr/lib/x86_64-linux-gnu/gconv/CSN_369103.so", "/usr/lib/x86_64-linux-gnu/gconv/CWI.so", "/usr/lib/x86_64-linux-gnu/gconv/DEC-MCS.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-AT-DE-A.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-AT-DE.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-CA-FR.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-DK-NO-A.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-DK-NO.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES-A.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES-S.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FI-SE-A.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FI-SE.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FR.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-IS-FRISS.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-IT.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-PT.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-UK.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-US.so", "/usr/lib/x86_64-linux-gnu/gconv/ECMA-CYRILLIC.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-CN.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-JISX0213.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-JP-MS.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-JP.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-KR.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-TW.so", "/usr/lib/x86_64-linux-gnu/gconv/GB18030.so", "/usr/lib/x86_64-linux-gnu/gconv/GBBIG5.so", "/usr/lib/x86_64-linux-gnu/gconv/GBGBK.so", "/usr/lib/x86_64-linux-gnu/gconv/GBK.so", "/usr/lib/x86_64-linux-gnu/gconv/GEORGIAN-ACADEMY.so", "/usr/lib/x86_64-linux-gnu/gconv/GEORGIAN-PS.so", "/usr/lib/x86_64-linux-gnu/gconv/GOST_19768-74.so", "/usr/lib/x86_64-linux-gnu/gconv/GREEK-CCITT.so", "/usr/lib/x86_64-linux-gnu/gconv/GREEK7-OLD.so", "/usr/lib/x86_64-linux-gnu/gconv/GREEK7.so", "/usr/lib/x86_64-linux-gnu/gconv/HP-GREEK8.so", "/usr/lib/x86_64-linux-gnu/gconv/HP-ROMAN8.so", "/usr/lib/x86_64-linux-gnu/gconv/HP-ROMAN9.so", "/usr/lib/x86_64-linux-gnu/gconv/HP-THAI8.so", "/usr/lib/x86_64-linux-gnu/gconv/HP-TURKISH8.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM037.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM038.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1004.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1008.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1008_420.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1025.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1026.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1046.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1047.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1097.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1112.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1122.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1123.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1124.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1129.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1130.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1132.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1133.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1137.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1140.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1141.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1142.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1143.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1144.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1145.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1146.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1147.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1148.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1149.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1153.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1154.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1155.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1156.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1157.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1158.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1160.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1161.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1162.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1163.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1164.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1166.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1167.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM12712.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1364.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1371.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1388.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1390.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1399.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM16804.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM256.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM273.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM274.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM275.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM277.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM278.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM280.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM281.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM284.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM285.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM290.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM297.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM420.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM423.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM424.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM437.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM4517.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM4899.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM4909.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM4971.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM500.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM5347.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM803.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM850.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM851.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM852.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM855.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM856.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM857.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM858.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM860.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM861.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM862.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM863.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM864.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM865.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM866.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM866NAV.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM868.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM869.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM870.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM871.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM874.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM875.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM880.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM891.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM901.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM902.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM903.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM9030.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM904.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM905.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM9066.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM918.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM921.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM922.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM930.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM932.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM933.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM935.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM937.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM939.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM943.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM9448.so", "/usr/lib/x86_64-linux-gnu/gconv/IEC_P27-1.so", "/usr/lib/x86_64-linux-gnu/gconv/INIS-8.so", "/usr/lib/x86_64-linux-gnu/gconv/INIS-CYRILLIC.so", "/usr/lib/x86_64-linux-gnu/gconv/INIS.so", "/usr/lib/x86_64-linux-gnu/gconv/ISIRI-3342.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-CN-EXT.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-CN.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-JP-3.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-JP.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-KR.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-IR-197.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-IR-209.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO646.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-1.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-10.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-11.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-13.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-14.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-15.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-16.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-2.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-3.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-4.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-5.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-6.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-7.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-8.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-9.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-9E.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_10367-BOX.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_11548-1.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_2033.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_5427-EXT.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_5427.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_5428.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_6937-2.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_6937.so", "/usr/lib/x86_64-linux-gnu/gconv/JOHAB.so", "/usr/lib/x86_64-linux-gnu/gconv/KOI-8.so", "/usr/lib/x86_64-linux-gnu/gconv/KOI8-R.so", "/usr/lib/x86_64-linux-gnu/gconv/KOI8-RU.so", "/usr/lib/x86_64-linux-gnu/gconv/KOI8-T.so", "/usr/lib/x86_64-linux-gnu/gconv/KOI8-U.so", "/usr/lib/x86_64-linux-gnu/gconv/LATIN-GREEK-1.so", "/usr/lib/x86_64-linux-gnu/gconv/LATIN-GREEK.so", "/usr/lib/x86_64-linux-gnu/gconv/MAC-CENTRALEUROPE.so", "/usr/lib/x86_64-linux-gnu/gconv/MAC-IS.so", "/usr/lib/x86_64-linux-gnu/gconv/MAC-SAMI.so", "/usr/lib/x86_64-linux-gnu/gconv/MAC-UK.so", "/usr/lib/x86_64-linux-gnu/gconv/MACINTOSH.so", "/usr/lib/x86_64-linux-gnu/gconv/MIK.so", "/usr/lib/x86_64-linux-gnu/gconv/NATS-DANO.so", "/usr/lib/x86_64-linux-gnu/gconv/NATS-SEFI.so", "/usr/lib/x86_64-linux-gnu/gconv/PT154.so", "/usr/lib/x86_64-linux-gnu/gconv/RK1048.so", "/usr/lib/x86_64-linux-gnu/gconv/SAMI-WS2.so", "/usr/lib/x86_64-linux-gnu/gconv/SHIFT_JISX0213.so", "/usr/lib/x86_64-linux-gnu/gconv/SJIS.so", "/usr/lib/x86_64-linux-gnu/gconv/T.61.so", "/usr/lib/x86_64-linux-gnu/gconv/TCVN5712-1.so", "/usr/lib/x86_64-linux-gnu/gconv/TIS-620.so", "/usr/lib/x86_64-linux-gnu/gconv/TSCII.so", "/usr/lib/x86_64-linux-gnu/gconv/UHC.so", "/usr/lib/x86_64-linux-gnu/gconv/UNICODE.so", "/usr/lib/x86_64-linux-gnu/gconv/UTF-16.so", "/usr/lib/x86_64-linux-gnu/gconv/UTF-32.so", "/usr/lib/x86_64-linux-gnu/gconv/UTF-7.so", "/usr/lib/x86_64-linux-gnu/gconv/VISCII.so", "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules", "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache", "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.d/gconv-modules-extra.conf", "/usr/lib/x86_64-linux-gnu/gconv/libCNS.so", "/usr/lib/x86_64-linux-gnu/gconv/libGB.so", "/usr/lib/x86_64-linux-gnu/gconv/libISOIR165.so", "/usr/lib/x86_64-linux-gnu/gconv/libJIS.so", "/usr/lib/x86_64-linux-gnu/gconv/libJISX0213.so", "/usr/lib/x86_64-linux-gnu/gconv/libKSC.so", "/usr/share/doc/libc6/NEWS.Debian.gz", "/usr/share/doc/libc6/NEWS.gz", "/usr/share/doc/libc6/README.Debian.gz", "/usr/share/doc/libc6/README.hesiod.gz", "/usr/share/doc/libc6/changelog.Debian.gz", "/usr/share/doc/libc6/copyright", "/usr/share/lintian/overrides/libc6" ], "AnalyzedBy": "dpkg" }, { "ID": "libcap-ng0@0.8.3-1build2", "Name": "libcap-ng0", "Identifier": { "PURL": "pkg:deb/ubuntu/libcap-ng0@0.8.3-1build2?arch=amd64\u0026distro=ubuntu-23.10", "UID": "38441adb98520431" }, "Version": "0.8.3", "Release": "1build2", "Arch": "amd64", "SrcName": "libcap-ng", "SrcVersion": "0.8.3", "SrcRelease": "1build2", "Licenses": [ "LGPL-2.1-or-later", "GPL-2.0-or-later", "GPL-3.0-only", "LGPL-2.1-only", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libcap-ng.so.0.0.0", "/lib/x86_64-linux-gnu/libdrop_ambient.so.0.0.0", "/usr/share/doc/libcap-ng0/changelog.Debian.gz", "/usr/share/doc/libcap-ng0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libcap2@1:2.66-4ubuntu1", "Name": "libcap2", "Identifier": { "PURL": "pkg:deb/ubuntu/libcap2@2.66-4ubuntu1?arch=amd64\u0026distro=ubuntu-23.10\u0026epoch=1", "UID": "2ddc702741b5ad8c" }, "Version": "2.66", "Release": "4ubuntu1", "Epoch": 1, "Arch": "amd64", "SrcName": "libcap2", "SrcVersion": "2.66", "SrcRelease": "4ubuntu1", "SrcEpoch": 1, "Licenses": [ "BSD-3-Clause", "GPL-2.0-only", "GPL-2.0-or-later" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libcap.so.2.66", "/lib/x86_64-linux-gnu/libpsx.so.2.66", "/usr/share/doc/libcap2/changelog.Debian.gz", "/usr/share/doc/libcap2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libcom-err2@1.47.0-2ubuntu1", "Name": "libcom-err2", "Identifier": { "PURL": "pkg:deb/ubuntu/libcom-err2@1.47.0-2ubuntu1?arch=amd64\u0026distro=ubuntu-23.10", "UID": "38b3b3db8bb42252" }, "Version": "1.47.0", "Release": "2ubuntu1", "Arch": "amd64", "SrcName": "e2fsprogs", "SrcVersion": "1.47.0", "SrcRelease": "2ubuntu1", "Licenses": [ "GPL-2.0-only", "LGPL-2.0-only", "BSD-3-Clause", "Apache-2.0", "ISC", "GPL-2.0-or-later", "MIT-US-export", "Kazlib", "Latex2e", "GPL-2+ with Texinfo exception" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libcom_err.so.2.1", "/usr/share/doc/libcom-err2/changelog.Debian.gz", "/usr/share/doc/libcom-err2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libcrypt1@1:4.4.36-2", "Name": "libcrypt1", "Identifier": { "PURL": "pkg:deb/ubuntu/libcrypt1@4.4.36-2?arch=amd64\u0026distro=ubuntu-23.10\u0026epoch=1", "UID": "90f9fcc2e677477d" }, "Version": "4.4.36", "Release": "2", "Epoch": 1, "Arch": "amd64", "SrcName": "libxcrypt", "SrcVersion": "4.4.36", "SrcRelease": "2", "SrcEpoch": 1, "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libcrypt.so.1.1.0", "/usr/share/doc/libcrypt1/changelog.Debian.gz", "/usr/share/doc/libcrypt1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libdb5.3@5.3.28+dfsg2-2", "Name": "libdb5.3", "Identifier": { "PURL": "pkg:deb/ubuntu/libdb5.3@5.3.28%2Bdfsg2-2?arch=amd64\u0026distro=ubuntu-23.10", "UID": "aa8a7594bb2b2ac9" }, "Version": "5.3.28+dfsg2", "Release": "2", "Arch": "amd64", "SrcName": "db5.3", "SrcVersion": "5.3.28+dfsg2", "SrcRelease": "2", "Licenses": [ "Sleepycat", "BSD-3-Clause", "MS-PL", "GPL-2.0-or-later", "Artistic-2.0", "X11", "MIT-old", "TCL-like", "BSD-3-clause-fjord", "GPL-3.0-only", "Zlib" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libdb-5.3.so", "/usr/share/doc/libdb5.3/build_signature_amd64.txt", "/usr/share/doc/libdb5.3/changelog.Debian.gz", "/usr/share/doc/libdb5.3/copyright", "/usr/share/lintian/overrides/libdb5.3" ], "AnalyzedBy": "dpkg" }, { "ID": "libdbi-perl@1.643-4", "Name": "libdbi-perl", "Identifier": { "PURL": "pkg:deb/ubuntu/libdbi-perl@1.643-4?arch=amd64\u0026distro=ubuntu-23.10", "UID": "6dab2081ef40695f" }, "Version": "1.643", "Release": "4", "Arch": "amd64", "SrcName": "libdbi-perl", "SrcVersion": "1.643", "SrcRelease": "4", "Licenses": [ "Artistic-2.0", "GPL-1.0-or-later", "GPL-1.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3", "perl@5.36.0-9ubuntu1.1" ], "Layer": { "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" }, "InstalledFiles": [ "/usr/bin/dbilogstrip", "/usr/bin/dbiprof", "/usr/bin/dbiproxy", "/usr/bin/dh_perl_dbi", "/usr/lib/x86_64-linux-gnu/perl5/5.36/Bundle/DBI.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBD/DBM.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBD/ExampleP.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBD/File.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBD/File/Developers.pod", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBD/File/HowTo.pod", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBD/File/Roadmap.pod", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBD/Gofer.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBD/Gofer/Policy/Base.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBD/Gofer/Policy/classic.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBD/Gofer/Policy/pedantic.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBD/Gofer/Policy/rush.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBD/Gofer/Transport/Base.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBD/Gofer/Transport/corostream.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBD/Gofer/Transport/null.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBD/Gofer/Transport/pipeone.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBD/Gofer/Transport/stream.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBD/Mem.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBD/NullP.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBD/Proxy.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBD/Sponge.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/Changes.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/Const/GetInfo/ANSI.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/Const/GetInfo/ODBC.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/Const/GetInfoReturn.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/Const/GetInfoType.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/DBD.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/DBD/Metadata.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/DBD/SqlEngine.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/DBD/SqlEngine/Developers.pod", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/DBD/SqlEngine/HowTo.pod", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/Gofer/Execute.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/Gofer/Request.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/Gofer/Response.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/Gofer/Serializer/Base.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/Gofer/Serializer/DataDumper.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/Gofer/Serializer/Storable.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/Gofer/Transport/Base.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/Gofer/Transport/pipeone.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/Gofer/Transport/stream.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/Profile.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/ProfileData.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/ProfileDumper.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/ProfileDumper/Apache.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/ProfileSubs.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/ProxyServer.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/PurePerl.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/SQL/Nano.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/Util/CacheMemory.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/Util/_accessor.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.36/DBI/W32ODBC.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.36/Win32/DBIODBC.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.36/auto/DBI/DBI.so", "/usr/lib/x86_64-linux-gnu/perl5/5.36/auto/DBI/DBIXS.h", "/usr/lib/x86_64-linux-gnu/perl5/5.36/auto/DBI/Driver.xst", "/usr/lib/x86_64-linux-gnu/perl5/5.36/auto/DBI/Driver_xst.h", "/usr/lib/x86_64-linux-gnu/perl5/5.36/auto/DBI/dbd_xsh.h", "/usr/lib/x86_64-linux-gnu/perl5/5.36/auto/DBI/dbi_sql.h", "/usr/lib/x86_64-linux-gnu/perl5/5.36/auto/DBI/dbipport.h", "/usr/lib/x86_64-linux-gnu/perl5/5.36/auto/DBI/dbivport.h", "/usr/lib/x86_64-linux-gnu/perl5/5.36/auto/DBI/dbixs_rev.h", "/usr/lib/x86_64-linux-gnu/perl5/5.36/dbixs_rev.pl", "/usr/share/doc/libdbi-perl/NEWS.Developer.gz", "/usr/share/doc/libdbi-perl/README.Debian", "/usr/share/doc/libdbi-perl/changelog.Debian.gz", "/usr/share/doc/libdbi-perl/copyright", "/usr/share/doc/libdbi-perl/examples/corogofer.pl", "/usr/share/doc/libdbi-perl/examples/perl_dbi_nulls_test.pl", "/usr/share/doc/libdbi-perl/examples/profile.pl", "/usr/share/doc/libdbi-perl/examples/test.pl", "/usr/share/libdbi-perl/perl-dbdabi.make", "/usr/share/man/man1/dbilogstrip.1p.gz", "/usr/share/man/man1/dbiprof.1p.gz", "/usr/share/man/man1/dbiproxy.1p.gz", "/usr/share/man/man1/dh_perl_dbi.1.gz", "/usr/share/man/man3/Bundle::DBI.3pm.gz", "/usr/share/man/man3/DBD::DBM.3pm.gz", "/usr/share/man/man3/DBD::File.3pm.gz", "/usr/share/man/man3/DBD::File::Developers.3pm.gz", "/usr/share/man/man3/DBD::File::HowTo.3pm.gz", "/usr/share/man/man3/DBD::File::Roadmap.3pm.gz", "/usr/share/man/man3/DBD::Gofer.3pm.gz", "/usr/share/man/man3/DBD::Gofer::Policy::Base.3pm.gz", "/usr/share/man/man3/DBD::Gofer::Policy::classic.3pm.gz", "/usr/share/man/man3/DBD::Gofer::Policy::pedantic.3pm.gz", "/usr/share/man/man3/DBD::Gofer::Policy::rush.3pm.gz", "/usr/share/man/man3/DBD::Gofer::Transport::Base.3pm.gz", "/usr/share/man/man3/DBD::Gofer::Transport::corostream.3pm.gz", "/usr/share/man/man3/DBD::Gofer::Transport::null.3pm.gz", "/usr/share/man/man3/DBD::Gofer::Transport::pipeone.3pm.gz", "/usr/share/man/man3/DBD::Gofer::Transport::stream.3pm.gz", "/usr/share/man/man3/DBD::Mem.3pm.gz", "/usr/share/man/man3/DBD::Proxy.3pm.gz", "/usr/share/man/man3/DBD::Sponge.3pm.gz", "/usr/share/man/man3/DBI.3pm.gz", "/usr/share/man/man3/DBI::Const::GetInfo::ANSI.3pm.gz", "/usr/share/man/man3/DBI::Const::GetInfo::ODBC.3pm.gz", "/usr/share/man/man3/DBI::Const::GetInfoReturn.3pm.gz", "/usr/share/man/man3/DBI::Const::GetInfoType.3pm.gz", "/usr/share/man/man3/DBI::DBD.3pm.gz", "/usr/share/man/man3/DBI::DBD::Metadata.3pm.gz", "/usr/share/man/man3/DBI::DBD::SqlEngine.3pm.gz", "/usr/share/man/man3/DBI::DBD::SqlEngine::Developers.3pm.gz", "/usr/share/man/man3/DBI::DBD::SqlEngine::HowTo.3pm.gz", "/usr/share/man/man3/DBI::Gofer::Execute.3pm.gz", "/usr/share/man/man3/DBI::Gofer::Request.3pm.gz", "/usr/share/man/man3/DBI::Gofer::Response.3pm.gz", "/usr/share/man/man3/DBI::Gofer::Serializer::Base.3pm.gz", "/usr/share/man/man3/DBI::Gofer::Serializer::DataDumper.3pm.gz", "/usr/share/man/man3/DBI::Gofer::Serializer::Storable.3pm.gz", "/usr/share/man/man3/DBI::Gofer::Transport::Base.3pm.gz", "/usr/share/man/man3/DBI::Gofer::Transport::pipeone.3pm.gz", "/usr/share/man/man3/DBI::Gofer::Transport::stream.3pm.gz", "/usr/share/man/man3/DBI::Profile.3pm.gz", "/usr/share/man/man3/DBI::ProfileData.3pm.gz", "/usr/share/man/man3/DBI::ProfileDumper.3pm.gz", "/usr/share/man/man3/DBI::ProfileDumper::Apache.3pm.gz", "/usr/share/man/man3/DBI::ProfileSubs.3pm.gz", "/usr/share/man/man3/DBI::ProxyServer.3pm.gz", "/usr/share/man/man3/DBI::PurePerl.3pm.gz", "/usr/share/man/man3/DBI::SQL::Nano.3pm.gz", "/usr/share/man/man3/DBI::Util::CacheMemory.3pm.gz", "/usr/share/man/man3/DBI::W32ODBC.3pm.gz", "/usr/share/man/man3/Win32::DBIODBC.3pm.gz", "/usr/share/perl5/Debian/Debhelper/Sequence/perl_dbi.pm" ], "AnalyzedBy": "dpkg" }, { "ID": "libdebconfclient0@0.270ubuntu1", "Name": "libdebconfclient0", "Identifier": { "PURL": "pkg:deb/ubuntu/libdebconfclient0@0.270ubuntu1?arch=amd64\u0026distro=ubuntu-23.10", "UID": "10e0b7cbdb8c3a8d" }, "Version": "0.270ubuntu1", "Arch": "amd64", "SrcName": "cdebconf", "SrcVersion": "0.270ubuntu1", "Licenses": [ "BSD-2-Clause", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libdebconfclient.so.0.0.0", "/usr/share/doc/libdebconfclient0/changelog.gz", "/usr/share/doc/libdebconfclient0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libecap3@1.0.1-3.4ubuntu1", "Name": "libecap3", "Identifier": { "PURL": "pkg:deb/ubuntu/libecap3@1.0.1-3.4ubuntu1?arch=amd64\u0026distro=ubuntu-23.10", "UID": "e269d5c95ff07622" }, "Version": "1.0.1", "Release": "3.4ubuntu1", "Arch": "amd64", "SrcName": "libecap", "SrcVersion": "1.0.1", "SrcRelease": "3.4ubuntu1", "Licenses": [ "BSD-2-Clause", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3", "libgcc-s1@13.2.0-4ubuntu3", "libstdc++6@13.2.0-4ubuntu3", "sgml-base@1.31" ], "Layer": { "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libecap.so.3.0.0", "/usr/share/doc/libecap3/CREDITS", "/usr/share/doc/libecap3/README", "/usr/share/doc/libecap3/changelog.Debian.gz", "/usr/share/doc/libecap3/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libext2fs2@1.47.0-2ubuntu1", "Name": "libext2fs2", "Identifier": { "PURL": "pkg:deb/ubuntu/libext2fs2@1.47.0-2ubuntu1?arch=amd64\u0026distro=ubuntu-23.10", "UID": "754e922383a27a6b" }, "Version": "1.47.0", "Release": "2ubuntu1", "Arch": "amd64", "SrcName": "e2fsprogs", "SrcVersion": "1.47.0", "SrcRelease": "2ubuntu1", "Licenses": [ "GPL-2.0-only", "LGPL-2.0-only", "BSD-3-Clause", "Apache-2.0", "ISC", "GPL-2.0-or-later", "MIT-US-export", "Kazlib", "Latex2e", "GPL-2+ with Texinfo exception" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libe2p.so.2.3", "/lib/x86_64-linux-gnu/libext2fs.so.2.4", "/usr/share/doc/libext2fs2/changelog.Debian.gz", "/usr/share/doc/libext2fs2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libffi8@3.4.4-1", "Name": "libffi8", "Identifier": { "PURL": "pkg:deb/ubuntu/libffi8@3.4.4-1?arch=amd64\u0026distro=ubuntu-23.10", "UID": "855ddd54f59a9822" }, "Version": "3.4.4", "Release": "1", "Arch": "amd64", "SrcName": "libffi", "SrcVersion": "3.4.4", "SrcRelease": "1", "Licenses": [ "MIT", "X11", "GPL-2.0-or-later", "GPL-3.0-or-later", "MPL-1.1", "LGPL-2.1-or-later", "public-domain" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libffi.so.8.1.2", "/usr/share/doc/libffi8/changelog.Debian.gz", "/usr/share/doc/libffi8/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libgcc-s1@13.2.0-4ubuntu3", "Name": "libgcc-s1", "Identifier": { "PURL": "pkg:deb/ubuntu/libgcc-s1@13.2.0-4ubuntu3?arch=amd64\u0026distro=ubuntu-23.10", "UID": "15efe2181684b94f" }, "Version": "13.2.0", "Release": "4ubuntu3", "Arch": "amd64", "SrcName": "gcc-13", "SrcVersion": "13.2.0", "SrcRelease": "4ubuntu3", "Maintainer": "Ubuntu Core developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "gcc-13-base@13.2.0-4ubuntu3", "libc6@2.38-1ubuntu6.3" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libgcc_s.so.1", "/usr/share/lintian/overrides/libgcc-s1" ], "AnalyzedBy": "dpkg" }, { "ID": "libgcrypt20@1.10.2-3ubuntu1", "Name": "libgcrypt20", "Identifier": { "PURL": "pkg:deb/ubuntu/libgcrypt20@1.10.2-3ubuntu1?arch=amd64\u0026distro=ubuntu-23.10", "UID": "bf4ebf91c92a96fd" }, "Version": "1.10.2", "Release": "3ubuntu1", "Arch": "amd64", "SrcName": "libgcrypt20", "SrcVersion": "1.10.2", "SrcRelease": "3ubuntu1", "Licenses": [ "LGPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3", "libgpg-error0@1.47-2" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libgcrypt.so.20.4.2", "/usr/share/doc/libgcrypt20/AUTHORS.gz", "/usr/share/doc/libgcrypt20/NEWS.gz", "/usr/share/doc/libgcrypt20/README.gz", "/usr/share/doc/libgcrypt20/THANKS.gz", "/usr/share/doc/libgcrypt20/changelog.Debian.gz", "/usr/share/doc/libgcrypt20/copyright", "/usr/share/libgcrypt20/clean-up-unmanaged-libraries" ], "AnalyzedBy": "dpkg" }, { "ID": "libgdbm-compat4@1.23-3", "Name": "libgdbm-compat4", "Identifier": { "PURL": "pkg:deb/ubuntu/libgdbm-compat4@1.23-3?arch=amd64\u0026distro=ubuntu-23.10", "UID": "f02a10184776514" }, "Version": "1.23", "Release": "3", "Arch": "amd64", "SrcName": "gdbm", "SrcVersion": "1.23", "SrcRelease": "3", "Licenses": [ "GPL-3.0-or-later", "GPL-2.0-or-later", "GFDL-1.3-no-invariants-or-later", "GPL-3.0-only", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3", "libgdbm6@1.23-3" ], "Layer": { "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libgdbm_compat.so.4.0.0", "/usr/share/doc/libgdbm-compat4/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libgdbm6@1.23-3", "Name": "libgdbm6", "Identifier": { "PURL": "pkg:deb/ubuntu/libgdbm6@1.23-3?arch=amd64\u0026distro=ubuntu-23.10", "UID": "26b389044a9a311f" }, "Version": "1.23", "Release": "3", "Arch": "amd64", "SrcName": "gdbm", "SrcVersion": "1.23", "SrcRelease": "3", "Licenses": [ "GPL-3.0-or-later", "GPL-2.0-or-later", "GFDL-1.3-no-invariants-or-later", "GPL-3.0-only", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3" ], "Layer": { "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libgdbm.so.6.0.0", "/usr/share/doc/libgdbm6/changelog.Debian.gz", "/usr/share/doc/libgdbm6/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libgmp10@2:6.3.0+dfsg-2ubuntu4", "Name": "libgmp10", "Identifier": { "PURL": "pkg:deb/ubuntu/libgmp10@6.3.0%2Bdfsg-2ubuntu4?arch=amd64\u0026distro=ubuntu-23.10\u0026epoch=2", "UID": "8aaf1a146f4d3256" }, "Version": "6.3.0+dfsg", "Release": "2ubuntu4", "Epoch": 2, "Arch": "amd64", "SrcName": "gmp", "SrcVersion": "6.3.0+dfsg", "SrcRelease": "2ubuntu4", "SrcEpoch": 2, "Licenses": [ "GPL-2.0-or-later", "LGPL-3.0-or-later", "GPL-3.0-or-later", "GPL-3+ with Bison exception", "GPL-2.0-only", "GPL-3.0-only", "LGPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libgmp.so.10.5.0", "/usr/share/doc/libgmp10/README.Debian", "/usr/share/doc/libgmp10/changelog.Debian.gz", "/usr/share/doc/libgmp10/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libgnutls30@3.8.1-4ubuntu1.3", "Name": "libgnutls30", "Identifier": { "PURL": "pkg:deb/ubuntu/libgnutls30@3.8.1-4ubuntu1.3?arch=amd64\u0026distro=ubuntu-23.10", "UID": "18f9ae706e86834d" }, "Version": "3.8.1", "Release": "4ubuntu1.3", "Arch": "amd64", "SrcName": "gnutls28", "SrcVersion": "3.8.1", "SrcRelease": "4ubuntu1.3", "Licenses": [ "LGPL-2.1-only", "LGPL-2.0-or-later", "LGPL-3.0-only", "GPL-2.0-or-later", "GPL-3.0-only", "GFDL-1.3-only", "CC0-1.0", "MIT", "Apache-2.0", "LGPL-3.0-or-later", "LGPL-2.1-or-later", "GPL-3.0-or-later", "BSD-3-Clause" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3", "libgmp10@2:6.3.0+dfsg-2ubuntu4", "libhogweed6@3.9.1-2", "libidn2-0@2.3.4-1", "libnettle8@3.9.1-2", "libp11-kit0@0.25.0-4ubuntu1", "libtasn1-6@4.19.0-3", "libunistring2@1.0-2" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libgnutls.so.30.36.0", "/usr/share/doc/libgnutls30/AUTHORS.gz", "/usr/share/doc/libgnutls30/NEWS.Debian.gz", "/usr/share/doc/libgnutls30/NEWS.gz", "/usr/share/doc/libgnutls30/README.md.gz", "/usr/share/doc/libgnutls30/THANKS.gz", "/usr/share/doc/libgnutls30/changelog.Debian.gz", "/usr/share/doc/libgnutls30/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libgpg-error0@1.47-2", "Name": "libgpg-error0", "Identifier": { "PURL": "pkg:deb/ubuntu/libgpg-error0@1.47-2?arch=amd64\u0026distro=ubuntu-23.10", "UID": "60a38e5e5f8b6de" }, "Version": "1.47", "Release": "2", "Arch": "amd64", "SrcName": "libgpg-error", "SrcVersion": "1.47", "SrcRelease": "2", "Licenses": [ "LGPL-2.1-or-later", "BSD-3-Clause", "g10-permissive", "GPL-3.0-or-later", "LGPL-2.1-only", "GPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libgpg-error.so.0.34.0", "/usr/share/doc/libgpg-error0/README.gz", "/usr/share/doc/libgpg-error0/changelog.Debian.gz", "/usr/share/doc/libgpg-error0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libgssapi-krb5-2@1.20.1-3ubuntu1", "Name": "libgssapi-krb5-2", "Identifier": { "PURL": "pkg:deb/ubuntu/libgssapi-krb5-2@1.20.1-3ubuntu1?arch=amd64\u0026distro=ubuntu-23.10", "UID": "6d077c72bd6b2980" }, "Version": "1.20.1", "Release": "3ubuntu1", "Arch": "amd64", "SrcName": "krb5", "SrcVersion": "1.20.1", "SrcRelease": "3ubuntu1", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3", "libcom-err2@1.47.0-2ubuntu1", "libk5crypto3@1.20.1-3ubuntu1", "libkrb5-3@1.20.1-3ubuntu1", "libkrb5support0@1.20.1-3ubuntu1" ], "Layer": { "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2.2", "/usr/share/doc/libgssapi-krb5-2/copyright", "/usr/share/lintian/overrides/libgssapi-krb5-2" ], "AnalyzedBy": "dpkg" }, { "ID": "libhogweed6@3.9.1-2", "Name": "libhogweed6", "Identifier": { "PURL": "pkg:deb/ubuntu/libhogweed6@3.9.1-2?arch=amd64\u0026distro=ubuntu-23.10", "UID": "b731c82f847dcc48" }, "Version": "3.9.1", "Release": "2", "Arch": "amd64", "SrcName": "nettle", "SrcVersion": "3.9.1", "SrcRelease": "2", "Licenses": [ "LGPL-3.0-or-later", "GPL-2.0-or-later", "LGPL-2.0-or-later", "LGPL-2.0-only", "MIT", "GPL-3.0-with-autoconf-exception+", "public-domain", "GPL-2.0-only", "GAP" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3", "libgmp10@2:6.3.0+dfsg-2ubuntu4", "libnettle8@3.9.1-2" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libhogweed.so.6.8", "/usr/share/doc/libhogweed6/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libidn2-0@2.3.4-1", "Name": "libidn2-0", "Identifier": { "PURL": "pkg:deb/ubuntu/libidn2-0@2.3.4-1?arch=amd64\u0026distro=ubuntu-23.10", "UID": "a4a3edee5024b351" }, "Version": "2.3.4", "Release": "1", "Arch": "amd64", "SrcName": "libidn2", "SrcVersion": "2.3.4", "SrcRelease": "1", "Licenses": [ "GPL-3.0-or-later", "LGPL-3.0-or-later", "GPL-2.0-or-later", "Unicode", "GPL-3.0-only", "GPL-2.0-only", "LGPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3", "libunistring2@1.0-2" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libidn2.so.0.3.8", "/usr/share/doc/libidn2-0/AUTHORS", "/usr/share/doc/libidn2-0/NEWS.gz", "/usr/share/doc/libidn2-0/README.md.gz", "/usr/share/doc/libidn2-0/changelog.Debian.gz", "/usr/share/doc/libidn2-0/copyright", "/usr/share/lintian/overrides/libidn2-0" ], "AnalyzedBy": "dpkg" }, { "ID": "libk5crypto3@1.20.1-3ubuntu1", "Name": "libk5crypto3", "Identifier": { "PURL": "pkg:deb/ubuntu/libk5crypto3@1.20.1-3ubuntu1?arch=amd64\u0026distro=ubuntu-23.10", "UID": "632a744983beba71" }, "Version": "1.20.1", "Release": "3ubuntu1", "Arch": "amd64", "SrcName": "krb5", "SrcVersion": "1.20.1", "SrcRelease": "3ubuntu1", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3", "libkrb5support0@1.20.1-3ubuntu1" ], "Layer": { "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libk5crypto.so.3.1", "/usr/share/doc/libk5crypto3/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libkeyutils1@1.6.3-2", "Name": "libkeyutils1", "Identifier": { "PURL": "pkg:deb/ubuntu/libkeyutils1@1.6.3-2?arch=amd64\u0026distro=ubuntu-23.10", "UID": "1c55ad9c31335ff5" }, "Version": "1.6.3", "Release": "2", "Arch": "amd64", "SrcName": "keyutils", "SrcVersion": "1.6.3", "SrcRelease": "2", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.0-or-later", "GPL-2.0-only", "LGPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3" ], "Layer": { "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libkeyutils.so.1.10", "/usr/share/doc/libkeyutils1/changelog.Debian.gz", "/usr/share/doc/libkeyutils1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libkrb5-3@1.20.1-3ubuntu1", "Name": "libkrb5-3", "Identifier": { "PURL": "pkg:deb/ubuntu/libkrb5-3@1.20.1-3ubuntu1?arch=amd64\u0026distro=ubuntu-23.10", "UID": "a4910ceaddec919d" }, "Version": "1.20.1", "Release": "3ubuntu1", "Arch": "amd64", "SrcName": "krb5", "SrcVersion": "1.20.1", "SrcRelease": "3ubuntu1", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3", "libcom-err2@1.47.0-2ubuntu1", "libk5crypto3@1.20.1-3ubuntu1", "libkeyutils1@1.6.3-2", "libkrb5support0@1.20.1-3ubuntu1", "libssl3@3.0.10-1ubuntu2.3" ], "Layer": { "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/krb5/plugins/preauth/spake.so", "/usr/lib/x86_64-linux-gnu/libkrb5.so.3.3", "/usr/share/doc/libkrb5-3/README.Debian", "/usr/share/doc/libkrb5-3/README.gz", "/usr/share/doc/libkrb5-3/copyright", "/usr/share/lintian/overrides/libkrb5-3" ], "AnalyzedBy": "dpkg" }, { "ID": "libkrb5support0@1.20.1-3ubuntu1", "Name": "libkrb5support0", "Identifier": { "PURL": "pkg:deb/ubuntu/libkrb5support0@1.20.1-3ubuntu1?arch=amd64\u0026distro=ubuntu-23.10", "UID": "85231a5169d735e0" }, "Version": "1.20.1", "Release": "3ubuntu1", "Arch": "amd64", "SrcName": "krb5", "SrcVersion": "1.20.1", "SrcRelease": "3ubuntu1", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3" ], "Layer": { "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libkrb5support.so.0.1", "/usr/share/doc/libkrb5support0/changelog.Debian.gz", "/usr/share/doc/libkrb5support0/copyright", "/usr/share/lintian/overrides/libkrb5support0" ], "AnalyzedBy": "dpkg" }, { "ID": "libldap2@2.6.6+dfsg-1~exp1ubuntu1", "Name": "libldap2", "Identifier": { "PURL": "pkg:deb/ubuntu/libldap2@2.6.6%2Bdfsg-1~exp1ubuntu1?arch=amd64\u0026distro=ubuntu-23.10", "UID": "c583ba6ba041bafd" }, "Version": "2.6.6+dfsg", "Release": "1~exp1ubuntu1", "Arch": "amd64", "SrcName": "openldap", "SrcVersion": "2.6.6+dfsg", "SrcRelease": "1~exp1ubuntu1", "Licenses": [ "OpenLDAP-2.8", "FSF-unlimited", "GPL-2.0-with-autoconf-exception+", "GPL-3.0-with-autoconf-exception+", "GPL-2+ with Libtool exception", "GPL-3+ with Libtool exception", "GPL-3.0-or-later", "GPL-2.0-or-later", "UMich", "F5", "JCG", "MIT-XC", "NeoSoft-permissive", "BSD-3-Clause", "Beerware", "public-domain", "BSD-4-clause-California", "BSD-3-clause-variant", "Expat-ISC", "Expat-UNM", "MIT", "BSD-3-clause-California", "GPL-2.0-only", "GPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3", "libgnutls30@3.8.1-4ubuntu1.3", "libsasl2-2@2.1.28+dfsg1-3" ], "Layer": { "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/liblber.so.2.0.200", "/usr/lib/x86_64-linux-gnu/libldap.so.2.0.200", "/usr/share/doc/libldap2/README.Debian", "/usr/share/doc/libldap2/changelog.Debian.gz", "/usr/share/doc/libldap2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libltdl7@2.4.7-7", "Name": "libltdl7", "Identifier": { "PURL": "pkg:deb/ubuntu/libltdl7@2.4.7-7?arch=amd64\u0026distro=ubuntu-23.10", "UID": "8788bfe81eb02163" }, "Version": "2.4.7", "Release": "7", "Arch": "amd64", "SrcName": "libtool", "SrcVersion": "2.4.7", "SrcRelease": "7", "Licenses": [ "GPL-2.0-or-later", "GFDL-1.3-no-invariants-or-later", "GPL-2.0-only", "GFDL-1.3-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3" ], "Layer": { "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libltdl.so.7.3.2", "/usr/share/doc/libltdl7/NEWS.gz", "/usr/share/doc/libltdl7/README", "/usr/share/doc/libltdl7/changelog.Debian.gz", "/usr/share/doc/libltdl7/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "liblz4-1@1.9.4-1", "Name": "liblz4-1", "Identifier": { "PURL": "pkg:deb/ubuntu/liblz4-1@1.9.4-1?arch=amd64\u0026distro=ubuntu-23.10", "UID": "766095b6ae1b68fd" }, "Version": "1.9.4", "Release": "1", "Arch": "amd64", "SrcName": "lz4", "SrcVersion": "1.9.4", "SrcRelease": "1", "Licenses": [ "BSD-2-Clause", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/liblz4.so.1.9.4", "/usr/share/doc/liblz4-1/changelog.Debian.gz", "/usr/share/doc/liblz4-1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "liblzma5@5.4.1-0.2", "Name": "liblzma5", "Identifier": { "PURL": "pkg:deb/ubuntu/liblzma5@5.4.1-0.2?arch=amd64\u0026distro=ubuntu-23.10", "UID": "2fc40a8e9352256c" }, "Version": "5.4.1", "Release": "0.2", "Arch": "amd64", "SrcName": "xz-utils", "SrcVersion": "5.4.1", "SrcRelease": "0.2", "Licenses": [ "PD", "probably-PD", "GPL-2.0-or-later", "LGPL-2.1-or-later", "permissive-fsf", "Autoconf", "permissive-nowarranty", "GPL-2.0-only", "none", "config-h", "LGPL-2.0-only", "LGPL-2.1-only", "noderivs", "PD-debian", "GPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/liblzma.so.5.4.1", "/usr/share/doc/liblzma5/AUTHORS", "/usr/share/doc/liblzma5/NEWS.gz", "/usr/share/doc/liblzma5/THANKS", "/usr/share/doc/liblzma5/changelog.Debian.gz", "/usr/share/doc/liblzma5/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libmd0@1.1.0-1", "Name": "libmd0", "Identifier": { "PURL": "pkg:deb/ubuntu/libmd0@1.1.0-1?arch=amd64\u0026distro=ubuntu-23.10", "UID": "dc433606c70a310d" }, "Version": "1.1.0", "Release": "1", "Arch": "amd64", "SrcName": "libmd", "SrcVersion": "1.1.0", "SrcRelease": "1", "Licenses": [ "BSD-3-Clause", "BSD-3-clause-Aaron-D-Gifford", "BSD-2-Clause", "BSD-2-Clause-NetBSD", "ISC", "Beerware", "public-domain-md4", "public-domain-md5", "public-domain-sha1" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libmd.so.0.1.0", "/usr/share/doc/libmd0/changelog.Debian.gz", "/usr/share/doc/libmd0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libmount1@2.39.1-4ubuntu2.2", "Name": "libmount1", "Identifier": { "PURL": "pkg:deb/ubuntu/libmount1@2.39.1-4ubuntu2.2?arch=amd64\u0026distro=ubuntu-23.10", "UID": "4c8002821ce1b3ab" }, "Version": "2.39.1", "Release": "4ubuntu2.2", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.39.1", "SrcRelease": "4ubuntu2.2", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "public-domain", "BSD-4-Clause", "MIT", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "LGPL-2.1-or-later", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libblkid1@2.39.1-4ubuntu2.2", "libc6@2.38-1ubuntu6.3", "libselinux1@3.5-1" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libmount.so.1.1.0", "/usr/share/doc/libmount1/copyright", "/usr/share/lintian/overrides/libmount1" ], "AnalyzedBy": "dpkg" }, { "ID": "libncursesw6@6.4+20230625-2", "Name": "libncursesw6", "Identifier": { "PURL": "pkg:deb/ubuntu/libncursesw6@6.4%2B20230625-2?arch=amd64\u0026distro=ubuntu-23.10", "UID": "f86415d3af725f9c" }, "Version": "6.4+20230625", "Release": "2", "Arch": "amd64", "SrcName": "ncurses", "SrcVersion": "6.4+20230625", "SrcRelease": "2", "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3", "libtinfo6@6.4+20230625-2" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libncursesw.so.6.4", "/usr/lib/x86_64-linux-gnu/libformw.so.6.4", "/usr/lib/x86_64-linux-gnu/libmenuw.so.6.4", "/usr/lib/x86_64-linux-gnu/libpanelw.so.6.4" ], "AnalyzedBy": "dpkg" }, { "ID": "libnettle8@3.9.1-2", "Name": "libnettle8", "Identifier": { "PURL": "pkg:deb/ubuntu/libnettle8@3.9.1-2?arch=amd64\u0026distro=ubuntu-23.10", "UID": "75353efb7c11e4c" }, "Version": "3.9.1", "Release": "2", "Arch": "amd64", "SrcName": "nettle", "SrcVersion": "3.9.1", "SrcRelease": "2", "Licenses": [ "LGPL-3.0-or-later", "GPL-2.0-or-later", "LGPL-2.0-or-later", "LGPL-2.0-only", "MIT", "GPL-3.0-with-autoconf-exception+", "public-domain", "GPL-2.0-only", "GAP" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libnettle.so.8.8", "/usr/share/doc/libnettle8/NEWS.gz", "/usr/share/doc/libnettle8/README", "/usr/share/doc/libnettle8/changelog.Debian.gz", "/usr/share/doc/libnettle8/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libp11-kit0@0.25.0-4ubuntu1", "Name": "libp11-kit0", "Identifier": { "PURL": "pkg:deb/ubuntu/libp11-kit0@0.25.0-4ubuntu1?arch=amd64\u0026distro=ubuntu-23.10", "UID": "3d6a3fef204d7417" }, "Version": "0.25.0", "Release": "4ubuntu1", "Arch": "amd64", "SrcName": "p11-kit", "SrcVersion": "0.25.0", "SrcRelease": "4ubuntu1", "Licenses": [ "BSD-3-Clause", "permissive-like-automake-output", "ISC", "ISC+IBM", "LGPL-2.1-or-later", "Apache-2.0", "same-as-rest-of-p11kit", "LGPL-2.1-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3", "libffi8@3.4.4-1" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libp11-kit.so.0.3.0", "/usr/share/doc/libp11-kit0/changelog.Debian.gz", "/usr/share/doc/libp11-kit0/copyright", "/usr/share/doc/libp11-kit0/examples/pkcs11.conf.example" ], "AnalyzedBy": "dpkg" }, { "ID": "libpam-modules@1.5.2-6ubuntu1.1", "Name": "libpam-modules", "Identifier": { "PURL": "pkg:deb/ubuntu/libpam-modules@1.5.2-6ubuntu1.1?arch=amd64\u0026distro=ubuntu-23.10", "UID": "60e8a8420a420fd3" }, "Version": "1.5.2", "Release": "6ubuntu1.1", "Arch": "amd64", "SrcName": "pam", "SrcVersion": "1.5.2", "SrcRelease": "6ubuntu1.1", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-only", "GPL-3+ with Bison exception", "BSD-tcp_wrappers", "LGPL-2.0-or-later", "LGPL-2.0-only", "public-domain", "Beerware" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/security/pam_access.so", "/lib/x86_64-linux-gnu/security/pam_debug.so", "/lib/x86_64-linux-gnu/security/pam_deny.so", "/lib/x86_64-linux-gnu/security/pam_echo.so", "/lib/x86_64-linux-gnu/security/pam_env.so", "/lib/x86_64-linux-gnu/security/pam_exec.so", "/lib/x86_64-linux-gnu/security/pam_extrausers.so", "/lib/x86_64-linux-gnu/security/pam_faildelay.so", "/lib/x86_64-linux-gnu/security/pam_faillock.so", "/lib/x86_64-linux-gnu/security/pam_filter.so", "/lib/x86_64-linux-gnu/security/pam_ftp.so", "/lib/x86_64-linux-gnu/security/pam_group.so", "/lib/x86_64-linux-gnu/security/pam_issue.so", "/lib/x86_64-linux-gnu/security/pam_keyinit.so", "/lib/x86_64-linux-gnu/security/pam_lastlog.so", "/lib/x86_64-linux-gnu/security/pam_limits.so", "/lib/x86_64-linux-gnu/security/pam_listfile.so", "/lib/x86_64-linux-gnu/security/pam_localuser.so", "/lib/x86_64-linux-gnu/security/pam_loginuid.so", "/lib/x86_64-linux-gnu/security/pam_mail.so", "/lib/x86_64-linux-gnu/security/pam_mkhomedir.so", "/lib/x86_64-linux-gnu/security/pam_motd.so", "/lib/x86_64-linux-gnu/security/pam_namespace.so", "/lib/x86_64-linux-gnu/security/pam_nologin.so", "/lib/x86_64-linux-gnu/security/pam_permit.so", "/lib/x86_64-linux-gnu/security/pam_pwhistory.so", "/lib/x86_64-linux-gnu/security/pam_rhosts.so", "/lib/x86_64-linux-gnu/security/pam_rootok.so", "/lib/x86_64-linux-gnu/security/pam_securetty.so", "/lib/x86_64-linux-gnu/security/pam_selinux.so", "/lib/x86_64-linux-gnu/security/pam_sepermit.so", "/lib/x86_64-linux-gnu/security/pam_setquota.so", "/lib/x86_64-linux-gnu/security/pam_shells.so", "/lib/x86_64-linux-gnu/security/pam_stress.so", "/lib/x86_64-linux-gnu/security/pam_succeed_if.so", "/lib/x86_64-linux-gnu/security/pam_time.so", "/lib/x86_64-linux-gnu/security/pam_timestamp.so", "/lib/x86_64-linux-gnu/security/pam_tty_audit.so", "/lib/x86_64-linux-gnu/security/pam_umask.so", "/lib/x86_64-linux-gnu/security/pam_unix.so", "/lib/x86_64-linux-gnu/security/pam_userdb.so", "/lib/x86_64-linux-gnu/security/pam_usertype.so", "/lib/x86_64-linux-gnu/security/pam_warn.so", "/lib/x86_64-linux-gnu/security/pam_wheel.so", "/lib/x86_64-linux-gnu/security/pam_xauth.so", "/usr/share/doc/libpam-modules/copyright", "/usr/share/doc/libpam-modules/examples/upperLOWER.c", "/usr/share/lintian/overrides/libpam-modules", "/usr/share/man/man5/access.conf.5.gz", "/usr/share/man/man5/faillock.conf.5.gz", "/usr/share/man/man5/group.conf.5.gz", "/usr/share/man/man5/limits.conf.5.gz", "/usr/share/man/man5/namespace.conf.5.gz", "/usr/share/man/man5/pam_env.conf.5.gz", "/usr/share/man/man5/sepermit.conf.5.gz", "/usr/share/man/man5/time.conf.5.gz", "/usr/share/man/man5/update-motd.5.gz", "/usr/share/man/man7/pam_env.7.gz", "/usr/share/man/man7/pam_selinux.7.gz", "/usr/share/man/man8/pam_access.8.gz", "/usr/share/man/man8/pam_debug.8.gz", "/usr/share/man/man8/pam_deny.8.gz", "/usr/share/man/man8/pam_echo.8.gz", "/usr/share/man/man8/pam_exec.8.gz", "/usr/share/man/man8/pam_extrausers.8.gz", "/usr/share/man/man8/pam_faildelay.8.gz", "/usr/share/man/man8/pam_faillock.8.gz", "/usr/share/man/man8/pam_filter.8.gz", "/usr/share/man/man8/pam_ftp.8.gz", "/usr/share/man/man8/pam_group.8.gz", "/usr/share/man/man8/pam_issue.8.gz", "/usr/share/man/man8/pam_keyinit.8.gz", "/usr/share/man/man8/pam_lastlog.8.gz", "/usr/share/man/man8/pam_limits.8.gz", "/usr/share/man/man8/pam_listfile.8.gz", "/usr/share/man/man8/pam_localuser.8.gz", "/usr/share/man/man8/pam_loginuid.8.gz", "/usr/share/man/man8/pam_mail.8.gz", "/usr/share/man/man8/pam_mkhomedir.8.gz", "/usr/share/man/man8/pam_motd.8.gz", "/usr/share/man/man8/pam_namespace.8.gz", "/usr/share/man/man8/pam_nologin.8.gz", "/usr/share/man/man8/pam_permit.8.gz", "/usr/share/man/man8/pam_pwhistory.8.gz", "/usr/share/man/man8/pam_rhosts.8.gz", "/usr/share/man/man8/pam_rootok.8.gz", "/usr/share/man/man8/pam_securetty.8.gz", "/usr/share/man/man8/pam_sepermit.8.gz", "/usr/share/man/man8/pam_setquota.8.gz", "/usr/share/man/man8/pam_shells.8.gz", "/usr/share/man/man8/pam_stress.8.gz", "/usr/share/man/man8/pam_succeed_if.8.gz", "/usr/share/man/man8/pam_time.8.gz", "/usr/share/man/man8/pam_timestamp.8.gz", "/usr/share/man/man8/pam_tty_audit.8.gz", "/usr/share/man/man8/pam_umask.8.gz", "/usr/share/man/man8/pam_unix.8.gz", "/usr/share/man/man8/pam_userdb.8.gz", "/usr/share/man/man8/pam_usertype.8.gz", "/usr/share/man/man8/pam_warn.8.gz", "/usr/share/man/man8/pam_wheel.8.gz", "/usr/share/man/man8/pam_xauth.8.gz", "/usr/share/pam-configs/mkhomedir" ], "AnalyzedBy": "dpkg" }, { "ID": "libpam-modules-bin@1.5.2-6ubuntu1.1", "Name": "libpam-modules-bin", "Identifier": { "PURL": "pkg:deb/ubuntu/libpam-modules-bin@1.5.2-6ubuntu1.1?arch=amd64\u0026distro=ubuntu-23.10", "UID": "4b7d58c0ab3934e6" }, "Version": "1.5.2", "Release": "6ubuntu1.1", "Arch": "amd64", "SrcName": "pam", "SrcVersion": "1.5.2", "SrcRelease": "6ubuntu1.1", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-only", "GPL-3+ with Bison exception", "BSD-tcp_wrappers", "LGPL-2.0-or-later", "LGPL-2.0-only", "public-domain", "Beerware" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libaudit1@1:3.1.1-1", "libc6@2.38-1ubuntu6.3", "libcrypt1@1:4.4.36-2", "libpam0g@1.5.2-6ubuntu1.1", "libselinux1@3.5-1" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/sbin/mkhomedir_helper", "/sbin/pam_extrausers_chkpwd", "/sbin/pam_extrausers_update", "/sbin/pam_namespace_helper", "/sbin/pwhistory_helper", "/sbin/unix_chkpwd", "/sbin/unix_update", "/usr/lib/systemd/system/pam_namespace.service", "/usr/sbin/faillock", "/usr/sbin/pam_timestamp_check", "/usr/share/doc/libpam-modules-bin/copyright", "/usr/share/lintian/overrides/libpam-modules-bin", "/usr/share/man/man5/environment.5.gz", "/usr/share/man/man8/faillock.8.gz", "/usr/share/man/man8/mkhomedir_helper.8.gz", "/usr/share/man/man8/pam_namespace_helper.8.gz", "/usr/share/man/man8/pam_timestamp_check.8.gz", "/usr/share/man/man8/pwhistory_helper.8.gz", "/usr/share/man/man8/unix_chkpwd.8.gz", "/usr/share/man/man8/unix_update.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "libpam-runtime@1.5.2-6ubuntu1.1", "Name": "libpam-runtime", "Identifier": { "PURL": "pkg:deb/ubuntu/libpam-runtime@1.5.2-6ubuntu1.1?arch=all\u0026distro=ubuntu-23.10", "UID": "b18a41e489975d6b" }, "Version": "1.5.2", "Release": "6ubuntu1.1", "Arch": "all", "SrcName": "pam", "SrcVersion": "1.5.2", "SrcRelease": "6ubuntu1.1", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-only", "GPL-3+ with Bison exception", "BSD-tcp_wrappers", "LGPL-2.0-or-later", "LGPL-2.0-only", "public-domain", "Beerware" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debconf@1.5.82", "libpam-modules@1.5.2-6ubuntu1.1" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/usr/sbin/pam-auth-update", "/usr/sbin/pam_getenv", "/usr/share/doc/libpam-runtime/copyright", "/usr/share/lintian/overrides/libpam-runtime", "/usr/share/man/man5/pam.conf.5.gz", "/usr/share/man/man7/PAM.7.gz", "/usr/share/man/man8/pam-auth-update.8.gz", "/usr/share/man/man8/pam_getenv.8.gz", "/usr/share/pam-configs/unix", "/usr/share/pam/common-account", "/usr/share/pam/common-account.md5sums", "/usr/share/pam/common-auth", "/usr/share/pam/common-auth.md5sums", "/usr/share/pam/common-password", "/usr/share/pam/common-password.md5sums", "/usr/share/pam/common-session", "/usr/share/pam/common-session-noninteractive", "/usr/share/pam/common-session-noninteractive.md5sums", "/usr/share/pam/common-session.md5sums" ], "AnalyzedBy": "dpkg" }, { "ID": "libpam0g@1.5.2-6ubuntu1.1", "Name": "libpam0g", "Identifier": { "PURL": "pkg:deb/ubuntu/libpam0g@1.5.2-6ubuntu1.1?arch=amd64\u0026distro=ubuntu-23.10", "UID": "b240bd30f04779f5" }, "Version": "1.5.2", "Release": "6ubuntu1.1", "Arch": "amd64", "SrcName": "pam", "SrcVersion": "1.5.2", "SrcRelease": "6ubuntu1.1", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-only", "GPL-3+ with Bison exception", "BSD-tcp_wrappers", "LGPL-2.0-or-later", "LGPL-2.0-only", "public-domain", "Beerware" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debconf@1.5.82", "libaudit1@1:3.1.1-1", "libc6@2.38-1ubuntu6.3" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libpam.so.0.85.1", "/lib/x86_64-linux-gnu/libpam_misc.so.0.82.1", "/lib/x86_64-linux-gnu/libpamc.so.0.82.1", "/usr/share/doc/libpam0g/Debian-PAM-MiniPolicy.gz", "/usr/share/doc/libpam0g/NEWS.Debian.gz", "/usr/share/doc/libpam0g/README", "/usr/share/doc/libpam0g/README.Debian", "/usr/share/doc/libpam0g/TODO.Debian", "/usr/share/doc/libpam0g/changelog.Debian.gz", "/usr/share/doc/libpam0g/copyright", "/usr/share/lintian/overrides/libpam0g" ], "AnalyzedBy": "dpkg" }, { "ID": "libpcre2-8-0@10.42-4", "Name": "libpcre2-8-0", "Identifier": { "PURL": "pkg:deb/ubuntu/libpcre2-8-0@10.42-4?arch=amd64\u0026distro=ubuntu-23.10", "UID": "15c3261727579ccf" }, "Version": "10.42", "Release": "4", "Arch": "amd64", "SrcName": "pcre2", "SrcVersion": "10.42", "SrcRelease": "4", "Licenses": [ "BSD-3-clause-Cambridge with BINARY LIBRARY-LIKE PACKAGES exception", "BSD-3-Clause", "X11", "BSD-2-Clause", "public-domain" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libpcre2-8.so.0.11.2", "/usr/share/doc/libpcre2-8-0/README.Debian", "/usr/share/doc/libpcre2-8-0/changelog.Debian.gz", "/usr/share/doc/libpcre2-8-0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libperl5.36@5.36.0-9ubuntu1.1", "Name": "libperl5.36", "Identifier": { "PURL": "pkg:deb/ubuntu/libperl5.36@5.36.0-9ubuntu1.1?arch=amd64\u0026distro=ubuntu-23.10", "UID": "9e906117082a8005" }, "Version": "5.36.0", "Release": "9ubuntu1.1", "Arch": "amd64", "SrcName": "perl", "SrcVersion": "5.36.0", "SrcRelease": "9ubuntu1.1", "Licenses": [ "GPL-1.0-or-later", "Artistic-2.0", "MIT", "REGCOMP", "GPL-2.0-with-bison-exception+", "Unicode", "BZIP", "Zlib", "GPL-2.0-or-later", "RRA-KEEP-THIS-NOTICE", "BSD-3-clause-with-weird-numbering", "CC0-1.0", "TEXT-TABS", "BSD-4-clause-POWERDOG", "BSD-3-clause-GENERIC", "BSD-3-Clause", "SDBM-PUBLIC-DOMAIN", "DONT-CHANGE-THE-GPL", "Artistic-dist", "LGPL-2.1-only", "GPL-1.0-only", "GPL-2.0-only", "Artistic-2", "HSIEH-DERIVATIVE", "HSIEH-BSD" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libbz2-1.0@1.0.8-5build1", "libc6@2.38-1ubuntu6.3", "libcrypt1@1:4.4.36-2", "libdb5.3@5.3.28+dfsg2-2", "libgdbm-compat4@1.23-3", "libgdbm6@1.23-3", "perl-modules-5.36@5.36.0-9ubuntu1.1", "zlib1g@1:1.2.13.dfsg-1ubuntu5" ], "Layer": { "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" }, "InstalledFiles": [ "/usr/bin/cpan5.36-x86_64-linux-gnu", "/usr/bin/perl5.36-x86_64-linux-gnu", "/usr/lib/x86_64-linux-gnu/libperl.so.5.36.0", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/B.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/B/Concise.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/B/Showlex.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/B/Terse.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/B/Xref.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/EXTERN.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/INTERN.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/XSUB.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/av.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/bitcount.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/charclass_invlists.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/config.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/cop.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/cv.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/dosish.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/ebcdic_tables.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/embed.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/embedvar.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/fakesdio.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/feature.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/form.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/git_version.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/gv.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/handy.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/hv.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/hv_func.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/hv_macro.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/inline.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/intrpvar.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/invlist_inline.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/iperlsys.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/keywords.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/l1_char_class_tab.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/malloc_ctl.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/metaconfig.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/mg.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/mg_data.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/mg_raw.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/mg_vtable.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/mydtrace.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/nostdio.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/op.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/op_reg_common.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/opcode.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/opnames.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/overload.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/pad.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/parser.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/patchlevel-debian.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/patchlevel.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/perl.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/perl_inc_macro.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/perl_langinfo.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/perl_siphash.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/perlapi.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/perlio.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/perliol.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/perlsdio.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/perlvars.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/perly.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/pp.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/pp_proto.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/proto.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/reentr.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/regcharclass.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/regcomp.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/regexp.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/regnodes.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/sbox32_hash.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/scope.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/sv.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/sv_inline.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/thread.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/time64.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/time64_config.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/uconfig.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/uni_keywords.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/unicode_constants.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/unixish.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/utf8.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/utfebcdic.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/util.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/uudmap.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/vutil.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/warnings.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/CORE/zaphod32_hash.h", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Compress/Raw/Bzip2.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Compress/Raw/Zlib.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Config.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Config.pod", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Config_git.pl", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Config_heavy.pl", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Cwd.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/DB_File.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Data/Dumper.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Devel/PPPort.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Devel/Peek.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Digest/MD5.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Digest/SHA.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/DynaLoader.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Encode.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Encode/Alias.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Encode/Byte.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Encode/CJKConstants.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Encode/CN.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Encode/CN/HZ.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Encode/Config.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Encode/EBCDIC.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Encode/Encoder.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Encode/Encoding.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Encode/GSM0338.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Encode/Guess.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Encode/JP.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Encode/JP/H2Z.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Encode/JP/JIS7.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Encode/KR.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Encode/KR/2022_KR.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Encode/MIME/Header.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Encode/MIME/Header/ISO_2022_JP.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Encode/MIME/Name.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Encode/Symbol.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Encode/TW.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Encode/Unicode.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Encode/Unicode/UTF7.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Errno.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Fcntl.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/File/DosGlob.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/File/Glob.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/File/Spec.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/File/Spec/AmigaOS.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/File/Spec/Cygwin.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/File/Spec/Epoc.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/File/Spec/Functions.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/File/Spec/Mac.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/File/Spec/OS2.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/File/Spec/Unix.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/File/Spec/VMS.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/File/Spec/Win32.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Filter/Util/Call.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/GDBM_File.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Hash/Util.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Hash/Util/FieldHash.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/I18N/Langinfo.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/IO.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/IO/Dir.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/IO/File.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/IO/Handle.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/IO/Pipe.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/IO/Poll.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/IO/Seekable.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/IO/Select.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/IO/Socket.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/IO/Socket/INET.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/IO/Socket/UNIX.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/IPC/Msg.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/IPC/Semaphore.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/IPC/SharedMem.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/IPC/SysV.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/List/Util.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/List/Util/XS.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/MIME/Base64.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/MIME/QuotedPrint.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Math/BigInt/FastCalc.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/NDBM_File.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/O.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/ODBM_File.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Opcode.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/POSIX.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/POSIX.pod", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/PerlIO/encoding.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/PerlIO/mmap.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/PerlIO/scalar.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/PerlIO/via.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/SDBM_File.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Scalar/Util.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Socket.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Storable.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Sub/Util.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Sys/Hostname.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Sys/Syslog.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Time/HiRes.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Time/Piece.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Time/Seconds.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Unicode/Collate.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Unicode/Collate/Locale.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/Unicode/Normalize.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/_h2ph_pre.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/asm-generic/bitsperlong.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/asm-generic/ioctl.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/asm-generic/ioctls.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/asm-generic/posix_types.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/asm-generic/socket.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/asm-generic/sockios.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/asm-generic/termbits-common.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/asm-generic/termbits.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/asm-generic/termios.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/asm/bitsperlong.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/asm/ioctl.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/asm/ioctls.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/asm/posix_types.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/asm/posix_types_32.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/asm/posix_types_64.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/asm/posix_types_x32.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/asm/socket.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/asm/sockios.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/asm/termbits.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/asm/termios.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/asm/unistd.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/asm/unistd_32.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/asm/unistd_64.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/asm/unistd_x32.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/attributes.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/B/B.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Compress/Raw/Bzip2/Bzip2.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Compress/Raw/Zlib/Zlib.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Cwd/Cwd.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/DB_File/DB_File.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Data/Dumper/Dumper.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Devel/Peek/Peek.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Digest/MD5/MD5.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Digest/SHA/SHA.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Encode/Byte/Byte.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Encode/CN/CN.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Encode/EBCDIC/EBCDIC.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Encode/Encode.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Encode/JP/JP.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Encode/KR/KR.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Encode/Symbol/Symbol.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Encode/TW/TW.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Encode/Unicode/Unicode.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Fcntl/Fcntl.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/File/DosGlob/DosGlob.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/File/Glob/Glob.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Filter/Util/Call/Call.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/GDBM_File/GDBM_File.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Hash/Util/FieldHash/FieldHash.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Hash/Util/Util.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/I18N/Langinfo/Langinfo.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/IO/IO.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/IPC/SysV/SysV.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/List/Util/Util.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/MIME/Base64/Base64.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Math/BigInt/FastCalc/FastCalc.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/NDBM_File/NDBM_File.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/ODBM_File/ODBM_File.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Opcode/Opcode.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/POSIX/POSIX.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/PerlIO/encoding/encoding.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/PerlIO/mmap/mmap.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/PerlIO/scalar/scalar.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/PerlIO/via/via.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/SDBM_File/SDBM_File.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Socket/Socket.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Storable/Storable.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Sys/Hostname/Hostname.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Sys/Syslog/Syslog.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Time/HiRes/HiRes.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Time/Piece/Piece.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Unicode/Collate/Collate.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/Unicode/Normalize/Normalize.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/attributes/attributes.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/mro/mro.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/re/re.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/threads/shared/shared.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/auto/threads/threads.so", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/atomic_wide_counter.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/byteswap.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/confname.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/endian.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/endianness.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/environments.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/floatn-common.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/floatn.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/getopt_core.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/getopt_posix.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/ioctl-types.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/ioctls.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/long-double.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/posix_opt.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/pthreadtypes-arch.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/pthreadtypes.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/select-decl.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/select.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/select2.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/sigaction.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/sigcontext.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/sigevent-consts.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/siginfo-arch.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/siginfo-consts-arch.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/siginfo-consts.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/signal_ext.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/signum-arch.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/signum-generic.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/sigstack.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/sigstksz.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/sigthread.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/sockaddr.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/socket-constants.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/socket.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/socket2.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/socket_type.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/ss_flags.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/stdint-intn.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/struct_mutex.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/struct_rwlock.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/syscall.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/syslog-decl.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/syslog-ldbl.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/syslog-path.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/syslog.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/thread-shared-types.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/time64.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/timesize.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/types.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/types/__sigset_t.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/types/__sigval_t.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/types/clock_t.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/types/clockid_t.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/types/idtype_t.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/types/sig_atomic_t.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/types/sigevent_t.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/types/siginfo_t.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/types/sigset_t.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/types/sigval_t.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/types/stack_t.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/types/struct_iovec.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/types/struct_osockaddr.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/types/struct_rusage.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/types/struct_sigstack.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/types/struct_timespec.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/types/struct_timeval.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/types/time_t.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/types/timer_t.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/typesizes.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/uintn-identity.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/unistd-decl.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/unistd.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/unistd_ext.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/waitflags.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/waitstatus.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/bits/wordsize.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/encoding.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/endian.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/errno.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/features-time64.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/features.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/gnu/stubs-64.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/gnu/stubs.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/lib.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/linux/ioctl.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/linux/posix_types.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/linux/stddef.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/mro.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/ops.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/re.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/signal.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/stdarg.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/stdc-predef.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/stddef.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/sys/cdefs.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/sys/ioctl.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/sys/select.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/sys/socket.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/sys/syscall.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/sys/syslog.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/sys/time.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/sys/ttydefaults.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/sys/types.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/sys/ucontext.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/sys/wait.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/syscall.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/sysexits.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/syslimits.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/syslog.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/threads.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/threads/shared.pm", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/unistd.ph", "/usr/lib/x86_64-linux-gnu/perl/5.36.0/wait.ph", "/usr/lib/x86_64-linux-gnu/perl/debian-config-data-5.36.0/README", "/usr/lib/x86_64-linux-gnu/perl/debian-config-data-5.36.0/config.sh.debug.gz", "/usr/lib/x86_64-linux-gnu/perl/debian-config-data-5.36.0/config.sh.shared.gz", "/usr/lib/x86_64-linux-gnu/perl/debian-config-data-5.36.0/config.sh.static.gz", "/usr/share/doc/libperl5.36/changelog.Debian.gz", "/usr/share/doc/libperl5.36/copyright", "/usr/share/lintian/overrides/libperl5.36", "/usr/share/man/man1/cpan5.36-x86_64-linux-gnu.1.gz", "/usr/share/man/man1/perl5.36-x86_64-linux-gnu.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "libpopt0@1.19+dfsg-1", "Name": "libpopt0", "Identifier": { "PURL": "pkg:deb/ubuntu/libpopt0@1.19%2Bdfsg-1?arch=amd64\u0026distro=ubuntu-23.10", "UID": "bc1d644ab7b7423a" }, "Version": "1.19+dfsg", "Release": "1", "Arch": "amd64", "SrcName": "popt", "SrcVersion": "1.19+dfsg", "SrcRelease": "1", "Licenses": [ "MIT", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3" ], "Layer": { "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libpopt.so.0.0.2", "/usr/share/doc/libpopt0/README", "/usr/share/doc/libpopt0/changelog.Debian.gz", "/usr/share/doc/libpopt0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libproc2-0@2:4.0.3-1ubuntu1.23.10.1", "Name": "libproc2-0", "Identifier": { "PURL": "pkg:deb/ubuntu/libproc2-0@4.0.3-1ubuntu1.23.10.1?arch=amd64\u0026distro=ubuntu-23.10\u0026epoch=2", "UID": "34fd03306b454b88" }, "Version": "4.0.3", "Release": "1ubuntu1.23.10.1", "Epoch": 2, "Arch": "amd64", "SrcName": "procps", "SrcVersion": "4.0.3", "SrcRelease": "1ubuntu1.23.10.1", "SrcEpoch": 2, "Licenses": [ "LGPL-2.1-or-later", "LGPL-2.0-or-later", "GPL-2.0-or-later", "GPL-2.0-only", "LGPL-2.0-only", "LGPL-2.1-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3", "libsystemd0@253.5-1ubuntu6.1" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libproc2.so.0.0.1", "/usr/share/doc/libproc2-0/NEWS.Debian.gz", "/usr/share/doc/libproc2-0/changelog.Debian.gz", "/usr/share/doc/libproc2-0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libsasl2-2@2.1.28+dfsg1-3", "Name": "libsasl2-2", "Identifier": { "PURL": "pkg:deb/ubuntu/libsasl2-2@2.1.28%2Bdfsg1-3?arch=amd64\u0026distro=ubuntu-23.10", "UID": "7c4ee7581fe6d586" }, "Version": "2.1.28+dfsg1", "Release": "3", "Arch": "amd64", "SrcName": "cyrus-sasl2", "SrcVersion": "2.1.28+dfsg1", "SrcRelease": "3", "Licenses": [ "BSD-3-Clause-Attribution", "BSD-3-Clause", "BSD-2-Clause", "GPL-3.0-or-later", "GPL-3.0-only", "BSD-4-Clause-UC", "RSA-MD", "text://BSD-3-Clause-Attribution and IBM-as-is", "BSD-3-clause-JANET", "BSD-3-clause-PADL", "MIT-OpenVision", "OpenLDAP", "FSFULLR", "MIT-CMU", "MIT-Export", "BSD-2.2-clause", "text://IBM-as-is" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3", "libsasl2-modules-db@2.1.28+dfsg1-3", "libssl3@3.0.10-1ubuntu2.3" ], "Layer": { "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libsasl2.so.2.0.25", "/usr/share/doc/libsasl2-2/README.Debian", "/usr/share/doc/libsasl2-2/copyright", "/usr/share/man/man5/libsasl.5.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "libsasl2-modules-db@2.1.28+dfsg1-3", "Name": "libsasl2-modules-db", "Identifier": { "PURL": "pkg:deb/ubuntu/libsasl2-modules-db@2.1.28%2Bdfsg1-3?arch=amd64\u0026distro=ubuntu-23.10", "UID": "43c1a29a34ea3d8a" }, "Version": "2.1.28+dfsg1", "Release": "3", "Arch": "amd64", "SrcName": "cyrus-sasl2", "SrcVersion": "2.1.28+dfsg1", "SrcRelease": "3", "Licenses": [ "BSD-3-Clause-Attribution", "BSD-3-Clause", "BSD-2-Clause", "GPL-3.0-or-later", "GPL-3.0-only", "BSD-4-Clause-UC", "RSA-MD", "text://BSD-3-Clause-Attribution and IBM-as-is", "BSD-3-clause-JANET", "BSD-3-clause-PADL", "MIT-OpenVision", "OpenLDAP", "FSFULLR", "MIT-CMU", "MIT-Export", "BSD-2.2-clause", "text://IBM-as-is" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3", "libdb5.3@5.3.28+dfsg2-2" ], "Layer": { "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/sasl2/libsasldb.so.2.0.25", "/usr/share/doc/libsasl2-modules-db/changelog.Debian.gz", "/usr/share/doc/libsasl2-modules-db/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libseccomp2@2.5.4-1ubuntu3", "Name": "libseccomp2", "Identifier": { "PURL": "pkg:deb/ubuntu/libseccomp2@2.5.4-1ubuntu3?arch=amd64\u0026distro=ubuntu-23.10", "UID": "ebeb6a98937ad179" }, "Version": "2.5.4", "Release": "1ubuntu3", "Arch": "amd64", "SrcName": "libseccomp", "SrcVersion": "2.5.4", "SrcRelease": "1ubuntu3", "Licenses": [ "LGPL-2.1-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libseccomp.so.2.5.4", "/usr/share/doc/libseccomp2/changelog.Debian.gz", "/usr/share/doc/libseccomp2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libselinux1@3.5-1", "Name": "libselinux1", "Identifier": { "PURL": "pkg:deb/ubuntu/libselinux1@3.5-1?arch=amd64\u0026distro=ubuntu-23.10", "UID": "bdf3c260a102db44" }, "Version": "3.5", "Release": "1", "Arch": "amd64", "SrcName": "libselinux", "SrcVersion": "3.5", "SrcRelease": "1", "Licenses": [ "public-domain", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3", "libpcre2-8-0@10.42-4" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libselinux.so.1", "/usr/share/doc/libselinux1/changelog.Debian.gz", "/usr/share/doc/libselinux1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libsemanage-common@3.5-1", "Name": "libsemanage-common", "Identifier": { "PURL": "pkg:deb/ubuntu/libsemanage-common@3.5-1?arch=all\u0026distro=ubuntu-23.10", "UID": "506ffbcb7f2426a" }, "Version": "3.5", "Release": "1", "Arch": "all", "SrcName": "libsemanage", "SrcVersion": "3.5", "SrcRelease": "1", "Licenses": [ "LGPL-2.1-or-later", "LGPL-2.1-only", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/usr/share/doc/libsemanage-common/changelog.Debian.gz", "/usr/share/doc/libsemanage-common/copyright", "/usr/share/man/man5/semanage.conf.5.gz", "/usr/share/man/ru/man5/semanage.conf.5.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "libsemanage2@3.5-1", "Name": "libsemanage2", "Identifier": { "PURL": "pkg:deb/ubuntu/libsemanage2@3.5-1?arch=amd64\u0026distro=ubuntu-23.10", "UID": "4187ad7685b9bc2b" }, "Version": "3.5", "Release": "1", "Arch": "amd64", "SrcName": "libsemanage", "SrcVersion": "3.5", "SrcRelease": "1", "Licenses": [ "LGPL-2.1-or-later", "LGPL-2.1-only", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libaudit1@1:3.1.1-1", "libbz2-1.0@1.0.8-5build1", "libc6@2.38-1ubuntu6.3", "libselinux1@3.5-1", "libsemanage-common@3.5-1", "libsepol2@3.5-1" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libsemanage.so.2", "/usr/share/doc/libsemanage2/changelog.Debian.gz", "/usr/share/doc/libsemanage2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libsepol2@3.5-1", "Name": "libsepol2", "Identifier": { "PURL": "pkg:deb/ubuntu/libsepol2@3.5-1?arch=amd64\u0026distro=ubuntu-23.10", "UID": "819c50c320b4ed14" }, "Version": "3.5", "Release": "1", "Arch": "amd64", "SrcName": "libsepol", "SrcVersion": "3.5", "SrcRelease": "1", "Licenses": [ "LGPL-2.1-or-later", "LGPL-2.1-only", "Zlib", "GPL-2.0-only", "GPL-2.0-or-later" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libsepol.so.2", "/usr/share/doc/libsepol2/changelog.Debian.gz", "/usr/share/doc/libsepol2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libsmartcols1@2.39.1-4ubuntu2.2", "Name": "libsmartcols1", "Identifier": { "PURL": "pkg:deb/ubuntu/libsmartcols1@2.39.1-4ubuntu2.2?arch=amd64\u0026distro=ubuntu-23.10", "UID": "b1087ab9a0339358" }, "Version": "2.39.1", "Release": "4ubuntu2.2", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.39.1", "SrcRelease": "4ubuntu2.2", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "public-domain", "BSD-4-Clause", "MIT", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "LGPL-2.1-or-later", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libsmartcols.so.1.1.0", "/usr/share/doc/libsmartcols1/changelog.Debian.gz", "/usr/share/doc/libsmartcols1/copyright", "/usr/share/lintian/overrides/libsmartcols1" ], "AnalyzedBy": "dpkg" }, { "ID": "libss2@1.47.0-2ubuntu1", "Name": "libss2", "Identifier": { "PURL": "pkg:deb/ubuntu/libss2@1.47.0-2ubuntu1?arch=amd64\u0026distro=ubuntu-23.10", "UID": "dace0e4e98f3ffb5" }, "Version": "1.47.0", "Release": "2ubuntu1", "Arch": "amd64", "SrcName": "e2fsprogs", "SrcVersion": "1.47.0", "SrcRelease": "2ubuntu1", "Licenses": [ "GPL-2.0-only", "LGPL-2.0-only", "BSD-3-Clause", "Apache-2.0", "ISC", "GPL-2.0-or-later", "MIT-US-export", "Kazlib", "Latex2e", "GPL-2+ with Texinfo exception" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3", "libcom-err2@1.47.0-2ubuntu1" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libss.so.2.0", "/usr/share/doc/libss2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libssl3@3.0.10-1ubuntu2.3", "Name": "libssl3", "Identifier": { "PURL": "pkg:deb/ubuntu/libssl3@3.0.10-1ubuntu2.3?arch=amd64\u0026distro=ubuntu-23.10", "UID": "a644291ac82ff6da" }, "Version": "3.0.10", "Release": "1ubuntu2.3", "Arch": "amd64", "SrcName": "openssl", "SrcVersion": "3.0.10", "SrcRelease": "1ubuntu2.3", "Licenses": [ "Apache-2.0", "Artistic-2.0", "GPL-1.0-or-later", "GPL-1.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debconf@1.5.82", "libc6@2.38-1ubuntu6.3" ], "Layer": { "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/engines-3/afalg.so", "/usr/lib/x86_64-linux-gnu/engines-3/loader_attic.so", "/usr/lib/x86_64-linux-gnu/engines-3/padlock.so", "/usr/lib/x86_64-linux-gnu/libcrypto.so.3", "/usr/lib/x86_64-linux-gnu/libssl.so.3", "/usr/lib/x86_64-linux-gnu/ossl-modules/legacy.so", "/usr/share/doc/libssl3/changelog.Debian.gz", "/usr/share/doc/libssl3/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libstdc++6@13.2.0-4ubuntu3", "Name": "libstdc++6", "Identifier": { "PURL": "pkg:deb/ubuntu/libstdc%2B%2B6@13.2.0-4ubuntu3?arch=amd64\u0026distro=ubuntu-23.10", "UID": "c932b61337e4970f" }, "Version": "13.2.0", "Release": "4ubuntu3", "Arch": "amd64", "SrcName": "gcc-13", "SrcVersion": "13.2.0", "SrcRelease": "4ubuntu3", "Maintainer": "Ubuntu Core developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "gcc-13-base@13.2.0-4ubuntu3", "libc6@2.38-1ubuntu6.3", "libgcc-s1@13.2.0-4ubuntu3" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.32", "/usr/share/gcc/python/libstdcxx/__init__.py", "/usr/share/gcc/python/libstdcxx/v6/__init__.py", "/usr/share/gcc/python/libstdcxx/v6/printers.py", "/usr/share/gcc/python/libstdcxx/v6/xmethods.py", "/usr/share/gdb/auto-load/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.32-gdb.py" ], "AnalyzedBy": "dpkg" }, { "ID": "libsystemd0@253.5-1ubuntu6.1", "Name": "libsystemd0", "Identifier": { "PURL": "pkg:deb/ubuntu/libsystemd0@253.5-1ubuntu6.1?arch=amd64\u0026distro=ubuntu-23.10", "UID": "313035d53fbc16f0" }, "Version": "253.5", "Release": "1ubuntu6.1", "Arch": "amd64", "SrcName": "systemd", "SrcVersion": "253.5", "SrcRelease": "1ubuntu6.1", "Licenses": [ "LGPL-2.1-or-later", "CC0-1.0", "GPL-2 with Linux-syscall-note exception", "MIT", "public-domain", "GPL-2.0-or-later", "GPL-2.0-only", "LGPL-2.1-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3", "libcap2@1:2.66-4ubuntu1", "libgcrypt20@1.10.2-3ubuntu1", "liblz4-1@1.9.4-1", "liblzma5@5.4.1-0.2", "libzstd1@1.5.5+dfsg2-1ubuntu2" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.36.0", "/usr/share/doc/libsystemd0/NEWS.Debian.gz", "/usr/share/doc/libsystemd0/changelog.Debian.gz", "/usr/share/doc/libsystemd0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libtasn1-6@4.19.0-3", "Name": "libtasn1-6", "Identifier": { "PURL": "pkg:deb/ubuntu/libtasn1-6@4.19.0-3?arch=amd64\u0026distro=ubuntu-23.10", "UID": "8b7961ca06867055" }, "Version": "4.19.0", "Release": "3", "Arch": "amd64", "SrcName": "libtasn1-6", "SrcVersion": "4.19.0", "SrcRelease": "3", "Licenses": [ "LGPL-2.0-or-later", "LGPL-2.1-only", "GPL-3.0-only", "GFDL-1.3-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libtasn1.so.6.6.3", "/usr/share/doc/libtasn1-6/AUTHORS", "/usr/share/doc/libtasn1-6/README.md", "/usr/share/doc/libtasn1-6/THANKS", "/usr/share/doc/libtasn1-6/changelog.Debian.gz", "/usr/share/doc/libtasn1-6/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libtdb1@1.4.9-2", "Name": "libtdb1", "Identifier": { "PURL": "pkg:deb/ubuntu/libtdb1@1.4.9-2?arch=amd64\u0026distro=ubuntu-23.10", "UID": "c01c4b0a8e4e730c" }, "Version": "1.4.9", "Release": "2", "Arch": "amd64", "SrcName": "tdb", "SrcVersion": "1.4.9", "SrcRelease": "2", "Licenses": [ "LGPL-3.0-or-later", "GPL-3.0-or-later", "PostgreSQL", "ISC", "BSD-3-Clause", "LGPL-3.0-only", "GPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3" ], "Layer": { "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libtdb.so.1.4.9", "/usr/share/doc/libtdb1/changelog.Debian.gz", "/usr/share/doc/libtdb1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libtinfo6@6.4+20230625-2", "Name": "libtinfo6", "Identifier": { "PURL": "pkg:deb/ubuntu/libtinfo6@6.4%2B20230625-2?arch=amd64\u0026distro=ubuntu-23.10", "UID": "b96445f770c5b00" }, "Version": "6.4+20230625", "Release": "2", "Arch": "amd64", "SrcName": "ncurses", "SrcVersion": "6.4+20230625", "SrcRelease": "2", "Licenses": [ "MIT/X11", "X11", "BSD-3-Clause" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libtinfo.so.6.4", "/usr/lib/x86_64-linux-gnu/libtic.so.6.4", "/usr/share/doc/libtinfo6/changelog.Debian.gz", "/usr/share/doc/libtinfo6/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libudev1@253.5-1ubuntu6.1", "Name": "libudev1", "Identifier": { "PURL": "pkg:deb/ubuntu/libudev1@253.5-1ubuntu6.1?arch=amd64\u0026distro=ubuntu-23.10", "UID": "572aaa0b7a82a0f6" }, "Version": "253.5", "Release": "1ubuntu6.1", "Arch": "amd64", "SrcName": "systemd", "SrcVersion": "253.5", "SrcRelease": "1ubuntu6.1", "Licenses": [ "LGPL-2.1-or-later", "CC0-1.0", "GPL-2 with Linux-syscall-note exception", "MIT", "public-domain", "GPL-2.0-or-later", "GPL-2.0-only", "LGPL-2.1-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3", "libcap2@1:2.66-4ubuntu1" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libudev.so.1.7.6", "/usr/share/doc/libudev1/NEWS.Debian.gz", "/usr/share/doc/libudev1/changelog.Debian.gz", "/usr/share/doc/libudev1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libunistring2@1.0-2", "Name": "libunistring2", "Identifier": { "PURL": "pkg:deb/ubuntu/libunistring2@1.0-2?arch=amd64\u0026distro=ubuntu-23.10", "UID": "cde8f9b721c0647f" }, "Version": "1.0", "Release": "2", "Arch": "amd64", "SrcName": "libunistring", "SrcVersion": "1.0", "SrcRelease": "2", "Licenses": [ "LGPL-3.0-or-later", "GPL-2.0-or-later", "FreeSoftware", "GPL-3.0-or-later", "GFDL-1.2-or-later", "GPL-2+ with distribution exception", "MIT", "LGPL-3.0-only", "GPL-3.0-only", "GPL-2.0-only", "GFDL-1.2-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libunistring.so.2.2.0", "/usr/share/doc/libunistring2/changelog.Debian.gz", "/usr/share/doc/libunistring2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libuuid1@2.39.1-4ubuntu2.2", "Name": "libuuid1", "Identifier": { "PURL": "pkg:deb/ubuntu/libuuid1@2.39.1-4ubuntu2.2?arch=amd64\u0026distro=ubuntu-23.10", "UID": "ef7eab139c557e1f" }, "Version": "2.39.1", "Release": "4ubuntu2.2", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.39.1", "SrcRelease": "4ubuntu2.2", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "public-domain", "BSD-4-Clause", "MIT", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "LGPL-2.1-or-later", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libuuid.so.1.3.0", "/usr/share/doc/libuuid1/changelog.Debian.gz", "/usr/share/doc/libuuid1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libxxhash0@0.8.1-1", "Name": "libxxhash0", "Identifier": { "PURL": "pkg:deb/ubuntu/libxxhash0@0.8.1-1?arch=amd64\u0026distro=ubuntu-23.10", "UID": "bf6683444d919998" }, "Version": "0.8.1", "Release": "1", "Arch": "amd64", "SrcName": "xxhash", "SrcVersion": "0.8.1", "SrcRelease": "1", "Licenses": [ "BSD-2-Clause", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libxxhash.so.0.8.1", "/usr/share/doc/libxxhash0/changelog.Debian.gz", "/usr/share/doc/libxxhash0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libzstd1@1.5.5+dfsg2-1ubuntu2", "Name": "libzstd1", "Identifier": { "PURL": "pkg:deb/ubuntu/libzstd1@1.5.5%2Bdfsg2-1ubuntu2?arch=amd64\u0026distro=ubuntu-23.10", "UID": "33bdf7c00c71d8b1" }, "Version": "1.5.5+dfsg2", "Release": "1ubuntu2", "Arch": "amd64", "SrcName": "libzstd", "SrcVersion": "1.5.5+dfsg2", "SrcRelease": "1ubuntu2", "Licenses": [ "BSD-3-Clause", "GPL-2.0-only", "Zlib", "MIT" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libzstd.so.1.5.5", "/usr/share/doc/libzstd1/changelog.Debian.gz", "/usr/share/doc/libzstd1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "login@1:4.13+dfsg1-1ubuntu1.1", "Name": "login", "Identifier": { "PURL": "pkg:deb/ubuntu/login@4.13%2Bdfsg1-1ubuntu1.1?arch=amd64\u0026distro=ubuntu-23.10\u0026epoch=1", "UID": "e32b693ebc55c989" }, "Version": "4.13+dfsg1", "Release": "1ubuntu1.1", "Epoch": 1, "Arch": "amd64", "SrcName": "shadow", "SrcVersion": "4.13+dfsg1", "SrcRelease": "1ubuntu1.1", "SrcEpoch": 1, "Licenses": [ "BSD-3-Clause", "GPL-1.0-only", "GPL-2.0-or-later", "public-domain", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/bin/login", "/usr/bin/faillog", "/usr/bin/lastlog", "/usr/bin/newgrp", "/usr/sbin/nologin", "/usr/share/apport/package-hooks/source_shadow.py", "/usr/share/doc/login/NEWS.Debian.gz", "/usr/share/doc/login/changelog.Debian.gz", "/usr/share/doc/login/copyright", "/usr/share/lintian/overrides/login", "/usr/share/man/cs/man5/faillog.5.gz", "/usr/share/man/cs/man8/faillog.8.gz", "/usr/share/man/cs/man8/lastlog.8.gz", "/usr/share/man/cs/man8/nologin.8.gz", "/usr/share/man/da/man1/newgrp.1.gz", "/usr/share/man/da/man1/sg.1.gz", "/usr/share/man/da/man8/nologin.8.gz", "/usr/share/man/de/man1/login.1.gz", "/usr/share/man/de/man1/newgrp.1.gz", "/usr/share/man/de/man1/sg.1.gz", "/usr/share/man/de/man5/faillog.5.gz", "/usr/share/man/de/man5/login.defs.5.gz", "/usr/share/man/de/man8/faillog.8.gz", "/usr/share/man/de/man8/lastlog.8.gz", "/usr/share/man/de/man8/nologin.8.gz", "/usr/share/man/fr/man1/login.1.gz", "/usr/share/man/fr/man1/newgrp.1.gz", "/usr/share/man/fr/man1/sg.1.gz", "/usr/share/man/fr/man5/faillog.5.gz", "/usr/share/man/fr/man5/login.defs.5.gz", "/usr/share/man/fr/man8/faillog.8.gz", "/usr/share/man/fr/man8/lastlog.8.gz", "/usr/share/man/fr/man8/nologin.8.gz", "/usr/share/man/hu/man1/login.1.gz", "/usr/share/man/hu/man1/newgrp.1.gz", "/usr/share/man/hu/man8/lastlog.8.gz", "/usr/share/man/id/man1/login.1.gz", "/usr/share/man/it/man1/login.1.gz", "/usr/share/man/it/man1/newgrp.1.gz", "/usr/share/man/it/man1/sg.1.gz", "/usr/share/man/it/man5/faillog.5.gz", "/usr/share/man/it/man5/login.defs.5.gz", "/usr/share/man/it/man8/faillog.8.gz", "/usr/share/man/it/man8/lastlog.8.gz", "/usr/share/man/it/man8/nologin.8.gz", "/usr/share/man/ja/man1/login.1.gz", "/usr/share/man/ja/man1/newgrp.1.gz", "/usr/share/man/ja/man5/faillog.5.gz", "/usr/share/man/ja/man5/login.defs.5.gz", "/usr/share/man/ja/man8/faillog.8.gz", "/usr/share/man/ja/man8/lastlog.8.gz", "/usr/share/man/ko/man1/login.1.gz", "/usr/share/man/man1/login.1.gz", "/usr/share/man/man1/newgrp.1.gz", "/usr/share/man/man1/sg.1.gz", "/usr/share/man/man5/faillog.5.gz", "/usr/share/man/man5/login.defs.5.gz", "/usr/share/man/man8/faillog.8.gz", "/usr/share/man/man8/lastlog.8.gz", "/usr/share/man/man8/nologin.8.gz", "/usr/share/man/pl/man1/newgrp.1.gz", "/usr/share/man/pl/man1/sg.1.gz", "/usr/share/man/pl/man5/faillog.5.gz", "/usr/share/man/pl/man8/faillog.8.gz", "/usr/share/man/pl/man8/lastlog.8.gz", "/usr/share/man/ru/man1/login.1.gz", "/usr/share/man/ru/man1/newgrp.1.gz", "/usr/share/man/ru/man1/sg.1.gz", "/usr/share/man/ru/man5/faillog.5.gz", "/usr/share/man/ru/man5/login.defs.5.gz", "/usr/share/man/ru/man8/faillog.8.gz", "/usr/share/man/ru/man8/lastlog.8.gz", "/usr/share/man/ru/man8/nologin.8.gz", "/usr/share/man/sv/man1/newgrp.1.gz", "/usr/share/man/sv/man1/sg.1.gz", "/usr/share/man/sv/man5/faillog.5.gz", "/usr/share/man/sv/man8/faillog.8.gz", "/usr/share/man/sv/man8/lastlog.8.gz", "/usr/share/man/sv/man8/nologin.8.gz", "/usr/share/man/tr/man1/login.1.gz", "/usr/share/man/uk/man1/login.1.gz", "/usr/share/man/uk/man1/newgrp.1.gz", "/usr/share/man/uk/man1/sg.1.gz", "/usr/share/man/uk/man5/faillog.5.gz", "/usr/share/man/uk/man5/login.defs.5.gz", "/usr/share/man/uk/man8/faillog.8.gz", "/usr/share/man/uk/man8/lastlog.8.gz", "/usr/share/man/uk/man8/nologin.8.gz", "/usr/share/man/zh_CN/man1/login.1.gz", "/usr/share/man/zh_CN/man1/newgrp.1.gz", "/usr/share/man/zh_CN/man1/sg.1.gz", "/usr/share/man/zh_CN/man5/faillog.5.gz", "/usr/share/man/zh_CN/man5/login.defs.5.gz", "/usr/share/man/zh_CN/man8/faillog.8.gz", "/usr/share/man/zh_CN/man8/lastlog.8.gz", "/usr/share/man/zh_CN/man8/nologin.8.gz", "/usr/share/man/zh_TW/man1/newgrp.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "logrotate@3.21.0-1", "Name": "logrotate", "Identifier": { "PURL": "pkg:deb/ubuntu/logrotate@3.21.0-1?arch=amd64\u0026distro=ubuntu-23.10", "UID": "46d2b3d6fb52a7d1" }, "Version": "3.21.0", "Release": "1", "Arch": "amd64", "SrcName": "logrotate", "SrcVersion": "3.21.0", "SrcRelease": "1", "Licenses": [ "GPL-2.0-only", "GPL-3.0-or-later", "BSD-3-Clause", "GPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "cron@3.0pl1-163ubuntu1", "libacl1@2.3.1-3", "libc6@2.38-1ubuntu6.3", "libpopt0@1.19+dfsg-1", "libselinux1@3.5-1" ], "Layer": { "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" }, "InstalledFiles": [ "/lib/systemd/system/logrotate.service", "/lib/systemd/system/logrotate.timer", "/usr/sbin/logrotate", "/usr/share/bug/logrotate/script", "/usr/share/doc/logrotate/NEWS.Debian.gz", "/usr/share/doc/logrotate/changelog.Debian.gz", "/usr/share/doc/logrotate/copyright", "/usr/share/man/man8/logrotate.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "logsave@1.47.0-2ubuntu1", "Name": "logsave", "Identifier": { "PURL": "pkg:deb/ubuntu/logsave@1.47.0-2ubuntu1?arch=amd64\u0026distro=ubuntu-23.10", "UID": "e37cd5a38f37774c" }, "Version": "1.47.0", "Release": "2ubuntu1", "Arch": "amd64", "SrcName": "e2fsprogs", "SrcVersion": "1.47.0", "SrcRelease": "2ubuntu1", "Licenses": [ "GPL-2.0-only", "LGPL-2.0-only", "BSD-3-Clause", "Apache-2.0", "ISC", "GPL-2.0-or-later", "MIT-US-export", "Kazlib", "Latex2e", "GPL-2+ with Texinfo exception" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/sbin/logsave", "/usr/share/doc/logsave/changelog.Debian.gz", "/usr/share/doc/logsave/copyright", "/usr/share/man/man8/logsave.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "mawk@1.3.4.20230730-1", "Name": "mawk", "Identifier": { "PURL": "pkg:deb/ubuntu/mawk@1.3.4.20230730-1?arch=amd64\u0026distro=ubuntu-23.10", "UID": "e175dfe215c6a36c" }, "Version": "1.3.4.20230730", "Release": "1", "Arch": "amd64", "SrcName": "mawk", "SrcVersion": "1.3.4.20230730", "SrcRelease": "1", "Licenses": [ "GPL-2.0-only", "X11", "CC-BY-3.0" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/usr/bin/mawk", "/usr/share/doc/mawk/ACKNOWLEDGMENT", "/usr/share/doc/mawk/README", "/usr/share/doc/mawk/changelog.Debian.gz", "/usr/share/doc/mawk/copyright", "/usr/share/doc/mawk/examples/ct_length.awk", "/usr/share/doc/mawk/examples/decl.awk", "/usr/share/doc/mawk/examples/deps.awk", "/usr/share/doc/mawk/examples/eatc.awk", "/usr/share/doc/mawk/examples/gdecl.awk", "/usr/share/doc/mawk/examples/hcal", "/usr/share/doc/mawk/examples/hical", "/usr/share/doc/mawk/examples/nocomment.awk", "/usr/share/doc/mawk/examples/primes.awk", "/usr/share/doc/mawk/examples/qsort.awk", "/usr/share/man/man1/mawk.1.gz", "/usr/share/man/man7/mawk-arrays.7.gz", "/usr/share/man/man7/mawk-code.7.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "mount@2.39.1-4ubuntu2.2", "Name": "mount", "Identifier": { "PURL": "pkg:deb/ubuntu/mount@2.39.1-4ubuntu2.2?arch=amd64\u0026distro=ubuntu-23.10", "UID": "63613bfda1742dec" }, "Version": "2.39.1", "Release": "4ubuntu2.2", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.39.1", "SrcRelease": "4ubuntu2.2", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "public-domain", "BSD-4-Clause", "MIT", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "LGPL-2.1-or-later", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/bin/mount", "/bin/umount", "/sbin/losetup", "/sbin/swapoff", "/sbin/swapon", "/usr/share/bash-completion/completions/losetup", "/usr/share/bash-completion/completions/mount", "/usr/share/bash-completion/completions/swapoff", "/usr/share/bash-completion/completions/swapon", "/usr/share/bash-completion/completions/umount", "/usr/share/doc/mount/copyright", "/usr/share/doc/mount/examples/filesystems", "/usr/share/doc/mount/examples/fstab", "/usr/share/doc/mount/examples/mount.fstab", "/usr/share/doc/mount/mount.txt", "/usr/share/lintian/overrides/mount", "/usr/share/man/man5/fstab.5.gz", "/usr/share/man/man8/losetup.8.gz", "/usr/share/man/man8/mount.8.gz", "/usr/share/man/man8/swapon.8.gz", "/usr/share/man/man8/umount.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "ncurses-base@6.4+20230625-2", "Name": "ncurses-base", "Identifier": { "PURL": "pkg:deb/ubuntu/ncurses-base@6.4%2B20230625-2?arch=all\u0026distro=ubuntu-23.10", "UID": "6076efaa0dbca4a8" }, "Version": "6.4+20230625", "Release": "2", "Arch": "all", "SrcName": "ncurses", "SrcVersion": "6.4+20230625", "SrcRelease": "2", "Licenses": [ "MIT/X11", "X11", "BSD-3-Clause" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/usr/share/doc/ncurses-base/FAQ", "/usr/share/doc/ncurses-base/TODO.Debian", "/usr/share/doc/ncurses-base/changelog.Debian.gz", "/usr/share/doc/ncurses-base/copyright", "/usr/share/lintian/overrides/ncurses-base", "/usr/share/tabset/std", "/usr/share/tabset/stdcrt", "/usr/share/tabset/vt100", "/usr/share/tabset/vt300", "/usr/share/terminfo/E/Eterm", "/usr/share/terminfo/a/ansi", "/usr/share/terminfo/c/cons25", "/usr/share/terminfo/c/cygwin", "/usr/share/terminfo/d/dumb", "/usr/share/terminfo/h/hurd", "/usr/share/terminfo/l/linux", "/usr/share/terminfo/m/mach", "/usr/share/terminfo/m/mach-bold", "/usr/share/terminfo/m/mach-color", "/usr/share/terminfo/m/mach-gnu", "/usr/share/terminfo/m/mach-gnu-color", "/usr/share/terminfo/p/pcansi", "/usr/share/terminfo/r/rxvt", "/usr/share/terminfo/r/rxvt-basic", "/usr/share/terminfo/r/rxvt-unicode", "/usr/share/terminfo/r/rxvt-unicode-256color", "/usr/share/terminfo/s/screen", "/usr/share/terminfo/s/screen-256color", "/usr/share/terminfo/s/screen-256color-bce", "/usr/share/terminfo/s/screen-bce", "/usr/share/terminfo/s/screen-s", "/usr/share/terminfo/s/screen-w", "/usr/share/terminfo/s/screen.xterm-256color", "/usr/share/terminfo/s/sun", "/usr/share/terminfo/t/tmux", "/usr/share/terminfo/t/tmux-256color", "/usr/share/terminfo/v/vt100", "/usr/share/terminfo/v/vt102", "/usr/share/terminfo/v/vt220", "/usr/share/terminfo/v/vt52", "/usr/share/terminfo/w/wsvt25", "/usr/share/terminfo/w/wsvt25m", "/usr/share/terminfo/x/xterm", "/usr/share/terminfo/x/xterm-256color", "/usr/share/terminfo/x/xterm-color", "/usr/share/terminfo/x/xterm-mono", "/usr/share/terminfo/x/xterm-r5", "/usr/share/terminfo/x/xterm-r6", "/usr/share/terminfo/x/xterm-vt220", "/usr/share/terminfo/x/xterm-xfree86" ], "AnalyzedBy": "dpkg" }, { "ID": "ncurses-bin@6.4+20230625-2", "Name": "ncurses-bin", "Identifier": { "PURL": "pkg:deb/ubuntu/ncurses-bin@6.4%2B20230625-2?arch=amd64\u0026distro=ubuntu-23.10", "UID": "c4f2b5d4182cef4f" }, "Version": "6.4+20230625", "Release": "2", "Arch": "amd64", "SrcName": "ncurses", "SrcVersion": "6.4+20230625", "SrcRelease": "2", "Licenses": [ "MIT/X11", "X11", "BSD-3-Clause" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/usr/bin/clear", "/usr/bin/infocmp", "/usr/bin/tabs", "/usr/bin/tic", "/usr/bin/toe", "/usr/bin/tput", "/usr/bin/tset", "/usr/share/doc/ncurses-bin/copyright", "/usr/share/man/man1/captoinfo.1.gz", "/usr/share/man/man1/clear.1.gz", "/usr/share/man/man1/infocmp.1.gz", "/usr/share/man/man1/infotocap.1.gz", "/usr/share/man/man1/tabs.1.gz", "/usr/share/man/man1/tic.1.gz", "/usr/share/man/man1/toe.1.gz", "/usr/share/man/man1/tput.1.gz", "/usr/share/man/man1/tset.1.gz", "/usr/share/man/man5/scr_dump.5.gz", "/usr/share/man/man5/term.5.gz", "/usr/share/man/man5/terminfo.5.gz", "/usr/share/man/man5/user_caps.5.gz", "/usr/share/man/man7/term.7.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "netbase@6.4", "Name": "netbase", "Identifier": { "PURL": "pkg:deb/ubuntu/netbase@6.4?arch=all\u0026distro=ubuntu-23.10", "UID": "f5de852302697395" }, "Version": "6.4", "Arch": "all", "SrcName": "netbase", "SrcVersion": "6.4", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" }, "InstalledFiles": [ "/usr/share/doc/netbase/changelog.gz", "/usr/share/doc/netbase/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "openssl@3.0.10-1ubuntu2.3", "Name": "openssl", "Identifier": { "PURL": "pkg:deb/ubuntu/openssl@3.0.10-1ubuntu2.3?arch=amd64\u0026distro=ubuntu-23.10", "UID": "dacb5c30ff7f34f" }, "Version": "3.0.10", "Release": "1ubuntu2.3", "Arch": "amd64", "SrcName": "openssl", "SrcVersion": "3.0.10", "SrcRelease": "1ubuntu2.3", "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3", "libssl3@3.0.10-1ubuntu2.3" ], "Layer": { "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" }, "InstalledFiles": [ "/usr/bin/c_rehash", "/usr/bin/openssl", "/usr/lib/ssl/misc/CA.pl", "/usr/lib/ssl/misc/tsget.pl", "/usr/share/doc/openssl/FAQ.md", "/usr/share/doc/openssl/HOWTO/certificates.txt.gz", "/usr/share/doc/openssl/HOWTO/keys.txt", "/usr/share/doc/openssl/NEWS.Debian.gz", "/usr/share/doc/openssl/NEWS.md.gz", "/usr/share/doc/openssl/README-ENGINES.md.gz", "/usr/share/doc/openssl/README.Debian", "/usr/share/doc/openssl/README.md.gz", "/usr/share/doc/openssl/README.optimization", "/usr/share/doc/openssl/fingerprints.txt", "/usr/share/lintian/overrides/openssl", "/usr/share/man/man1/CA.pl.1ssl.gz", "/usr/share/man/man1/openssl-asn1parse.1ssl.gz", "/usr/share/man/man1/openssl-ca.1ssl.gz", "/usr/share/man/man1/openssl-ciphers.1ssl.gz", "/usr/share/man/man1/openssl-cmds.1ssl.gz", "/usr/share/man/man1/openssl-cmp.1ssl.gz", "/usr/share/man/man1/openssl-cms.1ssl.gz", "/usr/share/man/man1/openssl-crl.1ssl.gz", "/usr/share/man/man1/openssl-crl2pkcs7.1ssl.gz", "/usr/share/man/man1/openssl-dgst.1ssl.gz", "/usr/share/man/man1/openssl-dhparam.1ssl.gz", "/usr/share/man/man1/openssl-dsa.1ssl.gz", "/usr/share/man/man1/openssl-dsaparam.1ssl.gz", "/usr/share/man/man1/openssl-ec.1ssl.gz", "/usr/share/man/man1/openssl-ecparam.1ssl.gz", "/usr/share/man/man1/openssl-enc.1ssl.gz", "/usr/share/man/man1/openssl-engine.1ssl.gz", "/usr/share/man/man1/openssl-errstr.1ssl.gz", "/usr/share/man/man1/openssl-fipsinstall.1ssl.gz", "/usr/share/man/man1/openssl-format-options.1ssl.gz", "/usr/share/man/man1/openssl-gendsa.1ssl.gz", "/usr/share/man/man1/openssl-genpkey.1ssl.gz", "/usr/share/man/man1/openssl-genrsa.1ssl.gz", "/usr/share/man/man1/openssl-info.1ssl.gz", "/usr/share/man/man1/openssl-kdf.1ssl.gz", "/usr/share/man/man1/openssl-list.1ssl.gz", "/usr/share/man/man1/openssl-mac.1ssl.gz", "/usr/share/man/man1/openssl-namedisplay-options.1ssl.gz", "/usr/share/man/man1/openssl-nseq.1ssl.gz", "/usr/share/man/man1/openssl-ocsp.1ssl.gz", "/usr/share/man/man1/openssl-passphrase-options.1ssl.gz", "/usr/share/man/man1/openssl-passwd.1ssl.gz", "/usr/share/man/man1/openssl-pkcs12.1ssl.gz", "/usr/share/man/man1/openssl-pkcs7.1ssl.gz", "/usr/share/man/man1/openssl-pkcs8.1ssl.gz", "/usr/share/man/man1/openssl-pkey.1ssl.gz", "/usr/share/man/man1/openssl-pkeyparam.1ssl.gz", "/usr/share/man/man1/openssl-pkeyutl.1ssl.gz", "/usr/share/man/man1/openssl-prime.1ssl.gz", "/usr/share/man/man1/openssl-rand.1ssl.gz", "/usr/share/man/man1/openssl-rehash.1ssl.gz", "/usr/share/man/man1/openssl-req.1ssl.gz", "/usr/share/man/man1/openssl-rsa.1ssl.gz", "/usr/share/man/man1/openssl-rsautl.1ssl.gz", "/usr/share/man/man1/openssl-s_client.1ssl.gz", "/usr/share/man/man1/openssl-s_server.1ssl.gz", "/usr/share/man/man1/openssl-s_time.1ssl.gz", "/usr/share/man/man1/openssl-sess_id.1ssl.gz", "/usr/share/man/man1/openssl-smime.1ssl.gz", "/usr/share/man/man1/openssl-speed.1ssl.gz", "/usr/share/man/man1/openssl-spkac.1ssl.gz", "/usr/share/man/man1/openssl-srp.1ssl.gz", "/usr/share/man/man1/openssl-storeutl.1ssl.gz", "/usr/share/man/man1/openssl-ts.1ssl.gz", "/usr/share/man/man1/openssl-verification-options.1ssl.gz", "/usr/share/man/man1/openssl-verify.1ssl.gz", "/usr/share/man/man1/openssl-version.1ssl.gz", "/usr/share/man/man1/openssl-x509.1ssl.gz", "/usr/share/man/man1/openssl.1ssl.gz", "/usr/share/man/man1/tsget.1ssl.gz", "/usr/share/man/man5/config.5ssl.gz", "/usr/share/man/man5/fips_config.5ssl.gz", "/usr/share/man/man5/x509v3_config.5ssl.gz", "/usr/share/man/man7/EVP_ASYM_CIPHER-RSA.7ssl.gz", "/usr/share/man/man7/EVP_ASYM_CIPHER-SM2.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-AES.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-ARIA.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-BLOWFISH.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-CAMELLIA.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-CAST.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-CHACHA.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-DES.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-IDEA.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-NULL.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-RC2.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-RC4.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-RC5.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-SEED.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-SM4.7ssl.gz", "/usr/share/man/man7/EVP_KDF-HKDF.7ssl.gz", "/usr/share/man/man7/EVP_KDF-KB.7ssl.gz", "/usr/share/man/man7/EVP_KDF-KRB5KDF.7ssl.gz", "/usr/share/man/man7/EVP_KDF-PBKDF1.7ssl.gz", "/usr/share/man/man7/EVP_KDF-PBKDF2.7ssl.gz", "/usr/share/man/man7/EVP_KDF-PKCS12KDF.7ssl.gz", "/usr/share/man/man7/EVP_KDF-SCRYPT.7ssl.gz", "/usr/share/man/man7/EVP_KDF-SS.7ssl.gz", "/usr/share/man/man7/EVP_KDF-SSHKDF.7ssl.gz", "/usr/share/man/man7/EVP_KDF-TLS13_KDF.7ssl.gz", "/usr/share/man/man7/EVP_KDF-TLS1_PRF.7ssl.gz", "/usr/share/man/man7/EVP_KDF-X942-ASN1.7ssl.gz", "/usr/share/man/man7/EVP_KDF-X942-CONCAT.7ssl.gz", "/usr/share/man/man7/EVP_KDF-X963.7ssl.gz", "/usr/share/man/man7/EVP_KEM-RSA.7ssl.gz", "/usr/share/man/man7/EVP_KEYEXCH-DH.7ssl.gz", "/usr/share/man/man7/EVP_KEYEXCH-ECDH.7ssl.gz", "/usr/share/man/man7/EVP_KEYEXCH-X25519.7ssl.gz", "/usr/share/man/man7/EVP_MAC-BLAKE2.7ssl.gz", "/usr/share/man/man7/EVP_MAC-CMAC.7ssl.gz", "/usr/share/man/man7/EVP_MAC-GMAC.7ssl.gz", "/usr/share/man/man7/EVP_MAC-HMAC.7ssl.gz", "/usr/share/man/man7/EVP_MAC-KMAC.7ssl.gz", "/usr/share/man/man7/EVP_MAC-Poly1305.7ssl.gz", "/usr/share/man/man7/EVP_MAC-Siphash.7ssl.gz", "/usr/share/man/man7/EVP_MD-BLAKE2.7ssl.gz", "/usr/share/man/man7/EVP_MD-MD2.7ssl.gz", "/usr/share/man/man7/EVP_MD-MD4.7ssl.gz", "/usr/share/man/man7/EVP_MD-MD5-SHA1.7ssl.gz", "/usr/share/man/man7/EVP_MD-MD5.7ssl.gz", "/usr/share/man/man7/EVP_MD-MDC2.7ssl.gz", "/usr/share/man/man7/EVP_MD-NULL.7ssl.gz", "/usr/share/man/man7/EVP_MD-RIPEMD160.7ssl.gz", "/usr/share/man/man7/EVP_MD-SHA1.7ssl.gz", "/usr/share/man/man7/EVP_MD-SHA2.7ssl.gz", "/usr/share/man/man7/EVP_MD-SHA3.7ssl.gz", "/usr/share/man/man7/EVP_MD-SHAKE.7ssl.gz", "/usr/share/man/man7/EVP_MD-SM3.7ssl.gz", "/usr/share/man/man7/EVP_MD-WHIRLPOOL.7ssl.gz", "/usr/share/man/man7/EVP_MD-common.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-DH.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-DSA.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-EC.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-FFC.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-HMAC.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-RSA.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-SM2.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-X25519.7ssl.gz", "/usr/share/man/man7/EVP_RAND-CTR-DRBG.7ssl.gz", "/usr/share/man/man7/EVP_RAND-HASH-DRBG.7ssl.gz", "/usr/share/man/man7/EVP_RAND-HMAC-DRBG.7ssl.gz", "/usr/share/man/man7/EVP_RAND-SEED-SRC.7ssl.gz", "/usr/share/man/man7/EVP_RAND-TEST-RAND.7ssl.gz", "/usr/share/man/man7/EVP_RAND.7ssl.gz", "/usr/share/man/man7/EVP_SIGNATURE-DSA.7ssl.gz", "/usr/share/man/man7/EVP_SIGNATURE-ECDSA.7ssl.gz", "/usr/share/man/man7/EVP_SIGNATURE-ED25519.7ssl.gz", "/usr/share/man/man7/EVP_SIGNATURE-HMAC.7ssl.gz", "/usr/share/man/man7/EVP_SIGNATURE-RSA.7ssl.gz", "/usr/share/man/man7/OSSL_PROVIDER-FIPS.7ssl.gz", "/usr/share/man/man7/OSSL_PROVIDER-base.7ssl.gz", "/usr/share/man/man7/OSSL_PROVIDER-default.7ssl.gz", "/usr/share/man/man7/OSSL_PROVIDER-legacy.7ssl.gz", "/usr/share/man/man7/OSSL_PROVIDER-null.7ssl.gz", "/usr/share/man/man7/RAND.7ssl.gz", "/usr/share/man/man7/RSA-PSS.7ssl.gz", "/usr/share/man/man7/X25519.7ssl.gz", "/usr/share/man/man7/bio.7ssl.gz", "/usr/share/man/man7/crypto.7ssl.gz", "/usr/share/man/man7/ct.7ssl.gz", "/usr/share/man/man7/des_modes.7ssl.gz", "/usr/share/man/man7/evp.7ssl.gz", "/usr/share/man/man7/fips_module.7ssl.gz", "/usr/share/man/man7/life_cycle-cipher.7ssl.gz", "/usr/share/man/man7/life_cycle-digest.7ssl.gz", "/usr/share/man/man7/life_cycle-kdf.7ssl.gz", "/usr/share/man/man7/life_cycle-mac.7ssl.gz", "/usr/share/man/man7/life_cycle-pkey.7ssl.gz", "/usr/share/man/man7/life_cycle-rand.7ssl.gz", "/usr/share/man/man7/migration_guide.7ssl.gz", "/usr/share/man/man7/openssl-core.h.7ssl.gz", "/usr/share/man/man7/openssl-core_dispatch.h.7ssl.gz", "/usr/share/man/man7/openssl-core_names.h.7ssl.gz", "/usr/share/man/man7/openssl-env.7ssl.gz", "/usr/share/man/man7/openssl-glossary.7ssl.gz", "/usr/share/man/man7/openssl-threads.7ssl.gz", "/usr/share/man/man7/openssl_user_macros.7ssl.gz", "/usr/share/man/man7/ossl_store-file.7ssl.gz", "/usr/share/man/man7/ossl_store.7ssl.gz", "/usr/share/man/man7/passphrase-encoding.7ssl.gz", "/usr/share/man/man7/property.7ssl.gz", "/usr/share/man/man7/provider-asym_cipher.7ssl.gz", "/usr/share/man/man7/provider-base.7ssl.gz", "/usr/share/man/man7/provider-cipher.7ssl.gz", "/usr/share/man/man7/provider-decoder.7ssl.gz", "/usr/share/man/man7/provider-digest.7ssl.gz", "/usr/share/man/man7/provider-encoder.7ssl.gz", "/usr/share/man/man7/provider-kdf.7ssl.gz", "/usr/share/man/man7/provider-kem.7ssl.gz", "/usr/share/man/man7/provider-keyexch.7ssl.gz", "/usr/share/man/man7/provider-keymgmt.7ssl.gz", "/usr/share/man/man7/provider-mac.7ssl.gz", "/usr/share/man/man7/provider-object.7ssl.gz", "/usr/share/man/man7/provider-rand.7ssl.gz", "/usr/share/man/man7/provider-signature.7ssl.gz", "/usr/share/man/man7/provider-storemgmt.7ssl.gz", "/usr/share/man/man7/provider.7ssl.gz", "/usr/share/man/man7/proxy-certificates.7ssl.gz", "/usr/share/man/man7/ssl.7ssl.gz", "/usr/share/man/man7/x509.7ssl.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "passwd@1:4.13+dfsg1-1ubuntu1.1", "Name": "passwd", "Identifier": { "PURL": "pkg:deb/ubuntu/passwd@4.13%2Bdfsg1-1ubuntu1.1?arch=amd64\u0026distro=ubuntu-23.10\u0026epoch=1", "UID": "4e7d69e554075421" }, "Version": "4.13+dfsg1", "Release": "1ubuntu1.1", "Epoch": 1, "Arch": "amd64", "SrcName": "shadow", "SrcVersion": "4.13+dfsg1", "SrcRelease": "1ubuntu1.1", "SrcEpoch": 1, "Licenses": [ "BSD-3-Clause", "GPL-1.0-only", "GPL-2.0-or-later", "public-domain", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libaudit1@1:3.1.1-1", "libc6@2.38-1ubuntu6.3", "libcrypt1@1:4.4.36-2", "libpam-modules@1.5.2-6ubuntu1.1", "libpam0g@1.5.2-6ubuntu1.1", "libselinux1@3.5-1", "libsemanage2@3.5-1" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/sbin/shadowconfig", "/usr/bin/chage", "/usr/bin/chfn", "/usr/bin/chsh", "/usr/bin/expiry", "/usr/bin/gpasswd", "/usr/bin/passwd", "/usr/lib/tmpfiles.d/passwd.conf", "/usr/sbin/chgpasswd", "/usr/sbin/chpasswd", "/usr/sbin/cppw", "/usr/sbin/groupadd", "/usr/sbin/groupdel", "/usr/sbin/groupmems", "/usr/sbin/groupmod", "/usr/sbin/grpck", "/usr/sbin/grpconv", "/usr/sbin/grpunconv", "/usr/sbin/newusers", "/usr/sbin/pwck", "/usr/sbin/pwconv", "/usr/sbin/pwunconv", "/usr/sbin/useradd", "/usr/sbin/userdel", "/usr/sbin/usermod", "/usr/sbin/vipw", "/usr/share/doc/passwd/NEWS.Debian.gz", "/usr/share/doc/passwd/README.Debian", "/usr/share/doc/passwd/TODO.Debian", "/usr/share/doc/passwd/changelog.Debian.gz", "/usr/share/doc/passwd/copyright", "/usr/share/doc/passwd/examples/passwd.expire.cron", "/usr/share/lintian/overrides/passwd", "/usr/share/man/cs/man1/expiry.1.gz", "/usr/share/man/cs/man1/gpasswd.1.gz", "/usr/share/man/cs/man5/gshadow.5.gz", "/usr/share/man/cs/man5/passwd.5.gz", "/usr/share/man/cs/man5/shadow.5.gz", "/usr/share/man/cs/man8/groupadd.8.gz", "/usr/share/man/cs/man8/groupdel.8.gz", "/usr/share/man/cs/man8/groupmod.8.gz", "/usr/share/man/cs/man8/grpck.8.gz", "/usr/share/man/cs/man8/vipw.8.gz", "/usr/share/man/da/man1/chfn.1.gz", "/usr/share/man/da/man5/gshadow.5.gz", "/usr/share/man/da/man8/groupdel.8.gz", "/usr/share/man/da/man8/vipw.8.gz", "/usr/share/man/de/man1/chage.1.gz", "/usr/share/man/de/man1/chfn.1.gz", "/usr/share/man/de/man1/chsh.1.gz", "/usr/share/man/de/man1/expiry.1.gz", "/usr/share/man/de/man1/gpasswd.1.gz", "/usr/share/man/de/man1/passwd.1.gz", "/usr/share/man/de/man5/gshadow.5.gz", "/usr/share/man/de/man5/passwd.5.gz", "/usr/share/man/de/man5/shadow.5.gz", "/usr/share/man/de/man8/chgpasswd.8.gz", "/usr/share/man/de/man8/chpasswd.8.gz", "/usr/share/man/de/man8/groupadd.8.gz", "/usr/share/man/de/man8/groupdel.8.gz", "/usr/share/man/de/man8/groupmems.8.gz", "/usr/share/man/de/man8/groupmod.8.gz", "/usr/share/man/de/man8/grpck.8.gz", "/usr/share/man/de/man8/newusers.8.gz", "/usr/share/man/de/man8/pwck.8.gz", "/usr/share/man/de/man8/pwconv.8.gz", "/usr/share/man/de/man8/useradd.8.gz", "/usr/share/man/de/man8/userdel.8.gz", "/usr/share/man/de/man8/usermod.8.gz", "/usr/share/man/de/man8/vipw.8.gz", "/usr/share/man/fi/man1/chfn.1.gz", "/usr/share/man/fi/man1/chsh.1.gz", "/usr/share/man/fr/man1/chage.1.gz", "/usr/share/man/fr/man1/chfn.1.gz", "/usr/share/man/fr/man1/chsh.1.gz", "/usr/share/man/fr/man1/expiry.1.gz", "/usr/share/man/fr/man1/gpasswd.1.gz", "/usr/share/man/fr/man1/passwd.1.gz", "/usr/share/man/fr/man5/gshadow.5.gz", "/usr/share/man/fr/man5/passwd.5.gz", "/usr/share/man/fr/man5/shadow.5.gz", "/usr/share/man/fr/man5/subgid.5.gz", "/usr/share/man/fr/man5/subuid.5.gz", "/usr/share/man/fr/man8/chgpasswd.8.gz", "/usr/share/man/fr/man8/chpasswd.8.gz", "/usr/share/man/fr/man8/groupadd.8.gz", "/usr/share/man/fr/man8/groupdel.8.gz", "/usr/share/man/fr/man8/groupmems.8.gz", "/usr/share/man/fr/man8/groupmod.8.gz", "/usr/share/man/fr/man8/grpck.8.gz", "/usr/share/man/fr/man8/newusers.8.gz", "/usr/share/man/fr/man8/pwck.8.gz", "/usr/share/man/fr/man8/pwconv.8.gz", "/usr/share/man/fr/man8/useradd.8.gz", "/usr/share/man/fr/man8/userdel.8.gz", "/usr/share/man/fr/man8/usermod.8.gz", "/usr/share/man/fr/man8/vipw.8.gz", "/usr/share/man/hu/man1/chsh.1.gz", "/usr/share/man/hu/man1/gpasswd.1.gz", "/usr/share/man/hu/man1/passwd.1.gz", "/usr/share/man/hu/man5/passwd.5.gz", "/usr/share/man/id/man1/chsh.1.gz", "/usr/share/man/id/man8/useradd.8.gz", "/usr/share/man/it/man1/chage.1.gz", "/usr/share/man/it/man1/chfn.1.gz", "/usr/share/man/it/man1/chsh.1.gz", "/usr/share/man/it/man1/expiry.1.gz", "/usr/share/man/it/man1/gpasswd.1.gz", "/usr/share/man/it/man1/passwd.1.gz", "/usr/share/man/it/man5/gshadow.5.gz", "/usr/share/man/it/man5/passwd.5.gz", "/usr/share/man/it/man5/shadow.5.gz", "/usr/share/man/it/man8/chgpasswd.8.gz", "/usr/share/man/it/man8/chpasswd.8.gz", "/usr/share/man/it/man8/groupadd.8.gz", "/usr/share/man/it/man8/groupdel.8.gz", "/usr/share/man/it/man8/groupmems.8.gz", "/usr/share/man/it/man8/groupmod.8.gz", "/usr/share/man/it/man8/grpck.8.gz", "/usr/share/man/it/man8/newusers.8.gz", "/usr/share/man/it/man8/pwck.8.gz", "/usr/share/man/it/man8/pwconv.8.gz", "/usr/share/man/it/man8/useradd.8.gz", "/usr/share/man/it/man8/userdel.8.gz", "/usr/share/man/it/man8/usermod.8.gz", "/usr/share/man/it/man8/vipw.8.gz", "/usr/share/man/ja/man1/chage.1.gz", "/usr/share/man/ja/man1/chfn.1.gz", "/usr/share/man/ja/man1/chsh.1.gz", "/usr/share/man/ja/man1/expiry.1.gz", "/usr/share/man/ja/man1/gpasswd.1.gz", "/usr/share/man/ja/man1/passwd.1.gz", "/usr/share/man/ja/man5/passwd.5.gz", "/usr/share/man/ja/man5/shadow.5.gz", "/usr/share/man/ja/man8/chpasswd.8.gz", "/usr/share/man/ja/man8/groupadd.8.gz", "/usr/share/man/ja/man8/groupdel.8.gz", "/usr/share/man/ja/man8/groupmod.8.gz", "/usr/share/man/ja/man8/grpck.8.gz", "/usr/share/man/ja/man8/newusers.8.gz", "/usr/share/man/ja/man8/pwck.8.gz", "/usr/share/man/ja/man8/pwconv.8.gz", "/usr/share/man/ja/man8/useradd.8.gz", "/usr/share/man/ja/man8/userdel.8.gz", "/usr/share/man/ja/man8/usermod.8.gz", "/usr/share/man/ja/man8/vipw.8.gz", "/usr/share/man/ko/man1/chfn.1.gz", "/usr/share/man/ko/man1/chsh.1.gz", "/usr/share/man/ko/man5/passwd.5.gz", "/usr/share/man/ko/man8/vipw.8.gz", "/usr/share/man/man1/chage.1.gz", "/usr/share/man/man1/chfn.1.gz", "/usr/share/man/man1/chsh.1.gz", "/usr/share/man/man1/expiry.1.gz", "/usr/share/man/man1/gpasswd.1.gz", "/usr/share/man/man1/passwd.1.gz", "/usr/share/man/man5/gshadow.5.gz", "/usr/share/man/man5/passwd.5.gz", "/usr/share/man/man5/shadow.5.gz", "/usr/share/man/man5/subgid.5.gz", "/usr/share/man/man5/subuid.5.gz", "/usr/share/man/man8/chgpasswd.8.gz", "/usr/share/man/man8/chpasswd.8.gz", "/usr/share/man/man8/cppw.8.gz", "/usr/share/man/man8/groupadd.8.gz", "/usr/share/man/man8/groupdel.8.gz", "/usr/share/man/man8/groupmems.8.gz", "/usr/share/man/man8/groupmod.8.gz", "/usr/share/man/man8/grpck.8.gz", "/usr/share/man/man8/newusers.8.gz", "/usr/share/man/man8/pwck.8.gz", "/usr/share/man/man8/pwconv.8.gz", "/usr/share/man/man8/useradd.8.gz", "/usr/share/man/man8/userdel.8.gz", "/usr/share/man/man8/usermod.8.gz", "/usr/share/man/man8/vipw.8.gz", "/usr/share/man/pl/man1/chage.1.gz", "/usr/share/man/pl/man1/chsh.1.gz", "/usr/share/man/pl/man1/expiry.1.gz", "/usr/share/man/pl/man8/groupadd.8.gz", "/usr/share/man/pl/man8/groupdel.8.gz", "/usr/share/man/pl/man8/groupmems.8.gz", "/usr/share/man/pl/man8/groupmod.8.gz", "/usr/share/man/pl/man8/grpck.8.gz", "/usr/share/man/pl/man8/userdel.8.gz", "/usr/share/man/pl/man8/usermod.8.gz", "/usr/share/man/pl/man8/vipw.8.gz", "/usr/share/man/pt_BR/man1/gpasswd.1.gz", "/usr/share/man/pt_BR/man5/passwd.5.gz", "/usr/share/man/pt_BR/man5/shadow.5.gz", "/usr/share/man/pt_BR/man8/groupadd.8.gz", "/usr/share/man/pt_BR/man8/groupdel.8.gz", "/usr/share/man/pt_BR/man8/groupmod.8.gz", "/usr/share/man/ru/man1/chage.1.gz", "/usr/share/man/ru/man1/chfn.1.gz", "/usr/share/man/ru/man1/chsh.1.gz", "/usr/share/man/ru/man1/expiry.1.gz", "/usr/share/man/ru/man1/gpasswd.1.gz", "/usr/share/man/ru/man1/passwd.1.gz", "/usr/share/man/ru/man5/gshadow.5.gz", "/usr/share/man/ru/man5/passwd.5.gz", "/usr/share/man/ru/man5/shadow.5.gz", "/usr/share/man/ru/man8/chgpasswd.8.gz", "/usr/share/man/ru/man8/chpasswd.8.gz", "/usr/share/man/ru/man8/groupadd.8.gz", "/usr/share/man/ru/man8/groupdel.8.gz", "/usr/share/man/ru/man8/groupmems.8.gz", "/usr/share/man/ru/man8/groupmod.8.gz", "/usr/share/man/ru/man8/grpck.8.gz", "/usr/share/man/ru/man8/newusers.8.gz", "/usr/share/man/ru/man8/pwck.8.gz", "/usr/share/man/ru/man8/pwconv.8.gz", "/usr/share/man/ru/man8/useradd.8.gz", "/usr/share/man/ru/man8/userdel.8.gz", "/usr/share/man/ru/man8/usermod.8.gz", "/usr/share/man/ru/man8/vipw.8.gz", "/usr/share/man/sv/man1/chage.1.gz", "/usr/share/man/sv/man1/chsh.1.gz", "/usr/share/man/sv/man1/expiry.1.gz", "/usr/share/man/sv/man1/passwd.1.gz", "/usr/share/man/sv/man5/gshadow.5.gz", "/usr/share/man/sv/man5/passwd.5.gz", "/usr/share/man/sv/man8/groupadd.8.gz", "/usr/share/man/sv/man8/groupdel.8.gz", "/usr/share/man/sv/man8/groupmems.8.gz", "/usr/share/man/sv/man8/groupmod.8.gz", "/usr/share/man/sv/man8/grpck.8.gz", "/usr/share/man/sv/man8/pwck.8.gz", "/usr/share/man/sv/man8/userdel.8.gz", "/usr/share/man/sv/man8/vipw.8.gz", "/usr/share/man/tr/man1/chage.1.gz", "/usr/share/man/tr/man1/chfn.1.gz", "/usr/share/man/tr/man1/passwd.1.gz", "/usr/share/man/tr/man5/passwd.5.gz", "/usr/share/man/tr/man5/shadow.5.gz", "/usr/share/man/tr/man8/groupadd.8.gz", "/usr/share/man/tr/man8/groupdel.8.gz", "/usr/share/man/tr/man8/groupmod.8.gz", "/usr/share/man/tr/man8/useradd.8.gz", "/usr/share/man/tr/man8/userdel.8.gz", "/usr/share/man/tr/man8/usermod.8.gz", "/usr/share/man/uk/man1/chage.1.gz", "/usr/share/man/uk/man1/chfn.1.gz", "/usr/share/man/uk/man1/chsh.1.gz", "/usr/share/man/uk/man1/expiry.1.gz", "/usr/share/man/uk/man1/gpasswd.1.gz", "/usr/share/man/uk/man1/passwd.1.gz", "/usr/share/man/uk/man5/gshadow.5.gz", "/usr/share/man/uk/man5/passwd.5.gz", "/usr/share/man/uk/man5/shadow.5.gz", "/usr/share/man/uk/man8/chgpasswd.8.gz", "/usr/share/man/uk/man8/chpasswd.8.gz", "/usr/share/man/uk/man8/groupadd.8.gz", "/usr/share/man/uk/man8/groupdel.8.gz", "/usr/share/man/uk/man8/groupmems.8.gz", "/usr/share/man/uk/man8/groupmod.8.gz", "/usr/share/man/uk/man8/grpck.8.gz", "/usr/share/man/uk/man8/newusers.8.gz", "/usr/share/man/uk/man8/pwck.8.gz", "/usr/share/man/uk/man8/pwconv.8.gz", "/usr/share/man/uk/man8/useradd.8.gz", "/usr/share/man/uk/man8/userdel.8.gz", "/usr/share/man/uk/man8/usermod.8.gz", "/usr/share/man/uk/man8/vipw.8.gz", "/usr/share/man/zh_CN/man1/chage.1.gz", "/usr/share/man/zh_CN/man1/chfn.1.gz", "/usr/share/man/zh_CN/man1/chsh.1.gz", "/usr/share/man/zh_CN/man1/expiry.1.gz", "/usr/share/man/zh_CN/man1/gpasswd.1.gz", "/usr/share/man/zh_CN/man1/passwd.1.gz", "/usr/share/man/zh_CN/man5/gshadow.5.gz", "/usr/share/man/zh_CN/man5/passwd.5.gz", "/usr/share/man/zh_CN/man5/shadow.5.gz", "/usr/share/man/zh_CN/man8/chgpasswd.8.gz", "/usr/share/man/zh_CN/man8/chpasswd.8.gz", "/usr/share/man/zh_CN/man8/groupadd.8.gz", "/usr/share/man/zh_CN/man8/groupdel.8.gz", "/usr/share/man/zh_CN/man8/groupmems.8.gz", "/usr/share/man/zh_CN/man8/groupmod.8.gz", "/usr/share/man/zh_CN/man8/grpck.8.gz", "/usr/share/man/zh_CN/man8/newusers.8.gz", "/usr/share/man/zh_CN/man8/pwck.8.gz", "/usr/share/man/zh_CN/man8/pwconv.8.gz", "/usr/share/man/zh_CN/man8/useradd.8.gz", "/usr/share/man/zh_CN/man8/userdel.8.gz", "/usr/share/man/zh_CN/man8/usermod.8.gz", "/usr/share/man/zh_CN/man8/vipw.8.gz", "/usr/share/man/zh_TW/man1/chfn.1.gz", "/usr/share/man/zh_TW/man1/chsh.1.gz", "/usr/share/man/zh_TW/man5/passwd.5.gz", "/usr/share/man/zh_TW/man8/chpasswd.8.gz", "/usr/share/man/zh_TW/man8/groupadd.8.gz", "/usr/share/man/zh_TW/man8/groupdel.8.gz", "/usr/share/man/zh_TW/man8/groupmod.8.gz", "/usr/share/man/zh_TW/man8/useradd.8.gz", "/usr/share/man/zh_TW/man8/userdel.8.gz", "/usr/share/man/zh_TW/man8/usermod.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "perl@5.36.0-9ubuntu1.1", "Name": "perl", "Identifier": { "PURL": "pkg:deb/ubuntu/perl@5.36.0-9ubuntu1.1?arch=amd64\u0026distro=ubuntu-23.10", "UID": "1bcdacf903742782" }, "Version": "5.36.0", "Release": "9ubuntu1.1", "Arch": "amd64", "SrcName": "perl", "SrcVersion": "5.36.0", "SrcRelease": "9ubuntu1.1", "Licenses": [ "GPL-1.0-or-later", "Artistic-2.0", "MIT", "REGCOMP", "GPL-2.0-with-bison-exception+", "Unicode", "BZIP", "Zlib", "GPL-2.0-or-later", "RRA-KEEP-THIS-NOTICE", "BSD-3-clause-with-weird-numbering", "CC0-1.0", "TEXT-TABS", "BSD-4-clause-POWERDOG", "BSD-3-clause-GENERIC", "BSD-3-Clause", "SDBM-PUBLIC-DOMAIN", "DONT-CHANGE-THE-GPL", "Artistic-dist", "LGPL-2.1-only", "GPL-1.0-only", "GPL-2.0-only", "Artistic-2", "HSIEH-DERIVATIVE", "HSIEH-BSD" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libperl5.36@5.36.0-9ubuntu1.1", "perl-base@5.36.0-9ubuntu1.1", "perl-modules-5.36@5.36.0-9ubuntu1.1" ], "Layer": { "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" }, "InstalledFiles": [ "/usr/bin/corelist", "/usr/bin/cpan", "/usr/bin/enc2xs", "/usr/bin/encguess", "/usr/bin/h2ph", "/usr/bin/h2xs", "/usr/bin/instmodsh", "/usr/bin/json_pp", "/usr/bin/libnetcfg", "/usr/bin/perlbug", "/usr/bin/perldoc", "/usr/bin/perlivp", "/usr/bin/perlthanks", "/usr/bin/piconv", "/usr/bin/pl2pm", "/usr/bin/pod2html", "/usr/bin/pod2man", "/usr/bin/pod2text", "/usr/bin/pod2usage", "/usr/bin/podchecker", "/usr/bin/prove", "/usr/bin/ptar", "/usr/bin/ptardiff", "/usr/bin/ptargrep", "/usr/bin/shasum", "/usr/bin/splain", "/usr/bin/streamzip", "/usr/bin/xsubpp", "/usr/bin/zipdetails", "/usr/share/doc/perl/README.Debian", "/usr/share/doc/perl/copyright", "/usr/share/lintian/overrides/perl", "/usr/share/man/man1/corelist.1.gz", "/usr/share/man/man1/cpan.1.gz", "/usr/share/man/man1/enc2xs.1.gz", "/usr/share/man/man1/encguess.1.gz", "/usr/share/man/man1/h2ph.1.gz", "/usr/share/man/man1/h2xs.1.gz", "/usr/share/man/man1/instmodsh.1.gz", "/usr/share/man/man1/json_pp.1.gz", "/usr/share/man/man1/libnetcfg.1.gz", "/usr/share/man/man1/perlbug.1.gz", "/usr/share/man/man1/perlivp.1.gz", "/usr/share/man/man1/piconv.1.gz", "/usr/share/man/man1/pl2pm.1.gz", "/usr/share/man/man1/pod2html.1.gz", "/usr/share/man/man1/pod2man.1.gz", "/usr/share/man/man1/pod2text.1.gz", "/usr/share/man/man1/pod2usage.1.gz", "/usr/share/man/man1/podchecker.1.gz", "/usr/share/man/man1/prove.1.gz", "/usr/share/man/man1/ptar.1.gz", "/usr/share/man/man1/ptardiff.1.gz", "/usr/share/man/man1/ptargrep.1.gz", "/usr/share/man/man1/shasum.1.gz", "/usr/share/man/man1/splain.1.gz", "/usr/share/man/man1/streamzip.1.gz", "/usr/share/man/man1/xsubpp.1.gz", "/usr/share/man/man1/zipdetails.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "perl-base@5.36.0-9ubuntu1.1", "Name": "perl-base", "Identifier": { "PURL": "pkg:deb/ubuntu/perl-base@5.36.0-9ubuntu1.1?arch=amd64\u0026distro=ubuntu-23.10", "UID": "cc217ef2a5896c5d" }, "Version": "5.36.0", "Release": "9ubuntu1.1", "Arch": "amd64", "SrcName": "perl", "SrcVersion": "5.36.0", "SrcRelease": "9ubuntu1.1", "Licenses": [ "GPL-1.0-or-later", "Artistic-2.0", "MIT", "REGCOMP", "GPL-2.0-with-bison-exception+", "Unicode", "BZIP", "Zlib", "GPL-2.0-or-later", "RRA-KEEP-THIS-NOTICE", "BSD-3-clause-with-weird-numbering", "CC0-1.0", "TEXT-TABS", "BSD-4-clause-POWERDOG", "BSD-3-clause-GENERIC", "BSD-3-Clause", "SDBM-PUBLIC-DOMAIN", "DONT-CHANGE-THE-GPL", "Artistic-dist", "LGPL-2.1-only", "GPL-1.0-only", "GPL-2.0-only", "Artistic-2", "HSIEH-DERIVATIVE", "HSIEH-BSD" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/usr/bin/perl", "/usr/bin/perl5.36.0", "/usr/lib/x86_64-linux-gnu/perl-base/AutoLoader.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Carp.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Carp/Heavy.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Config.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Config_git.pl", "/usr/lib/x86_64-linux-gnu/perl-base/Config_heavy.pl", "/usr/lib/x86_64-linux-gnu/perl-base/Cwd.pm", "/usr/lib/x86_64-linux-gnu/perl-base/DynaLoader.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Errno.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Exporter.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Exporter/Heavy.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Fcntl.pm", "/usr/lib/x86_64-linux-gnu/perl-base/File/Basename.pm", "/usr/lib/x86_64-linux-gnu/perl-base/File/Glob.pm", "/usr/lib/x86_64-linux-gnu/perl-base/File/Path.pm", "/usr/lib/x86_64-linux-gnu/perl-base/File/Spec.pm", "/usr/lib/x86_64-linux-gnu/perl-base/File/Spec/Unix.pm", "/usr/lib/x86_64-linux-gnu/perl-base/File/Temp.pm", "/usr/lib/x86_64-linux-gnu/perl-base/FileHandle.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Getopt/Long.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Hash/Util.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/File.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Handle.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Pipe.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Seekable.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Select.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket/INET.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket/IP.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket/UNIX.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IPC/Open2.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IPC/Open3.pm", "/usr/lib/x86_64-linux-gnu/perl-base/List/Util.pm", "/usr/lib/x86_64-linux-gnu/perl-base/POSIX.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Scalar/Util.pm", "/usr/lib/x86_64-linux-gnu/perl-base/SelectSaver.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Socket.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Symbol.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Text/ParseWords.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Text/Tabs.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Text/Wrap.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Tie/Hash.pm", "/usr/lib/x86_64-linux-gnu/perl-base/XSLoader.pm", "/usr/lib/x86_64-linux-gnu/perl-base/attributes.pm", "/usr/lib/x86_64-linux-gnu/perl-base/auto/Cwd/Cwd.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/Fcntl/Fcntl.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/File/Glob/Glob.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/Hash/Util/Util.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/IO/IO.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/List/Util/Util.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/POSIX/POSIX.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/Socket/Socket.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/attributes/attributes.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/re/re.so", "/usr/lib/x86_64-linux-gnu/perl-base/base.pm", "/usr/lib/x86_64-linux-gnu/perl-base/builtin.pm", "/usr/lib/x86_64-linux-gnu/perl-base/bytes.pm", "/usr/lib/x86_64-linux-gnu/perl-base/bytes_heavy.pl", "/usr/lib/x86_64-linux-gnu/perl-base/constant.pm", "/usr/lib/x86_64-linux-gnu/perl-base/feature.pm", "/usr/lib/x86_64-linux-gnu/perl-base/fields.pm", "/usr/lib/x86_64-linux-gnu/perl-base/integer.pm", "/usr/lib/x86_64-linux-gnu/perl-base/lib.pm", "/usr/lib/x86_64-linux-gnu/perl-base/locale.pm", "/usr/lib/x86_64-linux-gnu/perl-base/overload.pm", "/usr/lib/x86_64-linux-gnu/perl-base/overloading.pm", "/usr/lib/x86_64-linux-gnu/perl-base/parent.pm", "/usr/lib/x86_64-linux-gnu/perl-base/re.pm", "/usr/lib/x86_64-linux-gnu/perl-base/strict.pm", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Age.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bmg.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bpb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bpt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Cf.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Ea.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/EqUIdeo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/GCB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Gc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Hst.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Identif2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Identifi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/InPC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/InSC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Isc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Jg.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Jt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Lb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Lc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFCQC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFDQC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFKCCF.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFKCQC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFKDQC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Na1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NameAlia.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Nt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Nv.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/PerlDeci.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/SB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Sc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Scx.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Tc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Uc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Vo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/WB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/_PerlLB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/_PerlSCX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/NA.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V100.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V11.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V110.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V120.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V130.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V140.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V20.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V30.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V31.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V32.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V40.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V41.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V50.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V51.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V52.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V60.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V61.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V70.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V80.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V90.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Alpha/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/AL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/AN.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/B.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/BN.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/CS.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/EN.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/ES.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/ET.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/L.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/NSM.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/ON.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/R.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/WS.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/BidiC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/BidiM/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Blk/NB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bpt/C.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bpt/N.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bpt/O.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CE/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CI/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWCF/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWCM/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWKCF/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWL/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWT/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWU/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Cased/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/A.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/AL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/AR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/ATAR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/B.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/BR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/DB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/NK.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/NR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/OV.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/VR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CompEx/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/DI/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dash/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dep/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dia/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Com.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Enc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Fin.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Font.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Init.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Iso.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Med.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Nar.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Nb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/NonCanon.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Sqr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Sub.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Sup.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Vert.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/EBase/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/EComp/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/EPres/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/A.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/H.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/N.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/Na.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/W.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Emoji/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ext/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/ExtPict/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/CN.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/EX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/LV.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/LVT.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/PP.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/SM.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/XX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/C.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Cf.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Cn.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/L.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/LC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Ll.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Lm.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Lo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Lu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/M.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Mc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Me.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Mn.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/N.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Nd.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Nl.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/No.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/P.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pd.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pe.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pf.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Po.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Ps.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/S.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Sc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Sk.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Sm.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/So.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Z.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Zs.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GrBase/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GrExt/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Hex/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Hst/NA.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Hyphen/T.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IDC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IDS/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdStatus/Allowed.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdStatus/Restrict.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/DefaultI.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Exclusio.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Inclusio.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/LimitedU.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/NotChara.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/NotNFKC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/NotXID.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Obsolete.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Recommen.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Technica.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Uncommon.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ideo/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/10_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/11_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/12_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/12_1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/13_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/14_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/2_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/2_1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/3_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/3_1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/3_2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/4_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/4_1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/5_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/5_1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/5_2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_3.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/7_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/8_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/9_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Bottom.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/BottomAn.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Left.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/LeftAndR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/NA.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Overstru.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Right.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Top.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndBo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndL2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndLe.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndRi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/VisualOr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Avagraha.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Bindu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Cantilla.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona3.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona4.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona5.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona6.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona7.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona8.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consonan.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Invisibl.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Nukta.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Number.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Other.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/PureKill.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Syllable.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/ToneMark.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Virama.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Visarga.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Vowel.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/VowelDep.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/VowelInd.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Ain.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Alef.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Beh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Dal.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/FarsiYeh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Feh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Gaf.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Hah.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/HanifiRo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Kaf.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Lam.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/NoJoinin.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Noon.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Qaf.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Reh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Sad.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Seen.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Tah.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Waw.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Yeh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/C.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/D.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/L.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/R.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/T.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/U.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/AI.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/AL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/BA.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/BB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/CJ.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/CL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/CM.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/EX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/GL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/ID.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/IN.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/IS.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/NS.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/NU.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/OP.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/PO.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/PR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/QU.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/SA.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/XX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lower/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Math/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFCQC/M.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFCQC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFDQC/N.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFDQC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKCQC/N.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKCQC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKDQC/N.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKDQC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nt/Di.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nt/None.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nt/Nu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/10.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/100.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/10000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/100000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/11.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/12.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/13.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/14.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/15.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/16.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/17.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/18.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/19.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_16.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_3.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_4.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_6.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_8.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/20.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/200.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/2000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/20000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/2_3.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/30.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/300.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/30000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3_16.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3_4.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/4.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/40.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/400.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/4000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/40000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/5.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/50.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/500.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/5000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/50000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/6.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/60.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/600.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/6000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/60000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/7.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/70.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/700.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/7000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/70000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/8.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/80.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/800.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/8000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/80000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/9.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/90.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/900.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/9000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/90000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/PCM/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/PatSyn/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Alnum.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Assigned.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Blank.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Graph.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/PerlWord.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/PosixPun.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Print.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/SpacePer.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Title.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Word.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/XPosixPu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlAny.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlCh2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlCha.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlFol.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlIDC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlIDS.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlIsI.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlNch.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlPat.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlPr2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlPro.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlQuo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/QMark/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/AT.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/CL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/EX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/FO.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/LE.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/LO.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/NU.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/SC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/ST.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/Sp.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/UP.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/XX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SD/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/STerm/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Arab.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Beng.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Cprt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Cyrl.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Deva.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Dupl.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Geor.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Glag.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gong.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gonm.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gran.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Grek.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gujr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Guru.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Han.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Hang.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Hira.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Kana.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Knda.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Latn.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Limb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Linb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Mlym.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Mong.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Mult.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Orya.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Sinh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Syrc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Taml.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Telu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Zinh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Zyyy.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Adlm.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Arab.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Armn.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Beng.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Bhks.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Bopo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cakm.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cham.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Copt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cprt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cyrl.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Deva.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Diak.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Dupl.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Ethi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Geor.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Glag.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gong.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gonm.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gran.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Grek.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gujr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Guru.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Han.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hang.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hebr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hira.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hmng.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hmnp.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Kana.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Khar.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Khmr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Khoj.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Knda.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Kthi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Lana.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Lao.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Latn.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Limb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Lina.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Linb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mlym.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mong.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mult.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mymr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Nand.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Nko.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Orya.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Phlp.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Rohg.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Shrd.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Sind.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Sinh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Syrc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tagb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Takr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Talu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Taml.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tang.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Telu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Thaa.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tibt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tirh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Vith.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Xsux.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Yezi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Yi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Zinh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Zyyy.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Zzzz.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Term/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/UIdeo/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Upper/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/VS/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/R.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/Tr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/Tu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/U.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/EX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/Extend.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/FO.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/HL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/KA.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/LE.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/MB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/ML.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/MN.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/NU.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/WSegSpac.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/XX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/XIDC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/XIDS/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/utf8.pm", "/usr/lib/x86_64-linux-gnu/perl-base/vars.pm", "/usr/lib/x86_64-linux-gnu/perl-base/warnings.pm", "/usr/lib/x86_64-linux-gnu/perl-base/warnings/register.pm", "/usr/share/doc/perl-base/changelog.Debian.gz", "/usr/share/doc/perl-base/copyright", "/usr/share/doc/perl/AUTHORS.gz", "/usr/share/doc/perl/Documentation", "/usr/share/lintian/overrides/perl-base", "/usr/share/man/man1/perl.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "perl-modules-5.36@5.36.0-9ubuntu1.1", "Name": "perl-modules-5.36", "Identifier": { "PURL": "pkg:deb/ubuntu/perl-modules-5.36@5.36.0-9ubuntu1.1?arch=all\u0026distro=ubuntu-23.10", "UID": "b83fdc2e07aac91b" }, "Version": "5.36.0", "Release": "9ubuntu1.1", "Arch": "all", "SrcName": "perl", "SrcVersion": "5.36.0", "SrcRelease": "9ubuntu1.1", "Licenses": [ "GPL-1.0-or-later", "Artistic-2.0", "MIT", "REGCOMP", "GPL-2.0-with-bison-exception+", "Unicode", "BZIP", "Zlib", "GPL-2.0-or-later", "RRA-KEEP-THIS-NOTICE", "BSD-3-clause-with-weird-numbering", "CC0-1.0", "TEXT-TABS", "BSD-4-clause-POWERDOG", "BSD-3-clause-GENERIC", "BSD-3-Clause", "SDBM-PUBLIC-DOMAIN", "DONT-CHANGE-THE-GPL", "Artistic-dist", "LGPL-2.1-only", "GPL-1.0-only", "GPL-2.0-only", "Artistic-2", "HSIEH-DERIVATIVE", "HSIEH-BSD" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "perl-base@5.36.0-9ubuntu1.1" ], "Layer": { "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" }, "InstalledFiles": [ "/usr/share/doc/perl-modules-5.36/README.Debian", "/usr/share/doc/perl-modules-5.36/copyright", "/usr/share/perl/5.36.0/AnyDBM_File.pm", "/usr/share/perl/5.36.0/App/Cpan.pm", "/usr/share/perl/5.36.0/App/Prove.pm", "/usr/share/perl/5.36.0/App/Prove/State.pm", "/usr/share/perl/5.36.0/App/Prove/State/Result.pm", "/usr/share/perl/5.36.0/App/Prove/State/Result/Test.pm", "/usr/share/perl/5.36.0/Archive/Tar.pm", "/usr/share/perl/5.36.0/Archive/Tar/Constant.pm", "/usr/share/perl/5.36.0/Archive/Tar/File.pm", "/usr/share/perl/5.36.0/Attribute/Handlers.pm", "/usr/share/perl/5.36.0/AutoLoader.pm", "/usr/share/perl/5.36.0/AutoSplit.pm", "/usr/share/perl/5.36.0/B/Deparse.pm", "/usr/share/perl/5.36.0/B/Op_private.pm", "/usr/share/perl/5.36.0/Benchmark.pm", "/usr/share/perl/5.36.0/CORE.pod", "/usr/share/perl/5.36.0/CPAN.pm", "/usr/share/perl/5.36.0/CPAN/API/HOWTO.pod", "/usr/share/perl/5.36.0/CPAN/Author.pm", "/usr/share/perl/5.36.0/CPAN/Bundle.pm", "/usr/share/perl/5.36.0/CPAN/CacheMgr.pm", "/usr/share/perl/5.36.0/CPAN/Complete.pm", "/usr/share/perl/5.36.0/CPAN/Debug.pm", "/usr/share/perl/5.36.0/CPAN/DeferredCode.pm", "/usr/share/perl/5.36.0/CPAN/Distribution.pm", "/usr/share/perl/5.36.0/CPAN/Distroprefs.pm", "/usr/share/perl/5.36.0/CPAN/Distrostatus.pm", "/usr/share/perl/5.36.0/CPAN/Exception/RecursiveDependency.pm", "/usr/share/perl/5.36.0/CPAN/Exception/blocked_urllist.pm", "/usr/share/perl/5.36.0/CPAN/Exception/yaml_not_installed.pm", "/usr/share/perl/5.36.0/CPAN/Exception/yaml_process_error.pm", "/usr/share/perl/5.36.0/CPAN/FTP.pm", "/usr/share/perl/5.36.0/CPAN/FTP/netrc.pm", "/usr/share/perl/5.36.0/CPAN/FirstTime.pm", "/usr/share/perl/5.36.0/CPAN/HTTP/Client.pm", "/usr/share/perl/5.36.0/CPAN/HTTP/Credentials.pm", "/usr/share/perl/5.36.0/CPAN/HandleConfig.pm", "/usr/share/perl/5.36.0/CPAN/Index.pm", "/usr/share/perl/5.36.0/CPAN/InfoObj.pm", "/usr/share/perl/5.36.0/CPAN/Kwalify.pm", "/usr/share/perl/5.36.0/CPAN/Kwalify/distroprefs.dd", "/usr/share/perl/5.36.0/CPAN/Kwalify/distroprefs.yml", "/usr/share/perl/5.36.0/CPAN/LWP/UserAgent.pm", "/usr/share/perl/5.36.0/CPAN/Meta.pm", "/usr/share/perl/5.36.0/CPAN/Meta/Converter.pm", "/usr/share/perl/5.36.0/CPAN/Meta/Feature.pm", "/usr/share/perl/5.36.0/CPAN/Meta/History.pm", "/usr/share/perl/5.36.0/CPAN/Meta/History/Meta_1_0.pod", "/usr/share/perl/5.36.0/CPAN/Meta/History/Meta_1_1.pod", "/usr/share/perl/5.36.0/CPAN/Meta/History/Meta_1_2.pod", "/usr/share/perl/5.36.0/CPAN/Meta/History/Meta_1_3.pod", "/usr/share/perl/5.36.0/CPAN/Meta/History/Meta_1_4.pod", "/usr/share/perl/5.36.0/CPAN/Meta/Merge.pm", "/usr/share/perl/5.36.0/CPAN/Meta/Prereqs.pm", "/usr/share/perl/5.36.0/CPAN/Meta/Requirements.pm", "/usr/share/perl/5.36.0/CPAN/Meta/Spec.pm", "/usr/share/perl/5.36.0/CPAN/Meta/Validator.pm", "/usr/share/perl/5.36.0/CPAN/Meta/YAML.pm", "/usr/share/perl/5.36.0/CPAN/Mirrors.pm", "/usr/share/perl/5.36.0/CPAN/Module.pm", "/usr/share/perl/5.36.0/CPAN/Nox.pm", "/usr/share/perl/5.36.0/CPAN/Plugin.pm", "/usr/share/perl/5.36.0/CPAN/Plugin/Specfile.pm", "/usr/share/perl/5.36.0/CPAN/Prompt.pm", "/usr/share/perl/5.36.0/CPAN/Queue.pm", "/usr/share/perl/5.36.0/CPAN/Shell.pm", "/usr/share/perl/5.36.0/CPAN/Tarzip.pm", "/usr/share/perl/5.36.0/CPAN/URL.pm", "/usr/share/perl/5.36.0/CPAN/Version.pm", "/usr/share/perl/5.36.0/Carp.pm", "/usr/share/perl/5.36.0/Carp/Heavy.pm", "/usr/share/perl/5.36.0/Class/Struct.pm", "/usr/share/perl/5.36.0/Compress/Zlib.pm", "/usr/share/perl/5.36.0/Config/Extensions.pm", "/usr/share/perl/5.36.0/Config/Perl/V.pm", "/usr/share/perl/5.36.0/DB.pm", "/usr/share/perl/5.36.0/DBM_Filter.pm", "/usr/share/perl/5.36.0/DBM_Filter/compress.pm", "/usr/share/perl/5.36.0/DBM_Filter/encode.pm", "/usr/share/perl/5.36.0/DBM_Filter/int32.pm", "/usr/share/perl/5.36.0/DBM_Filter/null.pm", "/usr/share/perl/5.36.0/DBM_Filter/utf8.pm", "/usr/share/perl/5.36.0/Devel/SelfStubber.pm", "/usr/share/perl/5.36.0/Digest.pm", "/usr/share/perl/5.36.0/Digest/base.pm", "/usr/share/perl/5.36.0/Digest/file.pm", "/usr/share/perl/5.36.0/DirHandle.pm", "/usr/share/perl/5.36.0/Dumpvalue.pm", "/usr/share/perl/5.36.0/Encode/Changes.e2x", "/usr/share/perl/5.36.0/Encode/ConfigLocal_PM.e2x", "/usr/share/perl/5.36.0/Encode/Makefile_PL.e2x", "/usr/share/perl/5.36.0/Encode/PerlIO.pod", "/usr/share/perl/5.36.0/Encode/README.e2x", "/usr/share/perl/5.36.0/Encode/Supported.pod", "/usr/share/perl/5.36.0/Encode/_PM.e2x", "/usr/share/perl/5.36.0/Encode/_T.e2x", "/usr/share/perl/5.36.0/Encode/encode.h", "/usr/share/perl/5.36.0/English.pm", "/usr/share/perl/5.36.0/Env.pm", "/usr/share/perl/5.36.0/Exporter.pm", "/usr/share/perl/5.36.0/Exporter/Heavy.pm", "/usr/share/perl/5.36.0/ExtUtils/CBuilder.pm", "/usr/share/perl/5.36.0/ExtUtils/CBuilder/Base.pm", "/usr/share/perl/5.36.0/ExtUtils/CBuilder/Platform/Unix.pm", "/usr/share/perl/5.36.0/ExtUtils/CBuilder/Platform/VMS.pm", "/usr/share/perl/5.36.0/ExtUtils/CBuilder/Platform/Windows.pm", "/usr/share/perl/5.36.0/ExtUtils/CBuilder/Platform/Windows/BCC.pm", "/usr/share/perl/5.36.0/ExtUtils/CBuilder/Platform/Windows/GCC.pm", "/usr/share/perl/5.36.0/ExtUtils/CBuilder/Platform/Windows/MSVC.pm", "/usr/share/perl/5.36.0/ExtUtils/CBuilder/Platform/aix.pm", "/usr/share/perl/5.36.0/ExtUtils/CBuilder/Platform/android.pm", "/usr/share/perl/5.36.0/ExtUtils/CBuilder/Platform/cygwin.pm", "/usr/share/perl/5.36.0/ExtUtils/CBuilder/Platform/darwin.pm", "/usr/share/perl/5.36.0/ExtUtils/CBuilder/Platform/dec_osf.pm", "/usr/share/perl/5.36.0/ExtUtils/CBuilder/Platform/os2.pm", "/usr/share/perl/5.36.0/ExtUtils/Command.pm", "/usr/share/perl/5.36.0/ExtUtils/Command/MM.pm", "/usr/share/perl/5.36.0/ExtUtils/Constant.pm", "/usr/share/perl/5.36.0/ExtUtils/Constant/Base.pm", "/usr/share/perl/5.36.0/ExtUtils/Constant/ProxySubs.pm", "/usr/share/perl/5.36.0/ExtUtils/Constant/Utils.pm", "/usr/share/perl/5.36.0/ExtUtils/Constant/XS.pm", "/usr/share/perl/5.36.0/ExtUtils/Embed.pm", "/usr/share/perl/5.36.0/ExtUtils/Install.pm", "/usr/share/perl/5.36.0/ExtUtils/Installed.pm", "/usr/share/perl/5.36.0/ExtUtils/Liblist.pm", "/usr/share/perl/5.36.0/ExtUtils/Liblist/Kid.pm", "/usr/share/perl/5.36.0/ExtUtils/MANIFEST.SKIP", "/usr/share/perl/5.36.0/ExtUtils/MM.pm", "/usr/share/perl/5.36.0/ExtUtils/MM_AIX.pm", "/usr/share/perl/5.36.0/ExtUtils/MM_Any.pm", "/usr/share/perl/5.36.0/ExtUtils/MM_BeOS.pm", "/usr/share/perl/5.36.0/ExtUtils/MM_Cygwin.pm", "/usr/share/perl/5.36.0/ExtUtils/MM_DOS.pm", "/usr/share/perl/5.36.0/ExtUtils/MM_Darwin.pm", "/usr/share/perl/5.36.0/ExtUtils/MM_MacOS.pm", "/usr/share/perl/5.36.0/ExtUtils/MM_NW5.pm", "/usr/share/perl/5.36.0/ExtUtils/MM_OS2.pm", "/usr/share/perl/5.36.0/ExtUtils/MM_OS390.pm", "/usr/share/perl/5.36.0/ExtUtils/MM_QNX.pm", "/usr/share/perl/5.36.0/ExtUtils/MM_UWIN.pm", "/usr/share/perl/5.36.0/ExtUtils/MM_Unix.pm", "/usr/share/perl/5.36.0/ExtUtils/MM_VMS.pm", "/usr/share/perl/5.36.0/ExtUtils/MM_VOS.pm", "/usr/share/perl/5.36.0/ExtUtils/MM_Win32.pm", "/usr/share/perl/5.36.0/ExtUtils/MM_Win95.pm", "/usr/share/perl/5.36.0/ExtUtils/MY.pm", "/usr/share/perl/5.36.0/ExtUtils/MakeMaker.pm", "/usr/share/perl/5.36.0/ExtUtils/MakeMaker/Config.pm", "/usr/share/perl/5.36.0/ExtUtils/MakeMaker/FAQ.pod", "/usr/share/perl/5.36.0/ExtUtils/MakeMaker/Locale.pm", "/usr/share/perl/5.36.0/ExtUtils/MakeMaker/Tutorial.pod", "/usr/share/perl/5.36.0/ExtUtils/MakeMaker/version.pm", "/usr/share/perl/5.36.0/ExtUtils/Manifest.pm", "/usr/share/perl/5.36.0/ExtUtils/Miniperl.pm", "/usr/share/perl/5.36.0/ExtUtils/Mkbootstrap.pm", "/usr/share/perl/5.36.0/ExtUtils/Mksymlists.pm", "/usr/share/perl/5.36.0/ExtUtils/PL2Bat.pm", "/usr/share/perl/5.36.0/ExtUtils/Packlist.pm", "/usr/share/perl/5.36.0/ExtUtils/ParseXS.pm", "/usr/share/perl/5.36.0/ExtUtils/ParseXS.pod", "/usr/share/perl/5.36.0/ExtUtils/ParseXS/Constants.pm", "/usr/share/perl/5.36.0/ExtUtils/ParseXS/CountLines.pm", "/usr/share/perl/5.36.0/ExtUtils/ParseXS/Eval.pm", "/usr/share/perl/5.36.0/ExtUtils/ParseXS/Utilities.pm", "/usr/share/perl/5.36.0/ExtUtils/Typemaps.pm", "/usr/share/perl/5.36.0/ExtUtils/Typemaps/Cmd.pm", "/usr/share/perl/5.36.0/ExtUtils/Typemaps/InputMap.pm", "/usr/share/perl/5.36.0/ExtUtils/Typemaps/OutputMap.pm", "/usr/share/perl/5.36.0/ExtUtils/Typemaps/Type.pm", "/usr/share/perl/5.36.0/ExtUtils/testlib.pm", "/usr/share/perl/5.36.0/ExtUtils/typemap", "/usr/share/perl/5.36.0/ExtUtils/xsubpp", "/usr/share/perl/5.36.0/Fatal.pm", "/usr/share/perl/5.36.0/File/Basename.pm", "/usr/share/perl/5.36.0/File/Compare.pm", "/usr/share/perl/5.36.0/File/Copy.pm", "/usr/share/perl/5.36.0/File/Fetch.pm", "/usr/share/perl/5.36.0/File/Find.pm", "/usr/share/perl/5.36.0/File/GlobMapper.pm", "/usr/share/perl/5.36.0/File/Path.pm", "/usr/share/perl/5.36.0/File/Temp.pm", "/usr/share/perl/5.36.0/File/stat.pm", "/usr/share/perl/5.36.0/FileCache.pm", "/usr/share/perl/5.36.0/FileHandle.pm", "/usr/share/perl/5.36.0/Filter/Simple.pm", "/usr/share/perl/5.36.0/FindBin.pm", "/usr/share/perl/5.36.0/Getopt/Long.pm", "/usr/share/perl/5.36.0/Getopt/Std.pm", "/usr/share/perl/5.36.0/HTTP/Tiny.pm", "/usr/share/perl/5.36.0/I18N/Collate.pm", "/usr/share/perl/5.36.0/I18N/LangTags.pm", "/usr/share/perl/5.36.0/I18N/LangTags/Detect.pm", "/usr/share/perl/5.36.0/I18N/LangTags/List.pm", "/usr/share/perl/5.36.0/IO/Compress/Adapter/Bzip2.pm", "/usr/share/perl/5.36.0/IO/Compress/Adapter/Deflate.pm", "/usr/share/perl/5.36.0/IO/Compress/Adapter/Identity.pm", "/usr/share/perl/5.36.0/IO/Compress/Base.pm", "/usr/share/perl/5.36.0/IO/Compress/Base/Common.pm", "/usr/share/perl/5.36.0/IO/Compress/Bzip2.pm", "/usr/share/perl/5.36.0/IO/Compress/Deflate.pm", "/usr/share/perl/5.36.0/IO/Compress/FAQ.pod", "/usr/share/perl/5.36.0/IO/Compress/Gzip.pm", "/usr/share/perl/5.36.0/IO/Compress/Gzip/Constants.pm", "/usr/share/perl/5.36.0/IO/Compress/RawDeflate.pm", "/usr/share/perl/5.36.0/IO/Compress/Zip.pm", "/usr/share/perl/5.36.0/IO/Compress/Zip/Constants.pm", "/usr/share/perl/5.36.0/IO/Compress/Zlib/Constants.pm", "/usr/share/perl/5.36.0/IO/Compress/Zlib/Extra.pm", "/usr/share/perl/5.36.0/IO/Socket/IP.pm", "/usr/share/perl/5.36.0/IO/Uncompress/Adapter/Bunzip2.pm", "/usr/share/perl/5.36.0/IO/Uncompress/Adapter/Identity.pm", "/usr/share/perl/5.36.0/IO/Uncompress/Adapter/Inflate.pm", "/usr/share/perl/5.36.0/IO/Uncompress/AnyInflate.pm", "/usr/share/perl/5.36.0/IO/Uncompress/AnyUncompress.pm", "/usr/share/perl/5.36.0/IO/Uncompress/Base.pm", "/usr/share/perl/5.36.0/IO/Uncompress/Bunzip2.pm", "/usr/share/perl/5.36.0/IO/Uncompress/Gunzip.pm", "/usr/share/perl/5.36.0/IO/Uncompress/Inflate.pm", "/usr/share/perl/5.36.0/IO/Uncompress/RawInflate.pm", "/usr/share/perl/5.36.0/IO/Uncompress/Unzip.pm", "/usr/share/perl/5.36.0/IO/Zlib.pm", "/usr/share/perl/5.36.0/IPC/Cmd.pm", "/usr/share/perl/5.36.0/IPC/Open2.pm", "/usr/share/perl/5.36.0/IPC/Open3.pm", "/usr/share/perl/5.36.0/Internals.pod", "/usr/share/perl/5.36.0/JSON/PP.pm", "/usr/share/perl/5.36.0/JSON/PP/Boolean.pm", "/usr/share/perl/5.36.0/Locale/Maketext.pm", "/usr/share/perl/5.36.0/Locale/Maketext.pod", "/usr/share/perl/5.36.0/Locale/Maketext/Cookbook.pod", "/usr/share/perl/5.36.0/Locale/Maketext/Guts.pm", "/usr/share/perl/5.36.0/Locale/Maketext/GutsLoader.pm", "/usr/share/perl/5.36.0/Locale/Maketext/Simple.pm", "/usr/share/perl/5.36.0/Locale/Maketext/TPJ13.pod", "/usr/share/perl/5.36.0/Math/BigFloat.pm", "/usr/share/perl/5.36.0/Math/BigFloat/Trace.pm", "/usr/share/perl/5.36.0/Math/BigInt.pm", "/usr/share/perl/5.36.0/Math/BigInt/Calc.pm", "/usr/share/perl/5.36.0/Math/BigInt/Lib.pm", "/usr/share/perl/5.36.0/Math/BigInt/Trace.pm", "/usr/share/perl/5.36.0/Math/BigRat.pm", "/usr/share/perl/5.36.0/Math/BigRat/Trace.pm", "/usr/share/perl/5.36.0/Math/Complex.pm", "/usr/share/perl/5.36.0/Math/Trig.pm", "/usr/share/perl/5.36.0/Memoize.pm", "/usr/share/perl/5.36.0/Memoize/AnyDBM_File.pm", "/usr/share/perl/5.36.0/Memoize/Expire.pm", "/usr/share/perl/5.36.0/Memoize/ExpireFile.pm", "/usr/share/perl/5.36.0/Memoize/ExpireTest.pm", "/usr/share/perl/5.36.0/Memoize/NDBM_File.pm", "/usr/share/perl/5.36.0/Memoize/SDBM_File.pm", "/usr/share/perl/5.36.0/Memoize/Storable.pm", "/usr/share/perl/5.36.0/Module/CoreList.pm", "/usr/share/perl/5.36.0/Module/CoreList.pod", "/usr/share/perl/5.36.0/Module/CoreList/Utils.pm", "/usr/share/perl/5.36.0/Module/Load.pm", "/usr/share/perl/5.36.0/Module/Load/Conditional.pm", "/usr/share/perl/5.36.0/Module/Loaded.pm", "/usr/share/perl/5.36.0/Module/Metadata.pm", "/usr/share/perl/5.36.0/NEXT.pm", "/usr/share/perl/5.36.0/Net/Cmd.pm", "/usr/share/perl/5.36.0/Net/Config.pm", "/usr/share/perl/5.36.0/Net/Domain.pm", "/usr/share/perl/5.36.0/Net/FTP.pm", "/usr/share/perl/5.36.0/Net/FTP/A.pm", "/usr/share/perl/5.36.0/Net/FTP/E.pm", "/usr/share/perl/5.36.0/Net/FTP/I.pm", "/usr/share/perl/5.36.0/Net/FTP/L.pm", "/usr/share/perl/5.36.0/Net/FTP/dataconn.pm", "/usr/share/perl/5.36.0/Net/NNTP.pm", "/usr/share/perl/5.36.0/Net/Netrc.pm", "/usr/share/perl/5.36.0/Net/POP3.pm", "/usr/share/perl/5.36.0/Net/Ping.pm", "/usr/share/perl/5.36.0/Net/SMTP.pm", "/usr/share/perl/5.36.0/Net/Time.pm", "/usr/share/perl/5.36.0/Net/hostent.pm", "/usr/share/perl/5.36.0/Net/libnetFAQ.pod", "/usr/share/perl/5.36.0/Net/netent.pm", "/usr/share/perl/5.36.0/Net/protoent.pm", "/usr/share/perl/5.36.0/Net/servent.pm", "/usr/share/perl/5.36.0/Params/Check.pm", "/usr/share/perl/5.36.0/Parse/CPAN/Meta.pm", "/usr/share/perl/5.36.0/Perl/OSType.pm", "/usr/share/perl/5.36.0/PerlIO.pm", "/usr/share/perl/5.36.0/PerlIO/via/QuotedPrint.pm", "/usr/share/perl/5.36.0/Pod/Checker.pm", "/usr/share/perl/5.36.0/Pod/Escapes.pm", "/usr/share/perl/5.36.0/Pod/Functions.pm", "/usr/share/perl/5.36.0/Pod/Html.pm", "/usr/share/perl/5.36.0/Pod/Html/Util.pm", "/usr/share/perl/5.36.0/Pod/Man.pm", "/usr/share/perl/5.36.0/Pod/ParseLink.pm", "/usr/share/perl/5.36.0/Pod/Perldoc.pm", "/usr/share/perl/5.36.0/Pod/Perldoc/BaseTo.pm", "/usr/share/perl/5.36.0/Pod/Perldoc/GetOptsOO.pm", "/usr/share/perl/5.36.0/Pod/Perldoc/ToANSI.pm", "/usr/share/perl/5.36.0/Pod/Perldoc/ToChecker.pm", "/usr/share/perl/5.36.0/Pod/Perldoc/ToMan.pm", "/usr/share/perl/5.36.0/Pod/Perldoc/ToNroff.pm", "/usr/share/perl/5.36.0/Pod/Perldoc/ToPod.pm", "/usr/share/perl/5.36.0/Pod/Perldoc/ToRtf.pm", "/usr/share/perl/5.36.0/Pod/Perldoc/ToTerm.pm", "/usr/share/perl/5.36.0/Pod/Perldoc/ToText.pm", "/usr/share/perl/5.36.0/Pod/Perldoc/ToTk.pm", "/usr/share/perl/5.36.0/Pod/Perldoc/ToXml.pm", "/usr/share/perl/5.36.0/Pod/Simple.pm", "/usr/share/perl/5.36.0/Pod/Simple.pod", "/usr/share/perl/5.36.0/Pod/Simple/BlackBox.pm", "/usr/share/perl/5.36.0/Pod/Simple/Checker.pm", "/usr/share/perl/5.36.0/Pod/Simple/Debug.pm", "/usr/share/perl/5.36.0/Pod/Simple/DumpAsText.pm", "/usr/share/perl/5.36.0/Pod/Simple/DumpAsXML.pm", "/usr/share/perl/5.36.0/Pod/Simple/HTML.pm", "/usr/share/perl/5.36.0/Pod/Simple/HTMLBatch.pm", "/usr/share/perl/5.36.0/Pod/Simple/HTMLLegacy.pm", "/usr/share/perl/5.36.0/Pod/Simple/JustPod.pm", "/usr/share/perl/5.36.0/Pod/Simple/LinkSection.pm", "/usr/share/perl/5.36.0/Pod/Simple/Methody.pm", "/usr/share/perl/5.36.0/Pod/Simple/Progress.pm", "/usr/share/perl/5.36.0/Pod/Simple/PullParser.pm", "/usr/share/perl/5.36.0/Pod/Simple/PullParserEndToken.pm", "/usr/share/perl/5.36.0/Pod/Simple/PullParserStartToken.pm", "/usr/share/perl/5.36.0/Pod/Simple/PullParserTextToken.pm", "/usr/share/perl/5.36.0/Pod/Simple/PullParserToken.pm", "/usr/share/perl/5.36.0/Pod/Simple/RTF.pm", "/usr/share/perl/5.36.0/Pod/Simple/Search.pm", "/usr/share/perl/5.36.0/Pod/Simple/SimpleTree.pm", "/usr/share/perl/5.36.0/Pod/Simple/Subclassing.pod", "/usr/share/perl/5.36.0/Pod/Simple/Text.pm", "/usr/share/perl/5.36.0/Pod/Simple/TextContent.pm", "/usr/share/perl/5.36.0/Pod/Simple/TiedOutFH.pm", "/usr/share/perl/5.36.0/Pod/Simple/Transcode.pm", "/usr/share/perl/5.36.0/Pod/Simple/TranscodeDumb.pm", "/usr/share/perl/5.36.0/Pod/Simple/TranscodeSmart.pm", "/usr/share/perl/5.36.0/Pod/Simple/XHTML.pm", "/usr/share/perl/5.36.0/Pod/Simple/XMLOutStream.pm", "/usr/share/perl/5.36.0/Pod/Text.pm", "/usr/share/perl/5.36.0/Pod/Text/Color.pm", "/usr/share/perl/5.36.0/Pod/Text/Overstrike.pm", "/usr/share/perl/5.36.0/Pod/Text/Termcap.pm", "/usr/share/perl/5.36.0/Pod/Usage.pm", "/usr/share/perl/5.36.0/Safe.pm", "/usr/share/perl/5.36.0/Search/Dict.pm", "/usr/share/perl/5.36.0/SelectSaver.pm", "/usr/share/perl/5.36.0/SelfLoader.pm", "/usr/share/perl/5.36.0/Symbol.pm", "/usr/share/perl/5.36.0/TAP/Base.pm", "/usr/share/perl/5.36.0/TAP/Formatter/Base.pm", "/usr/share/perl/5.36.0/TAP/Formatter/Color.pm", "/usr/share/perl/5.36.0/TAP/Formatter/Console.pm", "/usr/share/perl/5.36.0/TAP/Formatter/Console/ParallelSession.pm", "/usr/share/perl/5.36.0/TAP/Formatter/Console/Session.pm", "/usr/share/perl/5.36.0/TAP/Formatter/File.pm", "/usr/share/perl/5.36.0/TAP/Formatter/File/Session.pm", "/usr/share/perl/5.36.0/TAP/Formatter/Session.pm", "/usr/share/perl/5.36.0/TAP/Harness.pm", "/usr/share/perl/5.36.0/TAP/Harness/Beyond.pod", "/usr/share/perl/5.36.0/TAP/Harness/Env.pm", "/usr/share/perl/5.36.0/TAP/Object.pm", "/usr/share/perl/5.36.0/TAP/Parser.pm", "/usr/share/perl/5.36.0/TAP/Parser/Aggregator.pm", "/usr/share/perl/5.36.0/TAP/Parser/Grammar.pm", "/usr/share/perl/5.36.0/TAP/Parser/Iterator.pm", "/usr/share/perl/5.36.0/TAP/Parser/Iterator/Array.pm", "/usr/share/perl/5.36.0/TAP/Parser/Iterator/Process.pm", "/usr/share/perl/5.36.0/TAP/Parser/Iterator/Stream.pm", "/usr/share/perl/5.36.0/TAP/Parser/IteratorFactory.pm", "/usr/share/perl/5.36.0/TAP/Parser/Multiplexer.pm", "/usr/share/perl/5.36.0/TAP/Parser/Result.pm", "/usr/share/perl/5.36.0/TAP/Parser/Result/Bailout.pm", "/usr/share/perl/5.36.0/TAP/Parser/Result/Comment.pm", "/usr/share/perl/5.36.0/TAP/Parser/Result/Plan.pm", "/usr/share/perl/5.36.0/TAP/Parser/Result/Pragma.pm", "/usr/share/perl/5.36.0/TAP/Parser/Result/Test.pm", "/usr/share/perl/5.36.0/TAP/Parser/Result/Unknown.pm", "/usr/share/perl/5.36.0/TAP/Parser/Result/Version.pm", "/usr/share/perl/5.36.0/TAP/Parser/Result/YAML.pm", "/usr/share/perl/5.36.0/TAP/Parser/ResultFactory.pm", "/usr/share/perl/5.36.0/TAP/Parser/Scheduler.pm", "/usr/share/perl/5.36.0/TAP/Parser/Scheduler/Job.pm", "/usr/share/perl/5.36.0/TAP/Parser/Scheduler/Spinner.pm", "/usr/share/perl/5.36.0/TAP/Parser/Source.pm", "/usr/share/perl/5.36.0/TAP/Parser/SourceHandler.pm", "/usr/share/perl/5.36.0/TAP/Parser/SourceHandler/Executable.pm", "/usr/share/perl/5.36.0/TAP/Parser/SourceHandler/File.pm", "/usr/share/perl/5.36.0/TAP/Parser/SourceHandler/Handle.pm", "/usr/share/perl/5.36.0/TAP/Parser/SourceHandler/Perl.pm", "/usr/share/perl/5.36.0/TAP/Parser/SourceHandler/RawTAP.pm", "/usr/share/perl/5.36.0/TAP/Parser/YAMLish/Reader.pm", "/usr/share/perl/5.36.0/TAP/Parser/YAMLish/Writer.pm", "/usr/share/perl/5.36.0/Term/ANSIColor.pm", "/usr/share/perl/5.36.0/Term/Cap.pm", "/usr/share/perl/5.36.0/Term/Complete.pm", "/usr/share/perl/5.36.0/Term/ReadLine.pm", "/usr/share/perl/5.36.0/Test.pm", "/usr/share/perl/5.36.0/Test/Builder.pm", "/usr/share/perl/5.36.0/Test/Builder/Formatter.pm", "/usr/share/perl/5.36.0/Test/Builder/IO/Scalar.pm", "/usr/share/perl/5.36.0/Test/Builder/Module.pm", "/usr/share/perl/5.36.0/Test/Builder/Tester.pm", "/usr/share/perl/5.36.0/Test/Builder/Tester/Color.pm", "/usr/share/perl/5.36.0/Test/Builder/TodoDiag.pm", "/usr/share/perl/5.36.0/Test/Harness.pm", "/usr/share/perl/5.36.0/Test/More.pm", "/usr/share/perl/5.36.0/Test/Simple.pm", "/usr/share/perl/5.36.0/Test/Tester.pm", "/usr/share/perl/5.36.0/Test/Tester/Capture.pm", "/usr/share/perl/5.36.0/Test/Tester/CaptureRunner.pm", "/usr/share/perl/5.36.0/Test/Tester/Delegate.pm", "/usr/share/perl/5.36.0/Test/Tutorial.pod", "/usr/share/perl/5.36.0/Test/use/ok.pm", "/usr/share/perl/5.36.0/Test2.pm", "/usr/share/perl/5.36.0/Test2/API.pm", "/usr/share/perl/5.36.0/Test2/API/Breakage.pm", "/usr/share/perl/5.36.0/Test2/API/Context.pm", "/usr/share/perl/5.36.0/Test2/API/Instance.pm", "/usr/share/perl/5.36.0/Test2/API/InterceptResult.pm", "/usr/share/perl/5.36.0/Test2/API/InterceptResult/Event.pm", "/usr/share/perl/5.36.0/Test2/API/InterceptResult/Facet.pm", "/usr/share/perl/5.36.0/Test2/API/InterceptResult/Hub.pm", "/usr/share/perl/5.36.0/Test2/API/InterceptResult/Squasher.pm", "/usr/share/perl/5.36.0/Test2/API/Stack.pm", "/usr/share/perl/5.36.0/Test2/Event.pm", "/usr/share/perl/5.36.0/Test2/Event/Bail.pm", "/usr/share/perl/5.36.0/Test2/Event/Diag.pm", "/usr/share/perl/5.36.0/Test2/Event/Encoding.pm", "/usr/share/perl/5.36.0/Test2/Event/Exception.pm", "/usr/share/perl/5.36.0/Test2/Event/Fail.pm", "/usr/share/perl/5.36.0/Test2/Event/Generic.pm", "/usr/share/perl/5.36.0/Test2/Event/Note.pm", "/usr/share/perl/5.36.0/Test2/Event/Ok.pm", "/usr/share/perl/5.36.0/Test2/Event/Pass.pm", "/usr/share/perl/5.36.0/Test2/Event/Plan.pm", "/usr/share/perl/5.36.0/Test2/Event/Skip.pm", "/usr/share/perl/5.36.0/Test2/Event/Subtest.pm", "/usr/share/perl/5.36.0/Test2/Event/TAP/Version.pm", "/usr/share/perl/5.36.0/Test2/Event/V2.pm", "/usr/share/perl/5.36.0/Test2/Event/Waiting.pm", "/usr/share/perl/5.36.0/Test2/EventFacet.pm", "/usr/share/perl/5.36.0/Test2/EventFacet/About.pm", "/usr/share/perl/5.36.0/Test2/EventFacet/Amnesty.pm", "/usr/share/perl/5.36.0/Test2/EventFacet/Assert.pm", "/usr/share/perl/5.36.0/Test2/EventFacet/Control.pm", "/usr/share/perl/5.36.0/Test2/EventFacet/Error.pm", "/usr/share/perl/5.36.0/Test2/EventFacet/Hub.pm", "/usr/share/perl/5.36.0/Test2/EventFacet/Info.pm", "/usr/share/perl/5.36.0/Test2/EventFacet/Info/Table.pm", "/usr/share/perl/5.36.0/Test2/EventFacet/Meta.pm", "/usr/share/perl/5.36.0/Test2/EventFacet/Parent.pm", "/usr/share/perl/5.36.0/Test2/EventFacet/Plan.pm", "/usr/share/perl/5.36.0/Test2/EventFacet/Render.pm", "/usr/share/perl/5.36.0/Test2/EventFacet/Trace.pm", "/usr/share/perl/5.36.0/Test2/Formatter.pm", "/usr/share/perl/5.36.0/Test2/Formatter/TAP.pm", "/usr/share/perl/5.36.0/Test2/Hub.pm", "/usr/share/perl/5.36.0/Test2/Hub/Interceptor.pm", "/usr/share/perl/5.36.0/Test2/Hub/Interceptor/Terminator.pm", "/usr/share/perl/5.36.0/Test2/Hub/Subtest.pm", "/usr/share/perl/5.36.0/Test2/IPC.pm", "/usr/share/perl/5.36.0/Test2/IPC/Driver.pm", "/usr/share/perl/5.36.0/Test2/IPC/Driver/Files.pm", "/usr/share/perl/5.36.0/Test2/Tools/Tiny.pm", "/usr/share/perl/5.36.0/Test2/Transition.pod", "/usr/share/perl/5.36.0/Test2/Util.pm", "/usr/share/perl/5.36.0/Test2/Util/ExternalMeta.pm", "/usr/share/perl/5.36.0/Test2/Util/Facets2Legacy.pm", "/usr/share/perl/5.36.0/Test2/Util/HashBase.pm", "/usr/share/perl/5.36.0/Test2/Util/Trace.pm", "/usr/share/perl/5.36.0/Text/Abbrev.pm", "/usr/share/perl/5.36.0/Text/Balanced.pm", "/usr/share/perl/5.36.0/Text/ParseWords.pm", "/usr/share/perl/5.36.0/Text/Tabs.pm", "/usr/share/perl/5.36.0/Text/Wrap.pm", "/usr/share/perl/5.36.0/Thread.pm", "/usr/share/perl/5.36.0/Thread/Queue.pm", "/usr/share/perl/5.36.0/Thread/Semaphore.pm", "/usr/share/perl/5.36.0/Tie/Array.pm", "/usr/share/perl/5.36.0/Tie/File.pm", "/usr/share/perl/5.36.0/Tie/Handle.pm", "/usr/share/perl/5.36.0/Tie/Hash.pm", "/usr/share/perl/5.36.0/Tie/Hash/NamedCapture.pm", "/usr/share/perl/5.36.0/Tie/Memoize.pm", "/usr/share/perl/5.36.0/Tie/RefHash.pm", "/usr/share/perl/5.36.0/Tie/Scalar.pm", "/usr/share/perl/5.36.0/Tie/StdHandle.pm", "/usr/share/perl/5.36.0/Tie/SubstrHash.pm", "/usr/share/perl/5.36.0/Time/Local.pm", "/usr/share/perl/5.36.0/Time/gmtime.pm", "/usr/share/perl/5.36.0/Time/localtime.pm", "/usr/share/perl/5.36.0/Time/tm.pm", "/usr/share/perl/5.36.0/UNIVERSAL.pm", "/usr/share/perl/5.36.0/Unicode/Collate/CJK/Big5.pm", "/usr/share/perl/5.36.0/Unicode/Collate/CJK/GB2312.pm", "/usr/share/perl/5.36.0/Unicode/Collate/CJK/JISX0208.pm", "/usr/share/perl/5.36.0/Unicode/Collate/CJK/Korean.pm", "/usr/share/perl/5.36.0/Unicode/Collate/CJK/Pinyin.pm", "/usr/share/perl/5.36.0/Unicode/Collate/CJK/Stroke.pm", "/usr/share/perl/5.36.0/Unicode/Collate/CJK/Zhuyin.pm", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/af.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/ar.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/as.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/az.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/be.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/bn.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/ca.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/cs.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/cu.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/cy.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/da.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/de_at_ph.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/de_phone.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/dsb.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/ee.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/eo.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/es.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/es_trad.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/et.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/fa.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/fi.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/fi_phone.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/fil.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/fo.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/fr_ca.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/gu.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/ha.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/haw.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/he.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/hi.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/hr.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/hu.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/hy.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/ig.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/is.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/ja.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/kk.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/kl.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/kn.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/ko.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/kok.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/lkt.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/ln.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/lt.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/lv.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/mk.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/ml.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/mr.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/mt.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/nb.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/nn.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/nso.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/om.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/or.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/pa.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/pl.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/ro.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/sa.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/se.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/si.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/si_dict.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/sk.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/sl.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/sq.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/sr.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/sv.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/sv_refo.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/ta.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/te.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/th.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/tn.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/to.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/tr.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/ug_cyrl.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/uk.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/ur.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/vi.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/vo.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/wae.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/wo.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/yo.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/zh.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/zh_big5.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/zh_gb.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/zh_pin.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/zh_strk.pl", "/usr/share/perl/5.36.0/Unicode/Collate/Locale/zh_zhu.pl", "/usr/share/perl/5.36.0/Unicode/Collate/allkeys.txt", "/usr/share/perl/5.36.0/Unicode/Collate/keys.txt", "/usr/share/perl/5.36.0/Unicode/UCD.pm", "/usr/share/perl/5.36.0/User/grent.pm", "/usr/share/perl/5.36.0/User/pwent.pm", "/usr/share/perl/5.36.0/XSLoader.pm", "/usr/share/perl/5.36.0/_charnames.pm", "/usr/share/perl/5.36.0/autodie.pm", "/usr/share/perl/5.36.0/autodie/Scope/Guard.pm", "/usr/share/perl/5.36.0/autodie/Scope/GuardStack.pm", "/usr/share/perl/5.36.0/autodie/Util.pm", "/usr/share/perl/5.36.0/autodie/exception.pm", "/usr/share/perl/5.36.0/autodie/exception/system.pm", "/usr/share/perl/5.36.0/autodie/hints.pm", "/usr/share/perl/5.36.0/autodie/skip.pm", "/usr/share/perl/5.36.0/autouse.pm", "/usr/share/perl/5.36.0/base.pm", "/usr/share/perl/5.36.0/bigfloat.pm", "/usr/share/perl/5.36.0/bigint.pm", "/usr/share/perl/5.36.0/bignum.pm", "/usr/share/perl/5.36.0/bigrat.pm", "/usr/share/perl/5.36.0/blib.pm", "/usr/share/perl/5.36.0/builtin.pm", "/usr/share/perl/5.36.0/bytes.pm", "/usr/share/perl/5.36.0/bytes_heavy.pl", "/usr/share/perl/5.36.0/charnames.pm", "/usr/share/perl/5.36.0/constant.pm", "/usr/share/perl/5.36.0/deprecate.pm", "/usr/share/perl/5.36.0/diagnostics.pm", "/usr/share/perl/5.36.0/dumpvar.pl", "/usr/share/perl/5.36.0/encoding/warnings.pm", "/usr/share/perl/5.36.0/experimental.pm", "/usr/share/perl/5.36.0/feature.pm", "/usr/share/perl/5.36.0/fields.pm", "/usr/share/perl/5.36.0/filetest.pm", "/usr/share/perl/5.36.0/if.pm", "/usr/share/perl/5.36.0/integer.pm", "/usr/share/perl/5.36.0/less.pm", "/usr/share/perl/5.36.0/locale.pm", "/usr/share/perl/5.36.0/meta_notation.pm", "/usr/share/perl/5.36.0/ok.pm", "/usr/share/perl/5.36.0/open.pm", "/usr/share/perl/5.36.0/overload.pm", "/usr/share/perl/5.36.0/overload/numbers.pm", "/usr/share/perl/5.36.0/overloading.pm", "/usr/share/perl/5.36.0/parent.pm", "/usr/share/perl/5.36.0/perl5db.pl", "/usr/share/perl/5.36.0/perlfaq.pm", "/usr/share/perl/5.36.0/pod/perldiag.pod", "/usr/share/perl/5.36.0/sigtrap.pm", "/usr/share/perl/5.36.0/sort.pm", "/usr/share/perl/5.36.0/strict.pm", "/usr/share/perl/5.36.0/subs.pm", "/usr/share/perl/5.36.0/unicore/Blocks.txt", "/usr/share/perl/5.36.0/unicore/CombiningClass.pl", "/usr/share/perl/5.36.0/unicore/Decomposition.pl", "/usr/share/perl/5.36.0/unicore/Name.pl", "/usr/share/perl/5.36.0/unicore/Name.pm", "/usr/share/perl/5.36.0/unicore/NamedSequences.txt", "/usr/share/perl/5.36.0/unicore/SpecialCasing.txt", "/usr/share/perl/5.36.0/unicore/To/Age.pl", "/usr/share/perl/5.36.0/unicore/To/Bc.pl", "/usr/share/perl/5.36.0/unicore/To/Bmg.pl", "/usr/share/perl/5.36.0/unicore/To/Bpb.pl", "/usr/share/perl/5.36.0/unicore/To/Bpt.pl", "/usr/share/perl/5.36.0/unicore/To/Cf.pl", "/usr/share/perl/5.36.0/unicore/To/Ea.pl", "/usr/share/perl/5.36.0/unicore/To/EqUIdeo.pl", "/usr/share/perl/5.36.0/unicore/To/GCB.pl", "/usr/share/perl/5.36.0/unicore/To/Gc.pl", "/usr/share/perl/5.36.0/unicore/To/Hst.pl", "/usr/share/perl/5.36.0/unicore/To/Identif2.pl", "/usr/share/perl/5.36.0/unicore/To/Identifi.pl", "/usr/share/perl/5.36.0/unicore/To/InPC.pl", "/usr/share/perl/5.36.0/unicore/To/InSC.pl", "/usr/share/perl/5.36.0/unicore/To/Isc.pl", "/usr/share/perl/5.36.0/unicore/To/Jg.pl", "/usr/share/perl/5.36.0/unicore/To/Jt.pl", "/usr/share/perl/5.36.0/unicore/To/Lb.pl", "/usr/share/perl/5.36.0/unicore/To/Lc.pl", "/usr/share/perl/5.36.0/unicore/To/NFCQC.pl", "/usr/share/perl/5.36.0/unicore/To/NFDQC.pl", "/usr/share/perl/5.36.0/unicore/To/NFKCCF.pl", "/usr/share/perl/5.36.0/unicore/To/NFKCQC.pl", "/usr/share/perl/5.36.0/unicore/To/NFKDQC.pl", "/usr/share/perl/5.36.0/unicore/To/Na1.pl", "/usr/share/perl/5.36.0/unicore/To/NameAlia.pl", "/usr/share/perl/5.36.0/unicore/To/Nt.pl", "/usr/share/perl/5.36.0/unicore/To/Nv.pl", "/usr/share/perl/5.36.0/unicore/To/PerlDeci.pl", "/usr/share/perl/5.36.0/unicore/To/SB.pl", "/usr/share/perl/5.36.0/unicore/To/Sc.pl", "/usr/share/perl/5.36.0/unicore/To/Scx.pl", "/usr/share/perl/5.36.0/unicore/To/Tc.pl", "/usr/share/perl/5.36.0/unicore/To/Uc.pl", "/usr/share/perl/5.36.0/unicore/To/Vo.pl", "/usr/share/perl/5.36.0/unicore/To/WB.pl", "/usr/share/perl/5.36.0/unicore/To/_PerlLB.pl", "/usr/share/perl/5.36.0/unicore/To/_PerlSCX.pl", "/usr/share/perl/5.36.0/unicore/UCD.pl", "/usr/share/perl/5.36.0/unicore/lib/Age/NA.pl", "/usr/share/perl/5.36.0/unicore/lib/Age/V100.pl", "/usr/share/perl/5.36.0/unicore/lib/Age/V11.pl", "/usr/share/perl/5.36.0/unicore/lib/Age/V110.pl", "/usr/share/perl/5.36.0/unicore/lib/Age/V120.pl", "/usr/share/perl/5.36.0/unicore/lib/Age/V130.pl", "/usr/share/perl/5.36.0/unicore/lib/Age/V140.pl", "/usr/share/perl/5.36.0/unicore/lib/Age/V20.pl", "/usr/share/perl/5.36.0/unicore/lib/Age/V30.pl", "/usr/share/perl/5.36.0/unicore/lib/Age/V31.pl", "/usr/share/perl/5.36.0/unicore/lib/Age/V32.pl", "/usr/share/perl/5.36.0/unicore/lib/Age/V40.pl", "/usr/share/perl/5.36.0/unicore/lib/Age/V41.pl", "/usr/share/perl/5.36.0/unicore/lib/Age/V50.pl", "/usr/share/perl/5.36.0/unicore/lib/Age/V51.pl", "/usr/share/perl/5.36.0/unicore/lib/Age/V52.pl", "/usr/share/perl/5.36.0/unicore/lib/Age/V60.pl", "/usr/share/perl/5.36.0/unicore/lib/Age/V61.pl", "/usr/share/perl/5.36.0/unicore/lib/Age/V70.pl", "/usr/share/perl/5.36.0/unicore/lib/Age/V80.pl", "/usr/share/perl/5.36.0/unicore/lib/Age/V90.pl", "/usr/share/perl/5.36.0/unicore/lib/Alpha/Y.pl", "/usr/share/perl/5.36.0/unicore/lib/Bc/AL.pl", "/usr/share/perl/5.36.0/unicore/lib/Bc/AN.pl", "/usr/share/perl/5.36.0/unicore/lib/Bc/B.pl", "/usr/share/perl/5.36.0/unicore/lib/Bc/BN.pl", "/usr/share/perl/5.36.0/unicore/lib/Bc/CS.pl", "/usr/share/perl/5.36.0/unicore/lib/Bc/EN.pl", "/usr/share/perl/5.36.0/unicore/lib/Bc/ES.pl", "/usr/share/perl/5.36.0/unicore/lib/Bc/ET.pl", "/usr/share/perl/5.36.0/unicore/lib/Bc/L.pl", "/usr/share/perl/5.36.0/unicore/lib/Bc/NSM.pl", "/usr/share/perl/5.36.0/unicore/lib/Bc/ON.pl", "/usr/share/perl/5.36.0/unicore/lib/Bc/R.pl", "/usr/share/perl/5.36.0/unicore/lib/Bc/WS.pl", "/usr/share/perl/5.36.0/unicore/lib/BidiC/Y.pl", "/usr/share/perl/5.36.0/unicore/lib/BidiM/Y.pl", "/usr/share/perl/5.36.0/unicore/lib/Blk/NB.pl", "/usr/share/perl/5.36.0/unicore/lib/Bpt/C.pl", "/usr/share/perl/5.36.0/unicore/lib/Bpt/N.pl", "/usr/share/perl/5.36.0/unicore/lib/Bpt/O.pl", "/usr/share/perl/5.36.0/unicore/lib/CE/Y.pl", "/usr/share/perl/5.36.0/unicore/lib/CI/Y.pl", "/usr/share/perl/5.36.0/unicore/lib/CWCF/Y.pl", "/usr/share/perl/5.36.0/unicore/lib/CWCM/Y.pl", "/usr/share/perl/5.36.0/unicore/lib/CWKCF/Y.pl", "/usr/share/perl/5.36.0/unicore/lib/CWL/Y.pl", "/usr/share/perl/5.36.0/unicore/lib/CWT/Y.pl", "/usr/share/perl/5.36.0/unicore/lib/CWU/Y.pl", "/usr/share/perl/5.36.0/unicore/lib/Cased/Y.pl", "/usr/share/perl/5.36.0/unicore/lib/Ccc/A.pl", "/usr/share/perl/5.36.0/unicore/lib/Ccc/AL.pl", "/usr/share/perl/5.36.0/unicore/lib/Ccc/AR.pl", "/usr/share/perl/5.36.0/unicore/lib/Ccc/ATAR.pl", "/usr/share/perl/5.36.0/unicore/lib/Ccc/B.pl", "/usr/share/perl/5.36.0/unicore/lib/Ccc/BR.pl", "/usr/share/perl/5.36.0/unicore/lib/Ccc/DB.pl", "/usr/share/perl/5.36.0/unicore/lib/Ccc/NK.pl", "/usr/share/perl/5.36.0/unicore/lib/Ccc/NR.pl", "/usr/share/perl/5.36.0/unicore/lib/Ccc/OV.pl", "/usr/share/perl/5.36.0/unicore/lib/Ccc/VR.pl", "/usr/share/perl/5.36.0/unicore/lib/CompEx/Y.pl", "/usr/share/perl/5.36.0/unicore/lib/DI/Y.pl", "/usr/share/perl/5.36.0/unicore/lib/Dash/Y.pl", "/usr/share/perl/5.36.0/unicore/lib/Dep/Y.pl", "/usr/share/perl/5.36.0/unicore/lib/Dia/Y.pl", "/usr/share/perl/5.36.0/unicore/lib/Dt/Com.pl", "/usr/share/perl/5.36.0/unicore/lib/Dt/Enc.pl", "/usr/share/perl/5.36.0/unicore/lib/Dt/Fin.pl", "/usr/share/perl/5.36.0/unicore/lib/Dt/Font.pl", "/usr/share/perl/5.36.0/unicore/lib/Dt/Init.pl", "/usr/share/perl/5.36.0/unicore/lib/Dt/Iso.pl", "/usr/share/perl/5.36.0/unicore/lib/Dt/Med.pl", "/usr/share/perl/5.36.0/unicore/lib/Dt/Nar.pl", "/usr/share/perl/5.36.0/unicore/lib/Dt/Nb.pl", "/usr/share/perl/5.36.0/unicore/lib/Dt/NonCanon.pl", "/usr/share/perl/5.36.0/unicore/lib/Dt/Sqr.pl", "/usr/share/perl/5.36.0/unicore/lib/Dt/Sub.pl", "/usr/share/perl/5.36.0/unicore/lib/Dt/Sup.pl", "/usr/share/perl/5.36.0/unicore/lib/Dt/Vert.pl", "/usr/share/perl/5.36.0/unicore/lib/EBase/Y.pl", "/usr/share/perl/5.36.0/unicore/lib/EComp/Y.pl", "/usr/share/perl/5.36.0/unicore/lib/EPres/Y.pl", "/usr/share/perl/5.36.0/unicore/lib/Ea/A.pl", "/usr/share/perl/5.36.0/unicore/lib/Ea/H.pl", "/usr/share/perl/5.36.0/unicore/lib/Ea/N.pl", "/usr/share/perl/5.36.0/unicore/lib/Ea/Na.pl", "/usr/share/perl/5.36.0/unicore/lib/Ea/W.pl", "/usr/share/perl/5.36.0/unicore/lib/Emoji/Y.pl", "/usr/share/perl/5.36.0/unicore/lib/Ext/Y.pl", "/usr/share/perl/5.36.0/unicore/lib/ExtPict/Y.pl", "/usr/share/perl/5.36.0/unicore/lib/GCB/CN.pl", "/usr/share/perl/5.36.0/unicore/lib/GCB/EX.pl", "/usr/share/perl/5.36.0/unicore/lib/GCB/LV.pl", "/usr/share/perl/5.36.0/unicore/lib/GCB/LVT.pl", "/usr/share/perl/5.36.0/unicore/lib/GCB/PP.pl", "/usr/share/perl/5.36.0/unicore/lib/GCB/SM.pl", "/usr/share/perl/5.36.0/unicore/lib/GCB/XX.pl", "/usr/share/perl/5.36.0/unicore/lib/Gc/C.pl", "/usr/share/perl/5.36.0/unicore/lib/Gc/Cf.pl", "/usr/share/perl/5.36.0/unicore/lib/Gc/Cn.pl", "/usr/share/perl/5.36.0/unicore/lib/Gc/L.pl", "/usr/share/perl/5.36.0/unicore/lib/Gc/LC.pl", "/usr/share/perl/5.36.0/unicore/lib/Gc/Ll.pl", "/usr/share/perl/5.36.0/unicore/lib/Gc/Lm.pl", "/usr/share/perl/5.36.0/unicore/lib/Gc/Lo.pl", "/usr/share/perl/5.36.0/unicore/lib/Gc/Lu.pl", "/usr/share/perl/5.36.0/unicore/lib/Gc/M.pl", "/usr/share/perl/5.36.0/unicore/lib/Gc/Mc.pl", "/usr/share/perl/5.36.0/unicore/lib/Gc/Me.pl", "/usr/share/perl/5.36.0/unicore/lib/Gc/Mn.pl", "/usr/share/perl/5.36.0/unicore/lib/Gc/N.pl", "/usr/share/perl/5.36.0/unicore/lib/Gc/Nd.pl", "/usr/share/perl/5.36.0/unicore/lib/Gc/Nl.pl", "/usr/share/perl/5.36.0/unicore/lib/Gc/No.pl", "/usr/share/perl/5.36.0/unicore/lib/Gc/P.pl", "/usr/share/perl/5.36.0/unicore/lib/Gc/Pc.pl", "/usr/share/perl/5.36.0/unicore/lib/Gc/Pd.pl", "/usr/share/perl/5.36.0/unicore/lib/Gc/Pe.pl", "/usr/share/perl/5.36.0/unicore/lib/Gc/Pf.pl", "/usr/share/perl/5.36.0/unicore/lib/Gc/Pi.pl", "/usr/share/perl/5.36.0/unicore/lib/Gc/Po.pl", "/usr/share/perl/5.36.0/unicore/lib/Gc/Ps.pl", "/usr/share/perl/5.36.0/unicore/lib/Gc/S.pl", "/usr/share/perl/5.36.0/unicore/lib/Gc/Sc.pl", "/usr/share/perl/5.36.0/unicore/lib/Gc/Sk.pl", "/usr/share/perl/5.36.0/unicore/lib/Gc/Sm.pl", "/usr/share/perl/5.36.0/unicore/lib/Gc/So.pl", "/usr/share/perl/5.36.0/unicore/lib/Gc/Z.pl", "/usr/share/perl/5.36.0/unicore/lib/Gc/Zs.pl", "/usr/share/perl/5.36.0/unicore/lib/GrBase/Y.pl", "/usr/share/perl/5.36.0/unicore/lib/GrExt/Y.pl", "/usr/share/perl/5.36.0/unicore/lib/Hex/Y.pl", "/usr/share/perl/5.36.0/unicore/lib/Hst/NA.pl", "/usr/share/perl/5.36.0/unicore/lib/Hyphen/T.pl", "/usr/share/perl/5.36.0/unicore/lib/IDC/Y.pl", "/usr/share/perl/5.36.0/unicore/lib/IDS/Y.pl", "/usr/share/perl/5.36.0/unicore/lib/IdStatus/Allowed.pl", "/usr/share/perl/5.36.0/unicore/lib/IdStatus/Restrict.pl", "/usr/share/perl/5.36.0/unicore/lib/IdType/DefaultI.pl", "/usr/share/perl/5.36.0/unicore/lib/IdType/Exclusio.pl", "/usr/share/perl/5.36.0/unicore/lib/IdType/Inclusio.pl", "/usr/share/perl/5.36.0/unicore/lib/IdType/LimitedU.pl", "/usr/share/perl/5.36.0/unicore/lib/IdType/NotChara.pl", "/usr/share/perl/5.36.0/unicore/lib/IdType/NotNFKC.pl", "/usr/share/perl/5.36.0/unicore/lib/IdType/NotXID.pl", "/usr/share/perl/5.36.0/unicore/lib/IdType/Obsolete.pl", "/usr/share/perl/5.36.0/unicore/lib/IdType/Recommen.pl", "/usr/share/perl/5.36.0/unicore/lib/IdType/Technica.pl", "/usr/share/perl/5.36.0/unicore/lib/IdType/Uncommon.pl", "/usr/share/perl/5.36.0/unicore/lib/Ideo/Y.pl", "/usr/share/perl/5.36.0/unicore/lib/In/10_0.pl", "/usr/share/perl/5.36.0/unicore/lib/In/11_0.pl", "/usr/share/perl/5.36.0/unicore/lib/In/12_0.pl", "/usr/share/perl/5.36.0/unicore/lib/In/12_1.pl", "/usr/share/perl/5.36.0/unicore/lib/In/13_0.pl", "/usr/share/perl/5.36.0/unicore/lib/In/14_0.pl", "/usr/share/perl/5.36.0/unicore/lib/In/2_0.pl", "/usr/share/perl/5.36.0/unicore/lib/In/2_1.pl", "/usr/share/perl/5.36.0/unicore/lib/In/3_0.pl", "/usr/share/perl/5.36.0/unicore/lib/In/3_1.pl", "/usr/share/perl/5.36.0/unicore/lib/In/3_2.pl", "/usr/share/perl/5.36.0/unicore/lib/In/4_0.pl", "/usr/share/perl/5.36.0/unicore/lib/In/4_1.pl", "/usr/share/perl/5.36.0/unicore/lib/In/5_0.pl", "/usr/share/perl/5.36.0/unicore/lib/In/5_1.pl", "/usr/share/perl/5.36.0/unicore/lib/In/5_2.pl", "/usr/share/perl/5.36.0/unicore/lib/In/6_0.pl", "/usr/share/perl/5.36.0/unicore/lib/In/6_1.pl", "/usr/share/perl/5.36.0/unicore/lib/In/6_2.pl", "/usr/share/perl/5.36.0/unicore/lib/In/6_3.pl", "/usr/share/perl/5.36.0/unicore/lib/In/7_0.pl", "/usr/share/perl/5.36.0/unicore/lib/In/8_0.pl", "/usr/share/perl/5.36.0/unicore/lib/In/9_0.pl", "/usr/share/perl/5.36.0/unicore/lib/InPC/Bottom.pl", "/usr/share/perl/5.36.0/unicore/lib/InPC/BottomAn.pl", "/usr/share/perl/5.36.0/unicore/lib/InPC/Left.pl", "/usr/share/perl/5.36.0/unicore/lib/InPC/LeftAndR.pl", "/usr/share/perl/5.36.0/unicore/lib/InPC/NA.pl", "/usr/share/perl/5.36.0/unicore/lib/InPC/Overstru.pl", "/usr/share/perl/5.36.0/unicore/lib/InPC/Right.pl", "/usr/share/perl/5.36.0/unicore/lib/InPC/Top.pl", "/usr/share/perl/5.36.0/unicore/lib/InPC/TopAndBo.pl", "/usr/share/perl/5.36.0/unicore/lib/InPC/TopAndL2.pl", "/usr/share/perl/5.36.0/unicore/lib/InPC/TopAndLe.pl", "/usr/share/perl/5.36.0/unicore/lib/InPC/TopAndRi.pl", "/usr/share/perl/5.36.0/unicore/lib/InPC/VisualOr.pl", "/usr/share/perl/5.36.0/unicore/lib/InSC/Avagraha.pl", "/usr/share/perl/5.36.0/unicore/lib/InSC/Bindu.pl", "/usr/share/perl/5.36.0/unicore/lib/InSC/Cantilla.pl", "/usr/share/perl/5.36.0/unicore/lib/InSC/Consona2.pl", "/usr/share/perl/5.36.0/unicore/lib/InSC/Consona3.pl", "/usr/share/perl/5.36.0/unicore/lib/InSC/Consona4.pl", "/usr/share/perl/5.36.0/unicore/lib/InSC/Consona5.pl", "/usr/share/perl/5.36.0/unicore/lib/InSC/Consona6.pl", "/usr/share/perl/5.36.0/unicore/lib/InSC/Consona7.pl", "/usr/share/perl/5.36.0/unicore/lib/InSC/Consona8.pl", "/usr/share/perl/5.36.0/unicore/lib/InSC/Consonan.pl", "/usr/share/perl/5.36.0/unicore/lib/InSC/Invisibl.pl", "/usr/share/perl/5.36.0/unicore/lib/InSC/Nukta.pl", "/usr/share/perl/5.36.0/unicore/lib/InSC/Number.pl", "/usr/share/perl/5.36.0/unicore/lib/InSC/Other.pl", "/usr/share/perl/5.36.0/unicore/lib/InSC/PureKill.pl", "/usr/share/perl/5.36.0/unicore/lib/InSC/Syllable.pl", "/usr/share/perl/5.36.0/unicore/lib/InSC/ToneMark.pl", "/usr/share/perl/5.36.0/unicore/lib/InSC/Virama.pl", "/usr/share/perl/5.36.0/unicore/lib/InSC/Visarga.pl", "/usr/share/perl/5.36.0/unicore/lib/InSC/Vowel.pl", "/usr/share/perl/5.36.0/unicore/lib/InSC/VowelDep.pl", "/usr/share/perl/5.36.0/unicore/lib/InSC/VowelInd.pl", "/usr/share/perl/5.36.0/unicore/lib/Jg/Ain.pl", "/usr/share/perl/5.36.0/unicore/lib/Jg/Alef.pl", "/usr/share/perl/5.36.0/unicore/lib/Jg/Beh.pl", "/usr/share/perl/5.36.0/unicore/lib/Jg/Dal.pl", "/usr/share/perl/5.36.0/unicore/lib/Jg/FarsiYeh.pl", "/usr/share/perl/5.36.0/unicore/lib/Jg/Feh.pl", "/usr/share/perl/5.36.0/unicore/lib/Jg/Gaf.pl", "/usr/share/perl/5.36.0/unicore/lib/Jg/Hah.pl", "/usr/share/perl/5.36.0/unicore/lib/Jg/HanifiRo.pl", "/usr/share/perl/5.36.0/unicore/lib/Jg/Kaf.pl", "/usr/share/perl/5.36.0/unicore/lib/Jg/Lam.pl", "/usr/share/perl/5.36.0/unicore/lib/Jg/NoJoinin.pl", "/usr/share/perl/5.36.0/unicore/lib/Jg/Noon.pl", "/usr/share/perl/5.36.0/unicore/lib/Jg/Qaf.pl", "/usr/share/perl/5.36.0/unicore/lib/Jg/Reh.pl", "/usr/share/perl/5.36.0/unicore/lib/Jg/Sad.pl", "/usr/share/perl/5.36.0/unicore/lib/Jg/Seen.pl", "/usr/share/perl/5.36.0/unicore/lib/Jg/Tah.pl", "/usr/share/perl/5.36.0/unicore/lib/Jg/Waw.pl", "/usr/share/perl/5.36.0/unicore/lib/Jg/Yeh.pl", "/usr/share/perl/5.36.0/unicore/lib/Jt/C.pl", "/usr/share/perl/5.36.0/unicore/lib/Jt/D.pl", "/usr/share/perl/5.36.0/unicore/lib/Jt/L.pl", "/usr/share/perl/5.36.0/unicore/lib/Jt/R.pl", "/usr/share/perl/5.36.0/unicore/lib/Jt/T.pl", "/usr/share/perl/5.36.0/unicore/lib/Jt/U.pl", "/usr/share/perl/5.36.0/unicore/lib/Lb/AI.pl", "/usr/share/perl/5.36.0/unicore/lib/Lb/AL.pl", "/usr/share/perl/5.36.0/unicore/lib/Lb/BA.pl", "/usr/share/perl/5.36.0/unicore/lib/Lb/BB.pl", "/usr/share/perl/5.36.0/unicore/lib/Lb/CJ.pl", "/usr/share/perl/5.36.0/unicore/lib/Lb/CL.pl", "/usr/share/perl/5.36.0/unicore/lib/Lb/CM.pl", "/usr/share/perl/5.36.0/unicore/lib/Lb/EX.pl", "/usr/share/perl/5.36.0/unicore/lib/Lb/GL.pl", "/usr/share/perl/5.36.0/unicore/lib/Lb/ID.pl", "/usr/share/perl/5.36.0/unicore/lib/Lb/IN.pl", "/usr/share/perl/5.36.0/unicore/lib/Lb/IS.pl", "/usr/share/perl/5.36.0/unicore/lib/Lb/NS.pl", "/usr/share/perl/5.36.0/unicore/lib/Lb/NU.pl", "/usr/share/perl/5.36.0/unicore/lib/Lb/OP.pl", "/usr/share/perl/5.36.0/unicore/lib/Lb/PO.pl", "/usr/share/perl/5.36.0/unicore/lib/Lb/PR.pl", "/usr/share/perl/5.36.0/unicore/lib/Lb/QU.pl", "/usr/share/perl/5.36.0/unicore/lib/Lb/SA.pl", "/usr/share/perl/5.36.0/unicore/lib/Lb/XX.pl", "/usr/share/perl/5.36.0/unicore/lib/Lower/Y.pl", "/usr/share/perl/5.36.0/unicore/lib/Math/Y.pl", "/usr/share/perl/5.36.0/unicore/lib/NFCQC/M.pl", "/usr/share/perl/5.36.0/unicore/lib/NFCQC/Y.pl", "/usr/share/perl/5.36.0/unicore/lib/NFDQC/N.pl", "/usr/share/perl/5.36.0/unicore/lib/NFDQC/Y.pl", "/usr/share/perl/5.36.0/unicore/lib/NFKCQC/N.pl", "/usr/share/perl/5.36.0/unicore/lib/NFKCQC/Y.pl", "/usr/share/perl/5.36.0/unicore/lib/NFKDQC/N.pl", "/usr/share/perl/5.36.0/unicore/lib/NFKDQC/Y.pl", "/usr/share/perl/5.36.0/unicore/lib/Nt/Di.pl", "/usr/share/perl/5.36.0/unicore/lib/Nt/None.pl", "/usr/share/perl/5.36.0/unicore/lib/Nt/Nu.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/0.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/1.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/10.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/100.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/1000.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/10000.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/100000.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/11.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/12.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/13.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/14.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/15.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/16.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/17.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/18.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/19.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/1_16.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/1_2.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/1_3.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/1_4.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/1_6.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/1_8.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/2.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/20.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/200.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/2000.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/20000.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/2_3.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/3.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/30.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/300.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/3000.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/30000.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/3_16.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/3_4.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/4.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/40.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/400.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/4000.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/40000.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/5.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/50.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/500.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/5000.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/50000.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/6.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/60.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/600.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/6000.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/60000.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/7.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/70.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/700.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/7000.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/70000.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/8.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/80.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/800.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/8000.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/80000.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/9.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/90.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/900.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/9000.pl", "/usr/share/perl/5.36.0/unicore/lib/Nv/90000.pl", "/usr/share/perl/5.36.0/unicore/lib/PCM/Y.pl", "/usr/share/perl/5.36.0/unicore/lib/PatSyn/Y.pl", "/usr/share/perl/5.36.0/unicore/lib/Perl/Alnum.pl", "/usr/share/perl/5.36.0/unicore/lib/Perl/Assigned.pl", "/usr/share/perl/5.36.0/unicore/lib/Perl/Blank.pl", "/usr/share/perl/5.36.0/unicore/lib/Perl/Graph.pl", "/usr/share/perl/5.36.0/unicore/lib/Perl/PerlWord.pl", "/usr/share/perl/5.36.0/unicore/lib/Perl/PosixPun.pl", "/usr/share/perl/5.36.0/unicore/lib/Perl/Print.pl", "/usr/share/perl/5.36.0/unicore/lib/Perl/SpacePer.pl", "/usr/share/perl/5.36.0/unicore/lib/Perl/Title.pl", "/usr/share/perl/5.36.0/unicore/lib/Perl/Word.pl", "/usr/share/perl/5.36.0/unicore/lib/Perl/XPosixPu.pl", "/usr/share/perl/5.36.0/unicore/lib/Perl/_PerlAny.pl", "/usr/share/perl/5.36.0/unicore/lib/Perl/_PerlCh2.pl", "/usr/share/perl/5.36.0/unicore/lib/Perl/_PerlCha.pl", "/usr/share/perl/5.36.0/unicore/lib/Perl/_PerlFol.pl", "/usr/share/perl/5.36.0/unicore/lib/Perl/_PerlIDC.pl", "/usr/share/perl/5.36.0/unicore/lib/Perl/_PerlIDS.pl", "/usr/share/perl/5.36.0/unicore/lib/Perl/_PerlIsI.pl", "/usr/share/perl/5.36.0/unicore/lib/Perl/_PerlNch.pl", "/usr/share/perl/5.36.0/unicore/lib/Perl/_PerlPat.pl", "/usr/share/perl/5.36.0/unicore/lib/Perl/_PerlPr2.pl", "/usr/share/perl/5.36.0/unicore/lib/Perl/_PerlPro.pl", "/usr/share/perl/5.36.0/unicore/lib/Perl/_PerlQuo.pl", "/usr/share/perl/5.36.0/unicore/lib/QMark/Y.pl", "/usr/share/perl/5.36.0/unicore/lib/SB/AT.pl", "/usr/share/perl/5.36.0/unicore/lib/SB/CL.pl", "/usr/share/perl/5.36.0/unicore/lib/SB/EX.pl", "/usr/share/perl/5.36.0/unicore/lib/SB/FO.pl", "/usr/share/perl/5.36.0/unicore/lib/SB/LE.pl", "/usr/share/perl/5.36.0/unicore/lib/SB/LO.pl", "/usr/share/perl/5.36.0/unicore/lib/SB/NU.pl", "/usr/share/perl/5.36.0/unicore/lib/SB/SC.pl", "/usr/share/perl/5.36.0/unicore/lib/SB/ST.pl", "/usr/share/perl/5.36.0/unicore/lib/SB/Sp.pl", "/usr/share/perl/5.36.0/unicore/lib/SB/UP.pl", "/usr/share/perl/5.36.0/unicore/lib/SB/XX.pl", "/usr/share/perl/5.36.0/unicore/lib/SD/Y.pl", "/usr/share/perl/5.36.0/unicore/lib/STerm/Y.pl", "/usr/share/perl/5.36.0/unicore/lib/Sc/Arab.pl", "/usr/share/perl/5.36.0/unicore/lib/Sc/Beng.pl", "/usr/share/perl/5.36.0/unicore/lib/Sc/Cprt.pl", "/usr/share/perl/5.36.0/unicore/lib/Sc/Cyrl.pl", "/usr/share/perl/5.36.0/unicore/lib/Sc/Deva.pl", "/usr/share/perl/5.36.0/unicore/lib/Sc/Dupl.pl", "/usr/share/perl/5.36.0/unicore/lib/Sc/Geor.pl", "/usr/share/perl/5.36.0/unicore/lib/Sc/Glag.pl", "/usr/share/perl/5.36.0/unicore/lib/Sc/Gong.pl", "/usr/share/perl/5.36.0/unicore/lib/Sc/Gonm.pl", "/usr/share/perl/5.36.0/unicore/lib/Sc/Gran.pl", "/usr/share/perl/5.36.0/unicore/lib/Sc/Grek.pl", "/usr/share/perl/5.36.0/unicore/lib/Sc/Gujr.pl", "/usr/share/perl/5.36.0/unicore/lib/Sc/Guru.pl", "/usr/share/perl/5.36.0/unicore/lib/Sc/Han.pl", "/usr/share/perl/5.36.0/unicore/lib/Sc/Hang.pl", "/usr/share/perl/5.36.0/unicore/lib/Sc/Hira.pl", "/usr/share/perl/5.36.0/unicore/lib/Sc/Kana.pl", "/usr/share/perl/5.36.0/unicore/lib/Sc/Knda.pl", "/usr/share/perl/5.36.0/unicore/lib/Sc/Latn.pl", "/usr/share/perl/5.36.0/unicore/lib/Sc/Limb.pl", "/usr/share/perl/5.36.0/unicore/lib/Sc/Linb.pl", "/usr/share/perl/5.36.0/unicore/lib/Sc/Mlym.pl", "/usr/share/perl/5.36.0/unicore/lib/Sc/Mong.pl", "/usr/share/perl/5.36.0/unicore/lib/Sc/Mult.pl", "/usr/share/perl/5.36.0/unicore/lib/Sc/Orya.pl", "/usr/share/perl/5.36.0/unicore/lib/Sc/Sinh.pl", "/usr/share/perl/5.36.0/unicore/lib/Sc/Syrc.pl", "/usr/share/perl/5.36.0/unicore/lib/Sc/Taml.pl", "/usr/share/perl/5.36.0/unicore/lib/Sc/Telu.pl", "/usr/share/perl/5.36.0/unicore/lib/Sc/Zinh.pl", "/usr/share/perl/5.36.0/unicore/lib/Sc/Zyyy.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Adlm.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Arab.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Armn.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Beng.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Bhks.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Bopo.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Cakm.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Cham.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Copt.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Cprt.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Cyrl.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Deva.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Diak.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Dupl.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Ethi.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Geor.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Glag.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Gong.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Gonm.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Gran.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Grek.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Gujr.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Guru.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Han.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Hang.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Hebr.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Hira.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Hmng.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Hmnp.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Kana.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Khar.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Khmr.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Khoj.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Knda.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Kthi.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Lana.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Lao.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Latn.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Limb.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Lina.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Linb.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Mlym.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Mong.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Mult.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Mymr.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Nand.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Nko.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Orya.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Phlp.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Rohg.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Shrd.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Sind.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Sinh.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Syrc.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Tagb.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Takr.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Talu.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Taml.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Tang.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Telu.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Thaa.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Tibt.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Tirh.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Vith.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Xsux.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Yezi.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Yi.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Zinh.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Zyyy.pl", "/usr/share/perl/5.36.0/unicore/lib/Scx/Zzzz.pl", "/usr/share/perl/5.36.0/unicore/lib/Term/Y.pl", "/usr/share/perl/5.36.0/unicore/lib/UIdeo/Y.pl", "/usr/share/perl/5.36.0/unicore/lib/Upper/Y.pl", "/usr/share/perl/5.36.0/unicore/lib/VS/Y.pl", "/usr/share/perl/5.36.0/unicore/lib/Vo/R.pl", "/usr/share/perl/5.36.0/unicore/lib/Vo/Tr.pl", "/usr/share/perl/5.36.0/unicore/lib/Vo/Tu.pl", "/usr/share/perl/5.36.0/unicore/lib/Vo/U.pl", "/usr/share/perl/5.36.0/unicore/lib/WB/EX.pl", "/usr/share/perl/5.36.0/unicore/lib/WB/Extend.pl", "/usr/share/perl/5.36.0/unicore/lib/WB/FO.pl", "/usr/share/perl/5.36.0/unicore/lib/WB/HL.pl", "/usr/share/perl/5.36.0/unicore/lib/WB/KA.pl", "/usr/share/perl/5.36.0/unicore/lib/WB/LE.pl", "/usr/share/perl/5.36.0/unicore/lib/WB/MB.pl", "/usr/share/perl/5.36.0/unicore/lib/WB/ML.pl", "/usr/share/perl/5.36.0/unicore/lib/WB/MN.pl", "/usr/share/perl/5.36.0/unicore/lib/WB/NU.pl", "/usr/share/perl/5.36.0/unicore/lib/WB/WSegSpac.pl", "/usr/share/perl/5.36.0/unicore/lib/WB/XX.pl", "/usr/share/perl/5.36.0/unicore/lib/XIDC/Y.pl", "/usr/share/perl/5.36.0/unicore/lib/XIDS/Y.pl", "/usr/share/perl/5.36.0/unicore/uni_keywords.pl", "/usr/share/perl/5.36.0/unicore/version", "/usr/share/perl/5.36.0/utf8.pm", "/usr/share/perl/5.36.0/vars.pm", "/usr/share/perl/5.36.0/version.pm", "/usr/share/perl/5.36.0/version.pod", "/usr/share/perl/5.36.0/version/Internals.pod", "/usr/share/perl/5.36.0/version/regex.pm", "/usr/share/perl/5.36.0/vmsish.pm", "/usr/share/perl/5.36.0/warnings.pm", "/usr/share/perl/5.36.0/warnings/register.pm" ], "AnalyzedBy": "dpkg" }, { "ID": "procps@2:4.0.3-1ubuntu1.23.10.1", "Name": "procps", "Identifier": { "PURL": "pkg:deb/ubuntu/procps@4.0.3-1ubuntu1.23.10.1?arch=amd64\u0026distro=ubuntu-23.10\u0026epoch=2", "UID": "fcff75a13ceb8ff6" }, "Version": "4.0.3", "Release": "1ubuntu1.23.10.1", "Epoch": 2, "Arch": "amd64", "SrcName": "procps", "SrcVersion": "4.0.3", "SrcRelease": "1ubuntu1.23.10.1", "SrcEpoch": 2, "Licenses": [ "LGPL-2.1-or-later", "LGPL-2.0-or-later", "GPL-2.0-or-later", "GPL-2.0-only", "LGPL-2.0-only", "LGPL-2.1-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "init-system-helpers@1.65.2ubuntu1", "libc6@2.38-1ubuntu6.3", "libncursesw6@6.4+20230625-2", "libproc2-0@2:4.0.3-1ubuntu1.23.10.1", "libtinfo6@6.4+20230625-2" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/bin/kill", "/bin/ps", "/sbin/sysctl", "/usr/bin/free", "/usr/bin/pgrep", "/usr/bin/pidwait", "/usr/bin/pmap", "/usr/bin/pwdx", "/usr/bin/skill", "/usr/bin/slabtop", "/usr/bin/tload", "/usr/bin/top", "/usr/bin/uptime", "/usr/bin/vmstat", "/usr/bin/w", "/usr/bin/watch", "/usr/lib/sysctl.d/99-protect-links.conf", "/usr/share/bug/procps/presubj", "/usr/share/doc/procps/FAQ.gz", "/usr/share/doc/procps/README.Debian", "/usr/share/doc/procps/bugs.md", "/usr/share/doc/procps/copyright", "/usr/share/doc/procps/examples/sysctl.conf", "/usr/share/lintian/overrides/procps", "/usr/share/man/de/man1/free.1.gz", "/usr/share/man/de/man1/kill.1.gz", "/usr/share/man/de/man1/pgrep.1.gz", "/usr/share/man/de/man1/pidof.1.gz", "/usr/share/man/de/man1/pmap.1.gz", "/usr/share/man/de/man1/ps.1.gz", "/usr/share/man/de/man1/pwdx.1.gz", "/usr/share/man/de/man1/skill.1.gz", "/usr/share/man/de/man1/slabtop.1.gz", "/usr/share/man/de/man1/tload.1.gz", "/usr/share/man/de/man1/uptime.1.gz", "/usr/share/man/de/man1/w.1.gz", "/usr/share/man/de/man1/watch.1.gz", "/usr/share/man/de/man5/sysctl.conf.5.gz", "/usr/share/man/de/man8/sysctl.8.gz", "/usr/share/man/de/man8/vmstat.8.gz", "/usr/share/man/fr/man1/free.1.gz", "/usr/share/man/fr/man1/kill.1.gz", "/usr/share/man/fr/man1/pmap.1.gz", "/usr/share/man/fr/man1/ps.1.gz", "/usr/share/man/fr/man1/pwdx.1.gz", "/usr/share/man/fr/man1/skill.1.gz", "/usr/share/man/fr/man1/slabtop.1.gz", "/usr/share/man/fr/man1/tload.1.gz", "/usr/share/man/fr/man1/uptime.1.gz", "/usr/share/man/fr/man1/w.1.gz", "/usr/share/man/fr/man1/watch.1.gz", "/usr/share/man/fr/man5/sysctl.conf.5.gz", "/usr/share/man/fr/man8/sysctl.8.gz", "/usr/share/man/fr/man8/vmstat.8.gz", "/usr/share/man/man1/free.1.gz", "/usr/share/man/man1/kill.1.gz", "/usr/share/man/man1/pgrep.1.gz", "/usr/share/man/man1/pmap.1.gz", "/usr/share/man/man1/ps.1.gz", "/usr/share/man/man1/pwdx.1.gz", "/usr/share/man/man1/skill.1.gz", "/usr/share/man/man1/slabtop.1.gz", "/usr/share/man/man1/tload.1.gz", "/usr/share/man/man1/top.1.gz", "/usr/share/man/man1/uptime.1.gz", "/usr/share/man/man1/w.1.gz", "/usr/share/man/man1/watch.1.gz", "/usr/share/man/man3/procps.3.gz", "/usr/share/man/man3/procps_misc.3.gz", "/usr/share/man/man3/procps_pids.3.gz", "/usr/share/man/man5/sysctl.conf.5.gz", "/usr/share/man/man8/sysctl.8.gz", "/usr/share/man/man8/vmstat.8.gz", "/usr/share/man/pl/man1/free.1.gz", "/usr/share/man/pl/man1/pgrep.1.gz", "/usr/share/man/pl/man1/pmap.1.gz", "/usr/share/man/pl/man1/uptime.1.gz", "/usr/share/man/pl/man3/procps.3.gz", "/usr/share/man/pl/man3/procps_misc.3.gz", "/usr/share/man/pl/man3/procps_pids.3.gz", "/usr/share/man/pl/man8/vmstat.8.gz", "/usr/share/man/pt_BR/man1/free.1.gz", "/usr/share/man/pt_BR/man1/kill.1.gz", "/usr/share/man/pt_BR/man1/pmap.1.gz", "/usr/share/man/pt_BR/man1/pwdx.1.gz", "/usr/share/man/pt_BR/man1/skill.1.gz", "/usr/share/man/pt_BR/man1/slabtop.1.gz", "/usr/share/man/pt_BR/man1/tload.1.gz", "/usr/share/man/pt_BR/man1/uptime.1.gz", "/usr/share/man/pt_BR/man1/w.1.gz", "/usr/share/man/pt_BR/man1/watch.1.gz", "/usr/share/man/pt_BR/man5/sysctl.conf.5.gz", "/usr/share/man/pt_BR/man8/sysctl.8.gz", "/usr/share/man/pt_BR/man8/vmstat.8.gz", "/usr/share/man/sv/man1/free.1.gz", "/usr/share/man/sv/man1/kill.1.gz", "/usr/share/man/sv/man1/pgrep.1.gz", "/usr/share/man/sv/man1/pidof.1.gz", "/usr/share/man/sv/man1/pmap.1.gz", "/usr/share/man/sv/man1/ps.1.gz", "/usr/share/man/sv/man1/pwdx.1.gz", "/usr/share/man/sv/man1/skill.1.gz", "/usr/share/man/sv/man1/slabtop.1.gz", "/usr/share/man/sv/man1/tload.1.gz", "/usr/share/man/sv/man1/top.1.gz", "/usr/share/man/sv/man1/uptime.1.gz", "/usr/share/man/sv/man1/w.1.gz", "/usr/share/man/sv/man1/watch.1.gz", "/usr/share/man/sv/man3/procps.3.gz", "/usr/share/man/sv/man3/procps_misc.3.gz", "/usr/share/man/sv/man3/procps_pids.3.gz", "/usr/share/man/sv/man5/sysctl.conf.5.gz", "/usr/share/man/sv/man8/sysctl.8.gz", "/usr/share/man/sv/man8/vmstat.8.gz", "/usr/share/man/uk/man1/free.1.gz", "/usr/share/man/uk/man1/kill.1.gz", "/usr/share/man/uk/man1/pgrep.1.gz", "/usr/share/man/uk/man1/pidof.1.gz", "/usr/share/man/uk/man1/pmap.1.gz", "/usr/share/man/uk/man1/ps.1.gz", "/usr/share/man/uk/man1/pwdx.1.gz", "/usr/share/man/uk/man1/skill.1.gz", "/usr/share/man/uk/man1/slabtop.1.gz", "/usr/share/man/uk/man1/tload.1.gz", "/usr/share/man/uk/man1/top.1.gz", "/usr/share/man/uk/man1/uptime.1.gz", "/usr/share/man/uk/man1/w.1.gz", "/usr/share/man/uk/man1/watch.1.gz", "/usr/share/man/uk/man3/procps.3.gz", "/usr/share/man/uk/man3/procps_misc.3.gz", "/usr/share/man/uk/man3/procps_pids.3.gz", "/usr/share/man/uk/man5/sysctl.conf.5.gz", "/usr/share/man/uk/man8/sysctl.8.gz", "/usr/share/man/uk/man8/vmstat.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "sed@4.9-1", "Name": "sed", "Identifier": { "PURL": "pkg:deb/ubuntu/sed@4.9-1?arch=amd64\u0026distro=ubuntu-23.10", "UID": "6f9cf0fa7782e210" }, "Version": "4.9", "Release": "1", "Arch": "amd64", "SrcName": "sed", "SrcVersion": "4.9", "SrcRelease": "1", "Licenses": [ "GPL-3.0-or-later", "GPL-3.0-only", "X11", "GFDL-1.3-no-invariants-or-later", "GFDL-1.3-only", "ISC", "BSD-4-Clause-UC", "BSL-1", "pcre" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/bin/sed", "/usr/share/doc/sed/AUTHORS", "/usr/share/doc/sed/BUGS.gz", "/usr/share/doc/sed/NEWS.gz", "/usr/share/doc/sed/README", "/usr/share/doc/sed/THANKS.gz", "/usr/share/doc/sed/changelog.Debian.gz", "/usr/share/doc/sed/copyright", "/usr/share/doc/sed/examples/dc.sed", "/usr/share/doc/sed/sedfaq.txt.gz", "/usr/share/info/sed.info.gz", "/usr/share/man/man1/sed.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "sensible-utils@0.0.20", "Name": "sensible-utils", "Identifier": { "PURL": "pkg:deb/ubuntu/sensible-utils@0.0.20?arch=all\u0026distro=ubuntu-23.10", "UID": "27f913c6200324e6" }, "Version": "0.0.20", "Arch": "all", "SrcName": "sensible-utils", "SrcVersion": "0.0.20", "Licenses": [ "GPL-2.0-or-later", "All-permissive", "configure", "installsh", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/usr/bin/select-editor", "/usr/bin/sensible-browser", "/usr/bin/sensible-editor", "/usr/bin/sensible-pager", "/usr/bin/sensible-terminal", "/usr/lib/mime/packages/sensible-utils", "/usr/share/doc/sensible-utils/changelog.gz", "/usr/share/doc/sensible-utils/copyright", "/usr/share/man/de/man1/select-editor.1.gz", "/usr/share/man/de/man1/sensible-browser.1.gz", "/usr/share/man/de/man1/sensible-pager.1.gz", "/usr/share/man/fr/man1/select-editor.1.gz", "/usr/share/man/fr/man1/sensible-browser.1.gz", "/usr/share/man/fr/man1/sensible-editor.1.gz", "/usr/share/man/fr/man1/sensible-pager.1.gz", "/usr/share/man/man1/select-editor.1.gz", "/usr/share/man/man1/sensible-browser.1.gz", "/usr/share/man/man1/sensible-editor.1.gz", "/usr/share/man/man1/sensible-pager.1.gz", "/usr/share/man/man1/sensible-terminal.1.gz", "/usr/share/man/pt/man1/select-editor.1.gz", "/usr/share/man/pt/man1/sensible-browser.1.gz", "/usr/share/man/pt/man1/sensible-pager.1.gz", "/usr/share/sensible-utils/bin/gettext" ], "AnalyzedBy": "dpkg" }, { "ID": "sgml-base@1.31", "Name": "sgml-base", "Identifier": { "PURL": "pkg:deb/ubuntu/sgml-base@1.31?arch=all\u0026distro=ubuntu-23.10", "UID": "d74efaf2a0d360c5" }, "Version": "1.31", "Arch": "all", "SrcName": "sgml-base", "SrcVersion": "1.31", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" }, "InstalledFiles": [ "/usr/sbin/install-sgmlcatalog", "/usr/sbin/update-catalog", "/usr/share/doc/sgml-base/NEWS.Debian.gz", "/usr/share/doc/sgml-base/README.Debian", "/usr/share/doc/sgml-base/TODO", "/usr/share/doc/sgml-base/changelog.gz", "/usr/share/doc/sgml-base/copyright", "/usr/share/doc/sgml-base/examples/postinst", "/usr/share/doc/sgml-base/examples/postrm", "/usr/share/doc/sgml-base/examples/prerm", "/usr/share/lintian/overrides/sgml-base", "/usr/share/man/man8/install-sgmlcatalog.8.gz", "/usr/share/man/man8/update-catalog.8.gz", "/usr/share/sgml-base/catalog.centralized", "/usr/share/sgml-base/catalog.super", "/usr/share/sgml-base/transitional.cat" ], "AnalyzedBy": "dpkg" }, { "ID": "squid@6.1-2ubuntu1.3", "Name": "squid", "Identifier": { "PURL": "pkg:deb/ubuntu/squid@6.1-2ubuntu1.3?arch=amd64\u0026distro=ubuntu-23.10", "UID": "7d58078041a76e79" }, "Version": "6.1", "Release": "2ubuntu1.3", "Arch": "amd64", "SrcName": "squid", "SrcVersion": "6.1", "SrcRelease": "2ubuntu1.3", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3", "libcap2@1:2.66-4ubuntu1", "libcom-err2@1.47.0-2ubuntu1", "libcrypt1@1:4.4.36-2", "libdbi-perl@1.643-4", "libecap3@1.0.1-3.4ubuntu1", "libgcc-s1@13.2.0-4ubuntu3", "libgnutls30@3.8.1-4ubuntu1.3", "libgssapi-krb5-2@1.20.1-3ubuntu1", "libkrb5-3@1.20.1-3ubuntu1", "libldap2@2.6.6+dfsg-1~exp1ubuntu1", "libltdl7@2.4.7-7", "libnettle8@3.9.1-2", "libpam0g@1.5.2-6ubuntu1.1", "libsasl2-2@2.1.28+dfsg1-3", "libstdc++6@13.2.0-4ubuntu3", "libsystemd0@253.5-1ubuntu6.1", "libtdb1@1.4.9-2", "logrotate@3.21.0-1", "netbase@6.4", "squid-common@6.1-2ubuntu1.3", "ssl-cert@1.1.2ubuntu1" ], "Layer": { "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" }, "InstalledFiles": [ "/lib/systemd/system/squid.service", "/usr/lib/squid/basic_db_auth", "/usr/lib/squid/basic_fake_auth", "/usr/lib/squid/basic_getpwnam_auth", "/usr/lib/squid/basic_ldap_auth", "/usr/lib/squid/basic_ncsa_auth", "/usr/lib/squid/basic_pam_auth", "/usr/lib/squid/basic_pop3_auth", "/usr/lib/squid/basic_radius_auth", "/usr/lib/squid/basic_sasl_auth", "/usr/lib/squid/basic_smb_auth", "/usr/lib/squid/basic_smb_auth.sh", "/usr/lib/squid/cert_tool", "/usr/lib/squid/digest_file_auth", "/usr/lib/squid/digest_ldap_auth", "/usr/lib/squid/diskd", "/usr/lib/squid/ext_file_userip_acl", "/usr/lib/squid/ext_kerberos_ldap_group_acl", "/usr/lib/squid/ext_ldap_group_acl", "/usr/lib/squid/ext_session_acl", "/usr/lib/squid/ext_sql_session_acl", "/usr/lib/squid/ext_time_quota_acl", "/usr/lib/squid/ext_unix_group_acl", "/usr/lib/squid/ext_wbinfo_group_acl", "/usr/lib/squid/helper-mux", "/usr/lib/squid/log_db_daemon", "/usr/lib/squid/log_file_daemon", "/usr/lib/squid/negotiate_kerberos_auth", "/usr/lib/squid/negotiate_kerberos_auth_test", "/usr/lib/squid/negotiate_wrapper_auth", "/usr/lib/squid/ntlm_fake_auth", "/usr/lib/squid/ntlm_smb_lm_auth", "/usr/lib/squid/pinger", "/usr/lib/squid/security_fake_certverify", "/usr/lib/squid/storeid_file_rewrite", "/usr/lib/squid/unlinkd", "/usr/lib/squid/url_fake_rewrite", "/usr/lib/squid/url_fake_rewrite.sh", "/usr/lib/tmpfiles.d/squid.conf", "/usr/sbin/squid", "/usr/share/doc/squid/NEWS.Debian.gz", "/usr/share/doc/squid/README.Debian", "/usr/share/doc/squid/changelog.Debian.gz", "/usr/share/doc/squid/copyright", "/usr/share/man/man8/basic_db_auth.8.gz", "/usr/share/man/man8/basic_getpwnam_auth.8.gz", "/usr/share/man/man8/basic_ldap_auth.8.gz", "/usr/share/man/man8/basic_ncsa_auth.8.gz", "/usr/share/man/man8/basic_pam_auth.8.gz", "/usr/share/man/man8/basic_pop3_auth.8.gz", "/usr/share/man/man8/basic_radius_auth.8.gz", "/usr/share/man/man8/basic_sasl_auth.8.gz", "/usr/share/man/man8/digest_file_auth.8.gz", "/usr/share/man/man8/ext_file_userip_acl.8.gz", "/usr/share/man/man8/ext_ldap_group_acl.8.gz", "/usr/share/man/man8/ext_session_acl.8.gz", "/usr/share/man/man8/ext_sql_session_acl.8.gz", "/usr/share/man/man8/ext_time_quota_acl.8.gz", "/usr/share/man/man8/ext_unix_group_acl.8.gz", "/usr/share/man/man8/ext_wbinfo_group_acl.8.gz", "/usr/share/man/man8/log_db_daemon.8.gz", "/usr/share/man/man8/negotiate_kerberos_auth.8.gz", "/usr/share/man/man8/security_fake_certverify.8.gz", "/usr/share/man/man8/squid.8.gz", "/usr/share/man/man8/storeid_file_rewrite.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "squid-common@6.1-2ubuntu1.3", "Name": "squid-common", "Identifier": { "PURL": "pkg:deb/ubuntu/squid-common@6.1-2ubuntu1.3?arch=all\u0026distro=ubuntu-23.10", "UID": "799b8bc83634fc04" }, "Version": "6.1", "Release": "2ubuntu1.3", "Arch": "all", "SrcName": "squid", "SrcVersion": "6.1", "SrcRelease": "2ubuntu1.3", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "squid-langpack@20220130-1" ], "Layer": { "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" }, "InstalledFiles": [ "/usr/share/doc/squid-common/CONTRIBUTORS.gz", "/usr/share/doc/squid-common/CREDITS.gz", "/usr/share/doc/squid-common/NEWS.Debian.gz", "/usr/share/doc/squid-common/QUICKSTART", "/usr/share/doc/squid-common/README", "/usr/share/doc/squid-common/RELEASENOTES.html", "/usr/share/doc/squid-common/SPONSORS.gz", "/usr/share/doc/squid-common/changelog.Debian.gz", "/usr/share/doc/squid-common/copyright", "/usr/share/doc/squid-common/squid.conf.documented.gz", "/usr/share/squid/icons/SN.png", "/usr/share/squid/icons/silk/application.png", "/usr/share/squid/icons/silk/arrow_up.png", "/usr/share/squid/icons/silk/bomb.png", "/usr/share/squid/icons/silk/box.png", "/usr/share/squid/icons/silk/bricks.png", "/usr/share/squid/icons/silk/bullet_red.png", "/usr/share/squid/icons/silk/cd.png", "/usr/share/squid/icons/silk/chart_line.png", "/usr/share/squid/icons/silk/compress.png", "/usr/share/squid/icons/silk/computer_link.png", "/usr/share/squid/icons/silk/css.png", "/usr/share/squid/icons/silk/cup.png", "/usr/share/squid/icons/silk/database.png", "/usr/share/squid/icons/silk/database_table.png", "/usr/share/squid/icons/silk/drive_disk.png", "/usr/share/squid/icons/silk/film.png", "/usr/share/squid/icons/silk/film_key.png", "/usr/share/squid/icons/silk/folder.png", "/usr/share/squid/icons/silk/folder_table.png", "/usr/share/squid/icons/silk/image.png", "/usr/share/squid/icons/silk/information.png", "/usr/share/squid/icons/silk/layers.png", "/usr/share/squid/icons/silk/layout.png", "/usr/share/squid/icons/silk/link.png", "/usr/share/squid/icons/silk/music.png", "/usr/share/squid/icons/silk/package.png", "/usr/share/squid/icons/silk/package_go.png", "/usr/share/squid/icons/silk/page_code.png", "/usr/share/squid/icons/silk/page_excel.png", "/usr/share/squid/icons/silk/page_green.png", "/usr/share/squid/icons/silk/page_white.png", "/usr/share/squid/icons/silk/page_white_acrobat.png", "/usr/share/squid/icons/silk/page_white_c.png", "/usr/share/squid/icons/silk/page_white_cplusplus.png", "/usr/share/squid/icons/silk/page_white_flash.png", "/usr/share/squid/icons/silk/page_white_magnify.png", "/usr/share/squid/icons/silk/page_white_picture.png", "/usr/share/squid/icons/silk/page_white_powerpoint.png", "/usr/share/squid/icons/silk/page_white_stack.png", "/usr/share/squid/icons/silk/page_white_text.png", "/usr/share/squid/icons/silk/page_white_word.png", "/usr/share/squid/icons/silk/page_white_zip.png", "/usr/share/squid/icons/silk/page_world.png", "/usr/share/squid/icons/silk/photo.png", "/usr/share/squid/icons/silk/picture.png", "/usr/share/squid/icons/silk/plugin.png", "/usr/share/squid/icons/silk/plugin_add.png", "/usr/share/squid/icons/silk/script.png", "/usr/share/squid/icons/silk/script_gear.png", "/usr/share/squid/icons/silk/script_palette.png", "/usr/share/squid/mib.txt", "/usr/share/squid/mime.conf" ], "AnalyzedBy": "dpkg" }, { "ID": "squid-langpack@20220130-1", "Name": "squid-langpack", "Identifier": { "PURL": "pkg:deb/ubuntu/squid-langpack@20220130-1?arch=all\u0026distro=ubuntu-23.10", "UID": "641a90f042701335" }, "Version": "20220130", "Release": "1", "Arch": "all", "SrcName": "squid-langpack", "SrcVersion": "20220130", "SrcRelease": "1", "Licenses": [ "GPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" }, "InstalledFiles": [ "/usr/share/doc/squid-langpack/changelog.Debian.gz", "/usr/share/doc/squid-langpack/copyright", "/usr/share/squid-langpack/af/ERR_ACCESS_DENIED", "/usr/share/squid-langpack/af/ERR_ACL_TIME_QUOTA_EXCEEDED", "/usr/share/squid-langpack/af/ERR_AGENT_CONFIGURE", "/usr/share/squid-langpack/af/ERR_AGENT_WPAD", "/usr/share/squid-langpack/af/ERR_CACHE_ACCESS_DENIED", "/usr/share/squid-langpack/af/ERR_CACHE_MGR_ACCESS_DENIED", "/usr/share/squid-langpack/af/ERR_CANNOT_FORWARD", "/usr/share/squid-langpack/af/ERR_CONFLICT_HOST", "/usr/share/squid-langpack/af/ERR_CONNECT_FAIL", "/usr/share/squid-langpack/af/ERR_DIR_LISTING", "/usr/share/squid-langpack/af/ERR_DNS_FAIL", "/usr/share/squid-langpack/af/ERR_ESI", "/usr/share/squid-langpack/af/ERR_FORWARDING_DENIED", "/usr/share/squid-langpack/af/ERR_FTP_DISABLED", "/usr/share/squid-langpack/af/ERR_FTP_FAILURE", "/usr/share/squid-langpack/af/ERR_FTP_FORBIDDEN", "/usr/share/squid-langpack/af/ERR_FTP_NOT_FOUND", "/usr/share/squid-langpack/af/ERR_FTP_PUT_CREATED", "/usr/share/squid-langpack/af/ERR_FTP_PUT_ERROR", "/usr/share/squid-langpack/af/ERR_FTP_PUT_MODIFIED", "/usr/share/squid-langpack/af/ERR_FTP_UNAVAILABLE", "/usr/share/squid-langpack/af/ERR_GATEWAY_FAILURE", "/usr/share/squid-langpack/af/ERR_ICAP_FAILURE", "/usr/share/squid-langpack/af/ERR_INVALID_REQ", "/usr/share/squid-langpack/af/ERR_INVALID_RESP", "/usr/share/squid-langpack/af/ERR_INVALID_URL", "/usr/share/squid-langpack/af/ERR_LIFETIME_EXP", "/usr/share/squid-langpack/af/ERR_NO_RELAY", "/usr/share/squid-langpack/af/ERR_ONLY_IF_CACHED_MISS", "/usr/share/squid-langpack/af/ERR_PRECONDITION_FAILED", "/usr/share/squid-langpack/af/ERR_PROTOCOL_UNKNOWN", "/usr/share/squid-langpack/af/ERR_READ_ERROR", "/usr/share/squid-langpack/af/ERR_READ_TIMEOUT", "/usr/share/squid-langpack/af/ERR_SECURE_CONNECT_FAIL", "/usr/share/squid-langpack/af/ERR_SHUTTING_DOWN", "/usr/share/squid-langpack/af/ERR_SOCKET_FAILURE", "/usr/share/squid-langpack/af/ERR_TOO_BIG", "/usr/share/squid-langpack/af/ERR_UNSUP_HTTPVERSION", "/usr/share/squid-langpack/af/ERR_UNSUP_REQ", "/usr/share/squid-langpack/af/ERR_URN_RESOLVE", "/usr/share/squid-langpack/af/ERR_WRITE_ERROR", "/usr/share/squid-langpack/af/ERR_ZERO_SIZE_OBJECT", "/usr/share/squid-langpack/af/error-details.txt", "/usr/share/squid-langpack/ar/ERR_ACCESS_DENIED", "/usr/share/squid-langpack/ar/ERR_ACL_TIME_QUOTA_EXCEEDED", "/usr/share/squid-langpack/ar/ERR_AGENT_CONFIGURE", "/usr/share/squid-langpack/ar/ERR_AGENT_WPAD", "/usr/share/squid-langpack/ar/ERR_CACHE_ACCESS_DENIED", "/usr/share/squid-langpack/ar/ERR_CACHE_MGR_ACCESS_DENIED", "/usr/share/squid-langpack/ar/ERR_CANNOT_FORWARD", "/usr/share/squid-langpack/ar/ERR_CONFLICT_HOST", "/usr/share/squid-langpack/ar/ERR_CONNECT_FAIL", "/usr/share/squid-langpack/ar/ERR_DIR_LISTING", "/usr/share/squid-langpack/ar/ERR_DNS_FAIL", "/usr/share/squid-langpack/ar/ERR_ESI", "/usr/share/squid-langpack/ar/ERR_FORWARDING_DENIED", "/usr/share/squid-langpack/ar/ERR_FTP_DISABLED", "/usr/share/squid-langpack/ar/ERR_FTP_FAILURE", "/usr/share/squid-langpack/ar/ERR_FTP_FORBIDDEN", "/usr/share/squid-langpack/ar/ERR_FTP_NOT_FOUND", "/usr/share/squid-langpack/ar/ERR_FTP_PUT_CREATED", "/usr/share/squid-langpack/ar/ERR_FTP_PUT_ERROR", "/usr/share/squid-langpack/ar/ERR_FTP_PUT_MODIFIED", "/usr/share/squid-langpack/ar/ERR_FTP_UNAVAILABLE", "/usr/share/squid-langpack/ar/ERR_GATEWAY_FAILURE", "/usr/share/squid-langpack/ar/ERR_ICAP_FAILURE", "/usr/share/squid-langpack/ar/ERR_INVALID_REQ", "/usr/share/squid-langpack/ar/ERR_INVALID_RESP", "/usr/share/squid-langpack/ar/ERR_INVALID_URL", "/usr/share/squid-langpack/ar/ERR_LIFETIME_EXP", "/usr/share/squid-langpack/ar/ERR_NO_RELAY", "/usr/share/squid-langpack/ar/ERR_ONLY_IF_CACHED_MISS", "/usr/share/squid-langpack/ar/ERR_PRECONDITION_FAILED", "/usr/share/squid-langpack/ar/ERR_PROTOCOL_UNKNOWN", "/usr/share/squid-langpack/ar/ERR_READ_ERROR", "/usr/share/squid-langpack/ar/ERR_READ_TIMEOUT", "/usr/share/squid-langpack/ar/ERR_SECURE_CONNECT_FAIL", "/usr/share/squid-langpack/ar/ERR_SHUTTING_DOWN", "/usr/share/squid-langpack/ar/ERR_SOCKET_FAILURE", "/usr/share/squid-langpack/ar/ERR_TOO_BIG", "/usr/share/squid-langpack/ar/ERR_UNSUP_HTTPVERSION", "/usr/share/squid-langpack/ar/ERR_UNSUP_REQ", "/usr/share/squid-langpack/ar/ERR_URN_RESOLVE", "/usr/share/squid-langpack/ar/ERR_WRITE_ERROR", "/usr/share/squid-langpack/ar/ERR_ZERO_SIZE_OBJECT", "/usr/share/squid-langpack/ar/error-details.txt", "/usr/share/squid-langpack/az/ERR_ACCESS_DENIED", "/usr/share/squid-langpack/az/ERR_ACL_TIME_QUOTA_EXCEEDED", "/usr/share/squid-langpack/az/ERR_AGENT_CONFIGURE", "/usr/share/squid-langpack/az/ERR_AGENT_WPAD", "/usr/share/squid-langpack/az/ERR_CACHE_ACCESS_DENIED", "/usr/share/squid-langpack/az/ERR_CACHE_MGR_ACCESS_DENIED", "/usr/share/squid-langpack/az/ERR_CANNOT_FORWARD", "/usr/share/squid-langpack/az/ERR_CONFLICT_HOST", "/usr/share/squid-langpack/az/ERR_CONNECT_FAIL", "/usr/share/squid-langpack/az/ERR_DIR_LISTING", "/usr/share/squid-langpack/az/ERR_DNS_FAIL", "/usr/share/squid-langpack/az/ERR_ESI", "/usr/share/squid-langpack/az/ERR_FORWARDING_DENIED", "/usr/share/squid-langpack/az/ERR_FTP_DISABLED", "/usr/share/squid-langpack/az/ERR_FTP_FAILURE", "/usr/share/squid-langpack/az/ERR_FTP_FORBIDDEN", "/usr/share/squid-langpack/az/ERR_FTP_NOT_FOUND", "/usr/share/squid-langpack/az/ERR_FTP_PUT_CREATED", "/usr/share/squid-langpack/az/ERR_FTP_PUT_ERROR", "/usr/share/squid-langpack/az/ERR_FTP_PUT_MODIFIED", "/usr/share/squid-langpack/az/ERR_FTP_UNAVAILABLE", "/usr/share/squid-langpack/az/ERR_GATEWAY_FAILURE", "/usr/share/squid-langpack/az/ERR_ICAP_FAILURE", "/usr/share/squid-langpack/az/ERR_INVALID_REQ", "/usr/share/squid-langpack/az/ERR_INVALID_RESP", "/usr/share/squid-langpack/az/ERR_INVALID_URL", "/usr/share/squid-langpack/az/ERR_LIFETIME_EXP", "/usr/share/squid-langpack/az/ERR_NO_RELAY", "/usr/share/squid-langpack/az/ERR_ONLY_IF_CACHED_MISS", "/usr/share/squid-langpack/az/ERR_PRECONDITION_FAILED", "/usr/share/squid-langpack/az/ERR_PROTOCOL_UNKNOWN", "/usr/share/squid-langpack/az/ERR_READ_ERROR", "/usr/share/squid-langpack/az/ERR_READ_TIMEOUT", "/usr/share/squid-langpack/az/ERR_SECURE_CONNECT_FAIL", "/usr/share/squid-langpack/az/ERR_SHUTTING_DOWN", "/usr/share/squid-langpack/az/ERR_SOCKET_FAILURE", "/usr/share/squid-langpack/az/ERR_TOO_BIG", "/usr/share/squid-langpack/az/ERR_UNSUP_HTTPVERSION", "/usr/share/squid-langpack/az/ERR_UNSUP_REQ", "/usr/share/squid-langpack/az/ERR_URN_RESOLVE", "/usr/share/squid-langpack/az/ERR_WRITE_ERROR", "/usr/share/squid-langpack/az/ERR_ZERO_SIZE_OBJECT", "/usr/share/squid-langpack/az/error-details.txt", "/usr/share/squid-langpack/bg/ERR_ACCESS_DENIED", "/usr/share/squid-langpack/bg/ERR_ACL_TIME_QUOTA_EXCEEDED", "/usr/share/squid-langpack/bg/ERR_AGENT_CONFIGURE", "/usr/share/squid-langpack/bg/ERR_AGENT_WPAD", "/usr/share/squid-langpack/bg/ERR_CACHE_ACCESS_DENIED", "/usr/share/squid-langpack/bg/ERR_CACHE_MGR_ACCESS_DENIED", "/usr/share/squid-langpack/bg/ERR_CANNOT_FORWARD", "/usr/share/squid-langpack/bg/ERR_CONFLICT_HOST", "/usr/share/squid-langpack/bg/ERR_CONNECT_FAIL", "/usr/share/squid-langpack/bg/ERR_DIR_LISTING", "/usr/share/squid-langpack/bg/ERR_DNS_FAIL", "/usr/share/squid-langpack/bg/ERR_ESI", "/usr/share/squid-langpack/bg/ERR_FORWARDING_DENIED", "/usr/share/squid-langpack/bg/ERR_FTP_DISABLED", "/usr/share/squid-langpack/bg/ERR_FTP_FAILURE", "/usr/share/squid-langpack/bg/ERR_FTP_FORBIDDEN", "/usr/share/squid-langpack/bg/ERR_FTP_NOT_FOUND", "/usr/share/squid-langpack/bg/ERR_FTP_PUT_CREATED", "/usr/share/squid-langpack/bg/ERR_FTP_PUT_ERROR", "/usr/share/squid-langpack/bg/ERR_FTP_PUT_MODIFIED", "/usr/share/squid-langpack/bg/ERR_FTP_UNAVAILABLE", "/usr/share/squid-langpack/bg/ERR_GATEWAY_FAILURE", "/usr/share/squid-langpack/bg/ERR_ICAP_FAILURE", "/usr/share/squid-langpack/bg/ERR_INVALID_REQ", "/usr/share/squid-langpack/bg/ERR_INVALID_RESP", "/usr/share/squid-langpack/bg/ERR_INVALID_URL", "/usr/share/squid-langpack/bg/ERR_LIFETIME_EXP", "/usr/share/squid-langpack/bg/ERR_NO_RELAY", "/usr/share/squid-langpack/bg/ERR_ONLY_IF_CACHED_MISS", "/usr/share/squid-langpack/bg/ERR_PRECONDITION_FAILED", "/usr/share/squid-langpack/bg/ERR_PROTOCOL_UNKNOWN", "/usr/share/squid-langpack/bg/ERR_READ_ERROR", "/usr/share/squid-langpack/bg/ERR_READ_TIMEOUT", "/usr/share/squid-langpack/bg/ERR_SECURE_CONNECT_FAIL", "/usr/share/squid-langpack/bg/ERR_SHUTTING_DOWN", "/usr/share/squid-langpack/bg/ERR_SOCKET_FAILURE", "/usr/share/squid-langpack/bg/ERR_TOO_BIG", "/usr/share/squid-langpack/bg/ERR_UNSUP_HTTPVERSION", "/usr/share/squid-langpack/bg/ERR_UNSUP_REQ", "/usr/share/squid-langpack/bg/ERR_URN_RESOLVE", "/usr/share/squid-langpack/bg/ERR_WRITE_ERROR", "/usr/share/squid-langpack/bg/ERR_ZERO_SIZE_OBJECT", "/usr/share/squid-langpack/bg/error-details.txt", "/usr/share/squid-langpack/ca/ERR_ACCESS_DENIED", "/usr/share/squid-langpack/ca/ERR_ACL_TIME_QUOTA_EXCEEDED", "/usr/share/squid-langpack/ca/ERR_AGENT_CONFIGURE", "/usr/share/squid-langpack/ca/ERR_AGENT_WPAD", "/usr/share/squid-langpack/ca/ERR_CACHE_ACCESS_DENIED", "/usr/share/squid-langpack/ca/ERR_CACHE_MGR_ACCESS_DENIED", "/usr/share/squid-langpack/ca/ERR_CANNOT_FORWARD", "/usr/share/squid-langpack/ca/ERR_CONFLICT_HOST", "/usr/share/squid-langpack/ca/ERR_CONNECT_FAIL", "/usr/share/squid-langpack/ca/ERR_DIR_LISTING", "/usr/share/squid-langpack/ca/ERR_DNS_FAIL", "/usr/share/squid-langpack/ca/ERR_ESI", "/usr/share/squid-langpack/ca/ERR_FORWARDING_DENIED", "/usr/share/squid-langpack/ca/ERR_FTP_DISABLED", "/usr/share/squid-langpack/ca/ERR_FTP_FAILURE", "/usr/share/squid-langpack/ca/ERR_FTP_FORBIDDEN", "/usr/share/squid-langpack/ca/ERR_FTP_NOT_FOUND", "/usr/share/squid-langpack/ca/ERR_FTP_PUT_CREATED", "/usr/share/squid-langpack/ca/ERR_FTP_PUT_ERROR", "/usr/share/squid-langpack/ca/ERR_FTP_PUT_MODIFIED", "/usr/share/squid-langpack/ca/ERR_FTP_UNAVAILABLE", "/usr/share/squid-langpack/ca/ERR_GATEWAY_FAILURE", "/usr/share/squid-langpack/ca/ERR_ICAP_FAILURE", "/usr/share/squid-langpack/ca/ERR_INVALID_REQ", "/usr/share/squid-langpack/ca/ERR_INVALID_RESP", "/usr/share/squid-langpack/ca/ERR_INVALID_URL", "/usr/share/squid-langpack/ca/ERR_LIFETIME_EXP", "/usr/share/squid-langpack/ca/ERR_NO_RELAY", "/usr/share/squid-langpack/ca/ERR_ONLY_IF_CACHED_MISS", "/usr/share/squid-langpack/ca/ERR_PRECONDITION_FAILED", "/usr/share/squid-langpack/ca/ERR_PROTOCOL_UNKNOWN", "/usr/share/squid-langpack/ca/ERR_READ_ERROR", "/usr/share/squid-langpack/ca/ERR_READ_TIMEOUT", "/usr/share/squid-langpack/ca/ERR_SECURE_CONNECT_FAIL", "/usr/share/squid-langpack/ca/ERR_SHUTTING_DOWN", "/usr/share/squid-langpack/ca/ERR_SOCKET_FAILURE", "/usr/share/squid-langpack/ca/ERR_TOO_BIG", "/usr/share/squid-langpack/ca/ERR_UNSUP_HTTPVERSION", "/usr/share/squid-langpack/ca/ERR_UNSUP_REQ", "/usr/share/squid-langpack/ca/ERR_URN_RESOLVE", "/usr/share/squid-langpack/ca/ERR_WRITE_ERROR", "/usr/share/squid-langpack/ca/ERR_ZERO_SIZE_OBJECT", "/usr/share/squid-langpack/ca/error-details.txt", "/usr/share/squid-langpack/cs/ERR_ACCESS_DENIED", "/usr/share/squid-langpack/cs/ERR_ACL_TIME_QUOTA_EXCEEDED", "/usr/share/squid-langpack/cs/ERR_AGENT_CONFIGURE", "/usr/share/squid-langpack/cs/ERR_AGENT_WPAD", "/usr/share/squid-langpack/cs/ERR_CACHE_ACCESS_DENIED", "/usr/share/squid-langpack/cs/ERR_CACHE_MGR_ACCESS_DENIED", "/usr/share/squid-langpack/cs/ERR_CANNOT_FORWARD", "/usr/share/squid-langpack/cs/ERR_CONFLICT_HOST", "/usr/share/squid-langpack/cs/ERR_CONNECT_FAIL", "/usr/share/squid-langpack/cs/ERR_DIR_LISTING", "/usr/share/squid-langpack/cs/ERR_DNS_FAIL", "/usr/share/squid-langpack/cs/ERR_ESI", "/usr/share/squid-langpack/cs/ERR_FORWARDING_DENIED", "/usr/share/squid-langpack/cs/ERR_FTP_DISABLED", "/usr/share/squid-langpack/cs/ERR_FTP_FAILURE", "/usr/share/squid-langpack/cs/ERR_FTP_FORBIDDEN", "/usr/share/squid-langpack/cs/ERR_FTP_NOT_FOUND", "/usr/share/squid-langpack/cs/ERR_FTP_PUT_CREATED", "/usr/share/squid-langpack/cs/ERR_FTP_PUT_ERROR", "/usr/share/squid-langpack/cs/ERR_FTP_PUT_MODIFIED", "/usr/share/squid-langpack/cs/ERR_FTP_UNAVAILABLE", "/usr/share/squid-langpack/cs/ERR_GATEWAY_FAILURE", "/usr/share/squid-langpack/cs/ERR_ICAP_FAILURE", "/usr/share/squid-langpack/cs/ERR_INVALID_REQ", "/usr/share/squid-langpack/cs/ERR_INVALID_RESP", "/usr/share/squid-langpack/cs/ERR_INVALID_URL", "/usr/share/squid-langpack/cs/ERR_LIFETIME_EXP", "/usr/share/squid-langpack/cs/ERR_NO_RELAY", "/usr/share/squid-langpack/cs/ERR_ONLY_IF_CACHED_MISS", "/usr/share/squid-langpack/cs/ERR_PRECONDITION_FAILED", "/usr/share/squid-langpack/cs/ERR_PROTOCOL_UNKNOWN", "/usr/share/squid-langpack/cs/ERR_READ_ERROR", "/usr/share/squid-langpack/cs/ERR_READ_TIMEOUT", "/usr/share/squid-langpack/cs/ERR_SECURE_CONNECT_FAIL", "/usr/share/squid-langpack/cs/ERR_SHUTTING_DOWN", "/usr/share/squid-langpack/cs/ERR_SOCKET_FAILURE", "/usr/share/squid-langpack/cs/ERR_TOO_BIG", "/usr/share/squid-langpack/cs/ERR_UNSUP_HTTPVERSION", "/usr/share/squid-langpack/cs/ERR_UNSUP_REQ", "/usr/share/squid-langpack/cs/ERR_URN_RESOLVE", "/usr/share/squid-langpack/cs/ERR_WRITE_ERROR", "/usr/share/squid-langpack/cs/ERR_ZERO_SIZE_OBJECT", "/usr/share/squid-langpack/cs/error-details.txt", "/usr/share/squid-langpack/da/ERR_ACCESS_DENIED", "/usr/share/squid-langpack/da/ERR_ACL_TIME_QUOTA_EXCEEDED", "/usr/share/squid-langpack/da/ERR_AGENT_CONFIGURE", "/usr/share/squid-langpack/da/ERR_AGENT_WPAD", "/usr/share/squid-langpack/da/ERR_CACHE_ACCESS_DENIED", "/usr/share/squid-langpack/da/ERR_CACHE_MGR_ACCESS_DENIED", "/usr/share/squid-langpack/da/ERR_CANNOT_FORWARD", "/usr/share/squid-langpack/da/ERR_CONFLICT_HOST", "/usr/share/squid-langpack/da/ERR_CONNECT_FAIL", "/usr/share/squid-langpack/da/ERR_DIR_LISTING", "/usr/share/squid-langpack/da/ERR_DNS_FAIL", "/usr/share/squid-langpack/da/ERR_ESI", "/usr/share/squid-langpack/da/ERR_FORWARDING_DENIED", "/usr/share/squid-langpack/da/ERR_FTP_DISABLED", "/usr/share/squid-langpack/da/ERR_FTP_FAILURE", "/usr/share/squid-langpack/da/ERR_FTP_FORBIDDEN", "/usr/share/squid-langpack/da/ERR_FTP_NOT_FOUND", "/usr/share/squid-langpack/da/ERR_FTP_PUT_CREATED", "/usr/share/squid-langpack/da/ERR_FTP_PUT_ERROR", "/usr/share/squid-langpack/da/ERR_FTP_PUT_MODIFIED", "/usr/share/squid-langpack/da/ERR_FTP_UNAVAILABLE", "/usr/share/squid-langpack/da/ERR_GATEWAY_FAILURE", "/usr/share/squid-langpack/da/ERR_ICAP_FAILURE", "/usr/share/squid-langpack/da/ERR_INVALID_REQ", "/usr/share/squid-langpack/da/ERR_INVALID_RESP", "/usr/share/squid-langpack/da/ERR_INVALID_URL", "/usr/share/squid-langpack/da/ERR_LIFETIME_EXP", "/usr/share/squid-langpack/da/ERR_NO_RELAY", "/usr/share/squid-langpack/da/ERR_ONLY_IF_CACHED_MISS", "/usr/share/squid-langpack/da/ERR_PRECONDITION_FAILED", "/usr/share/squid-langpack/da/ERR_PROTOCOL_UNKNOWN", "/usr/share/squid-langpack/da/ERR_READ_ERROR", "/usr/share/squid-langpack/da/ERR_READ_TIMEOUT", "/usr/share/squid-langpack/da/ERR_SECURE_CONNECT_FAIL", "/usr/share/squid-langpack/da/ERR_SHUTTING_DOWN", "/usr/share/squid-langpack/da/ERR_SOCKET_FAILURE", "/usr/share/squid-langpack/da/ERR_TOO_BIG", "/usr/share/squid-langpack/da/ERR_UNSUP_HTTPVERSION", "/usr/share/squid-langpack/da/ERR_UNSUP_REQ", "/usr/share/squid-langpack/da/ERR_URN_RESOLVE", "/usr/share/squid-langpack/da/ERR_WRITE_ERROR", "/usr/share/squid-langpack/da/ERR_ZERO_SIZE_OBJECT", "/usr/share/squid-langpack/da/error-details.txt", "/usr/share/squid-langpack/de/ERR_ACCESS_DENIED", "/usr/share/squid-langpack/de/ERR_ACL_TIME_QUOTA_EXCEEDED", "/usr/share/squid-langpack/de/ERR_AGENT_CONFIGURE", "/usr/share/squid-langpack/de/ERR_AGENT_WPAD", "/usr/share/squid-langpack/de/ERR_CACHE_ACCESS_DENIED", "/usr/share/squid-langpack/de/ERR_CACHE_MGR_ACCESS_DENIED", "/usr/share/squid-langpack/de/ERR_CANNOT_FORWARD", "/usr/share/squid-langpack/de/ERR_CONFLICT_HOST", "/usr/share/squid-langpack/de/ERR_CONNECT_FAIL", "/usr/share/squid-langpack/de/ERR_DIR_LISTING", "/usr/share/squid-langpack/de/ERR_DNS_FAIL", "/usr/share/squid-langpack/de/ERR_ESI", "/usr/share/squid-langpack/de/ERR_FORWARDING_DENIED", "/usr/share/squid-langpack/de/ERR_FTP_DISABLED", "/usr/share/squid-langpack/de/ERR_FTP_FAILURE", "/usr/share/squid-langpack/de/ERR_FTP_FORBIDDEN", "/usr/share/squid-langpack/de/ERR_FTP_NOT_FOUND", "/usr/share/squid-langpack/de/ERR_FTP_PUT_CREATED", "/usr/share/squid-langpack/de/ERR_FTP_PUT_ERROR", "/usr/share/squid-langpack/de/ERR_FTP_PUT_MODIFIED", "/usr/share/squid-langpack/de/ERR_FTP_UNAVAILABLE", "/usr/share/squid-langpack/de/ERR_GATEWAY_FAILURE", "/usr/share/squid-langpack/de/ERR_ICAP_FAILURE", "/usr/share/squid-langpack/de/ERR_INVALID_REQ", "/usr/share/squid-langpack/de/ERR_INVALID_RESP", "/usr/share/squid-langpack/de/ERR_INVALID_URL", "/usr/share/squid-langpack/de/ERR_LIFETIME_EXP", "/usr/share/squid-langpack/de/ERR_NO_RELAY", "/usr/share/squid-langpack/de/ERR_ONLY_IF_CACHED_MISS", "/usr/share/squid-langpack/de/ERR_PRECONDITION_FAILED", "/usr/share/squid-langpack/de/ERR_PROTOCOL_UNKNOWN", "/usr/share/squid-langpack/de/ERR_READ_ERROR", "/usr/share/squid-langpack/de/ERR_READ_TIMEOUT", "/usr/share/squid-langpack/de/ERR_SECURE_CONNECT_FAIL", "/usr/share/squid-langpack/de/ERR_SHUTTING_DOWN", "/usr/share/squid-langpack/de/ERR_SOCKET_FAILURE", "/usr/share/squid-langpack/de/ERR_TOO_BIG", "/usr/share/squid-langpack/de/ERR_UNSUP_HTTPVERSION", "/usr/share/squid-langpack/de/ERR_UNSUP_REQ", "/usr/share/squid-langpack/de/ERR_URN_RESOLVE", "/usr/share/squid-langpack/de/ERR_WRITE_ERROR", "/usr/share/squid-langpack/de/ERR_ZERO_SIZE_OBJECT", "/usr/share/squid-langpack/de/error-details.txt", "/usr/share/squid-langpack/el/ERR_ACCESS_DENIED", "/usr/share/squid-langpack/el/ERR_ACL_TIME_QUOTA_EXCEEDED", "/usr/share/squid-langpack/el/ERR_AGENT_CONFIGURE", "/usr/share/squid-langpack/el/ERR_AGENT_WPAD", "/usr/share/squid-langpack/el/ERR_CACHE_ACCESS_DENIED", "/usr/share/squid-langpack/el/ERR_CACHE_MGR_ACCESS_DENIED", "/usr/share/squid-langpack/el/ERR_CANNOT_FORWARD", "/usr/share/squid-langpack/el/ERR_CONFLICT_HOST", "/usr/share/squid-langpack/el/ERR_CONNECT_FAIL", "/usr/share/squid-langpack/el/ERR_DIR_LISTING", "/usr/share/squid-langpack/el/ERR_DNS_FAIL", "/usr/share/squid-langpack/el/ERR_ESI", "/usr/share/squid-langpack/el/ERR_FORWARDING_DENIED", "/usr/share/squid-langpack/el/ERR_FTP_DISABLED", "/usr/share/squid-langpack/el/ERR_FTP_FAILURE", "/usr/share/squid-langpack/el/ERR_FTP_FORBIDDEN", "/usr/share/squid-langpack/el/ERR_FTP_NOT_FOUND", "/usr/share/squid-langpack/el/ERR_FTP_PUT_CREATED", "/usr/share/squid-langpack/el/ERR_FTP_PUT_ERROR", "/usr/share/squid-langpack/el/ERR_FTP_PUT_MODIFIED", "/usr/share/squid-langpack/el/ERR_FTP_UNAVAILABLE", "/usr/share/squid-langpack/el/ERR_GATEWAY_FAILURE", "/usr/share/squid-langpack/el/ERR_ICAP_FAILURE", "/usr/share/squid-langpack/el/ERR_INVALID_REQ", "/usr/share/squid-langpack/el/ERR_INVALID_RESP", "/usr/share/squid-langpack/el/ERR_INVALID_URL", "/usr/share/squid-langpack/el/ERR_LIFETIME_EXP", "/usr/share/squid-langpack/el/ERR_NO_RELAY", "/usr/share/squid-langpack/el/ERR_ONLY_IF_CACHED_MISS", "/usr/share/squid-langpack/el/ERR_PRECONDITION_FAILED", "/usr/share/squid-langpack/el/ERR_PROTOCOL_UNKNOWN", "/usr/share/squid-langpack/el/ERR_READ_ERROR", "/usr/share/squid-langpack/el/ERR_READ_TIMEOUT", "/usr/share/squid-langpack/el/ERR_SECURE_CONNECT_FAIL", "/usr/share/squid-langpack/el/ERR_SHUTTING_DOWN", "/usr/share/squid-langpack/el/ERR_SOCKET_FAILURE", "/usr/share/squid-langpack/el/ERR_TOO_BIG", "/usr/share/squid-langpack/el/ERR_UNSUP_HTTPVERSION", "/usr/share/squid-langpack/el/ERR_UNSUP_REQ", "/usr/share/squid-langpack/el/ERR_URN_RESOLVE", "/usr/share/squid-langpack/el/ERR_WRITE_ERROR", "/usr/share/squid-langpack/el/ERR_ZERO_SIZE_OBJECT", "/usr/share/squid-langpack/el/error-details.txt", "/usr/share/squid-langpack/en/ERR_ACCESS_DENIED", "/usr/share/squid-langpack/en/ERR_ACL_TIME_QUOTA_EXCEEDED", "/usr/share/squid-langpack/en/ERR_AGENT_CONFIGURE", "/usr/share/squid-langpack/en/ERR_AGENT_WPAD", "/usr/share/squid-langpack/en/ERR_CACHE_ACCESS_DENIED", "/usr/share/squid-langpack/en/ERR_CACHE_MGR_ACCESS_DENIED", "/usr/share/squid-langpack/en/ERR_CANNOT_FORWARD", "/usr/share/squid-langpack/en/ERR_CONFLICT_HOST", "/usr/share/squid-langpack/en/ERR_CONNECT_FAIL", "/usr/share/squid-langpack/en/ERR_DIR_LISTING", "/usr/share/squid-langpack/en/ERR_DNS_FAIL", "/usr/share/squid-langpack/en/ERR_ESI", "/usr/share/squid-langpack/en/ERR_FORWARDING_DENIED", "/usr/share/squid-langpack/en/ERR_FTP_DISABLED", "/usr/share/squid-langpack/en/ERR_FTP_FAILURE", "/usr/share/squid-langpack/en/ERR_FTP_FORBIDDEN", "/usr/share/squid-langpack/en/ERR_FTP_NOT_FOUND", "/usr/share/squid-langpack/en/ERR_FTP_PUT_CREATED", "/usr/share/squid-langpack/en/ERR_FTP_PUT_ERROR", "/usr/share/squid-langpack/en/ERR_FTP_PUT_MODIFIED", "/usr/share/squid-langpack/en/ERR_FTP_UNAVAILABLE", "/usr/share/squid-langpack/en/ERR_GATEWAY_FAILURE", "/usr/share/squid-langpack/en/ERR_ICAP_FAILURE", "/usr/share/squid-langpack/en/ERR_INVALID_REQ", "/usr/share/squid-langpack/en/ERR_INVALID_RESP", "/usr/share/squid-langpack/en/ERR_INVALID_URL", "/usr/share/squid-langpack/en/ERR_LIFETIME_EXP", "/usr/share/squid-langpack/en/ERR_NO_RELAY", "/usr/share/squid-langpack/en/ERR_ONLY_IF_CACHED_MISS", "/usr/share/squid-langpack/en/ERR_PRECONDITION_FAILED", "/usr/share/squid-langpack/en/ERR_PROTOCOL_UNKNOWN", "/usr/share/squid-langpack/en/ERR_READ_ERROR", "/usr/share/squid-langpack/en/ERR_READ_TIMEOUT", "/usr/share/squid-langpack/en/ERR_SECURE_CONNECT_FAIL", "/usr/share/squid-langpack/en/ERR_SHUTTING_DOWN", "/usr/share/squid-langpack/en/ERR_SOCKET_FAILURE", "/usr/share/squid-langpack/en/ERR_TOO_BIG", "/usr/share/squid-langpack/en/ERR_UNSUP_HTTPVERSION", "/usr/share/squid-langpack/en/ERR_UNSUP_REQ", "/usr/share/squid-langpack/en/ERR_URN_RESOLVE", "/usr/share/squid-langpack/en/ERR_WRITE_ERROR", "/usr/share/squid-langpack/en/ERR_ZERO_SIZE_OBJECT", "/usr/share/squid-langpack/en/error-details.txt", "/usr/share/squid-langpack/es/ERR_ACCESS_DENIED", "/usr/share/squid-langpack/es/ERR_ACL_TIME_QUOTA_EXCEEDED", "/usr/share/squid-langpack/es/ERR_AGENT_CONFIGURE", "/usr/share/squid-langpack/es/ERR_AGENT_WPAD", "/usr/share/squid-langpack/es/ERR_CACHE_ACCESS_DENIED", "/usr/share/squid-langpack/es/ERR_CACHE_MGR_ACCESS_DENIED", "/usr/share/squid-langpack/es/ERR_CANNOT_FORWARD", "/usr/share/squid-langpack/es/ERR_CONFLICT_HOST", "/usr/share/squid-langpack/es/ERR_CONNECT_FAIL", "/usr/share/squid-langpack/es/ERR_DIR_LISTING", "/usr/share/squid-langpack/es/ERR_DNS_FAIL", "/usr/share/squid-langpack/es/ERR_ESI", "/usr/share/squid-langpack/es/ERR_FORWARDING_DENIED", "/usr/share/squid-langpack/es/ERR_FTP_DISABLED", "/usr/share/squid-langpack/es/ERR_FTP_FAILURE", "/usr/share/squid-langpack/es/ERR_FTP_FORBIDDEN", "/usr/share/squid-langpack/es/ERR_FTP_NOT_FOUND", "/usr/share/squid-langpack/es/ERR_FTP_PUT_CREATED", "/usr/share/squid-langpack/es/ERR_FTP_PUT_ERROR", "/usr/share/squid-langpack/es/ERR_FTP_PUT_MODIFIED", "/usr/share/squid-langpack/es/ERR_FTP_UNAVAILABLE", "/usr/share/squid-langpack/es/ERR_GATEWAY_FAILURE", "/usr/share/squid-langpack/es/ERR_ICAP_FAILURE", "/usr/share/squid-langpack/es/ERR_INVALID_REQ", "/usr/share/squid-langpack/es/ERR_INVALID_RESP", "/usr/share/squid-langpack/es/ERR_INVALID_URL", "/usr/share/squid-langpack/es/ERR_LIFETIME_EXP", "/usr/share/squid-langpack/es/ERR_NO_RELAY", "/usr/share/squid-langpack/es/ERR_ONLY_IF_CACHED_MISS", "/usr/share/squid-langpack/es/ERR_PRECONDITION_FAILED", "/usr/share/squid-langpack/es/ERR_PROTOCOL_UNKNOWN", "/usr/share/squid-langpack/es/ERR_READ_ERROR", "/usr/share/squid-langpack/es/ERR_READ_TIMEOUT", "/usr/share/squid-langpack/es/ERR_SECURE_CONNECT_FAIL", "/usr/share/squid-langpack/es/ERR_SHUTTING_DOWN", "/usr/share/squid-langpack/es/ERR_SOCKET_FAILURE", "/usr/share/squid-langpack/es/ERR_TOO_BIG", "/usr/share/squid-langpack/es/ERR_UNSUP_HTTPVERSION", "/usr/share/squid-langpack/es/ERR_UNSUP_REQ", "/usr/share/squid-langpack/es/ERR_URN_RESOLVE", "/usr/share/squid-langpack/es/ERR_WRITE_ERROR", "/usr/share/squid-langpack/es/ERR_ZERO_SIZE_OBJECT", "/usr/share/squid-langpack/es/error-details.txt", "/usr/share/squid-langpack/et/ERR_ACCESS_DENIED", "/usr/share/squid-langpack/et/ERR_ACL_TIME_QUOTA_EXCEEDED", "/usr/share/squid-langpack/et/ERR_AGENT_CONFIGURE", "/usr/share/squid-langpack/et/ERR_AGENT_WPAD", "/usr/share/squid-langpack/et/ERR_CACHE_ACCESS_DENIED", "/usr/share/squid-langpack/et/ERR_CACHE_MGR_ACCESS_DENIED", "/usr/share/squid-langpack/et/ERR_CANNOT_FORWARD", "/usr/share/squid-langpack/et/ERR_CONFLICT_HOST", "/usr/share/squid-langpack/et/ERR_CONNECT_FAIL", "/usr/share/squid-langpack/et/ERR_DIR_LISTING", "/usr/share/squid-langpack/et/ERR_DNS_FAIL", "/usr/share/squid-langpack/et/ERR_ESI", "/usr/share/squid-langpack/et/ERR_FORWARDING_DENIED", "/usr/share/squid-langpack/et/ERR_FTP_DISABLED", "/usr/share/squid-langpack/et/ERR_FTP_FAILURE", "/usr/share/squid-langpack/et/ERR_FTP_FORBIDDEN", "/usr/share/squid-langpack/et/ERR_FTP_NOT_FOUND", "/usr/share/squid-langpack/et/ERR_FTP_PUT_CREATED", "/usr/share/squid-langpack/et/ERR_FTP_PUT_ERROR", "/usr/share/squid-langpack/et/ERR_FTP_PUT_MODIFIED", "/usr/share/squid-langpack/et/ERR_FTP_UNAVAILABLE", "/usr/share/squid-langpack/et/ERR_GATEWAY_FAILURE", "/usr/share/squid-langpack/et/ERR_ICAP_FAILURE", "/usr/share/squid-langpack/et/ERR_INVALID_REQ", "/usr/share/squid-langpack/et/ERR_INVALID_RESP", "/usr/share/squid-langpack/et/ERR_INVALID_URL", "/usr/share/squid-langpack/et/ERR_LIFETIME_EXP", "/usr/share/squid-langpack/et/ERR_NO_RELAY", "/usr/share/squid-langpack/et/ERR_ONLY_IF_CACHED_MISS", "/usr/share/squid-langpack/et/ERR_PRECONDITION_FAILED", "/usr/share/squid-langpack/et/ERR_PROTOCOL_UNKNOWN", "/usr/share/squid-langpack/et/ERR_READ_ERROR", "/usr/share/squid-langpack/et/ERR_READ_TIMEOUT", "/usr/share/squid-langpack/et/ERR_SECURE_CONNECT_FAIL", "/usr/share/squid-langpack/et/ERR_SHUTTING_DOWN", "/usr/share/squid-langpack/et/ERR_SOCKET_FAILURE", "/usr/share/squid-langpack/et/ERR_TOO_BIG", "/usr/share/squid-langpack/et/ERR_UNSUP_HTTPVERSION", "/usr/share/squid-langpack/et/ERR_UNSUP_REQ", "/usr/share/squid-langpack/et/ERR_URN_RESOLVE", "/usr/share/squid-langpack/et/ERR_WRITE_ERROR", "/usr/share/squid-langpack/et/ERR_ZERO_SIZE_OBJECT", "/usr/share/squid-langpack/et/error-details.txt", "/usr/share/squid-langpack/fa/ERR_ACCESS_DENIED", "/usr/share/squid-langpack/fa/ERR_ACL_TIME_QUOTA_EXCEEDED", "/usr/share/squid-langpack/fa/ERR_AGENT_CONFIGURE", "/usr/share/squid-langpack/fa/ERR_AGENT_WPAD", "/usr/share/squid-langpack/fa/ERR_CACHE_ACCESS_DENIED", "/usr/share/squid-langpack/fa/ERR_CACHE_MGR_ACCESS_DENIED", "/usr/share/squid-langpack/fa/ERR_CANNOT_FORWARD", "/usr/share/squid-langpack/fa/ERR_CONFLICT_HOST", "/usr/share/squid-langpack/fa/ERR_CONNECT_FAIL", "/usr/share/squid-langpack/fa/ERR_DIR_LISTING", "/usr/share/squid-langpack/fa/ERR_DNS_FAIL", "/usr/share/squid-langpack/fa/ERR_ESI", "/usr/share/squid-langpack/fa/ERR_FORWARDING_DENIED", "/usr/share/squid-langpack/fa/ERR_FTP_DISABLED", "/usr/share/squid-langpack/fa/ERR_FTP_FAILURE", "/usr/share/squid-langpack/fa/ERR_FTP_FORBIDDEN", "/usr/share/squid-langpack/fa/ERR_FTP_NOT_FOUND", "/usr/share/squid-langpack/fa/ERR_FTP_PUT_CREATED", "/usr/share/squid-langpack/fa/ERR_FTP_PUT_ERROR", "/usr/share/squid-langpack/fa/ERR_FTP_PUT_MODIFIED", "/usr/share/squid-langpack/fa/ERR_FTP_UNAVAILABLE", "/usr/share/squid-langpack/fa/ERR_GATEWAY_FAILURE", "/usr/share/squid-langpack/fa/ERR_ICAP_FAILURE", "/usr/share/squid-langpack/fa/ERR_INVALID_REQ", "/usr/share/squid-langpack/fa/ERR_INVALID_RESP", "/usr/share/squid-langpack/fa/ERR_INVALID_URL", "/usr/share/squid-langpack/fa/ERR_LIFETIME_EXP", "/usr/share/squid-langpack/fa/ERR_NO_RELAY", "/usr/share/squid-langpack/fa/ERR_ONLY_IF_CACHED_MISS", "/usr/share/squid-langpack/fa/ERR_PRECONDITION_FAILED", "/usr/share/squid-langpack/fa/ERR_PROTOCOL_UNKNOWN", "/usr/share/squid-langpack/fa/ERR_READ_ERROR", "/usr/share/squid-langpack/fa/ERR_READ_TIMEOUT", "/usr/share/squid-langpack/fa/ERR_SECURE_CONNECT_FAIL", "/usr/share/squid-langpack/fa/ERR_SHUTTING_DOWN", "/usr/share/squid-langpack/fa/ERR_SOCKET_FAILURE", "/usr/share/squid-langpack/fa/ERR_TOO_BIG", "/usr/share/squid-langpack/fa/ERR_UNSUP_HTTPVERSION", "/usr/share/squid-langpack/fa/ERR_UNSUP_REQ", "/usr/share/squid-langpack/fa/ERR_URN_RESOLVE", "/usr/share/squid-langpack/fa/ERR_WRITE_ERROR", "/usr/share/squid-langpack/fa/ERR_ZERO_SIZE_OBJECT", "/usr/share/squid-langpack/fa/error-details.txt", "/usr/share/squid-langpack/fi/ERR_ACCESS_DENIED", "/usr/share/squid-langpack/fi/ERR_ACL_TIME_QUOTA_EXCEEDED", "/usr/share/squid-langpack/fi/ERR_AGENT_CONFIGURE", "/usr/share/squid-langpack/fi/ERR_AGENT_WPAD", "/usr/share/squid-langpack/fi/ERR_CACHE_ACCESS_DENIED", "/usr/share/squid-langpack/fi/ERR_CACHE_MGR_ACCESS_DENIED", "/usr/share/squid-langpack/fi/ERR_CANNOT_FORWARD", "/usr/share/squid-langpack/fi/ERR_CONFLICT_HOST", "/usr/share/squid-langpack/fi/ERR_CONNECT_FAIL", "/usr/share/squid-langpack/fi/ERR_DIR_LISTING", "/usr/share/squid-langpack/fi/ERR_DNS_FAIL", "/usr/share/squid-langpack/fi/ERR_ESI", "/usr/share/squid-langpack/fi/ERR_FORWARDING_DENIED", "/usr/share/squid-langpack/fi/ERR_FTP_DISABLED", "/usr/share/squid-langpack/fi/ERR_FTP_FAILURE", "/usr/share/squid-langpack/fi/ERR_FTP_FORBIDDEN", "/usr/share/squid-langpack/fi/ERR_FTP_NOT_FOUND", "/usr/share/squid-langpack/fi/ERR_FTP_PUT_CREATED", "/usr/share/squid-langpack/fi/ERR_FTP_PUT_ERROR", "/usr/share/squid-langpack/fi/ERR_FTP_PUT_MODIFIED", "/usr/share/squid-langpack/fi/ERR_FTP_UNAVAILABLE", "/usr/share/squid-langpack/fi/ERR_GATEWAY_FAILURE", "/usr/share/squid-langpack/fi/ERR_ICAP_FAILURE", "/usr/share/squid-langpack/fi/ERR_INVALID_REQ", "/usr/share/squid-langpack/fi/ERR_INVALID_RESP", "/usr/share/squid-langpack/fi/ERR_INVALID_URL", "/usr/share/squid-langpack/fi/ERR_LIFETIME_EXP", "/usr/share/squid-langpack/fi/ERR_NO_RELAY", "/usr/share/squid-langpack/fi/ERR_ONLY_IF_CACHED_MISS", "/usr/share/squid-langpack/fi/ERR_PRECONDITION_FAILED", "/usr/share/squid-langpack/fi/ERR_PROTOCOL_UNKNOWN", "/usr/share/squid-langpack/fi/ERR_READ_ERROR", "/usr/share/squid-langpack/fi/ERR_READ_TIMEOUT", "/usr/share/squid-langpack/fi/ERR_SECURE_CONNECT_FAIL", "/usr/share/squid-langpack/fi/ERR_SHUTTING_DOWN", "/usr/share/squid-langpack/fi/ERR_SOCKET_FAILURE", "/usr/share/squid-langpack/fi/ERR_TOO_BIG", "/usr/share/squid-langpack/fi/ERR_UNSUP_HTTPVERSION", "/usr/share/squid-langpack/fi/ERR_UNSUP_REQ", "/usr/share/squid-langpack/fi/ERR_URN_RESOLVE", "/usr/share/squid-langpack/fi/ERR_WRITE_ERROR", "/usr/share/squid-langpack/fi/ERR_ZERO_SIZE_OBJECT", "/usr/share/squid-langpack/fi/error-details.txt", "/usr/share/squid-langpack/fr/ERR_ACCESS_DENIED", "/usr/share/squid-langpack/fr/ERR_ACL_TIME_QUOTA_EXCEEDED", "/usr/share/squid-langpack/fr/ERR_AGENT_CONFIGURE", "/usr/share/squid-langpack/fr/ERR_AGENT_WPAD", "/usr/share/squid-langpack/fr/ERR_CACHE_ACCESS_DENIED", "/usr/share/squid-langpack/fr/ERR_CACHE_MGR_ACCESS_DENIED", "/usr/share/squid-langpack/fr/ERR_CANNOT_FORWARD", "/usr/share/squid-langpack/fr/ERR_CONFLICT_HOST", "/usr/share/squid-langpack/fr/ERR_CONNECT_FAIL", "/usr/share/squid-langpack/fr/ERR_DIR_LISTING", "/usr/share/squid-langpack/fr/ERR_DNS_FAIL", "/usr/share/squid-langpack/fr/ERR_ESI", "/usr/share/squid-langpack/fr/ERR_FORWARDING_DENIED", "/usr/share/squid-langpack/fr/ERR_FTP_DISABLED", "/usr/share/squid-langpack/fr/ERR_FTP_FAILURE", "/usr/share/squid-langpack/fr/ERR_FTP_FORBIDDEN", "/usr/share/squid-langpack/fr/ERR_FTP_NOT_FOUND", "/usr/share/squid-langpack/fr/ERR_FTP_PUT_CREATED", "/usr/share/squid-langpack/fr/ERR_FTP_PUT_ERROR", "/usr/share/squid-langpack/fr/ERR_FTP_PUT_MODIFIED", "/usr/share/squid-langpack/fr/ERR_FTP_UNAVAILABLE", "/usr/share/squid-langpack/fr/ERR_GATEWAY_FAILURE", "/usr/share/squid-langpack/fr/ERR_ICAP_FAILURE", "/usr/share/squid-langpack/fr/ERR_INVALID_REQ", "/usr/share/squid-langpack/fr/ERR_INVALID_RESP", "/usr/share/squid-langpack/fr/ERR_INVALID_URL", "/usr/share/squid-langpack/fr/ERR_LIFETIME_EXP", "/usr/share/squid-langpack/fr/ERR_NO_RELAY", "/usr/share/squid-langpack/fr/ERR_ONLY_IF_CACHED_MISS", "/usr/share/squid-langpack/fr/ERR_PRECONDITION_FAILED", "/usr/share/squid-langpack/fr/ERR_PROTOCOL_UNKNOWN", "/usr/share/squid-langpack/fr/ERR_READ_ERROR", "/usr/share/squid-langpack/fr/ERR_READ_TIMEOUT", "/usr/share/squid-langpack/fr/ERR_SECURE_CONNECT_FAIL", "/usr/share/squid-langpack/fr/ERR_SHUTTING_DOWN", "/usr/share/squid-langpack/fr/ERR_SOCKET_FAILURE", "/usr/share/squid-langpack/fr/ERR_TOO_BIG", "/usr/share/squid-langpack/fr/ERR_UNSUP_HTTPVERSION", "/usr/share/squid-langpack/fr/ERR_UNSUP_REQ", "/usr/share/squid-langpack/fr/ERR_URN_RESOLVE", "/usr/share/squid-langpack/fr/ERR_WRITE_ERROR", "/usr/share/squid-langpack/fr/ERR_ZERO_SIZE_OBJECT", "/usr/share/squid-langpack/fr/error-details.txt", "/usr/share/squid-langpack/he/ERR_ACCESS_DENIED", "/usr/share/squid-langpack/he/ERR_ACL_TIME_QUOTA_EXCEEDED", "/usr/share/squid-langpack/he/ERR_AGENT_CONFIGURE", "/usr/share/squid-langpack/he/ERR_AGENT_WPAD", "/usr/share/squid-langpack/he/ERR_CACHE_ACCESS_DENIED", "/usr/share/squid-langpack/he/ERR_CACHE_MGR_ACCESS_DENIED", "/usr/share/squid-langpack/he/ERR_CANNOT_FORWARD", "/usr/share/squid-langpack/he/ERR_CONFLICT_HOST", "/usr/share/squid-langpack/he/ERR_CONNECT_FAIL", "/usr/share/squid-langpack/he/ERR_DIR_LISTING", "/usr/share/squid-langpack/he/ERR_DNS_FAIL", "/usr/share/squid-langpack/he/ERR_ESI", "/usr/share/squid-langpack/he/ERR_FORWARDING_DENIED", "/usr/share/squid-langpack/he/ERR_FTP_DISABLED", "/usr/share/squid-langpack/he/ERR_FTP_FAILURE", "/usr/share/squid-langpack/he/ERR_FTP_FORBIDDEN", "/usr/share/squid-langpack/he/ERR_FTP_NOT_FOUND", "/usr/share/squid-langpack/he/ERR_FTP_PUT_CREATED", "/usr/share/squid-langpack/he/ERR_FTP_PUT_ERROR", "/usr/share/squid-langpack/he/ERR_FTP_PUT_MODIFIED", "/usr/share/squid-langpack/he/ERR_FTP_UNAVAILABLE", "/usr/share/squid-langpack/he/ERR_GATEWAY_FAILURE", "/usr/share/squid-langpack/he/ERR_ICAP_FAILURE", "/usr/share/squid-langpack/he/ERR_INVALID_REQ", "/usr/share/squid-langpack/he/ERR_INVALID_RESP", "/usr/share/squid-langpack/he/ERR_INVALID_URL", "/usr/share/squid-langpack/he/ERR_LIFETIME_EXP", "/usr/share/squid-langpack/he/ERR_NO_RELAY", "/usr/share/squid-langpack/he/ERR_ONLY_IF_CACHED_MISS", "/usr/share/squid-langpack/he/ERR_PRECONDITION_FAILED", "/usr/share/squid-langpack/he/ERR_PROTOCOL_UNKNOWN", "/usr/share/squid-langpack/he/ERR_READ_ERROR", "/usr/share/squid-langpack/he/ERR_READ_TIMEOUT", "/usr/share/squid-langpack/he/ERR_SECURE_CONNECT_FAIL", "/usr/share/squid-langpack/he/ERR_SHUTTING_DOWN", "/usr/share/squid-langpack/he/ERR_SOCKET_FAILURE", "/usr/share/squid-langpack/he/ERR_TOO_BIG", "/usr/share/squid-langpack/he/ERR_UNSUP_HTTPVERSION", "/usr/share/squid-langpack/he/ERR_UNSUP_REQ", "/usr/share/squid-langpack/he/ERR_URN_RESOLVE", "/usr/share/squid-langpack/he/ERR_WRITE_ERROR", "/usr/share/squid-langpack/he/ERR_ZERO_SIZE_OBJECT", "/usr/share/squid-langpack/he/error-details.txt", "/usr/share/squid-langpack/hu/ERR_ACCESS_DENIED", "/usr/share/squid-langpack/hu/ERR_ACL_TIME_QUOTA_EXCEEDED", "/usr/share/squid-langpack/hu/ERR_AGENT_CONFIGURE", "/usr/share/squid-langpack/hu/ERR_AGENT_WPAD", "/usr/share/squid-langpack/hu/ERR_CACHE_ACCESS_DENIED", "/usr/share/squid-langpack/hu/ERR_CACHE_MGR_ACCESS_DENIED", "/usr/share/squid-langpack/hu/ERR_CANNOT_FORWARD", "/usr/share/squid-langpack/hu/ERR_CONFLICT_HOST", "/usr/share/squid-langpack/hu/ERR_CONNECT_FAIL", "/usr/share/squid-langpack/hu/ERR_DIR_LISTING", "/usr/share/squid-langpack/hu/ERR_DNS_FAIL", "/usr/share/squid-langpack/hu/ERR_ESI", "/usr/share/squid-langpack/hu/ERR_FORWARDING_DENIED", "/usr/share/squid-langpack/hu/ERR_FTP_DISABLED", "/usr/share/squid-langpack/hu/ERR_FTP_FAILURE", "/usr/share/squid-langpack/hu/ERR_FTP_FORBIDDEN", "/usr/share/squid-langpack/hu/ERR_FTP_NOT_FOUND", "/usr/share/squid-langpack/hu/ERR_FTP_PUT_CREATED", "/usr/share/squid-langpack/hu/ERR_FTP_PUT_ERROR", "/usr/share/squid-langpack/hu/ERR_FTP_PUT_MODIFIED", "/usr/share/squid-langpack/hu/ERR_FTP_UNAVAILABLE", "/usr/share/squid-langpack/hu/ERR_GATEWAY_FAILURE", "/usr/share/squid-langpack/hu/ERR_ICAP_FAILURE", "/usr/share/squid-langpack/hu/ERR_INVALID_REQ", "/usr/share/squid-langpack/hu/ERR_INVALID_RESP", "/usr/share/squid-langpack/hu/ERR_INVALID_URL", "/usr/share/squid-langpack/hu/ERR_LIFETIME_EXP", "/usr/share/squid-langpack/hu/ERR_NO_RELAY", "/usr/share/squid-langpack/hu/ERR_ONLY_IF_CACHED_MISS", "/usr/share/squid-langpack/hu/ERR_PRECONDITION_FAILED", "/usr/share/squid-langpack/hu/ERR_PROTOCOL_UNKNOWN", "/usr/share/squid-langpack/hu/ERR_READ_ERROR", "/usr/share/squid-langpack/hu/ERR_READ_TIMEOUT", "/usr/share/squid-langpack/hu/ERR_SECURE_CONNECT_FAIL", "/usr/share/squid-langpack/hu/ERR_SHUTTING_DOWN", "/usr/share/squid-langpack/hu/ERR_SOCKET_FAILURE", "/usr/share/squid-langpack/hu/ERR_TOO_BIG", "/usr/share/squid-langpack/hu/ERR_UNSUP_HTTPVERSION", "/usr/share/squid-langpack/hu/ERR_UNSUP_REQ", "/usr/share/squid-langpack/hu/ERR_URN_RESOLVE", "/usr/share/squid-langpack/hu/ERR_WRITE_ERROR", "/usr/share/squid-langpack/hu/ERR_ZERO_SIZE_OBJECT", "/usr/share/squid-langpack/hu/error-details.txt", "/usr/share/squid-langpack/hy/ERR_ACCESS_DENIED", "/usr/share/squid-langpack/hy/ERR_ACL_TIME_QUOTA_EXCEEDED", "/usr/share/squid-langpack/hy/ERR_AGENT_CONFIGURE", "/usr/share/squid-langpack/hy/ERR_AGENT_WPAD", "/usr/share/squid-langpack/hy/ERR_CACHE_ACCESS_DENIED", "/usr/share/squid-langpack/hy/ERR_CACHE_MGR_ACCESS_DENIED", "/usr/share/squid-langpack/hy/ERR_CANNOT_FORWARD", "/usr/share/squid-langpack/hy/ERR_CONFLICT_HOST", "/usr/share/squid-langpack/hy/ERR_CONNECT_FAIL", "/usr/share/squid-langpack/hy/ERR_DIR_LISTING", "/usr/share/squid-langpack/hy/ERR_DNS_FAIL", "/usr/share/squid-langpack/hy/ERR_ESI", "/usr/share/squid-langpack/hy/ERR_FORWARDING_DENIED", "/usr/share/squid-langpack/hy/ERR_FTP_DISABLED", "/usr/share/squid-langpack/hy/ERR_FTP_FAILURE", "/usr/share/squid-langpack/hy/ERR_FTP_FORBIDDEN", "/usr/share/squid-langpack/hy/ERR_FTP_NOT_FOUND", "/usr/share/squid-langpack/hy/ERR_FTP_PUT_CREATED", "/usr/share/squid-langpack/hy/ERR_FTP_PUT_ERROR", "/usr/share/squid-langpack/hy/ERR_FTP_PUT_MODIFIED", "/usr/share/squid-langpack/hy/ERR_FTP_UNAVAILABLE", "/usr/share/squid-langpack/hy/ERR_GATEWAY_FAILURE", "/usr/share/squid-langpack/hy/ERR_ICAP_FAILURE", "/usr/share/squid-langpack/hy/ERR_INVALID_REQ", "/usr/share/squid-langpack/hy/ERR_INVALID_RESP", "/usr/share/squid-langpack/hy/ERR_INVALID_URL", "/usr/share/squid-langpack/hy/ERR_LIFETIME_EXP", "/usr/share/squid-langpack/hy/ERR_NO_RELAY", "/usr/share/squid-langpack/hy/ERR_ONLY_IF_CACHED_MISS", "/usr/share/squid-langpack/hy/ERR_PRECONDITION_FAILED", "/usr/share/squid-langpack/hy/ERR_PROTOCOL_UNKNOWN", "/usr/share/squid-langpack/hy/ERR_READ_ERROR", "/usr/share/squid-langpack/hy/ERR_READ_TIMEOUT", "/usr/share/squid-langpack/hy/ERR_SECURE_CONNECT_FAIL", "/usr/share/squid-langpack/hy/ERR_SHUTTING_DOWN", "/usr/share/squid-langpack/hy/ERR_SOCKET_FAILURE", "/usr/share/squid-langpack/hy/ERR_TOO_BIG", "/usr/share/squid-langpack/hy/ERR_UNSUP_HTTPVERSION", "/usr/share/squid-langpack/hy/ERR_UNSUP_REQ", "/usr/share/squid-langpack/hy/ERR_URN_RESOLVE", "/usr/share/squid-langpack/hy/ERR_WRITE_ERROR", "/usr/share/squid-langpack/hy/ERR_ZERO_SIZE_OBJECT", "/usr/share/squid-langpack/hy/error-details.txt", "/usr/share/squid-langpack/id/ERR_ACCESS_DENIED", "/usr/share/squid-langpack/id/ERR_ACL_TIME_QUOTA_EXCEEDED", "/usr/share/squid-langpack/id/ERR_AGENT_CONFIGURE", "/usr/share/squid-langpack/id/ERR_AGENT_WPAD", "/usr/share/squid-langpack/id/ERR_CACHE_ACCESS_DENIED", "/usr/share/squid-langpack/id/ERR_CACHE_MGR_ACCESS_DENIED", "/usr/share/squid-langpack/id/ERR_CANNOT_FORWARD", "/usr/share/squid-langpack/id/ERR_CONFLICT_HOST", "/usr/share/squid-langpack/id/ERR_CONNECT_FAIL", "/usr/share/squid-langpack/id/ERR_DIR_LISTING", "/usr/share/squid-langpack/id/ERR_DNS_FAIL", "/usr/share/squid-langpack/id/ERR_ESI", "/usr/share/squid-langpack/id/ERR_FORWARDING_DENIED", "/usr/share/squid-langpack/id/ERR_FTP_DISABLED", "/usr/share/squid-langpack/id/ERR_FTP_FAILURE", "/usr/share/squid-langpack/id/ERR_FTP_FORBIDDEN", "/usr/share/squid-langpack/id/ERR_FTP_NOT_FOUND", "/usr/share/squid-langpack/id/ERR_FTP_PUT_CREATED", "/usr/share/squid-langpack/id/ERR_FTP_PUT_ERROR", "/usr/share/squid-langpack/id/ERR_FTP_PUT_MODIFIED", "/usr/share/squid-langpack/id/ERR_FTP_UNAVAILABLE", "/usr/share/squid-langpack/id/ERR_GATEWAY_FAILURE", "/usr/share/squid-langpack/id/ERR_ICAP_FAILURE", "/usr/share/squid-langpack/id/ERR_INVALID_REQ", "/usr/share/squid-langpack/id/ERR_INVALID_RESP", "/usr/share/squid-langpack/id/ERR_INVALID_URL", "/usr/share/squid-langpack/id/ERR_LIFETIME_EXP", "/usr/share/squid-langpack/id/ERR_NO_RELAY", "/usr/share/squid-langpack/id/ERR_ONLY_IF_CACHED_MISS", "/usr/share/squid-langpack/id/ERR_PRECONDITION_FAILED", "/usr/share/squid-langpack/id/ERR_PROTOCOL_UNKNOWN", "/usr/share/squid-langpack/id/ERR_READ_ERROR", "/usr/share/squid-langpack/id/ERR_READ_TIMEOUT", "/usr/share/squid-langpack/id/ERR_SECURE_CONNECT_FAIL", "/usr/share/squid-langpack/id/ERR_SHUTTING_DOWN", "/usr/share/squid-langpack/id/ERR_SOCKET_FAILURE", "/usr/share/squid-langpack/id/ERR_TOO_BIG", "/usr/share/squid-langpack/id/ERR_UNSUP_HTTPVERSION", "/usr/share/squid-langpack/id/ERR_UNSUP_REQ", "/usr/share/squid-langpack/id/ERR_URN_RESOLVE", "/usr/share/squid-langpack/id/ERR_WRITE_ERROR", "/usr/share/squid-langpack/id/ERR_ZERO_SIZE_OBJECT", "/usr/share/squid-langpack/id/error-details.txt", "/usr/share/squid-langpack/it/ERR_ACCESS_DENIED", "/usr/share/squid-langpack/it/ERR_ACL_TIME_QUOTA_EXCEEDED", "/usr/share/squid-langpack/it/ERR_AGENT_CONFIGURE", "/usr/share/squid-langpack/it/ERR_AGENT_WPAD", "/usr/share/squid-langpack/it/ERR_CACHE_ACCESS_DENIED", "/usr/share/squid-langpack/it/ERR_CACHE_MGR_ACCESS_DENIED", "/usr/share/squid-langpack/it/ERR_CANNOT_FORWARD", "/usr/share/squid-langpack/it/ERR_CONFLICT_HOST", "/usr/share/squid-langpack/it/ERR_CONNECT_FAIL", "/usr/share/squid-langpack/it/ERR_DIR_LISTING", "/usr/share/squid-langpack/it/ERR_DNS_FAIL", "/usr/share/squid-langpack/it/ERR_ESI", "/usr/share/squid-langpack/it/ERR_FORWARDING_DENIED", "/usr/share/squid-langpack/it/ERR_FTP_DISABLED", "/usr/share/squid-langpack/it/ERR_FTP_FAILURE", "/usr/share/squid-langpack/it/ERR_FTP_FORBIDDEN", "/usr/share/squid-langpack/it/ERR_FTP_NOT_FOUND", "/usr/share/squid-langpack/it/ERR_FTP_PUT_CREATED", "/usr/share/squid-langpack/it/ERR_FTP_PUT_ERROR", "/usr/share/squid-langpack/it/ERR_FTP_PUT_MODIFIED", "/usr/share/squid-langpack/it/ERR_FTP_UNAVAILABLE", "/usr/share/squid-langpack/it/ERR_GATEWAY_FAILURE", "/usr/share/squid-langpack/it/ERR_ICAP_FAILURE", "/usr/share/squid-langpack/it/ERR_INVALID_REQ", "/usr/share/squid-langpack/it/ERR_INVALID_RESP", "/usr/share/squid-langpack/it/ERR_INVALID_URL", "/usr/share/squid-langpack/it/ERR_LIFETIME_EXP", "/usr/share/squid-langpack/it/ERR_NO_RELAY", "/usr/share/squid-langpack/it/ERR_ONLY_IF_CACHED_MISS", "/usr/share/squid-langpack/it/ERR_PRECONDITION_FAILED", "/usr/share/squid-langpack/it/ERR_PROTOCOL_UNKNOWN", "/usr/share/squid-langpack/it/ERR_READ_ERROR", "/usr/share/squid-langpack/it/ERR_READ_TIMEOUT", "/usr/share/squid-langpack/it/ERR_SECURE_CONNECT_FAIL", "/usr/share/squid-langpack/it/ERR_SHUTTING_DOWN", "/usr/share/squid-langpack/it/ERR_SOCKET_FAILURE", "/usr/share/squid-langpack/it/ERR_TOO_BIG", "/usr/share/squid-langpack/it/ERR_UNSUP_HTTPVERSION", "/usr/share/squid-langpack/it/ERR_UNSUP_REQ", "/usr/share/squid-langpack/it/ERR_URN_RESOLVE", "/usr/share/squid-langpack/it/ERR_WRITE_ERROR", "/usr/share/squid-langpack/it/ERR_ZERO_SIZE_OBJECT", "/usr/share/squid-langpack/it/error-details.txt", "/usr/share/squid-langpack/ja/ERR_ACCESS_DENIED", "/usr/share/squid-langpack/ja/ERR_ACL_TIME_QUOTA_EXCEEDED", "/usr/share/squid-langpack/ja/ERR_AGENT_CONFIGURE", "/usr/share/squid-langpack/ja/ERR_AGENT_WPAD", "/usr/share/squid-langpack/ja/ERR_CACHE_ACCESS_DENIED", "/usr/share/squid-langpack/ja/ERR_CACHE_MGR_ACCESS_DENIED", "/usr/share/squid-langpack/ja/ERR_CANNOT_FORWARD", "/usr/share/squid-langpack/ja/ERR_CONFLICT_HOST", "/usr/share/squid-langpack/ja/ERR_CONNECT_FAIL", "/usr/share/squid-langpack/ja/ERR_DIR_LISTING", "/usr/share/squid-langpack/ja/ERR_DNS_FAIL", "/usr/share/squid-langpack/ja/ERR_ESI", "/usr/share/squid-langpack/ja/ERR_FORWARDING_DENIED", "/usr/share/squid-langpack/ja/ERR_FTP_DISABLED", "/usr/share/squid-langpack/ja/ERR_FTP_FAILURE", "/usr/share/squid-langpack/ja/ERR_FTP_FORBIDDEN", "/usr/share/squid-langpack/ja/ERR_FTP_NOT_FOUND", "/usr/share/squid-langpack/ja/ERR_FTP_PUT_CREATED", "/usr/share/squid-langpack/ja/ERR_FTP_PUT_ERROR", "/usr/share/squid-langpack/ja/ERR_FTP_PUT_MODIFIED", "/usr/share/squid-langpack/ja/ERR_FTP_UNAVAILABLE", "/usr/share/squid-langpack/ja/ERR_GATEWAY_FAILURE", "/usr/share/squid-langpack/ja/ERR_ICAP_FAILURE", "/usr/share/squid-langpack/ja/ERR_INVALID_REQ", "/usr/share/squid-langpack/ja/ERR_INVALID_RESP", "/usr/share/squid-langpack/ja/ERR_INVALID_URL", "/usr/share/squid-langpack/ja/ERR_LIFETIME_EXP", "/usr/share/squid-langpack/ja/ERR_NO_RELAY", "/usr/share/squid-langpack/ja/ERR_ONLY_IF_CACHED_MISS", "/usr/share/squid-langpack/ja/ERR_PRECONDITION_FAILED", "/usr/share/squid-langpack/ja/ERR_PROTOCOL_UNKNOWN", "/usr/share/squid-langpack/ja/ERR_READ_ERROR", "/usr/share/squid-langpack/ja/ERR_READ_TIMEOUT", "/usr/share/squid-langpack/ja/ERR_SECURE_CONNECT_FAIL", "/usr/share/squid-langpack/ja/ERR_SHUTTING_DOWN", "/usr/share/squid-langpack/ja/ERR_SOCKET_FAILURE", "/usr/share/squid-langpack/ja/ERR_TOO_BIG", "/usr/share/squid-langpack/ja/ERR_UNSUP_HTTPVERSION", "/usr/share/squid-langpack/ja/ERR_UNSUP_REQ", "/usr/share/squid-langpack/ja/ERR_URN_RESOLVE", "/usr/share/squid-langpack/ja/ERR_WRITE_ERROR", "/usr/share/squid-langpack/ja/ERR_ZERO_SIZE_OBJECT", "/usr/share/squid-langpack/ja/error-details.txt", "/usr/share/squid-langpack/ka/ERR_ACCESS_DENIED", "/usr/share/squid-langpack/ka/ERR_ACL_TIME_QUOTA_EXCEEDED", "/usr/share/squid-langpack/ka/ERR_AGENT_CONFIGURE", "/usr/share/squid-langpack/ka/ERR_AGENT_WPAD", "/usr/share/squid-langpack/ka/ERR_CACHE_ACCESS_DENIED", "/usr/share/squid-langpack/ka/ERR_CACHE_MGR_ACCESS_DENIED", "/usr/share/squid-langpack/ka/ERR_CANNOT_FORWARD", "/usr/share/squid-langpack/ka/ERR_CONFLICT_HOST", "/usr/share/squid-langpack/ka/ERR_CONNECT_FAIL", "/usr/share/squid-langpack/ka/ERR_DIR_LISTING", "/usr/share/squid-langpack/ka/ERR_DNS_FAIL", "/usr/share/squid-langpack/ka/ERR_ESI", "/usr/share/squid-langpack/ka/ERR_FORWARDING_DENIED", "/usr/share/squid-langpack/ka/ERR_FTP_DISABLED", "/usr/share/squid-langpack/ka/ERR_FTP_FAILURE", "/usr/share/squid-langpack/ka/ERR_FTP_FORBIDDEN", "/usr/share/squid-langpack/ka/ERR_FTP_NOT_FOUND", "/usr/share/squid-langpack/ka/ERR_FTP_PUT_CREATED", "/usr/share/squid-langpack/ka/ERR_FTP_PUT_ERROR", "/usr/share/squid-langpack/ka/ERR_FTP_PUT_MODIFIED", "/usr/share/squid-langpack/ka/ERR_FTP_UNAVAILABLE", "/usr/share/squid-langpack/ka/ERR_GATEWAY_FAILURE", "/usr/share/squid-langpack/ka/ERR_ICAP_FAILURE", "/usr/share/squid-langpack/ka/ERR_INVALID_REQ", "/usr/share/squid-langpack/ka/ERR_INVALID_RESP", "/usr/share/squid-langpack/ka/ERR_INVALID_URL", "/usr/share/squid-langpack/ka/ERR_LIFETIME_EXP", "/usr/share/squid-langpack/ka/ERR_NO_RELAY", "/usr/share/squid-langpack/ka/ERR_ONLY_IF_CACHED_MISS", "/usr/share/squid-langpack/ka/ERR_PRECONDITION_FAILED", "/usr/share/squid-langpack/ka/ERR_PROTOCOL_UNKNOWN", "/usr/share/squid-langpack/ka/ERR_READ_ERROR", "/usr/share/squid-langpack/ka/ERR_READ_TIMEOUT", "/usr/share/squid-langpack/ka/ERR_SECURE_CONNECT_FAIL", "/usr/share/squid-langpack/ka/ERR_SHUTTING_DOWN", "/usr/share/squid-langpack/ka/ERR_SOCKET_FAILURE", "/usr/share/squid-langpack/ka/ERR_TOO_BIG", "/usr/share/squid-langpack/ka/ERR_UNSUP_HTTPVERSION", "/usr/share/squid-langpack/ka/ERR_UNSUP_REQ", "/usr/share/squid-langpack/ka/ERR_URN_RESOLVE", "/usr/share/squid-langpack/ka/ERR_WRITE_ERROR", "/usr/share/squid-langpack/ka/ERR_ZERO_SIZE_OBJECT", "/usr/share/squid-langpack/ka/error-details.txt", "/usr/share/squid-langpack/ko/ERR_ACCESS_DENIED", "/usr/share/squid-langpack/ko/ERR_ACL_TIME_QUOTA_EXCEEDED", "/usr/share/squid-langpack/ko/ERR_AGENT_CONFIGURE", "/usr/share/squid-langpack/ko/ERR_AGENT_WPAD", "/usr/share/squid-langpack/ko/ERR_CACHE_ACCESS_DENIED", "/usr/share/squid-langpack/ko/ERR_CACHE_MGR_ACCESS_DENIED", "/usr/share/squid-langpack/ko/ERR_CANNOT_FORWARD", "/usr/share/squid-langpack/ko/ERR_CONFLICT_HOST", "/usr/share/squid-langpack/ko/ERR_CONNECT_FAIL", "/usr/share/squid-langpack/ko/ERR_DIR_LISTING", "/usr/share/squid-langpack/ko/ERR_DNS_FAIL", "/usr/share/squid-langpack/ko/ERR_ESI", "/usr/share/squid-langpack/ko/ERR_FORWARDING_DENIED", "/usr/share/squid-langpack/ko/ERR_FTP_DISABLED", "/usr/share/squid-langpack/ko/ERR_FTP_FAILURE", "/usr/share/squid-langpack/ko/ERR_FTP_FORBIDDEN", "/usr/share/squid-langpack/ko/ERR_FTP_NOT_FOUND", "/usr/share/squid-langpack/ko/ERR_FTP_PUT_CREATED", "/usr/share/squid-langpack/ko/ERR_FTP_PUT_ERROR", "/usr/share/squid-langpack/ko/ERR_FTP_PUT_MODIFIED", "/usr/share/squid-langpack/ko/ERR_FTP_UNAVAILABLE", "/usr/share/squid-langpack/ko/ERR_GATEWAY_FAILURE", "/usr/share/squid-langpack/ko/ERR_ICAP_FAILURE", "/usr/share/squid-langpack/ko/ERR_INVALID_REQ", "/usr/share/squid-langpack/ko/ERR_INVALID_RESP", "/usr/share/squid-langpack/ko/ERR_INVALID_URL", "/usr/share/squid-langpack/ko/ERR_LIFETIME_EXP", "/usr/share/squid-langpack/ko/ERR_NO_RELAY", "/usr/share/squid-langpack/ko/ERR_ONLY_IF_CACHED_MISS", "/usr/share/squid-langpack/ko/ERR_PRECONDITION_FAILED", "/usr/share/squid-langpack/ko/ERR_PROTOCOL_UNKNOWN", "/usr/share/squid-langpack/ko/ERR_READ_ERROR", "/usr/share/squid-langpack/ko/ERR_READ_TIMEOUT", "/usr/share/squid-langpack/ko/ERR_SECURE_CONNECT_FAIL", "/usr/share/squid-langpack/ko/ERR_SHUTTING_DOWN", "/usr/share/squid-langpack/ko/ERR_SOCKET_FAILURE", "/usr/share/squid-langpack/ko/ERR_TOO_BIG", "/usr/share/squid-langpack/ko/ERR_UNSUP_HTTPVERSION", "/usr/share/squid-langpack/ko/ERR_UNSUP_REQ", "/usr/share/squid-langpack/ko/ERR_URN_RESOLVE", "/usr/share/squid-langpack/ko/ERR_WRITE_ERROR", "/usr/share/squid-langpack/ko/ERR_ZERO_SIZE_OBJECT", "/usr/share/squid-langpack/ko/error-details.txt", "/usr/share/squid-langpack/lt/ERR_ACCESS_DENIED", "/usr/share/squid-langpack/lt/ERR_ACL_TIME_QUOTA_EXCEEDED", "/usr/share/squid-langpack/lt/ERR_AGENT_CONFIGURE", "/usr/share/squid-langpack/lt/ERR_AGENT_WPAD", "/usr/share/squid-langpack/lt/ERR_CACHE_ACCESS_DENIED", "/usr/share/squid-langpack/lt/ERR_CACHE_MGR_ACCESS_DENIED", "/usr/share/squid-langpack/lt/ERR_CANNOT_FORWARD", "/usr/share/squid-langpack/lt/ERR_CONFLICT_HOST", "/usr/share/squid-langpack/lt/ERR_CONNECT_FAIL", "/usr/share/squid-langpack/lt/ERR_DIR_LISTING", "/usr/share/squid-langpack/lt/ERR_DNS_FAIL", "/usr/share/squid-langpack/lt/ERR_ESI", "/usr/share/squid-langpack/lt/ERR_FORWARDING_DENIED", "/usr/share/squid-langpack/lt/ERR_FTP_DISABLED", "/usr/share/squid-langpack/lt/ERR_FTP_FAILURE", "/usr/share/squid-langpack/lt/ERR_FTP_FORBIDDEN", "/usr/share/squid-langpack/lt/ERR_FTP_NOT_FOUND", "/usr/share/squid-langpack/lt/ERR_FTP_PUT_CREATED", "/usr/share/squid-langpack/lt/ERR_FTP_PUT_ERROR", "/usr/share/squid-langpack/lt/ERR_FTP_PUT_MODIFIED", "/usr/share/squid-langpack/lt/ERR_FTP_UNAVAILABLE", "/usr/share/squid-langpack/lt/ERR_GATEWAY_FAILURE", "/usr/share/squid-langpack/lt/ERR_ICAP_FAILURE", "/usr/share/squid-langpack/lt/ERR_INVALID_REQ", "/usr/share/squid-langpack/lt/ERR_INVALID_RESP", "/usr/share/squid-langpack/lt/ERR_INVALID_URL", "/usr/share/squid-langpack/lt/ERR_LIFETIME_EXP", "/usr/share/squid-langpack/lt/ERR_NO_RELAY", "/usr/share/squid-langpack/lt/ERR_ONLY_IF_CACHED_MISS", "/usr/share/squid-langpack/lt/ERR_PRECONDITION_FAILED", "/usr/share/squid-langpack/lt/ERR_PROTOCOL_UNKNOWN", "/usr/share/squid-langpack/lt/ERR_READ_ERROR", "/usr/share/squid-langpack/lt/ERR_READ_TIMEOUT", "/usr/share/squid-langpack/lt/ERR_SECURE_CONNECT_FAIL", "/usr/share/squid-langpack/lt/ERR_SHUTTING_DOWN", "/usr/share/squid-langpack/lt/ERR_SOCKET_FAILURE", "/usr/share/squid-langpack/lt/ERR_TOO_BIG", "/usr/share/squid-langpack/lt/ERR_UNSUP_HTTPVERSION", "/usr/share/squid-langpack/lt/ERR_UNSUP_REQ", "/usr/share/squid-langpack/lt/ERR_URN_RESOLVE", "/usr/share/squid-langpack/lt/ERR_WRITE_ERROR", "/usr/share/squid-langpack/lt/ERR_ZERO_SIZE_OBJECT", "/usr/share/squid-langpack/lt/error-details.txt", "/usr/share/squid-langpack/lv/ERR_ACCESS_DENIED", "/usr/share/squid-langpack/lv/ERR_ACL_TIME_QUOTA_EXCEEDED", "/usr/share/squid-langpack/lv/ERR_AGENT_CONFIGURE", "/usr/share/squid-langpack/lv/ERR_AGENT_WPAD", "/usr/share/squid-langpack/lv/ERR_CACHE_ACCESS_DENIED", "/usr/share/squid-langpack/lv/ERR_CACHE_MGR_ACCESS_DENIED", "/usr/share/squid-langpack/lv/ERR_CANNOT_FORWARD", "/usr/share/squid-langpack/lv/ERR_CONFLICT_HOST", "/usr/share/squid-langpack/lv/ERR_CONNECT_FAIL", "/usr/share/squid-langpack/lv/ERR_DIR_LISTING", "/usr/share/squid-langpack/lv/ERR_DNS_FAIL", "/usr/share/squid-langpack/lv/ERR_ESI", "/usr/share/squid-langpack/lv/ERR_FORWARDING_DENIED", "/usr/share/squid-langpack/lv/ERR_FTP_DISABLED", "/usr/share/squid-langpack/lv/ERR_FTP_FAILURE", "/usr/share/squid-langpack/lv/ERR_FTP_FORBIDDEN", "/usr/share/squid-langpack/lv/ERR_FTP_NOT_FOUND", "/usr/share/squid-langpack/lv/ERR_FTP_PUT_CREATED", "/usr/share/squid-langpack/lv/ERR_FTP_PUT_ERROR", "/usr/share/squid-langpack/lv/ERR_FTP_PUT_MODIFIED", "/usr/share/squid-langpack/lv/ERR_FTP_UNAVAILABLE", "/usr/share/squid-langpack/lv/ERR_GATEWAY_FAILURE", "/usr/share/squid-langpack/lv/ERR_ICAP_FAILURE", "/usr/share/squid-langpack/lv/ERR_INVALID_REQ", "/usr/share/squid-langpack/lv/ERR_INVALID_RESP", "/usr/share/squid-langpack/lv/ERR_INVALID_URL", "/usr/share/squid-langpack/lv/ERR_LIFETIME_EXP", "/usr/share/squid-langpack/lv/ERR_NO_RELAY", "/usr/share/squid-langpack/lv/ERR_ONLY_IF_CACHED_MISS", "/usr/share/squid-langpack/lv/ERR_PRECONDITION_FAILED", "/usr/share/squid-langpack/lv/ERR_PROTOCOL_UNKNOWN", "/usr/share/squid-langpack/lv/ERR_READ_ERROR", "/usr/share/squid-langpack/lv/ERR_READ_TIMEOUT", "/usr/share/squid-langpack/lv/ERR_SECURE_CONNECT_FAIL", "/usr/share/squid-langpack/lv/ERR_SHUTTING_DOWN", "/usr/share/squid-langpack/lv/ERR_SOCKET_FAILURE", "/usr/share/squid-langpack/lv/ERR_TOO_BIG", "/usr/share/squid-langpack/lv/ERR_UNSUP_HTTPVERSION", "/usr/share/squid-langpack/lv/ERR_UNSUP_REQ", "/usr/share/squid-langpack/lv/ERR_URN_RESOLVE", "/usr/share/squid-langpack/lv/ERR_WRITE_ERROR", "/usr/share/squid-langpack/lv/ERR_ZERO_SIZE_OBJECT", "/usr/share/squid-langpack/lv/error-details.txt", "/usr/share/squid-langpack/ms/ERR_ACCESS_DENIED", "/usr/share/squid-langpack/ms/ERR_ACL_TIME_QUOTA_EXCEEDED", "/usr/share/squid-langpack/ms/ERR_AGENT_CONFIGURE", "/usr/share/squid-langpack/ms/ERR_AGENT_WPAD", "/usr/share/squid-langpack/ms/ERR_CACHE_ACCESS_DENIED", "/usr/share/squid-langpack/ms/ERR_CACHE_MGR_ACCESS_DENIED", "/usr/share/squid-langpack/ms/ERR_CANNOT_FORWARD", "/usr/share/squid-langpack/ms/ERR_CONFLICT_HOST", "/usr/share/squid-langpack/ms/ERR_CONNECT_FAIL", "/usr/share/squid-langpack/ms/ERR_DIR_LISTING", "/usr/share/squid-langpack/ms/ERR_DNS_FAIL", "/usr/share/squid-langpack/ms/ERR_ESI", "/usr/share/squid-langpack/ms/ERR_FORWARDING_DENIED", "/usr/share/squid-langpack/ms/ERR_FTP_DISABLED", "/usr/share/squid-langpack/ms/ERR_FTP_FAILURE", "/usr/share/squid-langpack/ms/ERR_FTP_FORBIDDEN", "/usr/share/squid-langpack/ms/ERR_FTP_NOT_FOUND", "/usr/share/squid-langpack/ms/ERR_FTP_PUT_CREATED", "/usr/share/squid-langpack/ms/ERR_FTP_PUT_ERROR", "/usr/share/squid-langpack/ms/ERR_FTP_PUT_MODIFIED", "/usr/share/squid-langpack/ms/ERR_FTP_UNAVAILABLE", "/usr/share/squid-langpack/ms/ERR_GATEWAY_FAILURE", "/usr/share/squid-langpack/ms/ERR_ICAP_FAILURE", "/usr/share/squid-langpack/ms/ERR_INVALID_REQ", "/usr/share/squid-langpack/ms/ERR_INVALID_RESP", "/usr/share/squid-langpack/ms/ERR_INVALID_URL", "/usr/share/squid-langpack/ms/ERR_LIFETIME_EXP", "/usr/share/squid-langpack/ms/ERR_NO_RELAY", "/usr/share/squid-langpack/ms/ERR_ONLY_IF_CACHED_MISS", "/usr/share/squid-langpack/ms/ERR_PRECONDITION_FAILED", "/usr/share/squid-langpack/ms/ERR_PROTOCOL_UNKNOWN", "/usr/share/squid-langpack/ms/ERR_READ_ERROR", "/usr/share/squid-langpack/ms/ERR_READ_TIMEOUT", "/usr/share/squid-langpack/ms/ERR_SECURE_CONNECT_FAIL", "/usr/share/squid-langpack/ms/ERR_SHUTTING_DOWN", "/usr/share/squid-langpack/ms/ERR_SOCKET_FAILURE", "/usr/share/squid-langpack/ms/ERR_TOO_BIG", "/usr/share/squid-langpack/ms/ERR_UNSUP_HTTPVERSION", "/usr/share/squid-langpack/ms/ERR_UNSUP_REQ", "/usr/share/squid-langpack/ms/ERR_URN_RESOLVE", "/usr/share/squid-langpack/ms/ERR_WRITE_ERROR", "/usr/share/squid-langpack/ms/ERR_ZERO_SIZE_OBJECT", "/usr/share/squid-langpack/ms/error-details.txt", "/usr/share/squid-langpack/nl/ERR_ACCESS_DENIED", "/usr/share/squid-langpack/nl/ERR_ACL_TIME_QUOTA_EXCEEDED", "/usr/share/squid-langpack/nl/ERR_AGENT_CONFIGURE", "/usr/share/squid-langpack/nl/ERR_AGENT_WPAD", "/usr/share/squid-langpack/nl/ERR_CACHE_ACCESS_DENIED", "/usr/share/squid-langpack/nl/ERR_CACHE_MGR_ACCESS_DENIED", "/usr/share/squid-langpack/nl/ERR_CANNOT_FORWARD", "/usr/share/squid-langpack/nl/ERR_CONFLICT_HOST", "/usr/share/squid-langpack/nl/ERR_CONNECT_FAIL", "/usr/share/squid-langpack/nl/ERR_DIR_LISTING", "/usr/share/squid-langpack/nl/ERR_DNS_FAIL", "/usr/share/squid-langpack/nl/ERR_ESI", "/usr/share/squid-langpack/nl/ERR_FORWARDING_DENIED", "/usr/share/squid-langpack/nl/ERR_FTP_DISABLED", "/usr/share/squid-langpack/nl/ERR_FTP_FAILURE", "/usr/share/squid-langpack/nl/ERR_FTP_FORBIDDEN", "/usr/share/squid-langpack/nl/ERR_FTP_NOT_FOUND", "/usr/share/squid-langpack/nl/ERR_FTP_PUT_CREATED", "/usr/share/squid-langpack/nl/ERR_FTP_PUT_ERROR", "/usr/share/squid-langpack/nl/ERR_FTP_PUT_MODIFIED", "/usr/share/squid-langpack/nl/ERR_FTP_UNAVAILABLE", "/usr/share/squid-langpack/nl/ERR_GATEWAY_FAILURE", "/usr/share/squid-langpack/nl/ERR_ICAP_FAILURE", "/usr/share/squid-langpack/nl/ERR_INVALID_REQ", "/usr/share/squid-langpack/nl/ERR_INVALID_RESP", "/usr/share/squid-langpack/nl/ERR_INVALID_URL", "/usr/share/squid-langpack/nl/ERR_LIFETIME_EXP", "/usr/share/squid-langpack/nl/ERR_NO_RELAY", "/usr/share/squid-langpack/nl/ERR_ONLY_IF_CACHED_MISS", "/usr/share/squid-langpack/nl/ERR_PRECONDITION_FAILED", "/usr/share/squid-langpack/nl/ERR_PROTOCOL_UNKNOWN", "/usr/share/squid-langpack/nl/ERR_READ_ERROR", "/usr/share/squid-langpack/nl/ERR_READ_TIMEOUT", "/usr/share/squid-langpack/nl/ERR_SECURE_CONNECT_FAIL", "/usr/share/squid-langpack/nl/ERR_SHUTTING_DOWN", "/usr/share/squid-langpack/nl/ERR_SOCKET_FAILURE", "/usr/share/squid-langpack/nl/ERR_TOO_BIG", "/usr/share/squid-langpack/nl/ERR_UNSUP_HTTPVERSION", "/usr/share/squid-langpack/nl/ERR_UNSUP_REQ", "/usr/share/squid-langpack/nl/ERR_URN_RESOLVE", "/usr/share/squid-langpack/nl/ERR_WRITE_ERROR", "/usr/share/squid-langpack/nl/ERR_ZERO_SIZE_OBJECT", "/usr/share/squid-langpack/nl/error-details.txt", "/usr/share/squid-langpack/oc/ERR_ACCESS_DENIED", "/usr/share/squid-langpack/oc/ERR_ACL_TIME_QUOTA_EXCEEDED", "/usr/share/squid-langpack/oc/ERR_AGENT_CONFIGURE", "/usr/share/squid-langpack/oc/ERR_AGENT_WPAD", "/usr/share/squid-langpack/oc/ERR_CACHE_ACCESS_DENIED", "/usr/share/squid-langpack/oc/ERR_CACHE_MGR_ACCESS_DENIED", "/usr/share/squid-langpack/oc/ERR_CANNOT_FORWARD", "/usr/share/squid-langpack/oc/ERR_CONFLICT_HOST", "/usr/share/squid-langpack/oc/ERR_CONNECT_FAIL", "/usr/share/squid-langpack/oc/ERR_DIR_LISTING", "/usr/share/squid-langpack/oc/ERR_DNS_FAIL", "/usr/share/squid-langpack/oc/ERR_ESI", "/usr/share/squid-langpack/oc/ERR_FORWARDING_DENIED", "/usr/share/squid-langpack/oc/ERR_FTP_DISABLED", "/usr/share/squid-langpack/oc/ERR_FTP_FAILURE", "/usr/share/squid-langpack/oc/ERR_FTP_FORBIDDEN", "/usr/share/squid-langpack/oc/ERR_FTP_NOT_FOUND", "/usr/share/squid-langpack/oc/ERR_FTP_PUT_CREATED", "/usr/share/squid-langpack/oc/ERR_FTP_PUT_ERROR", "/usr/share/squid-langpack/oc/ERR_FTP_PUT_MODIFIED", "/usr/share/squid-langpack/oc/ERR_FTP_UNAVAILABLE", "/usr/share/squid-langpack/oc/ERR_GATEWAY_FAILURE", "/usr/share/squid-langpack/oc/ERR_ICAP_FAILURE", "/usr/share/squid-langpack/oc/ERR_INVALID_REQ", "/usr/share/squid-langpack/oc/ERR_INVALID_RESP", "/usr/share/squid-langpack/oc/ERR_INVALID_URL", "/usr/share/squid-langpack/oc/ERR_LIFETIME_EXP", "/usr/share/squid-langpack/oc/ERR_NO_RELAY", "/usr/share/squid-langpack/oc/ERR_ONLY_IF_CACHED_MISS", "/usr/share/squid-langpack/oc/ERR_PRECONDITION_FAILED", "/usr/share/squid-langpack/oc/ERR_PROTOCOL_UNKNOWN", "/usr/share/squid-langpack/oc/ERR_READ_ERROR", "/usr/share/squid-langpack/oc/ERR_READ_TIMEOUT", "/usr/share/squid-langpack/oc/ERR_SECURE_CONNECT_FAIL", "/usr/share/squid-langpack/oc/ERR_SHUTTING_DOWN", "/usr/share/squid-langpack/oc/ERR_SOCKET_FAILURE", "/usr/share/squid-langpack/oc/ERR_TOO_BIG", "/usr/share/squid-langpack/oc/ERR_UNSUP_HTTPVERSION", "/usr/share/squid-langpack/oc/ERR_UNSUP_REQ", "/usr/share/squid-langpack/oc/ERR_URN_RESOLVE", "/usr/share/squid-langpack/oc/ERR_WRITE_ERROR", "/usr/share/squid-langpack/oc/ERR_ZERO_SIZE_OBJECT", "/usr/share/squid-langpack/oc/error-details.txt", "/usr/share/squid-langpack/pl/ERR_ACCESS_DENIED", "/usr/share/squid-langpack/pl/ERR_ACL_TIME_QUOTA_EXCEEDED", "/usr/share/squid-langpack/pl/ERR_AGENT_CONFIGURE", "/usr/share/squid-langpack/pl/ERR_AGENT_WPAD", "/usr/share/squid-langpack/pl/ERR_CACHE_ACCESS_DENIED", "/usr/share/squid-langpack/pl/ERR_CACHE_MGR_ACCESS_DENIED", "/usr/share/squid-langpack/pl/ERR_CANNOT_FORWARD", "/usr/share/squid-langpack/pl/ERR_CONFLICT_HOST", "/usr/share/squid-langpack/pl/ERR_CONNECT_FAIL", "/usr/share/squid-langpack/pl/ERR_DIR_LISTING", "/usr/share/squid-langpack/pl/ERR_DNS_FAIL", "/usr/share/squid-langpack/pl/ERR_ESI", "/usr/share/squid-langpack/pl/ERR_FORWARDING_DENIED", "/usr/share/squid-langpack/pl/ERR_FTP_DISABLED", "/usr/share/squid-langpack/pl/ERR_FTP_FAILURE", "/usr/share/squid-langpack/pl/ERR_FTP_FORBIDDEN", "/usr/share/squid-langpack/pl/ERR_FTP_NOT_FOUND", "/usr/share/squid-langpack/pl/ERR_FTP_PUT_CREATED", "/usr/share/squid-langpack/pl/ERR_FTP_PUT_ERROR", "/usr/share/squid-langpack/pl/ERR_FTP_PUT_MODIFIED", "/usr/share/squid-langpack/pl/ERR_FTP_UNAVAILABLE", "/usr/share/squid-langpack/pl/ERR_GATEWAY_FAILURE", "/usr/share/squid-langpack/pl/ERR_ICAP_FAILURE", "/usr/share/squid-langpack/pl/ERR_INVALID_REQ", "/usr/share/squid-langpack/pl/ERR_INVALID_RESP", "/usr/share/squid-langpack/pl/ERR_INVALID_URL", "/usr/share/squid-langpack/pl/ERR_LIFETIME_EXP", "/usr/share/squid-langpack/pl/ERR_NO_RELAY", "/usr/share/squid-langpack/pl/ERR_ONLY_IF_CACHED_MISS", "/usr/share/squid-langpack/pl/ERR_PRECONDITION_FAILED", "/usr/share/squid-langpack/pl/ERR_PROTOCOL_UNKNOWN", "/usr/share/squid-langpack/pl/ERR_READ_ERROR", "/usr/share/squid-langpack/pl/ERR_READ_TIMEOUT", "/usr/share/squid-langpack/pl/ERR_SECURE_CONNECT_FAIL", "/usr/share/squid-langpack/pl/ERR_SHUTTING_DOWN", "/usr/share/squid-langpack/pl/ERR_SOCKET_FAILURE", "/usr/share/squid-langpack/pl/ERR_TOO_BIG", "/usr/share/squid-langpack/pl/ERR_UNSUP_HTTPVERSION", "/usr/share/squid-langpack/pl/ERR_UNSUP_REQ", "/usr/share/squid-langpack/pl/ERR_URN_RESOLVE", "/usr/share/squid-langpack/pl/ERR_WRITE_ERROR", "/usr/share/squid-langpack/pl/ERR_ZERO_SIZE_OBJECT", "/usr/share/squid-langpack/pl/error-details.txt", "/usr/share/squid-langpack/pt-br/ERR_ACCESS_DENIED", "/usr/share/squid-langpack/pt-br/ERR_ACL_TIME_QUOTA_EXCEEDED", "/usr/share/squid-langpack/pt-br/ERR_AGENT_CONFIGURE", "/usr/share/squid-langpack/pt-br/ERR_AGENT_WPAD", "/usr/share/squid-langpack/pt-br/ERR_CACHE_ACCESS_DENIED", "/usr/share/squid-langpack/pt-br/ERR_CACHE_MGR_ACCESS_DENIED", "/usr/share/squid-langpack/pt-br/ERR_CANNOT_FORWARD", "/usr/share/squid-langpack/pt-br/ERR_CONFLICT_HOST", "/usr/share/squid-langpack/pt-br/ERR_CONNECT_FAIL", "/usr/share/squid-langpack/pt-br/ERR_DIR_LISTING", "/usr/share/squid-langpack/pt-br/ERR_DNS_FAIL", "/usr/share/squid-langpack/pt-br/ERR_ESI", "/usr/share/squid-langpack/pt-br/ERR_FORWARDING_DENIED", "/usr/share/squid-langpack/pt-br/ERR_FTP_DISABLED", "/usr/share/squid-langpack/pt-br/ERR_FTP_FAILURE", "/usr/share/squid-langpack/pt-br/ERR_FTP_FORBIDDEN", "/usr/share/squid-langpack/pt-br/ERR_FTP_NOT_FOUND", "/usr/share/squid-langpack/pt-br/ERR_FTP_PUT_CREATED", "/usr/share/squid-langpack/pt-br/ERR_FTP_PUT_ERROR", "/usr/share/squid-langpack/pt-br/ERR_FTP_PUT_MODIFIED", "/usr/share/squid-langpack/pt-br/ERR_FTP_UNAVAILABLE", "/usr/share/squid-langpack/pt-br/ERR_GATEWAY_FAILURE", "/usr/share/squid-langpack/pt-br/ERR_ICAP_FAILURE", "/usr/share/squid-langpack/pt-br/ERR_INVALID_REQ", "/usr/share/squid-langpack/pt-br/ERR_INVALID_RESP", "/usr/share/squid-langpack/pt-br/ERR_INVALID_URL", "/usr/share/squid-langpack/pt-br/ERR_LIFETIME_EXP", "/usr/share/squid-langpack/pt-br/ERR_NO_RELAY", "/usr/share/squid-langpack/pt-br/ERR_ONLY_IF_CACHED_MISS", "/usr/share/squid-langpack/pt-br/ERR_PRECONDITION_FAILED", "/usr/share/squid-langpack/pt-br/ERR_PROTOCOL_UNKNOWN", "/usr/share/squid-langpack/pt-br/ERR_READ_ERROR", "/usr/share/squid-langpack/pt-br/ERR_READ_TIMEOUT", "/usr/share/squid-langpack/pt-br/ERR_SECURE_CONNECT_FAIL", "/usr/share/squid-langpack/pt-br/ERR_SHUTTING_DOWN", "/usr/share/squid-langpack/pt-br/ERR_SOCKET_FAILURE", "/usr/share/squid-langpack/pt-br/ERR_TOO_BIG", "/usr/share/squid-langpack/pt-br/ERR_UNSUP_HTTPVERSION", "/usr/share/squid-langpack/pt-br/ERR_UNSUP_REQ", "/usr/share/squid-langpack/pt-br/ERR_URN_RESOLVE", "/usr/share/squid-langpack/pt-br/ERR_WRITE_ERROR", "/usr/share/squid-langpack/pt-br/ERR_ZERO_SIZE_OBJECT", "/usr/share/squid-langpack/pt-br/error-details.txt", "/usr/share/squid-langpack/pt/ERR_ACCESS_DENIED", "/usr/share/squid-langpack/pt/ERR_ACL_TIME_QUOTA_EXCEEDED", "/usr/share/squid-langpack/pt/ERR_AGENT_CONFIGURE", "/usr/share/squid-langpack/pt/ERR_AGENT_WPAD", "/usr/share/squid-langpack/pt/ERR_CACHE_ACCESS_DENIED", "/usr/share/squid-langpack/pt/ERR_CACHE_MGR_ACCESS_DENIED", "/usr/share/squid-langpack/pt/ERR_CANNOT_FORWARD", "/usr/share/squid-langpack/pt/ERR_CONFLICT_HOST", "/usr/share/squid-langpack/pt/ERR_CONNECT_FAIL", "/usr/share/squid-langpack/pt/ERR_DIR_LISTING", "/usr/share/squid-langpack/pt/ERR_DNS_FAIL", "/usr/share/squid-langpack/pt/ERR_ESI", "/usr/share/squid-langpack/pt/ERR_FORWARDING_DENIED", "/usr/share/squid-langpack/pt/ERR_FTP_DISABLED", "/usr/share/squid-langpack/pt/ERR_FTP_FAILURE", "/usr/share/squid-langpack/pt/ERR_FTP_FORBIDDEN", "/usr/share/squid-langpack/pt/ERR_FTP_NOT_FOUND", "/usr/share/squid-langpack/pt/ERR_FTP_PUT_CREATED", "/usr/share/squid-langpack/pt/ERR_FTP_PUT_ERROR", "/usr/share/squid-langpack/pt/ERR_FTP_PUT_MODIFIED", "/usr/share/squid-langpack/pt/ERR_FTP_UNAVAILABLE", "/usr/share/squid-langpack/pt/ERR_GATEWAY_FAILURE", "/usr/share/squid-langpack/pt/ERR_ICAP_FAILURE", "/usr/share/squid-langpack/pt/ERR_INVALID_REQ", "/usr/share/squid-langpack/pt/ERR_INVALID_RESP", "/usr/share/squid-langpack/pt/ERR_INVALID_URL", "/usr/share/squid-langpack/pt/ERR_LIFETIME_EXP", "/usr/share/squid-langpack/pt/ERR_NO_RELAY", "/usr/share/squid-langpack/pt/ERR_ONLY_IF_CACHED_MISS", "/usr/share/squid-langpack/pt/ERR_PRECONDITION_FAILED", "/usr/share/squid-langpack/pt/ERR_PROTOCOL_UNKNOWN", "/usr/share/squid-langpack/pt/ERR_READ_ERROR", "/usr/share/squid-langpack/pt/ERR_READ_TIMEOUT", "/usr/share/squid-langpack/pt/ERR_SECURE_CONNECT_FAIL", "/usr/share/squid-langpack/pt/ERR_SHUTTING_DOWN", "/usr/share/squid-langpack/pt/ERR_SOCKET_FAILURE", "/usr/share/squid-langpack/pt/ERR_TOO_BIG", "/usr/share/squid-langpack/pt/ERR_UNSUP_HTTPVERSION", "/usr/share/squid-langpack/pt/ERR_UNSUP_REQ", "/usr/share/squid-langpack/pt/ERR_URN_RESOLVE", "/usr/share/squid-langpack/pt/ERR_WRITE_ERROR", "/usr/share/squid-langpack/pt/ERR_ZERO_SIZE_OBJECT", "/usr/share/squid-langpack/pt/error-details.txt", "/usr/share/squid-langpack/ro/ERR_ACCESS_DENIED", "/usr/share/squid-langpack/ro/ERR_ACL_TIME_QUOTA_EXCEEDED", "/usr/share/squid-langpack/ro/ERR_AGENT_CONFIGURE", "/usr/share/squid-langpack/ro/ERR_AGENT_WPAD", "/usr/share/squid-langpack/ro/ERR_CACHE_ACCESS_DENIED", "/usr/share/squid-langpack/ro/ERR_CACHE_MGR_ACCESS_DENIED", "/usr/share/squid-langpack/ro/ERR_CANNOT_FORWARD", "/usr/share/squid-langpack/ro/ERR_CONFLICT_HOST", "/usr/share/squid-langpack/ro/ERR_CONNECT_FAIL", "/usr/share/squid-langpack/ro/ERR_DIR_LISTING", "/usr/share/squid-langpack/ro/ERR_DNS_FAIL", "/usr/share/squid-langpack/ro/ERR_ESI", "/usr/share/squid-langpack/ro/ERR_FORWARDING_DENIED", "/usr/share/squid-langpack/ro/ERR_FTP_DISABLED", "/usr/share/squid-langpack/ro/ERR_FTP_FAILURE", "/usr/share/squid-langpack/ro/ERR_FTP_FORBIDDEN", "/usr/share/squid-langpack/ro/ERR_FTP_NOT_FOUND", "/usr/share/squid-langpack/ro/ERR_FTP_PUT_CREATED", "/usr/share/squid-langpack/ro/ERR_FTP_PUT_ERROR", "/usr/share/squid-langpack/ro/ERR_FTP_PUT_MODIFIED", "/usr/share/squid-langpack/ro/ERR_FTP_UNAVAILABLE", "/usr/share/squid-langpack/ro/ERR_GATEWAY_FAILURE", "/usr/share/squid-langpack/ro/ERR_ICAP_FAILURE", "/usr/share/squid-langpack/ro/ERR_INVALID_REQ", "/usr/share/squid-langpack/ro/ERR_INVALID_RESP", "/usr/share/squid-langpack/ro/ERR_INVALID_URL", "/usr/share/squid-langpack/ro/ERR_LIFETIME_EXP", "/usr/share/squid-langpack/ro/ERR_NO_RELAY", "/usr/share/squid-langpack/ro/ERR_ONLY_IF_CACHED_MISS", "/usr/share/squid-langpack/ro/ERR_PRECONDITION_FAILED", "/usr/share/squid-langpack/ro/ERR_PROTOCOL_UNKNOWN", "/usr/share/squid-langpack/ro/ERR_READ_ERROR", "/usr/share/squid-langpack/ro/ERR_READ_TIMEOUT", "/usr/share/squid-langpack/ro/ERR_SECURE_CONNECT_FAIL", "/usr/share/squid-langpack/ro/ERR_SHUTTING_DOWN", "/usr/share/squid-langpack/ro/ERR_SOCKET_FAILURE", "/usr/share/squid-langpack/ro/ERR_TOO_BIG", "/usr/share/squid-langpack/ro/ERR_UNSUP_HTTPVERSION", "/usr/share/squid-langpack/ro/ERR_UNSUP_REQ", "/usr/share/squid-langpack/ro/ERR_URN_RESOLVE", "/usr/share/squid-langpack/ro/ERR_WRITE_ERROR", "/usr/share/squid-langpack/ro/ERR_ZERO_SIZE_OBJECT", "/usr/share/squid-langpack/ro/error-details.txt", "/usr/share/squid-langpack/ru/ERR_ACCESS_DENIED", "/usr/share/squid-langpack/ru/ERR_ACL_TIME_QUOTA_EXCEEDED", "/usr/share/squid-langpack/ru/ERR_AGENT_CONFIGURE", "/usr/share/squid-langpack/ru/ERR_AGENT_WPAD", "/usr/share/squid-langpack/ru/ERR_CACHE_ACCESS_DENIED", "/usr/share/squid-langpack/ru/ERR_CACHE_MGR_ACCESS_DENIED", "/usr/share/squid-langpack/ru/ERR_CANNOT_FORWARD", "/usr/share/squid-langpack/ru/ERR_CONFLICT_HOST", "/usr/share/squid-langpack/ru/ERR_CONNECT_FAIL", "/usr/share/squid-langpack/ru/ERR_DIR_LISTING", "/usr/share/squid-langpack/ru/ERR_DNS_FAIL", "/usr/share/squid-langpack/ru/ERR_ESI", "/usr/share/squid-langpack/ru/ERR_FORWARDING_DENIED", "/usr/share/squid-langpack/ru/ERR_FTP_DISABLED", "/usr/share/squid-langpack/ru/ERR_FTP_FAILURE", "/usr/share/squid-langpack/ru/ERR_FTP_FORBIDDEN", "/usr/share/squid-langpack/ru/ERR_FTP_NOT_FOUND", "/usr/share/squid-langpack/ru/ERR_FTP_PUT_CREATED", "/usr/share/squid-langpack/ru/ERR_FTP_PUT_ERROR", "/usr/share/squid-langpack/ru/ERR_FTP_PUT_MODIFIED", "/usr/share/squid-langpack/ru/ERR_FTP_UNAVAILABLE", "/usr/share/squid-langpack/ru/ERR_GATEWAY_FAILURE", "/usr/share/squid-langpack/ru/ERR_ICAP_FAILURE", "/usr/share/squid-langpack/ru/ERR_INVALID_REQ", "/usr/share/squid-langpack/ru/ERR_INVALID_RESP", "/usr/share/squid-langpack/ru/ERR_INVALID_URL", "/usr/share/squid-langpack/ru/ERR_LIFETIME_EXP", "/usr/share/squid-langpack/ru/ERR_NO_RELAY", "/usr/share/squid-langpack/ru/ERR_ONLY_IF_CACHED_MISS", "/usr/share/squid-langpack/ru/ERR_PRECONDITION_FAILED", "/usr/share/squid-langpack/ru/ERR_PROTOCOL_UNKNOWN", "/usr/share/squid-langpack/ru/ERR_READ_ERROR", "/usr/share/squid-langpack/ru/ERR_READ_TIMEOUT", "/usr/share/squid-langpack/ru/ERR_SECURE_CONNECT_FAIL", "/usr/share/squid-langpack/ru/ERR_SHUTTING_DOWN", "/usr/share/squid-langpack/ru/ERR_SOCKET_FAILURE", "/usr/share/squid-langpack/ru/ERR_TOO_BIG", "/usr/share/squid-langpack/ru/ERR_UNSUP_HTTPVERSION", "/usr/share/squid-langpack/ru/ERR_UNSUP_REQ", "/usr/share/squid-langpack/ru/ERR_URN_RESOLVE", "/usr/share/squid-langpack/ru/ERR_WRITE_ERROR", "/usr/share/squid-langpack/ru/ERR_ZERO_SIZE_OBJECT", "/usr/share/squid-langpack/ru/error-details.txt", "/usr/share/squid-langpack/sk/ERR_ACCESS_DENIED", "/usr/share/squid-langpack/sk/ERR_ACL_TIME_QUOTA_EXCEEDED", "/usr/share/squid-langpack/sk/ERR_AGENT_CONFIGURE", "/usr/share/squid-langpack/sk/ERR_AGENT_WPAD", "/usr/share/squid-langpack/sk/ERR_CACHE_ACCESS_DENIED", "/usr/share/squid-langpack/sk/ERR_CACHE_MGR_ACCESS_DENIED", "/usr/share/squid-langpack/sk/ERR_CANNOT_FORWARD", "/usr/share/squid-langpack/sk/ERR_CONFLICT_HOST", "/usr/share/squid-langpack/sk/ERR_CONNECT_FAIL", "/usr/share/squid-langpack/sk/ERR_DIR_LISTING", "/usr/share/squid-langpack/sk/ERR_DNS_FAIL", "/usr/share/squid-langpack/sk/ERR_ESI", "/usr/share/squid-langpack/sk/ERR_FORWARDING_DENIED", "/usr/share/squid-langpack/sk/ERR_FTP_DISABLED", "/usr/share/squid-langpack/sk/ERR_FTP_FAILURE", "/usr/share/squid-langpack/sk/ERR_FTP_FORBIDDEN", "/usr/share/squid-langpack/sk/ERR_FTP_NOT_FOUND", "/usr/share/squid-langpack/sk/ERR_FTP_PUT_CREATED", "/usr/share/squid-langpack/sk/ERR_FTP_PUT_ERROR", "/usr/share/squid-langpack/sk/ERR_FTP_PUT_MODIFIED", "/usr/share/squid-langpack/sk/ERR_FTP_UNAVAILABLE", "/usr/share/squid-langpack/sk/ERR_GATEWAY_FAILURE", "/usr/share/squid-langpack/sk/ERR_ICAP_FAILURE", "/usr/share/squid-langpack/sk/ERR_INVALID_REQ", "/usr/share/squid-langpack/sk/ERR_INVALID_RESP", "/usr/share/squid-langpack/sk/ERR_INVALID_URL", "/usr/share/squid-langpack/sk/ERR_LIFETIME_EXP", "/usr/share/squid-langpack/sk/ERR_NO_RELAY", "/usr/share/squid-langpack/sk/ERR_ONLY_IF_CACHED_MISS", "/usr/share/squid-langpack/sk/ERR_PRECONDITION_FAILED", "/usr/share/squid-langpack/sk/ERR_PROTOCOL_UNKNOWN", "/usr/share/squid-langpack/sk/ERR_READ_ERROR", "/usr/share/squid-langpack/sk/ERR_READ_TIMEOUT", "/usr/share/squid-langpack/sk/ERR_SECURE_CONNECT_FAIL", "/usr/share/squid-langpack/sk/ERR_SHUTTING_DOWN", "/usr/share/squid-langpack/sk/ERR_SOCKET_FAILURE", "/usr/share/squid-langpack/sk/ERR_TOO_BIG", "/usr/share/squid-langpack/sk/ERR_UNSUP_HTTPVERSION", "/usr/share/squid-langpack/sk/ERR_UNSUP_REQ", "/usr/share/squid-langpack/sk/ERR_URN_RESOLVE", "/usr/share/squid-langpack/sk/ERR_WRITE_ERROR", "/usr/share/squid-langpack/sk/ERR_ZERO_SIZE_OBJECT", "/usr/share/squid-langpack/sk/error-details.txt", "/usr/share/squid-langpack/sl/ERR_ACCESS_DENIED", "/usr/share/squid-langpack/sl/ERR_ACL_TIME_QUOTA_EXCEEDED", "/usr/share/squid-langpack/sl/ERR_AGENT_CONFIGURE", "/usr/share/squid-langpack/sl/ERR_AGENT_WPAD", "/usr/share/squid-langpack/sl/ERR_CACHE_ACCESS_DENIED", "/usr/share/squid-langpack/sl/ERR_CACHE_MGR_ACCESS_DENIED", "/usr/share/squid-langpack/sl/ERR_CANNOT_FORWARD", "/usr/share/squid-langpack/sl/ERR_CONFLICT_HOST", "/usr/share/squid-langpack/sl/ERR_CONNECT_FAIL", "/usr/share/squid-langpack/sl/ERR_DIR_LISTING", "/usr/share/squid-langpack/sl/ERR_DNS_FAIL", "/usr/share/squid-langpack/sl/ERR_ESI", "/usr/share/squid-langpack/sl/ERR_FORWARDING_DENIED", "/usr/share/squid-langpack/sl/ERR_FTP_DISABLED", "/usr/share/squid-langpack/sl/ERR_FTP_FAILURE", "/usr/share/squid-langpack/sl/ERR_FTP_FORBIDDEN", "/usr/share/squid-langpack/sl/ERR_FTP_NOT_FOUND", "/usr/share/squid-langpack/sl/ERR_FTP_PUT_CREATED", "/usr/share/squid-langpack/sl/ERR_FTP_PUT_ERROR", "/usr/share/squid-langpack/sl/ERR_FTP_PUT_MODIFIED", "/usr/share/squid-langpack/sl/ERR_FTP_UNAVAILABLE", "/usr/share/squid-langpack/sl/ERR_GATEWAY_FAILURE", "/usr/share/squid-langpack/sl/ERR_ICAP_FAILURE", "/usr/share/squid-langpack/sl/ERR_INVALID_REQ", "/usr/share/squid-langpack/sl/ERR_INVALID_RESP", "/usr/share/squid-langpack/sl/ERR_INVALID_URL", "/usr/share/squid-langpack/sl/ERR_LIFETIME_EXP", "/usr/share/squid-langpack/sl/ERR_NO_RELAY", "/usr/share/squid-langpack/sl/ERR_ONLY_IF_CACHED_MISS", "/usr/share/squid-langpack/sl/ERR_PRECONDITION_FAILED", "/usr/share/squid-langpack/sl/ERR_PROTOCOL_UNKNOWN", "/usr/share/squid-langpack/sl/ERR_READ_ERROR", "/usr/share/squid-langpack/sl/ERR_READ_TIMEOUT", "/usr/share/squid-langpack/sl/ERR_SECURE_CONNECT_FAIL", "/usr/share/squid-langpack/sl/ERR_SHUTTING_DOWN", "/usr/share/squid-langpack/sl/ERR_SOCKET_FAILURE", "/usr/share/squid-langpack/sl/ERR_TOO_BIG", "/usr/share/squid-langpack/sl/ERR_UNSUP_HTTPVERSION", "/usr/share/squid-langpack/sl/ERR_UNSUP_REQ", "/usr/share/squid-langpack/sl/ERR_URN_RESOLVE", "/usr/share/squid-langpack/sl/ERR_WRITE_ERROR", "/usr/share/squid-langpack/sl/ERR_ZERO_SIZE_OBJECT", "/usr/share/squid-langpack/sl/error-details.txt", "/usr/share/squid-langpack/sr-cyrl/ERR_ACCESS_DENIED", "/usr/share/squid-langpack/sr-cyrl/ERR_ACL_TIME_QUOTA_EXCEEDED", "/usr/share/squid-langpack/sr-cyrl/ERR_AGENT_CONFIGURE", "/usr/share/squid-langpack/sr-cyrl/ERR_AGENT_WPAD", "/usr/share/squid-langpack/sr-cyrl/ERR_CACHE_ACCESS_DENIED", "/usr/share/squid-langpack/sr-cyrl/ERR_CACHE_MGR_ACCESS_DENIED", "/usr/share/squid-langpack/sr-cyrl/ERR_CANNOT_FORWARD", "/usr/share/squid-langpack/sr-cyrl/ERR_CONFLICT_HOST", "/usr/share/squid-langpack/sr-cyrl/ERR_CONNECT_FAIL", "/usr/share/squid-langpack/sr-cyrl/ERR_DIR_LISTING", "/usr/share/squid-langpack/sr-cyrl/ERR_DNS_FAIL", "/usr/share/squid-langpack/sr-cyrl/ERR_ESI", "/usr/share/squid-langpack/sr-cyrl/ERR_FORWARDING_DENIED", "/usr/share/squid-langpack/sr-cyrl/ERR_FTP_DISABLED", "/usr/share/squid-langpack/sr-cyrl/ERR_FTP_FAILURE", "/usr/share/squid-langpack/sr-cyrl/ERR_FTP_FORBIDDEN", "/usr/share/squid-langpack/sr-cyrl/ERR_FTP_NOT_FOUND", "/usr/share/squid-langpack/sr-cyrl/ERR_FTP_PUT_CREATED", "/usr/share/squid-langpack/sr-cyrl/ERR_FTP_PUT_ERROR", "/usr/share/squid-langpack/sr-cyrl/ERR_FTP_PUT_MODIFIED", "/usr/share/squid-langpack/sr-cyrl/ERR_FTP_UNAVAILABLE", "/usr/share/squid-langpack/sr-cyrl/ERR_GATEWAY_FAILURE", "/usr/share/squid-langpack/sr-cyrl/ERR_ICAP_FAILURE", "/usr/share/squid-langpack/sr-cyrl/ERR_INVALID_REQ", "/usr/share/squid-langpack/sr-cyrl/ERR_INVALID_RESP", "/usr/share/squid-langpack/sr-cyrl/ERR_INVALID_URL", "/usr/share/squid-langpack/sr-cyrl/ERR_LIFETIME_EXP", "/usr/share/squid-langpack/sr-cyrl/ERR_NO_RELAY", "/usr/share/squid-langpack/sr-cyrl/ERR_ONLY_IF_CACHED_MISS", "/usr/share/squid-langpack/sr-cyrl/ERR_PRECONDITION_FAILED", "/usr/share/squid-langpack/sr-cyrl/ERR_PROTOCOL_UNKNOWN", "/usr/share/squid-langpack/sr-cyrl/ERR_READ_ERROR", "/usr/share/squid-langpack/sr-cyrl/ERR_READ_TIMEOUT", "/usr/share/squid-langpack/sr-cyrl/ERR_SECURE_CONNECT_FAIL", "/usr/share/squid-langpack/sr-cyrl/ERR_SHUTTING_DOWN", "/usr/share/squid-langpack/sr-cyrl/ERR_SOCKET_FAILURE", "/usr/share/squid-langpack/sr-cyrl/ERR_TOO_BIG", "/usr/share/squid-langpack/sr-cyrl/ERR_UNSUP_HTTPVERSION", "/usr/share/squid-langpack/sr-cyrl/ERR_UNSUP_REQ", "/usr/share/squid-langpack/sr-cyrl/ERR_URN_RESOLVE", "/usr/share/squid-langpack/sr-cyrl/ERR_WRITE_ERROR", "/usr/share/squid-langpack/sr-cyrl/ERR_ZERO_SIZE_OBJECT", "/usr/share/squid-langpack/sr-cyrl/error-details.txt", "/usr/share/squid-langpack/sr-latn/ERR_ACCESS_DENIED", "/usr/share/squid-langpack/sr-latn/ERR_ACL_TIME_QUOTA_EXCEEDED", "/usr/share/squid-langpack/sr-latn/ERR_AGENT_CONFIGURE", "/usr/share/squid-langpack/sr-latn/ERR_AGENT_WPAD", "/usr/share/squid-langpack/sr-latn/ERR_CACHE_ACCESS_DENIED", "/usr/share/squid-langpack/sr-latn/ERR_CACHE_MGR_ACCESS_DENIED", "/usr/share/squid-langpack/sr-latn/ERR_CANNOT_FORWARD", "/usr/share/squid-langpack/sr-latn/ERR_CONFLICT_HOST", "/usr/share/squid-langpack/sr-latn/ERR_CONNECT_FAIL", "/usr/share/squid-langpack/sr-latn/ERR_DIR_LISTING", "/usr/share/squid-langpack/sr-latn/ERR_DNS_FAIL", "/usr/share/squid-langpack/sr-latn/ERR_ESI", "/usr/share/squid-langpack/sr-latn/ERR_FORWARDING_DENIED", "/usr/share/squid-langpack/sr-latn/ERR_FTP_DISABLED", "/usr/share/squid-langpack/sr-latn/ERR_FTP_FAILURE", "/usr/share/squid-langpack/sr-latn/ERR_FTP_FORBIDDEN", "/usr/share/squid-langpack/sr-latn/ERR_FTP_NOT_FOUND", "/usr/share/squid-langpack/sr-latn/ERR_FTP_PUT_CREATED", "/usr/share/squid-langpack/sr-latn/ERR_FTP_PUT_ERROR", "/usr/share/squid-langpack/sr-latn/ERR_FTP_PUT_MODIFIED", "/usr/share/squid-langpack/sr-latn/ERR_FTP_UNAVAILABLE", "/usr/share/squid-langpack/sr-latn/ERR_GATEWAY_FAILURE", "/usr/share/squid-langpack/sr-latn/ERR_ICAP_FAILURE", "/usr/share/squid-langpack/sr-latn/ERR_INVALID_REQ", "/usr/share/squid-langpack/sr-latn/ERR_INVALID_RESP", "/usr/share/squid-langpack/sr-latn/ERR_INVALID_URL", "/usr/share/squid-langpack/sr-latn/ERR_LIFETIME_EXP", "/usr/share/squid-langpack/sr-latn/ERR_NO_RELAY", "/usr/share/squid-langpack/sr-latn/ERR_ONLY_IF_CACHED_MISS", "/usr/share/squid-langpack/sr-latn/ERR_PRECONDITION_FAILED", "/usr/share/squid-langpack/sr-latn/ERR_PROTOCOL_UNKNOWN", "/usr/share/squid-langpack/sr-latn/ERR_READ_ERROR", "/usr/share/squid-langpack/sr-latn/ERR_READ_TIMEOUT", "/usr/share/squid-langpack/sr-latn/ERR_SECURE_CONNECT_FAIL", "/usr/share/squid-langpack/sr-latn/ERR_SHUTTING_DOWN", "/usr/share/squid-langpack/sr-latn/ERR_SOCKET_FAILURE", "/usr/share/squid-langpack/sr-latn/ERR_TOO_BIG", "/usr/share/squid-langpack/sr-latn/ERR_UNSUP_HTTPVERSION", "/usr/share/squid-langpack/sr-latn/ERR_UNSUP_REQ", "/usr/share/squid-langpack/sr-latn/ERR_URN_RESOLVE", "/usr/share/squid-langpack/sr-latn/ERR_WRITE_ERROR", "/usr/share/squid-langpack/sr-latn/ERR_ZERO_SIZE_OBJECT", "/usr/share/squid-langpack/sr-latn/error-details.txt", "/usr/share/squid-langpack/sv/ERR_ACCESS_DENIED", "/usr/share/squid-langpack/sv/ERR_ACL_TIME_QUOTA_EXCEEDED", "/usr/share/squid-langpack/sv/ERR_AGENT_CONFIGURE", "/usr/share/squid-langpack/sv/ERR_AGENT_WPAD", "/usr/share/squid-langpack/sv/ERR_CACHE_ACCESS_DENIED", "/usr/share/squid-langpack/sv/ERR_CACHE_MGR_ACCESS_DENIED", "/usr/share/squid-langpack/sv/ERR_CANNOT_FORWARD", "/usr/share/squid-langpack/sv/ERR_CONFLICT_HOST", "/usr/share/squid-langpack/sv/ERR_CONNECT_FAIL", "/usr/share/squid-langpack/sv/ERR_DIR_LISTING", "/usr/share/squid-langpack/sv/ERR_DNS_FAIL", "/usr/share/squid-langpack/sv/ERR_ESI", "/usr/share/squid-langpack/sv/ERR_FORWARDING_DENIED", "/usr/share/squid-langpack/sv/ERR_FTP_DISABLED", "/usr/share/squid-langpack/sv/ERR_FTP_FAILURE", "/usr/share/squid-langpack/sv/ERR_FTP_FORBIDDEN", "/usr/share/squid-langpack/sv/ERR_FTP_NOT_FOUND", "/usr/share/squid-langpack/sv/ERR_FTP_PUT_CREATED", "/usr/share/squid-langpack/sv/ERR_FTP_PUT_ERROR", "/usr/share/squid-langpack/sv/ERR_FTP_PUT_MODIFIED", "/usr/share/squid-langpack/sv/ERR_FTP_UNAVAILABLE", "/usr/share/squid-langpack/sv/ERR_GATEWAY_FAILURE", "/usr/share/squid-langpack/sv/ERR_ICAP_FAILURE", "/usr/share/squid-langpack/sv/ERR_INVALID_REQ", "/usr/share/squid-langpack/sv/ERR_INVALID_RESP", "/usr/share/squid-langpack/sv/ERR_INVALID_URL", "/usr/share/squid-langpack/sv/ERR_LIFETIME_EXP", "/usr/share/squid-langpack/sv/ERR_NO_RELAY", "/usr/share/squid-langpack/sv/ERR_ONLY_IF_CACHED_MISS", "/usr/share/squid-langpack/sv/ERR_PRECONDITION_FAILED", "/usr/share/squid-langpack/sv/ERR_PROTOCOL_UNKNOWN", "/usr/share/squid-langpack/sv/ERR_READ_ERROR", "/usr/share/squid-langpack/sv/ERR_READ_TIMEOUT", "/usr/share/squid-langpack/sv/ERR_SECURE_CONNECT_FAIL", "/usr/share/squid-langpack/sv/ERR_SHUTTING_DOWN", "/usr/share/squid-langpack/sv/ERR_SOCKET_FAILURE", "/usr/share/squid-langpack/sv/ERR_TOO_BIG", "/usr/share/squid-langpack/sv/ERR_UNSUP_HTTPVERSION", "/usr/share/squid-langpack/sv/ERR_UNSUP_REQ", "/usr/share/squid-langpack/sv/ERR_URN_RESOLVE", "/usr/share/squid-langpack/sv/ERR_WRITE_ERROR", "/usr/share/squid-langpack/sv/ERR_ZERO_SIZE_OBJECT", "/usr/share/squid-langpack/sv/error-details.txt", "/usr/share/squid-langpack/templates/ERR_ACCESS_DENIED", "/usr/share/squid-langpack/templates/ERR_ACL_TIME_QUOTA_EXCEEDED", "/usr/share/squid-langpack/templates/ERR_AGENT_CONFIGURE", "/usr/share/squid-langpack/templates/ERR_AGENT_WPAD", "/usr/share/squid-langpack/templates/ERR_CACHE_ACCESS_DENIED", "/usr/share/squid-langpack/templates/ERR_CACHE_MGR_ACCESS_DENIED", "/usr/share/squid-langpack/templates/ERR_CANNOT_FORWARD", "/usr/share/squid-langpack/templates/ERR_CONFLICT_HOST", "/usr/share/squid-langpack/templates/ERR_CONNECT_FAIL", "/usr/share/squid-langpack/templates/ERR_DIR_LISTING", "/usr/share/squid-langpack/templates/ERR_DNS_FAIL", "/usr/share/squid-langpack/templates/ERR_ESI", "/usr/share/squid-langpack/templates/ERR_FORWARDING_DENIED", "/usr/share/squid-langpack/templates/ERR_FTP_DISABLED", "/usr/share/squid-langpack/templates/ERR_FTP_FAILURE", "/usr/share/squid-langpack/templates/ERR_FTP_FORBIDDEN", "/usr/share/squid-langpack/templates/ERR_FTP_NOT_FOUND", "/usr/share/squid-langpack/templates/ERR_FTP_PUT_CREATED", "/usr/share/squid-langpack/templates/ERR_FTP_PUT_ERROR", "/usr/share/squid-langpack/templates/ERR_FTP_PUT_MODIFIED", "/usr/share/squid-langpack/templates/ERR_FTP_UNAVAILABLE", "/usr/share/squid-langpack/templates/ERR_GATEWAY_FAILURE", "/usr/share/squid-langpack/templates/ERR_ICAP_FAILURE", "/usr/share/squid-langpack/templates/ERR_INVALID_REQ", "/usr/share/squid-langpack/templates/ERR_INVALID_RESP", "/usr/share/squid-langpack/templates/ERR_INVALID_URL", "/usr/share/squid-langpack/templates/ERR_LIFETIME_EXP", "/usr/share/squid-langpack/templates/ERR_NO_RELAY", "/usr/share/squid-langpack/templates/ERR_ONLY_IF_CACHED_MISS", "/usr/share/squid-langpack/templates/ERR_PRECONDITION_FAILED", "/usr/share/squid-langpack/templates/ERR_PROTOCOL_UNKNOWN", "/usr/share/squid-langpack/templates/ERR_READ_ERROR", "/usr/share/squid-langpack/templates/ERR_READ_TIMEOUT", "/usr/share/squid-langpack/templates/ERR_SECURE_CONNECT_FAIL", "/usr/share/squid-langpack/templates/ERR_SHUTTING_DOWN", "/usr/share/squid-langpack/templates/ERR_SOCKET_FAILURE", "/usr/share/squid-langpack/templates/ERR_TOO_BIG", "/usr/share/squid-langpack/templates/ERR_UNSUP_HTTPVERSION", "/usr/share/squid-langpack/templates/ERR_UNSUP_REQ", "/usr/share/squid-langpack/templates/ERR_URN_RESOLVE", "/usr/share/squid-langpack/templates/ERR_WRITE_ERROR", "/usr/share/squid-langpack/templates/ERR_ZERO_SIZE_OBJECT", "/usr/share/squid-langpack/templates/error-details.txt", "/usr/share/squid-langpack/templates/generic", "/usr/share/squid-langpack/th/ERR_ACCESS_DENIED", "/usr/share/squid-langpack/th/ERR_ACL_TIME_QUOTA_EXCEEDED", "/usr/share/squid-langpack/th/ERR_AGENT_CONFIGURE", "/usr/share/squid-langpack/th/ERR_AGENT_WPAD", "/usr/share/squid-langpack/th/ERR_CACHE_ACCESS_DENIED", "/usr/share/squid-langpack/th/ERR_CACHE_MGR_ACCESS_DENIED", "/usr/share/squid-langpack/th/ERR_CANNOT_FORWARD", "/usr/share/squid-langpack/th/ERR_CONFLICT_HOST", "/usr/share/squid-langpack/th/ERR_CONNECT_FAIL", "/usr/share/squid-langpack/th/ERR_DIR_LISTING", "/usr/share/squid-langpack/th/ERR_DNS_FAIL", "/usr/share/squid-langpack/th/ERR_ESI", "/usr/share/squid-langpack/th/ERR_FORWARDING_DENIED", "/usr/share/squid-langpack/th/ERR_FTP_DISABLED", "/usr/share/squid-langpack/th/ERR_FTP_FAILURE", "/usr/share/squid-langpack/th/ERR_FTP_FORBIDDEN", "/usr/share/squid-langpack/th/ERR_FTP_NOT_FOUND", "/usr/share/squid-langpack/th/ERR_FTP_PUT_CREATED", "/usr/share/squid-langpack/th/ERR_FTP_PUT_ERROR", "/usr/share/squid-langpack/th/ERR_FTP_PUT_MODIFIED", "/usr/share/squid-langpack/th/ERR_FTP_UNAVAILABLE", "/usr/share/squid-langpack/th/ERR_GATEWAY_FAILURE", "/usr/share/squid-langpack/th/ERR_ICAP_FAILURE", "/usr/share/squid-langpack/th/ERR_INVALID_REQ", "/usr/share/squid-langpack/th/ERR_INVALID_RESP", "/usr/share/squid-langpack/th/ERR_INVALID_URL", "/usr/share/squid-langpack/th/ERR_LIFETIME_EXP", "/usr/share/squid-langpack/th/ERR_NO_RELAY", "/usr/share/squid-langpack/th/ERR_ONLY_IF_CACHED_MISS", "/usr/share/squid-langpack/th/ERR_PRECONDITION_FAILED", "/usr/share/squid-langpack/th/ERR_PROTOCOL_UNKNOWN", "/usr/share/squid-langpack/th/ERR_READ_ERROR", "/usr/share/squid-langpack/th/ERR_READ_TIMEOUT", "/usr/share/squid-langpack/th/ERR_SECURE_CONNECT_FAIL", "/usr/share/squid-langpack/th/ERR_SHUTTING_DOWN", "/usr/share/squid-langpack/th/ERR_SOCKET_FAILURE", "/usr/share/squid-langpack/th/ERR_TOO_BIG", "/usr/share/squid-langpack/th/ERR_UNSUP_HTTPVERSION", "/usr/share/squid-langpack/th/ERR_UNSUP_REQ", "/usr/share/squid-langpack/th/ERR_URN_RESOLVE", "/usr/share/squid-langpack/th/ERR_WRITE_ERROR", "/usr/share/squid-langpack/th/ERR_ZERO_SIZE_OBJECT", "/usr/share/squid-langpack/th/error-details.txt", "/usr/share/squid-langpack/tr/ERR_ACCESS_DENIED", "/usr/share/squid-langpack/tr/ERR_ACL_TIME_QUOTA_EXCEEDED", "/usr/share/squid-langpack/tr/ERR_AGENT_CONFIGURE", "/usr/share/squid-langpack/tr/ERR_AGENT_WPAD", "/usr/share/squid-langpack/tr/ERR_CACHE_ACCESS_DENIED", "/usr/share/squid-langpack/tr/ERR_CACHE_MGR_ACCESS_DENIED", "/usr/share/squid-langpack/tr/ERR_CANNOT_FORWARD", "/usr/share/squid-langpack/tr/ERR_CONFLICT_HOST", "/usr/share/squid-langpack/tr/ERR_CONNECT_FAIL", "/usr/share/squid-langpack/tr/ERR_DIR_LISTING", "/usr/share/squid-langpack/tr/ERR_DNS_FAIL", "/usr/share/squid-langpack/tr/ERR_ESI", "/usr/share/squid-langpack/tr/ERR_FORWARDING_DENIED", "/usr/share/squid-langpack/tr/ERR_FTP_DISABLED", "/usr/share/squid-langpack/tr/ERR_FTP_FAILURE", "/usr/share/squid-langpack/tr/ERR_FTP_FORBIDDEN", "/usr/share/squid-langpack/tr/ERR_FTP_NOT_FOUND", "/usr/share/squid-langpack/tr/ERR_FTP_PUT_CREATED", "/usr/share/squid-langpack/tr/ERR_FTP_PUT_ERROR", "/usr/share/squid-langpack/tr/ERR_FTP_PUT_MODIFIED", "/usr/share/squid-langpack/tr/ERR_FTP_UNAVAILABLE", "/usr/share/squid-langpack/tr/ERR_GATEWAY_FAILURE", "/usr/share/squid-langpack/tr/ERR_ICAP_FAILURE", "/usr/share/squid-langpack/tr/ERR_INVALID_REQ", "/usr/share/squid-langpack/tr/ERR_INVALID_RESP", "/usr/share/squid-langpack/tr/ERR_INVALID_URL", "/usr/share/squid-langpack/tr/ERR_LIFETIME_EXP", "/usr/share/squid-langpack/tr/ERR_NO_RELAY", "/usr/share/squid-langpack/tr/ERR_ONLY_IF_CACHED_MISS", "/usr/share/squid-langpack/tr/ERR_PRECONDITION_FAILED", "/usr/share/squid-langpack/tr/ERR_PROTOCOL_UNKNOWN", "/usr/share/squid-langpack/tr/ERR_READ_ERROR", "/usr/share/squid-langpack/tr/ERR_READ_TIMEOUT", "/usr/share/squid-langpack/tr/ERR_SECURE_CONNECT_FAIL", "/usr/share/squid-langpack/tr/ERR_SHUTTING_DOWN", "/usr/share/squid-langpack/tr/ERR_SOCKET_FAILURE", "/usr/share/squid-langpack/tr/ERR_TOO_BIG", "/usr/share/squid-langpack/tr/ERR_UNSUP_HTTPVERSION", "/usr/share/squid-langpack/tr/ERR_UNSUP_REQ", "/usr/share/squid-langpack/tr/ERR_URN_RESOLVE", "/usr/share/squid-langpack/tr/ERR_WRITE_ERROR", "/usr/share/squid-langpack/tr/ERR_ZERO_SIZE_OBJECT", "/usr/share/squid-langpack/tr/error-details.txt", "/usr/share/squid-langpack/uk/ERR_ACCESS_DENIED", "/usr/share/squid-langpack/uk/ERR_ACL_TIME_QUOTA_EXCEEDED", "/usr/share/squid-langpack/uk/ERR_AGENT_CONFIGURE", "/usr/share/squid-langpack/uk/ERR_AGENT_WPAD", "/usr/share/squid-langpack/uk/ERR_CACHE_ACCESS_DENIED", "/usr/share/squid-langpack/uk/ERR_CACHE_MGR_ACCESS_DENIED", "/usr/share/squid-langpack/uk/ERR_CANNOT_FORWARD", "/usr/share/squid-langpack/uk/ERR_CONFLICT_HOST", "/usr/share/squid-langpack/uk/ERR_CONNECT_FAIL", "/usr/share/squid-langpack/uk/ERR_DIR_LISTING", "/usr/share/squid-langpack/uk/ERR_DNS_FAIL", "/usr/share/squid-langpack/uk/ERR_ESI", "/usr/share/squid-langpack/uk/ERR_FORWARDING_DENIED", "/usr/share/squid-langpack/uk/ERR_FTP_DISABLED", "/usr/share/squid-langpack/uk/ERR_FTP_FAILURE", "/usr/share/squid-langpack/uk/ERR_FTP_FORBIDDEN", "/usr/share/squid-langpack/uk/ERR_FTP_NOT_FOUND", "/usr/share/squid-langpack/uk/ERR_FTP_PUT_CREATED", "/usr/share/squid-langpack/uk/ERR_FTP_PUT_ERROR", "/usr/share/squid-langpack/uk/ERR_FTP_PUT_MODIFIED", "/usr/share/squid-langpack/uk/ERR_FTP_UNAVAILABLE", "/usr/share/squid-langpack/uk/ERR_GATEWAY_FAILURE", "/usr/share/squid-langpack/uk/ERR_ICAP_FAILURE", "/usr/share/squid-langpack/uk/ERR_INVALID_REQ", "/usr/share/squid-langpack/uk/ERR_INVALID_RESP", "/usr/share/squid-langpack/uk/ERR_INVALID_URL", "/usr/share/squid-langpack/uk/ERR_LIFETIME_EXP", "/usr/share/squid-langpack/uk/ERR_NO_RELAY", "/usr/share/squid-langpack/uk/ERR_ONLY_IF_CACHED_MISS", "/usr/share/squid-langpack/uk/ERR_PRECONDITION_FAILED", "/usr/share/squid-langpack/uk/ERR_PROTOCOL_UNKNOWN", "/usr/share/squid-langpack/uk/ERR_READ_ERROR", "/usr/share/squid-langpack/uk/ERR_READ_TIMEOUT", "/usr/share/squid-langpack/uk/ERR_SECURE_CONNECT_FAIL", "/usr/share/squid-langpack/uk/ERR_SHUTTING_DOWN", "/usr/share/squid-langpack/uk/ERR_SOCKET_FAILURE", "/usr/share/squid-langpack/uk/ERR_TOO_BIG", "/usr/share/squid-langpack/uk/ERR_UNSUP_HTTPVERSION", "/usr/share/squid-langpack/uk/ERR_UNSUP_REQ", "/usr/share/squid-langpack/uk/ERR_URN_RESOLVE", "/usr/share/squid-langpack/uk/ERR_WRITE_ERROR", "/usr/share/squid-langpack/uk/ERR_ZERO_SIZE_OBJECT", "/usr/share/squid-langpack/uk/error-details.txt", "/usr/share/squid-langpack/uz/ERR_ACCESS_DENIED", "/usr/share/squid-langpack/uz/ERR_ACL_TIME_QUOTA_EXCEEDED", "/usr/share/squid-langpack/uz/ERR_AGENT_CONFIGURE", "/usr/share/squid-langpack/uz/ERR_AGENT_WPAD", "/usr/share/squid-langpack/uz/ERR_CACHE_ACCESS_DENIED", "/usr/share/squid-langpack/uz/ERR_CACHE_MGR_ACCESS_DENIED", "/usr/share/squid-langpack/uz/ERR_CANNOT_FORWARD", "/usr/share/squid-langpack/uz/ERR_CONFLICT_HOST", "/usr/share/squid-langpack/uz/ERR_CONNECT_FAIL", "/usr/share/squid-langpack/uz/ERR_DIR_LISTING", "/usr/share/squid-langpack/uz/ERR_DNS_FAIL", "/usr/share/squid-langpack/uz/ERR_ESI", "/usr/share/squid-langpack/uz/ERR_FORWARDING_DENIED", "/usr/share/squid-langpack/uz/ERR_FTP_DISABLED", "/usr/share/squid-langpack/uz/ERR_FTP_FAILURE", "/usr/share/squid-langpack/uz/ERR_FTP_FORBIDDEN", "/usr/share/squid-langpack/uz/ERR_FTP_NOT_FOUND", "/usr/share/squid-langpack/uz/ERR_FTP_PUT_CREATED", "/usr/share/squid-langpack/uz/ERR_FTP_PUT_ERROR", "/usr/share/squid-langpack/uz/ERR_FTP_PUT_MODIFIED", "/usr/share/squid-langpack/uz/ERR_FTP_UNAVAILABLE", "/usr/share/squid-langpack/uz/ERR_GATEWAY_FAILURE", "/usr/share/squid-langpack/uz/ERR_ICAP_FAILURE", "/usr/share/squid-langpack/uz/ERR_INVALID_REQ", "/usr/share/squid-langpack/uz/ERR_INVALID_RESP", "/usr/share/squid-langpack/uz/ERR_INVALID_URL", "/usr/share/squid-langpack/uz/ERR_LIFETIME_EXP", "/usr/share/squid-langpack/uz/ERR_NO_RELAY", "/usr/share/squid-langpack/uz/ERR_ONLY_IF_CACHED_MISS", "/usr/share/squid-langpack/uz/ERR_PRECONDITION_FAILED", "/usr/share/squid-langpack/uz/ERR_PROTOCOL_UNKNOWN", "/usr/share/squid-langpack/uz/ERR_READ_ERROR", "/usr/share/squid-langpack/uz/ERR_READ_TIMEOUT", "/usr/share/squid-langpack/uz/ERR_SECURE_CONNECT_FAIL", "/usr/share/squid-langpack/uz/ERR_SHUTTING_DOWN", "/usr/share/squid-langpack/uz/ERR_SOCKET_FAILURE", "/usr/share/squid-langpack/uz/ERR_TOO_BIG", "/usr/share/squid-langpack/uz/ERR_UNSUP_HTTPVERSION", "/usr/share/squid-langpack/uz/ERR_UNSUP_REQ", "/usr/share/squid-langpack/uz/ERR_URN_RESOLVE", "/usr/share/squid-langpack/uz/ERR_WRITE_ERROR", "/usr/share/squid-langpack/uz/ERR_ZERO_SIZE_OBJECT", "/usr/share/squid-langpack/uz/error-details.txt", "/usr/share/squid-langpack/vi/ERR_ACCESS_DENIED", "/usr/share/squid-langpack/vi/ERR_ACL_TIME_QUOTA_EXCEEDED", "/usr/share/squid-langpack/vi/ERR_AGENT_CONFIGURE", "/usr/share/squid-langpack/vi/ERR_AGENT_WPAD", "/usr/share/squid-langpack/vi/ERR_CACHE_ACCESS_DENIED", "/usr/share/squid-langpack/vi/ERR_CACHE_MGR_ACCESS_DENIED", "/usr/share/squid-langpack/vi/ERR_CANNOT_FORWARD", "/usr/share/squid-langpack/vi/ERR_CONFLICT_HOST", "/usr/share/squid-langpack/vi/ERR_CONNECT_FAIL", "/usr/share/squid-langpack/vi/ERR_DIR_LISTING", "/usr/share/squid-langpack/vi/ERR_DNS_FAIL", "/usr/share/squid-langpack/vi/ERR_ESI", "/usr/share/squid-langpack/vi/ERR_FORWARDING_DENIED", "/usr/share/squid-langpack/vi/ERR_FTP_DISABLED", "/usr/share/squid-langpack/vi/ERR_FTP_FAILURE", "/usr/share/squid-langpack/vi/ERR_FTP_FORBIDDEN", "/usr/share/squid-langpack/vi/ERR_FTP_NOT_FOUND", "/usr/share/squid-langpack/vi/ERR_FTP_PUT_CREATED", "/usr/share/squid-langpack/vi/ERR_FTP_PUT_ERROR", "/usr/share/squid-langpack/vi/ERR_FTP_PUT_MODIFIED", "/usr/share/squid-langpack/vi/ERR_FTP_UNAVAILABLE", "/usr/share/squid-langpack/vi/ERR_GATEWAY_FAILURE", "/usr/share/squid-langpack/vi/ERR_ICAP_FAILURE", "/usr/share/squid-langpack/vi/ERR_INVALID_REQ", "/usr/share/squid-langpack/vi/ERR_INVALID_RESP", "/usr/share/squid-langpack/vi/ERR_INVALID_URL", "/usr/share/squid-langpack/vi/ERR_LIFETIME_EXP", "/usr/share/squid-langpack/vi/ERR_NO_RELAY", "/usr/share/squid-langpack/vi/ERR_ONLY_IF_CACHED_MISS", "/usr/share/squid-langpack/vi/ERR_PRECONDITION_FAILED", "/usr/share/squid-langpack/vi/ERR_PROTOCOL_UNKNOWN", "/usr/share/squid-langpack/vi/ERR_READ_ERROR", "/usr/share/squid-langpack/vi/ERR_READ_TIMEOUT", "/usr/share/squid-langpack/vi/ERR_SECURE_CONNECT_FAIL", "/usr/share/squid-langpack/vi/ERR_SHUTTING_DOWN", "/usr/share/squid-langpack/vi/ERR_SOCKET_FAILURE", "/usr/share/squid-langpack/vi/ERR_TOO_BIG", "/usr/share/squid-langpack/vi/ERR_UNSUP_HTTPVERSION", "/usr/share/squid-langpack/vi/ERR_UNSUP_REQ", "/usr/share/squid-langpack/vi/ERR_URN_RESOLVE", "/usr/share/squid-langpack/vi/ERR_WRITE_ERROR", "/usr/share/squid-langpack/vi/ERR_ZERO_SIZE_OBJECT", "/usr/share/squid-langpack/vi/error-details.txt", "/usr/share/squid-langpack/zh-hans/ERR_ACCESS_DENIED", "/usr/share/squid-langpack/zh-hans/ERR_ACL_TIME_QUOTA_EXCEEDED", "/usr/share/squid-langpack/zh-hans/ERR_AGENT_CONFIGURE", "/usr/share/squid-langpack/zh-hans/ERR_AGENT_WPAD", "/usr/share/squid-langpack/zh-hans/ERR_CACHE_ACCESS_DENIED", "/usr/share/squid-langpack/zh-hans/ERR_CACHE_MGR_ACCESS_DENIED", "/usr/share/squid-langpack/zh-hans/ERR_CANNOT_FORWARD", "/usr/share/squid-langpack/zh-hans/ERR_CONFLICT_HOST", "/usr/share/squid-langpack/zh-hans/ERR_CONNECT_FAIL", "/usr/share/squid-langpack/zh-hans/ERR_DIR_LISTING", "/usr/share/squid-langpack/zh-hans/ERR_DNS_FAIL", "/usr/share/squid-langpack/zh-hans/ERR_ESI", "/usr/share/squid-langpack/zh-hans/ERR_FORWARDING_DENIED", "/usr/share/squid-langpack/zh-hans/ERR_FTP_DISABLED", "/usr/share/squid-langpack/zh-hans/ERR_FTP_FAILURE", "/usr/share/squid-langpack/zh-hans/ERR_FTP_FORBIDDEN", "/usr/share/squid-langpack/zh-hans/ERR_FTP_NOT_FOUND", "/usr/share/squid-langpack/zh-hans/ERR_FTP_PUT_CREATED", "/usr/share/squid-langpack/zh-hans/ERR_FTP_PUT_ERROR", "/usr/share/squid-langpack/zh-hans/ERR_FTP_PUT_MODIFIED", "/usr/share/squid-langpack/zh-hans/ERR_FTP_UNAVAILABLE", "/usr/share/squid-langpack/zh-hans/ERR_GATEWAY_FAILURE", "/usr/share/squid-langpack/zh-hans/ERR_ICAP_FAILURE", "/usr/share/squid-langpack/zh-hans/ERR_INVALID_REQ", "/usr/share/squid-langpack/zh-hans/ERR_INVALID_RESP", "/usr/share/squid-langpack/zh-hans/ERR_INVALID_URL", "/usr/share/squid-langpack/zh-hans/ERR_LIFETIME_EXP", "/usr/share/squid-langpack/zh-hans/ERR_NO_RELAY", "/usr/share/squid-langpack/zh-hans/ERR_ONLY_IF_CACHED_MISS", "/usr/share/squid-langpack/zh-hans/ERR_PRECONDITION_FAILED", "/usr/share/squid-langpack/zh-hans/ERR_PROTOCOL_UNKNOWN", "/usr/share/squid-langpack/zh-hans/ERR_READ_ERROR", "/usr/share/squid-langpack/zh-hans/ERR_READ_TIMEOUT", "/usr/share/squid-langpack/zh-hans/ERR_SECURE_CONNECT_FAIL", "/usr/share/squid-langpack/zh-hans/ERR_SHUTTING_DOWN", "/usr/share/squid-langpack/zh-hans/ERR_SOCKET_FAILURE", "/usr/share/squid-langpack/zh-hans/ERR_TOO_BIG", "/usr/share/squid-langpack/zh-hans/ERR_UNSUP_HTTPVERSION", "/usr/share/squid-langpack/zh-hans/ERR_UNSUP_REQ", "/usr/share/squid-langpack/zh-hans/ERR_URN_RESOLVE", "/usr/share/squid-langpack/zh-hans/ERR_WRITE_ERROR", "/usr/share/squid-langpack/zh-hans/ERR_ZERO_SIZE_OBJECT", "/usr/share/squid-langpack/zh-hans/error-details.txt", "/usr/share/squid-langpack/zh-hant/ERR_ACCESS_DENIED", "/usr/share/squid-langpack/zh-hant/ERR_ACL_TIME_QUOTA_EXCEEDED", "/usr/share/squid-langpack/zh-hant/ERR_AGENT_CONFIGURE", "/usr/share/squid-langpack/zh-hant/ERR_AGENT_WPAD", "/usr/share/squid-langpack/zh-hant/ERR_CACHE_ACCESS_DENIED", "/usr/share/squid-langpack/zh-hant/ERR_CACHE_MGR_ACCESS_DENIED", "/usr/share/squid-langpack/zh-hant/ERR_CANNOT_FORWARD", "/usr/share/squid-langpack/zh-hant/ERR_CONFLICT_HOST", "/usr/share/squid-langpack/zh-hant/ERR_CONNECT_FAIL", "/usr/share/squid-langpack/zh-hant/ERR_DIR_LISTING", "/usr/share/squid-langpack/zh-hant/ERR_DNS_FAIL", "/usr/share/squid-langpack/zh-hant/ERR_ESI", "/usr/share/squid-langpack/zh-hant/ERR_FORWARDING_DENIED", "/usr/share/squid-langpack/zh-hant/ERR_FTP_DISABLED", "/usr/share/squid-langpack/zh-hant/ERR_FTP_FAILURE", "/usr/share/squid-langpack/zh-hant/ERR_FTP_FORBIDDEN", "/usr/share/squid-langpack/zh-hant/ERR_FTP_NOT_FOUND", "/usr/share/squid-langpack/zh-hant/ERR_FTP_PUT_CREATED", "/usr/share/squid-langpack/zh-hant/ERR_FTP_PUT_ERROR", "/usr/share/squid-langpack/zh-hant/ERR_FTP_PUT_MODIFIED", "/usr/share/squid-langpack/zh-hant/ERR_FTP_UNAVAILABLE", "/usr/share/squid-langpack/zh-hant/ERR_GATEWAY_FAILURE", "/usr/share/squid-langpack/zh-hant/ERR_ICAP_FAILURE", "/usr/share/squid-langpack/zh-hant/ERR_INVALID_REQ", "/usr/share/squid-langpack/zh-hant/ERR_INVALID_RESP", "/usr/share/squid-langpack/zh-hant/ERR_INVALID_URL", "/usr/share/squid-langpack/zh-hant/ERR_LIFETIME_EXP", "/usr/share/squid-langpack/zh-hant/ERR_NO_RELAY", "/usr/share/squid-langpack/zh-hant/ERR_ONLY_IF_CACHED_MISS", "/usr/share/squid-langpack/zh-hant/ERR_PRECONDITION_FAILED", "/usr/share/squid-langpack/zh-hant/ERR_PROTOCOL_UNKNOWN", "/usr/share/squid-langpack/zh-hant/ERR_READ_ERROR", "/usr/share/squid-langpack/zh-hant/ERR_READ_TIMEOUT", "/usr/share/squid-langpack/zh-hant/ERR_SECURE_CONNECT_FAIL", "/usr/share/squid-langpack/zh-hant/ERR_SHUTTING_DOWN", "/usr/share/squid-langpack/zh-hant/ERR_SOCKET_FAILURE", "/usr/share/squid-langpack/zh-hant/ERR_TOO_BIG", "/usr/share/squid-langpack/zh-hant/ERR_UNSUP_HTTPVERSION", "/usr/share/squid-langpack/zh-hant/ERR_UNSUP_REQ", "/usr/share/squid-langpack/zh-hant/ERR_URN_RESOLVE", "/usr/share/squid-langpack/zh-hant/ERR_WRITE_ERROR", "/usr/share/squid-langpack/zh-hant/ERR_ZERO_SIZE_OBJECT", "/usr/share/squid-langpack/zh-hant/error-details.txt" ], "AnalyzedBy": "dpkg" }, { "ID": "ssl-cert@1.1.2ubuntu1", "Name": "ssl-cert", "Identifier": { "PURL": "pkg:deb/ubuntu/ssl-cert@1.1.2ubuntu1?arch=all\u0026distro=ubuntu-23.10", "UID": "4824ac50bab9f39c" }, "Version": "1.1.2ubuntu1", "Arch": "all", "SrcName": "ssl-cert", "SrcVersion": "1.1.2ubuntu1", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "adduser@3.137ubuntu1", "debconf@1.5.82", "openssl@3.0.10-1ubuntu2.3" ], "Layer": { "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" }, "InstalledFiles": [ "/lib/systemd/system/ssl-cert.service", "/usr/sbin/make-ssl-cert", "/usr/share/doc/ssl-cert/README", "/usr/share/doc/ssl-cert/changelog.gz", "/usr/share/doc/ssl-cert/copyright", "/usr/share/lintian/overrides/ssl-cert", "/usr/share/man/man8/make-ssl-cert.8.gz", "/usr/share/ssl-cert/ssleay.cnf" ], "AnalyzedBy": "dpkg" }, { "ID": "sysvinit-utils@3.07-1ubuntu1", "Name": "sysvinit-utils", "Identifier": { "PURL": "pkg:deb/ubuntu/sysvinit-utils@3.07-1ubuntu1?arch=amd64\u0026distro=ubuntu-23.10", "UID": "402f4bbfc9e12f38" }, "Version": "3.07", "Release": "1ubuntu1", "Arch": "amd64", "SrcName": "sysvinit", "SrcVersion": "3.07", "SrcRelease": "1ubuntu1", "Licenses": [ "GPL-2.0-or-later", "GPL-3.0-only", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/lib/init/init-d-script", "/lib/init/vars.sh", "/lib/lsb/init-functions", "/lib/lsb/init-functions.d/00-verbose", "/lib/lsb/init-functions.d/50-ubuntu-logging", "/sbin/fstab-decode", "/sbin/killall5", "/usr/share/doc/sysvinit-utils/changelog.Debian.gz", "/usr/share/doc/sysvinit-utils/copyright", "/usr/share/man/man5/init-d-script.5.gz", "/usr/share/man/man8/fstab-decode.8.gz", "/usr/share/man/man8/killall5.8.gz", "/usr/share/man/man8/pidof.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "tar@1.34+dfsg-1.2ubuntu1.1", "Name": "tar", "Identifier": { "PURL": "pkg:deb/ubuntu/tar@1.34%2Bdfsg-1.2ubuntu1.1?arch=amd64\u0026distro=ubuntu-23.10", "UID": "2b20e625deefbe93" }, "Version": "1.34+dfsg", "Release": "1.2ubuntu1.1", "Arch": "amd64", "SrcName": "tar", "SrcVersion": "1.34+dfsg", "SrcRelease": "1.2ubuntu1.1", "Licenses": [ "GPL-3.0-or-later", "GPL-3.0-only", "GPL-3+ with Bison exception", "LGPL-3.0-or-later", "LGPL-3.0-only", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/bin/tar", "/usr/lib/mime/packages/tar", "/usr/sbin/rmt-tar", "/usr/sbin/tarcat", "/usr/share/doc/tar/AUTHORS", "/usr/share/doc/tar/NEWS.gz", "/usr/share/doc/tar/README.Debian", "/usr/share/doc/tar/THANKS.gz", "/usr/share/doc/tar/changelog.Debian.gz", "/usr/share/doc/tar/copyright", "/usr/share/man/man1/tar.1.gz", "/usr/share/man/man1/tarcat.1.gz", "/usr/share/man/man8/rmt-tar.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "tzdata@2024a-0ubuntu0.23.10", "Name": "tzdata", "Identifier": { "PURL": "pkg:deb/ubuntu/tzdata@2024a-0ubuntu0.23.10?arch=all\u0026distro=ubuntu-23.10", "UID": "60d79e9200dc59d5" }, "Version": "2024a", "Release": "0ubuntu0.23.10", "Arch": "all", "SrcName": "tzdata", "SrcVersion": "2024a", "SrcRelease": "0ubuntu0.23.10", "Licenses": [ "public-domain", "ICU" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debconf@1.5.82" ], "Layer": { "Digest": "sha256:66b713ba4e9d10b196accc9bee4b51b245dd7af0571bf09cbf59775e91a72aa2", "DiffID": "sha256:d8418a38dbbd538e325dd3bad7392c196a8ccfc32e8f8f2bc76aff418ead6207" }, "InstalledFiles": [ "/usr/share/doc/tzdata/NEWS.gz", "/usr/share/doc/tzdata/README.Debian", "/usr/share/doc/tzdata/changelog.Debian.gz", "/usr/share/doc/tzdata/copyright", "/usr/share/lintian/overrides/tzdata", "/usr/share/zoneinfo/Africa/Abidjan", "/usr/share/zoneinfo/Africa/Accra", "/usr/share/zoneinfo/Africa/Addis_Ababa", "/usr/share/zoneinfo/Africa/Algiers", "/usr/share/zoneinfo/Africa/Asmara", "/usr/share/zoneinfo/Africa/Bamako", "/usr/share/zoneinfo/Africa/Bangui", "/usr/share/zoneinfo/Africa/Banjul", "/usr/share/zoneinfo/Africa/Bissau", "/usr/share/zoneinfo/Africa/Blantyre", "/usr/share/zoneinfo/Africa/Brazzaville", "/usr/share/zoneinfo/Africa/Bujumbura", "/usr/share/zoneinfo/Africa/Cairo", "/usr/share/zoneinfo/Africa/Casablanca", "/usr/share/zoneinfo/Africa/Ceuta", "/usr/share/zoneinfo/Africa/Conakry", "/usr/share/zoneinfo/Africa/Dakar", "/usr/share/zoneinfo/Africa/Dar_es_Salaam", "/usr/share/zoneinfo/Africa/Djibouti", "/usr/share/zoneinfo/Africa/Douala", "/usr/share/zoneinfo/Africa/El_Aaiun", "/usr/share/zoneinfo/Africa/Freetown", "/usr/share/zoneinfo/Africa/Gaborone", "/usr/share/zoneinfo/Africa/Harare", "/usr/share/zoneinfo/Africa/Johannesburg", "/usr/share/zoneinfo/Africa/Juba", "/usr/share/zoneinfo/Africa/Kampala", "/usr/share/zoneinfo/Africa/Khartoum", "/usr/share/zoneinfo/Africa/Kigali", "/usr/share/zoneinfo/Africa/Kinshasa", "/usr/share/zoneinfo/Africa/Lagos", "/usr/share/zoneinfo/Africa/Libreville", "/usr/share/zoneinfo/Africa/Lome", "/usr/share/zoneinfo/Africa/Luanda", "/usr/share/zoneinfo/Africa/Lubumbashi", "/usr/share/zoneinfo/Africa/Lusaka", "/usr/share/zoneinfo/Africa/Malabo", "/usr/share/zoneinfo/Africa/Maputo", "/usr/share/zoneinfo/Africa/Maseru", "/usr/share/zoneinfo/Africa/Mbabane", "/usr/share/zoneinfo/Africa/Mogadishu", "/usr/share/zoneinfo/Africa/Monrovia", "/usr/share/zoneinfo/Africa/Nairobi", "/usr/share/zoneinfo/Africa/Ndjamena", "/usr/share/zoneinfo/Africa/Niamey", "/usr/share/zoneinfo/Africa/Nouakchott", "/usr/share/zoneinfo/Africa/Ouagadougou", "/usr/share/zoneinfo/Africa/Porto-Novo", "/usr/share/zoneinfo/Africa/Sao_Tome", "/usr/share/zoneinfo/Africa/Tripoli", "/usr/share/zoneinfo/Africa/Tunis", "/usr/share/zoneinfo/Africa/Windhoek", "/usr/share/zoneinfo/America/Adak", "/usr/share/zoneinfo/America/Anchorage", "/usr/share/zoneinfo/America/Anguilla", "/usr/share/zoneinfo/America/Antigua", "/usr/share/zoneinfo/America/Araguaina", "/usr/share/zoneinfo/America/Argentina/Buenos_Aires", "/usr/share/zoneinfo/America/Argentina/Catamarca", "/usr/share/zoneinfo/America/Argentina/Cordoba", "/usr/share/zoneinfo/America/Argentina/Jujuy", "/usr/share/zoneinfo/America/Argentina/La_Rioja", "/usr/share/zoneinfo/America/Argentina/Mendoza", "/usr/share/zoneinfo/America/Argentina/Rio_Gallegos", "/usr/share/zoneinfo/America/Argentina/Salta", "/usr/share/zoneinfo/America/Argentina/San_Juan", "/usr/share/zoneinfo/America/Argentina/San_Luis", "/usr/share/zoneinfo/America/Argentina/Tucuman", "/usr/share/zoneinfo/America/Argentina/Ushuaia", "/usr/share/zoneinfo/America/Aruba", "/usr/share/zoneinfo/America/Asuncion", "/usr/share/zoneinfo/America/Atikokan", "/usr/share/zoneinfo/America/Bahia", "/usr/share/zoneinfo/America/Bahia_Banderas", "/usr/share/zoneinfo/America/Barbados", "/usr/share/zoneinfo/America/Belem", "/usr/share/zoneinfo/America/Belize", "/usr/share/zoneinfo/America/Blanc-Sablon", "/usr/share/zoneinfo/America/Boa_Vista", "/usr/share/zoneinfo/America/Bogota", "/usr/share/zoneinfo/America/Boise", "/usr/share/zoneinfo/America/Cambridge_Bay", "/usr/share/zoneinfo/America/Campo_Grande", "/usr/share/zoneinfo/America/Cancun", "/usr/share/zoneinfo/America/Caracas", "/usr/share/zoneinfo/America/Cayenne", "/usr/share/zoneinfo/America/Cayman", "/usr/share/zoneinfo/America/Chicago", "/usr/share/zoneinfo/America/Chihuahua", "/usr/share/zoneinfo/America/Ciudad_Juarez", "/usr/share/zoneinfo/America/Costa_Rica", "/usr/share/zoneinfo/America/Creston", "/usr/share/zoneinfo/America/Cuiaba", "/usr/share/zoneinfo/America/Curacao", "/usr/share/zoneinfo/America/Danmarkshavn", "/usr/share/zoneinfo/America/Dawson", "/usr/share/zoneinfo/America/Dawson_Creek", "/usr/share/zoneinfo/America/Denver", "/usr/share/zoneinfo/America/Detroit", "/usr/share/zoneinfo/America/Dominica", "/usr/share/zoneinfo/America/Edmonton", "/usr/share/zoneinfo/America/Eirunepe", "/usr/share/zoneinfo/America/El_Salvador", "/usr/share/zoneinfo/America/Fort_Nelson", "/usr/share/zoneinfo/America/Fortaleza", "/usr/share/zoneinfo/America/Glace_Bay", "/usr/share/zoneinfo/America/Goose_Bay", "/usr/share/zoneinfo/America/Grand_Turk", "/usr/share/zoneinfo/America/Grenada", "/usr/share/zoneinfo/America/Guadeloupe", "/usr/share/zoneinfo/America/Guatemala", "/usr/share/zoneinfo/America/Guayaquil", "/usr/share/zoneinfo/America/Guyana", "/usr/share/zoneinfo/America/Halifax", "/usr/share/zoneinfo/America/Havana", "/usr/share/zoneinfo/America/Hermosillo", "/usr/share/zoneinfo/America/Indiana/Indianapolis", "/usr/share/zoneinfo/America/Indiana/Knox", "/usr/share/zoneinfo/America/Indiana/Marengo", "/usr/share/zoneinfo/America/Indiana/Petersburg", "/usr/share/zoneinfo/America/Indiana/Tell_City", "/usr/share/zoneinfo/America/Indiana/Vevay", "/usr/share/zoneinfo/America/Indiana/Vincennes", "/usr/share/zoneinfo/America/Indiana/Winamac", "/usr/share/zoneinfo/America/Inuvik", "/usr/share/zoneinfo/America/Iqaluit", "/usr/share/zoneinfo/America/Jamaica", "/usr/share/zoneinfo/America/Juneau", "/usr/share/zoneinfo/America/Kentucky/Louisville", "/usr/share/zoneinfo/America/Kentucky/Monticello", "/usr/share/zoneinfo/America/La_Paz", "/usr/share/zoneinfo/America/Lima", "/usr/share/zoneinfo/America/Los_Angeles", "/usr/share/zoneinfo/America/Maceio", "/usr/share/zoneinfo/America/Managua", "/usr/share/zoneinfo/America/Manaus", "/usr/share/zoneinfo/America/Martinique", "/usr/share/zoneinfo/America/Matamoros", "/usr/share/zoneinfo/America/Mazatlan", "/usr/share/zoneinfo/America/Menominee", "/usr/share/zoneinfo/America/Merida", "/usr/share/zoneinfo/America/Metlakatla", "/usr/share/zoneinfo/America/Mexico_City", "/usr/share/zoneinfo/America/Miquelon", "/usr/share/zoneinfo/America/Moncton", "/usr/share/zoneinfo/America/Monterrey", "/usr/share/zoneinfo/America/Montevideo", "/usr/share/zoneinfo/America/Montserrat", "/usr/share/zoneinfo/America/Nassau", "/usr/share/zoneinfo/America/New_York", "/usr/share/zoneinfo/America/Nome", "/usr/share/zoneinfo/America/Noronha", "/usr/share/zoneinfo/America/North_Dakota/Beulah", "/usr/share/zoneinfo/America/North_Dakota/Center", "/usr/share/zoneinfo/America/North_Dakota/New_Salem", "/usr/share/zoneinfo/America/Nuuk", "/usr/share/zoneinfo/America/Ojinaga", "/usr/share/zoneinfo/America/Panama", "/usr/share/zoneinfo/America/Paramaribo", "/usr/share/zoneinfo/America/Phoenix", "/usr/share/zoneinfo/America/Port-au-Prince", "/usr/share/zoneinfo/America/Port_of_Spain", "/usr/share/zoneinfo/America/Porto_Velho", "/usr/share/zoneinfo/America/Puerto_Rico", "/usr/share/zoneinfo/America/Punta_Arenas", "/usr/share/zoneinfo/America/Rankin_Inlet", "/usr/share/zoneinfo/America/Recife", "/usr/share/zoneinfo/America/Regina", "/usr/share/zoneinfo/America/Resolute", "/usr/share/zoneinfo/America/Rio_Branco", "/usr/share/zoneinfo/America/Santarem", "/usr/share/zoneinfo/America/Santiago", "/usr/share/zoneinfo/America/Santo_Domingo", "/usr/share/zoneinfo/America/Sao_Paulo", "/usr/share/zoneinfo/America/Scoresbysund", "/usr/share/zoneinfo/America/Sitka", "/usr/share/zoneinfo/America/St_Johns", "/usr/share/zoneinfo/America/St_Kitts", "/usr/share/zoneinfo/America/St_Lucia", "/usr/share/zoneinfo/America/St_Thomas", "/usr/share/zoneinfo/America/St_Vincent", "/usr/share/zoneinfo/America/Swift_Current", "/usr/share/zoneinfo/America/Tegucigalpa", "/usr/share/zoneinfo/America/Thule", "/usr/share/zoneinfo/America/Tijuana", "/usr/share/zoneinfo/America/Toronto", "/usr/share/zoneinfo/America/Tortola", "/usr/share/zoneinfo/America/Vancouver", "/usr/share/zoneinfo/America/Whitehorse", "/usr/share/zoneinfo/America/Winnipeg", "/usr/share/zoneinfo/America/Yakutat", "/usr/share/zoneinfo/Antarctica/Casey", "/usr/share/zoneinfo/Antarctica/Davis", "/usr/share/zoneinfo/Antarctica/DumontDUrville", "/usr/share/zoneinfo/Antarctica/Macquarie", "/usr/share/zoneinfo/Antarctica/Mawson", "/usr/share/zoneinfo/Antarctica/McMurdo", "/usr/share/zoneinfo/Antarctica/Palmer", "/usr/share/zoneinfo/Antarctica/Rothera", "/usr/share/zoneinfo/Antarctica/Syowa", "/usr/share/zoneinfo/Antarctica/Troll", "/usr/share/zoneinfo/Antarctica/Vostok", "/usr/share/zoneinfo/Asia/Aden", "/usr/share/zoneinfo/Asia/Almaty", "/usr/share/zoneinfo/Asia/Amman", "/usr/share/zoneinfo/Asia/Anadyr", "/usr/share/zoneinfo/Asia/Aqtau", "/usr/share/zoneinfo/Asia/Aqtobe", "/usr/share/zoneinfo/Asia/Ashgabat", "/usr/share/zoneinfo/Asia/Atyrau", "/usr/share/zoneinfo/Asia/Baghdad", "/usr/share/zoneinfo/Asia/Bahrain", "/usr/share/zoneinfo/Asia/Baku", "/usr/share/zoneinfo/Asia/Bangkok", "/usr/share/zoneinfo/Asia/Barnaul", "/usr/share/zoneinfo/Asia/Beirut", "/usr/share/zoneinfo/Asia/Bishkek", "/usr/share/zoneinfo/Asia/Brunei", "/usr/share/zoneinfo/Asia/Chita", "/usr/share/zoneinfo/Asia/Choibalsan", "/usr/share/zoneinfo/Asia/Colombo", "/usr/share/zoneinfo/Asia/Damascus", "/usr/share/zoneinfo/Asia/Dhaka", "/usr/share/zoneinfo/Asia/Dili", "/usr/share/zoneinfo/Asia/Dubai", "/usr/share/zoneinfo/Asia/Dushanbe", "/usr/share/zoneinfo/Asia/Famagusta", "/usr/share/zoneinfo/Asia/Gaza", "/usr/share/zoneinfo/Asia/Hebron", "/usr/share/zoneinfo/Asia/Ho_Chi_Minh", "/usr/share/zoneinfo/Asia/Hong_Kong", "/usr/share/zoneinfo/Asia/Hovd", "/usr/share/zoneinfo/Asia/Irkutsk", "/usr/share/zoneinfo/Asia/Jakarta", "/usr/share/zoneinfo/Asia/Jayapura", "/usr/share/zoneinfo/Asia/Jerusalem", "/usr/share/zoneinfo/Asia/Kabul", "/usr/share/zoneinfo/Asia/Kamchatka", "/usr/share/zoneinfo/Asia/Karachi", "/usr/share/zoneinfo/Asia/Kathmandu", "/usr/share/zoneinfo/Asia/Khandyga", "/usr/share/zoneinfo/Asia/Kolkata", "/usr/share/zoneinfo/Asia/Krasnoyarsk", "/usr/share/zoneinfo/Asia/Kuala_Lumpur", "/usr/share/zoneinfo/Asia/Kuching", "/usr/share/zoneinfo/Asia/Kuwait", "/usr/share/zoneinfo/Asia/Macau", "/usr/share/zoneinfo/Asia/Magadan", "/usr/share/zoneinfo/Asia/Makassar", "/usr/share/zoneinfo/Asia/Manila", "/usr/share/zoneinfo/Asia/Muscat", "/usr/share/zoneinfo/Asia/Nicosia", "/usr/share/zoneinfo/Asia/Novokuznetsk", "/usr/share/zoneinfo/Asia/Novosibirsk", "/usr/share/zoneinfo/Asia/Omsk", "/usr/share/zoneinfo/Asia/Oral", "/usr/share/zoneinfo/Asia/Phnom_Penh", "/usr/share/zoneinfo/Asia/Pontianak", "/usr/share/zoneinfo/Asia/Pyongyang", "/usr/share/zoneinfo/Asia/Qatar", "/usr/share/zoneinfo/Asia/Qostanay", "/usr/share/zoneinfo/Asia/Qyzylorda", "/usr/share/zoneinfo/Asia/Riyadh", "/usr/share/zoneinfo/Asia/Sakhalin", "/usr/share/zoneinfo/Asia/Samarkand", "/usr/share/zoneinfo/Asia/Seoul", "/usr/share/zoneinfo/Asia/Shanghai", "/usr/share/zoneinfo/Asia/Singapore", "/usr/share/zoneinfo/Asia/Srednekolymsk", "/usr/share/zoneinfo/Asia/Taipei", "/usr/share/zoneinfo/Asia/Tashkent", "/usr/share/zoneinfo/Asia/Tbilisi", "/usr/share/zoneinfo/Asia/Tehran", "/usr/share/zoneinfo/Asia/Thimphu", "/usr/share/zoneinfo/Asia/Tokyo", "/usr/share/zoneinfo/Asia/Tomsk", "/usr/share/zoneinfo/Asia/Ulaanbaatar", "/usr/share/zoneinfo/Asia/Urumqi", "/usr/share/zoneinfo/Asia/Ust-Nera", "/usr/share/zoneinfo/Asia/Vientiane", "/usr/share/zoneinfo/Asia/Vladivostok", "/usr/share/zoneinfo/Asia/Yakutsk", "/usr/share/zoneinfo/Asia/Yangon", "/usr/share/zoneinfo/Asia/Yekaterinburg", "/usr/share/zoneinfo/Asia/Yerevan", "/usr/share/zoneinfo/Atlantic/Azores", "/usr/share/zoneinfo/Atlantic/Bermuda", "/usr/share/zoneinfo/Atlantic/Canary", "/usr/share/zoneinfo/Atlantic/Cape_Verde", "/usr/share/zoneinfo/Atlantic/Faroe", "/usr/share/zoneinfo/Atlantic/Madeira", "/usr/share/zoneinfo/Atlantic/Reykjavik", "/usr/share/zoneinfo/Atlantic/South_Georgia", "/usr/share/zoneinfo/Atlantic/St_Helena", "/usr/share/zoneinfo/Atlantic/Stanley", "/usr/share/zoneinfo/Australia/Adelaide", "/usr/share/zoneinfo/Australia/Brisbane", "/usr/share/zoneinfo/Australia/Broken_Hill", "/usr/share/zoneinfo/Australia/Darwin", "/usr/share/zoneinfo/Australia/Eucla", "/usr/share/zoneinfo/Australia/Hobart", "/usr/share/zoneinfo/Australia/Lindeman", "/usr/share/zoneinfo/Australia/Lord_Howe", "/usr/share/zoneinfo/Australia/Melbourne", "/usr/share/zoneinfo/Australia/Perth", "/usr/share/zoneinfo/Australia/Sydney", "/usr/share/zoneinfo/CET", "/usr/share/zoneinfo/CST6CDT", "/usr/share/zoneinfo/EET", "/usr/share/zoneinfo/EST", "/usr/share/zoneinfo/EST5EDT", "/usr/share/zoneinfo/Etc/GMT", "/usr/share/zoneinfo/Etc/GMT+1", "/usr/share/zoneinfo/Etc/GMT+10", "/usr/share/zoneinfo/Etc/GMT+11", "/usr/share/zoneinfo/Etc/GMT+12", "/usr/share/zoneinfo/Etc/GMT+2", "/usr/share/zoneinfo/Etc/GMT+3", "/usr/share/zoneinfo/Etc/GMT+4", "/usr/share/zoneinfo/Etc/GMT+5", "/usr/share/zoneinfo/Etc/GMT+6", "/usr/share/zoneinfo/Etc/GMT+7", "/usr/share/zoneinfo/Etc/GMT+8", "/usr/share/zoneinfo/Etc/GMT+9", "/usr/share/zoneinfo/Etc/GMT-1", "/usr/share/zoneinfo/Etc/GMT-10", "/usr/share/zoneinfo/Etc/GMT-11", "/usr/share/zoneinfo/Etc/GMT-12", "/usr/share/zoneinfo/Etc/GMT-13", "/usr/share/zoneinfo/Etc/GMT-14", "/usr/share/zoneinfo/Etc/GMT-2", "/usr/share/zoneinfo/Etc/GMT-3", "/usr/share/zoneinfo/Etc/GMT-4", "/usr/share/zoneinfo/Etc/GMT-5", "/usr/share/zoneinfo/Etc/GMT-6", "/usr/share/zoneinfo/Etc/GMT-7", "/usr/share/zoneinfo/Etc/GMT-8", "/usr/share/zoneinfo/Etc/GMT-9", "/usr/share/zoneinfo/Etc/UTC", "/usr/share/zoneinfo/Europe/Amsterdam", "/usr/share/zoneinfo/Europe/Andorra", "/usr/share/zoneinfo/Europe/Astrakhan", "/usr/share/zoneinfo/Europe/Athens", "/usr/share/zoneinfo/Europe/Belgrade", "/usr/share/zoneinfo/Europe/Berlin", "/usr/share/zoneinfo/Europe/Brussels", "/usr/share/zoneinfo/Europe/Bucharest", "/usr/share/zoneinfo/Europe/Budapest", "/usr/share/zoneinfo/Europe/Chisinau", "/usr/share/zoneinfo/Europe/Copenhagen", "/usr/share/zoneinfo/Europe/Dublin", "/usr/share/zoneinfo/Europe/Gibraltar", "/usr/share/zoneinfo/Europe/Guernsey", "/usr/share/zoneinfo/Europe/Helsinki", "/usr/share/zoneinfo/Europe/Isle_of_Man", "/usr/share/zoneinfo/Europe/Istanbul", "/usr/share/zoneinfo/Europe/Jersey", "/usr/share/zoneinfo/Europe/Kaliningrad", "/usr/share/zoneinfo/Europe/Kirov", "/usr/share/zoneinfo/Europe/Kyiv", "/usr/share/zoneinfo/Europe/Lisbon", "/usr/share/zoneinfo/Europe/Ljubljana", "/usr/share/zoneinfo/Europe/London", "/usr/share/zoneinfo/Europe/Luxembourg", "/usr/share/zoneinfo/Europe/Madrid", "/usr/share/zoneinfo/Europe/Malta", "/usr/share/zoneinfo/Europe/Minsk", "/usr/share/zoneinfo/Europe/Monaco", "/usr/share/zoneinfo/Europe/Moscow", "/usr/share/zoneinfo/Europe/Oslo", "/usr/share/zoneinfo/Europe/Paris", "/usr/share/zoneinfo/Europe/Prague", "/usr/share/zoneinfo/Europe/Riga", "/usr/share/zoneinfo/Europe/Rome", "/usr/share/zoneinfo/Europe/Samara", "/usr/share/zoneinfo/Europe/Sarajevo", "/usr/share/zoneinfo/Europe/Saratov", "/usr/share/zoneinfo/Europe/Simferopol", "/usr/share/zoneinfo/Europe/Skopje", "/usr/share/zoneinfo/Europe/Sofia", "/usr/share/zoneinfo/Europe/Stockholm", "/usr/share/zoneinfo/Europe/Tallinn", "/usr/share/zoneinfo/Europe/Tirane", "/usr/share/zoneinfo/Europe/Ulyanovsk", "/usr/share/zoneinfo/Europe/Vaduz", "/usr/share/zoneinfo/Europe/Vienna", "/usr/share/zoneinfo/Europe/Vilnius", "/usr/share/zoneinfo/Europe/Volgograd", "/usr/share/zoneinfo/Europe/Warsaw", "/usr/share/zoneinfo/Europe/Zagreb", "/usr/share/zoneinfo/Europe/Zurich", "/usr/share/zoneinfo/Factory", "/usr/share/zoneinfo/HST", "/usr/share/zoneinfo/Indian/Antananarivo", "/usr/share/zoneinfo/Indian/Chagos", "/usr/share/zoneinfo/Indian/Christmas", "/usr/share/zoneinfo/Indian/Cocos", "/usr/share/zoneinfo/Indian/Comoro", "/usr/share/zoneinfo/Indian/Kerguelen", "/usr/share/zoneinfo/Indian/Mahe", "/usr/share/zoneinfo/Indian/Maldives", "/usr/share/zoneinfo/Indian/Mauritius", "/usr/share/zoneinfo/Indian/Mayotte", "/usr/share/zoneinfo/Indian/Reunion", "/usr/share/zoneinfo/MET", "/usr/share/zoneinfo/MST", "/usr/share/zoneinfo/MST7MDT", "/usr/share/zoneinfo/PST8PDT", "/usr/share/zoneinfo/Pacific/Apia", "/usr/share/zoneinfo/Pacific/Auckland", "/usr/share/zoneinfo/Pacific/Bougainville", "/usr/share/zoneinfo/Pacific/Chatham", "/usr/share/zoneinfo/Pacific/Chuuk", "/usr/share/zoneinfo/Pacific/Easter", "/usr/share/zoneinfo/Pacific/Efate", "/usr/share/zoneinfo/Pacific/Fakaofo", "/usr/share/zoneinfo/Pacific/Fiji", "/usr/share/zoneinfo/Pacific/Funafuti", "/usr/share/zoneinfo/Pacific/Galapagos", "/usr/share/zoneinfo/Pacific/Gambier", "/usr/share/zoneinfo/Pacific/Guadalcanal", "/usr/share/zoneinfo/Pacific/Guam", "/usr/share/zoneinfo/Pacific/Honolulu", "/usr/share/zoneinfo/Pacific/Kanton", "/usr/share/zoneinfo/Pacific/Kiritimati", "/usr/share/zoneinfo/Pacific/Kosrae", "/usr/share/zoneinfo/Pacific/Kwajalein", "/usr/share/zoneinfo/Pacific/Majuro", "/usr/share/zoneinfo/Pacific/Marquesas", "/usr/share/zoneinfo/Pacific/Midway", "/usr/share/zoneinfo/Pacific/Nauru", "/usr/share/zoneinfo/Pacific/Niue", "/usr/share/zoneinfo/Pacific/Norfolk", "/usr/share/zoneinfo/Pacific/Noumea", "/usr/share/zoneinfo/Pacific/Pago_Pago", "/usr/share/zoneinfo/Pacific/Palau", "/usr/share/zoneinfo/Pacific/Pitcairn", "/usr/share/zoneinfo/Pacific/Pohnpei", "/usr/share/zoneinfo/Pacific/Port_Moresby", "/usr/share/zoneinfo/Pacific/Rarotonga", "/usr/share/zoneinfo/Pacific/Saipan", "/usr/share/zoneinfo/Pacific/Tahiti", "/usr/share/zoneinfo/Pacific/Tarawa", "/usr/share/zoneinfo/Pacific/Tongatapu", "/usr/share/zoneinfo/Pacific/Wake", "/usr/share/zoneinfo/Pacific/Wallis", "/usr/share/zoneinfo/WET", "/usr/share/zoneinfo/iso3166.tab", "/usr/share/zoneinfo/leap-seconds.list", "/usr/share/zoneinfo/leapseconds", "/usr/share/zoneinfo/tzdata.zi", "/usr/share/zoneinfo/zone.tab", "/usr/share/zoneinfo/zone1970.tab", "/usr/share/zoneinfo/zonenow.tab" ], "AnalyzedBy": "dpkg" }, { "ID": "ubuntu-keyring@2021.03.26", "Name": "ubuntu-keyring", "Identifier": { "PURL": "pkg:deb/ubuntu/ubuntu-keyring@2021.03.26?arch=all\u0026distro=ubuntu-23.10", "UID": "ed65333322cf716c" }, "Version": "2021.03.26", "Arch": "all", "SrcName": "ubuntu-keyring", "SrcVersion": "2021.03.26", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Dimitri John Ledkov \u003cdimitri.ledkov@canonical.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg", "/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg", "/usr/share/doc/ubuntu-keyring/changelog.gz", "/usr/share/doc/ubuntu-keyring/copyright", "/usr/share/keyrings/ubuntu-archive-keyring.gpg", "/usr/share/keyrings/ubuntu-archive-removed-keys.gpg", "/usr/share/keyrings/ubuntu-cloudimage-keyring.gpg", "/usr/share/keyrings/ubuntu-cloudimage-removed-keys.gpg", "/usr/share/keyrings/ubuntu-master-keyring.gpg" ], "AnalyzedBy": "dpkg" }, { "ID": "usrmerge@35ubuntu1", "Name": "usrmerge", "Identifier": { "PURL": "pkg:deb/ubuntu/usrmerge@35ubuntu1?arch=all\u0026distro=ubuntu-23.10", "UID": "f1f0ef19465d6c2c" }, "Version": "35ubuntu1", "Arch": "all", "SrcName": "usrmerge", "SrcVersion": "35ubuntu1", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "perl-base@5.36.0-9ubuntu1.1" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/usr/lib/usrmerge/convert-etc-shells", "/usr/lib/usrmerge/convert-usrmerge", "/usr/lib/usrmerge/lib/Fatal.pm", "/usr/lib/usrmerge/lib/File/Find.pm", "/usr/lib/usrmerge/lib/File/Find/Rule.pm", "/usr/lib/usrmerge/lib/Number/Compare.pm", "/usr/lib/usrmerge/lib/Text/Glob.pm", "/usr/lib/usrmerge/lib/Tie/RefHash.pm", "/usr/lib/usrmerge/lib/autodie.pm", "/usr/lib/usrmerge/lib/autodie/Scope/Guard.pm", "/usr/lib/usrmerge/lib/autodie/Scope/GuardStack.pm", "/usr/lib/usrmerge/lib/autodie/Util.pm", "/usr/lib/usrmerge/lib/if.pm", "/usr/share/doc/usrmerge/README.Debian", "/usr/share/doc/usrmerge/changelog.gz", "/usr/share/doc/usrmerge/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "util-linux@2.39.1-4ubuntu2.2", "Name": "util-linux", "Identifier": { "PURL": "pkg:deb/ubuntu/util-linux@2.39.1-4ubuntu2.2?arch=amd64\u0026distro=ubuntu-23.10", "UID": "8bb52e05aa89d483" }, "Version": "2.39.1", "Release": "4ubuntu2.2", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.39.1", "SrcRelease": "4ubuntu2.2", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "public-domain", "BSD-4-Clause", "MIT", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "LGPL-2.1-or-later", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/bin/dmesg", "/bin/findmnt", "/bin/lsblk", "/bin/more", "/bin/mountpoint", "/bin/su", "/bin/wdctl", "/lib/systemd/system/fstrim.service", "/lib/systemd/system/fstrim.timer", "/sbin/agetty", "/sbin/blkdiscard", "/sbin/blkid", "/sbin/blkzone", "/sbin/blockdev", "/sbin/chcpu", "/sbin/ctrlaltdel", "/sbin/findfs", "/sbin/fsck", "/sbin/fsck.cramfs", "/sbin/fsck.minix", "/sbin/fsfreeze", "/sbin/fstrim", "/sbin/isosize", "/sbin/mkfs", "/sbin/mkfs.bfs", "/sbin/mkfs.cramfs", "/sbin/mkfs.minix", "/sbin/mkswap", "/sbin/pivot_root", "/sbin/runuser", "/sbin/sulogin", "/sbin/swaplabel", "/sbin/switch_root", "/sbin/wipefs", "/sbin/zramctl", "/usr/bin/addpart", "/usr/bin/choom", "/usr/bin/chrt", "/usr/bin/delpart", "/usr/bin/fallocate", "/usr/bin/flock", "/usr/bin/getopt", "/usr/bin/hardlink", "/usr/bin/ionice", "/usr/bin/ipcmk", "/usr/bin/ipcrm", "/usr/bin/ipcs", "/usr/bin/last", "/usr/bin/lscpu", "/usr/bin/lsipc", "/usr/bin/lslocks", "/usr/bin/lslogins", "/usr/bin/lsmem", "/usr/bin/lsns", "/usr/bin/mcookie", "/usr/bin/mesg", "/usr/bin/namei", "/usr/bin/nsenter", "/usr/bin/partx", "/usr/bin/prlimit", "/usr/bin/rename.ul", "/usr/bin/resizepart", "/usr/bin/rev", "/usr/bin/setarch", "/usr/bin/setpriv", "/usr/bin/setsid", "/usr/bin/setterm", "/usr/bin/taskset", "/usr/bin/uclampset", "/usr/bin/unshare", "/usr/bin/utmpdump", "/usr/bin/whereis", "/usr/lib/mime/packages/util-linux", "/usr/sbin/chmem", "/usr/sbin/ldattach", "/usr/sbin/readprofile", "/usr/sbin/rtcwake", "/usr/share/bash-completion/completions/addpart", "/usr/share/bash-completion/completions/blkdiscard", "/usr/share/bash-completion/completions/blkid", "/usr/share/bash-completion/completions/blkzone", "/usr/share/bash-completion/completions/blockdev", "/usr/share/bash-completion/completions/chcpu", "/usr/share/bash-completion/completions/chmem", "/usr/share/bash-completion/completions/chrt", "/usr/share/bash-completion/completions/ctrlaltdel", "/usr/share/bash-completion/completions/delpart", "/usr/share/bash-completion/completions/dmesg", "/usr/share/bash-completion/completions/fallocate", "/usr/share/bash-completion/completions/findfs", "/usr/share/bash-completion/completions/findmnt", "/usr/share/bash-completion/completions/flock", "/usr/share/bash-completion/completions/fsck", "/usr/share/bash-completion/completions/fsck.cramfs", "/usr/share/bash-completion/completions/fsck.minix", "/usr/share/bash-completion/completions/fsfreeze", "/usr/share/bash-completion/completions/fstrim", "/usr/share/bash-completion/completions/getopt", "/usr/share/bash-completion/completions/hardlink", "/usr/share/bash-completion/completions/ionice", "/usr/share/bash-completion/completions/ipcmk", "/usr/share/bash-completion/completions/ipcrm", "/usr/share/bash-completion/completions/ipcs", "/usr/share/bash-completion/completions/isosize", "/usr/share/bash-completion/completions/last", "/usr/share/bash-completion/completions/ldattach", "/usr/share/bash-completion/completions/lsblk", "/usr/share/bash-completion/completions/lscpu", "/usr/share/bash-completion/completions/lsipc", "/usr/share/bash-completion/completions/lslocks", "/usr/share/bash-completion/completions/lslogins", "/usr/share/bash-completion/completions/lsmem", "/usr/share/bash-completion/completions/lsns", "/usr/share/bash-completion/completions/mcookie", "/usr/share/bash-completion/completions/mesg", "/usr/share/bash-completion/completions/mkfs", "/usr/share/bash-completion/completions/mkfs.bfs", "/usr/share/bash-completion/completions/mkfs.cramfs", "/usr/share/bash-completion/completions/mkfs.minix", "/usr/share/bash-completion/completions/mkswap", "/usr/share/bash-completion/completions/more", "/usr/share/bash-completion/completions/mountpoint", "/usr/share/bash-completion/completions/namei", "/usr/share/bash-completion/completions/nsenter", "/usr/share/bash-completion/completions/partx", "/usr/share/bash-completion/completions/pivot_root", "/usr/share/bash-completion/completions/prlimit", "/usr/share/bash-completion/completions/readprofile", "/usr/share/bash-completion/completions/resizepart", "/usr/share/bash-completion/completions/rev", "/usr/share/bash-completion/completions/rtcwake", "/usr/share/bash-completion/completions/setarch", "/usr/share/bash-completion/completions/setpriv", "/usr/share/bash-completion/completions/setsid", "/usr/share/bash-completion/completions/setterm", "/usr/share/bash-completion/completions/su", "/usr/share/bash-completion/completions/swaplabel", "/usr/share/bash-completion/completions/taskset", "/usr/share/bash-completion/completions/uclampset", "/usr/share/bash-completion/completions/unshare", "/usr/share/bash-completion/completions/utmpdump", "/usr/share/bash-completion/completions/wdctl", "/usr/share/bash-completion/completions/whereis", "/usr/share/bash-completion/completions/wipefs", "/usr/share/bash-completion/completions/zramctl", "/usr/share/doc/util-linux/00-about-docs.txt", "/usr/share/doc/util-linux/AUTHORS.gz", "/usr/share/doc/util-linux/PAM-configuration.txt", "/usr/share/doc/util-linux/README.Debian", "/usr/share/doc/util-linux/blkid.txt", "/usr/share/doc/util-linux/cal.txt", "/usr/share/doc/util-linux/col.txt", "/usr/share/doc/util-linux/copyright", "/usr/share/doc/util-linux/deprecated.txt", "/usr/share/doc/util-linux/examples/getopt-example.bash", "/usr/share/doc/util-linux/examples/getopt-example.tcsh", "/usr/share/doc/util-linux/getopt.txt", "/usr/share/doc/util-linux/getopt_changelog.txt", "/usr/share/doc/util-linux/howto-build-sys.txt", "/usr/share/doc/util-linux/howto-compilation.txt", "/usr/share/doc/util-linux/howto-contribute.txt.gz", "/usr/share/doc/util-linux/howto-debug.txt", "/usr/share/doc/util-linux/howto-man-page.txt", "/usr/share/doc/util-linux/howto-pull-request.txt.gz", "/usr/share/doc/util-linux/howto-tests.txt", "/usr/share/doc/util-linux/howto-usage-function.txt.gz", "/usr/share/doc/util-linux/hwclock.txt", "/usr/share/doc/util-linux/modems-with-agetty.txt", "/usr/share/doc/util-linux/mount.txt", "/usr/share/doc/util-linux/parse-date.txt.gz", "/usr/share/doc/util-linux/pg.txt", "/usr/share/doc/util-linux/poeigl.txt.gz", "/usr/share/doc/util-linux/release-schedule.txt", "/usr/share/doc/util-linux/releases/v2.13-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.14-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.15-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.16-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.17-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.18-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.19-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.20-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.21-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.22-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.23-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.24-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.25-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.26-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.27-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.28-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.29-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.30-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.31-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.32-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.33-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.34-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.35-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.36-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.37-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.38-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.39-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.39.1-ReleaseNotes.gz", "/usr/share/lintian/overrides/util-linux", "/usr/share/man/man1/choom.1.gz", "/usr/share/man/man1/chrt.1.gz", "/usr/share/man/man1/dmesg.1.gz", "/usr/share/man/man1/fallocate.1.gz", "/usr/share/man/man1/flock.1.gz", "/usr/share/man/man1/getopt.1.gz", "/usr/share/man/man1/hardlink.1.gz", "/usr/share/man/man1/ionice.1.gz", "/usr/share/man/man1/ipcmk.1.gz", "/usr/share/man/man1/ipcrm.1.gz", "/usr/share/man/man1/ipcs.1.gz", "/usr/share/man/man1/last.1.gz", "/usr/share/man/man1/lscpu.1.gz", "/usr/share/man/man1/lsipc.1.gz", "/usr/share/man/man1/lslogins.1.gz", "/usr/share/man/man1/lsmem.1.gz", "/usr/share/man/man1/mcookie.1.gz", "/usr/share/man/man1/mesg.1.gz", "/usr/share/man/man1/more.1.gz", "/usr/share/man/man1/mountpoint.1.gz", "/usr/share/man/man1/namei.1.gz", "/usr/share/man/man1/nsenter.1.gz", "/usr/share/man/man1/prlimit.1.gz", "/usr/share/man/man1/rename.ul.1.gz", "/usr/share/man/man1/rev.1.gz", "/usr/share/man/man1/runuser.1.gz", "/usr/share/man/man1/setpriv.1.gz", "/usr/share/man/man1/setsid.1.gz", "/usr/share/man/man1/setterm.1.gz", "/usr/share/man/man1/su.1.gz", "/usr/share/man/man1/taskset.1.gz", "/usr/share/man/man1/uclampset.1.gz", "/usr/share/man/man1/unshare.1.gz", "/usr/share/man/man1/utmpdump.1.gz", "/usr/share/man/man1/whereis.1.gz", "/usr/share/man/man5/adjtime_config.5.gz", "/usr/share/man/man5/terminal-colors.d.5.gz", "/usr/share/man/man8/addpart.8.gz", "/usr/share/man/man8/agetty.8.gz", "/usr/share/man/man8/blkdiscard.8.gz", "/usr/share/man/man8/blkid.8.gz", "/usr/share/man/man8/blkzone.8.gz", "/usr/share/man/man8/blockdev.8.gz", "/usr/share/man/man8/chcpu.8.gz", "/usr/share/man/man8/chmem.8.gz", "/usr/share/man/man8/ctrlaltdel.8.gz", "/usr/share/man/man8/delpart.8.gz", "/usr/share/man/man8/findfs.8.gz", "/usr/share/man/man8/findmnt.8.gz", "/usr/share/man/man8/fsck.8.gz", "/usr/share/man/man8/fsck.cramfs.8.gz", "/usr/share/man/man8/fsck.minix.8.gz", "/usr/share/man/man8/fsfreeze.8.gz", "/usr/share/man/man8/fstrim.8.gz", "/usr/share/man/man8/isosize.8.gz", "/usr/share/man/man8/ldattach.8.gz", "/usr/share/man/man8/lsblk.8.gz", "/usr/share/man/man8/lslocks.8.gz", "/usr/share/man/man8/lsns.8.gz", "/usr/share/man/man8/mkfs.8.gz", "/usr/share/man/man8/mkfs.bfs.8.gz", "/usr/share/man/man8/mkfs.cramfs.8.gz", "/usr/share/man/man8/mkfs.minix.8.gz", "/usr/share/man/man8/mkswap.8.gz", "/usr/share/man/man8/partx.8.gz", "/usr/share/man/man8/pivot_root.8.gz", "/usr/share/man/man8/readprofile.8.gz", "/usr/share/man/man8/resizepart.8.gz", "/usr/share/man/man8/rtcwake.8.gz", "/usr/share/man/man8/setarch.8.gz", "/usr/share/man/man8/sulogin.8.gz", "/usr/share/man/man8/swaplabel.8.gz", "/usr/share/man/man8/switch_root.8.gz", "/usr/share/man/man8/wdctl.8.gz", "/usr/share/man/man8/wipefs.8.gz", "/usr/share/man/man8/zramctl.8.gz", "/usr/share/util-linux/logcheck/ignore.d.server/util-linux" ], "AnalyzedBy": "dpkg" }, { "ID": "zlib1g@1:1.2.13.dfsg-1ubuntu5", "Name": "zlib1g", "Identifier": { "PURL": "pkg:deb/ubuntu/zlib1g@1.2.13.dfsg-1ubuntu5?arch=amd64\u0026distro=ubuntu-23.10\u0026epoch=1", "UID": "27b0bae609ffe633" }, "Version": "1.2.13.dfsg", "Release": "1ubuntu5", "Epoch": 1, "Arch": "amd64", "SrcName": "zlib", "SrcVersion": "1.2.13.dfsg", "SrcRelease": "1ubuntu5", "SrcEpoch": 1, "Licenses": [ "Zlib" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.38-1ubuntu6.3" ], "Layer": { "Digest": "sha256:82a9cfdb090284aac6ba15a818641f663c93d90c2629e909ade29c0caff6cf47", "DiffID": "sha256:97f383acf79d194e4b447b5c631e3abc4470c56fa29ed3bb37730a727c70662c" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libz.so.1.2.13", "/usr/share/doc/zlib1g/changelog.Debian.gz", "/usr/share/doc/zlib1g/copyright" ], "AnalyzedBy": "dpkg" } ] } ] }, { "Namespace": "mail", "Kind": "Deployment", "Name": "dovecot", "Metadata": [ { "Size": 167236608, "OS": { "Family": "debian", "Name": "13.4" }, "ImageID": "sha256:a3bb47681871d3bdd14dc31e6b134410199c1b29ee02b022706bab8d926a9ef9", "DiffIDs": [ "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99", "sha256:e87034ddc3d44965bdc6c6fc008e810a9e0c611f47fa98617f8b4c0e04715a8d", "sha256:638fbed063a686d6d4713769f7b9998f245700f3e04e1f22f5b0d881ec63ba39", "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac", "sha256:7dd813e9fcbc6b1f64ff6f7f0e77b395e6c1c5fee872452952c0d6f7a25b693c", "sha256:f037e73b55e93f127e127f79dfb71b5916b8006b2f708eda5ca5137806600e1f", "sha256:b8a6a2cb5ab9503fb00186b035ab1c08cdd3a47fdf85c4d035d86e0d4eeaf600", "sha256:2fcf2b98475c2c7b51ed7a6ddce91e12f3f5f39054a795906bd003bf15eec0e4", "sha256:abeeeea2bec24edc166ef52da37a169d5008932180c2e6f7d198e015e6ff3a6d", "sha256:68d47cccb7f5793b88ffee6060ec2d83caef1a40d37686c61b8d02f90326f2e7", "sha256:aa5f46fdedef8cd4e7c8dfdfca3b8352b558436782032a2ef958c1087d235bf8", "sha256:8e4a2e57441bdbbcffae2aa3f79541e1b7464dd2fc7da1fd52b0b053e09bdf08", "sha256:c3b33899724cc4679ba456aa71a8a94add23330d16c3d627b8b9e7661523b6bf", "sha256:8d6e3163d361c31eff1e44e1ebe279f24def10d77c0862af1348c48bb0ecaf80" ], "RepoTags": [ "dovecot/dovecot:latest" ], "RepoDigests": [ "dovecot/dovecot@sha256:8da979a284cfea75af416ae710b7310b075f84736db5d1f31390e2dbdd41cd3e" ], "Reference": "dovecot/dovecot:latest", "ImageConfig": { "architecture": "amd64", "created": "2026-05-12T19:37:52.861338678Z", "history": [ { "created": "2026-05-05T00:00:00Z", "created_by": "# debian.sh --arch 'amd64' out/ 'trixie' '@1777939200'", "comment": "debuerreotype 0.17" }, { "created": "2026-05-12T19:37:26.834036894Z", "created_by": "LABEL org.opencontainers.image.authors=dovecot@dovecot.org", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-12T19:37:26.834036894Z", "created_by": "ENV container=docker LC_ALL=C.UTF-8 TZ=UTC PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/dovecot/bin:/dovecot/sbin", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-12T19:37:26.834036894Z", "created_by": "ENV DEBIAN_FRONTEND=noninteractive", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-12T19:37:26.834036894Z", "created_by": "ARG VMAIL_UID=1000", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-12T19:37:26.834036894Z", "created_by": "ARG VMAIL_GID=1000", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-12T19:37:26.834036894Z", "created_by": "ARG CONFIG_VERSION=1.0.0", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-12T19:37:26.834036894Z", "created_by": "COPY /dovecot /dovecot # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-05-12T19:37:26.938817835Z", "created_by": "ADD config/1.0.0/dovecot-lib.conf /etc/ld.so.conf.d/dovecot-lib.conf # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-05-12T19:37:34.683526256Z", "created_by": "RUN |3 VMAIL_UID=1000 VMAIL_GID=1000 CONFIG_VERSION=1.0.0 /bin/sh -c apt-get -y update \u0026\u0026 apt-get -y install --no-install-recommends tini pkg-config ssl-cert ucf libldap2 libldap-common openssl libsodium23 libbz2-1.0 libcrypt1 libexttextcat-2.0-0 libexttextcat-data liblua5.3-0 libpam-runtime libpam-modules-bin libpam-modules libpam0g lua-json lua-lpeg lua-posix liblz4-1 liblzma5 libssl3 libstemmer0d libtirpc3 libunwind8 libwrap0 libzstd1 zlib1g libgssapi-krb5-2 libkrb5-3 libxapian30 libmariadb3 libpq5 libexpat1 libsqlite3-0 libicu76 libcap2 libcap2-bin libsasl2-2 libsasl2-modules libpcre2-32-0 netcat-traditional ca-certificates \u0026\u0026 rm -rf /etc/dovecot \u0026\u0026 rm -rf /var/lib/apt/lists \u0026\u0026 groupadd -g $VMAIL_GID vmail \u0026\u0026 useradd -u $VMAIL_UID -g vmail -G ssl-cert -d /nonexistent -s /bin/sh vmail \u0026\u0026 passwd -l vmail \u0026\u0026 mkdir -p /run \u0026\u0026 chmod 1777 /run \u0026\u0026 mkdir /etc/dovecot \u0026\u0026 mkdir /etc/dovecot/vendor.d \u0026\u0026 mkdir /etc/dovecot/conf.d \u0026\u0026 mkdir /etc/dovecot/ssl \u0026\u0026 mkdir /srv/vmail -p \u0026\u0026 mkdir /var/lib/dovecot # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-05-12T19:37:34.70226157Z", "created_by": "ADD config/1.0.0/auth.conf /etc/dovecot/conf.d/auth.conf # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-05-12T19:37:34.709685745Z", "created_by": "ADD config/1.0.0/ssl.conf /etc/dovecot/conf.d/ssl.conf # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-05-12T19:37:34.716891961Z", "created_by": "ADD config/1.0.0/fts.conf /etc/dovecot/conf.d/fts.conf # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-05-12T19:37:34.724067Z", "created_by": "ADD config/1.0.0/mail.conf /etc/dovecot/conf.d/mail.conf # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-05-12T19:37:34.731010688Z", "created_by": "ADD config/1.0.0/metrics.conf /etc/dovecot/conf.d/metrics.conf # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-05-12T19:37:34.738139978Z", "created_by": "ADD config/1.0.0/mail_log.conf /etc/dovecot/conf.d/mail_log.conf # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-05-12T19:37:34.744527344Z", "created_by": "ADD config/1.0.0/dovecot.conf /etc/dovecot/dovecot.conf # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-05-12T19:37:48.491773566Z", "created_by": "USER root", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-12T19:37:48.491773566Z", "created_by": "LABEL org.opencontainers.image.authors=dovecot@dovecot.org", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-12T19:37:48.491773566Z", "created_by": "ENV container=docker LC_ALL=C.UTF-8 TZ=UTC PATH=/bin/sbin:/usr/bin:/usr/sbin:/dovecot/bin:/dovecot/sbin", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-12T19:37:48.491773566Z", "created_by": "ENV DEBIAN_FRONTEND=noninteractive", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-12T19:37:48.491773566Z", "created_by": "ARG CONFIG_VERSION=1.0.0", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-12T19:37:48.491773566Z", "created_by": "RUN |1 CONFIG_VERSION=1.0.0 /bin/sh -c chown vmail:vmail /var/lib/dovecot \u0026\u0026 chown vmail:vmail /srv/vmail \u0026\u0026 chmod 0770 /var/lib/dovecot \u0026\u0026 chmod 0700 /srv/vmail \u0026\u0026 make-ssl-cert generate-default-snakeoil \u0026\u0026 ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/dovecot/ssl/tls.crt \u0026\u0026 ln -s /etc/ssl/private/ssl-cert-snakeoil.key /etc/dovecot/ssl/tls.key \u0026\u0026 chown root:vmail /etc/dovecot/ssl/tls.key \u0026\u0026 chmod 0440 /etc/dovecot/ssl/tls.key \u0026\u0026 setcap cap_sys_chroot+ep /dovecot/libexec/dovecot/script-login \u0026\u0026 setcap cap_sys_chroot+ep /dovecot/libexec/dovecot/imap-urlauth-login \u0026\u0026 setcap cap_sys_chroot+ep /dovecot/libexec/dovecot/submission-login \u0026\u0026 setcap cap_sys_chroot+ep /dovecot/libexec/dovecot/managesieve-login \u0026\u0026 setcap cap_sys_chroot+ep /dovecot/libexec/dovecot/pop3-login \u0026\u0026 setcap cap_sys_chroot+ep /dovecot/libexec/dovecot/imap-login \u0026\u0026 setcap cap_sys_chroot+ep /dovecot/libexec/dovecot/lmtp \u0026\u0026 setcap cap_sys_chroot+ep /dovecot/libexec/dovecot/anvil \u0026\u0026 setcap cap_sys_chroot+ep /dovecot/libexec/dovecot/managesieve-login # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-05-12T19:37:48.500842582Z", "created_by": "ADD config/1.0.0/rootless.conf /etc/dovecot/vendor.d/rootless.conf # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-05-12T19:37:48.500842582Z", "created_by": "EXPOSE [31024/tcp]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-12T19:37:48.500842582Z", "created_by": "EXPOSE [31110/tcp]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-12T19:37:48.500842582Z", "created_by": "EXPOSE [31143/tcp]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-12T19:37:48.500842582Z", "created_by": "EXPOSE [31587/tcp]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-12T19:37:48.500842582Z", "created_by": "EXPOSE [31993/tcp]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-12T19:37:48.500842582Z", "created_by": "EXPOSE [31995/tcp]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-12T19:37:48.500842582Z", "created_by": "EXPOSE [34190/tcp]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-12T19:37:48.500842582Z", "created_by": "EXPOSE [8080/tcp]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-12T19:37:48.500842582Z", "created_by": "EXPOSE [9090/tcp]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-12T19:37:48.500842582Z", "created_by": "USER vmail", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-12T19:37:48.500842582Z", "created_by": "VOLUME [/srv/vmail]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-12T19:37:48.500842582Z", "created_by": "ENTRYPOINT [\"/usr/bin/tini\" \"--\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-12T19:37:48.500842582Z", "created_by": "CMD [\"/dovecot/sbin/dovecot\" \"-F\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-12T19:37:52.861338678Z", "created_by": "LABEL org.opencontainers.image.authors=dovecot@dovecot.org", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-12T19:37:52.861338678Z", "created_by": "ENV container=docker LC_ALL=C.UTF-8 TZ=UTC PATH=/bin/sbin:/usr/bin:/usr/sbin:/dovecot/bin:/dovecot/sbin:/dovecot/bin:/dovecot/sbin", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-12T19:37:52.861338678Z", "created_by": "ENV DEBIAN_FRONTEND=noninteractive", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-12T19:37:52.861338678Z", "created_by": "ARG CONFIG_VERSION=1.0.0", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-12T19:37:52.861338678Z", "created_by": "USER root", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-12T19:37:52.861338678Z", "created_by": "RUN |1 CONFIG_VERSION=1.0.0 /bin/sh -c apt remove --allow-remove-essential -yq bash pkg-config util-linux procps sensible-utils perl-base ncurses-bin gzip sed libcap2-bin \u0026\u0026 ln -srf /bin/true /usr/share/debconf/frontend \u0026\u0026 dpkg --remove --ignore-depends=dpkg --ignore-depends=base-files --force-remove-essential tar mawk \u0026\u0026 ln -srf /bin/true /bin/tar \u0026\u0026 dpkg --remove --force-remove-essential --force-depends apt sqv dpkg diffutils findutils init-system-helpers sysvinit-utils coreutils mount grep debian-utils libc-bin # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-05-12T19:37:52.861338678Z", "created_by": "EXPOSE [31024/tcp]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-12T19:37:52.861338678Z", "created_by": "EXPOSE [31110/tcp]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-12T19:37:52.861338678Z", "created_by": "EXPOSE [31143/tcp]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-12T19:37:52.861338678Z", "created_by": "EXPOSE [31587/tcp]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-12T19:37:52.861338678Z", "created_by": "EXPOSE [31993/tcp]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-12T19:37:52.861338678Z", "created_by": "EXPOSE [31995/tcp]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-12T19:37:52.861338678Z", "created_by": "EXPOSE [34190/tcp]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-12T19:37:52.861338678Z", "created_by": "EXPOSE [8080/tcp]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-12T19:37:52.861338678Z", "created_by": "EXPOSE [9090/tcp]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-12T19:37:52.861338678Z", "created_by": "USER vmail", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-12T19:37:52.861338678Z", "created_by": "VOLUME [/srv/vmail]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-12T19:37:52.861338678Z", "created_by": "ENTRYPOINT [\"/usr/bin/tini\" \"--\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-12T19:37:52.861338678Z", "created_by": "CMD [\"/dovecot/sbin/dovecot\" \"-F\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true } ], "os": "linux", "rootfs": { "type": "layers", "diff_ids": [ "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99", "sha256:e87034ddc3d44965bdc6c6fc008e810a9e0c611f47fa98617f8b4c0e04715a8d", "sha256:638fbed063a686d6d4713769f7b9998f245700f3e04e1f22f5b0d881ec63ba39", "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac", "sha256:7dd813e9fcbc6b1f64ff6f7f0e77b395e6c1c5fee872452952c0d6f7a25b693c", "sha256:f037e73b55e93f127e127f79dfb71b5916b8006b2f708eda5ca5137806600e1f", "sha256:b8a6a2cb5ab9503fb00186b035ab1c08cdd3a47fdf85c4d035d86e0d4eeaf600", "sha256:2fcf2b98475c2c7b51ed7a6ddce91e12f3f5f39054a795906bd003bf15eec0e4", "sha256:abeeeea2bec24edc166ef52da37a169d5008932180c2e6f7d198e015e6ff3a6d", "sha256:68d47cccb7f5793b88ffee6060ec2d83caef1a40d37686c61b8d02f90326f2e7", "sha256:aa5f46fdedef8cd4e7c8dfdfca3b8352b558436782032a2ef958c1087d235bf8", "sha256:8e4a2e57441bdbbcffae2aa3f79541e1b7464dd2fc7da1fd52b0b053e09bdf08", "sha256:c3b33899724cc4679ba456aa71a8a94add23330d16c3d627b8b9e7661523b6bf", "sha256:8d6e3163d361c31eff1e44e1ebe279f24def10d77c0862af1348c48bb0ecaf80" ] }, "config": { "Cmd": [ "/dovecot/sbin/dovecot", "-F" ], "Entrypoint": [ "/usr/bin/tini", "--" ], "Env": [ "PATH=/bin/sbin:/usr/bin:/usr/sbin:/dovecot/bin:/dovecot/sbin:/dovecot/bin:/dovecot/sbin", "container=docker", "LC_ALL=C.UTF-8", "TZ=UTC", "DEBIAN_FRONTEND=noninteractive" ], "Labels": { "org.opencontainers.image.authors": "dovecot@dovecot.org", "org.opencontainers.image.description": "Dovecot IMAP server 2.4.4 running in confined mode", "org.opencontainers.image.licenses": "CC-BY-SA-4.0", "org.opencontainers.image.source": "https://github.com/dovecot/docker", "org.opencontainers.image.title": "Dovecot IMAP server 2.4.4" }, "User": "vmail", "Volumes": { "/srv/vmail": {} }, "ExposedPorts": { "31024/tcp": {}, "31110/tcp": {}, "31143/tcp": {}, "31587/tcp": {}, "31993/tcp": {}, "31995/tcp": {}, "34190/tcp": {}, "8080/tcp": {}, "9090/tcp": {} }, "ArgsEscaped": true } }, "Layers": [ { "Size": 81039360, "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, { "Size": 26336256, "Digest": "sha256:8a7ff124c3ca490282b28e94b95c5e180ae5cd11f1699b0c4793cf9349707cec", "DiffID": "sha256:e87034ddc3d44965bdc6c6fc008e810a9e0c611f47fa98617f8b4c0e04715a8d" }, { "Size": 3072, "Digest": "sha256:70d914bf585080909c35015e7cd0706746b578967788bd670994b46f453cbf41", "DiffID": "sha256:638fbed063a686d6d4713769f7b9998f245700f3e04e1f22f5b0d881ec63ba39" }, { "Size": 58836992, "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, { "Size": 3584, "Digest": "sha256:2e59565e4d3c17bd7fff07dfb2152195aaba50983f4a54405a272ecef17bca09", "DiffID": "sha256:7dd813e9fcbc6b1f64ff6f7f0e77b395e6c1c5fee872452952c0d6f7a25b693c" }, { "Size": 3584, "Digest": "sha256:a1685168e8f104f02f5d0bbf2089d9dfc7e12faacc84dfd83dcc359c0cc748ae", "DiffID": "sha256:f037e73b55e93f127e127f79dfb71b5916b8006b2f708eda5ca5137806600e1f" }, { "Size": 3584, "Digest": "sha256:8675a10f66d84812bc6e1b0fe0ccac9f78cb1d53af5c3a8c63c8215aea0cceb9", "DiffID": "sha256:b8a6a2cb5ab9503fb00186b035ab1c08cdd3a47fdf85c4d035d86e0d4eeaf600" }, { "Size": 3584, "Digest": "sha256:c32f35a41a1051482347c0b386af4d3fd5cc36a989b1ca5f6a7f02708da66cd0", "DiffID": "sha256:2fcf2b98475c2c7b51ed7a6ddce91e12f3f5f39054a795906bd003bf15eec0e4" }, { "Size": 4608, "Digest": "sha256:eebc3c0f00169719a9a4076187b7e7e0d8bdc1fe938a6d3c0f7ce3a909cf4393", "DiffID": "sha256:abeeeea2bec24edc166ef52da37a169d5008932180c2e6f7d198e015e6ff3a6d" }, { "Size": 3584, "Digest": "sha256:b67f5ff10161bfc9bc601a7e6c9b2101116f46d83094c0b5f3dac7f4e57a3ffb", "DiffID": "sha256:68d47cccb7f5793b88ffee6060ec2d83caef1a40d37686c61b8d02f90326f2e7" }, { "Size": 4096, "Digest": "sha256:86b3fa6b8fbb76e1f4968ada7f503cfb21942e51b30e03fb0351cc23db2510c2", "DiffID": "sha256:aa5f46fdedef8cd4e7c8dfdfca3b8352b558436782032a2ef958c1087d235bf8" }, { "Size": 420864, "Digest": "sha256:d09a871e9dff41cb59c599fff561601ce0bdeb9b4ce15775c34ff7e9851f3588", "DiffID": "sha256:8e4a2e57441bdbbcffae2aa3f79541e1b7464dd2fc7da1fd52b0b053e09bdf08" }, { "Size": 4096, "Digest": "sha256:ccd3dc1be4618670ee52c95afda829bfcfe9cb2f91d54e7b0572c6b0ea2f49b2", "DiffID": "sha256:c3b33899724cc4679ba456aa71a8a94add23330d16c3d627b8b9e7661523b6bf" }, { "Size": 569344, "Digest": "sha256:982d68d32045503d2066f7aa075a716c4b4b6fbe73bbc94cff530109280ef508", "DiffID": "sha256:8d6e3163d361c31eff1e44e1ebe279f24def10d77c0862af1348c48bb0ecaf80" } ] } ], "Results": [ { "Target": "dovecot/dovecot:latest (debian 13.4)", "Class": "os-pkgs", "Type": "debian", "Packages": [ { "ID": "adduser@3.152", "Name": "adduser", "Identifier": { "PURL": "pkg:deb/debian/adduser@3.152?arch=all\u0026distro=debian-13.4", "UID": "17a3839c9950603e" }, "Version": "3.152", "Arch": "all", "SrcName": "adduser", "SrcVersion": "3.152", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Debian Adduser Developers \u003cadduser@packages.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "passwd@1:4.17.4-2" ], "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "InstalledFiles": [ "/usr/sbin/adduser", "/usr/sbin/deluser", "/usr/share/doc/adduser/NEWS.Debian.gz", "/usr/share/doc/adduser/README.gz", "/usr/share/doc/adduser/TODO", "/usr/share/doc/adduser/changelog.gz", "/usr/share/doc/adduser/copyright", "/usr/share/doc/adduser/examples/INSTALL", "/usr/share/doc/adduser/examples/README", "/usr/share/doc/adduser/examples/adduser.conf", "/usr/share/doc/adduser/examples/adduser.local", "/usr/share/doc/adduser/examples/adduser.local.conf", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/bash.bashrc", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/profile", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel.other/index.html", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bash_logout", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bash_profile", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bashrc", "/usr/share/doc/adduser/examples/deluser.conf", "/usr/share/man/da/man5/deluser.conf.5.gz", "/usr/share/man/de/man5/adduser.conf.5.gz", "/usr/share/man/de/man5/deluser.conf.5.gz", "/usr/share/man/de/man8/adduser.8.gz", "/usr/share/man/de/man8/adduser.local.8.gz", "/usr/share/man/de/man8/deluser.8.gz", "/usr/share/man/es/man5/deluser.conf.5.gz", "/usr/share/man/fr/man5/adduser.conf.5.gz", "/usr/share/man/fr/man5/deluser.conf.5.gz", "/usr/share/man/fr/man8/adduser.8.gz", "/usr/share/man/fr/man8/deluser.8.gz", "/usr/share/man/it/man5/deluser.conf.5.gz", "/usr/share/man/man5/adduser.conf.5.gz", "/usr/share/man/man5/deluser.conf.5.gz", "/usr/share/man/man8/adduser.8.gz", "/usr/share/man/man8/adduser.local.8.gz", "/usr/share/man/man8/deluser.8.gz", "/usr/share/man/nl/man5/adduser.conf.5.gz", "/usr/share/man/nl/man5/deluser.conf.5.gz", "/usr/share/man/nl/man8/adduser.8.gz", "/usr/share/man/nl/man8/adduser.local.8.gz", "/usr/share/man/nl/man8/deluser.8.gz", "/usr/share/man/pl/man5/deluser.conf.5.gz", "/usr/share/man/pt/man5/adduser.conf.5.gz", "/usr/share/man/pt/man5/deluser.conf.5.gz", "/usr/share/man/pt/man8/adduser.8.gz", "/usr/share/man/pt/man8/adduser.local.8.gz", "/usr/share/man/pt/man8/deluser.8.gz", "/usr/share/man/ro/man5/adduser.conf.5.gz", "/usr/share/man/ro/man5/deluser.conf.5.gz", "/usr/share/man/ro/man8/adduser.8.gz", "/usr/share/man/ro/man8/adduser.local.8.gz", "/usr/share/man/ro/man8/deluser.8.gz", "/usr/share/man/ru/man5/deluser.conf.5.gz", "/usr/share/man/sv/man5/deluser.conf.5.gz", "/usr/share/perl5/Debian/AdduserCommon.pm", "/usr/share/perl5/Debian/AdduserLogging.pm", "/usr/share/perl5/Debian/AdduserRetvalues.pm" ], "AnalyzedBy": "dpkg" }, { "ID": "base-files@13.8+deb13u4", "Name": "base-files", "Identifier": { "PURL": "pkg:deb/debian/base-files@13.8%2Bdeb13u4?arch=amd64\u0026distro=debian-13.4", "UID": "ed2be89a1b54024a" }, "Version": "13.8+deb13u4", "Arch": "amd64", "SrcName": "base-files", "SrcVersion": "13.8+deb13u4", "Licenses": [ "GPL-2.0-or-later", "verbatim" ], "Maintainer": "Santiago Vila \u003csanvila@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/lib/os-release", "/usr/share/base-files/dot.bashrc", "/usr/share/base-files/dot.profile", "/usr/share/base-files/dot.profile.md5sums", "/usr/share/base-files/info.dir", "/usr/share/base-files/motd", "/usr/share/base-files/profile", "/usr/share/base-files/profile.md5sums", "/usr/share/base-files/staff-group-for-usr-local", "/usr/share/common-licenses/Apache-2.0", "/usr/share/common-licenses/Artistic", "/usr/share/common-licenses/BSD", "/usr/share/common-licenses/CC0-1.0", "/usr/share/common-licenses/GFDL-1.2", "/usr/share/common-licenses/GFDL-1.3", "/usr/share/common-licenses/GPL-1", "/usr/share/common-licenses/GPL-2", "/usr/share/common-licenses/GPL-3", "/usr/share/common-licenses/LGPL-2", "/usr/share/common-licenses/LGPL-2.1", "/usr/share/common-licenses/LGPL-3", "/usr/share/common-licenses/MPL-1.1", "/usr/share/common-licenses/MPL-2.0", "/usr/share/doc/base-files/NEWS.Debian.gz", "/usr/share/doc/base-files/README", "/usr/share/doc/base-files/README.FHS", "/usr/share/doc/base-files/changelog.gz", "/usr/share/doc/base-files/copyright", "/usr/share/lintian/overrides/base-files" ], "AnalyzedBy": "dpkg" }, { "ID": "base-passwd@3.6.7", "Name": "base-passwd", "Identifier": { "PURL": "pkg:deb/debian/base-passwd@3.6.7?arch=amd64\u0026distro=debian-13.4", "UID": "928e6d832cf7ebbd" }, "Version": "3.6.7", "Arch": "amd64", "SrcName": "base-passwd", "SrcVersion": "3.6.7", "Licenses": [ "GPL-2.0-only", "public-domain" ], "Maintainer": "Shadow package maintainers \u003cpkg-shadow-devel@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2", "libdebconfclient0@0.280", "libselinux1@3.8.1-1" ], "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/sbin/update-passwd", "/usr/share/base-passwd/group.master", "/usr/share/base-passwd/passwd.master", "/usr/share/doc-base/base-passwd.users-and-groups", "/usr/share/doc/base-passwd/README", "/usr/share/doc/base-passwd/changelog.gz", "/usr/share/doc/base-passwd/copyright", "/usr/share/doc/base-passwd/users-and-groups.html", "/usr/share/doc/base-passwd/users-and-groups.txt.gz", "/usr/share/lintian/overrides/base-passwd", "/usr/share/man/de/man8/update-passwd.8.gz", "/usr/share/man/es/man8/update-passwd.8.gz", "/usr/share/man/fr/man8/update-passwd.8.gz", "/usr/share/man/ja/man8/update-passwd.8.gz", "/usr/share/man/man8/update-passwd.8.gz", "/usr/share/man/pl/man8/update-passwd.8.gz", "/usr/share/man/ro/man8/update-passwd.8.gz", "/usr/share/man/ru/man8/update-passwd.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "bsdutils@1:2.41-5", "Name": "bsdutils", "Identifier": { "PURL": "pkg:deb/debian/bsdutils@2.41-5?arch=amd64\u0026distro=debian-13.4\u0026epoch=1", "UID": "5843733a461e6ce1" }, "Version": "2.41", "Release": "5", "Epoch": 1, "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/bin/logger", "/usr/bin/renice", "/usr/bin/script", "/usr/bin/scriptlive", "/usr/bin/scriptreplay", "/usr/bin/wall", "/usr/share/bash-completion/completions/logger", "/usr/share/bash-completion/completions/renice", "/usr/share/bash-completion/completions/script", "/usr/share/bash-completion/completions/scriptlive", "/usr/share/bash-completion/completions/scriptreplay", "/usr/share/bash-completion/completions/wall", "/usr/share/doc/bsdutils/NEWS.Debian.gz", "/usr/share/doc/bsdutils/changelog.Debian.gz", "/usr/share/doc/bsdutils/changelog.gz", "/usr/share/doc/bsdutils/copyright", "/usr/share/lintian/overrides/bsdutils", "/usr/share/man/man1/logger.1.gz", "/usr/share/man/man1/renice.1.gz", "/usr/share/man/man1/script.1.gz", "/usr/share/man/man1/scriptlive.1.gz", "/usr/share/man/man1/scriptreplay.1.gz", "/usr/share/man/man1/wall.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "ca-certificates@20250419", "Name": "ca-certificates", "Identifier": { "PURL": "pkg:deb/debian/ca-certificates@20250419?arch=all\u0026distro=debian-13.4", "UID": "7698a50965fda942" }, "Version": "20250419", "Arch": "all", "SrcName": "ca-certificates", "SrcVersion": "20250419", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "MPL-2.0" ], "Maintainer": "Julien Cristau \u003cjcristau@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debconf@1.5.91", "openssl@3.5.5-1~deb13u2" ], "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "InstalledFiles": [ "/usr/sbin/update-ca-certificates", "/usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt", "/usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt", "/usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt", "/usr/share/ca-certificates/mozilla/ANF_Secure_Server_Root_CA.crt", "/usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt", "/usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt", "/usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt", "/usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt", "/usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt", "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt", "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt", "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt", "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt", "/usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt", "/usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.crt", "/usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.crt", "/usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt", "/usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA1.crt", "/usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA2.crt", "/usr/share/ca-certificates/mozilla/Baltimore_CyberTrust_Root.crt", "/usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt", "/usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt", "/usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt", "/usr/share/ca-certificates/mozilla/CFCA_EV_ROOT.crt", "/usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/Certainly_Root_E1.crt", "/usr/share/ca-certificates/mozilla/Certainly_Root_R1.crt", "/usr/share/ca-certificates/mozilla/Certigna.crt", "/usr/share/ca-certificates/mozilla/Certigna_Root_CA.crt", "/usr/share/ca-certificates/mozilla/Certum_EC-384_CA.crt", "/usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt", "/usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt", "/usr/share/ca-certificates/mozilla/Certum_Trusted_Root_CA.crt", "/usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-01.crt", "/usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-02.crt", "/usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-01.crt", "/usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-02.crt", "/usr/share/ca-certificates/mozilla/Comodo_AAA_Services_root.crt", "/usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_1_2020.crt", "/usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_2_2023.crt", "/usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_1_2020.crt", "/usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_2_2023.crt", "/usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt", "/usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt", "/usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt", "/usr/share/ca-certificates/mozilla/DigiCert_TLS_ECC_P384_Root_G5.crt", "/usr/share/ca-certificates/mozilla/DigiCert_TLS_RSA4096_Root_G5.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt", "/usr/share/ca-certificates/mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt", "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt", "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt", "/usr/share/ca-certificates/mozilla/FIRMAPROFESIONAL_CA_ROOT-A_WEB.crt", "/usr/share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt", "/usr/share/ca-certificates/mozilla/GLOBALTRUST_2020.crt", "/usr/share/ca-certificates/mozilla/GTS_Root_R1.crt", "/usr/share/ca-certificates/mozilla/GTS_Root_R2.crt", "/usr/share/ca-certificates/mozilla/GTS_Root_R3.crt", "/usr/share/ca-certificates/mozilla/GTS_Root_R4.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_Root_E46.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_Root_R46.crt", "/usr/share/ca-certificates/mozilla/Go_Daddy_Class_2_CA.crt", "/usr/share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt", "/usr/share/ca-certificates/mozilla/HARICA_TLS_ECC_Root_CA_2021.crt", "/usr/share/ca-certificates/mozilla/HARICA_TLS_RSA_Root_CA_2021.crt", "/usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt", "/usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt", "/usr/share/ca-certificates/mozilla/HiPKI_Root_CA_-_G1.crt", "/usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt", "/usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt", "/usr/share/ca-certificates/mozilla/ISRG_Root_X2.crt", "/usr/share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt", "/usr/share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt", "/usr/share/ca-certificates/mozilla/Izenpe.com.crt", "/usr/share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt", "/usr/share/ca-certificates/mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt", "/usr/share/ca-certificates/mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt", "/usr/share/ca-certificates/mozilla/NAVER_Global_Root_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt", "/usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt", "/usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt", "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt", "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt", "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt", "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt", "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt", "/usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt", "/usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt", "/usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt", "/usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt", "/usr/share/ca-certificates/mozilla/SSL.com_TLS_ECC_Root_CA_2022.crt", "/usr/share/ca-certificates/mozilla/SSL.com_TLS_RSA_Root_CA_2022.crt", "/usr/share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt", "/usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_E46.crt", "/usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_R46.crt", "/usr/share/ca-certificates/mozilla/SecureSign_Root_CA12.crt", "/usr/share/ca-certificates/mozilla/SecureSign_Root_CA14.crt", "/usr/share/ca-certificates/mozilla/SecureSign_Root_CA15.crt", "/usr/share/ca-certificates/mozilla/SecureTrust_CA.crt", "/usr/share/ca-certificates/mozilla/Secure_Global_CA.crt", "/usr/share/ca-certificates/mozilla/Security_Communication_ECC_RootCA1.crt", "/usr/share/ca-certificates/mozilla/Security_Communication_RootCA2.crt", "/usr/share/ca-certificates/mozilla/Starfield_Class_2_CA.crt", "/usr/share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt", "/usr/share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt", "/usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt", "/usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt", "/usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt", "/usr/share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt", "/usr/share/ca-certificates/mozilla/TWCA_CYBER_Root_CA.crt", "/usr/share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt", "/usr/share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/Telekom_Security_TLS_ECC_Root_2020.crt", "/usr/share/ca-certificates/mozilla/Telekom_Security_TLS_RSA_Root_2023.crt", "/usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt", "/usr/share/ca-certificates/mozilla/Telia_Root_CA_v2.crt", "/usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G3.crt", "/usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G4.crt", "/usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/TunTrust_Root_CA.crt", "/usr/share/ca-certificates/mozilla/UCA_Extended_Validation_Root.crt", "/usr/share/ca-certificates/mozilla/UCA_Global_G2_Root.crt", "/usr/share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/XRamp_Global_CA_Root.crt", "/usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt", "/usr/share/ca-certificates/mozilla/certSIGN_Root_CA_G2.crt", "/usr/share/ca-certificates/mozilla/e-Szigno_Root_CA_2017.crt", "/usr/share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_C3.crt", "/usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_G3.crt", "/usr/share/ca-certificates/mozilla/emSign_Root_CA_-_C1.crt", "/usr/share/ca-certificates/mozilla/emSign_Root_CA_-_G1.crt", "/usr/share/ca-certificates/mozilla/vTrus_ECC_Root_CA.crt", "/usr/share/ca-certificates/mozilla/vTrus_Root_CA.crt", "/usr/share/doc/ca-certificates/README.Debian", "/usr/share/doc/ca-certificates/changelog.gz", "/usr/share/doc/ca-certificates/copyright", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/Makefile", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/README", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/ca-certificates-local.triggers", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/changelog", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/compat", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/control", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/copyright", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/postrm", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/rules", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/source/format", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/local/Local_Root_CA.crt", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/local/Makefile", "/usr/share/man/man8/update-ca-certificates.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "dash@0.5.12-12", "Name": "dash", "Identifier": { "PURL": "pkg:deb/debian/dash@0.5.12-12?arch=amd64\u0026distro=debian-13.4", "UID": "4990b2098a2a3724" }, "Version": "0.5.12", "Release": "12", "Arch": "amd64", "SrcName": "dash", "SrcVersion": "0.5.12", "SrcRelease": "12", "Licenses": [ "BSD-3-Clause", "public-domain", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Andrej Shadura \u003candrewsh@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debianutils@5.23.2" ], "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/bin/dash", "/usr/share/debianutils/shells.d/dash", "/usr/share/doc/dash/README.Debian.diet", "/usr/share/doc/dash/README.source", "/usr/share/doc/dash/changelog.Debian.gz", "/usr/share/doc/dash/changelog.gz", "/usr/share/doc/dash/copyright", "/usr/share/lintian/overrides/dash", "/usr/share/man/man1/dash.1.gz", "/usr/share/menu/dash" ], "AnalyzedBy": "dpkg" }, { "ID": "debconf@1.5.91", "Name": "debconf", "Identifier": { "PURL": "pkg:deb/debian/debconf@1.5.91?arch=all\u0026distro=debian-13.4", "UID": "f7c8b7ba83ed5cfe" }, "Version": "1.5.91", "Arch": "all", "SrcName": "debconf", "SrcVersion": "1.5.91", "Licenses": [ "BSD-2-Clause" ], "Maintainer": "Debconf Developers \u003cdebconf-devel@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/bin/debconf", "/usr/bin/debconf-apt-progress", "/usr/bin/debconf-communicate", "/usr/bin/debconf-copydb", "/usr/bin/debconf-escape", "/usr/bin/debconf-set-selections", "/usr/bin/debconf-show", "/usr/sbin/dpkg-preconfigure", "/usr/sbin/dpkg-reconfigure", "/usr/share/bash-completion/completions/debconf", "/usr/share/debconf/confmodule", "/usr/share/debconf/confmodule.sh", "/usr/share/debconf/debconf.conf", "/usr/share/debconf/fix_db.pl", "/usr/share/debconf/frontend", "/usr/share/doc/debconf/README.Debian", "/usr/share/doc/debconf/changelog.gz", "/usr/share/doc/debconf/copyright", "/usr/share/lintian/overrides/debconf", "/usr/share/man/man1/debconf-apt-progress.1.gz", "/usr/share/man/man1/debconf-communicate.1.gz", "/usr/share/man/man1/debconf-copydb.1.gz", "/usr/share/man/man1/debconf-escape.1.gz", "/usr/share/man/man1/debconf-set-selections.1.gz", "/usr/share/man/man1/debconf-show.1.gz", "/usr/share/man/man1/debconf.1.gz", "/usr/share/man/man8/dpkg-preconfigure.8.gz", "/usr/share/man/man8/dpkg-reconfigure.8.gz", "/usr/share/perl5/Debconf/AutoSelect.pm", "/usr/share/perl5/Debconf/Base.pm", "/usr/share/perl5/Debconf/Client/ConfModule.pm", "/usr/share/perl5/Debconf/ConfModule.pm", "/usr/share/perl5/Debconf/Config.pm", "/usr/share/perl5/Debconf/Db.pm", "/usr/share/perl5/Debconf/DbDriver.pm", "/usr/share/perl5/Debconf/DbDriver/Backup.pm", "/usr/share/perl5/Debconf/DbDriver/Cache.pm", "/usr/share/perl5/Debconf/DbDriver/Copy.pm", "/usr/share/perl5/Debconf/DbDriver/Debug.pm", "/usr/share/perl5/Debconf/DbDriver/DirTree.pm", "/usr/share/perl5/Debconf/DbDriver/Directory.pm", "/usr/share/perl5/Debconf/DbDriver/File.pm", "/usr/share/perl5/Debconf/DbDriver/LDAP.pm", "/usr/share/perl5/Debconf/DbDriver/PackageDir.pm", "/usr/share/perl5/Debconf/DbDriver/Pipe.pm", "/usr/share/perl5/Debconf/DbDriver/Stack.pm", "/usr/share/perl5/Debconf/Element.pm", "/usr/share/perl5/Debconf/Element/Dialog/Boolean.pm", "/usr/share/perl5/Debconf/Element/Dialog/Error.pm", "/usr/share/perl5/Debconf/Element/Dialog/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Dialog/Note.pm", "/usr/share/perl5/Debconf/Element/Dialog/Password.pm", "/usr/share/perl5/Debconf/Element/Dialog/Progress.pm", "/usr/share/perl5/Debconf/Element/Dialog/Select.pm", "/usr/share/perl5/Debconf/Element/Dialog/String.pm", "/usr/share/perl5/Debconf/Element/Dialog/Text.pm", "/usr/share/perl5/Debconf/Element/Editor/Boolean.pm", "/usr/share/perl5/Debconf/Element/Editor/Error.pm", "/usr/share/perl5/Debconf/Element/Editor/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Editor/Note.pm", "/usr/share/perl5/Debconf/Element/Editor/Password.pm", "/usr/share/perl5/Debconf/Element/Editor/Progress.pm", "/usr/share/perl5/Debconf/Element/Editor/Select.pm", "/usr/share/perl5/Debconf/Element/Editor/String.pm", "/usr/share/perl5/Debconf/Element/Editor/Text.pm", "/usr/share/perl5/Debconf/Element/Gnome.pm", "/usr/share/perl5/Debconf/Element/Gnome/Boolean.pm", "/usr/share/perl5/Debconf/Element/Gnome/Error.pm", "/usr/share/perl5/Debconf/Element/Gnome/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Gnome/Note.pm", "/usr/share/perl5/Debconf/Element/Gnome/Password.pm", "/usr/share/perl5/Debconf/Element/Gnome/Progress.pm", "/usr/share/perl5/Debconf/Element/Gnome/Select.pm", "/usr/share/perl5/Debconf/Element/Gnome/String.pm", "/usr/share/perl5/Debconf/Element/Gnome/Text.pm", "/usr/share/perl5/Debconf/Element/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Noninteractive.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Boolean.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Error.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Note.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Password.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Progress.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Select.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/String.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Text.pm", "/usr/share/perl5/Debconf/Element/Select.pm", "/usr/share/perl5/Debconf/Element/Teletype/Boolean.pm", "/usr/share/perl5/Debconf/Element/Teletype/Error.pm", "/usr/share/perl5/Debconf/Element/Teletype/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Teletype/Note.pm", "/usr/share/perl5/Debconf/Element/Teletype/Password.pm", "/usr/share/perl5/Debconf/Element/Teletype/Progress.pm", "/usr/share/perl5/Debconf/Element/Teletype/Select.pm", "/usr/share/perl5/Debconf/Element/Teletype/String.pm", "/usr/share/perl5/Debconf/Element/Teletype/Text.pm", "/usr/share/perl5/Debconf/Element/Web/Boolean.pm", "/usr/share/perl5/Debconf/Element/Web/Error.pm", "/usr/share/perl5/Debconf/Element/Web/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Web/Note.pm", "/usr/share/perl5/Debconf/Element/Web/Password.pm", "/usr/share/perl5/Debconf/Element/Web/Progress.pm", "/usr/share/perl5/Debconf/Element/Web/Select.pm", "/usr/share/perl5/Debconf/Element/Web/String.pm", "/usr/share/perl5/Debconf/Element/Web/Text.pm", "/usr/share/perl5/Debconf/Encoding.pm", "/usr/share/perl5/Debconf/Format.pm", "/usr/share/perl5/Debconf/Format/822.pm", "/usr/share/perl5/Debconf/FrontEnd.pm", "/usr/share/perl5/Debconf/FrontEnd/Dialog.pm", "/usr/share/perl5/Debconf/FrontEnd/Editor.pm", "/usr/share/perl5/Debconf/FrontEnd/Gnome.pm", "/usr/share/perl5/Debconf/FrontEnd/Kde.pm", "/usr/share/perl5/Debconf/FrontEnd/Noninteractive.pm", "/usr/share/perl5/Debconf/FrontEnd/Passthrough.pm", "/usr/share/perl5/Debconf/FrontEnd/Readline.pm", "/usr/share/perl5/Debconf/FrontEnd/ScreenSize.pm", "/usr/share/perl5/Debconf/FrontEnd/Teletype.pm", "/usr/share/perl5/Debconf/FrontEnd/Text.pm", "/usr/share/perl5/Debconf/FrontEnd/Web.pm", "/usr/share/perl5/Debconf/Gettext.pm", "/usr/share/perl5/Debconf/Iterator.pm", "/usr/share/perl5/Debconf/Log.pm", "/usr/share/perl5/Debconf/Path.pm", "/usr/share/perl5/Debconf/Priority.pm", "/usr/share/perl5/Debconf/Question.pm", "/usr/share/perl5/Debconf/Template.pm", "/usr/share/perl5/Debconf/Template/Transient.pm", "/usr/share/perl5/Debconf/TmpFile.pm", "/usr/share/perl5/Debian/DebConf/Client/ConfModule.pm", "/usr/share/pixmaps/debian-logo.png" ], "AnalyzedBy": "dpkg" }, { "ID": "debian-archive-keyring@2025.1", "Name": "debian-archive-keyring", "Identifier": { "PURL": "pkg:deb/debian/debian-archive-keyring@2025.1?arch=all\u0026distro=debian-13.4", "UID": "a22d861380b1187c" }, "Version": "2025.1", "Arch": "all", "SrcName": "debian-archive-keyring", "SrcVersion": "2025.1", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Debian Release Team \u003cpackages@release.debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/share/doc/debian-archive-keyring/NEWS.Debian.gz", "/usr/share/doc/debian-archive-keyring/README", "/usr/share/doc/debian-archive-keyring/changelog.gz", "/usr/share/doc/debian-archive-keyring/copyright", "/usr/share/keyrings/debian-archive-bookworm-automatic.pgp", "/usr/share/keyrings/debian-archive-bookworm-security-automatic.pgp", "/usr/share/keyrings/debian-archive-bookworm-stable.pgp", "/usr/share/keyrings/debian-archive-bullseye-automatic.pgp", "/usr/share/keyrings/debian-archive-bullseye-security-automatic.pgp", "/usr/share/keyrings/debian-archive-bullseye-stable.pgp", "/usr/share/keyrings/debian-archive-keyring.pgp", "/usr/share/keyrings/debian-archive-removed-keys.pgp", "/usr/share/keyrings/debian-archive-trixie-automatic.pgp", "/usr/share/keyrings/debian-archive-trixie-security-automatic.pgp", "/usr/share/keyrings/debian-archive-trixie-stable.pgp" ], "AnalyzedBy": "dpkg" }, { "ID": "debianutils@5.23.2", "Name": "debianutils", "Identifier": { "PURL": "pkg:deb/debian/debianutils@5.23.2?arch=amd64\u0026distro=debian-13.4", "UID": "3c5d0b66afafddbb" }, "Version": "5.23.2", "Arch": "amd64", "SrcName": "debianutils", "SrcVersion": "5.23.2", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "public-domain", "SMAIL-GPL" ], "Maintainer": "Ileana Dumitrescu \u003cileanadumitrescu95@gmail.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/bin/ischroot", "/usr/bin/run-parts", "/usr/bin/savelog", "/usr/bin/tempfile", "/usr/bin/which.debianutils", "/usr/sbin/add-shell", "/usr/sbin/installkernel", "/usr/sbin/remove-shell", "/usr/sbin/update-shells", "/usr/share/debianutils/shells", "/usr/share/doc/debianutils/README.shells", "/usr/share/doc/debianutils/changelog.gz", "/usr/share/doc/debianutils/copyright", "/usr/share/man/de/man1/which.debianutils.1.gz", "/usr/share/man/de/man8/add-shell.8.gz", "/usr/share/man/de/man8/installkernel.8.gz", "/usr/share/man/de/man8/remove-shell.8.gz", "/usr/share/man/de/man8/run-parts.8.gz", "/usr/share/man/de/man8/savelog.8.gz", "/usr/share/man/es/man1/which.debianutils.1.gz", "/usr/share/man/es/man8/add-shell.8.gz", "/usr/share/man/es/man8/installkernel.8.gz", "/usr/share/man/es/man8/remove-shell.8.gz", "/usr/share/man/es/man8/run-parts.8.gz", "/usr/share/man/es/man8/savelog.8.gz", "/usr/share/man/fr/man1/which.debianutils.1.gz", "/usr/share/man/fr/man8/add-shell.8.gz", "/usr/share/man/fr/man8/installkernel.8.gz", "/usr/share/man/fr/man8/remove-shell.8.gz", "/usr/share/man/fr/man8/run-parts.8.gz", "/usr/share/man/fr/man8/savelog.8.gz", "/usr/share/man/it/man1/which.debianutils.1.gz", "/usr/share/man/it/man8/add-shell.8.gz", "/usr/share/man/it/man8/installkernel.8.gz", "/usr/share/man/it/man8/remove-shell.8.gz", "/usr/share/man/it/man8/run-parts.8.gz", "/usr/share/man/it/man8/savelog.8.gz", "/usr/share/man/ja/man1/which.debianutils.1.gz", "/usr/share/man/ja/man8/add-shell.8.gz", "/usr/share/man/ja/man8/installkernel.8.gz", "/usr/share/man/ja/man8/remove-shell.8.gz", "/usr/share/man/ja/man8/run-parts.8.gz", "/usr/share/man/ja/man8/savelog.8.gz", "/usr/share/man/man1/ischroot.1.gz", "/usr/share/man/man1/tempfile.1.gz", "/usr/share/man/man1/which.debianutils.1.gz", "/usr/share/man/man8/add-shell.8.gz", "/usr/share/man/man8/installkernel.8.gz", "/usr/share/man/man8/remove-shell.8.gz", "/usr/share/man/man8/run-parts.8.gz", "/usr/share/man/man8/savelog.8.gz", "/usr/share/man/man8/update-shells.8.gz", "/usr/share/man/pl/man1/which.debianutils.1.gz", "/usr/share/man/pl/man8/add-shell.8.gz", "/usr/share/man/pl/man8/installkernel.8.gz", "/usr/share/man/pl/man8/remove-shell.8.gz", "/usr/share/man/pl/man8/run-parts.8.gz", "/usr/share/man/pl/man8/savelog.8.gz", "/usr/share/man/pt/man1/which.debianutils.1.gz", "/usr/share/man/pt/man8/add-shell.8.gz", "/usr/share/man/pt/man8/installkernel.8.gz", "/usr/share/man/pt/man8/remove-shell.8.gz", "/usr/share/man/pt/man8/run-parts.8.gz", "/usr/share/man/pt/man8/savelog.8.gz", "/usr/share/man/sl/man1/which.debianutils.1.gz", "/usr/share/man/sl/man8/add-shell.8.gz", "/usr/share/man/sl/man8/installkernel.8.gz", "/usr/share/man/sl/man8/remove-shell.8.gz", "/usr/share/man/sl/man8/run-parts.8.gz", "/usr/share/man/sl/man8/savelog.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "gcc-14-base@14.2.0-19", "Name": "gcc-14-base", "Identifier": { "PURL": "pkg:deb/debian/gcc-14-base@14.2.0-19?arch=amd64\u0026distro=debian-13.4", "UID": "371c061d08215a1b" }, "Version": "14.2.0", "Release": "19", "Arch": "amd64", "SrcName": "gcc-14", "SrcVersion": "14.2.0", "SrcRelease": "19", "Licenses": [ "GPL-2.0-or-later", "GPL-3.0-only", "GFDL-1.2-only", "Artistic-2.0", "LGPL-2.0-or-later" ], "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/share/doc/gcc-14-base/README.Debian.amd64.gz", "/usr/share/doc/gcc-14-base/TODO.Debian", "/usr/share/doc/gcc-14-base/changelog.Debian.gz", "/usr/share/doc/gcc-14-base/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "hostname@3.25", "Name": "hostname", "Identifier": { "PURL": "pkg:deb/debian/hostname@3.25?arch=amd64\u0026distro=debian-13.4", "UID": "641772722328aedf" }, "Version": "3.25", "Arch": "amd64", "SrcName": "hostname", "SrcVersion": "3.25", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Michael Meskes \u003cmeskes@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/bin/hostname", "/usr/share/doc/hostname/changelog.gz", "/usr/share/doc/hostname/copyright", "/usr/share/man/man1/hostname.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "libacl1@2.3.2-2+b1", "Name": "libacl1", "Identifier": { "PURL": "pkg:deb/debian/libacl1@2.3.2-2%2Bb1?arch=amd64\u0026distro=debian-13.4", "UID": "3de9b16851b7cdc0" }, "Version": "2.3.2", "Release": "2+b1", "Arch": "amd64", "SrcName": "acl", "SrcVersion": "2.3.2", "SrcRelease": "2", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "LGPL-2.0-or-later", "LGPL-2.1-only" ], "Maintainer": "Guillem Jover \u003cguillem@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2" ], "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libacl.so.1.1.2302", "/usr/share/doc/libacl1/changelog.Debian.amd64.gz", "/usr/share/doc/libacl1/changelog.Debian.gz", "/usr/share/doc/libacl1/changelog.gz", "/usr/share/doc/libacl1/copyright", "/usr/share/lintian/overrides/libacl1" ], "AnalyzedBy": "dpkg" }, { "ID": "libapt-pkg7.0@3.0.3", "Name": "libapt-pkg7.0", "Identifier": { "PURL": "pkg:deb/debian/libapt-pkg7.0@3.0.3?arch=amd64\u0026distro=debian-13.4", "UID": "62525e41beef1908" }, "Version": "3.0.3", "Arch": "amd64", "SrcName": "apt", "SrcVersion": "3.0.3", "Licenses": [ "GPL-2.0-or-later", "curl", "BSD-3-Clause", "MIT", "GPL-2.0-only" ], "Maintainer": "APT Development Team \u003cdeity@lists.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libbz2-1.0@1.0.8-6", "libc6@2.41-12+deb13u2", "libgcc-s1@14.2.0-19", "liblz4-1@1.10.0-4", "liblzma5@5.8.1-1", "libssl3t64@3.5.5-1~deb13u2", "libstdc++6@14.2.0-19", "libsystemd0@257.9-1~deb13u1", "libudev1@257.9-1~deb13u1", "libxxhash0@0.8.3-2", "libzstd1@1.5.7+dfsg-1", "zlib1g@1:1.3.dfsg+really1.3.1-1+b1" ], "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libapt-pkg.so.7.0.0", "/usr/share/doc/libapt-pkg7.0/NEWS.Debian.gz", "/usr/share/doc/libapt-pkg7.0/changelog.gz", "/usr/share/doc/libapt-pkg7.0/copyright", "/usr/share/locale/ar/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/ast/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/bg/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/bs/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/ca/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/cs/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/cy/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/da/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/de/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/dz/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/el/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/es/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/eu/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/fi/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/fr/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/gl/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/hu/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/it/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/ja/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/km/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/ko/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/ku/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/lt/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/mr/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/nb/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/ne/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/nl/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/nn/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/pl/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/pt/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/ro/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/ru/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/sk/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/sl/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/sv/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/th/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/tl/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/tr/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/uk/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/vi/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/libapt-pkg7.0.mo" ], "AnalyzedBy": "dpkg" }, { "ID": "libattr1@1:2.5.2-3", "Name": "libattr1", "Identifier": { "PURL": "pkg:deb/debian/libattr1@2.5.2-3?arch=amd64\u0026distro=debian-13.4\u0026epoch=1", "UID": "b0e1266f81063f7" }, "Version": "2.5.2", "Release": "3", "Epoch": 1, "Arch": "amd64", "SrcName": "attr", "SrcVersion": "2.5.2", "SrcRelease": "3", "SrcEpoch": 1, "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "LGPL-2.0-or-later", "LGPL-2.1-only" ], "Maintainer": "Guillem Jover \u003cguillem@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2" ], "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libattr.so.1.1.2502", "/usr/share/doc/libattr1/changelog.Debian.gz", "/usr/share/doc/libattr1/changelog.gz", "/usr/share/doc/libattr1/copyright", "/usr/share/lintian/overrides/libattr1" ], "AnalyzedBy": "dpkg" }, { "ID": "libaudit-common@1:4.0.2-2", "Name": "libaudit-common", "Identifier": { "PURL": "pkg:deb/debian/libaudit-common@4.0.2-2?arch=all\u0026distro=debian-13.4\u0026epoch=1", "UID": "d20cd9a11d8e018d" }, "Version": "4.0.2", "Release": "2", "Epoch": 1, "Arch": "all", "SrcName": "audit", "SrcVersion": "4.0.2", "SrcRelease": "2", "SrcEpoch": 1, "Licenses": [ "GPL-2.0-only", "LGPL-2.1-only", "GPL-1.0-only" ], "Maintainer": "Laurent Bigonville \u003cbigon@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/share/doc/libaudit-common/changelog.Debian.gz", "/usr/share/doc/libaudit-common/changelog.gz", "/usr/share/doc/libaudit-common/copyright", "/usr/share/man/man5/libaudit.conf.5.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "libaudit1@1:4.0.2-2+b2", "Name": "libaudit1", "Identifier": { "PURL": "pkg:deb/debian/libaudit1@4.0.2-2%2Bb2?arch=amd64\u0026distro=debian-13.4\u0026epoch=1", "UID": "bfee89653d19f275" }, "Version": "4.0.2", "Release": "2+b2", "Epoch": 1, "Arch": "amd64", "SrcName": "audit", "SrcVersion": "4.0.2", "SrcRelease": "2", "SrcEpoch": 1, "Licenses": [ "GPL-2.0-only", "LGPL-2.1-only", "GPL-1.0-only" ], "Maintainer": "Laurent Bigonville \u003cbigon@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libaudit-common@1:4.0.2-2", "libc6@2.41-12+deb13u2", "libcap-ng0@0.8.5-4+b1" ], "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libaudit.so.1.0.0", "/usr/share/doc/libaudit1/changelog.Debian.amd64.gz", "/usr/share/doc/libaudit1/changelog.Debian.gz", "/usr/share/doc/libaudit1/changelog.gz", "/usr/share/doc/libaudit1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libblkid1@2.41-5", "Name": "libblkid1", "Identifier": { "PURL": "pkg:deb/debian/libblkid1@2.41-5?arch=amd64\u0026distro=debian-13.4", "UID": "c1af86eefb8cc018" }, "Version": "2.41", "Release": "5", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2" ], "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libblkid.so.1.1.0", "/usr/share/doc/libblkid1/NEWS.Debian.gz", "/usr/share/doc/libblkid1/changelog.Debian.gz", "/usr/share/doc/libblkid1/changelog.gz", "/usr/share/doc/libblkid1/copyright", "/usr/share/lintian/overrides/libblkid1" ], "AnalyzedBy": "dpkg" }, { "ID": "libbsd0@0.12.2-2", "Name": "libbsd0", "Identifier": { "PURL": "pkg:deb/debian/libbsd0@0.12.2-2?arch=amd64\u0026distro=debian-13.4", "UID": "7031e5c6b2f996a7" }, "Version": "0.12.2", "Release": "2", "Arch": "amd64", "SrcName": "libbsd", "SrcVersion": "0.12.2", "SrcRelease": "2", "Licenses": [ "BSD-3-Clause", "BSD-3-clause-Regents", "BSD-2-Clause-NetBSD", "BSD-3-clause-author", "BSD-3-clause-John-Birrell", "BSD-5-clause-Peter-Wemm", "BSD-2-Clause", "BSD-2-clause-verbatim", "BSD-2-clause-author", "ISC", "ISC-Original", "MIT", "public-domain", "Beerware" ], "Maintainer": "Guillem Jover \u003cguillem@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2", "libmd0@1.1.0-2+b1" ], "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libbsd.so.0.12.2", "/usr/share/doc/libbsd0/changelog.Debian.gz", "/usr/share/doc/libbsd0/changelog.gz", "/usr/share/doc/libbsd0/copyright", "/usr/share/lintian/overrides/libbsd0" ], "AnalyzedBy": "dpkg" }, { "ID": "libbz2-1.0@1.0.8-6", "Name": "libbz2-1.0", "Identifier": { "PURL": "pkg:deb/debian/libbz2-1.0@1.0.8-6?arch=amd64\u0026distro=debian-13.4", "UID": "26acdf11d0e1ba65" }, "Version": "1.0.8", "Release": "6", "Arch": "amd64", "SrcName": "bzip2", "SrcVersion": "1.0.8", "SrcRelease": "6", "Licenses": [ "BSD-3-Clause", "GPL-2.0-only" ], "Maintainer": "Anibal Monsalve Salazar \u003canibal@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2" ], "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libbz2.so.1.0.4", "/usr/share/doc/libbz2-1.0/changelog.Debian.gz", "/usr/share/doc/libbz2-1.0/changelog.gz", "/usr/share/doc/libbz2-1.0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libc6@2.41-12+deb13u2", "Name": "libc6", "Identifier": { "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u2?arch=amd64\u0026distro=debian-13.4", "UID": "f8217b10d3b7623a" }, "Version": "2.41", "Release": "12+deb13u2", "Arch": "amd64", "SrcName": "glibc", "SrcVersion": "2.41", "SrcRelease": "12+deb13u2", "Licenses": [ "LGPL-2.1-or-later", "LGPL-2.0-or-later", "LGPL-2.1+-with-link-exception", "LGPL-3.0-or-later", "GPL-2.0-or-later", "GPL-2+-with-link-exception", "GPL-2.0-only", "GPL-3.0-or-later", "FSFAP", "Carnegie", "Inner-Net", "MIT-like-Lord", "BSD-like-Spencer", "PCRE", "BSD-3-clause-Carnegie", "Unicode-DFS-2016", "BSL-1.0", "SunPro", "CORE-MATH", "BSD-3-clause-Berkeley", "BSD-3-clause-WIDE", "BSD-2-Clause", "BSD-3-clause-Oracle", "DEC", "IBM", "ISC", "Univ-Coimbra", "public-domain", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "GNU Libc Maintainers \u003cdebian-glibc@lists.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libgcc-s1@14.2.0-19" ], "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/gconv/ANSI_X3.110.so", "/usr/lib/x86_64-linux-gnu/gconv/ARMSCII-8.so", "/usr/lib/x86_64-linux-gnu/gconv/ASMO_449.so", "/usr/lib/x86_64-linux-gnu/gconv/BIG5.so", "/usr/lib/x86_64-linux-gnu/gconv/BIG5HKSCS.so", "/usr/lib/x86_64-linux-gnu/gconv/BRF.so", "/usr/lib/x86_64-linux-gnu/gconv/CP10007.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1125.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1250.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1251.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1252.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1253.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1254.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1255.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1256.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1257.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1258.so", "/usr/lib/x86_64-linux-gnu/gconv/CP737.so", "/usr/lib/x86_64-linux-gnu/gconv/CP770.so", "/usr/lib/x86_64-linux-gnu/gconv/CP771.so", "/usr/lib/x86_64-linux-gnu/gconv/CP772.so", "/usr/lib/x86_64-linux-gnu/gconv/CP773.so", "/usr/lib/x86_64-linux-gnu/gconv/CP774.so", "/usr/lib/x86_64-linux-gnu/gconv/CP775.so", "/usr/lib/x86_64-linux-gnu/gconv/CP932.so", "/usr/lib/x86_64-linux-gnu/gconv/CSN_369103.so", "/usr/lib/x86_64-linux-gnu/gconv/CWI.so", "/usr/lib/x86_64-linux-gnu/gconv/DEC-MCS.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-AT-DE-A.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-AT-DE.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-CA-FR.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-DK-NO-A.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-DK-NO.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES-A.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES-S.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FI-SE-A.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FI-SE.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FR.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-IS-FRISS.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-IT.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-PT.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-UK.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-US.so", "/usr/lib/x86_64-linux-gnu/gconv/ECMA-CYRILLIC.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-CN.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-JISX0213.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-JP-MS.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-JP.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-KR.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-TW.so", "/usr/lib/x86_64-linux-gnu/gconv/GB18030.so", "/usr/lib/x86_64-linux-gnu/gconv/GBBIG5.so", "/usr/lib/x86_64-linux-gnu/gconv/GBGBK.so", "/usr/lib/x86_64-linux-gnu/gconv/GBK.so", "/usr/lib/x86_64-linux-gnu/gconv/GEORGIAN-ACADEMY.so", "/usr/lib/x86_64-linux-gnu/gconv/GEORGIAN-PS.so", "/usr/lib/x86_64-linux-gnu/gconv/GOST_19768-74.so", "/usr/lib/x86_64-linux-gnu/gconv/GREEK-CCITT.so", "/usr/lib/x86_64-linux-gnu/gconv/GREEK7-OLD.so", "/usr/lib/x86_64-linux-gnu/gconv/GREEK7.so", "/usr/lib/x86_64-linux-gnu/gconv/HP-GREEK8.so", "/usr/lib/x86_64-linux-gnu/gconv/HP-ROMAN8.so", "/usr/lib/x86_64-linux-gnu/gconv/HP-ROMAN9.so", "/usr/lib/x86_64-linux-gnu/gconv/HP-THAI8.so", "/usr/lib/x86_64-linux-gnu/gconv/HP-TURKISH8.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM037.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM038.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1004.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1008.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1008_420.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1025.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1026.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1046.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1047.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1097.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1112.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1122.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1123.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1124.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1129.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1130.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1132.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1133.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1137.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1140.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1141.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1142.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1143.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1144.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1145.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1146.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1147.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1148.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1149.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1153.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1154.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1155.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1156.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1157.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1158.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1160.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1161.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1162.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1163.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1164.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1166.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1167.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM12712.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1364.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1371.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1388.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1390.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1399.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM16804.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM256.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM273.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM274.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM275.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM277.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM278.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM280.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM281.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM284.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM285.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM290.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM297.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM420.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM423.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM424.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM437.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM4517.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM4899.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM4909.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM4971.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM500.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM5347.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM803.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM850.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM851.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM852.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM855.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM856.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM857.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM858.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM860.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM861.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM862.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM863.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM864.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM865.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM866.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM866NAV.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM868.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM869.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM870.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM871.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM874.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM875.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM880.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM891.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM901.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM902.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM903.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM9030.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM904.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM905.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM9066.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM918.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM921.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM922.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM930.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM932.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM933.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM935.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM937.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM939.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM943.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM9448.so", "/usr/lib/x86_64-linux-gnu/gconv/IEC_P27-1.so", "/usr/lib/x86_64-linux-gnu/gconv/INIS-8.so", "/usr/lib/x86_64-linux-gnu/gconv/INIS-CYRILLIC.so", "/usr/lib/x86_64-linux-gnu/gconv/INIS.so", "/usr/lib/x86_64-linux-gnu/gconv/ISIRI-3342.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-CN-EXT.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-CN.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-JP-3.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-JP.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-KR.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-IR-197.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-IR-209.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO646.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-1.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-10.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-11.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-13.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-14.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-15.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-16.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-2.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-3.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-4.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-5.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-6.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-7.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-8.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-9.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-9E.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_10367-BOX.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_11548-1.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_2033.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_5427-EXT.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_5427.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_5428.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_6937-2.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_6937.so", "/usr/lib/x86_64-linux-gnu/gconv/JOHAB.so", "/usr/lib/x86_64-linux-gnu/gconv/KOI-8.so", "/usr/lib/x86_64-linux-gnu/gconv/KOI8-R.so", "/usr/lib/x86_64-linux-gnu/gconv/KOI8-RU.so", "/usr/lib/x86_64-linux-gnu/gconv/KOI8-T.so", "/usr/lib/x86_64-linux-gnu/gconv/KOI8-U.so", "/usr/lib/x86_64-linux-gnu/gconv/LATIN-GREEK-1.so", "/usr/lib/x86_64-linux-gnu/gconv/LATIN-GREEK.so", "/usr/lib/x86_64-linux-gnu/gconv/MAC-CENTRALEUROPE.so", "/usr/lib/x86_64-linux-gnu/gconv/MAC-IS.so", "/usr/lib/x86_64-linux-gnu/gconv/MAC-SAMI.so", "/usr/lib/x86_64-linux-gnu/gconv/MAC-UK.so", "/usr/lib/x86_64-linux-gnu/gconv/MACINTOSH.so", "/usr/lib/x86_64-linux-gnu/gconv/MIK.so", "/usr/lib/x86_64-linux-gnu/gconv/NATS-DANO.so", "/usr/lib/x86_64-linux-gnu/gconv/NATS-SEFI.so", "/usr/lib/x86_64-linux-gnu/gconv/PT154.so", "/usr/lib/x86_64-linux-gnu/gconv/RK1048.so", "/usr/lib/x86_64-linux-gnu/gconv/SAMI-WS2.so", "/usr/lib/x86_64-linux-gnu/gconv/SHIFT_JISX0213.so", "/usr/lib/x86_64-linux-gnu/gconv/SJIS.so", "/usr/lib/x86_64-linux-gnu/gconv/T.61.so", "/usr/lib/x86_64-linux-gnu/gconv/TCVN5712-1.so", "/usr/lib/x86_64-linux-gnu/gconv/TIS-620.so", "/usr/lib/x86_64-linux-gnu/gconv/TSCII.so", "/usr/lib/x86_64-linux-gnu/gconv/UHC.so", "/usr/lib/x86_64-linux-gnu/gconv/UNICODE.so", "/usr/lib/x86_64-linux-gnu/gconv/UTF-16.so", "/usr/lib/x86_64-linux-gnu/gconv/UTF-32.so", "/usr/lib/x86_64-linux-gnu/gconv/UTF-7.so", "/usr/lib/x86_64-linux-gnu/gconv/VISCII.so", "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules", "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache", "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.d/gconv-modules-extra.conf", "/usr/lib/x86_64-linux-gnu/gconv/libCNS.so", "/usr/lib/x86_64-linux-gnu/gconv/libGB.so", "/usr/lib/x86_64-linux-gnu/gconv/libISOIR165.so", "/usr/lib/x86_64-linux-gnu/gconv/libJIS.so", "/usr/lib/x86_64-linux-gnu/gconv/libJISX0213.so", "/usr/lib/x86_64-linux-gnu/gconv/libKSC.so", "/usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2", "/usr/lib/x86_64-linux-gnu/libBrokenLocale.so.1", "/usr/lib/x86_64-linux-gnu/libanl.so.1", "/usr/lib/x86_64-linux-gnu/libc.so.6", "/usr/lib/x86_64-linux-gnu/libc_malloc_debug.so.0", "/usr/lib/x86_64-linux-gnu/libdl.so.2", "/usr/lib/x86_64-linux-gnu/libm.so.6", "/usr/lib/x86_64-linux-gnu/libmemusage.so", "/usr/lib/x86_64-linux-gnu/libmvec.so.1", "/usr/lib/x86_64-linux-gnu/libnsl.so.1", "/usr/lib/x86_64-linux-gnu/libnss_compat.so.2", "/usr/lib/x86_64-linux-gnu/libnss_dns.so.2", "/usr/lib/x86_64-linux-gnu/libnss_files.so.2", "/usr/lib/x86_64-linux-gnu/libnss_hesiod.so.2", "/usr/lib/x86_64-linux-gnu/libpcprofile.so", "/usr/lib/x86_64-linux-gnu/libpthread.so.0", "/usr/lib/x86_64-linux-gnu/libresolv.so.2", "/usr/lib/x86_64-linux-gnu/librt.so.1", "/usr/lib/x86_64-linux-gnu/libthread_db.so.1", "/usr/lib/x86_64-linux-gnu/libutil.so.1", "/usr/share/doc/libc6/NEWS.Debian.gz", "/usr/share/doc/libc6/NEWS.gz", "/usr/share/doc/libc6/README.Debian.gz", "/usr/share/doc/libc6/README.hesiod.gz", "/usr/share/doc/libc6/changelog.Debian.gz", "/usr/share/doc/libc6/changelog.gz", "/usr/share/doc/libc6/copyright", "/usr/share/lintian/overrides/libc6" ], "AnalyzedBy": "dpkg" }, { "ID": "libcap-ng0@0.8.5-4+b1", "Name": "libcap-ng0", "Identifier": { "PURL": "pkg:deb/debian/libcap-ng0@0.8.5-4%2Bb1?arch=amd64\u0026distro=debian-13.4", "UID": "5c9befb3e6389825" }, "Version": "0.8.5", "Release": "4+b1", "Arch": "amd64", "SrcName": "libcap-ng", "SrcVersion": "0.8.5", "SrcRelease": "4", "Licenses": [ "LGPL-2.1-or-later", "GPL-2.0-or-later", "GPL-3.0-only", "LGPL-2.1-only", "GPL-2.0-only" ], "Maintainer": "Håvard F. Aasen \u003chavard.f.aasen@pfft.no\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2" ], "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libcap-ng.so.0.0.0", "/usr/lib/x86_64-linux-gnu/libdrop_ambient.so.0.0.0", "/usr/share/doc/libcap-ng0/changelog.Debian.amd64.gz", "/usr/share/doc/libcap-ng0/changelog.Debian.gz", "/usr/share/doc/libcap-ng0/changelog.gz", "/usr/share/doc/libcap-ng0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libcap2@1:2.75-10+b8", "Name": "libcap2", "Identifier": { "PURL": "pkg:deb/debian/libcap2@2.75-10%2Bb8?arch=amd64\u0026distro=debian-13.4\u0026epoch=1", "UID": "7062e9c4f309915f" }, "Version": "2.75", "Release": "10+b8", "Epoch": 1, "Arch": "amd64", "SrcName": "libcap2", "SrcVersion": "2.75", "SrcRelease": "10", "SrcEpoch": 1, "Licenses": [ "BSD-3-Clause", "GPL-2.0-only", "GPL-2.0-or-later" ], "Maintainer": "Christian Kastner \u003cckk@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2" ], "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libcap.so.2.75", "/usr/lib/x86_64-linux-gnu/libpsx.so.2.75", "/usr/share/doc/libcap2/changelog.Debian.amd64.gz", "/usr/share/doc/libcap2/changelog.Debian.gz", "/usr/share/doc/libcap2/changelog.gz", "/usr/share/doc/libcap2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libcom-err2@1.47.2-3+b10", "Name": "libcom-err2", "Identifier": { "PURL": "pkg:deb/debian/libcom-err2@1.47.2-3%2Bb10?arch=amd64\u0026distro=debian-13.4", "UID": "bfe3e78d10af37a0" }, "Version": "1.47.2", "Release": "3+b10", "Arch": "amd64", "SrcName": "e2fsprogs", "SrcVersion": "1.47.2", "SrcRelease": "3", "Licenses": [ "GPL-2.0-only", "GPL-2.0-or-later", "0BSD", "MIT", "BSD-3-Clause-Variant", "BSD-3-Clause", "BSD-4-Clause-CMU", "LGPL-2.0-only", "Apache-2.0", "ISC", "MIT-US-export", "Kazlib", "Latex2e", "GPL-2+ with Texinfo exception" ], "Maintainer": "Theodore Y. Ts'o \u003ctytso@mit.edu\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2" ], "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libcom_err.so.2.1", "/usr/share/doc/libcom-err2/changelog.Debian.amd64.gz", "/usr/share/doc/libcom-err2/changelog.Debian.gz", "/usr/share/doc/libcom-err2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libcrypt1@1:4.4.38-1", "Name": "libcrypt1", "Identifier": { "PURL": "pkg:deb/debian/libcrypt1@4.4.38-1?arch=amd64\u0026distro=debian-13.4\u0026epoch=1", "UID": "c3820f15bf4e7a13" }, "Version": "4.4.38", "Release": "1", "Epoch": 1, "Arch": "amd64", "SrcName": "libxcrypt", "SrcVersion": "4.4.38", "SrcRelease": "1", "SrcEpoch": 1, "Maintainer": "Marco d'Itri \u003cmd@linux.it\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2" ], "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libcrypt.so.1.1.0", "/usr/share/doc/libcrypt1/changelog.Debian.gz", "/usr/share/doc/libcrypt1/changelog.gz", "/usr/share/doc/libcrypt1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libdb5.3t64@5.3.28+dfsg2-9", "Name": "libdb5.3t64", "Identifier": { "PURL": "pkg:deb/debian/libdb5.3t64@5.3.28%2Bdfsg2-9?arch=amd64\u0026distro=debian-13.4", "UID": "3b9d2f17799986c8" }, "Version": "5.3.28+dfsg2", "Release": "9", "Arch": "amd64", "SrcName": "db5.3", "SrcVersion": "5.3.28+dfsg2", "SrcRelease": "9", "Licenses": [ "Sleepycat", "BSD-3-Clause", "MS-PL", "GPL-2.0-or-later", "Artistic-2.0", "X11", "MIT-old", "TCL-like", "BSD-3-clause-fjord", "GPL-3.0-only", "Zlib" ], "Maintainer": "Debian QA Group \u003cpackages@qa.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2" ], "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libdb-5.3.so", "/usr/share/doc/libdb5.3t64/build_signature_amd64.txt", "/usr/share/doc/libdb5.3t64/changelog.Debian.gz", "/usr/share/doc/libdb5.3t64/copyright", "/usr/share/lintian/overrides/libdb5.3t64" ], "AnalyzedBy": "dpkg" }, { "ID": "libdebconfclient0@0.280", "Name": "libdebconfclient0", "Identifier": { "PURL": "pkg:deb/debian/libdebconfclient0@0.280?arch=amd64\u0026distro=debian-13.4", "UID": "6134dc231a5060f1" }, "Version": "0.280", "Arch": "amd64", "SrcName": "cdebconf", "SrcVersion": "0.280", "Licenses": [ "BSD-2-Clause", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Debian Install System Team \u003cdebian-boot@lists.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2" ], "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libdebconfclient.so.0.0.0", "/usr/share/doc/libdebconfclient0/changelog.gz", "/usr/share/doc/libdebconfclient0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libexpat1@2.7.1-2", "Name": "libexpat1", "Identifier": { "PURL": "pkg:deb/debian/libexpat1@2.7.1-2?arch=amd64\u0026distro=debian-13.4", "UID": "98d5e2cecc41711d" }, "Version": "2.7.1", "Release": "2", "Arch": "amd64", "SrcName": "expat", "SrcVersion": "2.7.1", "SrcRelease": "2", "Licenses": [ "MIT" ], "Maintainer": "Laszlo Boszormenyi (GCS) \u003cgcs@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libexpat.so.1.10.2", "/usr/lib/x86_64-linux-gnu/libexpatw.so.1.10.2", "/usr/share/doc/libexpat1/AUTHORS", "/usr/share/doc/libexpat1/changelog.Debian.gz", "/usr/share/doc/libexpat1/changelog.gz", "/usr/share/doc/libexpat1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libexttextcat-2.0-0@3.4.7-1+b1", "Name": "libexttextcat-2.0-0", "Identifier": { "PURL": "pkg:deb/debian/libexttextcat-2.0-0@3.4.7-1%2Bb1?arch=amd64\u0026distro=debian-13.4", "UID": "1ffbb42f6dc496af" }, "Version": "3.4.7", "Release": "1+b1", "Arch": "amd64", "SrcName": "libexttextcat", "SrcVersion": "3.4.7", "SrcRelease": "1", "Maintainer": "Debian LibreOffice Maintainers \u003cdebian-openoffice@lists.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2", "libexttextcat-data@3.4.7-1" ], "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libexttextcat-2.0.so.0.0.0", "/usr/share/doc/libexttextcat-2.0-0/README", "/usr/share/doc/libexttextcat-2.0-0/TODO", "/usr/share/doc/libexttextcat-2.0-0/changelog.Debian.amd64.gz", "/usr/share/doc/libexttextcat-2.0-0/changelog.Debian.gz", "/usr/share/doc/libexttextcat-2.0-0/changelog.gz", "/usr/share/doc/libexttextcat-2.0-0/copyright", "/usr/share/lintian/overrides/libexttextcat-2.0-0" ], "AnalyzedBy": "dpkg" }, { "ID": "libexttextcat-data@3.4.7-1", "Name": "libexttextcat-data", "Identifier": { "PURL": "pkg:deb/debian/libexttextcat-data@3.4.7-1?arch=all\u0026distro=debian-13.4", "UID": "a87e2acedb0528e8" }, "Version": "3.4.7", "Release": "1", "Arch": "all", "SrcName": "libexttextcat", "SrcVersion": "3.4.7", "SrcRelease": "1", "Maintainer": "Debian LibreOffice Maintainers \u003cdebian-openoffice@lists.debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "InstalledFiles": [ "/usr/share/doc/libexttextcat-data/README", "/usr/share/doc/libexttextcat-data/TODO", "/usr/share/doc/libexttextcat-data/changelog.Debian.gz", "/usr/share/doc/libexttextcat-data/changelog.gz", "/usr/share/doc/libexttextcat-data/copyright", "/usr/share/libexttextcat/ab.lm", "/usr/share/libexttextcat/ace.lm", "/usr/share/libexttextcat/ada.lm", "/usr/share/libexttextcat/af.lm", "/usr/share/libexttextcat/ak.lm", "/usr/share/libexttextcat/alt.lm", "/usr/share/libexttextcat/am.lm", "/usr/share/libexttextcat/ar.lm", "/usr/share/libexttextcat/arn.lm", "/usr/share/libexttextcat/ast.lm", "/usr/share/libexttextcat/ay.lm", "/usr/share/libexttextcat/az-Cyrl.lm", "/usr/share/libexttextcat/az.lm", "/usr/share/libexttextcat/ban.lm", "/usr/share/libexttextcat/be.lm", "/usr/share/libexttextcat/bem.lm", "/usr/share/libexttextcat/bg.lm", "/usr/share/libexttextcat/bho.lm", "/usr/share/libexttextcat/bi.lm", "/usr/share/libexttextcat/bik.lm", "/usr/share/libexttextcat/bm.lm", "/usr/share/libexttextcat/bn.lm", "/usr/share/libexttextcat/bo.lm", "/usr/share/libexttextcat/br.lm", "/usr/share/libexttextcat/bs.lm", "/usr/share/libexttextcat/buc.lm", "/usr/share/libexttextcat/ca.lm", "/usr/share/libexttextcat/ckb.lm", "/usr/share/libexttextcat/cs.lm", "/usr/share/libexttextcat/cv.lm", "/usr/share/libexttextcat/cy.lm", "/usr/share/libexttextcat/da.lm", "/usr/share/libexttextcat/de.lm", "/usr/share/libexttextcat/dv.lm", "/usr/share/libexttextcat/dz.lm", "/usr/share/libexttextcat/ee.lm", "/usr/share/libexttextcat/el.lm", "/usr/share/libexttextcat/emk-Latn.lm", "/usr/share/libexttextcat/en.lm", "/usr/share/libexttextcat/eo.lm", "/usr/share/libexttextcat/es.lm", "/usr/share/libexttextcat/et.lm", "/usr/share/libexttextcat/eu.lm", "/usr/share/libexttextcat/fa.lm", "/usr/share/libexttextcat/fi.lm", "/usr/share/libexttextcat/fj.lm", "/usr/share/libexttextcat/fkv.lm", "/usr/share/libexttextcat/fo.lm", "/usr/share/libexttextcat/fon.lm", "/usr/share/libexttextcat/fpdb.conf", "/usr/share/libexttextcat/fr.lm", "/usr/share/libexttextcat/fur.lm", "/usr/share/libexttextcat/fy.lm", "/usr/share/libexttextcat/ga.lm", "/usr/share/libexttextcat/gd.lm", "/usr/share/libexttextcat/gl.lm", "/usr/share/libexttextcat/grc.lm", "/usr/share/libexttextcat/gu.lm", "/usr/share/libexttextcat/gug.lm", "/usr/share/libexttextcat/gv.lm", "/usr/share/libexttextcat/ha-NG.lm", "/usr/share/libexttextcat/haw.lm", "/usr/share/libexttextcat/he.lm", "/usr/share/libexttextcat/hi.lm", "/usr/share/libexttextcat/hil.lm", "/usr/share/libexttextcat/hr.lm", "/usr/share/libexttextcat/hsb.lm", "/usr/share/libexttextcat/ht.lm", "/usr/share/libexttextcat/hu.lm", "/usr/share/libexttextcat/hy.lm", "/usr/share/libexttextcat/ia.lm", "/usr/share/libexttextcat/id.lm", "/usr/share/libexttextcat/ilo.lm", "/usr/share/libexttextcat/is.lm", "/usr/share/libexttextcat/it.lm", "/usr/share/libexttextcat/ja.lm", "/usr/share/libexttextcat/ka.lm", "/usr/share/libexttextcat/kbd.lm", "/usr/share/libexttextcat/kk.lm", "/usr/share/libexttextcat/kl.lm", "/usr/share/libexttextcat/km.lm", "/usr/share/libexttextcat/kn.lm", "/usr/share/libexttextcat/kng.lm", "/usr/share/libexttextcat/ko.lm", "/usr/share/libexttextcat/koi.lm", "/usr/share/libexttextcat/ktu.lm", "/usr/share/libexttextcat/ky.lm", "/usr/share/libexttextcat/la.lm", "/usr/share/libexttextcat/lb.lm", "/usr/share/libexttextcat/lg.lm", "/usr/share/libexttextcat/lij.lm", "/usr/share/libexttextcat/lld.lm", "/usr/share/libexttextcat/ln.lm", "/usr/share/libexttextcat/lo.lm", "/usr/share/libexttextcat/lt.lm", "/usr/share/libexttextcat/lv.lm", "/usr/share/libexttextcat/mai.lm", "/usr/share/libexttextcat/mi.lm", "/usr/share/libexttextcat/min.lm", "/usr/share/libexttextcat/mk.lm", "/usr/share/libexttextcat/ml.lm", "/usr/share/libexttextcat/mn.lm", "/usr/share/libexttextcat/mos.lm", "/usr/share/libexttextcat/mr.lm", "/usr/share/libexttextcat/ms.lm", "/usr/share/libexttextcat/mt.lm", "/usr/share/libexttextcat/my.lm", "/usr/share/libexttextcat/nb.lm", "/usr/share/libexttextcat/nds.lm", "/usr/share/libexttextcat/ne.lm", "/usr/share/libexttextcat/nio.lm", "/usr/share/libexttextcat/nl.lm", "/usr/share/libexttextcat/nn.lm", "/usr/share/libexttextcat/nr.lm", "/usr/share/libexttextcat/nso.lm", "/usr/share/libexttextcat/ny.lm", "/usr/share/libexttextcat/oc.lm", "/usr/share/libexttextcat/om.lm", "/usr/share/libexttextcat/pa.lm", "/usr/share/libexttextcat/pap.lm", "/usr/share/libexttextcat/pl.lm", "/usr/share/libexttextcat/plt.lm", "/usr/share/libexttextcat/pt.lm", "/usr/share/libexttextcat/quh.lm", "/usr/share/libexttextcat/quz.lm", "/usr/share/libexttextcat/rm.lm", "/usr/share/libexttextcat/ro.lm", "/usr/share/libexttextcat/ru.lm", "/usr/share/libexttextcat/rue.lm", "/usr/share/libexttextcat/rw.lm", "/usr/share/libexttextcat/sa.lm", "/usr/share/libexttextcat/sc.lm", "/usr/share/libexttextcat/sco.lm", "/usr/share/libexttextcat/sd.lm", "/usr/share/libexttextcat/se.lm", "/usr/share/libexttextcat/sg.lm", "/usr/share/libexttextcat/shs.lm", "/usr/share/libexttextcat/si.lm", "/usr/share/libexttextcat/sk.lm", "/usr/share/libexttextcat/skr.lm", "/usr/share/libexttextcat/sl.lm", "/usr/share/libexttextcat/so.lm", "/usr/share/libexttextcat/sq.lm", "/usr/share/libexttextcat/sr-Cyrl.lm", "/usr/share/libexttextcat/sr-Latn.lm", "/usr/share/libexttextcat/ss.lm", "/usr/share/libexttextcat/st.lm", "/usr/share/libexttextcat/sun.lm", "/usr/share/libexttextcat/sv.lm", "/usr/share/libexttextcat/sw.lm", "/usr/share/libexttextcat/swb.lm", "/usr/share/libexttextcat/ta.lm", "/usr/share/libexttextcat/tet.lm", "/usr/share/libexttextcat/tg.lm", "/usr/share/libexttextcat/th.lm", "/usr/share/libexttextcat/ti.lm", "/usr/share/libexttextcat/tk.lm", "/usr/share/libexttextcat/tl.lm", "/usr/share/libexttextcat/tn.lm", "/usr/share/libexttextcat/tpi.lm", "/usr/share/libexttextcat/tr.lm", "/usr/share/libexttextcat/ts.lm", "/usr/share/libexttextcat/tt.lm", "/usr/share/libexttextcat/ty.lm", "/usr/share/libexttextcat/tzm-Latn.lm", "/usr/share/libexttextcat/ug.lm", "/usr/share/libexttextcat/uk.lm", "/usr/share/libexttextcat/ur.lm", "/usr/share/libexttextcat/uz-Cyrl.lm", "/usr/share/libexttextcat/uz.lm", "/usr/share/libexttextcat/ve.lm", "/usr/share/libexttextcat/vec.lm", "/usr/share/libexttextcat/vep.lm", "/usr/share/libexttextcat/vi.lm", "/usr/share/libexttextcat/wa.lm", "/usr/share/libexttextcat/xh.lm", "/usr/share/libexttextcat/yi.lm", "/usr/share/libexttextcat/yo.lm", "/usr/share/libexttextcat/zh-Hans.lm", "/usr/share/libexttextcat/zh-Hant.lm", "/usr/share/libexttextcat/zu.lm" ], "AnalyzedBy": "dpkg" }, { "ID": "libgcc-s1@14.2.0-19", "Name": "libgcc-s1", "Identifier": { "PURL": "pkg:deb/debian/libgcc-s1@14.2.0-19?arch=amd64\u0026distro=debian-13.4", "UID": "a97fe3f5b073b23f" }, "Version": "14.2.0", "Release": "19", "Arch": "amd64", "SrcName": "gcc-14", "SrcVersion": "14.2.0", "SrcRelease": "19", "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "gcc-14-base@14.2.0-19", "libc6@2.41-12+deb13u2" ], "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libgcc_s.so.1", "/usr/share/lintian/overrides/libgcc-s1" ], "AnalyzedBy": "dpkg" }, { "ID": "libgmp10@2:6.3.0+dfsg-3", "Name": "libgmp10", "Identifier": { "PURL": "pkg:deb/debian/libgmp10@6.3.0%2Bdfsg-3?arch=amd64\u0026distro=debian-13.4\u0026epoch=2", "UID": "c040282e0fb7d8ba" }, "Version": "6.3.0+dfsg", "Release": "3", "Epoch": 2, "Arch": "amd64", "SrcName": "gmp", "SrcVersion": "6.3.0+dfsg", "SrcRelease": "3", "SrcEpoch": 2, "Licenses": [ "GPL-2.0-or-later", "LGPL-3.0-or-later", "GPL-3.0-or-later", "GPL-3+ with Bison exception", "GPL-2.0-only", "GPL-3.0-only", "LGPL-3.0-only" ], "Maintainer": "Debian Science Maintainers \u003cdebian-science-maintainers@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2" ], "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libgmp.so.10.5.0", "/usr/share/doc/libgmp10/README.Debian", "/usr/share/doc/libgmp10/changelog.Debian.gz", "/usr/share/doc/libgmp10/changelog.gz", "/usr/share/doc/libgmp10/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libgssapi-krb5-2@1.21.3-5", "Name": "libgssapi-krb5-2", "Identifier": { "PURL": "pkg:deb/debian/libgssapi-krb5-2@1.21.3-5?arch=amd64\u0026distro=debian-13.4", "UID": "933c7fd5d2ea42cb" }, "Version": "1.21.3", "Release": "5", "Arch": "amd64", "SrcName": "krb5", "SrcVersion": "1.21.3", "SrcRelease": "5", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2", "libcom-err2@1.47.2-3+b10", "libk5crypto3@1.21.3-5", "libkrb5-3@1.21.3-5", "libkrb5support0@1.21.3-5" ], "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2.2", "/usr/share/doc/libgssapi-krb5-2/changelog.Debian.gz", "/usr/share/doc/libgssapi-krb5-2/copyright", "/usr/share/lintian/overrides/libgssapi-krb5-2" ], "AnalyzedBy": "dpkg" }, { "ID": "libhogweed6t64@3.10.1-1", "Name": "libhogweed6t64", "Identifier": { "PURL": "pkg:deb/debian/libhogweed6t64@3.10.1-1?arch=amd64\u0026distro=debian-13.4", "UID": "ffa72001b48dc1b4" }, "Version": "3.10.1", "Release": "1", "Arch": "amd64", "SrcName": "nettle", "SrcVersion": "3.10.1", "SrcRelease": "1", "Licenses": [ "LGPL-3.0-or-later", "GPL-2.0-or-later", "LGPL-2.0-or-later", "LGPL-2.0-only", "MIT", "GPL-3.0-with-autoconf-exception+", "public-domain", "GPL-2.0-only", "GAP" ], "Maintainer": "Magnus Holmgren \u003cholmgren@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2", "libgmp10@2:6.3.0+dfsg-3", "libnettle8t64@3.10.1-1" ], "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libhogweed.so.6.10", "/usr/share/doc/libhogweed6t64/changelog.Debian.gz", "/usr/share/doc/libhogweed6t64/changelog.gz", "/usr/share/doc/libhogweed6t64/copyright", "/usr/share/lintian/overrides/libhogweed6t64" ], "AnalyzedBy": "dpkg" }, { "ID": "libicu76@76.1-4", "Name": "libicu76", "Identifier": { "PURL": "pkg:deb/debian/libicu76@76.1-4?arch=amd64\u0026distro=debian-13.4", "UID": "c667cc199f35704f" }, "Version": "76.1", "Release": "4", "Arch": "amd64", "SrcName": "icu", "SrcVersion": "76.1", "SrcRelease": "4", "Licenses": [ "MIT", "GPL-3.0-only" ], "Maintainer": "Laszlo Boszormenyi (GCS) \u003cgcs@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2", "libgcc-s1@14.2.0-19", "libstdc++6@14.2.0-19" ], "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libicudata.so.76.1", "/usr/lib/x86_64-linux-gnu/libicui18n.so.76.1", "/usr/lib/x86_64-linux-gnu/libicuio.so.76.1", "/usr/lib/x86_64-linux-gnu/libicutest.so.76.1", "/usr/lib/x86_64-linux-gnu/libicutu.so.76.1", "/usr/lib/x86_64-linux-gnu/libicuuc.so.76.1", "/usr/share/doc/libicu76/changelog.Debian.gz", "/usr/share/doc/libicu76/copyright", "/usr/share/lintian/overrides/libicu76" ], "AnalyzedBy": "dpkg" }, { "ID": "libk5crypto3@1.21.3-5", "Name": "libk5crypto3", "Identifier": { "PURL": "pkg:deb/debian/libk5crypto3@1.21.3-5?arch=amd64\u0026distro=debian-13.4", "UID": "befbda97f4b45427" }, "Version": "1.21.3", "Release": "5", "Arch": "amd64", "SrcName": "krb5", "SrcVersion": "1.21.3", "SrcRelease": "5", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2", "libkrb5support0@1.21.3-5" ], "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libk5crypto.so.3.1", "/usr/share/doc/libk5crypto3/changelog.Debian.gz", "/usr/share/doc/libk5crypto3/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libkeyutils1@1.6.3-6", "Name": "libkeyutils1", "Identifier": { "PURL": "pkg:deb/debian/libkeyutils1@1.6.3-6?arch=amd64\u0026distro=debian-13.4", "UID": "29549d4bade0bd95" }, "Version": "1.6.3", "Release": "6", "Arch": "amd64", "SrcName": "keyutils", "SrcVersion": "1.6.3", "SrcRelease": "6", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.0-or-later", "GPL-2.0-only", "LGPL-2.0-only" ], "Maintainer": "Christian Kastner \u003cckk@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2" ], "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libkeyutils.so.1.10", "/usr/share/doc/libkeyutils1/changelog.Debian.gz", "/usr/share/doc/libkeyutils1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libkrb5-3@1.21.3-5", "Name": "libkrb5-3", "Identifier": { "PURL": "pkg:deb/debian/libkrb5-3@1.21.3-5?arch=amd64\u0026distro=debian-13.4", "UID": "240163a62e427931" }, "Version": "1.21.3", "Release": "5", "Arch": "amd64", "SrcName": "krb5", "SrcVersion": "1.21.3", "SrcRelease": "5", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2", "libcom-err2@1.47.2-3+b10", "libk5crypto3@1.21.3-5", "libkeyutils1@1.6.3-6", "libkrb5support0@1.21.3-5", "libssl3t64@3.5.5-1~deb13u2" ], "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/krb5/plugins/preauth/spake.so", "/usr/lib/x86_64-linux-gnu/libkrb5.so.3.3", "/usr/share/doc/libkrb5-3/README.Debian", "/usr/share/doc/libkrb5-3/README.gz", "/usr/share/doc/libkrb5-3/changelog.Debian.gz", "/usr/share/doc/libkrb5-3/copyright", "/usr/share/lintian/overrides/libkrb5-3" ], "AnalyzedBy": "dpkg" }, { "ID": "libkrb5support0@1.21.3-5", "Name": "libkrb5support0", "Identifier": { "PURL": "pkg:deb/debian/libkrb5support0@1.21.3-5?arch=amd64\u0026distro=debian-13.4", "UID": "717b5dd3fe7611cb" }, "Version": "1.21.3", "Release": "5", "Arch": "amd64", "SrcName": "krb5", "SrcVersion": "1.21.3", "SrcRelease": "5", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2" ], "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libkrb5support.so.0.1", "/usr/share/doc/libkrb5support0/changelog.Debian.gz", "/usr/share/doc/libkrb5support0/copyright", "/usr/share/lintian/overrides/libkrb5support0" ], "AnalyzedBy": "dpkg" }, { "ID": "liblastlog2-2@2.41-5", "Name": "liblastlog2-2", "Identifier": { "PURL": "pkg:deb/debian/liblastlog2-2@2.41-5?arch=amd64\u0026distro=debian-13.4", "UID": "79a1595d548be91" }, "Version": "2.41", "Release": "5", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2", "libsqlite3-0@3.46.1-7+deb13u1" ], "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/liblastlog2.so.2.0.0", "/usr/share/doc/liblastlog2-2/NEWS.Debian.gz", "/usr/share/doc/liblastlog2-2/changelog.Debian.gz", "/usr/share/doc/liblastlog2-2/changelog.gz", "/usr/share/doc/liblastlog2-2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libldap-common@2.6.10+dfsg-1", "Name": "libldap-common", "Identifier": { "PURL": "pkg:deb/debian/libldap-common@2.6.10%2Bdfsg-1?arch=all\u0026distro=debian-13.4", "UID": "8215983bfd1750e9" }, "Version": "2.6.10+dfsg", "Release": "1", "Arch": "all", "SrcName": "openldap", "SrcVersion": "2.6.10+dfsg", "SrcRelease": "1", "Licenses": [ "OpenLDAP-2.8", "FSF-unlimited", "GPL-2.0-with-autoconf-exception+", "GPL-3.0-with-autoconf-exception+", "GPL-2+ with Libtool exception", "GPL-3+ with Libtool exception", "GPL-3.0-or-later", "GPL-2.0-or-later", "UMich", "F5", "JCG", "MIT-XC", "NeoSoft-permissive", "BSD-3-Clause", "Beerware", "public-domain", "BSD-4-clause-California", "BSD-3-clause-variant", "Expat-ISC", "Expat-UNM", "MIT", "BSD-3-clause-California", "GPL-2.0-only", "GPL-3.0-only" ], "Maintainer": "Debian OpenLDAP Maintainers \u003cpkg-openldap-devel@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "InstalledFiles": [ "/usr/share/doc/libldap-common/NEWS.Debian.gz", "/usr/share/doc/libldap-common/changelog.Debian.gz", "/usr/share/doc/libldap-common/changelog.gz", "/usr/share/doc/libldap-common/copyright", "/usr/share/man/man5/ldap.conf.5.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "libldap2@2.6.10+dfsg-1", "Name": "libldap2", "Identifier": { "PURL": "pkg:deb/debian/libldap2@2.6.10%2Bdfsg-1?arch=amd64\u0026distro=debian-13.4", "UID": "f4fe585e335e4f4b" }, "Version": "2.6.10+dfsg", "Release": "1", "Arch": "amd64", "SrcName": "openldap", "SrcVersion": "2.6.10+dfsg", "SrcRelease": "1", "Licenses": [ "OpenLDAP-2.8", "FSF-unlimited", "GPL-2.0-with-autoconf-exception+", "GPL-3.0-with-autoconf-exception+", "GPL-2+ with Libtool exception", "GPL-3+ with Libtool exception", "GPL-3.0-or-later", "GPL-2.0-or-later", "UMich", "F5", "JCG", "MIT-XC", "NeoSoft-permissive", "BSD-3-Clause", "Beerware", "public-domain", "BSD-4-clause-California", "BSD-3-clause-variant", "Expat-ISC", "Expat-UNM", "MIT", "BSD-3-clause-California", "GPL-2.0-only", "GPL-3.0-only" ], "Maintainer": "Debian OpenLDAP Maintainers \u003cpkg-openldap-devel@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2", "libsasl2-2@2.1.28+dfsg1-9", "libssl3t64@3.5.5-1~deb13u2" ], "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/liblber.so.2.0.200", "/usr/lib/x86_64-linux-gnu/libldap.so.2.0.200", "/usr/share/doc/libldap2/NEWS.Debian.gz", "/usr/share/doc/libldap2/changelog.Debian.gz", "/usr/share/doc/libldap2/changelog.gz", "/usr/share/doc/libldap2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "liblua5.3-0@5.3.6-2+b4", "Name": "liblua5.3-0", "Identifier": { "PURL": "pkg:deb/debian/liblua5.3-0@5.3.6-2%2Bb4?arch=amd64\u0026distro=debian-13.4", "UID": "d8059e18bdf63c5c" }, "Version": "5.3.6", "Release": "2+b4", "Arch": "amd64", "SrcName": "lua5.3", "SrcVersion": "5.3.6", "SrcRelease": "2", "Licenses": [ "MIT" ], "Maintainer": "Debian Lua Team \u003cpkg-lua-devel@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2", "libstdc++6@14.2.0-19" ], "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/liblua5.3-c++.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.3.so.0.0.0", "/usr/share/doc/liblua5.3-0/changelog.Debian.amd64.gz", "/usr/share/doc/liblua5.3-0/changelog.Debian.gz", "/usr/share/doc/liblua5.3-0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "liblz4-1@1.10.0-4", "Name": "liblz4-1", "Identifier": { "PURL": "pkg:deb/debian/liblz4-1@1.10.0-4?arch=amd64\u0026distro=debian-13.4", "UID": "1f382acd2b3024e4" }, "Version": "1.10.0", "Release": "4", "Arch": "amd64", "SrcName": "lz4", "SrcVersion": "1.10.0", "SrcRelease": "4", "Licenses": [ "GPL-2.0-or-later", "BSD-2-Clause", "GPL-2.0-only" ], "Maintainer": "Nobuhiro Iwamatsu \u003ciwamatsu@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2", "libxxhash0@0.8.3-2" ], "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/liblz4.so.1.10.0", "/usr/share/doc/liblz4-1/changelog.Debian.gz", "/usr/share/doc/liblz4-1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "liblzma5@5.8.1-1", "Name": "liblzma5", "Identifier": { "PURL": "pkg:deb/debian/liblzma5@5.8.1-1?arch=amd64\u0026distro=debian-13.4", "UID": "a1f09431b82b8b89" }, "Version": "5.8.1", "Release": "1", "Arch": "amd64", "SrcName": "xz-utils", "SrcVersion": "5.8.1", "SrcRelease": "1", "Licenses": [ "0BSD", "GPL-2.0-or-later", "LGPL-2.1-or-later", "FSFULLR", "GPL-3.0-or-later-WITH-Autoconf-exception-macro", "none", "PD", "permissive-nowarranty", "FSFUL", "noderivs", "PD-debian", "LGPL-2.1-only", "GPL-2.0-only", "GPL-3.0-only" ], "Maintainer": "Sebastian Andrzej Siewior \u003csebastian@breakpoint.cc\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2" ], "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/liblzma.so.5.8.1", "/usr/share/doc/liblzma5/AUTHORS", "/usr/share/doc/liblzma5/NEWS.gz", "/usr/share/doc/liblzma5/THANKS.gz", "/usr/share/doc/liblzma5/changelog.Debian.gz", "/usr/share/doc/liblzma5/changelog.gz", "/usr/share/doc/liblzma5/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libmariadb3@1:11.8.6-0+deb13u1", "Name": "libmariadb3", "Identifier": { "PURL": "pkg:deb/debian/libmariadb3@11.8.6-0%2Bdeb13u1?arch=amd64\u0026distro=debian-13.4\u0026epoch=1", "UID": "4d265211e78a4918" }, "Version": "11.8.6", "Release": "0+deb13u1", "Epoch": 1, "Arch": "amd64", "SrcName": "mariadb", "SrcVersion": "11.8.6", "SrcRelease": "0+deb13u1", "SrcEpoch": 1, "Licenses": [ "GPL-2.0-only", "GPL-2.0-or-later", "public-domain", "BSD-3-Clause", "LGPL-2.1-or-later", "BSD-2-Clause", "LGPL-2.0-only", "unlimited-free-doc", "GPL-2.0-with-bison-exception+", "SWsoft", "Artistic-2.0", "LGPL-2.0-or-later", "zlib-acknowledgement", "LGPL-2.1-only" ], "Maintainer": "Debian MySQL Maintainers \u003cpkg-mysql-maint@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2", "libssl3t64@3.5.5-1~deb13u2", "mariadb-common@1:11.8.6-0+deb13u1", "zlib1g@1:1.3.dfsg+really1.3.1-1+b1" ], "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libmariadb.so.3", "/usr/lib/x86_64-linux-gnu/libmariadb3/plugin/caching_sha2_password.so", "/usr/lib/x86_64-linux-gnu/libmariadb3/plugin/client_ed25519.so", "/usr/lib/x86_64-linux-gnu/libmariadb3/plugin/dialog.so", "/usr/lib/x86_64-linux-gnu/libmariadb3/plugin/mysql_clear_password.so", "/usr/lib/x86_64-linux-gnu/libmariadb3/plugin/parsec.so", "/usr/lib/x86_64-linux-gnu/libmariadb3/plugin/sha256_password.so", "/usr/share/doc/libmariadb3/changelog.Debian.gz", "/usr/share/doc/libmariadb3/copyright", "/usr/share/lintian/overrides/libmariadb3" ], "AnalyzedBy": "dpkg" }, { "ID": "libmd0@1.1.0-2+b1", "Name": "libmd0", "Identifier": { "PURL": "pkg:deb/debian/libmd0@1.1.0-2%2Bb1?arch=amd64\u0026distro=debian-13.4", "UID": "3ee34609579513b1" }, "Version": "1.1.0", "Release": "2+b1", "Arch": "amd64", "SrcName": "libmd", "SrcVersion": "1.1.0", "SrcRelease": "2", "Licenses": [ "BSD-3-Clause", "BSD-3-clause-Aaron-D-Gifford", "BSD-2-Clause", "BSD-2-Clause-NetBSD", "ISC", "Beerware", "public-domain-md4", "public-domain-md5", "public-domain-sha1" ], "Maintainer": "Guillem Jover \u003cguillem@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2" ], "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libmd.so.0.1.0", "/usr/share/doc/libmd0/changelog.Debian.amd64.gz", "/usr/share/doc/libmd0/changelog.Debian.gz", "/usr/share/doc/libmd0/changelog.gz", "/usr/share/doc/libmd0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libmount1@2.41-5", "Name": "libmount1", "Identifier": { "PURL": "pkg:deb/debian/libmount1@2.41-5?arch=amd64\u0026distro=debian-13.4", "UID": "5581a0d7033537c" }, "Version": "2.41", "Release": "5", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libblkid1@2.41-5", "libc6@2.41-12+deb13u2", "libselinux1@3.8.1-1" ], "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libmount.so.1.1.0", "/usr/share/doc/libmount1/NEWS.Debian.gz", "/usr/share/doc/libmount1/changelog.Debian.gz", "/usr/share/doc/libmount1/changelog.gz", "/usr/share/doc/libmount1/copyright", "/usr/share/lintian/overrides/libmount1" ], "AnalyzedBy": "dpkg" }, { "ID": "libncursesw6@6.5+20250216-2", "Name": "libncursesw6", "Identifier": { "PURL": "pkg:deb/debian/libncursesw6@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.4", "UID": "217bb0c4e6d77677" }, "Version": "6.5+20250216", "Release": "2", "Arch": "amd64", "SrcName": "ncurses", "SrcVersion": "6.5+20250216", "SrcRelease": "2", "Maintainer": "Ncurses Maintainers \u003cncurses@packages.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2", "libtinfo6@6.5+20250216-2" ], "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libformw.so.6.5", "/usr/lib/x86_64-linux-gnu/libmenuw.so.6.5", "/usr/lib/x86_64-linux-gnu/libncursesw.so.6.5", "/usr/lib/x86_64-linux-gnu/libpanelw.so.6.5" ], "AnalyzedBy": "dpkg" }, { "ID": "libnettle8t64@3.10.1-1", "Name": "libnettle8t64", "Identifier": { "PURL": "pkg:deb/debian/libnettle8t64@3.10.1-1?arch=amd64\u0026distro=debian-13.4", "UID": "fabc57a9eb23fa48" }, "Version": "3.10.1", "Release": "1", "Arch": "amd64", "SrcName": "nettle", "SrcVersion": "3.10.1", "SrcRelease": "1", "Licenses": [ "LGPL-3.0-or-later", "GPL-2.0-or-later", "LGPL-2.0-or-later", "LGPL-2.0-only", "MIT", "GPL-3.0-with-autoconf-exception+", "public-domain", "GPL-2.0-only", "GAP" ], "Maintainer": "Magnus Holmgren \u003cholmgren@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2" ], "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libnettle.so.8.10", "/usr/share/doc/libnettle8t64/NEWS.gz", "/usr/share/doc/libnettle8t64/README", "/usr/share/doc/libnettle8t64/changelog.Debian.gz", "/usr/share/doc/libnettle8t64/changelog.gz", "/usr/share/doc/libnettle8t64/copyright", "/usr/share/lintian/overrides/libnettle8t64" ], "AnalyzedBy": "dpkg" }, { "ID": "libpam-modules@1.7.0-5", "Name": "libpam-modules", "Identifier": { "PURL": "pkg:deb/debian/libpam-modules@1.7.0-5?arch=amd64\u0026distro=debian-13.4", "UID": "274a704398461ef0" }, "Version": "1.7.0", "Release": "5", "Arch": "amd64", "SrcName": "pam", "SrcVersion": "1.7.0", "SrcRelease": "5", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later", "GPL-1.0-only", "GPL-2.0-only", "GPL-3.0-only", "GPL-3+ with Bison exception", "BSD-tcp_wrappers", "LGPL-2.0-or-later", "LGPL-2.0-only", "public-domain", "Beerware" ], "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/security/pam_access.so", "/usr/lib/x86_64-linux-gnu/security/pam_canonicalize_user.so", "/usr/lib/x86_64-linux-gnu/security/pam_debug.so", "/usr/lib/x86_64-linux-gnu/security/pam_deny.so", "/usr/lib/x86_64-linux-gnu/security/pam_echo.so", "/usr/lib/x86_64-linux-gnu/security/pam_env.so", "/usr/lib/x86_64-linux-gnu/security/pam_exec.so", "/usr/lib/x86_64-linux-gnu/security/pam_faildelay.so", "/usr/lib/x86_64-linux-gnu/security/pam_faillock.so", "/usr/lib/x86_64-linux-gnu/security/pam_filter.so", "/usr/lib/x86_64-linux-gnu/security/pam_ftp.so", "/usr/lib/x86_64-linux-gnu/security/pam_group.so", "/usr/lib/x86_64-linux-gnu/security/pam_issue.so", "/usr/lib/x86_64-linux-gnu/security/pam_keyinit.so", "/usr/lib/x86_64-linux-gnu/security/pam_limits.so", "/usr/lib/x86_64-linux-gnu/security/pam_listfile.so", "/usr/lib/x86_64-linux-gnu/security/pam_localuser.so", "/usr/lib/x86_64-linux-gnu/security/pam_loginuid.so", "/usr/lib/x86_64-linux-gnu/security/pam_mail.so", "/usr/lib/x86_64-linux-gnu/security/pam_mkhomedir.so", "/usr/lib/x86_64-linux-gnu/security/pam_motd.so", "/usr/lib/x86_64-linux-gnu/security/pam_namespace.so", "/usr/lib/x86_64-linux-gnu/security/pam_nologin.so", "/usr/lib/x86_64-linux-gnu/security/pam_permit.so", "/usr/lib/x86_64-linux-gnu/security/pam_pwhistory.so", "/usr/lib/x86_64-linux-gnu/security/pam_rhosts.so", "/usr/lib/x86_64-linux-gnu/security/pam_rootok.so", "/usr/lib/x86_64-linux-gnu/security/pam_securetty.so", "/usr/lib/x86_64-linux-gnu/security/pam_selinux.so", "/usr/lib/x86_64-linux-gnu/security/pam_sepermit.so", "/usr/lib/x86_64-linux-gnu/security/pam_setquota.so", "/usr/lib/x86_64-linux-gnu/security/pam_shells.so", "/usr/lib/x86_64-linux-gnu/security/pam_stress.so", "/usr/lib/x86_64-linux-gnu/security/pam_succeed_if.so", "/usr/lib/x86_64-linux-gnu/security/pam_time.so", "/usr/lib/x86_64-linux-gnu/security/pam_timestamp.so", "/usr/lib/x86_64-linux-gnu/security/pam_tty_audit.so", "/usr/lib/x86_64-linux-gnu/security/pam_umask.so", "/usr/lib/x86_64-linux-gnu/security/pam_unix.so", "/usr/lib/x86_64-linux-gnu/security/pam_userdb.so", "/usr/lib/x86_64-linux-gnu/security/pam_usertype.so", "/usr/lib/x86_64-linux-gnu/security/pam_warn.so", "/usr/lib/x86_64-linux-gnu/security/pam_wheel.so", "/usr/lib/x86_64-linux-gnu/security/pam_xauth.so", "/usr/share/doc/libpam-modules/NEWS.Debian.gz", "/usr/share/doc/libpam-modules/changelog.Debian.gz", "/usr/share/doc/libpam-modules/changelog.gz", "/usr/share/doc/libpam-modules/copyright", "/usr/share/doc/libpam-modules/examples/upperLOWER.c", "/usr/share/lintian/overrides/libpam-modules", "/usr/share/pam-configs/mkhomedir" ], "AnalyzedBy": "dpkg" }, { "ID": "libpam-modules-bin@1.7.0-5", "Name": "libpam-modules-bin", "Identifier": { "PURL": "pkg:deb/debian/libpam-modules-bin@1.7.0-5?arch=amd64\u0026distro=debian-13.4", "UID": "cb3babc72139f40e" }, "Version": "1.7.0", "Release": "5", "Arch": "amd64", "SrcName": "pam", "SrcVersion": "1.7.0", "SrcRelease": "5", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later", "GPL-1.0-only", "GPL-2.0-only", "GPL-3.0-only", "GPL-3+ with Bison exception", "BSD-tcp_wrappers", "LGPL-2.0-or-later", "LGPL-2.0-only", "public-domain", "Beerware" ], "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libaudit1@1:4.0.2-2+b2", "libc6@2.41-12+deb13u2", "libcrypt1@1:4.4.38-1", "libpam0g@1.7.0-5", "libselinux1@3.8.1-1", "libsystemd0@257.9-1~deb13u1" ], "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/lib/systemd/system/pam_namespace.service", "/usr/sbin/faillock", "/usr/sbin/mkhomedir_helper", "/usr/sbin/pam_namespace_helper", "/usr/sbin/pam_timestamp_check", "/usr/sbin/pwhistory_helper", "/usr/sbin/unix_chkpwd", "/usr/sbin/unix_update", "/usr/share/doc/libpam-modules-bin/changelog.Debian.gz", "/usr/share/doc/libpam-modules-bin/changelog.gz", "/usr/share/doc/libpam-modules-bin/copyright", "/usr/share/lintian/overrides/libpam-modules-bin" ], "AnalyzedBy": "dpkg" }, { "ID": "libpam-runtime@1.7.0-5", "Name": "libpam-runtime", "Identifier": { "PURL": "pkg:deb/debian/libpam-runtime@1.7.0-5?arch=all\u0026distro=debian-13.4", "UID": "1d4f3eaf1c0f9548" }, "Version": "1.7.0", "Release": "5", "Arch": "all", "SrcName": "pam", "SrcVersion": "1.7.0", "SrcRelease": "5", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later", "GPL-1.0-only", "GPL-2.0-only", "GPL-3.0-only", "GPL-3+ with Bison exception", "BSD-tcp_wrappers", "LGPL-2.0-or-later", "LGPL-2.0-only", "public-domain", "Beerware" ], "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debconf@1.5.91", "libpam-modules@1.7.0-5" ], "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/sbin/pam-auth-update", "/usr/sbin/pam_getenv", "/usr/share/doc/libpam-runtime/changelog.Debian.gz", "/usr/share/doc/libpam-runtime/changelog.gz", "/usr/share/doc/libpam-runtime/copyright", "/usr/share/lintian/overrides/libpam-runtime", "/usr/share/locale/af/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/am/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ar/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/as/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/az/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/be/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/bg/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/bn/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/bn_IN/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/bs/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ca/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/cs/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/cy/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/da/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/de/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/de_CH/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/el/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/eo/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/es/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/et/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/eu/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/fa/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/fi/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/fr/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ga/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/gl/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/gu/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/he/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/hi/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/hr/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/hu/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ia/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/id/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/is/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/it/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ja/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ka/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/kk/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/km/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/kn/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ko/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/kw_GB/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ky/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/lt/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/lv/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/mk/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ml/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/mn/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/mr/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ms/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/my/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/nb/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ne/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/nl/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/nn/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/or/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/pa/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/pl/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/pt/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ro/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ru/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/si/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/sk/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/sl/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/sq/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/sr/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/sr@latin/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/sv/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ta/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/te/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/tg/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/th/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/tr/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/uk/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ur/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/vi/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/yo/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/zh_HK/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/zu/LC_MESSAGES/Linux-PAM.mo", "/usr/share/man/man5/access.conf.5.gz", "/usr/share/man/man5/faillock.conf.5.gz", "/usr/share/man/man5/group.conf.5.gz", "/usr/share/man/man5/limits.conf.5.gz", "/usr/share/man/man5/namespace.conf.5.gz", "/usr/share/man/man5/pam.conf.5.gz", "/usr/share/man/man5/pam_env.conf.5.gz", "/usr/share/man/man5/pwhistory.conf.5.gz", "/usr/share/man/man5/sepermit.conf.5.gz", "/usr/share/man/man5/time.conf.5.gz", "/usr/share/man/man7/PAM.7.gz", "/usr/share/man/man8/faillock.8.gz", "/usr/share/man/man8/mkhomedir_helper.8.gz", "/usr/share/man/man8/pam-auth-update.8.gz", "/usr/share/man/man8/pam_access.8.gz", "/usr/share/man/man8/pam_canonicalize_user.8.gz", "/usr/share/man/man8/pam_debug.8.gz", "/usr/share/man/man8/pam_deny.8.gz", "/usr/share/man/man8/pam_echo.8.gz", "/usr/share/man/man8/pam_env.8.gz", "/usr/share/man/man8/pam_exec.8.gz", "/usr/share/man/man8/pam_faildelay.8.gz", "/usr/share/man/man8/pam_faillock.8.gz", "/usr/share/man/man8/pam_filter.8.gz", "/usr/share/man/man8/pam_ftp.8.gz", "/usr/share/man/man8/pam_getenv.8.gz", "/usr/share/man/man8/pam_group.8.gz", "/usr/share/man/man8/pam_issue.8.gz", "/usr/share/man/man8/pam_keyinit.8.gz", "/usr/share/man/man8/pam_limits.8.gz", "/usr/share/man/man8/pam_listfile.8.gz", "/usr/share/man/man8/pam_localuser.8.gz", "/usr/share/man/man8/pam_loginuid.8.gz", "/usr/share/man/man8/pam_mail.8.gz", "/usr/share/man/man8/pam_mkhomedir.8.gz", "/usr/share/man/man8/pam_motd.8.gz", "/usr/share/man/man8/pam_namespace.8.gz", "/usr/share/man/man8/pam_namespace_helper.8.gz", "/usr/share/man/man8/pam_nologin.8.gz", "/usr/share/man/man8/pam_permit.8.gz", "/usr/share/man/man8/pam_pwhistory.8.gz", "/usr/share/man/man8/pam_rhosts.8.gz", "/usr/share/man/man8/pam_rootok.8.gz", "/usr/share/man/man8/pam_securetty.8.gz", "/usr/share/man/man8/pam_selinux.8.gz", "/usr/share/man/man8/pam_sepermit.8.gz", "/usr/share/man/man8/pam_setquota.8.gz", "/usr/share/man/man8/pam_shells.8.gz", "/usr/share/man/man8/pam_stress.8.gz", "/usr/share/man/man8/pam_succeed_if.8.gz", "/usr/share/man/man8/pam_time.8.gz", "/usr/share/man/man8/pam_timestamp.8.gz", "/usr/share/man/man8/pam_timestamp_check.8.gz", "/usr/share/man/man8/pam_tty_audit.8.gz", "/usr/share/man/man8/pam_umask.8.gz", "/usr/share/man/man8/pam_unix.8.gz", "/usr/share/man/man8/pam_userdb.8.gz", "/usr/share/man/man8/pam_usertype.8.gz", "/usr/share/man/man8/pam_warn.8.gz", "/usr/share/man/man8/pam_wheel.8.gz", "/usr/share/man/man8/pam_xauth.8.gz", "/usr/share/man/man8/pwhistory_helper.8.gz", "/usr/share/man/man8/unix_chkpwd.8.gz", "/usr/share/man/man8/unix_update.8.gz", "/usr/share/pam-configs/unix", "/usr/share/pam/common-account", "/usr/share/pam/common-account.md5sums", "/usr/share/pam/common-auth", "/usr/share/pam/common-auth.md5sums", "/usr/share/pam/common-password", "/usr/share/pam/common-password.md5sums", "/usr/share/pam/common-session", "/usr/share/pam/common-session-noninteractive", "/usr/share/pam/common-session-noninteractive.md5sums", "/usr/share/pam/common-session.md5sums" ], "AnalyzedBy": "dpkg" }, { "ID": "libpam0g@1.7.0-5", "Name": "libpam0g", "Identifier": { "PURL": "pkg:deb/debian/libpam0g@1.7.0-5?arch=amd64\u0026distro=debian-13.4", "UID": "aee6047a56bfd738" }, "Version": "1.7.0", "Release": "5", "Arch": "amd64", "SrcName": "pam", "SrcVersion": "1.7.0", "SrcRelease": "5", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later", "GPL-1.0-only", "GPL-2.0-only", "GPL-3.0-only", "GPL-3+ with Bison exception", "BSD-tcp_wrappers", "LGPL-2.0-or-later", "LGPL-2.0-only", "public-domain", "Beerware" ], "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debconf@1.5.91", "libaudit1@1:4.0.2-2+b2", "libc6@2.41-12+deb13u2" ], "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libpam.so.0.85.1", "/usr/lib/x86_64-linux-gnu/libpam_misc.so.0.82.1", "/usr/lib/x86_64-linux-gnu/libpamc.so.0.82.1", "/usr/share/doc/libpam0g/Debian-PAM-MiniPolicy.gz", "/usr/share/doc/libpam0g/README", "/usr/share/doc/libpam0g/README.Debian", "/usr/share/doc/libpam0g/TODO.Debian", "/usr/share/doc/libpam0g/changelog.Debian.gz", "/usr/share/doc/libpam0g/changelog.gz", "/usr/share/doc/libpam0g/copyright", "/usr/share/lintian/overrides/libpam0g" ], "AnalyzedBy": "dpkg" }, { "ID": "libpcre2-32-0@10.46-1~deb13u1", "Name": "libpcre2-32-0", "Identifier": { "PURL": "pkg:deb/debian/libpcre2-32-0@10.46-1~deb13u1?arch=amd64\u0026distro=debian-13.4", "UID": "3ccdbcfda1a4dcf5" }, "Version": "10.46", "Release": "1~deb13u1", "Arch": "amd64", "SrcName": "pcre2", "SrcVersion": "10.46", "SrcRelease": "1~deb13u1", "Licenses": [ "BSD-3-clause-Cambridge with BINARY LIBRARY-LIKE PACKAGES exception", "BSD-3-Clause", "X11", "BSD-2-Clause", "public-domain" ], "Maintainer": "Matthew Vernon \u003cmatthew@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2" ], "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libpcre2-32.so.0.14.0", "/usr/share/doc/libpcre2-32-0/changelog.Debian.gz", "/usr/share/doc/libpcre2-32-0/changelog.gz", "/usr/share/doc/libpcre2-32-0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libpcre2-8-0@10.46-1~deb13u1", "Name": "libpcre2-8-0", "Identifier": { "PURL": "pkg:deb/debian/libpcre2-8-0@10.46-1~deb13u1?arch=amd64\u0026distro=debian-13.4", "UID": "7a082037c8a89871" }, "Version": "10.46", "Release": "1~deb13u1", "Arch": "amd64", "SrcName": "pcre2", "SrcVersion": "10.46", "SrcRelease": "1~deb13u1", "Licenses": [ "BSD-3-clause-Cambridge with BINARY LIBRARY-LIKE PACKAGES exception", "BSD-3-Clause", "X11", "BSD-2-Clause", "public-domain" ], "Maintainer": "Matthew Vernon \u003cmatthew@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2" ], "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libpcre2-8.so.0.14.0", "/usr/share/doc/libpcre2-8-0/README.Debian", "/usr/share/doc/libpcre2-8-0/changelog.Debian.gz", "/usr/share/doc/libpcre2-8-0/changelog.gz", "/usr/share/doc/libpcre2-8-0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libpkgconf3@1.8.1-4", "Name": "libpkgconf3", "Identifier": { "PURL": "pkg:deb/debian/libpkgconf3@1.8.1-4?arch=amd64\u0026distro=debian-13.4", "UID": "10eadce7ba3299dd" }, "Version": "1.8.1", "Release": "4", "Arch": "amd64", "SrcName": "pkgconf", "SrcVersion": "1.8.1", "SrcRelease": "4", "Licenses": [ "ISC", "BSD-4-Clause", "BSD-2-Clause", "X11", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Andrej Shadura \u003candrewsh@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2" ], "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libpkgconf.so.3.0.0", "/usr/share/doc/libpkgconf3/changelog.Debian.gz", "/usr/share/doc/libpkgconf3/changelog.gz", "/usr/share/doc/libpkgconf3/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libpq5@17.9-0+deb13u1", "Name": "libpq5", "Identifier": { "PURL": "pkg:deb/debian/libpq5@17.9-0%2Bdeb13u1?arch=amd64\u0026distro=debian-13.4", "UID": "d45387f5f2192a66" }, "Version": "17.9", "Release": "0+deb13u1", "Arch": "amd64", "SrcName": "postgresql-17", "SrcVersion": "17.9", "SrcRelease": "0+deb13u1", "Licenses": [ "PostgreSQL", "Custom-regex", "TCL", "Custom-pg_dump", "BSD-3-Clause", "Custom-Unicode", "double-metaphone", "GPL-1.0-only", "Artistic-2.0", "nagaysau-ishii", "BSD-2-Clause" ], "Maintainer": "Debian PostgreSQL Maintainers \u003cteam+postgresql@tracker.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2", "libgssapi-krb5-2@1.21.3-5", "libldap2@2.6.10+dfsg-1", "libssl3t64@3.5.5-1~deb13u2" ], "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libpq.so.5.17", "/usr/share/doc/libpq5/changelog.Debian.gz", "/usr/share/doc/libpq5/changelog.gz", "/usr/share/doc/libpq5/copyright", "/usr/share/locale/cs/LC_MESSAGES/libpq5-17.mo", "/usr/share/locale/de/LC_MESSAGES/libpq5-17.mo", "/usr/share/locale/el/LC_MESSAGES/libpq5-17.mo", "/usr/share/locale/es/LC_MESSAGES/libpq5-17.mo", "/usr/share/locale/fr/LC_MESSAGES/libpq5-17.mo", "/usr/share/locale/he/LC_MESSAGES/libpq5-17.mo", "/usr/share/locale/it/LC_MESSAGES/libpq5-17.mo", "/usr/share/locale/ja/LC_MESSAGES/libpq5-17.mo", "/usr/share/locale/ka/LC_MESSAGES/libpq5-17.mo", "/usr/share/locale/ko/LC_MESSAGES/libpq5-17.mo", "/usr/share/locale/pl/LC_MESSAGES/libpq5-17.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/libpq5-17.mo", "/usr/share/locale/ru/LC_MESSAGES/libpq5-17.mo", "/usr/share/locale/sv/LC_MESSAGES/libpq5-17.mo", "/usr/share/locale/tr/LC_MESSAGES/libpq5-17.mo", "/usr/share/locale/uk/LC_MESSAGES/libpq5-17.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/libpq5-17.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/libpq5-17.mo" ], "AnalyzedBy": "dpkg" }, { "ID": "libproc2-0@2:4.0.4-9", "Name": "libproc2-0", "Identifier": { "PURL": "pkg:deb/debian/libproc2-0@4.0.4-9?arch=amd64\u0026distro=debian-13.4\u0026epoch=2", "UID": "de8b42fec44d460" }, "Version": "4.0.4", "Release": "9", "Epoch": 2, "Arch": "amd64", "SrcName": "procps", "SrcVersion": "4.0.4", "SrcRelease": "9", "SrcEpoch": 2, "Licenses": [ "LGPL-2.1-or-later", "LGPL-2.0-or-later", "GPL-2.0-or-later", "GPL-2.0-only", "LGPL-2.0-only", "LGPL-2.1-only" ], "Maintainer": "Craig Small \u003ccsmall@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2", "libsystemd0@257.9-1~deb13u1" ], "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libproc2.so.0.0.2", "/usr/share/doc/libproc2-0/NEWS.Debian.gz", "/usr/share/doc/libproc2-0/changelog.Debian.gz", "/usr/share/doc/libproc2-0/changelog.gz", "/usr/share/doc/libproc2-0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libsasl2-2@2.1.28+dfsg1-9", "Name": "libsasl2-2", "Identifier": { "PURL": "pkg:deb/debian/libsasl2-2@2.1.28%2Bdfsg1-9?arch=amd64\u0026distro=debian-13.4", "UID": "d349d120aebe1a4a" }, "Version": "2.1.28+dfsg1", "Release": "9", "Arch": "amd64", "SrcName": "cyrus-sasl2", "SrcVersion": "2.1.28+dfsg1", "SrcRelease": "9", "Licenses": [ "BSD-3-Clause-Attribution", "BSD-3-Clause", "BSD-2-Clause", "GPL-3.0-or-later", "GPL-3.0-only", "BSD-4-Clause-UC", "RSA-MD", "text://BSD-3-Clause-Attribution and IBM-as-is", "BSD-3-clause-JANET", "BSD-3-clause-PADL", "MIT-OpenVision", "OpenLDAP", "FSFULLR", "MIT-CMU", "MIT-Export", "BSD-2.2-clause", "text://IBM-as-is" ], "Maintainer": "Debian Cyrus Team \u003cteam+cyrus@tracker.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2", "libsasl2-modules-db@2.1.28+dfsg1-9", "libssl3t64@3.5.5-1~deb13u2" ], "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libsasl2.so.2.0.25", "/usr/share/doc/libsasl2-2/README.Debian", "/usr/share/doc/libsasl2-2/changelog.Debian.gz", "/usr/share/doc/libsasl2-2/copyright", "/usr/share/man/man5/libsasl.5.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "libsasl2-modules@2.1.28+dfsg1-9", "Name": "libsasl2-modules", "Identifier": { "PURL": "pkg:deb/debian/libsasl2-modules@2.1.28%2Bdfsg1-9?arch=amd64\u0026distro=debian-13.4", "UID": "afee75876194a103" }, "Version": "2.1.28+dfsg1", "Release": "9", "Arch": "amd64", "SrcName": "cyrus-sasl2", "SrcVersion": "2.1.28+dfsg1", "SrcRelease": "9", "Licenses": [ "BSD-3-Clause-Attribution", "BSD-3-Clause", "BSD-2-Clause", "GPL-3.0-or-later", "GPL-3.0-only", "BSD-4-Clause-UC", "RSA-MD", "text://BSD-3-Clause-Attribution and IBM-as-is", "BSD-3-clause-JANET", "BSD-3-clause-PADL", "MIT-OpenVision", "OpenLDAP", "FSFULLR", "MIT-CMU", "MIT-Export", "BSD-2.2-clause", "text://IBM-as-is" ], "Maintainer": "Debian Cyrus Team \u003cteam+cyrus@tracker.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2", "libssl3t64@3.5.5-1~deb13u2" ], "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/sasl2/libanonymous.so.2.0.25", "/usr/lib/x86_64-linux-gnu/sasl2/libcrammd5.so.2.0.25", "/usr/lib/x86_64-linux-gnu/sasl2/libdigestmd5.so.2.0.25", "/usr/lib/x86_64-linux-gnu/sasl2/liblogin.so.2.0.25", "/usr/lib/x86_64-linux-gnu/sasl2/libntlm.so.2.0.25", "/usr/lib/x86_64-linux-gnu/sasl2/libplain.so.2.0.25", "/usr/lib/x86_64-linux-gnu/sasl2/libscram.so.2.0.25", "/usr/share/doc/libsasl2-modules/changelog.Debian.gz", "/usr/share/doc/libsasl2-modules/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libsasl2-modules-db@2.1.28+dfsg1-9", "Name": "libsasl2-modules-db", "Identifier": { "PURL": "pkg:deb/debian/libsasl2-modules-db@2.1.28%2Bdfsg1-9?arch=amd64\u0026distro=debian-13.4", "UID": "54b8cabd3f873c1e" }, "Version": "2.1.28+dfsg1", "Release": "9", "Arch": "amd64", "SrcName": "cyrus-sasl2", "SrcVersion": "2.1.28+dfsg1", "SrcRelease": "9", "Licenses": [ "BSD-3-Clause-Attribution", "BSD-3-Clause", "BSD-2-Clause", "GPL-3.0-or-later", "GPL-3.0-only", "BSD-4-Clause-UC", "RSA-MD", "text://BSD-3-Clause-Attribution and IBM-as-is", "BSD-3-clause-JANET", "BSD-3-clause-PADL", "MIT-OpenVision", "OpenLDAP", "FSFULLR", "MIT-CMU", "MIT-Export", "BSD-2.2-clause", "text://IBM-as-is" ], "Maintainer": "Debian Cyrus Team \u003cteam+cyrus@tracker.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2", "libdb5.3t64@5.3.28+dfsg2-9" ], "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/sasl2/libsasldb.so.2.0.25", "/usr/share/doc/libsasl2-modules-db/changelog.Debian.gz", "/usr/share/doc/libsasl2-modules-db/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libseccomp2@2.6.0-2", "Name": "libseccomp2", "Identifier": { "PURL": "pkg:deb/debian/libseccomp2@2.6.0-2?arch=amd64\u0026distro=debian-13.4", "UID": "ab6f2d2340eb8e87" }, "Version": "2.6.0", "Release": "2", "Arch": "amd64", "SrcName": "libseccomp", "SrcVersion": "2.6.0", "SrcRelease": "2", "Licenses": [ "LGPL-2.1-only" ], "Maintainer": "Kees Cook \u003ckees@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2" ], "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libseccomp.so.2.6.0", "/usr/share/doc/libseccomp2/changelog.Debian.gz", "/usr/share/doc/libseccomp2/changelog.gz", "/usr/share/doc/libseccomp2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libselinux1@3.8.1-1", "Name": "libselinux1", "Identifier": { "PURL": "pkg:deb/debian/libselinux1@3.8.1-1?arch=amd64\u0026distro=debian-13.4", "UID": "1186c98eeffb1e1c" }, "Version": "3.8.1", "Release": "1", "Arch": "amd64", "SrcName": "libselinux", "SrcVersion": "3.8.1", "SrcRelease": "1", "Licenses": [ "public-domain", "GPL-2.0-only" ], "Maintainer": "Debian SELinux maintainers \u003cselinux-devel@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2", "libpcre2-8-0@10.46-1~deb13u1" ], "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/lib/tmpfiles.d/libselinux1.conf", "/usr/lib/x86_64-linux-gnu/libselinux.so.1", "/usr/share/doc/libselinux1/changelog.Debian.gz", "/usr/share/doc/libselinux1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libsemanage-common@3.8.1-1", "Name": "libsemanage-common", "Identifier": { "PURL": "pkg:deb/debian/libsemanage-common@3.8.1-1?arch=all\u0026distro=debian-13.4", "UID": "ecc6b54d8bc6318c" }, "Version": "3.8.1", "Release": "1", "Arch": "all", "SrcName": "libsemanage", "SrcVersion": "3.8.1", "SrcRelease": "1", "Licenses": [ "LGPL-2.1-or-later", "LGPL-2.1-only", "GPL-2.0-only" ], "Maintainer": "Debian SELinux maintainers \u003cselinux-devel@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/share/doc/libsemanage-common/changelog.Debian.gz", "/usr/share/doc/libsemanage-common/copyright", "/usr/share/man/man5/semanage.conf.5.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "libsemanage2@3.8.1-1", "Name": "libsemanage2", "Identifier": { "PURL": "pkg:deb/debian/libsemanage2@3.8.1-1?arch=amd64\u0026distro=debian-13.4", "UID": "5ed937538fa20cb" }, "Version": "3.8.1", "Release": "1", "Arch": "amd64", "SrcName": "libsemanage", "SrcVersion": "3.8.1", "SrcRelease": "1", "Licenses": [ "LGPL-2.1-or-later", "LGPL-2.1-only", "GPL-2.0-only" ], "Maintainer": "Debian SELinux maintainers \u003cselinux-devel@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libaudit1@1:4.0.2-2+b2", "libbz2-1.0@1.0.8-6", "libc6@2.41-12+deb13u2", "libselinux1@3.8.1-1", "libsemanage-common@3.8.1-1", "libsepol2@3.8.1-1" ], "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libsemanage.so.2", "/usr/share/doc/libsemanage2/changelog.Debian.gz", "/usr/share/doc/libsemanage2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libsepol2@3.8.1-1", "Name": "libsepol2", "Identifier": { "PURL": "pkg:deb/debian/libsepol2@3.8.1-1?arch=amd64\u0026distro=debian-13.4", "UID": "f93073011a044623" }, "Version": "3.8.1", "Release": "1", "Arch": "amd64", "SrcName": "libsepol", "SrcVersion": "3.8.1", "SrcRelease": "1", "Licenses": [ "LGPL-2.1-or-later", "LGPL-2.1-only", "Zlib", "GPL-2.0-only", "GPL-2.0-or-later" ], "Maintainer": "Debian SELinux maintainers \u003cselinux-devel@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2" ], "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libsepol.so.2", "/usr/share/doc/libsepol2/changelog.Debian.gz", "/usr/share/doc/libsepol2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libsmartcols1@2.41-5", "Name": "libsmartcols1", "Identifier": { "PURL": "pkg:deb/debian/libsmartcols1@2.41-5?arch=amd64\u0026distro=debian-13.4", "UID": "cfae7d67f8245164" }, "Version": "2.41", "Release": "5", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2" ], "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libsmartcols.so.1.1.0", "/usr/share/doc/libsmartcols1/NEWS.Debian.gz", "/usr/share/doc/libsmartcols1/changelog.Debian.gz", "/usr/share/doc/libsmartcols1/changelog.gz", "/usr/share/doc/libsmartcols1/copyright", "/usr/share/lintian/overrides/libsmartcols1" ], "AnalyzedBy": "dpkg" }, { "ID": "libsodium23@1.0.18-1+deb13u1", "Name": "libsodium23", "Identifier": { "PURL": "pkg:deb/debian/libsodium23@1.0.18-1%2Bdeb13u1?arch=amd64\u0026distro=debian-13.4", "UID": "878b5bd61316003b" }, "Version": "1.0.18", "Release": "1+deb13u1", "Arch": "amd64", "SrcName": "libsodium", "SrcVersion": "1.0.18", "SrcRelease": "1+deb13u1", "Licenses": [ "ISC", "BSD-2-Clause", "public-domain", "CC0-1.0", "MIT", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Laszlo Boszormenyi (GCS) \u003cgcs@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2" ], "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libsodium.so.23.3.0", "/usr/share/doc/libsodium23/AUTHORS.gz", "/usr/share/doc/libsodium23/README.markdown", "/usr/share/doc/libsodium23/THANKS", "/usr/share/doc/libsodium23/changelog.Debian.gz", "/usr/share/doc/libsodium23/changelog.gz", "/usr/share/doc/libsodium23/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libsqlite3-0@3.46.1-7+deb13u1", "Name": "libsqlite3-0", "Identifier": { "PURL": "pkg:deb/debian/libsqlite3-0@3.46.1-7%2Bdeb13u1?arch=amd64\u0026distro=debian-13.4", "UID": "2af22a336130a144" }, "Version": "3.46.1", "Release": "7+deb13u1", "Arch": "amd64", "SrcName": "sqlite3", "SrcVersion": "3.46.1", "SrcRelease": "7+deb13u1", "Licenses": [ "public-domain", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Laszlo Boszormenyi (GCS) \u003cgcs@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2" ], "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libsqlite3.so.0.8.6", "/usr/share/doc/libsqlite3-0/README.Debian", "/usr/share/doc/libsqlite3-0/changelog.Debian.gz", "/usr/share/doc/libsqlite3-0/changelog.gz", "/usr/share/doc/libsqlite3-0/changelog.html.gz", "/usr/share/doc/libsqlite3-0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libssl3t64@3.5.5-1~deb13u2", "Name": "libssl3t64", "Identifier": { "PURL": "pkg:deb/debian/libssl3t64@3.5.5-1~deb13u2?arch=amd64\u0026distro=debian-13.4", "UID": "69d5db99a391af5b" }, "Version": "3.5.5", "Release": "1~deb13u2", "Arch": "amd64", "SrcName": "openssl", "SrcVersion": "3.5.5", "SrcRelease": "1~deb13u2", "Licenses": [ "Apache-2.0", "Artistic-2.0", "GPL-1.0-or-later", "GPL-1.0-only" ], "Maintainer": "Debian OpenSSL Team \u003cpkg-openssl-devel@alioth-lists.debian.net\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2", "libzstd1@1.5.7+dfsg-1", "openssl-provider-legacy@3.5.5-1~deb13u2", "zlib1g@1:1.3.dfsg+really1.3.1-1+b1" ], "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/engines-3/afalg.so", "/usr/lib/x86_64-linux-gnu/engines-3/loader_attic.so", "/usr/lib/x86_64-linux-gnu/engines-3/padlock.so", "/usr/lib/x86_64-linux-gnu/libcrypto.so.3", "/usr/lib/x86_64-linux-gnu/libssl.so.3", "/usr/share/doc/libssl3t64/NEWS.Debian.gz", "/usr/share/doc/libssl3t64/changelog.Debian.gz", "/usr/share/doc/libssl3t64/changelog.gz", "/usr/share/doc/libssl3t64/copyright", "/usr/share/lintian/overrides/libssl3t64" ], "AnalyzedBy": "dpkg" }, { "ID": "libstdc++6@14.2.0-19", "Name": "libstdc++6", "Identifier": { "PURL": "pkg:deb/debian/libstdc%2B%2B6@14.2.0-19?arch=amd64\u0026distro=debian-13.4", "UID": "f4443de5dff6ee89" }, "Version": "14.2.0", "Release": "19", "Arch": "amd64", "SrcName": "gcc-14", "SrcVersion": "14.2.0", "SrcRelease": "19", "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "gcc-14-base@14.2.0-19", "libc6@2.41-12+deb13u2", "libgcc-s1@14.2.0-19" ], "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.33", "/usr/share/gcc/python/libstdcxx/__init__.py", "/usr/share/gcc/python/libstdcxx/v6/__init__.py", "/usr/share/gcc/python/libstdcxx/v6/printers.py", "/usr/share/gcc/python/libstdcxx/v6/xmethods.py", "/usr/share/gdb/auto-load/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.33-gdb.py" ], "AnalyzedBy": "dpkg" }, { "ID": "libstemmer0d@2.2.0-4+b2", "Name": "libstemmer0d", "Identifier": { "PURL": "pkg:deb/debian/libstemmer0d@2.2.0-4%2Bb2?arch=amd64\u0026distro=debian-13.4", "UID": "24d70f4aa57cd51a" }, "Version": "2.2.0", "Release": "4+b2", "Arch": "amd64", "SrcName": "snowball", "SrcVersion": "2.2.0", "SrcRelease": "4", "Licenses": [ "BSD-3-snowball" ], "Maintainer": "Stefano Rivera \u003cstefanor@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2" ], "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libstemmer.so.0d.0.0", "/usr/share/doc/libstemmer0d/AUTHORS", "/usr/share/doc/libstemmer0d/README.Debian", "/usr/share/doc/libstemmer0d/TODO", "/usr/share/doc/libstemmer0d/changelog.Debian.amd64.gz", "/usr/share/doc/libstemmer0d/changelog.Debian.gz", "/usr/share/doc/libstemmer0d/copyright", "/usr/share/doc/libstemmer0d/examples/stemwords.c", "/usr/share/doc/libstemmer0d/libstemmer_c_README.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "libsystemd0@257.9-1~deb13u1", "Name": "libsystemd0", "Identifier": { "PURL": "pkg:deb/debian/libsystemd0@257.9-1~deb13u1?arch=amd64\u0026distro=debian-13.4", "UID": "b50b08c7bba67f5" }, "Version": "257.9", "Release": "1~deb13u1", "Arch": "amd64", "SrcName": "systemd", "SrcVersion": "257.9", "SrcRelease": "1~deb13u1", "Licenses": [ "LGPL-2.1-or-later", "CC0-1.0", "GPL-2 with Linux-syscall-note exception", "MIT", "public-domain", "GPL-2.0-or-later", "GPL-2.0-only", "LGPL-2.1-only" ], "Maintainer": "Debian systemd Maintainers \u003cpkg-systemd-maintainers@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2", "libcap2@1:2.75-10+b8" ], "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "/usr/share/doc/libsystemd0/NEWS.Debian.gz", "/usr/share/doc/libsystemd0/changelog.Debian.gz", "/usr/share/doc/libsystemd0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libtinfo6@6.5+20250216-2", "Name": "libtinfo6", "Identifier": { "PURL": "pkg:deb/debian/libtinfo6@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.4", "UID": "5286a1335bb605c5" }, "Version": "6.5+20250216", "Release": "2", "Arch": "amd64", "SrcName": "ncurses", "SrcVersion": "6.5+20250216", "SrcRelease": "2", "Licenses": [ "MIT/X11", "X11", "BSD-3-Clause" ], "Maintainer": "Ncurses Maintainers \u003cncurses@packages.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2" ], "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libtic.so.6.5", "/usr/lib/x86_64-linux-gnu/libtinfo.so.6.5", "/usr/share/doc/libtinfo6/changelog.Debian.gz", "/usr/share/doc/libtinfo6/changelog.gz", "/usr/share/doc/libtinfo6/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libtirpc-common@1.3.6+ds-1", "Name": "libtirpc-common", "Identifier": { "PURL": "pkg:deb/debian/libtirpc-common@1.3.6%2Bds-1?arch=all\u0026distro=debian-13.4", "UID": "99bb237786d30eac" }, "Version": "1.3.6+ds", "Release": "1", "Arch": "all", "SrcName": "libtirpc", "SrcVersion": "1.3.6+ds", "SrcRelease": "1", "Licenses": [ "BSD-3-Clause", "GPL-2.0-only", "__AUTO_PERMISSIVE__", "BSD-2-Clause", "BSD-4-Clause", "LGPL-2.1-or-later", "PERMISSIVE", "LGPL-2.1-only" ], "Maintainer": "Josue Ortega \u003cjosue@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "InstalledFiles": [ "/usr/share/doc/libtirpc-common/NEWS.Debian.gz", "/usr/share/doc/libtirpc-common/changelog.Debian.gz", "/usr/share/doc/libtirpc-common/changelog.gz", "/usr/share/doc/libtirpc-common/copyright", "/usr/share/man/man5/netconfig.5.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "libtirpc3t64@1.3.6+ds-1", "Name": "libtirpc3t64", "Identifier": { "PURL": "pkg:deb/debian/libtirpc3t64@1.3.6%2Bds-1?arch=amd64\u0026distro=debian-13.4", "UID": "2436c47fcfbbd8b7" }, "Version": "1.3.6+ds", "Release": "1", "Arch": "amd64", "SrcName": "libtirpc", "SrcVersion": "1.3.6+ds", "SrcRelease": "1", "Licenses": [ "BSD-3-Clause", "GPL-2.0-only", "__AUTO_PERMISSIVE__", "BSD-2-Clause", "BSD-4-Clause", "LGPL-2.1-or-later", "PERMISSIVE", "LGPL-2.1-only" ], "Maintainer": "Josue Ortega \u003cjosue@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2", "libgssapi-krb5-2@1.21.3-5", "libtirpc-common@1.3.6+ds-1" ], "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libtirpc.so.3.0.0", "/usr/share/doc/libtirpc3t64/NEWS.Debian.gz", "/usr/share/doc/libtirpc3t64/changelog.Debian.gz", "/usr/share/doc/libtirpc3t64/changelog.gz", "/usr/share/doc/libtirpc3t64/copyright", "/usr/share/lintian/overrides/libtirpc3t64" ], "AnalyzedBy": "dpkg" }, { "ID": "libudev1@257.9-1~deb13u1", "Name": "libudev1", "Identifier": { "PURL": "pkg:deb/debian/libudev1@257.9-1~deb13u1?arch=amd64\u0026distro=debian-13.4", "UID": "9b08ae719b1cb01e" }, "Version": "257.9", "Release": "1~deb13u1", "Arch": "amd64", "SrcName": "systemd", "SrcVersion": "257.9", "SrcRelease": "1~deb13u1", "Licenses": [ "LGPL-2.1-or-later", "CC0-1.0", "GPL-2 with Linux-syscall-note exception", "MIT", "public-domain", "GPL-2.0-or-later", "GPL-2.0-only", "LGPL-2.1-only" ], "Maintainer": "Debian systemd Maintainers \u003cpkg-systemd-maintainers@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2", "libcap2@1:2.75-10+b8" ], "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libudev.so.1.7.10", "/usr/share/doc/libudev1/NEWS.Debian.gz", "/usr/share/doc/libudev1/changelog.Debian.gz", "/usr/share/doc/libudev1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libunwind8@1.8.1-0.1", "Name": "libunwind8", "Identifier": { "PURL": "pkg:deb/debian/libunwind8@1.8.1-0.1?arch=amd64\u0026distro=debian-13.4", "UID": "5f4bffcabb5feac2" }, "Version": "1.8.1", "Release": "0.1", "Arch": "amd64", "SrcName": "libunwind", "SrcVersion": "1.8.1", "SrcRelease": "0.1", "Licenses": [ "MIT", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Adrian Bunk \u003cbunk@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2", "liblzma5@5.8.1-1" ], "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libunwind-coredump.so.0.0.0", "/usr/lib/x86_64-linux-gnu/libunwind-ptrace.so.0.0.0", "/usr/lib/x86_64-linux-gnu/libunwind-x86_64.so.8.1.0", "/usr/lib/x86_64-linux-gnu/libunwind.so.8.1.0", "/usr/share/doc/libunwind8/changelog.Debian.gz", "/usr/share/doc/libunwind8/changelog.gz", "/usr/share/doc/libunwind8/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libuuid1@2.41-5", "Name": "libuuid1", "Identifier": { "PURL": "pkg:deb/debian/libuuid1@2.41-5?arch=amd64\u0026distro=debian-13.4", "UID": "4a57eaeae20e47" }, "Version": "2.41", "Release": "5", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2" ], "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libuuid.so.1.3.0", "/usr/share/doc/libuuid1/NEWS.Debian.gz", "/usr/share/doc/libuuid1/changelog.Debian.gz", "/usr/share/doc/libuuid1/changelog.gz", "/usr/share/doc/libuuid1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libwrap0@7.6.q-36", "Name": "libwrap0", "Identifier": { "PURL": "pkg:deb/debian/libwrap0@7.6.q-36?arch=amd64\u0026distro=debian-13.4", "UID": "8e7a99f0c3aed30a" }, "Version": "7.6.q", "Release": "36", "Arch": "amd64", "SrcName": "tcp-wrappers", "SrcVersion": "7.6.q", "SrcRelease": "36", "Licenses": [ "TCP-wrappers", "BSD-3-Clause", "SSH" ], "Maintainer": "Marco d'Itri \u003cmd@linux.it\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2" ], "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libwrap.so.0.7.6", "/usr/share/doc/libwrap0/README.Debian", "/usr/share/doc/libwrap0/README.gz", "/usr/share/doc/libwrap0/changelog.Debian.gz", "/usr/share/doc/libwrap0/changelog.gz", "/usr/share/doc/libwrap0/copyright", "/usr/share/man/man5/hosts_access.5.gz", "/usr/share/man/man5/hosts_options.5.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "libxapian30@1.4.29-3", "Name": "libxapian30", "Identifier": { "PURL": "pkg:deb/debian/libxapian30@1.4.29-3?arch=amd64\u0026distro=debian-13.4", "UID": "4d7aef8d1727100b" }, "Version": "1.4.29", "Release": "3", "Arch": "amd64", "SrcName": "xapian-core", "SrcVersion": "1.4.29", "SrcRelease": "3", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Olly Betts \u003colly@survex.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2", "libgcc-s1@14.2.0-19", "libstdc++6@14.2.0-19", "libuuid1@2.41-5", "zlib1g@1:1.3.dfsg+really1.3.1-1+b1" ], "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libxapian.so.30.14.1", "/usr/share/doc/libxapian30/TODO.Debian", "/usr/share/doc/libxapian30/changelog.Debian.gz", "/usr/share/doc/libxapian30/changelog.gz", "/usr/share/doc/libxapian30/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libxxhash0@0.8.3-2", "Name": "libxxhash0", "Identifier": { "PURL": "pkg:deb/debian/libxxhash0@0.8.3-2?arch=amd64\u0026distro=debian-13.4", "UID": "dc933a4365692bcd" }, "Version": "0.8.3", "Release": "2", "Arch": "amd64", "SrcName": "xxhash", "SrcVersion": "0.8.3", "SrcRelease": "2", "Licenses": [ "BSD-2-Clause", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Josue Ortega \u003cjosue@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2" ], "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libxxhash.so.0.8.3", "/usr/share/doc/libxxhash0/changelog.Debian.gz", "/usr/share/doc/libxxhash0/changelog.gz", "/usr/share/doc/libxxhash0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libzstd1@1.5.7+dfsg-1", "Name": "libzstd1", "Identifier": { "PURL": "pkg:deb/debian/libzstd1@1.5.7%2Bdfsg-1?arch=amd64\u0026distro=debian-13.4", "UID": "889edd5879fa68a" }, "Version": "1.5.7+dfsg", "Release": "1", "Arch": "amd64", "SrcName": "libzstd", "SrcVersion": "1.5.7+dfsg", "SrcRelease": "1", "Licenses": [ "BSD-3-Clause", "GPL-2.0-only", "Zlib", "MIT" ], "Maintainer": "RPM packaging team \u003cteam+pkg-rpm@tracker.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2" ], "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libzstd.so.1.5.7", "/usr/share/doc/libzstd1/changelog.Debian.gz", "/usr/share/doc/libzstd1/changelog.gz", "/usr/share/doc/libzstd1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "login@1:4.16.0-2+really2.41-5", "Name": "login", "Identifier": { "PURL": "pkg:deb/debian/login@4.16.0-2%2Breally2.41-5?arch=amd64\u0026distro=debian-13.4\u0026epoch=1", "UID": "35a636a49ab503ca" }, "Version": "4.16.0-2+really2.41", "Release": "5", "Epoch": 1, "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libaudit1@1:4.0.2-2+b2", "libc6@2.41-12+deb13u2", "libcrypt1@1:4.4.38-1", "libpam-modules@1.7.0-5", "libpam-runtime@1.7.0-5", "libpam0g@1.7.0-5" ], "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/bin/login", "/usr/bin/newgrp", "/usr/sbin/nologin", "/usr/share/bash-completion/completions/newgrp", "/usr/share/doc/login/NEWS.Debian.gz", "/usr/share/doc/login/changelog.Debian.gz", "/usr/share/doc/login/changelog.gz", "/usr/share/doc/login/copyright", "/usr/share/lintian/overrides/login", "/usr/share/man/de/man1/login.1.gz", "/usr/share/man/de/man8/nologin.8.gz", "/usr/share/man/fr/man1/login.1.gz", "/usr/share/man/man1/login.1.gz", "/usr/share/man/man1/newgrp.1.gz", "/usr/share/man/man8/nologin.8.gz", "/usr/share/man/pl/man1/login.1.gz", "/usr/share/man/pl/man1/newgrp.1.gz", "/usr/share/man/pl/man8/nologin.8.gz", "/usr/share/man/ro/man1/login.1.gz", "/usr/share/man/ro/man1/newgrp.1.gz", "/usr/share/man/ro/man8/nologin.8.gz", "/usr/share/man/sr/man1/login.1.gz", "/usr/share/man/sr/man8/nologin.8.gz", "/usr/share/man/uk/man1/login.1.gz", "/usr/share/man/uk/man1/newgrp.1.gz", "/usr/share/man/uk/man8/nologin.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "login.defs@1:4.17.4-2", "Name": "login.defs", "Identifier": { "PURL": "pkg:deb/debian/login.defs@4.17.4-2?arch=all\u0026distro=debian-13.4\u0026epoch=1", "UID": "b6a337588c67d5a3" }, "Version": "4.17.4", "Release": "2", "Epoch": 1, "Arch": "all", "SrcName": "shadow", "SrcVersion": "4.17.4", "SrcRelease": "2", "SrcEpoch": 1, "Licenses": [ "BSD-3-Clause", "GPL-1.0-only", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Shadow package maintainers \u003cpkg-shadow-devel@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/share/doc/login.defs/NEWS.Debian.gz", "/usr/share/doc/login.defs/changelog.Debian.gz", "/usr/share/doc/login.defs/changelog.gz", "/usr/share/doc/login.defs/copyright", "/usr/share/man/de/man5/login.defs.5.gz", "/usr/share/man/fr/man5/login.defs.5.gz", "/usr/share/man/it/man5/login.defs.5.gz", "/usr/share/man/ja/man5/login.defs.5.gz", "/usr/share/man/man5/login.defs.5.gz", "/usr/share/man/ru/man5/login.defs.5.gz", "/usr/share/man/uk/man5/login.defs.5.gz", "/usr/share/man/zh_CN/man5/login.defs.5.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "lua-bit32@5.3.0-6", "Name": "lua-bit32", "Identifier": { "PURL": "pkg:deb/debian/lua-bit32@5.3.0-6?arch=amd64\u0026distro=debian-13.4", "UID": "c53c1879550eb8af" }, "Version": "5.3.0", "Release": "6", "Arch": "amd64", "SrcName": "lua-bit32", "SrcVersion": "5.3.0", "SrcRelease": "6", "Licenses": [ "MIT" ], "Maintainer": "Debian QA Group \u003cpackages@qa.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2" ], "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/liblua5.1-bit32.so.0.0.0", "/usr/share/doc/lua-bit32/changelog.Debian.gz", "/usr/share/doc/lua-bit32/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "lua-json@1.3.4-3", "Name": "lua-json", "Identifier": { "PURL": "pkg:deb/debian/lua-json@1.3.4-3?arch=all\u0026distro=debian-13.4", "UID": "b243d7a1844f36a5" }, "Version": "1.3.4", "Release": "3", "Arch": "all", "SrcName": "lua-json", "SrcVersion": "1.3.4", "SrcRelease": "3", "Licenses": [ "MIT" ], "Maintainer": "The Debian Lua Team \u003cpkg-lua-devel@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "lua-lpeg@1.1.0-2" ], "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "InstalledFiles": [ "/usr/share/doc/lua-json/LuaJSON.txt.gz", "/usr/share/doc/lua-json/README.md", "/usr/share/doc/lua-json/ReleaseNotes-0.10.txt.gz", "/usr/share/doc/lua-json/ReleaseNotes-0.9.1.txt", "/usr/share/doc/lua-json/ReleaseNotes-0.9.txt", "/usr/share/doc/lua-json/ReleaseNotes-1.0.1.txt", "/usr/share/doc/lua-json/ReleaseNotes-1.0.2.txt", "/usr/share/doc/lua-json/ReleaseNotes-1.0.3.txt", "/usr/share/doc/lua-json/ReleaseNotes-1.0.txt", "/usr/share/doc/lua-json/ReleaseNotes-1.1.1.txt", "/usr/share/doc/lua-json/ReleaseNotes-1.1.2.txt", "/usr/share/doc/lua-json/ReleaseNotes-1.1.txt", "/usr/share/doc/lua-json/ReleaseNotes-1.2.1.txt", "/usr/share/doc/lua-json/ReleaseNotes-1.2.2.txt", "/usr/share/doc/lua-json/ReleaseNotes-1.2.txt", "/usr/share/doc/lua-json/ReleaseNotes-1.3.1.txt", "/usr/share/doc/lua-json/ReleaseNotes-1.3.2.txt", "/usr/share/doc/lua-json/ReleaseNotes-1.3.3.txt", "/usr/share/doc/lua-json/ReleaseNotes-1.3.4.txt", "/usr/share/doc/lua-json/ReleaseNotes-1.3.txt", "/usr/share/doc/lua-json/changelog.Debian.gz", "/usr/share/doc/lua-json/copyright", "/usr/share/lua/5.1/json.lua", "/usr/share/lua/5.1/json/decode.lua", "/usr/share/lua/5.1/json/decode/composite.lua", "/usr/share/lua/5.1/json/decode/number.lua", "/usr/share/lua/5.1/json/decode/others.lua", "/usr/share/lua/5.1/json/decode/state.lua", "/usr/share/lua/5.1/json/decode/strings.lua", "/usr/share/lua/5.1/json/decode/util.lua", "/usr/share/lua/5.1/json/encode.lua", "/usr/share/lua/5.1/json/encode/array.lua", "/usr/share/lua/5.1/json/encode/calls.lua", "/usr/share/lua/5.1/json/encode/number.lua", "/usr/share/lua/5.1/json/encode/object.lua", "/usr/share/lua/5.1/json/encode/others.lua", "/usr/share/lua/5.1/json/encode/output.lua", "/usr/share/lua/5.1/json/encode/output_utility.lua", "/usr/share/lua/5.1/json/encode/strings.lua", "/usr/share/lua/5.1/json/util.lua" ], "AnalyzedBy": "dpkg" }, { "ID": "lua-lpeg@1.1.0-2", "Name": "lua-lpeg", "Identifier": { "PURL": "pkg:deb/debian/lua-lpeg@1.1.0-2?arch=amd64\u0026distro=debian-13.4", "UID": "d22d199396f9f5aa" }, "Version": "1.1.0", "Release": "2", "Arch": "amd64", "SrcName": "lua-lpeg", "SrcVersion": "1.1.0", "SrcRelease": "2", "Licenses": [ "MIT/X" ], "Maintainer": "Debian Lua Team \u003cpkg-lua-devel@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2" ], "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/liblua5.1-lpeg.so.2.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.2-lpeg.so.2.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.3-lpeg.so.2.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.4-lpeg.so.2.0.0", "/usr/share/doc/lua-lpeg/changelog.Debian.gz", "/usr/share/doc/lua-lpeg/changelog.gz", "/usr/share/doc/lua-lpeg/copyright", "/usr/share/lua/5.1/re.lua" ], "AnalyzedBy": "dpkg" }, { "ID": "lua-posix@36.3-1", "Name": "lua-posix", "Identifier": { "PURL": "pkg:deb/debian/lua-posix@36.3-1?arch=amd64\u0026distro=debian-13.4", "UID": "cf2334e85205c3df" }, "Version": "36.3", "Release": "1", "Arch": "amd64", "SrcName": "lua-posix", "SrcVersion": "36.3", "SrcRelease": "1", "Licenses": [ "MIT", "BSD-3-Clause" ], "Maintainer": "Debian Lua Team \u003cpkg-lua-devel@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2", "libcrypt1@1:4.4.38-1", "lua-bit32@5.3.0-6" ], "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-ctype.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-dirent.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-errno.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-fcntl.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-fnmatch.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-glob.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-grp.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-libgen.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-poll.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-pwd.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-sched.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-signal.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-stdio.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-stdlib.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-sys-msg.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-sys-resource.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-sys-socket.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-sys-stat.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-sys-statvfs.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-sys-time.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-sys-times.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-sys-utsname.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-sys-wait.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-syslog.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-termio.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-time.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-unistd.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.1-posix-utime.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-ctype.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-dirent.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-errno.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-fcntl.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-fnmatch.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-glob.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-grp.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-libgen.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-poll.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-pwd.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-sched.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-signal.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-stdio.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-stdlib.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-sys-msg.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-sys-resource.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-sys-socket.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-sys-stat.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-sys-statvfs.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-sys-time.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-sys-times.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-sys-utsname.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-sys-wait.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-syslog.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-termio.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-time.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-unistd.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.2-posix-utime.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-ctype.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-dirent.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-errno.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-fcntl.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-fnmatch.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-glob.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-grp.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-libgen.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-poll.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-pwd.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-sched.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-signal.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-stdio.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-stdlib.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-sys-msg.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-sys-resource.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-sys-socket.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-sys-stat.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-sys-statvfs.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-sys-time.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-sys-times.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-sys-utsname.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-sys-wait.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-syslog.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-termio.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-time.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-unistd.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.3-posix-utime.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-ctype.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-dirent.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-errno.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-fcntl.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-fnmatch.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-glob.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-grp.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-libgen.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-poll.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-pwd.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-sched.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-signal.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-stdio.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-stdlib.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-sys-msg.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-sys-resource.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-sys-socket.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-sys-stat.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-sys-statvfs.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-sys-time.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-sys-times.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-sys-utsname.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-sys-wait.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-syslog.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-termio.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-time.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-unistd.so.0.0.0", "/usr/lib/x86_64-linux-gnu/liblua5.4-posix-utime.so.0.0.0", "/usr/share/doc/lua-posix/changelog.Debian.gz", "/usr/share/doc/lua-posix/copyright", "/usr/share/lintian/overrides/lua-posix", "/usr/share/lua/5.1/posix/_base.lua", "/usr/share/lua/5.1/posix/_bitwise.lua", "/usr/share/lua/5.1/posix/_strict.lua", "/usr/share/lua/5.1/posix/compat.lua", "/usr/share/lua/5.1/posix/deprecated.lua", "/usr/share/lua/5.1/posix/init.lua", "/usr/share/lua/5.1/posix/sys.lua", "/usr/share/lua/5.1/posix/util.lua", "/usr/share/lua/5.1/posix/version.lua" ], "AnalyzedBy": "dpkg" }, { "ID": "mariadb-common@1:11.8.6-0+deb13u1", "Name": "mariadb-common", "Identifier": { "PURL": "pkg:deb/debian/mariadb-common@11.8.6-0%2Bdeb13u1?arch=all\u0026distro=debian-13.4\u0026epoch=1", "UID": "403ed3ff54967cb9" }, "Version": "11.8.6", "Release": "0+deb13u1", "Epoch": 1, "Arch": "all", "SrcName": "mariadb", "SrcVersion": "11.8.6", "SrcRelease": "0+deb13u1", "SrcEpoch": 1, "Licenses": [ "GPL-2.0-only", "GPL-2.0-or-later", "public-domain", "BSD-3-Clause", "LGPL-2.1-or-later", "BSD-2-Clause", "LGPL-2.0-only", "unlimited-free-doc", "GPL-2.0-with-bison-exception+", "SWsoft", "Artistic-2.0", "LGPL-2.0-or-later", "zlib-acknowledgement", "LGPL-2.1-only" ], "Maintainer": "Debian MySQL Maintainers \u003cpkg-mysql-maint@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "mysql-common@5.8+1.1.1" ], "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "InstalledFiles": [ "/usr/share/doc/mariadb-common/changelog.Debian.gz", "/usr/share/doc/mariadb-common/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "mysql-common@5.8+1.1.1", "Name": "mysql-common", "Identifier": { "PURL": "pkg:deb/debian/mysql-common@5.8%2B1.1.1?arch=all\u0026distro=debian-13.4", "UID": "d1d9e3e56824646c" }, "Version": "5.8+1.1.1", "Arch": "all", "SrcName": "mysql-defaults", "SrcVersion": "1.1.1", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Debian MySQL Maintainers \u003cpkg-mysql-maint@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "InstalledFiles": [ "/usr/share/doc/mysql-common/changelog.gz", "/usr/share/doc/mysql-common/copyright", "/usr/share/doc/mysql-common/frozen-mode/README", "/usr/share/doc/mysql-common/frozen-mode/downgrade", "/usr/share/lintian/overrides/mysql-common", "/usr/share/mysql-common/configure-symlinks" ], "AnalyzedBy": "dpkg" }, { "ID": "ncurses-base@6.5+20250216-2", "Name": "ncurses-base", "Identifier": { "PURL": "pkg:deb/debian/ncurses-base@6.5%2B20250216-2?arch=all\u0026distro=debian-13.4", "UID": "767a0231348a5cb5" }, "Version": "6.5+20250216", "Release": "2", "Arch": "all", "SrcName": "ncurses", "SrcVersion": "6.5+20250216", "SrcRelease": "2", "Licenses": [ "MIT/X11", "X11", "BSD-3-Clause" ], "Maintainer": "Ncurses Maintainers \u003cncurses@packages.debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/share/doc/ncurses-base/FAQ", "/usr/share/doc/ncurses-base/TODO.Debian", "/usr/share/doc/ncurses-base/changelog.Debian.gz", "/usr/share/doc/ncurses-base/changelog.gz", "/usr/share/doc/ncurses-base/copyright", "/usr/share/lintian/overrides/ncurses-base", "/usr/share/tabset/std", "/usr/share/tabset/stdcrt", "/usr/share/tabset/vt100", "/usr/share/tabset/vt300", "/usr/share/terminfo/E/Eterm", "/usr/share/terminfo/a/ansi", "/usr/share/terminfo/c/cons25", "/usr/share/terminfo/c/cygwin", "/usr/share/terminfo/d/dumb", "/usr/share/terminfo/h/hurd", "/usr/share/terminfo/l/linux", "/usr/share/terminfo/m/mach", "/usr/share/terminfo/m/mach-bold", "/usr/share/terminfo/m/mach-color", "/usr/share/terminfo/m/mach-gnu", "/usr/share/terminfo/m/mach-gnu-color", "/usr/share/terminfo/p/pcansi", "/usr/share/terminfo/r/rxvt", "/usr/share/terminfo/r/rxvt-basic", "/usr/share/terminfo/r/rxvt-unicode", "/usr/share/terminfo/r/rxvt-unicode-256color", "/usr/share/terminfo/s/screen", "/usr/share/terminfo/s/screen-256color", "/usr/share/terminfo/s/screen-256color-bce", "/usr/share/terminfo/s/screen-bce", "/usr/share/terminfo/s/screen-s", "/usr/share/terminfo/s/screen-w", "/usr/share/terminfo/s/screen.xterm-256color", "/usr/share/terminfo/s/sun", "/usr/share/terminfo/t/tmux", "/usr/share/terminfo/t/tmux-256color", "/usr/share/terminfo/v/vt100", "/usr/share/terminfo/v/vt102", "/usr/share/terminfo/v/vt220", "/usr/share/terminfo/v/vt52", "/usr/share/terminfo/w/wsvt25", "/usr/share/terminfo/w/wsvt25m", "/usr/share/terminfo/x/xterm", "/usr/share/terminfo/x/xterm-256color", "/usr/share/terminfo/x/xterm-color", "/usr/share/terminfo/x/xterm-mono", "/usr/share/terminfo/x/xterm-r5", "/usr/share/terminfo/x/xterm-r6", "/usr/share/terminfo/x/xterm-vt220", "/usr/share/terminfo/x/xterm-xfree86" ], "AnalyzedBy": "dpkg" }, { "ID": "netcat-traditional@1.10-50", "Name": "netcat-traditional", "Identifier": { "PURL": "pkg:deb/debian/netcat-traditional@1.10-50?arch=amd64\u0026distro=debian-13.4", "UID": "7ff724373cc7edab" }, "Version": "1.10", "Release": "50", "Arch": "amd64", "SrcName": "netcat", "SrcVersion": "1.10", "SrcRelease": "50", "Maintainer": "Anibal Monsalve Salazar \u003canibal@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2" ], "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "InstalledFiles": [ "/usr/bin/nc.traditional", "/usr/share/doc/netcat-traditional/README.Debian", "/usr/share/doc/netcat-traditional/README.gz", "/usr/share/doc/netcat-traditional/changelog.Debian.gz", "/usr/share/doc/netcat-traditional/changelog.gz", "/usr/share/doc/netcat-traditional/copyright", "/usr/share/doc/netcat-traditional/examples/contrib/ncmeter", "/usr/share/doc/netcat-traditional/examples/data/Makefile", "/usr/share/doc/netcat-traditional/examples/data/README", "/usr/share/doc/netcat-traditional/examples/data/data.c", "/usr/share/doc/netcat-traditional/examples/data/dns-any.d", "/usr/share/doc/netcat-traditional/examples/data/nfs-0.d", "/usr/share/doc/netcat-traditional/examples/data/pm.d", "/usr/share/doc/netcat-traditional/examples/data/pmap-dump.d", "/usr/share/doc/netcat-traditional/examples/data/pmap-mnt.d", "/usr/share/doc/netcat-traditional/examples/data/rip.d", "/usr/share/doc/netcat-traditional/examples/data/rservice.c", "/usr/share/doc/netcat-traditional/examples/data/showmount.d", "/usr/share/doc/netcat-traditional/examples/data/xor.c", "/usr/share/doc/netcat-traditional/examples/scripts/README", "/usr/share/doc/netcat-traditional/examples/scripts/alta", "/usr/share/doc/netcat-traditional/examples/scripts/bsh", "/usr/share/doc/netcat-traditional/examples/scripts/dist.sh", "/usr/share/doc/netcat-traditional/examples/scripts/irc", "/usr/share/doc/netcat-traditional/examples/scripts/iscan", "/usr/share/doc/netcat-traditional/examples/scripts/ncp", "/usr/share/doc/netcat-traditional/examples/scripts/probe", "/usr/share/doc/netcat-traditional/examples/scripts/web", "/usr/share/doc/netcat-traditional/examples/scripts/webproxy", "/usr/share/doc/netcat-traditional/examples/scripts/webrelay", "/usr/share/doc/netcat-traditional/examples/scripts/websearch", "/usr/share/man/man1/nc.traditional.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "openssl@3.5.5-1~deb13u2", "Name": "openssl", "Identifier": { "PURL": "pkg:deb/debian/openssl@3.5.5-1~deb13u2?arch=amd64\u0026distro=debian-13.4", "UID": "e9ce784b0d96ddbd" }, "Version": "3.5.5", "Release": "1~deb13u2", "Arch": "amd64", "SrcName": "openssl", "SrcVersion": "3.5.5", "SrcRelease": "1~deb13u2", "Licenses": [ "Apache-2.0", "Artistic-2.0", "GPL-1.0-or-later", "GPL-1.0-only" ], "Maintainer": "Debian OpenSSL Team \u003cpkg-openssl-devel@alioth-lists.debian.net\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2", "libssl3t64@3.5.5-1~deb13u2" ], "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "InstalledFiles": [ "/usr/bin/c_rehash", "/usr/bin/openssl", "/usr/lib/ssl/misc/CA.pl", "/usr/lib/ssl/misc/tsget.pl", "/usr/share/doc/openssl/HOWTO/certificates.txt.gz", "/usr/share/doc/openssl/HOWTO/documenting-functions-and-macros.md.gz", "/usr/share/doc/openssl/HOWTO/keys.txt.gz", "/usr/share/doc/openssl/NEWS.md.gz", "/usr/share/doc/openssl/README-ENGINES.md.gz", "/usr/share/doc/openssl/README-PROVIDERS.md.gz", "/usr/share/doc/openssl/README-QUIC.md.gz", "/usr/share/doc/openssl/README.Debian", "/usr/share/doc/openssl/README.md.gz", "/usr/share/doc/openssl/changelog.Debian.gz", "/usr/share/doc/openssl/changelog.gz", "/usr/share/doc/openssl/copyright", "/usr/share/doc/openssl/fingerprints.txt", "/usr/share/lintian/overrides/openssl", "/usr/share/man/man1/CA.pl.1ssl.gz", "/usr/share/man/man1/openssl-asn1parse.1ssl.gz", "/usr/share/man/man1/openssl-ca.1ssl.gz", "/usr/share/man/man1/openssl-ciphers.1ssl.gz", "/usr/share/man/man1/openssl-cmds.1ssl.gz", "/usr/share/man/man1/openssl-cmp.1ssl.gz", "/usr/share/man/man1/openssl-cms.1ssl.gz", "/usr/share/man/man1/openssl-crl.1ssl.gz", "/usr/share/man/man1/openssl-crl2pkcs7.1ssl.gz", "/usr/share/man/man1/openssl-dgst.1ssl.gz", "/usr/share/man/man1/openssl-dhparam.1ssl.gz", "/usr/share/man/man1/openssl-dsa.1ssl.gz", "/usr/share/man/man1/openssl-dsaparam.1ssl.gz", "/usr/share/man/man1/openssl-ec.1ssl.gz", "/usr/share/man/man1/openssl-ecparam.1ssl.gz", "/usr/share/man/man1/openssl-enc.1ssl.gz", "/usr/share/man/man1/openssl-engine.1ssl.gz", "/usr/share/man/man1/openssl-errstr.1ssl.gz", "/usr/share/man/man1/openssl-fipsinstall.1ssl.gz", "/usr/share/man/man1/openssl-format-options.1ssl.gz", "/usr/share/man/man1/openssl-gendsa.1ssl.gz", "/usr/share/man/man1/openssl-genpkey.1ssl.gz", "/usr/share/man/man1/openssl-genrsa.1ssl.gz", "/usr/share/man/man1/openssl-info.1ssl.gz", "/usr/share/man/man1/openssl-kdf.1ssl.gz", "/usr/share/man/man1/openssl-list.1ssl.gz", "/usr/share/man/man1/openssl-mac.1ssl.gz", "/usr/share/man/man1/openssl-namedisplay-options.1ssl.gz", "/usr/share/man/man1/openssl-nseq.1ssl.gz", "/usr/share/man/man1/openssl-ocsp.1ssl.gz", "/usr/share/man/man1/openssl-passphrase-options.1ssl.gz", "/usr/share/man/man1/openssl-passwd.1ssl.gz", "/usr/share/man/man1/openssl-pkcs12.1ssl.gz", "/usr/share/man/man1/openssl-pkcs7.1ssl.gz", "/usr/share/man/man1/openssl-pkcs8.1ssl.gz", "/usr/share/man/man1/openssl-pkey.1ssl.gz", "/usr/share/man/man1/openssl-pkeyparam.1ssl.gz", "/usr/share/man/man1/openssl-pkeyutl.1ssl.gz", "/usr/share/man/man1/openssl-prime.1ssl.gz", "/usr/share/man/man1/openssl-rand.1ssl.gz", "/usr/share/man/man1/openssl-rehash.1ssl.gz", "/usr/share/man/man1/openssl-req.1ssl.gz", "/usr/share/man/man1/openssl-rsa.1ssl.gz", "/usr/share/man/man1/openssl-rsautl.1ssl.gz", "/usr/share/man/man1/openssl-s_client.1ssl.gz", "/usr/share/man/man1/openssl-s_server.1ssl.gz", "/usr/share/man/man1/openssl-s_time.1ssl.gz", "/usr/share/man/man1/openssl-sess_id.1ssl.gz", "/usr/share/man/man1/openssl-skeyutl.1ssl.gz", "/usr/share/man/man1/openssl-smime.1ssl.gz", "/usr/share/man/man1/openssl-speed.1ssl.gz", "/usr/share/man/man1/openssl-spkac.1ssl.gz", "/usr/share/man/man1/openssl-srp.1ssl.gz", "/usr/share/man/man1/openssl-storeutl.1ssl.gz", "/usr/share/man/man1/openssl-ts.1ssl.gz", "/usr/share/man/man1/openssl-verification-options.1ssl.gz", "/usr/share/man/man1/openssl-verify.1ssl.gz", "/usr/share/man/man1/openssl-version.1ssl.gz", "/usr/share/man/man1/openssl-x509.1ssl.gz", "/usr/share/man/man1/openssl.1ssl.gz", "/usr/share/man/man1/tsget.1ssl.gz", "/usr/share/man/man5/config.5ssl.gz", "/usr/share/man/man5/fips_config.5ssl.gz", "/usr/share/man/man5/x509v3_config.5ssl.gz", "/usr/share/man/man7/EVP_ASYM_CIPHER-RSA.7ssl.gz", "/usr/share/man/man7/EVP_ASYM_CIPHER-SM2.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-AES.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-ARIA.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-BLOWFISH.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-CAMELLIA.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-CAST.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-CHACHA.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-DES.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-IDEA.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-NULL.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-RC2.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-RC4.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-RC5.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-SEED.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-SM4.7ssl.gz", "/usr/share/man/man7/EVP_KDF-ARGON2.7ssl.gz", "/usr/share/man/man7/EVP_KDF-HKDF.7ssl.gz", "/usr/share/man/man7/EVP_KDF-HMAC-DRBG.7ssl.gz", "/usr/share/man/man7/EVP_KDF-KB.7ssl.gz", "/usr/share/man/man7/EVP_KDF-KRB5KDF.7ssl.gz", "/usr/share/man/man7/EVP_KDF-PBKDF1.7ssl.gz", "/usr/share/man/man7/EVP_KDF-PBKDF2.7ssl.gz", "/usr/share/man/man7/EVP_KDF-PKCS12KDF.7ssl.gz", "/usr/share/man/man7/EVP_KDF-PVKKDF.7ssl.gz", "/usr/share/man/man7/EVP_KDF-SCRYPT.7ssl.gz", "/usr/share/man/man7/EVP_KDF-SS.7ssl.gz", "/usr/share/man/man7/EVP_KDF-SSHKDF.7ssl.gz", "/usr/share/man/man7/EVP_KDF-TLS13_KDF.7ssl.gz", "/usr/share/man/man7/EVP_KDF-TLS1_PRF.7ssl.gz", "/usr/share/man/man7/EVP_KDF-X942-ASN1.7ssl.gz", "/usr/share/man/man7/EVP_KDF-X942-CONCAT.7ssl.gz", "/usr/share/man/man7/EVP_KDF-X963.7ssl.gz", "/usr/share/man/man7/EVP_KEM-EC.7ssl.gz", "/usr/share/man/man7/EVP_KEM-ML-KEM.7ssl.gz", "/usr/share/man/man7/EVP_KEM-RSA.7ssl.gz", "/usr/share/man/man7/EVP_KEM-X25519.7ssl.gz", "/usr/share/man/man7/EVP_KEYEXCH-DH.7ssl.gz", "/usr/share/man/man7/EVP_KEYEXCH-ECDH.7ssl.gz", "/usr/share/man/man7/EVP_KEYEXCH-X25519.7ssl.gz", "/usr/share/man/man7/EVP_MAC-BLAKE2.7ssl.gz", "/usr/share/man/man7/EVP_MAC-CMAC.7ssl.gz", "/usr/share/man/man7/EVP_MAC-GMAC.7ssl.gz", "/usr/share/man/man7/EVP_MAC-HMAC.7ssl.gz", "/usr/share/man/man7/EVP_MAC-KMAC.7ssl.gz", "/usr/share/man/man7/EVP_MAC-Poly1305.7ssl.gz", "/usr/share/man/man7/EVP_MAC-Siphash.7ssl.gz", "/usr/share/man/man7/EVP_MD-BLAKE2.7ssl.gz", "/usr/share/man/man7/EVP_MD-KECCAK.7ssl.gz", "/usr/share/man/man7/EVP_MD-MD2.7ssl.gz", "/usr/share/man/man7/EVP_MD-MD4.7ssl.gz", "/usr/share/man/man7/EVP_MD-MD5-SHA1.7ssl.gz", "/usr/share/man/man7/EVP_MD-MD5.7ssl.gz", "/usr/share/man/man7/EVP_MD-MDC2.7ssl.gz", "/usr/share/man/man7/EVP_MD-NULL.7ssl.gz", "/usr/share/man/man7/EVP_MD-RIPEMD160.7ssl.gz", "/usr/share/man/man7/EVP_MD-SHA1.7ssl.gz", "/usr/share/man/man7/EVP_MD-SHA2.7ssl.gz", "/usr/share/man/man7/EVP_MD-SHA3.7ssl.gz", "/usr/share/man/man7/EVP_MD-SHAKE.7ssl.gz", "/usr/share/man/man7/EVP_MD-SM3.7ssl.gz", "/usr/share/man/man7/EVP_MD-WHIRLPOOL.7ssl.gz", "/usr/share/man/man7/EVP_MD-common.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-DH.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-DSA.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-EC.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-FFC.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-HMAC.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-ML-DSA.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-ML-KEM.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-RSA.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-SLH-DSA.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-SM2.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-X25519.7ssl.gz", "/usr/share/man/man7/EVP_RAND-CRNG-TEST.7ssl.gz", "/usr/share/man/man7/EVP_RAND-CTR-DRBG.7ssl.gz", "/usr/share/man/man7/EVP_RAND-HASH-DRBG.7ssl.gz", "/usr/share/man/man7/EVP_RAND-HMAC-DRBG.7ssl.gz", "/usr/share/man/man7/EVP_RAND-JITTER.7ssl.gz", "/usr/share/man/man7/EVP_RAND-SEED-SRC.7ssl.gz", "/usr/share/man/man7/EVP_RAND-TEST-RAND.7ssl.gz", "/usr/share/man/man7/EVP_RAND.7ssl.gz", "/usr/share/man/man7/EVP_SIGNATURE-DSA.7ssl.gz", "/usr/share/man/man7/EVP_SIGNATURE-ECDSA.7ssl.gz", "/usr/share/man/man7/EVP_SIGNATURE-ED25519.7ssl.gz", "/usr/share/man/man7/EVP_SIGNATURE-HMAC.7ssl.gz", "/usr/share/man/man7/EVP_SIGNATURE-ML-DSA.7ssl.gz", "/usr/share/man/man7/EVP_SIGNATURE-RSA.7ssl.gz", "/usr/share/man/man7/EVP_SIGNATURE-SLH-DSA.7ssl.gz", "/usr/share/man/man7/OSSL_PROVIDER-FIPS.7ssl.gz", "/usr/share/man/man7/OSSL_PROVIDER-base.7ssl.gz", "/usr/share/man/man7/OSSL_PROVIDER-default.7ssl.gz", "/usr/share/man/man7/OSSL_PROVIDER-legacy.7ssl.gz", "/usr/share/man/man7/OSSL_PROVIDER-null.7ssl.gz", "/usr/share/man/man7/OSSL_STORE-winstore.7ssl.gz", "/usr/share/man/man7/RAND.7ssl.gz", "/usr/share/man/man7/RSA-PSS.7ssl.gz", "/usr/share/man/man7/X25519.7ssl.gz", "/usr/share/man/man7/bio.7ssl.gz", "/usr/share/man/man7/ct.7ssl.gz", "/usr/share/man/man7/des_modes.7ssl.gz", "/usr/share/man/man7/evp.7ssl.gz", "/usr/share/man/man7/fips_module.7ssl.gz", "/usr/share/man/man7/life_cycle-cipher.7ssl.gz", "/usr/share/man/man7/life_cycle-digest.7ssl.gz", "/usr/share/man/man7/life_cycle-kdf.7ssl.gz", "/usr/share/man/man7/life_cycle-mac.7ssl.gz", "/usr/share/man/man7/life_cycle-pkey.7ssl.gz", "/usr/share/man/man7/life_cycle-rand.7ssl.gz", "/usr/share/man/man7/openssl-core.h.7ssl.gz", "/usr/share/man/man7/openssl-core_dispatch.h.7ssl.gz", "/usr/share/man/man7/openssl-core_names.h.7ssl.gz", "/usr/share/man/man7/openssl-env.7ssl.gz", "/usr/share/man/man7/openssl-glossary.7ssl.gz", "/usr/share/man/man7/openssl-qlog.7ssl.gz", "/usr/share/man/man7/openssl-quic-concurrency.7ssl.gz", "/usr/share/man/man7/openssl-quic.7ssl.gz", "/usr/share/man/man7/openssl-threads.7ssl.gz", "/usr/share/man/man7/openssl_user_macros.7ssl.gz", "/usr/share/man/man7/ossl-guide-introduction.7ssl.gz", "/usr/share/man/man7/ossl-guide-libcrypto-introduction.7ssl.gz", "/usr/share/man/man7/ossl-guide-libraries-introduction.7ssl.gz", "/usr/share/man/man7/ossl-guide-libssl-introduction.7ssl.gz", "/usr/share/man/man7/ossl-guide-migration.7ssl.gz", "/usr/share/man/man7/ossl-guide-quic-client-block.7ssl.gz", "/usr/share/man/man7/ossl-guide-quic-client-non-block.7ssl.gz", "/usr/share/man/man7/ossl-guide-quic-introduction.7ssl.gz", "/usr/share/man/man7/ossl-guide-quic-multi-stream.7ssl.gz", "/usr/share/man/man7/ossl-guide-quic-server-block.7ssl.gz", "/usr/share/man/man7/ossl-guide-quic-server-non-block.7ssl.gz", "/usr/share/man/man7/ossl-guide-tls-client-block.7ssl.gz", "/usr/share/man/man7/ossl-guide-tls-client-non-block.7ssl.gz", "/usr/share/man/man7/ossl-guide-tls-introduction.7ssl.gz", "/usr/share/man/man7/ossl-guide-tls-server-block.7ssl.gz", "/usr/share/man/man7/ossl_store-file.7ssl.gz", "/usr/share/man/man7/ossl_store.7ssl.gz", "/usr/share/man/man7/passphrase-encoding.7ssl.gz", "/usr/share/man/man7/property.7ssl.gz", "/usr/share/man/man7/provider-asym_cipher.7ssl.gz", "/usr/share/man/man7/provider-base.7ssl.gz", "/usr/share/man/man7/provider-cipher.7ssl.gz", "/usr/share/man/man7/provider-decoder.7ssl.gz", "/usr/share/man/man7/provider-digest.7ssl.gz", "/usr/share/man/man7/provider-encoder.7ssl.gz", "/usr/share/man/man7/provider-kdf.7ssl.gz", "/usr/share/man/man7/provider-kem.7ssl.gz", "/usr/share/man/man7/provider-keyexch.7ssl.gz", "/usr/share/man/man7/provider-keymgmt.7ssl.gz", "/usr/share/man/man7/provider-mac.7ssl.gz", "/usr/share/man/man7/provider-object.7ssl.gz", "/usr/share/man/man7/provider-rand.7ssl.gz", "/usr/share/man/man7/provider-signature.7ssl.gz", "/usr/share/man/man7/provider-skeymgmt.7ssl.gz", "/usr/share/man/man7/provider-storemgmt.7ssl.gz", "/usr/share/man/man7/provider.7ssl.gz", "/usr/share/man/man7/proxy-certificates.7ssl.gz", "/usr/share/man/man7/x509.7ssl.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "openssl-provider-legacy@3.5.5-1~deb13u2", "Name": "openssl-provider-legacy", "Identifier": { "PURL": "pkg:deb/debian/openssl-provider-legacy@3.5.5-1~deb13u2?arch=amd64\u0026distro=debian-13.4", "UID": "28ae5dc4d1707f9a" }, "Version": "3.5.5", "Release": "1~deb13u2", "Arch": "amd64", "SrcName": "openssl", "SrcVersion": "3.5.5", "SrcRelease": "1~deb13u2", "Licenses": [ "Apache-2.0", "Artistic-2.0", "GPL-1.0-or-later", "GPL-1.0-only" ], "Maintainer": "Debian OpenSSL Team \u003cpkg-openssl-devel@alioth-lists.debian.net\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2", "libssl3t64@3.5.5-1~deb13u2" ], "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/ossl-modules/legacy.so", "/usr/share/doc/openssl-provider-legacy/changelog.Debian.gz", "/usr/share/doc/openssl-provider-legacy/changelog.gz", "/usr/share/doc/openssl-provider-legacy/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "passwd@1:4.17.4-2", "Name": "passwd", "Identifier": { "PURL": "pkg:deb/debian/passwd@4.17.4-2?arch=amd64\u0026distro=debian-13.4\u0026epoch=1", "UID": "97a8e708d58db4b1" }, "Version": "4.17.4", "Release": "2", "Epoch": 1, "Arch": "amd64", "SrcName": "shadow", "SrcVersion": "4.17.4", "SrcRelease": "2", "SrcEpoch": 1, "Licenses": [ "BSD-3-Clause", "GPL-1.0-only", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Shadow package maintainers \u003cpkg-shadow-devel@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "base-passwd@3.6.7", "libacl1@2.3.2-2+b1", "libattr1@1:2.5.2-3", "libaudit1@1:4.0.2-2+b2", "libbsd0@0.12.2-2", "libc6@2.41-12+deb13u2", "libcrypt1@1:4.4.38-1", "libpam-modules@1.7.0-5", "libpam0g@1.7.0-5", "libselinux1@3.8.1-1", "libsemanage2@3.8.1-1", "login.defs@1:4.17.4-2" ], "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/bin/chage", "/usr/bin/chfn", "/usr/bin/chsh", "/usr/bin/expiry", "/usr/bin/gpasswd", "/usr/bin/passwd", "/usr/lib/tmpfiles.d/passwd.conf", "/usr/sbin/chgpasswd", "/usr/sbin/chpasswd", "/usr/sbin/groupadd", "/usr/sbin/groupdel", "/usr/sbin/groupmod", "/usr/sbin/grpck", "/usr/sbin/grpconv", "/usr/sbin/grpunconv", "/usr/sbin/newusers", "/usr/sbin/pwck", "/usr/sbin/pwconv", "/usr/sbin/pwunconv", "/usr/sbin/shadowconfig", "/usr/sbin/useradd", "/usr/sbin/userdel", "/usr/sbin/usermod", "/usr/sbin/vipw", "/usr/share/doc/passwd/NEWS.Debian.gz", "/usr/share/doc/passwd/README.Debian", "/usr/share/doc/passwd/TODO.Debian", "/usr/share/doc/passwd/changelog.Debian.gz", "/usr/share/doc/passwd/changelog.gz", "/usr/share/doc/passwd/copyright", "/usr/share/doc/passwd/examples/passwd.expire.cron", "/usr/share/lintian/overrides/passwd", "/usr/share/locale/bs/LC_MESSAGES/shadow.mo", "/usr/share/locale/ca/LC_MESSAGES/shadow.mo", "/usr/share/locale/cs/LC_MESSAGES/shadow.mo", "/usr/share/locale/da/LC_MESSAGES/shadow.mo", "/usr/share/locale/de/LC_MESSAGES/shadow.mo", "/usr/share/locale/dz/LC_MESSAGES/shadow.mo", "/usr/share/locale/el/LC_MESSAGES/shadow.mo", "/usr/share/locale/es/LC_MESSAGES/shadow.mo", "/usr/share/locale/eu/LC_MESSAGES/shadow.mo", "/usr/share/locale/fi/LC_MESSAGES/shadow.mo", "/usr/share/locale/fr/LC_MESSAGES/shadow.mo", "/usr/share/locale/gl/LC_MESSAGES/shadow.mo", "/usr/share/locale/he/LC_MESSAGES/shadow.mo", "/usr/share/locale/hu/LC_MESSAGES/shadow.mo", "/usr/share/locale/id/LC_MESSAGES/shadow.mo", "/usr/share/locale/it/LC_MESSAGES/shadow.mo", "/usr/share/locale/ja/LC_MESSAGES/shadow.mo", "/usr/share/locale/ka/LC_MESSAGES/shadow.mo", "/usr/share/locale/kk/LC_MESSAGES/shadow.mo", "/usr/share/locale/km/LC_MESSAGES/shadow.mo", "/usr/share/locale/ko/LC_MESSAGES/shadow.mo", "/usr/share/locale/nb/LC_MESSAGES/shadow.mo", "/usr/share/locale/ne/LC_MESSAGES/shadow.mo", "/usr/share/locale/nl/LC_MESSAGES/shadow.mo", "/usr/share/locale/nn/LC_MESSAGES/shadow.mo", "/usr/share/locale/pl/LC_MESSAGES/shadow.mo", "/usr/share/locale/pt/LC_MESSAGES/shadow.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/shadow.mo", "/usr/share/locale/ro/LC_MESSAGES/shadow.mo", "/usr/share/locale/ru/LC_MESSAGES/shadow.mo", "/usr/share/locale/sk/LC_MESSAGES/shadow.mo", "/usr/share/locale/sq/LC_MESSAGES/shadow.mo", "/usr/share/locale/sv/LC_MESSAGES/shadow.mo", "/usr/share/locale/tl/LC_MESSAGES/shadow.mo", "/usr/share/locale/tr/LC_MESSAGES/shadow.mo", "/usr/share/locale/uk/LC_MESSAGES/shadow.mo", "/usr/share/locale/vi/LC_MESSAGES/shadow.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/shadow.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/shadow.mo", "/usr/share/man/cs/man1/expiry.1.gz", "/usr/share/man/cs/man1/gpasswd.1.gz", "/usr/share/man/cs/man5/gshadow.5.gz", "/usr/share/man/cs/man5/passwd.5.gz", "/usr/share/man/cs/man5/shadow.5.gz", "/usr/share/man/cs/man8/groupadd.8.gz", "/usr/share/man/cs/man8/groupdel.8.gz", "/usr/share/man/cs/man8/groupmod.8.gz", "/usr/share/man/cs/man8/grpck.8.gz", "/usr/share/man/cs/man8/vipw.8.gz", "/usr/share/man/da/man1/chfn.1.gz", "/usr/share/man/da/man5/gshadow.5.gz", "/usr/share/man/da/man8/groupdel.8.gz", "/usr/share/man/da/man8/vipw.8.gz", "/usr/share/man/de/man1/chage.1.gz", "/usr/share/man/de/man1/chfn.1.gz", "/usr/share/man/de/man1/chsh.1.gz", "/usr/share/man/de/man1/expiry.1.gz", "/usr/share/man/de/man1/gpasswd.1.gz", "/usr/share/man/de/man1/passwd.1.gz", "/usr/share/man/de/man5/gshadow.5.gz", "/usr/share/man/de/man5/passwd.5.gz", "/usr/share/man/de/man5/shadow.5.gz", "/usr/share/man/de/man8/chgpasswd.8.gz", "/usr/share/man/de/man8/chpasswd.8.gz", "/usr/share/man/de/man8/groupadd.8.gz", "/usr/share/man/de/man8/groupdel.8.gz", "/usr/share/man/de/man8/groupmod.8.gz", "/usr/share/man/de/man8/grpck.8.gz", "/usr/share/man/de/man8/newusers.8.gz", "/usr/share/man/de/man8/pwck.8.gz", "/usr/share/man/de/man8/pwconv.8.gz", "/usr/share/man/de/man8/useradd.8.gz", "/usr/share/man/de/man8/userdel.8.gz", "/usr/share/man/de/man8/usermod.8.gz", "/usr/share/man/de/man8/vipw.8.gz", "/usr/share/man/fi/man1/chfn.1.gz", "/usr/share/man/fi/man1/chsh.1.gz", "/usr/share/man/fr/man1/chage.1.gz", "/usr/share/man/fr/man1/chfn.1.gz", "/usr/share/man/fr/man1/chsh.1.gz", "/usr/share/man/fr/man1/expiry.1.gz", "/usr/share/man/fr/man1/gpasswd.1.gz", "/usr/share/man/fr/man1/passwd.1.gz", "/usr/share/man/fr/man5/gshadow.5.gz", "/usr/share/man/fr/man5/passwd.5.gz", "/usr/share/man/fr/man5/shadow.5.gz", "/usr/share/man/fr/man5/subgid.5.gz", "/usr/share/man/fr/man5/subuid.5.gz", "/usr/share/man/fr/man8/chgpasswd.8.gz", "/usr/share/man/fr/man8/chpasswd.8.gz", "/usr/share/man/fr/man8/groupadd.8.gz", "/usr/share/man/fr/man8/groupdel.8.gz", "/usr/share/man/fr/man8/groupmod.8.gz", "/usr/share/man/fr/man8/grpck.8.gz", "/usr/share/man/fr/man8/newusers.8.gz", "/usr/share/man/fr/man8/pwck.8.gz", "/usr/share/man/fr/man8/pwconv.8.gz", "/usr/share/man/fr/man8/useradd.8.gz", "/usr/share/man/fr/man8/userdel.8.gz", "/usr/share/man/fr/man8/usermod.8.gz", "/usr/share/man/fr/man8/vipw.8.gz", "/usr/share/man/hu/man1/chsh.1.gz", "/usr/share/man/hu/man1/gpasswd.1.gz", "/usr/share/man/hu/man1/passwd.1.gz", "/usr/share/man/hu/man5/passwd.5.gz", "/usr/share/man/id/man1/chsh.1.gz", "/usr/share/man/id/man8/useradd.8.gz", "/usr/share/man/it/man1/chage.1.gz", "/usr/share/man/it/man1/chfn.1.gz", "/usr/share/man/it/man1/chsh.1.gz", "/usr/share/man/it/man1/expiry.1.gz", "/usr/share/man/it/man1/gpasswd.1.gz", "/usr/share/man/it/man1/passwd.1.gz", "/usr/share/man/it/man5/gshadow.5.gz", "/usr/share/man/it/man5/passwd.5.gz", "/usr/share/man/it/man5/shadow.5.gz", "/usr/share/man/it/man8/chgpasswd.8.gz", "/usr/share/man/it/man8/chpasswd.8.gz", "/usr/share/man/it/man8/groupadd.8.gz", "/usr/share/man/it/man8/groupdel.8.gz", "/usr/share/man/it/man8/groupmod.8.gz", "/usr/share/man/it/man8/grpck.8.gz", "/usr/share/man/it/man8/newusers.8.gz", "/usr/share/man/it/man8/pwck.8.gz", "/usr/share/man/it/man8/pwconv.8.gz", "/usr/share/man/it/man8/useradd.8.gz", "/usr/share/man/it/man8/userdel.8.gz", "/usr/share/man/it/man8/usermod.8.gz", "/usr/share/man/it/man8/vipw.8.gz", "/usr/share/man/ja/man1/chage.1.gz", "/usr/share/man/ja/man1/chfn.1.gz", "/usr/share/man/ja/man1/chsh.1.gz", "/usr/share/man/ja/man1/expiry.1.gz", "/usr/share/man/ja/man1/gpasswd.1.gz", "/usr/share/man/ja/man1/passwd.1.gz", "/usr/share/man/ja/man5/passwd.5.gz", "/usr/share/man/ja/man5/shadow.5.gz", "/usr/share/man/ja/man8/chpasswd.8.gz", "/usr/share/man/ja/man8/groupadd.8.gz", "/usr/share/man/ja/man8/groupdel.8.gz", "/usr/share/man/ja/man8/groupmod.8.gz", "/usr/share/man/ja/man8/grpck.8.gz", "/usr/share/man/ja/man8/newusers.8.gz", "/usr/share/man/ja/man8/pwck.8.gz", "/usr/share/man/ja/man8/pwconv.8.gz", "/usr/share/man/ja/man8/useradd.8.gz", "/usr/share/man/ja/man8/userdel.8.gz", "/usr/share/man/ja/man8/usermod.8.gz", "/usr/share/man/ja/man8/vipw.8.gz", "/usr/share/man/ko/man1/chfn.1.gz", "/usr/share/man/ko/man1/chsh.1.gz", "/usr/share/man/ko/man5/passwd.5.gz", "/usr/share/man/ko/man8/vipw.8.gz", "/usr/share/man/man1/chage.1.gz", "/usr/share/man/man1/chfn.1.gz", "/usr/share/man/man1/chsh.1.gz", "/usr/share/man/man1/expiry.1.gz", "/usr/share/man/man1/gpasswd.1.gz", "/usr/share/man/man1/passwd.1.gz", "/usr/share/man/man5/gshadow.5.gz", "/usr/share/man/man5/passwd.5.gz", "/usr/share/man/man5/shadow.5.gz", "/usr/share/man/man5/subgid.5.gz", "/usr/share/man/man5/subuid.5.gz", "/usr/share/man/man8/chgpasswd.8.gz", "/usr/share/man/man8/chpasswd.8.gz", "/usr/share/man/man8/groupadd.8.gz", "/usr/share/man/man8/groupdel.8.gz", "/usr/share/man/man8/groupmod.8.gz", "/usr/share/man/man8/grpck.8.gz", "/usr/share/man/man8/newusers.8.gz", "/usr/share/man/man8/pwck.8.gz", "/usr/share/man/man8/pwconv.8.gz", "/usr/share/man/man8/shadowconfig.8.gz", "/usr/share/man/man8/useradd.8.gz", "/usr/share/man/man8/userdel.8.gz", "/usr/share/man/man8/usermod.8.gz", "/usr/share/man/man8/vipw.8.gz", "/usr/share/man/pl/man1/chage.1.gz", "/usr/share/man/pl/man1/chsh.1.gz", "/usr/share/man/pl/man1/expiry.1.gz", "/usr/share/man/pl/man8/groupadd.8.gz", "/usr/share/man/pl/man8/groupdel.8.gz", "/usr/share/man/pl/man8/groupmod.8.gz", "/usr/share/man/pl/man8/grpck.8.gz", "/usr/share/man/pl/man8/userdel.8.gz", "/usr/share/man/pl/man8/usermod.8.gz", "/usr/share/man/pl/man8/vipw.8.gz", "/usr/share/man/pt_BR/man1/gpasswd.1.gz", "/usr/share/man/pt_BR/man5/passwd.5.gz", "/usr/share/man/pt_BR/man5/shadow.5.gz", "/usr/share/man/pt_BR/man8/groupadd.8.gz", "/usr/share/man/pt_BR/man8/groupdel.8.gz", "/usr/share/man/pt_BR/man8/groupmod.8.gz", "/usr/share/man/ru/man1/chage.1.gz", "/usr/share/man/ru/man1/chfn.1.gz", "/usr/share/man/ru/man1/chsh.1.gz", "/usr/share/man/ru/man1/expiry.1.gz", "/usr/share/man/ru/man1/gpasswd.1.gz", "/usr/share/man/ru/man1/passwd.1.gz", "/usr/share/man/ru/man5/gshadow.5.gz", "/usr/share/man/ru/man5/passwd.5.gz", "/usr/share/man/ru/man5/shadow.5.gz", "/usr/share/man/ru/man8/chgpasswd.8.gz", "/usr/share/man/ru/man8/chpasswd.8.gz", "/usr/share/man/ru/man8/groupadd.8.gz", "/usr/share/man/ru/man8/groupdel.8.gz", "/usr/share/man/ru/man8/groupmod.8.gz", "/usr/share/man/ru/man8/grpck.8.gz", "/usr/share/man/ru/man8/newusers.8.gz", "/usr/share/man/ru/man8/pwck.8.gz", "/usr/share/man/ru/man8/pwconv.8.gz", "/usr/share/man/ru/man8/useradd.8.gz", "/usr/share/man/ru/man8/userdel.8.gz", "/usr/share/man/ru/man8/usermod.8.gz", "/usr/share/man/ru/man8/vipw.8.gz", "/usr/share/man/sv/man1/chage.1.gz", "/usr/share/man/sv/man1/chsh.1.gz", "/usr/share/man/sv/man1/expiry.1.gz", "/usr/share/man/sv/man1/passwd.1.gz", "/usr/share/man/sv/man5/gshadow.5.gz", "/usr/share/man/sv/man5/passwd.5.gz", "/usr/share/man/sv/man8/groupadd.8.gz", "/usr/share/man/sv/man8/groupdel.8.gz", "/usr/share/man/sv/man8/groupmod.8.gz", "/usr/share/man/sv/man8/grpck.8.gz", "/usr/share/man/sv/man8/pwck.8.gz", "/usr/share/man/sv/man8/userdel.8.gz", "/usr/share/man/sv/man8/vipw.8.gz", "/usr/share/man/tr/man1/chage.1.gz", "/usr/share/man/tr/man1/chfn.1.gz", "/usr/share/man/tr/man1/passwd.1.gz", "/usr/share/man/tr/man5/passwd.5.gz", "/usr/share/man/tr/man5/shadow.5.gz", "/usr/share/man/tr/man8/groupadd.8.gz", "/usr/share/man/tr/man8/groupdel.8.gz", "/usr/share/man/tr/man8/groupmod.8.gz", "/usr/share/man/tr/man8/useradd.8.gz", "/usr/share/man/tr/man8/userdel.8.gz", "/usr/share/man/tr/man8/usermod.8.gz", "/usr/share/man/uk/man1/chage.1.gz", "/usr/share/man/uk/man1/chfn.1.gz", "/usr/share/man/uk/man1/chsh.1.gz", "/usr/share/man/uk/man1/expiry.1.gz", "/usr/share/man/uk/man1/gpasswd.1.gz", "/usr/share/man/uk/man1/passwd.1.gz", "/usr/share/man/uk/man5/gshadow.5.gz", "/usr/share/man/uk/man5/passwd.5.gz", "/usr/share/man/uk/man5/shadow.5.gz", "/usr/share/man/uk/man8/chgpasswd.8.gz", "/usr/share/man/uk/man8/chpasswd.8.gz", "/usr/share/man/uk/man8/groupadd.8.gz", "/usr/share/man/uk/man8/groupdel.8.gz", "/usr/share/man/uk/man8/groupmod.8.gz", "/usr/share/man/uk/man8/grpck.8.gz", "/usr/share/man/uk/man8/newusers.8.gz", "/usr/share/man/uk/man8/pwck.8.gz", "/usr/share/man/uk/man8/pwconv.8.gz", "/usr/share/man/uk/man8/useradd.8.gz", "/usr/share/man/uk/man8/userdel.8.gz", "/usr/share/man/uk/man8/usermod.8.gz", "/usr/share/man/uk/man8/vipw.8.gz", "/usr/share/man/zh_CN/man1/chage.1.gz", "/usr/share/man/zh_CN/man1/chfn.1.gz", "/usr/share/man/zh_CN/man1/chsh.1.gz", "/usr/share/man/zh_CN/man1/expiry.1.gz", "/usr/share/man/zh_CN/man1/gpasswd.1.gz", "/usr/share/man/zh_CN/man1/passwd.1.gz", "/usr/share/man/zh_CN/man5/gshadow.5.gz", "/usr/share/man/zh_CN/man5/passwd.5.gz", "/usr/share/man/zh_CN/man5/shadow.5.gz", "/usr/share/man/zh_CN/man8/chgpasswd.8.gz", "/usr/share/man/zh_CN/man8/chpasswd.8.gz", "/usr/share/man/zh_CN/man8/groupadd.8.gz", "/usr/share/man/zh_CN/man8/groupdel.8.gz", "/usr/share/man/zh_CN/man8/groupmod.8.gz", "/usr/share/man/zh_CN/man8/grpck.8.gz", "/usr/share/man/zh_CN/man8/newusers.8.gz", "/usr/share/man/zh_CN/man8/pwck.8.gz", "/usr/share/man/zh_CN/man8/pwconv.8.gz", "/usr/share/man/zh_CN/man8/useradd.8.gz", "/usr/share/man/zh_CN/man8/userdel.8.gz", "/usr/share/man/zh_CN/man8/usermod.8.gz", "/usr/share/man/zh_CN/man8/vipw.8.gz", "/usr/share/man/zh_TW/man1/chfn.1.gz", "/usr/share/man/zh_TW/man1/chsh.1.gz", "/usr/share/man/zh_TW/man5/passwd.5.gz", "/usr/share/man/zh_TW/man8/chpasswd.8.gz", "/usr/share/man/zh_TW/man8/groupadd.8.gz", "/usr/share/man/zh_TW/man8/groupdel.8.gz", "/usr/share/man/zh_TW/man8/groupmod.8.gz", "/usr/share/man/zh_TW/man8/useradd.8.gz", "/usr/share/man/zh_TW/man8/userdel.8.gz", "/usr/share/man/zh_TW/man8/usermod.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "pkgconf@1.8.1-4", "Name": "pkgconf", "Identifier": { "PURL": "pkg:deb/debian/pkgconf@1.8.1-4?arch=amd64\u0026distro=debian-13.4", "UID": "9eaecff43b7da66d" }, "Version": "1.8.1", "Release": "4", "Arch": "amd64", "SrcName": "pkgconf", "SrcVersion": "1.8.1", "SrcRelease": "4", "Licenses": [ "ISC", "BSD-4-Clause", "BSD-2-Clause", "X11", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Andrej Shadura \u003candrewsh@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "pkgconf-bin@1.8.1-4" ], "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "InstalledFiles": [ "/usr/share/aclocal/pkg.m4", "/usr/share/doc/pkgconf/changelog.Debian.gz", "/usr/share/doc/pkgconf/changelog.gz", "/usr/share/doc/pkgconf/copyright", "/usr/share/lintian/overrides/pkgconf", "/usr/share/man/man1/pkgconf.1.gz", "/usr/share/man/man5/pc.5.gz", "/usr/share/man/man5/pkgconf-personality.5.gz", "/usr/share/man/man7/pkg.m4.7.gz", "/usr/share/pkgconfig/personality.d/x86_64-linux-gnu.personality" ], "AnalyzedBy": "dpkg" }, { "ID": "pkgconf-bin@1.8.1-4", "Name": "pkgconf-bin", "Identifier": { "PURL": "pkg:deb/debian/pkgconf-bin@1.8.1-4?arch=amd64\u0026distro=debian-13.4", "UID": "ebf926e2f851fea7" }, "Version": "1.8.1", "Release": "4", "Arch": "amd64", "SrcName": "pkgconf", "SrcVersion": "1.8.1", "SrcRelease": "4", "Licenses": [ "ISC", "BSD-4-Clause", "BSD-2-Clause", "X11", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Andrej Shadura \u003candrewsh@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2", "libpkgconf3@1.8.1-4" ], "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "InstalledFiles": [ "/usr/bin/pkgconf", "/usr/share/doc/pkgconf-bin/AUTHORS", "/usr/share/doc/pkgconf-bin/README.md.gz", "/usr/share/doc/pkgconf-bin/changelog.Debian.gz", "/usr/share/doc/pkgconf-bin/changelog.gz", "/usr/share/doc/pkgconf-bin/copyright", "/usr/share/lintian/overrides/pkgconf-bin" ], "AnalyzedBy": "dpkg" }, { "ID": "ssl-cert@1.1.3", "Name": "ssl-cert", "Identifier": { "PURL": "pkg:deb/debian/ssl-cert@1.1.3?arch=all\u0026distro=debian-13.4", "UID": "d8cd559e8194d0d" }, "Version": "1.1.3", "Arch": "all", "SrcName": "ssl-cert", "SrcVersion": "1.1.3", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Debian Apache Maintainers \u003cdebian-apache@lists.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "adduser@3.152", "debconf@1.5.91", "openssl@3.5.5-1~deb13u2" ], "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "InstalledFiles": [ "/usr/sbin/make-ssl-cert", "/usr/share/doc/ssl-cert/README", "/usr/share/doc/ssl-cert/changelog.gz", "/usr/share/doc/ssl-cert/copyright", "/usr/share/lintian/overrides/ssl-cert", "/usr/share/man/man8/make-ssl-cert.8.gz", "/usr/share/ssl-cert/ssleay.cnf" ], "AnalyzedBy": "dpkg" }, { "ID": "tini@0.19.0-3+b6", "Name": "tini", "Identifier": { "PURL": "pkg:deb/debian/tini@0.19.0-3%2Bb6?arch=amd64\u0026distro=debian-13.4", "UID": "c9fa58318c8ae6ee" }, "Version": "0.19.0", "Release": "3+b6", "Arch": "amd64", "SrcName": "tini", "SrcVersion": "0.19.0", "SrcRelease": "3", "Licenses": [ "MIT" ], "Maintainer": "ChangZhuo Chen (陳昌倬) \u003cczchen@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2" ], "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "InstalledFiles": [ "/usr/bin/tini", "/usr/bin/tini-static", "/usr/share/doc/tini/changelog.Debian.amd64.gz", "/usr/share/doc/tini/changelog.Debian.gz", "/usr/share/doc/tini/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "tzdata@2026a-0+deb13u1", "Name": "tzdata", "Identifier": { "PURL": "pkg:deb/debian/tzdata@2026a-0%2Bdeb13u1?arch=all\u0026distro=debian-13.4", "UID": "86ca7fb62175fe5b" }, "Version": "2026a", "Release": "0+deb13u1", "Arch": "all", "SrcName": "tzdata", "SrcVersion": "2026a", "SrcRelease": "0+deb13u1", "Licenses": [ "public-domain" ], "Maintainer": "GNU Libc Maintainers \u003cdebian-glibc@lists.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debconf@1.5.91" ], "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/share/doc/tzdata/NEWS.Debian.gz", "/usr/share/doc/tzdata/README.Debian", "/usr/share/doc/tzdata/changelog.Debian.gz", "/usr/share/doc/tzdata/changelog.gz", "/usr/share/doc/tzdata/copyright", "/usr/share/lintian/overrides/tzdata", "/usr/share/zoneinfo/Africa/Abidjan", "/usr/share/zoneinfo/Africa/Accra", "/usr/share/zoneinfo/Africa/Addis_Ababa", "/usr/share/zoneinfo/Africa/Algiers", "/usr/share/zoneinfo/Africa/Asmara", "/usr/share/zoneinfo/Africa/Bamako", "/usr/share/zoneinfo/Africa/Bangui", "/usr/share/zoneinfo/Africa/Banjul", "/usr/share/zoneinfo/Africa/Bissau", "/usr/share/zoneinfo/Africa/Blantyre", "/usr/share/zoneinfo/Africa/Brazzaville", "/usr/share/zoneinfo/Africa/Bujumbura", "/usr/share/zoneinfo/Africa/Cairo", "/usr/share/zoneinfo/Africa/Casablanca", "/usr/share/zoneinfo/Africa/Ceuta", "/usr/share/zoneinfo/Africa/Conakry", "/usr/share/zoneinfo/Africa/Dakar", "/usr/share/zoneinfo/Africa/Dar_es_Salaam", "/usr/share/zoneinfo/Africa/Djibouti", "/usr/share/zoneinfo/Africa/Douala", "/usr/share/zoneinfo/Africa/El_Aaiun", "/usr/share/zoneinfo/Africa/Freetown", "/usr/share/zoneinfo/Africa/Gaborone", "/usr/share/zoneinfo/Africa/Harare", "/usr/share/zoneinfo/Africa/Johannesburg", "/usr/share/zoneinfo/Africa/Juba", "/usr/share/zoneinfo/Africa/Kampala", "/usr/share/zoneinfo/Africa/Khartoum", "/usr/share/zoneinfo/Africa/Kigali", "/usr/share/zoneinfo/Africa/Kinshasa", "/usr/share/zoneinfo/Africa/Lagos", "/usr/share/zoneinfo/Africa/Libreville", "/usr/share/zoneinfo/Africa/Lome", "/usr/share/zoneinfo/Africa/Luanda", "/usr/share/zoneinfo/Africa/Lubumbashi", "/usr/share/zoneinfo/Africa/Lusaka", "/usr/share/zoneinfo/Africa/Malabo", "/usr/share/zoneinfo/Africa/Maputo", "/usr/share/zoneinfo/Africa/Maseru", "/usr/share/zoneinfo/Africa/Mbabane", "/usr/share/zoneinfo/Africa/Mogadishu", "/usr/share/zoneinfo/Africa/Monrovia", "/usr/share/zoneinfo/Africa/Nairobi", "/usr/share/zoneinfo/Africa/Ndjamena", "/usr/share/zoneinfo/Africa/Niamey", "/usr/share/zoneinfo/Africa/Nouakchott", "/usr/share/zoneinfo/Africa/Ouagadougou", "/usr/share/zoneinfo/Africa/Porto-Novo", "/usr/share/zoneinfo/Africa/Sao_Tome", "/usr/share/zoneinfo/Africa/Tripoli", "/usr/share/zoneinfo/Africa/Tunis", "/usr/share/zoneinfo/Africa/Windhoek", "/usr/share/zoneinfo/America/Adak", "/usr/share/zoneinfo/America/Anchorage", "/usr/share/zoneinfo/America/Anguilla", "/usr/share/zoneinfo/America/Antigua", "/usr/share/zoneinfo/America/Araguaina", "/usr/share/zoneinfo/America/Argentina/Buenos_Aires", "/usr/share/zoneinfo/America/Argentina/Catamarca", "/usr/share/zoneinfo/America/Argentina/Cordoba", "/usr/share/zoneinfo/America/Argentina/Jujuy", "/usr/share/zoneinfo/America/Argentina/La_Rioja", "/usr/share/zoneinfo/America/Argentina/Mendoza", "/usr/share/zoneinfo/America/Argentina/Rio_Gallegos", "/usr/share/zoneinfo/America/Argentina/Salta", "/usr/share/zoneinfo/America/Argentina/San_Juan", "/usr/share/zoneinfo/America/Argentina/San_Luis", "/usr/share/zoneinfo/America/Argentina/Tucuman", "/usr/share/zoneinfo/America/Argentina/Ushuaia", "/usr/share/zoneinfo/America/Aruba", "/usr/share/zoneinfo/America/Asuncion", "/usr/share/zoneinfo/America/Atikokan", "/usr/share/zoneinfo/America/Bahia", "/usr/share/zoneinfo/America/Bahia_Banderas", "/usr/share/zoneinfo/America/Barbados", "/usr/share/zoneinfo/America/Belem", "/usr/share/zoneinfo/America/Belize", "/usr/share/zoneinfo/America/Blanc-Sablon", "/usr/share/zoneinfo/America/Boa_Vista", "/usr/share/zoneinfo/America/Bogota", "/usr/share/zoneinfo/America/Boise", "/usr/share/zoneinfo/America/Cambridge_Bay", "/usr/share/zoneinfo/America/Campo_Grande", "/usr/share/zoneinfo/America/Cancun", "/usr/share/zoneinfo/America/Caracas", "/usr/share/zoneinfo/America/Cayenne", "/usr/share/zoneinfo/America/Cayman", "/usr/share/zoneinfo/America/Chicago", "/usr/share/zoneinfo/America/Chihuahua", "/usr/share/zoneinfo/America/Ciudad_Juarez", "/usr/share/zoneinfo/America/Costa_Rica", "/usr/share/zoneinfo/America/Coyhaique", "/usr/share/zoneinfo/America/Creston", "/usr/share/zoneinfo/America/Cuiaba", "/usr/share/zoneinfo/America/Curacao", "/usr/share/zoneinfo/America/Danmarkshavn", "/usr/share/zoneinfo/America/Dawson", "/usr/share/zoneinfo/America/Dawson_Creek", "/usr/share/zoneinfo/America/Denver", "/usr/share/zoneinfo/America/Detroit", "/usr/share/zoneinfo/America/Dominica", "/usr/share/zoneinfo/America/Edmonton", "/usr/share/zoneinfo/America/Eirunepe", "/usr/share/zoneinfo/America/El_Salvador", "/usr/share/zoneinfo/America/Fort_Nelson", "/usr/share/zoneinfo/America/Fortaleza", "/usr/share/zoneinfo/America/Glace_Bay", "/usr/share/zoneinfo/America/Goose_Bay", "/usr/share/zoneinfo/America/Grand_Turk", "/usr/share/zoneinfo/America/Grenada", "/usr/share/zoneinfo/America/Guadeloupe", "/usr/share/zoneinfo/America/Guatemala", "/usr/share/zoneinfo/America/Guayaquil", "/usr/share/zoneinfo/America/Guyana", "/usr/share/zoneinfo/America/Halifax", "/usr/share/zoneinfo/America/Havana", "/usr/share/zoneinfo/America/Hermosillo", "/usr/share/zoneinfo/America/Indiana/Indianapolis", "/usr/share/zoneinfo/America/Indiana/Knox", "/usr/share/zoneinfo/America/Indiana/Marengo", "/usr/share/zoneinfo/America/Indiana/Petersburg", "/usr/share/zoneinfo/America/Indiana/Tell_City", "/usr/share/zoneinfo/America/Indiana/Vevay", "/usr/share/zoneinfo/America/Indiana/Vincennes", "/usr/share/zoneinfo/America/Indiana/Winamac", "/usr/share/zoneinfo/America/Inuvik", "/usr/share/zoneinfo/America/Iqaluit", "/usr/share/zoneinfo/America/Jamaica", "/usr/share/zoneinfo/America/Juneau", "/usr/share/zoneinfo/America/Kentucky/Louisville", "/usr/share/zoneinfo/America/Kentucky/Monticello", "/usr/share/zoneinfo/America/La_Paz", "/usr/share/zoneinfo/America/Lima", "/usr/share/zoneinfo/America/Los_Angeles", "/usr/share/zoneinfo/America/Maceio", "/usr/share/zoneinfo/America/Managua", "/usr/share/zoneinfo/America/Manaus", "/usr/share/zoneinfo/America/Martinique", "/usr/share/zoneinfo/America/Matamoros", "/usr/share/zoneinfo/America/Mazatlan", "/usr/share/zoneinfo/America/Menominee", "/usr/share/zoneinfo/America/Merida", "/usr/share/zoneinfo/America/Metlakatla", "/usr/share/zoneinfo/America/Mexico_City", "/usr/share/zoneinfo/America/Miquelon", "/usr/share/zoneinfo/America/Moncton", "/usr/share/zoneinfo/America/Monterrey", "/usr/share/zoneinfo/America/Montevideo", "/usr/share/zoneinfo/America/Montserrat", "/usr/share/zoneinfo/America/Nassau", "/usr/share/zoneinfo/America/New_York", "/usr/share/zoneinfo/America/Nome", "/usr/share/zoneinfo/America/Noronha", "/usr/share/zoneinfo/America/North_Dakota/Beulah", "/usr/share/zoneinfo/America/North_Dakota/Center", "/usr/share/zoneinfo/America/North_Dakota/New_Salem", "/usr/share/zoneinfo/America/Nuuk", "/usr/share/zoneinfo/America/Ojinaga", "/usr/share/zoneinfo/America/Panama", "/usr/share/zoneinfo/America/Paramaribo", "/usr/share/zoneinfo/America/Phoenix", "/usr/share/zoneinfo/America/Port-au-Prince", "/usr/share/zoneinfo/America/Port_of_Spain", "/usr/share/zoneinfo/America/Porto_Velho", "/usr/share/zoneinfo/America/Puerto_Rico", "/usr/share/zoneinfo/America/Punta_Arenas", "/usr/share/zoneinfo/America/Rankin_Inlet", "/usr/share/zoneinfo/America/Recife", "/usr/share/zoneinfo/America/Regina", "/usr/share/zoneinfo/America/Resolute", "/usr/share/zoneinfo/America/Rio_Branco", "/usr/share/zoneinfo/America/Santarem", "/usr/share/zoneinfo/America/Santiago", "/usr/share/zoneinfo/America/Santo_Domingo", "/usr/share/zoneinfo/America/Sao_Paulo", "/usr/share/zoneinfo/America/Scoresbysund", "/usr/share/zoneinfo/America/Sitka", "/usr/share/zoneinfo/America/St_Johns", "/usr/share/zoneinfo/America/St_Kitts", "/usr/share/zoneinfo/America/St_Lucia", "/usr/share/zoneinfo/America/St_Thomas", "/usr/share/zoneinfo/America/St_Vincent", "/usr/share/zoneinfo/America/Swift_Current", "/usr/share/zoneinfo/America/Tegucigalpa", "/usr/share/zoneinfo/America/Thule", "/usr/share/zoneinfo/America/Tijuana", "/usr/share/zoneinfo/America/Toronto", "/usr/share/zoneinfo/America/Tortola", "/usr/share/zoneinfo/America/Vancouver", "/usr/share/zoneinfo/America/Whitehorse", "/usr/share/zoneinfo/America/Winnipeg", "/usr/share/zoneinfo/America/Yakutat", "/usr/share/zoneinfo/Antarctica/Casey", "/usr/share/zoneinfo/Antarctica/Davis", "/usr/share/zoneinfo/Antarctica/DumontDUrville", "/usr/share/zoneinfo/Antarctica/Macquarie", "/usr/share/zoneinfo/Antarctica/Mawson", "/usr/share/zoneinfo/Antarctica/McMurdo", "/usr/share/zoneinfo/Antarctica/Palmer", "/usr/share/zoneinfo/Antarctica/Rothera", "/usr/share/zoneinfo/Antarctica/Syowa", "/usr/share/zoneinfo/Antarctica/Troll", "/usr/share/zoneinfo/Antarctica/Vostok", "/usr/share/zoneinfo/Asia/Aden", "/usr/share/zoneinfo/Asia/Almaty", "/usr/share/zoneinfo/Asia/Amman", "/usr/share/zoneinfo/Asia/Anadyr", "/usr/share/zoneinfo/Asia/Aqtau", "/usr/share/zoneinfo/Asia/Aqtobe", "/usr/share/zoneinfo/Asia/Ashgabat", "/usr/share/zoneinfo/Asia/Atyrau", "/usr/share/zoneinfo/Asia/Baghdad", "/usr/share/zoneinfo/Asia/Bahrain", "/usr/share/zoneinfo/Asia/Baku", "/usr/share/zoneinfo/Asia/Bangkok", "/usr/share/zoneinfo/Asia/Barnaul", "/usr/share/zoneinfo/Asia/Beirut", "/usr/share/zoneinfo/Asia/Bishkek", "/usr/share/zoneinfo/Asia/Brunei", "/usr/share/zoneinfo/Asia/Chita", "/usr/share/zoneinfo/Asia/Colombo", "/usr/share/zoneinfo/Asia/Damascus", "/usr/share/zoneinfo/Asia/Dhaka", "/usr/share/zoneinfo/Asia/Dili", "/usr/share/zoneinfo/Asia/Dubai", "/usr/share/zoneinfo/Asia/Dushanbe", "/usr/share/zoneinfo/Asia/Famagusta", "/usr/share/zoneinfo/Asia/Gaza", "/usr/share/zoneinfo/Asia/Hebron", "/usr/share/zoneinfo/Asia/Ho_Chi_Minh", "/usr/share/zoneinfo/Asia/Hong_Kong", "/usr/share/zoneinfo/Asia/Hovd", "/usr/share/zoneinfo/Asia/Irkutsk", "/usr/share/zoneinfo/Asia/Jakarta", "/usr/share/zoneinfo/Asia/Jayapura", "/usr/share/zoneinfo/Asia/Jerusalem", "/usr/share/zoneinfo/Asia/Kabul", "/usr/share/zoneinfo/Asia/Kamchatka", "/usr/share/zoneinfo/Asia/Karachi", "/usr/share/zoneinfo/Asia/Kathmandu", "/usr/share/zoneinfo/Asia/Khandyga", "/usr/share/zoneinfo/Asia/Kolkata", "/usr/share/zoneinfo/Asia/Krasnoyarsk", "/usr/share/zoneinfo/Asia/Kuala_Lumpur", "/usr/share/zoneinfo/Asia/Kuching", "/usr/share/zoneinfo/Asia/Kuwait", "/usr/share/zoneinfo/Asia/Macau", "/usr/share/zoneinfo/Asia/Magadan", "/usr/share/zoneinfo/Asia/Makassar", "/usr/share/zoneinfo/Asia/Manila", "/usr/share/zoneinfo/Asia/Muscat", "/usr/share/zoneinfo/Asia/Nicosia", "/usr/share/zoneinfo/Asia/Novokuznetsk", "/usr/share/zoneinfo/Asia/Novosibirsk", "/usr/share/zoneinfo/Asia/Omsk", "/usr/share/zoneinfo/Asia/Oral", "/usr/share/zoneinfo/Asia/Phnom_Penh", "/usr/share/zoneinfo/Asia/Pontianak", "/usr/share/zoneinfo/Asia/Pyongyang", "/usr/share/zoneinfo/Asia/Qatar", "/usr/share/zoneinfo/Asia/Qostanay", "/usr/share/zoneinfo/Asia/Qyzylorda", "/usr/share/zoneinfo/Asia/Riyadh", "/usr/share/zoneinfo/Asia/Sakhalin", "/usr/share/zoneinfo/Asia/Samarkand", "/usr/share/zoneinfo/Asia/Seoul", "/usr/share/zoneinfo/Asia/Shanghai", "/usr/share/zoneinfo/Asia/Singapore", "/usr/share/zoneinfo/Asia/Srednekolymsk", "/usr/share/zoneinfo/Asia/Taipei", "/usr/share/zoneinfo/Asia/Tashkent", "/usr/share/zoneinfo/Asia/Tbilisi", "/usr/share/zoneinfo/Asia/Tehran", "/usr/share/zoneinfo/Asia/Thimphu", "/usr/share/zoneinfo/Asia/Tokyo", "/usr/share/zoneinfo/Asia/Tomsk", "/usr/share/zoneinfo/Asia/Ulaanbaatar", "/usr/share/zoneinfo/Asia/Urumqi", "/usr/share/zoneinfo/Asia/Ust-Nera", "/usr/share/zoneinfo/Asia/Vientiane", "/usr/share/zoneinfo/Asia/Vladivostok", "/usr/share/zoneinfo/Asia/Yakutsk", "/usr/share/zoneinfo/Asia/Yangon", "/usr/share/zoneinfo/Asia/Yekaterinburg", "/usr/share/zoneinfo/Asia/Yerevan", "/usr/share/zoneinfo/Atlantic/Azores", "/usr/share/zoneinfo/Atlantic/Bermuda", "/usr/share/zoneinfo/Atlantic/Canary", "/usr/share/zoneinfo/Atlantic/Cape_Verde", "/usr/share/zoneinfo/Atlantic/Faroe", "/usr/share/zoneinfo/Atlantic/Madeira", "/usr/share/zoneinfo/Atlantic/Reykjavik", "/usr/share/zoneinfo/Atlantic/South_Georgia", "/usr/share/zoneinfo/Atlantic/St_Helena", "/usr/share/zoneinfo/Atlantic/Stanley", "/usr/share/zoneinfo/Australia/Adelaide", "/usr/share/zoneinfo/Australia/Brisbane", "/usr/share/zoneinfo/Australia/Broken_Hill", "/usr/share/zoneinfo/Australia/Darwin", "/usr/share/zoneinfo/Australia/Eucla", "/usr/share/zoneinfo/Australia/Hobart", "/usr/share/zoneinfo/Australia/Lindeman", "/usr/share/zoneinfo/Australia/Lord_Howe", "/usr/share/zoneinfo/Australia/Melbourne", "/usr/share/zoneinfo/Australia/Perth", "/usr/share/zoneinfo/Australia/Sydney", "/usr/share/zoneinfo/Etc/GMT", "/usr/share/zoneinfo/Etc/GMT+1", "/usr/share/zoneinfo/Etc/GMT+10", "/usr/share/zoneinfo/Etc/GMT+11", "/usr/share/zoneinfo/Etc/GMT+12", "/usr/share/zoneinfo/Etc/GMT+2", "/usr/share/zoneinfo/Etc/GMT+3", "/usr/share/zoneinfo/Etc/GMT+4", "/usr/share/zoneinfo/Etc/GMT+5", "/usr/share/zoneinfo/Etc/GMT+6", "/usr/share/zoneinfo/Etc/GMT+7", "/usr/share/zoneinfo/Etc/GMT+8", "/usr/share/zoneinfo/Etc/GMT+9", "/usr/share/zoneinfo/Etc/GMT-1", "/usr/share/zoneinfo/Etc/GMT-10", "/usr/share/zoneinfo/Etc/GMT-11", "/usr/share/zoneinfo/Etc/GMT-12", "/usr/share/zoneinfo/Etc/GMT-13", "/usr/share/zoneinfo/Etc/GMT-14", "/usr/share/zoneinfo/Etc/GMT-2", "/usr/share/zoneinfo/Etc/GMT-3", "/usr/share/zoneinfo/Etc/GMT-4", "/usr/share/zoneinfo/Etc/GMT-5", "/usr/share/zoneinfo/Etc/GMT-6", "/usr/share/zoneinfo/Etc/GMT-7", "/usr/share/zoneinfo/Etc/GMT-8", "/usr/share/zoneinfo/Etc/GMT-9", "/usr/share/zoneinfo/Etc/UTC", "/usr/share/zoneinfo/Europe/Amsterdam", "/usr/share/zoneinfo/Europe/Andorra", "/usr/share/zoneinfo/Europe/Astrakhan", "/usr/share/zoneinfo/Europe/Athens", "/usr/share/zoneinfo/Europe/Belgrade", "/usr/share/zoneinfo/Europe/Berlin", "/usr/share/zoneinfo/Europe/Brussels", "/usr/share/zoneinfo/Europe/Bucharest", "/usr/share/zoneinfo/Europe/Budapest", "/usr/share/zoneinfo/Europe/Chisinau", "/usr/share/zoneinfo/Europe/Copenhagen", "/usr/share/zoneinfo/Europe/Dublin", "/usr/share/zoneinfo/Europe/Gibraltar", "/usr/share/zoneinfo/Europe/Guernsey", "/usr/share/zoneinfo/Europe/Helsinki", "/usr/share/zoneinfo/Europe/Isle_of_Man", "/usr/share/zoneinfo/Europe/Istanbul", "/usr/share/zoneinfo/Europe/Jersey", "/usr/share/zoneinfo/Europe/Kaliningrad", "/usr/share/zoneinfo/Europe/Kirov", "/usr/share/zoneinfo/Europe/Kyiv", "/usr/share/zoneinfo/Europe/Lisbon", "/usr/share/zoneinfo/Europe/Ljubljana", "/usr/share/zoneinfo/Europe/London", "/usr/share/zoneinfo/Europe/Luxembourg", "/usr/share/zoneinfo/Europe/Madrid", "/usr/share/zoneinfo/Europe/Malta", "/usr/share/zoneinfo/Europe/Minsk", "/usr/share/zoneinfo/Europe/Monaco", "/usr/share/zoneinfo/Europe/Moscow", "/usr/share/zoneinfo/Europe/Oslo", "/usr/share/zoneinfo/Europe/Paris", "/usr/share/zoneinfo/Europe/Prague", "/usr/share/zoneinfo/Europe/Riga", "/usr/share/zoneinfo/Europe/Rome", "/usr/share/zoneinfo/Europe/Samara", "/usr/share/zoneinfo/Europe/Sarajevo", "/usr/share/zoneinfo/Europe/Saratov", "/usr/share/zoneinfo/Europe/Simferopol", "/usr/share/zoneinfo/Europe/Skopje", "/usr/share/zoneinfo/Europe/Sofia", "/usr/share/zoneinfo/Europe/Stockholm", "/usr/share/zoneinfo/Europe/Tallinn", "/usr/share/zoneinfo/Europe/Tirane", "/usr/share/zoneinfo/Europe/Ulyanovsk", "/usr/share/zoneinfo/Europe/Vaduz", "/usr/share/zoneinfo/Europe/Vienna", "/usr/share/zoneinfo/Europe/Vilnius", "/usr/share/zoneinfo/Europe/Volgograd", "/usr/share/zoneinfo/Europe/Warsaw", "/usr/share/zoneinfo/Europe/Zagreb", "/usr/share/zoneinfo/Europe/Zurich", "/usr/share/zoneinfo/Factory", "/usr/share/zoneinfo/Indian/Antananarivo", "/usr/share/zoneinfo/Indian/Chagos", "/usr/share/zoneinfo/Indian/Christmas", "/usr/share/zoneinfo/Indian/Cocos", "/usr/share/zoneinfo/Indian/Comoro", "/usr/share/zoneinfo/Indian/Kerguelen", "/usr/share/zoneinfo/Indian/Mahe", "/usr/share/zoneinfo/Indian/Maldives", "/usr/share/zoneinfo/Indian/Mauritius", "/usr/share/zoneinfo/Indian/Mayotte", "/usr/share/zoneinfo/Indian/Reunion", "/usr/share/zoneinfo/Pacific/Apia", "/usr/share/zoneinfo/Pacific/Auckland", "/usr/share/zoneinfo/Pacific/Bougainville", "/usr/share/zoneinfo/Pacific/Chatham", "/usr/share/zoneinfo/Pacific/Chuuk", "/usr/share/zoneinfo/Pacific/Easter", "/usr/share/zoneinfo/Pacific/Efate", "/usr/share/zoneinfo/Pacific/Fakaofo", "/usr/share/zoneinfo/Pacific/Fiji", "/usr/share/zoneinfo/Pacific/Funafuti", "/usr/share/zoneinfo/Pacific/Galapagos", "/usr/share/zoneinfo/Pacific/Gambier", "/usr/share/zoneinfo/Pacific/Guadalcanal", "/usr/share/zoneinfo/Pacific/Guam", "/usr/share/zoneinfo/Pacific/Honolulu", "/usr/share/zoneinfo/Pacific/Kanton", "/usr/share/zoneinfo/Pacific/Kiritimati", "/usr/share/zoneinfo/Pacific/Kosrae", "/usr/share/zoneinfo/Pacific/Kwajalein", "/usr/share/zoneinfo/Pacific/Majuro", "/usr/share/zoneinfo/Pacific/Marquesas", "/usr/share/zoneinfo/Pacific/Midway", "/usr/share/zoneinfo/Pacific/Nauru", "/usr/share/zoneinfo/Pacific/Niue", "/usr/share/zoneinfo/Pacific/Norfolk", "/usr/share/zoneinfo/Pacific/Noumea", "/usr/share/zoneinfo/Pacific/Pago_Pago", "/usr/share/zoneinfo/Pacific/Palau", "/usr/share/zoneinfo/Pacific/Pitcairn", "/usr/share/zoneinfo/Pacific/Pohnpei", "/usr/share/zoneinfo/Pacific/Port_Moresby", "/usr/share/zoneinfo/Pacific/Rarotonga", "/usr/share/zoneinfo/Pacific/Saipan", "/usr/share/zoneinfo/Pacific/Tahiti", "/usr/share/zoneinfo/Pacific/Tarawa", "/usr/share/zoneinfo/Pacific/Tongatapu", "/usr/share/zoneinfo/Pacific/Wake", "/usr/share/zoneinfo/Pacific/Wallis", "/usr/share/zoneinfo/iso3166.tab", "/usr/share/zoneinfo/leap-seconds.list", "/usr/share/zoneinfo/leapseconds", "/usr/share/zoneinfo/tzdata.zi", "/usr/share/zoneinfo/zone.tab", "/usr/share/zoneinfo/zone1970.tab", "/usr/share/zoneinfo/zonenow.tab" ], "AnalyzedBy": "dpkg" }, { "ID": "zlib1g@1:1.3.dfsg+really1.3.1-1+b1", "Name": "zlib1g", "Identifier": { "PURL": "pkg:deb/debian/zlib1g@1.3.dfsg%2Breally1.3.1-1%2Bb1?arch=amd64\u0026distro=debian-13.4\u0026epoch=1", "UID": "6f0e3b7df83b1702" }, "Version": "1.3.dfsg+really1.3.1", "Release": "1+b1", "Epoch": 1, "Arch": "amd64", "SrcName": "zlib", "SrcVersion": "1.3.dfsg+really1.3.1", "SrcRelease": "1", "SrcEpoch": 1, "Licenses": [ "Zlib" ], "Maintainer": "Mark Brown \u003cbroonie@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u2" ], "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libz.so.1.3.1", "/usr/share/doc/zlib1g/changelog.Debian.amd64.gz", "/usr/share/doc/zlib1g/changelog.Debian.gz", "/usr/share/doc/zlib1g/changelog.gz", "/usr/share/doc/zlib1g/copyright" ], "AnalyzedBy": "dpkg" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2026-27456", "PkgID": "bsdutils@1:2.41-5", "PkgName": "bsdutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/bsdutils@2.41-5?arch=amd64\u0026distro=debian-13.4\u0026epoch=1", "UID": "5843733a461e6ce1" }, "InstalledVersion": "1:2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:304ec3739979cb1bb265a6c7284c015bf7721f3350bde699dec65f67133caf32", "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59", "CWE-269", "CWE-367" ], "VendorSeverity": { "azure": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27456", "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "https://www.cve.org/CVERecord?id=CVE-2026-27456" ], "PublishedDate": "2026-04-03T22:16:25.4Z", "LastModifiedDate": "2026-04-22T16:08:55.1Z" }, { "VulnerabilityID": "CVE-2026-3184", "PkgID": "bsdutils@1:2.41-5", "PkgName": "bsdutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/bsdutils@2.41-5?arch=amd64\u0026distro=debian-13.4\u0026epoch=1", "UID": "5843733a461e6ce1" }, "InstalledVersion": "1:2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:c2724bee0f32862198dd0ae97a4e5b05882cd7b6d5ae7f452c5d4ddedbd8da61", "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", "Severity": "MEDIUM", "CweIDs": [ "CWE-289" ], "VendorSeverity": { "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7180", "https://access.redhat.com/security/cve/CVE-2026-3184", "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", "https://www.cve.org/CVERecord?id=CVE-2026-3184" ], "PublishedDate": "2026-04-03T19:17:23.377Z", "LastModifiedDate": "2026-05-01T19:29:51.02Z" }, { "VulnerabilityID": "CVE-2026-27456", "PkgID": "libblkid1@2.41-5", "PkgName": "libblkid1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libblkid1@2.41-5?arch=amd64\u0026distro=debian-13.4", "UID": "c1af86eefb8cc018" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:22476334059611a6dfe8e6570cc668a85f8b7c11a1bff882287b2b7a9c1ae903", "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59", "CWE-269", "CWE-367" ], "VendorSeverity": { "azure": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27456", "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "https://www.cve.org/CVERecord?id=CVE-2026-27456" ], "PublishedDate": "2026-04-03T22:16:25.4Z", "LastModifiedDate": "2026-04-22T16:08:55.1Z" }, { "VulnerabilityID": "CVE-2026-3184", "PkgID": "libblkid1@2.41-5", "PkgName": "libblkid1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libblkid1@2.41-5?arch=amd64\u0026distro=debian-13.4", "UID": "c1af86eefb8cc018" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:60a6861e25a912963d4175f3b794430d1b24075b6cbf8c6f1f47c1250b18c8fc", "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", "Severity": "MEDIUM", "CweIDs": [ "CWE-289" ], "VendorSeverity": { "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7180", "https://access.redhat.com/security/cve/CVE-2026-3184", "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", "https://www.cve.org/CVERecord?id=CVE-2026-3184" ], "PublishedDate": "2026-04-03T19:17:23.377Z", "LastModifiedDate": "2026-05-01T19:29:51.02Z" }, { "VulnerabilityID": "CVE-2026-4046", "PkgID": "libc6@2.41-12+deb13u2", "PkgName": "libc6", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u2?arch=amd64\u0026distro=debian-13.4", "UID": "f8217b10d3b7623a" }, "InstalledVersion": "2.41-12+deb13u2", "FixedVersion": "2.41-12+deb13u3", "Status": "fixed", "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4046", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:74f7efe4a69af456071b45d90327d9506f7c54b5af6c0852820bba3885d030ec", "Title": "glibc: glibc: Denial of Service via iconv() function with specific character sets", "Description": "The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application.\n\n\n\nThis vulnerability can be trivially mitigated by removing the IBM1390 and IBM1399 character sets from systems that do not need them.", "Severity": "MEDIUM", "CweIDs": [ "CWE-617" ], "VendorSeverity": { "amazon": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-4046", "https://inbox.sourceware.org/libc-announce/76814edf-cf7f-47ec-979d-2dce0a2c76bf@gotplt.org/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2026-4046", "https://packages.fedoraproject.org/pkgs/glibc/glibc-gconv-extra/", "https://sourceware.org/bugzilla/show_bug.cgi?id=33980", "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0007", "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0007;hb=HEAD", "https://www.cve.org/CVERecord?id=CVE-2026-4046" ], "PublishedDate": "2026-03-30T18:16:19.573Z", "LastModifiedDate": "2026-04-20T22:16:23.623Z" }, { "VulnerabilityID": "CVE-2026-4437", "PkgID": "libc6@2.41-12+deb13u2", "PkgName": "libc6", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u2?arch=amd64\u0026distro=debian-13.4", "UID": "f8217b10d3b7623a" }, "InstalledVersion": "2.41-12+deb13u2", "FixedVersion": "2.41-12+deb13u3", "Status": "fixed", "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4437", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:4dd461c682aaebb3ac36ddb9e81c0d39ce11ae82e26d189a5f3816608ba8f90d", "Title": "glibc: glibc: Incorrect DNS response parsing via crafted DNS server response", "Description": "Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "azure": 2, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-4437", "https://nvd.nist.gov/vuln/detail/CVE-2026-4437", "https://sourceware.org/bugzilla/show_bug.cgi?id=34014", "https://www.cve.org/CVERecord?id=CVE-2026-4437", "https://www.openwall.com/lists/oss-security/2026/03/23/2" ], "PublishedDate": "2026-03-20T20:16:49.477Z", "LastModifiedDate": "2026-04-07T18:41:36.647Z" }, { "VulnerabilityID": "CVE-2026-5435", "PkgID": "libc6@2.41-12+deb13u2", "PkgName": "libc6", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u2?arch=amd64\u0026distro=debian-13.4", "UID": "f8217b10d3b7623a" }, "InstalledVersion": "2.41-12+deb13u2", "Status": "affected", "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5435", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:259455ccf758785399069d2bd7a0419e370333b80cf27457d8fb0075dbcea2c0", "Title": "glibc: glibc: Out-of-bounds write via TSIG record processing", "Description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-5435", "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2026-5435", "https://sourceware.org/bugzilla/show_bug.cgi?id=34033", "https://www.cve.org/CVERecord?id=CVE-2026-5435" ], "PublishedDate": "2026-04-28T13:19:22.29Z", "LastModifiedDate": "2026-05-05T17:38:37.03Z" }, { "VulnerabilityID": "CVE-2026-5450", "PkgID": "libc6@2.41-12+deb13u2", "PkgName": "libc6", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u2?arch=amd64\u0026distro=debian-13.4", "UID": "f8217b10d3b7623a" }, "InstalledVersion": "2.41-12+deb13u2", "Status": "affected", "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5450", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:d78ba5e3dfd5cdb9c5c105766d20e2ec9272a4984d2f15ad4396e6ac74629a31", "Title": "glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width", "Description": "Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.", "Severity": "MEDIUM", "CweIDs": [ "CWE-122", "CWE-787" ], "VendorSeverity": { "photon": 4, "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H", "V3Score": 5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-5450", "https://inbox.sourceware.org/libc-announce/b11f0003-6ec1-4bd6-b9de-9e38a4efeca3@redhat.com/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2026-5450", "https://nvd.nist.gov/vuln/detail/CVE-2026-5450#range-21286997", "https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450", "https://www.cve.org/CVERecord?id=CVE-2026-5450" ], "PublishedDate": "2026-04-20T21:16:36.85Z", "LastModifiedDate": "2026-04-23T15:33:34.277Z" }, { "VulnerabilityID": "CVE-2026-5928", "PkgID": "libc6@2.41-12+deb13u2", "PkgName": "libc6", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u2?arch=amd64\u0026distro=debian-13.4", "UID": "f8217b10d3b7623a" }, "InstalledVersion": "2.41-12+deb13u2", "Status": "affected", "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5928", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:4f8e5ea58ea0eb543275d6659cfcd0a4e5e8cf62450e77d6c1f5eff39217373e", "Title": "glibc: glibc: Information disclosure or denial of service via ungetwc function with specific wide character encodings", "Description": "Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially resulting in unintentional disclosure of neighboring data in the heap, or a program crash.\n\nA bug in the wide character pushback implementation (_IO_wdefault_pbackfail in libio/wgenops.c) causes ungetwc() to operate on the regular character buffer (fp-\u003e_IO_read_ptr) instead of the actual wide-stream read pointer (fp-\u003e_wide_data-\u003e_IO_read_ptr). The program crash may happen in cases where fp-\u003e_IO_read_ptr is not initialized and hence points to NULL. The buffer under-read requires a special situation where the input character encoding is such that there are overlaps between single byte representations and multibyte representations in that encoding, resulting in spurious matches. The spurious match case is not possible in the standard Unicode character sets.", "Severity": "MEDIUM", "CweIDs": [ "CWE-127" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H", "V3Score": 5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-5928", "https://nvd.nist.gov/vuln/detail/CVE-2026-5928", "https://sourceware.org/bugzilla/show_bug.cgi?id=33998", "https://www.cve.org/CVERecord?id=CVE-2026-5928" ], "PublishedDate": "2026-04-20T21:16:36.963Z", "LastModifiedDate": "2026-04-23T15:33:43.69Z" }, { "VulnerabilityID": "CVE-2026-6238", "PkgID": "libc6@2.41-12+deb13u2", "PkgName": "libc6", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u2?arch=amd64\u0026distro=debian-13.4", "UID": "f8217b10d3b7623a" }, "InstalledVersion": "2.41-12+deb13u2", "Status": "affected", "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6238", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:fcf6c238d4c7b6e629178ac87e918bf29562809ef6d9b6cd01e9444ed98a71e1", "Title": "glibc: glibc: Application crash or uninitialized memory read via crafted DNS response", "Description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory.\n\nThese functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions.", "Severity": "MEDIUM", "CweIDs": [ "CWE-126" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-6238", "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2026-6238", "https://sourceware.org/bugzilla/show_bug.cgi?id=34069", "https://www.cve.org/CVERecord?id=CVE-2026-6238" ], "PublishedDate": "2026-04-28T19:37:47.523Z", "LastModifiedDate": "2026-05-04T17:57:24.007Z" }, { "VulnerabilityID": "CVE-2026-4878", "PkgID": "libcap2@1:2.75-10+b8", "PkgName": "libcap2", "PkgIdentifier": { "PURL": "pkg:deb/debian/libcap2@2.75-10%2Bb8?arch=amd64\u0026distro=debian-13.4\u0026epoch=1", "UID": "7062e9c4f309915f" }, "InstalledVersion": "1:2.75-10+b8", "FixedVersion": "1:2.75-10+deb13u1", "Status": "fixed", "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4878", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:9b50c52f3857ab58a41d7905e817bfc10b0d7f5d2020ca8e6d421fc2cca6890b", "Title": "libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file()", "Description": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.", "Severity": "HIGH", "CweIDs": [ "CWE-367" ], "VendorSeverity": { "alma": 3, "azure": 2, "nvd": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "V3Score": 6.7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/07/14", "http://www.openwall.com/lists/oss-security/2026/04/07/4", "http://www.openwall.com/lists/oss-security/2026/04/08/9", "http://www.openwall.com/lists/oss-security/2026/04/09/5", "http://www.openwall.com/lists/oss-security/2026/04/09/6", "https://access.redhat.com/errata/RHSA-2026:12423", "https://access.redhat.com/errata/RHSA-2026:12441", "https://access.redhat.com/errata/RHSA-2026:13285", "https://access.redhat.com/errata/RHSA-2026:14162", "https://access.redhat.com/errata/RHSA-2026:14937", "https://access.redhat.com/errata/RHSA-2026:19130", "https://access.redhat.com/errata/RHSA-2026:19346", "https://access.redhat.com/errata/RHSA-2026:19456", "https://access.redhat.com/errata/RHSA-2026:19458", "https://access.redhat.com/errata/RHSA-2026:7473", "https://access.redhat.com/security/cve/CVE-2026-4878", "https://bugzilla.redhat.com/2451615", "https://bugzilla.redhat.com/show_bug.cgi?id=2447554", "https://bugzilla.redhat.com/show_bug.cgi?id=2451615", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4878", "https://errata.almalinux.org/9/ALSA-2026-12441.html", "https://errata.rockylinux.org/RLSA-2026:12441", "https://github.com/AndrewGMorgan/libcap_mirror/security/advisories/GHSA-f78v-p5hx-m7hh", "https://linux.oracle.com/cve/CVE-2026-4878.html", "https://linux.oracle.com/errata/ELSA-2026-13285.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-4878", "https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.x4zn8j3lss6r", "https://ubuntu.com/security/notices/USN-8193-1", "https://www.cve.org/CVERecord?id=CVE-2026-4878" ], "PublishedDate": "2026-04-09T16:16:31.987Z", "LastModifiedDate": "2026-05-20T05:16:21.907Z" }, { "VulnerabilityID": "CVE-2025-59375", "PkgID": "libexpat1@2.7.1-2", "PkgName": "libexpat1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libexpat1@2.7.1-2?arch=amd64\u0026distro=debian-13.4", "UID": "98d5e2cecc41711d" }, "InstalledVersion": "2.7.1-2", "Status": "affected", "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-59375", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:1c2233429030fd0bb6036635e431c473f1637b4f931b373d14fa8053400a8ac1", "Title": "firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing", "Description": "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "cbl-mariner": 2, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/09/16/2", "http://www.openwall.com/lists/oss-security/2026/05/01/5", "https://access.redhat.com/errata/RHSA-2025:22175", "https://access.redhat.com/security/cve/CVE-2025-59375", "https://bugzilla.redhat.com/2395108", "https://bugzilla.redhat.com/show_bug.cgi?id=2395108", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-59375", "https://errata.almalinux.org/9/ALSA-2025-22175.html", "https://errata.rockylinux.org/RLSA-2025:22175", "https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74", "https://github.com/libexpat/libexpat/blob/R_2_7_2/expat/Changes", "https://github.com/libexpat/libexpat/issues/1018", "https://github.com/libexpat/libexpat/pull/1034", "https://issues.oss-fuzz.com/issues/439133977", "https://linux.oracle.com/cve/CVE-2025-59375.html", "https://linux.oracle.com/errata/ELSA-2026-3407.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-59375", "https://ubuntu.com/security/notices/USN-8022-1", "https://www.cve.org/CVERecord?id=CVE-2025-59375", "https://www.mozilla.org/security/advisories/mfsa2026-22/#CVE-2025-59375", "https://www.mozilla.org/security/advisories/mfsa2026-24/#CVE-2025-59375" ], "PublishedDate": "2025-09-15T03:15:40.92Z", "LastModifiedDate": "2026-05-12T13:17:22.64Z" }, { "VulnerabilityID": "CVE-2026-25210", "PkgID": "libexpat1@2.7.1-2", "PkgName": "libexpat1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libexpat1@2.7.1-2?arch=amd64\u0026distro=debian-13.4", "UID": "98d5e2cecc41711d" }, "InstalledVersion": "2.7.1-2", "Status": "affected", "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25210", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:00d448a8fc1be16cd4acdb9d865318da8759e97a5bd99d42ce2e39004450ff3e", "Title": "libexpat: libexpat: Information disclosure and data integrity issues due to integer overflow in buffer reallocation", "Description": "In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation.", "Severity": "HIGH", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L", "V3Score": 6.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-25210", "https://github.com/libexpat/libexpat/pull/1075", "https://github.com/libexpat/libexpat/pull/1075/commits/9c2d990389e6abe2e44527eeaa8b39f16fe859c7", "https://nvd.nist.gov/vuln/detail/CVE-2026-25210", "https://ubuntu.com/security/notices/USN-8022-1", "https://ubuntu.com/security/notices/USN-8022-2", "https://ubuntu.com/security/notices/USN-8023-1", "https://www.cve.org/CVERecord?id=CVE-2026-25210" ], "PublishedDate": "2026-01-30T07:16:15.57Z", "LastModifiedDate": "2026-03-10T18:17:12.78Z" }, { "VulnerabilityID": "CVE-2026-45186", "PkgID": "libexpat1@2.7.1-2", "PkgName": "libexpat1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libexpat1@2.7.1-2?arch=amd64\u0026distro=debian-13.4", "UID": "98d5e2cecc41711d" }, "InstalledVersion": "2.7.1-2", "Status": "affected", "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-45186", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:3fc90519adb68da0990e7c5a76573c236c00c39bbf8d78f973b5de3a87478e3e", "Title": "libexpat: denial of service via crafted XML input", "Description": "In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input.", "Severity": "HIGH", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "nvd": 3, "photon": 3, "redhat": 3 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/05/11/16", "https://access.redhat.com/security/cve/CVE-2026-45186", "https://github.com/libexpat/libexpat/pull/1216", "https://nvd.nist.gov/vuln/detail/CVE-2026-45186", "https://www.cve.org/CVERecord?id=CVE-2026-45186" ], "PublishedDate": "2026-05-10T07:16:07.883Z", "LastModifiedDate": "2026-05-14T17:20:32.57Z" }, { "VulnerabilityID": "CVE-2025-66382", "PkgID": "libexpat1@2.7.1-2", "PkgName": "libexpat1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libexpat1@2.7.1-2?arch=amd64\u0026distro=debian-13.4", "UID": "98d5e2cecc41711d" }, "InstalledVersion": "2.7.1-2", "Status": "fix_deferred", "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-66382", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:4cd7fbb0a13db23e2c9449887eb1fb15f13f7ec1f99855d54dc5519c6e8fdae5", "Title": "libexpat: libexpat: Denial of service via crafted file processing", "Description": "In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.", "Severity": "MEDIUM", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 2.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/12/02/1", "https://access.redhat.com/security/cve/CVE-2025-66382", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://github.com/libexpat/libexpat/issues/1076", "https://nvd.nist.gov/vuln/detail/CVE-2025-66382", "https://www.cve.org/CVERecord?id=CVE-2025-66382" ], "PublishedDate": "2025-11-28T07:15:57.9Z", "LastModifiedDate": "2026-05-12T13:17:23.933Z" }, { "VulnerabilityID": "CVE-2026-32776", "PkgID": "libexpat1@2.7.1-2", "PkgName": "libexpat1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libexpat1@2.7.1-2?arch=amd64\u0026distro=debian-13.4", "UID": "98d5e2cecc41711d" }, "InstalledVersion": "2.7.1-2", "Status": "affected", "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32776", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:31e2bba6a37fed5c88a61641a73e78b3dcc479c48381c11b44c9b259436b778e", "Title": "libexpat: libexpat: Denial of Service due to NULL pointer dereference", "Description": "libexpat before 2.7.5 allows a NULL pointer dereference with empty external parameter entity content.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 2, "azure": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32776", "https://github.com/libexpat/libexpat/pull/1158", "https://github.com/libexpat/libexpat/pull/1159", "https://nvd.nist.gov/vuln/detail/CVE-2026-32776", "https://www.cve.org/CVERecord?id=CVE-2026-32776" ], "PublishedDate": "2026-03-16T14:19:44.6Z", "LastModifiedDate": "2026-03-17T15:52:09.023Z" }, { "VulnerabilityID": "CVE-2026-32777", "PkgID": "libexpat1@2.7.1-2", "PkgName": "libexpat1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libexpat1@2.7.1-2?arch=amd64\u0026distro=debian-13.4", "UID": "98d5e2cecc41711d" }, "InstalledVersion": "2.7.1-2", "Status": "affected", "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32777", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:aa6119201c4048ff7fa79f5f89c80c5dda49fbd93fbf97df47df3b04af3eb1ec", "Title": "libexpat: libexpat: Denial of Service via infinite loop in DTD content parsing", "Description": "libexpat before 2.7.5 allows an infinite loop while parsing DTD content.", "Severity": "MEDIUM", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "amazon": 2, "azure": 1, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32777", "https://github.com/libexpat/libexpat/issues/1161", "https://github.com/libexpat/libexpat/pull/1159", "https://github.com/libexpat/libexpat/pull/1162", "https://issues.oss-fuzz.com/issues/486993411", "https://nvd.nist.gov/vuln/detail/CVE-2026-32777", "https://www.cve.org/CVERecord?id=CVE-2026-32777" ], "PublishedDate": "2026-03-16T14:19:44.78Z", "LastModifiedDate": "2026-03-17T15:52:34.357Z" }, { "VulnerabilityID": "CVE-2026-32778", "PkgID": "libexpat1@2.7.1-2", "PkgName": "libexpat1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libexpat1@2.7.1-2?arch=amd64\u0026distro=debian-13.4", "UID": "98d5e2cecc41711d" }, "InstalledVersion": "2.7.1-2", "Status": "affected", "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32778", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:b22fe00870ec4d9d2932040a334fed7ef46190fa9f83bcddf7f10566e9227880", "Title": "libexpat: libexpat: Denial of Service via NULL pointer dereference after out-of-memory condition", "Description": "libexpat before 2.7.5 allows a NULL pointer dereference in the function setContext on retry after an earlier ouf-of-memory condition.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 2, "azure": 1, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32778", "https://github.com/libexpat/libexpat/pull/1159", "https://github.com/libexpat/libexpat/pull/1163", "https://nvd.nist.gov/vuln/detail/CVE-2026-32778", "https://www.cve.org/CVERecord?id=CVE-2026-32778" ], "PublishedDate": "2026-03-16T14:19:44.97Z", "LastModifiedDate": "2026-03-17T15:52:53.16Z" }, { "VulnerabilityID": "CVE-2026-40356", "PkgID": "libgssapi-krb5-2@1.21.3-5", "PkgName": "libgssapi-krb5-2", "PkgIdentifier": { "PURL": "pkg:deb/debian/libgssapi-krb5-2@1.21.3-5?arch=amd64\u0026distro=debian-13.4", "UID": "933c7fd5d2ea42cb" }, "InstalledVersion": "1.21.3-5", "Status": "affected", "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40356", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:d4575856b5373d173bf27a5d5a0f675c1a1dc432afa8a26903cbff41d2cdf99a", "Title": "krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read", "Description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.", "Severity": "HIGH", "CweIDs": [ "CWE-191" ], "VendorSeverity": { "alma": 3, "amazon": 2, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:16799", "https://access.redhat.com/security/cve/CVE-2026-40356", "https://bugzilla.redhat.com/2463368", "https://bugzilla.redhat.com/2463370", "https://bugzilla.redhat.com/show_bug.cgi?id=2463368", "https://bugzilla.redhat.com/show_bug.cgi?id=2463370", "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40355", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40356", "https://errata.almalinux.org/8/ALSA-2026-16799.html", "https://errata.rockylinux.org/RLSA-2026:16799", "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f", "https://linux.oracle.com/cve/CVE-2026-40356.html", "https://linux.oracle.com/errata/ELSA-2026-16799.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-40356", "https://web.mit.edu/kerberos/advisories/", "https://www.cve.org/CVERecord?id=CVE-2026-40356" ], "PublishedDate": "2026-04-28T07:16:03.197Z", "LastModifiedDate": "2026-04-28T20:11:56.713Z" }, { "VulnerabilityID": "CVE-2026-40355", "PkgID": "libgssapi-krb5-2@1.21.3-5", "PkgName": "libgssapi-krb5-2", "PkgIdentifier": { "PURL": "pkg:deb/debian/libgssapi-krb5-2@1.21.3-5?arch=amd64\u0026distro=debian-13.4", "UID": "933c7fd5d2ea42cb" }, "InstalledVersion": "1.21.3-5", "Status": "affected", "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40355", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:b4dc2364a8c77a8d5793eac3da251e169095a355526166cd529f55170a25f692", "Title": "krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism", "Description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 3, "amazon": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:16799", "https://access.redhat.com/security/cve/CVE-2026-40355", "https://bugzilla.redhat.com/2463368", "https://bugzilla.redhat.com/2463370", "https://bugzilla.redhat.com/show_bug.cgi?id=2463368", "https://bugzilla.redhat.com/show_bug.cgi?id=2463370", "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40355", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40356", "https://errata.almalinux.org/8/ALSA-2026-16799.html", "https://errata.rockylinux.org/RLSA-2026:16799", "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f", "https://linux.oracle.com/cve/CVE-2026-40355.html", "https://linux.oracle.com/errata/ELSA-2026-16799.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-40355", "https://web.mit.edu/kerberos/advisories/", "https://www.cve.org/CVERecord?id=CVE-2026-40355" ], "PublishedDate": "2026-04-28T06:16:03.663Z", "LastModifiedDate": "2026-04-28T20:11:56.713Z" }, { "VulnerabilityID": "CVE-2026-40356", "PkgID": "libk5crypto3@1.21.3-5", "PkgName": "libk5crypto3", "PkgIdentifier": { "PURL": "pkg:deb/debian/libk5crypto3@1.21.3-5?arch=amd64\u0026distro=debian-13.4", "UID": "befbda97f4b45427" }, "InstalledVersion": "1.21.3-5", "Status": "affected", "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40356", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:19f4ab38b13a6475a0a3454d011d9a4aa2e8eb9b7690a37ac6a5c8cfe817bbbb", "Title": "krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read", "Description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.", "Severity": "HIGH", "CweIDs": [ "CWE-191" ], "VendorSeverity": { "alma": 3, "amazon": 2, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:16799", "https://access.redhat.com/security/cve/CVE-2026-40356", "https://bugzilla.redhat.com/2463368", "https://bugzilla.redhat.com/2463370", "https://bugzilla.redhat.com/show_bug.cgi?id=2463368", "https://bugzilla.redhat.com/show_bug.cgi?id=2463370", "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40355", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40356", "https://errata.almalinux.org/8/ALSA-2026-16799.html", "https://errata.rockylinux.org/RLSA-2026:16799", "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f", "https://linux.oracle.com/cve/CVE-2026-40356.html", "https://linux.oracle.com/errata/ELSA-2026-16799.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-40356", "https://web.mit.edu/kerberos/advisories/", "https://www.cve.org/CVERecord?id=CVE-2026-40356" ], "PublishedDate": "2026-04-28T07:16:03.197Z", "LastModifiedDate": "2026-04-28T20:11:56.713Z" }, { "VulnerabilityID": "CVE-2026-40355", "PkgID": "libk5crypto3@1.21.3-5", "PkgName": "libk5crypto3", "PkgIdentifier": { "PURL": "pkg:deb/debian/libk5crypto3@1.21.3-5?arch=amd64\u0026distro=debian-13.4", "UID": "befbda97f4b45427" }, "InstalledVersion": "1.21.3-5", "Status": "affected", "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40355", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:67cf7bccc77947ad20799959431768cfeeb7199a098f2e17839b04a6b63054ee", "Title": "krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism", "Description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 3, "amazon": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:16799", "https://access.redhat.com/security/cve/CVE-2026-40355", "https://bugzilla.redhat.com/2463368", "https://bugzilla.redhat.com/2463370", "https://bugzilla.redhat.com/show_bug.cgi?id=2463368", "https://bugzilla.redhat.com/show_bug.cgi?id=2463370", "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40355", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40356", "https://errata.almalinux.org/8/ALSA-2026-16799.html", "https://errata.rockylinux.org/RLSA-2026:16799", "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f", "https://linux.oracle.com/cve/CVE-2026-40355.html", "https://linux.oracle.com/errata/ELSA-2026-16799.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-40355", "https://web.mit.edu/kerberos/advisories/", "https://www.cve.org/CVERecord?id=CVE-2026-40355" ], "PublishedDate": "2026-04-28T06:16:03.663Z", "LastModifiedDate": "2026-04-28T20:11:56.713Z" }, { "VulnerabilityID": "CVE-2026-40356", "PkgID": "libkrb5-3@1.21.3-5", "PkgName": "libkrb5-3", "PkgIdentifier": { "PURL": "pkg:deb/debian/libkrb5-3@1.21.3-5?arch=amd64\u0026distro=debian-13.4", "UID": "240163a62e427931" }, "InstalledVersion": "1.21.3-5", "Status": "affected", "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40356", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:00e8f1b4d38034004c4b164ca0002675b37ab5a2a0442fda8f5ee3eccf22c9e8", "Title": "krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read", "Description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.", "Severity": "HIGH", "CweIDs": [ "CWE-191" ], "VendorSeverity": { "alma": 3, "amazon": 2, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:16799", "https://access.redhat.com/security/cve/CVE-2026-40356", "https://bugzilla.redhat.com/2463368", "https://bugzilla.redhat.com/2463370", "https://bugzilla.redhat.com/show_bug.cgi?id=2463368", "https://bugzilla.redhat.com/show_bug.cgi?id=2463370", "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40355", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40356", "https://errata.almalinux.org/8/ALSA-2026-16799.html", "https://errata.rockylinux.org/RLSA-2026:16799", "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f", "https://linux.oracle.com/cve/CVE-2026-40356.html", "https://linux.oracle.com/errata/ELSA-2026-16799.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-40356", "https://web.mit.edu/kerberos/advisories/", "https://www.cve.org/CVERecord?id=CVE-2026-40356" ], "PublishedDate": "2026-04-28T07:16:03.197Z", "LastModifiedDate": "2026-04-28T20:11:56.713Z" }, { "VulnerabilityID": "CVE-2026-40355", "PkgID": "libkrb5-3@1.21.3-5", "PkgName": "libkrb5-3", "PkgIdentifier": { "PURL": "pkg:deb/debian/libkrb5-3@1.21.3-5?arch=amd64\u0026distro=debian-13.4", "UID": "240163a62e427931" }, "InstalledVersion": "1.21.3-5", "Status": "affected", "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40355", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:7d158d0dd8dfc91e10508182cab22f1e484887b5cfcc8bdc6f0a5ee03f3cc17f", "Title": "krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism", "Description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 3, "amazon": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:16799", "https://access.redhat.com/security/cve/CVE-2026-40355", "https://bugzilla.redhat.com/2463368", "https://bugzilla.redhat.com/2463370", "https://bugzilla.redhat.com/show_bug.cgi?id=2463368", "https://bugzilla.redhat.com/show_bug.cgi?id=2463370", "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40355", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40356", "https://errata.almalinux.org/8/ALSA-2026-16799.html", "https://errata.rockylinux.org/RLSA-2026:16799", "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f", "https://linux.oracle.com/cve/CVE-2026-40355.html", "https://linux.oracle.com/errata/ELSA-2026-16799.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-40355", "https://web.mit.edu/kerberos/advisories/", "https://www.cve.org/CVERecord?id=CVE-2026-40355" ], "PublishedDate": "2026-04-28T06:16:03.663Z", "LastModifiedDate": "2026-04-28T20:11:56.713Z" }, { "VulnerabilityID": "CVE-2026-40356", "PkgID": "libkrb5support0@1.21.3-5", "PkgName": "libkrb5support0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libkrb5support0@1.21.3-5?arch=amd64\u0026distro=debian-13.4", "UID": "717b5dd3fe7611cb" }, "InstalledVersion": "1.21.3-5", "Status": "affected", "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40356", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:399b23f40ba22141232ccf2b8e7ffc3053497e60d8cb8c9a95f15f85b1768658", "Title": "krb5: MIT Kerberos 5 (krb5): Denial of Service via integer underflow and out-of-bounds read", "Description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message.", "Severity": "HIGH", "CweIDs": [ "CWE-191" ], "VendorSeverity": { "alma": 3, "amazon": 2, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:16799", "https://access.redhat.com/security/cve/CVE-2026-40356", "https://bugzilla.redhat.com/2463368", "https://bugzilla.redhat.com/2463370", "https://bugzilla.redhat.com/show_bug.cgi?id=2463368", "https://bugzilla.redhat.com/show_bug.cgi?id=2463370", "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40355", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40356", "https://errata.almalinux.org/8/ALSA-2026-16799.html", "https://errata.rockylinux.org/RLSA-2026:16799", "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f", "https://linux.oracle.com/cve/CVE-2026-40356.html", "https://linux.oracle.com/errata/ELSA-2026-16799.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-40356", "https://web.mit.edu/kerberos/advisories/", "https://www.cve.org/CVERecord?id=CVE-2026-40356" ], "PublishedDate": "2026-04-28T07:16:03.197Z", "LastModifiedDate": "2026-04-28T20:11:56.713Z" }, { "VulnerabilityID": "CVE-2026-40355", "PkgID": "libkrb5support0@1.21.3-5", "PkgName": "libkrb5support0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libkrb5support0@1.21.3-5?arch=amd64\u0026distro=debian-13.4", "UID": "717b5dd3fe7611cb" }, "InstalledVersion": "1.21.3-5", "Status": "affected", "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40355", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:3dfebfbac4238816155f423a9d5943334a89248a19fad326a2531a6a147c466c", "Title": "krb5: MIT Kerberos 5: Denial of Service via NULL pointer dereference in NegoEx mechanism", "Description": "In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 3, "amazon": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:16799", "https://access.redhat.com/security/cve/CVE-2026-40355", "https://bugzilla.redhat.com/2463368", "https://bugzilla.redhat.com/2463370", "https://bugzilla.redhat.com/show_bug.cgi?id=2463368", "https://bugzilla.redhat.com/show_bug.cgi?id=2463370", "https://cems.fun/2026/04/27/krb5-two-unauthenticated-network-vulnerabilities.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40355", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-40356", "https://errata.almalinux.org/8/ALSA-2026-16799.html", "https://errata.rockylinux.org/RLSA-2026:16799", "https://github.com/krb5/krb5/commit/2e75f0d9362fb979f5fc92829431a590a130929f", "https://linux.oracle.com/cve/CVE-2026-40355.html", "https://linux.oracle.com/errata/ELSA-2026-16799.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-40355", "https://web.mit.edu/kerberos/advisories/", "https://www.cve.org/CVERecord?id=CVE-2026-40355" ], "PublishedDate": "2026-04-28T06:16:03.663Z", "LastModifiedDate": "2026-04-28T20:11:56.713Z" }, { "VulnerabilityID": "CVE-2026-27456", "PkgID": "liblastlog2-2@2.41-5", "PkgName": "liblastlog2-2", "PkgIdentifier": { "PURL": "pkg:deb/debian/liblastlog2-2@2.41-5?arch=amd64\u0026distro=debian-13.4", "UID": "79a1595d548be91" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:974989339d029629cf9109c40e12c3031c359bf38b7f716e627abb6d7284ba08", "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59", "CWE-269", "CWE-367" ], "VendorSeverity": { "azure": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27456", "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "https://www.cve.org/CVERecord?id=CVE-2026-27456" ], "PublishedDate": "2026-04-03T22:16:25.4Z", "LastModifiedDate": "2026-04-22T16:08:55.1Z" }, { "VulnerabilityID": "CVE-2026-3184", "PkgID": "liblastlog2-2@2.41-5", "PkgName": "liblastlog2-2", "PkgIdentifier": { "PURL": "pkg:deb/debian/liblastlog2-2@2.41-5?arch=amd64\u0026distro=debian-13.4", "UID": "79a1595d548be91" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:5e81ad1d8268378319662499b61c8e51f82530e053429f6aab34657bd3fa691d", "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", "Severity": "MEDIUM", "CweIDs": [ "CWE-289" ], "VendorSeverity": { "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7180", "https://access.redhat.com/security/cve/CVE-2026-3184", "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", "https://www.cve.org/CVERecord?id=CVE-2026-3184" ], "PublishedDate": "2026-04-03T19:17:23.377Z", "LastModifiedDate": "2026-05-01T19:29:51.02Z" }, { "VulnerabilityID": "CVE-2026-34743", "PkgID": "liblzma5@5.8.1-1", "PkgName": "liblzma5", "PkgIdentifier": { "PURL": "pkg:deb/debian/liblzma5@5.8.1-1?arch=amd64\u0026distro=debian-13.4", "UID": "a1f09431b82b8b89" }, "InstalledVersion": "5.8.1-1", "Status": "affected", "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34743", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:de4deec9d9deb8322346f9fbdf0fccc4a376b8a64e9bcdc4e3e181d99f849474", "Title": "xz: XZ Utils: Denial of Service via buffer overflow in index decoding", "Description": "XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.", "Severity": "MEDIUM", "CweIDs": [ "CWE-122" ], "VendorSeverity": { "azure": 1, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/31/13", "https://access.redhat.com/security/cve/CVE-2026-34743", "https://github.com/tukaani-project/xz/commit/c8c22869e780ff57c96b46939c3d79ff99395f87", "https://github.com/tukaani-project/xz/releases/tag/v5.8.3", "https://github.com/tukaani-project/xz/security/advisories/GHSA-x872-m794-cxhv", "https://nvd.nist.gov/vuln/detail/CVE-2026-34743", "https://www.cve.org/CVERecord?id=CVE-2026-34743" ], "PublishedDate": "2026-04-02T19:21:33.187Z", "LastModifiedDate": "2026-04-15T17:33:17.68Z" }, { "VulnerabilityID": "CVE-2026-27456", "PkgID": "libmount1@2.41-5", "PkgName": "libmount1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libmount1@2.41-5?arch=amd64\u0026distro=debian-13.4", "UID": "5581a0d7033537c" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:097c8f3e3e88625c1f5ed23ab3b27395b67c0a7f8fdbceb6eafa142f119897b7", "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59", "CWE-269", "CWE-367" ], "VendorSeverity": { "azure": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27456", "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "https://www.cve.org/CVERecord?id=CVE-2026-27456" ], "PublishedDate": "2026-04-03T22:16:25.4Z", "LastModifiedDate": "2026-04-22T16:08:55.1Z" }, { "VulnerabilityID": "CVE-2026-3184", "PkgID": "libmount1@2.41-5", "PkgName": "libmount1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libmount1@2.41-5?arch=amd64\u0026distro=debian-13.4", "UID": "5581a0d7033537c" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:7205c66617bff8d094fe9fb0110527a76c2368fc7e8a583f906899263f7fc670", "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", "Severity": "MEDIUM", "CweIDs": [ "CWE-289" ], "VendorSeverity": { "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7180", "https://access.redhat.com/security/cve/CVE-2026-3184", "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", "https://www.cve.org/CVERecord?id=CVE-2026-3184" ], "PublishedDate": "2026-04-03T19:17:23.377Z", "LastModifiedDate": "2026-05-01T19:29:51.02Z" }, { "VulnerabilityID": "CVE-2025-69720", "PkgID": "libncursesw6@6.5+20250216-2", "PkgName": "libncursesw6", "PkgIdentifier": { "PURL": "pkg:deb/debian/libncursesw6@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.4", "UID": "217bb0c4e6d77677" }, "InstalledVersion": "6.5+20250216-2", "Status": "affected", "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69720", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:17dfc43184701491d7bf270eae6f94f907a599b7dab6988d0a78778759879312", "Title": "ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.", "Description": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "Severity": "HIGH", "CweIDs": [ "CWE-121", "CWE-120" ], "VendorSeverity": { "alma": 2, "azure": 4, "cbl-mariner": 4, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:5913", "https://access.redhat.com/security/cve/CVE-2025-69720", "https://bugzilla.redhat.com/2449037", "https://bugzilla.redhat.com/show_bug.cgi?id=2449037", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69720", "https://errata.almalinux.org/10/ALSA-2026-5913.html", "https://errata.rockylinux.org/RLSA-2026:5913", "https://github.com/Cao-Wuhui/CVE-2025-69720", "https://invisible-island.net/archives/ncurses/6.5/", "https://invisible-island.net/ncurses/", "https://linux.oracle.com/cve/CVE-2025-69720.html", "https://linux.oracle.com/errata/ELSA-2026-5913.html", "https://marc.info/?l=ncurses-bug\u0026m=176539968328570\u0026w=2", "https://marc.info/?l=ncurses-bug\u0026m=176540731801330\u0026w=2", "https://marc.info/?l=ncurses-bug\u0026m=176545557728083\u0026w=2", "https://nvd.nist.gov/vuln/detail/CVE-2025-69720", "https://www.cve.org/CVERecord?id=CVE-2025-69720" ], "PublishedDate": "2026-03-19T15:16:21.293Z", "LastModifiedDate": "2026-03-26T19:35:10.547Z" }, { "VulnerabilityID": "CVE-2026-6473", "VendorIDs": [ "DSA-6270-1" ], "PkgID": "libpq5@17.9-0+deb13u1", "PkgName": "libpq5", "PkgIdentifier": { "PURL": "pkg:deb/debian/libpq5@17.9-0%2Bdeb13u1?arch=amd64\u0026distro=debian-13.4", "UID": "d45387f5f2192a66" }, "InstalledVersion": "17.9-0+deb13u1", "FixedVersion": "17.10-0+deb13u1", "Status": "fixed", "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6473", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:c976978fa06d63aabee27f31a55afe14db3f767d2258022d2efde0c7cb2ab314", "Title": "Integer wraparound in multiple PostgreSQL server features allows an un ...", "Description": "Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code as the operating system user running the database. In applications that pass gigabyte-scale user inputs to the relevant database functions, the application input provider may achieve a segmentation fault. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "Severity": "HIGH", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "azure": 3, "bitnami": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.8 } }, "References": [ "https://nvd.nist.gov/vuln/detail/CVE-2026-6473", "https://www.postgresql.org/support/security/CVE-2026-6473/" ], "PublishedDate": "2026-05-14T14:16:24.883Z", "LastModifiedDate": "2026-05-18T14:59:59.747Z" }, { "VulnerabilityID": "CVE-2026-6475", "VendorIDs": [ "DSA-6270-1" ], "PkgID": "libpq5@17.9-0+deb13u1", "PkgName": "libpq5", "PkgIdentifier": { "PURL": "pkg:deb/debian/libpq5@17.9-0%2Bdeb13u1?arch=amd64\u0026distro=debian-13.4", "UID": "d45387f5f2192a66" }, "InstalledVersion": "17.9-0+deb13u1", "FixedVersion": "17.10-0+deb13u1", "Status": "fixed", "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6475", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:0f51a424f0a28f92f8e2f9e9413002c9ca18db3a169f89e81ac57db2d0168f67", "Title": "Symlink following in PostgreSQL pg_basebackup plain format and in pg_r ...", "Description": "Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account. It will remain the case that starting the server after these commands implicitly trusts the origin superuser, due to features like shared_preload_libraries. Hence, the attack has practical implications only if one takes relevant action between these commands and server start, like moving the files to a different VM or snapshotting the VM. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "Severity": "HIGH", "CweIDs": [ "CWE-61" ], "VendorSeverity": { "azure": 3, "bitnami": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 8.8 } }, "References": [ "https://nvd.nist.gov/vuln/detail/CVE-2026-6475", "https://www.postgresql.org/support/security/CVE-2026-6475/" ], "PublishedDate": "2026-05-14T14:16:25.113Z", "LastModifiedDate": "2026-05-18T15:02:12.483Z" }, { "VulnerabilityID": "CVE-2026-6476", "VendorIDs": [ "DSA-6270-1" ], "PkgID": "libpq5@17.9-0+deb13u1", "PkgName": "libpq5", "PkgIdentifier": { "PURL": "pkg:deb/debian/libpq5@17.9-0%2Bdeb13u1?arch=amd64\u0026distro=debian-13.4", "UID": "d45387f5f2192a66" }, "InstalledVersion": "17.9-0+deb13u1", "FixedVersion": "17.10-0+deb13u1", "Status": "fixed", "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6476", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:2ae0d350a4525fbaab99c2faf7ba97b1e615656008e2975fad62928a73d81a69", "Title": "SQL injection in PostgreSQL pg_createsubscriber allows an attacker wit ...", "Description": "SQL injection in PostgreSQL pg_createsubscriber allows an attacker with pg_create_subscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pg_createsubscriber next runs. Within major versions 17 and 18, minor versions before PostgreSQL 18.4 and 17.10 are affected. Versions before PostgreSQL 17 are unaffected.", "Severity": "HIGH", "CweIDs": [ "CWE-89" ], "VendorSeverity": { "bitnami": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.2 } }, "References": [ "https://nvd.nist.gov/vuln/detail/CVE-2026-6476", "https://www.postgresql.org/support/security/CVE-2026-6476/" ], "PublishedDate": "2026-05-14T14:16:25.23Z", "LastModifiedDate": "2026-05-18T15:02:55.537Z" }, { "VulnerabilityID": "CVE-2026-6477", "VendorIDs": [ "DSA-6270-1" ], "PkgID": "libpq5@17.9-0+deb13u1", "PkgName": "libpq5", "PkgIdentifier": { "PURL": "pkg:deb/debian/libpq5@17.9-0%2Bdeb13u1?arch=amd64\u0026distro=debian-13.4", "UID": "d45387f5f2192a66" }, "InstalledVersion": "17.9-0+deb13u1", "FixedVersion": "17.10-0+deb13u1", "Status": "fixed", "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6477", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:10eef2a7cc2b682fc9c81aec93d48bfbac309ae987f07c291f720b9cb4f1e7ce", "Title": "Use of inherently dangerous function PQfn(..., result_is_int=0, ...) i ...", "Description": "Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets(), PQfn(..., result_is_int=0, ...) stores arbitrary-length, server-determined data into a buffer of unspecified size. Because both the \\lo_export command in psql and pg_dump call lo_read(), the server superuser can overwrite pg_dump or psql stack memory. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "Severity": "HIGH", "CweIDs": [ "CWE-242" ], "VendorSeverity": { "azure": 3, "bitnami": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 8.8 } }, "References": [ "https://nvd.nist.gov/vuln/detail/CVE-2026-6477", "https://www.postgresql.org/support/security/CVE-2026-6477/" ], "PublishedDate": "2026-05-14T14:16:25.347Z", "LastModifiedDate": "2026-05-18T15:03:26.733Z" }, { "VulnerabilityID": "CVE-2026-6479", "VendorIDs": [ "DSA-6270-1" ], "PkgID": "libpq5@17.9-0+deb13u1", "PkgName": "libpq5", "PkgIdentifier": { "PURL": "pkg:deb/debian/libpq5@17.9-0%2Bdeb13u1?arch=amd64\u0026distro=debian-13.4", "UID": "d45387f5f2192a66" }, "InstalledVersion": "17.9-0+deb13u1", "FixedVersion": "17.10-0+deb13u1", "Status": "fixed", "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6479", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:4e3f30734de073ff4c3523d74b1302049225c2f726e87cbe2bcb5686a8e843de", "Title": "Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an ...", "Description": "Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AF_UNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "Severity": "HIGH", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "azure": 3, "bitnami": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://nvd.nist.gov/vuln/detail/CVE-2026-6479", "https://www.postgresql.org/support/security/CVE-2026-6479/" ], "PublishedDate": "2026-05-14T14:16:25.583Z", "LastModifiedDate": "2026-05-18T15:04:25.403Z" }, { "VulnerabilityID": "CVE-2026-6637", "VendorIDs": [ "DSA-6270-1" ], "PkgID": "libpq5@17.9-0+deb13u1", "PkgName": "libpq5", "PkgIdentifier": { "PURL": "pkg:deb/debian/libpq5@17.9-0%2Bdeb13u1?arch=amd64\u0026distro=debian-13.4", "UID": "d45387f5f2192a66" }, "InstalledVersion": "17.9-0+deb13u1", "FixedVersion": "17.10-0+deb13u1", "Status": "fixed", "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6637", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:534c1a3afc52ba68758aaa054616c3f82a29fd6bc9af709072179770e4df1ce9", "Title": "Stack buffer overflow in PostgreSQL module \"refint\" allows an unprivil ...", "Description": "Stack buffer overflow in PostgreSQL module \"refint\" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a \"refint\" cascade primary key and facilitates user-controlled updates to that column. In that case, a SQL injection allows a primary key update value provider to execute arbitrary SQL as the database user performing the primary key update. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "Severity": "HIGH", "CweIDs": [ "CWE-89", "CWE-121" ], "VendorSeverity": { "azure": 3, "bitnami": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.8 } }, "References": [ "https://nvd.nist.gov/vuln/detail/CVE-2026-6637", "https://www.postgresql.org/support/security/CVE-2026-6637/" ], "PublishedDate": "2026-05-14T14:16:25.82Z", "LastModifiedDate": "2026-05-18T15:05:21.3Z" }, { "VulnerabilityID": "CVE-2026-6638", "VendorIDs": [ "DSA-6270-1" ], "PkgID": "libpq5@17.9-0+deb13u1", "PkgName": "libpq5", "PkgIdentifier": { "PURL": "pkg:deb/debian/libpq5@17.9-0%2Bdeb13u1?arch=amd64\u0026distro=debian-13.4", "UID": "d45387f5f2192a66" }, "InstalledVersion": "17.9-0+deb13u1", "FixedVersion": "17.10-0+deb13u1", "Status": "fixed", "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6638", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:b825b1d7ceedc98afd6ec1a9e88a256998ca57c044f2e6004ad761c6f1232157", "Title": "SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... ...", "Description": "SQL injection in PostgreSQL logical replication ALTER SUBSCRIPTION ... REFRESH PUBLICATION allows a subscriber table creator to execute arbitrary SQL with the subscription's publication-side credentials. The attack takes effect at the next REFRESH PUBLICATION. Within major versions 16, 17, and 18, minor versions before PostgreSQL 18.4, 17.10, and 16.14 are affected. Versions before PostgreSQL 16 are unaffected.", "Severity": "HIGH", "CweIDs": [ "CWE-89" ], "VendorSeverity": { "azure": 1, "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.8 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.8 } }, "References": [ "https://nvd.nist.gov/vuln/detail/CVE-2026-6638", "https://www.postgresql.org/support/security/CVE-2026-6638/" ], "PublishedDate": "2026-05-14T14:16:25.937Z", "LastModifiedDate": "2026-05-18T14:14:33.4Z" }, { "VulnerabilityID": "CVE-2026-6472", "VendorIDs": [ "DSA-6270-1" ], "PkgID": "libpq5@17.9-0+deb13u1", "PkgName": "libpq5", "PkgIdentifier": { "PURL": "pkg:deb/debian/libpq5@17.9-0%2Bdeb13u1?arch=amd64\u0026distro=debian-13.4", "UID": "d45387f5f2192a66" }, "InstalledVersion": "17.9-0+deb13u1", "FixedVersion": "17.10-0+deb13u1", "Status": "fixed", "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6472", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:bc271e795e5c06d006e3cebef7bbdffc5e13fb0f3f1ed456d4ac7d4efc8a39c2", "Title": "Missing authorization in PostgreSQL CREATE TYPE allows an object creat ...", "Description": "Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use search_path to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "Severity": "MEDIUM", "CweIDs": [ "CWE-862" ], "VendorSeverity": { "azure": 2, "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://nvd.nist.gov/vuln/detail/CVE-2026-6472", "https://www.postgresql.org/support/security/CVE-2026-6472/" ], "PublishedDate": "2026-05-14T14:16:24.757Z", "LastModifiedDate": "2026-05-18T14:59:26.607Z" }, { "VulnerabilityID": "CVE-2026-6474", "VendorIDs": [ "DSA-6270-1" ], "PkgID": "libpq5@17.9-0+deb13u1", "PkgName": "libpq5", "PkgIdentifier": { "PURL": "pkg:deb/debian/libpq5@17.9-0%2Bdeb13u1?arch=amd64\u0026distro=debian-13.4", "UID": "d45387f5f2192a66" }, "InstalledVersion": "17.9-0+deb13u1", "FixedVersion": "17.10-0+deb13u1", "Status": "fixed", "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6474", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:a03b85ff93af5f367c38e85d5a49cb54b0650cd3a8f7991da4d432d37c800834", "Title": "Externally-controlled format string in PostgreSQL timeofday() function ...", "Description": "Externally-controlled format string in PostgreSQL timeofday() function allows an attacker to retrieve portions of server memory, via crafted timezone zones. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "Severity": "MEDIUM", "CweIDs": [ "CWE-134" ], "VendorSeverity": { "azure": 2, "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "V3Score": 4.3 } }, "References": [ "https://nvd.nist.gov/vuln/detail/CVE-2026-6474", "https://www.postgresql.org/support/security/CVE-2026-6474/" ], "PublishedDate": "2026-05-14T14:16:24.997Z", "LastModifiedDate": "2026-05-18T15:00:45.52Z" }, { "VulnerabilityID": "CVE-2026-6478", "VendorIDs": [ "DSA-6270-1" ], "PkgID": "libpq5@17.9-0+deb13u1", "PkgName": "libpq5", "PkgIdentifier": { "PURL": "pkg:deb/debian/libpq5@17.9-0%2Bdeb13u1?arch=amd64\u0026distro=debian-13.4", "UID": "d45387f5f2192a66" }, "InstalledVersion": "17.9-0+deb13u1", "FixedVersion": "17.10-0+deb13u1", "Status": "fixed", "Layer": { "Digest": "sha256:581bed27611fc8ed3fc8749acc7f9add61417d41ccf7e15679c2911285930faf", "DiffID": "sha256:753cd42ea6b48089cc8ebe286845252884c568313a5563068f533782f485e6ac" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6478", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:838b3e75f8e8bf6c3fb5ea6f325cd55a07bb0056eef1fe303f1020c1220efe44", "Title": "Covert timing channel in comparison of MD5-hashed password in PostgreS ...", "Description": "Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed passwords originating in upgrades from PostgreSQL 13 or earlier. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected.", "Severity": "MEDIUM", "CweIDs": [ "CWE-385" ], "VendorSeverity": { "azure": 2, "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 } }, "References": [ "https://nvd.nist.gov/vuln/detail/CVE-2026-6478", "https://www.postgresql.org/support/security/CVE-2026-6478/" ], "PublishedDate": "2026-05-14T14:16:25.463Z", "LastModifiedDate": "2026-05-18T15:03:55.67Z" }, { "VulnerabilityID": "CVE-2026-27456", "PkgID": "libsmartcols1@2.41-5", "PkgName": "libsmartcols1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsmartcols1@2.41-5?arch=amd64\u0026distro=debian-13.4", "UID": "cfae7d67f8245164" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:b87941983179b676ec44f904304d3d745afe885e336c77641bdf84620ca16a67", "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59", "CWE-269", "CWE-367" ], "VendorSeverity": { "azure": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27456", "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "https://www.cve.org/CVERecord?id=CVE-2026-27456" ], "PublishedDate": "2026-04-03T22:16:25.4Z", "LastModifiedDate": "2026-04-22T16:08:55.1Z" }, { "VulnerabilityID": "CVE-2026-3184", "PkgID": "libsmartcols1@2.41-5", "PkgName": "libsmartcols1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsmartcols1@2.41-5?arch=amd64\u0026distro=debian-13.4", "UID": "cfae7d67f8245164" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:fbb9e169576671b37e32a800cdd6c0da598b2443c96a2b1be7889553b389c65c", "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", "Severity": "MEDIUM", "CweIDs": [ "CWE-289" ], "VendorSeverity": { "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7180", "https://access.redhat.com/security/cve/CVE-2026-3184", "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", "https://www.cve.org/CVERecord?id=CVE-2026-3184" ], "PublishedDate": "2026-04-03T19:17:23.377Z", "LastModifiedDate": "2026-05-01T19:29:51.02Z" }, { "VulnerabilityID": "CVE-2026-29111", "PkgID": "libsystemd0@257.9-1~deb13u1", "PkgName": "libsystemd0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsystemd0@257.9-1~deb13u1?arch=amd64\u0026distro=debian-13.4", "UID": "b50b08c7bba67f5" }, "InstalledVersion": "257.9-1~deb13u1", "FixedVersion": "257.13-1~deb13u1", "Status": "fixed", "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-29111", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:2ac4148b15606100696639929f5833a1894cdfd1fdb69af3594693a6a64ac7e7", "Title": "systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data", "Description": "systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is not possible as the safety check causes an assert instead. This IPC call was added in v239, so versions older than that are not affected. Versions 260-rc1, 259.2, 258.5, and 257.11 contain patches. No known workarounds are available.", "Severity": "MEDIUM", "CweIDs": [ "CWE-269" ], "VendorSeverity": { "alma": 2, "azure": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:13677", "https://access.redhat.com/security/cve/CVE-2026-29111", "https://bugzilla.redhat.com/2450505", "https://errata.almalinux.org/9/ALSA-2026-13677.html", "https://github.com/systemd/systemd/commit/1d22f706bd04f45f8422e17fbde3f56ece17758a", "https://github.com/systemd/systemd/commit/20021e7686426052e3a7505425d7e12085feb2a6", "https://github.com/systemd/systemd/commit/21167006574d6b83813c7596759b474f56562412", "https://github.com/systemd/systemd/commit/3cee294fe8cf4fa0eff933ab21416d099942cabd", "https://github.com/systemd/systemd/commit/42aee39107fbdd7db1ccd402a2151822b2805e9f", "https://github.com/systemd/systemd/commit/54588d2dedff54bfb6036670820650e4ea74628f", "https://github.com/systemd/systemd/commit/7ac3220213690e8a8d6d2a6e81e43bd1dce01d69", "https://github.com/systemd/systemd/commit/80acea4ef80a4bb78560ed970c34952299b890d6", "https://github.com/systemd/systemd/commit/b5fd14693057e5f2c9b4a49603be64ec3608ff6c", "https://github.com/systemd/systemd/commit/efa6ba2ab625aaa160ac435a09e6482fc63bdbe8", "https://github.com/systemd/systemd/security/advisories/GHSA-gx6q-6f99-m764", "https://linux.oracle.com/cve/CVE-2026-29111.html", "https://linux.oracle.com/errata/ELSA-2026-13677.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-29111", "https://ubuntu.com/security/notices/USN-8119-1", "https://ubuntu.com/security/notices/USN-8119-2", "https://www.cve.org/CVERecord?id=CVE-2026-29111" ], "PublishedDate": "2026-03-23T22:16:26.267Z", "LastModifiedDate": "2026-04-15T16:44:38.387Z" }, { "VulnerabilityID": "CVE-2026-40225", "PkgID": "libsystemd0@257.9-1~deb13u1", "PkgName": "libsystemd0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsystemd0@257.9-1~deb13u1?arch=amd64\u0026distro=debian-13.4", "UID": "b50b08c7bba67f5" }, "InstalledVersion": "257.9-1~deb13u1", "FixedVersion": "257.13-1~deb13u1", "Status": "fixed", "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40225", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:a045c8e8ab52ac058059444c83a3e955b7408b55d832ad9d6986144cfaa13751", "Title": "systemd: udev in systemd: Privilege escalation via malicious hardware devices and unsanitized kernel output", "Description": "In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.", "Severity": "MEDIUM", "CweIDs": [ "CWE-669" ], "VendorSeverity": { "photon": 2, "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-40225", "https://github.com/systemd/systemd/security/advisories/GHSA-vpfq-8p5f-jcqx", "https://nvd.nist.gov/vuln/detail/CVE-2026-40225", "https://www.cve.org/CVERecord?id=CVE-2026-40225" ], "PublishedDate": "2026-04-10T16:16:33.287Z", "LastModifiedDate": "2026-04-27T19:00:02.21Z" }, { "VulnerabilityID": "CVE-2026-40226", "PkgID": "libsystemd0@257.9-1~deb13u1", "PkgName": "libsystemd0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsystemd0@257.9-1~deb13u1?arch=amd64\u0026distro=debian-13.4", "UID": "b50b08c7bba67f5" }, "InstalledVersion": "257.9-1~deb13u1", "FixedVersion": "257.13-1~deb13u1", "Status": "fixed", "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40226", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:c24c1b86d6b5bb5772cfed887d0be8a8934af0902cdb057f42a024dcd7707229", "Title": "systemd: systemd nspawn: Escape-to-host action via crafted config file", "Description": "In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.", "Severity": "MEDIUM", "CweIDs": [ "CWE-348" ], "VendorSeverity": { "photon": 2, "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-40226", "https://github.com/systemd/systemd/security/advisories/GHSA-9mj4-rrc3-gjcx", "https://nvd.nist.gov/vuln/detail/CVE-2026-40226", "https://www.cve.org/CVERecord?id=CVE-2026-40226" ], "PublishedDate": "2026-04-10T16:16:33.447Z", "LastModifiedDate": "2026-04-17T22:02:15.393Z" }, { "VulnerabilityID": "CVE-2026-4105", "PkgID": "libsystemd0@257.9-1~deb13u1", "PkgName": "libsystemd0", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsystemd0@257.9-1~deb13u1?arch=amd64\u0026distro=debian-13.4", "UID": "b50b08c7bba67f5" }, "InstalledVersion": "257.9-1~deb13u1", "FixedVersion": "257.13-1~deb13u1", "Status": "fixed", "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4105", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:0e6cae38db3b05d7cc87df34817ae885b419141f0e7fb8ed0015f74cefc55164", "Title": "systemd: systemd: Privilege escalation via improper access control in RegisterMachine D-Bus method", "Description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "Severity": "MEDIUM", "CweIDs": [ "CWE-284" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "V3Score": 6.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7299", "https://access.redhat.com/security/cve/CVE-2026-4105", "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862", "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "https://www.cve.org/CVERecord?id=CVE-2026-4105" ], "PublishedDate": "2026-03-13T19:55:13.673Z", "LastModifiedDate": "2026-04-30T17:16:26.697Z" }, { "VulnerabilityID": "CVE-2025-69720", "PkgID": "libtinfo6@6.5+20250216-2", "PkgName": "libtinfo6", "PkgIdentifier": { "PURL": "pkg:deb/debian/libtinfo6@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.4", "UID": "5286a1335bb605c5" }, "InstalledVersion": "6.5+20250216-2", "Status": "affected", "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69720", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:f6b91eb1aff994783223da57c34e1c55987f25e7744aefb5c60b3a73f04611b4", "Title": "ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.", "Description": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "Severity": "HIGH", "CweIDs": [ "CWE-121", "CWE-120" ], "VendorSeverity": { "alma": 2, "azure": 4, "cbl-mariner": 4, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:5913", "https://access.redhat.com/security/cve/CVE-2025-69720", "https://bugzilla.redhat.com/2449037", "https://bugzilla.redhat.com/show_bug.cgi?id=2449037", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69720", "https://errata.almalinux.org/10/ALSA-2026-5913.html", "https://errata.rockylinux.org/RLSA-2026:5913", "https://github.com/Cao-Wuhui/CVE-2025-69720", "https://invisible-island.net/archives/ncurses/6.5/", "https://invisible-island.net/ncurses/", "https://linux.oracle.com/cve/CVE-2025-69720.html", "https://linux.oracle.com/errata/ELSA-2026-5913.html", "https://marc.info/?l=ncurses-bug\u0026m=176539968328570\u0026w=2", "https://marc.info/?l=ncurses-bug\u0026m=176540731801330\u0026w=2", "https://marc.info/?l=ncurses-bug\u0026m=176545557728083\u0026w=2", "https://nvd.nist.gov/vuln/detail/CVE-2025-69720", "https://www.cve.org/CVERecord?id=CVE-2025-69720" ], "PublishedDate": "2026-03-19T15:16:21.293Z", "LastModifiedDate": "2026-03-26T19:35:10.547Z" }, { "VulnerabilityID": "CVE-2026-29111", "PkgID": "libudev1@257.9-1~deb13u1", "PkgName": "libudev1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libudev1@257.9-1~deb13u1?arch=amd64\u0026distro=debian-13.4", "UID": "9b08ae719b1cb01e" }, "InstalledVersion": "257.9-1~deb13u1", "FixedVersion": "257.13-1~deb13u1", "Status": "fixed", "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-29111", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:7981388a82b55e5c281b0c8f6001dfe6c6cee8201f45e671125a9c4cd5e991a2", "Title": "systemd: systemd: Arbitrary code execution or Denial of Service via spurious IPC API call data", "Description": "systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this is not possible as the safety check causes an assert instead. This IPC call was added in v239, so versions older than that are not affected. Versions 260-rc1, 259.2, 258.5, and 257.11 contain patches. No known workarounds are available.", "Severity": "MEDIUM", "CweIDs": [ "CWE-269" ], "VendorSeverity": { "alma": 2, "azure": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:13677", "https://access.redhat.com/security/cve/CVE-2026-29111", "https://bugzilla.redhat.com/2450505", "https://errata.almalinux.org/9/ALSA-2026-13677.html", "https://github.com/systemd/systemd/commit/1d22f706bd04f45f8422e17fbde3f56ece17758a", "https://github.com/systemd/systemd/commit/20021e7686426052e3a7505425d7e12085feb2a6", "https://github.com/systemd/systemd/commit/21167006574d6b83813c7596759b474f56562412", "https://github.com/systemd/systemd/commit/3cee294fe8cf4fa0eff933ab21416d099942cabd", "https://github.com/systemd/systemd/commit/42aee39107fbdd7db1ccd402a2151822b2805e9f", "https://github.com/systemd/systemd/commit/54588d2dedff54bfb6036670820650e4ea74628f", "https://github.com/systemd/systemd/commit/7ac3220213690e8a8d6d2a6e81e43bd1dce01d69", "https://github.com/systemd/systemd/commit/80acea4ef80a4bb78560ed970c34952299b890d6", "https://github.com/systemd/systemd/commit/b5fd14693057e5f2c9b4a49603be64ec3608ff6c", "https://github.com/systemd/systemd/commit/efa6ba2ab625aaa160ac435a09e6482fc63bdbe8", "https://github.com/systemd/systemd/security/advisories/GHSA-gx6q-6f99-m764", "https://linux.oracle.com/cve/CVE-2026-29111.html", "https://linux.oracle.com/errata/ELSA-2026-13677.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-29111", "https://ubuntu.com/security/notices/USN-8119-1", "https://ubuntu.com/security/notices/USN-8119-2", "https://www.cve.org/CVERecord?id=CVE-2026-29111" ], "PublishedDate": "2026-03-23T22:16:26.267Z", "LastModifiedDate": "2026-04-15T16:44:38.387Z" }, { "VulnerabilityID": "CVE-2026-40225", "PkgID": "libudev1@257.9-1~deb13u1", "PkgName": "libudev1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libudev1@257.9-1~deb13u1?arch=amd64\u0026distro=debian-13.4", "UID": "9b08ae719b1cb01e" }, "InstalledVersion": "257.9-1~deb13u1", "FixedVersion": "257.13-1~deb13u1", "Status": "fixed", "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40225", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:21e8249acc472a6190aabd1355208811229432baad1ee6df9e79ccf432307299", "Title": "systemd: udev in systemd: Privilege escalation via malicious hardware devices and unsanitized kernel output", "Description": "In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output.", "Severity": "MEDIUM", "CweIDs": [ "CWE-669" ], "VendorSeverity": { "photon": 2, "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-40225", "https://github.com/systemd/systemd/security/advisories/GHSA-vpfq-8p5f-jcqx", "https://nvd.nist.gov/vuln/detail/CVE-2026-40225", "https://www.cve.org/CVERecord?id=CVE-2026-40225" ], "PublishedDate": "2026-04-10T16:16:33.287Z", "LastModifiedDate": "2026-04-27T19:00:02.21Z" }, { "VulnerabilityID": "CVE-2026-40226", "PkgID": "libudev1@257.9-1~deb13u1", "PkgName": "libudev1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libudev1@257.9-1~deb13u1?arch=amd64\u0026distro=debian-13.4", "UID": "9b08ae719b1cb01e" }, "InstalledVersion": "257.9-1~deb13u1", "FixedVersion": "257.13-1~deb13u1", "Status": "fixed", "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40226", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:5522ca95fa89c2e3782566f844047c6ab9b05a68bd1ccb7a891de194eb862259", "Title": "systemd: systemd nspawn: Escape-to-host action via crafted config file", "Description": "In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file.", "Severity": "MEDIUM", "CweIDs": [ "CWE-348" ], "VendorSeverity": { "photon": 2, "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-40226", "https://github.com/systemd/systemd/security/advisories/GHSA-9mj4-rrc3-gjcx", "https://nvd.nist.gov/vuln/detail/CVE-2026-40226", "https://www.cve.org/CVERecord?id=CVE-2026-40226" ], "PublishedDate": "2026-04-10T16:16:33.447Z", "LastModifiedDate": "2026-04-17T22:02:15.393Z" }, { "VulnerabilityID": "CVE-2026-4105", "PkgID": "libudev1@257.9-1~deb13u1", "PkgName": "libudev1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libudev1@257.9-1~deb13u1?arch=amd64\u0026distro=debian-13.4", "UID": "9b08ae719b1cb01e" }, "InstalledVersion": "257.9-1~deb13u1", "FixedVersion": "257.13-1~deb13u1", "Status": "fixed", "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4105", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:4f49d6916adf9d722fb666b581fcfb8220ba268a37353abb4d8c503b8385ff80", "Title": "systemd: systemd: Privilege escalation via improper access control in RegisterMachine D-Bus method", "Description": "A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system.", "Severity": "MEDIUM", "CweIDs": [ "CWE-284" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "V3Score": 6.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7299", "https://access.redhat.com/security/cve/CVE-2026-4105", "https://bugzilla.redhat.com/show_bug.cgi?id=2447262", "https://github.com/systemd/systemd/security/advisories/GHSA-4h6x-r8vx-3862", "https://nvd.nist.gov/vuln/detail/CVE-2026-4105", "https://www.cve.org/CVERecord?id=CVE-2026-4105" ], "PublishedDate": "2026-03-13T19:55:13.673Z", "LastModifiedDate": "2026-04-30T17:16:26.697Z" }, { "VulnerabilityID": "CVE-2026-27456", "PkgID": "libuuid1@2.41-5", "PkgName": "libuuid1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libuuid1@2.41-5?arch=amd64\u0026distro=debian-13.4", "UID": "4a57eaeae20e47" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:0634bbbbb348ca9dcb0eb98ee1939e922ceb5e38e211cae37d80b5cd3362a130", "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59", "CWE-269", "CWE-367" ], "VendorSeverity": { "azure": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27456", "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "https://www.cve.org/CVERecord?id=CVE-2026-27456" ], "PublishedDate": "2026-04-03T22:16:25.4Z", "LastModifiedDate": "2026-04-22T16:08:55.1Z" }, { "VulnerabilityID": "CVE-2026-3184", "PkgID": "libuuid1@2.41-5", "PkgName": "libuuid1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libuuid1@2.41-5?arch=amd64\u0026distro=debian-13.4", "UID": "4a57eaeae20e47" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:7e6606670e8eafa50fb3f5b4826dfb914cc30c0021f728ac39bacb53754531e3", "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", "Severity": "MEDIUM", "CweIDs": [ "CWE-289" ], "VendorSeverity": { "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7180", "https://access.redhat.com/security/cve/CVE-2026-3184", "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", "https://www.cve.org/CVERecord?id=CVE-2026-3184" ], "PublishedDate": "2026-04-03T19:17:23.377Z", "LastModifiedDate": "2026-05-01T19:29:51.02Z" }, { "VulnerabilityID": "CVE-2026-27456", "PkgID": "login@1:4.16.0-2+really2.41-5", "PkgName": "login", "PkgIdentifier": { "PURL": "pkg:deb/debian/login@4.16.0-2%2Breally2.41-5?arch=amd64\u0026distro=debian-13.4\u0026epoch=1", "UID": "35a636a49ab503ca" }, "InstalledVersion": "1:4.16.0-2+really2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:6279a3e5c0e1d5c3a1fd33dd5136ea27b7541ba56d1f1555cbce72b4e67d3682", "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59", "CWE-269", "CWE-367" ], "VendorSeverity": { "azure": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27456", "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "https://www.cve.org/CVERecord?id=CVE-2026-27456" ], "PublishedDate": "2026-04-03T22:16:25.4Z", "LastModifiedDate": "2026-04-22T16:08:55.1Z" }, { "VulnerabilityID": "CVE-2026-3184", "PkgID": "login@1:4.16.0-2+really2.41-5", "PkgName": "login", "PkgIdentifier": { "PURL": "pkg:deb/debian/login@4.16.0-2%2Breally2.41-5?arch=amd64\u0026distro=debian-13.4\u0026epoch=1", "UID": "35a636a49ab503ca" }, "InstalledVersion": "1:4.16.0-2+really2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:a26bb4b5c9d32d1b71e680d6b532d8e5643ef665fe375addc3ec80e53df5728c", "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", "Severity": "MEDIUM", "CweIDs": [ "CWE-289" ], "VendorSeverity": { "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7180", "https://access.redhat.com/security/cve/CVE-2026-3184", "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", "https://www.cve.org/CVERecord?id=CVE-2026-3184" ], "PublishedDate": "2026-04-03T19:17:23.377Z", "LastModifiedDate": "2026-05-01T19:29:51.02Z" }, { "VulnerabilityID": "CVE-2025-69720", "PkgID": "ncurses-base@6.5+20250216-2", "PkgName": "ncurses-base", "PkgIdentifier": { "PURL": "pkg:deb/debian/ncurses-base@6.5%2B20250216-2?arch=all\u0026distro=debian-13.4", "UID": "767a0231348a5cb5" }, "InstalledVersion": "6.5+20250216-2", "Status": "affected", "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69720", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:0c84a372ca3229009ee1aa46a91a45714f6c80f6f0ef931438d1866179f2b257", "Title": "ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.", "Description": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "Severity": "HIGH", "CweIDs": [ "CWE-121", "CWE-120" ], "VendorSeverity": { "alma": 2, "azure": 4, "cbl-mariner": 4, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:5913", "https://access.redhat.com/security/cve/CVE-2025-69720", "https://bugzilla.redhat.com/2449037", "https://bugzilla.redhat.com/show_bug.cgi?id=2449037", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69720", "https://errata.almalinux.org/10/ALSA-2026-5913.html", "https://errata.rockylinux.org/RLSA-2026:5913", "https://github.com/Cao-Wuhui/CVE-2025-69720", "https://invisible-island.net/archives/ncurses/6.5/", "https://invisible-island.net/ncurses/", "https://linux.oracle.com/cve/CVE-2025-69720.html", "https://linux.oracle.com/errata/ELSA-2026-5913.html", "https://marc.info/?l=ncurses-bug\u0026m=176539968328570\u0026w=2", "https://marc.info/?l=ncurses-bug\u0026m=176540731801330\u0026w=2", "https://marc.info/?l=ncurses-bug\u0026m=176545557728083\u0026w=2", "https://nvd.nist.gov/vuln/detail/CVE-2025-69720", "https://www.cve.org/CVERecord?id=CVE-2025-69720" ], "PublishedDate": "2026-03-19T15:16:21.293Z", "LastModifiedDate": "2026-03-26T19:35:10.547Z" }, { "VulnerabilityID": "CVE-2026-27171", "PkgID": "zlib1g@1:1.3.dfsg+really1.3.1-1+b1", "PkgName": "zlib1g", "PkgIdentifier": { "PURL": "pkg:deb/debian/zlib1g@1.3.dfsg%2Breally1.3.1-1%2Bb1?arch=amd64\u0026distro=debian-13.4\u0026epoch=1", "UID": "6f0e3b7df83b1702" }, "InstalledVersion": "1:1.3.dfsg+really1.3.1-1+b1", "Status": "affected", "Layer": { "Digest": "sha256:bce2073474a5c4b77ad29de8e265ffa7f3b62259ad16653d32f4416192785740", "DiffID": "sha256:79dd1f4c855cd061f687a994426634cf5f84c8ecdbc66c7a7d118e828dd93c99" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27171", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:f241a844d071fb30de3976f7e151458b46819f63dee29ba0156c3fc7513daa40", "Title": "zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions", "Description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", "Severity": "MEDIUM", "CweIDs": [ "CWE-1284" ], "VendorSeverity": { "amazon": 1, "azure": 1, "cbl-mariner": 1, "julia": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 2.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit", "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", "https://access.redhat.com/security/cve/CVE-2026-27171", "https://github.com/advisories/GHSA-h858-mf2m-8jf4", "https://github.com/madler/zlib/issues/904", "https://github.com/madler/zlib/releases/tag/v1.3.2", "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", "https://ostif.org/zlib-audit-complete", "https://ostif.org/zlib-audit-complete/", "https://www.cve.org/CVERecord?id=CVE-2026-27171" ], "PublishedDate": "2026-02-18T04:16:01.263Z", "LastModifiedDate": "2026-03-25T21:27:04.603Z" } ] } ] }, { "Namespace": "mail", "Kind": "Deployment", "Name": "dovecot", "Metadata": [ { "Size": 58672128, "OS": { "Family": "wolfi", "Name": "20230201" }, "ImageID": "sha256:b9b56018bd9e4f7496c6f35b0918448626dc1a894abaf6bb1d4cf91150bd56a4", "DiffIDs": [ "sha256:3a9803177bb563195998847cce18c838b99873e634c902f385e042d5228df4d7", "sha256:f11fd671e779cce250907410910e28992aa53539ab2a0975ac56dade8038383c", "sha256:7505965c2d8eb899a7de523a3351dc5636845c24cf50a7df9fcff870d2048e1c", "sha256:6dc90485e72e44afeb1ecab592900e898164c016d33125161b308c8bcfa53cf9", "sha256:caaccf89b8660b925e0e0266ffdc4f3e3cc7e98e121742c233f199ec167a4920", "sha256:70991d5976e247cb33ca1923edd3f609e6c23f527dbe62b838d6a03c0bca6453", "sha256:850730726263ef9170056c45983eebcbb4c22014c78b7d72032085fa3762def1", "sha256:90cfe0bd8cd693b2ee91b94108fc47f023d82edc00e57352ab6635d827b33505", "sha256:711f72ded0c5f10478ebf93fdd6d6a47ac484a232ef709c52e67315d4af006d9", "sha256:fa008b9e9566cccb0022385799dfad042fce8d00164bbce9b0780c0d48189a94", "sha256:c04a63708d2b0452b3e995ea00fc60f254d7fc35f8ffdbfcf0cb3b997369610e" ], "RepoTags": [ "chainguard/stunnel:latest" ], "RepoDigests": [ "chainguard/stunnel@sha256:5beda2fa6c5a3d36be2a650ef1233ab244aee71efe07c73e4495f82bb34cecd8" ], "Reference": "chainguard/stunnel:latest", "ImageConfig": { "architecture": "amd64", "author": "github.com/chainguard-dev/apko", "created": "2026-05-20T02:17:13Z", "history": [ { "author": "apko", "created": "2026-05-20T02:17:13Z", "created_by": "apko", "comment": "stunnel by Chainguard" }, { "author": "apko", "created": "2026-05-20T02:17:13Z", "created_by": "apko", "comment": "stunnel by Chainguard" }, { "author": "apko", "created": "2026-05-20T02:17:13Z", "created_by": "apko", "comment": "stunnel by Chainguard" }, { "author": "apko", "created": "2026-05-20T02:17:13Z", "created_by": "apko", "comment": "stunnel by Chainguard" }, { "author": "apko", "created": "2026-05-20T02:17:13Z", "created_by": "apko", "comment": "stunnel by Chainguard" }, { "author": "apko", "created": "2026-05-20T02:17:13Z", "created_by": "apko", "comment": "stunnel by Chainguard" }, { "author": "apko", "created": "2026-05-20T02:17:13Z", "created_by": "apko", "comment": "stunnel by Chainguard" }, { "author": "apko", "created": "2026-05-20T02:17:13Z", "created_by": "apko", "comment": "stunnel by Chainguard" }, { "author": "apko", "created": "2026-05-20T02:17:13Z", "created_by": "apko", "comment": "stunnel by Chainguard" }, { "author": "apko", "created": "2026-05-20T02:17:13Z", "created_by": "apko", "comment": "stunnel by Chainguard" }, { "author": "apko", "created": "2026-05-20T02:17:13Z", "created_by": "apko", "comment": "stunnel by Chainguard" } ], "os": "linux", "rootfs": { "type": "layers", "diff_ids": [ "sha256:3a9803177bb563195998847cce18c838b99873e634c902f385e042d5228df4d7", "sha256:f11fd671e779cce250907410910e28992aa53539ab2a0975ac56dade8038383c", "sha256:7505965c2d8eb899a7de523a3351dc5636845c24cf50a7df9fcff870d2048e1c", "sha256:6dc90485e72e44afeb1ecab592900e898164c016d33125161b308c8bcfa53cf9", "sha256:caaccf89b8660b925e0e0266ffdc4f3e3cc7e98e121742c233f199ec167a4920", "sha256:70991d5976e247cb33ca1923edd3f609e6c23f527dbe62b838d6a03c0bca6453", "sha256:850730726263ef9170056c45983eebcbb4c22014c78b7d72032085fa3762def1", "sha256:90cfe0bd8cd693b2ee91b94108fc47f023d82edc00e57352ab6635d827b33505", "sha256:711f72ded0c5f10478ebf93fdd6d6a47ac484a232ef709c52e67315d4af006d9", "sha256:fa008b9e9566cccb0022385799dfad042fce8d00164bbce9b0780c0d48189a94", "sha256:c04a63708d2b0452b3e995ea00fc60f254d7fc35f8ffdbfcf0cb3b997369610e" ] }, "config": { "Cmd": [ "-help" ], "Entrypoint": [ "/usr/bin/stunnel" ], "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/sbin:/sbin:/bin", "SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt" ], "Labels": { "dev.chainguard.image.title": "stunnel", "dev.chainguard.package.main": "", "org.opencontainers.image.authors": "Chainguard Team https://www.chainguard.dev/", "org.opencontainers.image.created": "2026-05-20T02:17:13Z", "org.opencontainers.image.source": "https://github.com/chainguard-images/images/tree/main/images/stunnel", "org.opencontainers.image.title": "stunnel", "org.opencontainers.image.url": "https://images.chainguard.dev/directory/image/stunnel/overview", "org.opencontainers.image.vendor": "Chainguard" }, "User": "65532" } }, "Layers": [ { "Size": 42873344, "Digest": "sha256:bbf145ce746720e770db2198f415ca26e343d5d7a94ec0c90bf590e09ed0646d", "DiffID": "sha256:3a9803177bb563195998847cce18c838b99873e634c902f385e042d5228df4d7" }, { "Size": 7198720, "Digest": "sha256:a5bfa7101982291c5462599e1eb8bc10b735e11d87315dc410d32701854a8df1", "DiffID": "sha256:f11fd671e779cce250907410910e28992aa53539ab2a0975ac56dade8038383c" }, { "Size": 6977536, "Digest": "sha256:860e1c8a11b7b2efc375891fded78cd87961dafe0801554372faaf6e517622ff", "DiffID": "sha256:7505965c2d8eb899a7de523a3351dc5636845c24cf50a7df9fcff870d2048e1c" }, { "Size": 323072, "Digest": "sha256:3dcb254820f5eabdf1fc2319a73184c051cbc56d72886c40e6cd0b43033579c7", "DiffID": "sha256:6dc90485e72e44afeb1ecab592900e898164c016d33125161b308c8bcfa53cf9" }, { "Size": 238592, "Digest": "sha256:9201e51fe8c1f99c6602ba89bc6cbd3895501936ba9f62f705bb8f150d9bbace", "DiffID": "sha256:caaccf89b8660b925e0e0266ffdc4f3e3cc7e98e121742c233f199ec167a4920" }, { "Size": 227840, "Digest": "sha256:7c6e71c1fdfdf429844e25aad86441920641c0ba46466bc1d043556bfb81b24e", "DiffID": "sha256:70991d5976e247cb33ca1923edd3f609e6c23f527dbe62b838d6a03c0bca6453" }, { "Size": 217088, "Digest": "sha256:4b14fbe9f208e0e4db31fa1d0355d3a4f3be73e3cf4b7842a7b391de62ea1768", "DiffID": "sha256:850730726263ef9170056c45983eebcbb4c22014c78b7d72032085fa3762def1" }, { "Size": 127488, "Digest": "sha256:8d99fd8fea9c370971ba3ab2ab453586d6a437c40211fea16fdb1445d876e907", "DiffID": "sha256:90cfe0bd8cd693b2ee91b94108fc47f023d82edc00e57352ab6635d827b33505" }, { "Size": 64000, "Digest": "sha256:57ba55784e2887043227b53d1ee2788722aae8a9c66b20723e1dfb801c8ce471", "DiffID": "sha256:711f72ded0c5f10478ebf93fdd6d6a47ac484a232ef709c52e67315d4af006d9" }, { "Size": 104960, "Digest": "sha256:858f3967e60f4e2f68ad413de098383c0a420717d554a9e1523cab3e56898c94", "DiffID": "sha256:fa008b9e9566cccb0022385799dfad042fce8d00164bbce9b0780c0d48189a94" }, { "Size": 319488, "Digest": "sha256:79549e660a703a8194c255340b9d1a4e141878979b2ca318ee0170bbea41671c", "DiffID": "sha256:c04a63708d2b0452b3e995ea00fc60f254d7fc35f8ffdbfcf0cb3b997369610e" } ] } ], "Results": [ { "Target": "chainguard/stunnel:latest (wolfi 20230201)", "Class": "os-pkgs", "Type": "wolfi", "Packages": [ { "ID": "ca-certificates-bundle@20260413-r0", "Name": "ca-certificates-bundle", "Identifier": { "PURL": "pkg:apk/wolfi/ca-certificates-bundle@20260413-r0?arch=x86_64\u0026distro=20230201", "UID": "ebab806008154318" }, "Version": "20260413-r0", "Arch": "x86_64", "SrcName": "ca-certificates", "SrcVersion": "20260413-r0", "Licenses": [ "MPL-2.0", "MIT" ], "Maintainer": "wolfi", "DependsOn": [ "wolfi-baselayout@20230201-r29" ], "Layer": { "Digest": "sha256:9201e51fe8c1f99c6602ba89bc6cbd3895501936ba9f62f705bb8f150d9bbace", "DiffID": "sha256:caaccf89b8660b925e0e0266ffdc4f3e3cc7e98e121742c233f199ec167a4920" }, "Digest": "sha1:2b209d10bdb420a13e07b0ca5bdec62d7bb640b3", "InstalledFiles": [ "etc/pki/tls/certs/ca-bundle.crt", "etc/ssl/cert.pem", "etc/ssl/certs/ca-bundle.crt", "etc/ssl/certs/ca-certificates.crt", "var/lib/db/sbom/ca-certificates-bundle-20260413-r0.spdx.json" ], "AnalyzedBy": "apk" }, { "ID": "glibc@2.43-r7", "Name": "glibc", "Identifier": { "PURL": "pkg:apk/wolfi/glibc@2.43-r7?arch=x86_64\u0026distro=20230201", "UID": "1a1b90bec1861696" }, "Version": "2.43-r7", "Arch": "x86_64", "SrcName": "glibc", "SrcVersion": "2.43-r7", "Licenses": [ "LGPL-2.1-or-later" ], "Maintainer": "wolfi", "DependsOn": [ "glibc-locale-posix@2.43-r7", "ld-linux@2.43-r7", "libgcc@16.1.0-r1", "wolfi-baselayout@20230201-r29" ], "Layer": { "Digest": "sha256:860e1c8a11b7b2efc375891fded78cd87961dafe0801554372faaf6e517622ff", "DiffID": "sha256:7505965c2d8eb899a7de523a3351dc5636845c24cf50a7df9fcff870d2048e1c" }, "Digest": "sha1:f0cc592d1ea3041b220dc81ec639e26cf4f3e66b", "InstalledFiles": [ "etc/rpc", "etc/apk/commit_hooks.d/ldconfig-commit.sh", "usr/bin/ld.so", "usr/bin/ldconfig", "usr/lib/libBrokenLocale.so.1", "usr/lib/libanl.so.1", "usr/lib/libc.so.6", "usr/lib/libc_malloc_debug.so.0", "usr/lib/libdl.so.2", "usr/lib/libm.so.6", "usr/lib/libmemusage.so", "usr/lib/libmvec.so.1", "usr/lib/libnsl.so.1", "usr/lib/libnss_compat.so.2", "usr/lib/libnss_dns.so.2", "usr/lib/libnss_files.so.2", "usr/lib/libpthread.so.0", "usr/lib/libresolv.so.2", "usr/lib/librt.so.1", "usr/lib/libthread_db.so.1", "usr/lib/libutil.so.1", "var/lib/db/sbom/glibc-2.43-r7.spdx.json" ], "AnalyzedBy": "apk" }, { "ID": "glibc-locale-posix@2.43-r7", "Name": "glibc-locale-posix", "Identifier": { "PURL": "pkg:apk/wolfi/glibc-locale-posix@2.43-r7?arch=x86_64\u0026distro=20230201", "UID": "d44b25bb62d865d3" }, "Version": "2.43-r7", "Arch": "x86_64", "SrcName": "glibc", "SrcVersion": "2.43-r7", "Licenses": [ "LGPL-2.1-or-later" ], "Maintainer": "wolfi", "DependsOn": [ "wolfi-baselayout@20230201-r29" ], "Layer": { "Digest": "sha256:860e1c8a11b7b2efc375891fded78cd87961dafe0801554372faaf6e517622ff", "DiffID": "sha256:7505965c2d8eb899a7de523a3351dc5636845c24cf50a7df9fcff870d2048e1c" }, "Digest": "sha1:0b8977ea1b9fd95bee784b9f7f1a975431088f73", "InstalledFiles": [ "usr/lib/locale/C.utf8/LC_ADDRESS", "usr/lib/locale/C.utf8/LC_COLLATE", "usr/lib/locale/C.utf8/LC_CTYPE", "usr/lib/locale/C.utf8/LC_IDENTIFICATION", "usr/lib/locale/C.utf8/LC_MEASUREMENT", "usr/lib/locale/C.utf8/LC_MONETARY", "usr/lib/locale/C.utf8/LC_NAME", "usr/lib/locale/C.utf8/LC_NUMERIC", "usr/lib/locale/C.utf8/LC_PAPER", "usr/lib/locale/C.utf8/LC_TELEPHONE", "usr/lib/locale/C.utf8/LC_TIME", "usr/lib/locale/C.utf8/LC_MESSAGES/SYS_LC_MESSAGES", "var/lib/db/sbom/glibc-locale-posix-2.43-r7.spdx.json" ], "AnalyzedBy": "apk" }, { "ID": "ld-linux@2.43-r7", "Name": "ld-linux", "Identifier": { "PURL": "pkg:apk/wolfi/ld-linux@2.43-r7?arch=x86_64\u0026distro=20230201", "UID": "7678e2c8b3007292" }, "Version": "2.43-r7", "Arch": "x86_64", "SrcName": "glibc", "SrcVersion": "2.43-r7", "Licenses": [ "LGPL-2.1-or-later" ], "Maintainer": "wolfi", "DependsOn": [ "glibc@2.43-r7", "wolfi-baselayout@20230201-r29" ], "Layer": { "Digest": "sha256:860e1c8a11b7b2efc375891fded78cd87961dafe0801554372faaf6e517622ff", "DiffID": "sha256:7505965c2d8eb899a7de523a3351dc5636845c24cf50a7df9fcff870d2048e1c" }, "Digest": "sha1:eda542ec0f919bdfefc4d391cbd66a6a0089a3c0", "InstalledFiles": [ "etc/ld.so.conf", "etc/ld.so.conf.d/libc.conf", "usr/lib/ld-linux-x86-64.so.2", "var/lib/db/sbom/ld-linux-2.43-r7.spdx.json" ], "AnalyzedBy": "apk" }, { "ID": "libbz2-1@1.0.8-r23", "Name": "libbz2-1", "Identifier": { "PURL": "pkg:apk/wolfi/libbz2-1@1.0.8-r23?arch=x86_64\u0026distro=20230201", "UID": "baf39df966852f25" }, "Version": "1.0.8-r23", "Arch": "x86_64", "SrcName": "bzip2", "SrcVersion": "1.0.8-r23", "Licenses": [ "MPL-2.0", "MIT" ], "Maintainer": "wolfi", "DependsOn": [ "glibc@2.43-r7" ], "Layer": { "Digest": "sha256:858f3967e60f4e2f68ad413de098383c0a420717d554a9e1523cab3e56898c94", "DiffID": "sha256:fa008b9e9566cccb0022385799dfad042fce8d00164bbce9b0780c0d48189a94" }, "Digest": "sha1:7fc1bbc3ec68d43ae5212efbc33827d139624ada", "InstalledFiles": [ "usr/lib/libbz2.so.1", "usr/lib/libbz2.so.1.0", "usr/lib/libbz2.so.1.0.8", "var/lib/db/sbom/libbz2-1-1.0.8-r23.spdx.json" ], "AnalyzedBy": "apk" }, { "ID": "libcrypt1@2.43-r7", "Name": "libcrypt1", "Identifier": { "PURL": "pkg:apk/wolfi/libcrypt1@2.43-r7?arch=x86_64\u0026distro=20230201", "UID": "b34138e20d9fb87a" }, "Version": "2.43-r7", "Arch": "x86_64", "SrcName": "glibc", "SrcVersion": "2.43-r7", "Licenses": [ "LGPL-2.1-or-later" ], "Maintainer": "wolfi", "DependsOn": [ "glibc@2.43-r7", "libxcrypt@4.5.2-r2", "wolfi-baselayout@20230201-r29" ], "Layer": { "Digest": "sha256:860e1c8a11b7b2efc375891fded78cd87961dafe0801554372faaf6e517622ff", "DiffID": "sha256:7505965c2d8eb899a7de523a3351dc5636845c24cf50a7df9fcff870d2048e1c" }, "Digest": "sha1:2b0791fc2ee61b9771eae9c7323d1aa77a4ded74", "InstalledFiles": [ "var/lib/db/sbom/libcrypt1-2.43-r7.spdx.json" ], "AnalyzedBy": "apk" }, { "ID": "libcrypto3@3.6.2-r5", "Name": "libcrypto3", "Identifier": { "PURL": "pkg:apk/wolfi/libcrypto3@3.6.2-r5?arch=x86_64\u0026distro=20230201", "UID": "a046278abe6b9ef0" }, "Version": "3.6.2-r5", "Arch": "x86_64", "SrcName": "openssl", "SrcVersion": "3.6.2-r5", "Licenses": [ "Apache-2.0" ], "Maintainer": "wolfi", "DependsOn": [ "glibc@2.43-r7" ], "Layer": { "Digest": "sha256:a5bfa7101982291c5462599e1eb8bc10b735e11d87315dc410d32701854a8df1", "DiffID": "sha256:f11fd671e779cce250907410910e28992aa53539ab2a0975ac56dade8038383c" }, "Digest": "sha1:aaa5fa034519fdcd141796d11b7b398a4c779f24", "InstalledFiles": [ "etc/ssl/ca.cnf", "usr/lib/libcrypto.so.3", "var/lib/db/sbom/libcrypto3-3.6.2-r5.spdx.json" ], "AnalyzedBy": "apk" }, { "ID": "libgcc@16.1.0-r1", "Name": "libgcc", "Identifier": { "PURL": "pkg:apk/wolfi/libgcc@16.1.0-r1?arch=x86_64\u0026distro=20230201", "UID": "c62104aba8c6673f" }, "Version": "16.1.0-r1", "Arch": "x86_64", "SrcName": "gcc", "SrcVersion": "16.1.0-r1", "Licenses": [ "GPL-3.0-or-later WITH GCC-exception-3.1" ], "Maintainer": "wolfi", "DependsOn": [ "glibc@2.43-r7", "ld-linux@2.43-r7" ], "Layer": { "Digest": "sha256:4b14fbe9f208e0e4db31fa1d0355d3a4f3be73e3cf4b7842a7b391de62ea1768", "DiffID": "sha256:850730726263ef9170056c45983eebcbb4c22014c78b7d72032085fa3762def1" }, "Digest": "sha1:222b2b0347eea4eb7f440d0746956585d88be3ca", "InstalledFiles": [ "usr/lib/libgcc_s.so.1", "usr/lib/libgcc_s_asneeded.so", "var/lib/db/sbom/libgcc-16.1.0-r1.spdx.json" ], "AnalyzedBy": "apk" }, { "ID": "libssl3@3.6.2-r5", "Name": "libssl3", "Identifier": { "PURL": "pkg:apk/wolfi/libssl3@3.6.2-r5?arch=x86_64\u0026distro=20230201", "UID": "9ca3c227d7ad2f32" }, "Version": "3.6.2-r5", "Arch": "x86_64", "SrcName": "openssl", "SrcVersion": "3.6.2-r5", "Licenses": [ "Apache-2.0" ], "Maintainer": "wolfi", "DependsOn": [ "glibc@2.43-r7", "libcrypto3@3.6.2-r5" ], "Layer": { "Digest": "sha256:a5bfa7101982291c5462599e1eb8bc10b735e11d87315dc410d32701854a8df1", "DiffID": "sha256:f11fd671e779cce250907410910e28992aa53539ab2a0975ac56dade8038383c" }, "Digest": "sha1:c35d5c141272a08edcdaeea03e2a5796b82c6889", "InstalledFiles": [ "usr/lib/libssl.so.3", "var/lib/db/sbom/libssl3-3.6.2-r5.spdx.json" ], "AnalyzedBy": "apk" }, { "ID": "libxcrypt@4.5.2-r2", "Name": "libxcrypt", "Identifier": { "PURL": "pkg:apk/wolfi/libxcrypt@4.5.2-r2?arch=x86_64\u0026distro=20230201", "UID": "c4d66f4744dcb02a" }, "Version": "4.5.2-r2", "Arch": "x86_64", "SrcName": "libxcrypt", "SrcVersion": "4.5.2-r2", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.1-or-later" ], "Maintainer": "wolfi", "Layer": { "Digest": "sha256:7c6e71c1fdfdf429844e25aad86441920641c0ba46466bc1d043556bfb81b24e", "DiffID": "sha256:70991d5976e247cb33ca1923edd3f609e6c23f527dbe62b838d6a03c0bca6453" }, "Digest": "sha1:1dde219a6ba81f29f519398066c7924a90e34598", "InstalledFiles": [ "usr/lib/libcrypt.so.1", "usr/lib/libcrypt.so.1.1.0", "var/lib/db/sbom/libxcrypt-4.5.2-r2.spdx.json" ], "AnalyzedBy": "apk" }, { "ID": "perl@5.42.2-r0", "Name": "perl", "Identifier": { "PURL": "pkg:apk/wolfi/perl@5.42.2-r0?arch=x86_64\u0026distro=20230201", "UID": "ae78e403626bfc66" }, "Version": "5.42.2-r0", "Arch": "x86_64", "SrcName": "perl", "SrcVersion": "5.42.2-r0", "Licenses": [ "Artistic-1.0-Perl", "GPL-1.0-or-later" ], "Maintainer": "wolfi", "DependsOn": [ "glibc@2.43-r7", "ld-linux@2.43-r7", "libbz2-1@1.0.8-r23", "libcrypt1@2.43-r7", "zlib@1.3.2-r3" ], "Layer": { "Digest": "sha256:bbf145ce746720e770db2198f415ca26e343d5d7a94ec0c90bf590e09ed0646d", "DiffID": "sha256:3a9803177bb563195998847cce18c838b99873e634c902f385e042d5228df4d7" }, "Digest": "sha1:aaed423b55b8d1d00a21deb8d57663f19c448503", "InstalledFiles": [ "usr/bin/perl", "usr/bin/perl5.42.2", "usr/bin/perldoc", "usr/bin/pod2html", "usr/bin/pod2man", "usr/bin/pod2text", "usr/bin/pod2usage", "usr/bin/podchecker", "usr/bin/streamzip", "usr/lib/perl5/core_perl/B.pm", "usr/lib/perl5/core_perl/Config.pm", "usr/lib/perl5/core_perl/Config_git.pl", "usr/lib/perl5/core_perl/Config_heavy.pl", "usr/lib/perl5/core_perl/Cwd.pm", "usr/lib/perl5/core_perl/DynaLoader.pm", "usr/lib/perl5/core_perl/Encode.pm", "usr/lib/perl5/core_perl/Errno.pm", "usr/lib/perl5/core_perl/Fcntl.pm", "usr/lib/perl5/core_perl/IO.pm", "usr/lib/perl5/core_perl/O.pm", "usr/lib/perl5/core_perl/Opcode.pm", "usr/lib/perl5/core_perl/POSIX.pm", "usr/lib/perl5/core_perl/SDBM_File.pm", "usr/lib/perl5/core_perl/Socket.pm", "usr/lib/perl5/core_perl/Storable.pm", "usr/lib/perl5/core_perl/attributes.pm", "usr/lib/perl5/core_perl/encoding.pm", "usr/lib/perl5/core_perl/lib.pm", "usr/lib/perl5/core_perl/mro.pm", "usr/lib/perl5/core_perl/ops.pm", "usr/lib/perl5/core_perl/re.pm", "usr/lib/perl5/core_perl/threads.pm", "usr/lib/perl5/core_perl/B/Concise.pm", "usr/lib/perl5/core_perl/B/Showlex.pm", "usr/lib/perl5/core_perl/B/Terse.pm", "usr/lib/perl5/core_perl/B/Xref.pm", "usr/lib/perl5/core_perl/CORE/libperl.so", "usr/lib/perl5/core_perl/Compress/Raw/Bzip2.pm", "usr/lib/perl5/core_perl/Compress/Raw/Zlib.pm", "usr/lib/perl5/core_perl/Data/Dumper.pm", "usr/lib/perl5/core_perl/Digest/MD5.pm", "usr/lib/perl5/core_perl/Digest/SHA.pm", "usr/lib/perl5/core_perl/Encode/Alias.pm", "usr/lib/perl5/core_perl/Encode/Byte.pm", "usr/lib/perl5/core_perl/Encode/CJKConstants.pm", "usr/lib/perl5/core_perl/Encode/CN.pm", "usr/lib/perl5/core_perl/Encode/Config.pm", "usr/lib/perl5/core_perl/Encode/EBCDIC.pm", "usr/lib/perl5/core_perl/Encode/Encoder.pm", "usr/lib/perl5/core_perl/Encode/Encoding.pm", "usr/lib/perl5/core_perl/Encode/GSM0338.pm", "usr/lib/perl5/core_perl/Encode/Guess.pm", "usr/lib/perl5/core_perl/Encode/JP.pm", "usr/lib/perl5/core_perl/Encode/KR.pm", "usr/lib/perl5/core_perl/Encode/Symbol.pm", "usr/lib/perl5/core_perl/Encode/TW.pm", "usr/lib/perl5/core_perl/Encode/Unicode.pm", "usr/lib/perl5/core_perl/Encode/CN/HZ.pm", "usr/lib/perl5/core_perl/Encode/JP/H2Z.pm", "usr/lib/perl5/core_perl/Encode/JP/JIS7.pm", "usr/lib/perl5/core_perl/Encode/KR/2022_KR.pm", "usr/lib/perl5/core_perl/Encode/MIME/Header.pm", "usr/lib/perl5/core_perl/Encode/MIME/Name.pm", "usr/lib/perl5/core_perl/Encode/MIME/Header/ISO_2022_JP.pm", "usr/lib/perl5/core_perl/Encode/Unicode/UTF7.pm", "usr/lib/perl5/core_perl/File/DosGlob.pm", "usr/lib/perl5/core_perl/File/Glob.pm", "usr/lib/perl5/core_perl/File/Spec.pm", "usr/lib/perl5/core_perl/File/Spec/AmigaOS.pm", "usr/lib/perl5/core_perl/File/Spec/Cygwin.pm", "usr/lib/perl5/core_perl/File/Spec/Epoc.pm", "usr/lib/perl5/core_perl/File/Spec/Functions.pm", "usr/lib/perl5/core_perl/File/Spec/Mac.pm", "usr/lib/perl5/core_perl/File/Spec/OS2.pm", "usr/lib/perl5/core_perl/File/Spec/Unix.pm", "usr/lib/perl5/core_perl/File/Spec/VMS.pm", "usr/lib/perl5/core_perl/File/Spec/Win32.pm", "usr/lib/perl5/core_perl/Filter/Util/Call.pm", "usr/lib/perl5/core_perl/Hash/Util.pm", "usr/lib/perl5/core_perl/Hash/Util/FieldHash.pm", "usr/lib/perl5/core_perl/I18N/Langinfo.pm", "usr/lib/perl5/core_perl/IO/Dir.pm", "usr/lib/perl5/core_perl/IO/File.pm", "usr/lib/perl5/core_perl/IO/Handle.pm", "usr/lib/perl5/core_perl/IO/Pipe.pm", "usr/lib/perl5/core_perl/IO/Poll.pm", "usr/lib/perl5/core_perl/IO/Seekable.pm", "usr/lib/perl5/core_perl/IO/Select.pm", "usr/lib/perl5/core_perl/IO/Socket.pm", "usr/lib/perl5/core_perl/IO/Socket/INET.pm", "usr/lib/perl5/core_perl/IO/Socket/UNIX.pm", "usr/lib/perl5/core_perl/IPC/Msg.pm", "usr/lib/perl5/core_perl/IPC/Semaphore.pm", "usr/lib/perl5/core_perl/IPC/SharedMem.pm", "usr/lib/perl5/core_perl/IPC/SysV.pm", "usr/lib/perl5/core_perl/List/Util.pm", "usr/lib/perl5/core_perl/List/Util/XS.pm", "usr/lib/perl5/core_perl/MIME/Base64.pm", "usr/lib/perl5/core_perl/MIME/QuotedPrint.pm", "usr/lib/perl5/core_perl/Math/BigInt/FastCalc.pm", "usr/lib/perl5/core_perl/PerlIO/encoding.pm", "usr/lib/perl5/core_perl/PerlIO/mmap.pm", "usr/lib/perl5/core_perl/PerlIO/via.pm", "usr/lib/perl5/core_perl/Scalar/Util.pm", "usr/lib/perl5/core_perl/Scalar/List/Utils.pm", "usr/lib/perl5/core_perl/Sub/Util.pm", "usr/lib/perl5/core_perl/Sys/Hostname.pm", "usr/lib/perl5/core_perl/Sys/Syslog.pm", "usr/lib/perl5/core_perl/Time/HiRes.pm", "usr/lib/perl5/core_perl/Time/Piece.pm", "usr/lib/perl5/core_perl/Time/Seconds.pm", "usr/lib/perl5/core_perl/Unicode/Collate.pm", "usr/lib/perl5/core_perl/Unicode/Normalize.pm", "usr/lib/perl5/core_perl/Unicode/Collate/Locale.pm", "usr/lib/perl5/core_perl/auto/B/B.so", "usr/lib/perl5/core_perl/auto/Compress/Raw/Bzip2/Bzip2.so", "usr/lib/perl5/core_perl/auto/Compress/Raw/Zlib/Zlib.so", "usr/lib/perl5/core_perl/auto/Cwd/Cwd.so", "usr/lib/perl5/core_perl/auto/Data/Dumper/Dumper.so", "usr/lib/perl5/core_perl/auto/Devel/Peek/Peek.so", "usr/lib/perl5/core_perl/auto/Digest/MD5/MD5.so", "usr/lib/perl5/core_perl/auto/Digest/SHA/SHA.so", "usr/lib/perl5/core_perl/auto/Encode/Encode.so", "usr/lib/perl5/core_perl/auto/Encode/Byte/Byte.so", "usr/lib/perl5/core_perl/auto/Encode/CN/CN.so", "usr/lib/perl5/core_perl/auto/Encode/EBCDIC/EBCDIC.so", "usr/lib/perl5/core_perl/auto/Encode/JP/JP.so", "usr/lib/perl5/core_perl/auto/Encode/KR/KR.so", "usr/lib/perl5/core_perl/auto/Encode/Symbol/Symbol.so", "usr/lib/perl5/core_perl/auto/Encode/TW/TW.so", "usr/lib/perl5/core_perl/auto/Encode/Unicode/Unicode.so", "usr/lib/perl5/core_perl/auto/Fcntl/Fcntl.so", "usr/lib/perl5/core_perl/auto/File/DosGlob/DosGlob.so", "usr/lib/perl5/core_perl/auto/File/Glob/Glob.so", "usr/lib/perl5/core_perl/auto/Filter/Util/Call/Call.so", "usr/lib/perl5/core_perl/auto/Hash/Util/Util.so", "usr/lib/perl5/core_perl/auto/Hash/Util/FieldHash/FieldHash.so", "usr/lib/perl5/core_perl/auto/I18N/Langinfo/Langinfo.so", "usr/lib/perl5/core_perl/auto/IO/IO.so", "usr/lib/perl5/core_perl/auto/IPC/SysV/SysV.so", "usr/lib/perl5/core_perl/auto/List/Util/Util.so", "usr/lib/perl5/core_perl/auto/MIME/Base64/Base64.so", "usr/lib/perl5/core_perl/auto/Math/BigInt/FastCalc/FastCalc.so", "usr/lib/perl5/core_perl/auto/Opcode/Opcode.so", "usr/lib/perl5/core_perl/auto/POSIX/POSIX.so", "usr/lib/perl5/core_perl/auto/PerlIO/encoding/encoding.so", "usr/lib/perl5/core_perl/auto/PerlIO/mmap/mmap.so", "usr/lib/perl5/core_perl/auto/PerlIO/via/via.so", "usr/lib/perl5/core_perl/auto/SDBM_File/SDBM_File.so", "usr/lib/perl5/core_perl/auto/Socket/Socket.so", "usr/lib/perl5/core_perl/auto/Storable/Storable.so", "usr/lib/perl5/core_perl/auto/Sys/Hostname/Hostname.so", "usr/lib/perl5/core_perl/auto/Sys/Syslog/Syslog.so", "usr/lib/perl5/core_perl/auto/Time/HiRes/HiRes.so", "usr/lib/perl5/core_perl/auto/Time/Piece/Piece.so", "usr/lib/perl5/core_perl/auto/Unicode/Collate/Collate.so", "usr/lib/perl5/core_perl/auto/Unicode/Normalize/Normalize.so", "usr/lib/perl5/core_perl/auto/attributes/attributes.so", "usr/lib/perl5/core_perl/auto/mro/mro.so", "usr/lib/perl5/core_perl/auto/re/re.so", "usr/lib/perl5/core_perl/auto/threads/threads.so", "usr/lib/perl5/core_perl/auto/threads/shared/shared.so", "usr/lib/perl5/core_perl/threads/shared.pm", "usr/share/perl5/core_perl/AnyDBM_File.pm", "usr/share/perl5/core_perl/AutoLoader.pm", "usr/share/perl5/core_perl/AutoSplit.pm", "usr/share/perl5/core_perl/Benchmark.pm", "usr/share/perl5/core_perl/CPAN.pm", "usr/share/perl5/core_perl/Carp.pm", "usr/share/perl5/core_perl/DB.pm", "usr/share/perl5/core_perl/DBM_Filter.pm", "usr/share/perl5/core_perl/Digest.pm", "usr/share/perl5/core_perl/DirHandle.pm", "usr/share/perl5/core_perl/Dumpvalue.pm", "usr/share/perl5/core_perl/English.pm", "usr/share/perl5/core_perl/Env.pm", "usr/share/perl5/core_perl/Exporter.pm", "usr/share/perl5/core_perl/Fatal.pm", "usr/share/perl5/core_perl/FileCache.pm", "usr/share/perl5/core_perl/FileHandle.pm", "usr/share/perl5/core_perl/FindBin.pm", "usr/share/perl5/core_perl/Memoize.pm", "usr/share/perl5/core_perl/NEXT.pm", "usr/share/perl5/core_perl/PerlIO.pm", "usr/share/perl5/core_perl/Safe.pm", "usr/share/perl5/core_perl/SelectSaver.pm", "usr/share/perl5/core_perl/SelfLoader.pm", "usr/share/perl5/core_perl/Symbol.pm", "usr/share/perl5/core_perl/Test.pm", "usr/share/perl5/core_perl/Test2.pm", "usr/share/perl5/core_perl/Thread.pm", "usr/share/perl5/core_perl/UNIVERSAL.pm", "usr/share/perl5/core_perl/XSLoader.pm", "usr/share/perl5/core_perl/_charnames.pm", "usr/share/perl5/core_perl/autodie.pm", "usr/share/perl5/core_perl/autouse.pm", "usr/share/perl5/core_perl/base.pm", "usr/share/perl5/core_perl/bigfloat.pm", "usr/share/perl5/core_perl/bigint.pm", "usr/share/perl5/core_perl/bignum.pm", "usr/share/perl5/core_perl/bigrat.pm", "usr/share/perl5/core_perl/blib.pm", "usr/share/perl5/core_perl/builtin.pm", "usr/share/perl5/core_perl/bytes.pm", "usr/share/perl5/core_perl/charnames.pm", "usr/share/perl5/core_perl/constant.pm", "usr/share/perl5/core_perl/deprecate.pm", "usr/share/perl5/core_perl/diagnostics.pm", "usr/share/perl5/core_perl/dumpvar.pl", "usr/share/perl5/core_perl/experimental.pm", "usr/share/perl5/core_perl/feature.pm", "usr/share/perl5/core_perl/fields.pm", "usr/share/perl5/core_perl/filetest.pm", "usr/share/perl5/core_perl/if.pm", "usr/share/perl5/core_perl/integer.pm", "usr/share/perl5/core_perl/less.pm", "usr/share/perl5/core_perl/locale.pm", "usr/share/perl5/core_perl/meta_notation.pm", "usr/share/perl5/core_perl/ok.pm", "usr/share/perl5/core_perl/open.pm", "usr/share/perl5/core_perl/overload.pm", "usr/share/perl5/core_perl/overloading.pm", "usr/share/perl5/core_perl/parent.pm", "usr/share/perl5/core_perl/perl5db.pl", "usr/share/perl5/core_perl/perlfaq.pm", "usr/share/perl5/core_perl/sigtrap.pm", "usr/share/perl5/core_perl/sort.pm", "usr/share/perl5/core_perl/stable.pm", "usr/share/perl5/core_perl/strict.pm", "usr/share/perl5/core_perl/subs.pm", "usr/share/perl5/core_perl/utf8.pm", "usr/share/perl5/core_perl/vars.pm", "usr/share/perl5/core_perl/version.pm", "usr/share/perl5/core_perl/vmsish.pm", "usr/share/perl5/core_perl/warnings.pm", "usr/share/perl5/core_perl/App/Cpan.pm", "usr/share/perl5/core_perl/App/Prove.pm", "usr/share/perl5/core_perl/App/Prove/State.pm", "usr/share/perl5/core_perl/App/Prove/State/Result.pm", "usr/share/perl5/core_perl/App/Prove/State/Result/Test.pm", "usr/share/perl5/core_perl/Archive/Tar.pm", "usr/share/perl5/core_perl/Archive/Tar/Constant.pm", "usr/share/perl5/core_perl/Archive/Tar/File.pm", "usr/share/perl5/core_perl/Attribute/Handlers.pm", "usr/share/perl5/core_perl/B/Deparse.pm", "usr/share/perl5/core_perl/B/Op_private.pm", "usr/share/perl5/core_perl/CPAN/Author.pm", "usr/share/perl5/core_perl/CPAN/Bundle.pm", "usr/share/perl5/core_perl/CPAN/CacheMgr.pm", "usr/share/perl5/core_perl/CPAN/Complete.pm", "usr/share/perl5/core_perl/CPAN/Debug.pm", "usr/share/perl5/core_perl/CPAN/DeferredCode.pm", "usr/share/perl5/core_perl/CPAN/Distribution.pm", "usr/share/perl5/core_perl/CPAN/Distroprefs.pm", "usr/share/perl5/core_perl/CPAN/Distrostatus.pm", "usr/share/perl5/core_perl/CPAN/FTP.pm", "usr/share/perl5/core_perl/CPAN/FirstTime.pm", "usr/share/perl5/core_perl/CPAN/HandleConfig.pm", "usr/share/perl5/core_perl/CPAN/Index.pm", "usr/share/perl5/core_perl/CPAN/InfoObj.pm", "usr/share/perl5/core_perl/CPAN/Kwalify.pm", "usr/share/perl5/core_perl/CPAN/Meta.pm", "usr/share/perl5/core_perl/CPAN/Mirrors.pm", "usr/share/perl5/core_perl/CPAN/Module.pm", "usr/share/perl5/core_perl/CPAN/Nox.pm", "usr/share/perl5/core_perl/CPAN/Plugin.pm", "usr/share/perl5/core_perl/CPAN/Prompt.pm", "usr/share/perl5/core_perl/CPAN/Queue.pm", "usr/share/perl5/core_perl/CPAN/Shell.pm", "usr/share/perl5/core_perl/CPAN/Tarzip.pm", "usr/share/perl5/core_perl/CPAN/URL.pm", "usr/share/perl5/core_perl/CPAN/Version.pm", "usr/share/perl5/core_perl/CPAN/Exception/RecursiveDependency.pm", "usr/share/perl5/core_perl/CPAN/Exception/blocked_urllist.pm", "usr/share/perl5/core_perl/CPAN/Exception/yaml_not_installed.pm", "usr/share/perl5/core_perl/CPAN/Exception/yaml_process_error.pm", "usr/share/perl5/core_perl/CPAN/FTP/netrc.pm", "usr/share/perl5/core_perl/CPAN/HTTP/Client.pm", "usr/share/perl5/core_perl/CPAN/HTTP/Credentials.pm", "usr/share/perl5/core_perl/CPAN/Kwalify/distroprefs.dd", "usr/share/perl5/core_perl/CPAN/Kwalify/distroprefs.yml", "usr/share/perl5/core_perl/CPAN/LWP/UserAgent.pm", "usr/share/perl5/core_perl/CPAN/Meta/Converter.pm", "usr/share/perl5/core_perl/CPAN/Meta/Feature.pm", "usr/share/perl5/core_perl/CPAN/Meta/History.pm", "usr/share/perl5/core_perl/CPAN/Meta/Merge.pm", "usr/share/perl5/core_perl/CPAN/Meta/Prereqs.pm", "usr/share/perl5/core_perl/CPAN/Meta/Requirements.pm", "usr/share/perl5/core_perl/CPAN/Meta/Spec.pm", "usr/share/perl5/core_perl/CPAN/Meta/Validator.pm", "usr/share/perl5/core_perl/CPAN/Meta/YAML.pm", "usr/share/perl5/core_perl/CPAN/Meta/Requirements/Range.pm", "usr/share/perl5/core_perl/CPAN/Plugin/Specfile.pm", "usr/share/perl5/core_perl/Carp/Heavy.pm", "usr/share/perl5/core_perl/Class/Struct.pm", "usr/share/perl5/core_perl/Compress/Zlib.pm", "usr/share/perl5/core_perl/Config/Extensions.pm", "usr/share/perl5/core_perl/Config/Perl/V.pm", "usr/share/perl5/core_perl/DBM_Filter/compress.pm", "usr/share/perl5/core_perl/DBM_Filter/encode.pm", "usr/share/perl5/core_perl/DBM_Filter/int32.pm", "usr/share/perl5/core_perl/DBM_Filter/null.pm", "usr/share/perl5/core_perl/DBM_Filter/utf8.pm", "usr/share/perl5/core_perl/Devel/SelfStubber.pm", "usr/share/perl5/core_perl/Digest/base.pm", "usr/share/perl5/core_perl/Digest/file.pm", "usr/share/perl5/core_perl/Exporter/Heavy.pm", "usr/share/perl5/core_perl/ExtUtils/CBuilder.pm", "usr/share/perl5/core_perl/ExtUtils/Command.pm", "usr/share/perl5/core_perl/ExtUtils/Constant.pm", "usr/share/perl5/core_perl/ExtUtils/Embed.pm", "usr/share/perl5/core_perl/ExtUtils/Install.pm", "usr/share/perl5/core_perl/ExtUtils/Installed.pm", "usr/share/perl5/core_perl/ExtUtils/Liblist.pm", "usr/share/perl5/core_perl/ExtUtils/MANIFEST.SKIP", "usr/share/perl5/core_perl/ExtUtils/MM.pm", "usr/share/perl5/core_perl/ExtUtils/MM_AIX.pm", "usr/share/perl5/core_perl/ExtUtils/MM_Any.pm", "usr/share/perl5/core_perl/ExtUtils/MM_BeOS.pm", "usr/share/perl5/core_perl/ExtUtils/MM_Cygwin.pm", "usr/share/perl5/core_perl/ExtUtils/MM_DOS.pm", "usr/share/perl5/core_perl/ExtUtils/MM_Darwin.pm", "usr/share/perl5/core_perl/ExtUtils/MM_MacOS.pm", "usr/share/perl5/core_perl/ExtUtils/MM_NW5.pm", "usr/share/perl5/core_perl/ExtUtils/MM_OS2.pm", "usr/share/perl5/core_perl/ExtUtils/MM_OS390.pm", "usr/share/perl5/core_perl/ExtUtils/MM_QNX.pm", "usr/share/perl5/core_perl/ExtUtils/MM_UWIN.pm", "usr/share/perl5/core_perl/ExtUtils/MM_Unix.pm", "usr/share/perl5/core_perl/ExtUtils/MM_VMS.pm", "usr/share/perl5/core_perl/ExtUtils/MM_VOS.pm", "usr/share/perl5/core_perl/ExtUtils/MM_Win32.pm", "usr/share/perl5/core_perl/ExtUtils/MM_Win95.pm", "usr/share/perl5/core_perl/ExtUtils/MY.pm", "usr/share/perl5/core_perl/ExtUtils/MakeMaker.pm", "usr/share/perl5/core_perl/ExtUtils/Manifest.pm", "usr/share/perl5/core_perl/ExtUtils/Miniperl.pm", "usr/share/perl5/core_perl/ExtUtils/Mkbootstrap.pm", "usr/share/perl5/core_perl/ExtUtils/Mksymlists.pm", "usr/share/perl5/core_perl/ExtUtils/PL2Bat.pm", "usr/share/perl5/core_perl/ExtUtils/Packlist.pm", "usr/share/perl5/core_perl/ExtUtils/ParseXS.pm", "usr/share/perl5/core_perl/ExtUtils/Typemaps.pm", "usr/share/perl5/core_perl/ExtUtils/testlib.pm", "usr/share/perl5/core_perl/ExtUtils/typemap", "usr/share/perl5/core_perl/ExtUtils/xsubpp", "usr/share/perl5/core_perl/ExtUtils/CBuilder/Base.pm", "usr/share/perl5/core_perl/ExtUtils/CBuilder/Platform/Unix.pm", "usr/share/perl5/core_perl/ExtUtils/CBuilder/Platform/VMS.pm", "usr/share/perl5/core_perl/ExtUtils/CBuilder/Platform/Windows.pm", "usr/share/perl5/core_perl/ExtUtils/CBuilder/Platform/aix.pm", "usr/share/perl5/core_perl/ExtUtils/CBuilder/Platform/android.pm", "usr/share/perl5/core_perl/ExtUtils/CBuilder/Platform/cygwin.pm", "usr/share/perl5/core_perl/ExtUtils/CBuilder/Platform/darwin.pm", "usr/share/perl5/core_perl/ExtUtils/CBuilder/Platform/dec_osf.pm", "usr/share/perl5/core_perl/ExtUtils/CBuilder/Platform/os2.pm", "usr/share/perl5/core_perl/ExtUtils/CBuilder/Platform/Windows/BCC.pm", "usr/share/perl5/core_perl/ExtUtils/CBuilder/Platform/Windows/GCC.pm", "usr/share/perl5/core_perl/ExtUtils/CBuilder/Platform/Windows/MSVC.pm", "usr/share/perl5/core_perl/ExtUtils/Command/MM.pm", "usr/share/perl5/core_perl/ExtUtils/Constant/Base.pm", "usr/share/perl5/core_perl/ExtUtils/Constant/ProxySubs.pm", "usr/share/perl5/core_perl/ExtUtils/Constant/Utils.pm", "usr/share/perl5/core_perl/ExtUtils/Constant/XS.pm", "usr/share/perl5/core_perl/ExtUtils/Liblist/Kid.pm", "usr/share/perl5/core_perl/ExtUtils/MakeMaker/Config.pm", "usr/share/perl5/core_perl/ExtUtils/MakeMaker/Locale.pm", "usr/share/perl5/core_perl/ExtUtils/MakeMaker/version.pm", "usr/share/perl5/core_perl/ExtUtils/ParseXS/Constants.pm", "usr/share/perl5/core_perl/ExtUtils/ParseXS/CountLines.pm", "usr/share/perl5/core_perl/ExtUtils/ParseXS/Eval.pm", "usr/share/perl5/core_perl/ExtUtils/ParseXS/Node.pm", "usr/share/perl5/core_perl/ExtUtils/ParseXS/Utilities.pm", "usr/share/perl5/core_perl/ExtUtils/Typemaps/Cmd.pm", "usr/share/perl5/core_perl/ExtUtils/Typemaps/InputMap.pm", "usr/share/perl5/core_perl/ExtUtils/Typemaps/OutputMap.pm", "usr/share/perl5/core_perl/ExtUtils/Typemaps/Type.pm", "usr/share/perl5/core_perl/File/Basename.pm", "usr/share/perl5/core_perl/File/Compare.pm", "usr/share/perl5/core_perl/File/Copy.pm", "usr/share/perl5/core_perl/File/Fetch.pm", "usr/share/perl5/core_perl/File/Find.pm", "usr/share/perl5/core_perl/File/GlobMapper.pm", "usr/share/perl5/core_perl/File/Path.pm", "usr/share/perl5/core_perl/File/Temp.pm", "usr/share/perl5/core_perl/File/stat.pm", "usr/share/perl5/core_perl/Filter/Simple.pm", "usr/share/perl5/core_perl/Getopt/Long.pm", "usr/share/perl5/core_perl/Getopt/Std.pm", "usr/share/perl5/core_perl/Getopt/Long/Parser.pm", "usr/share/perl5/core_perl/HTTP/Tiny.pm", "usr/share/perl5/core_perl/I18N/Collate.pm", "usr/share/perl5/core_perl/I18N/LangTags.pm", "usr/share/perl5/core_perl/I18N/LangTags/Detect.pm", "usr/share/perl5/core_perl/I18N/LangTags/List.pm", "usr/share/perl5/core_perl/IO/Compress.pm", "usr/share/perl5/core_perl/IO/Zlib.pm", "usr/share/perl5/core_perl/IO/Compress/Base.pm", "usr/share/perl5/core_perl/IO/Compress/Bzip2.pm", "usr/share/perl5/core_perl/IO/Compress/Deflate.pm", "usr/share/perl5/core_perl/IO/Compress/Gzip.pm", "usr/share/perl5/core_perl/IO/Compress/RawDeflate.pm", "usr/share/perl5/core_perl/IO/Compress/Zip.pm", "usr/share/perl5/core_perl/IO/Compress/Adapter/Bzip2.pm", "usr/share/perl5/core_perl/IO/Compress/Adapter/Deflate.pm", "usr/share/perl5/core_perl/IO/Compress/Adapter/Identity.pm", "usr/share/perl5/core_perl/IO/Compress/Base/Common.pm", "usr/share/perl5/core_perl/IO/Compress/Gzip/Constants.pm", "usr/share/perl5/core_perl/IO/Compress/Zip/Constants.pm", "usr/share/perl5/core_perl/IO/Compress/Zlib/Constants.pm", "usr/share/perl5/core_perl/IO/Compress/Zlib/Extra.pm", "usr/share/perl5/core_perl/IO/Socket/IP.pm", "usr/share/perl5/core_perl/IO/Uncompress/AnyInflate.pm", "usr/share/perl5/core_perl/IO/Uncompress/AnyUncompress.pm", "usr/share/perl5/core_perl/IO/Uncompress/Base.pm", "usr/share/perl5/core_perl/IO/Uncompress/Bunzip2.pm", "usr/share/perl5/core_perl/IO/Uncompress/Gunzip.pm", "usr/share/perl5/core_perl/IO/Uncompress/Inflate.pm", "usr/share/perl5/core_perl/IO/Uncompress/RawInflate.pm", "usr/share/perl5/core_perl/IO/Uncompress/Unzip.pm", "usr/share/perl5/core_perl/IO/Uncompress/Adapter/Bunzip2.pm", "usr/share/perl5/core_perl/IO/Uncompress/Adapter/Identity.pm", "usr/share/perl5/core_perl/IO/Uncompress/Adapter/Inflate.pm", "usr/share/perl5/core_perl/IPC/Cmd.pm", "usr/share/perl5/core_perl/IPC/Open2.pm", "usr/share/perl5/core_perl/IPC/Open3.pm", "usr/share/perl5/core_perl/JSON/PP.pm", "usr/share/perl5/core_perl/JSON/PP/Boolean.pm", "usr/share/perl5/core_perl/Locale/Maketext.pm", "usr/share/perl5/core_perl/Locale/Maketext/Guts.pm", "usr/share/perl5/core_perl/Locale/Maketext/GutsLoader.pm", "usr/share/perl5/core_perl/Locale/Maketext/Simple.pm", "usr/share/perl5/core_perl/Math/BigFloat.pm", "usr/share/perl5/core_perl/Math/BigInt.pm", "usr/share/perl5/core_perl/Math/BigRat.pm", "usr/share/perl5/core_perl/Math/Complex.pm", "usr/share/perl5/core_perl/Math/Trig.pm", "usr/share/perl5/core_perl/Math/BigFloat/Trace.pm", "usr/share/perl5/core_perl/Math/BigInt/Calc.pm", "usr/share/perl5/core_perl/Math/BigInt/Lib.pm", "usr/share/perl5/core_perl/Math/BigInt/Trace.pm", "usr/share/perl5/core_perl/Math/BigRat/Trace.pm", "usr/share/perl5/core_perl/Memoize/AnyDBM_File.pm", "usr/share/perl5/core_perl/Memoize/Expire.pm", "usr/share/perl5/core_perl/Memoize/NDBM_File.pm", "usr/share/perl5/core_perl/Memoize/SDBM_File.pm", "usr/share/perl5/core_perl/Memoize/Storable.pm", "usr/share/perl5/core_perl/Module/CoreList.pm", "usr/share/perl5/core_perl/Module/Load.pm", "usr/share/perl5/core_perl/Module/Loaded.pm", "usr/share/perl5/core_perl/Module/Metadata.pm", "usr/share/perl5/core_perl/Module/CoreList/Utils.pm", "usr/share/perl5/core_perl/Module/Load/Conditional.pm", "usr/share/perl5/core_perl/Net/Cmd.pm", "usr/share/perl5/core_perl/Net/Config.pm", "usr/share/perl5/core_perl/Net/Domain.pm", "usr/share/perl5/core_perl/Net/FTP.pm", "usr/share/perl5/core_perl/Net/NNTP.pm", "usr/share/perl5/core_perl/Net/Netrc.pm", "usr/share/perl5/core_perl/Net/POP3.pm", "usr/share/perl5/core_perl/Net/Ping.pm", "usr/share/perl5/core_perl/Net/SMTP.pm", "usr/share/perl5/core_perl/Net/Time.pm", "usr/share/perl5/core_perl/Net/hostent.pm", "usr/share/perl5/core_perl/Net/netent.pm", "usr/share/perl5/core_perl/Net/protoent.pm", "usr/share/perl5/core_perl/Net/servent.pm", "usr/share/perl5/core_perl/Net/FTP/A.pm", "usr/share/perl5/core_perl/Net/FTP/E.pm", "usr/share/perl5/core_perl/Net/FTP/I.pm", "usr/share/perl5/core_perl/Net/FTP/L.pm", "usr/share/perl5/core_perl/Net/FTP/dataconn.pm", "usr/share/perl5/core_perl/Params/Check.pm", "usr/share/perl5/core_perl/Parse/CPAN/Meta.pm", "usr/share/perl5/core_perl/Perl/OSType.pm", "usr/share/perl5/core_perl/PerlIO/scalar.pm", "usr/share/perl5/core_perl/PerlIO/via/QuotedPrint.pm", "usr/share/perl5/core_perl/Pod/Checker.pm", "usr/share/perl5/core_perl/Pod/Escapes.pm", "usr/share/perl5/core_perl/Pod/Functions.pm", "usr/share/perl5/core_perl/Pod/Html.pm", "usr/share/perl5/core_perl/Pod/Man.pm", "usr/share/perl5/core_perl/Pod/ParseLink.pm", "usr/share/perl5/core_perl/Pod/Perldoc.pm", "usr/share/perl5/core_perl/Pod/Simple.pm", "usr/share/perl5/core_perl/Pod/Text.pm", "usr/share/perl5/core_perl/Pod/Usage.pm", "usr/share/perl5/core_perl/Pod/Html/Util.pm", "usr/share/perl5/core_perl/Pod/Perldoc/BaseTo.pm", "usr/share/perl5/core_perl/Pod/Perldoc/GetOptsOO.pm", "usr/share/perl5/core_perl/Pod/Perldoc/ToANSI.pm", "usr/share/perl5/core_perl/Pod/Perldoc/ToChecker.pm", "usr/share/perl5/core_perl/Pod/Perldoc/ToMan.pm", "usr/share/perl5/core_perl/Pod/Perldoc/ToNroff.pm", "usr/share/perl5/core_perl/Pod/Perldoc/ToPod.pm", "usr/share/perl5/core_perl/Pod/Perldoc/ToRtf.pm", "usr/share/perl5/core_perl/Pod/Perldoc/ToTerm.pm", "usr/share/perl5/core_perl/Pod/Perldoc/ToText.pm", "usr/share/perl5/core_perl/Pod/Perldoc/ToTk.pm", "usr/share/perl5/core_perl/Pod/Perldoc/ToXml.pm", "usr/share/perl5/core_perl/Pod/Simple/BlackBox.pm", "usr/share/perl5/core_perl/Pod/Simple/Checker.pm", "usr/share/perl5/core_perl/Pod/Simple/Debug.pm", "usr/share/perl5/core_perl/Pod/Simple/DumpAsText.pm", "usr/share/perl5/core_perl/Pod/Simple/DumpAsXML.pm", "usr/share/perl5/core_perl/Pod/Simple/HTML.pm", "usr/share/perl5/core_perl/Pod/Simple/HTMLBatch.pm", "usr/share/perl5/core_perl/Pod/Simple/HTMLLegacy.pm", "usr/share/perl5/core_perl/Pod/Simple/JustPod.pm", "usr/share/perl5/core_perl/Pod/Simple/LinkSection.pm", "usr/share/perl5/core_perl/Pod/Simple/Methody.pm", "usr/share/perl5/core_perl/Pod/Simple/Progress.pm", "usr/share/perl5/core_perl/Pod/Simple/PullParser.pm", "usr/share/perl5/core_perl/Pod/Simple/PullParserEndToken.pm", "usr/share/perl5/core_perl/Pod/Simple/PullParserStartToken.pm", "usr/share/perl5/core_perl/Pod/Simple/PullParserTextToken.pm", "usr/share/perl5/core_perl/Pod/Simple/PullParserToken.pm", "usr/share/perl5/core_perl/Pod/Simple/RTF.pm", "usr/share/perl5/core_perl/Pod/Simple/Search.pm", "usr/share/perl5/core_perl/Pod/Simple/SimpleTree.pm", "usr/share/perl5/core_perl/Pod/Simple/Text.pm", "usr/share/perl5/core_perl/Pod/Simple/TextContent.pm", "usr/share/perl5/core_perl/Pod/Simple/TiedOutFH.pm", "usr/share/perl5/core_perl/Pod/Simple/Transcode.pm", "usr/share/perl5/core_perl/Pod/Simple/TranscodeDumb.pm", "usr/share/perl5/core_perl/Pod/Simple/TranscodeSmart.pm", "usr/share/perl5/core_perl/Pod/Simple/XHTML.pm", "usr/share/perl5/core_perl/Pod/Simple/XMLOutStream.pm", "usr/share/perl5/core_perl/Pod/Text/Color.pm", "usr/share/perl5/core_perl/Pod/Text/Overstrike.pm", "usr/share/perl5/core_perl/Pod/Text/Termcap.pm", "usr/share/perl5/core_perl/Search/Dict.pm", "usr/share/perl5/core_perl/TAP/Base.pm", "usr/share/perl5/core_perl/TAP/Harness.pm", "usr/share/perl5/core_perl/TAP/Object.pm", "usr/share/perl5/core_perl/TAP/Parser.pm", "usr/share/perl5/core_perl/TAP/Formatter/Base.pm", "usr/share/perl5/core_perl/TAP/Formatter/Color.pm", "usr/share/perl5/core_perl/TAP/Formatter/Console.pm", "usr/share/perl5/core_perl/TAP/Formatter/File.pm", "usr/share/perl5/core_perl/TAP/Formatter/Session.pm", "usr/share/perl5/core_perl/TAP/Formatter/Console/ParallelSession.pm", "usr/share/perl5/core_perl/TAP/Formatter/Console/Session.pm", "usr/share/perl5/core_perl/TAP/Formatter/File/Session.pm", "usr/share/perl5/core_perl/TAP/Harness/Env.pm", "usr/share/perl5/core_perl/TAP/Parser/Aggregator.pm", "usr/share/perl5/core_perl/TAP/Parser/Grammar.pm", "usr/share/perl5/core_perl/TAP/Parser/Iterator.pm", "usr/share/perl5/core_perl/TAP/Parser/IteratorFactory.pm", "usr/share/perl5/core_perl/TAP/Parser/Multiplexer.pm", "usr/share/perl5/core_perl/TAP/Parser/Result.pm", "usr/share/perl5/core_perl/TAP/Parser/ResultFactory.pm", "usr/share/perl5/core_perl/TAP/Parser/Scheduler.pm", "usr/share/perl5/core_perl/TAP/Parser/Source.pm", "usr/share/perl5/core_perl/TAP/Parser/SourceHandler.pm", "usr/share/perl5/core_perl/TAP/Parser/Iterator/Array.pm", "usr/share/perl5/core_perl/TAP/Parser/Iterator/Process.pm", "usr/share/perl5/core_perl/TAP/Parser/Iterator/Stream.pm", "usr/share/perl5/core_perl/TAP/Parser/Result/Bailout.pm", "usr/share/perl5/core_perl/TAP/Parser/Result/Comment.pm", "usr/share/perl5/core_perl/TAP/Parser/Result/Plan.pm", "usr/share/perl5/core_perl/TAP/Parser/Result/Pragma.pm", "usr/share/perl5/core_perl/TAP/Parser/Result/Test.pm", "usr/share/perl5/core_perl/TAP/Parser/Result/Unknown.pm", "usr/share/perl5/core_perl/TAP/Parser/Result/Version.pm", "usr/share/perl5/core_perl/TAP/Parser/Result/YAML.pm", "usr/share/perl5/core_perl/TAP/Parser/Scheduler/Job.pm", "usr/share/perl5/core_perl/TAP/Parser/Scheduler/Spinner.pm", "usr/share/perl5/core_perl/TAP/Parser/SourceHandler/Executable.pm", "usr/share/perl5/core_perl/TAP/Parser/SourceHandler/File.pm", "usr/share/perl5/core_perl/TAP/Parser/SourceHandler/Handle.pm", "usr/share/perl5/core_perl/TAP/Parser/SourceHandler/Perl.pm", "usr/share/perl5/core_perl/TAP/Parser/SourceHandler/RawTAP.pm", "usr/share/perl5/core_perl/TAP/Parser/YAMLish/Reader.pm", "usr/share/perl5/core_perl/TAP/Parser/YAMLish/Writer.pm", "usr/share/perl5/core_perl/Term/ANSIColor.pm", "usr/share/perl5/core_perl/Term/Cap.pm", "usr/share/perl5/core_perl/Term/Complete.pm", "usr/share/perl5/core_perl/Term/ReadLine.pm", "usr/share/perl5/core_perl/Term/Table.pm", "usr/share/perl5/core_perl/Term/Table/Cell.pm", "usr/share/perl5/core_perl/Term/Table/CellStack.pm", "usr/share/perl5/core_perl/Term/Table/HashBase.pm", "usr/share/perl5/core_perl/Term/Table/LineBreak.pm", "usr/share/perl5/core_perl/Term/Table/Spacer.pm", "usr/share/perl5/core_perl/Term/Table/Util.pm", "usr/share/perl5/core_perl/Test/Builder.pm", "usr/share/perl5/core_perl/Test/Harness.pm", "usr/share/perl5/core_perl/Test/More.pm", "usr/share/perl5/core_perl/Test/Simple.pm", "usr/share/perl5/core_perl/Test/Tester.pm", "usr/share/perl5/core_perl/Test/Builder/Formatter.pm", "usr/share/perl5/core_perl/Test/Builder/Module.pm", "usr/share/perl5/core_perl/Test/Builder/Tester.pm", "usr/share/perl5/core_perl/Test/Builder/TodoDiag.pm", "usr/share/perl5/core_perl/Test/Builder/Tester/Color.pm", "usr/share/perl5/core_perl/Test/Tester/Capture.pm", "usr/share/perl5/core_perl/Test/Tester/CaptureRunner.pm", "usr/share/perl5/core_perl/Test/Tester/Delegate.pm", "usr/share/perl5/core_perl/Test/use/ok.pm", "usr/share/perl5/core_perl/Test2/API.pm", "usr/share/perl5/core_perl/Test2/AsyncSubtest.pm", "usr/share/perl5/core_perl/Test2/Bundle.pm", "usr/share/perl5/core_perl/Test2/Compare.pm", "usr/share/perl5/core_perl/Test2/Env.pm", "usr/share/perl5/core_perl/Test2/Event.pm", "usr/share/perl5/core_perl/Test2/EventFacet.pm", "usr/share/perl5/core_perl/Test2/Formatter.pm", "usr/share/perl5/core_perl/Test2/Hub.pm", "usr/share/perl5/core_perl/Test2/IPC.pm", "usr/share/perl5/core_perl/Test2/Manual.pm", "usr/share/perl5/core_perl/Test2/Mock.pm", "usr/share/perl5/core_perl/Test2/Plugin.pm", "usr/share/perl5/core_perl/Test2/Require.pm", "usr/share/perl5/core_perl/Test2/Suite.pm", "usr/share/perl5/core_perl/Test2/Todo.pm", "usr/share/perl5/core_perl/Test2/Tools.pm", "usr/share/perl5/core_perl/Test2/Util.pm", "usr/share/perl5/core_perl/Test2/V0.pm", "usr/share/perl5/core_perl/Test2/Workflow.pm", "usr/share/perl5/core_perl/Test2/API/Breakage.pm", "usr/share/perl5/core_perl/Test2/API/Context.pm", "usr/share/perl5/core_perl/Test2/API/Instance.pm", "usr/share/perl5/core_perl/Test2/API/InterceptResult.pm", "usr/share/perl5/core_perl/Test2/API/Stack.pm", "usr/share/perl5/core_perl/Test2/API/InterceptResult/Event.pm", "usr/share/perl5/core_perl/Test2/API/InterceptResult/Facet.pm", "usr/share/perl5/core_perl/Test2/API/InterceptResult/Hub.pm", "usr/share/perl5/core_perl/Test2/API/InterceptResult/Squasher.pm", "usr/share/perl5/core_perl/Test2/AsyncSubtest/Formatter.pm", "usr/share/perl5/core_perl/Test2/AsyncSubtest/Hub.pm", "usr/share/perl5/core_perl/Test2/AsyncSubtest/Event/Attach.pm", "usr/share/perl5/core_perl/Test2/AsyncSubtest/Event/Detach.pm", "usr/share/perl5/core_perl/Test2/Bundle/Extended.pm", "usr/share/perl5/core_perl/Test2/Bundle/More.pm", "usr/share/perl5/core_perl/Test2/Bundle/Simple.pm", "usr/share/perl5/core_perl/Test2/Compare/Array.pm", "usr/share/perl5/core_perl/Test2/Compare/Bag.pm", "usr/share/perl5/core_perl/Test2/Compare/Base.pm", "usr/share/perl5/core_perl/Test2/Compare/Bool.pm", "usr/share/perl5/core_perl/Test2/Compare/Custom.pm", "usr/share/perl5/core_perl/Test2/Compare/DeepRef.pm", "usr/share/perl5/core_perl/Test2/Compare/Delta.pm", "usr/share/perl5/core_perl/Test2/Compare/Event.pm", "usr/share/perl5/core_perl/Test2/Compare/EventMeta.pm", "usr/share/perl5/core_perl/Test2/Compare/Float.pm", "usr/share/perl5/core_perl/Test2/Compare/Hash.pm", "usr/share/perl5/core_perl/Test2/Compare/Isa.pm", "usr/share/perl5/core_perl/Test2/Compare/Meta.pm", "usr/share/perl5/core_perl/Test2/Compare/Negatable.pm", "usr/share/perl5/core_perl/Test2/Compare/Number.pm", "usr/share/perl5/core_perl/Test2/Compare/Object.pm", "usr/share/perl5/core_perl/Test2/Compare/OrderedSubset.pm", "usr/share/perl5/core_perl/Test2/Compare/Pattern.pm", "usr/share/perl5/core_perl/Test2/Compare/Ref.pm", "usr/share/perl5/core_perl/Test2/Compare/Regex.pm", "usr/share/perl5/core_perl/Test2/Compare/Scalar.pm", "usr/share/perl5/core_perl/Test2/Compare/Set.pm", "usr/share/perl5/core_perl/Test2/Compare/String.pm", "usr/share/perl5/core_perl/Test2/Compare/Undef.pm", "usr/share/perl5/core_perl/Test2/Compare/Wildcard.pm", "usr/share/perl5/core_perl/Test2/Event/Bail.pm", "usr/share/perl5/core_perl/Test2/Event/Diag.pm", "usr/share/perl5/core_perl/Test2/Event/Encoding.pm", "usr/share/perl5/core_perl/Test2/Event/Exception.pm", "usr/share/perl5/core_perl/Test2/Event/Fail.pm", "usr/share/perl5/core_perl/Test2/Event/Generic.pm", "usr/share/perl5/core_perl/Test2/Event/Note.pm", "usr/share/perl5/core_perl/Test2/Event/Ok.pm", "usr/share/perl5/core_perl/Test2/Event/Pass.pm", "usr/share/perl5/core_perl/Test2/Event/Plan.pm", "usr/share/perl5/core_perl/Test2/Event/Skip.pm", "usr/share/perl5/core_perl/Test2/Event/Subtest.pm", "usr/share/perl5/core_perl/Test2/Event/V2.pm", "usr/share/perl5/core_perl/Test2/Event/Waiting.pm", "usr/share/perl5/core_perl/Test2/Event/TAP/Version.pm", "usr/share/perl5/core_perl/Test2/EventFacet/About.pm", "usr/share/perl5/core_perl/Test2/EventFacet/Amnesty.pm", "usr/share/perl5/core_perl/Test2/EventFacet/Assert.pm", "usr/share/perl5/core_perl/Test2/EventFacet/Control.pm", "usr/share/perl5/core_perl/Test2/EventFacet/Error.pm", "usr/share/perl5/core_perl/Test2/EventFacet/Hub.pm", "usr/share/perl5/core_perl/Test2/EventFacet/Info.pm", "usr/share/perl5/core_perl/Test2/EventFacet/Meta.pm", "usr/share/perl5/core_perl/Test2/EventFacet/Parent.pm", "usr/share/perl5/core_perl/Test2/EventFacet/Plan.pm", "usr/share/perl5/core_perl/Test2/EventFacet/Render.pm", "usr/share/perl5/core_perl/Test2/EventFacet/Trace.pm", "usr/share/perl5/core_perl/Test2/EventFacet/Info/Table.pm", "usr/share/perl5/core_perl/Test2/Formatter/TAP.pm", "usr/share/perl5/core_perl/Test2/Hub/Interceptor.pm", "usr/share/perl5/core_perl/Test2/Hub/Subtest.pm", "usr/share/perl5/core_perl/Test2/Hub/Interceptor/Terminator.pm", "usr/share/perl5/core_perl/Test2/IPC/Driver.pm", "usr/share/perl5/core_perl/Test2/IPC/Driver/Files.pm", "usr/share/perl5/core_perl/Test2/Manual/Anatomy.pm", "usr/share/perl5/core_perl/Test2/Manual/Concurrency.pm", "usr/share/perl5/core_perl/Test2/Manual/Contributing.pm", "usr/share/perl5/core_perl/Test2/Manual/Testing.pm", "usr/share/perl5/core_perl/Test2/Manual/Tooling.pm", "usr/share/perl5/core_perl/Test2/Manual/Anatomy/API.pm", "usr/share/perl5/core_perl/Test2/Manual/Anatomy/Context.pm", "usr/share/perl5/core_perl/Test2/Manual/Anatomy/EndToEnd.pm", "usr/share/perl5/core_perl/Test2/Manual/Anatomy/Event.pm", "usr/share/perl5/core_perl/Test2/Manual/Anatomy/Hubs.pm", "usr/share/perl5/core_perl/Test2/Manual/Anatomy/IPC.pm", "usr/share/perl5/core_perl/Test2/Manual/Anatomy/Utilities.pm", "usr/share/perl5/core_perl/Test2/Manual/Testing/Introduction.pm", "usr/share/perl5/core_perl/Test2/Manual/Testing/Migrating.pm", "usr/share/perl5/core_perl/Test2/Manual/Testing/Planning.pm", "usr/share/perl5/core_perl/Test2/Manual/Testing/Todo.pm", "usr/share/perl5/core_perl/Test2/Manual/Tooling/FirstTool.pm", "usr/share/perl5/core_perl/Test2/Manual/Tooling/Formatter.pm", "usr/share/perl5/core_perl/Test2/Manual/Tooling/Nesting.pm", "usr/share/perl5/core_perl/Test2/Manual/Tooling/Subtest.pm", "usr/share/perl5/core_perl/Test2/Manual/Tooling/TestBuilder.pm", "usr/share/perl5/core_perl/Test2/Manual/Tooling/Testing.pm", "usr/share/perl5/core_perl/Test2/Manual/Tooling/Plugin/TestExit.pm", "usr/share/perl5/core_perl/Test2/Manual/Tooling/Plugin/TestingDone.pm", "usr/share/perl5/core_perl/Test2/Manual/Tooling/Plugin/ToolCompletes.pm", "usr/share/perl5/core_perl/Test2/Manual/Tooling/Plugin/ToolStarts.pm", "usr/share/perl5/core_perl/Test2/Plugin/BailOnFail.pm", "usr/share/perl5/core_perl/Test2/Plugin/DieOnFail.pm", "usr/share/perl5/core_perl/Test2/Plugin/ExitSummary.pm", "usr/share/perl5/core_perl/Test2/Plugin/SRand.pm", "usr/share/perl5/core_perl/Test2/Plugin/Times.pm", "usr/share/perl5/core_perl/Test2/Plugin/UTF8.pm", "usr/share/perl5/core_perl/Test2/Require/AuthorTesting.pm", "usr/share/perl5/core_perl/Test2/Require/AutomatedTesting.pm", "usr/share/perl5/core_perl/Test2/Require/EnvVar.pm", "usr/share/perl5/core_perl/Test2/Require/ExtendedTesting.pm", "usr/share/perl5/core_perl/Test2/Require/Fork.pm", "usr/share/perl5/core_perl/Test2/Require/Module.pm", "usr/share/perl5/core_perl/Test2/Require/NonInteractiveTesting.pm", "usr/share/perl5/core_perl/Test2/Require/Perl.pm", "usr/share/perl5/core_perl/Test2/Require/RealFork.pm", "usr/share/perl5/core_perl/Test2/Require/ReleaseTesting.pm", "usr/share/perl5/core_perl/Test2/Require/Threads.pm", "usr/share/perl5/core_perl/Test2/Tools/AsyncSubtest.pm", "usr/share/perl5/core_perl/Test2/Tools/Basic.pm", "usr/share/perl5/core_perl/Test2/Tools/Class.pm", "usr/share/perl5/core_perl/Test2/Tools/ClassicCompare.pm", "usr/share/perl5/core_perl/Test2/Tools/Compare.pm", "usr/share/perl5/core_perl/Test2/Tools/Defer.pm", "usr/share/perl5/core_perl/Test2/Tools/Encoding.pm", "usr/share/perl5/core_perl/Test2/Tools/Event.pm", "usr/share/perl5/core_perl/Test2/Tools/Exception.pm", "usr/share/perl5/core_perl/Test2/Tools/Exports.pm", "usr/share/perl5/core_perl/Test2/Tools/GenTemp.pm", "usr/share/perl5/core_perl/Test2/Tools/Grab.pm", "usr/share/perl5/core_perl/Test2/Tools/Mock.pm", "usr/share/perl5/core_perl/Test2/Tools/Ref.pm", "usr/share/perl5/core_perl/Test2/Tools/Refcount.pm", "usr/share/perl5/core_perl/Test2/Tools/Spec.pm", "usr/share/perl5/core_perl/Test2/Tools/Subtest.pm", "usr/share/perl5/core_perl/Test2/Tools/Target.pm", "usr/share/perl5/core_perl/Test2/Tools/Tester.pm", "usr/share/perl5/core_perl/Test2/Tools/Tiny.pm", "usr/share/perl5/core_perl/Test2/Tools/Warnings.pm", "usr/share/perl5/core_perl/Test2/Util/ExternalMeta.pm", "usr/share/perl5/core_perl/Test2/Util/Facets2Legacy.pm", "usr/share/perl5/core_perl/Test2/Util/Grabber.pm", "usr/share/perl5/core_perl/Test2/Util/Guard.pm", "usr/share/perl5/core_perl/Test2/Util/HashBase.pm", "usr/share/perl5/core_perl/Test2/Util/Importer.pm", "usr/share/perl5/core_perl/Test2/Util/Ref.pm", "usr/share/perl5/core_perl/Test2/Util/Sig.pm", "usr/share/perl5/core_perl/Test2/Util/Stash.pm", "usr/share/perl5/core_perl/Test2/Util/Sub.pm", "usr/share/perl5/core_perl/Test2/Util/Table.pm", "usr/share/perl5/core_perl/Test2/Util/Term.pm", "usr/share/perl5/core_perl/Test2/Util/Times.pm", "usr/share/perl5/core_perl/Test2/Util/Trace.pm", "usr/share/perl5/core_perl/Test2/Util/Table/Cell.pm", "usr/share/perl5/core_perl/Test2/Util/Table/LineBreak.pm", "usr/share/perl5/core_perl/Test2/Workflow/BlockBase.pm", "usr/share/perl5/core_perl/Test2/Workflow/Build.pm", "usr/share/perl5/core_perl/Test2/Workflow/Runner.pm", "usr/share/perl5/core_perl/Test2/Workflow/Task.pm", "usr/share/perl5/core_perl/Test2/Workflow/Task/Action.pm", "usr/share/perl5/core_perl/Test2/Workflow/Task/Group.pm", "usr/share/perl5/core_perl/Text/Abbrev.pm", "usr/share/perl5/core_perl/Text/Balanced.pm", "usr/share/perl5/core_perl/Text/ParseWords.pm", "usr/share/perl5/core_perl/Text/Tabs.pm", "usr/share/perl5/core_perl/Text/Wrap.pm", "usr/share/perl5/core_perl/Thread/Queue.pm", "usr/share/perl5/core_perl/Thread/Semaphore.pm", "usr/share/perl5/core_perl/Tie/Array.pm", "usr/share/perl5/core_perl/Tie/File.pm", "usr/share/perl5/core_perl/Tie/Handle.pm", "usr/share/perl5/core_perl/Tie/Hash.pm", "usr/share/perl5/core_perl/Tie/Memoize.pm", "usr/share/perl5/core_perl/Tie/RefHash.pm", "usr/share/perl5/core_perl/Tie/Scalar.pm", "usr/share/perl5/core_perl/Tie/StdHandle.pm", "usr/share/perl5/core_perl/Tie/SubstrHash.pm", "usr/share/perl5/core_perl/Tie/Hash/NamedCapture.pm", "usr/share/perl5/core_perl/Time/Local.pm", "usr/share/perl5/core_perl/Time/gmtime.pm", "usr/share/perl5/core_perl/Time/localtime.pm", "usr/share/perl5/core_perl/Time/tm.pm", "usr/share/perl5/core_perl/Unicode/UCD.pm", "usr/share/perl5/core_perl/Unicode/Collate/allkeys.txt", "usr/share/perl5/core_perl/Unicode/Collate/keys.txt", "usr/share/perl5/core_perl/Unicode/Collate/CJK/Big5.pm", "usr/share/perl5/core_perl/Unicode/Collate/CJK/GB2312.pm", "usr/share/perl5/core_perl/Unicode/Collate/CJK/JISX0208.pm", "usr/share/perl5/core_perl/Unicode/Collate/CJK/Korean.pm", "usr/share/perl5/core_perl/Unicode/Collate/CJK/Pinyin.pm", "usr/share/perl5/core_perl/Unicode/Collate/CJK/Stroke.pm", "usr/share/perl5/core_perl/Unicode/Collate/CJK/Zhuyin.pm", "usr/share/perl5/core_perl/Unicode/Collate/Locale/af.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/ar.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/as.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/az.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/be.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/bn.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/ca.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/cs.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/cu.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/cy.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/da.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/de_at_ph.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/de_phone.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/dsb.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/ee.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/eo.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/es.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/es_trad.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/et.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/fa.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/fi.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/fi_phone.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/fil.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/fo.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/fr_ca.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/gu.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/ha.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/haw.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/he.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/hi.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/hr.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/hu.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/hy.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/ig.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/is.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/ja.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/kk.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/kl.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/kn.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/ko.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/kok.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/lkt.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/ln.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/lt.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/lv.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/mk.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/ml.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/mr.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/mt.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/nb.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/nn.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/nso.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/om.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/or.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/pa.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/pl.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/ro.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/sa.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/se.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/si.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/si_dict.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/sk.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/sl.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/sq.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/sr.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/sv.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/sv_refo.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/ta.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/te.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/th.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/tn.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/to.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/tr.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/ug_cyrl.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/uk.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/ur.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/vi.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/vo.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/wae.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/wo.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/yo.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/zh.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/zh_big5.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/zh_gb.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/zh_pin.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/zh_strk.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/zh_zhu.pl", "usr/share/perl5/core_perl/User/grent.pm", "usr/share/perl5/core_perl/User/pwent.pm", "usr/share/perl5/core_perl/autodie/Util.pm", "usr/share/perl5/core_perl/autodie/exception.pm", "usr/share/perl5/core_perl/autodie/hints.pm", "usr/share/perl5/core_perl/autodie/skip.pm", "usr/share/perl5/core_perl/autodie/Scope/Guard.pm", "usr/share/perl5/core_perl/autodie/Scope/GuardStack.pm", "usr/share/perl5/core_perl/autodie/exception/system.pm", "usr/share/perl5/core_perl/encoding/warnings.pm", "usr/share/perl5/core_perl/overload/numbers.pm", "usr/share/perl5/core_perl/source/encoding.pm", "usr/share/perl5/core_perl/unicore/Blocks.txt", "usr/share/perl5/core_perl/unicore/CombiningClass.pl", "usr/share/perl5/core_perl/unicore/Decomposition.pl", "usr/share/perl5/core_perl/unicore/Name.pl", "usr/share/perl5/core_perl/unicore/Name.pm", "usr/share/perl5/core_perl/unicore/NamedSequences.txt", "usr/share/perl5/core_perl/unicore/SpecialCasing.txt", "usr/share/perl5/core_perl/unicore/TestNorm.pl", "usr/share/perl5/core_perl/unicore/UCD.pl", "usr/share/perl5/core_perl/unicore/uni_keywords.pl", "usr/share/perl5/core_perl/unicore/version", "usr/share/perl5/core_perl/unicore/To/Age.pl", "usr/share/perl5/core_perl/unicore/To/Bc.pl", "usr/share/perl5/core_perl/unicore/To/Bmg.pl", "usr/share/perl5/core_perl/unicore/To/Bpb.pl", "usr/share/perl5/core_perl/unicore/To/Bpt.pl", "usr/share/perl5/core_perl/unicore/To/Cf.pl", "usr/share/perl5/core_perl/unicore/To/Ea.pl", "usr/share/perl5/core_perl/unicore/To/EqUIdeo.pl", "usr/share/perl5/core_perl/unicore/To/GCB.pl", "usr/share/perl5/core_perl/unicore/To/Gc.pl", "usr/share/perl5/core_perl/unicore/To/Hst.pl", "usr/share/perl5/core_perl/unicore/To/Identif2.pl", "usr/share/perl5/core_perl/unicore/To/Identifi.pl", "usr/share/perl5/core_perl/unicore/To/InCB.pl", "usr/share/perl5/core_perl/unicore/To/InPC.pl", "usr/share/perl5/core_perl/unicore/To/InSC.pl", "usr/share/perl5/core_perl/unicore/To/Isc.pl", "usr/share/perl5/core_perl/unicore/To/Jg.pl", "usr/share/perl5/core_perl/unicore/To/Jt.pl", "usr/share/perl5/core_perl/unicore/To/Lb.pl", "usr/share/perl5/core_perl/unicore/To/Lc.pl", "usr/share/perl5/core_perl/unicore/To/NFCQC.pl", "usr/share/perl5/core_perl/unicore/To/NFDQC.pl", "usr/share/perl5/core_perl/unicore/To/NFKCCF.pl", "usr/share/perl5/core_perl/unicore/To/NFKCQC.pl", "usr/share/perl5/core_perl/unicore/To/NFKCSCF.pl", "usr/share/perl5/core_perl/unicore/To/NFKDQC.pl", "usr/share/perl5/core_perl/unicore/To/Na1.pl", "usr/share/perl5/core_perl/unicore/To/NameAlia.pl", "usr/share/perl5/core_perl/unicore/To/Nt.pl", "usr/share/perl5/core_perl/unicore/To/Nv.pl", "usr/share/perl5/core_perl/unicore/To/PerlDeci.pl", "usr/share/perl5/core_perl/unicore/To/SB.pl", "usr/share/perl5/core_perl/unicore/To/Sc.pl", "usr/share/perl5/core_perl/unicore/To/Scx.pl", "usr/share/perl5/core_perl/unicore/To/Tc.pl", "usr/share/perl5/core_perl/unicore/To/Uc.pl", "usr/share/perl5/core_perl/unicore/To/Vo.pl", "usr/share/perl5/core_perl/unicore/To/WB.pl", "usr/share/perl5/core_perl/unicore/To/_PerlLB.pl", "usr/share/perl5/core_perl/unicore/To/_PerlSCX.pl", "usr/share/perl5/core_perl/unicore/To/kEHCat.pl", "usr/share/perl5/core_perl/unicore/To/kEHCore.pl", "usr/share/perl5/core_perl/unicore/To/kEHDesc.pl", "usr/share/perl5/core_perl/unicore/To/kEHFVal.pl", "usr/share/perl5/core_perl/unicore/To/kEHFunc.pl", "usr/share/perl5/core_perl/unicore/To/kEHHG.pl", "usr/share/perl5/core_perl/unicore/To/kEHIFAO.pl", "usr/share/perl5/core_perl/unicore/To/kEHJSesh.pl", "usr/share/perl5/core_perl/unicore/To/kEHUniK.pl", "usr/share/perl5/core_perl/unicore/lib/Age/NA.pl", "usr/share/perl5/core_perl/unicore/lib/Age/V100.pl", "usr/share/perl5/core_perl/unicore/lib/Age/V11.pl", "usr/share/perl5/core_perl/unicore/lib/Age/V110.pl", "usr/share/perl5/core_perl/unicore/lib/Age/V120.pl", "usr/share/perl5/core_perl/unicore/lib/Age/V130.pl", "usr/share/perl5/core_perl/unicore/lib/Age/V140.pl", "usr/share/perl5/core_perl/unicore/lib/Age/V150.pl", "usr/share/perl5/core_perl/unicore/lib/Age/V160.pl", "usr/share/perl5/core_perl/unicore/lib/Age/V20.pl", "usr/share/perl5/core_perl/unicore/lib/Age/V30.pl", "usr/share/perl5/core_perl/unicore/lib/Age/V31.pl", "usr/share/perl5/core_perl/unicore/lib/Age/V32.pl", "usr/share/perl5/core_perl/unicore/lib/Age/V40.pl", "usr/share/perl5/core_perl/unicore/lib/Age/V41.pl", "usr/share/perl5/core_perl/unicore/lib/Age/V50.pl", "usr/share/perl5/core_perl/unicore/lib/Age/V51.pl", "usr/share/perl5/core_perl/unicore/lib/Age/V52.pl", "usr/share/perl5/core_perl/unicore/lib/Age/V60.pl", "usr/share/perl5/core_perl/unicore/lib/Age/V61.pl", "usr/share/perl5/core_perl/unicore/lib/Age/V70.pl", "usr/share/perl5/core_perl/unicore/lib/Age/V80.pl", "usr/share/perl5/core_perl/unicore/lib/Age/V90.pl", "usr/share/perl5/core_perl/unicore/lib/Alpha/Y.pl", "usr/share/perl5/core_perl/unicore/lib/Bc/AL.pl", "usr/share/perl5/core_perl/unicore/lib/Bc/AN.pl", "usr/share/perl5/core_perl/unicore/lib/Bc/B.pl", "usr/share/perl5/core_perl/unicore/lib/Bc/BN.pl", "usr/share/perl5/core_perl/unicore/lib/Bc/CS.pl", "usr/share/perl5/core_perl/unicore/lib/Bc/EN.pl", "usr/share/perl5/core_perl/unicore/lib/Bc/ES.pl", "usr/share/perl5/core_perl/unicore/lib/Bc/ET.pl", "usr/share/perl5/core_perl/unicore/lib/Bc/L.pl", "usr/share/perl5/core_perl/unicore/lib/Bc/NSM.pl", "usr/share/perl5/core_perl/unicore/lib/Bc/ON.pl", "usr/share/perl5/core_perl/unicore/lib/Bc/R.pl", "usr/share/perl5/core_perl/unicore/lib/Bc/WS.pl", "usr/share/perl5/core_perl/unicore/lib/BidiC/Y.pl", "usr/share/perl5/core_perl/unicore/lib/BidiM/Y.pl", "usr/share/perl5/core_perl/unicore/lib/Blk/NB.pl", "usr/share/perl5/core_perl/unicore/lib/Bpt/C.pl", "usr/share/perl5/core_perl/unicore/lib/Bpt/N.pl", "usr/share/perl5/core_perl/unicore/lib/Bpt/O.pl", "usr/share/perl5/core_perl/unicore/lib/CE/Y.pl", "usr/share/perl5/core_perl/unicore/lib/CI/Y.pl", "usr/share/perl5/core_perl/unicore/lib/CWCF/Y.pl", "usr/share/perl5/core_perl/unicore/lib/CWCM/Y.pl", "usr/share/perl5/core_perl/unicore/lib/CWKCF/Y.pl", "usr/share/perl5/core_perl/unicore/lib/CWL/Y.pl", "usr/share/perl5/core_perl/unicore/lib/CWT/Y.pl", "usr/share/perl5/core_perl/unicore/lib/CWU/Y.pl", "usr/share/perl5/core_perl/unicore/lib/Cased/Y.pl", "usr/share/perl5/core_perl/unicore/lib/Ccc/A.pl", "usr/share/perl5/core_perl/unicore/lib/Ccc/AL.pl", "usr/share/perl5/core_perl/unicore/lib/Ccc/AR.pl", "usr/share/perl5/core_perl/unicore/lib/Ccc/ATAR.pl", "usr/share/perl5/core_perl/unicore/lib/Ccc/B.pl", "usr/share/perl5/core_perl/unicore/lib/Ccc/BR.pl", "usr/share/perl5/core_perl/unicore/lib/Ccc/DB.pl", "usr/share/perl5/core_perl/unicore/lib/Ccc/NK.pl", "usr/share/perl5/core_perl/unicore/lib/Ccc/NR.pl", "usr/share/perl5/core_perl/unicore/lib/Ccc/OV.pl", "usr/share/perl5/core_perl/unicore/lib/Ccc/VR.pl", "usr/share/perl5/core_perl/unicore/lib/CompEx/Y.pl", "usr/share/perl5/core_perl/unicore/lib/DI/Y.pl", "usr/share/perl5/core_perl/unicore/lib/Dash/Y.pl", "usr/share/perl5/core_perl/unicore/lib/Dep/Y.pl", "usr/share/perl5/core_perl/unicore/lib/Dia/Y.pl", "usr/share/perl5/core_perl/unicore/lib/Dt/Com.pl", "usr/share/perl5/core_perl/unicore/lib/Dt/Enc.pl", "usr/share/perl5/core_perl/unicore/lib/Dt/Fin.pl", "usr/share/perl5/core_perl/unicore/lib/Dt/Font.pl", "usr/share/perl5/core_perl/unicore/lib/Dt/Init.pl", "usr/share/perl5/core_perl/unicore/lib/Dt/Iso.pl", "usr/share/perl5/core_perl/unicore/lib/Dt/Med.pl", "usr/share/perl5/core_perl/unicore/lib/Dt/Nar.pl", "usr/share/perl5/core_perl/unicore/lib/Dt/Nb.pl", "usr/share/perl5/core_perl/unicore/lib/Dt/NonCanon.pl", "usr/share/perl5/core_perl/unicore/lib/Dt/Sqr.pl", "usr/share/perl5/core_perl/unicore/lib/Dt/Sub.pl", "usr/share/perl5/core_perl/unicore/lib/Dt/Sup.pl", "usr/share/perl5/core_perl/unicore/lib/Dt/Vert.pl", "usr/share/perl5/core_perl/unicore/lib/EBase/Y.pl", "usr/share/perl5/core_perl/unicore/lib/EComp/Y.pl", "usr/share/perl5/core_perl/unicore/lib/EPres/Y.pl", "usr/share/perl5/core_perl/unicore/lib/Ea/A.pl", "usr/share/perl5/core_perl/unicore/lib/Ea/H.pl", "usr/share/perl5/core_perl/unicore/lib/Ea/N.pl", "usr/share/perl5/core_perl/unicore/lib/Ea/Na.pl", "usr/share/perl5/core_perl/unicore/lib/Ea/W.pl", "usr/share/perl5/core_perl/unicore/lib/Emoji/Y.pl", "usr/share/perl5/core_perl/unicore/lib/Ext/Y.pl", "usr/share/perl5/core_perl/unicore/lib/ExtPict/Y.pl", "usr/share/perl5/core_perl/unicore/lib/GCB/CN.pl", "usr/share/perl5/core_perl/unicore/lib/GCB/EX.pl", "usr/share/perl5/core_perl/unicore/lib/GCB/LV.pl", "usr/share/perl5/core_perl/unicore/lib/GCB/LVT.pl", "usr/share/perl5/core_perl/unicore/lib/GCB/PP.pl", "usr/share/perl5/core_perl/unicore/lib/GCB/SM.pl", "usr/share/perl5/core_perl/unicore/lib/GCB/V.pl", "usr/share/perl5/core_perl/unicore/lib/GCB/XX.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/C.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/Cf.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/Cn.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/L.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/LC.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/Ll.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/Lm.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/Lo.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/Lu.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/M.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/Mc.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/Me.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/Mn.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/N.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/Nd.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/Nl.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/No.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/P.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/Pc.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/Pd.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/Pe.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/Pf.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/Pi.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/Po.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/Ps.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/S.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/Sc.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/Sk.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/Sm.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/So.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/Z.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/Zs.pl", "usr/share/perl5/core_perl/unicore/lib/GrBase/Y.pl", "usr/share/perl5/core_perl/unicore/lib/GrExt/Y.pl", "usr/share/perl5/core_perl/unicore/lib/Hex/Y.pl", "usr/share/perl5/core_perl/unicore/lib/Hst/NA.pl", "usr/share/perl5/core_perl/unicore/lib/Hyphen/T.pl", "usr/share/perl5/core_perl/unicore/lib/IDC/Y.pl", "usr/share/perl5/core_perl/unicore/lib/IDCMContinue/Y.pl", "usr/share/perl5/core_perl/unicore/lib/IDCMStart/Y.pl", "usr/share/perl5/core_perl/unicore/lib/IDS/Y.pl", "usr/share/perl5/core_perl/unicore/lib/IdStatus/Allowed.pl", "usr/share/perl5/core_perl/unicore/lib/IdStatus/Restrict.pl", "usr/share/perl5/core_perl/unicore/lib/IdType/DefaultI.pl", "usr/share/perl5/core_perl/unicore/lib/IdType/Exclusio.pl", "usr/share/perl5/core_perl/unicore/lib/IdType/Inclusio.pl", "usr/share/perl5/core_perl/unicore/lib/IdType/LimitedU.pl", "usr/share/perl5/core_perl/unicore/lib/IdType/NotChara.pl", "usr/share/perl5/core_perl/unicore/lib/IdType/NotNFKC.pl", "usr/share/perl5/core_perl/unicore/lib/IdType/NotXID.pl", "usr/share/perl5/core_perl/unicore/lib/IdType/Obsolete.pl", "usr/share/perl5/core_perl/unicore/lib/IdType/Recommen.pl", "usr/share/perl5/core_perl/unicore/lib/IdType/Technica.pl", "usr/share/perl5/core_perl/unicore/lib/IdType/Uncommon.pl", "usr/share/perl5/core_perl/unicore/lib/Ideo/Y.pl", "usr/share/perl5/core_perl/unicore/lib/In/10_0.pl", "usr/share/perl5/core_perl/unicore/lib/In/11_0.pl", "usr/share/perl5/core_perl/unicore/lib/In/12_0.pl", "usr/share/perl5/core_perl/unicore/lib/In/12_1.pl", "usr/share/perl5/core_perl/unicore/lib/In/13_0.pl", "usr/share/perl5/core_perl/unicore/lib/In/14_0.pl", "usr/share/perl5/core_perl/unicore/lib/In/15_0.pl", "usr/share/perl5/core_perl/unicore/lib/In/15_1.pl", "usr/share/perl5/core_perl/unicore/lib/In/16_0.pl", "usr/share/perl5/core_perl/unicore/lib/In/2_0.pl", "usr/share/perl5/core_perl/unicore/lib/In/2_1.pl", "usr/share/perl5/core_perl/unicore/lib/In/3_0.pl", "usr/share/perl5/core_perl/unicore/lib/In/3_1.pl", "usr/share/perl5/core_perl/unicore/lib/In/3_2.pl", "usr/share/perl5/core_perl/unicore/lib/In/4_0.pl", "usr/share/perl5/core_perl/unicore/lib/In/4_1.pl", "usr/share/perl5/core_perl/unicore/lib/In/5_0.pl", "usr/share/perl5/core_perl/unicore/lib/In/5_1.pl", "usr/share/perl5/core_perl/unicore/lib/In/5_2.pl", "usr/share/perl5/core_perl/unicore/lib/In/6_0.pl", "usr/share/perl5/core_perl/unicore/lib/In/6_1.pl", "usr/share/perl5/core_perl/unicore/lib/In/6_2.pl", "usr/share/perl5/core_perl/unicore/lib/In/6_3.pl", "usr/share/perl5/core_perl/unicore/lib/In/7_0.pl", "usr/share/perl5/core_perl/unicore/lib/In/8_0.pl", "usr/share/perl5/core_perl/unicore/lib/In/9_0.pl", "usr/share/perl5/core_perl/unicore/lib/InCB/Consonan.pl", "usr/share/perl5/core_perl/unicore/lib/InCB/Extend.pl", "usr/share/perl5/core_perl/unicore/lib/InCB/Linker.pl", "usr/share/perl5/core_perl/unicore/lib/InCB/None.pl", "usr/share/perl5/core_perl/unicore/lib/InPC/Bottom.pl", "usr/share/perl5/core_perl/unicore/lib/InPC/BottomAn.pl", "usr/share/perl5/core_perl/unicore/lib/InPC/Left.pl", "usr/share/perl5/core_perl/unicore/lib/InPC/LeftAndR.pl", "usr/share/perl5/core_perl/unicore/lib/InPC/NA.pl", "usr/share/perl5/core_perl/unicore/lib/InPC/Overstru.pl", "usr/share/perl5/core_perl/unicore/lib/InPC/Right.pl", "usr/share/perl5/core_perl/unicore/lib/InPC/Top.pl", "usr/share/perl5/core_perl/unicore/lib/InPC/TopAndBo.pl", "usr/share/perl5/core_perl/unicore/lib/InPC/TopAndL2.pl", "usr/share/perl5/core_perl/unicore/lib/InPC/TopAndLe.pl", "usr/share/perl5/core_perl/unicore/lib/InPC/TopAndRi.pl", "usr/share/perl5/core_perl/unicore/lib/InPC/VisualOr.pl", "usr/share/perl5/core_perl/unicore/lib/InSC/Avagraha.pl", "usr/share/perl5/core_perl/unicore/lib/InSC/Bindu.pl", "usr/share/perl5/core_perl/unicore/lib/InSC/Cantilla.pl", "usr/share/perl5/core_perl/unicore/lib/InSC/Consona2.pl", "usr/share/perl5/core_perl/unicore/lib/InSC/Consona3.pl", "usr/share/perl5/core_perl/unicore/lib/InSC/Consona4.pl", "usr/share/perl5/core_perl/unicore/lib/InSC/Consona5.pl", "usr/share/perl5/core_perl/unicore/lib/InSC/Consona6.pl", "usr/share/perl5/core_perl/unicore/lib/InSC/Consona7.pl", "usr/share/perl5/core_perl/unicore/lib/InSC/Consona8.pl", "usr/share/perl5/core_perl/unicore/lib/InSC/Consona9.pl", "usr/share/perl5/core_perl/unicore/lib/InSC/Consonan.pl", "usr/share/perl5/core_perl/unicore/lib/InSC/Geminati.pl", "usr/share/perl5/core_perl/unicore/lib/InSC/Invisibl.pl", "usr/share/perl5/core_perl/unicore/lib/InSC/Nukta.pl", "usr/share/perl5/core_perl/unicore/lib/InSC/Number.pl", "usr/share/perl5/core_perl/unicore/lib/InSC/Other.pl", "usr/share/perl5/core_perl/unicore/lib/InSC/PureKill.pl", "usr/share/perl5/core_perl/unicore/lib/InSC/Syllable.pl", "usr/share/perl5/core_perl/unicore/lib/InSC/ToneMark.pl", "usr/share/perl5/core_perl/unicore/lib/InSC/Virama.pl", "usr/share/perl5/core_perl/unicore/lib/InSC/Visarga.pl", "usr/share/perl5/core_perl/unicore/lib/InSC/Vowel.pl", "usr/share/perl5/core_perl/unicore/lib/InSC/VowelDep.pl", "usr/share/perl5/core_perl/unicore/lib/InSC/VowelInd.pl", "usr/share/perl5/core_perl/unicore/lib/Jg/Ain.pl", "usr/share/perl5/core_perl/unicore/lib/Jg/Alef.pl", "usr/share/perl5/core_perl/unicore/lib/Jg/Beh.pl", "usr/share/perl5/core_perl/unicore/lib/Jg/Dal.pl", "usr/share/perl5/core_perl/unicore/lib/Jg/FarsiYeh.pl", "usr/share/perl5/core_perl/unicore/lib/Jg/Feh.pl", "usr/share/perl5/core_perl/unicore/lib/Jg/Gaf.pl", "usr/share/perl5/core_perl/unicore/lib/Jg/Hah.pl", "usr/share/perl5/core_perl/unicore/lib/Jg/HanifiRo.pl", "usr/share/perl5/core_perl/unicore/lib/Jg/Kaf.pl", "usr/share/perl5/core_perl/unicore/lib/Jg/Lam.pl", "usr/share/perl5/core_perl/unicore/lib/Jg/NoJoinin.pl", "usr/share/perl5/core_perl/unicore/lib/Jg/Noon.pl", "usr/share/perl5/core_perl/unicore/lib/Jg/Qaf.pl", "usr/share/perl5/core_perl/unicore/lib/Jg/Reh.pl", "usr/share/perl5/core_perl/unicore/lib/Jg/Sad.pl", "usr/share/perl5/core_perl/unicore/lib/Jg/Seen.pl", "usr/share/perl5/core_perl/unicore/lib/Jg/Tah.pl", "usr/share/perl5/core_perl/unicore/lib/Jg/Waw.pl", "usr/share/perl5/core_perl/unicore/lib/Jg/Yeh.pl", "usr/share/perl5/core_perl/unicore/lib/Jt/C.pl", "usr/share/perl5/core_perl/unicore/lib/Jt/D.pl", "usr/share/perl5/core_perl/unicore/lib/Jt/L.pl", "usr/share/perl5/core_perl/unicore/lib/Jt/R.pl", "usr/share/perl5/core_perl/unicore/lib/Jt/T.pl", "usr/share/perl5/core_perl/unicore/lib/Jt/U.pl", "usr/share/perl5/core_perl/unicore/lib/Lb/AI.pl", "usr/share/perl5/core_perl/unicore/lib/Lb/AK.pl", "usr/share/perl5/core_perl/unicore/lib/Lb/AL.pl", "usr/share/perl5/core_perl/unicore/lib/Lb/AP.pl", "usr/share/perl5/core_perl/unicore/lib/Lb/AS.pl", "usr/share/perl5/core_perl/unicore/lib/Lb/BA.pl", "usr/share/perl5/core_perl/unicore/lib/Lb/BB.pl", "usr/share/perl5/core_perl/unicore/lib/Lb/CJ.pl", "usr/share/perl5/core_perl/unicore/lib/Lb/CL.pl", "usr/share/perl5/core_perl/unicore/lib/Lb/CM.pl", "usr/share/perl5/core_perl/unicore/lib/Lb/CP.pl", "usr/share/perl5/core_perl/unicore/lib/Lb/EX.pl", "usr/share/perl5/core_perl/unicore/lib/Lb/GL.pl", "usr/share/perl5/core_perl/unicore/lib/Lb/ID.pl", "usr/share/perl5/core_perl/unicore/lib/Lb/IN.pl", "usr/share/perl5/core_perl/unicore/lib/Lb/IS.pl", "usr/share/perl5/core_perl/unicore/lib/Lb/NS.pl", "usr/share/perl5/core_perl/unicore/lib/Lb/NU.pl", "usr/share/perl5/core_perl/unicore/lib/Lb/OP.pl", "usr/share/perl5/core_perl/unicore/lib/Lb/PO.pl", "usr/share/perl5/core_perl/unicore/lib/Lb/PR.pl", "usr/share/perl5/core_perl/unicore/lib/Lb/QU.pl", "usr/share/perl5/core_perl/unicore/lib/Lb/SA.pl", "usr/share/perl5/core_perl/unicore/lib/Lb/VI.pl", "usr/share/perl5/core_perl/unicore/lib/Lb/XX.pl", "usr/share/perl5/core_perl/unicore/lib/Lower/Y.pl", "usr/share/perl5/core_perl/unicore/lib/MCM/Y.pl", "usr/share/perl5/core_perl/unicore/lib/Math/Y.pl", "usr/share/perl5/core_perl/unicore/lib/NFCQC/M.pl", "usr/share/perl5/core_perl/unicore/lib/NFCQC/Y.pl", "usr/share/perl5/core_perl/unicore/lib/NFDQC/N.pl", "usr/share/perl5/core_perl/unicore/lib/NFDQC/Y.pl", "usr/share/perl5/core_perl/unicore/lib/NFKCQC/N.pl", "usr/share/perl5/core_perl/unicore/lib/NFKCQC/Y.pl", "usr/share/perl5/core_perl/unicore/lib/NFKDQC/N.pl", "usr/share/perl5/core_perl/unicore/lib/NFKDQC/Y.pl", "usr/share/perl5/core_perl/unicore/lib/Nt/Di.pl", "usr/share/perl5/core_perl/unicore/lib/Nt/None.pl", "usr/share/perl5/core_perl/unicore/lib/Nt/Nu.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/0.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/1.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/10.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/100.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/1000.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/10000.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/100000.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/11.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/12.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/13.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/14.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/15.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/16.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/17.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/18.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/19.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/1_16.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/1_2.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/1_3.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/1_4.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/1_6.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/1_8.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/2.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/20.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/200.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/2000.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/20000.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/2_3.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/3.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/30.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/300.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/3000.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/30000.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/3_16.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/3_4.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/4.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/40.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/400.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/4000.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/40000.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/5.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/50.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/500.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/5000.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/50000.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/6.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/60.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/600.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/6000.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/60000.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/7.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/70.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/700.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/7000.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/70000.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/8.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/80.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/800.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/8000.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/80000.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/9.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/90.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/900.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/9000.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/90000.pl", "usr/share/perl5/core_perl/unicore/lib/PCM/Y.pl", "usr/share/perl5/core_perl/unicore/lib/PatSyn/Y.pl", "usr/share/perl5/core_perl/unicore/lib/Perl/Alnum.pl", "usr/share/perl5/core_perl/unicore/lib/Perl/Assigned.pl", "usr/share/perl5/core_perl/unicore/lib/Perl/Blank.pl", "usr/share/perl5/core_perl/unicore/lib/Perl/Graph.pl", "usr/share/perl5/core_perl/unicore/lib/Perl/PerlWord.pl", "usr/share/perl5/core_perl/unicore/lib/Perl/PosixPun.pl", "usr/share/perl5/core_perl/unicore/lib/Perl/Print.pl", "usr/share/perl5/core_perl/unicore/lib/Perl/SpacePer.pl", "usr/share/perl5/core_perl/unicore/lib/Perl/Title.pl", "usr/share/perl5/core_perl/unicore/lib/Perl/Word.pl", "usr/share/perl5/core_perl/unicore/lib/Perl/XPosixPu.pl", "usr/share/perl5/core_perl/unicore/lib/Perl/_PerlAny.pl", "usr/share/perl5/core_perl/unicore/lib/Perl/_PerlCh2.pl", "usr/share/perl5/core_perl/unicore/lib/Perl/_PerlCha.pl", "usr/share/perl5/core_perl/unicore/lib/Perl/_PerlFol.pl", "usr/share/perl5/core_perl/unicore/lib/Perl/_PerlIDC.pl", "usr/share/perl5/core_perl/unicore/lib/Perl/_PerlIDS.pl", "usr/share/perl5/core_perl/unicore/lib/Perl/_PerlIsI.pl", "usr/share/perl5/core_perl/unicore/lib/Perl/_PerlNch.pl", "usr/share/perl5/core_perl/unicore/lib/Perl/_PerlPat.pl", "usr/share/perl5/core_perl/unicore/lib/Perl/_PerlPr2.pl", "usr/share/perl5/core_perl/unicore/lib/Perl/_PerlPro.pl", "usr/share/perl5/core_perl/unicore/lib/Perl/_PerlQuo.pl", "usr/share/perl5/core_perl/unicore/lib/QMark/Y.pl", "usr/share/perl5/core_perl/unicore/lib/SB/AT.pl", "usr/share/perl5/core_perl/unicore/lib/SB/CL.pl", "usr/share/perl5/core_perl/unicore/lib/SB/EX.pl", "usr/share/perl5/core_perl/unicore/lib/SB/FO.pl", "usr/share/perl5/core_perl/unicore/lib/SB/LE.pl", "usr/share/perl5/core_perl/unicore/lib/SB/LO.pl", "usr/share/perl5/core_perl/unicore/lib/SB/NU.pl", "usr/share/perl5/core_perl/unicore/lib/SB/SC.pl", "usr/share/perl5/core_perl/unicore/lib/SB/ST.pl", "usr/share/perl5/core_perl/unicore/lib/SB/Sp.pl", "usr/share/perl5/core_perl/unicore/lib/SB/UP.pl", "usr/share/perl5/core_perl/unicore/lib/SB/XX.pl", "usr/share/perl5/core_perl/unicore/lib/SD/Y.pl", "usr/share/perl5/core_perl/unicore/lib/STerm/Y.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Arab.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Armn.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Beng.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Cprt.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Cyrl.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Deva.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Dupl.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Ethi.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Geor.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Glag.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Gong.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Gonm.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Gran.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Grek.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Gujr.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Guru.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Han.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Hang.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Hebr.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Hira.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Kana.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Knda.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Latn.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Limb.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Linb.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Mlym.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Mong.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Mult.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Mymr.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Orya.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Sinh.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Syrc.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Taml.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Tang.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Telu.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Tibt.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Tutg.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Zinh.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Zyyy.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Adlm.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Aghb.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Arab.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Armn.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Avst.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Beng.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Bhks.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Bopo.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Cakm.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Cari.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Cham.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Cher.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Copt.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Cprt.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Cyrl.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Deva.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Diak.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Dupl.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Ethi.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Gara.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Geor.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Glag.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Gong.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Gonm.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Goth.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Gran.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Grek.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Gujr.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Guru.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Han.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Hang.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Hebr.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Hira.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Hmng.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Hmnp.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Hung.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Kana.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Khar.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Khmr.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Khoj.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Knda.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Kthi.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Lana.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Lao.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Latn.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Limb.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Lina.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Linb.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Lisu.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Lydi.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Mahj.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Mlym.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Mong.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Mult.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Mymr.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Nand.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Nko.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Orya.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Osge.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Perm.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Phag.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Phlp.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Rohg.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Shrd.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Sind.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Sinh.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Sunu.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Syrc.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Tagb.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Takr.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Tale.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Talu.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Taml.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Tang.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Telu.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Tfng.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Thaa.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Thai.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Tibt.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Tirh.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Todr.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Tutg.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Vith.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Xsux.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Yezi.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Yi.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Zinh.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Zyyy.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Zzzz.pl", "usr/share/perl5/core_perl/unicore/lib/Term/Y.pl", "usr/share/perl5/core_perl/unicore/lib/UIdeo/Y.pl", "usr/share/perl5/core_perl/unicore/lib/Upper/Y.pl", "usr/share/perl5/core_perl/unicore/lib/VS/Y.pl", "usr/share/perl5/core_perl/unicore/lib/Vo/R.pl", "usr/share/perl5/core_perl/unicore/lib/Vo/Tr.pl", "usr/share/perl5/core_perl/unicore/lib/Vo/Tu.pl", "usr/share/perl5/core_perl/unicore/lib/Vo/U.pl", "usr/share/perl5/core_perl/unicore/lib/WB/EX.pl", "usr/share/perl5/core_perl/unicore/lib/WB/Extend.pl", "usr/share/perl5/core_perl/unicore/lib/WB/FO.pl", "usr/share/perl5/core_perl/unicore/lib/WB/HL.pl", "usr/share/perl5/core_perl/unicore/lib/WB/KA.pl", "usr/share/perl5/core_perl/unicore/lib/WB/LE.pl", "usr/share/perl5/core_perl/unicore/lib/WB/MB.pl", "usr/share/perl5/core_perl/unicore/lib/WB/ML.pl", "usr/share/perl5/core_perl/unicore/lib/WB/MN.pl", "usr/share/perl5/core_perl/unicore/lib/WB/NU.pl", "usr/share/perl5/core_perl/unicore/lib/WB/WSegSpac.pl", "usr/share/perl5/core_perl/unicore/lib/WB/XX.pl", "usr/share/perl5/core_perl/unicore/lib/XIDC/Y.pl", "usr/share/perl5/core_perl/unicore/lib/XIDS/Y.pl", "usr/share/perl5/core_perl/unicore/lib/kEHNoMirror/Y.pl", "usr/share/perl5/core_perl/unicore/lib/kEHNoRotate/Y.pl", "usr/share/perl5/core_perl/version/regex.pm", "usr/share/perl5/core_perl/warnings/register.pm", "var/lib/db/sbom/perl-5.42.2-r0.spdx.json" ], "AnalyzedBy": "apk" }, { "ID": "stunnel@5.78-r1", "Name": "stunnel", "Identifier": { "PURL": "pkg:apk/wolfi/stunnel@5.78-r1?arch=x86_64\u0026distro=20230201", "UID": "701651e21b793377" }, "Version": "5.78-r1", "Arch": "x86_64", "SrcName": "stunnel", "SrcVersion": "5.78-r1", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "wolfi", "DependsOn": [ "glibc@2.43-r7", "ld-linux@2.43-r7", "libcrypto3@3.6.2-r5", "libgcc@16.1.0-r1", "libssl3@3.6.2-r5", "perl@5.42.2-r0" ], "Layer": { "Digest": "sha256:3dcb254820f5eabdf1fc2319a73184c051cbc56d72886c40e6cd0b43033579c7", "DiffID": "sha256:6dc90485e72e44afeb1ecab592900e898164c016d33125161b308c8bcfa53cf9" }, "Digest": "sha1:47b7507db0dec5bf8edfa5ba2bb63540e14dac84", "InstalledFiles": [ "etc/stunnel/stunnel.conf-sample", "usr/bin/stunnel", "usr/bin/stunnel3", "usr/lib/stunnel/libstunnel.so", "var/lib/db/sbom/stunnel-5.78-r1.spdx.json" ], "AnalyzedBy": "apk" }, { "ID": "wolfi-baselayout@20230201-r29", "Name": "wolfi-baselayout", "Identifier": { "PURL": "pkg:apk/wolfi/wolfi-baselayout@20230201-r29?arch=x86_64\u0026distro=20230201", "UID": "c978bcececcb7891" }, "Version": "20230201-r29", "Arch": "x86_64", "SrcName": "wolfi-baselayout", "SrcVersion": "20230201-r29", "Licenses": [ "MIT" ], "Maintainer": "wolfi", "DependsOn": [ "ca-certificates-bundle@20260413-r0" ], "Layer": { "Digest": "sha256:57ba55784e2887043227b53d1ee2788722aae8a9c66b20723e1dfb801c8ce471", "DiffID": "sha256:711f72ded0c5f10478ebf93fdd6d6a47ac484a232ef709c52e67315d4af006d9" }, "Digest": "sha1:9b1560903e3eaf5712512796a3a0a5920351d480", "InstalledFiles": [ "bin", "lib", "lib64", "sbin", "etc/group", "etc/host.conf", "etc/hosts", "etc/mtab", "etc/nsswitch.conf", "etc/os-release", "etc/passwd", "etc/profile", "etc/protocols", "etc/services", "etc/shadow", "etc/shells", "etc/profile.d/locale.sh", "etc/secfixes.d/wolfi", "usr/lib64", "usr/sbin", "usr/tmp", "usr/local/lib64", "var/lock", "var/run", "var/lib/db/sbom/wolfi-baselayout-20230201-r29.spdx.json", "var/spool/mail" ], "AnalyzedBy": "apk" }, { "ID": "zlib@1.3.2-r3", "Name": "zlib", "Identifier": { "PURL": "pkg:apk/wolfi/zlib@1.3.2-r3?arch=x86_64\u0026distro=20230201", "UID": "a4285aa49545e56a" }, "Version": "1.3.2-r3", "Arch": "x86_64", "SrcName": "zlib", "SrcVersion": "1.3.2-r3", "Licenses": [ "MPL-2.0", "MIT" ], "Maintainer": "wolfi", "DependsOn": [ "glibc@2.43-r7", "wolfi-baselayout@20230201-r29" ], "Layer": { "Digest": "sha256:8d99fd8fea9c370971ba3ab2ab453586d6a437c40211fea16fdb1445d876e907", "DiffID": "sha256:90cfe0bd8cd693b2ee91b94108fc47f023d82edc00e57352ab6635d827b33505" }, "Digest": "sha1:77ec609e1bf6aa69a7c94a6420430bbff09c7edb", "InstalledFiles": [ "usr/lib/libz.so.1", "usr/lib/libz.so.1.3.2", "var/lib/db/sbom/zlib-1.3.2-r3.spdx.json" ], "AnalyzedBy": "apk" } ] } ] }, { "Namespace": "mail", "Kind": "Deployment", "Name": "fetch-emails", "Metadata": [ { "Size": 66686464, "OS": { "Family": "alpine", "Name": "3.21.3" }, "ImageID": "sha256:e81f1e4864b5a5d0085563b2f8ac22cfbf685f46e966f0b4bb1fc3f5d561dce5", "DiffIDs": [ "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350", "sha256:052b772c7a047144fe9764df3fe0bc683abd5b2d212494aef4054f5a91f36b16", "sha256:53d9c097c68dce02089ccfbac33654973e6d57f0ced0b8ecbd9e8ab6ebdb86ec", "sha256:336e6a290569e2248d824031e4508cc6b6198e244de975b12299b3d16ae9b243", "sha256:5a0c627364d9c793e24415c0a8512b7cb3363c16b64ab74be957050e6a4ee616", "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef" ], "RepoTags": [ "a13labs/getmail6:v0.0.1-6.19.07" ], "RepoDigests": [ "a13labs/getmail6@sha256:ac45401edb9706078970d1fe8c47c3a96007f25e8f29e29c3b5fccd77ae33afa" ], "Reference": "a13labs/getmail6:v0.0.1-6.19.07", "ImageConfig": { "architecture": "amd64", "created": "2025-03-14T18:06:28.21033543Z", "history": [ { "created": "2025-02-04T23:51:20Z", "created_by": "ADD alpine-minirootfs-3.21.3-x86_64.tar.gz / # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-02-04T23:51:20Z", "created_by": "CMD [\"/bin/sh\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-02-04T23:51:20Z", "created_by": "ENV PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-02-04T23:51:20Z", "created_by": "RUN /bin/sh -c set -eux; \tapk add --no-cache \t\tca-certificates \t\ttzdata \t; # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-02-04T23:51:20Z", "created_by": "ENV GPG_KEY=7169605F62C751356D054A26A821E680E5FA6305", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-02-04T23:51:20Z", "created_by": "ENV PYTHON_VERSION=3.13.2", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-02-04T23:51:20Z", "created_by": "ENV PYTHON_SHA256=d984bcc57cd67caab26f7def42e523b1c015bbc5dc07836cf4f0b63fa159eb56", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-02-04T23:51:20Z", "created_by": "RUN /bin/sh -c set -eux; \t\tapk add --no-cache --virtual .build-deps \t\tgnupg \t\ttar \t\txz \t\t\t\tbluez-dev \t\tbzip2-dev \t\tdpkg-dev dpkg \t\tfindutils \t\tgcc \t\tgdbm-dev \t\tlibc-dev \t\tlibffi-dev \t\tlibnsl-dev \t\tlibtirpc-dev \t\tlinux-headers \t\tmake \t\tncurses-dev \t\topenssl-dev \t\tpax-utils \t\treadline-dev \t\tsqlite-dev \t\ttcl-dev \t\ttk \t\ttk-dev \t\tutil-linux-dev \t\txz-dev \t\tzlib-dev \t; \t\twget -O python.tar.xz \"https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz\"; \techo \"$PYTHON_SHA256 *python.tar.xz\" | sha256sum -c -; \twget -O python.tar.xz.asc \"https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc\"; \tGNUPGHOME=\"$(mktemp -d)\"; export GNUPGHOME; \tgpg --batch --keyserver hkps://keys.openpgp.org --recv-keys \"$GPG_KEY\"; \tgpg --batch --verify python.tar.xz.asc python.tar.xz; \tgpgconf --kill all; \trm -rf \"$GNUPGHOME\" python.tar.xz.asc; \tmkdir -p /usr/src/python; \ttar --extract --directory /usr/src/python --strip-components=1 --file python.tar.xz; \trm python.tar.xz; \t\tcd /usr/src/python; \tgnuArch=\"$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)\"; \t./configure \t\t--build=\"$gnuArch\" \t\t--enable-loadable-sqlite-extensions \t\t--enable-option-checking=fatal \t\t--enable-shared \t\t--with-lto \t\t--with-ensurepip \t; \tnproc=\"$(nproc)\"; \tEXTRA_CFLAGS=\"-DTHREAD_STACK_SIZE=0x100000\"; \tLDFLAGS=\"${LDFLAGS:--Wl},--strip-all\"; \t\tarch=\"$(apk --print-arch)\"; \t\tcase \"$arch\" in \t\t\tx86_64|aarch64) \t\t\t\tEXTRA_CFLAGS=\"${EXTRA_CFLAGS:-} -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer\"; \t\t\t\t;; \t\t\tx86) \t\t\t\t;; \t\t\t*) \t\t\t\tEXTRA_CFLAGS=\"${EXTRA_CFLAGS:-} -fno-omit-frame-pointer\"; \t\t\t\t;; \t\tesac; \tmake -j \"$nproc\" \t\t\"EXTRA_CFLAGS=${EXTRA_CFLAGS:-}\" \t\t\"LDFLAGS=${LDFLAGS:-}\" \t; \trm python; \tmake -j \"$nproc\" \t\t\"EXTRA_CFLAGS=${EXTRA_CFLAGS:-}\" \t\t\"LDFLAGS=${LDFLAGS:--Wl},-rpath='\\$\\$ORIGIN/../lib'\" \t\tpython \t; \tmake install; \t\tcd /; \trm -rf /usr/src/python; \t\tfind /usr/local -depth \t\t\\( \t\t\t\\( -type d -a \\( -name test -o -name tests -o -name idle_test \\) \\) \t\t\t-o \\( -type f -a \\( -name '*.pyc' -o -name '*.pyo' -o -name 'libpython*.a' \\) \\) \t\t\\) -exec rm -rf '{}' + \t; \t\tfind /usr/local -type f -executable -not \\( -name '*tkinter*' \\) -exec scanelf --needed --nobanner --format '%n#p' '{}' ';' \t\t| tr ',' '\\n' \t\t| sort -u \t\t| awk 'system(\"[ -e /usr/local/lib/\" $1 \" ]\") == 0 { next } { print \"so:\" $1 }' \t\t| xargs -rt apk add --no-network --virtual .python-rundeps \t; \tapk del --no-network .build-deps; \t\texport PYTHONDONTWRITEBYTECODE=1; \tpython3 --version; \tpip3 --version # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-02-04T23:51:20Z", "created_by": "RUN /bin/sh -c set -eux; \tfor src in idle3 pip3 pydoc3 python3 python3-config; do \t\tdst=\"$(echo \"$src\" | tr -d 3)\"; \t\t[ -s \"/usr/local/bin/$src\" ]; \t\t[ ! -e \"/usr/local/bin/$dst\" ]; \t\tln -svT \"$src\" \"/usr/local/bin/$dst\"; \tdone # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-02-04T23:51:20Z", "created_by": "CMD [\"python3\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-03-14T18:06:28.188478151Z", "created_by": "ENV TZ=Europe/Brussels", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-03-14T18:06:28.188478151Z", "created_by": "ARG USER_ID=1000", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-03-14T18:06:28.188478151Z", "created_by": "ARG DUMB_INIT_VERSION=1.2.5", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-03-14T18:06:28.188478151Z", "created_by": "RUN |2 USER_ID=1000 DUMB_INIT_VERSION=1.2.5 /bin/sh -c ln -snf /usr/share/zoneinfo/$TZ /etc/localtime \u0026\u0026 echo $TZ \u003e /etc/timezone \u0026\u0026 apk add --no-cache ca-certificates tzdata wget netcat-openbsd msmtp \u0026\u0026 pip install getmail6 \u0026\u0026 getmail --version \u0026\u0026 wget -O /usr/bin/dumb-init https://github.com/Yelp/dumb-init/releases/download/v${DUMB_INIT_VERSION}/dumb-init_${DUMB_INIT_VERSION}_x86_64 \u0026\u0026 adduser -D -u $USER_ID getmail -s /bin/sh -h /getmail \u0026\u0026 chmod +x /usr/bin/dumb-init \u0026\u0026 mkdir -p /getmail \u0026\u0026 chown $USER_ID -R /getmail # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-03-14T18:06:28.188478151Z", "created_by": "USER getmail", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-03-14T18:06:28.21033543Z", "created_by": "WORKDIR /getmail", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-03-14T18:06:28.21033543Z", "created_by": "ENTRYPOINT [\"/usr/bin/dumb-init\" \"getmail\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true } ], "os": "linux", "rootfs": { "type": "layers", "diff_ids": [ "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350", "sha256:052b772c7a047144fe9764df3fe0bc683abd5b2d212494aef4054f5a91f36b16", "sha256:53d9c097c68dce02089ccfbac33654973e6d57f0ced0b8ecbd9e8ab6ebdb86ec", "sha256:336e6a290569e2248d824031e4508cc6b6198e244de975b12299b3d16ae9b243", "sha256:5a0c627364d9c793e24415c0a8512b7cb3363c16b64ab74be957050e6a4ee616", "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef" ] }, "config": { "Entrypoint": [ "/usr/bin/dumb-init", "getmail" ], "Env": [ "PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "GPG_KEY=7169605F62C751356D054A26A821E680E5FA6305", "PYTHON_VERSION=3.13.2", "PYTHON_SHA256=d984bcc57cd67caab26f7def42e523b1c015bbc5dc07836cf4f0b63fa159eb56", "TZ=Europe/Brussels" ], "Labels": { "org.opencontainers.image.created": "2025-03-14T18:06:06.734Z", "org.opencontainers.image.description": "", "org.opencontainers.image.licenses": "", "org.opencontainers.image.revision": "11162bbf7ead5b2cf12e18e27dae4fb4eaaecbb8", "org.opencontainers.image.source": "https://github.com/a13labs/getmail6", "org.opencontainers.image.title": "getmail6", "org.opencontainers.image.url": "https://github.com/a13labs/getmail6", "org.opencontainers.image.version": "v0.0.1-6.19.07" }, "User": "getmail", "WorkingDir": "/getmail" } }, "Layers": [ { "Size": 8120832, "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, { "Size": 1684992, "Digest": "sha256:a507b793f9af8c58adcae308a17d0d4c2e8074a530b01b6abec958e9b7476cbb", "DiffID": "sha256:052b772c7a047144fe9764df3fe0bc683abd5b2d212494aef4054f5a91f36b16" }, { "Size": 37467648, "Digest": "sha256:85be7329d6c2da132d82c42a32407595e174c5d8452d99a78201e96a553f1ed0", "DiffID": "sha256:53d9c097c68dce02089ccfbac33654973e6d57f0ced0b8ecbd9e8ab6ebdb86ec" }, { "Size": 5120, "Digest": "sha256:b0d8a12effa95e69eeae00f331cd5c50b0d9c8ed631b6e681fbe08a5902971ff", "DiffID": "sha256:336e6a290569e2248d824031e4508cc6b6198e244de975b12299b3d16ae9b243" }, { "Size": 19406848, "Digest": "sha256:16187402cb9a1bccb565c982711f2820af4c7b251fe2423259d89201e8ddee37", "DiffID": "sha256:5a0c627364d9c793e24415c0a8512b7cb3363c16b64ab74be957050e6a4ee616" }, { "Size": 1024, "Digest": "sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1", "DiffID": "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef" } ] } ], "Results": [ { "Target": "a13labs/getmail6:v0.0.1-6.19.07 (alpine 3.21.3)", "Class": "os-pkgs", "Type": "alpine", "Packages": [ { "ID": ".python-rundeps@20250214.193348", "Name": ".python-rundeps", "Identifier": { "PURL": "pkg:apk/alpine/.python-rundeps@20250214.193348?arch=noarch\u0026distro=3.21.3", "UID": "54e0495b5dc517e2" }, "Version": "20250214.193348", "Arch": "noarch", "DependsOn": [ "gdbm@1.24-r0", "libbz2@1.0.8-r6", "libcrypto3@3.3.3-r0", "libffi@3.4.6-r0", "libncursesw@6.5_p20241006-r3", "libpanelw@6.5_p20241006-r3", "libssl3@3.3.3-r0", "libuuid@2.40.4-r0", "musl@1.2.5-r9", "readline@8.2.13-r0", "sqlite-libs@3.48.0-r0", "xz-libs@5.6.3-r0", "zlib@1.3.1-r2" ], "Layer": { "Digest": "sha256:85be7329d6c2da132d82c42a32407595e174c5d8452d99a78201e96a553f1ed0", "DiffID": "sha256:53d9c097c68dce02089ccfbac33654973e6d57f0ced0b8ecbd9e8ab6ebdb86ec" }, "Digest": "sha1:9eea1147217e764f0c371da8940c3a0c495bc599", "AnalyzedBy": "apk" }, { "ID": "alpine-baselayout@3.6.8-r1", "Name": "alpine-baselayout", "Identifier": { "PURL": "pkg:apk/alpine/alpine-baselayout@3.6.8-r1?arch=x86_64\u0026distro=3.21.3", "UID": "393060090f95beb4" }, "Version": "3.6.8-r1", "Arch": "x86_64", "SrcName": "alpine-baselayout", "SrcVersion": "3.6.8-r1", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "alpine-baselayout-data@3.6.8-r1", "busybox-binsh@1.37.0-r12" ], "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "Digest": "sha1:eceb5e3555e7f7f8925dc248d557fcc744d573d6", "InstalledFiles": [ "etc/motd", "etc/crontabs/root", "etc/modprobe.d/aliases.conf", "etc/modprobe.d/blacklist.conf", "etc/modprobe.d/i386.conf", "etc/modprobe.d/kms.conf", "etc/profile.d/20locale.sh", "etc/profile.d/README", "etc/profile.d/color_prompt.sh.disabled", "usr/lib/sysctl.d/00-alpine.conf", "var/lock", "var/run", "var/spool/mail", "var/spool/cron/crontabs" ], "AnalyzedBy": "apk" }, { "ID": "alpine-baselayout-data@3.6.8-r1", "Name": "alpine-baselayout-data", "Identifier": { "PURL": "pkg:apk/alpine/alpine-baselayout-data@3.6.8-r1?arch=x86_64\u0026distro=3.21.3", "UID": "a35ff814457b106b" }, "Version": "3.6.8-r1", "Arch": "x86_64", "SrcName": "alpine-baselayout", "SrcVersion": "3.6.8-r1", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "Digest": "sha1:7979a835bc317cedb997d3a42f3b10be86a8d18a", "InstalledFiles": [ "etc/fstab", "etc/group", "etc/hostname", "etc/hosts", "etc/inittab", "etc/modules", "etc/mtab", "etc/nsswitch.conf", "etc/passwd", "etc/profile", "etc/protocols", "etc/services", "etc/shadow", "etc/shells", "etc/sysctl.conf" ], "AnalyzedBy": "apk" }, { "ID": "alpine-keys@2.5-r0", "Name": "alpine-keys", "Identifier": { "PURL": "pkg:apk/alpine/alpine-keys@2.5-r0?arch=x86_64\u0026distro=3.21.3", "UID": "e87ecc7343d144e0" }, "Version": "2.5-r0", "Arch": "x86_64", "SrcName": "alpine-keys", "SrcVersion": "2.5-r0", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "Digest": "sha1:91014bfdba0e7f7b4505159466e9f19871606a59", "InstalledFiles": [ "etc/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-66ba20fe.rsa.pub", "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", "usr/share/apk/keys/loongarch64/alpine-devel@lists.alpinelinux.org-66ba20fe.rsa.pub", "usr/share/apk/keys/mips64/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub" ], "AnalyzedBy": "apk" }, { "ID": "alpine-release@3.21.3-r0", "Name": "alpine-release", "Identifier": { "PURL": "pkg:apk/alpine/alpine-release@3.21.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "67b837fa5630d327" }, "Version": "3.21.3-r0", "Arch": "x86_64", "SrcName": "alpine-base", "SrcVersion": "3.21.3-r0", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "alpine-keys@2.5-r0" ], "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "Digest": "sha1:b9fcfa5afb3341f82ec4f757c6dba8d8807017e3", "InstalledFiles": [ "etc/alpine-release", "etc/issue", "etc/os-release", "etc/secfixes.d/alpine", "usr/lib/os-release" ], "AnalyzedBy": "apk" }, { "ID": "apk-tools@2.14.6-r3", "Name": "apk-tools", "Identifier": { "PURL": "pkg:apk/alpine/apk-tools@2.14.6-r3?arch=x86_64\u0026distro=3.21.3", "UID": "d24a24462031f215" }, "Version": "2.14.6-r3", "Arch": "x86_64", "SrcName": "apk-tools", "SrcVersion": "2.14.6-r3", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "ca-certificates-bundle@20241121-r1", "libcrypto3@3.3.3-r0", "libssl3@3.3.3-r0", "musl@1.2.5-r9", "zlib@1.3.1-r2" ], "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "Digest": "sha1:9704358d1b44fa771e0a0a3a527d8a26830e3eba", "InstalledFiles": [ "sbin/apk", "usr/lib/libapk.so.2.14.0" ], "AnalyzedBy": "apk" }, { "ID": "busybox@1.37.0-r12", "Name": "busybox", "Identifier": { "PURL": "pkg:apk/alpine/busybox@1.37.0-r12?arch=x86_64\u0026distro=3.21.3", "UID": "40c5c5c69a5100e0" }, "Version": "1.37.0-r12", "Arch": "x86_64", "SrcName": "busybox", "SrcVersion": "1.37.0-r12", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "Digest": "sha1:b1234297831343477557fd0d4d702122363b36aa", "InstalledFiles": [ "bin/busybox", "etc/securetty", "etc/busybox-paths.d/busybox", "etc/logrotate.d/acpid", "etc/network/if-up.d/dad", "etc/udhcpc/udhcpc.conf", "usr/share/udhcpc/default.script" ], "AnalyzedBy": "apk" }, { "ID": "busybox-binsh@1.37.0-r12", "Name": "busybox-binsh", "Identifier": { "PURL": "pkg:apk/alpine/busybox-binsh@1.37.0-r12?arch=x86_64\u0026distro=3.21.3", "UID": "f727574eea8e47ea" }, "Version": "1.37.0-r12", "Arch": "x86_64", "SrcName": "busybox", "SrcVersion": "1.37.0-r12", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", "DependsOn": [ "busybox@1.37.0-r12" ], "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "Digest": "sha1:2a3dd16cd3f036f57a45e0b4819a7d9ffa74f101", "InstalledFiles": [ "bin/sh" ], "AnalyzedBy": "apk" }, { "ID": "ca-certificates@20241121-r1", "Name": "ca-certificates", "Identifier": { "PURL": "pkg:apk/alpine/ca-certificates@20241121-r1?arch=x86_64\u0026distro=3.21.3", "UID": "7bc60c9beb5b71aa" }, "Version": "20241121-r1", "Arch": "x86_64", "SrcName": "ca-certificates", "SrcVersion": "20241121-r1", "Licenses": [ "MPL-2.0", "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "busybox-binsh@1.37.0-r12", "libcrypto3@3.3.3-r0", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:a507b793f9af8c58adcae308a17d0d4c2e8074a530b01b6abec958e9b7476cbb", "DiffID": "sha256:052b772c7a047144fe9764df3fe0bc683abd5b2d212494aef4054f5a91f36b16" }, "Digest": "sha1:ec815ac3e1ae86c055bede3a0b697b62f2b6cca0", "InstalledFiles": [ "etc/ca-certificates.conf", "etc/apk/protected_paths.d/ca-certificates.list", "etc/ca-certificates/update.d/certhash", "usr/bin/c_rehash", "usr/sbin/update-ca-certificates", "usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt", "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt", "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt", "usr/share/ca-certificates/mozilla/ANF_Secure_Server_Root_CA.crt", "usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt", "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt", "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.crt", "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.crt", "usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt", "usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA1.crt", "usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA2.crt", "usr/share/ca-certificates/mozilla/Baltimore_CyberTrust_Root.crt", "usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt", "usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt", "usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt", "usr/share/ca-certificates/mozilla/CFCA_EV_ROOT.crt", "usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Certainly_Root_E1.crt", "usr/share/ca-certificates/mozilla/Certainly_Root_R1.crt", "usr/share/ca-certificates/mozilla/Certigna.crt", "usr/share/ca-certificates/mozilla/Certigna_Root_CA.crt", "usr/share/ca-certificates/mozilla/Certum_EC-384_CA.crt", "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt", "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt", "usr/share/ca-certificates/mozilla/Certum_Trusted_Root_CA.crt", "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-01.crt", "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-02.crt", "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-01.crt", "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-02.crt", "usr/share/ca-certificates/mozilla/Comodo_AAA_Services_root.crt", "usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_1_2020.crt", "usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_1_2020.crt", "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt", "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt", "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt", "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt", "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt", "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt", "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt", "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt", "usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt", "usr/share/ca-certificates/mozilla/DigiCert_TLS_ECC_P384_Root_G5.crt", "usr/share/ca-certificates/mozilla/DigiCert_TLS_RSA4096_Root_G5.crt", "usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt", "usr/share/ca-certificates/mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt", "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt", "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/FIRMAPROFESIONAL_CA_ROOT-A_WEB.crt", "usr/share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt", "usr/share/ca-certificates/mozilla/GLOBALTRUST_2020.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R1.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R2.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R3.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R4.crt", "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt", "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_E46.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_R46.crt", "usr/share/ca-certificates/mozilla/Go_Daddy_Class_2_CA.crt", "usr/share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/HARICA_TLS_ECC_Root_CA_2021.crt", "usr/share/ca-certificates/mozilla/HARICA_TLS_RSA_Root_CA_2021.crt", "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt", "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt", "usr/share/ca-certificates/mozilla/HiPKI_Root_CA_-_G1.crt", "usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt", "usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt", "usr/share/ca-certificates/mozilla/ISRG_Root_X2.crt", "usr/share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt", "usr/share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt", "usr/share/ca-certificates/mozilla/Izenpe.com.crt", "usr/share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt", "usr/share/ca-certificates/mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt", "usr/share/ca-certificates/mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt", "usr/share/ca-certificates/mozilla/NAVER_Global_Root_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt", "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt", "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt", "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt", "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt", "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt", "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt", "usr/share/ca-certificates/mozilla/SSL.com_TLS_ECC_Root_CA_2022.crt", "usr/share/ca-certificates/mozilla/SSL.com_TLS_RSA_Root_CA_2022.crt", "usr/share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt", "usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_E46.crt", "usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_R46.crt", "usr/share/ca-certificates/mozilla/SecureSign_Root_CA12.crt", "usr/share/ca-certificates/mozilla/SecureSign_Root_CA14.crt", "usr/share/ca-certificates/mozilla/SecureSign_Root_CA15.crt", "usr/share/ca-certificates/mozilla/SecureTrust_CA.crt", "usr/share/ca-certificates/mozilla/Secure_Global_CA.crt", "usr/share/ca-certificates/mozilla/Security_Communication_ECC_RootCA1.crt", "usr/share/ca-certificates/mozilla/Security_Communication_RootCA2.crt", "usr/share/ca-certificates/mozilla/Starfield_Class_2_CA.crt", "usr/share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt", "usr/share/ca-certificates/mozilla/SwissSign_Silver_CA_-_G2.crt", "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt", "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt", "usr/share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt", "usr/share/ca-certificates/mozilla/TWCA_CYBER_Root_CA.crt", "usr/share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt", "usr/share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Telekom_Security_TLS_ECC_Root_2020.crt", "usr/share/ca-certificates/mozilla/Telekom_Security_TLS_RSA_Root_2023.crt", "usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt", "usr/share/ca-certificates/mozilla/Telia_Root_CA_v2.crt", "usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G3.crt", "usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G4.crt", "usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/TunTrust_Root_CA.crt", "usr/share/ca-certificates/mozilla/UCA_Extended_Validation_Root.crt", "usr/share/ca-certificates/mozilla/UCA_Global_G2_Root.crt", "usr/share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/XRamp_Global_CA_Root.crt", "usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt", "usr/share/ca-certificates/mozilla/certSIGN_Root_CA_G2.crt", "usr/share/ca-certificates/mozilla/e-Szigno_Root_CA_2017.crt", "usr/share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_C3.crt", "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_G3.crt", "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_C1.crt", "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_G1.crt", "usr/share/ca-certificates/mozilla/vTrus_ECC_Root_CA.crt", "usr/share/ca-certificates/mozilla/vTrus_Root_CA.crt" ], "AnalyzedBy": "apk" }, { "ID": "ca-certificates-bundle@20241121-r1", "Name": "ca-certificates-bundle", "Identifier": { "PURL": "pkg:apk/alpine/ca-certificates-bundle@20241121-r1?arch=x86_64\u0026distro=3.21.3", "UID": "648ddfcaeba667a7" }, "Version": "20241121-r1", "Arch": "x86_64", "SrcName": "ca-certificates", "SrcVersion": "20241121-r1", "Licenses": [ "MPL-2.0", "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "Digest": "sha1:9cfd2df1eb4d8cf25007be42ad2818f3e5c9a37b", "InstalledFiles": [ "etc/ssl/cert.pem", "etc/ssl/certs/ca-certificates.crt", "etc/ssl1.1/cert.pem", "etc/ssl1.1/certs" ], "AnalyzedBy": "apk" }, { "ID": "gdbm@1.24-r0", "Name": "gdbm", "Identifier": { "PURL": "pkg:apk/alpine/gdbm@1.24-r0?arch=x86_64\u0026distro=3.21.3", "UID": "16187e1189640a5f" }, "Version": "1.24-r0", "Arch": "x86_64", "SrcName": "gdbm", "SrcVersion": "1.24-r0", "Licenses": [ "GPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:85be7329d6c2da132d82c42a32407595e174c5d8452d99a78201e96a553f1ed0", "DiffID": "sha256:53d9c097c68dce02089ccfbac33654973e6d57f0ced0b8ecbd9e8ab6ebdb86ec" }, "Digest": "sha1:06876a4fe8da5ca1e5930daa08aaf90629c35074", "InstalledFiles": [ "usr/lib/libgdbm.so.6", "usr/lib/libgdbm.so.6.0.0", "usr/lib/libgdbm_compat.so.4", "usr/lib/libgdbm_compat.so.4.0.0" ], "AnalyzedBy": "apk" }, { "ID": "keyutils-libs@1.6.3-r4", "Name": "keyutils-libs", "Identifier": { "PURL": "pkg:apk/alpine/keyutils-libs@1.6.3-r4?arch=x86_64\u0026distro=3.21.3", "UID": "5818e21637d6b797" }, "Version": "1.6.3-r4", "Arch": "x86_64", "SrcName": "keyutils", "SrcVersion": "1.6.3-r4", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:16187402cb9a1bccb565c982711f2820af4c7b251fe2423259d89201e8ddee37", "DiffID": "sha256:5a0c627364d9c793e24415c0a8512b7cb3363c16b64ab74be957050e6a4ee616" }, "Digest": "sha1:128ea507e8ce17fd70c5ec18f8581633dac01a66", "InstalledFiles": [ "usr/lib/libkeyutils.so.1", "usr/lib/libkeyutils.so.1.10" ], "AnalyzedBy": "apk" }, { "ID": "krb5-conf@1.0-r2", "Name": "krb5-conf", "Identifier": { "PURL": "pkg:apk/alpine/krb5-conf@1.0-r2?arch=x86_64\u0026distro=3.21.3", "UID": "9273a2b8d3ad3c52" }, "Version": "1.0-r2", "Arch": "x86_64", "SrcName": "krb5-conf", "SrcVersion": "1.0-r2", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:16187402cb9a1bccb565c982711f2820af4c7b251fe2423259d89201e8ddee37", "DiffID": "sha256:5a0c627364d9c793e24415c0a8512b7cb3363c16b64ab74be957050e6a4ee616" }, "Digest": "sha1:bd3748a2e1d04eaea8668277f2540249decf38b0", "InstalledFiles": [ "etc/krb5.conf" ], "AnalyzedBy": "apk" }, { "ID": "krb5-libs@1.21.3-r0", "Name": "krb5-libs", "Identifier": { "PURL": "pkg:apk/alpine/krb5-libs@1.21.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "66b514f5594f0e70" }, "Version": "1.21.3-r0", "Arch": "x86_64", "SrcName": "krb5", "SrcVersion": "1.21.3-r0", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "keyutils-libs@1.6.3-r4", "krb5-conf@1.0-r2", "libcom_err@1.47.1-r1", "libcrypto3@3.3.3-r0", "libssl3@3.3.3-r0", "libverto@0.3.2-r2", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:16187402cb9a1bccb565c982711f2820af4c7b251fe2423259d89201e8ddee37", "DiffID": "sha256:5a0c627364d9c793e24415c0a8512b7cb3363c16b64ab74be957050e6a4ee616" }, "Digest": "sha1:8da452f1ff426ddb0c8d6f62ad3f0201980d20fe", "InstalledFiles": [ "usr/lib/libgssapi_krb5.so.2", "usr/lib/libgssapi_krb5.so.2.2", "usr/lib/libgssrpc.so.4", "usr/lib/libgssrpc.so.4.2", "usr/lib/libk5crypto.so.3", "usr/lib/libk5crypto.so.3.1", "usr/lib/libkadm5clnt_mit.so.12", "usr/lib/libkadm5clnt_mit.so.12.0", "usr/lib/libkadm5srv_mit.so.12", "usr/lib/libkadm5srv_mit.so.12.0", "usr/lib/libkdb5.so.10", "usr/lib/libkdb5.so.10.0", "usr/lib/libkrad.so.0", "usr/lib/libkrad.so.0.0", "usr/lib/libkrb5.so.3", "usr/lib/libkrb5.so.3.3", "usr/lib/libkrb5support.so.0", "usr/lib/libkrb5support.so.0.1", "usr/lib/krb5/plugins/kdb/db2.so", "usr/lib/krb5/plugins/preauth/otp.so", "usr/lib/krb5/plugins/preauth/spake.so", "usr/lib/krb5/plugins/preauth/test.so", "usr/lib/krb5/plugins/tls/k5tls.so" ], "AnalyzedBy": "apk" }, { "ID": "libbsd@0.12.2-r0", "Name": "libbsd", "Identifier": { "PURL": "pkg:apk/alpine/libbsd@0.12.2-r0?arch=x86_64\u0026distro=3.21.3", "UID": "581a570b71de5d75" }, "Version": "0.12.2-r0", "Arch": "x86_64", "SrcName": "libbsd", "SrcVersion": "0.12.2-r0", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libmd@1.1.0-r0", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:16187402cb9a1bccb565c982711f2820af4c7b251fe2423259d89201e8ddee37", "DiffID": "sha256:5a0c627364d9c793e24415c0a8512b7cb3363c16b64ab74be957050e6a4ee616" }, "Digest": "sha1:023153a2f28d5ba21f252cfbda08931431cbd38d", "InstalledFiles": [ "usr/lib/libbsd.so.0", "usr/lib/libbsd.so.0.12.2" ], "AnalyzedBy": "apk" }, { "ID": "libbz2@1.0.8-r6", "Name": "libbz2", "Identifier": { "PURL": "pkg:apk/alpine/libbz2@1.0.8-r6?arch=x86_64\u0026distro=3.21.3", "UID": "68ca16760186f1f7" }, "Version": "1.0.8-r6", "Arch": "x86_64", "SrcName": "bzip2", "SrcVersion": "1.0.8-r6", "Licenses": [ "bzip-2-1.0.6" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:85be7329d6c2da132d82c42a32407595e174c5d8452d99a78201e96a553f1ed0", "DiffID": "sha256:53d9c097c68dce02089ccfbac33654973e6d57f0ced0b8ecbd9e8ab6ebdb86ec" }, "Digest": "sha1:54f88b518e92e39616f55bff21e0c3c1eec44446", "InstalledFiles": [ "usr/lib/libbz2.so.1", "usr/lib/libbz2.so.1.0.8" ], "AnalyzedBy": "apk" }, { "ID": "libcom_err@1.47.1-r1", "Name": "libcom_err", "Identifier": { "PURL": "pkg:apk/alpine/libcom_err@1.47.1-r1?arch=x86_64\u0026distro=3.21.3", "UID": "9ea7f0ab0731d03d" }, "Version": "1.47.1-r1", "Arch": "x86_64", "SrcName": "e2fsprogs", "SrcVersion": "1.47.1-r1", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.0-or-later", "BSD-3-Clause", "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:16187402cb9a1bccb565c982711f2820af4c7b251fe2423259d89201e8ddee37", "DiffID": "sha256:5a0c627364d9c793e24415c0a8512b7cb3363c16b64ab74be957050e6a4ee616" }, "Digest": "sha1:fadca43c547e85389b2b11af9197aa8562e9ea45", "InstalledFiles": [ "usr/lib/libcom_err.so.2", "usr/lib/libcom_err.so.2.1" ], "AnalyzedBy": "apk" }, { "ID": "libcrypto3@3.3.3-r0", "Name": "libcrypto3", "Identifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "b6dee14d788cd234" }, "Version": "3.3.3-r0", "Arch": "x86_64", "SrcName": "openssl", "SrcVersion": "3.3.3-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "Digest": "sha1:ba21a974113543ebb687f9e18494c0ce736775f8", "InstalledFiles": [ "etc/ssl/ct_log_list.cnf", "etc/ssl/ct_log_list.cnf.dist", "etc/ssl/openssl.cnf", "etc/ssl/openssl.cnf.dist", "usr/lib/libcrypto.so.3", "usr/lib/engines-3/afalg.so", "usr/lib/engines-3/capi.so", "usr/lib/engines-3/loader_attic.so", "usr/lib/engines-3/padlock.so", "usr/lib/ossl-modules/legacy.so" ], "AnalyzedBy": "apk" }, { "ID": "libffi@3.4.6-r0", "Name": "libffi", "Identifier": { "PURL": "pkg:apk/alpine/libffi@3.4.6-r0?arch=x86_64\u0026distro=3.21.3", "UID": "a6a695bcdcd79ae6" }, "Version": "3.4.6-r0", "Arch": "x86_64", "SrcName": "libffi", "SrcVersion": "3.4.6-r0", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:85be7329d6c2da132d82c42a32407595e174c5d8452d99a78201e96a553f1ed0", "DiffID": "sha256:53d9c097c68dce02089ccfbac33654973e6d57f0ced0b8ecbd9e8ab6ebdb86ec" }, "Digest": "sha1:79720d428db830c5cb59be786c1f39c9a0a8a891", "InstalledFiles": [ "usr/lib/libffi.so.8", "usr/lib/libffi.so.8.1.4" ], "AnalyzedBy": "apk" }, { "ID": "libgcrypt@1.10.3-r1", "Name": "libgcrypt", "Identifier": { "PURL": "pkg:apk/alpine/libgcrypt@1.10.3-r1?arch=x86_64\u0026distro=3.21.3", "UID": "39c266ab282a419c" }, "Version": "1.10.3-r1", "Arch": "x86_64", "SrcName": "libgcrypt", "SrcVersion": "1.10.3-r1", "Licenses": [ "LGPL-2.1-or-later", "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libgpg-error@1.51-r0", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:16187402cb9a1bccb565c982711f2820af4c7b251fe2423259d89201e8ddee37", "DiffID": "sha256:5a0c627364d9c793e24415c0a8512b7cb3363c16b64ab74be957050e6a4ee616" }, "Digest": "sha1:a2e945163357eadf8d4f2d1ff987034b833f8ba3", "InstalledFiles": [ "usr/lib/libgcrypt.so.20", "usr/lib/libgcrypt.so.20.4.3" ], "AnalyzedBy": "apk" }, { "ID": "libgpg-error@1.51-r0", "Name": "libgpg-error", "Identifier": { "PURL": "pkg:apk/alpine/libgpg-error@1.51-r0?arch=x86_64\u0026distro=3.21.3", "UID": "f04ab95d023d1ea1" }, "Version": "1.51-r0", "Arch": "x86_64", "SrcName": "libgpg-error", "SrcVersion": "1.51-r0", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.1-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:16187402cb9a1bccb565c982711f2820af4c7b251fe2423259d89201e8ddee37", "DiffID": "sha256:5a0c627364d9c793e24415c0a8512b7cb3363c16b64ab74be957050e6a4ee616" }, "Digest": "sha1:950137f6bb7ffca1fa8039d2c7dc330d46c0369c", "InstalledFiles": [ "usr/bin/gpg-error", "usr/lib/libgpg-error.so.0", "usr/lib/libgpg-error.so.0.38.0" ], "AnalyzedBy": "apk" }, { "ID": "libgsasl@2.2.1-r0", "Name": "libgsasl", "Identifier": { "PURL": "pkg:apk/alpine/libgsasl@2.2.1-r0?arch=x86_64\u0026distro=3.21.3", "UID": "9a895e37dbf07764" }, "Version": "2.2.1-r0", "Arch": "x86_64", "SrcName": "libgsasl", "SrcVersion": "2.2.1-r0", "Licenses": [ "LGPL-2.0-or-later" ], "Maintainer": "Celeste \u003ccielesti@protonmail.com\u003e", "DependsOn": [ "krb5-libs@1.21.3-r0", "libgcrypt@1.10.3-r1", "libidn@1.42-r0", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:16187402cb9a1bccb565c982711f2820af4c7b251fe2423259d89201e8ddee37", "DiffID": "sha256:5a0c627364d9c793e24415c0a8512b7cb3363c16b64ab74be957050e6a4ee616" }, "Digest": "sha1:6a0de29e345552f7d6aa372092c70457d7399535", "InstalledFiles": [ "usr/lib/libgsasl.so.18", "usr/lib/libgsasl.so.18.0.0" ], "AnalyzedBy": "apk" }, { "ID": "libidn@1.42-r0", "Name": "libidn", "Identifier": { "PURL": "pkg:apk/alpine/libidn@1.42-r0?arch=x86_64\u0026distro=3.21.3", "UID": "13d6cff1f3cbcaeb" }, "Version": "1.42-r0", "Arch": "x86_64", "SrcName": "libidn", "SrcVersion": "1.42-r0", "Licenses": [ "LGPL-2.1-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:16187402cb9a1bccb565c982711f2820af4c7b251fe2423259d89201e8ddee37", "DiffID": "sha256:5a0c627364d9c793e24415c0a8512b7cb3363c16b64ab74be957050e6a4ee616" }, "Digest": "sha1:ef9bff171b898c8d8912fb49d00c515e47d0286c", "InstalledFiles": [ "usr/bin/idn", "usr/lib/libidn.so.12", "usr/lib/libidn.so.12.6.5", "usr/share/emacs/site-lisp/idna.el", "usr/share/emacs/site-lisp/punycode.el" ], "AnalyzedBy": "apk" }, { "ID": "libidn2@2.3.7-r0", "Name": "libidn2", "Identifier": { "PURL": "pkg:apk/alpine/libidn2@2.3.7-r0?arch=x86_64\u0026distro=3.21.3", "UID": "7a5029ce71d1e992" }, "Version": "2.3.7-r0", "Arch": "x86_64", "SrcName": "libidn2", "SrcVersion": "2.3.7-r0", "Licenses": [ "GPL-2.0-or-later", "LGPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libunistring@1.2-r0", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:16187402cb9a1bccb565c982711f2820af4c7b251fe2423259d89201e8ddee37", "DiffID": "sha256:5a0c627364d9c793e24415c0a8512b7cb3363c16b64ab74be957050e6a4ee616" }, "Digest": "sha1:ae3b64134ad2a63718269dac2826bc514a3445e2", "InstalledFiles": [ "usr/lib/libidn2.so.0", "usr/lib/libidn2.so.0.4.0" ], "AnalyzedBy": "apk" }, { "ID": "libintl@0.22.5-r0", "Name": "libintl", "Identifier": { "PURL": "pkg:apk/alpine/libintl@0.22.5-r0?arch=x86_64\u0026distro=3.21.3", "UID": "8042f9b62820ffd5" }, "Version": "0.22.5-r0", "Arch": "x86_64", "SrcName": "gettext", "SrcVersion": "0.22.5-r0", "Licenses": [ "LGPL-2.1-or-later" ], "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:16187402cb9a1bccb565c982711f2820af4c7b251fe2423259d89201e8ddee37", "DiffID": "sha256:5a0c627364d9c793e24415c0a8512b7cb3363c16b64ab74be957050e6a4ee616" }, "Digest": "sha1:c3f183a55f73801890303634540cf1c84530cc17", "InstalledFiles": [ "usr/lib/libintl.so.8", "usr/lib/libintl.so.8.4.0" ], "AnalyzedBy": "apk" }, { "ID": "libmd@1.1.0-r0", "Name": "libmd", "Identifier": { "PURL": "pkg:apk/alpine/libmd@1.1.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "9d51cc7dab98483b" }, "Version": "1.1.0-r0", "Arch": "x86_64", "SrcName": "libmd", "SrcVersion": "1.1.0-r0", "Licenses": [ "BSD-3-Clause", "BSD-2-Clause", "ISC", "Beerware", "Public", "Domain" ], "Maintainer": "omni \u003comni+alpine@hack.org\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:16187402cb9a1bccb565c982711f2820af4c7b251fe2423259d89201e8ddee37", "DiffID": "sha256:5a0c627364d9c793e24415c0a8512b7cb3363c16b64ab74be957050e6a4ee616" }, "Digest": "sha1:a80e622a84ee4a3f53062a516bb8b1d92a60497b", "InstalledFiles": [ "usr/lib/libmd.so.0", "usr/lib/libmd.so.0.1.0" ], "AnalyzedBy": "apk" }, { "ID": "libncursesw@6.5_p20241006-r3", "Name": "libncursesw", "Identifier": { "PURL": "pkg:apk/alpine/libncursesw@6.5_p20241006-r3?arch=x86_64\u0026distro=3.21.3", "UID": "75cdd41a72db6f1" }, "Version": "6.5_p20241006-r3", "Arch": "x86_64", "SrcName": "ncurses", "SrcVersion": "6.5_p20241006-r3", "Licenses": [ "X-11" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9", "ncurses-terminfo-base@6.5_p20241006-r3" ], "Layer": { "Digest": "sha256:85be7329d6c2da132d82c42a32407595e174c5d8452d99a78201e96a553f1ed0", "DiffID": "sha256:53d9c097c68dce02089ccfbac33654973e6d57f0ced0b8ecbd9e8ab6ebdb86ec" }, "Digest": "sha1:1f4a0b567990a75699de992aa91da75bad914a57", "InstalledFiles": [ "usr/lib/libncursesw.so.6", "usr/lib/libncursesw.so.6.5" ], "AnalyzedBy": "apk" }, { "ID": "libpanelw@6.5_p20241006-r3", "Name": "libpanelw", "Identifier": { "PURL": "pkg:apk/alpine/libpanelw@6.5_p20241006-r3?arch=x86_64\u0026distro=3.21.3", "UID": "bc19a00a809b43ea" }, "Version": "6.5_p20241006-r3", "Arch": "x86_64", "SrcName": "ncurses", "SrcVersion": "6.5_p20241006-r3", "Licenses": [ "X-11" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libncursesw@6.5_p20241006-r3", "musl@1.2.5-r9", "ncurses-terminfo-base@6.5_p20241006-r3" ], "Layer": { "Digest": "sha256:85be7329d6c2da132d82c42a32407595e174c5d8452d99a78201e96a553f1ed0", "DiffID": "sha256:53d9c097c68dce02089ccfbac33654973e6d57f0ced0b8ecbd9e8ab6ebdb86ec" }, "Digest": "sha1:b7928b751d482d3ee192ef1cb0f4b8de1baa0b20", "InstalledFiles": [ "usr/lib/libpanelw.so.6", "usr/lib/libpanelw.so.6.5" ], "AnalyzedBy": "apk" }, { "ID": "libssl3@3.3.3-r0", "Name": "libssl3", "Identifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "c19c85db06279baa" }, "Version": "3.3.3-r0", "Arch": "x86_64", "SrcName": "openssl", "SrcVersion": "3.3.3-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libcrypto3@3.3.3-r0", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "Digest": "sha1:f903912bd42fe4658ee2adf39744b36019f046b3", "InstalledFiles": [ "usr/lib/libssl.so.3" ], "AnalyzedBy": "apk" }, { "ID": "libunistring@1.2-r0", "Name": "libunistring", "Identifier": { "PURL": "pkg:apk/alpine/libunistring@1.2-r0?arch=x86_64\u0026distro=3.21.3", "UID": "afda0efd6d9fe81d" }, "Version": "1.2-r0", "Arch": "x86_64", "SrcName": "libunistring", "SrcVersion": "1.2-r0", "Licenses": [ "GPL-2.0-or-later", "LGPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:16187402cb9a1bccb565c982711f2820af4c7b251fe2423259d89201e8ddee37", "DiffID": "sha256:5a0c627364d9c793e24415c0a8512b7cb3363c16b64ab74be957050e6a4ee616" }, "Digest": "sha1:79aac0821ef4e14fc6ceaacfbf7c2a770a80cf78", "InstalledFiles": [ "usr/lib/libunistring.so.5", "usr/lib/libunistring.so.5.1.0" ], "AnalyzedBy": "apk" }, { "ID": "libuuid@2.40.4-r0", "Name": "libuuid", "Identifier": { "PURL": "pkg:apk/alpine/libuuid@2.40.4-r0?arch=x86_64\u0026distro=3.21.3", "UID": "95a35a694952d3ae" }, "Version": "2.40.4-r0", "Arch": "x86_64", "SrcName": "util-linux", "SrcVersion": "2.40.4-r0", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:85be7329d6c2da132d82c42a32407595e174c5d8452d99a78201e96a553f1ed0", "DiffID": "sha256:53d9c097c68dce02089ccfbac33654973e6d57f0ced0b8ecbd9e8ab6ebdb86ec" }, "Digest": "sha1:687f7a3d2df8f2270e247715b2eadc1cfbc63185", "InstalledFiles": [ "usr/lib/libuuid.so.1", "usr/lib/libuuid.so.1.3.0" ], "AnalyzedBy": "apk" }, { "ID": "libverto@0.3.2-r2", "Name": "libverto", "Identifier": { "PURL": "pkg:apk/alpine/libverto@0.3.2-r2?arch=x86_64\u0026distro=3.21.3", "UID": "67e5fa5840c0d028" }, "Version": "0.3.2-r2", "Arch": "x86_64", "SrcName": "libverto", "SrcVersion": "0.3.2-r2", "Licenses": [ "MIT" ], "Maintainer": "Francesco Colista \u003cfcolista@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:16187402cb9a1bccb565c982711f2820af4c7b251fe2423259d89201e8ddee37", "DiffID": "sha256:5a0c627364d9c793e24415c0a8512b7cb3363c16b64ab74be957050e6a4ee616" }, "Digest": "sha1:154644a18e6de4d3b6d9d6c2c35d28826b9167a1", "InstalledFiles": [ "usr/lib/libverto.so.1", "usr/lib/libverto.so.1.0.0" ], "AnalyzedBy": "apk" }, { "ID": "msmtp@1.8.27-r0", "Name": "msmtp", "Identifier": { "PURL": "pkg:apk/alpine/msmtp@1.8.27-r0?arch=x86_64\u0026distro=3.21.3", "UID": "709d974c70d11aaf" }, "Version": "1.8.27-r0", "Arch": "x86_64", "SrcName": "msmtp", "SrcVersion": "1.8.27-r0", "Licenses": [ "GPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libcrypto3@3.3.3-r0", "libgsasl@2.2.1-r0", "libidn2@2.3.7-r0", "libintl@0.22.5-r0", "libssl3@3.3.3-r0", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:16187402cb9a1bccb565c982711f2820af4c7b251fe2423259d89201e8ddee37", "DiffID": "sha256:5a0c627364d9c793e24415c0a8512b7cb3363c16b64ab74be957050e6a4ee616" }, "Digest": "sha1:7b5a81f0558bbf74aeec76787dbfc5ad13b94ae1", "InstalledFiles": [ "usr/bin/msmtp", "usr/bin/msmtpd" ], "AnalyzedBy": "apk" }, { "ID": "musl@1.2.5-r9", "Name": "musl", "Identifier": { "PURL": "pkg:apk/alpine/musl@1.2.5-r9?arch=x86_64\u0026distro=3.21.3", "UID": "d0316c4ab0862e6b" }, "Version": "1.2.5-r9", "Arch": "x86_64", "SrcName": "musl", "SrcVersion": "1.2.5-r9", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "Digest": "sha1:fcbef23891ec04f81a28b98dbbb521e58218d2d8", "InstalledFiles": [ "lib/ld-musl-x86_64.so.1", "lib/libc.musl-x86_64.so.1" ], "AnalyzedBy": "apk" }, { "ID": "musl-utils@1.2.5-r9", "Name": "musl-utils", "Identifier": { "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r9?arch=x86_64\u0026distro=3.21.3", "UID": "8991799c5350cf95" }, "Version": "1.2.5-r9", "Arch": "x86_64", "SrcName": "musl", "SrcVersion": "1.2.5-r9", "Licenses": [ "MIT", "BSD-2-Clause", "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9", "scanelf@1.3.8-r1" ], "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "Digest": "sha1:dd00323d3c0b14f2607f7a14ef503ebb4f737d22", "InstalledFiles": [ "sbin/ldconfig", "usr/bin/getconf", "usr/bin/getent", "usr/bin/iconv", "usr/bin/ldd" ], "AnalyzedBy": "apk" }, { "ID": "ncurses-terminfo-base@6.5_p20241006-r3", "Name": "ncurses-terminfo-base", "Identifier": { "PURL": "pkg:apk/alpine/ncurses-terminfo-base@6.5_p20241006-r3?arch=x86_64\u0026distro=3.21.3", "UID": "ba7a41d37c387447" }, "Version": "6.5_p20241006-r3", "Arch": "x86_64", "SrcName": "ncurses", "SrcVersion": "6.5_p20241006-r3", "Licenses": [ "X-11" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:85be7329d6c2da132d82c42a32407595e174c5d8452d99a78201e96a553f1ed0", "DiffID": "sha256:53d9c097c68dce02089ccfbac33654973e6d57f0ced0b8ecbd9e8ab6ebdb86ec" }, "Digest": "sha1:a2bc82a235e7172605f069a36c371f955bc9d8fc", "InstalledFiles": [ "etc/terminfo/a/alacritty", "etc/terminfo/a/ansi", "etc/terminfo/d/dumb", "etc/terminfo/g/gnome", "etc/terminfo/g/gnome-256color", "etc/terminfo/k/konsole", "etc/terminfo/k/konsole-256color", "etc/terminfo/k/konsole-linux", "etc/terminfo/l/linux", "etc/terminfo/p/putty", "etc/terminfo/p/putty-256color", "etc/terminfo/r/rxvt", "etc/terminfo/r/rxvt-256color", "etc/terminfo/s/screen", "etc/terminfo/s/screen-256color", "etc/terminfo/s/st-0.6", "etc/terminfo/s/st-0.7", "etc/terminfo/s/st-0.8", "etc/terminfo/s/st-16color", "etc/terminfo/s/st-256color", "etc/terminfo/s/st-direct", "etc/terminfo/s/sun", "etc/terminfo/t/terminator", "etc/terminfo/t/terminology", "etc/terminfo/t/terminology-0.6.1", "etc/terminfo/t/terminology-1.0.0", "etc/terminfo/t/terminology-1.8.1", "etc/terminfo/t/tmux", "etc/terminfo/t/tmux-256color", "etc/terminfo/v/vt100", "etc/terminfo/v/vt102", "etc/terminfo/v/vt200", "etc/terminfo/v/vt220", "etc/terminfo/v/vt52", "etc/terminfo/v/vte", "etc/terminfo/v/vte-256color", "etc/terminfo/x/xterm", "etc/terminfo/x/xterm-256color", "etc/terminfo/x/xterm-color", "etc/terminfo/x/xterm-xfree86" ], "AnalyzedBy": "apk" }, { "ID": "netcat-openbsd@1.226.1.1-r0", "Name": "netcat-openbsd", "Identifier": { "PURL": "pkg:apk/alpine/netcat-openbsd@1.226.1.1-r0?arch=x86_64\u0026distro=3.21.3", "UID": "99ea8440fdb1f22d" }, "Version": "1.226.1.1-r0", "Arch": "x86_64", "SrcName": "netcat-openbsd", "SrcVersion": "1.226.1.1-r0", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Leonardo Arena \u003crnalrd@alpinelinux.org\u003e", "DependsOn": [ "libbsd@0.12.2-r0", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:16187402cb9a1bccb565c982711f2820af4c7b251fe2423259d89201e8ddee37", "DiffID": "sha256:5a0c627364d9c793e24415c0a8512b7cb3363c16b64ab74be957050e6a4ee616" }, "Digest": "sha1:7bb180574ade70df0c6dfd473f75df966e884133", "InstalledFiles": [ "usr/bin/nc" ], "AnalyzedBy": "apk" }, { "ID": "pcre2@10.43-r0", "Name": "pcre2", "Identifier": { "PURL": "pkg:apk/alpine/pcre2@10.43-r0?arch=x86_64\u0026distro=3.21.3", "UID": "f6f0683f9f0923fb" }, "Version": "10.43-r0", "Arch": "x86_64", "SrcName": "pcre2", "SrcVersion": "10.43-r0", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Jakub Jirutka \u003cjakub@jirutka.cz\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:16187402cb9a1bccb565c982711f2820af4c7b251fe2423259d89201e8ddee37", "DiffID": "sha256:5a0c627364d9c793e24415c0a8512b7cb3363c16b64ab74be957050e6a4ee616" }, "Digest": "sha1:ac7e2633be267904f90d2a850ea43d393583b160", "InstalledFiles": [ "usr/lib/libpcre2-8.so.0", "usr/lib/libpcre2-8.so.0.12.0", "usr/lib/libpcre2-posix.so.3", "usr/lib/libpcre2-posix.so.3.0.5" ], "AnalyzedBy": "apk" }, { "ID": "readline@8.2.13-r0", "Name": "readline", "Identifier": { "PURL": "pkg:apk/alpine/readline@8.2.13-r0?arch=x86_64\u0026distro=3.21.3", "UID": "8e448129748c2000" }, "Version": "8.2.13-r0", "Arch": "x86_64", "SrcName": "readline", "SrcVersion": "8.2.13-r0", "Licenses": [ "GPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libncursesw@6.5_p20241006-r3", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:85be7329d6c2da132d82c42a32407595e174c5d8452d99a78201e96a553f1ed0", "DiffID": "sha256:53d9c097c68dce02089ccfbac33654973e6d57f0ced0b8ecbd9e8ab6ebdb86ec" }, "Digest": "sha1:b99e42766d2d37aa8b69820daa080ab50c28a150", "InstalledFiles": [ "etc/inputrc", "usr/lib/libreadline.so.8", "usr/lib/libreadline.so.8.2" ], "AnalyzedBy": "apk" }, { "ID": "scanelf@1.3.8-r1", "Name": "scanelf", "Identifier": { "PURL": "pkg:apk/alpine/scanelf@1.3.8-r1?arch=x86_64\u0026distro=3.21.3", "UID": "99c1bc01da347386" }, "Version": "1.3.8-r1", "Arch": "x86_64", "SrcName": "pax-utils", "SrcVersion": "1.3.8-r1", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "Digest": "sha1:77729f7622baeaafb6feaf7486f4f5452c1c7b62", "InstalledFiles": [ "usr/bin/scanelf" ], "AnalyzedBy": "apk" }, { "ID": "sqlite-libs@3.48.0-r0", "Name": "sqlite-libs", "Identifier": { "PURL": "pkg:apk/alpine/sqlite-libs@3.48.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "97ae2c9dd021d9ff" }, "Version": "3.48.0-r0", "Arch": "x86_64", "SrcName": "sqlite", "SrcVersion": "3.48.0-r0", "Licenses": [ "blessing" ], "Maintainer": "Celeste \u003ccielesti@protonmail.com\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:85be7329d6c2da132d82c42a32407595e174c5d8452d99a78201e96a553f1ed0", "DiffID": "sha256:53d9c097c68dce02089ccfbac33654973e6d57f0ced0b8ecbd9e8ab6ebdb86ec" }, "Digest": "sha1:f0ea631805919e1704c25aa2ea8aeb9ce25dbcff", "InstalledFiles": [ "usr/lib/libsqlite3.so.0", "usr/lib/libsqlite3.so.0.8.6" ], "AnalyzedBy": "apk" }, { "ID": "ssl_client@1.37.0-r12", "Name": "ssl_client", "Identifier": { "PURL": "pkg:apk/alpine/ssl_client@1.37.0-r12?arch=x86_64\u0026distro=3.21.3", "UID": "7637191a09ed06b3" }, "Version": "1.37.0-r12", "Arch": "x86_64", "SrcName": "busybox", "SrcVersion": "1.37.0-r12", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", "DependsOn": [ "libcrypto3@3.3.3-r0", "libssl3@3.3.3-r0", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "Digest": "sha1:69bfb6258ecb0a21e3b0ea12e6d4544192ab3766", "InstalledFiles": [ "usr/bin/ssl_client" ], "AnalyzedBy": "apk" }, { "ID": "tzdata@2025a-r0", "Name": "tzdata", "Identifier": { "PURL": "pkg:apk/alpine/tzdata@2025a-r0?arch=x86_64\u0026distro=3.21.3", "UID": "6202fbbc831770e0" }, "Version": "2025a-r0", "Arch": "x86_64", "SrcName": "tzdata", "SrcVersion": "2025a-r0", "Licenses": [ "Public-Domain" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:a507b793f9af8c58adcae308a17d0d4c2e8074a530b01b6abec958e9b7476cbb", "DiffID": "sha256:052b772c7a047144fe9764df3fe0bc683abd5b2d212494aef4054f5a91f36b16" }, "Digest": "sha1:0b536b9594eb3a23cc3fcb9222d87999ee7a5a5e", "InstalledFiles": [ "usr/share/zoneinfo/CET", "usr/share/zoneinfo/CST6CDT", "usr/share/zoneinfo/Cuba", "usr/share/zoneinfo/EET", "usr/share/zoneinfo/EST", "usr/share/zoneinfo/EST5EDT", "usr/share/zoneinfo/Egypt", "usr/share/zoneinfo/Eire", "usr/share/zoneinfo/Factory", "usr/share/zoneinfo/GB", "usr/share/zoneinfo/GB-Eire", "usr/share/zoneinfo/GMT", "usr/share/zoneinfo/GMT+0", "usr/share/zoneinfo/GMT-0", "usr/share/zoneinfo/GMT0", "usr/share/zoneinfo/Greenwich", "usr/share/zoneinfo/HST", "usr/share/zoneinfo/Hongkong", "usr/share/zoneinfo/Iceland", "usr/share/zoneinfo/Iran", "usr/share/zoneinfo/Israel", "usr/share/zoneinfo/Jamaica", "usr/share/zoneinfo/Japan", "usr/share/zoneinfo/Kwajalein", "usr/share/zoneinfo/Libya", "usr/share/zoneinfo/MET", "usr/share/zoneinfo/MST", "usr/share/zoneinfo/MST7MDT", "usr/share/zoneinfo/NZ", "usr/share/zoneinfo/NZ-CHAT", "usr/share/zoneinfo/Navajo", "usr/share/zoneinfo/PRC", "usr/share/zoneinfo/PST8PDT", "usr/share/zoneinfo/Poland", "usr/share/zoneinfo/Portugal", "usr/share/zoneinfo/ROC", "usr/share/zoneinfo/ROK", "usr/share/zoneinfo/Singapore", "usr/share/zoneinfo/Turkey", "usr/share/zoneinfo/UCT", "usr/share/zoneinfo/UTC", "usr/share/zoneinfo/Universal", "usr/share/zoneinfo/W-SU", "usr/share/zoneinfo/WET", "usr/share/zoneinfo/Zulu", "usr/share/zoneinfo/iso3166.tab", "usr/share/zoneinfo/leap-seconds.list", "usr/share/zoneinfo/posixrules", "usr/share/zoneinfo/zone.tab", "usr/share/zoneinfo/zone1970.tab", "usr/share/zoneinfo/Africa/Abidjan", "usr/share/zoneinfo/Africa/Accra", "usr/share/zoneinfo/Africa/Addis_Ababa", "usr/share/zoneinfo/Africa/Algiers", "usr/share/zoneinfo/Africa/Asmara", "usr/share/zoneinfo/Africa/Asmera", "usr/share/zoneinfo/Africa/Bamako", "usr/share/zoneinfo/Africa/Bangui", "usr/share/zoneinfo/Africa/Banjul", "usr/share/zoneinfo/Africa/Bissau", "usr/share/zoneinfo/Africa/Blantyre", "usr/share/zoneinfo/Africa/Brazzaville", "usr/share/zoneinfo/Africa/Bujumbura", "usr/share/zoneinfo/Africa/Cairo", "usr/share/zoneinfo/Africa/Casablanca", "usr/share/zoneinfo/Africa/Ceuta", "usr/share/zoneinfo/Africa/Conakry", "usr/share/zoneinfo/Africa/Dakar", "usr/share/zoneinfo/Africa/Dar_es_Salaam", "usr/share/zoneinfo/Africa/Djibouti", "usr/share/zoneinfo/Africa/Douala", "usr/share/zoneinfo/Africa/El_Aaiun", "usr/share/zoneinfo/Africa/Freetown", "usr/share/zoneinfo/Africa/Gaborone", "usr/share/zoneinfo/Africa/Harare", "usr/share/zoneinfo/Africa/Johannesburg", "usr/share/zoneinfo/Africa/Juba", "usr/share/zoneinfo/Africa/Kampala", "usr/share/zoneinfo/Africa/Khartoum", "usr/share/zoneinfo/Africa/Kigali", "usr/share/zoneinfo/Africa/Kinshasa", "usr/share/zoneinfo/Africa/Lagos", "usr/share/zoneinfo/Africa/Libreville", "usr/share/zoneinfo/Africa/Lome", "usr/share/zoneinfo/Africa/Luanda", "usr/share/zoneinfo/Africa/Lubumbashi", "usr/share/zoneinfo/Africa/Lusaka", "usr/share/zoneinfo/Africa/Malabo", "usr/share/zoneinfo/Africa/Maputo", "usr/share/zoneinfo/Africa/Maseru", "usr/share/zoneinfo/Africa/Mbabane", "usr/share/zoneinfo/Africa/Mogadishu", "usr/share/zoneinfo/Africa/Monrovia", "usr/share/zoneinfo/Africa/Nairobi", "usr/share/zoneinfo/Africa/Ndjamena", "usr/share/zoneinfo/Africa/Niamey", "usr/share/zoneinfo/Africa/Nouakchott", "usr/share/zoneinfo/Africa/Ouagadougou", "usr/share/zoneinfo/Africa/Porto-Novo", "usr/share/zoneinfo/Africa/Sao_Tome", "usr/share/zoneinfo/Africa/Timbuktu", "usr/share/zoneinfo/Africa/Tripoli", "usr/share/zoneinfo/Africa/Tunis", "usr/share/zoneinfo/Africa/Windhoek", "usr/share/zoneinfo/America/Adak", "usr/share/zoneinfo/America/Anchorage", "usr/share/zoneinfo/America/Anguilla", "usr/share/zoneinfo/America/Antigua", "usr/share/zoneinfo/America/Araguaina", "usr/share/zoneinfo/America/Aruba", "usr/share/zoneinfo/America/Asuncion", "usr/share/zoneinfo/America/Atikokan", "usr/share/zoneinfo/America/Atka", "usr/share/zoneinfo/America/Bahia", "usr/share/zoneinfo/America/Bahia_Banderas", "usr/share/zoneinfo/America/Barbados", "usr/share/zoneinfo/America/Belem", "usr/share/zoneinfo/America/Belize", "usr/share/zoneinfo/America/Blanc-Sablon", "usr/share/zoneinfo/America/Boa_Vista", "usr/share/zoneinfo/America/Bogota", "usr/share/zoneinfo/America/Boise", "usr/share/zoneinfo/America/Buenos_Aires", "usr/share/zoneinfo/America/Cambridge_Bay", "usr/share/zoneinfo/America/Campo_Grande", "usr/share/zoneinfo/America/Cancun", "usr/share/zoneinfo/America/Caracas", "usr/share/zoneinfo/America/Catamarca", "usr/share/zoneinfo/America/Cayenne", "usr/share/zoneinfo/America/Cayman", "usr/share/zoneinfo/America/Chicago", "usr/share/zoneinfo/America/Chihuahua", "usr/share/zoneinfo/America/Ciudad_Juarez", "usr/share/zoneinfo/America/Coral_Harbour", "usr/share/zoneinfo/America/Cordoba", "usr/share/zoneinfo/America/Costa_Rica", "usr/share/zoneinfo/America/Creston", "usr/share/zoneinfo/America/Cuiaba", "usr/share/zoneinfo/America/Curacao", "usr/share/zoneinfo/America/Danmarkshavn", "usr/share/zoneinfo/America/Dawson", "usr/share/zoneinfo/America/Dawson_Creek", "usr/share/zoneinfo/America/Denver", "usr/share/zoneinfo/America/Detroit", "usr/share/zoneinfo/America/Dominica", "usr/share/zoneinfo/America/Edmonton", "usr/share/zoneinfo/America/Eirunepe", "usr/share/zoneinfo/America/El_Salvador", "usr/share/zoneinfo/America/Ensenada", "usr/share/zoneinfo/America/Fort_Nelson", "usr/share/zoneinfo/America/Fort_Wayne", "usr/share/zoneinfo/America/Fortaleza", "usr/share/zoneinfo/America/Glace_Bay", "usr/share/zoneinfo/America/Godthab", "usr/share/zoneinfo/America/Goose_Bay", "usr/share/zoneinfo/America/Grand_Turk", "usr/share/zoneinfo/America/Grenada", "usr/share/zoneinfo/America/Guadeloupe", "usr/share/zoneinfo/America/Guatemala", "usr/share/zoneinfo/America/Guayaquil", "usr/share/zoneinfo/America/Guyana", "usr/share/zoneinfo/America/Halifax", "usr/share/zoneinfo/America/Havana", "usr/share/zoneinfo/America/Hermosillo", "usr/share/zoneinfo/America/Indianapolis", "usr/share/zoneinfo/America/Inuvik", "usr/share/zoneinfo/America/Iqaluit", "usr/share/zoneinfo/America/Jamaica", "usr/share/zoneinfo/America/Jujuy", "usr/share/zoneinfo/America/Juneau", "usr/share/zoneinfo/America/Knox_IN", "usr/share/zoneinfo/America/Kralendijk", "usr/share/zoneinfo/America/La_Paz", "usr/share/zoneinfo/America/Lima", "usr/share/zoneinfo/America/Los_Angeles", "usr/share/zoneinfo/America/Louisville", "usr/share/zoneinfo/America/Lower_Princes", "usr/share/zoneinfo/America/Maceio", "usr/share/zoneinfo/America/Managua", "usr/share/zoneinfo/America/Manaus", "usr/share/zoneinfo/America/Marigot", "usr/share/zoneinfo/America/Martinique", "usr/share/zoneinfo/America/Matamoros", "usr/share/zoneinfo/America/Mazatlan", "usr/share/zoneinfo/America/Mendoza", "usr/share/zoneinfo/America/Menominee", "usr/share/zoneinfo/America/Merida", "usr/share/zoneinfo/America/Metlakatla", "usr/share/zoneinfo/America/Mexico_City", "usr/share/zoneinfo/America/Miquelon", "usr/share/zoneinfo/America/Moncton", "usr/share/zoneinfo/America/Monterrey", "usr/share/zoneinfo/America/Montevideo", "usr/share/zoneinfo/America/Montreal", "usr/share/zoneinfo/America/Montserrat", "usr/share/zoneinfo/America/Nassau", "usr/share/zoneinfo/America/New_York", "usr/share/zoneinfo/America/Nipigon", "usr/share/zoneinfo/America/Nome", "usr/share/zoneinfo/America/Noronha", "usr/share/zoneinfo/America/Nuuk", "usr/share/zoneinfo/America/Ojinaga", "usr/share/zoneinfo/America/Panama", "usr/share/zoneinfo/America/Pangnirtung", "usr/share/zoneinfo/America/Paramaribo", "usr/share/zoneinfo/America/Phoenix", "usr/share/zoneinfo/America/Port-au-Prince", "usr/share/zoneinfo/America/Port_of_Spain", "usr/share/zoneinfo/America/Porto_Acre", "usr/share/zoneinfo/America/Porto_Velho", "usr/share/zoneinfo/America/Puerto_Rico", "usr/share/zoneinfo/America/Punta_Arenas", "usr/share/zoneinfo/America/Rainy_River", "usr/share/zoneinfo/America/Rankin_Inlet", "usr/share/zoneinfo/America/Recife", "usr/share/zoneinfo/America/Regina", "usr/share/zoneinfo/America/Resolute", "usr/share/zoneinfo/America/Rio_Branco", "usr/share/zoneinfo/America/Rosario", "usr/share/zoneinfo/America/Santa_Isabel", "usr/share/zoneinfo/America/Santarem", "usr/share/zoneinfo/America/Santiago", "usr/share/zoneinfo/America/Santo_Domingo", "usr/share/zoneinfo/America/Sao_Paulo", "usr/share/zoneinfo/America/Scoresbysund", "usr/share/zoneinfo/America/Shiprock", "usr/share/zoneinfo/America/Sitka", "usr/share/zoneinfo/America/St_Barthelemy", "usr/share/zoneinfo/America/St_Johns", "usr/share/zoneinfo/America/St_Kitts", "usr/share/zoneinfo/America/St_Lucia", "usr/share/zoneinfo/America/St_Thomas", "usr/share/zoneinfo/America/St_Vincent", "usr/share/zoneinfo/America/Swift_Current", "usr/share/zoneinfo/America/Tegucigalpa", "usr/share/zoneinfo/America/Thule", "usr/share/zoneinfo/America/Thunder_Bay", "usr/share/zoneinfo/America/Tijuana", "usr/share/zoneinfo/America/Toronto", "usr/share/zoneinfo/America/Tortola", "usr/share/zoneinfo/America/Vancouver", "usr/share/zoneinfo/America/Virgin", "usr/share/zoneinfo/America/Whitehorse", "usr/share/zoneinfo/America/Winnipeg", "usr/share/zoneinfo/America/Yakutat", "usr/share/zoneinfo/America/Yellowknife", "usr/share/zoneinfo/America/Argentina/Buenos_Aires", "usr/share/zoneinfo/America/Argentina/Catamarca", "usr/share/zoneinfo/America/Argentina/ComodRivadavia", "usr/share/zoneinfo/America/Argentina/Cordoba", "usr/share/zoneinfo/America/Argentina/Jujuy", "usr/share/zoneinfo/America/Argentina/La_Rioja", "usr/share/zoneinfo/America/Argentina/Mendoza", "usr/share/zoneinfo/America/Argentina/Rio_Gallegos", "usr/share/zoneinfo/America/Argentina/Salta", "usr/share/zoneinfo/America/Argentina/San_Juan", "usr/share/zoneinfo/America/Argentina/San_Luis", "usr/share/zoneinfo/America/Argentina/Tucuman", "usr/share/zoneinfo/America/Argentina/Ushuaia", "usr/share/zoneinfo/America/Indiana/Indianapolis", "usr/share/zoneinfo/America/Indiana/Knox", "usr/share/zoneinfo/America/Indiana/Marengo", "usr/share/zoneinfo/America/Indiana/Petersburg", "usr/share/zoneinfo/America/Indiana/Tell_City", "usr/share/zoneinfo/America/Indiana/Vevay", "usr/share/zoneinfo/America/Indiana/Vincennes", "usr/share/zoneinfo/America/Indiana/Winamac", "usr/share/zoneinfo/America/Kentucky/Louisville", "usr/share/zoneinfo/America/Kentucky/Monticello", "usr/share/zoneinfo/America/North_Dakota/Beulah", "usr/share/zoneinfo/America/North_Dakota/Center", "usr/share/zoneinfo/America/North_Dakota/New_Salem", "usr/share/zoneinfo/Antarctica/Casey", "usr/share/zoneinfo/Antarctica/Davis", "usr/share/zoneinfo/Antarctica/DumontDUrville", "usr/share/zoneinfo/Antarctica/Macquarie", "usr/share/zoneinfo/Antarctica/Mawson", "usr/share/zoneinfo/Antarctica/McMurdo", "usr/share/zoneinfo/Antarctica/Palmer", "usr/share/zoneinfo/Antarctica/Rothera", "usr/share/zoneinfo/Antarctica/South_Pole", "usr/share/zoneinfo/Antarctica/Syowa", "usr/share/zoneinfo/Antarctica/Troll", "usr/share/zoneinfo/Antarctica/Vostok", "usr/share/zoneinfo/Arctic/Longyearbyen", "usr/share/zoneinfo/Asia/Aden", "usr/share/zoneinfo/Asia/Almaty", "usr/share/zoneinfo/Asia/Amman", "usr/share/zoneinfo/Asia/Anadyr", "usr/share/zoneinfo/Asia/Aqtau", "usr/share/zoneinfo/Asia/Aqtobe", "usr/share/zoneinfo/Asia/Ashgabat", "usr/share/zoneinfo/Asia/Ashkhabad", "usr/share/zoneinfo/Asia/Atyrau", "usr/share/zoneinfo/Asia/Baghdad", "usr/share/zoneinfo/Asia/Bahrain", "usr/share/zoneinfo/Asia/Baku", "usr/share/zoneinfo/Asia/Bangkok", "usr/share/zoneinfo/Asia/Barnaul", "usr/share/zoneinfo/Asia/Beirut", "usr/share/zoneinfo/Asia/Bishkek", "usr/share/zoneinfo/Asia/Brunei", "usr/share/zoneinfo/Asia/Calcutta", "usr/share/zoneinfo/Asia/Chita", "usr/share/zoneinfo/Asia/Choibalsan", "usr/share/zoneinfo/Asia/Chongqing", "usr/share/zoneinfo/Asia/Chungking", "usr/share/zoneinfo/Asia/Colombo", "usr/share/zoneinfo/Asia/Dacca", "usr/share/zoneinfo/Asia/Damascus", "usr/share/zoneinfo/Asia/Dhaka", "usr/share/zoneinfo/Asia/Dili", "usr/share/zoneinfo/Asia/Dubai", "usr/share/zoneinfo/Asia/Dushanbe", "usr/share/zoneinfo/Asia/Famagusta", "usr/share/zoneinfo/Asia/Gaza", "usr/share/zoneinfo/Asia/Harbin", "usr/share/zoneinfo/Asia/Hebron", "usr/share/zoneinfo/Asia/Ho_Chi_Minh", "usr/share/zoneinfo/Asia/Hong_Kong", "usr/share/zoneinfo/Asia/Hovd", "usr/share/zoneinfo/Asia/Irkutsk", "usr/share/zoneinfo/Asia/Istanbul", "usr/share/zoneinfo/Asia/Jakarta", "usr/share/zoneinfo/Asia/Jayapura", "usr/share/zoneinfo/Asia/Jerusalem", "usr/share/zoneinfo/Asia/Kabul", "usr/share/zoneinfo/Asia/Kamchatka", "usr/share/zoneinfo/Asia/Karachi", "usr/share/zoneinfo/Asia/Kashgar", "usr/share/zoneinfo/Asia/Kathmandu", "usr/share/zoneinfo/Asia/Katmandu", "usr/share/zoneinfo/Asia/Khandyga", "usr/share/zoneinfo/Asia/Kolkata", "usr/share/zoneinfo/Asia/Krasnoyarsk", "usr/share/zoneinfo/Asia/Kuala_Lumpur", "usr/share/zoneinfo/Asia/Kuching", "usr/share/zoneinfo/Asia/Kuwait", "usr/share/zoneinfo/Asia/Macao", "usr/share/zoneinfo/Asia/Macau", "usr/share/zoneinfo/Asia/Magadan", "usr/share/zoneinfo/Asia/Makassar", "usr/share/zoneinfo/Asia/Manila", "usr/share/zoneinfo/Asia/Muscat", "usr/share/zoneinfo/Asia/Nicosia", "usr/share/zoneinfo/Asia/Novokuznetsk", "usr/share/zoneinfo/Asia/Novosibirsk", "usr/share/zoneinfo/Asia/Omsk", "usr/share/zoneinfo/Asia/Oral", "usr/share/zoneinfo/Asia/Phnom_Penh", "usr/share/zoneinfo/Asia/Pontianak", "usr/share/zoneinfo/Asia/Pyongyang", "usr/share/zoneinfo/Asia/Qatar", "usr/share/zoneinfo/Asia/Qostanay", "usr/share/zoneinfo/Asia/Qyzylorda", "usr/share/zoneinfo/Asia/Rangoon", "usr/share/zoneinfo/Asia/Riyadh", "usr/share/zoneinfo/Asia/Saigon", "usr/share/zoneinfo/Asia/Sakhalin", "usr/share/zoneinfo/Asia/Samarkand", "usr/share/zoneinfo/Asia/Seoul", "usr/share/zoneinfo/Asia/Shanghai", "usr/share/zoneinfo/Asia/Singapore", "usr/share/zoneinfo/Asia/Srednekolymsk", "usr/share/zoneinfo/Asia/Taipei", "usr/share/zoneinfo/Asia/Tashkent", "usr/share/zoneinfo/Asia/Tbilisi", "usr/share/zoneinfo/Asia/Tehran", "usr/share/zoneinfo/Asia/Tel_Aviv", "usr/share/zoneinfo/Asia/Thimbu", "usr/share/zoneinfo/Asia/Thimphu", "usr/share/zoneinfo/Asia/Tokyo", "usr/share/zoneinfo/Asia/Tomsk", "usr/share/zoneinfo/Asia/Ujung_Pandang", "usr/share/zoneinfo/Asia/Ulaanbaatar", "usr/share/zoneinfo/Asia/Ulan_Bator", "usr/share/zoneinfo/Asia/Urumqi", "usr/share/zoneinfo/Asia/Ust-Nera", "usr/share/zoneinfo/Asia/Vientiane", "usr/share/zoneinfo/Asia/Vladivostok", "usr/share/zoneinfo/Asia/Yakutsk", "usr/share/zoneinfo/Asia/Yangon", "usr/share/zoneinfo/Asia/Yekaterinburg", "usr/share/zoneinfo/Asia/Yerevan", "usr/share/zoneinfo/Atlantic/Azores", "usr/share/zoneinfo/Atlantic/Bermuda", "usr/share/zoneinfo/Atlantic/Canary", "usr/share/zoneinfo/Atlantic/Cape_Verde", "usr/share/zoneinfo/Atlantic/Faeroe", "usr/share/zoneinfo/Atlantic/Faroe", "usr/share/zoneinfo/Atlantic/Jan_Mayen", "usr/share/zoneinfo/Atlantic/Madeira", "usr/share/zoneinfo/Atlantic/Reykjavik", "usr/share/zoneinfo/Atlantic/South_Georgia", "usr/share/zoneinfo/Atlantic/St_Helena", "usr/share/zoneinfo/Atlantic/Stanley", "usr/share/zoneinfo/Australia/ACT", "usr/share/zoneinfo/Australia/Adelaide", "usr/share/zoneinfo/Australia/Brisbane", "usr/share/zoneinfo/Australia/Broken_Hill", "usr/share/zoneinfo/Australia/Canberra", "usr/share/zoneinfo/Australia/Currie", "usr/share/zoneinfo/Australia/Darwin", "usr/share/zoneinfo/Australia/Eucla", "usr/share/zoneinfo/Australia/Hobart", "usr/share/zoneinfo/Australia/LHI", "usr/share/zoneinfo/Australia/Lindeman", "usr/share/zoneinfo/Australia/Lord_Howe", "usr/share/zoneinfo/Australia/Melbourne", "usr/share/zoneinfo/Australia/NSW", "usr/share/zoneinfo/Australia/North", "usr/share/zoneinfo/Australia/Perth", "usr/share/zoneinfo/Australia/Queensland", "usr/share/zoneinfo/Australia/South", "usr/share/zoneinfo/Australia/Sydney", "usr/share/zoneinfo/Australia/Tasmania", "usr/share/zoneinfo/Australia/Victoria", "usr/share/zoneinfo/Australia/West", "usr/share/zoneinfo/Australia/Yancowinna", "usr/share/zoneinfo/Brazil/Acre", "usr/share/zoneinfo/Brazil/DeNoronha", "usr/share/zoneinfo/Brazil/East", "usr/share/zoneinfo/Brazil/West", "usr/share/zoneinfo/Canada/Atlantic", "usr/share/zoneinfo/Canada/Central", "usr/share/zoneinfo/Canada/Eastern", "usr/share/zoneinfo/Canada/Mountain", "usr/share/zoneinfo/Canada/Newfoundland", "usr/share/zoneinfo/Canada/Pacific", "usr/share/zoneinfo/Canada/Saskatchewan", "usr/share/zoneinfo/Canada/Yukon", "usr/share/zoneinfo/Chile/Continental", "usr/share/zoneinfo/Chile/EasterIsland", "usr/share/zoneinfo/Etc/GMT", "usr/share/zoneinfo/Etc/GMT+0", "usr/share/zoneinfo/Etc/GMT+1", "usr/share/zoneinfo/Etc/GMT+10", "usr/share/zoneinfo/Etc/GMT+11", "usr/share/zoneinfo/Etc/GMT+12", "usr/share/zoneinfo/Etc/GMT+2", "usr/share/zoneinfo/Etc/GMT+3", "usr/share/zoneinfo/Etc/GMT+4", "usr/share/zoneinfo/Etc/GMT+5", "usr/share/zoneinfo/Etc/GMT+6", "usr/share/zoneinfo/Etc/GMT+7", "usr/share/zoneinfo/Etc/GMT+8", "usr/share/zoneinfo/Etc/GMT+9", "usr/share/zoneinfo/Etc/GMT-0", "usr/share/zoneinfo/Etc/GMT-1", "usr/share/zoneinfo/Etc/GMT-10", "usr/share/zoneinfo/Etc/GMT-11", "usr/share/zoneinfo/Etc/GMT-12", "usr/share/zoneinfo/Etc/GMT-13", "usr/share/zoneinfo/Etc/GMT-14", "usr/share/zoneinfo/Etc/GMT-2", "usr/share/zoneinfo/Etc/GMT-3", "usr/share/zoneinfo/Etc/GMT-4", "usr/share/zoneinfo/Etc/GMT-5", "usr/share/zoneinfo/Etc/GMT-6", "usr/share/zoneinfo/Etc/GMT-7", "usr/share/zoneinfo/Etc/GMT-8", "usr/share/zoneinfo/Etc/GMT-9", "usr/share/zoneinfo/Etc/GMT0", "usr/share/zoneinfo/Etc/Greenwich", "usr/share/zoneinfo/Etc/UCT", "usr/share/zoneinfo/Etc/UTC", "usr/share/zoneinfo/Etc/Universal", "usr/share/zoneinfo/Etc/Zulu", "usr/share/zoneinfo/Europe/Amsterdam", "usr/share/zoneinfo/Europe/Andorra", "usr/share/zoneinfo/Europe/Astrakhan", "usr/share/zoneinfo/Europe/Athens", "usr/share/zoneinfo/Europe/Belfast", "usr/share/zoneinfo/Europe/Belgrade", "usr/share/zoneinfo/Europe/Berlin", "usr/share/zoneinfo/Europe/Bratislava", "usr/share/zoneinfo/Europe/Brussels", "usr/share/zoneinfo/Europe/Bucharest", "usr/share/zoneinfo/Europe/Budapest", "usr/share/zoneinfo/Europe/Busingen", "usr/share/zoneinfo/Europe/Chisinau", "usr/share/zoneinfo/Europe/Copenhagen", "usr/share/zoneinfo/Europe/Dublin", "usr/share/zoneinfo/Europe/Gibraltar", "usr/share/zoneinfo/Europe/Guernsey", "usr/share/zoneinfo/Europe/Helsinki", "usr/share/zoneinfo/Europe/Isle_of_Man", "usr/share/zoneinfo/Europe/Istanbul", "usr/share/zoneinfo/Europe/Jersey", "usr/share/zoneinfo/Europe/Kaliningrad", "usr/share/zoneinfo/Europe/Kiev", "usr/share/zoneinfo/Europe/Kirov", "usr/share/zoneinfo/Europe/Kyiv", "usr/share/zoneinfo/Europe/Lisbon", "usr/share/zoneinfo/Europe/Ljubljana", "usr/share/zoneinfo/Europe/London", "usr/share/zoneinfo/Europe/Luxembourg", "usr/share/zoneinfo/Europe/Madrid", "usr/share/zoneinfo/Europe/Malta", "usr/share/zoneinfo/Europe/Mariehamn", "usr/share/zoneinfo/Europe/Minsk", "usr/share/zoneinfo/Europe/Monaco", "usr/share/zoneinfo/Europe/Moscow", "usr/share/zoneinfo/Europe/Nicosia", "usr/share/zoneinfo/Europe/Oslo", "usr/share/zoneinfo/Europe/Paris", "usr/share/zoneinfo/Europe/Podgorica", "usr/share/zoneinfo/Europe/Prague", "usr/share/zoneinfo/Europe/Riga", "usr/share/zoneinfo/Europe/Rome", "usr/share/zoneinfo/Europe/Samara", "usr/share/zoneinfo/Europe/San_Marino", "usr/share/zoneinfo/Europe/Sarajevo", "usr/share/zoneinfo/Europe/Saratov", "usr/share/zoneinfo/Europe/Simferopol", "usr/share/zoneinfo/Europe/Skopje", "usr/share/zoneinfo/Europe/Sofia", "usr/share/zoneinfo/Europe/Stockholm", "usr/share/zoneinfo/Europe/Tallinn", "usr/share/zoneinfo/Europe/Tirane", "usr/share/zoneinfo/Europe/Tiraspol", "usr/share/zoneinfo/Europe/Ulyanovsk", "usr/share/zoneinfo/Europe/Uzhgorod", "usr/share/zoneinfo/Europe/Vaduz", "usr/share/zoneinfo/Europe/Vatican", "usr/share/zoneinfo/Europe/Vienna", "usr/share/zoneinfo/Europe/Vilnius", "usr/share/zoneinfo/Europe/Volgograd", "usr/share/zoneinfo/Europe/Warsaw", "usr/share/zoneinfo/Europe/Zagreb", "usr/share/zoneinfo/Europe/Zaporozhye", "usr/share/zoneinfo/Europe/Zurich", "usr/share/zoneinfo/Indian/Antananarivo", "usr/share/zoneinfo/Indian/Chagos", "usr/share/zoneinfo/Indian/Christmas", "usr/share/zoneinfo/Indian/Cocos", "usr/share/zoneinfo/Indian/Comoro", "usr/share/zoneinfo/Indian/Kerguelen", "usr/share/zoneinfo/Indian/Mahe", "usr/share/zoneinfo/Indian/Maldives", "usr/share/zoneinfo/Indian/Mauritius", "usr/share/zoneinfo/Indian/Mayotte", "usr/share/zoneinfo/Indian/Reunion", "usr/share/zoneinfo/Mexico/BajaNorte", "usr/share/zoneinfo/Mexico/BajaSur", "usr/share/zoneinfo/Mexico/General", "usr/share/zoneinfo/Pacific/Apia", "usr/share/zoneinfo/Pacific/Auckland", "usr/share/zoneinfo/Pacific/Bougainville", "usr/share/zoneinfo/Pacific/Chatham", "usr/share/zoneinfo/Pacific/Chuuk", "usr/share/zoneinfo/Pacific/Easter", "usr/share/zoneinfo/Pacific/Efate", "usr/share/zoneinfo/Pacific/Enderbury", "usr/share/zoneinfo/Pacific/Fakaofo", "usr/share/zoneinfo/Pacific/Fiji", "usr/share/zoneinfo/Pacific/Funafuti", "usr/share/zoneinfo/Pacific/Galapagos", "usr/share/zoneinfo/Pacific/Gambier", "usr/share/zoneinfo/Pacific/Guadalcanal", "usr/share/zoneinfo/Pacific/Guam", "usr/share/zoneinfo/Pacific/Honolulu", "usr/share/zoneinfo/Pacific/Johnston", "usr/share/zoneinfo/Pacific/Kanton", "usr/share/zoneinfo/Pacific/Kiritimati", "usr/share/zoneinfo/Pacific/Kosrae", "usr/share/zoneinfo/Pacific/Kwajalein", "usr/share/zoneinfo/Pacific/Majuro", "usr/share/zoneinfo/Pacific/Marquesas", "usr/share/zoneinfo/Pacific/Midway", "usr/share/zoneinfo/Pacific/Nauru", "usr/share/zoneinfo/Pacific/Niue", "usr/share/zoneinfo/Pacific/Norfolk", "usr/share/zoneinfo/Pacific/Noumea", "usr/share/zoneinfo/Pacific/Pago_Pago", "usr/share/zoneinfo/Pacific/Palau", "usr/share/zoneinfo/Pacific/Pitcairn", "usr/share/zoneinfo/Pacific/Pohnpei", "usr/share/zoneinfo/Pacific/Ponape", "usr/share/zoneinfo/Pacific/Port_Moresby", "usr/share/zoneinfo/Pacific/Rarotonga", "usr/share/zoneinfo/Pacific/Saipan", "usr/share/zoneinfo/Pacific/Samoa", "usr/share/zoneinfo/Pacific/Tahiti", "usr/share/zoneinfo/Pacific/Tarawa", "usr/share/zoneinfo/Pacific/Tongatapu", "usr/share/zoneinfo/Pacific/Truk", "usr/share/zoneinfo/Pacific/Wake", "usr/share/zoneinfo/Pacific/Wallis", "usr/share/zoneinfo/Pacific/Yap", "usr/share/zoneinfo/US/Alaska", "usr/share/zoneinfo/US/Aleutian", "usr/share/zoneinfo/US/Arizona", "usr/share/zoneinfo/US/Central", "usr/share/zoneinfo/US/East-Indiana", "usr/share/zoneinfo/US/Eastern", "usr/share/zoneinfo/US/Hawaii", "usr/share/zoneinfo/US/Indiana-Starke", "usr/share/zoneinfo/US/Michigan", "usr/share/zoneinfo/US/Mountain", "usr/share/zoneinfo/US/Pacific", "usr/share/zoneinfo/US/Samoa" ], "AnalyzedBy": "apk" }, { "ID": "wget@1.25.0-r0", "Name": "wget", "Identifier": { "PURL": "pkg:apk/alpine/wget@1.25.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "d23fedb35c58f00f" }, "Version": "1.25.0-r0", "Arch": "x86_64", "SrcName": "wget", "SrcVersion": "1.25.0-r0", "Licenses": [ "GPL-3.0-or-later WITH OpenSSL-Exception" ], "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", "DependsOn": [ "libcrypto3@3.3.3-r0", "libidn2@2.3.7-r0", "libssl3@3.3.3-r0", "musl@1.2.5-r9", "pcre2@10.43-r0", "zlib@1.3.1-r2" ], "Layer": { "Digest": "sha256:16187402cb9a1bccb565c982711f2820af4c7b251fe2423259d89201e8ddee37", "DiffID": "sha256:5a0c627364d9c793e24415c0a8512b7cb3363c16b64ab74be957050e6a4ee616" }, "Digest": "sha1:cf66ba546e27cae8675275230129dabd4562c8b6", "InstalledFiles": [ "etc/wgetrc", "usr/bin/wget" ], "AnalyzedBy": "apk" }, { "ID": "xz-libs@5.6.3-r0", "Name": "xz-libs", "Identifier": { "PURL": "pkg:apk/alpine/xz-libs@5.6.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "458a272f25e033f6" }, "Version": "5.6.3-r0", "Arch": "x86_64", "SrcName": "xz", "SrcVersion": "5.6.3-r0", "Licenses": [ "GPL-2.0-or-later", "0BSD", "Public-Domain", "LGPL-2.1-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:85be7329d6c2da132d82c42a32407595e174c5d8452d99a78201e96a553f1ed0", "DiffID": "sha256:53d9c097c68dce02089ccfbac33654973e6d57f0ced0b8ecbd9e8ab6ebdb86ec" }, "Digest": "sha1:019d37b9326daf6a7a7840ec5957b7a65c79ccac", "InstalledFiles": [ "usr/lib/liblzma.so.5", "usr/lib/liblzma.so.5.6.3" ], "AnalyzedBy": "apk" }, { "ID": "zlib@1.3.1-r2", "Name": "zlib", "Identifier": { "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.21.3", "UID": "3b545badcbeb3bc0" }, "Version": "1.3.1-r2", "Arch": "x86_64", "SrcName": "zlib", "SrcVersion": "1.3.1-r2", "Licenses": [ "Zlib" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "Digest": "sha1:f0b90f76367ac51b4a3e70432ed00e6dca6a7432", "InstalledFiles": [ "usr/lib/libz.so.1", "usr/lib/libz.so.1.3.1" ], "AnalyzedBy": "apk" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2024-58251", "PkgID": "busybox@1.37.0-r12", "PkgName": "busybox", "PkgIdentifier": { "PURL": "pkg:apk/alpine/busybox@1.37.0-r12?arch=x86_64\u0026distro=3.21.3", "UID": "40c5c5c69a5100e0" }, "InstalledVersion": "1.37.0-r12", "FixedVersion": "1.37.0-r14", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:a0458d901fae4b6a2a76979084dafa0d12d59231d36316171ba8a092cf60fd11", "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", "Severity": "MEDIUM", "CweIDs": [ "CWE-150" ], "VendorSeverity": { "ubuntu": 2 }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/23/6", "https://bugs.busybox.net/show_bug.cgi?id=15922", "https://www.busybox.net", "https://www.busybox.net/downloads/", "https://www.cve.org/CVERecord?id=CVE-2024-58251" ], "PublishedDate": "2025-04-23T18:16:03.057Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-58251", "PkgID": "busybox-binsh@1.37.0-r12", "PkgName": "busybox-binsh", "PkgIdentifier": { "PURL": "pkg:apk/alpine/busybox-binsh@1.37.0-r12?arch=x86_64\u0026distro=3.21.3", "UID": "f727574eea8e47ea" }, "InstalledVersion": "1.37.0-r12", "FixedVersion": "1.37.0-r14", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:222146df23314a2464ebfa26b270d329ec1c846607c8cbaa73d794a3b1a2791e", "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", "Severity": "MEDIUM", "CweIDs": [ "CWE-150" ], "VendorSeverity": { "ubuntu": 2 }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/23/6", "https://bugs.busybox.net/show_bug.cgi?id=15922", "https://www.busybox.net", "https://www.busybox.net/downloads/", "https://www.cve.org/CVERecord?id=CVE-2024-58251" ], "PublishedDate": "2025-04-23T18:16:03.057Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2026-31789", "PkgID": "libcrypto3@3.3.3-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "b6dee14d788cd234" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31789", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:1209cc92f8efdcd1dd605779863f663bdbdb072f0b82582f763f5f8dc80d53e8", "Title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing", "Description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "CRITICAL", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "azure": 2, "nvd": 4, "photon": 4, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", "V3Score": 5.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31789", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-j79m-9jxq-788r", "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-31789", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.617Z", "LastModifiedDate": "2026-05-12T13:17:34.57Z" }, { "VulnerabilityID": "CVE-2025-15467", "PkgID": "libcrypto3@3.3.3-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "b6dee14d788cd234" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15467", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:0c76034b883105d916a5a54aa9f6301b760dd5847a793ef16ae8d7648f02740f", "Title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing", "Description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 4, "julia": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 8.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/27/10", "http://www.openwall.com/lists/oss-security/2026/02/25/6", "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-15467", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-wvhq-3h88-rf6g", "https://github.com/guiimoraes/CVE-2025-15467", "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://linux.oracle.com/cve/CVE-2025-15467.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://www.cve.org/CVERecord?id=CVE-2025-15467" ], "PublishedDate": "2026-01-27T16:16:14.257Z", "LastModifiedDate": "2026-05-07T18:12:43.253Z" }, { "VulnerabilityID": "CVE-2025-69421", "PkgID": "libcrypto3@3.3.3-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "b6dee14d788cd234" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69421", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:1d9f4579f17b13132b92ce49d26cd08c7dd47152283daf1da8f2058b50c90522", "Title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing", "Description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "cbl-mariner": 2, "julia": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 1, "rocky": 3, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-69421", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-w9rv-xc8m-cmqp", "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://linux.oracle.com/cve/CVE-2025-69421.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69421" ], "PublishedDate": "2026-01-27T16:16:34.437Z", "LastModifiedDate": "2026-05-12T13:17:26.71Z" }, { "VulnerabilityID": "CVE-2026-28387", "PkgID": "libcrypto3@3.3.3-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "b6dee14d788cd234" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28387", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:5156b868850ff189c0bc1ee51dc02f628313115b6470ea507f47db3deadabb11", "Title": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication", "Description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as 'unusable' any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28387", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b", "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe", "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3", "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7", "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177", "https://nvd.nist.gov/vuln/detail/CVE-2026-28387", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28387", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:20.7Z", "LastModifiedDate": "2026-05-12T13:17:33.27Z" }, { "VulnerabilityID": "CVE-2026-28388", "PkgID": "libcrypto3@3.3.3-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "b6dee14d788cd234" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28388", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:57ca1c7ea5e673f9df60010f7d6b9098eea1710c84a0735b83eb98110e0e0973", "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing", "Description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28388", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28388", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:20.863Z", "LastModifiedDate": "2026-05-12T13:17:33.453Z" }, { "VulnerabilityID": "CVE-2026-28389", "PkgID": "libcrypto3@3.3.3-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "b6dee14d788cd234" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28389", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:ec294a5bdaa5caa7bc7809b5df710bae47786bbe8ecdb92d4fa5d72ec823910b", "Title": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing", "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28389", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/advisories/GHSA-7x88-9hgc-69gf", "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28389", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.03Z", "LastModifiedDate": "2026-05-12T13:17:33.637Z" }, { "VulnerabilityID": "CVE-2026-28390", "PkgID": "libcrypto3@3.3.3-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "b6dee14d788cd234" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28390", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:3c2817e1b80590491a31f1d58e5e542ec4772263b5638bd897cde01eacd5dfc6", "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing", "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28390", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", "https://nvd.nist.gov/vuln/detail/CVE-2026-28390", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28390", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.19Z", "LastModifiedDate": "2026-05-12T13:17:33.81Z" }, { "VulnerabilityID": "CVE-2025-69419", "PkgID": "libcrypto3@3.3.3-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "b6dee14d788cd234" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69419", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:135413c7598c5fb196ac3699f5f16a43843afeee939c9050bb977e8b2c4e370d", "Title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing", "Description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "cbl-mariner": 3, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4472", "https://access.redhat.com/security/cve/CVE-2025-69419", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-4472.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-x77r-97gw-wh89", "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", "https://linux.oracle.com/cve/CVE-2025-69419.html", "https://linux.oracle.com/errata/ELSA-2026-50131.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69419" ], "PublishedDate": "2026-01-27T16:16:34.113Z", "LastModifiedDate": "2026-05-12T13:17:26.19Z" }, { "VulnerabilityID": "CVE-2025-9230", "PkgID": "libcrypto3@3.3.3-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "b6dee14d788cd234" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:804693af6eb0bd28a7f1932c08111f752791874cf15714505f02ee94b2fe9cfb", "Title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap", "Description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125", "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "cbl-mariner": 3, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.6 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/09/30/5", "https://access.redhat.com/errata/RHSA-2026:2776", "https://access.redhat.com/security/cve/CVE-2025-9230", "https://bugzilla.redhat.com/2396054", "https://bugzilla.redhat.com/show_bug.cgi?id=2396054", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cert-portal.siemens.com/productcert/html/ssa-485750.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230", "https://errata.almalinux.org/9/ALSA-2026-2776.html", "https://errata.rockylinux.org/RLSA-2025:21255", "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", "https://linux.oracle.com/cve/CVE-2025-9230.html", "https://linux.oracle.com/errata/ELSA-2026-50114.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "https://openssl-library.org/news/secadv/20250930.txt", "https://ubuntu.com/security/notices/USN-7786-1", "https://www.cve.org/CVERecord?id=CVE-2025-9230" ], "PublishedDate": "2025-09-30T14:15:41.05Z", "LastModifiedDate": "2026-05-12T13:17:29.767Z" }, { "VulnerabilityID": "CVE-2025-9231", "PkgID": "libcrypto3@3.3.3-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "b6dee14d788cd234" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:f01c3b2dc3e1c8a4106165b1b6c72d696d627e42fc133ef2a39fa6dbed8a9a92", "Title": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", "Description": "Issue summary: A timing side-channel which could potentially allow remote\nrecovery of the private key exists in the SM2 algorithm implementation on 64 bit\nARM platforms.\n\nImpact summary: A timing side-channel in SM2 signature computations on 64 bit\nARM platforms could allow recovering the private key by an attacker..\n\nWhile remote key recovery over a network was not attempted by the reporter,\ntiming measurements revealed a timing signal which may allow such an attack.\n\nOpenSSL does not directly support certificates with SM2 keys in TLS, and so\nthis CVE is not relevant in most TLS contexts. However, given that it is\npossible to add support for such certificates via a custom provider, coupled\nwith the fact that in such a custom provider context the private key may be\nrecoverable via remote timing measurements, we consider this to be a Moderate\nseverity issue.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as SM2 is not an approved algorithm.", "Severity": "MEDIUM", "CweIDs": [ "CWE-385" ], "VendorSeverity": { "amazon": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/09/30/5", "http://www.openwall.com/lists/oss-security/2026/05/11/11", "https://access.redhat.com/security/cve/CVE-2025-9231", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", "https://github.com/advisories/GHSA-9mrx-mqmg-gwj9", "https://github.com/openssl/openssl/commit/567f64386e43683888212226824b6a179885a0fe", "https://github.com/openssl/openssl/commit/cba616c26ac8e7b37de5e77762e505ba5ca51698", "https://github.com/openssl/openssl/commit/eed5adc9f969d77c94f213767acbb41ff923b6f4", "https://github.com/openssl/openssl/commit/fc47a2ec078912b3e914fab5734535e76c4820c2", "https://nvd.nist.gov/vuln/detail/CVE-2025-9231", "https://openssl-library.org/news/secadv/20250930.txt", "https://ubuntu.com/security/notices/USN-7786-1", "https://www.cve.org/CVERecord?id=CVE-2025-9231" ], "PublishedDate": "2025-09-30T14:15:41.19Z", "LastModifiedDate": "2026-05-12T13:17:29.927Z" }, { "VulnerabilityID": "CVE-2026-31790", "PkgID": "libcrypto3@3.3.3-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "b6dee14d788cd234" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31790", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:ab8f86d8cc2c238019e30550e11e47df84bbac53617e39fe70a6df96063f2d55", "Title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key", "Description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-754" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31790", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-vgxx-5xj5-q97x", "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-31790", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.77Z", "LastModifiedDate": "2026-05-12T13:17:34.75Z" }, { "VulnerabilityID": "CVE-2026-31789", "PkgID": "libssl3@3.3.3-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "c19c85db06279baa" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31789", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:c96d8cf77af4d42752d33521ed3a9ab66e68a4ffc7c972977dc25593da3dab80", "Title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing", "Description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "CRITICAL", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "azure": 2, "nvd": 4, "photon": 4, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", "V3Score": 5.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31789", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-j79m-9jxq-788r", "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-31789", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.617Z", "LastModifiedDate": "2026-05-12T13:17:34.57Z" }, { "VulnerabilityID": "CVE-2025-15467", "PkgID": "libssl3@3.3.3-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "c19c85db06279baa" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15467", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:489033601741ae62fdf154af8696b85c772b6c6dffddc8af61aa734711a7a0e4", "Title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing", "Description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 4, "julia": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 8.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/27/10", "http://www.openwall.com/lists/oss-security/2026/02/25/6", "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-15467", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-wvhq-3h88-rf6g", "https://github.com/guiimoraes/CVE-2025-15467", "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://linux.oracle.com/cve/CVE-2025-15467.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://www.cve.org/CVERecord?id=CVE-2025-15467" ], "PublishedDate": "2026-01-27T16:16:14.257Z", "LastModifiedDate": "2026-05-07T18:12:43.253Z" }, { "VulnerabilityID": "CVE-2025-69421", "PkgID": "libssl3@3.3.3-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "c19c85db06279baa" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69421", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:ce3558d19cdb2dacfa039a8dd0f9d9b6c8dbd6fa15cf12b77f82cc19666e84ea", "Title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing", "Description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "cbl-mariner": 2, "julia": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 1, "rocky": 3, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-69421", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-w9rv-xc8m-cmqp", "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://linux.oracle.com/cve/CVE-2025-69421.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69421" ], "PublishedDate": "2026-01-27T16:16:34.437Z", "LastModifiedDate": "2026-05-12T13:17:26.71Z" }, { "VulnerabilityID": "CVE-2026-28387", "PkgID": "libssl3@3.3.3-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "c19c85db06279baa" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28387", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:864f75b6117202ee3fee8ae6359b2d3e47c4c4ec308fd21f835ba814e53203d8", "Title": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication", "Description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as 'unusable' any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28387", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b", "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe", "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3", "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7", "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177", "https://nvd.nist.gov/vuln/detail/CVE-2026-28387", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28387", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:20.7Z", "LastModifiedDate": "2026-05-12T13:17:33.27Z" }, { "VulnerabilityID": "CVE-2026-28388", "PkgID": "libssl3@3.3.3-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "c19c85db06279baa" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28388", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:a46dd1cf5aa7ab50ea850118d23f13fdd4d977e288e8c00e7c664e366a66a24a", "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing", "Description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28388", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28388", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:20.863Z", "LastModifiedDate": "2026-05-12T13:17:33.453Z" }, { "VulnerabilityID": "CVE-2026-28389", "PkgID": "libssl3@3.3.3-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "c19c85db06279baa" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28389", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:fdc4eadc9c91279c0213cf32c0c0eccf8e33a170f8be4912f7a9d41c4b177fd9", "Title": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing", "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28389", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/advisories/GHSA-7x88-9hgc-69gf", "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28389", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.03Z", "LastModifiedDate": "2026-05-12T13:17:33.637Z" }, { "VulnerabilityID": "CVE-2026-28390", "PkgID": "libssl3@3.3.3-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "c19c85db06279baa" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28390", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:497935cc7ea57607a4b81a788419296c5871ec2b0e2557b1354f70437dac9071", "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing", "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28390", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", "https://nvd.nist.gov/vuln/detail/CVE-2026-28390", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28390", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.19Z", "LastModifiedDate": "2026-05-12T13:17:33.81Z" }, { "VulnerabilityID": "CVE-2025-69419", "PkgID": "libssl3@3.3.3-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "c19c85db06279baa" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69419", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:e92d583b215d51d88593f90309eea7b22b43d86c54839079c5c82f39ad10a192", "Title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing", "Description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "cbl-mariner": 3, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4472", "https://access.redhat.com/security/cve/CVE-2025-69419", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-4472.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-x77r-97gw-wh89", "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", "https://linux.oracle.com/cve/CVE-2025-69419.html", "https://linux.oracle.com/errata/ELSA-2026-50131.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69419" ], "PublishedDate": "2026-01-27T16:16:34.113Z", "LastModifiedDate": "2026-05-12T13:17:26.19Z" }, { "VulnerabilityID": "CVE-2025-9230", "PkgID": "libssl3@3.3.3-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "c19c85db06279baa" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:5ec23fd3f582fef3ce2ab81372c3214348a08cb0c53af10c294715861303735c", "Title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap", "Description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125", "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "cbl-mariner": 3, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.6 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/09/30/5", "https://access.redhat.com/errata/RHSA-2026:2776", "https://access.redhat.com/security/cve/CVE-2025-9230", "https://bugzilla.redhat.com/2396054", "https://bugzilla.redhat.com/show_bug.cgi?id=2396054", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cert-portal.siemens.com/productcert/html/ssa-485750.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230", "https://errata.almalinux.org/9/ALSA-2026-2776.html", "https://errata.rockylinux.org/RLSA-2025:21255", "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", "https://linux.oracle.com/cve/CVE-2025-9230.html", "https://linux.oracle.com/errata/ELSA-2026-50114.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "https://openssl-library.org/news/secadv/20250930.txt", "https://ubuntu.com/security/notices/USN-7786-1", "https://www.cve.org/CVERecord?id=CVE-2025-9230" ], "PublishedDate": "2025-09-30T14:15:41.05Z", "LastModifiedDate": "2026-05-12T13:17:29.767Z" }, { "VulnerabilityID": "CVE-2025-9231", "PkgID": "libssl3@3.3.3-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "c19c85db06279baa" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:370852e3dca7772d8a2f2e4ba8cd2a4e58edb7797631085b186df1dce5579123", "Title": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", "Description": "Issue summary: A timing side-channel which could potentially allow remote\nrecovery of the private key exists in the SM2 algorithm implementation on 64 bit\nARM platforms.\n\nImpact summary: A timing side-channel in SM2 signature computations on 64 bit\nARM platforms could allow recovering the private key by an attacker..\n\nWhile remote key recovery over a network was not attempted by the reporter,\ntiming measurements revealed a timing signal which may allow such an attack.\n\nOpenSSL does not directly support certificates with SM2 keys in TLS, and so\nthis CVE is not relevant in most TLS contexts. However, given that it is\npossible to add support for such certificates via a custom provider, coupled\nwith the fact that in such a custom provider context the private key may be\nrecoverable via remote timing measurements, we consider this to be a Moderate\nseverity issue.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as SM2 is not an approved algorithm.", "Severity": "MEDIUM", "CweIDs": [ "CWE-385" ], "VendorSeverity": { "amazon": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/09/30/5", "http://www.openwall.com/lists/oss-security/2026/05/11/11", "https://access.redhat.com/security/cve/CVE-2025-9231", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", "https://github.com/advisories/GHSA-9mrx-mqmg-gwj9", "https://github.com/openssl/openssl/commit/567f64386e43683888212226824b6a179885a0fe", "https://github.com/openssl/openssl/commit/cba616c26ac8e7b37de5e77762e505ba5ca51698", "https://github.com/openssl/openssl/commit/eed5adc9f969d77c94f213767acbb41ff923b6f4", "https://github.com/openssl/openssl/commit/fc47a2ec078912b3e914fab5734535e76c4820c2", "https://nvd.nist.gov/vuln/detail/CVE-2025-9231", "https://openssl-library.org/news/secadv/20250930.txt", "https://ubuntu.com/security/notices/USN-7786-1", "https://www.cve.org/CVERecord?id=CVE-2025-9231" ], "PublishedDate": "2025-09-30T14:15:41.19Z", "LastModifiedDate": "2026-05-12T13:17:29.927Z" }, { "VulnerabilityID": "CVE-2026-31790", "PkgID": "libssl3@3.3.3-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "c19c85db06279baa" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31790", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:fefbcc47b1be4b87d3f9961108b74698b189a1ed15a7243643101b25376a3ca8", "Title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key", "Description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-754" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31790", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-vgxx-5xj5-q97x", "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-31790", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.77Z", "LastModifiedDate": "2026-05-12T13:17:34.75Z" }, { "VulnerabilityID": "CVE-2026-40200", "PkgID": "musl@1.2.5-r9", "PkgName": "musl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl@1.2.5-r9?arch=x86_64\u0026distro=3.21.3", "UID": "d0316c4ab0862e6b" }, "InstalledVersion": "1.2.5-r9", "FixedVersion": "1.2.5-r11", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40200", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:0ff0cd2b52130fc08a0c2697bff157d1000ba68210e1176812fef74a2fb4ae51", "Title": "musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort", "Description": "An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).", "Severity": "HIGH", "CweIDs": [ "CWE-670" ], "VendorSeverity": { "redhat": 3 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/10/13", "https://access.redhat.com/security/cve/CVE-2026-40200", "https://musl.libc.org/releases.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-40200", "https://www.cve.org/CVERecord?id=CVE-2026-40200", "https://www.openwall.com/lists/oss-security/2026/04/10/13" ], "PublishedDate": "2026-04-10T17:17:14.107Z", "LastModifiedDate": "2026-04-27T19:18:46.69Z" }, { "VulnerabilityID": "CVE-2026-6042", "PkgID": "musl@1.2.5-r9", "PkgName": "musl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl@1.2.5-r9?arch=x86_64\u0026distro=3.21.3", "UID": "d0316c4ab0862e6b" }, "InstalledVersion": "1.2.5-r9", "FixedVersion": "1.2.5-r10", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6042", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:8a6a7e4635869c79a540d29a18398552c56be87e942981a7f408c793d5fbe3b3", "Title": "musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv", "Description": "A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.", "Severity": "MEDIUM", "CweIDs": [ "CWE-404", "CWE-407" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/09/19", "https://access.redhat.com/security/cve/CVE-2026-6042", "https://nvd.nist.gov/vuln/detail/CVE-2026-6042", "https://vuldb.com/submit/796352", "https://vuldb.com/vuln/356620", "https://vuldb.com/vuln/356620/cti", "https://www.cve.org/CVERecord?id=CVE-2026-6042", "https://www.openwall.com/lists/oss-security/2026/04/02/10", "https://www.openwall.com/lists/oss-security/2026/04/03/2" ], "PublishedDate": "2026-04-10T09:16:25.45Z", "LastModifiedDate": "2026-04-24T18:01:13.913Z" }, { "VulnerabilityID": "CVE-2026-40200", "PkgID": "musl-utils@1.2.5-r9", "PkgName": "musl-utils", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r9?arch=x86_64\u0026distro=3.21.3", "UID": "8991799c5350cf95" }, "InstalledVersion": "1.2.5-r9", "FixedVersion": "1.2.5-r11", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40200", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:ac23320a4554de5158c6732c204a0af55a7636c51328b2e3aea2a38359947fbd", "Title": "musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort", "Description": "An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).", "Severity": "HIGH", "CweIDs": [ "CWE-670" ], "VendorSeverity": { "redhat": 3 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/10/13", "https://access.redhat.com/security/cve/CVE-2026-40200", "https://musl.libc.org/releases.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-40200", "https://www.cve.org/CVERecord?id=CVE-2026-40200", "https://www.openwall.com/lists/oss-security/2026/04/10/13" ], "PublishedDate": "2026-04-10T17:17:14.107Z", "LastModifiedDate": "2026-04-27T19:18:46.69Z" }, { "VulnerabilityID": "CVE-2026-6042", "PkgID": "musl-utils@1.2.5-r9", "PkgName": "musl-utils", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r9?arch=x86_64\u0026distro=3.21.3", "UID": "8991799c5350cf95" }, "InstalledVersion": "1.2.5-r9", "FixedVersion": "1.2.5-r10", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6042", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:384b05b3dc9ce9a13198224ec8058acbb193eb8280001dea4152a22299dac431", "Title": "musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv", "Description": "A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.", "Severity": "MEDIUM", "CweIDs": [ "CWE-404", "CWE-407" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/09/19", "https://access.redhat.com/security/cve/CVE-2026-6042", "https://nvd.nist.gov/vuln/detail/CVE-2026-6042", "https://vuldb.com/submit/796352", "https://vuldb.com/vuln/356620", "https://vuldb.com/vuln/356620/cti", "https://www.cve.org/CVERecord?id=CVE-2026-6042", "https://www.openwall.com/lists/oss-security/2026/04/02/10", "https://www.openwall.com/lists/oss-security/2026/04/03/2" ], "PublishedDate": "2026-04-10T09:16:25.45Z", "LastModifiedDate": "2026-04-24T18:01:13.913Z" }, { "VulnerabilityID": "CVE-2025-3277", "PkgID": "sqlite-libs@3.48.0-r0", "PkgName": "sqlite-libs", "PkgIdentifier": { "PURL": "pkg:apk/alpine/sqlite-libs@3.48.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "97ae2c9dd021d9ff" }, "InstalledVersion": "3.48.0-r0", "FixedVersion": "3.48.0-r1", "Status": "fixed", "Layer": { "Digest": "sha256:85be7329d6c2da132d82c42a32407595e174c5d8452d99a78201e96a553f1ed0", "DiffID": "sha256:53d9c097c68dce02089ccfbac33654973e6d57f0ced0b8ecbd9e8ab6ebdb86ec" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-3277", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:5de32cb3d61878791c86a15c1d6b8294ef8c0a06101e8bdf3cef6d3f7a60a019", "Title": "SQLite: integer overflow in SQLite", "Description": "An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.", "Severity": "CRITICAL", "CweIDs": [ "CWE-122", "CWE-190" ], "VendorSeverity": { "alma": 3, "bitnami": 2, "nvd": 4, "oracle-oval": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L", "V40Score": 6.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 7.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:7433", "https://access.redhat.com/security/cve/CVE-2025-3277", "https://bugzilla.redhat.com/2358271", "https://bugzilla.redhat.com/2359553", "https://bugzilla.redhat.com/show_bug.cgi?id=2358271", "https://bugzilla.redhat.com/show_bug.cgi?id=2359553", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31498", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3277", "https://errata.almalinux.org/9/ALSA-2025-7433.html", "https://errata.rockylinux.org/RLSA-2025:7433", "https://linux.oracle.com/cve/CVE-2025-3277.html", "https://linux.oracle.com/errata/ELSA-2025-7517.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-3277", "https://sqlite.org/src/info/498e3f1cf57f164f", "https://ubuntu.com/security/notices/USN-7528-1", "https://www.cve.org/CVERecord?id=CVE-2025-3277" ], "PublishedDate": "2025-04-14T17:15:27.297Z", "LastModifiedDate": "2025-08-18T21:28:16.38Z" }, { "VulnerabilityID": "CVE-2025-6965", "PkgID": "sqlite-libs@3.48.0-r0", "PkgName": "sqlite-libs", "PkgIdentifier": { "PURL": "pkg:apk/alpine/sqlite-libs@3.48.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "97ae2c9dd021d9ff" }, "InstalledVersion": "3.48.0-r0", "FixedVersion": "3.48.0-r3", "Status": "fixed", "Layer": { "Digest": "sha256:85be7329d6c2da132d82c42a32407595e174c5d8452d99a78201e96a553f1ed0", "DiffID": "sha256:53d9c097c68dce02089ccfbac33654973e6d57f0ced0b8ecbd9e8ab6ebdb86ec" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-6965", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:6f2107e183bf919fa006fca259d0ae7ea83fc6c7bee3c3bc466fa242dca3b871", "Title": "sqlite: Integer Truncation in SQLite", "Description": "There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above.", "Severity": "CRITICAL", "CweIDs": [ "CWE-197" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 4, "oracle-oval": 3, "photon": 4, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/S:N/AU:N/R:U/V:D/RE:L/U:Green", "V40Score": 7.2 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:L", "V3Score": 7.7 } }, "References": [ "http://seclists.org/fulldisclosure/2025/Sep/49", "http://seclists.org/fulldisclosure/2025/Sep/53", "http://seclists.org/fulldisclosure/2025/Sep/56", "http://seclists.org/fulldisclosure/2025/Sep/57", "http://seclists.org/fulldisclosure/2025/Sep/58", "http://www.openwall.com/lists/oss-security/2025/09/06/1", "https://access.redhat.com/errata/RHSA-2025:20936", "https://access.redhat.com/security/cve/CVE-2025-6965", "https://bugzilla.redhat.com/2380149", "https://bugzilla.redhat.com/show_bug.cgi?id=2380149", "https://cert-portal.siemens.com/productcert/html/ssa-225816.html", "https://cert-portal.siemens.com/productcert/html/ssa-485750.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6965", "https://errata.almalinux.org/9/ALSA-2025-20936.html", "https://errata.rockylinux.org/RLSA-2025:20936", "https://linux.oracle.com/cve/CVE-2025-6965.html", "https://linux.oracle.com/errata/ELSA-2025-20936.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-6965", "https://ubuntu.com/security/notices/USN-7676-1", "https://ubuntu.com/security/notices/USN-7679-1", "https://www.cve.org/CVERecord?id=CVE-2025-6965", "https://www.oracle.com/security-alerts/cpujan2026.html#AppendixMSQL", "https://www.sqlite.org/src/info/5508b56fd24016c13981ec280ecdd833007c9d8dd595edb295b984c2b487b5c8" ], "PublishedDate": "2025-07-15T14:15:31.08Z", "LastModifiedDate": "2026-04-14T10:16:29.853Z" }, { "VulnerabilityID": "CVE-2025-29087", "PkgID": "sqlite-libs@3.48.0-r0", "PkgName": "sqlite-libs", "PkgIdentifier": { "PURL": "pkg:apk/alpine/sqlite-libs@3.48.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "97ae2c9dd021d9ff" }, "InstalledVersion": "3.48.0-r0", "FixedVersion": "3.48.0-r1", "Status": "fixed", "Layer": { "Digest": "sha256:85be7329d6c2da132d82c42a32407595e174c5d8452d99a78201e96a553f1ed0", "DiffID": "sha256:53d9c097c68dce02089ccfbac33654973e6d57f0ced0b8ecbd9e8ab6ebdb86ec" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-29087", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:4643b8f19c0c1d4941159bb044cfa95b3d4c5df7ca4a2276bfed8933adb8e9c1", "Title": "sqlite: Integer Overflow in SQLite concat_ws Function", "Description": "In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string (e.g., 2MB or more), an integer overflow occurs in calculating the size of the result buffer, and thus malloc may not allocate enough memory.", "Severity": "HIGH", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "bitnami": 3, "nvd": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-29087", "https://gist.github.com/ylwango613/a44a29f1ef074fa783e29f04a0afd62a", "https://nvd.nist.gov/vuln/detail/CVE-2025-29087", "https://sqlite.org/releaselog/3_49_1.html", "https://sqlite.org/src/info/498e3f1cf57f164f", "https://ubuntu.com/security/notices/USN-7528-1", "https://www.cve.org/CVERecord?id=CVE-2025-29087", "https://www.sqlite.org/cves.html" ], "PublishedDate": "2025-04-07T20:15:20.253Z", "LastModifiedDate": "2025-04-30T12:43:22.31Z" }, { "VulnerabilityID": "CVE-2025-29088", "PkgID": "sqlite-libs@3.48.0-r0", "PkgName": "sqlite-libs", "PkgIdentifier": { "PURL": "pkg:apk/alpine/sqlite-libs@3.48.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "97ae2c9dd021d9ff" }, "InstalledVersion": "3.48.0-r0", "FixedVersion": "3.48.0-r4", "Status": "fixed", "Layer": { "Digest": "sha256:85be7329d6c2da132d82c42a32407595e174c5d8452d99a78201e96a553f1ed0", "DiffID": "sha256:53d9c097c68dce02089ccfbac33654973e6d57f0ced0b8ecbd9e8ab6ebdb86ec" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-29088", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:4f08b21186bd429cb332a5b7bf4029ace16f81911c8e1ae85b68844f5fe3eec2", "Title": "sqlite: Denial of Service in SQLite", "Description": "In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect.", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-29088", "https://gist.github.com/ylwango613/d3883fb9f6ba8a78086356779ce88248", "https://github.com/sqlite/sqlite/commit/56d2fd008b108109f489339f5fd55212bb50afd4", "https://nvd.nist.gov/vuln/detail/CVE-2025-29088", "https://sqlite.org/forum/forumpost/48f365daec", "https://sqlite.org/releaselog/3_49_1.html", "https://ubuntu.com/security/notices/USN-7528-1", "https://ubuntu.com/security/notices/USN-7679-1", "https://www.cve.org/CVERecord?id=CVE-2025-29088", "https://www.sqlite.org/cves.html" ], "PublishedDate": "2025-04-10T14:15:27.163Z", "LastModifiedDate": "2025-09-30T16:59:27.32Z" }, { "VulnerabilityID": "CVE-2024-58251", "PkgID": "ssl_client@1.37.0-r12", "PkgName": "ssl_client", "PkgIdentifier": { "PURL": "pkg:apk/alpine/ssl_client@1.37.0-r12?arch=x86_64\u0026distro=3.21.3", "UID": "7637191a09ed06b3" }, "InstalledVersion": "1.37.0-r12", "FixedVersion": "1.37.0-r14", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:0c9ae8d3b74899aa31cf60a6f820663f5940dd6aa69006c8d14ce43e40982904", "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", "Severity": "MEDIUM", "CweIDs": [ "CWE-150" ], "VendorSeverity": { "ubuntu": 2 }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/23/6", "https://bugs.busybox.net/show_bug.cgi?id=15922", "https://www.busybox.net", "https://www.busybox.net/downloads/", "https://www.cve.org/CVERecord?id=CVE-2024-58251" ], "PublishedDate": "2025-04-23T18:16:03.057Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-31115", "PkgID": "xz-libs@5.6.3-r0", "PkgName": "xz-libs", "PkgIdentifier": { "PURL": "pkg:apk/alpine/xz-libs@5.6.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "458a272f25e033f6" }, "InstalledVersion": "5.6.3-r0", "FixedVersion": "5.6.3-r1", "Status": "fixed", "Layer": { "Digest": "sha256:85be7329d6c2da132d82c42a32407595e174c5d8452d99a78201e96a553f1ed0", "DiffID": "sha256:53d9c097c68dce02089ccfbac33654973e6d57f0ced0b8ecbd9e8ab6ebdb86ec" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-31115", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:89e3500de9e2ccf2b4838ff86c4e02b10b473ece2dbfbee71d5008487c57ecf6", "Title": "xz: XZ has a heap-use-after-free bug in threaded .xz decoder", "Description": "XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on the null pointer plus an offset. Applications and libraries that use the lzma_stream_decoder_mt function are affected. The bug has been fixed in XZ Utils 5.8.1, and the fix has been committed to the v5.4, v5.6, v5.8, and master branches in the xz Git repository. No new release packages will be made from the old stable branches, but a standalone patch is available that applies to all affected releases.", "Severity": "HIGH", "CweIDs": [ "CWE-366", "CWE-416", "CWE-476", "CWE-826" ], "VendorSeverity": { "azure": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/03/1", "http://www.openwall.com/lists/oss-security/2025/04/03/2", "http://www.openwall.com/lists/oss-security/2025/04/03/3", "https://access.redhat.com/security/cve/CVE-2025-31115", "https://bugzilla.redhat.com/show_bug.cgi?id=2357249", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31115", "https://errata.rockylinux.org/RLSA-2025:7524", "https://github.com/tukaani-project/xz/commit/d5a2ffe41bb77b918a8c96084885d4dbe4bf6480", "https://github.com/tukaani-project/xz/security/advisories/GHSA-6cc8-p5mm-29w2", "https://linux.oracle.com/cve/CVE-2025-31115.html", "https://linux.oracle.com/errata/ELSA-2025-7524.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-31115", "https://tukaani.org/xz/xz-cve-2025-31115.patch", "https://ubuntu.com/security/notices/USN-7414-1", "https://www.cve.org/CVERecord?id=CVE-2025-31115" ], "PublishedDate": "2025-04-03T17:15:30.54Z", "LastModifiedDate": "2026-05-12T13:16:40.627Z" }, { "VulnerabilityID": "CVE-2026-34743", "PkgID": "xz-libs@5.6.3-r0", "PkgName": "xz-libs", "PkgIdentifier": { "PURL": "pkg:apk/alpine/xz-libs@5.6.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "458a272f25e033f6" }, "InstalledVersion": "5.6.3-r0", "FixedVersion": "5.8.3-r0", "Status": "fixed", "Layer": { "Digest": "sha256:85be7329d6c2da132d82c42a32407595e174c5d8452d99a78201e96a553f1ed0", "DiffID": "sha256:53d9c097c68dce02089ccfbac33654973e6d57f0ced0b8ecbd9e8ab6ebdb86ec" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34743", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:918d09a184dac74cd581d51736ab53e4917274818f596f4acb14cb9096f6ab14", "Title": "xz: XZ Utils: Denial of Service via buffer overflow in index decoding", "Description": "XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.", "Severity": "MEDIUM", "CweIDs": [ "CWE-122" ], "VendorSeverity": { "azure": 1, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/31/13", "https://access.redhat.com/security/cve/CVE-2026-34743", "https://github.com/tukaani-project/xz/commit/c8c22869e780ff57c96b46939c3d79ff99395f87", "https://github.com/tukaani-project/xz/releases/tag/v5.8.3", "https://github.com/tukaani-project/xz/security/advisories/GHSA-x872-m794-cxhv", "https://nvd.nist.gov/vuln/detail/CVE-2026-34743", "https://www.cve.org/CVERecord?id=CVE-2026-34743" ], "PublishedDate": "2026-04-02T19:21:33.187Z", "LastModifiedDate": "2026-04-15T17:33:17.68Z" }, { "VulnerabilityID": "CVE-2026-22184", "PkgID": "zlib@1.3.1-r2", "PkgName": "zlib", "PkgIdentifier": { "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.21.3", "UID": "3b545badcbeb3bc0" }, "InstalledVersion": "1.3.1-r2", "FixedVersion": "1.3.2-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22184", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:9f702687f01702eb3c4037d2ef2feba1f30390b4bf1c049965687f3a79827df5", "Title": "zlib: zlib: Arbitrary code execution via buffer overflow in untgz utility", "Description": "zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "nvd": 3, "redhat": 3 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "V3Score": 8.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-22184", "https://github.com/madler/zlib", "https://github.com/madler/zlib/issues/1142", "https://nvd.nist.gov/vuln/detail/CVE-2026-22184", "https://seclists.org/fulldisclosure/2026/Jan/3", "https://www.cve.org/CVERecord?id=CVE-2026-22184", "https://www.vulncheck.com/advisories/zlib-untgz-global-buffer-overflow-in-tgzfname", "https://zlib.net/" ], "PublishedDate": "2026-01-07T21:16:01.563Z", "LastModifiedDate": "2026-03-18T16:26:31.14Z" }, { "VulnerabilityID": "CVE-2026-27171", "PkgID": "zlib@1.3.1-r2", "PkgName": "zlib", "PkgIdentifier": { "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.21.3", "UID": "3b545badcbeb3bc0" }, "InstalledVersion": "1.3.1-r2", "FixedVersion": "1.3.2-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27171", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:41846e162e0062d6ee68fa53fea06f95747e5fd6905d8e8c285356280e8258a5", "Title": "zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions", "Description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", "Severity": "MEDIUM", "CweIDs": [ "CWE-1284" ], "VendorSeverity": { "amazon": 1, "azure": 1, "cbl-mariner": 1, "julia": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 2.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit", "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", "https://access.redhat.com/security/cve/CVE-2026-27171", "https://github.com/advisories/GHSA-h858-mf2m-8jf4", "https://github.com/madler/zlib/issues/904", "https://github.com/madler/zlib/releases/tag/v1.3.2", "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", "https://ostif.org/zlib-audit-complete", "https://ostif.org/zlib-audit-complete/", "https://www.cve.org/CVERecord?id=CVE-2026-27171" ], "PublishedDate": "2026-02-18T04:16:01.263Z", "LastModifiedDate": "2026-03-25T21:27:04.603Z" } ] }, { "Target": "Python", "Class": "lang-pkgs", "Type": "python-pkg", "Packages": [ { "Name": "getmail6", "Identifier": { "PURL": "pkg:pypi/getmail6@6.19.7", "UID": "e4cf6543a6f1887d" }, "Version": "6.19.7", "Licenses": [ "GPL-3.0-or-later" ], "Layer": { "Digest": "sha256:16187402cb9a1bccb565c982711f2820af4c7b251fe2423259d89201e8ddee37", "DiffID": "sha256:5a0c627364d9c793e24415c0a8512b7cb3363c16b64ab74be957050e6a4ee616" }, "FilePath": "usr/local/lib/python3.13/site-packages/getmail6-6.19.7.dist-info/METADATA", "AnalyzedBy": "python-pkg" }, { "Name": "pip", "Identifier": { "PURL": "pkg:pypi/pip@24.3.1", "UID": "4f58503391f310a" }, "Version": "24.3.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:85be7329d6c2da132d82c42a32407595e174c5d8452d99a78201e96a553f1ed0", "DiffID": "sha256:53d9c097c68dce02089ccfbac33654973e6d57f0ced0b8ecbd9e8ab6ebdb86ec" }, "FilePath": "usr/local/lib/python3.13/site-packages/pip-24.3.1.dist-info/METADATA", "AnalyzedBy": "python-pkg" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2025-8869", "VendorIDs": [ "GHSA-4xh5-x5gv-qwph" ], "PkgName": "pip", "PkgPath": "usr/local/lib/python3.13/site-packages/pip-24.3.1.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/pip@24.3.1", "UID": "4f58503391f310a" }, "InstalledVersion": "24.3.1", "FixedVersion": "25.3", "Status": "fixed", "Layer": { "Digest": "sha256:85be7329d6c2da132d82c42a32407595e174c5d8452d99a78201e96a553f1ed0", "DiffID": "sha256:53d9c097c68dce02089ccfbac33654973e6d57f0ced0b8ecbd9e8ab6ebdb86ec" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8869", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:14b39f9a4a84ce18006c35848183075ad4edfc10d082801f8a2a7382a0ba21db", "Title": "pip: pip missing checks on symbolic link extraction", "Description": "When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706.\nNote that upgrading pip to a \"fixed\" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python version that implements PEP 706.\n\nNote that this is a vulnerability in pip's fallback implementation of tar extraction for Python versions that don't implement PEP 706\nand therefore are not secure to all vulnerabilities in the Python 'tarfile' module. If you're using a Python version that implements PEP 706\nthen pip doesn't use the \"vulnerable\" fallback code.\n\nMitigations include upgrading to a version of pip that includes the fix, upgrading to a Python version that implements PEP 706 (Python \u003e=3.9.17, \u003e=3.10.12, \u003e=3.11.4, or \u003e=3.12),\napplying the linked patch, or inspecting source distributions (sdists) before installation as is already a best-practice.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 2, "azure": 2, "ghsa": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "V40Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-8869", "https://github.com/pypa/pip", "https://github.com/pypa/pip/commit/f2b92314da012b9fffa36b3f3e67748a37ef464a", "https://github.com/pypa/pip/pull/13550", "https://lists.debian.org/debian-lts-announce/2025/10/msg00028.html", "https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN", "https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN/", "https://nvd.nist.gov/vuln/detail/CVE-2025-8869", "https://pip.pypa.io/en/stable/news/#v25-2", "https://www.cve.org/CVERecord?id=CVE-2025-8869" ], "PublishedDate": "2025-09-24T15:15:41.293Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2026-3219", "VendorIDs": [ "GHSA-58qw-9mgm-455v" ], "PkgName": "pip", "PkgPath": "usr/local/lib/python3.13/site-packages/pip-24.3.1.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/pip@24.3.1", "UID": "4f58503391f310a" }, "InstalledVersion": "24.3.1", "FixedVersion": "26.1", "Status": "fixed", "Layer": { "Digest": "sha256:85be7329d6c2da132d82c42a32407595e174c5d8452d99a78201e96a553f1ed0", "DiffID": "sha256:53d9c097c68dce02089ccfbac33654973e6d57f0ced0b8ecbd9e8ab6ebdb86ec" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3219", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:27d65b16c989876a57236f140f47280032bf2ea1eb32623ebe46c2d5f0ba8be8", "Title": "pip: pip: Incorrect file installation due to improper archive handling", "Description": "pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing \"incorrect\" files according to the filename of the archive. New behavior only proceeds with installation if the file identifies uniquely as a ZIP or tar archive, not as both.", "Severity": "MEDIUM", "CweIDs": [ "CWE-434" ], "VendorSeverity": { "amazon": 3, "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "V40Score": 4.6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "V3Score": 5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/20/8", "https://access.redhat.com/security/cve/CVE-2026-3219", "https://github.com/pypa/pip", "https://github.com/pypa/pip/issues/13867", "https://github.com/pypa/pip/pull/13870", "https://mail.python.org/archives/list/security-announce@python.org/thread/QAJ5JIVWWCAJ4EZL2FP5MOOW35JS7LRJ", "https://mail.python.org/archives/list/security-announce@python.org/thread/QAJ5JIVWWCAJ4EZL2FP5MOOW35JS7LRJ/", "https://nvd.nist.gov/vuln/detail/CVE-2026-3219", "https://www.cve.org/CVERecord?id=CVE-2026-3219" ], "PublishedDate": "2026-04-20T16:16:45.43Z", "LastModifiedDate": "2026-04-20T21:16:36.42Z" }, { "VulnerabilityID": "CVE-2026-6357", "VendorIDs": [ "GHSA-jp4c-xjxw-mgf9" ], "PkgName": "pip", "PkgPath": "usr/local/lib/python3.13/site-packages/pip-24.3.1.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/pip@24.3.1", "UID": "4f58503391f310a" }, "InstalledVersion": "24.3.1", "FixedVersion": "26.1", "Status": "fixed", "Layer": { "Digest": "sha256:85be7329d6c2da132d82c42a32407595e174c5d8452d99a78201e96a553f1ed0", "DiffID": "sha256:53d9c097c68dce02089ccfbac33654973e6d57f0ced0b8ecbd9e8ab6ebdb86ec" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6357", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:6bc78543398c7ca5f2e2d7135006e937e32eec331374f513c8ca3556fb7a891d", "Title": "pip: pip: Arbitrary code execution or information disclosure via malicious wheel package installation", "Description": "pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run before wheels are installed to prevent newly-installed modules from being imported shortly after the installation of a wheel package. Users should still review package contents prior to installation.", "Severity": "MEDIUM", "CweIDs": [ "CWE-829" ], "VendorSeverity": { "amazon": 3, "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N", "V40Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", "V3Score": 5.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/27/7", "https://access.redhat.com/security/cve/CVE-2026-6357", "https://github.com/pypa/pip", "https://github.com/pypa/pip/commit/b369bfc96cc524e00c267e1693290e6599c36bad", "https://github.com/pypa/pip/pull/13923", "https://ichard26.github.io/blog/2026/04/whats-new-in-pip-26.1/#security-fixes", "https://nvd.nist.gov/vuln/detail/CVE-2026-6357", "https://www.cve.org/CVERecord?id=CVE-2026-6357" ], "PublishedDate": "2026-04-27T15:16:20.857Z", "LastModifiedDate": "2026-04-27T23:16:03.533Z" } ] } ] }, { "Namespace": "mail", "Kind": "Deployment", "Name": "postfix", "Metadata": [ { "Size": 41336320, "OS": { "Family": "alpine", "Name": "3.16.9", "EOSL": true }, "ImageID": "sha256:bc3edcf153d2587e3f50d51bfffb7a9440f07307fdd61414039b9b9f1abe88b4", "DiffIDs": [ "sha256:5535fda0356bb3eff348b2f618314a47946d7ccfbeb880b3fc910dd7375ae140", "sha256:89966969e962d445de150b51cadd76146c16c0eab5e9de66efb53c2d4c96d5a2", "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d", "sha256:8601cf25f595362b38b93073b0c1bca028cd045d7e306dc535060c56e5cd89b8", "sha256:afcbd1cbb5b8884fa0f936b7ff152814bf17f5df59124d41694b7eeda23ff951", "sha256:89990f9ab1ef99727683c3b051ac440074020f2549a6d2ff2cad2c1477134c03", "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef", "sha256:71e530aa3847093ac9fcc703f6fc3c80c6437c86634d6ec5c2e39aa13498770a" ], "RepoTags": [ "tozd/postfix:alpine-316" ], "RepoDigests": [ "tozd/postfix@sha256:e7d9d903191508713f6f76d843c161b79bc59d637f1a9c76bfa5e8aee5ca061b" ], "Reference": "tozd/postfix:alpine-316", "ImageConfig": { "architecture": "amd64", "created": "2026-05-21T17:47:40.685528631Z", "history": [ { "created": "2024-01-27T00:31:09.42422573Z", "created_by": "/bin/sh -c #(nop) ADD file:b308dfeecaa300a430b4e65e312a48eb5f191df7754e93ff4e7b2d04016b3ca7 in / " }, { "created": "2024-01-27T00:31:09.532912003Z", "created_by": "/bin/sh -c #(nop) CMD [\"/bin/sh\"]", "empty_layer": true }, { "created": "2026-04-22T19:49:11.533222902Z", "created_by": "RUN /bin/sh -c apk update \u0026\u0026 apk upgrade \u0026\u0026 apk add sudo file bash \u0026\u0026 apk add cmake make musl-dev gcc gettext-dev libintl \u0026\u0026 wget https://gitlab.com/rilian-la-te/musl-locales/-/archive/1101fb2bcdd189cd9415b8bd1c775eb43527d25c/musl-locales-1101fb2bcdd189cd9415b8bd1c775eb43527d25c.tar.gz \u0026\u0026 tar -xzf musl-locales-*.tar.gz \u0026\u0026 cd musl-locales-* \u0026\u0026 cmake -D LOCALE_PROFILE=OFF -D CMAKE_INSTALL_PREFIX:PATH=/usr . \u0026\u0026 make \u0026\u0026 make install \u0026\u0026 cd .. \u0026\u0026 rm -rf musl-locales-* musl-locales-*.tar.gz \u0026\u0026 apk del cmake make musl-dev gcc gettext-dev \u0026\u0026 echo 'UTC' \u003e /etc/timezone \u0026\u0026 rm -rf /var/cache/apk/* # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-04-22T19:49:11.533222902Z", "created_by": "ENV MUSL_LOCPATH=/usr/share/i18n/locales/musl", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-04-22T19:49:11.533222902Z", "created_by": "ENV LC_ALL=en_US.UTF-8", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-04-22T20:11:39.035668572Z", "created_by": "ARG TARGETARCH=amd64", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-04-22T20:11:39.035668572Z", "created_by": "RUN |1 TARGETARCH=amd64 /bin/sh -c apk add --no-cache runit tzdata \u0026\u0026 wget -O /dinit https://gitlab.com/tozd/dinit/-/releases/v0.4.0/downloads/linux-${TARGETARCH:-amd64}/dinit \u0026\u0026 chmod +x /dinit \u0026\u0026 wget -O /usr/local/bin/regex2json https://gitlab.com/tozd/regex2json/-/releases/v0.13.0/downloads/linux-${TARGETARCH:-amd64}/regex2json \u0026\u0026 chmod +x /usr/local/bin/regex2json # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-04-22T20:11:39.035668572Z", "created_by": "ENTRYPOINT [\"/dinit\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-21T17:47:39.335380745Z", "created_by": "EXPOSE [25/tcp 465/tcp 587/tcp]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-21T17:47:39.335380745Z", "created_by": "VOLUME [/var/log/postfix]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-21T17:47:39.335380745Z", "created_by": "VOLUME [/var/spool/postfix]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-21T17:47:39.335380745Z", "created_by": "ENV MAILNAME=mail.example.com", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-21T17:47:39.335380745Z", "created_by": "ENV MY_NETWORKS=172.17.0.0/16 127.0.0.0/8", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-21T17:47:39.335380745Z", "created_by": "ENV MY_DESTINATION=localhost.localdomain, localhost", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-21T17:47:39.335380745Z", "created_by": "ENV ROOT_ALIAS=admin@example.com", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-21T17:47:39.335380745Z", "created_by": "ENV LOG_TO_STDOUT=0", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-21T17:47:39.335380745Z", "created_by": "COPY ./etc/aliases /etc/aliases # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-05-21T17:47:40.345088922Z", "created_by": "RUN /bin/sh -c apk add --no-cache postfix postfix-pcre # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-05-21T17:47:40.571710368Z", "created_by": "RUN /bin/sh -c postconf -e mydestination=\"localhost.localdomain, localhost\" \u0026\u0026 postconf -e smtpd_banner='$myhostname ESMTP $mail_name' \u0026\u0026 postconf -# myhostname \u0026\u0026 postconf -e inet_protocols=ipv4 # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-05-21T17:47:40.571710368Z", "created_by": "ENV POSTFIX_PATH=/usr/libexec/postfix/master", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-21T17:47:40.643464993Z", "created_by": "COPY ./etc/aliases /etc/aliases # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-05-21T17:47:40.685528631Z", "created_by": "COPY ./etc/service/postfix /etc/service/postfix # buildkit", "comment": "buildkit.dockerfile.v0" } ], "os": "linux", "rootfs": { "type": "layers", "diff_ids": [ "sha256:5535fda0356bb3eff348b2f618314a47946d7ccfbeb880b3fc910dd7375ae140", "sha256:89966969e962d445de150b51cadd76146c16c0eab5e9de66efb53c2d4c96d5a2", "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d", "sha256:8601cf25f595362b38b93073b0c1bca028cd045d7e306dc535060c56e5cd89b8", "sha256:afcbd1cbb5b8884fa0f936b7ff152814bf17f5df59124d41694b7eeda23ff951", "sha256:89990f9ab1ef99727683c3b051ac440074020f2549a6d2ff2cad2c1477134c03", "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef", "sha256:71e530aa3847093ac9fcc703f6fc3c80c6437c86634d6ec5c2e39aa13498770a" ] }, "config": { "Entrypoint": [ "/dinit" ], "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "MUSL_LOCPATH=/usr/share/i18n/locales/musl", "LC_ALL=en_US.UTF-8", "MAILNAME=mail.example.com", "MY_NETWORKS=172.17.0.0/16 127.0.0.0/8", "MY_DESTINATION=localhost.localdomain, localhost", "ROOT_ALIAS=admin@example.com", "LOG_TO_STDOUT=0", "POSTFIX_PATH=/usr/libexec/postfix/master" ], "Volumes": { "/var/log/postfix": {}, "/var/spool/postfix": {} }, "ExposedPorts": { "25/tcp": {}, "465/tcp": {}, "587/tcp": {} } } }, "Layers": [ { "Size": 5827584, "Digest": "sha256:a88dc8b54e91eb6b19695ef7e04865926d4df23004f414a3ee86978617492d4d", "DiffID": "sha256:5535fda0356bb3eff348b2f618314a47946d7ccfbeb880b3fc910dd7375ae140" }, { "Size": 13586432, "Digest": "sha256:3c17db25a80559233b072fcb75a07818e67faea561b939d34a757001f75771ed", "DiffID": "sha256:89966969e962d445de150b51cadd76146c16c0eab5e9de66efb53c2d4c96d5a2" }, { "Size": 8687104, "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, { "Size": 2560, "Digest": "sha256:8731caaec5d6522a12867ce756d810b2d19fa429874062444712890d5de16be0", "DiffID": "sha256:8601cf25f595362b38b93073b0c1bca028cd045d7e306dc535060c56e5cd89b8" }, { "Size": 13194240, "Digest": "sha256:11c13ca337c7c9207294ba298f14ee555a333c2eb4ff188cfc68309eeb63928c", "DiffID": "sha256:afcbd1cbb5b8884fa0f936b7ff152814bf17f5df59124d41694b7eeda23ff951" }, { "Size": 30208, "Digest": "sha256:ff0c35dba1e49cef1ae264a39d075ec8476f4b68545b0fbd4e8cb6206f02f4ce", "DiffID": "sha256:89990f9ab1ef99727683c3b051ac440074020f2549a6d2ff2cad2c1477134c03" }, { "Size": 1024, "Digest": "sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1", "DiffID": "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef" }, { "Size": 7168, "Digest": "sha256:241288f10b0cf168e3f0de6837d6118dd77b1b30ddc84552e1d8607266d213e7", "DiffID": "sha256:71e530aa3847093ac9fcc703f6fc3c80c6437c86634d6ec5c2e39aa13498770a" } ] } ], "Results": [ { "Target": "tozd/postfix:alpine-316 (alpine 3.16.9)", "Class": "os-pkgs", "Type": "alpine", "Packages": [ { "ID": "alpine-baselayout@3.2.0-r23", "Name": "alpine-baselayout", "Identifier": { "PURL": "pkg:apk/alpine/alpine-baselayout@3.2.0-r23?arch=x86_64\u0026distro=3.16.9", "UID": "c9bb66b39aa528cd" }, "Version": "3.2.0-r23", "Arch": "x86_64", "SrcName": "alpine-baselayout", "SrcVersion": "3.2.0-r23", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "alpine-baselayout-data@3.2.0-r23", "busybox@1.35.0-r18", "musl@1.2.3-r4" ], "Layer": { "Digest": "sha256:a88dc8b54e91eb6b19695ef7e04865926d4df23004f414a3ee86978617492d4d", "DiffID": "sha256:5535fda0356bb3eff348b2f618314a47946d7ccfbeb880b3fc910dd7375ae140" }, "Digest": "sha1:f5423b531ca2532c06e9a7b0f5cde50813ec86c1", "InstalledFiles": [ "etc/motd", "etc/crontabs/root", "etc/modprobe.d/aliases.conf", "etc/modprobe.d/blacklist.conf", "etc/modprobe.d/i386.conf", "etc/modprobe.d/kms.conf", "etc/profile.d/README", "etc/profile.d/color_prompt.sh.disabled", "etc/profile.d/locale.sh", "lib/sysctl.d/00-alpine.conf", "sbin/mkmntdirs", "var/run", "var/spool/mail", "var/spool/cron/crontabs" ], "AnalyzedBy": "apk" }, { "ID": "alpine-baselayout-data@3.2.0-r23", "Name": "alpine-baselayout-data", "Identifier": { "PURL": "pkg:apk/alpine/alpine-baselayout-data@3.2.0-r23?arch=x86_64\u0026distro=3.16.9", "UID": "3052a70de4c8ac9c" }, "Version": "3.2.0-r23", "Arch": "x86_64", "SrcName": "alpine-baselayout", "SrcVersion": "3.2.0-r23", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:a88dc8b54e91eb6b19695ef7e04865926d4df23004f414a3ee86978617492d4d", "DiffID": "sha256:5535fda0356bb3eff348b2f618314a47946d7ccfbeb880b3fc910dd7375ae140" }, "Digest": "sha1:7781d0fc6c9fc3b3510f5a91bce812e88cd3dac2", "InstalledFiles": [ "etc/fstab", "etc/group", "etc/hostname", "etc/hosts", "etc/inittab", "etc/modules", "etc/mtab", "etc/nsswitch.conf", "etc/passwd", "etc/profile", "etc/protocols", "etc/services", "etc/shadow", "etc/shells", "etc/sysctl.conf" ], "AnalyzedBy": "apk" }, { "ID": "alpine-keys@2.4-r1", "Name": "alpine-keys", "Identifier": { "PURL": "pkg:apk/alpine/alpine-keys@2.4-r1?arch=x86_64\u0026distro=3.16.9", "UID": "caf9b27003694a64" }, "Version": "2.4-r1", "Arch": "x86_64", "SrcName": "alpine-keys", "SrcVersion": "2.4-r1", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:a88dc8b54e91eb6b19695ef7e04865926d4df23004f414a3ee86978617492d4d", "DiffID": "sha256:5535fda0356bb3eff348b2f618314a47946d7ccfbeb880b3fc910dd7375ae140" }, "Digest": "sha1:1417c88edb049afbaaa0d5e94a15c3726fe68f31", "InstalledFiles": [ "etc/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", "usr/share/apk/keys/mips64/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub" ], "AnalyzedBy": "apk" }, { "ID": "apk-tools@2.12.9-r3", "Name": "apk-tools", "Identifier": { "PURL": "pkg:apk/alpine/apk-tools@2.12.9-r3?arch=x86_64\u0026distro=3.16.9", "UID": "cbe58463fe4e0186" }, "Version": "2.12.9-r3", "Arch": "x86_64", "SrcName": "apk-tools", "SrcVersion": "2.12.9-r3", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "ca-certificates-bundle@20240226-r0", "libcrypto1.1@1.1.1w-r1", "libssl1.1@1.1.1w-r1", "musl@1.2.3-r4", "zlib@1.2.12-r3" ], "Layer": { "Digest": "sha256:a88dc8b54e91eb6b19695ef7e04865926d4df23004f414a3ee86978617492d4d", "DiffID": "sha256:5535fda0356bb3eff348b2f618314a47946d7ccfbeb880b3fc910dd7375ae140" }, "Digest": "sha1:54514558c2a307d69191e8480137399308008655", "InstalledFiles": [ "lib/libapk.so.3.12.0", "sbin/apk" ], "AnalyzedBy": "apk" }, { "ID": "bash@5.1.16-r2", "Name": "bash", "Identifier": { "PURL": "pkg:apk/alpine/bash@5.1.16-r2?arch=x86_64\u0026distro=3.16.9", "UID": "a3aafde700944af1" }, "Version": "5.1.16-r2", "Arch": "x86_64", "SrcName": "bash", "SrcVersion": "5.1.16-r2", "Licenses": [ "GPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "busybox@1.35.0-r18", "musl@1.2.3-r4", "readline@8.1.2-r0" ], "Layer": { "Digest": "sha256:3c17db25a80559233b072fcb75a07818e67faea561b939d34a757001f75771ed", "DiffID": "sha256:89966969e962d445de150b51cadd76146c16c0eab5e9de66efb53c2d4c96d5a2" }, "Digest": "sha1:a3035d51c1b485ff6913973631bb1886bc2a4061", "InstalledFiles": [ "bin/bash", "etc/bash/bashrc", "usr/lib/bash/accept", "usr/lib/bash/basename", "usr/lib/bash/csv", "usr/lib/bash/cut", "usr/lib/bash/dirname", "usr/lib/bash/fdflags", "usr/lib/bash/finfo", "usr/lib/bash/head", "usr/lib/bash/id", "usr/lib/bash/ln", "usr/lib/bash/logname", "usr/lib/bash/mkdir", "usr/lib/bash/mkfifo", "usr/lib/bash/mktemp", "usr/lib/bash/mypid", "usr/lib/bash/pathchk", "usr/lib/bash/print", "usr/lib/bash/printenv", "usr/lib/bash/push", "usr/lib/bash/realpath", "usr/lib/bash/rm", "usr/lib/bash/rmdir", "usr/lib/bash/seq", "usr/lib/bash/setpgid", "usr/lib/bash/sleep", "usr/lib/bash/strftime", "usr/lib/bash/sync", "usr/lib/bash/tee", "usr/lib/bash/truefalse", "usr/lib/bash/tty", "usr/lib/bash/uname", "usr/lib/bash/unlink", "usr/lib/bash/whoami" ], "AnalyzedBy": "apk" }, { "ID": "busybox@1.35.0-r18", "Name": "busybox", "Identifier": { "PURL": "pkg:apk/alpine/busybox@1.35.0-r18?arch=x86_64\u0026distro=3.16.9", "UID": "1f07d68deadf2682" }, "Version": "1.35.0-r18", "Arch": "x86_64", "SrcName": "busybox", "SrcVersion": "1.35.0-r18", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", "DependsOn": [ "musl@1.2.3-r4" ], "Layer": { "Digest": "sha256:3c17db25a80559233b072fcb75a07818e67faea561b939d34a757001f75771ed", "DiffID": "sha256:89966969e962d445de150b51cadd76146c16c0eab5e9de66efb53c2d4c96d5a2" }, "Digest": "sha1:29da1c0b924a081615b661f33dbfbbc6aee47ff5", "InstalledFiles": [ "bin/busybox", "bin/sh", "etc/securetty", "etc/udhcpd.conf", "etc/logrotate.d/acpid", "etc/network/if-up.d/dad", "usr/share/udhcpc/default.script" ], "AnalyzedBy": "apk" }, { "ID": "ca-certificates-bundle@20240226-r0", "Name": "ca-certificates-bundle", "Identifier": { "PURL": "pkg:apk/alpine/ca-certificates-bundle@20240226-r0?arch=x86_64\u0026distro=3.16.9", "UID": "6e262e06439d91e5" }, "Version": "20240226-r0", "Arch": "x86_64", "SrcName": "ca-certificates", "SrcVersion": "20240226-r0", "Licenses": [ "MPL-2.0", "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:3c17db25a80559233b072fcb75a07818e67faea561b939d34a757001f75771ed", "DiffID": "sha256:89966969e962d445de150b51cadd76146c16c0eab5e9de66efb53c2d4c96d5a2" }, "Digest": "sha1:aca248897011535431fa12ab9f7969827015eb70", "InstalledFiles": [ "etc/ssl/cert.pem", "etc/ssl/certs/ca-certificates.crt" ], "AnalyzedBy": "apk" }, { "ID": "file@5.41-r0", "Name": "file", "Identifier": { "PURL": "pkg:apk/alpine/file@5.41-r0?arch=x86_64\u0026distro=3.16.9", "UID": "db419961dfa54b92" }, "Version": "5.41-r0", "Arch": "x86_64", "SrcName": "file", "SrcVersion": "5.41-r0", "Licenses": [ "BSD-2-Clause" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libmagic@5.41-r0", "musl@1.2.3-r4" ], "Layer": { "Digest": "sha256:3c17db25a80559233b072fcb75a07818e67faea561b939d34a757001f75771ed", "DiffID": "sha256:89966969e962d445de150b51cadd76146c16c0eab5e9de66efb53c2d4c96d5a2" }, "Digest": "sha1:41fcff3b4e4f940bc44669b51e499e31b451071b", "InstalledFiles": [ "usr/bin/file" ], "AnalyzedBy": "apk" }, { "ID": "gdbm@1.23-r0", "Name": "gdbm", "Identifier": { "PURL": "pkg:apk/alpine/gdbm@1.23-r0?arch=x86_64\u0026distro=3.16.9", "UID": "800447b8c73ff598" }, "Version": "1.23-r0", "Arch": "x86_64", "SrcName": "gdbm", "SrcVersion": "1.23-r0", "Licenses": [ "GPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.3-r4" ], "Layer": { "Digest": "sha256:11c13ca337c7c9207294ba298f14ee555a333c2eb4ff188cfc68309eeb63928c", "DiffID": "sha256:afcbd1cbb5b8884fa0f936b7ff152814bf17f5df59124d41694b7eeda23ff951" }, "Digest": "sha1:9519fe84a0abd765b526b7f0d69fa82833361052", "InstalledFiles": [ "usr/lib/libgdbm.so.6", "usr/lib/libgdbm.so.6.0.0", "usr/lib/libgdbm_compat.so.4", "usr/lib/libgdbm_compat.so.4.0.0" ], "AnalyzedBy": "apk" }, { "ID": "icu-data-en@71.1-r2", "Name": "icu-data-en", "Identifier": { "PURL": "pkg:apk/alpine/icu-data-en@71.1-r2?arch=x86_64\u0026distro=3.16.9", "UID": "9ae5dc4d26f1c6cf" }, "Version": "71.1-r2", "Arch": "x86_64", "SrcName": "icu", "SrcVersion": "71.1-r2", "Licenses": [ "MIT", "ICU", "Unicode-TOU" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "busybox@1.35.0-r18" ], "Layer": { "Digest": "sha256:11c13ca337c7c9207294ba298f14ee555a333c2eb4ff188cfc68309eeb63928c", "DiffID": "sha256:afcbd1cbb5b8884fa0f936b7ff152814bf17f5df59124d41694b7eeda23ff951" }, "Digest": "sha1:2704207dc957655796ef632d51f6942c626f1531", "InstalledFiles": [ "usr/share/icu/71.1/icudt71l.dat" ], "AnalyzedBy": "apk" }, { "ID": "icu-libs@71.1-r2", "Name": "icu-libs", "Identifier": { "PURL": "pkg:apk/alpine/icu-libs@71.1-r2?arch=x86_64\u0026distro=3.16.9", "UID": "53fa767efa2ed567" }, "Version": "71.1-r2", "Arch": "x86_64", "SrcName": "icu", "SrcVersion": "71.1-r2", "Licenses": [ "MIT", "ICU", "Unicode-TOU" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "icu-data-en@71.1-r2", "libgcc@11.2.1_git20220219-r2", "libstdc++@11.2.1_git20220219-r2", "musl@1.2.3-r4" ], "Layer": { "Digest": "sha256:11c13ca337c7c9207294ba298f14ee555a333c2eb4ff188cfc68309eeb63928c", "DiffID": "sha256:afcbd1cbb5b8884fa0f936b7ff152814bf17f5df59124d41694b7eeda23ff951" }, "Digest": "sha1:45b54bd531204a1c629dc57a213d943f47c44ed0", "InstalledFiles": [ "usr/lib/libicudata.so.71", "usr/lib/libicudata.so.71.1", "usr/lib/libicui18n.so.71", "usr/lib/libicui18n.so.71.1", "usr/lib/libicuio.so.71", "usr/lib/libicuio.so.71.1", "usr/lib/libicuuc.so.71", "usr/lib/libicuuc.so.71.1" ], "AnalyzedBy": "apk" }, { "ID": "libc-utils@0.7.2-r3", "Name": "libc-utils", "Identifier": { "PURL": "pkg:apk/alpine/libc-utils@0.7.2-r3?arch=x86_64\u0026distro=3.16.9", "UID": "f63083d391d5172a" }, "Version": "0.7.2-r3", "Arch": "x86_64", "SrcName": "libc-dev", "SrcVersion": "0.7.2-r3", "Licenses": [ "BSD-2-Clause", "BSD-3-Clause" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl-utils@1.2.3-r4" ], "Layer": { "Digest": "sha256:a88dc8b54e91eb6b19695ef7e04865926d4df23004f414a3ee86978617492d4d", "DiffID": "sha256:5535fda0356bb3eff348b2f618314a47946d7ccfbeb880b3fc910dd7375ae140" }, "Digest": "sha1:3b8185251bc7cfde6d3e33bce2aa44be4355c03c", "AnalyzedBy": "apk" }, { "ID": "libcrypto1.1@1.1.1w-r1", "Name": "libcrypto1.1", "Identifier": { "PURL": "pkg:apk/alpine/libcrypto1.1@1.1.1w-r1?arch=x86_64\u0026distro=3.16.9", "UID": "b66727936c029a29" }, "Version": "1.1.1w-r1", "Arch": "x86_64", "SrcName": "openssl", "SrcVersion": "1.1.1w-r1", "Licenses": [ "OpenSSL" ], "Maintainer": "Timo Teras \u003ctimo.teras@iki.fi\u003e", "DependsOn": [ "musl@1.2.3-r4" ], "Layer": { "Digest": "sha256:a88dc8b54e91eb6b19695ef7e04865926d4df23004f414a3ee86978617492d4d", "DiffID": "sha256:5535fda0356bb3eff348b2f618314a47946d7ccfbeb880b3fc910dd7375ae140" }, "Digest": "sha1:b0bda9c8ca517645567ba67f44be19aee380de40", "InstalledFiles": [ "etc/ssl/ct_log_list.cnf", "etc/ssl/ct_log_list.cnf.dist", "etc/ssl/openssl.cnf", "etc/ssl/openssl.cnf.dist", "etc/ssl/misc/CA.pl", "etc/ssl/misc/tsget", "etc/ssl/misc/tsget.pl", "lib/libcrypto.so.1.1", "usr/lib/libcrypto.so.1.1", "usr/lib/engines-1.1/afalg.so", "usr/lib/engines-1.1/capi.so", "usr/lib/engines-1.1/padlock.so" ], "AnalyzedBy": "apk" }, { "ID": "libgcc@11.2.1_git20220219-r2", "Name": "libgcc", "Identifier": { "PURL": "pkg:apk/alpine/libgcc@11.2.1_git20220219-r2?arch=x86_64\u0026distro=3.16.9", "UID": "9a690b254956d66" }, "Version": "11.2.1_git20220219-r2", "Arch": "x86_64", "SrcName": "gcc", "SrcVersion": "11.2.1_git20220219-r2", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.1-or-later" ], "Maintainer": "Ariadne Conill \u003cariadne@dereferenced.org\u003e", "DependsOn": [ "musl@1.2.3-r4" ], "Layer": { "Digest": "sha256:11c13ca337c7c9207294ba298f14ee555a333c2eb4ff188cfc68309eeb63928c", "DiffID": "sha256:afcbd1cbb5b8884fa0f936b7ff152814bf17f5df59124d41694b7eeda23ff951" }, "Digest": "sha1:c765504f6bf09c2455271cc48c4b48e459dcf09b", "InstalledFiles": [ "usr/lib/libgcc_s.so.1" ], "AnalyzedBy": "apk" }, { "ID": "libintl@0.21-r2", "Name": "libintl", "Identifier": { "PURL": "pkg:apk/alpine/libintl@0.21-r2?arch=x86_64\u0026distro=3.16.9", "UID": "cb16c8f57fcf7181" }, "Version": "0.21-r2", "Arch": "x86_64", "SrcName": "gettext", "SrcVersion": "0.21-r2", "Licenses": [ "LGPL-2.1-or-later" ], "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.3-r4" ], "Layer": { "Digest": "sha256:3c17db25a80559233b072fcb75a07818e67faea561b939d34a757001f75771ed", "DiffID": "sha256:89966969e962d445de150b51cadd76146c16c0eab5e9de66efb53c2d4c96d5a2" }, "Digest": "sha1:079123672726e33c47bfaf2581b8034b2cbd6a8b", "InstalledFiles": [ "usr/lib/libintl.so.8", "usr/lib/libintl.so.8.2.0" ], "AnalyzedBy": "apk" }, { "ID": "libmagic@5.41-r0", "Name": "libmagic", "Identifier": { "PURL": "pkg:apk/alpine/libmagic@5.41-r0?arch=x86_64\u0026distro=3.16.9", "UID": "96328d6052194d50" }, "Version": "5.41-r0", "Arch": "x86_64", "SrcName": "file", "SrcVersion": "5.41-r0", "Licenses": [ "BSD-2-Clause" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.3-r4" ], "Layer": { "Digest": "sha256:3c17db25a80559233b072fcb75a07818e67faea561b939d34a757001f75771ed", "DiffID": "sha256:89966969e962d445de150b51cadd76146c16c0eab5e9de66efb53c2d4c96d5a2" }, "Digest": "sha1:026dc6d2669ef540d141b7bf58abecadc2bb00d5", "InstalledFiles": [ "usr/lib/libmagic.so.1", "usr/lib/libmagic.so.1.0.0", "usr/share/misc/magic.mgc" ], "AnalyzedBy": "apk" }, { "ID": "libsasl@2.1.28-r1", "Name": "libsasl", "Identifier": { "PURL": "pkg:apk/alpine/libsasl@2.1.28-r1?arch=x86_64\u0026distro=3.16.9", "UID": "f0769a139d5e9ba1" }, "Version": "2.1.28-r1", "Arch": "x86_64", "SrcName": "cyrus-sasl", "SrcVersion": "2.1.28-r1", "Licenses": [ "custom" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "gdbm@1.23-r0", "musl@1.2.3-r4" ], "Layer": { "Digest": "sha256:11c13ca337c7c9207294ba298f14ee555a333c2eb4ff188cfc68309eeb63928c", "DiffID": "sha256:afcbd1cbb5b8884fa0f936b7ff152814bf17f5df59124d41694b7eeda23ff951" }, "Digest": "sha1:93db49b8fe3480339cd56255808caa06a0d99c54", "InstalledFiles": [ "usr/lib/libsasl2.so.3", "usr/lib/libsasl2.so.3.0.0", "usr/lib/sasl2/libanonymous.so", "usr/lib/sasl2/libanonymous.so.3", "usr/lib/sasl2/libanonymous.so.3.0.0", "usr/lib/sasl2/libplain.so", "usr/lib/sasl2/libplain.so.3", "usr/lib/sasl2/libplain.so.3.0.0", "usr/lib/sasl2/libsasldb.so", "usr/lib/sasl2/libsasldb.so.3", "usr/lib/sasl2/libsasldb.so.3.0.0" ], "AnalyzedBy": "apk" }, { "ID": "libssl1.1@1.1.1w-r1", "Name": "libssl1.1", "Identifier": { "PURL": "pkg:apk/alpine/libssl1.1@1.1.1w-r1?arch=x86_64\u0026distro=3.16.9", "UID": "eaa025b7846d7045" }, "Version": "1.1.1w-r1", "Arch": "x86_64", "SrcName": "openssl", "SrcVersion": "1.1.1w-r1", "Licenses": [ "OpenSSL" ], "Maintainer": "Timo Teras \u003ctimo.teras@iki.fi\u003e", "DependsOn": [ "libcrypto1.1@1.1.1w-r1", "musl@1.2.3-r4" ], "Layer": { "Digest": "sha256:a88dc8b54e91eb6b19695ef7e04865926d4df23004f414a3ee86978617492d4d", "DiffID": "sha256:5535fda0356bb3eff348b2f618314a47946d7ccfbeb880b3fc910dd7375ae140" }, "Digest": "sha1:5facd69c238a147ee0c8d9b5dbe2cce00be9dbfc", "InstalledFiles": [ "lib/libssl.so.1.1", "usr/lib/libssl.so.1.1" ], "AnalyzedBy": "apk" }, { "ID": "libstdc++@11.2.1_git20220219-r2", "Name": "libstdc++", "Identifier": { "PURL": "pkg:apk/alpine/libstdc%2B%2B@11.2.1_git20220219-r2?arch=x86_64\u0026distro=3.16.9", "UID": "4d812412b8d16369" }, "Version": "11.2.1_git20220219-r2", "Arch": "x86_64", "SrcName": "gcc", "SrcVersion": "11.2.1_git20220219-r2", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.1-or-later" ], "Maintainer": "Ariadne Conill \u003cariadne@dereferenced.org\u003e", "DependsOn": [ "libgcc@11.2.1_git20220219-r2", "musl@1.2.3-r4" ], "Layer": { "Digest": "sha256:11c13ca337c7c9207294ba298f14ee555a333c2eb4ff188cfc68309eeb63928c", "DiffID": "sha256:afcbd1cbb5b8884fa0f936b7ff152814bf17f5df59124d41694b7eeda23ff951" }, "Digest": "sha1:f6e2eb3e2d01a83e849bef7c27a2f90a072e6801", "InstalledFiles": [ "usr/lib/libstdc++.so.6", "usr/lib/libstdc++.so.6.0.29" ], "AnalyzedBy": "apk" }, { "ID": "lmdb@0.9.29-r1", "Name": "lmdb", "Identifier": { "PURL": "pkg:apk/alpine/lmdb@0.9.29-r1?arch=x86_64\u0026distro=3.16.9", "UID": "f2249e1ec7e5226a" }, "Version": "0.9.29-r1", "Arch": "x86_64", "SrcName": "lmdb", "SrcVersion": "0.9.29-r1", "Licenses": [ "OLDAP-2.8" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.3-r4" ], "Layer": { "Digest": "sha256:11c13ca337c7c9207294ba298f14ee555a333c2eb4ff188cfc68309eeb63928c", "DiffID": "sha256:afcbd1cbb5b8884fa0f936b7ff152814bf17f5df59124d41694b7eeda23ff951" }, "Digest": "sha1:7f14eba592c505f9fe14f264533d6909eb695847", "InstalledFiles": [ "usr/lib/liblmdb.so.0", "usr/lib/liblmdb.so.0.0.0" ], "AnalyzedBy": "apk" }, { "ID": "musl@1.2.3-r4", "Name": "musl", "Identifier": { "PURL": "pkg:apk/alpine/musl@1.2.3-r4?arch=x86_64\u0026distro=3.16.9", "UID": "aa895aedd1079579" }, "Version": "1.2.3-r4", "Arch": "x86_64", "SrcName": "musl", "SrcVersion": "1.2.3-r4", "Licenses": [ "MIT" ], "Maintainer": "Timo Teräs \u003ctimo.teras@iki.fi\u003e", "Layer": { "Digest": "sha256:3c17db25a80559233b072fcb75a07818e67faea561b939d34a757001f75771ed", "DiffID": "sha256:89966969e962d445de150b51cadd76146c16c0eab5e9de66efb53c2d4c96d5a2" }, "Digest": "sha1:590f3bdaf82bb6747a89b1d63fedfe794ba47f7e", "InstalledFiles": [ "lib/ld-musl-x86_64.so.1", "lib/libc.musl-x86_64.so.1" ], "AnalyzedBy": "apk" }, { "ID": "musl-utils@1.2.3-r4", "Name": "musl-utils", "Identifier": { "PURL": "pkg:apk/alpine/musl-utils@1.2.3-r4?arch=x86_64\u0026distro=3.16.9", "UID": "e044260285eed036" }, "Version": "1.2.3-r4", "Arch": "x86_64", "SrcName": "musl", "SrcVersion": "1.2.3-r4", "Licenses": [ "MIT", "BSD-3-Clause", "GPL-2.0-or-later" ], "Maintainer": "Timo Teräs \u003ctimo.teras@iki.fi\u003e", "DependsOn": [ "musl@1.2.3-r4", "scanelf@1.3.4-r0" ], "Layer": { "Digest": "sha256:3c17db25a80559233b072fcb75a07818e67faea561b939d34a757001f75771ed", "DiffID": "sha256:89966969e962d445de150b51cadd76146c16c0eab5e9de66efb53c2d4c96d5a2" }, "Digest": "sha1:86611338c68bfdb72ed51868e857391859348d4f", "InstalledFiles": [ "sbin/ldconfig", "usr/bin/getconf", "usr/bin/getent", "usr/bin/iconv", "usr/bin/ldd" ], "AnalyzedBy": "apk" }, { "ID": "ncurses-libs@6.3_p20220521-r1", "Name": "ncurses-libs", "Identifier": { "PURL": "pkg:apk/alpine/ncurses-libs@6.3_p20220521-r1?arch=x86_64\u0026distro=3.16.9", "UID": "263ed1ffdfeaad17" }, "Version": "6.3_p20220521-r1", "Arch": "x86_64", "SrcName": "ncurses", "SrcVersion": "6.3_p20220521-r1", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.3-r4", "ncurses-terminfo-base@6.3_p20220521-r1" ], "Layer": { "Digest": "sha256:3c17db25a80559233b072fcb75a07818e67faea561b939d34a757001f75771ed", "DiffID": "sha256:89966969e962d445de150b51cadd76146c16c0eab5e9de66efb53c2d4c96d5a2" }, "Digest": "sha1:f28c80a74acdcd3d2a616c08ace9d3bafdcf7099", "InstalledFiles": [ "usr/lib/libformw.so.6", "usr/lib/libformw.so.6.3", "usr/lib/libmenuw.so.6", "usr/lib/libmenuw.so.6.3", "usr/lib/libncursesw.so.6", "usr/lib/libncursesw.so.6.3", "usr/lib/libpanelw.so.6", "usr/lib/libpanelw.so.6.3" ], "AnalyzedBy": "apk" }, { "ID": "ncurses-terminfo-base@6.3_p20220521-r1", "Name": "ncurses-terminfo-base", "Identifier": { "PURL": "pkg:apk/alpine/ncurses-terminfo-base@6.3_p20220521-r1?arch=x86_64\u0026distro=3.16.9", "UID": "6fdbcbbe9dbbd4ab" }, "Version": "6.3_p20220521-r1", "Arch": "x86_64", "SrcName": "ncurses", "SrcVersion": "6.3_p20220521-r1", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:3c17db25a80559233b072fcb75a07818e67faea561b939d34a757001f75771ed", "DiffID": "sha256:89966969e962d445de150b51cadd76146c16c0eab5e9de66efb53c2d4c96d5a2" }, "Digest": "sha1:06677b3905e850d1b9882c9ac90e7e04a3baf2ad", "InstalledFiles": [ "etc/terminfo/a/alacritty", "etc/terminfo/a/ansi", "etc/terminfo/d/dumb", "etc/terminfo/g/gnome", "etc/terminfo/g/gnome-256color", "etc/terminfo/k/kitty", "etc/terminfo/k/konsole", "etc/terminfo/k/konsole-256color", "etc/terminfo/k/konsole-linux", "etc/terminfo/l/linux", "etc/terminfo/p/putty", "etc/terminfo/p/putty-256color", "etc/terminfo/r/rxvt", "etc/terminfo/r/rxvt-256color", "etc/terminfo/s/screen", "etc/terminfo/s/screen-256color", "etc/terminfo/s/st-0.6", "etc/terminfo/s/st-0.7", "etc/terminfo/s/st-0.8", "etc/terminfo/s/st-16color", "etc/terminfo/s/st-256color", "etc/terminfo/s/st-direct", "etc/terminfo/s/sun", "etc/terminfo/t/terminator", "etc/terminfo/t/terminology", "etc/terminfo/t/terminology-0.6.1", "etc/terminfo/t/terminology-1.0.0", "etc/terminfo/t/terminology-1.8.1", "etc/terminfo/t/tmux", "etc/terminfo/t/tmux-256color", "etc/terminfo/v/vt100", "etc/terminfo/v/vt102", "etc/terminfo/v/vt200", "etc/terminfo/v/vt220", "etc/terminfo/v/vt52", "etc/terminfo/v/vte", "etc/terminfo/v/vte-256color", "etc/terminfo/x/xterm", "etc/terminfo/x/xterm-256color", "etc/terminfo/x/xterm-color", "etc/terminfo/x/xterm-xfree86" ], "AnalyzedBy": "apk" }, { "ID": "pcre2@10.42-r0", "Name": "pcre2", "Identifier": { "PURL": "pkg:apk/alpine/pcre2@10.42-r0?arch=x86_64\u0026distro=3.16.9", "UID": "b5f9aa6991d92de" }, "Version": "10.42-r0", "Arch": "x86_64", "SrcName": "pcre2", "SrcVersion": "10.42-r0", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Jakub Jirutka \u003cjakub@jirutka.cz\u003e", "DependsOn": [ "musl@1.2.3-r4" ], "Layer": { "Digest": "sha256:11c13ca337c7c9207294ba298f14ee555a333c2eb4ff188cfc68309eeb63928c", "DiffID": "sha256:afcbd1cbb5b8884fa0f936b7ff152814bf17f5df59124d41694b7eeda23ff951" }, "Digest": "sha1:f563dad17adc550e9d91a4e6f86000578907ac06", "InstalledFiles": [ "usr/lib/libpcre2-8.so.0", "usr/lib/libpcre2-8.so.0.11.2", "usr/lib/libpcre2-posix.so.3", "usr/lib/libpcre2-posix.so.3.0.4" ], "AnalyzedBy": "apk" }, { "ID": "postfix@3.7.12-r0", "Name": "postfix", "Identifier": { "PURL": "pkg:apk/alpine/postfix@3.7.12-r0?arch=x86_64\u0026distro=3.16.9", "UID": "6efbb0d6b9daf6ef" }, "Version": "3.7.12-r0", "Arch": "x86_64", "SrcName": "postfix", "SrcVersion": "3.7.12-r0", "Licenses": [ "IPL-1.0", "EPL-2.0" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "busybox@1.35.0-r18", "icu-libs@71.1-r2", "libcrypto1.1@1.1.1w-r1", "libsasl@2.1.28-r1", "libssl1.1@1.1.1w-r1", "lmdb@0.9.29-r1", "musl@1.2.3-r4" ], "Layer": { "Digest": "sha256:11c13ca337c7c9207294ba298f14ee555a333c2eb4ff188cfc68309eeb63928c", "DiffID": "sha256:afcbd1cbb5b8884fa0f936b7ff152814bf17f5df59124d41694b7eeda23ff951" }, "Digest": "sha1:17475b5ea05e982520d08bf8f90e2b217d575061", "InstalledFiles": [ "etc/postfix/access", "etc/postfix/aliases", "etc/postfix/canonical", "etc/postfix/dynamicmaps.cf", "etc/postfix/generic", "etc/postfix/header_checks", "etc/postfix/main.cf", "etc/postfix/main.cf.proto", "etc/postfix/master.cf", "etc/postfix/master.cf.proto", "etc/postfix/postfix-files", "etc/postfix/relocated", "etc/postfix/transport", "etc/postfix/virtual", "etc/postfix/dynamicmaps.cf.d/lmdb", "usr/bin/mailq", "usr/bin/newaliases", "usr/bin/qshape.pl", "usr/lib/postfix/libpostfix-dns.so", "usr/lib/postfix/libpostfix-global.so", "usr/lib/postfix/libpostfix-master.so", "usr/lib/postfix/libpostfix-tls.so", "usr/lib/postfix/libpostfix-util.so", "usr/lib/postfix/postfix-lmdb.so", "usr/libexec/postfix/anvil", "usr/libexec/postfix/bounce", "usr/libexec/postfix/cleanup", "usr/libexec/postfix/discard", "usr/libexec/postfix/dnsblog", "usr/libexec/postfix/error", "usr/libexec/postfix/flush", "usr/libexec/postfix/lmtp", "usr/libexec/postfix/local", "usr/libexec/postfix/master", "usr/libexec/postfix/nqmgr", "usr/libexec/postfix/oqmgr", "usr/libexec/postfix/pickup", "usr/libexec/postfix/pipe", "usr/libexec/postfix/post-install", "usr/libexec/postfix/postfix-script", "usr/libexec/postfix/postfix-tls-script", "usr/libexec/postfix/postfix-wrapper", "usr/libexec/postfix/postlogd", "usr/libexec/postfix/postmulti-script", "usr/libexec/postfix/postscreen", "usr/libexec/postfix/proxymap", "usr/libexec/postfix/qmgr", "usr/libexec/postfix/qmqpd", "usr/libexec/postfix/scache", "usr/libexec/postfix/showq", "usr/libexec/postfix/smtp", "usr/libexec/postfix/smtpd", "usr/libexec/postfix/spawn", "usr/libexec/postfix/tlsmgr", "usr/libexec/postfix/tlsproxy", "usr/libexec/postfix/trivial-rewrite", "usr/libexec/postfix/verify", "usr/libexec/postfix/virtual", "usr/sbin/postalias", "usr/sbin/postcat", "usr/sbin/postconf", "usr/sbin/postdrop", "usr/sbin/postfix", "usr/sbin/postkick", "usr/sbin/postlock", "usr/sbin/postlog", "usr/sbin/postmap", "usr/sbin/postmulti", "usr/sbin/postqueue", "usr/sbin/postsuper", "usr/sbin/sendmail" ], "AnalyzedBy": "apk" }, { "ID": "postfix-pcre@3.7.12-r0", "Name": "postfix-pcre", "Identifier": { "PURL": "pkg:apk/alpine/postfix-pcre@3.7.12-r0?arch=x86_64\u0026distro=3.16.9", "UID": "5496ff9292b54cc4" }, "Version": "3.7.12-r0", "Arch": "x86_64", "SrcName": "postfix", "SrcVersion": "3.7.12-r0", "Licenses": [ "IPL-1.0", "EPL-2.0" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.3-r4", "pcre2@10.42-r0" ], "Layer": { "Digest": "sha256:11c13ca337c7c9207294ba298f14ee555a333c2eb4ff188cfc68309eeb63928c", "DiffID": "sha256:afcbd1cbb5b8884fa0f936b7ff152814bf17f5df59124d41694b7eeda23ff951" }, "Digest": "sha1:3abb665c4ca48f583a9825553e4ba218be3086a9", "InstalledFiles": [ "etc/postfix/dynamicmaps.cf.d/pcre", "usr/lib/postfix/postfix-pcre.so" ], "AnalyzedBy": "apk" }, { "ID": "readline@8.1.2-r0", "Name": "readline", "Identifier": { "PURL": "pkg:apk/alpine/readline@8.1.2-r0?arch=x86_64\u0026distro=3.16.9", "UID": "c07a2844fcd7853b" }, "Version": "8.1.2-r0", "Arch": "x86_64", "SrcName": "readline", "SrcVersion": "8.1.2-r0", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.3-r4", "ncurses-libs@6.3_p20220521-r1" ], "Layer": { "Digest": "sha256:3c17db25a80559233b072fcb75a07818e67faea561b939d34a757001f75771ed", "DiffID": "sha256:89966969e962d445de150b51cadd76146c16c0eab5e9de66efb53c2d4c96d5a2" }, "Digest": "sha1:f676007339535e21de79acffbe7ae743a1f7168c", "InstalledFiles": [ "etc/inputrc", "usr/lib/libreadline.so.8", "usr/lib/libreadline.so.8.1" ], "AnalyzedBy": "apk" }, { "ID": "runit@2.1.2-r5", "Name": "runit", "Identifier": { "PURL": "pkg:apk/alpine/runit@2.1.2-r5?arch=x86_64\u0026distro=3.16.9", "UID": "d1ec74d2e957c6e" }, "Version": "2.1.2-r5", "Arch": "x86_64", "SrcName": "runit", "SrcVersion": "2.1.2-r5", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Stuart Cardall \u003cdeveloper@it-offshore.co.uk\u003e", "DependsOn": [ "musl@1.2.3-r4" ], "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "Digest": "sha1:877ab81ee44a806a1241eeb5dfa346e0bfceafb1", "InstalledFiles": [ "sbin/chpst", "sbin/runit", "sbin/runit-init", "sbin/runsv", "sbin/runsvchdir", "sbin/runsvdir", "sbin/sv", "sbin/svlogd", "sbin/utmpset" ], "AnalyzedBy": "apk" }, { "ID": "scanelf@1.3.4-r0", "Name": "scanelf", "Identifier": { "PURL": "pkg:apk/alpine/scanelf@1.3.4-r0?arch=x86_64\u0026distro=3.16.9", "UID": "29cfd9d59ed701b0" }, "Version": "1.3.4-r0", "Arch": "x86_64", "SrcName": "pax-utils", "SrcVersion": "1.3.4-r0", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.3-r4" ], "Layer": { "Digest": "sha256:a88dc8b54e91eb6b19695ef7e04865926d4df23004f414a3ee86978617492d4d", "DiffID": "sha256:5535fda0356bb3eff348b2f618314a47946d7ccfbeb880b3fc910dd7375ae140" }, "Digest": "sha1:19ca9ef8d0fc0c53a584cdd1d28e4ac998d1da81", "InstalledFiles": [ "usr/bin/scanelf" ], "AnalyzedBy": "apk" }, { "ID": "ssl_client@1.35.0-r18", "Name": "ssl_client", "Identifier": { "PURL": "pkg:apk/alpine/ssl_client@1.35.0-r18?arch=x86_64\u0026distro=3.16.9", "UID": "10e86f637e9790f6" }, "Version": "1.35.0-r18", "Arch": "x86_64", "SrcName": "busybox", "SrcVersion": "1.35.0-r18", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", "DependsOn": [ "libcrypto1.1@1.1.1w-r1", "libssl1.1@1.1.1w-r1", "musl@1.2.3-r4" ], "Layer": { "Digest": "sha256:3c17db25a80559233b072fcb75a07818e67faea561b939d34a757001f75771ed", "DiffID": "sha256:89966969e962d445de150b51cadd76146c16c0eab5e9de66efb53c2d4c96d5a2" }, "Digest": "sha1:60df8baae7bf58f9426557bd1214354dbdf50c25", "InstalledFiles": [ "usr/bin/ssl_client" ], "AnalyzedBy": "apk" }, { "ID": "sudo@1.9.12-r1", "Name": "sudo", "Identifier": { "PURL": "pkg:apk/alpine/sudo@1.9.12-r1?arch=x86_64\u0026distro=3.16.9", "UID": "9156ae19220c3ae9" }, "Version": "1.9.12-r1", "Arch": "x86_64", "SrcName": "sudo", "SrcVersion": "1.9.12-r1", "Licenses": [ "custom", "ISC" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.3-r4", "zlib@1.2.12-r3" ], "Layer": { "Digest": "sha256:3c17db25a80559233b072fcb75a07818e67faea561b939d34a757001f75771ed", "DiffID": "sha256:89966969e962d445de150b51cadd76146c16c0eab5e9de66efb53c2d4c96d5a2" }, "Digest": "sha1:b68dc466ed3d7bf1273e28e59f7d037605b22782", "InstalledFiles": [ "etc/sudo.conf", "etc/sudo_logsrvd.conf", "etc/sudoers", "usr/bin/cvtsudoers", "usr/bin/sudo", "usr/bin/sudoedit", "usr/bin/sudoreplay", "usr/lib/sudo/audit_json.so", "usr/lib/sudo/group_file.so", "usr/lib/sudo/libsudo_util.so", "usr/lib/sudo/libsudo_util.so.0", "usr/lib/sudo/libsudo_util.so.0.0.0", "usr/lib/sudo/sudo_intercept.so", "usr/lib/sudo/sudo_noexec.so", "usr/lib/sudo/sudoers.so", "usr/lib/sudo/system_group.so", "usr/sbin/sudo_logsrvd", "usr/sbin/sudo_sendlog", "usr/sbin/visudo" ], "AnalyzedBy": "apk" }, { "ID": "tzdata@2024a-r0", "Name": "tzdata", "Identifier": { "PURL": "pkg:apk/alpine/tzdata@2024a-r0?arch=x86_64\u0026distro=3.16.9", "UID": "33fbfe98072df7cd" }, "Version": "2024a-r0", "Arch": "x86_64", "SrcName": "tzdata", "SrcVersion": "2024a-r0", "Licenses": [ "Public-Domain" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.3-r4" ], "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "Digest": "sha1:c8db8eed6aad7f952e52bbb37ad12a010ac71cf9", "InstalledFiles": [ "usr/bin/posixtz", "usr/sbin/zdump", "usr/sbin/zic", "usr/share/zoneinfo/CET", "usr/share/zoneinfo/CST6CDT", "usr/share/zoneinfo/Cuba", "usr/share/zoneinfo/EET", "usr/share/zoneinfo/EST", "usr/share/zoneinfo/EST5EDT", "usr/share/zoneinfo/Egypt", "usr/share/zoneinfo/Eire", "usr/share/zoneinfo/Factory", "usr/share/zoneinfo/GB", "usr/share/zoneinfo/GB-Eire", "usr/share/zoneinfo/GMT", "usr/share/zoneinfo/GMT+0", "usr/share/zoneinfo/GMT-0", "usr/share/zoneinfo/GMT0", "usr/share/zoneinfo/Greenwich", "usr/share/zoneinfo/HST", "usr/share/zoneinfo/Hongkong", "usr/share/zoneinfo/Iceland", "usr/share/zoneinfo/Iran", "usr/share/zoneinfo/Israel", "usr/share/zoneinfo/Jamaica", "usr/share/zoneinfo/Japan", "usr/share/zoneinfo/Kwajalein", "usr/share/zoneinfo/Libya", "usr/share/zoneinfo/MET", "usr/share/zoneinfo/MST", "usr/share/zoneinfo/MST7MDT", "usr/share/zoneinfo/NZ", "usr/share/zoneinfo/NZ-CHAT", "usr/share/zoneinfo/Navajo", "usr/share/zoneinfo/PRC", "usr/share/zoneinfo/PST8PDT", "usr/share/zoneinfo/Poland", "usr/share/zoneinfo/Portugal", "usr/share/zoneinfo/ROC", "usr/share/zoneinfo/ROK", "usr/share/zoneinfo/Singapore", "usr/share/zoneinfo/Turkey", "usr/share/zoneinfo/UCT", "usr/share/zoneinfo/UTC", "usr/share/zoneinfo/Universal", "usr/share/zoneinfo/W-SU", "usr/share/zoneinfo/WET", "usr/share/zoneinfo/Zulu", "usr/share/zoneinfo/iso3166.tab", "usr/share/zoneinfo/posixrules", "usr/share/zoneinfo/zone.tab", "usr/share/zoneinfo/zone1970.tab", "usr/share/zoneinfo/Africa/Abidjan", "usr/share/zoneinfo/Africa/Accra", "usr/share/zoneinfo/Africa/Addis_Ababa", "usr/share/zoneinfo/Africa/Algiers", "usr/share/zoneinfo/Africa/Asmara", "usr/share/zoneinfo/Africa/Asmera", "usr/share/zoneinfo/Africa/Bamako", "usr/share/zoneinfo/Africa/Bangui", "usr/share/zoneinfo/Africa/Banjul", "usr/share/zoneinfo/Africa/Bissau", "usr/share/zoneinfo/Africa/Blantyre", "usr/share/zoneinfo/Africa/Brazzaville", "usr/share/zoneinfo/Africa/Bujumbura", "usr/share/zoneinfo/Africa/Cairo", "usr/share/zoneinfo/Africa/Casablanca", "usr/share/zoneinfo/Africa/Ceuta", "usr/share/zoneinfo/Africa/Conakry", "usr/share/zoneinfo/Africa/Dakar", "usr/share/zoneinfo/Africa/Dar_es_Salaam", "usr/share/zoneinfo/Africa/Djibouti", "usr/share/zoneinfo/Africa/Douala", "usr/share/zoneinfo/Africa/El_Aaiun", "usr/share/zoneinfo/Africa/Freetown", "usr/share/zoneinfo/Africa/Gaborone", "usr/share/zoneinfo/Africa/Harare", "usr/share/zoneinfo/Africa/Johannesburg", "usr/share/zoneinfo/Africa/Juba", "usr/share/zoneinfo/Africa/Kampala", "usr/share/zoneinfo/Africa/Khartoum", "usr/share/zoneinfo/Africa/Kigali", "usr/share/zoneinfo/Africa/Kinshasa", "usr/share/zoneinfo/Africa/Lagos", "usr/share/zoneinfo/Africa/Libreville", "usr/share/zoneinfo/Africa/Lome", "usr/share/zoneinfo/Africa/Luanda", "usr/share/zoneinfo/Africa/Lubumbashi", "usr/share/zoneinfo/Africa/Lusaka", "usr/share/zoneinfo/Africa/Malabo", "usr/share/zoneinfo/Africa/Maputo", "usr/share/zoneinfo/Africa/Maseru", "usr/share/zoneinfo/Africa/Mbabane", "usr/share/zoneinfo/Africa/Mogadishu", "usr/share/zoneinfo/Africa/Monrovia", "usr/share/zoneinfo/Africa/Nairobi", "usr/share/zoneinfo/Africa/Ndjamena", "usr/share/zoneinfo/Africa/Niamey", "usr/share/zoneinfo/Africa/Nouakchott", "usr/share/zoneinfo/Africa/Ouagadougou", "usr/share/zoneinfo/Africa/Porto-Novo", "usr/share/zoneinfo/Africa/Sao_Tome", "usr/share/zoneinfo/Africa/Timbuktu", "usr/share/zoneinfo/Africa/Tripoli", "usr/share/zoneinfo/Africa/Tunis", "usr/share/zoneinfo/Africa/Windhoek", "usr/share/zoneinfo/America/Adak", "usr/share/zoneinfo/America/Anchorage", "usr/share/zoneinfo/America/Anguilla", "usr/share/zoneinfo/America/Antigua", "usr/share/zoneinfo/America/Araguaina", "usr/share/zoneinfo/America/Aruba", "usr/share/zoneinfo/America/Asuncion", "usr/share/zoneinfo/America/Atikokan", "usr/share/zoneinfo/America/Atka", "usr/share/zoneinfo/America/Bahia", "usr/share/zoneinfo/America/Bahia_Banderas", "usr/share/zoneinfo/America/Barbados", "usr/share/zoneinfo/America/Belem", "usr/share/zoneinfo/America/Belize", "usr/share/zoneinfo/America/Blanc-Sablon", "usr/share/zoneinfo/America/Boa_Vista", "usr/share/zoneinfo/America/Bogota", "usr/share/zoneinfo/America/Boise", "usr/share/zoneinfo/America/Buenos_Aires", "usr/share/zoneinfo/America/Cambridge_Bay", "usr/share/zoneinfo/America/Campo_Grande", "usr/share/zoneinfo/America/Cancun", "usr/share/zoneinfo/America/Caracas", "usr/share/zoneinfo/America/Catamarca", "usr/share/zoneinfo/America/Cayenne", "usr/share/zoneinfo/America/Cayman", "usr/share/zoneinfo/America/Chicago", "usr/share/zoneinfo/America/Chihuahua", "usr/share/zoneinfo/America/Ciudad_Juarez", "usr/share/zoneinfo/America/Coral_Harbour", "usr/share/zoneinfo/America/Cordoba", "usr/share/zoneinfo/America/Costa_Rica", "usr/share/zoneinfo/America/Creston", "usr/share/zoneinfo/America/Cuiaba", "usr/share/zoneinfo/America/Curacao", "usr/share/zoneinfo/America/Danmarkshavn", "usr/share/zoneinfo/America/Dawson", "usr/share/zoneinfo/America/Dawson_Creek", "usr/share/zoneinfo/America/Denver", "usr/share/zoneinfo/America/Detroit", "usr/share/zoneinfo/America/Dominica", "usr/share/zoneinfo/America/Edmonton", "usr/share/zoneinfo/America/Eirunepe", "usr/share/zoneinfo/America/El_Salvador", "usr/share/zoneinfo/America/Ensenada", "usr/share/zoneinfo/America/Fort_Nelson", "usr/share/zoneinfo/America/Fort_Wayne", "usr/share/zoneinfo/America/Fortaleza", "usr/share/zoneinfo/America/Glace_Bay", "usr/share/zoneinfo/America/Godthab", "usr/share/zoneinfo/America/Goose_Bay", "usr/share/zoneinfo/America/Grand_Turk", "usr/share/zoneinfo/America/Grenada", "usr/share/zoneinfo/America/Guadeloupe", "usr/share/zoneinfo/America/Guatemala", "usr/share/zoneinfo/America/Guayaquil", "usr/share/zoneinfo/America/Guyana", "usr/share/zoneinfo/America/Halifax", "usr/share/zoneinfo/America/Havana", "usr/share/zoneinfo/America/Hermosillo", "usr/share/zoneinfo/America/Indianapolis", "usr/share/zoneinfo/America/Inuvik", "usr/share/zoneinfo/America/Iqaluit", "usr/share/zoneinfo/America/Jamaica", "usr/share/zoneinfo/America/Jujuy", "usr/share/zoneinfo/America/Juneau", "usr/share/zoneinfo/America/Knox_IN", "usr/share/zoneinfo/America/Kralendijk", "usr/share/zoneinfo/America/La_Paz", "usr/share/zoneinfo/America/Lima", "usr/share/zoneinfo/America/Los_Angeles", "usr/share/zoneinfo/America/Louisville", "usr/share/zoneinfo/America/Lower_Princes", "usr/share/zoneinfo/America/Maceio", "usr/share/zoneinfo/America/Managua", "usr/share/zoneinfo/America/Manaus", "usr/share/zoneinfo/America/Marigot", "usr/share/zoneinfo/America/Martinique", "usr/share/zoneinfo/America/Matamoros", "usr/share/zoneinfo/America/Mazatlan", "usr/share/zoneinfo/America/Mendoza", "usr/share/zoneinfo/America/Menominee", "usr/share/zoneinfo/America/Merida", "usr/share/zoneinfo/America/Metlakatla", "usr/share/zoneinfo/America/Mexico_City", "usr/share/zoneinfo/America/Miquelon", "usr/share/zoneinfo/America/Moncton", "usr/share/zoneinfo/America/Monterrey", "usr/share/zoneinfo/America/Montevideo", "usr/share/zoneinfo/America/Montreal", "usr/share/zoneinfo/America/Montserrat", "usr/share/zoneinfo/America/Nassau", "usr/share/zoneinfo/America/New_York", "usr/share/zoneinfo/America/Nipigon", "usr/share/zoneinfo/America/Nome", "usr/share/zoneinfo/America/Noronha", "usr/share/zoneinfo/America/Nuuk", "usr/share/zoneinfo/America/Ojinaga", "usr/share/zoneinfo/America/Panama", "usr/share/zoneinfo/America/Pangnirtung", "usr/share/zoneinfo/America/Paramaribo", "usr/share/zoneinfo/America/Phoenix", "usr/share/zoneinfo/America/Port-au-Prince", "usr/share/zoneinfo/America/Port_of_Spain", "usr/share/zoneinfo/America/Porto_Acre", "usr/share/zoneinfo/America/Porto_Velho", "usr/share/zoneinfo/America/Puerto_Rico", "usr/share/zoneinfo/America/Punta_Arenas", "usr/share/zoneinfo/America/Rainy_River", "usr/share/zoneinfo/America/Rankin_Inlet", "usr/share/zoneinfo/America/Recife", "usr/share/zoneinfo/America/Regina", "usr/share/zoneinfo/America/Resolute", "usr/share/zoneinfo/America/Rio_Branco", "usr/share/zoneinfo/America/Rosario", "usr/share/zoneinfo/America/Santa_Isabel", "usr/share/zoneinfo/America/Santarem", "usr/share/zoneinfo/America/Santiago", "usr/share/zoneinfo/America/Santo_Domingo", "usr/share/zoneinfo/America/Sao_Paulo", "usr/share/zoneinfo/America/Scoresbysund", "usr/share/zoneinfo/America/Shiprock", "usr/share/zoneinfo/America/Sitka", "usr/share/zoneinfo/America/St_Barthelemy", "usr/share/zoneinfo/America/St_Johns", "usr/share/zoneinfo/America/St_Kitts", "usr/share/zoneinfo/America/St_Lucia", "usr/share/zoneinfo/America/St_Thomas", "usr/share/zoneinfo/America/St_Vincent", "usr/share/zoneinfo/America/Swift_Current", "usr/share/zoneinfo/America/Tegucigalpa", "usr/share/zoneinfo/America/Thule", "usr/share/zoneinfo/America/Thunder_Bay", "usr/share/zoneinfo/America/Tijuana", "usr/share/zoneinfo/America/Toronto", "usr/share/zoneinfo/America/Tortola", "usr/share/zoneinfo/America/Vancouver", "usr/share/zoneinfo/America/Virgin", "usr/share/zoneinfo/America/Whitehorse", "usr/share/zoneinfo/America/Winnipeg", "usr/share/zoneinfo/America/Yakutat", "usr/share/zoneinfo/America/Yellowknife", "usr/share/zoneinfo/America/Argentina/Buenos_Aires", "usr/share/zoneinfo/America/Argentina/Catamarca", "usr/share/zoneinfo/America/Argentina/ComodRivadavia", "usr/share/zoneinfo/America/Argentina/Cordoba", "usr/share/zoneinfo/America/Argentina/Jujuy", "usr/share/zoneinfo/America/Argentina/La_Rioja", "usr/share/zoneinfo/America/Argentina/Mendoza", "usr/share/zoneinfo/America/Argentina/Rio_Gallegos", "usr/share/zoneinfo/America/Argentina/Salta", "usr/share/zoneinfo/America/Argentina/San_Juan", "usr/share/zoneinfo/America/Argentina/San_Luis", "usr/share/zoneinfo/America/Argentina/Tucuman", "usr/share/zoneinfo/America/Argentina/Ushuaia", "usr/share/zoneinfo/America/Indiana/Indianapolis", "usr/share/zoneinfo/America/Indiana/Knox", "usr/share/zoneinfo/America/Indiana/Marengo", "usr/share/zoneinfo/America/Indiana/Petersburg", "usr/share/zoneinfo/America/Indiana/Tell_City", "usr/share/zoneinfo/America/Indiana/Vevay", "usr/share/zoneinfo/America/Indiana/Vincennes", "usr/share/zoneinfo/America/Indiana/Winamac", "usr/share/zoneinfo/America/Kentucky/Louisville", "usr/share/zoneinfo/America/Kentucky/Monticello", "usr/share/zoneinfo/America/North_Dakota/Beulah", "usr/share/zoneinfo/America/North_Dakota/Center", "usr/share/zoneinfo/America/North_Dakota/New_Salem", "usr/share/zoneinfo/Antarctica/Casey", "usr/share/zoneinfo/Antarctica/Davis", "usr/share/zoneinfo/Antarctica/DumontDUrville", "usr/share/zoneinfo/Antarctica/Macquarie", "usr/share/zoneinfo/Antarctica/Mawson", "usr/share/zoneinfo/Antarctica/McMurdo", "usr/share/zoneinfo/Antarctica/Palmer", "usr/share/zoneinfo/Antarctica/Rothera", "usr/share/zoneinfo/Antarctica/South_Pole", "usr/share/zoneinfo/Antarctica/Syowa", "usr/share/zoneinfo/Antarctica/Troll", "usr/share/zoneinfo/Antarctica/Vostok", "usr/share/zoneinfo/Arctic/Longyearbyen", "usr/share/zoneinfo/Asia/Aden", "usr/share/zoneinfo/Asia/Almaty", "usr/share/zoneinfo/Asia/Amman", "usr/share/zoneinfo/Asia/Anadyr", "usr/share/zoneinfo/Asia/Aqtau", "usr/share/zoneinfo/Asia/Aqtobe", "usr/share/zoneinfo/Asia/Ashgabat", "usr/share/zoneinfo/Asia/Ashkhabad", "usr/share/zoneinfo/Asia/Atyrau", "usr/share/zoneinfo/Asia/Baghdad", "usr/share/zoneinfo/Asia/Bahrain", "usr/share/zoneinfo/Asia/Baku", "usr/share/zoneinfo/Asia/Bangkok", "usr/share/zoneinfo/Asia/Barnaul", "usr/share/zoneinfo/Asia/Beirut", "usr/share/zoneinfo/Asia/Bishkek", "usr/share/zoneinfo/Asia/Brunei", "usr/share/zoneinfo/Asia/Calcutta", "usr/share/zoneinfo/Asia/Chita", "usr/share/zoneinfo/Asia/Choibalsan", "usr/share/zoneinfo/Asia/Chongqing", "usr/share/zoneinfo/Asia/Chungking", "usr/share/zoneinfo/Asia/Colombo", "usr/share/zoneinfo/Asia/Dacca", "usr/share/zoneinfo/Asia/Damascus", "usr/share/zoneinfo/Asia/Dhaka", "usr/share/zoneinfo/Asia/Dili", "usr/share/zoneinfo/Asia/Dubai", "usr/share/zoneinfo/Asia/Dushanbe", "usr/share/zoneinfo/Asia/Famagusta", "usr/share/zoneinfo/Asia/Gaza", "usr/share/zoneinfo/Asia/Harbin", "usr/share/zoneinfo/Asia/Hebron", "usr/share/zoneinfo/Asia/Ho_Chi_Minh", "usr/share/zoneinfo/Asia/Hong_Kong", "usr/share/zoneinfo/Asia/Hovd", "usr/share/zoneinfo/Asia/Irkutsk", "usr/share/zoneinfo/Asia/Istanbul", "usr/share/zoneinfo/Asia/Jakarta", "usr/share/zoneinfo/Asia/Jayapura", "usr/share/zoneinfo/Asia/Jerusalem", "usr/share/zoneinfo/Asia/Kabul", "usr/share/zoneinfo/Asia/Kamchatka", "usr/share/zoneinfo/Asia/Karachi", "usr/share/zoneinfo/Asia/Kashgar", "usr/share/zoneinfo/Asia/Kathmandu", "usr/share/zoneinfo/Asia/Katmandu", "usr/share/zoneinfo/Asia/Khandyga", "usr/share/zoneinfo/Asia/Kolkata", "usr/share/zoneinfo/Asia/Krasnoyarsk", "usr/share/zoneinfo/Asia/Kuala_Lumpur", "usr/share/zoneinfo/Asia/Kuching", "usr/share/zoneinfo/Asia/Kuwait", "usr/share/zoneinfo/Asia/Macao", "usr/share/zoneinfo/Asia/Macau", "usr/share/zoneinfo/Asia/Magadan", "usr/share/zoneinfo/Asia/Makassar", "usr/share/zoneinfo/Asia/Manila", "usr/share/zoneinfo/Asia/Muscat", "usr/share/zoneinfo/Asia/Nicosia", "usr/share/zoneinfo/Asia/Novokuznetsk", "usr/share/zoneinfo/Asia/Novosibirsk", "usr/share/zoneinfo/Asia/Omsk", "usr/share/zoneinfo/Asia/Oral", "usr/share/zoneinfo/Asia/Phnom_Penh", "usr/share/zoneinfo/Asia/Pontianak", "usr/share/zoneinfo/Asia/Pyongyang", "usr/share/zoneinfo/Asia/Qatar", "usr/share/zoneinfo/Asia/Qostanay", "usr/share/zoneinfo/Asia/Qyzylorda", "usr/share/zoneinfo/Asia/Rangoon", "usr/share/zoneinfo/Asia/Riyadh", "usr/share/zoneinfo/Asia/Saigon", "usr/share/zoneinfo/Asia/Sakhalin", "usr/share/zoneinfo/Asia/Samarkand", "usr/share/zoneinfo/Asia/Seoul", "usr/share/zoneinfo/Asia/Shanghai", "usr/share/zoneinfo/Asia/Singapore", "usr/share/zoneinfo/Asia/Srednekolymsk", "usr/share/zoneinfo/Asia/Taipei", "usr/share/zoneinfo/Asia/Tashkent", "usr/share/zoneinfo/Asia/Tbilisi", "usr/share/zoneinfo/Asia/Tehran", "usr/share/zoneinfo/Asia/Tel_Aviv", "usr/share/zoneinfo/Asia/Thimbu", "usr/share/zoneinfo/Asia/Thimphu", "usr/share/zoneinfo/Asia/Tokyo", "usr/share/zoneinfo/Asia/Tomsk", "usr/share/zoneinfo/Asia/Ujung_Pandang", "usr/share/zoneinfo/Asia/Ulaanbaatar", "usr/share/zoneinfo/Asia/Ulan_Bator", "usr/share/zoneinfo/Asia/Urumqi", "usr/share/zoneinfo/Asia/Ust-Nera", "usr/share/zoneinfo/Asia/Vientiane", "usr/share/zoneinfo/Asia/Vladivostok", "usr/share/zoneinfo/Asia/Yakutsk", "usr/share/zoneinfo/Asia/Yangon", "usr/share/zoneinfo/Asia/Yekaterinburg", "usr/share/zoneinfo/Asia/Yerevan", "usr/share/zoneinfo/Atlantic/Azores", "usr/share/zoneinfo/Atlantic/Bermuda", "usr/share/zoneinfo/Atlantic/Canary", "usr/share/zoneinfo/Atlantic/Cape_Verde", "usr/share/zoneinfo/Atlantic/Faeroe", "usr/share/zoneinfo/Atlantic/Faroe", "usr/share/zoneinfo/Atlantic/Jan_Mayen", "usr/share/zoneinfo/Atlantic/Madeira", "usr/share/zoneinfo/Atlantic/Reykjavik", "usr/share/zoneinfo/Atlantic/South_Georgia", "usr/share/zoneinfo/Atlantic/St_Helena", "usr/share/zoneinfo/Atlantic/Stanley", "usr/share/zoneinfo/Australia/ACT", "usr/share/zoneinfo/Australia/Adelaide", "usr/share/zoneinfo/Australia/Brisbane", "usr/share/zoneinfo/Australia/Broken_Hill", "usr/share/zoneinfo/Australia/Canberra", "usr/share/zoneinfo/Australia/Currie", "usr/share/zoneinfo/Australia/Darwin", "usr/share/zoneinfo/Australia/Eucla", "usr/share/zoneinfo/Australia/Hobart", "usr/share/zoneinfo/Australia/LHI", "usr/share/zoneinfo/Australia/Lindeman", "usr/share/zoneinfo/Australia/Lord_Howe", "usr/share/zoneinfo/Australia/Melbourne", "usr/share/zoneinfo/Australia/NSW", "usr/share/zoneinfo/Australia/North", "usr/share/zoneinfo/Australia/Perth", "usr/share/zoneinfo/Australia/Queensland", "usr/share/zoneinfo/Australia/South", "usr/share/zoneinfo/Australia/Sydney", "usr/share/zoneinfo/Australia/Tasmania", "usr/share/zoneinfo/Australia/Victoria", "usr/share/zoneinfo/Australia/West", "usr/share/zoneinfo/Australia/Yancowinna", "usr/share/zoneinfo/Brazil/Acre", "usr/share/zoneinfo/Brazil/DeNoronha", "usr/share/zoneinfo/Brazil/East", "usr/share/zoneinfo/Brazil/West", "usr/share/zoneinfo/Canada/Atlantic", "usr/share/zoneinfo/Canada/Central", "usr/share/zoneinfo/Canada/Eastern", "usr/share/zoneinfo/Canada/Mountain", "usr/share/zoneinfo/Canada/Newfoundland", "usr/share/zoneinfo/Canada/Pacific", "usr/share/zoneinfo/Canada/Saskatchewan", "usr/share/zoneinfo/Canada/Yukon", "usr/share/zoneinfo/Chile/Continental", "usr/share/zoneinfo/Chile/EasterIsland", "usr/share/zoneinfo/Etc/GMT", "usr/share/zoneinfo/Etc/GMT+0", "usr/share/zoneinfo/Etc/GMT+1", "usr/share/zoneinfo/Etc/GMT+10", "usr/share/zoneinfo/Etc/GMT+11", "usr/share/zoneinfo/Etc/GMT+12", "usr/share/zoneinfo/Etc/GMT+2", "usr/share/zoneinfo/Etc/GMT+3", "usr/share/zoneinfo/Etc/GMT+4", "usr/share/zoneinfo/Etc/GMT+5", "usr/share/zoneinfo/Etc/GMT+6", "usr/share/zoneinfo/Etc/GMT+7", "usr/share/zoneinfo/Etc/GMT+8", "usr/share/zoneinfo/Etc/GMT+9", "usr/share/zoneinfo/Etc/GMT-0", "usr/share/zoneinfo/Etc/GMT-1", "usr/share/zoneinfo/Etc/GMT-10", "usr/share/zoneinfo/Etc/GMT-11", "usr/share/zoneinfo/Etc/GMT-12", "usr/share/zoneinfo/Etc/GMT-13", "usr/share/zoneinfo/Etc/GMT-14", "usr/share/zoneinfo/Etc/GMT-2", "usr/share/zoneinfo/Etc/GMT-3", "usr/share/zoneinfo/Etc/GMT-4", "usr/share/zoneinfo/Etc/GMT-5", "usr/share/zoneinfo/Etc/GMT-6", "usr/share/zoneinfo/Etc/GMT-7", "usr/share/zoneinfo/Etc/GMT-8", "usr/share/zoneinfo/Etc/GMT-9", "usr/share/zoneinfo/Etc/GMT0", "usr/share/zoneinfo/Etc/Greenwich", "usr/share/zoneinfo/Etc/UCT", "usr/share/zoneinfo/Etc/UTC", "usr/share/zoneinfo/Etc/Universal", "usr/share/zoneinfo/Etc/Zulu", "usr/share/zoneinfo/Europe/Amsterdam", "usr/share/zoneinfo/Europe/Andorra", "usr/share/zoneinfo/Europe/Astrakhan", "usr/share/zoneinfo/Europe/Athens", "usr/share/zoneinfo/Europe/Belfast", "usr/share/zoneinfo/Europe/Belgrade", "usr/share/zoneinfo/Europe/Berlin", "usr/share/zoneinfo/Europe/Bratislava", "usr/share/zoneinfo/Europe/Brussels", "usr/share/zoneinfo/Europe/Bucharest", "usr/share/zoneinfo/Europe/Budapest", "usr/share/zoneinfo/Europe/Busingen", "usr/share/zoneinfo/Europe/Chisinau", "usr/share/zoneinfo/Europe/Copenhagen", "usr/share/zoneinfo/Europe/Dublin", "usr/share/zoneinfo/Europe/Gibraltar", "usr/share/zoneinfo/Europe/Guernsey", "usr/share/zoneinfo/Europe/Helsinki", "usr/share/zoneinfo/Europe/Isle_of_Man", "usr/share/zoneinfo/Europe/Istanbul", "usr/share/zoneinfo/Europe/Jersey", "usr/share/zoneinfo/Europe/Kaliningrad", "usr/share/zoneinfo/Europe/Kiev", "usr/share/zoneinfo/Europe/Kirov", "usr/share/zoneinfo/Europe/Kyiv", "usr/share/zoneinfo/Europe/Lisbon", "usr/share/zoneinfo/Europe/Ljubljana", "usr/share/zoneinfo/Europe/London", "usr/share/zoneinfo/Europe/Luxembourg", "usr/share/zoneinfo/Europe/Madrid", "usr/share/zoneinfo/Europe/Malta", "usr/share/zoneinfo/Europe/Mariehamn", "usr/share/zoneinfo/Europe/Minsk", "usr/share/zoneinfo/Europe/Monaco", "usr/share/zoneinfo/Europe/Moscow", "usr/share/zoneinfo/Europe/Nicosia", "usr/share/zoneinfo/Europe/Oslo", "usr/share/zoneinfo/Europe/Paris", "usr/share/zoneinfo/Europe/Podgorica", "usr/share/zoneinfo/Europe/Prague", "usr/share/zoneinfo/Europe/Riga", "usr/share/zoneinfo/Europe/Rome", "usr/share/zoneinfo/Europe/Samara", "usr/share/zoneinfo/Europe/San_Marino", "usr/share/zoneinfo/Europe/Sarajevo", "usr/share/zoneinfo/Europe/Saratov", "usr/share/zoneinfo/Europe/Simferopol", "usr/share/zoneinfo/Europe/Skopje", "usr/share/zoneinfo/Europe/Sofia", "usr/share/zoneinfo/Europe/Stockholm", "usr/share/zoneinfo/Europe/Tallinn", "usr/share/zoneinfo/Europe/Tirane", "usr/share/zoneinfo/Europe/Tiraspol", "usr/share/zoneinfo/Europe/Ulyanovsk", "usr/share/zoneinfo/Europe/Uzhgorod", "usr/share/zoneinfo/Europe/Vaduz", "usr/share/zoneinfo/Europe/Vatican", "usr/share/zoneinfo/Europe/Vienna", "usr/share/zoneinfo/Europe/Vilnius", "usr/share/zoneinfo/Europe/Volgograd", "usr/share/zoneinfo/Europe/Warsaw", "usr/share/zoneinfo/Europe/Zagreb", "usr/share/zoneinfo/Europe/Zaporozhye", "usr/share/zoneinfo/Europe/Zurich", "usr/share/zoneinfo/Indian/Antananarivo", "usr/share/zoneinfo/Indian/Chagos", "usr/share/zoneinfo/Indian/Christmas", "usr/share/zoneinfo/Indian/Cocos", "usr/share/zoneinfo/Indian/Comoro", "usr/share/zoneinfo/Indian/Kerguelen", "usr/share/zoneinfo/Indian/Mahe", "usr/share/zoneinfo/Indian/Maldives", "usr/share/zoneinfo/Indian/Mauritius", "usr/share/zoneinfo/Indian/Mayotte", "usr/share/zoneinfo/Indian/Reunion", "usr/share/zoneinfo/Mexico/BajaNorte", "usr/share/zoneinfo/Mexico/BajaSur", "usr/share/zoneinfo/Mexico/General", "usr/share/zoneinfo/Pacific/Apia", "usr/share/zoneinfo/Pacific/Auckland", "usr/share/zoneinfo/Pacific/Bougainville", "usr/share/zoneinfo/Pacific/Chatham", "usr/share/zoneinfo/Pacific/Chuuk", "usr/share/zoneinfo/Pacific/Easter", "usr/share/zoneinfo/Pacific/Efate", "usr/share/zoneinfo/Pacific/Enderbury", "usr/share/zoneinfo/Pacific/Fakaofo", "usr/share/zoneinfo/Pacific/Fiji", "usr/share/zoneinfo/Pacific/Funafuti", "usr/share/zoneinfo/Pacific/Galapagos", "usr/share/zoneinfo/Pacific/Gambier", "usr/share/zoneinfo/Pacific/Guadalcanal", "usr/share/zoneinfo/Pacific/Guam", "usr/share/zoneinfo/Pacific/Honolulu", "usr/share/zoneinfo/Pacific/Johnston", "usr/share/zoneinfo/Pacific/Kanton", "usr/share/zoneinfo/Pacific/Kiritimati", "usr/share/zoneinfo/Pacific/Kosrae", "usr/share/zoneinfo/Pacific/Kwajalein", "usr/share/zoneinfo/Pacific/Majuro", "usr/share/zoneinfo/Pacific/Marquesas", "usr/share/zoneinfo/Pacific/Midway", "usr/share/zoneinfo/Pacific/Nauru", "usr/share/zoneinfo/Pacific/Niue", "usr/share/zoneinfo/Pacific/Norfolk", "usr/share/zoneinfo/Pacific/Noumea", "usr/share/zoneinfo/Pacific/Pago_Pago", "usr/share/zoneinfo/Pacific/Palau", "usr/share/zoneinfo/Pacific/Pitcairn", "usr/share/zoneinfo/Pacific/Pohnpei", "usr/share/zoneinfo/Pacific/Ponape", "usr/share/zoneinfo/Pacific/Port_Moresby", "usr/share/zoneinfo/Pacific/Rarotonga", "usr/share/zoneinfo/Pacific/Saipan", "usr/share/zoneinfo/Pacific/Samoa", "usr/share/zoneinfo/Pacific/Tahiti", "usr/share/zoneinfo/Pacific/Tarawa", "usr/share/zoneinfo/Pacific/Tongatapu", "usr/share/zoneinfo/Pacific/Truk", "usr/share/zoneinfo/Pacific/Wake", "usr/share/zoneinfo/Pacific/Wallis", "usr/share/zoneinfo/Pacific/Yap", "usr/share/zoneinfo/US/Alaska", "usr/share/zoneinfo/US/Aleutian", "usr/share/zoneinfo/US/Arizona", "usr/share/zoneinfo/US/Central", "usr/share/zoneinfo/US/East-Indiana", "usr/share/zoneinfo/US/Eastern", "usr/share/zoneinfo/US/Hawaii", "usr/share/zoneinfo/US/Indiana-Starke", "usr/share/zoneinfo/US/Michigan", "usr/share/zoneinfo/US/Mountain", "usr/share/zoneinfo/US/Pacific", "usr/share/zoneinfo/US/Samoa", "usr/share/zoneinfo/right/CET", "usr/share/zoneinfo/right/CST6CDT", "usr/share/zoneinfo/right/Cuba", "usr/share/zoneinfo/right/EET", "usr/share/zoneinfo/right/EST", "usr/share/zoneinfo/right/EST5EDT", "usr/share/zoneinfo/right/Egypt", "usr/share/zoneinfo/right/Eire", "usr/share/zoneinfo/right/Factory", "usr/share/zoneinfo/right/GB", "usr/share/zoneinfo/right/GB-Eire", "usr/share/zoneinfo/right/GMT", "usr/share/zoneinfo/right/GMT+0", "usr/share/zoneinfo/right/GMT-0", "usr/share/zoneinfo/right/GMT0", "usr/share/zoneinfo/right/Greenwich", "usr/share/zoneinfo/right/HST", "usr/share/zoneinfo/right/Hongkong", "usr/share/zoneinfo/right/Iceland", "usr/share/zoneinfo/right/Iran", "usr/share/zoneinfo/right/Israel", "usr/share/zoneinfo/right/Jamaica", "usr/share/zoneinfo/right/Japan", "usr/share/zoneinfo/right/Kwajalein", "usr/share/zoneinfo/right/Libya", "usr/share/zoneinfo/right/MET", "usr/share/zoneinfo/right/MST", "usr/share/zoneinfo/right/MST7MDT", "usr/share/zoneinfo/right/NZ", "usr/share/zoneinfo/right/NZ-CHAT", "usr/share/zoneinfo/right/Navajo", "usr/share/zoneinfo/right/PRC", "usr/share/zoneinfo/right/PST8PDT", "usr/share/zoneinfo/right/Poland", "usr/share/zoneinfo/right/Portugal", "usr/share/zoneinfo/right/ROC", "usr/share/zoneinfo/right/ROK", "usr/share/zoneinfo/right/Singapore", "usr/share/zoneinfo/right/Turkey", "usr/share/zoneinfo/right/UCT", "usr/share/zoneinfo/right/UTC", "usr/share/zoneinfo/right/Universal", "usr/share/zoneinfo/right/W-SU", "usr/share/zoneinfo/right/WET", "usr/share/zoneinfo/right/Zulu", "usr/share/zoneinfo/right/Africa/Abidjan", "usr/share/zoneinfo/right/Africa/Accra", "usr/share/zoneinfo/right/Africa/Addis_Ababa", "usr/share/zoneinfo/right/Africa/Algiers", "usr/share/zoneinfo/right/Africa/Asmara", "usr/share/zoneinfo/right/Africa/Asmera", "usr/share/zoneinfo/right/Africa/Bamako", "usr/share/zoneinfo/right/Africa/Bangui", "usr/share/zoneinfo/right/Africa/Banjul", "usr/share/zoneinfo/right/Africa/Bissau", "usr/share/zoneinfo/right/Africa/Blantyre", "usr/share/zoneinfo/right/Africa/Brazzaville", "usr/share/zoneinfo/right/Africa/Bujumbura", "usr/share/zoneinfo/right/Africa/Cairo", "usr/share/zoneinfo/right/Africa/Casablanca", "usr/share/zoneinfo/right/Africa/Ceuta", "usr/share/zoneinfo/right/Africa/Conakry", "usr/share/zoneinfo/right/Africa/Dakar", "usr/share/zoneinfo/right/Africa/Dar_es_Salaam", "usr/share/zoneinfo/right/Africa/Djibouti", "usr/share/zoneinfo/right/Africa/Douala", "usr/share/zoneinfo/right/Africa/El_Aaiun", "usr/share/zoneinfo/right/Africa/Freetown", "usr/share/zoneinfo/right/Africa/Gaborone", "usr/share/zoneinfo/right/Africa/Harare", "usr/share/zoneinfo/right/Africa/Johannesburg", "usr/share/zoneinfo/right/Africa/Juba", "usr/share/zoneinfo/right/Africa/Kampala", "usr/share/zoneinfo/right/Africa/Khartoum", "usr/share/zoneinfo/right/Africa/Kigali", "usr/share/zoneinfo/right/Africa/Kinshasa", "usr/share/zoneinfo/right/Africa/Lagos", "usr/share/zoneinfo/right/Africa/Libreville", "usr/share/zoneinfo/right/Africa/Lome", "usr/share/zoneinfo/right/Africa/Luanda", "usr/share/zoneinfo/right/Africa/Lubumbashi", "usr/share/zoneinfo/right/Africa/Lusaka", "usr/share/zoneinfo/right/Africa/Malabo", "usr/share/zoneinfo/right/Africa/Maputo", "usr/share/zoneinfo/right/Africa/Maseru", "usr/share/zoneinfo/right/Africa/Mbabane", "usr/share/zoneinfo/right/Africa/Mogadishu", "usr/share/zoneinfo/right/Africa/Monrovia", "usr/share/zoneinfo/right/Africa/Nairobi", "usr/share/zoneinfo/right/Africa/Ndjamena", "usr/share/zoneinfo/right/Africa/Niamey", "usr/share/zoneinfo/right/Africa/Nouakchott", "usr/share/zoneinfo/right/Africa/Ouagadougou", "usr/share/zoneinfo/right/Africa/Porto-Novo", "usr/share/zoneinfo/right/Africa/Sao_Tome", "usr/share/zoneinfo/right/Africa/Timbuktu", "usr/share/zoneinfo/right/Africa/Tripoli", "usr/share/zoneinfo/right/Africa/Tunis", "usr/share/zoneinfo/right/Africa/Windhoek", "usr/share/zoneinfo/right/America/Adak", "usr/share/zoneinfo/right/America/Anchorage", "usr/share/zoneinfo/right/America/Anguilla", "usr/share/zoneinfo/right/America/Antigua", "usr/share/zoneinfo/right/America/Araguaina", "usr/share/zoneinfo/right/America/Aruba", "usr/share/zoneinfo/right/America/Asuncion", "usr/share/zoneinfo/right/America/Atikokan", "usr/share/zoneinfo/right/America/Atka", "usr/share/zoneinfo/right/America/Bahia", "usr/share/zoneinfo/right/America/Bahia_Banderas", "usr/share/zoneinfo/right/America/Barbados", "usr/share/zoneinfo/right/America/Belem", "usr/share/zoneinfo/right/America/Belize", "usr/share/zoneinfo/right/America/Blanc-Sablon", "usr/share/zoneinfo/right/America/Boa_Vista", "usr/share/zoneinfo/right/America/Bogota", "usr/share/zoneinfo/right/America/Boise", "usr/share/zoneinfo/right/America/Buenos_Aires", "usr/share/zoneinfo/right/America/Cambridge_Bay", "usr/share/zoneinfo/right/America/Campo_Grande", "usr/share/zoneinfo/right/America/Cancun", "usr/share/zoneinfo/right/America/Caracas", "usr/share/zoneinfo/right/America/Catamarca", "usr/share/zoneinfo/right/America/Cayenne", "usr/share/zoneinfo/right/America/Cayman", "usr/share/zoneinfo/right/America/Chicago", "usr/share/zoneinfo/right/America/Chihuahua", "usr/share/zoneinfo/right/America/Ciudad_Juarez", "usr/share/zoneinfo/right/America/Coral_Harbour", "usr/share/zoneinfo/right/America/Cordoba", "usr/share/zoneinfo/right/America/Costa_Rica", "usr/share/zoneinfo/right/America/Creston", "usr/share/zoneinfo/right/America/Cuiaba", "usr/share/zoneinfo/right/America/Curacao", "usr/share/zoneinfo/right/America/Danmarkshavn", "usr/share/zoneinfo/right/America/Dawson", "usr/share/zoneinfo/right/America/Dawson_Creek", "usr/share/zoneinfo/right/America/Denver", "usr/share/zoneinfo/right/America/Detroit", "usr/share/zoneinfo/right/America/Dominica", "usr/share/zoneinfo/right/America/Edmonton", "usr/share/zoneinfo/right/America/Eirunepe", "usr/share/zoneinfo/right/America/El_Salvador", "usr/share/zoneinfo/right/America/Ensenada", "usr/share/zoneinfo/right/America/Fort_Nelson", "usr/share/zoneinfo/right/America/Fort_Wayne", "usr/share/zoneinfo/right/America/Fortaleza", "usr/share/zoneinfo/right/America/Glace_Bay", "usr/share/zoneinfo/right/America/Godthab", "usr/share/zoneinfo/right/America/Goose_Bay", "usr/share/zoneinfo/right/America/Grand_Turk", "usr/share/zoneinfo/right/America/Grenada", "usr/share/zoneinfo/right/America/Guadeloupe", "usr/share/zoneinfo/right/America/Guatemala", "usr/share/zoneinfo/right/America/Guayaquil", "usr/share/zoneinfo/right/America/Guyana", "usr/share/zoneinfo/right/America/Halifax", "usr/share/zoneinfo/right/America/Havana", "usr/share/zoneinfo/right/America/Hermosillo", "usr/share/zoneinfo/right/America/Indianapolis", "usr/share/zoneinfo/right/America/Inuvik", "usr/share/zoneinfo/right/America/Iqaluit", "usr/share/zoneinfo/right/America/Jamaica", "usr/share/zoneinfo/right/America/Jujuy", "usr/share/zoneinfo/right/America/Juneau", "usr/share/zoneinfo/right/America/Knox_IN", "usr/share/zoneinfo/right/America/Kralendijk", "usr/share/zoneinfo/right/America/La_Paz", "usr/share/zoneinfo/right/America/Lima", "usr/share/zoneinfo/right/America/Los_Angeles", "usr/share/zoneinfo/right/America/Louisville", "usr/share/zoneinfo/right/America/Lower_Princes", "usr/share/zoneinfo/right/America/Maceio", "usr/share/zoneinfo/right/America/Managua", "usr/share/zoneinfo/right/America/Manaus", "usr/share/zoneinfo/right/America/Marigot", "usr/share/zoneinfo/right/America/Martinique", "usr/share/zoneinfo/right/America/Matamoros", "usr/share/zoneinfo/right/America/Mazatlan", "usr/share/zoneinfo/right/America/Mendoza", "usr/share/zoneinfo/right/America/Menominee", "usr/share/zoneinfo/right/America/Merida", "usr/share/zoneinfo/right/America/Metlakatla", "usr/share/zoneinfo/right/America/Mexico_City", "usr/share/zoneinfo/right/America/Miquelon", "usr/share/zoneinfo/right/America/Moncton", "usr/share/zoneinfo/right/America/Monterrey", "usr/share/zoneinfo/right/America/Montevideo", "usr/share/zoneinfo/right/America/Montreal", "usr/share/zoneinfo/right/America/Montserrat", "usr/share/zoneinfo/right/America/Nassau", "usr/share/zoneinfo/right/America/New_York", "usr/share/zoneinfo/right/America/Nipigon", "usr/share/zoneinfo/right/America/Nome", "usr/share/zoneinfo/right/America/Noronha", "usr/share/zoneinfo/right/America/Nuuk", "usr/share/zoneinfo/right/America/Ojinaga", "usr/share/zoneinfo/right/America/Panama", "usr/share/zoneinfo/right/America/Pangnirtung", "usr/share/zoneinfo/right/America/Paramaribo", "usr/share/zoneinfo/right/America/Phoenix", "usr/share/zoneinfo/right/America/Port-au-Prince", "usr/share/zoneinfo/right/America/Port_of_Spain", "usr/share/zoneinfo/right/America/Porto_Acre", "usr/share/zoneinfo/right/America/Porto_Velho", "usr/share/zoneinfo/right/America/Puerto_Rico", "usr/share/zoneinfo/right/America/Punta_Arenas", "usr/share/zoneinfo/right/America/Rainy_River", "usr/share/zoneinfo/right/America/Rankin_Inlet", "usr/share/zoneinfo/right/America/Recife", "usr/share/zoneinfo/right/America/Regina", "usr/share/zoneinfo/right/America/Resolute", "usr/share/zoneinfo/right/America/Rio_Branco", "usr/share/zoneinfo/right/America/Rosario", "usr/share/zoneinfo/right/America/Santa_Isabel", "usr/share/zoneinfo/right/America/Santarem", "usr/share/zoneinfo/right/America/Santiago", "usr/share/zoneinfo/right/America/Santo_Domingo", "usr/share/zoneinfo/right/America/Sao_Paulo", "usr/share/zoneinfo/right/America/Scoresbysund", "usr/share/zoneinfo/right/America/Shiprock", "usr/share/zoneinfo/right/America/Sitka", "usr/share/zoneinfo/right/America/St_Barthelemy", "usr/share/zoneinfo/right/America/St_Johns", "usr/share/zoneinfo/right/America/St_Kitts", "usr/share/zoneinfo/right/America/St_Lucia", "usr/share/zoneinfo/right/America/St_Thomas", "usr/share/zoneinfo/right/America/St_Vincent", "usr/share/zoneinfo/right/America/Swift_Current", "usr/share/zoneinfo/right/America/Tegucigalpa", "usr/share/zoneinfo/right/America/Thule", "usr/share/zoneinfo/right/America/Thunder_Bay", "usr/share/zoneinfo/right/America/Tijuana", "usr/share/zoneinfo/right/America/Toronto", "usr/share/zoneinfo/right/America/Tortola", "usr/share/zoneinfo/right/America/Vancouver", "usr/share/zoneinfo/right/America/Virgin", "usr/share/zoneinfo/right/America/Whitehorse", "usr/share/zoneinfo/right/America/Winnipeg", "usr/share/zoneinfo/right/America/Yakutat", "usr/share/zoneinfo/right/America/Yellowknife", "usr/share/zoneinfo/right/America/Argentina/Buenos_Aires", "usr/share/zoneinfo/right/America/Argentina/Catamarca", "usr/share/zoneinfo/right/America/Argentina/ComodRivadavia", "usr/share/zoneinfo/right/America/Argentina/Cordoba", "usr/share/zoneinfo/right/America/Argentina/Jujuy", "usr/share/zoneinfo/right/America/Argentina/La_Rioja", "usr/share/zoneinfo/right/America/Argentina/Mendoza", "usr/share/zoneinfo/right/America/Argentina/Rio_Gallegos", "usr/share/zoneinfo/right/America/Argentina/Salta", "usr/share/zoneinfo/right/America/Argentina/San_Juan", "usr/share/zoneinfo/right/America/Argentina/San_Luis", "usr/share/zoneinfo/right/America/Argentina/Tucuman", "usr/share/zoneinfo/right/America/Argentina/Ushuaia", "usr/share/zoneinfo/right/America/Indiana/Indianapolis", "usr/share/zoneinfo/right/America/Indiana/Knox", "usr/share/zoneinfo/right/America/Indiana/Marengo", "usr/share/zoneinfo/right/America/Indiana/Petersburg", "usr/share/zoneinfo/right/America/Indiana/Tell_City", "usr/share/zoneinfo/right/America/Indiana/Vevay", "usr/share/zoneinfo/right/America/Indiana/Vincennes", "usr/share/zoneinfo/right/America/Indiana/Winamac", "usr/share/zoneinfo/right/America/Kentucky/Louisville", "usr/share/zoneinfo/right/America/Kentucky/Monticello", "usr/share/zoneinfo/right/America/North_Dakota/Beulah", "usr/share/zoneinfo/right/America/North_Dakota/Center", "usr/share/zoneinfo/right/America/North_Dakota/New_Salem", "usr/share/zoneinfo/right/Antarctica/Casey", "usr/share/zoneinfo/right/Antarctica/Davis", "usr/share/zoneinfo/right/Antarctica/DumontDUrville", "usr/share/zoneinfo/right/Antarctica/Macquarie", "usr/share/zoneinfo/right/Antarctica/Mawson", "usr/share/zoneinfo/right/Antarctica/McMurdo", "usr/share/zoneinfo/right/Antarctica/Palmer", "usr/share/zoneinfo/right/Antarctica/Rothera", "usr/share/zoneinfo/right/Antarctica/South_Pole", "usr/share/zoneinfo/right/Antarctica/Syowa", "usr/share/zoneinfo/right/Antarctica/Troll", "usr/share/zoneinfo/right/Antarctica/Vostok", "usr/share/zoneinfo/right/Arctic/Longyearbyen", "usr/share/zoneinfo/right/Asia/Aden", "usr/share/zoneinfo/right/Asia/Almaty", "usr/share/zoneinfo/right/Asia/Amman", "usr/share/zoneinfo/right/Asia/Anadyr", "usr/share/zoneinfo/right/Asia/Aqtau", "usr/share/zoneinfo/right/Asia/Aqtobe", "usr/share/zoneinfo/right/Asia/Ashgabat", "usr/share/zoneinfo/right/Asia/Ashkhabad", "usr/share/zoneinfo/right/Asia/Atyrau", "usr/share/zoneinfo/right/Asia/Baghdad", "usr/share/zoneinfo/right/Asia/Bahrain", "usr/share/zoneinfo/right/Asia/Baku", "usr/share/zoneinfo/right/Asia/Bangkok", "usr/share/zoneinfo/right/Asia/Barnaul", "usr/share/zoneinfo/right/Asia/Beirut", "usr/share/zoneinfo/right/Asia/Bishkek", "usr/share/zoneinfo/right/Asia/Brunei", "usr/share/zoneinfo/right/Asia/Calcutta", "usr/share/zoneinfo/right/Asia/Chita", "usr/share/zoneinfo/right/Asia/Choibalsan", "usr/share/zoneinfo/right/Asia/Chongqing", "usr/share/zoneinfo/right/Asia/Chungking", "usr/share/zoneinfo/right/Asia/Colombo", "usr/share/zoneinfo/right/Asia/Dacca", "usr/share/zoneinfo/right/Asia/Damascus", "usr/share/zoneinfo/right/Asia/Dhaka", "usr/share/zoneinfo/right/Asia/Dili", "usr/share/zoneinfo/right/Asia/Dubai", "usr/share/zoneinfo/right/Asia/Dushanbe", "usr/share/zoneinfo/right/Asia/Famagusta", "usr/share/zoneinfo/right/Asia/Gaza", "usr/share/zoneinfo/right/Asia/Harbin", "usr/share/zoneinfo/right/Asia/Hebron", "usr/share/zoneinfo/right/Asia/Ho_Chi_Minh", "usr/share/zoneinfo/right/Asia/Hong_Kong", "usr/share/zoneinfo/right/Asia/Hovd", "usr/share/zoneinfo/right/Asia/Irkutsk", "usr/share/zoneinfo/right/Asia/Istanbul", "usr/share/zoneinfo/right/Asia/Jakarta", "usr/share/zoneinfo/right/Asia/Jayapura", "usr/share/zoneinfo/right/Asia/Jerusalem", "usr/share/zoneinfo/right/Asia/Kabul", "usr/share/zoneinfo/right/Asia/Kamchatka", "usr/share/zoneinfo/right/Asia/Karachi", "usr/share/zoneinfo/right/Asia/Kashgar", "usr/share/zoneinfo/right/Asia/Kathmandu", "usr/share/zoneinfo/right/Asia/Katmandu", "usr/share/zoneinfo/right/Asia/Khandyga", "usr/share/zoneinfo/right/Asia/Kolkata", "usr/share/zoneinfo/right/Asia/Krasnoyarsk", "usr/share/zoneinfo/right/Asia/Kuala_Lumpur", "usr/share/zoneinfo/right/Asia/Kuching", "usr/share/zoneinfo/right/Asia/Kuwait", "usr/share/zoneinfo/right/Asia/Macao", "usr/share/zoneinfo/right/Asia/Macau", "usr/share/zoneinfo/right/Asia/Magadan", "usr/share/zoneinfo/right/Asia/Makassar", "usr/share/zoneinfo/right/Asia/Manila", "usr/share/zoneinfo/right/Asia/Muscat", "usr/share/zoneinfo/right/Asia/Nicosia", "usr/share/zoneinfo/right/Asia/Novokuznetsk", "usr/share/zoneinfo/right/Asia/Novosibirsk", "usr/share/zoneinfo/right/Asia/Omsk", "usr/share/zoneinfo/right/Asia/Oral", "usr/share/zoneinfo/right/Asia/Phnom_Penh", "usr/share/zoneinfo/right/Asia/Pontianak", "usr/share/zoneinfo/right/Asia/Pyongyang", "usr/share/zoneinfo/right/Asia/Qatar", "usr/share/zoneinfo/right/Asia/Qostanay", "usr/share/zoneinfo/right/Asia/Qyzylorda", "usr/share/zoneinfo/right/Asia/Rangoon", "usr/share/zoneinfo/right/Asia/Riyadh", "usr/share/zoneinfo/right/Asia/Saigon", "usr/share/zoneinfo/right/Asia/Sakhalin", "usr/share/zoneinfo/right/Asia/Samarkand", "usr/share/zoneinfo/right/Asia/Seoul", "usr/share/zoneinfo/right/Asia/Shanghai", "usr/share/zoneinfo/right/Asia/Singapore", "usr/share/zoneinfo/right/Asia/Srednekolymsk", "usr/share/zoneinfo/right/Asia/Taipei", "usr/share/zoneinfo/right/Asia/Tashkent", "usr/share/zoneinfo/right/Asia/Tbilisi", "usr/share/zoneinfo/right/Asia/Tehran", "usr/share/zoneinfo/right/Asia/Tel_Aviv", "usr/share/zoneinfo/right/Asia/Thimbu", "usr/share/zoneinfo/right/Asia/Thimphu", "usr/share/zoneinfo/right/Asia/Tokyo", "usr/share/zoneinfo/right/Asia/Tomsk", "usr/share/zoneinfo/right/Asia/Ujung_Pandang", "usr/share/zoneinfo/right/Asia/Ulaanbaatar", "usr/share/zoneinfo/right/Asia/Ulan_Bator", "usr/share/zoneinfo/right/Asia/Urumqi", "usr/share/zoneinfo/right/Asia/Ust-Nera", "usr/share/zoneinfo/right/Asia/Vientiane", "usr/share/zoneinfo/right/Asia/Vladivostok", "usr/share/zoneinfo/right/Asia/Yakutsk", "usr/share/zoneinfo/right/Asia/Yangon", "usr/share/zoneinfo/right/Asia/Yekaterinburg", "usr/share/zoneinfo/right/Asia/Yerevan", "usr/share/zoneinfo/right/Atlantic/Azores", "usr/share/zoneinfo/right/Atlantic/Bermuda", "usr/share/zoneinfo/right/Atlantic/Canary", "usr/share/zoneinfo/right/Atlantic/Cape_Verde", "usr/share/zoneinfo/right/Atlantic/Faeroe", "usr/share/zoneinfo/right/Atlantic/Faroe", "usr/share/zoneinfo/right/Atlantic/Jan_Mayen", "usr/share/zoneinfo/right/Atlantic/Madeira", "usr/share/zoneinfo/right/Atlantic/Reykjavik", "usr/share/zoneinfo/right/Atlantic/South_Georgia", "usr/share/zoneinfo/right/Atlantic/St_Helena", "usr/share/zoneinfo/right/Atlantic/Stanley", "usr/share/zoneinfo/right/Australia/ACT", "usr/share/zoneinfo/right/Australia/Adelaide", "usr/share/zoneinfo/right/Australia/Brisbane", "usr/share/zoneinfo/right/Australia/Broken_Hill", "usr/share/zoneinfo/right/Australia/Canberra", "usr/share/zoneinfo/right/Australia/Currie", "usr/share/zoneinfo/right/Australia/Darwin", "usr/share/zoneinfo/right/Australia/Eucla", "usr/share/zoneinfo/right/Australia/Hobart", "usr/share/zoneinfo/right/Australia/LHI", "usr/share/zoneinfo/right/Australia/Lindeman", "usr/share/zoneinfo/right/Australia/Lord_Howe", "usr/share/zoneinfo/right/Australia/Melbourne", "usr/share/zoneinfo/right/Australia/NSW", "usr/share/zoneinfo/right/Australia/North", "usr/share/zoneinfo/right/Australia/Perth", "usr/share/zoneinfo/right/Australia/Queensland", "usr/share/zoneinfo/right/Australia/South", "usr/share/zoneinfo/right/Australia/Sydney", "usr/share/zoneinfo/right/Australia/Tasmania", "usr/share/zoneinfo/right/Australia/Victoria", "usr/share/zoneinfo/right/Australia/West", "usr/share/zoneinfo/right/Australia/Yancowinna", "usr/share/zoneinfo/right/Brazil/Acre", "usr/share/zoneinfo/right/Brazil/DeNoronha", "usr/share/zoneinfo/right/Brazil/East", "usr/share/zoneinfo/right/Brazil/West", "usr/share/zoneinfo/right/Canada/Atlantic", "usr/share/zoneinfo/right/Canada/Central", "usr/share/zoneinfo/right/Canada/Eastern", "usr/share/zoneinfo/right/Canada/Mountain", "usr/share/zoneinfo/right/Canada/Newfoundland", "usr/share/zoneinfo/right/Canada/Pacific", "usr/share/zoneinfo/right/Canada/Saskatchewan", "usr/share/zoneinfo/right/Canada/Yukon", "usr/share/zoneinfo/right/Chile/Continental", "usr/share/zoneinfo/right/Chile/EasterIsland", "usr/share/zoneinfo/right/Etc/GMT", "usr/share/zoneinfo/right/Etc/GMT+0", "usr/share/zoneinfo/right/Etc/GMT+1", "usr/share/zoneinfo/right/Etc/GMT+10", "usr/share/zoneinfo/right/Etc/GMT+11", "usr/share/zoneinfo/right/Etc/GMT+12", "usr/share/zoneinfo/right/Etc/GMT+2", "usr/share/zoneinfo/right/Etc/GMT+3", "usr/share/zoneinfo/right/Etc/GMT+4", "usr/share/zoneinfo/right/Etc/GMT+5", "usr/share/zoneinfo/right/Etc/GMT+6", "usr/share/zoneinfo/right/Etc/GMT+7", "usr/share/zoneinfo/right/Etc/GMT+8", "usr/share/zoneinfo/right/Etc/GMT+9", "usr/share/zoneinfo/right/Etc/GMT-0", "usr/share/zoneinfo/right/Etc/GMT-1", "usr/share/zoneinfo/right/Etc/GMT-10", "usr/share/zoneinfo/right/Etc/GMT-11", "usr/share/zoneinfo/right/Etc/GMT-12", "usr/share/zoneinfo/right/Etc/GMT-13", "usr/share/zoneinfo/right/Etc/GMT-14", "usr/share/zoneinfo/right/Etc/GMT-2", "usr/share/zoneinfo/right/Etc/GMT-3", "usr/share/zoneinfo/right/Etc/GMT-4", "usr/share/zoneinfo/right/Etc/GMT-5", "usr/share/zoneinfo/right/Etc/GMT-6", "usr/share/zoneinfo/right/Etc/GMT-7", "usr/share/zoneinfo/right/Etc/GMT-8", "usr/share/zoneinfo/right/Etc/GMT-9", "usr/share/zoneinfo/right/Etc/GMT0", "usr/share/zoneinfo/right/Etc/Greenwich", "usr/share/zoneinfo/right/Etc/UCT", "usr/share/zoneinfo/right/Etc/UTC", "usr/share/zoneinfo/right/Etc/Universal", "usr/share/zoneinfo/right/Etc/Zulu", "usr/share/zoneinfo/right/Europe/Amsterdam", "usr/share/zoneinfo/right/Europe/Andorra", "usr/share/zoneinfo/right/Europe/Astrakhan", "usr/share/zoneinfo/right/Europe/Athens", "usr/share/zoneinfo/right/Europe/Belfast", "usr/share/zoneinfo/right/Europe/Belgrade", "usr/share/zoneinfo/right/Europe/Berlin", "usr/share/zoneinfo/right/Europe/Bratislava", "usr/share/zoneinfo/right/Europe/Brussels", "usr/share/zoneinfo/right/Europe/Bucharest", "usr/share/zoneinfo/right/Europe/Budapest", "usr/share/zoneinfo/right/Europe/Busingen", "usr/share/zoneinfo/right/Europe/Chisinau", "usr/share/zoneinfo/right/Europe/Copenhagen", "usr/share/zoneinfo/right/Europe/Dublin", "usr/share/zoneinfo/right/Europe/Gibraltar", "usr/share/zoneinfo/right/Europe/Guernsey", "usr/share/zoneinfo/right/Europe/Helsinki", "usr/share/zoneinfo/right/Europe/Isle_of_Man", "usr/share/zoneinfo/right/Europe/Istanbul", "usr/share/zoneinfo/right/Europe/Jersey", "usr/share/zoneinfo/right/Europe/Kaliningrad", "usr/share/zoneinfo/right/Europe/Kiev", "usr/share/zoneinfo/right/Europe/Kirov", "usr/share/zoneinfo/right/Europe/Kyiv", "usr/share/zoneinfo/right/Europe/Lisbon", "usr/share/zoneinfo/right/Europe/Ljubljana", "usr/share/zoneinfo/right/Europe/London", "usr/share/zoneinfo/right/Europe/Luxembourg", "usr/share/zoneinfo/right/Europe/Madrid", "usr/share/zoneinfo/right/Europe/Malta", "usr/share/zoneinfo/right/Europe/Mariehamn", "usr/share/zoneinfo/right/Europe/Minsk", "usr/share/zoneinfo/right/Europe/Monaco", "usr/share/zoneinfo/right/Europe/Moscow", "usr/share/zoneinfo/right/Europe/Nicosia", "usr/share/zoneinfo/right/Europe/Oslo", "usr/share/zoneinfo/right/Europe/Paris", "usr/share/zoneinfo/right/Europe/Podgorica", "usr/share/zoneinfo/right/Europe/Prague", "usr/share/zoneinfo/right/Europe/Riga", "usr/share/zoneinfo/right/Europe/Rome", "usr/share/zoneinfo/right/Europe/Samara", "usr/share/zoneinfo/right/Europe/San_Marino", "usr/share/zoneinfo/right/Europe/Sarajevo", "usr/share/zoneinfo/right/Europe/Saratov", "usr/share/zoneinfo/right/Europe/Simferopol", "usr/share/zoneinfo/right/Europe/Skopje", "usr/share/zoneinfo/right/Europe/Sofia", "usr/share/zoneinfo/right/Europe/Stockholm", "usr/share/zoneinfo/right/Europe/Tallinn", "usr/share/zoneinfo/right/Europe/Tirane", "usr/share/zoneinfo/right/Europe/Tiraspol", "usr/share/zoneinfo/right/Europe/Ulyanovsk", "usr/share/zoneinfo/right/Europe/Uzhgorod", "usr/share/zoneinfo/right/Europe/Vaduz", "usr/share/zoneinfo/right/Europe/Vatican", "usr/share/zoneinfo/right/Europe/Vienna", "usr/share/zoneinfo/right/Europe/Vilnius", "usr/share/zoneinfo/right/Europe/Volgograd", "usr/share/zoneinfo/right/Europe/Warsaw", "usr/share/zoneinfo/right/Europe/Zagreb", "usr/share/zoneinfo/right/Europe/Zaporozhye", "usr/share/zoneinfo/right/Europe/Zurich", "usr/share/zoneinfo/right/Indian/Antananarivo", "usr/share/zoneinfo/right/Indian/Chagos", "usr/share/zoneinfo/right/Indian/Christmas", "usr/share/zoneinfo/right/Indian/Cocos", "usr/share/zoneinfo/right/Indian/Comoro", "usr/share/zoneinfo/right/Indian/Kerguelen", "usr/share/zoneinfo/right/Indian/Mahe", "usr/share/zoneinfo/right/Indian/Maldives", "usr/share/zoneinfo/right/Indian/Mauritius", "usr/share/zoneinfo/right/Indian/Mayotte", "usr/share/zoneinfo/right/Indian/Reunion", "usr/share/zoneinfo/right/Mexico/BajaNorte", "usr/share/zoneinfo/right/Mexico/BajaSur", "usr/share/zoneinfo/right/Mexico/General", "usr/share/zoneinfo/right/Pacific/Apia", "usr/share/zoneinfo/right/Pacific/Auckland", "usr/share/zoneinfo/right/Pacific/Bougainville", "usr/share/zoneinfo/right/Pacific/Chatham", "usr/share/zoneinfo/right/Pacific/Chuuk", "usr/share/zoneinfo/right/Pacific/Easter", "usr/share/zoneinfo/right/Pacific/Efate", "usr/share/zoneinfo/right/Pacific/Enderbury", "usr/share/zoneinfo/right/Pacific/Fakaofo", "usr/share/zoneinfo/right/Pacific/Fiji", "usr/share/zoneinfo/right/Pacific/Funafuti", "usr/share/zoneinfo/right/Pacific/Galapagos", "usr/share/zoneinfo/right/Pacific/Gambier", "usr/share/zoneinfo/right/Pacific/Guadalcanal", "usr/share/zoneinfo/right/Pacific/Guam", "usr/share/zoneinfo/right/Pacific/Honolulu", "usr/share/zoneinfo/right/Pacific/Johnston", "usr/share/zoneinfo/right/Pacific/Kanton", "usr/share/zoneinfo/right/Pacific/Kiritimati", "usr/share/zoneinfo/right/Pacific/Kosrae", "usr/share/zoneinfo/right/Pacific/Kwajalein", "usr/share/zoneinfo/right/Pacific/Majuro", "usr/share/zoneinfo/right/Pacific/Marquesas", "usr/share/zoneinfo/right/Pacific/Midway", "usr/share/zoneinfo/right/Pacific/Nauru", "usr/share/zoneinfo/right/Pacific/Niue", "usr/share/zoneinfo/right/Pacific/Norfolk", "usr/share/zoneinfo/right/Pacific/Noumea", "usr/share/zoneinfo/right/Pacific/Pago_Pago", "usr/share/zoneinfo/right/Pacific/Palau", "usr/share/zoneinfo/right/Pacific/Pitcairn", "usr/share/zoneinfo/right/Pacific/Pohnpei", "usr/share/zoneinfo/right/Pacific/Ponape", "usr/share/zoneinfo/right/Pacific/Port_Moresby", "usr/share/zoneinfo/right/Pacific/Rarotonga", "usr/share/zoneinfo/right/Pacific/Saipan", "usr/share/zoneinfo/right/Pacific/Samoa", "usr/share/zoneinfo/right/Pacific/Tahiti", "usr/share/zoneinfo/right/Pacific/Tarawa", "usr/share/zoneinfo/right/Pacific/Tongatapu", "usr/share/zoneinfo/right/Pacific/Truk", "usr/share/zoneinfo/right/Pacific/Wake", "usr/share/zoneinfo/right/Pacific/Wallis", "usr/share/zoneinfo/right/Pacific/Yap", "usr/share/zoneinfo/right/US/Alaska", "usr/share/zoneinfo/right/US/Aleutian", "usr/share/zoneinfo/right/US/Arizona", "usr/share/zoneinfo/right/US/Central", "usr/share/zoneinfo/right/US/East-Indiana", "usr/share/zoneinfo/right/US/Eastern", "usr/share/zoneinfo/right/US/Hawaii", "usr/share/zoneinfo/right/US/Indiana-Starke", "usr/share/zoneinfo/right/US/Michigan", "usr/share/zoneinfo/right/US/Mountain", "usr/share/zoneinfo/right/US/Pacific", "usr/share/zoneinfo/right/US/Samoa" ], "AnalyzedBy": "apk" }, { "ID": "zlib@1.2.12-r3", "Name": "zlib", "Identifier": { "PURL": "pkg:apk/alpine/zlib@1.2.12-r3?arch=x86_64\u0026distro=3.16.9", "UID": "481df036f091f71" }, "Version": "1.2.12-r3", "Arch": "x86_64", "SrcName": "zlib", "SrcVersion": "1.2.12-r3", "Licenses": [ "Zlib" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.3-r4" ], "Layer": { "Digest": "sha256:a88dc8b54e91eb6b19695ef7e04865926d4df23004f414a3ee86978617492d4d", "DiffID": "sha256:5535fda0356bb3eff348b2f618314a47946d7ccfbeb880b3fc910dd7375ae140" }, "Digest": "sha1:124baa9bfd023f2c0308a11b13086c3c2c3ecfd1", "InstalledFiles": [ "lib/libz.so.1", "lib/libz.so.1.2.12" ], "AnalyzedBy": "apk" } ] }, { "Target": "dinit", "Class": "lang-pkgs", "Type": "gobinary", "Packages": [ { "ID": "gitlab.com/tozd/dinit@v0.4.0", "Name": "gitlab.com/tozd/dinit", "Identifier": { "PURL": "pkg:golang/gitlab.com/tozd/dinit@v0.4.0", "UID": "a1067bcfdd058b2" }, "Version": "v0.4.0", "Relationship": "root", "DependsOn": [ "github.com/google/uuid@v1.3.0", "github.com/pkg/errors@v0.9.1", "gitlab.com/tozd/go/errors@v0.7.2", "gitlab.com/tozd/go/pcontrol@v0.3.0", "golang.org/x/sync@v0.2.0", "golang.org/x/sys@v0.9.0", "stdlib@v1.25.1" ], "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "AnalyzedBy": "gobinary" }, { "ID": "stdlib@v1.25.1", "Name": "stdlib", "Identifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "b45deeac0c620822" }, "Version": "v1.25.1", "Relationship": "direct", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/uuid@v1.3.0", "Name": "github.com/google/uuid", "Identifier": { "PURL": "pkg:golang/github.com/google/uuid@v1.3.0", "UID": "d35ecc168b92c1c" }, "Version": "v1.3.0", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/pkg/errors@v0.9.1", "Name": "github.com/pkg/errors", "Identifier": { "PURL": "pkg:golang/github.com/pkg/errors@v0.9.1", "UID": "e40239b36ee6a731" }, "Version": "v0.9.1", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "AnalyzedBy": "gobinary" }, { "ID": "gitlab.com/tozd/go/errors@v0.7.2", "Name": "gitlab.com/tozd/go/errors", "Identifier": { "PURL": "pkg:golang/gitlab.com/tozd/go/errors@v0.7.2", "UID": "4b5d2f7d1cbb234b" }, "Version": "v0.7.2", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "AnalyzedBy": "gobinary" }, { "ID": "gitlab.com/tozd/go/pcontrol@v0.3.0", "Name": "gitlab.com/tozd/go/pcontrol", "Identifier": { "PURL": "pkg:golang/gitlab.com/tozd/go/pcontrol@v0.3.0", "UID": "74562aae0baeaea9" }, "Version": "v0.3.0", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/sync@v0.2.0", "Name": "golang.org/x/sync", "Identifier": { "PURL": "pkg:golang/golang.org/x/sync@v0.2.0", "UID": "6e243ad87e7d686b" }, "Version": "v0.2.0", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/sys@v0.9.0", "Name": "golang.org/x/sys", "Identifier": { "PURL": "pkg:golang/golang.org/x/sys@v0.9.0", "UID": "3321b921c95ead4c" }, "Version": "v0.9.0", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "AnalyzedBy": "gobinary" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2025-68121", "VendorIDs": [ "GO-2026-4337" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "b45deeac0c620822" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68121", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b70c47b08082e8a079c83b0ad846073d691b884a30693661d69b9bd6969d5edd", "Title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption", "Description": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.", "Severity": "CRITICAL", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 4, "cbl-mariner": 2, "nvd": 4, "oracle-oval": 3, "photon": 4, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "V3Score": 10 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "V3Score": 10 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4177", "https://access.redhat.com/security/cve/CVE-2025-68121", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-4177.html", "https://errata.rockylinux.org/RLSA-2026:4177", "https://github.com/golang/go/issues/77113", "https://go.dev/cl/737700", "https://go.dev/issue/77217", "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-68121.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-68121", "https://pkg.go.dev/vuln/GO-2026-4337", "https://www.cve.org/CVERecord?id=CVE-2025-68121" ], "PublishedDate": "2026-02-05T18:16:10.857Z", "LastModifiedDate": "2026-04-29T14:16:16.17Z" }, { "VulnerabilityID": "CVE-2025-61726", "VendorIDs": [ "GO-2026-4341" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "b45deeac0c620822" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61726", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:7b8b32dce2b69c643a121909af9b5555d20b038d384e0cff16260801e910db53", "Title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url", "Description": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 3, "cbl-mariner": 2, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4177", "https://access.redhat.com/security/cve/CVE-2025-61726", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-4177.html", "https://errata.rockylinux.org/RLSA-2026:4177", "https://go.dev/cl/736712", "https://go.dev/issue/77101", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-61726.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61726", "https://pkg.go.dev/vuln/GO-2026-4341", "https://www.cve.org/CVERecord?id=CVE-2025-61726" ], "PublishedDate": "2026-01-28T20:16:09.713Z", "LastModifiedDate": "2026-02-06T18:47:34.52Z" }, { "VulnerabilityID": "CVE-2025-61729", "VendorIDs": [ "GO-2025-4155" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "b45deeac0c620822" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.24.11, 1.25.5", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61729", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3e2f92a48bc0c95d0996deda1b165efbbcf765b69f42f11cc412a3ce45cd98df", "Title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate", "Description": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 1, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:3928", "https://access.redhat.com/security/cve/CVE-2025-61729", "https://bugzilla.redhat.com/2418462", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-3928.html", "https://errata.rockylinux.org/RLSA-2026:3928", "https://go.dev/cl/725920", "https://go.dev/issue/76445", "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "https://linux.oracle.com/cve/CVE-2025-61729.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61729", "https://pkg.go.dev/vuln/GO-2025-4155", "https://www.cve.org/CVERecord?id=CVE-2025-61729" ], "PublishedDate": "2025-12-02T19:15:51.447Z", "LastModifiedDate": "2025-12-19T18:25:28.283Z" }, { "VulnerabilityID": "CVE-2026-25679", "VendorIDs": [ "GO-2026-4601" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "b45deeac0c620822" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.25.8, 1.26.1", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25679", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:81e9c46ca60af61d6c82747690281a2ea1498538717001f4d647c8191ea13a22", "Title": "net/url: Incorrect parsing of IPv6 host literals in net/url", "Description": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.", "Severity": "HIGH", "CweIDs": [ "CWE-425" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:9044", "https://access.redhat.com/security/cve/CVE-2026-25679", "https://bugzilla.redhat.com/2445356", "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", "https://errata.almalinux.org/9/ALSA-2026-9044.html", "https://errata.rockylinux.org/RLSA-2026:8841", "https://go.dev/cl/752180", "https://go.dev/issue/77578", "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "https://linux.oracle.com/cve/CVE-2026-25679.html", "https://linux.oracle.com/errata/ELSA-2026-9044.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", "https://pkg.go.dev/vuln/GO-2026-4601", "https://www.cve.org/CVERecord?id=CVE-2026-25679" ], "PublishedDate": "2026-03-06T22:16:00.72Z", "LastModifiedDate": "2026-04-21T14:43:03.8Z" }, { "VulnerabilityID": "CVE-2026-32280", "VendorIDs": [ "GO-2026-4947" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "b45deeac0c620822" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:eb2e805012f99d8e06300b15afb3fcd3a8e8429dc92926ea2fe15727c4d6e2bb", "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32280", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/758320", "https://go.dev/issue/78282", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32280.html", "https://linux.oracle.com/errata/ELSA-2026-16875.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", "https://pkg.go.dev/vuln/GO-2026-4947", "https://www.cve.org/CVERecord?id=CVE-2026-32280" ], "PublishedDate": "2026-04-08T02:16:03.247Z", "LastModifiedDate": "2026-04-16T19:16:42.18Z" }, { "VulnerabilityID": "CVE-2026-32281", "VendorIDs": [ "GO-2026-4946" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "b45deeac0c620822" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:0eb95a8db5701af739fd24a3c1750cfb3b6002ae1cad87c1ac9afd58e250c6b9", "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32281", "https://go.dev/cl/758061", "https://go.dev/issue/78281", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", "https://pkg.go.dev/vuln/GO-2026-4946", "https://www.cve.org/CVERecord?id=CVE-2026-32281" ], "PublishedDate": "2026-04-08T02:16:03.35Z", "LastModifiedDate": "2026-04-16T19:15:57.75Z" }, { "VulnerabilityID": "CVE-2026-32283", "VendorIDs": [ "GO-2026-4870" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "b45deeac0c620822" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:57f789a7ef3cc3a9ec99ea60e37954a2fbf1415806ff27af027305c7e9c72cb1", "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "nvd": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32283", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763767", "https://go.dev/issue/78334", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32283.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", "https://pkg.go.dev/vuln/GO-2026-4870", "https://www.cve.org/CVERecord?id=CVE-2026-32283" ], "PublishedDate": "2026-04-08T02:16:03.58Z", "LastModifiedDate": "2026-04-16T19:12:10.54Z" }, { "VulnerabilityID": "CVE-2026-33811", "VendorIDs": [ "GO-2026-4981" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "b45deeac0c620822" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c83a22a6c0fa01fc1a2d45fd5c3aceacddde3d804d3d4f536305ccef4ce5f3fc", "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", "Severity": "HIGH", "CweIDs": [ "CWE-415" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/767860", "https://go.dev/issue/78803", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", "https://pkg.go.dev/vuln/GO-2026-4981" ], "PublishedDate": "2026-05-07T20:16:42.77Z", "LastModifiedDate": "2026-05-12T20:23:02.333Z" }, { "VulnerabilityID": "CVE-2026-33814", "VendorIDs": [ "GO-2026-4918" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "b45deeac0c620822" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:4b65316f2ab62f785a6d682745647f07b0262424e118a11e854aeef0501513b2", "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", "Severity": "HIGH", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/761581", "https://go.dev/cl/761640", "https://go.dev/issue/78476", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", "https://pkg.go.dev/vuln/GO-2026-4918" ], "PublishedDate": "2026-05-07T20:16:42.88Z", "LastModifiedDate": "2026-05-13T14:41:59.52Z" }, { "VulnerabilityID": "CVE-2026-39820", "VendorIDs": [ "GO-2026-4986" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "b45deeac0c620822" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:0a734015251488443dc41f01af9bbb7d56d5a5a1435785a71685bf3564169243", "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/759940", "https://go.dev/issue/78566", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", "https://pkg.go.dev/vuln/GO-2026-4986" ], "PublishedDate": "2026-05-07T20:16:43.187Z", "LastModifiedDate": "2026-05-13T15:10:58.65Z" }, { "VulnerabilityID": "CVE-2026-39836", "VendorIDs": [ "GO-2026-4971" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "b45deeac0c620822" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b270b536833726021101cc117dbddadde96c485b6d4d292be8737a85aaf00635", "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/775320", "https://go.dev/issue/79006", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", "https://pkg.go.dev/vuln/GO-2026-4971" ], "PublishedDate": "2026-05-07T20:16:43.593Z", "LastModifiedDate": "2026-05-13T15:11:10.31Z" }, { "VulnerabilityID": "CVE-2026-42499", "VendorIDs": [ "GO-2026-4977" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "b45deeac0c620822" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:992fdd4fe78327be37a0ba3046c63b0f0318764569f134b0be8e5d792bc6630e", "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", "Severity": "HIGH", "VendorSeverity": { "bitnami": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/771520", "https://go.dev/issue/78987", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", "https://pkg.go.dev/vuln/GO-2026-4977" ], "PublishedDate": "2026-05-07T20:16:44.54Z", "LastModifiedDate": "2026-05-13T16:59:17.563Z" }, { "VulnerabilityID": "CVE-2025-47912", "VendorIDs": [ "GO-2025-4010" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "b45deeac0c620822" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47912", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:be6327e2ecd1cb2181f3c276a884f8fca1ea72870b3aa3ba95ab523b93ed29dc", "Title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url", "Description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-47912", "https://go.dev/cl/709857", "https://go.dev/issue/75678", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-47912", "https://pkg.go.dev/vuln/GO-2025-4010", "https://www.cve.org/CVERecord?id=CVE-2025-47912" ], "PublishedDate": "2025-10-29T23:16:18.187Z", "LastModifiedDate": "2026-01-29T13:57:18.69Z" }, { "VulnerabilityID": "CVE-2025-58183", "VendorIDs": [ "GO-2025-4014" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "b45deeac0c620822" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58183", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:18d37ba49f6b9ea9719050ac0e91224b9cd12dbc81a513ad1d703ec235ac952f", "Title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map", "Description": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/errata/RHSA-2026:1381", "https://access.redhat.com/security/cve/CVE-2025-58183", "https://bugzilla.redhat.com/2407258", "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", "https://errata.almalinux.org/9/ALSA-2026-1381.html", "https://errata.rockylinux.org/RLSA-2025:23326", "https://go.dev/cl/709861", "https://go.dev/issue/75677", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://linux.oracle.com/cve/CVE-2025-58183.html", "https://linux.oracle.com/errata/ELSA-2026-50076.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-58183", "https://pkg.go.dev/vuln/GO-2025-4014", "https://www.cve.org/CVERecord?id=CVE-2025-58183" ], "PublishedDate": "2025-10-29T23:16:19.357Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-58185", "VendorIDs": [ "GO-2025-4011" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "b45deeac0c620822" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58185", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:90c5ab3bea7bd55f4eb0f9c8e7dcafdc602a89be7368d6c4ac193f7106dc4190", "Title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1", "Description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58185", "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd", "https://go.dev/cl/709856", "https://go.dev/issue/75671", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58185", "https://pkg.go.dev/vuln/GO-2025-4011", "https://www.cve.org/CVERecord?id=CVE-2025-58185" ], "PublishedDate": "2025-10-29T23:16:19.45Z", "LastModifiedDate": "2026-02-06T20:26:41.997Z" }, { "VulnerabilityID": "CVE-2025-58187", "VendorIDs": [ "GO-2025-4007" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "b45deeac0c620822" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.24.9, 1.25.3", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58187", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c62d4c970201ba1f8a9ff70cb9d99f5dd7f7ef0ab9c199c1970d89fd347eab3f", "Title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509", "Description": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.", "Severity": "MEDIUM", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58187", "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4", "https://go.dev/cl/709854", "https://go.dev/issue/75681", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58187", "https://pkg.go.dev/vuln/GO-2025-4007", "https://www.cve.org/CVERecord?id=CVE-2025-58187" ], "PublishedDate": "2025-10-29T23:16:19.643Z", "LastModifiedDate": "2026-01-29T16:02:27.08Z" }, { "VulnerabilityID": "CVE-2025-58188", "VendorIDs": [ "GO-2025-4013" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "b45deeac0c620822" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58188", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b7ee51268c1fcbe1567984aa3586b66aa38de835b418b243cf256272dc4c51ec", "Title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509", "Description": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58188", "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9", "https://go.dev/cl/709853", "https://go.dev/issue/75675", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58188", "https://pkg.go.dev/vuln/GO-2025-4013", "https://www.cve.org/CVERecord?id=CVE-2025-58188" ], "PublishedDate": "2025-10-29T23:16:19.74Z", "LastModifiedDate": "2026-01-29T15:55:11.97Z" }, { "VulnerabilityID": "CVE-2025-58189", "VendorIDs": [ "GO-2025-4008" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "b45deeac0c620822" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58189", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:969934641d52a0e9a8b4a891a95bd71ebd2f8ece4418fb137d4e2b84c82b4c77", "Title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information", "Description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", "Severity": "MEDIUM", "CweIDs": [ "CWE-532" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58189", "https://go.dev/cl/707776", "https://go.dev/issue/75652", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58189", "https://pkg.go.dev/vuln/GO-2025-4008", "https://www.cve.org/CVERecord?id=CVE-2025-58189" ], "PublishedDate": "2025-10-29T23:16:19.833Z", "LastModifiedDate": "2026-01-29T15:49:24.543Z" }, { "VulnerabilityID": "CVE-2025-61723", "VendorIDs": [ "GO-2025-4009" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "b45deeac0c620822" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61723", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:d3902dc9b21f547aa279dc6595ac054df58d0d06f0be0f32fa895504160787a8", "Title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem", "Description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61723", "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b", "https://go.dev/cl/709858", "https://go.dev/issue/75676", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61723", "https://pkg.go.dev/vuln/GO-2025-4009", "https://www.cve.org/CVERecord?id=CVE-2025-61723" ], "PublishedDate": "2025-10-29T23:16:19.927Z", "LastModifiedDate": "2026-01-29T15:49:05.343Z" }, { "VulnerabilityID": "CVE-2025-61724", "VendorIDs": [ "GO-2025-4015" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "b45deeac0c620822" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61724", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:9854bbab6f877b046810300593a328bc4752a1ac392b95777ebe7cbd746d828d", "Title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto", "Description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61724", "https://go.dev/cl/709859", "https://go.dev/issue/75716", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61724", "https://pkg.go.dev/vuln/GO-2025-4015", "https://www.cve.org/CVERecord?id=CVE-2025-61724" ], "PublishedDate": "2025-10-29T23:16:20.02Z", "LastModifiedDate": "2026-01-29T15:30:53.69Z" }, { "VulnerabilityID": "CVE-2025-61725", "VendorIDs": [ "GO-2025-4006" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "b45deeac0c620822" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61725", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:dfb46408fbcd3a99ac73914348bdaf83c6d2079f5bc082a6bb9374635dd82194", "Title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail", "Description": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61725", "https://go.dev/cl/709860", "https://go.dev/issue/75680", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61725", "https://pkg.go.dev/vuln/GO-2025-4006", "https://www.cve.org/CVERecord?id=CVE-2025-61725" ], "PublishedDate": "2025-10-29T23:16:20.113Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-61727", "VendorIDs": [ "GO-2025-4175" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "b45deeac0c620822" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.24.11, 1.25.5", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61727", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:051d08ad2f8f05fb3ed2f678183d840ec2511a3e771f2ee0ced8193de996d99b", "Title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs", "Description": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-61727", "https://go.dev/cl/723900", "https://go.dev/issue/76442", "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "https://nvd.nist.gov/vuln/detail/CVE-2025-61727", "https://pkg.go.dev/vuln/GO-2025-4175", "https://www.cve.org/CVERecord?id=CVE-2025-61727" ], "PublishedDate": "2025-12-03T20:16:25.607Z", "LastModifiedDate": "2025-12-18T20:15:10.957Z" }, { "VulnerabilityID": "CVE-2025-61728", "VendorIDs": [ "GO-2026-4342" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "b45deeac0c620822" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61728", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:8812ad9d334261aa14772471fc4be50240bbf31557fe7d1bcc13704bfb42d653", "Title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip", "Description": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/15/4", "https://access.redhat.com/errata/RHSA-2026:3753", "https://access.redhat.com/security/cve/CVE-2025-61728", "https://bugzilla.redhat.com/2418462", "https://bugzilla.redhat.com/2434431", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", "https://bugzilla.redhat.com/show_bug.cgi?id=2434431", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-3753.html", "https://errata.rockylinux.org/RLSA-2026:3337", "https://go.dev/cl/736713", "https://go.dev/issue/77102", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-61728.html", "https://linux.oracle.com/errata/ELSA-2026-4672.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61728", "https://pkg.go.dev/vuln/GO-2026-4342", "https://www.cve.org/CVERecord?id=CVE-2025-61728" ], "PublishedDate": "2026-01-28T20:16:09.83Z", "LastModifiedDate": "2026-02-06T18:45:10.42Z" }, { "VulnerabilityID": "CVE-2025-61730", "VendorIDs": [ "GO-2026-4340" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "b45deeac0c620822" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61730", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:6ebf3fecc1b12df7ae2ccdb19c4b97121ade2e5b65c8cb8b149efa5a62ba48ae", "Title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls", "Description": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 2, "azure": 1, "bitnami": 2, "cbl-mariner": 1, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-61730", "https://go.dev/cl/724120", "https://go.dev/issue/76443", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://nvd.nist.gov/vuln/detail/CVE-2025-61730", "https://pkg.go.dev/vuln/GO-2026-4340", "https://www.cve.org/CVERecord?id=CVE-2025-61730" ], "PublishedDate": "2026-01-28T20:16:09.94Z", "LastModifiedDate": "2026-02-03T20:36:41.3Z" }, { "VulnerabilityID": "CVE-2026-27142", "VendorIDs": [ "GO-2026-4603" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "b45deeac0c620822" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.25.8, 1.26.1", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27142", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:617c46a38021042807e385dd5350a68fe52c0576c9f1d60349d70bb6d0ecd494", "Title": "html/template: URLs in meta content attribute actions are not escaped in html/template", "Description": "Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27142", "https://go.dev/cl/752081", "https://go.dev/issue/77954", "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "https://nvd.nist.gov/vuln/detail/CVE-2026-27142", "https://pkg.go.dev/vuln/GO-2026-4603", "https://www.cve.org/CVERecord?id=CVE-2026-27142" ], "PublishedDate": "2026-03-06T22:16:01.177Z", "LastModifiedDate": "2026-04-21T14:30:01.38Z" }, { "VulnerabilityID": "CVE-2026-32282", "VendorIDs": [ "GO-2026-4864" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "b45deeac0c620822" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:6519340c1fc86ac654a7ef1c0c521d0b0a7fa27f26698eef453c84b4ca473d1d", "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32282", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763761", "https://go.dev/issue/78293", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32282.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", "https://pkg.go.dev/vuln/GO-2026-4864", "https://www.cve.org/CVERecord?id=CVE-2026-32282" ], "PublishedDate": "2026-04-08T02:16:03.467Z", "LastModifiedDate": "2026-04-16T19:15:39.4Z" }, { "VulnerabilityID": "CVE-2026-32288", "VendorIDs": [ "GO-2026-4869" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "b45deeac0c620822" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:e4616833540863ba2256ba93323b8ee39da01429fd45efc9181970e7991c7b5a", "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "azure": 2, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32288", "https://go.dev/cl/763766", "https://go.dev/issue/78301", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", "https://pkg.go.dev/vuln/GO-2026-4869", "https://www.cve.org/CVERecord?id=CVE-2026-32288" ], "PublishedDate": "2026-04-08T02:16:03.707Z", "LastModifiedDate": "2026-04-16T19:08:52.24Z" }, { "VulnerabilityID": "CVE-2026-32289", "VendorIDs": [ "GO-2026-4865" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "b45deeac0c620822" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:593f57c2b78c3796838c5cd6f1d4751a7fb344b20a72055927f7c234d3c01391", "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32289", "https://go.dev/cl/763762", "https://go.dev/issue/78331", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", "https://pkg.go.dev/vuln/GO-2026-4865", "https://www.cve.org/CVERecord?id=CVE-2026-32289" ], "PublishedDate": "2026-04-08T02:16:03.82Z", "LastModifiedDate": "2026-04-16T19:06:57.367Z" }, { "VulnerabilityID": "CVE-2026-39823", "VendorIDs": [ "GO-2026-4982" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "b45deeac0c620822" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b50b9bc45f2ae211287d5b484929cfed7c7ac6d5392294b73d233493bc76ab80", "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/769920", "https://go.dev/issue/78913", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", "https://pkg.go.dev/vuln/GO-2026-4982" ], "PublishedDate": "2026-05-07T20:16:43.29Z", "LastModifiedDate": "2026-05-13T16:58:45.697Z" }, { "VulnerabilityID": "CVE-2026-39825", "VendorIDs": [ "GO-2026-4976" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "b45deeac0c620822" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:6749a231f3169ff21a4090f2fc070c86a962f43218f183607d2f0bdeaa91919e", "Title": "ReverseProxy can forward queries containing parameters not visible to ...", "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", "Severity": "MEDIUM", "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://go.dev/cl/770541", "https://go.dev/issue/78948", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", "https://pkg.go.dev/vuln/GO-2026-4976" ], "PublishedDate": "2026-05-07T20:16:43.39Z", "LastModifiedDate": "2026-05-13T16:58:56.39Z" }, { "VulnerabilityID": "CVE-2026-39826", "VendorIDs": [ "GO-2026-4980" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "b45deeac0c620822" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b01122cd00c7cc3cec247d5ed01e60dfdfc76191e74303a154490e2f4591c1d2", "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", "Severity": "MEDIUM", "CweIDs": [ "CWE-116" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/771180", "https://go.dev/issue/78981", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", "https://pkg.go.dev/vuln/GO-2026-4980" ], "PublishedDate": "2026-05-07T20:16:43.49Z", "LastModifiedDate": "2026-05-13T16:59:07.48Z" } ] }, { "Target": "usr/local/bin/regex2json", "Class": "lang-pkgs", "Type": "gobinary", "Packages": [ { "ID": "gitlab.com/tozd/regex2json@v0.13.0", "Name": "gitlab.com/tozd/regex2json", "Identifier": { "PURL": "pkg:golang/gitlab.com/tozd/regex2json@v0.13.0", "UID": "670c77a77032cae" }, "Version": "v0.13.0", "Relationship": "root", "DependsOn": [ "github.com/tkuchiki/go-timezone@v0.2.2", "stdlib@v1.25.1" ], "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "AnalyzedBy": "gobinary" }, { "ID": "stdlib@v1.25.1", "Name": "stdlib", "Identifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "fe93f0d92b4d245e" }, "Version": "v1.25.1", "Relationship": "direct", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/tkuchiki/go-timezone@v0.2.2", "Name": "github.com/tkuchiki/go-timezone", "Identifier": { "PURL": "pkg:golang/github.com/tkuchiki/go-timezone@v0.2.2", "UID": "45f1707a4bf46485" }, "Version": "v0.2.2", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "AnalyzedBy": "gobinary" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2025-68121", "VendorIDs": [ "GO-2026-4337" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "fe93f0d92b4d245e" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68121", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:058174fa3fd8a32f6cd1e57e27f57270a8e24080209e6dab95bf369e80e4af1f", "Title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption", "Description": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.", "Severity": "CRITICAL", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 4, "cbl-mariner": 2, "nvd": 4, "oracle-oval": 3, "photon": 4, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "V3Score": 10 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "V3Score": 10 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4177", "https://access.redhat.com/security/cve/CVE-2025-68121", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-4177.html", "https://errata.rockylinux.org/RLSA-2026:4177", "https://github.com/golang/go/issues/77113", "https://go.dev/cl/737700", "https://go.dev/issue/77217", "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-68121.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-68121", "https://pkg.go.dev/vuln/GO-2026-4337", "https://www.cve.org/CVERecord?id=CVE-2025-68121" ], "PublishedDate": "2026-02-05T18:16:10.857Z", "LastModifiedDate": "2026-04-29T14:16:16.17Z" }, { "VulnerabilityID": "CVE-2025-61726", "VendorIDs": [ "GO-2026-4341" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "fe93f0d92b4d245e" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61726", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:1c59a6b8e80f3789d78824de8c0909edd42db53e24663a2221afab92fce3ce49", "Title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url", "Description": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 3, "cbl-mariner": 2, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4177", "https://access.redhat.com/security/cve/CVE-2025-61726", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-4177.html", "https://errata.rockylinux.org/RLSA-2026:4177", "https://go.dev/cl/736712", "https://go.dev/issue/77101", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-61726.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61726", "https://pkg.go.dev/vuln/GO-2026-4341", "https://www.cve.org/CVERecord?id=CVE-2025-61726" ], "PublishedDate": "2026-01-28T20:16:09.713Z", "LastModifiedDate": "2026-02-06T18:47:34.52Z" }, { "VulnerabilityID": "CVE-2025-61729", "VendorIDs": [ "GO-2025-4155" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "fe93f0d92b4d245e" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.24.11, 1.25.5", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61729", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:fe700490d3ffea3ec016e141c00daaeecb3ab03ccbff3dd269dc724c62d496bc", "Title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate", "Description": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 1, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:3928", "https://access.redhat.com/security/cve/CVE-2025-61729", "https://bugzilla.redhat.com/2418462", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-3928.html", "https://errata.rockylinux.org/RLSA-2026:3928", "https://go.dev/cl/725920", "https://go.dev/issue/76445", "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "https://linux.oracle.com/cve/CVE-2025-61729.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61729", "https://pkg.go.dev/vuln/GO-2025-4155", "https://www.cve.org/CVERecord?id=CVE-2025-61729" ], "PublishedDate": "2025-12-02T19:15:51.447Z", "LastModifiedDate": "2025-12-19T18:25:28.283Z" }, { "VulnerabilityID": "CVE-2026-25679", "VendorIDs": [ "GO-2026-4601" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "fe93f0d92b4d245e" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.25.8, 1.26.1", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25679", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3d4388af11d3d9a683d385dc396c0c2a6edaba2d3428a0af98c208f01804f4f3", "Title": "net/url: Incorrect parsing of IPv6 host literals in net/url", "Description": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.", "Severity": "HIGH", "CweIDs": [ "CWE-425" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:9044", "https://access.redhat.com/security/cve/CVE-2026-25679", "https://bugzilla.redhat.com/2445356", "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", "https://errata.almalinux.org/9/ALSA-2026-9044.html", "https://errata.rockylinux.org/RLSA-2026:8841", "https://go.dev/cl/752180", "https://go.dev/issue/77578", "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "https://linux.oracle.com/cve/CVE-2026-25679.html", "https://linux.oracle.com/errata/ELSA-2026-9044.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", "https://pkg.go.dev/vuln/GO-2026-4601", "https://www.cve.org/CVERecord?id=CVE-2026-25679" ], "PublishedDate": "2026-03-06T22:16:00.72Z", "LastModifiedDate": "2026-04-21T14:43:03.8Z" }, { "VulnerabilityID": "CVE-2026-32280", "VendorIDs": [ "GO-2026-4947" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "fe93f0d92b4d245e" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:e0dc6d89d91e643434daace63def949b27d5558ebe723fae92538627150aad7f", "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32280", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/758320", "https://go.dev/issue/78282", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32280.html", "https://linux.oracle.com/errata/ELSA-2026-16875.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", "https://pkg.go.dev/vuln/GO-2026-4947", "https://www.cve.org/CVERecord?id=CVE-2026-32280" ], "PublishedDate": "2026-04-08T02:16:03.247Z", "LastModifiedDate": "2026-04-16T19:16:42.18Z" }, { "VulnerabilityID": "CVE-2026-32281", "VendorIDs": [ "GO-2026-4946" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "fe93f0d92b4d245e" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:d54574bcdfbd8d2f0b6648741480f8931045dc8ade18cf4bd76839c963bfd12d", "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32281", "https://go.dev/cl/758061", "https://go.dev/issue/78281", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", "https://pkg.go.dev/vuln/GO-2026-4946", "https://www.cve.org/CVERecord?id=CVE-2026-32281" ], "PublishedDate": "2026-04-08T02:16:03.35Z", "LastModifiedDate": "2026-04-16T19:15:57.75Z" }, { "VulnerabilityID": "CVE-2026-32283", "VendorIDs": [ "GO-2026-4870" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "fe93f0d92b4d245e" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:d7172ced8be4f55e99cc8b08811906d0fd4e3b8f51a3cedbd41158b1d3412f62", "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "nvd": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32283", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763767", "https://go.dev/issue/78334", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32283.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", "https://pkg.go.dev/vuln/GO-2026-4870", "https://www.cve.org/CVERecord?id=CVE-2026-32283" ], "PublishedDate": "2026-04-08T02:16:03.58Z", "LastModifiedDate": "2026-04-16T19:12:10.54Z" }, { "VulnerabilityID": "CVE-2026-33811", "VendorIDs": [ "GO-2026-4981" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "fe93f0d92b4d245e" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:de70fe8aa298b85b4251bd79b6b8e586ce8b34a883bf7b6eb313c8d413869b91", "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", "Severity": "HIGH", "CweIDs": [ "CWE-415" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/767860", "https://go.dev/issue/78803", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", "https://pkg.go.dev/vuln/GO-2026-4981" ], "PublishedDate": "2026-05-07T20:16:42.77Z", "LastModifiedDate": "2026-05-12T20:23:02.333Z" }, { "VulnerabilityID": "CVE-2026-33814", "VendorIDs": [ "GO-2026-4918" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "fe93f0d92b4d245e" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:8d8e5b12dfa85cb1e885f52282b951c8655b5c1ab5cd6537886fb0d43680600f", "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", "Severity": "HIGH", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/761581", "https://go.dev/cl/761640", "https://go.dev/issue/78476", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", "https://pkg.go.dev/vuln/GO-2026-4918" ], "PublishedDate": "2026-05-07T20:16:42.88Z", "LastModifiedDate": "2026-05-13T14:41:59.52Z" }, { "VulnerabilityID": "CVE-2026-39820", "VendorIDs": [ "GO-2026-4986" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "fe93f0d92b4d245e" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:010cf0f6ccc5d62be6547124b629da7c2efc4f9a25fe02a37a58d47983797742", "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/759940", "https://go.dev/issue/78566", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", "https://pkg.go.dev/vuln/GO-2026-4986" ], "PublishedDate": "2026-05-07T20:16:43.187Z", "LastModifiedDate": "2026-05-13T15:10:58.65Z" }, { "VulnerabilityID": "CVE-2026-39836", "VendorIDs": [ "GO-2026-4971" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "fe93f0d92b4d245e" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:1c2a96742478cb42a91b2ead788b8c43110d6476c2d6e637cd2955d6356f375c", "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/775320", "https://go.dev/issue/79006", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", "https://pkg.go.dev/vuln/GO-2026-4971" ], "PublishedDate": "2026-05-07T20:16:43.593Z", "LastModifiedDate": "2026-05-13T15:11:10.31Z" }, { "VulnerabilityID": "CVE-2026-42499", "VendorIDs": [ "GO-2026-4977" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "fe93f0d92b4d245e" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:e38bdc371c250c8ffcad3e75d6c74e827ffce6899abee65f4b25ea2d7ca31ea8", "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", "Severity": "HIGH", "VendorSeverity": { "bitnami": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/771520", "https://go.dev/issue/78987", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", "https://pkg.go.dev/vuln/GO-2026-4977" ], "PublishedDate": "2026-05-07T20:16:44.54Z", "LastModifiedDate": "2026-05-13T16:59:17.563Z" }, { "VulnerabilityID": "CVE-2025-47912", "VendorIDs": [ "GO-2025-4010" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "fe93f0d92b4d245e" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47912", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:df3afdf4e660d934ff184fe6133ff44b228d6e72fede42f6f37b928e14155546", "Title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url", "Description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-47912", "https://go.dev/cl/709857", "https://go.dev/issue/75678", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-47912", "https://pkg.go.dev/vuln/GO-2025-4010", "https://www.cve.org/CVERecord?id=CVE-2025-47912" ], "PublishedDate": "2025-10-29T23:16:18.187Z", "LastModifiedDate": "2026-01-29T13:57:18.69Z" }, { "VulnerabilityID": "CVE-2025-58183", "VendorIDs": [ "GO-2025-4014" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "fe93f0d92b4d245e" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58183", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b6b1ed967a407961f41840d3bff4727c08b4fee35a0d5ea40caeb30569378004", "Title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map", "Description": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/errata/RHSA-2026:1381", "https://access.redhat.com/security/cve/CVE-2025-58183", "https://bugzilla.redhat.com/2407258", "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", "https://errata.almalinux.org/9/ALSA-2026-1381.html", "https://errata.rockylinux.org/RLSA-2025:23326", "https://go.dev/cl/709861", "https://go.dev/issue/75677", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://linux.oracle.com/cve/CVE-2025-58183.html", "https://linux.oracle.com/errata/ELSA-2026-50076.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-58183", "https://pkg.go.dev/vuln/GO-2025-4014", "https://www.cve.org/CVERecord?id=CVE-2025-58183" ], "PublishedDate": "2025-10-29T23:16:19.357Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-58185", "VendorIDs": [ "GO-2025-4011" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "fe93f0d92b4d245e" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58185", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:53e84971361109869b5709eddbf10a02abe5553a80d710730114ffa39e8ac436", "Title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1", "Description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58185", "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd", "https://go.dev/cl/709856", "https://go.dev/issue/75671", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58185", "https://pkg.go.dev/vuln/GO-2025-4011", "https://www.cve.org/CVERecord?id=CVE-2025-58185" ], "PublishedDate": "2025-10-29T23:16:19.45Z", "LastModifiedDate": "2026-02-06T20:26:41.997Z" }, { "VulnerabilityID": "CVE-2025-58187", "VendorIDs": [ "GO-2025-4007" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "fe93f0d92b4d245e" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.24.9, 1.25.3", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58187", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:73d1a5af2436fde4b3ad0cdb3b46fbeaf50780a11ce9b21abd2244002d7f2271", "Title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509", "Description": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.", "Severity": "MEDIUM", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58187", "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4", "https://go.dev/cl/709854", "https://go.dev/issue/75681", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58187", "https://pkg.go.dev/vuln/GO-2025-4007", "https://www.cve.org/CVERecord?id=CVE-2025-58187" ], "PublishedDate": "2025-10-29T23:16:19.643Z", "LastModifiedDate": "2026-01-29T16:02:27.08Z" }, { "VulnerabilityID": "CVE-2025-58188", "VendorIDs": [ "GO-2025-4013" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "fe93f0d92b4d245e" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58188", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:6a60b44da3702827291d80a29cd7729a03af4387281f381e58d8ed737306906a", "Title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509", "Description": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58188", "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9", "https://go.dev/cl/709853", "https://go.dev/issue/75675", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58188", "https://pkg.go.dev/vuln/GO-2025-4013", "https://www.cve.org/CVERecord?id=CVE-2025-58188" ], "PublishedDate": "2025-10-29T23:16:19.74Z", "LastModifiedDate": "2026-01-29T15:55:11.97Z" }, { "VulnerabilityID": "CVE-2025-58189", "VendorIDs": [ "GO-2025-4008" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "fe93f0d92b4d245e" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58189", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:caed1b87040bed34f42256edd21b1f21fc2ee9678db878351b7c5d95b52e134a", "Title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information", "Description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", "Severity": "MEDIUM", "CweIDs": [ "CWE-532" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58189", "https://go.dev/cl/707776", "https://go.dev/issue/75652", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58189", "https://pkg.go.dev/vuln/GO-2025-4008", "https://www.cve.org/CVERecord?id=CVE-2025-58189" ], "PublishedDate": "2025-10-29T23:16:19.833Z", "LastModifiedDate": "2026-01-29T15:49:24.543Z" }, { "VulnerabilityID": "CVE-2025-61723", "VendorIDs": [ "GO-2025-4009" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "fe93f0d92b4d245e" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61723", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3189fdeda248c7aca38d8e43ad9e257223f22df67f4cbe26135c001020193f25", "Title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem", "Description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61723", "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b", "https://go.dev/cl/709858", "https://go.dev/issue/75676", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61723", "https://pkg.go.dev/vuln/GO-2025-4009", "https://www.cve.org/CVERecord?id=CVE-2025-61723" ], "PublishedDate": "2025-10-29T23:16:19.927Z", "LastModifiedDate": "2026-01-29T15:49:05.343Z" }, { "VulnerabilityID": "CVE-2025-61724", "VendorIDs": [ "GO-2025-4015" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "fe93f0d92b4d245e" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61724", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:9c2bc29862494fc5399a80916061780452d3d437c42b33ddc855b2da115654c1", "Title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto", "Description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61724", "https://go.dev/cl/709859", "https://go.dev/issue/75716", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61724", "https://pkg.go.dev/vuln/GO-2025-4015", "https://www.cve.org/CVERecord?id=CVE-2025-61724" ], "PublishedDate": "2025-10-29T23:16:20.02Z", "LastModifiedDate": "2026-01-29T15:30:53.69Z" }, { "VulnerabilityID": "CVE-2025-61725", "VendorIDs": [ "GO-2025-4006" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "fe93f0d92b4d245e" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61725", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:ff7ea82e91fc0af78950555dbb0789b4bffa652d04dbe8d696f60c122a75c9f6", "Title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail", "Description": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61725", "https://go.dev/cl/709860", "https://go.dev/issue/75680", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61725", "https://pkg.go.dev/vuln/GO-2025-4006", "https://www.cve.org/CVERecord?id=CVE-2025-61725" ], "PublishedDate": "2025-10-29T23:16:20.113Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-61727", "VendorIDs": [ "GO-2025-4175" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "fe93f0d92b4d245e" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.24.11, 1.25.5", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61727", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:d003e147c7ce8739b68bde99f3ebe8dfe321e5d07e5fc6d52d3451fcd72f53e8", "Title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs", "Description": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-61727", "https://go.dev/cl/723900", "https://go.dev/issue/76442", "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "https://nvd.nist.gov/vuln/detail/CVE-2025-61727", "https://pkg.go.dev/vuln/GO-2025-4175", "https://www.cve.org/CVERecord?id=CVE-2025-61727" ], "PublishedDate": "2025-12-03T20:16:25.607Z", "LastModifiedDate": "2025-12-18T20:15:10.957Z" }, { "VulnerabilityID": "CVE-2025-61728", "VendorIDs": [ "GO-2026-4342" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "fe93f0d92b4d245e" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61728", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:08063223e872e02a4588580462494aeaf69e8859b9ef7a3b78ca622976a1c1e0", "Title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip", "Description": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/15/4", "https://access.redhat.com/errata/RHSA-2026:3753", "https://access.redhat.com/security/cve/CVE-2025-61728", "https://bugzilla.redhat.com/2418462", "https://bugzilla.redhat.com/2434431", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", "https://bugzilla.redhat.com/show_bug.cgi?id=2434431", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-3753.html", "https://errata.rockylinux.org/RLSA-2026:3337", "https://go.dev/cl/736713", "https://go.dev/issue/77102", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-61728.html", "https://linux.oracle.com/errata/ELSA-2026-4672.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61728", "https://pkg.go.dev/vuln/GO-2026-4342", "https://www.cve.org/CVERecord?id=CVE-2025-61728" ], "PublishedDate": "2026-01-28T20:16:09.83Z", "LastModifiedDate": "2026-02-06T18:45:10.42Z" }, { "VulnerabilityID": "CVE-2025-61730", "VendorIDs": [ "GO-2026-4340" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "fe93f0d92b4d245e" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61730", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:a3a8f651464fff19fef41c3a6e96e0c3aa4d53be322a217b36b4236b820505fb", "Title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls", "Description": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 2, "azure": 1, "bitnami": 2, "cbl-mariner": 1, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-61730", "https://go.dev/cl/724120", "https://go.dev/issue/76443", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://nvd.nist.gov/vuln/detail/CVE-2025-61730", "https://pkg.go.dev/vuln/GO-2026-4340", "https://www.cve.org/CVERecord?id=CVE-2025-61730" ], "PublishedDate": "2026-01-28T20:16:09.94Z", "LastModifiedDate": "2026-02-03T20:36:41.3Z" }, { "VulnerabilityID": "CVE-2026-27142", "VendorIDs": [ "GO-2026-4603" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "fe93f0d92b4d245e" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.25.8, 1.26.1", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27142", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:a0af01d15929746ff55c5dbf586eeaa41a7034d79e207a0d9a50e8b9a581214c", "Title": "html/template: URLs in meta content attribute actions are not escaped in html/template", "Description": "Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27142", "https://go.dev/cl/752081", "https://go.dev/issue/77954", "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "https://nvd.nist.gov/vuln/detail/CVE-2026-27142", "https://pkg.go.dev/vuln/GO-2026-4603", "https://www.cve.org/CVERecord?id=CVE-2026-27142" ], "PublishedDate": "2026-03-06T22:16:01.177Z", "LastModifiedDate": "2026-04-21T14:30:01.38Z" }, { "VulnerabilityID": "CVE-2026-32282", "VendorIDs": [ "GO-2026-4864" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "fe93f0d92b4d245e" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:67b30ed62333bca3f32051d2deff781695fcbb961145de13315d5abed9ffae6c", "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32282", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763761", "https://go.dev/issue/78293", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32282.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", "https://pkg.go.dev/vuln/GO-2026-4864", "https://www.cve.org/CVERecord?id=CVE-2026-32282" ], "PublishedDate": "2026-04-08T02:16:03.467Z", "LastModifiedDate": "2026-04-16T19:15:39.4Z" }, { "VulnerabilityID": "CVE-2026-32288", "VendorIDs": [ "GO-2026-4869" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "fe93f0d92b4d245e" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:1e9f0ee733147da151806623a8100b0ee112a0c6c4b10008e7c5ba01fd4558fa", "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "azure": 2, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32288", "https://go.dev/cl/763766", "https://go.dev/issue/78301", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", "https://pkg.go.dev/vuln/GO-2026-4869", "https://www.cve.org/CVERecord?id=CVE-2026-32288" ], "PublishedDate": "2026-04-08T02:16:03.707Z", "LastModifiedDate": "2026-04-16T19:08:52.24Z" }, { "VulnerabilityID": "CVE-2026-32289", "VendorIDs": [ "GO-2026-4865" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "fe93f0d92b4d245e" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:2ec298549723c57fcd158242a208c1bd5dc850ebc78e1c5d57e0a4074c8e03e5", "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32289", "https://go.dev/cl/763762", "https://go.dev/issue/78331", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", "https://pkg.go.dev/vuln/GO-2026-4865", "https://www.cve.org/CVERecord?id=CVE-2026-32289" ], "PublishedDate": "2026-04-08T02:16:03.82Z", "LastModifiedDate": "2026-04-16T19:06:57.367Z" }, { "VulnerabilityID": "CVE-2026-39823", "VendorIDs": [ "GO-2026-4982" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "fe93f0d92b4d245e" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:8e52f3db56239fe9ff1c8b42f1f5bbf674cbb23988ccf7ad389f3900f687090d", "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/769920", "https://go.dev/issue/78913", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", "https://pkg.go.dev/vuln/GO-2026-4982" ], "PublishedDate": "2026-05-07T20:16:43.29Z", "LastModifiedDate": "2026-05-13T16:58:45.697Z" }, { "VulnerabilityID": "CVE-2026-39825", "VendorIDs": [ "GO-2026-4976" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "fe93f0d92b4d245e" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:84a119efe6daedab768b6d98cf4eb3627cf71e242d65772ee47f840ab6ebead0", "Title": "ReverseProxy can forward queries containing parameters not visible to ...", "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", "Severity": "MEDIUM", "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://go.dev/cl/770541", "https://go.dev/issue/78948", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", "https://pkg.go.dev/vuln/GO-2026-4976" ], "PublishedDate": "2026-05-07T20:16:43.39Z", "LastModifiedDate": "2026-05-13T16:58:56.39Z" }, { "VulnerabilityID": "CVE-2026-39826", "VendorIDs": [ "GO-2026-4980" ], "PkgID": "stdlib@v1.25.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.1", "UID": "fe93f0d92b4d245e" }, "InstalledVersion": "v1.25.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:8f89db52b012d1075272b9faf69f2bf097ba880caf2a48d37d82aa36b1e4e09f", "DiffID": "sha256:327e45fbc3df1d793566541642e33512d56a40d7309b73d3630fa8c78399a20d" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b5f7df0819d0c50c26907c4c60215cf67416554b25889b851882793bd284401f", "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", "Severity": "MEDIUM", "CweIDs": [ "CWE-116" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/771180", "https://go.dev/issue/78981", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", "https://pkg.go.dev/vuln/GO-2026-4980" ], "PublishedDate": "2026-05-07T20:16:43.49Z", "LastModifiedDate": "2026-05-13T16:59:07.48Z" } ] } ] }, { "Namespace": "mail", "Kind": "Deployment", "Name": "postfix", "Metadata": [ { "Size": 58672128, "OS": { "Family": "wolfi", "Name": "20230201" }, "ImageID": "sha256:b9b56018bd9e4f7496c6f35b0918448626dc1a894abaf6bb1d4cf91150bd56a4", "DiffIDs": [ "sha256:3a9803177bb563195998847cce18c838b99873e634c902f385e042d5228df4d7", "sha256:f11fd671e779cce250907410910e28992aa53539ab2a0975ac56dade8038383c", "sha256:7505965c2d8eb899a7de523a3351dc5636845c24cf50a7df9fcff870d2048e1c", "sha256:6dc90485e72e44afeb1ecab592900e898164c016d33125161b308c8bcfa53cf9", "sha256:caaccf89b8660b925e0e0266ffdc4f3e3cc7e98e121742c233f199ec167a4920", "sha256:70991d5976e247cb33ca1923edd3f609e6c23f527dbe62b838d6a03c0bca6453", "sha256:850730726263ef9170056c45983eebcbb4c22014c78b7d72032085fa3762def1", "sha256:90cfe0bd8cd693b2ee91b94108fc47f023d82edc00e57352ab6635d827b33505", "sha256:711f72ded0c5f10478ebf93fdd6d6a47ac484a232ef709c52e67315d4af006d9", "sha256:fa008b9e9566cccb0022385799dfad042fce8d00164bbce9b0780c0d48189a94", "sha256:c04a63708d2b0452b3e995ea00fc60f254d7fc35f8ffdbfcf0cb3b997369610e" ], "RepoTags": [ "chainguard/stunnel:latest" ], "RepoDigests": [ "chainguard/stunnel@sha256:5beda2fa6c5a3d36be2a650ef1233ab244aee71efe07c73e4495f82bb34cecd8" ], "Reference": "chainguard/stunnel:latest", "ImageConfig": { "architecture": "amd64", "author": "github.com/chainguard-dev/apko", "created": "2026-05-20T02:17:13Z", "history": [ { "author": "apko", "created": "2026-05-20T02:17:13Z", "created_by": "apko", "comment": "stunnel by Chainguard" }, { "author": "apko", "created": "2026-05-20T02:17:13Z", "created_by": "apko", "comment": "stunnel by Chainguard" }, { "author": "apko", "created": "2026-05-20T02:17:13Z", "created_by": "apko", "comment": "stunnel by Chainguard" }, { "author": "apko", "created": "2026-05-20T02:17:13Z", "created_by": "apko", "comment": "stunnel by Chainguard" }, { "author": "apko", "created": "2026-05-20T02:17:13Z", "created_by": "apko", "comment": "stunnel by Chainguard" }, { "author": "apko", "created": "2026-05-20T02:17:13Z", "created_by": "apko", "comment": "stunnel by Chainguard" }, { "author": "apko", "created": "2026-05-20T02:17:13Z", "created_by": "apko", "comment": "stunnel by Chainguard" }, { "author": "apko", "created": "2026-05-20T02:17:13Z", "created_by": "apko", "comment": "stunnel by Chainguard" }, { "author": "apko", "created": "2026-05-20T02:17:13Z", "created_by": "apko", "comment": "stunnel by Chainguard" }, { "author": "apko", "created": "2026-05-20T02:17:13Z", "created_by": "apko", "comment": "stunnel by Chainguard" }, { "author": "apko", "created": "2026-05-20T02:17:13Z", "created_by": "apko", "comment": "stunnel by Chainguard" } ], "os": "linux", "rootfs": { "type": "layers", "diff_ids": [ "sha256:3a9803177bb563195998847cce18c838b99873e634c902f385e042d5228df4d7", "sha256:f11fd671e779cce250907410910e28992aa53539ab2a0975ac56dade8038383c", "sha256:7505965c2d8eb899a7de523a3351dc5636845c24cf50a7df9fcff870d2048e1c", "sha256:6dc90485e72e44afeb1ecab592900e898164c016d33125161b308c8bcfa53cf9", "sha256:caaccf89b8660b925e0e0266ffdc4f3e3cc7e98e121742c233f199ec167a4920", "sha256:70991d5976e247cb33ca1923edd3f609e6c23f527dbe62b838d6a03c0bca6453", "sha256:850730726263ef9170056c45983eebcbb4c22014c78b7d72032085fa3762def1", "sha256:90cfe0bd8cd693b2ee91b94108fc47f023d82edc00e57352ab6635d827b33505", "sha256:711f72ded0c5f10478ebf93fdd6d6a47ac484a232ef709c52e67315d4af006d9", "sha256:fa008b9e9566cccb0022385799dfad042fce8d00164bbce9b0780c0d48189a94", "sha256:c04a63708d2b0452b3e995ea00fc60f254d7fc35f8ffdbfcf0cb3b997369610e" ] }, "config": { "Cmd": [ "-help" ], "Entrypoint": [ "/usr/bin/stunnel" ], "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/sbin:/sbin:/bin", "SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt" ], "Labels": { "dev.chainguard.image.title": "stunnel", "dev.chainguard.package.main": "", "org.opencontainers.image.authors": "Chainguard Team https://www.chainguard.dev/", "org.opencontainers.image.created": "2026-05-20T02:17:13Z", "org.opencontainers.image.source": "https://github.com/chainguard-images/images/tree/main/images/stunnel", "org.opencontainers.image.title": "stunnel", "org.opencontainers.image.url": "https://images.chainguard.dev/directory/image/stunnel/overview", "org.opencontainers.image.vendor": "Chainguard" }, "User": "65532" } }, "Layers": [ { "Size": 42873344, "Digest": "sha256:bbf145ce746720e770db2198f415ca26e343d5d7a94ec0c90bf590e09ed0646d", "DiffID": "sha256:3a9803177bb563195998847cce18c838b99873e634c902f385e042d5228df4d7" }, { "Size": 7198720, "Digest": "sha256:a5bfa7101982291c5462599e1eb8bc10b735e11d87315dc410d32701854a8df1", "DiffID": "sha256:f11fd671e779cce250907410910e28992aa53539ab2a0975ac56dade8038383c" }, { "Size": 6977536, "Digest": "sha256:860e1c8a11b7b2efc375891fded78cd87961dafe0801554372faaf6e517622ff", "DiffID": "sha256:7505965c2d8eb899a7de523a3351dc5636845c24cf50a7df9fcff870d2048e1c" }, { "Size": 323072, "Digest": "sha256:3dcb254820f5eabdf1fc2319a73184c051cbc56d72886c40e6cd0b43033579c7", "DiffID": "sha256:6dc90485e72e44afeb1ecab592900e898164c016d33125161b308c8bcfa53cf9" }, { "Size": 238592, "Digest": "sha256:9201e51fe8c1f99c6602ba89bc6cbd3895501936ba9f62f705bb8f150d9bbace", "DiffID": "sha256:caaccf89b8660b925e0e0266ffdc4f3e3cc7e98e121742c233f199ec167a4920" }, { "Size": 227840, "Digest": "sha256:7c6e71c1fdfdf429844e25aad86441920641c0ba46466bc1d043556bfb81b24e", "DiffID": "sha256:70991d5976e247cb33ca1923edd3f609e6c23f527dbe62b838d6a03c0bca6453" }, { "Size": 217088, "Digest": "sha256:4b14fbe9f208e0e4db31fa1d0355d3a4f3be73e3cf4b7842a7b391de62ea1768", "DiffID": "sha256:850730726263ef9170056c45983eebcbb4c22014c78b7d72032085fa3762def1" }, { "Size": 127488, "Digest": "sha256:8d99fd8fea9c370971ba3ab2ab453586d6a437c40211fea16fdb1445d876e907", "DiffID": "sha256:90cfe0bd8cd693b2ee91b94108fc47f023d82edc00e57352ab6635d827b33505" }, { "Size": 64000, "Digest": "sha256:57ba55784e2887043227b53d1ee2788722aae8a9c66b20723e1dfb801c8ce471", "DiffID": "sha256:711f72ded0c5f10478ebf93fdd6d6a47ac484a232ef709c52e67315d4af006d9" }, { "Size": 104960, "Digest": "sha256:858f3967e60f4e2f68ad413de098383c0a420717d554a9e1523cab3e56898c94", "DiffID": "sha256:fa008b9e9566cccb0022385799dfad042fce8d00164bbce9b0780c0d48189a94" }, { "Size": 319488, "Digest": "sha256:79549e660a703a8194c255340b9d1a4e141878979b2ca318ee0170bbea41671c", "DiffID": "sha256:c04a63708d2b0452b3e995ea00fc60f254d7fc35f8ffdbfcf0cb3b997369610e" } ] } ], "Results": [ { "Target": "chainguard/stunnel:latest (wolfi 20230201)", "Class": "os-pkgs", "Type": "wolfi", "Packages": [ { "ID": "ca-certificates-bundle@20260413-r0", "Name": "ca-certificates-bundle", "Identifier": { "PURL": "pkg:apk/wolfi/ca-certificates-bundle@20260413-r0?arch=x86_64\u0026distro=20230201", "UID": "ebab806008154318" }, "Version": "20260413-r0", "Arch": "x86_64", "SrcName": "ca-certificates", "SrcVersion": "20260413-r0", "Licenses": [ "MPL-2.0", "MIT" ], "Maintainer": "wolfi", "DependsOn": [ "wolfi-baselayout@20230201-r29" ], "Layer": { "Digest": "sha256:9201e51fe8c1f99c6602ba89bc6cbd3895501936ba9f62f705bb8f150d9bbace", "DiffID": "sha256:caaccf89b8660b925e0e0266ffdc4f3e3cc7e98e121742c233f199ec167a4920" }, "Digest": "sha1:2b209d10bdb420a13e07b0ca5bdec62d7bb640b3", "InstalledFiles": [ "etc/pki/tls/certs/ca-bundle.crt", "etc/ssl/cert.pem", "etc/ssl/certs/ca-bundle.crt", "etc/ssl/certs/ca-certificates.crt", "var/lib/db/sbom/ca-certificates-bundle-20260413-r0.spdx.json" ], "AnalyzedBy": "apk" }, { "ID": "glibc@2.43-r7", "Name": "glibc", "Identifier": { "PURL": "pkg:apk/wolfi/glibc@2.43-r7?arch=x86_64\u0026distro=20230201", "UID": "1a1b90bec1861696" }, "Version": "2.43-r7", "Arch": "x86_64", "SrcName": "glibc", "SrcVersion": "2.43-r7", "Licenses": [ "LGPL-2.1-or-later" ], "Maintainer": "wolfi", "DependsOn": [ "glibc-locale-posix@2.43-r7", "ld-linux@2.43-r7", "libgcc@16.1.0-r1", "wolfi-baselayout@20230201-r29" ], "Layer": { "Digest": "sha256:860e1c8a11b7b2efc375891fded78cd87961dafe0801554372faaf6e517622ff", "DiffID": "sha256:7505965c2d8eb899a7de523a3351dc5636845c24cf50a7df9fcff870d2048e1c" }, "Digest": "sha1:f0cc592d1ea3041b220dc81ec639e26cf4f3e66b", "InstalledFiles": [ "etc/rpc", "etc/apk/commit_hooks.d/ldconfig-commit.sh", "usr/bin/ld.so", "usr/bin/ldconfig", "usr/lib/libBrokenLocale.so.1", "usr/lib/libanl.so.1", "usr/lib/libc.so.6", "usr/lib/libc_malloc_debug.so.0", "usr/lib/libdl.so.2", "usr/lib/libm.so.6", "usr/lib/libmemusage.so", "usr/lib/libmvec.so.1", "usr/lib/libnsl.so.1", "usr/lib/libnss_compat.so.2", "usr/lib/libnss_dns.so.2", "usr/lib/libnss_files.so.2", "usr/lib/libpthread.so.0", "usr/lib/libresolv.so.2", "usr/lib/librt.so.1", "usr/lib/libthread_db.so.1", "usr/lib/libutil.so.1", "var/lib/db/sbom/glibc-2.43-r7.spdx.json" ], "AnalyzedBy": "apk" }, { "ID": "glibc-locale-posix@2.43-r7", "Name": "glibc-locale-posix", "Identifier": { "PURL": "pkg:apk/wolfi/glibc-locale-posix@2.43-r7?arch=x86_64\u0026distro=20230201", "UID": "d44b25bb62d865d3" }, "Version": "2.43-r7", "Arch": "x86_64", "SrcName": "glibc", "SrcVersion": "2.43-r7", "Licenses": [ "LGPL-2.1-or-later" ], "Maintainer": "wolfi", "DependsOn": [ "wolfi-baselayout@20230201-r29" ], "Layer": { "Digest": "sha256:860e1c8a11b7b2efc375891fded78cd87961dafe0801554372faaf6e517622ff", "DiffID": "sha256:7505965c2d8eb899a7de523a3351dc5636845c24cf50a7df9fcff870d2048e1c" }, "Digest": "sha1:0b8977ea1b9fd95bee784b9f7f1a975431088f73", "InstalledFiles": [ "usr/lib/locale/C.utf8/LC_ADDRESS", "usr/lib/locale/C.utf8/LC_COLLATE", "usr/lib/locale/C.utf8/LC_CTYPE", "usr/lib/locale/C.utf8/LC_IDENTIFICATION", "usr/lib/locale/C.utf8/LC_MEASUREMENT", "usr/lib/locale/C.utf8/LC_MONETARY", "usr/lib/locale/C.utf8/LC_NAME", "usr/lib/locale/C.utf8/LC_NUMERIC", "usr/lib/locale/C.utf8/LC_PAPER", "usr/lib/locale/C.utf8/LC_TELEPHONE", "usr/lib/locale/C.utf8/LC_TIME", "usr/lib/locale/C.utf8/LC_MESSAGES/SYS_LC_MESSAGES", "var/lib/db/sbom/glibc-locale-posix-2.43-r7.spdx.json" ], "AnalyzedBy": "apk" }, { "ID": "ld-linux@2.43-r7", "Name": "ld-linux", "Identifier": { "PURL": "pkg:apk/wolfi/ld-linux@2.43-r7?arch=x86_64\u0026distro=20230201", "UID": "7678e2c8b3007292" }, "Version": "2.43-r7", "Arch": "x86_64", "SrcName": "glibc", "SrcVersion": "2.43-r7", "Licenses": [ "LGPL-2.1-or-later" ], "Maintainer": "wolfi", "DependsOn": [ "glibc@2.43-r7", "wolfi-baselayout@20230201-r29" ], "Layer": { "Digest": "sha256:860e1c8a11b7b2efc375891fded78cd87961dafe0801554372faaf6e517622ff", "DiffID": "sha256:7505965c2d8eb899a7de523a3351dc5636845c24cf50a7df9fcff870d2048e1c" }, "Digest": "sha1:eda542ec0f919bdfefc4d391cbd66a6a0089a3c0", "InstalledFiles": [ "etc/ld.so.conf", "etc/ld.so.conf.d/libc.conf", "usr/lib/ld-linux-x86-64.so.2", "var/lib/db/sbom/ld-linux-2.43-r7.spdx.json" ], "AnalyzedBy": "apk" }, { "ID": "libbz2-1@1.0.8-r23", "Name": "libbz2-1", "Identifier": { "PURL": "pkg:apk/wolfi/libbz2-1@1.0.8-r23?arch=x86_64\u0026distro=20230201", "UID": "baf39df966852f25" }, "Version": "1.0.8-r23", "Arch": "x86_64", "SrcName": "bzip2", "SrcVersion": "1.0.8-r23", "Licenses": [ "MPL-2.0", "MIT" ], "Maintainer": "wolfi", "DependsOn": [ "glibc@2.43-r7" ], "Layer": { "Digest": "sha256:858f3967e60f4e2f68ad413de098383c0a420717d554a9e1523cab3e56898c94", "DiffID": "sha256:fa008b9e9566cccb0022385799dfad042fce8d00164bbce9b0780c0d48189a94" }, "Digest": "sha1:7fc1bbc3ec68d43ae5212efbc33827d139624ada", "InstalledFiles": [ "usr/lib/libbz2.so.1", "usr/lib/libbz2.so.1.0", "usr/lib/libbz2.so.1.0.8", "var/lib/db/sbom/libbz2-1-1.0.8-r23.spdx.json" ], "AnalyzedBy": "apk" }, { "ID": "libcrypt1@2.43-r7", "Name": "libcrypt1", "Identifier": { "PURL": "pkg:apk/wolfi/libcrypt1@2.43-r7?arch=x86_64\u0026distro=20230201", "UID": "b34138e20d9fb87a" }, "Version": "2.43-r7", "Arch": "x86_64", "SrcName": "glibc", "SrcVersion": "2.43-r7", "Licenses": [ "LGPL-2.1-or-later" ], "Maintainer": "wolfi", "DependsOn": [ "glibc@2.43-r7", "libxcrypt@4.5.2-r2", "wolfi-baselayout@20230201-r29" ], "Layer": { "Digest": "sha256:860e1c8a11b7b2efc375891fded78cd87961dafe0801554372faaf6e517622ff", "DiffID": "sha256:7505965c2d8eb899a7de523a3351dc5636845c24cf50a7df9fcff870d2048e1c" }, "Digest": "sha1:2b0791fc2ee61b9771eae9c7323d1aa77a4ded74", "InstalledFiles": [ "var/lib/db/sbom/libcrypt1-2.43-r7.spdx.json" ], "AnalyzedBy": "apk" }, { "ID": "libcrypto3@3.6.2-r5", "Name": "libcrypto3", "Identifier": { "PURL": "pkg:apk/wolfi/libcrypto3@3.6.2-r5?arch=x86_64\u0026distro=20230201", "UID": "a046278abe6b9ef0" }, "Version": "3.6.2-r5", "Arch": "x86_64", "SrcName": "openssl", "SrcVersion": "3.6.2-r5", "Licenses": [ "Apache-2.0" ], "Maintainer": "wolfi", "DependsOn": [ "glibc@2.43-r7" ], "Layer": { "Digest": "sha256:a5bfa7101982291c5462599e1eb8bc10b735e11d87315dc410d32701854a8df1", "DiffID": "sha256:f11fd671e779cce250907410910e28992aa53539ab2a0975ac56dade8038383c" }, "Digest": "sha1:aaa5fa034519fdcd141796d11b7b398a4c779f24", "InstalledFiles": [ "etc/ssl/ca.cnf", "usr/lib/libcrypto.so.3", "var/lib/db/sbom/libcrypto3-3.6.2-r5.spdx.json" ], "AnalyzedBy": "apk" }, { "ID": "libgcc@16.1.0-r1", "Name": "libgcc", "Identifier": { "PURL": "pkg:apk/wolfi/libgcc@16.1.0-r1?arch=x86_64\u0026distro=20230201", "UID": "c62104aba8c6673f" }, "Version": "16.1.0-r1", "Arch": "x86_64", "SrcName": "gcc", "SrcVersion": "16.1.0-r1", "Licenses": [ "GPL-3.0-or-later WITH GCC-exception-3.1" ], "Maintainer": "wolfi", "DependsOn": [ "glibc@2.43-r7", "ld-linux@2.43-r7" ], "Layer": { "Digest": "sha256:4b14fbe9f208e0e4db31fa1d0355d3a4f3be73e3cf4b7842a7b391de62ea1768", "DiffID": "sha256:850730726263ef9170056c45983eebcbb4c22014c78b7d72032085fa3762def1" }, "Digest": "sha1:222b2b0347eea4eb7f440d0746956585d88be3ca", "InstalledFiles": [ "usr/lib/libgcc_s.so.1", "usr/lib/libgcc_s_asneeded.so", "var/lib/db/sbom/libgcc-16.1.0-r1.spdx.json" ], "AnalyzedBy": "apk" }, { "ID": "libssl3@3.6.2-r5", "Name": "libssl3", "Identifier": { "PURL": "pkg:apk/wolfi/libssl3@3.6.2-r5?arch=x86_64\u0026distro=20230201", "UID": "9ca3c227d7ad2f32" }, "Version": "3.6.2-r5", "Arch": "x86_64", "SrcName": "openssl", "SrcVersion": "3.6.2-r5", "Licenses": [ "Apache-2.0" ], "Maintainer": "wolfi", "DependsOn": [ "glibc@2.43-r7", "libcrypto3@3.6.2-r5" ], "Layer": { "Digest": "sha256:a5bfa7101982291c5462599e1eb8bc10b735e11d87315dc410d32701854a8df1", "DiffID": "sha256:f11fd671e779cce250907410910e28992aa53539ab2a0975ac56dade8038383c" }, "Digest": "sha1:c35d5c141272a08edcdaeea03e2a5796b82c6889", "InstalledFiles": [ "usr/lib/libssl.so.3", "var/lib/db/sbom/libssl3-3.6.2-r5.spdx.json" ], "AnalyzedBy": "apk" }, { "ID": "libxcrypt@4.5.2-r2", "Name": "libxcrypt", "Identifier": { "PURL": "pkg:apk/wolfi/libxcrypt@4.5.2-r2?arch=x86_64\u0026distro=20230201", "UID": "c4d66f4744dcb02a" }, "Version": "4.5.2-r2", "Arch": "x86_64", "SrcName": "libxcrypt", "SrcVersion": "4.5.2-r2", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.1-or-later" ], "Maintainer": "wolfi", "Layer": { "Digest": "sha256:7c6e71c1fdfdf429844e25aad86441920641c0ba46466bc1d043556bfb81b24e", "DiffID": "sha256:70991d5976e247cb33ca1923edd3f609e6c23f527dbe62b838d6a03c0bca6453" }, "Digest": "sha1:1dde219a6ba81f29f519398066c7924a90e34598", "InstalledFiles": [ "usr/lib/libcrypt.so.1", "usr/lib/libcrypt.so.1.1.0", "var/lib/db/sbom/libxcrypt-4.5.2-r2.spdx.json" ], "AnalyzedBy": "apk" }, { "ID": "perl@5.42.2-r0", "Name": "perl", "Identifier": { "PURL": "pkg:apk/wolfi/perl@5.42.2-r0?arch=x86_64\u0026distro=20230201", "UID": "ae78e403626bfc66" }, "Version": "5.42.2-r0", "Arch": "x86_64", "SrcName": "perl", "SrcVersion": "5.42.2-r0", "Licenses": [ "Artistic-1.0-Perl", "GPL-1.0-or-later" ], "Maintainer": "wolfi", "DependsOn": [ "glibc@2.43-r7", "ld-linux@2.43-r7", "libbz2-1@1.0.8-r23", "libcrypt1@2.43-r7", "zlib@1.3.2-r3" ], "Layer": { "Digest": "sha256:bbf145ce746720e770db2198f415ca26e343d5d7a94ec0c90bf590e09ed0646d", "DiffID": "sha256:3a9803177bb563195998847cce18c838b99873e634c902f385e042d5228df4d7" }, "Digest": "sha1:aaed423b55b8d1d00a21deb8d57663f19c448503", "InstalledFiles": [ "usr/bin/perl", "usr/bin/perl5.42.2", "usr/bin/perldoc", "usr/bin/pod2html", "usr/bin/pod2man", "usr/bin/pod2text", "usr/bin/pod2usage", "usr/bin/podchecker", "usr/bin/streamzip", "usr/lib/perl5/core_perl/B.pm", "usr/lib/perl5/core_perl/Config.pm", "usr/lib/perl5/core_perl/Config_git.pl", "usr/lib/perl5/core_perl/Config_heavy.pl", "usr/lib/perl5/core_perl/Cwd.pm", "usr/lib/perl5/core_perl/DynaLoader.pm", "usr/lib/perl5/core_perl/Encode.pm", "usr/lib/perl5/core_perl/Errno.pm", "usr/lib/perl5/core_perl/Fcntl.pm", "usr/lib/perl5/core_perl/IO.pm", "usr/lib/perl5/core_perl/O.pm", "usr/lib/perl5/core_perl/Opcode.pm", "usr/lib/perl5/core_perl/POSIX.pm", "usr/lib/perl5/core_perl/SDBM_File.pm", "usr/lib/perl5/core_perl/Socket.pm", "usr/lib/perl5/core_perl/Storable.pm", "usr/lib/perl5/core_perl/attributes.pm", "usr/lib/perl5/core_perl/encoding.pm", "usr/lib/perl5/core_perl/lib.pm", "usr/lib/perl5/core_perl/mro.pm", "usr/lib/perl5/core_perl/ops.pm", "usr/lib/perl5/core_perl/re.pm", "usr/lib/perl5/core_perl/threads.pm", "usr/lib/perl5/core_perl/B/Concise.pm", "usr/lib/perl5/core_perl/B/Showlex.pm", "usr/lib/perl5/core_perl/B/Terse.pm", "usr/lib/perl5/core_perl/B/Xref.pm", "usr/lib/perl5/core_perl/CORE/libperl.so", "usr/lib/perl5/core_perl/Compress/Raw/Bzip2.pm", "usr/lib/perl5/core_perl/Compress/Raw/Zlib.pm", "usr/lib/perl5/core_perl/Data/Dumper.pm", "usr/lib/perl5/core_perl/Digest/MD5.pm", "usr/lib/perl5/core_perl/Digest/SHA.pm", "usr/lib/perl5/core_perl/Encode/Alias.pm", "usr/lib/perl5/core_perl/Encode/Byte.pm", "usr/lib/perl5/core_perl/Encode/CJKConstants.pm", "usr/lib/perl5/core_perl/Encode/CN.pm", "usr/lib/perl5/core_perl/Encode/Config.pm", "usr/lib/perl5/core_perl/Encode/EBCDIC.pm", "usr/lib/perl5/core_perl/Encode/Encoder.pm", "usr/lib/perl5/core_perl/Encode/Encoding.pm", "usr/lib/perl5/core_perl/Encode/GSM0338.pm", "usr/lib/perl5/core_perl/Encode/Guess.pm", "usr/lib/perl5/core_perl/Encode/JP.pm", "usr/lib/perl5/core_perl/Encode/KR.pm", "usr/lib/perl5/core_perl/Encode/Symbol.pm", "usr/lib/perl5/core_perl/Encode/TW.pm", "usr/lib/perl5/core_perl/Encode/Unicode.pm", "usr/lib/perl5/core_perl/Encode/CN/HZ.pm", "usr/lib/perl5/core_perl/Encode/JP/H2Z.pm", "usr/lib/perl5/core_perl/Encode/JP/JIS7.pm", "usr/lib/perl5/core_perl/Encode/KR/2022_KR.pm", "usr/lib/perl5/core_perl/Encode/MIME/Header.pm", "usr/lib/perl5/core_perl/Encode/MIME/Name.pm", "usr/lib/perl5/core_perl/Encode/MIME/Header/ISO_2022_JP.pm", "usr/lib/perl5/core_perl/Encode/Unicode/UTF7.pm", "usr/lib/perl5/core_perl/File/DosGlob.pm", "usr/lib/perl5/core_perl/File/Glob.pm", "usr/lib/perl5/core_perl/File/Spec.pm", "usr/lib/perl5/core_perl/File/Spec/AmigaOS.pm", "usr/lib/perl5/core_perl/File/Spec/Cygwin.pm", "usr/lib/perl5/core_perl/File/Spec/Epoc.pm", "usr/lib/perl5/core_perl/File/Spec/Functions.pm", "usr/lib/perl5/core_perl/File/Spec/Mac.pm", "usr/lib/perl5/core_perl/File/Spec/OS2.pm", "usr/lib/perl5/core_perl/File/Spec/Unix.pm", "usr/lib/perl5/core_perl/File/Spec/VMS.pm", "usr/lib/perl5/core_perl/File/Spec/Win32.pm", "usr/lib/perl5/core_perl/Filter/Util/Call.pm", "usr/lib/perl5/core_perl/Hash/Util.pm", "usr/lib/perl5/core_perl/Hash/Util/FieldHash.pm", "usr/lib/perl5/core_perl/I18N/Langinfo.pm", "usr/lib/perl5/core_perl/IO/Dir.pm", "usr/lib/perl5/core_perl/IO/File.pm", "usr/lib/perl5/core_perl/IO/Handle.pm", "usr/lib/perl5/core_perl/IO/Pipe.pm", "usr/lib/perl5/core_perl/IO/Poll.pm", "usr/lib/perl5/core_perl/IO/Seekable.pm", "usr/lib/perl5/core_perl/IO/Select.pm", "usr/lib/perl5/core_perl/IO/Socket.pm", "usr/lib/perl5/core_perl/IO/Socket/INET.pm", "usr/lib/perl5/core_perl/IO/Socket/UNIX.pm", "usr/lib/perl5/core_perl/IPC/Msg.pm", "usr/lib/perl5/core_perl/IPC/Semaphore.pm", "usr/lib/perl5/core_perl/IPC/SharedMem.pm", "usr/lib/perl5/core_perl/IPC/SysV.pm", "usr/lib/perl5/core_perl/List/Util.pm", "usr/lib/perl5/core_perl/List/Util/XS.pm", "usr/lib/perl5/core_perl/MIME/Base64.pm", "usr/lib/perl5/core_perl/MIME/QuotedPrint.pm", "usr/lib/perl5/core_perl/Math/BigInt/FastCalc.pm", "usr/lib/perl5/core_perl/PerlIO/encoding.pm", "usr/lib/perl5/core_perl/PerlIO/mmap.pm", "usr/lib/perl5/core_perl/PerlIO/via.pm", "usr/lib/perl5/core_perl/Scalar/Util.pm", "usr/lib/perl5/core_perl/Scalar/List/Utils.pm", "usr/lib/perl5/core_perl/Sub/Util.pm", "usr/lib/perl5/core_perl/Sys/Hostname.pm", "usr/lib/perl5/core_perl/Sys/Syslog.pm", "usr/lib/perl5/core_perl/Time/HiRes.pm", "usr/lib/perl5/core_perl/Time/Piece.pm", "usr/lib/perl5/core_perl/Time/Seconds.pm", "usr/lib/perl5/core_perl/Unicode/Collate.pm", "usr/lib/perl5/core_perl/Unicode/Normalize.pm", "usr/lib/perl5/core_perl/Unicode/Collate/Locale.pm", "usr/lib/perl5/core_perl/auto/B/B.so", "usr/lib/perl5/core_perl/auto/Compress/Raw/Bzip2/Bzip2.so", "usr/lib/perl5/core_perl/auto/Compress/Raw/Zlib/Zlib.so", "usr/lib/perl5/core_perl/auto/Cwd/Cwd.so", "usr/lib/perl5/core_perl/auto/Data/Dumper/Dumper.so", "usr/lib/perl5/core_perl/auto/Devel/Peek/Peek.so", "usr/lib/perl5/core_perl/auto/Digest/MD5/MD5.so", "usr/lib/perl5/core_perl/auto/Digest/SHA/SHA.so", "usr/lib/perl5/core_perl/auto/Encode/Encode.so", "usr/lib/perl5/core_perl/auto/Encode/Byte/Byte.so", "usr/lib/perl5/core_perl/auto/Encode/CN/CN.so", "usr/lib/perl5/core_perl/auto/Encode/EBCDIC/EBCDIC.so", "usr/lib/perl5/core_perl/auto/Encode/JP/JP.so", "usr/lib/perl5/core_perl/auto/Encode/KR/KR.so", "usr/lib/perl5/core_perl/auto/Encode/Symbol/Symbol.so", "usr/lib/perl5/core_perl/auto/Encode/TW/TW.so", "usr/lib/perl5/core_perl/auto/Encode/Unicode/Unicode.so", "usr/lib/perl5/core_perl/auto/Fcntl/Fcntl.so", "usr/lib/perl5/core_perl/auto/File/DosGlob/DosGlob.so", "usr/lib/perl5/core_perl/auto/File/Glob/Glob.so", "usr/lib/perl5/core_perl/auto/Filter/Util/Call/Call.so", "usr/lib/perl5/core_perl/auto/Hash/Util/Util.so", "usr/lib/perl5/core_perl/auto/Hash/Util/FieldHash/FieldHash.so", "usr/lib/perl5/core_perl/auto/I18N/Langinfo/Langinfo.so", "usr/lib/perl5/core_perl/auto/IO/IO.so", "usr/lib/perl5/core_perl/auto/IPC/SysV/SysV.so", "usr/lib/perl5/core_perl/auto/List/Util/Util.so", "usr/lib/perl5/core_perl/auto/MIME/Base64/Base64.so", "usr/lib/perl5/core_perl/auto/Math/BigInt/FastCalc/FastCalc.so", "usr/lib/perl5/core_perl/auto/Opcode/Opcode.so", "usr/lib/perl5/core_perl/auto/POSIX/POSIX.so", "usr/lib/perl5/core_perl/auto/PerlIO/encoding/encoding.so", "usr/lib/perl5/core_perl/auto/PerlIO/mmap/mmap.so", "usr/lib/perl5/core_perl/auto/PerlIO/via/via.so", "usr/lib/perl5/core_perl/auto/SDBM_File/SDBM_File.so", "usr/lib/perl5/core_perl/auto/Socket/Socket.so", "usr/lib/perl5/core_perl/auto/Storable/Storable.so", "usr/lib/perl5/core_perl/auto/Sys/Hostname/Hostname.so", "usr/lib/perl5/core_perl/auto/Sys/Syslog/Syslog.so", "usr/lib/perl5/core_perl/auto/Time/HiRes/HiRes.so", "usr/lib/perl5/core_perl/auto/Time/Piece/Piece.so", "usr/lib/perl5/core_perl/auto/Unicode/Collate/Collate.so", "usr/lib/perl5/core_perl/auto/Unicode/Normalize/Normalize.so", "usr/lib/perl5/core_perl/auto/attributes/attributes.so", "usr/lib/perl5/core_perl/auto/mro/mro.so", "usr/lib/perl5/core_perl/auto/re/re.so", "usr/lib/perl5/core_perl/auto/threads/threads.so", "usr/lib/perl5/core_perl/auto/threads/shared/shared.so", "usr/lib/perl5/core_perl/threads/shared.pm", "usr/share/perl5/core_perl/AnyDBM_File.pm", "usr/share/perl5/core_perl/AutoLoader.pm", "usr/share/perl5/core_perl/AutoSplit.pm", "usr/share/perl5/core_perl/Benchmark.pm", "usr/share/perl5/core_perl/CPAN.pm", "usr/share/perl5/core_perl/Carp.pm", "usr/share/perl5/core_perl/DB.pm", "usr/share/perl5/core_perl/DBM_Filter.pm", "usr/share/perl5/core_perl/Digest.pm", "usr/share/perl5/core_perl/DirHandle.pm", "usr/share/perl5/core_perl/Dumpvalue.pm", "usr/share/perl5/core_perl/English.pm", "usr/share/perl5/core_perl/Env.pm", "usr/share/perl5/core_perl/Exporter.pm", "usr/share/perl5/core_perl/Fatal.pm", "usr/share/perl5/core_perl/FileCache.pm", "usr/share/perl5/core_perl/FileHandle.pm", "usr/share/perl5/core_perl/FindBin.pm", "usr/share/perl5/core_perl/Memoize.pm", "usr/share/perl5/core_perl/NEXT.pm", "usr/share/perl5/core_perl/PerlIO.pm", "usr/share/perl5/core_perl/Safe.pm", "usr/share/perl5/core_perl/SelectSaver.pm", "usr/share/perl5/core_perl/SelfLoader.pm", "usr/share/perl5/core_perl/Symbol.pm", "usr/share/perl5/core_perl/Test.pm", "usr/share/perl5/core_perl/Test2.pm", "usr/share/perl5/core_perl/Thread.pm", "usr/share/perl5/core_perl/UNIVERSAL.pm", "usr/share/perl5/core_perl/XSLoader.pm", "usr/share/perl5/core_perl/_charnames.pm", "usr/share/perl5/core_perl/autodie.pm", "usr/share/perl5/core_perl/autouse.pm", "usr/share/perl5/core_perl/base.pm", "usr/share/perl5/core_perl/bigfloat.pm", "usr/share/perl5/core_perl/bigint.pm", "usr/share/perl5/core_perl/bignum.pm", "usr/share/perl5/core_perl/bigrat.pm", "usr/share/perl5/core_perl/blib.pm", "usr/share/perl5/core_perl/builtin.pm", "usr/share/perl5/core_perl/bytes.pm", "usr/share/perl5/core_perl/charnames.pm", "usr/share/perl5/core_perl/constant.pm", "usr/share/perl5/core_perl/deprecate.pm", "usr/share/perl5/core_perl/diagnostics.pm", "usr/share/perl5/core_perl/dumpvar.pl", "usr/share/perl5/core_perl/experimental.pm", "usr/share/perl5/core_perl/feature.pm", "usr/share/perl5/core_perl/fields.pm", "usr/share/perl5/core_perl/filetest.pm", "usr/share/perl5/core_perl/if.pm", "usr/share/perl5/core_perl/integer.pm", "usr/share/perl5/core_perl/less.pm", "usr/share/perl5/core_perl/locale.pm", "usr/share/perl5/core_perl/meta_notation.pm", "usr/share/perl5/core_perl/ok.pm", "usr/share/perl5/core_perl/open.pm", "usr/share/perl5/core_perl/overload.pm", "usr/share/perl5/core_perl/overloading.pm", "usr/share/perl5/core_perl/parent.pm", "usr/share/perl5/core_perl/perl5db.pl", "usr/share/perl5/core_perl/perlfaq.pm", "usr/share/perl5/core_perl/sigtrap.pm", "usr/share/perl5/core_perl/sort.pm", "usr/share/perl5/core_perl/stable.pm", "usr/share/perl5/core_perl/strict.pm", "usr/share/perl5/core_perl/subs.pm", "usr/share/perl5/core_perl/utf8.pm", "usr/share/perl5/core_perl/vars.pm", "usr/share/perl5/core_perl/version.pm", "usr/share/perl5/core_perl/vmsish.pm", "usr/share/perl5/core_perl/warnings.pm", "usr/share/perl5/core_perl/App/Cpan.pm", "usr/share/perl5/core_perl/App/Prove.pm", "usr/share/perl5/core_perl/App/Prove/State.pm", "usr/share/perl5/core_perl/App/Prove/State/Result.pm", "usr/share/perl5/core_perl/App/Prove/State/Result/Test.pm", "usr/share/perl5/core_perl/Archive/Tar.pm", "usr/share/perl5/core_perl/Archive/Tar/Constant.pm", "usr/share/perl5/core_perl/Archive/Tar/File.pm", "usr/share/perl5/core_perl/Attribute/Handlers.pm", "usr/share/perl5/core_perl/B/Deparse.pm", "usr/share/perl5/core_perl/B/Op_private.pm", "usr/share/perl5/core_perl/CPAN/Author.pm", "usr/share/perl5/core_perl/CPAN/Bundle.pm", "usr/share/perl5/core_perl/CPAN/CacheMgr.pm", "usr/share/perl5/core_perl/CPAN/Complete.pm", "usr/share/perl5/core_perl/CPAN/Debug.pm", "usr/share/perl5/core_perl/CPAN/DeferredCode.pm", "usr/share/perl5/core_perl/CPAN/Distribution.pm", "usr/share/perl5/core_perl/CPAN/Distroprefs.pm", "usr/share/perl5/core_perl/CPAN/Distrostatus.pm", "usr/share/perl5/core_perl/CPAN/FTP.pm", "usr/share/perl5/core_perl/CPAN/FirstTime.pm", "usr/share/perl5/core_perl/CPAN/HandleConfig.pm", "usr/share/perl5/core_perl/CPAN/Index.pm", "usr/share/perl5/core_perl/CPAN/InfoObj.pm", "usr/share/perl5/core_perl/CPAN/Kwalify.pm", "usr/share/perl5/core_perl/CPAN/Meta.pm", "usr/share/perl5/core_perl/CPAN/Mirrors.pm", "usr/share/perl5/core_perl/CPAN/Module.pm", "usr/share/perl5/core_perl/CPAN/Nox.pm", "usr/share/perl5/core_perl/CPAN/Plugin.pm", "usr/share/perl5/core_perl/CPAN/Prompt.pm", "usr/share/perl5/core_perl/CPAN/Queue.pm", "usr/share/perl5/core_perl/CPAN/Shell.pm", "usr/share/perl5/core_perl/CPAN/Tarzip.pm", "usr/share/perl5/core_perl/CPAN/URL.pm", "usr/share/perl5/core_perl/CPAN/Version.pm", "usr/share/perl5/core_perl/CPAN/Exception/RecursiveDependency.pm", "usr/share/perl5/core_perl/CPAN/Exception/blocked_urllist.pm", "usr/share/perl5/core_perl/CPAN/Exception/yaml_not_installed.pm", "usr/share/perl5/core_perl/CPAN/Exception/yaml_process_error.pm", "usr/share/perl5/core_perl/CPAN/FTP/netrc.pm", "usr/share/perl5/core_perl/CPAN/HTTP/Client.pm", "usr/share/perl5/core_perl/CPAN/HTTP/Credentials.pm", "usr/share/perl5/core_perl/CPAN/Kwalify/distroprefs.dd", "usr/share/perl5/core_perl/CPAN/Kwalify/distroprefs.yml", "usr/share/perl5/core_perl/CPAN/LWP/UserAgent.pm", "usr/share/perl5/core_perl/CPAN/Meta/Converter.pm", "usr/share/perl5/core_perl/CPAN/Meta/Feature.pm", "usr/share/perl5/core_perl/CPAN/Meta/History.pm", "usr/share/perl5/core_perl/CPAN/Meta/Merge.pm", "usr/share/perl5/core_perl/CPAN/Meta/Prereqs.pm", "usr/share/perl5/core_perl/CPAN/Meta/Requirements.pm", "usr/share/perl5/core_perl/CPAN/Meta/Spec.pm", "usr/share/perl5/core_perl/CPAN/Meta/Validator.pm", "usr/share/perl5/core_perl/CPAN/Meta/YAML.pm", "usr/share/perl5/core_perl/CPAN/Meta/Requirements/Range.pm", "usr/share/perl5/core_perl/CPAN/Plugin/Specfile.pm", "usr/share/perl5/core_perl/Carp/Heavy.pm", "usr/share/perl5/core_perl/Class/Struct.pm", "usr/share/perl5/core_perl/Compress/Zlib.pm", "usr/share/perl5/core_perl/Config/Extensions.pm", "usr/share/perl5/core_perl/Config/Perl/V.pm", "usr/share/perl5/core_perl/DBM_Filter/compress.pm", "usr/share/perl5/core_perl/DBM_Filter/encode.pm", "usr/share/perl5/core_perl/DBM_Filter/int32.pm", "usr/share/perl5/core_perl/DBM_Filter/null.pm", "usr/share/perl5/core_perl/DBM_Filter/utf8.pm", "usr/share/perl5/core_perl/Devel/SelfStubber.pm", "usr/share/perl5/core_perl/Digest/base.pm", "usr/share/perl5/core_perl/Digest/file.pm", "usr/share/perl5/core_perl/Exporter/Heavy.pm", "usr/share/perl5/core_perl/ExtUtils/CBuilder.pm", "usr/share/perl5/core_perl/ExtUtils/Command.pm", "usr/share/perl5/core_perl/ExtUtils/Constant.pm", "usr/share/perl5/core_perl/ExtUtils/Embed.pm", "usr/share/perl5/core_perl/ExtUtils/Install.pm", "usr/share/perl5/core_perl/ExtUtils/Installed.pm", "usr/share/perl5/core_perl/ExtUtils/Liblist.pm", "usr/share/perl5/core_perl/ExtUtils/MANIFEST.SKIP", "usr/share/perl5/core_perl/ExtUtils/MM.pm", "usr/share/perl5/core_perl/ExtUtils/MM_AIX.pm", "usr/share/perl5/core_perl/ExtUtils/MM_Any.pm", "usr/share/perl5/core_perl/ExtUtils/MM_BeOS.pm", "usr/share/perl5/core_perl/ExtUtils/MM_Cygwin.pm", "usr/share/perl5/core_perl/ExtUtils/MM_DOS.pm", "usr/share/perl5/core_perl/ExtUtils/MM_Darwin.pm", "usr/share/perl5/core_perl/ExtUtils/MM_MacOS.pm", "usr/share/perl5/core_perl/ExtUtils/MM_NW5.pm", "usr/share/perl5/core_perl/ExtUtils/MM_OS2.pm", "usr/share/perl5/core_perl/ExtUtils/MM_OS390.pm", "usr/share/perl5/core_perl/ExtUtils/MM_QNX.pm", "usr/share/perl5/core_perl/ExtUtils/MM_UWIN.pm", "usr/share/perl5/core_perl/ExtUtils/MM_Unix.pm", "usr/share/perl5/core_perl/ExtUtils/MM_VMS.pm", "usr/share/perl5/core_perl/ExtUtils/MM_VOS.pm", "usr/share/perl5/core_perl/ExtUtils/MM_Win32.pm", "usr/share/perl5/core_perl/ExtUtils/MM_Win95.pm", "usr/share/perl5/core_perl/ExtUtils/MY.pm", "usr/share/perl5/core_perl/ExtUtils/MakeMaker.pm", "usr/share/perl5/core_perl/ExtUtils/Manifest.pm", "usr/share/perl5/core_perl/ExtUtils/Miniperl.pm", "usr/share/perl5/core_perl/ExtUtils/Mkbootstrap.pm", "usr/share/perl5/core_perl/ExtUtils/Mksymlists.pm", "usr/share/perl5/core_perl/ExtUtils/PL2Bat.pm", "usr/share/perl5/core_perl/ExtUtils/Packlist.pm", "usr/share/perl5/core_perl/ExtUtils/ParseXS.pm", "usr/share/perl5/core_perl/ExtUtils/Typemaps.pm", "usr/share/perl5/core_perl/ExtUtils/testlib.pm", "usr/share/perl5/core_perl/ExtUtils/typemap", "usr/share/perl5/core_perl/ExtUtils/xsubpp", "usr/share/perl5/core_perl/ExtUtils/CBuilder/Base.pm", "usr/share/perl5/core_perl/ExtUtils/CBuilder/Platform/Unix.pm", "usr/share/perl5/core_perl/ExtUtils/CBuilder/Platform/VMS.pm", "usr/share/perl5/core_perl/ExtUtils/CBuilder/Platform/Windows.pm", "usr/share/perl5/core_perl/ExtUtils/CBuilder/Platform/aix.pm", "usr/share/perl5/core_perl/ExtUtils/CBuilder/Platform/android.pm", "usr/share/perl5/core_perl/ExtUtils/CBuilder/Platform/cygwin.pm", "usr/share/perl5/core_perl/ExtUtils/CBuilder/Platform/darwin.pm", "usr/share/perl5/core_perl/ExtUtils/CBuilder/Platform/dec_osf.pm", "usr/share/perl5/core_perl/ExtUtils/CBuilder/Platform/os2.pm", "usr/share/perl5/core_perl/ExtUtils/CBuilder/Platform/Windows/BCC.pm", "usr/share/perl5/core_perl/ExtUtils/CBuilder/Platform/Windows/GCC.pm", "usr/share/perl5/core_perl/ExtUtils/CBuilder/Platform/Windows/MSVC.pm", "usr/share/perl5/core_perl/ExtUtils/Command/MM.pm", "usr/share/perl5/core_perl/ExtUtils/Constant/Base.pm", "usr/share/perl5/core_perl/ExtUtils/Constant/ProxySubs.pm", "usr/share/perl5/core_perl/ExtUtils/Constant/Utils.pm", "usr/share/perl5/core_perl/ExtUtils/Constant/XS.pm", "usr/share/perl5/core_perl/ExtUtils/Liblist/Kid.pm", "usr/share/perl5/core_perl/ExtUtils/MakeMaker/Config.pm", "usr/share/perl5/core_perl/ExtUtils/MakeMaker/Locale.pm", "usr/share/perl5/core_perl/ExtUtils/MakeMaker/version.pm", "usr/share/perl5/core_perl/ExtUtils/ParseXS/Constants.pm", "usr/share/perl5/core_perl/ExtUtils/ParseXS/CountLines.pm", "usr/share/perl5/core_perl/ExtUtils/ParseXS/Eval.pm", "usr/share/perl5/core_perl/ExtUtils/ParseXS/Node.pm", "usr/share/perl5/core_perl/ExtUtils/ParseXS/Utilities.pm", "usr/share/perl5/core_perl/ExtUtils/Typemaps/Cmd.pm", "usr/share/perl5/core_perl/ExtUtils/Typemaps/InputMap.pm", "usr/share/perl5/core_perl/ExtUtils/Typemaps/OutputMap.pm", "usr/share/perl5/core_perl/ExtUtils/Typemaps/Type.pm", "usr/share/perl5/core_perl/File/Basename.pm", "usr/share/perl5/core_perl/File/Compare.pm", "usr/share/perl5/core_perl/File/Copy.pm", "usr/share/perl5/core_perl/File/Fetch.pm", "usr/share/perl5/core_perl/File/Find.pm", "usr/share/perl5/core_perl/File/GlobMapper.pm", "usr/share/perl5/core_perl/File/Path.pm", "usr/share/perl5/core_perl/File/Temp.pm", "usr/share/perl5/core_perl/File/stat.pm", "usr/share/perl5/core_perl/Filter/Simple.pm", "usr/share/perl5/core_perl/Getopt/Long.pm", "usr/share/perl5/core_perl/Getopt/Std.pm", "usr/share/perl5/core_perl/Getopt/Long/Parser.pm", "usr/share/perl5/core_perl/HTTP/Tiny.pm", "usr/share/perl5/core_perl/I18N/Collate.pm", "usr/share/perl5/core_perl/I18N/LangTags.pm", "usr/share/perl5/core_perl/I18N/LangTags/Detect.pm", "usr/share/perl5/core_perl/I18N/LangTags/List.pm", "usr/share/perl5/core_perl/IO/Compress.pm", "usr/share/perl5/core_perl/IO/Zlib.pm", "usr/share/perl5/core_perl/IO/Compress/Base.pm", "usr/share/perl5/core_perl/IO/Compress/Bzip2.pm", "usr/share/perl5/core_perl/IO/Compress/Deflate.pm", "usr/share/perl5/core_perl/IO/Compress/Gzip.pm", "usr/share/perl5/core_perl/IO/Compress/RawDeflate.pm", "usr/share/perl5/core_perl/IO/Compress/Zip.pm", "usr/share/perl5/core_perl/IO/Compress/Adapter/Bzip2.pm", "usr/share/perl5/core_perl/IO/Compress/Adapter/Deflate.pm", "usr/share/perl5/core_perl/IO/Compress/Adapter/Identity.pm", "usr/share/perl5/core_perl/IO/Compress/Base/Common.pm", "usr/share/perl5/core_perl/IO/Compress/Gzip/Constants.pm", "usr/share/perl5/core_perl/IO/Compress/Zip/Constants.pm", "usr/share/perl5/core_perl/IO/Compress/Zlib/Constants.pm", "usr/share/perl5/core_perl/IO/Compress/Zlib/Extra.pm", "usr/share/perl5/core_perl/IO/Socket/IP.pm", "usr/share/perl5/core_perl/IO/Uncompress/AnyInflate.pm", "usr/share/perl5/core_perl/IO/Uncompress/AnyUncompress.pm", "usr/share/perl5/core_perl/IO/Uncompress/Base.pm", "usr/share/perl5/core_perl/IO/Uncompress/Bunzip2.pm", "usr/share/perl5/core_perl/IO/Uncompress/Gunzip.pm", "usr/share/perl5/core_perl/IO/Uncompress/Inflate.pm", "usr/share/perl5/core_perl/IO/Uncompress/RawInflate.pm", "usr/share/perl5/core_perl/IO/Uncompress/Unzip.pm", "usr/share/perl5/core_perl/IO/Uncompress/Adapter/Bunzip2.pm", "usr/share/perl5/core_perl/IO/Uncompress/Adapter/Identity.pm", "usr/share/perl5/core_perl/IO/Uncompress/Adapter/Inflate.pm", "usr/share/perl5/core_perl/IPC/Cmd.pm", "usr/share/perl5/core_perl/IPC/Open2.pm", "usr/share/perl5/core_perl/IPC/Open3.pm", "usr/share/perl5/core_perl/JSON/PP.pm", "usr/share/perl5/core_perl/JSON/PP/Boolean.pm", "usr/share/perl5/core_perl/Locale/Maketext.pm", "usr/share/perl5/core_perl/Locale/Maketext/Guts.pm", "usr/share/perl5/core_perl/Locale/Maketext/GutsLoader.pm", "usr/share/perl5/core_perl/Locale/Maketext/Simple.pm", "usr/share/perl5/core_perl/Math/BigFloat.pm", "usr/share/perl5/core_perl/Math/BigInt.pm", "usr/share/perl5/core_perl/Math/BigRat.pm", "usr/share/perl5/core_perl/Math/Complex.pm", "usr/share/perl5/core_perl/Math/Trig.pm", "usr/share/perl5/core_perl/Math/BigFloat/Trace.pm", "usr/share/perl5/core_perl/Math/BigInt/Calc.pm", "usr/share/perl5/core_perl/Math/BigInt/Lib.pm", "usr/share/perl5/core_perl/Math/BigInt/Trace.pm", "usr/share/perl5/core_perl/Math/BigRat/Trace.pm", "usr/share/perl5/core_perl/Memoize/AnyDBM_File.pm", "usr/share/perl5/core_perl/Memoize/Expire.pm", "usr/share/perl5/core_perl/Memoize/NDBM_File.pm", "usr/share/perl5/core_perl/Memoize/SDBM_File.pm", "usr/share/perl5/core_perl/Memoize/Storable.pm", "usr/share/perl5/core_perl/Module/CoreList.pm", "usr/share/perl5/core_perl/Module/Load.pm", "usr/share/perl5/core_perl/Module/Loaded.pm", "usr/share/perl5/core_perl/Module/Metadata.pm", "usr/share/perl5/core_perl/Module/CoreList/Utils.pm", "usr/share/perl5/core_perl/Module/Load/Conditional.pm", "usr/share/perl5/core_perl/Net/Cmd.pm", "usr/share/perl5/core_perl/Net/Config.pm", "usr/share/perl5/core_perl/Net/Domain.pm", "usr/share/perl5/core_perl/Net/FTP.pm", "usr/share/perl5/core_perl/Net/NNTP.pm", "usr/share/perl5/core_perl/Net/Netrc.pm", "usr/share/perl5/core_perl/Net/POP3.pm", "usr/share/perl5/core_perl/Net/Ping.pm", "usr/share/perl5/core_perl/Net/SMTP.pm", "usr/share/perl5/core_perl/Net/Time.pm", "usr/share/perl5/core_perl/Net/hostent.pm", "usr/share/perl5/core_perl/Net/netent.pm", "usr/share/perl5/core_perl/Net/protoent.pm", "usr/share/perl5/core_perl/Net/servent.pm", "usr/share/perl5/core_perl/Net/FTP/A.pm", "usr/share/perl5/core_perl/Net/FTP/E.pm", "usr/share/perl5/core_perl/Net/FTP/I.pm", "usr/share/perl5/core_perl/Net/FTP/L.pm", "usr/share/perl5/core_perl/Net/FTP/dataconn.pm", "usr/share/perl5/core_perl/Params/Check.pm", "usr/share/perl5/core_perl/Parse/CPAN/Meta.pm", "usr/share/perl5/core_perl/Perl/OSType.pm", "usr/share/perl5/core_perl/PerlIO/scalar.pm", "usr/share/perl5/core_perl/PerlIO/via/QuotedPrint.pm", "usr/share/perl5/core_perl/Pod/Checker.pm", "usr/share/perl5/core_perl/Pod/Escapes.pm", "usr/share/perl5/core_perl/Pod/Functions.pm", "usr/share/perl5/core_perl/Pod/Html.pm", "usr/share/perl5/core_perl/Pod/Man.pm", "usr/share/perl5/core_perl/Pod/ParseLink.pm", "usr/share/perl5/core_perl/Pod/Perldoc.pm", "usr/share/perl5/core_perl/Pod/Simple.pm", "usr/share/perl5/core_perl/Pod/Text.pm", "usr/share/perl5/core_perl/Pod/Usage.pm", "usr/share/perl5/core_perl/Pod/Html/Util.pm", "usr/share/perl5/core_perl/Pod/Perldoc/BaseTo.pm", "usr/share/perl5/core_perl/Pod/Perldoc/GetOptsOO.pm", "usr/share/perl5/core_perl/Pod/Perldoc/ToANSI.pm", "usr/share/perl5/core_perl/Pod/Perldoc/ToChecker.pm", "usr/share/perl5/core_perl/Pod/Perldoc/ToMan.pm", "usr/share/perl5/core_perl/Pod/Perldoc/ToNroff.pm", "usr/share/perl5/core_perl/Pod/Perldoc/ToPod.pm", "usr/share/perl5/core_perl/Pod/Perldoc/ToRtf.pm", "usr/share/perl5/core_perl/Pod/Perldoc/ToTerm.pm", "usr/share/perl5/core_perl/Pod/Perldoc/ToText.pm", "usr/share/perl5/core_perl/Pod/Perldoc/ToTk.pm", "usr/share/perl5/core_perl/Pod/Perldoc/ToXml.pm", "usr/share/perl5/core_perl/Pod/Simple/BlackBox.pm", "usr/share/perl5/core_perl/Pod/Simple/Checker.pm", "usr/share/perl5/core_perl/Pod/Simple/Debug.pm", "usr/share/perl5/core_perl/Pod/Simple/DumpAsText.pm", "usr/share/perl5/core_perl/Pod/Simple/DumpAsXML.pm", "usr/share/perl5/core_perl/Pod/Simple/HTML.pm", "usr/share/perl5/core_perl/Pod/Simple/HTMLBatch.pm", "usr/share/perl5/core_perl/Pod/Simple/HTMLLegacy.pm", "usr/share/perl5/core_perl/Pod/Simple/JustPod.pm", "usr/share/perl5/core_perl/Pod/Simple/LinkSection.pm", "usr/share/perl5/core_perl/Pod/Simple/Methody.pm", "usr/share/perl5/core_perl/Pod/Simple/Progress.pm", "usr/share/perl5/core_perl/Pod/Simple/PullParser.pm", "usr/share/perl5/core_perl/Pod/Simple/PullParserEndToken.pm", "usr/share/perl5/core_perl/Pod/Simple/PullParserStartToken.pm", "usr/share/perl5/core_perl/Pod/Simple/PullParserTextToken.pm", "usr/share/perl5/core_perl/Pod/Simple/PullParserToken.pm", "usr/share/perl5/core_perl/Pod/Simple/RTF.pm", "usr/share/perl5/core_perl/Pod/Simple/Search.pm", "usr/share/perl5/core_perl/Pod/Simple/SimpleTree.pm", "usr/share/perl5/core_perl/Pod/Simple/Text.pm", "usr/share/perl5/core_perl/Pod/Simple/TextContent.pm", "usr/share/perl5/core_perl/Pod/Simple/TiedOutFH.pm", "usr/share/perl5/core_perl/Pod/Simple/Transcode.pm", "usr/share/perl5/core_perl/Pod/Simple/TranscodeDumb.pm", "usr/share/perl5/core_perl/Pod/Simple/TranscodeSmart.pm", "usr/share/perl5/core_perl/Pod/Simple/XHTML.pm", "usr/share/perl5/core_perl/Pod/Simple/XMLOutStream.pm", "usr/share/perl5/core_perl/Pod/Text/Color.pm", "usr/share/perl5/core_perl/Pod/Text/Overstrike.pm", "usr/share/perl5/core_perl/Pod/Text/Termcap.pm", "usr/share/perl5/core_perl/Search/Dict.pm", "usr/share/perl5/core_perl/TAP/Base.pm", "usr/share/perl5/core_perl/TAP/Harness.pm", "usr/share/perl5/core_perl/TAP/Object.pm", "usr/share/perl5/core_perl/TAP/Parser.pm", "usr/share/perl5/core_perl/TAP/Formatter/Base.pm", "usr/share/perl5/core_perl/TAP/Formatter/Color.pm", "usr/share/perl5/core_perl/TAP/Formatter/Console.pm", "usr/share/perl5/core_perl/TAP/Formatter/File.pm", "usr/share/perl5/core_perl/TAP/Formatter/Session.pm", "usr/share/perl5/core_perl/TAP/Formatter/Console/ParallelSession.pm", "usr/share/perl5/core_perl/TAP/Formatter/Console/Session.pm", "usr/share/perl5/core_perl/TAP/Formatter/File/Session.pm", "usr/share/perl5/core_perl/TAP/Harness/Env.pm", "usr/share/perl5/core_perl/TAP/Parser/Aggregator.pm", "usr/share/perl5/core_perl/TAP/Parser/Grammar.pm", "usr/share/perl5/core_perl/TAP/Parser/Iterator.pm", "usr/share/perl5/core_perl/TAP/Parser/IteratorFactory.pm", "usr/share/perl5/core_perl/TAP/Parser/Multiplexer.pm", "usr/share/perl5/core_perl/TAP/Parser/Result.pm", "usr/share/perl5/core_perl/TAP/Parser/ResultFactory.pm", "usr/share/perl5/core_perl/TAP/Parser/Scheduler.pm", "usr/share/perl5/core_perl/TAP/Parser/Source.pm", "usr/share/perl5/core_perl/TAP/Parser/SourceHandler.pm", "usr/share/perl5/core_perl/TAP/Parser/Iterator/Array.pm", "usr/share/perl5/core_perl/TAP/Parser/Iterator/Process.pm", "usr/share/perl5/core_perl/TAP/Parser/Iterator/Stream.pm", "usr/share/perl5/core_perl/TAP/Parser/Result/Bailout.pm", "usr/share/perl5/core_perl/TAP/Parser/Result/Comment.pm", "usr/share/perl5/core_perl/TAP/Parser/Result/Plan.pm", "usr/share/perl5/core_perl/TAP/Parser/Result/Pragma.pm", "usr/share/perl5/core_perl/TAP/Parser/Result/Test.pm", "usr/share/perl5/core_perl/TAP/Parser/Result/Unknown.pm", "usr/share/perl5/core_perl/TAP/Parser/Result/Version.pm", "usr/share/perl5/core_perl/TAP/Parser/Result/YAML.pm", "usr/share/perl5/core_perl/TAP/Parser/Scheduler/Job.pm", "usr/share/perl5/core_perl/TAP/Parser/Scheduler/Spinner.pm", "usr/share/perl5/core_perl/TAP/Parser/SourceHandler/Executable.pm", "usr/share/perl5/core_perl/TAP/Parser/SourceHandler/File.pm", "usr/share/perl5/core_perl/TAP/Parser/SourceHandler/Handle.pm", "usr/share/perl5/core_perl/TAP/Parser/SourceHandler/Perl.pm", "usr/share/perl5/core_perl/TAP/Parser/SourceHandler/RawTAP.pm", "usr/share/perl5/core_perl/TAP/Parser/YAMLish/Reader.pm", "usr/share/perl5/core_perl/TAP/Parser/YAMLish/Writer.pm", "usr/share/perl5/core_perl/Term/ANSIColor.pm", "usr/share/perl5/core_perl/Term/Cap.pm", "usr/share/perl5/core_perl/Term/Complete.pm", "usr/share/perl5/core_perl/Term/ReadLine.pm", "usr/share/perl5/core_perl/Term/Table.pm", "usr/share/perl5/core_perl/Term/Table/Cell.pm", "usr/share/perl5/core_perl/Term/Table/CellStack.pm", "usr/share/perl5/core_perl/Term/Table/HashBase.pm", "usr/share/perl5/core_perl/Term/Table/LineBreak.pm", "usr/share/perl5/core_perl/Term/Table/Spacer.pm", "usr/share/perl5/core_perl/Term/Table/Util.pm", "usr/share/perl5/core_perl/Test/Builder.pm", "usr/share/perl5/core_perl/Test/Harness.pm", "usr/share/perl5/core_perl/Test/More.pm", "usr/share/perl5/core_perl/Test/Simple.pm", "usr/share/perl5/core_perl/Test/Tester.pm", "usr/share/perl5/core_perl/Test/Builder/Formatter.pm", "usr/share/perl5/core_perl/Test/Builder/Module.pm", "usr/share/perl5/core_perl/Test/Builder/Tester.pm", "usr/share/perl5/core_perl/Test/Builder/TodoDiag.pm", "usr/share/perl5/core_perl/Test/Builder/Tester/Color.pm", "usr/share/perl5/core_perl/Test/Tester/Capture.pm", "usr/share/perl5/core_perl/Test/Tester/CaptureRunner.pm", "usr/share/perl5/core_perl/Test/Tester/Delegate.pm", "usr/share/perl5/core_perl/Test/use/ok.pm", "usr/share/perl5/core_perl/Test2/API.pm", "usr/share/perl5/core_perl/Test2/AsyncSubtest.pm", "usr/share/perl5/core_perl/Test2/Bundle.pm", "usr/share/perl5/core_perl/Test2/Compare.pm", "usr/share/perl5/core_perl/Test2/Env.pm", "usr/share/perl5/core_perl/Test2/Event.pm", "usr/share/perl5/core_perl/Test2/EventFacet.pm", "usr/share/perl5/core_perl/Test2/Formatter.pm", "usr/share/perl5/core_perl/Test2/Hub.pm", "usr/share/perl5/core_perl/Test2/IPC.pm", "usr/share/perl5/core_perl/Test2/Manual.pm", "usr/share/perl5/core_perl/Test2/Mock.pm", "usr/share/perl5/core_perl/Test2/Plugin.pm", "usr/share/perl5/core_perl/Test2/Require.pm", "usr/share/perl5/core_perl/Test2/Suite.pm", "usr/share/perl5/core_perl/Test2/Todo.pm", "usr/share/perl5/core_perl/Test2/Tools.pm", "usr/share/perl5/core_perl/Test2/Util.pm", "usr/share/perl5/core_perl/Test2/V0.pm", "usr/share/perl5/core_perl/Test2/Workflow.pm", "usr/share/perl5/core_perl/Test2/API/Breakage.pm", "usr/share/perl5/core_perl/Test2/API/Context.pm", "usr/share/perl5/core_perl/Test2/API/Instance.pm", "usr/share/perl5/core_perl/Test2/API/InterceptResult.pm", "usr/share/perl5/core_perl/Test2/API/Stack.pm", "usr/share/perl5/core_perl/Test2/API/InterceptResult/Event.pm", "usr/share/perl5/core_perl/Test2/API/InterceptResult/Facet.pm", "usr/share/perl5/core_perl/Test2/API/InterceptResult/Hub.pm", "usr/share/perl5/core_perl/Test2/API/InterceptResult/Squasher.pm", "usr/share/perl5/core_perl/Test2/AsyncSubtest/Formatter.pm", "usr/share/perl5/core_perl/Test2/AsyncSubtest/Hub.pm", "usr/share/perl5/core_perl/Test2/AsyncSubtest/Event/Attach.pm", "usr/share/perl5/core_perl/Test2/AsyncSubtest/Event/Detach.pm", "usr/share/perl5/core_perl/Test2/Bundle/Extended.pm", "usr/share/perl5/core_perl/Test2/Bundle/More.pm", "usr/share/perl5/core_perl/Test2/Bundle/Simple.pm", "usr/share/perl5/core_perl/Test2/Compare/Array.pm", "usr/share/perl5/core_perl/Test2/Compare/Bag.pm", "usr/share/perl5/core_perl/Test2/Compare/Base.pm", "usr/share/perl5/core_perl/Test2/Compare/Bool.pm", "usr/share/perl5/core_perl/Test2/Compare/Custom.pm", "usr/share/perl5/core_perl/Test2/Compare/DeepRef.pm", "usr/share/perl5/core_perl/Test2/Compare/Delta.pm", "usr/share/perl5/core_perl/Test2/Compare/Event.pm", "usr/share/perl5/core_perl/Test2/Compare/EventMeta.pm", "usr/share/perl5/core_perl/Test2/Compare/Float.pm", "usr/share/perl5/core_perl/Test2/Compare/Hash.pm", "usr/share/perl5/core_perl/Test2/Compare/Isa.pm", "usr/share/perl5/core_perl/Test2/Compare/Meta.pm", "usr/share/perl5/core_perl/Test2/Compare/Negatable.pm", "usr/share/perl5/core_perl/Test2/Compare/Number.pm", "usr/share/perl5/core_perl/Test2/Compare/Object.pm", "usr/share/perl5/core_perl/Test2/Compare/OrderedSubset.pm", "usr/share/perl5/core_perl/Test2/Compare/Pattern.pm", "usr/share/perl5/core_perl/Test2/Compare/Ref.pm", "usr/share/perl5/core_perl/Test2/Compare/Regex.pm", "usr/share/perl5/core_perl/Test2/Compare/Scalar.pm", "usr/share/perl5/core_perl/Test2/Compare/Set.pm", "usr/share/perl5/core_perl/Test2/Compare/String.pm", "usr/share/perl5/core_perl/Test2/Compare/Undef.pm", "usr/share/perl5/core_perl/Test2/Compare/Wildcard.pm", "usr/share/perl5/core_perl/Test2/Event/Bail.pm", "usr/share/perl5/core_perl/Test2/Event/Diag.pm", "usr/share/perl5/core_perl/Test2/Event/Encoding.pm", "usr/share/perl5/core_perl/Test2/Event/Exception.pm", "usr/share/perl5/core_perl/Test2/Event/Fail.pm", "usr/share/perl5/core_perl/Test2/Event/Generic.pm", "usr/share/perl5/core_perl/Test2/Event/Note.pm", "usr/share/perl5/core_perl/Test2/Event/Ok.pm", "usr/share/perl5/core_perl/Test2/Event/Pass.pm", "usr/share/perl5/core_perl/Test2/Event/Plan.pm", "usr/share/perl5/core_perl/Test2/Event/Skip.pm", "usr/share/perl5/core_perl/Test2/Event/Subtest.pm", "usr/share/perl5/core_perl/Test2/Event/V2.pm", "usr/share/perl5/core_perl/Test2/Event/Waiting.pm", "usr/share/perl5/core_perl/Test2/Event/TAP/Version.pm", "usr/share/perl5/core_perl/Test2/EventFacet/About.pm", "usr/share/perl5/core_perl/Test2/EventFacet/Amnesty.pm", "usr/share/perl5/core_perl/Test2/EventFacet/Assert.pm", "usr/share/perl5/core_perl/Test2/EventFacet/Control.pm", "usr/share/perl5/core_perl/Test2/EventFacet/Error.pm", "usr/share/perl5/core_perl/Test2/EventFacet/Hub.pm", "usr/share/perl5/core_perl/Test2/EventFacet/Info.pm", "usr/share/perl5/core_perl/Test2/EventFacet/Meta.pm", "usr/share/perl5/core_perl/Test2/EventFacet/Parent.pm", "usr/share/perl5/core_perl/Test2/EventFacet/Plan.pm", "usr/share/perl5/core_perl/Test2/EventFacet/Render.pm", "usr/share/perl5/core_perl/Test2/EventFacet/Trace.pm", "usr/share/perl5/core_perl/Test2/EventFacet/Info/Table.pm", "usr/share/perl5/core_perl/Test2/Formatter/TAP.pm", "usr/share/perl5/core_perl/Test2/Hub/Interceptor.pm", "usr/share/perl5/core_perl/Test2/Hub/Subtest.pm", "usr/share/perl5/core_perl/Test2/Hub/Interceptor/Terminator.pm", "usr/share/perl5/core_perl/Test2/IPC/Driver.pm", "usr/share/perl5/core_perl/Test2/IPC/Driver/Files.pm", "usr/share/perl5/core_perl/Test2/Manual/Anatomy.pm", "usr/share/perl5/core_perl/Test2/Manual/Concurrency.pm", "usr/share/perl5/core_perl/Test2/Manual/Contributing.pm", "usr/share/perl5/core_perl/Test2/Manual/Testing.pm", "usr/share/perl5/core_perl/Test2/Manual/Tooling.pm", "usr/share/perl5/core_perl/Test2/Manual/Anatomy/API.pm", "usr/share/perl5/core_perl/Test2/Manual/Anatomy/Context.pm", "usr/share/perl5/core_perl/Test2/Manual/Anatomy/EndToEnd.pm", "usr/share/perl5/core_perl/Test2/Manual/Anatomy/Event.pm", "usr/share/perl5/core_perl/Test2/Manual/Anatomy/Hubs.pm", "usr/share/perl5/core_perl/Test2/Manual/Anatomy/IPC.pm", "usr/share/perl5/core_perl/Test2/Manual/Anatomy/Utilities.pm", "usr/share/perl5/core_perl/Test2/Manual/Testing/Introduction.pm", "usr/share/perl5/core_perl/Test2/Manual/Testing/Migrating.pm", "usr/share/perl5/core_perl/Test2/Manual/Testing/Planning.pm", "usr/share/perl5/core_perl/Test2/Manual/Testing/Todo.pm", "usr/share/perl5/core_perl/Test2/Manual/Tooling/FirstTool.pm", "usr/share/perl5/core_perl/Test2/Manual/Tooling/Formatter.pm", "usr/share/perl5/core_perl/Test2/Manual/Tooling/Nesting.pm", "usr/share/perl5/core_perl/Test2/Manual/Tooling/Subtest.pm", "usr/share/perl5/core_perl/Test2/Manual/Tooling/TestBuilder.pm", "usr/share/perl5/core_perl/Test2/Manual/Tooling/Testing.pm", "usr/share/perl5/core_perl/Test2/Manual/Tooling/Plugin/TestExit.pm", "usr/share/perl5/core_perl/Test2/Manual/Tooling/Plugin/TestingDone.pm", "usr/share/perl5/core_perl/Test2/Manual/Tooling/Plugin/ToolCompletes.pm", "usr/share/perl5/core_perl/Test2/Manual/Tooling/Plugin/ToolStarts.pm", "usr/share/perl5/core_perl/Test2/Plugin/BailOnFail.pm", "usr/share/perl5/core_perl/Test2/Plugin/DieOnFail.pm", "usr/share/perl5/core_perl/Test2/Plugin/ExitSummary.pm", "usr/share/perl5/core_perl/Test2/Plugin/SRand.pm", "usr/share/perl5/core_perl/Test2/Plugin/Times.pm", "usr/share/perl5/core_perl/Test2/Plugin/UTF8.pm", "usr/share/perl5/core_perl/Test2/Require/AuthorTesting.pm", "usr/share/perl5/core_perl/Test2/Require/AutomatedTesting.pm", "usr/share/perl5/core_perl/Test2/Require/EnvVar.pm", "usr/share/perl5/core_perl/Test2/Require/ExtendedTesting.pm", "usr/share/perl5/core_perl/Test2/Require/Fork.pm", "usr/share/perl5/core_perl/Test2/Require/Module.pm", "usr/share/perl5/core_perl/Test2/Require/NonInteractiveTesting.pm", "usr/share/perl5/core_perl/Test2/Require/Perl.pm", "usr/share/perl5/core_perl/Test2/Require/RealFork.pm", "usr/share/perl5/core_perl/Test2/Require/ReleaseTesting.pm", "usr/share/perl5/core_perl/Test2/Require/Threads.pm", "usr/share/perl5/core_perl/Test2/Tools/AsyncSubtest.pm", "usr/share/perl5/core_perl/Test2/Tools/Basic.pm", "usr/share/perl5/core_perl/Test2/Tools/Class.pm", "usr/share/perl5/core_perl/Test2/Tools/ClassicCompare.pm", "usr/share/perl5/core_perl/Test2/Tools/Compare.pm", "usr/share/perl5/core_perl/Test2/Tools/Defer.pm", "usr/share/perl5/core_perl/Test2/Tools/Encoding.pm", "usr/share/perl5/core_perl/Test2/Tools/Event.pm", "usr/share/perl5/core_perl/Test2/Tools/Exception.pm", "usr/share/perl5/core_perl/Test2/Tools/Exports.pm", "usr/share/perl5/core_perl/Test2/Tools/GenTemp.pm", "usr/share/perl5/core_perl/Test2/Tools/Grab.pm", "usr/share/perl5/core_perl/Test2/Tools/Mock.pm", "usr/share/perl5/core_perl/Test2/Tools/Ref.pm", "usr/share/perl5/core_perl/Test2/Tools/Refcount.pm", "usr/share/perl5/core_perl/Test2/Tools/Spec.pm", "usr/share/perl5/core_perl/Test2/Tools/Subtest.pm", "usr/share/perl5/core_perl/Test2/Tools/Target.pm", "usr/share/perl5/core_perl/Test2/Tools/Tester.pm", "usr/share/perl5/core_perl/Test2/Tools/Tiny.pm", "usr/share/perl5/core_perl/Test2/Tools/Warnings.pm", "usr/share/perl5/core_perl/Test2/Util/ExternalMeta.pm", "usr/share/perl5/core_perl/Test2/Util/Facets2Legacy.pm", "usr/share/perl5/core_perl/Test2/Util/Grabber.pm", "usr/share/perl5/core_perl/Test2/Util/Guard.pm", "usr/share/perl5/core_perl/Test2/Util/HashBase.pm", "usr/share/perl5/core_perl/Test2/Util/Importer.pm", "usr/share/perl5/core_perl/Test2/Util/Ref.pm", "usr/share/perl5/core_perl/Test2/Util/Sig.pm", "usr/share/perl5/core_perl/Test2/Util/Stash.pm", "usr/share/perl5/core_perl/Test2/Util/Sub.pm", "usr/share/perl5/core_perl/Test2/Util/Table.pm", "usr/share/perl5/core_perl/Test2/Util/Term.pm", "usr/share/perl5/core_perl/Test2/Util/Times.pm", "usr/share/perl5/core_perl/Test2/Util/Trace.pm", "usr/share/perl5/core_perl/Test2/Util/Table/Cell.pm", "usr/share/perl5/core_perl/Test2/Util/Table/LineBreak.pm", "usr/share/perl5/core_perl/Test2/Workflow/BlockBase.pm", "usr/share/perl5/core_perl/Test2/Workflow/Build.pm", "usr/share/perl5/core_perl/Test2/Workflow/Runner.pm", "usr/share/perl5/core_perl/Test2/Workflow/Task.pm", "usr/share/perl5/core_perl/Test2/Workflow/Task/Action.pm", "usr/share/perl5/core_perl/Test2/Workflow/Task/Group.pm", "usr/share/perl5/core_perl/Text/Abbrev.pm", "usr/share/perl5/core_perl/Text/Balanced.pm", "usr/share/perl5/core_perl/Text/ParseWords.pm", "usr/share/perl5/core_perl/Text/Tabs.pm", "usr/share/perl5/core_perl/Text/Wrap.pm", "usr/share/perl5/core_perl/Thread/Queue.pm", "usr/share/perl5/core_perl/Thread/Semaphore.pm", "usr/share/perl5/core_perl/Tie/Array.pm", "usr/share/perl5/core_perl/Tie/File.pm", "usr/share/perl5/core_perl/Tie/Handle.pm", "usr/share/perl5/core_perl/Tie/Hash.pm", "usr/share/perl5/core_perl/Tie/Memoize.pm", "usr/share/perl5/core_perl/Tie/RefHash.pm", "usr/share/perl5/core_perl/Tie/Scalar.pm", "usr/share/perl5/core_perl/Tie/StdHandle.pm", "usr/share/perl5/core_perl/Tie/SubstrHash.pm", "usr/share/perl5/core_perl/Tie/Hash/NamedCapture.pm", "usr/share/perl5/core_perl/Time/Local.pm", "usr/share/perl5/core_perl/Time/gmtime.pm", "usr/share/perl5/core_perl/Time/localtime.pm", "usr/share/perl5/core_perl/Time/tm.pm", "usr/share/perl5/core_perl/Unicode/UCD.pm", "usr/share/perl5/core_perl/Unicode/Collate/allkeys.txt", "usr/share/perl5/core_perl/Unicode/Collate/keys.txt", "usr/share/perl5/core_perl/Unicode/Collate/CJK/Big5.pm", "usr/share/perl5/core_perl/Unicode/Collate/CJK/GB2312.pm", "usr/share/perl5/core_perl/Unicode/Collate/CJK/JISX0208.pm", "usr/share/perl5/core_perl/Unicode/Collate/CJK/Korean.pm", "usr/share/perl5/core_perl/Unicode/Collate/CJK/Pinyin.pm", "usr/share/perl5/core_perl/Unicode/Collate/CJK/Stroke.pm", "usr/share/perl5/core_perl/Unicode/Collate/CJK/Zhuyin.pm", "usr/share/perl5/core_perl/Unicode/Collate/Locale/af.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/ar.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/as.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/az.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/be.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/bn.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/ca.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/cs.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/cu.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/cy.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/da.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/de_at_ph.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/de_phone.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/dsb.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/ee.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/eo.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/es.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/es_trad.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/et.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/fa.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/fi.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/fi_phone.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/fil.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/fo.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/fr_ca.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/gu.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/ha.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/haw.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/he.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/hi.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/hr.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/hu.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/hy.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/ig.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/is.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/ja.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/kk.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/kl.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/kn.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/ko.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/kok.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/lkt.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/ln.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/lt.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/lv.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/mk.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/ml.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/mr.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/mt.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/nb.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/nn.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/nso.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/om.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/or.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/pa.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/pl.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/ro.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/sa.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/se.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/si.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/si_dict.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/sk.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/sl.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/sq.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/sr.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/sv.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/sv_refo.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/ta.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/te.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/th.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/tn.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/to.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/tr.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/ug_cyrl.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/uk.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/ur.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/vi.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/vo.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/wae.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/wo.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/yo.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/zh.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/zh_big5.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/zh_gb.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/zh_pin.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/zh_strk.pl", "usr/share/perl5/core_perl/Unicode/Collate/Locale/zh_zhu.pl", "usr/share/perl5/core_perl/User/grent.pm", "usr/share/perl5/core_perl/User/pwent.pm", "usr/share/perl5/core_perl/autodie/Util.pm", "usr/share/perl5/core_perl/autodie/exception.pm", "usr/share/perl5/core_perl/autodie/hints.pm", "usr/share/perl5/core_perl/autodie/skip.pm", "usr/share/perl5/core_perl/autodie/Scope/Guard.pm", "usr/share/perl5/core_perl/autodie/Scope/GuardStack.pm", "usr/share/perl5/core_perl/autodie/exception/system.pm", "usr/share/perl5/core_perl/encoding/warnings.pm", "usr/share/perl5/core_perl/overload/numbers.pm", "usr/share/perl5/core_perl/source/encoding.pm", "usr/share/perl5/core_perl/unicore/Blocks.txt", "usr/share/perl5/core_perl/unicore/CombiningClass.pl", "usr/share/perl5/core_perl/unicore/Decomposition.pl", "usr/share/perl5/core_perl/unicore/Name.pl", "usr/share/perl5/core_perl/unicore/Name.pm", "usr/share/perl5/core_perl/unicore/NamedSequences.txt", "usr/share/perl5/core_perl/unicore/SpecialCasing.txt", "usr/share/perl5/core_perl/unicore/TestNorm.pl", "usr/share/perl5/core_perl/unicore/UCD.pl", "usr/share/perl5/core_perl/unicore/uni_keywords.pl", "usr/share/perl5/core_perl/unicore/version", "usr/share/perl5/core_perl/unicore/To/Age.pl", "usr/share/perl5/core_perl/unicore/To/Bc.pl", "usr/share/perl5/core_perl/unicore/To/Bmg.pl", "usr/share/perl5/core_perl/unicore/To/Bpb.pl", "usr/share/perl5/core_perl/unicore/To/Bpt.pl", "usr/share/perl5/core_perl/unicore/To/Cf.pl", "usr/share/perl5/core_perl/unicore/To/Ea.pl", "usr/share/perl5/core_perl/unicore/To/EqUIdeo.pl", "usr/share/perl5/core_perl/unicore/To/GCB.pl", "usr/share/perl5/core_perl/unicore/To/Gc.pl", "usr/share/perl5/core_perl/unicore/To/Hst.pl", "usr/share/perl5/core_perl/unicore/To/Identif2.pl", "usr/share/perl5/core_perl/unicore/To/Identifi.pl", "usr/share/perl5/core_perl/unicore/To/InCB.pl", "usr/share/perl5/core_perl/unicore/To/InPC.pl", "usr/share/perl5/core_perl/unicore/To/InSC.pl", "usr/share/perl5/core_perl/unicore/To/Isc.pl", "usr/share/perl5/core_perl/unicore/To/Jg.pl", "usr/share/perl5/core_perl/unicore/To/Jt.pl", "usr/share/perl5/core_perl/unicore/To/Lb.pl", "usr/share/perl5/core_perl/unicore/To/Lc.pl", "usr/share/perl5/core_perl/unicore/To/NFCQC.pl", "usr/share/perl5/core_perl/unicore/To/NFDQC.pl", "usr/share/perl5/core_perl/unicore/To/NFKCCF.pl", "usr/share/perl5/core_perl/unicore/To/NFKCQC.pl", "usr/share/perl5/core_perl/unicore/To/NFKCSCF.pl", "usr/share/perl5/core_perl/unicore/To/NFKDQC.pl", "usr/share/perl5/core_perl/unicore/To/Na1.pl", "usr/share/perl5/core_perl/unicore/To/NameAlia.pl", "usr/share/perl5/core_perl/unicore/To/Nt.pl", "usr/share/perl5/core_perl/unicore/To/Nv.pl", "usr/share/perl5/core_perl/unicore/To/PerlDeci.pl", "usr/share/perl5/core_perl/unicore/To/SB.pl", "usr/share/perl5/core_perl/unicore/To/Sc.pl", "usr/share/perl5/core_perl/unicore/To/Scx.pl", "usr/share/perl5/core_perl/unicore/To/Tc.pl", "usr/share/perl5/core_perl/unicore/To/Uc.pl", "usr/share/perl5/core_perl/unicore/To/Vo.pl", "usr/share/perl5/core_perl/unicore/To/WB.pl", "usr/share/perl5/core_perl/unicore/To/_PerlLB.pl", "usr/share/perl5/core_perl/unicore/To/_PerlSCX.pl", "usr/share/perl5/core_perl/unicore/To/kEHCat.pl", "usr/share/perl5/core_perl/unicore/To/kEHCore.pl", "usr/share/perl5/core_perl/unicore/To/kEHDesc.pl", "usr/share/perl5/core_perl/unicore/To/kEHFVal.pl", "usr/share/perl5/core_perl/unicore/To/kEHFunc.pl", "usr/share/perl5/core_perl/unicore/To/kEHHG.pl", "usr/share/perl5/core_perl/unicore/To/kEHIFAO.pl", "usr/share/perl5/core_perl/unicore/To/kEHJSesh.pl", "usr/share/perl5/core_perl/unicore/To/kEHUniK.pl", "usr/share/perl5/core_perl/unicore/lib/Age/NA.pl", "usr/share/perl5/core_perl/unicore/lib/Age/V100.pl", "usr/share/perl5/core_perl/unicore/lib/Age/V11.pl", "usr/share/perl5/core_perl/unicore/lib/Age/V110.pl", "usr/share/perl5/core_perl/unicore/lib/Age/V120.pl", "usr/share/perl5/core_perl/unicore/lib/Age/V130.pl", "usr/share/perl5/core_perl/unicore/lib/Age/V140.pl", "usr/share/perl5/core_perl/unicore/lib/Age/V150.pl", "usr/share/perl5/core_perl/unicore/lib/Age/V160.pl", "usr/share/perl5/core_perl/unicore/lib/Age/V20.pl", "usr/share/perl5/core_perl/unicore/lib/Age/V30.pl", "usr/share/perl5/core_perl/unicore/lib/Age/V31.pl", "usr/share/perl5/core_perl/unicore/lib/Age/V32.pl", "usr/share/perl5/core_perl/unicore/lib/Age/V40.pl", "usr/share/perl5/core_perl/unicore/lib/Age/V41.pl", "usr/share/perl5/core_perl/unicore/lib/Age/V50.pl", "usr/share/perl5/core_perl/unicore/lib/Age/V51.pl", "usr/share/perl5/core_perl/unicore/lib/Age/V52.pl", "usr/share/perl5/core_perl/unicore/lib/Age/V60.pl", "usr/share/perl5/core_perl/unicore/lib/Age/V61.pl", "usr/share/perl5/core_perl/unicore/lib/Age/V70.pl", "usr/share/perl5/core_perl/unicore/lib/Age/V80.pl", "usr/share/perl5/core_perl/unicore/lib/Age/V90.pl", "usr/share/perl5/core_perl/unicore/lib/Alpha/Y.pl", "usr/share/perl5/core_perl/unicore/lib/Bc/AL.pl", "usr/share/perl5/core_perl/unicore/lib/Bc/AN.pl", "usr/share/perl5/core_perl/unicore/lib/Bc/B.pl", "usr/share/perl5/core_perl/unicore/lib/Bc/BN.pl", "usr/share/perl5/core_perl/unicore/lib/Bc/CS.pl", "usr/share/perl5/core_perl/unicore/lib/Bc/EN.pl", "usr/share/perl5/core_perl/unicore/lib/Bc/ES.pl", "usr/share/perl5/core_perl/unicore/lib/Bc/ET.pl", "usr/share/perl5/core_perl/unicore/lib/Bc/L.pl", "usr/share/perl5/core_perl/unicore/lib/Bc/NSM.pl", "usr/share/perl5/core_perl/unicore/lib/Bc/ON.pl", "usr/share/perl5/core_perl/unicore/lib/Bc/R.pl", "usr/share/perl5/core_perl/unicore/lib/Bc/WS.pl", "usr/share/perl5/core_perl/unicore/lib/BidiC/Y.pl", "usr/share/perl5/core_perl/unicore/lib/BidiM/Y.pl", "usr/share/perl5/core_perl/unicore/lib/Blk/NB.pl", "usr/share/perl5/core_perl/unicore/lib/Bpt/C.pl", "usr/share/perl5/core_perl/unicore/lib/Bpt/N.pl", "usr/share/perl5/core_perl/unicore/lib/Bpt/O.pl", "usr/share/perl5/core_perl/unicore/lib/CE/Y.pl", "usr/share/perl5/core_perl/unicore/lib/CI/Y.pl", "usr/share/perl5/core_perl/unicore/lib/CWCF/Y.pl", "usr/share/perl5/core_perl/unicore/lib/CWCM/Y.pl", "usr/share/perl5/core_perl/unicore/lib/CWKCF/Y.pl", "usr/share/perl5/core_perl/unicore/lib/CWL/Y.pl", "usr/share/perl5/core_perl/unicore/lib/CWT/Y.pl", "usr/share/perl5/core_perl/unicore/lib/CWU/Y.pl", "usr/share/perl5/core_perl/unicore/lib/Cased/Y.pl", "usr/share/perl5/core_perl/unicore/lib/Ccc/A.pl", "usr/share/perl5/core_perl/unicore/lib/Ccc/AL.pl", "usr/share/perl5/core_perl/unicore/lib/Ccc/AR.pl", "usr/share/perl5/core_perl/unicore/lib/Ccc/ATAR.pl", "usr/share/perl5/core_perl/unicore/lib/Ccc/B.pl", "usr/share/perl5/core_perl/unicore/lib/Ccc/BR.pl", "usr/share/perl5/core_perl/unicore/lib/Ccc/DB.pl", "usr/share/perl5/core_perl/unicore/lib/Ccc/NK.pl", "usr/share/perl5/core_perl/unicore/lib/Ccc/NR.pl", "usr/share/perl5/core_perl/unicore/lib/Ccc/OV.pl", "usr/share/perl5/core_perl/unicore/lib/Ccc/VR.pl", "usr/share/perl5/core_perl/unicore/lib/CompEx/Y.pl", "usr/share/perl5/core_perl/unicore/lib/DI/Y.pl", "usr/share/perl5/core_perl/unicore/lib/Dash/Y.pl", "usr/share/perl5/core_perl/unicore/lib/Dep/Y.pl", "usr/share/perl5/core_perl/unicore/lib/Dia/Y.pl", "usr/share/perl5/core_perl/unicore/lib/Dt/Com.pl", "usr/share/perl5/core_perl/unicore/lib/Dt/Enc.pl", "usr/share/perl5/core_perl/unicore/lib/Dt/Fin.pl", "usr/share/perl5/core_perl/unicore/lib/Dt/Font.pl", "usr/share/perl5/core_perl/unicore/lib/Dt/Init.pl", "usr/share/perl5/core_perl/unicore/lib/Dt/Iso.pl", "usr/share/perl5/core_perl/unicore/lib/Dt/Med.pl", "usr/share/perl5/core_perl/unicore/lib/Dt/Nar.pl", "usr/share/perl5/core_perl/unicore/lib/Dt/Nb.pl", "usr/share/perl5/core_perl/unicore/lib/Dt/NonCanon.pl", "usr/share/perl5/core_perl/unicore/lib/Dt/Sqr.pl", "usr/share/perl5/core_perl/unicore/lib/Dt/Sub.pl", "usr/share/perl5/core_perl/unicore/lib/Dt/Sup.pl", "usr/share/perl5/core_perl/unicore/lib/Dt/Vert.pl", "usr/share/perl5/core_perl/unicore/lib/EBase/Y.pl", "usr/share/perl5/core_perl/unicore/lib/EComp/Y.pl", "usr/share/perl5/core_perl/unicore/lib/EPres/Y.pl", "usr/share/perl5/core_perl/unicore/lib/Ea/A.pl", "usr/share/perl5/core_perl/unicore/lib/Ea/H.pl", "usr/share/perl5/core_perl/unicore/lib/Ea/N.pl", "usr/share/perl5/core_perl/unicore/lib/Ea/Na.pl", "usr/share/perl5/core_perl/unicore/lib/Ea/W.pl", "usr/share/perl5/core_perl/unicore/lib/Emoji/Y.pl", "usr/share/perl5/core_perl/unicore/lib/Ext/Y.pl", "usr/share/perl5/core_perl/unicore/lib/ExtPict/Y.pl", "usr/share/perl5/core_perl/unicore/lib/GCB/CN.pl", "usr/share/perl5/core_perl/unicore/lib/GCB/EX.pl", "usr/share/perl5/core_perl/unicore/lib/GCB/LV.pl", "usr/share/perl5/core_perl/unicore/lib/GCB/LVT.pl", "usr/share/perl5/core_perl/unicore/lib/GCB/PP.pl", "usr/share/perl5/core_perl/unicore/lib/GCB/SM.pl", "usr/share/perl5/core_perl/unicore/lib/GCB/V.pl", "usr/share/perl5/core_perl/unicore/lib/GCB/XX.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/C.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/Cf.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/Cn.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/L.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/LC.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/Ll.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/Lm.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/Lo.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/Lu.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/M.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/Mc.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/Me.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/Mn.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/N.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/Nd.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/Nl.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/No.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/P.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/Pc.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/Pd.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/Pe.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/Pf.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/Pi.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/Po.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/Ps.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/S.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/Sc.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/Sk.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/Sm.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/So.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/Z.pl", "usr/share/perl5/core_perl/unicore/lib/Gc/Zs.pl", "usr/share/perl5/core_perl/unicore/lib/GrBase/Y.pl", "usr/share/perl5/core_perl/unicore/lib/GrExt/Y.pl", "usr/share/perl5/core_perl/unicore/lib/Hex/Y.pl", "usr/share/perl5/core_perl/unicore/lib/Hst/NA.pl", "usr/share/perl5/core_perl/unicore/lib/Hyphen/T.pl", "usr/share/perl5/core_perl/unicore/lib/IDC/Y.pl", "usr/share/perl5/core_perl/unicore/lib/IDCMContinue/Y.pl", "usr/share/perl5/core_perl/unicore/lib/IDCMStart/Y.pl", "usr/share/perl5/core_perl/unicore/lib/IDS/Y.pl", "usr/share/perl5/core_perl/unicore/lib/IdStatus/Allowed.pl", "usr/share/perl5/core_perl/unicore/lib/IdStatus/Restrict.pl", "usr/share/perl5/core_perl/unicore/lib/IdType/DefaultI.pl", "usr/share/perl5/core_perl/unicore/lib/IdType/Exclusio.pl", "usr/share/perl5/core_perl/unicore/lib/IdType/Inclusio.pl", "usr/share/perl5/core_perl/unicore/lib/IdType/LimitedU.pl", "usr/share/perl5/core_perl/unicore/lib/IdType/NotChara.pl", "usr/share/perl5/core_perl/unicore/lib/IdType/NotNFKC.pl", "usr/share/perl5/core_perl/unicore/lib/IdType/NotXID.pl", "usr/share/perl5/core_perl/unicore/lib/IdType/Obsolete.pl", "usr/share/perl5/core_perl/unicore/lib/IdType/Recommen.pl", "usr/share/perl5/core_perl/unicore/lib/IdType/Technica.pl", "usr/share/perl5/core_perl/unicore/lib/IdType/Uncommon.pl", "usr/share/perl5/core_perl/unicore/lib/Ideo/Y.pl", "usr/share/perl5/core_perl/unicore/lib/In/10_0.pl", "usr/share/perl5/core_perl/unicore/lib/In/11_0.pl", "usr/share/perl5/core_perl/unicore/lib/In/12_0.pl", "usr/share/perl5/core_perl/unicore/lib/In/12_1.pl", "usr/share/perl5/core_perl/unicore/lib/In/13_0.pl", "usr/share/perl5/core_perl/unicore/lib/In/14_0.pl", "usr/share/perl5/core_perl/unicore/lib/In/15_0.pl", "usr/share/perl5/core_perl/unicore/lib/In/15_1.pl", "usr/share/perl5/core_perl/unicore/lib/In/16_0.pl", "usr/share/perl5/core_perl/unicore/lib/In/2_0.pl", "usr/share/perl5/core_perl/unicore/lib/In/2_1.pl", "usr/share/perl5/core_perl/unicore/lib/In/3_0.pl", "usr/share/perl5/core_perl/unicore/lib/In/3_1.pl", "usr/share/perl5/core_perl/unicore/lib/In/3_2.pl", "usr/share/perl5/core_perl/unicore/lib/In/4_0.pl", "usr/share/perl5/core_perl/unicore/lib/In/4_1.pl", "usr/share/perl5/core_perl/unicore/lib/In/5_0.pl", "usr/share/perl5/core_perl/unicore/lib/In/5_1.pl", "usr/share/perl5/core_perl/unicore/lib/In/5_2.pl", "usr/share/perl5/core_perl/unicore/lib/In/6_0.pl", "usr/share/perl5/core_perl/unicore/lib/In/6_1.pl", "usr/share/perl5/core_perl/unicore/lib/In/6_2.pl", "usr/share/perl5/core_perl/unicore/lib/In/6_3.pl", "usr/share/perl5/core_perl/unicore/lib/In/7_0.pl", "usr/share/perl5/core_perl/unicore/lib/In/8_0.pl", "usr/share/perl5/core_perl/unicore/lib/In/9_0.pl", "usr/share/perl5/core_perl/unicore/lib/InCB/Consonan.pl", "usr/share/perl5/core_perl/unicore/lib/InCB/Extend.pl", "usr/share/perl5/core_perl/unicore/lib/InCB/Linker.pl", "usr/share/perl5/core_perl/unicore/lib/InCB/None.pl", "usr/share/perl5/core_perl/unicore/lib/InPC/Bottom.pl", "usr/share/perl5/core_perl/unicore/lib/InPC/BottomAn.pl", "usr/share/perl5/core_perl/unicore/lib/InPC/Left.pl", "usr/share/perl5/core_perl/unicore/lib/InPC/LeftAndR.pl", "usr/share/perl5/core_perl/unicore/lib/InPC/NA.pl", "usr/share/perl5/core_perl/unicore/lib/InPC/Overstru.pl", "usr/share/perl5/core_perl/unicore/lib/InPC/Right.pl", "usr/share/perl5/core_perl/unicore/lib/InPC/Top.pl", "usr/share/perl5/core_perl/unicore/lib/InPC/TopAndBo.pl", "usr/share/perl5/core_perl/unicore/lib/InPC/TopAndL2.pl", "usr/share/perl5/core_perl/unicore/lib/InPC/TopAndLe.pl", "usr/share/perl5/core_perl/unicore/lib/InPC/TopAndRi.pl", "usr/share/perl5/core_perl/unicore/lib/InPC/VisualOr.pl", "usr/share/perl5/core_perl/unicore/lib/InSC/Avagraha.pl", "usr/share/perl5/core_perl/unicore/lib/InSC/Bindu.pl", "usr/share/perl5/core_perl/unicore/lib/InSC/Cantilla.pl", "usr/share/perl5/core_perl/unicore/lib/InSC/Consona2.pl", "usr/share/perl5/core_perl/unicore/lib/InSC/Consona3.pl", "usr/share/perl5/core_perl/unicore/lib/InSC/Consona4.pl", "usr/share/perl5/core_perl/unicore/lib/InSC/Consona5.pl", "usr/share/perl5/core_perl/unicore/lib/InSC/Consona6.pl", "usr/share/perl5/core_perl/unicore/lib/InSC/Consona7.pl", "usr/share/perl5/core_perl/unicore/lib/InSC/Consona8.pl", "usr/share/perl5/core_perl/unicore/lib/InSC/Consona9.pl", "usr/share/perl5/core_perl/unicore/lib/InSC/Consonan.pl", "usr/share/perl5/core_perl/unicore/lib/InSC/Geminati.pl", "usr/share/perl5/core_perl/unicore/lib/InSC/Invisibl.pl", "usr/share/perl5/core_perl/unicore/lib/InSC/Nukta.pl", "usr/share/perl5/core_perl/unicore/lib/InSC/Number.pl", "usr/share/perl5/core_perl/unicore/lib/InSC/Other.pl", "usr/share/perl5/core_perl/unicore/lib/InSC/PureKill.pl", "usr/share/perl5/core_perl/unicore/lib/InSC/Syllable.pl", "usr/share/perl5/core_perl/unicore/lib/InSC/ToneMark.pl", "usr/share/perl5/core_perl/unicore/lib/InSC/Virama.pl", "usr/share/perl5/core_perl/unicore/lib/InSC/Visarga.pl", "usr/share/perl5/core_perl/unicore/lib/InSC/Vowel.pl", "usr/share/perl5/core_perl/unicore/lib/InSC/VowelDep.pl", "usr/share/perl5/core_perl/unicore/lib/InSC/VowelInd.pl", "usr/share/perl5/core_perl/unicore/lib/Jg/Ain.pl", "usr/share/perl5/core_perl/unicore/lib/Jg/Alef.pl", "usr/share/perl5/core_perl/unicore/lib/Jg/Beh.pl", "usr/share/perl5/core_perl/unicore/lib/Jg/Dal.pl", "usr/share/perl5/core_perl/unicore/lib/Jg/FarsiYeh.pl", "usr/share/perl5/core_perl/unicore/lib/Jg/Feh.pl", "usr/share/perl5/core_perl/unicore/lib/Jg/Gaf.pl", "usr/share/perl5/core_perl/unicore/lib/Jg/Hah.pl", "usr/share/perl5/core_perl/unicore/lib/Jg/HanifiRo.pl", "usr/share/perl5/core_perl/unicore/lib/Jg/Kaf.pl", "usr/share/perl5/core_perl/unicore/lib/Jg/Lam.pl", "usr/share/perl5/core_perl/unicore/lib/Jg/NoJoinin.pl", "usr/share/perl5/core_perl/unicore/lib/Jg/Noon.pl", "usr/share/perl5/core_perl/unicore/lib/Jg/Qaf.pl", "usr/share/perl5/core_perl/unicore/lib/Jg/Reh.pl", "usr/share/perl5/core_perl/unicore/lib/Jg/Sad.pl", "usr/share/perl5/core_perl/unicore/lib/Jg/Seen.pl", "usr/share/perl5/core_perl/unicore/lib/Jg/Tah.pl", "usr/share/perl5/core_perl/unicore/lib/Jg/Waw.pl", "usr/share/perl5/core_perl/unicore/lib/Jg/Yeh.pl", "usr/share/perl5/core_perl/unicore/lib/Jt/C.pl", "usr/share/perl5/core_perl/unicore/lib/Jt/D.pl", "usr/share/perl5/core_perl/unicore/lib/Jt/L.pl", "usr/share/perl5/core_perl/unicore/lib/Jt/R.pl", "usr/share/perl5/core_perl/unicore/lib/Jt/T.pl", "usr/share/perl5/core_perl/unicore/lib/Jt/U.pl", "usr/share/perl5/core_perl/unicore/lib/Lb/AI.pl", "usr/share/perl5/core_perl/unicore/lib/Lb/AK.pl", "usr/share/perl5/core_perl/unicore/lib/Lb/AL.pl", "usr/share/perl5/core_perl/unicore/lib/Lb/AP.pl", "usr/share/perl5/core_perl/unicore/lib/Lb/AS.pl", "usr/share/perl5/core_perl/unicore/lib/Lb/BA.pl", "usr/share/perl5/core_perl/unicore/lib/Lb/BB.pl", "usr/share/perl5/core_perl/unicore/lib/Lb/CJ.pl", "usr/share/perl5/core_perl/unicore/lib/Lb/CL.pl", "usr/share/perl5/core_perl/unicore/lib/Lb/CM.pl", "usr/share/perl5/core_perl/unicore/lib/Lb/CP.pl", "usr/share/perl5/core_perl/unicore/lib/Lb/EX.pl", "usr/share/perl5/core_perl/unicore/lib/Lb/GL.pl", "usr/share/perl5/core_perl/unicore/lib/Lb/ID.pl", "usr/share/perl5/core_perl/unicore/lib/Lb/IN.pl", "usr/share/perl5/core_perl/unicore/lib/Lb/IS.pl", "usr/share/perl5/core_perl/unicore/lib/Lb/NS.pl", "usr/share/perl5/core_perl/unicore/lib/Lb/NU.pl", "usr/share/perl5/core_perl/unicore/lib/Lb/OP.pl", "usr/share/perl5/core_perl/unicore/lib/Lb/PO.pl", "usr/share/perl5/core_perl/unicore/lib/Lb/PR.pl", "usr/share/perl5/core_perl/unicore/lib/Lb/QU.pl", "usr/share/perl5/core_perl/unicore/lib/Lb/SA.pl", "usr/share/perl5/core_perl/unicore/lib/Lb/VI.pl", "usr/share/perl5/core_perl/unicore/lib/Lb/XX.pl", "usr/share/perl5/core_perl/unicore/lib/Lower/Y.pl", "usr/share/perl5/core_perl/unicore/lib/MCM/Y.pl", "usr/share/perl5/core_perl/unicore/lib/Math/Y.pl", "usr/share/perl5/core_perl/unicore/lib/NFCQC/M.pl", "usr/share/perl5/core_perl/unicore/lib/NFCQC/Y.pl", "usr/share/perl5/core_perl/unicore/lib/NFDQC/N.pl", "usr/share/perl5/core_perl/unicore/lib/NFDQC/Y.pl", "usr/share/perl5/core_perl/unicore/lib/NFKCQC/N.pl", "usr/share/perl5/core_perl/unicore/lib/NFKCQC/Y.pl", "usr/share/perl5/core_perl/unicore/lib/NFKDQC/N.pl", "usr/share/perl5/core_perl/unicore/lib/NFKDQC/Y.pl", "usr/share/perl5/core_perl/unicore/lib/Nt/Di.pl", "usr/share/perl5/core_perl/unicore/lib/Nt/None.pl", "usr/share/perl5/core_perl/unicore/lib/Nt/Nu.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/0.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/1.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/10.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/100.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/1000.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/10000.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/100000.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/11.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/12.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/13.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/14.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/15.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/16.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/17.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/18.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/19.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/1_16.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/1_2.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/1_3.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/1_4.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/1_6.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/1_8.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/2.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/20.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/200.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/2000.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/20000.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/2_3.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/3.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/30.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/300.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/3000.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/30000.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/3_16.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/3_4.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/4.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/40.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/400.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/4000.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/40000.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/5.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/50.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/500.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/5000.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/50000.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/6.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/60.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/600.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/6000.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/60000.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/7.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/70.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/700.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/7000.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/70000.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/8.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/80.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/800.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/8000.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/80000.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/9.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/90.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/900.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/9000.pl", "usr/share/perl5/core_perl/unicore/lib/Nv/90000.pl", "usr/share/perl5/core_perl/unicore/lib/PCM/Y.pl", "usr/share/perl5/core_perl/unicore/lib/PatSyn/Y.pl", "usr/share/perl5/core_perl/unicore/lib/Perl/Alnum.pl", "usr/share/perl5/core_perl/unicore/lib/Perl/Assigned.pl", "usr/share/perl5/core_perl/unicore/lib/Perl/Blank.pl", "usr/share/perl5/core_perl/unicore/lib/Perl/Graph.pl", "usr/share/perl5/core_perl/unicore/lib/Perl/PerlWord.pl", "usr/share/perl5/core_perl/unicore/lib/Perl/PosixPun.pl", "usr/share/perl5/core_perl/unicore/lib/Perl/Print.pl", "usr/share/perl5/core_perl/unicore/lib/Perl/SpacePer.pl", "usr/share/perl5/core_perl/unicore/lib/Perl/Title.pl", "usr/share/perl5/core_perl/unicore/lib/Perl/Word.pl", "usr/share/perl5/core_perl/unicore/lib/Perl/XPosixPu.pl", "usr/share/perl5/core_perl/unicore/lib/Perl/_PerlAny.pl", "usr/share/perl5/core_perl/unicore/lib/Perl/_PerlCh2.pl", "usr/share/perl5/core_perl/unicore/lib/Perl/_PerlCha.pl", "usr/share/perl5/core_perl/unicore/lib/Perl/_PerlFol.pl", "usr/share/perl5/core_perl/unicore/lib/Perl/_PerlIDC.pl", "usr/share/perl5/core_perl/unicore/lib/Perl/_PerlIDS.pl", "usr/share/perl5/core_perl/unicore/lib/Perl/_PerlIsI.pl", "usr/share/perl5/core_perl/unicore/lib/Perl/_PerlNch.pl", "usr/share/perl5/core_perl/unicore/lib/Perl/_PerlPat.pl", "usr/share/perl5/core_perl/unicore/lib/Perl/_PerlPr2.pl", "usr/share/perl5/core_perl/unicore/lib/Perl/_PerlPro.pl", "usr/share/perl5/core_perl/unicore/lib/Perl/_PerlQuo.pl", "usr/share/perl5/core_perl/unicore/lib/QMark/Y.pl", "usr/share/perl5/core_perl/unicore/lib/SB/AT.pl", "usr/share/perl5/core_perl/unicore/lib/SB/CL.pl", "usr/share/perl5/core_perl/unicore/lib/SB/EX.pl", "usr/share/perl5/core_perl/unicore/lib/SB/FO.pl", "usr/share/perl5/core_perl/unicore/lib/SB/LE.pl", "usr/share/perl5/core_perl/unicore/lib/SB/LO.pl", "usr/share/perl5/core_perl/unicore/lib/SB/NU.pl", "usr/share/perl5/core_perl/unicore/lib/SB/SC.pl", "usr/share/perl5/core_perl/unicore/lib/SB/ST.pl", "usr/share/perl5/core_perl/unicore/lib/SB/Sp.pl", "usr/share/perl5/core_perl/unicore/lib/SB/UP.pl", "usr/share/perl5/core_perl/unicore/lib/SB/XX.pl", "usr/share/perl5/core_perl/unicore/lib/SD/Y.pl", "usr/share/perl5/core_perl/unicore/lib/STerm/Y.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Arab.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Armn.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Beng.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Cprt.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Cyrl.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Deva.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Dupl.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Ethi.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Geor.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Glag.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Gong.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Gonm.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Gran.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Grek.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Gujr.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Guru.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Han.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Hang.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Hebr.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Hira.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Kana.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Knda.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Latn.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Limb.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Linb.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Mlym.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Mong.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Mult.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Mymr.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Orya.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Sinh.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Syrc.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Taml.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Tang.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Telu.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Tibt.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Tutg.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Zinh.pl", "usr/share/perl5/core_perl/unicore/lib/Sc/Zyyy.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Adlm.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Aghb.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Arab.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Armn.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Avst.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Beng.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Bhks.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Bopo.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Cakm.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Cari.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Cham.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Cher.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Copt.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Cprt.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Cyrl.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Deva.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Diak.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Dupl.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Ethi.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Gara.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Geor.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Glag.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Gong.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Gonm.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Goth.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Gran.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Grek.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Gujr.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Guru.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Han.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Hang.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Hebr.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Hira.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Hmng.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Hmnp.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Hung.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Kana.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Khar.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Khmr.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Khoj.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Knda.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Kthi.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Lana.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Lao.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Latn.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Limb.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Lina.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Linb.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Lisu.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Lydi.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Mahj.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Mlym.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Mong.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Mult.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Mymr.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Nand.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Nko.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Orya.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Osge.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Perm.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Phag.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Phlp.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Rohg.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Shrd.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Sind.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Sinh.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Sunu.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Syrc.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Tagb.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Takr.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Tale.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Talu.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Taml.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Tang.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Telu.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Tfng.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Thaa.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Thai.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Tibt.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Tirh.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Todr.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Tutg.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Vith.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Xsux.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Yezi.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Yi.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Zinh.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Zyyy.pl", "usr/share/perl5/core_perl/unicore/lib/Scx/Zzzz.pl", "usr/share/perl5/core_perl/unicore/lib/Term/Y.pl", "usr/share/perl5/core_perl/unicore/lib/UIdeo/Y.pl", "usr/share/perl5/core_perl/unicore/lib/Upper/Y.pl", "usr/share/perl5/core_perl/unicore/lib/VS/Y.pl", "usr/share/perl5/core_perl/unicore/lib/Vo/R.pl", "usr/share/perl5/core_perl/unicore/lib/Vo/Tr.pl", "usr/share/perl5/core_perl/unicore/lib/Vo/Tu.pl", "usr/share/perl5/core_perl/unicore/lib/Vo/U.pl", "usr/share/perl5/core_perl/unicore/lib/WB/EX.pl", "usr/share/perl5/core_perl/unicore/lib/WB/Extend.pl", "usr/share/perl5/core_perl/unicore/lib/WB/FO.pl", "usr/share/perl5/core_perl/unicore/lib/WB/HL.pl", "usr/share/perl5/core_perl/unicore/lib/WB/KA.pl", "usr/share/perl5/core_perl/unicore/lib/WB/LE.pl", "usr/share/perl5/core_perl/unicore/lib/WB/MB.pl", "usr/share/perl5/core_perl/unicore/lib/WB/ML.pl", "usr/share/perl5/core_perl/unicore/lib/WB/MN.pl", "usr/share/perl5/core_perl/unicore/lib/WB/NU.pl", "usr/share/perl5/core_perl/unicore/lib/WB/WSegSpac.pl", "usr/share/perl5/core_perl/unicore/lib/WB/XX.pl", "usr/share/perl5/core_perl/unicore/lib/XIDC/Y.pl", "usr/share/perl5/core_perl/unicore/lib/XIDS/Y.pl", "usr/share/perl5/core_perl/unicore/lib/kEHNoMirror/Y.pl", "usr/share/perl5/core_perl/unicore/lib/kEHNoRotate/Y.pl", "usr/share/perl5/core_perl/version/regex.pm", "usr/share/perl5/core_perl/warnings/register.pm", "var/lib/db/sbom/perl-5.42.2-r0.spdx.json" ], "AnalyzedBy": "apk" }, { "ID": "stunnel@5.78-r1", "Name": "stunnel", "Identifier": { "PURL": "pkg:apk/wolfi/stunnel@5.78-r1?arch=x86_64\u0026distro=20230201", "UID": "701651e21b793377" }, "Version": "5.78-r1", "Arch": "x86_64", "SrcName": "stunnel", "SrcVersion": "5.78-r1", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "wolfi", "DependsOn": [ "glibc@2.43-r7", "ld-linux@2.43-r7", "libcrypto3@3.6.2-r5", "libgcc@16.1.0-r1", "libssl3@3.6.2-r5", "perl@5.42.2-r0" ], "Layer": { "Digest": "sha256:3dcb254820f5eabdf1fc2319a73184c051cbc56d72886c40e6cd0b43033579c7", "DiffID": "sha256:6dc90485e72e44afeb1ecab592900e898164c016d33125161b308c8bcfa53cf9" }, "Digest": "sha1:47b7507db0dec5bf8edfa5ba2bb63540e14dac84", "InstalledFiles": [ "etc/stunnel/stunnel.conf-sample", "usr/bin/stunnel", "usr/bin/stunnel3", "usr/lib/stunnel/libstunnel.so", "var/lib/db/sbom/stunnel-5.78-r1.spdx.json" ], "AnalyzedBy": "apk" }, { "ID": "wolfi-baselayout@20230201-r29", "Name": "wolfi-baselayout", "Identifier": { "PURL": "pkg:apk/wolfi/wolfi-baselayout@20230201-r29?arch=x86_64\u0026distro=20230201", "UID": "c978bcececcb7891" }, "Version": "20230201-r29", "Arch": "x86_64", "SrcName": "wolfi-baselayout", "SrcVersion": "20230201-r29", "Licenses": [ "MIT" ], "Maintainer": "wolfi", "DependsOn": [ "ca-certificates-bundle@20260413-r0" ], "Layer": { "Digest": "sha256:57ba55784e2887043227b53d1ee2788722aae8a9c66b20723e1dfb801c8ce471", "DiffID": "sha256:711f72ded0c5f10478ebf93fdd6d6a47ac484a232ef709c52e67315d4af006d9" }, "Digest": "sha1:9b1560903e3eaf5712512796a3a0a5920351d480", "InstalledFiles": [ "bin", "lib", "lib64", "sbin", "etc/group", "etc/host.conf", "etc/hosts", "etc/mtab", "etc/nsswitch.conf", "etc/os-release", "etc/passwd", "etc/profile", "etc/protocols", "etc/services", "etc/shadow", "etc/shells", "etc/profile.d/locale.sh", "etc/secfixes.d/wolfi", "usr/lib64", "usr/sbin", "usr/tmp", "usr/local/lib64", "var/lock", "var/run", "var/lib/db/sbom/wolfi-baselayout-20230201-r29.spdx.json", "var/spool/mail" ], "AnalyzedBy": "apk" }, { "ID": "zlib@1.3.2-r3", "Name": "zlib", "Identifier": { "PURL": "pkg:apk/wolfi/zlib@1.3.2-r3?arch=x86_64\u0026distro=20230201", "UID": "a4285aa49545e56a" }, "Version": "1.3.2-r3", "Arch": "x86_64", "SrcName": "zlib", "SrcVersion": "1.3.2-r3", "Licenses": [ "MPL-2.0", "MIT" ], "Maintainer": "wolfi", "DependsOn": [ "glibc@2.43-r7", "wolfi-baselayout@20230201-r29" ], "Layer": { "Digest": "sha256:8d99fd8fea9c370971ba3ab2ab453586d6a437c40211fea16fdb1445d876e907", "DiffID": "sha256:90cfe0bd8cd693b2ee91b94108fc47f023d82edc00e57352ab6635d827b33505" }, "Digest": "sha1:77ec609e1bf6aa69a7c94a6420430bbff09c7edb", "InstalledFiles": [ "usr/lib/libz.so.1", "usr/lib/libz.so.1.3.2", "var/lib/db/sbom/zlib-1.3.2-r3.spdx.json" ], "AnalyzedBy": "apk" } ] } ] }, { "Namespace": "metallb-system", "Kind": "Deployment", "Name": "controller", "Metadata": [ { "Size": 71413248, "OS": { "Family": "debian", "Name": "12.8" }, "ImageID": "sha256:48c6a3e363a254540ea2336bc5d89908e8c54abc8ae2e4bbb28a73ead48e2bf7", "DiffIDs": [ "sha256:03af251906410714c5aef9fa705b63f6bbc39c4a5e787de7361eeb18886c2ed2", "sha256:8fa10c0194df9b7c054c90dbe482585f768a54428fc90a5b78a0066a123b1bba", "sha256:a80545a98dcd0866ae5eeadc9a28dec703b1e54a01ce8ff245e83f48261fe575", "sha256:4d049f83d9cf21d1f5cc0e11deaf36df02790d0e60c1a3829538fb4b61685368", "sha256:af5aa97ebe6ce1604747ec1e21af7136ded391bcabe4acef882e718a87c86bcc", "sha256:6f1cdceb6a3146f0ccb986521156bef8a422cdbb0863396f7f751f575ba308f4", "sha256:bbb6cacb8c82e4da4e8143e03351e939eab5e21ce0ef333c42e637af86c5217b", "sha256:2a92d6ac9e4fcc274d5168b217ca4458a9fec6f094ead68d99c77073f08caac1", "sha256:1a73b54f556b477f0a8b939d13c504a3b4f4db71f7a09c63afbc10acb3de5849", "sha256:f4aee9e53c42a22ed82451218c3ea03d1eea8d6ca8fbe8eb4e950304ba8a8bb3", "sha256:b336e209998fa5cf0eec3dabf93a21194198a35f4f75612d8da03693f8c30217", "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb", "sha256:2dc1d60777ec552985e26f6678f7ce4929b526e8166decb3c365dde9477d2e8e" ], "RepoTags": [ "quay.io/metallb/controller:v0.14.9" ], "RepoDigests": [ "quay.io/metallb/controller@sha256:86261567e5ff03978893bf03ea865275283ad1e3f0f20dd342ed501b651fdf78" ], "Reference": "quay.io/metallb/controller:v0.14.9", "ImageConfig": { "architecture": "amd64", "created": "2024-12-17T14:55:17.453857751Z", "history": [ { "created": "0001-01-01T00:00:00Z" }, { "created": "0001-01-01T00:00:00Z" }, { "created": "0001-01-01T00:00:00Z" }, { "created": "0001-01-01T00:00:00Z" }, { "created": "0001-01-01T00:00:00Z" }, { "created": "0001-01-01T00:00:00Z" }, { "created": "0001-01-01T00:00:00Z" }, { "created": "0001-01-01T00:00:00Z" }, { "created": "0001-01-01T00:00:00Z" }, { "created": "0001-01-01T00:00:00Z" }, { "created": "0001-01-01T00:00:00Z" }, { "created": "2024-12-17T14:55:17.441732264Z", "created_by": "COPY /build/controller /controller # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2024-12-17T14:55:17.453857751Z", "created_by": "COPY LICENSE / # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2024-12-17T14:55:17.453857751Z", "created_by": "LABEL org.opencontainers.image.authors=metallb org.opencontainers.image.url=https://github.com/metallb/metallb org.opencontainers.image.documentation=https://metallb.universe.tf org.opencontainers.image.source=https://github.com/metallb/metallb org.opencontainers.image.vendor=metallb org.opencontainers.image.licenses=Apache-2.0 org.opencontainers.image.description=Metallb Controller org.opencontainers.image.title=controller org.opencontainers.image.base.name=gcr.io/distroless/static:latest", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2024-12-17T14:55:17.453857751Z", "created_by": "ENTRYPOINT [\"/controller\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true } ], "os": "linux", "rootfs": { "type": "layers", "diff_ids": [ "sha256:03af251906410714c5aef9fa705b63f6bbc39c4a5e787de7361eeb18886c2ed2", "sha256:8fa10c0194df9b7c054c90dbe482585f768a54428fc90a5b78a0066a123b1bba", "sha256:a80545a98dcd0866ae5eeadc9a28dec703b1e54a01ce8ff245e83f48261fe575", "sha256:4d049f83d9cf21d1f5cc0e11deaf36df02790d0e60c1a3829538fb4b61685368", "sha256:af5aa97ebe6ce1604747ec1e21af7136ded391bcabe4acef882e718a87c86bcc", "sha256:6f1cdceb6a3146f0ccb986521156bef8a422cdbb0863396f7f751f575ba308f4", "sha256:bbb6cacb8c82e4da4e8143e03351e939eab5e21ce0ef333c42e637af86c5217b", "sha256:2a92d6ac9e4fcc274d5168b217ca4458a9fec6f094ead68d99c77073f08caac1", "sha256:1a73b54f556b477f0a8b939d13c504a3b4f4db71f7a09c63afbc10acb3de5849", "sha256:f4aee9e53c42a22ed82451218c3ea03d1eea8d6ca8fbe8eb4e950304ba8a8bb3", "sha256:b336e209998fa5cf0eec3dabf93a21194198a35f4f75612d8da03693f8c30217", "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb", "sha256:2dc1d60777ec552985e26f6678f7ce4929b526e8166decb3c365dde9477d2e8e" ] }, "config": { "Entrypoint": [ "/controller" ], "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt" ], "Labels": { "org.opencontainers.image.authors": "metallb", "org.opencontainers.image.base.name": "gcr.io/distroless/static:latest", "org.opencontainers.image.created": "2024-12-17T14:50:29.605Z", "org.opencontainers.image.description": "controller for metallb, a network load-balancer implementation for Kubernetes using standard routing protocols", "org.opencontainers.image.documentation": "https://metallb.universe.tf", "org.opencontainers.image.licenses": "Apache-2.0", "org.opencontainers.image.revision": "5765ee504d21a3a237d9dab223ca707661269ecd", "org.opencontainers.image.source": "https://github.com/metallb/metallb", "org.opencontainers.image.title": "controller", "org.opencontainers.image.url": "https://github.com/metallb/metallb", "org.opencontainers.image.vendor": "metallb", "org.opencontainers.image.version": "v0.14.9" }, "User": "0", "WorkingDir": "/" } }, "Layers": [ { "Size": 327680, "Digest": "sha256:0baecf37abeec25aad5f5bb99f3fa20e90f15361468ef5b66fae93e9c8283c3d", "DiffID": "sha256:03af251906410714c5aef9fa705b63f6bbc39c4a5e787de7361eeb18886c2ed2" }, { "Size": 40960, "Digest": "sha256:bfb59b82a9b65e47d485e53b3e815bca3b3e21a095bd0cb88ced9ac0b48062bf", "DiffID": "sha256:8fa10c0194df9b7c054c90dbe482585f768a54428fc90a5b78a0066a123b1bba" }, { "Size": 2396160, "Digest": "sha256:efa9d1d5d3a286c60a7261496166fdf31cec2284dafe7eef7cda89eba2f675d6", "DiffID": "sha256:a80545a98dcd0866ae5eeadc9a28dec703b1e54a01ce8ff245e83f48261fe575" }, { "Size": 1536, "Digest": "sha256:0f8b424aa0b96c1c388a5fd4d90735604459256336853082afb61733438872b5", "DiffID": "sha256:4d049f83d9cf21d1f5cc0e11deaf36df02790d0e60c1a3829538fb4b61685368" }, { "Size": 2560, "Digest": "sha256:d557676654e572af3e3173c90e7874644207fda32cd87e9d3d66b5d7b98a7b21", "DiffID": "sha256:af5aa97ebe6ce1604747ec1e21af7136ded391bcabe4acef882e718a87c86bcc" }, { "Size": 2560, "Digest": "sha256:3214acf345c0cc6bbdb56b698a41ccdefc624a09d6beb0d38b5de0b2303ecaf4", "DiffID": "sha256:6f1cdceb6a3146f0ccb986521156bef8a422cdbb0863396f7f751f575ba308f4" }, { "Size": 2560, "Digest": "sha256:d858cbc252ade14879807ff8dbc3043a26bbdb92087da98cda831ee040b172b3", "DiffID": "sha256:bbb6cacb8c82e4da4e8143e03351e939eab5e21ce0ef333c42e637af86c5217b" }, { "Size": 1536, "Digest": "sha256:1069fc2daed1aceff7232f4b8ab21200dd3d8b04f61be9da86977a34a105dfdc", "DiffID": "sha256:2a92d6ac9e4fcc274d5168b217ca4458a9fec6f094ead68d99c77073f08caac1" }, { "Size": 10240, "Digest": "sha256:b40161cd83fc5d470d6abe50e87aa288481b6b89137012881d74187cfbf9f502", "DiffID": "sha256:1a73b54f556b477f0a8b939d13c504a3b4f4db71f7a09c63afbc10acb3de5849" }, { "Size": 3072, "Digest": "sha256:3f4e2c5863480125882d92060440a5250766bce764fee10acdbac18c872e4dc7", "DiffID": "sha256:f4aee9e53c42a22ed82451218c3ea03d1eea8d6ca8fbe8eb4e950304ba8a8bb3" }, { "Size": 238592, "Digest": "sha256:80a8c047508ae5cd6a591060fc43422cb8e3aea1bd908d913e8f0146e2297fea", "DiffID": "sha256:b336e209998fa5cf0eec3dabf93a21194198a35f4f75612d8da03693f8c30217" }, { "Size": 68372480, "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, { "Size": 13312, "Digest": "sha256:5ac6c79bf477324d06c92749f565d767991e7c24db91247498bcc6689062e3a7", "DiffID": "sha256:2dc1d60777ec552985e26f6678f7ce4929b526e8166decb3c365dde9477d2e8e" } ] } ], "Results": [ { "Target": "quay.io/metallb/controller:v0.14.9 (debian 12.8)", "Class": "os-pkgs", "Type": "debian", "Packages": [ { "ID": "base-files@12.4+deb12u8", "Name": "base-files", "Identifier": { "PURL": "pkg:deb/debian/base-files@12.4%2Bdeb12u8?arch=amd64\u0026distro=debian-12.8", "UID": "d14c71402a4a6855" }, "Version": "12.4+deb12u8", "Arch": "amd64", "SrcName": "base-files", "SrcVersion": "12.4+deb12u8", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Santiago Vila \u003csanvila@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:0baecf37abeec25aad5f5bb99f3fa20e90f15361468ef5b66fae93e9c8283c3d", "DiffID": "sha256:03af251906410714c5aef9fa705b63f6bbc39c4a5e787de7361eeb18886c2ed2" }, "InstalledFiles": [ "/usr/lib/os-release", "/usr/share/base-files/dot.bashrc", "/usr/share/base-files/dot.profile", "/usr/share/base-files/dot.profile.md5sums", "/usr/share/base-files/info.dir", "/usr/share/base-files/motd", "/usr/share/base-files/profile", "/usr/share/base-files/profile.md5sums", "/usr/share/base-files/staff-group-for-usr-local", "/usr/share/common-licenses/Apache-2.0", "/usr/share/common-licenses/Artistic", "/usr/share/common-licenses/BSD", "/usr/share/common-licenses/CC0-1.0", "/usr/share/common-licenses/GFDL-1.2", "/usr/share/common-licenses/GFDL-1.3", "/usr/share/common-licenses/GPL-1", "/usr/share/common-licenses/GPL-2", "/usr/share/common-licenses/GPL-3", "/usr/share/common-licenses/LGPL-2", "/usr/share/common-licenses/LGPL-2.1", "/usr/share/common-licenses/LGPL-3", "/usr/share/common-licenses/MPL-1.1", "/usr/share/common-licenses/MPL-2.0", "/usr/share/doc/base-files/README", "/usr/share/doc/base-files/README.FHS", "/usr/share/doc/base-files/changelog.gz", "/usr/share/doc/base-files/copyright", "/usr/share/lintian/overrides/base-files" ], "AnalyzedBy": "dpkg" }, { "ID": "netbase@6.4", "Name": "netbase", "Identifier": { "PURL": "pkg:deb/debian/netbase@6.4?arch=all\u0026distro=debian-12.8", "UID": "64adcbea2e4e887c" }, "Version": "6.4", "Arch": "all", "SrcName": "netbase", "SrcVersion": "6.4", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Marco d'Itri \u003cmd@linux.it\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:bfb59b82a9b65e47d485e53b3e815bca3b3e21a095bd0cb88ced9ac0b48062bf", "DiffID": "sha256:8fa10c0194df9b7c054c90dbe482585f768a54428fc90a5b78a0066a123b1bba" }, "InstalledFiles": [ "/usr/share/doc/netbase/changelog.gz", "/usr/share/doc/netbase/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "tzdata@2024b-0+deb12u1", "Name": "tzdata", "Identifier": { "PURL": "pkg:deb/debian/tzdata@2024b-0%2Bdeb12u1?arch=all\u0026distro=debian-12.8", "UID": "3a3b46fd2f480cbf" }, "Version": "2024b", "Release": "0+deb12u1", "Arch": "all", "SrcName": "tzdata", "SrcVersion": "2024b", "SrcRelease": "0+deb12u1", "Licenses": [ "public-domain" ], "Maintainer": "GNU Libc Maintainers \u003cdebian-glibc@lists.debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:efa9d1d5d3a286c60a7261496166fdf31cec2284dafe7eef7cda89eba2f675d6", "DiffID": "sha256:a80545a98dcd0866ae5eeadc9a28dec703b1e54a01ce8ff245e83f48261fe575" }, "InstalledFiles": [ "/usr/share/doc/tzdata/README.Debian", "/usr/share/doc/tzdata/changelog.Debian.gz", "/usr/share/doc/tzdata/changelog.gz", "/usr/share/doc/tzdata/copyright", "/usr/share/lintian/overrides/tzdata", "/usr/share/zoneinfo/Africa/Abidjan", "/usr/share/zoneinfo/Africa/Accra", "/usr/share/zoneinfo/Africa/Addis_Ababa", "/usr/share/zoneinfo/Africa/Algiers", "/usr/share/zoneinfo/Africa/Asmara", "/usr/share/zoneinfo/Africa/Bamako", "/usr/share/zoneinfo/Africa/Bangui", "/usr/share/zoneinfo/Africa/Banjul", "/usr/share/zoneinfo/Africa/Bissau", "/usr/share/zoneinfo/Africa/Blantyre", "/usr/share/zoneinfo/Africa/Brazzaville", "/usr/share/zoneinfo/Africa/Bujumbura", "/usr/share/zoneinfo/Africa/Cairo", "/usr/share/zoneinfo/Africa/Casablanca", "/usr/share/zoneinfo/Africa/Ceuta", "/usr/share/zoneinfo/Africa/Conakry", "/usr/share/zoneinfo/Africa/Dakar", "/usr/share/zoneinfo/Africa/Dar_es_Salaam", "/usr/share/zoneinfo/Africa/Djibouti", "/usr/share/zoneinfo/Africa/Douala", "/usr/share/zoneinfo/Africa/El_Aaiun", "/usr/share/zoneinfo/Africa/Freetown", "/usr/share/zoneinfo/Africa/Gaborone", "/usr/share/zoneinfo/Africa/Harare", "/usr/share/zoneinfo/Africa/Johannesburg", "/usr/share/zoneinfo/Africa/Juba", "/usr/share/zoneinfo/Africa/Kampala", "/usr/share/zoneinfo/Africa/Khartoum", "/usr/share/zoneinfo/Africa/Kigali", "/usr/share/zoneinfo/Africa/Kinshasa", "/usr/share/zoneinfo/Africa/Lagos", "/usr/share/zoneinfo/Africa/Libreville", "/usr/share/zoneinfo/Africa/Lome", "/usr/share/zoneinfo/Africa/Luanda", "/usr/share/zoneinfo/Africa/Lubumbashi", "/usr/share/zoneinfo/Africa/Lusaka", "/usr/share/zoneinfo/Africa/Malabo", "/usr/share/zoneinfo/Africa/Maputo", "/usr/share/zoneinfo/Africa/Maseru", "/usr/share/zoneinfo/Africa/Mbabane", "/usr/share/zoneinfo/Africa/Mogadishu", "/usr/share/zoneinfo/Africa/Monrovia", "/usr/share/zoneinfo/Africa/Nairobi", "/usr/share/zoneinfo/Africa/Ndjamena", "/usr/share/zoneinfo/Africa/Niamey", "/usr/share/zoneinfo/Africa/Nouakchott", "/usr/share/zoneinfo/Africa/Ouagadougou", "/usr/share/zoneinfo/Africa/Porto-Novo", "/usr/share/zoneinfo/Africa/Sao_Tome", "/usr/share/zoneinfo/Africa/Tripoli", "/usr/share/zoneinfo/Africa/Tunis", "/usr/share/zoneinfo/Africa/Windhoek", "/usr/share/zoneinfo/America/Adak", "/usr/share/zoneinfo/America/Anchorage", "/usr/share/zoneinfo/America/Anguilla", "/usr/share/zoneinfo/America/Antigua", "/usr/share/zoneinfo/America/Araguaina", "/usr/share/zoneinfo/America/Argentina/Buenos_Aires", "/usr/share/zoneinfo/America/Argentina/Catamarca", "/usr/share/zoneinfo/America/Argentina/Cordoba", "/usr/share/zoneinfo/America/Argentina/Jujuy", "/usr/share/zoneinfo/America/Argentina/La_Rioja", "/usr/share/zoneinfo/America/Argentina/Mendoza", "/usr/share/zoneinfo/America/Argentina/Rio_Gallegos", "/usr/share/zoneinfo/America/Argentina/Salta", "/usr/share/zoneinfo/America/Argentina/San_Juan", "/usr/share/zoneinfo/America/Argentina/San_Luis", "/usr/share/zoneinfo/America/Argentina/Tucuman", "/usr/share/zoneinfo/America/Argentina/Ushuaia", "/usr/share/zoneinfo/America/Aruba", "/usr/share/zoneinfo/America/Asuncion", "/usr/share/zoneinfo/America/Atikokan", "/usr/share/zoneinfo/America/Bahia", "/usr/share/zoneinfo/America/Bahia_Banderas", "/usr/share/zoneinfo/America/Barbados", "/usr/share/zoneinfo/America/Belem", "/usr/share/zoneinfo/America/Belize", "/usr/share/zoneinfo/America/Blanc-Sablon", "/usr/share/zoneinfo/America/Boa_Vista", "/usr/share/zoneinfo/America/Bogota", "/usr/share/zoneinfo/America/Boise", "/usr/share/zoneinfo/America/Cambridge_Bay", "/usr/share/zoneinfo/America/Campo_Grande", "/usr/share/zoneinfo/America/Cancun", "/usr/share/zoneinfo/America/Caracas", "/usr/share/zoneinfo/America/Cayenne", "/usr/share/zoneinfo/America/Cayman", "/usr/share/zoneinfo/America/Chicago", "/usr/share/zoneinfo/America/Chihuahua", "/usr/share/zoneinfo/America/Ciudad_Juarez", "/usr/share/zoneinfo/America/Costa_Rica", "/usr/share/zoneinfo/America/Creston", "/usr/share/zoneinfo/America/Cuiaba", "/usr/share/zoneinfo/America/Curacao", "/usr/share/zoneinfo/America/Danmarkshavn", "/usr/share/zoneinfo/America/Dawson", "/usr/share/zoneinfo/America/Dawson_Creek", "/usr/share/zoneinfo/America/Denver", "/usr/share/zoneinfo/America/Detroit", "/usr/share/zoneinfo/America/Dominica", "/usr/share/zoneinfo/America/Edmonton", "/usr/share/zoneinfo/America/Eirunepe", "/usr/share/zoneinfo/America/El_Salvador", "/usr/share/zoneinfo/America/Fort_Nelson", "/usr/share/zoneinfo/America/Fortaleza", "/usr/share/zoneinfo/America/Glace_Bay", "/usr/share/zoneinfo/America/Goose_Bay", "/usr/share/zoneinfo/America/Grand_Turk", "/usr/share/zoneinfo/America/Grenada", "/usr/share/zoneinfo/America/Guadeloupe", "/usr/share/zoneinfo/America/Guatemala", "/usr/share/zoneinfo/America/Guayaquil", "/usr/share/zoneinfo/America/Guyana", "/usr/share/zoneinfo/America/Halifax", "/usr/share/zoneinfo/America/Havana", "/usr/share/zoneinfo/America/Hermosillo", "/usr/share/zoneinfo/America/Indiana/Indianapolis", "/usr/share/zoneinfo/America/Indiana/Knox", "/usr/share/zoneinfo/America/Indiana/Marengo", "/usr/share/zoneinfo/America/Indiana/Petersburg", "/usr/share/zoneinfo/America/Indiana/Tell_City", "/usr/share/zoneinfo/America/Indiana/Vevay", "/usr/share/zoneinfo/America/Indiana/Vincennes", "/usr/share/zoneinfo/America/Indiana/Winamac", "/usr/share/zoneinfo/America/Inuvik", "/usr/share/zoneinfo/America/Iqaluit", "/usr/share/zoneinfo/America/Jamaica", "/usr/share/zoneinfo/America/Juneau", "/usr/share/zoneinfo/America/Kentucky/Louisville", "/usr/share/zoneinfo/America/Kentucky/Monticello", "/usr/share/zoneinfo/America/La_Paz", "/usr/share/zoneinfo/America/Lima", "/usr/share/zoneinfo/America/Los_Angeles", "/usr/share/zoneinfo/America/Maceio", "/usr/share/zoneinfo/America/Managua", "/usr/share/zoneinfo/America/Manaus", "/usr/share/zoneinfo/America/Martinique", "/usr/share/zoneinfo/America/Matamoros", "/usr/share/zoneinfo/America/Mazatlan", "/usr/share/zoneinfo/America/Menominee", "/usr/share/zoneinfo/America/Merida", "/usr/share/zoneinfo/America/Metlakatla", "/usr/share/zoneinfo/America/Mexico_City", "/usr/share/zoneinfo/America/Miquelon", "/usr/share/zoneinfo/America/Moncton", "/usr/share/zoneinfo/America/Monterrey", "/usr/share/zoneinfo/America/Montevideo", "/usr/share/zoneinfo/America/Montserrat", "/usr/share/zoneinfo/America/Nassau", "/usr/share/zoneinfo/America/New_York", "/usr/share/zoneinfo/America/Nome", "/usr/share/zoneinfo/America/Noronha", "/usr/share/zoneinfo/America/North_Dakota/Beulah", "/usr/share/zoneinfo/America/North_Dakota/Center", "/usr/share/zoneinfo/America/North_Dakota/New_Salem", "/usr/share/zoneinfo/America/Nuuk", "/usr/share/zoneinfo/America/Ojinaga", "/usr/share/zoneinfo/America/Panama", "/usr/share/zoneinfo/America/Paramaribo", "/usr/share/zoneinfo/America/Phoenix", "/usr/share/zoneinfo/America/Port-au-Prince", "/usr/share/zoneinfo/America/Port_of_Spain", "/usr/share/zoneinfo/America/Porto_Velho", "/usr/share/zoneinfo/America/Puerto_Rico", "/usr/share/zoneinfo/America/Punta_Arenas", "/usr/share/zoneinfo/America/Rankin_Inlet", "/usr/share/zoneinfo/America/Recife", "/usr/share/zoneinfo/America/Regina", "/usr/share/zoneinfo/America/Resolute", "/usr/share/zoneinfo/America/Rio_Branco", "/usr/share/zoneinfo/America/Santarem", "/usr/share/zoneinfo/America/Santiago", "/usr/share/zoneinfo/America/Santo_Domingo", "/usr/share/zoneinfo/America/Sao_Paulo", "/usr/share/zoneinfo/America/Scoresbysund", "/usr/share/zoneinfo/America/Sitka", "/usr/share/zoneinfo/America/St_Johns", "/usr/share/zoneinfo/America/St_Kitts", "/usr/share/zoneinfo/America/St_Lucia", "/usr/share/zoneinfo/America/St_Thomas", "/usr/share/zoneinfo/America/St_Vincent", "/usr/share/zoneinfo/America/Swift_Current", "/usr/share/zoneinfo/America/Tegucigalpa", "/usr/share/zoneinfo/America/Thule", "/usr/share/zoneinfo/America/Tijuana", "/usr/share/zoneinfo/America/Toronto", "/usr/share/zoneinfo/America/Tortola", "/usr/share/zoneinfo/America/Vancouver", "/usr/share/zoneinfo/America/Whitehorse", "/usr/share/zoneinfo/America/Winnipeg", "/usr/share/zoneinfo/America/Yakutat", "/usr/share/zoneinfo/Antarctica/Casey", "/usr/share/zoneinfo/Antarctica/Davis", "/usr/share/zoneinfo/Antarctica/DumontDUrville", "/usr/share/zoneinfo/Antarctica/Macquarie", "/usr/share/zoneinfo/Antarctica/Mawson", "/usr/share/zoneinfo/Antarctica/McMurdo", "/usr/share/zoneinfo/Antarctica/Palmer", "/usr/share/zoneinfo/Antarctica/Rothera", "/usr/share/zoneinfo/Antarctica/Syowa", "/usr/share/zoneinfo/Antarctica/Troll", "/usr/share/zoneinfo/Antarctica/Vostok", "/usr/share/zoneinfo/Asia/Aden", "/usr/share/zoneinfo/Asia/Almaty", "/usr/share/zoneinfo/Asia/Amman", "/usr/share/zoneinfo/Asia/Anadyr", "/usr/share/zoneinfo/Asia/Aqtau", "/usr/share/zoneinfo/Asia/Aqtobe", "/usr/share/zoneinfo/Asia/Ashgabat", "/usr/share/zoneinfo/Asia/Atyrau", "/usr/share/zoneinfo/Asia/Baghdad", "/usr/share/zoneinfo/Asia/Bahrain", "/usr/share/zoneinfo/Asia/Baku", "/usr/share/zoneinfo/Asia/Bangkok", "/usr/share/zoneinfo/Asia/Barnaul", "/usr/share/zoneinfo/Asia/Beirut", "/usr/share/zoneinfo/Asia/Bishkek", "/usr/share/zoneinfo/Asia/Brunei", "/usr/share/zoneinfo/Asia/Chita", "/usr/share/zoneinfo/Asia/Colombo", "/usr/share/zoneinfo/Asia/Damascus", "/usr/share/zoneinfo/Asia/Dhaka", "/usr/share/zoneinfo/Asia/Dili", "/usr/share/zoneinfo/Asia/Dubai", "/usr/share/zoneinfo/Asia/Dushanbe", "/usr/share/zoneinfo/Asia/Famagusta", "/usr/share/zoneinfo/Asia/Gaza", "/usr/share/zoneinfo/Asia/Hebron", "/usr/share/zoneinfo/Asia/Ho_Chi_Minh", "/usr/share/zoneinfo/Asia/Hong_Kong", "/usr/share/zoneinfo/Asia/Hovd", "/usr/share/zoneinfo/Asia/Irkutsk", "/usr/share/zoneinfo/Asia/Jakarta", "/usr/share/zoneinfo/Asia/Jayapura", "/usr/share/zoneinfo/Asia/Jerusalem", "/usr/share/zoneinfo/Asia/Kabul", "/usr/share/zoneinfo/Asia/Kamchatka", "/usr/share/zoneinfo/Asia/Karachi", "/usr/share/zoneinfo/Asia/Kathmandu", "/usr/share/zoneinfo/Asia/Khandyga", "/usr/share/zoneinfo/Asia/Kolkata", "/usr/share/zoneinfo/Asia/Krasnoyarsk", "/usr/share/zoneinfo/Asia/Kuala_Lumpur", "/usr/share/zoneinfo/Asia/Kuching", "/usr/share/zoneinfo/Asia/Kuwait", "/usr/share/zoneinfo/Asia/Macau", "/usr/share/zoneinfo/Asia/Magadan", "/usr/share/zoneinfo/Asia/Makassar", "/usr/share/zoneinfo/Asia/Manila", "/usr/share/zoneinfo/Asia/Muscat", "/usr/share/zoneinfo/Asia/Nicosia", "/usr/share/zoneinfo/Asia/Novokuznetsk", "/usr/share/zoneinfo/Asia/Novosibirsk", "/usr/share/zoneinfo/Asia/Omsk", "/usr/share/zoneinfo/Asia/Oral", "/usr/share/zoneinfo/Asia/Phnom_Penh", "/usr/share/zoneinfo/Asia/Pontianak", "/usr/share/zoneinfo/Asia/Pyongyang", "/usr/share/zoneinfo/Asia/Qatar", "/usr/share/zoneinfo/Asia/Qostanay", "/usr/share/zoneinfo/Asia/Qyzylorda", "/usr/share/zoneinfo/Asia/Riyadh", "/usr/share/zoneinfo/Asia/Sakhalin", "/usr/share/zoneinfo/Asia/Samarkand", "/usr/share/zoneinfo/Asia/Seoul", "/usr/share/zoneinfo/Asia/Shanghai", "/usr/share/zoneinfo/Asia/Singapore", "/usr/share/zoneinfo/Asia/Srednekolymsk", "/usr/share/zoneinfo/Asia/Taipei", "/usr/share/zoneinfo/Asia/Tashkent", "/usr/share/zoneinfo/Asia/Tbilisi", "/usr/share/zoneinfo/Asia/Tehran", "/usr/share/zoneinfo/Asia/Thimphu", "/usr/share/zoneinfo/Asia/Tokyo", "/usr/share/zoneinfo/Asia/Tomsk", "/usr/share/zoneinfo/Asia/Ulaanbaatar", "/usr/share/zoneinfo/Asia/Urumqi", "/usr/share/zoneinfo/Asia/Ust-Nera", "/usr/share/zoneinfo/Asia/Vientiane", "/usr/share/zoneinfo/Asia/Vladivostok", "/usr/share/zoneinfo/Asia/Yakutsk", "/usr/share/zoneinfo/Asia/Yangon", "/usr/share/zoneinfo/Asia/Yekaterinburg", "/usr/share/zoneinfo/Asia/Yerevan", "/usr/share/zoneinfo/Atlantic/Azores", "/usr/share/zoneinfo/Atlantic/Bermuda", "/usr/share/zoneinfo/Atlantic/Canary", "/usr/share/zoneinfo/Atlantic/Cape_Verde", "/usr/share/zoneinfo/Atlantic/Faroe", "/usr/share/zoneinfo/Atlantic/Madeira", "/usr/share/zoneinfo/Atlantic/Reykjavik", "/usr/share/zoneinfo/Atlantic/South_Georgia", "/usr/share/zoneinfo/Atlantic/St_Helena", "/usr/share/zoneinfo/Atlantic/Stanley", "/usr/share/zoneinfo/Australia/Adelaide", "/usr/share/zoneinfo/Australia/Brisbane", "/usr/share/zoneinfo/Australia/Broken_Hill", "/usr/share/zoneinfo/Australia/Darwin", "/usr/share/zoneinfo/Australia/Eucla", "/usr/share/zoneinfo/Australia/Hobart", "/usr/share/zoneinfo/Australia/Lindeman", "/usr/share/zoneinfo/Australia/Lord_Howe", "/usr/share/zoneinfo/Australia/Melbourne", "/usr/share/zoneinfo/Australia/Perth", "/usr/share/zoneinfo/Australia/Sydney", "/usr/share/zoneinfo/CET", "/usr/share/zoneinfo/CST6CDT", "/usr/share/zoneinfo/EET", "/usr/share/zoneinfo/EST", "/usr/share/zoneinfo/EST5EDT", "/usr/share/zoneinfo/Etc/GMT", "/usr/share/zoneinfo/Etc/GMT+1", "/usr/share/zoneinfo/Etc/GMT+10", "/usr/share/zoneinfo/Etc/GMT+11", "/usr/share/zoneinfo/Etc/GMT+12", "/usr/share/zoneinfo/Etc/GMT+2", "/usr/share/zoneinfo/Etc/GMT+3", "/usr/share/zoneinfo/Etc/GMT+4", "/usr/share/zoneinfo/Etc/GMT+5", "/usr/share/zoneinfo/Etc/GMT+6", "/usr/share/zoneinfo/Etc/GMT+7", "/usr/share/zoneinfo/Etc/GMT+8", "/usr/share/zoneinfo/Etc/GMT+9", "/usr/share/zoneinfo/Etc/GMT-1", "/usr/share/zoneinfo/Etc/GMT-10", "/usr/share/zoneinfo/Etc/GMT-11", "/usr/share/zoneinfo/Etc/GMT-12", "/usr/share/zoneinfo/Etc/GMT-13", "/usr/share/zoneinfo/Etc/GMT-14", "/usr/share/zoneinfo/Etc/GMT-2", "/usr/share/zoneinfo/Etc/GMT-3", "/usr/share/zoneinfo/Etc/GMT-4", "/usr/share/zoneinfo/Etc/GMT-5", "/usr/share/zoneinfo/Etc/GMT-6", "/usr/share/zoneinfo/Etc/GMT-7", "/usr/share/zoneinfo/Etc/GMT-8", "/usr/share/zoneinfo/Etc/GMT-9", "/usr/share/zoneinfo/Etc/UTC", "/usr/share/zoneinfo/Europe/Amsterdam", "/usr/share/zoneinfo/Europe/Andorra", "/usr/share/zoneinfo/Europe/Astrakhan", "/usr/share/zoneinfo/Europe/Athens", "/usr/share/zoneinfo/Europe/Belgrade", "/usr/share/zoneinfo/Europe/Berlin", "/usr/share/zoneinfo/Europe/Brussels", "/usr/share/zoneinfo/Europe/Bucharest", "/usr/share/zoneinfo/Europe/Budapest", "/usr/share/zoneinfo/Europe/Chisinau", "/usr/share/zoneinfo/Europe/Copenhagen", "/usr/share/zoneinfo/Europe/Dublin", "/usr/share/zoneinfo/Europe/Gibraltar", "/usr/share/zoneinfo/Europe/Guernsey", "/usr/share/zoneinfo/Europe/Helsinki", "/usr/share/zoneinfo/Europe/Isle_of_Man", "/usr/share/zoneinfo/Europe/Istanbul", "/usr/share/zoneinfo/Europe/Jersey", "/usr/share/zoneinfo/Europe/Kaliningrad", "/usr/share/zoneinfo/Europe/Kirov", "/usr/share/zoneinfo/Europe/Kyiv", "/usr/share/zoneinfo/Europe/Lisbon", "/usr/share/zoneinfo/Europe/Ljubljana", "/usr/share/zoneinfo/Europe/London", "/usr/share/zoneinfo/Europe/Luxembourg", "/usr/share/zoneinfo/Europe/Madrid", "/usr/share/zoneinfo/Europe/Malta", "/usr/share/zoneinfo/Europe/Minsk", "/usr/share/zoneinfo/Europe/Monaco", "/usr/share/zoneinfo/Europe/Moscow", "/usr/share/zoneinfo/Europe/Oslo", "/usr/share/zoneinfo/Europe/Paris", "/usr/share/zoneinfo/Europe/Prague", "/usr/share/zoneinfo/Europe/Riga", "/usr/share/zoneinfo/Europe/Rome", "/usr/share/zoneinfo/Europe/Samara", "/usr/share/zoneinfo/Europe/Sarajevo", "/usr/share/zoneinfo/Europe/Saratov", "/usr/share/zoneinfo/Europe/Simferopol", "/usr/share/zoneinfo/Europe/Skopje", "/usr/share/zoneinfo/Europe/Sofia", "/usr/share/zoneinfo/Europe/Stockholm", "/usr/share/zoneinfo/Europe/Tallinn", "/usr/share/zoneinfo/Europe/Tirane", "/usr/share/zoneinfo/Europe/Ulyanovsk", "/usr/share/zoneinfo/Europe/Vaduz", "/usr/share/zoneinfo/Europe/Vienna", "/usr/share/zoneinfo/Europe/Vilnius", "/usr/share/zoneinfo/Europe/Volgograd", "/usr/share/zoneinfo/Europe/Warsaw", "/usr/share/zoneinfo/Europe/Zagreb", "/usr/share/zoneinfo/Europe/Zurich", "/usr/share/zoneinfo/Factory", "/usr/share/zoneinfo/HST", "/usr/share/zoneinfo/Indian/Antananarivo", "/usr/share/zoneinfo/Indian/Chagos", "/usr/share/zoneinfo/Indian/Christmas", "/usr/share/zoneinfo/Indian/Cocos", "/usr/share/zoneinfo/Indian/Comoro", "/usr/share/zoneinfo/Indian/Kerguelen", "/usr/share/zoneinfo/Indian/Mahe", "/usr/share/zoneinfo/Indian/Maldives", "/usr/share/zoneinfo/Indian/Mauritius", "/usr/share/zoneinfo/Indian/Mayotte", "/usr/share/zoneinfo/Indian/Reunion", "/usr/share/zoneinfo/MET", "/usr/share/zoneinfo/MST", "/usr/share/zoneinfo/MST7MDT", "/usr/share/zoneinfo/PST8PDT", "/usr/share/zoneinfo/Pacific/Apia", "/usr/share/zoneinfo/Pacific/Auckland", "/usr/share/zoneinfo/Pacific/Bougainville", "/usr/share/zoneinfo/Pacific/Chatham", "/usr/share/zoneinfo/Pacific/Chuuk", "/usr/share/zoneinfo/Pacific/Easter", "/usr/share/zoneinfo/Pacific/Efate", "/usr/share/zoneinfo/Pacific/Fakaofo", "/usr/share/zoneinfo/Pacific/Fiji", "/usr/share/zoneinfo/Pacific/Funafuti", "/usr/share/zoneinfo/Pacific/Galapagos", "/usr/share/zoneinfo/Pacific/Gambier", "/usr/share/zoneinfo/Pacific/Guadalcanal", "/usr/share/zoneinfo/Pacific/Guam", "/usr/share/zoneinfo/Pacific/Honolulu", "/usr/share/zoneinfo/Pacific/Kanton", "/usr/share/zoneinfo/Pacific/Kiritimati", "/usr/share/zoneinfo/Pacific/Kosrae", "/usr/share/zoneinfo/Pacific/Kwajalein", "/usr/share/zoneinfo/Pacific/Majuro", "/usr/share/zoneinfo/Pacific/Marquesas", "/usr/share/zoneinfo/Pacific/Midway", "/usr/share/zoneinfo/Pacific/Nauru", "/usr/share/zoneinfo/Pacific/Niue", "/usr/share/zoneinfo/Pacific/Norfolk", "/usr/share/zoneinfo/Pacific/Noumea", "/usr/share/zoneinfo/Pacific/Pago_Pago", "/usr/share/zoneinfo/Pacific/Palau", "/usr/share/zoneinfo/Pacific/Pitcairn", "/usr/share/zoneinfo/Pacific/Pohnpei", "/usr/share/zoneinfo/Pacific/Port_Moresby", "/usr/share/zoneinfo/Pacific/Rarotonga", "/usr/share/zoneinfo/Pacific/Saipan", "/usr/share/zoneinfo/Pacific/Tahiti", "/usr/share/zoneinfo/Pacific/Tarawa", "/usr/share/zoneinfo/Pacific/Tongatapu", "/usr/share/zoneinfo/Pacific/Wake", "/usr/share/zoneinfo/Pacific/Wallis", "/usr/share/zoneinfo/WET", "/usr/share/zoneinfo/iso3166.tab", "/usr/share/zoneinfo/leap-seconds.list", "/usr/share/zoneinfo/leapseconds", "/usr/share/zoneinfo/right/Africa/Abidjan", "/usr/share/zoneinfo/right/Africa/Accra", "/usr/share/zoneinfo/right/Africa/Addis_Ababa", "/usr/share/zoneinfo/right/Africa/Algiers", "/usr/share/zoneinfo/right/Africa/Asmara", "/usr/share/zoneinfo/right/Africa/Bamako", "/usr/share/zoneinfo/right/Africa/Bangui", "/usr/share/zoneinfo/right/Africa/Banjul", "/usr/share/zoneinfo/right/Africa/Bissau", "/usr/share/zoneinfo/right/Africa/Blantyre", "/usr/share/zoneinfo/right/Africa/Brazzaville", "/usr/share/zoneinfo/right/Africa/Bujumbura", "/usr/share/zoneinfo/right/Africa/Cairo", "/usr/share/zoneinfo/right/Africa/Casablanca", "/usr/share/zoneinfo/right/Africa/Ceuta", "/usr/share/zoneinfo/right/Africa/Conakry", "/usr/share/zoneinfo/right/Africa/Dakar", "/usr/share/zoneinfo/right/Africa/Dar_es_Salaam", "/usr/share/zoneinfo/right/Africa/Djibouti", "/usr/share/zoneinfo/right/Africa/Douala", "/usr/share/zoneinfo/right/Africa/El_Aaiun", "/usr/share/zoneinfo/right/Africa/Freetown", "/usr/share/zoneinfo/right/Africa/Gaborone", "/usr/share/zoneinfo/right/Africa/Harare", "/usr/share/zoneinfo/right/Africa/Johannesburg", "/usr/share/zoneinfo/right/Africa/Juba", "/usr/share/zoneinfo/right/Africa/Kampala", "/usr/share/zoneinfo/right/Africa/Khartoum", "/usr/share/zoneinfo/right/Africa/Kigali", "/usr/share/zoneinfo/right/Africa/Kinshasa", "/usr/share/zoneinfo/right/Africa/Lagos", "/usr/share/zoneinfo/right/Africa/Libreville", "/usr/share/zoneinfo/right/Africa/Lome", "/usr/share/zoneinfo/right/Africa/Luanda", "/usr/share/zoneinfo/right/Africa/Lubumbashi", "/usr/share/zoneinfo/right/Africa/Lusaka", "/usr/share/zoneinfo/right/Africa/Malabo", "/usr/share/zoneinfo/right/Africa/Maputo", "/usr/share/zoneinfo/right/Africa/Maseru", "/usr/share/zoneinfo/right/Africa/Mbabane", "/usr/share/zoneinfo/right/Africa/Mogadishu", "/usr/share/zoneinfo/right/Africa/Monrovia", "/usr/share/zoneinfo/right/Africa/Nairobi", "/usr/share/zoneinfo/right/Africa/Ndjamena", "/usr/share/zoneinfo/right/Africa/Niamey", "/usr/share/zoneinfo/right/Africa/Nouakchott", "/usr/share/zoneinfo/right/Africa/Ouagadougou", "/usr/share/zoneinfo/right/Africa/Porto-Novo", "/usr/share/zoneinfo/right/Africa/Sao_Tome", "/usr/share/zoneinfo/right/Africa/Tripoli", "/usr/share/zoneinfo/right/Africa/Tunis", "/usr/share/zoneinfo/right/Africa/Windhoek", "/usr/share/zoneinfo/right/America/Adak", "/usr/share/zoneinfo/right/America/Anchorage", "/usr/share/zoneinfo/right/America/Anguilla", "/usr/share/zoneinfo/right/America/Antigua", "/usr/share/zoneinfo/right/America/Araguaina", "/usr/share/zoneinfo/right/America/Argentina/Buenos_Aires", "/usr/share/zoneinfo/right/America/Argentina/Catamarca", "/usr/share/zoneinfo/right/America/Argentina/Cordoba", "/usr/share/zoneinfo/right/America/Argentina/Jujuy", "/usr/share/zoneinfo/right/America/Argentina/La_Rioja", "/usr/share/zoneinfo/right/America/Argentina/Mendoza", "/usr/share/zoneinfo/right/America/Argentina/Rio_Gallegos", "/usr/share/zoneinfo/right/America/Argentina/Salta", "/usr/share/zoneinfo/right/America/Argentina/San_Juan", "/usr/share/zoneinfo/right/America/Argentina/San_Luis", "/usr/share/zoneinfo/right/America/Argentina/Tucuman", "/usr/share/zoneinfo/right/America/Argentina/Ushuaia", "/usr/share/zoneinfo/right/America/Aruba", "/usr/share/zoneinfo/right/America/Asuncion", "/usr/share/zoneinfo/right/America/Atikokan", "/usr/share/zoneinfo/right/America/Bahia", "/usr/share/zoneinfo/right/America/Bahia_Banderas", "/usr/share/zoneinfo/right/America/Barbados", "/usr/share/zoneinfo/right/America/Belem", "/usr/share/zoneinfo/right/America/Belize", "/usr/share/zoneinfo/right/America/Blanc-Sablon", "/usr/share/zoneinfo/right/America/Boa_Vista", "/usr/share/zoneinfo/right/America/Bogota", "/usr/share/zoneinfo/right/America/Boise", "/usr/share/zoneinfo/right/America/Cambridge_Bay", "/usr/share/zoneinfo/right/America/Campo_Grande", "/usr/share/zoneinfo/right/America/Cancun", "/usr/share/zoneinfo/right/America/Caracas", "/usr/share/zoneinfo/right/America/Cayenne", "/usr/share/zoneinfo/right/America/Cayman", "/usr/share/zoneinfo/right/America/Chicago", "/usr/share/zoneinfo/right/America/Chihuahua", "/usr/share/zoneinfo/right/America/Ciudad_Juarez", "/usr/share/zoneinfo/right/America/Costa_Rica", "/usr/share/zoneinfo/right/America/Creston", "/usr/share/zoneinfo/right/America/Cuiaba", "/usr/share/zoneinfo/right/America/Curacao", "/usr/share/zoneinfo/right/America/Danmarkshavn", "/usr/share/zoneinfo/right/America/Dawson", "/usr/share/zoneinfo/right/America/Dawson_Creek", "/usr/share/zoneinfo/right/America/Denver", "/usr/share/zoneinfo/right/America/Detroit", "/usr/share/zoneinfo/right/America/Dominica", "/usr/share/zoneinfo/right/America/Edmonton", "/usr/share/zoneinfo/right/America/Eirunepe", "/usr/share/zoneinfo/right/America/El_Salvador", "/usr/share/zoneinfo/right/America/Fort_Nelson", "/usr/share/zoneinfo/right/America/Fortaleza", "/usr/share/zoneinfo/right/America/Glace_Bay", "/usr/share/zoneinfo/right/America/Goose_Bay", "/usr/share/zoneinfo/right/America/Grand_Turk", "/usr/share/zoneinfo/right/America/Grenada", "/usr/share/zoneinfo/right/America/Guadeloupe", "/usr/share/zoneinfo/right/America/Guatemala", "/usr/share/zoneinfo/right/America/Guayaquil", "/usr/share/zoneinfo/right/America/Guyana", "/usr/share/zoneinfo/right/America/Halifax", "/usr/share/zoneinfo/right/America/Havana", "/usr/share/zoneinfo/right/America/Hermosillo", "/usr/share/zoneinfo/right/America/Indiana/Indianapolis", "/usr/share/zoneinfo/right/America/Indiana/Knox", "/usr/share/zoneinfo/right/America/Indiana/Marengo", "/usr/share/zoneinfo/right/America/Indiana/Petersburg", "/usr/share/zoneinfo/right/America/Indiana/Tell_City", "/usr/share/zoneinfo/right/America/Indiana/Vevay", "/usr/share/zoneinfo/right/America/Indiana/Vincennes", "/usr/share/zoneinfo/right/America/Indiana/Winamac", "/usr/share/zoneinfo/right/America/Inuvik", "/usr/share/zoneinfo/right/America/Iqaluit", "/usr/share/zoneinfo/right/America/Jamaica", "/usr/share/zoneinfo/right/America/Juneau", "/usr/share/zoneinfo/right/America/Kentucky/Louisville", "/usr/share/zoneinfo/right/America/Kentucky/Monticello", "/usr/share/zoneinfo/right/America/La_Paz", "/usr/share/zoneinfo/right/America/Lima", "/usr/share/zoneinfo/right/America/Los_Angeles", "/usr/share/zoneinfo/right/America/Maceio", "/usr/share/zoneinfo/right/America/Managua", "/usr/share/zoneinfo/right/America/Manaus", "/usr/share/zoneinfo/right/America/Martinique", "/usr/share/zoneinfo/right/America/Matamoros", "/usr/share/zoneinfo/right/America/Mazatlan", "/usr/share/zoneinfo/right/America/Menominee", "/usr/share/zoneinfo/right/America/Merida", "/usr/share/zoneinfo/right/America/Metlakatla", "/usr/share/zoneinfo/right/America/Mexico_City", "/usr/share/zoneinfo/right/America/Miquelon", "/usr/share/zoneinfo/right/America/Moncton", "/usr/share/zoneinfo/right/America/Monterrey", "/usr/share/zoneinfo/right/America/Montevideo", "/usr/share/zoneinfo/right/America/Montserrat", "/usr/share/zoneinfo/right/America/Nassau", "/usr/share/zoneinfo/right/America/New_York", "/usr/share/zoneinfo/right/America/Nome", "/usr/share/zoneinfo/right/America/Noronha", "/usr/share/zoneinfo/right/America/North_Dakota/Beulah", "/usr/share/zoneinfo/right/America/North_Dakota/Center", "/usr/share/zoneinfo/right/America/North_Dakota/New_Salem", "/usr/share/zoneinfo/right/America/Nuuk", "/usr/share/zoneinfo/right/America/Ojinaga", "/usr/share/zoneinfo/right/America/Panama", "/usr/share/zoneinfo/right/America/Paramaribo", "/usr/share/zoneinfo/right/America/Phoenix", "/usr/share/zoneinfo/right/America/Port-au-Prince", "/usr/share/zoneinfo/right/America/Port_of_Spain", "/usr/share/zoneinfo/right/America/Porto_Velho", "/usr/share/zoneinfo/right/America/Puerto_Rico", "/usr/share/zoneinfo/right/America/Punta_Arenas", "/usr/share/zoneinfo/right/America/Rankin_Inlet", "/usr/share/zoneinfo/right/America/Recife", "/usr/share/zoneinfo/right/America/Regina", "/usr/share/zoneinfo/right/America/Resolute", "/usr/share/zoneinfo/right/America/Rio_Branco", "/usr/share/zoneinfo/right/America/Santarem", "/usr/share/zoneinfo/right/America/Santiago", "/usr/share/zoneinfo/right/America/Santo_Domingo", "/usr/share/zoneinfo/right/America/Sao_Paulo", "/usr/share/zoneinfo/right/America/Scoresbysund", "/usr/share/zoneinfo/right/America/Sitka", "/usr/share/zoneinfo/right/America/St_Johns", "/usr/share/zoneinfo/right/America/St_Kitts", "/usr/share/zoneinfo/right/America/St_Lucia", "/usr/share/zoneinfo/right/America/St_Thomas", "/usr/share/zoneinfo/right/America/St_Vincent", "/usr/share/zoneinfo/right/America/Swift_Current", "/usr/share/zoneinfo/right/America/Tegucigalpa", "/usr/share/zoneinfo/right/America/Thule", "/usr/share/zoneinfo/right/America/Tijuana", "/usr/share/zoneinfo/right/America/Toronto", "/usr/share/zoneinfo/right/America/Tortola", "/usr/share/zoneinfo/right/America/Vancouver", "/usr/share/zoneinfo/right/America/Whitehorse", "/usr/share/zoneinfo/right/America/Winnipeg", "/usr/share/zoneinfo/right/America/Yakutat", "/usr/share/zoneinfo/right/Antarctica/Casey", "/usr/share/zoneinfo/right/Antarctica/Davis", "/usr/share/zoneinfo/right/Antarctica/DumontDUrville", "/usr/share/zoneinfo/right/Antarctica/Macquarie", "/usr/share/zoneinfo/right/Antarctica/Mawson", "/usr/share/zoneinfo/right/Antarctica/McMurdo", "/usr/share/zoneinfo/right/Antarctica/Palmer", "/usr/share/zoneinfo/right/Antarctica/Rothera", "/usr/share/zoneinfo/right/Antarctica/Syowa", "/usr/share/zoneinfo/right/Antarctica/Troll", "/usr/share/zoneinfo/right/Antarctica/Vostok", "/usr/share/zoneinfo/right/Asia/Aden", "/usr/share/zoneinfo/right/Asia/Almaty", "/usr/share/zoneinfo/right/Asia/Amman", "/usr/share/zoneinfo/right/Asia/Anadyr", "/usr/share/zoneinfo/right/Asia/Aqtau", "/usr/share/zoneinfo/right/Asia/Aqtobe", "/usr/share/zoneinfo/right/Asia/Ashgabat", "/usr/share/zoneinfo/right/Asia/Atyrau", "/usr/share/zoneinfo/right/Asia/Baghdad", "/usr/share/zoneinfo/right/Asia/Bahrain", "/usr/share/zoneinfo/right/Asia/Baku", "/usr/share/zoneinfo/right/Asia/Bangkok", "/usr/share/zoneinfo/right/Asia/Barnaul", "/usr/share/zoneinfo/right/Asia/Beirut", "/usr/share/zoneinfo/right/Asia/Bishkek", "/usr/share/zoneinfo/right/Asia/Brunei", "/usr/share/zoneinfo/right/Asia/Chita", "/usr/share/zoneinfo/right/Asia/Colombo", "/usr/share/zoneinfo/right/Asia/Damascus", "/usr/share/zoneinfo/right/Asia/Dhaka", "/usr/share/zoneinfo/right/Asia/Dili", "/usr/share/zoneinfo/right/Asia/Dubai", "/usr/share/zoneinfo/right/Asia/Dushanbe", "/usr/share/zoneinfo/right/Asia/Famagusta", "/usr/share/zoneinfo/right/Asia/Gaza", "/usr/share/zoneinfo/right/Asia/Hebron", "/usr/share/zoneinfo/right/Asia/Ho_Chi_Minh", "/usr/share/zoneinfo/right/Asia/Hong_Kong", "/usr/share/zoneinfo/right/Asia/Hovd", "/usr/share/zoneinfo/right/Asia/Irkutsk", "/usr/share/zoneinfo/right/Asia/Jakarta", "/usr/share/zoneinfo/right/Asia/Jayapura", "/usr/share/zoneinfo/right/Asia/Jerusalem", "/usr/share/zoneinfo/right/Asia/Kabul", "/usr/share/zoneinfo/right/Asia/Kamchatka", "/usr/share/zoneinfo/right/Asia/Karachi", "/usr/share/zoneinfo/right/Asia/Kathmandu", "/usr/share/zoneinfo/right/Asia/Khandyga", "/usr/share/zoneinfo/right/Asia/Kolkata", "/usr/share/zoneinfo/right/Asia/Krasnoyarsk", "/usr/share/zoneinfo/right/Asia/Kuala_Lumpur", "/usr/share/zoneinfo/right/Asia/Kuching", "/usr/share/zoneinfo/right/Asia/Kuwait", "/usr/share/zoneinfo/right/Asia/Macau", "/usr/share/zoneinfo/right/Asia/Magadan", "/usr/share/zoneinfo/right/Asia/Makassar", "/usr/share/zoneinfo/right/Asia/Manila", "/usr/share/zoneinfo/right/Asia/Muscat", "/usr/share/zoneinfo/right/Asia/Nicosia", "/usr/share/zoneinfo/right/Asia/Novokuznetsk", "/usr/share/zoneinfo/right/Asia/Novosibirsk", "/usr/share/zoneinfo/right/Asia/Omsk", "/usr/share/zoneinfo/right/Asia/Oral", "/usr/share/zoneinfo/right/Asia/Phnom_Penh", "/usr/share/zoneinfo/right/Asia/Pontianak", "/usr/share/zoneinfo/right/Asia/Pyongyang", "/usr/share/zoneinfo/right/Asia/Qatar", "/usr/share/zoneinfo/right/Asia/Qostanay", "/usr/share/zoneinfo/right/Asia/Qyzylorda", "/usr/share/zoneinfo/right/Asia/Riyadh", "/usr/share/zoneinfo/right/Asia/Sakhalin", "/usr/share/zoneinfo/right/Asia/Samarkand", "/usr/share/zoneinfo/right/Asia/Seoul", "/usr/share/zoneinfo/right/Asia/Shanghai", "/usr/share/zoneinfo/right/Asia/Singapore", "/usr/share/zoneinfo/right/Asia/Srednekolymsk", "/usr/share/zoneinfo/right/Asia/Taipei", "/usr/share/zoneinfo/right/Asia/Tashkent", "/usr/share/zoneinfo/right/Asia/Tbilisi", "/usr/share/zoneinfo/right/Asia/Tehran", "/usr/share/zoneinfo/right/Asia/Thimphu", "/usr/share/zoneinfo/right/Asia/Tokyo", "/usr/share/zoneinfo/right/Asia/Tomsk", "/usr/share/zoneinfo/right/Asia/Ulaanbaatar", "/usr/share/zoneinfo/right/Asia/Urumqi", "/usr/share/zoneinfo/right/Asia/Ust-Nera", "/usr/share/zoneinfo/right/Asia/Vientiane", "/usr/share/zoneinfo/right/Asia/Vladivostok", "/usr/share/zoneinfo/right/Asia/Yakutsk", "/usr/share/zoneinfo/right/Asia/Yangon", "/usr/share/zoneinfo/right/Asia/Yekaterinburg", "/usr/share/zoneinfo/right/Asia/Yerevan", "/usr/share/zoneinfo/right/Atlantic/Azores", "/usr/share/zoneinfo/right/Atlantic/Bermuda", "/usr/share/zoneinfo/right/Atlantic/Canary", "/usr/share/zoneinfo/right/Atlantic/Cape_Verde", "/usr/share/zoneinfo/right/Atlantic/Faroe", "/usr/share/zoneinfo/right/Atlantic/Madeira", "/usr/share/zoneinfo/right/Atlantic/Reykjavik", "/usr/share/zoneinfo/right/Atlantic/South_Georgia", "/usr/share/zoneinfo/right/Atlantic/St_Helena", "/usr/share/zoneinfo/right/Atlantic/Stanley", "/usr/share/zoneinfo/right/Australia/Adelaide", "/usr/share/zoneinfo/right/Australia/Brisbane", "/usr/share/zoneinfo/right/Australia/Broken_Hill", "/usr/share/zoneinfo/right/Australia/Darwin", "/usr/share/zoneinfo/right/Australia/Eucla", "/usr/share/zoneinfo/right/Australia/Hobart", "/usr/share/zoneinfo/right/Australia/Lindeman", "/usr/share/zoneinfo/right/Australia/Lord_Howe", "/usr/share/zoneinfo/right/Australia/Melbourne", "/usr/share/zoneinfo/right/Australia/Perth", "/usr/share/zoneinfo/right/Australia/Sydney", "/usr/share/zoneinfo/right/CET", "/usr/share/zoneinfo/right/CST6CDT", "/usr/share/zoneinfo/right/EET", "/usr/share/zoneinfo/right/EST", "/usr/share/zoneinfo/right/EST5EDT", "/usr/share/zoneinfo/right/Etc/GMT", "/usr/share/zoneinfo/right/Etc/GMT+1", "/usr/share/zoneinfo/right/Etc/GMT+10", "/usr/share/zoneinfo/right/Etc/GMT+11", "/usr/share/zoneinfo/right/Etc/GMT+12", "/usr/share/zoneinfo/right/Etc/GMT+2", "/usr/share/zoneinfo/right/Etc/GMT+3", "/usr/share/zoneinfo/right/Etc/GMT+4", "/usr/share/zoneinfo/right/Etc/GMT+5", "/usr/share/zoneinfo/right/Etc/GMT+6", "/usr/share/zoneinfo/right/Etc/GMT+7", "/usr/share/zoneinfo/right/Etc/GMT+8", "/usr/share/zoneinfo/right/Etc/GMT+9", "/usr/share/zoneinfo/right/Etc/GMT-1", "/usr/share/zoneinfo/right/Etc/GMT-10", "/usr/share/zoneinfo/right/Etc/GMT-11", "/usr/share/zoneinfo/right/Etc/GMT-12", "/usr/share/zoneinfo/right/Etc/GMT-13", "/usr/share/zoneinfo/right/Etc/GMT-14", "/usr/share/zoneinfo/right/Etc/GMT-2", "/usr/share/zoneinfo/right/Etc/GMT-3", "/usr/share/zoneinfo/right/Etc/GMT-4", "/usr/share/zoneinfo/right/Etc/GMT-5", "/usr/share/zoneinfo/right/Etc/GMT-6", "/usr/share/zoneinfo/right/Etc/GMT-7", "/usr/share/zoneinfo/right/Etc/GMT-8", "/usr/share/zoneinfo/right/Etc/GMT-9", "/usr/share/zoneinfo/right/Etc/UTC", "/usr/share/zoneinfo/right/Europe/Amsterdam", "/usr/share/zoneinfo/right/Europe/Andorra", "/usr/share/zoneinfo/right/Europe/Astrakhan", "/usr/share/zoneinfo/right/Europe/Athens", "/usr/share/zoneinfo/right/Europe/Belgrade", "/usr/share/zoneinfo/right/Europe/Berlin", "/usr/share/zoneinfo/right/Europe/Brussels", "/usr/share/zoneinfo/right/Europe/Bucharest", "/usr/share/zoneinfo/right/Europe/Budapest", "/usr/share/zoneinfo/right/Europe/Chisinau", "/usr/share/zoneinfo/right/Europe/Copenhagen", "/usr/share/zoneinfo/right/Europe/Dublin", "/usr/share/zoneinfo/right/Europe/Gibraltar", "/usr/share/zoneinfo/right/Europe/Guernsey", "/usr/share/zoneinfo/right/Europe/Helsinki", "/usr/share/zoneinfo/right/Europe/Isle_of_Man", "/usr/share/zoneinfo/right/Europe/Istanbul", "/usr/share/zoneinfo/right/Europe/Jersey", "/usr/share/zoneinfo/right/Europe/Kaliningrad", "/usr/share/zoneinfo/right/Europe/Kirov", "/usr/share/zoneinfo/right/Europe/Kyiv", "/usr/share/zoneinfo/right/Europe/Lisbon", "/usr/share/zoneinfo/right/Europe/Ljubljana", "/usr/share/zoneinfo/right/Europe/London", "/usr/share/zoneinfo/right/Europe/Luxembourg", "/usr/share/zoneinfo/right/Europe/Madrid", "/usr/share/zoneinfo/right/Europe/Malta", "/usr/share/zoneinfo/right/Europe/Minsk", "/usr/share/zoneinfo/right/Europe/Monaco", "/usr/share/zoneinfo/right/Europe/Moscow", "/usr/share/zoneinfo/right/Europe/Oslo", "/usr/share/zoneinfo/right/Europe/Paris", "/usr/share/zoneinfo/right/Europe/Prague", "/usr/share/zoneinfo/right/Europe/Riga", "/usr/share/zoneinfo/right/Europe/Rome", "/usr/share/zoneinfo/right/Europe/Samara", "/usr/share/zoneinfo/right/Europe/Sarajevo", "/usr/share/zoneinfo/right/Europe/Saratov", "/usr/share/zoneinfo/right/Europe/Simferopol", "/usr/share/zoneinfo/right/Europe/Skopje", "/usr/share/zoneinfo/right/Europe/Sofia", "/usr/share/zoneinfo/right/Europe/Stockholm", "/usr/share/zoneinfo/right/Europe/Tallinn", "/usr/share/zoneinfo/right/Europe/Tirane", "/usr/share/zoneinfo/right/Europe/Ulyanovsk", "/usr/share/zoneinfo/right/Europe/Vaduz", "/usr/share/zoneinfo/right/Europe/Vienna", "/usr/share/zoneinfo/right/Europe/Vilnius", "/usr/share/zoneinfo/right/Europe/Volgograd", "/usr/share/zoneinfo/right/Europe/Warsaw", "/usr/share/zoneinfo/right/Europe/Zagreb", "/usr/share/zoneinfo/right/Europe/Zurich", "/usr/share/zoneinfo/right/Factory", "/usr/share/zoneinfo/right/HST", "/usr/share/zoneinfo/right/Indian/Antananarivo", "/usr/share/zoneinfo/right/Indian/Chagos", "/usr/share/zoneinfo/right/Indian/Christmas", "/usr/share/zoneinfo/right/Indian/Cocos", "/usr/share/zoneinfo/right/Indian/Comoro", "/usr/share/zoneinfo/right/Indian/Kerguelen", "/usr/share/zoneinfo/right/Indian/Mahe", "/usr/share/zoneinfo/right/Indian/Maldives", "/usr/share/zoneinfo/right/Indian/Mauritius", "/usr/share/zoneinfo/right/Indian/Mayotte", "/usr/share/zoneinfo/right/Indian/Reunion", "/usr/share/zoneinfo/right/MET", "/usr/share/zoneinfo/right/MST", "/usr/share/zoneinfo/right/MST7MDT", "/usr/share/zoneinfo/right/PST8PDT", "/usr/share/zoneinfo/right/Pacific/Apia", "/usr/share/zoneinfo/right/Pacific/Auckland", "/usr/share/zoneinfo/right/Pacific/Bougainville", "/usr/share/zoneinfo/right/Pacific/Chatham", "/usr/share/zoneinfo/right/Pacific/Chuuk", "/usr/share/zoneinfo/right/Pacific/Easter", "/usr/share/zoneinfo/right/Pacific/Efate", "/usr/share/zoneinfo/right/Pacific/Fakaofo", "/usr/share/zoneinfo/right/Pacific/Fiji", "/usr/share/zoneinfo/right/Pacific/Funafuti", "/usr/share/zoneinfo/right/Pacific/Galapagos", "/usr/share/zoneinfo/right/Pacific/Gambier", "/usr/share/zoneinfo/right/Pacific/Guadalcanal", "/usr/share/zoneinfo/right/Pacific/Guam", "/usr/share/zoneinfo/right/Pacific/Honolulu", "/usr/share/zoneinfo/right/Pacific/Kanton", "/usr/share/zoneinfo/right/Pacific/Kiritimati", "/usr/share/zoneinfo/right/Pacific/Kosrae", "/usr/share/zoneinfo/right/Pacific/Kwajalein", "/usr/share/zoneinfo/right/Pacific/Majuro", "/usr/share/zoneinfo/right/Pacific/Marquesas", "/usr/share/zoneinfo/right/Pacific/Midway", "/usr/share/zoneinfo/right/Pacific/Nauru", "/usr/share/zoneinfo/right/Pacific/Niue", "/usr/share/zoneinfo/right/Pacific/Norfolk", "/usr/share/zoneinfo/right/Pacific/Noumea", "/usr/share/zoneinfo/right/Pacific/Pago_Pago", "/usr/share/zoneinfo/right/Pacific/Palau", "/usr/share/zoneinfo/right/Pacific/Pitcairn", "/usr/share/zoneinfo/right/Pacific/Pohnpei", "/usr/share/zoneinfo/right/Pacific/Port_Moresby", "/usr/share/zoneinfo/right/Pacific/Rarotonga", "/usr/share/zoneinfo/right/Pacific/Saipan", "/usr/share/zoneinfo/right/Pacific/Tahiti", "/usr/share/zoneinfo/right/Pacific/Tarawa", "/usr/share/zoneinfo/right/Pacific/Tongatapu", "/usr/share/zoneinfo/right/Pacific/Wake", "/usr/share/zoneinfo/right/Pacific/Wallis", "/usr/share/zoneinfo/right/WET", "/usr/share/zoneinfo/tzdata.zi", "/usr/share/zoneinfo/zone.tab", "/usr/share/zoneinfo/zone1970.tab" ], "AnalyzedBy": "dpkg" } ] }, { "Target": "controller", "Class": "lang-pkgs", "Type": "gobinary", "Packages": [ { "ID": "go.universe.tf/metallb", "Name": "go.universe.tf/metallb", "Identifier": { "PURL": "pkg:golang/go.universe.tf/metallb", "UID": "c213d92d7ee1c4da" }, "Relationship": "root", "DependsOn": [ "github.com/beorn7/perks@v1.0.1", "github.com/cespare/xxhash/v2@v2.3.0", "github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", "github.com/emicklei/go-restful/v3@v3.12.1", "github.com/evanphx/json-patch/v5@v5.9.0", "github.com/fxamacker/cbor/v2@v2.7.0", "github.com/go-kit/log@v0.2.1", "github.com/go-logfmt/logfmt@v0.5.1", "github.com/go-logr/logr@v1.4.2", "github.com/go-logr/zapr@v1.3.0", "github.com/go-openapi/jsonpointer@v0.21.0", "github.com/go-openapi/jsonreference@v0.21.0", "github.com/go-openapi/swag@v0.23.0", "github.com/gogo/protobuf@v1.3.2", "github.com/golang/groupcache@v0.0.0-20210331224755-41bb18bfe9da", "github.com/golang/protobuf@v1.5.4", "github.com/google/gnostic-models@v0.6.8", "github.com/google/go-cmp@v0.6.0", "github.com/google/gofuzz@v1.2.0", "github.com/google/uuid@v1.6.0", "github.com/imdario/mergo@v0.3.16", "github.com/josharian/intern@v1.0.0", "github.com/josharian/native@v1.0.0", "github.com/json-iterator/go@v1.1.12", "github.com/mailru/easyjson@v0.7.7", "github.com/mdlayher/arp@v0.0.0-20220221190821-c37aaafac7f9", "github.com/mdlayher/ethernet@v0.0.0-20220221185849-529eae5b6118", "github.com/mdlayher/ndp@v0.0.0-20200602162440-17ab9e3e5567", "github.com/mdlayher/packet@v1.0.0", "github.com/mdlayher/socket@v0.2.1", "github.com/metallb/frr-k8s@v0.0.16", "github.com/mikioh/ipaddr@v0.0.0-20190404000644-d465c8ab6721", "github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", "github.com/modern-go/reflect2@v1.0.2", "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", "github.com/open-policy-agent/cert-controller@v0.10.2-0.20240531181455-2649f121ab97", "github.com/pkg/errors@v0.9.1", "github.com/prometheus/client_golang@v1.19.1", "github.com/prometheus/client_model@v0.6.1", "github.com/prometheus/common@v0.55.0", "github.com/prometheus/procfs@v0.15.1", "github.com/spf13/cobra@v1.8.1", "github.com/spf13/pflag@v1.0.5", "github.com/x448/float16@v0.8.4", "gitlab.com/golang-commonmark/puny@v0.0.0-20191124015043-9f83538fa04f", "go.uber.org/atomic@v1.11.0", "go.uber.org/multierr@v1.11.0", "go.uber.org/zap@v1.27.0", "golang.org/x/exp@v0.0.0-20240719175910-8a7402abbf56", "golang.org/x/net@v0.30.0", "golang.org/x/oauth2@v0.21.0", "golang.org/x/sync@v0.8.0", "golang.org/x/sys@v0.26.0", "golang.org/x/term@v0.25.0", "golang.org/x/text@v0.19.0", "golang.org/x/time@v0.5.0", "gomodules.xyz/jsonpatch/v2@v2.4.0", "google.golang.org/protobuf@v1.35.1", "gopkg.in/inf.v0@v0.9.1", "gopkg.in/yaml.v2@v2.4.0", "gopkg.in/yaml.v3@v3.0.1", "k8s.io/api@v0.31.4", "k8s.io/apiextensions-apiserver@v0.31.1", "k8s.io/apimachinery@v0.31.4", "k8s.io/client-go@v0.31.4", "k8s.io/component-base@v0.31.1", "k8s.io/klog/v2@v2.130.1", "k8s.io/klog@v1.0.0", "k8s.io/kube-openapi@v0.0.0-20240521193020-835d969ad83a", "k8s.io/utils@v0.0.0-20240711033017-18e509b52bc8", "sigs.k8s.io/controller-runtime@v0.19.3", "sigs.k8s.io/json@v0.0.0-20221116044647-bc3834ca7abd", "sigs.k8s.io/structured-merge-diff/v4@v4.4.1", "sigs.k8s.io/yaml@v1.4.0", "stdlib@v1.22.7" ], "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "stdlib@v1.22.7", "Name": "stdlib", "Identifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "f2a7af45e0298ef8" }, "Version": "v1.22.7", "Relationship": "direct", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/beorn7/perks@v1.0.1", "Name": "github.com/beorn7/perks", "Identifier": { "PURL": "pkg:golang/github.com/beorn7/perks@v1.0.1", "UID": "bddcf7fc11e5c617" }, "Version": "v1.0.1", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cespare/xxhash/v2@v2.3.0", "Name": "github.com/cespare/xxhash/v2", "Identifier": { "PURL": "pkg:golang/github.com/cespare/xxhash/v2@v2.3.0", "UID": "438c9e9a157ba34a" }, "Version": "v2.3.0", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", "Name": "github.com/davecgh/go-spew", "Identifier": { "PURL": "pkg:golang/github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", "UID": "2ed539be93452137" }, "Version": "v1.1.2-0.20180830191138-d8f796af33cc", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/emicklei/go-restful/v3@v3.12.1", "Name": "github.com/emicklei/go-restful/v3", "Identifier": { "PURL": "pkg:golang/github.com/emicklei/go-restful/v3@v3.12.1", "UID": "a723a91a1cb5cfe6" }, "Version": "v3.12.1", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/evanphx/json-patch/v5@v5.9.0", "Name": "github.com/evanphx/json-patch/v5", "Identifier": { "PURL": "pkg:golang/github.com/evanphx/json-patch/v5@v5.9.0", "UID": "6567d0ce2e7af9c1" }, "Version": "v5.9.0", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/fxamacker/cbor/v2@v2.7.0", "Name": "github.com/fxamacker/cbor/v2", "Identifier": { "PURL": "pkg:golang/github.com/fxamacker/cbor/v2@v2.7.0", "UID": "8fd30b172bd01e8f" }, "Version": "v2.7.0", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-kit/log@v0.2.1", "Name": "github.com/go-kit/log", "Identifier": { "PURL": "pkg:golang/github.com/go-kit/log@v0.2.1", "UID": "a2b35f36c11398a2" }, "Version": "v0.2.1", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-logfmt/logfmt@v0.5.1", "Name": "github.com/go-logfmt/logfmt", "Identifier": { "PURL": "pkg:golang/github.com/go-logfmt/logfmt@v0.5.1", "UID": "4e02bf0f2b4916d5" }, "Version": "v0.5.1", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-logr/logr@v1.4.2", "Name": "github.com/go-logr/logr", "Identifier": { "PURL": "pkg:golang/github.com/go-logr/logr@v1.4.2", "UID": "312281a1a9e1a80d" }, "Version": "v1.4.2", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-logr/zapr@v1.3.0", "Name": "github.com/go-logr/zapr", "Identifier": { "PURL": "pkg:golang/github.com/go-logr/zapr@v1.3.0", "UID": "430933dd7d57c2e7" }, "Version": "v1.3.0", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/jsonpointer@v0.21.0", "Name": "github.com/go-openapi/jsonpointer", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/jsonpointer@v0.21.0", "UID": "7088877701e52f31" }, "Version": "v0.21.0", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/jsonreference@v0.21.0", "Name": "github.com/go-openapi/jsonreference", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/jsonreference@v0.21.0", "UID": "4c243a6071264bd" }, "Version": "v0.21.0", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag@v0.23.0", "Name": "github.com/go-openapi/swag", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag@v0.23.0", "UID": "52acd7b3ddee9cb8" }, "Version": "v0.23.0", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/gogo/protobuf@v1.3.2", "Name": "github.com/gogo/protobuf", "Identifier": { "PURL": "pkg:golang/github.com/gogo/protobuf@v1.3.2", "UID": "216cdabccf04c9cb" }, "Version": "v1.3.2", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/golang/groupcache@v0.0.0-20210331224755-41bb18bfe9da", "Name": "github.com/golang/groupcache", "Identifier": { "PURL": "pkg:golang/github.com/golang/groupcache@v0.0.0-20210331224755-41bb18bfe9da", "UID": "b486c01031fc33fb" }, "Version": "v0.0.0-20210331224755-41bb18bfe9da", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/golang/protobuf@v1.5.4", "Name": "github.com/golang/protobuf", "Identifier": { "PURL": "pkg:golang/github.com/golang/protobuf@v1.5.4", "UID": "cf802ee8a0d4d15" }, "Version": "v1.5.4", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/gnostic-models@v0.6.8", "Name": "github.com/google/gnostic-models", "Identifier": { "PURL": "pkg:golang/github.com/google/gnostic-models@v0.6.8", "UID": "47ed0c28c217af89" }, "Version": "v0.6.8", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/go-cmp@v0.6.0", "Name": "github.com/google/go-cmp", "Identifier": { "PURL": "pkg:golang/github.com/google/go-cmp@v0.6.0", "UID": "f9e92733e87f325b" }, "Version": "v0.6.0", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/gofuzz@v1.2.0", "Name": "github.com/google/gofuzz", "Identifier": { "PURL": "pkg:golang/github.com/google/gofuzz@v1.2.0", "UID": "d93d18636090baec" }, "Version": "v1.2.0", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/uuid@v1.6.0", "Name": "github.com/google/uuid", "Identifier": { "PURL": "pkg:golang/github.com/google/uuid@v1.6.0", "UID": "efde5cbfc152502d" }, "Version": "v1.6.0", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/imdario/mergo@v0.3.16", "Name": "github.com/imdario/mergo", "Identifier": { "PURL": "pkg:golang/github.com/imdario/mergo@v0.3.16", "UID": "f477c87e5ba162d7" }, "Version": "v0.3.16", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/josharian/intern@v1.0.0", "Name": "github.com/josharian/intern", "Identifier": { "PURL": "pkg:golang/github.com/josharian/intern@v1.0.0", "UID": "cf8c0a1d438eae17" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/josharian/native@v1.0.0", "Name": "github.com/josharian/native", "Identifier": { "PURL": "pkg:golang/github.com/josharian/native@v1.0.0", "UID": "b9484e23c269800" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/json-iterator/go@v1.1.12", "Name": "github.com/json-iterator/go", "Identifier": { "PURL": "pkg:golang/github.com/json-iterator/go@v1.1.12", "UID": "328615ab1c67ec77" }, "Version": "v1.1.12", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mailru/easyjson@v0.7.7", "Name": "github.com/mailru/easyjson", "Identifier": { "PURL": "pkg:golang/github.com/mailru/easyjson@v0.7.7", "UID": "ba58a96c69c9f44f" }, "Version": "v0.7.7", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mdlayher/arp@v0.0.0-20220221190821-c37aaafac7f9", "Name": "github.com/mdlayher/arp", "Identifier": { "PURL": "pkg:golang/github.com/mdlayher/arp@v0.0.0-20220221190821-c37aaafac7f9", "UID": "3785a5694c42578b" }, "Version": "v0.0.0-20220221190821-c37aaafac7f9", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mdlayher/ethernet@v0.0.0-20220221185849-529eae5b6118", "Name": "github.com/mdlayher/ethernet", "Identifier": { "PURL": "pkg:golang/github.com/mdlayher/ethernet@v0.0.0-20220221185849-529eae5b6118", "UID": "7743b83e9a86abca" }, "Version": "v0.0.0-20220221185849-529eae5b6118", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mdlayher/ndp@v0.0.0-20200602162440-17ab9e3e5567", "Name": "github.com/mdlayher/ndp", "Identifier": { "PURL": "pkg:golang/github.com/mdlayher/ndp@v0.0.0-20200602162440-17ab9e3e5567", "UID": "7ba75f1f11551361" }, "Version": "v0.0.0-20200602162440-17ab9e3e5567", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mdlayher/packet@v1.0.0", "Name": "github.com/mdlayher/packet", "Identifier": { "PURL": "pkg:golang/github.com/mdlayher/packet@v1.0.0", "UID": "e92c571008c966a0" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mdlayher/socket@v0.2.1", "Name": "github.com/mdlayher/socket", "Identifier": { "PURL": "pkg:golang/github.com/mdlayher/socket@v0.2.1", "UID": "e0eb3dae1a3bb69d" }, "Version": "v0.2.1", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/metallb/frr-k8s@v0.0.16", "Name": "github.com/metallb/frr-k8s", "Identifier": { "PURL": "pkg:golang/github.com/metallb/frr-k8s@v0.0.16", "UID": "f62e37404d8b0155" }, "Version": "v0.0.16", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mikioh/ipaddr@v0.0.0-20190404000644-d465c8ab6721", "Name": "github.com/mikioh/ipaddr", "Identifier": { "PURL": "pkg:golang/github.com/mikioh/ipaddr@v0.0.0-20190404000644-d465c8ab6721", "UID": "dd3eed0c8bf269bf" }, "Version": "v0.0.0-20190404000644-d465c8ab6721", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", "Name": "github.com/modern-go/concurrent", "Identifier": { "PURL": "pkg:golang/github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", "UID": "b7e9b13b91ad0959" }, "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/modern-go/reflect2@v1.0.2", "Name": "github.com/modern-go/reflect2", "Identifier": { "PURL": "pkg:golang/github.com/modern-go/reflect2@v1.0.2", "UID": "d5f1d5020eb9f015" }, "Version": "v1.0.2", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", "Name": "github.com/munnerz/goautoneg", "Identifier": { "PURL": "pkg:golang/github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", "UID": "9a470f7d8f6131c3" }, "Version": "v0.0.0-20191010083416-a7dc8b61c822", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/open-policy-agent/cert-controller@v0.10.2-0.20240531181455-2649f121ab97", "Name": "github.com/open-policy-agent/cert-controller", "Identifier": { "PURL": "pkg:golang/github.com/open-policy-agent/cert-controller@v0.10.2-0.20240531181455-2649f121ab97", "UID": "9976ce91e13ef91" }, "Version": "v0.10.2-0.20240531181455-2649f121ab97", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/pkg/errors@v0.9.1", "Name": "github.com/pkg/errors", "Identifier": { "PURL": "pkg:golang/github.com/pkg/errors@v0.9.1", "UID": "19b18e1a20203079" }, "Version": "v0.9.1", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/client_golang@v1.19.1", "Name": "github.com/prometheus/client_golang", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/client_golang@v1.19.1", "UID": "505a7ec0e698a08f" }, "Version": "v1.19.1", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/client_model@v0.6.1", "Name": "github.com/prometheus/client_model", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/client_model@v0.6.1", "UID": "8f65b5e3d148b78d" }, "Version": "v0.6.1", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/common@v0.55.0", "Name": "github.com/prometheus/common", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/common@v0.55.0", "UID": "45bacc82e1cd33a2" }, "Version": "v0.55.0", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/procfs@v0.15.1", "Name": "github.com/prometheus/procfs", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/procfs@v0.15.1", "UID": "3caf0d809193fb8e" }, "Version": "v0.15.1", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/spf13/cobra@v1.8.1", "Name": "github.com/spf13/cobra", "Identifier": { "PURL": "pkg:golang/github.com/spf13/cobra@v1.8.1", "UID": "cb0a3e0b91bf14a" }, "Version": "v1.8.1", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/spf13/pflag@v1.0.5", "Name": "github.com/spf13/pflag", "Identifier": { "PURL": "pkg:golang/github.com/spf13/pflag@v1.0.5", "UID": "2d4d631cc5330e77" }, "Version": "v1.0.5", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/x448/float16@v0.8.4", "Name": "github.com/x448/float16", "Identifier": { "PURL": "pkg:golang/github.com/x448/float16@v0.8.4", "UID": "5729d5b5603ea8bd" }, "Version": "v0.8.4", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "gitlab.com/golang-commonmark/puny@v0.0.0-20191124015043-9f83538fa04f", "Name": "gitlab.com/golang-commonmark/puny", "Identifier": { "PURL": "pkg:golang/gitlab.com/golang-commonmark/puny@v0.0.0-20191124015043-9f83538fa04f", "UID": "b8206212ec42d026" }, "Version": "v0.0.0-20191124015043-9f83538fa04f", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "go.uber.org/atomic@v1.11.0", "Name": "go.uber.org/atomic", "Identifier": { "PURL": "pkg:golang/go.uber.org/atomic@v1.11.0", "UID": "d09a11982346735a" }, "Version": "v1.11.0", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "go.uber.org/multierr@v1.11.0", "Name": "go.uber.org/multierr", "Identifier": { "PURL": "pkg:golang/go.uber.org/multierr@v1.11.0", "UID": "7f45b0ec2bd7622f" }, "Version": "v1.11.0", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "go.uber.org/zap@v1.27.0", "Name": "go.uber.org/zap", "Identifier": { "PURL": "pkg:golang/go.uber.org/zap@v1.27.0", "UID": "59da15f7e06d6bc9" }, "Version": "v1.27.0", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/exp@v0.0.0-20240719175910-8a7402abbf56", "Name": "golang.org/x/exp", "Identifier": { "PURL": "pkg:golang/golang.org/x/exp@v0.0.0-20240719175910-8a7402abbf56", "UID": "766f8922ae3f249d" }, "Version": "v0.0.0-20240719175910-8a7402abbf56", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/net@v0.30.0", "Name": "golang.org/x/net", "Identifier": { "PURL": "pkg:golang/golang.org/x/net@v0.30.0", "UID": "afcba994f63fb6d9" }, "Version": "v0.30.0", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/oauth2@v0.21.0", "Name": "golang.org/x/oauth2", "Identifier": { "PURL": "pkg:golang/golang.org/x/oauth2@v0.21.0", "UID": "30e8fcf9a19a8b7a" }, "Version": "v0.21.0", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/sync@v0.8.0", "Name": "golang.org/x/sync", "Identifier": { "PURL": "pkg:golang/golang.org/x/sync@v0.8.0", "UID": "364c79b42efca8e2" }, "Version": "v0.8.0", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/sys@v0.26.0", "Name": "golang.org/x/sys", "Identifier": { "PURL": "pkg:golang/golang.org/x/sys@v0.26.0", "UID": "e1b75f4d5f856abe" }, "Version": "v0.26.0", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/term@v0.25.0", "Name": "golang.org/x/term", "Identifier": { "PURL": "pkg:golang/golang.org/x/term@v0.25.0", "UID": "50b9b02b0448dec1" }, "Version": "v0.25.0", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/text@v0.19.0", "Name": "golang.org/x/text", "Identifier": { "PURL": "pkg:golang/golang.org/x/text@v0.19.0", "UID": "e7af3d6fc794a64c" }, "Version": "v0.19.0", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/time@v0.5.0", "Name": "golang.org/x/time", "Identifier": { "PURL": "pkg:golang/golang.org/x/time@v0.5.0", "UID": "abbbadf5b3426b6f" }, "Version": "v0.5.0", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "gomodules.xyz/jsonpatch/v2@v2.4.0", "Name": "gomodules.xyz/jsonpatch/v2", "Identifier": { "PURL": "pkg:golang/gomodules.xyz/jsonpatch/v2@v2.4.0", "UID": "738b2eb595513cdd" }, "Version": "v2.4.0", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/protobuf@v1.35.1", "Name": "google.golang.org/protobuf", "Identifier": { "PURL": "pkg:golang/google.golang.org/protobuf@v1.35.1", "UID": "e9ea71bf9c18f4d" }, "Version": "v1.35.1", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/inf.v0@v0.9.1", "Name": "gopkg.in/inf.v0", "Identifier": { "PURL": "pkg:golang/gopkg.in/inf.v0@v0.9.1", "UID": "8008636432339b55" }, "Version": "v0.9.1", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/yaml.v2@v2.4.0", "Name": "gopkg.in/yaml.v2", "Identifier": { "PURL": "pkg:golang/gopkg.in/yaml.v2@v2.4.0", "UID": "c9317eb7da959db3" }, "Version": "v2.4.0", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/yaml.v3@v3.0.1", "Name": "gopkg.in/yaml.v3", "Identifier": { "PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1", "UID": "94192ecb51bbe29f" }, "Version": "v3.0.1", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/api@v0.31.4", "Name": "k8s.io/api", "Identifier": { "PURL": "pkg:golang/k8s.io/api@v0.31.4", "UID": "7c203e280f511b77" }, "Version": "v0.31.4", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/apiextensions-apiserver@v0.31.1", "Name": "k8s.io/apiextensions-apiserver", "Identifier": { "PURL": "pkg:golang/k8s.io/apiextensions-apiserver@v0.31.1", "UID": "96d08d349fcc9a7c" }, "Version": "v0.31.1", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/apimachinery@v0.31.4", "Name": "k8s.io/apimachinery", "Identifier": { "PURL": "pkg:golang/k8s.io/apimachinery@v0.31.4", "UID": "1dd982a7cd06ca81" }, "Version": "v0.31.4", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/client-go@v0.31.4", "Name": "k8s.io/client-go", "Identifier": { "PURL": "pkg:golang/k8s.io/client-go@v0.31.4", "UID": "6147f4585dfa340a" }, "Version": "v0.31.4", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/component-base@v0.31.1", "Name": "k8s.io/component-base", "Identifier": { "PURL": "pkg:golang/k8s.io/component-base@v0.31.1", "UID": "159c2400caec34f" }, "Version": "v0.31.1", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/klog@v1.0.0", "Name": "k8s.io/klog", "Identifier": { "PURL": "pkg:golang/k8s.io/klog@v1.0.0", "UID": "2f9aa61a553ce6df" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/klog/v2@v2.130.1", "Name": "k8s.io/klog/v2", "Identifier": { "PURL": "pkg:golang/k8s.io/klog/v2@v2.130.1", "UID": "f9c8218bb95277af" }, "Version": "v2.130.1", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/kube-openapi@v0.0.0-20240521193020-835d969ad83a", "Name": "k8s.io/kube-openapi", "Identifier": { "PURL": "pkg:golang/k8s.io/kube-openapi@v0.0.0-20240521193020-835d969ad83a", "UID": "219d943ed8d38e22" }, "Version": "v0.0.0-20240521193020-835d969ad83a", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/utils@v0.0.0-20240711033017-18e509b52bc8", "Name": "k8s.io/utils", "Identifier": { "PURL": "pkg:golang/k8s.io/utils@v0.0.0-20240711033017-18e509b52bc8", "UID": "64d4e668f17a9cb0" }, "Version": "v0.0.0-20240711033017-18e509b52bc8", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/controller-runtime@v0.19.3", "Name": "sigs.k8s.io/controller-runtime", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/controller-runtime@v0.19.3", "UID": "f556f89018e0e5d2" }, "Version": "v0.19.3", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/json@v0.0.0-20221116044647-bc3834ca7abd", "Name": "sigs.k8s.io/json", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/json@v0.0.0-20221116044647-bc3834ca7abd", "UID": "bd59334a9d4019cc" }, "Version": "v0.0.0-20221116044647-bc3834ca7abd", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/structured-merge-diff/v4@v4.4.1", "Name": "sigs.k8s.io/structured-merge-diff/v4", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/structured-merge-diff/v4@v4.4.1", "UID": "fcea4e350432eee8" }, "Version": "v4.4.1", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/yaml@v1.4.0", "Name": "sigs.k8s.io/yaml", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/yaml@v1.4.0", "UID": "e34ff5537a0abe4d" }, "Version": "v1.4.0", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "AnalyzedBy": "gobinary" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2025-22870", "VendorIDs": [ "GHSA-qxp5-gwg8-xv66" ], "PkgID": "golang.org/x/net@v0.30.0", "PkgName": "golang.org/x/net", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/net@v0.30.0", "UID": "afcba994f63fb6d9" }, "InstalledVersion": "v0.30.0", "FixedVersion": "0.36.0", "Status": "fixed", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:3d03061ab6a168946c5ae79b6f0bbb2742df49e2c9bba22b013550c1148472bd", "Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", "Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.", "Severity": "MEDIUM", "CweIDs": [ "CWE-115" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/03/07/2", "https://access.redhat.com/security/cve/CVE-2025-22870", "https://github.com/golang/go/issues/71984", "https://go-review.googlesource.com/q/project:net", "https://go.dev/cl/654697", "https://go.dev/issue/71984", "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", "https://nvd.nist.gov/vuln/detail/CVE-2025-22870", "https://pkg.go.dev/vuln/GO-2025-3503", "https://security.netapp.com/advisory/ntap-20250509-0007", "https://security.netapp.com/advisory/ntap-20250509-0007/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-22870" ], "PublishedDate": "2025-03-12T19:15:38.31Z", "LastModifiedDate": "2026-04-16T23:16:32.86Z" }, { "VulnerabilityID": "CVE-2025-22872", "VendorIDs": [ "GHSA-vvgc-356p-c3xw" ], "PkgID": "golang.org/x/net@v0.30.0", "PkgName": "golang.org/x/net", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/net@v0.30.0", "UID": "afcba994f63fb6d9" }, "InstalledVersion": "v0.30.0", "FixedVersion": "0.38.0", "Status": "fixed", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22872", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:d82e1312d73bbb2f9b509305454a7191377cb5db519e0865a031fa4325dc55d4", "Title": "golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net", "Description": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N", "V40Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22872", "https://github.com/TheDegenerateDev5150/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9", "https://github.com/advisories/GHSA-vvgc-356p-c3xw", "https://go.dev/cl/662715", "https://go.dev/issue/73070", "https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA", "https://nvd.nist.gov/vuln/detail/CVE-2025-22872", "https://pkg.go.dev/vuln/GO-2025-3595", "https://security.netapp.com/advisory/ntap-20250516-0007", "https://security.netapp.com/advisory/ntap-20250516-0007/", "https://ubuntu.com/security/notices/USN-8089-1", "https://ubuntu.com/security/notices/USN-8089-2", "https://ubuntu.com/security/notices/USN-8089-3", "https://www.cve.org/CVERecord?id=CVE-2025-22872" ], "PublishedDate": "2025-04-16T18:16:04.183Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-22868", "VendorIDs": [ "GHSA-6v2p-p543-phr9" ], "PkgID": "golang.org/x/oauth2@v0.21.0", "PkgName": "golang.org/x/oauth2", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/oauth2@v0.21.0", "UID": "30e8fcf9a19a8b7a" }, "InstalledVersion": "v0.21.0", "FixedVersion": "0.27.0", "Status": "fixed", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22868", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:fb830f569a9d4a68690c89e64295b98b3d2a30d39c2b6cb7eaf8e645a5baf829", "Title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws", "Description": "An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.", "Severity": "HIGH", "CweIDs": [ "CWE-1286" ], "VendorSeverity": { "amazon": 3, "azure": 3, "cbl-mariner": 3, "ghsa": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22868", "https://bugzilla.redhat.com/show_bug.cgi?id=2347423", "https://bugzilla.redhat.com/show_bug.cgi?id=2348366", "https://bugzilla.redhat.com/show_bug.cgi?id=2352914", "https://bugzilla.redhat.com/show_bug.cgi?id=2354195", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22868", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27144", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30204", "https://errata.rockylinux.org/RLSA-2025:7479", "https://go.dev/cl/652155", "https://go.dev/issue/71490", "https://nvd.nist.gov/vuln/detail/CVE-2025-22868", "https://pkg.go.dev/vuln/GO-2025-3488", "https://www.cve.org/CVERecord?id=CVE-2025-22868" ], "PublishedDate": "2025-02-26T08:14:24.897Z", "LastModifiedDate": "2025-05-01T19:27:10.43Z" }, { "VulnerabilityID": "CVE-2025-68121", "VendorIDs": [ "GO-2026-4337" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "f2a7af45e0298ef8" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3", "Status": "fixed", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68121", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:44874c165127142a9563ed39acded8849fecfb1251f8781cfccde469ae734e23", "Title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption", "Description": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.", "Severity": "CRITICAL", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 4, "cbl-mariner": 2, "nvd": 4, "oracle-oval": 3, "photon": 4, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "V3Score": 10 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "V3Score": 10 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4177", "https://access.redhat.com/security/cve/CVE-2025-68121", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-4177.html", "https://errata.rockylinux.org/RLSA-2026:4177", "https://github.com/golang/go/issues/77113", "https://go.dev/cl/737700", "https://go.dev/issue/77217", "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-68121.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-68121", "https://pkg.go.dev/vuln/GO-2026-4337", "https://www.cve.org/CVERecord?id=CVE-2025-68121" ], "PublishedDate": "2026-02-05T18:16:10.857Z", "LastModifiedDate": "2026-04-29T14:16:16.17Z" }, { "VulnerabilityID": "CVE-2025-61726", "VendorIDs": [ "GO-2026-4341" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "f2a7af45e0298ef8" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61726", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:6848bd773f19c242574ec4b8a9f82ea897b0618c244501364728087164bdf973", "Title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url", "Description": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 3, "cbl-mariner": 2, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4177", "https://access.redhat.com/security/cve/CVE-2025-61726", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-4177.html", "https://errata.rockylinux.org/RLSA-2026:4177", "https://go.dev/cl/736712", "https://go.dev/issue/77101", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-61726.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61726", "https://pkg.go.dev/vuln/GO-2026-4341", "https://www.cve.org/CVERecord?id=CVE-2025-61726" ], "PublishedDate": "2026-01-28T20:16:09.713Z", "LastModifiedDate": "2026-02-06T18:47:34.52Z" }, { "VulnerabilityID": "CVE-2025-61729", "VendorIDs": [ "GO-2025-4155" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "f2a7af45e0298ef8" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.11, 1.25.5", "Status": "fixed", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61729", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:1a85c2eb1cb44d559504d8c535d523e37b6071b8f22293f3167d68b858cdcea8", "Title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate", "Description": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 1, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:3928", "https://access.redhat.com/security/cve/CVE-2025-61729", "https://bugzilla.redhat.com/2418462", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-3928.html", "https://errata.rockylinux.org/RLSA-2026:3928", "https://go.dev/cl/725920", "https://go.dev/issue/76445", "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "https://linux.oracle.com/cve/CVE-2025-61729.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61729", "https://pkg.go.dev/vuln/GO-2025-4155", "https://www.cve.org/CVERecord?id=CVE-2025-61729" ], "PublishedDate": "2025-12-02T19:15:51.447Z", "LastModifiedDate": "2025-12-19T18:25:28.283Z" }, { "VulnerabilityID": "CVE-2026-25679", "VendorIDs": [ "GO-2026-4601" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "f2a7af45e0298ef8" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.8, 1.26.1", "Status": "fixed", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25679", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:e65ff3102ea7772289a8c9eaf19e905245f2eebf0cc29325f1192334c8bb3196", "Title": "net/url: Incorrect parsing of IPv6 host literals in net/url", "Description": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.", "Severity": "HIGH", "CweIDs": [ "CWE-425" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:9044", "https://access.redhat.com/security/cve/CVE-2026-25679", "https://bugzilla.redhat.com/2445356", "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", "https://errata.almalinux.org/9/ALSA-2026-9044.html", "https://errata.rockylinux.org/RLSA-2026:8841", "https://go.dev/cl/752180", "https://go.dev/issue/77578", "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "https://linux.oracle.com/cve/CVE-2026-25679.html", "https://linux.oracle.com/errata/ELSA-2026-9044.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", "https://pkg.go.dev/vuln/GO-2026-4601", "https://www.cve.org/CVERecord?id=CVE-2026-25679" ], "PublishedDate": "2026-03-06T22:16:00.72Z", "LastModifiedDate": "2026-04-21T14:43:03.8Z" }, { "VulnerabilityID": "CVE-2026-32280", "VendorIDs": [ "GO-2026-4947" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "f2a7af45e0298ef8" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:1b5bf188341737be84d76aedfdc22dc659709abab7874a7fa7b4ea1f1c404d37", "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32280", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/758320", "https://go.dev/issue/78282", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32280.html", "https://linux.oracle.com/errata/ELSA-2026-16875.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", "https://pkg.go.dev/vuln/GO-2026-4947", "https://www.cve.org/CVERecord?id=CVE-2026-32280" ], "PublishedDate": "2026-04-08T02:16:03.247Z", "LastModifiedDate": "2026-04-16T19:16:42.18Z" }, { "VulnerabilityID": "CVE-2026-32281", "VendorIDs": [ "GO-2026-4946" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "f2a7af45e0298ef8" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:531b05b13b2df3f8a140b693bea5825bf1a5ec183c6ec3bff8ef1a51c1277991", "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32281", "https://go.dev/cl/758061", "https://go.dev/issue/78281", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", "https://pkg.go.dev/vuln/GO-2026-4946", "https://www.cve.org/CVERecord?id=CVE-2026-32281" ], "PublishedDate": "2026-04-08T02:16:03.35Z", "LastModifiedDate": "2026-04-16T19:15:57.75Z" }, { "VulnerabilityID": "CVE-2026-32283", "VendorIDs": [ "GO-2026-4870" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "f2a7af45e0298ef8" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:9c15b9770978ef8e88af2d5a901442edca2f9b369cedfc5558d52074e52f3cf2", "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "nvd": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32283", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763767", "https://go.dev/issue/78334", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32283.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", "https://pkg.go.dev/vuln/GO-2026-4870", "https://www.cve.org/CVERecord?id=CVE-2026-32283" ], "PublishedDate": "2026-04-08T02:16:03.58Z", "LastModifiedDate": "2026-04-16T19:12:10.54Z" }, { "VulnerabilityID": "CVE-2026-33811", "VendorIDs": [ "GO-2026-4981" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "f2a7af45e0298ef8" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:4fbee526305f5a6dfe611313c9cb0bdd43baeb01d36a307b182934f9485e40f1", "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", "Severity": "HIGH", "CweIDs": [ "CWE-415" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/767860", "https://go.dev/issue/78803", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", "https://pkg.go.dev/vuln/GO-2026-4981" ], "PublishedDate": "2026-05-07T20:16:42.77Z", "LastModifiedDate": "2026-05-12T20:23:02.333Z" }, { "VulnerabilityID": "CVE-2026-33814", "VendorIDs": [ "GO-2026-4918" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "f2a7af45e0298ef8" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:9c01dc9e96914d75d10c571e4da4757c8aea369099171dcbc13fecc117a21e37", "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", "Severity": "HIGH", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/761581", "https://go.dev/cl/761640", "https://go.dev/issue/78476", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", "https://pkg.go.dev/vuln/GO-2026-4918" ], "PublishedDate": "2026-05-07T20:16:42.88Z", "LastModifiedDate": "2026-05-13T14:41:59.52Z" }, { "VulnerabilityID": "CVE-2026-39820", "VendorIDs": [ "GO-2026-4986" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "f2a7af45e0298ef8" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:74fe517495b0a50942b39dad2a705c25c934cf187cf148faf149d4e4df6e57d1", "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/759940", "https://go.dev/issue/78566", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", "https://pkg.go.dev/vuln/GO-2026-4986" ], "PublishedDate": "2026-05-07T20:16:43.187Z", "LastModifiedDate": "2026-05-13T15:10:58.65Z" }, { "VulnerabilityID": "CVE-2026-39836", "VendorIDs": [ "GO-2026-4971" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "f2a7af45e0298ef8" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:fa774ab6e351524fa547fa2d615dd4c5f8c63989b8e50fbaa6e887de81fee0f7", "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/775320", "https://go.dev/issue/79006", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", "https://pkg.go.dev/vuln/GO-2026-4971" ], "PublishedDate": "2026-05-07T20:16:43.593Z", "LastModifiedDate": "2026-05-13T15:11:10.31Z" }, { "VulnerabilityID": "CVE-2026-42499", "VendorIDs": [ "GO-2026-4977" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "f2a7af45e0298ef8" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:47efff7b22c8d35996793e5eb662f9bd9ca8adbd0239f28fc93ac50e5068aa49", "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", "Severity": "HIGH", "VendorSeverity": { "bitnami": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/771520", "https://go.dev/issue/78987", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", "https://pkg.go.dev/vuln/GO-2026-4977" ], "PublishedDate": "2026-05-07T20:16:44.54Z", "LastModifiedDate": "2026-05-13T16:59:17.563Z" }, { "VulnerabilityID": "CVE-2024-45336", "VendorIDs": [ "GO-2025-3420" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "f2a7af45e0298ef8" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.22.11, 1.23.5, 1.24.0-rc.2", "Status": "fixed", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-45336", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:7a020338e26c87ef0308ef40903d98b05d320fc66eb4ef29c39b25e85f1045df", "Title": "golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect", "Description": "The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "bitnami": 2, "cbl-mariner": 3, "oracle-oval": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:3772", "https://access.redhat.com/security/cve/CVE-2024-45336", "https://bugzilla.redhat.com/2341750", "https://bugzilla.redhat.com/2341751", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", "https://errata.almalinux.org/8/ALSA-2025-3772.html", "https://errata.rockylinux.org/RLSA-2025:3773", "https://github.com/golang/go/issues/70530", "https://go.dev/cl/643100", "https://go.dev/issue/70530", "https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI", "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ", "https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ", "https://linux.oracle.com/cve/CVE-2024-45336.html", "https://linux.oracle.com/errata/ELSA-2025-7592.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-45336", "https://pkg.go.dev/vuln/GO-2025-3420", "https://security.netapp.com/advisory/ntap-20250221-0003/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2024-45336" ], "PublishedDate": "2025-01-28T02:15:28.807Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-0913", "VendorIDs": [ "GO-2025-3750" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "f2a7af45e0298ef8" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.23.10, 1.24.4", "Status": "fixed", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:4e35962e6c37338d25d361b1864956aab2a7be73f86c16a5bec0fe57119e01ab", "Title": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", "Description": "os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 } }, "References": [ "https://go.dev/cl/672396", "https://go.dev/issue/73702", "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "https://nvd.nist.gov/vuln/detail/CVE-2025-0913", "https://pkg.go.dev/vuln/GO-2025-3750" ], "PublishedDate": "2025-06-11T18:15:24.627Z", "LastModifiedDate": "2025-08-08T14:53:03.55Z" }, { "VulnerabilityID": "CVE-2025-22866", "VendorIDs": [ "GO-2025-3447" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "f2a7af45e0298ef8" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.22.12, 1.23.6, 1.24.0-rc.3", "Status": "fixed", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22866", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3d103c3dd4d83c83e3dd8e2c310002449bf1fc9db39c2f7c1c571fa46cb41a61", "Title": "crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec", "Description": "Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.", "Severity": "MEDIUM", "VendorSeverity": { "bitnami": 2, "oracle-oval": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22866", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", "https://errata.rockylinux.org/RLSA-2025:3773", "https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12)", "https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6)", "https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3)", "https://github.com/golang/go/issues/71383", "https://go.dev/cl/643735", "https://go.dev/issue/71383", "https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k", "https://linux.oracle.com/cve/CVE-2025-22866.html", "https://linux.oracle.com/errata/ELSA-2025-7466.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-22866", "https://pkg.go.dev/vuln/GO-2025-3447", "https://security.netapp.com/advisory/ntap-20250221-0002/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-22866" ], "PublishedDate": "2025-02-06T17:15:21.41Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-22870", "VendorIDs": [ "GHSA-qxp5-gwg8-xv66", "GO-2025-3503" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "f2a7af45e0298ef8" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.23.7, 1.24.1", "Status": "fixed", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:8dc19f60712a0cf829b8e23edf7711f569959a301a53d430ce5755155ebd2aff", "Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", "Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.", "Severity": "MEDIUM", "CweIDs": [ "CWE-115" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/03/07/2", "https://access.redhat.com/security/cve/CVE-2025-22870", "https://github.com/golang/go/issues/71984", "https://go-review.googlesource.com/q/project:net", "https://go.dev/cl/654697", "https://go.dev/issue/71984", "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", "https://nvd.nist.gov/vuln/detail/CVE-2025-22870", "https://pkg.go.dev/vuln/GO-2025-3503", "https://security.netapp.com/advisory/ntap-20250509-0007", "https://security.netapp.com/advisory/ntap-20250509-0007/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-22870" ], "PublishedDate": "2025-03-12T19:15:38.31Z", "LastModifiedDate": "2026-04-16T23:16:32.86Z" }, { "VulnerabilityID": "CVE-2025-22871", "VendorIDs": [ "GO-2025-3563" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "f2a7af45e0298ef8" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.23.8, 1.24.2", "Status": "fixed", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22871", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:8c6f7722f72c2dfacd621f2d9a49bd0f4df743851108d55f1da302e71a19945e", "Title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http", "Description": "The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 4, "cbl-mariner": 3, "ghsa": 4, "oracle-oval": 2, "photon": 4, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/04/4", "https://access.redhat.com/errata/RHSA-2025:9635", "https://access.redhat.com/security/cve/CVE-2025-22871", "https://bugzilla.redhat.com/2358493", "https://bugzilla.redhat.com/show_bug.cgi?id=2358493", "https://cert-portal.siemens.com/productcert/html/ssa-783943.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871", "https://errata.almalinux.org/9/ALSA-2025-9635.html", "https://errata.rockylinux.org/RLSA-2025:9635", "https://github.com/roadrunner-server/roadrunner", "https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa", "https://github.com/roadrunner-server/roadrunner/issues/2166", "https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0", "https://go.dev/cl/652998", "https://go.dev/issue/71988", "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk", "https://linux.oracle.com/cve/CVE-2025-22871.html", "https://linux.oracle.com/errata/ELSA-2025-9845.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-22871", "https://pkg.go.dev/vuln/GO-2025-3563", "https://www.cve.org/CVERecord?id=CVE-2025-22871" ], "PublishedDate": "2025-04-08T20:15:20.183Z", "LastModifiedDate": "2026-05-12T13:16:39.897Z" }, { "VulnerabilityID": "CVE-2025-22873", "VendorIDs": [ "GO-2026-4403" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "f2a7af45e0298ef8" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.23.9, 1.24.3", "Status": "fixed", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22873", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c062f3598d699b79e7bf7a00d14599e4881281fa77fa1c13f9c8eb9dffa11427", "Title": "os: os: Information disclosure via path traversal using specially crafted filenames", "Description": "It was possible to improperly access the parent directory of an os.Root by opening a filename ending in \"../\". For example, Root.Open(\"../\") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.", "Severity": "MEDIUM", "CweIDs": [ "CWE-23" ], "VendorSeverity": { "amazon": 2, "bitnami": 1, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "V3Score": 3.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/05/06/2", "https://access.redhat.com/security/cve/CVE-2025-22873", "https://go.dev/cl/670036", "https://go.dev/issue/73555", "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ", "https://nvd.nist.gov/vuln/detail/CVE-2025-22873", "https://pkg.go.dev/vuln/GO-2026-4403", "https://www.cve.org/CVERecord?id=CVE-2025-22873" ], "PublishedDate": "2026-02-04T23:15:54.22Z", "LastModifiedDate": "2026-02-10T15:16:40.057Z" }, { "VulnerabilityID": "CVE-2025-4673", "VendorIDs": [ "GO-2025-3751" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "f2a7af45e0298ef8" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.23.10, 1.24.4", "Status": "fixed", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:76ba1b758e512189401a025b45994a25567e7b12323a8882842c771bc4ae003d", "Title": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", "Description": "Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "V3Score": 6.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "V3Score": 6.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:15887", "https://access.redhat.com/security/cve/CVE-2025-4673", "https://bugzilla.redhat.com/2373305", "https://bugzilla.redhat.com/show_bug.cgi?id=2373305", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673", "https://errata.almalinux.org/9/ALSA-2025-15887.html", "https://errata.rockylinux.org/RLSA-2025:15887", "https://go.dev/cl/679257", "https://go.dev/issue/73816", "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "https://linux.oracle.com/cve/CVE-2025-4673.html", "https://linux.oracle.com/errata/ELSA-2025-10677.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-4673", "https://pkg.go.dev/vuln/GO-2025-3751", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-4673" ], "PublishedDate": "2025-06-11T17:15:42.993Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-47906", "VendorIDs": [ "GO-2025-3956" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "f2a7af45e0298ef8" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.23.12, 1.24.6", "Status": "fixed", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f57667fd9c0a51e98d9a9b7e48cd79cff927872ef518c2805b70f99f40ee3c18", "Title": "os/exec: Unexpected paths returned from LookPath in os/exec", "Description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/08/06/1", "https://access.redhat.com/errata/RHSA-2025:22005", "https://access.redhat.com/security/cve/CVE-2025-47906", "https://bugzilla.redhat.com/2396546", "https://bugzilla.redhat.com/show_bug.cgi?id=2396546", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906", "https://errata.almalinux.org/9/ALSA-2025-22005.html", "https://errata.rockylinux.org/RLSA-2025:22005", "https://go.dev/cl/691775", "https://go.dev/issue/74466", "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", "https://linux.oracle.com/cve/CVE-2025-47906.html", "https://linux.oracle.com/errata/ELSA-2025-22668.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-47906", "https://pkg.go.dev/vuln/GO-2025-3956", "https://www.cve.org/CVERecord?id=CVE-2025-47906" ], "PublishedDate": "2025-09-18T19:15:37.66Z", "LastModifiedDate": "2026-01-27T19:56:17.707Z" }, { "VulnerabilityID": "CVE-2025-47907", "VendorIDs": [ "GO-2025-3849" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "f2a7af45e0298ef8" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.23.12, 1.24.6", "Status": "fixed", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:6f965ab0ecf715a8cb6683002aaab785b398a0f1ff01153871a01f4e1ba651c5", "Title": "database/sql: Postgres Scan Race Condition", "Description": "Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "V3Score": 7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/08/06/1", "https://access.redhat.com/errata/RHSA-2025:20909", "https://access.redhat.com/security/cve/CVE-2025-47907", "https://bugzilla.redhat.com/2387083", "https://bugzilla.redhat.com/2393152", "https://errata.almalinux.org/9/ALSA-2025-20909.html", "https://go.dev/cl/693735", "https://go.dev/issue/74831", "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", "https://linux.oracle.com/cve/CVE-2025-47907.html", "https://linux.oracle.com/errata/ELSA-2025-20983.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-47907", "https://pkg.go.dev/vuln/GO-2025-3849", "https://www.cve.org/CVERecord?id=CVE-2025-47907" ], "PublishedDate": "2025-08-07T16:15:30.357Z", "LastModifiedDate": "2026-01-29T19:11:50.67Z" }, { "VulnerabilityID": "CVE-2025-47912", "VendorIDs": [ "GO-2025-4010" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "f2a7af45e0298ef8" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47912", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:e8248f7ff3970a92cd620b0fb3a8f3bbd53ba5012e72c3eaa9ec565263d56446", "Title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url", "Description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-47912", "https://go.dev/cl/709857", "https://go.dev/issue/75678", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-47912", "https://pkg.go.dev/vuln/GO-2025-4010", "https://www.cve.org/CVERecord?id=CVE-2025-47912" ], "PublishedDate": "2025-10-29T23:16:18.187Z", "LastModifiedDate": "2026-01-29T13:57:18.69Z" }, { "VulnerabilityID": "CVE-2025-58183", "VendorIDs": [ "GO-2025-4014" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "f2a7af45e0298ef8" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58183", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:db31256864b6a261eade42bc24a7904cdb83a33c177559335cf406a4fa70c7ae", "Title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map", "Description": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/errata/RHSA-2026:1381", "https://access.redhat.com/security/cve/CVE-2025-58183", "https://bugzilla.redhat.com/2407258", "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", "https://errata.almalinux.org/9/ALSA-2026-1381.html", "https://errata.rockylinux.org/RLSA-2025:23326", "https://go.dev/cl/709861", "https://go.dev/issue/75677", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://linux.oracle.com/cve/CVE-2025-58183.html", "https://linux.oracle.com/errata/ELSA-2026-50076.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-58183", "https://pkg.go.dev/vuln/GO-2025-4014", "https://www.cve.org/CVERecord?id=CVE-2025-58183" ], "PublishedDate": "2025-10-29T23:16:19.357Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-58185", "VendorIDs": [ "GO-2025-4011" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "f2a7af45e0298ef8" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58185", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:25dc65ee7fa043f8bc11e5b6f1fa2a5563ffd0f40f2915e28117b7196ba83be9", "Title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1", "Description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58185", "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd", "https://go.dev/cl/709856", "https://go.dev/issue/75671", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58185", "https://pkg.go.dev/vuln/GO-2025-4011", "https://www.cve.org/CVERecord?id=CVE-2025-58185" ], "PublishedDate": "2025-10-29T23:16:19.45Z", "LastModifiedDate": "2026-02-06T20:26:41.997Z" }, { "VulnerabilityID": "CVE-2025-58187", "VendorIDs": [ "GO-2025-4007" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "f2a7af45e0298ef8" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.9, 1.25.3", "Status": "fixed", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58187", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:50b0a051ad7455376505b79c1d37416ad85ab2a72fea719ca46097445156b568", "Title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509", "Description": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.", "Severity": "MEDIUM", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58187", "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4", "https://go.dev/cl/709854", "https://go.dev/issue/75681", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58187", "https://pkg.go.dev/vuln/GO-2025-4007", "https://www.cve.org/CVERecord?id=CVE-2025-58187" ], "PublishedDate": "2025-10-29T23:16:19.643Z", "LastModifiedDate": "2026-01-29T16:02:27.08Z" }, { "VulnerabilityID": "CVE-2025-58188", "VendorIDs": [ "GO-2025-4013" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "f2a7af45e0298ef8" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58188", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:53f25fccfa42ae17d21f436a578fb116e16031ff05b0f446dd2c90b1fdb4bf8b", "Title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509", "Description": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58188", "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9", "https://go.dev/cl/709853", "https://go.dev/issue/75675", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58188", "https://pkg.go.dev/vuln/GO-2025-4013", "https://www.cve.org/CVERecord?id=CVE-2025-58188" ], "PublishedDate": "2025-10-29T23:16:19.74Z", "LastModifiedDate": "2026-01-29T15:55:11.97Z" }, { "VulnerabilityID": "CVE-2025-58189", "VendorIDs": [ "GO-2025-4008" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "f2a7af45e0298ef8" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58189", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:509284a4d45f3c4e8a50e933c25b3c513a8f2a1df6fde51250e7cd1988446cd6", "Title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information", "Description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", "Severity": "MEDIUM", "CweIDs": [ "CWE-532" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58189", "https://go.dev/cl/707776", "https://go.dev/issue/75652", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58189", "https://pkg.go.dev/vuln/GO-2025-4008", "https://www.cve.org/CVERecord?id=CVE-2025-58189" ], "PublishedDate": "2025-10-29T23:16:19.833Z", "LastModifiedDate": "2026-01-29T15:49:24.543Z" }, { "VulnerabilityID": "CVE-2025-61723", "VendorIDs": [ "GO-2025-4009" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "f2a7af45e0298ef8" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61723", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:4c591b82fc4b3bcd6469f971aac862848fa004b1050f36741a77b374145b873d", "Title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem", "Description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61723", "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b", "https://go.dev/cl/709858", "https://go.dev/issue/75676", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61723", "https://pkg.go.dev/vuln/GO-2025-4009", "https://www.cve.org/CVERecord?id=CVE-2025-61723" ], "PublishedDate": "2025-10-29T23:16:19.927Z", "LastModifiedDate": "2026-01-29T15:49:05.343Z" }, { "VulnerabilityID": "CVE-2025-61724", "VendorIDs": [ "GO-2025-4015" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "f2a7af45e0298ef8" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61724", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:abfdd7ccd15fd4c08d5d949c30db472ed1a5e9af3f4da783b6ee2b54cef7244e", "Title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto", "Description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61724", "https://go.dev/cl/709859", "https://go.dev/issue/75716", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61724", "https://pkg.go.dev/vuln/GO-2025-4015", "https://www.cve.org/CVERecord?id=CVE-2025-61724" ], "PublishedDate": "2025-10-29T23:16:20.02Z", "LastModifiedDate": "2026-01-29T15:30:53.69Z" }, { "VulnerabilityID": "CVE-2025-61725", "VendorIDs": [ "GO-2025-4006" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "f2a7af45e0298ef8" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61725", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:4f2d251ee6fd9cb2d536392cba3a33c756ddde2d279bfb887d78a26cf1fe0d95", "Title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail", "Description": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61725", "https://go.dev/cl/709860", "https://go.dev/issue/75680", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61725", "https://pkg.go.dev/vuln/GO-2025-4006", "https://www.cve.org/CVERecord?id=CVE-2025-61725" ], "PublishedDate": "2025-10-29T23:16:20.113Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-61727", "VendorIDs": [ "GO-2025-4175" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "f2a7af45e0298ef8" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.11, 1.25.5", "Status": "fixed", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61727", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:41b55a3b35a838c736def8dd6ec0e87083ea72eed2c84816a6f8a37f621f1530", "Title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs", "Description": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-61727", "https://go.dev/cl/723900", "https://go.dev/issue/76442", "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "https://nvd.nist.gov/vuln/detail/CVE-2025-61727", "https://pkg.go.dev/vuln/GO-2025-4175", "https://www.cve.org/CVERecord?id=CVE-2025-61727" ], "PublishedDate": "2025-12-03T20:16:25.607Z", "LastModifiedDate": "2025-12-18T20:15:10.957Z" }, { "VulnerabilityID": "CVE-2025-61728", "VendorIDs": [ "GO-2026-4342" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "f2a7af45e0298ef8" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61728", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:46a51a345126c1357cf2d33399da89ce133bb6eedcd4dad608deb31abf142221", "Title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip", "Description": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/15/4", "https://access.redhat.com/errata/RHSA-2026:3753", "https://access.redhat.com/security/cve/CVE-2025-61728", "https://bugzilla.redhat.com/2418462", "https://bugzilla.redhat.com/2434431", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", "https://bugzilla.redhat.com/show_bug.cgi?id=2434431", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-3753.html", "https://errata.rockylinux.org/RLSA-2026:3337", "https://go.dev/cl/736713", "https://go.dev/issue/77102", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-61728.html", "https://linux.oracle.com/errata/ELSA-2026-4672.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61728", "https://pkg.go.dev/vuln/GO-2026-4342", "https://www.cve.org/CVERecord?id=CVE-2025-61728" ], "PublishedDate": "2026-01-28T20:16:09.83Z", "LastModifiedDate": "2026-02-06T18:45:10.42Z" }, { "VulnerabilityID": "CVE-2025-61730", "VendorIDs": [ "GO-2026-4340" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "f2a7af45e0298ef8" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61730", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:9c12c4682b2cc8d8c9f3788fbcc74f9595ccca1ed664e554776878c09bb0826d", "Title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls", "Description": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 2, "azure": 1, "bitnami": 2, "cbl-mariner": 1, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-61730", "https://go.dev/cl/724120", "https://go.dev/issue/76443", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://nvd.nist.gov/vuln/detail/CVE-2025-61730", "https://pkg.go.dev/vuln/GO-2026-4340", "https://www.cve.org/CVERecord?id=CVE-2025-61730" ], "PublishedDate": "2026-01-28T20:16:09.94Z", "LastModifiedDate": "2026-02-03T20:36:41.3Z" }, { "VulnerabilityID": "CVE-2026-27142", "VendorIDs": [ "GO-2026-4603" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "f2a7af45e0298ef8" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.8, 1.26.1", "Status": "fixed", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27142", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:6ad205a50ea24b41d99dad1e52ebd4412a3e864394ce2b43c0d2bbe8b1f46e10", "Title": "html/template: URLs in meta content attribute actions are not escaped in html/template", "Description": "Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27142", "https://go.dev/cl/752081", "https://go.dev/issue/77954", "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "https://nvd.nist.gov/vuln/detail/CVE-2026-27142", "https://pkg.go.dev/vuln/GO-2026-4603", "https://www.cve.org/CVERecord?id=CVE-2026-27142" ], "PublishedDate": "2026-03-06T22:16:01.177Z", "LastModifiedDate": "2026-04-21T14:30:01.38Z" }, { "VulnerabilityID": "CVE-2026-32282", "VendorIDs": [ "GO-2026-4864" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "f2a7af45e0298ef8" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:8418d442ca5f99bf46957678dc45055ac6de1fc7237c277dd6c8863fc94ff31f", "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32282", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763761", "https://go.dev/issue/78293", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32282.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", "https://pkg.go.dev/vuln/GO-2026-4864", "https://www.cve.org/CVERecord?id=CVE-2026-32282" ], "PublishedDate": "2026-04-08T02:16:03.467Z", "LastModifiedDate": "2026-04-16T19:15:39.4Z" }, { "VulnerabilityID": "CVE-2026-32288", "VendorIDs": [ "GO-2026-4869" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "f2a7af45e0298ef8" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:a15f4d9f0604f6684ae737b400162cd1bf15411e32d42fe54aed3c154d63b8d9", "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "azure": 2, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32288", "https://go.dev/cl/763766", "https://go.dev/issue/78301", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", "https://pkg.go.dev/vuln/GO-2026-4869", "https://www.cve.org/CVERecord?id=CVE-2026-32288" ], "PublishedDate": "2026-04-08T02:16:03.707Z", "LastModifiedDate": "2026-04-16T19:08:52.24Z" }, { "VulnerabilityID": "CVE-2026-32289", "VendorIDs": [ "GO-2026-4865" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "f2a7af45e0298ef8" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f46be49d0799f836b5c77301863f13218454fae5faaac3431739de8541e54d09", "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32289", "https://go.dev/cl/763762", "https://go.dev/issue/78331", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", "https://pkg.go.dev/vuln/GO-2026-4865", "https://www.cve.org/CVERecord?id=CVE-2026-32289" ], "PublishedDate": "2026-04-08T02:16:03.82Z", "LastModifiedDate": "2026-04-16T19:06:57.367Z" }, { "VulnerabilityID": "CVE-2026-39823", "VendorIDs": [ "GO-2026-4982" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "f2a7af45e0298ef8" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:e45ed45c2977884efdabceba94a8c1545aa54ab427a1b9c04604d5b6faca2338", "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/769920", "https://go.dev/issue/78913", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", "https://pkg.go.dev/vuln/GO-2026-4982" ], "PublishedDate": "2026-05-07T20:16:43.29Z", "LastModifiedDate": "2026-05-13T16:58:45.697Z" }, { "VulnerabilityID": "CVE-2026-39825", "VendorIDs": [ "GO-2026-4976" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "f2a7af45e0298ef8" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:7be95f0b423ca8269e94a78737aec4fc6829972011d6fa32a0e86a8535c064b2", "Title": "ReverseProxy can forward queries containing parameters not visible to ...", "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", "Severity": "MEDIUM", "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://go.dev/cl/770541", "https://go.dev/issue/78948", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", "https://pkg.go.dev/vuln/GO-2026-4976" ], "PublishedDate": "2026-05-07T20:16:43.39Z", "LastModifiedDate": "2026-05-13T16:58:56.39Z" }, { "VulnerabilityID": "CVE-2026-39826", "VendorIDs": [ "GO-2026-4980" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "f2a7af45e0298ef8" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:9975fd7e58da55c27db15c032864ec1908481a90abe3316735d4aa2fc228257a", "DiffID": "sha256:50106be7f1f4302e11ffa9e70585ebca2ba6bc3649cacb6cf44399c491a60ddb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f5fc1c65f66a5bd893e6368f066a78b39575629e44e159c67c51ff7b4c448780", "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", "Severity": "MEDIUM", "CweIDs": [ "CWE-116" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/771180", "https://go.dev/issue/78981", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", "https://pkg.go.dev/vuln/GO-2026-4980" ], "PublishedDate": "2026-05-07T20:16:43.49Z", "LastModifiedDate": "2026-05-13T16:59:07.48Z" } ] } ] }, { "Namespace": "prometheus", "Kind": "Deployment", "Name": "alertmanager", "Metadata": [ { "Size": 72671744, "ImageID": "sha256:6519630d2dcc96a94f82e6e6fea153cfd87de0f97a95230bf713946a0756d97f", "DiffIDs": [ "sha256:ce003e882898fd52c48121c32517cfd5dc2ba95a8216989b5e6571cc147e1f2f", "sha256:b2f24d7bd8435c9eb1ab45056b1bd85f82b0d29043f9dd5db27244fc08029cbd", "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525", "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9", "sha256:a0b193e13c47f0dbb59853a0c116f17f91ba4e4b8a88ec31fcc6144931e1bb4c", "sha256:743ab2fdbd295dabbd1553e9cb107fdf3f4b5a9abec75f31bbe0aeed63ca981a", "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef" ], "RepoTags": [ "prom/alertmanager:latest" ], "RepoDigests": [ "prom/alertmanager@sha256:51a825c2a40acc3e338fdd00d622e01ec090f72be2b3ea46be0839cd47a4d286" ], "Reference": "prom/alertmanager:latest", "ImageConfig": { "architecture": "amd64", "author": "The Prometheus Authors \u003cprometheus-developers@googlegroups.com\u003e", "created": "2026-04-29T17:45:56.223633017Z", "history": [ { "created": "2024-09-26T21:31:42Z", "created_by": "BusyBox 1.37.0 (uclibc), Buildroot 2025.11.3, Debian 13" }, { "created": "2026-04-15T10:54:45.929154899Z", "created_by": "MAINTAINER The Prometheus Authors \u003cprometheus-developers@googlegroups.com\u003e", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-04-15T10:54:45.929154899Z", "created_by": "COPY /rootfs / # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-04-29T17:45:56.032089482Z", "created_by": "LABEL maintainer=The Prometheus Authors \u003cprometheus-developers@googlegroups.com\u003e", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-04-29T17:45:56.032089482Z", "created_by": "LABEL org.opencontainers.image.source=https://github.com/prometheus/alertmanager", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-04-29T17:45:56.032089482Z", "created_by": "ARG ARCH=amd64", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-04-29T17:45:56.032089482Z", "created_by": "ARG OS=linux", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-04-29T17:45:56.032089482Z", "created_by": "COPY .build/linux-amd64/amtool /bin/amtool # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-04-29T17:45:56.078638477Z", "created_by": "COPY .build/linux-amd64/alertmanager /bin/alertmanager # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-04-29T17:45:56.08799851Z", "created_by": "COPY examples/ha/alertmanager.yml /etc/alertmanager/alertmanager.yml # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-04-29T17:45:56.203502631Z", "created_by": "RUN |2 ARCH=amd64 OS=linux /bin/sh -c mkdir -p /alertmanager \u0026\u0026 chown -R nobody:nobody /etc/alertmanager /alertmanager \u0026\u0026 chmod -R g+w /alertmanager # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-04-29T17:45:56.203502631Z", "created_by": "USER nobody", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-04-29T17:45:56.203502631Z", "created_by": "EXPOSE map[9093/tcp:{}]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-04-29T17:45:56.203502631Z", "created_by": "VOLUME [/alertmanager]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-04-29T17:45:56.223633017Z", "created_by": "WORKDIR /alertmanager", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-04-29T17:45:56.223633017Z", "created_by": "ENTRYPOINT [\"/bin/alertmanager\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-04-29T17:45:56.223633017Z", "created_by": "CMD [\"--config.file=/etc/alertmanager/alertmanager.yml\" \"--storage.path=/alertmanager\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true } ], "os": "linux", "rootfs": { "type": "layers", "diff_ids": [ "sha256:ce003e882898fd52c48121c32517cfd5dc2ba95a8216989b5e6571cc147e1f2f", "sha256:b2f24d7bd8435c9eb1ab45056b1bd85f82b0d29043f9dd5db27244fc08029cbd", "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525", "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9", "sha256:a0b193e13c47f0dbb59853a0c116f17f91ba4e4b8a88ec31fcc6144931e1bb4c", "sha256:743ab2fdbd295dabbd1553e9cb107fdf3f4b5a9abec75f31bbe0aeed63ca981a", "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef" ] }, "config": { "Cmd": [ "--config.file=/etc/alertmanager/alertmanager.yml", "--storage.path=/alertmanager" ], "Entrypoint": [ "/bin/alertmanager" ], "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ], "Labels": { "maintainer": "The Prometheus Authors \u003cprometheus-developers@googlegroups.com\u003e", "org.opencontainers.image.source": "https://github.com/prometheus/alertmanager" }, "User": "nobody", "Volumes": { "/alertmanager": {} }, "WorkingDir": "/alertmanager", "ExposedPorts": { "9093/tcp": {} }, "ArgsEscaped": true } }, "Layers": [ { "Size": 1454080, "Digest": "sha256:2acf9a40b14f28b6096477413ec272f1fae2d5df7d963466f0936cc16b08ab7b", "DiffID": "sha256:ce003e882898fd52c48121c32517cfd5dc2ba95a8216989b5e6571cc147e1f2f" }, { "Size": 1262080, "Digest": "sha256:27baa147e9fa2a2d3cddd0ccabf97ee10c9b66379c5b8835ec4c9438ef9dbd07", "DiffID": "sha256:b2f24d7bd8435c9eb1ab45056b1bd85f82b0d29043f9dd5db27244fc08029cbd" }, { "Size": 28680704, "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, { "Size": 41265152, "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, { "Size": 3584, "Digest": "sha256:02dd15185ff817e6b78158fb348bbe98129833673a81ca2503dfd4a9f670d168", "DiffID": "sha256:a0b193e13c47f0dbb59853a0c116f17f91ba4e4b8a88ec31fcc6144931e1bb4c" }, { "Size": 5120, "Digest": "sha256:743274192ad7a9b8f72979769808f7e27c5a3fa2d7653a513cda43ff21f262fd", "DiffID": "sha256:743ab2fdbd295dabbd1553e9cb107fdf3f4b5a9abec75f31bbe0aeed63ca981a" }, { "Size": 1024, "Digest": "sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1", "DiffID": "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef" } ] } ], "Results": [ { "Target": "bin/alertmanager", "Class": "lang-pkgs", "Type": "gobinary", "Packages": [ { "ID": "github.com/prometheus/alertmanager@v0.32.1", "Name": "github.com/prometheus/alertmanager", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/alertmanager@v0.32.1", "UID": "80b0b452c2325658" }, "Version": "v0.32.1", "Relationship": "root", "DependsOn": [ "github.com/KimMachineGun/automemlimit@v0.7.5", "github.com/alecthomas/kingpin/v2@v2.4.0", "github.com/alecthomas/units@v0.0.0-20240927000941-0f3dac36c52b", "github.com/armon/go-metrics@v0.4.1", "github.com/aws/aws-sdk-go-v2/config@v1.32.13", "github.com/aws/aws-sdk-go-v2/credentials@v1.19.13", "github.com/aws/aws-sdk-go-v2/feature/ec2/imds@v1.18.21", "github.com/aws/aws-sdk-go-v2/internal/configsources@v1.4.21", "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.7.21", "github.com/aws/aws-sdk-go-v2/internal/ini@v1.8.6", "github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding@v1.13.7", "github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.13.21", "github.com/aws/aws-sdk-go-v2/service/signin@v1.0.9", "github.com/aws/aws-sdk-go-v2/service/sns@v1.39.15", "github.com/aws/aws-sdk-go-v2/service/sso@v1.30.14", "github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.35.18", "github.com/aws/aws-sdk-go-v2/service/sts@v1.41.10", "github.com/aws/aws-sdk-go-v2@v1.41.5", "github.com/aws/smithy-go@v1.24.2", "github.com/beorn7/perks@v1.0.1", "github.com/cenkalti/backoff/v4@v4.3.0", "github.com/cenkalti/backoff/v5@v5.0.3", "github.com/cespare/xxhash/v2@v2.3.0", "github.com/coder/quartz@v0.3.0", "github.com/coreos/go-systemd/v22@v22.6.0", "github.com/docker/go-units@v0.5.0", "github.com/felixge/httpsnoop@v1.0.4", "github.com/go-logr/logr@v1.4.3", "github.com/go-logr/stdr@v1.2.2", "github.com/go-openapi/analysis@v0.25.0", "github.com/go-openapi/errors@v0.22.7", "github.com/go-openapi/jsonpointer@v0.22.5", "github.com/go-openapi/jsonreference@v0.21.5", "github.com/go-openapi/loads@v0.23.3", "github.com/go-openapi/runtime@v0.29.3", "github.com/go-openapi/spec@v0.22.4", "github.com/go-openapi/strfmt@v0.26.1", "github.com/go-openapi/swag/cmdutils@v0.25.5", "github.com/go-openapi/swag/conv@v0.25.5", "github.com/go-openapi/swag/fileutils@v0.25.5", "github.com/go-openapi/swag/jsonname@v0.25.5", "github.com/go-openapi/swag/jsonutils@v0.25.5", "github.com/go-openapi/swag/loading@v0.25.5", "github.com/go-openapi/swag/mangling@v0.25.5", "github.com/go-openapi/swag/netutils@v0.25.5", "github.com/go-openapi/swag/stringutils@v0.25.5", "github.com/go-openapi/swag/typeutils@v0.25.5", "github.com/go-openapi/swag/yamlutils@v0.25.5", "github.com/go-openapi/swag@v0.25.5", "github.com/go-openapi/validate@v0.25.2", "github.com/go-viper/mapstructure/v2@v2.5.0", "github.com/golang-jwt/jwt/v5@v5.3.0", "github.com/google/btree@v1.1.3", "github.com/google/uuid@v1.6.0", "github.com/grpc-ecosystem/grpc-gateway/v2@v2.28.0", "github.com/hashicorp/errwrap@v1.1.0", "github.com/hashicorp/go-immutable-radix@v1.3.1", "github.com/hashicorp/go-metrics@v0.5.4", "github.com/hashicorp/go-msgpack/v2@v2.1.5", "github.com/hashicorp/go-multierror@v1.1.1", "github.com/hashicorp/go-sockaddr@v1.0.7", "github.com/hashicorp/golang-lru/v2@v2.0.7", "github.com/hashicorp/golang-lru@v0.5.4", "github.com/hashicorp/memberlist@v0.5.4", "github.com/jessevdk/go-flags@v1.6.1", "github.com/jpillora/backoff@v1.0.0", "github.com/julienschmidt/httprouter@v1.3.0", "github.com/mdlayher/socket@v0.4.1", "github.com/mdlayher/vsock@v1.2.1", "github.com/miekg/dns@v1.1.68", "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", "github.com/mwitkow/go-conntrack@v0.0.0-20190716064945-2f068394615f", "github.com/oklog/run@v1.2.0", "github.com/oklog/ulid/v2@v2.1.1", "github.com/pbnjay/memory@v0.0.0-20210728143218-7b4eea64cf58", "github.com/prometheus/client_golang@v1.23.2", "github.com/prometheus/client_model@v0.6.2", "github.com/prometheus/common@v0.67.5", "github.com/prometheus/exporter-toolkit@v0.15.1", "github.com/prometheus/procfs@v0.16.1", "github.com/prometheus/sigv4@v0.4.1", "github.com/rs/cors@v1.11.1", "github.com/sean-/seed@v0.0.0-20170313163322-e2103e2c3529", "github.com/xhit/go-str2duration/v2@v2.1.0", "go.opentelemetry.io/auto/sdk@v1.2.1", "go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace@v0.66.0", "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.66.0", "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@v1.41.0", "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp@v1.41.0", "go.opentelemetry.io/otel/exporters/otlp/otlptrace@v1.41.0", "go.opentelemetry.io/otel/metric@v1.41.0", "go.opentelemetry.io/otel/sdk@v1.41.0", "go.opentelemetry.io/otel/trace@v1.41.0", "go.opentelemetry.io/otel@v1.41.0", "go.opentelemetry.io/proto/otlp@v1.9.0", "go.yaml.in/yaml/v2@v2.4.3", "go.yaml.in/yaml/v3@v3.0.4", "golang.org/x/crypto@v0.49.0", "golang.org/x/net@v0.52.0", "golang.org/x/oauth2@v0.35.0", "golang.org/x/sync@v0.20.0", "golang.org/x/sys@v0.42.0", "golang.org/x/text@v0.35.0", "golang.org/x/time@v0.14.0", "google.golang.org/genproto/googleapis/api@v0.0.0-20260209200024-4cfbd4190f57", "google.golang.org/genproto/googleapis/rpc@v0.0.0-20260209200024-4cfbd4190f57", "google.golang.org/grpc@v1.80.0", "google.golang.org/protobuf@v1.36.11", "gopkg.in/telebot.v3@v3.3.8", "gopkg.in/yaml.v2@v2.4.0", "stdlib@v1.26.2" ], "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "stdlib@v1.26.2", "Name": "stdlib", "Identifier": { "PURL": "pkg:golang/stdlib@v1.26.2", "UID": "28f63090157d12cc" }, "Version": "v1.26.2", "Relationship": "direct", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/KimMachineGun/automemlimit@v0.7.5", "Name": "github.com/KimMachineGun/automemlimit", "Identifier": { "PURL": "pkg:golang/github.com/kimmachinegun/automemlimit@v0.7.5", "UID": "f545ee64627643f7" }, "Version": "v0.7.5", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/alecthomas/kingpin/v2@v2.4.0", "Name": "github.com/alecthomas/kingpin/v2", "Identifier": { "PURL": "pkg:golang/github.com/alecthomas/kingpin/v2@v2.4.0", "UID": "a8dccb910a64e09d" }, "Version": "v2.4.0", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/alecthomas/units@v0.0.0-20240927000941-0f3dac36c52b", "Name": "github.com/alecthomas/units", "Identifier": { "PURL": "pkg:golang/github.com/alecthomas/units@v0.0.0-20240927000941-0f3dac36c52b", "UID": "6e30d76b4ec7ebed" }, "Version": "v0.0.0-20240927000941-0f3dac36c52b", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/armon/go-metrics@v0.4.1", "Name": "github.com/armon/go-metrics", "Identifier": { "PURL": "pkg:golang/github.com/armon/go-metrics@v0.4.1", "UID": "ba3631eb0cb68412" }, "Version": "v0.4.1", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2@v1.41.5", "Name": "github.com/aws/aws-sdk-go-v2", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2@v1.41.5", "UID": "1aafa065f3fb62f2" }, "Version": "v1.41.5", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/config@v1.32.13", "Name": "github.com/aws/aws-sdk-go-v2/config", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/config@v1.32.13", "UID": "b0cc33e54176c2fb" }, "Version": "v1.32.13", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/credentials@v1.19.13", "Name": "github.com/aws/aws-sdk-go-v2/credentials", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/credentials@v1.19.13", "UID": "8092bda4076cf73f" }, "Version": "v1.19.13", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/feature/ec2/imds@v1.18.21", "Name": "github.com/aws/aws-sdk-go-v2/feature/ec2/imds", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/feature/ec2/imds@v1.18.21", "UID": "cb15060419c53456" }, "Version": "v1.18.21", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/internal/configsources@v1.4.21", "Name": "github.com/aws/aws-sdk-go-v2/internal/configsources", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/internal/configsources@v1.4.21", "UID": "f9532a94ef2b75f2" }, "Version": "v1.4.21", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.7.21", "Name": "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.7.21", "UID": "673a0d1a3fd306e6" }, "Version": "v2.7.21", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/internal/ini@v1.8.6", "Name": "github.com/aws/aws-sdk-go-v2/internal/ini", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/internal/ini@v1.8.6", "UID": "30c10dc4272364e2" }, "Version": "v1.8.6", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding@v1.13.7", "Name": "github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding@v1.13.7", "UID": "e821e4ae4316be26" }, "Version": "v1.13.7", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.13.21", "Name": "github.com/aws/aws-sdk-go-v2/service/internal/presigned-url", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.13.21", "UID": "f2c138b01a07cf78" }, "Version": "v1.13.21", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/service/signin@v1.0.9", "Name": "github.com/aws/aws-sdk-go-v2/service/signin", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/signin@v1.0.9", "UID": "eb6fc7ff05c8c0c0" }, "Version": "v1.0.9", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/service/sns@v1.39.15", "Name": "github.com/aws/aws-sdk-go-v2/service/sns", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/sns@v1.39.15", "UID": "64b8f4cd89ccbedc" }, "Version": "v1.39.15", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/service/sso@v1.30.14", "Name": "github.com/aws/aws-sdk-go-v2/service/sso", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/sso@v1.30.14", "UID": "38ff791bce5e39ec" }, "Version": "v1.30.14", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.35.18", "Name": "github.com/aws/aws-sdk-go-v2/service/ssooidc", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.35.18", "UID": "79ab1bd77c72fc35" }, "Version": "v1.35.18", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/service/sts@v1.41.10", "Name": "github.com/aws/aws-sdk-go-v2/service/sts", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/sts@v1.41.10", "UID": "202bb22757b92af3" }, "Version": "v1.41.10", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/smithy-go@v1.24.2", "Name": "github.com/aws/smithy-go", "Identifier": { "PURL": "pkg:golang/github.com/aws/smithy-go@v1.24.2", "UID": "b4e6bfce8371c308" }, "Version": "v1.24.2", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/beorn7/perks@v1.0.1", "Name": "github.com/beorn7/perks", "Identifier": { "PURL": "pkg:golang/github.com/beorn7/perks@v1.0.1", "UID": "db3712bc97b16325" }, "Version": "v1.0.1", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cenkalti/backoff/v4@v4.3.0", "Name": "github.com/cenkalti/backoff/v4", "Identifier": { "PURL": "pkg:golang/github.com/cenkalti/backoff/v4@v4.3.0", "UID": "8ee0f544a80be3fc" }, "Version": "v4.3.0", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cenkalti/backoff/v5@v5.0.3", "Name": "github.com/cenkalti/backoff/v5", "Identifier": { "PURL": "pkg:golang/github.com/cenkalti/backoff/v5@v5.0.3", "UID": "dc7bd0f2889b5b76" }, "Version": "v5.0.3", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cespare/xxhash/v2@v2.3.0", "Name": "github.com/cespare/xxhash/v2", "Identifier": { "PURL": "pkg:golang/github.com/cespare/xxhash/v2@v2.3.0", "UID": "6f350e1a30d94d30" }, "Version": "v2.3.0", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/coder/quartz@v0.3.0", "Name": "github.com/coder/quartz", "Identifier": { "PURL": "pkg:golang/github.com/coder/quartz@v0.3.0", "UID": "4ec4114afc0e9445" }, "Version": "v0.3.0", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/coreos/go-systemd/v22@v22.6.0", "Name": "github.com/coreos/go-systemd/v22", "Identifier": { "PURL": "pkg:golang/github.com/coreos/go-systemd/v22@v22.6.0", "UID": "cfddca39fd8e9fd6" }, "Version": "v22.6.0", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/docker/go-units@v0.5.0", "Name": "github.com/docker/go-units", "Identifier": { "PURL": "pkg:golang/github.com/docker/go-units@v0.5.0", "UID": "1327e6483c8a4ff6" }, "Version": "v0.5.0", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/felixge/httpsnoop@v1.0.4", "Name": "github.com/felixge/httpsnoop", "Identifier": { "PURL": "pkg:golang/github.com/felixge/httpsnoop@v1.0.4", "UID": "31e05c000fd9b0e2" }, "Version": "v1.0.4", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-logr/logr@v1.4.3", "Name": "github.com/go-logr/logr", "Identifier": { "PURL": "pkg:golang/github.com/go-logr/logr@v1.4.3", "UID": "6d53dc6d13f796be" }, "Version": "v1.4.3", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-logr/stdr@v1.2.2", "Name": "github.com/go-logr/stdr", "Identifier": { "PURL": "pkg:golang/github.com/go-logr/stdr@v1.2.2", "UID": "d0114b44ce3afe7d" }, "Version": "v1.2.2", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/analysis@v0.25.0", "Name": "github.com/go-openapi/analysis", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/analysis@v0.25.0", "UID": "af90c7e0e6603226" }, "Version": "v0.25.0", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/errors@v0.22.7", "Name": "github.com/go-openapi/errors", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/errors@v0.22.7", "UID": "d6364c91f2f616ce" }, "Version": "v0.22.7", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/jsonpointer@v0.22.5", "Name": "github.com/go-openapi/jsonpointer", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/jsonpointer@v0.22.5", "UID": "8c196040591931e1" }, "Version": "v0.22.5", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/jsonreference@v0.21.5", "Name": "github.com/go-openapi/jsonreference", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/jsonreference@v0.21.5", "UID": "fbd5f1c768223118" }, "Version": "v0.21.5", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/loads@v0.23.3", "Name": "github.com/go-openapi/loads", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/loads@v0.23.3", "UID": "238eaeab7e95bc09" }, "Version": "v0.23.3", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/runtime@v0.29.3", "Name": "github.com/go-openapi/runtime", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/runtime@v0.29.3", "UID": "13a68f0daf3b64ea" }, "Version": "v0.29.3", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/spec@v0.22.4", "Name": "github.com/go-openapi/spec", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/spec@v0.22.4", "UID": "7237e7de94211d5f" }, "Version": "v0.22.4", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/strfmt@v0.26.1", "Name": "github.com/go-openapi/strfmt", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/strfmt@v0.26.1", "UID": "c11b55c584b25efa" }, "Version": "v0.26.1", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag@v0.25.5", "Name": "github.com/go-openapi/swag", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag@v0.25.5", "UID": "15b2ee6d51d31d25" }, "Version": "v0.25.5", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/cmdutils@v0.25.5", "Name": "github.com/go-openapi/swag/cmdutils", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/cmdutils@v0.25.5", "UID": "9b527751ca4df554" }, "Version": "v0.25.5", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/conv@v0.25.5", "Name": "github.com/go-openapi/swag/conv", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/conv@v0.25.5", "UID": "93a5eed0af039a1" }, "Version": "v0.25.5", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/fileutils@v0.25.5", "Name": "github.com/go-openapi/swag/fileutils", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/fileutils@v0.25.5", "UID": "bb1ee779f9877f60" }, "Version": "v0.25.5", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/jsonname@v0.25.5", "Name": "github.com/go-openapi/swag/jsonname", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/jsonname@v0.25.5", "UID": "c7d151212b1ca0be" }, "Version": "v0.25.5", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/jsonutils@v0.25.5", "Name": "github.com/go-openapi/swag/jsonutils", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/jsonutils@v0.25.5", "UID": "3183eeeece4c8c49" }, "Version": "v0.25.5", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/loading@v0.25.5", "Name": "github.com/go-openapi/swag/loading", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/loading@v0.25.5", "UID": "b446a7e35ecb1666" }, "Version": "v0.25.5", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/mangling@v0.25.5", "Name": "github.com/go-openapi/swag/mangling", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/mangling@v0.25.5", "UID": "c75c90162cb7be75" }, "Version": "v0.25.5", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/netutils@v0.25.5", "Name": "github.com/go-openapi/swag/netutils", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/netutils@v0.25.5", "UID": "7dd76e1c765a429" }, "Version": "v0.25.5", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/stringutils@v0.25.5", "Name": "github.com/go-openapi/swag/stringutils", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/stringutils@v0.25.5", "UID": "c1913bf19f1b4c7b" }, "Version": "v0.25.5", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/typeutils@v0.25.5", "Name": "github.com/go-openapi/swag/typeutils", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/typeutils@v0.25.5", "UID": "622d0133aaff108a" }, "Version": "v0.25.5", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/yamlutils@v0.25.5", "Name": "github.com/go-openapi/swag/yamlutils", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/yamlutils@v0.25.5", "UID": "f3e79824ea15df2f" }, "Version": "v0.25.5", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/validate@v0.25.2", "Name": "github.com/go-openapi/validate", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/validate@v0.25.2", "UID": "cbad22c1fea806c6" }, "Version": "v0.25.2", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-viper/mapstructure/v2@v2.5.0", "Name": "github.com/go-viper/mapstructure/v2", "Identifier": { "PURL": "pkg:golang/github.com/go-viper/mapstructure/v2@v2.5.0", "UID": "745f435369951ba0" }, "Version": "v2.5.0", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/golang-jwt/jwt/v5@v5.3.0", "Name": "github.com/golang-jwt/jwt/v5", "Identifier": { "PURL": "pkg:golang/github.com/golang-jwt/jwt/v5@v5.3.0", "UID": "12e62f1a5fd8bafa" }, "Version": "v5.3.0", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/btree@v1.1.3", "Name": "github.com/google/btree", "Identifier": { "PURL": "pkg:golang/github.com/google/btree@v1.1.3", "UID": "7857179b09ffd7f1" }, "Version": "v1.1.3", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/uuid@v1.6.0", "Name": "github.com/google/uuid", "Identifier": { "PURL": "pkg:golang/github.com/google/uuid@v1.6.0", "UID": "cb5384fa14604d67" }, "Version": "v1.6.0", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/grpc-ecosystem/grpc-gateway/v2@v2.28.0", "Name": "github.com/grpc-ecosystem/grpc-gateway/v2", "Identifier": { "PURL": "pkg:golang/github.com/grpc-ecosystem/grpc-gateway/v2@v2.28.0", "UID": "3c8c497a2a12f00b" }, "Version": "v2.28.0", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/errwrap@v1.1.0", "Name": "github.com/hashicorp/errwrap", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/errwrap@v1.1.0", "UID": "e2608131d0608f47" }, "Version": "v1.1.0", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/go-immutable-radix@v1.3.1", "Name": "github.com/hashicorp/go-immutable-radix", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/go-immutable-radix@v1.3.1", "UID": "c905e5bd1b1dd4b5" }, "Version": "v1.3.1", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/go-metrics@v0.5.4", "Name": "github.com/hashicorp/go-metrics", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/go-metrics@v0.5.4", "UID": "8184fa0fac393a8d" }, "Version": "v0.5.4", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/go-msgpack/v2@v2.1.5", "Name": "github.com/hashicorp/go-msgpack/v2", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/go-msgpack/v2@v2.1.5", "UID": "e6225c1fd1a25109" }, "Version": "v2.1.5", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/go-multierror@v1.1.1", "Name": "github.com/hashicorp/go-multierror", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/go-multierror@v1.1.1", "UID": "1469fdcb7d464ed" }, "Version": "v1.1.1", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/go-sockaddr@v1.0.7", "Name": "github.com/hashicorp/go-sockaddr", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/go-sockaddr@v1.0.7", "UID": "e616fe7744585532" }, "Version": "v1.0.7", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/golang-lru@v0.5.4", "Name": "github.com/hashicorp/golang-lru", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/golang-lru@v0.5.4", "UID": "ef9e5e7849c20252" }, "Version": "v0.5.4", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/golang-lru/v2@v2.0.7", "Name": "github.com/hashicorp/golang-lru/v2", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/golang-lru/v2@v2.0.7", "UID": "ceba19a6daa95e3c" }, "Version": "v2.0.7", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/memberlist@v0.5.4", "Name": "github.com/hashicorp/memberlist", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/memberlist@v0.5.4", "UID": "e96ed9035eb64a61" }, "Version": "v0.5.4", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/jessevdk/go-flags@v1.6.1", "Name": "github.com/jessevdk/go-flags", "Identifier": { "PURL": "pkg:golang/github.com/jessevdk/go-flags@v1.6.1", "UID": "4815e363c4f5b51a" }, "Version": "v1.6.1", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/jpillora/backoff@v1.0.0", "Name": "github.com/jpillora/backoff", "Identifier": { "PURL": "pkg:golang/github.com/jpillora/backoff@v1.0.0", "UID": "c228aa4013e13e53" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/julienschmidt/httprouter@v1.3.0", "Name": "github.com/julienschmidt/httprouter", "Identifier": { "PURL": "pkg:golang/github.com/julienschmidt/httprouter@v1.3.0", "UID": "5617aff11007d6da" }, "Version": "v1.3.0", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mdlayher/socket@v0.4.1", "Name": "github.com/mdlayher/socket", "Identifier": { "PURL": "pkg:golang/github.com/mdlayher/socket@v0.4.1", "UID": "4faf1630cd7c291" }, "Version": "v0.4.1", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mdlayher/vsock@v1.2.1", "Name": "github.com/mdlayher/vsock", "Identifier": { "PURL": "pkg:golang/github.com/mdlayher/vsock@v1.2.1", "UID": "166f21963b9a1ae" }, "Version": "v1.2.1", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/miekg/dns@v1.1.68", "Name": "github.com/miekg/dns", "Identifier": { "PURL": "pkg:golang/github.com/miekg/dns@v1.1.68", "UID": "5d1cb982e032b176" }, "Version": "v1.1.68", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", "Name": "github.com/munnerz/goautoneg", "Identifier": { "PURL": "pkg:golang/github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", "UID": "4638ea033e85d125" }, "Version": "v0.0.0-20191010083416-a7dc8b61c822", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mwitkow/go-conntrack@v0.0.0-20190716064945-2f068394615f", "Name": "github.com/mwitkow/go-conntrack", "Identifier": { "PURL": "pkg:golang/github.com/mwitkow/go-conntrack@v0.0.0-20190716064945-2f068394615f", "UID": "5a27f4c3423ffeac" }, "Version": "v0.0.0-20190716064945-2f068394615f", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/oklog/run@v1.2.0", "Name": "github.com/oklog/run", "Identifier": { "PURL": "pkg:golang/github.com/oklog/run@v1.2.0", "UID": "147a5d0d1fabc425" }, "Version": "v1.2.0", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/oklog/ulid/v2@v2.1.1", "Name": "github.com/oklog/ulid/v2", "Identifier": { "PURL": "pkg:golang/github.com/oklog/ulid/v2@v2.1.1", "UID": "4ee17cf6f21d9757" }, "Version": "v2.1.1", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/pbnjay/memory@v0.0.0-20210728143218-7b4eea64cf58", "Name": "github.com/pbnjay/memory", "Identifier": { "PURL": "pkg:golang/github.com/pbnjay/memory@v0.0.0-20210728143218-7b4eea64cf58", "UID": "d4abb5b14db474bc" }, "Version": "v0.0.0-20210728143218-7b4eea64cf58", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/client_golang@v1.23.2", "Name": "github.com/prometheus/client_golang", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/client_golang@v1.23.2", "UID": "3946ae35ddff6154" }, "Version": "v1.23.2", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/client_model@v0.6.2", "Name": "github.com/prometheus/client_model", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/client_model@v0.6.2", "UID": "90048976e29ebdbd" }, "Version": "v0.6.2", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/common@v0.67.5", "Name": "github.com/prometheus/common", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/common@v0.67.5", "UID": "ab1ee0620b7e8a98" }, "Version": "v0.67.5", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/exporter-toolkit@v0.15.1", "Name": "github.com/prometheus/exporter-toolkit", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/exporter-toolkit@v0.15.1", "UID": "bb0a2c3256f77ac5" }, "Version": "v0.15.1", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/procfs@v0.16.1", "Name": "github.com/prometheus/procfs", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/procfs@v0.16.1", "UID": "26ffb44cd2d7605a" }, "Version": "v0.16.1", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/sigv4@v0.4.1", "Name": "github.com/prometheus/sigv4", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/sigv4@v0.4.1", "UID": "61f47701cb402304" }, "Version": "v0.4.1", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/rs/cors@v1.11.1", "Name": "github.com/rs/cors", "Identifier": { "PURL": "pkg:golang/github.com/rs/cors@v1.11.1", "UID": "2752321501590c7f" }, "Version": "v1.11.1", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/sean-/seed@v0.0.0-20170313163322-e2103e2c3529", "Name": "github.com/sean-/seed", "Identifier": { "PURL": "pkg:golang/github.com/sean-/seed@v0.0.0-20170313163322-e2103e2c3529", "UID": "8cfbf59613910888" }, "Version": "v0.0.0-20170313163322-e2103e2c3529", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/xhit/go-str2duration/v2@v2.1.0", "Name": "github.com/xhit/go-str2duration/v2", "Identifier": { "PURL": "pkg:golang/github.com/xhit/go-str2duration/v2@v2.1.0", "UID": "daa991f2b6e7f4b" }, "Version": "v2.1.0", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/auto/sdk@v1.2.1", "Name": "go.opentelemetry.io/auto/sdk", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/auto/sdk@v1.2.1", "UID": "1beae5d3a921b8d9" }, "Version": "v1.2.1", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace@v0.66.0", "Name": "go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace@v0.66.0", "UID": "7149da4782ba3e8a" }, "Version": "v0.66.0", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.66.0", "Name": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.66.0", "UID": "970382b75466d4a7" }, "Version": "v0.66.0", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/otel@v1.41.0", "Name": "go.opentelemetry.io/otel", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel@v1.41.0", "UID": "11dcff7c2d8dba3e" }, "Version": "v1.41.0", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/otel/exporters/otlp/otlptrace@v1.41.0", "Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlptrace@v1.41.0", "UID": "e54b89cdeb90dff9" }, "Version": "v1.41.0", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@v1.41.0", "Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@v1.41.0", "UID": "ef9c2806b4c4aa77" }, "Version": "v1.41.0", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp@v1.41.0", "Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp@v1.41.0", "UID": "f35167e128608853" }, "Version": "v1.41.0", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/otel/metric@v1.41.0", "Name": "go.opentelemetry.io/otel/metric", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel/metric@v1.41.0", "UID": "dec2f3636adca90f" }, "Version": "v1.41.0", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/otel/sdk@v1.41.0", "Name": "go.opentelemetry.io/otel/sdk", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel/sdk@v1.41.0", "UID": "f66cf0db8664f28f" }, "Version": "v1.41.0", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/otel/trace@v1.41.0", "Name": "go.opentelemetry.io/otel/trace", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel/trace@v1.41.0", "UID": "c988aabf4950b0c8" }, "Version": "v1.41.0", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/proto/otlp@v1.9.0", "Name": "go.opentelemetry.io/proto/otlp", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/proto/otlp@v1.9.0", "UID": "23f550d877688245" }, "Version": "v1.9.0", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "go.yaml.in/yaml/v2@v2.4.3", "Name": "go.yaml.in/yaml/v2", "Identifier": { "PURL": "pkg:golang/go.yaml.in/yaml/v2@v2.4.3", "UID": "f0f1b4b6a765437" }, "Version": "v2.4.3", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "go.yaml.in/yaml/v3@v3.0.4", "Name": "go.yaml.in/yaml/v3", "Identifier": { "PURL": "pkg:golang/go.yaml.in/yaml/v3@v3.0.4", "UID": "24f094373e766e14" }, "Version": "v3.0.4", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/crypto@v0.49.0", "Name": "golang.org/x/crypto", "Identifier": { "PURL": "pkg:golang/golang.org/x/crypto@v0.49.0", "UID": "78807ace974b3f83" }, "Version": "v0.49.0", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/net@v0.52.0", "Name": "golang.org/x/net", "Identifier": { "PURL": "pkg:golang/golang.org/x/net@v0.52.0", "UID": "c43d7adcfc0739a4" }, "Version": "v0.52.0", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/oauth2@v0.35.0", "Name": "golang.org/x/oauth2", "Identifier": { "PURL": "pkg:golang/golang.org/x/oauth2@v0.35.0", "UID": "8f678b7fa2ce4887" }, "Version": "v0.35.0", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/sync@v0.20.0", "Name": "golang.org/x/sync", "Identifier": { "PURL": "pkg:golang/golang.org/x/sync@v0.20.0", "UID": "b0911dea9ce16999" }, "Version": "v0.20.0", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/sys@v0.42.0", "Name": "golang.org/x/sys", "Identifier": { "PURL": "pkg:golang/golang.org/x/sys@v0.42.0", "UID": "f786578792e83e4" }, "Version": "v0.42.0", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/text@v0.35.0", "Name": "golang.org/x/text", "Identifier": { "PURL": "pkg:golang/golang.org/x/text@v0.35.0", "UID": "1d4cdc928840a9a3" }, "Version": "v0.35.0", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/time@v0.14.0", "Name": "golang.org/x/time", "Identifier": { "PURL": "pkg:golang/golang.org/x/time@v0.14.0", "UID": "f9a4e21d7d45ceb8" }, "Version": "v0.14.0", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/genproto/googleapis/api@v0.0.0-20260209200024-4cfbd4190f57", "Name": "google.golang.org/genproto/googleapis/api", "Identifier": { "PURL": "pkg:golang/google.golang.org/genproto/googleapis/api@v0.0.0-20260209200024-4cfbd4190f57", "UID": "95857cb926b15c6e" }, "Version": "v0.0.0-20260209200024-4cfbd4190f57", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/genproto/googleapis/rpc@v0.0.0-20260209200024-4cfbd4190f57", "Name": "google.golang.org/genproto/googleapis/rpc", "Identifier": { "PURL": "pkg:golang/google.golang.org/genproto/googleapis/rpc@v0.0.0-20260209200024-4cfbd4190f57", "UID": "bb97c362e3ef1c01" }, "Version": "v0.0.0-20260209200024-4cfbd4190f57", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/grpc@v1.80.0", "Name": "google.golang.org/grpc", "Identifier": { "PURL": "pkg:golang/google.golang.org/grpc@v1.80.0", "UID": "e87c510e29bcb598" }, "Version": "v1.80.0", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/protobuf@v1.36.11", "Name": "google.golang.org/protobuf", "Identifier": { "PURL": "pkg:golang/google.golang.org/protobuf@v1.36.11", "UID": "6a1b141341a4567d" }, "Version": "v1.36.11", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/telebot.v3@v3.3.8", "Name": "gopkg.in/telebot.v3", "Identifier": { "PURL": "pkg:golang/gopkg.in/telebot.v3@v3.3.8", "UID": "f1eb026f6e2e23cd" }, "Version": "v3.3.8", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/yaml.v2@v2.4.0", "Name": "gopkg.in/yaml.v2", "Identifier": { "PURL": "pkg:golang/gopkg.in/yaml.v2@v2.4.0", "UID": "8cb3c522fd2a6bcd" }, "Version": "v2.4.0", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "AnalyzedBy": "gobinary" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2026-39882", "VendorIDs": [ "GHSA-w8rr-5gcm-pp58" ], "PkgID": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp@v1.41.0", "PkgName": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp", "PkgIdentifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp@v1.41.0", "UID": "f35167e128608853" }, "InstalledVersion": "v1.41.0", "FixedVersion": "1.43.0", "Status": "fixed", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39882", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:e69a087a9b2abf10d04e245b011eca7966ed0a9450da73e55202f307932cb4d5", "Title": "OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1 ...", "Description": "OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1.43.0, the otlp HTTP exporters (traces/metrics/logs) read the full HTTP response body into an in-memory bytes.Buffer without a size cap. This is exploitable for memory exhaustion when the configured collector endpoint is attacker-controlled (or a network attacker can mitm the exporter connection). This vulnerability is fixed in 1.43.0.", "Severity": "MEDIUM", "CweIDs": [ "CWE-789" ], "VendorSeverity": { "amazon": 2, "azure": 2, "ghsa": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.3 } }, "References": [ "http://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.43.0", "https://github.com/open-telemetry/opentelemetry-go", "https://github.com/open-telemetry/opentelemetry-go/pull/8108", "https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-w8rr-5gcm-pp58", "https://nvd.nist.gov/vuln/detail/CVE-2026-39882" ], "PublishedDate": "2026-04-08T21:17:00.547Z", "LastModifiedDate": "2026-04-09T18:39:55.73Z" }, { "VulnerabilityID": "CVE-2026-39883", "VendorIDs": [ "GHSA-hfvc-g4fc-pqhx" ], "PkgID": "go.opentelemetry.io/otel/sdk@v1.41.0", "PkgName": "go.opentelemetry.io/otel/sdk", "PkgIdentifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel/sdk@v1.41.0", "UID": "f66cf0db8664f28f" }, "InstalledVersion": "v1.41.0", "FixedVersion": "1.43.0", "Status": "fixed", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39883", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:3c1e34e6bfc9a1990603051414ae4e71fc17f9c41ba87f548f7a85fd22e6d382", "Title": "opentelemetry-go: BSD kenv command not using absolute path enables PATH hijacking", "Description": "OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This vulnerability is fixed in 1.43.0.", "Severity": "HIGH", "CweIDs": [ "CWE-426" ], "VendorSeverity": { "ghsa": 3, "nvd": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "V40Score": 7.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "http://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.43.0", "https://github.com/open-telemetry/opentelemetry-go", "https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-hfvc-g4fc-pqhx", "https://nvd.nist.gov/vuln/detail/CVE-2026-39883" ], "PublishedDate": "2026-04-08T21:17:00.697Z", "LastModifiedDate": "2026-04-10T21:16:27.12Z" }, { "VulnerabilityID": "CVE-2026-33811", "VendorIDs": [ "GO-2026-4981" ], "PkgID": "stdlib@v1.26.2", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.26.2", "UID": "28f63090157d12cc" }, "InstalledVersion": "v1.26.2", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:08923d645f814f203032a42e955b2636295f1b08f8ea0d8f81272b1d68a3fea1", "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", "Severity": "HIGH", "CweIDs": [ "CWE-415" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/767860", "https://go.dev/issue/78803", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", "https://pkg.go.dev/vuln/GO-2026-4981" ], "PublishedDate": "2026-05-07T20:16:42.77Z", "LastModifiedDate": "2026-05-12T20:23:02.333Z" }, { "VulnerabilityID": "CVE-2026-33814", "VendorIDs": [ "GO-2026-4918" ], "PkgID": "stdlib@v1.26.2", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.26.2", "UID": "28f63090157d12cc" }, "InstalledVersion": "v1.26.2", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:1f96688b93a6ffa3667ed3d976ace9af4ee7760a01ff20d07c11aa4c79cc7bd8", "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", "Severity": "HIGH", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/761581", "https://go.dev/cl/761640", "https://go.dev/issue/78476", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", "https://pkg.go.dev/vuln/GO-2026-4918" ], "PublishedDate": "2026-05-07T20:16:42.88Z", "LastModifiedDate": "2026-05-13T14:41:59.52Z" }, { "VulnerabilityID": "CVE-2026-39820", "VendorIDs": [ "GO-2026-4986" ], "PkgID": "stdlib@v1.26.2", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.26.2", "UID": "28f63090157d12cc" }, "InstalledVersion": "v1.26.2", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:7dd1042c8798d7991507dbc793467df95f060efd4be2a35cf509506043ac2cc1", "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/759940", "https://go.dev/issue/78566", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", "https://pkg.go.dev/vuln/GO-2026-4986" ], "PublishedDate": "2026-05-07T20:16:43.187Z", "LastModifiedDate": "2026-05-13T15:10:58.65Z" }, { "VulnerabilityID": "CVE-2026-39836", "VendorIDs": [ "GO-2026-4971" ], "PkgID": "stdlib@v1.26.2", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.26.2", "UID": "28f63090157d12cc" }, "InstalledVersion": "v1.26.2", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:03b0af0c2d16afc7ab0f416362882be793d1f18e52a095cab9fe60cd4a53f29d", "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/775320", "https://go.dev/issue/79006", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", "https://pkg.go.dev/vuln/GO-2026-4971" ], "PublishedDate": "2026-05-07T20:16:43.593Z", "LastModifiedDate": "2026-05-13T15:11:10.31Z" }, { "VulnerabilityID": "CVE-2026-42499", "VendorIDs": [ "GO-2026-4977" ], "PkgID": "stdlib@v1.26.2", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.26.2", "UID": "28f63090157d12cc" }, "InstalledVersion": "v1.26.2", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:aef07408b4a54dd1ae64bb42e433da0c7482bfc6e7281bdeb97bd7dafc09aeab", "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", "Severity": "HIGH", "VendorSeverity": { "bitnami": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/771520", "https://go.dev/issue/78987", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", "https://pkg.go.dev/vuln/GO-2026-4977" ], "PublishedDate": "2026-05-07T20:16:44.54Z", "LastModifiedDate": "2026-05-13T16:59:17.563Z" }, { "VulnerabilityID": "CVE-2026-39823", "VendorIDs": [ "GO-2026-4982" ], "PkgID": "stdlib@v1.26.2", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.26.2", "UID": "28f63090157d12cc" }, "InstalledVersion": "v1.26.2", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:2d9b5fe277df7e5ba3df796d87e20434caff4e72f507f10eb959b2498591c8d9", "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/769920", "https://go.dev/issue/78913", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", "https://pkg.go.dev/vuln/GO-2026-4982" ], "PublishedDate": "2026-05-07T20:16:43.29Z", "LastModifiedDate": "2026-05-13T16:58:45.697Z" }, { "VulnerabilityID": "CVE-2026-39825", "VendorIDs": [ "GO-2026-4976" ], "PkgID": "stdlib@v1.26.2", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.26.2", "UID": "28f63090157d12cc" }, "InstalledVersion": "v1.26.2", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3eb73d66cd13b11453111f16052c54a00d0a54f2e220c022e6b21becce0cde5a", "Title": "ReverseProxy can forward queries containing parameters not visible to ...", "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", "Severity": "MEDIUM", "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://go.dev/cl/770541", "https://go.dev/issue/78948", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", "https://pkg.go.dev/vuln/GO-2026-4976" ], "PublishedDate": "2026-05-07T20:16:43.39Z", "LastModifiedDate": "2026-05-13T16:58:56.39Z" }, { "VulnerabilityID": "CVE-2026-39826", "VendorIDs": [ "GO-2026-4980" ], "PkgID": "stdlib@v1.26.2", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.26.2", "UID": "28f63090157d12cc" }, "InstalledVersion": "v1.26.2", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:b7cc0114bcf92abdec6f97001f80d2fb9448a868cc93f97ce05dbef8ec5e9d50", "DiffID": "sha256:1a53fb992ed1505d0a067b4a1c7cc82e039044a8b4c5ccfb3274911c61010fa9" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:7f38f6e462eaa154bc99c49464ae5ed096051f3253926569b9fba8b18f0439c7", "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", "Severity": "MEDIUM", "CweIDs": [ "CWE-116" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/771180", "https://go.dev/issue/78981", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", "https://pkg.go.dev/vuln/GO-2026-4980" ], "PublishedDate": "2026-05-07T20:16:43.49Z", "LastModifiedDate": "2026-05-13T16:59:07.48Z" } ] }, { "Target": "bin/amtool", "Class": "lang-pkgs", "Type": "gobinary", "Packages": [ { "ID": "github.com/prometheus/alertmanager@v0.32.1", "Name": "github.com/prometheus/alertmanager", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/alertmanager@v0.32.1", "UID": "84a87fb6940f1b15" }, "Version": "v0.32.1", "Relationship": "root", "DependsOn": [ "github.com/alecthomas/kingpin/v2@v2.4.0", "github.com/alecthomas/units@v0.0.0-20240927000941-0f3dac36c52b", "github.com/armon/go-metrics@v0.4.1", "github.com/aws/aws-sdk-go-v2/config@v1.32.13", "github.com/aws/aws-sdk-go-v2/credentials@v1.19.13", "github.com/aws/aws-sdk-go-v2/feature/ec2/imds@v1.18.21", "github.com/aws/aws-sdk-go-v2/internal/configsources@v1.4.21", "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.7.21", "github.com/aws/aws-sdk-go-v2/internal/ini@v1.8.6", "github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding@v1.13.7", "github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.13.21", "github.com/aws/aws-sdk-go-v2/service/signin@v1.0.9", "github.com/aws/aws-sdk-go-v2/service/sso@v1.30.14", "github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.35.18", "github.com/aws/aws-sdk-go-v2/service/sts@v1.41.10", "github.com/aws/aws-sdk-go-v2@v1.41.5", "github.com/aws/smithy-go@v1.24.2", "github.com/beorn7/perks@v1.0.1", "github.com/cenkalti/backoff/v4@v4.3.0", "github.com/cenkalti/backoff/v5@v5.0.3", "github.com/cespare/xxhash/v2@v2.3.0", "github.com/coder/quartz@v0.3.0", "github.com/coreos/go-systemd/v22@v22.6.0", "github.com/felixge/httpsnoop@v1.0.4", "github.com/go-logr/logr@v1.4.3", "github.com/go-logr/stdr@v1.2.2", "github.com/go-openapi/analysis@v0.25.0", "github.com/go-openapi/errors@v0.22.7", "github.com/go-openapi/jsonpointer@v0.22.5", "github.com/go-openapi/jsonreference@v0.21.5", "github.com/go-openapi/loads@v0.23.3", "github.com/go-openapi/runtime@v0.29.3", "github.com/go-openapi/spec@v0.22.4", "github.com/go-openapi/strfmt@v0.26.1", "github.com/go-openapi/swag/cmdutils@v0.25.5", "github.com/go-openapi/swag/conv@v0.25.5", "github.com/go-openapi/swag/fileutils@v0.25.5", "github.com/go-openapi/swag/jsonname@v0.25.5", "github.com/go-openapi/swag/jsonutils@v0.25.5", "github.com/go-openapi/swag/loading@v0.25.5", "github.com/go-openapi/swag/mangling@v0.25.5", "github.com/go-openapi/swag/netutils@v0.25.5", "github.com/go-openapi/swag/stringutils@v0.25.5", "github.com/go-openapi/swag/typeutils@v0.25.5", "github.com/go-openapi/swag/yamlutils@v0.25.5", "github.com/go-openapi/swag@v0.25.5", "github.com/go-openapi/validate@v0.25.2", "github.com/go-viper/mapstructure/v2@v2.5.0", "github.com/golang-jwt/jwt/v5@v5.3.0", "github.com/google/btree@v1.1.3", "github.com/google/uuid@v1.6.0", "github.com/grpc-ecosystem/grpc-gateway/v2@v2.28.0", "github.com/hashicorp/errwrap@v1.1.0", "github.com/hashicorp/go-immutable-radix@v1.3.1", "github.com/hashicorp/go-metrics@v0.5.4", "github.com/hashicorp/go-msgpack/v2@v2.1.5", "github.com/hashicorp/go-multierror@v1.1.1", "github.com/hashicorp/go-sockaddr@v1.0.7", "github.com/hashicorp/golang-lru/v2@v2.0.7", "github.com/hashicorp/golang-lru@v0.5.4", "github.com/hashicorp/memberlist@v0.5.4", "github.com/jpillora/backoff@v1.0.0", "github.com/mdlayher/socket@v0.4.1", "github.com/mdlayher/vsock@v1.2.1", "github.com/miekg/dns@v1.1.68", "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", "github.com/mwitkow/go-conntrack@v0.0.0-20190716064945-2f068394615f", "github.com/oklog/run@v1.2.0", "github.com/oklog/ulid/v2@v2.1.1", "github.com/prometheus/client_golang@v1.23.2", "github.com/prometheus/client_model@v0.6.2", "github.com/prometheus/common@v0.67.5", "github.com/prometheus/exporter-toolkit@v0.15.1", "github.com/prometheus/procfs@v0.16.1", "github.com/prometheus/sigv4@v0.4.1", "github.com/sean-/seed@v0.0.0-20170313163322-e2103e2c3529", "github.com/xhit/go-str2duration/v2@v2.1.0", "github.com/xlab/treeprint@v1.2.0", "go.opentelemetry.io/auto/sdk@v1.2.1", "go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace@v0.66.0", "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.66.0", "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@v1.41.0", "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp@v1.41.0", "go.opentelemetry.io/otel/exporters/otlp/otlptrace@v1.41.0", "go.opentelemetry.io/otel/metric@v1.41.0", "go.opentelemetry.io/otel/sdk@v1.41.0", "go.opentelemetry.io/otel/trace@v1.41.0", "go.opentelemetry.io/otel@v1.41.0", "go.opentelemetry.io/proto/otlp@v1.9.0", "go.yaml.in/yaml/v2@v2.4.3", "go.yaml.in/yaml/v3@v3.0.4", "golang.org/x/crypto@v0.49.0", "golang.org/x/mod@v0.34.0", "golang.org/x/net@v0.52.0", "golang.org/x/oauth2@v0.35.0", "golang.org/x/sync@v0.20.0", "golang.org/x/sys@v0.42.0", "golang.org/x/text@v0.35.0", "golang.org/x/time@v0.14.0", "google.golang.org/genproto/googleapis/api@v0.0.0-20260209200024-4cfbd4190f57", "google.golang.org/genproto/googleapis/rpc@v0.0.0-20260209200024-4cfbd4190f57", "google.golang.org/grpc@v1.80.0", "google.golang.org/protobuf@v1.36.11", "gopkg.in/yaml.v2@v2.4.0", "stdlib@v1.26.2" ], "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "stdlib@v1.26.2", "Name": "stdlib", "Identifier": { "PURL": "pkg:golang/stdlib@v1.26.2", "UID": "72ad0bffed5617e7" }, "Version": "v1.26.2", "Relationship": "direct", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/alecthomas/kingpin/v2@v2.4.0", "Name": "github.com/alecthomas/kingpin/v2", "Identifier": { "PURL": "pkg:golang/github.com/alecthomas/kingpin/v2@v2.4.0", "UID": "120ed40602820dce" }, "Version": "v2.4.0", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/alecthomas/units@v0.0.0-20240927000941-0f3dac36c52b", "Name": "github.com/alecthomas/units", "Identifier": { "PURL": "pkg:golang/github.com/alecthomas/units@v0.0.0-20240927000941-0f3dac36c52b", "UID": "2d8ddd0221b28f2e" }, "Version": "v0.0.0-20240927000941-0f3dac36c52b", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/armon/go-metrics@v0.4.1", "Name": "github.com/armon/go-metrics", "Identifier": { "PURL": "pkg:golang/github.com/armon/go-metrics@v0.4.1", "UID": "7ebeaf02a52d52d" }, "Version": "v0.4.1", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2@v1.41.5", "Name": "github.com/aws/aws-sdk-go-v2", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2@v1.41.5", "UID": "7101322ce4bd4ee9" }, "Version": "v1.41.5", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/config@v1.32.13", "Name": "github.com/aws/aws-sdk-go-v2/config", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/config@v1.32.13", "UID": "9fcdd25bbbd42a54" }, "Version": "v1.32.13", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/credentials@v1.19.13", "Name": "github.com/aws/aws-sdk-go-v2/credentials", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/credentials@v1.19.13", "UID": "364d324e03471fbc" }, "Version": "v1.19.13", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/feature/ec2/imds@v1.18.21", "Name": "github.com/aws/aws-sdk-go-v2/feature/ec2/imds", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/feature/ec2/imds@v1.18.21", "UID": "5d27a0a1500a8d45" }, "Version": "v1.18.21", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/internal/configsources@v1.4.21", "Name": "github.com/aws/aws-sdk-go-v2/internal/configsources", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/internal/configsources@v1.4.21", "UID": "839f36e6c38d7369" }, "Version": "v1.4.21", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.7.21", "Name": "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.7.21", "UID": "d1a3236cfbd6ff79" }, "Version": "v2.7.21", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/internal/ini@v1.8.6", "Name": "github.com/aws/aws-sdk-go-v2/internal/ini", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/internal/ini@v1.8.6", "UID": "91956034016dce39" }, "Version": "v1.8.6", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding@v1.13.7", "Name": "github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding@v1.13.7", "UID": "97fe572ab753f42d" }, "Version": "v1.13.7", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.13.21", "Name": "github.com/aws/aws-sdk-go-v2/service/internal/presigned-url", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.13.21", "UID": "391db372144d6bcb" }, "Version": "v1.13.21", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/service/signin@v1.0.9", "Name": "github.com/aws/aws-sdk-go-v2/service/signin", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/signin@v1.0.9", "UID": "a96db990dd2367bb" }, "Version": "v1.0.9", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/service/sso@v1.30.14", "Name": "github.com/aws/aws-sdk-go-v2/service/sso", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/sso@v1.30.14", "UID": "bd071e634c5425ef" }, "Version": "v1.30.14", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.35.18", "Name": "github.com/aws/aws-sdk-go-v2/service/ssooidc", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.35.18", "UID": "9802b347aae85556" }, "Version": "v1.35.18", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/service/sts@v1.41.10", "Name": "github.com/aws/aws-sdk-go-v2/service/sts", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/sts@v1.41.10", "UID": "91f71471c2c9c350" }, "Version": "v1.41.10", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/smithy-go@v1.24.2", "Name": "github.com/aws/smithy-go", "Identifier": { "PURL": "pkg:golang/github.com/aws/smithy-go@v1.24.2", "UID": "86ff6036d460bcf7" }, "Version": "v1.24.2", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/beorn7/perks@v1.0.1", "Name": "github.com/beorn7/perks", "Identifier": { "PURL": "pkg:golang/github.com/beorn7/perks@v1.0.1", "UID": "37b8b1ba2d6eccee" }, "Version": "v1.0.1", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cenkalti/backoff/v4@v4.3.0", "Name": "github.com/cenkalti/backoff/v4", "Identifier": { "PURL": "pkg:golang/github.com/cenkalti/backoff/v4@v4.3.0", "UID": "e2af2532b9f1037b" }, "Version": "v4.3.0", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cenkalti/backoff/v5@v5.0.3", "Name": "github.com/cenkalti/backoff/v5", "Identifier": { "PURL": "pkg:golang/github.com/cenkalti/backoff/v5@v5.0.3", "UID": "fc83a3947e256729" }, "Version": "v5.0.3", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cespare/xxhash/v2@v2.3.0", "Name": "github.com/cespare/xxhash/v2", "Identifier": { "PURL": "pkg:golang/github.com/cespare/xxhash/v2@v2.3.0", "UID": "99c7e12e12b2af47" }, "Version": "v2.3.0", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/coder/quartz@v0.3.0", "Name": "github.com/coder/quartz", "Identifier": { "PURL": "pkg:golang/github.com/coder/quartz@v0.3.0", "UID": "434f58e7d454f002" }, "Version": "v0.3.0", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/coreos/go-systemd/v22@v22.6.0", "Name": "github.com/coreos/go-systemd/v22", "Identifier": { "PURL": "pkg:golang/github.com/coreos/go-systemd/v22@v22.6.0", "UID": "3c6050d4b140cad5" }, "Version": "v22.6.0", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/felixge/httpsnoop@v1.0.4", "Name": "github.com/felixge/httpsnoop", "Identifier": { "PURL": "pkg:golang/github.com/felixge/httpsnoop@v1.0.4", "UID": "99b25398fa0029" }, "Version": "v1.0.4", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-logr/logr@v1.4.3", "Name": "github.com/go-logr/logr", "Identifier": { "PURL": "pkg:golang/github.com/go-logr/logr@v1.4.3", "UID": "b1f0cf4b9dc52145" }, "Version": "v1.4.3", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-logr/stdr@v1.2.2", "Name": "github.com/go-logr/stdr", "Identifier": { "PURL": "pkg:golang/github.com/go-logr/stdr@v1.2.2", "UID": "452552b1614ff6ae" }, "Version": "v1.2.2", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/analysis@v0.25.0", "Name": "github.com/go-openapi/analysis", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/analysis@v0.25.0", "UID": "f264eb5503550b15" }, "Version": "v0.25.0", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/errors@v0.22.7", "Name": "github.com/go-openapi/errors", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/errors@v0.22.7", "UID": "788b8a69fbec977d" }, "Version": "v0.22.7", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/jsonpointer@v0.22.5", "Name": "github.com/go-openapi/jsonpointer", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/jsonpointer@v0.22.5", "UID": "1983504464e3879a" }, "Version": "v0.22.5", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/jsonreference@v0.21.5", "Name": "github.com/go-openapi/jsonreference", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/jsonreference@v0.21.5", "UID": "bd03902028da66db" }, "Version": "v0.21.5", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/loads@v0.23.3", "Name": "github.com/go-openapi/loads", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/loads@v0.23.3", "UID": "9bf3cc8ad03d8a" }, "Version": "v0.23.3", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/runtime@v0.29.3", "Name": "github.com/go-openapi/runtime", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/runtime@v0.29.3", "UID": "17014a3c94cd2de9" }, "Version": "v0.29.3", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/spec@v0.22.4", "Name": "github.com/go-openapi/spec", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/spec@v0.22.4", "UID": "3782b22342ff56ac" }, "Version": "v0.22.4", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/strfmt@v0.26.1", "Name": "github.com/go-openapi/strfmt", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/strfmt@v0.26.1", "UID": "b3b8392537cfa1ed" }, "Version": "v0.26.1", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag@v0.25.5", "Name": "github.com/go-openapi/swag", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag@v0.25.5", "UID": "c04c4c4d11fbe8a6" }, "Version": "v0.25.5", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/cmdutils@v0.25.5", "Name": "github.com/go-openapi/swag/cmdutils", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/cmdutils@v0.25.5", "UID": "c57fe8af98e3ecf3" }, "Version": "v0.25.5", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/conv@v0.25.5", "Name": "github.com/go-openapi/swag/conv", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/conv@v0.25.5", "UID": "daf61d0b52bafac2" }, "Version": "v0.25.5", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/fileutils@v0.25.5", "Name": "github.com/go-openapi/swag/fileutils", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/fileutils@v0.25.5", "UID": "e1b323bdeea16d3" }, "Version": "v0.25.5", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/jsonname@v0.25.5", "Name": "github.com/go-openapi/swag/jsonname", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/jsonname@v0.25.5", "UID": "ef7fe50cd84dc525" }, "Version": "v0.25.5", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/jsonutils@v0.25.5", "Name": "github.com/go-openapi/swag/jsonutils", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/jsonutils@v0.25.5", "UID": "aa2c03c653338316" }, "Version": "v0.25.5", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/loading@v0.25.5", "Name": "github.com/go-openapi/swag/loading", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/loading@v0.25.5", "UID": "2b781dfe20b204b1" }, "Version": "v0.25.5", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/mangling@v0.25.5", "Name": "github.com/go-openapi/swag/mangling", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/mangling@v0.25.5", "UID": "916c322051d18256" }, "Version": "v0.25.5", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/netutils@v0.25.5", "Name": "github.com/go-openapi/swag/netutils", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/netutils@v0.25.5", "UID": "69dc539c8ecc613a" }, "Version": "v0.25.5", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/stringutils@v0.25.5", "Name": "github.com/go-openapi/swag/stringutils", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/stringutils@v0.25.5", "UID": "11316aa600f5efb0" }, "Version": "v0.25.5", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/typeutils@v0.25.5", "Name": "github.com/go-openapi/swag/typeutils", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/typeutils@v0.25.5", "UID": "b02055793f75d57d" }, "Version": "v0.25.5", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/yamlutils@v0.25.5", "Name": "github.com/go-openapi/swag/yamlutils", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/yamlutils@v0.25.5", "UID": "ef19ff997d8c1c70" }, "Version": "v0.25.5", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/validate@v0.25.2", "Name": "github.com/go-openapi/validate", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/validate@v0.25.2", "UID": "9fb031eda1406e31" }, "Version": "v0.25.2", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-viper/mapstructure/v2@v2.5.0", "Name": "github.com/go-viper/mapstructure/v2", "Identifier": { "PURL": "pkg:golang/github.com/go-viper/mapstructure/v2@v2.5.0", "UID": "a0fe04a81eaaba97" }, "Version": "v2.5.0", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/golang-jwt/jwt/v5@v5.3.0", "Name": "github.com/golang-jwt/jwt/v5", "Identifier": { "PURL": "pkg:golang/github.com/golang-jwt/jwt/v5@v5.3.0", "UID": "1996acf81877be01" }, "Version": "v5.3.0", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/btree@v1.1.3", "Name": "github.com/google/btree", "Identifier": { "PURL": "pkg:golang/github.com/google/btree@v1.1.3", "UID": "497059916e676bb2" }, "Version": "v1.1.3", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/uuid@v1.6.0", "Name": "github.com/google/uuid", "Identifier": { "PURL": "pkg:golang/github.com/google/uuid@v1.6.0", "UID": "638c72528462057c" }, "Version": "v1.6.0", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/grpc-ecosystem/grpc-gateway/v2@v2.28.0", "Name": "github.com/grpc-ecosystem/grpc-gateway/v2", "Identifier": { "PURL": "pkg:golang/github.com/grpc-ecosystem/grpc-gateway/v2@v2.28.0", "UID": "c3d3b2c3d4ab3a34" }, "Version": "v2.28.0", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/errwrap@v1.1.0", "Name": "github.com/hashicorp/errwrap", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/errwrap@v1.1.0", "UID": "b00c869670d6c218" }, "Version": "v1.1.0", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/go-immutable-radix@v1.3.1", "Name": "github.com/hashicorp/go-immutable-radix", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/go-immutable-radix@v1.3.1", "UID": "a513b6d5d9620506" }, "Version": "v1.3.1", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/go-metrics@v0.5.4", "Name": "github.com/hashicorp/go-metrics", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/go-metrics@v0.5.4", "UID": "cf4361bb65d5e0a" }, "Version": "v0.5.4", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/go-msgpack/v2@v2.1.5", "Name": "github.com/hashicorp/go-msgpack/v2", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/go-msgpack/v2@v2.1.5", "UID": "1872e58f9eb9ecb2" }, "Version": "v2.1.5", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/go-multierror@v1.1.1", "Name": "github.com/hashicorp/go-multierror", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/go-multierror@v1.1.1", "UID": "2c1c9e9905f92716" }, "Version": "v1.1.1", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/go-sockaddr@v1.0.7", "Name": "github.com/hashicorp/go-sockaddr", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/go-sockaddr@v1.0.7", "UID": "ba7a0907e57b50a5" }, "Version": "v1.0.7", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/golang-lru@v0.5.4", "Name": "github.com/hashicorp/golang-lru", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/golang-lru@v0.5.4", "UID": "ebc07f44a80e9fc5" }, "Version": "v0.5.4", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/golang-lru/v2@v2.0.7", "Name": "github.com/hashicorp/golang-lru/v2", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/golang-lru/v2@v2.0.7", "UID": "446a5b06691cf9e3" }, "Version": "v2.0.7", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/memberlist@v0.5.4", "Name": "github.com/hashicorp/memberlist", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/memberlist@v0.5.4", "UID": "3dca9dee95cad796" }, "Version": "v0.5.4", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/jpillora/backoff@v1.0.0", "Name": "github.com/jpillora/backoff", "Identifier": { "PURL": "pkg:golang/github.com/jpillora/backoff@v1.0.0", "UID": "83d66b1d93381e28" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mdlayher/socket@v0.4.1", "Name": "github.com/mdlayher/socket", "Identifier": { "PURL": "pkg:golang/github.com/mdlayher/socket@v0.4.1", "UID": "977da514ed8f507e" }, "Version": "v0.4.1", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mdlayher/vsock@v1.2.1", "Name": "github.com/mdlayher/vsock", "Identifier": { "PURL": "pkg:golang/github.com/mdlayher/vsock@v1.2.1", "UID": "7577dcb510eeb769" }, "Version": "v1.2.1", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/miekg/dns@v1.1.68", "Name": "github.com/miekg/dns", "Identifier": { "PURL": "pkg:golang/github.com/miekg/dns@v1.1.68", "UID": "d73187f753142705" }, "Version": "v1.1.68", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", "Name": "github.com/munnerz/goautoneg", "Identifier": { "PURL": "pkg:golang/github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", "UID": "eb164906c3833b32" }, "Version": "v0.0.0-20191010083416-a7dc8b61c822", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mwitkow/go-conntrack@v0.0.0-20190716064945-2f068394615f", "Name": "github.com/mwitkow/go-conntrack", "Identifier": { "PURL": "pkg:golang/github.com/mwitkow/go-conntrack@v0.0.0-20190716064945-2f068394615f", "UID": "429ae4512663de27" }, "Version": "v0.0.0-20190716064945-2f068394615f", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/oklog/run@v1.2.0", "Name": "github.com/oklog/run", "Identifier": { "PURL": "pkg:golang/github.com/oklog/run@v1.2.0", "UID": "49a9cdc70bbe0b8e" }, "Version": "v1.2.0", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/oklog/ulid/v2@v2.1.1", "Name": "github.com/oklog/ulid/v2", "Identifier": { "PURL": "pkg:golang/github.com/oklog/ulid/v2@v2.1.1", "UID": "9bb50f733f3481fc" }, "Version": "v2.1.1", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/client_golang@v1.23.2", "Name": "github.com/prometheus/client_golang", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/client_golang@v1.23.2", "UID": "a452d3d5c1e8b743" }, "Version": "v1.23.2", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/client_model@v0.6.2", "Name": "github.com/prometheus/client_model", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/client_model@v0.6.2", "UID": "a0675c1c234632b2" }, "Version": "v0.6.2", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/common@v0.67.5", "Name": "github.com/prometheus/common", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/common@v0.67.5", "UID": "a38673513c4a7ff7" }, "Version": "v0.67.5", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/exporter-toolkit@v0.15.1", "Name": "github.com/prometheus/exporter-toolkit", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/exporter-toolkit@v0.15.1", "UID": "c4557ae99ab507f6" }, "Version": "v0.15.1", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/procfs@v0.16.1", "Name": "github.com/prometheus/procfs", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/procfs@v0.16.1", "UID": "c0b91f24c129f901" }, "Version": "v0.16.1", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/sigv4@v0.4.1", "Name": "github.com/prometheus/sigv4", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/sigv4@v0.4.1", "UID": "a2a43ceabda6c91b" }, "Version": "v0.4.1", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/sean-/seed@v0.0.0-20170313163322-e2103e2c3529", "Name": "github.com/sean-/seed", "Identifier": { "PURL": "pkg:golang/github.com/sean-/seed@v0.0.0-20170313163322-e2103e2c3529", "UID": "307510990e328003" }, "Version": "v0.0.0-20170313163322-e2103e2c3529", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/xhit/go-str2duration/v2@v2.1.0", "Name": "github.com/xhit/go-str2duration/v2", "Identifier": { "PURL": "pkg:golang/github.com/xhit/go-str2duration/v2@v2.1.0", "UID": "4273d654bb9b09b0" }, "Version": "v2.1.0", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/xlab/treeprint@v1.2.0", "Name": "github.com/xlab/treeprint", "Identifier": { "PURL": "pkg:golang/github.com/xlab/treeprint@v1.2.0", "UID": "464133349b8e76c9" }, "Version": "v1.2.0", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/auto/sdk@v1.2.1", "Name": "go.opentelemetry.io/auto/sdk", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/auto/sdk@v1.2.1", "UID": "738654f5fb2ff03a" }, "Version": "v1.2.1", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace@v0.66.0", "Name": "go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace@v0.66.0", "UID": "2cc4aa44deb1db61" }, "Version": "v0.66.0", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.66.0", "Name": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.66.0", "UID": "29aaf682e5cbad24" }, "Version": "v0.66.0", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/otel@v1.41.0", "Name": "go.opentelemetry.io/otel", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel@v1.41.0", "UID": "1a92505491df2841" }, "Version": "v1.41.0", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/otel/exporters/otlp/otlptrace@v1.41.0", "Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlptrace@v1.41.0", "UID": "5f4d21040f802faa" }, "Version": "v1.41.0", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@v1.41.0", "Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@v1.41.0", "UID": "124c3b2b084a6ffc" }, "Version": "v1.41.0", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp@v1.41.0", "Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp@v1.41.0", "UID": "a189492f3e3cd9d8" }, "Version": "v1.41.0", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/otel/metric@v1.41.0", "Name": "go.opentelemetry.io/otel/metric", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel/metric@v1.41.0", "UID": "ac091df1c269b1a0" }, "Version": "v1.41.0", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/otel/sdk@v1.41.0", "Name": "go.opentelemetry.io/otel/sdk", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel/sdk@v1.41.0", "UID": "1b139d64e65bc0b0" }, "Version": "v1.41.0", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/otel/trace@v1.41.0", "Name": "go.opentelemetry.io/otel/trace", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel/trace@v1.41.0", "UID": "de45e9031bdb0e87" }, "Version": "v1.41.0", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/proto/otlp@v1.9.0", "Name": "go.opentelemetry.io/proto/otlp", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/proto/otlp@v1.9.0", "UID": "1195d69266ef8b72" }, "Version": "v1.9.0", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "go.yaml.in/yaml/v2@v2.4.3", "Name": "go.yaml.in/yaml/v2", "Identifier": { "PURL": "pkg:golang/go.yaml.in/yaml/v2@v2.4.3", "UID": "2e10aa33428e542c" }, "Version": "v2.4.3", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "go.yaml.in/yaml/v3@v3.0.4", "Name": "go.yaml.in/yaml/v3", "Identifier": { "PURL": "pkg:golang/go.yaml.in/yaml/v3@v3.0.4", "UID": "16d232b4d1c9569f" }, "Version": "v3.0.4", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/crypto@v0.49.0", "Name": "golang.org/x/crypto", "Identifier": { "PURL": "pkg:golang/golang.org/x/crypto@v0.49.0", "UID": "4f64fdf89e9573d0" }, "Version": "v0.49.0", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/mod@v0.34.0", "Name": "golang.org/x/mod", "Identifier": { "PURL": "pkg:golang/golang.org/x/mod@v0.34.0", "UID": "18bff65fda471564" }, "Version": "v0.34.0", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/net@v0.52.0", "Name": "golang.org/x/net", "Identifier": { "PURL": "pkg:golang/golang.org/x/net@v0.52.0", "UID": "49e14711744516a7" }, "Version": "v0.52.0", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/oauth2@v0.35.0", "Name": "golang.org/x/oauth2", "Identifier": { "PURL": "pkg:golang/golang.org/x/oauth2@v0.35.0", "UID": "9eea24b1089525e0" }, "Version": "v0.35.0", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/sync@v0.20.0", "Name": "golang.org/x/sync", "Identifier": { "PURL": "pkg:golang/golang.org/x/sync@v0.20.0", "UID": "6317925b5bf4c01e" }, "Version": "v0.20.0", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/sys@v0.42.0", "Name": "golang.org/x/sys", "Identifier": { "PURL": "pkg:golang/golang.org/x/sys@v0.42.0", "UID": "618e027092f4ba9b" }, "Version": "v0.42.0", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/text@v0.35.0", "Name": "golang.org/x/text", "Identifier": { "PURL": "pkg:golang/golang.org/x/text@v0.35.0", "UID": "ab487a9f778080e8" }, "Version": "v0.35.0", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/time@v0.14.0", "Name": "golang.org/x/time", "Identifier": { "PURL": "pkg:golang/golang.org/x/time@v0.14.0", "UID": "64fb71f0eea1379b" }, "Version": "v0.14.0", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/genproto/googleapis/api@v0.0.0-20260209200024-4cfbd4190f57", "Name": "google.golang.org/genproto/googleapis/api", "Identifier": { "PURL": "pkg:golang/google.golang.org/genproto/googleapis/api@v0.0.0-20260209200024-4cfbd4190f57", "UID": "c84e8023c3bcfe49" }, "Version": "v0.0.0-20260209200024-4cfbd4190f57", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/genproto/googleapis/rpc@v0.0.0-20260209200024-4cfbd4190f57", "Name": "google.golang.org/genproto/googleapis/rpc", "Identifier": { "PURL": "pkg:golang/google.golang.org/genproto/googleapis/rpc@v0.0.0-20260209200024-4cfbd4190f57", "UID": "f0ecc2d61b318c22" }, "Version": "v0.0.0-20260209200024-4cfbd4190f57", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/grpc@v1.80.0", "Name": "google.golang.org/grpc", "Identifier": { "PURL": "pkg:golang/google.golang.org/grpc@v1.80.0", "UID": "3f17563156914c17" }, "Version": "v1.80.0", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/protobuf@v1.36.11", "Name": "google.golang.org/protobuf", "Identifier": { "PURL": "pkg:golang/google.golang.org/protobuf@v1.36.11", "UID": "737f4e5915429126" }, "Version": "v1.36.11", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/yaml.v2@v2.4.0", "Name": "gopkg.in/yaml.v2", "Identifier": { "PURL": "pkg:golang/gopkg.in/yaml.v2@v2.4.0", "UID": "9cf40bc580886d4e" }, "Version": "v2.4.0", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "AnalyzedBy": "gobinary" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2026-39882", "VendorIDs": [ "GHSA-w8rr-5gcm-pp58" ], "PkgID": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp@v1.41.0", "PkgName": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp", "PkgIdentifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp@v1.41.0", "UID": "a189492f3e3cd9d8" }, "InstalledVersion": "v1.41.0", "FixedVersion": "1.43.0", "Status": "fixed", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39882", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:99935b6db464ae5edf466fb6d8ecc777a20df76b83dc67ebea361b5dfde05af8", "Title": "OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1 ...", "Description": "OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1.43.0, the otlp HTTP exporters (traces/metrics/logs) read the full HTTP response body into an in-memory bytes.Buffer without a size cap. This is exploitable for memory exhaustion when the configured collector endpoint is attacker-controlled (or a network attacker can mitm the exporter connection). This vulnerability is fixed in 1.43.0.", "Severity": "MEDIUM", "CweIDs": [ "CWE-789" ], "VendorSeverity": { "amazon": 2, "azure": 2, "ghsa": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.3 } }, "References": [ "http://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.43.0", "https://github.com/open-telemetry/opentelemetry-go", "https://github.com/open-telemetry/opentelemetry-go/pull/8108", "https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-w8rr-5gcm-pp58", "https://nvd.nist.gov/vuln/detail/CVE-2026-39882" ], "PublishedDate": "2026-04-08T21:17:00.547Z", "LastModifiedDate": "2026-04-09T18:39:55.73Z" }, { "VulnerabilityID": "CVE-2026-39883", "VendorIDs": [ "GHSA-hfvc-g4fc-pqhx" ], "PkgID": "go.opentelemetry.io/otel/sdk@v1.41.0", "PkgName": "go.opentelemetry.io/otel/sdk", "PkgIdentifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel/sdk@v1.41.0", "UID": "1b139d64e65bc0b0" }, "InstalledVersion": "v1.41.0", "FixedVersion": "1.43.0", "Status": "fixed", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39883", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:730eef800bf6d38a7bf413b1632a7224d601f64d2e15a2aa867191ffaa127c8d", "Title": "opentelemetry-go: BSD kenv command not using absolute path enables PATH hijacking", "Description": "OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This vulnerability is fixed in 1.43.0.", "Severity": "HIGH", "CweIDs": [ "CWE-426" ], "VendorSeverity": { "ghsa": 3, "nvd": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "V40Score": 7.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "http://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.43.0", "https://github.com/open-telemetry/opentelemetry-go", "https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-hfvc-g4fc-pqhx", "https://nvd.nist.gov/vuln/detail/CVE-2026-39883" ], "PublishedDate": "2026-04-08T21:17:00.697Z", "LastModifiedDate": "2026-04-10T21:16:27.12Z" }, { "VulnerabilityID": "CVE-2026-33811", "VendorIDs": [ "GO-2026-4981" ], "PkgID": "stdlib@v1.26.2", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.26.2", "UID": "72ad0bffed5617e7" }, "InstalledVersion": "v1.26.2", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:54c29c23f381404d862c99a8413e9ed4b741f9d3cb086b84aacdf4ceb70836a2", "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", "Severity": "HIGH", "CweIDs": [ "CWE-415" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/767860", "https://go.dev/issue/78803", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", "https://pkg.go.dev/vuln/GO-2026-4981" ], "PublishedDate": "2026-05-07T20:16:42.77Z", "LastModifiedDate": "2026-05-12T20:23:02.333Z" }, { "VulnerabilityID": "CVE-2026-33814", "VendorIDs": [ "GO-2026-4918" ], "PkgID": "stdlib@v1.26.2", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.26.2", "UID": "72ad0bffed5617e7" }, "InstalledVersion": "v1.26.2", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3922f5383e15b704eb0a7a48041f64a6c657df1ad708b331c6ad7e01f3c44e8b", "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", "Severity": "HIGH", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/761581", "https://go.dev/cl/761640", "https://go.dev/issue/78476", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", "https://pkg.go.dev/vuln/GO-2026-4918" ], "PublishedDate": "2026-05-07T20:16:42.88Z", "LastModifiedDate": "2026-05-13T14:41:59.52Z" }, { "VulnerabilityID": "CVE-2026-39820", "VendorIDs": [ "GO-2026-4986" ], "PkgID": "stdlib@v1.26.2", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.26.2", "UID": "72ad0bffed5617e7" }, "InstalledVersion": "v1.26.2", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c567038a7813b33af2ee2abe15645d45fb4387689caa02e044659eaa2c245e8f", "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/759940", "https://go.dev/issue/78566", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", "https://pkg.go.dev/vuln/GO-2026-4986" ], "PublishedDate": "2026-05-07T20:16:43.187Z", "LastModifiedDate": "2026-05-13T15:10:58.65Z" }, { "VulnerabilityID": "CVE-2026-39836", "VendorIDs": [ "GO-2026-4971" ], "PkgID": "stdlib@v1.26.2", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.26.2", "UID": "72ad0bffed5617e7" }, "InstalledVersion": "v1.26.2", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:0cbab31620f0c3071b05c09bae3606e14e3def23fbcf055b554d2eb86b3093f7", "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/775320", "https://go.dev/issue/79006", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", "https://pkg.go.dev/vuln/GO-2026-4971" ], "PublishedDate": "2026-05-07T20:16:43.593Z", "LastModifiedDate": "2026-05-13T15:11:10.31Z" }, { "VulnerabilityID": "CVE-2026-42499", "VendorIDs": [ "GO-2026-4977" ], "PkgID": "stdlib@v1.26.2", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.26.2", "UID": "72ad0bffed5617e7" }, "InstalledVersion": "v1.26.2", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:68b7351f8f9de3576865cb9778ad9b774bcf634d65ae9bd170ce11540efee3c9", "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", "Severity": "HIGH", "VendorSeverity": { "bitnami": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/771520", "https://go.dev/issue/78987", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", "https://pkg.go.dev/vuln/GO-2026-4977" ], "PublishedDate": "2026-05-07T20:16:44.54Z", "LastModifiedDate": "2026-05-13T16:59:17.563Z" }, { "VulnerabilityID": "CVE-2026-39823", "VendorIDs": [ "GO-2026-4982" ], "PkgID": "stdlib@v1.26.2", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.26.2", "UID": "72ad0bffed5617e7" }, "InstalledVersion": "v1.26.2", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:589af3ff40db8b36479ffab2cbdb33ae734e238f9245431bdf640c2cca4fafd7", "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/769920", "https://go.dev/issue/78913", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", "https://pkg.go.dev/vuln/GO-2026-4982" ], "PublishedDate": "2026-05-07T20:16:43.29Z", "LastModifiedDate": "2026-05-13T16:58:45.697Z" }, { "VulnerabilityID": "CVE-2026-39825", "VendorIDs": [ "GO-2026-4976" ], "PkgID": "stdlib@v1.26.2", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.26.2", "UID": "72ad0bffed5617e7" }, "InstalledVersion": "v1.26.2", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:6fee37303636ed27718fc6a3372de3b1e44f75f143331f8b9d1c40058f16df15", "Title": "ReverseProxy can forward queries containing parameters not visible to ...", "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", "Severity": "MEDIUM", "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://go.dev/cl/770541", "https://go.dev/issue/78948", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", "https://pkg.go.dev/vuln/GO-2026-4976" ], "PublishedDate": "2026-05-07T20:16:43.39Z", "LastModifiedDate": "2026-05-13T16:58:56.39Z" }, { "VulnerabilityID": "CVE-2026-39826", "VendorIDs": [ "GO-2026-4980" ], "PkgID": "stdlib@v1.26.2", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.26.2", "UID": "72ad0bffed5617e7" }, "InstalledVersion": "v1.26.2", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:c1058a984b8caca4bd6b2ec2047a712dd622d28fa6a587304f9b9e5ebe428fb9", "DiffID": "sha256:d6dac48fab35f1e38ae5fc24cb886e70b6c2f75ab93def5819af298ad2bf5525" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:87d76236d84dfc030034aee9a379a9b1f43df4f20770adf846e22f88da24487d", "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", "Severity": "MEDIUM", "CweIDs": [ "CWE-116" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/771180", "https://go.dev/issue/78981", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", "https://pkg.go.dev/vuln/GO-2026-4980" ], "PublishedDate": "2026-05-07T20:16:43.49Z", "LastModifiedDate": "2026-05-13T16:59:07.48Z" } ] } ] }, { "Namespace": "prometheus", "Kind": "Deployment", "Name": "auth-exporter", "Metadata": [ { "Size": 123288576, "OS": { "Family": "debian", "Name": "13.5" }, "ImageID": "sha256:e1054bc5a9f2ddbdd6d0247997c45f2201a4e9b4c6f824b247064a558e877070", "DiffIDs": [ "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40", "sha256:ae0096d57d7f18e7861848f1103983488102f78517c11444120d8a938884de54", "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939", "sha256:6872606a6b819a8348189e0d99b8e730aa74d558c158d96f1dd2406a7c6baaf7" ], "RepoTags": [ "python:3.12-slim" ], "RepoDigests": [ "python@sha256:9d3abd9fc11d06998ccdbdd93b4dd49b5ad7d67fcbbc11c016eb0eb2c2194891" ], "Reference": "python:3.12-slim", "ImageConfig": { "architecture": "amd64", "created": "2026-05-19T23:50:55.52769964Z", "history": [ { "created": "2026-05-18T00:00:00Z", "created_by": "# debian.sh --arch 'amd64' out/ 'trixie' '@1779062400'", "comment": "debuerreotype 0.17" }, { "created": "2026-05-19T23:42:40.234278553Z", "created_by": "ENV PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-19T23:42:40.234278553Z", "created_by": "ENV LANG=C.UTF-8", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-19T23:42:40.234278553Z", "created_by": "RUN /bin/sh -c set -eux; \tapt-get update; \tapt-get install -y --no-install-recommends \t\tca-certificates \t\tnetbase \t\ttzdata \t; \tapt-get dist-clean # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-05-19T23:42:40.234278553Z", "created_by": "ENV GPG_KEY=7169605F62C751356D054A26A821E680E5FA6305", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-19T23:42:40.234278553Z", "created_by": "ENV PYTHON_VERSION=3.12.13", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-19T23:42:40.234278553Z", "created_by": "ENV PYTHON_SHA256=c08bc65a81971c1dd5783182826503369466c7e67374d1646519adf05207b684", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-19T23:50:55.41770734Z", "created_by": "RUN /bin/sh -c set -eux; \t\tsavedAptMark=\"$(apt-mark showmanual)\"; \tapt-get update; \tapt-get install -y --no-install-recommends \t\tdpkg-dev \t\tgcc \t\tgnupg \t\tlibbluetooth-dev \t\tlibbz2-dev \t\tlibc6-dev \t\tlibdb-dev \t\tlibffi-dev \t\tlibgdbm-dev \t\tliblzma-dev \t\tlibncursesw5-dev \t\tlibreadline-dev \t\tlibsqlite3-dev \t\tlibssl-dev \t\tmake \t\ttk-dev \t\tuuid-dev \t\twget \t\txz-utils \t\tzlib1g-dev \t; \t\twget -O python.tar.xz \"https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz\"; \techo \"$PYTHON_SHA256 *python.tar.xz\" | sha256sum -c -; \twget -O python.tar.xz.asc \"https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc\"; \tGNUPGHOME=\"$(mktemp -d)\"; export GNUPGHOME; \tgpg --batch --keyserver hkps://keys.openpgp.org --recv-keys \"$GPG_KEY\"; \tgpg --batch --verify python.tar.xz.asc python.tar.xz; \tgpgconf --kill all; \trm -rf \"$GNUPGHOME\" python.tar.xz.asc; \tmkdir -p /usr/src/python; \ttar --extract --directory /usr/src/python --strip-components=1 --file python.tar.xz; \trm python.tar.xz; \t\tcd /usr/src/python; \tgnuArch=\"$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)\"; \t./configure \t\t--build=\"$gnuArch\" \t\t--enable-loadable-sqlite-extensions \t\t--enable-optimizations \t\t--enable-option-checking=fatal \t\t--enable-shared \t\t$(test \"${gnuArch%%-*}\" != 'riscv64' \u0026\u0026 echo '--with-lto') \t\t--with-ensurepip \t; \tnproc=\"$(nproc)\"; \tEXTRA_CFLAGS=\"$(dpkg-buildflags --get CFLAGS)\"; \tLDFLAGS=\"$(dpkg-buildflags --get LDFLAGS)\"; \tLDFLAGS=\"${LDFLAGS:-} -Wl,--strip-all\"; \tarch=\"$(dpkg --print-architecture)\"; arch=\"${arch##*-}\"; \tcase \"$arch\" in \t\tamd64|arm64) \t\t\tEXTRA_CFLAGS=\"${EXTRA_CFLAGS:-} -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer\"; \t\t\t;; \t\ti386) \t\t\t;; \t\t*) \t\t\tEXTRA_CFLAGS=\"${EXTRA_CFLAGS:-} -fno-omit-frame-pointer\"; \t\t\t;; \tesac; \tmake -j \"$nproc\" \t\t\"EXTRA_CFLAGS=${EXTRA_CFLAGS:-}\" \t\t\"LDFLAGS=${LDFLAGS:-}\" \t; \trm python; \tmake -j \"$nproc\" \t\t\"EXTRA_CFLAGS=${EXTRA_CFLAGS:-}\" \t\t\"LDFLAGS=${LDFLAGS:-} -Wl,-rpath='\\$\\$ORIGIN/../lib'\" \t\tpython \t; \tmake install; \t\tcd /; \trm -rf /usr/src/python; \t\tfind /usr/local -depth \t\t\\( \t\t\t\\( -type d -a \\( -name test -o -name tests -o -name idle_test \\) \\) \t\t\t-o \\( -type f -a \\( -name '*.pyc' -o -name '*.pyo' -o -name 'libpython*.a' \\) \\) \t\t\\) -exec rm -rf '{}' + \t; \t\tldconfig; \t\tapt-mark auto '.*' \u003e /dev/null; \tapt-mark manual $savedAptMark; \tfind /usr/local -type f -executable -not \\( -name '*tkinter*' \\) -exec ldd '{}' ';' \t\t| awk '/=\u003e/ { so = $(NF-1); if (index(so, \"/usr/local/\") == 1) { next }; gsub(\"^/(usr/)?\", \"\", so); printf \"*%s\\n\", so }' \t\t| sort -u \t\t| xargs -rt dpkg-query --search \t\t| awk 'sub(\":$\", \"\", $1) { print $1 }' \t\t| sort -u \t\t| xargs -r apt-mark manual \t; \tapt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \tapt-get dist-clean; \t\texport PYTHONDONTWRITEBYTECODE=1; \tpython3 --version; \tpip3 --version # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-05-19T23:50:55.52769964Z", "created_by": "RUN /bin/sh -c set -eux; \tfor src in idle3 pip3 pydoc3 python3 python3-config; do \t\tdst=\"$(echo \"$src\" | tr -d 3)\"; \t\t[ -s \"/usr/local/bin/$src\" ]; \t\t[ ! -e \"/usr/local/bin/$dst\" ]; \t\tln -svT \"$src\" \"/usr/local/bin/$dst\"; \tdone # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-05-19T23:50:55.52769964Z", "created_by": "CMD [\"python3\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true } ], "os": "linux", "rootfs": { "type": "layers", "diff_ids": [ "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40", "sha256:ae0096d57d7f18e7861848f1103983488102f78517c11444120d8a938884de54", "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939", "sha256:6872606a6b819a8348189e0d99b8e730aa74d558c158d96f1dd2406a7c6baaf7" ] }, "config": { "Cmd": [ "python3" ], "Env": [ "PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "LANG=C.UTF-8", "GPG_KEY=7169605F62C751356D054A26A821E680E5FA6305", "PYTHON_VERSION=3.12.13", "PYTHON_SHA256=c08bc65a81971c1dd5783182826503369466c7e67374d1646519adf05207b684" ] } }, "Layers": [ { "Size": 81049600, "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, { "Size": 4127232, "Digest": "sha256:4a9dde5cdde190bfa0a3ab17863a083e66ea9636b157638c315357dfa476ba76", "DiffID": "sha256:ae0096d57d7f18e7861848f1103983488102f78517c11444120d8a938884de54" }, { "Size": 38106624, "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" }, { "Size": 5120, "Digest": "sha256:07342fe545e640a2c4960e97ffe33a301cd8e61e0c4d4307d7ac66b6b8a9eb2d", "DiffID": "sha256:6872606a6b819a8348189e0d99b8e730aa74d558c158d96f1dd2406a7c6baaf7" } ] } ], "Results": [ { "Target": "python:3.12-slim (debian 13.5)", "Class": "os-pkgs", "Type": "debian", "Packages": [ { "ID": "adduser@3.152", "Name": "adduser", "Identifier": { "PURL": "pkg:deb/debian/adduser@3.152?arch=all\u0026distro=debian-13.5", "UID": "681428a4291e51" }, "Version": "3.152", "Arch": "all", "SrcName": "adduser", "SrcVersion": "3.152", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Debian Adduser Developers \u003cadduser@packages.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "passwd@1:4.17.4-2" ], "Layer": { "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" }, "InstalledFiles": [ "/usr/sbin/adduser", "/usr/sbin/deluser", "/usr/share/doc/adduser/NEWS.Debian.gz", "/usr/share/doc/adduser/README.gz", "/usr/share/doc/adduser/TODO", "/usr/share/doc/adduser/changelog.gz", "/usr/share/doc/adduser/copyright", "/usr/share/doc/adduser/examples/INSTALL", "/usr/share/doc/adduser/examples/README", "/usr/share/doc/adduser/examples/adduser.conf", "/usr/share/doc/adduser/examples/adduser.local", "/usr/share/doc/adduser/examples/adduser.local.conf", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/bash.bashrc", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/profile", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel.other/index.html", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bash_logout", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bash_profile", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bashrc", "/usr/share/doc/adduser/examples/deluser.conf", "/usr/share/man/da/man5/deluser.conf.5.gz", "/usr/share/man/de/man5/adduser.conf.5.gz", "/usr/share/man/de/man5/deluser.conf.5.gz", "/usr/share/man/de/man8/adduser.8.gz", "/usr/share/man/de/man8/adduser.local.8.gz", "/usr/share/man/de/man8/deluser.8.gz", "/usr/share/man/es/man5/deluser.conf.5.gz", "/usr/share/man/fr/man5/adduser.conf.5.gz", "/usr/share/man/fr/man5/deluser.conf.5.gz", "/usr/share/man/fr/man8/adduser.8.gz", "/usr/share/man/fr/man8/deluser.8.gz", "/usr/share/man/it/man5/deluser.conf.5.gz", "/usr/share/man/man5/adduser.conf.5.gz", "/usr/share/man/man5/deluser.conf.5.gz", "/usr/share/man/man8/adduser.8.gz", "/usr/share/man/man8/adduser.local.8.gz", "/usr/share/man/man8/deluser.8.gz", "/usr/share/man/nl/man5/adduser.conf.5.gz", "/usr/share/man/nl/man5/deluser.conf.5.gz", "/usr/share/man/nl/man8/adduser.8.gz", "/usr/share/man/nl/man8/adduser.local.8.gz", "/usr/share/man/nl/man8/deluser.8.gz", "/usr/share/man/pl/man5/deluser.conf.5.gz", "/usr/share/man/pt/man5/adduser.conf.5.gz", "/usr/share/man/pt/man5/deluser.conf.5.gz", "/usr/share/man/pt/man8/adduser.8.gz", "/usr/share/man/pt/man8/adduser.local.8.gz", "/usr/share/man/pt/man8/deluser.8.gz", "/usr/share/man/ro/man5/adduser.conf.5.gz", "/usr/share/man/ro/man5/deluser.conf.5.gz", "/usr/share/man/ro/man8/adduser.8.gz", "/usr/share/man/ro/man8/adduser.local.8.gz", "/usr/share/man/ro/man8/deluser.8.gz", "/usr/share/man/ru/man5/deluser.conf.5.gz", "/usr/share/man/sv/man5/deluser.conf.5.gz", "/usr/share/perl5/Debian/AdduserCommon.pm", "/usr/share/perl5/Debian/AdduserLogging.pm", "/usr/share/perl5/Debian/AdduserRetvalues.pm" ], "AnalyzedBy": "dpkg" }, { "ID": "apt@3.0.3", "Name": "apt", "Identifier": { "PURL": "pkg:deb/debian/apt@3.0.3?arch=amd64\u0026distro=debian-13.5", "UID": "2e5d8c8032700559" }, "Version": "3.0.3", "Arch": "amd64", "SrcName": "apt", "SrcVersion": "3.0.3", "Licenses": [ "GPL-2.0-or-later", "curl", "BSD-3-Clause", "MIT", "GPL-2.0-only" ], "Maintainer": "APT Development Team \u003cdeity@lists.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "adduser@3.152", "base-passwd@3.6.7", "debian-archive-keyring@2025.1", "libapt-pkg7.0@3.0.3", "libc6@2.41-12+deb13u3", "libgcc-s1@14.2.0-19", "libseccomp2@2.6.0-2", "libssl3t64@3.5.6-1~deb13u1", "libstdc++6@14.2.0-19", "libsystemd0@257.13-1~deb13u1", "sqv@1.3.0-3+b2" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/apt", "/usr/bin/apt-cache", "/usr/bin/apt-cdrom", "/usr/bin/apt-config", "/usr/bin/apt-get", "/usr/bin/apt-mark", "/usr/lib/apt/apt-extracttemplates", "/usr/lib/apt/apt-helper", "/usr/lib/apt/apt.systemd.daily", "/usr/lib/apt/methods/cdrom", "/usr/lib/apt/methods/copy", "/usr/lib/apt/methods/file", "/usr/lib/apt/methods/gpgv", "/usr/lib/apt/methods/http", "/usr/lib/apt/methods/mirror", "/usr/lib/apt/methods/rred", "/usr/lib/apt/methods/sqv", "/usr/lib/apt/methods/store", "/usr/lib/apt/solvers/dump", "/usr/lib/dpkg/methods/apt/desc.apt", "/usr/lib/dpkg/methods/apt/install", "/usr/lib/dpkg/methods/apt/names", "/usr/lib/dpkg/methods/apt/setup", "/usr/lib/dpkg/methods/apt/update", "/usr/lib/systemd/system/apt-daily-upgrade.service", "/usr/lib/systemd/system/apt-daily-upgrade.timer", "/usr/lib/systemd/system/apt-daily.service", "/usr/lib/systemd/system/apt-daily.timer", "/usr/lib/x86_64-linux-gnu/libapt-private.so.0.0.0", "/usr/share/apt/default-sequoia.config", "/usr/share/bash-completion/completions/apt", "/usr/share/bug/apt/script", "/usr/share/doc/apt/NEWS.Debian.gz", "/usr/share/doc/apt/README.md.gz", "/usr/share/doc/apt/changelog.gz", "/usr/share/doc/apt/copyright", "/usr/share/doc/apt/examples/apt.conf", "/usr/share/doc/apt/examples/configure-index", "/usr/share/doc/apt/examples/debian.sources", "/usr/share/doc/apt/examples/preferences", "/usr/share/lintian/overrides/apt", "/usr/share/locale/ar/LC_MESSAGES/apt.mo", "/usr/share/locale/ast/LC_MESSAGES/apt.mo", "/usr/share/locale/bg/LC_MESSAGES/apt.mo", "/usr/share/locale/bs/LC_MESSAGES/apt.mo", "/usr/share/locale/ca/LC_MESSAGES/apt.mo", "/usr/share/locale/cs/LC_MESSAGES/apt.mo", "/usr/share/locale/cy/LC_MESSAGES/apt.mo", "/usr/share/locale/da/LC_MESSAGES/apt.mo", "/usr/share/locale/de/LC_MESSAGES/apt.mo", "/usr/share/locale/dz/LC_MESSAGES/apt.mo", "/usr/share/locale/el/LC_MESSAGES/apt.mo", "/usr/share/locale/es/LC_MESSAGES/apt.mo", "/usr/share/locale/eu/LC_MESSAGES/apt.mo", "/usr/share/locale/fi/LC_MESSAGES/apt.mo", "/usr/share/locale/fr/LC_MESSAGES/apt.mo", "/usr/share/locale/gl/LC_MESSAGES/apt.mo", "/usr/share/locale/hu/LC_MESSAGES/apt.mo", "/usr/share/locale/it/LC_MESSAGES/apt.mo", "/usr/share/locale/ja/LC_MESSAGES/apt.mo", "/usr/share/locale/km/LC_MESSAGES/apt.mo", "/usr/share/locale/ko/LC_MESSAGES/apt.mo", "/usr/share/locale/ku/LC_MESSAGES/apt.mo", "/usr/share/locale/lt/LC_MESSAGES/apt.mo", "/usr/share/locale/mr/LC_MESSAGES/apt.mo", "/usr/share/locale/nb/LC_MESSAGES/apt.mo", "/usr/share/locale/ne/LC_MESSAGES/apt.mo", "/usr/share/locale/nl/LC_MESSAGES/apt.mo", "/usr/share/locale/nn/LC_MESSAGES/apt.mo", "/usr/share/locale/pl/LC_MESSAGES/apt.mo", "/usr/share/locale/pt/LC_MESSAGES/apt.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/apt.mo", "/usr/share/locale/ro/LC_MESSAGES/apt.mo", "/usr/share/locale/ru/LC_MESSAGES/apt.mo", "/usr/share/locale/sk/LC_MESSAGES/apt.mo", "/usr/share/locale/sl/LC_MESSAGES/apt.mo", "/usr/share/locale/sv/LC_MESSAGES/apt.mo", "/usr/share/locale/th/LC_MESSAGES/apt.mo", "/usr/share/locale/tl/LC_MESSAGES/apt.mo", "/usr/share/locale/tr/LC_MESSAGES/apt.mo", "/usr/share/locale/uk/LC_MESSAGES/apt.mo", "/usr/share/locale/vi/LC_MESSAGES/apt.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/apt.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/apt.mo", "/usr/share/man/de/man1/apt-transport-http.1.gz", "/usr/share/man/de/man1/apt-transport-https.1.gz", "/usr/share/man/de/man1/apt-transport-mirror.1.gz", "/usr/share/man/de/man5/apt.conf.5.gz", "/usr/share/man/de/man5/apt_auth.conf.5.gz", "/usr/share/man/de/man5/apt_preferences.5.gz", "/usr/share/man/de/man5/sources.list.5.gz", "/usr/share/man/de/man7/apt-patterns.7.gz", "/usr/share/man/de/man8/apt-cache.8.gz", "/usr/share/man/de/man8/apt-cdrom.8.gz", "/usr/share/man/de/man8/apt-config.8.gz", "/usr/share/man/de/man8/apt-get.8.gz", "/usr/share/man/de/man8/apt-mark.8.gz", "/usr/share/man/de/man8/apt-secure.8.gz", "/usr/share/man/de/man8/apt.8.gz", "/usr/share/man/es/man5/apt_preferences.5.gz", "/usr/share/man/es/man8/apt-cache.8.gz", "/usr/share/man/es/man8/apt-cdrom.8.gz", "/usr/share/man/es/man8/apt-config.8.gz", "/usr/share/man/fr/man1/apt-transport-http.1.gz", "/usr/share/man/fr/man1/apt-transport-https.1.gz", "/usr/share/man/fr/man1/apt-transport-mirror.1.gz", "/usr/share/man/fr/man5/apt.conf.5.gz", "/usr/share/man/fr/man5/apt_auth.conf.5.gz", "/usr/share/man/fr/man5/apt_preferences.5.gz", "/usr/share/man/fr/man5/sources.list.5.gz", "/usr/share/man/fr/man7/apt-patterns.7.gz", "/usr/share/man/fr/man8/apt-cache.8.gz", "/usr/share/man/fr/man8/apt-cdrom.8.gz", "/usr/share/man/fr/man8/apt-config.8.gz", "/usr/share/man/fr/man8/apt-get.8.gz", "/usr/share/man/fr/man8/apt-mark.8.gz", "/usr/share/man/fr/man8/apt-secure.8.gz", "/usr/share/man/fr/man8/apt.8.gz", "/usr/share/man/it/man5/apt.conf.5.gz", "/usr/share/man/it/man5/apt_preferences.5.gz", "/usr/share/man/it/man8/apt-cache.8.gz", "/usr/share/man/it/man8/apt-cdrom.8.gz", "/usr/share/man/it/man8/apt-config.8.gz", "/usr/share/man/it/man8/apt-mark.8.gz", "/usr/share/man/it/man8/apt.8.gz", "/usr/share/man/ja/man5/apt.conf.5.gz", "/usr/share/man/ja/man5/apt_preferences.5.gz", "/usr/share/man/ja/man8/apt-cache.8.gz", "/usr/share/man/ja/man8/apt-cdrom.8.gz", "/usr/share/man/ja/man8/apt-config.8.gz", "/usr/share/man/ja/man8/apt-mark.8.gz", "/usr/share/man/ja/man8/apt.8.gz", "/usr/share/man/man1/apt-transport-http.1.gz", "/usr/share/man/man1/apt-transport-https.1.gz", "/usr/share/man/man1/apt-transport-mirror.1.gz", "/usr/share/man/man5/apt.conf.5.gz", "/usr/share/man/man5/apt_auth.conf.5.gz", "/usr/share/man/man5/apt_preferences.5.gz", "/usr/share/man/man5/sources.list.5.gz", "/usr/share/man/man7/apt-patterns.7.gz", "/usr/share/man/man8/apt-cache.8.gz", "/usr/share/man/man8/apt-cdrom.8.gz", "/usr/share/man/man8/apt-config.8.gz", "/usr/share/man/man8/apt-get.8.gz", "/usr/share/man/man8/apt-mark.8.gz", "/usr/share/man/man8/apt-secure.8.gz", "/usr/share/man/man8/apt.8.gz", "/usr/share/man/nl/man1/apt-transport-http.1.gz", "/usr/share/man/nl/man1/apt-transport-https.1.gz", "/usr/share/man/nl/man1/apt-transport-mirror.1.gz", "/usr/share/man/nl/man5/apt.conf.5.gz", "/usr/share/man/nl/man5/apt_auth.conf.5.gz", "/usr/share/man/nl/man5/apt_preferences.5.gz", "/usr/share/man/nl/man5/sources.list.5.gz", "/usr/share/man/nl/man7/apt-patterns.7.gz", "/usr/share/man/nl/man8/apt-cache.8.gz", "/usr/share/man/nl/man8/apt-cdrom.8.gz", "/usr/share/man/nl/man8/apt-config.8.gz", "/usr/share/man/nl/man8/apt-get.8.gz", "/usr/share/man/nl/man8/apt-mark.8.gz", "/usr/share/man/nl/man8/apt-secure.8.gz", "/usr/share/man/nl/man8/apt.8.gz", "/usr/share/man/pl/man5/apt_preferences.5.gz", "/usr/share/man/pl/man8/apt-cache.8.gz", "/usr/share/man/pl/man8/apt-cdrom.8.gz", "/usr/share/man/pl/man8/apt-config.8.gz", "/usr/share/man/pt/man1/apt-transport-http.1.gz", "/usr/share/man/pt/man1/apt-transport-https.1.gz", "/usr/share/man/pt/man1/apt-transport-mirror.1.gz", "/usr/share/man/pt/man5/apt.conf.5.gz", "/usr/share/man/pt/man5/apt_auth.conf.5.gz", "/usr/share/man/pt/man5/apt_preferences.5.gz", "/usr/share/man/pt/man5/sources.list.5.gz", "/usr/share/man/pt/man7/apt-patterns.7.gz", "/usr/share/man/pt/man8/apt-cache.8.gz", "/usr/share/man/pt/man8/apt-cdrom.8.gz", "/usr/share/man/pt/man8/apt-config.8.gz", "/usr/share/man/pt/man8/apt-get.8.gz", "/usr/share/man/pt/man8/apt-mark.8.gz", "/usr/share/man/pt/man8/apt-secure.8.gz", "/usr/share/man/pt/man8/apt.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "base-files@13.8+deb13u5", "Name": "base-files", "Identifier": { "PURL": "pkg:deb/debian/base-files@13.8%2Bdeb13u5?arch=amd64\u0026distro=debian-13.5", "UID": "6b13e330b45e6f4f" }, "Version": "13.8+deb13u5", "Arch": "amd64", "SrcName": "base-files", "SrcVersion": "13.8+deb13u5", "Licenses": [ "GPL-2.0-or-later", "verbatim" ], "Maintainer": "Santiago Vila \u003csanvila@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/os-release", "/usr/share/base-files/dot.bashrc", "/usr/share/base-files/dot.profile", "/usr/share/base-files/dot.profile.md5sums", "/usr/share/base-files/info.dir", "/usr/share/base-files/motd", "/usr/share/base-files/profile", "/usr/share/base-files/profile.md5sums", "/usr/share/base-files/staff-group-for-usr-local", "/usr/share/common-licenses/Apache-2.0", "/usr/share/common-licenses/Artistic", "/usr/share/common-licenses/BSD", "/usr/share/common-licenses/CC0-1.0", "/usr/share/common-licenses/GFDL-1.2", "/usr/share/common-licenses/GFDL-1.3", "/usr/share/common-licenses/GPL-1", "/usr/share/common-licenses/GPL-2", "/usr/share/common-licenses/GPL-3", "/usr/share/common-licenses/LGPL-2", "/usr/share/common-licenses/LGPL-2.1", "/usr/share/common-licenses/LGPL-3", "/usr/share/common-licenses/MPL-1.1", "/usr/share/common-licenses/MPL-2.0", "/usr/share/doc/base-files/NEWS.Debian.gz", "/usr/share/doc/base-files/README", "/usr/share/doc/base-files/README.FHS", "/usr/share/doc/base-files/changelog.gz", "/usr/share/doc/base-files/copyright", "/usr/share/lintian/overrides/base-files" ], "AnalyzedBy": "dpkg" }, { "ID": "base-passwd@3.6.7", "Name": "base-passwd", "Identifier": { "PURL": "pkg:deb/debian/base-passwd@3.6.7?arch=amd64\u0026distro=debian-13.5", "UID": "f77779fa356eca05" }, "Version": "3.6.7", "Arch": "amd64", "SrcName": "base-passwd", "SrcVersion": "3.6.7", "Licenses": [ "GPL-2.0-only", "public-domain" ], "Maintainer": "Shadow package maintainers \u003cpkg-shadow-devel@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libdebconfclient0@0.280", "libselinux1@3.8.1-1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/sbin/update-passwd", "/usr/share/base-passwd/group.master", "/usr/share/base-passwd/passwd.master", "/usr/share/doc-base/base-passwd.users-and-groups", "/usr/share/doc/base-passwd/README", "/usr/share/doc/base-passwd/changelog.gz", "/usr/share/doc/base-passwd/copyright", "/usr/share/doc/base-passwd/users-and-groups.html", "/usr/share/doc/base-passwd/users-and-groups.txt.gz", "/usr/share/lintian/overrides/base-passwd", "/usr/share/man/de/man8/update-passwd.8.gz", "/usr/share/man/es/man8/update-passwd.8.gz", "/usr/share/man/fr/man8/update-passwd.8.gz", "/usr/share/man/ja/man8/update-passwd.8.gz", "/usr/share/man/man8/update-passwd.8.gz", "/usr/share/man/pl/man8/update-passwd.8.gz", "/usr/share/man/ro/man8/update-passwd.8.gz", "/usr/share/man/ru/man8/update-passwd.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "bash@5.2.37-2+b9", "Name": "bash", "Identifier": { "PURL": "pkg:deb/debian/bash@5.2.37-2%2Bb9?arch=amd64\u0026distro=debian-13.5", "UID": "f36f9b3693158651" }, "Version": "5.2.37", "Release": "2+b9", "Arch": "amd64", "SrcName": "bash", "SrcVersion": "5.2.37", "SrcRelease": "2", "Licenses": [ "GPL-3.0-or-later", "GPL-3.0-only", "GPL-3+ with Bison exception", "GPL-2.0-or-later", "GPL-2.0-only", "GFDL-1.3-no-invariants-only", "GFDL-1.3-only", "Latex2e", "BSD-4-Clause-UC", "MIT", "permissive" ], "Maintainer": "Matthias Klose \u003cdoko@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "base-files@13.8+deb13u5", "debianutils@5.23.2" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/bash", "/usr/bin/bashbug", "/usr/bin/clear_console", "/usr/share/debianutils/shells.d/bash", "/usr/share/doc/bash/CHANGES.gz", "/usr/share/doc/bash/COMPAT.gz", "/usr/share/doc/bash/INTRO.gz", "/usr/share/doc/bash/NEWS.gz", "/usr/share/doc/bash/POSIX.gz", "/usr/share/doc/bash/RBASH", "/usr/share/doc/bash/README.Debian.gz", "/usr/share/doc/bash/README.abs-guide", "/usr/share/doc/bash/README.commands.gz", "/usr/share/doc/bash/README.gz", "/usr/share/doc/bash/changelog.Debian.amd64.gz", "/usr/share/doc/bash/changelog.Debian.gz", "/usr/share/doc/bash/changelog.gz", "/usr/share/doc/bash/copyright", "/usr/share/doc/bash/inputrc.arrows", "/usr/share/lintian/overrides/bash", "/usr/share/locale/af/LC_MESSAGES/bash.mo", "/usr/share/locale/bg/LC_MESSAGES/bash.mo", "/usr/share/locale/ca/LC_MESSAGES/bash.mo", "/usr/share/locale/cs/LC_MESSAGES/bash.mo", "/usr/share/locale/da/LC_MESSAGES/bash.mo", "/usr/share/locale/de/LC_MESSAGES/bash.mo", "/usr/share/locale/el/LC_MESSAGES/bash.mo", "/usr/share/locale/en@boldquot/LC_MESSAGES/bash.mo", "/usr/share/locale/en@quot/LC_MESSAGES/bash.mo", "/usr/share/locale/eo/LC_MESSAGES/bash.mo", "/usr/share/locale/es/LC_MESSAGES/bash.mo", "/usr/share/locale/et/LC_MESSAGES/bash.mo", "/usr/share/locale/fi/LC_MESSAGES/bash.mo", "/usr/share/locale/fr/LC_MESSAGES/bash.mo", "/usr/share/locale/ga/LC_MESSAGES/bash.mo", "/usr/share/locale/gl/LC_MESSAGES/bash.mo", "/usr/share/locale/hr/LC_MESSAGES/bash.mo", "/usr/share/locale/hu/LC_MESSAGES/bash.mo", "/usr/share/locale/id/LC_MESSAGES/bash.mo", "/usr/share/locale/it/LC_MESSAGES/bash.mo", "/usr/share/locale/ja/LC_MESSAGES/bash.mo", "/usr/share/locale/ko/LC_MESSAGES/bash.mo", "/usr/share/locale/lt/LC_MESSAGES/bash.mo", "/usr/share/locale/nb/LC_MESSAGES/bash.mo", "/usr/share/locale/nl/LC_MESSAGES/bash.mo", "/usr/share/locale/pl/LC_MESSAGES/bash.mo", "/usr/share/locale/pt/LC_MESSAGES/bash.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/bash.mo", "/usr/share/locale/ro/LC_MESSAGES/bash.mo", "/usr/share/locale/ru/LC_MESSAGES/bash.mo", "/usr/share/locale/sk/LC_MESSAGES/bash.mo", "/usr/share/locale/sl/LC_MESSAGES/bash.mo", "/usr/share/locale/sr/LC_MESSAGES/bash.mo", "/usr/share/locale/sv/LC_MESSAGES/bash.mo", "/usr/share/locale/tr/LC_MESSAGES/bash.mo", "/usr/share/locale/uk/LC_MESSAGES/bash.mo", "/usr/share/locale/vi/LC_MESSAGES/bash.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/bash.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/bash.mo", "/usr/share/man/man1/bash.1.gz", "/usr/share/man/man1/bashbug.1.gz", "/usr/share/man/man1/clear_console.1.gz", "/usr/share/man/man1/rbash.1.gz", "/usr/share/man/man7/bash-builtins.7.gz", "/usr/share/menu/bash" ], "AnalyzedBy": "dpkg" }, { "ID": "bsdutils@1:2.41-5", "Name": "bsdutils", "Identifier": { "PURL": "pkg:deb/debian/bsdutils@2.41-5?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "5843733a461e6ce1" }, "Version": "2.41", "Release": "5", "Epoch": 1, "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/logger", "/usr/bin/renice", "/usr/bin/script", "/usr/bin/scriptlive", "/usr/bin/scriptreplay", "/usr/bin/wall", "/usr/share/bash-completion/completions/logger", "/usr/share/bash-completion/completions/renice", "/usr/share/bash-completion/completions/script", "/usr/share/bash-completion/completions/scriptlive", "/usr/share/bash-completion/completions/scriptreplay", "/usr/share/bash-completion/completions/wall", "/usr/share/doc/bsdutils/NEWS.Debian.gz", "/usr/share/doc/bsdutils/changelog.Debian.gz", "/usr/share/doc/bsdutils/changelog.gz", "/usr/share/doc/bsdutils/copyright", "/usr/share/lintian/overrides/bsdutils", "/usr/share/man/man1/logger.1.gz", "/usr/share/man/man1/renice.1.gz", "/usr/share/man/man1/script.1.gz", "/usr/share/man/man1/scriptlive.1.gz", "/usr/share/man/man1/scriptreplay.1.gz", "/usr/share/man/man1/wall.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "ca-certificates@20250419", "Name": "ca-certificates", "Identifier": { "PURL": "pkg:deb/debian/ca-certificates@20250419?arch=all\u0026distro=debian-13.5", "UID": "2c691dbd8cebdf2a" }, "Version": "20250419", "Arch": "all", "SrcName": "ca-certificates", "SrcVersion": "20250419", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "MPL-2.0" ], "Maintainer": "Julien Cristau \u003cjcristau@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debconf@1.5.91", "openssl@3.5.6-1~deb13u1" ], "Layer": { "Digest": "sha256:4a9dde5cdde190bfa0a3ab17863a083e66ea9636b157638c315357dfa476ba76", "DiffID": "sha256:ae0096d57d7f18e7861848f1103983488102f78517c11444120d8a938884de54" }, "InstalledFiles": [ "/usr/sbin/update-ca-certificates", "/usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt", "/usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt", "/usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt", "/usr/share/ca-certificates/mozilla/ANF_Secure_Server_Root_CA.crt", "/usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt", "/usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt", "/usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt", "/usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt", "/usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt", "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt", "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt", "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt", "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt", "/usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt", "/usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.crt", "/usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.crt", "/usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt", "/usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA1.crt", "/usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA2.crt", "/usr/share/ca-certificates/mozilla/Baltimore_CyberTrust_Root.crt", "/usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt", "/usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt", "/usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt", "/usr/share/ca-certificates/mozilla/CFCA_EV_ROOT.crt", "/usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/Certainly_Root_E1.crt", "/usr/share/ca-certificates/mozilla/Certainly_Root_R1.crt", "/usr/share/ca-certificates/mozilla/Certigna.crt", "/usr/share/ca-certificates/mozilla/Certigna_Root_CA.crt", "/usr/share/ca-certificates/mozilla/Certum_EC-384_CA.crt", "/usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt", "/usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt", "/usr/share/ca-certificates/mozilla/Certum_Trusted_Root_CA.crt", "/usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-01.crt", "/usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-02.crt", "/usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-01.crt", "/usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-02.crt", "/usr/share/ca-certificates/mozilla/Comodo_AAA_Services_root.crt", "/usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_1_2020.crt", "/usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_2_2023.crt", "/usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_1_2020.crt", "/usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_2_2023.crt", "/usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt", "/usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt", "/usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt", "/usr/share/ca-certificates/mozilla/DigiCert_TLS_ECC_P384_Root_G5.crt", "/usr/share/ca-certificates/mozilla/DigiCert_TLS_RSA4096_Root_G5.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt", "/usr/share/ca-certificates/mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt", "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt", "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt", "/usr/share/ca-certificates/mozilla/FIRMAPROFESIONAL_CA_ROOT-A_WEB.crt", "/usr/share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt", "/usr/share/ca-certificates/mozilla/GLOBALTRUST_2020.crt", "/usr/share/ca-certificates/mozilla/GTS_Root_R1.crt", "/usr/share/ca-certificates/mozilla/GTS_Root_R2.crt", "/usr/share/ca-certificates/mozilla/GTS_Root_R3.crt", "/usr/share/ca-certificates/mozilla/GTS_Root_R4.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_Root_E46.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_Root_R46.crt", "/usr/share/ca-certificates/mozilla/Go_Daddy_Class_2_CA.crt", "/usr/share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt", "/usr/share/ca-certificates/mozilla/HARICA_TLS_ECC_Root_CA_2021.crt", "/usr/share/ca-certificates/mozilla/HARICA_TLS_RSA_Root_CA_2021.crt", "/usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt", "/usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt", "/usr/share/ca-certificates/mozilla/HiPKI_Root_CA_-_G1.crt", "/usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt", "/usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt", "/usr/share/ca-certificates/mozilla/ISRG_Root_X2.crt", "/usr/share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt", "/usr/share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt", "/usr/share/ca-certificates/mozilla/Izenpe.com.crt", "/usr/share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt", "/usr/share/ca-certificates/mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt", "/usr/share/ca-certificates/mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt", "/usr/share/ca-certificates/mozilla/NAVER_Global_Root_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt", "/usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt", "/usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt", "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt", "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt", "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt", "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt", "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt", "/usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt", "/usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt", "/usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt", "/usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt", "/usr/share/ca-certificates/mozilla/SSL.com_TLS_ECC_Root_CA_2022.crt", "/usr/share/ca-certificates/mozilla/SSL.com_TLS_RSA_Root_CA_2022.crt", "/usr/share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt", "/usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_E46.crt", "/usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_R46.crt", "/usr/share/ca-certificates/mozilla/SecureSign_Root_CA12.crt", "/usr/share/ca-certificates/mozilla/SecureSign_Root_CA14.crt", "/usr/share/ca-certificates/mozilla/SecureSign_Root_CA15.crt", "/usr/share/ca-certificates/mozilla/SecureTrust_CA.crt", "/usr/share/ca-certificates/mozilla/Secure_Global_CA.crt", "/usr/share/ca-certificates/mozilla/Security_Communication_ECC_RootCA1.crt", "/usr/share/ca-certificates/mozilla/Security_Communication_RootCA2.crt", "/usr/share/ca-certificates/mozilla/Starfield_Class_2_CA.crt", "/usr/share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt", "/usr/share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt", "/usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt", "/usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt", "/usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt", "/usr/share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt", "/usr/share/ca-certificates/mozilla/TWCA_CYBER_Root_CA.crt", "/usr/share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt", "/usr/share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/Telekom_Security_TLS_ECC_Root_2020.crt", "/usr/share/ca-certificates/mozilla/Telekom_Security_TLS_RSA_Root_2023.crt", "/usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt", "/usr/share/ca-certificates/mozilla/Telia_Root_CA_v2.crt", "/usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G3.crt", "/usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G4.crt", "/usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/TunTrust_Root_CA.crt", "/usr/share/ca-certificates/mozilla/UCA_Extended_Validation_Root.crt", "/usr/share/ca-certificates/mozilla/UCA_Global_G2_Root.crt", "/usr/share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/XRamp_Global_CA_Root.crt", "/usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt", "/usr/share/ca-certificates/mozilla/certSIGN_Root_CA_G2.crt", "/usr/share/ca-certificates/mozilla/e-Szigno_Root_CA_2017.crt", "/usr/share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_C3.crt", "/usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_G3.crt", "/usr/share/ca-certificates/mozilla/emSign_Root_CA_-_C1.crt", "/usr/share/ca-certificates/mozilla/emSign_Root_CA_-_G1.crt", "/usr/share/ca-certificates/mozilla/vTrus_ECC_Root_CA.crt", "/usr/share/ca-certificates/mozilla/vTrus_Root_CA.crt", "/usr/share/doc/ca-certificates/README.Debian", "/usr/share/doc/ca-certificates/changelog.gz", "/usr/share/doc/ca-certificates/copyright", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/Makefile", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/README", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/ca-certificates-local.triggers", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/changelog", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/compat", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/control", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/copyright", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/postrm", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/rules", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/source/format", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/local/Local_Root_CA.crt", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/local/Makefile", "/usr/share/man/man8/update-ca-certificates.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "coreutils@9.7-3", "Name": "coreutils", "Identifier": { "PURL": "pkg:deb/debian/coreutils@9.7-3?arch=amd64\u0026distro=debian-13.5", "UID": "cb4a55f50bda2393" }, "Version": "9.7", "Release": "3", "Arch": "amd64", "SrcName": "coreutils", "SrcVersion": "9.7", "SrcRelease": "3", "Licenses": [ "GPL-3.0-or-later", "BSD-4-Clause-UC", "GPL-3.0-only", "ISC", "FSFULLR", "GFDL-1.3-no-invariants-only", "GFDL-1.3-only" ], "Maintainer": "Michael Stone \u003cmstone@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/[", "/usr/bin/arch", "/usr/bin/b2sum", "/usr/bin/base32", "/usr/bin/base64", "/usr/bin/basename", "/usr/bin/basenc", "/usr/bin/cat", "/usr/bin/chcon", "/usr/bin/chgrp", "/usr/bin/chmod", "/usr/bin/chown", "/usr/bin/cksum", "/usr/bin/comm", "/usr/bin/cp", "/usr/bin/csplit", "/usr/bin/cut", "/usr/bin/date", "/usr/bin/dd", "/usr/bin/df", "/usr/bin/dir", "/usr/bin/dircolors", "/usr/bin/dirname", "/usr/bin/du", "/usr/bin/echo", "/usr/bin/env", "/usr/bin/expand", "/usr/bin/expr", "/usr/bin/factor", "/usr/bin/false", "/usr/bin/fmt", "/usr/bin/fold", "/usr/bin/groups", "/usr/bin/head", "/usr/bin/hostid", "/usr/bin/id", "/usr/bin/install", "/usr/bin/join", "/usr/bin/link", "/usr/bin/ln", "/usr/bin/logname", "/usr/bin/ls", "/usr/bin/md5sum", "/usr/bin/mkdir", "/usr/bin/mkfifo", "/usr/bin/mknod", "/usr/bin/mktemp", "/usr/bin/mv", "/usr/bin/nice", "/usr/bin/nl", "/usr/bin/nohup", "/usr/bin/nproc", "/usr/bin/numfmt", "/usr/bin/od", "/usr/bin/paste", "/usr/bin/pathchk", "/usr/bin/pinky", "/usr/bin/pr", "/usr/bin/printenv", "/usr/bin/printf", "/usr/bin/ptx", "/usr/bin/pwd", "/usr/bin/readlink", "/usr/bin/realpath", "/usr/bin/rm", "/usr/bin/rmdir", "/usr/bin/runcon", "/usr/bin/seq", "/usr/bin/sha1sum", "/usr/bin/sha224sum", "/usr/bin/sha256sum", "/usr/bin/sha384sum", "/usr/bin/sha512sum", "/usr/bin/shred", "/usr/bin/shuf", "/usr/bin/sleep", "/usr/bin/sort", "/usr/bin/split", "/usr/bin/stat", "/usr/bin/stdbuf", "/usr/bin/stty", "/usr/bin/sum", "/usr/bin/sync", "/usr/bin/tac", "/usr/bin/tail", "/usr/bin/tee", "/usr/bin/test", "/usr/bin/timeout", "/usr/bin/touch", "/usr/bin/tr", "/usr/bin/true", "/usr/bin/truncate", "/usr/bin/tsort", "/usr/bin/tty", "/usr/bin/uname", "/usr/bin/unexpand", "/usr/bin/uniq", "/usr/bin/unlink", "/usr/bin/users", "/usr/bin/vdir", "/usr/bin/wc", "/usr/bin/who", "/usr/bin/whoami", "/usr/bin/yes", "/usr/libexec/coreutils/libstdbuf.so", "/usr/sbin/chroot", "/usr/share/doc/coreutils/AUTHORS", "/usr/share/doc/coreutils/NEWS.gz", "/usr/share/doc/coreutils/README.Debian", "/usr/share/doc/coreutils/README.gz", "/usr/share/doc/coreutils/THANKS.gz", "/usr/share/doc/coreutils/TODO.gz", "/usr/share/doc/coreutils/changelog.Debian.gz", "/usr/share/doc/coreutils/changelog.gz", "/usr/share/doc/coreutils/copyright", "/usr/share/info/coreutils.info.gz", "/usr/share/lintian/overrides/coreutils", "/usr/share/locale/af/LC_MESSAGES/coreutils.mo", "/usr/share/locale/be/LC_MESSAGES/coreutils.mo", "/usr/share/locale/bg/LC_MESSAGES/coreutils.mo", "/usr/share/locale/ca/LC_MESSAGES/coreutils.mo", "/usr/share/locale/cs/LC_MESSAGES/coreutils.mo", "/usr/share/locale/da/LC_MESSAGES/coreutils.mo", "/usr/share/locale/de/LC_MESSAGES/coreutils.mo", "/usr/share/locale/el/LC_MESSAGES/coreutils.mo", "/usr/share/locale/eo/LC_MESSAGES/coreutils.mo", "/usr/share/locale/es/LC_MESSAGES/coreutils.mo", "/usr/share/locale/et/LC_MESSAGES/coreutils.mo", "/usr/share/locale/eu/LC_MESSAGES/coreutils.mo", "/usr/share/locale/fi/LC_MESSAGES/coreutils.mo", "/usr/share/locale/fr/LC_MESSAGES/coreutils.mo", "/usr/share/locale/ga/LC_MESSAGES/coreutils.mo", "/usr/share/locale/gl/LC_MESSAGES/coreutils.mo", "/usr/share/locale/hr/LC_MESSAGES/coreutils.mo", "/usr/share/locale/hu/LC_MESSAGES/coreutils.mo", "/usr/share/locale/ia/LC_MESSAGES/coreutils.mo", "/usr/share/locale/id/LC_MESSAGES/coreutils.mo", "/usr/share/locale/it/LC_MESSAGES/coreutils.mo", "/usr/share/locale/ja/LC_MESSAGES/coreutils.mo", "/usr/share/locale/ka/LC_MESSAGES/coreutils.mo", "/usr/share/locale/kk/LC_MESSAGES/coreutils.mo", "/usr/share/locale/ko/LC_MESSAGES/coreutils.mo", "/usr/share/locale/lg/LC_MESSAGES/coreutils.mo", "/usr/share/locale/lt/LC_MESSAGES/coreutils.mo", "/usr/share/locale/ms/LC_MESSAGES/coreutils.mo", "/usr/share/locale/nb/LC_MESSAGES/coreutils.mo", "/usr/share/locale/nl/LC_MESSAGES/coreutils.mo", "/usr/share/locale/pl/LC_MESSAGES/coreutils.mo", "/usr/share/locale/pt/LC_MESSAGES/coreutils.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/coreutils.mo", "/usr/share/locale/ro/LC_MESSAGES/coreutils.mo", "/usr/share/locale/ru/LC_MESSAGES/coreutils.mo", "/usr/share/locale/sk/LC_MESSAGES/coreutils.mo", "/usr/share/locale/sl/LC_MESSAGES/coreutils.mo", "/usr/share/locale/sr/LC_MESSAGES/coreutils.mo", "/usr/share/locale/sv/LC_MESSAGES/coreutils.mo", "/usr/share/locale/ta/LC_MESSAGES/coreutils.mo", "/usr/share/locale/tr/LC_MESSAGES/coreutils.mo", "/usr/share/locale/uk/LC_MESSAGES/coreutils.mo", "/usr/share/locale/vi/LC_MESSAGES/coreutils.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/coreutils.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/coreutils.mo", "/usr/share/man/man1/arch.1.gz", "/usr/share/man/man1/b2sum.1.gz", "/usr/share/man/man1/base32.1.gz", "/usr/share/man/man1/base64.1.gz", "/usr/share/man/man1/basename.1.gz", "/usr/share/man/man1/basenc.1.gz", "/usr/share/man/man1/cat.1.gz", "/usr/share/man/man1/chcon.1.gz", "/usr/share/man/man1/chgrp.1.gz", "/usr/share/man/man1/chmod.1.gz", "/usr/share/man/man1/chown.1.gz", "/usr/share/man/man1/cksum.1.gz", "/usr/share/man/man1/comm.1.gz", "/usr/share/man/man1/cp.1.gz", "/usr/share/man/man1/csplit.1.gz", "/usr/share/man/man1/cut.1.gz", "/usr/share/man/man1/date.1.gz", "/usr/share/man/man1/dd.1.gz", "/usr/share/man/man1/df.1.gz", "/usr/share/man/man1/dir.1.gz", "/usr/share/man/man1/dircolors.1.gz", "/usr/share/man/man1/dirname.1.gz", "/usr/share/man/man1/du.1.gz", "/usr/share/man/man1/echo.1.gz", "/usr/share/man/man1/env.1.gz", "/usr/share/man/man1/expand.1.gz", "/usr/share/man/man1/expr.1.gz", "/usr/share/man/man1/factor.1.gz", "/usr/share/man/man1/false.1.gz", "/usr/share/man/man1/fmt.1.gz", "/usr/share/man/man1/fold.1.gz", "/usr/share/man/man1/groups.1.gz", "/usr/share/man/man1/head.1.gz", "/usr/share/man/man1/hostid.1.gz", "/usr/share/man/man1/id.1.gz", "/usr/share/man/man1/install.1.gz", "/usr/share/man/man1/join.1.gz", "/usr/share/man/man1/link.1.gz", "/usr/share/man/man1/ln.1.gz", "/usr/share/man/man1/logname.1.gz", "/usr/share/man/man1/ls.1.gz", "/usr/share/man/man1/md5sum.1.gz", "/usr/share/man/man1/mkdir.1.gz", "/usr/share/man/man1/mkfifo.1.gz", "/usr/share/man/man1/mknod.1.gz", "/usr/share/man/man1/mktemp.1.gz", "/usr/share/man/man1/mv.1.gz", "/usr/share/man/man1/nice.1.gz", "/usr/share/man/man1/nl.1.gz", "/usr/share/man/man1/nohup.1.gz", "/usr/share/man/man1/nproc.1.gz", "/usr/share/man/man1/numfmt.1.gz", "/usr/share/man/man1/od.1.gz", "/usr/share/man/man1/paste.1.gz", "/usr/share/man/man1/pathchk.1.gz", "/usr/share/man/man1/pinky.1.gz", "/usr/share/man/man1/pr.1.gz", "/usr/share/man/man1/printenv.1.gz", "/usr/share/man/man1/printf.1.gz", "/usr/share/man/man1/ptx.1.gz", "/usr/share/man/man1/pwd.1.gz", "/usr/share/man/man1/readlink.1.gz", "/usr/share/man/man1/realpath.1.gz", "/usr/share/man/man1/rm.1.gz", "/usr/share/man/man1/rmdir.1.gz", "/usr/share/man/man1/runcon.1.gz", "/usr/share/man/man1/seq.1.gz", "/usr/share/man/man1/sha1sum.1.gz", "/usr/share/man/man1/sha224sum.1.gz", "/usr/share/man/man1/sha256sum.1.gz", "/usr/share/man/man1/sha384sum.1.gz", "/usr/share/man/man1/sha512sum.1.gz", "/usr/share/man/man1/shred.1.gz", "/usr/share/man/man1/shuf.1.gz", "/usr/share/man/man1/sleep.1.gz", "/usr/share/man/man1/sort.1.gz", "/usr/share/man/man1/split.1.gz", "/usr/share/man/man1/stat.1.gz", "/usr/share/man/man1/stdbuf.1.gz", "/usr/share/man/man1/stty.1.gz", "/usr/share/man/man1/sum.1.gz", "/usr/share/man/man1/sync.1.gz", "/usr/share/man/man1/tac.1.gz", "/usr/share/man/man1/tail.1.gz", "/usr/share/man/man1/tee.1.gz", "/usr/share/man/man1/test.1.gz", "/usr/share/man/man1/timeout.1.gz", "/usr/share/man/man1/touch.1.gz", "/usr/share/man/man1/tr.1.gz", "/usr/share/man/man1/true.1.gz", "/usr/share/man/man1/truncate.1.gz", "/usr/share/man/man1/tsort.1.gz", "/usr/share/man/man1/tty.1.gz", "/usr/share/man/man1/uname.1.gz", "/usr/share/man/man1/unexpand.1.gz", "/usr/share/man/man1/uniq.1.gz", "/usr/share/man/man1/unlink.1.gz", "/usr/share/man/man1/users.1.gz", "/usr/share/man/man1/vdir.1.gz", "/usr/share/man/man1/wc.1.gz", "/usr/share/man/man1/who.1.gz", "/usr/share/man/man1/whoami.1.gz", "/usr/share/man/man1/yes.1.gz", "/usr/share/man/man8/chroot.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "dash@0.5.12-12", "Name": "dash", "Identifier": { "PURL": "pkg:deb/debian/dash@0.5.12-12?arch=amd64\u0026distro=debian-13.5", "UID": "4990b2098a2a3724" }, "Version": "0.5.12", "Release": "12", "Arch": "amd64", "SrcName": "dash", "SrcVersion": "0.5.12", "SrcRelease": "12", "Licenses": [ "BSD-3-Clause", "public-domain", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Andrej Shadura \u003candrewsh@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debianutils@5.23.2" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/dash", "/usr/share/debianutils/shells.d/dash", "/usr/share/doc/dash/README.Debian.diet", "/usr/share/doc/dash/README.source", "/usr/share/doc/dash/changelog.Debian.gz", "/usr/share/doc/dash/changelog.gz", "/usr/share/doc/dash/copyright", "/usr/share/lintian/overrides/dash", "/usr/share/man/man1/dash.1.gz", "/usr/share/menu/dash" ], "AnalyzedBy": "dpkg" }, { "ID": "debconf@1.5.91", "Name": "debconf", "Identifier": { "PURL": "pkg:deb/debian/debconf@1.5.91?arch=all\u0026distro=debian-13.5", "UID": "f7c8b7ba83ed5cfe" }, "Version": "1.5.91", "Arch": "all", "SrcName": "debconf", "SrcVersion": "1.5.91", "Licenses": [ "BSD-2-Clause" ], "Maintainer": "Debconf Developers \u003cdebconf-devel@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/debconf", "/usr/bin/debconf-apt-progress", "/usr/bin/debconf-communicate", "/usr/bin/debconf-copydb", "/usr/bin/debconf-escape", "/usr/bin/debconf-set-selections", "/usr/bin/debconf-show", "/usr/sbin/dpkg-preconfigure", "/usr/sbin/dpkg-reconfigure", "/usr/share/bash-completion/completions/debconf", "/usr/share/debconf/confmodule", "/usr/share/debconf/confmodule.sh", "/usr/share/debconf/debconf.conf", "/usr/share/debconf/fix_db.pl", "/usr/share/debconf/frontend", "/usr/share/doc/debconf/README.Debian", "/usr/share/doc/debconf/changelog.gz", "/usr/share/doc/debconf/copyright", "/usr/share/lintian/overrides/debconf", "/usr/share/man/man1/debconf-apt-progress.1.gz", "/usr/share/man/man1/debconf-communicate.1.gz", "/usr/share/man/man1/debconf-copydb.1.gz", "/usr/share/man/man1/debconf-escape.1.gz", "/usr/share/man/man1/debconf-set-selections.1.gz", "/usr/share/man/man1/debconf-show.1.gz", "/usr/share/man/man1/debconf.1.gz", "/usr/share/man/man8/dpkg-preconfigure.8.gz", "/usr/share/man/man8/dpkg-reconfigure.8.gz", "/usr/share/perl5/Debconf/AutoSelect.pm", "/usr/share/perl5/Debconf/Base.pm", "/usr/share/perl5/Debconf/Client/ConfModule.pm", "/usr/share/perl5/Debconf/ConfModule.pm", "/usr/share/perl5/Debconf/Config.pm", "/usr/share/perl5/Debconf/Db.pm", "/usr/share/perl5/Debconf/DbDriver.pm", "/usr/share/perl5/Debconf/DbDriver/Backup.pm", "/usr/share/perl5/Debconf/DbDriver/Cache.pm", "/usr/share/perl5/Debconf/DbDriver/Copy.pm", "/usr/share/perl5/Debconf/DbDriver/Debug.pm", "/usr/share/perl5/Debconf/DbDriver/DirTree.pm", "/usr/share/perl5/Debconf/DbDriver/Directory.pm", "/usr/share/perl5/Debconf/DbDriver/File.pm", "/usr/share/perl5/Debconf/DbDriver/LDAP.pm", "/usr/share/perl5/Debconf/DbDriver/PackageDir.pm", "/usr/share/perl5/Debconf/DbDriver/Pipe.pm", "/usr/share/perl5/Debconf/DbDriver/Stack.pm", "/usr/share/perl5/Debconf/Element.pm", "/usr/share/perl5/Debconf/Element/Dialog/Boolean.pm", "/usr/share/perl5/Debconf/Element/Dialog/Error.pm", "/usr/share/perl5/Debconf/Element/Dialog/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Dialog/Note.pm", "/usr/share/perl5/Debconf/Element/Dialog/Password.pm", "/usr/share/perl5/Debconf/Element/Dialog/Progress.pm", "/usr/share/perl5/Debconf/Element/Dialog/Select.pm", "/usr/share/perl5/Debconf/Element/Dialog/String.pm", "/usr/share/perl5/Debconf/Element/Dialog/Text.pm", "/usr/share/perl5/Debconf/Element/Editor/Boolean.pm", "/usr/share/perl5/Debconf/Element/Editor/Error.pm", "/usr/share/perl5/Debconf/Element/Editor/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Editor/Note.pm", "/usr/share/perl5/Debconf/Element/Editor/Password.pm", "/usr/share/perl5/Debconf/Element/Editor/Progress.pm", "/usr/share/perl5/Debconf/Element/Editor/Select.pm", "/usr/share/perl5/Debconf/Element/Editor/String.pm", "/usr/share/perl5/Debconf/Element/Editor/Text.pm", "/usr/share/perl5/Debconf/Element/Gnome.pm", "/usr/share/perl5/Debconf/Element/Gnome/Boolean.pm", "/usr/share/perl5/Debconf/Element/Gnome/Error.pm", "/usr/share/perl5/Debconf/Element/Gnome/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Gnome/Note.pm", "/usr/share/perl5/Debconf/Element/Gnome/Password.pm", "/usr/share/perl5/Debconf/Element/Gnome/Progress.pm", "/usr/share/perl5/Debconf/Element/Gnome/Select.pm", "/usr/share/perl5/Debconf/Element/Gnome/String.pm", "/usr/share/perl5/Debconf/Element/Gnome/Text.pm", "/usr/share/perl5/Debconf/Element/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Noninteractive.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Boolean.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Error.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Note.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Password.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Progress.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Select.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/String.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Text.pm", "/usr/share/perl5/Debconf/Element/Select.pm", "/usr/share/perl5/Debconf/Element/Teletype/Boolean.pm", "/usr/share/perl5/Debconf/Element/Teletype/Error.pm", "/usr/share/perl5/Debconf/Element/Teletype/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Teletype/Note.pm", "/usr/share/perl5/Debconf/Element/Teletype/Password.pm", "/usr/share/perl5/Debconf/Element/Teletype/Progress.pm", "/usr/share/perl5/Debconf/Element/Teletype/Select.pm", "/usr/share/perl5/Debconf/Element/Teletype/String.pm", "/usr/share/perl5/Debconf/Element/Teletype/Text.pm", "/usr/share/perl5/Debconf/Element/Web/Boolean.pm", "/usr/share/perl5/Debconf/Element/Web/Error.pm", "/usr/share/perl5/Debconf/Element/Web/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Web/Note.pm", "/usr/share/perl5/Debconf/Element/Web/Password.pm", "/usr/share/perl5/Debconf/Element/Web/Progress.pm", "/usr/share/perl5/Debconf/Element/Web/Select.pm", "/usr/share/perl5/Debconf/Element/Web/String.pm", "/usr/share/perl5/Debconf/Element/Web/Text.pm", "/usr/share/perl5/Debconf/Encoding.pm", "/usr/share/perl5/Debconf/Format.pm", "/usr/share/perl5/Debconf/Format/822.pm", "/usr/share/perl5/Debconf/FrontEnd.pm", "/usr/share/perl5/Debconf/FrontEnd/Dialog.pm", "/usr/share/perl5/Debconf/FrontEnd/Editor.pm", "/usr/share/perl5/Debconf/FrontEnd/Gnome.pm", "/usr/share/perl5/Debconf/FrontEnd/Kde.pm", "/usr/share/perl5/Debconf/FrontEnd/Noninteractive.pm", "/usr/share/perl5/Debconf/FrontEnd/Passthrough.pm", "/usr/share/perl5/Debconf/FrontEnd/Readline.pm", "/usr/share/perl5/Debconf/FrontEnd/ScreenSize.pm", "/usr/share/perl5/Debconf/FrontEnd/Teletype.pm", "/usr/share/perl5/Debconf/FrontEnd/Text.pm", "/usr/share/perl5/Debconf/FrontEnd/Web.pm", "/usr/share/perl5/Debconf/Gettext.pm", "/usr/share/perl5/Debconf/Iterator.pm", "/usr/share/perl5/Debconf/Log.pm", "/usr/share/perl5/Debconf/Path.pm", "/usr/share/perl5/Debconf/Priority.pm", "/usr/share/perl5/Debconf/Question.pm", "/usr/share/perl5/Debconf/Template.pm", "/usr/share/perl5/Debconf/Template/Transient.pm", "/usr/share/perl5/Debconf/TmpFile.pm", "/usr/share/perl5/Debian/DebConf/Client/ConfModule.pm", "/usr/share/pixmaps/debian-logo.png" ], "AnalyzedBy": "dpkg" }, { "ID": "debian-archive-keyring@2025.1", "Name": "debian-archive-keyring", "Identifier": { "PURL": "pkg:deb/debian/debian-archive-keyring@2025.1?arch=all\u0026distro=debian-13.5", "UID": "a22d861380b1187c" }, "Version": "2025.1", "Arch": "all", "SrcName": "debian-archive-keyring", "SrcVersion": "2025.1", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Debian Release Team \u003cpackages@release.debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/share/doc/debian-archive-keyring/NEWS.Debian.gz", "/usr/share/doc/debian-archive-keyring/README", "/usr/share/doc/debian-archive-keyring/changelog.gz", "/usr/share/doc/debian-archive-keyring/copyright", "/usr/share/keyrings/debian-archive-bookworm-automatic.pgp", "/usr/share/keyrings/debian-archive-bookworm-security-automatic.pgp", "/usr/share/keyrings/debian-archive-bookworm-stable.pgp", "/usr/share/keyrings/debian-archive-bullseye-automatic.pgp", "/usr/share/keyrings/debian-archive-bullseye-security-automatic.pgp", "/usr/share/keyrings/debian-archive-bullseye-stable.pgp", "/usr/share/keyrings/debian-archive-keyring.pgp", "/usr/share/keyrings/debian-archive-removed-keys.pgp", "/usr/share/keyrings/debian-archive-trixie-automatic.pgp", "/usr/share/keyrings/debian-archive-trixie-security-automatic.pgp", "/usr/share/keyrings/debian-archive-trixie-stable.pgp" ], "AnalyzedBy": "dpkg" }, { "ID": "debianutils@5.23.2", "Name": "debianutils", "Identifier": { "PURL": "pkg:deb/debian/debianutils@5.23.2?arch=amd64\u0026distro=debian-13.5", "UID": "3c5d0b66afafddbb" }, "Version": "5.23.2", "Arch": "amd64", "SrcName": "debianutils", "SrcVersion": "5.23.2", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "public-domain", "SMAIL-GPL" ], "Maintainer": "Ileana Dumitrescu \u003cileanadumitrescu95@gmail.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/ischroot", "/usr/bin/run-parts", "/usr/bin/savelog", "/usr/bin/tempfile", "/usr/bin/which.debianutils", "/usr/sbin/add-shell", "/usr/sbin/installkernel", "/usr/sbin/remove-shell", "/usr/sbin/update-shells", "/usr/share/debianutils/shells", "/usr/share/doc/debianutils/README.shells", "/usr/share/doc/debianutils/changelog.gz", "/usr/share/doc/debianutils/copyright", "/usr/share/man/de/man1/which.debianutils.1.gz", "/usr/share/man/de/man8/add-shell.8.gz", "/usr/share/man/de/man8/installkernel.8.gz", "/usr/share/man/de/man8/remove-shell.8.gz", "/usr/share/man/de/man8/run-parts.8.gz", "/usr/share/man/de/man8/savelog.8.gz", "/usr/share/man/es/man1/which.debianutils.1.gz", "/usr/share/man/es/man8/add-shell.8.gz", "/usr/share/man/es/man8/installkernel.8.gz", "/usr/share/man/es/man8/remove-shell.8.gz", "/usr/share/man/es/man8/run-parts.8.gz", "/usr/share/man/es/man8/savelog.8.gz", "/usr/share/man/fr/man1/which.debianutils.1.gz", "/usr/share/man/fr/man8/add-shell.8.gz", "/usr/share/man/fr/man8/installkernel.8.gz", "/usr/share/man/fr/man8/remove-shell.8.gz", "/usr/share/man/fr/man8/run-parts.8.gz", "/usr/share/man/fr/man8/savelog.8.gz", "/usr/share/man/it/man1/which.debianutils.1.gz", "/usr/share/man/it/man8/add-shell.8.gz", "/usr/share/man/it/man8/installkernel.8.gz", "/usr/share/man/it/man8/remove-shell.8.gz", "/usr/share/man/it/man8/run-parts.8.gz", "/usr/share/man/it/man8/savelog.8.gz", "/usr/share/man/ja/man1/which.debianutils.1.gz", "/usr/share/man/ja/man8/add-shell.8.gz", "/usr/share/man/ja/man8/installkernel.8.gz", "/usr/share/man/ja/man8/remove-shell.8.gz", "/usr/share/man/ja/man8/run-parts.8.gz", "/usr/share/man/ja/man8/savelog.8.gz", "/usr/share/man/man1/ischroot.1.gz", "/usr/share/man/man1/tempfile.1.gz", "/usr/share/man/man1/which.debianutils.1.gz", "/usr/share/man/man8/add-shell.8.gz", "/usr/share/man/man8/installkernel.8.gz", "/usr/share/man/man8/remove-shell.8.gz", "/usr/share/man/man8/run-parts.8.gz", "/usr/share/man/man8/savelog.8.gz", "/usr/share/man/man8/update-shells.8.gz", "/usr/share/man/pl/man1/which.debianutils.1.gz", "/usr/share/man/pl/man8/add-shell.8.gz", "/usr/share/man/pl/man8/installkernel.8.gz", "/usr/share/man/pl/man8/remove-shell.8.gz", "/usr/share/man/pl/man8/run-parts.8.gz", "/usr/share/man/pl/man8/savelog.8.gz", "/usr/share/man/pt/man1/which.debianutils.1.gz", "/usr/share/man/pt/man8/add-shell.8.gz", "/usr/share/man/pt/man8/installkernel.8.gz", "/usr/share/man/pt/man8/remove-shell.8.gz", "/usr/share/man/pt/man8/run-parts.8.gz", "/usr/share/man/pt/man8/savelog.8.gz", "/usr/share/man/sl/man1/which.debianutils.1.gz", "/usr/share/man/sl/man8/add-shell.8.gz", "/usr/share/man/sl/man8/installkernel.8.gz", "/usr/share/man/sl/man8/remove-shell.8.gz", "/usr/share/man/sl/man8/run-parts.8.gz", "/usr/share/man/sl/man8/savelog.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "diffutils@1:3.10-4", "Name": "diffutils", "Identifier": { "PURL": "pkg:deb/debian/diffutils@3.10-4?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "852f693a78aaa149" }, "Version": "3.10", "Release": "4", "Epoch": 1, "Arch": "amd64", "SrcName": "diffutils", "SrcVersion": "3.10", "SrcRelease": "4", "SrcEpoch": 1, "Licenses": [ "GPL-3.0-or-later", "FSFULLR", "LGPL-2.1-or-later", "GPL-3.0-with-autoconf-exception+", "GPL-3.0-only", "GPL-3+ with texinfo exception", "LGPL-2.0-or-later", "GPL-2.0-or-later", "X11", "FSFAP", "GFDL-1.3-no-invariants-only", "LGPL-3.0-or-later", "LGPL-3.0-only", "public-domain", "LGPL-2.0-only", "LGPL-2.1-only", "GPL-2.0-only", "GFDL-1.3-only" ], "Maintainer": "Santiago Vila \u003csanvila@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/cmp", "/usr/bin/diff", "/usr/bin/diff3", "/usr/bin/sdiff", "/usr/share/doc/diffutils/NEWS.gz", "/usr/share/doc/diffutils/changelog.Debian.gz", "/usr/share/doc/diffutils/changelog.gz", "/usr/share/doc/diffutils/copyright", "/usr/share/info/diffutils.info.gz", "/usr/share/locale/bg/LC_MESSAGES/diffutils.mo", "/usr/share/locale/ca/LC_MESSAGES/diffutils.mo", "/usr/share/locale/cs/LC_MESSAGES/diffutils.mo", "/usr/share/locale/da/LC_MESSAGES/diffutils.mo", "/usr/share/locale/de/LC_MESSAGES/diffutils.mo", "/usr/share/locale/el/LC_MESSAGES/diffutils.mo", "/usr/share/locale/eo/LC_MESSAGES/diffutils.mo", "/usr/share/locale/es/LC_MESSAGES/diffutils.mo", "/usr/share/locale/fi/LC_MESSAGES/diffutils.mo", "/usr/share/locale/fr/LC_MESSAGES/diffutils.mo", "/usr/share/locale/ga/LC_MESSAGES/diffutils.mo", "/usr/share/locale/gl/LC_MESSAGES/diffutils.mo", "/usr/share/locale/he/LC_MESSAGES/diffutils.mo", "/usr/share/locale/hr/LC_MESSAGES/diffutils.mo", "/usr/share/locale/hu/LC_MESSAGES/diffutils.mo", "/usr/share/locale/id/LC_MESSAGES/diffutils.mo", "/usr/share/locale/it/LC_MESSAGES/diffutils.mo", "/usr/share/locale/ja/LC_MESSAGES/diffutils.mo", "/usr/share/locale/ka/LC_MESSAGES/diffutils.mo", "/usr/share/locale/ko/LC_MESSAGES/diffutils.mo", "/usr/share/locale/lv/LC_MESSAGES/diffutils.mo", "/usr/share/locale/ms/LC_MESSAGES/diffutils.mo", "/usr/share/locale/nb/LC_MESSAGES/diffutils.mo", "/usr/share/locale/nl/LC_MESSAGES/diffutils.mo", "/usr/share/locale/pl/LC_MESSAGES/diffutils.mo", "/usr/share/locale/pt/LC_MESSAGES/diffutils.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/diffutils.mo", "/usr/share/locale/ro/LC_MESSAGES/diffutils.mo", "/usr/share/locale/ru/LC_MESSAGES/diffutils.mo", "/usr/share/locale/sr/LC_MESSAGES/diffutils.mo", "/usr/share/locale/sv/LC_MESSAGES/diffutils.mo", "/usr/share/locale/tr/LC_MESSAGES/diffutils.mo", "/usr/share/locale/uk/LC_MESSAGES/diffutils.mo", "/usr/share/locale/vi/LC_MESSAGES/diffutils.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/diffutils.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/diffutils.mo", "/usr/share/man/man1/cmp.1.gz", "/usr/share/man/man1/diff.1.gz", "/usr/share/man/man1/diff3.1.gz", "/usr/share/man/man1/sdiff.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "dpkg@1.22.22", "Name": "dpkg", "Identifier": { "PURL": "pkg:deb/debian/dpkg@1.22.22?arch=amd64\u0026distro=debian-13.5", "UID": "7b97f27e3bec0417" }, "Version": "1.22.22", "Arch": "amd64", "SrcName": "dpkg", "SrcVersion": "1.22.22", "Licenses": [ "GPL-2.0-or-later", "public-domain-s-s-d", "GPL-2.0-only" ], "Maintainer": "Dpkg Developers \u003cdebian-dpkg@lists.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "tar@1.35+dfsg-3.1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/dpkg", "/usr/bin/dpkg-deb", "/usr/bin/dpkg-divert", "/usr/bin/dpkg-maintscript-helper", "/usr/bin/dpkg-query", "/usr/bin/dpkg-realpath", "/usr/bin/dpkg-split", "/usr/bin/dpkg-statoverride", "/usr/bin/dpkg-trigger", "/usr/bin/update-alternatives", "/usr/lib/systemd/system/dpkg-db-backup.service", "/usr/lib/systemd/system/dpkg-db-backup.timer", "/usr/libexec/dpkg/dpkg-db-backup", "/usr/libexec/dpkg/dpkg-db-keeper", "/usr/sbin/start-stop-daemon", "/usr/share/doc/dpkg/AUTHORS", "/usr/share/doc/dpkg/README.api", "/usr/share/doc/dpkg/README.bug-usertags.gz", "/usr/share/doc/dpkg/README.feature-removal-schedule.gz", "/usr/share/doc/dpkg/THANKS.gz", "/usr/share/doc/dpkg/changelog.gz", "/usr/share/doc/dpkg/copyright", "/usr/share/dpkg/abitable", "/usr/share/dpkg/cputable", "/usr/share/dpkg/ostable", "/usr/share/dpkg/sh/dpkg-error.sh", "/usr/share/dpkg/tupletable", "/usr/share/lintian/overrides/dpkg", "/usr/share/lintian/profiles/dpkg/main.profile", "/usr/share/locale/ast/LC_MESSAGES/dpkg.mo", "/usr/share/locale/bs/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ca/LC_MESSAGES/dpkg.mo", "/usr/share/locale/cs/LC_MESSAGES/dpkg.mo", "/usr/share/locale/da/LC_MESSAGES/dpkg.mo", "/usr/share/locale/de/LC_MESSAGES/dpkg.mo", "/usr/share/locale/dz/LC_MESSAGES/dpkg.mo", "/usr/share/locale/el/LC_MESSAGES/dpkg.mo", "/usr/share/locale/eo/LC_MESSAGES/dpkg.mo", "/usr/share/locale/es/LC_MESSAGES/dpkg.mo", "/usr/share/locale/et/LC_MESSAGES/dpkg.mo", "/usr/share/locale/eu/LC_MESSAGES/dpkg.mo", "/usr/share/locale/fr/LC_MESSAGES/dpkg.mo", "/usr/share/locale/gl/LC_MESSAGES/dpkg.mo", "/usr/share/locale/hu/LC_MESSAGES/dpkg.mo", "/usr/share/locale/id/LC_MESSAGES/dpkg.mo", "/usr/share/locale/it/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ja/LC_MESSAGES/dpkg.mo", "/usr/share/locale/km/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ko/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ku/LC_MESSAGES/dpkg.mo", "/usr/share/locale/lt/LC_MESSAGES/dpkg.mo", "/usr/share/locale/mr/LC_MESSAGES/dpkg.mo", "/usr/share/locale/nb/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ne/LC_MESSAGES/dpkg.mo", "/usr/share/locale/nl/LC_MESSAGES/dpkg.mo", "/usr/share/locale/nn/LC_MESSAGES/dpkg.mo", "/usr/share/locale/oc/LC_MESSAGES/dpkg.mo", "/usr/share/locale/pa/LC_MESSAGES/dpkg.mo", "/usr/share/locale/pl/LC_MESSAGES/dpkg.mo", "/usr/share/locale/pt/LC_MESSAGES/dpkg.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ro/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ru/LC_MESSAGES/dpkg.mo", "/usr/share/locale/sk/LC_MESSAGES/dpkg.mo", "/usr/share/locale/sv/LC_MESSAGES/dpkg.mo", "/usr/share/locale/th/LC_MESSAGES/dpkg.mo", "/usr/share/locale/tl/LC_MESSAGES/dpkg.mo", "/usr/share/locale/tr/LC_MESSAGES/dpkg.mo", "/usr/share/locale/vi/LC_MESSAGES/dpkg.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/dpkg.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/dpkg.mo", "/usr/share/man/de/man1/dpkg-deb.1.gz", "/usr/share/man/de/man1/dpkg-divert.1.gz", "/usr/share/man/de/man1/dpkg-maintscript-helper.1.gz", "/usr/share/man/de/man1/dpkg-query.1.gz", "/usr/share/man/de/man1/dpkg-realpath.1.gz", "/usr/share/man/de/man1/dpkg-split.1.gz", "/usr/share/man/de/man1/dpkg-statoverride.1.gz", "/usr/share/man/de/man1/dpkg-trigger.1.gz", "/usr/share/man/de/man1/dpkg.1.gz", "/usr/share/man/de/man1/update-alternatives.1.gz", "/usr/share/man/de/man5/dpkg.cfg.5.gz", "/usr/share/man/de/man8/start-stop-daemon.8.gz", "/usr/share/man/es/man5/dpkg.cfg.5.gz", "/usr/share/man/fr/man1/dpkg-divert.1.gz", "/usr/share/man/fr/man1/dpkg-maintscript-helper.1.gz", "/usr/share/man/fr/man1/dpkg-query.1.gz", "/usr/share/man/fr/man1/dpkg-realpath.1.gz", "/usr/share/man/fr/man1/dpkg-split.1.gz", "/usr/share/man/fr/man1/dpkg-trigger.1.gz", "/usr/share/man/fr/man1/update-alternatives.1.gz", "/usr/share/man/fr/man5/dpkg.cfg.5.gz", "/usr/share/man/fr/man8/start-stop-daemon.8.gz", "/usr/share/man/it/man5/dpkg.cfg.5.gz", "/usr/share/man/ja/man5/dpkg.cfg.5.gz", "/usr/share/man/man1/dpkg-deb.1.gz", "/usr/share/man/man1/dpkg-divert.1.gz", "/usr/share/man/man1/dpkg-maintscript-helper.1.gz", "/usr/share/man/man1/dpkg-query.1.gz", "/usr/share/man/man1/dpkg-realpath.1.gz", "/usr/share/man/man1/dpkg-split.1.gz", "/usr/share/man/man1/dpkg-statoverride.1.gz", "/usr/share/man/man1/dpkg-trigger.1.gz", "/usr/share/man/man1/dpkg.1.gz", "/usr/share/man/man1/update-alternatives.1.gz", "/usr/share/man/man5/dpkg.cfg.5.gz", "/usr/share/man/man8/start-stop-daemon.8.gz", "/usr/share/man/nl/man1/dpkg-deb.1.gz", "/usr/share/man/nl/man1/dpkg-divert.1.gz", "/usr/share/man/nl/man1/dpkg-maintscript-helper.1.gz", "/usr/share/man/nl/man1/dpkg-query.1.gz", "/usr/share/man/nl/man1/dpkg-realpath.1.gz", "/usr/share/man/nl/man1/dpkg-split.1.gz", "/usr/share/man/nl/man1/dpkg-statoverride.1.gz", "/usr/share/man/nl/man1/dpkg-trigger.1.gz", "/usr/share/man/nl/man1/dpkg.1.gz", "/usr/share/man/nl/man1/update-alternatives.1.gz", "/usr/share/man/nl/man5/dpkg.cfg.5.gz", "/usr/share/man/nl/man8/start-stop-daemon.8.gz", "/usr/share/man/pl/man5/dpkg.cfg.5.gz", "/usr/share/man/pt/man1/dpkg-deb.1.gz", "/usr/share/man/pt/man1/dpkg-divert.1.gz", "/usr/share/man/pt/man1/dpkg-maintscript-helper.1.gz", "/usr/share/man/pt/man1/dpkg-query.1.gz", "/usr/share/man/pt/man1/dpkg-realpath.1.gz", "/usr/share/man/pt/man1/dpkg-split.1.gz", "/usr/share/man/pt/man1/dpkg-statoverride.1.gz", "/usr/share/man/pt/man1/dpkg-trigger.1.gz", "/usr/share/man/pt/man1/dpkg.1.gz", "/usr/share/man/pt/man1/update-alternatives.1.gz", "/usr/share/man/pt/man5/dpkg.cfg.5.gz", "/usr/share/man/pt/man8/start-stop-daemon.8.gz", "/usr/share/man/sv/man1/dpkg-deb.1.gz", "/usr/share/man/sv/man1/dpkg-divert.1.gz", "/usr/share/man/sv/man1/dpkg-maintscript-helper.1.gz", "/usr/share/man/sv/man1/dpkg-query.1.gz", "/usr/share/man/sv/man1/dpkg-realpath.1.gz", "/usr/share/man/sv/man1/dpkg-split.1.gz", "/usr/share/man/sv/man1/dpkg-statoverride.1.gz", "/usr/share/man/sv/man1/dpkg-trigger.1.gz", "/usr/share/man/sv/man1/dpkg.1.gz", "/usr/share/man/sv/man1/update-alternatives.1.gz", "/usr/share/man/sv/man5/dpkg.cfg.5.gz", "/usr/share/man/sv/man8/start-stop-daemon.8.gz", "/usr/share/polkit-1/actions/org.dpkg.pkexec.update-alternatives.policy" ], "AnalyzedBy": "dpkg" }, { "ID": "findutils@4.10.0-3", "Name": "findutils", "Identifier": { "PURL": "pkg:deb/debian/findutils@4.10.0-3?arch=amd64\u0026distro=debian-13.5", "UID": "12e741692291b42a" }, "Version": "4.10.0", "Release": "3", "Arch": "amd64", "SrcName": "findutils", "SrcVersion": "4.10.0", "SrcRelease": "3", "Licenses": [ "GFDL-1.3-no-invariants-or-later", "GPL-3.0-or-later", "FSFAP", "GPL-2+ with Autoconf-data exception", "GPL-3+ with Autoconf-data exception", "FSFULLR", "GPL-2.0-or-later", "X11", "public-domain", "LGPL-2.1-or-later", "GPL with automake exception", "LGPL-2.0-or-later", "LGPL-3.0-or-later", "BSD-3-Clause", "GPL-3+ with Bison-2.2 exception", "LGPL-3.0-only", "ISC", "GFDL-1.3-only", "GPL-2.0-only", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only" ], "Maintainer": "Andreas Metzler \u003cametzler@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/find", "/usr/bin/xargs", "/usr/share/doc-base/findutils.findutils", "/usr/share/doc/findutils/NEWS.gz", "/usr/share/doc/findutils/README.gz", "/usr/share/doc/findutils/TODO", "/usr/share/doc/findutils/changelog.Debian.gz", "/usr/share/doc/findutils/changelog.gz", "/usr/share/doc/findutils/copyright", "/usr/share/info/find-maint.info.gz", "/usr/share/info/find.info.gz", "/usr/share/locale/be/LC_MESSAGES/findutils.mo", "/usr/share/locale/bg/LC_MESSAGES/findutils.mo", "/usr/share/locale/ca/LC_MESSAGES/findutils.mo", "/usr/share/locale/cs/LC_MESSAGES/findutils.mo", "/usr/share/locale/da/LC_MESSAGES/findutils.mo", "/usr/share/locale/de/LC_MESSAGES/findutils.mo", "/usr/share/locale/el/LC_MESSAGES/findutils.mo", "/usr/share/locale/eo/LC_MESSAGES/findutils.mo", "/usr/share/locale/es/LC_MESSAGES/findutils.mo", "/usr/share/locale/et/LC_MESSAGES/findutils.mo", "/usr/share/locale/fi/LC_MESSAGES/findutils.mo", "/usr/share/locale/fr/LC_MESSAGES/findutils.mo", "/usr/share/locale/ga/LC_MESSAGES/findutils.mo", "/usr/share/locale/gl/LC_MESSAGES/findutils.mo", "/usr/share/locale/hr/LC_MESSAGES/findutils.mo", "/usr/share/locale/hu/LC_MESSAGES/findutils.mo", "/usr/share/locale/id/LC_MESSAGES/findutils.mo", "/usr/share/locale/it/LC_MESSAGES/findutils.mo", "/usr/share/locale/ja/LC_MESSAGES/findutils.mo", "/usr/share/locale/ka/LC_MESSAGES/findutils.mo", "/usr/share/locale/ko/LC_MESSAGES/findutils.mo", "/usr/share/locale/lg/LC_MESSAGES/findutils.mo", "/usr/share/locale/lt/LC_MESSAGES/findutils.mo", "/usr/share/locale/ms/LC_MESSAGES/findutils.mo", "/usr/share/locale/nb/LC_MESSAGES/findutils.mo", "/usr/share/locale/nl/LC_MESSAGES/findutils.mo", "/usr/share/locale/pl/LC_MESSAGES/findutils.mo", "/usr/share/locale/pt/LC_MESSAGES/findutils.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/findutils.mo", "/usr/share/locale/ro/LC_MESSAGES/findutils.mo", "/usr/share/locale/ru/LC_MESSAGES/findutils.mo", "/usr/share/locale/sk/LC_MESSAGES/findutils.mo", "/usr/share/locale/sl/LC_MESSAGES/findutils.mo", "/usr/share/locale/sr/LC_MESSAGES/findutils.mo", "/usr/share/locale/sv/LC_MESSAGES/findutils.mo", "/usr/share/locale/tr/LC_MESSAGES/findutils.mo", "/usr/share/locale/uk/LC_MESSAGES/findutils.mo", "/usr/share/locale/vi/LC_MESSAGES/findutils.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/findutils.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/findutils.mo", "/usr/share/man/man1/find.1.gz", "/usr/share/man/man1/xargs.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "gcc-14-base@14.2.0-19", "Name": "gcc-14-base", "Identifier": { "PURL": "pkg:deb/debian/gcc-14-base@14.2.0-19?arch=amd64\u0026distro=debian-13.5", "UID": "371c061d08215a1b" }, "Version": "14.2.0", "Release": "19", "Arch": "amd64", "SrcName": "gcc-14", "SrcVersion": "14.2.0", "SrcRelease": "19", "Licenses": [ "GPL-2.0-or-later", "GPL-3.0-only", "GFDL-1.2-only", "Artistic-2.0", "LGPL-2.0-or-later" ], "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/share/doc/gcc-14-base/README.Debian.amd64.gz", "/usr/share/doc/gcc-14-base/TODO.Debian", "/usr/share/doc/gcc-14-base/changelog.Debian.gz", "/usr/share/doc/gcc-14-base/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "grep@3.11-4", "Name": "grep", "Identifier": { "PURL": "pkg:deb/debian/grep@3.11-4?arch=amd64\u0026distro=debian-13.5", "UID": "6ce8b4eed9c0d137" }, "Version": "3.11", "Release": "4", "Arch": "amd64", "SrcName": "grep", "SrcVersion": "3.11", "SrcRelease": "4", "Licenses": [ "GPL-3.0-or-later", "GPL-3.0-only" ], "Maintainer": "Anibal Monsalve Salazar \u003canibal@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/egrep", "/usr/bin/fgrep", "/usr/bin/grep", "/usr/bin/rgrep", "/usr/share/doc/grep/AUTHORS", "/usr/share/doc/grep/NEWS.Debian.gz", "/usr/share/doc/grep/NEWS.gz", "/usr/share/doc/grep/README", "/usr/share/doc/grep/THANKS.gz", "/usr/share/doc/grep/TODO.gz", "/usr/share/doc/grep/changelog.Debian.gz", "/usr/share/doc/grep/changelog.gz", "/usr/share/doc/grep/copyright", "/usr/share/info/grep.info.gz", "/usr/share/locale/af/LC_MESSAGES/grep.mo", "/usr/share/locale/be/LC_MESSAGES/grep.mo", "/usr/share/locale/bg/LC_MESSAGES/grep.mo", "/usr/share/locale/ca/LC_MESSAGES/grep.mo", "/usr/share/locale/cs/LC_MESSAGES/grep.mo", "/usr/share/locale/da/LC_MESSAGES/grep.mo", "/usr/share/locale/de/LC_MESSAGES/grep.mo", "/usr/share/locale/el/LC_MESSAGES/grep.mo", "/usr/share/locale/eo/LC_MESSAGES/grep.mo", "/usr/share/locale/es/LC_MESSAGES/grep.mo", "/usr/share/locale/et/LC_MESSAGES/grep.mo", "/usr/share/locale/eu/LC_MESSAGES/grep.mo", "/usr/share/locale/fi/LC_MESSAGES/grep.mo", "/usr/share/locale/fr/LC_MESSAGES/grep.mo", "/usr/share/locale/ga/LC_MESSAGES/grep.mo", "/usr/share/locale/gl/LC_MESSAGES/grep.mo", "/usr/share/locale/he/LC_MESSAGES/grep.mo", "/usr/share/locale/hr/LC_MESSAGES/grep.mo", "/usr/share/locale/hu/LC_MESSAGES/grep.mo", "/usr/share/locale/id/LC_MESSAGES/grep.mo", "/usr/share/locale/it/LC_MESSAGES/grep.mo", "/usr/share/locale/ja/LC_MESSAGES/grep.mo", "/usr/share/locale/ka/LC_MESSAGES/grep.mo", "/usr/share/locale/ko/LC_MESSAGES/grep.mo", "/usr/share/locale/ky/LC_MESSAGES/grep.mo", "/usr/share/locale/lt/LC_MESSAGES/grep.mo", "/usr/share/locale/nb/LC_MESSAGES/grep.mo", "/usr/share/locale/nl/LC_MESSAGES/grep.mo", "/usr/share/locale/pa/LC_MESSAGES/grep.mo", "/usr/share/locale/pl/LC_MESSAGES/grep.mo", "/usr/share/locale/pt/LC_MESSAGES/grep.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/grep.mo", "/usr/share/locale/ro/LC_MESSAGES/grep.mo", "/usr/share/locale/ru/LC_MESSAGES/grep.mo", "/usr/share/locale/sk/LC_MESSAGES/grep.mo", "/usr/share/locale/sl/LC_MESSAGES/grep.mo", "/usr/share/locale/sr/LC_MESSAGES/grep.mo", "/usr/share/locale/sv/LC_MESSAGES/grep.mo", "/usr/share/locale/ta/LC_MESSAGES/grep.mo", "/usr/share/locale/th/LC_MESSAGES/grep.mo", "/usr/share/locale/tr/LC_MESSAGES/grep.mo", "/usr/share/locale/uk/LC_MESSAGES/grep.mo", "/usr/share/locale/vi/LC_MESSAGES/grep.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/grep.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/grep.mo", "/usr/share/man/man1/grep.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "gzip@1.13-1", "Name": "gzip", "Identifier": { "PURL": "pkg:deb/debian/gzip@1.13-1?arch=amd64\u0026distro=debian-13.5", "UID": "954545ce99bc687e" }, "Version": "1.13", "Release": "1", "Arch": "amd64", "SrcName": "gzip", "SrcVersion": "1.13", "SrcRelease": "1", "Licenses": [ "GPL-3.0-or-later", "GFDL-1.3+-no-invariant", "FSF-manpages", "GPL-3.0-only", "GFDL-3" ], "Maintainer": "Milan Kupcevic \u003cmilan@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/gunzip", "/usr/bin/gzexe", "/usr/bin/gzip", "/usr/bin/zcat", "/usr/bin/zcmp", "/usr/bin/zdiff", "/usr/bin/zegrep", "/usr/bin/zfgrep", "/usr/bin/zforce", "/usr/bin/zgrep", "/usr/bin/zless", "/usr/bin/zmore", "/usr/bin/znew", "/usr/share/doc/gzip/NEWS.gz", "/usr/share/doc/gzip/README.gz", "/usr/share/doc/gzip/TODO", "/usr/share/doc/gzip/changelog.Debian.gz", "/usr/share/doc/gzip/changelog.gz", "/usr/share/doc/gzip/copyright", "/usr/share/info/gzip.info.gz", "/usr/share/man/man1/gzexe.1.gz", "/usr/share/man/man1/gzip.1.gz", "/usr/share/man/man1/zdiff.1.gz", "/usr/share/man/man1/zforce.1.gz", "/usr/share/man/man1/zgrep.1.gz", "/usr/share/man/man1/zless.1.gz", "/usr/share/man/man1/zmore.1.gz", "/usr/share/man/man1/znew.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "hostname@3.25", "Name": "hostname", "Identifier": { "PURL": "pkg:deb/debian/hostname@3.25?arch=amd64\u0026distro=debian-13.5", "UID": "641772722328aedf" }, "Version": "3.25", "Arch": "amd64", "SrcName": "hostname", "SrcVersion": "3.25", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Michael Meskes \u003cmeskes@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/hostname", "/usr/share/doc/hostname/changelog.gz", "/usr/share/doc/hostname/copyright", "/usr/share/man/man1/hostname.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "init-system-helpers@1.69~deb13u1", "Name": "init-system-helpers", "Identifier": { "PURL": "pkg:deb/debian/init-system-helpers@1.69~deb13u1?arch=all\u0026distro=debian-13.5", "UID": "cb52819ec2f1a236" }, "Version": "1.69~deb13u1", "Arch": "all", "SrcName": "init-system-helpers", "SrcVersion": "1.69~deb13u1", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Debian systemd Maintainers \u003cpkg-systemd-maintainers@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/deb-systemd-helper", "/usr/bin/deb-systemd-invoke", "/usr/sbin/invoke-rc.d", "/usr/sbin/service", "/usr/sbin/update-rc.d", "/usr/share/bug/init-system-helpers/control", "/usr/share/doc/init-system-helpers/README.invoke-rc.d.gz", "/usr/share/doc/init-system-helpers/README.policy-rc.d.gz", "/usr/share/doc/init-system-helpers/changelog.gz", "/usr/share/doc/init-system-helpers/copyright", "/usr/share/lintian/overrides/init-system-helpers", "/usr/share/man/man1/deb-systemd-helper.1p.gz", "/usr/share/man/man1/deb-systemd-invoke.1p.gz", "/usr/share/man/man8/invoke-rc.d.8.gz", "/usr/share/man/man8/service.8.gz", "/usr/share/man/man8/update-rc.d.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "libacl1@2.3.2-2+b1", "Name": "libacl1", "Identifier": { "PURL": "pkg:deb/debian/libacl1@2.3.2-2%2Bb1?arch=amd64\u0026distro=debian-13.5", "UID": "f9f7789d147b9636" }, "Version": "2.3.2", "Release": "2+b1", "Arch": "amd64", "SrcName": "acl", "SrcVersion": "2.3.2", "SrcRelease": "2", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "LGPL-2.0-or-later", "LGPL-2.1-only" ], "Maintainer": "Guillem Jover \u003cguillem@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libacl.so.1.1.2302", "/usr/share/doc/libacl1/changelog.Debian.amd64.gz", "/usr/share/doc/libacl1/changelog.Debian.gz", "/usr/share/doc/libacl1/changelog.gz", "/usr/share/doc/libacl1/copyright", "/usr/share/lintian/overrides/libacl1" ], "AnalyzedBy": "dpkg" }, { "ID": "libapt-pkg7.0@3.0.3", "Name": "libapt-pkg7.0", "Identifier": { "PURL": "pkg:deb/debian/libapt-pkg7.0@3.0.3?arch=amd64\u0026distro=debian-13.5", "UID": "5549812c55d79bea" }, "Version": "3.0.3", "Arch": "amd64", "SrcName": "apt", "SrcVersion": "3.0.3", "Licenses": [ "GPL-2.0-or-later", "curl", "BSD-3-Clause", "MIT", "GPL-2.0-only" ], "Maintainer": "APT Development Team \u003cdeity@lists.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libbz2-1.0@1.0.8-6", "libc6@2.41-12+deb13u3", "libgcc-s1@14.2.0-19", "liblz4-1@1.10.0-4", "liblzma5@5.8.1-1", "libssl3t64@3.5.6-1~deb13u1", "libstdc++6@14.2.0-19", "libsystemd0@257.13-1~deb13u1", "libudev1@257.13-1~deb13u1", "libxxhash0@0.8.3-2", "libzstd1@1.5.7+dfsg-1", "zlib1g@1:1.3.dfsg+really1.3.1-1+b1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libapt-pkg.so.7.0.0", "/usr/share/doc/libapt-pkg7.0/NEWS.Debian.gz", "/usr/share/doc/libapt-pkg7.0/changelog.gz", "/usr/share/doc/libapt-pkg7.0/copyright", "/usr/share/locale/ar/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/ast/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/bg/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/bs/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/ca/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/cs/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/cy/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/da/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/de/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/dz/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/el/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/es/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/eu/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/fi/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/fr/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/gl/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/hu/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/it/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/ja/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/km/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/ko/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/ku/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/lt/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/mr/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/nb/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/ne/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/nl/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/nn/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/pl/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/pt/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/ro/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/ru/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/sk/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/sl/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/sv/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/th/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/tl/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/tr/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/uk/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/vi/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/libapt-pkg7.0.mo" ], "AnalyzedBy": "dpkg" }, { "ID": "libattr1@1:2.5.2-3", "Name": "libattr1", "Identifier": { "PURL": "pkg:deb/debian/libattr1@2.5.2-3?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "90d554a582a8683b" }, "Version": "2.5.2", "Release": "3", "Epoch": 1, "Arch": "amd64", "SrcName": "attr", "SrcVersion": "2.5.2", "SrcRelease": "3", "SrcEpoch": 1, "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "LGPL-2.0-or-later", "LGPL-2.1-only" ], "Maintainer": "Guillem Jover \u003cguillem@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libattr.so.1.1.2502", "/usr/share/doc/libattr1/changelog.Debian.gz", "/usr/share/doc/libattr1/changelog.gz", "/usr/share/doc/libattr1/copyright", "/usr/share/lintian/overrides/libattr1" ], "AnalyzedBy": "dpkg" }, { "ID": "libaudit-common@1:4.0.2-2", "Name": "libaudit-common", "Identifier": { "PURL": "pkg:deb/debian/libaudit-common@4.0.2-2?arch=all\u0026distro=debian-13.5\u0026epoch=1", "UID": "d20cd9a11d8e018d" }, "Version": "4.0.2", "Release": "2", "Epoch": 1, "Arch": "all", "SrcName": "audit", "SrcVersion": "4.0.2", "SrcRelease": "2", "SrcEpoch": 1, "Licenses": [ "GPL-2.0-only", "LGPL-2.1-only", "GPL-1.0-only" ], "Maintainer": "Laurent Bigonville \u003cbigon@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/share/doc/libaudit-common/changelog.Debian.gz", "/usr/share/doc/libaudit-common/changelog.gz", "/usr/share/doc/libaudit-common/copyright", "/usr/share/man/man5/libaudit.conf.5.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "libaudit1@1:4.0.2-2+b2", "Name": "libaudit1", "Identifier": { "PURL": "pkg:deb/debian/libaudit1@4.0.2-2%2Bb2?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "c47a55b8e27ace3c" }, "Version": "4.0.2", "Release": "2+b2", "Epoch": 1, "Arch": "amd64", "SrcName": "audit", "SrcVersion": "4.0.2", "SrcRelease": "2", "SrcEpoch": 1, "Licenses": [ "GPL-2.0-only", "LGPL-2.1-only", "GPL-1.0-only" ], "Maintainer": "Laurent Bigonville \u003cbigon@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libaudit-common@1:4.0.2-2", "libc6@2.41-12+deb13u3", "libcap-ng0@0.8.5-4+b1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libaudit.so.1.0.0", "/usr/share/doc/libaudit1/changelog.Debian.amd64.gz", "/usr/share/doc/libaudit1/changelog.Debian.gz", "/usr/share/doc/libaudit1/changelog.gz", "/usr/share/doc/libaudit1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libblkid1@2.41-5", "Name": "libblkid1", "Identifier": { "PURL": "pkg:deb/debian/libblkid1@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "51bf0af8d40f4a01" }, "Version": "2.41", "Release": "5", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libblkid.so.1.1.0", "/usr/share/doc/libblkid1/NEWS.Debian.gz", "/usr/share/doc/libblkid1/changelog.Debian.gz", "/usr/share/doc/libblkid1/changelog.gz", "/usr/share/doc/libblkid1/copyright", "/usr/share/lintian/overrides/libblkid1" ], "AnalyzedBy": "dpkg" }, { "ID": "libbsd0@0.12.2-2", "Name": "libbsd0", "Identifier": { "PURL": "pkg:deb/debian/libbsd0@0.12.2-2?arch=amd64\u0026distro=debian-13.5", "UID": "a8f4afa42f768363" }, "Version": "0.12.2", "Release": "2", "Arch": "amd64", "SrcName": "libbsd", "SrcVersion": "0.12.2", "SrcRelease": "2", "Licenses": [ "BSD-3-Clause", "BSD-3-clause-Regents", "BSD-2-Clause-NetBSD", "BSD-3-clause-author", "BSD-3-clause-John-Birrell", "BSD-5-clause-Peter-Wemm", "BSD-2-Clause", "BSD-2-clause-verbatim", "BSD-2-clause-author", "ISC", "ISC-Original", "MIT", "public-domain", "Beerware" ], "Maintainer": "Guillem Jover \u003cguillem@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libmd0@1.1.0-2+b1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libbsd.so.0.12.2", "/usr/share/doc/libbsd0/changelog.Debian.gz", "/usr/share/doc/libbsd0/changelog.gz", "/usr/share/doc/libbsd0/copyright", "/usr/share/lintian/overrides/libbsd0" ], "AnalyzedBy": "dpkg" }, { "ID": "libbz2-1.0@1.0.8-6", "Name": "libbz2-1.0", "Identifier": { "PURL": "pkg:deb/debian/libbz2-1.0@1.0.8-6?arch=amd64\u0026distro=debian-13.5", "UID": "2da429aca83dde92" }, "Version": "1.0.8", "Release": "6", "Arch": "amd64", "SrcName": "bzip2", "SrcVersion": "1.0.8", "SrcRelease": "6", "Licenses": [ "BSD-3-Clause", "GPL-2.0-only" ], "Maintainer": "Anibal Monsalve Salazar \u003canibal@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libbz2.so.1.0.4", "/usr/share/doc/libbz2-1.0/changelog.Debian.gz", "/usr/share/doc/libbz2-1.0/changelog.gz", "/usr/share/doc/libbz2-1.0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libc-bin@2.41-12+deb13u3", "Name": "libc-bin", "Identifier": { "PURL": "pkg:deb/debian/libc-bin@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", "UID": "c45af597301c8c0b" }, "Version": "2.41", "Release": "12+deb13u3", "Arch": "amd64", "SrcName": "glibc", "SrcVersion": "2.41", "SrcRelease": "12+deb13u3", "Licenses": [ "LGPL-2.1-or-later", "LGPL-2.0-or-later", "LGPL-2.1+-with-link-exception", "LGPL-3.0-or-later", "GPL-2.0-or-later", "GPL-2+-with-link-exception", "GPL-2.0-only", "GPL-3.0-or-later", "FSFAP", "Carnegie", "Inner-Net", "MIT-like-Lord", "BSD-like-Spencer", "PCRE", "BSD-3-clause-Carnegie", "Unicode-DFS-2016", "BSL-1.0", "SunPro", "CORE-MATH", "BSD-3-clause-Berkeley", "BSD-3-clause-WIDE", "BSD-2-Clause", "BSD-3-clause-Oracle", "DEC", "IBM", "ISC", "Univ-Coimbra", "public-domain", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "GNU Libc Maintainers \u003cdebian-glibc@lists.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/getconf", "/usr/bin/getent", "/usr/bin/iconv", "/usr/bin/ldd", "/usr/bin/locale", "/usr/bin/localedef", "/usr/bin/pldd", "/usr/bin/tzselect", "/usr/bin/zdump", "/usr/lib/locale/C.utf8/LC_ADDRESS", "/usr/lib/locale/C.utf8/LC_COLLATE", "/usr/lib/locale/C.utf8/LC_CTYPE", "/usr/lib/locale/C.utf8/LC_IDENTIFICATION", "/usr/lib/locale/C.utf8/LC_MEASUREMENT", "/usr/lib/locale/C.utf8/LC_MESSAGES/SYS_LC_MESSAGES", "/usr/lib/locale/C.utf8/LC_MONETARY", "/usr/lib/locale/C.utf8/LC_NAME", "/usr/lib/locale/C.utf8/LC_NUMERIC", "/usr/lib/locale/C.utf8/LC_PAPER", "/usr/lib/locale/C.utf8/LC_TELEPHONE", "/usr/lib/locale/C.utf8/LC_TIME", "/usr/sbin/iconvconfig", "/usr/sbin/ldconfig", "/usr/sbin/zic", "/usr/share/doc/libc-bin/changelog.Debian.gz", "/usr/share/doc/libc-bin/changelog.gz", "/usr/share/doc/libc-bin/copyright", "/usr/share/libc-bin/nsswitch.conf", "/usr/share/lintian/overrides/libc-bin", "/usr/share/man/man1/getconf.1.gz", "/usr/share/man/man1/tzselect.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "libc6@2.41-12+deb13u3", "Name": "libc6", "Identifier": { "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", "UID": "2a1acf211abcdd46" }, "Version": "2.41", "Release": "12+deb13u3", "Arch": "amd64", "SrcName": "glibc", "SrcVersion": "2.41", "SrcRelease": "12+deb13u3", "Licenses": [ "LGPL-2.1-or-later", "LGPL-2.0-or-later", "LGPL-2.1+-with-link-exception", "LGPL-3.0-or-later", "GPL-2.0-or-later", "GPL-2+-with-link-exception", "GPL-2.0-only", "GPL-3.0-or-later", "FSFAP", "Carnegie", "Inner-Net", "MIT-like-Lord", "BSD-like-Spencer", "PCRE", "BSD-3-clause-Carnegie", "Unicode-DFS-2016", "BSL-1.0", "SunPro", "CORE-MATH", "BSD-3-clause-Berkeley", "BSD-3-clause-WIDE", "BSD-2-Clause", "BSD-3-clause-Oracle", "DEC", "IBM", "ISC", "Univ-Coimbra", "public-domain", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "GNU Libc Maintainers \u003cdebian-glibc@lists.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libgcc-s1@14.2.0-19" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/gconv/ANSI_X3.110.so", "/usr/lib/x86_64-linux-gnu/gconv/ARMSCII-8.so", "/usr/lib/x86_64-linux-gnu/gconv/ASMO_449.so", "/usr/lib/x86_64-linux-gnu/gconv/BIG5.so", "/usr/lib/x86_64-linux-gnu/gconv/BIG5HKSCS.so", "/usr/lib/x86_64-linux-gnu/gconv/BRF.so", "/usr/lib/x86_64-linux-gnu/gconv/CP10007.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1125.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1250.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1251.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1252.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1253.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1254.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1255.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1256.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1257.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1258.so", "/usr/lib/x86_64-linux-gnu/gconv/CP737.so", "/usr/lib/x86_64-linux-gnu/gconv/CP770.so", "/usr/lib/x86_64-linux-gnu/gconv/CP771.so", "/usr/lib/x86_64-linux-gnu/gconv/CP772.so", "/usr/lib/x86_64-linux-gnu/gconv/CP773.so", "/usr/lib/x86_64-linux-gnu/gconv/CP774.so", "/usr/lib/x86_64-linux-gnu/gconv/CP775.so", "/usr/lib/x86_64-linux-gnu/gconv/CP932.so", "/usr/lib/x86_64-linux-gnu/gconv/CSN_369103.so", "/usr/lib/x86_64-linux-gnu/gconv/CWI.so", "/usr/lib/x86_64-linux-gnu/gconv/DEC-MCS.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-AT-DE-A.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-AT-DE.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-CA-FR.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-DK-NO-A.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-DK-NO.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES-A.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES-S.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FI-SE-A.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FI-SE.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FR.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-IS-FRISS.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-IT.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-PT.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-UK.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-US.so", "/usr/lib/x86_64-linux-gnu/gconv/ECMA-CYRILLIC.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-CN.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-JISX0213.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-JP-MS.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-JP.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-KR.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-TW.so", "/usr/lib/x86_64-linux-gnu/gconv/GB18030.so", "/usr/lib/x86_64-linux-gnu/gconv/GBBIG5.so", "/usr/lib/x86_64-linux-gnu/gconv/GBGBK.so", "/usr/lib/x86_64-linux-gnu/gconv/GBK.so", "/usr/lib/x86_64-linux-gnu/gconv/GEORGIAN-ACADEMY.so", "/usr/lib/x86_64-linux-gnu/gconv/GEORGIAN-PS.so", "/usr/lib/x86_64-linux-gnu/gconv/GOST_19768-74.so", "/usr/lib/x86_64-linux-gnu/gconv/GREEK-CCITT.so", "/usr/lib/x86_64-linux-gnu/gconv/GREEK7-OLD.so", "/usr/lib/x86_64-linux-gnu/gconv/GREEK7.so", "/usr/lib/x86_64-linux-gnu/gconv/HP-GREEK8.so", "/usr/lib/x86_64-linux-gnu/gconv/HP-ROMAN8.so", "/usr/lib/x86_64-linux-gnu/gconv/HP-ROMAN9.so", "/usr/lib/x86_64-linux-gnu/gconv/HP-THAI8.so", "/usr/lib/x86_64-linux-gnu/gconv/HP-TURKISH8.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM037.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM038.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1004.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1008.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1008_420.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1025.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1026.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1046.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1047.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1097.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1112.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1122.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1123.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1124.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1129.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1130.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1132.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1133.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1137.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1140.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1141.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1142.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1143.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1144.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1145.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1146.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1147.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1148.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1149.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1153.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1154.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1155.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1156.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1157.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1158.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1160.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1161.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1162.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1163.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1164.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1166.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1167.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM12712.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1364.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1371.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1388.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1390.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1399.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM16804.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM256.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM273.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM274.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM275.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM277.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM278.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM280.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM281.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM284.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM285.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM290.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM297.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM420.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM423.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM424.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM437.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM4517.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM4899.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM4909.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM4971.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM500.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM5347.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM803.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM850.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM851.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM852.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM855.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM856.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM857.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM858.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM860.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM861.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM862.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM863.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM864.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM865.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM866.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM866NAV.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM868.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM869.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM870.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM871.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM874.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM875.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM880.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM891.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM901.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM902.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM903.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM9030.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM904.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM905.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM9066.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM918.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM921.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM922.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM930.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM932.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM933.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM935.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM937.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM939.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM943.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM9448.so", "/usr/lib/x86_64-linux-gnu/gconv/IEC_P27-1.so", "/usr/lib/x86_64-linux-gnu/gconv/INIS-8.so", "/usr/lib/x86_64-linux-gnu/gconv/INIS-CYRILLIC.so", "/usr/lib/x86_64-linux-gnu/gconv/INIS.so", "/usr/lib/x86_64-linux-gnu/gconv/ISIRI-3342.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-CN-EXT.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-CN.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-JP-3.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-JP.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-KR.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-IR-197.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-IR-209.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO646.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-1.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-10.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-11.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-13.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-14.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-15.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-16.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-2.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-3.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-4.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-5.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-6.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-7.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-8.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-9.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-9E.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_10367-BOX.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_11548-1.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_2033.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_5427-EXT.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_5427.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_5428.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_6937-2.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_6937.so", "/usr/lib/x86_64-linux-gnu/gconv/JOHAB.so", "/usr/lib/x86_64-linux-gnu/gconv/KOI-8.so", "/usr/lib/x86_64-linux-gnu/gconv/KOI8-R.so", "/usr/lib/x86_64-linux-gnu/gconv/KOI8-RU.so", "/usr/lib/x86_64-linux-gnu/gconv/KOI8-T.so", "/usr/lib/x86_64-linux-gnu/gconv/KOI8-U.so", "/usr/lib/x86_64-linux-gnu/gconv/LATIN-GREEK-1.so", "/usr/lib/x86_64-linux-gnu/gconv/LATIN-GREEK.so", "/usr/lib/x86_64-linux-gnu/gconv/MAC-CENTRALEUROPE.so", "/usr/lib/x86_64-linux-gnu/gconv/MAC-IS.so", "/usr/lib/x86_64-linux-gnu/gconv/MAC-SAMI.so", "/usr/lib/x86_64-linux-gnu/gconv/MAC-UK.so", "/usr/lib/x86_64-linux-gnu/gconv/MACINTOSH.so", "/usr/lib/x86_64-linux-gnu/gconv/MIK.so", "/usr/lib/x86_64-linux-gnu/gconv/NATS-DANO.so", "/usr/lib/x86_64-linux-gnu/gconv/NATS-SEFI.so", "/usr/lib/x86_64-linux-gnu/gconv/PT154.so", "/usr/lib/x86_64-linux-gnu/gconv/RK1048.so", "/usr/lib/x86_64-linux-gnu/gconv/SAMI-WS2.so", "/usr/lib/x86_64-linux-gnu/gconv/SHIFT_JISX0213.so", "/usr/lib/x86_64-linux-gnu/gconv/SJIS.so", "/usr/lib/x86_64-linux-gnu/gconv/T.61.so", "/usr/lib/x86_64-linux-gnu/gconv/TCVN5712-1.so", "/usr/lib/x86_64-linux-gnu/gconv/TIS-620.so", "/usr/lib/x86_64-linux-gnu/gconv/TSCII.so", "/usr/lib/x86_64-linux-gnu/gconv/UHC.so", "/usr/lib/x86_64-linux-gnu/gconv/UNICODE.so", "/usr/lib/x86_64-linux-gnu/gconv/UTF-16.so", "/usr/lib/x86_64-linux-gnu/gconv/UTF-32.so", "/usr/lib/x86_64-linux-gnu/gconv/UTF-7.so", "/usr/lib/x86_64-linux-gnu/gconv/VISCII.so", "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules", "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache", "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.d/gconv-modules-extra.conf", "/usr/lib/x86_64-linux-gnu/gconv/libCNS.so", "/usr/lib/x86_64-linux-gnu/gconv/libGB.so", "/usr/lib/x86_64-linux-gnu/gconv/libISOIR165.so", "/usr/lib/x86_64-linux-gnu/gconv/libJIS.so", "/usr/lib/x86_64-linux-gnu/gconv/libJISX0213.so", "/usr/lib/x86_64-linux-gnu/gconv/libKSC.so", "/usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2", "/usr/lib/x86_64-linux-gnu/libBrokenLocale.so.1", "/usr/lib/x86_64-linux-gnu/libanl.so.1", "/usr/lib/x86_64-linux-gnu/libc.so.6", "/usr/lib/x86_64-linux-gnu/libc_malloc_debug.so.0", "/usr/lib/x86_64-linux-gnu/libdl.so.2", "/usr/lib/x86_64-linux-gnu/libm.so.6", "/usr/lib/x86_64-linux-gnu/libmemusage.so", "/usr/lib/x86_64-linux-gnu/libmvec.so.1", "/usr/lib/x86_64-linux-gnu/libnsl.so.1", "/usr/lib/x86_64-linux-gnu/libnss_compat.so.2", "/usr/lib/x86_64-linux-gnu/libnss_dns.so.2", "/usr/lib/x86_64-linux-gnu/libnss_files.so.2", "/usr/lib/x86_64-linux-gnu/libnss_hesiod.so.2", "/usr/lib/x86_64-linux-gnu/libpcprofile.so", "/usr/lib/x86_64-linux-gnu/libpthread.so.0", "/usr/lib/x86_64-linux-gnu/libresolv.so.2", "/usr/lib/x86_64-linux-gnu/librt.so.1", "/usr/lib/x86_64-linux-gnu/libthread_db.so.1", "/usr/lib/x86_64-linux-gnu/libutil.so.1", "/usr/share/doc/libc6/NEWS.Debian.gz", "/usr/share/doc/libc6/NEWS.gz", "/usr/share/doc/libc6/README.Debian.gz", "/usr/share/doc/libc6/README.hesiod.gz", "/usr/share/doc/libc6/changelog.Debian.gz", "/usr/share/doc/libc6/changelog.gz", "/usr/share/doc/libc6/copyright", "/usr/share/lintian/overrides/libc6" ], "AnalyzedBy": "dpkg" }, { "ID": "libcap-ng0@0.8.5-4+b1", "Name": "libcap-ng0", "Identifier": { "PURL": "pkg:deb/debian/libcap-ng0@0.8.5-4%2Bb1?arch=amd64\u0026distro=debian-13.5", "UID": "9b7c2d5667513e48" }, "Version": "0.8.5", "Release": "4+b1", "Arch": "amd64", "SrcName": "libcap-ng", "SrcVersion": "0.8.5", "SrcRelease": "4", "Licenses": [ "LGPL-2.1-or-later", "GPL-2.0-or-later", "GPL-3.0-only", "LGPL-2.1-only", "GPL-2.0-only" ], "Maintainer": "Håvard F. Aasen \u003chavard.f.aasen@pfft.no\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libcap-ng.so.0.0.0", "/usr/lib/x86_64-linux-gnu/libdrop_ambient.so.0.0.0", "/usr/share/doc/libcap-ng0/changelog.Debian.amd64.gz", "/usr/share/doc/libcap-ng0/changelog.Debian.gz", "/usr/share/doc/libcap-ng0/changelog.gz", "/usr/share/doc/libcap-ng0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libcap2@1:2.75-10+deb13u1+b1", "Name": "libcap2", "Identifier": { "PURL": "pkg:deb/debian/libcap2@2.75-10%2Bdeb13u1%2Bb1?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "7cefa0399e4d88d4" }, "Version": "2.75", "Release": "10+deb13u1+b1", "Epoch": 1, "Arch": "amd64", "SrcName": "libcap2", "SrcVersion": "2.75", "SrcRelease": "10+deb13u1", "SrcEpoch": 1, "Licenses": [ "BSD-3-Clause", "GPL-2.0-only", "GPL-2.0-or-later" ], "Maintainer": "Christian Kastner \u003cckk@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libcap.so.2.75", "/usr/lib/x86_64-linux-gnu/libpsx.so.2.75", "/usr/share/doc/libcap2/changelog.Debian.amd64.gz", "/usr/share/doc/libcap2/changelog.Debian.gz", "/usr/share/doc/libcap2/changelog.gz", "/usr/share/doc/libcap2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libcrypt1@1:4.4.38-1", "Name": "libcrypt1", "Identifier": { "PURL": "pkg:deb/debian/libcrypt1@4.4.38-1?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "afe984ba824f92ac" }, "Version": "4.4.38", "Release": "1", "Epoch": 1, "Arch": "amd64", "SrcName": "libxcrypt", "SrcVersion": "4.4.38", "SrcRelease": "1", "SrcEpoch": 1, "Maintainer": "Marco d'Itri \u003cmd@linux.it\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libcrypt.so.1.1.0", "/usr/share/doc/libcrypt1/changelog.Debian.gz", "/usr/share/doc/libcrypt1/changelog.gz", "/usr/share/doc/libcrypt1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libdb5.3t64@5.3.28+dfsg2-9", "Name": "libdb5.3t64", "Identifier": { "PURL": "pkg:deb/debian/libdb5.3t64@5.3.28%2Bdfsg2-9?arch=amd64\u0026distro=debian-13.5", "UID": "2f5f1c2fd77295dc" }, "Version": "5.3.28+dfsg2", "Release": "9", "Arch": "amd64", "SrcName": "db5.3", "SrcVersion": "5.3.28+dfsg2", "SrcRelease": "9", "Licenses": [ "Sleepycat", "BSD-3-Clause", "MS-PL", "GPL-2.0-or-later", "Artistic-2.0", "X11", "MIT-old", "TCL-like", "BSD-3-clause-fjord", "GPL-3.0-only", "Zlib" ], "Maintainer": "Debian QA Group \u003cpackages@qa.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libdb-5.3.so", "/usr/share/doc/libdb5.3t64/build_signature_amd64.txt", "/usr/share/doc/libdb5.3t64/changelog.Debian.gz", "/usr/share/doc/libdb5.3t64/copyright", "/usr/share/lintian/overrides/libdb5.3t64" ], "AnalyzedBy": "dpkg" }, { "ID": "libdebconfclient0@0.280", "Name": "libdebconfclient0", "Identifier": { "PURL": "pkg:deb/debian/libdebconfclient0@0.280?arch=amd64\u0026distro=debian-13.5", "UID": "fcad452fa456130" }, "Version": "0.280", "Arch": "amd64", "SrcName": "cdebconf", "SrcVersion": "0.280", "Licenses": [ "BSD-2-Clause", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Debian Install System Team \u003cdebian-boot@lists.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libdebconfclient.so.0.0.0", "/usr/share/doc/libdebconfclient0/changelog.gz", "/usr/share/doc/libdebconfclient0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libffi8@3.4.8-2", "Name": "libffi8", "Identifier": { "PURL": "pkg:deb/debian/libffi8@3.4.8-2?arch=amd64\u0026distro=debian-13.5", "UID": "e57a61a9119138e1" }, "Version": "3.4.8", "Release": "2", "Arch": "amd64", "SrcName": "libffi", "SrcVersion": "3.4.8", "SrcRelease": "2", "Licenses": [ "MIT", "X11", "GPL-2.0-or-later", "GPL-3.0-or-later", "MPL-1.1", "LGPL-2.1-or-later", "public-domain" ], "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libffi.so.8.1.4", "/usr/share/doc/libffi8/changelog.Debian.gz", "/usr/share/doc/libffi8/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libgcc-s1@14.2.0-19", "Name": "libgcc-s1", "Identifier": { "PURL": "pkg:deb/debian/libgcc-s1@14.2.0-19?arch=amd64\u0026distro=debian-13.5", "UID": "6ebf985ba3bd76f3" }, "Version": "14.2.0", "Release": "19", "Arch": "amd64", "SrcName": "gcc-14", "SrcVersion": "14.2.0", "SrcRelease": "19", "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "gcc-14-base@14.2.0-19", "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libgcc_s.so.1", "/usr/share/lintian/overrides/libgcc-s1" ], "AnalyzedBy": "dpkg" }, { "ID": "libgdbm6t64@1.24-2", "Name": "libgdbm6t64", "Identifier": { "PURL": "pkg:deb/debian/libgdbm6t64@1.24-2?arch=amd64\u0026distro=debian-13.5", "UID": "a978781f1be6197e" }, "Version": "1.24", "Release": "2", "Arch": "amd64", "SrcName": "gdbm", "SrcVersion": "1.24", "SrcRelease": "2", "Licenses": [ "GPL-3.0-or-later", "GPL-2.0-or-later", "GFDL-1.3-no-invariants-or-later", "GPL-3.0-only", "GPL-2.0-only" ], "Maintainer": "Nicolas Mora \u003cbabelouest@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libgdbm.so.6.0.0", "/usr/share/doc/libgdbm6t64/changelog.Debian.gz", "/usr/share/doc/libgdbm6t64/changelog.gz", "/usr/share/doc/libgdbm6t64/copyright", "/usr/share/lintian/overrides/libgdbm6t64" ], "AnalyzedBy": "dpkg" }, { "ID": "libgmp10@2:6.3.0+dfsg-3", "Name": "libgmp10", "Identifier": { "PURL": "pkg:deb/debian/libgmp10@6.3.0%2Bdfsg-3?arch=amd64\u0026distro=debian-13.5\u0026epoch=2", "UID": "fec85c1b440262e2" }, "Version": "6.3.0+dfsg", "Release": "3", "Epoch": 2, "Arch": "amd64", "SrcName": "gmp", "SrcVersion": "6.3.0+dfsg", "SrcRelease": "3", "SrcEpoch": 2, "Licenses": [ "GPL-2.0-or-later", "LGPL-3.0-or-later", "GPL-3.0-or-later", "GPL-3+ with Bison exception", "GPL-2.0-only", "GPL-3.0-only", "LGPL-3.0-only" ], "Maintainer": "Debian Science Maintainers \u003cdebian-science-maintainers@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libgmp.so.10.5.0", "/usr/share/doc/libgmp10/README.Debian", "/usr/share/doc/libgmp10/changelog.Debian.gz", "/usr/share/doc/libgmp10/changelog.gz", "/usr/share/doc/libgmp10/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libhogweed6t64@3.10.1-1", "Name": "libhogweed6t64", "Identifier": { "PURL": "pkg:deb/debian/libhogweed6t64@3.10.1-1?arch=amd64\u0026distro=debian-13.5", "UID": "8a048285d77ff6c0" }, "Version": "3.10.1", "Release": "1", "Arch": "amd64", "SrcName": "nettle", "SrcVersion": "3.10.1", "SrcRelease": "1", "Licenses": [ "LGPL-3.0-or-later", "GPL-2.0-or-later", "LGPL-2.0-or-later", "LGPL-2.0-only", "MIT", "GPL-3.0-with-autoconf-exception+", "public-domain", "GPL-2.0-only", "GAP" ], "Maintainer": "Magnus Holmgren \u003cholmgren@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libgmp10@2:6.3.0+dfsg-3", "libnettle8t64@3.10.1-1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libhogweed.so.6.10", "/usr/share/doc/libhogweed6t64/changelog.Debian.gz", "/usr/share/doc/libhogweed6t64/changelog.gz", "/usr/share/doc/libhogweed6t64/copyright", "/usr/share/lintian/overrides/libhogweed6t64" ], "AnalyzedBy": "dpkg" }, { "ID": "liblastlog2-2@2.41-5", "Name": "liblastlog2-2", "Identifier": { "PURL": "pkg:deb/debian/liblastlog2-2@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "eb4f5430aea34a10" }, "Version": "2.41", "Release": "5", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libsqlite3-0@3.46.1-7+deb13u1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/liblastlog2.so.2.0.0", "/usr/share/doc/liblastlog2-2/NEWS.Debian.gz", "/usr/share/doc/liblastlog2-2/changelog.Debian.gz", "/usr/share/doc/liblastlog2-2/changelog.gz", "/usr/share/doc/liblastlog2-2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "liblz4-1@1.10.0-4", "Name": "liblz4-1", "Identifier": { "PURL": "pkg:deb/debian/liblz4-1@1.10.0-4?arch=amd64\u0026distro=debian-13.5", "UID": "c31b43410c927de" }, "Version": "1.10.0", "Release": "4", "Arch": "amd64", "SrcName": "lz4", "SrcVersion": "1.10.0", "SrcRelease": "4", "Licenses": [ "GPL-2.0-or-later", "BSD-2-Clause", "GPL-2.0-only" ], "Maintainer": "Nobuhiro Iwamatsu \u003ciwamatsu@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libxxhash0@0.8.3-2" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/liblz4.so.1.10.0", "/usr/share/doc/liblz4-1/changelog.Debian.gz", "/usr/share/doc/liblz4-1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "liblzma5@5.8.1-1", "Name": "liblzma5", "Identifier": { "PURL": "pkg:deb/debian/liblzma5@5.8.1-1?arch=amd64\u0026distro=debian-13.5", "UID": "d7b58e04f1a265ed" }, "Version": "5.8.1", "Release": "1", "Arch": "amd64", "SrcName": "xz-utils", "SrcVersion": "5.8.1", "SrcRelease": "1", "Licenses": [ "0BSD", "GPL-2.0-or-later", "LGPL-2.1-or-later", "FSFULLR", "GPL-3.0-or-later-WITH-Autoconf-exception-macro", "none", "PD", "permissive-nowarranty", "FSFUL", "noderivs", "PD-debian", "LGPL-2.1-only", "GPL-2.0-only", "GPL-3.0-only" ], "Maintainer": "Sebastian Andrzej Siewior \u003csebastian@breakpoint.cc\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/liblzma.so.5.8.1", "/usr/share/doc/liblzma5/AUTHORS", "/usr/share/doc/liblzma5/NEWS.gz", "/usr/share/doc/liblzma5/THANKS.gz", "/usr/share/doc/liblzma5/changelog.Debian.gz", "/usr/share/doc/liblzma5/changelog.gz", "/usr/share/doc/liblzma5/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libmd0@1.1.0-2+b1", "Name": "libmd0", "Identifier": { "PURL": "pkg:deb/debian/libmd0@1.1.0-2%2Bb1?arch=amd64\u0026distro=debian-13.5", "UID": "f3971c5b48c68b3c" }, "Version": "1.1.0", "Release": "2+b1", "Arch": "amd64", "SrcName": "libmd", "SrcVersion": "1.1.0", "SrcRelease": "2", "Licenses": [ "BSD-3-Clause", "BSD-3-clause-Aaron-D-Gifford", "BSD-2-Clause", "BSD-2-Clause-NetBSD", "ISC", "Beerware", "public-domain-md4", "public-domain-md5", "public-domain-sha1" ], "Maintainer": "Guillem Jover \u003cguillem@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libmd.so.0.1.0", "/usr/share/doc/libmd0/changelog.Debian.amd64.gz", "/usr/share/doc/libmd0/changelog.Debian.gz", "/usr/share/doc/libmd0/changelog.gz", "/usr/share/doc/libmd0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libmount1@2.41-5", "Name": "libmount1", "Identifier": { "PURL": "pkg:deb/debian/libmount1@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "84ccd0371833b76" }, "Version": "2.41", "Release": "5", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libblkid1@2.41-5", "libc6@2.41-12+deb13u3", "libselinux1@3.8.1-1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libmount.so.1.1.0", "/usr/share/doc/libmount1/NEWS.Debian.gz", "/usr/share/doc/libmount1/changelog.Debian.gz", "/usr/share/doc/libmount1/changelog.gz", "/usr/share/doc/libmount1/copyright", "/usr/share/lintian/overrides/libmount1" ], "AnalyzedBy": "dpkg" }, { "ID": "libncursesw6@6.5+20250216-2", "Name": "libncursesw6", "Identifier": { "PURL": "pkg:deb/debian/libncursesw6@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.5", "UID": "5efa2a2068c240d8" }, "Version": "6.5+20250216", "Release": "2", "Arch": "amd64", "SrcName": "ncurses", "SrcVersion": "6.5+20250216", "SrcRelease": "2", "Maintainer": "Ncurses Maintainers \u003cncurses@packages.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libtinfo6@6.5+20250216-2" ], "Layer": { "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libformw.so.6.5", "/usr/lib/x86_64-linux-gnu/libmenuw.so.6.5", "/usr/lib/x86_64-linux-gnu/libncursesw.so.6.5", "/usr/lib/x86_64-linux-gnu/libpanelw.so.6.5" ], "AnalyzedBy": "dpkg" }, { "ID": "libnettle8t64@3.10.1-1", "Name": "libnettle8t64", "Identifier": { "PURL": "pkg:deb/debian/libnettle8t64@3.10.1-1?arch=amd64\u0026distro=debian-13.5", "UID": "fd78e15d23b25c1f" }, "Version": "3.10.1", "Release": "1", "Arch": "amd64", "SrcName": "nettle", "SrcVersion": "3.10.1", "SrcRelease": "1", "Licenses": [ "LGPL-3.0-or-later", "GPL-2.0-or-later", "LGPL-2.0-or-later", "LGPL-2.0-only", "MIT", "GPL-3.0-with-autoconf-exception+", "public-domain", "GPL-2.0-only", "GAP" ], "Maintainer": "Magnus Holmgren \u003cholmgren@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libnettle.so.8.10", "/usr/share/doc/libnettle8t64/NEWS.gz", "/usr/share/doc/libnettle8t64/README", "/usr/share/doc/libnettle8t64/changelog.Debian.gz", "/usr/share/doc/libnettle8t64/changelog.gz", "/usr/share/doc/libnettle8t64/copyright", "/usr/share/lintian/overrides/libnettle8t64" ], "AnalyzedBy": "dpkg" }, { "ID": "libpam-modules@1.7.0-5", "Name": "libpam-modules", "Identifier": { "PURL": "pkg:deb/debian/libpam-modules@1.7.0-5?arch=amd64\u0026distro=debian-13.5", "UID": "274a704398461ef0" }, "Version": "1.7.0", "Release": "5", "Arch": "amd64", "SrcName": "pam", "SrcVersion": "1.7.0", "SrcRelease": "5", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later", "GPL-1.0-only", "GPL-2.0-only", "GPL-3.0-only", "GPL-3+ with Bison exception", "BSD-tcp_wrappers", "LGPL-2.0-or-later", "LGPL-2.0-only", "public-domain", "Beerware" ], "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/security/pam_access.so", "/usr/lib/x86_64-linux-gnu/security/pam_canonicalize_user.so", "/usr/lib/x86_64-linux-gnu/security/pam_debug.so", "/usr/lib/x86_64-linux-gnu/security/pam_deny.so", "/usr/lib/x86_64-linux-gnu/security/pam_echo.so", "/usr/lib/x86_64-linux-gnu/security/pam_env.so", "/usr/lib/x86_64-linux-gnu/security/pam_exec.so", "/usr/lib/x86_64-linux-gnu/security/pam_faildelay.so", "/usr/lib/x86_64-linux-gnu/security/pam_faillock.so", "/usr/lib/x86_64-linux-gnu/security/pam_filter.so", "/usr/lib/x86_64-linux-gnu/security/pam_ftp.so", "/usr/lib/x86_64-linux-gnu/security/pam_group.so", "/usr/lib/x86_64-linux-gnu/security/pam_issue.so", "/usr/lib/x86_64-linux-gnu/security/pam_keyinit.so", "/usr/lib/x86_64-linux-gnu/security/pam_limits.so", "/usr/lib/x86_64-linux-gnu/security/pam_listfile.so", "/usr/lib/x86_64-linux-gnu/security/pam_localuser.so", "/usr/lib/x86_64-linux-gnu/security/pam_loginuid.so", "/usr/lib/x86_64-linux-gnu/security/pam_mail.so", "/usr/lib/x86_64-linux-gnu/security/pam_mkhomedir.so", "/usr/lib/x86_64-linux-gnu/security/pam_motd.so", "/usr/lib/x86_64-linux-gnu/security/pam_namespace.so", "/usr/lib/x86_64-linux-gnu/security/pam_nologin.so", "/usr/lib/x86_64-linux-gnu/security/pam_permit.so", "/usr/lib/x86_64-linux-gnu/security/pam_pwhistory.so", "/usr/lib/x86_64-linux-gnu/security/pam_rhosts.so", "/usr/lib/x86_64-linux-gnu/security/pam_rootok.so", "/usr/lib/x86_64-linux-gnu/security/pam_securetty.so", "/usr/lib/x86_64-linux-gnu/security/pam_selinux.so", "/usr/lib/x86_64-linux-gnu/security/pam_sepermit.so", "/usr/lib/x86_64-linux-gnu/security/pam_setquota.so", "/usr/lib/x86_64-linux-gnu/security/pam_shells.so", "/usr/lib/x86_64-linux-gnu/security/pam_stress.so", "/usr/lib/x86_64-linux-gnu/security/pam_succeed_if.so", "/usr/lib/x86_64-linux-gnu/security/pam_time.so", "/usr/lib/x86_64-linux-gnu/security/pam_timestamp.so", "/usr/lib/x86_64-linux-gnu/security/pam_tty_audit.so", "/usr/lib/x86_64-linux-gnu/security/pam_umask.so", "/usr/lib/x86_64-linux-gnu/security/pam_unix.so", "/usr/lib/x86_64-linux-gnu/security/pam_userdb.so", "/usr/lib/x86_64-linux-gnu/security/pam_usertype.so", "/usr/lib/x86_64-linux-gnu/security/pam_warn.so", "/usr/lib/x86_64-linux-gnu/security/pam_wheel.so", "/usr/lib/x86_64-linux-gnu/security/pam_xauth.so", "/usr/share/doc/libpam-modules/NEWS.Debian.gz", "/usr/share/doc/libpam-modules/changelog.Debian.gz", "/usr/share/doc/libpam-modules/changelog.gz", "/usr/share/doc/libpam-modules/copyright", "/usr/share/doc/libpam-modules/examples/upperLOWER.c", "/usr/share/lintian/overrides/libpam-modules", "/usr/share/pam-configs/mkhomedir" ], "AnalyzedBy": "dpkg" }, { "ID": "libpam-modules-bin@1.7.0-5", "Name": "libpam-modules-bin", "Identifier": { "PURL": "pkg:deb/debian/libpam-modules-bin@1.7.0-5?arch=amd64\u0026distro=debian-13.5", "UID": "c9cbae9084b28bae" }, "Version": "1.7.0", "Release": "5", "Arch": "amd64", "SrcName": "pam", "SrcVersion": "1.7.0", "SrcRelease": "5", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later", "GPL-1.0-only", "GPL-2.0-only", "GPL-3.0-only", "GPL-3+ with Bison exception", "BSD-tcp_wrappers", "LGPL-2.0-or-later", "LGPL-2.0-only", "public-domain", "Beerware" ], "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libaudit1@1:4.0.2-2+b2", "libc6@2.41-12+deb13u3", "libcrypt1@1:4.4.38-1", "libpam0g@1.7.0-5", "libselinux1@3.8.1-1", "libsystemd0@257.13-1~deb13u1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/systemd/system/pam_namespace.service", "/usr/sbin/faillock", "/usr/sbin/mkhomedir_helper", "/usr/sbin/pam_namespace_helper", "/usr/sbin/pam_timestamp_check", "/usr/sbin/pwhistory_helper", "/usr/sbin/unix_chkpwd", "/usr/sbin/unix_update", "/usr/share/doc/libpam-modules-bin/changelog.Debian.gz", "/usr/share/doc/libpam-modules-bin/changelog.gz", "/usr/share/doc/libpam-modules-bin/copyright", "/usr/share/lintian/overrides/libpam-modules-bin" ], "AnalyzedBy": "dpkg" }, { "ID": "libpam-runtime@1.7.0-5", "Name": "libpam-runtime", "Identifier": { "PURL": "pkg:deb/debian/libpam-runtime@1.7.0-5?arch=all\u0026distro=debian-13.5", "UID": "1d4f3eaf1c0f9548" }, "Version": "1.7.0", "Release": "5", "Arch": "all", "SrcName": "pam", "SrcVersion": "1.7.0", "SrcRelease": "5", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later", "GPL-1.0-only", "GPL-2.0-only", "GPL-3.0-only", "GPL-3+ with Bison exception", "BSD-tcp_wrappers", "LGPL-2.0-or-later", "LGPL-2.0-only", "public-domain", "Beerware" ], "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debconf@1.5.91", "libpam-modules@1.7.0-5" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/sbin/pam-auth-update", "/usr/sbin/pam_getenv", "/usr/share/doc/libpam-runtime/changelog.Debian.gz", "/usr/share/doc/libpam-runtime/changelog.gz", "/usr/share/doc/libpam-runtime/copyright", "/usr/share/lintian/overrides/libpam-runtime", "/usr/share/locale/af/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/am/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ar/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/as/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/az/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/be/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/bg/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/bn/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/bn_IN/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/bs/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ca/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/cs/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/cy/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/da/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/de/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/de_CH/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/el/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/eo/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/es/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/et/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/eu/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/fa/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/fi/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/fr/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ga/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/gl/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/gu/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/he/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/hi/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/hr/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/hu/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ia/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/id/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/is/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/it/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ja/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ka/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/kk/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/km/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/kn/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ko/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/kw_GB/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ky/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/lt/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/lv/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/mk/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ml/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/mn/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/mr/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ms/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/my/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/nb/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ne/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/nl/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/nn/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/or/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/pa/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/pl/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/pt/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ro/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ru/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/si/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/sk/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/sl/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/sq/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/sr/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/sr@latin/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/sv/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ta/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/te/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/tg/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/th/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/tr/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/uk/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ur/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/vi/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/yo/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/zh_HK/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/zu/LC_MESSAGES/Linux-PAM.mo", "/usr/share/man/man5/access.conf.5.gz", "/usr/share/man/man5/faillock.conf.5.gz", "/usr/share/man/man5/group.conf.5.gz", "/usr/share/man/man5/limits.conf.5.gz", "/usr/share/man/man5/namespace.conf.5.gz", "/usr/share/man/man5/pam.conf.5.gz", "/usr/share/man/man5/pam_env.conf.5.gz", "/usr/share/man/man5/pwhistory.conf.5.gz", "/usr/share/man/man5/sepermit.conf.5.gz", "/usr/share/man/man5/time.conf.5.gz", "/usr/share/man/man7/PAM.7.gz", "/usr/share/man/man8/faillock.8.gz", "/usr/share/man/man8/mkhomedir_helper.8.gz", "/usr/share/man/man8/pam-auth-update.8.gz", "/usr/share/man/man8/pam_access.8.gz", "/usr/share/man/man8/pam_canonicalize_user.8.gz", "/usr/share/man/man8/pam_debug.8.gz", "/usr/share/man/man8/pam_deny.8.gz", "/usr/share/man/man8/pam_echo.8.gz", "/usr/share/man/man8/pam_env.8.gz", "/usr/share/man/man8/pam_exec.8.gz", "/usr/share/man/man8/pam_faildelay.8.gz", "/usr/share/man/man8/pam_faillock.8.gz", "/usr/share/man/man8/pam_filter.8.gz", "/usr/share/man/man8/pam_ftp.8.gz", "/usr/share/man/man8/pam_getenv.8.gz", "/usr/share/man/man8/pam_group.8.gz", "/usr/share/man/man8/pam_issue.8.gz", "/usr/share/man/man8/pam_keyinit.8.gz", "/usr/share/man/man8/pam_limits.8.gz", "/usr/share/man/man8/pam_listfile.8.gz", "/usr/share/man/man8/pam_localuser.8.gz", "/usr/share/man/man8/pam_loginuid.8.gz", "/usr/share/man/man8/pam_mail.8.gz", "/usr/share/man/man8/pam_mkhomedir.8.gz", "/usr/share/man/man8/pam_motd.8.gz", "/usr/share/man/man8/pam_namespace.8.gz", "/usr/share/man/man8/pam_namespace_helper.8.gz", "/usr/share/man/man8/pam_nologin.8.gz", "/usr/share/man/man8/pam_permit.8.gz", "/usr/share/man/man8/pam_pwhistory.8.gz", "/usr/share/man/man8/pam_rhosts.8.gz", "/usr/share/man/man8/pam_rootok.8.gz", "/usr/share/man/man8/pam_securetty.8.gz", "/usr/share/man/man8/pam_selinux.8.gz", "/usr/share/man/man8/pam_sepermit.8.gz", "/usr/share/man/man8/pam_setquota.8.gz", "/usr/share/man/man8/pam_shells.8.gz", "/usr/share/man/man8/pam_stress.8.gz", "/usr/share/man/man8/pam_succeed_if.8.gz", "/usr/share/man/man8/pam_time.8.gz", "/usr/share/man/man8/pam_timestamp.8.gz", "/usr/share/man/man8/pam_timestamp_check.8.gz", "/usr/share/man/man8/pam_tty_audit.8.gz", "/usr/share/man/man8/pam_umask.8.gz", "/usr/share/man/man8/pam_unix.8.gz", "/usr/share/man/man8/pam_userdb.8.gz", "/usr/share/man/man8/pam_usertype.8.gz", "/usr/share/man/man8/pam_warn.8.gz", "/usr/share/man/man8/pam_wheel.8.gz", "/usr/share/man/man8/pam_xauth.8.gz", "/usr/share/man/man8/pwhistory_helper.8.gz", "/usr/share/man/man8/unix_chkpwd.8.gz", "/usr/share/man/man8/unix_update.8.gz", "/usr/share/pam-configs/unix", "/usr/share/pam/common-account", "/usr/share/pam/common-account.md5sums", "/usr/share/pam/common-auth", "/usr/share/pam/common-auth.md5sums", "/usr/share/pam/common-password", "/usr/share/pam/common-password.md5sums", "/usr/share/pam/common-session", "/usr/share/pam/common-session-noninteractive", "/usr/share/pam/common-session-noninteractive.md5sums", "/usr/share/pam/common-session.md5sums" ], "AnalyzedBy": "dpkg" }, { "ID": "libpam0g@1.7.0-5", "Name": "libpam0g", "Identifier": { "PURL": "pkg:deb/debian/libpam0g@1.7.0-5?arch=amd64\u0026distro=debian-13.5", "UID": "50a3886f7361785c" }, "Version": "1.7.0", "Release": "5", "Arch": "amd64", "SrcName": "pam", "SrcVersion": "1.7.0", "SrcRelease": "5", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later", "GPL-1.0-only", "GPL-2.0-only", "GPL-3.0-only", "GPL-3+ with Bison exception", "BSD-tcp_wrappers", "LGPL-2.0-or-later", "LGPL-2.0-only", "public-domain", "Beerware" ], "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debconf@1.5.91", "libaudit1@1:4.0.2-2+b2", "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libpam.so.0.85.1", "/usr/lib/x86_64-linux-gnu/libpam_misc.so.0.82.1", "/usr/lib/x86_64-linux-gnu/libpamc.so.0.82.1", "/usr/share/doc/libpam0g/Debian-PAM-MiniPolicy.gz", "/usr/share/doc/libpam0g/README", "/usr/share/doc/libpam0g/README.Debian", "/usr/share/doc/libpam0g/TODO.Debian", "/usr/share/doc/libpam0g/changelog.Debian.gz", "/usr/share/doc/libpam0g/changelog.gz", "/usr/share/doc/libpam0g/copyright", "/usr/share/lintian/overrides/libpam0g" ], "AnalyzedBy": "dpkg" }, { "ID": "libpcre2-8-0@10.46-1~deb13u1", "Name": "libpcre2-8-0", "Identifier": { "PURL": "pkg:deb/debian/libpcre2-8-0@10.46-1~deb13u1?arch=amd64\u0026distro=debian-13.5", "UID": "aa7e3a6ab471d889" }, "Version": "10.46", "Release": "1~deb13u1", "Arch": "amd64", "SrcName": "pcre2", "SrcVersion": "10.46", "SrcRelease": "1~deb13u1", "Licenses": [ "BSD-3-clause-Cambridge with BINARY LIBRARY-LIKE PACKAGES exception", "BSD-3-Clause", "X11", "BSD-2-Clause", "public-domain" ], "Maintainer": "Matthew Vernon \u003cmatthew@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libpcre2-8.so.0.14.0", "/usr/share/doc/libpcre2-8-0/README.Debian", "/usr/share/doc/libpcre2-8-0/changelog.Debian.gz", "/usr/share/doc/libpcre2-8-0/changelog.gz", "/usr/share/doc/libpcre2-8-0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libreadline8t64@8.2-6", "Name": "libreadline8t64", "Identifier": { "PURL": "pkg:deb/debian/libreadline8t64@8.2-6?arch=amd64\u0026distro=debian-13.5", "UID": "a41a60a40a941961" }, "Version": "8.2", "Release": "6", "Arch": "amd64", "SrcName": "readline", "SrcVersion": "8.2", "SrcRelease": "6", "Licenses": [ "GPL-3.0-or-later", "GPL-3.0-only", "GPL-2.0-or-later", "GPL-2.0-only", "GFDL-1.3-no-invariants-or-later", "GFDL-1.3-or-later", "ISC-no-attribution" ], "Maintainer": "Matthias Klose \u003cdoko@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libtinfo6@6.5+20250216-2", "readline-common@8.2-6" ], "Layer": { "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libhistory.so.8.2", "/usr/lib/x86_64-linux-gnu/libreadline.so.8.2", "/usr/share/doc/libreadline8t64/README.Debian", "/usr/share/doc/libreadline8t64/USAGE", "/usr/share/doc/libreadline8t64/changelog.Debian.gz", "/usr/share/doc/libreadline8t64/changelog.gz", "/usr/share/doc/libreadline8t64/copyright", "/usr/share/doc/libreadline8t64/examples/Inputrc", "/usr/share/doc/libreadline8t64/inputrc.arrows" ], "AnalyzedBy": "dpkg" }, { "ID": "libseccomp2@2.6.0-2", "Name": "libseccomp2", "Identifier": { "PURL": "pkg:deb/debian/libseccomp2@2.6.0-2?arch=amd64\u0026distro=debian-13.5", "UID": "97e0ed663a98e78b" }, "Version": "2.6.0", "Release": "2", "Arch": "amd64", "SrcName": "libseccomp", "SrcVersion": "2.6.0", "SrcRelease": "2", "Licenses": [ "LGPL-2.1-only" ], "Maintainer": "Kees Cook \u003ckees@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libseccomp.so.2.6.0", "/usr/share/doc/libseccomp2/changelog.Debian.gz", "/usr/share/doc/libseccomp2/changelog.gz", "/usr/share/doc/libseccomp2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libselinux1@3.8.1-1", "Name": "libselinux1", "Identifier": { "PURL": "pkg:deb/debian/libselinux1@3.8.1-1?arch=amd64\u0026distro=debian-13.5", "UID": "f7d3a23ad693e5cb" }, "Version": "3.8.1", "Release": "1", "Arch": "amd64", "SrcName": "libselinux", "SrcVersion": "3.8.1", "SrcRelease": "1", "Licenses": [ "public-domain", "GPL-2.0-only" ], "Maintainer": "Debian SELinux maintainers \u003cselinux-devel@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libpcre2-8-0@10.46-1~deb13u1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/tmpfiles.d/libselinux1.conf", "/usr/lib/x86_64-linux-gnu/libselinux.so.1", "/usr/share/doc/libselinux1/changelog.Debian.gz", "/usr/share/doc/libselinux1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libsemanage-common@3.8.1-1", "Name": "libsemanage-common", "Identifier": { "PURL": "pkg:deb/debian/libsemanage-common@3.8.1-1?arch=all\u0026distro=debian-13.5", "UID": "ecc6b54d8bc6318c" }, "Version": "3.8.1", "Release": "1", "Arch": "all", "SrcName": "libsemanage", "SrcVersion": "3.8.1", "SrcRelease": "1", "Licenses": [ "LGPL-2.1-or-later", "LGPL-2.1-only", "GPL-2.0-only" ], "Maintainer": "Debian SELinux maintainers \u003cselinux-devel@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/share/doc/libsemanage-common/changelog.Debian.gz", "/usr/share/doc/libsemanage-common/copyright", "/usr/share/man/man5/semanage.conf.5.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "libsemanage2@3.8.1-1", "Name": "libsemanage2", "Identifier": { "PURL": "pkg:deb/debian/libsemanage2@3.8.1-1?arch=amd64\u0026distro=debian-13.5", "UID": "5684bd063761ddb3" }, "Version": "3.8.1", "Release": "1", "Arch": "amd64", "SrcName": "libsemanage", "SrcVersion": "3.8.1", "SrcRelease": "1", "Licenses": [ "LGPL-2.1-or-later", "LGPL-2.1-only", "GPL-2.0-only" ], "Maintainer": "Debian SELinux maintainers \u003cselinux-devel@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libaudit1@1:4.0.2-2+b2", "libbz2-1.0@1.0.8-6", "libc6@2.41-12+deb13u3", "libselinux1@3.8.1-1", "libsemanage-common@3.8.1-1", "libsepol2@3.8.1-1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libsemanage.so.2", "/usr/share/doc/libsemanage2/changelog.Debian.gz", "/usr/share/doc/libsemanage2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libsepol2@3.8.1-1", "Name": "libsepol2", "Identifier": { "PURL": "pkg:deb/debian/libsepol2@3.8.1-1?arch=amd64\u0026distro=debian-13.5", "UID": "9990a97d658e13ae" }, "Version": "3.8.1", "Release": "1", "Arch": "amd64", "SrcName": "libsepol", "SrcVersion": "3.8.1", "SrcRelease": "1", "Licenses": [ "LGPL-2.1-or-later", "LGPL-2.1-only", "Zlib", "GPL-2.0-only", "GPL-2.0-or-later" ], "Maintainer": "Debian SELinux maintainers \u003cselinux-devel@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libsepol.so.2", "/usr/share/doc/libsepol2/changelog.Debian.gz", "/usr/share/doc/libsepol2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libsmartcols1@2.41-5", "Name": "libsmartcols1", "Identifier": { "PURL": "pkg:deb/debian/libsmartcols1@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "780dbec0869ab8e" }, "Version": "2.41", "Release": "5", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libsmartcols.so.1.1.0", "/usr/share/doc/libsmartcols1/NEWS.Debian.gz", "/usr/share/doc/libsmartcols1/changelog.Debian.gz", "/usr/share/doc/libsmartcols1/changelog.gz", "/usr/share/doc/libsmartcols1/copyright", "/usr/share/lintian/overrides/libsmartcols1" ], "AnalyzedBy": "dpkg" }, { "ID": "libsqlite3-0@3.46.1-7+deb13u1", "Name": "libsqlite3-0", "Identifier": { "PURL": "pkg:deb/debian/libsqlite3-0@3.46.1-7%2Bdeb13u1?arch=amd64\u0026distro=debian-13.5", "UID": "c7da287e696e8198" }, "Version": "3.46.1", "Release": "7+deb13u1", "Arch": "amd64", "SrcName": "sqlite3", "SrcVersion": "3.46.1", "SrcRelease": "7+deb13u1", "Licenses": [ "public-domain", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Laszlo Boszormenyi (GCS) \u003cgcs@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libsqlite3.so.0.8.6", "/usr/share/doc/libsqlite3-0/README.Debian", "/usr/share/doc/libsqlite3-0/changelog.Debian.gz", "/usr/share/doc/libsqlite3-0/changelog.gz", "/usr/share/doc/libsqlite3-0/changelog.html.gz", "/usr/share/doc/libsqlite3-0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libssl3t64@3.5.6-1~deb13u1", "Name": "libssl3t64", "Identifier": { "PURL": "pkg:deb/debian/libssl3t64@3.5.6-1~deb13u1?arch=amd64\u0026distro=debian-13.5", "UID": "19bca5c02c5a9632" }, "Version": "3.5.6", "Release": "1~deb13u1", "Arch": "amd64", "SrcName": "openssl", "SrcVersion": "3.5.6", "SrcRelease": "1~deb13u1", "Licenses": [ "Apache-2.0", "Artistic-2.0", "GPL-1.0-or-later", "GPL-1.0-only" ], "Maintainer": "Debian OpenSSL Team \u003cpkg-openssl-devel@alioth-lists.debian.net\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libzstd1@1.5.7+dfsg-1", "openssl-provider-legacy@3.5.6-1~deb13u1", "zlib1g@1:1.3.dfsg+really1.3.1-1+b1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/engines-3/afalg.so", "/usr/lib/x86_64-linux-gnu/engines-3/loader_attic.so", "/usr/lib/x86_64-linux-gnu/engines-3/padlock.so", "/usr/lib/x86_64-linux-gnu/libcrypto.so.3", "/usr/lib/x86_64-linux-gnu/libssl.so.3", "/usr/share/doc/libssl3t64/NEWS.Debian.gz", "/usr/share/doc/libssl3t64/changelog.Debian.gz", "/usr/share/doc/libssl3t64/changelog.gz", "/usr/share/doc/libssl3t64/copyright", "/usr/share/lintian/overrides/libssl3t64" ], "AnalyzedBy": "dpkg" }, { "ID": "libstdc++6@14.2.0-19", "Name": "libstdc++6", "Identifier": { "PURL": "pkg:deb/debian/libstdc%2B%2B6@14.2.0-19?arch=amd64\u0026distro=debian-13.5", "UID": "1b384a6346513d7c" }, "Version": "14.2.0", "Release": "19", "Arch": "amd64", "SrcName": "gcc-14", "SrcVersion": "14.2.0", "SrcRelease": "19", "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "gcc-14-base@14.2.0-19", "libc6@2.41-12+deb13u3", "libgcc-s1@14.2.0-19" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.33", "/usr/share/gcc/python/libstdcxx/__init__.py", "/usr/share/gcc/python/libstdcxx/v6/__init__.py", "/usr/share/gcc/python/libstdcxx/v6/printers.py", "/usr/share/gcc/python/libstdcxx/v6/xmethods.py", "/usr/share/gdb/auto-load/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.33-gdb.py" ], "AnalyzedBy": "dpkg" }, { "ID": "libsystemd0@257.13-1~deb13u1", "Name": "libsystemd0", "Identifier": { "PURL": "pkg:deb/debian/libsystemd0@257.13-1~deb13u1?arch=amd64\u0026distro=debian-13.5", "UID": "a2b4ba47389f858e" }, "Version": "257.13", "Release": "1~deb13u1", "Arch": "amd64", "SrcName": "systemd", "SrcVersion": "257.13", "SrcRelease": "1~deb13u1", "Licenses": [ "LGPL-2.1-or-later", "CC0-1.0", "GPL-2 with Linux-syscall-note exception", "MIT", "public-domain", "GPL-2.0-or-later", "GPL-2.0-only", "LGPL-2.1-only" ], "Maintainer": "Debian systemd Maintainers \u003cpkg-systemd-maintainers@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libcap2@1:2.75-10+deb13u1+b1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "/usr/share/doc/libsystemd0/NEWS.Debian.gz", "/usr/share/doc/libsystemd0/changelog.Debian.gz", "/usr/share/doc/libsystemd0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libtinfo6@6.5+20250216-2", "Name": "libtinfo6", "Identifier": { "PURL": "pkg:deb/debian/libtinfo6@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.5", "UID": "ba2c2b464f07108a" }, "Version": "6.5+20250216", "Release": "2", "Arch": "amd64", "SrcName": "ncurses", "SrcVersion": "6.5+20250216", "SrcRelease": "2", "Licenses": [ "MIT/X11", "X11", "BSD-3-Clause" ], "Maintainer": "Ncurses Maintainers \u003cncurses@packages.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libtic.so.6.5", "/usr/lib/x86_64-linux-gnu/libtinfo.so.6.5", "/usr/share/doc/libtinfo6/changelog.Debian.gz", "/usr/share/doc/libtinfo6/changelog.gz", "/usr/share/doc/libtinfo6/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libudev1@257.13-1~deb13u1", "Name": "libudev1", "Identifier": { "PURL": "pkg:deb/debian/libudev1@257.13-1~deb13u1?arch=amd64\u0026distro=debian-13.5", "UID": "3b7a2f1a9ab169b" }, "Version": "257.13", "Release": "1~deb13u1", "Arch": "amd64", "SrcName": "systemd", "SrcVersion": "257.13", "SrcRelease": "1~deb13u1", "Licenses": [ "LGPL-2.1-or-later", "CC0-1.0", "GPL-2 with Linux-syscall-note exception", "MIT", "public-domain", "GPL-2.0-or-later", "GPL-2.0-only", "LGPL-2.1-only" ], "Maintainer": "Debian systemd Maintainers \u003cpkg-systemd-maintainers@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libcap2@1:2.75-10+deb13u1+b1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libudev.so.1.7.10", "/usr/share/doc/libudev1/NEWS.Debian.gz", "/usr/share/doc/libudev1/changelog.Debian.gz", "/usr/share/doc/libudev1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libuuid1@2.41-5", "Name": "libuuid1", "Identifier": { "PURL": "pkg:deb/debian/libuuid1@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "1afbb50818377478" }, "Version": "2.41", "Release": "5", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libuuid.so.1.3.0", "/usr/share/doc/libuuid1/NEWS.Debian.gz", "/usr/share/doc/libuuid1/changelog.Debian.gz", "/usr/share/doc/libuuid1/changelog.gz", "/usr/share/doc/libuuid1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libxxhash0@0.8.3-2", "Name": "libxxhash0", "Identifier": { "PURL": "pkg:deb/debian/libxxhash0@0.8.3-2?arch=amd64\u0026distro=debian-13.5", "UID": "d91110b5edcae2d8" }, "Version": "0.8.3", "Release": "2", "Arch": "amd64", "SrcName": "xxhash", "SrcVersion": "0.8.3", "SrcRelease": "2", "Licenses": [ "BSD-2-Clause", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Josue Ortega \u003cjosue@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libxxhash.so.0.8.3", "/usr/share/doc/libxxhash0/changelog.Debian.gz", "/usr/share/doc/libxxhash0/changelog.gz", "/usr/share/doc/libxxhash0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libzstd1@1.5.7+dfsg-1", "Name": "libzstd1", "Identifier": { "PURL": "pkg:deb/debian/libzstd1@1.5.7%2Bdfsg-1?arch=amd64\u0026distro=debian-13.5", "UID": "ca4814a2bfd07696" }, "Version": "1.5.7+dfsg", "Release": "1", "Arch": "amd64", "SrcName": "libzstd", "SrcVersion": "1.5.7+dfsg", "SrcRelease": "1", "Licenses": [ "BSD-3-Clause", "GPL-2.0-only", "Zlib", "MIT" ], "Maintainer": "RPM packaging team \u003cteam+pkg-rpm@tracker.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libzstd.so.1.5.7", "/usr/share/doc/libzstd1/changelog.Debian.gz", "/usr/share/doc/libzstd1/changelog.gz", "/usr/share/doc/libzstd1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "login@1:4.16.0-2+really2.41-5", "Name": "login", "Identifier": { "PURL": "pkg:deb/debian/login@4.16.0-2%2Breally2.41-5?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "c0ab0b857644733b" }, "Version": "4.16.0-2+really2.41", "Release": "5", "Epoch": 1, "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libaudit1@1:4.0.2-2+b2", "libc6@2.41-12+deb13u3", "libcrypt1@1:4.4.38-1", "libpam-modules@1.7.0-5", "libpam-runtime@1.7.0-5", "libpam0g@1.7.0-5" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/login", "/usr/bin/newgrp", "/usr/sbin/nologin", "/usr/share/bash-completion/completions/newgrp", "/usr/share/doc/login/NEWS.Debian.gz", "/usr/share/doc/login/changelog.Debian.gz", "/usr/share/doc/login/changelog.gz", "/usr/share/doc/login/copyright", "/usr/share/lintian/overrides/login", "/usr/share/man/de/man1/login.1.gz", "/usr/share/man/de/man8/nologin.8.gz", "/usr/share/man/fr/man1/login.1.gz", "/usr/share/man/man1/login.1.gz", "/usr/share/man/man1/newgrp.1.gz", "/usr/share/man/man8/nologin.8.gz", "/usr/share/man/pl/man1/login.1.gz", "/usr/share/man/pl/man1/newgrp.1.gz", "/usr/share/man/pl/man8/nologin.8.gz", "/usr/share/man/ro/man1/login.1.gz", "/usr/share/man/ro/man1/newgrp.1.gz", "/usr/share/man/ro/man8/nologin.8.gz", "/usr/share/man/sr/man1/login.1.gz", "/usr/share/man/sr/man8/nologin.8.gz", "/usr/share/man/uk/man1/login.1.gz", "/usr/share/man/uk/man1/newgrp.1.gz", "/usr/share/man/uk/man8/nologin.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "login.defs@1:4.17.4-2", "Name": "login.defs", "Identifier": { "PURL": "pkg:deb/debian/login.defs@4.17.4-2?arch=all\u0026distro=debian-13.5\u0026epoch=1", "UID": "b6a337588c67d5a3" }, "Version": "4.17.4", "Release": "2", "Epoch": 1, "Arch": "all", "SrcName": "shadow", "SrcVersion": "4.17.4", "SrcRelease": "2", "SrcEpoch": 1, "Licenses": [ "BSD-3-Clause", "GPL-1.0-only", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Shadow package maintainers \u003cpkg-shadow-devel@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/share/doc/login.defs/NEWS.Debian.gz", "/usr/share/doc/login.defs/changelog.Debian.gz", "/usr/share/doc/login.defs/changelog.gz", "/usr/share/doc/login.defs/copyright", "/usr/share/man/de/man5/login.defs.5.gz", "/usr/share/man/fr/man5/login.defs.5.gz", "/usr/share/man/it/man5/login.defs.5.gz", "/usr/share/man/ja/man5/login.defs.5.gz", "/usr/share/man/man5/login.defs.5.gz", "/usr/share/man/ru/man5/login.defs.5.gz", "/usr/share/man/uk/man5/login.defs.5.gz", "/usr/share/man/zh_CN/man5/login.defs.5.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "mawk@1.3.4.20250131-1", "Name": "mawk", "Identifier": { "PURL": "pkg:deb/debian/mawk@1.3.4.20250131-1?arch=amd64\u0026distro=debian-13.5", "UID": "a4460701c66e182d" }, "Version": "1.3.4.20250131", "Release": "1", "Arch": "amd64", "SrcName": "mawk", "SrcVersion": "1.3.4.20250131", "SrcRelease": "1", "Licenses": [ "GPL-2.0-only", "X11", "CC-BY-3.0" ], "Maintainer": "Boyuan Yang \u003cbyang@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/mawk", "/usr/share/doc/mawk/ACKNOWLEDGMENT", "/usr/share/doc/mawk/README", "/usr/share/doc/mawk/changelog.Debian.gz", "/usr/share/doc/mawk/changelog.gz", "/usr/share/doc/mawk/copyright", "/usr/share/doc/mawk/examples/ct_length.awk", "/usr/share/doc/mawk/examples/decl.awk", "/usr/share/doc/mawk/examples/deps.awk", "/usr/share/doc/mawk/examples/eatc.awk", "/usr/share/doc/mawk/examples/gdecl.awk", "/usr/share/doc/mawk/examples/hcal", "/usr/share/doc/mawk/examples/hical", "/usr/share/doc/mawk/examples/nocomment.awk", "/usr/share/doc/mawk/examples/primes.awk", "/usr/share/doc/mawk/examples/qsort.awk", "/usr/share/man/man1/mawk.1.gz", "/usr/share/man/man7/mawk-arrays.7.gz", "/usr/share/man/man7/mawk-code.7.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "mount@2.41-5", "Name": "mount", "Identifier": { "PURL": "pkg:deb/debian/mount@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "55c835c674d0a0e5" }, "Version": "2.41", "Release": "5", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/mount", "/usr/bin/umount", "/usr/sbin/losetup", "/usr/sbin/swapoff", "/usr/sbin/swapon", "/usr/share/bash-completion/completions/losetup", "/usr/share/bash-completion/completions/mount", "/usr/share/bash-completion/completions/swapoff", "/usr/share/bash-completion/completions/swapon", "/usr/share/bash-completion/completions/umount", "/usr/share/doc/mount/NEWS.Debian.gz", "/usr/share/doc/mount/changelog.Debian.gz", "/usr/share/doc/mount/changelog.gz", "/usr/share/doc/mount/copyright", "/usr/share/doc/mount/examples/filesystems", "/usr/share/doc/mount/examples/fstab", "/usr/share/doc/mount/examples/mount.fstab", "/usr/share/doc/mount/mount.txt", "/usr/share/lintian/overrides/mount", "/usr/share/man/man5/fstab.5.gz", "/usr/share/man/man8/losetup.8.gz", "/usr/share/man/man8/mount.8.gz", "/usr/share/man/man8/swapon.8.gz", "/usr/share/man/man8/umount.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "ncurses-base@6.5+20250216-2", "Name": "ncurses-base", "Identifier": { "PURL": "pkg:deb/debian/ncurses-base@6.5%2B20250216-2?arch=all\u0026distro=debian-13.5", "UID": "767a0231348a5cb5" }, "Version": "6.5+20250216", "Release": "2", "Arch": "all", "SrcName": "ncurses", "SrcVersion": "6.5+20250216", "SrcRelease": "2", "Licenses": [ "MIT/X11", "X11", "BSD-3-Clause" ], "Maintainer": "Ncurses Maintainers \u003cncurses@packages.debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/share/doc/ncurses-base/FAQ", "/usr/share/doc/ncurses-base/TODO.Debian", "/usr/share/doc/ncurses-base/changelog.Debian.gz", "/usr/share/doc/ncurses-base/changelog.gz", "/usr/share/doc/ncurses-base/copyright", "/usr/share/lintian/overrides/ncurses-base", "/usr/share/tabset/std", "/usr/share/tabset/stdcrt", "/usr/share/tabset/vt100", "/usr/share/tabset/vt300", "/usr/share/terminfo/E/Eterm", "/usr/share/terminfo/a/ansi", "/usr/share/terminfo/c/cons25", "/usr/share/terminfo/c/cygwin", "/usr/share/terminfo/d/dumb", "/usr/share/terminfo/h/hurd", "/usr/share/terminfo/l/linux", "/usr/share/terminfo/m/mach", "/usr/share/terminfo/m/mach-bold", "/usr/share/terminfo/m/mach-color", "/usr/share/terminfo/m/mach-gnu", "/usr/share/terminfo/m/mach-gnu-color", "/usr/share/terminfo/p/pcansi", "/usr/share/terminfo/r/rxvt", "/usr/share/terminfo/r/rxvt-basic", "/usr/share/terminfo/r/rxvt-unicode", "/usr/share/terminfo/r/rxvt-unicode-256color", "/usr/share/terminfo/s/screen", "/usr/share/terminfo/s/screen-256color", "/usr/share/terminfo/s/screen-256color-bce", "/usr/share/terminfo/s/screen-bce", "/usr/share/terminfo/s/screen-s", "/usr/share/terminfo/s/screen-w", "/usr/share/terminfo/s/screen.xterm-256color", "/usr/share/terminfo/s/sun", "/usr/share/terminfo/t/tmux", "/usr/share/terminfo/t/tmux-256color", "/usr/share/terminfo/v/vt100", "/usr/share/terminfo/v/vt102", "/usr/share/terminfo/v/vt220", "/usr/share/terminfo/v/vt52", "/usr/share/terminfo/w/wsvt25", "/usr/share/terminfo/w/wsvt25m", "/usr/share/terminfo/x/xterm", "/usr/share/terminfo/x/xterm-256color", "/usr/share/terminfo/x/xterm-color", "/usr/share/terminfo/x/xterm-mono", "/usr/share/terminfo/x/xterm-r5", "/usr/share/terminfo/x/xterm-r6", "/usr/share/terminfo/x/xterm-vt220", "/usr/share/terminfo/x/xterm-xfree86" ], "AnalyzedBy": "dpkg" }, { "ID": "ncurses-bin@6.5+20250216-2", "Name": "ncurses-bin", "Identifier": { "PURL": "pkg:deb/debian/ncurses-bin@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.5", "UID": "5b541563cf6587e5" }, "Version": "6.5+20250216", "Release": "2", "Arch": "amd64", "SrcName": "ncurses", "SrcVersion": "6.5+20250216", "SrcRelease": "2", "Licenses": [ "MIT/X11", "X11", "BSD-3-Clause" ], "Maintainer": "Ncurses Maintainers \u003cncurses@packages.debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/clear", "/usr/bin/infocmp", "/usr/bin/tabs", "/usr/bin/tic", "/usr/bin/toe", "/usr/bin/tput", "/usr/bin/tset", "/usr/share/doc/ncurses-bin/changelog.Debian.gz", "/usr/share/doc/ncurses-bin/changelog.gz", "/usr/share/doc/ncurses-bin/copyright", "/usr/share/man/man1/captoinfo.1.gz", "/usr/share/man/man1/clear.1.gz", "/usr/share/man/man1/infocmp.1.gz", "/usr/share/man/man1/infotocap.1.gz", "/usr/share/man/man1/tabs.1.gz", "/usr/share/man/man1/tic.1.gz", "/usr/share/man/man1/toe.1.gz", "/usr/share/man/man1/tput.1.gz", "/usr/share/man/man1/tset.1.gz", "/usr/share/man/man5/scr_dump.5.gz", "/usr/share/man/man5/term.5.gz", "/usr/share/man/man5/terminfo.5.gz", "/usr/share/man/man5/user_caps.5.gz", "/usr/share/man/man7/term.7.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "netbase@6.5", "Name": "netbase", "Identifier": { "PURL": "pkg:deb/debian/netbase@6.5?arch=all\u0026distro=debian-13.5", "UID": "9929ff265179fc61" }, "Version": "6.5", "Arch": "all", "SrcName": "netbase", "SrcVersion": "6.5", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Marco d'Itri \u003cmd@linux.it\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:4a9dde5cdde190bfa0a3ab17863a083e66ea9636b157638c315357dfa476ba76", "DiffID": "sha256:ae0096d57d7f18e7861848f1103983488102f78517c11444120d8a938884de54" }, "InstalledFiles": [ "/usr/share/doc/netbase/changelog.gz", "/usr/share/doc/netbase/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "openssl@3.5.6-1~deb13u1", "Name": "openssl", "Identifier": { "PURL": "pkg:deb/debian/openssl@3.5.6-1~deb13u1?arch=amd64\u0026distro=debian-13.5", "UID": "ee88be94d89898bf" }, "Version": "3.5.6", "Release": "1~deb13u1", "Arch": "amd64", "SrcName": "openssl", "SrcVersion": "3.5.6", "SrcRelease": "1~deb13u1", "Licenses": [ "Apache-2.0", "Artistic-2.0", "GPL-1.0-or-later", "GPL-1.0-only" ], "Maintainer": "Debian OpenSSL Team \u003cpkg-openssl-devel@alioth-lists.debian.net\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libssl3t64@3.5.6-1~deb13u1" ], "Layer": { "Digest": "sha256:4a9dde5cdde190bfa0a3ab17863a083e66ea9636b157638c315357dfa476ba76", "DiffID": "sha256:ae0096d57d7f18e7861848f1103983488102f78517c11444120d8a938884de54" }, "InstalledFiles": [ "/usr/bin/c_rehash", "/usr/bin/openssl", "/usr/lib/ssl/misc/CA.pl", "/usr/lib/ssl/misc/tsget.pl", "/usr/share/doc/openssl/HOWTO/certificates.txt.gz", "/usr/share/doc/openssl/HOWTO/documenting-functions-and-macros.md.gz", "/usr/share/doc/openssl/HOWTO/keys.txt.gz", "/usr/share/doc/openssl/NEWS.md.gz", "/usr/share/doc/openssl/README-ENGINES.md.gz", "/usr/share/doc/openssl/README-PROVIDERS.md.gz", "/usr/share/doc/openssl/README-QUIC.md.gz", "/usr/share/doc/openssl/README.Debian", "/usr/share/doc/openssl/README.md.gz", "/usr/share/doc/openssl/changelog.Debian.gz", "/usr/share/doc/openssl/changelog.gz", "/usr/share/doc/openssl/copyright", "/usr/share/doc/openssl/fingerprints.txt", "/usr/share/lintian/overrides/openssl", "/usr/share/man/man1/CA.pl.1ssl.gz", "/usr/share/man/man1/openssl-asn1parse.1ssl.gz", "/usr/share/man/man1/openssl-ca.1ssl.gz", "/usr/share/man/man1/openssl-ciphers.1ssl.gz", "/usr/share/man/man1/openssl-cmds.1ssl.gz", "/usr/share/man/man1/openssl-cmp.1ssl.gz", "/usr/share/man/man1/openssl-cms.1ssl.gz", "/usr/share/man/man1/openssl-crl.1ssl.gz", "/usr/share/man/man1/openssl-crl2pkcs7.1ssl.gz", "/usr/share/man/man1/openssl-dgst.1ssl.gz", "/usr/share/man/man1/openssl-dhparam.1ssl.gz", "/usr/share/man/man1/openssl-dsa.1ssl.gz", "/usr/share/man/man1/openssl-dsaparam.1ssl.gz", "/usr/share/man/man1/openssl-ec.1ssl.gz", "/usr/share/man/man1/openssl-ecparam.1ssl.gz", "/usr/share/man/man1/openssl-enc.1ssl.gz", "/usr/share/man/man1/openssl-engine.1ssl.gz", "/usr/share/man/man1/openssl-errstr.1ssl.gz", "/usr/share/man/man1/openssl-fipsinstall.1ssl.gz", "/usr/share/man/man1/openssl-format-options.1ssl.gz", "/usr/share/man/man1/openssl-gendsa.1ssl.gz", "/usr/share/man/man1/openssl-genpkey.1ssl.gz", "/usr/share/man/man1/openssl-genrsa.1ssl.gz", "/usr/share/man/man1/openssl-info.1ssl.gz", "/usr/share/man/man1/openssl-kdf.1ssl.gz", "/usr/share/man/man1/openssl-list.1ssl.gz", "/usr/share/man/man1/openssl-mac.1ssl.gz", "/usr/share/man/man1/openssl-namedisplay-options.1ssl.gz", "/usr/share/man/man1/openssl-nseq.1ssl.gz", "/usr/share/man/man1/openssl-ocsp.1ssl.gz", "/usr/share/man/man1/openssl-passphrase-options.1ssl.gz", "/usr/share/man/man1/openssl-passwd.1ssl.gz", "/usr/share/man/man1/openssl-pkcs12.1ssl.gz", "/usr/share/man/man1/openssl-pkcs7.1ssl.gz", "/usr/share/man/man1/openssl-pkcs8.1ssl.gz", "/usr/share/man/man1/openssl-pkey.1ssl.gz", "/usr/share/man/man1/openssl-pkeyparam.1ssl.gz", "/usr/share/man/man1/openssl-pkeyutl.1ssl.gz", "/usr/share/man/man1/openssl-prime.1ssl.gz", "/usr/share/man/man1/openssl-rand.1ssl.gz", "/usr/share/man/man1/openssl-rehash.1ssl.gz", "/usr/share/man/man1/openssl-req.1ssl.gz", "/usr/share/man/man1/openssl-rsa.1ssl.gz", "/usr/share/man/man1/openssl-rsautl.1ssl.gz", "/usr/share/man/man1/openssl-s_client.1ssl.gz", "/usr/share/man/man1/openssl-s_server.1ssl.gz", "/usr/share/man/man1/openssl-s_time.1ssl.gz", "/usr/share/man/man1/openssl-sess_id.1ssl.gz", "/usr/share/man/man1/openssl-skeyutl.1ssl.gz", "/usr/share/man/man1/openssl-smime.1ssl.gz", "/usr/share/man/man1/openssl-speed.1ssl.gz", "/usr/share/man/man1/openssl-spkac.1ssl.gz", "/usr/share/man/man1/openssl-srp.1ssl.gz", "/usr/share/man/man1/openssl-storeutl.1ssl.gz", "/usr/share/man/man1/openssl-ts.1ssl.gz", "/usr/share/man/man1/openssl-verification-options.1ssl.gz", "/usr/share/man/man1/openssl-verify.1ssl.gz", "/usr/share/man/man1/openssl-version.1ssl.gz", "/usr/share/man/man1/openssl-x509.1ssl.gz", "/usr/share/man/man1/openssl.1ssl.gz", "/usr/share/man/man1/tsget.1ssl.gz", "/usr/share/man/man5/config.5ssl.gz", "/usr/share/man/man5/fips_config.5ssl.gz", "/usr/share/man/man5/x509v3_config.5ssl.gz", "/usr/share/man/man7/EVP_ASYM_CIPHER-RSA.7ssl.gz", "/usr/share/man/man7/EVP_ASYM_CIPHER-SM2.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-AES.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-ARIA.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-BLOWFISH.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-CAMELLIA.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-CAST.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-CHACHA.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-DES.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-IDEA.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-NULL.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-RC2.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-RC4.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-RC5.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-SEED.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-SM4.7ssl.gz", "/usr/share/man/man7/EVP_KDF-ARGON2.7ssl.gz", "/usr/share/man/man7/EVP_KDF-HKDF.7ssl.gz", "/usr/share/man/man7/EVP_KDF-HMAC-DRBG.7ssl.gz", "/usr/share/man/man7/EVP_KDF-KB.7ssl.gz", "/usr/share/man/man7/EVP_KDF-KRB5KDF.7ssl.gz", "/usr/share/man/man7/EVP_KDF-PBKDF1.7ssl.gz", "/usr/share/man/man7/EVP_KDF-PBKDF2.7ssl.gz", "/usr/share/man/man7/EVP_KDF-PKCS12KDF.7ssl.gz", "/usr/share/man/man7/EVP_KDF-PVKKDF.7ssl.gz", "/usr/share/man/man7/EVP_KDF-SCRYPT.7ssl.gz", "/usr/share/man/man7/EVP_KDF-SS.7ssl.gz", "/usr/share/man/man7/EVP_KDF-SSHKDF.7ssl.gz", "/usr/share/man/man7/EVP_KDF-TLS13_KDF.7ssl.gz", "/usr/share/man/man7/EVP_KDF-TLS1_PRF.7ssl.gz", "/usr/share/man/man7/EVP_KDF-X942-ASN1.7ssl.gz", "/usr/share/man/man7/EVP_KDF-X942-CONCAT.7ssl.gz", "/usr/share/man/man7/EVP_KDF-X963.7ssl.gz", "/usr/share/man/man7/EVP_KEM-EC.7ssl.gz", "/usr/share/man/man7/EVP_KEM-ML-KEM.7ssl.gz", "/usr/share/man/man7/EVP_KEM-RSA.7ssl.gz", "/usr/share/man/man7/EVP_KEM-X25519.7ssl.gz", "/usr/share/man/man7/EVP_KEYEXCH-DH.7ssl.gz", "/usr/share/man/man7/EVP_KEYEXCH-ECDH.7ssl.gz", "/usr/share/man/man7/EVP_KEYEXCH-X25519.7ssl.gz", "/usr/share/man/man7/EVP_MAC-BLAKE2.7ssl.gz", "/usr/share/man/man7/EVP_MAC-CMAC.7ssl.gz", "/usr/share/man/man7/EVP_MAC-GMAC.7ssl.gz", "/usr/share/man/man7/EVP_MAC-HMAC.7ssl.gz", "/usr/share/man/man7/EVP_MAC-KMAC.7ssl.gz", "/usr/share/man/man7/EVP_MAC-Poly1305.7ssl.gz", "/usr/share/man/man7/EVP_MAC-Siphash.7ssl.gz", "/usr/share/man/man7/EVP_MD-BLAKE2.7ssl.gz", "/usr/share/man/man7/EVP_MD-KECCAK.7ssl.gz", "/usr/share/man/man7/EVP_MD-MD2.7ssl.gz", "/usr/share/man/man7/EVP_MD-MD4.7ssl.gz", "/usr/share/man/man7/EVP_MD-MD5-SHA1.7ssl.gz", "/usr/share/man/man7/EVP_MD-MD5.7ssl.gz", "/usr/share/man/man7/EVP_MD-MDC2.7ssl.gz", "/usr/share/man/man7/EVP_MD-NULL.7ssl.gz", "/usr/share/man/man7/EVP_MD-RIPEMD160.7ssl.gz", "/usr/share/man/man7/EVP_MD-SHA1.7ssl.gz", "/usr/share/man/man7/EVP_MD-SHA2.7ssl.gz", "/usr/share/man/man7/EVP_MD-SHA3.7ssl.gz", "/usr/share/man/man7/EVP_MD-SHAKE.7ssl.gz", "/usr/share/man/man7/EVP_MD-SM3.7ssl.gz", "/usr/share/man/man7/EVP_MD-WHIRLPOOL.7ssl.gz", "/usr/share/man/man7/EVP_MD-common.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-DH.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-DSA.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-EC.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-FFC.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-HMAC.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-ML-DSA.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-ML-KEM.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-RSA.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-SLH-DSA.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-SM2.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-X25519.7ssl.gz", "/usr/share/man/man7/EVP_RAND-CRNG-TEST.7ssl.gz", "/usr/share/man/man7/EVP_RAND-CTR-DRBG.7ssl.gz", "/usr/share/man/man7/EVP_RAND-HASH-DRBG.7ssl.gz", "/usr/share/man/man7/EVP_RAND-HMAC-DRBG.7ssl.gz", "/usr/share/man/man7/EVP_RAND-JITTER.7ssl.gz", "/usr/share/man/man7/EVP_RAND-SEED-SRC.7ssl.gz", "/usr/share/man/man7/EVP_RAND-TEST-RAND.7ssl.gz", "/usr/share/man/man7/EVP_RAND.7ssl.gz", "/usr/share/man/man7/EVP_SIGNATURE-DSA.7ssl.gz", "/usr/share/man/man7/EVP_SIGNATURE-ECDSA.7ssl.gz", "/usr/share/man/man7/EVP_SIGNATURE-ED25519.7ssl.gz", "/usr/share/man/man7/EVP_SIGNATURE-HMAC.7ssl.gz", "/usr/share/man/man7/EVP_SIGNATURE-ML-DSA.7ssl.gz", "/usr/share/man/man7/EVP_SIGNATURE-RSA.7ssl.gz", "/usr/share/man/man7/EVP_SIGNATURE-SLH-DSA.7ssl.gz", "/usr/share/man/man7/OSSL_PROVIDER-FIPS.7ssl.gz", "/usr/share/man/man7/OSSL_PROVIDER-base.7ssl.gz", "/usr/share/man/man7/OSSL_PROVIDER-default.7ssl.gz", "/usr/share/man/man7/OSSL_PROVIDER-legacy.7ssl.gz", "/usr/share/man/man7/OSSL_PROVIDER-null.7ssl.gz", "/usr/share/man/man7/OSSL_STORE-winstore.7ssl.gz", "/usr/share/man/man7/RAND.7ssl.gz", "/usr/share/man/man7/RSA-PSS.7ssl.gz", "/usr/share/man/man7/X25519.7ssl.gz", "/usr/share/man/man7/bio.7ssl.gz", "/usr/share/man/man7/ct.7ssl.gz", "/usr/share/man/man7/des_modes.7ssl.gz", "/usr/share/man/man7/evp.7ssl.gz", "/usr/share/man/man7/fips_module.7ssl.gz", "/usr/share/man/man7/life_cycle-cipher.7ssl.gz", "/usr/share/man/man7/life_cycle-digest.7ssl.gz", "/usr/share/man/man7/life_cycle-kdf.7ssl.gz", "/usr/share/man/man7/life_cycle-mac.7ssl.gz", "/usr/share/man/man7/life_cycle-pkey.7ssl.gz", "/usr/share/man/man7/life_cycle-rand.7ssl.gz", "/usr/share/man/man7/openssl-core.h.7ssl.gz", "/usr/share/man/man7/openssl-core_dispatch.h.7ssl.gz", "/usr/share/man/man7/openssl-core_names.h.7ssl.gz", "/usr/share/man/man7/openssl-env.7ssl.gz", "/usr/share/man/man7/openssl-glossary.7ssl.gz", "/usr/share/man/man7/openssl-qlog.7ssl.gz", "/usr/share/man/man7/openssl-quic-concurrency.7ssl.gz", "/usr/share/man/man7/openssl-quic.7ssl.gz", "/usr/share/man/man7/openssl-threads.7ssl.gz", "/usr/share/man/man7/openssl_user_macros.7ssl.gz", "/usr/share/man/man7/ossl-guide-introduction.7ssl.gz", "/usr/share/man/man7/ossl-guide-libcrypto-introduction.7ssl.gz", "/usr/share/man/man7/ossl-guide-libraries-introduction.7ssl.gz", "/usr/share/man/man7/ossl-guide-libssl-introduction.7ssl.gz", "/usr/share/man/man7/ossl-guide-migration.7ssl.gz", "/usr/share/man/man7/ossl-guide-quic-client-block.7ssl.gz", "/usr/share/man/man7/ossl-guide-quic-client-non-block.7ssl.gz", "/usr/share/man/man7/ossl-guide-quic-introduction.7ssl.gz", "/usr/share/man/man7/ossl-guide-quic-multi-stream.7ssl.gz", "/usr/share/man/man7/ossl-guide-quic-server-block.7ssl.gz", "/usr/share/man/man7/ossl-guide-quic-server-non-block.7ssl.gz", "/usr/share/man/man7/ossl-guide-tls-client-block.7ssl.gz", "/usr/share/man/man7/ossl-guide-tls-client-non-block.7ssl.gz", "/usr/share/man/man7/ossl-guide-tls-introduction.7ssl.gz", "/usr/share/man/man7/ossl-guide-tls-server-block.7ssl.gz", "/usr/share/man/man7/ossl_store-file.7ssl.gz", "/usr/share/man/man7/ossl_store.7ssl.gz", "/usr/share/man/man7/passphrase-encoding.7ssl.gz", "/usr/share/man/man7/property.7ssl.gz", "/usr/share/man/man7/provider-asym_cipher.7ssl.gz", "/usr/share/man/man7/provider-base.7ssl.gz", "/usr/share/man/man7/provider-cipher.7ssl.gz", "/usr/share/man/man7/provider-decoder.7ssl.gz", "/usr/share/man/man7/provider-digest.7ssl.gz", "/usr/share/man/man7/provider-encoder.7ssl.gz", "/usr/share/man/man7/provider-kdf.7ssl.gz", "/usr/share/man/man7/provider-kem.7ssl.gz", "/usr/share/man/man7/provider-keyexch.7ssl.gz", "/usr/share/man/man7/provider-keymgmt.7ssl.gz", "/usr/share/man/man7/provider-mac.7ssl.gz", "/usr/share/man/man7/provider-object.7ssl.gz", "/usr/share/man/man7/provider-rand.7ssl.gz", "/usr/share/man/man7/provider-signature.7ssl.gz", "/usr/share/man/man7/provider-skeymgmt.7ssl.gz", "/usr/share/man/man7/provider-storemgmt.7ssl.gz", "/usr/share/man/man7/provider.7ssl.gz", "/usr/share/man/man7/proxy-certificates.7ssl.gz", "/usr/share/man/man7/x509.7ssl.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "openssl-provider-legacy@3.5.6-1~deb13u1", "Name": "openssl-provider-legacy", "Identifier": { "PURL": "pkg:deb/debian/openssl-provider-legacy@3.5.6-1~deb13u1?arch=amd64\u0026distro=debian-13.5", "UID": "c38741326d0e034f" }, "Version": "3.5.6", "Release": "1~deb13u1", "Arch": "amd64", "SrcName": "openssl", "SrcVersion": "3.5.6", "SrcRelease": "1~deb13u1", "Licenses": [ "Apache-2.0", "Artistic-2.0", "GPL-1.0-or-later", "GPL-1.0-only" ], "Maintainer": "Debian OpenSSL Team \u003cpkg-openssl-devel@alioth-lists.debian.net\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libssl3t64@3.5.6-1~deb13u1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/ossl-modules/legacy.so", "/usr/share/doc/openssl-provider-legacy/changelog.Debian.gz", "/usr/share/doc/openssl-provider-legacy/changelog.gz", "/usr/share/doc/openssl-provider-legacy/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "passwd@1:4.17.4-2", "Name": "passwd", "Identifier": { "PURL": "pkg:deb/debian/passwd@4.17.4-2?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "d93f813ae3092e32" }, "Version": "4.17.4", "Release": "2", "Epoch": 1, "Arch": "amd64", "SrcName": "shadow", "SrcVersion": "4.17.4", "SrcRelease": "2", "SrcEpoch": 1, "Licenses": [ "BSD-3-Clause", "GPL-1.0-only", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Shadow package maintainers \u003cpkg-shadow-devel@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "base-passwd@3.6.7", "libacl1@2.3.2-2+b1", "libattr1@1:2.5.2-3", "libaudit1@1:4.0.2-2+b2", "libbsd0@0.12.2-2", "libc6@2.41-12+deb13u3", "libcrypt1@1:4.4.38-1", "libpam-modules@1.7.0-5", "libpam0g@1.7.0-5", "libselinux1@3.8.1-1", "libsemanage2@3.8.1-1", "login.defs@1:4.17.4-2" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/chage", "/usr/bin/chfn", "/usr/bin/chsh", "/usr/bin/expiry", "/usr/bin/gpasswd", "/usr/bin/passwd", "/usr/lib/tmpfiles.d/passwd.conf", "/usr/sbin/chgpasswd", "/usr/sbin/chpasswd", "/usr/sbin/groupadd", "/usr/sbin/groupdel", "/usr/sbin/groupmod", "/usr/sbin/grpck", "/usr/sbin/grpconv", "/usr/sbin/grpunconv", "/usr/sbin/newusers", "/usr/sbin/pwck", "/usr/sbin/pwconv", "/usr/sbin/pwunconv", "/usr/sbin/shadowconfig", "/usr/sbin/useradd", "/usr/sbin/userdel", "/usr/sbin/usermod", "/usr/sbin/vipw", "/usr/share/doc/passwd/NEWS.Debian.gz", "/usr/share/doc/passwd/README.Debian", "/usr/share/doc/passwd/TODO.Debian", "/usr/share/doc/passwd/changelog.Debian.gz", "/usr/share/doc/passwd/changelog.gz", "/usr/share/doc/passwd/copyright", "/usr/share/doc/passwd/examples/passwd.expire.cron", "/usr/share/lintian/overrides/passwd", "/usr/share/locale/bs/LC_MESSAGES/shadow.mo", "/usr/share/locale/ca/LC_MESSAGES/shadow.mo", "/usr/share/locale/cs/LC_MESSAGES/shadow.mo", "/usr/share/locale/da/LC_MESSAGES/shadow.mo", "/usr/share/locale/de/LC_MESSAGES/shadow.mo", "/usr/share/locale/dz/LC_MESSAGES/shadow.mo", "/usr/share/locale/el/LC_MESSAGES/shadow.mo", "/usr/share/locale/es/LC_MESSAGES/shadow.mo", "/usr/share/locale/eu/LC_MESSAGES/shadow.mo", "/usr/share/locale/fi/LC_MESSAGES/shadow.mo", "/usr/share/locale/fr/LC_MESSAGES/shadow.mo", "/usr/share/locale/gl/LC_MESSAGES/shadow.mo", "/usr/share/locale/he/LC_MESSAGES/shadow.mo", "/usr/share/locale/hu/LC_MESSAGES/shadow.mo", "/usr/share/locale/id/LC_MESSAGES/shadow.mo", "/usr/share/locale/it/LC_MESSAGES/shadow.mo", "/usr/share/locale/ja/LC_MESSAGES/shadow.mo", "/usr/share/locale/ka/LC_MESSAGES/shadow.mo", "/usr/share/locale/kk/LC_MESSAGES/shadow.mo", "/usr/share/locale/km/LC_MESSAGES/shadow.mo", "/usr/share/locale/ko/LC_MESSAGES/shadow.mo", "/usr/share/locale/nb/LC_MESSAGES/shadow.mo", "/usr/share/locale/ne/LC_MESSAGES/shadow.mo", "/usr/share/locale/nl/LC_MESSAGES/shadow.mo", "/usr/share/locale/nn/LC_MESSAGES/shadow.mo", "/usr/share/locale/pl/LC_MESSAGES/shadow.mo", "/usr/share/locale/pt/LC_MESSAGES/shadow.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/shadow.mo", "/usr/share/locale/ro/LC_MESSAGES/shadow.mo", "/usr/share/locale/ru/LC_MESSAGES/shadow.mo", "/usr/share/locale/sk/LC_MESSAGES/shadow.mo", "/usr/share/locale/sq/LC_MESSAGES/shadow.mo", "/usr/share/locale/sv/LC_MESSAGES/shadow.mo", "/usr/share/locale/tl/LC_MESSAGES/shadow.mo", "/usr/share/locale/tr/LC_MESSAGES/shadow.mo", "/usr/share/locale/uk/LC_MESSAGES/shadow.mo", "/usr/share/locale/vi/LC_MESSAGES/shadow.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/shadow.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/shadow.mo", "/usr/share/man/cs/man1/expiry.1.gz", "/usr/share/man/cs/man1/gpasswd.1.gz", "/usr/share/man/cs/man5/gshadow.5.gz", "/usr/share/man/cs/man5/passwd.5.gz", "/usr/share/man/cs/man5/shadow.5.gz", "/usr/share/man/cs/man8/groupadd.8.gz", "/usr/share/man/cs/man8/groupdel.8.gz", "/usr/share/man/cs/man8/groupmod.8.gz", "/usr/share/man/cs/man8/grpck.8.gz", "/usr/share/man/cs/man8/vipw.8.gz", "/usr/share/man/da/man1/chfn.1.gz", "/usr/share/man/da/man5/gshadow.5.gz", "/usr/share/man/da/man8/groupdel.8.gz", "/usr/share/man/da/man8/vipw.8.gz", "/usr/share/man/de/man1/chage.1.gz", "/usr/share/man/de/man1/chfn.1.gz", "/usr/share/man/de/man1/chsh.1.gz", "/usr/share/man/de/man1/expiry.1.gz", "/usr/share/man/de/man1/gpasswd.1.gz", "/usr/share/man/de/man1/passwd.1.gz", "/usr/share/man/de/man5/gshadow.5.gz", "/usr/share/man/de/man5/passwd.5.gz", "/usr/share/man/de/man5/shadow.5.gz", "/usr/share/man/de/man8/chgpasswd.8.gz", "/usr/share/man/de/man8/chpasswd.8.gz", "/usr/share/man/de/man8/groupadd.8.gz", "/usr/share/man/de/man8/groupdel.8.gz", "/usr/share/man/de/man8/groupmod.8.gz", "/usr/share/man/de/man8/grpck.8.gz", "/usr/share/man/de/man8/newusers.8.gz", "/usr/share/man/de/man8/pwck.8.gz", "/usr/share/man/de/man8/pwconv.8.gz", "/usr/share/man/de/man8/useradd.8.gz", "/usr/share/man/de/man8/userdel.8.gz", "/usr/share/man/de/man8/usermod.8.gz", "/usr/share/man/de/man8/vipw.8.gz", "/usr/share/man/fi/man1/chfn.1.gz", "/usr/share/man/fi/man1/chsh.1.gz", "/usr/share/man/fr/man1/chage.1.gz", "/usr/share/man/fr/man1/chfn.1.gz", "/usr/share/man/fr/man1/chsh.1.gz", "/usr/share/man/fr/man1/expiry.1.gz", "/usr/share/man/fr/man1/gpasswd.1.gz", "/usr/share/man/fr/man1/passwd.1.gz", "/usr/share/man/fr/man5/gshadow.5.gz", "/usr/share/man/fr/man5/passwd.5.gz", "/usr/share/man/fr/man5/shadow.5.gz", "/usr/share/man/fr/man5/subgid.5.gz", "/usr/share/man/fr/man5/subuid.5.gz", "/usr/share/man/fr/man8/chgpasswd.8.gz", "/usr/share/man/fr/man8/chpasswd.8.gz", "/usr/share/man/fr/man8/groupadd.8.gz", "/usr/share/man/fr/man8/groupdel.8.gz", "/usr/share/man/fr/man8/groupmod.8.gz", "/usr/share/man/fr/man8/grpck.8.gz", "/usr/share/man/fr/man8/newusers.8.gz", "/usr/share/man/fr/man8/pwck.8.gz", "/usr/share/man/fr/man8/pwconv.8.gz", "/usr/share/man/fr/man8/useradd.8.gz", "/usr/share/man/fr/man8/userdel.8.gz", "/usr/share/man/fr/man8/usermod.8.gz", "/usr/share/man/fr/man8/vipw.8.gz", "/usr/share/man/hu/man1/chsh.1.gz", "/usr/share/man/hu/man1/gpasswd.1.gz", "/usr/share/man/hu/man1/passwd.1.gz", "/usr/share/man/hu/man5/passwd.5.gz", "/usr/share/man/id/man1/chsh.1.gz", "/usr/share/man/id/man8/useradd.8.gz", "/usr/share/man/it/man1/chage.1.gz", "/usr/share/man/it/man1/chfn.1.gz", "/usr/share/man/it/man1/chsh.1.gz", "/usr/share/man/it/man1/expiry.1.gz", "/usr/share/man/it/man1/gpasswd.1.gz", "/usr/share/man/it/man1/passwd.1.gz", "/usr/share/man/it/man5/gshadow.5.gz", "/usr/share/man/it/man5/passwd.5.gz", "/usr/share/man/it/man5/shadow.5.gz", "/usr/share/man/it/man8/chgpasswd.8.gz", "/usr/share/man/it/man8/chpasswd.8.gz", "/usr/share/man/it/man8/groupadd.8.gz", "/usr/share/man/it/man8/groupdel.8.gz", "/usr/share/man/it/man8/groupmod.8.gz", "/usr/share/man/it/man8/grpck.8.gz", "/usr/share/man/it/man8/newusers.8.gz", "/usr/share/man/it/man8/pwck.8.gz", "/usr/share/man/it/man8/pwconv.8.gz", "/usr/share/man/it/man8/useradd.8.gz", "/usr/share/man/it/man8/userdel.8.gz", "/usr/share/man/it/man8/usermod.8.gz", "/usr/share/man/it/man8/vipw.8.gz", "/usr/share/man/ja/man1/chage.1.gz", "/usr/share/man/ja/man1/chfn.1.gz", "/usr/share/man/ja/man1/chsh.1.gz", "/usr/share/man/ja/man1/expiry.1.gz", "/usr/share/man/ja/man1/gpasswd.1.gz", "/usr/share/man/ja/man1/passwd.1.gz", "/usr/share/man/ja/man5/passwd.5.gz", "/usr/share/man/ja/man5/shadow.5.gz", "/usr/share/man/ja/man8/chpasswd.8.gz", "/usr/share/man/ja/man8/groupadd.8.gz", "/usr/share/man/ja/man8/groupdel.8.gz", "/usr/share/man/ja/man8/groupmod.8.gz", "/usr/share/man/ja/man8/grpck.8.gz", "/usr/share/man/ja/man8/newusers.8.gz", "/usr/share/man/ja/man8/pwck.8.gz", "/usr/share/man/ja/man8/pwconv.8.gz", "/usr/share/man/ja/man8/useradd.8.gz", "/usr/share/man/ja/man8/userdel.8.gz", "/usr/share/man/ja/man8/usermod.8.gz", "/usr/share/man/ja/man8/vipw.8.gz", "/usr/share/man/ko/man1/chfn.1.gz", "/usr/share/man/ko/man1/chsh.1.gz", "/usr/share/man/ko/man5/passwd.5.gz", "/usr/share/man/ko/man8/vipw.8.gz", "/usr/share/man/man1/chage.1.gz", "/usr/share/man/man1/chfn.1.gz", "/usr/share/man/man1/chsh.1.gz", "/usr/share/man/man1/expiry.1.gz", "/usr/share/man/man1/gpasswd.1.gz", "/usr/share/man/man1/passwd.1.gz", "/usr/share/man/man5/gshadow.5.gz", "/usr/share/man/man5/passwd.5.gz", "/usr/share/man/man5/shadow.5.gz", "/usr/share/man/man5/subgid.5.gz", "/usr/share/man/man5/subuid.5.gz", "/usr/share/man/man8/chgpasswd.8.gz", "/usr/share/man/man8/chpasswd.8.gz", "/usr/share/man/man8/groupadd.8.gz", "/usr/share/man/man8/groupdel.8.gz", "/usr/share/man/man8/groupmod.8.gz", "/usr/share/man/man8/grpck.8.gz", "/usr/share/man/man8/newusers.8.gz", "/usr/share/man/man8/pwck.8.gz", "/usr/share/man/man8/pwconv.8.gz", "/usr/share/man/man8/shadowconfig.8.gz", "/usr/share/man/man8/useradd.8.gz", "/usr/share/man/man8/userdel.8.gz", "/usr/share/man/man8/usermod.8.gz", "/usr/share/man/man8/vipw.8.gz", "/usr/share/man/pl/man1/chage.1.gz", "/usr/share/man/pl/man1/chsh.1.gz", "/usr/share/man/pl/man1/expiry.1.gz", "/usr/share/man/pl/man8/groupadd.8.gz", "/usr/share/man/pl/man8/groupdel.8.gz", "/usr/share/man/pl/man8/groupmod.8.gz", "/usr/share/man/pl/man8/grpck.8.gz", "/usr/share/man/pl/man8/userdel.8.gz", "/usr/share/man/pl/man8/usermod.8.gz", "/usr/share/man/pl/man8/vipw.8.gz", "/usr/share/man/pt_BR/man1/gpasswd.1.gz", "/usr/share/man/pt_BR/man5/passwd.5.gz", "/usr/share/man/pt_BR/man5/shadow.5.gz", "/usr/share/man/pt_BR/man8/groupadd.8.gz", "/usr/share/man/pt_BR/man8/groupdel.8.gz", "/usr/share/man/pt_BR/man8/groupmod.8.gz", "/usr/share/man/ru/man1/chage.1.gz", "/usr/share/man/ru/man1/chfn.1.gz", "/usr/share/man/ru/man1/chsh.1.gz", "/usr/share/man/ru/man1/expiry.1.gz", "/usr/share/man/ru/man1/gpasswd.1.gz", "/usr/share/man/ru/man1/passwd.1.gz", "/usr/share/man/ru/man5/gshadow.5.gz", "/usr/share/man/ru/man5/passwd.5.gz", "/usr/share/man/ru/man5/shadow.5.gz", "/usr/share/man/ru/man8/chgpasswd.8.gz", "/usr/share/man/ru/man8/chpasswd.8.gz", "/usr/share/man/ru/man8/groupadd.8.gz", "/usr/share/man/ru/man8/groupdel.8.gz", "/usr/share/man/ru/man8/groupmod.8.gz", "/usr/share/man/ru/man8/grpck.8.gz", "/usr/share/man/ru/man8/newusers.8.gz", "/usr/share/man/ru/man8/pwck.8.gz", "/usr/share/man/ru/man8/pwconv.8.gz", "/usr/share/man/ru/man8/useradd.8.gz", "/usr/share/man/ru/man8/userdel.8.gz", "/usr/share/man/ru/man8/usermod.8.gz", "/usr/share/man/ru/man8/vipw.8.gz", "/usr/share/man/sv/man1/chage.1.gz", "/usr/share/man/sv/man1/chsh.1.gz", "/usr/share/man/sv/man1/expiry.1.gz", "/usr/share/man/sv/man1/passwd.1.gz", "/usr/share/man/sv/man5/gshadow.5.gz", "/usr/share/man/sv/man5/passwd.5.gz", "/usr/share/man/sv/man8/groupadd.8.gz", "/usr/share/man/sv/man8/groupdel.8.gz", "/usr/share/man/sv/man8/groupmod.8.gz", "/usr/share/man/sv/man8/grpck.8.gz", "/usr/share/man/sv/man8/pwck.8.gz", "/usr/share/man/sv/man8/userdel.8.gz", "/usr/share/man/sv/man8/vipw.8.gz", "/usr/share/man/tr/man1/chage.1.gz", "/usr/share/man/tr/man1/chfn.1.gz", "/usr/share/man/tr/man1/passwd.1.gz", "/usr/share/man/tr/man5/passwd.5.gz", "/usr/share/man/tr/man5/shadow.5.gz", "/usr/share/man/tr/man8/groupadd.8.gz", "/usr/share/man/tr/man8/groupdel.8.gz", "/usr/share/man/tr/man8/groupmod.8.gz", "/usr/share/man/tr/man8/useradd.8.gz", "/usr/share/man/tr/man8/userdel.8.gz", "/usr/share/man/tr/man8/usermod.8.gz", "/usr/share/man/uk/man1/chage.1.gz", "/usr/share/man/uk/man1/chfn.1.gz", "/usr/share/man/uk/man1/chsh.1.gz", "/usr/share/man/uk/man1/expiry.1.gz", "/usr/share/man/uk/man1/gpasswd.1.gz", "/usr/share/man/uk/man1/passwd.1.gz", "/usr/share/man/uk/man5/gshadow.5.gz", "/usr/share/man/uk/man5/passwd.5.gz", "/usr/share/man/uk/man5/shadow.5.gz", "/usr/share/man/uk/man8/chgpasswd.8.gz", "/usr/share/man/uk/man8/chpasswd.8.gz", "/usr/share/man/uk/man8/groupadd.8.gz", "/usr/share/man/uk/man8/groupdel.8.gz", "/usr/share/man/uk/man8/groupmod.8.gz", "/usr/share/man/uk/man8/grpck.8.gz", "/usr/share/man/uk/man8/newusers.8.gz", "/usr/share/man/uk/man8/pwck.8.gz", "/usr/share/man/uk/man8/pwconv.8.gz", "/usr/share/man/uk/man8/useradd.8.gz", "/usr/share/man/uk/man8/userdel.8.gz", "/usr/share/man/uk/man8/usermod.8.gz", "/usr/share/man/uk/man8/vipw.8.gz", "/usr/share/man/zh_CN/man1/chage.1.gz", "/usr/share/man/zh_CN/man1/chfn.1.gz", "/usr/share/man/zh_CN/man1/chsh.1.gz", "/usr/share/man/zh_CN/man1/expiry.1.gz", "/usr/share/man/zh_CN/man1/gpasswd.1.gz", "/usr/share/man/zh_CN/man1/passwd.1.gz", "/usr/share/man/zh_CN/man5/gshadow.5.gz", "/usr/share/man/zh_CN/man5/passwd.5.gz", "/usr/share/man/zh_CN/man5/shadow.5.gz", "/usr/share/man/zh_CN/man8/chgpasswd.8.gz", "/usr/share/man/zh_CN/man8/chpasswd.8.gz", "/usr/share/man/zh_CN/man8/groupadd.8.gz", "/usr/share/man/zh_CN/man8/groupdel.8.gz", "/usr/share/man/zh_CN/man8/groupmod.8.gz", "/usr/share/man/zh_CN/man8/grpck.8.gz", "/usr/share/man/zh_CN/man8/newusers.8.gz", "/usr/share/man/zh_CN/man8/pwck.8.gz", "/usr/share/man/zh_CN/man8/pwconv.8.gz", "/usr/share/man/zh_CN/man8/useradd.8.gz", "/usr/share/man/zh_CN/man8/userdel.8.gz", "/usr/share/man/zh_CN/man8/usermod.8.gz", "/usr/share/man/zh_CN/man8/vipw.8.gz", "/usr/share/man/zh_TW/man1/chfn.1.gz", "/usr/share/man/zh_TW/man1/chsh.1.gz", "/usr/share/man/zh_TW/man5/passwd.5.gz", "/usr/share/man/zh_TW/man8/chpasswd.8.gz", "/usr/share/man/zh_TW/man8/groupadd.8.gz", "/usr/share/man/zh_TW/man8/groupdel.8.gz", "/usr/share/man/zh_TW/man8/groupmod.8.gz", "/usr/share/man/zh_TW/man8/useradd.8.gz", "/usr/share/man/zh_TW/man8/userdel.8.gz", "/usr/share/man/zh_TW/man8/usermod.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "perl-base@5.40.1-6", "Name": "perl-base", "Identifier": { "PURL": "pkg:deb/debian/perl-base@5.40.1-6?arch=amd64\u0026distro=debian-13.5", "UID": "546ba1bdcd66d61" }, "Version": "5.40.1", "Release": "6", "Arch": "amd64", "SrcName": "perl", "SrcVersion": "5.40.1", "SrcRelease": "6", "Licenses": [ "GPL-1.0-or-later", "Artistic-2.0", "MIT", "REGCOMP", "GPL-2.0-with-bison-exception+", "Unicode", "BZIP", "Zlib", "GPL-2.0-or-later", "FSFAP", "BSD-3-clause-with-weird-numbering", "CC0-1.0", "TEXT-TABS", "BSD-4-clause-POWERDOG", "BSD-3-clause-GENERIC", "BSD-3-Clause", "SDBM-PUBLIC-DOMAIN", "DONT-CHANGE-THE-GPL", "Artistic-dist", "LGPL-2.1-only", "GPL-1.0-only", "GPL-2.0-only", "Artistic-2" ], "Maintainer": "Niko Tyni \u003cntyni@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/perl", "/usr/bin/perl5.40.1", "/usr/lib/x86_64-linux-gnu/perl-base/AutoLoader.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Carp.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Carp/Heavy.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Config.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Config_git.pl", "/usr/lib/x86_64-linux-gnu/perl-base/Config_heavy.pl", "/usr/lib/x86_64-linux-gnu/perl-base/Cwd.pm", "/usr/lib/x86_64-linux-gnu/perl-base/DynaLoader.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Errno.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Exporter.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Exporter/Heavy.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Fcntl.pm", "/usr/lib/x86_64-linux-gnu/perl-base/File/Basename.pm", "/usr/lib/x86_64-linux-gnu/perl-base/File/Glob.pm", "/usr/lib/x86_64-linux-gnu/perl-base/File/Path.pm", "/usr/lib/x86_64-linux-gnu/perl-base/File/Spec.pm", "/usr/lib/x86_64-linux-gnu/perl-base/File/Spec/Unix.pm", "/usr/lib/x86_64-linux-gnu/perl-base/File/Temp.pm", "/usr/lib/x86_64-linux-gnu/perl-base/FileHandle.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Getopt/Long.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Getopt/Long/Parser.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Hash/Util.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/File.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Handle.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Pipe.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Seekable.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Select.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket/INET.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket/IP.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket/UNIX.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IPC/Open2.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IPC/Open3.pm", "/usr/lib/x86_64-linux-gnu/perl-base/List/Util.pm", "/usr/lib/x86_64-linux-gnu/perl-base/POSIX.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Scalar/Util.pm", "/usr/lib/x86_64-linux-gnu/perl-base/SelectSaver.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Socket.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Symbol.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Text/ParseWords.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Text/Tabs.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Text/Wrap.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Tie/Hash.pm", "/usr/lib/x86_64-linux-gnu/perl-base/XSLoader.pm", "/usr/lib/x86_64-linux-gnu/perl-base/attributes.pm", "/usr/lib/x86_64-linux-gnu/perl-base/auto/Cwd/Cwd.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/Fcntl/Fcntl.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/File/Glob/Glob.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/Hash/Util/Util.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/IO/IO.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/List/Util/Util.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/POSIX/POSIX.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/Socket/Socket.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/attributes/attributes.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/re/re.so", "/usr/lib/x86_64-linux-gnu/perl-base/base.pm", "/usr/lib/x86_64-linux-gnu/perl-base/builtin.pm", "/usr/lib/x86_64-linux-gnu/perl-base/bytes.pm", "/usr/lib/x86_64-linux-gnu/perl-base/constant.pm", "/usr/lib/x86_64-linux-gnu/perl-base/feature.pm", "/usr/lib/x86_64-linux-gnu/perl-base/fields.pm", "/usr/lib/x86_64-linux-gnu/perl-base/integer.pm", "/usr/lib/x86_64-linux-gnu/perl-base/lib.pm", "/usr/lib/x86_64-linux-gnu/perl-base/locale.pm", "/usr/lib/x86_64-linux-gnu/perl-base/overload.pm", "/usr/lib/x86_64-linux-gnu/perl-base/overloading.pm", "/usr/lib/x86_64-linux-gnu/perl-base/parent.pm", "/usr/lib/x86_64-linux-gnu/perl-base/re.pm", "/usr/lib/x86_64-linux-gnu/perl-base/strict.pm", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Age.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bmg.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bpb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bpt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Cf.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Ea.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/EqUIdeo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/GCB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Gc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Hst.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Identif2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Identifi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/InPC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/InSC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Isc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Jg.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Jt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Lb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Lc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFCQC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFDQC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFKCCF.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFKCQC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFKDQC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Na1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NameAlia.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Nt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Nv.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/PerlDeci.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/SB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Sc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Scx.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Tc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Uc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Vo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/WB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/_PerlLB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/_PerlSCX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/NA.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V100.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V11.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V110.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V120.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V130.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V140.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V150.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V20.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V30.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V31.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V32.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V40.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V41.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V50.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V51.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V52.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V60.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V61.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V70.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V80.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V90.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Alpha/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/AL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/AN.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/B.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/BN.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/CS.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/EN.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/ES.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/ET.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/L.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/NSM.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/ON.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/R.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/WS.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/BidiC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/BidiM/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Blk/NB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bpt/C.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bpt/N.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bpt/O.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CE/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CI/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWCF/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWCM/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWKCF/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWL/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWT/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWU/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Cased/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/A.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/AL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/AR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/ATAR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/B.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/BR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/DB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/NK.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/NR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/OV.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/VR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CompEx/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/DI/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dash/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dep/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dia/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Com.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Enc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Fin.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Font.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Init.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Iso.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Med.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Nar.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Nb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/NonCanon.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Sqr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Sub.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Sup.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Vert.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/EBase/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/EComp/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/EPres/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/A.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/H.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/N.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/Na.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/W.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Emoji/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ext/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/ExtPict/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/CN.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/EX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/LV.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/LVT.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/PP.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/SM.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/XX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/C.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Cf.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Cn.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/L.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/LC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Ll.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Lm.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Lo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Lu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/M.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Mc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Me.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Mn.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/N.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Nd.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Nl.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/No.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/P.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pd.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pe.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pf.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Po.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Ps.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/S.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Sc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Sk.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Sm.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/So.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Z.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Zs.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GrBase/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GrExt/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Hex/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Hst/NA.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Hyphen/T.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IDC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IDS/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdStatus/Allowed.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdStatus/Restrict.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/DefaultI.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Exclusio.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Inclusio.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/LimitedU.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/NotChara.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/NotNFKC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/NotXID.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Obsolete.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Recommen.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Technica.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Uncommon.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ideo/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/10_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/11_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/12_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/12_1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/13_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/14_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/15_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/2_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/2_1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/3_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/3_1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/3_2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/4_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/4_1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/5_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/5_1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/5_2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_3.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/7_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/8_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/9_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Bottom.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/BottomAn.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Left.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/LeftAndR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/NA.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Overstru.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Right.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Top.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndBo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndL2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndLe.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndRi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/VisualOr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Avagraha.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Bindu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Cantilla.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona3.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona4.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona5.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona6.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona7.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona8.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona9.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consonan.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Geminati.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Invisibl.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Nukta.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Number.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Other.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/PureKill.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Syllable.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/ToneMark.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Virama.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Visarga.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Vowel.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/VowelDep.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/VowelInd.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Ain.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Alef.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Beh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Dal.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/FarsiYeh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Feh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Gaf.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Hah.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/HanifiRo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Kaf.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Lam.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/NoJoinin.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Noon.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Qaf.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Reh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Sad.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Seen.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Tah.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Waw.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Yeh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/C.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/D.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/L.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/R.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/T.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/U.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/AI.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/AL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/BA.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/BB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/CJ.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/CL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/CM.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/EX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/GL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/ID.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/IN.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/IS.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/NS.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/NU.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/OP.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/PO.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/PR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/QU.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/SA.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/XX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lower/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Math/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFCQC/M.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFCQC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFDQC/N.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFDQC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKCQC/N.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKCQC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKDQC/N.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKDQC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nt/Di.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nt/None.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nt/Nu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/10.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/100.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/10000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/100000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/11.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/12.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/13.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/14.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/15.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/16.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/17.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/18.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/19.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_16.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_3.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_4.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_6.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_8.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/20.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/200.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/2000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/20000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/2_3.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/30.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/300.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/30000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3_16.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3_4.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/4.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/40.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/400.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/4000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/40000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/5.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/50.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/500.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/5000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/50000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/6.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/60.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/600.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/6000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/60000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/7.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/70.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/700.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/7000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/70000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/8.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/80.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/800.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/8000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/80000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/9.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/90.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/900.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/9000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/90000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/PCM/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/PatSyn/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Alnum.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Assigned.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Blank.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Graph.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/PerlWord.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/PosixPun.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Print.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/SpacePer.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Title.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Word.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/XPosixPu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlAny.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlCh2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlCha.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlFol.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlIDC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlIDS.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlIsI.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlNch.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlPat.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlPr2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlPro.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlQuo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/QMark/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/AT.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/CL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/EX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/FO.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/LE.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/LO.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/NU.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/SC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/ST.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/Sp.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/UP.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/XX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SD/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/STerm/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Arab.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Beng.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Cprt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Cyrl.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Deva.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Dupl.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Geor.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Glag.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gong.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gonm.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gran.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Grek.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gujr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Guru.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Han.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Hang.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Hira.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Kana.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Knda.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Latn.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Limb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Linb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Mlym.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Mong.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Mult.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Orya.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Sinh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Syrc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Taml.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Telu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Zinh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Zyyy.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Adlm.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Arab.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Armn.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Beng.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Bhks.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Bopo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cakm.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cham.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Copt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cprt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cyrl.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Deva.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Diak.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Dupl.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Ethi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Geor.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Glag.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gong.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gonm.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gran.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Grek.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gujr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Guru.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Han.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hang.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hebr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hira.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hmng.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hmnp.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Kana.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Khar.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Khmr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Khoj.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Knda.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Kthi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Lana.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Lao.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Latn.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Limb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Lina.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Linb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mlym.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mong.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mult.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mymr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Nand.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Nko.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Orya.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Phlp.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Rohg.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Shrd.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Sind.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Sinh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Syrc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tagb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Takr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Talu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Taml.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tang.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Telu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Thaa.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tibt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tirh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Vith.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Xsux.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Yezi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Yi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Zinh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Zyyy.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Zzzz.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Term/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/UIdeo/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Upper/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/VS/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/R.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/Tr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/Tu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/U.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/EX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/Extend.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/FO.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/HL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/KA.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/LE.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/MB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/ML.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/MN.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/NU.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/WSegSpac.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/XX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/XIDC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/XIDS/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/utf8.pm", "/usr/lib/x86_64-linux-gnu/perl-base/vars.pm", "/usr/lib/x86_64-linux-gnu/perl-base/warnings.pm", "/usr/lib/x86_64-linux-gnu/perl-base/warnings/register.pm", "/usr/share/doc/perl-base/changelog.Debian.gz", "/usr/share/doc/perl-base/changelog.gz", "/usr/share/doc/perl-base/copyright", "/usr/share/doc/perl/AUTHORS.gz", "/usr/share/doc/perl/Documentation", "/usr/share/lintian/overrides/perl-base", "/usr/share/man/man1/perl.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "readline-common@8.2-6", "Name": "readline-common", "Identifier": { "PURL": "pkg:deb/debian/readline-common@8.2-6?arch=all\u0026distro=debian-13.5", "UID": "e762758a1681f62e" }, "Version": "8.2", "Release": "6", "Arch": "all", "SrcName": "readline", "SrcVersion": "8.2", "SrcRelease": "6", "Licenses": [ "GPL-3.0-or-later", "GPL-3.0-only", "GPL-2.0-or-later", "GPL-2.0-only", "GFDL-1.3-no-invariants-or-later", "GFDL-1.3-or-later", "ISC-no-attribution" ], "Maintainer": "Matthias Klose \u003cdoko@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" }, "InstalledFiles": [ "/usr/share/doc/readline-common/changelog.Debian.gz", "/usr/share/doc/readline-common/changelog.gz", "/usr/share/doc/readline-common/copyright", "/usr/share/doc/readline-common/inputrc.arrows", "/usr/share/info/rluserman.info.gz", "/usr/share/lintian/overrides/readline-common", "/usr/share/man/man3/history.3readline.gz", "/usr/share/man/man3/readline.3readline.gz", "/usr/share/readline/inputrc" ], "AnalyzedBy": "dpkg" }, { "ID": "sed@4.9-2+deb13u1", "Name": "sed", "Identifier": { "PURL": "pkg:deb/debian/sed@4.9-2%2Bdeb13u1?arch=amd64\u0026distro=debian-13.5", "UID": "a041ea16982bb927" }, "Version": "4.9", "Release": "2+deb13u1", "Arch": "amd64", "SrcName": "sed", "SrcVersion": "4.9", "SrcRelease": "2+deb13u1", "Licenses": [ "GPL-3.0-or-later", "GPL-3.0-only", "X11", "GFDL-1.3-no-invariants-or-later", "GFDL-1.3-only", "ISC", "BSD-4-Clause-UC", "BSL-1", "pcre" ], "Maintainer": "Clint Adams \u003cclint@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/sed", "/usr/share/doc/sed/AUTHORS", "/usr/share/doc/sed/BUGS.gz", "/usr/share/doc/sed/NEWS.gz", "/usr/share/doc/sed/README", "/usr/share/doc/sed/THANKS.gz", "/usr/share/doc/sed/changelog.Debian.gz", "/usr/share/doc/sed/changelog.gz", "/usr/share/doc/sed/copyright", "/usr/share/doc/sed/examples/dc.sed", "/usr/share/doc/sed/sedfaq.txt.gz", "/usr/share/info/sed.info.gz", "/usr/share/locale/af/LC_MESSAGES/sed.mo", "/usr/share/locale/ast/LC_MESSAGES/sed.mo", "/usr/share/locale/bg/LC_MESSAGES/sed.mo", "/usr/share/locale/ca/LC_MESSAGES/sed.mo", "/usr/share/locale/cs/LC_MESSAGES/sed.mo", "/usr/share/locale/da/LC_MESSAGES/sed.mo", "/usr/share/locale/de/LC_MESSAGES/sed.mo", "/usr/share/locale/el/LC_MESSAGES/sed.mo", "/usr/share/locale/eo/LC_MESSAGES/sed.mo", "/usr/share/locale/es/LC_MESSAGES/sed.mo", "/usr/share/locale/et/LC_MESSAGES/sed.mo", "/usr/share/locale/eu/LC_MESSAGES/sed.mo", "/usr/share/locale/fi/LC_MESSAGES/sed.mo", "/usr/share/locale/fr/LC_MESSAGES/sed.mo", "/usr/share/locale/ga/LC_MESSAGES/sed.mo", "/usr/share/locale/gl/LC_MESSAGES/sed.mo", "/usr/share/locale/he/LC_MESSAGES/sed.mo", "/usr/share/locale/hr/LC_MESSAGES/sed.mo", "/usr/share/locale/hu/LC_MESSAGES/sed.mo", "/usr/share/locale/id/LC_MESSAGES/sed.mo", "/usr/share/locale/it/LC_MESSAGES/sed.mo", "/usr/share/locale/ja/LC_MESSAGES/sed.mo", "/usr/share/locale/ka/LC_MESSAGES/sed.mo", "/usr/share/locale/ko/LC_MESSAGES/sed.mo", "/usr/share/locale/nb/LC_MESSAGES/sed.mo", "/usr/share/locale/nl/LC_MESSAGES/sed.mo", "/usr/share/locale/pl/LC_MESSAGES/sed.mo", "/usr/share/locale/pt/LC_MESSAGES/sed.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/sed.mo", "/usr/share/locale/ro/LC_MESSAGES/sed.mo", "/usr/share/locale/ru/LC_MESSAGES/sed.mo", "/usr/share/locale/sk/LC_MESSAGES/sed.mo", "/usr/share/locale/sl/LC_MESSAGES/sed.mo", "/usr/share/locale/sr/LC_MESSAGES/sed.mo", "/usr/share/locale/sv/LC_MESSAGES/sed.mo", "/usr/share/locale/tr/LC_MESSAGES/sed.mo", "/usr/share/locale/uk/LC_MESSAGES/sed.mo", "/usr/share/locale/vi/LC_MESSAGES/sed.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/sed.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/sed.mo", "/usr/share/man/man1/sed.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "sqv@1.3.0-3+b2", "Name": "sqv", "Identifier": { "PURL": "pkg:deb/debian/sqv@1.3.0-3%2Bb2?arch=amd64\u0026distro=debian-13.5", "UID": "2bf11ffe79190750" }, "Version": "1.3.0", "Release": "3+b2", "Arch": "amd64", "SrcName": "rust-sequoia-sqv", "SrcVersion": "1.3.0", "SrcRelease": "3", "Licenses": [ "LGPL-2.0-or-later", "LGPL-2.0-only" ], "Maintainer": "Debian Rust Maintainers \u003cpkg-rust-maintainers@alioth-lists.debian.net\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libgcc-s1@14.2.0-19", "libgmp10@2:6.3.0+dfsg-3", "libhogweed6t64@3.10.1-1", "libnettle8t64@3.10.1-1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/sqv", "/usr/share/bash-completion/completions/sqv.bash", "/usr/share/doc/sqv/NEWS.gz", "/usr/share/doc/sqv/changelog.Debian.amd64.gz", "/usr/share/doc/sqv/changelog.Debian.gz", "/usr/share/doc/sqv/copyright", "/usr/share/fish/completions/sqv.fish", "/usr/share/man/man1/sqv.1.gz", "/usr/share/zsh/vendor-completions/_sqv" ], "AnalyzedBy": "dpkg" }, { "ID": "sysvinit-utils@3.14-4", "Name": "sysvinit-utils", "Identifier": { "PURL": "pkg:deb/debian/sysvinit-utils@3.14-4?arch=amd64\u0026distro=debian-13.5", "UID": "f7fb888c58ca826e" }, "Version": "3.14", "Release": "4", "Arch": "amd64", "SrcName": "sysvinit", "SrcVersion": "3.14", "SrcRelease": "4", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.1-or-later", "GPL-3.0-only", "GPL-2.0-only", "LGPL-2.1-only" ], "Maintainer": "Debian sysvinit maintainers \u003cdebian-init-diversity@chiark.greenend.org.uk\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/init/init-d-script", "/usr/lib/init/vars.sh", "/usr/lib/lsb/init-functions", "/usr/lib/lsb/init-functions.d/00-verbose", "/usr/sbin/fstab-decode", "/usr/sbin/killall5", "/usr/share/doc/sysvinit-utils/changelog.Debian.gz", "/usr/share/doc/sysvinit-utils/copyright", "/usr/share/man/man5/init-d-script.5.gz", "/usr/share/man/man8/fstab-decode.8.gz", "/usr/share/man/man8/killall5.8.gz", "/usr/share/man/man8/pidof.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "tar@1.35+dfsg-3.1", "Name": "tar", "Identifier": { "PURL": "pkg:deb/debian/tar@1.35%2Bdfsg-3.1?arch=amd64\u0026distro=debian-13.5", "UID": "4f69996c49afbaca" }, "Version": "1.35+dfsg", "Release": "3.1", "Arch": "amd64", "SrcName": "tar", "SrcVersion": "1.35+dfsg", "SrcRelease": "3.1", "Licenses": [ "GPL-3.0-or-later", "GPL-3.0-only", "GPL-3+ with Bison exception", "LGPL-2.1-or-later", "LGPL-2.1-only", "LGPL-3.0-or-later", "LGPL-3.0-only", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Janos Lenart \u003cocsi@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/tar", "/usr/lib/mime/packages/tar", "/usr/sbin/rmt-tar", "/usr/sbin/tarcat", "/usr/share/doc/tar/AUTHORS", "/usr/share/doc/tar/NEWS.gz", "/usr/share/doc/tar/README.Debian", "/usr/share/doc/tar/THANKS.gz", "/usr/share/doc/tar/changelog.1.gz", "/usr/share/doc/tar/changelog.Debian.gz", "/usr/share/doc/tar/changelog.gz", "/usr/share/doc/tar/copyright", "/usr/share/locale/bg/LC_MESSAGES/tar.mo", "/usr/share/locale/ca/LC_MESSAGES/tar.mo", "/usr/share/locale/cs/LC_MESSAGES/tar.mo", "/usr/share/locale/da/LC_MESSAGES/tar.mo", "/usr/share/locale/de/LC_MESSAGES/tar.mo", "/usr/share/locale/el/LC_MESSAGES/tar.mo", "/usr/share/locale/eo/LC_MESSAGES/tar.mo", "/usr/share/locale/es/LC_MESSAGES/tar.mo", "/usr/share/locale/et/LC_MESSAGES/tar.mo", "/usr/share/locale/eu/LC_MESSAGES/tar.mo", "/usr/share/locale/fi/LC_MESSAGES/tar.mo", "/usr/share/locale/fr/LC_MESSAGES/tar.mo", "/usr/share/locale/ga/LC_MESSAGES/tar.mo", "/usr/share/locale/gl/LC_MESSAGES/tar.mo", "/usr/share/locale/hr/LC_MESSAGES/tar.mo", "/usr/share/locale/hu/LC_MESSAGES/tar.mo", "/usr/share/locale/id/LC_MESSAGES/tar.mo", "/usr/share/locale/it/LC_MESSAGES/tar.mo", "/usr/share/locale/ja/LC_MESSAGES/tar.mo", "/usr/share/locale/ka/LC_MESSAGES/tar.mo", "/usr/share/locale/ko/LC_MESSAGES/tar.mo", "/usr/share/locale/ky/LC_MESSAGES/tar.mo", "/usr/share/locale/ms/LC_MESSAGES/tar.mo", "/usr/share/locale/nb/LC_MESSAGES/tar.mo", "/usr/share/locale/nl/LC_MESSAGES/tar.mo", "/usr/share/locale/pl/LC_MESSAGES/tar.mo", "/usr/share/locale/pt/LC_MESSAGES/tar.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/tar.mo", "/usr/share/locale/ro/LC_MESSAGES/tar.mo", "/usr/share/locale/ru/LC_MESSAGES/tar.mo", "/usr/share/locale/sk/LC_MESSAGES/tar.mo", "/usr/share/locale/sl/LC_MESSAGES/tar.mo", "/usr/share/locale/sr/LC_MESSAGES/tar.mo", "/usr/share/locale/sv/LC_MESSAGES/tar.mo", "/usr/share/locale/tr/LC_MESSAGES/tar.mo", "/usr/share/locale/uk/LC_MESSAGES/tar.mo", "/usr/share/locale/vi/LC_MESSAGES/tar.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/tar.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/tar.mo", "/usr/share/man/man1/tar.1.gz", "/usr/share/man/man1/tarcat.1.gz", "/usr/share/man/man8/rmt-tar.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "tzdata@2026b-0+deb13u1", "Name": "tzdata", "Identifier": { "PURL": "pkg:deb/debian/tzdata@2026b-0%2Bdeb13u1?arch=all\u0026distro=debian-13.5", "UID": "9e352e373d8245f0" }, "Version": "2026b", "Release": "0+deb13u1", "Arch": "all", "SrcName": "tzdata", "SrcVersion": "2026b", "SrcRelease": "0+deb13u1", "Licenses": [ "public-domain" ], "Maintainer": "GNU Libc Maintainers \u003cdebian-glibc@lists.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debconf@1.5.91" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/share/doc/tzdata/NEWS.Debian.gz", "/usr/share/doc/tzdata/README.Debian", "/usr/share/doc/tzdata/changelog.Debian.gz", "/usr/share/doc/tzdata/changelog.gz", "/usr/share/doc/tzdata/copyright", "/usr/share/lintian/overrides/tzdata", "/usr/share/zoneinfo/Africa/Abidjan", "/usr/share/zoneinfo/Africa/Accra", "/usr/share/zoneinfo/Africa/Addis_Ababa", "/usr/share/zoneinfo/Africa/Algiers", "/usr/share/zoneinfo/Africa/Asmara", "/usr/share/zoneinfo/Africa/Bamako", "/usr/share/zoneinfo/Africa/Bangui", "/usr/share/zoneinfo/Africa/Banjul", "/usr/share/zoneinfo/Africa/Bissau", "/usr/share/zoneinfo/Africa/Blantyre", "/usr/share/zoneinfo/Africa/Brazzaville", "/usr/share/zoneinfo/Africa/Bujumbura", "/usr/share/zoneinfo/Africa/Cairo", "/usr/share/zoneinfo/Africa/Casablanca", "/usr/share/zoneinfo/Africa/Ceuta", "/usr/share/zoneinfo/Africa/Conakry", "/usr/share/zoneinfo/Africa/Dakar", "/usr/share/zoneinfo/Africa/Dar_es_Salaam", "/usr/share/zoneinfo/Africa/Djibouti", "/usr/share/zoneinfo/Africa/Douala", "/usr/share/zoneinfo/Africa/El_Aaiun", "/usr/share/zoneinfo/Africa/Freetown", "/usr/share/zoneinfo/Africa/Gaborone", "/usr/share/zoneinfo/Africa/Harare", "/usr/share/zoneinfo/Africa/Johannesburg", "/usr/share/zoneinfo/Africa/Juba", "/usr/share/zoneinfo/Africa/Kampala", "/usr/share/zoneinfo/Africa/Khartoum", "/usr/share/zoneinfo/Africa/Kigali", "/usr/share/zoneinfo/Africa/Kinshasa", "/usr/share/zoneinfo/Africa/Lagos", "/usr/share/zoneinfo/Africa/Libreville", "/usr/share/zoneinfo/Africa/Lome", "/usr/share/zoneinfo/Africa/Luanda", "/usr/share/zoneinfo/Africa/Lubumbashi", "/usr/share/zoneinfo/Africa/Lusaka", "/usr/share/zoneinfo/Africa/Malabo", "/usr/share/zoneinfo/Africa/Maputo", "/usr/share/zoneinfo/Africa/Maseru", "/usr/share/zoneinfo/Africa/Mbabane", "/usr/share/zoneinfo/Africa/Mogadishu", "/usr/share/zoneinfo/Africa/Monrovia", "/usr/share/zoneinfo/Africa/Nairobi", "/usr/share/zoneinfo/Africa/Ndjamena", "/usr/share/zoneinfo/Africa/Niamey", "/usr/share/zoneinfo/Africa/Nouakchott", "/usr/share/zoneinfo/Africa/Ouagadougou", "/usr/share/zoneinfo/Africa/Porto-Novo", "/usr/share/zoneinfo/Africa/Sao_Tome", "/usr/share/zoneinfo/Africa/Tripoli", "/usr/share/zoneinfo/Africa/Tunis", "/usr/share/zoneinfo/Africa/Windhoek", "/usr/share/zoneinfo/America/Adak", "/usr/share/zoneinfo/America/Anchorage", "/usr/share/zoneinfo/America/Anguilla", "/usr/share/zoneinfo/America/Antigua", "/usr/share/zoneinfo/America/Araguaina", "/usr/share/zoneinfo/America/Argentina/Buenos_Aires", "/usr/share/zoneinfo/America/Argentina/Catamarca", "/usr/share/zoneinfo/America/Argentina/Cordoba", "/usr/share/zoneinfo/America/Argentina/Jujuy", "/usr/share/zoneinfo/America/Argentina/La_Rioja", "/usr/share/zoneinfo/America/Argentina/Mendoza", "/usr/share/zoneinfo/America/Argentina/Rio_Gallegos", "/usr/share/zoneinfo/America/Argentina/Salta", "/usr/share/zoneinfo/America/Argentina/San_Juan", "/usr/share/zoneinfo/America/Argentina/San_Luis", "/usr/share/zoneinfo/America/Argentina/Tucuman", "/usr/share/zoneinfo/America/Argentina/Ushuaia", "/usr/share/zoneinfo/America/Aruba", "/usr/share/zoneinfo/America/Asuncion", "/usr/share/zoneinfo/America/Atikokan", "/usr/share/zoneinfo/America/Bahia", "/usr/share/zoneinfo/America/Bahia_Banderas", "/usr/share/zoneinfo/America/Barbados", "/usr/share/zoneinfo/America/Belem", "/usr/share/zoneinfo/America/Belize", "/usr/share/zoneinfo/America/Blanc-Sablon", "/usr/share/zoneinfo/America/Boa_Vista", "/usr/share/zoneinfo/America/Bogota", "/usr/share/zoneinfo/America/Boise", "/usr/share/zoneinfo/America/Cambridge_Bay", "/usr/share/zoneinfo/America/Campo_Grande", "/usr/share/zoneinfo/America/Cancun", "/usr/share/zoneinfo/America/Caracas", "/usr/share/zoneinfo/America/Cayenne", "/usr/share/zoneinfo/America/Cayman", "/usr/share/zoneinfo/America/Chicago", "/usr/share/zoneinfo/America/Chihuahua", "/usr/share/zoneinfo/America/Ciudad_Juarez", "/usr/share/zoneinfo/America/Costa_Rica", "/usr/share/zoneinfo/America/Coyhaique", "/usr/share/zoneinfo/America/Creston", "/usr/share/zoneinfo/America/Cuiaba", "/usr/share/zoneinfo/America/Curacao", "/usr/share/zoneinfo/America/Danmarkshavn", "/usr/share/zoneinfo/America/Dawson", "/usr/share/zoneinfo/America/Dawson_Creek", "/usr/share/zoneinfo/America/Denver", "/usr/share/zoneinfo/America/Detroit", "/usr/share/zoneinfo/America/Dominica", "/usr/share/zoneinfo/America/Edmonton", "/usr/share/zoneinfo/America/Eirunepe", "/usr/share/zoneinfo/America/El_Salvador", "/usr/share/zoneinfo/America/Fort_Nelson", "/usr/share/zoneinfo/America/Fortaleza", "/usr/share/zoneinfo/America/Glace_Bay", "/usr/share/zoneinfo/America/Goose_Bay", "/usr/share/zoneinfo/America/Grand_Turk", "/usr/share/zoneinfo/America/Grenada", "/usr/share/zoneinfo/America/Guadeloupe", "/usr/share/zoneinfo/America/Guatemala", "/usr/share/zoneinfo/America/Guayaquil", "/usr/share/zoneinfo/America/Guyana", "/usr/share/zoneinfo/America/Halifax", "/usr/share/zoneinfo/America/Havana", "/usr/share/zoneinfo/America/Hermosillo", "/usr/share/zoneinfo/America/Indiana/Indianapolis", "/usr/share/zoneinfo/America/Indiana/Knox", "/usr/share/zoneinfo/America/Indiana/Marengo", "/usr/share/zoneinfo/America/Indiana/Petersburg", "/usr/share/zoneinfo/America/Indiana/Tell_City", "/usr/share/zoneinfo/America/Indiana/Vevay", "/usr/share/zoneinfo/America/Indiana/Vincennes", "/usr/share/zoneinfo/America/Indiana/Winamac", "/usr/share/zoneinfo/America/Inuvik", "/usr/share/zoneinfo/America/Iqaluit", "/usr/share/zoneinfo/America/Jamaica", "/usr/share/zoneinfo/America/Juneau", "/usr/share/zoneinfo/America/Kentucky/Louisville", "/usr/share/zoneinfo/America/Kentucky/Monticello", "/usr/share/zoneinfo/America/La_Paz", "/usr/share/zoneinfo/America/Lima", "/usr/share/zoneinfo/America/Los_Angeles", "/usr/share/zoneinfo/America/Maceio", "/usr/share/zoneinfo/America/Managua", "/usr/share/zoneinfo/America/Manaus", "/usr/share/zoneinfo/America/Martinique", "/usr/share/zoneinfo/America/Matamoros", "/usr/share/zoneinfo/America/Mazatlan", "/usr/share/zoneinfo/America/Menominee", "/usr/share/zoneinfo/America/Merida", "/usr/share/zoneinfo/America/Metlakatla", "/usr/share/zoneinfo/America/Mexico_City", "/usr/share/zoneinfo/America/Miquelon", "/usr/share/zoneinfo/America/Moncton", "/usr/share/zoneinfo/America/Monterrey", "/usr/share/zoneinfo/America/Montevideo", "/usr/share/zoneinfo/America/Montserrat", "/usr/share/zoneinfo/America/Nassau", "/usr/share/zoneinfo/America/New_York", "/usr/share/zoneinfo/America/Nome", "/usr/share/zoneinfo/America/Noronha", "/usr/share/zoneinfo/America/North_Dakota/Beulah", "/usr/share/zoneinfo/America/North_Dakota/Center", "/usr/share/zoneinfo/America/North_Dakota/New_Salem", "/usr/share/zoneinfo/America/Nuuk", "/usr/share/zoneinfo/America/Ojinaga", "/usr/share/zoneinfo/America/Panama", "/usr/share/zoneinfo/America/Paramaribo", "/usr/share/zoneinfo/America/Phoenix", "/usr/share/zoneinfo/America/Port-au-Prince", "/usr/share/zoneinfo/America/Port_of_Spain", "/usr/share/zoneinfo/America/Porto_Velho", "/usr/share/zoneinfo/America/Puerto_Rico", "/usr/share/zoneinfo/America/Punta_Arenas", "/usr/share/zoneinfo/America/Rankin_Inlet", "/usr/share/zoneinfo/America/Recife", "/usr/share/zoneinfo/America/Regina", "/usr/share/zoneinfo/America/Resolute", "/usr/share/zoneinfo/America/Rio_Branco", "/usr/share/zoneinfo/America/Santarem", "/usr/share/zoneinfo/America/Santiago", "/usr/share/zoneinfo/America/Santo_Domingo", "/usr/share/zoneinfo/America/Sao_Paulo", "/usr/share/zoneinfo/America/Scoresbysund", "/usr/share/zoneinfo/America/Sitka", "/usr/share/zoneinfo/America/St_Johns", "/usr/share/zoneinfo/America/St_Kitts", "/usr/share/zoneinfo/America/St_Lucia", "/usr/share/zoneinfo/America/St_Thomas", "/usr/share/zoneinfo/America/St_Vincent", "/usr/share/zoneinfo/America/Swift_Current", "/usr/share/zoneinfo/America/Tegucigalpa", "/usr/share/zoneinfo/America/Thule", "/usr/share/zoneinfo/America/Tijuana", "/usr/share/zoneinfo/America/Toronto", "/usr/share/zoneinfo/America/Tortola", "/usr/share/zoneinfo/America/Vancouver", "/usr/share/zoneinfo/America/Whitehorse", "/usr/share/zoneinfo/America/Winnipeg", "/usr/share/zoneinfo/America/Yakutat", "/usr/share/zoneinfo/Antarctica/Casey", "/usr/share/zoneinfo/Antarctica/Davis", "/usr/share/zoneinfo/Antarctica/DumontDUrville", "/usr/share/zoneinfo/Antarctica/Macquarie", "/usr/share/zoneinfo/Antarctica/Mawson", "/usr/share/zoneinfo/Antarctica/McMurdo", "/usr/share/zoneinfo/Antarctica/Palmer", "/usr/share/zoneinfo/Antarctica/Rothera", "/usr/share/zoneinfo/Antarctica/Syowa", "/usr/share/zoneinfo/Antarctica/Troll", "/usr/share/zoneinfo/Antarctica/Vostok", "/usr/share/zoneinfo/Asia/Aden", "/usr/share/zoneinfo/Asia/Almaty", "/usr/share/zoneinfo/Asia/Amman", "/usr/share/zoneinfo/Asia/Anadyr", "/usr/share/zoneinfo/Asia/Aqtau", "/usr/share/zoneinfo/Asia/Aqtobe", "/usr/share/zoneinfo/Asia/Ashgabat", "/usr/share/zoneinfo/Asia/Atyrau", "/usr/share/zoneinfo/Asia/Baghdad", "/usr/share/zoneinfo/Asia/Bahrain", "/usr/share/zoneinfo/Asia/Baku", "/usr/share/zoneinfo/Asia/Bangkok", "/usr/share/zoneinfo/Asia/Barnaul", "/usr/share/zoneinfo/Asia/Beirut", "/usr/share/zoneinfo/Asia/Bishkek", "/usr/share/zoneinfo/Asia/Brunei", "/usr/share/zoneinfo/Asia/Chita", "/usr/share/zoneinfo/Asia/Colombo", "/usr/share/zoneinfo/Asia/Damascus", "/usr/share/zoneinfo/Asia/Dhaka", "/usr/share/zoneinfo/Asia/Dili", "/usr/share/zoneinfo/Asia/Dubai", "/usr/share/zoneinfo/Asia/Dushanbe", "/usr/share/zoneinfo/Asia/Famagusta", "/usr/share/zoneinfo/Asia/Gaza", "/usr/share/zoneinfo/Asia/Hebron", "/usr/share/zoneinfo/Asia/Ho_Chi_Minh", "/usr/share/zoneinfo/Asia/Hong_Kong", "/usr/share/zoneinfo/Asia/Hovd", "/usr/share/zoneinfo/Asia/Irkutsk", "/usr/share/zoneinfo/Asia/Jakarta", "/usr/share/zoneinfo/Asia/Jayapura", "/usr/share/zoneinfo/Asia/Jerusalem", "/usr/share/zoneinfo/Asia/Kabul", "/usr/share/zoneinfo/Asia/Kamchatka", "/usr/share/zoneinfo/Asia/Karachi", "/usr/share/zoneinfo/Asia/Kathmandu", "/usr/share/zoneinfo/Asia/Khandyga", "/usr/share/zoneinfo/Asia/Kolkata", "/usr/share/zoneinfo/Asia/Krasnoyarsk", "/usr/share/zoneinfo/Asia/Kuala_Lumpur", "/usr/share/zoneinfo/Asia/Kuching", "/usr/share/zoneinfo/Asia/Kuwait", "/usr/share/zoneinfo/Asia/Macau", "/usr/share/zoneinfo/Asia/Magadan", "/usr/share/zoneinfo/Asia/Makassar", "/usr/share/zoneinfo/Asia/Manila", "/usr/share/zoneinfo/Asia/Muscat", "/usr/share/zoneinfo/Asia/Nicosia", "/usr/share/zoneinfo/Asia/Novokuznetsk", "/usr/share/zoneinfo/Asia/Novosibirsk", "/usr/share/zoneinfo/Asia/Omsk", "/usr/share/zoneinfo/Asia/Oral", "/usr/share/zoneinfo/Asia/Phnom_Penh", "/usr/share/zoneinfo/Asia/Pontianak", "/usr/share/zoneinfo/Asia/Pyongyang", "/usr/share/zoneinfo/Asia/Qatar", "/usr/share/zoneinfo/Asia/Qostanay", "/usr/share/zoneinfo/Asia/Qyzylorda", "/usr/share/zoneinfo/Asia/Riyadh", "/usr/share/zoneinfo/Asia/Sakhalin", "/usr/share/zoneinfo/Asia/Samarkand", "/usr/share/zoneinfo/Asia/Seoul", "/usr/share/zoneinfo/Asia/Shanghai", "/usr/share/zoneinfo/Asia/Singapore", "/usr/share/zoneinfo/Asia/Srednekolymsk", "/usr/share/zoneinfo/Asia/Taipei", "/usr/share/zoneinfo/Asia/Tashkent", "/usr/share/zoneinfo/Asia/Tbilisi", "/usr/share/zoneinfo/Asia/Tehran", "/usr/share/zoneinfo/Asia/Thimphu", "/usr/share/zoneinfo/Asia/Tokyo", "/usr/share/zoneinfo/Asia/Tomsk", "/usr/share/zoneinfo/Asia/Ulaanbaatar", "/usr/share/zoneinfo/Asia/Urumqi", "/usr/share/zoneinfo/Asia/Ust-Nera", "/usr/share/zoneinfo/Asia/Vientiane", "/usr/share/zoneinfo/Asia/Vladivostok", "/usr/share/zoneinfo/Asia/Yakutsk", "/usr/share/zoneinfo/Asia/Yangon", "/usr/share/zoneinfo/Asia/Yekaterinburg", "/usr/share/zoneinfo/Asia/Yerevan", "/usr/share/zoneinfo/Atlantic/Azores", "/usr/share/zoneinfo/Atlantic/Bermuda", "/usr/share/zoneinfo/Atlantic/Canary", "/usr/share/zoneinfo/Atlantic/Cape_Verde", "/usr/share/zoneinfo/Atlantic/Faroe", "/usr/share/zoneinfo/Atlantic/Madeira", "/usr/share/zoneinfo/Atlantic/Reykjavik", "/usr/share/zoneinfo/Atlantic/South_Georgia", "/usr/share/zoneinfo/Atlantic/St_Helena", "/usr/share/zoneinfo/Atlantic/Stanley", "/usr/share/zoneinfo/Australia/Adelaide", "/usr/share/zoneinfo/Australia/Brisbane", "/usr/share/zoneinfo/Australia/Broken_Hill", "/usr/share/zoneinfo/Australia/Darwin", "/usr/share/zoneinfo/Australia/Eucla", "/usr/share/zoneinfo/Australia/Hobart", "/usr/share/zoneinfo/Australia/Lindeman", "/usr/share/zoneinfo/Australia/Lord_Howe", "/usr/share/zoneinfo/Australia/Melbourne", "/usr/share/zoneinfo/Australia/Perth", "/usr/share/zoneinfo/Australia/Sydney", "/usr/share/zoneinfo/Etc/GMT", "/usr/share/zoneinfo/Etc/GMT+1", "/usr/share/zoneinfo/Etc/GMT+10", "/usr/share/zoneinfo/Etc/GMT+11", "/usr/share/zoneinfo/Etc/GMT+12", "/usr/share/zoneinfo/Etc/GMT+2", "/usr/share/zoneinfo/Etc/GMT+3", "/usr/share/zoneinfo/Etc/GMT+4", "/usr/share/zoneinfo/Etc/GMT+5", "/usr/share/zoneinfo/Etc/GMT+6", "/usr/share/zoneinfo/Etc/GMT+7", "/usr/share/zoneinfo/Etc/GMT+8", "/usr/share/zoneinfo/Etc/GMT+9", "/usr/share/zoneinfo/Etc/GMT-1", "/usr/share/zoneinfo/Etc/GMT-10", "/usr/share/zoneinfo/Etc/GMT-11", "/usr/share/zoneinfo/Etc/GMT-12", "/usr/share/zoneinfo/Etc/GMT-13", "/usr/share/zoneinfo/Etc/GMT-14", "/usr/share/zoneinfo/Etc/GMT-2", "/usr/share/zoneinfo/Etc/GMT-3", "/usr/share/zoneinfo/Etc/GMT-4", "/usr/share/zoneinfo/Etc/GMT-5", "/usr/share/zoneinfo/Etc/GMT-6", "/usr/share/zoneinfo/Etc/GMT-7", "/usr/share/zoneinfo/Etc/GMT-8", "/usr/share/zoneinfo/Etc/GMT-9", "/usr/share/zoneinfo/Etc/UTC", "/usr/share/zoneinfo/Europe/Amsterdam", "/usr/share/zoneinfo/Europe/Andorra", "/usr/share/zoneinfo/Europe/Astrakhan", "/usr/share/zoneinfo/Europe/Athens", "/usr/share/zoneinfo/Europe/Belgrade", "/usr/share/zoneinfo/Europe/Berlin", "/usr/share/zoneinfo/Europe/Brussels", "/usr/share/zoneinfo/Europe/Bucharest", "/usr/share/zoneinfo/Europe/Budapest", "/usr/share/zoneinfo/Europe/Chisinau", "/usr/share/zoneinfo/Europe/Copenhagen", "/usr/share/zoneinfo/Europe/Dublin", "/usr/share/zoneinfo/Europe/Gibraltar", "/usr/share/zoneinfo/Europe/Guernsey", "/usr/share/zoneinfo/Europe/Helsinki", "/usr/share/zoneinfo/Europe/Isle_of_Man", "/usr/share/zoneinfo/Europe/Istanbul", "/usr/share/zoneinfo/Europe/Jersey", "/usr/share/zoneinfo/Europe/Kaliningrad", "/usr/share/zoneinfo/Europe/Kirov", "/usr/share/zoneinfo/Europe/Kyiv", "/usr/share/zoneinfo/Europe/Lisbon", "/usr/share/zoneinfo/Europe/Ljubljana", "/usr/share/zoneinfo/Europe/London", "/usr/share/zoneinfo/Europe/Luxembourg", "/usr/share/zoneinfo/Europe/Madrid", "/usr/share/zoneinfo/Europe/Malta", "/usr/share/zoneinfo/Europe/Minsk", "/usr/share/zoneinfo/Europe/Monaco", "/usr/share/zoneinfo/Europe/Moscow", "/usr/share/zoneinfo/Europe/Oslo", "/usr/share/zoneinfo/Europe/Paris", "/usr/share/zoneinfo/Europe/Prague", "/usr/share/zoneinfo/Europe/Riga", "/usr/share/zoneinfo/Europe/Rome", "/usr/share/zoneinfo/Europe/Samara", "/usr/share/zoneinfo/Europe/Sarajevo", "/usr/share/zoneinfo/Europe/Saratov", "/usr/share/zoneinfo/Europe/Simferopol", "/usr/share/zoneinfo/Europe/Skopje", "/usr/share/zoneinfo/Europe/Sofia", "/usr/share/zoneinfo/Europe/Stockholm", "/usr/share/zoneinfo/Europe/Tallinn", "/usr/share/zoneinfo/Europe/Tirane", "/usr/share/zoneinfo/Europe/Ulyanovsk", "/usr/share/zoneinfo/Europe/Vaduz", "/usr/share/zoneinfo/Europe/Vienna", "/usr/share/zoneinfo/Europe/Vilnius", "/usr/share/zoneinfo/Europe/Volgograd", "/usr/share/zoneinfo/Europe/Warsaw", "/usr/share/zoneinfo/Europe/Zagreb", "/usr/share/zoneinfo/Europe/Zurich", "/usr/share/zoneinfo/Factory", "/usr/share/zoneinfo/Indian/Antananarivo", "/usr/share/zoneinfo/Indian/Chagos", "/usr/share/zoneinfo/Indian/Christmas", "/usr/share/zoneinfo/Indian/Cocos", "/usr/share/zoneinfo/Indian/Comoro", "/usr/share/zoneinfo/Indian/Kerguelen", "/usr/share/zoneinfo/Indian/Mahe", "/usr/share/zoneinfo/Indian/Maldives", "/usr/share/zoneinfo/Indian/Mauritius", "/usr/share/zoneinfo/Indian/Mayotte", "/usr/share/zoneinfo/Indian/Reunion", "/usr/share/zoneinfo/Pacific/Apia", "/usr/share/zoneinfo/Pacific/Auckland", "/usr/share/zoneinfo/Pacific/Bougainville", "/usr/share/zoneinfo/Pacific/Chatham", "/usr/share/zoneinfo/Pacific/Chuuk", "/usr/share/zoneinfo/Pacific/Easter", "/usr/share/zoneinfo/Pacific/Efate", "/usr/share/zoneinfo/Pacific/Fakaofo", "/usr/share/zoneinfo/Pacific/Fiji", "/usr/share/zoneinfo/Pacific/Funafuti", "/usr/share/zoneinfo/Pacific/Galapagos", "/usr/share/zoneinfo/Pacific/Gambier", "/usr/share/zoneinfo/Pacific/Guadalcanal", "/usr/share/zoneinfo/Pacific/Guam", "/usr/share/zoneinfo/Pacific/Honolulu", "/usr/share/zoneinfo/Pacific/Kanton", "/usr/share/zoneinfo/Pacific/Kiritimati", "/usr/share/zoneinfo/Pacific/Kosrae", "/usr/share/zoneinfo/Pacific/Kwajalein", "/usr/share/zoneinfo/Pacific/Majuro", "/usr/share/zoneinfo/Pacific/Marquesas", "/usr/share/zoneinfo/Pacific/Midway", "/usr/share/zoneinfo/Pacific/Nauru", "/usr/share/zoneinfo/Pacific/Niue", "/usr/share/zoneinfo/Pacific/Norfolk", "/usr/share/zoneinfo/Pacific/Noumea", "/usr/share/zoneinfo/Pacific/Pago_Pago", "/usr/share/zoneinfo/Pacific/Palau", "/usr/share/zoneinfo/Pacific/Pitcairn", "/usr/share/zoneinfo/Pacific/Pohnpei", "/usr/share/zoneinfo/Pacific/Port_Moresby", "/usr/share/zoneinfo/Pacific/Rarotonga", "/usr/share/zoneinfo/Pacific/Saipan", "/usr/share/zoneinfo/Pacific/Tahiti", "/usr/share/zoneinfo/Pacific/Tarawa", "/usr/share/zoneinfo/Pacific/Tongatapu", "/usr/share/zoneinfo/Pacific/Wake", "/usr/share/zoneinfo/Pacific/Wallis", "/usr/share/zoneinfo/iso3166.tab", "/usr/share/zoneinfo/leap-seconds.list", "/usr/share/zoneinfo/leapseconds", "/usr/share/zoneinfo/tzdata.zi", "/usr/share/zoneinfo/zone.tab", "/usr/share/zoneinfo/zone1970.tab", "/usr/share/zoneinfo/zonenow.tab" ], "AnalyzedBy": "dpkg" }, { "ID": "util-linux@2.41-5", "Name": "util-linux", "Identifier": { "PURL": "pkg:deb/debian/util-linux@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "972fb85b9c9e83e7" }, "Version": "2.41", "Release": "5", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/choom", "/usr/bin/chrt", "/usr/bin/dmesg", "/usr/bin/fallocate", "/usr/bin/findmnt", "/usr/bin/flock", "/usr/bin/getopt", "/usr/bin/hardlink", "/usr/bin/ionice", "/usr/bin/ipcmk", "/usr/bin/ipcrm", "/usr/bin/ipcs", "/usr/bin/lsblk", "/usr/bin/lscpu", "/usr/bin/lsipc", "/usr/bin/lslocks", "/usr/bin/lslogins", "/usr/bin/lsmem", "/usr/bin/lsns", "/usr/bin/mcookie", "/usr/bin/more", "/usr/bin/mountpoint", "/usr/bin/namei", "/usr/bin/nsenter", "/usr/bin/partx", "/usr/bin/prlimit", "/usr/bin/rename.ul", "/usr/bin/rev", "/usr/bin/setarch", "/usr/bin/setpriv", "/usr/bin/setsid", "/usr/bin/setterm", "/usr/bin/su", "/usr/bin/taskset", "/usr/bin/uclampset", "/usr/bin/unshare", "/usr/bin/wdctl", "/usr/bin/whereis", "/usr/lib/mime/packages/util-linux", "/usr/lib/systemd/system/fstrim.service", "/usr/lib/systemd/system/fstrim.timer", "/usr/sbin/agetty", "/usr/sbin/blkdiscard", "/usr/sbin/blkid", "/usr/sbin/blkzone", "/usr/sbin/blockdev", "/usr/sbin/chcpu", "/usr/sbin/chmem", "/usr/sbin/findfs", "/usr/sbin/fsck", "/usr/sbin/fsfreeze", "/usr/sbin/fstrim", "/usr/sbin/isosize", "/usr/sbin/ldattach", "/usr/sbin/mkfs", "/usr/sbin/mkswap", "/usr/sbin/pivot_root", "/usr/sbin/readprofile", "/usr/sbin/rtcwake", "/usr/sbin/runuser", "/usr/sbin/sulogin", "/usr/sbin/swaplabel", "/usr/sbin/switch_root", "/usr/sbin/wipefs", "/usr/sbin/zramctl", "/usr/share/bash-completion/completions/blkdiscard", "/usr/share/bash-completion/completions/blkid", "/usr/share/bash-completion/completions/blkzone", "/usr/share/bash-completion/completions/blockdev", "/usr/share/bash-completion/completions/chcpu", "/usr/share/bash-completion/completions/chmem", "/usr/share/bash-completion/completions/chrt", "/usr/share/bash-completion/completions/dmesg", "/usr/share/bash-completion/completions/fallocate", "/usr/share/bash-completion/completions/findfs", "/usr/share/bash-completion/completions/findmnt", "/usr/share/bash-completion/completions/flock", "/usr/share/bash-completion/completions/fsck", "/usr/share/bash-completion/completions/fsfreeze", "/usr/share/bash-completion/completions/fstrim", "/usr/share/bash-completion/completions/getopt", "/usr/share/bash-completion/completions/hardlink", "/usr/share/bash-completion/completions/ionice", "/usr/share/bash-completion/completions/ipcmk", "/usr/share/bash-completion/completions/ipcrm", "/usr/share/bash-completion/completions/ipcs", "/usr/share/bash-completion/completions/isosize", "/usr/share/bash-completion/completions/ldattach", "/usr/share/bash-completion/completions/lsblk", "/usr/share/bash-completion/completions/lscpu", "/usr/share/bash-completion/completions/lsipc", "/usr/share/bash-completion/completions/lslocks", "/usr/share/bash-completion/completions/lslogins", "/usr/share/bash-completion/completions/lsmem", "/usr/share/bash-completion/completions/lsns", "/usr/share/bash-completion/completions/mcookie", "/usr/share/bash-completion/completions/mkfs", "/usr/share/bash-completion/completions/mkswap", "/usr/share/bash-completion/completions/more", "/usr/share/bash-completion/completions/mountpoint", "/usr/share/bash-completion/completions/namei", "/usr/share/bash-completion/completions/nsenter", "/usr/share/bash-completion/completions/partx", "/usr/share/bash-completion/completions/pivot_root", "/usr/share/bash-completion/completions/prlimit", "/usr/share/bash-completion/completions/readprofile", "/usr/share/bash-completion/completions/rename.ul", "/usr/share/bash-completion/completions/rev", "/usr/share/bash-completion/completions/rtcwake", "/usr/share/bash-completion/completions/setarch", "/usr/share/bash-completion/completions/setpriv", "/usr/share/bash-completion/completions/setsid", "/usr/share/bash-completion/completions/setterm", "/usr/share/bash-completion/completions/su", "/usr/share/bash-completion/completions/swaplabel", "/usr/share/bash-completion/completions/taskset", "/usr/share/bash-completion/completions/uclampset", "/usr/share/bash-completion/completions/unshare", "/usr/share/bash-completion/completions/wdctl", "/usr/share/bash-completion/completions/whereis", "/usr/share/bash-completion/completions/wipefs", "/usr/share/bash-completion/completions/zramctl", "/usr/share/doc/util-linux/00-about-docs.txt", "/usr/share/doc/util-linux/AUTHORS.gz", "/usr/share/doc/util-linux/NEWS.Debian.gz", "/usr/share/doc/util-linux/PAM-configuration.txt", "/usr/share/doc/util-linux/README.Debian", "/usr/share/doc/util-linux/blkid.txt", "/usr/share/doc/util-linux/cal.txt", "/usr/share/doc/util-linux/changelog.Debian.gz", "/usr/share/doc/util-linux/changelog.gz", "/usr/share/doc/util-linux/col.txt", "/usr/share/doc/util-linux/copyright", "/usr/share/doc/util-linux/deprecated.txt", "/usr/share/doc/util-linux/examples/getopt-example.bash", "/usr/share/doc/util-linux/getopt.txt", "/usr/share/doc/util-linux/getopt_changelog.txt", "/usr/share/doc/util-linux/howto-build-sys.txt", "/usr/share/doc/util-linux/howto-compilation.txt", "/usr/share/doc/util-linux/howto-contribute.txt.gz", "/usr/share/doc/util-linux/howto-debug.txt", "/usr/share/doc/util-linux/howto-man-page.txt", "/usr/share/doc/util-linux/howto-pull-request.txt.gz", "/usr/share/doc/util-linux/howto-tests.txt", "/usr/share/doc/util-linux/howto-usage-function.txt.gz", "/usr/share/doc/util-linux/hwclock.txt", "/usr/share/doc/util-linux/modems-with-agetty.txt", "/usr/share/doc/util-linux/mount.txt", "/usr/share/doc/util-linux/parse-date.txt.gz", "/usr/share/doc/util-linux/pg.txt", "/usr/share/doc/util-linux/poeigl.txt.gz", "/usr/share/doc/util-linux/release-schedule.txt", "/usr/share/doc/util-linux/releases/v2.13-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.14-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.15-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.16-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.17-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.18-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.19-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.20-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.21-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.22-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.23-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.24-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.25-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.26-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.27-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.28-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.29-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.30-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.31-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.32-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.33-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.34-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.35-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.36-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.37-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.38-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.39-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.40-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.41-ReleaseNotes.gz", "/usr/share/lintian/overrides/util-linux", "/usr/share/man/man1/choom.1.gz", "/usr/share/man/man1/chrt.1.gz", "/usr/share/man/man1/dmesg.1.gz", "/usr/share/man/man1/fallocate.1.gz", "/usr/share/man/man1/flock.1.gz", "/usr/share/man/man1/getopt.1.gz", "/usr/share/man/man1/hardlink.1.gz", "/usr/share/man/man1/ionice.1.gz", "/usr/share/man/man1/ipcmk.1.gz", "/usr/share/man/man1/ipcrm.1.gz", "/usr/share/man/man1/ipcs.1.gz", "/usr/share/man/man1/lscpu.1.gz", "/usr/share/man/man1/lsipc.1.gz", "/usr/share/man/man1/lslogins.1.gz", "/usr/share/man/man1/lsmem.1.gz", "/usr/share/man/man1/mcookie.1.gz", "/usr/share/man/man1/more.1.gz", "/usr/share/man/man1/mountpoint.1.gz", "/usr/share/man/man1/namei.1.gz", "/usr/share/man/man1/nsenter.1.gz", "/usr/share/man/man1/prlimit.1.gz", "/usr/share/man/man1/rename.ul.1.gz", "/usr/share/man/man1/rev.1.gz", "/usr/share/man/man1/runuser.1.gz", "/usr/share/man/man1/setpriv.1.gz", "/usr/share/man/man1/setsid.1.gz", "/usr/share/man/man1/setterm.1.gz", "/usr/share/man/man1/su.1.gz", "/usr/share/man/man1/taskset.1.gz", "/usr/share/man/man1/uclampset.1.gz", "/usr/share/man/man1/unshare.1.gz", "/usr/share/man/man1/whereis.1.gz", "/usr/share/man/man5/adjtime_config.5.gz", "/usr/share/man/man5/scols-filter.5.gz", "/usr/share/man/man5/terminal-colors.d.5.gz", "/usr/share/man/man8/agetty.8.gz", "/usr/share/man/man8/blkdiscard.8.gz", "/usr/share/man/man8/blkid.8.gz", "/usr/share/man/man8/blkzone.8.gz", "/usr/share/man/man8/blockdev.8.gz", "/usr/share/man/man8/chcpu.8.gz", "/usr/share/man/man8/chmem.8.gz", "/usr/share/man/man8/findfs.8.gz", "/usr/share/man/man8/findmnt.8.gz", "/usr/share/man/man8/fsck.8.gz", "/usr/share/man/man8/fsfreeze.8.gz", "/usr/share/man/man8/fstrim.8.gz", "/usr/share/man/man8/isosize.8.gz", "/usr/share/man/man8/ldattach.8.gz", "/usr/share/man/man8/lsblk.8.gz", "/usr/share/man/man8/lslocks.8.gz", "/usr/share/man/man8/lsns.8.gz", "/usr/share/man/man8/mkfs.8.gz", "/usr/share/man/man8/mkswap.8.gz", "/usr/share/man/man8/partx.8.gz", "/usr/share/man/man8/pivot_root.8.gz", "/usr/share/man/man8/readprofile.8.gz", "/usr/share/man/man8/rtcwake.8.gz", "/usr/share/man/man8/setarch.8.gz", "/usr/share/man/man8/sulogin.8.gz", "/usr/share/man/man8/swaplabel.8.gz", "/usr/share/man/man8/switch_root.8.gz", "/usr/share/man/man8/wdctl.8.gz", "/usr/share/man/man8/wipefs.8.gz", "/usr/share/man/man8/zramctl.8.gz", "/usr/share/util-linux/logcheck/ignore.d.server/util-linux" ], "AnalyzedBy": "dpkg" }, { "ID": "zlib1g@1:1.3.dfsg+really1.3.1-1+b1", "Name": "zlib1g", "Identifier": { "PURL": "pkg:deb/debian/zlib1g@1.3.dfsg%2Breally1.3.1-1%2Bb1?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "ff182eb2a26a8142" }, "Version": "1.3.dfsg+really1.3.1", "Release": "1+b1", "Epoch": 1, "Arch": "amd64", "SrcName": "zlib", "SrcVersion": "1.3.dfsg+really1.3.1", "SrcRelease": "1", "SrcEpoch": 1, "Licenses": [ "Zlib" ], "Maintainer": "Mark Brown \u003cbroonie@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libz.so.1.3.1", "/usr/share/doc/zlib1g/changelog.Debian.amd64.gz", "/usr/share/doc/zlib1g/changelog.Debian.gz", "/usr/share/doc/zlib1g/changelog.gz", "/usr/share/doc/zlib1g/copyright" ], "AnalyzedBy": "dpkg" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2026-27456", "PkgID": "bsdutils@1:2.41-5", "PkgName": "bsdutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/bsdutils@2.41-5?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "5843733a461e6ce1" }, "InstalledVersion": "1:2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:48d45065fd36f9b29605ea9e40dcda4160994ad29bfaa13740de33043026e270", "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59", "CWE-269", "CWE-367" ], "VendorSeverity": { "azure": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27456", "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "https://www.cve.org/CVERecord?id=CVE-2026-27456" ], "PublishedDate": "2026-04-03T22:16:25.4Z", "LastModifiedDate": "2026-04-22T16:08:55.1Z" }, { "VulnerabilityID": "CVE-2026-3184", "PkgID": "bsdutils@1:2.41-5", "PkgName": "bsdutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/bsdutils@2.41-5?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "5843733a461e6ce1" }, "InstalledVersion": "1:2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:24958e6e74e26b300133f285c228b9f461b52b95614b7a6a11a8c375f56fd1ad", "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", "Severity": "MEDIUM", "CweIDs": [ "CWE-289" ], "VendorSeverity": { "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7180", "https://access.redhat.com/security/cve/CVE-2026-3184", "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", "https://www.cve.org/CVERecord?id=CVE-2026-3184" ], "PublishedDate": "2026-04-03T19:17:23.377Z", "LastModifiedDate": "2026-05-01T19:29:51.02Z" }, { "VulnerabilityID": "CVE-2026-27456", "PkgID": "libblkid1@2.41-5", "PkgName": "libblkid1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libblkid1@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "51bf0af8d40f4a01" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:208d533fb99315acb62e1e9ea4784a159117a77fde3e0e2ecd946a623ec63e05", "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59", "CWE-269", "CWE-367" ], "VendorSeverity": { "azure": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27456", "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "https://www.cve.org/CVERecord?id=CVE-2026-27456" ], "PublishedDate": "2026-04-03T22:16:25.4Z", "LastModifiedDate": "2026-04-22T16:08:55.1Z" }, { "VulnerabilityID": "CVE-2026-3184", "PkgID": "libblkid1@2.41-5", "PkgName": "libblkid1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libblkid1@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "51bf0af8d40f4a01" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:6c64f70629ab0593fa1bf5c32fccbdd6becc9bd93e29919dad32d10e21c7b220", "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", "Severity": "MEDIUM", "CweIDs": [ "CWE-289" ], "VendorSeverity": { "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7180", "https://access.redhat.com/security/cve/CVE-2026-3184", "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", "https://www.cve.org/CVERecord?id=CVE-2026-3184" ], "PublishedDate": "2026-04-03T19:17:23.377Z", "LastModifiedDate": "2026-05-01T19:29:51.02Z" }, { "VulnerabilityID": "CVE-2026-5435", "PkgID": "libc-bin@2.41-12+deb13u3", "PkgName": "libc-bin", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc-bin@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", "UID": "c45af597301c8c0b" }, "InstalledVersion": "2.41-12+deb13u3", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5435", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:b3629142443e8ebf9958830b2ca46a0923ef41f10d95ed80964f96f8d430d6fb", "Title": "glibc: glibc: Out-of-bounds write via TSIG record processing", "Description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-5435", "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2026-5435", "https://sourceware.org/bugzilla/show_bug.cgi?id=34033", "https://www.cve.org/CVERecord?id=CVE-2026-5435" ], "PublishedDate": "2026-04-28T13:19:22.29Z", "LastModifiedDate": "2026-05-05T17:38:37.03Z" }, { "VulnerabilityID": "CVE-2026-5450", "PkgID": "libc-bin@2.41-12+deb13u3", "PkgName": "libc-bin", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc-bin@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", "UID": "c45af597301c8c0b" }, "InstalledVersion": "2.41-12+deb13u3", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5450", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:6b2c53bb9c79464e2f0dec6316df2631ed75aa71b95b1f19e5ac05de11c9f099", "Title": "glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width", "Description": "Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.", "Severity": "MEDIUM", "CweIDs": [ "CWE-122", "CWE-787" ], "VendorSeverity": { "photon": 4, "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H", "V3Score": 5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-5450", "https://inbox.sourceware.org/libc-announce/b11f0003-6ec1-4bd6-b9de-9e38a4efeca3@redhat.com/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2026-5450", "https://nvd.nist.gov/vuln/detail/CVE-2026-5450#range-21286997", "https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450", "https://www.cve.org/CVERecord?id=CVE-2026-5450" ], "PublishedDate": "2026-04-20T21:16:36.85Z", "LastModifiedDate": "2026-04-23T15:33:34.277Z" }, { "VulnerabilityID": "CVE-2026-5928", "PkgID": "libc-bin@2.41-12+deb13u3", "PkgName": "libc-bin", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc-bin@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", "UID": "c45af597301c8c0b" }, "InstalledVersion": "2.41-12+deb13u3", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5928", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:f30717acc188a932e74e113d90b2fa1d0d6e93472dc89eaa63e3d2f7bb298274", "Title": "glibc: glibc: Information disclosure or denial of service via ungetwc function with specific wide character encodings", "Description": "Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially resulting in unintentional disclosure of neighboring data in the heap, or a program crash.\n\nA bug in the wide character pushback implementation (_IO_wdefault_pbackfail in libio/wgenops.c) causes ungetwc() to operate on the regular character buffer (fp-\u003e_IO_read_ptr) instead of the actual wide-stream read pointer (fp-\u003e_wide_data-\u003e_IO_read_ptr). The program crash may happen in cases where fp-\u003e_IO_read_ptr is not initialized and hence points to NULL. The buffer under-read requires a special situation where the input character encoding is such that there are overlaps between single byte representations and multibyte representations in that encoding, resulting in spurious matches. The spurious match case is not possible in the standard Unicode character sets.", "Severity": "MEDIUM", "CweIDs": [ "CWE-127" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H", "V3Score": 5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-5928", "https://nvd.nist.gov/vuln/detail/CVE-2026-5928", "https://sourceware.org/bugzilla/show_bug.cgi?id=33998", "https://www.cve.org/CVERecord?id=CVE-2026-5928" ], "PublishedDate": "2026-04-20T21:16:36.963Z", "LastModifiedDate": "2026-04-23T15:33:43.69Z" }, { "VulnerabilityID": "CVE-2026-6238", "PkgID": "libc-bin@2.41-12+deb13u3", "PkgName": "libc-bin", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc-bin@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", "UID": "c45af597301c8c0b" }, "InstalledVersion": "2.41-12+deb13u3", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6238", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:5632cb45b00790fcb54577cca57d9deadf8594b579bad2da7b4c9523a96e7e17", "Title": "glibc: glibc: Application crash or uninitialized memory read via crafted DNS response", "Description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory.\n\nThese functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions.", "Severity": "MEDIUM", "CweIDs": [ "CWE-126" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-6238", "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2026-6238", "https://sourceware.org/bugzilla/show_bug.cgi?id=34069", "https://www.cve.org/CVERecord?id=CVE-2026-6238" ], "PublishedDate": "2026-04-28T19:37:47.523Z", "LastModifiedDate": "2026-05-04T17:57:24.007Z" }, { "VulnerabilityID": "CVE-2026-5435", "PkgID": "libc6@2.41-12+deb13u3", "PkgName": "libc6", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", "UID": "2a1acf211abcdd46" }, "InstalledVersion": "2.41-12+deb13u3", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5435", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:5a8735a67c5528254a880003379960bf48d334877ea38796a8e0a0d0fc196082", "Title": "glibc: glibc: Out-of-bounds write via TSIG record processing", "Description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-5435", "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2026-5435", "https://sourceware.org/bugzilla/show_bug.cgi?id=34033", "https://www.cve.org/CVERecord?id=CVE-2026-5435" ], "PublishedDate": "2026-04-28T13:19:22.29Z", "LastModifiedDate": "2026-05-05T17:38:37.03Z" }, { "VulnerabilityID": "CVE-2026-5450", "PkgID": "libc6@2.41-12+deb13u3", "PkgName": "libc6", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", "UID": "2a1acf211abcdd46" }, "InstalledVersion": "2.41-12+deb13u3", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5450", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:557af5ca4f16b799113e71a4c02df0775e2633618c3da39aa59d62a9c9cb9173", "Title": "glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width", "Description": "Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.", "Severity": "MEDIUM", "CweIDs": [ "CWE-122", "CWE-787" ], "VendorSeverity": { "photon": 4, "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H", "V3Score": 5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-5450", "https://inbox.sourceware.org/libc-announce/b11f0003-6ec1-4bd6-b9de-9e38a4efeca3@redhat.com/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2026-5450", "https://nvd.nist.gov/vuln/detail/CVE-2026-5450#range-21286997", "https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450", "https://www.cve.org/CVERecord?id=CVE-2026-5450" ], "PublishedDate": "2026-04-20T21:16:36.85Z", "LastModifiedDate": "2026-04-23T15:33:34.277Z" }, { "VulnerabilityID": "CVE-2026-5928", "PkgID": "libc6@2.41-12+deb13u3", "PkgName": "libc6", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", "UID": "2a1acf211abcdd46" }, "InstalledVersion": "2.41-12+deb13u3", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5928", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:2c364f60364adcd795282d836c525d2d9580ff33848aaacc76918b133bd782c6", "Title": "glibc: glibc: Information disclosure or denial of service via ungetwc function with specific wide character encodings", "Description": "Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially resulting in unintentional disclosure of neighboring data in the heap, or a program crash.\n\nA bug in the wide character pushback implementation (_IO_wdefault_pbackfail in libio/wgenops.c) causes ungetwc() to operate on the regular character buffer (fp-\u003e_IO_read_ptr) instead of the actual wide-stream read pointer (fp-\u003e_wide_data-\u003e_IO_read_ptr). The program crash may happen in cases where fp-\u003e_IO_read_ptr is not initialized and hence points to NULL. The buffer under-read requires a special situation where the input character encoding is such that there are overlaps between single byte representations and multibyte representations in that encoding, resulting in spurious matches. The spurious match case is not possible in the standard Unicode character sets.", "Severity": "MEDIUM", "CweIDs": [ "CWE-127" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H", "V3Score": 5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-5928", "https://nvd.nist.gov/vuln/detail/CVE-2026-5928", "https://sourceware.org/bugzilla/show_bug.cgi?id=33998", "https://www.cve.org/CVERecord?id=CVE-2026-5928" ], "PublishedDate": "2026-04-20T21:16:36.963Z", "LastModifiedDate": "2026-04-23T15:33:43.69Z" }, { "VulnerabilityID": "CVE-2026-6238", "PkgID": "libc6@2.41-12+deb13u3", "PkgName": "libc6", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", "UID": "2a1acf211abcdd46" }, "InstalledVersion": "2.41-12+deb13u3", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6238", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:f1e6150153fa20a27fd1d8c7890a10aadb565bbcd41c56c6354bff22c2b98a0d", "Title": "glibc: glibc: Application crash or uninitialized memory read via crafted DNS response", "Description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory.\n\nThese functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions.", "Severity": "MEDIUM", "CweIDs": [ "CWE-126" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-6238", "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2026-6238", "https://sourceware.org/bugzilla/show_bug.cgi?id=34069", "https://www.cve.org/CVERecord?id=CVE-2026-6238" ], "PublishedDate": "2026-04-28T19:37:47.523Z", "LastModifiedDate": "2026-05-04T17:57:24.007Z" }, { "VulnerabilityID": "CVE-2026-27456", "PkgID": "liblastlog2-2@2.41-5", "PkgName": "liblastlog2-2", "PkgIdentifier": { "PURL": "pkg:deb/debian/liblastlog2-2@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "eb4f5430aea34a10" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:3c38d5dfebf43ad288b31d346954f63e024106bb02129276cf89249a8daa3c0f", "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59", "CWE-269", "CWE-367" ], "VendorSeverity": { "azure": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27456", "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "https://www.cve.org/CVERecord?id=CVE-2026-27456" ], "PublishedDate": "2026-04-03T22:16:25.4Z", "LastModifiedDate": "2026-04-22T16:08:55.1Z" }, { "VulnerabilityID": "CVE-2026-3184", "PkgID": "liblastlog2-2@2.41-5", "PkgName": "liblastlog2-2", "PkgIdentifier": { "PURL": "pkg:deb/debian/liblastlog2-2@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "eb4f5430aea34a10" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:f130dbdbae22fc4b1c7349d3a6714730f734e338f00e4a9b128e1b73962b3876", "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", "Severity": "MEDIUM", "CweIDs": [ "CWE-289" ], "VendorSeverity": { "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7180", "https://access.redhat.com/security/cve/CVE-2026-3184", "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", "https://www.cve.org/CVERecord?id=CVE-2026-3184" ], "PublishedDate": "2026-04-03T19:17:23.377Z", "LastModifiedDate": "2026-05-01T19:29:51.02Z" }, { "VulnerabilityID": "CVE-2026-34743", "PkgID": "liblzma5@5.8.1-1", "PkgName": "liblzma5", "PkgIdentifier": { "PURL": "pkg:deb/debian/liblzma5@5.8.1-1?arch=amd64\u0026distro=debian-13.5", "UID": "d7b58e04f1a265ed" }, "InstalledVersion": "5.8.1-1", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34743", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:60084a3cd4b884c5709e460ec100a32d128b23729546865106a2cb844f42456a", "Title": "xz: XZ Utils: Denial of Service via buffer overflow in index decoding", "Description": "XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.", "Severity": "MEDIUM", "CweIDs": [ "CWE-122" ], "VendorSeverity": { "azure": 1, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/31/13", "https://access.redhat.com/security/cve/CVE-2026-34743", "https://github.com/tukaani-project/xz/commit/c8c22869e780ff57c96b46939c3d79ff99395f87", "https://github.com/tukaani-project/xz/releases/tag/v5.8.3", "https://github.com/tukaani-project/xz/security/advisories/GHSA-x872-m794-cxhv", "https://nvd.nist.gov/vuln/detail/CVE-2026-34743", "https://www.cve.org/CVERecord?id=CVE-2026-34743" ], "PublishedDate": "2026-04-02T19:21:33.187Z", "LastModifiedDate": "2026-04-15T17:33:17.68Z" }, { "VulnerabilityID": "CVE-2026-27456", "PkgID": "libmount1@2.41-5", "PkgName": "libmount1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libmount1@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "84ccd0371833b76" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:367889648a8f344f1a26014bcfac03328b7ecb97ca9ef56d880e8bae4c4eb2b3", "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59", "CWE-269", "CWE-367" ], "VendorSeverity": { "azure": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27456", "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "https://www.cve.org/CVERecord?id=CVE-2026-27456" ], "PublishedDate": "2026-04-03T22:16:25.4Z", "LastModifiedDate": "2026-04-22T16:08:55.1Z" }, { "VulnerabilityID": "CVE-2026-3184", "PkgID": "libmount1@2.41-5", "PkgName": "libmount1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libmount1@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "84ccd0371833b76" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:f77fd9fe2df1096b0a48c53a57120f7cc957a8ccc6427a72d98ff72f8cb90b79", "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", "Severity": "MEDIUM", "CweIDs": [ "CWE-289" ], "VendorSeverity": { "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7180", "https://access.redhat.com/security/cve/CVE-2026-3184", "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", "https://www.cve.org/CVERecord?id=CVE-2026-3184" ], "PublishedDate": "2026-04-03T19:17:23.377Z", "LastModifiedDate": "2026-05-01T19:29:51.02Z" }, { "VulnerabilityID": "CVE-2025-69720", "PkgID": "libncursesw6@6.5+20250216-2", "PkgName": "libncursesw6", "PkgIdentifier": { "PURL": "pkg:deb/debian/libncursesw6@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.5", "UID": "5efa2a2068c240d8" }, "InstalledVersion": "6.5+20250216-2", "Status": "affected", "Layer": { "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69720", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:4d57d21013edd86f841c91aca2d842828d24719fe3ec6ac4e58977f3c2213a44", "Title": "ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.", "Description": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "Severity": "HIGH", "CweIDs": [ "CWE-121", "CWE-120" ], "VendorSeverity": { "alma": 2, "azure": 4, "cbl-mariner": 4, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:5913", "https://access.redhat.com/security/cve/CVE-2025-69720", "https://bugzilla.redhat.com/2449037", "https://bugzilla.redhat.com/show_bug.cgi?id=2449037", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69720", "https://errata.almalinux.org/10/ALSA-2026-5913.html", "https://errata.rockylinux.org/RLSA-2026:5913", "https://github.com/Cao-Wuhui/CVE-2025-69720", "https://invisible-island.net/archives/ncurses/6.5/", "https://invisible-island.net/ncurses/", "https://linux.oracle.com/cve/CVE-2025-69720.html", "https://linux.oracle.com/errata/ELSA-2026-5913.html", "https://marc.info/?l=ncurses-bug\u0026m=176539968328570\u0026w=2", "https://marc.info/?l=ncurses-bug\u0026m=176540731801330\u0026w=2", "https://marc.info/?l=ncurses-bug\u0026m=176545557728083\u0026w=2", "https://nvd.nist.gov/vuln/detail/CVE-2025-69720", "https://www.cve.org/CVERecord?id=CVE-2025-69720" ], "PublishedDate": "2026-03-19T15:16:21.293Z", "LastModifiedDate": "2026-03-26T19:35:10.547Z" }, { "VulnerabilityID": "CVE-2026-27456", "PkgID": "libsmartcols1@2.41-5", "PkgName": "libsmartcols1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsmartcols1@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "780dbec0869ab8e" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:bfbd68f5f2157efeec31929024ed24baa54fb339adaecda9d72eaf97d64afeec", "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59", "CWE-269", "CWE-367" ], "VendorSeverity": { "azure": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27456", "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "https://www.cve.org/CVERecord?id=CVE-2026-27456" ], "PublishedDate": "2026-04-03T22:16:25.4Z", "LastModifiedDate": "2026-04-22T16:08:55.1Z" }, { "VulnerabilityID": "CVE-2026-3184", "PkgID": "libsmartcols1@2.41-5", "PkgName": "libsmartcols1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsmartcols1@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "780dbec0869ab8e" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:9650bf90815644bd7452abf1b641da490c28fa22ce8e98f6f96c3d09dc924d3b", "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", "Severity": "MEDIUM", "CweIDs": [ "CWE-289" ], "VendorSeverity": { "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7180", "https://access.redhat.com/security/cve/CVE-2026-3184", "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", "https://www.cve.org/CVERecord?id=CVE-2026-3184" ], "PublishedDate": "2026-04-03T19:17:23.377Z", "LastModifiedDate": "2026-05-01T19:29:51.02Z" }, { "VulnerabilityID": "CVE-2025-69720", "PkgID": "libtinfo6@6.5+20250216-2", "PkgName": "libtinfo6", "PkgIdentifier": { "PURL": "pkg:deb/debian/libtinfo6@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.5", "UID": "ba2c2b464f07108a" }, "InstalledVersion": "6.5+20250216-2", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69720", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:a909bd893728c34e84d63a7248be944e4dcfd752e481f53a8f04edf766c02b3f", "Title": "ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.", "Description": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "Severity": "HIGH", "CweIDs": [ "CWE-121", "CWE-120" ], "VendorSeverity": { "alma": 2, "azure": 4, "cbl-mariner": 4, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:5913", "https://access.redhat.com/security/cve/CVE-2025-69720", "https://bugzilla.redhat.com/2449037", "https://bugzilla.redhat.com/show_bug.cgi?id=2449037", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69720", "https://errata.almalinux.org/10/ALSA-2026-5913.html", "https://errata.rockylinux.org/RLSA-2026:5913", "https://github.com/Cao-Wuhui/CVE-2025-69720", "https://invisible-island.net/archives/ncurses/6.5/", "https://invisible-island.net/ncurses/", "https://linux.oracle.com/cve/CVE-2025-69720.html", "https://linux.oracle.com/errata/ELSA-2026-5913.html", "https://marc.info/?l=ncurses-bug\u0026m=176539968328570\u0026w=2", "https://marc.info/?l=ncurses-bug\u0026m=176540731801330\u0026w=2", "https://marc.info/?l=ncurses-bug\u0026m=176545557728083\u0026w=2", "https://nvd.nist.gov/vuln/detail/CVE-2025-69720", "https://www.cve.org/CVERecord?id=CVE-2025-69720" ], "PublishedDate": "2026-03-19T15:16:21.293Z", "LastModifiedDate": "2026-03-26T19:35:10.547Z" }, { "VulnerabilityID": "CVE-2026-27456", "PkgID": "libuuid1@2.41-5", "PkgName": "libuuid1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libuuid1@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "1afbb50818377478" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:3b69a00de2c02ec54249af8e1ff7cddb7fa5a1783783c62347c47e9128444395", "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59", "CWE-269", "CWE-367" ], "VendorSeverity": { "azure": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27456", "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "https://www.cve.org/CVERecord?id=CVE-2026-27456" ], "PublishedDate": "2026-04-03T22:16:25.4Z", "LastModifiedDate": "2026-04-22T16:08:55.1Z" }, { "VulnerabilityID": "CVE-2026-3184", "PkgID": "libuuid1@2.41-5", "PkgName": "libuuid1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libuuid1@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "1afbb50818377478" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:2f240b864e2ccdb5b47f89a5e698a2cae073228852916f4e53e2a1c97829c73d", "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", "Severity": "MEDIUM", "CweIDs": [ "CWE-289" ], "VendorSeverity": { "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7180", "https://access.redhat.com/security/cve/CVE-2026-3184", "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", "https://www.cve.org/CVERecord?id=CVE-2026-3184" ], "PublishedDate": "2026-04-03T19:17:23.377Z", "LastModifiedDate": "2026-05-01T19:29:51.02Z" }, { "VulnerabilityID": "CVE-2026-27456", "PkgID": "login@1:4.16.0-2+really2.41-5", "PkgName": "login", "PkgIdentifier": { "PURL": "pkg:deb/debian/login@4.16.0-2%2Breally2.41-5?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "c0ab0b857644733b" }, "InstalledVersion": "1:4.16.0-2+really2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:ad3fb67c2c1cfac7c7ca3788194728a8a9a94cf4a5917a13f2072e6c0af7a350", "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59", "CWE-269", "CWE-367" ], "VendorSeverity": { "azure": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27456", "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "https://www.cve.org/CVERecord?id=CVE-2026-27456" ], "PublishedDate": "2026-04-03T22:16:25.4Z", "LastModifiedDate": "2026-04-22T16:08:55.1Z" }, { "VulnerabilityID": "CVE-2026-3184", "PkgID": "login@1:4.16.0-2+really2.41-5", "PkgName": "login", "PkgIdentifier": { "PURL": "pkg:deb/debian/login@4.16.0-2%2Breally2.41-5?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "c0ab0b857644733b" }, "InstalledVersion": "1:4.16.0-2+really2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:fb5eb329a8139c265be893d38c331dbd2c789abe300b5ce939b6ab4e0cd82bbf", "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", "Severity": "MEDIUM", "CweIDs": [ "CWE-289" ], "VendorSeverity": { "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7180", "https://access.redhat.com/security/cve/CVE-2026-3184", "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", "https://www.cve.org/CVERecord?id=CVE-2026-3184" ], "PublishedDate": "2026-04-03T19:17:23.377Z", "LastModifiedDate": "2026-05-01T19:29:51.02Z" }, { "VulnerabilityID": "CVE-2026-27456", "PkgID": "mount@2.41-5", "PkgName": "mount", "PkgIdentifier": { "PURL": "pkg:deb/debian/mount@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "55c835c674d0a0e5" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:106a84cd7883c06968fcd11d3092990ea04c50c21fcaa677d38ce047fa8742da", "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59", "CWE-269", "CWE-367" ], "VendorSeverity": { "azure": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27456", "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "https://www.cve.org/CVERecord?id=CVE-2026-27456" ], "PublishedDate": "2026-04-03T22:16:25.4Z", "LastModifiedDate": "2026-04-22T16:08:55.1Z" }, { "VulnerabilityID": "CVE-2026-3184", "PkgID": "mount@2.41-5", "PkgName": "mount", "PkgIdentifier": { "PURL": "pkg:deb/debian/mount@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "55c835c674d0a0e5" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:2dd84bb9ffd00958438e2b069976dafcf778dad93f30a0ad778c2691e27475cb", "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", "Severity": "MEDIUM", "CweIDs": [ "CWE-289" ], "VendorSeverity": { "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7180", "https://access.redhat.com/security/cve/CVE-2026-3184", "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", "https://www.cve.org/CVERecord?id=CVE-2026-3184" ], "PublishedDate": "2026-04-03T19:17:23.377Z", "LastModifiedDate": "2026-05-01T19:29:51.02Z" }, { "VulnerabilityID": "CVE-2025-69720", "PkgID": "ncurses-base@6.5+20250216-2", "PkgName": "ncurses-base", "PkgIdentifier": { "PURL": "pkg:deb/debian/ncurses-base@6.5%2B20250216-2?arch=all\u0026distro=debian-13.5", "UID": "767a0231348a5cb5" }, "InstalledVersion": "6.5+20250216-2", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69720", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:c66678f7af162644c73504b2cd8d87bd9aec4095d1d1bcfe42329e78187f366b", "Title": "ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.", "Description": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "Severity": "HIGH", "CweIDs": [ "CWE-121", "CWE-120" ], "VendorSeverity": { "alma": 2, "azure": 4, "cbl-mariner": 4, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:5913", "https://access.redhat.com/security/cve/CVE-2025-69720", "https://bugzilla.redhat.com/2449037", "https://bugzilla.redhat.com/show_bug.cgi?id=2449037", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69720", "https://errata.almalinux.org/10/ALSA-2026-5913.html", "https://errata.rockylinux.org/RLSA-2026:5913", "https://github.com/Cao-Wuhui/CVE-2025-69720", "https://invisible-island.net/archives/ncurses/6.5/", "https://invisible-island.net/ncurses/", "https://linux.oracle.com/cve/CVE-2025-69720.html", "https://linux.oracle.com/errata/ELSA-2026-5913.html", "https://marc.info/?l=ncurses-bug\u0026m=176539968328570\u0026w=2", "https://marc.info/?l=ncurses-bug\u0026m=176540731801330\u0026w=2", "https://marc.info/?l=ncurses-bug\u0026m=176545557728083\u0026w=2", "https://nvd.nist.gov/vuln/detail/CVE-2025-69720", "https://www.cve.org/CVERecord?id=CVE-2025-69720" ], "PublishedDate": "2026-03-19T15:16:21.293Z", "LastModifiedDate": "2026-03-26T19:35:10.547Z" }, { "VulnerabilityID": "CVE-2025-69720", "PkgID": "ncurses-bin@6.5+20250216-2", "PkgName": "ncurses-bin", "PkgIdentifier": { "PURL": "pkg:deb/debian/ncurses-bin@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.5", "UID": "5b541563cf6587e5" }, "InstalledVersion": "6.5+20250216-2", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69720", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:5c62c30e5dd0b9165b4bc1c123ad4d01ae809c974f4911cad2f47e09e5033541", "Title": "ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.", "Description": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "Severity": "HIGH", "CweIDs": [ "CWE-121", "CWE-120" ], "VendorSeverity": { "alma": 2, "azure": 4, "cbl-mariner": 4, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:5913", "https://access.redhat.com/security/cve/CVE-2025-69720", "https://bugzilla.redhat.com/2449037", "https://bugzilla.redhat.com/show_bug.cgi?id=2449037", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69720", "https://errata.almalinux.org/10/ALSA-2026-5913.html", "https://errata.rockylinux.org/RLSA-2026:5913", "https://github.com/Cao-Wuhui/CVE-2025-69720", "https://invisible-island.net/archives/ncurses/6.5/", "https://invisible-island.net/ncurses/", "https://linux.oracle.com/cve/CVE-2025-69720.html", "https://linux.oracle.com/errata/ELSA-2026-5913.html", "https://marc.info/?l=ncurses-bug\u0026m=176539968328570\u0026w=2", "https://marc.info/?l=ncurses-bug\u0026m=176540731801330\u0026w=2", "https://marc.info/?l=ncurses-bug\u0026m=176545557728083\u0026w=2", "https://nvd.nist.gov/vuln/detail/CVE-2025-69720", "https://www.cve.org/CVERecord?id=CVE-2025-69720" ], "PublishedDate": "2026-03-19T15:16:21.293Z", "LastModifiedDate": "2026-03-26T19:35:10.547Z" }, { "VulnerabilityID": "CVE-2026-5704", "PkgID": "tar@1.35+dfsg-3.1", "PkgName": "tar", "PkgIdentifier": { "PURL": "pkg:deb/debian/tar@1.35%2Bdfsg-3.1?arch=amd64\u0026distro=debian-13.5", "UID": "4f69996c49afbaca" }, "InstalledVersion": "1.35+dfsg-3.1", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5704", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:dba3b85f8665a48ab473c378207a09a8b34da3047907f53125a50d132564de74", "Title": "tar: tar: Hidden file injection via crafted archives", "Description": "A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection.", "Severity": "MEDIUM", "CweIDs": [ "CWE-434" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "V3Score": 5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/11/10", "http://www.openwall.com/lists/oss-security/2026/04/11/11", "http://www.openwall.com/lists/oss-security/2026/04/12/2", "https://access.redhat.com/security/cve/CVE-2026-5704", "https://bugzilla.redhat.com/show_bug.cgi?id=2455360", "https://nvd.nist.gov/vuln/detail/CVE-2026-5704", "https://www.cve.org/CVERecord?id=CVE-2026-5704" ], "PublishedDate": "2026-04-06T16:16:42.14Z", "LastModifiedDate": "2026-04-22T20:08:59.92Z" }, { "VulnerabilityID": "CVE-2026-27456", "PkgID": "util-linux@2.41-5", "PkgName": "util-linux", "PkgIdentifier": { "PURL": "pkg:deb/debian/util-linux@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "972fb85b9c9e83e7" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:ec60f9924a55c1f9ad836fae64b1b02f24e3c2259288502dad705a073235719d", "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59", "CWE-269", "CWE-367" ], "VendorSeverity": { "azure": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27456", "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "https://www.cve.org/CVERecord?id=CVE-2026-27456" ], "PublishedDate": "2026-04-03T22:16:25.4Z", "LastModifiedDate": "2026-04-22T16:08:55.1Z" }, { "VulnerabilityID": "CVE-2026-3184", "PkgID": "util-linux@2.41-5", "PkgName": "util-linux", "PkgIdentifier": { "PURL": "pkg:deb/debian/util-linux@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "972fb85b9c9e83e7" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:e9e56abe608dcfe0bd1d69e938e9be3eb06d81ae7b7e6d82fe022198d4d0d4dc", "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", "Severity": "MEDIUM", "CweIDs": [ "CWE-289" ], "VendorSeverity": { "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7180", "https://access.redhat.com/security/cve/CVE-2026-3184", "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", "https://www.cve.org/CVERecord?id=CVE-2026-3184" ], "PublishedDate": "2026-04-03T19:17:23.377Z", "LastModifiedDate": "2026-05-01T19:29:51.02Z" }, { "VulnerabilityID": "CVE-2026-27171", "PkgID": "zlib1g@1:1.3.dfsg+really1.3.1-1+b1", "PkgName": "zlib1g", "PkgIdentifier": { "PURL": "pkg:deb/debian/zlib1g@1.3.dfsg%2Breally1.3.1-1%2Bb1?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "ff182eb2a26a8142" }, "InstalledVersion": "1:1.3.dfsg+really1.3.1-1+b1", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27171", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:bf46a3644bc01c553b46ca0ad39c24caf0bef6e14a5aec064021802c26cb0284", "Title": "zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions", "Description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", "Severity": "MEDIUM", "CweIDs": [ "CWE-1284" ], "VendorSeverity": { "amazon": 1, "azure": 1, "cbl-mariner": 1, "julia": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 2.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit", "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", "https://access.redhat.com/security/cve/CVE-2026-27171", "https://github.com/advisories/GHSA-h858-mf2m-8jf4", "https://github.com/madler/zlib/issues/904", "https://github.com/madler/zlib/releases/tag/v1.3.2", "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", "https://ostif.org/zlib-audit-complete", "https://ostif.org/zlib-audit-complete/", "https://www.cve.org/CVERecord?id=CVE-2026-27171" ], "PublishedDate": "2026-02-18T04:16:01.263Z", "LastModifiedDate": "2026-03-25T21:27:04.603Z" } ] }, { "Target": "Python", "Class": "lang-pkgs", "Type": "python-pkg", "Packages": [ { "Name": "pip", "Identifier": { "PURL": "pkg:pypi/pip@25.0.1", "UID": "7d864d9a4bf3bfe8" }, "Version": "25.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" }, "FilePath": "usr/local/lib/python3.12/site-packages/pip-25.0.1.dist-info/METADATA", "AnalyzedBy": "python-pkg" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2025-8869", "VendorIDs": [ "GHSA-4xh5-x5gv-qwph" ], "PkgName": "pip", "PkgPath": "usr/local/lib/python3.12/site-packages/pip-25.0.1.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/pip@25.0.1", "UID": "7d864d9a4bf3bfe8" }, "InstalledVersion": "25.0.1", "FixedVersion": "25.3", "Status": "fixed", "Layer": { "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8869", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:42863a411c9517557e1744d4dfd39ff9bc29495eff1e5499dcd724418ce89c2d", "Title": "pip: pip missing checks on symbolic link extraction", "Description": "When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706.\nNote that upgrading pip to a \"fixed\" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python version that implements PEP 706.\n\nNote that this is a vulnerability in pip's fallback implementation of tar extraction for Python versions that don't implement PEP 706\nand therefore are not secure to all vulnerabilities in the Python 'tarfile' module. If you're using a Python version that implements PEP 706\nthen pip doesn't use the \"vulnerable\" fallback code.\n\nMitigations include upgrading to a version of pip that includes the fix, upgrading to a Python version that implements PEP 706 (Python \u003e=3.9.17, \u003e=3.10.12, \u003e=3.11.4, or \u003e=3.12),\napplying the linked patch, or inspecting source distributions (sdists) before installation as is already a best-practice.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 2, "azure": 2, "ghsa": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "V40Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-8869", "https://github.com/pypa/pip", "https://github.com/pypa/pip/commit/f2b92314da012b9fffa36b3f3e67748a37ef464a", "https://github.com/pypa/pip/pull/13550", "https://lists.debian.org/debian-lts-announce/2025/10/msg00028.html", "https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN", "https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN/", "https://nvd.nist.gov/vuln/detail/CVE-2025-8869", "https://pip.pypa.io/en/stable/news/#v25-2", "https://www.cve.org/CVERecord?id=CVE-2025-8869" ], "PublishedDate": "2025-09-24T15:15:41.293Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2026-3219", "VendorIDs": [ "GHSA-58qw-9mgm-455v" ], "PkgName": "pip", "PkgPath": "usr/local/lib/python3.12/site-packages/pip-25.0.1.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/pip@25.0.1", "UID": "7d864d9a4bf3bfe8" }, "InstalledVersion": "25.0.1", "FixedVersion": "26.1", "Status": "fixed", "Layer": { "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3219", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:7bf17290665b4787fc0122d98ffb36d3c01a88784921e24e7c39276cc7339c42", "Title": "pip: pip: Incorrect file installation due to improper archive handling", "Description": "pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing \"incorrect\" files according to the filename of the archive. New behavior only proceeds with installation if the file identifies uniquely as a ZIP or tar archive, not as both.", "Severity": "MEDIUM", "CweIDs": [ "CWE-434" ], "VendorSeverity": { "amazon": 3, "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "V40Score": 4.6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "V3Score": 5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/20/8", "https://access.redhat.com/security/cve/CVE-2026-3219", "https://github.com/pypa/pip", "https://github.com/pypa/pip/issues/13867", "https://github.com/pypa/pip/pull/13870", "https://mail.python.org/archives/list/security-announce@python.org/thread/QAJ5JIVWWCAJ4EZL2FP5MOOW35JS7LRJ", "https://mail.python.org/archives/list/security-announce@python.org/thread/QAJ5JIVWWCAJ4EZL2FP5MOOW35JS7LRJ/", "https://nvd.nist.gov/vuln/detail/CVE-2026-3219", "https://www.cve.org/CVERecord?id=CVE-2026-3219" ], "PublishedDate": "2026-04-20T16:16:45.43Z", "LastModifiedDate": "2026-04-20T21:16:36.42Z" }, { "VulnerabilityID": "CVE-2026-6357", "VendorIDs": [ "GHSA-jp4c-xjxw-mgf9" ], "PkgName": "pip", "PkgPath": "usr/local/lib/python3.12/site-packages/pip-25.0.1.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/pip@25.0.1", "UID": "7d864d9a4bf3bfe8" }, "InstalledVersion": "25.0.1", "FixedVersion": "26.1", "Status": "fixed", "Layer": { "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6357", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:50c01cddfb2d5c6addeb179114d8bb183aab36219080d055522332e33d4d5aa1", "Title": "pip: pip: Arbitrary code execution or information disclosure via malicious wheel package installation", "Description": "pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run before wheels are installed to prevent newly-installed modules from being imported shortly after the installation of a wheel package. Users should still review package contents prior to installation.", "Severity": "MEDIUM", "CweIDs": [ "CWE-829" ], "VendorSeverity": { "amazon": 3, "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N", "V40Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", "V3Score": 5.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/27/7", "https://access.redhat.com/security/cve/CVE-2026-6357", "https://github.com/pypa/pip", "https://github.com/pypa/pip/commit/b369bfc96cc524e00c267e1693290e6599c36bad", "https://github.com/pypa/pip/pull/13923", "https://ichard26.github.io/blog/2026/04/whats-new-in-pip-26.1/#security-fixes", "https://nvd.nist.gov/vuln/detail/CVE-2026-6357", "https://www.cve.org/CVERecord?id=CVE-2026-6357" ], "PublishedDate": "2026-04-27T15:16:20.857Z", "LastModifiedDate": "2026-04-27T23:16:03.533Z" } ] } ] }, { "Namespace": "prometheus", "Kind": "Deployment", "Name": "fail2ban-exporter", "Metadata": [ { "Size": 26682368, "OS": { "Family": "alpine", "Name": "3.21.3" }, "ImageID": "sha256:127c08f351c9bb655a62c7ea6ad0dbe072015c53527f16dfde8dfd7701d424fa", "DiffIDs": [ "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350", "sha256:a861581dad2855f3b96d011416e601900adb286effdcb8e0fb97eb9b7fe0a831", "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11", "sha256:cb76bafc08ea1fde43881c61bb93b3301037119a05c5f717ab5bdd78746c7919", "sha256:87b218847292a8c8c002c0d3002a6aeea0f9404b337066fcde61d7fd14cbdd8e" ], "RepoTags": [ "registry.gitlab.com/hctrdev/fail2ban-prometheus-exporter:latest" ], "RepoDigests": [ "registry.gitlab.com/hctrdev/fail2ban-prometheus-exporter@sha256:2b8cd2319c8c9058a8b5a9076752eaedd14cdc07cb4bbb1defae8ffa36d27158" ], "Reference": "registry.gitlab.com/hctrdev/fail2ban-prometheus-exporter:latest", "ImageConfig": { "architecture": "amd64", "created": "2025-04-04T20:30:39.742019776Z", "history": [ { "created": "2025-02-14T03:28:36Z", "created_by": "ADD alpine-minirootfs-3.21.3-x86_64.tar.gz / # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-02-14T03:28:36Z", "created_by": "CMD [\"/bin/sh\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-04-04T20:30:37.609169694Z", "created_by": "WORKDIR /app", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-04-04T20:30:37.973562498Z", "created_by": "COPY fail2ban_exporter /app/fail2ban_exporter # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-04-04T20:30:38.210617707Z", "created_by": "COPY health /app/health # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-04-04T20:30:39.742019776Z", "created_by": "RUN /bin/sh -c apk add curl # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-04-04T20:30:39.742019776Z", "created_by": "HEALTHCHECK \u0026{[\"CMD-SHELL\" \"/app/health\"] \"10s\" \"4s\" \"0s\" \"0s\" '\\x03'}", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-04-04T20:30:39.742019776Z", "created_by": "ENTRYPOINT [\"/app/fail2ban_exporter\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true } ], "os": "linux", "rootfs": { "type": "layers", "diff_ids": [ "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350", "sha256:a861581dad2855f3b96d011416e601900adb286effdcb8e0fb97eb9b7fe0a831", "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11", "sha256:cb76bafc08ea1fde43881c61bb93b3301037119a05c5f717ab5bdd78746c7919", "sha256:87b218847292a8c8c002c0d3002a6aeea0f9404b337066fcde61d7fd14cbdd8e" ] }, "config": { "Healthcheck": { "Test": [ "CMD-SHELL", "/app/health" ], "Interval": 10000000000, "Timeout": 4000000000, "Retries": 3 }, "Entrypoint": [ "/app/fail2ban_exporter" ], "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ], "Labels": { "org.opencontainers.image.created": "2025-04-04T20:30:34Z", "org.opencontainers.image.description": "fail2ban_exporter", "org.opencontainers.image.licenses": "MIT", "org.opencontainers.image.revision": "fc513a11c9ee866c2b5eefc917dc4bd20d8b63cd", "org.opencontainers.image.source": "https://gitlab.com/hctrdev/fail2ban-prometheus-exporter", "org.opencontainers.image.title": "fail2ban_exporter", "org.opencontainers.image.url": "https://gitlab.com/hctrdev/fail2ban-prometheus-exporter", "org.opencontainers.image.version": "0.10.3" }, "WorkingDir": "/app" } }, "Layers": [ { "Size": 8120832, "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, { "Size": 1536, "Digest": "sha256:62c53fe851fb1d6c6ee79a2c7e861902060ff3dc13e336cacc20932386e4864f", "DiffID": "sha256:a861581dad2855f3b96d011416e601900adb286effdcb8e0fb97eb9b7fe0a831" }, { "Size": 11110912, "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, { "Size": 2560, "Digest": "sha256:b7c92aa39baaa466f8f8ad2d3f586a73c0fd1c651b40a49e2b8ef4164d2959f6", "DiffID": "sha256:cb76bafc08ea1fde43881c61bb93b3301037119a05c5f717ab5bdd78746c7919" }, { "Size": 7446528, "Digest": "sha256:eea1b2df9367e4e4d83f4aee0153d2c74b4b99effd5cdd71ea8b13512c219e95", "DiffID": "sha256:87b218847292a8c8c002c0d3002a6aeea0f9404b337066fcde61d7fd14cbdd8e" } ] } ], "Results": [ { "Target": "registry.gitlab.com/hctrdev/fail2ban-prometheus-exporter:latest (alpine 3.21.3)", "Class": "os-pkgs", "Type": "alpine", "Packages": [ { "ID": "alpine-baselayout@3.6.8-r1", "Name": "alpine-baselayout", "Identifier": { "PURL": "pkg:apk/alpine/alpine-baselayout@3.6.8-r1?arch=x86_64\u0026distro=3.21.3", "UID": "393060090f95beb4" }, "Version": "3.6.8-r1", "Arch": "x86_64", "SrcName": "alpine-baselayout", "SrcVersion": "3.6.8-r1", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "alpine-baselayout-data@3.6.8-r1", "busybox-binsh@1.37.0-r12" ], "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "Digest": "sha1:eceb5e3555e7f7f8925dc248d557fcc744d573d6", "InstalledFiles": [ "etc/motd", "etc/crontabs/root", "etc/modprobe.d/aliases.conf", "etc/modprobe.d/blacklist.conf", "etc/modprobe.d/i386.conf", "etc/modprobe.d/kms.conf", "etc/profile.d/20locale.sh", "etc/profile.d/README", "etc/profile.d/color_prompt.sh.disabled", "usr/lib/sysctl.d/00-alpine.conf", "var/lock", "var/run", "var/spool/mail", "var/spool/cron/crontabs" ], "AnalyzedBy": "apk" }, { "ID": "alpine-baselayout-data@3.6.8-r1", "Name": "alpine-baselayout-data", "Identifier": { "PURL": "pkg:apk/alpine/alpine-baselayout-data@3.6.8-r1?arch=x86_64\u0026distro=3.21.3", "UID": "a35ff814457b106b" }, "Version": "3.6.8-r1", "Arch": "x86_64", "SrcName": "alpine-baselayout", "SrcVersion": "3.6.8-r1", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "Digest": "sha1:7979a835bc317cedb997d3a42f3b10be86a8d18a", "InstalledFiles": [ "etc/fstab", "etc/group", "etc/hostname", "etc/hosts", "etc/inittab", "etc/modules", "etc/mtab", "etc/nsswitch.conf", "etc/passwd", "etc/profile", "etc/protocols", "etc/services", "etc/shadow", "etc/shells", "etc/sysctl.conf" ], "AnalyzedBy": "apk" }, { "ID": "alpine-keys@2.5-r0", "Name": "alpine-keys", "Identifier": { "PURL": "pkg:apk/alpine/alpine-keys@2.5-r0?arch=x86_64\u0026distro=3.21.3", "UID": "e87ecc7343d144e0" }, "Version": "2.5-r0", "Arch": "x86_64", "SrcName": "alpine-keys", "SrcVersion": "2.5-r0", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "Digest": "sha1:91014bfdba0e7f7b4505159466e9f19871606a59", "InstalledFiles": [ "etc/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-66ba20fe.rsa.pub", "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", "usr/share/apk/keys/loongarch64/alpine-devel@lists.alpinelinux.org-66ba20fe.rsa.pub", "usr/share/apk/keys/mips64/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub" ], "AnalyzedBy": "apk" }, { "ID": "alpine-release@3.21.3-r0", "Name": "alpine-release", "Identifier": { "PURL": "pkg:apk/alpine/alpine-release@3.21.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "67b837fa5630d327" }, "Version": "3.21.3-r0", "Arch": "x86_64", "SrcName": "alpine-base", "SrcVersion": "3.21.3-r0", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "alpine-keys@2.5-r0" ], "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "Digest": "sha1:b9fcfa5afb3341f82ec4f757c6dba8d8807017e3", "InstalledFiles": [ "etc/alpine-release", "etc/issue", "etc/os-release", "etc/secfixes.d/alpine", "usr/lib/os-release" ], "AnalyzedBy": "apk" }, { "ID": "apk-tools@2.14.6-r3", "Name": "apk-tools", "Identifier": { "PURL": "pkg:apk/alpine/apk-tools@2.14.6-r3?arch=x86_64\u0026distro=3.21.3", "UID": "d24a24462031f215" }, "Version": "2.14.6-r3", "Arch": "x86_64", "SrcName": "apk-tools", "SrcVersion": "2.14.6-r3", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "ca-certificates-bundle@20241121-r1", "libcrypto3@3.3.3-r0", "libssl3@3.3.3-r0", "musl@1.2.5-r9", "zlib@1.3.1-r2" ], "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "Digest": "sha1:9704358d1b44fa771e0a0a3a527d8a26830e3eba", "InstalledFiles": [ "sbin/apk", "usr/lib/libapk.so.2.14.0" ], "AnalyzedBy": "apk" }, { "ID": "brotli-libs@1.1.0-r2", "Name": "brotli-libs", "Identifier": { "PURL": "pkg:apk/alpine/brotli-libs@1.1.0-r2?arch=x86_64\u0026distro=3.21.3", "UID": "cc9451d88db1a57f" }, "Version": "1.1.0-r2", "Arch": "x86_64", "SrcName": "brotli", "SrcVersion": "1.1.0-r2", "Licenses": [ "MIT" ], "Maintainer": "prspkt \u003cprspkt@protonmail.com\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:eea1b2df9367e4e4d83f4aee0153d2c74b4b99effd5cdd71ea8b13512c219e95", "DiffID": "sha256:87b218847292a8c8c002c0d3002a6aeea0f9404b337066fcde61d7fd14cbdd8e" }, "Digest": "sha1:70f773919e72e35e8d9bbc364922178a7656f3a1", "InstalledFiles": [ "usr/lib/libbrotlicommon.so.1", "usr/lib/libbrotlicommon.so.1.1.0", "usr/lib/libbrotlidec.so.1", "usr/lib/libbrotlidec.so.1.1.0", "usr/lib/libbrotlienc.so.1", "usr/lib/libbrotlienc.so.1.1.0" ], "AnalyzedBy": "apk" }, { "ID": "busybox@1.37.0-r12", "Name": "busybox", "Identifier": { "PURL": "pkg:apk/alpine/busybox@1.37.0-r12?arch=x86_64\u0026distro=3.21.3", "UID": "40c5c5c69a5100e0" }, "Version": "1.37.0-r12", "Arch": "x86_64", "SrcName": "busybox", "SrcVersion": "1.37.0-r12", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "Digest": "sha1:b1234297831343477557fd0d4d702122363b36aa", "InstalledFiles": [ "bin/busybox", "etc/securetty", "etc/busybox-paths.d/busybox", "etc/logrotate.d/acpid", "etc/network/if-up.d/dad", "etc/udhcpc/udhcpc.conf", "usr/share/udhcpc/default.script" ], "AnalyzedBy": "apk" }, { "ID": "busybox-binsh@1.37.0-r12", "Name": "busybox-binsh", "Identifier": { "PURL": "pkg:apk/alpine/busybox-binsh@1.37.0-r12?arch=x86_64\u0026distro=3.21.3", "UID": "f727574eea8e47ea" }, "Version": "1.37.0-r12", "Arch": "x86_64", "SrcName": "busybox", "SrcVersion": "1.37.0-r12", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", "DependsOn": [ "busybox@1.37.0-r12" ], "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "Digest": "sha1:2a3dd16cd3f036f57a45e0b4819a7d9ffa74f101", "InstalledFiles": [ "bin/sh" ], "AnalyzedBy": "apk" }, { "ID": "c-ares@1.34.3-r0", "Name": "c-ares", "Identifier": { "PURL": "pkg:apk/alpine/c-ares@1.34.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "65e5c61e1dac77c8" }, "Version": "1.34.3-r0", "Arch": "x86_64", "SrcName": "c-ares", "SrcVersion": "1.34.3-r0", "Licenses": [ "MIT" ], "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:eea1b2df9367e4e4d83f4aee0153d2c74b4b99effd5cdd71ea8b13512c219e95", "DiffID": "sha256:87b218847292a8c8c002c0d3002a6aeea0f9404b337066fcde61d7fd14cbdd8e" }, "Digest": "sha1:ce4b51a748e0f56676097438497c0d07ae2a10ba", "InstalledFiles": [ "usr/lib/libcares.so.2", "usr/lib/libcares.so.2.19.2" ], "AnalyzedBy": "apk" }, { "ID": "ca-certificates-bundle@20241121-r1", "Name": "ca-certificates-bundle", "Identifier": { "PURL": "pkg:apk/alpine/ca-certificates-bundle@20241121-r1?arch=x86_64\u0026distro=3.21.3", "UID": "648ddfcaeba667a7" }, "Version": "20241121-r1", "Arch": "x86_64", "SrcName": "ca-certificates", "SrcVersion": "20241121-r1", "Licenses": [ "MPL-2.0", "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "Digest": "sha1:9cfd2df1eb4d8cf25007be42ad2818f3e5c9a37b", "InstalledFiles": [ "etc/ssl/cert.pem", "etc/ssl/certs/ca-certificates.crt", "etc/ssl1.1/cert.pem", "etc/ssl1.1/certs" ], "AnalyzedBy": "apk" }, { "ID": "curl@8.12.1-r1", "Name": "curl", "Identifier": { "PURL": "pkg:apk/alpine/curl@8.12.1-r1?arch=x86_64\u0026distro=3.21.3", "UID": "88c4306caf842e16" }, "Version": "8.12.1-r1", "Arch": "x86_64", "SrcName": "curl", "SrcVersion": "8.12.1-r1", "Licenses": [ "curl" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libcurl@8.12.1-r1", "musl@1.2.5-r9", "zlib@1.3.1-r2" ], "Layer": { "Digest": "sha256:eea1b2df9367e4e4d83f4aee0153d2c74b4b99effd5cdd71ea8b13512c219e95", "DiffID": "sha256:87b218847292a8c8c002c0d3002a6aeea0f9404b337066fcde61d7fd14cbdd8e" }, "Digest": "sha1:2c50f1a2eae9946459a4fcceeaf8d31f43fdae48", "InstalledFiles": [ "usr/bin/curl" ], "AnalyzedBy": "apk" }, { "ID": "libcrypto3@3.3.3-r0", "Name": "libcrypto3", "Identifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "b6dee14d788cd234" }, "Version": "3.3.3-r0", "Arch": "x86_64", "SrcName": "openssl", "SrcVersion": "3.3.3-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "Digest": "sha1:ba21a974113543ebb687f9e18494c0ce736775f8", "InstalledFiles": [ "etc/ssl/ct_log_list.cnf", "etc/ssl/ct_log_list.cnf.dist", "etc/ssl/openssl.cnf", "etc/ssl/openssl.cnf.dist", "usr/lib/libcrypto.so.3", "usr/lib/engines-3/afalg.so", "usr/lib/engines-3/capi.so", "usr/lib/engines-3/loader_attic.so", "usr/lib/engines-3/padlock.so", "usr/lib/ossl-modules/legacy.so" ], "AnalyzedBy": "apk" }, { "ID": "libcurl@8.12.1-r1", "Name": "libcurl", "Identifier": { "PURL": "pkg:apk/alpine/libcurl@8.12.1-r1?arch=x86_64\u0026distro=3.21.3", "UID": "bb07c860cc2206ec" }, "Version": "8.12.1-r1", "Arch": "x86_64", "SrcName": "curl", "SrcVersion": "8.12.1-r1", "Licenses": [ "curl" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "brotli-libs@1.1.0-r2", "c-ares@1.34.3-r0", "ca-certificates-bundle@20241121-r1", "libcrypto3@3.3.3-r0", "libidn2@2.3.7-r0", "libpsl@0.21.5-r3", "libssl3@3.3.3-r0", "musl@1.2.5-r9", "nghttp2-libs@1.64.0-r0", "zlib@1.3.1-r2", "zstd-libs@1.5.6-r2" ], "Layer": { "Digest": "sha256:eea1b2df9367e4e4d83f4aee0153d2c74b4b99effd5cdd71ea8b13512c219e95", "DiffID": "sha256:87b218847292a8c8c002c0d3002a6aeea0f9404b337066fcde61d7fd14cbdd8e" }, "Digest": "sha1:572244672981ad6e6331ef0d66c4040cf65509b4", "InstalledFiles": [ "usr/lib/libcurl.so.4", "usr/lib/libcurl.so.4.8.0" ], "AnalyzedBy": "apk" }, { "ID": "libidn2@2.3.7-r0", "Name": "libidn2", "Identifier": { "PURL": "pkg:apk/alpine/libidn2@2.3.7-r0?arch=x86_64\u0026distro=3.21.3", "UID": "7a5029ce71d1e992" }, "Version": "2.3.7-r0", "Arch": "x86_64", "SrcName": "libidn2", "SrcVersion": "2.3.7-r0", "Licenses": [ "GPL-2.0-or-later", "LGPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libunistring@1.2-r0", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:eea1b2df9367e4e4d83f4aee0153d2c74b4b99effd5cdd71ea8b13512c219e95", "DiffID": "sha256:87b218847292a8c8c002c0d3002a6aeea0f9404b337066fcde61d7fd14cbdd8e" }, "Digest": "sha1:ae3b64134ad2a63718269dac2826bc514a3445e2", "InstalledFiles": [ "usr/lib/libidn2.so.0", "usr/lib/libidn2.so.0.4.0" ], "AnalyzedBy": "apk" }, { "ID": "libpsl@0.21.5-r3", "Name": "libpsl", "Identifier": { "PURL": "pkg:apk/alpine/libpsl@0.21.5-r3?arch=x86_64\u0026distro=3.21.3", "UID": "240880a372fa2415" }, "Version": "0.21.5-r3", "Arch": "x86_64", "SrcName": "libpsl", "SrcVersion": "0.21.5-r3", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libidn2@2.3.7-r0", "libunistring@1.2-r0", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:eea1b2df9367e4e4d83f4aee0153d2c74b4b99effd5cdd71ea8b13512c219e95", "DiffID": "sha256:87b218847292a8c8c002c0d3002a6aeea0f9404b337066fcde61d7fd14cbdd8e" }, "Digest": "sha1:9d21a9cf20d165ea68eafc7566a5da16ce9eabfc", "InstalledFiles": [ "usr/lib/libpsl.so.5", "usr/lib/libpsl.so.5.3.5" ], "AnalyzedBy": "apk" }, { "ID": "libssl3@3.3.3-r0", "Name": "libssl3", "Identifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "c19c85db06279baa" }, "Version": "3.3.3-r0", "Arch": "x86_64", "SrcName": "openssl", "SrcVersion": "3.3.3-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libcrypto3@3.3.3-r0", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "Digest": "sha1:f903912bd42fe4658ee2adf39744b36019f046b3", "InstalledFiles": [ "usr/lib/libssl.so.3" ], "AnalyzedBy": "apk" }, { "ID": "libunistring@1.2-r0", "Name": "libunistring", "Identifier": { "PURL": "pkg:apk/alpine/libunistring@1.2-r0?arch=x86_64\u0026distro=3.21.3", "UID": "afda0efd6d9fe81d" }, "Version": "1.2-r0", "Arch": "x86_64", "SrcName": "libunistring", "SrcVersion": "1.2-r0", "Licenses": [ "GPL-2.0-or-later", "LGPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:eea1b2df9367e4e4d83f4aee0153d2c74b4b99effd5cdd71ea8b13512c219e95", "DiffID": "sha256:87b218847292a8c8c002c0d3002a6aeea0f9404b337066fcde61d7fd14cbdd8e" }, "Digest": "sha1:79aac0821ef4e14fc6ceaacfbf7c2a770a80cf78", "InstalledFiles": [ "usr/lib/libunistring.so.5", "usr/lib/libunistring.so.5.1.0" ], "AnalyzedBy": "apk" }, { "ID": "musl@1.2.5-r9", "Name": "musl", "Identifier": { "PURL": "pkg:apk/alpine/musl@1.2.5-r9?arch=x86_64\u0026distro=3.21.3", "UID": "d0316c4ab0862e6b" }, "Version": "1.2.5-r9", "Arch": "x86_64", "SrcName": "musl", "SrcVersion": "1.2.5-r9", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "Digest": "sha1:fcbef23891ec04f81a28b98dbbb521e58218d2d8", "InstalledFiles": [ "lib/ld-musl-x86_64.so.1", "lib/libc.musl-x86_64.so.1" ], "AnalyzedBy": "apk" }, { "ID": "musl-utils@1.2.5-r9", "Name": "musl-utils", "Identifier": { "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r9?arch=x86_64\u0026distro=3.21.3", "UID": "8991799c5350cf95" }, "Version": "1.2.5-r9", "Arch": "x86_64", "SrcName": "musl", "SrcVersion": "1.2.5-r9", "Licenses": [ "MIT", "BSD-2-Clause", "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9", "scanelf@1.3.8-r1" ], "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "Digest": "sha1:dd00323d3c0b14f2607f7a14ef503ebb4f737d22", "InstalledFiles": [ "sbin/ldconfig", "usr/bin/getconf", "usr/bin/getent", "usr/bin/iconv", "usr/bin/ldd" ], "AnalyzedBy": "apk" }, { "ID": "nghttp2-libs@1.64.0-r0", "Name": "nghttp2-libs", "Identifier": { "PURL": "pkg:apk/alpine/nghttp2-libs@1.64.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "e522ca22ea4867ac" }, "Version": "1.64.0-r0", "Arch": "x86_64", "SrcName": "nghttp2", "SrcVersion": "1.64.0-r0", "Licenses": [ "MIT" ], "Maintainer": "Francesco Colista \u003cfcolista@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:eea1b2df9367e4e4d83f4aee0153d2c74b4b99effd5cdd71ea8b13512c219e95", "DiffID": "sha256:87b218847292a8c8c002c0d3002a6aeea0f9404b337066fcde61d7fd14cbdd8e" }, "Digest": "sha1:239d49335b0c521c41d0823a619bf84c3f20722e", "InstalledFiles": [ "usr/lib/libnghttp2.so.14", "usr/lib/libnghttp2.so.14.28.3" ], "AnalyzedBy": "apk" }, { "ID": "scanelf@1.3.8-r1", "Name": "scanelf", "Identifier": { "PURL": "pkg:apk/alpine/scanelf@1.3.8-r1?arch=x86_64\u0026distro=3.21.3", "UID": "99c1bc01da347386" }, "Version": "1.3.8-r1", "Arch": "x86_64", "SrcName": "pax-utils", "SrcVersion": "1.3.8-r1", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "Digest": "sha1:77729f7622baeaafb6feaf7486f4f5452c1c7b62", "InstalledFiles": [ "usr/bin/scanelf" ], "AnalyzedBy": "apk" }, { "ID": "ssl_client@1.37.0-r12", "Name": "ssl_client", "Identifier": { "PURL": "pkg:apk/alpine/ssl_client@1.37.0-r12?arch=x86_64\u0026distro=3.21.3", "UID": "7637191a09ed06b3" }, "Version": "1.37.0-r12", "Arch": "x86_64", "SrcName": "busybox", "SrcVersion": "1.37.0-r12", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", "DependsOn": [ "libcrypto3@3.3.3-r0", "libssl3@3.3.3-r0", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "Digest": "sha1:69bfb6258ecb0a21e3b0ea12e6d4544192ab3766", "InstalledFiles": [ "usr/bin/ssl_client" ], "AnalyzedBy": "apk" }, { "ID": "zlib@1.3.1-r2", "Name": "zlib", "Identifier": { "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.21.3", "UID": "3b545badcbeb3bc0" }, "Version": "1.3.1-r2", "Arch": "x86_64", "SrcName": "zlib", "SrcVersion": "1.3.1-r2", "Licenses": [ "Zlib" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "Digest": "sha1:f0b90f76367ac51b4a3e70432ed00e6dca6a7432", "InstalledFiles": [ "usr/lib/libz.so.1", "usr/lib/libz.so.1.3.1" ], "AnalyzedBy": "apk" }, { "ID": "zstd-libs@1.5.6-r2", "Name": "zstd-libs", "Identifier": { "PURL": "pkg:apk/alpine/zstd-libs@1.5.6-r2?arch=x86_64\u0026distro=3.21.3", "UID": "12ea9cf6ad7ac333" }, "Version": "1.5.6-r2", "Arch": "x86_64", "SrcName": "zstd", "SrcVersion": "1.5.6-r2", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:eea1b2df9367e4e4d83f4aee0153d2c74b4b99effd5cdd71ea8b13512c219e95", "DiffID": "sha256:87b218847292a8c8c002c0d3002a6aeea0f9404b337066fcde61d7fd14cbdd8e" }, "Digest": "sha1:974f4e438a513770c78e286dae55203fc38604db", "InstalledFiles": [ "usr/lib/libzstd.so.1", "usr/lib/libzstd.so.1.5.6" ], "AnalyzedBy": "apk" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2024-58251", "PkgID": "busybox@1.37.0-r12", "PkgName": "busybox", "PkgIdentifier": { "PURL": "pkg:apk/alpine/busybox@1.37.0-r12?arch=x86_64\u0026distro=3.21.3", "UID": "40c5c5c69a5100e0" }, "InstalledVersion": "1.37.0-r12", "FixedVersion": "1.37.0-r14", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:a2cf6768490411c6ec463f534922bda4f0eabae959441746ca8ab06dc71f5ed0", "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", "Severity": "MEDIUM", "CweIDs": [ "CWE-150" ], "VendorSeverity": { "ubuntu": 2 }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/23/6", "https://bugs.busybox.net/show_bug.cgi?id=15922", "https://www.busybox.net", "https://www.busybox.net/downloads/", "https://www.cve.org/CVERecord?id=CVE-2024-58251" ], "PublishedDate": "2025-04-23T18:16:03.057Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-58251", "PkgID": "busybox-binsh@1.37.0-r12", "PkgName": "busybox-binsh", "PkgIdentifier": { "PURL": "pkg:apk/alpine/busybox-binsh@1.37.0-r12?arch=x86_64\u0026distro=3.21.3", "UID": "f727574eea8e47ea" }, "InstalledVersion": "1.37.0-r12", "FixedVersion": "1.37.0-r14", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:02142a054ccf85d2cf9219d40c219eb95bbb994c112e764168f6d2d622e5e001", "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", "Severity": "MEDIUM", "CweIDs": [ "CWE-150" ], "VendorSeverity": { "ubuntu": 2 }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/23/6", "https://bugs.busybox.net/show_bug.cgi?id=15922", "https://www.busybox.net", "https://www.busybox.net/downloads/", "https://www.cve.org/CVERecord?id=CVE-2024-58251" ], "PublishedDate": "2025-04-23T18:16:03.057Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-31498", "PkgID": "c-ares@1.34.3-r0", "PkgName": "c-ares", "PkgIdentifier": { "PURL": "pkg:apk/alpine/c-ares@1.34.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "65e5c61e1dac77c8" }, "InstalledVersion": "1.34.3-r0", "FixedVersion": "1.34.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:eea1b2df9367e4e4d83f4aee0153d2c74b4b99effd5cdd71ea8b13512c219e95", "DiffID": "sha256:87b218847292a8c8c002c0d3002a6aeea0f9404b337066fcde61d7fd14cbdd8e" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-31498", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:c505ee850d515c1671a6b0fce40effcb4ea9c5f64f1d9573c47916f717f4ae2f", "Title": "c-ares: c-ares has a use-after-free in read_answers()", "Description": "c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in read_answers() when process_answer() may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if the remote closed the connection immediately after a response. If there was an issue trying to put that new transaction on the wire, it would close the connection handle, but read_answers() was still expecting the connection handle to be available to possibly dequeue other responses. In theory a remote attacker might be able to trigger this by flooding the target with ICMP UNREACHABLE packets if they also control the upstream nameserver and can return a result with one of those conditions, this has been untested. Otherwise only a local attacker might be able to change system behavior to make send()/write() return a failure condition. This vulnerability is fixed in 1.34.5.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 3, "oracle-oval": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "V3Score": 7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/08/3", "https://access.redhat.com/errata/RHSA-2025:7433", "https://access.redhat.com/security/cve/CVE-2025-31498", "https://bugzilla.redhat.com/2358271", "https://bugzilla.redhat.com/2359553", "https://bugzilla.redhat.com/show_bug.cgi?id=2358271", "https://bugzilla.redhat.com/show_bug.cgi?id=2359553", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31498", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3277", "https://errata.almalinux.org/9/ALSA-2025-7433.html", "https://errata.rockylinux.org/RLSA-2025:7433", "https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1", "https://github.com/c-ares/c-ares/pull/821", "https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v", "https://linux.oracle.com/cve/CVE-2025-31498.html", "https://linux.oracle.com/errata/ELSA-2025-7502.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-31498", "https://ubuntu.com/security/notices/USN-7477-1", "https://www.cve.org/CVERecord?id=CVE-2025-31498" ], "PublishedDate": "2025-04-08T14:15:35.293Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-62408", "PkgID": "c-ares@1.34.3-r0", "PkgName": "c-ares", "PkgIdentifier": { "PURL": "pkg:apk/alpine/c-ares@1.34.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "65e5c61e1dac77c8" }, "InstalledVersion": "1.34.3-r0", "FixedVersion": "1.34.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:eea1b2df9367e4e4d83f4aee0153d2c74b4b99effd5cdd71ea8b13512c219e95", "DiffID": "sha256:87b218847292a8c8c002c0d3002a6aeea0f9404b337066fcde61d7fd14cbdd8e" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-62408", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:77036eb9134c57c0f8f2f8e2e3ca5205b9d323cba09fad7e06f7a49ce2e40c87", "Title": "c-ares: c-ares: Denial of Service due to query termination after maximum attempts", "Description": "c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using read_answer() and process_answer(), which can cause a Denial of Service. This issue is fixed in version 1.34.6.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 2, "azure": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-62408", "https://github.com/c-ares/c-ares/commit/714bf5675c541bd1e668a8db8e67ce012651e618", "https://github.com/c-ares/c-ares/security/advisories/GHSA-jq53-42q6-pqr5", "https://nvd.nist.gov/vuln/detail/CVE-2025-62408", "https://ubuntu.com/security/notices/USN-7925-1", "https://www.cve.org/CVERecord?id=CVE-2025-62408" ], "PublishedDate": "2025-12-08T22:15:52.62Z", "LastModifiedDate": "2026-02-02T14:40:44.843Z" }, { "VulnerabilityID": "CVE-2025-4947", "PkgID": "curl@8.12.1-r1", "PkgName": "curl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/curl@8.12.1-r1?arch=x86_64\u0026distro=3.21.3", "UID": "88c4306caf842e16" }, "InstalledVersion": "8.12.1-r1", "FixedVersion": "8.14.0-r0", "Status": "fixed", "Layer": { "Digest": "sha256:eea1b2df9367e4e4d83f4aee0153d2c74b4b99effd5cdd71ea8b13512c219e95", "DiffID": "sha256:87b218847292a8c8c002c0d3002a6aeea0f9404b337066fcde61d7fd14cbdd8e" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4947", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:305d8c398f894915352422500debd22722424a589a0431803288d5fbaf18e4d2", "Title": "libcurl: curl: QUIC certificate check skip with wolfSSL", "Description": "libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "azure": 2, "julia": 2, "photon": 2, "redhat": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/05/28/4", "https://access.redhat.com/security/cve/CVE-2025-4947", "https://curl.se/docs/CVE-2025-4947.html", "https://curl.se/docs/CVE-2025-4947.json", "https://github.com/advisories/GHSA-ppfq-jg49-mqj4", "https://hackerone.com/reports/3150884", "https://nvd.nist.gov/vuln/detail/CVE-2025-4947", "https://www.cve.org/CVERecord?id=CVE-2025-4947" ], "PublishedDate": "2025-05-28T07:15:24.78Z", "LastModifiedDate": "2025-06-26T15:08:21.52Z" }, { "VulnerabilityID": "CVE-2025-5025", "PkgID": "curl@8.12.1-r1", "PkgName": "curl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/curl@8.12.1-r1?arch=x86_64\u0026distro=3.21.3", "UID": "88c4306caf842e16" }, "InstalledVersion": "8.12.1-r1", "FixedVersion": "8.14.0-r0", "Status": "fixed", "Layer": { "Digest": "sha256:eea1b2df9367e4e4d83f4aee0153d2c74b4b99effd5cdd71ea8b13512c219e95", "DiffID": "sha256:87b218847292a8c8c002c0d3002a6aeea0f9404b337066fcde61d7fd14cbdd8e" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5025", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:5a2cd23699cecfa94d6eb718dfb1d575c479b50ca39fb5c22cfc990ed04d8bcb", "Title": "curl: libcurl: QUIC Certificate Pinning Bypass", "Description": "libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC and HTTP/3. Since pinning makes the transfer succeed if the pin is fine, users could unwittingly connect to an impostor server without noticing.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "azure": 2, "julia": 2, "photon": 2, "redhat": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/05/28/5", "https://access.redhat.com/security/cve/CVE-2025-5025", "https://curl.se/docs/CVE-2025-5025.html", "https://curl.se/docs/CVE-2025-5025.json", "https://github.com/advisories/GHSA-x8ch-h5vv-q6cm", "https://hackerone.com/reports/3153497", "https://nvd.nist.gov/vuln/detail/CVE-2025-5025", "https://www.cve.org/CVERecord?id=CVE-2025-5025" ], "PublishedDate": "2025-05-28T07:15:24.91Z", "LastModifiedDate": "2025-07-30T19:41:37.987Z" }, { "VulnerabilityID": "CVE-2025-5399", "PkgID": "curl@8.12.1-r1", "PkgName": "curl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/curl@8.12.1-r1?arch=x86_64\u0026distro=3.21.3", "UID": "88c4306caf842e16" }, "InstalledVersion": "8.12.1-r1", "FixedVersion": "8.14.1-r0", "Status": "fixed", "Layer": { "Digest": "sha256:eea1b2df9367e4e4d83f4aee0153d2c74b4b99effd5cdd71ea8b13512c219e95", "DiffID": "sha256:87b218847292a8c8c002c0d3002a6aeea0f9404b337066fcde61d7fd14cbdd8e" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5399", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:95cfe57b3a1cede86b9e02d6ff247bdfaa215ca5ad6e22154e60bca77fc34bb8", "Title": "curl: libcurl: WebSocket endless loop", "Description": "Due to a mistake in libcurl's WebSocket code, a malicious server can send a\nparticularly crafted packet which makes libcurl get trapped in an endless\nbusy-loop.\n\nThere is no other way for the application to escape or exit this loop other\nthan killing the thread/process.\n\nThis might be used to DoS libcurl-using application.", "Severity": "MEDIUM", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "alma": 2, "julia": 3, "oracle-oval": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/06/04/2", "https://access.redhat.com/errata/RHSA-2025:16046", "https://access.redhat.com/security/cve/CVE-2025-5399", "https://bugzilla.redhat.com/2359885", "https://bugzilla.redhat.com/2359888", "https://bugzilla.redhat.com/2359892", "https://bugzilla.redhat.com/2359894", "https://bugzilla.redhat.com/2359895", "https://bugzilla.redhat.com/2359899", "https://bugzilla.redhat.com/2359900", "https://bugzilla.redhat.com/2359902", "https://bugzilla.redhat.com/2359903", "https://bugzilla.redhat.com/2359911", "https://bugzilla.redhat.com/2359918", "https://bugzilla.redhat.com/2359920", "https://bugzilla.redhat.com/2359924", "https://bugzilla.redhat.com/2359928", "https://bugzilla.redhat.com/2359930", "https://bugzilla.redhat.com/2359932", "https://bugzilla.redhat.com/2359934", "https://bugzilla.redhat.com/2359938", "https://bugzilla.redhat.com/2359940", "https://bugzilla.redhat.com/2359943", "https://bugzilla.redhat.com/2359944", "https://bugzilla.redhat.com/2359945", "https://bugzilla.redhat.com/2359947", "https://bugzilla.redhat.com/2359950", "https://bugzilla.redhat.com/2359963", "https://bugzilla.redhat.com/2359964", "https://bugzilla.redhat.com/2359972", "https://bugzilla.redhat.com/2370920", "https://bugzilla.redhat.com/2380264", "https://bugzilla.redhat.com/2380273", "https://bugzilla.redhat.com/2380274", "https://bugzilla.redhat.com/2380278", "https://bugzilla.redhat.com/2380280", "https://bugzilla.redhat.com/2380283", "https://bugzilla.redhat.com/2380284", "https://bugzilla.redhat.com/2380290", "https://bugzilla.redhat.com/2380291", "https://bugzilla.redhat.com/2380295", "https://bugzilla.redhat.com/2380298", "https://bugzilla.redhat.com/2380306", "https://bugzilla.redhat.com/2380308", "https://bugzilla.redhat.com/2380309", "https://bugzilla.redhat.com/2380310", "https://bugzilla.redhat.com/2380312", "https://bugzilla.redhat.com/2380313", "https://bugzilla.redhat.com/2380320", "https://bugzilla.redhat.com/2380321", "https://bugzilla.redhat.com/2380322", "https://bugzilla.redhat.com/2380326", "https://bugzilla.redhat.com/2380327", "https://bugzilla.redhat.com/2380334", "https://bugzilla.redhat.com/2380335", "https://bugzilla.redhat.com/show_bug.cgi?id=2338999", "https://bugzilla.redhat.com/show_bug.cgi?id=2359885", "https://bugzilla.redhat.com/show_bug.cgi?id=2359888", "https://bugzilla.redhat.com/show_bug.cgi?id=2359892", "https://bugzilla.redhat.com/show_bug.cgi?id=2359894", "https://bugzilla.redhat.com/show_bug.cgi?id=2359895", "https://bugzilla.redhat.com/show_bug.cgi?id=2359899", "https://bugzilla.redhat.com/show_bug.cgi?id=2359900", "https://bugzilla.redhat.com/show_bug.cgi?id=2359902", "https://bugzilla.redhat.com/show_bug.cgi?id=2359903", "https://bugzilla.redhat.com/show_bug.cgi?id=2359911", "https://bugzilla.redhat.com/show_bug.cgi?id=2359918", "https://bugzilla.redhat.com/show_bug.cgi?id=2359920", "https://bugzilla.redhat.com/show_bug.cgi?id=2359924", "https://bugzilla.redhat.com/show_bug.cgi?id=2359928", "https://bugzilla.redhat.com/show_bug.cgi?id=2359930", "https://bugzilla.redhat.com/show_bug.cgi?id=2359932", "https://bugzilla.redhat.com/show_bug.cgi?id=2359934", "https://bugzilla.redhat.com/show_bug.cgi?id=2359938", "https://bugzilla.redhat.com/show_bug.cgi?id=2359940", "https://bugzilla.redhat.com/show_bug.cgi?id=2359943", "https://bugzilla.redhat.com/show_bug.cgi?id=2359944", "https://bugzilla.redhat.com/show_bug.cgi?id=2359945", "https://bugzilla.redhat.com/show_bug.cgi?id=2359947", "https://bugzilla.redhat.com/show_bug.cgi?id=2359950", "https://bugzilla.redhat.com/show_bug.cgi?id=2359963", "https://bugzilla.redhat.com/show_bug.cgi?id=2359964", "https://bugzilla.redhat.com/show_bug.cgi?id=2359972", "https://bugzilla.redhat.com/show_bug.cgi?id=2370920", "https://bugzilla.redhat.com/show_bug.cgi?id=2380264", "https://bugzilla.redhat.com/show_bug.cgi?id=2380273", "https://bugzilla.redhat.com/show_bug.cgi?id=2380274", "https://bugzilla.redhat.com/show_bug.cgi?id=2380278", "https://bugzilla.redhat.com/show_bug.cgi?id=2380280", "https://bugzilla.redhat.com/show_bug.cgi?id=2380283", "https://bugzilla.redhat.com/show_bug.cgi?id=2380284", "https://bugzilla.redhat.com/show_bug.cgi?id=2380290", "https://bugzilla.redhat.com/show_bug.cgi?id=2380291", "https://bugzilla.redhat.com/show_bug.cgi?id=2380295", "https://bugzilla.redhat.com/show_bug.cgi?id=2380298", "https://bugzilla.redhat.com/show_bug.cgi?id=2380306", "https://bugzilla.redhat.com/show_bug.cgi?id=2380308", "https://bugzilla.redhat.com/show_bug.cgi?id=2380309", "https://bugzilla.redhat.com/show_bug.cgi?id=2380310", "https://bugzilla.redhat.com/show_bug.cgi?id=2380312", "https://bugzilla.redhat.com/show_bug.cgi?id=2380313", "https://bugzilla.redhat.com/show_bug.cgi?id=2380320", "https://bugzilla.redhat.com/show_bug.cgi?id=2380321", "https://bugzilla.redhat.com/show_bug.cgi?id=2380322", "https://bugzilla.redhat.com/show_bug.cgi?id=2380326", "https://bugzilla.redhat.com/show_bug.cgi?id=2380327", "https://bugzilla.redhat.com/show_bug.cgi?id=2380334", "https://bugzilla.redhat.com/show_bug.cgi?id=2380335", "https://curl.se/docs/CVE-2025-5399.html", "https://curl.se/docs/CVE-2025-5399.json", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21574", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21575", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21577", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21579", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21580", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21581", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21584", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21585", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21588", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30681", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30682", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30683", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30684", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30685", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30687", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30688", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30693", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30695", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30696", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30699", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30703", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30704", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30705", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30715", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30721", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30722", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50077", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50078", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50079", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50080", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50081", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50082", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50083", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50084", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50085", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50086", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50087", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50088", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50091", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50092", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50093", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50094", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50096", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50097", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50098", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50099", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50100", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50101", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50102", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50104", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5399", "https://errata.almalinux.org/9/ALSA-2025-16046.html", "https://errata.rockylinux.org/RLSA-2025:15699", "https://github.com/advisories/GHSA-8h93-38hx-vv92", "https://hackerone.com/reports/3168039", "https://linux.oracle.com/cve/CVE-2025-5399.html", "https://linux.oracle.com/errata/ELSA-2025-16046.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-5399", "https://www.cve.org/CVERecord?id=CVE-2025-5399", "https://www.oracle.com/security-alerts/cpujul2025.html#AppendixMSQL" ], "PublishedDate": "2025-06-07T08:15:20.687Z", "LastModifiedDate": "2025-07-30T19:41:33.457Z" }, { "VulnerabilityID": "CVE-2025-9086", "PkgID": "curl@8.12.1-r1", "PkgName": "curl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/curl@8.12.1-r1?arch=x86_64\u0026distro=3.21.3", "UID": "88c4306caf842e16" }, "InstalledVersion": "8.12.1-r1", "FixedVersion": "8.14.1-r2", "Status": "fixed", "Layer": { "Digest": "sha256:eea1b2df9367e4e4d83f4aee0153d2c74b4b99effd5cdd71ea8b13512c219e95", "DiffID": "sha256:87b218847292a8c8c002c0d3002a6aeea0f9404b337066fcde61d7fd14cbdd8e" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9086", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:8f41649a828645da62af77d80f742e3f27b8ec02d30aedc00986071242df7393", "Title": "curl: libcurl: Curl out of bounds read for cookie path", "Description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "alma": 2, "amazon": 1, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/09/10/1", "https://access.redhat.com/errata/RHSA-2026:1350", "https://access.redhat.com/security/cve/CVE-2025-9086", "https://bugzilla.redhat.com/2394750", "https://bugzilla.redhat.com/show_bug.cgi?id=2394750", "https://curl.se/docs/CVE-2025-9086.html", "https://curl.se/docs/CVE-2025-9086.json", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086", "https://errata.almalinux.org/9/ALSA-2026-1350.html", "https://errata.rockylinux.org/RLSA-2026:1350", "https://github.com/advisories/GHSA-v676-f8gm-92r9", "https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6", "https://hackerone.com/reports/3294999", "https://linux.oracle.com/cve/CVE-2025-9086.html", "https://linux.oracle.com/errata/ELSA-2026-1825.html", "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "https://ubuntu.com/security/notices/USN-8062-1", "https://www.cve.org/CVERecord?id=CVE-2025-9086" ], "PublishedDate": "2025-09-12T06:15:44.1Z", "LastModifiedDate": "2026-01-20T14:58:01.347Z" }, { "VulnerabilityID": "CVE-2026-31789", "PkgID": "libcrypto3@3.3.3-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "b6dee14d788cd234" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31789", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:a2828f9edd514acc06d8c40826dab8132e5f30ea5d8f3a3a36242bb540189f5d", "Title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing", "Description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "CRITICAL", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "azure": 2, "nvd": 4, "photon": 4, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", "V3Score": 5.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31789", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-j79m-9jxq-788r", "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-31789", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.617Z", "LastModifiedDate": "2026-05-12T13:17:34.57Z" }, { "VulnerabilityID": "CVE-2025-15467", "PkgID": "libcrypto3@3.3.3-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "b6dee14d788cd234" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15467", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:220d19f775c4ecfa36bc557f912eafaffb793d27b127ca5859eaad6025aee5a7", "Title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing", "Description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 4, "julia": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 8.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/27/10", "http://www.openwall.com/lists/oss-security/2026/02/25/6", "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-15467", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-wvhq-3h88-rf6g", "https://github.com/guiimoraes/CVE-2025-15467", "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://linux.oracle.com/cve/CVE-2025-15467.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://www.cve.org/CVERecord?id=CVE-2025-15467" ], "PublishedDate": "2026-01-27T16:16:14.257Z", "LastModifiedDate": "2026-05-07T18:12:43.253Z" }, { "VulnerabilityID": "CVE-2025-69421", "PkgID": "libcrypto3@3.3.3-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "b6dee14d788cd234" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69421", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:9408bdb0dd30466d658a91d049dffcc384277a776d281d84f1e993a737259636", "Title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing", "Description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "cbl-mariner": 2, "julia": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 1, "rocky": 3, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-69421", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-w9rv-xc8m-cmqp", "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://linux.oracle.com/cve/CVE-2025-69421.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69421" ], "PublishedDate": "2026-01-27T16:16:34.437Z", "LastModifiedDate": "2026-05-12T13:17:26.71Z" }, { "VulnerabilityID": "CVE-2026-28387", "PkgID": "libcrypto3@3.3.3-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "b6dee14d788cd234" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28387", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:aa0530eb7ae3aec9f06c5c64034b12a2f1f2d5e0abf0b9846bb9e91f6245af20", "Title": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication", "Description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as 'unusable' any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28387", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b", "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe", "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3", "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7", "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177", "https://nvd.nist.gov/vuln/detail/CVE-2026-28387", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28387", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:20.7Z", "LastModifiedDate": "2026-05-12T13:17:33.27Z" }, { "VulnerabilityID": "CVE-2026-28388", "PkgID": "libcrypto3@3.3.3-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "b6dee14d788cd234" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28388", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:808f159284641f96d87fb0160b3ad58ed6ef96aa4aa5c54ecedbcb5f29fb6e4f", "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing", "Description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28388", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28388", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:20.863Z", "LastModifiedDate": "2026-05-12T13:17:33.453Z" }, { "VulnerabilityID": "CVE-2026-28389", "PkgID": "libcrypto3@3.3.3-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "b6dee14d788cd234" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28389", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:2237fdc57660968e32822f15d66d38117452ff69965ef990f82f50e4d07daf7a", "Title": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing", "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28389", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/advisories/GHSA-7x88-9hgc-69gf", "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28389", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.03Z", "LastModifiedDate": "2026-05-12T13:17:33.637Z" }, { "VulnerabilityID": "CVE-2026-28390", "PkgID": "libcrypto3@3.3.3-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "b6dee14d788cd234" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28390", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:34ee20b25ff9dd9c1817212ca260da57c511b98910101625b56796aaf9e92470", "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing", "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28390", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", "https://nvd.nist.gov/vuln/detail/CVE-2026-28390", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28390", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.19Z", "LastModifiedDate": "2026-05-12T13:17:33.81Z" }, { "VulnerabilityID": "CVE-2025-69419", "PkgID": "libcrypto3@3.3.3-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "b6dee14d788cd234" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69419", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:c1e11034626254276fe24e9be14877cbd65bf8a9e328617dc59e63868b7d5f48", "Title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing", "Description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "cbl-mariner": 3, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4472", "https://access.redhat.com/security/cve/CVE-2025-69419", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-4472.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-x77r-97gw-wh89", "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", "https://linux.oracle.com/cve/CVE-2025-69419.html", "https://linux.oracle.com/errata/ELSA-2026-50131.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69419" ], "PublishedDate": "2026-01-27T16:16:34.113Z", "LastModifiedDate": "2026-05-12T13:17:26.19Z" }, { "VulnerabilityID": "CVE-2025-9230", "PkgID": "libcrypto3@3.3.3-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "b6dee14d788cd234" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:7fadb18733fd4ab0d37a2727b8b285799602e80945bfd3f16b9ad5891c3c5c51", "Title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap", "Description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125", "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "cbl-mariner": 3, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.6 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/09/30/5", "https://access.redhat.com/errata/RHSA-2026:2776", "https://access.redhat.com/security/cve/CVE-2025-9230", "https://bugzilla.redhat.com/2396054", "https://bugzilla.redhat.com/show_bug.cgi?id=2396054", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cert-portal.siemens.com/productcert/html/ssa-485750.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230", "https://errata.almalinux.org/9/ALSA-2026-2776.html", "https://errata.rockylinux.org/RLSA-2025:21255", "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", "https://linux.oracle.com/cve/CVE-2025-9230.html", "https://linux.oracle.com/errata/ELSA-2026-50114.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "https://openssl-library.org/news/secadv/20250930.txt", "https://ubuntu.com/security/notices/USN-7786-1", "https://www.cve.org/CVERecord?id=CVE-2025-9230" ], "PublishedDate": "2025-09-30T14:15:41.05Z", "LastModifiedDate": "2026-05-12T13:17:29.767Z" }, { "VulnerabilityID": "CVE-2025-9231", "PkgID": "libcrypto3@3.3.3-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "b6dee14d788cd234" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:3d7b45d58fffce8097100d1a70510fbc53d6c1fb885cf8112da0c0daab85f0fb", "Title": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", "Description": "Issue summary: A timing side-channel which could potentially allow remote\nrecovery of the private key exists in the SM2 algorithm implementation on 64 bit\nARM platforms.\n\nImpact summary: A timing side-channel in SM2 signature computations on 64 bit\nARM platforms could allow recovering the private key by an attacker..\n\nWhile remote key recovery over a network was not attempted by the reporter,\ntiming measurements revealed a timing signal which may allow such an attack.\n\nOpenSSL does not directly support certificates with SM2 keys in TLS, and so\nthis CVE is not relevant in most TLS contexts. However, given that it is\npossible to add support for such certificates via a custom provider, coupled\nwith the fact that in such a custom provider context the private key may be\nrecoverable via remote timing measurements, we consider this to be a Moderate\nseverity issue.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as SM2 is not an approved algorithm.", "Severity": "MEDIUM", "CweIDs": [ "CWE-385" ], "VendorSeverity": { "amazon": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/09/30/5", "http://www.openwall.com/lists/oss-security/2026/05/11/11", "https://access.redhat.com/security/cve/CVE-2025-9231", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", "https://github.com/advisories/GHSA-9mrx-mqmg-gwj9", "https://github.com/openssl/openssl/commit/567f64386e43683888212226824b6a179885a0fe", "https://github.com/openssl/openssl/commit/cba616c26ac8e7b37de5e77762e505ba5ca51698", "https://github.com/openssl/openssl/commit/eed5adc9f969d77c94f213767acbb41ff923b6f4", "https://github.com/openssl/openssl/commit/fc47a2ec078912b3e914fab5734535e76c4820c2", "https://nvd.nist.gov/vuln/detail/CVE-2025-9231", "https://openssl-library.org/news/secadv/20250930.txt", "https://ubuntu.com/security/notices/USN-7786-1", "https://www.cve.org/CVERecord?id=CVE-2025-9231" ], "PublishedDate": "2025-09-30T14:15:41.19Z", "LastModifiedDate": "2026-05-12T13:17:29.927Z" }, { "VulnerabilityID": "CVE-2026-31790", "PkgID": "libcrypto3@3.3.3-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "b6dee14d788cd234" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31790", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:639f27b7378e3018cbb8db30f945c034bf05c7cd1eb856b7b5a09ad0e3eb9b30", "Title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key", "Description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-754" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31790", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-vgxx-5xj5-q97x", "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-31790", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.77Z", "LastModifiedDate": "2026-05-12T13:17:34.75Z" }, { "VulnerabilityID": "CVE-2025-4947", "PkgID": "libcurl@8.12.1-r1", "PkgName": "libcurl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcurl@8.12.1-r1?arch=x86_64\u0026distro=3.21.3", "UID": "bb07c860cc2206ec" }, "InstalledVersion": "8.12.1-r1", "FixedVersion": "8.14.0-r0", "Status": "fixed", "Layer": { "Digest": "sha256:eea1b2df9367e4e4d83f4aee0153d2c74b4b99effd5cdd71ea8b13512c219e95", "DiffID": "sha256:87b218847292a8c8c002c0d3002a6aeea0f9404b337066fcde61d7fd14cbdd8e" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4947", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:5a9e6e57292dbb2fa91e0c09d96eb9113bcae29797e81b2683e8a7a7e708e808", "Title": "libcurl: curl: QUIC certificate check skip with wolfSSL", "Description": "libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "azure": 2, "julia": 2, "photon": 2, "redhat": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/05/28/4", "https://access.redhat.com/security/cve/CVE-2025-4947", "https://curl.se/docs/CVE-2025-4947.html", "https://curl.se/docs/CVE-2025-4947.json", "https://github.com/advisories/GHSA-ppfq-jg49-mqj4", "https://hackerone.com/reports/3150884", "https://nvd.nist.gov/vuln/detail/CVE-2025-4947", "https://www.cve.org/CVERecord?id=CVE-2025-4947" ], "PublishedDate": "2025-05-28T07:15:24.78Z", "LastModifiedDate": "2025-06-26T15:08:21.52Z" }, { "VulnerabilityID": "CVE-2025-5025", "PkgID": "libcurl@8.12.1-r1", "PkgName": "libcurl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcurl@8.12.1-r1?arch=x86_64\u0026distro=3.21.3", "UID": "bb07c860cc2206ec" }, "InstalledVersion": "8.12.1-r1", "FixedVersion": "8.14.0-r0", "Status": "fixed", "Layer": { "Digest": "sha256:eea1b2df9367e4e4d83f4aee0153d2c74b4b99effd5cdd71ea8b13512c219e95", "DiffID": "sha256:87b218847292a8c8c002c0d3002a6aeea0f9404b337066fcde61d7fd14cbdd8e" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5025", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:c73ba1377e9dae7d15e000c8f6c33d948d1103f8a1d1fed70663403477f596f4", "Title": "curl: libcurl: QUIC Certificate Pinning Bypass", "Description": "libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC and HTTP/3. Since pinning makes the transfer succeed if the pin is fine, users could unwittingly connect to an impostor server without noticing.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "azure": 2, "julia": 2, "photon": 2, "redhat": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/05/28/5", "https://access.redhat.com/security/cve/CVE-2025-5025", "https://curl.se/docs/CVE-2025-5025.html", "https://curl.se/docs/CVE-2025-5025.json", "https://github.com/advisories/GHSA-x8ch-h5vv-q6cm", "https://hackerone.com/reports/3153497", "https://nvd.nist.gov/vuln/detail/CVE-2025-5025", "https://www.cve.org/CVERecord?id=CVE-2025-5025" ], "PublishedDate": "2025-05-28T07:15:24.91Z", "LastModifiedDate": "2025-07-30T19:41:37.987Z" }, { "VulnerabilityID": "CVE-2025-5399", "PkgID": "libcurl@8.12.1-r1", "PkgName": "libcurl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcurl@8.12.1-r1?arch=x86_64\u0026distro=3.21.3", "UID": "bb07c860cc2206ec" }, "InstalledVersion": "8.12.1-r1", "FixedVersion": "8.14.1-r0", "Status": "fixed", "Layer": { "Digest": "sha256:eea1b2df9367e4e4d83f4aee0153d2c74b4b99effd5cdd71ea8b13512c219e95", "DiffID": "sha256:87b218847292a8c8c002c0d3002a6aeea0f9404b337066fcde61d7fd14cbdd8e" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5399", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:8f527ce7b66eaf552d9ba19e424774f1fa2cf952ac338ba50b392d01a5cdb283", "Title": "curl: libcurl: WebSocket endless loop", "Description": "Due to a mistake in libcurl's WebSocket code, a malicious server can send a\nparticularly crafted packet which makes libcurl get trapped in an endless\nbusy-loop.\n\nThere is no other way for the application to escape or exit this loop other\nthan killing the thread/process.\n\nThis might be used to DoS libcurl-using application.", "Severity": "MEDIUM", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "alma": 2, "julia": 3, "oracle-oval": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/06/04/2", "https://access.redhat.com/errata/RHSA-2025:16046", "https://access.redhat.com/security/cve/CVE-2025-5399", "https://bugzilla.redhat.com/2359885", "https://bugzilla.redhat.com/2359888", "https://bugzilla.redhat.com/2359892", "https://bugzilla.redhat.com/2359894", "https://bugzilla.redhat.com/2359895", "https://bugzilla.redhat.com/2359899", "https://bugzilla.redhat.com/2359900", "https://bugzilla.redhat.com/2359902", "https://bugzilla.redhat.com/2359903", "https://bugzilla.redhat.com/2359911", "https://bugzilla.redhat.com/2359918", "https://bugzilla.redhat.com/2359920", "https://bugzilla.redhat.com/2359924", "https://bugzilla.redhat.com/2359928", "https://bugzilla.redhat.com/2359930", "https://bugzilla.redhat.com/2359932", "https://bugzilla.redhat.com/2359934", "https://bugzilla.redhat.com/2359938", "https://bugzilla.redhat.com/2359940", "https://bugzilla.redhat.com/2359943", "https://bugzilla.redhat.com/2359944", "https://bugzilla.redhat.com/2359945", "https://bugzilla.redhat.com/2359947", "https://bugzilla.redhat.com/2359950", "https://bugzilla.redhat.com/2359963", "https://bugzilla.redhat.com/2359964", "https://bugzilla.redhat.com/2359972", "https://bugzilla.redhat.com/2370920", "https://bugzilla.redhat.com/2380264", "https://bugzilla.redhat.com/2380273", "https://bugzilla.redhat.com/2380274", "https://bugzilla.redhat.com/2380278", "https://bugzilla.redhat.com/2380280", "https://bugzilla.redhat.com/2380283", "https://bugzilla.redhat.com/2380284", "https://bugzilla.redhat.com/2380290", "https://bugzilla.redhat.com/2380291", "https://bugzilla.redhat.com/2380295", "https://bugzilla.redhat.com/2380298", "https://bugzilla.redhat.com/2380306", "https://bugzilla.redhat.com/2380308", "https://bugzilla.redhat.com/2380309", "https://bugzilla.redhat.com/2380310", "https://bugzilla.redhat.com/2380312", "https://bugzilla.redhat.com/2380313", "https://bugzilla.redhat.com/2380320", "https://bugzilla.redhat.com/2380321", "https://bugzilla.redhat.com/2380322", "https://bugzilla.redhat.com/2380326", "https://bugzilla.redhat.com/2380327", "https://bugzilla.redhat.com/2380334", "https://bugzilla.redhat.com/2380335", "https://bugzilla.redhat.com/show_bug.cgi?id=2338999", "https://bugzilla.redhat.com/show_bug.cgi?id=2359885", "https://bugzilla.redhat.com/show_bug.cgi?id=2359888", "https://bugzilla.redhat.com/show_bug.cgi?id=2359892", "https://bugzilla.redhat.com/show_bug.cgi?id=2359894", "https://bugzilla.redhat.com/show_bug.cgi?id=2359895", "https://bugzilla.redhat.com/show_bug.cgi?id=2359899", "https://bugzilla.redhat.com/show_bug.cgi?id=2359900", "https://bugzilla.redhat.com/show_bug.cgi?id=2359902", "https://bugzilla.redhat.com/show_bug.cgi?id=2359903", "https://bugzilla.redhat.com/show_bug.cgi?id=2359911", "https://bugzilla.redhat.com/show_bug.cgi?id=2359918", "https://bugzilla.redhat.com/show_bug.cgi?id=2359920", "https://bugzilla.redhat.com/show_bug.cgi?id=2359924", "https://bugzilla.redhat.com/show_bug.cgi?id=2359928", "https://bugzilla.redhat.com/show_bug.cgi?id=2359930", "https://bugzilla.redhat.com/show_bug.cgi?id=2359932", "https://bugzilla.redhat.com/show_bug.cgi?id=2359934", "https://bugzilla.redhat.com/show_bug.cgi?id=2359938", "https://bugzilla.redhat.com/show_bug.cgi?id=2359940", "https://bugzilla.redhat.com/show_bug.cgi?id=2359943", "https://bugzilla.redhat.com/show_bug.cgi?id=2359944", "https://bugzilla.redhat.com/show_bug.cgi?id=2359945", "https://bugzilla.redhat.com/show_bug.cgi?id=2359947", "https://bugzilla.redhat.com/show_bug.cgi?id=2359950", "https://bugzilla.redhat.com/show_bug.cgi?id=2359963", "https://bugzilla.redhat.com/show_bug.cgi?id=2359964", "https://bugzilla.redhat.com/show_bug.cgi?id=2359972", "https://bugzilla.redhat.com/show_bug.cgi?id=2370920", "https://bugzilla.redhat.com/show_bug.cgi?id=2380264", "https://bugzilla.redhat.com/show_bug.cgi?id=2380273", "https://bugzilla.redhat.com/show_bug.cgi?id=2380274", "https://bugzilla.redhat.com/show_bug.cgi?id=2380278", "https://bugzilla.redhat.com/show_bug.cgi?id=2380280", "https://bugzilla.redhat.com/show_bug.cgi?id=2380283", "https://bugzilla.redhat.com/show_bug.cgi?id=2380284", "https://bugzilla.redhat.com/show_bug.cgi?id=2380290", "https://bugzilla.redhat.com/show_bug.cgi?id=2380291", "https://bugzilla.redhat.com/show_bug.cgi?id=2380295", "https://bugzilla.redhat.com/show_bug.cgi?id=2380298", "https://bugzilla.redhat.com/show_bug.cgi?id=2380306", "https://bugzilla.redhat.com/show_bug.cgi?id=2380308", "https://bugzilla.redhat.com/show_bug.cgi?id=2380309", "https://bugzilla.redhat.com/show_bug.cgi?id=2380310", "https://bugzilla.redhat.com/show_bug.cgi?id=2380312", "https://bugzilla.redhat.com/show_bug.cgi?id=2380313", "https://bugzilla.redhat.com/show_bug.cgi?id=2380320", "https://bugzilla.redhat.com/show_bug.cgi?id=2380321", "https://bugzilla.redhat.com/show_bug.cgi?id=2380322", "https://bugzilla.redhat.com/show_bug.cgi?id=2380326", "https://bugzilla.redhat.com/show_bug.cgi?id=2380327", "https://bugzilla.redhat.com/show_bug.cgi?id=2380334", "https://bugzilla.redhat.com/show_bug.cgi?id=2380335", "https://curl.se/docs/CVE-2025-5399.html", "https://curl.se/docs/CVE-2025-5399.json", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21574", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21575", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21577", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21579", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21580", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21581", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21584", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21585", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21588", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30681", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30682", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30683", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30684", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30685", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30687", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30688", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30693", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30695", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30696", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30699", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30703", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30704", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30705", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30715", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30721", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30722", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50077", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50078", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50079", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50080", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50081", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50082", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50083", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50084", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50085", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50086", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50087", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50088", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50091", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50092", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50093", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50094", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50096", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50097", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50098", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50099", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50100", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50101", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50102", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50104", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5399", "https://errata.almalinux.org/9/ALSA-2025-16046.html", "https://errata.rockylinux.org/RLSA-2025:15699", "https://github.com/advisories/GHSA-8h93-38hx-vv92", "https://hackerone.com/reports/3168039", "https://linux.oracle.com/cve/CVE-2025-5399.html", "https://linux.oracle.com/errata/ELSA-2025-16046.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-5399", "https://www.cve.org/CVERecord?id=CVE-2025-5399", "https://www.oracle.com/security-alerts/cpujul2025.html#AppendixMSQL" ], "PublishedDate": "2025-06-07T08:15:20.687Z", "LastModifiedDate": "2025-07-30T19:41:33.457Z" }, { "VulnerabilityID": "CVE-2025-9086", "PkgID": "libcurl@8.12.1-r1", "PkgName": "libcurl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcurl@8.12.1-r1?arch=x86_64\u0026distro=3.21.3", "UID": "bb07c860cc2206ec" }, "InstalledVersion": "8.12.1-r1", "FixedVersion": "8.14.1-r2", "Status": "fixed", "Layer": { "Digest": "sha256:eea1b2df9367e4e4d83f4aee0153d2c74b4b99effd5cdd71ea8b13512c219e95", "DiffID": "sha256:87b218847292a8c8c002c0d3002a6aeea0f9404b337066fcde61d7fd14cbdd8e" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9086", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:9557a581a20fd0d55b7a4357bde8750af117ac984568a6a514e698718493c8b8", "Title": "curl: libcurl: Curl out of bounds read for cookie path", "Description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "alma": 2, "amazon": 1, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/09/10/1", "https://access.redhat.com/errata/RHSA-2026:1350", "https://access.redhat.com/security/cve/CVE-2025-9086", "https://bugzilla.redhat.com/2394750", "https://bugzilla.redhat.com/show_bug.cgi?id=2394750", "https://curl.se/docs/CVE-2025-9086.html", "https://curl.se/docs/CVE-2025-9086.json", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086", "https://errata.almalinux.org/9/ALSA-2026-1350.html", "https://errata.rockylinux.org/RLSA-2026:1350", "https://github.com/advisories/GHSA-v676-f8gm-92r9", "https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6", "https://hackerone.com/reports/3294999", "https://linux.oracle.com/cve/CVE-2025-9086.html", "https://linux.oracle.com/errata/ELSA-2026-1825.html", "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "https://ubuntu.com/security/notices/USN-8062-1", "https://www.cve.org/CVERecord?id=CVE-2025-9086" ], "PublishedDate": "2025-09-12T06:15:44.1Z", "LastModifiedDate": "2026-01-20T14:58:01.347Z" }, { "VulnerabilityID": "CVE-2026-31789", "PkgID": "libssl3@3.3.3-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "c19c85db06279baa" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31789", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:1df247ad76d18c2e2701d26fb6462109b45b6d6d3b0cf801685ef3bfe5db8cd2", "Title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing", "Description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "CRITICAL", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "azure": 2, "nvd": 4, "photon": 4, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", "V3Score": 5.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31789", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-j79m-9jxq-788r", "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-31789", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.617Z", "LastModifiedDate": "2026-05-12T13:17:34.57Z" }, { "VulnerabilityID": "CVE-2025-15467", "PkgID": "libssl3@3.3.3-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "c19c85db06279baa" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15467", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:2e4a8ecfbe9e275d9e0c2c57320cea65cb1bb98e7e027ffc7410811ba67e6c46", "Title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing", "Description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 4, "julia": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 8.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/27/10", "http://www.openwall.com/lists/oss-security/2026/02/25/6", "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-15467", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-wvhq-3h88-rf6g", "https://github.com/guiimoraes/CVE-2025-15467", "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://linux.oracle.com/cve/CVE-2025-15467.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://www.cve.org/CVERecord?id=CVE-2025-15467" ], "PublishedDate": "2026-01-27T16:16:14.257Z", "LastModifiedDate": "2026-05-07T18:12:43.253Z" }, { "VulnerabilityID": "CVE-2025-69421", "PkgID": "libssl3@3.3.3-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "c19c85db06279baa" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69421", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:ca639a2a6ac1a69763931836199e4d48b7cfc1f68506135e2579b2c58e35f53b", "Title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing", "Description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "cbl-mariner": 2, "julia": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 1, "rocky": 3, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-69421", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-w9rv-xc8m-cmqp", "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://linux.oracle.com/cve/CVE-2025-69421.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69421" ], "PublishedDate": "2026-01-27T16:16:34.437Z", "LastModifiedDate": "2026-05-12T13:17:26.71Z" }, { "VulnerabilityID": "CVE-2026-28387", "PkgID": "libssl3@3.3.3-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "c19c85db06279baa" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28387", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:adf74c32acf3872f3c49f3959dd4e12f8e59e2594fde982c4b5b5d3f70aa3345", "Title": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication", "Description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as 'unusable' any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28387", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b", "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe", "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3", "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7", "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177", "https://nvd.nist.gov/vuln/detail/CVE-2026-28387", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28387", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:20.7Z", "LastModifiedDate": "2026-05-12T13:17:33.27Z" }, { "VulnerabilityID": "CVE-2026-28388", "PkgID": "libssl3@3.3.3-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "c19c85db06279baa" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28388", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:78e6261c6ee8e562541c46c9253147609bb04dd703e78e831442ef4f8c188993", "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing", "Description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28388", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28388", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:20.863Z", "LastModifiedDate": "2026-05-12T13:17:33.453Z" }, { "VulnerabilityID": "CVE-2026-28389", "PkgID": "libssl3@3.3.3-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "c19c85db06279baa" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28389", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:ed07485d9118925b4ae14a61cabd97bc1391592cbb39878df00895d7db7ba366", "Title": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing", "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28389", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/advisories/GHSA-7x88-9hgc-69gf", "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28389", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.03Z", "LastModifiedDate": "2026-05-12T13:17:33.637Z" }, { "VulnerabilityID": "CVE-2026-28390", "PkgID": "libssl3@3.3.3-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "c19c85db06279baa" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28390", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:8179137ef2045880b3d2a1f7997a4c392e0585dc36dbe1fcc706ba1edee390d5", "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing", "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28390", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", "https://nvd.nist.gov/vuln/detail/CVE-2026-28390", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28390", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.19Z", "LastModifiedDate": "2026-05-12T13:17:33.81Z" }, { "VulnerabilityID": "CVE-2025-69419", "PkgID": "libssl3@3.3.3-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "c19c85db06279baa" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69419", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:2dc5ebade43820e6d6e4d9e8a894cf7b9c177a9b56374f3eef4f690bf09c12ab", "Title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing", "Description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "cbl-mariner": 3, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4472", "https://access.redhat.com/security/cve/CVE-2025-69419", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-4472.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-x77r-97gw-wh89", "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", "https://linux.oracle.com/cve/CVE-2025-69419.html", "https://linux.oracle.com/errata/ELSA-2026-50131.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69419" ], "PublishedDate": "2026-01-27T16:16:34.113Z", "LastModifiedDate": "2026-05-12T13:17:26.19Z" }, { "VulnerabilityID": "CVE-2025-9230", "PkgID": "libssl3@3.3.3-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "c19c85db06279baa" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:b599f56419646148e4e09b6bff4e551058af359b1f3058716d059d926002d6cc", "Title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap", "Description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125", "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "cbl-mariner": 3, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.6 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/09/30/5", "https://access.redhat.com/errata/RHSA-2026:2776", "https://access.redhat.com/security/cve/CVE-2025-9230", "https://bugzilla.redhat.com/2396054", "https://bugzilla.redhat.com/show_bug.cgi?id=2396054", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cert-portal.siemens.com/productcert/html/ssa-485750.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230", "https://errata.almalinux.org/9/ALSA-2026-2776.html", "https://errata.rockylinux.org/RLSA-2025:21255", "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", "https://linux.oracle.com/cve/CVE-2025-9230.html", "https://linux.oracle.com/errata/ELSA-2026-50114.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "https://openssl-library.org/news/secadv/20250930.txt", "https://ubuntu.com/security/notices/USN-7786-1", "https://www.cve.org/CVERecord?id=CVE-2025-9230" ], "PublishedDate": "2025-09-30T14:15:41.05Z", "LastModifiedDate": "2026-05-12T13:17:29.767Z" }, { "VulnerabilityID": "CVE-2025-9231", "PkgID": "libssl3@3.3.3-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "c19c85db06279baa" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:731b7e9d83cf54cb714a1210463fd7af6491ed40c84d100658638989c26d2551", "Title": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", "Description": "Issue summary: A timing side-channel which could potentially allow remote\nrecovery of the private key exists in the SM2 algorithm implementation on 64 bit\nARM platforms.\n\nImpact summary: A timing side-channel in SM2 signature computations on 64 bit\nARM platforms could allow recovering the private key by an attacker..\n\nWhile remote key recovery over a network was not attempted by the reporter,\ntiming measurements revealed a timing signal which may allow such an attack.\n\nOpenSSL does not directly support certificates with SM2 keys in TLS, and so\nthis CVE is not relevant in most TLS contexts. However, given that it is\npossible to add support for such certificates via a custom provider, coupled\nwith the fact that in such a custom provider context the private key may be\nrecoverable via remote timing measurements, we consider this to be a Moderate\nseverity issue.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as SM2 is not an approved algorithm.", "Severity": "MEDIUM", "CweIDs": [ "CWE-385" ], "VendorSeverity": { "amazon": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/09/30/5", "http://www.openwall.com/lists/oss-security/2026/05/11/11", "https://access.redhat.com/security/cve/CVE-2025-9231", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", "https://github.com/advisories/GHSA-9mrx-mqmg-gwj9", "https://github.com/openssl/openssl/commit/567f64386e43683888212226824b6a179885a0fe", "https://github.com/openssl/openssl/commit/cba616c26ac8e7b37de5e77762e505ba5ca51698", "https://github.com/openssl/openssl/commit/eed5adc9f969d77c94f213767acbb41ff923b6f4", "https://github.com/openssl/openssl/commit/fc47a2ec078912b3e914fab5734535e76c4820c2", "https://nvd.nist.gov/vuln/detail/CVE-2025-9231", "https://openssl-library.org/news/secadv/20250930.txt", "https://ubuntu.com/security/notices/USN-7786-1", "https://www.cve.org/CVERecord?id=CVE-2025-9231" ], "PublishedDate": "2025-09-30T14:15:41.19Z", "LastModifiedDate": "2026-05-12T13:17:29.927Z" }, { "VulnerabilityID": "CVE-2026-31790", "PkgID": "libssl3@3.3.3-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "c19c85db06279baa" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31790", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:3900523675f08164a643e04a1423a01348aa7143de8971421d1c70da7d143555", "Title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key", "Description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-754" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31790", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-vgxx-5xj5-q97x", "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-31790", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.77Z", "LastModifiedDate": "2026-05-12T13:17:34.75Z" }, { "VulnerabilityID": "CVE-2026-40200", "PkgID": "musl@1.2.5-r9", "PkgName": "musl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl@1.2.5-r9?arch=x86_64\u0026distro=3.21.3", "UID": "d0316c4ab0862e6b" }, "InstalledVersion": "1.2.5-r9", "FixedVersion": "1.2.5-r11", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40200", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:8c5b6b902e4f7f88aa0427a8ef9c9979732caa91c8a4d992d1f45ea31cc1657f", "Title": "musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort", "Description": "An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).", "Severity": "HIGH", "CweIDs": [ "CWE-670" ], "VendorSeverity": { "redhat": 3 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/10/13", "https://access.redhat.com/security/cve/CVE-2026-40200", "https://musl.libc.org/releases.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-40200", "https://www.cve.org/CVERecord?id=CVE-2026-40200", "https://www.openwall.com/lists/oss-security/2026/04/10/13" ], "PublishedDate": "2026-04-10T17:17:14.107Z", "LastModifiedDate": "2026-04-27T19:18:46.69Z" }, { "VulnerabilityID": "CVE-2026-6042", "PkgID": "musl@1.2.5-r9", "PkgName": "musl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl@1.2.5-r9?arch=x86_64\u0026distro=3.21.3", "UID": "d0316c4ab0862e6b" }, "InstalledVersion": "1.2.5-r9", "FixedVersion": "1.2.5-r10", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6042", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:89c31813ca04c76a44fd66ed45461b9796d33acc6af0cdd924211e0da48183a7", "Title": "musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv", "Description": "A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.", "Severity": "MEDIUM", "CweIDs": [ "CWE-404", "CWE-407" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/09/19", "https://access.redhat.com/security/cve/CVE-2026-6042", "https://nvd.nist.gov/vuln/detail/CVE-2026-6042", "https://vuldb.com/submit/796352", "https://vuldb.com/vuln/356620", "https://vuldb.com/vuln/356620/cti", "https://www.cve.org/CVERecord?id=CVE-2026-6042", "https://www.openwall.com/lists/oss-security/2026/04/02/10", "https://www.openwall.com/lists/oss-security/2026/04/03/2" ], "PublishedDate": "2026-04-10T09:16:25.45Z", "LastModifiedDate": "2026-04-24T18:01:13.913Z" }, { "VulnerabilityID": "CVE-2026-40200", "PkgID": "musl-utils@1.2.5-r9", "PkgName": "musl-utils", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r9?arch=x86_64\u0026distro=3.21.3", "UID": "8991799c5350cf95" }, "InstalledVersion": "1.2.5-r9", "FixedVersion": "1.2.5-r11", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40200", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:80c15725f1c775d052da32e90f7935b7a87634ee28340ce9eba1f4976d65f6e1", "Title": "musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort", "Description": "An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).", "Severity": "HIGH", "CweIDs": [ "CWE-670" ], "VendorSeverity": { "redhat": 3 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/10/13", "https://access.redhat.com/security/cve/CVE-2026-40200", "https://musl.libc.org/releases.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-40200", "https://www.cve.org/CVERecord?id=CVE-2026-40200", "https://www.openwall.com/lists/oss-security/2026/04/10/13" ], "PublishedDate": "2026-04-10T17:17:14.107Z", "LastModifiedDate": "2026-04-27T19:18:46.69Z" }, { "VulnerabilityID": "CVE-2026-6042", "PkgID": "musl-utils@1.2.5-r9", "PkgName": "musl-utils", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r9?arch=x86_64\u0026distro=3.21.3", "UID": "8991799c5350cf95" }, "InstalledVersion": "1.2.5-r9", "FixedVersion": "1.2.5-r10", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6042", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:53bcf81d550355af5868bf0533fea1e2ed58d56d6a2cf398d18200f21941f976", "Title": "musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv", "Description": "A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.", "Severity": "MEDIUM", "CweIDs": [ "CWE-404", "CWE-407" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/09/19", "https://access.redhat.com/security/cve/CVE-2026-6042", "https://nvd.nist.gov/vuln/detail/CVE-2026-6042", "https://vuldb.com/submit/796352", "https://vuldb.com/vuln/356620", "https://vuldb.com/vuln/356620/cti", "https://www.cve.org/CVERecord?id=CVE-2026-6042", "https://www.openwall.com/lists/oss-security/2026/04/02/10", "https://www.openwall.com/lists/oss-security/2026/04/03/2" ], "PublishedDate": "2026-04-10T09:16:25.45Z", "LastModifiedDate": "2026-04-24T18:01:13.913Z" }, { "VulnerabilityID": "CVE-2026-27135", "PkgID": "nghttp2-libs@1.64.0-r0", "PkgName": "nghttp2-libs", "PkgIdentifier": { "PURL": "pkg:apk/alpine/nghttp2-libs@1.64.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "e522ca22ea4867ac" }, "InstalledVersion": "1.64.0-r0", "FixedVersion": "1.68.1", "Status": "fixed", "Layer": { "Digest": "sha256:eea1b2df9367e4e4d83f4aee0153d2c74b4b99effd5cdd71ea8b13512c219e95", "DiffID": "sha256:87b218847292a8c8c002c0d3002a6aeea0f9404b337066fcde61d7fd14cbdd8e" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27135", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:2bf68d99b1aadee41ab27c1f2298a0fa79b109c14d6e4fef5088be1028b50cb6", "Title": "nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination", "Description": "nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_terminate_session2` is called by the application. They might be called internally by the library when it detects the situation that is subject to connection error. Due to the missing internal state validation, the library keeps reading the rest of the data after one of those APIs is called. Then receiving a malformed frame that causes FRAME_SIZE_ERROR causes assertion failure. nghttp2 v1.68.1 adds missing state validation to avoid assertion failure. No known workarounds are available.", "Severity": "HIGH", "CweIDs": [ "CWE-617" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/20/3", "https://access.redhat.com/errata/RHSA-2026:7896", "https://access.redhat.com/security/cve/CVE-2026-27135", "https://bugzilla.redhat.com/2441268", "https://bugzilla.redhat.com/2442922", "https://bugzilla.redhat.com/2448754", "https://bugzilla.redhat.com/2453151", "https://bugzilla.redhat.com/show_bug.cgi?id=2448754", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27135", "https://errata.almalinux.org/9/ALSA-2026-7896.html", "https://errata.rockylinux.org/RLSA-2026:7668", "https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1", "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6", "https://linux.oracle.com/cve/CVE-2026-27135.html", "https://linux.oracle.com/errata/ELSA-2026-8339.html", "https://lists.debian.org/debian-lts-announce/2026/05/msg00025.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-27135", "https://ubuntu.com/security/notices/USN-8233-1", "https://ubuntu.com/security/notices/USN-8233-2", "https://www.cve.org/CVERecord?id=CVE-2026-27135" ], "PublishedDate": "2026-03-18T18:16:26.723Z", "LastModifiedDate": "2026-05-13T22:16:42.337Z" }, { "VulnerabilityID": "CVE-2024-58251", "PkgID": "ssl_client@1.37.0-r12", "PkgName": "ssl_client", "PkgIdentifier": { "PURL": "pkg:apk/alpine/ssl_client@1.37.0-r12?arch=x86_64\u0026distro=3.21.3", "UID": "7637191a09ed06b3" }, "InstalledVersion": "1.37.0-r12", "FixedVersion": "1.37.0-r14", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:cf9898a48ec8dd0510ce295b6395c89b002091c86789f47de40ac3135d2df8af", "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", "Severity": "MEDIUM", "CweIDs": [ "CWE-150" ], "VendorSeverity": { "ubuntu": 2 }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/23/6", "https://bugs.busybox.net/show_bug.cgi?id=15922", "https://www.busybox.net", "https://www.busybox.net/downloads/", "https://www.cve.org/CVERecord?id=CVE-2024-58251" ], "PublishedDate": "2025-04-23T18:16:03.057Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2026-22184", "PkgID": "zlib@1.3.1-r2", "PkgName": "zlib", "PkgIdentifier": { "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.21.3", "UID": "3b545badcbeb3bc0" }, "InstalledVersion": "1.3.1-r2", "FixedVersion": "1.3.2-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22184", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:393bb3e8bdb0b1d8f86a8fc521ef8de1e6f6dd3aea31d033af28d058ad14303e", "Title": "zlib: zlib: Arbitrary code execution via buffer overflow in untgz utility", "Description": "zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "nvd": 3, "redhat": 3 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "V3Score": 8.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-22184", "https://github.com/madler/zlib", "https://github.com/madler/zlib/issues/1142", "https://nvd.nist.gov/vuln/detail/CVE-2026-22184", "https://seclists.org/fulldisclosure/2026/Jan/3", "https://www.cve.org/CVERecord?id=CVE-2026-22184", "https://www.vulncheck.com/advisories/zlib-untgz-global-buffer-overflow-in-tgzfname", "https://zlib.net/" ], "PublishedDate": "2026-01-07T21:16:01.563Z", "LastModifiedDate": "2026-03-18T16:26:31.14Z" }, { "VulnerabilityID": "CVE-2026-27171", "PkgID": "zlib@1.3.1-r2", "PkgName": "zlib", "PkgIdentifier": { "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.21.3", "UID": "3b545badcbeb3bc0" }, "InstalledVersion": "1.3.1-r2", "FixedVersion": "1.3.2-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27171", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:e40e58309a268e6b1314da0a64b61de61927da632d4fe170a071a1db2f120e1f", "Title": "zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions", "Description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", "Severity": "MEDIUM", "CweIDs": [ "CWE-1284" ], "VendorSeverity": { "amazon": 1, "azure": 1, "cbl-mariner": 1, "julia": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 2.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit", "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", "https://access.redhat.com/security/cve/CVE-2026-27171", "https://github.com/advisories/GHSA-h858-mf2m-8jf4", "https://github.com/madler/zlib/issues/904", "https://github.com/madler/zlib/releases/tag/v1.3.2", "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", "https://ostif.org/zlib-audit-complete", "https://ostif.org/zlib-audit-complete/", "https://www.cve.org/CVERecord?id=CVE-2026-27171" ], "PublishedDate": "2026-02-18T04:16:01.263Z", "LastModifiedDate": "2026-03-25T21:27:04.603Z" } ] }, { "Target": "app/fail2ban_exporter", "Class": "lang-pkgs", "Type": "gobinary", "Packages": [ { "ID": "gitlab.com/hctrdev/fail2ban-prometheus-exporter@v0.10.3", "Name": "gitlab.com/hctrdev/fail2ban-prometheus-exporter", "Identifier": { "PURL": "pkg:golang/gitlab.com/hctrdev/fail2ban-prometheus-exporter@v0.10.3", "UID": "9336168d21905a1d" }, "Version": "v0.10.3", "Relationship": "root", "DependsOn": [ "github.com/alecthomas/kong@v1.10.0", "github.com/aristanetworks/gomap@v0.0.0-20240919214256-2b26376628e1", "github.com/beorn7/perks@v1.0.1", "github.com/cespare/xxhash/v2@v2.3.0", "github.com/kisielk/og-rek@v1.3.0", "github.com/klauspost/compress@v1.18.0", "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", "github.com/nlpodyssey/gopickle@v0.3.0", "github.com/prometheus/client_golang@v1.21.1", "github.com/prometheus/client_model@v0.6.1", "github.com/prometheus/common@v0.63.0", "github.com/prometheus/procfs@v0.16.0", "golang.org/x/sys@v0.31.0", "golang.org/x/text@v0.23.0", "google.golang.org/protobuf@v1.36.6", "stdlib@v1.24.1" ], "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "AnalyzedBy": "gobinary" }, { "ID": "stdlib@v1.24.1", "Name": "stdlib", "Identifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9260dd29e19c23a4" }, "Version": "v1.24.1", "Relationship": "direct", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/alecthomas/kong@v1.10.0", "Name": "github.com/alecthomas/kong", "Identifier": { "PURL": "pkg:golang/github.com/alecthomas/kong@v1.10.0", "UID": "879cb59119f5bbf" }, "Version": "v1.10.0", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aristanetworks/gomap@v0.0.0-20240919214256-2b26376628e1", "Name": "github.com/aristanetworks/gomap", "Identifier": { "PURL": "pkg:golang/github.com/aristanetworks/gomap@v0.0.0-20240919214256-2b26376628e1", "UID": "68ad3663ae8bfde1" }, "Version": "v0.0.0-20240919214256-2b26376628e1", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/beorn7/perks@v1.0.1", "Name": "github.com/beorn7/perks", "Identifier": { "PURL": "pkg:golang/github.com/beorn7/perks@v1.0.1", "UID": "2f202ebf6179f939" }, "Version": "v1.0.1", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cespare/xxhash/v2@v2.3.0", "Name": "github.com/cespare/xxhash/v2", "Identifier": { "PURL": "pkg:golang/github.com/cespare/xxhash/v2@v2.3.0", "UID": "ee0d00395cec0c5c" }, "Version": "v2.3.0", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/kisielk/og-rek@v1.3.0", "Name": "github.com/kisielk/og-rek", "Identifier": { "PURL": "pkg:golang/github.com/kisielk/og-rek@v1.3.0", "UID": "51c70a58f8def640" }, "Version": "v1.3.0", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/klauspost/compress@v1.18.0", "Name": "github.com/klauspost/compress", "Identifier": { "PURL": "pkg:golang/github.com/klauspost/compress@v1.18.0", "UID": "bd9636263a279842" }, "Version": "v1.18.0", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", "Name": "github.com/munnerz/goautoneg", "Identifier": { "PURL": "pkg:golang/github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", "UID": "906f4cd5115832d1" }, "Version": "v0.0.0-20191010083416-a7dc8b61c822", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/nlpodyssey/gopickle@v0.3.0", "Name": "github.com/nlpodyssey/gopickle", "Identifier": { "PURL": "pkg:golang/github.com/nlpodyssey/gopickle@v0.3.0", "UID": "9f52e8658ff1482c" }, "Version": "v0.3.0", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/client_golang@v1.21.1", "Name": "github.com/prometheus/client_golang", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/client_golang@v1.21.1", "UID": "f44fc79438e76c31" }, "Version": "v1.21.1", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/client_model@v0.6.1", "Name": "github.com/prometheus/client_model", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/client_model@v0.6.1", "UID": "40257b651669b1f7" }, "Version": "v0.6.1", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/common@v0.63.0", "Name": "github.com/prometheus/common", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/common@v0.63.0", "UID": "124b4e6827e0eb3e" }, "Version": "v0.63.0", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/procfs@v0.16.0", "Name": "github.com/prometheus/procfs", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/procfs@v0.16.0", "UID": "cf6202649523a8f9" }, "Version": "v0.16.0", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/sys@v0.31.0", "Name": "golang.org/x/sys", "Identifier": { "PURL": "pkg:golang/golang.org/x/sys@v0.31.0", "UID": "118c3832c8d92898" }, "Version": "v0.31.0", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/text@v0.23.0", "Name": "golang.org/x/text", "Identifier": { "PURL": "pkg:golang/golang.org/x/text@v0.23.0", "UID": "d6523e39b7720139" }, "Version": "v0.23.0", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/protobuf@v1.36.6", "Name": "google.golang.org/protobuf", "Identifier": { "PURL": "pkg:golang/google.golang.org/protobuf@v1.36.6", "UID": "2c8889f21d5c7c94" }, "Version": "v1.36.6", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "AnalyzedBy": "gobinary" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2025-68121", "VendorIDs": [ "GO-2026-4337" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9260dd29e19c23a4" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3", "Status": "fixed", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68121", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:5da2e70c1a1b0ada794973eec9d313e65d343403a5ca733f84059d2adc29edd5", "Title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption", "Description": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.", "Severity": "CRITICAL", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 4, "cbl-mariner": 2, "nvd": 4, "oracle-oval": 3, "photon": 4, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "V3Score": 10 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "V3Score": 10 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4177", "https://access.redhat.com/security/cve/CVE-2025-68121", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-4177.html", "https://errata.rockylinux.org/RLSA-2026:4177", "https://github.com/golang/go/issues/77113", "https://go.dev/cl/737700", "https://go.dev/issue/77217", "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-68121.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-68121", "https://pkg.go.dev/vuln/GO-2026-4337", "https://www.cve.org/CVERecord?id=CVE-2025-68121" ], "PublishedDate": "2026-02-05T18:16:10.857Z", "LastModifiedDate": "2026-04-29T14:16:16.17Z" }, { "VulnerabilityID": "CVE-2025-22874", "VendorIDs": [ "GO-2025-3749" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9260dd29e19c23a4" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.4", "Status": "fixed", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22874", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:7effe853a3545b4a808a8cc8574e4a2549d4c5d0327aa7432d17eb472bcd829c", "Title": "crypto/x509: Usage of ExtKeyUsageAny disables policy validation in crypto/x509", "Description": "Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.", "Severity": "HIGH", "VendorSeverity": { "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "redhat": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22874", "https://go.dev/cl/670375", "https://go.dev/issue/73612", "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "https://nvd.nist.gov/vuln/detail/CVE-2025-22874", "https://pkg.go.dev/vuln/GO-2025-3749", "https://www.cve.org/CVERecord?id=CVE-2025-22874" ], "PublishedDate": "2025-06-11T17:15:42.167Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-61726", "VendorIDs": [ "GO-2026-4341" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9260dd29e19c23a4" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61726", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:772968446b7b15c315c5f7502abc7171184278c06b319c84073dad26cf447b9f", "Title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url", "Description": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 3, "cbl-mariner": 2, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4177", "https://access.redhat.com/security/cve/CVE-2025-61726", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-4177.html", "https://errata.rockylinux.org/RLSA-2026:4177", "https://go.dev/cl/736712", "https://go.dev/issue/77101", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-61726.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61726", "https://pkg.go.dev/vuln/GO-2026-4341", "https://www.cve.org/CVERecord?id=CVE-2025-61726" ], "PublishedDate": "2026-01-28T20:16:09.713Z", "LastModifiedDate": "2026-02-06T18:47:34.52Z" }, { "VulnerabilityID": "CVE-2025-61729", "VendorIDs": [ "GO-2025-4155" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9260dd29e19c23a4" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.11, 1.25.5", "Status": "fixed", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61729", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b704a8b29225fda99355b6c44334d6b35b5e828c7220e349933ebda6ffd94bde", "Title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate", "Description": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 1, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:3928", "https://access.redhat.com/security/cve/CVE-2025-61729", "https://bugzilla.redhat.com/2418462", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-3928.html", "https://errata.rockylinux.org/RLSA-2026:3928", "https://go.dev/cl/725920", "https://go.dev/issue/76445", "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "https://linux.oracle.com/cve/CVE-2025-61729.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61729", "https://pkg.go.dev/vuln/GO-2025-4155", "https://www.cve.org/CVERecord?id=CVE-2025-61729" ], "PublishedDate": "2025-12-02T19:15:51.447Z", "LastModifiedDate": "2025-12-19T18:25:28.283Z" }, { "VulnerabilityID": "CVE-2026-25679", "VendorIDs": [ "GO-2026-4601" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9260dd29e19c23a4" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.8, 1.26.1", "Status": "fixed", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25679", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c18cd85cc42757048b44a09df42a472a8985354297abc9847ee419d131e4fbcd", "Title": "net/url: Incorrect parsing of IPv6 host literals in net/url", "Description": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.", "Severity": "HIGH", "CweIDs": [ "CWE-425" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:9044", "https://access.redhat.com/security/cve/CVE-2026-25679", "https://bugzilla.redhat.com/2445356", "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", "https://errata.almalinux.org/9/ALSA-2026-9044.html", "https://errata.rockylinux.org/RLSA-2026:8841", "https://go.dev/cl/752180", "https://go.dev/issue/77578", "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "https://linux.oracle.com/cve/CVE-2026-25679.html", "https://linux.oracle.com/errata/ELSA-2026-9044.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", "https://pkg.go.dev/vuln/GO-2026-4601", "https://www.cve.org/CVERecord?id=CVE-2026-25679" ], "PublishedDate": "2026-03-06T22:16:00.72Z", "LastModifiedDate": "2026-04-21T14:43:03.8Z" }, { "VulnerabilityID": "CVE-2026-32280", "VendorIDs": [ "GO-2026-4947" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9260dd29e19c23a4" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:6085126cfbc6e9e02e547355980b85e716841a01c28b7ae2d47ca18900988c0e", "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32280", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/758320", "https://go.dev/issue/78282", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32280.html", "https://linux.oracle.com/errata/ELSA-2026-16875.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", "https://pkg.go.dev/vuln/GO-2026-4947", "https://www.cve.org/CVERecord?id=CVE-2026-32280" ], "PublishedDate": "2026-04-08T02:16:03.247Z", "LastModifiedDate": "2026-04-16T19:16:42.18Z" }, { "VulnerabilityID": "CVE-2026-32281", "VendorIDs": [ "GO-2026-4946" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9260dd29e19c23a4" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:fb0ae563be6c22bed08cf651a9c776e2cb2d1ba9b6a9648be90cdc382ca53c42", "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32281", "https://go.dev/cl/758061", "https://go.dev/issue/78281", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", "https://pkg.go.dev/vuln/GO-2026-4946", "https://www.cve.org/CVERecord?id=CVE-2026-32281" ], "PublishedDate": "2026-04-08T02:16:03.35Z", "LastModifiedDate": "2026-04-16T19:15:57.75Z" }, { "VulnerabilityID": "CVE-2026-32283", "VendorIDs": [ "GO-2026-4870" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9260dd29e19c23a4" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:6bbe806b3d7e3b254acc482f86772f5c61f20db469baf80505b6a44f7159140f", "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "nvd": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32283", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763767", "https://go.dev/issue/78334", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32283.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", "https://pkg.go.dev/vuln/GO-2026-4870", "https://www.cve.org/CVERecord?id=CVE-2026-32283" ], "PublishedDate": "2026-04-08T02:16:03.58Z", "LastModifiedDate": "2026-04-16T19:12:10.54Z" }, { "VulnerabilityID": "CVE-2026-33811", "VendorIDs": [ "GO-2026-4981" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9260dd29e19c23a4" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c2b281d5596eba0e5d387742557eb17aff12a74b71e391c5817d68a4553d6851", "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", "Severity": "HIGH", "CweIDs": [ "CWE-415" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/767860", "https://go.dev/issue/78803", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", "https://pkg.go.dev/vuln/GO-2026-4981" ], "PublishedDate": "2026-05-07T20:16:42.77Z", "LastModifiedDate": "2026-05-12T20:23:02.333Z" }, { "VulnerabilityID": "CVE-2026-33814", "VendorIDs": [ "GO-2026-4918" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9260dd29e19c23a4" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:54c866545df52f3c87f8325cb1d0381afb41a6bde73032a52ace13832f752f90", "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", "Severity": "HIGH", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/761581", "https://go.dev/cl/761640", "https://go.dev/issue/78476", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", "https://pkg.go.dev/vuln/GO-2026-4918" ], "PublishedDate": "2026-05-07T20:16:42.88Z", "LastModifiedDate": "2026-05-13T14:41:59.52Z" }, { "VulnerabilityID": "CVE-2026-39820", "VendorIDs": [ "GO-2026-4986" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9260dd29e19c23a4" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c8147ad07e1bb16f8dfd574bceeb0c0f054ba0fd667046e1db1b847e3938d3f6", "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/759940", "https://go.dev/issue/78566", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", "https://pkg.go.dev/vuln/GO-2026-4986" ], "PublishedDate": "2026-05-07T20:16:43.187Z", "LastModifiedDate": "2026-05-13T15:10:58.65Z" }, { "VulnerabilityID": "CVE-2026-39836", "VendorIDs": [ "GO-2026-4971" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9260dd29e19c23a4" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:cce7533e2b543404103eec7ae0a352ef6b5a0e949ac9c7f32886d035d1403973", "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/775320", "https://go.dev/issue/79006", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", "https://pkg.go.dev/vuln/GO-2026-4971" ], "PublishedDate": "2026-05-07T20:16:43.593Z", "LastModifiedDate": "2026-05-13T15:11:10.31Z" }, { "VulnerabilityID": "CVE-2026-42499", "VendorIDs": [ "GO-2026-4977" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9260dd29e19c23a4" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3bc88953eac77cfb88d9039560193453f0e48326dc91857ec85b07d9a3a84f6a", "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", "Severity": "HIGH", "VendorSeverity": { "bitnami": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/771520", "https://go.dev/issue/78987", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", "https://pkg.go.dev/vuln/GO-2026-4977" ], "PublishedDate": "2026-05-07T20:16:44.54Z", "LastModifiedDate": "2026-05-13T16:59:17.563Z" }, { "VulnerabilityID": "CVE-2025-0913", "VendorIDs": [ "GO-2025-3750" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9260dd29e19c23a4" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.23.10, 1.24.4", "Status": "fixed", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:81ee99e285438b4ae6f67701809b1902e67aeb0239ff6880e1da3eef7860b0ad", "Title": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", "Description": "os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 } }, "References": [ "https://go.dev/cl/672396", "https://go.dev/issue/73702", "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "https://nvd.nist.gov/vuln/detail/CVE-2025-0913", "https://pkg.go.dev/vuln/GO-2025-3750" ], "PublishedDate": "2025-06-11T18:15:24.627Z", "LastModifiedDate": "2025-08-08T14:53:03.55Z" }, { "VulnerabilityID": "CVE-2025-22871", "VendorIDs": [ "GO-2025-3563" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9260dd29e19c23a4" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.23.8, 1.24.2", "Status": "fixed", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22871", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:73775ab570f36258822fb1538366fad83f8eaed2bcfe644c86945fe65cc27b43", "Title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http", "Description": "The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 4, "cbl-mariner": 3, "ghsa": 4, "oracle-oval": 2, "photon": 4, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/04/4", "https://access.redhat.com/errata/RHSA-2025:9635", "https://access.redhat.com/security/cve/CVE-2025-22871", "https://bugzilla.redhat.com/2358493", "https://bugzilla.redhat.com/show_bug.cgi?id=2358493", "https://cert-portal.siemens.com/productcert/html/ssa-783943.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871", "https://errata.almalinux.org/9/ALSA-2025-9635.html", "https://errata.rockylinux.org/RLSA-2025:9635", "https://github.com/roadrunner-server/roadrunner", "https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa", "https://github.com/roadrunner-server/roadrunner/issues/2166", "https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0", "https://go.dev/cl/652998", "https://go.dev/issue/71988", "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk", "https://linux.oracle.com/cve/CVE-2025-22871.html", "https://linux.oracle.com/errata/ELSA-2025-9845.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-22871", "https://pkg.go.dev/vuln/GO-2025-3563", "https://www.cve.org/CVERecord?id=CVE-2025-22871" ], "PublishedDate": "2025-04-08T20:15:20.183Z", "LastModifiedDate": "2026-05-12T13:16:39.897Z" }, { "VulnerabilityID": "CVE-2025-22873", "VendorIDs": [ "GO-2026-4403" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9260dd29e19c23a4" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.23.9, 1.24.3", "Status": "fixed", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22873", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:bac49db994082806d6e49badd90d431bf16f57830068d518b66337286058d826", "Title": "os: os: Information disclosure via path traversal using specially crafted filenames", "Description": "It was possible to improperly access the parent directory of an os.Root by opening a filename ending in \"../\". For example, Root.Open(\"../\") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.", "Severity": "MEDIUM", "CweIDs": [ "CWE-23" ], "VendorSeverity": { "amazon": 2, "bitnami": 1, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "V3Score": 3.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/05/06/2", "https://access.redhat.com/security/cve/CVE-2025-22873", "https://go.dev/cl/670036", "https://go.dev/issue/73555", "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ", "https://nvd.nist.gov/vuln/detail/CVE-2025-22873", "https://pkg.go.dev/vuln/GO-2026-4403", "https://www.cve.org/CVERecord?id=CVE-2025-22873" ], "PublishedDate": "2026-02-04T23:15:54.22Z", "LastModifiedDate": "2026-02-10T15:16:40.057Z" }, { "VulnerabilityID": "CVE-2025-4673", "VendorIDs": [ "GO-2025-3751" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9260dd29e19c23a4" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.23.10, 1.24.4", "Status": "fixed", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:ebf1330c5943b513bd1dafa3420930584d67ee6539d98f66db1cc6da0ac1fcd0", "Title": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", "Description": "Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "V3Score": 6.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "V3Score": 6.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:15887", "https://access.redhat.com/security/cve/CVE-2025-4673", "https://bugzilla.redhat.com/2373305", "https://bugzilla.redhat.com/show_bug.cgi?id=2373305", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673", "https://errata.almalinux.org/9/ALSA-2025-15887.html", "https://errata.rockylinux.org/RLSA-2025:15887", "https://go.dev/cl/679257", "https://go.dev/issue/73816", "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "https://linux.oracle.com/cve/CVE-2025-4673.html", "https://linux.oracle.com/errata/ELSA-2025-10677.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-4673", "https://pkg.go.dev/vuln/GO-2025-3751", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-4673" ], "PublishedDate": "2025-06-11T17:15:42.993Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-47906", "VendorIDs": [ "GO-2025-3956" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9260dd29e19c23a4" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.23.12, 1.24.6", "Status": "fixed", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:68893530c46807a7f7fc75967ccadb15e7715ed582d113891a28655b2312beb9", "Title": "os/exec: Unexpected paths returned from LookPath in os/exec", "Description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/08/06/1", "https://access.redhat.com/errata/RHSA-2025:22005", "https://access.redhat.com/security/cve/CVE-2025-47906", "https://bugzilla.redhat.com/2396546", "https://bugzilla.redhat.com/show_bug.cgi?id=2396546", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906", "https://errata.almalinux.org/9/ALSA-2025-22005.html", "https://errata.rockylinux.org/RLSA-2025:22005", "https://go.dev/cl/691775", "https://go.dev/issue/74466", "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", "https://linux.oracle.com/cve/CVE-2025-47906.html", "https://linux.oracle.com/errata/ELSA-2025-22668.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-47906", "https://pkg.go.dev/vuln/GO-2025-3956", "https://www.cve.org/CVERecord?id=CVE-2025-47906" ], "PublishedDate": "2025-09-18T19:15:37.66Z", "LastModifiedDate": "2026-01-27T19:56:17.707Z" }, { "VulnerabilityID": "CVE-2025-47907", "VendorIDs": [ "GO-2025-3849" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9260dd29e19c23a4" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.23.12, 1.24.6", "Status": "fixed", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:509fc9012f1e9faaece6bee41a06669d2f5f258025e2b0e1a08d6f0ba7001ee9", "Title": "database/sql: Postgres Scan Race Condition", "Description": "Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "V3Score": 7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/08/06/1", "https://access.redhat.com/errata/RHSA-2025:20909", "https://access.redhat.com/security/cve/CVE-2025-47907", "https://bugzilla.redhat.com/2387083", "https://bugzilla.redhat.com/2393152", "https://errata.almalinux.org/9/ALSA-2025-20909.html", "https://go.dev/cl/693735", "https://go.dev/issue/74831", "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", "https://linux.oracle.com/cve/CVE-2025-47907.html", "https://linux.oracle.com/errata/ELSA-2025-20983.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-47907", "https://pkg.go.dev/vuln/GO-2025-3849", "https://www.cve.org/CVERecord?id=CVE-2025-47907" ], "PublishedDate": "2025-08-07T16:15:30.357Z", "LastModifiedDate": "2026-01-29T19:11:50.67Z" }, { "VulnerabilityID": "CVE-2025-47912", "VendorIDs": [ "GO-2025-4010" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9260dd29e19c23a4" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47912", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:34f76a054880b1f01c5e1900532d5fa8ad4cc22be00634f02206423bba40110b", "Title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url", "Description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-47912", "https://go.dev/cl/709857", "https://go.dev/issue/75678", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-47912", "https://pkg.go.dev/vuln/GO-2025-4010", "https://www.cve.org/CVERecord?id=CVE-2025-47912" ], "PublishedDate": "2025-10-29T23:16:18.187Z", "LastModifiedDate": "2026-01-29T13:57:18.69Z" }, { "VulnerabilityID": "CVE-2025-58183", "VendorIDs": [ "GO-2025-4014" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9260dd29e19c23a4" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58183", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c451cb14726dc4393711440f61218e316ecad3b0ae3a43a72ab86950c1bda02e", "Title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map", "Description": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/errata/RHSA-2026:1381", "https://access.redhat.com/security/cve/CVE-2025-58183", "https://bugzilla.redhat.com/2407258", "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", "https://errata.almalinux.org/9/ALSA-2026-1381.html", "https://errata.rockylinux.org/RLSA-2025:23326", "https://go.dev/cl/709861", "https://go.dev/issue/75677", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://linux.oracle.com/cve/CVE-2025-58183.html", "https://linux.oracle.com/errata/ELSA-2026-50076.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-58183", "https://pkg.go.dev/vuln/GO-2025-4014", "https://www.cve.org/CVERecord?id=CVE-2025-58183" ], "PublishedDate": "2025-10-29T23:16:19.357Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-58185", "VendorIDs": [ "GO-2025-4011" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9260dd29e19c23a4" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58185", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3648b537c549c95de0d57d94bfb43779daa5a76bad9baff35d2017e2ab215e26", "Title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1", "Description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58185", "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd", "https://go.dev/cl/709856", "https://go.dev/issue/75671", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58185", "https://pkg.go.dev/vuln/GO-2025-4011", "https://www.cve.org/CVERecord?id=CVE-2025-58185" ], "PublishedDate": "2025-10-29T23:16:19.45Z", "LastModifiedDate": "2026-02-06T20:26:41.997Z" }, { "VulnerabilityID": "CVE-2025-58187", "VendorIDs": [ "GO-2025-4007" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9260dd29e19c23a4" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.9, 1.25.3", "Status": "fixed", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58187", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:0f63234fa6fb597526d5c6077190210fcf43f4d854177ca4d6a2570609237d58", "Title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509", "Description": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.", "Severity": "MEDIUM", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58187", "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4", "https://go.dev/cl/709854", "https://go.dev/issue/75681", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58187", "https://pkg.go.dev/vuln/GO-2025-4007", "https://www.cve.org/CVERecord?id=CVE-2025-58187" ], "PublishedDate": "2025-10-29T23:16:19.643Z", "LastModifiedDate": "2026-01-29T16:02:27.08Z" }, { "VulnerabilityID": "CVE-2025-58188", "VendorIDs": [ "GO-2025-4013" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9260dd29e19c23a4" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58188", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:e11d80a7897c80ab33582e61184acb6bf43c085bdd790e3cce73a10657bea303", "Title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509", "Description": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58188", "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9", "https://go.dev/cl/709853", "https://go.dev/issue/75675", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58188", "https://pkg.go.dev/vuln/GO-2025-4013", "https://www.cve.org/CVERecord?id=CVE-2025-58188" ], "PublishedDate": "2025-10-29T23:16:19.74Z", "LastModifiedDate": "2026-01-29T15:55:11.97Z" }, { "VulnerabilityID": "CVE-2025-58189", "VendorIDs": [ "GO-2025-4008" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9260dd29e19c23a4" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58189", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:614d06fabd57599d6c06aaf4ca70fda211319fb6e7543c00af4c0632b3602b4e", "Title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information", "Description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", "Severity": "MEDIUM", "CweIDs": [ "CWE-532" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58189", "https://go.dev/cl/707776", "https://go.dev/issue/75652", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58189", "https://pkg.go.dev/vuln/GO-2025-4008", "https://www.cve.org/CVERecord?id=CVE-2025-58189" ], "PublishedDate": "2025-10-29T23:16:19.833Z", "LastModifiedDate": "2026-01-29T15:49:24.543Z" }, { "VulnerabilityID": "CVE-2025-61723", "VendorIDs": [ "GO-2025-4009" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9260dd29e19c23a4" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61723", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:0c836097c95ba045d6e9e710869e8f8d63e95f64063ed6a2a046854427cdad14", "Title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem", "Description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61723", "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b", "https://go.dev/cl/709858", "https://go.dev/issue/75676", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61723", "https://pkg.go.dev/vuln/GO-2025-4009", "https://www.cve.org/CVERecord?id=CVE-2025-61723" ], "PublishedDate": "2025-10-29T23:16:19.927Z", "LastModifiedDate": "2026-01-29T15:49:05.343Z" }, { "VulnerabilityID": "CVE-2025-61724", "VendorIDs": [ "GO-2025-4015" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9260dd29e19c23a4" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61724", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:350139d9ab6cf6ba6494a2ef90dc10df700fad24c7da3af81f9d7bc9db375a68", "Title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto", "Description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61724", "https://go.dev/cl/709859", "https://go.dev/issue/75716", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61724", "https://pkg.go.dev/vuln/GO-2025-4015", "https://www.cve.org/CVERecord?id=CVE-2025-61724" ], "PublishedDate": "2025-10-29T23:16:20.02Z", "LastModifiedDate": "2026-01-29T15:30:53.69Z" }, { "VulnerabilityID": "CVE-2025-61725", "VendorIDs": [ "GO-2025-4006" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9260dd29e19c23a4" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61725", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:9416abdddc52351ec0505b7d35089f35d5eb1b661c7d7a862154ec48fb05c55b", "Title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail", "Description": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61725", "https://go.dev/cl/709860", "https://go.dev/issue/75680", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61725", "https://pkg.go.dev/vuln/GO-2025-4006", "https://www.cve.org/CVERecord?id=CVE-2025-61725" ], "PublishedDate": "2025-10-29T23:16:20.113Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-61727", "VendorIDs": [ "GO-2025-4175" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9260dd29e19c23a4" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.11, 1.25.5", "Status": "fixed", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61727", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f103d1584d7c7754e0c485ac30786937ff1c67b68c9af52332d524ff9a916822", "Title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs", "Description": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-61727", "https://go.dev/cl/723900", "https://go.dev/issue/76442", "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "https://nvd.nist.gov/vuln/detail/CVE-2025-61727", "https://pkg.go.dev/vuln/GO-2025-4175", "https://www.cve.org/CVERecord?id=CVE-2025-61727" ], "PublishedDate": "2025-12-03T20:16:25.607Z", "LastModifiedDate": "2025-12-18T20:15:10.957Z" }, { "VulnerabilityID": "CVE-2025-61728", "VendorIDs": [ "GO-2026-4342" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9260dd29e19c23a4" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61728", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:d2698138bde30ff01a4850b59368c672392587e627fd33707091795fce60f6e8", "Title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip", "Description": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/15/4", "https://access.redhat.com/errata/RHSA-2026:3753", "https://access.redhat.com/security/cve/CVE-2025-61728", "https://bugzilla.redhat.com/2418462", "https://bugzilla.redhat.com/2434431", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", "https://bugzilla.redhat.com/show_bug.cgi?id=2434431", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-3753.html", "https://errata.rockylinux.org/RLSA-2026:3337", "https://go.dev/cl/736713", "https://go.dev/issue/77102", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-61728.html", "https://linux.oracle.com/errata/ELSA-2026-4672.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61728", "https://pkg.go.dev/vuln/GO-2026-4342", "https://www.cve.org/CVERecord?id=CVE-2025-61728" ], "PublishedDate": "2026-01-28T20:16:09.83Z", "LastModifiedDate": "2026-02-06T18:45:10.42Z" }, { "VulnerabilityID": "CVE-2025-61730", "VendorIDs": [ "GO-2026-4340" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9260dd29e19c23a4" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61730", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c755d9ed3ad868c19ad59cc682c9f83f6b87ae2a428b2ce08a5357068ae4ee36", "Title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls", "Description": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 2, "azure": 1, "bitnami": 2, "cbl-mariner": 1, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-61730", "https://go.dev/cl/724120", "https://go.dev/issue/76443", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://nvd.nist.gov/vuln/detail/CVE-2025-61730", "https://pkg.go.dev/vuln/GO-2026-4340", "https://www.cve.org/CVERecord?id=CVE-2025-61730" ], "PublishedDate": "2026-01-28T20:16:09.94Z", "LastModifiedDate": "2026-02-03T20:36:41.3Z" }, { "VulnerabilityID": "CVE-2026-27142", "VendorIDs": [ "GO-2026-4603" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9260dd29e19c23a4" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.8, 1.26.1", "Status": "fixed", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27142", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:311d3b20e4c33632e47fd1155f2d796434a44ed77016c83204736c895be73be0", "Title": "html/template: URLs in meta content attribute actions are not escaped in html/template", "Description": "Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27142", "https://go.dev/cl/752081", "https://go.dev/issue/77954", "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "https://nvd.nist.gov/vuln/detail/CVE-2026-27142", "https://pkg.go.dev/vuln/GO-2026-4603", "https://www.cve.org/CVERecord?id=CVE-2026-27142" ], "PublishedDate": "2026-03-06T22:16:01.177Z", "LastModifiedDate": "2026-04-21T14:30:01.38Z" }, { "VulnerabilityID": "CVE-2026-32282", "VendorIDs": [ "GO-2026-4864" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9260dd29e19c23a4" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:65f98746c8e86a01af8dc1913e9722fd3c416071237de30f28978fd9c5fa9623", "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32282", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763761", "https://go.dev/issue/78293", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32282.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", "https://pkg.go.dev/vuln/GO-2026-4864", "https://www.cve.org/CVERecord?id=CVE-2026-32282" ], "PublishedDate": "2026-04-08T02:16:03.467Z", "LastModifiedDate": "2026-04-16T19:15:39.4Z" }, { "VulnerabilityID": "CVE-2026-32288", "VendorIDs": [ "GO-2026-4869" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9260dd29e19c23a4" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3d545dad2319144a8be096eb1b93d11f7041d6241fd93ca1e941b00dccd6a384", "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "azure": 2, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32288", "https://go.dev/cl/763766", "https://go.dev/issue/78301", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", "https://pkg.go.dev/vuln/GO-2026-4869", "https://www.cve.org/CVERecord?id=CVE-2026-32288" ], "PublishedDate": "2026-04-08T02:16:03.707Z", "LastModifiedDate": "2026-04-16T19:08:52.24Z" }, { "VulnerabilityID": "CVE-2026-32289", "VendorIDs": [ "GO-2026-4865" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9260dd29e19c23a4" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f95a3d406d60cadc57e3ccc207b71b717b85d5760bdd705785f8b24b3731c94a", "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32289", "https://go.dev/cl/763762", "https://go.dev/issue/78331", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", "https://pkg.go.dev/vuln/GO-2026-4865", "https://www.cve.org/CVERecord?id=CVE-2026-32289" ], "PublishedDate": "2026-04-08T02:16:03.82Z", "LastModifiedDate": "2026-04-16T19:06:57.367Z" }, { "VulnerabilityID": "CVE-2026-39823", "VendorIDs": [ "GO-2026-4982" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9260dd29e19c23a4" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:0edc5dcaf7d56501062c12ab29f86cefdc667d94b39a0fc52dca3edae35bf7cd", "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/769920", "https://go.dev/issue/78913", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", "https://pkg.go.dev/vuln/GO-2026-4982" ], "PublishedDate": "2026-05-07T20:16:43.29Z", "LastModifiedDate": "2026-05-13T16:58:45.697Z" }, { "VulnerabilityID": "CVE-2026-39825", "VendorIDs": [ "GO-2026-4976" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9260dd29e19c23a4" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:49814494d21ec96d35412b2252a91f9030b7b33ee8c02d68fba580c8900aa73c", "Title": "ReverseProxy can forward queries containing parameters not visible to ...", "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", "Severity": "MEDIUM", "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://go.dev/cl/770541", "https://go.dev/issue/78948", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", "https://pkg.go.dev/vuln/GO-2026-4976" ], "PublishedDate": "2026-05-07T20:16:43.39Z", "LastModifiedDate": "2026-05-13T16:58:56.39Z" }, { "VulnerabilityID": "CVE-2026-39826", "VendorIDs": [ "GO-2026-4980" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9260dd29e19c23a4" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:a1c14335f0336c28cdac625106be2bb01c9409422334ee31cd6357fa80644568", "DiffID": "sha256:7cb6b1e9a1396710eaccebfd33dd28019fa533285fea04264073b52ed0feea11" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:5cc236f4f473741e6884fe9b5390e95f39ab9232fbfdcd9556506a4cf3f4ac76", "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", "Severity": "MEDIUM", "CweIDs": [ "CWE-116" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/771180", "https://go.dev/issue/78981", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", "https://pkg.go.dev/vuln/GO-2026-4980" ], "PublishedDate": "2026-05-07T20:16:43.49Z", "LastModifiedDate": "2026-05-13T16:59:07.48Z" } ] } ] }, { "Namespace": "prometheus", "Kind": "Deployment", "Name": "node-exporter", "Metadata": [ { "Size": 26442240, "ImageID": "sha256:47509d7f7c15a729686d9d5eccec66abd4b2495d9ae01f637f63e6375fe93f8b", "DiffIDs": [ "sha256:fe8da3eab3143a4922924a1e6a2de9594bc47a5a577ac77f08d9de875307621a", "sha256:70764c8e5028cb89f3dd78d9afb5da1c5027bd867d446be30a9589836c5708ff", "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" ], "RepoTags": [ "quay.io/prometheus/node-exporter:latest" ], "RepoDigests": [ "quay.io/prometheus/node-exporter@sha256:0f422f62c15f154af8d8572b23d623aebfb10cec73a5c654d18f911f3f9df241" ], "Reference": "quay.io/prometheus/node-exporter:latest", "ImageConfig": { "architecture": "amd64", "author": "The Prometheus Authors \u003cprometheus-developers@googlegroups.com\u003e", "created": "2026-04-07T15:51:25.177329481Z", "history": [ { "created": "2024-09-26T21:31:42Z", "created_by": "BusyBox 1.37.0 (uclibc), Buildroot 2025.11.2, Debian 13" }, { "created": "2026-03-15T10:55:08.806172887Z", "created_by": "MAINTAINER The Prometheus Authors \u003cprometheus-developers@googlegroups.com\u003e", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-03-15T10:55:08.806172887Z", "created_by": "COPY /rootfs / # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-04-07T15:51:25.177329481Z", "created_by": "LABEL maintainer=The Prometheus Authors \u003cprometheus-developers@googlegroups.com\u003e", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-04-07T15:51:25.177329481Z", "created_by": "LABEL org.opencontainers.image.authors=The Prometheus Authors", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-04-07T15:51:25.177329481Z", "created_by": "LABEL org.opencontainers.image.vendor=Prometheus", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-04-07T15:51:25.177329481Z", "created_by": "LABEL org.opencontainers.image.title=node_exporter", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-04-07T15:51:25.177329481Z", "created_by": "LABEL org.opencontainers.image.description=Prometheus exporter for hardware and OS metrics exposed by *NIX kernels", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-04-07T15:51:25.177329481Z", "created_by": "LABEL org.opencontainers.image.source=https://github.com/prometheus/node_exporter", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-04-07T15:51:25.177329481Z", "created_by": "LABEL org.opencontainers.image.url=https://github.com/prometheus/node_exporter", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-04-07T15:51:25.177329481Z", "created_by": "LABEL org.opencontainers.image.documentation=https://github.com/prometheus/node_exporter", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-04-07T15:51:25.177329481Z", "created_by": "LABEL org.opencontainers.image.licenses=Apache License 2.0", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-04-07T15:51:25.177329481Z", "created_by": "LABEL io.prometheus.image.variant=busybox", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-04-07T15:51:25.177329481Z", "created_by": "ARG ARCH=amd64", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-04-07T15:51:25.177329481Z", "created_by": "ARG OS=linux", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-04-07T15:51:25.177329481Z", "created_by": "COPY .build/linux-amd64/node_exporter /bin/node_exporter # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-04-07T15:51:25.177329481Z", "created_by": "EXPOSE map[9100/tcp:{}]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-04-07T15:51:25.177329481Z", "created_by": "USER nobody", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-04-07T15:51:25.177329481Z", "created_by": "ENTRYPOINT [\"/bin/node_exporter\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true } ], "os": "linux", "rootfs": { "type": "layers", "diff_ids": [ "sha256:fe8da3eab3143a4922924a1e6a2de9594bc47a5a577ac77f08d9de875307621a", "sha256:70764c8e5028cb89f3dd78d9afb5da1c5027bd867d446be30a9589836c5708ff", "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" ] }, "config": { "Entrypoint": [ "/bin/node_exporter" ], "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ], "Labels": { "io.prometheus.image.variant": "busybox", "maintainer": "The Prometheus Authors \u003cprometheus-developers@googlegroups.com\u003e", "org.opencontainers.image.authors": "The Prometheus Authors", "org.opencontainers.image.description": "Prometheus exporter for hardware and OS metrics exposed by *NIX kernels", "org.opencontainers.image.documentation": "https://github.com/prometheus/node_exporter", "org.opencontainers.image.licenses": "Apache License 2.0", "org.opencontainers.image.source": "https://github.com/prometheus/node_exporter", "org.opencontainers.image.title": "node_exporter", "org.opencontainers.image.url": "https://github.com/prometheus/node_exporter", "org.opencontainers.image.vendor": "Prometheus" }, "User": "nobody", "ExposedPorts": { "9100/tcp": {} } } }, "Layers": [ { "Size": 1454080, "Digest": "sha256:a6680b927350cc00b395133816b089a777ad1a8e4e799a000f9a9f166a0c4f7e", "DiffID": "sha256:fe8da3eab3143a4922924a1e6a2de9594bc47a5a577ac77f08d9de875307621a" }, { "Size": 1261056, "Digest": "sha256:a2243411ec8e6f03b5bd3683b39b605ebdd828234228bc7823815411b075ff44", "DiffID": "sha256:70764c8e5028cb89f3dd78d9afb5da1c5027bd867d446be30a9589836c5708ff" }, { "Size": 23727104, "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" } ] } ], "Results": [ { "Target": "bin/node_exporter", "Class": "lang-pkgs", "Type": "gobinary", "Packages": [ { "ID": "github.com/prometheus/node_exporter@v1.11.1", "Name": "github.com/prometheus/node_exporter", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/node_exporter@v1.11.1", "UID": "a8718f1a04881581" }, "Version": "v1.11.1", "Relationship": "root", "DependsOn": [ "github.com/alecthomas/kingpin/v2@v2.4.0", "github.com/alecthomas/units@v0.0.0-20240927000941-0f3dac36c52b", "github.com/beevik/ntp@v1.5.0", "github.com/beorn7/perks@v1.0.1", "github.com/cespare/xxhash/v2@v2.3.0", "github.com/coreos/go-systemd/v22@v22.7.0", "github.com/cyphar/filepath-securejoin@v0.6.1", "github.com/dennwc/btrfs@v0.0.0-20260222081608-edfb8b9e4f55", "github.com/dennwc/ioctl@v1.0.1-0.20181021180353-017804252068", "github.com/ema/qdisc@v1.0.0", "github.com/godbus/dbus/v5@v5.2.2", "github.com/golang-jwt/jwt/v5@v5.3.0", "github.com/google/uuid@v1.6.0", "github.com/hashicorp/go-envparse@v0.1.0", "github.com/hodgesds/perf-utils@v0.7.0", "github.com/jpillora/backoff@v1.0.0", "github.com/jsimonetti/rtnetlink/v2@v2.2.0", "github.com/mattn/go-xmlrpc@v0.0.3", "github.com/mdlayher/ethtool@v0.6.0", "github.com/mdlayher/genetlink@v1.3.2", "github.com/mdlayher/netlink@v1.10.0", "github.com/mdlayher/socket@v0.5.1", "github.com/mdlayher/vsock@v1.2.1", "github.com/mdlayher/wifi@v0.7.2", "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", "github.com/mwitkow/go-conntrack@v0.0.0-20190716064945-2f068394615f", "github.com/opencontainers/selinux@v1.13.1", "github.com/prometheus-community/go-runit@v0.1.0", "github.com/prometheus/client_golang@v1.23.2", "github.com/prometheus/client_model@v0.6.2", "github.com/prometheus/common@v0.67.5", "github.com/prometheus/exporter-toolkit@v0.16.0", "github.com/prometheus/procfs@v0.20.1", "github.com/safchain/ethtool@v0.7.0", "github.com/xhit/go-str2duration/v2@v2.1.0", "go.uber.org/atomic@v1.7.0", "go.uber.org/multierr@v1.6.0", "go.yaml.in/yaml/v2@v2.4.4", "golang.org/x/crypto@v0.49.0", "golang.org/x/net@v0.52.0", "golang.org/x/oauth2@v0.36.0", "golang.org/x/sync@v0.20.0", "golang.org/x/sys@v0.42.0", "golang.org/x/text@v0.35.0", "golang.org/x/time@v0.15.0", "google.golang.org/protobuf@v1.36.11", "stdlib@v1.26.1" ], "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "AnalyzedBy": "gobinary" }, { "ID": "stdlib@v1.26.1", "Name": "stdlib", "Identifier": { "PURL": "pkg:golang/stdlib@v1.26.1", "UID": "4120a2832d4abb90" }, "Version": "v1.26.1", "Relationship": "direct", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/alecthomas/kingpin/v2@v2.4.0", "Name": "github.com/alecthomas/kingpin/v2", "Identifier": { "PURL": "pkg:golang/github.com/alecthomas/kingpin/v2@v2.4.0", "UID": "88759d99f0871bbc" }, "Version": "v2.4.0", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/alecthomas/units@v0.0.0-20240927000941-0f3dac36c52b", "Name": "github.com/alecthomas/units", "Identifier": { "PURL": "pkg:golang/github.com/alecthomas/units@v0.0.0-20240927000941-0f3dac36c52b", "UID": "ab36a1c8dd7d7724" }, "Version": "v0.0.0-20240927000941-0f3dac36c52b", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/beevik/ntp@v1.5.0", "Name": "github.com/beevik/ntp", "Identifier": { "PURL": "pkg:golang/github.com/beevik/ntp@v1.5.0", "UID": "75e72730d49e0dcf" }, "Version": "v1.5.0", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/beorn7/perks@v1.0.1", "Name": "github.com/beorn7/perks", "Identifier": { "PURL": "pkg:golang/github.com/beorn7/perks@v1.0.1", "UID": "e5b61f231acc6788" }, "Version": "v1.0.1", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cespare/xxhash/v2@v2.3.0", "Name": "github.com/cespare/xxhash/v2", "Identifier": { "PURL": "pkg:golang/github.com/cespare/xxhash/v2@v2.3.0", "UID": "2448921450b25fd5" }, "Version": "v2.3.0", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/coreos/go-systemd/v22@v22.7.0", "Name": "github.com/coreos/go-systemd/v22", "Identifier": { "PURL": "pkg:golang/github.com/coreos/go-systemd/v22@v22.7.0", "UID": "251ad5420c6557f1" }, "Version": "v22.7.0", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cyphar/filepath-securejoin@v0.6.1", "Name": "github.com/cyphar/filepath-securejoin", "Identifier": { "PURL": "pkg:golang/github.com/cyphar/filepath-securejoin@v0.6.1", "UID": "3e8a3c80d94adc3e" }, "Version": "v0.6.1", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/dennwc/btrfs@v0.0.0-20260222081608-edfb8b9e4f55", "Name": "github.com/dennwc/btrfs", "Identifier": { "PURL": "pkg:golang/github.com/dennwc/btrfs@v0.0.0-20260222081608-edfb8b9e4f55", "UID": "8fea6a55b6224310" }, "Version": "v0.0.0-20260222081608-edfb8b9e4f55", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/dennwc/ioctl@v1.0.1-0.20181021180353-017804252068", "Name": "github.com/dennwc/ioctl", "Identifier": { "PURL": "pkg:golang/github.com/dennwc/ioctl@v1.0.1-0.20181021180353-017804252068", "UID": "2853cf8344dd3313" }, "Version": "v1.0.1-0.20181021180353-017804252068", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/ema/qdisc@v1.0.0", "Name": "github.com/ema/qdisc", "Identifier": { "PURL": "pkg:golang/github.com/ema/qdisc@v1.0.0", "UID": "439b03042f59dbfe" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/godbus/dbus/v5@v5.2.2", "Name": "github.com/godbus/dbus/v5", "Identifier": { "PURL": "pkg:golang/github.com/godbus/dbus/v5@v5.2.2", "UID": "67eb6656c75437f8" }, "Version": "v5.2.2", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/golang-jwt/jwt/v5@v5.3.0", "Name": "github.com/golang-jwt/jwt/v5", "Identifier": { "PURL": "pkg:golang/github.com/golang-jwt/jwt/v5@v5.3.0", "UID": "d16bdabd86aa7e1f" }, "Version": "v5.3.0", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/uuid@v1.6.0", "Name": "github.com/google/uuid", "Identifier": { "PURL": "pkg:golang/github.com/google/uuid@v1.6.0", "UID": "34e33e28d2e93ede" }, "Version": "v1.6.0", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/go-envparse@v0.1.0", "Name": "github.com/hashicorp/go-envparse", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/go-envparse@v0.1.0", "UID": "7100ccc68ce98ea9" }, "Version": "v0.1.0", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hodgesds/perf-utils@v0.7.0", "Name": "github.com/hodgesds/perf-utils", "Identifier": { "PURL": "pkg:golang/github.com/hodgesds/perf-utils@v0.7.0", "UID": "77bbd7d12c807169" }, "Version": "v0.7.0", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/jpillora/backoff@v1.0.0", "Name": "github.com/jpillora/backoff", "Identifier": { "PURL": "pkg:golang/github.com/jpillora/backoff@v1.0.0", "UID": "5cef5fd1568f73f6" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/jsimonetti/rtnetlink/v2@v2.2.0", "Name": "github.com/jsimonetti/rtnetlink/v2", "Identifier": { "PURL": "pkg:golang/github.com/jsimonetti/rtnetlink/v2@v2.2.0", "UID": "df60cd629242718c" }, "Version": "v2.2.0", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mattn/go-xmlrpc@v0.0.3", "Name": "github.com/mattn/go-xmlrpc", "Identifier": { "PURL": "pkg:golang/github.com/mattn/go-xmlrpc@v0.0.3", "UID": "d4c8a4ae8e92a7c" }, "Version": "v0.0.3", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mdlayher/ethtool@v0.6.0", "Name": "github.com/mdlayher/ethtool", "Identifier": { "PURL": "pkg:golang/github.com/mdlayher/ethtool@v0.6.0", "UID": "112514772eae431f" }, "Version": "v0.6.0", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mdlayher/genetlink@v1.3.2", "Name": "github.com/mdlayher/genetlink", "Identifier": { "PURL": "pkg:golang/github.com/mdlayher/genetlink@v1.3.2", "UID": "cd7d099a56c30547" }, "Version": "v1.3.2", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mdlayher/netlink@v1.10.0", "Name": "github.com/mdlayher/netlink", "Identifier": { "PURL": "pkg:golang/github.com/mdlayher/netlink@v1.10.0", "UID": "4213e6a57c54a21" }, "Version": "v1.10.0", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mdlayher/socket@v0.5.1", "Name": "github.com/mdlayher/socket", "Identifier": { "PURL": "pkg:golang/github.com/mdlayher/socket@v0.5.1", "UID": "3a6529ba3b4ae89f" }, "Version": "v0.5.1", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mdlayher/vsock@v1.2.1", "Name": "github.com/mdlayher/vsock", "Identifier": { "PURL": "pkg:golang/github.com/mdlayher/vsock@v1.2.1", "UID": "ddd5f5d0978b41d3" }, "Version": "v1.2.1", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mdlayher/wifi@v0.7.2", "Name": "github.com/mdlayher/wifi", "Identifier": { "PURL": "pkg:golang/github.com/mdlayher/wifi@v0.7.2", "UID": "42cb9773b705e005" }, "Version": "v0.7.2", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", "Name": "github.com/munnerz/goautoneg", "Identifier": { "PURL": "pkg:golang/github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", "UID": "5be39eea2e77c5d8" }, "Version": "v0.0.0-20191010083416-a7dc8b61c822", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mwitkow/go-conntrack@v0.0.0-20190716064945-2f068394615f", "Name": "github.com/mwitkow/go-conntrack", "Identifier": { "PURL": "pkg:golang/github.com/mwitkow/go-conntrack@v0.0.0-20190716064945-2f068394615f", "UID": "2c8cd38e459d6a55" }, "Version": "v0.0.0-20190716064945-2f068394615f", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/opencontainers/selinux@v1.13.1", "Name": "github.com/opencontainers/selinux", "Identifier": { "PURL": "pkg:golang/github.com/opencontainers/selinux@v1.13.1", "UID": "3fd941f15611ec7b" }, "Version": "v1.13.1", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus-community/go-runit@v0.1.0", "Name": "github.com/prometheus-community/go-runit", "Identifier": { "PURL": "pkg:golang/github.com/prometheus-community/go-runit@v0.1.0", "UID": "f70cc86ac8dd87c5" }, "Version": "v0.1.0", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/client_golang@v1.23.2", "Name": "github.com/prometheus/client_golang", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/client_golang@v1.23.2", "UID": "2a76370629864741" }, "Version": "v1.23.2", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/client_model@v0.6.2", "Name": "github.com/prometheus/client_model", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/client_model@v0.6.2", "UID": "39c8a6f1dc613eb0" }, "Version": "v0.6.2", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/common@v0.67.5", "Name": "github.com/prometheus/common", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/common@v0.67.5", "UID": "2eaba6169d004f39" }, "Version": "v0.67.5", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/exporter-toolkit@v0.16.0", "Name": "github.com/prometheus/exporter-toolkit", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/exporter-toolkit@v0.16.0", "UID": "a9f36926e9a60e70" }, "Version": "v0.16.0", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/procfs@v0.20.1", "Name": "github.com/prometheus/procfs", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/procfs@v0.20.1", "UID": "8874af209b985e74" }, "Version": "v0.20.1", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/safchain/ethtool@v0.7.0", "Name": "github.com/safchain/ethtool", "Identifier": { "PURL": "pkg:golang/github.com/safchain/ethtool@v0.7.0", "UID": "34773e694eadbfb" }, "Version": "v0.7.0", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/xhit/go-str2duration/v2@v2.1.0", "Name": "github.com/xhit/go-str2duration/v2", "Identifier": { "PURL": "pkg:golang/github.com/xhit/go-str2duration/v2@v2.1.0", "UID": "70c7c2c382aec932" }, "Version": "v2.1.0", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "AnalyzedBy": "gobinary" }, { "ID": "go.uber.org/atomic@v1.7.0", "Name": "go.uber.org/atomic", "Identifier": { "PURL": "pkg:golang/go.uber.org/atomic@v1.7.0", "UID": "1ca9a927d5686757" }, "Version": "v1.7.0", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "AnalyzedBy": "gobinary" }, { "ID": "go.uber.org/multierr@v1.6.0", "Name": "go.uber.org/multierr", "Identifier": { "PURL": "pkg:golang/go.uber.org/multierr@v1.6.0", "UID": "f660c68eb610b043" }, "Version": "v1.6.0", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "AnalyzedBy": "gobinary" }, { "ID": "go.yaml.in/yaml/v2@v2.4.4", "Name": "go.yaml.in/yaml/v2", "Identifier": { "PURL": "pkg:golang/go.yaml.in/yaml/v2@v2.4.4", "UID": "93b0875d71f03925" }, "Version": "v2.4.4", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/crypto@v0.49.0", "Name": "golang.org/x/crypto", "Identifier": { "PURL": "pkg:golang/golang.org/x/crypto@v0.49.0", "UID": "c88b46481f0581c6" }, "Version": "v0.49.0", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/net@v0.52.0", "Name": "golang.org/x/net", "Identifier": { "PURL": "pkg:golang/golang.org/x/net@v0.52.0", "UID": "3e95dae8bcddfcdd" }, "Version": "v0.52.0", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/oauth2@v0.36.0", "Name": "golang.org/x/oauth2", "Identifier": { "PURL": "pkg:golang/golang.org/x/oauth2@v0.36.0", "UID": "48b995a7a2a3424" }, "Version": "v0.36.0", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/sync@v0.20.0", "Name": "golang.org/x/sync", "Identifier": { "PURL": "pkg:golang/golang.org/x/sync@v0.20.0", "UID": "b42cff145c43b8a8" }, "Version": "v0.20.0", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/sys@v0.42.0", "Name": "golang.org/x/sys", "Identifier": { "PURL": "pkg:golang/golang.org/x/sys@v0.42.0", "UID": "2e617d1b5431b641" }, "Version": "v0.42.0", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/text@v0.35.0", "Name": "golang.org/x/text", "Identifier": { "PURL": "pkg:golang/golang.org/x/text@v0.35.0", "UID": "ac217e43c1fe7f56" }, "Version": "v0.35.0", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/time@v0.15.0", "Name": "golang.org/x/time", "Identifier": { "PURL": "pkg:golang/golang.org/x/time@v0.15.0", "UID": "c7e0be516d301e1f" }, "Version": "v0.15.0", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/protobuf@v1.36.11", "Name": "google.golang.org/protobuf", "Identifier": { "PURL": "pkg:golang/google.golang.org/protobuf@v1.36.11", "UID": "e76a9c1093d617bc" }, "Version": "v1.36.11", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "AnalyzedBy": "gobinary" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2026-32280", "VendorIDs": [ "GO-2026-4947" ], "PkgID": "stdlib@v1.26.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.26.1", "UID": "4120a2832d4abb90" }, "InstalledVersion": "v1.26.1", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:dfdfd69495ec27760f1a753325eab9b9abad0a45296c563bb1d602c9c738198c", "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32280", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/758320", "https://go.dev/issue/78282", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32280.html", "https://linux.oracle.com/errata/ELSA-2026-16875.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", "https://pkg.go.dev/vuln/GO-2026-4947", "https://www.cve.org/CVERecord?id=CVE-2026-32280" ], "PublishedDate": "2026-04-08T02:16:03.247Z", "LastModifiedDate": "2026-04-16T19:16:42.18Z" }, { "VulnerabilityID": "CVE-2026-32281", "VendorIDs": [ "GO-2026-4946" ], "PkgID": "stdlib@v1.26.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.26.1", "UID": "4120a2832d4abb90" }, "InstalledVersion": "v1.26.1", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:48c37e97ed8b62f26001b57c0aca0af3e75c959b0bcd42deecb9af14e6691047", "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32281", "https://go.dev/cl/758061", "https://go.dev/issue/78281", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", "https://pkg.go.dev/vuln/GO-2026-4946", "https://www.cve.org/CVERecord?id=CVE-2026-32281" ], "PublishedDate": "2026-04-08T02:16:03.35Z", "LastModifiedDate": "2026-04-16T19:15:57.75Z" }, { "VulnerabilityID": "CVE-2026-32283", "VendorIDs": [ "GO-2026-4870" ], "PkgID": "stdlib@v1.26.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.26.1", "UID": "4120a2832d4abb90" }, "InstalledVersion": "v1.26.1", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:9ca87c7feb1badc3fe3e0d3078a719baddc6fed74a8dd4ae0803eb8afeab7459", "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "nvd": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32283", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763767", "https://go.dev/issue/78334", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32283.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", "https://pkg.go.dev/vuln/GO-2026-4870", "https://www.cve.org/CVERecord?id=CVE-2026-32283" ], "PublishedDate": "2026-04-08T02:16:03.58Z", "LastModifiedDate": "2026-04-16T19:12:10.54Z" }, { "VulnerabilityID": "CVE-2026-33810", "VendorIDs": [ "GO-2026-4866" ], "PkgID": "stdlib@v1.26.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.26.1", "UID": "4120a2832d4abb90" }, "InstalledVersion": "v1.26.1", "FixedVersion": "1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33810", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:1cdb8ead113608992a981e9b7719461ba7ebc0b41c26e8e2e984084c35be9425", "Title": "crypto/x509: golang: Go crypto/x509: Certificate validation bypass due to incorrect DNS constraint application", "Description": "When verifying a certificate chain containing excluded DNS constraints, these constraints are not correctly applied to wildcard DNS SANs which use a different case than the constraint. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "azure": 2, "bitnami": 3, "nvd": 3, "redhat": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "V3Score": 8.2 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "V3Score": 8.2 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L", "V3Score": 8.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/19/4", "http://www.openwall.com/lists/oss-security/2026/04/20/1", "https://access.redhat.com/security/cve/CVE-2026-33810", "https://go.dev/cl/763763", "https://go.dev/issue/78332", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-33810", "https://pkg.go.dev/vuln/GO-2026-4866", "https://www.cve.org/CVERecord?id=CVE-2026-33810" ], "PublishedDate": "2026-04-08T02:16:03.95Z", "LastModifiedDate": "2026-04-20T18:16:26.813Z" }, { "VulnerabilityID": "CVE-2026-33811", "VendorIDs": [ "GO-2026-4981" ], "PkgID": "stdlib@v1.26.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.26.1", "UID": "4120a2832d4abb90" }, "InstalledVersion": "v1.26.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:00b33a076bf9b878f061c82065ea2c32e5e7389b59c14cb1705a6c7a089122db", "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", "Severity": "HIGH", "CweIDs": [ "CWE-415" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/767860", "https://go.dev/issue/78803", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", "https://pkg.go.dev/vuln/GO-2026-4981" ], "PublishedDate": "2026-05-07T20:16:42.77Z", "LastModifiedDate": "2026-05-12T20:23:02.333Z" }, { "VulnerabilityID": "CVE-2026-33814", "VendorIDs": [ "GO-2026-4918" ], "PkgID": "stdlib@v1.26.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.26.1", "UID": "4120a2832d4abb90" }, "InstalledVersion": "v1.26.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:647939d1380c5b10d8e6cb587d03e07bc448efc45583baa89c07a16ac259967e", "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", "Severity": "HIGH", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/761581", "https://go.dev/cl/761640", "https://go.dev/issue/78476", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", "https://pkg.go.dev/vuln/GO-2026-4918" ], "PublishedDate": "2026-05-07T20:16:42.88Z", "LastModifiedDate": "2026-05-13T14:41:59.52Z" }, { "VulnerabilityID": "CVE-2026-39820", "VendorIDs": [ "GO-2026-4986" ], "PkgID": "stdlib@v1.26.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.26.1", "UID": "4120a2832d4abb90" }, "InstalledVersion": "v1.26.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:6c1bd75a684b253cc469cb977bf3b551c671454a5d7043c5b0cd38891e928f2f", "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/759940", "https://go.dev/issue/78566", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", "https://pkg.go.dev/vuln/GO-2026-4986" ], "PublishedDate": "2026-05-07T20:16:43.187Z", "LastModifiedDate": "2026-05-13T15:10:58.65Z" }, { "VulnerabilityID": "CVE-2026-39836", "VendorIDs": [ "GO-2026-4971" ], "PkgID": "stdlib@v1.26.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.26.1", "UID": "4120a2832d4abb90" }, "InstalledVersion": "v1.26.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:74f921db4c39f8be9c158d8c5df1f7a7d488396658f9119efdb10b6ce77d3d12", "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/775320", "https://go.dev/issue/79006", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", "https://pkg.go.dev/vuln/GO-2026-4971" ], "PublishedDate": "2026-05-07T20:16:43.593Z", "LastModifiedDate": "2026-05-13T15:11:10.31Z" }, { "VulnerabilityID": "CVE-2026-42499", "VendorIDs": [ "GO-2026-4977" ], "PkgID": "stdlib@v1.26.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.26.1", "UID": "4120a2832d4abb90" }, "InstalledVersion": "v1.26.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:1086b320426599b175035d675e64c6332cdbf6a3d8e1ac15faadc177b2520746", "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", "Severity": "HIGH", "VendorSeverity": { "bitnami": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/771520", "https://go.dev/issue/78987", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", "https://pkg.go.dev/vuln/GO-2026-4977" ], "PublishedDate": "2026-05-07T20:16:44.54Z", "LastModifiedDate": "2026-05-13T16:59:17.563Z" }, { "VulnerabilityID": "CVE-2026-32282", "VendorIDs": [ "GO-2026-4864" ], "PkgID": "stdlib@v1.26.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.26.1", "UID": "4120a2832d4abb90" }, "InstalledVersion": "v1.26.1", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b7105857a8aa17f8148b245eeecc7449691402d7beb9395ea4b3303a21a4a097", "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32282", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763761", "https://go.dev/issue/78293", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32282.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", "https://pkg.go.dev/vuln/GO-2026-4864", "https://www.cve.org/CVERecord?id=CVE-2026-32282" ], "PublishedDate": "2026-04-08T02:16:03.467Z", "LastModifiedDate": "2026-04-16T19:15:39.4Z" }, { "VulnerabilityID": "CVE-2026-32288", "VendorIDs": [ "GO-2026-4869" ], "PkgID": "stdlib@v1.26.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.26.1", "UID": "4120a2832d4abb90" }, "InstalledVersion": "v1.26.1", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:407d1df6ab206cd128e6b3bfdd404ade281f2b268d048fe0ad6d59a7159afc7e", "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "azure": 2, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32288", "https://go.dev/cl/763766", "https://go.dev/issue/78301", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", "https://pkg.go.dev/vuln/GO-2026-4869", "https://www.cve.org/CVERecord?id=CVE-2026-32288" ], "PublishedDate": "2026-04-08T02:16:03.707Z", "LastModifiedDate": "2026-04-16T19:08:52.24Z" }, { "VulnerabilityID": "CVE-2026-32289", "VendorIDs": [ "GO-2026-4865" ], "PkgID": "stdlib@v1.26.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.26.1", "UID": "4120a2832d4abb90" }, "InstalledVersion": "v1.26.1", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:131db483fdb80bad70baeb9ba75472281b9164a26e98ec7af963becc0125abbc", "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32289", "https://go.dev/cl/763762", "https://go.dev/issue/78331", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", "https://pkg.go.dev/vuln/GO-2026-4865", "https://www.cve.org/CVERecord?id=CVE-2026-32289" ], "PublishedDate": "2026-04-08T02:16:03.82Z", "LastModifiedDate": "2026-04-16T19:06:57.367Z" }, { "VulnerabilityID": "CVE-2026-39823", "VendorIDs": [ "GO-2026-4982" ], "PkgID": "stdlib@v1.26.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.26.1", "UID": "4120a2832d4abb90" }, "InstalledVersion": "v1.26.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:16037a4d5814d4245142af3ac605cbddda432a6fca1923fa306bba9ec1f985bd", "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/769920", "https://go.dev/issue/78913", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", "https://pkg.go.dev/vuln/GO-2026-4982" ], "PublishedDate": "2026-05-07T20:16:43.29Z", "LastModifiedDate": "2026-05-13T16:58:45.697Z" }, { "VulnerabilityID": "CVE-2026-39825", "VendorIDs": [ "GO-2026-4976" ], "PkgID": "stdlib@v1.26.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.26.1", "UID": "4120a2832d4abb90" }, "InstalledVersion": "v1.26.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:4abeecf4016739282419bc25e219fbf48ee13e8fabaea295bd18a4dec60fa7b4", "Title": "ReverseProxy can forward queries containing parameters not visible to ...", "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", "Severity": "MEDIUM", "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://go.dev/cl/770541", "https://go.dev/issue/78948", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", "https://pkg.go.dev/vuln/GO-2026-4976" ], "PublishedDate": "2026-05-07T20:16:43.39Z", "LastModifiedDate": "2026-05-13T16:58:56.39Z" }, { "VulnerabilityID": "CVE-2026-39826", "VendorIDs": [ "GO-2026-4980" ], "PkgID": "stdlib@v1.26.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.26.1", "UID": "4120a2832d4abb90" }, "InstalledVersion": "v1.26.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:fe82e83000f46b7554da5cacf542045cdf6d1582c2be0d86855575beb44a330f", "DiffID": "sha256:88308a1604a61c8f07e435452e2a311fb1dc68cd5a3d74f3fee4cd73b11da7ec" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:1dfb427b8c42fe44367532362e97d62cdc583967670323feaf86953416c835f3", "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", "Severity": "MEDIUM", "CweIDs": [ "CWE-116" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/771180", "https://go.dev/issue/78981", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", "https://pkg.go.dev/vuln/GO-2026-4980" ], "PublishedDate": "2026-05-07T20:16:43.49Z", "LastModifiedDate": "2026-05-13T16:59:07.48Z" } ] } ] }, { "Namespace": "prometheus", "Kind": "Deployment", "Name": "prometheus", "Metadata": [ { "Size": 423599616, "ImageID": "sha256:eb76b4fb57766a23611a3d1347c60218136b6918d6047d02808147b09a1a6f6c", "DiffIDs": [ "sha256:ce003e882898fd52c48121c32517cfd5dc2ba95a8216989b5e6571cc147e1f2f", "sha256:b2f24d7bd8435c9eb1ab45056b1bd85f82b0d29043f9dd5db27244fc08029cbd", "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48", "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a", "sha256:bea626a43336640bcb8788b1d7dcbc60cf29360164342b7dc5643c6cd1b0101e", "sha256:677bc70ada3a2ed6f163481305b63d2be7c2e4f16dccfd7c4310465b70545c70", "sha256:c3e1f7620ea5090cec130209c9d09ace8cf4dba3779b6805fbca073d15eed7fd", "sha256:b881ce0ea4d0ff461100ec79ea9459ab418e93c366efcd7d3524d2c13df49e22", "sha256:e94eb9143cd87890e0516bb904ee3298227d77910c55ed8c55923cba0e492b87", "sha256:6a84548b2b30dcd7d2adfe8cf6adf7159c849f169f3837ee3cbe27da52a29f1a" ], "RepoTags": [ "prom/prometheus:latest" ], "RepoDigests": [ "prom/prometheus@sha256:e4254400b85610324913f0dc4acf92603d9984e7519414c5a12811aa6146acc3" ], "Reference": "prom/prometheus:latest", "ImageConfig": { "architecture": "amd64", "author": "The Prometheus Authors \u003cprometheus-developers@googlegroups.com\u003e", "created": "2026-04-27T15:30:48.118738051Z", "history": [ { "created": "2024-09-26T21:31:42Z", "created_by": "BusyBox 1.37.0 (uclibc), Buildroot 2025.11.3, Debian 13" }, { "created": "2026-04-15T10:54:45.929154899Z", "created_by": "MAINTAINER The Prometheus Authors \u003cprometheus-developers@googlegroups.com\u003e", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-04-15T10:54:45.929154899Z", "created_by": "COPY /rootfs / # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-04-27T15:30:47.479681624Z", "created_by": "LABEL maintainer=The Prometheus Authors \u003cprometheus-developers@googlegroups.com\u003e", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-04-27T15:30:47.479681624Z", "created_by": "LABEL org.opencontainers.image.authors=The Prometheus Authors org.opencontainers.image.vendor=Prometheus org.opencontainers.image.title=Prometheus org.opencontainers.image.description=The Prometheus monitoring system and time series database org.opencontainers.image.source=https://github.com/prometheus/prometheus org.opencontainers.image.url=https://github.com/prometheus/prometheus org.opencontainers.image.documentation=https://prometheus.io/docs org.opencontainers.image.licenses=Apache License 2.0 io.prometheus.image.variant=busybox", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-04-27T15:30:47.479681624Z", "created_by": "ARG ARCH=amd64", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-04-27T15:30:47.479681624Z", "created_by": "ARG OS=linux", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-04-27T15:30:47.479681624Z", "created_by": "COPY .build/linux-amd64/prometheus /bin/prometheus # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-04-27T15:30:47.925929922Z", "created_by": "COPY .build/linux-amd64/promtool /bin/promtool # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-04-27T15:30:47.972358051Z", "created_by": "COPY documentation/examples/prometheus.yml /etc/prometheus/prometheus.yml # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-04-27T15:30:47.981910466Z", "created_by": "COPY LICENSE /LICENSE # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-04-27T15:30:47.99067363Z", "created_by": "COPY NOTICE /NOTICE # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-04-27T15:30:47.999378586Z", "created_by": "COPY npm_licenses.tar.bz2 /npm_licenses.tar.bz2 # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-04-27T15:30:48.006379868Z", "created_by": "WORKDIR /prometheus", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-04-27T15:30:48.118738051Z", "created_by": "RUN |2 ARCH=amd64 OS=linux /bin/sh -c chown -R nobody:nobody /etc/prometheus /prometheus \u0026\u0026 chmod g+w /prometheus # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-04-27T15:30:48.118738051Z", "created_by": "USER nobody", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-04-27T15:30:48.118738051Z", "created_by": "EXPOSE map[9090/tcp:{}]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-04-27T15:30:48.118738051Z", "created_by": "VOLUME [/prometheus]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-04-27T15:30:48.118738051Z", "created_by": "ENTRYPOINT [\"/bin/prometheus\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-04-27T15:30:48.118738051Z", "created_by": "CMD [\"--config.file=/etc/prometheus/prometheus.yml\" \"--storage.tsdb.path=/prometheus\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true } ], "os": "linux", "rootfs": { "type": "layers", "diff_ids": [ "sha256:ce003e882898fd52c48121c32517cfd5dc2ba95a8216989b5e6571cc147e1f2f", "sha256:b2f24d7bd8435c9eb1ab45056b1bd85f82b0d29043f9dd5db27244fc08029cbd", "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48", "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a", "sha256:bea626a43336640bcb8788b1d7dcbc60cf29360164342b7dc5643c6cd1b0101e", "sha256:677bc70ada3a2ed6f163481305b63d2be7c2e4f16dccfd7c4310465b70545c70", "sha256:c3e1f7620ea5090cec130209c9d09ace8cf4dba3779b6805fbca073d15eed7fd", "sha256:b881ce0ea4d0ff461100ec79ea9459ab418e93c366efcd7d3524d2c13df49e22", "sha256:e94eb9143cd87890e0516bb904ee3298227d77910c55ed8c55923cba0e492b87", "sha256:6a84548b2b30dcd7d2adfe8cf6adf7159c849f169f3837ee3cbe27da52a29f1a" ] }, "config": { "Cmd": [ "--config.file=/etc/prometheus/prometheus.yml", "--storage.tsdb.path=/prometheus" ], "Entrypoint": [ "/bin/prometheus" ], "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ], "Labels": { "io.prometheus.image.variant": "busybox", "maintainer": "The Prometheus Authors \u003cprometheus-developers@googlegroups.com\u003e", "org.opencontainers.image.authors": "The Prometheus Authors", "org.opencontainers.image.description": "The Prometheus monitoring system and time series database", "org.opencontainers.image.documentation": "https://prometheus.io/docs", "org.opencontainers.image.licenses": "Apache License 2.0", "org.opencontainers.image.source": "https://github.com/prometheus/prometheus", "org.opencontainers.image.title": "Prometheus", "org.opencontainers.image.url": "https://github.com/prometheus/prometheus", "org.opencontainers.image.vendor": "Prometheus" }, "User": "nobody", "Volumes": { "/prometheus": {} }, "WorkingDir": "/prometheus", "ExposedPorts": { "9090/tcp": {} }, "ArgsEscaped": true } }, "Layers": [ { "Size": 1454080, "Digest": "sha256:2acf9a40b14f28b6096477413ec272f1fae2d5df7d963466f0936cc16b08ab7b", "DiffID": "sha256:ce003e882898fd52c48121c32517cfd5dc2ba95a8216989b5e6571cc147e1f2f" }, { "Size": 1262080, "Digest": "sha256:27baa147e9fa2a2d3cddd0ccabf97ee10c9b66379c5b8835ec4c9438ef9dbd07", "DiffID": "sha256:b2f24d7bd8435c9eb1ab45056b1bd85f82b0d29043f9dd5db27244fc08029cbd" }, { "Size": 222842880, "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, { "Size": 197945856, "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, { "Size": 4096, "Digest": "sha256:e7f02ac1f456ccf3058902f22e8d64ce9cfb9be5d78f9ef3dd1c15dff34ecd2b", "DiffID": "sha256:bea626a43336640bcb8788b1d7dcbc60cf29360164342b7dc5643c6cd1b0101e" }, { "Size": 13312, "Digest": "sha256:612087d42eba6e367ecbc74d5dfa596a92e41540e91cff78712952b9ff906af7", "DiffID": "sha256:677bc70ada3a2ed6f163481305b63d2be7c2e4f16dccfd7c4310465b70545c70" }, { "Size": 5632, "Digest": "sha256:2d001a504b8144d906066004870ab5dbfafbb4a38c8823db9b7a7acb06e3dc28", "DiffID": "sha256:c3e1f7620ea5090cec130209c9d09ace8cf4dba3779b6805fbca073d15eed7fd" }, { "Size": 64512, "Digest": "sha256:bd1a7d2e07374f8411584200c834e27fd30138817cdf6f950fb0b38a7f8cb3aa", "DiffID": "sha256:b881ce0ea4d0ff461100ec79ea9459ab418e93c366efcd7d3524d2c13df49e22" }, { "Size": 1536, "Digest": "sha256:69294359b56a7ada7db59b4633c4c83e7a55f97b0d5f423131b32d1cb1ed8ccc", "DiffID": "sha256:e94eb9143cd87890e0516bb904ee3298227d77910c55ed8c55923cba0e492b87" }, { "Size": 5632, "Digest": "sha256:df0231abac1e1886465e83d887a7df7a97002750da40644e217a0fe6a1090f9c", "DiffID": "sha256:6a84548b2b30dcd7d2adfe8cf6adf7159c849f169f3837ee3cbe27da52a29f1a" } ] } ], "Results": [ { "Target": "bin/prometheus", "Class": "lang-pkgs", "Type": "gobinary", "Packages": [ { "ID": "github.com/prometheus/prometheus@v3.11.3", "Name": "github.com/prometheus/prometheus", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/prometheus@3.11.3", "UID": "97056c3a8e3d7d73" }, "Version": "3.11.3", "Relationship": "root", "DependsOn": [ "cloud.google.com/go/auth/oauth2adapt@v0.2.8", "cloud.google.com/go/auth@v0.18.2", "cloud.google.com/go/compute/metadata@v0.9.0", "github.com/Azure/azure-sdk-for-go/sdk/azcore@v1.21.0", "github.com/Azure/azure-sdk-for-go/sdk/azidentity@v1.13.1", "github.com/Azure/azure-sdk-for-go/sdk/internal@v1.11.2", "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5@v5.7.0", "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v4@v4.3.0", "github.com/AzureAD/microsoft-authentication-library-for-go@v1.6.0", "github.com/Code-Hex/go-generics-cache@v1.5.1", "github.com/KimMachineGun/automemlimit@v0.7.5", "github.com/alecthomas/kingpin/v2@v2.4.0", "github.com/alecthomas/units@v0.0.0-20240927000941-0f3dac36c52b", "github.com/armon/go-metrics@v0.4.1", "github.com/aws/aws-sdk-go-v2/config@v1.32.12", "github.com/aws/aws-sdk-go-v2/credentials@v1.19.12", "github.com/aws/aws-sdk-go-v2/feature/ec2/imds@v1.18.20", "github.com/aws/aws-sdk-go-v2/internal/configsources@v1.4.20", "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.7.20", "github.com/aws/aws-sdk-go-v2/internal/ini@v1.8.6", "github.com/aws/aws-sdk-go-v2/service/ec2@v1.296.0", "github.com/aws/aws-sdk-go-v2/service/ecs@v1.74.0", "github.com/aws/aws-sdk-go-v2/service/elasticache@v1.51.12", "github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding@v1.13.7", "github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.13.20", "github.com/aws/aws-sdk-go-v2/service/kafka@v1.49.1", "github.com/aws/aws-sdk-go-v2/service/lightsail@v1.51.0", "github.com/aws/aws-sdk-go-v2/service/rds@v1.117.0", "github.com/aws/aws-sdk-go-v2/service/signin@v1.0.8", "github.com/aws/aws-sdk-go-v2/service/sso@v1.30.13", "github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.35.17", "github.com/aws/aws-sdk-go-v2/service/sts@v1.41.9", "github.com/aws/aws-sdk-go-v2@v1.41.4", "github.com/aws/smithy-go@v1.24.2", "github.com/bahlo/generic-list-go@v0.2.0", "github.com/basgys/goxml2json@v1.1.1-0.20231018121955-e66ee54ceaad", "github.com/bboreham/go-loser@v0.0.0-20230920113527-fcc2c21820a3", "github.com/beorn7/perks@v1.0.1", "github.com/buger/jsonparser@v1.1.1", "github.com/cenkalti/backoff/v5@v5.0.3", "github.com/cespare/xxhash/v2@v2.3.0", "github.com/cncf/xds/go@v0.0.0-20251210132809-ee656c7534f5", "github.com/containerd/errdefs/pkg@v0.3.0", "github.com/containerd/errdefs@v1.0.0", "github.com/coreos/go-systemd/v22@v22.6.0", "github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", "github.com/dennwc/varint@v1.0.0", "github.com/digitalocean/godo@v1.178.0", "github.com/distribution/reference@v0.6.0", "github.com/docker/docker@v28.5.2+incompatible", "github.com/docker/go-connections@v0.6.0", "github.com/docker/go-units@v0.5.0", "github.com/edsrzf/mmap-go@v1.2.0", "github.com/emicklei/go-restful/v3@v3.12.2", "github.com/envoyproxy/go-control-plane/envoy@v1.37.0", "github.com/envoyproxy/protoc-gen-validate@v1.3.3", "github.com/facette/natsort@v0.0.0-20181210072756-2cd4dd1e2dcb", "github.com/fatih/color@v1.18.0", "github.com/felixge/fgprof@v0.9.5", "github.com/felixge/httpsnoop@v1.0.4", "github.com/fsnotify/fsnotify@v1.9.0", "github.com/fxamacker/cbor/v2@v2.9.0", "github.com/go-logr/logr@v1.4.3", "github.com/go-logr/stdr@v1.2.2", "github.com/go-openapi/analysis@v0.24.2", "github.com/go-openapi/errors@v0.22.7", "github.com/go-openapi/jsonpointer@v0.22.5", "github.com/go-openapi/jsonreference@v0.21.4", "github.com/go-openapi/loads@v0.23.2", "github.com/go-openapi/spec@v0.22.3", "github.com/go-openapi/strfmt@v0.26.1", "github.com/go-openapi/swag/cmdutils@v0.25.4", "github.com/go-openapi/swag/conv@v0.25.4", "github.com/go-openapi/swag/fileutils@v0.25.4", "github.com/go-openapi/swag/jsonname@v0.25.5", "github.com/go-openapi/swag/jsonutils@v0.25.4", "github.com/go-openapi/swag/loading@v0.25.4", "github.com/go-openapi/swag/mangling@v0.25.4", "github.com/go-openapi/swag/netutils@v0.25.4", "github.com/go-openapi/swag/stringutils@v0.25.4", "github.com/go-openapi/swag/typeutils@v0.25.4", "github.com/go-openapi/swag/yamlutils@v0.25.4", "github.com/go-openapi/swag@v0.25.4", "github.com/go-openapi/validate@v0.25.1", "github.com/go-resty/resty/v2@v2.17.2", "github.com/go-viper/mapstructure/v2@v2.5.0", "github.com/go-zookeeper/zk@v1.0.4", "github.com/gobwas/glob@v0.2.3", "github.com/gogo/protobuf@v1.3.2", "github.com/golang-jwt/jwt/v5@v5.3.1", "github.com/golang/snappy@v1.0.0", "github.com/google/gnostic-models@v0.7.0", "github.com/google/go-cmp@v0.7.0", "github.com/google/go-querystring@v1.2.0", "github.com/google/pprof@v0.0.0-20260302011040-a15ffb7f9dcc", "github.com/google/s2a-go@v0.1.9", "github.com/google/uuid@v1.6.0", "github.com/googleapis/enterprise-certificate-proxy@v0.3.14", "github.com/googleapis/gax-go/v2@v2.18.0", "github.com/gophercloud/gophercloud/v2@v2.11.1", "github.com/gorilla/websocket@v1.5.4-0.20250319132907-e064f32e3674", "github.com/grafana/regexp@v0.0.0-20250905093917-f7b3be9d1853", "github.com/grpc-ecosystem/grpc-gateway/v2@v2.28.0", "github.com/hashicorp/consul/api@v1.32.1", "github.com/hashicorp/cronexpr@v1.1.3", "github.com/hashicorp/errwrap@v1.1.0", "github.com/hashicorp/go-cleanhttp@v0.5.2", "github.com/hashicorp/go-hclog@v1.6.3", "github.com/hashicorp/go-immutable-radix@v1.3.1", "github.com/hashicorp/go-multierror@v1.1.1", "github.com/hashicorp/go-retryablehttp@v0.7.8", "github.com/hashicorp/go-rootcerts@v1.0.2", "github.com/hashicorp/go-version@v1.8.0", "github.com/hashicorp/golang-lru@v0.6.0", "github.com/hashicorp/nomad/api@v0.0.0-20260324203407-b27b0c2e019a", "github.com/hashicorp/serf@v0.10.1", "github.com/hetznercloud/hcloud-go/v2@v2.36.0", "github.com/ionos-cloud/sdk-go/v6@v6.3.6", "github.com/jpillora/backoff@v1.0.0", "github.com/json-iterator/go@v1.1.12", "github.com/julienschmidt/httprouter@v1.3.0", "github.com/klauspost/compress@v1.18.5", "github.com/knadh/koanf/maps@v0.1.2", "github.com/knadh/koanf/providers/confmap@v1.0.0", "github.com/knadh/koanf/v2@v2.3.3", "github.com/kolo/xmlrpc@v0.0.0-20220921171641-a4b6fa1dd06b", "github.com/kylelemons/godebug@v1.1.0", "github.com/linode/linodego@v1.66.0", "github.com/mattn/go-colorable@v0.1.14", "github.com/mattn/go-isatty@v0.0.20", "github.com/mdlayher/socket@v0.4.1", "github.com/mdlayher/vsock@v1.2.1", "github.com/miekg/dns@v1.1.72", "github.com/mitchellh/copystructure@v1.2.0", "github.com/mitchellh/mapstructure@v1.5.0", "github.com/mitchellh/reflectwalk@v1.0.2", "github.com/moby/docker-image-spec@v1.3.1", "github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", "github.com/modern-go/reflect2@v1.0.3-0.20250322232337-35a7c28c31ee", "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", "github.com/mwitkow/go-conntrack@v0.0.0-20190716064945-2f068394615f", "github.com/oklog/run@v1.2.0", "github.com/oklog/ulid/v2@v2.1.1", "github.com/open-telemetry/opentelemetry-collector-contrib/internal/exp/metrics@v0.148.0", "github.com/open-telemetry/opentelemetry-collector-contrib/pkg/pdatautil@v0.148.0", "github.com/open-telemetry/opentelemetry-collector-contrib/processor/deltatocumulativeprocessor@v0.148.0", "github.com/opencontainers/go-digest@v1.0.0", "github.com/opencontainers/image-spec@v1.1.1", "github.com/ovh/go-ovh@v1.9.0", "github.com/pb33f/jsonpath@v0.8.1", "github.com/pb33f/libopenapi-validator@v0.13.3", "github.com/pb33f/libopenapi@v0.34.3", "github.com/pb33f/ordered-map/v2@v2.3.0", "github.com/pbnjay/memory@v0.0.0-20210728143218-7b4eea64cf58", "github.com/pkg/browser@v0.0.0-20240102092130-5ac0b6a4141c", "github.com/pkg/errors@v0.9.1", "github.com/pmezard/go-difflib@v1.0.1-0.20181226105442-5d4384ee4fb2", "github.com/prometheus/alertmanager@v0.31.1", "github.com/prometheus/client_golang/exp@v0.0.0-20260325093428-d8591d0db856", "github.com/prometheus/client_golang@v1.23.2", "github.com/prometheus/client_model@v0.6.2", "github.com/prometheus/common/assets@v0.2.0", "github.com/prometheus/common@v0.67.5", "github.com/prometheus/exporter-toolkit@v0.15.1", "github.com/prometheus/otlptranslator@v1.0.0", "github.com/prometheus/procfs@v0.16.1", "github.com/prometheus/sigv4@v0.4.1", "github.com/puzpuzpuz/xsync/v4@v4.4.0", "github.com/santhosh-tekuri/jsonschema/v6@v6.0.2", "github.com/scaleway/scaleway-sdk-go@v1.0.0-beta.36", "github.com/spf13/pflag@v1.0.10", "github.com/stackitcloud/stackit-sdk-go/core@v0.23.0", "github.com/stretchr/testify@v1.11.1", "github.com/vultr/govultr/v3@v3.28.1", "github.com/x448/float16@v0.8.4", "github.com/xhit/go-str2duration/v2@v2.1.0", "go.opentelemetry.io/auto/sdk@v1.2.1", "go.opentelemetry.io/collector/component@v1.54.0", "go.opentelemetry.io/collector/confmap/xconfmap@v0.148.0", "go.opentelemetry.io/collector/confmap@v1.54.0", "go.opentelemetry.io/collector/consumer@v1.54.0", "go.opentelemetry.io/collector/featuregate@v1.54.0", "go.opentelemetry.io/collector/internal/componentalias@v0.148.0", "go.opentelemetry.io/collector/pdata@v1.54.0", "go.opentelemetry.io/collector/pipeline@v1.54.0", "go.opentelemetry.io/collector/processor@v1.54.0", "go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace@v0.67.0", "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.67.0", "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@v1.42.0", "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp@v1.42.0", "go.opentelemetry.io/otel/exporters/otlp/otlptrace@v1.42.0", "go.opentelemetry.io/otel/metric@v1.42.0", "go.opentelemetry.io/otel/sdk@v1.42.0", "go.opentelemetry.io/otel/trace@v1.42.0", "go.opentelemetry.io/otel@v1.42.0", "go.opentelemetry.io/proto/otlp@v1.9.0", "go.uber.org/atomic@v1.11.0", "go.uber.org/automaxprocs@v1.6.0", "go.uber.org/goleak@v1.3.0", "go.uber.org/multierr@v1.11.0", "go.uber.org/zap@v1.27.1", "go.yaml.in/yaml/v2@v2.4.4", "go.yaml.in/yaml/v3@v3.0.4", "go.yaml.in/yaml/v4@v4.0.0-rc.4", "golang.org/x/crypto@v0.49.0", "golang.org/x/exp@v0.0.0-20260218203240-3dfff04db8fa", "golang.org/x/net@v0.52.0", "golang.org/x/oauth2@v0.36.0", "golang.org/x/sync@v0.20.0", "golang.org/x/sys@v0.42.0", "golang.org/x/term@v0.41.0", "golang.org/x/text@v0.35.0", "golang.org/x/time@v0.15.0", "google.golang.org/api@v0.272.0", "google.golang.org/genproto/googleapis/api@v0.0.0-20260319201613-d00831a3d3e7", "google.golang.org/genproto/googleapis/rpc@v0.0.0-20260311181403-84a4fc48630c", "google.golang.org/grpc@v1.79.3", "google.golang.org/protobuf@v1.36.11", "gopkg.in/evanphx/json-patch.v4@v4.13.0", "gopkg.in/inf.v0@v0.9.1", "gopkg.in/ini.v1@v1.67.1", "gopkg.in/yaml.v2@v2.4.0", "gopkg.in/yaml.v3@v3.0.1", "k8s.io/api@v0.35.3", "k8s.io/apimachinery@v0.35.3", "k8s.io/client-go@v0.35.3", "k8s.io/klog/v2@v2.140.0", "k8s.io/klog@v1.0.0", "k8s.io/kube-openapi@v0.0.0-20250910181357-589584f1c912", "k8s.io/utils@v0.0.0-20251002143259-bc988d571ff4", "sigs.k8s.io/json@v0.0.0-20250730193827-2d320260d730", "sigs.k8s.io/randfill@v1.0.0", "sigs.k8s.io/structured-merge-diff/v6@v6.3.0", "sigs.k8s.io/yaml@v1.6.0", "stdlib@v1.26.2" ], "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "stdlib@v1.26.2", "Name": "stdlib", "Identifier": { "PURL": "pkg:golang/stdlib@v1.26.2", "UID": "f8b9f4accc86a9be" }, "Version": "v1.26.2", "Relationship": "direct", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "cloud.google.com/go/auth@v0.18.2", "Name": "cloud.google.com/go/auth", "Identifier": { "PURL": "pkg:golang/cloud.google.com/go/auth@v0.18.2", "UID": "fce0c22f4b7cf20a" }, "Version": "v0.18.2", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "cloud.google.com/go/auth/oauth2adapt@v0.2.8", "Name": "cloud.google.com/go/auth/oauth2adapt", "Identifier": { "PURL": "pkg:golang/cloud.google.com/go/auth/oauth2adapt@v0.2.8", "UID": "1642ac8730da86b9" }, "Version": "v0.2.8", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "cloud.google.com/go/compute/metadata@v0.9.0", "Name": "cloud.google.com/go/compute/metadata", "Identifier": { "PURL": "pkg:golang/cloud.google.com/go/compute/metadata@v0.9.0", "UID": "3e52b01b0d6398ad" }, "Version": "v0.9.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Azure/azure-sdk-for-go/sdk/azcore@v1.21.0", "Name": "github.com/Azure/azure-sdk-for-go/sdk/azcore", "Identifier": { "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/azcore@v1.21.0", "UID": "8de750711440f060" }, "Version": "v1.21.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Azure/azure-sdk-for-go/sdk/azidentity@v1.13.1", "Name": "github.com/Azure/azure-sdk-for-go/sdk/azidentity", "Identifier": { "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/azidentity@v1.13.1", "UID": "4389bebaebcd5b" }, "Version": "v1.13.1", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Azure/azure-sdk-for-go/sdk/internal@v1.11.2", "Name": "github.com/Azure/azure-sdk-for-go/sdk/internal", "Identifier": { "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/internal@v1.11.2", "UID": "1b87f11f487e0a12" }, "Version": "v1.11.2", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5@v5.7.0", "Name": "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5", "Identifier": { "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5@v5.7.0", "UID": "770c99947f879037" }, "Version": "v5.7.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v4@v4.3.0", "Name": "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v4", "Identifier": { "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v4@v4.3.0", "UID": "f595be2a9e6fb355" }, "Version": "v4.3.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/AzureAD/microsoft-authentication-library-for-go@v1.6.0", "Name": "github.com/AzureAD/microsoft-authentication-library-for-go", "Identifier": { "PURL": "pkg:golang/github.com/azuread/microsoft-authentication-library-for-go@v1.6.0", "UID": "23b8bf467d262eaa" }, "Version": "v1.6.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Code-Hex/go-generics-cache@v1.5.1", "Name": "github.com/Code-Hex/go-generics-cache", "Identifier": { "PURL": "pkg:golang/github.com/code-hex/go-generics-cache@v1.5.1", "UID": "b45371082fe83ac7" }, "Version": "v1.5.1", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/KimMachineGun/automemlimit@v0.7.5", "Name": "github.com/KimMachineGun/automemlimit", "Identifier": { "PURL": "pkg:golang/github.com/kimmachinegun/automemlimit@v0.7.5", "UID": "587909c30da81c51" }, "Version": "v0.7.5", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/alecthomas/kingpin/v2@v2.4.0", "Name": "github.com/alecthomas/kingpin/v2", "Identifier": { "PURL": "pkg:golang/github.com/alecthomas/kingpin/v2@v2.4.0", "UID": "9951f2059f556cbf" }, "Version": "v2.4.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/alecthomas/units@v0.0.0-20240927000941-0f3dac36c52b", "Name": "github.com/alecthomas/units", "Identifier": { "PURL": "pkg:golang/github.com/alecthomas/units@v0.0.0-20240927000941-0f3dac36c52b", "UID": "7749b32cc5c5a0af" }, "Version": "v0.0.0-20240927000941-0f3dac36c52b", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/armon/go-metrics@v0.4.1", "Name": "github.com/armon/go-metrics", "Identifier": { "PURL": "pkg:golang/github.com/armon/go-metrics@v0.4.1", "UID": "dcbeb1073e1848a4" }, "Version": "v0.4.1", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2@v1.41.4", "Name": "github.com/aws/aws-sdk-go-v2", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2@v1.41.4", "UID": "22c50736fc827060" }, "Version": "v1.41.4", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/config@v1.32.12", "Name": "github.com/aws/aws-sdk-go-v2/config", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/config@v1.32.12", "UID": "9e99a6c03371fb28" }, "Version": "v1.32.12", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/credentials@v1.19.12", "Name": "github.com/aws/aws-sdk-go-v2/credentials", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/credentials@v1.19.12", "UID": "362e2b194b85ac49" }, "Version": "v1.19.12", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/feature/ec2/imds@v1.18.20", "Name": "github.com/aws/aws-sdk-go-v2/feature/ec2/imds", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/feature/ec2/imds@v1.18.20", "UID": "45b64c2f8ae64e56" }, "Version": "v1.18.20", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/internal/configsources@v1.4.20", "Name": "github.com/aws/aws-sdk-go-v2/internal/configsources", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/internal/configsources@v1.4.20", "UID": "7c00a916e3670f15" }, "Version": "v1.4.20", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.7.20", "Name": "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.7.20", "UID": "74f31595b057491d" }, "Version": "v2.7.20", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/internal/ini@v1.8.6", "Name": "github.com/aws/aws-sdk-go-v2/internal/ini", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/internal/ini@v1.8.6", "UID": "58e03f3e967d12b0" }, "Version": "v1.8.6", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/service/ec2@v1.296.0", "Name": "github.com/aws/aws-sdk-go-v2/service/ec2", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/ec2@v1.296.0", "UID": "823b033c6feb0367" }, "Version": "v1.296.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/service/ecs@v1.74.0", "Name": "github.com/aws/aws-sdk-go-v2/service/ecs", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/ecs@v1.74.0", "UID": "8f92e5b294be751e" }, "Version": "v1.74.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/service/elasticache@v1.51.12", "Name": "github.com/aws/aws-sdk-go-v2/service/elasticache", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/elasticache@v1.51.12", "UID": "61aff9f82b8bad76" }, "Version": "v1.51.12", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding@v1.13.7", "Name": "github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding@v1.13.7", "UID": "329709d2560a435c" }, "Version": "v1.13.7", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.13.20", "Name": "github.com/aws/aws-sdk-go-v2/service/internal/presigned-url", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.13.20", "UID": "64b9386a06e7eb8c" }, "Version": "v1.13.20", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/service/kafka@v1.49.1", "Name": "github.com/aws/aws-sdk-go-v2/service/kafka", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/kafka@v1.49.1", "UID": "4eaaddca141538f1" }, "Version": "v1.49.1", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/service/lightsail@v1.51.0", "Name": "github.com/aws/aws-sdk-go-v2/service/lightsail", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/lightsail@v1.51.0", "UID": "3d6b65a49753c17c" }, "Version": "v1.51.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/service/rds@v1.117.0", "Name": "github.com/aws/aws-sdk-go-v2/service/rds", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/rds@v1.117.0", "UID": "141c4e7ef5e54ce" }, "Version": "v1.117.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/service/signin@v1.0.8", "Name": "github.com/aws/aws-sdk-go-v2/service/signin", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/signin@v1.0.8", "UID": "987dfe9b05b63af2" }, "Version": "v1.0.8", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/service/sso@v1.30.13", "Name": "github.com/aws/aws-sdk-go-v2/service/sso", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/sso@v1.30.13", "UID": "4186ed7c6e6f8468" }, "Version": "v1.30.13", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.35.17", "Name": "github.com/aws/aws-sdk-go-v2/service/ssooidc", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.35.17", "UID": "ddd19f0b66698d8d" }, "Version": "v1.35.17", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/service/sts@v1.41.9", "Name": "github.com/aws/aws-sdk-go-v2/service/sts", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/sts@v1.41.9", "UID": "e53c2f1cdaf069e6" }, "Version": "v1.41.9", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/smithy-go@v1.24.2", "Name": "github.com/aws/smithy-go", "Identifier": { "PURL": "pkg:golang/github.com/aws/smithy-go@v1.24.2", "UID": "a33e9131eef2ad66" }, "Version": "v1.24.2", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/bahlo/generic-list-go@v0.2.0", "Name": "github.com/bahlo/generic-list-go", "Identifier": { "PURL": "pkg:golang/github.com/bahlo/generic-list-go@v0.2.0", "UID": "72932a0525eace0f" }, "Version": "v0.2.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/basgys/goxml2json@v1.1.1-0.20231018121955-e66ee54ceaad", "Name": "github.com/basgys/goxml2json", "Identifier": { "PURL": "pkg:golang/github.com/basgys/goxml2json@v1.1.1-0.20231018121955-e66ee54ceaad", "UID": "296c4a131eff9651" }, "Version": "v1.1.1-0.20231018121955-e66ee54ceaad", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/bboreham/go-loser@v0.0.0-20230920113527-fcc2c21820a3", "Name": "github.com/bboreham/go-loser", "Identifier": { "PURL": "pkg:golang/github.com/bboreham/go-loser@v0.0.0-20230920113527-fcc2c21820a3", "UID": "561358891b294ccb" }, "Version": "v0.0.0-20230920113527-fcc2c21820a3", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/beorn7/perks@v1.0.1", "Name": "github.com/beorn7/perks", "Identifier": { "PURL": "pkg:golang/github.com/beorn7/perks@v1.0.1", "UID": "94d0fd3d40bb41ff" }, "Version": "v1.0.1", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/buger/jsonparser@v1.1.1", "Name": "github.com/buger/jsonparser", "Identifier": { "PURL": "pkg:golang/github.com/buger/jsonparser@v1.1.1", "UID": "73110281e49618c1" }, "Version": "v1.1.1", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cenkalti/backoff/v5@v5.0.3", "Name": "github.com/cenkalti/backoff/v5", "Identifier": { "PURL": "pkg:golang/github.com/cenkalti/backoff/v5@v5.0.3", "UID": "b0d0b3cca77baca0" }, "Version": "v5.0.3", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cespare/xxhash/v2@v2.3.0", "Name": "github.com/cespare/xxhash/v2", "Identifier": { "PURL": "pkg:golang/github.com/cespare/xxhash/v2@v2.3.0", "UID": "617666a7fd02e0b2" }, "Version": "v2.3.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cncf/xds/go@v0.0.0-20251210132809-ee656c7534f5", "Name": "github.com/cncf/xds/go", "Identifier": { "PURL": "pkg:golang/github.com/cncf/xds/go@v0.0.0-20251210132809-ee656c7534f5", "UID": "bf9a0af5a0412f1a" }, "Version": "v0.0.0-20251210132809-ee656c7534f5", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/containerd/errdefs@v1.0.0", "Name": "github.com/containerd/errdefs", "Identifier": { "PURL": "pkg:golang/github.com/containerd/errdefs@v1.0.0", "UID": "f8ca7dd5e0e7562a" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/containerd/errdefs/pkg@v0.3.0", "Name": "github.com/containerd/errdefs/pkg", "Identifier": { "PURL": "pkg:golang/github.com/containerd/errdefs/pkg@v0.3.0", "UID": "fa87ae25e4f30a56" }, "Version": "v0.3.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/coreos/go-systemd/v22@v22.6.0", "Name": "github.com/coreos/go-systemd/v22", "Identifier": { "PURL": "pkg:golang/github.com/coreos/go-systemd/v22@v22.6.0", "UID": "2a3d647d245b4dec" }, "Version": "v22.6.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", "Name": "github.com/davecgh/go-spew", "Identifier": { "PURL": "pkg:golang/github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", "UID": "7f9c3bf016fe96fb" }, "Version": "v1.1.2-0.20180830191138-d8f796af33cc", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/dennwc/varint@v1.0.0", "Name": "github.com/dennwc/varint", "Identifier": { "PURL": "pkg:golang/github.com/dennwc/varint@v1.0.0", "UID": "fb3314d028337e63" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/digitalocean/godo@v1.178.0", "Name": "github.com/digitalocean/godo", "Identifier": { "PURL": "pkg:golang/github.com/digitalocean/godo@v1.178.0", "UID": "254ea2e68f6651e2" }, "Version": "v1.178.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/distribution/reference@v0.6.0", "Name": "github.com/distribution/reference", "Identifier": { "PURL": "pkg:golang/github.com/distribution/reference@v0.6.0", "UID": "610829b63c40bd11" }, "Version": "v0.6.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/docker/docker@v28.5.2+incompatible", "Name": "github.com/docker/docker", "Identifier": { "PURL": "pkg:golang/github.com/docker/docker@v28.5.2%2Bincompatible", "UID": "80cdc665acbb41b4" }, "Version": "v28.5.2+incompatible", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/docker/go-connections@v0.6.0", "Name": "github.com/docker/go-connections", "Identifier": { "PURL": "pkg:golang/github.com/docker/go-connections@v0.6.0", "UID": "45066699ccb27404" }, "Version": "v0.6.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/docker/go-units@v0.5.0", "Name": "github.com/docker/go-units", "Identifier": { "PURL": "pkg:golang/github.com/docker/go-units@v0.5.0", "UID": "88cd8ac6326caa20" }, "Version": "v0.5.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/edsrzf/mmap-go@v1.2.0", "Name": "github.com/edsrzf/mmap-go", "Identifier": { "PURL": "pkg:golang/github.com/edsrzf/mmap-go@v1.2.0", "UID": "8476589f616975f1" }, "Version": "v1.2.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/emicklei/go-restful/v3@v3.12.2", "Name": "github.com/emicklei/go-restful/v3", "Identifier": { "PURL": "pkg:golang/github.com/emicklei/go-restful/v3@v3.12.2", "UID": "b9ac4cb4df50c8be" }, "Version": "v3.12.2", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/envoyproxy/go-control-plane/envoy@v1.37.0", "Name": "github.com/envoyproxy/go-control-plane/envoy", "Identifier": { "PURL": "pkg:golang/github.com/envoyproxy/go-control-plane/envoy@v1.37.0", "UID": "2acc3e0970bafad3" }, "Version": "v1.37.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/envoyproxy/protoc-gen-validate@v1.3.3", "Name": "github.com/envoyproxy/protoc-gen-validate", "Identifier": { "PURL": "pkg:golang/github.com/envoyproxy/protoc-gen-validate@v1.3.3", "UID": "1927afaf611ec82d" }, "Version": "v1.3.3", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/facette/natsort@v0.0.0-20181210072756-2cd4dd1e2dcb", "Name": "github.com/facette/natsort", "Identifier": { "PURL": "pkg:golang/github.com/facette/natsort@v0.0.0-20181210072756-2cd4dd1e2dcb", "UID": "ec9d1999270a8090" }, "Version": "v0.0.0-20181210072756-2cd4dd1e2dcb", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/fatih/color@v1.18.0", "Name": "github.com/fatih/color", "Identifier": { "PURL": "pkg:golang/github.com/fatih/color@v1.18.0", "UID": "2ffe79a61f03db19" }, "Version": "v1.18.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/felixge/fgprof@v0.9.5", "Name": "github.com/felixge/fgprof", "Identifier": { "PURL": "pkg:golang/github.com/felixge/fgprof@v0.9.5", "UID": "6b9cd8559c9819a6" }, "Version": "v0.9.5", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/felixge/httpsnoop@v1.0.4", "Name": "github.com/felixge/httpsnoop", "Identifier": { "PURL": "pkg:golang/github.com/felixge/httpsnoop@v1.0.4", "UID": "53c235ddafdbe330" }, "Version": "v1.0.4", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/fsnotify/fsnotify@v1.9.0", "Name": "github.com/fsnotify/fsnotify", "Identifier": { "PURL": "pkg:golang/github.com/fsnotify/fsnotify@v1.9.0", "UID": "efab054f0986d7bd" }, "Version": "v1.9.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/fxamacker/cbor/v2@v2.9.0", "Name": "github.com/fxamacker/cbor/v2", "Identifier": { "PURL": "pkg:golang/github.com/fxamacker/cbor/v2@v2.9.0", "UID": "673ebec4a246a081" }, "Version": "v2.9.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-logr/logr@v1.4.3", "Name": "github.com/go-logr/logr", "Identifier": { "PURL": "pkg:golang/github.com/go-logr/logr@v1.4.3", "UID": "e8ad8c279e129d08" }, "Version": "v1.4.3", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-logr/stdr@v1.2.2", "Name": "github.com/go-logr/stdr", "Identifier": { "PURL": "pkg:golang/github.com/go-logr/stdr@v1.2.2", "UID": "ef187250bed07a4b" }, "Version": "v1.2.2", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/analysis@v0.24.2", "Name": "github.com/go-openapi/analysis", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/analysis@v0.24.2", "UID": "45e4389362f9bc12" }, "Version": "v0.24.2", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/errors@v0.22.7", "Name": "github.com/go-openapi/errors", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/errors@v0.22.7", "UID": "411d12f71356a680" }, "Version": "v0.22.7", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/jsonpointer@v0.22.5", "Name": "github.com/go-openapi/jsonpointer", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/jsonpointer@v0.22.5", "UID": "4d3a1caa37a80f1b" }, "Version": "v0.22.5", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/jsonreference@v0.21.4", "Name": "github.com/go-openapi/jsonreference", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/jsonreference@v0.21.4", "UID": "2d9f310cc5608738" }, "Version": "v0.21.4", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/loads@v0.23.2", "Name": "github.com/go-openapi/loads", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/loads@v0.23.2", "UID": "55d54250a5eb89ed" }, "Version": "v0.23.2", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/spec@v0.22.3", "Name": "github.com/go-openapi/spec", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/spec@v0.22.3", "UID": "c1755afce8f7e5d5" }, "Version": "v0.22.3", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/strfmt@v0.26.1", "Name": "github.com/go-openapi/strfmt", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/strfmt@v0.26.1", "UID": "9d067101dbad2dd4" }, "Version": "v0.26.1", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag@v0.25.4", "Name": "github.com/go-openapi/swag", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag@v0.25.4", "UID": "3e0ea858daeb7731" }, "Version": "v0.25.4", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/cmdutils@v0.25.4", "Name": "github.com/go-openapi/swag/cmdutils", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/cmdutils@v0.25.4", "UID": "751e5ac754562d4" }, "Version": "v0.25.4", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/conv@v0.25.4", "Name": "github.com/go-openapi/swag/conv", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/conv@v0.25.4", "UID": "e1ae997975887467" }, "Version": "v0.25.4", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/fileutils@v0.25.4", "Name": "github.com/go-openapi/swag/fileutils", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/fileutils@v0.25.4", "UID": "678c382701636f83" }, "Version": "v0.25.4", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/jsonname@v0.25.5", "Name": "github.com/go-openapi/swag/jsonname", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/jsonname@v0.25.5", "UID": "72872bf24308511c" }, "Version": "v0.25.5", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/jsonutils@v0.25.4", "Name": "github.com/go-openapi/swag/jsonutils", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/jsonutils@v0.25.4", "UID": "c024f2c8a1d7176f" }, "Version": "v0.25.4", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/loading@v0.25.4", "Name": "github.com/go-openapi/swag/loading", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/loading@v0.25.4", "UID": "9f792668fb1294dc" }, "Version": "v0.25.4", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/mangling@v0.25.4", "Name": "github.com/go-openapi/swag/mangling", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/mangling@v0.25.4", "UID": "5cbe00f5d78984aa" }, "Version": "v0.25.4", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/netutils@v0.25.4", "Name": "github.com/go-openapi/swag/netutils", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/netutils@v0.25.4", "UID": "cf03a7f7c951f66" }, "Version": "v0.25.4", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/stringutils@v0.25.4", "Name": "github.com/go-openapi/swag/stringutils", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/stringutils@v0.25.4", "UID": "f03be0a70d9ccf26" }, "Version": "v0.25.4", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/typeutils@v0.25.4", "Name": "github.com/go-openapi/swag/typeutils", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/typeutils@v0.25.4", "UID": "f3102484fe67329a" }, "Version": "v0.25.4", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/yamlutils@v0.25.4", "Name": "github.com/go-openapi/swag/yamlutils", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/yamlutils@v0.25.4", "UID": "b55d6bf5deeb3d6d" }, "Version": "v0.25.4", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/validate@v0.25.1", "Name": "github.com/go-openapi/validate", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/validate@v0.25.1", "UID": "514e0cffe4a2f7be" }, "Version": "v0.25.1", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-resty/resty/v2@v2.17.2", "Name": "github.com/go-resty/resty/v2", "Identifier": { "PURL": "pkg:golang/github.com/go-resty/resty/v2@v2.17.2", "UID": "b6fcc63433a1468d" }, "Version": "v2.17.2", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-viper/mapstructure/v2@v2.5.0", "Name": "github.com/go-viper/mapstructure/v2", "Identifier": { "PURL": "pkg:golang/github.com/go-viper/mapstructure/v2@v2.5.0", "UID": "2212f9d52f9374ba" }, "Version": "v2.5.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-zookeeper/zk@v1.0.4", "Name": "github.com/go-zookeeper/zk", "Identifier": { "PURL": "pkg:golang/github.com/go-zookeeper/zk@v1.0.4", "UID": "aadc78f2f1704f5f" }, "Version": "v1.0.4", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/gobwas/glob@v0.2.3", "Name": "github.com/gobwas/glob", "Identifier": { "PURL": "pkg:golang/github.com/gobwas/glob@v0.2.3", "UID": "2fc5bd60ae976498" }, "Version": "v0.2.3", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/gogo/protobuf@v1.3.2", "Name": "github.com/gogo/protobuf", "Identifier": { "PURL": "pkg:golang/github.com/gogo/protobuf@v1.3.2", "UID": "3b1159e4f396bb77" }, "Version": "v1.3.2", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/golang-jwt/jwt/v5@v5.3.1", "Name": "github.com/golang-jwt/jwt/v5", "Identifier": { "PURL": "pkg:golang/github.com/golang-jwt/jwt/v5@v5.3.1", "UID": "67e17c88e7239736" }, "Version": "v5.3.1", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/golang/snappy@v1.0.0", "Name": "github.com/golang/snappy", "Identifier": { "PURL": "pkg:golang/github.com/golang/snappy@v1.0.0", "UID": "7d76bb2cbe6599b4" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/gnostic-models@v0.7.0", "Name": "github.com/google/gnostic-models", "Identifier": { "PURL": "pkg:golang/github.com/google/gnostic-models@v0.7.0", "UID": "7f0007e695fec4c6" }, "Version": "v0.7.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/go-cmp@v0.7.0", "Name": "github.com/google/go-cmp", "Identifier": { "PURL": "pkg:golang/github.com/google/go-cmp@v0.7.0", "UID": "7b1bec43162b2e5d" }, "Version": "v0.7.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/go-querystring@v1.2.0", "Name": "github.com/google/go-querystring", "Identifier": { "PURL": "pkg:golang/github.com/google/go-querystring@v1.2.0", "UID": "324bbb8d9c13ff75" }, "Version": "v1.2.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/pprof@v0.0.0-20260302011040-a15ffb7f9dcc", "Name": "github.com/google/pprof", "Identifier": { "PURL": "pkg:golang/github.com/google/pprof@v0.0.0-20260302011040-a15ffb7f9dcc", "UID": "c0fb0b89dc748b2d" }, "Version": "v0.0.0-20260302011040-a15ffb7f9dcc", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/s2a-go@v0.1.9", "Name": "github.com/google/s2a-go", "Identifier": { "PURL": "pkg:golang/github.com/google/s2a-go@v0.1.9", "UID": "1ed090da124b6acf" }, "Version": "v0.1.9", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/uuid@v1.6.0", "Name": "github.com/google/uuid", "Identifier": { "PURL": "pkg:golang/github.com/google/uuid@v1.6.0", "UID": "25ab3a4fca20f1c5" }, "Version": "v1.6.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/googleapis/enterprise-certificate-proxy@v0.3.14", "Name": "github.com/googleapis/enterprise-certificate-proxy", "Identifier": { "PURL": "pkg:golang/github.com/googleapis/enterprise-certificate-proxy@v0.3.14", "UID": "58469f5e2e6a6e6f" }, "Version": "v0.3.14", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/googleapis/gax-go/v2@v2.18.0", "Name": "github.com/googleapis/gax-go/v2", "Identifier": { "PURL": "pkg:golang/github.com/googleapis/gax-go/v2@v2.18.0", "UID": "f9d0d6becf5df9bc" }, "Version": "v2.18.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/gophercloud/gophercloud/v2@v2.11.1", "Name": "github.com/gophercloud/gophercloud/v2", "Identifier": { "PURL": "pkg:golang/github.com/gophercloud/gophercloud/v2@v2.11.1", "UID": "46e223ce4ece55ad" }, "Version": "v2.11.1", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/gorilla/websocket@v1.5.4-0.20250319132907-e064f32e3674", "Name": "github.com/gorilla/websocket", "Identifier": { "PURL": "pkg:golang/github.com/gorilla/websocket@v1.5.4-0.20250319132907-e064f32e3674", "UID": "1856ae635780099d" }, "Version": "v1.5.4-0.20250319132907-e064f32e3674", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/grafana/regexp@v0.0.0-20250905093917-f7b3be9d1853", "Name": "github.com/grafana/regexp", "Identifier": { "PURL": "pkg:golang/github.com/grafana/regexp@v0.0.0-20250905093917-f7b3be9d1853", "UID": "822035ea59528563" }, "Version": "v0.0.0-20250905093917-f7b3be9d1853", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/grpc-ecosystem/grpc-gateway/v2@v2.28.0", "Name": "github.com/grpc-ecosystem/grpc-gateway/v2", "Identifier": { "PURL": "pkg:golang/github.com/grpc-ecosystem/grpc-gateway/v2@v2.28.0", "UID": "ccebbcbe843b6819" }, "Version": "v2.28.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/consul/api@v1.32.1", "Name": "github.com/hashicorp/consul/api", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/consul/api@v1.32.1", "UID": "e77ebd36d161b64c" }, "Version": "v1.32.1", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/cronexpr@v1.1.3", "Name": "github.com/hashicorp/cronexpr", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/cronexpr@v1.1.3", "UID": "21557fa059d57ab3" }, "Version": "v1.1.3", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/errwrap@v1.1.0", "Name": "github.com/hashicorp/errwrap", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/errwrap@v1.1.0", "UID": "ebfa4413fb46b91" }, "Version": "v1.1.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/go-cleanhttp@v0.5.2", "Name": "github.com/hashicorp/go-cleanhttp", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/go-cleanhttp@v0.5.2", "UID": "2b65889b563b1631" }, "Version": "v0.5.2", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/go-hclog@v1.6.3", "Name": "github.com/hashicorp/go-hclog", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/go-hclog@v1.6.3", "UID": "5926656a648cfb84" }, "Version": "v1.6.3", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/go-immutable-radix@v1.3.1", "Name": "github.com/hashicorp/go-immutable-radix", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/go-immutable-radix@v1.3.1", "UID": "da12230e2a3cb4d7" }, "Version": "v1.3.1", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/go-multierror@v1.1.1", "Name": "github.com/hashicorp/go-multierror", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/go-multierror@v1.1.1", "UID": "3c705bfbeeb5f3fb" }, "Version": "v1.1.1", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/go-retryablehttp@v0.7.8", "Name": "github.com/hashicorp/go-retryablehttp", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/go-retryablehttp@v0.7.8", "UID": "6411265ae96af57e" }, "Version": "v0.7.8", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/go-rootcerts@v1.0.2", "Name": "github.com/hashicorp/go-rootcerts", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/go-rootcerts@v1.0.2", "UID": "bb528f8483175ec0" }, "Version": "v1.0.2", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/go-version@v1.8.0", "Name": "github.com/hashicorp/go-version", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/go-version@v1.8.0", "UID": "3721d9135393987d" }, "Version": "v1.8.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/golang-lru@v0.6.0", "Name": "github.com/hashicorp/golang-lru", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/golang-lru@v0.6.0", "UID": "dacc1b50f2ff05f0" }, "Version": "v0.6.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/nomad/api@v0.0.0-20260324203407-b27b0c2e019a", "Name": "github.com/hashicorp/nomad/api", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/nomad/api@v0.0.0-20260324203407-b27b0c2e019a", "UID": "f0cedd1a9c0edb09" }, "Version": "v0.0.0-20260324203407-b27b0c2e019a", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/serf@v0.10.1", "Name": "github.com/hashicorp/serf", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/serf@v0.10.1", "UID": "52ecd8deefd7b462" }, "Version": "v0.10.1", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hetznercloud/hcloud-go/v2@v2.36.0", "Name": "github.com/hetznercloud/hcloud-go/v2", "Identifier": { "PURL": "pkg:golang/github.com/hetznercloud/hcloud-go/v2@v2.36.0", "UID": "bc00c6c7fe5ff494" }, "Version": "v2.36.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/ionos-cloud/sdk-go/v6@v6.3.6", "Name": "github.com/ionos-cloud/sdk-go/v6", "Identifier": { "PURL": "pkg:golang/github.com/ionos-cloud/sdk-go/v6@v6.3.6", "UID": "b0a2e36a703d8060" }, "Version": "v6.3.6", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/jpillora/backoff@v1.0.0", "Name": "github.com/jpillora/backoff", "Identifier": { "PURL": "pkg:golang/github.com/jpillora/backoff@v1.0.0", "UID": "85acdaa6c4207e05" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/json-iterator/go@v1.1.12", "Name": "github.com/json-iterator/go", "Identifier": { "PURL": "pkg:golang/github.com/json-iterator/go@v1.1.12", "UID": "5519a505d2ee8627" }, "Version": "v1.1.12", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/julienschmidt/httprouter@v1.3.0", "Name": "github.com/julienschmidt/httprouter", "Identifier": { "PURL": "pkg:golang/github.com/julienschmidt/httprouter@v1.3.0", "UID": "8b38ab08468df208" }, "Version": "v1.3.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/klauspost/compress@v1.18.5", "Name": "github.com/klauspost/compress", "Identifier": { "PURL": "pkg:golang/github.com/klauspost/compress@v1.18.5", "UID": "ab8df8e53b8149ec" }, "Version": "v1.18.5", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/knadh/koanf/maps@v0.1.2", "Name": "github.com/knadh/koanf/maps", "Identifier": { "PURL": "pkg:golang/github.com/knadh/koanf/maps@v0.1.2", "UID": "9dda2d1b796905f1" }, "Version": "v0.1.2", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/knadh/koanf/providers/confmap@v1.0.0", "Name": "github.com/knadh/koanf/providers/confmap", "Identifier": { "PURL": "pkg:golang/github.com/knadh/koanf/providers/confmap@v1.0.0", "UID": "a5cbd9754048b97d" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/knadh/koanf/v2@v2.3.3", "Name": "github.com/knadh/koanf/v2", "Identifier": { "PURL": "pkg:golang/github.com/knadh/koanf/v2@v2.3.3", "UID": "c6b8530406fb1b7c" }, "Version": "v2.3.3", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/kolo/xmlrpc@v0.0.0-20220921171641-a4b6fa1dd06b", "Name": "github.com/kolo/xmlrpc", "Identifier": { "PURL": "pkg:golang/github.com/kolo/xmlrpc@v0.0.0-20220921171641-a4b6fa1dd06b", "UID": "2089f53c9f5cf46f" }, "Version": "v0.0.0-20220921171641-a4b6fa1dd06b", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/kylelemons/godebug@v1.1.0", "Name": "github.com/kylelemons/godebug", "Identifier": { "PURL": "pkg:golang/github.com/kylelemons/godebug@v1.1.0", "UID": "529d5064cebfd18c" }, "Version": "v1.1.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/linode/linodego@v1.66.0", "Name": "github.com/linode/linodego", "Identifier": { "PURL": "pkg:golang/github.com/linode/linodego@v1.66.0", "UID": "ded0b51d1f229ce5" }, "Version": "v1.66.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mattn/go-colorable@v0.1.14", "Name": "github.com/mattn/go-colorable", "Identifier": { "PURL": "pkg:golang/github.com/mattn/go-colorable@v0.1.14", "UID": "a294d8b24031a3bc" }, "Version": "v0.1.14", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mattn/go-isatty@v0.0.20", "Name": "github.com/mattn/go-isatty", "Identifier": { "PURL": "pkg:golang/github.com/mattn/go-isatty@v0.0.20", "UID": "57e7af910dd29cb0" }, "Version": "v0.0.20", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mdlayher/socket@v0.4.1", "Name": "github.com/mdlayher/socket", "Identifier": { "PURL": "pkg:golang/github.com/mdlayher/socket@v0.4.1", "UID": "1ee980ad8658cfff" }, "Version": "v0.4.1", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mdlayher/vsock@v1.2.1", "Name": "github.com/mdlayher/vsock", "Identifier": { "PURL": "pkg:golang/github.com/mdlayher/vsock@v1.2.1", "UID": "c8d4bf7194362c04" }, "Version": "v1.2.1", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/miekg/dns@v1.1.72", "Name": "github.com/miekg/dns", "Identifier": { "PURL": "pkg:golang/github.com/miekg/dns@v1.1.72", "UID": "9dd50b6675d8fe14" }, "Version": "v1.1.72", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mitchellh/copystructure@v1.2.0", "Name": "github.com/mitchellh/copystructure", "Identifier": { "PURL": "pkg:golang/github.com/mitchellh/copystructure@v1.2.0", "UID": "16765f0b945eb478" }, "Version": "v1.2.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mitchellh/mapstructure@v1.5.0", "Name": "github.com/mitchellh/mapstructure", "Identifier": { "PURL": "pkg:golang/github.com/mitchellh/mapstructure@v1.5.0", "UID": "3cb21089d6e8c2cd" }, "Version": "v1.5.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mitchellh/reflectwalk@v1.0.2", "Name": "github.com/mitchellh/reflectwalk", "Identifier": { "PURL": "pkg:golang/github.com/mitchellh/reflectwalk@v1.0.2", "UID": "7cce7f79d4fbba51" }, "Version": "v1.0.2", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/moby/docker-image-spec@v1.3.1", "Name": "github.com/moby/docker-image-spec", "Identifier": { "PURL": "pkg:golang/github.com/moby/docker-image-spec@v1.3.1", "UID": "399a508db176b47" }, "Version": "v1.3.1", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", "Name": "github.com/modern-go/concurrent", "Identifier": { "PURL": "pkg:golang/github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", "UID": "c9e50733e23b84b1" }, "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/modern-go/reflect2@v1.0.3-0.20250322232337-35a7c28c31ee", "Name": "github.com/modern-go/reflect2", "Identifier": { "PURL": "pkg:golang/github.com/modern-go/reflect2@v1.0.3-0.20250322232337-35a7c28c31ee", "UID": "3472270522abc345" }, "Version": "v1.0.3-0.20250322232337-35a7c28c31ee", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", "Name": "github.com/munnerz/goautoneg", "Identifier": { "PURL": "pkg:golang/github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", "UID": "57f7166a5f9270eb" }, "Version": "v0.0.0-20191010083416-a7dc8b61c822", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mwitkow/go-conntrack@v0.0.0-20190716064945-2f068394615f", "Name": "github.com/mwitkow/go-conntrack", "Identifier": { "PURL": "pkg:golang/github.com/mwitkow/go-conntrack@v0.0.0-20190716064945-2f068394615f", "UID": "4e7eee934a1b5c66" }, "Version": "v0.0.0-20190716064945-2f068394615f", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/oklog/run@v1.2.0", "Name": "github.com/oklog/run", "Identifier": { "PURL": "pkg:golang/github.com/oklog/run@v1.2.0", "UID": "b3db03a03616ac1f" }, "Version": "v1.2.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/oklog/ulid/v2@v2.1.1", "Name": "github.com/oklog/ulid/v2", "Identifier": { "PURL": "pkg:golang/github.com/oklog/ulid/v2@v2.1.1", "UID": "48b9800cf5b6bd9d" }, "Version": "v2.1.1", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/open-telemetry/opentelemetry-collector-contrib/internal/exp/metrics@v0.148.0", "Name": "github.com/open-telemetry/opentelemetry-collector-contrib/internal/exp/metrics", "Identifier": { "PURL": "pkg:golang/github.com/open-telemetry/opentelemetry-collector-contrib/internal/exp/metrics@v0.148.0", "UID": "f38a77a64300a5c4" }, "Version": "v0.148.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/open-telemetry/opentelemetry-collector-contrib/pkg/pdatautil@v0.148.0", "Name": "github.com/open-telemetry/opentelemetry-collector-contrib/pkg/pdatautil", "Identifier": { "PURL": "pkg:golang/github.com/open-telemetry/opentelemetry-collector-contrib/pkg/pdatautil@v0.148.0", "UID": "cf09cfdac047bd91" }, "Version": "v0.148.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/open-telemetry/opentelemetry-collector-contrib/processor/deltatocumulativeprocessor@v0.148.0", "Name": "github.com/open-telemetry/opentelemetry-collector-contrib/processor/deltatocumulativeprocessor", "Identifier": { "PURL": "pkg:golang/github.com/open-telemetry/opentelemetry-collector-contrib/processor/deltatocumulativeprocessor@v0.148.0", "UID": "ae85976f435f00ec" }, "Version": "v0.148.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/opencontainers/go-digest@v1.0.0", "Name": "github.com/opencontainers/go-digest", "Identifier": { "PURL": "pkg:golang/github.com/opencontainers/go-digest@v1.0.0", "UID": "31ad3a5885be9ba3" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/opencontainers/image-spec@v1.1.1", "Name": "github.com/opencontainers/image-spec", "Identifier": { "PURL": "pkg:golang/github.com/opencontainers/image-spec@v1.1.1", "UID": "941cd909b0de445d" }, "Version": "v1.1.1", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/ovh/go-ovh@v1.9.0", "Name": "github.com/ovh/go-ovh", "Identifier": { "PURL": "pkg:golang/github.com/ovh/go-ovh@v1.9.0", "UID": "d0eb17affc99c064" }, "Version": "v1.9.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/pb33f/jsonpath@v0.8.1", "Name": "github.com/pb33f/jsonpath", "Identifier": { "PURL": "pkg:golang/github.com/pb33f/jsonpath@v0.8.1", "UID": "9ca50b083e71ec75" }, "Version": "v0.8.1", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/pb33f/libopenapi@v0.34.3", "Name": "github.com/pb33f/libopenapi", "Identifier": { "PURL": "pkg:golang/github.com/pb33f/libopenapi@v0.34.3", "UID": "e575403ac0477ab8" }, "Version": "v0.34.3", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/pb33f/libopenapi-validator@v0.13.3", "Name": "github.com/pb33f/libopenapi-validator", "Identifier": { "PURL": "pkg:golang/github.com/pb33f/libopenapi-validator@v0.13.3", "UID": "2ff5f00549b6cc6f" }, "Version": "v0.13.3", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/pb33f/ordered-map/v2@v2.3.0", "Name": "github.com/pb33f/ordered-map/v2", "Identifier": { "PURL": "pkg:golang/github.com/pb33f/ordered-map/v2@v2.3.0", "UID": "b3c97f24e49a7f19" }, "Version": "v2.3.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/pbnjay/memory@v0.0.0-20210728143218-7b4eea64cf58", "Name": "github.com/pbnjay/memory", "Identifier": { "PURL": "pkg:golang/github.com/pbnjay/memory@v0.0.0-20210728143218-7b4eea64cf58", "UID": "990a75f814aea33e" }, "Version": "v0.0.0-20210728143218-7b4eea64cf58", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/pkg/browser@v0.0.0-20240102092130-5ac0b6a4141c", "Name": "github.com/pkg/browser", "Identifier": { "PURL": "pkg:golang/github.com/pkg/browser@v0.0.0-20240102092130-5ac0b6a4141c", "UID": "7761b3e5b0c31ae1" }, "Version": "v0.0.0-20240102092130-5ac0b6a4141c", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/pkg/errors@v0.9.1", "Name": "github.com/pkg/errors", "Identifier": { "PURL": "pkg:golang/github.com/pkg/errors@v0.9.1", "UID": "711469a245e0c8b5" }, "Version": "v0.9.1", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/pmezard/go-difflib@v1.0.1-0.20181226105442-5d4384ee4fb2", "Name": "github.com/pmezard/go-difflib", "Identifier": { "PURL": "pkg:golang/github.com/pmezard/go-difflib@v1.0.1-0.20181226105442-5d4384ee4fb2", "UID": "2f4e40bbf5aac03f" }, "Version": "v1.0.1-0.20181226105442-5d4384ee4fb2", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/alertmanager@v0.31.1", "Name": "github.com/prometheus/alertmanager", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/alertmanager@v0.31.1", "UID": "c008482d3a0f083d" }, "Version": "v0.31.1", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/client_golang@v1.23.2", "Name": "github.com/prometheus/client_golang", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/client_golang@v1.23.2", "UID": "eaca842d337faf42" }, "Version": "v1.23.2", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/client_golang/exp@v0.0.0-20260325093428-d8591d0db856", "Name": "github.com/prometheus/client_golang/exp", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/client_golang/exp@v0.0.0-20260325093428-d8591d0db856", "UID": "be271605da604045" }, "Version": "v0.0.0-20260325093428-d8591d0db856", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/client_model@v0.6.2", "Name": "github.com/prometheus/client_model", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/client_model@v0.6.2", "UID": "f770435bb9b4357" }, "Version": "v0.6.2", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/common@v0.67.5", "Name": "github.com/prometheus/common", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/common@v0.67.5", "UID": "304528c102d15192" }, "Version": "v0.67.5", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/common/assets@v0.2.0", "Name": "github.com/prometheus/common/assets", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/common/assets@v0.2.0", "UID": "f8e98ff884ecdc4c" }, "Version": "v0.2.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/exporter-toolkit@v0.15.1", "Name": "github.com/prometheus/exporter-toolkit", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/exporter-toolkit@v0.15.1", "UID": "eb99e485815f7fcf" }, "Version": "v0.15.1", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/otlptranslator@v1.0.0", "Name": "github.com/prometheus/otlptranslator", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/otlptranslator@v1.0.0", "UID": "c2cdb158286ff15b" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/procfs@v0.16.1", "Name": "github.com/prometheus/procfs", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/procfs@v0.16.1", "UID": "6fdf28eda9c5f0f4" }, "Version": "v0.16.1", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/sigv4@v0.4.1", "Name": "github.com/prometheus/sigv4", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/sigv4@v0.4.1", "UID": "211508854c7490ca" }, "Version": "v0.4.1", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/puzpuzpuz/xsync/v4@v4.4.0", "Name": "github.com/puzpuzpuz/xsync/v4", "Identifier": { "PURL": "pkg:golang/github.com/puzpuzpuz/xsync/v4@v4.4.0", "UID": "12ec49df1d5e7152" }, "Version": "v4.4.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/santhosh-tekuri/jsonschema/v6@v6.0.2", "Name": "github.com/santhosh-tekuri/jsonschema/v6", "Identifier": { "PURL": "pkg:golang/github.com/santhosh-tekuri/jsonschema/v6@v6.0.2", "UID": "83cdcf9d94a03bec" }, "Version": "v6.0.2", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/scaleway/scaleway-sdk-go@v1.0.0-beta.36", "Name": "github.com/scaleway/scaleway-sdk-go", "Identifier": { "PURL": "pkg:golang/github.com/scaleway/scaleway-sdk-go@v1.0.0-beta.36", "UID": "30c33ec1877d71c8" }, "Version": "v1.0.0-beta.36", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/spf13/pflag@v1.0.10", "Name": "github.com/spf13/pflag", "Identifier": { "PURL": "pkg:golang/github.com/spf13/pflag@v1.0.10", "UID": "a19cf44f862a3f99" }, "Version": "v1.0.10", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/stackitcloud/stackit-sdk-go/core@v0.23.0", "Name": "github.com/stackitcloud/stackit-sdk-go/core", "Identifier": { "PURL": "pkg:golang/github.com/stackitcloud/stackit-sdk-go/core@v0.23.0", "UID": "d818d87ba4c7a0f4" }, "Version": "v0.23.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/stretchr/testify@v1.11.1", "Name": "github.com/stretchr/testify", "Identifier": { "PURL": "pkg:golang/github.com/stretchr/testify@v1.11.1", "UID": "e1f925609bb64645" }, "Version": "v1.11.1", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/vultr/govultr/v3@v3.28.1", "Name": "github.com/vultr/govultr/v3", "Identifier": { "PURL": "pkg:golang/github.com/vultr/govultr/v3@v3.28.1", "UID": "ff73967bd387e119" }, "Version": "v3.28.1", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/x448/float16@v0.8.4", "Name": "github.com/x448/float16", "Identifier": { "PURL": "pkg:golang/github.com/x448/float16@v0.8.4", "UID": "5cf658e685bacb51" }, "Version": "v0.8.4", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/xhit/go-str2duration/v2@v2.1.0", "Name": "github.com/xhit/go-str2duration/v2", "Identifier": { "PURL": "pkg:golang/github.com/xhit/go-str2duration/v2@v2.1.0", "UID": "d8f44b3821e70459" }, "Version": "v2.1.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/auto/sdk@v1.2.1", "Name": "go.opentelemetry.io/auto/sdk", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/auto/sdk@v1.2.1", "UID": "de35fe5c8f3179e3" }, "Version": "v1.2.1", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/collector/component@v1.54.0", "Name": "go.opentelemetry.io/collector/component", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/collector/component@v1.54.0", "UID": "42de11cde12aca89" }, "Version": "v1.54.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/collector/confmap@v1.54.0", "Name": "go.opentelemetry.io/collector/confmap", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/collector/confmap@v1.54.0", "UID": "38b1c8d2c0eacdc5" }, "Version": "v1.54.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/collector/confmap/xconfmap@v0.148.0", "Name": "go.opentelemetry.io/collector/confmap/xconfmap", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/collector/confmap/xconfmap@v0.148.0", "UID": "1fd8ef0f798d9cc" }, "Version": "v0.148.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/collector/consumer@v1.54.0", "Name": "go.opentelemetry.io/collector/consumer", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/collector/consumer@v1.54.0", "UID": "cb83cef10bcf7a7e" }, "Version": "v1.54.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/collector/featuregate@v1.54.0", "Name": "go.opentelemetry.io/collector/featuregate", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/collector/featuregate@v1.54.0", "UID": "53fb34f5ff8748c2" }, "Version": "v1.54.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/collector/internal/componentalias@v0.148.0", "Name": "go.opentelemetry.io/collector/internal/componentalias", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/collector/internal/componentalias@v0.148.0", "UID": "294e254bddf88e43" }, "Version": "v0.148.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/collector/pdata@v1.54.0", "Name": "go.opentelemetry.io/collector/pdata", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/collector/pdata@v1.54.0", "UID": "5f14c8da97fb995a" }, "Version": "v1.54.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/collector/pipeline@v1.54.0", "Name": "go.opentelemetry.io/collector/pipeline", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/collector/pipeline@v1.54.0", "UID": "395074cfd24cc220" }, "Version": "v1.54.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/collector/processor@v1.54.0", "Name": "go.opentelemetry.io/collector/processor", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/collector/processor@v1.54.0", "UID": "976efb01ff8c4973" }, "Version": "v1.54.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace@v0.67.0", "Name": "go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace@v0.67.0", "UID": "e3e3659c52bc3f73" }, "Version": "v0.67.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.67.0", "Name": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.67.0", "UID": "8bd611c7476b1e8" }, "Version": "v0.67.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/otel@v1.42.0", "Name": "go.opentelemetry.io/otel", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel@v1.42.0", "UID": "ea8065bc78d88e47" }, "Version": "v1.42.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/otel/exporters/otlp/otlptrace@v1.42.0", "Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlptrace@v1.42.0", "UID": "ca4581cb56a63723" }, "Version": "v1.42.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@v1.42.0", "Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@v1.42.0", "UID": "c927bae0b462da0f" }, "Version": "v1.42.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp@v1.42.0", "Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp@v1.42.0", "UID": "a96bfd90f2d400cb" }, "Version": "v1.42.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/otel/metric@v1.42.0", "Name": "go.opentelemetry.io/otel/metric", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel/metric@v1.42.0", "UID": "535bc300eacce4aa" }, "Version": "v1.42.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/otel/sdk@v1.42.0", "Name": "go.opentelemetry.io/otel/sdk", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel/sdk@v1.42.0", "UID": "e049a293cf690f77" }, "Version": "v1.42.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/otel/trace@v1.42.0", "Name": "go.opentelemetry.io/otel/trace", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel/trace@v1.42.0", "UID": "4fb7000c7d548bc3" }, "Version": "v1.42.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/proto/otlp@v1.9.0", "Name": "go.opentelemetry.io/proto/otlp", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/proto/otlp@v1.9.0", "UID": "c9a0f30491cb2a63" }, "Version": "v1.9.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "go.uber.org/atomic@v1.11.0", "Name": "go.uber.org/atomic", "Identifier": { "PURL": "pkg:golang/go.uber.org/atomic@v1.11.0", "UID": "396e8c8d39fc3112" }, "Version": "v1.11.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "go.uber.org/automaxprocs@v1.6.0", "Name": "go.uber.org/automaxprocs", "Identifier": { "PURL": "pkg:golang/go.uber.org/automaxprocs@v1.6.0", "UID": "ab80bb6752964505" }, "Version": "v1.6.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "go.uber.org/goleak@v1.3.0", "Name": "go.uber.org/goleak", "Identifier": { "PURL": "pkg:golang/go.uber.org/goleak@v1.3.0", "UID": "7ad0a22e9d273419" }, "Version": "v1.3.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "go.uber.org/multierr@v1.11.0", "Name": "go.uber.org/multierr", "Identifier": { "PURL": "pkg:golang/go.uber.org/multierr@v1.11.0", "UID": "63863f051aba5dbb" }, "Version": "v1.11.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "go.uber.org/zap@v1.27.1", "Name": "go.uber.org/zap", "Identifier": { "PURL": "pkg:golang/go.uber.org/zap@v1.27.1", "UID": "5bc7a3b46406e936" }, "Version": "v1.27.1", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "go.yaml.in/yaml/v2@v2.4.4", "Name": "go.yaml.in/yaml/v2", "Identifier": { "PURL": "pkg:golang/go.yaml.in/yaml/v2@v2.4.4", "UID": "f18a332441ed536" }, "Version": "v2.4.4", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "go.yaml.in/yaml/v3@v3.0.4", "Name": "go.yaml.in/yaml/v3", "Identifier": { "PURL": "pkg:golang/go.yaml.in/yaml/v3@v3.0.4", "UID": "5d94579a2e20fec6" }, "Version": "v3.0.4", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "go.yaml.in/yaml/v4@v4.0.0-rc.4", "Name": "go.yaml.in/yaml/v4", "Identifier": { "PURL": "pkg:golang/go.yaml.in/yaml/v4@v4.0.0-rc.4", "UID": "314a88b684eae084" }, "Version": "v4.0.0-rc.4", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/crypto@v0.49.0", "Name": "golang.org/x/crypto", "Identifier": { "PURL": "pkg:golang/golang.org/x/crypto@v0.49.0", "UID": "6b2555101c89ec99" }, "Version": "v0.49.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/exp@v0.0.0-20260218203240-3dfff04db8fa", "Name": "golang.org/x/exp", "Identifier": { "PURL": "pkg:golang/golang.org/x/exp@v0.0.0-20260218203240-3dfff04db8fa", "UID": "7753c684b06bfd79" }, "Version": "v0.0.0-20260218203240-3dfff04db8fa", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/net@v0.52.0", "Name": "golang.org/x/net", "Identifier": { "PURL": "pkg:golang/golang.org/x/net@v0.52.0", "UID": "2f12636bf35b6ade" }, "Version": "v0.52.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/oauth2@v0.36.0", "Name": "golang.org/x/oauth2", "Identifier": { "PURL": "pkg:golang/golang.org/x/oauth2@v0.36.0", "UID": "a30d146e688d7a47" }, "Version": "v0.36.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/sync@v0.20.0", "Name": "golang.org/x/sync", "Identifier": { "PURL": "pkg:golang/golang.org/x/sync@v0.20.0", "UID": "d9d7654c82cc875b" }, "Version": "v0.20.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/sys@v0.42.0", "Name": "golang.org/x/sys", "Identifier": { "PURL": "pkg:golang/golang.org/x/sys@v0.42.0", "UID": "dc6f0902775523de" }, "Version": "v0.42.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/term@v0.41.0", "Name": "golang.org/x/term", "Identifier": { "PURL": "pkg:golang/golang.org/x/term@v0.41.0", "UID": "20a04e6727819824" }, "Version": "v0.41.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/text@v0.35.0", "Name": "golang.org/x/text", "Identifier": { "PURL": "pkg:golang/golang.org/x/text@v0.35.0", "UID": "bc482050949f4481" }, "Version": "v0.35.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/time@v0.15.0", "Name": "golang.org/x/time", "Identifier": { "PURL": "pkg:golang/golang.org/x/time@v0.15.0", "UID": "7d5f4b4171b30994" }, "Version": "v0.15.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/api@v0.272.0", "Name": "google.golang.org/api", "Identifier": { "PURL": "pkg:golang/google.golang.org/api@v0.272.0", "UID": "445671508be01f60" }, "Version": "v0.272.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/genproto/googleapis/api@v0.0.0-20260319201613-d00831a3d3e7", "Name": "google.golang.org/genproto/googleapis/api", "Identifier": { "PURL": "pkg:golang/google.golang.org/genproto/googleapis/api@v0.0.0-20260319201613-d00831a3d3e7", "UID": "b5990eae76e9072c" }, "Version": "v0.0.0-20260319201613-d00831a3d3e7", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/genproto/googleapis/rpc@v0.0.0-20260311181403-84a4fc48630c", "Name": "google.golang.org/genproto/googleapis/rpc", "Identifier": { "PURL": "pkg:golang/google.golang.org/genproto/googleapis/rpc@v0.0.0-20260311181403-84a4fc48630c", "UID": "64aff811bd17e609" }, "Version": "v0.0.0-20260311181403-84a4fc48630c", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/grpc@v1.79.3", "Name": "google.golang.org/grpc", "Identifier": { "PURL": "pkg:golang/google.golang.org/grpc@v1.79.3", "UID": "2d09810516bbc3d7" }, "Version": "v1.79.3", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/protobuf@v1.36.11", "Name": "google.golang.org/protobuf", "Identifier": { "PURL": "pkg:golang/google.golang.org/protobuf@v1.36.11", "UID": "61803db316219043" }, "Version": "v1.36.11", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/evanphx/json-patch.v4@v4.13.0", "Name": "gopkg.in/evanphx/json-patch.v4", "Identifier": { "PURL": "pkg:golang/gopkg.in/evanphx/json-patch.v4@v4.13.0", "UID": "aeb3ac32ffd1e700" }, "Version": "v4.13.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/inf.v0@v0.9.1", "Name": "gopkg.in/inf.v0", "Identifier": { "PURL": "pkg:golang/gopkg.in/inf.v0@v0.9.1", "UID": "71ae235a8179f079" }, "Version": "v0.9.1", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/ini.v1@v1.67.1", "Name": "gopkg.in/ini.v1", "Identifier": { "PURL": "pkg:golang/gopkg.in/ini.v1@v1.67.1", "UID": "e45a1b4abb9d1aa7" }, "Version": "v1.67.1", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/yaml.v2@v2.4.0", "Name": "gopkg.in/yaml.v2", "Identifier": { "PURL": "pkg:golang/gopkg.in/yaml.v2@v2.4.0", "UID": "5d696abc510482cf" }, "Version": "v2.4.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/yaml.v3@v3.0.1", "Name": "gopkg.in/yaml.v3", "Identifier": { "PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1", "UID": "894b6b9e956b0bcb" }, "Version": "v3.0.1", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/api@v0.35.3", "Name": "k8s.io/api", "Identifier": { "PURL": "pkg:golang/k8s.io/api@v0.35.3", "UID": "f25fefce0c2431f9" }, "Version": "v0.35.3", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/apimachinery@v0.35.3", "Name": "k8s.io/apimachinery", "Identifier": { "PURL": "pkg:golang/k8s.io/apimachinery@v0.35.3", "UID": "72ea161fb20d85bb" }, "Version": "v0.35.3", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/client-go@v0.35.3", "Name": "k8s.io/client-go", "Identifier": { "PURL": "pkg:golang/k8s.io/client-go@v0.35.3", "UID": "e5311bb6db53bb22" }, "Version": "v0.35.3", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/klog@v1.0.0", "Name": "k8s.io/klog", "Identifier": { "PURL": "pkg:golang/k8s.io/klog@v1.0.0", "UID": "50421466fcbf5ff7" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/klog/v2@v2.140.0", "Name": "k8s.io/klog/v2", "Identifier": { "PURL": "pkg:golang/k8s.io/klog/v2@v2.140.0", "UID": "e37583d83b22515e" }, "Version": "v2.140.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/kube-openapi@v0.0.0-20250910181357-589584f1c912", "Name": "k8s.io/kube-openapi", "Identifier": { "PURL": "pkg:golang/k8s.io/kube-openapi@v0.0.0-20250910181357-589584f1c912", "UID": "d98d76f9e1fee2f" }, "Version": "v0.0.0-20250910181357-589584f1c912", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/utils@v0.0.0-20251002143259-bc988d571ff4", "Name": "k8s.io/utils", "Identifier": { "PURL": "pkg:golang/k8s.io/utils@v0.0.0-20251002143259-bc988d571ff4", "UID": "d42ef5e7bc7d137f" }, "Version": "v0.0.0-20251002143259-bc988d571ff4", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/json@v0.0.0-20250730193827-2d320260d730", "Name": "sigs.k8s.io/json", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/json@v0.0.0-20250730193827-2d320260d730", "UID": "7ed447bde08e46d5" }, "Version": "v0.0.0-20250730193827-2d320260d730", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/randfill@v1.0.0", "Name": "sigs.k8s.io/randfill", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/randfill@v1.0.0", "UID": "809e21831ae4b5ba" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/structured-merge-diff/v6@v6.3.0", "Name": "sigs.k8s.io/structured-merge-diff/v6", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/structured-merge-diff/v6@v6.3.0", "UID": "b6a741b7e39a206d" }, "Version": "v6.3.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/yaml@v1.6.0", "Name": "sigs.k8s.io/yaml", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/yaml@v1.6.0", "UID": "938df54684fecea9" }, "Version": "v1.6.0", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "AnalyzedBy": "gobinary" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2026-32285", "VendorIDs": [ "GHSA-6g7g-w4f8-9c9x" ], "PkgID": "github.com/buger/jsonparser@v1.1.1", "PkgName": "github.com/buger/jsonparser", "PkgIdentifier": { "PURL": "pkg:golang/github.com/buger/jsonparser@v1.1.1", "UID": "73110281e49618c1" }, "InstalledVersion": "v1.1.1", "FixedVersion": "1.1.2", "Status": "fixed", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32285", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:49ac7d415e3c79c02bb0c28964c34634b0aaad6d2bbd7251bc8a20dfb553f0d0", "Title": "github.com/buger/jsonparser: github.com/buger/jsonparser: Denial of Service via malformed JSON input", "Description": "The Delete function fails to properly validate offsets when processing malformed JSON input. This can lead to a negative slice index and a runtime panic, allowing a denial of service attack.", "Severity": "HIGH", "CweIDs": [ "CWE-129" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32285", "https://github.com/buger/jsonparser", "https://github.com/buger/jsonparser/commit/a69e7e01cd4ad67bdfd3ac2c080b9212af16f4b0", "https://github.com/buger/jsonparser/issues/275", "https://github.com/buger/jsonparser/pull/276", "https://github.com/buger/jsonparser/releases/tag/v1.1.2", "https://github.com/golang/vulndb/issues/4514", "https://nvd.nist.gov/vuln/detail/CVE-2026-32285", "https://pkg.go.dev/vuln/GO-2026-4514", "https://securityinfinity.com/research/buger-jsonparser-negative-slice-panic-dos-2026", "https://www.cve.org/CVERecord?id=CVE-2026-32285" ], "PublishedDate": "2026-03-26T20:16:12.197Z", "LastModifiedDate": "2026-04-21T15:42:07.52Z" }, { "VulnerabilityID": "CVE-2026-34040", "VendorIDs": [ "GHSA-x744-4wpc-v9h2" ], "PkgID": "github.com/docker/docker@v28.5.2+incompatible", "PkgName": "github.com/docker/docker", "PkgIdentifier": { "PURL": "pkg:golang/github.com/docker/docker@v28.5.2%2Bincompatible", "UID": "80cdc665acbb41b4" }, "InstalledVersion": "v28.5.2+incompatible", "FixedVersion": "29.3.1", "Status": "fixed", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34040", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:04ebb2194e574d3645067d7d14e225eefbf5b456a725abb377e64a3b799eae7d", "Title": "Moby: Moby: Authorization bypass vulnerability", "Description": "Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1.", "Severity": "HIGH", "CweIDs": [ "CWE-288" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "nvd": 3, "photon": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 8.8 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "V3Score": 8.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-34040", "https://docs.docker.com/engine/extend/plugins_authorization", "https://github.com/moby/moby", "https://github.com/moby/moby/commit/e89edb19ad7de0407a5d31e3111cb01aa10b5a38", "https://github.com/moby/moby/releases/tag/docker-v29.3.1", "https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq", "https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2", "https://nvd.nist.gov/vuln/detail/CVE-2026-34040", "https://www.cve.org/CVERecord?id=CVE-2026-34040" ], "PublishedDate": "2026-03-31T03:15:57.883Z", "LastModifiedDate": "2026-04-03T16:51:28.67Z" }, { "VulnerabilityID": "CVE-2026-41567", "VendorIDs": [ "GHSA-x86f-5xw2-fm2r" ], "PkgID": "github.com/docker/docker@v28.5.2+incompatible", "PkgName": "github.com/docker/docker", "PkgIdentifier": { "PURL": "pkg:golang/github.com/docker/docker@v28.5.2%2Bincompatible", "UID": "80cdc665acbb41b4" }, "InstalledVersion": "v28.5.2+incompatible", "Status": "affected", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-41567", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:47d75cc27f34edaf5dafbabaf75cfce1245488baee895d665f2dc0d3f7657f76", "Title": "Docker: `PUT /containers/{id}/archive` executes container binary on the host", "Description": "## Summary\n\nWhen a user uploads a compressed archive into a container, a malicious image can execute arbitrary code with daemon (host root) privileges.\n\n## Details\n\nWhen handling `PUT /containers/{id}/archive` requests with compressed archives, the daemon decompresses them using external system binaries. Due to incorrect ordering of operations, these binaries are resolved from the container's filesystem rather than the host's. A container image that includes a trojanized decompression binary can achieve code execution as the daemon process whenever a compressed archive is uploaded to that container.\n\nThe executed binary runs with the daemon's full privileges, including host root UID and unrestricted capabilities.\n\n## Impact\n\nArbitrary code execution as host root, crossing the container-to-host trust boundary.\n\n### Conditions for exploitation\n\n- A user must run a container from a malicious image that contains a trojanized decompression binary.\n- The user must then upload a compressed archive (xz or gzip) into that container, either by piping a compressed archive via `docker cp -` or by calling the `PUT /containers/{id}/archive` API directly with compressed content.\n\n### Not affected\n\nStandard `docker cp` usage is **not** affected, because the CLI sends uncompressed tar by default:\n\n```\ndocker cp ./file.txt mycontainer:/file.txt\n```\n\nThis can only be exploited when explicitly passing a xz or gzip-compressed archive to `docker cp` or the `PUT /containers/{id}/archive` API, for example:\n\n```\ncat archive.tar.xz | docker cp - mycontainer:/dir\n```\n\nDecompression formats using pure Go implementations (bzip2, zstd, and gzip when the container image does not contain an `unpigz` binary) are also not affected.\n\n## Workarounds\n\n- Only run containers from trusted images.\n- Use authorization plugins to limit access to the `PUT /containers/{id}/archive` endpoint.\n- Avoid piping compressed archives into containers created from untrusted images.", "Severity": "HIGH", "VendorSeverity": { "ghsa": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", "V3Score": 7.2 } }, "References": [ "https://github.com/moby/moby", "https://github.com/moby/moby/security/advisories/GHSA-x86f-5xw2-fm2r" ] }, { "VulnerabilityID": "CVE-2026-42306", "VendorIDs": [ "GHSA-rg2x-37c3-w2rh" ], "PkgID": "github.com/docker/docker@v28.5.2+incompatible", "PkgName": "github.com/docker/docker", "PkgIdentifier": { "PURL": "pkg:golang/github.com/docker/docker@v28.5.2%2Bincompatible", "UID": "80cdc665acbb41b4" }, "InstalledVersion": "v28.5.2+incompatible", "Status": "affected", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42306", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:d288c666dfb4023f309775f41cd591ddcc56dd1c1583dd155c34d0526bbf2aa6", "Title": "Docker: Race condition in docker cp allows bind mount redirection to host path", "Description": "## Summary\n\nA race condition during `docker cp` mount setup allows a malicious container to redirect a bind mount target to an arbitrary host path, potentially overwriting host files or causing denial of service.\n\n## Details\n\nWhen copying files into a container, the daemon sets up a temporary filesystem view by bind-mounting volumes into a private mount namespace. During this setup, the mount destination is created inside the container root and then a bind mount is attached using the container-relative path resolved to an absolute host path.\n\nBetween mountpoint creation and the `mount()` syscall, a process running inside the container can replace the destination (or a parent path component) with a symlink pointing to an arbitrary location on the host. The `mount()` syscall follows the symlink, causing the volume to be bind-mounted onto an arbitrary host path instead of the intended container path.\n\n## Impact\n\nA malicious container can redirect a volume bind mount to an arbitrary host path. The impact depends on the volume content and mount options:\n\n- If the volume is writable, arbitrary host files at the redirected path could be overwritten with the volume's contents.\n- If the volume is read-only, the host path is masked by the mount for the duration of the operation, causing denial of service.\n- In all cases the mount is temporary (torn down after the `docker cp` completes), but the effects of any writes persist.\n\n### Conditions for exploitation\n\n- A container must have at least one volume mount.\n- A process inside the container must be able to rapidly create and swap symlinks at the volume mount destination path.\n- An operator must initiate a `docker cp` into that container, or call the `PUT /containers/{id}/archive` or `HEAD /containers/{id}/archive` API endpoints.\n\n### Not affected\n\n- Containers that do not have volume mounts are not affected, as the race occurs during volume bind-mount setup.\n\n## Workarounds\n\n- Only run containers from trusted images.\n- Avoid using `docker cp` with untrusted running containers.\n- Use authorization plugins to restrict access to the archive API endpoints (`PUT /containers/{id}/archive`, `HEAD /containers/{id}/archive`).", "Severity": "HIGH", "VendorSeverity": { "ghsa": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:H", "V3Score": 7.2 } }, "References": [ "https://github.com/moby/moby", "https://github.com/moby/moby/security/advisories/GHSA-rg2x-37c3-w2rh" ] }, { "VulnerabilityID": "CVE-2026-33997", "VendorIDs": [ "GHSA-pxq6-2prw-chj9" ], "PkgID": "github.com/docker/docker@v28.5.2+incompatible", "PkgName": "github.com/docker/docker", "PkgIdentifier": { "PURL": "pkg:golang/github.com/docker/docker@v28.5.2%2Bincompatible", "UID": "80cdc665acbb41b4" }, "InstalledVersion": "v28.5.2+incompatible", "FixedVersion": "29.3.1", "Status": "fixed", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33997", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:29ebe9110bc9a76b1fffb61276bff7cec0586602dac41fe9a9b960a0f7e81c46", "Title": "moby: docker: github.com/moby/moby: Moby: Privilege validation bypass during plugin installation", "Description": "Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a privilege set that differs from the one approved by the user. Plugins that request exactly one privilege are also affected, because no comparison is performed at all. This issue has been patched in version 29.3.1.", "Severity": "MEDIUM", "CweIDs": [ "CWE-193" ], "VendorSeverity": { "amazon": 2, "ghsa": 2, "nvd": 3, "photon": 3, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "V3Score": 6.8 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", "V3Score": 8.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33997", "https://docs.docker.com/engine/extend/legacy_plugins", "https://github.com/moby/moby", "https://github.com/moby/moby/commit/f4d6f25bf0c3fa12d4968320a45685947756a22a", "https://github.com/moby/moby/releases/tag/docker-v29.3.1", "https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9", "https://nvd.nist.gov/vuln/detail/CVE-2026-33997", "https://www.cve.org/CVERecord?id=CVE-2026-33997" ], "PublishedDate": "2026-03-31T03:15:57.523Z", "LastModifiedDate": "2026-04-03T17:23:21.307Z" }, { "VulnerabilityID": "CVE-2026-41568", "VendorIDs": [ "GHSA-vp62-88p7-qqf5" ], "PkgID": "github.com/docker/docker@v28.5.2+incompatible", "PkgName": "github.com/docker/docker", "PkgIdentifier": { "PURL": "pkg:golang/github.com/docker/docker@v28.5.2%2Bincompatible", "UID": "80cdc665acbb41b4" }, "InstalledVersion": "v28.5.2+incompatible", "Status": "affected", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-41568", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:75475811480b8d92fef3e5e585b5b9029eaedce3c88567c19ec7e2f267d5e92f", "Title": "Docker: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap", "Description": "## Summary\n\nA race condition during `docker cp` mount setup allows a malicious container to create empty files or directories at arbitrary absolute paths on the host filesystem.\n\nThis advisory covers the race during mountpoint creation. The related race during the subsequent mount syscall is tracked in GHSA-rg2x-37c3-w2rh\n\n## Details\n\nWhen copying files into a container, the daemon sets up a temporary filesystem view by bind-mounting volumes into a private mount namespace. During this setup, the mount destination path is first resolved within the container's root filesystem using `GetResourcePath`, and then used to create the mountpoint (file or directory) if it does not already exist via `createIfNotExists`.\n\nBetween path resolution and mountpoint creation, a process running inside the container can swap a path component for a symlink pointing to an arbitrary location on the host. Because `createIfNotExists` operates on the already-resolved absolute path using standard `os.MkdirAll` and `os.OpenFile` — which follow symlinks in intermediate path components — the symlink is followed and the file or directory is created outside the container root filesystem, as root.\n\n## Impact\n\nA malicious container can create empty files or directories at arbitrary absolute paths on the host filesystem, running as root. This enables persistent denial of service — for example:\n\n- Converting `/etc/docker/daemon.json` into a directory prevents the daemon from restarting\n- Creating `/etc/nologin` prevents user logins\n- Overwriting critical system paths with empty files can break host services\n\nThe container does not gain read or write access to existing host files — only the ability to create new empty files or directories at chosen paths.\n\n### Conditions for exploitation\n\n- A container must be running with a process that can rapidly create and swap symlinks at a volume mount destination path.\n- An operator must initiate a `docker cp` into that container, or call the `PUT /containers/{id}/archive` or `HEAD /containers/{id}/archive` API endpoints.\n\n### Not affected\n\n- Containers that do not have volume mounts are not affected, as the race occurs during volume bind-mount setup.\n\n## Patches\n\nMountpoint creation is now scoped to the container root using `os.Root` (Go 1.24+), which refuses to follow symlinks that escape the opened root directory. All filesystem operations in `createIfNotExists` (`MkdirAll`, `OpenFile`) are performed through the `os.Root` handle, so even if a symlink swap occurs after path resolution, the creation stays confined to the container root.\n\n## Workarounds\n\n- Only run containers from trusted images.\n- Avoid using `docker cp` with untrusted running containers.\n- Use authorization plugins to restrict access to the archive API endpoints (`PUT /containers/{id}/archive`, `HEAD /containers/{id}/archive`).", "Severity": "MEDIUM", "VendorSeverity": { "ghsa": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:H", "V3Score": 6 } }, "References": [ "https://github.com/moby/moby", "https://github.com/moby/moby/security/advisories/GHSA-vp62-88p7-qqf5" ] }, { "VulnerabilityID": "CVE-2026-39882", "VendorIDs": [ "GHSA-w8rr-5gcm-pp58" ], "PkgID": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp@v1.42.0", "PkgName": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp", "PkgIdentifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp@v1.42.0", "UID": "a96bfd90f2d400cb" }, "InstalledVersion": "v1.42.0", "FixedVersion": "1.43.0", "Status": "fixed", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39882", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:959779163b20339124064054d4dbf9f46d440e4c59998d497ba6fd3684a2ccca", "Title": "OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1 ...", "Description": "OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to 1.43.0, the otlp HTTP exporters (traces/metrics/logs) read the full HTTP response body into an in-memory bytes.Buffer without a size cap. This is exploitable for memory exhaustion when the configured collector endpoint is attacker-controlled (or a network attacker can mitm the exporter connection). This vulnerability is fixed in 1.43.0.", "Severity": "MEDIUM", "CweIDs": [ "CWE-789" ], "VendorSeverity": { "amazon": 2, "azure": 2, "ghsa": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.3 } }, "References": [ "http://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.43.0", "https://github.com/open-telemetry/opentelemetry-go", "https://github.com/open-telemetry/opentelemetry-go/pull/8108", "https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-w8rr-5gcm-pp58", "https://nvd.nist.gov/vuln/detail/CVE-2026-39882" ], "PublishedDate": "2026-04-08T21:17:00.547Z", "LastModifiedDate": "2026-04-09T18:39:55.73Z" }, { "VulnerabilityID": "CVE-2026-39883", "VendorIDs": [ "GHSA-hfvc-g4fc-pqhx" ], "PkgID": "go.opentelemetry.io/otel/sdk@v1.42.0", "PkgName": "go.opentelemetry.io/otel/sdk", "PkgIdentifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel/sdk@v1.42.0", "UID": "e049a293cf690f77" }, "InstalledVersion": "v1.42.0", "FixedVersion": "1.43.0", "Status": "fixed", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39883", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:1834c7d723331bb4c79bd0d8ae19b32edbe4ed5a314480dbd667e6234e6addfa", "Title": "opentelemetry-go: BSD kenv command not using absolute path enables PATH hijacking", "Description": "OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.15.0 to 1.42.0, the fix for CVE-2026-24051 changed the Darwin ioreg command to use an absolute path but left the BSD kenv command using a bare name, allowing the same PATH hijacking attack on BSD and Solaris platforms. This vulnerability is fixed in 1.43.0.", "Severity": "HIGH", "CweIDs": [ "CWE-426" ], "VendorSeverity": { "ghsa": 3, "nvd": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "V40Score": 7.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "http://github.com/open-telemetry/opentelemetry-go/releases/tag/v1.43.0", "https://github.com/open-telemetry/opentelemetry-go", "https://github.com/open-telemetry/opentelemetry-go/security/advisories/GHSA-hfvc-g4fc-pqhx", "https://nvd.nist.gov/vuln/detail/CVE-2026-39883" ], "PublishedDate": "2026-04-08T21:17:00.697Z", "LastModifiedDate": "2026-04-10T21:16:27.12Z" }, { "VulnerabilityID": "CVE-2026-33811", "VendorIDs": [ "GO-2026-4981" ], "PkgID": "stdlib@v1.26.2", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.26.2", "UID": "f8b9f4accc86a9be" }, "InstalledVersion": "v1.26.2", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c0dacea47b72604123e5f93f3e2d0db96305ddbb302db984af6258dbfebfbf7a", "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", "Severity": "HIGH", "CweIDs": [ "CWE-415" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/767860", "https://go.dev/issue/78803", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", "https://pkg.go.dev/vuln/GO-2026-4981" ], "PublishedDate": "2026-05-07T20:16:42.77Z", "LastModifiedDate": "2026-05-12T20:23:02.333Z" }, { "VulnerabilityID": "CVE-2026-33814", "VendorIDs": [ "GO-2026-4918" ], "PkgID": "stdlib@v1.26.2", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.26.2", "UID": "f8b9f4accc86a9be" }, "InstalledVersion": "v1.26.2", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:61aa2fa3b2e0705fd053531a3e44f6fa63a05e0771657bc4fbd61ca437158d03", "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", "Severity": "HIGH", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/761581", "https://go.dev/cl/761640", "https://go.dev/issue/78476", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", "https://pkg.go.dev/vuln/GO-2026-4918" ], "PublishedDate": "2026-05-07T20:16:42.88Z", "LastModifiedDate": "2026-05-13T14:41:59.52Z" }, { "VulnerabilityID": "CVE-2026-39820", "VendorIDs": [ "GO-2026-4986" ], "PkgID": "stdlib@v1.26.2", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.26.2", "UID": "f8b9f4accc86a9be" }, "InstalledVersion": "v1.26.2", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3de0d46890d9c011e57a238b413c8043f136cbb2c917e0b80e1e1fbd59d53de1", "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/759940", "https://go.dev/issue/78566", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", "https://pkg.go.dev/vuln/GO-2026-4986" ], "PublishedDate": "2026-05-07T20:16:43.187Z", "LastModifiedDate": "2026-05-13T15:10:58.65Z" }, { "VulnerabilityID": "CVE-2026-39836", "VendorIDs": [ "GO-2026-4971" ], "PkgID": "stdlib@v1.26.2", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.26.2", "UID": "f8b9f4accc86a9be" }, "InstalledVersion": "v1.26.2", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:a501f4c79273d94ccca23c67762daa2cf5ee7201fffacafe15c50713fae04f41", "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/775320", "https://go.dev/issue/79006", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", "https://pkg.go.dev/vuln/GO-2026-4971" ], "PublishedDate": "2026-05-07T20:16:43.593Z", "LastModifiedDate": "2026-05-13T15:11:10.31Z" }, { "VulnerabilityID": "CVE-2026-42499", "VendorIDs": [ "GO-2026-4977" ], "PkgID": "stdlib@v1.26.2", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.26.2", "UID": "f8b9f4accc86a9be" }, "InstalledVersion": "v1.26.2", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:037e8196d9e93151445fa49e5db8e796d3a886358de21e76c9932bae89d081eb", "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", "Severity": "HIGH", "VendorSeverity": { "bitnami": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/771520", "https://go.dev/issue/78987", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", "https://pkg.go.dev/vuln/GO-2026-4977" ], "PublishedDate": "2026-05-07T20:16:44.54Z", "LastModifiedDate": "2026-05-13T16:59:17.563Z" }, { "VulnerabilityID": "CVE-2026-39823", "VendorIDs": [ "GO-2026-4982" ], "PkgID": "stdlib@v1.26.2", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.26.2", "UID": "f8b9f4accc86a9be" }, "InstalledVersion": "v1.26.2", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:46ea3c44d2311c08ce5fe011556f92f866f47c10c4f6f532c71809b76c318dbb", "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/769920", "https://go.dev/issue/78913", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", "https://pkg.go.dev/vuln/GO-2026-4982" ], "PublishedDate": "2026-05-07T20:16:43.29Z", "LastModifiedDate": "2026-05-13T16:58:45.697Z" }, { "VulnerabilityID": "CVE-2026-39825", "VendorIDs": [ "GO-2026-4976" ], "PkgID": "stdlib@v1.26.2", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.26.2", "UID": "f8b9f4accc86a9be" }, "InstalledVersion": "v1.26.2", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:558ec9fd67fb46abf091405bca6b81c7c6cbbdd57137ff88c150b8deafddd5a9", "Title": "ReverseProxy can forward queries containing parameters not visible to ...", "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", "Severity": "MEDIUM", "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://go.dev/cl/770541", "https://go.dev/issue/78948", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", "https://pkg.go.dev/vuln/GO-2026-4976" ], "PublishedDate": "2026-05-07T20:16:43.39Z", "LastModifiedDate": "2026-05-13T16:58:56.39Z" }, { "VulnerabilityID": "CVE-2026-39826", "VendorIDs": [ "GO-2026-4980" ], "PkgID": "stdlib@v1.26.2", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.26.2", "UID": "f8b9f4accc86a9be" }, "InstalledVersion": "v1.26.2", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:ac03b73ed425ccc4c226d454dd32af41361bdef8c4d190e58c5884d5718e6acc", "DiffID": "sha256:cf6d9503cf828c9b7e3205cb5b95e23d6988eaafa2c2641c8a93a4dc9e0d6c48" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3fa90bb7950ad1f1cd289a25b8bd93d4126d24d2293ea2ce13b73432fd5d098f", "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", "Severity": "MEDIUM", "CweIDs": [ "CWE-116" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/771180", "https://go.dev/issue/78981", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", "https://pkg.go.dev/vuln/GO-2026-4980" ], "PublishedDate": "2026-05-07T20:16:43.49Z", "LastModifiedDate": "2026-05-13T16:59:07.48Z" } ] }, { "Target": "bin/promtool", "Class": "lang-pkgs", "Type": "gobinary", "Packages": [ { "ID": "github.com/prometheus/prometheus@v3.11.3", "Name": "github.com/prometheus/prometheus", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/prometheus@3.11.3", "UID": "d0b7596820559c68" }, "Version": "3.11.3", "Relationship": "root", "DependsOn": [ "cloud.google.com/go/auth/oauth2adapt@v0.2.8", "cloud.google.com/go/auth@v0.18.2", "cloud.google.com/go/compute/metadata@v0.9.0", "github.com/Azure/azure-sdk-for-go/sdk/azcore@v1.21.0", "github.com/Azure/azure-sdk-for-go/sdk/azidentity@v1.13.1", "github.com/Azure/azure-sdk-for-go/sdk/internal@v1.11.2", "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5@v5.7.0", "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v4@v4.3.0", "github.com/AzureAD/microsoft-authentication-library-for-go@v1.6.0", "github.com/Code-Hex/go-generics-cache@v1.5.1", "github.com/alecthomas/kingpin/v2@v2.4.0", "github.com/alecthomas/units@v0.0.0-20240927000941-0f3dac36c52b", "github.com/armon/go-metrics@v0.4.1", "github.com/aws/aws-sdk-go-v2/config@v1.32.12", "github.com/aws/aws-sdk-go-v2/credentials@v1.19.12", "github.com/aws/aws-sdk-go-v2/feature/ec2/imds@v1.18.20", "github.com/aws/aws-sdk-go-v2/internal/configsources@v1.4.20", "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.7.20", "github.com/aws/aws-sdk-go-v2/internal/ini@v1.8.6", "github.com/aws/aws-sdk-go-v2/service/ec2@v1.296.0", "github.com/aws/aws-sdk-go-v2/service/ecs@v1.74.0", "github.com/aws/aws-sdk-go-v2/service/elasticache@v1.51.12", "github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding@v1.13.7", "github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.13.20", "github.com/aws/aws-sdk-go-v2/service/kafka@v1.49.1", "github.com/aws/aws-sdk-go-v2/service/lightsail@v1.51.0", "github.com/aws/aws-sdk-go-v2/service/rds@v1.117.0", "github.com/aws/aws-sdk-go-v2/service/signin@v1.0.8", "github.com/aws/aws-sdk-go-v2/service/sso@v1.30.13", "github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.35.17", "github.com/aws/aws-sdk-go-v2/service/sts@v1.41.9", "github.com/aws/aws-sdk-go-v2@v1.41.4", "github.com/aws/smithy-go@v1.24.2", "github.com/bboreham/go-loser@v0.0.0-20230920113527-fcc2c21820a3", "github.com/beorn7/perks@v1.0.1", "github.com/cespare/xxhash/v2@v2.3.0", "github.com/cncf/xds/go@v0.0.0-20251210132809-ee656c7534f5", "github.com/containerd/errdefs/pkg@v0.3.0", "github.com/containerd/errdefs@v1.0.0", "github.com/coreos/go-systemd/v22@v22.6.0", "github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", "github.com/dennwc/varint@v1.0.0", "github.com/digitalocean/godo@v1.178.0", "github.com/distribution/reference@v0.6.0", "github.com/docker/docker@v28.5.2+incompatible", "github.com/docker/go-connections@v0.6.0", "github.com/docker/go-units@v0.5.0", "github.com/edsrzf/mmap-go@v1.2.0", "github.com/emicklei/go-restful/v3@v3.12.2", "github.com/envoyproxy/go-control-plane/envoy@v1.37.0", "github.com/envoyproxy/protoc-gen-validate@v1.3.3", "github.com/facette/natsort@v0.0.0-20181210072756-2cd4dd1e2dcb", "github.com/fatih/color@v1.18.0", "github.com/felixge/httpsnoop@v1.0.4", "github.com/fsnotify/fsnotify@v1.9.0", "github.com/fxamacker/cbor/v2@v2.9.0", "github.com/go-logr/logr@v1.4.3", "github.com/go-logr/stdr@v1.2.2", "github.com/go-openapi/analysis@v0.24.2", "github.com/go-openapi/errors@v0.22.7", "github.com/go-openapi/jsonpointer@v0.22.5", "github.com/go-openapi/jsonreference@v0.21.4", "github.com/go-openapi/loads@v0.23.2", "github.com/go-openapi/spec@v0.22.3", "github.com/go-openapi/strfmt@v0.26.1", "github.com/go-openapi/swag/cmdutils@v0.25.4", "github.com/go-openapi/swag/conv@v0.25.4", "github.com/go-openapi/swag/fileutils@v0.25.4", "github.com/go-openapi/swag/jsonname@v0.25.5", "github.com/go-openapi/swag/jsonutils@v0.25.4", "github.com/go-openapi/swag/loading@v0.25.4", "github.com/go-openapi/swag/mangling@v0.25.4", "github.com/go-openapi/swag/netutils@v0.25.4", "github.com/go-openapi/swag/stringutils@v0.25.4", "github.com/go-openapi/swag/typeutils@v0.25.4", "github.com/go-openapi/swag/yamlutils@v0.25.4", "github.com/go-openapi/swag@v0.25.4", "github.com/go-openapi/validate@v0.25.1", "github.com/go-resty/resty/v2@v2.17.2", "github.com/go-viper/mapstructure/v2@v2.5.0", "github.com/go-zookeeper/zk@v1.0.4", "github.com/gogo/protobuf@v1.3.2", "github.com/golang-jwt/jwt/v5@v5.3.1", "github.com/golang/snappy@v1.0.0", "github.com/google/gnostic-models@v0.7.0", "github.com/google/go-cmp@v0.7.0", "github.com/google/go-querystring@v1.2.0", "github.com/google/pprof@v0.0.0-20260302011040-a15ffb7f9dcc", "github.com/google/s2a-go@v0.1.9", "github.com/google/uuid@v1.6.0", "github.com/googleapis/enterprise-certificate-proxy@v0.3.14", "github.com/googleapis/gax-go/v2@v2.18.0", "github.com/gophercloud/gophercloud/v2@v2.11.1", "github.com/gorilla/websocket@v1.5.4-0.20250319132907-e064f32e3674", "github.com/grafana/regexp@v0.0.0-20250905093917-f7b3be9d1853", "github.com/hashicorp/consul/api@v1.32.1", "github.com/hashicorp/cronexpr@v1.1.3", "github.com/hashicorp/errwrap@v1.1.0", "github.com/hashicorp/go-cleanhttp@v0.5.2", "github.com/hashicorp/go-hclog@v1.6.3", "github.com/hashicorp/go-immutable-radix@v1.3.1", "github.com/hashicorp/go-multierror@v1.1.1", "github.com/hashicorp/go-retryablehttp@v0.7.8", "github.com/hashicorp/go-rootcerts@v1.0.2", "github.com/hashicorp/golang-lru@v0.6.0", "github.com/hashicorp/nomad/api@v0.0.0-20260324203407-b27b0c2e019a", "github.com/hashicorp/serf@v0.10.1", "github.com/hetznercloud/hcloud-go/v2@v2.36.0", "github.com/ionos-cloud/sdk-go/v6@v6.3.6", "github.com/jpillora/backoff@v1.0.0", "github.com/json-iterator/go@v1.1.12", "github.com/klauspost/compress@v1.18.5", "github.com/kolo/xmlrpc@v0.0.0-20220921171641-a4b6fa1dd06b", "github.com/kylelemons/godebug@v1.1.0", "github.com/linode/linodego@v1.66.0", "github.com/mattn/go-colorable@v0.1.14", "github.com/mattn/go-isatty@v0.0.20", "github.com/mdlayher/socket@v0.4.1", "github.com/mdlayher/vsock@v1.2.1", "github.com/miekg/dns@v1.1.72", "github.com/mitchellh/mapstructure@v1.5.0", "github.com/moby/docker-image-spec@v1.3.1", "github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", "github.com/modern-go/reflect2@v1.0.3-0.20250322232337-35a7c28c31ee", "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", "github.com/mwitkow/go-conntrack@v0.0.0-20190716064945-2f068394615f", "github.com/nsf/jsondiff@v0.0.0-20260207060731-8e8d90c4c0ac", "github.com/oklog/ulid/v2@v2.1.1", "github.com/opencontainers/go-digest@v1.0.0", "github.com/opencontainers/image-spec@v1.1.1", "github.com/ovh/go-ovh@v1.9.0", "github.com/pkg/browser@v0.0.0-20240102092130-5ac0b6a4141c", "github.com/pkg/errors@v0.9.1", "github.com/pmezard/go-difflib@v1.0.1-0.20181226105442-5d4384ee4fb2", "github.com/prometheus/alertmanager@v0.31.1", "github.com/prometheus/client_golang/exp@v0.0.0-20260325093428-d8591d0db856", "github.com/prometheus/client_golang@v1.23.2", "github.com/prometheus/client_model@v0.6.2", "github.com/prometheus/common@v0.67.5", "github.com/prometheus/exporter-toolkit@v0.15.1", "github.com/prometheus/otlptranslator@v1.0.0", "github.com/prometheus/procfs@v0.16.1", "github.com/prometheus/sigv4@v0.4.1", "github.com/scaleway/scaleway-sdk-go@v1.0.0-beta.36", "github.com/spf13/pflag@v1.0.10", "github.com/stackitcloud/stackit-sdk-go/core@v0.23.0", "github.com/stretchr/testify@v1.11.1", "github.com/vultr/govultr/v3@v3.28.1", "github.com/x448/float16@v0.8.4", "github.com/xhit/go-str2duration/v2@v2.1.0", "go.opentelemetry.io/auto/sdk@v1.2.1", "go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace@v0.67.0", "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.67.0", "go.opentelemetry.io/otel/metric@v1.42.0", "go.opentelemetry.io/otel/trace@v1.42.0", "go.opentelemetry.io/otel@v1.42.0", "go.uber.org/atomic@v1.11.0", "go.uber.org/goleak@v1.3.0", "go.yaml.in/yaml/v2@v2.4.4", "go.yaml.in/yaml/v3@v3.0.4", "golang.org/x/crypto@v0.49.0", "golang.org/x/exp@v0.0.0-20260218203240-3dfff04db8fa", "golang.org/x/net@v0.52.0", "golang.org/x/oauth2@v0.36.0", "golang.org/x/sync@v0.20.0", "golang.org/x/sys@v0.42.0", "golang.org/x/term@v0.41.0", "golang.org/x/text@v0.35.0", "golang.org/x/time@v0.15.0", "google.golang.org/api@v0.272.0", "google.golang.org/genproto/googleapis/api@v0.0.0-20260319201613-d00831a3d3e7", "google.golang.org/genproto/googleapis/rpc@v0.0.0-20260311181403-84a4fc48630c", "google.golang.org/grpc@v1.79.3", "google.golang.org/protobuf@v1.36.11", "gopkg.in/evanphx/json-patch.v4@v4.13.0", "gopkg.in/inf.v0@v0.9.1", "gopkg.in/ini.v1@v1.67.1", "gopkg.in/yaml.v2@v2.4.0", "gopkg.in/yaml.v3@v3.0.1", "k8s.io/api@v0.35.3", "k8s.io/apimachinery@v0.35.3", "k8s.io/client-go@v0.35.3", "k8s.io/klog/v2@v2.140.0", "k8s.io/kube-openapi@v0.0.0-20250910181357-589584f1c912", "k8s.io/utils@v0.0.0-20251002143259-bc988d571ff4", "sigs.k8s.io/json@v0.0.0-20250730193827-2d320260d730", "sigs.k8s.io/randfill@v1.0.0", "sigs.k8s.io/structured-merge-diff/v6@v6.3.0", "sigs.k8s.io/yaml@v1.6.0", "stdlib@v1.26.2" ], "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "stdlib@v1.26.2", "Name": "stdlib", "Identifier": { "PURL": "pkg:golang/stdlib@v1.26.2", "UID": "440e189b541082a8" }, "Version": "v1.26.2", "Relationship": "direct", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "cloud.google.com/go/auth@v0.18.2", "Name": "cloud.google.com/go/auth", "Identifier": { "PURL": "pkg:golang/cloud.google.com/go/auth@v0.18.2", "UID": "eb503a9682aa0004" }, "Version": "v0.18.2", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "cloud.google.com/go/auth/oauth2adapt@v0.2.8", "Name": "cloud.google.com/go/auth/oauth2adapt", "Identifier": { "PURL": "pkg:golang/cloud.google.com/go/auth/oauth2adapt@v0.2.8", "UID": "f33cdc8e9bfe8fc7" }, "Version": "v0.2.8", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "cloud.google.com/go/compute/metadata@v0.9.0", "Name": "cloud.google.com/go/compute/metadata", "Identifier": { "PURL": "pkg:golang/cloud.google.com/go/compute/metadata@v0.9.0", "UID": "78d23c152d075a27" }, "Version": "v0.9.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Azure/azure-sdk-for-go/sdk/azcore@v1.21.0", "Name": "github.com/Azure/azure-sdk-for-go/sdk/azcore", "Identifier": { "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/azcore@v1.21.0", "UID": "edd5dd01150c728e" }, "Version": "v1.21.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Azure/azure-sdk-for-go/sdk/azidentity@v1.13.1", "Name": "github.com/Azure/azure-sdk-for-go/sdk/azidentity", "Identifier": { "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/azidentity@v1.13.1", "UID": "a2a5fa3acbfa1a59" }, "Version": "v1.13.1", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Azure/azure-sdk-for-go/sdk/internal@v1.11.2", "Name": "github.com/Azure/azure-sdk-for-go/sdk/internal", "Identifier": { "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/internal@v1.11.2", "UID": "15f732fd65503168" }, "Version": "v1.11.2", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5@v5.7.0", "Name": "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5", "Identifier": { "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/resourcemanager/compute/armcompute/v5@v5.7.0", "UID": "f5415a6628fa5cd" }, "Version": "v5.7.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v4@v4.3.0", "Name": "github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v4", "Identifier": { "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v4@v4.3.0", "UID": "28ca8f75d33058f" }, "Version": "v4.3.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/AzureAD/microsoft-authentication-library-for-go@v1.6.0", "Name": "github.com/AzureAD/microsoft-authentication-library-for-go", "Identifier": { "PURL": "pkg:golang/github.com/azuread/microsoft-authentication-library-for-go@v1.6.0", "UID": "aef3b8ba2411b3d8" }, "Version": "v1.6.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Code-Hex/go-generics-cache@v1.5.1", "Name": "github.com/Code-Hex/go-generics-cache", "Identifier": { "PURL": "pkg:golang/github.com/code-hex/go-generics-cache@v1.5.1", "UID": "2d783eb278890459" }, "Version": "v1.5.1", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/alecthomas/kingpin/v2@v2.4.0", "Name": "github.com/alecthomas/kingpin/v2", "Identifier": { "PURL": "pkg:golang/github.com/alecthomas/kingpin/v2@v2.4.0", "UID": "8acc6e8588325f59" }, "Version": "v2.4.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/alecthomas/units@v0.0.0-20240927000941-0f3dac36c52b", "Name": "github.com/alecthomas/units", "Identifier": { "PURL": "pkg:golang/github.com/alecthomas/units@v0.0.0-20240927000941-0f3dac36c52b", "UID": "1eb7a88f83d1e90d" }, "Version": "v0.0.0-20240927000941-0f3dac36c52b", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/armon/go-metrics@v0.4.1", "Name": "github.com/armon/go-metrics", "Identifier": { "PURL": "pkg:golang/github.com/armon/go-metrics@v0.4.1", "UID": "35b558868e4ea7fa" }, "Version": "v0.4.1", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2@v1.41.4", "Name": "github.com/aws/aws-sdk-go-v2", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2@v1.41.4", "UID": "4c8c660c3fce523a" }, "Version": "v1.41.4", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/config@v1.32.12", "Name": "github.com/aws/aws-sdk-go-v2/config", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/config@v1.32.12", "UID": "9ba8679d36275b3a" }, "Version": "v1.32.12", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/credentials@v1.19.12", "Name": "github.com/aws/aws-sdk-go-v2/credentials", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/credentials@v1.19.12", "UID": "794bdc584807338f" }, "Version": "v1.19.12", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/feature/ec2/imds@v1.18.20", "Name": "github.com/aws/aws-sdk-go-v2/feature/ec2/imds", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/feature/ec2/imds@v1.18.20", "UID": "f96e309a8d3dacec" }, "Version": "v1.18.20", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/internal/configsources@v1.4.20", "Name": "github.com/aws/aws-sdk-go-v2/internal/configsources", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/internal/configsources@v1.4.20", "UID": "93f9f52b5b991057" }, "Version": "v1.4.20", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.7.20", "Name": "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.7.20", "UID": "4a95423ce6855d17" }, "Version": "v2.7.20", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/internal/ini@v1.8.6", "Name": "github.com/aws/aws-sdk-go-v2/internal/ini", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/internal/ini@v1.8.6", "UID": "64352d99e4740bea" }, "Version": "v1.8.6", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/service/ec2@v1.296.0", "Name": "github.com/aws/aws-sdk-go-v2/service/ec2", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/ec2@v1.296.0", "UID": "a99a30027c6ccdf9" }, "Version": "v1.296.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/service/ecs@v1.74.0", "Name": "github.com/aws/aws-sdk-go-v2/service/ecs", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/ecs@v1.74.0", "UID": "7c837954fff60c50" }, "Version": "v1.74.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/service/elasticache@v1.51.12", "Name": "github.com/aws/aws-sdk-go-v2/service/elasticache", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/elasticache@v1.51.12", "UID": "de68f43a8e85d2d8" }, "Version": "v1.51.12", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding@v1.13.7", "Name": "github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding@v1.13.7", "UID": "268a2a21c9f9d0ce" }, "Version": "v1.13.7", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.13.20", "Name": "github.com/aws/aws-sdk-go-v2/service/internal/presigned-url", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.13.20", "UID": "424fd39aa2e56bf6" }, "Version": "v1.13.20", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/service/kafka@v1.49.1", "Name": "github.com/aws/aws-sdk-go-v2/service/kafka", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/kafka@v1.49.1", "UID": "c73b092f9d2e0d4b" }, "Version": "v1.49.1", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/service/lightsail@v1.51.0", "Name": "github.com/aws/aws-sdk-go-v2/service/lightsail", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/lightsail@v1.51.0", "UID": "5ca72ba40dd9f42" }, "Version": "v1.51.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/service/rds@v1.117.0", "Name": "github.com/aws/aws-sdk-go-v2/service/rds", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/rds@v1.117.0", "UID": "f83f647b687e4adc" }, "Version": "v1.117.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/service/signin@v1.0.8", "Name": "github.com/aws/aws-sdk-go-v2/service/signin", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/signin@v1.0.8", "UID": "a2a9eeaaf1400b48" }, "Version": "v1.0.8", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/service/sso@v1.30.13", "Name": "github.com/aws/aws-sdk-go-v2/service/sso", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/sso@v1.30.13", "UID": "2f32799d7c72f62e" }, "Version": "v1.30.13", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.35.17", "Name": "github.com/aws/aws-sdk-go-v2/service/ssooidc", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.35.17", "UID": "968040bb13fa765f" }, "Version": "v1.35.17", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/service/sts@v1.41.9", "Name": "github.com/aws/aws-sdk-go-v2/service/sts", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/sts@v1.41.9", "UID": "145d4e7fa75f1cc" }, "Version": "v1.41.9", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/smithy-go@v1.24.2", "Name": "github.com/aws/smithy-go", "Identifier": { "PURL": "pkg:golang/github.com/aws/smithy-go@v1.24.2", "UID": "a4f7074e36ed07a8" }, "Version": "v1.24.2", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/bboreham/go-loser@v0.0.0-20230920113527-fcc2c21820a3", "Name": "github.com/bboreham/go-loser", "Identifier": { "PURL": "pkg:golang/github.com/bboreham/go-loser@v0.0.0-20230920113527-fcc2c21820a3", "UID": "10db9db86355d395" }, "Version": "v0.0.0-20230920113527-fcc2c21820a3", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/beorn7/perks@v1.0.1", "Name": "github.com/beorn7/perks", "Identifier": { "PURL": "pkg:golang/github.com/beorn7/perks@v1.0.1", "UID": "40d9f68d6ac47de1" }, "Version": "v1.0.1", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cespare/xxhash/v2@v2.3.0", "Name": "github.com/cespare/xxhash/v2", "Identifier": { "PURL": "pkg:golang/github.com/cespare/xxhash/v2@v2.3.0", "UID": "62a027fca56d9bec" }, "Version": "v2.3.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cncf/xds/go@v0.0.0-20251210132809-ee656c7534f5", "Name": "github.com/cncf/xds/go", "Identifier": { "PURL": "pkg:golang/github.com/cncf/xds/go@v0.0.0-20251210132809-ee656c7534f5", "UID": "35cb15de7e81659c" }, "Version": "v0.0.0-20251210132809-ee656c7534f5", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/containerd/errdefs@v1.0.0", "Name": "github.com/containerd/errdefs", "Identifier": { "PURL": "pkg:golang/github.com/containerd/errdefs@v1.0.0", "UID": "80c95055f8abc718" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/containerd/errdefs/pkg@v0.3.0", "Name": "github.com/containerd/errdefs/pkg", "Identifier": { "PURL": "pkg:golang/github.com/containerd/errdefs/pkg@v0.3.0", "UID": "2ab87eedef209da8" }, "Version": "v0.3.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/coreos/go-systemd/v22@v22.6.0", "Name": "github.com/coreos/go-systemd/v22", "Identifier": { "PURL": "pkg:golang/github.com/coreos/go-systemd/v22@v22.6.0", "UID": "3fb1d1945448196" }, "Version": "v22.6.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", "Name": "github.com/davecgh/go-spew", "Identifier": { "PURL": "pkg:golang/github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", "UID": "2a4db94df09c2d2d" }, "Version": "v1.1.2-0.20180830191138-d8f796af33cc", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/dennwc/varint@v1.0.0", "Name": "github.com/dennwc/varint", "Identifier": { "PURL": "pkg:golang/github.com/dennwc/varint@v1.0.0", "UID": "e4c6564c0f6b9aa9" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/digitalocean/godo@v1.178.0", "Name": "github.com/digitalocean/godo", "Identifier": { "PURL": "pkg:golang/github.com/digitalocean/godo@v1.178.0", "UID": "d01c860dadfc6f6c" }, "Version": "v1.178.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/distribution/reference@v0.6.0", "Name": "github.com/distribution/reference", "Identifier": { "PURL": "pkg:golang/github.com/distribution/reference@v0.6.0", "UID": "f4fdc891540d49f" }, "Version": "v0.6.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/docker/docker@v28.5.2+incompatible", "Name": "github.com/docker/docker", "Identifier": { "PURL": "pkg:golang/github.com/docker/docker@v28.5.2%2Bincompatible", "UID": "f6d5f406fd53cd26" }, "Version": "v28.5.2+incompatible", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/docker/go-connections@v0.6.0", "Name": "github.com/docker/go-connections", "Identifier": { "PURL": "pkg:golang/github.com/docker/go-connections@v0.6.0", "UID": "4de57c82396d962a" }, "Version": "v0.6.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/docker/go-units@v0.5.0", "Name": "github.com/docker/go-units", "Identifier": { "PURL": "pkg:golang/github.com/docker/go-units@v0.5.0", "UID": "48755fbec63be532" }, "Version": "v0.5.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/edsrzf/mmap-go@v1.2.0", "Name": "github.com/edsrzf/mmap-go", "Identifier": { "PURL": "pkg:golang/github.com/edsrzf/mmap-go@v1.2.0", "UID": "c6209f740e2a01ef" }, "Version": "v1.2.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/emicklei/go-restful/v3@v3.12.2", "Name": "github.com/emicklei/go-restful/v3", "Identifier": { "PURL": "pkg:golang/github.com/emicklei/go-restful/v3@v3.12.2", "UID": "2884883d69d20b24" }, "Version": "v3.12.2", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/envoyproxy/go-control-plane/envoy@v1.37.0", "Name": "github.com/envoyproxy/go-control-plane/envoy", "Identifier": { "PURL": "pkg:golang/github.com/envoyproxy/go-control-plane/envoy@v1.37.0", "UID": "5d26a62531f418e5" }, "Version": "v1.37.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/envoyproxy/protoc-gen-validate@v1.3.3", "Name": "github.com/envoyproxy/protoc-gen-validate", "Identifier": { "PURL": "pkg:golang/github.com/envoyproxy/protoc-gen-validate@v1.3.3", "UID": "c5167f057d8fd717" }, "Version": "v1.3.3", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/facette/natsort@v0.0.0-20181210072756-2cd4dd1e2dcb", "Name": "github.com/facette/natsort", "Identifier": { "PURL": "pkg:golang/github.com/facette/natsort@v0.0.0-20181210072756-2cd4dd1e2dcb", "UID": "4ba908c4be2c1f1e" }, "Version": "v0.0.0-20181210072756-2cd4dd1e2dcb", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/fatih/color@v1.18.0", "Name": "github.com/fatih/color", "Identifier": { "PURL": "pkg:golang/github.com/fatih/color@v1.18.0", "UID": "4e1174e024e718e3" }, "Version": "v1.18.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/felixge/httpsnoop@v1.0.4", "Name": "github.com/felixge/httpsnoop", "Identifier": { "PURL": "pkg:golang/github.com/felixge/httpsnoop@v1.0.4", "UID": "68ffe344b6294142" }, "Version": "v1.0.4", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/fsnotify/fsnotify@v1.9.0", "Name": "github.com/fsnotify/fsnotify", "Identifier": { "PURL": "pkg:golang/github.com/fsnotify/fsnotify@v1.9.0", "UID": "2b7eddbb2e3807ab" }, "Version": "v1.9.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/fxamacker/cbor/v2@v2.9.0", "Name": "github.com/fxamacker/cbor/v2", "Identifier": { "PURL": "pkg:golang/github.com/fxamacker/cbor/v2@v2.9.0", "UID": "8602db8deb1607a3" }, "Version": "v2.9.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-logr/logr@v1.4.3", "Name": "github.com/go-logr/logr", "Identifier": { "PURL": "pkg:golang/github.com/go-logr/logr@v1.4.3", "UID": "faec3da6af2be65e" }, "Version": "v1.4.3", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-logr/stdr@v1.2.2", "Name": "github.com/go-logr/stdr", "Identifier": { "PURL": "pkg:golang/github.com/go-logr/stdr@v1.2.2", "UID": "204d99185efdfa8d" }, "Version": "v1.2.2", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/analysis@v0.24.2", "Name": "github.com/go-openapi/analysis", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/analysis@v0.24.2", "UID": "41d59946c5ebee88" }, "Version": "v0.24.2", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/errors@v0.22.7", "Name": "github.com/go-openapi/errors", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/errors@v0.22.7", "UID": "bca104328bba1c3e" }, "Version": "v0.22.7", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/jsonpointer@v0.22.5", "Name": "github.com/go-openapi/jsonpointer", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/jsonpointer@v0.22.5", "UID": "7352e314820ead99" }, "Version": "v0.22.5", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/jsonreference@v0.21.4", "Name": "github.com/go-openapi/jsonreference", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/jsonreference@v0.21.4", "UID": "52add103ac860a3e" }, "Version": "v0.21.4", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/loads@v0.23.2", "Name": "github.com/go-openapi/loads", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/loads@v0.23.2", "UID": "5aa8b00dd3152d9f" }, "Version": "v0.23.2", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/spec@v0.22.3", "Name": "github.com/go-openapi/spec", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/spec@v0.22.3", "UID": "45de748a24ae3b0b" }, "Version": "v0.22.3", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/strfmt@v0.26.1", "Name": "github.com/go-openapi/strfmt", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/strfmt@v0.26.1", "UID": "96061d236226fe4e" }, "Version": "v0.26.1", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag@v0.25.4", "Name": "github.com/go-openapi/swag", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag@v0.25.4", "UID": "b22cfa88cae266d3" }, "Version": "v0.25.4", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/cmdutils@v0.25.4", "Name": "github.com/go-openapi/swag/cmdutils", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/cmdutils@v0.25.4", "UID": "2af806a2aee41536" }, "Version": "v0.25.4", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/conv@v0.25.4", "Name": "github.com/go-openapi/swag/conv", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/conv@v0.25.4", "UID": "5eb68e80c62b4f65" }, "Version": "v0.25.4", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/fileutils@v0.25.4", "Name": "github.com/go-openapi/swag/fileutils", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/fileutils@v0.25.4", "UID": "cd629247d2cdb1b9" }, "Version": "v0.25.4", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/jsonname@v0.25.5", "Name": "github.com/go-openapi/swag/jsonname", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/jsonname@v0.25.5", "UID": "556c658f8b12ddaa" }, "Version": "v0.25.5", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/jsonutils@v0.25.4", "Name": "github.com/go-openapi/swag/jsonutils", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/jsonutils@v0.25.4", "UID": "5edee8b5d2e1332d" }, "Version": "v0.25.4", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/loading@v0.25.4", "Name": "github.com/go-openapi/swag/loading", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/loading@v0.25.4", "UID": "7081770a689ca782" }, "Version": "v0.25.4", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/mangling@v0.25.4", "Name": "github.com/go-openapi/swag/mangling", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/mangling@v0.25.4", "UID": "4b2fe08b54b9160" }, "Version": "v0.25.4", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/netutils@v0.25.4", "Name": "github.com/go-openapi/swag/netutils", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/netutils@v0.25.4", "UID": "41ed443d079b3458" }, "Version": "v0.25.4", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/stringutils@v0.25.4", "Name": "github.com/go-openapi/swag/stringutils", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/stringutils@v0.25.4", "UID": "d4a9b2626dcd8950" }, "Version": "v0.25.4", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/typeutils@v0.25.4", "Name": "github.com/go-openapi/swag/typeutils", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/typeutils@v0.25.4", "UID": "ae2ed0da3de57cf4" }, "Version": "v0.25.4", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/yamlutils@v0.25.4", "Name": "github.com/go-openapi/swag/yamlutils", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/yamlutils@v0.25.4", "UID": "72ff68c4ced798eb" }, "Version": "v0.25.4", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/validate@v0.25.1", "Name": "github.com/go-openapi/validate", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/validate@v0.25.1", "UID": "f703790b1015937c" }, "Version": "v0.25.1", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-resty/resty/v2@v2.17.2", "Name": "github.com/go-resty/resty/v2", "Identifier": { "PURL": "pkg:golang/github.com/go-resty/resty/v2@v2.17.2", "UID": "34fff996c6085313" }, "Version": "v2.17.2", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-viper/mapstructure/v2@v2.5.0", "Name": "github.com/go-viper/mapstructure/v2", "Identifier": { "PURL": "pkg:golang/github.com/go-viper/mapstructure/v2@v2.5.0", "UID": "29394103d28dd6c0" }, "Version": "v2.5.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-zookeeper/zk@v1.0.4", "Name": "github.com/go-zookeeper/zk", "Identifier": { "PURL": "pkg:golang/github.com/go-zookeeper/zk@v1.0.4", "UID": "9498346f908a4339" }, "Version": "v1.0.4", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/gogo/protobuf@v1.3.2", "Name": "github.com/gogo/protobuf", "Identifier": { "PURL": "pkg:golang/github.com/gogo/protobuf@v1.3.2", "UID": "a63a4123f1d1559d" }, "Version": "v1.3.2", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/golang-jwt/jwt/v5@v5.3.1", "Name": "github.com/golang-jwt/jwt/v5", "Identifier": { "PURL": "pkg:golang/github.com/golang-jwt/jwt/v5@v5.3.1", "UID": "5b03910302afe88" }, "Version": "v5.3.1", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/golang/snappy@v1.0.0", "Name": "github.com/golang/snappy", "Identifier": { "PURL": "pkg:golang/github.com/golang/snappy@v1.0.0", "UID": "13950d9e46fde8ae" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/gnostic-models@v0.7.0", "Name": "github.com/google/gnostic-models", "Identifier": { "PURL": "pkg:golang/github.com/google/gnostic-models@v0.7.0", "UID": "9b38fcac2b4fd808" }, "Version": "v0.7.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/go-cmp@v0.7.0", "Name": "github.com/google/go-cmp", "Identifier": { "PURL": "pkg:golang/github.com/google/go-cmp@v0.7.0", "UID": "5fd24d10be0a36db" }, "Version": "v0.7.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/go-querystring@v1.2.0", "Name": "github.com/google/go-querystring", "Identifier": { "PURL": "pkg:golang/github.com/google/go-querystring@v1.2.0", "UID": "752e7cc088ba43cb" }, "Version": "v1.2.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/pprof@v0.0.0-20260302011040-a15ffb7f9dcc", "Name": "github.com/google/pprof", "Identifier": { "PURL": "pkg:golang/github.com/google/pprof@v0.0.0-20260302011040-a15ffb7f9dcc", "UID": "369a136f7d89797" }, "Version": "v0.0.0-20260302011040-a15ffb7f9dcc", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/s2a-go@v0.1.9", "Name": "github.com/google/s2a-go", "Identifier": { "PURL": "pkg:golang/github.com/google/s2a-go@v0.1.9", "UID": "c20a08a96fdf05b1" }, "Version": "v0.1.9", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/uuid@v1.6.0", "Name": "github.com/google/uuid", "Identifier": { "PURL": "pkg:golang/github.com/google/uuid@v1.6.0", "UID": "5046cb984b810e3f" }, "Version": "v1.6.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/googleapis/enterprise-certificate-proxy@v0.3.14", "Name": "github.com/googleapis/enterprise-certificate-proxy", "Identifier": { "PURL": "pkg:golang/github.com/googleapis/enterprise-certificate-proxy@v0.3.14", "UID": "de15ddd696f07bdd" }, "Version": "v0.3.14", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/googleapis/gax-go/v2@v2.18.0", "Name": "github.com/googleapis/gax-go/v2", "Identifier": { "PURL": "pkg:golang/github.com/googleapis/gax-go/v2@v2.18.0", "UID": "e038d67809128422" }, "Version": "v2.18.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/gophercloud/gophercloud/v2@v2.11.1", "Name": "github.com/gophercloud/gophercloud/v2", "Identifier": { "PURL": "pkg:golang/github.com/gophercloud/gophercloud/v2@v2.11.1", "UID": "a7b3a2c33023e447" }, "Version": "v2.11.1", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/gorilla/websocket@v1.5.4-0.20250319132907-e064f32e3674", "Name": "github.com/gorilla/websocket", "Identifier": { "PURL": "pkg:golang/github.com/gorilla/websocket@v1.5.4-0.20250319132907-e064f32e3674", "UID": "c8ef014719f17acf" }, "Version": "v1.5.4-0.20250319132907-e064f32e3674", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/grafana/regexp@v0.0.0-20250905093917-f7b3be9d1853", "Name": "github.com/grafana/regexp", "Identifier": { "PURL": "pkg:golang/github.com/grafana/regexp@v0.0.0-20250905093917-f7b3be9d1853", "UID": "5096e4766939c39d" }, "Version": "v0.0.0-20250905093917-f7b3be9d1853", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/consul/api@v1.32.1", "Name": "github.com/hashicorp/consul/api", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/consul/api@v1.32.1", "UID": "a2a0f2b41e2ac05a" }, "Version": "v1.32.1", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/cronexpr@v1.1.3", "Name": "github.com/hashicorp/cronexpr", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/cronexpr@v1.1.3", "UID": "f54782361d2ac9d9" }, "Version": "v1.1.3", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/errwrap@v1.1.0", "Name": "github.com/hashicorp/errwrap", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/errwrap@v1.1.0", "UID": "c9afcb11d59991a3" }, "Version": "v1.1.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/go-cleanhttp@v0.5.2", "Name": "github.com/hashicorp/go-cleanhttp", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/go-cleanhttp@v0.5.2", "UID": "5719d6e21c8322c3" }, "Version": "v0.5.2", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/go-hclog@v1.6.3", "Name": "github.com/hashicorp/go-hclog", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/go-hclog@v1.6.3", "UID": "a9c66e8500db7802" }, "Version": "v1.6.3", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/go-immutable-radix@v1.3.1", "Name": "github.com/hashicorp/go-immutable-radix", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/go-immutable-radix@v1.3.1", "UID": "1063e6f4fdb7ce91" }, "Version": "v1.3.1", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/go-multierror@v1.1.1", "Name": "github.com/hashicorp/go-multierror", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/go-multierror@v1.1.1", "UID": "fc860262687018d" }, "Version": "v1.1.1", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/go-retryablehttp@v0.7.8", "Name": "github.com/hashicorp/go-retryablehttp", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/go-retryablehttp@v0.7.8", "UID": "bf7e60b1fdc55e78" }, "Version": "v0.7.8", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/go-rootcerts@v1.0.2", "Name": "github.com/hashicorp/go-rootcerts", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/go-rootcerts@v1.0.2", "UID": "76c53d49313ee03e" }, "Version": "v1.0.2", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/golang-lru@v0.6.0", "Name": "github.com/hashicorp/golang-lru", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/golang-lru@v0.6.0", "UID": "1fd086844f5a4cf2" }, "Version": "v0.6.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/nomad/api@v0.0.0-20260324203407-b27b0c2e019a", "Name": "github.com/hashicorp/nomad/api", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/nomad/api@v0.0.0-20260324203407-b27b0c2e019a", "UID": "48c5e63bda40463" }, "Version": "v0.0.0-20260324203407-b27b0c2e019a", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/serf@v0.10.1", "Name": "github.com/hashicorp/serf", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/serf@v0.10.1", "UID": "c68c5fe00339e2fc" }, "Version": "v0.10.1", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hetznercloud/hcloud-go/v2@v2.36.0", "Name": "github.com/hetznercloud/hcloud-go/v2", "Identifier": { "PURL": "pkg:golang/github.com/hetznercloud/hcloud-go/v2@v2.36.0", "UID": "af95876161495512" }, "Version": "v2.36.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/ionos-cloud/sdk-go/v6@v6.3.6", "Name": "github.com/ionos-cloud/sdk-go/v6", "Identifier": { "PURL": "pkg:golang/github.com/ionos-cloud/sdk-go/v6@v6.3.6", "UID": "682ec303e8888566" }, "Version": "v6.3.6", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/jpillora/backoff@v1.0.0", "Name": "github.com/jpillora/backoff", "Identifier": { "PURL": "pkg:golang/github.com/jpillora/backoff@v1.0.0", "UID": "5e2cca3aab777ef3" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/json-iterator/go@v1.1.12", "Name": "github.com/json-iterator/go", "Identifier": { "PURL": "pkg:golang/github.com/json-iterator/go@v1.1.12", "UID": "f7ce79647a739879" }, "Version": "v1.1.12", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/klauspost/compress@v1.18.5", "Name": "github.com/klauspost/compress", "Identifier": { "PURL": "pkg:golang/github.com/klauspost/compress@v1.18.5", "UID": "f2977256591cceea" }, "Version": "v1.18.5", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/kolo/xmlrpc@v0.0.0-20220921171641-a4b6fa1dd06b", "Name": "github.com/kolo/xmlrpc", "Identifier": { "PURL": "pkg:golang/github.com/kolo/xmlrpc@v0.0.0-20220921171641-a4b6fa1dd06b", "UID": "755f654f2d6cc3c5" }, "Version": "v0.0.0-20220921171641-a4b6fa1dd06b", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/kylelemons/godebug@v1.1.0", "Name": "github.com/kylelemons/godebug", "Identifier": { "PURL": "pkg:golang/github.com/kylelemons/godebug@v1.1.0", "UID": "f353e71f501288c6" }, "Version": "v1.1.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/linode/linodego@v1.66.0", "Name": "github.com/linode/linodego", "Identifier": { "PURL": "pkg:golang/github.com/linode/linodego@v1.66.0", "UID": "d304d7ebddb6a8bb" }, "Version": "v1.66.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mattn/go-colorable@v0.1.14", "Name": "github.com/mattn/go-colorable", "Identifier": { "PURL": "pkg:golang/github.com/mattn/go-colorable@v0.1.14", "UID": "603da16f8902c9a" }, "Version": "v0.1.14", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mattn/go-isatty@v0.0.20", "Name": "github.com/mattn/go-isatty", "Identifier": { "PURL": "pkg:golang/github.com/mattn/go-isatty@v0.0.20", "UID": "645cda8396af6d46" }, "Version": "v0.0.20", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mdlayher/socket@v0.4.1", "Name": "github.com/mdlayher/socket", "Identifier": { "PURL": "pkg:golang/github.com/mdlayher/socket@v0.4.1", "UID": "efab1140e00d43b1" }, "Version": "v0.4.1", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mdlayher/vsock@v1.2.1", "Name": "github.com/mdlayher/vsock", "Identifier": { "PURL": "pkg:golang/github.com/mdlayher/vsock@v1.2.1", "UID": "416b57b8e678a326" }, "Version": "v1.2.1", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/miekg/dns@v1.1.72", "Name": "github.com/miekg/dns", "Identifier": { "PURL": "pkg:golang/github.com/miekg/dns@v1.1.72", "UID": "d63ec140b079de46" }, "Version": "v1.1.72", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mitchellh/mapstructure@v1.5.0", "Name": "github.com/mitchellh/mapstructure", "Identifier": { "PURL": "pkg:golang/github.com/mitchellh/mapstructure@v1.5.0", "UID": "ac3f9cc3c8b5a81f" }, "Version": "v1.5.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/moby/docker-image-spec@v1.3.1", "Name": "github.com/moby/docker-image-spec", "Identifier": { "PURL": "pkg:golang/github.com/moby/docker-image-spec@v1.3.1", "UID": "5ee3977242078511" }, "Version": "v1.3.1", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", "Name": "github.com/modern-go/concurrent", "Identifier": { "PURL": "pkg:golang/github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", "UID": "bd652aed9e2f2543" }, "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/modern-go/reflect2@v1.0.3-0.20250322232337-35a7c28c31ee", "Name": "github.com/modern-go/reflect2", "Identifier": { "PURL": "pkg:golang/github.com/modern-go/reflect2@v1.0.3-0.20250322232337-35a7c28c31ee", "UID": "78b82030b0b4d24f" }, "Version": "v1.0.3-0.20250322232337-35a7c28c31ee", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", "Name": "github.com/munnerz/goautoneg", "Identifier": { "PURL": "pkg:golang/github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", "UID": "5e185b6d704352c5" }, "Version": "v0.0.0-20191010083416-a7dc8b61c822", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mwitkow/go-conntrack@v0.0.0-20190716064945-2f068394615f", "Name": "github.com/mwitkow/go-conntrack", "Identifier": { "PURL": "pkg:golang/github.com/mwitkow/go-conntrack@v0.0.0-20190716064945-2f068394615f", "UID": "969e509a56ae57a0" }, "Version": "v0.0.0-20190716064945-2f068394615f", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/nsf/jsondiff@v0.0.0-20260207060731-8e8d90c4c0ac", "Name": "github.com/nsf/jsondiff", "Identifier": { "PURL": "pkg:golang/github.com/nsf/jsondiff@v0.0.0-20260207060731-8e8d90c4c0ac", "UID": "4a0e93cccf3bf7ae" }, "Version": "v0.0.0-20260207060731-8e8d90c4c0ac", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/oklog/ulid/v2@v2.1.1", "Name": "github.com/oklog/ulid/v2", "Identifier": { "PURL": "pkg:golang/github.com/oklog/ulid/v2@v2.1.1", "UID": "84dbd75a84b166a7" }, "Version": "v2.1.1", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/opencontainers/go-digest@v1.0.0", "Name": "github.com/opencontainers/go-digest", "Identifier": { "PURL": "pkg:golang/github.com/opencontainers/go-digest@v1.0.0", "UID": "685678d60681d6d5" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/opencontainers/image-spec@v1.1.1", "Name": "github.com/opencontainers/image-spec", "Identifier": { "PURL": "pkg:golang/github.com/opencontainers/image-spec@v1.1.1", "UID": "72b4b5c13d22e9cf" }, "Version": "v1.1.1", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/ovh/go-ovh@v1.9.0", "Name": "github.com/ovh/go-ovh", "Identifier": { "PURL": "pkg:golang/github.com/ovh/go-ovh@v1.9.0", "UID": "be18c482a0d8401a" }, "Version": "v1.9.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/pkg/browser@v0.0.0-20240102092130-5ac0b6a4141c", "Name": "github.com/pkg/browser", "Identifier": { "PURL": "pkg:golang/github.com/pkg/browser@v0.0.0-20240102092130-5ac0b6a4141c", "UID": "9ce973c5f396113b" }, "Version": "v0.0.0-20240102092130-5ac0b6a4141c", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/pkg/errors@v0.9.1", "Name": "github.com/pkg/errors", "Identifier": { "PURL": "pkg:golang/github.com/pkg/errors@v0.9.1", "UID": "bec14694fe418f4b" }, "Version": "v0.9.1", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/pmezard/go-difflib@v1.0.1-0.20181226105442-5d4384ee4fb2", "Name": "github.com/pmezard/go-difflib", "Identifier": { "PURL": "pkg:golang/github.com/pmezard/go-difflib@v1.0.1-0.20181226105442-5d4384ee4fb2", "UID": "35c7c0d211c93451" }, "Version": "v1.0.1-0.20181226105442-5d4384ee4fb2", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/alertmanager@v0.31.1", "Name": "github.com/prometheus/alertmanager", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/alertmanager@v0.31.1", "UID": "dca05ecaf7fdb813" }, "Version": "v0.31.1", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/client_golang@v1.23.2", "Name": "github.com/prometheus/client_golang", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/client_golang@v1.23.2", "UID": "98140986d3125c4" }, "Version": "v1.23.2", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/client_golang/exp@v0.0.0-20260325093428-d8591d0db856", "Name": "github.com/prometheus/client_golang/exp", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/client_golang/exp@v0.0.0-20260325093428-d8591d0db856", "UID": "799a91315d4a6517" }, "Version": "v0.0.0-20260325093428-d8591d0db856", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/client_model@v0.6.2", "Name": "github.com/prometheus/client_model", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/client_model@v0.6.2", "UID": "32e28c300e237905" }, "Version": "v0.6.2", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/common@v0.67.5", "Name": "github.com/prometheus/common", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/common@v0.67.5", "UID": "b20176d88cedc0fc" }, "Version": "v0.67.5", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/exporter-toolkit@v0.15.1", "Name": "github.com/prometheus/exporter-toolkit", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/exporter-toolkit@v0.15.1", "UID": "214ef6c47a3efe4d" }, "Version": "v0.15.1", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/otlptranslator@v1.0.0", "Name": "github.com/prometheus/otlptranslator", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/otlptranslator@v1.0.0", "UID": "4086ce8f3b83d5a5" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/procfs@v0.16.1", "Name": "github.com/prometheus/procfs", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/procfs@v0.16.1", "UID": "74a6d135a224f952" }, "Version": "v0.16.1", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/sigv4@v0.4.1", "Name": "github.com/prometheus/sigv4", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/sigv4@v0.4.1", "UID": "2403fb69d3d46a0" }, "Version": "v0.4.1", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/scaleway/scaleway-sdk-go@v1.0.0-beta.36", "Name": "github.com/scaleway/scaleway-sdk-go", "Identifier": { "PURL": "pkg:golang/github.com/scaleway/scaleway-sdk-go@v1.0.0-beta.36", "UID": "b9f15f6b3cb77eda" }, "Version": "v1.0.0-beta.36", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/spf13/pflag@v1.0.10", "Name": "github.com/spf13/pflag", "Identifier": { "PURL": "pkg:golang/github.com/spf13/pflag@v1.0.10", "UID": "d77354f2cde984bb" }, "Version": "v1.0.10", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/stackitcloud/stackit-sdk-go/core@v0.23.0", "Name": "github.com/stackitcloud/stackit-sdk-go/core", "Identifier": { "PURL": "pkg:golang/github.com/stackitcloud/stackit-sdk-go/core@v0.23.0", "UID": "7a13fa55f6d160ba" }, "Version": "v0.23.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/stretchr/testify@v1.11.1", "Name": "github.com/stretchr/testify", "Identifier": { "PURL": "pkg:golang/github.com/stretchr/testify@v1.11.1", "UID": "8267de5762c61113" }, "Version": "v1.11.1", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/vultr/govultr/v3@v3.28.1", "Name": "github.com/vultr/govultr/v3", "Identifier": { "PURL": "pkg:golang/github.com/vultr/govultr/v3@v3.28.1", "UID": "c13994d3d519403" }, "Version": "v3.28.1", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/x448/float16@v0.8.4", "Name": "github.com/x448/float16", "Identifier": { "PURL": "pkg:golang/github.com/x448/float16@v0.8.4", "UID": "e8edad8a63ae7dff" }, "Version": "v0.8.4", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/xhit/go-str2duration/v2@v2.1.0", "Name": "github.com/xhit/go-str2duration/v2", "Identifier": { "PURL": "pkg:golang/github.com/xhit/go-str2duration/v2@v2.1.0", "UID": "4771c40d2d6263ab" }, "Version": "v2.1.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/auto/sdk@v1.2.1", "Name": "go.opentelemetry.io/auto/sdk", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/auto/sdk@v1.2.1", "UID": "b5a4694c42a71465" }, "Version": "v1.2.1", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace@v0.67.0", "Name": "go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/httptrace/otelhttptrace@v0.67.0", "UID": "446b1d7cf4ad8029" }, "Version": "v0.67.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.67.0", "Name": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.67.0", "UID": "5f8e9a73cfbc37d2" }, "Version": "v0.67.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/otel@v1.42.0", "Name": "go.opentelemetry.io/otel", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel@v1.42.0", "UID": "235b6069d80951d1" }, "Version": "v1.42.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/otel/metric@v1.42.0", "Name": "go.opentelemetry.io/otel/metric", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel/metric@v1.42.0", "UID": "c9a96520faeeefb8" }, "Version": "v1.42.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/otel/trace@v1.42.0", "Name": "go.opentelemetry.io/otel/trace", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel/trace@v1.42.0", "UID": "3354b9d148134d95" }, "Version": "v1.42.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "go.uber.org/atomic@v1.11.0", "Name": "go.uber.org/atomic", "Identifier": { "PURL": "pkg:golang/go.uber.org/atomic@v1.11.0", "UID": "652130737734cc4c" }, "Version": "v1.11.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "go.uber.org/goleak@v1.3.0", "Name": "go.uber.org/goleak", "Identifier": { "PURL": "pkg:golang/go.uber.org/goleak@v1.3.0", "UID": "7d5c43e409390fa3" }, "Version": "v1.3.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "go.yaml.in/yaml/v2@v2.4.4", "Name": "go.yaml.in/yaml/v2", "Identifier": { "PURL": "pkg:golang/go.yaml.in/yaml/v2@v2.4.4", "UID": "77cef8f014b9a00c" }, "Version": "v2.4.4", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "go.yaml.in/yaml/v3@v3.0.4", "Name": "go.yaml.in/yaml/v3", "Identifier": { "PURL": "pkg:golang/go.yaml.in/yaml/v3@v3.0.4", "UID": "2c00befa91894448" }, "Version": "v3.0.4", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/crypto@v0.49.0", "Name": "golang.org/x/crypto", "Identifier": { "PURL": "pkg:golang/golang.org/x/crypto@v0.49.0", "UID": "d8b4fc1045858fc3" }, "Version": "v0.49.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/exp@v0.0.0-20260218203240-3dfff04db8fa", "Name": "golang.org/x/exp", "Identifier": { "PURL": "pkg:golang/golang.org/x/exp@v0.0.0-20260218203240-3dfff04db8fa", "UID": "abbe45fb1568029f" }, "Version": "v0.0.0-20260218203240-3dfff04db8fa", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/net@v0.52.0", "Name": "golang.org/x/net", "Identifier": { "PURL": "pkg:golang/golang.org/x/net@v0.52.0", "UID": "f0a3df2274896330" }, "Version": "v0.52.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/oauth2@v0.36.0", "Name": "golang.org/x/oauth2", "Identifier": { "PURL": "pkg:golang/golang.org/x/oauth2@v0.36.0", "UID": "db510fbdaa57c39" }, "Version": "v0.36.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/sync@v0.20.0", "Name": "golang.org/x/sync", "Identifier": { "PURL": "pkg:golang/golang.org/x/sync@v0.20.0", "UID": "ee4175cd9ebce6e5" }, "Version": "v0.20.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/sys@v0.42.0", "Name": "golang.org/x/sys", "Identifier": { "PURL": "pkg:golang/golang.org/x/sys@v0.42.0", "UID": "17f820cc17295208" }, "Version": "v0.42.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/term@v0.41.0", "Name": "golang.org/x/term", "Identifier": { "PURL": "pkg:golang/golang.org/x/term@v0.41.0", "UID": "e9c3d837a267373a" }, "Version": "v0.41.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/text@v0.35.0", "Name": "golang.org/x/text", "Identifier": { "PURL": "pkg:golang/golang.org/x/text@v0.35.0", "UID": "492bd4b8cdf06f33" }, "Version": "v0.35.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/time@v0.15.0", "Name": "golang.org/x/time", "Identifier": { "PURL": "pkg:golang/golang.org/x/time@v0.15.0", "UID": "a3a3d23a843be29a" }, "Version": "v0.15.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/api@v0.272.0", "Name": "google.golang.org/api", "Identifier": { "PURL": "pkg:golang/google.golang.org/api@v0.272.0", "UID": "461997d33d0aa19e" }, "Version": "v0.272.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/genproto/googleapis/api@v0.0.0-20260319201613-d00831a3d3e7", "Name": "google.golang.org/genproto/googleapis/api", "Identifier": { "PURL": "pkg:golang/google.golang.org/genproto/googleapis/api@v0.0.0-20260319201613-d00831a3d3e7", "UID": "6fec123e3337ac9e" }, "Version": "v0.0.0-20260319201613-d00831a3d3e7", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/genproto/googleapis/rpc@v0.0.0-20260311181403-84a4fc48630c", "Name": "google.golang.org/genproto/googleapis/rpc", "Identifier": { "PURL": "pkg:golang/google.golang.org/genproto/googleapis/rpc@v0.0.0-20260311181403-84a4fc48630c", "UID": "f7b25317b4419de3" }, "Version": "v0.0.0-20260311181403-84a4fc48630c", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/grpc@v1.79.3", "Name": "google.golang.org/grpc", "Identifier": { "PURL": "pkg:golang/google.golang.org/grpc@v1.79.3", "UID": "9538ff12aaf80f5d" }, "Version": "v1.79.3", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/protobuf@v1.36.11", "Name": "google.golang.org/protobuf", "Identifier": { "PURL": "pkg:golang/google.golang.org/protobuf@v1.36.11", "UID": "bac098609d2bee59" }, "Version": "v1.36.11", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/evanphx/json-patch.v4@v4.13.0", "Name": "gopkg.in/evanphx/json-patch.v4", "Identifier": { "PURL": "pkg:golang/gopkg.in/evanphx/json-patch.v4@v4.13.0", "UID": "10a43444ac5a981a" }, "Version": "v4.13.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/inf.v0@v0.9.1", "Name": "gopkg.in/inf.v0", "Identifier": { "PURL": "pkg:golang/gopkg.in/inf.v0@v0.9.1", "UID": "be80991e913d94eb" }, "Version": "v0.9.1", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/ini.v1@v1.67.1", "Name": "gopkg.in/ini.v1", "Identifier": { "PURL": "pkg:golang/gopkg.in/ini.v1@v1.67.1", "UID": "b30361e1d870c8d1" }, "Version": "v1.67.1", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/yaml.v2@v2.4.0", "Name": "gopkg.in/yaml.v2", "Identifier": { "PURL": "pkg:golang/gopkg.in/yaml.v2@v2.4.0", "UID": "d2861ab098107375" }, "Version": "v2.4.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/yaml.v3@v3.0.1", "Name": "gopkg.in/yaml.v3", "Identifier": { "PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1", "UID": "9a9c4ec16bf3aa79" }, "Version": "v3.0.1", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/api@v0.35.3", "Name": "k8s.io/api", "Identifier": { "PURL": "pkg:golang/k8s.io/api@v0.35.3", "UID": "2b6ceb6ed76c4203" }, "Version": "v0.35.3", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/apimachinery@v0.35.3", "Name": "k8s.io/apimachinery", "Identifier": { "PURL": "pkg:golang/k8s.io/apimachinery@v0.35.3", "UID": "e3876e1fcf5e3fe1" }, "Version": "v0.35.3", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/client-go@v0.35.3", "Name": "k8s.io/client-go", "Identifier": { "PURL": "pkg:golang/k8s.io/client-go@v0.35.3", "UID": "bc4d021cf2bf1e74" }, "Version": "v0.35.3", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/klog/v2@v2.140.0", "Name": "k8s.io/klog/v2", "Identifier": { "PURL": "pkg:golang/k8s.io/klog/v2@v2.140.0", "UID": "e43aec84cb803bf8" }, "Version": "v2.140.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/kube-openapi@v0.0.0-20250910181357-589584f1c912", "Name": "k8s.io/kube-openapi", "Identifier": { "PURL": "pkg:golang/k8s.io/kube-openapi@v0.0.0-20250910181357-589584f1c912", "UID": "123c0ae5550a3c9" }, "Version": "v0.0.0-20250910181357-589584f1c912", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/utils@v0.0.0-20251002143259-bc988d571ff4", "Name": "k8s.io/utils", "Identifier": { "PURL": "pkg:golang/k8s.io/utils@v0.0.0-20251002143259-bc988d571ff4", "UID": "b3953eff4c6c2ce1" }, "Version": "v0.0.0-20251002143259-bc988d571ff4", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/json@v0.0.0-20250730193827-2d320260d730", "Name": "sigs.k8s.io/json", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/json@v0.0.0-20250730193827-2d320260d730", "UID": "a37f0c105b172677" }, "Version": "v0.0.0-20250730193827-2d320260d730", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/randfill@v1.0.0", "Name": "sigs.k8s.io/randfill", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/randfill@v1.0.0", "UID": "36a68e825ca55fc0" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/structured-merge-diff/v6@v6.3.0", "Name": "sigs.k8s.io/structured-merge-diff/v6", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/structured-merge-diff/v6@v6.3.0", "UID": "e11e8bc3e8b3e4b3" }, "Version": "v6.3.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/yaml@v1.6.0", "Name": "sigs.k8s.io/yaml", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/yaml@v1.6.0", "UID": "b4175798d22ec4cf" }, "Version": "v1.6.0", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "AnalyzedBy": "gobinary" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2026-34040", "VendorIDs": [ "GHSA-x744-4wpc-v9h2" ], "PkgID": "github.com/docker/docker@v28.5.2+incompatible", "PkgName": "github.com/docker/docker", "PkgIdentifier": { "PURL": "pkg:golang/github.com/docker/docker@v28.5.2%2Bincompatible", "UID": "f6d5f406fd53cd26" }, "InstalledVersion": "v28.5.2+incompatible", "FixedVersion": "29.3.1", "Status": "fixed", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34040", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:a69f5c780eafc020790aae57f94250ae50cf0719ad1af771d9b17cb9d2d93532", "Title": "Moby: Moby: Authorization bypass vulnerability", "Description": "Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1.", "Severity": "HIGH", "CweIDs": [ "CWE-288" ], "VendorSeverity": { "amazon": 3, "ghsa": 3, "nvd": 3, "photon": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 8.8 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "V3Score": 8.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-34040", "https://docs.docker.com/engine/extend/plugins_authorization", "https://github.com/moby/moby", "https://github.com/moby/moby/commit/e89edb19ad7de0407a5d31e3111cb01aa10b5a38", "https://github.com/moby/moby/releases/tag/docker-v29.3.1", "https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq", "https://github.com/moby/moby/security/advisories/GHSA-x744-4wpc-v9h2", "https://nvd.nist.gov/vuln/detail/CVE-2026-34040", "https://www.cve.org/CVERecord?id=CVE-2026-34040" ], "PublishedDate": "2026-03-31T03:15:57.883Z", "LastModifiedDate": "2026-04-03T16:51:28.67Z" }, { "VulnerabilityID": "CVE-2026-41567", "VendorIDs": [ "GHSA-x86f-5xw2-fm2r" ], "PkgID": "github.com/docker/docker@v28.5.2+incompatible", "PkgName": "github.com/docker/docker", "PkgIdentifier": { "PURL": "pkg:golang/github.com/docker/docker@v28.5.2%2Bincompatible", "UID": "f6d5f406fd53cd26" }, "InstalledVersion": "v28.5.2+incompatible", "Status": "affected", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-41567", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:1ebeb16f87582725997f95a8f929ea7a0beff53cae4b799fcf66df15a9b9a1bb", "Title": "Docker: `PUT /containers/{id}/archive` executes container binary on the host", "Description": "## Summary\n\nWhen a user uploads a compressed archive into a container, a malicious image can execute arbitrary code with daemon (host root) privileges.\n\n## Details\n\nWhen handling `PUT /containers/{id}/archive` requests with compressed archives, the daemon decompresses them using external system binaries. Due to incorrect ordering of operations, these binaries are resolved from the container's filesystem rather than the host's. A container image that includes a trojanized decompression binary can achieve code execution as the daemon process whenever a compressed archive is uploaded to that container.\n\nThe executed binary runs with the daemon's full privileges, including host root UID and unrestricted capabilities.\n\n## Impact\n\nArbitrary code execution as host root, crossing the container-to-host trust boundary.\n\n### Conditions for exploitation\n\n- A user must run a container from a malicious image that contains a trojanized decompression binary.\n- The user must then upload a compressed archive (xz or gzip) into that container, either by piping a compressed archive via `docker cp -` or by calling the `PUT /containers/{id}/archive` API directly with compressed content.\n\n### Not affected\n\nStandard `docker cp` usage is **not** affected, because the CLI sends uncompressed tar by default:\n\n```\ndocker cp ./file.txt mycontainer:/file.txt\n```\n\nThis can only be exploited when explicitly passing a xz or gzip-compressed archive to `docker cp` or the `PUT /containers/{id}/archive` API, for example:\n\n```\ncat archive.tar.xz | docker cp - mycontainer:/dir\n```\n\nDecompression formats using pure Go implementations (bzip2, zstd, and gzip when the container image does not contain an `unpigz` binary) are also not affected.\n\n## Workarounds\n\n- Only run containers from trusted images.\n- Use authorization plugins to limit access to the `PUT /containers/{id}/archive` endpoint.\n- Avoid piping compressed archives into containers created from untrusted images.", "Severity": "HIGH", "VendorSeverity": { "ghsa": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", "V3Score": 7.2 } }, "References": [ "https://github.com/moby/moby", "https://github.com/moby/moby/security/advisories/GHSA-x86f-5xw2-fm2r" ] }, { "VulnerabilityID": "CVE-2026-42306", "VendorIDs": [ "GHSA-rg2x-37c3-w2rh" ], "PkgID": "github.com/docker/docker@v28.5.2+incompatible", "PkgName": "github.com/docker/docker", "PkgIdentifier": { "PURL": "pkg:golang/github.com/docker/docker@v28.5.2%2Bincompatible", "UID": "f6d5f406fd53cd26" }, "InstalledVersion": "v28.5.2+incompatible", "Status": "affected", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42306", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:d86d959ae21edd9a75055d55361c2c4a25cf247cc2ed41b10c4289017811aacd", "Title": "Docker: Race condition in docker cp allows bind mount redirection to host path", "Description": "## Summary\n\nA race condition during `docker cp` mount setup allows a malicious container to redirect a bind mount target to an arbitrary host path, potentially overwriting host files or causing denial of service.\n\n## Details\n\nWhen copying files into a container, the daemon sets up a temporary filesystem view by bind-mounting volumes into a private mount namespace. During this setup, the mount destination is created inside the container root and then a bind mount is attached using the container-relative path resolved to an absolute host path.\n\nBetween mountpoint creation and the `mount()` syscall, a process running inside the container can replace the destination (or a parent path component) with a symlink pointing to an arbitrary location on the host. The `mount()` syscall follows the symlink, causing the volume to be bind-mounted onto an arbitrary host path instead of the intended container path.\n\n## Impact\n\nA malicious container can redirect a volume bind mount to an arbitrary host path. The impact depends on the volume content and mount options:\n\n- If the volume is writable, arbitrary host files at the redirected path could be overwritten with the volume's contents.\n- If the volume is read-only, the host path is masked by the mount for the duration of the operation, causing denial of service.\n- In all cases the mount is temporary (torn down after the `docker cp` completes), but the effects of any writes persist.\n\n### Conditions for exploitation\n\n- A container must have at least one volume mount.\n- A process inside the container must be able to rapidly create and swap symlinks at the volume mount destination path.\n- An operator must initiate a `docker cp` into that container, or call the `PUT /containers/{id}/archive` or `HEAD /containers/{id}/archive` API endpoints.\n\n### Not affected\n\n- Containers that do not have volume mounts are not affected, as the race occurs during volume bind-mount setup.\n\n## Workarounds\n\n- Only run containers from trusted images.\n- Avoid using `docker cp` with untrusted running containers.\n- Use authorization plugins to restrict access to the archive API endpoints (`PUT /containers/{id}/archive`, `HEAD /containers/{id}/archive`).", "Severity": "HIGH", "VendorSeverity": { "ghsa": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:H/A:H", "V3Score": 7.2 } }, "References": [ "https://github.com/moby/moby", "https://github.com/moby/moby/security/advisories/GHSA-rg2x-37c3-w2rh" ] }, { "VulnerabilityID": "CVE-2026-33997", "VendorIDs": [ "GHSA-pxq6-2prw-chj9" ], "PkgID": "github.com/docker/docker@v28.5.2+incompatible", "PkgName": "github.com/docker/docker", "PkgIdentifier": { "PURL": "pkg:golang/github.com/docker/docker@v28.5.2%2Bincompatible", "UID": "f6d5f406fd53cd26" }, "InstalledVersion": "v28.5.2+incompatible", "FixedVersion": "29.3.1", "Status": "fixed", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33997", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:6a8930c229e18aa12bc34e466123595ccaf2c88ed68d15fa12802e68b70a89ba", "Title": "moby: docker: github.com/moby/moby: Moby: Privilege validation bypass during plugin installation", "Description": "Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a privilege set that differs from the one approved by the user. Plugins that request exactly one privilege are also affected, because no comparison is performed at all. This issue has been patched in version 29.3.1.", "Severity": "MEDIUM", "CweIDs": [ "CWE-193" ], "VendorSeverity": { "amazon": 2, "ghsa": 2, "nvd": 3, "photon": 3, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "V3Score": 6.8 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", "V3Score": 8.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33997", "https://docs.docker.com/engine/extend/legacy_plugins", "https://github.com/moby/moby", "https://github.com/moby/moby/commit/f4d6f25bf0c3fa12d4968320a45685947756a22a", "https://github.com/moby/moby/releases/tag/docker-v29.3.1", "https://github.com/moby/moby/security/advisories/GHSA-pxq6-2prw-chj9", "https://nvd.nist.gov/vuln/detail/CVE-2026-33997", "https://www.cve.org/CVERecord?id=CVE-2026-33997" ], "PublishedDate": "2026-03-31T03:15:57.523Z", "LastModifiedDate": "2026-04-03T17:23:21.307Z" }, { "VulnerabilityID": "CVE-2026-41568", "VendorIDs": [ "GHSA-vp62-88p7-qqf5" ], "PkgID": "github.com/docker/docker@v28.5.2+incompatible", "PkgName": "github.com/docker/docker", "PkgIdentifier": { "PURL": "pkg:golang/github.com/docker/docker@v28.5.2%2Bincompatible", "UID": "f6d5f406fd53cd26" }, "InstalledVersion": "v28.5.2+incompatible", "Status": "affected", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-41568", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:63483ed8941d9fa7e086d1e6568d82f591751fa701dfcc89f8687ad707c582ab", "Title": "Docker: Race condition in docker cp allows creation of arbitrary empty files on the host via symlink swap", "Description": "## Summary\n\nA race condition during `docker cp` mount setup allows a malicious container to create empty files or directories at arbitrary absolute paths on the host filesystem.\n\nThis advisory covers the race during mountpoint creation. The related race during the subsequent mount syscall is tracked in GHSA-rg2x-37c3-w2rh\n\n## Details\n\nWhen copying files into a container, the daemon sets up a temporary filesystem view by bind-mounting volumes into a private mount namespace. During this setup, the mount destination path is first resolved within the container's root filesystem using `GetResourcePath`, and then used to create the mountpoint (file or directory) if it does not already exist via `createIfNotExists`.\n\nBetween path resolution and mountpoint creation, a process running inside the container can swap a path component for a symlink pointing to an arbitrary location on the host. Because `createIfNotExists` operates on the already-resolved absolute path using standard `os.MkdirAll` and `os.OpenFile` — which follow symlinks in intermediate path components — the symlink is followed and the file or directory is created outside the container root filesystem, as root.\n\n## Impact\n\nA malicious container can create empty files or directories at arbitrary absolute paths on the host filesystem, running as root. This enables persistent denial of service — for example:\n\n- Converting `/etc/docker/daemon.json` into a directory prevents the daemon from restarting\n- Creating `/etc/nologin` prevents user logins\n- Overwriting critical system paths with empty files can break host services\n\nThe container does not gain read or write access to existing host files — only the ability to create new empty files or directories at chosen paths.\n\n### Conditions for exploitation\n\n- A container must be running with a process that can rapidly create and swap symlinks at a volume mount destination path.\n- An operator must initiate a `docker cp` into that container, or call the `PUT /containers/{id}/archive` or `HEAD /containers/{id}/archive` API endpoints.\n\n### Not affected\n\n- Containers that do not have volume mounts are not affected, as the race occurs during volume bind-mount setup.\n\n## Patches\n\nMountpoint creation is now scoped to the container root using `os.Root` (Go 1.24+), which refuses to follow symlinks that escape the opened root directory. All filesystem operations in `createIfNotExists` (`MkdirAll`, `OpenFile`) are performed through the `os.Root` handle, so even if a symlink swap occurs after path resolution, the creation stays confined to the container root.\n\n## Workarounds\n\n- Only run containers from trusted images.\n- Avoid using `docker cp` with untrusted running containers.\n- Use authorization plugins to restrict access to the archive API endpoints (`PUT /containers/{id}/archive`, `HEAD /containers/{id}/archive`).", "Severity": "MEDIUM", "VendorSeverity": { "ghsa": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:L/A:H", "V3Score": 6 } }, "References": [ "https://github.com/moby/moby", "https://github.com/moby/moby/security/advisories/GHSA-vp62-88p7-qqf5" ] }, { "VulnerabilityID": "CVE-2026-33811", "VendorIDs": [ "GO-2026-4981" ], "PkgID": "stdlib@v1.26.2", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.26.2", "UID": "440e189b541082a8" }, "InstalledVersion": "v1.26.2", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:8286df652c372367cc47e349fd4dd40e79e381e442ce21887c844f56b573cbe0", "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", "Severity": "HIGH", "CweIDs": [ "CWE-415" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/767860", "https://go.dev/issue/78803", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", "https://pkg.go.dev/vuln/GO-2026-4981" ], "PublishedDate": "2026-05-07T20:16:42.77Z", "LastModifiedDate": "2026-05-12T20:23:02.333Z" }, { "VulnerabilityID": "CVE-2026-33814", "VendorIDs": [ "GO-2026-4918" ], "PkgID": "stdlib@v1.26.2", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.26.2", "UID": "440e189b541082a8" }, "InstalledVersion": "v1.26.2", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:e4d55cb3acc1af09d91e53d5bb74d024cc459f22dff12984a5699fb9509be06f", "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", "Severity": "HIGH", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/761581", "https://go.dev/cl/761640", "https://go.dev/issue/78476", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", "https://pkg.go.dev/vuln/GO-2026-4918" ], "PublishedDate": "2026-05-07T20:16:42.88Z", "LastModifiedDate": "2026-05-13T14:41:59.52Z" }, { "VulnerabilityID": "CVE-2026-39820", "VendorIDs": [ "GO-2026-4986" ], "PkgID": "stdlib@v1.26.2", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.26.2", "UID": "440e189b541082a8" }, "InstalledVersion": "v1.26.2", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:9718b2a412a691e106e40617bee1a2006c8867f5eedff481abece2655c36b000", "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/759940", "https://go.dev/issue/78566", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", "https://pkg.go.dev/vuln/GO-2026-4986" ], "PublishedDate": "2026-05-07T20:16:43.187Z", "LastModifiedDate": "2026-05-13T15:10:58.65Z" }, { "VulnerabilityID": "CVE-2026-39836", "VendorIDs": [ "GO-2026-4971" ], "PkgID": "stdlib@v1.26.2", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.26.2", "UID": "440e189b541082a8" }, "InstalledVersion": "v1.26.2", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:a071c44d7a386de4982e94bf05a3df1527bc3913d0fa83bf3fed5de62920ee29", "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/775320", "https://go.dev/issue/79006", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", "https://pkg.go.dev/vuln/GO-2026-4971" ], "PublishedDate": "2026-05-07T20:16:43.593Z", "LastModifiedDate": "2026-05-13T15:11:10.31Z" }, { "VulnerabilityID": "CVE-2026-42499", "VendorIDs": [ "GO-2026-4977" ], "PkgID": "stdlib@v1.26.2", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.26.2", "UID": "440e189b541082a8" }, "InstalledVersion": "v1.26.2", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:6c855783318e465ac2825cdf95b514e29f3b6c98ecf0640eb43151808c49a545", "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", "Severity": "HIGH", "VendorSeverity": { "bitnami": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/771520", "https://go.dev/issue/78987", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", "https://pkg.go.dev/vuln/GO-2026-4977" ], "PublishedDate": "2026-05-07T20:16:44.54Z", "LastModifiedDate": "2026-05-13T16:59:17.563Z" }, { "VulnerabilityID": "CVE-2026-39823", "VendorIDs": [ "GO-2026-4982" ], "PkgID": "stdlib@v1.26.2", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.26.2", "UID": "440e189b541082a8" }, "InstalledVersion": "v1.26.2", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:2ff284418bc6da71e1f2aed722c5fe4cb292c7ada6c1b969844a7be6cdc66313", "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/769920", "https://go.dev/issue/78913", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", "https://pkg.go.dev/vuln/GO-2026-4982" ], "PublishedDate": "2026-05-07T20:16:43.29Z", "LastModifiedDate": "2026-05-13T16:58:45.697Z" }, { "VulnerabilityID": "CVE-2026-39825", "VendorIDs": [ "GO-2026-4976" ], "PkgID": "stdlib@v1.26.2", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.26.2", "UID": "440e189b541082a8" }, "InstalledVersion": "v1.26.2", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:22282fe67ca4da77644da52ed227ab287de1560f49379cbf0083799a75669722", "Title": "ReverseProxy can forward queries containing parameters not visible to ...", "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", "Severity": "MEDIUM", "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://go.dev/cl/770541", "https://go.dev/issue/78948", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", "https://pkg.go.dev/vuln/GO-2026-4976" ], "PublishedDate": "2026-05-07T20:16:43.39Z", "LastModifiedDate": "2026-05-13T16:58:56.39Z" }, { "VulnerabilityID": "CVE-2026-39826", "VendorIDs": [ "GO-2026-4980" ], "PkgID": "stdlib@v1.26.2", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.26.2", "UID": "440e189b541082a8" }, "InstalledVersion": "v1.26.2", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:f591ea4658bdc9d1433a2f9a03c18198eb45bd009517f6f3b75ae7b7baaa0c12", "DiffID": "sha256:f531ecda0bc66dc8d824f2b727034a8baaf9a55e375405359c00504e07b3b39a" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:906fcdfd682f817fea49c5a83db74096755d1ec72e040a3dbd2493cd99176407", "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", "Severity": "MEDIUM", "CweIDs": [ "CWE-116" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/771180", "https://go.dev/issue/78981", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", "https://pkg.go.dev/vuln/GO-2026-4980" ], "PublishedDate": "2026-05-07T20:16:43.49Z", "LastModifiedDate": "2026-05-13T16:59:07.48Z" } ] } ] }, { "Namespace": "proxy", "Kind": "Deployment", "Name": "proxy", "Metadata": [ { "Size": 100374016, "OS": { "Family": "alpine", "Name": "3.20.3", "EOSL": true }, "ImageID": "sha256:373cc84d6ce9052d80e22a8c80f1c2a80a66eb5982a2dcc020af13e7d5520439", "DiffIDs": [ "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33", "sha256:8cf796425b7c1aeb4db19c2affb3e8d833cbad96e0b47d693b2ff19276400368", "sha256:799b24214ac2010c522653a3ba544da09a3ea51fb09fda7f60ca77b378b7a451", "sha256:1e9ddb120aa5a56687ddde743fba8a3da4c427a38935482869582e94c6b73ae8", "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746", "sha256:1636f1be3bfe0cb31548ddfc2af2d6a2a3f43b039e8eeebedce33033bbeb5efb", "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a", "sha256:2f00568f63073659c16e501b74cc9a288bf09def94387087e5866ffab2958516" ], "RepoTags": [ "linuxserver/wireguard:1.0.20210914-r4-ls54" ], "RepoDigests": [ "linuxserver/wireguard@sha256:366b3fb35663fcc58991a7681c2d714465b61de0e99f0ed32d1903213ef900de" ], "Reference": "linuxserver/wireguard:1.0.20210914-r4-ls54", "ImageConfig": { "architecture": "amd64", "created": "2024-10-03T11:28:28.684432957Z", "history": [ { "created": "2024-09-28T13:38:40.331226732Z", "created_by": "COPY /root-out/ / # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2024-09-28T13:38:40.40557434Z", "created_by": "ARG BUILD_DATE=2024-09-28T13:36:59+00:00", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2024-09-28T13:38:40.40557434Z", "created_by": "ARG VERSION=2a6ecb14-ls14", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2024-09-28T13:38:40.40557434Z", "created_by": "ARG MODS_VERSION=v3", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2024-09-28T13:38:40.40557434Z", "created_by": "ARG PKG_INST_VERSION=v1", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2024-09-28T13:38:40.40557434Z", "created_by": "ARG LSIOWN_VERSION=v1", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2024-09-28T13:38:40.40557434Z", "created_by": "LABEL build_version=Linuxserver.io version:- 2a6ecb14-ls14 Build-date:- 2024-09-28T13:36:59+00:00", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2024-09-28T13:38:40.40557434Z", "created_by": "LABEL maintainer=TheLamer", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2024-09-28T13:38:40.40557434Z", "created_by": "ADD --chmod=755 https://raw.githubusercontent.com/linuxserver/docker-mods/mod-scripts/docker-mods.v3 /docker-mods # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2024-09-28T13:38:40.449099667Z", "created_by": "ADD --chmod=755 https://raw.githubusercontent.com/linuxserver/docker-mods/mod-scripts/package-install.v1 /etc/s6-overlay/s6-rc.d/init-mods-package-install/run # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2024-09-28T13:38:40.480697404Z", "created_by": "ADD --chmod=755 https://raw.githubusercontent.com/linuxserver/docker-mods/mod-scripts/lsiown.v1 /usr/bin/lsiown # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2024-09-28T13:38:40.480697404Z", "created_by": "ENV PS1=$(whoami)@$(hostname):$(pwd)\\$ HOME=/root TERM=xterm S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0 S6_VERBOSITY=1 S6_STAGE2_HOOK=/docker-mods VIRTUAL_ENV=/lsiopy PATH=/lsiopy/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2024-09-28T13:38:42.461191Z", "created_by": "RUN |5 BUILD_DATE=2024-09-28T13:36:59+00:00 VERSION=2a6ecb14-ls14 MODS_VERSION=v3 PKG_INST_VERSION=v1 LSIOWN_VERSION=v1 /bin/sh -c echo \"**** install runtime packages ****\" \u0026\u0026 apk add --no-cache alpine-release bash ca-certificates catatonit coreutils curl findutils jq netcat-openbsd procps-ng shadow tzdata \u0026\u0026 echo \"**** create abc user and make our folders ****\" \u0026\u0026 groupmod -g 1000 users \u0026\u0026 useradd -u 911 -U -d /config -s /bin/false abc \u0026\u0026 usermod -G users abc \u0026\u0026 mkdir -p /app /config /defaults /lsiopy \u0026\u0026 echo \"**** cleanup ****\" \u0026\u0026 rm -rf /tmp/* # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2024-09-28T13:38:42.53035672Z", "created_by": "COPY root/ / # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2024-09-28T13:38:42.53035672Z", "created_by": "ENTRYPOINT [\"/init\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2024-10-03T11:28:28.643277213Z", "created_by": "ENV LSIO_FIRST_PARTY=true", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2024-10-03T11:28:28.643277213Z", "created_by": "ARG BUILD_DATE=2024-10-03T11:27:04+00:00", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2024-10-03T11:28:28.643277213Z", "created_by": "ARG VERSION=1.0.20210914-r4-ls54", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2024-10-03T11:28:28.643277213Z", "created_by": "ARG WIREGUARD_RELEASE", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2024-10-03T11:28:28.643277213Z", "created_by": "LABEL build_version=Linuxserver.io version:- 1.0.20210914-r4-ls54 Build-date:- 2024-10-03T11:27:04+00:00", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2024-10-03T11:28:28.643277213Z", "created_by": "LABEL maintainer=thespad", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2024-10-03T11:28:28.643277213Z", "created_by": "RUN |3 BUILD_DATE=2024-10-03T11:27:04+00:00 VERSION=1.0.20210914-r4-ls54 WIREGUARD_RELEASE= /bin/sh -c echo \"**** install dependencies ****\" \u0026\u0026 apk add --no-cache bc coredns grep iproute2 iptables iptables-legacy ip6tables iputils kmod libcap-utils libqrencode-tools net-tools openresolv wireguard-tools \u0026\u0026 echo \"wireguard\" \u003e\u003e /etc/modules \u0026\u0026 cd /sbin \u0026\u0026 for i in ! !-save !-restore; do rm -rf iptables$(echo \"${i}\" | cut -c2-) \u0026\u0026 rm -rf ip6tables$(echo \"${i}\" | cut -c2-) \u0026\u0026 ln -s iptables-legacy$(echo \"${i}\" | cut -c2-) iptables$(echo \"${i}\" | cut -c2-) \u0026\u0026 ln -s ip6tables-legacy$(echo \"${i}\" | cut -c2-) ip6tables$(echo \"${i}\" | cut -c2-); done \u0026\u0026 sed -i 's|\\[\\[ $proto == -4 \\]\\] \u0026\u0026 cmd sysctl -q net\\.ipv4\\.conf\\.all\\.src_valid_mark=1|[[ $proto == -4 ]] \\\u0026\\\u0026 [[ $(sysctl -n net.ipv4.conf.all.src_valid_mark) != 1 ]] \\\u0026\\\u0026 cmd sysctl -q net.ipv4.conf.all.src_valid_mark=1|' /usr/bin/wg-quick \u0026\u0026 rm -rf /etc/wireguard \u0026\u0026 ln -s /config/wg_confs /etc/wireguard \u0026\u0026 printf \"Linuxserver.io version: ${VERSION}\\nBuild-date: ${BUILD_DATE}\" \u003e /build_version \u0026\u0026 echo \"**** clean up ****\" \u0026\u0026 rm -rf /tmp/* # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2024-10-03T11:28:28.684432957Z", "created_by": "COPY /root / # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2024-10-03T11:28:28.684432957Z", "created_by": "EXPOSE map[51820/udp:{}]", "comment": "buildkit.dockerfile.v0", "empty_layer": true } ], "os": "linux", "rootfs": { "type": "layers", "diff_ids": [ "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33", "sha256:8cf796425b7c1aeb4db19c2affb3e8d833cbad96e0b47d693b2ff19276400368", "sha256:799b24214ac2010c522653a3ba544da09a3ea51fb09fda7f60ca77b378b7a451", "sha256:1e9ddb120aa5a56687ddde743fba8a3da4c427a38935482869582e94c6b73ae8", "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746", "sha256:1636f1be3bfe0cb31548ddfc2af2d6a2a3f43b039e8eeebedce33033bbeb5efb", "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a", "sha256:2f00568f63073659c16e501b74cc9a288bf09def94387087e5866ffab2958516" ] }, "config": { "Entrypoint": [ "/init" ], "Env": [ "PATH=/lsiopy/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "PS1=$(whoami)@$(hostname):$(pwd)\\$ ", "HOME=/root", "TERM=xterm", "S6_CMD_WAIT_FOR_SERVICES_MAXTIME=0", "S6_VERBOSITY=1", "S6_STAGE2_HOOK=/docker-mods", "VIRTUAL_ENV=/lsiopy", "LSIO_FIRST_PARTY=true" ], "Labels": { "build_version": "Linuxserver.io version:- 1.0.20210914-r4-ls54 Build-date:- 2024-10-03T11:27:04+00:00", "maintainer": "thespad", "org.opencontainers.image.authors": "linuxserver.io", "org.opencontainers.image.created": "2024-10-03T11:27:04+00:00", "org.opencontainers.image.description": "[WireGuard®](https://www.wireguard.com/) is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec, while avoiding the massive headache. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN for running on embedded interfaces and super computers alike, fit for many different circumstances. Initially released for the Linux kernel, it is now cross-platform (Windows, macOS, BSD, iOS, Android) and widely deployable. It is currently under heavy development, but already it might be regarded as the most secure, easiest to use, and simplest VPN solution in the industry.", "org.opencontainers.image.documentation": "https://docs.linuxserver.io/images/docker-wireguard", "org.opencontainers.image.licenses": "GPL-3.0-only", "org.opencontainers.image.ref.name": "b4f31ddcf8373009a86a723b3ec2e3662c82b535", "org.opencontainers.image.revision": "b4f31ddcf8373009a86a723b3ec2e3662c82b535", "org.opencontainers.image.source": "https://github.com/linuxserver/docker-wireguard", "org.opencontainers.image.title": "Wireguard", "org.opencontainers.image.url": "https://github.com/linuxserver/docker-wireguard/packages", "org.opencontainers.image.vendor": "linuxserver.io", "org.opencontainers.image.version": "1.0.20210914-r4-ls54" }, "WorkingDir": "/", "ExposedPorts": { "51820/udp": {} } } }, "Layers": [ { "Size": 13608960, "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, { "Size": 27136, "Digest": "sha256:df25a931801a3f099815b275c9959fb0ab6affd88255040d202d9317338dea43", "DiffID": "sha256:8cf796425b7c1aeb4db19c2affb3e8d833cbad96e0b47d693b2ff19276400368" }, { "Size": 8192, "Digest": "sha256:ab0ddebe54a67a1fcdf3f9536a9e869be50b5205d556c8a646496a8e1ca6a048", "DiffID": "sha256:799b24214ac2010c522653a3ba544da09a3ea51fb09fda7f60ca77b378b7a451" }, { "Size": 3584, "Digest": "sha256:19f39f464468ce65076a4d16a10067f5c016e48ed60b7576328a4b89d79b9ed7", "DiffID": "sha256:1e9ddb120aa5a56687ddde743fba8a3da4c427a38935482869582e94c6b73ae8" }, { "Size": 14794240, "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, { "Size": 74240, "Digest": "sha256:339ecd878087fb7b73b438de330b942245fe18c8275fc5bedc34e1542b91eca9", "DiffID": "sha256:1636f1be3bfe0cb31548ddfc2af2d6a2a3f43b039e8eeebedce33033bbeb5efb" }, { "Size": 71812608, "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, { "Size": 45056, "Digest": "sha256:fcae2373559cdc79d2a5f9e0cde437c82fddde7061e711dd5b1cf66de0a76f22", "DiffID": "sha256:2f00568f63073659c16e501b74cc9a288bf09def94387087e5866ffab2958516" } ] } ], "Results": [ { "Target": "linuxserver/wireguard:1.0.20210914-r4-ls54 (alpine 3.20.3)", "Class": "os-pkgs", "Type": "alpine", "Packages": [ { "ID": "alpine-baselayout@3.6.5-r0", "Name": "alpine-baselayout", "Identifier": { "PURL": "pkg:apk/alpine/alpine-baselayout@3.6.5-r0?arch=x86_64\u0026distro=3.20.3", "UID": "f831425e4ab9f6ea" }, "Version": "3.6.5-r0", "Arch": "x86_64", "SrcName": "alpine-baselayout", "SrcVersion": "3.6.5-r0", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "alpine-baselayout-data@3.6.5-r0", "busybox-binsh@1.36.1-r29" ], "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "Digest": "sha1:a8a719fa3db7c6cb005e681086438ef1d1e76d6c", "InstalledFiles": [ "etc/motd", "etc/crontabs/root", "etc/modprobe.d/aliases.conf", "etc/modprobe.d/blacklist.conf", "etc/modprobe.d/i386.conf", "etc/modprobe.d/kms.conf", "etc/profile.d/20locale.sh", "etc/profile.d/README", "etc/profile.d/color_prompt.sh.disabled", "lib/sysctl.d/00-alpine.conf", "var/run", "var/spool/mail", "var/spool/cron/crontabs" ], "AnalyzedBy": "apk" }, { "ID": "alpine-baselayout-data@3.6.5-r0", "Name": "alpine-baselayout-data", "Identifier": { "PURL": "pkg:apk/alpine/alpine-baselayout-data@3.6.5-r0?arch=x86_64\u0026distro=3.20.3", "UID": "85afdab525a9fa9b" }, "Version": "3.6.5-r0", "Arch": "x86_64", "SrcName": "alpine-baselayout", "SrcVersion": "3.6.5-r0", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "Digest": "sha1:ee68a6fb02f7e62304b428b0404a2fc1e2fc353d", "InstalledFiles": [ "etc/fstab", "etc/group", "etc/hostname", "etc/hosts", "etc/inittab", "etc/modules", "etc/mtab", "etc/nsswitch.conf", "etc/passwd", "etc/profile", "etc/protocols", "etc/services", "etc/shadow", "etc/shells", "etc/sysctl.conf" ], "AnalyzedBy": "apk" }, { "ID": "alpine-keys@2.4-r1", "Name": "alpine-keys", "Identifier": { "PURL": "pkg:apk/alpine/alpine-keys@2.4-r1?arch=x86_64\u0026distro=3.20.3", "UID": "b576915115d327d5" }, "Version": "2.4-r1", "Arch": "x86_64", "SrcName": "alpine-keys", "SrcVersion": "2.4-r1", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "Digest": "sha1:78ab5150a3919e474204e0f91972d1cf0a344f9d", "InstalledFiles": [ "etc/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", "usr/share/apk/keys/mips64/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub" ], "AnalyzedBy": "apk" }, { "ID": "alpine-release@3.20.3-r0", "Name": "alpine-release", "Identifier": { "PURL": "pkg:apk/alpine/alpine-release@3.20.3-r0?arch=x86_64\u0026distro=3.20.3", "UID": "77afb69bae9a106b" }, "Version": "3.20.3-r0", "Arch": "x86_64", "SrcName": "alpine-base", "SrcVersion": "3.20.3-r0", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "alpine-keys@2.4-r1" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:c56929e1a65a8322cff95f5766591fafd09aed9e", "InstalledFiles": [ "etc/alpine-release", "etc/issue", "etc/os-release", "etc/secfixes.d/alpine" ], "AnalyzedBy": "apk" }, { "ID": "apk-tools@2.14.4-r0", "Name": "apk-tools", "Identifier": { "PURL": "pkg:apk/alpine/apk-tools@2.14.4-r0?arch=x86_64\u0026distro=3.20.3", "UID": "53f26058667c8622" }, "Version": "2.14.4-r0", "Arch": "x86_64", "SrcName": "apk-tools", "SrcVersion": "2.14.4-r0", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "ca-certificates-bundle@20240705-r0", "libcrypto3@3.3.2-r0", "libssl3@3.3.2-r0", "musl@1.2.5-r0", "zlib@1.3.1-r1" ], "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "Digest": "sha1:a8c5ec2451b123ac57e39b0cb6ceccdaf26d5099", "InstalledFiles": [ "lib/libapk.so.2.14.0", "sbin/apk" ], "AnalyzedBy": "apk" }, { "ID": "bash@5.2.26-r0", "Name": "bash", "Identifier": { "PURL": "pkg:apk/alpine/bash@5.2.26-r0?arch=x86_64\u0026distro=3.20.3", "UID": "fd910c89ac2ef2b5" }, "Version": "5.2.26-r0", "Arch": "x86_64", "SrcName": "bash", "SrcVersion": "5.2.26-r0", "Licenses": [ "GPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "busybox-binsh@1.36.1-r29", "musl@1.2.5-r0", "readline@8.2.10-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:4fbc9b6abbbb735f61cbd80d59b40d75d5a2c853", "InstalledFiles": [ "bin/bash", "etc/bash/bashrc", "etc/profile.d/00-bashrc.sh", "usr/lib/bash/accept", "usr/lib/bash/basename", "usr/lib/bash/csv", "usr/lib/bash/cut", "usr/lib/bash/dirname", "usr/lib/bash/dsv", "usr/lib/bash/fdflags", "usr/lib/bash/finfo", "usr/lib/bash/getconf", "usr/lib/bash/head", "usr/lib/bash/id", "usr/lib/bash/ln", "usr/lib/bash/logname", "usr/lib/bash/mkdir", "usr/lib/bash/mkfifo", "usr/lib/bash/mktemp", "usr/lib/bash/mypid", "usr/lib/bash/pathchk", "usr/lib/bash/print", "usr/lib/bash/printenv", "usr/lib/bash/push", "usr/lib/bash/realpath", "usr/lib/bash/rm", "usr/lib/bash/rmdir", "usr/lib/bash/seq", "usr/lib/bash/setpgid", "usr/lib/bash/sleep", "usr/lib/bash/stat", "usr/lib/bash/strftime", "usr/lib/bash/sync", "usr/lib/bash/tee", "usr/lib/bash/truefalse", "usr/lib/bash/tty", "usr/lib/bash/uname", "usr/lib/bash/unlink", "usr/lib/bash/whoami" ], "AnalyzedBy": "apk" }, { "ID": "bc@1.07.1-r4", "Name": "bc", "Identifier": { "PURL": "pkg:apk/alpine/bc@1.07.1-r4?arch=x86_64\u0026distro=3.20.3", "UID": "23a0fb72a9dd6e2" }, "Version": "1.07.1-r4", "Arch": "x86_64", "SrcName": "bc", "SrcVersion": "1.07.1-r4", "Licenses": [ "GPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0", "readline@8.2.10-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:5845bbf3f89b03778a7629ce23dc9d692bafa364", "InstalledFiles": [ "usr/bin/bc", "usr/bin/dc" ], "AnalyzedBy": "apk" }, { "ID": "brotli-libs@1.1.0-r2", "Name": "brotli-libs", "Identifier": { "PURL": "pkg:apk/alpine/brotli-libs@1.1.0-r2?arch=x86_64\u0026distro=3.20.3", "UID": "5d43ec95bd9b8f91" }, "Version": "1.1.0-r2", "Arch": "x86_64", "SrcName": "brotli", "SrcVersion": "1.1.0-r2", "Licenses": [ "MIT" ], "Maintainer": "prspkt \u003cprspkt@protonmail.com\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:bc58ba1128a8703ca7ab3d7097a07bf095d9ddcd", "InstalledFiles": [ "usr/lib/libbrotlicommon.so.1", "usr/lib/libbrotlicommon.so.1.1.0", "usr/lib/libbrotlidec.so.1", "usr/lib/libbrotlidec.so.1.1.0", "usr/lib/libbrotlienc.so.1", "usr/lib/libbrotlienc.so.1.1.0" ], "AnalyzedBy": "apk" }, { "ID": "busybox@1.36.1-r29", "Name": "busybox", "Identifier": { "PURL": "pkg:apk/alpine/busybox@1.36.1-r29?arch=x86_64\u0026distro=3.20.3", "UID": "9dbf157a22e0026b" }, "Version": "1.36.1-r29", "Arch": "x86_64", "SrcName": "busybox", "SrcVersion": "1.36.1-r29", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "Digest": "sha1:c98f2584c17556181e8098247177ea68d69b0c9c", "InstalledFiles": [ "bin/busybox", "etc/securetty", "etc/busybox-paths.d/busybox", "etc/logrotate.d/acpid", "etc/network/if-up.d/dad", "etc/udhcpc/udhcpc.conf", "usr/share/udhcpc/default.script" ], "AnalyzedBy": "apk" }, { "ID": "busybox-binsh@1.36.1-r29", "Name": "busybox-binsh", "Identifier": { "PURL": "pkg:apk/alpine/busybox-binsh@1.36.1-r29?arch=x86_64\u0026distro=3.20.3", "UID": "4c63f123e59f14cd" }, "Version": "1.36.1-r29", "Arch": "x86_64", "SrcName": "busybox", "SrcVersion": "1.36.1-r29", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", "DependsOn": [ "busybox@1.36.1-r29" ], "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "Digest": "sha1:8758e1e06605e5818449aff862e105b80b6f34bf", "InstalledFiles": [ "bin/sh" ], "AnalyzedBy": "apk" }, { "ID": "c-ares@1.33.1-r0", "Name": "c-ares", "Identifier": { "PURL": "pkg:apk/alpine/c-ares@1.33.1-r0?arch=x86_64\u0026distro=3.20.3", "UID": "4248b5f3df939df6" }, "Version": "1.33.1-r0", "Arch": "x86_64", "SrcName": "c-ares", "SrcVersion": "1.33.1-r0", "Licenses": [ "MIT" ], "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:53a5a70bfac8242c69a0c0e46fbdf16648e4cfd7", "InstalledFiles": [ "usr/lib/libcares.so.2", "usr/lib/libcares.so.2.18.1" ], "AnalyzedBy": "apk" }, { "ID": "ca-certificates@20240705-r0", "Name": "ca-certificates", "Identifier": { "PURL": "pkg:apk/alpine/ca-certificates@20240705-r0?arch=x86_64\u0026distro=3.20.3", "UID": "17625b661ccac1a8" }, "Version": "20240705-r0", "Arch": "x86_64", "SrcName": "ca-certificates", "SrcVersion": "20240705-r0", "Licenses": [ "MPL-2.0", "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "busybox-binsh@1.36.1-r29", "libcrypto3@3.3.2-r0", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:f87752f100dc5cd7cd220fb0acc7ef2a8dce64ec", "InstalledFiles": [ "etc/ca-certificates.conf", "etc/apk/protected_paths.d/ca-certificates.list", "etc/ca-certificates/update.d/certhash", "usr/bin/c_rehash", "usr/sbin/update-ca-certificates", "usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt", "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt", "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt", "usr/share/ca-certificates/mozilla/ANF_Secure_Server_Root_CA.crt", "usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt", "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt", "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.crt", "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.crt", "usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt", "usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA1.crt", "usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA2.crt", "usr/share/ca-certificates/mozilla/Baltimore_CyberTrust_Root.crt", "usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt", "usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt", "usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt", "usr/share/ca-certificates/mozilla/CFCA_EV_ROOT.crt", "usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Certainly_Root_E1.crt", "usr/share/ca-certificates/mozilla/Certainly_Root_R1.crt", "usr/share/ca-certificates/mozilla/Certigna.crt", "usr/share/ca-certificates/mozilla/Certigna_Root_CA.crt", "usr/share/ca-certificates/mozilla/Certum_EC-384_CA.crt", "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt", "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt", "usr/share/ca-certificates/mozilla/Certum_Trusted_Root_CA.crt", "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-01.crt", "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-02.crt", "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-01.crt", "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-02.crt", "usr/share/ca-certificates/mozilla/Comodo_AAA_Services_root.crt", "usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_1_2020.crt", "usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_1_2020.crt", "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt", "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt", "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt", "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt", "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt", "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt", "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt", "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt", "usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt", "usr/share/ca-certificates/mozilla/DigiCert_TLS_ECC_P384_Root_G5.crt", "usr/share/ca-certificates/mozilla/DigiCert_TLS_RSA4096_Root_G5.crt", "usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt", "usr/share/ca-certificates/mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt", "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt", "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G4.crt", "usr/share/ca-certificates/mozilla/FIRMAPROFESIONAL_CA_ROOT-A_WEB.crt", "usr/share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R1.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R2.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R3.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R4.crt", "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt", "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_E46.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_R46.crt", "usr/share/ca-certificates/mozilla/Go_Daddy_Class_2_CA.crt", "usr/share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/HARICA_TLS_ECC_Root_CA_2021.crt", "usr/share/ca-certificates/mozilla/HARICA_TLS_RSA_Root_CA_2021.crt", "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt", "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt", "usr/share/ca-certificates/mozilla/HiPKI_Root_CA_-_G1.crt", "usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt", "usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt", "usr/share/ca-certificates/mozilla/ISRG_Root_X2.crt", "usr/share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt", "usr/share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt", "usr/share/ca-certificates/mozilla/Izenpe.com.crt", "usr/share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt", "usr/share/ca-certificates/mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt", "usr/share/ca-certificates/mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt", "usr/share/ca-certificates/mozilla/NAVER_Global_Root_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt", "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt", "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt", "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt", "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt", "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt", "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt", "usr/share/ca-certificates/mozilla/SSL.com_TLS_ECC_Root_CA_2022.crt", "usr/share/ca-certificates/mozilla/SSL.com_TLS_RSA_Root_CA_2022.crt", "usr/share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt", "usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_E46.crt", "usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_R46.crt", "usr/share/ca-certificates/mozilla/SecureSign_RootCA11.crt", "usr/share/ca-certificates/mozilla/SecureTrust_CA.crt", "usr/share/ca-certificates/mozilla/Secure_Global_CA.crt", "usr/share/ca-certificates/mozilla/Security_Communication_ECC_RootCA1.crt", "usr/share/ca-certificates/mozilla/Security_Communication_RootCA2.crt", "usr/share/ca-certificates/mozilla/Security_Communication_RootCA3.crt", "usr/share/ca-certificates/mozilla/Starfield_Class_2_CA.crt", "usr/share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt", "usr/share/ca-certificates/mozilla/SwissSign_Silver_CA_-_G2.crt", "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt", "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt", "usr/share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt", "usr/share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt", "usr/share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Telekom_Security_TLS_ECC_Root_2020.crt", "usr/share/ca-certificates/mozilla/Telekom_Security_TLS_RSA_Root_2023.crt", "usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt", "usr/share/ca-certificates/mozilla/Telia_Root_CA_v2.crt", "usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G3.crt", "usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G4.crt", "usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/TunTrust_Root_CA.crt", "usr/share/ca-certificates/mozilla/UCA_Extended_Validation_Root.crt", "usr/share/ca-certificates/mozilla/UCA_Global_G2_Root.crt", "usr/share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/XRamp_Global_CA_Root.crt", "usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt", "usr/share/ca-certificates/mozilla/certSIGN_Root_CA_G2.crt", "usr/share/ca-certificates/mozilla/e-Szigno_Root_CA_2017.crt", "usr/share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_C3.crt", "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_G3.crt", "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_C1.crt", "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_G1.crt", "usr/share/ca-certificates/mozilla/vTrus_ECC_Root_CA.crt", "usr/share/ca-certificates/mozilla/vTrus_Root_CA.crt" ], "AnalyzedBy": "apk" }, { "ID": "ca-certificates-bundle@20240705-r0", "Name": "ca-certificates-bundle", "Identifier": { "PURL": "pkg:apk/alpine/ca-certificates-bundle@20240705-r0?arch=x86_64\u0026distro=3.20.3", "UID": "3eee7d032ad5ff1a" }, "Version": "20240705-r0", "Arch": "x86_64", "SrcName": "ca-certificates", "SrcVersion": "20240705-r0", "Licenses": [ "MPL-2.0", "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "Digest": "sha1:a927e8d0fd49c6cff7692a115ce237ed1bd62894", "InstalledFiles": [ "etc/ssl/cert.pem", "etc/ssl/certs/ca-certificates.crt", "etc/ssl1.1/cert.pem", "etc/ssl1.1/certs" ], "AnalyzedBy": "apk" }, { "ID": "catatonit@0.2.0-r0", "Name": "catatonit", "Identifier": { "PURL": "pkg:apk/alpine/catatonit@0.2.0-r0?arch=x86_64\u0026distro=3.20.3", "UID": "def5b7093e46f779" }, "Version": "0.2.0-r0", "Arch": "x86_64", "SrcName": "catatonit", "SrcVersion": "0.2.0-r0", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Michał Polański \u003cmichal@polanski.me\u003e", "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:a70336616355d8a7a3958e9047690f9c4803e158", "InstalledFiles": [ "usr/bin/catatonit", "usr/libexec/podman/catatonit" ], "AnalyzedBy": "apk" }, { "ID": "coredns@1.11.1-r9", "Name": "coredns", "Identifier": { "PURL": "pkg:apk/alpine/coredns@1.11.1-r9?arch=x86_64\u0026distro=3.20.3", "UID": "b4571c5dd52cb45d" }, "Version": "1.11.1-r9", "Arch": "x86_64", "SrcName": "coredns", "SrcVersion": "1.11.1-r9", "Licenses": [ "Apache-2.0" ], "Maintainer": "Mark Pashmfouroush \u003cmark@markpash.me\u003e", "DependsOn": [ "busybox-binsh@1.36.1-r29", "musl@1.2.5-r0", "unbound-libs@1.20.0-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:8bcef7f97e9d63be2e0e8369bb12336148aa9c49", "InstalledFiles": [ "etc/logrotate.d/coredns", "usr/bin/coredns" ], "AnalyzedBy": "apk" }, { "ID": "coreutils@9.5-r1", "Name": "coreutils", "Identifier": { "PURL": "pkg:apk/alpine/coreutils@9.5-r1?arch=x86_64\u0026distro=3.20.3", "UID": "9b1e19fe4f22a77e" }, "Version": "9.5-r1", "Arch": "x86_64", "SrcName": "coreutils", "SrcVersion": "9.5-r1", "Licenses": [ "GPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "busybox-binsh@1.36.1-r29", "coreutils-env@9.5-r1", "coreutils-fmt@9.5-r1", "coreutils-sha512sum@9.5-r1", "libacl@2.3.2-r0", "libattr@2.5.2-r0", "libcrypto3@3.3.2-r0", "musl@1.2.5-r0", "utmps-libs@0.1.2.2-r1" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:db95b051914f9628b6dfa966ae44e2c3f7166a34", "InstalledFiles": [ "bin/base64", "bin/cat", "bin/chgrp", "bin/chmod", "bin/chown", "bin/cp", "bin/date", "bin/dd", "bin/df", "bin/echo", "bin/false", "bin/ln", "bin/ls", "bin/mkdir", "bin/mknod", "bin/mktemp", "bin/mv", "bin/nice", "bin/printenv", "bin/pwd", "bin/rm", "bin/rmdir", "bin/sleep", "bin/stat", "bin/stty", "bin/sync", "bin/touch", "bin/true", "bin/uname", "usr/bin/[", "usr/bin/b2sum", "usr/bin/base32", "usr/bin/basename", "usr/bin/basenc", "usr/bin/chcon", "usr/bin/cksum", "usr/bin/comm", "usr/bin/coreutils", "usr/bin/csplit", "usr/bin/cut", "usr/bin/dir", "usr/bin/dircolors", "usr/bin/dirname", "usr/bin/du", "usr/bin/expand", "usr/bin/expr", "usr/bin/factor", "usr/bin/fold", "usr/bin/head", "usr/bin/hostid", "usr/bin/id", "usr/bin/install", "usr/bin/join", "usr/bin/link", "usr/bin/logname", "usr/bin/md5sum", "usr/bin/mkfifo", "usr/bin/nl", "usr/bin/nohup", "usr/bin/nproc", "usr/bin/numfmt", "usr/bin/od", "usr/bin/paste", "usr/bin/pathchk", "usr/bin/pinky", "usr/bin/pr", "usr/bin/printf", "usr/bin/ptx", "usr/bin/readlink", "usr/bin/realpath", "usr/bin/runcon", "usr/bin/seq", "usr/bin/sha1sum", "usr/bin/sha224sum", "usr/bin/sha256sum", "usr/bin/sha384sum", "usr/bin/shred", "usr/bin/shuf", "usr/bin/sort", "usr/bin/split", "usr/bin/stdbuf", "usr/bin/sum", "usr/bin/tac", "usr/bin/tail", "usr/bin/tee", "usr/bin/test", "usr/bin/timeout", "usr/bin/tr", "usr/bin/truncate", "usr/bin/tsort", "usr/bin/tty", "usr/bin/unexpand", "usr/bin/uniq", "usr/bin/unlink", "usr/bin/users", "usr/bin/vdir", "usr/bin/wc", "usr/bin/who", "usr/bin/whoami", "usr/bin/yes", "usr/libexec/coreutils/libstdbuf.so", "usr/sbin/chroot" ], "AnalyzedBy": "apk" }, { "ID": "coreutils-env@9.5-r1", "Name": "coreutils-env", "Identifier": { "PURL": "pkg:apk/alpine/coreutils-env@9.5-r1?arch=x86_64\u0026distro=3.20.3", "UID": "ada6b68ffa41274d" }, "Version": "9.5-r1", "Arch": "x86_64", "SrcName": "coreutils", "SrcVersion": "9.5-r1", "Licenses": [ "GPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:cdda6e18d01984c0cfd3a4f18be2772f7c92b6e5", "InstalledFiles": [ "usr/bin/env" ], "AnalyzedBy": "apk" }, { "ID": "coreutils-fmt@9.5-r1", "Name": "coreutils-fmt", "Identifier": { "PURL": "pkg:apk/alpine/coreutils-fmt@9.5-r1?arch=x86_64\u0026distro=3.20.3", "UID": "310e73e52c943d35" }, "Version": "9.5-r1", "Arch": "x86_64", "SrcName": "coreutils", "SrcVersion": "9.5-r1", "Licenses": [ "GPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:63bdcf190a57d58c3f9dd1d7c2932b9927086b76", "InstalledFiles": [ "usr/bin/fmt" ], "AnalyzedBy": "apk" }, { "ID": "coreutils-sha512sum@9.5-r1", "Name": "coreutils-sha512sum", "Identifier": { "PURL": "pkg:apk/alpine/coreutils-sha512sum@9.5-r1?arch=x86_64\u0026distro=3.20.3", "UID": "b7d05cd9913379f3" }, "Version": "9.5-r1", "Arch": "x86_64", "SrcName": "coreutils", "SrcVersion": "9.5-r1", "Licenses": [ "GPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libcrypto3@3.3.2-r0", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:11a4c5db93f9d6f84b54b7f3b1f6227db8d35420", "InstalledFiles": [ "usr/bin/sha512sum" ], "AnalyzedBy": "apk" }, { "ID": "curl@8.9.1-r2", "Name": "curl", "Identifier": { "PURL": "pkg:apk/alpine/curl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", "UID": "3590c6e28b7cc208" }, "Version": "8.9.1-r2", "Arch": "x86_64", "SrcName": "curl", "SrcVersion": "8.9.1-r2", "Licenses": [ "curl" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libcurl@8.9.1-r2", "musl@1.2.5-r0", "zlib@1.3.1-r1" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:2a4b115a7fd1c8180708f71ae319308ffb1eee0d", "InstalledFiles": [ "usr/bin/curl" ], "AnalyzedBy": "apk" }, { "ID": "findutils@4.9.0-r5", "Name": "findutils", "Identifier": { "PURL": "pkg:apk/alpine/findutils@4.9.0-r5?arch=x86_64\u0026distro=3.20.3", "UID": "895d07a512653278" }, "Version": "4.9.0-r5", "Arch": "x86_64", "SrcName": "findutils", "SrcVersion": "4.9.0-r5", "Licenses": [ "GPL-3.0-or-later" ], "Maintainer": "Michael Mason \u003cms13sp@gmail.com\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:9f33bd1b173b7164905b88cb5f31b8cd208031bf", "InstalledFiles": [ "usr/bin/find", "usr/bin/xargs" ], "AnalyzedBy": "apk" }, { "ID": "grep@3.11-r0", "Name": "grep", "Identifier": { "PURL": "pkg:apk/alpine/grep@3.11-r0?arch=x86_64\u0026distro=3.20.3", "UID": "27e3ce194d349dd2" }, "Version": "3.11-r0", "Arch": "x86_64", "SrcName": "grep", "SrcVersion": "3.11-r0", "Licenses": [ "GPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0", "pcre2@10.43-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:af0146702fdff30812908c4a6ea007da0e66e54f", "InstalledFiles": [ "bin/egrep", "bin/fgrep", "bin/grep" ], "AnalyzedBy": "apk" }, { "ID": "iproute2@6.9.0-r0", "Name": "iproute2", "Identifier": { "PURL": "pkg:apk/alpine/iproute2@6.9.0-r0?arch=x86_64\u0026distro=3.20.3", "UID": "dbf5c47b541c8fb3" }, "Version": "6.9.0-r0", "Arch": "x86_64", "SrcName": "iproute2", "SrcVersion": "6.9.0-r0", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "busybox-binsh@1.36.1-r29", "iproute2-minimal@6.9.0-r0", "iproute2-ss@6.9.0-r0", "iproute2-tc@6.9.0-r0", "libcap2@2.70-r0", "libmnl@1.0.5-r2", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:c61e61589360afecd6134600fb8da0dd4afd3deb", "InstalledFiles": [ "sbin/bridge", "sbin/ctstat", "sbin/genl", "sbin/ifstat", "sbin/lnstat", "sbin/nstat", "sbin/routel", "sbin/rtacct", "sbin/rtmon", "sbin/rtstat" ], "AnalyzedBy": "apk" }, { "ID": "iproute2-minimal@6.9.0-r0", "Name": "iproute2-minimal", "Identifier": { "PURL": "pkg:apk/alpine/iproute2-minimal@6.9.0-r0?arch=x86_64\u0026distro=3.20.3", "UID": "19c3070ab9981b5d" }, "Version": "6.9.0-r0", "Arch": "x86_64", "SrcName": "iproute2", "SrcVersion": "6.9.0-r0", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libcap2@2.70-r0", "libelf@0.191-r0", "libmnl@1.0.5-r2", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:bbed2277bad93f8cb2f265814225c5a9a148b222", "InstalledFiles": [ "sbin/ip", "usr/share/iproute2/bpf_pinning", "usr/share/iproute2/ematch_map", "usr/share/iproute2/group", "usr/share/iproute2/nl_protos", "usr/share/iproute2/rt_dsfield", "usr/share/iproute2/rt_protos", "usr/share/iproute2/rt_realms", "usr/share/iproute2/rt_scopes", "usr/share/iproute2/rt_tables" ], "AnalyzedBy": "apk" }, { "ID": "iproute2-ss@6.9.0-r0", "Name": "iproute2-ss", "Identifier": { "PURL": "pkg:apk/alpine/iproute2-ss@6.9.0-r0?arch=x86_64\u0026distro=3.20.3", "UID": "ce3157d6b7f793c7" }, "Version": "6.9.0-r0", "Arch": "x86_64", "SrcName": "iproute2", "SrcVersion": "6.9.0-r0", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libcap2@2.70-r0", "libmnl@1.0.5-r2", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:5c562a5e764b55c92ad3f363980b442fbf7db2e2", "InstalledFiles": [ "sbin/ss" ], "AnalyzedBy": "apk" }, { "ID": "iproute2-tc@6.9.0-r0", "Name": "iproute2-tc", "Identifier": { "PURL": "pkg:apk/alpine/iproute2-tc@6.9.0-r0?arch=x86_64\u0026distro=3.20.3", "UID": "1dbfc76aa5be1ed3" }, "Version": "6.9.0-r0", "Arch": "x86_64", "SrcName": "iproute2", "SrcVersion": "6.9.0-r0", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libcap2@2.70-r0", "libelf@0.191-r0", "libmnl@1.0.5-r2", "libxtables@1.8.10-r3", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:bd55f18d1e0e626ebc32a6db124ff015fcc0fcad", "InstalledFiles": [ "sbin/tc", "usr/lib/tc/experimental.dist", "usr/lib/tc/normal.dist", "usr/lib/tc/pareto.dist", "usr/lib/tc/paretonormal.dist" ], "AnalyzedBy": "apk" }, { "ID": "iptables@1.8.10-r3", "Name": "iptables", "Identifier": { "PURL": "pkg:apk/alpine/iptables@1.8.10-r3?arch=x86_64\u0026distro=3.20.3", "UID": "9f102aa6e7718fb6" }, "Version": "1.8.10-r3", "Arch": "x86_64", "SrcName": "iptables", "SrcVersion": "1.8.10-r3", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "busybox-binsh@1.36.1-r29", "libmnl@1.0.5-r2", "libnftnl@1.2.6-r0", "libxtables@1.8.10-r3", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:a4bc81e3f91510205018e0166d4ce93507f572c8", "InstalledFiles": [ "etc/ethertypes", "sbin/arptables", "sbin/arptables-nft", "sbin/arptables-nft-restore", "sbin/arptables-nft-save", "sbin/arptables-restore", "sbin/arptables-save", "sbin/ebtables", "sbin/ebtables-nft", "sbin/ebtables-nft-restore", "sbin/ebtables-nft-save", "sbin/ebtables-restore", "sbin/ebtables-save", "sbin/ebtables-translate", "sbin/ip6tables", "sbin/ip6tables-apply", "sbin/ip6tables-nft", "sbin/ip6tables-nft-restore", "sbin/ip6tables-nft-save", "sbin/ip6tables-restore", "sbin/ip6tables-restore-translate", "sbin/ip6tables-save", "sbin/ip6tables-translate", "sbin/iptables", "sbin/iptables-apply", "sbin/iptables-nft", "sbin/iptables-nft-restore", "sbin/iptables-nft-save", "sbin/iptables-restore", "sbin/iptables-restore-translate", "sbin/iptables-save", "sbin/iptables-translate", "sbin/xtables-monitor", "sbin/xtables-nft-multi", "usr/lib/xtables/libarpt_mangle.so", "usr/lib/xtables/libebt_802_3.so", "usr/lib/xtables/libebt_among.so", "usr/lib/xtables/libebt_arp.so", "usr/lib/xtables/libebt_arpreply.so", "usr/lib/xtables/libebt_dnat.so", "usr/lib/xtables/libebt_ip.so", "usr/lib/xtables/libebt_ip6.so", "usr/lib/xtables/libebt_log.so", "usr/lib/xtables/libebt_mark.so", "usr/lib/xtables/libebt_mark_m.so", "usr/lib/xtables/libebt_nflog.so", "usr/lib/xtables/libebt_pkttype.so", "usr/lib/xtables/libebt_redirect.so", "usr/lib/xtables/libebt_snat.so", "usr/lib/xtables/libebt_stp.so", "usr/lib/xtables/libebt_vlan.so", "usr/lib/xtables/libip6t_DNPT.so", "usr/lib/xtables/libip6t_HL.so", "usr/lib/xtables/libip6t_NETMAP.so", "usr/lib/xtables/libip6t_REJECT.so", "usr/lib/xtables/libip6t_SNPT.so", "usr/lib/xtables/libip6t_ah.so", "usr/lib/xtables/libip6t_dst.so", "usr/lib/xtables/libip6t_eui64.so", "usr/lib/xtables/libip6t_frag.so", "usr/lib/xtables/libip6t_hbh.so", "usr/lib/xtables/libip6t_hl.so", "usr/lib/xtables/libip6t_icmp6.so", "usr/lib/xtables/libip6t_ipv6header.so", "usr/lib/xtables/libip6t_mh.so", "usr/lib/xtables/libip6t_rt.so", "usr/lib/xtables/libip6t_srh.so", "usr/lib/xtables/libipt_CLUSTERIP.so", "usr/lib/xtables/libipt_ECN.so", "usr/lib/xtables/libipt_NETMAP.so", "usr/lib/xtables/libipt_REJECT.so", "usr/lib/xtables/libipt_TTL.so", "usr/lib/xtables/libipt_ULOG.so", "usr/lib/xtables/libipt_ah.so", "usr/lib/xtables/libipt_icmp.so", "usr/lib/xtables/libipt_realm.so", "usr/lib/xtables/libipt_ttl.so", "usr/lib/xtables/libxt_AUDIT.so", "usr/lib/xtables/libxt_CHECKSUM.so", "usr/lib/xtables/libxt_CLASSIFY.so", "usr/lib/xtables/libxt_CONNMARK.so", "usr/lib/xtables/libxt_CONNSECMARK.so", "usr/lib/xtables/libxt_CT.so", "usr/lib/xtables/libxt_DNAT.so", "usr/lib/xtables/libxt_DSCP.so", "usr/lib/xtables/libxt_HMARK.so", "usr/lib/xtables/libxt_IDLETIMER.so", "usr/lib/xtables/libxt_LED.so", "usr/lib/xtables/libxt_LOG.so", "usr/lib/xtables/libxt_MARK.so", "usr/lib/xtables/libxt_MASQUERADE.so", "usr/lib/xtables/libxt_NAT.so", "usr/lib/xtables/libxt_NFLOG.so", "usr/lib/xtables/libxt_NFQUEUE.so", "usr/lib/xtables/libxt_NOTRACK.so", "usr/lib/xtables/libxt_RATEEST.so", "usr/lib/xtables/libxt_REDIRECT.so", "usr/lib/xtables/libxt_SECMARK.so", "usr/lib/xtables/libxt_SET.so", "usr/lib/xtables/libxt_SNAT.so", "usr/lib/xtables/libxt_SYNPROXY.so", "usr/lib/xtables/libxt_TCPMSS.so", "usr/lib/xtables/libxt_TCPOPTSTRIP.so", "usr/lib/xtables/libxt_TEE.so", "usr/lib/xtables/libxt_TOS.so", "usr/lib/xtables/libxt_TPROXY.so", "usr/lib/xtables/libxt_TRACE.so", "usr/lib/xtables/libxt_addrtype.so", "usr/lib/xtables/libxt_bpf.so", "usr/lib/xtables/libxt_cgroup.so", "usr/lib/xtables/libxt_cluster.so", "usr/lib/xtables/libxt_comment.so", "usr/lib/xtables/libxt_connbytes.so", "usr/lib/xtables/libxt_connlimit.so", "usr/lib/xtables/libxt_connmark.so", "usr/lib/xtables/libxt_conntrack.so", "usr/lib/xtables/libxt_cpu.so", "usr/lib/xtables/libxt_dccp.so", "usr/lib/xtables/libxt_devgroup.so", "usr/lib/xtables/libxt_dscp.so", "usr/lib/xtables/libxt_ecn.so", "usr/lib/xtables/libxt_esp.so", "usr/lib/xtables/libxt_hashlimit.so", "usr/lib/xtables/libxt_helper.so", "usr/lib/xtables/libxt_ipcomp.so", "usr/lib/xtables/libxt_iprange.so", "usr/lib/xtables/libxt_ipvs.so", "usr/lib/xtables/libxt_length.so", "usr/lib/xtables/libxt_limit.so", "usr/lib/xtables/libxt_mac.so", "usr/lib/xtables/libxt_mark.so", "usr/lib/xtables/libxt_multiport.so", "usr/lib/xtables/libxt_nfacct.so", "usr/lib/xtables/libxt_osf.so", "usr/lib/xtables/libxt_owner.so", "usr/lib/xtables/libxt_physdev.so", "usr/lib/xtables/libxt_pkttype.so", "usr/lib/xtables/libxt_policy.so", "usr/lib/xtables/libxt_quota.so", "usr/lib/xtables/libxt_rateest.so", "usr/lib/xtables/libxt_recent.so", "usr/lib/xtables/libxt_rpfilter.so", "usr/lib/xtables/libxt_sctp.so", "usr/lib/xtables/libxt_set.so", "usr/lib/xtables/libxt_socket.so", "usr/lib/xtables/libxt_standard.so", "usr/lib/xtables/libxt_state.so", "usr/lib/xtables/libxt_statistic.so", "usr/lib/xtables/libxt_string.so", "usr/lib/xtables/libxt_tcp.so", "usr/lib/xtables/libxt_tcpmss.so", "usr/lib/xtables/libxt_time.so", "usr/lib/xtables/libxt_tos.so", "usr/lib/xtables/libxt_u32.so", "usr/lib/xtables/libxt_udp.so", "usr/share/xtables/iptables.xslt" ], "AnalyzedBy": "apk" }, { "ID": "iptables-legacy@1.8.10-r3", "Name": "iptables-legacy", "Identifier": { "PURL": "pkg:apk/alpine/iptables-legacy@1.8.10-r3?arch=x86_64\u0026distro=3.20.3", "UID": "21184db795b7fbff" }, "Version": "1.8.10-r3", "Arch": "x86_64", "SrcName": "iptables", "SrcVersion": "1.8.10-r3", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libip4tc@1.8.10-r3", "libip6tc@1.8.10-r3", "libxtables@1.8.10-r3", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:7455abb73317d7e992f8590cac0166922d7f96b4", "InstalledFiles": [ "sbin/ip6tables-legacy", "sbin/ip6tables-legacy-restore", "sbin/ip6tables-legacy-save", "sbin/iptables-legacy", "sbin/iptables-legacy-restore", "sbin/iptables-legacy-save", "sbin/xtables-legacy-multi", "usr/bin/iptables-xml" ], "AnalyzedBy": "apk" }, { "ID": "iputils@20240117-r0", "Name": "iputils", "Identifier": { "PURL": "pkg:apk/alpine/iputils@20240117-r0?arch=x86_64\u0026distro=3.20.3", "UID": "5c4776212e1969ec" }, "Version": "20240117-r0", "Arch": "x86_64", "SrcName": "iputils", "SrcVersion": "20240117-r0", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "iputils-arping@20240117-r0", "iputils-clockdiff@20240117-r0", "iputils-ping@20240117-r0", "iputils-tracepath@20240117-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:b39e39ae31e5cd4633267f337741c32834ea1293", "AnalyzedBy": "apk" }, { "ID": "iputils-arping@20240117-r0", "Name": "iputils-arping", "Identifier": { "PURL": "pkg:apk/alpine/iputils-arping@20240117-r0?arch=x86_64\u0026distro=3.20.3", "UID": "b3ff37a971d0df9b" }, "Version": "20240117-r0", "Arch": "x86_64", "SrcName": "iputils", "SrcVersion": "20240117-r0", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libcap2@2.70-r0", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:dc4a98cc56e312ee02c7ed28ae86d682f05f9ac9", "InstalledFiles": [ "usr/sbin/arping" ], "AnalyzedBy": "apk" }, { "ID": "iputils-clockdiff@20240117-r0", "Name": "iputils-clockdiff", "Identifier": { "PURL": "pkg:apk/alpine/iputils-clockdiff@20240117-r0?arch=x86_64\u0026distro=3.20.3", "UID": "ce3e815897ad006a" }, "Version": "20240117-r0", "Arch": "x86_64", "SrcName": "iputils", "SrcVersion": "20240117-r0", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libcap2@2.70-r0", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:d7e78c70bf179f70f129758c2e4c59e91228aca5", "InstalledFiles": [ "usr/sbin/clockdiff" ], "AnalyzedBy": "apk" }, { "ID": "iputils-ping@20240117-r0", "Name": "iputils-ping", "Identifier": { "PURL": "pkg:apk/alpine/iputils-ping@20240117-r0?arch=x86_64\u0026distro=3.20.3", "UID": "88fd811ce687ea71" }, "Version": "20240117-r0", "Arch": "x86_64", "SrcName": "iputils", "SrcVersion": "20240117-r0", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libcap2@2.70-r0", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:ea41b4dc2da620da895c18d8dbf791b70e2a6bd1", "InstalledFiles": [ "bin/ping", "bin/ping6" ], "AnalyzedBy": "apk" }, { "ID": "iputils-tracepath@20240117-r0", "Name": "iputils-tracepath", "Identifier": { "PURL": "pkg:apk/alpine/iputils-tracepath@20240117-r0?arch=x86_64\u0026distro=3.20.3", "UID": "b5f8bd1ce890fdd9" }, "Version": "20240117-r0", "Arch": "x86_64", "SrcName": "iputils", "SrcVersion": "20240117-r0", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:04ab8a74626348da18b329a8aaf12d41bdfe34bb", "InstalledFiles": [ "usr/sbin/tracepath", "usr/sbin/tracepath6" ], "AnalyzedBy": "apk" }, { "ID": "jq@1.7.1-r0", "Name": "jq", "Identifier": { "PURL": "pkg:apk/alpine/jq@1.7.1-r0?arch=x86_64\u0026distro=3.20.3", "UID": "a85e7d55b2203540" }, "Version": "1.7.1-r0", "Arch": "x86_64", "SrcName": "jq", "SrcVersion": "1.7.1-r0", "Licenses": [ "MIT" ], "Maintainer": "Patrycja Rosa \u003calpine@ptrcnull.me\u003e", "DependsOn": [ "musl@1.2.5-r0", "oniguruma@6.9.9-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:db874e07e38cd4863d8cf235966dbb713eb0bc4c", "InstalledFiles": [ "usr/bin/jq", "usr/lib/libjq.so.1", "usr/lib/libjq.so.1.0.4" ], "AnalyzedBy": "apk" }, { "ID": "kmod@32-r0", "Name": "kmod", "Identifier": { "PURL": "pkg:apk/alpine/kmod@32-r0?arch=x86_64\u0026distro=3.20.3", "UID": "399102bb7b20c1a6" }, "Version": "32-r0", "Arch": "x86_64", "SrcName": "kmod", "SrcVersion": "32-r0", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "busybox-binsh@1.36.1-r29", "libcrypto3@3.3.2-r0", "musl@1.2.5-r0", "xz-libs@5.6.2-r0", "zlib@1.3.1-r1", "zstd-libs@1.5.6-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:2c573c8376a20498a8e870af2aaf02e462caf785", "InstalledFiles": [ "bin/depmod", "bin/insmod", "bin/kmod", "bin/lsmod", "bin/modinfo", "bin/modprobe", "bin/rmmod", "sbin/depmod", "sbin/insmod", "sbin/lsmod", "sbin/modinfo", "sbin/modprobe", "sbin/rmmod" ], "AnalyzedBy": "apk" }, { "ID": "libacl@2.3.2-r0", "Name": "libacl", "Identifier": { "PURL": "pkg:apk/alpine/libacl@2.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "3aef225ef60a107f" }, "Version": "2.3.2-r0", "Arch": "x86_64", "SrcName": "acl", "SrcVersion": "2.3.2-r0", "Licenses": [ "LGPL-2.1-or-later", "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:eac92152414664eed36c39ea29c97360b1194867", "InstalledFiles": [ "lib/libacl.so.1", "lib/libacl.so.1.1.2302" ], "AnalyzedBy": "apk" }, { "ID": "libattr@2.5.2-r0", "Name": "libattr", "Identifier": { "PURL": "pkg:apk/alpine/libattr@2.5.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "687b918a456213c8" }, "Version": "2.5.2-r0", "Arch": "x86_64", "SrcName": "attr", "SrcVersion": "2.5.2-r0", "Licenses": [ "LGPL-2.1-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:358e2a6078f8cf6625bc58d181380f42fdfc342b", "InstalledFiles": [ "lib/libattr.so.1", "lib/libattr.so.1.1.2502" ], "AnalyzedBy": "apk" }, { "ID": "libbsd@0.12.2-r0", "Name": "libbsd", "Identifier": { "PURL": "pkg:apk/alpine/libbsd@0.12.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "172597f0b99393b" }, "Version": "0.12.2-r0", "Arch": "x86_64", "SrcName": "libbsd", "SrcVersion": "0.12.2-r0", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libmd@1.1.0-r0", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:77cdd05ac1f7daa54b2331c822265cf6542c8f6f", "InstalledFiles": [ "usr/lib/libbsd.so.0", "usr/lib/libbsd.so.0.12.2" ], "AnalyzedBy": "apk" }, { "ID": "libcap-getcap@2.70-r0", "Name": "libcap-getcap", "Identifier": { "PURL": "pkg:apk/alpine/libcap-getcap@2.70-r0?arch=x86_64\u0026distro=3.20.3", "UID": "2e9f7399f8a4acb1" }, "Version": "2.70-r0", "Arch": "x86_64", "SrcName": "libcap", "SrcVersion": "2.70-r0", "Licenses": [ "BSD-3-Clause", "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libcap2@2.70-r0", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:9f5949c3759156dd0c4ddd51b77c7eeb1827a522", "InstalledFiles": [ "usr/sbin/getcap" ], "AnalyzedBy": "apk" }, { "ID": "libcap-setcap@2.70-r0", "Name": "libcap-setcap", "Identifier": { "PURL": "pkg:apk/alpine/libcap-setcap@2.70-r0?arch=x86_64\u0026distro=3.20.3", "UID": "7ead01c20c7fdb89" }, "Version": "2.70-r0", "Arch": "x86_64", "SrcName": "libcap", "SrcVersion": "2.70-r0", "Licenses": [ "BSD-3-Clause", "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libcap2@2.70-r0", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:1b481865bb62ccad132e974eed1b2bcf91974a84", "InstalledFiles": [ "usr/sbin/setcap" ], "AnalyzedBy": "apk" }, { "ID": "libcap-utils@2.70-r0", "Name": "libcap-utils", "Identifier": { "PURL": "pkg:apk/alpine/libcap-utils@2.70-r0?arch=x86_64\u0026distro=3.20.3", "UID": "2af2246a4520124f" }, "Version": "2.70-r0", "Arch": "x86_64", "SrcName": "libcap", "SrcVersion": "2.70-r0", "Licenses": [ "BSD-3-Clause", "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libcap-getcap@2.70-r0", "libcap-setcap@2.70-r0", "libcap2@2.70-r0", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:9d0846422786d2955f9a2e6b8bd082753daefedd", "InstalledFiles": [ "usr/sbin/capsh", "usr/sbin/getpcaps" ], "AnalyzedBy": "apk" }, { "ID": "libcap2@2.70-r0", "Name": "libcap2", "Identifier": { "PURL": "pkg:apk/alpine/libcap2@2.70-r0?arch=x86_64\u0026distro=3.20.3", "UID": "fdb8fa1749c0da49" }, "Version": "2.70-r0", "Arch": "x86_64", "SrcName": "libcap", "SrcVersion": "2.70-r0", "Licenses": [ "BSD-3-Clause", "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:36d62e0793057eade6594a1dfd7e0fe6fdbc26e1", "InstalledFiles": [ "usr/lib/libcap.so.2", "usr/lib/libcap.so.2.70", "usr/lib/libpsx.so.2", "usr/lib/libpsx.so.2.70" ], "AnalyzedBy": "apk" }, { "ID": "libcrypto3@3.3.2-r0", "Name": "libcrypto3", "Identifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "1f07265a9a4c81e3" }, "Version": "3.3.2-r0", "Arch": "x86_64", "SrcName": "openssl", "SrcVersion": "3.3.2-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "Digest": "sha1:9bf0618d6c5fa68e03e5c2bb47d179320f7576ba", "InstalledFiles": [ "etc/ssl/ct_log_list.cnf", "etc/ssl/ct_log_list.cnf.dist", "etc/ssl/openssl.cnf", "etc/ssl/openssl.cnf.dist", "lib/libcrypto.so.3", "usr/lib/libcrypto.so.3", "usr/lib/engines-3/afalg.so", "usr/lib/engines-3/capi.so", "usr/lib/engines-3/loader_attic.so", "usr/lib/engines-3/padlock.so", "usr/lib/ossl-modules/legacy.so" ], "AnalyzedBy": "apk" }, { "ID": "libcurl@8.9.1-r2", "Name": "libcurl", "Identifier": { "PURL": "pkg:apk/alpine/libcurl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", "UID": "2ba374c8fc8f948f" }, "Version": "8.9.1-r2", "Arch": "x86_64", "SrcName": "curl", "SrcVersion": "8.9.1-r2", "Licenses": [ "curl" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "brotli-libs@1.1.0-r2", "c-ares@1.33.1-r0", "ca-certificates@20240705-r0", "libcrypto3@3.3.2-r0", "libidn2@2.3.7-r0", "libpsl@0.21.5-r1", "libssl3@3.3.2-r0", "musl@1.2.5-r0", "nghttp2-libs@1.62.1-r0", "zlib@1.3.1-r1", "zstd-libs@1.5.6-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:a09d55380a33f12aa82f49e3fae0e53f7e433587", "InstalledFiles": [ "usr/lib/libcurl.so.4", "usr/lib/libcurl.so.4.8.0" ], "AnalyzedBy": "apk" }, { "ID": "libelf@0.191-r0", "Name": "libelf", "Identifier": { "PURL": "pkg:apk/alpine/libelf@0.191-r0?arch=x86_64\u0026distro=3.20.3", "UID": "7d393dcfda903529" }, "Version": "0.191-r0", "Arch": "x86_64", "SrcName": "elfutils", "SrcVersion": "0.191-r0", "Licenses": [ "GPL-3.0-or-later", "GPL-2.0-or-later", "LGPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0", "zlib@1.3.1-r1", "zstd-libs@1.5.6-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:981d29d25f7ebd2043c571afebfb59675245c9bf", "InstalledFiles": [ "usr/lib/libelf-0.191.so", "usr/lib/libelf.so.1" ], "AnalyzedBy": "apk" }, { "ID": "libevent@2.1.12-r7", "Name": "libevent", "Identifier": { "PURL": "pkg:apk/alpine/libevent@2.1.12-r7?arch=x86_64\u0026distro=3.20.3", "UID": "8ec3d0ad20194f50" }, "Version": "2.1.12-r7", "Arch": "x86_64", "SrcName": "libevent", "SrcVersion": "2.1.12-r7", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libcrypto3@3.3.2-r0", "libssl3@3.3.2-r0", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:7c30b99dcb6359ecb8167c46c3a2a28a9e33aca5", "InstalledFiles": [ "usr/lib/libevent-2.1.so.7", "usr/lib/libevent-2.1.so.7.0.1", "usr/lib/libevent_core-2.1.so.7", "usr/lib/libevent_core-2.1.so.7.0.1", "usr/lib/libevent_extra-2.1.so.7", "usr/lib/libevent_extra-2.1.so.7.0.1", "usr/lib/libevent_openssl-2.1.so.7", "usr/lib/libevent_openssl-2.1.so.7.0.1", "usr/lib/libevent_pthreads-2.1.so.7", "usr/lib/libevent_pthreads-2.1.so.7.0.1" ], "AnalyzedBy": "apk" }, { "ID": "libidn2@2.3.7-r0", "Name": "libidn2", "Identifier": { "PURL": "pkg:apk/alpine/libidn2@2.3.7-r0?arch=x86_64\u0026distro=3.20.3", "UID": "a36f92905da9a0" }, "Version": "2.3.7-r0", "Arch": "x86_64", "SrcName": "libidn2", "SrcVersion": "2.3.7-r0", "Licenses": [ "GPL-2.0-or-later", "LGPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libunistring@1.2-r0", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:02629e610eec8b3f8fc422bec27b3b2359d5c962", "InstalledFiles": [ "usr/lib/libidn2.so.0", "usr/lib/libidn2.so.0.4.0" ], "AnalyzedBy": "apk" }, { "ID": "libintl@0.22.5-r0", "Name": "libintl", "Identifier": { "PURL": "pkg:apk/alpine/libintl@0.22.5-r0?arch=x86_64\u0026distro=3.20.3", "UID": "b2aa65e57d55fe51" }, "Version": "0.22.5-r0", "Arch": "x86_64", "SrcName": "gettext", "SrcVersion": "0.22.5-r0", "Licenses": [ "LGPL-2.1-or-later" ], "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:e4653097ace0aed3ee1d0189be1155684458880d", "InstalledFiles": [ "usr/lib/libintl.so.8", "usr/lib/libintl.so.8.4.0" ], "AnalyzedBy": "apk" }, { "ID": "libip4tc@1.8.10-r3", "Name": "libip4tc", "Identifier": { "PURL": "pkg:apk/alpine/libip4tc@1.8.10-r3?arch=x86_64\u0026distro=3.20.3", "UID": "4b93dfc0c4c88429" }, "Version": "1.8.10-r3", "Arch": "x86_64", "SrcName": "iptables", "SrcVersion": "1.8.10-r3", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:d27e94f20872901b4c22fd0c0966c7ca3fd67716", "InstalledFiles": [ "usr/lib/libip4tc.so.2", "usr/lib/libip4tc.so.2.0.0" ], "AnalyzedBy": "apk" }, { "ID": "libip6tc@1.8.10-r3", "Name": "libip6tc", "Identifier": { "PURL": "pkg:apk/alpine/libip6tc@1.8.10-r3?arch=x86_64\u0026distro=3.20.3", "UID": "f38fbd2df9cd613" }, "Version": "1.8.10-r3", "Arch": "x86_64", "SrcName": "iptables", "SrcVersion": "1.8.10-r3", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:07b3cf845fdad8da6cb26c1318a1e73c1486a3e2", "InstalledFiles": [ "usr/lib/libip6tc.so.2", "usr/lib/libip6tc.so.2.0.0" ], "AnalyzedBy": "apk" }, { "ID": "libmd@1.1.0-r0", "Name": "libmd", "Identifier": { "PURL": "pkg:apk/alpine/libmd@1.1.0-r0?arch=x86_64\u0026distro=3.20.3", "UID": "965d6d33e5a44093" }, "Version": "1.1.0-r0", "Arch": "x86_64", "SrcName": "libmd", "SrcVersion": "1.1.0-r0", "Licenses": [ "BSD-3-Clause", "BSD-2-Clause", "ISC", "Beerware", "Public", "Domain" ], "Maintainer": "omni \u003comni+alpine@hack.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:9f88c37987a5d25c3e536e0aaab3ecea413e4d94", "InstalledFiles": [ "usr/lib/libmd.so.0", "usr/lib/libmd.so.0.1.0" ], "AnalyzedBy": "apk" }, { "ID": "libmnl@1.0.5-r2", "Name": "libmnl", "Identifier": { "PURL": "pkg:apk/alpine/libmnl@1.0.5-r2?arch=x86_64\u0026distro=3.20.3", "UID": "f254bead19a6f1a1" }, "Version": "1.0.5-r2", "Arch": "x86_64", "SrcName": "libmnl", "SrcVersion": "1.0.5-r2", "Licenses": [ "LGPL-2.1-or-later" ], "Maintainer": "Francesco Colista \u003cfcolista@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:c8f07f901cbe6e64dd1c0346056483aa5bf6494b", "InstalledFiles": [ "usr/lib/libmnl.so.0", "usr/lib/libmnl.so.0.2.0" ], "AnalyzedBy": "apk" }, { "ID": "libncursesw@6.4_p20240420-r1", "Name": "libncursesw", "Identifier": { "PURL": "pkg:apk/alpine/libncursesw@6.4_p20240420-r1?arch=x86_64\u0026distro=3.20.3", "UID": "380e2483755d26ce" }, "Version": "6.4_p20240420-r1", "Arch": "x86_64", "SrcName": "ncurses", "SrcVersion": "6.4_p20240420-r1", "Licenses": [ "X-11" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0", "ncurses-terminfo-base@6.4_p20240420-r1" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:ea11d954db1aef9ade8abe50bf3870c994a39c70", "InstalledFiles": [ "usr/lib/libncursesw.so.6", "usr/lib/libncursesw.so.6.4" ], "AnalyzedBy": "apk" }, { "ID": "libnftnl@1.2.6-r0", "Name": "libnftnl", "Identifier": { "PURL": "pkg:apk/alpine/libnftnl@1.2.6-r0?arch=x86_64\u0026distro=3.20.3", "UID": "cdc849f7051784d0" }, "Version": "1.2.6-r0", "Arch": "x86_64", "SrcName": "libnftnl", "SrcVersion": "1.2.6-r0", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Jakub Jirutka \u003cjakub@jirutka.cz\u003e", "DependsOn": [ "libmnl@1.0.5-r2", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:fb069ebafae8c7cc06a6dbed27724714d5cfa57b", "InstalledFiles": [ "usr/lib/libnftnl.so.11", "usr/lib/libnftnl.so.11.6.0" ], "AnalyzedBy": "apk" }, { "ID": "libpng@1.6.44-r0", "Name": "libpng", "Identifier": { "PURL": "pkg:apk/alpine/libpng@1.6.44-r0?arch=x86_64\u0026distro=3.20.3", "UID": "e29ba48026f32d89" }, "Version": "1.6.44-r0", "Arch": "x86_64", "SrcName": "libpng", "SrcVersion": "1.6.44-r0", "Licenses": [ "Libpng" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0", "zlib@1.3.1-r1" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:3fc66dc77509d5afcd2aac36cb2f92108fdfcc23", "InstalledFiles": [ "usr/lib/libpng16.so.16", "usr/lib/libpng16.so.16.44.0" ], "AnalyzedBy": "apk" }, { "ID": "libproc2@4.0.4-r0", "Name": "libproc2", "Identifier": { "PURL": "pkg:apk/alpine/libproc2@4.0.4-r0?arch=x86_64\u0026distro=3.20.3", "UID": "70ae2163926d9037" }, "Version": "4.0.4-r0", "Arch": "x86_64", "SrcName": "procps-ng", "SrcVersion": "4.0.4-r0", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.1-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:9cca2d1b39191864fe89116bf9c3b3aab5d0ccb9", "InstalledFiles": [ "lib/libproc2.so.0", "lib/libproc2.so.0.0.2" ], "AnalyzedBy": "apk" }, { "ID": "libpsl@0.21.5-r1", "Name": "libpsl", "Identifier": { "PURL": "pkg:apk/alpine/libpsl@0.21.5-r1?arch=x86_64\u0026distro=3.20.3", "UID": "8760b1e6c7f9e61c" }, "Version": "0.21.5-r1", "Arch": "x86_64", "SrcName": "libpsl", "SrcVersion": "0.21.5-r1", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libidn2@2.3.7-r0", "libunistring@1.2-r0", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:1f1e660c761dadb2614c0f573ea6ef2be8649206", "InstalledFiles": [ "usr/lib/libpsl.so.5", "usr/lib/libpsl.so.5.3.5" ], "AnalyzedBy": "apk" }, { "ID": "libqrencode@4.1.1-r2", "Name": "libqrencode", "Identifier": { "PURL": "pkg:apk/alpine/libqrencode@4.1.1-r2?arch=x86_64\u0026distro=3.20.3", "UID": "6a6294b6dbd10ecf" }, "Version": "4.1.1-r2", "Arch": "x86_64", "SrcName": "libqrencode", "SrcVersion": "4.1.1-r2", "Licenses": [ "LGPL-2.1-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:8ab385c2b299cdcf51e0a72c848edc9428b4c0a0", "InstalledFiles": [ "usr/lib/libqrencode.so.4", "usr/lib/libqrencode.so.4.1.1" ], "AnalyzedBy": "apk" }, { "ID": "libqrencode-tools@4.1.1-r2", "Name": "libqrencode-tools", "Identifier": { "PURL": "pkg:apk/alpine/libqrencode-tools@4.1.1-r2?arch=x86_64\u0026distro=3.20.3", "UID": "2b353137288f0b74" }, "Version": "4.1.1-r2", "Arch": "x86_64", "SrcName": "libqrencode", "SrcVersion": "4.1.1-r2", "Licenses": [ "LGPL-2.1-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libpng@1.6.44-r0", "libqrencode@4.1.1-r2", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:de64bbf0ee1af6f8ef7626d5ec235726f3a37411", "InstalledFiles": [ "usr/bin/qrencode" ], "AnalyzedBy": "apk" }, { "ID": "libssl3@3.3.2-r0", "Name": "libssl3", "Identifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "c6ddd7b4b8d1fc36" }, "Version": "3.3.2-r0", "Arch": "x86_64", "SrcName": "openssl", "SrcVersion": "3.3.2-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libcrypto3@3.3.2-r0", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "Digest": "sha1:f81052a84c5e1028fe4db48e94c94ab1a826a898", "InstalledFiles": [ "lib/libssl.so.3", "usr/lib/libssl.so.3" ], "AnalyzedBy": "apk" }, { "ID": "libunistring@1.2-r0", "Name": "libunistring", "Identifier": { "PURL": "pkg:apk/alpine/libunistring@1.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "ae41cff06c3deb9e" }, "Version": "1.2-r0", "Arch": "x86_64", "SrcName": "libunistring", "SrcVersion": "1.2-r0", "Licenses": [ "GPL-2.0-or-later", "LGPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:1ff86ed40752102a6c84ece085ae89ac88c74c5a", "InstalledFiles": [ "usr/lib/libunistring.so.5", "usr/lib/libunistring.so.5.1.0" ], "AnalyzedBy": "apk" }, { "ID": "libxtables@1.8.10-r3", "Name": "libxtables", "Identifier": { "PURL": "pkg:apk/alpine/libxtables@1.8.10-r3?arch=x86_64\u0026distro=3.20.3", "UID": "ac7531315c20e326" }, "Version": "1.8.10-r3", "Arch": "x86_64", "SrcName": "iptables", "SrcVersion": "1.8.10-r3", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:3f331bf2d5660c02a82152f272b8d11c3744221d", "InstalledFiles": [ "usr/lib/libxtables.so.12", "usr/lib/libxtables.so.12.7.0" ], "AnalyzedBy": "apk" }, { "ID": "linux-pam@1.6.0-r0", "Name": "linux-pam", "Identifier": { "PURL": "pkg:apk/alpine/linux-pam@1.6.0-r0?arch=x86_64\u0026distro=3.20.3", "UID": "e75124828b58d10e" }, "Version": "1.6.0-r0", "Arch": "x86_64", "SrcName": "linux-pam", "SrcVersion": "1.6.0-r0", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0", "utmps-libs@0.1.2.2-r1" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:3e55a9b590f857dd12a1fca8b31d9db184fc74f0", "InstalledFiles": [ "etc/environment", "etc/pam.d/base-account", "etc/pam.d/base-auth", "etc/pam.d/base-password", "etc/pam.d/base-session", "etc/pam.d/base-session-noninteractive", "etc/pam.d/login", "etc/pam.d/other", "etc/pam.d/su", "etc/security/access.conf", "etc/security/faillock.conf", "etc/security/group.conf", "etc/security/limits.conf", "etc/security/namespace.conf", "etc/security/namespace.init", "etc/security/pam_env.conf", "etc/security/pwhistory.conf", "etc/security/time.conf", "lib/libpam.so.0", "lib/libpam.so.0.85.1", "lib/libpam_misc.so.0", "lib/libpam_misc.so.0.82.1", "lib/libpamc.so.0", "lib/libpamc.so.0.82.1", "lib/security/pam_access.so", "lib/security/pam_canonicalize_user.so", "lib/security/pam_debug.so", "lib/security/pam_deny.so", "lib/security/pam_echo.so", "lib/security/pam_env.so", "lib/security/pam_exec.so", "lib/security/pam_faildelay.so", "lib/security/pam_faillock.so", "lib/security/pam_filter.so", "lib/security/pam_ftp.so", "lib/security/pam_group.so", "lib/security/pam_issue.so", "lib/security/pam_keyinit.so", "lib/security/pam_limits.so", "lib/security/pam_listfile.so", "lib/security/pam_localuser.so", "lib/security/pam_loginuid.so", "lib/security/pam_mail.so", "lib/security/pam_mkhomedir.so", "lib/security/pam_motd.so", "lib/security/pam_namespace.so", "lib/security/pam_nologin.so", "lib/security/pam_permit.so", "lib/security/pam_pwhistory.so", "lib/security/pam_rootok.so", "lib/security/pam_securetty.so", "lib/security/pam_setquota.so", "lib/security/pam_shells.so", "lib/security/pam_stress.so", "lib/security/pam_succeed_if.so", "lib/security/pam_time.so", "lib/security/pam_timestamp.so", "lib/security/pam_umask.so", "lib/security/pam_unix.so", "lib/security/pam_usertype.so", "lib/security/pam_warn.so", "lib/security/pam_wheel.so", "lib/security/pam_xauth.so", "lib/security/pam_filter/upperLOWER", "sbin/faillock", "sbin/mkhomedir_helper", "sbin/pam_namespace_helper", "sbin/pam_timestamp_check", "sbin/pwhistory_helper", "sbin/unix_chkpwd", "sbin/unix_update" ], "AnalyzedBy": "apk" }, { "ID": "mii-tool@2.10-r3", "Name": "mii-tool", "Identifier": { "PURL": "pkg:apk/alpine/mii-tool@2.10-r3?arch=x86_64\u0026distro=3.20.3", "UID": "f018b55be68ae905" }, "Version": "2.10-r3", "Arch": "x86_64", "SrcName": "net-tools", "SrcVersion": "2.10-r3", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:49238c70fc68ee52895c53b4943cd323efd4e29d", "InstalledFiles": [ "sbin/mii-tool" ], "AnalyzedBy": "apk" }, { "ID": "musl@1.2.5-r0", "Name": "musl", "Identifier": { "PURL": "pkg:apk/alpine/musl@1.2.5-r0?arch=x86_64\u0026distro=3.20.3", "UID": "d76e86ca8c96b6ac" }, "Version": "1.2.5-r0", "Arch": "x86_64", "SrcName": "musl", "SrcVersion": "1.2.5-r0", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "Digest": "sha1:3d2da235e1c31f7045e9382a48cbbfa5c7375c86", "InstalledFiles": [ "lib/ld-musl-x86_64.so.1", "lib/libc.musl-x86_64.so.1" ], "AnalyzedBy": "apk" }, { "ID": "musl-utils@1.2.5-r0", "Name": "musl-utils", "Identifier": { "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r0?arch=x86_64\u0026distro=3.20.3", "UID": "a313fc68c87a2f4d" }, "Version": "1.2.5-r0", "Arch": "x86_64", "SrcName": "musl", "SrcVersion": "1.2.5-r0", "Licenses": [ "MIT", "BSD-2-Clause", "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0", "scanelf@1.3.7-r2" ], "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "Digest": "sha1:e11671e426dc2d8189155906d007c39be1eb1367", "InstalledFiles": [ "sbin/ldconfig", "usr/bin/getconf", "usr/bin/getent", "usr/bin/iconv", "usr/bin/ldd" ], "AnalyzedBy": "apk" }, { "ID": "ncurses-terminfo-base@6.4_p20240420-r1", "Name": "ncurses-terminfo-base", "Identifier": { "PURL": "pkg:apk/alpine/ncurses-terminfo-base@6.4_p20240420-r1?arch=x86_64\u0026distro=3.20.3", "UID": "fb917cecc9ff879e" }, "Version": "6.4_p20240420-r1", "Arch": "x86_64", "SrcName": "ncurses", "SrcVersion": "6.4_p20240420-r1", "Licenses": [ "X-11" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:b94ecaed3ab420de295b36edb80b60ce311c4239", "InstalledFiles": [ "etc/terminfo/a/alacritty", "etc/terminfo/a/ansi", "etc/terminfo/d/dumb", "etc/terminfo/g/gnome", "etc/terminfo/g/gnome-256color", "etc/terminfo/k/konsole", "etc/terminfo/k/konsole-256color", "etc/terminfo/k/konsole-linux", "etc/terminfo/l/linux", "etc/terminfo/p/putty", "etc/terminfo/p/putty-256color", "etc/terminfo/r/rxvt", "etc/terminfo/r/rxvt-256color", "etc/terminfo/s/screen", "etc/terminfo/s/screen-256color", "etc/terminfo/s/st-0.6", "etc/terminfo/s/st-0.7", "etc/terminfo/s/st-0.8", "etc/terminfo/s/st-16color", "etc/terminfo/s/st-256color", "etc/terminfo/s/st-direct", "etc/terminfo/s/sun", "etc/terminfo/t/terminator", "etc/terminfo/t/terminology", "etc/terminfo/t/terminology-0.6.1", "etc/terminfo/t/terminology-1.0.0", "etc/terminfo/t/terminology-1.8.1", "etc/terminfo/t/tmux", "etc/terminfo/t/tmux-256color", "etc/terminfo/v/vt100", "etc/terminfo/v/vt102", "etc/terminfo/v/vt200", "etc/terminfo/v/vt220", "etc/terminfo/v/vt52", "etc/terminfo/v/vte", "etc/terminfo/v/vte-256color", "etc/terminfo/x/xterm", "etc/terminfo/x/xterm-256color", "etc/terminfo/x/xterm-color", "etc/terminfo/x/xterm-xfree86" ], "AnalyzedBy": "apk" }, { "ID": "net-tools@2.10-r3", "Name": "net-tools", "Identifier": { "PURL": "pkg:apk/alpine/net-tools@2.10-r3?arch=x86_64\u0026distro=3.20.3", "UID": "6902e73bb63d23c2" }, "Version": "2.10-r3", "Arch": "x86_64", "SrcName": "net-tools", "SrcVersion": "2.10-r3", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "mii-tool@2.10-r3", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:7477f3fc0aab7592d8fab926630b0b14171f7702", "InstalledFiles": [ "bin/dnsdomainname", "bin/domainname", "bin/hostname", "bin/netstat", "bin/nisdomainname", "bin/route", "bin/ypdomainname", "sbin/arp", "sbin/ifconfig", "sbin/ipmaddr", "sbin/iptunnel", "sbin/nameif", "sbin/plipconfig", "sbin/rarp", "sbin/slattach" ], "AnalyzedBy": "apk" }, { "ID": "netcat-openbsd@1.226-r0", "Name": "netcat-openbsd", "Identifier": { "PURL": "pkg:apk/alpine/netcat-openbsd@1.226-r0?arch=x86_64\u0026distro=3.20.3", "UID": "9a32d2978a7cdc46" }, "Version": "1.226-r0", "Arch": "x86_64", "SrcName": "netcat-openbsd", "SrcVersion": "1.226-r0", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Leonardo Arena \u003crnalrd@alpinelinux.org\u003e", "DependsOn": [ "libbsd@0.12.2-r0", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:05e1a042c544d3117b1dc96391e1b6d543e269fe", "InstalledFiles": [ "usr/bin/nc" ], "AnalyzedBy": "apk" }, { "ID": "nghttp2-libs@1.62.1-r0", "Name": "nghttp2-libs", "Identifier": { "PURL": "pkg:apk/alpine/nghttp2-libs@1.62.1-r0?arch=x86_64\u0026distro=3.20.3", "UID": "42b2705c1dbc8035" }, "Version": "1.62.1-r0", "Arch": "x86_64", "SrcName": "nghttp2", "SrcVersion": "1.62.1-r0", "Licenses": [ "MIT" ], "Maintainer": "Francesco Colista \u003cfcolista@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:2c38b5b57527b4b61a9e954543ade9367c9663f9", "InstalledFiles": [ "usr/lib/libnghttp2.so.14", "usr/lib/libnghttp2.so.14.28.1" ], "AnalyzedBy": "apk" }, { "ID": "oniguruma@6.9.9-r0", "Name": "oniguruma", "Identifier": { "PURL": "pkg:apk/alpine/oniguruma@6.9.9-r0?arch=x86_64\u0026distro=3.20.3", "UID": "ab491550022f752b" }, "Version": "6.9.9-r0", "Arch": "x86_64", "SrcName": "oniguruma", "SrcVersion": "6.9.9-r0", "Licenses": [ "BSD-2-Clause" ], "Maintainer": "Francesco Colista \u003cfcolista@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:2c29b1278471ca8cc10785dfd7a1a4c84444fe05", "InstalledFiles": [ "usr/lib/libonig.so.5", "usr/lib/libonig.so.5.4.0" ], "AnalyzedBy": "apk" }, { "ID": "openresolv@3.13.2-r0", "Name": "openresolv", "Identifier": { "PURL": "pkg:apk/alpine/openresolv@3.13.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "50f378b73a425ca" }, "Version": "3.13.2-r0", "Arch": "x86_64", "SrcName": "openresolv", "SrcVersion": "3.13.2-r0", "Licenses": [ "BSD-2-Clause" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:cbe9ba4c51769f47315127ce2a17c3317583d3ce", "InstalledFiles": [ "etc/resolvconf.conf", "lib/resolvconf/dnsmasq", "lib/resolvconf/libc", "lib/resolvconf/named", "lib/resolvconf/pdns_recursor", "lib/resolvconf/pdnsd", "lib/resolvconf/unbound", "lib/resolvconf/libc.d/avahi-daemon", "lib/resolvconf/libc.d/mdnsd", "sbin/resolvconf" ], "AnalyzedBy": "apk" }, { "ID": "pcre2@10.43-r0", "Name": "pcre2", "Identifier": { "PURL": "pkg:apk/alpine/pcre2@10.43-r0?arch=x86_64\u0026distro=3.20.3", "UID": "fe49afecbfd3c35b" }, "Version": "10.43-r0", "Arch": "x86_64", "SrcName": "pcre2", "SrcVersion": "10.43-r0", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Jakub Jirutka \u003cjakub@jirutka.cz\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:447266b2ae4cb2b6ac25f42b07486a496dc71d25", "InstalledFiles": [ "usr/lib/libpcre2-8.so.0", "usr/lib/libpcre2-8.so.0.12.0", "usr/lib/libpcre2-posix.so.3", "usr/lib/libpcre2-posix.so.3.0.5" ], "AnalyzedBy": "apk" }, { "ID": "procps-ng@4.0.4-r0", "Name": "procps-ng", "Identifier": { "PURL": "pkg:apk/alpine/procps-ng@4.0.4-r0?arch=x86_64\u0026distro=3.20.3", "UID": "5b6d07cf92054959" }, "Version": "4.0.4-r0", "Arch": "x86_64", "SrcName": "procps-ng", "SrcVersion": "4.0.4-r0", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.1-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libintl@0.22.5-r0", "libncursesw@6.4_p20240420-r1", "libproc2@4.0.4-r0", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:1ba8b62fcd9d1b49b8362bc58c2d24695d194076", "InstalledFiles": [ "bin/pidof", "bin/pidwait", "bin/ps", "bin/slabtop", "bin/tload", "bin/vmstat", "bin/w", "bin/watch", "sbin/sysctl", "usr/bin/free", "usr/bin/pgrep", "usr/bin/pkill", "usr/bin/pmap", "usr/bin/pwdx", "usr/bin/top", "usr/bin/uptime" ], "AnalyzedBy": "apk" }, { "ID": "protobuf-c@1.5.0-r0", "Name": "protobuf-c", "Identifier": { "PURL": "pkg:apk/alpine/protobuf-c@1.5.0-r0?arch=x86_64\u0026distro=3.20.3", "UID": "9c236bd89ac9e4cd" }, "Version": "1.5.0-r0", "Arch": "x86_64", "SrcName": "protobuf-c", "SrcVersion": "1.5.0-r0", "Licenses": [ "BSD-2-Clause" ], "Maintainer": "Leonardo Arena \u003crnalrd@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:70e92079dc99f9cb2ed013b321f72a35e1b4b893", "InstalledFiles": [ "usr/lib/libprotobuf-c.so.1", "usr/lib/libprotobuf-c.so.1.0.0" ], "AnalyzedBy": "apk" }, { "ID": "readline@8.2.10-r0", "Name": "readline", "Identifier": { "PURL": "pkg:apk/alpine/readline@8.2.10-r0?arch=x86_64\u0026distro=3.20.3", "UID": "8545917dc127fb65" }, "Version": "8.2.10-r0", "Arch": "x86_64", "SrcName": "readline", "SrcVersion": "8.2.10-r0", "Licenses": [ "GPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libncursesw@6.4_p20240420-r1", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:4a9a680cad09eaf9918906e628376c4ad8269731", "InstalledFiles": [ "etc/inputrc", "usr/lib/libreadline.so.8", "usr/lib/libreadline.so.8.2" ], "AnalyzedBy": "apk" }, { "ID": "scanelf@1.3.7-r2", "Name": "scanelf", "Identifier": { "PURL": "pkg:apk/alpine/scanelf@1.3.7-r2?arch=x86_64\u0026distro=3.20.3", "UID": "d28800ba35f564bd" }, "Version": "1.3.7-r2", "Arch": "x86_64", "SrcName": "pax-utils", "SrcVersion": "1.3.7-r2", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "Digest": "sha1:c84b0b49111485cb08744822f9b34a9fa9524fcc", "InstalledFiles": [ "usr/bin/scanelf" ], "AnalyzedBy": "apk" }, { "ID": "shadow@4.15.1-r0", "Name": "shadow", "Identifier": { "PURL": "pkg:apk/alpine/shadow@4.15.1-r0?arch=x86_64\u0026distro=3.20.3", "UID": "607e65e775be821f" }, "Version": "4.15.1-r0", "Arch": "x86_64", "SrcName": "shadow", "SrcVersion": "4.15.1-r0", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Stuart Cardall \u003cdeveloper@it-offshore.co.uk\u003e", "DependsOn": [ "busybox-binsh@1.36.1-r29", "libbsd@0.12.2-r0", "linux-pam@1.6.0-r0", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:bc531fce90f73500eee767bf67a26ec6c0cadded", "InstalledFiles": [ "bin/groups", "etc/login.defs", "etc/pam.d/chfn", "etc/pam.d/chpasswd", "etc/pam.d/chsh", "etc/pam.d/groupmems", "etc/pam.d/newusers", "etc/pam.d/shadow-utils", "usr/bin/chage", "usr/bin/chfn", "usr/bin/chsh", "usr/bin/expiry", "usr/bin/gpasswd", "usr/bin/passwd", "usr/sbin/chgpasswd", "usr/sbin/chpasswd", "usr/sbin/groupadd", "usr/sbin/groupdel", "usr/sbin/groupmems", "usr/sbin/groupmod", "usr/sbin/grpck", "usr/sbin/logoutd", "usr/sbin/newusers", "usr/sbin/pwck", "usr/sbin/useradd", "usr/sbin/userdel", "usr/sbin/usermod", "usr/sbin/vigr", "usr/sbin/vipw" ], "AnalyzedBy": "apk" }, { "ID": "skalibs@2.14.1.1-r0", "Name": "skalibs", "Identifier": { "PURL": "pkg:apk/alpine/skalibs@2.14.1.1-r0?arch=x86_64\u0026distro=3.20.3", "UID": "6116e2b7ad3fa0a" }, "Version": "2.14.1.1-r0", "Arch": "x86_64", "SrcName": "skalibs", "SrcVersion": "2.14.1.1-r0", "Licenses": [ "ISC" ], "Maintainer": "Laurent Bercot \u003cska-devel@skarnet.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:e9f4cc78e767f77e9b76d4ca1be2c95891d660da", "InstalledFiles": [ "lib/libskarnet.so.2.14", "lib/libskarnet.so.2.14.1.1" ], "AnalyzedBy": "apk" }, { "ID": "ssl_client@1.36.1-r29", "Name": "ssl_client", "Identifier": { "PURL": "pkg:apk/alpine/ssl_client@1.36.1-r29?arch=x86_64\u0026distro=3.20.3", "UID": "98ff5cbbbcd05de1" }, "Version": "1.36.1-r29", "Arch": "x86_64", "SrcName": "busybox", "SrcVersion": "1.36.1-r29", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", "DependsOn": [ "libcrypto3@3.3.2-r0", "libssl3@3.3.2-r0", "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "Digest": "sha1:7e2867092a0edee7436f70e4430b6b7dde363094", "InstalledFiles": [ "usr/bin/ssl_client" ], "AnalyzedBy": "apk" }, { "ID": "tzdata@2024b-r0", "Name": "tzdata", "Identifier": { "PURL": "pkg:apk/alpine/tzdata@2024b-r0?arch=x86_64\u0026distro=3.20.3", "UID": "f2d144c7f989a952" }, "Version": "2024b-r0", "Arch": "x86_64", "SrcName": "tzdata", "SrcVersion": "2024b-r0", "Licenses": [ "Public-Domain" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:78fa61c4d1307cb88216bd8a6a45236f1d2ed6eb", "InstalledFiles": [ "usr/share/zoneinfo/CET", "usr/share/zoneinfo/CST6CDT", "usr/share/zoneinfo/Cuba", "usr/share/zoneinfo/EET", "usr/share/zoneinfo/EST", "usr/share/zoneinfo/EST5EDT", "usr/share/zoneinfo/Egypt", "usr/share/zoneinfo/Eire", "usr/share/zoneinfo/Factory", "usr/share/zoneinfo/GB", "usr/share/zoneinfo/GB-Eire", "usr/share/zoneinfo/GMT", "usr/share/zoneinfo/GMT+0", "usr/share/zoneinfo/GMT-0", "usr/share/zoneinfo/GMT0", "usr/share/zoneinfo/Greenwich", "usr/share/zoneinfo/HST", "usr/share/zoneinfo/Hongkong", "usr/share/zoneinfo/Iceland", "usr/share/zoneinfo/Iran", "usr/share/zoneinfo/Israel", "usr/share/zoneinfo/Jamaica", "usr/share/zoneinfo/Japan", "usr/share/zoneinfo/Kwajalein", "usr/share/zoneinfo/Libya", "usr/share/zoneinfo/MET", "usr/share/zoneinfo/MST", "usr/share/zoneinfo/MST7MDT", "usr/share/zoneinfo/NZ", "usr/share/zoneinfo/NZ-CHAT", "usr/share/zoneinfo/Navajo", "usr/share/zoneinfo/PRC", "usr/share/zoneinfo/PST8PDT", "usr/share/zoneinfo/Poland", "usr/share/zoneinfo/Portugal", "usr/share/zoneinfo/ROC", "usr/share/zoneinfo/ROK", "usr/share/zoneinfo/Singapore", "usr/share/zoneinfo/Turkey", "usr/share/zoneinfo/UCT", "usr/share/zoneinfo/UTC", "usr/share/zoneinfo/Universal", "usr/share/zoneinfo/W-SU", "usr/share/zoneinfo/WET", "usr/share/zoneinfo/Zulu", "usr/share/zoneinfo/iso3166.tab", "usr/share/zoneinfo/leap-seconds.list", "usr/share/zoneinfo/posixrules", "usr/share/zoneinfo/zone.tab", "usr/share/zoneinfo/zone1970.tab", "usr/share/zoneinfo/Africa/Abidjan", "usr/share/zoneinfo/Africa/Accra", "usr/share/zoneinfo/Africa/Addis_Ababa", "usr/share/zoneinfo/Africa/Algiers", "usr/share/zoneinfo/Africa/Asmara", "usr/share/zoneinfo/Africa/Asmera", "usr/share/zoneinfo/Africa/Bamako", "usr/share/zoneinfo/Africa/Bangui", "usr/share/zoneinfo/Africa/Banjul", "usr/share/zoneinfo/Africa/Bissau", "usr/share/zoneinfo/Africa/Blantyre", "usr/share/zoneinfo/Africa/Brazzaville", "usr/share/zoneinfo/Africa/Bujumbura", "usr/share/zoneinfo/Africa/Cairo", "usr/share/zoneinfo/Africa/Casablanca", "usr/share/zoneinfo/Africa/Ceuta", "usr/share/zoneinfo/Africa/Conakry", "usr/share/zoneinfo/Africa/Dakar", "usr/share/zoneinfo/Africa/Dar_es_Salaam", "usr/share/zoneinfo/Africa/Djibouti", "usr/share/zoneinfo/Africa/Douala", "usr/share/zoneinfo/Africa/El_Aaiun", "usr/share/zoneinfo/Africa/Freetown", "usr/share/zoneinfo/Africa/Gaborone", "usr/share/zoneinfo/Africa/Harare", "usr/share/zoneinfo/Africa/Johannesburg", "usr/share/zoneinfo/Africa/Juba", "usr/share/zoneinfo/Africa/Kampala", "usr/share/zoneinfo/Africa/Khartoum", "usr/share/zoneinfo/Africa/Kigali", "usr/share/zoneinfo/Africa/Kinshasa", "usr/share/zoneinfo/Africa/Lagos", "usr/share/zoneinfo/Africa/Libreville", "usr/share/zoneinfo/Africa/Lome", "usr/share/zoneinfo/Africa/Luanda", "usr/share/zoneinfo/Africa/Lubumbashi", "usr/share/zoneinfo/Africa/Lusaka", "usr/share/zoneinfo/Africa/Malabo", "usr/share/zoneinfo/Africa/Maputo", "usr/share/zoneinfo/Africa/Maseru", "usr/share/zoneinfo/Africa/Mbabane", "usr/share/zoneinfo/Africa/Mogadishu", "usr/share/zoneinfo/Africa/Monrovia", "usr/share/zoneinfo/Africa/Nairobi", "usr/share/zoneinfo/Africa/Ndjamena", "usr/share/zoneinfo/Africa/Niamey", "usr/share/zoneinfo/Africa/Nouakchott", "usr/share/zoneinfo/Africa/Ouagadougou", "usr/share/zoneinfo/Africa/Porto-Novo", "usr/share/zoneinfo/Africa/Sao_Tome", "usr/share/zoneinfo/Africa/Timbuktu", "usr/share/zoneinfo/Africa/Tripoli", "usr/share/zoneinfo/Africa/Tunis", "usr/share/zoneinfo/Africa/Windhoek", "usr/share/zoneinfo/America/Adak", "usr/share/zoneinfo/America/Anchorage", "usr/share/zoneinfo/America/Anguilla", "usr/share/zoneinfo/America/Antigua", "usr/share/zoneinfo/America/Araguaina", "usr/share/zoneinfo/America/Aruba", "usr/share/zoneinfo/America/Asuncion", "usr/share/zoneinfo/America/Atikokan", "usr/share/zoneinfo/America/Atka", "usr/share/zoneinfo/America/Bahia", "usr/share/zoneinfo/America/Bahia_Banderas", "usr/share/zoneinfo/America/Barbados", "usr/share/zoneinfo/America/Belem", "usr/share/zoneinfo/America/Belize", "usr/share/zoneinfo/America/Blanc-Sablon", "usr/share/zoneinfo/America/Boa_Vista", "usr/share/zoneinfo/America/Bogota", "usr/share/zoneinfo/America/Boise", "usr/share/zoneinfo/America/Buenos_Aires", "usr/share/zoneinfo/America/Cambridge_Bay", "usr/share/zoneinfo/America/Campo_Grande", "usr/share/zoneinfo/America/Cancun", "usr/share/zoneinfo/America/Caracas", "usr/share/zoneinfo/America/Catamarca", "usr/share/zoneinfo/America/Cayenne", "usr/share/zoneinfo/America/Cayman", "usr/share/zoneinfo/America/Chicago", "usr/share/zoneinfo/America/Chihuahua", "usr/share/zoneinfo/America/Ciudad_Juarez", "usr/share/zoneinfo/America/Coral_Harbour", "usr/share/zoneinfo/America/Cordoba", "usr/share/zoneinfo/America/Costa_Rica", "usr/share/zoneinfo/America/Creston", "usr/share/zoneinfo/America/Cuiaba", "usr/share/zoneinfo/America/Curacao", "usr/share/zoneinfo/America/Danmarkshavn", "usr/share/zoneinfo/America/Dawson", "usr/share/zoneinfo/America/Dawson_Creek", "usr/share/zoneinfo/America/Denver", "usr/share/zoneinfo/America/Detroit", "usr/share/zoneinfo/America/Dominica", "usr/share/zoneinfo/America/Edmonton", "usr/share/zoneinfo/America/Eirunepe", "usr/share/zoneinfo/America/El_Salvador", "usr/share/zoneinfo/America/Ensenada", "usr/share/zoneinfo/America/Fort_Nelson", "usr/share/zoneinfo/America/Fort_Wayne", "usr/share/zoneinfo/America/Fortaleza", "usr/share/zoneinfo/America/Glace_Bay", "usr/share/zoneinfo/America/Godthab", "usr/share/zoneinfo/America/Goose_Bay", "usr/share/zoneinfo/America/Grand_Turk", "usr/share/zoneinfo/America/Grenada", "usr/share/zoneinfo/America/Guadeloupe", "usr/share/zoneinfo/America/Guatemala", "usr/share/zoneinfo/America/Guayaquil", "usr/share/zoneinfo/America/Guyana", "usr/share/zoneinfo/America/Halifax", "usr/share/zoneinfo/America/Havana", "usr/share/zoneinfo/America/Hermosillo", "usr/share/zoneinfo/America/Indianapolis", "usr/share/zoneinfo/America/Inuvik", "usr/share/zoneinfo/America/Iqaluit", "usr/share/zoneinfo/America/Jamaica", "usr/share/zoneinfo/America/Jujuy", "usr/share/zoneinfo/America/Juneau", "usr/share/zoneinfo/America/Knox_IN", "usr/share/zoneinfo/America/Kralendijk", "usr/share/zoneinfo/America/La_Paz", "usr/share/zoneinfo/America/Lima", "usr/share/zoneinfo/America/Los_Angeles", "usr/share/zoneinfo/America/Louisville", "usr/share/zoneinfo/America/Lower_Princes", "usr/share/zoneinfo/America/Maceio", "usr/share/zoneinfo/America/Managua", "usr/share/zoneinfo/America/Manaus", "usr/share/zoneinfo/America/Marigot", "usr/share/zoneinfo/America/Martinique", "usr/share/zoneinfo/America/Matamoros", "usr/share/zoneinfo/America/Mazatlan", "usr/share/zoneinfo/America/Mendoza", "usr/share/zoneinfo/America/Menominee", "usr/share/zoneinfo/America/Merida", "usr/share/zoneinfo/America/Metlakatla", "usr/share/zoneinfo/America/Mexico_City", "usr/share/zoneinfo/America/Miquelon", "usr/share/zoneinfo/America/Moncton", "usr/share/zoneinfo/America/Monterrey", "usr/share/zoneinfo/America/Montevideo", "usr/share/zoneinfo/America/Montreal", "usr/share/zoneinfo/America/Montserrat", "usr/share/zoneinfo/America/Nassau", "usr/share/zoneinfo/America/New_York", "usr/share/zoneinfo/America/Nipigon", "usr/share/zoneinfo/America/Nome", "usr/share/zoneinfo/America/Noronha", "usr/share/zoneinfo/America/Nuuk", "usr/share/zoneinfo/America/Ojinaga", "usr/share/zoneinfo/America/Panama", "usr/share/zoneinfo/America/Pangnirtung", "usr/share/zoneinfo/America/Paramaribo", "usr/share/zoneinfo/America/Phoenix", "usr/share/zoneinfo/America/Port-au-Prince", "usr/share/zoneinfo/America/Port_of_Spain", "usr/share/zoneinfo/America/Porto_Acre", "usr/share/zoneinfo/America/Porto_Velho", "usr/share/zoneinfo/America/Puerto_Rico", "usr/share/zoneinfo/America/Punta_Arenas", "usr/share/zoneinfo/America/Rainy_River", "usr/share/zoneinfo/America/Rankin_Inlet", "usr/share/zoneinfo/America/Recife", "usr/share/zoneinfo/America/Regina", "usr/share/zoneinfo/America/Resolute", "usr/share/zoneinfo/America/Rio_Branco", "usr/share/zoneinfo/America/Rosario", "usr/share/zoneinfo/America/Santa_Isabel", "usr/share/zoneinfo/America/Santarem", "usr/share/zoneinfo/America/Santiago", "usr/share/zoneinfo/America/Santo_Domingo", "usr/share/zoneinfo/America/Sao_Paulo", "usr/share/zoneinfo/America/Scoresbysund", "usr/share/zoneinfo/America/Shiprock", "usr/share/zoneinfo/America/Sitka", "usr/share/zoneinfo/America/St_Barthelemy", "usr/share/zoneinfo/America/St_Johns", "usr/share/zoneinfo/America/St_Kitts", "usr/share/zoneinfo/America/St_Lucia", "usr/share/zoneinfo/America/St_Thomas", "usr/share/zoneinfo/America/St_Vincent", "usr/share/zoneinfo/America/Swift_Current", "usr/share/zoneinfo/America/Tegucigalpa", "usr/share/zoneinfo/America/Thule", "usr/share/zoneinfo/America/Thunder_Bay", "usr/share/zoneinfo/America/Tijuana", "usr/share/zoneinfo/America/Toronto", "usr/share/zoneinfo/America/Tortola", "usr/share/zoneinfo/America/Vancouver", "usr/share/zoneinfo/America/Virgin", "usr/share/zoneinfo/America/Whitehorse", "usr/share/zoneinfo/America/Winnipeg", "usr/share/zoneinfo/America/Yakutat", "usr/share/zoneinfo/America/Yellowknife", "usr/share/zoneinfo/America/Argentina/Buenos_Aires", "usr/share/zoneinfo/America/Argentina/Catamarca", "usr/share/zoneinfo/America/Argentina/ComodRivadavia", "usr/share/zoneinfo/America/Argentina/Cordoba", "usr/share/zoneinfo/America/Argentina/Jujuy", "usr/share/zoneinfo/America/Argentina/La_Rioja", "usr/share/zoneinfo/America/Argentina/Mendoza", "usr/share/zoneinfo/America/Argentina/Rio_Gallegos", "usr/share/zoneinfo/America/Argentina/Salta", "usr/share/zoneinfo/America/Argentina/San_Juan", "usr/share/zoneinfo/America/Argentina/San_Luis", "usr/share/zoneinfo/America/Argentina/Tucuman", "usr/share/zoneinfo/America/Argentina/Ushuaia", "usr/share/zoneinfo/America/Indiana/Indianapolis", "usr/share/zoneinfo/America/Indiana/Knox", "usr/share/zoneinfo/America/Indiana/Marengo", "usr/share/zoneinfo/America/Indiana/Petersburg", "usr/share/zoneinfo/America/Indiana/Tell_City", "usr/share/zoneinfo/America/Indiana/Vevay", "usr/share/zoneinfo/America/Indiana/Vincennes", "usr/share/zoneinfo/America/Indiana/Winamac", "usr/share/zoneinfo/America/Kentucky/Louisville", "usr/share/zoneinfo/America/Kentucky/Monticello", "usr/share/zoneinfo/America/North_Dakota/Beulah", "usr/share/zoneinfo/America/North_Dakota/Center", "usr/share/zoneinfo/America/North_Dakota/New_Salem", "usr/share/zoneinfo/Antarctica/Casey", "usr/share/zoneinfo/Antarctica/Davis", "usr/share/zoneinfo/Antarctica/DumontDUrville", "usr/share/zoneinfo/Antarctica/Macquarie", "usr/share/zoneinfo/Antarctica/Mawson", "usr/share/zoneinfo/Antarctica/McMurdo", "usr/share/zoneinfo/Antarctica/Palmer", "usr/share/zoneinfo/Antarctica/Rothera", "usr/share/zoneinfo/Antarctica/South_Pole", "usr/share/zoneinfo/Antarctica/Syowa", "usr/share/zoneinfo/Antarctica/Troll", "usr/share/zoneinfo/Antarctica/Vostok", "usr/share/zoneinfo/Arctic/Longyearbyen", "usr/share/zoneinfo/Asia/Aden", "usr/share/zoneinfo/Asia/Almaty", "usr/share/zoneinfo/Asia/Amman", "usr/share/zoneinfo/Asia/Anadyr", "usr/share/zoneinfo/Asia/Aqtau", "usr/share/zoneinfo/Asia/Aqtobe", "usr/share/zoneinfo/Asia/Ashgabat", "usr/share/zoneinfo/Asia/Ashkhabad", "usr/share/zoneinfo/Asia/Atyrau", "usr/share/zoneinfo/Asia/Baghdad", "usr/share/zoneinfo/Asia/Bahrain", "usr/share/zoneinfo/Asia/Baku", "usr/share/zoneinfo/Asia/Bangkok", "usr/share/zoneinfo/Asia/Barnaul", "usr/share/zoneinfo/Asia/Beirut", "usr/share/zoneinfo/Asia/Bishkek", "usr/share/zoneinfo/Asia/Brunei", "usr/share/zoneinfo/Asia/Calcutta", "usr/share/zoneinfo/Asia/Chita", "usr/share/zoneinfo/Asia/Choibalsan", "usr/share/zoneinfo/Asia/Chongqing", "usr/share/zoneinfo/Asia/Chungking", "usr/share/zoneinfo/Asia/Colombo", "usr/share/zoneinfo/Asia/Dacca", "usr/share/zoneinfo/Asia/Damascus", "usr/share/zoneinfo/Asia/Dhaka", "usr/share/zoneinfo/Asia/Dili", "usr/share/zoneinfo/Asia/Dubai", "usr/share/zoneinfo/Asia/Dushanbe", "usr/share/zoneinfo/Asia/Famagusta", "usr/share/zoneinfo/Asia/Gaza", "usr/share/zoneinfo/Asia/Harbin", "usr/share/zoneinfo/Asia/Hebron", "usr/share/zoneinfo/Asia/Ho_Chi_Minh", "usr/share/zoneinfo/Asia/Hong_Kong", "usr/share/zoneinfo/Asia/Hovd", "usr/share/zoneinfo/Asia/Irkutsk", "usr/share/zoneinfo/Asia/Istanbul", "usr/share/zoneinfo/Asia/Jakarta", "usr/share/zoneinfo/Asia/Jayapura", "usr/share/zoneinfo/Asia/Jerusalem", "usr/share/zoneinfo/Asia/Kabul", "usr/share/zoneinfo/Asia/Kamchatka", "usr/share/zoneinfo/Asia/Karachi", "usr/share/zoneinfo/Asia/Kashgar", "usr/share/zoneinfo/Asia/Kathmandu", "usr/share/zoneinfo/Asia/Katmandu", "usr/share/zoneinfo/Asia/Khandyga", "usr/share/zoneinfo/Asia/Kolkata", "usr/share/zoneinfo/Asia/Krasnoyarsk", "usr/share/zoneinfo/Asia/Kuala_Lumpur", "usr/share/zoneinfo/Asia/Kuching", "usr/share/zoneinfo/Asia/Kuwait", "usr/share/zoneinfo/Asia/Macao", "usr/share/zoneinfo/Asia/Macau", "usr/share/zoneinfo/Asia/Magadan", "usr/share/zoneinfo/Asia/Makassar", "usr/share/zoneinfo/Asia/Manila", "usr/share/zoneinfo/Asia/Muscat", "usr/share/zoneinfo/Asia/Nicosia", "usr/share/zoneinfo/Asia/Novokuznetsk", "usr/share/zoneinfo/Asia/Novosibirsk", "usr/share/zoneinfo/Asia/Omsk", "usr/share/zoneinfo/Asia/Oral", "usr/share/zoneinfo/Asia/Phnom_Penh", "usr/share/zoneinfo/Asia/Pontianak", "usr/share/zoneinfo/Asia/Pyongyang", "usr/share/zoneinfo/Asia/Qatar", "usr/share/zoneinfo/Asia/Qostanay", "usr/share/zoneinfo/Asia/Qyzylorda", "usr/share/zoneinfo/Asia/Rangoon", "usr/share/zoneinfo/Asia/Riyadh", "usr/share/zoneinfo/Asia/Saigon", "usr/share/zoneinfo/Asia/Sakhalin", "usr/share/zoneinfo/Asia/Samarkand", "usr/share/zoneinfo/Asia/Seoul", "usr/share/zoneinfo/Asia/Shanghai", "usr/share/zoneinfo/Asia/Singapore", "usr/share/zoneinfo/Asia/Srednekolymsk", "usr/share/zoneinfo/Asia/Taipei", "usr/share/zoneinfo/Asia/Tashkent", "usr/share/zoneinfo/Asia/Tbilisi", "usr/share/zoneinfo/Asia/Tehran", "usr/share/zoneinfo/Asia/Tel_Aviv", "usr/share/zoneinfo/Asia/Thimbu", "usr/share/zoneinfo/Asia/Thimphu", "usr/share/zoneinfo/Asia/Tokyo", "usr/share/zoneinfo/Asia/Tomsk", "usr/share/zoneinfo/Asia/Ujung_Pandang", "usr/share/zoneinfo/Asia/Ulaanbaatar", "usr/share/zoneinfo/Asia/Ulan_Bator", "usr/share/zoneinfo/Asia/Urumqi", "usr/share/zoneinfo/Asia/Ust-Nera", "usr/share/zoneinfo/Asia/Vientiane", "usr/share/zoneinfo/Asia/Vladivostok", "usr/share/zoneinfo/Asia/Yakutsk", "usr/share/zoneinfo/Asia/Yangon", "usr/share/zoneinfo/Asia/Yekaterinburg", "usr/share/zoneinfo/Asia/Yerevan", "usr/share/zoneinfo/Atlantic/Azores", "usr/share/zoneinfo/Atlantic/Bermuda", "usr/share/zoneinfo/Atlantic/Canary", "usr/share/zoneinfo/Atlantic/Cape_Verde", "usr/share/zoneinfo/Atlantic/Faeroe", "usr/share/zoneinfo/Atlantic/Faroe", "usr/share/zoneinfo/Atlantic/Jan_Mayen", "usr/share/zoneinfo/Atlantic/Madeira", "usr/share/zoneinfo/Atlantic/Reykjavik", "usr/share/zoneinfo/Atlantic/South_Georgia", "usr/share/zoneinfo/Atlantic/St_Helena", "usr/share/zoneinfo/Atlantic/Stanley", "usr/share/zoneinfo/Australia/ACT", "usr/share/zoneinfo/Australia/Adelaide", "usr/share/zoneinfo/Australia/Brisbane", "usr/share/zoneinfo/Australia/Broken_Hill", "usr/share/zoneinfo/Australia/Canberra", "usr/share/zoneinfo/Australia/Currie", "usr/share/zoneinfo/Australia/Darwin", "usr/share/zoneinfo/Australia/Eucla", "usr/share/zoneinfo/Australia/Hobart", "usr/share/zoneinfo/Australia/LHI", "usr/share/zoneinfo/Australia/Lindeman", "usr/share/zoneinfo/Australia/Lord_Howe", "usr/share/zoneinfo/Australia/Melbourne", "usr/share/zoneinfo/Australia/NSW", "usr/share/zoneinfo/Australia/North", "usr/share/zoneinfo/Australia/Perth", "usr/share/zoneinfo/Australia/Queensland", "usr/share/zoneinfo/Australia/South", "usr/share/zoneinfo/Australia/Sydney", "usr/share/zoneinfo/Australia/Tasmania", "usr/share/zoneinfo/Australia/Victoria", "usr/share/zoneinfo/Australia/West", "usr/share/zoneinfo/Australia/Yancowinna", "usr/share/zoneinfo/Brazil/Acre", "usr/share/zoneinfo/Brazil/DeNoronha", "usr/share/zoneinfo/Brazil/East", "usr/share/zoneinfo/Brazil/West", "usr/share/zoneinfo/Canada/Atlantic", "usr/share/zoneinfo/Canada/Central", "usr/share/zoneinfo/Canada/Eastern", "usr/share/zoneinfo/Canada/Mountain", "usr/share/zoneinfo/Canada/Newfoundland", "usr/share/zoneinfo/Canada/Pacific", "usr/share/zoneinfo/Canada/Saskatchewan", "usr/share/zoneinfo/Canada/Yukon", "usr/share/zoneinfo/Chile/Continental", "usr/share/zoneinfo/Chile/EasterIsland", "usr/share/zoneinfo/Etc/GMT", "usr/share/zoneinfo/Etc/GMT+0", "usr/share/zoneinfo/Etc/GMT+1", "usr/share/zoneinfo/Etc/GMT+10", "usr/share/zoneinfo/Etc/GMT+11", "usr/share/zoneinfo/Etc/GMT+12", "usr/share/zoneinfo/Etc/GMT+2", "usr/share/zoneinfo/Etc/GMT+3", "usr/share/zoneinfo/Etc/GMT+4", "usr/share/zoneinfo/Etc/GMT+5", "usr/share/zoneinfo/Etc/GMT+6", "usr/share/zoneinfo/Etc/GMT+7", "usr/share/zoneinfo/Etc/GMT+8", "usr/share/zoneinfo/Etc/GMT+9", "usr/share/zoneinfo/Etc/GMT-0", "usr/share/zoneinfo/Etc/GMT-1", "usr/share/zoneinfo/Etc/GMT-10", "usr/share/zoneinfo/Etc/GMT-11", "usr/share/zoneinfo/Etc/GMT-12", "usr/share/zoneinfo/Etc/GMT-13", "usr/share/zoneinfo/Etc/GMT-14", "usr/share/zoneinfo/Etc/GMT-2", "usr/share/zoneinfo/Etc/GMT-3", "usr/share/zoneinfo/Etc/GMT-4", "usr/share/zoneinfo/Etc/GMT-5", "usr/share/zoneinfo/Etc/GMT-6", "usr/share/zoneinfo/Etc/GMT-7", "usr/share/zoneinfo/Etc/GMT-8", "usr/share/zoneinfo/Etc/GMT-9", "usr/share/zoneinfo/Etc/GMT0", "usr/share/zoneinfo/Etc/Greenwich", "usr/share/zoneinfo/Etc/UCT", "usr/share/zoneinfo/Etc/UTC", "usr/share/zoneinfo/Etc/Universal", "usr/share/zoneinfo/Etc/Zulu", "usr/share/zoneinfo/Europe/Amsterdam", "usr/share/zoneinfo/Europe/Andorra", "usr/share/zoneinfo/Europe/Astrakhan", "usr/share/zoneinfo/Europe/Athens", "usr/share/zoneinfo/Europe/Belfast", "usr/share/zoneinfo/Europe/Belgrade", "usr/share/zoneinfo/Europe/Berlin", "usr/share/zoneinfo/Europe/Bratislava", "usr/share/zoneinfo/Europe/Brussels", "usr/share/zoneinfo/Europe/Bucharest", "usr/share/zoneinfo/Europe/Budapest", "usr/share/zoneinfo/Europe/Busingen", "usr/share/zoneinfo/Europe/Chisinau", "usr/share/zoneinfo/Europe/Copenhagen", "usr/share/zoneinfo/Europe/Dublin", "usr/share/zoneinfo/Europe/Gibraltar", "usr/share/zoneinfo/Europe/Guernsey", "usr/share/zoneinfo/Europe/Helsinki", "usr/share/zoneinfo/Europe/Isle_of_Man", "usr/share/zoneinfo/Europe/Istanbul", "usr/share/zoneinfo/Europe/Jersey", "usr/share/zoneinfo/Europe/Kaliningrad", "usr/share/zoneinfo/Europe/Kiev", "usr/share/zoneinfo/Europe/Kirov", "usr/share/zoneinfo/Europe/Kyiv", "usr/share/zoneinfo/Europe/Lisbon", "usr/share/zoneinfo/Europe/Ljubljana", "usr/share/zoneinfo/Europe/London", "usr/share/zoneinfo/Europe/Luxembourg", "usr/share/zoneinfo/Europe/Madrid", "usr/share/zoneinfo/Europe/Malta", "usr/share/zoneinfo/Europe/Mariehamn", "usr/share/zoneinfo/Europe/Minsk", "usr/share/zoneinfo/Europe/Monaco", "usr/share/zoneinfo/Europe/Moscow", "usr/share/zoneinfo/Europe/Nicosia", "usr/share/zoneinfo/Europe/Oslo", "usr/share/zoneinfo/Europe/Paris", "usr/share/zoneinfo/Europe/Podgorica", "usr/share/zoneinfo/Europe/Prague", "usr/share/zoneinfo/Europe/Riga", "usr/share/zoneinfo/Europe/Rome", "usr/share/zoneinfo/Europe/Samara", "usr/share/zoneinfo/Europe/San_Marino", "usr/share/zoneinfo/Europe/Sarajevo", "usr/share/zoneinfo/Europe/Saratov", "usr/share/zoneinfo/Europe/Simferopol", "usr/share/zoneinfo/Europe/Skopje", "usr/share/zoneinfo/Europe/Sofia", "usr/share/zoneinfo/Europe/Stockholm", "usr/share/zoneinfo/Europe/Tallinn", "usr/share/zoneinfo/Europe/Tirane", "usr/share/zoneinfo/Europe/Tiraspol", "usr/share/zoneinfo/Europe/Ulyanovsk", "usr/share/zoneinfo/Europe/Uzhgorod", "usr/share/zoneinfo/Europe/Vaduz", "usr/share/zoneinfo/Europe/Vatican", "usr/share/zoneinfo/Europe/Vienna", "usr/share/zoneinfo/Europe/Vilnius", "usr/share/zoneinfo/Europe/Volgograd", "usr/share/zoneinfo/Europe/Warsaw", "usr/share/zoneinfo/Europe/Zagreb", "usr/share/zoneinfo/Europe/Zaporozhye", "usr/share/zoneinfo/Europe/Zurich", "usr/share/zoneinfo/Indian/Antananarivo", "usr/share/zoneinfo/Indian/Chagos", "usr/share/zoneinfo/Indian/Christmas", "usr/share/zoneinfo/Indian/Cocos", "usr/share/zoneinfo/Indian/Comoro", "usr/share/zoneinfo/Indian/Kerguelen", "usr/share/zoneinfo/Indian/Mahe", "usr/share/zoneinfo/Indian/Maldives", "usr/share/zoneinfo/Indian/Mauritius", "usr/share/zoneinfo/Indian/Mayotte", "usr/share/zoneinfo/Indian/Reunion", "usr/share/zoneinfo/Mexico/BajaNorte", "usr/share/zoneinfo/Mexico/BajaSur", "usr/share/zoneinfo/Mexico/General", "usr/share/zoneinfo/Pacific/Apia", "usr/share/zoneinfo/Pacific/Auckland", "usr/share/zoneinfo/Pacific/Bougainville", "usr/share/zoneinfo/Pacific/Chatham", "usr/share/zoneinfo/Pacific/Chuuk", "usr/share/zoneinfo/Pacific/Easter", "usr/share/zoneinfo/Pacific/Efate", "usr/share/zoneinfo/Pacific/Enderbury", "usr/share/zoneinfo/Pacific/Fakaofo", "usr/share/zoneinfo/Pacific/Fiji", "usr/share/zoneinfo/Pacific/Funafuti", "usr/share/zoneinfo/Pacific/Galapagos", "usr/share/zoneinfo/Pacific/Gambier", "usr/share/zoneinfo/Pacific/Guadalcanal", "usr/share/zoneinfo/Pacific/Guam", "usr/share/zoneinfo/Pacific/Honolulu", "usr/share/zoneinfo/Pacific/Johnston", "usr/share/zoneinfo/Pacific/Kanton", "usr/share/zoneinfo/Pacific/Kiritimati", "usr/share/zoneinfo/Pacific/Kosrae", "usr/share/zoneinfo/Pacific/Kwajalein", "usr/share/zoneinfo/Pacific/Majuro", "usr/share/zoneinfo/Pacific/Marquesas", "usr/share/zoneinfo/Pacific/Midway", "usr/share/zoneinfo/Pacific/Nauru", "usr/share/zoneinfo/Pacific/Niue", "usr/share/zoneinfo/Pacific/Norfolk", "usr/share/zoneinfo/Pacific/Noumea", "usr/share/zoneinfo/Pacific/Pago_Pago", "usr/share/zoneinfo/Pacific/Palau", "usr/share/zoneinfo/Pacific/Pitcairn", "usr/share/zoneinfo/Pacific/Pohnpei", "usr/share/zoneinfo/Pacific/Ponape", "usr/share/zoneinfo/Pacific/Port_Moresby", "usr/share/zoneinfo/Pacific/Rarotonga", "usr/share/zoneinfo/Pacific/Saipan", "usr/share/zoneinfo/Pacific/Samoa", "usr/share/zoneinfo/Pacific/Tahiti", "usr/share/zoneinfo/Pacific/Tarawa", "usr/share/zoneinfo/Pacific/Tongatapu", "usr/share/zoneinfo/Pacific/Truk", "usr/share/zoneinfo/Pacific/Wake", "usr/share/zoneinfo/Pacific/Wallis", "usr/share/zoneinfo/Pacific/Yap", "usr/share/zoneinfo/US/Alaska", "usr/share/zoneinfo/US/Aleutian", "usr/share/zoneinfo/US/Arizona", "usr/share/zoneinfo/US/Central", "usr/share/zoneinfo/US/East-Indiana", "usr/share/zoneinfo/US/Eastern", "usr/share/zoneinfo/US/Hawaii", "usr/share/zoneinfo/US/Indiana-Starke", "usr/share/zoneinfo/US/Michigan", "usr/share/zoneinfo/US/Mountain", "usr/share/zoneinfo/US/Pacific", "usr/share/zoneinfo/US/Samoa" ], "AnalyzedBy": "apk" }, { "ID": "unbound-libs@1.20.0-r0", "Name": "unbound-libs", "Identifier": { "PURL": "pkg:apk/alpine/unbound-libs@1.20.0-r0?arch=x86_64\u0026distro=3.20.3", "UID": "3b561481a45e3738" }, "Version": "1.20.0-r0", "Arch": "x86_64", "SrcName": "unbound", "SrcVersion": "1.20.0-r0", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Jakub Jirutka \u003cjakub@jirutka.cz\u003e", "DependsOn": [ "libcrypto3@3.3.2-r0", "libevent@2.1.12-r7", "libssl3@3.3.2-r0", "musl@1.2.5-r0", "protobuf-c@1.5.0-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:958a772ca06cb74759e760fc803f8aa12e723c6a", "InstalledFiles": [ "usr/lib/libunbound.so.8", "usr/lib/libunbound.so.8.1.27" ], "AnalyzedBy": "apk" }, { "ID": "utmps-libs@0.1.2.2-r1", "Name": "utmps-libs", "Identifier": { "PURL": "pkg:apk/alpine/utmps-libs@0.1.2.2-r1?arch=x86_64\u0026distro=3.20.3", "UID": "fc6db068f10560d3" }, "Version": "0.1.2.2-r1", "Arch": "x86_64", "SrcName": "utmps", "SrcVersion": "0.1.2.2-r1", "Licenses": [ "ISC" ], "Maintainer": "Laurent Bercot \u003cska-devel@skarnet.org\u003e", "DependsOn": [ "musl@1.2.5-r0", "skalibs@2.14.1.1-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:b9878c4ee776fd97a317a468c157317fe8c1091b", "InstalledFiles": [ "lib/libutmps.so.0.1", "lib/libutmps.so.0.1.2.2" ], "AnalyzedBy": "apk" }, { "ID": "wireguard-tools@1.0.20210914-r4", "Name": "wireguard-tools", "Identifier": { "PURL": "pkg:apk/alpine/wireguard-tools@1.0.20210914-r4?arch=x86_64\u0026distro=3.20.3", "UID": "c9e05a3374082f34" }, "Version": "1.0.20210914-r4", "Arch": "x86_64", "SrcName": "wireguard-tools", "SrcVersion": "1.0.20210914-r4", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Stuart Cardall \u003cdeveloper@it-offshore.co.uk\u003e", "DependsOn": [ "wireguard-tools-wg-quick@1.0.20210914-r4", "wireguard-tools-wg@1.0.20210914-r4" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:d5359c52411ae44c023a64ae8b82dfb5ce45d6ba", "AnalyzedBy": "apk" }, { "ID": "wireguard-tools-wg@1.0.20210914-r4", "Name": "wireguard-tools-wg", "Identifier": { "PURL": "pkg:apk/alpine/wireguard-tools-wg@1.0.20210914-r4?arch=x86_64\u0026distro=3.20.3", "UID": "55c956455e4b6589" }, "Version": "1.0.20210914-r4", "Arch": "x86_64", "SrcName": "wireguard-tools", "SrcVersion": "1.0.20210914-r4", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Stuart Cardall \u003cdeveloper@it-offshore.co.uk\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:aca8005854e38a252338d9f5b0059136fb973641", "InstalledFiles": [ "usr/bin/wg" ], "AnalyzedBy": "apk" }, { "ID": "wireguard-tools-wg-quick@1.0.20210914-r4", "Name": "wireguard-tools-wg-quick", "Identifier": { "PURL": "pkg:apk/alpine/wireguard-tools-wg-quick@1.0.20210914-r4?arch=x86_64\u0026distro=3.20.3", "UID": "50de1d6f23943b31" }, "Version": "1.0.20210914-r4", "Arch": "x86_64", "SrcName": "wireguard-tools", "SrcVersion": "1.0.20210914-r4", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Stuart Cardall \u003cdeveloper@it-offshore.co.uk\u003e", "DependsOn": [ "bash@5.2.26-r0", "iproute2@6.9.0-r0", "openresolv@3.13.2-r0", "wireguard-tools-wg@1.0.20210914-r4" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:080736c18bc2a84ae794533298119bc6c5901524", "InstalledFiles": [ "usr/bin/wg-quick" ], "AnalyzedBy": "apk" }, { "ID": "xz-libs@5.6.2-r0", "Name": "xz-libs", "Identifier": { "PURL": "pkg:apk/alpine/xz-libs@5.6.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "e1c0785d9b1550b7" }, "Version": "5.6.2-r0", "Arch": "x86_64", "SrcName": "xz", "SrcVersion": "5.6.2-r0", "Licenses": [ "GPL-2.0-or-later", "0BSD", "Public-Domain", "LGPL-2.1-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "Digest": "sha1:d59b22ae174c5a75d84c1c558e25de93d9c792b0", "InstalledFiles": [ "usr/lib/liblzma.so.5", "usr/lib/liblzma.so.5.6.2" ], "AnalyzedBy": "apk" }, { "ID": "zlib@1.3.1-r1", "Name": "zlib", "Identifier": { "PURL": "pkg:apk/alpine/zlib@1.3.1-r1?arch=x86_64\u0026distro=3.20.3", "UID": "d805a98dcdd1a894" }, "Version": "1.3.1-r1", "Arch": "x86_64", "SrcName": "zlib", "SrcVersion": "1.3.1-r1", "Licenses": [ "Zlib" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "Digest": "sha1:9ba6f253e2982e0e6e71cb4187e3d6b6c4bbae99", "InstalledFiles": [ "lib/libz.so.1", "lib/libz.so.1.3.1" ], "AnalyzedBy": "apk" }, { "ID": "zstd-libs@1.5.6-r0", "Name": "zstd-libs", "Identifier": { "PURL": "pkg:apk/alpine/zstd-libs@1.5.6-r0?arch=x86_64\u0026distro=3.20.3", "UID": "d210b79fe91a7abc" }, "Version": "1.5.6-r0", "Arch": "x86_64", "SrcName": "zstd", "SrcVersion": "1.5.6-r0", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r0" ], "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "Digest": "sha1:4d60614645192deddc80e6e568fe535b38c315c1", "InstalledFiles": [ "usr/lib/libzstd.so.1", "usr/lib/libzstd.so.1.5.6" ], "AnalyzedBy": "apk" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2024-58251", "PkgID": "busybox@1.36.1-r29", "PkgName": "busybox", "PkgIdentifier": { "PURL": "pkg:apk/alpine/busybox@1.36.1-r29?arch=x86_64\u0026distro=3.20.3", "UID": "9dbf157a22e0026b" }, "InstalledVersion": "1.36.1-r29", "FixedVersion": "1.36.1-r31", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:5086af9baccab29110ed4ac7906e86f130b3dbde9f278c93a13fc49a62d7b3e3", "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", "Severity": "MEDIUM", "CweIDs": [ "CWE-150" ], "VendorSeverity": { "ubuntu": 2 }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/23/6", "https://bugs.busybox.net/show_bug.cgi?id=15922", "https://www.busybox.net", "https://www.busybox.net/downloads/", "https://www.cve.org/CVERecord?id=CVE-2024-58251" ], "PublishedDate": "2025-04-23T18:16:03.057Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-58251", "PkgID": "busybox-binsh@1.36.1-r29", "PkgName": "busybox-binsh", "PkgIdentifier": { "PURL": "pkg:apk/alpine/busybox-binsh@1.36.1-r29?arch=x86_64\u0026distro=3.20.3", "UID": "4c63f123e59f14cd" }, "InstalledVersion": "1.36.1-r29", "FixedVersion": "1.36.1-r31", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:6bc1b30c1986a156941cd7864b7588efb425619039a18ac9a5c75f68c293f7fa", "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", "Severity": "MEDIUM", "CweIDs": [ "CWE-150" ], "VendorSeverity": { "ubuntu": 2 }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/23/6", "https://bugs.busybox.net/show_bug.cgi?id=15922", "https://www.busybox.net", "https://www.busybox.net/downloads/", "https://www.cve.org/CVERecord?id=CVE-2024-58251" ], "PublishedDate": "2025-04-23T18:16:03.057Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-8096", "PkgID": "curl@8.9.1-r2", "PkgName": "curl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/curl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", "UID": "3590c6e28b7cc208" }, "InstalledVersion": "8.9.1-r2", "FixedVersion": "8.10.0-r0", "Status": "fixed", "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-8096", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:d03da98932292dd508963d668b00e68539efa6efc9b496507fe4835e664f457d", "Title": "curl: OCSP stapling bypass with GnuTLS", "Description": "When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "julia": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/09/11/1", "https://access.redhat.com/security/cve/CVE-2024-8096", "https://curl.se/docs/CVE-2024-8096.html", "https://curl.se/docs/CVE-2024-8096.json", "https://github.com/advisories/GHSA-gv3v-x3f3-7fxm", "https://hackerone.com/reports/2669852", "https://lists.debian.org/debian-lts-announce/2024/11/msg00008.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-8096", "https://security.netapp.com/advisory/ntap-20241011-0005", "https://security.netapp.com/advisory/ntap-20241011-0005/", "https://ubuntu.com/security/notices/USN-7012-1", "https://www.cve.org/CVERecord?id=CVE-2024-8096" ], "PublishedDate": "2024-09-11T10:15:02.883Z", "LastModifiedDate": "2025-07-30T19:42:16.87Z" }, { "VulnerabilityID": "CVE-2024-9681", "PkgID": "curl@8.9.1-r2", "PkgName": "curl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/curl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", "UID": "3590c6e28b7cc208" }, "InstalledVersion": "8.9.1-r2", "FixedVersion": "8.11.0-r0", "Status": "fixed", "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-9681", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:729c20311539029a0777d1c1846c128667583c37d329f659686846ddbf720950", "Title": "curl: HSTS subdomain overwrites parent cache entry", "Description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "Severity": "MEDIUM", "CweIDs": [ "CWE-697" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "julia": 2, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "V3Score": 3.9 } }, "References": [ "http://seclists.org/fulldisclosure/2025/Apr/10", "http://seclists.org/fulldisclosure/2025/Apr/11", "http://seclists.org/fulldisclosure/2025/Apr/12", "http://seclists.org/fulldisclosure/2025/Apr/13", "http://seclists.org/fulldisclosure/2025/Apr/4", "http://seclists.org/fulldisclosure/2025/Apr/5", "http://seclists.org/fulldisclosure/2025/Apr/8", "http://seclists.org/fulldisclosure/2025/Apr/9", "http://www.openwall.com/lists/oss-security/2024/11/06/2", "https://access.redhat.com/security/cve/CVE-2024-9681", "https://curl.se/docs/CVE-2024-9681.html", "https://curl.se/docs/CVE-2024-9681.json", "https://github.com/advisories/GHSA-g337-g667-mjvw", "https://hackerone.com/reports/2764830", "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "https://security.netapp.com/advisory/ntap-20241213-0006", "https://security.netapp.com/advisory/ntap-20241213-0006/", "https://ubuntu.com/security/notices/USN-7104-1", "https://www.cve.org/CVERecord?id=CVE-2024-9681" ], "PublishedDate": "2024-11-06T08:15:03.74Z", "LastModifiedDate": "2025-11-03T21:18:48.67Z" }, { "VulnerabilityID": "CVE-2025-4947", "PkgID": "curl@8.9.1-r2", "PkgName": "curl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/curl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", "UID": "3590c6e28b7cc208" }, "InstalledVersion": "8.9.1-r2", "FixedVersion": "8.14.0-r0", "Status": "fixed", "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4947", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:eaa2d3e3f014a56a62b89e73c38d659c5f436cfa0285b63acd4f503c0f2d27bb", "Title": "libcurl: curl: QUIC certificate check skip with wolfSSL", "Description": "libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "azure": 2, "julia": 2, "photon": 2, "redhat": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/05/28/4", "https://access.redhat.com/security/cve/CVE-2025-4947", "https://curl.se/docs/CVE-2025-4947.html", "https://curl.se/docs/CVE-2025-4947.json", "https://github.com/advisories/GHSA-ppfq-jg49-mqj4", "https://hackerone.com/reports/3150884", "https://nvd.nist.gov/vuln/detail/CVE-2025-4947", "https://www.cve.org/CVERecord?id=CVE-2025-4947" ], "PublishedDate": "2025-05-28T07:15:24.78Z", "LastModifiedDate": "2025-06-26T15:08:21.52Z" }, { "VulnerabilityID": "CVE-2025-5025", "PkgID": "curl@8.9.1-r2", "PkgName": "curl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/curl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", "UID": "3590c6e28b7cc208" }, "InstalledVersion": "8.9.1-r2", "FixedVersion": "8.14.0-r0", "Status": "fixed", "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5025", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:3c9aa6cdb4585e79d9966f754bd654daa7220a21af6fa50aaf58a694055c10a5", "Title": "curl: libcurl: QUIC Certificate Pinning Bypass", "Description": "libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC and HTTP/3. Since pinning makes the transfer succeed if the pin is fine, users could unwittingly connect to an impostor server without noticing.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "azure": 2, "julia": 2, "photon": 2, "redhat": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/05/28/5", "https://access.redhat.com/security/cve/CVE-2025-5025", "https://curl.se/docs/CVE-2025-5025.html", "https://curl.se/docs/CVE-2025-5025.json", "https://github.com/advisories/GHSA-x8ch-h5vv-q6cm", "https://hackerone.com/reports/3153497", "https://nvd.nist.gov/vuln/detail/CVE-2025-5025", "https://www.cve.org/CVERecord?id=CVE-2025-5025" ], "PublishedDate": "2025-05-28T07:15:24.91Z", "LastModifiedDate": "2025-07-30T19:41:37.987Z" }, { "VulnerabilityID": "CVE-2025-5399", "PkgID": "curl@8.9.1-r2", "PkgName": "curl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/curl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", "UID": "3590c6e28b7cc208" }, "InstalledVersion": "8.9.1-r2", "FixedVersion": "8.14.1-r0", "Status": "fixed", "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5399", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:1ea64a010f0303dd04251d86f35f2f89fbb44c892e4c8f07990990bf8eea51e5", "Title": "curl: libcurl: WebSocket endless loop", "Description": "Due to a mistake in libcurl's WebSocket code, a malicious server can send a\nparticularly crafted packet which makes libcurl get trapped in an endless\nbusy-loop.\n\nThere is no other way for the application to escape or exit this loop other\nthan killing the thread/process.\n\nThis might be used to DoS libcurl-using application.", "Severity": "MEDIUM", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "alma": 2, "julia": 3, "oracle-oval": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/06/04/2", "https://access.redhat.com/errata/RHSA-2025:16046", "https://access.redhat.com/security/cve/CVE-2025-5399", "https://bugzilla.redhat.com/2359885", "https://bugzilla.redhat.com/2359888", "https://bugzilla.redhat.com/2359892", "https://bugzilla.redhat.com/2359894", "https://bugzilla.redhat.com/2359895", "https://bugzilla.redhat.com/2359899", "https://bugzilla.redhat.com/2359900", "https://bugzilla.redhat.com/2359902", "https://bugzilla.redhat.com/2359903", "https://bugzilla.redhat.com/2359911", "https://bugzilla.redhat.com/2359918", "https://bugzilla.redhat.com/2359920", "https://bugzilla.redhat.com/2359924", "https://bugzilla.redhat.com/2359928", "https://bugzilla.redhat.com/2359930", "https://bugzilla.redhat.com/2359932", "https://bugzilla.redhat.com/2359934", "https://bugzilla.redhat.com/2359938", "https://bugzilla.redhat.com/2359940", "https://bugzilla.redhat.com/2359943", "https://bugzilla.redhat.com/2359944", "https://bugzilla.redhat.com/2359945", "https://bugzilla.redhat.com/2359947", "https://bugzilla.redhat.com/2359950", "https://bugzilla.redhat.com/2359963", "https://bugzilla.redhat.com/2359964", "https://bugzilla.redhat.com/2359972", "https://bugzilla.redhat.com/2370920", "https://bugzilla.redhat.com/2380264", "https://bugzilla.redhat.com/2380273", "https://bugzilla.redhat.com/2380274", "https://bugzilla.redhat.com/2380278", "https://bugzilla.redhat.com/2380280", "https://bugzilla.redhat.com/2380283", "https://bugzilla.redhat.com/2380284", "https://bugzilla.redhat.com/2380290", "https://bugzilla.redhat.com/2380291", "https://bugzilla.redhat.com/2380295", "https://bugzilla.redhat.com/2380298", "https://bugzilla.redhat.com/2380306", "https://bugzilla.redhat.com/2380308", "https://bugzilla.redhat.com/2380309", "https://bugzilla.redhat.com/2380310", "https://bugzilla.redhat.com/2380312", "https://bugzilla.redhat.com/2380313", "https://bugzilla.redhat.com/2380320", "https://bugzilla.redhat.com/2380321", "https://bugzilla.redhat.com/2380322", "https://bugzilla.redhat.com/2380326", "https://bugzilla.redhat.com/2380327", "https://bugzilla.redhat.com/2380334", "https://bugzilla.redhat.com/2380335", "https://bugzilla.redhat.com/show_bug.cgi?id=2338999", "https://bugzilla.redhat.com/show_bug.cgi?id=2359885", "https://bugzilla.redhat.com/show_bug.cgi?id=2359888", "https://bugzilla.redhat.com/show_bug.cgi?id=2359892", "https://bugzilla.redhat.com/show_bug.cgi?id=2359894", "https://bugzilla.redhat.com/show_bug.cgi?id=2359895", "https://bugzilla.redhat.com/show_bug.cgi?id=2359899", "https://bugzilla.redhat.com/show_bug.cgi?id=2359900", "https://bugzilla.redhat.com/show_bug.cgi?id=2359902", "https://bugzilla.redhat.com/show_bug.cgi?id=2359903", "https://bugzilla.redhat.com/show_bug.cgi?id=2359911", "https://bugzilla.redhat.com/show_bug.cgi?id=2359918", "https://bugzilla.redhat.com/show_bug.cgi?id=2359920", "https://bugzilla.redhat.com/show_bug.cgi?id=2359924", "https://bugzilla.redhat.com/show_bug.cgi?id=2359928", "https://bugzilla.redhat.com/show_bug.cgi?id=2359930", "https://bugzilla.redhat.com/show_bug.cgi?id=2359932", "https://bugzilla.redhat.com/show_bug.cgi?id=2359934", "https://bugzilla.redhat.com/show_bug.cgi?id=2359938", "https://bugzilla.redhat.com/show_bug.cgi?id=2359940", "https://bugzilla.redhat.com/show_bug.cgi?id=2359943", "https://bugzilla.redhat.com/show_bug.cgi?id=2359944", "https://bugzilla.redhat.com/show_bug.cgi?id=2359945", "https://bugzilla.redhat.com/show_bug.cgi?id=2359947", "https://bugzilla.redhat.com/show_bug.cgi?id=2359950", "https://bugzilla.redhat.com/show_bug.cgi?id=2359963", "https://bugzilla.redhat.com/show_bug.cgi?id=2359964", "https://bugzilla.redhat.com/show_bug.cgi?id=2359972", "https://bugzilla.redhat.com/show_bug.cgi?id=2370920", "https://bugzilla.redhat.com/show_bug.cgi?id=2380264", "https://bugzilla.redhat.com/show_bug.cgi?id=2380273", "https://bugzilla.redhat.com/show_bug.cgi?id=2380274", "https://bugzilla.redhat.com/show_bug.cgi?id=2380278", "https://bugzilla.redhat.com/show_bug.cgi?id=2380280", "https://bugzilla.redhat.com/show_bug.cgi?id=2380283", "https://bugzilla.redhat.com/show_bug.cgi?id=2380284", "https://bugzilla.redhat.com/show_bug.cgi?id=2380290", "https://bugzilla.redhat.com/show_bug.cgi?id=2380291", "https://bugzilla.redhat.com/show_bug.cgi?id=2380295", "https://bugzilla.redhat.com/show_bug.cgi?id=2380298", "https://bugzilla.redhat.com/show_bug.cgi?id=2380306", "https://bugzilla.redhat.com/show_bug.cgi?id=2380308", "https://bugzilla.redhat.com/show_bug.cgi?id=2380309", "https://bugzilla.redhat.com/show_bug.cgi?id=2380310", "https://bugzilla.redhat.com/show_bug.cgi?id=2380312", "https://bugzilla.redhat.com/show_bug.cgi?id=2380313", "https://bugzilla.redhat.com/show_bug.cgi?id=2380320", "https://bugzilla.redhat.com/show_bug.cgi?id=2380321", "https://bugzilla.redhat.com/show_bug.cgi?id=2380322", "https://bugzilla.redhat.com/show_bug.cgi?id=2380326", "https://bugzilla.redhat.com/show_bug.cgi?id=2380327", "https://bugzilla.redhat.com/show_bug.cgi?id=2380334", "https://bugzilla.redhat.com/show_bug.cgi?id=2380335", "https://curl.se/docs/CVE-2025-5399.html", "https://curl.se/docs/CVE-2025-5399.json", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21574", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21575", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21577", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21579", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21580", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21581", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21584", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21585", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21588", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30681", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30682", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30683", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30684", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30685", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30687", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30688", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30693", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30695", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30696", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30699", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30703", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30704", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30705", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30715", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30721", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30722", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50077", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50078", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50079", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50080", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50081", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50082", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50083", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50084", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50085", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50086", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50087", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50088", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50091", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50092", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50093", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50094", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50096", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50097", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50098", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50099", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50100", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50101", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50102", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50104", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5399", "https://errata.almalinux.org/9/ALSA-2025-16046.html", "https://errata.rockylinux.org/RLSA-2025:15699", "https://github.com/advisories/GHSA-8h93-38hx-vv92", "https://hackerone.com/reports/3168039", "https://linux.oracle.com/cve/CVE-2025-5399.html", "https://linux.oracle.com/errata/ELSA-2025-16046.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-5399", "https://www.cve.org/CVERecord?id=CVE-2025-5399", "https://www.oracle.com/security-alerts/cpujul2025.html#AppendixMSQL" ], "PublishedDate": "2025-06-07T08:15:20.687Z", "LastModifiedDate": "2025-07-30T19:41:33.457Z" }, { "VulnerabilityID": "CVE-2025-9086", "PkgID": "curl@8.9.1-r2", "PkgName": "curl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/curl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", "UID": "3590c6e28b7cc208" }, "InstalledVersion": "8.9.1-r2", "FixedVersion": "8.14.1-r2", "Status": "fixed", "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9086", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:69503a3727f3efc5db3d40e81d09f4889afb0a2a94e5a90720bf4c54319c0c6d", "Title": "curl: libcurl: Curl out of bounds read for cookie path", "Description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "alma": 2, "amazon": 1, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/09/10/1", "https://access.redhat.com/errata/RHSA-2026:1350", "https://access.redhat.com/security/cve/CVE-2025-9086", "https://bugzilla.redhat.com/2394750", "https://bugzilla.redhat.com/show_bug.cgi?id=2394750", "https://curl.se/docs/CVE-2025-9086.html", "https://curl.se/docs/CVE-2025-9086.json", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086", "https://errata.almalinux.org/9/ALSA-2026-1350.html", "https://errata.rockylinux.org/RLSA-2026:1350", "https://github.com/advisories/GHSA-v676-f8gm-92r9", "https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6", "https://hackerone.com/reports/3294999", "https://linux.oracle.com/cve/CVE-2025-9086.html", "https://linux.oracle.com/errata/ELSA-2026-1825.html", "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "https://ubuntu.com/security/notices/USN-8062-1", "https://www.cve.org/CVERecord?id=CVE-2025-9086" ], "PublishedDate": "2025-09-12T06:15:44.1Z", "LastModifiedDate": "2026-01-20T14:58:01.347Z" }, { "VulnerabilityID": "CVE-2026-4878", "PkgID": "libcap-getcap@2.70-r0", "PkgName": "libcap-getcap", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcap-getcap@2.70-r0?arch=x86_64\u0026distro=3.20.3", "UID": "2e9f7399f8a4acb1" }, "InstalledVersion": "2.70-r0", "FixedVersion": "2.78-r0", "Status": "fixed", "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4878", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:0c3b148570e0fc8d15a454cb319724a4aa8a265f2a308929304014f84e3b84a2", "Title": "libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file()", "Description": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.", "Severity": "HIGH", "CweIDs": [ "CWE-367" ], "VendorSeverity": { "alma": 3, "azure": 2, "nvd": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "V3Score": 6.7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/07/14", "http://www.openwall.com/lists/oss-security/2026/04/07/4", "http://www.openwall.com/lists/oss-security/2026/04/08/9", "http://www.openwall.com/lists/oss-security/2026/04/09/5", "http://www.openwall.com/lists/oss-security/2026/04/09/6", "https://access.redhat.com/errata/RHSA-2026:12423", "https://access.redhat.com/errata/RHSA-2026:12441", "https://access.redhat.com/errata/RHSA-2026:13285", "https://access.redhat.com/errata/RHSA-2026:14162", "https://access.redhat.com/errata/RHSA-2026:14937", "https://access.redhat.com/errata/RHSA-2026:19130", "https://access.redhat.com/errata/RHSA-2026:19346", "https://access.redhat.com/errata/RHSA-2026:19456", "https://access.redhat.com/errata/RHSA-2026:19458", "https://access.redhat.com/errata/RHSA-2026:7473", "https://access.redhat.com/security/cve/CVE-2026-4878", "https://bugzilla.redhat.com/2451615", "https://bugzilla.redhat.com/show_bug.cgi?id=2447554", "https://bugzilla.redhat.com/show_bug.cgi?id=2451615", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4878", "https://errata.almalinux.org/9/ALSA-2026-12441.html", "https://errata.rockylinux.org/RLSA-2026:12441", "https://github.com/AndrewGMorgan/libcap_mirror/security/advisories/GHSA-f78v-p5hx-m7hh", "https://linux.oracle.com/cve/CVE-2026-4878.html", "https://linux.oracle.com/errata/ELSA-2026-13285.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-4878", "https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.x4zn8j3lss6r", "https://ubuntu.com/security/notices/USN-8193-1", "https://www.cve.org/CVERecord?id=CVE-2026-4878" ], "PublishedDate": "2026-04-09T16:16:31.987Z", "LastModifiedDate": "2026-05-20T05:16:21.907Z" }, { "VulnerabilityID": "CVE-2026-4878", "PkgID": "libcap-setcap@2.70-r0", "PkgName": "libcap-setcap", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcap-setcap@2.70-r0?arch=x86_64\u0026distro=3.20.3", "UID": "7ead01c20c7fdb89" }, "InstalledVersion": "2.70-r0", "FixedVersion": "2.78-r0", "Status": "fixed", "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4878", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:8d5360b4d5dd40e56107211b1a4c8efc96c4e0395dfb3fbbb353f95ba9dce23b", "Title": "libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file()", "Description": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.", "Severity": "HIGH", "CweIDs": [ "CWE-367" ], "VendorSeverity": { "alma": 3, "azure": 2, "nvd": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "V3Score": 6.7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/07/14", "http://www.openwall.com/lists/oss-security/2026/04/07/4", "http://www.openwall.com/lists/oss-security/2026/04/08/9", "http://www.openwall.com/lists/oss-security/2026/04/09/5", "http://www.openwall.com/lists/oss-security/2026/04/09/6", "https://access.redhat.com/errata/RHSA-2026:12423", "https://access.redhat.com/errata/RHSA-2026:12441", "https://access.redhat.com/errata/RHSA-2026:13285", "https://access.redhat.com/errata/RHSA-2026:14162", "https://access.redhat.com/errata/RHSA-2026:14937", "https://access.redhat.com/errata/RHSA-2026:19130", "https://access.redhat.com/errata/RHSA-2026:19346", "https://access.redhat.com/errata/RHSA-2026:19456", "https://access.redhat.com/errata/RHSA-2026:19458", "https://access.redhat.com/errata/RHSA-2026:7473", "https://access.redhat.com/security/cve/CVE-2026-4878", "https://bugzilla.redhat.com/2451615", "https://bugzilla.redhat.com/show_bug.cgi?id=2447554", "https://bugzilla.redhat.com/show_bug.cgi?id=2451615", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4878", "https://errata.almalinux.org/9/ALSA-2026-12441.html", "https://errata.rockylinux.org/RLSA-2026:12441", "https://github.com/AndrewGMorgan/libcap_mirror/security/advisories/GHSA-f78v-p5hx-m7hh", "https://linux.oracle.com/cve/CVE-2026-4878.html", "https://linux.oracle.com/errata/ELSA-2026-13285.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-4878", "https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.x4zn8j3lss6r", "https://ubuntu.com/security/notices/USN-8193-1", "https://www.cve.org/CVERecord?id=CVE-2026-4878" ], "PublishedDate": "2026-04-09T16:16:31.987Z", "LastModifiedDate": "2026-05-20T05:16:21.907Z" }, { "VulnerabilityID": "CVE-2026-4878", "PkgID": "libcap-utils@2.70-r0", "PkgName": "libcap-utils", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcap-utils@2.70-r0?arch=x86_64\u0026distro=3.20.3", "UID": "2af2246a4520124f" }, "InstalledVersion": "2.70-r0", "FixedVersion": "2.78-r0", "Status": "fixed", "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4878", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:3d8a1c9e9be89abab84cdf220c4e8cc1c080e4749f82a4390bf8d8d634a6c725", "Title": "libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file()", "Description": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.", "Severity": "HIGH", "CweIDs": [ "CWE-367" ], "VendorSeverity": { "alma": 3, "azure": 2, "nvd": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "V3Score": 6.7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/07/14", "http://www.openwall.com/lists/oss-security/2026/04/07/4", "http://www.openwall.com/lists/oss-security/2026/04/08/9", "http://www.openwall.com/lists/oss-security/2026/04/09/5", "http://www.openwall.com/lists/oss-security/2026/04/09/6", "https://access.redhat.com/errata/RHSA-2026:12423", "https://access.redhat.com/errata/RHSA-2026:12441", "https://access.redhat.com/errata/RHSA-2026:13285", "https://access.redhat.com/errata/RHSA-2026:14162", "https://access.redhat.com/errata/RHSA-2026:14937", "https://access.redhat.com/errata/RHSA-2026:19130", "https://access.redhat.com/errata/RHSA-2026:19346", "https://access.redhat.com/errata/RHSA-2026:19456", "https://access.redhat.com/errata/RHSA-2026:19458", "https://access.redhat.com/errata/RHSA-2026:7473", "https://access.redhat.com/security/cve/CVE-2026-4878", "https://bugzilla.redhat.com/2451615", "https://bugzilla.redhat.com/show_bug.cgi?id=2447554", "https://bugzilla.redhat.com/show_bug.cgi?id=2451615", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4878", "https://errata.almalinux.org/9/ALSA-2026-12441.html", "https://errata.rockylinux.org/RLSA-2026:12441", "https://github.com/AndrewGMorgan/libcap_mirror/security/advisories/GHSA-f78v-p5hx-m7hh", "https://linux.oracle.com/cve/CVE-2026-4878.html", "https://linux.oracle.com/errata/ELSA-2026-13285.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-4878", "https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.x4zn8j3lss6r", "https://ubuntu.com/security/notices/USN-8193-1", "https://www.cve.org/CVERecord?id=CVE-2026-4878" ], "PublishedDate": "2026-04-09T16:16:31.987Z", "LastModifiedDate": "2026-05-20T05:16:21.907Z" }, { "VulnerabilityID": "CVE-2026-4878", "PkgID": "libcap2@2.70-r0", "PkgName": "libcap2", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcap2@2.70-r0?arch=x86_64\u0026distro=3.20.3", "UID": "fdb8fa1749c0da49" }, "InstalledVersion": "2.70-r0", "FixedVersion": "2.78-r0", "Status": "fixed", "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-4878", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:635b077196e89cf29fe6649789b439761731b8e63a0fc1f0077b473cc0ac0232", "Title": "libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file()", "Description": "A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation.", "Severity": "HIGH", "CweIDs": [ "CWE-367" ], "VendorSeverity": { "alma": 3, "azure": 2, "nvd": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", "V3Score": 6.7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/07/14", "http://www.openwall.com/lists/oss-security/2026/04/07/4", "http://www.openwall.com/lists/oss-security/2026/04/08/9", "http://www.openwall.com/lists/oss-security/2026/04/09/5", "http://www.openwall.com/lists/oss-security/2026/04/09/6", "https://access.redhat.com/errata/RHSA-2026:12423", "https://access.redhat.com/errata/RHSA-2026:12441", "https://access.redhat.com/errata/RHSA-2026:13285", "https://access.redhat.com/errata/RHSA-2026:14162", "https://access.redhat.com/errata/RHSA-2026:14937", "https://access.redhat.com/errata/RHSA-2026:19130", "https://access.redhat.com/errata/RHSA-2026:19346", "https://access.redhat.com/errata/RHSA-2026:19456", "https://access.redhat.com/errata/RHSA-2026:19458", "https://access.redhat.com/errata/RHSA-2026:7473", "https://access.redhat.com/security/cve/CVE-2026-4878", "https://bugzilla.redhat.com/2451615", "https://bugzilla.redhat.com/show_bug.cgi?id=2447554", "https://bugzilla.redhat.com/show_bug.cgi?id=2451615", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4878", "https://errata.almalinux.org/9/ALSA-2026-12441.html", "https://errata.rockylinux.org/RLSA-2026:12441", "https://github.com/AndrewGMorgan/libcap_mirror/security/advisories/GHSA-f78v-p5hx-m7hh", "https://linux.oracle.com/cve/CVE-2026-4878.html", "https://linux.oracle.com/errata/ELSA-2026-13285.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-4878", "https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.x4zn8j3lss6r", "https://ubuntu.com/security/notices/USN-8193-1", "https://www.cve.org/CVERecord?id=CVE-2026-4878" ], "PublishedDate": "2026-04-09T16:16:31.987Z", "LastModifiedDate": "2026-05-20T05:16:21.907Z" }, { "VulnerabilityID": "CVE-2026-31789", "PkgID": "libcrypto3@3.3.2-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "1f07265a9a4c81e3" }, "InstalledVersion": "3.3.2-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31789", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:50b22a44cf146aed76aae9fbd8f2e457781b0677c9582a2d3c916936cd56c03f", "Title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing", "Description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "CRITICAL", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "azure": 2, "nvd": 4, "photon": 4, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", "V3Score": 5.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31789", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-j79m-9jxq-788r", "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-31789", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.617Z", "LastModifiedDate": "2026-05-12T13:17:34.57Z" }, { "VulnerabilityID": "CVE-2024-12797", "PkgID": "libcrypto3@3.3.2-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "1f07265a9a4c81e3" }, "InstalledVersion": "3.3.2-r0", "FixedVersion": "3.3.3-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-12797", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:76243d702514a2991c5107d3fa2114a85ff2a3911b49c2a7ee9603aaa20a1285", "Title": "openssl: RFC7250 handshakes with unauthenticated servers don't abort as expected", "Description": "Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a\nserver may fail to notice that the server was not authenticated, because\nhandshakes don't abort as expected when the SSL_VERIFY_PEER verification mode\nis set.\n\nImpact summary: TLS and DTLS connections using raw public keys may be\nvulnerable to man-in-middle attacks when server authentication failure is not\ndetected by clients.\n\nRPKs are disabled by default in both TLS clients and TLS servers. The issue\nonly arises when TLS clients explicitly enable RPK use by the server, and the\nserver, likewise, enables sending of an RPK instead of an X.509 certificate\nchain. The affected clients are those that then rely on the handshake to\nfail when the server's RPK fails to match one of the expected public keys,\nby setting the verification mode to SSL_VERIFY_PEER.\n\nClients that enable server-side raw public keys can still find out that raw\npublic key verification failed by calling SSL_get_verify_result(), and those\nthat do, and take appropriate action, are not affected. This issue was\nintroduced in the initial implementation of RPK support in OpenSSL 3.2.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-392" ], "VendorSeverity": { "alma": 3, "azure": 3, "cbl-mariner": 3, "ghsa": 1, "oracle-oval": 3, "redhat": 3, "rocky": 3, "ubuntu": 3 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/02/11/3", "http://www.openwall.com/lists/oss-security/2025/02/11/4", "https://access.redhat.com/errata/RHSA-2025:1330", "https://access.redhat.com/security/cve/CVE-2024-12797", "https://bugzilla.redhat.com/2342757", "https://bugzilla.redhat.com/show_bug.cgi?id=2342757", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12797", "https://errata.almalinux.org/9/ALSA-2025-1330.html", "https://errata.rockylinux.org/RLSA-2025:1330", "https://github.com/openssl/openssl/commit/738d4f9fdeaad57660dcba50a619fafced3fd5e9", "https://github.com/openssl/openssl/commit/798779d43494549b611233f92652f0da5328fbe7", "https://github.com/openssl/openssl/commit/87ebd203feffcf92ad5889df92f90bb0ee10a699", "https://github.com/pyca/cryptography", "https://github.com/pyca/cryptography/security/advisories/GHSA-79v4-65xg-pq4g", "https://linux.oracle.com/cve/CVE-2024-12797.html", "https://linux.oracle.com/errata/ELSA-2025-1330.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-12797", "https://openssl-library.org/news/secadv/20250211.txt", "https://security.netapp.com/advisory/ntap-20250214-0001/", "https://ubuntu.com/security/notices/USN-7264-1", "https://www.cve.org/CVERecord?id=CVE-2024-12797" ], "PublishedDate": "2025-02-11T16:15:38.827Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-15467", "PkgID": "libcrypto3@3.3.2-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "1f07265a9a4c81e3" }, "InstalledVersion": "3.3.2-r0", "FixedVersion": "3.3.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15467", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:2af0077040dc2bc64b52d8cc2b4cc3ad80e07ae5b7de40593e3936f119c1d9ca", "Title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing", "Description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 4, "julia": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 8.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/27/10", "http://www.openwall.com/lists/oss-security/2026/02/25/6", "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-15467", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-wvhq-3h88-rf6g", "https://github.com/guiimoraes/CVE-2025-15467", "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://linux.oracle.com/cve/CVE-2025-15467.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://www.cve.org/CVERecord?id=CVE-2025-15467" ], "PublishedDate": "2026-01-27T16:16:14.257Z", "LastModifiedDate": "2026-05-07T18:12:43.253Z" }, { "VulnerabilityID": "CVE-2025-69421", "PkgID": "libcrypto3@3.3.2-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "1f07265a9a4c81e3" }, "InstalledVersion": "3.3.2-r0", "FixedVersion": "3.3.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69421", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:174734f9e5c7e5ab4a6c6c413d0ff5e1ffef49f9ca4fa90822e27cfa378616b9", "Title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing", "Description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "cbl-mariner": 2, "julia": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 1, "rocky": 3, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-69421", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-w9rv-xc8m-cmqp", "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://linux.oracle.com/cve/CVE-2025-69421.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69421" ], "PublishedDate": "2026-01-27T16:16:34.437Z", "LastModifiedDate": "2026-05-12T13:17:26.71Z" }, { "VulnerabilityID": "CVE-2026-28387", "PkgID": "libcrypto3@3.3.2-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "1f07265a9a4c81e3" }, "InstalledVersion": "3.3.2-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28387", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:2947dbbe3d602a7f1e10fe5292bd388b00a0b525e3f9195c85956ad019c4a95b", "Title": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication", "Description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as 'unusable' any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28387", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b", "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe", "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3", "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7", "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177", "https://nvd.nist.gov/vuln/detail/CVE-2026-28387", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28387", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:20.7Z", "LastModifiedDate": "2026-05-12T13:17:33.27Z" }, { "VulnerabilityID": "CVE-2026-28388", "PkgID": "libcrypto3@3.3.2-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "1f07265a9a4c81e3" }, "InstalledVersion": "3.3.2-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28388", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:cf76010796e77e865567ddddd933de884e2404fff383161c180e95b5d5f94fd4", "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing", "Description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28388", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28388", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:20.863Z", "LastModifiedDate": "2026-05-12T13:17:33.453Z" }, { "VulnerabilityID": "CVE-2026-28389", "PkgID": "libcrypto3@3.3.2-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "1f07265a9a4c81e3" }, "InstalledVersion": "3.3.2-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28389", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:23b82e1cd848348c2017666c96d03949cf4ae60881ea8e6d677432a1409a8fca", "Title": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing", "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28389", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/advisories/GHSA-7x88-9hgc-69gf", "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28389", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.03Z", "LastModifiedDate": "2026-05-12T13:17:33.637Z" }, { "VulnerabilityID": "CVE-2026-28390", "PkgID": "libcrypto3@3.3.2-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "1f07265a9a4c81e3" }, "InstalledVersion": "3.3.2-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28390", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:8d6fdc015784f396d2b02a393c557169c9b9c0d608d6582827f1d7040609bcb0", "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing", "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28390", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", "https://nvd.nist.gov/vuln/detail/CVE-2026-28390", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28390", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.19Z", "LastModifiedDate": "2026-05-12T13:17:33.81Z" }, { "VulnerabilityID": "CVE-2025-69419", "PkgID": "libcrypto3@3.3.2-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "1f07265a9a4c81e3" }, "InstalledVersion": "3.3.2-r0", "FixedVersion": "3.3.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69419", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:beddf5664e29c0fcc1f947bd20eb4c3495efb2e6f1635c80db697c04c6f3241f", "Title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing", "Description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "cbl-mariner": 3, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4472", "https://access.redhat.com/security/cve/CVE-2025-69419", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-4472.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-x77r-97gw-wh89", "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", "https://linux.oracle.com/cve/CVE-2025-69419.html", "https://linux.oracle.com/errata/ELSA-2026-50131.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69419" ], "PublishedDate": "2026-01-27T16:16:34.113Z", "LastModifiedDate": "2026-05-12T13:17:26.19Z" }, { "VulnerabilityID": "CVE-2025-9230", "PkgID": "libcrypto3@3.3.2-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "1f07265a9a4c81e3" }, "InstalledVersion": "3.3.2-r0", "FixedVersion": "3.3.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:571e9f1afd0f2aae95b1baa5b7c9a6f184f78a980029071dac0ffcf24fcf074f", "Title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap", "Description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125", "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "cbl-mariner": 3, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.6 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/09/30/5", "https://access.redhat.com/errata/RHSA-2026:2776", "https://access.redhat.com/security/cve/CVE-2025-9230", "https://bugzilla.redhat.com/2396054", "https://bugzilla.redhat.com/show_bug.cgi?id=2396054", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cert-portal.siemens.com/productcert/html/ssa-485750.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230", "https://errata.almalinux.org/9/ALSA-2026-2776.html", "https://errata.rockylinux.org/RLSA-2025:21255", "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", "https://linux.oracle.com/cve/CVE-2025-9230.html", "https://linux.oracle.com/errata/ELSA-2026-50114.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "https://openssl-library.org/news/secadv/20250930.txt", "https://ubuntu.com/security/notices/USN-7786-1", "https://www.cve.org/CVERecord?id=CVE-2025-9230" ], "PublishedDate": "2025-09-30T14:15:41.05Z", "LastModifiedDate": "2026-05-12T13:17:29.767Z" }, { "VulnerabilityID": "CVE-2025-9231", "PkgID": "libcrypto3@3.3.2-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "1f07265a9a4c81e3" }, "InstalledVersion": "3.3.2-r0", "FixedVersion": "3.3.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:fc571513e320f7d8d81a1f6d2ccd046f6fbcf9d27edde0dcf97cb249b63973af", "Title": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", "Description": "Issue summary: A timing side-channel which could potentially allow remote\nrecovery of the private key exists in the SM2 algorithm implementation on 64 bit\nARM platforms.\n\nImpact summary: A timing side-channel in SM2 signature computations on 64 bit\nARM platforms could allow recovering the private key by an attacker..\n\nWhile remote key recovery over a network was not attempted by the reporter,\ntiming measurements revealed a timing signal which may allow such an attack.\n\nOpenSSL does not directly support certificates with SM2 keys in TLS, and so\nthis CVE is not relevant in most TLS contexts. However, given that it is\npossible to add support for such certificates via a custom provider, coupled\nwith the fact that in such a custom provider context the private key may be\nrecoverable via remote timing measurements, we consider this to be a Moderate\nseverity issue.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as SM2 is not an approved algorithm.", "Severity": "MEDIUM", "CweIDs": [ "CWE-385" ], "VendorSeverity": { "amazon": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/09/30/5", "http://www.openwall.com/lists/oss-security/2026/05/11/11", "https://access.redhat.com/security/cve/CVE-2025-9231", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", "https://github.com/advisories/GHSA-9mrx-mqmg-gwj9", "https://github.com/openssl/openssl/commit/567f64386e43683888212226824b6a179885a0fe", "https://github.com/openssl/openssl/commit/cba616c26ac8e7b37de5e77762e505ba5ca51698", "https://github.com/openssl/openssl/commit/eed5adc9f969d77c94f213767acbb41ff923b6f4", "https://github.com/openssl/openssl/commit/fc47a2ec078912b3e914fab5734535e76c4820c2", "https://nvd.nist.gov/vuln/detail/CVE-2025-9231", "https://openssl-library.org/news/secadv/20250930.txt", "https://ubuntu.com/security/notices/USN-7786-1", "https://www.cve.org/CVERecord?id=CVE-2025-9231" ], "PublishedDate": "2025-09-30T14:15:41.19Z", "LastModifiedDate": "2026-05-12T13:17:29.927Z" }, { "VulnerabilityID": "CVE-2026-31790", "PkgID": "libcrypto3@3.3.2-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "1f07265a9a4c81e3" }, "InstalledVersion": "3.3.2-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31790", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:2c7cfa700eb04aaa899a020a8692effa01b20f06f6a4419e8aad0708e3e2a4b7", "Title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key", "Description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-754" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31790", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-vgxx-5xj5-q97x", "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-31790", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.77Z", "LastModifiedDate": "2026-05-12T13:17:34.75Z" }, { "VulnerabilityID": "CVE-2024-8096", "PkgID": "libcurl@8.9.1-r2", "PkgName": "libcurl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcurl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", "UID": "2ba374c8fc8f948f" }, "InstalledVersion": "8.9.1-r2", "FixedVersion": "8.10.0-r0", "Status": "fixed", "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-8096", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:53c44a7d6b5d47fb1bc6eccf444ab8c9b0892e66bab84406697d30cb52985fe7", "Title": "curl: OCSP stapling bypass with GnuTLS", "Description": "When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "julia": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/09/11/1", "https://access.redhat.com/security/cve/CVE-2024-8096", "https://curl.se/docs/CVE-2024-8096.html", "https://curl.se/docs/CVE-2024-8096.json", "https://github.com/advisories/GHSA-gv3v-x3f3-7fxm", "https://hackerone.com/reports/2669852", "https://lists.debian.org/debian-lts-announce/2024/11/msg00008.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-8096", "https://security.netapp.com/advisory/ntap-20241011-0005", "https://security.netapp.com/advisory/ntap-20241011-0005/", "https://ubuntu.com/security/notices/USN-7012-1", "https://www.cve.org/CVERecord?id=CVE-2024-8096" ], "PublishedDate": "2024-09-11T10:15:02.883Z", "LastModifiedDate": "2025-07-30T19:42:16.87Z" }, { "VulnerabilityID": "CVE-2024-9681", "PkgID": "libcurl@8.9.1-r2", "PkgName": "libcurl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcurl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", "UID": "2ba374c8fc8f948f" }, "InstalledVersion": "8.9.1-r2", "FixedVersion": "8.11.0-r0", "Status": "fixed", "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-9681", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:ad89ef2ade3f4e5594d83f07f9f19b30987b3255c891a80114f4147c42bc5ac3", "Title": "curl: HSTS subdomain overwrites parent cache entry", "Description": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain's cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain's expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl's HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent's entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended.", "Severity": "MEDIUM", "CweIDs": [ "CWE-697" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "julia": 2, "nvd": 2, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", "V3Score": 3.9 } }, "References": [ "http://seclists.org/fulldisclosure/2025/Apr/10", "http://seclists.org/fulldisclosure/2025/Apr/11", "http://seclists.org/fulldisclosure/2025/Apr/12", "http://seclists.org/fulldisclosure/2025/Apr/13", "http://seclists.org/fulldisclosure/2025/Apr/4", "http://seclists.org/fulldisclosure/2025/Apr/5", "http://seclists.org/fulldisclosure/2025/Apr/8", "http://seclists.org/fulldisclosure/2025/Apr/9", "http://www.openwall.com/lists/oss-security/2024/11/06/2", "https://access.redhat.com/security/cve/CVE-2024-9681", "https://curl.se/docs/CVE-2024-9681.html", "https://curl.se/docs/CVE-2024-9681.json", "https://github.com/advisories/GHSA-g337-g667-mjvw", "https://hackerone.com/reports/2764830", "https://nvd.nist.gov/vuln/detail/CVE-2024-9681", "https://security.netapp.com/advisory/ntap-20241213-0006", "https://security.netapp.com/advisory/ntap-20241213-0006/", "https://ubuntu.com/security/notices/USN-7104-1", "https://www.cve.org/CVERecord?id=CVE-2024-9681" ], "PublishedDate": "2024-11-06T08:15:03.74Z", "LastModifiedDate": "2025-11-03T21:18:48.67Z" }, { "VulnerabilityID": "CVE-2025-4947", "PkgID": "libcurl@8.9.1-r2", "PkgName": "libcurl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcurl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", "UID": "2ba374c8fc8f948f" }, "InstalledVersion": "8.9.1-r2", "FixedVersion": "8.14.0-r0", "Status": "fixed", "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4947", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:4356e654aa130320842fafdcea2b28718798fd84a33e67bc127f31a4cb435cbc", "Title": "libcurl: curl: QUIC certificate check skip with wolfSSL", "Description": "libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "azure": 2, "julia": 2, "photon": 2, "redhat": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/05/28/4", "https://access.redhat.com/security/cve/CVE-2025-4947", "https://curl.se/docs/CVE-2025-4947.html", "https://curl.se/docs/CVE-2025-4947.json", "https://github.com/advisories/GHSA-ppfq-jg49-mqj4", "https://hackerone.com/reports/3150884", "https://nvd.nist.gov/vuln/detail/CVE-2025-4947", "https://www.cve.org/CVERecord?id=CVE-2025-4947" ], "PublishedDate": "2025-05-28T07:15:24.78Z", "LastModifiedDate": "2025-06-26T15:08:21.52Z" }, { "VulnerabilityID": "CVE-2025-5025", "PkgID": "libcurl@8.9.1-r2", "PkgName": "libcurl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcurl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", "UID": "2ba374c8fc8f948f" }, "InstalledVersion": "8.9.1-r2", "FixedVersion": "8.14.0-r0", "Status": "fixed", "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5025", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:fce71c9fdcdfd44fa4324612dd8d92817e4637ec757d7182ed78aa9fc3d505a8", "Title": "curl: libcurl: QUIC Certificate Pinning Bypass", "Description": "libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC and HTTP/3. Since pinning makes the transfer succeed if the pin is fine, users could unwittingly connect to an impostor server without noticing.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "azure": 2, "julia": 2, "photon": 2, "redhat": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/05/28/5", "https://access.redhat.com/security/cve/CVE-2025-5025", "https://curl.se/docs/CVE-2025-5025.html", "https://curl.se/docs/CVE-2025-5025.json", "https://github.com/advisories/GHSA-x8ch-h5vv-q6cm", "https://hackerone.com/reports/3153497", "https://nvd.nist.gov/vuln/detail/CVE-2025-5025", "https://www.cve.org/CVERecord?id=CVE-2025-5025" ], "PublishedDate": "2025-05-28T07:15:24.91Z", "LastModifiedDate": "2025-07-30T19:41:37.987Z" }, { "VulnerabilityID": "CVE-2025-5399", "PkgID": "libcurl@8.9.1-r2", "PkgName": "libcurl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcurl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", "UID": "2ba374c8fc8f948f" }, "InstalledVersion": "8.9.1-r2", "FixedVersion": "8.14.1-r0", "Status": "fixed", "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5399", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:d67df0860ef3b6911e4664099e77163353cdbaf44821e04f3590aff576617c7c", "Title": "curl: libcurl: WebSocket endless loop", "Description": "Due to a mistake in libcurl's WebSocket code, a malicious server can send a\nparticularly crafted packet which makes libcurl get trapped in an endless\nbusy-loop.\n\nThere is no other way for the application to escape or exit this loop other\nthan killing the thread/process.\n\nThis might be used to DoS libcurl-using application.", "Severity": "MEDIUM", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "alma": 2, "julia": 3, "oracle-oval": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/06/04/2", "https://access.redhat.com/errata/RHSA-2025:16046", "https://access.redhat.com/security/cve/CVE-2025-5399", "https://bugzilla.redhat.com/2359885", "https://bugzilla.redhat.com/2359888", "https://bugzilla.redhat.com/2359892", "https://bugzilla.redhat.com/2359894", "https://bugzilla.redhat.com/2359895", "https://bugzilla.redhat.com/2359899", "https://bugzilla.redhat.com/2359900", "https://bugzilla.redhat.com/2359902", "https://bugzilla.redhat.com/2359903", "https://bugzilla.redhat.com/2359911", "https://bugzilla.redhat.com/2359918", "https://bugzilla.redhat.com/2359920", "https://bugzilla.redhat.com/2359924", "https://bugzilla.redhat.com/2359928", "https://bugzilla.redhat.com/2359930", "https://bugzilla.redhat.com/2359932", "https://bugzilla.redhat.com/2359934", "https://bugzilla.redhat.com/2359938", "https://bugzilla.redhat.com/2359940", "https://bugzilla.redhat.com/2359943", "https://bugzilla.redhat.com/2359944", "https://bugzilla.redhat.com/2359945", "https://bugzilla.redhat.com/2359947", "https://bugzilla.redhat.com/2359950", "https://bugzilla.redhat.com/2359963", "https://bugzilla.redhat.com/2359964", "https://bugzilla.redhat.com/2359972", "https://bugzilla.redhat.com/2370920", "https://bugzilla.redhat.com/2380264", "https://bugzilla.redhat.com/2380273", "https://bugzilla.redhat.com/2380274", "https://bugzilla.redhat.com/2380278", "https://bugzilla.redhat.com/2380280", "https://bugzilla.redhat.com/2380283", "https://bugzilla.redhat.com/2380284", "https://bugzilla.redhat.com/2380290", "https://bugzilla.redhat.com/2380291", "https://bugzilla.redhat.com/2380295", "https://bugzilla.redhat.com/2380298", "https://bugzilla.redhat.com/2380306", "https://bugzilla.redhat.com/2380308", "https://bugzilla.redhat.com/2380309", "https://bugzilla.redhat.com/2380310", "https://bugzilla.redhat.com/2380312", "https://bugzilla.redhat.com/2380313", "https://bugzilla.redhat.com/2380320", "https://bugzilla.redhat.com/2380321", "https://bugzilla.redhat.com/2380322", "https://bugzilla.redhat.com/2380326", "https://bugzilla.redhat.com/2380327", "https://bugzilla.redhat.com/2380334", "https://bugzilla.redhat.com/2380335", "https://bugzilla.redhat.com/show_bug.cgi?id=2338999", "https://bugzilla.redhat.com/show_bug.cgi?id=2359885", "https://bugzilla.redhat.com/show_bug.cgi?id=2359888", "https://bugzilla.redhat.com/show_bug.cgi?id=2359892", "https://bugzilla.redhat.com/show_bug.cgi?id=2359894", "https://bugzilla.redhat.com/show_bug.cgi?id=2359895", "https://bugzilla.redhat.com/show_bug.cgi?id=2359899", "https://bugzilla.redhat.com/show_bug.cgi?id=2359900", "https://bugzilla.redhat.com/show_bug.cgi?id=2359902", "https://bugzilla.redhat.com/show_bug.cgi?id=2359903", "https://bugzilla.redhat.com/show_bug.cgi?id=2359911", "https://bugzilla.redhat.com/show_bug.cgi?id=2359918", "https://bugzilla.redhat.com/show_bug.cgi?id=2359920", "https://bugzilla.redhat.com/show_bug.cgi?id=2359924", "https://bugzilla.redhat.com/show_bug.cgi?id=2359928", "https://bugzilla.redhat.com/show_bug.cgi?id=2359930", "https://bugzilla.redhat.com/show_bug.cgi?id=2359932", "https://bugzilla.redhat.com/show_bug.cgi?id=2359934", "https://bugzilla.redhat.com/show_bug.cgi?id=2359938", "https://bugzilla.redhat.com/show_bug.cgi?id=2359940", "https://bugzilla.redhat.com/show_bug.cgi?id=2359943", "https://bugzilla.redhat.com/show_bug.cgi?id=2359944", "https://bugzilla.redhat.com/show_bug.cgi?id=2359945", "https://bugzilla.redhat.com/show_bug.cgi?id=2359947", "https://bugzilla.redhat.com/show_bug.cgi?id=2359950", "https://bugzilla.redhat.com/show_bug.cgi?id=2359963", "https://bugzilla.redhat.com/show_bug.cgi?id=2359964", "https://bugzilla.redhat.com/show_bug.cgi?id=2359972", "https://bugzilla.redhat.com/show_bug.cgi?id=2370920", "https://bugzilla.redhat.com/show_bug.cgi?id=2380264", "https://bugzilla.redhat.com/show_bug.cgi?id=2380273", "https://bugzilla.redhat.com/show_bug.cgi?id=2380274", "https://bugzilla.redhat.com/show_bug.cgi?id=2380278", "https://bugzilla.redhat.com/show_bug.cgi?id=2380280", "https://bugzilla.redhat.com/show_bug.cgi?id=2380283", "https://bugzilla.redhat.com/show_bug.cgi?id=2380284", "https://bugzilla.redhat.com/show_bug.cgi?id=2380290", "https://bugzilla.redhat.com/show_bug.cgi?id=2380291", "https://bugzilla.redhat.com/show_bug.cgi?id=2380295", "https://bugzilla.redhat.com/show_bug.cgi?id=2380298", "https://bugzilla.redhat.com/show_bug.cgi?id=2380306", "https://bugzilla.redhat.com/show_bug.cgi?id=2380308", "https://bugzilla.redhat.com/show_bug.cgi?id=2380309", "https://bugzilla.redhat.com/show_bug.cgi?id=2380310", "https://bugzilla.redhat.com/show_bug.cgi?id=2380312", "https://bugzilla.redhat.com/show_bug.cgi?id=2380313", "https://bugzilla.redhat.com/show_bug.cgi?id=2380320", "https://bugzilla.redhat.com/show_bug.cgi?id=2380321", "https://bugzilla.redhat.com/show_bug.cgi?id=2380322", "https://bugzilla.redhat.com/show_bug.cgi?id=2380326", "https://bugzilla.redhat.com/show_bug.cgi?id=2380327", "https://bugzilla.redhat.com/show_bug.cgi?id=2380334", "https://bugzilla.redhat.com/show_bug.cgi?id=2380335", "https://curl.se/docs/CVE-2025-5399.html", "https://curl.se/docs/CVE-2025-5399.json", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21574", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21575", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21577", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21579", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21580", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21581", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21584", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21585", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21588", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30681", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30682", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30683", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30684", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30685", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30687", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30688", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30693", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30695", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30696", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30699", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30703", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30704", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30705", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30715", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30721", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30722", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50077", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50078", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50079", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50080", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50081", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50082", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50083", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50084", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50085", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50086", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50087", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50088", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50091", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50092", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50093", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50094", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50096", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50097", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50098", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50099", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50100", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50101", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50102", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50104", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5399", "https://errata.almalinux.org/9/ALSA-2025-16046.html", "https://errata.rockylinux.org/RLSA-2025:15699", "https://github.com/advisories/GHSA-8h93-38hx-vv92", "https://hackerone.com/reports/3168039", "https://linux.oracle.com/cve/CVE-2025-5399.html", "https://linux.oracle.com/errata/ELSA-2025-16046.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-5399", "https://www.cve.org/CVERecord?id=CVE-2025-5399", "https://www.oracle.com/security-alerts/cpujul2025.html#AppendixMSQL" ], "PublishedDate": "2025-06-07T08:15:20.687Z", "LastModifiedDate": "2025-07-30T19:41:33.457Z" }, { "VulnerabilityID": "CVE-2025-9086", "PkgID": "libcurl@8.9.1-r2", "PkgName": "libcurl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcurl@8.9.1-r2?arch=x86_64\u0026distro=3.20.3", "UID": "2ba374c8fc8f948f" }, "InstalledVersion": "8.9.1-r2", "FixedVersion": "8.14.1-r2", "Status": "fixed", "Layer": { "Digest": "sha256:7560e3e46aa2308fe1ab8ec8222db821d73ebd402c7ee4595c931250deceecbc", "DiffID": "sha256:aad00348126d10c040bb40a49725d814bddc700b19b533c4e3fe86c208427746" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9086", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:1c46cb8ff7069fc21bb20542d74278ec83a9594fc214f598b73c9cd04e87799e", "Title": "curl: libcurl: Curl out of bounds read for cookie path", "Description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "alma": 2, "amazon": 1, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/09/10/1", "https://access.redhat.com/errata/RHSA-2026:1350", "https://access.redhat.com/security/cve/CVE-2025-9086", "https://bugzilla.redhat.com/2394750", "https://bugzilla.redhat.com/show_bug.cgi?id=2394750", "https://curl.se/docs/CVE-2025-9086.html", "https://curl.se/docs/CVE-2025-9086.json", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086", "https://errata.almalinux.org/9/ALSA-2026-1350.html", "https://errata.rockylinux.org/RLSA-2026:1350", "https://github.com/advisories/GHSA-v676-f8gm-92r9", "https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6", "https://hackerone.com/reports/3294999", "https://linux.oracle.com/cve/CVE-2025-9086.html", "https://linux.oracle.com/errata/ELSA-2026-1825.html", "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "https://ubuntu.com/security/notices/USN-8062-1", "https://www.cve.org/CVERecord?id=CVE-2025-9086" ], "PublishedDate": "2025-09-12T06:15:44.1Z", "LastModifiedDate": "2026-01-20T14:58:01.347Z" }, { "VulnerabilityID": "CVE-2025-64720", "PkgID": "libpng@1.6.44-r0", "PkgName": "libpng", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libpng@1.6.44-r0?arch=x86_64\u0026distro=3.20.3", "UID": "e29ba48026f32d89" }, "InstalledVersion": "1.6.44-r0", "FixedVersion": "1.6.53-r0", "Status": "fixed", "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-64720", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:04666bb95f53b42d9637a877dfe34942a8290f633ba0570ee28589a5decb3562", "Title": "libpng: LIBPNG buffer overflow", "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, an out-of-bounds read vulnerability exists in png_image_read_composite when processing palette images with PNG_FLAG_OPTIMIZE_ALPHA enabled. The palette compositing code in png_init_read_transformations incorrectly applies background compositing during premultiplication, violating the invariant component ≤ alpha × 257 required by the simplified PNG API. This issue has been patched in version 1.6.51.", "Severity": "HIGH", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:0933", "https://access.redhat.com/security/cve/CVE-2025-64720", "https://bugzilla.redhat.com/show_bug.cgi?id=2416904", "https://bugzilla.redhat.com/show_bug.cgi?id=2416907", "https://bugzilla.redhat.com/show_bug.cgi?id=2418711", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64720", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65018", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66293", "https://errata.almalinux.org/9/ALSA-2026-0933.html", "https://errata.rockylinux.org/RLSA-2026:0238", "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643", "https://github.com/pnggroup/libpng/commit/08da33b4c88cfcd36e5a706558a8d7e0e4773643 (v1.6.51)", "https://github.com/pnggroup/libpng/issues/686", "https://github.com/pnggroup/libpng/pull/751", "https://github.com/pnggroup/libpng/security/advisories/GHSA-hfc7-ph9c-wcww", "https://linux.oracle.com/cve/CVE-2025-64720.html", "https://linux.oracle.com/errata/ELSA-2026-0932.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-64720", "https://ubuntu.com/security/notices/USN-7924-1", "https://www.cve.org/CVERecord?id=CVE-2025-64720", "https://www.openwall.com/lists/oss-security/2025/11/22/1" ], "PublishedDate": "2025-11-25T00:15:47.46Z", "LastModifiedDate": "2025-11-26T18:35:18.253Z" }, { "VulnerabilityID": "CVE-2025-65018", "PkgID": "libpng@1.6.44-r0", "PkgName": "libpng", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libpng@1.6.44-r0?arch=x86_64\u0026distro=3.20.3", "UID": "e29ba48026f32d89" }, "InstalledVersion": "1.6.44-r0", "FixedVersion": "1.6.53-r0", "Status": "fixed", "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-65018", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:86f925624b42a3bcc476777af730a9e3665744f5010a9ed80a145c9ef97ad3f6", "Title": "libpng: LIBPNG heap buffer overflow", "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, there is a heap buffer overflow vulnerability in the libpng simplified API function png_image_finish_read when processing 16-bit interlaced PNGs with 8-bit output format. Attacker-crafted interlaced PNG files cause heap writes beyond allocated buffer bounds. This issue has been patched in version 1.6.51.", "Severity": "HIGH", "CweIDs": [ "CWE-122", "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:0933", "https://access.redhat.com/security/cve/CVE-2025-65018", "https://bugzilla.redhat.com/show_bug.cgi?id=2416904", "https://bugzilla.redhat.com/show_bug.cgi?id=2416907", "https://bugzilla.redhat.com/show_bug.cgi?id=2418711", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64720", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65018", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66293", "https://errata.almalinux.org/9/ALSA-2026-0933.html", "https://errata.rockylinux.org/RLSA-2026:0238", "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d", "https://github.com/pnggroup/libpng/commit/16b5e3823918840aae65c0a6da57c78a5a496a4d (v1.6.51)", "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea", "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea (v1.6.51)", "https://github.com/pnggroup/libpng/issues/755", "https://github.com/pnggroup/libpng/pull/757", "https://github.com/pnggroup/libpng/security/advisories/GHSA-7wv6-48j4-hj3g", "https://linux.oracle.com/cve/CVE-2025-65018.html", "https://linux.oracle.com/errata/ELSA-2026-0932.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-65018", "https://ubuntu.com/security/notices/USN-7924-1", "https://www.cve.org/CVERecord?id=CVE-2025-65018", "https://www.openwall.com/lists/oss-security/2025/11/22/1" ], "PublishedDate": "2025-11-25T00:15:47.61Z", "LastModifiedDate": "2025-11-26T18:34:53.65Z" }, { "VulnerabilityID": "CVE-2025-66293", "PkgID": "libpng@1.6.44-r0", "PkgName": "libpng", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libpng@1.6.44-r0?arch=x86_64\u0026distro=3.20.3", "UID": "e29ba48026f32d89" }, "InstalledVersion": "1.6.44-r0", "FixedVersion": "1.6.53-r0", "Status": "fixed", "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-66293", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:04d987a12397922ab23429cefdd18b90b65c29e35c2f0bf654aa3a72a68f4492", "Title": "libpng: LIBPNG out-of-bounds read in png_image_read_composite", "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when processing valid palette PNG images with partial transparency and gamma correction. The PNG files that trigger this vulnerability are valid per the PNG specification; the bug is in libpng's internal state management. Upgrade to libpng 1.6.52 or later.", "Severity": "HIGH", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "V3Score": 7.1 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/12/03/6", "http://www.openwall.com/lists/oss-security/2025/12/03/7", "http://www.openwall.com/lists/oss-security/2025/12/03/8", "https://access.redhat.com/errata/RHSA-2026:0238", "https://access.redhat.com/security/cve/CVE-2025-66293", "https://bugzilla.redhat.com/2416904", "https://bugzilla.redhat.com/2416907", "https://bugzilla.redhat.com/2418711", "https://bugzilla.redhat.com/show_bug.cgi?id=2416904", "https://bugzilla.redhat.com/show_bug.cgi?id=2416907", "https://bugzilla.redhat.com/show_bug.cgi?id=2418711", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-64720", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65018", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66293", "https://errata.almalinux.org/9/ALSA-2026-0238.html", "https://errata.rockylinux.org/RLSA-2026:0238", "https://github.com/pnggroup/libpng/commit/788a624d7387a758ffd5c7ab010f1870dea753a1", "https://github.com/pnggroup/libpng/commit/a05a48b756de63e3234ea6b3b938b8f5f862484a", "https://github.com/pnggroup/libpng/issues/764", "https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f", "https://linux.oracle.com/cve/CVE-2025-66293.html", "https://linux.oracle.com/errata/ELSA-2026-0241.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-66293", "https://ubuntu.com/security/notices/USN-7963-1", "https://ubuntu.com/security/notices/USN-8035-1", "https://www.cve.org/CVERecord?id=CVE-2025-66293" ], "PublishedDate": "2025-12-03T21:15:53.06Z", "LastModifiedDate": "2025-12-16T19:12:50.35Z" }, { "VulnerabilityID": "CVE-2026-22695", "PkgID": "libpng@1.6.44-r0", "PkgName": "libpng", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libpng@1.6.44-r0?arch=x86_64\u0026distro=3.20.3", "UID": "e29ba48026f32d89" }, "InstalledVersion": "1.6.44-r0", "FixedVersion": "1.6.54-r0", "Status": "fixed", "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22695", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:36c2a4f2b70a0b9b1661e638ba26377d62fa536fc51de4c79cb68a7ba2a8cc30", "Title": "libpng: libpng: Denial of service and information disclosure via heap buffer over-read in png_image_finish_read", "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.51 to 1.6.53, there is a heap buffer over-read in the libpng simplified API function png_image_finish_read when processing interlaced 16-bit PNGs with 8-bit output format and non-minimal row stride. This is a regression introduced by the fix for CVE-2025-65018. This vulnerability is fixed in 1.6.54.", "Severity": "HIGH", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "cbl-mariner": 2, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:3405", "https://access.redhat.com/security/cve/CVE-2026-22695", "https://bugzilla.redhat.com/2428824", "https://bugzilla.redhat.com/2428825", "https://bugzilla.redhat.com/2438542", "https://bugzilla.redhat.com/show_bug.cgi?id=2428824", "https://bugzilla.redhat.com/show_bug.cgi?id=2428825", "https://bugzilla.redhat.com/show_bug.cgi?id=2438542", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22695", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22801", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25646", "https://errata.almalinux.org/9/ALSA-2026-3405.html", "https://errata.rockylinux.org/RLSA-2026:3405", "https://github.com/pnggroup/libpng/commit/218612ddd6b17944e21eda56caf8b4bf7779d1ea", "https://github.com/pnggroup/libpng/commit/e4f7ad4ea2", "https://github.com/pnggroup/libpng/issues/778", "https://github.com/pnggroup/libpng/security/advisories/GHSA-mmq5-27w3-rxpp", "https://linux.oracle.com/cve/CVE-2026-22695.html", "https://linux.oracle.com/errata/ELSA-2026-4728.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-22695", "https://ubuntu.com/security/notices/USN-7963-1", "https://ubuntu.com/security/notices/USN-8035-1", "https://www.cve.org/CVERecord?id=CVE-2026-22695", "https://www.openwall.com/lists/oss-security/2026/01/12/7" ], "PublishedDate": "2026-01-12T23:15:52.597Z", "LastModifiedDate": "2026-01-21T18:58:55.787Z" }, { "VulnerabilityID": "CVE-2026-22801", "PkgID": "libpng@1.6.44-r0", "PkgName": "libpng", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libpng@1.6.44-r0?arch=x86_64\u0026distro=3.20.3", "UID": "e29ba48026f32d89" }, "InstalledVersion": "1.6.44-r0", "FixedVersion": "1.6.54-r0", "Status": "fixed", "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22801", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:9a9a8e3cb9cf88bff61c9305c689f57738bf4b95d33ceb6be0d3b72a6c46ace4", "Title": "libpng: libpng: Information disclosure and denial of service via integer truncation in simplified write API", "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.6.26 to 1.6.53, there is an integer truncation in the libpng simplified write API functions png_write_image_16bit and png_write_image_8bit causes heap buffer over-read when the caller provides a negative row stride (for bottom-up image layouts) or a stride exceeding 65535 bytes. The bug was introduced in libpng 1.6.26 (October 2016) by casts added to silence compiler warnings on 16-bit systems. This vulnerability is fixed in 1.6.54.", "Severity": "HIGH", "CweIDs": [ "CWE-125", "CWE-190" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "cbl-mariner": 2, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "V3Score": 6.6 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:3405", "https://access.redhat.com/security/cve/CVE-2026-22801", "https://bugzilla.redhat.com/2428824", "https://bugzilla.redhat.com/2428825", "https://bugzilla.redhat.com/2438542", "https://bugzilla.redhat.com/show_bug.cgi?id=2428824", "https://bugzilla.redhat.com/show_bug.cgi?id=2428825", "https://bugzilla.redhat.com/show_bug.cgi?id=2438542", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22695", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22801", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25646", "https://errata.almalinux.org/9/ALSA-2026-3405.html", "https://errata.rockylinux.org/RLSA-2026:3405", "https://github.com/pnggroup/libpng/security/advisories/GHSA-vgjq-8cw5-ggw8", "https://linux.oracle.com/cve/CVE-2026-22801.html", "https://linux.oracle.com/errata/ELSA-2026-4728.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-22801", "https://ubuntu.com/security/notices/USN-7963-1", "https://ubuntu.com/security/notices/USN-8035-1", "https://www.cve.org/CVERecord?id=CVE-2026-22801", "https://www.openwall.com/lists/oss-security/2026/01/12/7" ], "PublishedDate": "2026-01-12T23:15:52.907Z", "LastModifiedDate": "2026-01-21T18:58:18.27Z" }, { "VulnerabilityID": "CVE-2026-25646", "PkgID": "libpng@1.6.44-r0", "PkgName": "libpng", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libpng@1.6.44-r0?arch=x86_64\u0026distro=3.20.3", "UID": "e29ba48026f32d89" }, "InstalledVersion": "1.6.44-r0", "FixedVersion": "1.6.55-r0", "Status": "fixed", "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25646", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:85e41518a186f195db1bbfcdd98c897d6f187b31a23b89258328ced00d1e91d1", "Title": "libpng: LIBPNG has a heap buffer overflow in png_set_quantize", "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.55, an out-of-bounds read vulnerability exists in the png_set_quantize() API function. When the function is called with no histogram and the number of colors in the palette is more than twice the maximum supported by the user's display, certain palettes will cause the function to enter into an infinite loop that reads past the end of an internal heap-allocated buffer. The images that trigger this vulnerability are valid per the PNG specification. This vulnerability is fixed in 1.6.55.", "Severity": "HIGH", "CweIDs": [ "CWE-122", "CWE-126" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "V3Score": 7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/02/09/7", "https://access.redhat.com/errata/RHSA-2026:3405", "https://access.redhat.com/security/cve/CVE-2026-25646", "https://bugzilla.redhat.com/2428824", "https://bugzilla.redhat.com/2428825", "https://bugzilla.redhat.com/2438542", "https://bugzilla.redhat.com/show_bug.cgi?id=2428824", "https://bugzilla.redhat.com/show_bug.cgi?id=2428825", "https://bugzilla.redhat.com/show_bug.cgi?id=2438542", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22695", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22801", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25646", "https://errata.almalinux.org/9/ALSA-2026-3405.html", "https://errata.rockylinux.org/RLSA-2026:3405", "https://github.com/pnggroup/libpng/commit/01d03b8453eb30ade759cd45c707e5a1c7277d88", "https://github.com/pnggroup/libpng/security/advisories/GHSA-g8hp-mq4h-rqm3", "https://linux.oracle.com/cve/CVE-2026-25646.html", "https://linux.oracle.com/errata/ELSA-2026-7032.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-25646", "https://ubuntu.com/security/notices/USN-8035-1", "https://ubuntu.com/security/notices/USN-8039-1", "https://ubuntu.com/security/notices/USN-8081-1", "https://www.cve.org/CVERecord?id=CVE-2026-25646" ], "PublishedDate": "2026-02-10T18:16:37.817Z", "LastModifiedDate": "2026-02-13T20:43:44.69Z" }, { "VulnerabilityID": "CVE-2025-64505", "PkgID": "libpng@1.6.44-r0", "PkgName": "libpng", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libpng@1.6.44-r0?arch=x86_64\u0026distro=3.20.3", "UID": "e29ba48026f32d89" }, "InstalledVersion": "1.6.44-r0", "FixedVersion": "1.6.53-r0", "Status": "fixed", "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-64505", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:78e074ffd25d850c85fe6e6abc43c84ecec3d3f3b4153a3e371153f3694ce6cf", "Title": "libpng: LIBPNG heap buffer overflow via malformed palette index", "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access. This issue has been patched in version 1.6.51.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-64505", "https://github.com/pnggroup/libpng/commit/6a528eb5fd0dd7f6de1c39d30de0e41473431c37", "https://github.com/pnggroup/libpng/commit/6a528eb5fd0dd7f6de1c39d30de0e41473431c37 (v1.6.51)", "https://github.com/pnggroup/libpng/pull/748", "https://github.com/pnggroup/libpng/security/advisories/GHSA-4952-h5wq-4m42", "https://nvd.nist.gov/vuln/detail/CVE-2025-64505", "https://ubuntu.com/security/notices/USN-7924-1", "https://ubuntu.com/security/notices/USN-8081-1", "https://www.cve.org/CVERecord?id=CVE-2025-64505", "https://www.openwall.com/lists/oss-security/2025/11/22/1" ], "PublishedDate": "2025-11-25T00:15:47.133Z", "LastModifiedDate": "2025-11-26T18:28:32.22Z" }, { "VulnerabilityID": "CVE-2025-64506", "PkgID": "libpng@1.6.44-r0", "PkgName": "libpng", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libpng@1.6.44-r0?arch=x86_64\u0026distro=3.20.3", "UID": "e29ba48026f32d89" }, "InstalledVersion": "1.6.44-r0", "FixedVersion": "1.6.53-r0", "Status": "fixed", "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-64506", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:0fc39b69047b3f7bc637e716eca9c85001c852edb562b2d6c3a15ef15cf0efc3", "Title": "libpng: LIBPNG heap buffer over-read", "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From version 1.6.0 to before 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_write_image_8bit function when processing 8-bit images through the simplified write API with convert_to_8bit enabled. The vulnerability affects 8-bit grayscale+alpha, RGB/RGBA, and images with incomplete row data. A conditional guard incorrectly allows 8-bit input to enter code expecting 16-bit input, causing reads up to 2 bytes beyond allocated buffer boundaries. This issue has been patched in version 1.6.51.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "amazon": 3, "azure": 2, "cbl-mariner": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-64506", "https://github.com/pnggroup/libpng/commit/2bd84c019c300b78e811743fbcddb67c9d9bf821", "https://github.com/pnggroup/libpng/commit/2bd84c019c300b78e811743fbcddb67c9d9bf821 (v1.6.51)", "https://github.com/pnggroup/libpng/pull/749", "https://github.com/pnggroup/libpng/security/advisories/GHSA-qpr4-xm66-hww6", "https://nvd.nist.gov/vuln/detail/CVE-2025-64506", "https://ubuntu.com/security/notices/USN-7924-1", "https://www.cve.org/CVERecord?id=CVE-2025-64506", "https://www.openwall.com/lists/oss-security/2025/11/22/1" ], "PublishedDate": "2025-11-25T00:15:47.3Z", "LastModifiedDate": "2025-11-26T18:34:38.24Z" }, { "VulnerabilityID": "CVE-2026-33416", "PkgID": "libpng@1.6.44-r0", "PkgName": "libpng", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libpng@1.6.44-r0?arch=x86_64\u0026distro=3.20.3", "UID": "e29ba48026f32d89" }, "InstalledVersion": "1.6.44-r0", "FixedVersion": "1.6.56-r0", "Status": "fixed", "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33416", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:269acfff291a9aa56bb4397f191d0e37906d9bc5eb133fc9073cbbf6aab99ee4", "Title": "libpng: libpng: Arbitrary code execution due to use-after-free vulnerability", "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.2.1 through 1.6.55, `png_set_tRNS` and `png_set_PLTE` each alias a heap-allocated buffer between `png_struct` and `png_info`, sharing a single allocation across two structs with independent lifetimes. The `trans_alpha` aliasing has been present since at least libpng 1.0, and the `palette` aliasing since at least 1.2.1. Both affect all prior release lines `png_set_tRNS` sets `png_ptr-\u003etrans_alpha = info_ptr-\u003etrans_alpha` (256-byte buffer) and `png_set_PLTE` sets `info_ptr-\u003epalette = png_ptr-\u003epalette` (768-byte buffer). In both cases, calling `png_free_data` (with `PNG_FREE_TRNS` or `PNG_FREE_PLTE`) frees the buffer through `info_ptr` while the corresponding `png_ptr` pointer remains dangling. Subsequent row-transform functions dereference and, in some code paths, write to the freed memory. A second call to `png_set_tRNS` or `png_set_PLTE` has the same effect, because both functions call `png_free_data` internally before reallocating the `info_ptr` buffer. Version 1.6.56 fixes the issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:9693", "https://access.redhat.com/security/cve/CVE-2026-33416", "https://bugzilla.redhat.com/show_bug.cgi?id=2451805", "https://bugzilla.redhat.com/show_bug.cgi?id=2451819", "https://bugzilla.redhat.com/show_bug.cgi?id=2455897", "https://bugzilla.redhat.com/show_bug.cgi?id=2455901", "https://bugzilla.redhat.com/show_bug.cgi?id=2455908", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33416", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33636", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5731", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5732", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5734", "https://errata.almalinux.org/9/ALSA-2026-9693.html", "https://errata.rockylinux.org/RLSA-2026:8459", "https://github.com/pnggroup/libpng/commit/23019269764e35ed8458e517f1897bd3c54820eb", "https://github.com/pnggroup/libpng/commit/7ea9eea884a2328cc7fdcb3c0c00246a50d90667", "https://github.com/pnggroup/libpng/commit/a3a21443ed12bfa1ef46fa0d4fb2b74a0fa34a25", "https://github.com/pnggroup/libpng/commit/c1b0318b393c90679e6fa5bc1d329fd5d5012ec1", "https://github.com/pnggroup/libpng/pull/824", "https://github.com/pnggroup/libpng/security/advisories/GHSA-m4pc-p4q3-4c7j", "https://linux.oracle.com/cve/CVE-2026-33416.html", "https://linux.oracle.com/errata/ELSA-2026-9693.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-33416", "https://ubuntu.com/security/notices/USN-8251-1", "https://www.cve.org/CVERecord?id=CVE-2026-33416" ], "PublishedDate": "2026-03-26T17:16:38.443Z", "LastModifiedDate": "2026-04-02T20:28:33.973Z" }, { "VulnerabilityID": "CVE-2026-33636", "PkgID": "libpng@1.6.44-r0", "PkgName": "libpng", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libpng@1.6.44-r0?arch=x86_64\u0026distro=3.20.3", "UID": "e29ba48026f32d89" }, "InstalledVersion": "1.6.44-r0", "FixedVersion": "1.6.56-r0", "Status": "fixed", "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33636", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:d1798360723eacea8651a6ac09b94e12f167c01d095c31534ebfcd1448ce7e83", "Title": "libpng: libpng: Information disclosure and denial of service via out-of-bounds read/write in Neon palette expansion", "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. In versions 1.6.36 through 1.6.55, an out-of-bounds read and write exists in libpng's ARM/AArch64 Neon-optimized palette expansion path. When expanding 8-bit paletted rows to RGB or RGBA, the Neon loop processes a final partial chunk without verifying that enough input pixels remain. Because the implementation works backward from the end of the row, the final iteration dereferences pointers before the start of the row buffer (OOB read) and writes expanded pixel data to the same underflowed positions (OOB write). This is reachable via normal decoding of attacker-controlled PNG input if Neon is enabled. Version 1.6.56 fixes the issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125", "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:H", "V3Score": 7.6 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:9693", "https://access.redhat.com/security/cve/CVE-2026-33636", "https://bugzilla.redhat.com/show_bug.cgi?id=2451819", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33636", "https://errata.almalinux.org/9/ALSA-2026-9693.html", "https://errata.rockylinux.org/RLSA-2026:14791", "https://github.com/pnggroup/libpng/commit/7734cda20cf1236aef60f3bbd2267c97bbb40869", "https://github.com/pnggroup/libpng/commit/aba9f18eba870d14fb52c5ba5d73451349e339c3", "https://github.com/pnggroup/libpng/security/advisories/GHSA-wjr5-c57x-95m2", "https://linux.oracle.com/cve/CVE-2026-33636.html", "https://linux.oracle.com/errata/ELSA-2026-9693.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-33636", "https://ubuntu.com/security/notices/USN-8251-1", "https://www.cve.org/CVERecord?id=CVE-2026-33636" ], "PublishedDate": "2026-03-26T17:16:41.477Z", "LastModifiedDate": "2026-04-02T18:42:02.667Z" }, { "VulnerabilityID": "CVE-2026-34757", "PkgID": "libpng@1.6.44-r0", "PkgName": "libpng", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libpng@1.6.44-r0?arch=x86_64\u0026distro=3.20.3", "UID": "e29ba48026f32d89" }, "InstalledVersion": "1.6.44-r0", "FixedVersion": "1.6.57-r0", "Status": "fixed", "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34757", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:8cbe2d00ff1387ed30628b4c0f5a887c6918973f33799a6fd61a2f93f742abbc", "Title": "libpng: libpng: Information disclosure and data corruption via use-after-free vulnerability", "Description": "LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. From 1.0.9 to before 1.6.57, passing a pointer obtained from png_get_PLTE, png_get_tRNS, or png_get_hIST back into the corresponding setter on the same png_struct/png_info pair causes the setter to read from freed memory and copy its contents into the replacement buffer. The setter frees the internal buffer before copying from the caller-supplied pointer, which now dangles. The freed region may contain stale data (producing silently corrupted chunk metadata) or data from subsequent heap allocations (leaking unrelated heap contents into the chunk struct). This vulnerability is fixed in 1.6.57.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 2, "azure": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-34757", "https://github.com/pnggroup/libpng/commit/398cbe3df03f4e11bb031e07f416dfdde3684e8a", "https://github.com/pnggroup/libpng/commit/55d20aaa322c9274491cda82c5cd4f99b48c6bcc", "https://github.com/pnggroup/libpng/issues/836", "https://github.com/pnggroup/libpng/issues/837", "https://github.com/pnggroup/libpng/security/advisories/GHSA-6fr7-g8h7-v645", "https://lists.debian.org/debian-lts-announce/2026/05/msg00017.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-34757", "https://ubuntu.com/security/notices/USN-8251-1", "https://www.cve.org/CVERecord?id=CVE-2026-34757" ], "PublishedDate": "2026-04-09T15:16:11.003Z", "LastModifiedDate": "2026-05-13T23:07:51.863Z" }, { "VulnerabilityID": "CVE-2026-31789", "PkgID": "libssl3@3.3.2-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "c6ddd7b4b8d1fc36" }, "InstalledVersion": "3.3.2-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31789", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:3192f6e7ad34cbbd5041d70e667f0914365e935741108b37e9db8ce9a8b0b446", "Title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing", "Description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "CRITICAL", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "azure": 2, "nvd": 4, "photon": 4, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", "V3Score": 5.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31789", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-j79m-9jxq-788r", "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-31789", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.617Z", "LastModifiedDate": "2026-05-12T13:17:34.57Z" }, { "VulnerabilityID": "CVE-2024-12797", "PkgID": "libssl3@3.3.2-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "c6ddd7b4b8d1fc36" }, "InstalledVersion": "3.3.2-r0", "FixedVersion": "3.3.3-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-12797", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:e8b334e54f7abec2f2f14f0152ec3e01d5b24c3d2c8edcbe87234338a769279f", "Title": "openssl: RFC7250 handshakes with unauthenticated servers don't abort as expected", "Description": "Issue summary: Clients using RFC7250 Raw Public Keys (RPKs) to authenticate a\nserver may fail to notice that the server was not authenticated, because\nhandshakes don't abort as expected when the SSL_VERIFY_PEER verification mode\nis set.\n\nImpact summary: TLS and DTLS connections using raw public keys may be\nvulnerable to man-in-middle attacks when server authentication failure is not\ndetected by clients.\n\nRPKs are disabled by default in both TLS clients and TLS servers. The issue\nonly arises when TLS clients explicitly enable RPK use by the server, and the\nserver, likewise, enables sending of an RPK instead of an X.509 certificate\nchain. The affected clients are those that then rely on the handshake to\nfail when the server's RPK fails to match one of the expected public keys,\nby setting the verification mode to SSL_VERIFY_PEER.\n\nClients that enable server-side raw public keys can still find out that raw\npublic key verification failed by calling SSL_get_verify_result(), and those\nthat do, and take appropriate action, are not affected. This issue was\nintroduced in the initial implementation of RPK support in OpenSSL 3.2.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-392" ], "VendorSeverity": { "alma": 3, "azure": 3, "cbl-mariner": 3, "ghsa": 1, "oracle-oval": 3, "redhat": 3, "rocky": 3, "ubuntu": 3 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/02/11/3", "http://www.openwall.com/lists/oss-security/2025/02/11/4", "https://access.redhat.com/errata/RHSA-2025:1330", "https://access.redhat.com/security/cve/CVE-2024-12797", "https://bugzilla.redhat.com/2342757", "https://bugzilla.redhat.com/show_bug.cgi?id=2342757", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12797", "https://errata.almalinux.org/9/ALSA-2025-1330.html", "https://errata.rockylinux.org/RLSA-2025:1330", "https://github.com/openssl/openssl/commit/738d4f9fdeaad57660dcba50a619fafced3fd5e9", "https://github.com/openssl/openssl/commit/798779d43494549b611233f92652f0da5328fbe7", "https://github.com/openssl/openssl/commit/87ebd203feffcf92ad5889df92f90bb0ee10a699", "https://github.com/pyca/cryptography", "https://github.com/pyca/cryptography/security/advisories/GHSA-79v4-65xg-pq4g", "https://linux.oracle.com/cve/CVE-2024-12797.html", "https://linux.oracle.com/errata/ELSA-2025-1330.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-12797", "https://openssl-library.org/news/secadv/20250211.txt", "https://security.netapp.com/advisory/ntap-20250214-0001/", "https://ubuntu.com/security/notices/USN-7264-1", "https://www.cve.org/CVERecord?id=CVE-2024-12797" ], "PublishedDate": "2025-02-11T16:15:38.827Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-15467", "PkgID": "libssl3@3.3.2-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "c6ddd7b4b8d1fc36" }, "InstalledVersion": "3.3.2-r0", "FixedVersion": "3.3.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15467", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:3e4b9631d37814c8165d5cb05cf2f04ad428535d8259103309b8e848ecc52f78", "Title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing", "Description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 4, "julia": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 8.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/27/10", "http://www.openwall.com/lists/oss-security/2026/02/25/6", "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-15467", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-wvhq-3h88-rf6g", "https://github.com/guiimoraes/CVE-2025-15467", "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://linux.oracle.com/cve/CVE-2025-15467.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://www.cve.org/CVERecord?id=CVE-2025-15467" ], "PublishedDate": "2026-01-27T16:16:14.257Z", "LastModifiedDate": "2026-05-07T18:12:43.253Z" }, { "VulnerabilityID": "CVE-2025-69421", "PkgID": "libssl3@3.3.2-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "c6ddd7b4b8d1fc36" }, "InstalledVersion": "3.3.2-r0", "FixedVersion": "3.3.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69421", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:ea6b0a9d64210b3ae7a2c3c9edc7e4456d00ce56676c5361b2df3cfdb6531b23", "Title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing", "Description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "cbl-mariner": 2, "julia": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 1, "rocky": 3, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-69421", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-w9rv-xc8m-cmqp", "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://linux.oracle.com/cve/CVE-2025-69421.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69421" ], "PublishedDate": "2026-01-27T16:16:34.437Z", "LastModifiedDate": "2026-05-12T13:17:26.71Z" }, { "VulnerabilityID": "CVE-2026-28387", "PkgID": "libssl3@3.3.2-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "c6ddd7b4b8d1fc36" }, "InstalledVersion": "3.3.2-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28387", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:84adba333700bc4765c878b821cab1238e683cd6025f41190a6d101cd3a63839", "Title": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication", "Description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as 'unusable' any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28387", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b", "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe", "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3", "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7", "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177", "https://nvd.nist.gov/vuln/detail/CVE-2026-28387", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28387", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:20.7Z", "LastModifiedDate": "2026-05-12T13:17:33.27Z" }, { "VulnerabilityID": "CVE-2026-28388", "PkgID": "libssl3@3.3.2-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "c6ddd7b4b8d1fc36" }, "InstalledVersion": "3.3.2-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28388", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:92f3a1d31fbb98645ce72c3dc55966dd583316cce6a99208a1bfae4f47ab35a0", "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing", "Description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28388", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28388", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:20.863Z", "LastModifiedDate": "2026-05-12T13:17:33.453Z" }, { "VulnerabilityID": "CVE-2026-28389", "PkgID": "libssl3@3.3.2-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "c6ddd7b4b8d1fc36" }, "InstalledVersion": "3.3.2-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28389", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:4eb5b3bb6f305566c5b3f981164095e9fdf939fc9bf2159110f35a2697a6ef3e", "Title": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing", "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28389", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/advisories/GHSA-7x88-9hgc-69gf", "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28389", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.03Z", "LastModifiedDate": "2026-05-12T13:17:33.637Z" }, { "VulnerabilityID": "CVE-2026-28390", "PkgID": "libssl3@3.3.2-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "c6ddd7b4b8d1fc36" }, "InstalledVersion": "3.3.2-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28390", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:773fde7e774ab8a52786717be3e989c0b90a1b1993a95c8f9aa0174719dda535", "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing", "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28390", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", "https://nvd.nist.gov/vuln/detail/CVE-2026-28390", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28390", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.19Z", "LastModifiedDate": "2026-05-12T13:17:33.81Z" }, { "VulnerabilityID": "CVE-2025-69419", "PkgID": "libssl3@3.3.2-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "c6ddd7b4b8d1fc36" }, "InstalledVersion": "3.3.2-r0", "FixedVersion": "3.3.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69419", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:d8dcb9892c8a0702ecd8c040e1c2e582ae19dbf0354078321256d9fad0f628a9", "Title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing", "Description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "cbl-mariner": 3, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4472", "https://access.redhat.com/security/cve/CVE-2025-69419", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-4472.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-x77r-97gw-wh89", "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", "https://linux.oracle.com/cve/CVE-2025-69419.html", "https://linux.oracle.com/errata/ELSA-2026-50131.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69419" ], "PublishedDate": "2026-01-27T16:16:34.113Z", "LastModifiedDate": "2026-05-12T13:17:26.19Z" }, { "VulnerabilityID": "CVE-2025-9230", "PkgID": "libssl3@3.3.2-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "c6ddd7b4b8d1fc36" }, "InstalledVersion": "3.3.2-r0", "FixedVersion": "3.3.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:9ec7e2f99720ef8080aa90597d7c48f748af6d55adeeaa42ab60933fddd9d13a", "Title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap", "Description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125", "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "cbl-mariner": 3, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.6 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/09/30/5", "https://access.redhat.com/errata/RHSA-2026:2776", "https://access.redhat.com/security/cve/CVE-2025-9230", "https://bugzilla.redhat.com/2396054", "https://bugzilla.redhat.com/show_bug.cgi?id=2396054", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cert-portal.siemens.com/productcert/html/ssa-485750.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230", "https://errata.almalinux.org/9/ALSA-2026-2776.html", "https://errata.rockylinux.org/RLSA-2025:21255", "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", "https://linux.oracle.com/cve/CVE-2025-9230.html", "https://linux.oracle.com/errata/ELSA-2026-50114.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "https://openssl-library.org/news/secadv/20250930.txt", "https://ubuntu.com/security/notices/USN-7786-1", "https://www.cve.org/CVERecord?id=CVE-2025-9230" ], "PublishedDate": "2025-09-30T14:15:41.05Z", "LastModifiedDate": "2026-05-12T13:17:29.767Z" }, { "VulnerabilityID": "CVE-2025-9231", "PkgID": "libssl3@3.3.2-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "c6ddd7b4b8d1fc36" }, "InstalledVersion": "3.3.2-r0", "FixedVersion": "3.3.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:1b755f8cff5cfbfd8ff0cfde0572183551f69923dee1f45be52a929f451bfbcd", "Title": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", "Description": "Issue summary: A timing side-channel which could potentially allow remote\nrecovery of the private key exists in the SM2 algorithm implementation on 64 bit\nARM platforms.\n\nImpact summary: A timing side-channel in SM2 signature computations on 64 bit\nARM platforms could allow recovering the private key by an attacker..\n\nWhile remote key recovery over a network was not attempted by the reporter,\ntiming measurements revealed a timing signal which may allow such an attack.\n\nOpenSSL does not directly support certificates with SM2 keys in TLS, and so\nthis CVE is not relevant in most TLS contexts. However, given that it is\npossible to add support for such certificates via a custom provider, coupled\nwith the fact that in such a custom provider context the private key may be\nrecoverable via remote timing measurements, we consider this to be a Moderate\nseverity issue.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as SM2 is not an approved algorithm.", "Severity": "MEDIUM", "CweIDs": [ "CWE-385" ], "VendorSeverity": { "amazon": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/09/30/5", "http://www.openwall.com/lists/oss-security/2026/05/11/11", "https://access.redhat.com/security/cve/CVE-2025-9231", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", "https://github.com/advisories/GHSA-9mrx-mqmg-gwj9", "https://github.com/openssl/openssl/commit/567f64386e43683888212226824b6a179885a0fe", "https://github.com/openssl/openssl/commit/cba616c26ac8e7b37de5e77762e505ba5ca51698", "https://github.com/openssl/openssl/commit/eed5adc9f969d77c94f213767acbb41ff923b6f4", "https://github.com/openssl/openssl/commit/fc47a2ec078912b3e914fab5734535e76c4820c2", "https://nvd.nist.gov/vuln/detail/CVE-2025-9231", "https://openssl-library.org/news/secadv/20250930.txt", "https://ubuntu.com/security/notices/USN-7786-1", "https://www.cve.org/CVERecord?id=CVE-2025-9231" ], "PublishedDate": "2025-09-30T14:15:41.19Z", "LastModifiedDate": "2026-05-12T13:17:29.927Z" }, { "VulnerabilityID": "CVE-2026-31790", "PkgID": "libssl3@3.3.2-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "c6ddd7b4b8d1fc36" }, "InstalledVersion": "3.3.2-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31790", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:86dbb7f3c64a42ce7056e3cb8a41c1fef658945041a797af1e797686a1ac24c8", "Title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key", "Description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-754" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31790", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-vgxx-5xj5-q97x", "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-31790", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.77Z", "LastModifiedDate": "2026-05-12T13:17:34.75Z" }, { "VulnerabilityID": "CVE-2025-26519", "PkgID": "musl@1.2.5-r0", "PkgName": "musl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl@1.2.5-r0?arch=x86_64\u0026distro=3.20.3", "UID": "d76e86ca8c96b6ac" }, "InstalledVersion": "1.2.5-r0", "FixedVersion": "1.2.5-r1", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-26519", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:a727aa52cbae014532be6b432c52d4bc6f278c46952fc210526842c880c7d88d", "Title": "musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write ...", "Description": "musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "nvd": 3 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/02/13/2", "http://www.openwall.com/lists/oss-security/2025/02/13/3", "http://www.openwall.com/lists/oss-security/2025/02/13/4", "http://www.openwall.com/lists/oss-security/2025/02/13/5", "http://www.openwall.com/lists/oss-security/2025/02/14/5", "http://www.openwall.com/lists/oss-security/2025/02/14/6", "https://git.musl-libc.org/cgit/musl/commit/?id=c47ad25ea3b484e10326f933e927c0bc8cded3da", "https://git.musl-libc.org/cgit/musl/commit/?id=e5adcd97b5196e29991b524237381a0202a60659", "https://www.openwall.com/lists/oss-security/2025/02/13/2" ], "PublishedDate": "2025-02-14T04:15:09.05Z", "LastModifiedDate": "2025-12-10T20:03:59.273Z" }, { "VulnerabilityID": "CVE-2026-40200", "PkgID": "musl@1.2.5-r0", "PkgName": "musl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl@1.2.5-r0?arch=x86_64\u0026distro=3.20.3", "UID": "d76e86ca8c96b6ac" }, "InstalledVersion": "1.2.5-r0", "FixedVersion": "1.2.5-r3", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40200", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:240b4b1b174030ab0bc7b47f7acb1c00fd1ed5ceaf9c644fd1d57998f29a9eb8", "Title": "musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort", "Description": "An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).", "Severity": "HIGH", "CweIDs": [ "CWE-670" ], "VendorSeverity": { "redhat": 3 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/10/13", "https://access.redhat.com/security/cve/CVE-2026-40200", "https://musl.libc.org/releases.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-40200", "https://www.cve.org/CVERecord?id=CVE-2026-40200", "https://www.openwall.com/lists/oss-security/2026/04/10/13" ], "PublishedDate": "2026-04-10T17:17:14.107Z", "LastModifiedDate": "2026-04-27T19:18:46.69Z" }, { "VulnerabilityID": "CVE-2026-6042", "PkgID": "musl@1.2.5-r0", "PkgName": "musl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl@1.2.5-r0?arch=x86_64\u0026distro=3.20.3", "UID": "d76e86ca8c96b6ac" }, "InstalledVersion": "1.2.5-r0", "FixedVersion": "1.2.5-r2", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6042", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:4225097f346fb36e5e66ffc15adff5168cd762c2a51f67dd889aee22ad839594", "Title": "musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv", "Description": "A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.", "Severity": "MEDIUM", "CweIDs": [ "CWE-404", "CWE-407" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/09/19", "https://access.redhat.com/security/cve/CVE-2026-6042", "https://nvd.nist.gov/vuln/detail/CVE-2026-6042", "https://vuldb.com/submit/796352", "https://vuldb.com/vuln/356620", "https://vuldb.com/vuln/356620/cti", "https://www.cve.org/CVERecord?id=CVE-2026-6042", "https://www.openwall.com/lists/oss-security/2026/04/02/10", "https://www.openwall.com/lists/oss-security/2026/04/03/2" ], "PublishedDate": "2026-04-10T09:16:25.45Z", "LastModifiedDate": "2026-04-24T18:01:13.913Z" }, { "VulnerabilityID": "CVE-2025-26519", "PkgID": "musl-utils@1.2.5-r0", "PkgName": "musl-utils", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r0?arch=x86_64\u0026distro=3.20.3", "UID": "a313fc68c87a2f4d" }, "InstalledVersion": "1.2.5-r0", "FixedVersion": "1.2.5-r1", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-26519", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:cf18e324e2464871d5e1c1fe0e1af0fba498ed096111bab7cc2aa3c071eb319f", "Title": "musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write ...", "Description": "musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "nvd": 3 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/02/13/2", "http://www.openwall.com/lists/oss-security/2025/02/13/3", "http://www.openwall.com/lists/oss-security/2025/02/13/4", "http://www.openwall.com/lists/oss-security/2025/02/13/5", "http://www.openwall.com/lists/oss-security/2025/02/14/5", "http://www.openwall.com/lists/oss-security/2025/02/14/6", "https://git.musl-libc.org/cgit/musl/commit/?id=c47ad25ea3b484e10326f933e927c0bc8cded3da", "https://git.musl-libc.org/cgit/musl/commit/?id=e5adcd97b5196e29991b524237381a0202a60659", "https://www.openwall.com/lists/oss-security/2025/02/13/2" ], "PublishedDate": "2025-02-14T04:15:09.05Z", "LastModifiedDate": "2025-12-10T20:03:59.273Z" }, { "VulnerabilityID": "CVE-2026-40200", "PkgID": "musl-utils@1.2.5-r0", "PkgName": "musl-utils", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r0?arch=x86_64\u0026distro=3.20.3", "UID": "a313fc68c87a2f4d" }, "InstalledVersion": "1.2.5-r0", "FixedVersion": "1.2.5-r3", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40200", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:62a59bae1df40f0ae3d8f5a8718ffcfa79bf1a9b60ddbf4bb4bd7f8a6eec76a4", "Title": "musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort", "Description": "An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).", "Severity": "HIGH", "CweIDs": [ "CWE-670" ], "VendorSeverity": { "redhat": 3 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/10/13", "https://access.redhat.com/security/cve/CVE-2026-40200", "https://musl.libc.org/releases.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-40200", "https://www.cve.org/CVERecord?id=CVE-2026-40200", "https://www.openwall.com/lists/oss-security/2026/04/10/13" ], "PublishedDate": "2026-04-10T17:17:14.107Z", "LastModifiedDate": "2026-04-27T19:18:46.69Z" }, { "VulnerabilityID": "CVE-2026-6042", "PkgID": "musl-utils@1.2.5-r0", "PkgName": "musl-utils", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r0?arch=x86_64\u0026distro=3.20.3", "UID": "a313fc68c87a2f4d" }, "InstalledVersion": "1.2.5-r0", "FixedVersion": "1.2.5-r2", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6042", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:99236924f1de4590f536151146e93a73979976e94f5efca2132b6daf3a1111b8", "Title": "musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv", "Description": "A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.", "Severity": "MEDIUM", "CweIDs": [ "CWE-404", "CWE-407" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/09/19", "https://access.redhat.com/security/cve/CVE-2026-6042", "https://nvd.nist.gov/vuln/detail/CVE-2026-6042", "https://vuldb.com/submit/796352", "https://vuldb.com/vuln/356620", "https://vuldb.com/vuln/356620/cti", "https://www.cve.org/CVERecord?id=CVE-2026-6042", "https://www.openwall.com/lists/oss-security/2026/04/02/10", "https://www.openwall.com/lists/oss-security/2026/04/03/2" ], "PublishedDate": "2026-04-10T09:16:25.45Z", "LastModifiedDate": "2026-04-24T18:01:13.913Z" }, { "VulnerabilityID": "CVE-2024-58251", "PkgID": "ssl_client@1.36.1-r29", "PkgName": "ssl_client", "PkgIdentifier": { "PURL": "pkg:apk/alpine/ssl_client@1.36.1-r29?arch=x86_64\u0026distro=3.20.3", "UID": "98ff5cbbbcd05de1" }, "InstalledVersion": "1.36.1-r29", "FixedVersion": "1.36.1-r31", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:fd3dcaefe79eeb607142505e9afa1284bc3ef9d44b47444d630bcbc7154022b2", "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", "Severity": "MEDIUM", "CweIDs": [ "CWE-150" ], "VendorSeverity": { "ubuntu": 2 }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/23/6", "https://bugs.busybox.net/show_bug.cgi?id=15922", "https://www.busybox.net", "https://www.busybox.net/downloads/", "https://www.cve.org/CVERecord?id=CVE-2024-58251" ], "PublishedDate": "2025-04-23T18:16:03.057Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-5994", "PkgID": "unbound-libs@1.20.0-r0", "PkgName": "unbound-libs", "PkgIdentifier": { "PURL": "pkg:apk/alpine/unbound-libs@1.20.0-r0?arch=x86_64\u0026distro=3.20.3", "UID": "3b561481a45e3738" }, "InstalledVersion": "1.20.0-r0", "FixedVersion": "1.20.0-r2", "Status": "fixed", "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5994", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:53dd13085d6fe62b0f9526d029cea91a70c8c2d72be113aaaf0c39c65b24488a", "Title": "unbound: Unbound Cache poisoning", "Description": "A multi-vendor cache poisoning vulnerability named 'Rebirthday Attack' has been discovered in caching resolvers that support EDNS Client Subnet (ECS). Unbound is also vulnerable when compiled with ECS support, i.e., '--enable-subnet', AND configured to send ECS information along with queries to upstream name servers, i.e., at least one of the 'send-client-subnet', 'client-subnet-zone' or 'client-subnet-always-forward' options is used. Resolvers supporting ECS need to segregate outgoing queries to accommodate for different outgoing ECS information. This re-opens up resolvers to a birthday paradox attack (Rebirthday Attack) that tries to match the DNS transaction ID in order to cache non-ECS poisonous replies.", "Severity": "HIGH", "CweIDs": [ "CWE-349" ], "VendorSeverity": { "alma": 3, "amazon": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:11849", "https://access.redhat.com/security/cve/CVE-2025-5994", "https://bugzilla.redhat.com/2380949", "https://bugzilla.redhat.com/show_bug.cgi?id=2380949", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5994", "https://errata.almalinux.org/9/ALSA-2025-11849.html", "https://errata.rockylinux.org/RLSA-2025:11849", "https://linux.oracle.com/cve/CVE-2025-5994.html", "https://linux.oracle.com/errata/ELSA-2025-12064.html", "https://lists.debian.org/debian-lts-announce/2025/08/msg00019.html", "https://nlnetlabs.nl/downloads/unbound/CVE-2025-5994.txt", "https://nvd.nist.gov/vuln/detail/CVE-2025-5994", "https://ubuntu.com/security/notices/USN-7666-1", "https://www.cve.org/CVERecord?id=CVE-2025-5994" ], "PublishedDate": "2025-07-16T15:15:33.49Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-8508", "PkgID": "unbound-libs@1.20.0-r0", "PkgName": "unbound-libs", "PkgIdentifier": { "PURL": "pkg:apk/alpine/unbound-libs@1.20.0-r0?arch=x86_64\u0026distro=3.20.3", "UID": "3b561481a45e3738" }, "InstalledVersion": "1.20.0-r0", "FixedVersion": "1.20.0-r1", "Status": "fixed", "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-8508", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:31c274f0cab65582a62c51c117e3f46d61a787ae829728b66a62d2723376ab9b", "Title": "unbound: Unbounded name compression could lead to Denial of Service", "Description": "NLnet Labs Unbound up to and including version 1.21.0 contains a vulnerability when handling replies with very large RRsets that it needs to perform name compression for. Malicious upstreams responses with very large RRsets can cause Unbound to spend a considerable time applying name compression to downstream replies. This can lead to degraded performance and eventually denial of service in well orchestrated attacks. The vulnerability can be exploited by a malicious actor querying Unbound for the specially crafted contents of a malicious zone with very large RRsets. Before Unbound replies to the query it will try to apply name compression which was an unbounded operation that could lock the CPU until the whole packet was complete. Unbound version 1.21.1 introduces a hard limit on the number of name compression calculations it is willing to do per packet. Packets that need more compression will result in semi-compressed packets or truncated packets, even on TCP for huge messages, to avoid locking the CPU for long. This change should not affect normal DNS traffic.", "Severity": "MEDIUM", "CweIDs": [ "CWE-606", "CWE-1284" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/10/04/5", "https://access.redhat.com/errata/RHSA-2024:11232", "https://access.redhat.com/security/cve/CVE-2024-8508", "https://bugzilla.redhat.com/2316321", "https://bugzilla.redhat.com/show_bug.cgi?id=2316321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8508", "https://errata.almalinux.org/9/ALSA-2024-11232.html", "https://errata.rockylinux.org/RLSA-2025:8197", "https://linux.oracle.com/cve/CVE-2024-8508.html", "https://linux.oracle.com/errata/ELSA-2025-8197.html", "https://lists.debian.org/debian-lts-announce/2024/11/msg00009.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-8508", "https://ubuntu.com/security/notices/USN-7080-1", "https://www.cve.org/CVERecord?id=CVE-2024-8508", "https://www.nlnetlabs.nl/downloads/unbound/CVE-2024-8508.txt" ], "PublishedDate": "2024-10-03T17:15:15.323Z", "LastModifiedDate": "2024-12-17T19:28:03.767Z" }, { "VulnerabilityID": "CVE-2025-11411", "PkgID": "unbound-libs@1.20.0-r0", "PkgName": "unbound-libs", "PkgIdentifier": { "PURL": "pkg:apk/alpine/unbound-libs@1.20.0-r0?arch=x86_64\u0026distro=3.20.3", "UID": "3b561481a45e3738" }, "InstalledVersion": "1.20.0-r0", "FixedVersion": "1.20.0-r2", "Status": "fixed", "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11411", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:017265aeb5be1ca7e0051e04b4e126617b7df4c51fb372903187b73e4879d26f", "Title": "unbound: Unbound domain hijacking via promiscuous records", "Description": "NLnet Labs Unbound up to and including version 1.24.1 is vulnerable to possible domain hijack attacks. Promiscuous NS RRSets that complement positive DNS replies in the authority section can be used to trick resolvers to update their delegation information for the zone. Usually these RRSets are used to update the resolver's knowledge of the zone's name servers. A malicious actor can exploit the possible poisonous effect by injecting NS RRSets (and possibly their respective address records) in a reply. This could be done for example by trying to spoof a packet or fragmentation attacks. Unbound would then proceed to update the NS RRSet data it already has since the new data has enough trust for it, i.e., in-zone data for the delegation point. Unbound 1.24.1 includes a fix that scrubs unsolicited NS RRSets (and their respective address records) from replies mitigating the possible poison effect. Unbound 1.24.2 includes an additional fix that scrubs unsolicited NS RRSets (and their respective address records) from YXDOMAIN and non-referral nodata replies, further mitigating the possible poison effect.", "Severity": "MEDIUM", "CweIDs": [ "CWE-349" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N", "V3Score": 6.1 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/11/26/4", "https://access.redhat.com/security/cve/CVE-2025-11411", "https://lists.debian.org/debian-lts-announce/2025/11/msg00008.html", "https://lists.debian.org/debian-lts-announce/2025/11/msg00032.html", "https://nlnetlabs.nl/news/2025/Nov/26/unbound-1.24.2-released/", "https://nvd.nist.gov/vuln/detail/CVE-2025-11411", "https://ubuntu.com/security/notices/USN-7855-1", "https://ubuntu.com/security/notices/USN-7855-2", "https://www.cve.org/CVERecord?id=CVE-2025-11411", "https://www.nlnetlabs.nl/downloads/unbound/CVE-2025-11411.txt" ], "PublishedDate": "2025-10-22T13:15:29.21Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-31115", "PkgID": "xz-libs@5.6.2-r0", "PkgName": "xz-libs", "PkgIdentifier": { "PURL": "pkg:apk/alpine/xz-libs@5.6.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "e1c0785d9b1550b7" }, "InstalledVersion": "5.6.2-r0", "FixedVersion": "5.6.2-r1", "Status": "fixed", "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-31115", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:f8e0b716ad5eb291eb7fbe7916e31f6e148c45ea2aed8a81301be807a2c74381", "Title": "xz: XZ has a heap-use-after-free bug in threaded .xz decoder", "Description": "XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on the null pointer plus an offset. Applications and libraries that use the lzma_stream_decoder_mt function are affected. The bug has been fixed in XZ Utils 5.8.1, and the fix has been committed to the v5.4, v5.6, v5.8, and master branches in the xz Git repository. No new release packages will be made from the old stable branches, but a standalone patch is available that applies to all affected releases.", "Severity": "HIGH", "CweIDs": [ "CWE-366", "CWE-416", "CWE-476", "CWE-826" ], "VendorSeverity": { "azure": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/03/1", "http://www.openwall.com/lists/oss-security/2025/04/03/2", "http://www.openwall.com/lists/oss-security/2025/04/03/3", "https://access.redhat.com/security/cve/CVE-2025-31115", "https://bugzilla.redhat.com/show_bug.cgi?id=2357249", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31115", "https://errata.rockylinux.org/RLSA-2025:7524", "https://github.com/tukaani-project/xz/commit/d5a2ffe41bb77b918a8c96084885d4dbe4bf6480", "https://github.com/tukaani-project/xz/security/advisories/GHSA-6cc8-p5mm-29w2", "https://linux.oracle.com/cve/CVE-2025-31115.html", "https://linux.oracle.com/errata/ELSA-2025-7524.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-31115", "https://tukaani.org/xz/xz-cve-2025-31115.patch", "https://ubuntu.com/security/notices/USN-7414-1", "https://www.cve.org/CVERecord?id=CVE-2025-31115" ], "PublishedDate": "2025-04-03T17:15:30.54Z", "LastModifiedDate": "2026-05-12T13:16:40.627Z" }, { "VulnerabilityID": "CVE-2026-34743", "PkgID": "xz-libs@5.6.2-r0", "PkgName": "xz-libs", "PkgIdentifier": { "PURL": "pkg:apk/alpine/xz-libs@5.6.2-r0?arch=x86_64\u0026distro=3.20.3", "UID": "e1c0785d9b1550b7" }, "InstalledVersion": "5.6.2-r0", "FixedVersion": "5.8.3-r0", "Status": "fixed", "Layer": { "Digest": "sha256:36749235761f7ed191b15c824b607a01c6a9f52fa47fab2151a030353d9e6823", "DiffID": "sha256:b9be798fe99e928893d47e5191e546e3d9fb115fccd5547d57bc945af7ff4b6a" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34743", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:4570b773257acd5519a44989ea96ea2101a4ee89c804ce616cb5dc3915e091c0", "Title": "xz: XZ Utils: Denial of Service via buffer overflow in index decoding", "Description": "XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.", "Severity": "MEDIUM", "CweIDs": [ "CWE-122" ], "VendorSeverity": { "azure": 1, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/31/13", "https://access.redhat.com/security/cve/CVE-2026-34743", "https://github.com/tukaani-project/xz/commit/c8c22869e780ff57c96b46939c3d79ff99395f87", "https://github.com/tukaani-project/xz/releases/tag/v5.8.3", "https://github.com/tukaani-project/xz/security/advisories/GHSA-x872-m794-cxhv", "https://nvd.nist.gov/vuln/detail/CVE-2026-34743", "https://www.cve.org/CVERecord?id=CVE-2026-34743" ], "PublishedDate": "2026-04-02T19:21:33.187Z", "LastModifiedDate": "2026-04-15T17:33:17.68Z" }, { "VulnerabilityID": "CVE-2026-22184", "PkgID": "zlib@1.3.1-r1", "PkgName": "zlib", "PkgIdentifier": { "PURL": "pkg:apk/alpine/zlib@1.3.1-r1?arch=x86_64\u0026distro=3.20.3", "UID": "d805a98dcdd1a894" }, "InstalledVersion": "1.3.1-r1", "FixedVersion": "1.3.2-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22184", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:9d24c6ec2447be94b0317a9e843d58818d4cb3cd10bbf10a9933851fb7ac9e41", "Title": "zlib: zlib: Arbitrary code execution via buffer overflow in untgz utility", "Description": "zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "nvd": 3, "redhat": 3 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "V3Score": 8.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-22184", "https://github.com/madler/zlib", "https://github.com/madler/zlib/issues/1142", "https://nvd.nist.gov/vuln/detail/CVE-2026-22184", "https://seclists.org/fulldisclosure/2026/Jan/3", "https://www.cve.org/CVERecord?id=CVE-2026-22184", "https://www.vulncheck.com/advisories/zlib-untgz-global-buffer-overflow-in-tgzfname", "https://zlib.net/" ], "PublishedDate": "2026-01-07T21:16:01.563Z", "LastModifiedDate": "2026-03-18T16:26:31.14Z" }, { "VulnerabilityID": "CVE-2026-27171", "PkgID": "zlib@1.3.1-r1", "PkgName": "zlib", "PkgIdentifier": { "PURL": "pkg:apk/alpine/zlib@1.3.1-r1?arch=x86_64\u0026distro=3.20.3", "UID": "d805a98dcdd1a894" }, "InstalledVersion": "1.3.1-r1", "FixedVersion": "1.3.2-r0", "Status": "fixed", "Layer": { "Digest": "sha256:68c4ea3779b6af5b39b50c9db4969933126112e7a1bddfd7d229687e8e4229fe", "DiffID": "sha256:877036b083444b81229692659857a1c806d1c4bb7bbc505c05ba4276967c9a33" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27171", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:30eb18a082f4f8ba43eea88a3c709ed9a8e58ebab438c6ce5f962a8690a63e9a", "Title": "zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions", "Description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", "Severity": "MEDIUM", "CweIDs": [ "CWE-1284" ], "VendorSeverity": { "amazon": 1, "azure": 1, "cbl-mariner": 1, "julia": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 2.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit", "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", "https://access.redhat.com/security/cve/CVE-2026-27171", "https://github.com/advisories/GHSA-h858-mf2m-8jf4", "https://github.com/madler/zlib/issues/904", "https://github.com/madler/zlib/releases/tag/v1.3.2", "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", "https://ostif.org/zlib-audit-complete", "https://ostif.org/zlib-audit-complete/", "https://www.cve.org/CVERecord?id=CVE-2026-27171" ], "PublishedDate": "2026-02-18T04:16:01.263Z", "LastModifiedDate": "2026-03-25T21:27:04.603Z" } ] } ] }, { "Namespace": "proxy", "Kind": "Deployment", "Name": "proxy", "Metadata": [ { "Size": 129033216, "OS": { "Family": "debian", "Name": "13.5" }, "ImageID": "sha256:1455a91ef4da65c2451f26ef959105bd6b21fe3a6445326649a341fa01f672d3", "DiffIDs": [ "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40", "sha256:98df1ca0e575d9026c1abd12994fad3c14effa4558d50b6961fd586930956b26", "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120", "sha256:89bfb82659d056dd4ef25b8b3f99c7a97874083d86d92924e931ffa2fb7c7861" ], "RepoTags": [ "python:3.11-slim" ], "RepoDigests": [ "python@sha256:2c285c669cc837aa3bcf1af23ea1932b7b5214f9c9d3aad22417446ad91cb4fb" ], "Reference": "python:3.11-slim", "ImageConfig": { "architecture": "amd64", "created": "2026-05-19T23:52:06.753979707Z", "history": [ { "created": "2026-05-18T00:00:00Z", "created_by": "# debian.sh --arch 'amd64' out/ 'trixie' '@1779062400'", "comment": "debuerreotype 0.17" }, { "created": "2026-05-19T23:43:52.900305759Z", "created_by": "ENV PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-19T23:43:52.900305759Z", "created_by": "ENV LANG=C.UTF-8", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-19T23:43:52.900305759Z", "created_by": "RUN /bin/sh -c set -eux; \tapt-get update; \tapt-get install -y --no-install-recommends \t\tca-certificates \t\tnetbase \t\ttzdata \t; \tapt-get dist-clean # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-05-19T23:43:52.900305759Z", "created_by": "ENV GPG_KEY=A035C8C19219BA821ECEA86B64E628F8D684696D", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-19T23:43:52.900305759Z", "created_by": "ENV PYTHON_VERSION=3.11.15", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-19T23:43:52.900305759Z", "created_by": "ENV PYTHON_SHA256=272179ddd9a2e41a0fc8e42e33dfbdca0b3711aa5abf372d3f2d51543d09b625", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-19T23:52:06.637283537Z", "created_by": "RUN /bin/sh -c set -eux; \t\tsavedAptMark=\"$(apt-mark showmanual)\"; \tapt-get update; \tapt-get install -y --no-install-recommends \t\tdpkg-dev \t\tgcc \t\tgnupg \t\tlibbluetooth-dev \t\tlibbz2-dev \t\tlibc6-dev \t\tlibdb-dev \t\tlibffi-dev \t\tlibgdbm-dev \t\tliblzma-dev \t\tlibncursesw5-dev \t\tlibreadline-dev \t\tlibsqlite3-dev \t\tlibssl-dev \t\tmake \t\ttk-dev \t\tuuid-dev \t\twget \t\txz-utils \t\tzlib1g-dev \t; \t\twget -O python.tar.xz \"https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz\"; \techo \"$PYTHON_SHA256 *python.tar.xz\" | sha256sum -c -; \twget -O python.tar.xz.asc \"https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc\"; \tGNUPGHOME=\"$(mktemp -d)\"; export GNUPGHOME; \tgpg --batch --keyserver hkps://keys.openpgp.org --recv-keys \"$GPG_KEY\"; \tgpg --batch --verify python.tar.xz.asc python.tar.xz; \tgpgconf --kill all; \trm -rf \"$GNUPGHOME\" python.tar.xz.asc; \tmkdir -p /usr/src/python; \ttar --extract --directory /usr/src/python --strip-components=1 --file python.tar.xz; \trm python.tar.xz; \t\tcd /usr/src/python; \tgnuArch=\"$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)\"; \t./configure \t\t--build=\"$gnuArch\" \t\t--enable-loadable-sqlite-extensions \t\t--enable-optimizations \t\t--enable-option-checking=fatal \t\t--enable-shared \t\t$(test \"${gnuArch%%-*}\" != 'riscv64' \u0026\u0026 echo '--with-lto') \t\t--with-ensurepip \t; \tnproc=\"$(nproc)\"; \tEXTRA_CFLAGS=\"$(dpkg-buildflags --get CFLAGS)\"; \tLDFLAGS=\"$(dpkg-buildflags --get LDFLAGS)\"; \tLDFLAGS=\"${LDFLAGS:-} -Wl,--strip-all\"; \tmake -j \"$nproc\" \t\t\"EXTRA_CFLAGS=${EXTRA_CFLAGS:-}\" \t\t\"LDFLAGS=${LDFLAGS:-}\" \t; \trm python; \tmake -j \"$nproc\" \t\t\"EXTRA_CFLAGS=${EXTRA_CFLAGS:-}\" \t\t\"LDFLAGS=${LDFLAGS:-} -Wl,-rpath='\\$\\$ORIGIN/../lib'\" \t\tpython \t; \tmake install; \t\tcd /; \trm -rf /usr/src/python; \t\tfind /usr/local -depth \t\t\\( \t\t\t\\( -type d -a \\( -name test -o -name tests -o -name idle_test \\) \\) \t\t\t-o \\( -type f -a \\( -name '*.pyc' -o -name '*.pyo' -o -name 'libpython*.a' \\) \\) \t\t\\) -exec rm -rf '{}' + \t; \t\tldconfig; \t\tapt-mark auto '.*' \u003e /dev/null; \tapt-mark manual $savedAptMark; \tfind /usr/local -type f -executable -not \\( -name '*tkinter*' \\) -exec ldd '{}' ';' \t\t| awk '/=\u003e/ { so = $(NF-1); if (index(so, \"/usr/local/\") == 1) { next }; gsub(\"^/(usr/)?\", \"\", so); printf \"*%s\\n\", so }' \t\t| sort -u \t\t| xargs -rt dpkg-query --search \t\t| awk 'sub(\":$\", \"\", $1) { print $1 }' \t\t| sort -u \t\t| xargs -r apt-mark manual \t; \tapt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \tapt-get dist-clean; \t\texport PYTHONDONTWRITEBYTECODE=1; \tpython3 --version; \t\tpip3 install \t\t--disable-pip-version-check \t\t--no-cache-dir \t\t--no-compile \t\t'setuptools==79.0.1' \t\t'wheel\u003c0.46' \t; \tpip3 --version # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-05-19T23:52:06.753979707Z", "created_by": "RUN /bin/sh -c set -eux; \tfor src in idle3 pip3 pydoc3 python3 python3-config; do \t\tdst=\"$(echo \"$src\" | tr -d 3)\"; \t\t[ -s \"/usr/local/bin/$src\" ]; \t\t[ ! -e \"/usr/local/bin/$dst\" ]; \t\tln -svT \"$src\" \"/usr/local/bin/$dst\"; \tdone # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-05-19T23:52:06.753979707Z", "created_by": "CMD [\"python3\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true } ], "os": "linux", "rootfs": { "type": "layers", "diff_ids": [ "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40", "sha256:98df1ca0e575d9026c1abd12994fad3c14effa4558d50b6961fd586930956b26", "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120", "sha256:89bfb82659d056dd4ef25b8b3f99c7a97874083d86d92924e931ffa2fb7c7861" ] }, "config": { "Cmd": [ "python3" ], "Env": [ "PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "LANG=C.UTF-8", "GPG_KEY=A035C8C19219BA821ECEA86B64E628F8D684696D", "PYTHON_VERSION=3.11.15", "PYTHON_SHA256=272179ddd9a2e41a0fc8e42e33dfbdca0b3711aa5abf372d3f2d51543d09b625" ] } }, "Layers": [ { "Size": 81049600, "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, { "Size": 4127232, "Digest": "sha256:8649771fee179d7c2590c94f533aaa5fceb70e36e25dec83672fe836d99577c5", "DiffID": "sha256:98df1ca0e575d9026c1abd12994fad3c14effa4558d50b6961fd586930956b26" }, { "Size": 43851264, "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" }, { "Size": 5120, "Digest": "sha256:45006ceeeea9e2ca59a046b6f4ac9a212e4b27b3d8d6e7d348b03f0aaccdac99", "DiffID": "sha256:89bfb82659d056dd4ef25b8b3f99c7a97874083d86d92924e931ffa2fb7c7861" } ] } ], "Results": [ { "Target": "python:3.11-slim (debian 13.5)", "Class": "os-pkgs", "Type": "debian", "Packages": [ { "ID": "adduser@3.152", "Name": "adduser", "Identifier": { "PURL": "pkg:deb/debian/adduser@3.152?arch=all\u0026distro=debian-13.5", "UID": "681428a4291e51" }, "Version": "3.152", "Arch": "all", "SrcName": "adduser", "SrcVersion": "3.152", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Debian Adduser Developers \u003cadduser@packages.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "passwd@1:4.17.4-2" ], "Layer": { "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" }, "InstalledFiles": [ "/usr/sbin/adduser", "/usr/sbin/deluser", "/usr/share/doc/adduser/NEWS.Debian.gz", "/usr/share/doc/adduser/README.gz", "/usr/share/doc/adduser/TODO", "/usr/share/doc/adduser/changelog.gz", "/usr/share/doc/adduser/copyright", "/usr/share/doc/adduser/examples/INSTALL", "/usr/share/doc/adduser/examples/README", "/usr/share/doc/adduser/examples/adduser.conf", "/usr/share/doc/adduser/examples/adduser.local", "/usr/share/doc/adduser/examples/adduser.local.conf", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/bash.bashrc", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/profile", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel.other/index.html", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bash_logout", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bash_profile", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bashrc", "/usr/share/doc/adduser/examples/deluser.conf", "/usr/share/man/da/man5/deluser.conf.5.gz", "/usr/share/man/de/man5/adduser.conf.5.gz", "/usr/share/man/de/man5/deluser.conf.5.gz", "/usr/share/man/de/man8/adduser.8.gz", "/usr/share/man/de/man8/adduser.local.8.gz", "/usr/share/man/de/man8/deluser.8.gz", "/usr/share/man/es/man5/deluser.conf.5.gz", "/usr/share/man/fr/man5/adduser.conf.5.gz", "/usr/share/man/fr/man5/deluser.conf.5.gz", "/usr/share/man/fr/man8/adduser.8.gz", "/usr/share/man/fr/man8/deluser.8.gz", "/usr/share/man/it/man5/deluser.conf.5.gz", "/usr/share/man/man5/adduser.conf.5.gz", "/usr/share/man/man5/deluser.conf.5.gz", "/usr/share/man/man8/adduser.8.gz", "/usr/share/man/man8/adduser.local.8.gz", "/usr/share/man/man8/deluser.8.gz", "/usr/share/man/nl/man5/adduser.conf.5.gz", "/usr/share/man/nl/man5/deluser.conf.5.gz", "/usr/share/man/nl/man8/adduser.8.gz", "/usr/share/man/nl/man8/adduser.local.8.gz", "/usr/share/man/nl/man8/deluser.8.gz", "/usr/share/man/pl/man5/deluser.conf.5.gz", "/usr/share/man/pt/man5/adduser.conf.5.gz", "/usr/share/man/pt/man5/deluser.conf.5.gz", "/usr/share/man/pt/man8/adduser.8.gz", "/usr/share/man/pt/man8/adduser.local.8.gz", "/usr/share/man/pt/man8/deluser.8.gz", "/usr/share/man/ro/man5/adduser.conf.5.gz", "/usr/share/man/ro/man5/deluser.conf.5.gz", "/usr/share/man/ro/man8/adduser.8.gz", "/usr/share/man/ro/man8/adduser.local.8.gz", "/usr/share/man/ro/man8/deluser.8.gz", "/usr/share/man/ru/man5/deluser.conf.5.gz", "/usr/share/man/sv/man5/deluser.conf.5.gz", "/usr/share/perl5/Debian/AdduserCommon.pm", "/usr/share/perl5/Debian/AdduserLogging.pm", "/usr/share/perl5/Debian/AdduserRetvalues.pm" ], "AnalyzedBy": "dpkg" }, { "ID": "apt@3.0.3", "Name": "apt", "Identifier": { "PURL": "pkg:deb/debian/apt@3.0.3?arch=amd64\u0026distro=debian-13.5", "UID": "2e5d8c8032700559" }, "Version": "3.0.3", "Arch": "amd64", "SrcName": "apt", "SrcVersion": "3.0.3", "Licenses": [ "GPL-2.0-or-later", "curl", "BSD-3-Clause", "MIT", "GPL-2.0-only" ], "Maintainer": "APT Development Team \u003cdeity@lists.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "adduser@3.152", "base-passwd@3.6.7", "debian-archive-keyring@2025.1", "libapt-pkg7.0@3.0.3", "libc6@2.41-12+deb13u3", "libgcc-s1@14.2.0-19", "libseccomp2@2.6.0-2", "libssl3t64@3.5.6-1~deb13u1", "libstdc++6@14.2.0-19", "libsystemd0@257.13-1~deb13u1", "sqv@1.3.0-3+b2" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/apt", "/usr/bin/apt-cache", "/usr/bin/apt-cdrom", "/usr/bin/apt-config", "/usr/bin/apt-get", "/usr/bin/apt-mark", "/usr/lib/apt/apt-extracttemplates", "/usr/lib/apt/apt-helper", "/usr/lib/apt/apt.systemd.daily", "/usr/lib/apt/methods/cdrom", "/usr/lib/apt/methods/copy", "/usr/lib/apt/methods/file", "/usr/lib/apt/methods/gpgv", "/usr/lib/apt/methods/http", "/usr/lib/apt/methods/mirror", "/usr/lib/apt/methods/rred", "/usr/lib/apt/methods/sqv", "/usr/lib/apt/methods/store", "/usr/lib/apt/solvers/dump", "/usr/lib/dpkg/methods/apt/desc.apt", "/usr/lib/dpkg/methods/apt/install", "/usr/lib/dpkg/methods/apt/names", "/usr/lib/dpkg/methods/apt/setup", "/usr/lib/dpkg/methods/apt/update", "/usr/lib/systemd/system/apt-daily-upgrade.service", "/usr/lib/systemd/system/apt-daily-upgrade.timer", "/usr/lib/systemd/system/apt-daily.service", "/usr/lib/systemd/system/apt-daily.timer", "/usr/lib/x86_64-linux-gnu/libapt-private.so.0.0.0", "/usr/share/apt/default-sequoia.config", "/usr/share/bash-completion/completions/apt", "/usr/share/bug/apt/script", "/usr/share/doc/apt/NEWS.Debian.gz", "/usr/share/doc/apt/README.md.gz", "/usr/share/doc/apt/changelog.gz", "/usr/share/doc/apt/copyright", "/usr/share/doc/apt/examples/apt.conf", "/usr/share/doc/apt/examples/configure-index", "/usr/share/doc/apt/examples/debian.sources", "/usr/share/doc/apt/examples/preferences", "/usr/share/lintian/overrides/apt", "/usr/share/locale/ar/LC_MESSAGES/apt.mo", "/usr/share/locale/ast/LC_MESSAGES/apt.mo", "/usr/share/locale/bg/LC_MESSAGES/apt.mo", "/usr/share/locale/bs/LC_MESSAGES/apt.mo", "/usr/share/locale/ca/LC_MESSAGES/apt.mo", "/usr/share/locale/cs/LC_MESSAGES/apt.mo", "/usr/share/locale/cy/LC_MESSAGES/apt.mo", "/usr/share/locale/da/LC_MESSAGES/apt.mo", "/usr/share/locale/de/LC_MESSAGES/apt.mo", "/usr/share/locale/dz/LC_MESSAGES/apt.mo", "/usr/share/locale/el/LC_MESSAGES/apt.mo", "/usr/share/locale/es/LC_MESSAGES/apt.mo", "/usr/share/locale/eu/LC_MESSAGES/apt.mo", "/usr/share/locale/fi/LC_MESSAGES/apt.mo", "/usr/share/locale/fr/LC_MESSAGES/apt.mo", "/usr/share/locale/gl/LC_MESSAGES/apt.mo", "/usr/share/locale/hu/LC_MESSAGES/apt.mo", "/usr/share/locale/it/LC_MESSAGES/apt.mo", "/usr/share/locale/ja/LC_MESSAGES/apt.mo", "/usr/share/locale/km/LC_MESSAGES/apt.mo", "/usr/share/locale/ko/LC_MESSAGES/apt.mo", "/usr/share/locale/ku/LC_MESSAGES/apt.mo", "/usr/share/locale/lt/LC_MESSAGES/apt.mo", "/usr/share/locale/mr/LC_MESSAGES/apt.mo", "/usr/share/locale/nb/LC_MESSAGES/apt.mo", "/usr/share/locale/ne/LC_MESSAGES/apt.mo", "/usr/share/locale/nl/LC_MESSAGES/apt.mo", "/usr/share/locale/nn/LC_MESSAGES/apt.mo", "/usr/share/locale/pl/LC_MESSAGES/apt.mo", "/usr/share/locale/pt/LC_MESSAGES/apt.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/apt.mo", "/usr/share/locale/ro/LC_MESSAGES/apt.mo", "/usr/share/locale/ru/LC_MESSAGES/apt.mo", "/usr/share/locale/sk/LC_MESSAGES/apt.mo", "/usr/share/locale/sl/LC_MESSAGES/apt.mo", "/usr/share/locale/sv/LC_MESSAGES/apt.mo", "/usr/share/locale/th/LC_MESSAGES/apt.mo", "/usr/share/locale/tl/LC_MESSAGES/apt.mo", "/usr/share/locale/tr/LC_MESSAGES/apt.mo", "/usr/share/locale/uk/LC_MESSAGES/apt.mo", "/usr/share/locale/vi/LC_MESSAGES/apt.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/apt.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/apt.mo", "/usr/share/man/de/man1/apt-transport-http.1.gz", "/usr/share/man/de/man1/apt-transport-https.1.gz", "/usr/share/man/de/man1/apt-transport-mirror.1.gz", "/usr/share/man/de/man5/apt.conf.5.gz", "/usr/share/man/de/man5/apt_auth.conf.5.gz", "/usr/share/man/de/man5/apt_preferences.5.gz", "/usr/share/man/de/man5/sources.list.5.gz", "/usr/share/man/de/man7/apt-patterns.7.gz", "/usr/share/man/de/man8/apt-cache.8.gz", "/usr/share/man/de/man8/apt-cdrom.8.gz", "/usr/share/man/de/man8/apt-config.8.gz", "/usr/share/man/de/man8/apt-get.8.gz", "/usr/share/man/de/man8/apt-mark.8.gz", "/usr/share/man/de/man8/apt-secure.8.gz", "/usr/share/man/de/man8/apt.8.gz", "/usr/share/man/es/man5/apt_preferences.5.gz", "/usr/share/man/es/man8/apt-cache.8.gz", "/usr/share/man/es/man8/apt-cdrom.8.gz", "/usr/share/man/es/man8/apt-config.8.gz", "/usr/share/man/fr/man1/apt-transport-http.1.gz", "/usr/share/man/fr/man1/apt-transport-https.1.gz", "/usr/share/man/fr/man1/apt-transport-mirror.1.gz", "/usr/share/man/fr/man5/apt.conf.5.gz", "/usr/share/man/fr/man5/apt_auth.conf.5.gz", "/usr/share/man/fr/man5/apt_preferences.5.gz", "/usr/share/man/fr/man5/sources.list.5.gz", "/usr/share/man/fr/man7/apt-patterns.7.gz", "/usr/share/man/fr/man8/apt-cache.8.gz", "/usr/share/man/fr/man8/apt-cdrom.8.gz", "/usr/share/man/fr/man8/apt-config.8.gz", "/usr/share/man/fr/man8/apt-get.8.gz", "/usr/share/man/fr/man8/apt-mark.8.gz", "/usr/share/man/fr/man8/apt-secure.8.gz", "/usr/share/man/fr/man8/apt.8.gz", "/usr/share/man/it/man5/apt.conf.5.gz", "/usr/share/man/it/man5/apt_preferences.5.gz", "/usr/share/man/it/man8/apt-cache.8.gz", "/usr/share/man/it/man8/apt-cdrom.8.gz", "/usr/share/man/it/man8/apt-config.8.gz", "/usr/share/man/it/man8/apt-mark.8.gz", "/usr/share/man/it/man8/apt.8.gz", "/usr/share/man/ja/man5/apt.conf.5.gz", "/usr/share/man/ja/man5/apt_preferences.5.gz", "/usr/share/man/ja/man8/apt-cache.8.gz", "/usr/share/man/ja/man8/apt-cdrom.8.gz", "/usr/share/man/ja/man8/apt-config.8.gz", "/usr/share/man/ja/man8/apt-mark.8.gz", "/usr/share/man/ja/man8/apt.8.gz", "/usr/share/man/man1/apt-transport-http.1.gz", "/usr/share/man/man1/apt-transport-https.1.gz", "/usr/share/man/man1/apt-transport-mirror.1.gz", "/usr/share/man/man5/apt.conf.5.gz", "/usr/share/man/man5/apt_auth.conf.5.gz", "/usr/share/man/man5/apt_preferences.5.gz", "/usr/share/man/man5/sources.list.5.gz", "/usr/share/man/man7/apt-patterns.7.gz", "/usr/share/man/man8/apt-cache.8.gz", "/usr/share/man/man8/apt-cdrom.8.gz", "/usr/share/man/man8/apt-config.8.gz", "/usr/share/man/man8/apt-get.8.gz", "/usr/share/man/man8/apt-mark.8.gz", "/usr/share/man/man8/apt-secure.8.gz", "/usr/share/man/man8/apt.8.gz", "/usr/share/man/nl/man1/apt-transport-http.1.gz", "/usr/share/man/nl/man1/apt-transport-https.1.gz", "/usr/share/man/nl/man1/apt-transport-mirror.1.gz", "/usr/share/man/nl/man5/apt.conf.5.gz", "/usr/share/man/nl/man5/apt_auth.conf.5.gz", "/usr/share/man/nl/man5/apt_preferences.5.gz", "/usr/share/man/nl/man5/sources.list.5.gz", "/usr/share/man/nl/man7/apt-patterns.7.gz", "/usr/share/man/nl/man8/apt-cache.8.gz", "/usr/share/man/nl/man8/apt-cdrom.8.gz", "/usr/share/man/nl/man8/apt-config.8.gz", "/usr/share/man/nl/man8/apt-get.8.gz", "/usr/share/man/nl/man8/apt-mark.8.gz", "/usr/share/man/nl/man8/apt-secure.8.gz", "/usr/share/man/nl/man8/apt.8.gz", "/usr/share/man/pl/man5/apt_preferences.5.gz", "/usr/share/man/pl/man8/apt-cache.8.gz", "/usr/share/man/pl/man8/apt-cdrom.8.gz", "/usr/share/man/pl/man8/apt-config.8.gz", "/usr/share/man/pt/man1/apt-transport-http.1.gz", "/usr/share/man/pt/man1/apt-transport-https.1.gz", "/usr/share/man/pt/man1/apt-transport-mirror.1.gz", "/usr/share/man/pt/man5/apt.conf.5.gz", "/usr/share/man/pt/man5/apt_auth.conf.5.gz", "/usr/share/man/pt/man5/apt_preferences.5.gz", "/usr/share/man/pt/man5/sources.list.5.gz", "/usr/share/man/pt/man7/apt-patterns.7.gz", "/usr/share/man/pt/man8/apt-cache.8.gz", "/usr/share/man/pt/man8/apt-cdrom.8.gz", "/usr/share/man/pt/man8/apt-config.8.gz", "/usr/share/man/pt/man8/apt-get.8.gz", "/usr/share/man/pt/man8/apt-mark.8.gz", "/usr/share/man/pt/man8/apt-secure.8.gz", "/usr/share/man/pt/man8/apt.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "base-files@13.8+deb13u5", "Name": "base-files", "Identifier": { "PURL": "pkg:deb/debian/base-files@13.8%2Bdeb13u5?arch=amd64\u0026distro=debian-13.5", "UID": "6b13e330b45e6f4f" }, "Version": "13.8+deb13u5", "Arch": "amd64", "SrcName": "base-files", "SrcVersion": "13.8+deb13u5", "Licenses": [ "GPL-2.0-or-later", "verbatim" ], "Maintainer": "Santiago Vila \u003csanvila@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/os-release", "/usr/share/base-files/dot.bashrc", "/usr/share/base-files/dot.profile", "/usr/share/base-files/dot.profile.md5sums", "/usr/share/base-files/info.dir", "/usr/share/base-files/motd", "/usr/share/base-files/profile", "/usr/share/base-files/profile.md5sums", "/usr/share/base-files/staff-group-for-usr-local", "/usr/share/common-licenses/Apache-2.0", "/usr/share/common-licenses/Artistic", "/usr/share/common-licenses/BSD", "/usr/share/common-licenses/CC0-1.0", "/usr/share/common-licenses/GFDL-1.2", "/usr/share/common-licenses/GFDL-1.3", "/usr/share/common-licenses/GPL-1", "/usr/share/common-licenses/GPL-2", "/usr/share/common-licenses/GPL-3", "/usr/share/common-licenses/LGPL-2", "/usr/share/common-licenses/LGPL-2.1", "/usr/share/common-licenses/LGPL-3", "/usr/share/common-licenses/MPL-1.1", "/usr/share/common-licenses/MPL-2.0", "/usr/share/doc/base-files/NEWS.Debian.gz", "/usr/share/doc/base-files/README", "/usr/share/doc/base-files/README.FHS", "/usr/share/doc/base-files/changelog.gz", "/usr/share/doc/base-files/copyright", "/usr/share/lintian/overrides/base-files" ], "AnalyzedBy": "dpkg" }, { "ID": "base-passwd@3.6.7", "Name": "base-passwd", "Identifier": { "PURL": "pkg:deb/debian/base-passwd@3.6.7?arch=amd64\u0026distro=debian-13.5", "UID": "f77779fa356eca05" }, "Version": "3.6.7", "Arch": "amd64", "SrcName": "base-passwd", "SrcVersion": "3.6.7", "Licenses": [ "GPL-2.0-only", "public-domain" ], "Maintainer": "Shadow package maintainers \u003cpkg-shadow-devel@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libdebconfclient0@0.280", "libselinux1@3.8.1-1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/sbin/update-passwd", "/usr/share/base-passwd/group.master", "/usr/share/base-passwd/passwd.master", "/usr/share/doc-base/base-passwd.users-and-groups", "/usr/share/doc/base-passwd/README", "/usr/share/doc/base-passwd/changelog.gz", "/usr/share/doc/base-passwd/copyright", "/usr/share/doc/base-passwd/users-and-groups.html", "/usr/share/doc/base-passwd/users-and-groups.txt.gz", "/usr/share/lintian/overrides/base-passwd", "/usr/share/man/de/man8/update-passwd.8.gz", "/usr/share/man/es/man8/update-passwd.8.gz", "/usr/share/man/fr/man8/update-passwd.8.gz", "/usr/share/man/ja/man8/update-passwd.8.gz", "/usr/share/man/man8/update-passwd.8.gz", "/usr/share/man/pl/man8/update-passwd.8.gz", "/usr/share/man/ro/man8/update-passwd.8.gz", "/usr/share/man/ru/man8/update-passwd.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "bash@5.2.37-2+b9", "Name": "bash", "Identifier": { "PURL": "pkg:deb/debian/bash@5.2.37-2%2Bb9?arch=amd64\u0026distro=debian-13.5", "UID": "f36f9b3693158651" }, "Version": "5.2.37", "Release": "2+b9", "Arch": "amd64", "SrcName": "bash", "SrcVersion": "5.2.37", "SrcRelease": "2", "Licenses": [ "GPL-3.0-or-later", "GPL-3.0-only", "GPL-3+ with Bison exception", "GPL-2.0-or-later", "GPL-2.0-only", "GFDL-1.3-no-invariants-only", "GFDL-1.3-only", "Latex2e", "BSD-4-Clause-UC", "MIT", "permissive" ], "Maintainer": "Matthias Klose \u003cdoko@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "base-files@13.8+deb13u5", "debianutils@5.23.2" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/bash", "/usr/bin/bashbug", "/usr/bin/clear_console", "/usr/share/debianutils/shells.d/bash", "/usr/share/doc/bash/CHANGES.gz", "/usr/share/doc/bash/COMPAT.gz", "/usr/share/doc/bash/INTRO.gz", "/usr/share/doc/bash/NEWS.gz", "/usr/share/doc/bash/POSIX.gz", "/usr/share/doc/bash/RBASH", "/usr/share/doc/bash/README.Debian.gz", "/usr/share/doc/bash/README.abs-guide", "/usr/share/doc/bash/README.commands.gz", "/usr/share/doc/bash/README.gz", "/usr/share/doc/bash/changelog.Debian.amd64.gz", "/usr/share/doc/bash/changelog.Debian.gz", "/usr/share/doc/bash/changelog.gz", "/usr/share/doc/bash/copyright", "/usr/share/doc/bash/inputrc.arrows", "/usr/share/lintian/overrides/bash", "/usr/share/locale/af/LC_MESSAGES/bash.mo", "/usr/share/locale/bg/LC_MESSAGES/bash.mo", "/usr/share/locale/ca/LC_MESSAGES/bash.mo", "/usr/share/locale/cs/LC_MESSAGES/bash.mo", "/usr/share/locale/da/LC_MESSAGES/bash.mo", "/usr/share/locale/de/LC_MESSAGES/bash.mo", "/usr/share/locale/el/LC_MESSAGES/bash.mo", "/usr/share/locale/en@boldquot/LC_MESSAGES/bash.mo", "/usr/share/locale/en@quot/LC_MESSAGES/bash.mo", "/usr/share/locale/eo/LC_MESSAGES/bash.mo", "/usr/share/locale/es/LC_MESSAGES/bash.mo", "/usr/share/locale/et/LC_MESSAGES/bash.mo", "/usr/share/locale/fi/LC_MESSAGES/bash.mo", "/usr/share/locale/fr/LC_MESSAGES/bash.mo", "/usr/share/locale/ga/LC_MESSAGES/bash.mo", "/usr/share/locale/gl/LC_MESSAGES/bash.mo", "/usr/share/locale/hr/LC_MESSAGES/bash.mo", "/usr/share/locale/hu/LC_MESSAGES/bash.mo", "/usr/share/locale/id/LC_MESSAGES/bash.mo", "/usr/share/locale/it/LC_MESSAGES/bash.mo", "/usr/share/locale/ja/LC_MESSAGES/bash.mo", "/usr/share/locale/ko/LC_MESSAGES/bash.mo", "/usr/share/locale/lt/LC_MESSAGES/bash.mo", "/usr/share/locale/nb/LC_MESSAGES/bash.mo", "/usr/share/locale/nl/LC_MESSAGES/bash.mo", "/usr/share/locale/pl/LC_MESSAGES/bash.mo", "/usr/share/locale/pt/LC_MESSAGES/bash.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/bash.mo", "/usr/share/locale/ro/LC_MESSAGES/bash.mo", "/usr/share/locale/ru/LC_MESSAGES/bash.mo", "/usr/share/locale/sk/LC_MESSAGES/bash.mo", "/usr/share/locale/sl/LC_MESSAGES/bash.mo", "/usr/share/locale/sr/LC_MESSAGES/bash.mo", "/usr/share/locale/sv/LC_MESSAGES/bash.mo", "/usr/share/locale/tr/LC_MESSAGES/bash.mo", "/usr/share/locale/uk/LC_MESSAGES/bash.mo", "/usr/share/locale/vi/LC_MESSAGES/bash.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/bash.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/bash.mo", "/usr/share/man/man1/bash.1.gz", "/usr/share/man/man1/bashbug.1.gz", "/usr/share/man/man1/clear_console.1.gz", "/usr/share/man/man1/rbash.1.gz", "/usr/share/man/man7/bash-builtins.7.gz", "/usr/share/menu/bash" ], "AnalyzedBy": "dpkg" }, { "ID": "bsdutils@1:2.41-5", "Name": "bsdutils", "Identifier": { "PURL": "pkg:deb/debian/bsdutils@2.41-5?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "5843733a461e6ce1" }, "Version": "2.41", "Release": "5", "Epoch": 1, "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/logger", "/usr/bin/renice", "/usr/bin/script", "/usr/bin/scriptlive", "/usr/bin/scriptreplay", "/usr/bin/wall", "/usr/share/bash-completion/completions/logger", "/usr/share/bash-completion/completions/renice", "/usr/share/bash-completion/completions/script", "/usr/share/bash-completion/completions/scriptlive", "/usr/share/bash-completion/completions/scriptreplay", "/usr/share/bash-completion/completions/wall", "/usr/share/doc/bsdutils/NEWS.Debian.gz", "/usr/share/doc/bsdutils/changelog.Debian.gz", "/usr/share/doc/bsdutils/changelog.gz", "/usr/share/doc/bsdutils/copyright", "/usr/share/lintian/overrides/bsdutils", "/usr/share/man/man1/logger.1.gz", "/usr/share/man/man1/renice.1.gz", "/usr/share/man/man1/script.1.gz", "/usr/share/man/man1/scriptlive.1.gz", "/usr/share/man/man1/scriptreplay.1.gz", "/usr/share/man/man1/wall.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "ca-certificates@20250419", "Name": "ca-certificates", "Identifier": { "PURL": "pkg:deb/debian/ca-certificates@20250419?arch=all\u0026distro=debian-13.5", "UID": "2c691dbd8cebdf2a" }, "Version": "20250419", "Arch": "all", "SrcName": "ca-certificates", "SrcVersion": "20250419", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "MPL-2.0" ], "Maintainer": "Julien Cristau \u003cjcristau@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debconf@1.5.91", "openssl@3.5.6-1~deb13u1" ], "Layer": { "Digest": "sha256:8649771fee179d7c2590c94f533aaa5fceb70e36e25dec83672fe836d99577c5", "DiffID": "sha256:98df1ca0e575d9026c1abd12994fad3c14effa4558d50b6961fd586930956b26" }, "InstalledFiles": [ "/usr/sbin/update-ca-certificates", "/usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt", "/usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt", "/usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt", "/usr/share/ca-certificates/mozilla/ANF_Secure_Server_Root_CA.crt", "/usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt", "/usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt", "/usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt", "/usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt", "/usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt", "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt", "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt", "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt", "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt", "/usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt", "/usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.crt", "/usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.crt", "/usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt", "/usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA1.crt", "/usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA2.crt", "/usr/share/ca-certificates/mozilla/Baltimore_CyberTrust_Root.crt", "/usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt", "/usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt", "/usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt", "/usr/share/ca-certificates/mozilla/CFCA_EV_ROOT.crt", "/usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/Certainly_Root_E1.crt", "/usr/share/ca-certificates/mozilla/Certainly_Root_R1.crt", "/usr/share/ca-certificates/mozilla/Certigna.crt", "/usr/share/ca-certificates/mozilla/Certigna_Root_CA.crt", "/usr/share/ca-certificates/mozilla/Certum_EC-384_CA.crt", "/usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt", "/usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt", "/usr/share/ca-certificates/mozilla/Certum_Trusted_Root_CA.crt", "/usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-01.crt", "/usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-02.crt", "/usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-01.crt", "/usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-02.crt", "/usr/share/ca-certificates/mozilla/Comodo_AAA_Services_root.crt", "/usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_1_2020.crt", "/usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_2_2023.crt", "/usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_1_2020.crt", "/usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_2_2023.crt", "/usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt", "/usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt", "/usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt", "/usr/share/ca-certificates/mozilla/DigiCert_TLS_ECC_P384_Root_G5.crt", "/usr/share/ca-certificates/mozilla/DigiCert_TLS_RSA4096_Root_G5.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt", "/usr/share/ca-certificates/mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt", "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt", "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt", "/usr/share/ca-certificates/mozilla/FIRMAPROFESIONAL_CA_ROOT-A_WEB.crt", "/usr/share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt", "/usr/share/ca-certificates/mozilla/GLOBALTRUST_2020.crt", "/usr/share/ca-certificates/mozilla/GTS_Root_R1.crt", "/usr/share/ca-certificates/mozilla/GTS_Root_R2.crt", "/usr/share/ca-certificates/mozilla/GTS_Root_R3.crt", "/usr/share/ca-certificates/mozilla/GTS_Root_R4.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_Root_E46.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_Root_R46.crt", "/usr/share/ca-certificates/mozilla/Go_Daddy_Class_2_CA.crt", "/usr/share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt", "/usr/share/ca-certificates/mozilla/HARICA_TLS_ECC_Root_CA_2021.crt", "/usr/share/ca-certificates/mozilla/HARICA_TLS_RSA_Root_CA_2021.crt", "/usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt", "/usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt", "/usr/share/ca-certificates/mozilla/HiPKI_Root_CA_-_G1.crt", "/usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt", "/usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt", "/usr/share/ca-certificates/mozilla/ISRG_Root_X2.crt", "/usr/share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt", "/usr/share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt", "/usr/share/ca-certificates/mozilla/Izenpe.com.crt", "/usr/share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt", "/usr/share/ca-certificates/mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt", "/usr/share/ca-certificates/mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt", "/usr/share/ca-certificates/mozilla/NAVER_Global_Root_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt", "/usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt", "/usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt", "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt", "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt", "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt", "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt", "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt", "/usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt", "/usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt", "/usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt", "/usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt", "/usr/share/ca-certificates/mozilla/SSL.com_TLS_ECC_Root_CA_2022.crt", "/usr/share/ca-certificates/mozilla/SSL.com_TLS_RSA_Root_CA_2022.crt", "/usr/share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt", "/usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_E46.crt", "/usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_R46.crt", "/usr/share/ca-certificates/mozilla/SecureSign_Root_CA12.crt", "/usr/share/ca-certificates/mozilla/SecureSign_Root_CA14.crt", "/usr/share/ca-certificates/mozilla/SecureSign_Root_CA15.crt", "/usr/share/ca-certificates/mozilla/SecureTrust_CA.crt", "/usr/share/ca-certificates/mozilla/Secure_Global_CA.crt", "/usr/share/ca-certificates/mozilla/Security_Communication_ECC_RootCA1.crt", "/usr/share/ca-certificates/mozilla/Security_Communication_RootCA2.crt", "/usr/share/ca-certificates/mozilla/Starfield_Class_2_CA.crt", "/usr/share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt", "/usr/share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt", "/usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt", "/usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt", "/usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt", "/usr/share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt", "/usr/share/ca-certificates/mozilla/TWCA_CYBER_Root_CA.crt", "/usr/share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt", "/usr/share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/Telekom_Security_TLS_ECC_Root_2020.crt", "/usr/share/ca-certificates/mozilla/Telekom_Security_TLS_RSA_Root_2023.crt", "/usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt", "/usr/share/ca-certificates/mozilla/Telia_Root_CA_v2.crt", "/usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G3.crt", "/usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G4.crt", "/usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/TunTrust_Root_CA.crt", "/usr/share/ca-certificates/mozilla/UCA_Extended_Validation_Root.crt", "/usr/share/ca-certificates/mozilla/UCA_Global_G2_Root.crt", "/usr/share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/XRamp_Global_CA_Root.crt", "/usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt", "/usr/share/ca-certificates/mozilla/certSIGN_Root_CA_G2.crt", "/usr/share/ca-certificates/mozilla/e-Szigno_Root_CA_2017.crt", "/usr/share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_C3.crt", "/usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_G3.crt", "/usr/share/ca-certificates/mozilla/emSign_Root_CA_-_C1.crt", "/usr/share/ca-certificates/mozilla/emSign_Root_CA_-_G1.crt", "/usr/share/ca-certificates/mozilla/vTrus_ECC_Root_CA.crt", "/usr/share/ca-certificates/mozilla/vTrus_Root_CA.crt", "/usr/share/doc/ca-certificates/README.Debian", "/usr/share/doc/ca-certificates/changelog.gz", "/usr/share/doc/ca-certificates/copyright", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/Makefile", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/README", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/ca-certificates-local.triggers", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/changelog", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/compat", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/control", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/copyright", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/postrm", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/rules", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/source/format", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/local/Local_Root_CA.crt", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/local/Makefile", "/usr/share/man/man8/update-ca-certificates.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "coreutils@9.7-3", "Name": "coreutils", "Identifier": { "PURL": "pkg:deb/debian/coreutils@9.7-3?arch=amd64\u0026distro=debian-13.5", "UID": "cb4a55f50bda2393" }, "Version": "9.7", "Release": "3", "Arch": "amd64", "SrcName": "coreutils", "SrcVersion": "9.7", "SrcRelease": "3", "Licenses": [ "GPL-3.0-or-later", "BSD-4-Clause-UC", "GPL-3.0-only", "ISC", "FSFULLR", "GFDL-1.3-no-invariants-only", "GFDL-1.3-only" ], "Maintainer": "Michael Stone \u003cmstone@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/[", "/usr/bin/arch", "/usr/bin/b2sum", "/usr/bin/base32", "/usr/bin/base64", "/usr/bin/basename", "/usr/bin/basenc", "/usr/bin/cat", "/usr/bin/chcon", "/usr/bin/chgrp", "/usr/bin/chmod", "/usr/bin/chown", "/usr/bin/cksum", "/usr/bin/comm", "/usr/bin/cp", "/usr/bin/csplit", "/usr/bin/cut", "/usr/bin/date", "/usr/bin/dd", "/usr/bin/df", "/usr/bin/dir", "/usr/bin/dircolors", "/usr/bin/dirname", "/usr/bin/du", "/usr/bin/echo", "/usr/bin/env", "/usr/bin/expand", "/usr/bin/expr", "/usr/bin/factor", "/usr/bin/false", "/usr/bin/fmt", "/usr/bin/fold", "/usr/bin/groups", "/usr/bin/head", "/usr/bin/hostid", "/usr/bin/id", "/usr/bin/install", "/usr/bin/join", "/usr/bin/link", "/usr/bin/ln", "/usr/bin/logname", "/usr/bin/ls", "/usr/bin/md5sum", "/usr/bin/mkdir", "/usr/bin/mkfifo", "/usr/bin/mknod", "/usr/bin/mktemp", "/usr/bin/mv", "/usr/bin/nice", "/usr/bin/nl", "/usr/bin/nohup", "/usr/bin/nproc", "/usr/bin/numfmt", "/usr/bin/od", "/usr/bin/paste", "/usr/bin/pathchk", "/usr/bin/pinky", "/usr/bin/pr", "/usr/bin/printenv", "/usr/bin/printf", "/usr/bin/ptx", "/usr/bin/pwd", "/usr/bin/readlink", "/usr/bin/realpath", "/usr/bin/rm", "/usr/bin/rmdir", "/usr/bin/runcon", "/usr/bin/seq", "/usr/bin/sha1sum", "/usr/bin/sha224sum", "/usr/bin/sha256sum", "/usr/bin/sha384sum", "/usr/bin/sha512sum", "/usr/bin/shred", "/usr/bin/shuf", "/usr/bin/sleep", "/usr/bin/sort", "/usr/bin/split", "/usr/bin/stat", "/usr/bin/stdbuf", "/usr/bin/stty", "/usr/bin/sum", "/usr/bin/sync", "/usr/bin/tac", "/usr/bin/tail", "/usr/bin/tee", "/usr/bin/test", "/usr/bin/timeout", "/usr/bin/touch", "/usr/bin/tr", "/usr/bin/true", "/usr/bin/truncate", "/usr/bin/tsort", "/usr/bin/tty", "/usr/bin/uname", "/usr/bin/unexpand", "/usr/bin/uniq", "/usr/bin/unlink", "/usr/bin/users", "/usr/bin/vdir", "/usr/bin/wc", "/usr/bin/who", "/usr/bin/whoami", "/usr/bin/yes", "/usr/libexec/coreutils/libstdbuf.so", "/usr/sbin/chroot", "/usr/share/doc/coreutils/AUTHORS", "/usr/share/doc/coreutils/NEWS.gz", "/usr/share/doc/coreutils/README.Debian", "/usr/share/doc/coreutils/README.gz", "/usr/share/doc/coreutils/THANKS.gz", "/usr/share/doc/coreutils/TODO.gz", "/usr/share/doc/coreutils/changelog.Debian.gz", "/usr/share/doc/coreutils/changelog.gz", "/usr/share/doc/coreutils/copyright", "/usr/share/info/coreutils.info.gz", "/usr/share/lintian/overrides/coreutils", "/usr/share/locale/af/LC_MESSAGES/coreutils.mo", "/usr/share/locale/be/LC_MESSAGES/coreutils.mo", "/usr/share/locale/bg/LC_MESSAGES/coreutils.mo", "/usr/share/locale/ca/LC_MESSAGES/coreutils.mo", "/usr/share/locale/cs/LC_MESSAGES/coreutils.mo", "/usr/share/locale/da/LC_MESSAGES/coreutils.mo", "/usr/share/locale/de/LC_MESSAGES/coreutils.mo", "/usr/share/locale/el/LC_MESSAGES/coreutils.mo", "/usr/share/locale/eo/LC_MESSAGES/coreutils.mo", "/usr/share/locale/es/LC_MESSAGES/coreutils.mo", "/usr/share/locale/et/LC_MESSAGES/coreutils.mo", "/usr/share/locale/eu/LC_MESSAGES/coreutils.mo", "/usr/share/locale/fi/LC_MESSAGES/coreutils.mo", "/usr/share/locale/fr/LC_MESSAGES/coreutils.mo", "/usr/share/locale/ga/LC_MESSAGES/coreutils.mo", "/usr/share/locale/gl/LC_MESSAGES/coreutils.mo", "/usr/share/locale/hr/LC_MESSAGES/coreutils.mo", "/usr/share/locale/hu/LC_MESSAGES/coreutils.mo", "/usr/share/locale/ia/LC_MESSAGES/coreutils.mo", "/usr/share/locale/id/LC_MESSAGES/coreutils.mo", "/usr/share/locale/it/LC_MESSAGES/coreutils.mo", "/usr/share/locale/ja/LC_MESSAGES/coreutils.mo", "/usr/share/locale/ka/LC_MESSAGES/coreutils.mo", "/usr/share/locale/kk/LC_MESSAGES/coreutils.mo", "/usr/share/locale/ko/LC_MESSAGES/coreutils.mo", "/usr/share/locale/lg/LC_MESSAGES/coreutils.mo", "/usr/share/locale/lt/LC_MESSAGES/coreutils.mo", "/usr/share/locale/ms/LC_MESSAGES/coreutils.mo", "/usr/share/locale/nb/LC_MESSAGES/coreutils.mo", "/usr/share/locale/nl/LC_MESSAGES/coreutils.mo", "/usr/share/locale/pl/LC_MESSAGES/coreutils.mo", "/usr/share/locale/pt/LC_MESSAGES/coreutils.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/coreutils.mo", "/usr/share/locale/ro/LC_MESSAGES/coreutils.mo", "/usr/share/locale/ru/LC_MESSAGES/coreutils.mo", "/usr/share/locale/sk/LC_MESSAGES/coreutils.mo", "/usr/share/locale/sl/LC_MESSAGES/coreutils.mo", "/usr/share/locale/sr/LC_MESSAGES/coreutils.mo", "/usr/share/locale/sv/LC_MESSAGES/coreutils.mo", "/usr/share/locale/ta/LC_MESSAGES/coreutils.mo", "/usr/share/locale/tr/LC_MESSAGES/coreutils.mo", "/usr/share/locale/uk/LC_MESSAGES/coreutils.mo", "/usr/share/locale/vi/LC_MESSAGES/coreutils.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/coreutils.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/coreutils.mo", "/usr/share/man/man1/arch.1.gz", "/usr/share/man/man1/b2sum.1.gz", "/usr/share/man/man1/base32.1.gz", "/usr/share/man/man1/base64.1.gz", "/usr/share/man/man1/basename.1.gz", "/usr/share/man/man1/basenc.1.gz", "/usr/share/man/man1/cat.1.gz", "/usr/share/man/man1/chcon.1.gz", "/usr/share/man/man1/chgrp.1.gz", "/usr/share/man/man1/chmod.1.gz", "/usr/share/man/man1/chown.1.gz", "/usr/share/man/man1/cksum.1.gz", "/usr/share/man/man1/comm.1.gz", "/usr/share/man/man1/cp.1.gz", "/usr/share/man/man1/csplit.1.gz", "/usr/share/man/man1/cut.1.gz", "/usr/share/man/man1/date.1.gz", "/usr/share/man/man1/dd.1.gz", "/usr/share/man/man1/df.1.gz", "/usr/share/man/man1/dir.1.gz", "/usr/share/man/man1/dircolors.1.gz", "/usr/share/man/man1/dirname.1.gz", "/usr/share/man/man1/du.1.gz", "/usr/share/man/man1/echo.1.gz", "/usr/share/man/man1/env.1.gz", "/usr/share/man/man1/expand.1.gz", "/usr/share/man/man1/expr.1.gz", "/usr/share/man/man1/factor.1.gz", "/usr/share/man/man1/false.1.gz", "/usr/share/man/man1/fmt.1.gz", "/usr/share/man/man1/fold.1.gz", "/usr/share/man/man1/groups.1.gz", "/usr/share/man/man1/head.1.gz", "/usr/share/man/man1/hostid.1.gz", "/usr/share/man/man1/id.1.gz", "/usr/share/man/man1/install.1.gz", "/usr/share/man/man1/join.1.gz", "/usr/share/man/man1/link.1.gz", "/usr/share/man/man1/ln.1.gz", "/usr/share/man/man1/logname.1.gz", "/usr/share/man/man1/ls.1.gz", "/usr/share/man/man1/md5sum.1.gz", "/usr/share/man/man1/mkdir.1.gz", "/usr/share/man/man1/mkfifo.1.gz", "/usr/share/man/man1/mknod.1.gz", "/usr/share/man/man1/mktemp.1.gz", "/usr/share/man/man1/mv.1.gz", "/usr/share/man/man1/nice.1.gz", "/usr/share/man/man1/nl.1.gz", "/usr/share/man/man1/nohup.1.gz", "/usr/share/man/man1/nproc.1.gz", "/usr/share/man/man1/numfmt.1.gz", "/usr/share/man/man1/od.1.gz", "/usr/share/man/man1/paste.1.gz", "/usr/share/man/man1/pathchk.1.gz", "/usr/share/man/man1/pinky.1.gz", "/usr/share/man/man1/pr.1.gz", "/usr/share/man/man1/printenv.1.gz", "/usr/share/man/man1/printf.1.gz", "/usr/share/man/man1/ptx.1.gz", "/usr/share/man/man1/pwd.1.gz", "/usr/share/man/man1/readlink.1.gz", "/usr/share/man/man1/realpath.1.gz", "/usr/share/man/man1/rm.1.gz", "/usr/share/man/man1/rmdir.1.gz", "/usr/share/man/man1/runcon.1.gz", "/usr/share/man/man1/seq.1.gz", "/usr/share/man/man1/sha1sum.1.gz", "/usr/share/man/man1/sha224sum.1.gz", "/usr/share/man/man1/sha256sum.1.gz", "/usr/share/man/man1/sha384sum.1.gz", "/usr/share/man/man1/sha512sum.1.gz", "/usr/share/man/man1/shred.1.gz", "/usr/share/man/man1/shuf.1.gz", "/usr/share/man/man1/sleep.1.gz", "/usr/share/man/man1/sort.1.gz", "/usr/share/man/man1/split.1.gz", "/usr/share/man/man1/stat.1.gz", "/usr/share/man/man1/stdbuf.1.gz", "/usr/share/man/man1/stty.1.gz", "/usr/share/man/man1/sum.1.gz", "/usr/share/man/man1/sync.1.gz", "/usr/share/man/man1/tac.1.gz", "/usr/share/man/man1/tail.1.gz", "/usr/share/man/man1/tee.1.gz", "/usr/share/man/man1/test.1.gz", "/usr/share/man/man1/timeout.1.gz", "/usr/share/man/man1/touch.1.gz", "/usr/share/man/man1/tr.1.gz", "/usr/share/man/man1/true.1.gz", "/usr/share/man/man1/truncate.1.gz", "/usr/share/man/man1/tsort.1.gz", "/usr/share/man/man1/tty.1.gz", "/usr/share/man/man1/uname.1.gz", "/usr/share/man/man1/unexpand.1.gz", "/usr/share/man/man1/uniq.1.gz", "/usr/share/man/man1/unlink.1.gz", "/usr/share/man/man1/users.1.gz", "/usr/share/man/man1/vdir.1.gz", "/usr/share/man/man1/wc.1.gz", "/usr/share/man/man1/who.1.gz", "/usr/share/man/man1/whoami.1.gz", "/usr/share/man/man1/yes.1.gz", "/usr/share/man/man8/chroot.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "dash@0.5.12-12", "Name": "dash", "Identifier": { "PURL": "pkg:deb/debian/dash@0.5.12-12?arch=amd64\u0026distro=debian-13.5", "UID": "4990b2098a2a3724" }, "Version": "0.5.12", "Release": "12", "Arch": "amd64", "SrcName": "dash", "SrcVersion": "0.5.12", "SrcRelease": "12", "Licenses": [ "BSD-3-Clause", "public-domain", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Andrej Shadura \u003candrewsh@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debianutils@5.23.2" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/dash", "/usr/share/debianutils/shells.d/dash", "/usr/share/doc/dash/README.Debian.diet", "/usr/share/doc/dash/README.source", "/usr/share/doc/dash/changelog.Debian.gz", "/usr/share/doc/dash/changelog.gz", "/usr/share/doc/dash/copyright", "/usr/share/lintian/overrides/dash", "/usr/share/man/man1/dash.1.gz", "/usr/share/menu/dash" ], "AnalyzedBy": "dpkg" }, { "ID": "debconf@1.5.91", "Name": "debconf", "Identifier": { "PURL": "pkg:deb/debian/debconf@1.5.91?arch=all\u0026distro=debian-13.5", "UID": "f7c8b7ba83ed5cfe" }, "Version": "1.5.91", "Arch": "all", "SrcName": "debconf", "SrcVersion": "1.5.91", "Licenses": [ "BSD-2-Clause" ], "Maintainer": "Debconf Developers \u003cdebconf-devel@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/debconf", "/usr/bin/debconf-apt-progress", "/usr/bin/debconf-communicate", "/usr/bin/debconf-copydb", "/usr/bin/debconf-escape", "/usr/bin/debconf-set-selections", "/usr/bin/debconf-show", "/usr/sbin/dpkg-preconfigure", "/usr/sbin/dpkg-reconfigure", "/usr/share/bash-completion/completions/debconf", "/usr/share/debconf/confmodule", "/usr/share/debconf/confmodule.sh", "/usr/share/debconf/debconf.conf", "/usr/share/debconf/fix_db.pl", "/usr/share/debconf/frontend", "/usr/share/doc/debconf/README.Debian", "/usr/share/doc/debconf/changelog.gz", "/usr/share/doc/debconf/copyright", "/usr/share/lintian/overrides/debconf", "/usr/share/man/man1/debconf-apt-progress.1.gz", "/usr/share/man/man1/debconf-communicate.1.gz", "/usr/share/man/man1/debconf-copydb.1.gz", "/usr/share/man/man1/debconf-escape.1.gz", "/usr/share/man/man1/debconf-set-selections.1.gz", "/usr/share/man/man1/debconf-show.1.gz", "/usr/share/man/man1/debconf.1.gz", "/usr/share/man/man8/dpkg-preconfigure.8.gz", "/usr/share/man/man8/dpkg-reconfigure.8.gz", "/usr/share/perl5/Debconf/AutoSelect.pm", "/usr/share/perl5/Debconf/Base.pm", "/usr/share/perl5/Debconf/Client/ConfModule.pm", "/usr/share/perl5/Debconf/ConfModule.pm", "/usr/share/perl5/Debconf/Config.pm", "/usr/share/perl5/Debconf/Db.pm", "/usr/share/perl5/Debconf/DbDriver.pm", "/usr/share/perl5/Debconf/DbDriver/Backup.pm", "/usr/share/perl5/Debconf/DbDriver/Cache.pm", "/usr/share/perl5/Debconf/DbDriver/Copy.pm", "/usr/share/perl5/Debconf/DbDriver/Debug.pm", "/usr/share/perl5/Debconf/DbDriver/DirTree.pm", "/usr/share/perl5/Debconf/DbDriver/Directory.pm", "/usr/share/perl5/Debconf/DbDriver/File.pm", "/usr/share/perl5/Debconf/DbDriver/LDAP.pm", "/usr/share/perl5/Debconf/DbDriver/PackageDir.pm", "/usr/share/perl5/Debconf/DbDriver/Pipe.pm", "/usr/share/perl5/Debconf/DbDriver/Stack.pm", "/usr/share/perl5/Debconf/Element.pm", "/usr/share/perl5/Debconf/Element/Dialog/Boolean.pm", "/usr/share/perl5/Debconf/Element/Dialog/Error.pm", "/usr/share/perl5/Debconf/Element/Dialog/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Dialog/Note.pm", "/usr/share/perl5/Debconf/Element/Dialog/Password.pm", "/usr/share/perl5/Debconf/Element/Dialog/Progress.pm", "/usr/share/perl5/Debconf/Element/Dialog/Select.pm", "/usr/share/perl5/Debconf/Element/Dialog/String.pm", "/usr/share/perl5/Debconf/Element/Dialog/Text.pm", "/usr/share/perl5/Debconf/Element/Editor/Boolean.pm", "/usr/share/perl5/Debconf/Element/Editor/Error.pm", "/usr/share/perl5/Debconf/Element/Editor/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Editor/Note.pm", "/usr/share/perl5/Debconf/Element/Editor/Password.pm", "/usr/share/perl5/Debconf/Element/Editor/Progress.pm", "/usr/share/perl5/Debconf/Element/Editor/Select.pm", "/usr/share/perl5/Debconf/Element/Editor/String.pm", "/usr/share/perl5/Debconf/Element/Editor/Text.pm", "/usr/share/perl5/Debconf/Element/Gnome.pm", "/usr/share/perl5/Debconf/Element/Gnome/Boolean.pm", "/usr/share/perl5/Debconf/Element/Gnome/Error.pm", "/usr/share/perl5/Debconf/Element/Gnome/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Gnome/Note.pm", "/usr/share/perl5/Debconf/Element/Gnome/Password.pm", "/usr/share/perl5/Debconf/Element/Gnome/Progress.pm", "/usr/share/perl5/Debconf/Element/Gnome/Select.pm", "/usr/share/perl5/Debconf/Element/Gnome/String.pm", "/usr/share/perl5/Debconf/Element/Gnome/Text.pm", "/usr/share/perl5/Debconf/Element/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Noninteractive.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Boolean.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Error.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Note.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Password.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Progress.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Select.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/String.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Text.pm", "/usr/share/perl5/Debconf/Element/Select.pm", "/usr/share/perl5/Debconf/Element/Teletype/Boolean.pm", "/usr/share/perl5/Debconf/Element/Teletype/Error.pm", "/usr/share/perl5/Debconf/Element/Teletype/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Teletype/Note.pm", "/usr/share/perl5/Debconf/Element/Teletype/Password.pm", "/usr/share/perl5/Debconf/Element/Teletype/Progress.pm", "/usr/share/perl5/Debconf/Element/Teletype/Select.pm", "/usr/share/perl5/Debconf/Element/Teletype/String.pm", "/usr/share/perl5/Debconf/Element/Teletype/Text.pm", "/usr/share/perl5/Debconf/Element/Web/Boolean.pm", "/usr/share/perl5/Debconf/Element/Web/Error.pm", "/usr/share/perl5/Debconf/Element/Web/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Web/Note.pm", "/usr/share/perl5/Debconf/Element/Web/Password.pm", "/usr/share/perl5/Debconf/Element/Web/Progress.pm", "/usr/share/perl5/Debconf/Element/Web/Select.pm", "/usr/share/perl5/Debconf/Element/Web/String.pm", "/usr/share/perl5/Debconf/Element/Web/Text.pm", "/usr/share/perl5/Debconf/Encoding.pm", "/usr/share/perl5/Debconf/Format.pm", "/usr/share/perl5/Debconf/Format/822.pm", "/usr/share/perl5/Debconf/FrontEnd.pm", "/usr/share/perl5/Debconf/FrontEnd/Dialog.pm", "/usr/share/perl5/Debconf/FrontEnd/Editor.pm", "/usr/share/perl5/Debconf/FrontEnd/Gnome.pm", "/usr/share/perl5/Debconf/FrontEnd/Kde.pm", "/usr/share/perl5/Debconf/FrontEnd/Noninteractive.pm", "/usr/share/perl5/Debconf/FrontEnd/Passthrough.pm", "/usr/share/perl5/Debconf/FrontEnd/Readline.pm", "/usr/share/perl5/Debconf/FrontEnd/ScreenSize.pm", "/usr/share/perl5/Debconf/FrontEnd/Teletype.pm", "/usr/share/perl5/Debconf/FrontEnd/Text.pm", "/usr/share/perl5/Debconf/FrontEnd/Web.pm", "/usr/share/perl5/Debconf/Gettext.pm", "/usr/share/perl5/Debconf/Iterator.pm", "/usr/share/perl5/Debconf/Log.pm", "/usr/share/perl5/Debconf/Path.pm", "/usr/share/perl5/Debconf/Priority.pm", "/usr/share/perl5/Debconf/Question.pm", "/usr/share/perl5/Debconf/Template.pm", "/usr/share/perl5/Debconf/Template/Transient.pm", "/usr/share/perl5/Debconf/TmpFile.pm", "/usr/share/perl5/Debian/DebConf/Client/ConfModule.pm", "/usr/share/pixmaps/debian-logo.png" ], "AnalyzedBy": "dpkg" }, { "ID": "debian-archive-keyring@2025.1", "Name": "debian-archive-keyring", "Identifier": { "PURL": "pkg:deb/debian/debian-archive-keyring@2025.1?arch=all\u0026distro=debian-13.5", "UID": "a22d861380b1187c" }, "Version": "2025.1", "Arch": "all", "SrcName": "debian-archive-keyring", "SrcVersion": "2025.1", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Debian Release Team \u003cpackages@release.debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/share/doc/debian-archive-keyring/NEWS.Debian.gz", "/usr/share/doc/debian-archive-keyring/README", "/usr/share/doc/debian-archive-keyring/changelog.gz", "/usr/share/doc/debian-archive-keyring/copyright", "/usr/share/keyrings/debian-archive-bookworm-automatic.pgp", "/usr/share/keyrings/debian-archive-bookworm-security-automatic.pgp", "/usr/share/keyrings/debian-archive-bookworm-stable.pgp", "/usr/share/keyrings/debian-archive-bullseye-automatic.pgp", "/usr/share/keyrings/debian-archive-bullseye-security-automatic.pgp", "/usr/share/keyrings/debian-archive-bullseye-stable.pgp", "/usr/share/keyrings/debian-archive-keyring.pgp", "/usr/share/keyrings/debian-archive-removed-keys.pgp", "/usr/share/keyrings/debian-archive-trixie-automatic.pgp", "/usr/share/keyrings/debian-archive-trixie-security-automatic.pgp", "/usr/share/keyrings/debian-archive-trixie-stable.pgp" ], "AnalyzedBy": "dpkg" }, { "ID": "debianutils@5.23.2", "Name": "debianutils", "Identifier": { "PURL": "pkg:deb/debian/debianutils@5.23.2?arch=amd64\u0026distro=debian-13.5", "UID": "3c5d0b66afafddbb" }, "Version": "5.23.2", "Arch": "amd64", "SrcName": "debianutils", "SrcVersion": "5.23.2", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "public-domain", "SMAIL-GPL" ], "Maintainer": "Ileana Dumitrescu \u003cileanadumitrescu95@gmail.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/ischroot", "/usr/bin/run-parts", "/usr/bin/savelog", "/usr/bin/tempfile", "/usr/bin/which.debianutils", "/usr/sbin/add-shell", "/usr/sbin/installkernel", "/usr/sbin/remove-shell", "/usr/sbin/update-shells", "/usr/share/debianutils/shells", "/usr/share/doc/debianutils/README.shells", "/usr/share/doc/debianutils/changelog.gz", "/usr/share/doc/debianutils/copyright", "/usr/share/man/de/man1/which.debianutils.1.gz", "/usr/share/man/de/man8/add-shell.8.gz", "/usr/share/man/de/man8/installkernel.8.gz", "/usr/share/man/de/man8/remove-shell.8.gz", "/usr/share/man/de/man8/run-parts.8.gz", "/usr/share/man/de/man8/savelog.8.gz", "/usr/share/man/es/man1/which.debianutils.1.gz", "/usr/share/man/es/man8/add-shell.8.gz", "/usr/share/man/es/man8/installkernel.8.gz", "/usr/share/man/es/man8/remove-shell.8.gz", "/usr/share/man/es/man8/run-parts.8.gz", "/usr/share/man/es/man8/savelog.8.gz", "/usr/share/man/fr/man1/which.debianutils.1.gz", "/usr/share/man/fr/man8/add-shell.8.gz", "/usr/share/man/fr/man8/installkernel.8.gz", "/usr/share/man/fr/man8/remove-shell.8.gz", "/usr/share/man/fr/man8/run-parts.8.gz", "/usr/share/man/fr/man8/savelog.8.gz", "/usr/share/man/it/man1/which.debianutils.1.gz", "/usr/share/man/it/man8/add-shell.8.gz", "/usr/share/man/it/man8/installkernel.8.gz", "/usr/share/man/it/man8/remove-shell.8.gz", "/usr/share/man/it/man8/run-parts.8.gz", "/usr/share/man/it/man8/savelog.8.gz", "/usr/share/man/ja/man1/which.debianutils.1.gz", "/usr/share/man/ja/man8/add-shell.8.gz", "/usr/share/man/ja/man8/installkernel.8.gz", "/usr/share/man/ja/man8/remove-shell.8.gz", "/usr/share/man/ja/man8/run-parts.8.gz", "/usr/share/man/ja/man8/savelog.8.gz", "/usr/share/man/man1/ischroot.1.gz", "/usr/share/man/man1/tempfile.1.gz", "/usr/share/man/man1/which.debianutils.1.gz", "/usr/share/man/man8/add-shell.8.gz", "/usr/share/man/man8/installkernel.8.gz", "/usr/share/man/man8/remove-shell.8.gz", "/usr/share/man/man8/run-parts.8.gz", "/usr/share/man/man8/savelog.8.gz", "/usr/share/man/man8/update-shells.8.gz", "/usr/share/man/pl/man1/which.debianutils.1.gz", "/usr/share/man/pl/man8/add-shell.8.gz", "/usr/share/man/pl/man8/installkernel.8.gz", "/usr/share/man/pl/man8/remove-shell.8.gz", "/usr/share/man/pl/man8/run-parts.8.gz", "/usr/share/man/pl/man8/savelog.8.gz", "/usr/share/man/pt/man1/which.debianutils.1.gz", "/usr/share/man/pt/man8/add-shell.8.gz", "/usr/share/man/pt/man8/installkernel.8.gz", "/usr/share/man/pt/man8/remove-shell.8.gz", "/usr/share/man/pt/man8/run-parts.8.gz", "/usr/share/man/pt/man8/savelog.8.gz", "/usr/share/man/sl/man1/which.debianutils.1.gz", "/usr/share/man/sl/man8/add-shell.8.gz", "/usr/share/man/sl/man8/installkernel.8.gz", "/usr/share/man/sl/man8/remove-shell.8.gz", "/usr/share/man/sl/man8/run-parts.8.gz", "/usr/share/man/sl/man8/savelog.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "diffutils@1:3.10-4", "Name": "diffutils", "Identifier": { "PURL": "pkg:deb/debian/diffutils@3.10-4?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "852f693a78aaa149" }, "Version": "3.10", "Release": "4", "Epoch": 1, "Arch": "amd64", "SrcName": "diffutils", "SrcVersion": "3.10", "SrcRelease": "4", "SrcEpoch": 1, "Licenses": [ "GPL-3.0-or-later", "FSFULLR", "LGPL-2.1-or-later", "GPL-3.0-with-autoconf-exception+", "GPL-3.0-only", "GPL-3+ with texinfo exception", "LGPL-2.0-or-later", "GPL-2.0-or-later", "X11", "FSFAP", "GFDL-1.3-no-invariants-only", "LGPL-3.0-or-later", "LGPL-3.0-only", "public-domain", "LGPL-2.0-only", "LGPL-2.1-only", "GPL-2.0-only", "GFDL-1.3-only" ], "Maintainer": "Santiago Vila \u003csanvila@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/cmp", "/usr/bin/diff", "/usr/bin/diff3", "/usr/bin/sdiff", "/usr/share/doc/diffutils/NEWS.gz", "/usr/share/doc/diffutils/changelog.Debian.gz", "/usr/share/doc/diffutils/changelog.gz", "/usr/share/doc/diffutils/copyright", "/usr/share/info/diffutils.info.gz", "/usr/share/locale/bg/LC_MESSAGES/diffutils.mo", "/usr/share/locale/ca/LC_MESSAGES/diffutils.mo", "/usr/share/locale/cs/LC_MESSAGES/diffutils.mo", "/usr/share/locale/da/LC_MESSAGES/diffutils.mo", "/usr/share/locale/de/LC_MESSAGES/diffutils.mo", "/usr/share/locale/el/LC_MESSAGES/diffutils.mo", "/usr/share/locale/eo/LC_MESSAGES/diffutils.mo", "/usr/share/locale/es/LC_MESSAGES/diffutils.mo", "/usr/share/locale/fi/LC_MESSAGES/diffutils.mo", "/usr/share/locale/fr/LC_MESSAGES/diffutils.mo", "/usr/share/locale/ga/LC_MESSAGES/diffutils.mo", "/usr/share/locale/gl/LC_MESSAGES/diffutils.mo", "/usr/share/locale/he/LC_MESSAGES/diffutils.mo", "/usr/share/locale/hr/LC_MESSAGES/diffutils.mo", "/usr/share/locale/hu/LC_MESSAGES/diffutils.mo", "/usr/share/locale/id/LC_MESSAGES/diffutils.mo", "/usr/share/locale/it/LC_MESSAGES/diffutils.mo", "/usr/share/locale/ja/LC_MESSAGES/diffutils.mo", "/usr/share/locale/ka/LC_MESSAGES/diffutils.mo", "/usr/share/locale/ko/LC_MESSAGES/diffutils.mo", "/usr/share/locale/lv/LC_MESSAGES/diffutils.mo", "/usr/share/locale/ms/LC_MESSAGES/diffutils.mo", "/usr/share/locale/nb/LC_MESSAGES/diffutils.mo", "/usr/share/locale/nl/LC_MESSAGES/diffutils.mo", "/usr/share/locale/pl/LC_MESSAGES/diffutils.mo", "/usr/share/locale/pt/LC_MESSAGES/diffutils.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/diffutils.mo", "/usr/share/locale/ro/LC_MESSAGES/diffutils.mo", "/usr/share/locale/ru/LC_MESSAGES/diffutils.mo", "/usr/share/locale/sr/LC_MESSAGES/diffutils.mo", "/usr/share/locale/sv/LC_MESSAGES/diffutils.mo", "/usr/share/locale/tr/LC_MESSAGES/diffutils.mo", "/usr/share/locale/uk/LC_MESSAGES/diffutils.mo", "/usr/share/locale/vi/LC_MESSAGES/diffutils.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/diffutils.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/diffutils.mo", "/usr/share/man/man1/cmp.1.gz", "/usr/share/man/man1/diff.1.gz", "/usr/share/man/man1/diff3.1.gz", "/usr/share/man/man1/sdiff.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "dpkg@1.22.22", "Name": "dpkg", "Identifier": { "PURL": "pkg:deb/debian/dpkg@1.22.22?arch=amd64\u0026distro=debian-13.5", "UID": "7b97f27e3bec0417" }, "Version": "1.22.22", "Arch": "amd64", "SrcName": "dpkg", "SrcVersion": "1.22.22", "Licenses": [ "GPL-2.0-or-later", "public-domain-s-s-d", "GPL-2.0-only" ], "Maintainer": "Dpkg Developers \u003cdebian-dpkg@lists.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "tar@1.35+dfsg-3.1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/dpkg", "/usr/bin/dpkg-deb", "/usr/bin/dpkg-divert", "/usr/bin/dpkg-maintscript-helper", "/usr/bin/dpkg-query", "/usr/bin/dpkg-realpath", "/usr/bin/dpkg-split", "/usr/bin/dpkg-statoverride", "/usr/bin/dpkg-trigger", "/usr/bin/update-alternatives", "/usr/lib/systemd/system/dpkg-db-backup.service", "/usr/lib/systemd/system/dpkg-db-backup.timer", "/usr/libexec/dpkg/dpkg-db-backup", "/usr/libexec/dpkg/dpkg-db-keeper", "/usr/sbin/start-stop-daemon", "/usr/share/doc/dpkg/AUTHORS", "/usr/share/doc/dpkg/README.api", "/usr/share/doc/dpkg/README.bug-usertags.gz", "/usr/share/doc/dpkg/README.feature-removal-schedule.gz", "/usr/share/doc/dpkg/THANKS.gz", "/usr/share/doc/dpkg/changelog.gz", "/usr/share/doc/dpkg/copyright", "/usr/share/dpkg/abitable", "/usr/share/dpkg/cputable", "/usr/share/dpkg/ostable", "/usr/share/dpkg/sh/dpkg-error.sh", "/usr/share/dpkg/tupletable", "/usr/share/lintian/overrides/dpkg", "/usr/share/lintian/profiles/dpkg/main.profile", "/usr/share/locale/ast/LC_MESSAGES/dpkg.mo", "/usr/share/locale/bs/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ca/LC_MESSAGES/dpkg.mo", "/usr/share/locale/cs/LC_MESSAGES/dpkg.mo", "/usr/share/locale/da/LC_MESSAGES/dpkg.mo", "/usr/share/locale/de/LC_MESSAGES/dpkg.mo", "/usr/share/locale/dz/LC_MESSAGES/dpkg.mo", "/usr/share/locale/el/LC_MESSAGES/dpkg.mo", "/usr/share/locale/eo/LC_MESSAGES/dpkg.mo", "/usr/share/locale/es/LC_MESSAGES/dpkg.mo", "/usr/share/locale/et/LC_MESSAGES/dpkg.mo", "/usr/share/locale/eu/LC_MESSAGES/dpkg.mo", "/usr/share/locale/fr/LC_MESSAGES/dpkg.mo", "/usr/share/locale/gl/LC_MESSAGES/dpkg.mo", "/usr/share/locale/hu/LC_MESSAGES/dpkg.mo", "/usr/share/locale/id/LC_MESSAGES/dpkg.mo", "/usr/share/locale/it/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ja/LC_MESSAGES/dpkg.mo", "/usr/share/locale/km/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ko/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ku/LC_MESSAGES/dpkg.mo", "/usr/share/locale/lt/LC_MESSAGES/dpkg.mo", "/usr/share/locale/mr/LC_MESSAGES/dpkg.mo", "/usr/share/locale/nb/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ne/LC_MESSAGES/dpkg.mo", "/usr/share/locale/nl/LC_MESSAGES/dpkg.mo", "/usr/share/locale/nn/LC_MESSAGES/dpkg.mo", "/usr/share/locale/oc/LC_MESSAGES/dpkg.mo", "/usr/share/locale/pa/LC_MESSAGES/dpkg.mo", "/usr/share/locale/pl/LC_MESSAGES/dpkg.mo", "/usr/share/locale/pt/LC_MESSAGES/dpkg.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ro/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ru/LC_MESSAGES/dpkg.mo", "/usr/share/locale/sk/LC_MESSAGES/dpkg.mo", "/usr/share/locale/sv/LC_MESSAGES/dpkg.mo", "/usr/share/locale/th/LC_MESSAGES/dpkg.mo", "/usr/share/locale/tl/LC_MESSAGES/dpkg.mo", "/usr/share/locale/tr/LC_MESSAGES/dpkg.mo", "/usr/share/locale/vi/LC_MESSAGES/dpkg.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/dpkg.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/dpkg.mo", "/usr/share/man/de/man1/dpkg-deb.1.gz", "/usr/share/man/de/man1/dpkg-divert.1.gz", "/usr/share/man/de/man1/dpkg-maintscript-helper.1.gz", "/usr/share/man/de/man1/dpkg-query.1.gz", "/usr/share/man/de/man1/dpkg-realpath.1.gz", "/usr/share/man/de/man1/dpkg-split.1.gz", "/usr/share/man/de/man1/dpkg-statoverride.1.gz", "/usr/share/man/de/man1/dpkg-trigger.1.gz", "/usr/share/man/de/man1/dpkg.1.gz", "/usr/share/man/de/man1/update-alternatives.1.gz", "/usr/share/man/de/man5/dpkg.cfg.5.gz", "/usr/share/man/de/man8/start-stop-daemon.8.gz", "/usr/share/man/es/man5/dpkg.cfg.5.gz", "/usr/share/man/fr/man1/dpkg-divert.1.gz", "/usr/share/man/fr/man1/dpkg-maintscript-helper.1.gz", "/usr/share/man/fr/man1/dpkg-query.1.gz", "/usr/share/man/fr/man1/dpkg-realpath.1.gz", "/usr/share/man/fr/man1/dpkg-split.1.gz", "/usr/share/man/fr/man1/dpkg-trigger.1.gz", "/usr/share/man/fr/man1/update-alternatives.1.gz", "/usr/share/man/fr/man5/dpkg.cfg.5.gz", "/usr/share/man/fr/man8/start-stop-daemon.8.gz", "/usr/share/man/it/man5/dpkg.cfg.5.gz", "/usr/share/man/ja/man5/dpkg.cfg.5.gz", "/usr/share/man/man1/dpkg-deb.1.gz", "/usr/share/man/man1/dpkg-divert.1.gz", "/usr/share/man/man1/dpkg-maintscript-helper.1.gz", "/usr/share/man/man1/dpkg-query.1.gz", "/usr/share/man/man1/dpkg-realpath.1.gz", "/usr/share/man/man1/dpkg-split.1.gz", "/usr/share/man/man1/dpkg-statoverride.1.gz", "/usr/share/man/man1/dpkg-trigger.1.gz", "/usr/share/man/man1/dpkg.1.gz", "/usr/share/man/man1/update-alternatives.1.gz", "/usr/share/man/man5/dpkg.cfg.5.gz", "/usr/share/man/man8/start-stop-daemon.8.gz", "/usr/share/man/nl/man1/dpkg-deb.1.gz", "/usr/share/man/nl/man1/dpkg-divert.1.gz", "/usr/share/man/nl/man1/dpkg-maintscript-helper.1.gz", "/usr/share/man/nl/man1/dpkg-query.1.gz", "/usr/share/man/nl/man1/dpkg-realpath.1.gz", "/usr/share/man/nl/man1/dpkg-split.1.gz", "/usr/share/man/nl/man1/dpkg-statoverride.1.gz", "/usr/share/man/nl/man1/dpkg-trigger.1.gz", "/usr/share/man/nl/man1/dpkg.1.gz", "/usr/share/man/nl/man1/update-alternatives.1.gz", "/usr/share/man/nl/man5/dpkg.cfg.5.gz", "/usr/share/man/nl/man8/start-stop-daemon.8.gz", "/usr/share/man/pl/man5/dpkg.cfg.5.gz", "/usr/share/man/pt/man1/dpkg-deb.1.gz", "/usr/share/man/pt/man1/dpkg-divert.1.gz", "/usr/share/man/pt/man1/dpkg-maintscript-helper.1.gz", "/usr/share/man/pt/man1/dpkg-query.1.gz", "/usr/share/man/pt/man1/dpkg-realpath.1.gz", "/usr/share/man/pt/man1/dpkg-split.1.gz", "/usr/share/man/pt/man1/dpkg-statoverride.1.gz", "/usr/share/man/pt/man1/dpkg-trigger.1.gz", "/usr/share/man/pt/man1/dpkg.1.gz", "/usr/share/man/pt/man1/update-alternatives.1.gz", "/usr/share/man/pt/man5/dpkg.cfg.5.gz", "/usr/share/man/pt/man8/start-stop-daemon.8.gz", "/usr/share/man/sv/man1/dpkg-deb.1.gz", "/usr/share/man/sv/man1/dpkg-divert.1.gz", "/usr/share/man/sv/man1/dpkg-maintscript-helper.1.gz", "/usr/share/man/sv/man1/dpkg-query.1.gz", "/usr/share/man/sv/man1/dpkg-realpath.1.gz", "/usr/share/man/sv/man1/dpkg-split.1.gz", "/usr/share/man/sv/man1/dpkg-statoverride.1.gz", "/usr/share/man/sv/man1/dpkg-trigger.1.gz", "/usr/share/man/sv/man1/dpkg.1.gz", "/usr/share/man/sv/man1/update-alternatives.1.gz", "/usr/share/man/sv/man5/dpkg.cfg.5.gz", "/usr/share/man/sv/man8/start-stop-daemon.8.gz", "/usr/share/polkit-1/actions/org.dpkg.pkexec.update-alternatives.policy" ], "AnalyzedBy": "dpkg" }, { "ID": "findutils@4.10.0-3", "Name": "findutils", "Identifier": { "PURL": "pkg:deb/debian/findutils@4.10.0-3?arch=amd64\u0026distro=debian-13.5", "UID": "12e741692291b42a" }, "Version": "4.10.0", "Release": "3", "Arch": "amd64", "SrcName": "findutils", "SrcVersion": "4.10.0", "SrcRelease": "3", "Licenses": [ "GFDL-1.3-no-invariants-or-later", "GPL-3.0-or-later", "FSFAP", "GPL-2+ with Autoconf-data exception", "GPL-3+ with Autoconf-data exception", "FSFULLR", "GPL-2.0-or-later", "X11", "public-domain", "LGPL-2.1-or-later", "GPL with automake exception", "LGPL-2.0-or-later", "LGPL-3.0-or-later", "BSD-3-Clause", "GPL-3+ with Bison-2.2 exception", "LGPL-3.0-only", "ISC", "GFDL-1.3-only", "GPL-2.0-only", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only" ], "Maintainer": "Andreas Metzler \u003cametzler@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/find", "/usr/bin/xargs", "/usr/share/doc-base/findutils.findutils", "/usr/share/doc/findutils/NEWS.gz", "/usr/share/doc/findutils/README.gz", "/usr/share/doc/findutils/TODO", "/usr/share/doc/findutils/changelog.Debian.gz", "/usr/share/doc/findutils/changelog.gz", "/usr/share/doc/findutils/copyright", "/usr/share/info/find-maint.info.gz", "/usr/share/info/find.info.gz", "/usr/share/locale/be/LC_MESSAGES/findutils.mo", "/usr/share/locale/bg/LC_MESSAGES/findutils.mo", "/usr/share/locale/ca/LC_MESSAGES/findutils.mo", "/usr/share/locale/cs/LC_MESSAGES/findutils.mo", "/usr/share/locale/da/LC_MESSAGES/findutils.mo", "/usr/share/locale/de/LC_MESSAGES/findutils.mo", "/usr/share/locale/el/LC_MESSAGES/findutils.mo", "/usr/share/locale/eo/LC_MESSAGES/findutils.mo", "/usr/share/locale/es/LC_MESSAGES/findutils.mo", "/usr/share/locale/et/LC_MESSAGES/findutils.mo", "/usr/share/locale/fi/LC_MESSAGES/findutils.mo", "/usr/share/locale/fr/LC_MESSAGES/findutils.mo", "/usr/share/locale/ga/LC_MESSAGES/findutils.mo", "/usr/share/locale/gl/LC_MESSAGES/findutils.mo", "/usr/share/locale/hr/LC_MESSAGES/findutils.mo", "/usr/share/locale/hu/LC_MESSAGES/findutils.mo", "/usr/share/locale/id/LC_MESSAGES/findutils.mo", "/usr/share/locale/it/LC_MESSAGES/findutils.mo", "/usr/share/locale/ja/LC_MESSAGES/findutils.mo", "/usr/share/locale/ka/LC_MESSAGES/findutils.mo", "/usr/share/locale/ko/LC_MESSAGES/findutils.mo", "/usr/share/locale/lg/LC_MESSAGES/findutils.mo", "/usr/share/locale/lt/LC_MESSAGES/findutils.mo", "/usr/share/locale/ms/LC_MESSAGES/findutils.mo", "/usr/share/locale/nb/LC_MESSAGES/findutils.mo", "/usr/share/locale/nl/LC_MESSAGES/findutils.mo", "/usr/share/locale/pl/LC_MESSAGES/findutils.mo", "/usr/share/locale/pt/LC_MESSAGES/findutils.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/findutils.mo", "/usr/share/locale/ro/LC_MESSAGES/findutils.mo", "/usr/share/locale/ru/LC_MESSAGES/findutils.mo", "/usr/share/locale/sk/LC_MESSAGES/findutils.mo", "/usr/share/locale/sl/LC_MESSAGES/findutils.mo", "/usr/share/locale/sr/LC_MESSAGES/findutils.mo", "/usr/share/locale/sv/LC_MESSAGES/findutils.mo", "/usr/share/locale/tr/LC_MESSAGES/findutils.mo", "/usr/share/locale/uk/LC_MESSAGES/findutils.mo", "/usr/share/locale/vi/LC_MESSAGES/findutils.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/findutils.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/findutils.mo", "/usr/share/man/man1/find.1.gz", "/usr/share/man/man1/xargs.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "gcc-14-base@14.2.0-19", "Name": "gcc-14-base", "Identifier": { "PURL": "pkg:deb/debian/gcc-14-base@14.2.0-19?arch=amd64\u0026distro=debian-13.5", "UID": "371c061d08215a1b" }, "Version": "14.2.0", "Release": "19", "Arch": "amd64", "SrcName": "gcc-14", "SrcVersion": "14.2.0", "SrcRelease": "19", "Licenses": [ "GPL-2.0-or-later", "GPL-3.0-only", "GFDL-1.2-only", "Artistic-2.0", "LGPL-2.0-or-later" ], "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/share/doc/gcc-14-base/README.Debian.amd64.gz", "/usr/share/doc/gcc-14-base/TODO.Debian", "/usr/share/doc/gcc-14-base/changelog.Debian.gz", "/usr/share/doc/gcc-14-base/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "grep@3.11-4", "Name": "grep", "Identifier": { "PURL": "pkg:deb/debian/grep@3.11-4?arch=amd64\u0026distro=debian-13.5", "UID": "6ce8b4eed9c0d137" }, "Version": "3.11", "Release": "4", "Arch": "amd64", "SrcName": "grep", "SrcVersion": "3.11", "SrcRelease": "4", "Licenses": [ "GPL-3.0-or-later", "GPL-3.0-only" ], "Maintainer": "Anibal Monsalve Salazar \u003canibal@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/egrep", "/usr/bin/fgrep", "/usr/bin/grep", "/usr/bin/rgrep", "/usr/share/doc/grep/AUTHORS", "/usr/share/doc/grep/NEWS.Debian.gz", "/usr/share/doc/grep/NEWS.gz", "/usr/share/doc/grep/README", "/usr/share/doc/grep/THANKS.gz", "/usr/share/doc/grep/TODO.gz", "/usr/share/doc/grep/changelog.Debian.gz", "/usr/share/doc/grep/changelog.gz", "/usr/share/doc/grep/copyright", "/usr/share/info/grep.info.gz", "/usr/share/locale/af/LC_MESSAGES/grep.mo", "/usr/share/locale/be/LC_MESSAGES/grep.mo", "/usr/share/locale/bg/LC_MESSAGES/grep.mo", "/usr/share/locale/ca/LC_MESSAGES/grep.mo", "/usr/share/locale/cs/LC_MESSAGES/grep.mo", "/usr/share/locale/da/LC_MESSAGES/grep.mo", "/usr/share/locale/de/LC_MESSAGES/grep.mo", "/usr/share/locale/el/LC_MESSAGES/grep.mo", "/usr/share/locale/eo/LC_MESSAGES/grep.mo", "/usr/share/locale/es/LC_MESSAGES/grep.mo", "/usr/share/locale/et/LC_MESSAGES/grep.mo", "/usr/share/locale/eu/LC_MESSAGES/grep.mo", "/usr/share/locale/fi/LC_MESSAGES/grep.mo", "/usr/share/locale/fr/LC_MESSAGES/grep.mo", "/usr/share/locale/ga/LC_MESSAGES/grep.mo", "/usr/share/locale/gl/LC_MESSAGES/grep.mo", "/usr/share/locale/he/LC_MESSAGES/grep.mo", "/usr/share/locale/hr/LC_MESSAGES/grep.mo", "/usr/share/locale/hu/LC_MESSAGES/grep.mo", "/usr/share/locale/id/LC_MESSAGES/grep.mo", "/usr/share/locale/it/LC_MESSAGES/grep.mo", "/usr/share/locale/ja/LC_MESSAGES/grep.mo", "/usr/share/locale/ka/LC_MESSAGES/grep.mo", "/usr/share/locale/ko/LC_MESSAGES/grep.mo", "/usr/share/locale/ky/LC_MESSAGES/grep.mo", "/usr/share/locale/lt/LC_MESSAGES/grep.mo", "/usr/share/locale/nb/LC_MESSAGES/grep.mo", "/usr/share/locale/nl/LC_MESSAGES/grep.mo", "/usr/share/locale/pa/LC_MESSAGES/grep.mo", "/usr/share/locale/pl/LC_MESSAGES/grep.mo", "/usr/share/locale/pt/LC_MESSAGES/grep.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/grep.mo", "/usr/share/locale/ro/LC_MESSAGES/grep.mo", "/usr/share/locale/ru/LC_MESSAGES/grep.mo", "/usr/share/locale/sk/LC_MESSAGES/grep.mo", "/usr/share/locale/sl/LC_MESSAGES/grep.mo", "/usr/share/locale/sr/LC_MESSAGES/grep.mo", "/usr/share/locale/sv/LC_MESSAGES/grep.mo", "/usr/share/locale/ta/LC_MESSAGES/grep.mo", "/usr/share/locale/th/LC_MESSAGES/grep.mo", "/usr/share/locale/tr/LC_MESSAGES/grep.mo", "/usr/share/locale/uk/LC_MESSAGES/grep.mo", "/usr/share/locale/vi/LC_MESSAGES/grep.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/grep.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/grep.mo", "/usr/share/man/man1/grep.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "gzip@1.13-1", "Name": "gzip", "Identifier": { "PURL": "pkg:deb/debian/gzip@1.13-1?arch=amd64\u0026distro=debian-13.5", "UID": "954545ce99bc687e" }, "Version": "1.13", "Release": "1", "Arch": "amd64", "SrcName": "gzip", "SrcVersion": "1.13", "SrcRelease": "1", "Licenses": [ "GPL-3.0-or-later", "GFDL-1.3+-no-invariant", "FSF-manpages", "GPL-3.0-only", "GFDL-3" ], "Maintainer": "Milan Kupcevic \u003cmilan@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/gunzip", "/usr/bin/gzexe", "/usr/bin/gzip", "/usr/bin/zcat", "/usr/bin/zcmp", "/usr/bin/zdiff", "/usr/bin/zegrep", "/usr/bin/zfgrep", "/usr/bin/zforce", "/usr/bin/zgrep", "/usr/bin/zless", "/usr/bin/zmore", "/usr/bin/znew", "/usr/share/doc/gzip/NEWS.gz", "/usr/share/doc/gzip/README.gz", "/usr/share/doc/gzip/TODO", "/usr/share/doc/gzip/changelog.Debian.gz", "/usr/share/doc/gzip/changelog.gz", "/usr/share/doc/gzip/copyright", "/usr/share/info/gzip.info.gz", "/usr/share/man/man1/gzexe.1.gz", "/usr/share/man/man1/gzip.1.gz", "/usr/share/man/man1/zdiff.1.gz", "/usr/share/man/man1/zforce.1.gz", "/usr/share/man/man1/zgrep.1.gz", "/usr/share/man/man1/zless.1.gz", "/usr/share/man/man1/zmore.1.gz", "/usr/share/man/man1/znew.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "hostname@3.25", "Name": "hostname", "Identifier": { "PURL": "pkg:deb/debian/hostname@3.25?arch=amd64\u0026distro=debian-13.5", "UID": "641772722328aedf" }, "Version": "3.25", "Arch": "amd64", "SrcName": "hostname", "SrcVersion": "3.25", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Michael Meskes \u003cmeskes@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/hostname", "/usr/share/doc/hostname/changelog.gz", "/usr/share/doc/hostname/copyright", "/usr/share/man/man1/hostname.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "init-system-helpers@1.69~deb13u1", "Name": "init-system-helpers", "Identifier": { "PURL": "pkg:deb/debian/init-system-helpers@1.69~deb13u1?arch=all\u0026distro=debian-13.5", "UID": "cb52819ec2f1a236" }, "Version": "1.69~deb13u1", "Arch": "all", "SrcName": "init-system-helpers", "SrcVersion": "1.69~deb13u1", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Debian systemd Maintainers \u003cpkg-systemd-maintainers@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/deb-systemd-helper", "/usr/bin/deb-systemd-invoke", "/usr/sbin/invoke-rc.d", "/usr/sbin/service", "/usr/sbin/update-rc.d", "/usr/share/bug/init-system-helpers/control", "/usr/share/doc/init-system-helpers/README.invoke-rc.d.gz", "/usr/share/doc/init-system-helpers/README.policy-rc.d.gz", "/usr/share/doc/init-system-helpers/changelog.gz", "/usr/share/doc/init-system-helpers/copyright", "/usr/share/lintian/overrides/init-system-helpers", "/usr/share/man/man1/deb-systemd-helper.1p.gz", "/usr/share/man/man1/deb-systemd-invoke.1p.gz", "/usr/share/man/man8/invoke-rc.d.8.gz", "/usr/share/man/man8/service.8.gz", "/usr/share/man/man8/update-rc.d.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "libacl1@2.3.2-2+b1", "Name": "libacl1", "Identifier": { "PURL": "pkg:deb/debian/libacl1@2.3.2-2%2Bb1?arch=amd64\u0026distro=debian-13.5", "UID": "f9f7789d147b9636" }, "Version": "2.3.2", "Release": "2+b1", "Arch": "amd64", "SrcName": "acl", "SrcVersion": "2.3.2", "SrcRelease": "2", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "LGPL-2.0-or-later", "LGPL-2.1-only" ], "Maintainer": "Guillem Jover \u003cguillem@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libacl.so.1.1.2302", "/usr/share/doc/libacl1/changelog.Debian.amd64.gz", "/usr/share/doc/libacl1/changelog.Debian.gz", "/usr/share/doc/libacl1/changelog.gz", "/usr/share/doc/libacl1/copyright", "/usr/share/lintian/overrides/libacl1" ], "AnalyzedBy": "dpkg" }, { "ID": "libapt-pkg7.0@3.0.3", "Name": "libapt-pkg7.0", "Identifier": { "PURL": "pkg:deb/debian/libapt-pkg7.0@3.0.3?arch=amd64\u0026distro=debian-13.5", "UID": "5549812c55d79bea" }, "Version": "3.0.3", "Arch": "amd64", "SrcName": "apt", "SrcVersion": "3.0.3", "Licenses": [ "GPL-2.0-or-later", "curl", "BSD-3-Clause", "MIT", "GPL-2.0-only" ], "Maintainer": "APT Development Team \u003cdeity@lists.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libbz2-1.0@1.0.8-6", "libc6@2.41-12+deb13u3", "libgcc-s1@14.2.0-19", "liblz4-1@1.10.0-4", "liblzma5@5.8.1-1", "libssl3t64@3.5.6-1~deb13u1", "libstdc++6@14.2.0-19", "libsystemd0@257.13-1~deb13u1", "libudev1@257.13-1~deb13u1", "libxxhash0@0.8.3-2", "libzstd1@1.5.7+dfsg-1", "zlib1g@1:1.3.dfsg+really1.3.1-1+b1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libapt-pkg.so.7.0.0", "/usr/share/doc/libapt-pkg7.0/NEWS.Debian.gz", "/usr/share/doc/libapt-pkg7.0/changelog.gz", "/usr/share/doc/libapt-pkg7.0/copyright", "/usr/share/locale/ar/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/ast/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/bg/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/bs/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/ca/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/cs/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/cy/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/da/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/de/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/dz/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/el/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/es/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/eu/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/fi/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/fr/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/gl/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/hu/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/it/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/ja/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/km/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/ko/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/ku/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/lt/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/mr/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/nb/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/ne/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/nl/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/nn/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/pl/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/pt/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/ro/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/ru/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/sk/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/sl/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/sv/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/th/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/tl/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/tr/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/uk/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/vi/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/libapt-pkg7.0.mo" ], "AnalyzedBy": "dpkg" }, { "ID": "libattr1@1:2.5.2-3", "Name": "libattr1", "Identifier": { "PURL": "pkg:deb/debian/libattr1@2.5.2-3?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "90d554a582a8683b" }, "Version": "2.5.2", "Release": "3", "Epoch": 1, "Arch": "amd64", "SrcName": "attr", "SrcVersion": "2.5.2", "SrcRelease": "3", "SrcEpoch": 1, "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "LGPL-2.0-or-later", "LGPL-2.1-only" ], "Maintainer": "Guillem Jover \u003cguillem@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libattr.so.1.1.2502", "/usr/share/doc/libattr1/changelog.Debian.gz", "/usr/share/doc/libattr1/changelog.gz", "/usr/share/doc/libattr1/copyright", "/usr/share/lintian/overrides/libattr1" ], "AnalyzedBy": "dpkg" }, { "ID": "libaudit-common@1:4.0.2-2", "Name": "libaudit-common", "Identifier": { "PURL": "pkg:deb/debian/libaudit-common@4.0.2-2?arch=all\u0026distro=debian-13.5\u0026epoch=1", "UID": "d20cd9a11d8e018d" }, "Version": "4.0.2", "Release": "2", "Epoch": 1, "Arch": "all", "SrcName": "audit", "SrcVersion": "4.0.2", "SrcRelease": "2", "SrcEpoch": 1, "Licenses": [ "GPL-2.0-only", "LGPL-2.1-only", "GPL-1.0-only" ], "Maintainer": "Laurent Bigonville \u003cbigon@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/share/doc/libaudit-common/changelog.Debian.gz", "/usr/share/doc/libaudit-common/changelog.gz", "/usr/share/doc/libaudit-common/copyright", "/usr/share/man/man5/libaudit.conf.5.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "libaudit1@1:4.0.2-2+b2", "Name": "libaudit1", "Identifier": { "PURL": "pkg:deb/debian/libaudit1@4.0.2-2%2Bb2?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "c47a55b8e27ace3c" }, "Version": "4.0.2", "Release": "2+b2", "Epoch": 1, "Arch": "amd64", "SrcName": "audit", "SrcVersion": "4.0.2", "SrcRelease": "2", "SrcEpoch": 1, "Licenses": [ "GPL-2.0-only", "LGPL-2.1-only", "GPL-1.0-only" ], "Maintainer": "Laurent Bigonville \u003cbigon@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libaudit-common@1:4.0.2-2", "libc6@2.41-12+deb13u3", "libcap-ng0@0.8.5-4+b1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libaudit.so.1.0.0", "/usr/share/doc/libaudit1/changelog.Debian.amd64.gz", "/usr/share/doc/libaudit1/changelog.Debian.gz", "/usr/share/doc/libaudit1/changelog.gz", "/usr/share/doc/libaudit1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libblkid1@2.41-5", "Name": "libblkid1", "Identifier": { "PURL": "pkg:deb/debian/libblkid1@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "51bf0af8d40f4a01" }, "Version": "2.41", "Release": "5", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libblkid.so.1.1.0", "/usr/share/doc/libblkid1/NEWS.Debian.gz", "/usr/share/doc/libblkid1/changelog.Debian.gz", "/usr/share/doc/libblkid1/changelog.gz", "/usr/share/doc/libblkid1/copyright", "/usr/share/lintian/overrides/libblkid1" ], "AnalyzedBy": "dpkg" }, { "ID": "libbsd0@0.12.2-2", "Name": "libbsd0", "Identifier": { "PURL": "pkg:deb/debian/libbsd0@0.12.2-2?arch=amd64\u0026distro=debian-13.5", "UID": "a8f4afa42f768363" }, "Version": "0.12.2", "Release": "2", "Arch": "amd64", "SrcName": "libbsd", "SrcVersion": "0.12.2", "SrcRelease": "2", "Licenses": [ "BSD-3-Clause", "BSD-3-clause-Regents", "BSD-2-Clause-NetBSD", "BSD-3-clause-author", "BSD-3-clause-John-Birrell", "BSD-5-clause-Peter-Wemm", "BSD-2-Clause", "BSD-2-clause-verbatim", "BSD-2-clause-author", "ISC", "ISC-Original", "MIT", "public-domain", "Beerware" ], "Maintainer": "Guillem Jover \u003cguillem@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libmd0@1.1.0-2+b1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libbsd.so.0.12.2", "/usr/share/doc/libbsd0/changelog.Debian.gz", "/usr/share/doc/libbsd0/changelog.gz", "/usr/share/doc/libbsd0/copyright", "/usr/share/lintian/overrides/libbsd0" ], "AnalyzedBy": "dpkg" }, { "ID": "libbz2-1.0@1.0.8-6", "Name": "libbz2-1.0", "Identifier": { "PURL": "pkg:deb/debian/libbz2-1.0@1.0.8-6?arch=amd64\u0026distro=debian-13.5", "UID": "2da429aca83dde92" }, "Version": "1.0.8", "Release": "6", "Arch": "amd64", "SrcName": "bzip2", "SrcVersion": "1.0.8", "SrcRelease": "6", "Licenses": [ "BSD-3-Clause", "GPL-2.0-only" ], "Maintainer": "Anibal Monsalve Salazar \u003canibal@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libbz2.so.1.0.4", "/usr/share/doc/libbz2-1.0/changelog.Debian.gz", "/usr/share/doc/libbz2-1.0/changelog.gz", "/usr/share/doc/libbz2-1.0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libc-bin@2.41-12+deb13u3", "Name": "libc-bin", "Identifier": { "PURL": "pkg:deb/debian/libc-bin@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", "UID": "c45af597301c8c0b" }, "Version": "2.41", "Release": "12+deb13u3", "Arch": "amd64", "SrcName": "glibc", "SrcVersion": "2.41", "SrcRelease": "12+deb13u3", "Licenses": [ "LGPL-2.1-or-later", "LGPL-2.0-or-later", "LGPL-2.1+-with-link-exception", "LGPL-3.0-or-later", "GPL-2.0-or-later", "GPL-2+-with-link-exception", "GPL-2.0-only", "GPL-3.0-or-later", "FSFAP", "Carnegie", "Inner-Net", "MIT-like-Lord", "BSD-like-Spencer", "PCRE", "BSD-3-clause-Carnegie", "Unicode-DFS-2016", "BSL-1.0", "SunPro", "CORE-MATH", "BSD-3-clause-Berkeley", "BSD-3-clause-WIDE", "BSD-2-Clause", "BSD-3-clause-Oracle", "DEC", "IBM", "ISC", "Univ-Coimbra", "public-domain", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "GNU Libc Maintainers \u003cdebian-glibc@lists.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/getconf", "/usr/bin/getent", "/usr/bin/iconv", "/usr/bin/ldd", "/usr/bin/locale", "/usr/bin/localedef", "/usr/bin/pldd", "/usr/bin/tzselect", "/usr/bin/zdump", "/usr/lib/locale/C.utf8/LC_ADDRESS", "/usr/lib/locale/C.utf8/LC_COLLATE", "/usr/lib/locale/C.utf8/LC_CTYPE", "/usr/lib/locale/C.utf8/LC_IDENTIFICATION", "/usr/lib/locale/C.utf8/LC_MEASUREMENT", "/usr/lib/locale/C.utf8/LC_MESSAGES/SYS_LC_MESSAGES", "/usr/lib/locale/C.utf8/LC_MONETARY", "/usr/lib/locale/C.utf8/LC_NAME", "/usr/lib/locale/C.utf8/LC_NUMERIC", "/usr/lib/locale/C.utf8/LC_PAPER", "/usr/lib/locale/C.utf8/LC_TELEPHONE", "/usr/lib/locale/C.utf8/LC_TIME", "/usr/sbin/iconvconfig", "/usr/sbin/ldconfig", "/usr/sbin/zic", "/usr/share/doc/libc-bin/changelog.Debian.gz", "/usr/share/doc/libc-bin/changelog.gz", "/usr/share/doc/libc-bin/copyright", "/usr/share/libc-bin/nsswitch.conf", "/usr/share/lintian/overrides/libc-bin", "/usr/share/man/man1/getconf.1.gz", "/usr/share/man/man1/tzselect.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "libc6@2.41-12+deb13u3", "Name": "libc6", "Identifier": { "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", "UID": "2a1acf211abcdd46" }, "Version": "2.41", "Release": "12+deb13u3", "Arch": "amd64", "SrcName": "glibc", "SrcVersion": "2.41", "SrcRelease": "12+deb13u3", "Licenses": [ "LGPL-2.1-or-later", "LGPL-2.0-or-later", "LGPL-2.1+-with-link-exception", "LGPL-3.0-or-later", "GPL-2.0-or-later", "GPL-2+-with-link-exception", "GPL-2.0-only", "GPL-3.0-or-later", "FSFAP", "Carnegie", "Inner-Net", "MIT-like-Lord", "BSD-like-Spencer", "PCRE", "BSD-3-clause-Carnegie", "Unicode-DFS-2016", "BSL-1.0", "SunPro", "CORE-MATH", "BSD-3-clause-Berkeley", "BSD-3-clause-WIDE", "BSD-2-Clause", "BSD-3-clause-Oracle", "DEC", "IBM", "ISC", "Univ-Coimbra", "public-domain", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "GNU Libc Maintainers \u003cdebian-glibc@lists.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libgcc-s1@14.2.0-19" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/gconv/ANSI_X3.110.so", "/usr/lib/x86_64-linux-gnu/gconv/ARMSCII-8.so", "/usr/lib/x86_64-linux-gnu/gconv/ASMO_449.so", "/usr/lib/x86_64-linux-gnu/gconv/BIG5.so", "/usr/lib/x86_64-linux-gnu/gconv/BIG5HKSCS.so", "/usr/lib/x86_64-linux-gnu/gconv/BRF.so", "/usr/lib/x86_64-linux-gnu/gconv/CP10007.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1125.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1250.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1251.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1252.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1253.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1254.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1255.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1256.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1257.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1258.so", "/usr/lib/x86_64-linux-gnu/gconv/CP737.so", "/usr/lib/x86_64-linux-gnu/gconv/CP770.so", "/usr/lib/x86_64-linux-gnu/gconv/CP771.so", "/usr/lib/x86_64-linux-gnu/gconv/CP772.so", "/usr/lib/x86_64-linux-gnu/gconv/CP773.so", "/usr/lib/x86_64-linux-gnu/gconv/CP774.so", "/usr/lib/x86_64-linux-gnu/gconv/CP775.so", "/usr/lib/x86_64-linux-gnu/gconv/CP932.so", "/usr/lib/x86_64-linux-gnu/gconv/CSN_369103.so", "/usr/lib/x86_64-linux-gnu/gconv/CWI.so", "/usr/lib/x86_64-linux-gnu/gconv/DEC-MCS.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-AT-DE-A.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-AT-DE.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-CA-FR.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-DK-NO-A.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-DK-NO.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES-A.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES-S.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FI-SE-A.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FI-SE.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FR.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-IS-FRISS.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-IT.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-PT.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-UK.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-US.so", "/usr/lib/x86_64-linux-gnu/gconv/ECMA-CYRILLIC.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-CN.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-JISX0213.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-JP-MS.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-JP.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-KR.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-TW.so", "/usr/lib/x86_64-linux-gnu/gconv/GB18030.so", "/usr/lib/x86_64-linux-gnu/gconv/GBBIG5.so", "/usr/lib/x86_64-linux-gnu/gconv/GBGBK.so", "/usr/lib/x86_64-linux-gnu/gconv/GBK.so", "/usr/lib/x86_64-linux-gnu/gconv/GEORGIAN-ACADEMY.so", "/usr/lib/x86_64-linux-gnu/gconv/GEORGIAN-PS.so", "/usr/lib/x86_64-linux-gnu/gconv/GOST_19768-74.so", "/usr/lib/x86_64-linux-gnu/gconv/GREEK-CCITT.so", "/usr/lib/x86_64-linux-gnu/gconv/GREEK7-OLD.so", "/usr/lib/x86_64-linux-gnu/gconv/GREEK7.so", "/usr/lib/x86_64-linux-gnu/gconv/HP-GREEK8.so", "/usr/lib/x86_64-linux-gnu/gconv/HP-ROMAN8.so", "/usr/lib/x86_64-linux-gnu/gconv/HP-ROMAN9.so", "/usr/lib/x86_64-linux-gnu/gconv/HP-THAI8.so", "/usr/lib/x86_64-linux-gnu/gconv/HP-TURKISH8.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM037.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM038.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1004.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1008.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1008_420.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1025.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1026.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1046.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1047.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1097.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1112.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1122.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1123.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1124.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1129.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1130.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1132.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1133.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1137.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1140.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1141.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1142.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1143.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1144.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1145.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1146.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1147.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1148.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1149.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1153.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1154.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1155.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1156.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1157.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1158.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1160.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1161.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1162.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1163.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1164.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1166.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1167.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM12712.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1364.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1371.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1388.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1390.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1399.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM16804.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM256.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM273.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM274.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM275.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM277.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM278.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM280.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM281.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM284.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM285.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM290.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM297.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM420.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM423.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM424.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM437.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM4517.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM4899.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM4909.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM4971.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM500.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM5347.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM803.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM850.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM851.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM852.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM855.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM856.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM857.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM858.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM860.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM861.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM862.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM863.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM864.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM865.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM866.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM866NAV.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM868.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM869.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM870.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM871.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM874.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM875.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM880.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM891.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM901.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM902.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM903.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM9030.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM904.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM905.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM9066.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM918.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM921.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM922.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM930.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM932.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM933.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM935.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM937.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM939.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM943.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM9448.so", "/usr/lib/x86_64-linux-gnu/gconv/IEC_P27-1.so", "/usr/lib/x86_64-linux-gnu/gconv/INIS-8.so", "/usr/lib/x86_64-linux-gnu/gconv/INIS-CYRILLIC.so", "/usr/lib/x86_64-linux-gnu/gconv/INIS.so", "/usr/lib/x86_64-linux-gnu/gconv/ISIRI-3342.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-CN-EXT.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-CN.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-JP-3.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-JP.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-KR.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-IR-197.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-IR-209.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO646.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-1.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-10.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-11.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-13.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-14.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-15.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-16.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-2.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-3.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-4.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-5.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-6.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-7.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-8.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-9.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-9E.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_10367-BOX.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_11548-1.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_2033.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_5427-EXT.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_5427.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_5428.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_6937-2.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_6937.so", "/usr/lib/x86_64-linux-gnu/gconv/JOHAB.so", "/usr/lib/x86_64-linux-gnu/gconv/KOI-8.so", "/usr/lib/x86_64-linux-gnu/gconv/KOI8-R.so", "/usr/lib/x86_64-linux-gnu/gconv/KOI8-RU.so", "/usr/lib/x86_64-linux-gnu/gconv/KOI8-T.so", "/usr/lib/x86_64-linux-gnu/gconv/KOI8-U.so", "/usr/lib/x86_64-linux-gnu/gconv/LATIN-GREEK-1.so", "/usr/lib/x86_64-linux-gnu/gconv/LATIN-GREEK.so", "/usr/lib/x86_64-linux-gnu/gconv/MAC-CENTRALEUROPE.so", "/usr/lib/x86_64-linux-gnu/gconv/MAC-IS.so", "/usr/lib/x86_64-linux-gnu/gconv/MAC-SAMI.so", "/usr/lib/x86_64-linux-gnu/gconv/MAC-UK.so", "/usr/lib/x86_64-linux-gnu/gconv/MACINTOSH.so", "/usr/lib/x86_64-linux-gnu/gconv/MIK.so", "/usr/lib/x86_64-linux-gnu/gconv/NATS-DANO.so", "/usr/lib/x86_64-linux-gnu/gconv/NATS-SEFI.so", "/usr/lib/x86_64-linux-gnu/gconv/PT154.so", "/usr/lib/x86_64-linux-gnu/gconv/RK1048.so", "/usr/lib/x86_64-linux-gnu/gconv/SAMI-WS2.so", "/usr/lib/x86_64-linux-gnu/gconv/SHIFT_JISX0213.so", "/usr/lib/x86_64-linux-gnu/gconv/SJIS.so", "/usr/lib/x86_64-linux-gnu/gconv/T.61.so", "/usr/lib/x86_64-linux-gnu/gconv/TCVN5712-1.so", "/usr/lib/x86_64-linux-gnu/gconv/TIS-620.so", "/usr/lib/x86_64-linux-gnu/gconv/TSCII.so", "/usr/lib/x86_64-linux-gnu/gconv/UHC.so", "/usr/lib/x86_64-linux-gnu/gconv/UNICODE.so", "/usr/lib/x86_64-linux-gnu/gconv/UTF-16.so", "/usr/lib/x86_64-linux-gnu/gconv/UTF-32.so", "/usr/lib/x86_64-linux-gnu/gconv/UTF-7.so", "/usr/lib/x86_64-linux-gnu/gconv/VISCII.so", "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules", "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache", "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.d/gconv-modules-extra.conf", "/usr/lib/x86_64-linux-gnu/gconv/libCNS.so", "/usr/lib/x86_64-linux-gnu/gconv/libGB.so", "/usr/lib/x86_64-linux-gnu/gconv/libISOIR165.so", "/usr/lib/x86_64-linux-gnu/gconv/libJIS.so", "/usr/lib/x86_64-linux-gnu/gconv/libJISX0213.so", "/usr/lib/x86_64-linux-gnu/gconv/libKSC.so", "/usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2", "/usr/lib/x86_64-linux-gnu/libBrokenLocale.so.1", "/usr/lib/x86_64-linux-gnu/libanl.so.1", "/usr/lib/x86_64-linux-gnu/libc.so.6", "/usr/lib/x86_64-linux-gnu/libc_malloc_debug.so.0", "/usr/lib/x86_64-linux-gnu/libdl.so.2", "/usr/lib/x86_64-linux-gnu/libm.so.6", "/usr/lib/x86_64-linux-gnu/libmemusage.so", "/usr/lib/x86_64-linux-gnu/libmvec.so.1", "/usr/lib/x86_64-linux-gnu/libnsl.so.1", "/usr/lib/x86_64-linux-gnu/libnss_compat.so.2", "/usr/lib/x86_64-linux-gnu/libnss_dns.so.2", "/usr/lib/x86_64-linux-gnu/libnss_files.so.2", "/usr/lib/x86_64-linux-gnu/libnss_hesiod.so.2", "/usr/lib/x86_64-linux-gnu/libpcprofile.so", "/usr/lib/x86_64-linux-gnu/libpthread.so.0", "/usr/lib/x86_64-linux-gnu/libresolv.so.2", "/usr/lib/x86_64-linux-gnu/librt.so.1", "/usr/lib/x86_64-linux-gnu/libthread_db.so.1", "/usr/lib/x86_64-linux-gnu/libutil.so.1", "/usr/share/doc/libc6/NEWS.Debian.gz", "/usr/share/doc/libc6/NEWS.gz", "/usr/share/doc/libc6/README.Debian.gz", "/usr/share/doc/libc6/README.hesiod.gz", "/usr/share/doc/libc6/changelog.Debian.gz", "/usr/share/doc/libc6/changelog.gz", "/usr/share/doc/libc6/copyright", "/usr/share/lintian/overrides/libc6" ], "AnalyzedBy": "dpkg" }, { "ID": "libcap-ng0@0.8.5-4+b1", "Name": "libcap-ng0", "Identifier": { "PURL": "pkg:deb/debian/libcap-ng0@0.8.5-4%2Bb1?arch=amd64\u0026distro=debian-13.5", "UID": "9b7c2d5667513e48" }, "Version": "0.8.5", "Release": "4+b1", "Arch": "amd64", "SrcName": "libcap-ng", "SrcVersion": "0.8.5", "SrcRelease": "4", "Licenses": [ "LGPL-2.1-or-later", "GPL-2.0-or-later", "GPL-3.0-only", "LGPL-2.1-only", "GPL-2.0-only" ], "Maintainer": "Håvard F. Aasen \u003chavard.f.aasen@pfft.no\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libcap-ng.so.0.0.0", "/usr/lib/x86_64-linux-gnu/libdrop_ambient.so.0.0.0", "/usr/share/doc/libcap-ng0/changelog.Debian.amd64.gz", "/usr/share/doc/libcap-ng0/changelog.Debian.gz", "/usr/share/doc/libcap-ng0/changelog.gz", "/usr/share/doc/libcap-ng0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libcap2@1:2.75-10+deb13u1+b1", "Name": "libcap2", "Identifier": { "PURL": "pkg:deb/debian/libcap2@2.75-10%2Bdeb13u1%2Bb1?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "7cefa0399e4d88d4" }, "Version": "2.75", "Release": "10+deb13u1+b1", "Epoch": 1, "Arch": "amd64", "SrcName": "libcap2", "SrcVersion": "2.75", "SrcRelease": "10+deb13u1", "SrcEpoch": 1, "Licenses": [ "BSD-3-Clause", "GPL-2.0-only", "GPL-2.0-or-later" ], "Maintainer": "Christian Kastner \u003cckk@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libcap.so.2.75", "/usr/lib/x86_64-linux-gnu/libpsx.so.2.75", "/usr/share/doc/libcap2/changelog.Debian.amd64.gz", "/usr/share/doc/libcap2/changelog.Debian.gz", "/usr/share/doc/libcap2/changelog.gz", "/usr/share/doc/libcap2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libcrypt1@1:4.4.38-1", "Name": "libcrypt1", "Identifier": { "PURL": "pkg:deb/debian/libcrypt1@4.4.38-1?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "afe984ba824f92ac" }, "Version": "4.4.38", "Release": "1", "Epoch": 1, "Arch": "amd64", "SrcName": "libxcrypt", "SrcVersion": "4.4.38", "SrcRelease": "1", "SrcEpoch": 1, "Maintainer": "Marco d'Itri \u003cmd@linux.it\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libcrypt.so.1.1.0", "/usr/share/doc/libcrypt1/changelog.Debian.gz", "/usr/share/doc/libcrypt1/changelog.gz", "/usr/share/doc/libcrypt1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libdb5.3t64@5.3.28+dfsg2-9", "Name": "libdb5.3t64", "Identifier": { "PURL": "pkg:deb/debian/libdb5.3t64@5.3.28%2Bdfsg2-9?arch=amd64\u0026distro=debian-13.5", "UID": "2f5f1c2fd77295dc" }, "Version": "5.3.28+dfsg2", "Release": "9", "Arch": "amd64", "SrcName": "db5.3", "SrcVersion": "5.3.28+dfsg2", "SrcRelease": "9", "Licenses": [ "Sleepycat", "BSD-3-Clause", "MS-PL", "GPL-2.0-or-later", "Artistic-2.0", "X11", "MIT-old", "TCL-like", "BSD-3-clause-fjord", "GPL-3.0-only", "Zlib" ], "Maintainer": "Debian QA Group \u003cpackages@qa.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libdb-5.3.so", "/usr/share/doc/libdb5.3t64/build_signature_amd64.txt", "/usr/share/doc/libdb5.3t64/changelog.Debian.gz", "/usr/share/doc/libdb5.3t64/copyright", "/usr/share/lintian/overrides/libdb5.3t64" ], "AnalyzedBy": "dpkg" }, { "ID": "libdebconfclient0@0.280", "Name": "libdebconfclient0", "Identifier": { "PURL": "pkg:deb/debian/libdebconfclient0@0.280?arch=amd64\u0026distro=debian-13.5", "UID": "fcad452fa456130" }, "Version": "0.280", "Arch": "amd64", "SrcName": "cdebconf", "SrcVersion": "0.280", "Licenses": [ "BSD-2-Clause", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Debian Install System Team \u003cdebian-boot@lists.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libdebconfclient.so.0.0.0", "/usr/share/doc/libdebconfclient0/changelog.gz", "/usr/share/doc/libdebconfclient0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libffi8@3.4.8-2", "Name": "libffi8", "Identifier": { "PURL": "pkg:deb/debian/libffi8@3.4.8-2?arch=amd64\u0026distro=debian-13.5", "UID": "e57a61a9119138e1" }, "Version": "3.4.8", "Release": "2", "Arch": "amd64", "SrcName": "libffi", "SrcVersion": "3.4.8", "SrcRelease": "2", "Licenses": [ "MIT", "X11", "GPL-2.0-or-later", "GPL-3.0-or-later", "MPL-1.1", "LGPL-2.1-or-later", "public-domain" ], "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libffi.so.8.1.4", "/usr/share/doc/libffi8/changelog.Debian.gz", "/usr/share/doc/libffi8/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libgcc-s1@14.2.0-19", "Name": "libgcc-s1", "Identifier": { "PURL": "pkg:deb/debian/libgcc-s1@14.2.0-19?arch=amd64\u0026distro=debian-13.5", "UID": "6ebf985ba3bd76f3" }, "Version": "14.2.0", "Release": "19", "Arch": "amd64", "SrcName": "gcc-14", "SrcVersion": "14.2.0", "SrcRelease": "19", "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "gcc-14-base@14.2.0-19", "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libgcc_s.so.1", "/usr/share/lintian/overrides/libgcc-s1" ], "AnalyzedBy": "dpkg" }, { "ID": "libgdbm6t64@1.24-2", "Name": "libgdbm6t64", "Identifier": { "PURL": "pkg:deb/debian/libgdbm6t64@1.24-2?arch=amd64\u0026distro=debian-13.5", "UID": "a978781f1be6197e" }, "Version": "1.24", "Release": "2", "Arch": "amd64", "SrcName": "gdbm", "SrcVersion": "1.24", "SrcRelease": "2", "Licenses": [ "GPL-3.0-or-later", "GPL-2.0-or-later", "GFDL-1.3-no-invariants-or-later", "GPL-3.0-only", "GPL-2.0-only" ], "Maintainer": "Nicolas Mora \u003cbabelouest@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libgdbm.so.6.0.0", "/usr/share/doc/libgdbm6t64/changelog.Debian.gz", "/usr/share/doc/libgdbm6t64/changelog.gz", "/usr/share/doc/libgdbm6t64/copyright", "/usr/share/lintian/overrides/libgdbm6t64" ], "AnalyzedBy": "dpkg" }, { "ID": "libgmp10@2:6.3.0+dfsg-3", "Name": "libgmp10", "Identifier": { "PURL": "pkg:deb/debian/libgmp10@6.3.0%2Bdfsg-3?arch=amd64\u0026distro=debian-13.5\u0026epoch=2", "UID": "fec85c1b440262e2" }, "Version": "6.3.0+dfsg", "Release": "3", "Epoch": 2, "Arch": "amd64", "SrcName": "gmp", "SrcVersion": "6.3.0+dfsg", "SrcRelease": "3", "SrcEpoch": 2, "Licenses": [ "GPL-2.0-or-later", "LGPL-3.0-or-later", "GPL-3.0-or-later", "GPL-3+ with Bison exception", "GPL-2.0-only", "GPL-3.0-only", "LGPL-3.0-only" ], "Maintainer": "Debian Science Maintainers \u003cdebian-science-maintainers@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libgmp.so.10.5.0", "/usr/share/doc/libgmp10/README.Debian", "/usr/share/doc/libgmp10/changelog.Debian.gz", "/usr/share/doc/libgmp10/changelog.gz", "/usr/share/doc/libgmp10/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libhogweed6t64@3.10.1-1", "Name": "libhogweed6t64", "Identifier": { "PURL": "pkg:deb/debian/libhogweed6t64@3.10.1-1?arch=amd64\u0026distro=debian-13.5", "UID": "8a048285d77ff6c0" }, "Version": "3.10.1", "Release": "1", "Arch": "amd64", "SrcName": "nettle", "SrcVersion": "3.10.1", "SrcRelease": "1", "Licenses": [ "LGPL-3.0-or-later", "GPL-2.0-or-later", "LGPL-2.0-or-later", "LGPL-2.0-only", "MIT", "GPL-3.0-with-autoconf-exception+", "public-domain", "GPL-2.0-only", "GAP" ], "Maintainer": "Magnus Holmgren \u003cholmgren@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libgmp10@2:6.3.0+dfsg-3", "libnettle8t64@3.10.1-1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libhogweed.so.6.10", "/usr/share/doc/libhogweed6t64/changelog.Debian.gz", "/usr/share/doc/libhogweed6t64/changelog.gz", "/usr/share/doc/libhogweed6t64/copyright", "/usr/share/lintian/overrides/libhogweed6t64" ], "AnalyzedBy": "dpkg" }, { "ID": "liblastlog2-2@2.41-5", "Name": "liblastlog2-2", "Identifier": { "PURL": "pkg:deb/debian/liblastlog2-2@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "eb4f5430aea34a10" }, "Version": "2.41", "Release": "5", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libsqlite3-0@3.46.1-7+deb13u1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/liblastlog2.so.2.0.0", "/usr/share/doc/liblastlog2-2/NEWS.Debian.gz", "/usr/share/doc/liblastlog2-2/changelog.Debian.gz", "/usr/share/doc/liblastlog2-2/changelog.gz", "/usr/share/doc/liblastlog2-2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "liblz4-1@1.10.0-4", "Name": "liblz4-1", "Identifier": { "PURL": "pkg:deb/debian/liblz4-1@1.10.0-4?arch=amd64\u0026distro=debian-13.5", "UID": "c31b43410c927de" }, "Version": "1.10.0", "Release": "4", "Arch": "amd64", "SrcName": "lz4", "SrcVersion": "1.10.0", "SrcRelease": "4", "Licenses": [ "GPL-2.0-or-later", "BSD-2-Clause", "GPL-2.0-only" ], "Maintainer": "Nobuhiro Iwamatsu \u003ciwamatsu@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libxxhash0@0.8.3-2" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/liblz4.so.1.10.0", "/usr/share/doc/liblz4-1/changelog.Debian.gz", "/usr/share/doc/liblz4-1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "liblzma5@5.8.1-1", "Name": "liblzma5", "Identifier": { "PURL": "pkg:deb/debian/liblzma5@5.8.1-1?arch=amd64\u0026distro=debian-13.5", "UID": "d7b58e04f1a265ed" }, "Version": "5.8.1", "Release": "1", "Arch": "amd64", "SrcName": "xz-utils", "SrcVersion": "5.8.1", "SrcRelease": "1", "Licenses": [ "0BSD", "GPL-2.0-or-later", "LGPL-2.1-or-later", "FSFULLR", "GPL-3.0-or-later-WITH-Autoconf-exception-macro", "none", "PD", "permissive-nowarranty", "FSFUL", "noderivs", "PD-debian", "LGPL-2.1-only", "GPL-2.0-only", "GPL-3.0-only" ], "Maintainer": "Sebastian Andrzej Siewior \u003csebastian@breakpoint.cc\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/liblzma.so.5.8.1", "/usr/share/doc/liblzma5/AUTHORS", "/usr/share/doc/liblzma5/NEWS.gz", "/usr/share/doc/liblzma5/THANKS.gz", "/usr/share/doc/liblzma5/changelog.Debian.gz", "/usr/share/doc/liblzma5/changelog.gz", "/usr/share/doc/liblzma5/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libmd0@1.1.0-2+b1", "Name": "libmd0", "Identifier": { "PURL": "pkg:deb/debian/libmd0@1.1.0-2%2Bb1?arch=amd64\u0026distro=debian-13.5", "UID": "f3971c5b48c68b3c" }, "Version": "1.1.0", "Release": "2+b1", "Arch": "amd64", "SrcName": "libmd", "SrcVersion": "1.1.0", "SrcRelease": "2", "Licenses": [ "BSD-3-Clause", "BSD-3-clause-Aaron-D-Gifford", "BSD-2-Clause", "BSD-2-Clause-NetBSD", "ISC", "Beerware", "public-domain-md4", "public-domain-md5", "public-domain-sha1" ], "Maintainer": "Guillem Jover \u003cguillem@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libmd.so.0.1.0", "/usr/share/doc/libmd0/changelog.Debian.amd64.gz", "/usr/share/doc/libmd0/changelog.Debian.gz", "/usr/share/doc/libmd0/changelog.gz", "/usr/share/doc/libmd0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libmount1@2.41-5", "Name": "libmount1", "Identifier": { "PURL": "pkg:deb/debian/libmount1@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "84ccd0371833b76" }, "Version": "2.41", "Release": "5", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libblkid1@2.41-5", "libc6@2.41-12+deb13u3", "libselinux1@3.8.1-1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libmount.so.1.1.0", "/usr/share/doc/libmount1/NEWS.Debian.gz", "/usr/share/doc/libmount1/changelog.Debian.gz", "/usr/share/doc/libmount1/changelog.gz", "/usr/share/doc/libmount1/copyright", "/usr/share/lintian/overrides/libmount1" ], "AnalyzedBy": "dpkg" }, { "ID": "libncursesw6@6.5+20250216-2", "Name": "libncursesw6", "Identifier": { "PURL": "pkg:deb/debian/libncursesw6@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.5", "UID": "5efa2a2068c240d8" }, "Version": "6.5+20250216", "Release": "2", "Arch": "amd64", "SrcName": "ncurses", "SrcVersion": "6.5+20250216", "SrcRelease": "2", "Maintainer": "Ncurses Maintainers \u003cncurses@packages.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libtinfo6@6.5+20250216-2" ], "Layer": { "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libformw.so.6.5", "/usr/lib/x86_64-linux-gnu/libmenuw.so.6.5", "/usr/lib/x86_64-linux-gnu/libncursesw.so.6.5", "/usr/lib/x86_64-linux-gnu/libpanelw.so.6.5" ], "AnalyzedBy": "dpkg" }, { "ID": "libnettle8t64@3.10.1-1", "Name": "libnettle8t64", "Identifier": { "PURL": "pkg:deb/debian/libnettle8t64@3.10.1-1?arch=amd64\u0026distro=debian-13.5", "UID": "fd78e15d23b25c1f" }, "Version": "3.10.1", "Release": "1", "Arch": "amd64", "SrcName": "nettle", "SrcVersion": "3.10.1", "SrcRelease": "1", "Licenses": [ "LGPL-3.0-or-later", "GPL-2.0-or-later", "LGPL-2.0-or-later", "LGPL-2.0-only", "MIT", "GPL-3.0-with-autoconf-exception+", "public-domain", "GPL-2.0-only", "GAP" ], "Maintainer": "Magnus Holmgren \u003cholmgren@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libnettle.so.8.10", "/usr/share/doc/libnettle8t64/NEWS.gz", "/usr/share/doc/libnettle8t64/README", "/usr/share/doc/libnettle8t64/changelog.Debian.gz", "/usr/share/doc/libnettle8t64/changelog.gz", "/usr/share/doc/libnettle8t64/copyright", "/usr/share/lintian/overrides/libnettle8t64" ], "AnalyzedBy": "dpkg" }, { "ID": "libpam-modules@1.7.0-5", "Name": "libpam-modules", "Identifier": { "PURL": "pkg:deb/debian/libpam-modules@1.7.0-5?arch=amd64\u0026distro=debian-13.5", "UID": "274a704398461ef0" }, "Version": "1.7.0", "Release": "5", "Arch": "amd64", "SrcName": "pam", "SrcVersion": "1.7.0", "SrcRelease": "5", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later", "GPL-1.0-only", "GPL-2.0-only", "GPL-3.0-only", "GPL-3+ with Bison exception", "BSD-tcp_wrappers", "LGPL-2.0-or-later", "LGPL-2.0-only", "public-domain", "Beerware" ], "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/security/pam_access.so", "/usr/lib/x86_64-linux-gnu/security/pam_canonicalize_user.so", "/usr/lib/x86_64-linux-gnu/security/pam_debug.so", "/usr/lib/x86_64-linux-gnu/security/pam_deny.so", "/usr/lib/x86_64-linux-gnu/security/pam_echo.so", "/usr/lib/x86_64-linux-gnu/security/pam_env.so", "/usr/lib/x86_64-linux-gnu/security/pam_exec.so", "/usr/lib/x86_64-linux-gnu/security/pam_faildelay.so", "/usr/lib/x86_64-linux-gnu/security/pam_faillock.so", "/usr/lib/x86_64-linux-gnu/security/pam_filter.so", "/usr/lib/x86_64-linux-gnu/security/pam_ftp.so", "/usr/lib/x86_64-linux-gnu/security/pam_group.so", "/usr/lib/x86_64-linux-gnu/security/pam_issue.so", "/usr/lib/x86_64-linux-gnu/security/pam_keyinit.so", "/usr/lib/x86_64-linux-gnu/security/pam_limits.so", "/usr/lib/x86_64-linux-gnu/security/pam_listfile.so", "/usr/lib/x86_64-linux-gnu/security/pam_localuser.so", "/usr/lib/x86_64-linux-gnu/security/pam_loginuid.so", "/usr/lib/x86_64-linux-gnu/security/pam_mail.so", "/usr/lib/x86_64-linux-gnu/security/pam_mkhomedir.so", "/usr/lib/x86_64-linux-gnu/security/pam_motd.so", "/usr/lib/x86_64-linux-gnu/security/pam_namespace.so", "/usr/lib/x86_64-linux-gnu/security/pam_nologin.so", "/usr/lib/x86_64-linux-gnu/security/pam_permit.so", "/usr/lib/x86_64-linux-gnu/security/pam_pwhistory.so", "/usr/lib/x86_64-linux-gnu/security/pam_rhosts.so", "/usr/lib/x86_64-linux-gnu/security/pam_rootok.so", "/usr/lib/x86_64-linux-gnu/security/pam_securetty.so", "/usr/lib/x86_64-linux-gnu/security/pam_selinux.so", "/usr/lib/x86_64-linux-gnu/security/pam_sepermit.so", "/usr/lib/x86_64-linux-gnu/security/pam_setquota.so", "/usr/lib/x86_64-linux-gnu/security/pam_shells.so", "/usr/lib/x86_64-linux-gnu/security/pam_stress.so", "/usr/lib/x86_64-linux-gnu/security/pam_succeed_if.so", "/usr/lib/x86_64-linux-gnu/security/pam_time.so", "/usr/lib/x86_64-linux-gnu/security/pam_timestamp.so", "/usr/lib/x86_64-linux-gnu/security/pam_tty_audit.so", "/usr/lib/x86_64-linux-gnu/security/pam_umask.so", "/usr/lib/x86_64-linux-gnu/security/pam_unix.so", "/usr/lib/x86_64-linux-gnu/security/pam_userdb.so", "/usr/lib/x86_64-linux-gnu/security/pam_usertype.so", "/usr/lib/x86_64-linux-gnu/security/pam_warn.so", "/usr/lib/x86_64-linux-gnu/security/pam_wheel.so", "/usr/lib/x86_64-linux-gnu/security/pam_xauth.so", "/usr/share/doc/libpam-modules/NEWS.Debian.gz", "/usr/share/doc/libpam-modules/changelog.Debian.gz", "/usr/share/doc/libpam-modules/changelog.gz", "/usr/share/doc/libpam-modules/copyright", "/usr/share/doc/libpam-modules/examples/upperLOWER.c", "/usr/share/lintian/overrides/libpam-modules", "/usr/share/pam-configs/mkhomedir" ], "AnalyzedBy": "dpkg" }, { "ID": "libpam-modules-bin@1.7.0-5", "Name": "libpam-modules-bin", "Identifier": { "PURL": "pkg:deb/debian/libpam-modules-bin@1.7.0-5?arch=amd64\u0026distro=debian-13.5", "UID": "c9cbae9084b28bae" }, "Version": "1.7.0", "Release": "5", "Arch": "amd64", "SrcName": "pam", "SrcVersion": "1.7.0", "SrcRelease": "5", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later", "GPL-1.0-only", "GPL-2.0-only", "GPL-3.0-only", "GPL-3+ with Bison exception", "BSD-tcp_wrappers", "LGPL-2.0-or-later", "LGPL-2.0-only", "public-domain", "Beerware" ], "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libaudit1@1:4.0.2-2+b2", "libc6@2.41-12+deb13u3", "libcrypt1@1:4.4.38-1", "libpam0g@1.7.0-5", "libselinux1@3.8.1-1", "libsystemd0@257.13-1~deb13u1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/systemd/system/pam_namespace.service", "/usr/sbin/faillock", "/usr/sbin/mkhomedir_helper", "/usr/sbin/pam_namespace_helper", "/usr/sbin/pam_timestamp_check", "/usr/sbin/pwhistory_helper", "/usr/sbin/unix_chkpwd", "/usr/sbin/unix_update", "/usr/share/doc/libpam-modules-bin/changelog.Debian.gz", "/usr/share/doc/libpam-modules-bin/changelog.gz", "/usr/share/doc/libpam-modules-bin/copyright", "/usr/share/lintian/overrides/libpam-modules-bin" ], "AnalyzedBy": "dpkg" }, { "ID": "libpam-runtime@1.7.0-5", "Name": "libpam-runtime", "Identifier": { "PURL": "pkg:deb/debian/libpam-runtime@1.7.0-5?arch=all\u0026distro=debian-13.5", "UID": "1d4f3eaf1c0f9548" }, "Version": "1.7.0", "Release": "5", "Arch": "all", "SrcName": "pam", "SrcVersion": "1.7.0", "SrcRelease": "5", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later", "GPL-1.0-only", "GPL-2.0-only", "GPL-3.0-only", "GPL-3+ with Bison exception", "BSD-tcp_wrappers", "LGPL-2.0-or-later", "LGPL-2.0-only", "public-domain", "Beerware" ], "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debconf@1.5.91", "libpam-modules@1.7.0-5" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/sbin/pam-auth-update", "/usr/sbin/pam_getenv", "/usr/share/doc/libpam-runtime/changelog.Debian.gz", "/usr/share/doc/libpam-runtime/changelog.gz", "/usr/share/doc/libpam-runtime/copyright", "/usr/share/lintian/overrides/libpam-runtime", "/usr/share/locale/af/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/am/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ar/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/as/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/az/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/be/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/bg/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/bn/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/bn_IN/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/bs/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ca/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/cs/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/cy/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/da/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/de/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/de_CH/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/el/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/eo/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/es/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/et/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/eu/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/fa/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/fi/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/fr/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ga/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/gl/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/gu/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/he/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/hi/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/hr/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/hu/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ia/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/id/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/is/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/it/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ja/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ka/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/kk/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/km/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/kn/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ko/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/kw_GB/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ky/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/lt/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/lv/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/mk/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ml/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/mn/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/mr/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ms/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/my/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/nb/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ne/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/nl/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/nn/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/or/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/pa/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/pl/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/pt/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ro/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ru/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/si/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/sk/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/sl/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/sq/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/sr/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/sr@latin/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/sv/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ta/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/te/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/tg/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/th/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/tr/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/uk/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ur/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/vi/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/yo/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/zh_HK/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/zu/LC_MESSAGES/Linux-PAM.mo", "/usr/share/man/man5/access.conf.5.gz", "/usr/share/man/man5/faillock.conf.5.gz", "/usr/share/man/man5/group.conf.5.gz", "/usr/share/man/man5/limits.conf.5.gz", "/usr/share/man/man5/namespace.conf.5.gz", "/usr/share/man/man5/pam.conf.5.gz", "/usr/share/man/man5/pam_env.conf.5.gz", "/usr/share/man/man5/pwhistory.conf.5.gz", "/usr/share/man/man5/sepermit.conf.5.gz", "/usr/share/man/man5/time.conf.5.gz", "/usr/share/man/man7/PAM.7.gz", "/usr/share/man/man8/faillock.8.gz", "/usr/share/man/man8/mkhomedir_helper.8.gz", "/usr/share/man/man8/pam-auth-update.8.gz", "/usr/share/man/man8/pam_access.8.gz", "/usr/share/man/man8/pam_canonicalize_user.8.gz", "/usr/share/man/man8/pam_debug.8.gz", "/usr/share/man/man8/pam_deny.8.gz", "/usr/share/man/man8/pam_echo.8.gz", "/usr/share/man/man8/pam_env.8.gz", "/usr/share/man/man8/pam_exec.8.gz", "/usr/share/man/man8/pam_faildelay.8.gz", "/usr/share/man/man8/pam_faillock.8.gz", "/usr/share/man/man8/pam_filter.8.gz", "/usr/share/man/man8/pam_ftp.8.gz", "/usr/share/man/man8/pam_getenv.8.gz", "/usr/share/man/man8/pam_group.8.gz", "/usr/share/man/man8/pam_issue.8.gz", "/usr/share/man/man8/pam_keyinit.8.gz", "/usr/share/man/man8/pam_limits.8.gz", "/usr/share/man/man8/pam_listfile.8.gz", "/usr/share/man/man8/pam_localuser.8.gz", "/usr/share/man/man8/pam_loginuid.8.gz", "/usr/share/man/man8/pam_mail.8.gz", "/usr/share/man/man8/pam_mkhomedir.8.gz", "/usr/share/man/man8/pam_motd.8.gz", "/usr/share/man/man8/pam_namespace.8.gz", "/usr/share/man/man8/pam_namespace_helper.8.gz", "/usr/share/man/man8/pam_nologin.8.gz", "/usr/share/man/man8/pam_permit.8.gz", "/usr/share/man/man8/pam_pwhistory.8.gz", "/usr/share/man/man8/pam_rhosts.8.gz", "/usr/share/man/man8/pam_rootok.8.gz", "/usr/share/man/man8/pam_securetty.8.gz", "/usr/share/man/man8/pam_selinux.8.gz", "/usr/share/man/man8/pam_sepermit.8.gz", "/usr/share/man/man8/pam_setquota.8.gz", "/usr/share/man/man8/pam_shells.8.gz", "/usr/share/man/man8/pam_stress.8.gz", "/usr/share/man/man8/pam_succeed_if.8.gz", "/usr/share/man/man8/pam_time.8.gz", "/usr/share/man/man8/pam_timestamp.8.gz", "/usr/share/man/man8/pam_timestamp_check.8.gz", "/usr/share/man/man8/pam_tty_audit.8.gz", "/usr/share/man/man8/pam_umask.8.gz", "/usr/share/man/man8/pam_unix.8.gz", "/usr/share/man/man8/pam_userdb.8.gz", "/usr/share/man/man8/pam_usertype.8.gz", "/usr/share/man/man8/pam_warn.8.gz", "/usr/share/man/man8/pam_wheel.8.gz", "/usr/share/man/man8/pam_xauth.8.gz", "/usr/share/man/man8/pwhistory_helper.8.gz", "/usr/share/man/man8/unix_chkpwd.8.gz", "/usr/share/man/man8/unix_update.8.gz", "/usr/share/pam-configs/unix", "/usr/share/pam/common-account", "/usr/share/pam/common-account.md5sums", "/usr/share/pam/common-auth", "/usr/share/pam/common-auth.md5sums", "/usr/share/pam/common-password", "/usr/share/pam/common-password.md5sums", "/usr/share/pam/common-session", "/usr/share/pam/common-session-noninteractive", "/usr/share/pam/common-session-noninteractive.md5sums", "/usr/share/pam/common-session.md5sums" ], "AnalyzedBy": "dpkg" }, { "ID": "libpam0g@1.7.0-5", "Name": "libpam0g", "Identifier": { "PURL": "pkg:deb/debian/libpam0g@1.7.0-5?arch=amd64\u0026distro=debian-13.5", "UID": "50a3886f7361785c" }, "Version": "1.7.0", "Release": "5", "Arch": "amd64", "SrcName": "pam", "SrcVersion": "1.7.0", "SrcRelease": "5", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later", "GPL-1.0-only", "GPL-2.0-only", "GPL-3.0-only", "GPL-3+ with Bison exception", "BSD-tcp_wrappers", "LGPL-2.0-or-later", "LGPL-2.0-only", "public-domain", "Beerware" ], "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debconf@1.5.91", "libaudit1@1:4.0.2-2+b2", "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libpam.so.0.85.1", "/usr/lib/x86_64-linux-gnu/libpam_misc.so.0.82.1", "/usr/lib/x86_64-linux-gnu/libpamc.so.0.82.1", "/usr/share/doc/libpam0g/Debian-PAM-MiniPolicy.gz", "/usr/share/doc/libpam0g/README", "/usr/share/doc/libpam0g/README.Debian", "/usr/share/doc/libpam0g/TODO.Debian", "/usr/share/doc/libpam0g/changelog.Debian.gz", "/usr/share/doc/libpam0g/changelog.gz", "/usr/share/doc/libpam0g/copyright", "/usr/share/lintian/overrides/libpam0g" ], "AnalyzedBy": "dpkg" }, { "ID": "libpcre2-8-0@10.46-1~deb13u1", "Name": "libpcre2-8-0", "Identifier": { "PURL": "pkg:deb/debian/libpcre2-8-0@10.46-1~deb13u1?arch=amd64\u0026distro=debian-13.5", "UID": "aa7e3a6ab471d889" }, "Version": "10.46", "Release": "1~deb13u1", "Arch": "amd64", "SrcName": "pcre2", "SrcVersion": "10.46", "SrcRelease": "1~deb13u1", "Licenses": [ "BSD-3-clause-Cambridge with BINARY LIBRARY-LIKE PACKAGES exception", "BSD-3-Clause", "X11", "BSD-2-Clause", "public-domain" ], "Maintainer": "Matthew Vernon \u003cmatthew@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libpcre2-8.so.0.14.0", "/usr/share/doc/libpcre2-8-0/README.Debian", "/usr/share/doc/libpcre2-8-0/changelog.Debian.gz", "/usr/share/doc/libpcre2-8-0/changelog.gz", "/usr/share/doc/libpcre2-8-0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libreadline8t64@8.2-6", "Name": "libreadline8t64", "Identifier": { "PURL": "pkg:deb/debian/libreadline8t64@8.2-6?arch=amd64\u0026distro=debian-13.5", "UID": "a41a60a40a941961" }, "Version": "8.2", "Release": "6", "Arch": "amd64", "SrcName": "readline", "SrcVersion": "8.2", "SrcRelease": "6", "Licenses": [ "GPL-3.0-or-later", "GPL-3.0-only", "GPL-2.0-or-later", "GPL-2.0-only", "GFDL-1.3-no-invariants-or-later", "GFDL-1.3-or-later", "ISC-no-attribution" ], "Maintainer": "Matthias Klose \u003cdoko@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libtinfo6@6.5+20250216-2", "readline-common@8.2-6" ], "Layer": { "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libhistory.so.8.2", "/usr/lib/x86_64-linux-gnu/libreadline.so.8.2", "/usr/share/doc/libreadline8t64/README.Debian", "/usr/share/doc/libreadline8t64/USAGE", "/usr/share/doc/libreadline8t64/changelog.Debian.gz", "/usr/share/doc/libreadline8t64/changelog.gz", "/usr/share/doc/libreadline8t64/copyright", "/usr/share/doc/libreadline8t64/examples/Inputrc", "/usr/share/doc/libreadline8t64/inputrc.arrows" ], "AnalyzedBy": "dpkg" }, { "ID": "libseccomp2@2.6.0-2", "Name": "libseccomp2", "Identifier": { "PURL": "pkg:deb/debian/libseccomp2@2.6.0-2?arch=amd64\u0026distro=debian-13.5", "UID": "97e0ed663a98e78b" }, "Version": "2.6.0", "Release": "2", "Arch": "amd64", "SrcName": "libseccomp", "SrcVersion": "2.6.0", "SrcRelease": "2", "Licenses": [ "LGPL-2.1-only" ], "Maintainer": "Kees Cook \u003ckees@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libseccomp.so.2.6.0", "/usr/share/doc/libseccomp2/changelog.Debian.gz", "/usr/share/doc/libseccomp2/changelog.gz", "/usr/share/doc/libseccomp2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libselinux1@3.8.1-1", "Name": "libselinux1", "Identifier": { "PURL": "pkg:deb/debian/libselinux1@3.8.1-1?arch=amd64\u0026distro=debian-13.5", "UID": "f7d3a23ad693e5cb" }, "Version": "3.8.1", "Release": "1", "Arch": "amd64", "SrcName": "libselinux", "SrcVersion": "3.8.1", "SrcRelease": "1", "Licenses": [ "public-domain", "GPL-2.0-only" ], "Maintainer": "Debian SELinux maintainers \u003cselinux-devel@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libpcre2-8-0@10.46-1~deb13u1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/tmpfiles.d/libselinux1.conf", "/usr/lib/x86_64-linux-gnu/libselinux.so.1", "/usr/share/doc/libselinux1/changelog.Debian.gz", "/usr/share/doc/libselinux1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libsemanage-common@3.8.1-1", "Name": "libsemanage-common", "Identifier": { "PURL": "pkg:deb/debian/libsemanage-common@3.8.1-1?arch=all\u0026distro=debian-13.5", "UID": "ecc6b54d8bc6318c" }, "Version": "3.8.1", "Release": "1", "Arch": "all", "SrcName": "libsemanage", "SrcVersion": "3.8.1", "SrcRelease": "1", "Licenses": [ "LGPL-2.1-or-later", "LGPL-2.1-only", "GPL-2.0-only" ], "Maintainer": "Debian SELinux maintainers \u003cselinux-devel@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/share/doc/libsemanage-common/changelog.Debian.gz", "/usr/share/doc/libsemanage-common/copyright", "/usr/share/man/man5/semanage.conf.5.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "libsemanage2@3.8.1-1", "Name": "libsemanage2", "Identifier": { "PURL": "pkg:deb/debian/libsemanage2@3.8.1-1?arch=amd64\u0026distro=debian-13.5", "UID": "5684bd063761ddb3" }, "Version": "3.8.1", "Release": "1", "Arch": "amd64", "SrcName": "libsemanage", "SrcVersion": "3.8.1", "SrcRelease": "1", "Licenses": [ "LGPL-2.1-or-later", "LGPL-2.1-only", "GPL-2.0-only" ], "Maintainer": "Debian SELinux maintainers \u003cselinux-devel@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libaudit1@1:4.0.2-2+b2", "libbz2-1.0@1.0.8-6", "libc6@2.41-12+deb13u3", "libselinux1@3.8.1-1", "libsemanage-common@3.8.1-1", "libsepol2@3.8.1-1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libsemanage.so.2", "/usr/share/doc/libsemanage2/changelog.Debian.gz", "/usr/share/doc/libsemanage2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libsepol2@3.8.1-1", "Name": "libsepol2", "Identifier": { "PURL": "pkg:deb/debian/libsepol2@3.8.1-1?arch=amd64\u0026distro=debian-13.5", "UID": "9990a97d658e13ae" }, "Version": "3.8.1", "Release": "1", "Arch": "amd64", "SrcName": "libsepol", "SrcVersion": "3.8.1", "SrcRelease": "1", "Licenses": [ "LGPL-2.1-or-later", "LGPL-2.1-only", "Zlib", "GPL-2.0-only", "GPL-2.0-or-later" ], "Maintainer": "Debian SELinux maintainers \u003cselinux-devel@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libsepol.so.2", "/usr/share/doc/libsepol2/changelog.Debian.gz", "/usr/share/doc/libsepol2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libsmartcols1@2.41-5", "Name": "libsmartcols1", "Identifier": { "PURL": "pkg:deb/debian/libsmartcols1@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "780dbec0869ab8e" }, "Version": "2.41", "Release": "5", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libsmartcols.so.1.1.0", "/usr/share/doc/libsmartcols1/NEWS.Debian.gz", "/usr/share/doc/libsmartcols1/changelog.Debian.gz", "/usr/share/doc/libsmartcols1/changelog.gz", "/usr/share/doc/libsmartcols1/copyright", "/usr/share/lintian/overrides/libsmartcols1" ], "AnalyzedBy": "dpkg" }, { "ID": "libsqlite3-0@3.46.1-7+deb13u1", "Name": "libsqlite3-0", "Identifier": { "PURL": "pkg:deb/debian/libsqlite3-0@3.46.1-7%2Bdeb13u1?arch=amd64\u0026distro=debian-13.5", "UID": "c7da287e696e8198" }, "Version": "3.46.1", "Release": "7+deb13u1", "Arch": "amd64", "SrcName": "sqlite3", "SrcVersion": "3.46.1", "SrcRelease": "7+deb13u1", "Licenses": [ "public-domain", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Laszlo Boszormenyi (GCS) \u003cgcs@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libsqlite3.so.0.8.6", "/usr/share/doc/libsqlite3-0/README.Debian", "/usr/share/doc/libsqlite3-0/changelog.Debian.gz", "/usr/share/doc/libsqlite3-0/changelog.gz", "/usr/share/doc/libsqlite3-0/changelog.html.gz", "/usr/share/doc/libsqlite3-0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libssl3t64@3.5.6-1~deb13u1", "Name": "libssl3t64", "Identifier": { "PURL": "pkg:deb/debian/libssl3t64@3.5.6-1~deb13u1?arch=amd64\u0026distro=debian-13.5", "UID": "19bca5c02c5a9632" }, "Version": "3.5.6", "Release": "1~deb13u1", "Arch": "amd64", "SrcName": "openssl", "SrcVersion": "3.5.6", "SrcRelease": "1~deb13u1", "Licenses": [ "Apache-2.0", "Artistic-2.0", "GPL-1.0-or-later", "GPL-1.0-only" ], "Maintainer": "Debian OpenSSL Team \u003cpkg-openssl-devel@alioth-lists.debian.net\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libzstd1@1.5.7+dfsg-1", "openssl-provider-legacy@3.5.6-1~deb13u1", "zlib1g@1:1.3.dfsg+really1.3.1-1+b1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/engines-3/afalg.so", "/usr/lib/x86_64-linux-gnu/engines-3/loader_attic.so", "/usr/lib/x86_64-linux-gnu/engines-3/padlock.so", "/usr/lib/x86_64-linux-gnu/libcrypto.so.3", "/usr/lib/x86_64-linux-gnu/libssl.so.3", "/usr/share/doc/libssl3t64/NEWS.Debian.gz", "/usr/share/doc/libssl3t64/changelog.Debian.gz", "/usr/share/doc/libssl3t64/changelog.gz", "/usr/share/doc/libssl3t64/copyright", "/usr/share/lintian/overrides/libssl3t64" ], "AnalyzedBy": "dpkg" }, { "ID": "libstdc++6@14.2.0-19", "Name": "libstdc++6", "Identifier": { "PURL": "pkg:deb/debian/libstdc%2B%2B6@14.2.0-19?arch=amd64\u0026distro=debian-13.5", "UID": "1b384a6346513d7c" }, "Version": "14.2.0", "Release": "19", "Arch": "amd64", "SrcName": "gcc-14", "SrcVersion": "14.2.0", "SrcRelease": "19", "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "gcc-14-base@14.2.0-19", "libc6@2.41-12+deb13u3", "libgcc-s1@14.2.0-19" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.33", "/usr/share/gcc/python/libstdcxx/__init__.py", "/usr/share/gcc/python/libstdcxx/v6/__init__.py", "/usr/share/gcc/python/libstdcxx/v6/printers.py", "/usr/share/gcc/python/libstdcxx/v6/xmethods.py", "/usr/share/gdb/auto-load/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.33-gdb.py" ], "AnalyzedBy": "dpkg" }, { "ID": "libsystemd0@257.13-1~deb13u1", "Name": "libsystemd0", "Identifier": { "PURL": "pkg:deb/debian/libsystemd0@257.13-1~deb13u1?arch=amd64\u0026distro=debian-13.5", "UID": "a2b4ba47389f858e" }, "Version": "257.13", "Release": "1~deb13u1", "Arch": "amd64", "SrcName": "systemd", "SrcVersion": "257.13", "SrcRelease": "1~deb13u1", "Licenses": [ "LGPL-2.1-or-later", "CC0-1.0", "GPL-2 with Linux-syscall-note exception", "MIT", "public-domain", "GPL-2.0-or-later", "GPL-2.0-only", "LGPL-2.1-only" ], "Maintainer": "Debian systemd Maintainers \u003cpkg-systemd-maintainers@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libcap2@1:2.75-10+deb13u1+b1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "/usr/share/doc/libsystemd0/NEWS.Debian.gz", "/usr/share/doc/libsystemd0/changelog.Debian.gz", "/usr/share/doc/libsystemd0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libtinfo6@6.5+20250216-2", "Name": "libtinfo6", "Identifier": { "PURL": "pkg:deb/debian/libtinfo6@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.5", "UID": "ba2c2b464f07108a" }, "Version": "6.5+20250216", "Release": "2", "Arch": "amd64", "SrcName": "ncurses", "SrcVersion": "6.5+20250216", "SrcRelease": "2", "Licenses": [ "MIT/X11", "X11", "BSD-3-Clause" ], "Maintainer": "Ncurses Maintainers \u003cncurses@packages.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libtic.so.6.5", "/usr/lib/x86_64-linux-gnu/libtinfo.so.6.5", "/usr/share/doc/libtinfo6/changelog.Debian.gz", "/usr/share/doc/libtinfo6/changelog.gz", "/usr/share/doc/libtinfo6/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libudev1@257.13-1~deb13u1", "Name": "libudev1", "Identifier": { "PURL": "pkg:deb/debian/libudev1@257.13-1~deb13u1?arch=amd64\u0026distro=debian-13.5", "UID": "3b7a2f1a9ab169b" }, "Version": "257.13", "Release": "1~deb13u1", "Arch": "amd64", "SrcName": "systemd", "SrcVersion": "257.13", "SrcRelease": "1~deb13u1", "Licenses": [ "LGPL-2.1-or-later", "CC0-1.0", "GPL-2 with Linux-syscall-note exception", "MIT", "public-domain", "GPL-2.0-or-later", "GPL-2.0-only", "LGPL-2.1-only" ], "Maintainer": "Debian systemd Maintainers \u003cpkg-systemd-maintainers@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libcap2@1:2.75-10+deb13u1+b1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libudev.so.1.7.10", "/usr/share/doc/libudev1/NEWS.Debian.gz", "/usr/share/doc/libudev1/changelog.Debian.gz", "/usr/share/doc/libudev1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libuuid1@2.41-5", "Name": "libuuid1", "Identifier": { "PURL": "pkg:deb/debian/libuuid1@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "1afbb50818377478" }, "Version": "2.41", "Release": "5", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libuuid.so.1.3.0", "/usr/share/doc/libuuid1/NEWS.Debian.gz", "/usr/share/doc/libuuid1/changelog.Debian.gz", "/usr/share/doc/libuuid1/changelog.gz", "/usr/share/doc/libuuid1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libxxhash0@0.8.3-2", "Name": "libxxhash0", "Identifier": { "PURL": "pkg:deb/debian/libxxhash0@0.8.3-2?arch=amd64\u0026distro=debian-13.5", "UID": "d91110b5edcae2d8" }, "Version": "0.8.3", "Release": "2", "Arch": "amd64", "SrcName": "xxhash", "SrcVersion": "0.8.3", "SrcRelease": "2", "Licenses": [ "BSD-2-Clause", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Josue Ortega \u003cjosue@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libxxhash.so.0.8.3", "/usr/share/doc/libxxhash0/changelog.Debian.gz", "/usr/share/doc/libxxhash0/changelog.gz", "/usr/share/doc/libxxhash0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libzstd1@1.5.7+dfsg-1", "Name": "libzstd1", "Identifier": { "PURL": "pkg:deb/debian/libzstd1@1.5.7%2Bdfsg-1?arch=amd64\u0026distro=debian-13.5", "UID": "ca4814a2bfd07696" }, "Version": "1.5.7+dfsg", "Release": "1", "Arch": "amd64", "SrcName": "libzstd", "SrcVersion": "1.5.7+dfsg", "SrcRelease": "1", "Licenses": [ "BSD-3-Clause", "GPL-2.0-only", "Zlib", "MIT" ], "Maintainer": "RPM packaging team \u003cteam+pkg-rpm@tracker.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libzstd.so.1.5.7", "/usr/share/doc/libzstd1/changelog.Debian.gz", "/usr/share/doc/libzstd1/changelog.gz", "/usr/share/doc/libzstd1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "login@1:4.16.0-2+really2.41-5", "Name": "login", "Identifier": { "PURL": "pkg:deb/debian/login@4.16.0-2%2Breally2.41-5?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "c0ab0b857644733b" }, "Version": "4.16.0-2+really2.41", "Release": "5", "Epoch": 1, "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libaudit1@1:4.0.2-2+b2", "libc6@2.41-12+deb13u3", "libcrypt1@1:4.4.38-1", "libpam-modules@1.7.0-5", "libpam-runtime@1.7.0-5", "libpam0g@1.7.0-5" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/login", "/usr/bin/newgrp", "/usr/sbin/nologin", "/usr/share/bash-completion/completions/newgrp", "/usr/share/doc/login/NEWS.Debian.gz", "/usr/share/doc/login/changelog.Debian.gz", "/usr/share/doc/login/changelog.gz", "/usr/share/doc/login/copyright", "/usr/share/lintian/overrides/login", "/usr/share/man/de/man1/login.1.gz", "/usr/share/man/de/man8/nologin.8.gz", "/usr/share/man/fr/man1/login.1.gz", "/usr/share/man/man1/login.1.gz", "/usr/share/man/man1/newgrp.1.gz", "/usr/share/man/man8/nologin.8.gz", "/usr/share/man/pl/man1/login.1.gz", "/usr/share/man/pl/man1/newgrp.1.gz", "/usr/share/man/pl/man8/nologin.8.gz", "/usr/share/man/ro/man1/login.1.gz", "/usr/share/man/ro/man1/newgrp.1.gz", "/usr/share/man/ro/man8/nologin.8.gz", "/usr/share/man/sr/man1/login.1.gz", "/usr/share/man/sr/man8/nologin.8.gz", "/usr/share/man/uk/man1/login.1.gz", "/usr/share/man/uk/man1/newgrp.1.gz", "/usr/share/man/uk/man8/nologin.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "login.defs@1:4.17.4-2", "Name": "login.defs", "Identifier": { "PURL": "pkg:deb/debian/login.defs@4.17.4-2?arch=all\u0026distro=debian-13.5\u0026epoch=1", "UID": "b6a337588c67d5a3" }, "Version": "4.17.4", "Release": "2", "Epoch": 1, "Arch": "all", "SrcName": "shadow", "SrcVersion": "4.17.4", "SrcRelease": "2", "SrcEpoch": 1, "Licenses": [ "BSD-3-Clause", "GPL-1.0-only", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Shadow package maintainers \u003cpkg-shadow-devel@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/share/doc/login.defs/NEWS.Debian.gz", "/usr/share/doc/login.defs/changelog.Debian.gz", "/usr/share/doc/login.defs/changelog.gz", "/usr/share/doc/login.defs/copyright", "/usr/share/man/de/man5/login.defs.5.gz", "/usr/share/man/fr/man5/login.defs.5.gz", "/usr/share/man/it/man5/login.defs.5.gz", "/usr/share/man/ja/man5/login.defs.5.gz", "/usr/share/man/man5/login.defs.5.gz", "/usr/share/man/ru/man5/login.defs.5.gz", "/usr/share/man/uk/man5/login.defs.5.gz", "/usr/share/man/zh_CN/man5/login.defs.5.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "mawk@1.3.4.20250131-1", "Name": "mawk", "Identifier": { "PURL": "pkg:deb/debian/mawk@1.3.4.20250131-1?arch=amd64\u0026distro=debian-13.5", "UID": "a4460701c66e182d" }, "Version": "1.3.4.20250131", "Release": "1", "Arch": "amd64", "SrcName": "mawk", "SrcVersion": "1.3.4.20250131", "SrcRelease": "1", "Licenses": [ "GPL-2.0-only", "X11", "CC-BY-3.0" ], "Maintainer": "Boyuan Yang \u003cbyang@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/mawk", "/usr/share/doc/mawk/ACKNOWLEDGMENT", "/usr/share/doc/mawk/README", "/usr/share/doc/mawk/changelog.Debian.gz", "/usr/share/doc/mawk/changelog.gz", "/usr/share/doc/mawk/copyright", "/usr/share/doc/mawk/examples/ct_length.awk", "/usr/share/doc/mawk/examples/decl.awk", "/usr/share/doc/mawk/examples/deps.awk", "/usr/share/doc/mawk/examples/eatc.awk", "/usr/share/doc/mawk/examples/gdecl.awk", "/usr/share/doc/mawk/examples/hcal", "/usr/share/doc/mawk/examples/hical", "/usr/share/doc/mawk/examples/nocomment.awk", "/usr/share/doc/mawk/examples/primes.awk", "/usr/share/doc/mawk/examples/qsort.awk", "/usr/share/man/man1/mawk.1.gz", "/usr/share/man/man7/mawk-arrays.7.gz", "/usr/share/man/man7/mawk-code.7.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "mount@2.41-5", "Name": "mount", "Identifier": { "PURL": "pkg:deb/debian/mount@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "55c835c674d0a0e5" }, "Version": "2.41", "Release": "5", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/mount", "/usr/bin/umount", "/usr/sbin/losetup", "/usr/sbin/swapoff", "/usr/sbin/swapon", "/usr/share/bash-completion/completions/losetup", "/usr/share/bash-completion/completions/mount", "/usr/share/bash-completion/completions/swapoff", "/usr/share/bash-completion/completions/swapon", "/usr/share/bash-completion/completions/umount", "/usr/share/doc/mount/NEWS.Debian.gz", "/usr/share/doc/mount/changelog.Debian.gz", "/usr/share/doc/mount/changelog.gz", "/usr/share/doc/mount/copyright", "/usr/share/doc/mount/examples/filesystems", "/usr/share/doc/mount/examples/fstab", "/usr/share/doc/mount/examples/mount.fstab", "/usr/share/doc/mount/mount.txt", "/usr/share/lintian/overrides/mount", "/usr/share/man/man5/fstab.5.gz", "/usr/share/man/man8/losetup.8.gz", "/usr/share/man/man8/mount.8.gz", "/usr/share/man/man8/swapon.8.gz", "/usr/share/man/man8/umount.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "ncurses-base@6.5+20250216-2", "Name": "ncurses-base", "Identifier": { "PURL": "pkg:deb/debian/ncurses-base@6.5%2B20250216-2?arch=all\u0026distro=debian-13.5", "UID": "767a0231348a5cb5" }, "Version": "6.5+20250216", "Release": "2", "Arch": "all", "SrcName": "ncurses", "SrcVersion": "6.5+20250216", "SrcRelease": "2", "Licenses": [ "MIT/X11", "X11", "BSD-3-Clause" ], "Maintainer": "Ncurses Maintainers \u003cncurses@packages.debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/share/doc/ncurses-base/FAQ", "/usr/share/doc/ncurses-base/TODO.Debian", "/usr/share/doc/ncurses-base/changelog.Debian.gz", "/usr/share/doc/ncurses-base/changelog.gz", "/usr/share/doc/ncurses-base/copyright", "/usr/share/lintian/overrides/ncurses-base", "/usr/share/tabset/std", "/usr/share/tabset/stdcrt", "/usr/share/tabset/vt100", "/usr/share/tabset/vt300", "/usr/share/terminfo/E/Eterm", "/usr/share/terminfo/a/ansi", "/usr/share/terminfo/c/cons25", "/usr/share/terminfo/c/cygwin", "/usr/share/terminfo/d/dumb", "/usr/share/terminfo/h/hurd", "/usr/share/terminfo/l/linux", "/usr/share/terminfo/m/mach", "/usr/share/terminfo/m/mach-bold", "/usr/share/terminfo/m/mach-color", "/usr/share/terminfo/m/mach-gnu", "/usr/share/terminfo/m/mach-gnu-color", "/usr/share/terminfo/p/pcansi", "/usr/share/terminfo/r/rxvt", "/usr/share/terminfo/r/rxvt-basic", "/usr/share/terminfo/r/rxvt-unicode", "/usr/share/terminfo/r/rxvt-unicode-256color", "/usr/share/terminfo/s/screen", "/usr/share/terminfo/s/screen-256color", "/usr/share/terminfo/s/screen-256color-bce", "/usr/share/terminfo/s/screen-bce", "/usr/share/terminfo/s/screen-s", "/usr/share/terminfo/s/screen-w", "/usr/share/terminfo/s/screen.xterm-256color", "/usr/share/terminfo/s/sun", "/usr/share/terminfo/t/tmux", "/usr/share/terminfo/t/tmux-256color", "/usr/share/terminfo/v/vt100", "/usr/share/terminfo/v/vt102", "/usr/share/terminfo/v/vt220", "/usr/share/terminfo/v/vt52", "/usr/share/terminfo/w/wsvt25", "/usr/share/terminfo/w/wsvt25m", "/usr/share/terminfo/x/xterm", "/usr/share/terminfo/x/xterm-256color", "/usr/share/terminfo/x/xterm-color", "/usr/share/terminfo/x/xterm-mono", "/usr/share/terminfo/x/xterm-r5", "/usr/share/terminfo/x/xterm-r6", "/usr/share/terminfo/x/xterm-vt220", "/usr/share/terminfo/x/xterm-xfree86" ], "AnalyzedBy": "dpkg" }, { "ID": "ncurses-bin@6.5+20250216-2", "Name": "ncurses-bin", "Identifier": { "PURL": "pkg:deb/debian/ncurses-bin@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.5", "UID": "5b541563cf6587e5" }, "Version": "6.5+20250216", "Release": "2", "Arch": "amd64", "SrcName": "ncurses", "SrcVersion": "6.5+20250216", "SrcRelease": "2", "Licenses": [ "MIT/X11", "X11", "BSD-3-Clause" ], "Maintainer": "Ncurses Maintainers \u003cncurses@packages.debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/clear", "/usr/bin/infocmp", "/usr/bin/tabs", "/usr/bin/tic", "/usr/bin/toe", "/usr/bin/tput", "/usr/bin/tset", "/usr/share/doc/ncurses-bin/changelog.Debian.gz", "/usr/share/doc/ncurses-bin/changelog.gz", "/usr/share/doc/ncurses-bin/copyright", "/usr/share/man/man1/captoinfo.1.gz", "/usr/share/man/man1/clear.1.gz", "/usr/share/man/man1/infocmp.1.gz", "/usr/share/man/man1/infotocap.1.gz", "/usr/share/man/man1/tabs.1.gz", "/usr/share/man/man1/tic.1.gz", "/usr/share/man/man1/toe.1.gz", "/usr/share/man/man1/tput.1.gz", "/usr/share/man/man1/tset.1.gz", "/usr/share/man/man5/scr_dump.5.gz", "/usr/share/man/man5/term.5.gz", "/usr/share/man/man5/terminfo.5.gz", "/usr/share/man/man5/user_caps.5.gz", "/usr/share/man/man7/term.7.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "netbase@6.5", "Name": "netbase", "Identifier": { "PURL": "pkg:deb/debian/netbase@6.5?arch=all\u0026distro=debian-13.5", "UID": "9929ff265179fc61" }, "Version": "6.5", "Arch": "all", "SrcName": "netbase", "SrcVersion": "6.5", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Marco d'Itri \u003cmd@linux.it\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:8649771fee179d7c2590c94f533aaa5fceb70e36e25dec83672fe836d99577c5", "DiffID": "sha256:98df1ca0e575d9026c1abd12994fad3c14effa4558d50b6961fd586930956b26" }, "InstalledFiles": [ "/usr/share/doc/netbase/changelog.gz", "/usr/share/doc/netbase/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "openssl@3.5.6-1~deb13u1", "Name": "openssl", "Identifier": { "PURL": "pkg:deb/debian/openssl@3.5.6-1~deb13u1?arch=amd64\u0026distro=debian-13.5", "UID": "ee88be94d89898bf" }, "Version": "3.5.6", "Release": "1~deb13u1", "Arch": "amd64", "SrcName": "openssl", "SrcVersion": "3.5.6", "SrcRelease": "1~deb13u1", "Licenses": [ "Apache-2.0", "Artistic-2.0", "GPL-1.0-or-later", "GPL-1.0-only" ], "Maintainer": "Debian OpenSSL Team \u003cpkg-openssl-devel@alioth-lists.debian.net\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libssl3t64@3.5.6-1~deb13u1" ], "Layer": { "Digest": "sha256:8649771fee179d7c2590c94f533aaa5fceb70e36e25dec83672fe836d99577c5", "DiffID": "sha256:98df1ca0e575d9026c1abd12994fad3c14effa4558d50b6961fd586930956b26" }, "InstalledFiles": [ "/usr/bin/c_rehash", "/usr/bin/openssl", "/usr/lib/ssl/misc/CA.pl", "/usr/lib/ssl/misc/tsget.pl", "/usr/share/doc/openssl/HOWTO/certificates.txt.gz", "/usr/share/doc/openssl/HOWTO/documenting-functions-and-macros.md.gz", "/usr/share/doc/openssl/HOWTO/keys.txt.gz", "/usr/share/doc/openssl/NEWS.md.gz", "/usr/share/doc/openssl/README-ENGINES.md.gz", "/usr/share/doc/openssl/README-PROVIDERS.md.gz", "/usr/share/doc/openssl/README-QUIC.md.gz", "/usr/share/doc/openssl/README.Debian", "/usr/share/doc/openssl/README.md.gz", "/usr/share/doc/openssl/changelog.Debian.gz", "/usr/share/doc/openssl/changelog.gz", "/usr/share/doc/openssl/copyright", "/usr/share/doc/openssl/fingerprints.txt", "/usr/share/lintian/overrides/openssl", "/usr/share/man/man1/CA.pl.1ssl.gz", "/usr/share/man/man1/openssl-asn1parse.1ssl.gz", "/usr/share/man/man1/openssl-ca.1ssl.gz", "/usr/share/man/man1/openssl-ciphers.1ssl.gz", "/usr/share/man/man1/openssl-cmds.1ssl.gz", "/usr/share/man/man1/openssl-cmp.1ssl.gz", "/usr/share/man/man1/openssl-cms.1ssl.gz", "/usr/share/man/man1/openssl-crl.1ssl.gz", "/usr/share/man/man1/openssl-crl2pkcs7.1ssl.gz", "/usr/share/man/man1/openssl-dgst.1ssl.gz", "/usr/share/man/man1/openssl-dhparam.1ssl.gz", "/usr/share/man/man1/openssl-dsa.1ssl.gz", "/usr/share/man/man1/openssl-dsaparam.1ssl.gz", "/usr/share/man/man1/openssl-ec.1ssl.gz", "/usr/share/man/man1/openssl-ecparam.1ssl.gz", "/usr/share/man/man1/openssl-enc.1ssl.gz", "/usr/share/man/man1/openssl-engine.1ssl.gz", "/usr/share/man/man1/openssl-errstr.1ssl.gz", "/usr/share/man/man1/openssl-fipsinstall.1ssl.gz", "/usr/share/man/man1/openssl-format-options.1ssl.gz", "/usr/share/man/man1/openssl-gendsa.1ssl.gz", "/usr/share/man/man1/openssl-genpkey.1ssl.gz", "/usr/share/man/man1/openssl-genrsa.1ssl.gz", "/usr/share/man/man1/openssl-info.1ssl.gz", "/usr/share/man/man1/openssl-kdf.1ssl.gz", "/usr/share/man/man1/openssl-list.1ssl.gz", "/usr/share/man/man1/openssl-mac.1ssl.gz", "/usr/share/man/man1/openssl-namedisplay-options.1ssl.gz", "/usr/share/man/man1/openssl-nseq.1ssl.gz", "/usr/share/man/man1/openssl-ocsp.1ssl.gz", "/usr/share/man/man1/openssl-passphrase-options.1ssl.gz", "/usr/share/man/man1/openssl-passwd.1ssl.gz", "/usr/share/man/man1/openssl-pkcs12.1ssl.gz", "/usr/share/man/man1/openssl-pkcs7.1ssl.gz", "/usr/share/man/man1/openssl-pkcs8.1ssl.gz", "/usr/share/man/man1/openssl-pkey.1ssl.gz", "/usr/share/man/man1/openssl-pkeyparam.1ssl.gz", "/usr/share/man/man1/openssl-pkeyutl.1ssl.gz", "/usr/share/man/man1/openssl-prime.1ssl.gz", "/usr/share/man/man1/openssl-rand.1ssl.gz", "/usr/share/man/man1/openssl-rehash.1ssl.gz", "/usr/share/man/man1/openssl-req.1ssl.gz", "/usr/share/man/man1/openssl-rsa.1ssl.gz", "/usr/share/man/man1/openssl-rsautl.1ssl.gz", "/usr/share/man/man1/openssl-s_client.1ssl.gz", "/usr/share/man/man1/openssl-s_server.1ssl.gz", "/usr/share/man/man1/openssl-s_time.1ssl.gz", "/usr/share/man/man1/openssl-sess_id.1ssl.gz", "/usr/share/man/man1/openssl-skeyutl.1ssl.gz", "/usr/share/man/man1/openssl-smime.1ssl.gz", "/usr/share/man/man1/openssl-speed.1ssl.gz", "/usr/share/man/man1/openssl-spkac.1ssl.gz", "/usr/share/man/man1/openssl-srp.1ssl.gz", "/usr/share/man/man1/openssl-storeutl.1ssl.gz", "/usr/share/man/man1/openssl-ts.1ssl.gz", "/usr/share/man/man1/openssl-verification-options.1ssl.gz", "/usr/share/man/man1/openssl-verify.1ssl.gz", "/usr/share/man/man1/openssl-version.1ssl.gz", "/usr/share/man/man1/openssl-x509.1ssl.gz", "/usr/share/man/man1/openssl.1ssl.gz", "/usr/share/man/man1/tsget.1ssl.gz", "/usr/share/man/man5/config.5ssl.gz", "/usr/share/man/man5/fips_config.5ssl.gz", "/usr/share/man/man5/x509v3_config.5ssl.gz", "/usr/share/man/man7/EVP_ASYM_CIPHER-RSA.7ssl.gz", "/usr/share/man/man7/EVP_ASYM_CIPHER-SM2.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-AES.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-ARIA.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-BLOWFISH.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-CAMELLIA.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-CAST.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-CHACHA.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-DES.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-IDEA.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-NULL.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-RC2.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-RC4.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-RC5.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-SEED.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-SM4.7ssl.gz", "/usr/share/man/man7/EVP_KDF-ARGON2.7ssl.gz", "/usr/share/man/man7/EVP_KDF-HKDF.7ssl.gz", "/usr/share/man/man7/EVP_KDF-HMAC-DRBG.7ssl.gz", "/usr/share/man/man7/EVP_KDF-KB.7ssl.gz", "/usr/share/man/man7/EVP_KDF-KRB5KDF.7ssl.gz", "/usr/share/man/man7/EVP_KDF-PBKDF1.7ssl.gz", "/usr/share/man/man7/EVP_KDF-PBKDF2.7ssl.gz", "/usr/share/man/man7/EVP_KDF-PKCS12KDF.7ssl.gz", "/usr/share/man/man7/EVP_KDF-PVKKDF.7ssl.gz", "/usr/share/man/man7/EVP_KDF-SCRYPT.7ssl.gz", "/usr/share/man/man7/EVP_KDF-SS.7ssl.gz", "/usr/share/man/man7/EVP_KDF-SSHKDF.7ssl.gz", "/usr/share/man/man7/EVP_KDF-TLS13_KDF.7ssl.gz", "/usr/share/man/man7/EVP_KDF-TLS1_PRF.7ssl.gz", "/usr/share/man/man7/EVP_KDF-X942-ASN1.7ssl.gz", "/usr/share/man/man7/EVP_KDF-X942-CONCAT.7ssl.gz", "/usr/share/man/man7/EVP_KDF-X963.7ssl.gz", "/usr/share/man/man7/EVP_KEM-EC.7ssl.gz", "/usr/share/man/man7/EVP_KEM-ML-KEM.7ssl.gz", "/usr/share/man/man7/EVP_KEM-RSA.7ssl.gz", "/usr/share/man/man7/EVP_KEM-X25519.7ssl.gz", "/usr/share/man/man7/EVP_KEYEXCH-DH.7ssl.gz", "/usr/share/man/man7/EVP_KEYEXCH-ECDH.7ssl.gz", "/usr/share/man/man7/EVP_KEYEXCH-X25519.7ssl.gz", "/usr/share/man/man7/EVP_MAC-BLAKE2.7ssl.gz", "/usr/share/man/man7/EVP_MAC-CMAC.7ssl.gz", "/usr/share/man/man7/EVP_MAC-GMAC.7ssl.gz", "/usr/share/man/man7/EVP_MAC-HMAC.7ssl.gz", "/usr/share/man/man7/EVP_MAC-KMAC.7ssl.gz", "/usr/share/man/man7/EVP_MAC-Poly1305.7ssl.gz", "/usr/share/man/man7/EVP_MAC-Siphash.7ssl.gz", "/usr/share/man/man7/EVP_MD-BLAKE2.7ssl.gz", "/usr/share/man/man7/EVP_MD-KECCAK.7ssl.gz", "/usr/share/man/man7/EVP_MD-MD2.7ssl.gz", "/usr/share/man/man7/EVP_MD-MD4.7ssl.gz", "/usr/share/man/man7/EVP_MD-MD5-SHA1.7ssl.gz", "/usr/share/man/man7/EVP_MD-MD5.7ssl.gz", "/usr/share/man/man7/EVP_MD-MDC2.7ssl.gz", "/usr/share/man/man7/EVP_MD-NULL.7ssl.gz", "/usr/share/man/man7/EVP_MD-RIPEMD160.7ssl.gz", "/usr/share/man/man7/EVP_MD-SHA1.7ssl.gz", "/usr/share/man/man7/EVP_MD-SHA2.7ssl.gz", "/usr/share/man/man7/EVP_MD-SHA3.7ssl.gz", "/usr/share/man/man7/EVP_MD-SHAKE.7ssl.gz", "/usr/share/man/man7/EVP_MD-SM3.7ssl.gz", "/usr/share/man/man7/EVP_MD-WHIRLPOOL.7ssl.gz", "/usr/share/man/man7/EVP_MD-common.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-DH.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-DSA.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-EC.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-FFC.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-HMAC.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-ML-DSA.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-ML-KEM.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-RSA.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-SLH-DSA.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-SM2.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-X25519.7ssl.gz", "/usr/share/man/man7/EVP_RAND-CRNG-TEST.7ssl.gz", "/usr/share/man/man7/EVP_RAND-CTR-DRBG.7ssl.gz", "/usr/share/man/man7/EVP_RAND-HASH-DRBG.7ssl.gz", "/usr/share/man/man7/EVP_RAND-HMAC-DRBG.7ssl.gz", "/usr/share/man/man7/EVP_RAND-JITTER.7ssl.gz", "/usr/share/man/man7/EVP_RAND-SEED-SRC.7ssl.gz", "/usr/share/man/man7/EVP_RAND-TEST-RAND.7ssl.gz", "/usr/share/man/man7/EVP_RAND.7ssl.gz", "/usr/share/man/man7/EVP_SIGNATURE-DSA.7ssl.gz", "/usr/share/man/man7/EVP_SIGNATURE-ECDSA.7ssl.gz", "/usr/share/man/man7/EVP_SIGNATURE-ED25519.7ssl.gz", "/usr/share/man/man7/EVP_SIGNATURE-HMAC.7ssl.gz", "/usr/share/man/man7/EVP_SIGNATURE-ML-DSA.7ssl.gz", "/usr/share/man/man7/EVP_SIGNATURE-RSA.7ssl.gz", "/usr/share/man/man7/EVP_SIGNATURE-SLH-DSA.7ssl.gz", "/usr/share/man/man7/OSSL_PROVIDER-FIPS.7ssl.gz", "/usr/share/man/man7/OSSL_PROVIDER-base.7ssl.gz", "/usr/share/man/man7/OSSL_PROVIDER-default.7ssl.gz", "/usr/share/man/man7/OSSL_PROVIDER-legacy.7ssl.gz", "/usr/share/man/man7/OSSL_PROVIDER-null.7ssl.gz", "/usr/share/man/man7/OSSL_STORE-winstore.7ssl.gz", "/usr/share/man/man7/RAND.7ssl.gz", "/usr/share/man/man7/RSA-PSS.7ssl.gz", "/usr/share/man/man7/X25519.7ssl.gz", "/usr/share/man/man7/bio.7ssl.gz", "/usr/share/man/man7/ct.7ssl.gz", "/usr/share/man/man7/des_modes.7ssl.gz", "/usr/share/man/man7/evp.7ssl.gz", "/usr/share/man/man7/fips_module.7ssl.gz", "/usr/share/man/man7/life_cycle-cipher.7ssl.gz", "/usr/share/man/man7/life_cycle-digest.7ssl.gz", "/usr/share/man/man7/life_cycle-kdf.7ssl.gz", "/usr/share/man/man7/life_cycle-mac.7ssl.gz", "/usr/share/man/man7/life_cycle-pkey.7ssl.gz", "/usr/share/man/man7/life_cycle-rand.7ssl.gz", "/usr/share/man/man7/openssl-core.h.7ssl.gz", "/usr/share/man/man7/openssl-core_dispatch.h.7ssl.gz", "/usr/share/man/man7/openssl-core_names.h.7ssl.gz", "/usr/share/man/man7/openssl-env.7ssl.gz", "/usr/share/man/man7/openssl-glossary.7ssl.gz", "/usr/share/man/man7/openssl-qlog.7ssl.gz", "/usr/share/man/man7/openssl-quic-concurrency.7ssl.gz", "/usr/share/man/man7/openssl-quic.7ssl.gz", "/usr/share/man/man7/openssl-threads.7ssl.gz", "/usr/share/man/man7/openssl_user_macros.7ssl.gz", "/usr/share/man/man7/ossl-guide-introduction.7ssl.gz", "/usr/share/man/man7/ossl-guide-libcrypto-introduction.7ssl.gz", "/usr/share/man/man7/ossl-guide-libraries-introduction.7ssl.gz", "/usr/share/man/man7/ossl-guide-libssl-introduction.7ssl.gz", "/usr/share/man/man7/ossl-guide-migration.7ssl.gz", "/usr/share/man/man7/ossl-guide-quic-client-block.7ssl.gz", "/usr/share/man/man7/ossl-guide-quic-client-non-block.7ssl.gz", "/usr/share/man/man7/ossl-guide-quic-introduction.7ssl.gz", "/usr/share/man/man7/ossl-guide-quic-multi-stream.7ssl.gz", "/usr/share/man/man7/ossl-guide-quic-server-block.7ssl.gz", "/usr/share/man/man7/ossl-guide-quic-server-non-block.7ssl.gz", "/usr/share/man/man7/ossl-guide-tls-client-block.7ssl.gz", "/usr/share/man/man7/ossl-guide-tls-client-non-block.7ssl.gz", "/usr/share/man/man7/ossl-guide-tls-introduction.7ssl.gz", "/usr/share/man/man7/ossl-guide-tls-server-block.7ssl.gz", "/usr/share/man/man7/ossl_store-file.7ssl.gz", "/usr/share/man/man7/ossl_store.7ssl.gz", "/usr/share/man/man7/passphrase-encoding.7ssl.gz", "/usr/share/man/man7/property.7ssl.gz", "/usr/share/man/man7/provider-asym_cipher.7ssl.gz", "/usr/share/man/man7/provider-base.7ssl.gz", "/usr/share/man/man7/provider-cipher.7ssl.gz", "/usr/share/man/man7/provider-decoder.7ssl.gz", "/usr/share/man/man7/provider-digest.7ssl.gz", "/usr/share/man/man7/provider-encoder.7ssl.gz", "/usr/share/man/man7/provider-kdf.7ssl.gz", "/usr/share/man/man7/provider-kem.7ssl.gz", "/usr/share/man/man7/provider-keyexch.7ssl.gz", "/usr/share/man/man7/provider-keymgmt.7ssl.gz", "/usr/share/man/man7/provider-mac.7ssl.gz", "/usr/share/man/man7/provider-object.7ssl.gz", "/usr/share/man/man7/provider-rand.7ssl.gz", "/usr/share/man/man7/provider-signature.7ssl.gz", "/usr/share/man/man7/provider-skeymgmt.7ssl.gz", "/usr/share/man/man7/provider-storemgmt.7ssl.gz", "/usr/share/man/man7/provider.7ssl.gz", "/usr/share/man/man7/proxy-certificates.7ssl.gz", "/usr/share/man/man7/x509.7ssl.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "openssl-provider-legacy@3.5.6-1~deb13u1", "Name": "openssl-provider-legacy", "Identifier": { "PURL": "pkg:deb/debian/openssl-provider-legacy@3.5.6-1~deb13u1?arch=amd64\u0026distro=debian-13.5", "UID": "c38741326d0e034f" }, "Version": "3.5.6", "Release": "1~deb13u1", "Arch": "amd64", "SrcName": "openssl", "SrcVersion": "3.5.6", "SrcRelease": "1~deb13u1", "Licenses": [ "Apache-2.0", "Artistic-2.0", "GPL-1.0-or-later", "GPL-1.0-only" ], "Maintainer": "Debian OpenSSL Team \u003cpkg-openssl-devel@alioth-lists.debian.net\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libssl3t64@3.5.6-1~deb13u1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/ossl-modules/legacy.so", "/usr/share/doc/openssl-provider-legacy/changelog.Debian.gz", "/usr/share/doc/openssl-provider-legacy/changelog.gz", "/usr/share/doc/openssl-provider-legacy/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "passwd@1:4.17.4-2", "Name": "passwd", "Identifier": { "PURL": "pkg:deb/debian/passwd@4.17.4-2?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "d93f813ae3092e32" }, "Version": "4.17.4", "Release": "2", "Epoch": 1, "Arch": "amd64", "SrcName": "shadow", "SrcVersion": "4.17.4", "SrcRelease": "2", "SrcEpoch": 1, "Licenses": [ "BSD-3-Clause", "GPL-1.0-only", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Shadow package maintainers \u003cpkg-shadow-devel@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "base-passwd@3.6.7", "libacl1@2.3.2-2+b1", "libattr1@1:2.5.2-3", "libaudit1@1:4.0.2-2+b2", "libbsd0@0.12.2-2", "libc6@2.41-12+deb13u3", "libcrypt1@1:4.4.38-1", "libpam-modules@1.7.0-5", "libpam0g@1.7.0-5", "libselinux1@3.8.1-1", "libsemanage2@3.8.1-1", "login.defs@1:4.17.4-2" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/chage", "/usr/bin/chfn", "/usr/bin/chsh", "/usr/bin/expiry", "/usr/bin/gpasswd", "/usr/bin/passwd", "/usr/lib/tmpfiles.d/passwd.conf", "/usr/sbin/chgpasswd", "/usr/sbin/chpasswd", "/usr/sbin/groupadd", "/usr/sbin/groupdel", "/usr/sbin/groupmod", "/usr/sbin/grpck", "/usr/sbin/grpconv", "/usr/sbin/grpunconv", "/usr/sbin/newusers", "/usr/sbin/pwck", "/usr/sbin/pwconv", "/usr/sbin/pwunconv", "/usr/sbin/shadowconfig", "/usr/sbin/useradd", "/usr/sbin/userdel", "/usr/sbin/usermod", "/usr/sbin/vipw", "/usr/share/doc/passwd/NEWS.Debian.gz", "/usr/share/doc/passwd/README.Debian", "/usr/share/doc/passwd/TODO.Debian", "/usr/share/doc/passwd/changelog.Debian.gz", "/usr/share/doc/passwd/changelog.gz", "/usr/share/doc/passwd/copyright", "/usr/share/doc/passwd/examples/passwd.expire.cron", "/usr/share/lintian/overrides/passwd", "/usr/share/locale/bs/LC_MESSAGES/shadow.mo", "/usr/share/locale/ca/LC_MESSAGES/shadow.mo", "/usr/share/locale/cs/LC_MESSAGES/shadow.mo", "/usr/share/locale/da/LC_MESSAGES/shadow.mo", "/usr/share/locale/de/LC_MESSAGES/shadow.mo", "/usr/share/locale/dz/LC_MESSAGES/shadow.mo", "/usr/share/locale/el/LC_MESSAGES/shadow.mo", "/usr/share/locale/es/LC_MESSAGES/shadow.mo", "/usr/share/locale/eu/LC_MESSAGES/shadow.mo", "/usr/share/locale/fi/LC_MESSAGES/shadow.mo", "/usr/share/locale/fr/LC_MESSAGES/shadow.mo", "/usr/share/locale/gl/LC_MESSAGES/shadow.mo", "/usr/share/locale/he/LC_MESSAGES/shadow.mo", "/usr/share/locale/hu/LC_MESSAGES/shadow.mo", "/usr/share/locale/id/LC_MESSAGES/shadow.mo", "/usr/share/locale/it/LC_MESSAGES/shadow.mo", "/usr/share/locale/ja/LC_MESSAGES/shadow.mo", "/usr/share/locale/ka/LC_MESSAGES/shadow.mo", "/usr/share/locale/kk/LC_MESSAGES/shadow.mo", "/usr/share/locale/km/LC_MESSAGES/shadow.mo", "/usr/share/locale/ko/LC_MESSAGES/shadow.mo", "/usr/share/locale/nb/LC_MESSAGES/shadow.mo", "/usr/share/locale/ne/LC_MESSAGES/shadow.mo", "/usr/share/locale/nl/LC_MESSAGES/shadow.mo", "/usr/share/locale/nn/LC_MESSAGES/shadow.mo", "/usr/share/locale/pl/LC_MESSAGES/shadow.mo", "/usr/share/locale/pt/LC_MESSAGES/shadow.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/shadow.mo", "/usr/share/locale/ro/LC_MESSAGES/shadow.mo", "/usr/share/locale/ru/LC_MESSAGES/shadow.mo", "/usr/share/locale/sk/LC_MESSAGES/shadow.mo", "/usr/share/locale/sq/LC_MESSAGES/shadow.mo", "/usr/share/locale/sv/LC_MESSAGES/shadow.mo", "/usr/share/locale/tl/LC_MESSAGES/shadow.mo", "/usr/share/locale/tr/LC_MESSAGES/shadow.mo", "/usr/share/locale/uk/LC_MESSAGES/shadow.mo", "/usr/share/locale/vi/LC_MESSAGES/shadow.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/shadow.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/shadow.mo", "/usr/share/man/cs/man1/expiry.1.gz", "/usr/share/man/cs/man1/gpasswd.1.gz", "/usr/share/man/cs/man5/gshadow.5.gz", "/usr/share/man/cs/man5/passwd.5.gz", "/usr/share/man/cs/man5/shadow.5.gz", "/usr/share/man/cs/man8/groupadd.8.gz", "/usr/share/man/cs/man8/groupdel.8.gz", "/usr/share/man/cs/man8/groupmod.8.gz", "/usr/share/man/cs/man8/grpck.8.gz", "/usr/share/man/cs/man8/vipw.8.gz", "/usr/share/man/da/man1/chfn.1.gz", "/usr/share/man/da/man5/gshadow.5.gz", "/usr/share/man/da/man8/groupdel.8.gz", "/usr/share/man/da/man8/vipw.8.gz", "/usr/share/man/de/man1/chage.1.gz", "/usr/share/man/de/man1/chfn.1.gz", "/usr/share/man/de/man1/chsh.1.gz", "/usr/share/man/de/man1/expiry.1.gz", "/usr/share/man/de/man1/gpasswd.1.gz", "/usr/share/man/de/man1/passwd.1.gz", "/usr/share/man/de/man5/gshadow.5.gz", "/usr/share/man/de/man5/passwd.5.gz", "/usr/share/man/de/man5/shadow.5.gz", "/usr/share/man/de/man8/chgpasswd.8.gz", "/usr/share/man/de/man8/chpasswd.8.gz", "/usr/share/man/de/man8/groupadd.8.gz", "/usr/share/man/de/man8/groupdel.8.gz", "/usr/share/man/de/man8/groupmod.8.gz", "/usr/share/man/de/man8/grpck.8.gz", "/usr/share/man/de/man8/newusers.8.gz", "/usr/share/man/de/man8/pwck.8.gz", "/usr/share/man/de/man8/pwconv.8.gz", "/usr/share/man/de/man8/useradd.8.gz", "/usr/share/man/de/man8/userdel.8.gz", "/usr/share/man/de/man8/usermod.8.gz", "/usr/share/man/de/man8/vipw.8.gz", "/usr/share/man/fi/man1/chfn.1.gz", "/usr/share/man/fi/man1/chsh.1.gz", "/usr/share/man/fr/man1/chage.1.gz", "/usr/share/man/fr/man1/chfn.1.gz", "/usr/share/man/fr/man1/chsh.1.gz", "/usr/share/man/fr/man1/expiry.1.gz", "/usr/share/man/fr/man1/gpasswd.1.gz", "/usr/share/man/fr/man1/passwd.1.gz", "/usr/share/man/fr/man5/gshadow.5.gz", "/usr/share/man/fr/man5/passwd.5.gz", "/usr/share/man/fr/man5/shadow.5.gz", "/usr/share/man/fr/man5/subgid.5.gz", "/usr/share/man/fr/man5/subuid.5.gz", "/usr/share/man/fr/man8/chgpasswd.8.gz", "/usr/share/man/fr/man8/chpasswd.8.gz", "/usr/share/man/fr/man8/groupadd.8.gz", "/usr/share/man/fr/man8/groupdel.8.gz", "/usr/share/man/fr/man8/groupmod.8.gz", "/usr/share/man/fr/man8/grpck.8.gz", "/usr/share/man/fr/man8/newusers.8.gz", "/usr/share/man/fr/man8/pwck.8.gz", "/usr/share/man/fr/man8/pwconv.8.gz", "/usr/share/man/fr/man8/useradd.8.gz", "/usr/share/man/fr/man8/userdel.8.gz", "/usr/share/man/fr/man8/usermod.8.gz", "/usr/share/man/fr/man8/vipw.8.gz", "/usr/share/man/hu/man1/chsh.1.gz", "/usr/share/man/hu/man1/gpasswd.1.gz", "/usr/share/man/hu/man1/passwd.1.gz", "/usr/share/man/hu/man5/passwd.5.gz", "/usr/share/man/id/man1/chsh.1.gz", "/usr/share/man/id/man8/useradd.8.gz", "/usr/share/man/it/man1/chage.1.gz", "/usr/share/man/it/man1/chfn.1.gz", "/usr/share/man/it/man1/chsh.1.gz", "/usr/share/man/it/man1/expiry.1.gz", "/usr/share/man/it/man1/gpasswd.1.gz", "/usr/share/man/it/man1/passwd.1.gz", "/usr/share/man/it/man5/gshadow.5.gz", "/usr/share/man/it/man5/passwd.5.gz", "/usr/share/man/it/man5/shadow.5.gz", "/usr/share/man/it/man8/chgpasswd.8.gz", "/usr/share/man/it/man8/chpasswd.8.gz", "/usr/share/man/it/man8/groupadd.8.gz", "/usr/share/man/it/man8/groupdel.8.gz", "/usr/share/man/it/man8/groupmod.8.gz", "/usr/share/man/it/man8/grpck.8.gz", "/usr/share/man/it/man8/newusers.8.gz", "/usr/share/man/it/man8/pwck.8.gz", "/usr/share/man/it/man8/pwconv.8.gz", "/usr/share/man/it/man8/useradd.8.gz", "/usr/share/man/it/man8/userdel.8.gz", "/usr/share/man/it/man8/usermod.8.gz", "/usr/share/man/it/man8/vipw.8.gz", "/usr/share/man/ja/man1/chage.1.gz", "/usr/share/man/ja/man1/chfn.1.gz", "/usr/share/man/ja/man1/chsh.1.gz", "/usr/share/man/ja/man1/expiry.1.gz", "/usr/share/man/ja/man1/gpasswd.1.gz", "/usr/share/man/ja/man1/passwd.1.gz", "/usr/share/man/ja/man5/passwd.5.gz", "/usr/share/man/ja/man5/shadow.5.gz", "/usr/share/man/ja/man8/chpasswd.8.gz", "/usr/share/man/ja/man8/groupadd.8.gz", "/usr/share/man/ja/man8/groupdel.8.gz", "/usr/share/man/ja/man8/groupmod.8.gz", "/usr/share/man/ja/man8/grpck.8.gz", "/usr/share/man/ja/man8/newusers.8.gz", "/usr/share/man/ja/man8/pwck.8.gz", "/usr/share/man/ja/man8/pwconv.8.gz", "/usr/share/man/ja/man8/useradd.8.gz", "/usr/share/man/ja/man8/userdel.8.gz", "/usr/share/man/ja/man8/usermod.8.gz", "/usr/share/man/ja/man8/vipw.8.gz", "/usr/share/man/ko/man1/chfn.1.gz", "/usr/share/man/ko/man1/chsh.1.gz", "/usr/share/man/ko/man5/passwd.5.gz", "/usr/share/man/ko/man8/vipw.8.gz", "/usr/share/man/man1/chage.1.gz", "/usr/share/man/man1/chfn.1.gz", "/usr/share/man/man1/chsh.1.gz", "/usr/share/man/man1/expiry.1.gz", "/usr/share/man/man1/gpasswd.1.gz", "/usr/share/man/man1/passwd.1.gz", "/usr/share/man/man5/gshadow.5.gz", "/usr/share/man/man5/passwd.5.gz", "/usr/share/man/man5/shadow.5.gz", "/usr/share/man/man5/subgid.5.gz", "/usr/share/man/man5/subuid.5.gz", "/usr/share/man/man8/chgpasswd.8.gz", "/usr/share/man/man8/chpasswd.8.gz", "/usr/share/man/man8/groupadd.8.gz", "/usr/share/man/man8/groupdel.8.gz", "/usr/share/man/man8/groupmod.8.gz", "/usr/share/man/man8/grpck.8.gz", "/usr/share/man/man8/newusers.8.gz", "/usr/share/man/man8/pwck.8.gz", "/usr/share/man/man8/pwconv.8.gz", "/usr/share/man/man8/shadowconfig.8.gz", "/usr/share/man/man8/useradd.8.gz", "/usr/share/man/man8/userdel.8.gz", "/usr/share/man/man8/usermod.8.gz", "/usr/share/man/man8/vipw.8.gz", "/usr/share/man/pl/man1/chage.1.gz", "/usr/share/man/pl/man1/chsh.1.gz", "/usr/share/man/pl/man1/expiry.1.gz", "/usr/share/man/pl/man8/groupadd.8.gz", "/usr/share/man/pl/man8/groupdel.8.gz", "/usr/share/man/pl/man8/groupmod.8.gz", "/usr/share/man/pl/man8/grpck.8.gz", "/usr/share/man/pl/man8/userdel.8.gz", "/usr/share/man/pl/man8/usermod.8.gz", "/usr/share/man/pl/man8/vipw.8.gz", "/usr/share/man/pt_BR/man1/gpasswd.1.gz", "/usr/share/man/pt_BR/man5/passwd.5.gz", "/usr/share/man/pt_BR/man5/shadow.5.gz", "/usr/share/man/pt_BR/man8/groupadd.8.gz", "/usr/share/man/pt_BR/man8/groupdel.8.gz", "/usr/share/man/pt_BR/man8/groupmod.8.gz", "/usr/share/man/ru/man1/chage.1.gz", "/usr/share/man/ru/man1/chfn.1.gz", "/usr/share/man/ru/man1/chsh.1.gz", "/usr/share/man/ru/man1/expiry.1.gz", "/usr/share/man/ru/man1/gpasswd.1.gz", "/usr/share/man/ru/man1/passwd.1.gz", "/usr/share/man/ru/man5/gshadow.5.gz", "/usr/share/man/ru/man5/passwd.5.gz", "/usr/share/man/ru/man5/shadow.5.gz", "/usr/share/man/ru/man8/chgpasswd.8.gz", "/usr/share/man/ru/man8/chpasswd.8.gz", "/usr/share/man/ru/man8/groupadd.8.gz", "/usr/share/man/ru/man8/groupdel.8.gz", "/usr/share/man/ru/man8/groupmod.8.gz", "/usr/share/man/ru/man8/grpck.8.gz", "/usr/share/man/ru/man8/newusers.8.gz", "/usr/share/man/ru/man8/pwck.8.gz", "/usr/share/man/ru/man8/pwconv.8.gz", "/usr/share/man/ru/man8/useradd.8.gz", "/usr/share/man/ru/man8/userdel.8.gz", "/usr/share/man/ru/man8/usermod.8.gz", "/usr/share/man/ru/man8/vipw.8.gz", "/usr/share/man/sv/man1/chage.1.gz", "/usr/share/man/sv/man1/chsh.1.gz", "/usr/share/man/sv/man1/expiry.1.gz", "/usr/share/man/sv/man1/passwd.1.gz", "/usr/share/man/sv/man5/gshadow.5.gz", "/usr/share/man/sv/man5/passwd.5.gz", "/usr/share/man/sv/man8/groupadd.8.gz", "/usr/share/man/sv/man8/groupdel.8.gz", "/usr/share/man/sv/man8/groupmod.8.gz", "/usr/share/man/sv/man8/grpck.8.gz", "/usr/share/man/sv/man8/pwck.8.gz", "/usr/share/man/sv/man8/userdel.8.gz", "/usr/share/man/sv/man8/vipw.8.gz", "/usr/share/man/tr/man1/chage.1.gz", "/usr/share/man/tr/man1/chfn.1.gz", "/usr/share/man/tr/man1/passwd.1.gz", "/usr/share/man/tr/man5/passwd.5.gz", "/usr/share/man/tr/man5/shadow.5.gz", "/usr/share/man/tr/man8/groupadd.8.gz", "/usr/share/man/tr/man8/groupdel.8.gz", "/usr/share/man/tr/man8/groupmod.8.gz", "/usr/share/man/tr/man8/useradd.8.gz", "/usr/share/man/tr/man8/userdel.8.gz", "/usr/share/man/tr/man8/usermod.8.gz", "/usr/share/man/uk/man1/chage.1.gz", "/usr/share/man/uk/man1/chfn.1.gz", "/usr/share/man/uk/man1/chsh.1.gz", "/usr/share/man/uk/man1/expiry.1.gz", "/usr/share/man/uk/man1/gpasswd.1.gz", "/usr/share/man/uk/man1/passwd.1.gz", "/usr/share/man/uk/man5/gshadow.5.gz", "/usr/share/man/uk/man5/passwd.5.gz", "/usr/share/man/uk/man5/shadow.5.gz", "/usr/share/man/uk/man8/chgpasswd.8.gz", "/usr/share/man/uk/man8/chpasswd.8.gz", "/usr/share/man/uk/man8/groupadd.8.gz", "/usr/share/man/uk/man8/groupdel.8.gz", "/usr/share/man/uk/man8/groupmod.8.gz", "/usr/share/man/uk/man8/grpck.8.gz", "/usr/share/man/uk/man8/newusers.8.gz", "/usr/share/man/uk/man8/pwck.8.gz", "/usr/share/man/uk/man8/pwconv.8.gz", "/usr/share/man/uk/man8/useradd.8.gz", "/usr/share/man/uk/man8/userdel.8.gz", "/usr/share/man/uk/man8/usermod.8.gz", "/usr/share/man/uk/man8/vipw.8.gz", "/usr/share/man/zh_CN/man1/chage.1.gz", "/usr/share/man/zh_CN/man1/chfn.1.gz", "/usr/share/man/zh_CN/man1/chsh.1.gz", "/usr/share/man/zh_CN/man1/expiry.1.gz", "/usr/share/man/zh_CN/man1/gpasswd.1.gz", "/usr/share/man/zh_CN/man1/passwd.1.gz", "/usr/share/man/zh_CN/man5/gshadow.5.gz", "/usr/share/man/zh_CN/man5/passwd.5.gz", "/usr/share/man/zh_CN/man5/shadow.5.gz", "/usr/share/man/zh_CN/man8/chgpasswd.8.gz", "/usr/share/man/zh_CN/man8/chpasswd.8.gz", "/usr/share/man/zh_CN/man8/groupadd.8.gz", "/usr/share/man/zh_CN/man8/groupdel.8.gz", "/usr/share/man/zh_CN/man8/groupmod.8.gz", "/usr/share/man/zh_CN/man8/grpck.8.gz", "/usr/share/man/zh_CN/man8/newusers.8.gz", "/usr/share/man/zh_CN/man8/pwck.8.gz", "/usr/share/man/zh_CN/man8/pwconv.8.gz", "/usr/share/man/zh_CN/man8/useradd.8.gz", "/usr/share/man/zh_CN/man8/userdel.8.gz", "/usr/share/man/zh_CN/man8/usermod.8.gz", "/usr/share/man/zh_CN/man8/vipw.8.gz", "/usr/share/man/zh_TW/man1/chfn.1.gz", "/usr/share/man/zh_TW/man1/chsh.1.gz", "/usr/share/man/zh_TW/man5/passwd.5.gz", "/usr/share/man/zh_TW/man8/chpasswd.8.gz", "/usr/share/man/zh_TW/man8/groupadd.8.gz", "/usr/share/man/zh_TW/man8/groupdel.8.gz", "/usr/share/man/zh_TW/man8/groupmod.8.gz", "/usr/share/man/zh_TW/man8/useradd.8.gz", "/usr/share/man/zh_TW/man8/userdel.8.gz", "/usr/share/man/zh_TW/man8/usermod.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "perl-base@5.40.1-6", "Name": "perl-base", "Identifier": { "PURL": "pkg:deb/debian/perl-base@5.40.1-6?arch=amd64\u0026distro=debian-13.5", "UID": "546ba1bdcd66d61" }, "Version": "5.40.1", "Release": "6", "Arch": "amd64", "SrcName": "perl", "SrcVersion": "5.40.1", "SrcRelease": "6", "Licenses": [ "GPL-1.0-or-later", "Artistic-2.0", "MIT", "REGCOMP", "GPL-2.0-with-bison-exception+", "Unicode", "BZIP", "Zlib", "GPL-2.0-or-later", "FSFAP", "BSD-3-clause-with-weird-numbering", "CC0-1.0", "TEXT-TABS", "BSD-4-clause-POWERDOG", "BSD-3-clause-GENERIC", "BSD-3-Clause", "SDBM-PUBLIC-DOMAIN", "DONT-CHANGE-THE-GPL", "Artistic-dist", "LGPL-2.1-only", "GPL-1.0-only", "GPL-2.0-only", "Artistic-2" ], "Maintainer": "Niko Tyni \u003cntyni@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/perl", "/usr/bin/perl5.40.1", "/usr/lib/x86_64-linux-gnu/perl-base/AutoLoader.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Carp.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Carp/Heavy.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Config.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Config_git.pl", "/usr/lib/x86_64-linux-gnu/perl-base/Config_heavy.pl", "/usr/lib/x86_64-linux-gnu/perl-base/Cwd.pm", "/usr/lib/x86_64-linux-gnu/perl-base/DynaLoader.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Errno.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Exporter.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Exporter/Heavy.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Fcntl.pm", "/usr/lib/x86_64-linux-gnu/perl-base/File/Basename.pm", "/usr/lib/x86_64-linux-gnu/perl-base/File/Glob.pm", "/usr/lib/x86_64-linux-gnu/perl-base/File/Path.pm", "/usr/lib/x86_64-linux-gnu/perl-base/File/Spec.pm", "/usr/lib/x86_64-linux-gnu/perl-base/File/Spec/Unix.pm", "/usr/lib/x86_64-linux-gnu/perl-base/File/Temp.pm", "/usr/lib/x86_64-linux-gnu/perl-base/FileHandle.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Getopt/Long.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Getopt/Long/Parser.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Hash/Util.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/File.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Handle.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Pipe.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Seekable.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Select.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket/INET.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket/IP.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket/UNIX.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IPC/Open2.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IPC/Open3.pm", "/usr/lib/x86_64-linux-gnu/perl-base/List/Util.pm", "/usr/lib/x86_64-linux-gnu/perl-base/POSIX.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Scalar/Util.pm", "/usr/lib/x86_64-linux-gnu/perl-base/SelectSaver.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Socket.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Symbol.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Text/ParseWords.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Text/Tabs.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Text/Wrap.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Tie/Hash.pm", "/usr/lib/x86_64-linux-gnu/perl-base/XSLoader.pm", "/usr/lib/x86_64-linux-gnu/perl-base/attributes.pm", "/usr/lib/x86_64-linux-gnu/perl-base/auto/Cwd/Cwd.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/Fcntl/Fcntl.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/File/Glob/Glob.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/Hash/Util/Util.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/IO/IO.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/List/Util/Util.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/POSIX/POSIX.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/Socket/Socket.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/attributes/attributes.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/re/re.so", "/usr/lib/x86_64-linux-gnu/perl-base/base.pm", "/usr/lib/x86_64-linux-gnu/perl-base/builtin.pm", "/usr/lib/x86_64-linux-gnu/perl-base/bytes.pm", "/usr/lib/x86_64-linux-gnu/perl-base/constant.pm", "/usr/lib/x86_64-linux-gnu/perl-base/feature.pm", "/usr/lib/x86_64-linux-gnu/perl-base/fields.pm", "/usr/lib/x86_64-linux-gnu/perl-base/integer.pm", "/usr/lib/x86_64-linux-gnu/perl-base/lib.pm", "/usr/lib/x86_64-linux-gnu/perl-base/locale.pm", "/usr/lib/x86_64-linux-gnu/perl-base/overload.pm", "/usr/lib/x86_64-linux-gnu/perl-base/overloading.pm", "/usr/lib/x86_64-linux-gnu/perl-base/parent.pm", "/usr/lib/x86_64-linux-gnu/perl-base/re.pm", "/usr/lib/x86_64-linux-gnu/perl-base/strict.pm", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Age.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bmg.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bpb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bpt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Cf.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Ea.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/EqUIdeo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/GCB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Gc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Hst.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Identif2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Identifi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/InPC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/InSC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Isc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Jg.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Jt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Lb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Lc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFCQC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFDQC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFKCCF.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFKCQC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFKDQC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Na1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NameAlia.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Nt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Nv.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/PerlDeci.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/SB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Sc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Scx.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Tc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Uc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Vo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/WB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/_PerlLB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/_PerlSCX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/NA.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V100.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V11.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V110.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V120.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V130.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V140.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V150.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V20.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V30.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V31.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V32.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V40.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V41.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V50.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V51.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V52.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V60.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V61.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V70.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V80.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V90.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Alpha/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/AL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/AN.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/B.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/BN.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/CS.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/EN.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/ES.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/ET.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/L.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/NSM.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/ON.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/R.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/WS.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/BidiC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/BidiM/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Blk/NB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bpt/C.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bpt/N.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bpt/O.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CE/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CI/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWCF/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWCM/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWKCF/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWL/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWT/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWU/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Cased/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/A.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/AL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/AR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/ATAR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/B.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/BR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/DB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/NK.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/NR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/OV.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/VR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CompEx/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/DI/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dash/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dep/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dia/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Com.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Enc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Fin.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Font.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Init.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Iso.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Med.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Nar.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Nb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/NonCanon.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Sqr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Sub.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Sup.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Vert.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/EBase/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/EComp/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/EPres/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/A.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/H.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/N.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/Na.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/W.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Emoji/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ext/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/ExtPict/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/CN.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/EX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/LV.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/LVT.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/PP.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/SM.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/XX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/C.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Cf.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Cn.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/L.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/LC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Ll.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Lm.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Lo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Lu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/M.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Mc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Me.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Mn.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/N.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Nd.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Nl.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/No.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/P.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pd.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pe.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pf.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Po.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Ps.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/S.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Sc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Sk.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Sm.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/So.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Z.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Zs.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GrBase/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GrExt/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Hex/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Hst/NA.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Hyphen/T.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IDC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IDS/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdStatus/Allowed.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdStatus/Restrict.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/DefaultI.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Exclusio.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Inclusio.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/LimitedU.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/NotChara.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/NotNFKC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/NotXID.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Obsolete.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Recommen.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Technica.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Uncommon.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ideo/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/10_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/11_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/12_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/12_1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/13_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/14_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/15_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/2_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/2_1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/3_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/3_1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/3_2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/4_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/4_1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/5_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/5_1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/5_2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_3.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/7_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/8_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/9_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Bottom.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/BottomAn.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Left.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/LeftAndR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/NA.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Overstru.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Right.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Top.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndBo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndL2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndLe.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndRi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/VisualOr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Avagraha.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Bindu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Cantilla.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona3.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona4.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona5.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona6.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona7.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona8.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona9.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consonan.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Geminati.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Invisibl.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Nukta.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Number.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Other.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/PureKill.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Syllable.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/ToneMark.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Virama.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Visarga.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Vowel.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/VowelDep.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/VowelInd.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Ain.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Alef.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Beh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Dal.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/FarsiYeh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Feh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Gaf.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Hah.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/HanifiRo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Kaf.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Lam.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/NoJoinin.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Noon.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Qaf.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Reh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Sad.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Seen.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Tah.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Waw.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Yeh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/C.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/D.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/L.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/R.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/T.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/U.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/AI.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/AL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/BA.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/BB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/CJ.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/CL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/CM.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/EX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/GL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/ID.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/IN.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/IS.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/NS.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/NU.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/OP.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/PO.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/PR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/QU.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/SA.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/XX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lower/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Math/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFCQC/M.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFCQC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFDQC/N.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFDQC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKCQC/N.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKCQC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKDQC/N.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKDQC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nt/Di.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nt/None.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nt/Nu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/10.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/100.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/10000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/100000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/11.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/12.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/13.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/14.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/15.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/16.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/17.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/18.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/19.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_16.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_3.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_4.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_6.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_8.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/20.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/200.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/2000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/20000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/2_3.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/30.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/300.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/30000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3_16.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3_4.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/4.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/40.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/400.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/4000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/40000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/5.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/50.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/500.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/5000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/50000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/6.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/60.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/600.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/6000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/60000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/7.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/70.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/700.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/7000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/70000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/8.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/80.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/800.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/8000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/80000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/9.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/90.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/900.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/9000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/90000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/PCM/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/PatSyn/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Alnum.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Assigned.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Blank.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Graph.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/PerlWord.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/PosixPun.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Print.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/SpacePer.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Title.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Word.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/XPosixPu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlAny.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlCh2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlCha.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlFol.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlIDC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlIDS.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlIsI.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlNch.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlPat.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlPr2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlPro.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlQuo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/QMark/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/AT.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/CL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/EX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/FO.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/LE.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/LO.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/NU.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/SC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/ST.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/Sp.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/UP.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/XX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SD/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/STerm/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Arab.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Beng.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Cprt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Cyrl.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Deva.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Dupl.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Geor.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Glag.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gong.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gonm.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gran.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Grek.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gujr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Guru.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Han.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Hang.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Hira.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Kana.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Knda.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Latn.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Limb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Linb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Mlym.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Mong.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Mult.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Orya.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Sinh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Syrc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Taml.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Telu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Zinh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Zyyy.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Adlm.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Arab.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Armn.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Beng.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Bhks.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Bopo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cakm.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cham.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Copt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cprt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cyrl.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Deva.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Diak.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Dupl.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Ethi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Geor.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Glag.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gong.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gonm.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gran.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Grek.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gujr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Guru.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Han.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hang.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hebr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hira.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hmng.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hmnp.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Kana.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Khar.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Khmr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Khoj.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Knda.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Kthi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Lana.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Lao.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Latn.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Limb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Lina.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Linb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mlym.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mong.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mult.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mymr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Nand.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Nko.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Orya.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Phlp.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Rohg.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Shrd.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Sind.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Sinh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Syrc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tagb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Takr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Talu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Taml.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tang.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Telu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Thaa.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tibt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tirh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Vith.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Xsux.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Yezi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Yi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Zinh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Zyyy.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Zzzz.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Term/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/UIdeo/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Upper/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/VS/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/R.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/Tr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/Tu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/U.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/EX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/Extend.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/FO.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/HL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/KA.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/LE.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/MB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/ML.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/MN.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/NU.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/WSegSpac.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/XX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/XIDC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/XIDS/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/utf8.pm", "/usr/lib/x86_64-linux-gnu/perl-base/vars.pm", "/usr/lib/x86_64-linux-gnu/perl-base/warnings.pm", "/usr/lib/x86_64-linux-gnu/perl-base/warnings/register.pm", "/usr/share/doc/perl-base/changelog.Debian.gz", "/usr/share/doc/perl-base/changelog.gz", "/usr/share/doc/perl-base/copyright", "/usr/share/doc/perl/AUTHORS.gz", "/usr/share/doc/perl/Documentation", "/usr/share/lintian/overrides/perl-base", "/usr/share/man/man1/perl.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "readline-common@8.2-6", "Name": "readline-common", "Identifier": { "PURL": "pkg:deb/debian/readline-common@8.2-6?arch=all\u0026distro=debian-13.5", "UID": "e762758a1681f62e" }, "Version": "8.2", "Release": "6", "Arch": "all", "SrcName": "readline", "SrcVersion": "8.2", "SrcRelease": "6", "Licenses": [ "GPL-3.0-or-later", "GPL-3.0-only", "GPL-2.0-or-later", "GPL-2.0-only", "GFDL-1.3-no-invariants-or-later", "GFDL-1.3-or-later", "ISC-no-attribution" ], "Maintainer": "Matthias Klose \u003cdoko@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" }, "InstalledFiles": [ "/usr/share/doc/readline-common/changelog.Debian.gz", "/usr/share/doc/readline-common/changelog.gz", "/usr/share/doc/readline-common/copyright", "/usr/share/doc/readline-common/inputrc.arrows", "/usr/share/info/rluserman.info.gz", "/usr/share/lintian/overrides/readline-common", "/usr/share/man/man3/history.3readline.gz", "/usr/share/man/man3/readline.3readline.gz", "/usr/share/readline/inputrc" ], "AnalyzedBy": "dpkg" }, { "ID": "sed@4.9-2+deb13u1", "Name": "sed", "Identifier": { "PURL": "pkg:deb/debian/sed@4.9-2%2Bdeb13u1?arch=amd64\u0026distro=debian-13.5", "UID": "a041ea16982bb927" }, "Version": "4.9", "Release": "2+deb13u1", "Arch": "amd64", "SrcName": "sed", "SrcVersion": "4.9", "SrcRelease": "2+deb13u1", "Licenses": [ "GPL-3.0-or-later", "GPL-3.0-only", "X11", "GFDL-1.3-no-invariants-or-later", "GFDL-1.3-only", "ISC", "BSD-4-Clause-UC", "BSL-1", "pcre" ], "Maintainer": "Clint Adams \u003cclint@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/sed", "/usr/share/doc/sed/AUTHORS", "/usr/share/doc/sed/BUGS.gz", "/usr/share/doc/sed/NEWS.gz", "/usr/share/doc/sed/README", "/usr/share/doc/sed/THANKS.gz", "/usr/share/doc/sed/changelog.Debian.gz", "/usr/share/doc/sed/changelog.gz", "/usr/share/doc/sed/copyright", "/usr/share/doc/sed/examples/dc.sed", "/usr/share/doc/sed/sedfaq.txt.gz", "/usr/share/info/sed.info.gz", "/usr/share/locale/af/LC_MESSAGES/sed.mo", "/usr/share/locale/ast/LC_MESSAGES/sed.mo", "/usr/share/locale/bg/LC_MESSAGES/sed.mo", "/usr/share/locale/ca/LC_MESSAGES/sed.mo", "/usr/share/locale/cs/LC_MESSAGES/sed.mo", "/usr/share/locale/da/LC_MESSAGES/sed.mo", "/usr/share/locale/de/LC_MESSAGES/sed.mo", "/usr/share/locale/el/LC_MESSAGES/sed.mo", "/usr/share/locale/eo/LC_MESSAGES/sed.mo", "/usr/share/locale/es/LC_MESSAGES/sed.mo", "/usr/share/locale/et/LC_MESSAGES/sed.mo", "/usr/share/locale/eu/LC_MESSAGES/sed.mo", "/usr/share/locale/fi/LC_MESSAGES/sed.mo", "/usr/share/locale/fr/LC_MESSAGES/sed.mo", "/usr/share/locale/ga/LC_MESSAGES/sed.mo", "/usr/share/locale/gl/LC_MESSAGES/sed.mo", "/usr/share/locale/he/LC_MESSAGES/sed.mo", "/usr/share/locale/hr/LC_MESSAGES/sed.mo", "/usr/share/locale/hu/LC_MESSAGES/sed.mo", "/usr/share/locale/id/LC_MESSAGES/sed.mo", "/usr/share/locale/it/LC_MESSAGES/sed.mo", "/usr/share/locale/ja/LC_MESSAGES/sed.mo", "/usr/share/locale/ka/LC_MESSAGES/sed.mo", "/usr/share/locale/ko/LC_MESSAGES/sed.mo", "/usr/share/locale/nb/LC_MESSAGES/sed.mo", "/usr/share/locale/nl/LC_MESSAGES/sed.mo", "/usr/share/locale/pl/LC_MESSAGES/sed.mo", "/usr/share/locale/pt/LC_MESSAGES/sed.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/sed.mo", "/usr/share/locale/ro/LC_MESSAGES/sed.mo", "/usr/share/locale/ru/LC_MESSAGES/sed.mo", "/usr/share/locale/sk/LC_MESSAGES/sed.mo", "/usr/share/locale/sl/LC_MESSAGES/sed.mo", "/usr/share/locale/sr/LC_MESSAGES/sed.mo", "/usr/share/locale/sv/LC_MESSAGES/sed.mo", "/usr/share/locale/tr/LC_MESSAGES/sed.mo", "/usr/share/locale/uk/LC_MESSAGES/sed.mo", "/usr/share/locale/vi/LC_MESSAGES/sed.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/sed.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/sed.mo", "/usr/share/man/man1/sed.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "sqv@1.3.0-3+b2", "Name": "sqv", "Identifier": { "PURL": "pkg:deb/debian/sqv@1.3.0-3%2Bb2?arch=amd64\u0026distro=debian-13.5", "UID": "2bf11ffe79190750" }, "Version": "1.3.0", "Release": "3+b2", "Arch": "amd64", "SrcName": "rust-sequoia-sqv", "SrcVersion": "1.3.0", "SrcRelease": "3", "Licenses": [ "LGPL-2.0-or-later", "LGPL-2.0-only" ], "Maintainer": "Debian Rust Maintainers \u003cpkg-rust-maintainers@alioth-lists.debian.net\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libgcc-s1@14.2.0-19", "libgmp10@2:6.3.0+dfsg-3", "libhogweed6t64@3.10.1-1", "libnettle8t64@3.10.1-1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/sqv", "/usr/share/bash-completion/completions/sqv.bash", "/usr/share/doc/sqv/NEWS.gz", "/usr/share/doc/sqv/changelog.Debian.amd64.gz", "/usr/share/doc/sqv/changelog.Debian.gz", "/usr/share/doc/sqv/copyright", "/usr/share/fish/completions/sqv.fish", "/usr/share/man/man1/sqv.1.gz", "/usr/share/zsh/vendor-completions/_sqv" ], "AnalyzedBy": "dpkg" }, { "ID": "sysvinit-utils@3.14-4", "Name": "sysvinit-utils", "Identifier": { "PURL": "pkg:deb/debian/sysvinit-utils@3.14-4?arch=amd64\u0026distro=debian-13.5", "UID": "f7fb888c58ca826e" }, "Version": "3.14", "Release": "4", "Arch": "amd64", "SrcName": "sysvinit", "SrcVersion": "3.14", "SrcRelease": "4", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.1-or-later", "GPL-3.0-only", "GPL-2.0-only", "LGPL-2.1-only" ], "Maintainer": "Debian sysvinit maintainers \u003cdebian-init-diversity@chiark.greenend.org.uk\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/init/init-d-script", "/usr/lib/init/vars.sh", "/usr/lib/lsb/init-functions", "/usr/lib/lsb/init-functions.d/00-verbose", "/usr/sbin/fstab-decode", "/usr/sbin/killall5", "/usr/share/doc/sysvinit-utils/changelog.Debian.gz", "/usr/share/doc/sysvinit-utils/copyright", "/usr/share/man/man5/init-d-script.5.gz", "/usr/share/man/man8/fstab-decode.8.gz", "/usr/share/man/man8/killall5.8.gz", "/usr/share/man/man8/pidof.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "tar@1.35+dfsg-3.1", "Name": "tar", "Identifier": { "PURL": "pkg:deb/debian/tar@1.35%2Bdfsg-3.1?arch=amd64\u0026distro=debian-13.5", "UID": "4f69996c49afbaca" }, "Version": "1.35+dfsg", "Release": "3.1", "Arch": "amd64", "SrcName": "tar", "SrcVersion": "1.35+dfsg", "SrcRelease": "3.1", "Licenses": [ "GPL-3.0-or-later", "GPL-3.0-only", "GPL-3+ with Bison exception", "LGPL-2.1-or-later", "LGPL-2.1-only", "LGPL-3.0-or-later", "LGPL-3.0-only", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Janos Lenart \u003cocsi@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/tar", "/usr/lib/mime/packages/tar", "/usr/sbin/rmt-tar", "/usr/sbin/tarcat", "/usr/share/doc/tar/AUTHORS", "/usr/share/doc/tar/NEWS.gz", "/usr/share/doc/tar/README.Debian", "/usr/share/doc/tar/THANKS.gz", "/usr/share/doc/tar/changelog.1.gz", "/usr/share/doc/tar/changelog.Debian.gz", "/usr/share/doc/tar/changelog.gz", "/usr/share/doc/tar/copyright", "/usr/share/locale/bg/LC_MESSAGES/tar.mo", "/usr/share/locale/ca/LC_MESSAGES/tar.mo", "/usr/share/locale/cs/LC_MESSAGES/tar.mo", "/usr/share/locale/da/LC_MESSAGES/tar.mo", "/usr/share/locale/de/LC_MESSAGES/tar.mo", "/usr/share/locale/el/LC_MESSAGES/tar.mo", "/usr/share/locale/eo/LC_MESSAGES/tar.mo", "/usr/share/locale/es/LC_MESSAGES/tar.mo", "/usr/share/locale/et/LC_MESSAGES/tar.mo", "/usr/share/locale/eu/LC_MESSAGES/tar.mo", "/usr/share/locale/fi/LC_MESSAGES/tar.mo", "/usr/share/locale/fr/LC_MESSAGES/tar.mo", "/usr/share/locale/ga/LC_MESSAGES/tar.mo", "/usr/share/locale/gl/LC_MESSAGES/tar.mo", "/usr/share/locale/hr/LC_MESSAGES/tar.mo", "/usr/share/locale/hu/LC_MESSAGES/tar.mo", "/usr/share/locale/id/LC_MESSAGES/tar.mo", "/usr/share/locale/it/LC_MESSAGES/tar.mo", "/usr/share/locale/ja/LC_MESSAGES/tar.mo", "/usr/share/locale/ka/LC_MESSAGES/tar.mo", "/usr/share/locale/ko/LC_MESSAGES/tar.mo", "/usr/share/locale/ky/LC_MESSAGES/tar.mo", "/usr/share/locale/ms/LC_MESSAGES/tar.mo", "/usr/share/locale/nb/LC_MESSAGES/tar.mo", "/usr/share/locale/nl/LC_MESSAGES/tar.mo", "/usr/share/locale/pl/LC_MESSAGES/tar.mo", "/usr/share/locale/pt/LC_MESSAGES/tar.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/tar.mo", "/usr/share/locale/ro/LC_MESSAGES/tar.mo", "/usr/share/locale/ru/LC_MESSAGES/tar.mo", "/usr/share/locale/sk/LC_MESSAGES/tar.mo", "/usr/share/locale/sl/LC_MESSAGES/tar.mo", "/usr/share/locale/sr/LC_MESSAGES/tar.mo", "/usr/share/locale/sv/LC_MESSAGES/tar.mo", "/usr/share/locale/tr/LC_MESSAGES/tar.mo", "/usr/share/locale/uk/LC_MESSAGES/tar.mo", "/usr/share/locale/vi/LC_MESSAGES/tar.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/tar.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/tar.mo", "/usr/share/man/man1/tar.1.gz", "/usr/share/man/man1/tarcat.1.gz", "/usr/share/man/man8/rmt-tar.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "tzdata@2026b-0+deb13u1", "Name": "tzdata", "Identifier": { "PURL": "pkg:deb/debian/tzdata@2026b-0%2Bdeb13u1?arch=all\u0026distro=debian-13.5", "UID": "9e352e373d8245f0" }, "Version": "2026b", "Release": "0+deb13u1", "Arch": "all", "SrcName": "tzdata", "SrcVersion": "2026b", "SrcRelease": "0+deb13u1", "Licenses": [ "public-domain" ], "Maintainer": "GNU Libc Maintainers \u003cdebian-glibc@lists.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debconf@1.5.91" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/share/doc/tzdata/NEWS.Debian.gz", "/usr/share/doc/tzdata/README.Debian", "/usr/share/doc/tzdata/changelog.Debian.gz", "/usr/share/doc/tzdata/changelog.gz", "/usr/share/doc/tzdata/copyright", "/usr/share/lintian/overrides/tzdata", "/usr/share/zoneinfo/Africa/Abidjan", "/usr/share/zoneinfo/Africa/Accra", "/usr/share/zoneinfo/Africa/Addis_Ababa", "/usr/share/zoneinfo/Africa/Algiers", "/usr/share/zoneinfo/Africa/Asmara", "/usr/share/zoneinfo/Africa/Bamako", "/usr/share/zoneinfo/Africa/Bangui", "/usr/share/zoneinfo/Africa/Banjul", "/usr/share/zoneinfo/Africa/Bissau", "/usr/share/zoneinfo/Africa/Blantyre", "/usr/share/zoneinfo/Africa/Brazzaville", "/usr/share/zoneinfo/Africa/Bujumbura", "/usr/share/zoneinfo/Africa/Cairo", "/usr/share/zoneinfo/Africa/Casablanca", "/usr/share/zoneinfo/Africa/Ceuta", "/usr/share/zoneinfo/Africa/Conakry", "/usr/share/zoneinfo/Africa/Dakar", "/usr/share/zoneinfo/Africa/Dar_es_Salaam", "/usr/share/zoneinfo/Africa/Djibouti", "/usr/share/zoneinfo/Africa/Douala", "/usr/share/zoneinfo/Africa/El_Aaiun", "/usr/share/zoneinfo/Africa/Freetown", "/usr/share/zoneinfo/Africa/Gaborone", "/usr/share/zoneinfo/Africa/Harare", "/usr/share/zoneinfo/Africa/Johannesburg", "/usr/share/zoneinfo/Africa/Juba", "/usr/share/zoneinfo/Africa/Kampala", "/usr/share/zoneinfo/Africa/Khartoum", "/usr/share/zoneinfo/Africa/Kigali", "/usr/share/zoneinfo/Africa/Kinshasa", "/usr/share/zoneinfo/Africa/Lagos", "/usr/share/zoneinfo/Africa/Libreville", "/usr/share/zoneinfo/Africa/Lome", "/usr/share/zoneinfo/Africa/Luanda", "/usr/share/zoneinfo/Africa/Lubumbashi", "/usr/share/zoneinfo/Africa/Lusaka", "/usr/share/zoneinfo/Africa/Malabo", "/usr/share/zoneinfo/Africa/Maputo", "/usr/share/zoneinfo/Africa/Maseru", "/usr/share/zoneinfo/Africa/Mbabane", "/usr/share/zoneinfo/Africa/Mogadishu", "/usr/share/zoneinfo/Africa/Monrovia", "/usr/share/zoneinfo/Africa/Nairobi", "/usr/share/zoneinfo/Africa/Ndjamena", "/usr/share/zoneinfo/Africa/Niamey", "/usr/share/zoneinfo/Africa/Nouakchott", "/usr/share/zoneinfo/Africa/Ouagadougou", "/usr/share/zoneinfo/Africa/Porto-Novo", "/usr/share/zoneinfo/Africa/Sao_Tome", "/usr/share/zoneinfo/Africa/Tripoli", "/usr/share/zoneinfo/Africa/Tunis", "/usr/share/zoneinfo/Africa/Windhoek", "/usr/share/zoneinfo/America/Adak", "/usr/share/zoneinfo/America/Anchorage", "/usr/share/zoneinfo/America/Anguilla", "/usr/share/zoneinfo/America/Antigua", "/usr/share/zoneinfo/America/Araguaina", "/usr/share/zoneinfo/America/Argentina/Buenos_Aires", "/usr/share/zoneinfo/America/Argentina/Catamarca", "/usr/share/zoneinfo/America/Argentina/Cordoba", "/usr/share/zoneinfo/America/Argentina/Jujuy", "/usr/share/zoneinfo/America/Argentina/La_Rioja", "/usr/share/zoneinfo/America/Argentina/Mendoza", "/usr/share/zoneinfo/America/Argentina/Rio_Gallegos", "/usr/share/zoneinfo/America/Argentina/Salta", "/usr/share/zoneinfo/America/Argentina/San_Juan", "/usr/share/zoneinfo/America/Argentina/San_Luis", "/usr/share/zoneinfo/America/Argentina/Tucuman", "/usr/share/zoneinfo/America/Argentina/Ushuaia", "/usr/share/zoneinfo/America/Aruba", "/usr/share/zoneinfo/America/Asuncion", "/usr/share/zoneinfo/America/Atikokan", "/usr/share/zoneinfo/America/Bahia", "/usr/share/zoneinfo/America/Bahia_Banderas", "/usr/share/zoneinfo/America/Barbados", "/usr/share/zoneinfo/America/Belem", "/usr/share/zoneinfo/America/Belize", "/usr/share/zoneinfo/America/Blanc-Sablon", "/usr/share/zoneinfo/America/Boa_Vista", "/usr/share/zoneinfo/America/Bogota", "/usr/share/zoneinfo/America/Boise", "/usr/share/zoneinfo/America/Cambridge_Bay", "/usr/share/zoneinfo/America/Campo_Grande", "/usr/share/zoneinfo/America/Cancun", "/usr/share/zoneinfo/America/Caracas", "/usr/share/zoneinfo/America/Cayenne", "/usr/share/zoneinfo/America/Cayman", "/usr/share/zoneinfo/America/Chicago", "/usr/share/zoneinfo/America/Chihuahua", "/usr/share/zoneinfo/America/Ciudad_Juarez", "/usr/share/zoneinfo/America/Costa_Rica", "/usr/share/zoneinfo/America/Coyhaique", "/usr/share/zoneinfo/America/Creston", "/usr/share/zoneinfo/America/Cuiaba", "/usr/share/zoneinfo/America/Curacao", "/usr/share/zoneinfo/America/Danmarkshavn", "/usr/share/zoneinfo/America/Dawson", "/usr/share/zoneinfo/America/Dawson_Creek", "/usr/share/zoneinfo/America/Denver", "/usr/share/zoneinfo/America/Detroit", "/usr/share/zoneinfo/America/Dominica", "/usr/share/zoneinfo/America/Edmonton", "/usr/share/zoneinfo/America/Eirunepe", "/usr/share/zoneinfo/America/El_Salvador", "/usr/share/zoneinfo/America/Fort_Nelson", "/usr/share/zoneinfo/America/Fortaleza", "/usr/share/zoneinfo/America/Glace_Bay", "/usr/share/zoneinfo/America/Goose_Bay", "/usr/share/zoneinfo/America/Grand_Turk", "/usr/share/zoneinfo/America/Grenada", "/usr/share/zoneinfo/America/Guadeloupe", "/usr/share/zoneinfo/America/Guatemala", "/usr/share/zoneinfo/America/Guayaquil", "/usr/share/zoneinfo/America/Guyana", "/usr/share/zoneinfo/America/Halifax", "/usr/share/zoneinfo/America/Havana", "/usr/share/zoneinfo/America/Hermosillo", "/usr/share/zoneinfo/America/Indiana/Indianapolis", "/usr/share/zoneinfo/America/Indiana/Knox", "/usr/share/zoneinfo/America/Indiana/Marengo", "/usr/share/zoneinfo/America/Indiana/Petersburg", "/usr/share/zoneinfo/America/Indiana/Tell_City", "/usr/share/zoneinfo/America/Indiana/Vevay", "/usr/share/zoneinfo/America/Indiana/Vincennes", "/usr/share/zoneinfo/America/Indiana/Winamac", "/usr/share/zoneinfo/America/Inuvik", "/usr/share/zoneinfo/America/Iqaluit", "/usr/share/zoneinfo/America/Jamaica", "/usr/share/zoneinfo/America/Juneau", "/usr/share/zoneinfo/America/Kentucky/Louisville", "/usr/share/zoneinfo/America/Kentucky/Monticello", "/usr/share/zoneinfo/America/La_Paz", "/usr/share/zoneinfo/America/Lima", "/usr/share/zoneinfo/America/Los_Angeles", "/usr/share/zoneinfo/America/Maceio", "/usr/share/zoneinfo/America/Managua", "/usr/share/zoneinfo/America/Manaus", "/usr/share/zoneinfo/America/Martinique", "/usr/share/zoneinfo/America/Matamoros", "/usr/share/zoneinfo/America/Mazatlan", "/usr/share/zoneinfo/America/Menominee", "/usr/share/zoneinfo/America/Merida", "/usr/share/zoneinfo/America/Metlakatla", "/usr/share/zoneinfo/America/Mexico_City", "/usr/share/zoneinfo/America/Miquelon", "/usr/share/zoneinfo/America/Moncton", "/usr/share/zoneinfo/America/Monterrey", "/usr/share/zoneinfo/America/Montevideo", "/usr/share/zoneinfo/America/Montserrat", "/usr/share/zoneinfo/America/Nassau", "/usr/share/zoneinfo/America/New_York", "/usr/share/zoneinfo/America/Nome", "/usr/share/zoneinfo/America/Noronha", "/usr/share/zoneinfo/America/North_Dakota/Beulah", "/usr/share/zoneinfo/America/North_Dakota/Center", "/usr/share/zoneinfo/America/North_Dakota/New_Salem", "/usr/share/zoneinfo/America/Nuuk", "/usr/share/zoneinfo/America/Ojinaga", "/usr/share/zoneinfo/America/Panama", "/usr/share/zoneinfo/America/Paramaribo", "/usr/share/zoneinfo/America/Phoenix", "/usr/share/zoneinfo/America/Port-au-Prince", "/usr/share/zoneinfo/America/Port_of_Spain", "/usr/share/zoneinfo/America/Porto_Velho", "/usr/share/zoneinfo/America/Puerto_Rico", "/usr/share/zoneinfo/America/Punta_Arenas", "/usr/share/zoneinfo/America/Rankin_Inlet", "/usr/share/zoneinfo/America/Recife", "/usr/share/zoneinfo/America/Regina", "/usr/share/zoneinfo/America/Resolute", "/usr/share/zoneinfo/America/Rio_Branco", "/usr/share/zoneinfo/America/Santarem", "/usr/share/zoneinfo/America/Santiago", "/usr/share/zoneinfo/America/Santo_Domingo", "/usr/share/zoneinfo/America/Sao_Paulo", "/usr/share/zoneinfo/America/Scoresbysund", "/usr/share/zoneinfo/America/Sitka", "/usr/share/zoneinfo/America/St_Johns", "/usr/share/zoneinfo/America/St_Kitts", "/usr/share/zoneinfo/America/St_Lucia", "/usr/share/zoneinfo/America/St_Thomas", "/usr/share/zoneinfo/America/St_Vincent", "/usr/share/zoneinfo/America/Swift_Current", "/usr/share/zoneinfo/America/Tegucigalpa", "/usr/share/zoneinfo/America/Thule", "/usr/share/zoneinfo/America/Tijuana", "/usr/share/zoneinfo/America/Toronto", "/usr/share/zoneinfo/America/Tortola", "/usr/share/zoneinfo/America/Vancouver", "/usr/share/zoneinfo/America/Whitehorse", "/usr/share/zoneinfo/America/Winnipeg", "/usr/share/zoneinfo/America/Yakutat", "/usr/share/zoneinfo/Antarctica/Casey", "/usr/share/zoneinfo/Antarctica/Davis", "/usr/share/zoneinfo/Antarctica/DumontDUrville", "/usr/share/zoneinfo/Antarctica/Macquarie", "/usr/share/zoneinfo/Antarctica/Mawson", "/usr/share/zoneinfo/Antarctica/McMurdo", "/usr/share/zoneinfo/Antarctica/Palmer", "/usr/share/zoneinfo/Antarctica/Rothera", "/usr/share/zoneinfo/Antarctica/Syowa", "/usr/share/zoneinfo/Antarctica/Troll", "/usr/share/zoneinfo/Antarctica/Vostok", "/usr/share/zoneinfo/Asia/Aden", "/usr/share/zoneinfo/Asia/Almaty", "/usr/share/zoneinfo/Asia/Amman", "/usr/share/zoneinfo/Asia/Anadyr", "/usr/share/zoneinfo/Asia/Aqtau", "/usr/share/zoneinfo/Asia/Aqtobe", "/usr/share/zoneinfo/Asia/Ashgabat", "/usr/share/zoneinfo/Asia/Atyrau", "/usr/share/zoneinfo/Asia/Baghdad", "/usr/share/zoneinfo/Asia/Bahrain", "/usr/share/zoneinfo/Asia/Baku", "/usr/share/zoneinfo/Asia/Bangkok", "/usr/share/zoneinfo/Asia/Barnaul", "/usr/share/zoneinfo/Asia/Beirut", "/usr/share/zoneinfo/Asia/Bishkek", "/usr/share/zoneinfo/Asia/Brunei", "/usr/share/zoneinfo/Asia/Chita", "/usr/share/zoneinfo/Asia/Colombo", "/usr/share/zoneinfo/Asia/Damascus", "/usr/share/zoneinfo/Asia/Dhaka", "/usr/share/zoneinfo/Asia/Dili", "/usr/share/zoneinfo/Asia/Dubai", "/usr/share/zoneinfo/Asia/Dushanbe", "/usr/share/zoneinfo/Asia/Famagusta", "/usr/share/zoneinfo/Asia/Gaza", "/usr/share/zoneinfo/Asia/Hebron", "/usr/share/zoneinfo/Asia/Ho_Chi_Minh", "/usr/share/zoneinfo/Asia/Hong_Kong", "/usr/share/zoneinfo/Asia/Hovd", "/usr/share/zoneinfo/Asia/Irkutsk", "/usr/share/zoneinfo/Asia/Jakarta", "/usr/share/zoneinfo/Asia/Jayapura", "/usr/share/zoneinfo/Asia/Jerusalem", "/usr/share/zoneinfo/Asia/Kabul", "/usr/share/zoneinfo/Asia/Kamchatka", "/usr/share/zoneinfo/Asia/Karachi", "/usr/share/zoneinfo/Asia/Kathmandu", "/usr/share/zoneinfo/Asia/Khandyga", "/usr/share/zoneinfo/Asia/Kolkata", "/usr/share/zoneinfo/Asia/Krasnoyarsk", "/usr/share/zoneinfo/Asia/Kuala_Lumpur", "/usr/share/zoneinfo/Asia/Kuching", "/usr/share/zoneinfo/Asia/Kuwait", "/usr/share/zoneinfo/Asia/Macau", "/usr/share/zoneinfo/Asia/Magadan", "/usr/share/zoneinfo/Asia/Makassar", "/usr/share/zoneinfo/Asia/Manila", "/usr/share/zoneinfo/Asia/Muscat", "/usr/share/zoneinfo/Asia/Nicosia", "/usr/share/zoneinfo/Asia/Novokuznetsk", "/usr/share/zoneinfo/Asia/Novosibirsk", "/usr/share/zoneinfo/Asia/Omsk", "/usr/share/zoneinfo/Asia/Oral", "/usr/share/zoneinfo/Asia/Phnom_Penh", "/usr/share/zoneinfo/Asia/Pontianak", "/usr/share/zoneinfo/Asia/Pyongyang", "/usr/share/zoneinfo/Asia/Qatar", "/usr/share/zoneinfo/Asia/Qostanay", "/usr/share/zoneinfo/Asia/Qyzylorda", "/usr/share/zoneinfo/Asia/Riyadh", "/usr/share/zoneinfo/Asia/Sakhalin", "/usr/share/zoneinfo/Asia/Samarkand", "/usr/share/zoneinfo/Asia/Seoul", "/usr/share/zoneinfo/Asia/Shanghai", "/usr/share/zoneinfo/Asia/Singapore", "/usr/share/zoneinfo/Asia/Srednekolymsk", "/usr/share/zoneinfo/Asia/Taipei", "/usr/share/zoneinfo/Asia/Tashkent", "/usr/share/zoneinfo/Asia/Tbilisi", "/usr/share/zoneinfo/Asia/Tehran", "/usr/share/zoneinfo/Asia/Thimphu", "/usr/share/zoneinfo/Asia/Tokyo", "/usr/share/zoneinfo/Asia/Tomsk", "/usr/share/zoneinfo/Asia/Ulaanbaatar", "/usr/share/zoneinfo/Asia/Urumqi", "/usr/share/zoneinfo/Asia/Ust-Nera", "/usr/share/zoneinfo/Asia/Vientiane", "/usr/share/zoneinfo/Asia/Vladivostok", "/usr/share/zoneinfo/Asia/Yakutsk", "/usr/share/zoneinfo/Asia/Yangon", "/usr/share/zoneinfo/Asia/Yekaterinburg", "/usr/share/zoneinfo/Asia/Yerevan", "/usr/share/zoneinfo/Atlantic/Azores", "/usr/share/zoneinfo/Atlantic/Bermuda", "/usr/share/zoneinfo/Atlantic/Canary", "/usr/share/zoneinfo/Atlantic/Cape_Verde", "/usr/share/zoneinfo/Atlantic/Faroe", "/usr/share/zoneinfo/Atlantic/Madeira", "/usr/share/zoneinfo/Atlantic/Reykjavik", "/usr/share/zoneinfo/Atlantic/South_Georgia", "/usr/share/zoneinfo/Atlantic/St_Helena", "/usr/share/zoneinfo/Atlantic/Stanley", "/usr/share/zoneinfo/Australia/Adelaide", "/usr/share/zoneinfo/Australia/Brisbane", "/usr/share/zoneinfo/Australia/Broken_Hill", "/usr/share/zoneinfo/Australia/Darwin", "/usr/share/zoneinfo/Australia/Eucla", "/usr/share/zoneinfo/Australia/Hobart", "/usr/share/zoneinfo/Australia/Lindeman", "/usr/share/zoneinfo/Australia/Lord_Howe", "/usr/share/zoneinfo/Australia/Melbourne", "/usr/share/zoneinfo/Australia/Perth", "/usr/share/zoneinfo/Australia/Sydney", "/usr/share/zoneinfo/Etc/GMT", "/usr/share/zoneinfo/Etc/GMT+1", "/usr/share/zoneinfo/Etc/GMT+10", "/usr/share/zoneinfo/Etc/GMT+11", "/usr/share/zoneinfo/Etc/GMT+12", "/usr/share/zoneinfo/Etc/GMT+2", "/usr/share/zoneinfo/Etc/GMT+3", "/usr/share/zoneinfo/Etc/GMT+4", "/usr/share/zoneinfo/Etc/GMT+5", "/usr/share/zoneinfo/Etc/GMT+6", "/usr/share/zoneinfo/Etc/GMT+7", "/usr/share/zoneinfo/Etc/GMT+8", "/usr/share/zoneinfo/Etc/GMT+9", "/usr/share/zoneinfo/Etc/GMT-1", "/usr/share/zoneinfo/Etc/GMT-10", "/usr/share/zoneinfo/Etc/GMT-11", "/usr/share/zoneinfo/Etc/GMT-12", "/usr/share/zoneinfo/Etc/GMT-13", "/usr/share/zoneinfo/Etc/GMT-14", "/usr/share/zoneinfo/Etc/GMT-2", "/usr/share/zoneinfo/Etc/GMT-3", "/usr/share/zoneinfo/Etc/GMT-4", "/usr/share/zoneinfo/Etc/GMT-5", "/usr/share/zoneinfo/Etc/GMT-6", "/usr/share/zoneinfo/Etc/GMT-7", "/usr/share/zoneinfo/Etc/GMT-8", "/usr/share/zoneinfo/Etc/GMT-9", "/usr/share/zoneinfo/Etc/UTC", "/usr/share/zoneinfo/Europe/Amsterdam", "/usr/share/zoneinfo/Europe/Andorra", "/usr/share/zoneinfo/Europe/Astrakhan", "/usr/share/zoneinfo/Europe/Athens", "/usr/share/zoneinfo/Europe/Belgrade", "/usr/share/zoneinfo/Europe/Berlin", "/usr/share/zoneinfo/Europe/Brussels", "/usr/share/zoneinfo/Europe/Bucharest", "/usr/share/zoneinfo/Europe/Budapest", "/usr/share/zoneinfo/Europe/Chisinau", "/usr/share/zoneinfo/Europe/Copenhagen", "/usr/share/zoneinfo/Europe/Dublin", "/usr/share/zoneinfo/Europe/Gibraltar", "/usr/share/zoneinfo/Europe/Guernsey", "/usr/share/zoneinfo/Europe/Helsinki", "/usr/share/zoneinfo/Europe/Isle_of_Man", "/usr/share/zoneinfo/Europe/Istanbul", "/usr/share/zoneinfo/Europe/Jersey", "/usr/share/zoneinfo/Europe/Kaliningrad", "/usr/share/zoneinfo/Europe/Kirov", "/usr/share/zoneinfo/Europe/Kyiv", "/usr/share/zoneinfo/Europe/Lisbon", "/usr/share/zoneinfo/Europe/Ljubljana", "/usr/share/zoneinfo/Europe/London", "/usr/share/zoneinfo/Europe/Luxembourg", "/usr/share/zoneinfo/Europe/Madrid", "/usr/share/zoneinfo/Europe/Malta", "/usr/share/zoneinfo/Europe/Minsk", "/usr/share/zoneinfo/Europe/Monaco", "/usr/share/zoneinfo/Europe/Moscow", "/usr/share/zoneinfo/Europe/Oslo", "/usr/share/zoneinfo/Europe/Paris", "/usr/share/zoneinfo/Europe/Prague", "/usr/share/zoneinfo/Europe/Riga", "/usr/share/zoneinfo/Europe/Rome", "/usr/share/zoneinfo/Europe/Samara", "/usr/share/zoneinfo/Europe/Sarajevo", "/usr/share/zoneinfo/Europe/Saratov", "/usr/share/zoneinfo/Europe/Simferopol", "/usr/share/zoneinfo/Europe/Skopje", "/usr/share/zoneinfo/Europe/Sofia", "/usr/share/zoneinfo/Europe/Stockholm", "/usr/share/zoneinfo/Europe/Tallinn", "/usr/share/zoneinfo/Europe/Tirane", "/usr/share/zoneinfo/Europe/Ulyanovsk", "/usr/share/zoneinfo/Europe/Vaduz", "/usr/share/zoneinfo/Europe/Vienna", "/usr/share/zoneinfo/Europe/Vilnius", "/usr/share/zoneinfo/Europe/Volgograd", "/usr/share/zoneinfo/Europe/Warsaw", "/usr/share/zoneinfo/Europe/Zagreb", "/usr/share/zoneinfo/Europe/Zurich", "/usr/share/zoneinfo/Factory", "/usr/share/zoneinfo/Indian/Antananarivo", "/usr/share/zoneinfo/Indian/Chagos", "/usr/share/zoneinfo/Indian/Christmas", "/usr/share/zoneinfo/Indian/Cocos", "/usr/share/zoneinfo/Indian/Comoro", "/usr/share/zoneinfo/Indian/Kerguelen", "/usr/share/zoneinfo/Indian/Mahe", "/usr/share/zoneinfo/Indian/Maldives", "/usr/share/zoneinfo/Indian/Mauritius", "/usr/share/zoneinfo/Indian/Mayotte", "/usr/share/zoneinfo/Indian/Reunion", "/usr/share/zoneinfo/Pacific/Apia", "/usr/share/zoneinfo/Pacific/Auckland", "/usr/share/zoneinfo/Pacific/Bougainville", "/usr/share/zoneinfo/Pacific/Chatham", "/usr/share/zoneinfo/Pacific/Chuuk", "/usr/share/zoneinfo/Pacific/Easter", "/usr/share/zoneinfo/Pacific/Efate", "/usr/share/zoneinfo/Pacific/Fakaofo", "/usr/share/zoneinfo/Pacific/Fiji", "/usr/share/zoneinfo/Pacific/Funafuti", "/usr/share/zoneinfo/Pacific/Galapagos", "/usr/share/zoneinfo/Pacific/Gambier", "/usr/share/zoneinfo/Pacific/Guadalcanal", "/usr/share/zoneinfo/Pacific/Guam", "/usr/share/zoneinfo/Pacific/Honolulu", "/usr/share/zoneinfo/Pacific/Kanton", "/usr/share/zoneinfo/Pacific/Kiritimati", "/usr/share/zoneinfo/Pacific/Kosrae", "/usr/share/zoneinfo/Pacific/Kwajalein", "/usr/share/zoneinfo/Pacific/Majuro", "/usr/share/zoneinfo/Pacific/Marquesas", "/usr/share/zoneinfo/Pacific/Midway", "/usr/share/zoneinfo/Pacific/Nauru", "/usr/share/zoneinfo/Pacific/Niue", "/usr/share/zoneinfo/Pacific/Norfolk", "/usr/share/zoneinfo/Pacific/Noumea", "/usr/share/zoneinfo/Pacific/Pago_Pago", "/usr/share/zoneinfo/Pacific/Palau", "/usr/share/zoneinfo/Pacific/Pitcairn", "/usr/share/zoneinfo/Pacific/Pohnpei", "/usr/share/zoneinfo/Pacific/Port_Moresby", "/usr/share/zoneinfo/Pacific/Rarotonga", "/usr/share/zoneinfo/Pacific/Saipan", "/usr/share/zoneinfo/Pacific/Tahiti", "/usr/share/zoneinfo/Pacific/Tarawa", "/usr/share/zoneinfo/Pacific/Tongatapu", "/usr/share/zoneinfo/Pacific/Wake", "/usr/share/zoneinfo/Pacific/Wallis", "/usr/share/zoneinfo/iso3166.tab", "/usr/share/zoneinfo/leap-seconds.list", "/usr/share/zoneinfo/leapseconds", "/usr/share/zoneinfo/tzdata.zi", "/usr/share/zoneinfo/zone.tab", "/usr/share/zoneinfo/zone1970.tab", "/usr/share/zoneinfo/zonenow.tab" ], "AnalyzedBy": "dpkg" }, { "ID": "util-linux@2.41-5", "Name": "util-linux", "Identifier": { "PURL": "pkg:deb/debian/util-linux@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "972fb85b9c9e83e7" }, "Version": "2.41", "Release": "5", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/choom", "/usr/bin/chrt", "/usr/bin/dmesg", "/usr/bin/fallocate", "/usr/bin/findmnt", "/usr/bin/flock", "/usr/bin/getopt", "/usr/bin/hardlink", "/usr/bin/ionice", "/usr/bin/ipcmk", "/usr/bin/ipcrm", "/usr/bin/ipcs", "/usr/bin/lsblk", "/usr/bin/lscpu", "/usr/bin/lsipc", "/usr/bin/lslocks", "/usr/bin/lslogins", "/usr/bin/lsmem", "/usr/bin/lsns", "/usr/bin/mcookie", "/usr/bin/more", "/usr/bin/mountpoint", "/usr/bin/namei", "/usr/bin/nsenter", "/usr/bin/partx", "/usr/bin/prlimit", "/usr/bin/rename.ul", "/usr/bin/rev", "/usr/bin/setarch", "/usr/bin/setpriv", "/usr/bin/setsid", "/usr/bin/setterm", "/usr/bin/su", "/usr/bin/taskset", "/usr/bin/uclampset", "/usr/bin/unshare", "/usr/bin/wdctl", "/usr/bin/whereis", "/usr/lib/mime/packages/util-linux", "/usr/lib/systemd/system/fstrim.service", "/usr/lib/systemd/system/fstrim.timer", "/usr/sbin/agetty", "/usr/sbin/blkdiscard", "/usr/sbin/blkid", "/usr/sbin/blkzone", "/usr/sbin/blockdev", "/usr/sbin/chcpu", "/usr/sbin/chmem", "/usr/sbin/findfs", "/usr/sbin/fsck", "/usr/sbin/fsfreeze", "/usr/sbin/fstrim", "/usr/sbin/isosize", "/usr/sbin/ldattach", "/usr/sbin/mkfs", "/usr/sbin/mkswap", "/usr/sbin/pivot_root", "/usr/sbin/readprofile", "/usr/sbin/rtcwake", "/usr/sbin/runuser", "/usr/sbin/sulogin", "/usr/sbin/swaplabel", "/usr/sbin/switch_root", "/usr/sbin/wipefs", "/usr/sbin/zramctl", "/usr/share/bash-completion/completions/blkdiscard", "/usr/share/bash-completion/completions/blkid", "/usr/share/bash-completion/completions/blkzone", "/usr/share/bash-completion/completions/blockdev", "/usr/share/bash-completion/completions/chcpu", "/usr/share/bash-completion/completions/chmem", "/usr/share/bash-completion/completions/chrt", "/usr/share/bash-completion/completions/dmesg", "/usr/share/bash-completion/completions/fallocate", "/usr/share/bash-completion/completions/findfs", "/usr/share/bash-completion/completions/findmnt", "/usr/share/bash-completion/completions/flock", "/usr/share/bash-completion/completions/fsck", "/usr/share/bash-completion/completions/fsfreeze", "/usr/share/bash-completion/completions/fstrim", "/usr/share/bash-completion/completions/getopt", "/usr/share/bash-completion/completions/hardlink", "/usr/share/bash-completion/completions/ionice", "/usr/share/bash-completion/completions/ipcmk", "/usr/share/bash-completion/completions/ipcrm", "/usr/share/bash-completion/completions/ipcs", "/usr/share/bash-completion/completions/isosize", "/usr/share/bash-completion/completions/ldattach", "/usr/share/bash-completion/completions/lsblk", "/usr/share/bash-completion/completions/lscpu", "/usr/share/bash-completion/completions/lsipc", "/usr/share/bash-completion/completions/lslocks", "/usr/share/bash-completion/completions/lslogins", "/usr/share/bash-completion/completions/lsmem", "/usr/share/bash-completion/completions/lsns", "/usr/share/bash-completion/completions/mcookie", "/usr/share/bash-completion/completions/mkfs", "/usr/share/bash-completion/completions/mkswap", "/usr/share/bash-completion/completions/more", "/usr/share/bash-completion/completions/mountpoint", "/usr/share/bash-completion/completions/namei", "/usr/share/bash-completion/completions/nsenter", "/usr/share/bash-completion/completions/partx", "/usr/share/bash-completion/completions/pivot_root", "/usr/share/bash-completion/completions/prlimit", "/usr/share/bash-completion/completions/readprofile", "/usr/share/bash-completion/completions/rename.ul", "/usr/share/bash-completion/completions/rev", "/usr/share/bash-completion/completions/rtcwake", "/usr/share/bash-completion/completions/setarch", "/usr/share/bash-completion/completions/setpriv", "/usr/share/bash-completion/completions/setsid", "/usr/share/bash-completion/completions/setterm", "/usr/share/bash-completion/completions/su", "/usr/share/bash-completion/completions/swaplabel", "/usr/share/bash-completion/completions/taskset", "/usr/share/bash-completion/completions/uclampset", "/usr/share/bash-completion/completions/unshare", "/usr/share/bash-completion/completions/wdctl", "/usr/share/bash-completion/completions/whereis", "/usr/share/bash-completion/completions/wipefs", "/usr/share/bash-completion/completions/zramctl", "/usr/share/doc/util-linux/00-about-docs.txt", "/usr/share/doc/util-linux/AUTHORS.gz", "/usr/share/doc/util-linux/NEWS.Debian.gz", "/usr/share/doc/util-linux/PAM-configuration.txt", "/usr/share/doc/util-linux/README.Debian", "/usr/share/doc/util-linux/blkid.txt", "/usr/share/doc/util-linux/cal.txt", "/usr/share/doc/util-linux/changelog.Debian.gz", "/usr/share/doc/util-linux/changelog.gz", "/usr/share/doc/util-linux/col.txt", "/usr/share/doc/util-linux/copyright", "/usr/share/doc/util-linux/deprecated.txt", "/usr/share/doc/util-linux/examples/getopt-example.bash", "/usr/share/doc/util-linux/getopt.txt", "/usr/share/doc/util-linux/getopt_changelog.txt", "/usr/share/doc/util-linux/howto-build-sys.txt", "/usr/share/doc/util-linux/howto-compilation.txt", "/usr/share/doc/util-linux/howto-contribute.txt.gz", "/usr/share/doc/util-linux/howto-debug.txt", "/usr/share/doc/util-linux/howto-man-page.txt", "/usr/share/doc/util-linux/howto-pull-request.txt.gz", "/usr/share/doc/util-linux/howto-tests.txt", "/usr/share/doc/util-linux/howto-usage-function.txt.gz", "/usr/share/doc/util-linux/hwclock.txt", "/usr/share/doc/util-linux/modems-with-agetty.txt", "/usr/share/doc/util-linux/mount.txt", "/usr/share/doc/util-linux/parse-date.txt.gz", "/usr/share/doc/util-linux/pg.txt", "/usr/share/doc/util-linux/poeigl.txt.gz", "/usr/share/doc/util-linux/release-schedule.txt", "/usr/share/doc/util-linux/releases/v2.13-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.14-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.15-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.16-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.17-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.18-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.19-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.20-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.21-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.22-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.23-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.24-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.25-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.26-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.27-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.28-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.29-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.30-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.31-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.32-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.33-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.34-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.35-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.36-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.37-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.38-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.39-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.40-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.41-ReleaseNotes.gz", "/usr/share/lintian/overrides/util-linux", "/usr/share/man/man1/choom.1.gz", "/usr/share/man/man1/chrt.1.gz", "/usr/share/man/man1/dmesg.1.gz", "/usr/share/man/man1/fallocate.1.gz", "/usr/share/man/man1/flock.1.gz", "/usr/share/man/man1/getopt.1.gz", "/usr/share/man/man1/hardlink.1.gz", "/usr/share/man/man1/ionice.1.gz", "/usr/share/man/man1/ipcmk.1.gz", "/usr/share/man/man1/ipcrm.1.gz", "/usr/share/man/man1/ipcs.1.gz", "/usr/share/man/man1/lscpu.1.gz", "/usr/share/man/man1/lsipc.1.gz", "/usr/share/man/man1/lslogins.1.gz", "/usr/share/man/man1/lsmem.1.gz", "/usr/share/man/man1/mcookie.1.gz", "/usr/share/man/man1/more.1.gz", "/usr/share/man/man1/mountpoint.1.gz", "/usr/share/man/man1/namei.1.gz", "/usr/share/man/man1/nsenter.1.gz", "/usr/share/man/man1/prlimit.1.gz", "/usr/share/man/man1/rename.ul.1.gz", "/usr/share/man/man1/rev.1.gz", "/usr/share/man/man1/runuser.1.gz", "/usr/share/man/man1/setpriv.1.gz", "/usr/share/man/man1/setsid.1.gz", "/usr/share/man/man1/setterm.1.gz", "/usr/share/man/man1/su.1.gz", "/usr/share/man/man1/taskset.1.gz", "/usr/share/man/man1/uclampset.1.gz", "/usr/share/man/man1/unshare.1.gz", "/usr/share/man/man1/whereis.1.gz", "/usr/share/man/man5/adjtime_config.5.gz", "/usr/share/man/man5/scols-filter.5.gz", "/usr/share/man/man5/terminal-colors.d.5.gz", "/usr/share/man/man8/agetty.8.gz", "/usr/share/man/man8/blkdiscard.8.gz", "/usr/share/man/man8/blkid.8.gz", "/usr/share/man/man8/blkzone.8.gz", "/usr/share/man/man8/blockdev.8.gz", "/usr/share/man/man8/chcpu.8.gz", "/usr/share/man/man8/chmem.8.gz", "/usr/share/man/man8/findfs.8.gz", "/usr/share/man/man8/findmnt.8.gz", "/usr/share/man/man8/fsck.8.gz", "/usr/share/man/man8/fsfreeze.8.gz", "/usr/share/man/man8/fstrim.8.gz", "/usr/share/man/man8/isosize.8.gz", "/usr/share/man/man8/ldattach.8.gz", "/usr/share/man/man8/lsblk.8.gz", "/usr/share/man/man8/lslocks.8.gz", "/usr/share/man/man8/lsns.8.gz", "/usr/share/man/man8/mkfs.8.gz", "/usr/share/man/man8/mkswap.8.gz", "/usr/share/man/man8/partx.8.gz", "/usr/share/man/man8/pivot_root.8.gz", "/usr/share/man/man8/readprofile.8.gz", "/usr/share/man/man8/rtcwake.8.gz", "/usr/share/man/man8/setarch.8.gz", "/usr/share/man/man8/sulogin.8.gz", "/usr/share/man/man8/swaplabel.8.gz", "/usr/share/man/man8/switch_root.8.gz", "/usr/share/man/man8/wdctl.8.gz", "/usr/share/man/man8/wipefs.8.gz", "/usr/share/man/man8/zramctl.8.gz", "/usr/share/util-linux/logcheck/ignore.d.server/util-linux" ], "AnalyzedBy": "dpkg" }, { "ID": "zlib1g@1:1.3.dfsg+really1.3.1-1+b1", "Name": "zlib1g", "Identifier": { "PURL": "pkg:deb/debian/zlib1g@1.3.dfsg%2Breally1.3.1-1%2Bb1?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "ff182eb2a26a8142" }, "Version": "1.3.dfsg+really1.3.1", "Release": "1+b1", "Epoch": 1, "Arch": "amd64", "SrcName": "zlib", "SrcVersion": "1.3.dfsg+really1.3.1", "SrcRelease": "1", "SrcEpoch": 1, "Licenses": [ "Zlib" ], "Maintainer": "Mark Brown \u003cbroonie@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libz.so.1.3.1", "/usr/share/doc/zlib1g/changelog.Debian.amd64.gz", "/usr/share/doc/zlib1g/changelog.Debian.gz", "/usr/share/doc/zlib1g/changelog.gz", "/usr/share/doc/zlib1g/copyright" ], "AnalyzedBy": "dpkg" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2026-27456", "PkgID": "bsdutils@1:2.41-5", "PkgName": "bsdutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/bsdutils@2.41-5?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "5843733a461e6ce1" }, "InstalledVersion": "1:2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:bf01be62fdb94a50f06cf15240849408e2bfd24613f8942a9b312e8bec223079", "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59", "CWE-269", "CWE-367" ], "VendorSeverity": { "azure": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27456", "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "https://www.cve.org/CVERecord?id=CVE-2026-27456" ], "PublishedDate": "2026-04-03T22:16:25.4Z", "LastModifiedDate": "2026-04-22T16:08:55.1Z" }, { "VulnerabilityID": "CVE-2026-3184", "PkgID": "bsdutils@1:2.41-5", "PkgName": "bsdutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/bsdutils@2.41-5?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "5843733a461e6ce1" }, "InstalledVersion": "1:2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:a66355654759c81e952338a564f50af6c1cac2abe1f3d2987bbe53781cd85e1a", "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", "Severity": "MEDIUM", "CweIDs": [ "CWE-289" ], "VendorSeverity": { "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7180", "https://access.redhat.com/security/cve/CVE-2026-3184", "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", "https://www.cve.org/CVERecord?id=CVE-2026-3184" ], "PublishedDate": "2026-04-03T19:17:23.377Z", "LastModifiedDate": "2026-05-01T19:29:51.02Z" }, { "VulnerabilityID": "CVE-2026-27456", "PkgID": "libblkid1@2.41-5", "PkgName": "libblkid1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libblkid1@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "51bf0af8d40f4a01" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:0be34f71c1247c4a042dd0de56b09025ef719df9b53982d40ec37570d8dae439", "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59", "CWE-269", "CWE-367" ], "VendorSeverity": { "azure": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27456", "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "https://www.cve.org/CVERecord?id=CVE-2026-27456" ], "PublishedDate": "2026-04-03T22:16:25.4Z", "LastModifiedDate": "2026-04-22T16:08:55.1Z" }, { "VulnerabilityID": "CVE-2026-3184", "PkgID": "libblkid1@2.41-5", "PkgName": "libblkid1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libblkid1@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "51bf0af8d40f4a01" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:3246ccb859267f9a3208d111acad90c2b5138a30b8331930b3e507b3af7f4a25", "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", "Severity": "MEDIUM", "CweIDs": [ "CWE-289" ], "VendorSeverity": { "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7180", "https://access.redhat.com/security/cve/CVE-2026-3184", "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", "https://www.cve.org/CVERecord?id=CVE-2026-3184" ], "PublishedDate": "2026-04-03T19:17:23.377Z", "LastModifiedDate": "2026-05-01T19:29:51.02Z" }, { "VulnerabilityID": "CVE-2026-5435", "PkgID": "libc-bin@2.41-12+deb13u3", "PkgName": "libc-bin", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc-bin@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", "UID": "c45af597301c8c0b" }, "InstalledVersion": "2.41-12+deb13u3", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5435", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:1cb74edfc808a6fd01780751b6f9fb68069a8cb8b983cdc0ebfc994148c92116", "Title": "glibc: glibc: Out-of-bounds write via TSIG record processing", "Description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-5435", "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2026-5435", "https://sourceware.org/bugzilla/show_bug.cgi?id=34033", "https://www.cve.org/CVERecord?id=CVE-2026-5435" ], "PublishedDate": "2026-04-28T13:19:22.29Z", "LastModifiedDate": "2026-05-05T17:38:37.03Z" }, { "VulnerabilityID": "CVE-2026-5450", "PkgID": "libc-bin@2.41-12+deb13u3", "PkgName": "libc-bin", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc-bin@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", "UID": "c45af597301c8c0b" }, "InstalledVersion": "2.41-12+deb13u3", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5450", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:2725fe189be5d29641169f9afea7cb0b3991966648a68b32f24afe7a55be6206", "Title": "glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width", "Description": "Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.", "Severity": "MEDIUM", "CweIDs": [ "CWE-122", "CWE-787" ], "VendorSeverity": { "photon": 4, "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H", "V3Score": 5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-5450", "https://inbox.sourceware.org/libc-announce/b11f0003-6ec1-4bd6-b9de-9e38a4efeca3@redhat.com/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2026-5450", "https://nvd.nist.gov/vuln/detail/CVE-2026-5450#range-21286997", "https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450", "https://www.cve.org/CVERecord?id=CVE-2026-5450" ], "PublishedDate": "2026-04-20T21:16:36.85Z", "LastModifiedDate": "2026-04-23T15:33:34.277Z" }, { "VulnerabilityID": "CVE-2026-5928", "PkgID": "libc-bin@2.41-12+deb13u3", "PkgName": "libc-bin", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc-bin@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", "UID": "c45af597301c8c0b" }, "InstalledVersion": "2.41-12+deb13u3", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5928", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:93921d0e9e0f68cc350ab4e74076bca6dd104c8e925ddbdfde2d2a6136f55428", "Title": "glibc: glibc: Information disclosure or denial of service via ungetwc function with specific wide character encodings", "Description": "Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially resulting in unintentional disclosure of neighboring data in the heap, or a program crash.\n\nA bug in the wide character pushback implementation (_IO_wdefault_pbackfail in libio/wgenops.c) causes ungetwc() to operate on the regular character buffer (fp-\u003e_IO_read_ptr) instead of the actual wide-stream read pointer (fp-\u003e_wide_data-\u003e_IO_read_ptr). The program crash may happen in cases where fp-\u003e_IO_read_ptr is not initialized and hence points to NULL. The buffer under-read requires a special situation where the input character encoding is such that there are overlaps between single byte representations and multibyte representations in that encoding, resulting in spurious matches. The spurious match case is not possible in the standard Unicode character sets.", "Severity": "MEDIUM", "CweIDs": [ "CWE-127" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H", "V3Score": 5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-5928", "https://nvd.nist.gov/vuln/detail/CVE-2026-5928", "https://sourceware.org/bugzilla/show_bug.cgi?id=33998", "https://www.cve.org/CVERecord?id=CVE-2026-5928" ], "PublishedDate": "2026-04-20T21:16:36.963Z", "LastModifiedDate": "2026-04-23T15:33:43.69Z" }, { "VulnerabilityID": "CVE-2026-6238", "PkgID": "libc-bin@2.41-12+deb13u3", "PkgName": "libc-bin", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc-bin@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", "UID": "c45af597301c8c0b" }, "InstalledVersion": "2.41-12+deb13u3", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6238", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:ffd5c74a5d7fc10b9a76a9a89f91dddc33d784620c41d48536da03a332e36406", "Title": "glibc: glibc: Application crash or uninitialized memory read via crafted DNS response", "Description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory.\n\nThese functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions.", "Severity": "MEDIUM", "CweIDs": [ "CWE-126" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-6238", "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2026-6238", "https://sourceware.org/bugzilla/show_bug.cgi?id=34069", "https://www.cve.org/CVERecord?id=CVE-2026-6238" ], "PublishedDate": "2026-04-28T19:37:47.523Z", "LastModifiedDate": "2026-05-04T17:57:24.007Z" }, { "VulnerabilityID": "CVE-2026-5435", "PkgID": "libc6@2.41-12+deb13u3", "PkgName": "libc6", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", "UID": "2a1acf211abcdd46" }, "InstalledVersion": "2.41-12+deb13u3", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5435", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:c7eb8dd93abbd9435b4f5dad521d02941b341b622d6224bd6193e262f978c00f", "Title": "glibc: glibc: Out-of-bounds write via TSIG record processing", "Description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-5435", "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2026-5435", "https://sourceware.org/bugzilla/show_bug.cgi?id=34033", "https://www.cve.org/CVERecord?id=CVE-2026-5435" ], "PublishedDate": "2026-04-28T13:19:22.29Z", "LastModifiedDate": "2026-05-05T17:38:37.03Z" }, { "VulnerabilityID": "CVE-2026-5450", "PkgID": "libc6@2.41-12+deb13u3", "PkgName": "libc6", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", "UID": "2a1acf211abcdd46" }, "InstalledVersion": "2.41-12+deb13u3", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5450", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:f8ab117ef43c4591ed5ec8d9601fc7fb06695246d29c7b9f04ebd2be9b40c0df", "Title": "glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width", "Description": "Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.", "Severity": "MEDIUM", "CweIDs": [ "CWE-122", "CWE-787" ], "VendorSeverity": { "photon": 4, "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H", "V3Score": 5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-5450", "https://inbox.sourceware.org/libc-announce/b11f0003-6ec1-4bd6-b9de-9e38a4efeca3@redhat.com/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2026-5450", "https://nvd.nist.gov/vuln/detail/CVE-2026-5450#range-21286997", "https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450", "https://www.cve.org/CVERecord?id=CVE-2026-5450" ], "PublishedDate": "2026-04-20T21:16:36.85Z", "LastModifiedDate": "2026-04-23T15:33:34.277Z" }, { "VulnerabilityID": "CVE-2026-5928", "PkgID": "libc6@2.41-12+deb13u3", "PkgName": "libc6", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", "UID": "2a1acf211abcdd46" }, "InstalledVersion": "2.41-12+deb13u3", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5928", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:14285b2b7e7fde005487b5408ebc8cf6979d1f788390492fca75f862b921c6b4", "Title": "glibc: glibc: Information disclosure or denial of service via ungetwc function with specific wide character encodings", "Description": "Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially resulting in unintentional disclosure of neighboring data in the heap, or a program crash.\n\nA bug in the wide character pushback implementation (_IO_wdefault_pbackfail in libio/wgenops.c) causes ungetwc() to operate on the regular character buffer (fp-\u003e_IO_read_ptr) instead of the actual wide-stream read pointer (fp-\u003e_wide_data-\u003e_IO_read_ptr). The program crash may happen in cases where fp-\u003e_IO_read_ptr is not initialized and hence points to NULL. The buffer under-read requires a special situation where the input character encoding is such that there are overlaps between single byte representations and multibyte representations in that encoding, resulting in spurious matches. The spurious match case is not possible in the standard Unicode character sets.", "Severity": "MEDIUM", "CweIDs": [ "CWE-127" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H", "V3Score": 5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-5928", "https://nvd.nist.gov/vuln/detail/CVE-2026-5928", "https://sourceware.org/bugzilla/show_bug.cgi?id=33998", "https://www.cve.org/CVERecord?id=CVE-2026-5928" ], "PublishedDate": "2026-04-20T21:16:36.963Z", "LastModifiedDate": "2026-04-23T15:33:43.69Z" }, { "VulnerabilityID": "CVE-2026-6238", "PkgID": "libc6@2.41-12+deb13u3", "PkgName": "libc6", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", "UID": "2a1acf211abcdd46" }, "InstalledVersion": "2.41-12+deb13u3", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6238", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:7c950ded43411c5b62b1f75407086be2314a69a729a81c0fc2e4639638b43baf", "Title": "glibc: glibc: Application crash or uninitialized memory read via crafted DNS response", "Description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory.\n\nThese functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions.", "Severity": "MEDIUM", "CweIDs": [ "CWE-126" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-6238", "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2026-6238", "https://sourceware.org/bugzilla/show_bug.cgi?id=34069", "https://www.cve.org/CVERecord?id=CVE-2026-6238" ], "PublishedDate": "2026-04-28T19:37:47.523Z", "LastModifiedDate": "2026-05-04T17:57:24.007Z" }, { "VulnerabilityID": "CVE-2026-27456", "PkgID": "liblastlog2-2@2.41-5", "PkgName": "liblastlog2-2", "PkgIdentifier": { "PURL": "pkg:deb/debian/liblastlog2-2@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "eb4f5430aea34a10" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:e6ae6234a8535f78e42173fd337f45f34d2116e133d8b47c8b8058ad1341c0b0", "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59", "CWE-269", "CWE-367" ], "VendorSeverity": { "azure": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27456", "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "https://www.cve.org/CVERecord?id=CVE-2026-27456" ], "PublishedDate": "2026-04-03T22:16:25.4Z", "LastModifiedDate": "2026-04-22T16:08:55.1Z" }, { "VulnerabilityID": "CVE-2026-3184", "PkgID": "liblastlog2-2@2.41-5", "PkgName": "liblastlog2-2", "PkgIdentifier": { "PURL": "pkg:deb/debian/liblastlog2-2@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "eb4f5430aea34a10" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:3ab60107f6ae98e4c911144e9cd427855c8729560110af1f188b8d270f36dbf4", "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", "Severity": "MEDIUM", "CweIDs": [ "CWE-289" ], "VendorSeverity": { "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7180", "https://access.redhat.com/security/cve/CVE-2026-3184", "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", "https://www.cve.org/CVERecord?id=CVE-2026-3184" ], "PublishedDate": "2026-04-03T19:17:23.377Z", "LastModifiedDate": "2026-05-01T19:29:51.02Z" }, { "VulnerabilityID": "CVE-2026-34743", "PkgID": "liblzma5@5.8.1-1", "PkgName": "liblzma5", "PkgIdentifier": { "PURL": "pkg:deb/debian/liblzma5@5.8.1-1?arch=amd64\u0026distro=debian-13.5", "UID": "d7b58e04f1a265ed" }, "InstalledVersion": "5.8.1-1", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34743", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:b263025b4dc9edf31670d17207c20713028927beb350236806dc3db4d3ff5566", "Title": "xz: XZ Utils: Denial of Service via buffer overflow in index decoding", "Description": "XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.", "Severity": "MEDIUM", "CweIDs": [ "CWE-122" ], "VendorSeverity": { "azure": 1, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/31/13", "https://access.redhat.com/security/cve/CVE-2026-34743", "https://github.com/tukaani-project/xz/commit/c8c22869e780ff57c96b46939c3d79ff99395f87", "https://github.com/tukaani-project/xz/releases/tag/v5.8.3", "https://github.com/tukaani-project/xz/security/advisories/GHSA-x872-m794-cxhv", "https://nvd.nist.gov/vuln/detail/CVE-2026-34743", "https://www.cve.org/CVERecord?id=CVE-2026-34743" ], "PublishedDate": "2026-04-02T19:21:33.187Z", "LastModifiedDate": "2026-04-15T17:33:17.68Z" }, { "VulnerabilityID": "CVE-2026-27456", "PkgID": "libmount1@2.41-5", "PkgName": "libmount1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libmount1@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "84ccd0371833b76" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:6675ca620364e9fc3b283d509d0f43a3dc41cd6d9a12e1b58714fa9797f0e1dd", "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59", "CWE-269", "CWE-367" ], "VendorSeverity": { "azure": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27456", "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "https://www.cve.org/CVERecord?id=CVE-2026-27456" ], "PublishedDate": "2026-04-03T22:16:25.4Z", "LastModifiedDate": "2026-04-22T16:08:55.1Z" }, { "VulnerabilityID": "CVE-2026-3184", "PkgID": "libmount1@2.41-5", "PkgName": "libmount1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libmount1@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "84ccd0371833b76" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:6c9891f59a99d43d46eb232db7398429116df771576678dc27f834db1c84dc83", "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", "Severity": "MEDIUM", "CweIDs": [ "CWE-289" ], "VendorSeverity": { "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7180", "https://access.redhat.com/security/cve/CVE-2026-3184", "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", "https://www.cve.org/CVERecord?id=CVE-2026-3184" ], "PublishedDate": "2026-04-03T19:17:23.377Z", "LastModifiedDate": "2026-05-01T19:29:51.02Z" }, { "VulnerabilityID": "CVE-2025-69720", "PkgID": "libncursesw6@6.5+20250216-2", "PkgName": "libncursesw6", "PkgIdentifier": { "PURL": "pkg:deb/debian/libncursesw6@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.5", "UID": "5efa2a2068c240d8" }, "InstalledVersion": "6.5+20250216-2", "Status": "affected", "Layer": { "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69720", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:de05a5d93ad2278ccd0c7acc8a3996ae8db939dd91b4fda27099712fecd0bc1f", "Title": "ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.", "Description": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "Severity": "HIGH", "CweIDs": [ "CWE-121", "CWE-120" ], "VendorSeverity": { "alma": 2, "azure": 4, "cbl-mariner": 4, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:5913", "https://access.redhat.com/security/cve/CVE-2025-69720", "https://bugzilla.redhat.com/2449037", "https://bugzilla.redhat.com/show_bug.cgi?id=2449037", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69720", "https://errata.almalinux.org/10/ALSA-2026-5913.html", "https://errata.rockylinux.org/RLSA-2026:5913", "https://github.com/Cao-Wuhui/CVE-2025-69720", "https://invisible-island.net/archives/ncurses/6.5/", "https://invisible-island.net/ncurses/", "https://linux.oracle.com/cve/CVE-2025-69720.html", "https://linux.oracle.com/errata/ELSA-2026-5913.html", "https://marc.info/?l=ncurses-bug\u0026m=176539968328570\u0026w=2", "https://marc.info/?l=ncurses-bug\u0026m=176540731801330\u0026w=2", "https://marc.info/?l=ncurses-bug\u0026m=176545557728083\u0026w=2", "https://nvd.nist.gov/vuln/detail/CVE-2025-69720", "https://www.cve.org/CVERecord?id=CVE-2025-69720" ], "PublishedDate": "2026-03-19T15:16:21.293Z", "LastModifiedDate": "2026-03-26T19:35:10.547Z" }, { "VulnerabilityID": "CVE-2026-27456", "PkgID": "libsmartcols1@2.41-5", "PkgName": "libsmartcols1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsmartcols1@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "780dbec0869ab8e" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:ddb2a9c0ae85f75310d599753fbf305ee8eb8b82a404b5e1a71c657bdca3c7ee", "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59", "CWE-269", "CWE-367" ], "VendorSeverity": { "azure": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27456", "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "https://www.cve.org/CVERecord?id=CVE-2026-27456" ], "PublishedDate": "2026-04-03T22:16:25.4Z", "LastModifiedDate": "2026-04-22T16:08:55.1Z" }, { "VulnerabilityID": "CVE-2026-3184", "PkgID": "libsmartcols1@2.41-5", "PkgName": "libsmartcols1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsmartcols1@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "780dbec0869ab8e" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:d1c8280787663190938f3278d256653543b01222ef03f4f00c518da51c298a77", "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", "Severity": "MEDIUM", "CweIDs": [ "CWE-289" ], "VendorSeverity": { "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7180", "https://access.redhat.com/security/cve/CVE-2026-3184", "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", "https://www.cve.org/CVERecord?id=CVE-2026-3184" ], "PublishedDate": "2026-04-03T19:17:23.377Z", "LastModifiedDate": "2026-05-01T19:29:51.02Z" }, { "VulnerabilityID": "CVE-2025-69720", "PkgID": "libtinfo6@6.5+20250216-2", "PkgName": "libtinfo6", "PkgIdentifier": { "PURL": "pkg:deb/debian/libtinfo6@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.5", "UID": "ba2c2b464f07108a" }, "InstalledVersion": "6.5+20250216-2", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69720", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:f9b82d136b60dd816e412c552dcebfc2229c4d7db3ae00c86b30c392bab15623", "Title": "ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.", "Description": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "Severity": "HIGH", "CweIDs": [ "CWE-121", "CWE-120" ], "VendorSeverity": { "alma": 2, "azure": 4, "cbl-mariner": 4, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:5913", "https://access.redhat.com/security/cve/CVE-2025-69720", "https://bugzilla.redhat.com/2449037", "https://bugzilla.redhat.com/show_bug.cgi?id=2449037", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69720", "https://errata.almalinux.org/10/ALSA-2026-5913.html", "https://errata.rockylinux.org/RLSA-2026:5913", "https://github.com/Cao-Wuhui/CVE-2025-69720", "https://invisible-island.net/archives/ncurses/6.5/", "https://invisible-island.net/ncurses/", "https://linux.oracle.com/cve/CVE-2025-69720.html", "https://linux.oracle.com/errata/ELSA-2026-5913.html", "https://marc.info/?l=ncurses-bug\u0026m=176539968328570\u0026w=2", "https://marc.info/?l=ncurses-bug\u0026m=176540731801330\u0026w=2", "https://marc.info/?l=ncurses-bug\u0026m=176545557728083\u0026w=2", "https://nvd.nist.gov/vuln/detail/CVE-2025-69720", "https://www.cve.org/CVERecord?id=CVE-2025-69720" ], "PublishedDate": "2026-03-19T15:16:21.293Z", "LastModifiedDate": "2026-03-26T19:35:10.547Z" }, { "VulnerabilityID": "CVE-2026-27456", "PkgID": "libuuid1@2.41-5", "PkgName": "libuuid1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libuuid1@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "1afbb50818377478" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:ce2d8f6412c915c4f9080c8333413f271fffb423794de9a14d624ecbff1a6c59", "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59", "CWE-269", "CWE-367" ], "VendorSeverity": { "azure": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27456", "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "https://www.cve.org/CVERecord?id=CVE-2026-27456" ], "PublishedDate": "2026-04-03T22:16:25.4Z", "LastModifiedDate": "2026-04-22T16:08:55.1Z" }, { "VulnerabilityID": "CVE-2026-3184", "PkgID": "libuuid1@2.41-5", "PkgName": "libuuid1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libuuid1@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "1afbb50818377478" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:1c3aeaa5bc8a7020eeb089c023b1e9fe4845632ecc2aa73b68988ec53d9024b4", "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", "Severity": "MEDIUM", "CweIDs": [ "CWE-289" ], "VendorSeverity": { "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7180", "https://access.redhat.com/security/cve/CVE-2026-3184", "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", "https://www.cve.org/CVERecord?id=CVE-2026-3184" ], "PublishedDate": "2026-04-03T19:17:23.377Z", "LastModifiedDate": "2026-05-01T19:29:51.02Z" }, { "VulnerabilityID": "CVE-2026-27456", "PkgID": "login@1:4.16.0-2+really2.41-5", "PkgName": "login", "PkgIdentifier": { "PURL": "pkg:deb/debian/login@4.16.0-2%2Breally2.41-5?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "c0ab0b857644733b" }, "InstalledVersion": "1:4.16.0-2+really2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:848c8047737ae4215e44170ed583daf9a61cc9561f89deb81a14c273bd1ca598", "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59", "CWE-269", "CWE-367" ], "VendorSeverity": { "azure": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27456", "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "https://www.cve.org/CVERecord?id=CVE-2026-27456" ], "PublishedDate": "2026-04-03T22:16:25.4Z", "LastModifiedDate": "2026-04-22T16:08:55.1Z" }, { "VulnerabilityID": "CVE-2026-3184", "PkgID": "login@1:4.16.0-2+really2.41-5", "PkgName": "login", "PkgIdentifier": { "PURL": "pkg:deb/debian/login@4.16.0-2%2Breally2.41-5?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "c0ab0b857644733b" }, "InstalledVersion": "1:4.16.0-2+really2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:bb1fdd77a280d96fbe0b0500b59b2d1a09f87157aa5b95d67e8c6f7970f5f9f9", "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", "Severity": "MEDIUM", "CweIDs": [ "CWE-289" ], "VendorSeverity": { "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7180", "https://access.redhat.com/security/cve/CVE-2026-3184", "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", "https://www.cve.org/CVERecord?id=CVE-2026-3184" ], "PublishedDate": "2026-04-03T19:17:23.377Z", "LastModifiedDate": "2026-05-01T19:29:51.02Z" }, { "VulnerabilityID": "CVE-2026-27456", "PkgID": "mount@2.41-5", "PkgName": "mount", "PkgIdentifier": { "PURL": "pkg:deb/debian/mount@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "55c835c674d0a0e5" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:ada217038dba223d6644e6e76ec66636798179a4e323056da11b65e5e227568f", "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59", "CWE-269", "CWE-367" ], "VendorSeverity": { "azure": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27456", "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "https://www.cve.org/CVERecord?id=CVE-2026-27456" ], "PublishedDate": "2026-04-03T22:16:25.4Z", "LastModifiedDate": "2026-04-22T16:08:55.1Z" }, { "VulnerabilityID": "CVE-2026-3184", "PkgID": "mount@2.41-5", "PkgName": "mount", "PkgIdentifier": { "PURL": "pkg:deb/debian/mount@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "55c835c674d0a0e5" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:9f9f39103c97b90d1f9dd0530b1358479bf7792ac614496fa50dd704970688f1", "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", "Severity": "MEDIUM", "CweIDs": [ "CWE-289" ], "VendorSeverity": { "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7180", "https://access.redhat.com/security/cve/CVE-2026-3184", "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", "https://www.cve.org/CVERecord?id=CVE-2026-3184" ], "PublishedDate": "2026-04-03T19:17:23.377Z", "LastModifiedDate": "2026-05-01T19:29:51.02Z" }, { "VulnerabilityID": "CVE-2025-69720", "PkgID": "ncurses-base@6.5+20250216-2", "PkgName": "ncurses-base", "PkgIdentifier": { "PURL": "pkg:deb/debian/ncurses-base@6.5%2B20250216-2?arch=all\u0026distro=debian-13.5", "UID": "767a0231348a5cb5" }, "InstalledVersion": "6.5+20250216-2", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69720", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:321a607c699503aae57d006e47b384a2ec5ac43463cb26039a32c9569b54d9a3", "Title": "ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.", "Description": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "Severity": "HIGH", "CweIDs": [ "CWE-121", "CWE-120" ], "VendorSeverity": { "alma": 2, "azure": 4, "cbl-mariner": 4, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:5913", "https://access.redhat.com/security/cve/CVE-2025-69720", "https://bugzilla.redhat.com/2449037", "https://bugzilla.redhat.com/show_bug.cgi?id=2449037", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69720", "https://errata.almalinux.org/10/ALSA-2026-5913.html", "https://errata.rockylinux.org/RLSA-2026:5913", "https://github.com/Cao-Wuhui/CVE-2025-69720", "https://invisible-island.net/archives/ncurses/6.5/", "https://invisible-island.net/ncurses/", "https://linux.oracle.com/cve/CVE-2025-69720.html", "https://linux.oracle.com/errata/ELSA-2026-5913.html", "https://marc.info/?l=ncurses-bug\u0026m=176539968328570\u0026w=2", "https://marc.info/?l=ncurses-bug\u0026m=176540731801330\u0026w=2", "https://marc.info/?l=ncurses-bug\u0026m=176545557728083\u0026w=2", "https://nvd.nist.gov/vuln/detail/CVE-2025-69720", "https://www.cve.org/CVERecord?id=CVE-2025-69720" ], "PublishedDate": "2026-03-19T15:16:21.293Z", "LastModifiedDate": "2026-03-26T19:35:10.547Z" }, { "VulnerabilityID": "CVE-2025-69720", "PkgID": "ncurses-bin@6.5+20250216-2", "PkgName": "ncurses-bin", "PkgIdentifier": { "PURL": "pkg:deb/debian/ncurses-bin@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.5", "UID": "5b541563cf6587e5" }, "InstalledVersion": "6.5+20250216-2", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69720", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:028904254ebb5ac283d2481610bf41040500a23d75fb2f01f228a6c5891f7aa0", "Title": "ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.", "Description": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "Severity": "HIGH", "CweIDs": [ "CWE-121", "CWE-120" ], "VendorSeverity": { "alma": 2, "azure": 4, "cbl-mariner": 4, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:5913", "https://access.redhat.com/security/cve/CVE-2025-69720", "https://bugzilla.redhat.com/2449037", "https://bugzilla.redhat.com/show_bug.cgi?id=2449037", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69720", "https://errata.almalinux.org/10/ALSA-2026-5913.html", "https://errata.rockylinux.org/RLSA-2026:5913", "https://github.com/Cao-Wuhui/CVE-2025-69720", "https://invisible-island.net/archives/ncurses/6.5/", "https://invisible-island.net/ncurses/", "https://linux.oracle.com/cve/CVE-2025-69720.html", "https://linux.oracle.com/errata/ELSA-2026-5913.html", "https://marc.info/?l=ncurses-bug\u0026m=176539968328570\u0026w=2", "https://marc.info/?l=ncurses-bug\u0026m=176540731801330\u0026w=2", "https://marc.info/?l=ncurses-bug\u0026m=176545557728083\u0026w=2", "https://nvd.nist.gov/vuln/detail/CVE-2025-69720", "https://www.cve.org/CVERecord?id=CVE-2025-69720" ], "PublishedDate": "2026-03-19T15:16:21.293Z", "LastModifiedDate": "2026-03-26T19:35:10.547Z" }, { "VulnerabilityID": "CVE-2026-5704", "PkgID": "tar@1.35+dfsg-3.1", "PkgName": "tar", "PkgIdentifier": { "PURL": "pkg:deb/debian/tar@1.35%2Bdfsg-3.1?arch=amd64\u0026distro=debian-13.5", "UID": "4f69996c49afbaca" }, "InstalledVersion": "1.35+dfsg-3.1", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5704", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:93438263e028824af0a31a64a4c750ab591ce4d7434e5dbd9098a659abe491c7", "Title": "tar: tar: Hidden file injection via crafted archives", "Description": "A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection.", "Severity": "MEDIUM", "CweIDs": [ "CWE-434" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "V3Score": 5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/11/10", "http://www.openwall.com/lists/oss-security/2026/04/11/11", "http://www.openwall.com/lists/oss-security/2026/04/12/2", "https://access.redhat.com/security/cve/CVE-2026-5704", "https://bugzilla.redhat.com/show_bug.cgi?id=2455360", "https://nvd.nist.gov/vuln/detail/CVE-2026-5704", "https://www.cve.org/CVERecord?id=CVE-2026-5704" ], "PublishedDate": "2026-04-06T16:16:42.14Z", "LastModifiedDate": "2026-04-22T20:08:59.92Z" }, { "VulnerabilityID": "CVE-2026-27456", "PkgID": "util-linux@2.41-5", "PkgName": "util-linux", "PkgIdentifier": { "PURL": "pkg:deb/debian/util-linux@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "972fb85b9c9e83e7" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:2b49edd8a1c1800d2ad92be3efe5d7b6680d17827a5a79fa74b74ff3a082fd73", "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59", "CWE-269", "CWE-367" ], "VendorSeverity": { "azure": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27456", "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "https://www.cve.org/CVERecord?id=CVE-2026-27456" ], "PublishedDate": "2026-04-03T22:16:25.4Z", "LastModifiedDate": "2026-04-22T16:08:55.1Z" }, { "VulnerabilityID": "CVE-2026-3184", "PkgID": "util-linux@2.41-5", "PkgName": "util-linux", "PkgIdentifier": { "PURL": "pkg:deb/debian/util-linux@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "972fb85b9c9e83e7" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:a31885ea60c5b1b983bce32c0a66983bc1a89fc939f1eb677563652ee6d9c7d1", "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", "Severity": "MEDIUM", "CweIDs": [ "CWE-289" ], "VendorSeverity": { "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7180", "https://access.redhat.com/security/cve/CVE-2026-3184", "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", "https://www.cve.org/CVERecord?id=CVE-2026-3184" ], "PublishedDate": "2026-04-03T19:17:23.377Z", "LastModifiedDate": "2026-05-01T19:29:51.02Z" }, { "VulnerabilityID": "CVE-2026-27171", "PkgID": "zlib1g@1:1.3.dfsg+really1.3.1-1+b1", "PkgName": "zlib1g", "PkgIdentifier": { "PURL": "pkg:deb/debian/zlib1g@1.3.dfsg%2Breally1.3.1-1%2Bb1?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "ff182eb2a26a8142" }, "InstalledVersion": "1:1.3.dfsg+really1.3.1-1+b1", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27171", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:2fa1bfdbed6a380e7ca7f570d27dab82280c0df0a381cbe9880953ef3bf3118f", "Title": "zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions", "Description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", "Severity": "MEDIUM", "CweIDs": [ "CWE-1284" ], "VendorSeverity": { "amazon": 1, "azure": 1, "cbl-mariner": 1, "julia": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 2.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit", "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", "https://access.redhat.com/security/cve/CVE-2026-27171", "https://github.com/advisories/GHSA-h858-mf2m-8jf4", "https://github.com/madler/zlib/issues/904", "https://github.com/madler/zlib/releases/tag/v1.3.2", "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", "https://ostif.org/zlib-audit-complete", "https://ostif.org/zlib-audit-complete/", "https://www.cve.org/CVERecord?id=CVE-2026-27171" ], "PublishedDate": "2026-02-18T04:16:01.263Z", "LastModifiedDate": "2026-03-25T21:27:04.603Z" } ] }, { "Target": "Python", "Class": "lang-pkgs", "Type": "python-pkg", "Packages": [ { "Name": "autocommand", "Identifier": { "PURL": "pkg:pypi/autocommand@2.2.2", "UID": "de2aeb22213f7255" }, "Version": "2.2.2", "Licenses": [ "LGPL-3.0-only" ], "Layer": { "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" }, "FilePath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/autocommand-2.2.2.dist-info/METADATA", "AnalyzedBy": "python-pkg" }, { "Name": "backports.tarfile", "Identifier": { "PURL": "pkg:pypi/backports.tarfile@1.2.0", "UID": "1333ca5d453000df" }, "Version": "1.2.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" }, "FilePath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/backports.tarfile-1.2.0.dist-info/METADATA", "AnalyzedBy": "python-pkg" }, { "Name": "importlib_metadata", "Identifier": { "PURL": "pkg:pypi/importlib-metadata@8.0.0", "UID": "347a36bc9e660761" }, "Version": "8.0.0", "Licenses": [ "Apache-2.0" ], "Layer": { "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" }, "FilePath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/importlib_metadata-8.0.0.dist-info/METADATA", "AnalyzedBy": "python-pkg" }, { "Name": "inflect", "Identifier": { "PURL": "pkg:pypi/inflect@7.3.1", "UID": "51e7d1c898b69383" }, "Version": "7.3.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" }, "FilePath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/inflect-7.3.1.dist-info/METADATA", "AnalyzedBy": "python-pkg" }, { "Name": "jaraco.collections", "Identifier": { "PURL": "pkg:pypi/jaraco.collections@5.1.0", "UID": "b2e77b8a0b175ddd" }, "Version": "5.1.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" }, "FilePath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/jaraco.collections-5.1.0.dist-info/METADATA", "AnalyzedBy": "python-pkg" }, { "Name": "jaraco.context", "Identifier": { "PURL": "pkg:pypi/jaraco.context@5.3.0", "UID": "d6550b81e52efabe" }, "Version": "5.3.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" }, "FilePath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/jaraco.context-5.3.0.dist-info/METADATA", "AnalyzedBy": "python-pkg" }, { "Name": "jaraco.functools", "Identifier": { "PURL": "pkg:pypi/jaraco.functools@4.0.1", "UID": "f42118e4940a83a5" }, "Version": "4.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" }, "FilePath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/jaraco.functools-4.0.1.dist-info/METADATA", "AnalyzedBy": "python-pkg" }, { "Name": "jaraco.text", "Identifier": { "PURL": "pkg:pypi/jaraco.text@3.12.1", "UID": "cac1fcd2d9755e50" }, "Version": "3.12.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" }, "FilePath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/jaraco.text-3.12.1.dist-info/METADATA", "AnalyzedBy": "python-pkg" }, { "Name": "more-itertools", "Identifier": { "PURL": "pkg:pypi/more-itertools@10.3.0", "UID": "cab6d07375997e08" }, "Version": "10.3.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" }, "FilePath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/more_itertools-10.3.0.dist-info/METADATA", "AnalyzedBy": "python-pkg" }, { "Name": "packaging", "Identifier": { "PURL": "pkg:pypi/packaging@24.2", "UID": "dd0943476d1773a8" }, "Version": "24.2", "Licenses": [ "Apache-2.0", "BSD-3-Clause" ], "Layer": { "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" }, "FilePath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/packaging-24.2.dist-info/METADATA", "AnalyzedBy": "python-pkg" }, { "Name": "pip", "Identifier": { "PURL": "pkg:pypi/pip@24.0", "UID": "7a4293168b845101" }, "Version": "24.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" }, "FilePath": "usr/local/lib/python3.11/site-packages/pip-24.0.dist-info/METADATA", "AnalyzedBy": "python-pkg" }, { "Name": "platformdirs", "Identifier": { "PURL": "pkg:pypi/platformdirs@4.2.2", "UID": "f93e5b8c438aeaf6" }, "Version": "4.2.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" }, "FilePath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/platformdirs-4.2.2.dist-info/METADATA", "AnalyzedBy": "python-pkg" }, { "Name": "setuptools", "Identifier": { "PURL": "pkg:pypi/setuptools@79.0.1", "UID": "a34f48aa76be299c" }, "Version": "79.0.1", "Layer": { "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" }, "FilePath": "usr/local/lib/python3.11/site-packages/setuptools-79.0.1.dist-info/METADATA", "AnalyzedBy": "python-pkg" }, { "Name": "tomli", "Identifier": { "PURL": "pkg:pypi/tomli@2.0.1", "UID": "53abaa0d00072d9e" }, "Version": "2.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" }, "FilePath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/tomli-2.0.1.dist-info/METADATA", "AnalyzedBy": "python-pkg" }, { "Name": "typeguard", "Identifier": { "PURL": "pkg:pypi/typeguard@4.3.0", "UID": "f19abdf9377301a1" }, "Version": "4.3.0", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" }, "FilePath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/typeguard-4.3.0.dist-info/METADATA", "AnalyzedBy": "python-pkg" }, { "Name": "typing_extensions", "Identifier": { "PURL": "pkg:pypi/typing-extensions@4.12.2", "UID": "4b1f19157aef399d" }, "Version": "4.12.2", "Licenses": [ "Python Software Foundation License" ], "Layer": { "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" }, "FilePath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/typing_extensions-4.12.2.dist-info/METADATA", "AnalyzedBy": "python-pkg" }, { "Name": "wheel", "Identifier": { "PURL": "pkg:pypi/wheel@0.45.1", "UID": "68d1f5691b386b62" }, "Version": "0.45.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" }, "FilePath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/wheel-0.45.1.dist-info/METADATA", "AnalyzedBy": "python-pkg" }, { "Name": "wheel", "Identifier": { "PURL": "pkg:pypi/wheel@0.45.1", "UID": "588d1d5b79ef6155" }, "Version": "0.45.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" }, "FilePath": "usr/local/lib/python3.11/site-packages/wheel-0.45.1.dist-info/METADATA", "AnalyzedBy": "python-pkg" }, { "Name": "zipp", "Identifier": { "PURL": "pkg:pypi/zipp@3.19.2", "UID": "92d9047d0b817060" }, "Version": "3.19.2", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" }, "FilePath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/zipp-3.19.2.dist-info/METADATA", "AnalyzedBy": "python-pkg" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2026-23949", "VendorIDs": [ "GHSA-58pv-8j8x-9vj2" ], "PkgName": "jaraco.context", "PkgPath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/jaraco.context-5.3.0.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/jaraco.context@5.3.0", "UID": "d6550b81e52efabe" }, "InstalledVersion": "5.3.0", "FixedVersion": "6.1.0", "Status": "fixed", "Layer": { "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-23949", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:1c905c4c1d21dc620743774051bdd1c08e63dd6f92117b17d07dd935773d850d", "Title": "jaraco.context: jaraco.context: Path traversal via malicious tar archives", "Description": "jaraco.context, an open-source software package that provides some useful decorators and context managers, has a Zip Slip path traversal vulnerability in the `jaraco.context.tarball()` function starting in version 5.2.0 and prior to version 6.1.0. The vulnerability may allow attackers to extract files outside the intended extraction directory when malicious tar archives are processed. The strip_first_component filter splits the path on the first `/` and extracts the second component, while allowing `../` sequences. Paths like `dummy_dir/../../etc/passwd` become `../../etc/passwd`. Note that this suffers from a nested tarball attack as well with multi-level tar files such as `dummy_dir/inner.tar.gz`, where the inner.tar.gz includes a traversal `dummy_dir/../../config/.env` that also gets translated to `../../config/.env`. Version 6.1.0 contains a patch for the issue.", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "ghsa": 3, "redhat": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "V3Score": 8.6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "V3Score": 8.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-23949", "https://github.com/jaraco/jaraco.context", "https://github.com/jaraco/jaraco.context/blob/main/jaraco/context/__init__.py#L74-L91", "https://github.com/jaraco/jaraco.context/commit/7b26a42b525735e4085d2e994e13802ea339d5f9", "https://github.com/jaraco/jaraco.context/security/advisories/GHSA-58pv-8j8x-9vj2", "https://github.com/pypa/setuptools/blob/main/setuptools/_vendor/jaraco/context.py#L55-L76", "https://nvd.nist.gov/vuln/detail/CVE-2026-23949", "https://ubuntu.com/security/notices/USN-7979-1", "https://www.cve.org/CVERecord?id=CVE-2026-23949" ], "PublishedDate": "2026-01-20T01:15:57.723Z", "LastModifiedDate": "2026-03-11T23:12:19.323Z" }, { "VulnerabilityID": "CVE-2025-8869", "VendorIDs": [ "GHSA-4xh5-x5gv-qwph" ], "PkgName": "pip", "PkgPath": "usr/local/lib/python3.11/site-packages/pip-24.0.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/pip@24.0", "UID": "7a4293168b845101" }, "InstalledVersion": "24.0", "FixedVersion": "25.3", "Status": "fixed", "Layer": { "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8869", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:a93490c6514e9ef6bc4bfc1cb8329d6a27d7b0a2ee393561d9be69fd0268dcc5", "Title": "pip: pip missing checks on symbolic link extraction", "Description": "When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706.\nNote that upgrading pip to a \"fixed\" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python version that implements PEP 706.\n\nNote that this is a vulnerability in pip's fallback implementation of tar extraction for Python versions that don't implement PEP 706\nand therefore are not secure to all vulnerabilities in the Python 'tarfile' module. If you're using a Python version that implements PEP 706\nthen pip doesn't use the \"vulnerable\" fallback code.\n\nMitigations include upgrading to a version of pip that includes the fix, upgrading to a Python version that implements PEP 706 (Python \u003e=3.9.17, \u003e=3.10.12, \u003e=3.11.4, or \u003e=3.12),\napplying the linked patch, or inspecting source distributions (sdists) before installation as is already a best-practice.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 2, "azure": 2, "ghsa": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "V40Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-8869", "https://github.com/pypa/pip", "https://github.com/pypa/pip/commit/f2b92314da012b9fffa36b3f3e67748a37ef464a", "https://github.com/pypa/pip/pull/13550", "https://lists.debian.org/debian-lts-announce/2025/10/msg00028.html", "https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN", "https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN/", "https://nvd.nist.gov/vuln/detail/CVE-2025-8869", "https://pip.pypa.io/en/stable/news/#v25-2", "https://www.cve.org/CVERecord?id=CVE-2025-8869" ], "PublishedDate": "2025-09-24T15:15:41.293Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2026-3219", "VendorIDs": [ "GHSA-58qw-9mgm-455v" ], "PkgName": "pip", "PkgPath": "usr/local/lib/python3.11/site-packages/pip-24.0.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/pip@24.0", "UID": "7a4293168b845101" }, "InstalledVersion": "24.0", "FixedVersion": "26.1", "Status": "fixed", "Layer": { "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3219", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:dd41b723ecedac6e2197e883e7c25222d8d4cd6adfbb9bcd14eddae543e89738", "Title": "pip: pip: Incorrect file installation due to improper archive handling", "Description": "pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing \"incorrect\" files according to the filename of the archive. New behavior only proceeds with installation if the file identifies uniquely as a ZIP or tar archive, not as both.", "Severity": "MEDIUM", "CweIDs": [ "CWE-434" ], "VendorSeverity": { "amazon": 3, "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "V40Score": 4.6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "V3Score": 5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/20/8", "https://access.redhat.com/security/cve/CVE-2026-3219", "https://github.com/pypa/pip", "https://github.com/pypa/pip/issues/13867", "https://github.com/pypa/pip/pull/13870", "https://mail.python.org/archives/list/security-announce@python.org/thread/QAJ5JIVWWCAJ4EZL2FP5MOOW35JS7LRJ", "https://mail.python.org/archives/list/security-announce@python.org/thread/QAJ5JIVWWCAJ4EZL2FP5MOOW35JS7LRJ/", "https://nvd.nist.gov/vuln/detail/CVE-2026-3219", "https://www.cve.org/CVERecord?id=CVE-2026-3219" ], "PublishedDate": "2026-04-20T16:16:45.43Z", "LastModifiedDate": "2026-04-20T21:16:36.42Z" }, { "VulnerabilityID": "CVE-2026-6357", "VendorIDs": [ "GHSA-jp4c-xjxw-mgf9" ], "PkgName": "pip", "PkgPath": "usr/local/lib/python3.11/site-packages/pip-24.0.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/pip@24.0", "UID": "7a4293168b845101" }, "InstalledVersion": "24.0", "FixedVersion": "26.1", "Status": "fixed", "Layer": { "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6357", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:6459dcf2f2eef4bd4ab12e277732f7b01e31b6c6fea4a78ed65843e2fa82e853", "Title": "pip: pip: Arbitrary code execution or information disclosure via malicious wheel package installation", "Description": "pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run before wheels are installed to prevent newly-installed modules from being imported shortly after the installation of a wheel package. Users should still review package contents prior to installation.", "Severity": "MEDIUM", "CweIDs": [ "CWE-829" ], "VendorSeverity": { "amazon": 3, "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N", "V40Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", "V3Score": 5.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/27/7", "https://access.redhat.com/security/cve/CVE-2026-6357", "https://github.com/pypa/pip", "https://github.com/pypa/pip/commit/b369bfc96cc524e00c267e1693290e6599c36bad", "https://github.com/pypa/pip/pull/13923", "https://ichard26.github.io/blog/2026/04/whats-new-in-pip-26.1/#security-fixes", "https://nvd.nist.gov/vuln/detail/CVE-2026-6357", "https://www.cve.org/CVERecord?id=CVE-2026-6357" ], "PublishedDate": "2026-04-27T15:16:20.857Z", "LastModifiedDate": "2026-04-27T23:16:03.533Z" }, { "VulnerabilityID": "CVE-2026-24049", "VendorIDs": [ "GHSA-8rrh-rw8j-w5fx" ], "PkgName": "wheel", "PkgPath": "usr/local/lib/python3.11/site-packages/setuptools/_vendor/wheel-0.45.1.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/wheel@0.45.1", "UID": "68d1f5691b386b62" }, "InstalledVersion": "0.45.1", "FixedVersion": "0.46.2", "Status": "fixed", "Layer": { "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-24049", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:97a71244772cc1cbaf9ae174378caff2543ec5c48d2a9f2f50de2997c261a548", "Title": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking", "Description": "wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts. This issue has been fixed in version 0.46.2.", "Severity": "HIGH", "CweIDs": [ "CWE-22", "CWE-732" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "cbl-mariner": 2, "ghsa": 3, "nvd": 2, "oracle-oval": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "V3Score": 7.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1939", "https://access.redhat.com/security/cve/CVE-2026-24049", "https://bugzilla.redhat.com/2431959", "https://bugzilla.redhat.com/show_bug.cgi?id=2431959", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24049", "https://errata.almalinux.org/9/ALSA-2026-1939.html", "https://errata.rockylinux.org/RLSA-2026:1939", "https://github.com/pypa/wheel", "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef", "https://github.com/pypa/wheel/commit/934fe177ff912c8e03d5ae951d3805e1fd90ba5e", "https://github.com/pypa/wheel/releases/tag/0.46.2", "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx", "https://linux.oracle.com/cve/CVE-2026-24049.html", "https://linux.oracle.com/errata/ELSA-2026-2090.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-24049", "https://ubuntu.com/security/notices/USN-8221-1", "https://www.cve.org/CVERecord?id=CVE-2026-24049" ], "PublishedDate": "2026-01-22T05:16:23.157Z", "LastModifiedDate": "2026-02-18T14:56:48.657Z" }, { "VulnerabilityID": "CVE-2026-24049", "VendorIDs": [ "GHSA-8rrh-rw8j-w5fx" ], "PkgName": "wheel", "PkgPath": "usr/local/lib/python3.11/site-packages/wheel-0.45.1.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/wheel@0.45.1", "UID": "588d1d5b79ef6155" }, "InstalledVersion": "0.45.1", "FixedVersion": "0.46.2", "Status": "fixed", "Layer": { "Digest": "sha256:797d495f2c68eb4664df918d39078ca04612d7ef47c57b5c784f7f6eedd42bf5", "DiffID": "sha256:bffa3c30a00bb534b2e3637bd26d9a75e095172be7d0b33924f1a61bf6cb2120" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-24049", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:97a71244772cc1cbaf9ae174378caff2543ec5c48d2a9f2f50de2997c261a548", "Title": "wheel: wheel: Privilege Escalation or Arbitrary Code Execution via malicious wheel file unpacking", "Description": "wheel is a command line tool for manipulating Python wheel files, as defined in PEP 427. In versions 0.40.0 through 0.46.1, the unpack function is vulnerable to file permission modification through mishandling of file permissions after extraction. The logic blindly trusts the filename from the archive header for the chmod operation, even though the extraction process itself might have sanitized the path. Attackers can craft a malicious wheel file that, when unpacked, changes the permissions of critical system files (e.g., /etc/passwd, SSH keys, config files), allowing for Privilege Escalation or arbitrary code execution by modifying now-writable scripts. This issue has been fixed in version 0.46.2.", "Severity": "HIGH", "CweIDs": [ "CWE-22", "CWE-732" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "cbl-mariner": 2, "ghsa": 3, "nvd": 2, "oracle-oval": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "V3Score": 7.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1939", "https://access.redhat.com/security/cve/CVE-2026-24049", "https://bugzilla.redhat.com/2431959", "https://bugzilla.redhat.com/show_bug.cgi?id=2431959", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24049", "https://errata.almalinux.org/9/ALSA-2026-1939.html", "https://errata.rockylinux.org/RLSA-2026:1939", "https://github.com/pypa/wheel", "https://github.com/pypa/wheel/commit/7a7d2de96b22a9adf9208afcc9547e1001569fef", "https://github.com/pypa/wheel/commit/934fe177ff912c8e03d5ae951d3805e1fd90ba5e", "https://github.com/pypa/wheel/releases/tag/0.46.2", "https://github.com/pypa/wheel/security/advisories/GHSA-8rrh-rw8j-w5fx", "https://linux.oracle.com/cve/CVE-2026-24049.html", "https://linux.oracle.com/errata/ELSA-2026-2090.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-24049", "https://ubuntu.com/security/notices/USN-8221-1", "https://www.cve.org/CVERecord?id=CVE-2026-24049" ], "PublishedDate": "2026-01-22T05:16:23.157Z", "LastModifiedDate": "2026-02-18T14:56:48.657Z" } ] } ] }, { "Namespace": "proxy", "Kind": "Deployment", "Name": "proxy", "Metadata": [ { "Size": 63648256, "OS": { "Family": "alpine", "Name": "3.23.4" }, "ImageID": "sha256:a5e688db1e7424e08d0ff019d3c9962f2f6ceef71ca53227b06fe8ec7b47ed35", "DiffIDs": [ "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1", "sha256:5c5807454fd20888bebec1e53ba39804c582db55e8273de961a6c8b96c68e5c8", "sha256:a1de419deb2439bf43af32ecd89cbdf0ca2aaa6faacf582011c37b5201a532e7", "sha256:ad5fa0a24cd87e37fb848811a92c2a08f294e35e0cf5da9c1869b6c91a076505", "sha256:6f189167f676fd6d05ce1e4077551cd67098c61e7e6a74ef470628be9a811b48", "sha256:6b7f4e280528c3a7b1708bb91457637bbe8067349b8237c0a74e21e81bdf9ac0", "sha256:ffd61943588a7a1e97a432e5c4e60e10844afe2933a16a32c14d8fdf5f3c5b32", "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" ], "RepoTags": [ "nginx:stable-alpine" ], "RepoDigests": [ "nginx@sha256:c819f83c54b0361f5557601bf5eb4943d09360e7a7fdf426afc466570f45874d" ], "Reference": "nginx:stable-alpine", "ImageConfig": { "architecture": "amd64", "created": "2026-05-19T21:17:45.223455148Z", "history": [ { "created": "2026-04-15T20:01:40.139676757Z", "created_by": "ADD alpine-minirootfs-3.23.4-x86_64.tar.gz / # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-04-15T20:01:40.139676757Z", "created_by": "CMD [\"/bin/sh\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-19T20:15:20.614381563Z", "created_by": "LABEL maintainer=NGINX Docker Maintainers \u003cdocker-maint@nginx.com\u003e", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-19T20:15:20.614381563Z", "created_by": "ENV NGINX_VERSION=1.30.1", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-19T20:15:20.614381563Z", "created_by": "ENV PKG_RELEASE=1", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-19T20:15:20.614381563Z", "created_by": "ENV DYNPKG_RELEASE=1", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-19T20:15:20.614381563Z", "created_by": "RUN /bin/sh -c set -x \u0026\u0026 addgroup -g 101 -S nginx \u0026\u0026 adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \u0026\u0026 apkArch=\"$(cat /etc/apk/arch)\" \u0026\u0026 nginxPackages=\" nginx=${NGINX_VERSION}-r${PKG_RELEASE} \" \u0026\u0026 apk add --no-cache --virtual .checksum-deps openssl \u0026\u0026 case \"$apkArch\" in x86_64|aarch64) set -x \u0026\u0026 KEY_SHA512=\"e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655\" \u0026\u0026 wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \u0026\u0026 if echo \"$KEY_SHA512 */tmp/nginx_signing.rsa.pub\" | sha512sum -c -; then echo \"key verification succeeded!\"; mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; else echo \"key verification failed!\"; exit 1; fi \u0026\u0026 DEPS=$(apk query --summarize depends --recursive --no-cache --repository \"@nginxorg https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\\.[0-9]+' /etc/alpine-release)/main\" ${nginxPackages/=/@nginxorg=}) \u0026\u0026 apk add --no-cache $DEPS \u0026\u0026 apk add --repositories-file /dev/null -X \"https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\\.[0-9]+' /etc/alpine-release)/main\" --no-cache $nginxPackages ;; *) set -x \u0026\u0026 tempDir=\"$(mktemp -d)\" \u0026\u0026 chown nobody:nobody $tempDir \u0026\u0026 apk add --no-cache --virtual .build-deps gcc libc-dev make openssl-dev pcre2-dev zlib-dev linux-headers bash alpine-sdk findutils curl \u0026\u0026 su nobody -s /bin/sh -c \" export HOME=${tempDir} \u0026\u0026 cd ${tempDir} \u0026\u0026 curl -f -L -O https://github.com/nginx/pkg-oss/archive/3fdb8a9a864e5680a1d432aab681e40b7e269bb4.tar.gz \u0026\u0026 PKGOSSCHECKSUM=\\\"83a117b77bf3f1ce7f227b75712766c1dec6bcfae0f1f87a9d522d1ef9b66a8ca550c3c0835b82e74e1242284be65126a1858a4fabd1dc9969ce8a7fd8e4681b *3fdb8a9a864e5680a1d432aab681e40b7e269bb4.tar.gz\\\" \u0026\u0026 if [ \\\"\\$(openssl sha512 -r 3fdb8a9a864e5680a1d432aab681e40b7e269bb4.tar.gz)\\\" = \\\"\\$PKGOSSCHECKSUM\\\" ]; then echo \\\"pkg-oss tarball checksum verification succeeded!\\\"; else echo \\\"pkg-oss tarball checksum verification failed!\\\"; exit 1; fi \u0026\u0026 tar xzvf 3fdb8a9a864e5680a1d432aab681e40b7e269bb4.tar.gz \u0026\u0026 cd pkg-oss-3fdb8a9a864e5680a1d432aab681e40b7e269bb4 \u0026\u0026 cd alpine \u0026\u0026 make base \u0026\u0026 apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \u0026\u0026 abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \" \u0026\u0026 cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \u0026\u0026 apk del --no-network .build-deps \u0026\u0026 DEPS=$(apk query --summarize depends --recursive --no-cache --repository \"@nginxorg ${tempDir}/packages/alpine/\" ${nginxPackages/=/@nginxorg=}) \u0026\u0026 apk add --no-cache $DEPS \u0026\u0026 apk add --repositories-file /dev/null -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages ;; esac \u0026\u0026 apk del --no-network .checksum-deps \u0026\u0026 if [ -n \"$tempDir\" ]; then rm -rf \"$tempDir\"; fi \u0026\u0026 if [ -f \"/etc/apk/keys/abuild-key.rsa.pub\" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \u0026\u0026 apk add --no-cache gettext-envsubst \u0026\u0026 apk add --no-cache tzdata \u0026\u0026 ln -sf /dev/stdout /var/log/nginx/access.log \u0026\u0026 ln -sf /dev/stderr /var/log/nginx/error.log \u0026\u0026 mkdir /docker-entrypoint.d # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-05-19T20:15:20.637067551Z", "created_by": "COPY docker-entrypoint.sh / # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-05-19T20:15:20.653413667Z", "created_by": "COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-05-19T20:15:20.67373055Z", "created_by": "COPY 15-local-resolvers.envsh /docker-entrypoint.d # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-05-19T20:15:20.693399875Z", "created_by": "COPY 20-envsubst-on-templates.sh /docker-entrypoint.d # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-05-19T20:15:20.71218327Z", "created_by": "COPY 30-tune-worker-processes.sh /docker-entrypoint.d # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-05-19T20:15:20.71218327Z", "created_by": "ENTRYPOINT [\"/docker-entrypoint.sh\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-19T20:15:20.71218327Z", "created_by": "EXPOSE map[80/tcp:{}]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-19T20:15:20.71218327Z", "created_by": "STOPSIGNAL SIGQUIT", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-19T20:15:20.71218327Z", "created_by": "CMD [\"nginx\" \"-g\" \"daemon off;\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-19T21:17:45.223455148Z", "created_by": "ENV NJS_VERSION=0.9.9", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-19T21:17:45.223455148Z", "created_by": "ENV NJS_RELEASE=1", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-19T21:17:45.223455148Z", "created_by": "ENV ACME_VERSION=0.4.1", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-19T21:17:45.223455148Z", "created_by": "RUN /bin/sh -c set -x \u0026\u0026 apkArch=\"$(cat /etc/apk/arch)\" \u0026\u0026 nginxPackages=\" nginx=${NGINX_VERSION}-r${PKG_RELEASE} nginx-module-xslt=${NGINX_VERSION}-r${DYNPKG_RELEASE} nginx-module-geoip=${NGINX_VERSION}-r${DYNPKG_RELEASE} nginx-module-image-filter=${NGINX_VERSION}-r${DYNPKG_RELEASE} nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} nginx-module-acme=${NGINX_VERSION}.${ACME_VERSION}-r${PKG_RELEASE} \" \u0026\u0026 apk add --no-cache --virtual .checksum-deps openssl \u0026\u0026 case \"$apkArch\" in x86_64|aarch64) apk add -X \"https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\\.[0-9]+' /etc/alpine-release)/main\" --no-cache $nginxPackages ;; *) set -x \u0026\u0026 tempDir=\"$(mktemp -d)\" \u0026\u0026 chown nobody:nobody $tempDir \u0026\u0026 apk add --no-cache --virtual .build-deps gcc libc-dev make openssl-dev pcre2-dev zlib-dev linux-headers libxslt-dev gd-dev geoip-dev libedit-dev bash alpine-sdk findutils curl cargo clang-libclang \u0026\u0026 su nobody -s /bin/sh -c \" export HOME=${tempDir} \u0026\u0026 cd ${tempDir} \u0026\u0026 curl -f -L -O https://github.com/nginx/pkg-oss/archive/3fdb8a9a864e5680a1d432aab681e40b7e269bb4.tar.gz \u0026\u0026 PKGOSSCHECKSUM=\\\"83a117b77bf3f1ce7f227b75712766c1dec6bcfae0f1f87a9d522d1ef9b66a8ca550c3c0835b82e74e1242284be65126a1858a4fabd1dc9969ce8a7fd8e4681b *3fdb8a9a864e5680a1d432aab681e40b7e269bb4.tar.gz\\\" \u0026\u0026 if [ \\\"\\$(openssl sha512 -r 3fdb8a9a864e5680a1d432aab681e40b7e269bb4.tar.gz)\\\" = \\\"\\$PKGOSSCHECKSUM\\\" ]; then echo \\\"pkg-oss tarball checksum verification succeeded!\\\"; else echo \\\"pkg-oss tarball checksum verification failed!\\\"; exit 1; fi \u0026\u0026 tar xzvf 3fdb8a9a864e5680a1d432aab681e40b7e269bb4.tar.gz \u0026\u0026 cd pkg-oss-3fdb8a9a864e5680a1d432aab681e40b7e269bb4 \u0026\u0026 cd alpine \u0026\u0026 export BUILDTARGET=\\\"module-geoip module-image-filter module-njs module-xslt module-acme\\\" \u0026\u0026 if [ \\\"\\$(apk --print-arch)\\\" = \\\"armhf\\\" ]; then BUILDTARGET=\\\"\\$( echo \\$BUILDTARGET | sed 's,module-acme,,' )\\\"; fi \u0026\u0026 make \\$BUILDTARGET \u0026\u0026 apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \u0026\u0026 abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \" \u0026\u0026 cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \u0026\u0026 apk del --no-network .build-deps \u0026\u0026 if [ \"$apkArch\" = \"armhf\" ]; then nginxPackages=\"$( echo $nginxPackages | sed 's,nginx-module-acme=.*,,')\"; fi \u0026\u0026 apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages ;; esac \u0026\u0026 apk del --no-network .checksum-deps \u0026\u0026 if [ -n \"$tempDir\" ]; then rm -rf \"$tempDir\"; fi \u0026\u0026 if [ -f \"/etc/apk/keys/abuild-key.rsa.pub\" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \u0026\u0026 apk add --no-cache curl ca-certificates # buildkit", "comment": "buildkit.dockerfile.v0" } ], "os": "linux", "rootfs": { "type": "layers", "diff_ids": [ "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1", "sha256:5c5807454fd20888bebec1e53ba39804c582db55e8273de961a6c8b96c68e5c8", "sha256:a1de419deb2439bf43af32ecd89cbdf0ca2aaa6faacf582011c37b5201a532e7", "sha256:ad5fa0a24cd87e37fb848811a92c2a08f294e35e0cf5da9c1869b6c91a076505", "sha256:6f189167f676fd6d05ce1e4077551cd67098c61e7e6a74ef470628be9a811b48", "sha256:6b7f4e280528c3a7b1708bb91457637bbe8067349b8237c0a74e21e81bdf9ac0", "sha256:ffd61943588a7a1e97a432e5c4e60e10844afe2933a16a32c14d8fdf5f3c5b32", "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" ] }, "config": { "Cmd": [ "nginx", "-g", "daemon off;" ], "Entrypoint": [ "/docker-entrypoint.sh" ], "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "NGINX_VERSION=1.30.1", "PKG_RELEASE=1", "DYNPKG_RELEASE=1", "NJS_VERSION=0.9.9", "NJS_RELEASE=1", "ACME_VERSION=0.4.1" ], "Labels": { "maintainer": "NGINX Docker Maintainers \u003cdocker-maint@nginx.com\u003e" }, "WorkingDir": "/", "ExposedPorts": { "80/tcp": {} }, "StopSignal": "SIGQUIT" } }, "Layers": [ { "Size": 8732160, "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" }, { "Size": 4737536, "Digest": "sha256:2761f2b929073faf02088d1cd321e4cdd3134ccb2eb483426a89aa7a29d17031", "DiffID": "sha256:5c5807454fd20888bebec1e53ba39804c582db55e8273de961a6c8b96c68e5c8" }, { "Size": 3584, "Digest": "sha256:9819a9bca5c765aec514db7e90c3dee6d699c76a611b592d388629f4b0f665eb", "DiffID": "sha256:a1de419deb2439bf43af32ecd89cbdf0ca2aaa6faacf582011c37b5201a532e7" }, { "Size": 4608, "Digest": "sha256:9097b7c36bd7225e6e955ae7f0a02738f22dec88330b0816aa0c026386c1db79", "DiffID": "sha256:ad5fa0a24cd87e37fb848811a92c2a08f294e35e0cf5da9c1869b6c91a076505" }, { "Size": 2560, "Digest": "sha256:d5e180c5634daea39efda1a8d35ea781126257c98fa38cd0374f6edcaa86a6e2", "DiffID": "sha256:6f189167f676fd6d05ce1e4077551cd67098c61e7e6a74ef470628be9a811b48" }, { "Size": 5120, "Digest": "sha256:61194bdf8809d67a4145f10fb09173c8e7a28b51da484e25eece0ba02643fa88", "DiffID": "sha256:6b7f4e280528c3a7b1708bb91457637bbe8067349b8237c0a74e21e81bdf9ac0" }, { "Size": 7168, "Digest": "sha256:6b213b30736dba71e4c92b43e31901658ff70cb96e46524740dce204b477c616", "DiffID": "sha256:ffd61943588a7a1e97a432e5c4e60e10844afe2933a16a32c14d8fdf5f3c5b32" }, { "Size": 50155520, "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" } ] } ], "Results": [ { "Target": "nginx:stable-alpine (alpine 3.23.4)", "Class": "os-pkgs", "Type": "alpine", "Packages": [ { "ID": "alpine-baselayout@3.7.2-r0", "Name": "alpine-baselayout", "Identifier": { "PURL": "pkg:apk/alpine/alpine-baselayout@3.7.2-r0?arch=x86_64\u0026distro=3.23.4", "UID": "ff3090489ca40326" }, "Version": "3.7.2-r0", "Arch": "x86_64", "SrcName": "alpine-baselayout", "SrcVersion": "3.7.2-r0", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "alpine-baselayout-data@3.7.2-r0", "busybox-binsh@1.37.0-r30" ], "Layer": { "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" }, "Digest": "sha1:545aa6f291209af89932b761d9e422c2778596cc", "InstalledFiles": [ "etc/motd", "etc/crontabs/root", "etc/modprobe.d/aliases.conf", "etc/modprobe.d/blacklist.conf", "etc/modprobe.d/i386.conf", "etc/profile.d/20locale.sh", "etc/profile.d/README", "etc/profile.d/color_prompt.sh.disabled", "usr/lib/sysctl.d/00-alpine.conf", "var/lock", "var/run", "var/spool/mail", "var/spool/cron/crontabs" ], "AnalyzedBy": "apk" }, { "ID": "alpine-baselayout-data@3.7.2-r0", "Name": "alpine-baselayout-data", "Identifier": { "PURL": "pkg:apk/alpine/alpine-baselayout-data@3.7.2-r0?arch=x86_64\u0026distro=3.23.4", "UID": "78c0ed61d7df9a7e" }, "Version": "3.7.2-r0", "Arch": "x86_64", "SrcName": "alpine-baselayout", "SrcVersion": "3.7.2-r0", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" }, "Digest": "sha1:85816632dbce07ba7e9e7a629fa59eddbd1687fb", "InstalledFiles": [ "etc/fstab", "etc/group", "etc/hostname", "etc/hosts", "etc/inittab", "etc/modules", "etc/mtab", "etc/nsswitch.conf", "etc/passwd", "etc/profile", "etc/protocols", "etc/services", "etc/shadow", "etc/shells", "etc/sysctl.conf" ], "AnalyzedBy": "apk" }, { "ID": "alpine-keys@2.6-r0", "Name": "alpine-keys", "Identifier": { "PURL": "pkg:apk/alpine/alpine-keys@2.6-r0?arch=x86_64\u0026distro=3.23.4", "UID": "2c7cb90de388aa7d" }, "Version": "2.6-r0", "Arch": "x86_64", "SrcName": "alpine-keys", "SrcVersion": "2.6-r0", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" }, "Digest": "sha1:5c45a821cd6b84d543bbd7ff12a7de1855c5cd13", "InstalledFiles": [ "etc/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-66ba20fe.rsa.pub", "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", "usr/share/apk/keys/loongarch64/alpine-devel@lists.alpinelinux.org-66ba20fe.rsa.pub", "usr/share/apk/keys/mips64/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub" ], "AnalyzedBy": "apk" }, { "ID": "alpine-release@3.23.4-r0", "Name": "alpine-release", "Identifier": { "PURL": "pkg:apk/alpine/alpine-release@3.23.4-r0?arch=x86_64\u0026distro=3.23.4", "UID": "114fb0bc8cc9ff31" }, "Version": "3.23.4-r0", "Arch": "x86_64", "SrcName": "alpine-base", "SrcVersion": "3.23.4-r0", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "alpine-keys@2.6-r0" ], "Layer": { "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" }, "Digest": "sha1:7ff0b58e52211bb31a84e2afdbcbff0620df55a1", "InstalledFiles": [ "etc/alpine-release", "etc/issue", "etc/os-release", "etc/secfixes.d/alpine", "usr/lib/os-release" ], "AnalyzedBy": "apk" }, { "ID": "aom-libs@3.13.1-r1", "Name": "aom-libs", "Identifier": { "PURL": "pkg:apk/alpine/aom-libs@3.13.1-r1?arch=x86_64\u0026distro=3.23.4", "UID": "5c2e206a9e097520" }, "Version": "3.13.1-r1", "Arch": "x86_64", "SrcName": "aom", "SrcVersion": "3.13.1-r1", "Licenses": [ "BSD-2-Clause", "custom" ], "Maintainer": "Oleg Titov \u003coleg.titov@gmail.com\u003e", "DependsOn": [ "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:97b0c2dffcef97a0253876d015ca217de10b216a", "InstalledFiles": [ "usr/lib/libaom.so.3", "usr/lib/libaom.so.3.13.1" ], "AnalyzedBy": "apk" }, { "ID": "apk-tools@3.0.6-r0", "Name": "apk-tools", "Identifier": { "PURL": "pkg:apk/alpine/apk-tools@3.0.6-r0?arch=x86_64\u0026distro=3.23.4", "UID": "760256a5bdd94a07" }, "Version": "3.0.6-r0", "Arch": "x86_64", "SrcName": "apk-tools", "SrcVersion": "3.0.6-r0", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "ca-certificates-bundle@20260413-r0", "libapk@3.0.6-r0", "libcrypto3@3.5.6-r0", "musl@1.2.5-r23", "zlib@1.3.2-r0" ], "Layer": { "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" }, "Digest": "sha1:86f3b3ef94d1cb213a4ed1187b34a6bb9f593033", "InstalledFiles": [ "sbin/apk" ], "AnalyzedBy": "apk" }, { "ID": "brotli-libs@1.2.0-r0", "Name": "brotli-libs", "Identifier": { "PURL": "pkg:apk/alpine/brotli-libs@1.2.0-r0?arch=x86_64\u0026distro=3.23.4", "UID": "234da2b3c350083b" }, "Version": "1.2.0-r0", "Arch": "x86_64", "SrcName": "brotli", "SrcVersion": "1.2.0-r0", "Licenses": [ "MIT" ], "Maintainer": "prspkt \u003cprspkt@protonmail.com\u003e", "DependsOn": [ "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:0814694602f35d2741e916fdcb4c9a1e0ec50b42", "InstalledFiles": [ "usr/lib/libbrotlicommon.so.1", "usr/lib/libbrotlicommon.so.1.2.0", "usr/lib/libbrotlidec.so.1", "usr/lib/libbrotlidec.so.1.2.0", "usr/lib/libbrotlienc.so.1", "usr/lib/libbrotlienc.so.1.2.0" ], "AnalyzedBy": "apk" }, { "ID": "busybox@1.37.0-r30", "Name": "busybox", "Identifier": { "PURL": "pkg:apk/alpine/busybox@1.37.0-r30?arch=x86_64\u0026distro=3.23.4", "UID": "9647681d0b54db77" }, "Version": "1.37.0-r30", "Arch": "x86_64", "SrcName": "busybox", "SrcVersion": "1.37.0-r30", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", "DependsOn": [ "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" }, "Digest": "sha1:f1347801bb96b1aa40d17f82237c3f4ff02a4725", "InstalledFiles": [ "bin/busybox", "etc/securetty", "etc/busybox-paths.d/busybox", "etc/logrotate.d/acpid", "etc/network/if-up.d/dad", "etc/udhcpc/udhcpc.conf", "usr/share/udhcpc/default.script" ], "AnalyzedBy": "apk" }, { "ID": "busybox-binsh@1.37.0-r30", "Name": "busybox-binsh", "Identifier": { "PURL": "pkg:apk/alpine/busybox-binsh@1.37.0-r30?arch=x86_64\u0026distro=3.23.4", "UID": "3e18d05d46a6f46f" }, "Version": "1.37.0-r30", "Arch": "x86_64", "SrcName": "busybox", "SrcVersion": "1.37.0-r30", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", "DependsOn": [ "busybox@1.37.0-r30" ], "Layer": { "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" }, "Digest": "sha1:188d2d0110afa58e8a3e3e5fd424b2d996df7a09", "InstalledFiles": [ "bin/sh" ], "AnalyzedBy": "apk" }, { "ID": "c-ares@1.34.6-r0", "Name": "c-ares", "Identifier": { "PURL": "pkg:apk/alpine/c-ares@1.34.6-r0?arch=x86_64\u0026distro=3.23.4", "UID": "5be96d5420bec243" }, "Version": "1.34.6-r0", "Arch": "x86_64", "SrcName": "c-ares", "SrcVersion": "1.34.6-r0", "Licenses": [ "MIT" ], "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:e3bb3ff47a277ff9409b8c4bb825099cfe2bcbe2", "InstalledFiles": [ "usr/lib/libcares.so.2", "usr/lib/libcares.so.2.19.5" ], "AnalyzedBy": "apk" }, { "ID": "ca-certificates@20260413-r0", "Name": "ca-certificates", "Identifier": { "PURL": "pkg:apk/alpine/ca-certificates@20260413-r0?arch=x86_64\u0026distro=3.23.4", "UID": "63ca5aff4886266d" }, "Version": "20260413-r0", "Arch": "x86_64", "SrcName": "ca-certificates", "SrcVersion": "20260413-r0", "Licenses": [ "MPL-2.0", "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "busybox-binsh@1.37.0-r30", "libcrypto3@3.5.6-r0", "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:af25e0f0a0412b141942909ed199144cc46f5bbc", "InstalledFiles": [ "etc/ca-certificates.conf", "etc/apk/protected_paths.d/ca-certificates.list", "etc/ca-certificates/update.d/certhash", "usr/bin/c_rehash", "usr/sbin/update-ca-certificates", "usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt", "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt", "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt", "usr/share/ca-certificates/mozilla/ANF_Secure_Server_Root_CA.crt", "usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt", "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt", "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.crt", "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.crt", "usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt", "usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA1.crt", "usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA2.crt", "usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt", "usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt", "usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt", "usr/share/ca-certificates/mozilla/CFCA_EV_ROOT.crt", "usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Certainly_Root_E1.crt", "usr/share/ca-certificates/mozilla/Certainly_Root_R1.crt", "usr/share/ca-certificates/mozilla/Certigna.crt", "usr/share/ca-certificates/mozilla/Certigna_Root_CA.crt", "usr/share/ca-certificates/mozilla/Certum_EC-384_CA.crt", "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt", "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt", "usr/share/ca-certificates/mozilla/Certum_Trusted_Root_CA.crt", "usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_1_2020.crt", "usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_2_2023.crt", "usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_1_2020.crt", "usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_2_2023.crt", "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt", "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt", "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt", "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt", "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt", "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt", "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt", "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt", "usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt", "usr/share/ca-certificates/mozilla/DigiCert_TLS_ECC_P384_Root_G5.crt", "usr/share/ca-certificates/mozilla/DigiCert_TLS_RSA4096_Root_G5.crt", "usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt", "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt", "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/FIRMAPROFESIONAL_CA_ROOT-A_WEB.crt", "usr/share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt", "usr/share/ca-certificates/mozilla/GLOBALTRUST_2020.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R1.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R2.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R3.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R4.crt", "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt", "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_E46.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_R46.crt", "usr/share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/HARICA_TLS_ECC_Root_CA_2021.crt", "usr/share/ca-certificates/mozilla/HARICA_TLS_RSA_Root_CA_2021.crt", "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt", "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt", "usr/share/ca-certificates/mozilla/HiPKI_Root_CA_-_G1.crt", "usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt", "usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt", "usr/share/ca-certificates/mozilla/ISRG_Root_X2.crt", "usr/share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt", "usr/share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt", "usr/share/ca-certificates/mozilla/Izenpe.com.crt", "usr/share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt", "usr/share/ca-certificates/mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt", "usr/share/ca-certificates/mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt", "usr/share/ca-certificates/mozilla/NAVER_Global_Root_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt", "usr/share/ca-certificates/mozilla/OISTE_Server_Root_ECC_G1.crt", "usr/share/ca-certificates/mozilla/OISTE_Server_Root_RSA_G1.crt", "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt", "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt", "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt", "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt", "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt", "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt", "usr/share/ca-certificates/mozilla/SSL.com_TLS_ECC_Root_CA_2022.crt", "usr/share/ca-certificates/mozilla/SSL.com_TLS_RSA_Root_CA_2022.crt", "usr/share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt", "usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_E46.crt", "usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_R46.crt", "usr/share/ca-certificates/mozilla/SecureSign_Root_CA12.crt", "usr/share/ca-certificates/mozilla/SecureSign_Root_CA14.crt", "usr/share/ca-certificates/mozilla/SecureSign_Root_CA15.crt", "usr/share/ca-certificates/mozilla/SecureTrust_CA.crt", "usr/share/ca-certificates/mozilla/Secure_Global_CA.crt", "usr/share/ca-certificates/mozilla/Security_Communication_ECC_RootCA1.crt", "usr/share/ca-certificates/mozilla/Security_Communication_RootCA2.crt", "usr/share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt", "usr/share/ca-certificates/mozilla/SwissSign_RSA_TLS_Root_CA_2022_-_1.crt", "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt", "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt", "usr/share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt", "usr/share/ca-certificates/mozilla/TWCA_CYBER_Root_CA.crt", "usr/share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt", "usr/share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Telekom_Security_TLS_ECC_Root_2020.crt", "usr/share/ca-certificates/mozilla/Telekom_Security_TLS_RSA_Root_2023.crt", "usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt", "usr/share/ca-certificates/mozilla/Telia_Root_CA_v2.crt", "usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G3.crt", "usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G4.crt", "usr/share/ca-certificates/mozilla/TrustAsia_TLS_ECC_Root_CA.crt", "usr/share/ca-certificates/mozilla/TrustAsia_TLS_RSA_Root_CA.crt", "usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/TunTrust_Root_CA.crt", "usr/share/ca-certificates/mozilla/UCA_Extended_Validation_Root.crt", "usr/share/ca-certificates/mozilla/UCA_Global_G2_Root.crt", "usr/share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt", "usr/share/ca-certificates/mozilla/certSIGN_Root_CA_G2.crt", "usr/share/ca-certificates/mozilla/e-Szigno_Root_CA_2017.crt", "usr/share/ca-certificates/mozilla/e-Szigno_TLS_Root_CA_2023.crt", "usr/share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_C3.crt", "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_G3.crt", "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_C1.crt", "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_G1.crt", "usr/share/ca-certificates/mozilla/vTrus_ECC_Root_CA.crt", "usr/share/ca-certificates/mozilla/vTrus_Root_CA.crt" ], "AnalyzedBy": "apk" }, { "ID": "ca-certificates-bundle@20260413-r0", "Name": "ca-certificates-bundle", "Identifier": { "PURL": "pkg:apk/alpine/ca-certificates-bundle@20260413-r0?arch=x86_64\u0026distro=3.23.4", "UID": "d9471547e8751507" }, "Version": "20260413-r0", "Arch": "x86_64", "SrcName": "ca-certificates", "SrcVersion": "20260413-r0", "Licenses": [ "MPL-2.0", "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" }, "Digest": "sha1:44c90827e10115cb6afec51081cb26785dc8f418", "InstalledFiles": [ "etc/ssl/cert.pem", "etc/ssl/certs/ca-certificates.crt", "etc/ssl1.1/cert.pem", "etc/ssl1.1/certs" ], "AnalyzedBy": "apk" }, { "ID": "curl@8.19.0-r0", "Name": "curl", "Identifier": { "PURL": "pkg:apk/alpine/curl@8.19.0-r0?arch=x86_64\u0026distro=3.23.4", "UID": "f9ecf01e03ce7fef" }, "Version": "8.19.0-r0", "Arch": "x86_64", "SrcName": "curl", "SrcVersion": "8.19.0-r0", "Licenses": [ "curl" ], "Maintainer": "Achill Gilgenast \u003cachill@achill.org\u003e", "DependsOn": [ "libcurl@8.19.0-r0", "musl@1.2.5-r23", "zlib@1.3.2-r0" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:812f1083cfc10c65b05b05bb4adfa3acb5cf6058", "InstalledFiles": [ "usr/bin/curl", "usr/bin/wcurl" ], "AnalyzedBy": "apk" }, { "ID": "fontconfig@2.17.1-r0", "Name": "fontconfig", "Identifier": { "PURL": "pkg:apk/alpine/fontconfig@2.17.1-r0?arch=x86_64\u0026distro=3.23.4", "UID": "d805dd422ee9c232" }, "Version": "2.17.1-r0", "Arch": "x86_64", "SrcName": "fontconfig", "SrcVersion": "2.17.1-r0", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "busybox-binsh@1.37.0-r30", "freetype@2.14.1-r0", "libexpat@2.7.5-r0", "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:8037b007516a65d246442a781a05f627073394d0", "InstalledFiles": [ "etc/fonts/fonts.conf", "etc/fonts/conf.d/10-hinting-slight.conf", "etc/fonts/conf.d/10-scale-bitmap-fonts.conf", "etc/fonts/conf.d/10-sub-pixel-none.conf", "etc/fonts/conf.d/10-yes-antialias.conf", "etc/fonts/conf.d/11-lcdfilter-default.conf", "etc/fonts/conf.d/20-unhint-small-vera.conf", "etc/fonts/conf.d/30-metric-aliases.conf", "etc/fonts/conf.d/40-nonlatin.conf", "etc/fonts/conf.d/45-generic.conf", "etc/fonts/conf.d/45-latin.conf", "etc/fonts/conf.d/48-spacing.conf", "etc/fonts/conf.d/49-sansserif.conf", "etc/fonts/conf.d/50-user.conf", "etc/fonts/conf.d/51-local.conf", "etc/fonts/conf.d/60-generic.conf", "etc/fonts/conf.d/60-latin.conf", "etc/fonts/conf.d/65-fonts-persian.conf", "etc/fonts/conf.d/65-nonlatin.conf", "etc/fonts/conf.d/69-unifont.conf", "etc/fonts/conf.d/70-no-bitmaps-except-emoji.conf", "etc/fonts/conf.d/80-delicious.conf", "etc/fonts/conf.d/90-synthetic.conf", "etc/fonts/conf.d/README", "usr/bin/fc-cache", "usr/bin/fc-cat", "usr/bin/fc-conflist", "usr/bin/fc-list", "usr/bin/fc-match", "usr/bin/fc-pattern", "usr/bin/fc-query", "usr/bin/fc-scan", "usr/bin/fc-validate", "usr/lib/libfontconfig.so.1", "usr/lib/libfontconfig.so.1.16.1", "usr/share/fontconfig/conf.avail/05-reset-dirs-sample.conf", "usr/share/fontconfig/conf.avail/09-autohint-if-no-hinting.conf", "usr/share/fontconfig/conf.avail/10-autohint.conf", "usr/share/fontconfig/conf.avail/10-hinting-full.conf", "usr/share/fontconfig/conf.avail/10-hinting-medium.conf", "usr/share/fontconfig/conf.avail/10-hinting-none.conf", "usr/share/fontconfig/conf.avail/10-hinting-slight.conf", "usr/share/fontconfig/conf.avail/10-no-antialias.conf", "usr/share/fontconfig/conf.avail/10-scale-bitmap-fonts.conf", "usr/share/fontconfig/conf.avail/10-sub-pixel-bgr.conf", "usr/share/fontconfig/conf.avail/10-sub-pixel-none.conf", "usr/share/fontconfig/conf.avail/10-sub-pixel-rgb.conf", "usr/share/fontconfig/conf.avail/10-sub-pixel-vbgr.conf", "usr/share/fontconfig/conf.avail/10-sub-pixel-vrgb.conf", "usr/share/fontconfig/conf.avail/10-unhinted.conf", "usr/share/fontconfig/conf.avail/10-yes-antialias.conf", "usr/share/fontconfig/conf.avail/11-lcdfilter-default.conf", "usr/share/fontconfig/conf.avail/11-lcdfilter-legacy.conf", "usr/share/fontconfig/conf.avail/11-lcdfilter-light.conf", "usr/share/fontconfig/conf.avail/11-lcdfilter-none.conf", "usr/share/fontconfig/conf.avail/20-unhint-small-vera.conf", "usr/share/fontconfig/conf.avail/25-unhint-nonlatin.conf", "usr/share/fontconfig/conf.avail/30-metric-aliases.conf", "usr/share/fontconfig/conf.avail/35-lang-normalize.conf", "usr/share/fontconfig/conf.avail/40-nonlatin.conf", "usr/share/fontconfig/conf.avail/45-generic.conf", "usr/share/fontconfig/conf.avail/45-latin.conf", "usr/share/fontconfig/conf.avail/48-guessfamily.conf", "usr/share/fontconfig/conf.avail/48-spacing.conf", "usr/share/fontconfig/conf.avail/49-sansserif.conf", "usr/share/fontconfig/conf.avail/50-user.conf", "usr/share/fontconfig/conf.avail/51-local.conf", "usr/share/fontconfig/conf.avail/60-generic.conf", "usr/share/fontconfig/conf.avail/60-latin.conf", "usr/share/fontconfig/conf.avail/65-fonts-persian.conf", "usr/share/fontconfig/conf.avail/65-khmer.conf", "usr/share/fontconfig/conf.avail/65-nonlatin.conf", "usr/share/fontconfig/conf.avail/69-unifont.conf", "usr/share/fontconfig/conf.avail/70-no-bitmaps-and-emoji.conf", "usr/share/fontconfig/conf.avail/70-no-bitmaps-except-emoji.conf", "usr/share/fontconfig/conf.avail/70-no-bitmaps.conf", "usr/share/fontconfig/conf.avail/70-yes-bitmaps.conf", "usr/share/fontconfig/conf.avail/80-delicious.conf", "usr/share/fontconfig/conf.avail/90-synthetic.conf", "usr/share/xml/fontconfig/fonts.dtd" ], "AnalyzedBy": "apk" }, { "ID": "freetype@2.14.1-r0", "Name": "freetype", "Identifier": { "PURL": "pkg:apk/alpine/freetype@2.14.1-r0?arch=x86_64\u0026distro=3.23.4", "UID": "d0ae0a3d160c9ff2" }, "Version": "2.14.1-r0", "Arch": "x86_64", "SrcName": "freetype", "SrcVersion": "2.14.1-r0", "Licenses": [ "FTL", "GPL-2.0-or-later" ], "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", "DependsOn": [ "brotli-libs@1.2.0-r0", "libbz2@1.0.8-r6", "libpng@1.6.58-r1", "musl@1.2.5-r23", "zlib@1.3.2-r0" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:e227f29a00edd7ed5b1e62a050da6532183e60be", "InstalledFiles": [ "usr/lib/libfreetype.so.6", "usr/lib/libfreetype.so.6.20.4" ], "AnalyzedBy": "apk" }, { "ID": "geoip@1.6.12-r6", "Name": "geoip", "Identifier": { "PURL": "pkg:apk/alpine/geoip@1.6.12-r6?arch=x86_64\u0026distro=3.23.4", "UID": "e21c96f348abf9a7" }, "Version": "1.6.12-r6", "Arch": "x86_64", "SrcName": "geoip", "SrcVersion": "1.6.12-r6", "Licenses": [ "LGPL-2.1-or-later" ], "Maintainer": "Leonardo Arena \u003crnalrd@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:8f2ea64ecb173949f03ec2371db4b534f142450f", "InstalledFiles": [ "usr/bin/geoiplookup", "usr/bin/geoiplookup6", "usr/lib/libGeoIP.so.1", "usr/lib/libGeoIP.so.1.6.12" ], "AnalyzedBy": "apk" }, { "ID": "gettext-envsubst@0.24.1-r1", "Name": "gettext-envsubst", "Identifier": { "PURL": "pkg:apk/alpine/gettext-envsubst@0.24.1-r1?arch=x86_64\u0026distro=3.23.4", "UID": "74b745a88adcfea9" }, "Version": "0.24.1-r1", "Arch": "x86_64", "SrcName": "gettext", "SrcVersion": "0.24.1-r1", "Licenses": [ "GPL-3.0-or-later", "LGPL-2.1-or-later", "MIT" ], "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", "DependsOn": [ "libintl@0.24.1-r1", "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:2761f2b929073faf02088d1cd321e4cdd3134ccb2eb483426a89aa7a29d17031", "DiffID": "sha256:5c5807454fd20888bebec1e53ba39804c582db55e8273de961a6c8b96c68e5c8" }, "Digest": "sha1:7593f7d82a7c943f0114a5f700788c53afb8a554", "InstalledFiles": [ "usr/bin/envsubst" ], "AnalyzedBy": "apk" }, { "ID": "libapk@3.0.6-r0", "Name": "libapk", "Identifier": { "PURL": "pkg:apk/alpine/libapk@3.0.6-r0?arch=x86_64\u0026distro=3.23.4", "UID": "47dcfb9093b112c1" }, "Version": "3.0.6-r0", "Arch": "x86_64", "SrcName": "apk-tools", "SrcVersion": "3.0.6-r0", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libcrypto3@3.5.6-r0", "libssl3@3.5.6-r0", "musl@1.2.5-r23", "zlib@1.3.2-r0" ], "Layer": { "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" }, "Digest": "sha1:f064c8318c4f7f17da6a490921ce0d5e709fc063", "InstalledFiles": [ "usr/lib/libapk.so.3.0.0" ], "AnalyzedBy": "apk" }, { "ID": "libavif@1.3.0-r0", "Name": "libavif", "Identifier": { "PURL": "pkg:apk/alpine/libavif@1.3.0-r0?arch=x86_64\u0026distro=3.23.4", "UID": "655cdbc6c9ce9e5b" }, "Version": "1.3.0-r0", "Arch": "x86_64", "SrcName": "libavif", "SrcVersion": "1.3.0-r0", "Licenses": [ "BSD-2-Clause" ], "Maintainer": "Bart Ribbers \u003cbribbers@disroot.org\u003e", "DependsOn": [ "aom-libs@3.13.1-r1", "libdav1d@1.5.2-r0", "libyuv@0.0.1887.20251502-r1", "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:6e0e61c8a9d1cb5a4a5f3faa64fb597844614f93", "InstalledFiles": [ "usr/lib/libavif.so.16", "usr/lib/libavif.so.16.3.0" ], "AnalyzedBy": "apk" }, { "ID": "libbsd@0.12.2-r0", "Name": "libbsd", "Identifier": { "PURL": "pkg:apk/alpine/libbsd@0.12.2-r0?arch=x86_64\u0026distro=3.23.4", "UID": "dd77a74c79623bb3" }, "Version": "0.12.2-r0", "Arch": "x86_64", "SrcName": "libbsd", "SrcVersion": "0.12.2-r0", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libmd@1.1.0-r0", "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:33970b157edad359d05a2c3e6f3460e725549c8b", "InstalledFiles": [ "usr/lib/libbsd.so.0", "usr/lib/libbsd.so.0.12.2" ], "AnalyzedBy": "apk" }, { "ID": "libbz2@1.0.8-r6", "Name": "libbz2", "Identifier": { "PURL": "pkg:apk/alpine/libbz2@1.0.8-r6?arch=x86_64\u0026distro=3.23.4", "UID": "d5d1649d0ebe2b41" }, "Version": "1.0.8-r6", "Arch": "x86_64", "SrcName": "bzip2", "SrcVersion": "1.0.8-r6", "Licenses": [ "bzip-2-1.0.6" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:864d363da11ee24c7920e0d052d2da7f8429251e", "InstalledFiles": [ "usr/lib/libbz2.so.1", "usr/lib/libbz2.so.1.0.8" ], "AnalyzedBy": "apk" }, { "ID": "libcrypto3@3.5.6-r0", "Name": "libcrypto3", "Identifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.6-r0?arch=x86_64\u0026distro=3.23.4", "UID": "975680d851f10fda" }, "Version": "3.5.6-r0", "Arch": "x86_64", "SrcName": "openssl", "SrcVersion": "3.5.6-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" }, "Digest": "sha1:9e7a866d0d052d290d3f9d621a4c89214188acff", "InstalledFiles": [ "etc/ssl/ct_log_list.cnf", "etc/ssl/ct_log_list.cnf.dist", "etc/ssl/openssl.cnf", "etc/ssl/openssl.cnf.dist", "usr/lib/libcrypto.so.3", "usr/lib/engines-3/afalg.so", "usr/lib/engines-3/capi.so", "usr/lib/engines-3/loader_attic.so", "usr/lib/engines-3/padlock.so", "usr/lib/ossl-modules/legacy.so" ], "AnalyzedBy": "apk" }, { "ID": "libcurl@8.19.0-r0", "Name": "libcurl", "Identifier": { "PURL": "pkg:apk/alpine/libcurl@8.19.0-r0?arch=x86_64\u0026distro=3.23.4", "UID": "ae99b13d03576e54" }, "Version": "8.19.0-r0", "Arch": "x86_64", "SrcName": "curl", "SrcVersion": "8.19.0-r0", "Licenses": [ "curl" ], "Maintainer": "Achill Gilgenast \u003cachill@achill.org\u003e", "DependsOn": [ "brotli-libs@1.2.0-r0", "c-ares@1.34.6-r0", "ca-certificates-bundle@20260413-r0", "libcrypto3@3.5.6-r0", "libidn2@2.3.8-r0", "libpsl@0.21.5-r3", "libssl3@3.5.6-r0", "musl@1.2.5-r23", "nghttp2-libs@1.69.0-r0", "zlib@1.3.2-r0", "zstd-libs@1.5.7-r2" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:c833586b6e5dcd4a10da7cf354b01d9e0ee10da8", "InstalledFiles": [ "usr/lib/libcurl.so.4", "usr/lib/libcurl.so.4.8.0" ], "AnalyzedBy": "apk" }, { "ID": "libdav1d@1.5.2-r0", "Name": "libdav1d", "Identifier": { "PURL": "pkg:apk/alpine/libdav1d@1.5.2-r0?arch=x86_64\u0026distro=3.23.4", "UID": "470e133c6bf6f9c4" }, "Version": "1.5.2-r0", "Arch": "x86_64", "SrcName": "dav1d", "SrcVersion": "1.5.2-r0", "Licenses": [ "BSD-2-Clause" ], "Maintainer": "Bart Ribbers \u003cbribbers@disroot.org\u003e", "DependsOn": [ "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:62a9676453a8b99cfb42148cfd26df3b964bcc1b", "InstalledFiles": [ "usr/lib/libdav1d.so.7", "usr/lib/libdav1d.so.7.0.0" ], "AnalyzedBy": "apk" }, { "ID": "libedit@20251016.3.1-r0", "Name": "libedit", "Identifier": { "PURL": "pkg:apk/alpine/libedit@20251016.3.1-r0?arch=x86_64\u0026distro=3.23.4", "UID": "4cd9b43219994542" }, "Version": "20251016.3.1-r0", "Arch": "x86_64", "SrcName": "libedit", "SrcVersion": "20251016.3.1-r0", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Celeste \u003ccielesti@protonmail.com\u003e", "DependsOn": [ "libncursesw@6.5_p20251123-r0", "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:463f69335a3223b1ce6856ce3bef5c03fee721bf", "InstalledFiles": [ "usr/lib/libedit.so.0", "usr/lib/libedit.so.0.0.76" ], "AnalyzedBy": "apk" }, { "ID": "libexpat@2.7.5-r0", "Name": "libexpat", "Identifier": { "PURL": "pkg:apk/alpine/libexpat@2.7.5-r0?arch=x86_64\u0026distro=3.23.4", "UID": "28e722d1da61bc2e" }, "Version": "2.7.5-r0", "Arch": "x86_64", "SrcName": "expat", "SrcVersion": "2.7.5-r0", "Licenses": [ "MIT" ], "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:5760d53ddd7cca8a742c672e4e00a475718eacaa", "InstalledFiles": [ "usr/lib/libexpat.so.1", "usr/lib/libexpat.so.1.11.3" ], "AnalyzedBy": "apk" }, { "ID": "libgcc@15.2.0-r2", "Name": "libgcc", "Identifier": { "PURL": "pkg:apk/alpine/libgcc@15.2.0-r2?arch=x86_64\u0026distro=3.23.4", "UID": "89fff20701e56ab7" }, "Version": "15.2.0-r2", "Arch": "x86_64", "SrcName": "gcc", "SrcVersion": "15.2.0-r2", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.1-or-later" ], "Maintainer": "Ariadne Conill \u003cariadne@dereferenced.org\u003e", "DependsOn": [ "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:57fccbe9eebf23f2c4f38ee2a24f8b0bdd508ff7", "InstalledFiles": [ "usr/lib/libgcc_s.so.1" ], "AnalyzedBy": "apk" }, { "ID": "libgd@2.3.3-r10", "Name": "libgd", "Identifier": { "PURL": "pkg:apk/alpine/libgd@2.3.3-r10?arch=x86_64\u0026distro=3.23.4", "UID": "b67312ef2319dd49" }, "Version": "2.3.3-r10", "Arch": "x86_64", "SrcName": "gd", "SrcVersion": "2.3.3-r10", "Licenses": [ "GD" ], "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", "DependsOn": [ "fontconfig@2.17.1-r0", "freetype@2.14.1-r0", "libavif@1.3.0-r0", "libjpeg-turbo@3.1.2-r0", "libpng@1.6.58-r1", "libwebp@1.6.0-r0", "libxpm@3.5.19-r0", "musl@1.2.5-r23", "tiff@4.7.1-r0", "zlib@1.3.2-r0" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:948454e00c660b6ddf1338a857959222f0888336", "InstalledFiles": [ "usr/lib/libgd.so.3", "usr/lib/libgd.so.3.0.11" ], "AnalyzedBy": "apk" }, { "ID": "libice@1.1.2-r0", "Name": "libice", "Identifier": { "PURL": "pkg:apk/alpine/libice@1.1.2-r0?arch=x86_64\u0026distro=3.23.4", "UID": "3348caa25e2ecdc4" }, "Version": "1.1.2-r0", "Arch": "x86_64", "SrcName": "libice", "SrcVersion": "1.1.2-r0", "Licenses": [ "X-11" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:997a01303f63cee0ba9773f0cd9b26b2eb5e6ace", "InstalledFiles": [ "usr/lib/libICE.so.6", "usr/lib/libICE.so.6.3.0" ], "AnalyzedBy": "apk" }, { "ID": "libidn2@2.3.8-r0", "Name": "libidn2", "Identifier": { "PURL": "pkg:apk/alpine/libidn2@2.3.8-r0?arch=x86_64\u0026distro=3.23.4", "UID": "f2e21ad261c22630" }, "Version": "2.3.8-r0", "Arch": "x86_64", "SrcName": "libidn2", "SrcVersion": "2.3.8-r0", "Licenses": [ "GPL-2.0-or-later", "LGPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libunistring@1.4.1-r0", "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:b8c5bfa365da5c360a01230db4d71e65af94af3d", "InstalledFiles": [ "usr/lib/libidn2.so.0", "usr/lib/libidn2.so.0.4.0" ], "AnalyzedBy": "apk" }, { "ID": "libintl@0.24.1-r1", "Name": "libintl", "Identifier": { "PURL": "pkg:apk/alpine/libintl@0.24.1-r1?arch=x86_64\u0026distro=3.23.4", "UID": "6b922bec7f8abaa" }, "Version": "0.24.1-r1", "Arch": "x86_64", "SrcName": "gettext", "SrcVersion": "0.24.1-r1", "Licenses": [ "LGPL-2.1-or-later" ], "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:2761f2b929073faf02088d1cd321e4cdd3134ccb2eb483426a89aa7a29d17031", "DiffID": "sha256:5c5807454fd20888bebec1e53ba39804c582db55e8273de961a6c8b96c68e5c8" }, "Digest": "sha1:0222324bb4dfd35e8a3ec821c86eb5afbd43a3af", "InstalledFiles": [ "usr/lib/libintl.so.8", "usr/lib/libintl.so.8.4.3" ], "AnalyzedBy": "apk" }, { "ID": "libjpeg-turbo@3.1.2-r0", "Name": "libjpeg-turbo", "Identifier": { "PURL": "pkg:apk/alpine/libjpeg-turbo@3.1.2-r0?arch=x86_64\u0026distro=3.23.4", "UID": "76e9eea31b92641e" }, "Version": "3.1.2-r0", "Arch": "x86_64", "SrcName": "libjpeg-turbo", "SrcVersion": "3.1.2-r0", "Licenses": [ "BSD-3-Clause", "IJG", "Zlib" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:aa025fb7ecf9bd65ef2afe47e3740639521e09ce", "InstalledFiles": [ "usr/lib/libjpeg.so.8", "usr/lib/libjpeg.so.8.3.2" ], "AnalyzedBy": "apk" }, { "ID": "libmd@1.1.0-r0", "Name": "libmd", "Identifier": { "PURL": "pkg:apk/alpine/libmd@1.1.0-r0?arch=x86_64\u0026distro=3.23.4", "UID": "53cb33d88e504fac" }, "Version": "1.1.0-r0", "Arch": "x86_64", "SrcName": "libmd", "SrcVersion": "1.1.0-r0", "Licenses": [ "BSD-3-Clause", "BSD-2-Clause", "ISC", "Beerware", "Public", "Domain" ], "Maintainer": "omni \u003comni+alpine@hack.org\u003e", "DependsOn": [ "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:ce7c57bd1f6628da8ba0d3f2ac18f6d8c93c0346", "InstalledFiles": [ "usr/lib/libmd.so.0", "usr/lib/libmd.so.0.1.0" ], "AnalyzedBy": "apk" }, { "ID": "libncursesw@6.5_p20251123-r0", "Name": "libncursesw", "Identifier": { "PURL": "pkg:apk/alpine/libncursesw@6.5_p20251123-r0?arch=x86_64\u0026distro=3.23.4", "UID": "edc30eb15f442d49" }, "Version": "6.5_p20251123-r0", "Arch": "x86_64", "SrcName": "ncurses", "SrcVersion": "6.5_p20251123-r0", "Licenses": [ "X-11" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r23", "ncurses-terminfo-base@6.5_p20251123-r0" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:649d3041c52b80620fb50a98f5979d25ebbe1523", "InstalledFiles": [ "usr/lib/libncursesw.so.6", "usr/lib/libncursesw.so.6.5" ], "AnalyzedBy": "apk" }, { "ID": "libpng@1.6.58-r1", "Name": "libpng", "Identifier": { "PURL": "pkg:apk/alpine/libpng@1.6.58-r1?arch=x86_64\u0026distro=3.23.4", "UID": "f22fca42d750ae4d" }, "Version": "1.6.58-r1", "Arch": "x86_64", "SrcName": "libpng", "SrcVersion": "1.6.58-r1", "Licenses": [ "Libpng" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r23", "zlib@1.3.2-r0" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:2dce71ea975aa82cbbcfcaac80af209bc84dd3c8", "InstalledFiles": [ "usr/lib/libpng16.so.16", "usr/lib/libpng16.so.16.58.0" ], "AnalyzedBy": "apk" }, { "ID": "libpsl@0.21.5-r3", "Name": "libpsl", "Identifier": { "PURL": "pkg:apk/alpine/libpsl@0.21.5-r3?arch=x86_64\u0026distro=3.23.4", "UID": "3b2044e446534821" }, "Version": "0.21.5-r3", "Arch": "x86_64", "SrcName": "libpsl", "SrcVersion": "0.21.5-r3", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libidn2@2.3.8-r0", "libunistring@1.4.1-r0", "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:b663c00f920a93be49c825555aa1a212e4287393", "InstalledFiles": [ "usr/lib/libpsl.so.5", "usr/lib/libpsl.so.5.3.5" ], "AnalyzedBy": "apk" }, { "ID": "libsharpyuv@1.6.0-r0", "Name": "libsharpyuv", "Identifier": { "PURL": "pkg:apk/alpine/libsharpyuv@1.6.0-r0?arch=x86_64\u0026distro=3.23.4", "UID": "73fb52723f19371d" }, "Version": "1.6.0-r0", "Arch": "x86_64", "SrcName": "libwebp", "SrcVersion": "1.6.0-r0", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:9bbf3958ac62e163084cde753276246e56ff298b", "InstalledFiles": [ "usr/lib/libsharpyuv.so.0", "usr/lib/libsharpyuv.so.0.1.2" ], "AnalyzedBy": "apk" }, { "ID": "libsm@1.2.6-r0", "Name": "libsm", "Identifier": { "PURL": "pkg:apk/alpine/libsm@1.2.6-r0?arch=x86_64\u0026distro=3.23.4", "UID": "5b884a45ca171ccf" }, "Version": "1.2.6-r0", "Arch": "x86_64", "SrcName": "libsm", "SrcVersion": "1.2.6-r0", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libice@1.1.2-r0", "libuuid@2.41.4-r0", "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:244b3b3e68f3c6c11c6202320109d460a2498e76", "InstalledFiles": [ "usr/lib/libSM.so.6", "usr/lib/libSM.so.6.0.1" ], "AnalyzedBy": "apk" }, { "ID": "libssl3@3.5.6-r0", "Name": "libssl3", "Identifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.6-r0?arch=x86_64\u0026distro=3.23.4", "UID": "aece396067dff154" }, "Version": "3.5.6-r0", "Arch": "x86_64", "SrcName": "openssl", "SrcVersion": "3.5.6-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libcrypto3@3.5.6-r0", "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" }, "Digest": "sha1:5a2620d507434903b747470a76b47e24b222de5e", "InstalledFiles": [ "usr/lib/libssl.so.3" ], "AnalyzedBy": "apk" }, { "ID": "libstdc++@15.2.0-r2", "Name": "libstdc++", "Identifier": { "PURL": "pkg:apk/alpine/libstdc%2B%2B@15.2.0-r2?arch=x86_64\u0026distro=3.23.4", "UID": "3ff8ae215a6a54a6" }, "Version": "15.2.0-r2", "Arch": "x86_64", "SrcName": "gcc", "SrcVersion": "15.2.0-r2", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.1-or-later" ], "Maintainer": "Ariadne Conill \u003cariadne@dereferenced.org\u003e", "DependsOn": [ "libgcc@15.2.0-r2", "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:528d77417a16706468af852f2859ad00f176e266", "InstalledFiles": [ "usr/lib/libstdc++.so.6", "usr/lib/libstdc++.so.6.0.34" ], "AnalyzedBy": "apk" }, { "ID": "libunistring@1.4.1-r0", "Name": "libunistring", "Identifier": { "PURL": "pkg:apk/alpine/libunistring@1.4.1-r0?arch=x86_64\u0026distro=3.23.4", "UID": "97a3c9b2cf3d0f9e" }, "Version": "1.4.1-r0", "Arch": "x86_64", "SrcName": "libunistring", "SrcVersion": "1.4.1-r0", "Licenses": [ "GPL-2.0-or-later", "LGPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:6e56562bde456bee5971787d3d95c34e84ced797", "InstalledFiles": [ "usr/lib/libunistring.so.5", "usr/lib/libunistring.so.5.2.1" ], "AnalyzedBy": "apk" }, { "ID": "libuuid@2.41.4-r0", "Name": "libuuid", "Identifier": { "PURL": "pkg:apk/alpine/libuuid@2.41.4-r0?arch=x86_64\u0026distro=3.23.4", "UID": "833419752375af8a" }, "Version": "2.41.4-r0", "Arch": "x86_64", "SrcName": "util-linux", "SrcVersion": "2.41.4-r0", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:d03966d821a1d9454e5576f96ec455824112fe46", "InstalledFiles": [ "usr/lib/libuuid.so.1", "usr/lib/libuuid.so.1.3.0" ], "AnalyzedBy": "apk" }, { "ID": "libwebp@1.6.0-r0", "Name": "libwebp", "Identifier": { "PURL": "pkg:apk/alpine/libwebp@1.6.0-r0?arch=x86_64\u0026distro=3.23.4", "UID": "cf3db5e019392979" }, "Version": "1.6.0-r0", "Arch": "x86_64", "SrcName": "libwebp", "SrcVersion": "1.6.0-r0", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libsharpyuv@1.6.0-r0", "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:46f79fe406ce611058a6c0ce995ebe85f7b73c7a", "InstalledFiles": [ "usr/lib/libwebp.so.7", "usr/lib/libwebp.so.7.2.0" ], "AnalyzedBy": "apk" }, { "ID": "libx11@1.8.12-r1", "Name": "libx11", "Identifier": { "PURL": "pkg:apk/alpine/libx11@1.8.12-r1?arch=x86_64\u0026distro=3.23.4", "UID": "e8538d9e85dca6bf" }, "Version": "1.8.12-r1", "Arch": "x86_64", "SrcName": "libx11", "SrcVersion": "1.8.12-r1", "Licenses": [ "X-11" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libxcb@1.17.0-r1", "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:689b36ec47d6c9abb9cbd0c7067ba4636568dbd5", "InstalledFiles": [ "usr/lib/libX11-xcb.so.1", "usr/lib/libX11-xcb.so.1.0.0", "usr/lib/libX11.so.6", "usr/lib/libX11.so.6.4.0", "usr/share/X11/XErrorDB", "usr/share/X11/Xcms.txt", "usr/share/X11/locale/compose.dir", "usr/share/X11/locale/locale.alias", "usr/share/X11/locale/locale.dir", "usr/share/X11/locale/C/Compose", "usr/share/X11/locale/C/XI18N_OBJS", "usr/share/X11/locale/C/XLC_LOCALE", "usr/share/X11/locale/am_ET.UTF-8/Compose", "usr/share/X11/locale/am_ET.UTF-8/XI18N_OBJS", "usr/share/X11/locale/am_ET.UTF-8/XLC_LOCALE", "usr/share/X11/locale/armscii-8/Compose", "usr/share/X11/locale/armscii-8/XI18N_OBJS", "usr/share/X11/locale/armscii-8/XLC_LOCALE", "usr/share/X11/locale/cs_CZ.UTF-8/Compose", "usr/share/X11/locale/cs_CZ.UTF-8/XI18N_OBJS", "usr/share/X11/locale/cs_CZ.UTF-8/XLC_LOCALE", "usr/share/X11/locale/el_GR.UTF-8/Compose", "usr/share/X11/locale/el_GR.UTF-8/XI18N_OBJS", "usr/share/X11/locale/el_GR.UTF-8/XLC_LOCALE", "usr/share/X11/locale/en_US.UTF-8/Compose", "usr/share/X11/locale/en_US.UTF-8/XI18N_OBJS", "usr/share/X11/locale/en_US.UTF-8/XLC_LOCALE", "usr/share/X11/locale/fi_FI.UTF-8/Compose", "usr/share/X11/locale/fi_FI.UTF-8/XI18N_OBJS", "usr/share/X11/locale/fi_FI.UTF-8/XLC_LOCALE", "usr/share/X11/locale/georgian-academy/Compose", "usr/share/X11/locale/georgian-academy/XI18N_OBJS", "usr/share/X11/locale/georgian-academy/XLC_LOCALE", "usr/share/X11/locale/georgian-ps/Compose", "usr/share/X11/locale/georgian-ps/XI18N_OBJS", "usr/share/X11/locale/georgian-ps/XLC_LOCALE", "usr/share/X11/locale/ibm-cp1133/Compose", "usr/share/X11/locale/ibm-cp1133/XI18N_OBJS", "usr/share/X11/locale/ibm-cp1133/XLC_LOCALE", "usr/share/X11/locale/iscii-dev/Compose", "usr/share/X11/locale/iscii-dev/XI18N_OBJS", "usr/share/X11/locale/iscii-dev/XLC_LOCALE", "usr/share/X11/locale/isiri-3342/Compose", "usr/share/X11/locale/isiri-3342/XI18N_OBJS", "usr/share/X11/locale/isiri-3342/XLC_LOCALE", "usr/share/X11/locale/iso8859-1/Compose", "usr/share/X11/locale/iso8859-1/XI18N_OBJS", "usr/share/X11/locale/iso8859-1/XLC_LOCALE", "usr/share/X11/locale/iso8859-10/Compose", "usr/share/X11/locale/iso8859-10/XI18N_OBJS", "usr/share/X11/locale/iso8859-10/XLC_LOCALE", "usr/share/X11/locale/iso8859-11/Compose", "usr/share/X11/locale/iso8859-11/XI18N_OBJS", "usr/share/X11/locale/iso8859-11/XLC_LOCALE", "usr/share/X11/locale/iso8859-13/Compose", "usr/share/X11/locale/iso8859-13/XI18N_OBJS", "usr/share/X11/locale/iso8859-13/XLC_LOCALE", "usr/share/X11/locale/iso8859-14/Compose", "usr/share/X11/locale/iso8859-14/XI18N_OBJS", "usr/share/X11/locale/iso8859-14/XLC_LOCALE", "usr/share/X11/locale/iso8859-15/Compose", "usr/share/X11/locale/iso8859-15/XI18N_OBJS", "usr/share/X11/locale/iso8859-15/XLC_LOCALE", "usr/share/X11/locale/iso8859-2/Compose", "usr/share/X11/locale/iso8859-2/XI18N_OBJS", "usr/share/X11/locale/iso8859-2/XLC_LOCALE", "usr/share/X11/locale/iso8859-3/Compose", "usr/share/X11/locale/iso8859-3/XI18N_OBJS", "usr/share/X11/locale/iso8859-3/XLC_LOCALE", "usr/share/X11/locale/iso8859-4/Compose", "usr/share/X11/locale/iso8859-4/XI18N_OBJS", "usr/share/X11/locale/iso8859-4/XLC_LOCALE", "usr/share/X11/locale/iso8859-5/Compose", "usr/share/X11/locale/iso8859-5/XI18N_OBJS", "usr/share/X11/locale/iso8859-5/XLC_LOCALE", "usr/share/X11/locale/iso8859-6/Compose", "usr/share/X11/locale/iso8859-6/XI18N_OBJS", "usr/share/X11/locale/iso8859-6/XLC_LOCALE", "usr/share/X11/locale/iso8859-7/Compose", "usr/share/X11/locale/iso8859-7/XI18N_OBJS", "usr/share/X11/locale/iso8859-7/XLC_LOCALE", "usr/share/X11/locale/iso8859-8/Compose", "usr/share/X11/locale/iso8859-8/XI18N_OBJS", "usr/share/X11/locale/iso8859-8/XLC_LOCALE", "usr/share/X11/locale/iso8859-9/Compose", "usr/share/X11/locale/iso8859-9/XI18N_OBJS", "usr/share/X11/locale/iso8859-9/XLC_LOCALE", "usr/share/X11/locale/iso8859-9e/Compose", "usr/share/X11/locale/iso8859-9e/XI18N_OBJS", "usr/share/X11/locale/iso8859-9e/XLC_LOCALE", "usr/share/X11/locale/ja/Compose", "usr/share/X11/locale/ja/XI18N_OBJS", "usr/share/X11/locale/ja/XLC_LOCALE", "usr/share/X11/locale/ja.JIS/Compose", "usr/share/X11/locale/ja.JIS/XI18N_OBJS", "usr/share/X11/locale/ja.JIS/XLC_LOCALE", "usr/share/X11/locale/ja.SJIS/Compose", "usr/share/X11/locale/ja.SJIS/XI18N_OBJS", "usr/share/X11/locale/ja.SJIS/XLC_LOCALE", "usr/share/X11/locale/ja_JP.UTF-8/Compose", "usr/share/X11/locale/ja_JP.UTF-8/XI18N_OBJS", "usr/share/X11/locale/ja_JP.UTF-8/XLC_LOCALE", "usr/share/X11/locale/km_KH.UTF-8/Compose", "usr/share/X11/locale/km_KH.UTF-8/XI18N_OBJS", "usr/share/X11/locale/km_KH.UTF-8/XLC_LOCALE", "usr/share/X11/locale/ko/Compose", "usr/share/X11/locale/ko/XI18N_OBJS", "usr/share/X11/locale/ko/XLC_LOCALE", "usr/share/X11/locale/ko_KR.UTF-8/Compose", "usr/share/X11/locale/ko_KR.UTF-8/XI18N_OBJS", "usr/share/X11/locale/ko_KR.UTF-8/XLC_LOCALE", "usr/share/X11/locale/koi8-c/Compose", "usr/share/X11/locale/koi8-c/XI18N_OBJS", "usr/share/X11/locale/koi8-c/XLC_LOCALE", "usr/share/X11/locale/koi8-r/Compose", "usr/share/X11/locale/koi8-r/XI18N_OBJS", "usr/share/X11/locale/koi8-r/XLC_LOCALE", "usr/share/X11/locale/koi8-u/Compose", "usr/share/X11/locale/koi8-u/XI18N_OBJS", "usr/share/X11/locale/koi8-u/XLC_LOCALE", "usr/share/X11/locale/microsoft-cp1251/Compose", "usr/share/X11/locale/microsoft-cp1251/XI18N_OBJS", "usr/share/X11/locale/microsoft-cp1251/XLC_LOCALE", "usr/share/X11/locale/microsoft-cp1255/Compose", "usr/share/X11/locale/microsoft-cp1255/XI18N_OBJS", "usr/share/X11/locale/microsoft-cp1255/XLC_LOCALE", "usr/share/X11/locale/microsoft-cp1256/Compose", "usr/share/X11/locale/microsoft-cp1256/XI18N_OBJS", "usr/share/X11/locale/microsoft-cp1256/XLC_LOCALE", "usr/share/X11/locale/mulelao-1/Compose", "usr/share/X11/locale/mulelao-1/XI18N_OBJS", "usr/share/X11/locale/mulelao-1/XLC_LOCALE", "usr/share/X11/locale/nokhchi-1/Compose", "usr/share/X11/locale/nokhchi-1/XI18N_OBJS", "usr/share/X11/locale/nokhchi-1/XLC_LOCALE", "usr/share/X11/locale/pt_BR.UTF-8/Compose", "usr/share/X11/locale/pt_BR.UTF-8/XI18N_OBJS", "usr/share/X11/locale/pt_BR.UTF-8/XLC_LOCALE", "usr/share/X11/locale/pt_PT.UTF-8/Compose", "usr/share/X11/locale/pt_PT.UTF-8/XI18N_OBJS", "usr/share/X11/locale/pt_PT.UTF-8/XLC_LOCALE", "usr/share/X11/locale/ru_RU.UTF-8/Compose", "usr/share/X11/locale/ru_RU.UTF-8/XI18N_OBJS", "usr/share/X11/locale/ru_RU.UTF-8/XLC_LOCALE", "usr/share/X11/locale/sr_RS.UTF-8/Compose", "usr/share/X11/locale/sr_RS.UTF-8/XI18N_OBJS", "usr/share/X11/locale/sr_RS.UTF-8/XLC_LOCALE", "usr/share/X11/locale/tatar-cyr/Compose", "usr/share/X11/locale/tatar-cyr/XI18N_OBJS", "usr/share/X11/locale/tatar-cyr/XLC_LOCALE", "usr/share/X11/locale/th_TH/Compose", "usr/share/X11/locale/th_TH/XI18N_OBJS", "usr/share/X11/locale/th_TH/XLC_LOCALE", "usr/share/X11/locale/th_TH.UTF-8/Compose", "usr/share/X11/locale/th_TH.UTF-8/XI18N_OBJS", "usr/share/X11/locale/th_TH.UTF-8/XLC_LOCALE", "usr/share/X11/locale/tscii-0/Compose", "usr/share/X11/locale/tscii-0/XI18N_OBJS", "usr/share/X11/locale/tscii-0/XLC_LOCALE", "usr/share/X11/locale/vi_VN.tcvn/Compose", "usr/share/X11/locale/vi_VN.tcvn/XI18N_OBJS", "usr/share/X11/locale/vi_VN.tcvn/XLC_LOCALE", "usr/share/X11/locale/vi_VN.viscii/Compose", "usr/share/X11/locale/vi_VN.viscii/XI18N_OBJS", "usr/share/X11/locale/vi_VN.viscii/XLC_LOCALE", "usr/share/X11/locale/zh_CN/Compose", "usr/share/X11/locale/zh_CN/XI18N_OBJS", "usr/share/X11/locale/zh_CN/XLC_LOCALE", "usr/share/X11/locale/zh_CN.UTF-8/Compose", "usr/share/X11/locale/zh_CN.UTF-8/XI18N_OBJS", "usr/share/X11/locale/zh_CN.UTF-8/XLC_LOCALE", "usr/share/X11/locale/zh_CN.gb18030/Compose", "usr/share/X11/locale/zh_CN.gb18030/XI18N_OBJS", "usr/share/X11/locale/zh_CN.gb18030/XLC_LOCALE", "usr/share/X11/locale/zh_CN.gbk/Compose", "usr/share/X11/locale/zh_CN.gbk/XI18N_OBJS", "usr/share/X11/locale/zh_CN.gbk/XLC_LOCALE", "usr/share/X11/locale/zh_HK.UTF-8/Compose", "usr/share/X11/locale/zh_HK.UTF-8/XI18N_OBJS", "usr/share/X11/locale/zh_HK.UTF-8/XLC_LOCALE", "usr/share/X11/locale/zh_HK.big5/Compose", "usr/share/X11/locale/zh_HK.big5/XI18N_OBJS", "usr/share/X11/locale/zh_HK.big5/XLC_LOCALE", "usr/share/X11/locale/zh_HK.big5hkscs/Compose", "usr/share/X11/locale/zh_HK.big5hkscs/XI18N_OBJS", "usr/share/X11/locale/zh_HK.big5hkscs/XLC_LOCALE", "usr/share/X11/locale/zh_TW/Compose", "usr/share/X11/locale/zh_TW/XI18N_OBJS", "usr/share/X11/locale/zh_TW/XLC_LOCALE", "usr/share/X11/locale/zh_TW.UTF-8/Compose", "usr/share/X11/locale/zh_TW.UTF-8/XI18N_OBJS", "usr/share/X11/locale/zh_TW.UTF-8/XLC_LOCALE", "usr/share/X11/locale/zh_TW.big5/Compose", "usr/share/X11/locale/zh_TW.big5/XI18N_OBJS", "usr/share/X11/locale/zh_TW.big5/XLC_LOCALE" ], "AnalyzedBy": "apk" }, { "ID": "libxau@1.0.12-r0", "Name": "libxau", "Identifier": { "PURL": "pkg:apk/alpine/libxau@1.0.12-r0?arch=x86_64\u0026distro=3.23.4", "UID": "d485bce96f246b42" }, "Version": "1.0.12-r0", "Arch": "x86_64", "SrcName": "libxau", "SrcVersion": "1.0.12-r0", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:89d2bc9daae3cb0e2ae095db6866357b7653f341", "InstalledFiles": [ "usr/lib/libXau.so.6", "usr/lib/libXau.so.6.0.0" ], "AnalyzedBy": "apk" }, { "ID": "libxcb@1.17.0-r1", "Name": "libxcb", "Identifier": { "PURL": "pkg:apk/alpine/libxcb@1.17.0-r1?arch=x86_64\u0026distro=3.23.4", "UID": "9257eaebc5b55b2" }, "Version": "1.17.0-r1", "Arch": "x86_64", "SrcName": "libxcb", "SrcVersion": "1.17.0-r1", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libxau@1.0.12-r0", "libxdmcp@1.1.5-r1", "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:61b06f883e8f8d2d8ee360e4dac04ac037fcca13", "InstalledFiles": [ "usr/lib/libxcb-composite.so.0", "usr/lib/libxcb-composite.so.0.0.0", "usr/lib/libxcb-damage.so.0", "usr/lib/libxcb-damage.so.0.0.0", "usr/lib/libxcb-dbe.so.0", "usr/lib/libxcb-dbe.so.0.0.0", "usr/lib/libxcb-dpms.so.0", "usr/lib/libxcb-dpms.so.0.0.0", "usr/lib/libxcb-dri2.so.0", "usr/lib/libxcb-dri2.so.0.0.0", "usr/lib/libxcb-dri3.so.0", "usr/lib/libxcb-dri3.so.0.1.0", "usr/lib/libxcb-glx.so.0", "usr/lib/libxcb-glx.so.0.0.0", "usr/lib/libxcb-present.so.0", "usr/lib/libxcb-present.so.0.0.0", "usr/lib/libxcb-randr.so.0", "usr/lib/libxcb-randr.so.0.1.0", "usr/lib/libxcb-record.so.0", "usr/lib/libxcb-record.so.0.0.0", "usr/lib/libxcb-render.so.0", "usr/lib/libxcb-render.so.0.0.0", "usr/lib/libxcb-res.so.0", "usr/lib/libxcb-res.so.0.0.0", "usr/lib/libxcb-screensaver.so.0", "usr/lib/libxcb-screensaver.so.0.0.0", "usr/lib/libxcb-shape.so.0", "usr/lib/libxcb-shape.so.0.0.0", "usr/lib/libxcb-shm.so.0", "usr/lib/libxcb-shm.so.0.0.0", "usr/lib/libxcb-sync.so.1", "usr/lib/libxcb-sync.so.1.0.0", "usr/lib/libxcb-xf86dri.so.0", "usr/lib/libxcb-xf86dri.so.0.0.0", "usr/lib/libxcb-xfixes.so.0", "usr/lib/libxcb-xfixes.so.0.0.0", "usr/lib/libxcb-xinerama.so.0", "usr/lib/libxcb-xinerama.so.0.0.0", "usr/lib/libxcb-xinput.so.0", "usr/lib/libxcb-xinput.so.0.1.0", "usr/lib/libxcb-xkb.so.1", "usr/lib/libxcb-xkb.so.1.0.0", "usr/lib/libxcb-xtest.so.0", "usr/lib/libxcb-xtest.so.0.0.0", "usr/lib/libxcb-xv.so.0", "usr/lib/libxcb-xv.so.0.0.0", "usr/lib/libxcb-xvmc.so.0", "usr/lib/libxcb-xvmc.so.0.0.0", "usr/lib/libxcb.so.1", "usr/lib/libxcb.so.1.1.0" ], "AnalyzedBy": "apk" }, { "ID": "libxdmcp@1.1.5-r1", "Name": "libxdmcp", "Identifier": { "PURL": "pkg:apk/alpine/libxdmcp@1.1.5-r1?arch=x86_64\u0026distro=3.23.4", "UID": "4ce7671300ab208e" }, "Version": "1.1.5-r1", "Arch": "x86_64", "SrcName": "libxdmcp", "SrcVersion": "1.1.5-r1", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libbsd@0.12.2-r0", "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:99a24c0fa12282b5ef89a6e732a8d494b7696d9d", "InstalledFiles": [ "usr/lib/libXdmcp.so.6", "usr/lib/libXdmcp.so.6.0.0" ], "AnalyzedBy": "apk" }, { "ID": "libxext@1.3.6-r2", "Name": "libxext", "Identifier": { "PURL": "pkg:apk/alpine/libxext@1.3.6-r2?arch=x86_64\u0026distro=3.23.4", "UID": "6995b5d26ca62497" }, "Version": "1.3.6-r2", "Arch": "x86_64", "SrcName": "libxext", "SrcVersion": "1.3.6-r2", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libx11@1.8.12-r1", "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:92fb4f12c2170403d6a48c7485ecaee40c84bee2", "InstalledFiles": [ "usr/lib/libXext.so.6", "usr/lib/libXext.so.6.4.0" ], "AnalyzedBy": "apk" }, { "ID": "libxml2@2.13.9-r0", "Name": "libxml2", "Identifier": { "PURL": "pkg:apk/alpine/libxml2@2.13.9-r0?arch=x86_64\u0026distro=3.23.4", "UID": "a4c496351a710b02" }, "Version": "2.13.9-r0", "Arch": "x86_64", "SrcName": "libxml2", "SrcVersion": "2.13.9-r0", "Licenses": [ "MIT" ], "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r23", "xz-libs@5.8.3-r0", "zlib@1.3.2-r0" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:9fb56eb6e62b7b6658a8abe14cded8d87a47ebc7", "InstalledFiles": [ "usr/lib/libxml2.so.2", "usr/lib/libxml2.so.2.13.9" ], "AnalyzedBy": "apk" }, { "ID": "libxpm@3.5.19-r0", "Name": "libxpm", "Identifier": { "PURL": "pkg:apk/alpine/libxpm@3.5.19-r0?arch=x86_64\u0026distro=3.23.4", "UID": "9eb303ee5fb7801a" }, "Version": "3.5.19-r0", "Arch": "x86_64", "SrcName": "libxpm", "SrcVersion": "3.5.19-r0", "Licenses": [ "X-11" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libx11@1.8.12-r1", "libxext@1.3.6-r2", "libxt@1.3.1-r0", "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:0c1b2467462bd516e1f3b514854ccca30e0e59c0", "InstalledFiles": [ "usr/bin/cxpm", "usr/bin/sxpm", "usr/lib/libXpm.so.4", "usr/lib/libXpm.so.4.11.0" ], "AnalyzedBy": "apk" }, { "ID": "libxslt@1.1.43-r3", "Name": "libxslt", "Identifier": { "PURL": "pkg:apk/alpine/libxslt@1.1.43-r3?arch=x86_64\u0026distro=3.23.4", "UID": "f615d2a6378e26e8" }, "Version": "1.1.43-r3", "Arch": "x86_64", "SrcName": "libxslt", "SrcVersion": "1.1.43-r3", "Licenses": [ "X-11" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libxml2@2.13.9-r0", "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:7d73182371fbf2141e137329e5432b94551bdd1b", "InstalledFiles": [ "usr/bin/xsltproc", "usr/lib/libexslt.so.0", "usr/lib/libexslt.so.0.8.24", "usr/lib/libxslt.so.1", "usr/lib/libxslt.so.1.1.43" ], "AnalyzedBy": "apk" }, { "ID": "libxt@1.3.1-r0", "Name": "libxt", "Identifier": { "PURL": "pkg:apk/alpine/libxt@1.3.1-r0?arch=x86_64\u0026distro=3.23.4", "UID": "3def3ac035093072" }, "Version": "1.3.1-r0", "Arch": "x86_64", "SrcName": "libxt", "SrcVersion": "1.3.1-r0", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libice@1.1.2-r0", "libsm@1.2.6-r0", "libx11@1.8.12-r1", "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:1cffd892c392dcaac9ad017c999f9e268b5f8ee1", "InstalledFiles": [ "usr/lib/libXt.so.6", "usr/lib/libXt.so.6.0.0" ], "AnalyzedBy": "apk" }, { "ID": "libyuv@0.0.1887.20251502-r1", "Name": "libyuv", "Identifier": { "PURL": "pkg:apk/alpine/libyuv@0.0.1887.20251502-r1?arch=x86_64\u0026distro=3.23.4", "UID": "85b1ea36bf9f477d" }, "Version": "0.0.1887.20251502-r1", "Arch": "x86_64", "SrcName": "libyuv", "SrcVersion": "0.0.1887.20251502-r1", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Andy Postnikov \u003capostnikov@gmail.com\u003e", "DependsOn": [ "libgcc@15.2.0-r2", "libjpeg-turbo@3.1.2-r0", "libstdc++@15.2.0-r2", "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:8335fd57f5a479534322e6ac74968fdc7564d8d0", "InstalledFiles": [ "usr/bin/yuvconvert", "usr/lib/libyuv.so" ], "AnalyzedBy": "apk" }, { "ID": "musl@1.2.5-r23", "Name": "musl", "Identifier": { "PURL": "pkg:apk/alpine/musl@1.2.5-r23?arch=x86_64\u0026distro=3.23.4", "UID": "dca30b3fd6708a32" }, "Version": "1.2.5-r23", "Arch": "x86_64", "SrcName": "musl", "SrcVersion": "1.2.5-r23", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" }, "Digest": "sha1:1b6c50426d3c0656e9c5a567a5a59601c7f4307a", "InstalledFiles": [ "lib/ld-musl-x86_64.so.1", "lib/libc.musl-x86_64.so.1" ], "AnalyzedBy": "apk" }, { "ID": "musl-utils@1.2.5-r23", "Name": "musl-utils", "Identifier": { "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r23?arch=x86_64\u0026distro=3.23.4", "UID": "ffcf7198a9776c5f" }, "Version": "1.2.5-r23", "Arch": "x86_64", "SrcName": "musl", "SrcVersion": "1.2.5-r23", "Licenses": [ "MIT", "BSD-2-Clause", "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r23", "scanelf@1.3.8-r2" ], "Layer": { "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" }, "Digest": "sha1:92fdbe96d25f13fe3a3d297ada56e4fb907aacec", "InstalledFiles": [ "sbin/ldconfig", "usr/bin/getconf", "usr/bin/getent", "usr/bin/iconv", "usr/bin/ldd" ], "AnalyzedBy": "apk" }, { "ID": "ncurses-terminfo-base@6.5_p20251123-r0", "Name": "ncurses-terminfo-base", "Identifier": { "PURL": "pkg:apk/alpine/ncurses-terminfo-base@6.5_p20251123-r0?arch=x86_64\u0026distro=3.23.4", "UID": "5acf10991828fa7a" }, "Version": "6.5_p20251123-r0", "Arch": "x86_64", "SrcName": "ncurses", "SrcVersion": "6.5_p20251123-r0", "Licenses": [ "X-11" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:57bd1d8124ec957eefea2314bdf45b0ed1068cee", "InstalledFiles": [ "etc/terminfo/a/alacritty", "etc/terminfo/a/ansi", "etc/terminfo/d/dumb", "etc/terminfo/g/gnome", "etc/terminfo/g/gnome-256color", "etc/terminfo/k/konsole", "etc/terminfo/k/konsole-256color", "etc/terminfo/k/konsole-linux", "etc/terminfo/l/linux", "etc/terminfo/p/putty", "etc/terminfo/p/putty-256color", "etc/terminfo/r/rxvt", "etc/terminfo/r/rxvt-256color", "etc/terminfo/s/screen", "etc/terminfo/s/screen-256color", "etc/terminfo/s/st-0.6", "etc/terminfo/s/st-0.7", "etc/terminfo/s/st-0.8", "etc/terminfo/s/st-0.8.5", "etc/terminfo/s/st-16color", "etc/terminfo/s/st-256color", "etc/terminfo/s/st-direct", "etc/terminfo/s/sun", "etc/terminfo/t/terminator", "etc/terminfo/t/terminology", "etc/terminfo/t/terminology-0.6.1", "etc/terminfo/t/terminology-1.0.0", "etc/terminfo/t/terminology-1.8.1", "etc/terminfo/t/tmux", "etc/terminfo/t/tmux-256color", "etc/terminfo/v/vt100", "etc/terminfo/v/vt102", "etc/terminfo/v/vt200", "etc/terminfo/v/vt220", "etc/terminfo/v/vt52", "etc/terminfo/v/vte", "etc/terminfo/v/vte-256color", "etc/terminfo/x/xterm", "etc/terminfo/x/xterm-256color", "etc/terminfo/x/xterm-color", "etc/terminfo/x/xterm-xfree86" ], "AnalyzedBy": "apk" }, { "ID": "nghttp2-libs@1.69.0-r0", "Name": "nghttp2-libs", "Identifier": { "PURL": "pkg:apk/alpine/nghttp2-libs@1.69.0-r0?arch=x86_64\u0026distro=3.23.4", "UID": "1d18d06a4faec59f" }, "Version": "1.69.0-r0", "Arch": "x86_64", "SrcName": "nghttp2", "SrcVersion": "1.69.0-r0", "Licenses": [ "MIT" ], "Maintainer": "Francesco Colista \u003cfcolista@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:6b8651227dd3f9155ded30ddc171757a7f5b91a5", "InstalledFiles": [ "usr/lib/libnghttp2.so.14", "usr/lib/libnghttp2.so.14.29.4" ], "AnalyzedBy": "apk" }, { "ID": "nginx@1.30.1-r1", "Name": "nginx", "Identifier": { "PURL": "pkg:apk/alpine/nginx@1.30.1-r1?arch=x86_64\u0026distro=3.23.4", "UID": "ee93c3492a28a9" }, "Version": "1.30.1-r1", "Arch": "x86_64", "SrcName": "nginx", "SrcVersion": "1.30.1-r1", "Licenses": [ "2-clause", "BSD-3-Clause", "license" ], "Maintainer": "NGINX Packaging \u003cnginx-packaging@f5.com\u003e", "DependsOn": [ "busybox-binsh@1.37.0-r30", "libcrypto3@3.5.6-r0", "libssl3@3.5.6-r0", "musl@1.2.5-r23", "pcre2@10.47-r0", "zlib@1.3.2-r0" ], "Layer": { "Digest": "sha256:2761f2b929073faf02088d1cd321e4cdd3134ccb2eb483426a89aa7a29d17031", "DiffID": "sha256:5c5807454fd20888bebec1e53ba39804c582db55e8273de961a6c8b96c68e5c8" }, "Digest": "sha1:d4ce2b457870cc3e0205f6314ddba7d47535d52d", "InstalledFiles": [ "etc/init.d/nginx", "etc/init.d/nginx-debug", "etc/logrotate.d/nginx", "etc/nginx/fastcgi.conf", "etc/nginx/fastcgi_params", "etc/nginx/mime.types", "etc/nginx/modules", "etc/nginx/nginx.conf", "etc/nginx/scgi_params", "etc/nginx/uwsgi_params", "etc/nginx/conf.d/default.conf", "usr/sbin/nginx", "usr/sbin/nginx-debug", "usr/share/licenses/nginx/COPYRIGHT", "usr/share/man/man8/nginx.8.gz", "usr/share/nginx/html/50x.html", "usr/share/nginx/html/index.html" ], "AnalyzedBy": "apk" }, { "ID": "nginx-module-acme@1.30.1.0.4.1-r1", "Name": "nginx-module-acme", "Identifier": { "PURL": "pkg:apk/alpine/nginx-module-acme@1.30.1.0.4.1-r1?arch=x86_64\u0026distro=3.23.4", "UID": "c9745c5a58d2c9cc" }, "Version": "1.30.1.0.4.1-r1", "Arch": "x86_64", "SrcName": "nginx-module-acme", "SrcVersion": "1.30.1.0.4.1-r1", "Licenses": [ "2-clause", "BSD-3-Clause", "license" ], "Maintainer": "NGINX Packaging \u003cnginx-packaging@f5.com\u003e", "DependsOn": [ "busybox-binsh@1.37.0-r30", "libgcc@15.2.0-r2", "musl@1.2.5-r23", "nginx@1.30.1-r1" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:760fa970bf48788491402eddebdf5aa700d099bb", "InstalledFiles": [ "usr/lib/nginx/modules/ngx_http_acme_module-debug.so", "usr/lib/nginx/modules/ngx_http_acme_module.so", "usr/share/licenses/nginx-module-acme/COPYRIGHT" ], "AnalyzedBy": "apk" }, { "ID": "nginx-module-geoip@1.30.1-r1", "Name": "nginx-module-geoip", "Identifier": { "PURL": "pkg:apk/alpine/nginx-module-geoip@1.30.1-r1?arch=x86_64\u0026distro=3.23.4", "UID": "2f97b19406989bba" }, "Version": "1.30.1-r1", "Arch": "x86_64", "SrcName": "nginx-module-geoip", "SrcVersion": "1.30.1-r1", "Licenses": [ "2-clause", "BSD-3-Clause", "license" ], "Maintainer": "NGINX Packaging \u003cnginx-packaging@f5.com\u003e", "DependsOn": [ "busybox-binsh@1.37.0-r30", "geoip@1.6.12-r6", "musl@1.2.5-r23", "nginx@1.30.1-r1" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:8b055c7c6aab9d456bc794009fe3ed76578ba6ee", "InstalledFiles": [ "usr/lib/nginx/modules/ngx_http_geoip_module-debug.so", "usr/lib/nginx/modules/ngx_http_geoip_module.so", "usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so", "usr/lib/nginx/modules/ngx_stream_geoip_module.so", "usr/share/licenses/nginx-module-geoip/COPYRIGHT" ], "AnalyzedBy": "apk" }, { "ID": "nginx-module-image-filter@1.30.1-r1", "Name": "nginx-module-image-filter", "Identifier": { "PURL": "pkg:apk/alpine/nginx-module-image-filter@1.30.1-r1?arch=x86_64\u0026distro=3.23.4", "UID": "ffb3020ef6edeefc" }, "Version": "1.30.1-r1", "Arch": "x86_64", "SrcName": "nginx-module-image-filter", "SrcVersion": "1.30.1-r1", "Licenses": [ "2-clause", "BSD-3-Clause", "license" ], "Maintainer": "NGINX Packaging \u003cnginx-packaging@f5.com\u003e", "DependsOn": [ "busybox-binsh@1.37.0-r30", "libgd@2.3.3-r10", "musl@1.2.5-r23", "nginx@1.30.1-r1" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:a8f8c1b5f8401207e51387d4a458f3a88155191b", "InstalledFiles": [ "usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so", "usr/lib/nginx/modules/ngx_http_image_filter_module.so", "usr/share/licenses/nginx-module-image-filter/COPYRIGHT" ], "AnalyzedBy": "apk" }, { "ID": "nginx-module-njs@1.30.1.0.9.9-r1", "Name": "nginx-module-njs", "Identifier": { "PURL": "pkg:apk/alpine/nginx-module-njs@1.30.1.0.9.9-r1?arch=x86_64\u0026distro=3.23.4", "UID": "42e11b23b4d1132e" }, "Version": "1.30.1.0.9.9-r1", "Arch": "x86_64", "SrcName": "nginx-module-njs", "SrcVersion": "1.30.1.0.9.9-r1", "Licenses": [ "2-clause", "BSD-3-Clause", "license" ], "Maintainer": "NGINX Packaging \u003cnginx-packaging@f5.com\u003e", "DependsOn": [ "busybox-binsh@1.37.0-r30", "libcrypto3@3.5.6-r0", "libedit@20251016.3.1-r0", "libxml2@2.13.9-r0", "musl@1.2.5-r23", "nginx@1.30.1-r1", "pcre2@10.47-r0", "zlib@1.3.2-r0" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:8a28f607e7900e7af8c82185d67e56c9695bbb23", "InstalledFiles": [ "usr/bin/njs", "usr/lib/nginx/modules/ngx_http_js_module-debug.so", "usr/lib/nginx/modules/ngx_http_js_module.so", "usr/lib/nginx/modules/ngx_stream_js_module-debug.so", "usr/lib/nginx/modules/ngx_stream_js_module.so", "usr/share/doc/nginx-module-njs/CHANGES", "usr/share/licenses/nginx-module-njs/COPYRIGHT" ], "AnalyzedBy": "apk" }, { "ID": "nginx-module-xslt@1.30.1-r1", "Name": "nginx-module-xslt", "Identifier": { "PURL": "pkg:apk/alpine/nginx-module-xslt@1.30.1-r1?arch=x86_64\u0026distro=3.23.4", "UID": "7ce6e6221b100df" }, "Version": "1.30.1-r1", "Arch": "x86_64", "SrcName": "nginx-module-xslt", "SrcVersion": "1.30.1-r1", "Licenses": [ "2-clause", "BSD-3-Clause", "license" ], "Maintainer": "NGINX Packaging \u003cnginx-packaging@f5.com\u003e", "DependsOn": [ "busybox-binsh@1.37.0-r30", "libxml2@2.13.9-r0", "libxslt@1.1.43-r3", "musl@1.2.5-r23", "nginx@1.30.1-r1" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:f406cf62e97083ef3b445dfe494fd467925ecc2e", "InstalledFiles": [ "usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so", "usr/lib/nginx/modules/ngx_http_xslt_filter_module.so", "usr/share/licenses/nginx-module-xslt/COPYRIGHT" ], "AnalyzedBy": "apk" }, { "ID": "pcre2@10.47-r0", "Name": "pcre2", "Identifier": { "PURL": "pkg:apk/alpine/pcre2@10.47-r0?arch=x86_64\u0026distro=3.23.4", "UID": "75fb7d2fe836dfdc" }, "Version": "10.47-r0", "Arch": "x86_64", "SrcName": "pcre2", "SrcVersion": "10.47-r0", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Jakub Jirutka \u003cjakub@jirutka.cz\u003e", "DependsOn": [ "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:2761f2b929073faf02088d1cd321e4cdd3134ccb2eb483426a89aa7a29d17031", "DiffID": "sha256:5c5807454fd20888bebec1e53ba39804c582db55e8273de961a6c8b96c68e5c8" }, "Digest": "sha1:549059958151627bb0f5469bded945988b1bc24b", "InstalledFiles": [ "usr/lib/libpcre2-8.so.0", "usr/lib/libpcre2-8.so.0.15.0", "usr/lib/libpcre2-posix.so.3", "usr/lib/libpcre2-posix.so.3.0.7" ], "AnalyzedBy": "apk" }, { "ID": "scanelf@1.3.8-r2", "Name": "scanelf", "Identifier": { "PURL": "pkg:apk/alpine/scanelf@1.3.8-r2?arch=x86_64\u0026distro=3.23.4", "UID": "4efd612ed6f16dca" }, "Version": "1.3.8-r2", "Arch": "x86_64", "SrcName": "pax-utils", "SrcVersion": "1.3.8-r2", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" }, "Digest": "sha1:6ea36dd44ef9f6364f0cdfabe09ea15d2fdbe229", "InstalledFiles": [ "usr/bin/scanelf" ], "AnalyzedBy": "apk" }, { "ID": "ssl_client@1.37.0-r30", "Name": "ssl_client", "Identifier": { "PURL": "pkg:apk/alpine/ssl_client@1.37.0-r30?arch=x86_64\u0026distro=3.23.4", "UID": "f1acb8f2a8f94f51" }, "Version": "1.37.0-r30", "Arch": "x86_64", "SrcName": "busybox", "SrcVersion": "1.37.0-r30", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", "DependsOn": [ "libcrypto3@3.5.6-r0", "libssl3@3.5.6-r0", "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" }, "Digest": "sha1:5b6ec0939cfc9be47d9677a3152c547cc18b5edd", "InstalledFiles": [ "usr/bin/ssl_client" ], "AnalyzedBy": "apk" }, { "ID": "tiff@4.7.1-r0", "Name": "tiff", "Identifier": { "PURL": "pkg:apk/alpine/tiff@4.7.1-r0?arch=x86_64\u0026distro=3.23.4", "UID": "551adcb8b716f210" }, "Version": "4.7.1-r0", "Arch": "x86_64", "SrcName": "tiff", "SrcVersion": "4.7.1-r0", "Licenses": [ "libtiff" ], "Maintainer": "Michael Mason \u003cms13sp@gmail.com\u003e", "DependsOn": [ "libjpeg-turbo@3.1.2-r0", "libwebp@1.6.0-r0", "musl@1.2.5-r23", "zlib@1.3.2-r0", "zstd-libs@1.5.7-r2" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:b92c3394d281f51345a9375da14f347b6c1619a6", "InstalledFiles": [ "usr/lib/libtiff.so.6", "usr/lib/libtiff.so.6.2.0" ], "AnalyzedBy": "apk" }, { "ID": "tzdata@2026b-r0", "Name": "tzdata", "Identifier": { "PURL": "pkg:apk/alpine/tzdata@2026b-r0?arch=x86_64\u0026distro=3.23.4", "UID": "86f2dfb9a4acee39" }, "Version": "2026b-r0", "Arch": "x86_64", "SrcName": "tzdata", "SrcVersion": "2026b-r0", "Licenses": [ "Public-Domain" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:2761f2b929073faf02088d1cd321e4cdd3134ccb2eb483426a89aa7a29d17031", "DiffID": "sha256:5c5807454fd20888bebec1e53ba39804c582db55e8273de961a6c8b96c68e5c8" }, "Digest": "sha1:2624b59cfb8182dfb3de19043c6867cd1b3e1779", "InstalledFiles": [ "usr/share/zoneinfo/CET", "usr/share/zoneinfo/CST6CDT", "usr/share/zoneinfo/Cuba", "usr/share/zoneinfo/EET", "usr/share/zoneinfo/EST", "usr/share/zoneinfo/EST5EDT", "usr/share/zoneinfo/Egypt", "usr/share/zoneinfo/Eire", "usr/share/zoneinfo/Factory", "usr/share/zoneinfo/GB", "usr/share/zoneinfo/GB-Eire", "usr/share/zoneinfo/GMT", "usr/share/zoneinfo/GMT+0", "usr/share/zoneinfo/GMT-0", "usr/share/zoneinfo/GMT0", "usr/share/zoneinfo/Greenwich", "usr/share/zoneinfo/HST", "usr/share/zoneinfo/Hongkong", "usr/share/zoneinfo/Iceland", "usr/share/zoneinfo/Iran", "usr/share/zoneinfo/Israel", "usr/share/zoneinfo/Jamaica", "usr/share/zoneinfo/Japan", "usr/share/zoneinfo/Kwajalein", "usr/share/zoneinfo/Libya", "usr/share/zoneinfo/MET", "usr/share/zoneinfo/MST", "usr/share/zoneinfo/MST7MDT", "usr/share/zoneinfo/NZ", "usr/share/zoneinfo/NZ-CHAT", "usr/share/zoneinfo/Navajo", "usr/share/zoneinfo/PRC", "usr/share/zoneinfo/PST8PDT", "usr/share/zoneinfo/Poland", "usr/share/zoneinfo/Portugal", "usr/share/zoneinfo/ROC", "usr/share/zoneinfo/ROK", "usr/share/zoneinfo/Singapore", "usr/share/zoneinfo/Turkey", "usr/share/zoneinfo/UCT", "usr/share/zoneinfo/UTC", "usr/share/zoneinfo/Universal", "usr/share/zoneinfo/W-SU", "usr/share/zoneinfo/WET", "usr/share/zoneinfo/Zulu", "usr/share/zoneinfo/iso3166.tab", "usr/share/zoneinfo/leap-seconds.list", "usr/share/zoneinfo/posixrules", "usr/share/zoneinfo/zone.tab", "usr/share/zoneinfo/zone1970.tab", "usr/share/zoneinfo/Africa/Abidjan", "usr/share/zoneinfo/Africa/Accra", "usr/share/zoneinfo/Africa/Addis_Ababa", "usr/share/zoneinfo/Africa/Algiers", "usr/share/zoneinfo/Africa/Asmara", "usr/share/zoneinfo/Africa/Asmera", "usr/share/zoneinfo/Africa/Bamako", "usr/share/zoneinfo/Africa/Bangui", "usr/share/zoneinfo/Africa/Banjul", "usr/share/zoneinfo/Africa/Bissau", "usr/share/zoneinfo/Africa/Blantyre", "usr/share/zoneinfo/Africa/Brazzaville", "usr/share/zoneinfo/Africa/Bujumbura", "usr/share/zoneinfo/Africa/Cairo", "usr/share/zoneinfo/Africa/Casablanca", "usr/share/zoneinfo/Africa/Ceuta", "usr/share/zoneinfo/Africa/Conakry", "usr/share/zoneinfo/Africa/Dakar", "usr/share/zoneinfo/Africa/Dar_es_Salaam", "usr/share/zoneinfo/Africa/Djibouti", "usr/share/zoneinfo/Africa/Douala", "usr/share/zoneinfo/Africa/El_Aaiun", "usr/share/zoneinfo/Africa/Freetown", "usr/share/zoneinfo/Africa/Gaborone", "usr/share/zoneinfo/Africa/Harare", "usr/share/zoneinfo/Africa/Johannesburg", "usr/share/zoneinfo/Africa/Juba", "usr/share/zoneinfo/Africa/Kampala", "usr/share/zoneinfo/Africa/Khartoum", "usr/share/zoneinfo/Africa/Kigali", "usr/share/zoneinfo/Africa/Kinshasa", "usr/share/zoneinfo/Africa/Lagos", "usr/share/zoneinfo/Africa/Libreville", "usr/share/zoneinfo/Africa/Lome", "usr/share/zoneinfo/Africa/Luanda", "usr/share/zoneinfo/Africa/Lubumbashi", "usr/share/zoneinfo/Africa/Lusaka", "usr/share/zoneinfo/Africa/Malabo", "usr/share/zoneinfo/Africa/Maputo", "usr/share/zoneinfo/Africa/Maseru", "usr/share/zoneinfo/Africa/Mbabane", "usr/share/zoneinfo/Africa/Mogadishu", "usr/share/zoneinfo/Africa/Monrovia", "usr/share/zoneinfo/Africa/Nairobi", "usr/share/zoneinfo/Africa/Ndjamena", "usr/share/zoneinfo/Africa/Niamey", "usr/share/zoneinfo/Africa/Nouakchott", "usr/share/zoneinfo/Africa/Ouagadougou", "usr/share/zoneinfo/Africa/Porto-Novo", "usr/share/zoneinfo/Africa/Sao_Tome", "usr/share/zoneinfo/Africa/Timbuktu", "usr/share/zoneinfo/Africa/Tripoli", "usr/share/zoneinfo/Africa/Tunis", "usr/share/zoneinfo/Africa/Windhoek", "usr/share/zoneinfo/America/Adak", "usr/share/zoneinfo/America/Anchorage", "usr/share/zoneinfo/America/Anguilla", "usr/share/zoneinfo/America/Antigua", "usr/share/zoneinfo/America/Araguaina", "usr/share/zoneinfo/America/Aruba", "usr/share/zoneinfo/America/Asuncion", "usr/share/zoneinfo/America/Atikokan", "usr/share/zoneinfo/America/Atka", "usr/share/zoneinfo/America/Bahia", "usr/share/zoneinfo/America/Bahia_Banderas", "usr/share/zoneinfo/America/Barbados", "usr/share/zoneinfo/America/Belem", "usr/share/zoneinfo/America/Belize", "usr/share/zoneinfo/America/Blanc-Sablon", "usr/share/zoneinfo/America/Boa_Vista", "usr/share/zoneinfo/America/Bogota", "usr/share/zoneinfo/America/Boise", "usr/share/zoneinfo/America/Buenos_Aires", "usr/share/zoneinfo/America/Cambridge_Bay", "usr/share/zoneinfo/America/Campo_Grande", "usr/share/zoneinfo/America/Cancun", "usr/share/zoneinfo/America/Caracas", "usr/share/zoneinfo/America/Catamarca", "usr/share/zoneinfo/America/Cayenne", "usr/share/zoneinfo/America/Cayman", "usr/share/zoneinfo/America/Chicago", "usr/share/zoneinfo/America/Chihuahua", "usr/share/zoneinfo/America/Ciudad_Juarez", "usr/share/zoneinfo/America/Coral_Harbour", "usr/share/zoneinfo/America/Cordoba", "usr/share/zoneinfo/America/Costa_Rica", "usr/share/zoneinfo/America/Coyhaique", "usr/share/zoneinfo/America/Creston", "usr/share/zoneinfo/America/Cuiaba", "usr/share/zoneinfo/America/Curacao", "usr/share/zoneinfo/America/Danmarkshavn", "usr/share/zoneinfo/America/Dawson", "usr/share/zoneinfo/America/Dawson_Creek", "usr/share/zoneinfo/America/Denver", "usr/share/zoneinfo/America/Detroit", "usr/share/zoneinfo/America/Dominica", "usr/share/zoneinfo/America/Edmonton", "usr/share/zoneinfo/America/Eirunepe", "usr/share/zoneinfo/America/El_Salvador", "usr/share/zoneinfo/America/Ensenada", "usr/share/zoneinfo/America/Fort_Nelson", "usr/share/zoneinfo/America/Fort_Wayne", "usr/share/zoneinfo/America/Fortaleza", "usr/share/zoneinfo/America/Glace_Bay", "usr/share/zoneinfo/America/Godthab", "usr/share/zoneinfo/America/Goose_Bay", "usr/share/zoneinfo/America/Grand_Turk", "usr/share/zoneinfo/America/Grenada", "usr/share/zoneinfo/America/Guadeloupe", "usr/share/zoneinfo/America/Guatemala", "usr/share/zoneinfo/America/Guayaquil", "usr/share/zoneinfo/America/Guyana", "usr/share/zoneinfo/America/Halifax", "usr/share/zoneinfo/America/Havana", "usr/share/zoneinfo/America/Hermosillo", "usr/share/zoneinfo/America/Indianapolis", "usr/share/zoneinfo/America/Inuvik", "usr/share/zoneinfo/America/Iqaluit", "usr/share/zoneinfo/America/Jamaica", "usr/share/zoneinfo/America/Jujuy", "usr/share/zoneinfo/America/Juneau", "usr/share/zoneinfo/America/Knox_IN", "usr/share/zoneinfo/America/Kralendijk", "usr/share/zoneinfo/America/La_Paz", "usr/share/zoneinfo/America/Lima", "usr/share/zoneinfo/America/Los_Angeles", "usr/share/zoneinfo/America/Louisville", "usr/share/zoneinfo/America/Lower_Princes", "usr/share/zoneinfo/America/Maceio", "usr/share/zoneinfo/America/Managua", "usr/share/zoneinfo/America/Manaus", "usr/share/zoneinfo/America/Marigot", "usr/share/zoneinfo/America/Martinique", "usr/share/zoneinfo/America/Matamoros", "usr/share/zoneinfo/America/Mazatlan", "usr/share/zoneinfo/America/Mendoza", "usr/share/zoneinfo/America/Menominee", "usr/share/zoneinfo/America/Merida", "usr/share/zoneinfo/America/Metlakatla", "usr/share/zoneinfo/America/Mexico_City", "usr/share/zoneinfo/America/Miquelon", "usr/share/zoneinfo/America/Moncton", "usr/share/zoneinfo/America/Monterrey", "usr/share/zoneinfo/America/Montevideo", "usr/share/zoneinfo/America/Montreal", "usr/share/zoneinfo/America/Montserrat", "usr/share/zoneinfo/America/Nassau", "usr/share/zoneinfo/America/New_York", "usr/share/zoneinfo/America/Nipigon", "usr/share/zoneinfo/America/Nome", "usr/share/zoneinfo/America/Noronha", "usr/share/zoneinfo/America/Nuuk", "usr/share/zoneinfo/America/Ojinaga", "usr/share/zoneinfo/America/Panama", "usr/share/zoneinfo/America/Pangnirtung", "usr/share/zoneinfo/America/Paramaribo", "usr/share/zoneinfo/America/Phoenix", "usr/share/zoneinfo/America/Port-au-Prince", "usr/share/zoneinfo/America/Port_of_Spain", "usr/share/zoneinfo/America/Porto_Acre", "usr/share/zoneinfo/America/Porto_Velho", "usr/share/zoneinfo/America/Puerto_Rico", "usr/share/zoneinfo/America/Punta_Arenas", "usr/share/zoneinfo/America/Rainy_River", "usr/share/zoneinfo/America/Rankin_Inlet", "usr/share/zoneinfo/America/Recife", "usr/share/zoneinfo/America/Regina", "usr/share/zoneinfo/America/Resolute", "usr/share/zoneinfo/America/Rio_Branco", "usr/share/zoneinfo/America/Rosario", "usr/share/zoneinfo/America/Santa_Isabel", "usr/share/zoneinfo/America/Santarem", "usr/share/zoneinfo/America/Santiago", "usr/share/zoneinfo/America/Santo_Domingo", "usr/share/zoneinfo/America/Sao_Paulo", "usr/share/zoneinfo/America/Scoresbysund", "usr/share/zoneinfo/America/Shiprock", "usr/share/zoneinfo/America/Sitka", "usr/share/zoneinfo/America/St_Barthelemy", "usr/share/zoneinfo/America/St_Johns", "usr/share/zoneinfo/America/St_Kitts", "usr/share/zoneinfo/America/St_Lucia", "usr/share/zoneinfo/America/St_Thomas", "usr/share/zoneinfo/America/St_Vincent", "usr/share/zoneinfo/America/Swift_Current", "usr/share/zoneinfo/America/Tegucigalpa", "usr/share/zoneinfo/America/Thule", "usr/share/zoneinfo/America/Thunder_Bay", "usr/share/zoneinfo/America/Tijuana", "usr/share/zoneinfo/America/Toronto", "usr/share/zoneinfo/America/Tortola", "usr/share/zoneinfo/America/Vancouver", "usr/share/zoneinfo/America/Virgin", "usr/share/zoneinfo/America/Whitehorse", "usr/share/zoneinfo/America/Winnipeg", "usr/share/zoneinfo/America/Yakutat", "usr/share/zoneinfo/America/Yellowknife", "usr/share/zoneinfo/America/Argentina/Buenos_Aires", "usr/share/zoneinfo/America/Argentina/Catamarca", "usr/share/zoneinfo/America/Argentina/ComodRivadavia", "usr/share/zoneinfo/America/Argentina/Cordoba", "usr/share/zoneinfo/America/Argentina/Jujuy", "usr/share/zoneinfo/America/Argentina/La_Rioja", "usr/share/zoneinfo/America/Argentina/Mendoza", "usr/share/zoneinfo/America/Argentina/Rio_Gallegos", "usr/share/zoneinfo/America/Argentina/Salta", "usr/share/zoneinfo/America/Argentina/San_Juan", "usr/share/zoneinfo/America/Argentina/San_Luis", "usr/share/zoneinfo/America/Argentina/Tucuman", "usr/share/zoneinfo/America/Argentina/Ushuaia", "usr/share/zoneinfo/America/Indiana/Indianapolis", "usr/share/zoneinfo/America/Indiana/Knox", "usr/share/zoneinfo/America/Indiana/Marengo", "usr/share/zoneinfo/America/Indiana/Petersburg", "usr/share/zoneinfo/America/Indiana/Tell_City", "usr/share/zoneinfo/America/Indiana/Vevay", "usr/share/zoneinfo/America/Indiana/Vincennes", "usr/share/zoneinfo/America/Indiana/Winamac", "usr/share/zoneinfo/America/Kentucky/Louisville", "usr/share/zoneinfo/America/Kentucky/Monticello", "usr/share/zoneinfo/America/North_Dakota/Beulah", "usr/share/zoneinfo/America/North_Dakota/Center", "usr/share/zoneinfo/America/North_Dakota/New_Salem", "usr/share/zoneinfo/Antarctica/Casey", "usr/share/zoneinfo/Antarctica/Davis", "usr/share/zoneinfo/Antarctica/DumontDUrville", "usr/share/zoneinfo/Antarctica/Macquarie", "usr/share/zoneinfo/Antarctica/Mawson", "usr/share/zoneinfo/Antarctica/McMurdo", "usr/share/zoneinfo/Antarctica/Palmer", "usr/share/zoneinfo/Antarctica/Rothera", "usr/share/zoneinfo/Antarctica/South_Pole", "usr/share/zoneinfo/Antarctica/Syowa", "usr/share/zoneinfo/Antarctica/Troll", "usr/share/zoneinfo/Antarctica/Vostok", "usr/share/zoneinfo/Arctic/Longyearbyen", "usr/share/zoneinfo/Asia/Aden", "usr/share/zoneinfo/Asia/Almaty", "usr/share/zoneinfo/Asia/Amman", "usr/share/zoneinfo/Asia/Anadyr", "usr/share/zoneinfo/Asia/Aqtau", "usr/share/zoneinfo/Asia/Aqtobe", "usr/share/zoneinfo/Asia/Ashgabat", "usr/share/zoneinfo/Asia/Ashkhabad", "usr/share/zoneinfo/Asia/Atyrau", "usr/share/zoneinfo/Asia/Baghdad", "usr/share/zoneinfo/Asia/Bahrain", "usr/share/zoneinfo/Asia/Baku", "usr/share/zoneinfo/Asia/Bangkok", "usr/share/zoneinfo/Asia/Barnaul", "usr/share/zoneinfo/Asia/Beirut", "usr/share/zoneinfo/Asia/Bishkek", "usr/share/zoneinfo/Asia/Brunei", "usr/share/zoneinfo/Asia/Calcutta", "usr/share/zoneinfo/Asia/Chita", "usr/share/zoneinfo/Asia/Choibalsan", "usr/share/zoneinfo/Asia/Chongqing", "usr/share/zoneinfo/Asia/Chungking", "usr/share/zoneinfo/Asia/Colombo", "usr/share/zoneinfo/Asia/Dacca", "usr/share/zoneinfo/Asia/Damascus", "usr/share/zoneinfo/Asia/Dhaka", "usr/share/zoneinfo/Asia/Dili", "usr/share/zoneinfo/Asia/Dubai", "usr/share/zoneinfo/Asia/Dushanbe", "usr/share/zoneinfo/Asia/Famagusta", "usr/share/zoneinfo/Asia/Gaza", "usr/share/zoneinfo/Asia/Harbin", "usr/share/zoneinfo/Asia/Hebron", "usr/share/zoneinfo/Asia/Ho_Chi_Minh", "usr/share/zoneinfo/Asia/Hong_Kong", "usr/share/zoneinfo/Asia/Hovd", "usr/share/zoneinfo/Asia/Irkutsk", "usr/share/zoneinfo/Asia/Istanbul", "usr/share/zoneinfo/Asia/Jakarta", "usr/share/zoneinfo/Asia/Jayapura", "usr/share/zoneinfo/Asia/Jerusalem", "usr/share/zoneinfo/Asia/Kabul", "usr/share/zoneinfo/Asia/Kamchatka", "usr/share/zoneinfo/Asia/Karachi", "usr/share/zoneinfo/Asia/Kashgar", "usr/share/zoneinfo/Asia/Kathmandu", "usr/share/zoneinfo/Asia/Katmandu", "usr/share/zoneinfo/Asia/Khandyga", "usr/share/zoneinfo/Asia/Kolkata", "usr/share/zoneinfo/Asia/Krasnoyarsk", "usr/share/zoneinfo/Asia/Kuala_Lumpur", "usr/share/zoneinfo/Asia/Kuching", "usr/share/zoneinfo/Asia/Kuwait", "usr/share/zoneinfo/Asia/Macao", "usr/share/zoneinfo/Asia/Macau", "usr/share/zoneinfo/Asia/Magadan", "usr/share/zoneinfo/Asia/Makassar", "usr/share/zoneinfo/Asia/Manila", "usr/share/zoneinfo/Asia/Muscat", "usr/share/zoneinfo/Asia/Nicosia", "usr/share/zoneinfo/Asia/Novokuznetsk", "usr/share/zoneinfo/Asia/Novosibirsk", "usr/share/zoneinfo/Asia/Omsk", "usr/share/zoneinfo/Asia/Oral", "usr/share/zoneinfo/Asia/Phnom_Penh", "usr/share/zoneinfo/Asia/Pontianak", "usr/share/zoneinfo/Asia/Pyongyang", "usr/share/zoneinfo/Asia/Qatar", "usr/share/zoneinfo/Asia/Qostanay", "usr/share/zoneinfo/Asia/Qyzylorda", "usr/share/zoneinfo/Asia/Rangoon", "usr/share/zoneinfo/Asia/Riyadh", "usr/share/zoneinfo/Asia/Saigon", "usr/share/zoneinfo/Asia/Sakhalin", "usr/share/zoneinfo/Asia/Samarkand", "usr/share/zoneinfo/Asia/Seoul", "usr/share/zoneinfo/Asia/Shanghai", "usr/share/zoneinfo/Asia/Singapore", "usr/share/zoneinfo/Asia/Srednekolymsk", "usr/share/zoneinfo/Asia/Taipei", "usr/share/zoneinfo/Asia/Tashkent", "usr/share/zoneinfo/Asia/Tbilisi", "usr/share/zoneinfo/Asia/Tehran", "usr/share/zoneinfo/Asia/Tel_Aviv", "usr/share/zoneinfo/Asia/Thimbu", "usr/share/zoneinfo/Asia/Thimphu", "usr/share/zoneinfo/Asia/Tokyo", "usr/share/zoneinfo/Asia/Tomsk", "usr/share/zoneinfo/Asia/Ujung_Pandang", "usr/share/zoneinfo/Asia/Ulaanbaatar", "usr/share/zoneinfo/Asia/Ulan_Bator", "usr/share/zoneinfo/Asia/Urumqi", "usr/share/zoneinfo/Asia/Ust-Nera", "usr/share/zoneinfo/Asia/Vientiane", "usr/share/zoneinfo/Asia/Vladivostok", "usr/share/zoneinfo/Asia/Yakutsk", "usr/share/zoneinfo/Asia/Yangon", "usr/share/zoneinfo/Asia/Yekaterinburg", "usr/share/zoneinfo/Asia/Yerevan", "usr/share/zoneinfo/Atlantic/Azores", "usr/share/zoneinfo/Atlantic/Bermuda", "usr/share/zoneinfo/Atlantic/Canary", "usr/share/zoneinfo/Atlantic/Cape_Verde", "usr/share/zoneinfo/Atlantic/Faeroe", "usr/share/zoneinfo/Atlantic/Faroe", "usr/share/zoneinfo/Atlantic/Jan_Mayen", "usr/share/zoneinfo/Atlantic/Madeira", "usr/share/zoneinfo/Atlantic/Reykjavik", "usr/share/zoneinfo/Atlantic/South_Georgia", "usr/share/zoneinfo/Atlantic/St_Helena", "usr/share/zoneinfo/Atlantic/Stanley", "usr/share/zoneinfo/Australia/ACT", "usr/share/zoneinfo/Australia/Adelaide", "usr/share/zoneinfo/Australia/Brisbane", "usr/share/zoneinfo/Australia/Broken_Hill", "usr/share/zoneinfo/Australia/Canberra", "usr/share/zoneinfo/Australia/Currie", "usr/share/zoneinfo/Australia/Darwin", "usr/share/zoneinfo/Australia/Eucla", "usr/share/zoneinfo/Australia/Hobart", "usr/share/zoneinfo/Australia/LHI", "usr/share/zoneinfo/Australia/Lindeman", "usr/share/zoneinfo/Australia/Lord_Howe", "usr/share/zoneinfo/Australia/Melbourne", "usr/share/zoneinfo/Australia/NSW", "usr/share/zoneinfo/Australia/North", "usr/share/zoneinfo/Australia/Perth", "usr/share/zoneinfo/Australia/Queensland", "usr/share/zoneinfo/Australia/South", "usr/share/zoneinfo/Australia/Sydney", "usr/share/zoneinfo/Australia/Tasmania", "usr/share/zoneinfo/Australia/Victoria", "usr/share/zoneinfo/Australia/West", "usr/share/zoneinfo/Australia/Yancowinna", "usr/share/zoneinfo/Brazil/Acre", "usr/share/zoneinfo/Brazil/DeNoronha", "usr/share/zoneinfo/Brazil/East", "usr/share/zoneinfo/Brazil/West", "usr/share/zoneinfo/Canada/Atlantic", "usr/share/zoneinfo/Canada/Central", "usr/share/zoneinfo/Canada/Eastern", "usr/share/zoneinfo/Canada/Mountain", "usr/share/zoneinfo/Canada/Newfoundland", "usr/share/zoneinfo/Canada/Pacific", "usr/share/zoneinfo/Canada/Saskatchewan", "usr/share/zoneinfo/Canada/Yukon", "usr/share/zoneinfo/Chile/Continental", "usr/share/zoneinfo/Chile/EasterIsland", "usr/share/zoneinfo/Etc/GMT", "usr/share/zoneinfo/Etc/GMT+0", "usr/share/zoneinfo/Etc/GMT+1", "usr/share/zoneinfo/Etc/GMT+10", "usr/share/zoneinfo/Etc/GMT+11", "usr/share/zoneinfo/Etc/GMT+12", "usr/share/zoneinfo/Etc/GMT+2", "usr/share/zoneinfo/Etc/GMT+3", "usr/share/zoneinfo/Etc/GMT+4", "usr/share/zoneinfo/Etc/GMT+5", "usr/share/zoneinfo/Etc/GMT+6", "usr/share/zoneinfo/Etc/GMT+7", "usr/share/zoneinfo/Etc/GMT+8", "usr/share/zoneinfo/Etc/GMT+9", "usr/share/zoneinfo/Etc/GMT-0", "usr/share/zoneinfo/Etc/GMT-1", "usr/share/zoneinfo/Etc/GMT-10", "usr/share/zoneinfo/Etc/GMT-11", "usr/share/zoneinfo/Etc/GMT-12", "usr/share/zoneinfo/Etc/GMT-13", "usr/share/zoneinfo/Etc/GMT-14", "usr/share/zoneinfo/Etc/GMT-2", "usr/share/zoneinfo/Etc/GMT-3", "usr/share/zoneinfo/Etc/GMT-4", "usr/share/zoneinfo/Etc/GMT-5", "usr/share/zoneinfo/Etc/GMT-6", "usr/share/zoneinfo/Etc/GMT-7", "usr/share/zoneinfo/Etc/GMT-8", "usr/share/zoneinfo/Etc/GMT-9", "usr/share/zoneinfo/Etc/GMT0", "usr/share/zoneinfo/Etc/Greenwich", "usr/share/zoneinfo/Etc/UCT", "usr/share/zoneinfo/Etc/UTC", "usr/share/zoneinfo/Etc/Universal", "usr/share/zoneinfo/Etc/Zulu", "usr/share/zoneinfo/Europe/Amsterdam", "usr/share/zoneinfo/Europe/Andorra", "usr/share/zoneinfo/Europe/Astrakhan", "usr/share/zoneinfo/Europe/Athens", "usr/share/zoneinfo/Europe/Belfast", "usr/share/zoneinfo/Europe/Belgrade", "usr/share/zoneinfo/Europe/Berlin", "usr/share/zoneinfo/Europe/Bratislava", "usr/share/zoneinfo/Europe/Brussels", "usr/share/zoneinfo/Europe/Bucharest", "usr/share/zoneinfo/Europe/Budapest", "usr/share/zoneinfo/Europe/Busingen", "usr/share/zoneinfo/Europe/Chisinau", "usr/share/zoneinfo/Europe/Copenhagen", "usr/share/zoneinfo/Europe/Dublin", "usr/share/zoneinfo/Europe/Gibraltar", "usr/share/zoneinfo/Europe/Guernsey", "usr/share/zoneinfo/Europe/Helsinki", "usr/share/zoneinfo/Europe/Isle_of_Man", "usr/share/zoneinfo/Europe/Istanbul", "usr/share/zoneinfo/Europe/Jersey", "usr/share/zoneinfo/Europe/Kaliningrad", "usr/share/zoneinfo/Europe/Kiev", "usr/share/zoneinfo/Europe/Kirov", "usr/share/zoneinfo/Europe/Kyiv", "usr/share/zoneinfo/Europe/Lisbon", "usr/share/zoneinfo/Europe/Ljubljana", "usr/share/zoneinfo/Europe/London", "usr/share/zoneinfo/Europe/Luxembourg", "usr/share/zoneinfo/Europe/Madrid", "usr/share/zoneinfo/Europe/Malta", "usr/share/zoneinfo/Europe/Mariehamn", "usr/share/zoneinfo/Europe/Minsk", "usr/share/zoneinfo/Europe/Monaco", "usr/share/zoneinfo/Europe/Moscow", "usr/share/zoneinfo/Europe/Nicosia", "usr/share/zoneinfo/Europe/Oslo", "usr/share/zoneinfo/Europe/Paris", "usr/share/zoneinfo/Europe/Podgorica", "usr/share/zoneinfo/Europe/Prague", "usr/share/zoneinfo/Europe/Riga", "usr/share/zoneinfo/Europe/Rome", "usr/share/zoneinfo/Europe/Samara", "usr/share/zoneinfo/Europe/San_Marino", "usr/share/zoneinfo/Europe/Sarajevo", "usr/share/zoneinfo/Europe/Saratov", "usr/share/zoneinfo/Europe/Simferopol", "usr/share/zoneinfo/Europe/Skopje", "usr/share/zoneinfo/Europe/Sofia", "usr/share/zoneinfo/Europe/Stockholm", "usr/share/zoneinfo/Europe/Tallinn", "usr/share/zoneinfo/Europe/Tirane", "usr/share/zoneinfo/Europe/Tiraspol", "usr/share/zoneinfo/Europe/Ulyanovsk", "usr/share/zoneinfo/Europe/Uzhgorod", "usr/share/zoneinfo/Europe/Vaduz", "usr/share/zoneinfo/Europe/Vatican", "usr/share/zoneinfo/Europe/Vienna", "usr/share/zoneinfo/Europe/Vilnius", "usr/share/zoneinfo/Europe/Volgograd", "usr/share/zoneinfo/Europe/Warsaw", "usr/share/zoneinfo/Europe/Zagreb", "usr/share/zoneinfo/Europe/Zaporozhye", "usr/share/zoneinfo/Europe/Zurich", "usr/share/zoneinfo/Indian/Antananarivo", "usr/share/zoneinfo/Indian/Chagos", "usr/share/zoneinfo/Indian/Christmas", "usr/share/zoneinfo/Indian/Cocos", "usr/share/zoneinfo/Indian/Comoro", "usr/share/zoneinfo/Indian/Kerguelen", "usr/share/zoneinfo/Indian/Mahe", "usr/share/zoneinfo/Indian/Maldives", "usr/share/zoneinfo/Indian/Mauritius", "usr/share/zoneinfo/Indian/Mayotte", "usr/share/zoneinfo/Indian/Reunion", "usr/share/zoneinfo/Mexico/BajaNorte", "usr/share/zoneinfo/Mexico/BajaSur", "usr/share/zoneinfo/Mexico/General", "usr/share/zoneinfo/Pacific/Apia", "usr/share/zoneinfo/Pacific/Auckland", "usr/share/zoneinfo/Pacific/Bougainville", "usr/share/zoneinfo/Pacific/Chatham", "usr/share/zoneinfo/Pacific/Chuuk", "usr/share/zoneinfo/Pacific/Easter", "usr/share/zoneinfo/Pacific/Efate", "usr/share/zoneinfo/Pacific/Enderbury", "usr/share/zoneinfo/Pacific/Fakaofo", "usr/share/zoneinfo/Pacific/Fiji", "usr/share/zoneinfo/Pacific/Funafuti", "usr/share/zoneinfo/Pacific/Galapagos", "usr/share/zoneinfo/Pacific/Gambier", "usr/share/zoneinfo/Pacific/Guadalcanal", "usr/share/zoneinfo/Pacific/Guam", "usr/share/zoneinfo/Pacific/Honolulu", "usr/share/zoneinfo/Pacific/Johnston", "usr/share/zoneinfo/Pacific/Kanton", "usr/share/zoneinfo/Pacific/Kiritimati", "usr/share/zoneinfo/Pacific/Kosrae", "usr/share/zoneinfo/Pacific/Kwajalein", "usr/share/zoneinfo/Pacific/Majuro", "usr/share/zoneinfo/Pacific/Marquesas", "usr/share/zoneinfo/Pacific/Midway", "usr/share/zoneinfo/Pacific/Nauru", "usr/share/zoneinfo/Pacific/Niue", "usr/share/zoneinfo/Pacific/Norfolk", "usr/share/zoneinfo/Pacific/Noumea", "usr/share/zoneinfo/Pacific/Pago_Pago", "usr/share/zoneinfo/Pacific/Palau", "usr/share/zoneinfo/Pacific/Pitcairn", "usr/share/zoneinfo/Pacific/Pohnpei", "usr/share/zoneinfo/Pacific/Ponape", "usr/share/zoneinfo/Pacific/Port_Moresby", "usr/share/zoneinfo/Pacific/Rarotonga", "usr/share/zoneinfo/Pacific/Saipan", "usr/share/zoneinfo/Pacific/Samoa", "usr/share/zoneinfo/Pacific/Tahiti", "usr/share/zoneinfo/Pacific/Tarawa", "usr/share/zoneinfo/Pacific/Tongatapu", "usr/share/zoneinfo/Pacific/Truk", "usr/share/zoneinfo/Pacific/Wake", "usr/share/zoneinfo/Pacific/Wallis", "usr/share/zoneinfo/Pacific/Yap", "usr/share/zoneinfo/US/Alaska", "usr/share/zoneinfo/US/Aleutian", "usr/share/zoneinfo/US/Arizona", "usr/share/zoneinfo/US/Central", "usr/share/zoneinfo/US/East-Indiana", "usr/share/zoneinfo/US/Eastern", "usr/share/zoneinfo/US/Hawaii", "usr/share/zoneinfo/US/Indiana-Starke", "usr/share/zoneinfo/US/Michigan", "usr/share/zoneinfo/US/Mountain", "usr/share/zoneinfo/US/Pacific", "usr/share/zoneinfo/US/Samoa" ], "AnalyzedBy": "apk" }, { "ID": "xz-libs@5.8.3-r0", "Name": "xz-libs", "Identifier": { "PURL": "pkg:apk/alpine/xz-libs@5.8.3-r0?arch=x86_64\u0026distro=3.23.4", "UID": "f68b0b2917b8b773" }, "Version": "5.8.3-r0", "Arch": "x86_64", "SrcName": "xz", "SrcVersion": "5.8.3-r0", "Licenses": [ "GPL-2.0-or-later", "0BSD", "Public-Domain", "LGPL-2.1-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:ddf3f8b1c3d2561ae67523b9baef398f971959bb", "InstalledFiles": [ "usr/lib/liblzma.so.5", "usr/lib/liblzma.so.5.8.3" ], "AnalyzedBy": "apk" }, { "ID": "zlib@1.3.2-r0", "Name": "zlib", "Identifier": { "PURL": "pkg:apk/alpine/zlib@1.3.2-r0?arch=x86_64\u0026distro=3.23.4", "UID": "23a5a7d167a86311" }, "Version": "1.3.2-r0", "Arch": "x86_64", "SrcName": "zlib", "SrcVersion": "1.3.2-r0", "Licenses": [ "Zlib" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" }, "Digest": "sha1:68bb97ea5255e77aa974e65476d64832ad56288a", "InstalledFiles": [ "usr/lib/libz.so.1", "usr/lib/libz.so.1.3.2" ], "AnalyzedBy": "apk" }, { "ID": "zstd-libs@1.5.7-r2", "Name": "zstd-libs", "Identifier": { "PURL": "pkg:apk/alpine/zstd-libs@1.5.7-r2?arch=x86_64\u0026distro=3.23.4", "UID": "3653bba6b6680fed" }, "Version": "1.5.7-r2", "Arch": "x86_64", "SrcName": "zstd", "SrcVersion": "1.5.7-r2", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:d507b8ac3c4335a40405ac20e49bac9d43642be6", "InstalledFiles": [ "usr/lib/libzstd.so.1", "usr/lib/libzstd.so.1.5.7" ], "AnalyzedBy": "apk" } ] } ] }, { "Namespace": "rustdesk", "Kind": "Deployment", "Name": "rustdesk", "Metadata": [ { "Size": 24436224, "ImageID": "sha256:def7b7aaf91ac2a45c0fa8bb334803d1c391c316f10be575826bfeadf7139f07", "DiffIDs": [ "sha256:2a51da3162f81bfaa14d4bc6772fb27927d5d71493b7bbd722d4e13ec2baacb5", "sha256:63388dc26e3101f916dd368a60b7f4ecaff8796bc50935529c15ee37daf1cf9d", "sha256:ceb644967212121a9a52268b3661220ea1a6140d6f963a209a1adf2084aaffef", "sha256:f06851ff31d58216659f25e0d512063ec2c645251e2174de8196b0ef790bfaf4", "sha256:13879ce3ed2f2b74a252edcba919228824c23e5b31c243b2ddf08b3e330d3c00", "sha256:384187069a808292fd692fc51b663c3eb4fb13e3538035df690ad5f012225080" ], "RepoTags": [ "rustdesk/rustdesk-server-s6:latest" ], "RepoDigests": [ "rustdesk/rustdesk-server-s6@sha256:dcf800fe269db58f00c92a3ae033bf609b98a0fc5e51144ce96ecf2111775453" ], "Reference": "rustdesk/rustdesk-server-s6:latest", "ImageConfig": { "architecture": "amd64", "created": "2026-01-13T02:31:13.858704964Z", "history": [ { "created": "2023-05-18T22:34:17Z", "created_by": "BusyBox 1.36.1 (glibc), Debian 13" }, { "created": "2026-01-13T02:31:13.691174224Z", "created_by": "ARG S6_OVERLAY_VERSION=3.2.0.0", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-01-13T02:31:13.691174224Z", "created_by": "ARG S6_ARCH=x86_64", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-01-13T02:31:13.691174224Z", "created_by": "ADD https://github.com/just-containers/s6-overlay/releases/download/v3.2.0.0/s6-overlay-noarch.tar.xz /tmp # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-01-13T02:31:13.705044648Z", "created_by": "ADD https://github.com/just-containers/s6-overlay/releases/download/v3.2.0.0/s6-overlay-x86_64.tar.xz /tmp # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-01-13T02:31:13.827315121Z", "created_by": "RUN |2 S6_OVERLAY_VERSION=3.2.0.0 S6_ARCH=x86_64 /bin/sh -c tar -C / -Jxpf /tmp/s6-overlay-noarch.tar.xz \u0026\u0026 tar -C / -Jxpf /tmp/s6-overlay-${S6_ARCH}.tar.xz \u0026\u0026 rm /tmp/s6-overlay*.tar.xz \u0026\u0026 ln -s /run /var/run # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-01-13T02:31:13.852114134Z", "created_by": "COPY rootfs / # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-01-13T02:31:13.852114134Z", "created_by": "ENV RELAY=relay.example.com", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-01-13T02:31:13.852114134Z", "created_by": "ENV ENCRYPTED_ONLY=0", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-01-13T02:31:13.852114134Z", "created_by": "EXPOSE [21115/tcp 21116/tcp 21116/udp 21117/tcp 21118/tcp 21119/tcp]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-01-13T02:31:13.852114134Z", "created_by": "HEALTHCHECK \u0026{[\"CMD-SHELL\" \"/usr/bin/healthcheck.sh\"] \"10s\" \"5s\" \"0s\" \"0s\" '\\x00'}", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-01-13T02:31:13.858704964Z", "created_by": "WORKDIR /data", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-01-13T02:31:13.858704964Z", "created_by": "VOLUME [/data]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-01-13T02:31:13.858704964Z", "created_by": "ENTRYPOINT [\"/init\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true } ], "os": "linux", "rootfs": { "type": "layers", "diff_ids": [ "sha256:2a51da3162f81bfaa14d4bc6772fb27927d5d71493b7bbd722d4e13ec2baacb5", "sha256:63388dc26e3101f916dd368a60b7f4ecaff8796bc50935529c15ee37daf1cf9d", "sha256:ceb644967212121a9a52268b3661220ea1a6140d6f963a209a1adf2084aaffef", "sha256:f06851ff31d58216659f25e0d512063ec2c645251e2174de8196b0ef790bfaf4", "sha256:13879ce3ed2f2b74a252edcba919228824c23e5b31c243b2ddf08b3e330d3c00", "sha256:384187069a808292fd692fc51b663c3eb4fb13e3538035df690ad5f012225080" ] }, "config": { "Healthcheck": { "Test": [ "CMD-SHELL", "/usr/bin/healthcheck.sh" ], "Interval": 10000000000, "Timeout": 5000000000 }, "Entrypoint": [ "/init" ], "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "RELAY=relay.example.com", "ENCRYPTED_ONLY=0" ], "Labels": { "org.opencontainers.image.created": "2026-01-13T02:31:12.086Z", "org.opencontainers.image.description": "RustDesk Server Program", "org.opencontainers.image.licenses": "AGPL-3.0", "org.opencontainers.image.revision": "bd3e73fd5168f099969788c50d3188537f9d4792", "org.opencontainers.image.source": "https://github.com/rustdesk-org/rustdesk-server", "org.opencontainers.image.title": "rustdesk-server", "org.opencontainers.image.url": "https://github.com/rustdesk-org/rustdesk-server", "org.opencontainers.image.version": "1.1.15" }, "Volumes": { "/data": {} }, "WorkingDir": "/data", "ExposedPorts": { "21115/tcp": {}, "21116/tcp": {}, "21116/udp": {}, "21117/tcp": {}, "21118/tcp": {}, "21119/tcp": {} } } }, "Layers": [ { "Size": 4659200, "Digest": "sha256:91347574b77ee0e381e6518794e0a81e1b6eba076c13896f69518cca1c1214a4", "DiffID": "sha256:2a51da3162f81bfaa14d4bc6772fb27927d5d71493b7bbd722d4e13ec2baacb5" }, { "Size": 9216, "Digest": "sha256:d6c92aa35a788f8d2c00fb09689bf1784c09d2f13ee5829ba3a753d69857db5f", "DiffID": "sha256:63388dc26e3101f916dd368a60b7f4ecaff8796bc50935529c15ee37daf1cf9d" }, { "Size": 646144, "Digest": "sha256:8c0676fe3cbff10366cad00f37dc3155dd0a35970f68c101667c72711401cf9d", "DiffID": "sha256:ceb644967212121a9a52268b3661220ea1a6140d6f963a209a1adf2084aaffef" }, { "Size": 5460992, "Digest": "sha256:3a5e537e8105104dcbe188be3e94d0a284afb97456e2a6eab5e997b516b2e312", "DiffID": "sha256:f06851ff31d58216659f25e0d512063ec2c645251e2174de8196b0ef790bfaf4" }, { "Size": 13659136, "Digest": "sha256:78c280b4376453e0445069e9de655397b0830514278374c430c9c07821eca4cc", "DiffID": "sha256:13879ce3ed2f2b74a252edcba919228824c23e5b31c243b2ddf08b3e330d3c00" }, { "Size": 1536, "Digest": "sha256:cdd242239f91bf6cd3c778c875fced03193bee604a21e49bf5ce5f73d94c9be4", "DiffID": "sha256:384187069a808292fd692fc51b663c3eb4fb13e3538035df690ad5f012225080" } ] } ] }, { "Namespace": "ssh-locker-web", "Kind": "Deployment", "Name": "backend", "Metadata": [ { "Size": 20426752, "OS": { "Family": "alpine", "Name": "3.22.1" }, "ImageID": "sha256:1362233042ece30e7a325bff5d9bf644d3b969d95603565891d6c885d81293a0", "DiffIDs": [ "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35", "sha256:2d1c72ac7496ad39b7d580ce7e4f196a1cdf24c3d63af186e593b1408290a2b0", "sha256:26d46fe0b0c0f8ea34c0ae17d8fd7e8034db46711ecd753968981123d7c3ab0f", "sha256:6e16f7d72a8cb8cd1d601f208918cf4235add2ca0c23751f7f38f18fd3116f0d", "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef", "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" ], "RepoTags": [ "a13labs/ssh_locker_web:latest" ], "RepoDigests": [ "a13labs/ssh_locker_web@sha256:bbeb87e189f3a3d0f62dba637d53fd9e4057f322a92d90bf62aa821046d8c562" ], "Reference": "a13labs/ssh_locker_web:latest", "ImageConfig": { "architecture": "amd64", "created": "2025-09-20T18:33:08.94184499Z", "history": [ { "created": "2025-07-15T11:01:16Z", "created_by": "ADD alpine-minirootfs-3.22.1-x86_64.tar.gz / # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-07-15T11:01:16Z", "created_by": "CMD [\"/bin/sh\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-09-20T18:32:47.386461587Z", "created_by": "RUN /bin/sh -c apk --no-cache add ca-certificates \u0026\u0026 update-ca-certificates # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-09-20T18:32:47.451529189Z", "created_by": "RUN /bin/sh -c addgroup -S worker \u0026\u0026 adduser -S worker -G worker # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-09-20T18:32:47.505707235Z", "created_by": "RUN /bin/sh -c mkdir -p /app \u0026\u0026 chown -R worker:worker /app # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-09-20T18:32:47.536066893Z", "created_by": "USER worker", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-09-20T18:32:47.536066893Z", "created_by": "WORKDIR /app", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-09-20T18:33:08.94184499Z", "created_by": "COPY /app/ssh_locker_web /app/ssh_locker_web # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-09-20T18:33:08.94184499Z", "created_by": "CMD [\"/app/ssh_locker_web\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-09-20T18:33:08.94184499Z", "created_by": "EXPOSE \u0026{[{{22 0} {22 0}}] 0xc000595c40}", "comment": "buildkit.dockerfile.v0", "empty_layer": true } ], "os": "linux", "rootfs": { "type": "layers", "diff_ids": [ "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35", "sha256:2d1c72ac7496ad39b7d580ce7e4f196a1cdf24c3d63af186e593b1408290a2b0", "sha256:26d46fe0b0c0f8ea34c0ae17d8fd7e8034db46711ecd753968981123d7c3ab0f", "sha256:6e16f7d72a8cb8cd1d601f208918cf4235add2ca0c23751f7f38f18fd3116f0d", "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef", "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" ] }, "config": { "Cmd": [ "/app/ssh_locker_web" ], "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ], "Labels": { "org.opencontainers.image.created": "2025-09-20T18:32:29.485Z", "org.opencontainers.image.description": "A set of system tools", "org.opencontainers.image.licenses": "", "org.opencontainers.image.revision": "100488586869181887be4f9b295a8a5ef1e98169", "org.opencontainers.image.source": "https://github.com/a13labs/systools", "org.opencontainers.image.title": "systools", "org.opencontainers.image.url": "https://github.com/a13labs/systools", "org.opencontainers.image.version": "0.4.5" }, "User": "worker", "WorkingDir": "/app", "ExposedPorts": { "8080/tcp": {} }, "ArgsEscaped": true } }, "Layers": [ { "Size": 8596480, "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, { "Size": 766464, "Digest": "sha256:8d1175b3e210dfd651be0c00b0c32e15f86cdb5e39ec18b882ca380ea80bca63", "DiffID": "sha256:2d1c72ac7496ad39b7d580ce7e4f196a1cdf24c3d63af186e593b1408290a2b0" }, { "Size": 10752, "Digest": "sha256:6bdcca0c0d94011e6258cc75b68ab425199771419599d21ffa62c097d777df03", "DiffID": "sha256:26d46fe0b0c0f8ea34c0ae17d8fd7e8034db46711ecd753968981123d7c3ab0f" }, { "Size": 1536, "Digest": "sha256:e9615cd43aa626e7f8ac55384b46e2c8499727bbd38814e05878ce96ce5fb7f7", "DiffID": "sha256:6e16f7d72a8cb8cd1d601f208918cf4235add2ca0c23751f7f38f18fd3116f0d" }, { "Size": 1024, "Digest": "sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1", "DiffID": "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef" }, { "Size": 11050496, "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" } ] } ], "Results": [ { "Target": "a13labs/ssh_locker_web:latest (alpine 3.22.1)", "Class": "os-pkgs", "Type": "alpine", "Packages": [ { "ID": "alpine-baselayout@3.7.0-r0", "Name": "alpine-baselayout", "Identifier": { "PURL": "pkg:apk/alpine/alpine-baselayout@3.7.0-r0?arch=x86_64\u0026distro=3.22.1", "UID": "e1b004c7909e5e42" }, "Version": "3.7.0-r0", "Arch": "x86_64", "SrcName": "alpine-baselayout", "SrcVersion": "3.7.0-r0", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "alpine-baselayout-data@3.7.0-r0", "busybox-binsh@1.37.0-r18" ], "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "Digest": "sha1:29f99748eea1ffe01f70b34024dc45c46d211f8d", "InstalledFiles": [ "etc/motd", "etc/crontabs/root", "etc/modprobe.d/aliases.conf", "etc/modprobe.d/blacklist.conf", "etc/modprobe.d/i386.conf", "etc/profile.d/20locale.sh", "etc/profile.d/README", "etc/profile.d/color_prompt.sh.disabled", "usr/lib/sysctl.d/00-alpine.conf", "var/lock", "var/run", "var/spool/mail", "var/spool/cron/crontabs" ], "AnalyzedBy": "apk" }, { "ID": "alpine-baselayout-data@3.7.0-r0", "Name": "alpine-baselayout-data", "Identifier": { "PURL": "pkg:apk/alpine/alpine-baselayout-data@3.7.0-r0?arch=x86_64\u0026distro=3.22.1", "UID": "ab78613e89e34197" }, "Version": "3.7.0-r0", "Arch": "x86_64", "SrcName": "alpine-baselayout", "SrcVersion": "3.7.0-r0", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "Digest": "sha1:73f5ef65f8333a1784102df973c076d5a7d5b5fe", "InstalledFiles": [ "etc/fstab", "etc/group", "etc/hostname", "etc/hosts", "etc/inittab", "etc/modules", "etc/mtab", "etc/nsswitch.conf", "etc/passwd", "etc/profile", "etc/protocols", "etc/services", "etc/shadow", "etc/shells", "etc/sysctl.conf" ], "AnalyzedBy": "apk" }, { "ID": "alpine-keys@2.5-r0", "Name": "alpine-keys", "Identifier": { "PURL": "pkg:apk/alpine/alpine-keys@2.5-r0?arch=x86_64\u0026distro=3.22.1", "UID": "82fba6933d3c7e01" }, "Version": "2.5-r0", "Arch": "x86_64", "SrcName": "alpine-keys", "SrcVersion": "2.5-r0", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "Digest": "sha1:b175e48144ebad03d6ba11d45b25aafc2de310c1", "InstalledFiles": [ "etc/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-66ba20fe.rsa.pub", "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", "usr/share/apk/keys/loongarch64/alpine-devel@lists.alpinelinux.org-66ba20fe.rsa.pub", "usr/share/apk/keys/mips64/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub" ], "AnalyzedBy": "apk" }, { "ID": "alpine-release@3.22.1-r0", "Name": "alpine-release", "Identifier": { "PURL": "pkg:apk/alpine/alpine-release@3.22.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "b919f62743ce52a6" }, "Version": "3.22.1-r0", "Arch": "x86_64", "SrcName": "alpine-base", "SrcVersion": "3.22.1-r0", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "alpine-keys@2.5-r0" ], "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "Digest": "sha1:20af3bbd2f59403c19b22576e458428bf8c09c12", "InstalledFiles": [ "etc/alpine-release", "etc/issue", "etc/os-release", "etc/secfixes.d/alpine", "usr/lib/os-release" ], "AnalyzedBy": "apk" }, { "ID": "apk-tools@2.14.9-r2", "Name": "apk-tools", "Identifier": { "PURL": "pkg:apk/alpine/apk-tools@2.14.9-r2?arch=x86_64\u0026distro=3.22.1", "UID": "adde765a3a34534e" }, "Version": "2.14.9-r2", "Arch": "x86_64", "SrcName": "apk-tools", "SrcVersion": "2.14.9-r2", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "ca-certificates-bundle@20250619-r0", "libapk2@2.14.9-r2", "libcrypto3@3.5.1-r0", "musl@1.2.5-r10", "zlib@1.3.1-r2" ], "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "Digest": "sha1:2a8910d00ac31df2e1ccd94127488ea3a06e2d48", "InstalledFiles": [ "sbin/apk" ], "AnalyzedBy": "apk" }, { "ID": "busybox@1.37.0-r18", "Name": "busybox", "Identifier": { "PURL": "pkg:apk/alpine/busybox@1.37.0-r18?arch=x86_64\u0026distro=3.22.1", "UID": "3da78128164dbbc4" }, "Version": "1.37.0-r18", "Arch": "x86_64", "SrcName": "busybox", "SrcVersion": "1.37.0-r18", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "Digest": "sha1:21558d4968f31dcc377c0f27dae9bb0f32bb25d2", "InstalledFiles": [ "bin/busybox", "etc/securetty", "etc/busybox-paths.d/busybox", "etc/logrotate.d/acpid", "etc/network/if-up.d/dad", "etc/udhcpc/udhcpc.conf", "usr/share/udhcpc/default.script" ], "AnalyzedBy": "apk" }, { "ID": "busybox-binsh@1.37.0-r18", "Name": "busybox-binsh", "Identifier": { "PURL": "pkg:apk/alpine/busybox-binsh@1.37.0-r18?arch=x86_64\u0026distro=3.22.1", "UID": "c66405e3f8ffde54" }, "Version": "1.37.0-r18", "Arch": "x86_64", "SrcName": "busybox", "SrcVersion": "1.37.0-r18", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", "DependsOn": [ "busybox@1.37.0-r18" ], "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "Digest": "sha1:4bcdab5f9122afb4de71bfe8b1125c0c02796793", "InstalledFiles": [ "bin/sh" ], "AnalyzedBy": "apk" }, { "ID": "ca-certificates@20250619-r0", "Name": "ca-certificates", "Identifier": { "PURL": "pkg:apk/alpine/ca-certificates@20250619-r0?arch=x86_64\u0026distro=3.22.1", "UID": "854fde5eb11f246f" }, "Version": "20250619-r0", "Arch": "x86_64", "SrcName": "ca-certificates", "SrcVersion": "20250619-r0", "Licenses": [ "MPL-2.0", "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "busybox-binsh@1.37.0-r18", "libcrypto3@3.5.1-r0", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:8d1175b3e210dfd651be0c00b0c32e15f86cdb5e39ec18b882ca380ea80bca63", "DiffID": "sha256:2d1c72ac7496ad39b7d580ce7e4f196a1cdf24c3d63af186e593b1408290a2b0" }, "Digest": "sha1:3b7c32ecd4342d100cf04ca9a4a27702896461e3", "InstalledFiles": [ "etc/ca-certificates.conf", "etc/apk/protected_paths.d/ca-certificates.list", "etc/ca-certificates/update.d/certhash", "usr/bin/c_rehash", "usr/sbin/update-ca-certificates", "usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt", "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt", "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt", "usr/share/ca-certificates/mozilla/ANF_Secure_Server_Root_CA.crt", "usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt", "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt", "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.crt", "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.crt", "usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt", "usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA1.crt", "usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA2.crt", "usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt", "usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt", "usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt", "usr/share/ca-certificates/mozilla/CFCA_EV_ROOT.crt", "usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Certainly_Root_E1.crt", "usr/share/ca-certificates/mozilla/Certainly_Root_R1.crt", "usr/share/ca-certificates/mozilla/Certigna.crt", "usr/share/ca-certificates/mozilla/Certigna_Root_CA.crt", "usr/share/ca-certificates/mozilla/Certum_EC-384_CA.crt", "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt", "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt", "usr/share/ca-certificates/mozilla/Certum_Trusted_Root_CA.crt", "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-01.crt", "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-02.crt", "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-01.crt", "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-02.crt", "usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_1_2020.crt", "usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_2_2023.crt", "usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_1_2020.crt", "usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_2_2023.crt", "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt", "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt", "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt", "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt", "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt", "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt", "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt", "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt", "usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt", "usr/share/ca-certificates/mozilla/DigiCert_TLS_ECC_P384_Root_G5.crt", "usr/share/ca-certificates/mozilla/DigiCert_TLS_RSA4096_Root_G5.crt", "usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt", "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt", "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/FIRMAPROFESIONAL_CA_ROOT-A_WEB.crt", "usr/share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt", "usr/share/ca-certificates/mozilla/GLOBALTRUST_2020.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R1.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R2.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R3.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R4.crt", "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt", "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_E46.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_R46.crt", "usr/share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/HARICA_TLS_ECC_Root_CA_2021.crt", "usr/share/ca-certificates/mozilla/HARICA_TLS_RSA_Root_CA_2021.crt", "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt", "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt", "usr/share/ca-certificates/mozilla/HiPKI_Root_CA_-_G1.crt", "usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt", "usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt", "usr/share/ca-certificates/mozilla/ISRG_Root_X2.crt", "usr/share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt", "usr/share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt", "usr/share/ca-certificates/mozilla/Izenpe.com.crt", "usr/share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt", "usr/share/ca-certificates/mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt", "usr/share/ca-certificates/mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt", "usr/share/ca-certificates/mozilla/NAVER_Global_Root_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt", "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt", "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt", "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt", "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt", "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt", "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt", "usr/share/ca-certificates/mozilla/SSL.com_TLS_ECC_Root_CA_2022.crt", "usr/share/ca-certificates/mozilla/SSL.com_TLS_RSA_Root_CA_2022.crt", "usr/share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt", "usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_E46.crt", "usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_R46.crt", "usr/share/ca-certificates/mozilla/SecureSign_Root_CA12.crt", "usr/share/ca-certificates/mozilla/SecureSign_Root_CA14.crt", "usr/share/ca-certificates/mozilla/SecureSign_Root_CA15.crt", "usr/share/ca-certificates/mozilla/SecureTrust_CA.crt", "usr/share/ca-certificates/mozilla/Secure_Global_CA.crt", "usr/share/ca-certificates/mozilla/Security_Communication_ECC_RootCA1.crt", "usr/share/ca-certificates/mozilla/Security_Communication_RootCA2.crt", "usr/share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt", "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt", "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt", "usr/share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt", "usr/share/ca-certificates/mozilla/TWCA_CYBER_Root_CA.crt", "usr/share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt", "usr/share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Telekom_Security_TLS_ECC_Root_2020.crt", "usr/share/ca-certificates/mozilla/Telekom_Security_TLS_RSA_Root_2023.crt", "usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt", "usr/share/ca-certificates/mozilla/Telia_Root_CA_v2.crt", "usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G3.crt", "usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G4.crt", "usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/TunTrust_Root_CA.crt", "usr/share/ca-certificates/mozilla/UCA_Extended_Validation_Root.crt", "usr/share/ca-certificates/mozilla/UCA_Global_G2_Root.crt", "usr/share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt", "usr/share/ca-certificates/mozilla/certSIGN_Root_CA_G2.crt", "usr/share/ca-certificates/mozilla/e-Szigno_Root_CA_2017.crt", "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_C3.crt", "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_G3.crt", "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_C1.crt", "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_G1.crt", "usr/share/ca-certificates/mozilla/vTrus_ECC_Root_CA.crt", "usr/share/ca-certificates/mozilla/vTrus_Root_CA.crt" ], "AnalyzedBy": "apk" }, { "ID": "ca-certificates-bundle@20250619-r0", "Name": "ca-certificates-bundle", "Identifier": { "PURL": "pkg:apk/alpine/ca-certificates-bundle@20250619-r0?arch=x86_64\u0026distro=3.22.1", "UID": "dad0d13eb03c8270" }, "Version": "20250619-r0", "Arch": "x86_64", "SrcName": "ca-certificates", "SrcVersion": "20250619-r0", "Licenses": [ "MPL-2.0", "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "Digest": "sha1:32be9117f1879f48b44823fbbd2d9e26a6a9a500", "InstalledFiles": [ "etc/ssl/cert.pem", "etc/ssl/certs/ca-certificates.crt", "etc/ssl1.1/cert.pem", "etc/ssl1.1/certs" ], "AnalyzedBy": "apk" }, { "ID": "libapk2@2.14.9-r2", "Name": "libapk2", "Identifier": { "PURL": "pkg:apk/alpine/libapk2@2.14.9-r2?arch=x86_64\u0026distro=3.22.1", "UID": "fc5150123bb2dd6a" }, "Version": "2.14.9-r2", "Arch": "x86_64", "SrcName": "apk-tools", "SrcVersion": "2.14.9-r2", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "ca-certificates-bundle@20250619-r0", "libcrypto3@3.5.1-r0", "libssl3@3.5.1-r0", "musl@1.2.5-r10", "zlib@1.3.1-r2" ], "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "Digest": "sha1:d3a20797fcda1b5742c119ffc146c1e110ed418e", "InstalledFiles": [ "usr/lib/libapk.so.2.14.9" ], "AnalyzedBy": "apk" }, { "ID": "libcrypto3@3.5.1-r0", "Name": "libcrypto3", "Identifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "d1c0fc0b189b35f2" }, "Version": "3.5.1-r0", "Arch": "x86_64", "SrcName": "openssl", "SrcVersion": "3.5.1-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "Digest": "sha1:cdc005cdb0f91d9f652d17b337b5b9ad0ffa2012", "InstalledFiles": [ "etc/ssl/ct_log_list.cnf", "etc/ssl/ct_log_list.cnf.dist", "etc/ssl/openssl.cnf", "etc/ssl/openssl.cnf.dist", "usr/lib/libcrypto.so.3", "usr/lib/engines-3/afalg.so", "usr/lib/engines-3/capi.so", "usr/lib/engines-3/loader_attic.so", "usr/lib/engines-3/padlock.so", "usr/lib/ossl-modules/legacy.so" ], "AnalyzedBy": "apk" }, { "ID": "libssl3@3.5.1-r0", "Name": "libssl3", "Identifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "bba7017a0fcca05c" }, "Version": "3.5.1-r0", "Arch": "x86_64", "SrcName": "openssl", "SrcVersion": "3.5.1-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libcrypto3@3.5.1-r0", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "Digest": "sha1:fc89917981adb0b33a5ccf84e4168e4256b5065b", "InstalledFiles": [ "usr/lib/libssl.so.3" ], "AnalyzedBy": "apk" }, { "ID": "musl@1.2.5-r10", "Name": "musl", "Identifier": { "PURL": "pkg:apk/alpine/musl@1.2.5-r10?arch=x86_64\u0026distro=3.22.1", "UID": "55e7e479f5580f45" }, "Version": "1.2.5-r10", "Arch": "x86_64", "SrcName": "musl", "SrcVersion": "1.2.5-r10", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "Digest": "sha1:59283b61db830a0a0309c98f4db906a2d8fa342b", "InstalledFiles": [ "lib/ld-musl-x86_64.so.1", "lib/libc.musl-x86_64.so.1" ], "AnalyzedBy": "apk" }, { "ID": "musl-utils@1.2.5-r10", "Name": "musl-utils", "Identifier": { "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r10?arch=x86_64\u0026distro=3.22.1", "UID": "73256102bfd5faee" }, "Version": "1.2.5-r10", "Arch": "x86_64", "SrcName": "musl", "SrcVersion": "1.2.5-r10", "Licenses": [ "MIT", "BSD-2-Clause", "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10", "scanelf@1.3.8-r1" ], "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "Digest": "sha1:7e60d0820813baa8ac266bee158394c0a69f104a", "InstalledFiles": [ "sbin/ldconfig", "usr/bin/getconf", "usr/bin/getent", "usr/bin/iconv", "usr/bin/ldd" ], "AnalyzedBy": "apk" }, { "ID": "scanelf@1.3.8-r1", "Name": "scanelf", "Identifier": { "PURL": "pkg:apk/alpine/scanelf@1.3.8-r1?arch=x86_64\u0026distro=3.22.1", "UID": "be156a8575875ef7" }, "Version": "1.3.8-r1", "Arch": "x86_64", "SrcName": "pax-utils", "SrcVersion": "1.3.8-r1", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "Digest": "sha1:bd6dd1c820d476bcdf8ee38f003bcf2a73323b13", "InstalledFiles": [ "usr/bin/scanelf" ], "AnalyzedBy": "apk" }, { "ID": "ssl_client@1.37.0-r18", "Name": "ssl_client", "Identifier": { "PURL": "pkg:apk/alpine/ssl_client@1.37.0-r18?arch=x86_64\u0026distro=3.22.1", "UID": "24ada6e59ed92743" }, "Version": "1.37.0-r18", "Arch": "x86_64", "SrcName": "busybox", "SrcVersion": "1.37.0-r18", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", "DependsOn": [ "libcrypto3@3.5.1-r0", "libssl3@3.5.1-r0", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "Digest": "sha1:7fa2e0f5a78d7061d18653bc5e38cb83c42d2f3a", "InstalledFiles": [ "usr/bin/ssl_client" ], "AnalyzedBy": "apk" }, { "ID": "zlib@1.3.1-r2", "Name": "zlib", "Identifier": { "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.22.1", "UID": "23095b6210429e11" }, "Version": "1.3.1-r2", "Arch": "x86_64", "SrcName": "zlib", "SrcVersion": "1.3.1-r2", "Licenses": [ "Zlib" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "Digest": "sha1:bf7d90d89e5429c18167b91ab8d7e6256cfc7fdf", "InstalledFiles": [ "usr/lib/libz.so.1", "usr/lib/libz.so.1.3.1" ], "AnalyzedBy": "apk" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2024-58251", "PkgID": "busybox@1.37.0-r18", "PkgName": "busybox", "PkgIdentifier": { "PURL": "pkg:apk/alpine/busybox@1.37.0-r18?arch=x86_64\u0026distro=3.22.1", "UID": "3da78128164dbbc4" }, "InstalledVersion": "1.37.0-r18", "FixedVersion": "1.37.0-r20", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:65cea9ebd3c3f42e10e572f43537079bfb49111dc19f09c2d96d78a36e325b3e", "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", "Severity": "MEDIUM", "CweIDs": [ "CWE-150" ], "VendorSeverity": { "ubuntu": 2 }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/23/6", "https://bugs.busybox.net/show_bug.cgi?id=15922", "https://www.busybox.net", "https://www.busybox.net/downloads/", "https://www.cve.org/CVERecord?id=CVE-2024-58251" ], "PublishedDate": "2025-04-23T18:16:03.057Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-58251", "PkgID": "busybox-binsh@1.37.0-r18", "PkgName": "busybox-binsh", "PkgIdentifier": { "PURL": "pkg:apk/alpine/busybox-binsh@1.37.0-r18?arch=x86_64\u0026distro=3.22.1", "UID": "c66405e3f8ffde54" }, "InstalledVersion": "1.37.0-r18", "FixedVersion": "1.37.0-r20", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:7a53e9107876f3df6b62c4204510bd86df8a10e5e12671c31cd762d00b18d0de", "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", "Severity": "MEDIUM", "CweIDs": [ "CWE-150" ], "VendorSeverity": { "ubuntu": 2 }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/23/6", "https://bugs.busybox.net/show_bug.cgi?id=15922", "https://www.busybox.net", "https://www.busybox.net/downloads/", "https://www.cve.org/CVERecord?id=CVE-2024-58251" ], "PublishedDate": "2025-04-23T18:16:03.057Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2026-31789", "PkgID": "libcrypto3@3.5.1-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "d1c0fc0b189b35f2" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31789", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:5d455ac189dea6c059cb0a0388540a262d0d2c9ef68828e8f3a3ba226af71530", "Title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing", "Description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "CRITICAL", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "azure": 2, "nvd": 4, "photon": 4, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", "V3Score": 5.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31789", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-j79m-9jxq-788r", "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-31789", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.617Z", "LastModifiedDate": "2026-05-12T13:17:34.57Z" }, { "VulnerabilityID": "CVE-2025-15467", "PkgID": "libcrypto3@3.5.1-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "d1c0fc0b189b35f2" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15467", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:58081f5cc25523784f7e9c1cda7dbd14de1a902b1cb6573192224a6e787378e6", "Title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing", "Description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 4, "julia": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 8.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/27/10", "http://www.openwall.com/lists/oss-security/2026/02/25/6", "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-15467", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-wvhq-3h88-rf6g", "https://github.com/guiimoraes/CVE-2025-15467", "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://linux.oracle.com/cve/CVE-2025-15467.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://www.cve.org/CVERecord?id=CVE-2025-15467" ], "PublishedDate": "2026-01-27T16:16:14.257Z", "LastModifiedDate": "2026-05-07T18:12:43.253Z" }, { "VulnerabilityID": "CVE-2025-69421", "PkgID": "libcrypto3@3.5.1-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "d1c0fc0b189b35f2" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69421", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:9a4782707ba59bcc1f2b41d160cf01ab754cfdd826ac2e5a7adce016ee847991", "Title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing", "Description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "cbl-mariner": 2, "julia": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 1, "rocky": 3, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-69421", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-w9rv-xc8m-cmqp", "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://linux.oracle.com/cve/CVE-2025-69421.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69421" ], "PublishedDate": "2026-01-27T16:16:34.437Z", "LastModifiedDate": "2026-05-12T13:17:26.71Z" }, { "VulnerabilityID": "CVE-2026-28387", "PkgID": "libcrypto3@3.5.1-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "d1c0fc0b189b35f2" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28387", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:054c16ec3a8be5defb3022a97f55e78ffa18d2ac5318b75380951c4287c1ed38", "Title": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication", "Description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as 'unusable' any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28387", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b", "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe", "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3", "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7", "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177", "https://nvd.nist.gov/vuln/detail/CVE-2026-28387", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28387", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:20.7Z", "LastModifiedDate": "2026-05-12T13:17:33.27Z" }, { "VulnerabilityID": "CVE-2026-28388", "PkgID": "libcrypto3@3.5.1-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "d1c0fc0b189b35f2" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28388", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:def71b43e350437ba74044b50e1d41b0391c43e5af623c2b564e60eb68db69f8", "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing", "Description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28388", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28388", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:20.863Z", "LastModifiedDate": "2026-05-12T13:17:33.453Z" }, { "VulnerabilityID": "CVE-2026-28389", "PkgID": "libcrypto3@3.5.1-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "d1c0fc0b189b35f2" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28389", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:8594a87294e31c5096289b516bd1e2b02185325bf41273133b405cdf2d2114c7", "Title": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing", "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28389", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/advisories/GHSA-7x88-9hgc-69gf", "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28389", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.03Z", "LastModifiedDate": "2026-05-12T13:17:33.637Z" }, { "VulnerabilityID": "CVE-2026-28390", "PkgID": "libcrypto3@3.5.1-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "d1c0fc0b189b35f2" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28390", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:bd95d1fbe08ba492969ca41ffab97291bb4ced080e2be85499512f7a0b3f11d8", "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing", "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28390", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", "https://nvd.nist.gov/vuln/detail/CVE-2026-28390", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28390", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.19Z", "LastModifiedDate": "2026-05-12T13:17:33.81Z" }, { "VulnerabilityID": "CVE-2025-11187", "PkgID": "libcrypto3@3.5.1-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "d1c0fc0b189b35f2" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11187", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:0792d5a15f9bad99fddc3e2244ca47a8044b0b37fa0f432066f66db37a6997b2", "Title": "openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file", "Description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476", "CWE-787" ], "VendorSeverity": { "alma": 3, "julia": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-11187", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-hpc7-gcqm-58fv", "https://github.com/metadust/CVE-2025-11187", "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", "https://linux.oracle.com/cve/CVE-2025-11187.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://www.cve.org/CVERecord?id=CVE-2025-11187" ], "PublishedDate": "2026-01-27T16:16:14.093Z", "LastModifiedDate": "2026-03-20T14:16:13.89Z" }, { "VulnerabilityID": "CVE-2025-69419", "PkgID": "libcrypto3@3.5.1-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "d1c0fc0b189b35f2" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69419", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:5f443c1daefd26598ea7f2b8afe4cfceeb8e4a87fc2dab72b9c2ea06626205ca", "Title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing", "Description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "cbl-mariner": 3, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4472", "https://access.redhat.com/security/cve/CVE-2025-69419", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-4472.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-x77r-97gw-wh89", "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", "https://linux.oracle.com/cve/CVE-2025-69419.html", "https://linux.oracle.com/errata/ELSA-2026-50131.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69419" ], "PublishedDate": "2026-01-27T16:16:34.113Z", "LastModifiedDate": "2026-05-12T13:17:26.19Z" }, { "VulnerabilityID": "CVE-2025-9230", "PkgID": "libcrypto3@3.5.1-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "d1c0fc0b189b35f2" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.4-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:8e3f6ef30e8ae427f92a6ad778df4bbacadc2650443c936dae7e854dcb882b35", "Title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap", "Description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125", "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "cbl-mariner": 3, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.6 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/09/30/5", "https://access.redhat.com/errata/RHSA-2026:2776", "https://access.redhat.com/security/cve/CVE-2025-9230", "https://bugzilla.redhat.com/2396054", "https://bugzilla.redhat.com/show_bug.cgi?id=2396054", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cert-portal.siemens.com/productcert/html/ssa-485750.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230", "https://errata.almalinux.org/9/ALSA-2026-2776.html", "https://errata.rockylinux.org/RLSA-2025:21255", "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", "https://linux.oracle.com/cve/CVE-2025-9230.html", "https://linux.oracle.com/errata/ELSA-2026-50114.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "https://openssl-library.org/news/secadv/20250930.txt", "https://ubuntu.com/security/notices/USN-7786-1", "https://www.cve.org/CVERecord?id=CVE-2025-9230" ], "PublishedDate": "2025-09-30T14:15:41.05Z", "LastModifiedDate": "2026-05-12T13:17:29.767Z" }, { "VulnerabilityID": "CVE-2025-9231", "PkgID": "libcrypto3@3.5.1-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "d1c0fc0b189b35f2" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.4-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:4d4331e30dac86bb13029d885bdf5e6312c1a46337a4d5c7d82bd7e7cf9b8a5a", "Title": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", "Description": "Issue summary: A timing side-channel which could potentially allow remote\nrecovery of the private key exists in the SM2 algorithm implementation on 64 bit\nARM platforms.\n\nImpact summary: A timing side-channel in SM2 signature computations on 64 bit\nARM platforms could allow recovering the private key by an attacker..\n\nWhile remote key recovery over a network was not attempted by the reporter,\ntiming measurements revealed a timing signal which may allow such an attack.\n\nOpenSSL does not directly support certificates with SM2 keys in TLS, and so\nthis CVE is not relevant in most TLS contexts. However, given that it is\npossible to add support for such certificates via a custom provider, coupled\nwith the fact that in such a custom provider context the private key may be\nrecoverable via remote timing measurements, we consider this to be a Moderate\nseverity issue.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as SM2 is not an approved algorithm.", "Severity": "MEDIUM", "CweIDs": [ "CWE-385" ], "VendorSeverity": { "amazon": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/09/30/5", "http://www.openwall.com/lists/oss-security/2026/05/11/11", "https://access.redhat.com/security/cve/CVE-2025-9231", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", "https://github.com/advisories/GHSA-9mrx-mqmg-gwj9", "https://github.com/openssl/openssl/commit/567f64386e43683888212226824b6a179885a0fe", "https://github.com/openssl/openssl/commit/cba616c26ac8e7b37de5e77762e505ba5ca51698", "https://github.com/openssl/openssl/commit/eed5adc9f969d77c94f213767acbb41ff923b6f4", "https://github.com/openssl/openssl/commit/fc47a2ec078912b3e914fab5734535e76c4820c2", "https://nvd.nist.gov/vuln/detail/CVE-2025-9231", "https://openssl-library.org/news/secadv/20250930.txt", "https://ubuntu.com/security/notices/USN-7786-1", "https://www.cve.org/CVERecord?id=CVE-2025-9231" ], "PublishedDate": "2025-09-30T14:15:41.19Z", "LastModifiedDate": "2026-05-12T13:17:29.927Z" }, { "VulnerabilityID": "CVE-2026-2673", "PkgID": "libcrypto3@3.5.1-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "d1c0fc0b189b35f2" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-2673", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:0d40cfaf9dae6fe1af1815afba9cabdccc6bbdbeee062c5607394da8829ea29c", "Title": "openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group", "Description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-757" ], "VendorSeverity": { "amazon": 1, "julia": 3, "redhat": 2, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/13/3", "https://access.redhat.com/security/cve/CVE-2026-2673", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-wj64-gh9j-xm82", "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "https://openssl-library.org/news/secadv/20260313.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-2673" ], "PublishedDate": "2026-03-13T19:54:34.033Z", "LastModifiedDate": "2026-05-18T20:16:37.763Z" }, { "VulnerabilityID": "CVE-2026-31790", "PkgID": "libcrypto3@3.5.1-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "d1c0fc0b189b35f2" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31790", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:cdde9efac54b3c01aca541164bf8b7bd85c7055e2825502213012f502a9abb06", "Title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key", "Description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-754" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31790", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-vgxx-5xj5-q97x", "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-31790", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.77Z", "LastModifiedDate": "2026-05-12T13:17:34.75Z" }, { "VulnerabilityID": "CVE-2026-31789", "PkgID": "libssl3@3.5.1-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "bba7017a0fcca05c" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31789", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:323c524284e4a7efdf8c966e0bbc009de660f7a005b084a69915cc60e605fceb", "Title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing", "Description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "CRITICAL", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "azure": 2, "nvd": 4, "photon": 4, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", "V3Score": 5.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31789", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-j79m-9jxq-788r", "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-31789", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.617Z", "LastModifiedDate": "2026-05-12T13:17:34.57Z" }, { "VulnerabilityID": "CVE-2025-15467", "PkgID": "libssl3@3.5.1-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "bba7017a0fcca05c" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15467", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:6fcae4faa10b74a6d2ed8a182d8ee877202885f7dbdc42ce09e875d917f21a0a", "Title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing", "Description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 4, "julia": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 8.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/27/10", "http://www.openwall.com/lists/oss-security/2026/02/25/6", "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-15467", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-wvhq-3h88-rf6g", "https://github.com/guiimoraes/CVE-2025-15467", "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://linux.oracle.com/cve/CVE-2025-15467.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://www.cve.org/CVERecord?id=CVE-2025-15467" ], "PublishedDate": "2026-01-27T16:16:14.257Z", "LastModifiedDate": "2026-05-07T18:12:43.253Z" }, { "VulnerabilityID": "CVE-2025-69421", "PkgID": "libssl3@3.5.1-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "bba7017a0fcca05c" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69421", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:9fc0daa80ae0c892305ef3cadd8592d327bf59da149d6ebe7cf8b34788494449", "Title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing", "Description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "cbl-mariner": 2, "julia": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 1, "rocky": 3, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-69421", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-w9rv-xc8m-cmqp", "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://linux.oracle.com/cve/CVE-2025-69421.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69421" ], "PublishedDate": "2026-01-27T16:16:34.437Z", "LastModifiedDate": "2026-05-12T13:17:26.71Z" }, { "VulnerabilityID": "CVE-2026-28387", "PkgID": "libssl3@3.5.1-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "bba7017a0fcca05c" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28387", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:0edd7cc105e3c9baa2dffd47da9344f8cf926be7981550f2181fbb0d05793ec3", "Title": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication", "Description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as 'unusable' any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28387", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b", "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe", "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3", "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7", "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177", "https://nvd.nist.gov/vuln/detail/CVE-2026-28387", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28387", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:20.7Z", "LastModifiedDate": "2026-05-12T13:17:33.27Z" }, { "VulnerabilityID": "CVE-2026-28388", "PkgID": "libssl3@3.5.1-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "bba7017a0fcca05c" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28388", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:d2a85940f0fdecc85727d4e8a34a690495968d77c3a79114ecfc9afd28cf50e8", "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing", "Description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28388", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28388", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:20.863Z", "LastModifiedDate": "2026-05-12T13:17:33.453Z" }, { "VulnerabilityID": "CVE-2026-28389", "PkgID": "libssl3@3.5.1-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "bba7017a0fcca05c" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28389", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:6fd21141292a6e7839a12878f7d0f934f59bbb96fb03fa5de99c5562a69e212c", "Title": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing", "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28389", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/advisories/GHSA-7x88-9hgc-69gf", "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28389", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.03Z", "LastModifiedDate": "2026-05-12T13:17:33.637Z" }, { "VulnerabilityID": "CVE-2026-28390", "PkgID": "libssl3@3.5.1-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "bba7017a0fcca05c" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28390", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:eb00dbda761e8feeec54226ba501524212bbb8141ef68e4ec5da1a05eb803ac6", "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing", "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28390", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", "https://nvd.nist.gov/vuln/detail/CVE-2026-28390", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28390", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.19Z", "LastModifiedDate": "2026-05-12T13:17:33.81Z" }, { "VulnerabilityID": "CVE-2025-11187", "PkgID": "libssl3@3.5.1-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "bba7017a0fcca05c" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11187", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:9fcad6ba0287c1af2e22e5749311811049ad67116746c2cd2fbbee01298e3ae7", "Title": "openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file", "Description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476", "CWE-787" ], "VendorSeverity": { "alma": 3, "julia": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-11187", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-hpc7-gcqm-58fv", "https://github.com/metadust/CVE-2025-11187", "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", "https://linux.oracle.com/cve/CVE-2025-11187.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://www.cve.org/CVERecord?id=CVE-2025-11187" ], "PublishedDate": "2026-01-27T16:16:14.093Z", "LastModifiedDate": "2026-03-20T14:16:13.89Z" }, { "VulnerabilityID": "CVE-2025-69419", "PkgID": "libssl3@3.5.1-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "bba7017a0fcca05c" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69419", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:e8f22a0afd3491d4f2e46eae0aa82b5379e9b9fa4388902bbe4b8dfd8ee91fe5", "Title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing", "Description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "cbl-mariner": 3, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4472", "https://access.redhat.com/security/cve/CVE-2025-69419", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-4472.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-x77r-97gw-wh89", "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", "https://linux.oracle.com/cve/CVE-2025-69419.html", "https://linux.oracle.com/errata/ELSA-2026-50131.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69419" ], "PublishedDate": "2026-01-27T16:16:34.113Z", "LastModifiedDate": "2026-05-12T13:17:26.19Z" }, { "VulnerabilityID": "CVE-2025-9230", "PkgID": "libssl3@3.5.1-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "bba7017a0fcca05c" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.4-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:92ec01a2e0fb18531d459f23c51d37cc3c1472da2514e0ce57a8675f4aa945c0", "Title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap", "Description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125", "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "cbl-mariner": 3, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.6 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/09/30/5", "https://access.redhat.com/errata/RHSA-2026:2776", "https://access.redhat.com/security/cve/CVE-2025-9230", "https://bugzilla.redhat.com/2396054", "https://bugzilla.redhat.com/show_bug.cgi?id=2396054", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cert-portal.siemens.com/productcert/html/ssa-485750.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230", "https://errata.almalinux.org/9/ALSA-2026-2776.html", "https://errata.rockylinux.org/RLSA-2025:21255", "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", "https://linux.oracle.com/cve/CVE-2025-9230.html", "https://linux.oracle.com/errata/ELSA-2026-50114.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "https://openssl-library.org/news/secadv/20250930.txt", "https://ubuntu.com/security/notices/USN-7786-1", "https://www.cve.org/CVERecord?id=CVE-2025-9230" ], "PublishedDate": "2025-09-30T14:15:41.05Z", "LastModifiedDate": "2026-05-12T13:17:29.767Z" }, { "VulnerabilityID": "CVE-2025-9231", "PkgID": "libssl3@3.5.1-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "bba7017a0fcca05c" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.4-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:053957d1c5bed9b5b40a0d51dfe38b5f05df33b774f52d3f54013d1545f83cd4", "Title": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", "Description": "Issue summary: A timing side-channel which could potentially allow remote\nrecovery of the private key exists in the SM2 algorithm implementation on 64 bit\nARM platforms.\n\nImpact summary: A timing side-channel in SM2 signature computations on 64 bit\nARM platforms could allow recovering the private key by an attacker..\n\nWhile remote key recovery over a network was not attempted by the reporter,\ntiming measurements revealed a timing signal which may allow such an attack.\n\nOpenSSL does not directly support certificates with SM2 keys in TLS, and so\nthis CVE is not relevant in most TLS contexts. However, given that it is\npossible to add support for such certificates via a custom provider, coupled\nwith the fact that in such a custom provider context the private key may be\nrecoverable via remote timing measurements, we consider this to be a Moderate\nseverity issue.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as SM2 is not an approved algorithm.", "Severity": "MEDIUM", "CweIDs": [ "CWE-385" ], "VendorSeverity": { "amazon": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/09/30/5", "http://www.openwall.com/lists/oss-security/2026/05/11/11", "https://access.redhat.com/security/cve/CVE-2025-9231", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", "https://github.com/advisories/GHSA-9mrx-mqmg-gwj9", "https://github.com/openssl/openssl/commit/567f64386e43683888212226824b6a179885a0fe", "https://github.com/openssl/openssl/commit/cba616c26ac8e7b37de5e77762e505ba5ca51698", "https://github.com/openssl/openssl/commit/eed5adc9f969d77c94f213767acbb41ff923b6f4", "https://github.com/openssl/openssl/commit/fc47a2ec078912b3e914fab5734535e76c4820c2", "https://nvd.nist.gov/vuln/detail/CVE-2025-9231", "https://openssl-library.org/news/secadv/20250930.txt", "https://ubuntu.com/security/notices/USN-7786-1", "https://www.cve.org/CVERecord?id=CVE-2025-9231" ], "PublishedDate": "2025-09-30T14:15:41.19Z", "LastModifiedDate": "2026-05-12T13:17:29.927Z" }, { "VulnerabilityID": "CVE-2026-2673", "PkgID": "libssl3@3.5.1-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "bba7017a0fcca05c" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-2673", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:6dc3daeaceead1f05838e4ecc27f1971c9c7331d9d0aa0681aa11e43c1f46307", "Title": "openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group", "Description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-757" ], "VendorSeverity": { "amazon": 1, "julia": 3, "redhat": 2, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/13/3", "https://access.redhat.com/security/cve/CVE-2026-2673", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-wj64-gh9j-xm82", "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "https://openssl-library.org/news/secadv/20260313.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-2673" ], "PublishedDate": "2026-03-13T19:54:34.033Z", "LastModifiedDate": "2026-05-18T20:16:37.763Z" }, { "VulnerabilityID": "CVE-2026-31790", "PkgID": "libssl3@3.5.1-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.1-r0?arch=x86_64\u0026distro=3.22.1", "UID": "bba7017a0fcca05c" }, "InstalledVersion": "3.5.1-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31790", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:2d3794646359a62f07cce055139386de85990b913098b821b111068f37828357", "Title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key", "Description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-754" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31790", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-vgxx-5xj5-q97x", "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-31790", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.77Z", "LastModifiedDate": "2026-05-12T13:17:34.75Z" }, { "VulnerabilityID": "CVE-2026-40200", "PkgID": "musl@1.2.5-r10", "PkgName": "musl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl@1.2.5-r10?arch=x86_64\u0026distro=3.22.1", "UID": "55e7e479f5580f45" }, "InstalledVersion": "1.2.5-r10", "FixedVersion": "1.2.5-r12", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40200", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:9907fbedc070ff7ce48d16a6f1e3c7810930be6eec102214fe4cfa99f77f8473", "Title": "musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort", "Description": "An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).", "Severity": "HIGH", "CweIDs": [ "CWE-670" ], "VendorSeverity": { "redhat": 3 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/10/13", "https://access.redhat.com/security/cve/CVE-2026-40200", "https://musl.libc.org/releases.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-40200", "https://www.cve.org/CVERecord?id=CVE-2026-40200", "https://www.openwall.com/lists/oss-security/2026/04/10/13" ], "PublishedDate": "2026-04-10T17:17:14.107Z", "LastModifiedDate": "2026-04-27T19:18:46.69Z" }, { "VulnerabilityID": "CVE-2026-6042", "PkgID": "musl@1.2.5-r10", "PkgName": "musl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl@1.2.5-r10?arch=x86_64\u0026distro=3.22.1", "UID": "55e7e479f5580f45" }, "InstalledVersion": "1.2.5-r10", "FixedVersion": "1.2.5-r11", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6042", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:3358b3608db15a32a51dc985d961a2280365f1a45d6a1e2d163c519a9b42ac49", "Title": "musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv", "Description": "A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.", "Severity": "MEDIUM", "CweIDs": [ "CWE-404", "CWE-407" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/09/19", "https://access.redhat.com/security/cve/CVE-2026-6042", "https://nvd.nist.gov/vuln/detail/CVE-2026-6042", "https://vuldb.com/submit/796352", "https://vuldb.com/vuln/356620", "https://vuldb.com/vuln/356620/cti", "https://www.cve.org/CVERecord?id=CVE-2026-6042", "https://www.openwall.com/lists/oss-security/2026/04/02/10", "https://www.openwall.com/lists/oss-security/2026/04/03/2" ], "PublishedDate": "2026-04-10T09:16:25.45Z", "LastModifiedDate": "2026-04-24T18:01:13.913Z" }, { "VulnerabilityID": "CVE-2026-40200", "PkgID": "musl-utils@1.2.5-r10", "PkgName": "musl-utils", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r10?arch=x86_64\u0026distro=3.22.1", "UID": "73256102bfd5faee" }, "InstalledVersion": "1.2.5-r10", "FixedVersion": "1.2.5-r12", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40200", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:3e5f3abe52ebd949b494c9b7f09ca1b2bef01a1957cd02190ce7a06a5a03f889", "Title": "musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort", "Description": "An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).", "Severity": "HIGH", "CweIDs": [ "CWE-670" ], "VendorSeverity": { "redhat": 3 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/10/13", "https://access.redhat.com/security/cve/CVE-2026-40200", "https://musl.libc.org/releases.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-40200", "https://www.cve.org/CVERecord?id=CVE-2026-40200", "https://www.openwall.com/lists/oss-security/2026/04/10/13" ], "PublishedDate": "2026-04-10T17:17:14.107Z", "LastModifiedDate": "2026-04-27T19:18:46.69Z" }, { "VulnerabilityID": "CVE-2026-6042", "PkgID": "musl-utils@1.2.5-r10", "PkgName": "musl-utils", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r10?arch=x86_64\u0026distro=3.22.1", "UID": "73256102bfd5faee" }, "InstalledVersion": "1.2.5-r10", "FixedVersion": "1.2.5-r11", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6042", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:bcb531ca5319a9af5669ab20957b226e4cc8005b18ce12abed28303ef1b2cddf", "Title": "musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv", "Description": "A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.", "Severity": "MEDIUM", "CweIDs": [ "CWE-404", "CWE-407" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/09/19", "https://access.redhat.com/security/cve/CVE-2026-6042", "https://nvd.nist.gov/vuln/detail/CVE-2026-6042", "https://vuldb.com/submit/796352", "https://vuldb.com/vuln/356620", "https://vuldb.com/vuln/356620/cti", "https://www.cve.org/CVERecord?id=CVE-2026-6042", "https://www.openwall.com/lists/oss-security/2026/04/02/10", "https://www.openwall.com/lists/oss-security/2026/04/03/2" ], "PublishedDate": "2026-04-10T09:16:25.45Z", "LastModifiedDate": "2026-04-24T18:01:13.913Z" }, { "VulnerabilityID": "CVE-2024-58251", "PkgID": "ssl_client@1.37.0-r18", "PkgName": "ssl_client", "PkgIdentifier": { "PURL": "pkg:apk/alpine/ssl_client@1.37.0-r18?arch=x86_64\u0026distro=3.22.1", "UID": "24ada6e59ed92743" }, "InstalledVersion": "1.37.0-r18", "FixedVersion": "1.37.0-r20", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:15c92ce5a74bb7a59425d44219a60c1c6ea4c0ff6b635fe2a79a092c62b5c796", "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", "Severity": "MEDIUM", "CweIDs": [ "CWE-150" ], "VendorSeverity": { "ubuntu": 2 }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/23/6", "https://bugs.busybox.net/show_bug.cgi?id=15922", "https://www.busybox.net", "https://www.busybox.net/downloads/", "https://www.cve.org/CVERecord?id=CVE-2024-58251" ], "PublishedDate": "2025-04-23T18:16:03.057Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2026-22184", "PkgID": "zlib@1.3.1-r2", "PkgName": "zlib", "PkgIdentifier": { "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.22.1", "UID": "23095b6210429e11" }, "InstalledVersion": "1.3.1-r2", "FixedVersion": "1.3.2-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22184", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:9bdeaa0429925c6452a5666724fa1b346c9849288a1ccfe48e1c9735c2a25e20", "Title": "zlib: zlib: Arbitrary code execution via buffer overflow in untgz utility", "Description": "zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "nvd": 3, "redhat": 3 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "V3Score": 8.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-22184", "https://github.com/madler/zlib", "https://github.com/madler/zlib/issues/1142", "https://nvd.nist.gov/vuln/detail/CVE-2026-22184", "https://seclists.org/fulldisclosure/2026/Jan/3", "https://www.cve.org/CVERecord?id=CVE-2026-22184", "https://www.vulncheck.com/advisories/zlib-untgz-global-buffer-overflow-in-tgzfname", "https://zlib.net/" ], "PublishedDate": "2026-01-07T21:16:01.563Z", "LastModifiedDate": "2026-03-18T16:26:31.14Z" }, { "VulnerabilityID": "CVE-2026-27171", "PkgID": "zlib@1.3.1-r2", "PkgName": "zlib", "PkgIdentifier": { "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.22.1", "UID": "23095b6210429e11" }, "InstalledVersion": "1.3.1-r2", "FixedVersion": "1.3.2-r0", "Status": "fixed", "Layer": { "Digest": "sha256:9824c27679d3b27c5e1cb00a73adb6f4f8d556994111c12db3c5d61a0c843df8", "DiffID": "sha256:418dccb7d85a63a6aa574439840f7a6fa6fd2321b3e2394568a317735e867d35" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27171", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:c528dfd0dc55341f7129afe8e9a623d31bd13987bd9cbb79d60565431764efa1", "Title": "zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions", "Description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", "Severity": "MEDIUM", "CweIDs": [ "CWE-1284" ], "VendorSeverity": { "amazon": 1, "azure": 1, "cbl-mariner": 1, "julia": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 2.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit", "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", "https://access.redhat.com/security/cve/CVE-2026-27171", "https://github.com/advisories/GHSA-h858-mf2m-8jf4", "https://github.com/madler/zlib/issues/904", "https://github.com/madler/zlib/releases/tag/v1.3.2", "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", "https://ostif.org/zlib-audit-complete", "https://ostif.org/zlib-audit-complete/", "https://www.cve.org/CVERecord?id=CVE-2026-27171" ], "PublishedDate": "2026-02-18T04:16:01.263Z", "LastModifiedDate": "2026-03-25T21:27:04.603Z" } ] }, { "Target": "app/ssh_locker_web", "Class": "lang-pkgs", "Type": "gobinary", "Packages": [ { "ID": "stdlib@v1.24.7", "Name": "stdlib", "Identifier": { "PURL": "pkg:golang/stdlib@v1.24.7", "UID": "5eb25d5de04fe642" }, "Version": "v1.24.7", "Relationship": "direct", "Layer": { "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/duosecurity/duo_universal_golang@v1.1.0", "Name": "github.com/duosecurity/duo_universal_golang", "Identifier": { "PURL": "pkg:golang/github.com/duosecurity/duo_universal_golang@v1.1.0", "UID": "8b052f2b96fcf7ca" }, "Version": "v1.1.0", "Layer": { "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/lestrrat-go/backoff/v2@v2.0.8", "Name": "github.com/lestrrat-go/backoff/v2", "Identifier": { "PURL": "pkg:golang/github.com/lestrrat-go/backoff/v2@v2.0.8", "UID": "1a88fd448f268369" }, "Version": "v2.0.8", "Layer": { "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/lestrrat-go/blackmagic@v1.0.2", "Name": "github.com/lestrrat-go/blackmagic", "Identifier": { "PURL": "pkg:golang/github.com/lestrrat-go/blackmagic@v1.0.2", "UID": "3e760dc12695d535" }, "Version": "v1.0.2", "Layer": { "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/lestrrat-go/httpcc@v1.0.1", "Name": "github.com/lestrrat-go/httpcc", "Identifier": { "PURL": "pkg:golang/github.com/lestrrat-go/httpcc@v1.0.1", "UID": "f2110ad84bec7b9e" }, "Version": "v1.0.1", "Layer": { "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/lestrrat-go/iter@v1.0.2", "Name": "github.com/lestrrat-go/iter", "Identifier": { "PURL": "pkg:golang/github.com/lestrrat-go/iter@v1.0.2", "UID": "8aab4823e5a3d472" }, "Version": "v1.0.2", "Layer": { "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/lestrrat-go/jwx@v1.2.29", "Name": "github.com/lestrrat-go/jwx", "Identifier": { "PURL": "pkg:golang/github.com/lestrrat-go/jwx@v1.2.29", "UID": "bf90cce98483088" }, "Version": "v1.2.29", "Layer": { "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/lestrrat-go/option@v1.0.1", "Name": "github.com/lestrrat-go/option", "Identifier": { "PURL": "pkg:golang/github.com/lestrrat-go/option@v1.0.1", "UID": "5dfbf0265d50f6f9" }, "Version": "v1.0.1", "Layer": { "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/pkg/errors@v0.9.1", "Name": "github.com/pkg/errors", "Identifier": { "PURL": "pkg:golang/github.com/pkg/errors@v0.9.1", "UID": "b368c6aa19b24d50" }, "Version": "v0.9.1", "Layer": { "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/crypto@v0.36.0", "Name": "golang.org/x/crypto", "Identifier": { "PURL": "pkg:golang/golang.org/x/crypto@v0.36.0", "UID": "c9f475005b164875" }, "Version": "v0.36.0", "Layer": { "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" }, "AnalyzedBy": "gobinary" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2025-47914", "VendorIDs": [ "GHSA-f6x5-jh6r-wrfv" ], "PkgID": "golang.org/x/crypto@v0.36.0", "PkgName": "golang.org/x/crypto", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/crypto@v0.36.0", "UID": "c9f475005b164875" }, "InstalledVersion": "v0.36.0", "FixedVersion": "0.45.0", "Status": "fixed", "Layer": { "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47914", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:92940da5a35050942b7ae9adc4ce46c4ea6fae834c71dcc153ff6d169a340a8f", "Title": "golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages", "Description": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "amazon": 2, "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-47914", "https://go.dev/cl/721960", "https://go.dev/issue/76364", "https://go.googlesource.com/crypto", "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA", "https://nvd.nist.gov/vuln/detail/CVE-2025-47914", "https://pkg.go.dev/vuln/GO-2025-4135", "https://www.cve.org/CVERecord?id=CVE-2025-47914" ], "PublishedDate": "2025-11-19T21:15:50.517Z", "LastModifiedDate": "2025-12-11T19:36:41.373Z" }, { "VulnerabilityID": "CVE-2025-58181", "VendorIDs": [ "GHSA-j5w8-q4qc-rx2x" ], "PkgID": "golang.org/x/crypto@v0.36.0", "PkgName": "golang.org/x/crypto", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/crypto@v0.36.0", "UID": "c9f475005b164875" }, "InstalledVersion": "v0.36.0", "FixedVersion": "0.45.0", "Status": "fixed", "Layer": { "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58181", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:9449f4bb7b173d45f1d34f59a7fc267edc463aee63a098b50a435f10f3d3fa90", "Title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication", "Description": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 2, "ghsa": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-58181", "https://github.com/golang/crypto/commit/e79546e28b85ea53dd37afe1c4102746ef553b9c", "https://github.com/golang/go/issues/76363", "https://go.dev/cl/721961", "https://go.dev/issue/76363", "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA", "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA?pli=1", "https://nvd.nist.gov/vuln/detail/CVE-2025-58181", "https://pkg.go.dev/vuln/GO-2025-4134", "https://ubuntu.com/security/notices/USN-7956-1", "https://www.cve.org/CVERecord?id=CVE-2025-58181" ], "PublishedDate": "2025-11-19T21:15:50.85Z", "LastModifiedDate": "2025-12-11T19:29:24.9Z" }, { "VulnerabilityID": "CVE-2025-68121", "VendorIDs": [ "GO-2026-4337" ], "PkgID": "stdlib@v1.24.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.7", "UID": "5eb25d5de04fe642" }, "InstalledVersion": "v1.24.7", "FixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3", "Status": "fixed", "Layer": { "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68121", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c80ffe4a7f349cfe1135a70ffbcfc78c5433368c81b6a19de477c9338c4779cb", "Title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption", "Description": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.", "Severity": "CRITICAL", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 4, "cbl-mariner": 2, "nvd": 4, "oracle-oval": 3, "photon": 4, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "V3Score": 10 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "V3Score": 10 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4177", "https://access.redhat.com/security/cve/CVE-2025-68121", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-4177.html", "https://errata.rockylinux.org/RLSA-2026:4177", "https://github.com/golang/go/issues/77113", "https://go.dev/cl/737700", "https://go.dev/issue/77217", "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-68121.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-68121", "https://pkg.go.dev/vuln/GO-2026-4337", "https://www.cve.org/CVERecord?id=CVE-2025-68121" ], "PublishedDate": "2026-02-05T18:16:10.857Z", "LastModifiedDate": "2026-04-29T14:16:16.17Z" }, { "VulnerabilityID": "CVE-2025-61726", "VendorIDs": [ "GO-2026-4341" ], "PkgID": "stdlib@v1.24.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.7", "UID": "5eb25d5de04fe642" }, "InstalledVersion": "v1.24.7", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61726", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f5555ddfc5245ca9f92a34fbef2c10b119696474fc3ba31084551beddedae685", "Title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url", "Description": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 3, "cbl-mariner": 2, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4177", "https://access.redhat.com/security/cve/CVE-2025-61726", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-4177.html", "https://errata.rockylinux.org/RLSA-2026:4177", "https://go.dev/cl/736712", "https://go.dev/issue/77101", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-61726.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61726", "https://pkg.go.dev/vuln/GO-2026-4341", "https://www.cve.org/CVERecord?id=CVE-2025-61726" ], "PublishedDate": "2026-01-28T20:16:09.713Z", "LastModifiedDate": "2026-02-06T18:47:34.52Z" }, { "VulnerabilityID": "CVE-2025-61729", "VendorIDs": [ "GO-2025-4155" ], "PkgID": "stdlib@v1.24.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.7", "UID": "5eb25d5de04fe642" }, "InstalledVersion": "v1.24.7", "FixedVersion": "1.24.11, 1.25.5", "Status": "fixed", "Layer": { "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61729", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:6490541b11fdac99b886be4caa7501a36d53e65b9036907cad93e933ebc5abba", "Title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate", "Description": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 1, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:3928", "https://access.redhat.com/security/cve/CVE-2025-61729", "https://bugzilla.redhat.com/2418462", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-3928.html", "https://errata.rockylinux.org/RLSA-2026:3928", "https://go.dev/cl/725920", "https://go.dev/issue/76445", "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "https://linux.oracle.com/cve/CVE-2025-61729.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61729", "https://pkg.go.dev/vuln/GO-2025-4155", "https://www.cve.org/CVERecord?id=CVE-2025-61729" ], "PublishedDate": "2025-12-02T19:15:51.447Z", "LastModifiedDate": "2025-12-19T18:25:28.283Z" }, { "VulnerabilityID": "CVE-2026-25679", "VendorIDs": [ "GO-2026-4601" ], "PkgID": "stdlib@v1.24.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.7", "UID": "5eb25d5de04fe642" }, "InstalledVersion": "v1.24.7", "FixedVersion": "1.25.8, 1.26.1", "Status": "fixed", "Layer": { "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25679", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:341f8e3b29fae111036b264ed7943095c1e15f8bda6189c353bdfbd4d6a8cd15", "Title": "net/url: Incorrect parsing of IPv6 host literals in net/url", "Description": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.", "Severity": "HIGH", "CweIDs": [ "CWE-425" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:9044", "https://access.redhat.com/security/cve/CVE-2026-25679", "https://bugzilla.redhat.com/2445356", "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", "https://errata.almalinux.org/9/ALSA-2026-9044.html", "https://errata.rockylinux.org/RLSA-2026:8841", "https://go.dev/cl/752180", "https://go.dev/issue/77578", "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "https://linux.oracle.com/cve/CVE-2026-25679.html", "https://linux.oracle.com/errata/ELSA-2026-9044.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", "https://pkg.go.dev/vuln/GO-2026-4601", "https://www.cve.org/CVERecord?id=CVE-2026-25679" ], "PublishedDate": "2026-03-06T22:16:00.72Z", "LastModifiedDate": "2026-04-21T14:43:03.8Z" }, { "VulnerabilityID": "CVE-2026-32280", "VendorIDs": [ "GO-2026-4947" ], "PkgID": "stdlib@v1.24.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.7", "UID": "5eb25d5de04fe642" }, "InstalledVersion": "v1.24.7", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:41d5cb96588041456d35afe8b1c33971e5aef669a80087a0f184abe7c7613f1c", "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32280", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/758320", "https://go.dev/issue/78282", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32280.html", "https://linux.oracle.com/errata/ELSA-2026-16875.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", "https://pkg.go.dev/vuln/GO-2026-4947", "https://www.cve.org/CVERecord?id=CVE-2026-32280" ], "PublishedDate": "2026-04-08T02:16:03.247Z", "LastModifiedDate": "2026-04-16T19:16:42.18Z" }, { "VulnerabilityID": "CVE-2026-32281", "VendorIDs": [ "GO-2026-4946" ], "PkgID": "stdlib@v1.24.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.7", "UID": "5eb25d5de04fe642" }, "InstalledVersion": "v1.24.7", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:01696719d498ea82d89a4f44a0f8271c0fac9b05734f643cff7a7215761dc6dd", "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32281", "https://go.dev/cl/758061", "https://go.dev/issue/78281", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", "https://pkg.go.dev/vuln/GO-2026-4946", "https://www.cve.org/CVERecord?id=CVE-2026-32281" ], "PublishedDate": "2026-04-08T02:16:03.35Z", "LastModifiedDate": "2026-04-16T19:15:57.75Z" }, { "VulnerabilityID": "CVE-2026-32283", "VendorIDs": [ "GO-2026-4870" ], "PkgID": "stdlib@v1.24.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.7", "UID": "5eb25d5de04fe642" }, "InstalledVersion": "v1.24.7", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:34d9088de69c5531e3507b47c34fc8bff8e87a2d1987f4363ca643f3473dc7c6", "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "nvd": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32283", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763767", "https://go.dev/issue/78334", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32283.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", "https://pkg.go.dev/vuln/GO-2026-4870", "https://www.cve.org/CVERecord?id=CVE-2026-32283" ], "PublishedDate": "2026-04-08T02:16:03.58Z", "LastModifiedDate": "2026-04-16T19:12:10.54Z" }, { "VulnerabilityID": "CVE-2026-33811", "VendorIDs": [ "GO-2026-4981" ], "PkgID": "stdlib@v1.24.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.7", "UID": "5eb25d5de04fe642" }, "InstalledVersion": "v1.24.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:466025c6b3bba9a0133d30c703c7bf6beb197ca0383c93c5b5dc87480fe5169e", "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", "Severity": "HIGH", "CweIDs": [ "CWE-415" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/767860", "https://go.dev/issue/78803", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", "https://pkg.go.dev/vuln/GO-2026-4981" ], "PublishedDate": "2026-05-07T20:16:42.77Z", "LastModifiedDate": "2026-05-12T20:23:02.333Z" }, { "VulnerabilityID": "CVE-2026-33814", "VendorIDs": [ "GO-2026-4918" ], "PkgID": "stdlib@v1.24.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.7", "UID": "5eb25d5de04fe642" }, "InstalledVersion": "v1.24.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:e9d43c45c41b019b44509e38a585affdc1cdb31740bf4ac7b1d87c119f33acb0", "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", "Severity": "HIGH", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/761581", "https://go.dev/cl/761640", "https://go.dev/issue/78476", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", "https://pkg.go.dev/vuln/GO-2026-4918" ], "PublishedDate": "2026-05-07T20:16:42.88Z", "LastModifiedDate": "2026-05-13T14:41:59.52Z" }, { "VulnerabilityID": "CVE-2026-39820", "VendorIDs": [ "GO-2026-4986" ], "PkgID": "stdlib@v1.24.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.7", "UID": "5eb25d5de04fe642" }, "InstalledVersion": "v1.24.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:114ebaa4933fa422bcc494d043388fbf74173c76241a7cc339ff0a096d85b3e5", "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/759940", "https://go.dev/issue/78566", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", "https://pkg.go.dev/vuln/GO-2026-4986" ], "PublishedDate": "2026-05-07T20:16:43.187Z", "LastModifiedDate": "2026-05-13T15:10:58.65Z" }, { "VulnerabilityID": "CVE-2026-39836", "VendorIDs": [ "GO-2026-4971" ], "PkgID": "stdlib@v1.24.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.7", "UID": "5eb25d5de04fe642" }, "InstalledVersion": "v1.24.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:d9850383b5d1a0ad019f696fd66d679afa421b427920aac2118db0053d42645d", "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/775320", "https://go.dev/issue/79006", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", "https://pkg.go.dev/vuln/GO-2026-4971" ], "PublishedDate": "2026-05-07T20:16:43.593Z", "LastModifiedDate": "2026-05-13T15:11:10.31Z" }, { "VulnerabilityID": "CVE-2026-42499", "VendorIDs": [ "GO-2026-4977" ], "PkgID": "stdlib@v1.24.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.7", "UID": "5eb25d5de04fe642" }, "InstalledVersion": "v1.24.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:ab36926b06724a69e6c99a17179945abfecd4e6699b863236b263001857767c9", "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", "Severity": "HIGH", "VendorSeverity": { "bitnami": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/771520", "https://go.dev/issue/78987", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", "https://pkg.go.dev/vuln/GO-2026-4977" ], "PublishedDate": "2026-05-07T20:16:44.54Z", "LastModifiedDate": "2026-05-13T16:59:17.563Z" }, { "VulnerabilityID": "CVE-2025-47912", "VendorIDs": [ "GO-2025-4010" ], "PkgID": "stdlib@v1.24.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.7", "UID": "5eb25d5de04fe642" }, "InstalledVersion": "v1.24.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47912", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:1b1c761f6cd7142adf931cccaa50028cf1eac796f5b6723ad46639a8c03c3301", "Title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url", "Description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-47912", "https://go.dev/cl/709857", "https://go.dev/issue/75678", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-47912", "https://pkg.go.dev/vuln/GO-2025-4010", "https://www.cve.org/CVERecord?id=CVE-2025-47912" ], "PublishedDate": "2025-10-29T23:16:18.187Z", "LastModifiedDate": "2026-01-29T13:57:18.69Z" }, { "VulnerabilityID": "CVE-2025-58183", "VendorIDs": [ "GO-2025-4014" ], "PkgID": "stdlib@v1.24.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.7", "UID": "5eb25d5de04fe642" }, "InstalledVersion": "v1.24.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58183", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:d82b0a3ef96c490902bdfa83360ca029df06643dc3b453caf9bd6c0d0b1a119a", "Title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map", "Description": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/errata/RHSA-2026:1381", "https://access.redhat.com/security/cve/CVE-2025-58183", "https://bugzilla.redhat.com/2407258", "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", "https://errata.almalinux.org/9/ALSA-2026-1381.html", "https://errata.rockylinux.org/RLSA-2025:23326", "https://go.dev/cl/709861", "https://go.dev/issue/75677", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://linux.oracle.com/cve/CVE-2025-58183.html", "https://linux.oracle.com/errata/ELSA-2026-50076.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-58183", "https://pkg.go.dev/vuln/GO-2025-4014", "https://www.cve.org/CVERecord?id=CVE-2025-58183" ], "PublishedDate": "2025-10-29T23:16:19.357Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-58185", "VendorIDs": [ "GO-2025-4011" ], "PkgID": "stdlib@v1.24.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.7", "UID": "5eb25d5de04fe642" }, "InstalledVersion": "v1.24.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58185", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c07a7bf98db73ee435819ca7d3d5b962d76fe60d9ba24f0c2e03fafa69bb4bfa", "Title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1", "Description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58185", "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd", "https://go.dev/cl/709856", "https://go.dev/issue/75671", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58185", "https://pkg.go.dev/vuln/GO-2025-4011", "https://www.cve.org/CVERecord?id=CVE-2025-58185" ], "PublishedDate": "2025-10-29T23:16:19.45Z", "LastModifiedDate": "2026-02-06T20:26:41.997Z" }, { "VulnerabilityID": "CVE-2025-58187", "VendorIDs": [ "GO-2025-4007" ], "PkgID": "stdlib@v1.24.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.7", "UID": "5eb25d5de04fe642" }, "InstalledVersion": "v1.24.7", "FixedVersion": "1.24.9, 1.25.3", "Status": "fixed", "Layer": { "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58187", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:aec2a9a5f142e0eb1feda9b5e33c019fbc83332a1b01ccce34a5e6ef8f3d2e0f", "Title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509", "Description": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.", "Severity": "MEDIUM", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58187", "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4", "https://go.dev/cl/709854", "https://go.dev/issue/75681", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58187", "https://pkg.go.dev/vuln/GO-2025-4007", "https://www.cve.org/CVERecord?id=CVE-2025-58187" ], "PublishedDate": "2025-10-29T23:16:19.643Z", "LastModifiedDate": "2026-01-29T16:02:27.08Z" }, { "VulnerabilityID": "CVE-2025-58188", "VendorIDs": [ "GO-2025-4013" ], "PkgID": "stdlib@v1.24.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.7", "UID": "5eb25d5de04fe642" }, "InstalledVersion": "v1.24.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58188", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:066f191d4714b932eef3672ad02cc6fad8252671d6263743021b5233f78ffaa8", "Title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509", "Description": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58188", "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9", "https://go.dev/cl/709853", "https://go.dev/issue/75675", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58188", "https://pkg.go.dev/vuln/GO-2025-4013", "https://www.cve.org/CVERecord?id=CVE-2025-58188" ], "PublishedDate": "2025-10-29T23:16:19.74Z", "LastModifiedDate": "2026-01-29T15:55:11.97Z" }, { "VulnerabilityID": "CVE-2025-58189", "VendorIDs": [ "GO-2025-4008" ], "PkgID": "stdlib@v1.24.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.7", "UID": "5eb25d5de04fe642" }, "InstalledVersion": "v1.24.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58189", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f259a05fa81b188a72724a523767311fa9a161c8897bbcca0f766604577cf6f1", "Title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information", "Description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", "Severity": "MEDIUM", "CweIDs": [ "CWE-532" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58189", "https://go.dev/cl/707776", "https://go.dev/issue/75652", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58189", "https://pkg.go.dev/vuln/GO-2025-4008", "https://www.cve.org/CVERecord?id=CVE-2025-58189" ], "PublishedDate": "2025-10-29T23:16:19.833Z", "LastModifiedDate": "2026-01-29T15:49:24.543Z" }, { "VulnerabilityID": "CVE-2025-61723", "VendorIDs": [ "GO-2025-4009" ], "PkgID": "stdlib@v1.24.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.7", "UID": "5eb25d5de04fe642" }, "InstalledVersion": "v1.24.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61723", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3d195901c8d008c8e4f7383d6ddec9a51aa3e87b522a947bfa2c7a633ef0e361", "Title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem", "Description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61723", "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b", "https://go.dev/cl/709858", "https://go.dev/issue/75676", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61723", "https://pkg.go.dev/vuln/GO-2025-4009", "https://www.cve.org/CVERecord?id=CVE-2025-61723" ], "PublishedDate": "2025-10-29T23:16:19.927Z", "LastModifiedDate": "2026-01-29T15:49:05.343Z" }, { "VulnerabilityID": "CVE-2025-61724", "VendorIDs": [ "GO-2025-4015" ], "PkgID": "stdlib@v1.24.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.7", "UID": "5eb25d5de04fe642" }, "InstalledVersion": "v1.24.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61724", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:9ae639f9cc9fcf128f63fc376dfd256a38eb8cec9df0d1b190065886d7c1c7f0", "Title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto", "Description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61724", "https://go.dev/cl/709859", "https://go.dev/issue/75716", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61724", "https://pkg.go.dev/vuln/GO-2025-4015", "https://www.cve.org/CVERecord?id=CVE-2025-61724" ], "PublishedDate": "2025-10-29T23:16:20.02Z", "LastModifiedDate": "2026-01-29T15:30:53.69Z" }, { "VulnerabilityID": "CVE-2025-61725", "VendorIDs": [ "GO-2025-4006" ], "PkgID": "stdlib@v1.24.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.7", "UID": "5eb25d5de04fe642" }, "InstalledVersion": "v1.24.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61725", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3efc70e7c3b0b8adf0b6def5c7c74fb3d2624015ecdf9b78ae4c0ab3c33cee81", "Title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail", "Description": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61725", "https://go.dev/cl/709860", "https://go.dev/issue/75680", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61725", "https://pkg.go.dev/vuln/GO-2025-4006", "https://www.cve.org/CVERecord?id=CVE-2025-61725" ], "PublishedDate": "2025-10-29T23:16:20.113Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-61727", "VendorIDs": [ "GO-2025-4175" ], "PkgID": "stdlib@v1.24.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.7", "UID": "5eb25d5de04fe642" }, "InstalledVersion": "v1.24.7", "FixedVersion": "1.24.11, 1.25.5", "Status": "fixed", "Layer": { "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61727", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:65443e0da89046060a66005167f1bc68401c8ffd03ce618cd4246a21e7c3e47b", "Title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs", "Description": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-61727", "https://go.dev/cl/723900", "https://go.dev/issue/76442", "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "https://nvd.nist.gov/vuln/detail/CVE-2025-61727", "https://pkg.go.dev/vuln/GO-2025-4175", "https://www.cve.org/CVERecord?id=CVE-2025-61727" ], "PublishedDate": "2025-12-03T20:16:25.607Z", "LastModifiedDate": "2025-12-18T20:15:10.957Z" }, { "VulnerabilityID": "CVE-2025-61728", "VendorIDs": [ "GO-2026-4342" ], "PkgID": "stdlib@v1.24.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.7", "UID": "5eb25d5de04fe642" }, "InstalledVersion": "v1.24.7", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61728", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:eba964b78007e547afb5f22936489a612330d99c7fba09a06295c4456bd751b6", "Title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip", "Description": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/15/4", "https://access.redhat.com/errata/RHSA-2026:3753", "https://access.redhat.com/security/cve/CVE-2025-61728", "https://bugzilla.redhat.com/2418462", "https://bugzilla.redhat.com/2434431", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", "https://bugzilla.redhat.com/show_bug.cgi?id=2434431", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-3753.html", "https://errata.rockylinux.org/RLSA-2026:3337", "https://go.dev/cl/736713", "https://go.dev/issue/77102", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-61728.html", "https://linux.oracle.com/errata/ELSA-2026-4672.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61728", "https://pkg.go.dev/vuln/GO-2026-4342", "https://www.cve.org/CVERecord?id=CVE-2025-61728" ], "PublishedDate": "2026-01-28T20:16:09.83Z", "LastModifiedDate": "2026-02-06T18:45:10.42Z" }, { "VulnerabilityID": "CVE-2025-61730", "VendorIDs": [ "GO-2026-4340" ], "PkgID": "stdlib@v1.24.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.7", "UID": "5eb25d5de04fe642" }, "InstalledVersion": "v1.24.7", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61730", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f22a64189fa4a03d0a2897f88a3da7c712869aa8e6a37d2cd397f6d6f31a7aaa", "Title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls", "Description": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 2, "azure": 1, "bitnami": 2, "cbl-mariner": 1, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-61730", "https://go.dev/cl/724120", "https://go.dev/issue/76443", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://nvd.nist.gov/vuln/detail/CVE-2025-61730", "https://pkg.go.dev/vuln/GO-2026-4340", "https://www.cve.org/CVERecord?id=CVE-2025-61730" ], "PublishedDate": "2026-01-28T20:16:09.94Z", "LastModifiedDate": "2026-02-03T20:36:41.3Z" }, { "VulnerabilityID": "CVE-2026-27142", "VendorIDs": [ "GO-2026-4603" ], "PkgID": "stdlib@v1.24.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.7", "UID": "5eb25d5de04fe642" }, "InstalledVersion": "v1.24.7", "FixedVersion": "1.25.8, 1.26.1", "Status": "fixed", "Layer": { "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27142", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3639d4e64ee9df86f175f425b8a7883553c8b362c77abb51682e147b6a5f5023", "Title": "html/template: URLs in meta content attribute actions are not escaped in html/template", "Description": "Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27142", "https://go.dev/cl/752081", "https://go.dev/issue/77954", "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "https://nvd.nist.gov/vuln/detail/CVE-2026-27142", "https://pkg.go.dev/vuln/GO-2026-4603", "https://www.cve.org/CVERecord?id=CVE-2026-27142" ], "PublishedDate": "2026-03-06T22:16:01.177Z", "LastModifiedDate": "2026-04-21T14:30:01.38Z" }, { "VulnerabilityID": "CVE-2026-32282", "VendorIDs": [ "GO-2026-4864" ], "PkgID": "stdlib@v1.24.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.7", "UID": "5eb25d5de04fe642" }, "InstalledVersion": "v1.24.7", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:cf38063c621e725f10127aa9b81806a4231b1883e7133e9f4ff1bd28c82aa3ce", "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32282", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763761", "https://go.dev/issue/78293", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32282.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", "https://pkg.go.dev/vuln/GO-2026-4864", "https://www.cve.org/CVERecord?id=CVE-2026-32282" ], "PublishedDate": "2026-04-08T02:16:03.467Z", "LastModifiedDate": "2026-04-16T19:15:39.4Z" }, { "VulnerabilityID": "CVE-2026-32288", "VendorIDs": [ "GO-2026-4869" ], "PkgID": "stdlib@v1.24.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.7", "UID": "5eb25d5de04fe642" }, "InstalledVersion": "v1.24.7", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:08e961bc0029ace81311301e96c597fbcb0ba4d5ac532cff55f06cad01f40156", "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "azure": 2, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32288", "https://go.dev/cl/763766", "https://go.dev/issue/78301", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", "https://pkg.go.dev/vuln/GO-2026-4869", "https://www.cve.org/CVERecord?id=CVE-2026-32288" ], "PublishedDate": "2026-04-08T02:16:03.707Z", "LastModifiedDate": "2026-04-16T19:08:52.24Z" }, { "VulnerabilityID": "CVE-2026-32289", "VendorIDs": [ "GO-2026-4865" ], "PkgID": "stdlib@v1.24.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.7", "UID": "5eb25d5de04fe642" }, "InstalledVersion": "v1.24.7", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:52866a306ed5c966211b322f6182121368b03b89fedd234c5cb19584a6031a25", "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32289", "https://go.dev/cl/763762", "https://go.dev/issue/78331", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", "https://pkg.go.dev/vuln/GO-2026-4865", "https://www.cve.org/CVERecord?id=CVE-2026-32289" ], "PublishedDate": "2026-04-08T02:16:03.82Z", "LastModifiedDate": "2026-04-16T19:06:57.367Z" }, { "VulnerabilityID": "CVE-2026-39823", "VendorIDs": [ "GO-2026-4982" ], "PkgID": "stdlib@v1.24.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.7", "UID": "5eb25d5de04fe642" }, "InstalledVersion": "v1.24.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:6186520bf092fae88ce974a7344e33a071d8744e2e5a313d8f10e8c498f03963", "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/769920", "https://go.dev/issue/78913", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", "https://pkg.go.dev/vuln/GO-2026-4982" ], "PublishedDate": "2026-05-07T20:16:43.29Z", "LastModifiedDate": "2026-05-13T16:58:45.697Z" }, { "VulnerabilityID": "CVE-2026-39825", "VendorIDs": [ "GO-2026-4976" ], "PkgID": "stdlib@v1.24.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.7", "UID": "5eb25d5de04fe642" }, "InstalledVersion": "v1.24.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b9a3600f8e120416bef05de29f59ee6f6ef927def7542fc8fbb0603015792636", "Title": "ReverseProxy can forward queries containing parameters not visible to ...", "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", "Severity": "MEDIUM", "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://go.dev/cl/770541", "https://go.dev/issue/78948", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", "https://pkg.go.dev/vuln/GO-2026-4976" ], "PublishedDate": "2026-05-07T20:16:43.39Z", "LastModifiedDate": "2026-05-13T16:58:56.39Z" }, { "VulnerabilityID": "CVE-2026-39826", "VendorIDs": [ "GO-2026-4980" ], "PkgID": "stdlib@v1.24.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.7", "UID": "5eb25d5de04fe642" }, "InstalledVersion": "v1.24.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:53f0b1468c0707cb6a3e2c17da82c1fd947eb8d42af960a098f92827aa25f19e", "DiffID": "sha256:2499a7989a3c59a7844e65cb972809d9ed3b1c848d3349b3fa0ba286d896df30" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:379a84a81ef17fc8e502e03675cd976ac6471570121993bb483b8625b06894f1", "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", "Severity": "MEDIUM", "CweIDs": [ "CWE-116" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/771180", "https://go.dev/issue/78981", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", "https://pkg.go.dev/vuln/GO-2026-4980" ], "PublishedDate": "2026-05-07T20:16:43.49Z", "LastModifiedDate": "2026-05-13T16:59:07.48Z" } ] } ] }, { "Namespace": "website", "Kind": "Deployment", "Name": "website-app", "Metadata": [ { "Size": 63648256, "OS": { "Family": "alpine", "Name": "3.23.4" }, "ImageID": "sha256:a5e688db1e7424e08d0ff019d3c9962f2f6ceef71ca53227b06fe8ec7b47ed35", "DiffIDs": [ "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1", "sha256:5c5807454fd20888bebec1e53ba39804c582db55e8273de961a6c8b96c68e5c8", "sha256:a1de419deb2439bf43af32ecd89cbdf0ca2aaa6faacf582011c37b5201a532e7", "sha256:ad5fa0a24cd87e37fb848811a92c2a08f294e35e0cf5da9c1869b6c91a076505", "sha256:6f189167f676fd6d05ce1e4077551cd67098c61e7e6a74ef470628be9a811b48", "sha256:6b7f4e280528c3a7b1708bb91457637bbe8067349b8237c0a74e21e81bdf9ac0", "sha256:ffd61943588a7a1e97a432e5c4e60e10844afe2933a16a32c14d8fdf5f3c5b32", "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" ], "RepoTags": [ "nginx:stable-alpine" ], "RepoDigests": [ "nginx@sha256:c819f83c54b0361f5557601bf5eb4943d09360e7a7fdf426afc466570f45874d" ], "Reference": "nginx:stable-alpine", "ImageConfig": { "architecture": "amd64", "created": "2026-05-19T21:17:45.223455148Z", "history": [ { "created": "2026-04-15T20:01:40.139676757Z", "created_by": "ADD alpine-minirootfs-3.23.4-x86_64.tar.gz / # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-04-15T20:01:40.139676757Z", "created_by": "CMD [\"/bin/sh\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-19T20:15:20.614381563Z", "created_by": "LABEL maintainer=NGINX Docker Maintainers \u003cdocker-maint@nginx.com\u003e", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-19T20:15:20.614381563Z", "created_by": "ENV NGINX_VERSION=1.30.1", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-19T20:15:20.614381563Z", "created_by": "ENV PKG_RELEASE=1", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-19T20:15:20.614381563Z", "created_by": "ENV DYNPKG_RELEASE=1", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-19T20:15:20.614381563Z", "created_by": "RUN /bin/sh -c set -x \u0026\u0026 addgroup -g 101 -S nginx \u0026\u0026 adduser -S -D -H -u 101 -h /var/cache/nginx -s /sbin/nologin -G nginx -g nginx nginx \u0026\u0026 apkArch=\"$(cat /etc/apk/arch)\" \u0026\u0026 nginxPackages=\" nginx=${NGINX_VERSION}-r${PKG_RELEASE} \" \u0026\u0026 apk add --no-cache --virtual .checksum-deps openssl \u0026\u0026 case \"$apkArch\" in x86_64|aarch64) set -x \u0026\u0026 KEY_SHA512=\"e09fa32f0a0eab2b879ccbbc4d0e4fb9751486eedda75e35fac65802cc9faa266425edf83e261137a2f4d16281ce2c1a5f4502930fe75154723da014214f0655\" \u0026\u0026 wget -O /tmp/nginx_signing.rsa.pub https://nginx.org/keys/nginx_signing.rsa.pub \u0026\u0026 if echo \"$KEY_SHA512 */tmp/nginx_signing.rsa.pub\" | sha512sum -c -; then echo \"key verification succeeded!\"; mv /tmp/nginx_signing.rsa.pub /etc/apk/keys/; else echo \"key verification failed!\"; exit 1; fi \u0026\u0026 DEPS=$(apk query --summarize depends --recursive --no-cache --repository \"@nginxorg https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\\.[0-9]+' /etc/alpine-release)/main\" ${nginxPackages/=/@nginxorg=}) \u0026\u0026 apk add --no-cache $DEPS \u0026\u0026 apk add --repositories-file /dev/null -X \"https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\\.[0-9]+' /etc/alpine-release)/main\" --no-cache $nginxPackages ;; *) set -x \u0026\u0026 tempDir=\"$(mktemp -d)\" \u0026\u0026 chown nobody:nobody $tempDir \u0026\u0026 apk add --no-cache --virtual .build-deps gcc libc-dev make openssl-dev pcre2-dev zlib-dev linux-headers bash alpine-sdk findutils curl \u0026\u0026 su nobody -s /bin/sh -c \" export HOME=${tempDir} \u0026\u0026 cd ${tempDir} \u0026\u0026 curl -f -L -O https://github.com/nginx/pkg-oss/archive/3fdb8a9a864e5680a1d432aab681e40b7e269bb4.tar.gz \u0026\u0026 PKGOSSCHECKSUM=\\\"83a117b77bf3f1ce7f227b75712766c1dec6bcfae0f1f87a9d522d1ef9b66a8ca550c3c0835b82e74e1242284be65126a1858a4fabd1dc9969ce8a7fd8e4681b *3fdb8a9a864e5680a1d432aab681e40b7e269bb4.tar.gz\\\" \u0026\u0026 if [ \\\"\\$(openssl sha512 -r 3fdb8a9a864e5680a1d432aab681e40b7e269bb4.tar.gz)\\\" = \\\"\\$PKGOSSCHECKSUM\\\" ]; then echo \\\"pkg-oss tarball checksum verification succeeded!\\\"; else echo \\\"pkg-oss tarball checksum verification failed!\\\"; exit 1; fi \u0026\u0026 tar xzvf 3fdb8a9a864e5680a1d432aab681e40b7e269bb4.tar.gz \u0026\u0026 cd pkg-oss-3fdb8a9a864e5680a1d432aab681e40b7e269bb4 \u0026\u0026 cd alpine \u0026\u0026 make base \u0026\u0026 apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \u0026\u0026 abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \" \u0026\u0026 cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \u0026\u0026 apk del --no-network .build-deps \u0026\u0026 DEPS=$(apk query --summarize depends --recursive --no-cache --repository \"@nginxorg ${tempDir}/packages/alpine/\" ${nginxPackages/=/@nginxorg=}) \u0026\u0026 apk add --no-cache $DEPS \u0026\u0026 apk add --repositories-file /dev/null -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages ;; esac \u0026\u0026 apk del --no-network .checksum-deps \u0026\u0026 if [ -n \"$tempDir\" ]; then rm -rf \"$tempDir\"; fi \u0026\u0026 if [ -f \"/etc/apk/keys/abuild-key.rsa.pub\" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \u0026\u0026 apk add --no-cache gettext-envsubst \u0026\u0026 apk add --no-cache tzdata \u0026\u0026 ln -sf /dev/stdout /var/log/nginx/access.log \u0026\u0026 ln -sf /dev/stderr /var/log/nginx/error.log \u0026\u0026 mkdir /docker-entrypoint.d # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-05-19T20:15:20.637067551Z", "created_by": "COPY docker-entrypoint.sh / # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-05-19T20:15:20.653413667Z", "created_by": "COPY 10-listen-on-ipv6-by-default.sh /docker-entrypoint.d # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-05-19T20:15:20.67373055Z", "created_by": "COPY 15-local-resolvers.envsh /docker-entrypoint.d # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-05-19T20:15:20.693399875Z", "created_by": "COPY 20-envsubst-on-templates.sh /docker-entrypoint.d # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-05-19T20:15:20.71218327Z", "created_by": "COPY 30-tune-worker-processes.sh /docker-entrypoint.d # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-05-19T20:15:20.71218327Z", "created_by": "ENTRYPOINT [\"/docker-entrypoint.sh\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-19T20:15:20.71218327Z", "created_by": "EXPOSE map[80/tcp:{}]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-19T20:15:20.71218327Z", "created_by": "STOPSIGNAL SIGQUIT", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-19T20:15:20.71218327Z", "created_by": "CMD [\"nginx\" \"-g\" \"daemon off;\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-19T21:17:45.223455148Z", "created_by": "ENV NJS_VERSION=0.9.9", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-19T21:17:45.223455148Z", "created_by": "ENV NJS_RELEASE=1", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-19T21:17:45.223455148Z", "created_by": "ENV ACME_VERSION=0.4.1", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-19T21:17:45.223455148Z", "created_by": "RUN /bin/sh -c set -x \u0026\u0026 apkArch=\"$(cat /etc/apk/arch)\" \u0026\u0026 nginxPackages=\" nginx=${NGINX_VERSION}-r${PKG_RELEASE} nginx-module-xslt=${NGINX_VERSION}-r${DYNPKG_RELEASE} nginx-module-geoip=${NGINX_VERSION}-r${DYNPKG_RELEASE} nginx-module-image-filter=${NGINX_VERSION}-r${DYNPKG_RELEASE} nginx-module-njs=${NGINX_VERSION}.${NJS_VERSION}-r${NJS_RELEASE} nginx-module-acme=${NGINX_VERSION}.${ACME_VERSION}-r${PKG_RELEASE} \" \u0026\u0026 apk add --no-cache --virtual .checksum-deps openssl \u0026\u0026 case \"$apkArch\" in x86_64|aarch64) apk add -X \"https://nginx.org/packages/alpine/v$(egrep -o '^[0-9]+\\.[0-9]+' /etc/alpine-release)/main\" --no-cache $nginxPackages ;; *) set -x \u0026\u0026 tempDir=\"$(mktemp -d)\" \u0026\u0026 chown nobody:nobody $tempDir \u0026\u0026 apk add --no-cache --virtual .build-deps gcc libc-dev make openssl-dev pcre2-dev zlib-dev linux-headers libxslt-dev gd-dev geoip-dev libedit-dev bash alpine-sdk findutils curl cargo clang-libclang \u0026\u0026 su nobody -s /bin/sh -c \" export HOME=${tempDir} \u0026\u0026 cd ${tempDir} \u0026\u0026 curl -f -L -O https://github.com/nginx/pkg-oss/archive/3fdb8a9a864e5680a1d432aab681e40b7e269bb4.tar.gz \u0026\u0026 PKGOSSCHECKSUM=\\\"83a117b77bf3f1ce7f227b75712766c1dec6bcfae0f1f87a9d522d1ef9b66a8ca550c3c0835b82e74e1242284be65126a1858a4fabd1dc9969ce8a7fd8e4681b *3fdb8a9a864e5680a1d432aab681e40b7e269bb4.tar.gz\\\" \u0026\u0026 if [ \\\"\\$(openssl sha512 -r 3fdb8a9a864e5680a1d432aab681e40b7e269bb4.tar.gz)\\\" = \\\"\\$PKGOSSCHECKSUM\\\" ]; then echo \\\"pkg-oss tarball checksum verification succeeded!\\\"; else echo \\\"pkg-oss tarball checksum verification failed!\\\"; exit 1; fi \u0026\u0026 tar xzvf 3fdb8a9a864e5680a1d432aab681e40b7e269bb4.tar.gz \u0026\u0026 cd pkg-oss-3fdb8a9a864e5680a1d432aab681e40b7e269bb4 \u0026\u0026 cd alpine \u0026\u0026 export BUILDTARGET=\\\"module-geoip module-image-filter module-njs module-xslt module-acme\\\" \u0026\u0026 if [ \\\"\\$(apk --print-arch)\\\" = \\\"armhf\\\" ]; then BUILDTARGET=\\\"\\$( echo \\$BUILDTARGET | sed 's,module-acme,,' )\\\"; fi \u0026\u0026 make \\$BUILDTARGET \u0026\u0026 apk index --allow-untrusted -o ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz ${tempDir}/packages/alpine/${apkArch}/*.apk \u0026\u0026 abuild-sign -k ${tempDir}/.abuild/abuild-key.rsa ${tempDir}/packages/alpine/${apkArch}/APKINDEX.tar.gz \" \u0026\u0026 cp ${tempDir}/.abuild/abuild-key.rsa.pub /etc/apk/keys/ \u0026\u0026 apk del --no-network .build-deps \u0026\u0026 if [ \"$apkArch\" = \"armhf\" ]; then nginxPackages=\"$( echo $nginxPackages | sed 's,nginx-module-acme=.*,,')\"; fi \u0026\u0026 apk add -X ${tempDir}/packages/alpine/ --no-cache $nginxPackages ;; esac \u0026\u0026 apk del --no-network .checksum-deps \u0026\u0026 if [ -n \"$tempDir\" ]; then rm -rf \"$tempDir\"; fi \u0026\u0026 if [ -f \"/etc/apk/keys/abuild-key.rsa.pub\" ]; then rm -f /etc/apk/keys/abuild-key.rsa.pub; fi \u0026\u0026 apk add --no-cache curl ca-certificates # buildkit", "comment": "buildkit.dockerfile.v0" } ], "os": "linux", "rootfs": { "type": "layers", "diff_ids": [ "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1", "sha256:5c5807454fd20888bebec1e53ba39804c582db55e8273de961a6c8b96c68e5c8", "sha256:a1de419deb2439bf43af32ecd89cbdf0ca2aaa6faacf582011c37b5201a532e7", "sha256:ad5fa0a24cd87e37fb848811a92c2a08f294e35e0cf5da9c1869b6c91a076505", "sha256:6f189167f676fd6d05ce1e4077551cd67098c61e7e6a74ef470628be9a811b48", "sha256:6b7f4e280528c3a7b1708bb91457637bbe8067349b8237c0a74e21e81bdf9ac0", "sha256:ffd61943588a7a1e97a432e5c4e60e10844afe2933a16a32c14d8fdf5f3c5b32", "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" ] }, "config": { "Cmd": [ "nginx", "-g", "daemon off;" ], "Entrypoint": [ "/docker-entrypoint.sh" ], "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "NGINX_VERSION=1.30.1", "PKG_RELEASE=1", "DYNPKG_RELEASE=1", "NJS_VERSION=0.9.9", "NJS_RELEASE=1", "ACME_VERSION=0.4.1" ], "Labels": { "maintainer": "NGINX Docker Maintainers \u003cdocker-maint@nginx.com\u003e" }, "WorkingDir": "/", "ExposedPorts": { "80/tcp": {} }, "StopSignal": "SIGQUIT" } }, "Layers": [ { "Size": 8732160, "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" }, { "Size": 4737536, "Digest": "sha256:2761f2b929073faf02088d1cd321e4cdd3134ccb2eb483426a89aa7a29d17031", "DiffID": "sha256:5c5807454fd20888bebec1e53ba39804c582db55e8273de961a6c8b96c68e5c8" }, { "Size": 3584, "Digest": "sha256:9819a9bca5c765aec514db7e90c3dee6d699c76a611b592d388629f4b0f665eb", "DiffID": "sha256:a1de419deb2439bf43af32ecd89cbdf0ca2aaa6faacf582011c37b5201a532e7" }, { "Size": 4608, "Digest": "sha256:9097b7c36bd7225e6e955ae7f0a02738f22dec88330b0816aa0c026386c1db79", "DiffID": "sha256:ad5fa0a24cd87e37fb848811a92c2a08f294e35e0cf5da9c1869b6c91a076505" }, { "Size": 2560, "Digest": "sha256:d5e180c5634daea39efda1a8d35ea781126257c98fa38cd0374f6edcaa86a6e2", "DiffID": "sha256:6f189167f676fd6d05ce1e4077551cd67098c61e7e6a74ef470628be9a811b48" }, { "Size": 5120, "Digest": "sha256:61194bdf8809d67a4145f10fb09173c8e7a28b51da484e25eece0ba02643fa88", "DiffID": "sha256:6b7f4e280528c3a7b1708bb91457637bbe8067349b8237c0a74e21e81bdf9ac0" }, { "Size": 7168, "Digest": "sha256:6b213b30736dba71e4c92b43e31901658ff70cb96e46524740dce204b477c616", "DiffID": "sha256:ffd61943588a7a1e97a432e5c4e60e10844afe2933a16a32c14d8fdf5f3c5b32" }, { "Size": 50155520, "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" } ] } ], "Results": [ { "Target": "nginx:stable-alpine (alpine 3.23.4)", "Class": "os-pkgs", "Type": "alpine", "Packages": [ { "ID": "alpine-baselayout@3.7.2-r0", "Name": "alpine-baselayout", "Identifier": { "PURL": "pkg:apk/alpine/alpine-baselayout@3.7.2-r0?arch=x86_64\u0026distro=3.23.4", "UID": "ff3090489ca40326" }, "Version": "3.7.2-r0", "Arch": "x86_64", "SrcName": "alpine-baselayout", "SrcVersion": "3.7.2-r0", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "alpine-baselayout-data@3.7.2-r0", "busybox-binsh@1.37.0-r30" ], "Layer": { "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" }, "Digest": "sha1:545aa6f291209af89932b761d9e422c2778596cc", "InstalledFiles": [ "etc/motd", "etc/crontabs/root", "etc/modprobe.d/aliases.conf", "etc/modprobe.d/blacklist.conf", "etc/modprobe.d/i386.conf", "etc/profile.d/20locale.sh", "etc/profile.d/README", "etc/profile.d/color_prompt.sh.disabled", "usr/lib/sysctl.d/00-alpine.conf", "var/lock", "var/run", "var/spool/mail", "var/spool/cron/crontabs" ], "AnalyzedBy": "apk" }, { "ID": "alpine-baselayout-data@3.7.2-r0", "Name": "alpine-baselayout-data", "Identifier": { "PURL": "pkg:apk/alpine/alpine-baselayout-data@3.7.2-r0?arch=x86_64\u0026distro=3.23.4", "UID": "78c0ed61d7df9a7e" }, "Version": "3.7.2-r0", "Arch": "x86_64", "SrcName": "alpine-baselayout", "SrcVersion": "3.7.2-r0", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" }, "Digest": "sha1:85816632dbce07ba7e9e7a629fa59eddbd1687fb", "InstalledFiles": [ "etc/fstab", "etc/group", "etc/hostname", "etc/hosts", "etc/inittab", "etc/modules", "etc/mtab", "etc/nsswitch.conf", "etc/passwd", "etc/profile", "etc/protocols", "etc/services", "etc/shadow", "etc/shells", "etc/sysctl.conf" ], "AnalyzedBy": "apk" }, { "ID": "alpine-keys@2.6-r0", "Name": "alpine-keys", "Identifier": { "PURL": "pkg:apk/alpine/alpine-keys@2.6-r0?arch=x86_64\u0026distro=3.23.4", "UID": "2c7cb90de388aa7d" }, "Version": "2.6-r0", "Arch": "x86_64", "SrcName": "alpine-keys", "SrcVersion": "2.6-r0", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" }, "Digest": "sha1:5c45a821cd6b84d543bbd7ff12a7de1855c5cd13", "InstalledFiles": [ "etc/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-66ba20fe.rsa.pub", "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", "usr/share/apk/keys/loongarch64/alpine-devel@lists.alpinelinux.org-66ba20fe.rsa.pub", "usr/share/apk/keys/mips64/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub" ], "AnalyzedBy": "apk" }, { "ID": "alpine-release@3.23.4-r0", "Name": "alpine-release", "Identifier": { "PURL": "pkg:apk/alpine/alpine-release@3.23.4-r0?arch=x86_64\u0026distro=3.23.4", "UID": "114fb0bc8cc9ff31" }, "Version": "3.23.4-r0", "Arch": "x86_64", "SrcName": "alpine-base", "SrcVersion": "3.23.4-r0", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "alpine-keys@2.6-r0" ], "Layer": { "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" }, "Digest": "sha1:7ff0b58e52211bb31a84e2afdbcbff0620df55a1", "InstalledFiles": [ "etc/alpine-release", "etc/issue", "etc/os-release", "etc/secfixes.d/alpine", "usr/lib/os-release" ], "AnalyzedBy": "apk" }, { "ID": "aom-libs@3.13.1-r1", "Name": "aom-libs", "Identifier": { "PURL": "pkg:apk/alpine/aom-libs@3.13.1-r1?arch=x86_64\u0026distro=3.23.4", "UID": "5c2e206a9e097520" }, "Version": "3.13.1-r1", "Arch": "x86_64", "SrcName": "aom", "SrcVersion": "3.13.1-r1", "Licenses": [ "BSD-2-Clause", "custom" ], "Maintainer": "Oleg Titov \u003coleg.titov@gmail.com\u003e", "DependsOn": [ "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:97b0c2dffcef97a0253876d015ca217de10b216a", "InstalledFiles": [ "usr/lib/libaom.so.3", "usr/lib/libaom.so.3.13.1" ], "AnalyzedBy": "apk" }, { "ID": "apk-tools@3.0.6-r0", "Name": "apk-tools", "Identifier": { "PURL": "pkg:apk/alpine/apk-tools@3.0.6-r0?arch=x86_64\u0026distro=3.23.4", "UID": "760256a5bdd94a07" }, "Version": "3.0.6-r0", "Arch": "x86_64", "SrcName": "apk-tools", "SrcVersion": "3.0.6-r0", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "ca-certificates-bundle@20260413-r0", "libapk@3.0.6-r0", "libcrypto3@3.5.6-r0", "musl@1.2.5-r23", "zlib@1.3.2-r0" ], "Layer": { "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" }, "Digest": "sha1:86f3b3ef94d1cb213a4ed1187b34a6bb9f593033", "InstalledFiles": [ "sbin/apk" ], "AnalyzedBy": "apk" }, { "ID": "brotli-libs@1.2.0-r0", "Name": "brotli-libs", "Identifier": { "PURL": "pkg:apk/alpine/brotli-libs@1.2.0-r0?arch=x86_64\u0026distro=3.23.4", "UID": "234da2b3c350083b" }, "Version": "1.2.0-r0", "Arch": "x86_64", "SrcName": "brotli", "SrcVersion": "1.2.0-r0", "Licenses": [ "MIT" ], "Maintainer": "prspkt \u003cprspkt@protonmail.com\u003e", "DependsOn": [ "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:0814694602f35d2741e916fdcb4c9a1e0ec50b42", "InstalledFiles": [ "usr/lib/libbrotlicommon.so.1", "usr/lib/libbrotlicommon.so.1.2.0", "usr/lib/libbrotlidec.so.1", "usr/lib/libbrotlidec.so.1.2.0", "usr/lib/libbrotlienc.so.1", "usr/lib/libbrotlienc.so.1.2.0" ], "AnalyzedBy": "apk" }, { "ID": "busybox@1.37.0-r30", "Name": "busybox", "Identifier": { "PURL": "pkg:apk/alpine/busybox@1.37.0-r30?arch=x86_64\u0026distro=3.23.4", "UID": "9647681d0b54db77" }, "Version": "1.37.0-r30", "Arch": "x86_64", "SrcName": "busybox", "SrcVersion": "1.37.0-r30", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", "DependsOn": [ "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" }, "Digest": "sha1:f1347801bb96b1aa40d17f82237c3f4ff02a4725", "InstalledFiles": [ "bin/busybox", "etc/securetty", "etc/busybox-paths.d/busybox", "etc/logrotate.d/acpid", "etc/network/if-up.d/dad", "etc/udhcpc/udhcpc.conf", "usr/share/udhcpc/default.script" ], "AnalyzedBy": "apk" }, { "ID": "busybox-binsh@1.37.0-r30", "Name": "busybox-binsh", "Identifier": { "PURL": "pkg:apk/alpine/busybox-binsh@1.37.0-r30?arch=x86_64\u0026distro=3.23.4", "UID": "3e18d05d46a6f46f" }, "Version": "1.37.0-r30", "Arch": "x86_64", "SrcName": "busybox", "SrcVersion": "1.37.0-r30", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", "DependsOn": [ "busybox@1.37.0-r30" ], "Layer": { "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" }, "Digest": "sha1:188d2d0110afa58e8a3e3e5fd424b2d996df7a09", "InstalledFiles": [ "bin/sh" ], "AnalyzedBy": "apk" }, { "ID": "c-ares@1.34.6-r0", "Name": "c-ares", "Identifier": { "PURL": "pkg:apk/alpine/c-ares@1.34.6-r0?arch=x86_64\u0026distro=3.23.4", "UID": "5be96d5420bec243" }, "Version": "1.34.6-r0", "Arch": "x86_64", "SrcName": "c-ares", "SrcVersion": "1.34.6-r0", "Licenses": [ "MIT" ], "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:e3bb3ff47a277ff9409b8c4bb825099cfe2bcbe2", "InstalledFiles": [ "usr/lib/libcares.so.2", "usr/lib/libcares.so.2.19.5" ], "AnalyzedBy": "apk" }, { "ID": "ca-certificates@20260413-r0", "Name": "ca-certificates", "Identifier": { "PURL": "pkg:apk/alpine/ca-certificates@20260413-r0?arch=x86_64\u0026distro=3.23.4", "UID": "63ca5aff4886266d" }, "Version": "20260413-r0", "Arch": "x86_64", "SrcName": "ca-certificates", "SrcVersion": "20260413-r0", "Licenses": [ "MPL-2.0", "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "busybox-binsh@1.37.0-r30", "libcrypto3@3.5.6-r0", "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:af25e0f0a0412b141942909ed199144cc46f5bbc", "InstalledFiles": [ "etc/ca-certificates.conf", "etc/apk/protected_paths.d/ca-certificates.list", "etc/ca-certificates/update.d/certhash", "usr/bin/c_rehash", "usr/sbin/update-ca-certificates", "usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt", "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt", "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt", "usr/share/ca-certificates/mozilla/ANF_Secure_Server_Root_CA.crt", "usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt", "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt", "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.crt", "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.crt", "usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt", "usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA1.crt", "usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA2.crt", "usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt", "usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt", "usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt", "usr/share/ca-certificates/mozilla/CFCA_EV_ROOT.crt", "usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Certainly_Root_E1.crt", "usr/share/ca-certificates/mozilla/Certainly_Root_R1.crt", "usr/share/ca-certificates/mozilla/Certigna.crt", "usr/share/ca-certificates/mozilla/Certigna_Root_CA.crt", "usr/share/ca-certificates/mozilla/Certum_EC-384_CA.crt", "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt", "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt", "usr/share/ca-certificates/mozilla/Certum_Trusted_Root_CA.crt", "usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_1_2020.crt", "usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_2_2023.crt", "usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_1_2020.crt", "usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_2_2023.crt", "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt", "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt", "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt", "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt", "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt", "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt", "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt", "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt", "usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt", "usr/share/ca-certificates/mozilla/DigiCert_TLS_ECC_P384_Root_G5.crt", "usr/share/ca-certificates/mozilla/DigiCert_TLS_RSA4096_Root_G5.crt", "usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt", "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt", "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/FIRMAPROFESIONAL_CA_ROOT-A_WEB.crt", "usr/share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt", "usr/share/ca-certificates/mozilla/GLOBALTRUST_2020.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R1.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R2.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R3.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R4.crt", "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt", "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_E46.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_R46.crt", "usr/share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/HARICA_TLS_ECC_Root_CA_2021.crt", "usr/share/ca-certificates/mozilla/HARICA_TLS_RSA_Root_CA_2021.crt", "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt", "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt", "usr/share/ca-certificates/mozilla/HiPKI_Root_CA_-_G1.crt", "usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt", "usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt", "usr/share/ca-certificates/mozilla/ISRG_Root_X2.crt", "usr/share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt", "usr/share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt", "usr/share/ca-certificates/mozilla/Izenpe.com.crt", "usr/share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt", "usr/share/ca-certificates/mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt", "usr/share/ca-certificates/mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt", "usr/share/ca-certificates/mozilla/NAVER_Global_Root_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt", "usr/share/ca-certificates/mozilla/OISTE_Server_Root_ECC_G1.crt", "usr/share/ca-certificates/mozilla/OISTE_Server_Root_RSA_G1.crt", "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt", "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt", "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt", "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt", "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt", "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt", "usr/share/ca-certificates/mozilla/SSL.com_TLS_ECC_Root_CA_2022.crt", "usr/share/ca-certificates/mozilla/SSL.com_TLS_RSA_Root_CA_2022.crt", "usr/share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt", "usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_E46.crt", "usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_R46.crt", "usr/share/ca-certificates/mozilla/SecureSign_Root_CA12.crt", "usr/share/ca-certificates/mozilla/SecureSign_Root_CA14.crt", "usr/share/ca-certificates/mozilla/SecureSign_Root_CA15.crt", "usr/share/ca-certificates/mozilla/SecureTrust_CA.crt", "usr/share/ca-certificates/mozilla/Secure_Global_CA.crt", "usr/share/ca-certificates/mozilla/Security_Communication_ECC_RootCA1.crt", "usr/share/ca-certificates/mozilla/Security_Communication_RootCA2.crt", "usr/share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt", "usr/share/ca-certificates/mozilla/SwissSign_RSA_TLS_Root_CA_2022_-_1.crt", "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt", "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt", "usr/share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt", "usr/share/ca-certificates/mozilla/TWCA_CYBER_Root_CA.crt", "usr/share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt", "usr/share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Telekom_Security_TLS_ECC_Root_2020.crt", "usr/share/ca-certificates/mozilla/Telekom_Security_TLS_RSA_Root_2023.crt", "usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt", "usr/share/ca-certificates/mozilla/Telia_Root_CA_v2.crt", "usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G3.crt", "usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G4.crt", "usr/share/ca-certificates/mozilla/TrustAsia_TLS_ECC_Root_CA.crt", "usr/share/ca-certificates/mozilla/TrustAsia_TLS_RSA_Root_CA.crt", "usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/TunTrust_Root_CA.crt", "usr/share/ca-certificates/mozilla/UCA_Extended_Validation_Root.crt", "usr/share/ca-certificates/mozilla/UCA_Global_G2_Root.crt", "usr/share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt", "usr/share/ca-certificates/mozilla/certSIGN_Root_CA_G2.crt", "usr/share/ca-certificates/mozilla/e-Szigno_Root_CA_2017.crt", "usr/share/ca-certificates/mozilla/e-Szigno_TLS_Root_CA_2023.crt", "usr/share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_C3.crt", "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_G3.crt", "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_C1.crt", "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_G1.crt", "usr/share/ca-certificates/mozilla/vTrus_ECC_Root_CA.crt", "usr/share/ca-certificates/mozilla/vTrus_Root_CA.crt" ], "AnalyzedBy": "apk" }, { "ID": "ca-certificates-bundle@20260413-r0", "Name": "ca-certificates-bundle", "Identifier": { "PURL": "pkg:apk/alpine/ca-certificates-bundle@20260413-r0?arch=x86_64\u0026distro=3.23.4", "UID": "d9471547e8751507" }, "Version": "20260413-r0", "Arch": "x86_64", "SrcName": "ca-certificates", "SrcVersion": "20260413-r0", "Licenses": [ "MPL-2.0", "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" }, "Digest": "sha1:44c90827e10115cb6afec51081cb26785dc8f418", "InstalledFiles": [ "etc/ssl/cert.pem", "etc/ssl/certs/ca-certificates.crt", "etc/ssl1.1/cert.pem", "etc/ssl1.1/certs" ], "AnalyzedBy": "apk" }, { "ID": "curl@8.19.0-r0", "Name": "curl", "Identifier": { "PURL": "pkg:apk/alpine/curl@8.19.0-r0?arch=x86_64\u0026distro=3.23.4", "UID": "f9ecf01e03ce7fef" }, "Version": "8.19.0-r0", "Arch": "x86_64", "SrcName": "curl", "SrcVersion": "8.19.0-r0", "Licenses": [ "curl" ], "Maintainer": "Achill Gilgenast \u003cachill@achill.org\u003e", "DependsOn": [ "libcurl@8.19.0-r0", "musl@1.2.5-r23", "zlib@1.3.2-r0" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:812f1083cfc10c65b05b05bb4adfa3acb5cf6058", "InstalledFiles": [ "usr/bin/curl", "usr/bin/wcurl" ], "AnalyzedBy": "apk" }, { "ID": "fontconfig@2.17.1-r0", "Name": "fontconfig", "Identifier": { "PURL": "pkg:apk/alpine/fontconfig@2.17.1-r0?arch=x86_64\u0026distro=3.23.4", "UID": "d805dd422ee9c232" }, "Version": "2.17.1-r0", "Arch": "x86_64", "SrcName": "fontconfig", "SrcVersion": "2.17.1-r0", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "busybox-binsh@1.37.0-r30", "freetype@2.14.1-r0", "libexpat@2.7.5-r0", "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:8037b007516a65d246442a781a05f627073394d0", "InstalledFiles": [ "etc/fonts/fonts.conf", "etc/fonts/conf.d/10-hinting-slight.conf", "etc/fonts/conf.d/10-scale-bitmap-fonts.conf", "etc/fonts/conf.d/10-sub-pixel-none.conf", "etc/fonts/conf.d/10-yes-antialias.conf", "etc/fonts/conf.d/11-lcdfilter-default.conf", "etc/fonts/conf.d/20-unhint-small-vera.conf", "etc/fonts/conf.d/30-metric-aliases.conf", "etc/fonts/conf.d/40-nonlatin.conf", "etc/fonts/conf.d/45-generic.conf", "etc/fonts/conf.d/45-latin.conf", "etc/fonts/conf.d/48-spacing.conf", "etc/fonts/conf.d/49-sansserif.conf", "etc/fonts/conf.d/50-user.conf", "etc/fonts/conf.d/51-local.conf", "etc/fonts/conf.d/60-generic.conf", "etc/fonts/conf.d/60-latin.conf", "etc/fonts/conf.d/65-fonts-persian.conf", "etc/fonts/conf.d/65-nonlatin.conf", "etc/fonts/conf.d/69-unifont.conf", "etc/fonts/conf.d/70-no-bitmaps-except-emoji.conf", "etc/fonts/conf.d/80-delicious.conf", "etc/fonts/conf.d/90-synthetic.conf", "etc/fonts/conf.d/README", "usr/bin/fc-cache", "usr/bin/fc-cat", "usr/bin/fc-conflist", "usr/bin/fc-list", "usr/bin/fc-match", "usr/bin/fc-pattern", "usr/bin/fc-query", "usr/bin/fc-scan", "usr/bin/fc-validate", "usr/lib/libfontconfig.so.1", "usr/lib/libfontconfig.so.1.16.1", "usr/share/fontconfig/conf.avail/05-reset-dirs-sample.conf", "usr/share/fontconfig/conf.avail/09-autohint-if-no-hinting.conf", "usr/share/fontconfig/conf.avail/10-autohint.conf", "usr/share/fontconfig/conf.avail/10-hinting-full.conf", "usr/share/fontconfig/conf.avail/10-hinting-medium.conf", "usr/share/fontconfig/conf.avail/10-hinting-none.conf", "usr/share/fontconfig/conf.avail/10-hinting-slight.conf", "usr/share/fontconfig/conf.avail/10-no-antialias.conf", "usr/share/fontconfig/conf.avail/10-scale-bitmap-fonts.conf", "usr/share/fontconfig/conf.avail/10-sub-pixel-bgr.conf", "usr/share/fontconfig/conf.avail/10-sub-pixel-none.conf", "usr/share/fontconfig/conf.avail/10-sub-pixel-rgb.conf", "usr/share/fontconfig/conf.avail/10-sub-pixel-vbgr.conf", "usr/share/fontconfig/conf.avail/10-sub-pixel-vrgb.conf", "usr/share/fontconfig/conf.avail/10-unhinted.conf", "usr/share/fontconfig/conf.avail/10-yes-antialias.conf", "usr/share/fontconfig/conf.avail/11-lcdfilter-default.conf", "usr/share/fontconfig/conf.avail/11-lcdfilter-legacy.conf", "usr/share/fontconfig/conf.avail/11-lcdfilter-light.conf", "usr/share/fontconfig/conf.avail/11-lcdfilter-none.conf", "usr/share/fontconfig/conf.avail/20-unhint-small-vera.conf", "usr/share/fontconfig/conf.avail/25-unhint-nonlatin.conf", "usr/share/fontconfig/conf.avail/30-metric-aliases.conf", "usr/share/fontconfig/conf.avail/35-lang-normalize.conf", "usr/share/fontconfig/conf.avail/40-nonlatin.conf", "usr/share/fontconfig/conf.avail/45-generic.conf", "usr/share/fontconfig/conf.avail/45-latin.conf", "usr/share/fontconfig/conf.avail/48-guessfamily.conf", "usr/share/fontconfig/conf.avail/48-spacing.conf", "usr/share/fontconfig/conf.avail/49-sansserif.conf", "usr/share/fontconfig/conf.avail/50-user.conf", "usr/share/fontconfig/conf.avail/51-local.conf", "usr/share/fontconfig/conf.avail/60-generic.conf", "usr/share/fontconfig/conf.avail/60-latin.conf", "usr/share/fontconfig/conf.avail/65-fonts-persian.conf", "usr/share/fontconfig/conf.avail/65-khmer.conf", "usr/share/fontconfig/conf.avail/65-nonlatin.conf", "usr/share/fontconfig/conf.avail/69-unifont.conf", "usr/share/fontconfig/conf.avail/70-no-bitmaps-and-emoji.conf", "usr/share/fontconfig/conf.avail/70-no-bitmaps-except-emoji.conf", "usr/share/fontconfig/conf.avail/70-no-bitmaps.conf", "usr/share/fontconfig/conf.avail/70-yes-bitmaps.conf", "usr/share/fontconfig/conf.avail/80-delicious.conf", "usr/share/fontconfig/conf.avail/90-synthetic.conf", "usr/share/xml/fontconfig/fonts.dtd" ], "AnalyzedBy": "apk" }, { "ID": "freetype@2.14.1-r0", "Name": "freetype", "Identifier": { "PURL": "pkg:apk/alpine/freetype@2.14.1-r0?arch=x86_64\u0026distro=3.23.4", "UID": "d0ae0a3d160c9ff2" }, "Version": "2.14.1-r0", "Arch": "x86_64", "SrcName": "freetype", "SrcVersion": "2.14.1-r0", "Licenses": [ "FTL", "GPL-2.0-or-later" ], "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", "DependsOn": [ "brotli-libs@1.2.0-r0", "libbz2@1.0.8-r6", "libpng@1.6.58-r1", "musl@1.2.5-r23", "zlib@1.3.2-r0" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:e227f29a00edd7ed5b1e62a050da6532183e60be", "InstalledFiles": [ "usr/lib/libfreetype.so.6", "usr/lib/libfreetype.so.6.20.4" ], "AnalyzedBy": "apk" }, { "ID": "geoip@1.6.12-r6", "Name": "geoip", "Identifier": { "PURL": "pkg:apk/alpine/geoip@1.6.12-r6?arch=x86_64\u0026distro=3.23.4", "UID": "e21c96f348abf9a7" }, "Version": "1.6.12-r6", "Arch": "x86_64", "SrcName": "geoip", "SrcVersion": "1.6.12-r6", "Licenses": [ "LGPL-2.1-or-later" ], "Maintainer": "Leonardo Arena \u003crnalrd@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:8f2ea64ecb173949f03ec2371db4b534f142450f", "InstalledFiles": [ "usr/bin/geoiplookup", "usr/bin/geoiplookup6", "usr/lib/libGeoIP.so.1", "usr/lib/libGeoIP.so.1.6.12" ], "AnalyzedBy": "apk" }, { "ID": "gettext-envsubst@0.24.1-r1", "Name": "gettext-envsubst", "Identifier": { "PURL": "pkg:apk/alpine/gettext-envsubst@0.24.1-r1?arch=x86_64\u0026distro=3.23.4", "UID": "74b745a88adcfea9" }, "Version": "0.24.1-r1", "Arch": "x86_64", "SrcName": "gettext", "SrcVersion": "0.24.1-r1", "Licenses": [ "GPL-3.0-or-later", "LGPL-2.1-or-later", "MIT" ], "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", "DependsOn": [ "libintl@0.24.1-r1", "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:2761f2b929073faf02088d1cd321e4cdd3134ccb2eb483426a89aa7a29d17031", "DiffID": "sha256:5c5807454fd20888bebec1e53ba39804c582db55e8273de961a6c8b96c68e5c8" }, "Digest": "sha1:7593f7d82a7c943f0114a5f700788c53afb8a554", "InstalledFiles": [ "usr/bin/envsubst" ], "AnalyzedBy": "apk" }, { "ID": "libapk@3.0.6-r0", "Name": "libapk", "Identifier": { "PURL": "pkg:apk/alpine/libapk@3.0.6-r0?arch=x86_64\u0026distro=3.23.4", "UID": "47dcfb9093b112c1" }, "Version": "3.0.6-r0", "Arch": "x86_64", "SrcName": "apk-tools", "SrcVersion": "3.0.6-r0", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libcrypto3@3.5.6-r0", "libssl3@3.5.6-r0", "musl@1.2.5-r23", "zlib@1.3.2-r0" ], "Layer": { "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" }, "Digest": "sha1:f064c8318c4f7f17da6a490921ce0d5e709fc063", "InstalledFiles": [ "usr/lib/libapk.so.3.0.0" ], "AnalyzedBy": "apk" }, { "ID": "libavif@1.3.0-r0", "Name": "libavif", "Identifier": { "PURL": "pkg:apk/alpine/libavif@1.3.0-r0?arch=x86_64\u0026distro=3.23.4", "UID": "655cdbc6c9ce9e5b" }, "Version": "1.3.0-r0", "Arch": "x86_64", "SrcName": "libavif", "SrcVersion": "1.3.0-r0", "Licenses": [ "BSD-2-Clause" ], "Maintainer": "Bart Ribbers \u003cbribbers@disroot.org\u003e", "DependsOn": [ "aom-libs@3.13.1-r1", "libdav1d@1.5.2-r0", "libyuv@0.0.1887.20251502-r1", "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:6e0e61c8a9d1cb5a4a5f3faa64fb597844614f93", "InstalledFiles": [ "usr/lib/libavif.so.16", "usr/lib/libavif.so.16.3.0" ], "AnalyzedBy": "apk" }, { "ID": "libbsd@0.12.2-r0", "Name": "libbsd", "Identifier": { "PURL": "pkg:apk/alpine/libbsd@0.12.2-r0?arch=x86_64\u0026distro=3.23.4", "UID": "dd77a74c79623bb3" }, "Version": "0.12.2-r0", "Arch": "x86_64", "SrcName": "libbsd", "SrcVersion": "0.12.2-r0", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libmd@1.1.0-r0", "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:33970b157edad359d05a2c3e6f3460e725549c8b", "InstalledFiles": [ "usr/lib/libbsd.so.0", "usr/lib/libbsd.so.0.12.2" ], "AnalyzedBy": "apk" }, { "ID": "libbz2@1.0.8-r6", "Name": "libbz2", "Identifier": { "PURL": "pkg:apk/alpine/libbz2@1.0.8-r6?arch=x86_64\u0026distro=3.23.4", "UID": "d5d1649d0ebe2b41" }, "Version": "1.0.8-r6", "Arch": "x86_64", "SrcName": "bzip2", "SrcVersion": "1.0.8-r6", "Licenses": [ "bzip-2-1.0.6" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:864d363da11ee24c7920e0d052d2da7f8429251e", "InstalledFiles": [ "usr/lib/libbz2.so.1", "usr/lib/libbz2.so.1.0.8" ], "AnalyzedBy": "apk" }, { "ID": "libcrypto3@3.5.6-r0", "Name": "libcrypto3", "Identifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.6-r0?arch=x86_64\u0026distro=3.23.4", "UID": "975680d851f10fda" }, "Version": "3.5.6-r0", "Arch": "x86_64", "SrcName": "openssl", "SrcVersion": "3.5.6-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" }, "Digest": "sha1:9e7a866d0d052d290d3f9d621a4c89214188acff", "InstalledFiles": [ "etc/ssl/ct_log_list.cnf", "etc/ssl/ct_log_list.cnf.dist", "etc/ssl/openssl.cnf", "etc/ssl/openssl.cnf.dist", "usr/lib/libcrypto.so.3", "usr/lib/engines-3/afalg.so", "usr/lib/engines-3/capi.so", "usr/lib/engines-3/loader_attic.so", "usr/lib/engines-3/padlock.so", "usr/lib/ossl-modules/legacy.so" ], "AnalyzedBy": "apk" }, { "ID": "libcurl@8.19.0-r0", "Name": "libcurl", "Identifier": { "PURL": "pkg:apk/alpine/libcurl@8.19.0-r0?arch=x86_64\u0026distro=3.23.4", "UID": "ae99b13d03576e54" }, "Version": "8.19.0-r0", "Arch": "x86_64", "SrcName": "curl", "SrcVersion": "8.19.0-r0", "Licenses": [ "curl" ], "Maintainer": "Achill Gilgenast \u003cachill@achill.org\u003e", "DependsOn": [ "brotli-libs@1.2.0-r0", "c-ares@1.34.6-r0", "ca-certificates-bundle@20260413-r0", "libcrypto3@3.5.6-r0", "libidn2@2.3.8-r0", "libpsl@0.21.5-r3", "libssl3@3.5.6-r0", "musl@1.2.5-r23", "nghttp2-libs@1.69.0-r0", "zlib@1.3.2-r0", "zstd-libs@1.5.7-r2" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:c833586b6e5dcd4a10da7cf354b01d9e0ee10da8", "InstalledFiles": [ "usr/lib/libcurl.so.4", "usr/lib/libcurl.so.4.8.0" ], "AnalyzedBy": "apk" }, { "ID": "libdav1d@1.5.2-r0", "Name": "libdav1d", "Identifier": { "PURL": "pkg:apk/alpine/libdav1d@1.5.2-r0?arch=x86_64\u0026distro=3.23.4", "UID": "470e133c6bf6f9c4" }, "Version": "1.5.2-r0", "Arch": "x86_64", "SrcName": "dav1d", "SrcVersion": "1.5.2-r0", "Licenses": [ "BSD-2-Clause" ], "Maintainer": "Bart Ribbers \u003cbribbers@disroot.org\u003e", "DependsOn": [ "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:62a9676453a8b99cfb42148cfd26df3b964bcc1b", "InstalledFiles": [ "usr/lib/libdav1d.so.7", "usr/lib/libdav1d.so.7.0.0" ], "AnalyzedBy": "apk" }, { "ID": "libedit@20251016.3.1-r0", "Name": "libedit", "Identifier": { "PURL": "pkg:apk/alpine/libedit@20251016.3.1-r0?arch=x86_64\u0026distro=3.23.4", "UID": "4cd9b43219994542" }, "Version": "20251016.3.1-r0", "Arch": "x86_64", "SrcName": "libedit", "SrcVersion": "20251016.3.1-r0", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Celeste \u003ccielesti@protonmail.com\u003e", "DependsOn": [ "libncursesw@6.5_p20251123-r0", "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:463f69335a3223b1ce6856ce3bef5c03fee721bf", "InstalledFiles": [ "usr/lib/libedit.so.0", "usr/lib/libedit.so.0.0.76" ], "AnalyzedBy": "apk" }, { "ID": "libexpat@2.7.5-r0", "Name": "libexpat", "Identifier": { "PURL": "pkg:apk/alpine/libexpat@2.7.5-r0?arch=x86_64\u0026distro=3.23.4", "UID": "28e722d1da61bc2e" }, "Version": "2.7.5-r0", "Arch": "x86_64", "SrcName": "expat", "SrcVersion": "2.7.5-r0", "Licenses": [ "MIT" ], "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:5760d53ddd7cca8a742c672e4e00a475718eacaa", "InstalledFiles": [ "usr/lib/libexpat.so.1", "usr/lib/libexpat.so.1.11.3" ], "AnalyzedBy": "apk" }, { "ID": "libgcc@15.2.0-r2", "Name": "libgcc", "Identifier": { "PURL": "pkg:apk/alpine/libgcc@15.2.0-r2?arch=x86_64\u0026distro=3.23.4", "UID": "89fff20701e56ab7" }, "Version": "15.2.0-r2", "Arch": "x86_64", "SrcName": "gcc", "SrcVersion": "15.2.0-r2", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.1-or-later" ], "Maintainer": "Ariadne Conill \u003cariadne@dereferenced.org\u003e", "DependsOn": [ "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:57fccbe9eebf23f2c4f38ee2a24f8b0bdd508ff7", "InstalledFiles": [ "usr/lib/libgcc_s.so.1" ], "AnalyzedBy": "apk" }, { "ID": "libgd@2.3.3-r10", "Name": "libgd", "Identifier": { "PURL": "pkg:apk/alpine/libgd@2.3.3-r10?arch=x86_64\u0026distro=3.23.4", "UID": "b67312ef2319dd49" }, "Version": "2.3.3-r10", "Arch": "x86_64", "SrcName": "gd", "SrcVersion": "2.3.3-r10", "Licenses": [ "GD" ], "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", "DependsOn": [ "fontconfig@2.17.1-r0", "freetype@2.14.1-r0", "libavif@1.3.0-r0", "libjpeg-turbo@3.1.2-r0", "libpng@1.6.58-r1", "libwebp@1.6.0-r0", "libxpm@3.5.19-r0", "musl@1.2.5-r23", "tiff@4.7.1-r0", "zlib@1.3.2-r0" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:948454e00c660b6ddf1338a857959222f0888336", "InstalledFiles": [ "usr/lib/libgd.so.3", "usr/lib/libgd.so.3.0.11" ], "AnalyzedBy": "apk" }, { "ID": "libice@1.1.2-r0", "Name": "libice", "Identifier": { "PURL": "pkg:apk/alpine/libice@1.1.2-r0?arch=x86_64\u0026distro=3.23.4", "UID": "3348caa25e2ecdc4" }, "Version": "1.1.2-r0", "Arch": "x86_64", "SrcName": "libice", "SrcVersion": "1.1.2-r0", "Licenses": [ "X-11" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:997a01303f63cee0ba9773f0cd9b26b2eb5e6ace", "InstalledFiles": [ "usr/lib/libICE.so.6", "usr/lib/libICE.so.6.3.0" ], "AnalyzedBy": "apk" }, { "ID": "libidn2@2.3.8-r0", "Name": "libidn2", "Identifier": { "PURL": "pkg:apk/alpine/libidn2@2.3.8-r0?arch=x86_64\u0026distro=3.23.4", "UID": "f2e21ad261c22630" }, "Version": "2.3.8-r0", "Arch": "x86_64", "SrcName": "libidn2", "SrcVersion": "2.3.8-r0", "Licenses": [ "GPL-2.0-or-later", "LGPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libunistring@1.4.1-r0", "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:b8c5bfa365da5c360a01230db4d71e65af94af3d", "InstalledFiles": [ "usr/lib/libidn2.so.0", "usr/lib/libidn2.so.0.4.0" ], "AnalyzedBy": "apk" }, { "ID": "libintl@0.24.1-r1", "Name": "libintl", "Identifier": { "PURL": "pkg:apk/alpine/libintl@0.24.1-r1?arch=x86_64\u0026distro=3.23.4", "UID": "6b922bec7f8abaa" }, "Version": "0.24.1-r1", "Arch": "x86_64", "SrcName": "gettext", "SrcVersion": "0.24.1-r1", "Licenses": [ "LGPL-2.1-or-later" ], "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:2761f2b929073faf02088d1cd321e4cdd3134ccb2eb483426a89aa7a29d17031", "DiffID": "sha256:5c5807454fd20888bebec1e53ba39804c582db55e8273de961a6c8b96c68e5c8" }, "Digest": "sha1:0222324bb4dfd35e8a3ec821c86eb5afbd43a3af", "InstalledFiles": [ "usr/lib/libintl.so.8", "usr/lib/libintl.so.8.4.3" ], "AnalyzedBy": "apk" }, { "ID": "libjpeg-turbo@3.1.2-r0", "Name": "libjpeg-turbo", "Identifier": { "PURL": "pkg:apk/alpine/libjpeg-turbo@3.1.2-r0?arch=x86_64\u0026distro=3.23.4", "UID": "76e9eea31b92641e" }, "Version": "3.1.2-r0", "Arch": "x86_64", "SrcName": "libjpeg-turbo", "SrcVersion": "3.1.2-r0", "Licenses": [ "BSD-3-Clause", "IJG", "Zlib" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:aa025fb7ecf9bd65ef2afe47e3740639521e09ce", "InstalledFiles": [ "usr/lib/libjpeg.so.8", "usr/lib/libjpeg.so.8.3.2" ], "AnalyzedBy": "apk" }, { "ID": "libmd@1.1.0-r0", "Name": "libmd", "Identifier": { "PURL": "pkg:apk/alpine/libmd@1.1.0-r0?arch=x86_64\u0026distro=3.23.4", "UID": "53cb33d88e504fac" }, "Version": "1.1.0-r0", "Arch": "x86_64", "SrcName": "libmd", "SrcVersion": "1.1.0-r0", "Licenses": [ "BSD-3-Clause", "BSD-2-Clause", "ISC", "Beerware", "Public", "Domain" ], "Maintainer": "omni \u003comni+alpine@hack.org\u003e", "DependsOn": [ "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:ce7c57bd1f6628da8ba0d3f2ac18f6d8c93c0346", "InstalledFiles": [ "usr/lib/libmd.so.0", "usr/lib/libmd.so.0.1.0" ], "AnalyzedBy": "apk" }, { "ID": "libncursesw@6.5_p20251123-r0", "Name": "libncursesw", "Identifier": { "PURL": "pkg:apk/alpine/libncursesw@6.5_p20251123-r0?arch=x86_64\u0026distro=3.23.4", "UID": "edc30eb15f442d49" }, "Version": "6.5_p20251123-r0", "Arch": "x86_64", "SrcName": "ncurses", "SrcVersion": "6.5_p20251123-r0", "Licenses": [ "X-11" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r23", "ncurses-terminfo-base@6.5_p20251123-r0" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:649d3041c52b80620fb50a98f5979d25ebbe1523", "InstalledFiles": [ "usr/lib/libncursesw.so.6", "usr/lib/libncursesw.so.6.5" ], "AnalyzedBy": "apk" }, { "ID": "libpng@1.6.58-r1", "Name": "libpng", "Identifier": { "PURL": "pkg:apk/alpine/libpng@1.6.58-r1?arch=x86_64\u0026distro=3.23.4", "UID": "f22fca42d750ae4d" }, "Version": "1.6.58-r1", "Arch": "x86_64", "SrcName": "libpng", "SrcVersion": "1.6.58-r1", "Licenses": [ "Libpng" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r23", "zlib@1.3.2-r0" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:2dce71ea975aa82cbbcfcaac80af209bc84dd3c8", "InstalledFiles": [ "usr/lib/libpng16.so.16", "usr/lib/libpng16.so.16.58.0" ], "AnalyzedBy": "apk" }, { "ID": "libpsl@0.21.5-r3", "Name": "libpsl", "Identifier": { "PURL": "pkg:apk/alpine/libpsl@0.21.5-r3?arch=x86_64\u0026distro=3.23.4", "UID": "3b2044e446534821" }, "Version": "0.21.5-r3", "Arch": "x86_64", "SrcName": "libpsl", "SrcVersion": "0.21.5-r3", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libidn2@2.3.8-r0", "libunistring@1.4.1-r0", "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:b663c00f920a93be49c825555aa1a212e4287393", "InstalledFiles": [ "usr/lib/libpsl.so.5", "usr/lib/libpsl.so.5.3.5" ], "AnalyzedBy": "apk" }, { "ID": "libsharpyuv@1.6.0-r0", "Name": "libsharpyuv", "Identifier": { "PURL": "pkg:apk/alpine/libsharpyuv@1.6.0-r0?arch=x86_64\u0026distro=3.23.4", "UID": "73fb52723f19371d" }, "Version": "1.6.0-r0", "Arch": "x86_64", "SrcName": "libwebp", "SrcVersion": "1.6.0-r0", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:9bbf3958ac62e163084cde753276246e56ff298b", "InstalledFiles": [ "usr/lib/libsharpyuv.so.0", "usr/lib/libsharpyuv.so.0.1.2" ], "AnalyzedBy": "apk" }, { "ID": "libsm@1.2.6-r0", "Name": "libsm", "Identifier": { "PURL": "pkg:apk/alpine/libsm@1.2.6-r0?arch=x86_64\u0026distro=3.23.4", "UID": "5b884a45ca171ccf" }, "Version": "1.2.6-r0", "Arch": "x86_64", "SrcName": "libsm", "SrcVersion": "1.2.6-r0", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libice@1.1.2-r0", "libuuid@2.41.4-r0", "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:244b3b3e68f3c6c11c6202320109d460a2498e76", "InstalledFiles": [ "usr/lib/libSM.so.6", "usr/lib/libSM.so.6.0.1" ], "AnalyzedBy": "apk" }, { "ID": "libssl3@3.5.6-r0", "Name": "libssl3", "Identifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.6-r0?arch=x86_64\u0026distro=3.23.4", "UID": "aece396067dff154" }, "Version": "3.5.6-r0", "Arch": "x86_64", "SrcName": "openssl", "SrcVersion": "3.5.6-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libcrypto3@3.5.6-r0", "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" }, "Digest": "sha1:5a2620d507434903b747470a76b47e24b222de5e", "InstalledFiles": [ "usr/lib/libssl.so.3" ], "AnalyzedBy": "apk" }, { "ID": "libstdc++@15.2.0-r2", "Name": "libstdc++", "Identifier": { "PURL": "pkg:apk/alpine/libstdc%2B%2B@15.2.0-r2?arch=x86_64\u0026distro=3.23.4", "UID": "3ff8ae215a6a54a6" }, "Version": "15.2.0-r2", "Arch": "x86_64", "SrcName": "gcc", "SrcVersion": "15.2.0-r2", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.1-or-later" ], "Maintainer": "Ariadne Conill \u003cariadne@dereferenced.org\u003e", "DependsOn": [ "libgcc@15.2.0-r2", "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:528d77417a16706468af852f2859ad00f176e266", "InstalledFiles": [ "usr/lib/libstdc++.so.6", "usr/lib/libstdc++.so.6.0.34" ], "AnalyzedBy": "apk" }, { "ID": "libunistring@1.4.1-r0", "Name": "libunistring", "Identifier": { "PURL": "pkg:apk/alpine/libunistring@1.4.1-r0?arch=x86_64\u0026distro=3.23.4", "UID": "97a3c9b2cf3d0f9e" }, "Version": "1.4.1-r0", "Arch": "x86_64", "SrcName": "libunistring", "SrcVersion": "1.4.1-r0", "Licenses": [ "GPL-2.0-or-later", "LGPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:6e56562bde456bee5971787d3d95c34e84ced797", "InstalledFiles": [ "usr/lib/libunistring.so.5", "usr/lib/libunistring.so.5.2.1" ], "AnalyzedBy": "apk" }, { "ID": "libuuid@2.41.4-r0", "Name": "libuuid", "Identifier": { "PURL": "pkg:apk/alpine/libuuid@2.41.4-r0?arch=x86_64\u0026distro=3.23.4", "UID": "833419752375af8a" }, "Version": "2.41.4-r0", "Arch": "x86_64", "SrcName": "util-linux", "SrcVersion": "2.41.4-r0", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:d03966d821a1d9454e5576f96ec455824112fe46", "InstalledFiles": [ "usr/lib/libuuid.so.1", "usr/lib/libuuid.so.1.3.0" ], "AnalyzedBy": "apk" }, { "ID": "libwebp@1.6.0-r0", "Name": "libwebp", "Identifier": { "PURL": "pkg:apk/alpine/libwebp@1.6.0-r0?arch=x86_64\u0026distro=3.23.4", "UID": "cf3db5e019392979" }, "Version": "1.6.0-r0", "Arch": "x86_64", "SrcName": "libwebp", "SrcVersion": "1.6.0-r0", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libsharpyuv@1.6.0-r0", "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:46f79fe406ce611058a6c0ce995ebe85f7b73c7a", "InstalledFiles": [ "usr/lib/libwebp.so.7", "usr/lib/libwebp.so.7.2.0" ], "AnalyzedBy": "apk" }, { "ID": "libx11@1.8.12-r1", "Name": "libx11", "Identifier": { "PURL": "pkg:apk/alpine/libx11@1.8.12-r1?arch=x86_64\u0026distro=3.23.4", "UID": "e8538d9e85dca6bf" }, "Version": "1.8.12-r1", "Arch": "x86_64", "SrcName": "libx11", "SrcVersion": "1.8.12-r1", "Licenses": [ "X-11" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libxcb@1.17.0-r1", "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:689b36ec47d6c9abb9cbd0c7067ba4636568dbd5", "InstalledFiles": [ "usr/lib/libX11-xcb.so.1", "usr/lib/libX11-xcb.so.1.0.0", "usr/lib/libX11.so.6", "usr/lib/libX11.so.6.4.0", "usr/share/X11/XErrorDB", "usr/share/X11/Xcms.txt", "usr/share/X11/locale/compose.dir", "usr/share/X11/locale/locale.alias", "usr/share/X11/locale/locale.dir", "usr/share/X11/locale/C/Compose", "usr/share/X11/locale/C/XI18N_OBJS", "usr/share/X11/locale/C/XLC_LOCALE", "usr/share/X11/locale/am_ET.UTF-8/Compose", "usr/share/X11/locale/am_ET.UTF-8/XI18N_OBJS", "usr/share/X11/locale/am_ET.UTF-8/XLC_LOCALE", "usr/share/X11/locale/armscii-8/Compose", "usr/share/X11/locale/armscii-8/XI18N_OBJS", "usr/share/X11/locale/armscii-8/XLC_LOCALE", "usr/share/X11/locale/cs_CZ.UTF-8/Compose", "usr/share/X11/locale/cs_CZ.UTF-8/XI18N_OBJS", "usr/share/X11/locale/cs_CZ.UTF-8/XLC_LOCALE", "usr/share/X11/locale/el_GR.UTF-8/Compose", "usr/share/X11/locale/el_GR.UTF-8/XI18N_OBJS", "usr/share/X11/locale/el_GR.UTF-8/XLC_LOCALE", "usr/share/X11/locale/en_US.UTF-8/Compose", "usr/share/X11/locale/en_US.UTF-8/XI18N_OBJS", "usr/share/X11/locale/en_US.UTF-8/XLC_LOCALE", "usr/share/X11/locale/fi_FI.UTF-8/Compose", "usr/share/X11/locale/fi_FI.UTF-8/XI18N_OBJS", "usr/share/X11/locale/fi_FI.UTF-8/XLC_LOCALE", "usr/share/X11/locale/georgian-academy/Compose", "usr/share/X11/locale/georgian-academy/XI18N_OBJS", "usr/share/X11/locale/georgian-academy/XLC_LOCALE", "usr/share/X11/locale/georgian-ps/Compose", "usr/share/X11/locale/georgian-ps/XI18N_OBJS", "usr/share/X11/locale/georgian-ps/XLC_LOCALE", "usr/share/X11/locale/ibm-cp1133/Compose", "usr/share/X11/locale/ibm-cp1133/XI18N_OBJS", "usr/share/X11/locale/ibm-cp1133/XLC_LOCALE", "usr/share/X11/locale/iscii-dev/Compose", "usr/share/X11/locale/iscii-dev/XI18N_OBJS", "usr/share/X11/locale/iscii-dev/XLC_LOCALE", "usr/share/X11/locale/isiri-3342/Compose", "usr/share/X11/locale/isiri-3342/XI18N_OBJS", "usr/share/X11/locale/isiri-3342/XLC_LOCALE", "usr/share/X11/locale/iso8859-1/Compose", "usr/share/X11/locale/iso8859-1/XI18N_OBJS", "usr/share/X11/locale/iso8859-1/XLC_LOCALE", "usr/share/X11/locale/iso8859-10/Compose", "usr/share/X11/locale/iso8859-10/XI18N_OBJS", "usr/share/X11/locale/iso8859-10/XLC_LOCALE", "usr/share/X11/locale/iso8859-11/Compose", "usr/share/X11/locale/iso8859-11/XI18N_OBJS", "usr/share/X11/locale/iso8859-11/XLC_LOCALE", "usr/share/X11/locale/iso8859-13/Compose", "usr/share/X11/locale/iso8859-13/XI18N_OBJS", "usr/share/X11/locale/iso8859-13/XLC_LOCALE", "usr/share/X11/locale/iso8859-14/Compose", "usr/share/X11/locale/iso8859-14/XI18N_OBJS", "usr/share/X11/locale/iso8859-14/XLC_LOCALE", "usr/share/X11/locale/iso8859-15/Compose", "usr/share/X11/locale/iso8859-15/XI18N_OBJS", "usr/share/X11/locale/iso8859-15/XLC_LOCALE", "usr/share/X11/locale/iso8859-2/Compose", "usr/share/X11/locale/iso8859-2/XI18N_OBJS", "usr/share/X11/locale/iso8859-2/XLC_LOCALE", "usr/share/X11/locale/iso8859-3/Compose", "usr/share/X11/locale/iso8859-3/XI18N_OBJS", "usr/share/X11/locale/iso8859-3/XLC_LOCALE", "usr/share/X11/locale/iso8859-4/Compose", "usr/share/X11/locale/iso8859-4/XI18N_OBJS", "usr/share/X11/locale/iso8859-4/XLC_LOCALE", "usr/share/X11/locale/iso8859-5/Compose", "usr/share/X11/locale/iso8859-5/XI18N_OBJS", "usr/share/X11/locale/iso8859-5/XLC_LOCALE", "usr/share/X11/locale/iso8859-6/Compose", "usr/share/X11/locale/iso8859-6/XI18N_OBJS", "usr/share/X11/locale/iso8859-6/XLC_LOCALE", "usr/share/X11/locale/iso8859-7/Compose", "usr/share/X11/locale/iso8859-7/XI18N_OBJS", "usr/share/X11/locale/iso8859-7/XLC_LOCALE", "usr/share/X11/locale/iso8859-8/Compose", "usr/share/X11/locale/iso8859-8/XI18N_OBJS", "usr/share/X11/locale/iso8859-8/XLC_LOCALE", "usr/share/X11/locale/iso8859-9/Compose", "usr/share/X11/locale/iso8859-9/XI18N_OBJS", "usr/share/X11/locale/iso8859-9/XLC_LOCALE", "usr/share/X11/locale/iso8859-9e/Compose", "usr/share/X11/locale/iso8859-9e/XI18N_OBJS", "usr/share/X11/locale/iso8859-9e/XLC_LOCALE", "usr/share/X11/locale/ja/Compose", "usr/share/X11/locale/ja/XI18N_OBJS", "usr/share/X11/locale/ja/XLC_LOCALE", "usr/share/X11/locale/ja.JIS/Compose", "usr/share/X11/locale/ja.JIS/XI18N_OBJS", "usr/share/X11/locale/ja.JIS/XLC_LOCALE", "usr/share/X11/locale/ja.SJIS/Compose", "usr/share/X11/locale/ja.SJIS/XI18N_OBJS", "usr/share/X11/locale/ja.SJIS/XLC_LOCALE", "usr/share/X11/locale/ja_JP.UTF-8/Compose", "usr/share/X11/locale/ja_JP.UTF-8/XI18N_OBJS", "usr/share/X11/locale/ja_JP.UTF-8/XLC_LOCALE", "usr/share/X11/locale/km_KH.UTF-8/Compose", "usr/share/X11/locale/km_KH.UTF-8/XI18N_OBJS", "usr/share/X11/locale/km_KH.UTF-8/XLC_LOCALE", "usr/share/X11/locale/ko/Compose", "usr/share/X11/locale/ko/XI18N_OBJS", "usr/share/X11/locale/ko/XLC_LOCALE", "usr/share/X11/locale/ko_KR.UTF-8/Compose", "usr/share/X11/locale/ko_KR.UTF-8/XI18N_OBJS", "usr/share/X11/locale/ko_KR.UTF-8/XLC_LOCALE", "usr/share/X11/locale/koi8-c/Compose", "usr/share/X11/locale/koi8-c/XI18N_OBJS", "usr/share/X11/locale/koi8-c/XLC_LOCALE", "usr/share/X11/locale/koi8-r/Compose", "usr/share/X11/locale/koi8-r/XI18N_OBJS", "usr/share/X11/locale/koi8-r/XLC_LOCALE", "usr/share/X11/locale/koi8-u/Compose", "usr/share/X11/locale/koi8-u/XI18N_OBJS", "usr/share/X11/locale/koi8-u/XLC_LOCALE", "usr/share/X11/locale/microsoft-cp1251/Compose", "usr/share/X11/locale/microsoft-cp1251/XI18N_OBJS", "usr/share/X11/locale/microsoft-cp1251/XLC_LOCALE", "usr/share/X11/locale/microsoft-cp1255/Compose", "usr/share/X11/locale/microsoft-cp1255/XI18N_OBJS", "usr/share/X11/locale/microsoft-cp1255/XLC_LOCALE", "usr/share/X11/locale/microsoft-cp1256/Compose", "usr/share/X11/locale/microsoft-cp1256/XI18N_OBJS", "usr/share/X11/locale/microsoft-cp1256/XLC_LOCALE", "usr/share/X11/locale/mulelao-1/Compose", "usr/share/X11/locale/mulelao-1/XI18N_OBJS", "usr/share/X11/locale/mulelao-1/XLC_LOCALE", "usr/share/X11/locale/nokhchi-1/Compose", "usr/share/X11/locale/nokhchi-1/XI18N_OBJS", "usr/share/X11/locale/nokhchi-1/XLC_LOCALE", "usr/share/X11/locale/pt_BR.UTF-8/Compose", "usr/share/X11/locale/pt_BR.UTF-8/XI18N_OBJS", "usr/share/X11/locale/pt_BR.UTF-8/XLC_LOCALE", "usr/share/X11/locale/pt_PT.UTF-8/Compose", "usr/share/X11/locale/pt_PT.UTF-8/XI18N_OBJS", "usr/share/X11/locale/pt_PT.UTF-8/XLC_LOCALE", "usr/share/X11/locale/ru_RU.UTF-8/Compose", "usr/share/X11/locale/ru_RU.UTF-8/XI18N_OBJS", "usr/share/X11/locale/ru_RU.UTF-8/XLC_LOCALE", "usr/share/X11/locale/sr_RS.UTF-8/Compose", "usr/share/X11/locale/sr_RS.UTF-8/XI18N_OBJS", "usr/share/X11/locale/sr_RS.UTF-8/XLC_LOCALE", "usr/share/X11/locale/tatar-cyr/Compose", "usr/share/X11/locale/tatar-cyr/XI18N_OBJS", "usr/share/X11/locale/tatar-cyr/XLC_LOCALE", "usr/share/X11/locale/th_TH/Compose", "usr/share/X11/locale/th_TH/XI18N_OBJS", "usr/share/X11/locale/th_TH/XLC_LOCALE", "usr/share/X11/locale/th_TH.UTF-8/Compose", "usr/share/X11/locale/th_TH.UTF-8/XI18N_OBJS", "usr/share/X11/locale/th_TH.UTF-8/XLC_LOCALE", "usr/share/X11/locale/tscii-0/Compose", "usr/share/X11/locale/tscii-0/XI18N_OBJS", "usr/share/X11/locale/tscii-0/XLC_LOCALE", "usr/share/X11/locale/vi_VN.tcvn/Compose", "usr/share/X11/locale/vi_VN.tcvn/XI18N_OBJS", "usr/share/X11/locale/vi_VN.tcvn/XLC_LOCALE", "usr/share/X11/locale/vi_VN.viscii/Compose", "usr/share/X11/locale/vi_VN.viscii/XI18N_OBJS", "usr/share/X11/locale/vi_VN.viscii/XLC_LOCALE", "usr/share/X11/locale/zh_CN/Compose", "usr/share/X11/locale/zh_CN/XI18N_OBJS", "usr/share/X11/locale/zh_CN/XLC_LOCALE", "usr/share/X11/locale/zh_CN.UTF-8/Compose", "usr/share/X11/locale/zh_CN.UTF-8/XI18N_OBJS", "usr/share/X11/locale/zh_CN.UTF-8/XLC_LOCALE", "usr/share/X11/locale/zh_CN.gb18030/Compose", "usr/share/X11/locale/zh_CN.gb18030/XI18N_OBJS", "usr/share/X11/locale/zh_CN.gb18030/XLC_LOCALE", "usr/share/X11/locale/zh_CN.gbk/Compose", "usr/share/X11/locale/zh_CN.gbk/XI18N_OBJS", "usr/share/X11/locale/zh_CN.gbk/XLC_LOCALE", "usr/share/X11/locale/zh_HK.UTF-8/Compose", "usr/share/X11/locale/zh_HK.UTF-8/XI18N_OBJS", "usr/share/X11/locale/zh_HK.UTF-8/XLC_LOCALE", "usr/share/X11/locale/zh_HK.big5/Compose", "usr/share/X11/locale/zh_HK.big5/XI18N_OBJS", "usr/share/X11/locale/zh_HK.big5/XLC_LOCALE", "usr/share/X11/locale/zh_HK.big5hkscs/Compose", "usr/share/X11/locale/zh_HK.big5hkscs/XI18N_OBJS", "usr/share/X11/locale/zh_HK.big5hkscs/XLC_LOCALE", "usr/share/X11/locale/zh_TW/Compose", "usr/share/X11/locale/zh_TW/XI18N_OBJS", "usr/share/X11/locale/zh_TW/XLC_LOCALE", "usr/share/X11/locale/zh_TW.UTF-8/Compose", "usr/share/X11/locale/zh_TW.UTF-8/XI18N_OBJS", "usr/share/X11/locale/zh_TW.UTF-8/XLC_LOCALE", "usr/share/X11/locale/zh_TW.big5/Compose", "usr/share/X11/locale/zh_TW.big5/XI18N_OBJS", "usr/share/X11/locale/zh_TW.big5/XLC_LOCALE" ], "AnalyzedBy": "apk" }, { "ID": "libxau@1.0.12-r0", "Name": "libxau", "Identifier": { "PURL": "pkg:apk/alpine/libxau@1.0.12-r0?arch=x86_64\u0026distro=3.23.4", "UID": "d485bce96f246b42" }, "Version": "1.0.12-r0", "Arch": "x86_64", "SrcName": "libxau", "SrcVersion": "1.0.12-r0", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:89d2bc9daae3cb0e2ae095db6866357b7653f341", "InstalledFiles": [ "usr/lib/libXau.so.6", "usr/lib/libXau.so.6.0.0" ], "AnalyzedBy": "apk" }, { "ID": "libxcb@1.17.0-r1", "Name": "libxcb", "Identifier": { "PURL": "pkg:apk/alpine/libxcb@1.17.0-r1?arch=x86_64\u0026distro=3.23.4", "UID": "9257eaebc5b55b2" }, "Version": "1.17.0-r1", "Arch": "x86_64", "SrcName": "libxcb", "SrcVersion": "1.17.0-r1", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libxau@1.0.12-r0", "libxdmcp@1.1.5-r1", "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:61b06f883e8f8d2d8ee360e4dac04ac037fcca13", "InstalledFiles": [ "usr/lib/libxcb-composite.so.0", "usr/lib/libxcb-composite.so.0.0.0", "usr/lib/libxcb-damage.so.0", "usr/lib/libxcb-damage.so.0.0.0", "usr/lib/libxcb-dbe.so.0", "usr/lib/libxcb-dbe.so.0.0.0", "usr/lib/libxcb-dpms.so.0", "usr/lib/libxcb-dpms.so.0.0.0", "usr/lib/libxcb-dri2.so.0", "usr/lib/libxcb-dri2.so.0.0.0", "usr/lib/libxcb-dri3.so.0", "usr/lib/libxcb-dri3.so.0.1.0", "usr/lib/libxcb-glx.so.0", "usr/lib/libxcb-glx.so.0.0.0", "usr/lib/libxcb-present.so.0", "usr/lib/libxcb-present.so.0.0.0", "usr/lib/libxcb-randr.so.0", "usr/lib/libxcb-randr.so.0.1.0", "usr/lib/libxcb-record.so.0", "usr/lib/libxcb-record.so.0.0.0", "usr/lib/libxcb-render.so.0", "usr/lib/libxcb-render.so.0.0.0", "usr/lib/libxcb-res.so.0", "usr/lib/libxcb-res.so.0.0.0", "usr/lib/libxcb-screensaver.so.0", "usr/lib/libxcb-screensaver.so.0.0.0", "usr/lib/libxcb-shape.so.0", "usr/lib/libxcb-shape.so.0.0.0", "usr/lib/libxcb-shm.so.0", "usr/lib/libxcb-shm.so.0.0.0", "usr/lib/libxcb-sync.so.1", "usr/lib/libxcb-sync.so.1.0.0", "usr/lib/libxcb-xf86dri.so.0", "usr/lib/libxcb-xf86dri.so.0.0.0", "usr/lib/libxcb-xfixes.so.0", "usr/lib/libxcb-xfixes.so.0.0.0", "usr/lib/libxcb-xinerama.so.0", "usr/lib/libxcb-xinerama.so.0.0.0", "usr/lib/libxcb-xinput.so.0", "usr/lib/libxcb-xinput.so.0.1.0", "usr/lib/libxcb-xkb.so.1", "usr/lib/libxcb-xkb.so.1.0.0", "usr/lib/libxcb-xtest.so.0", "usr/lib/libxcb-xtest.so.0.0.0", "usr/lib/libxcb-xv.so.0", "usr/lib/libxcb-xv.so.0.0.0", "usr/lib/libxcb-xvmc.so.0", "usr/lib/libxcb-xvmc.so.0.0.0", "usr/lib/libxcb.so.1", "usr/lib/libxcb.so.1.1.0" ], "AnalyzedBy": "apk" }, { "ID": "libxdmcp@1.1.5-r1", "Name": "libxdmcp", "Identifier": { "PURL": "pkg:apk/alpine/libxdmcp@1.1.5-r1?arch=x86_64\u0026distro=3.23.4", "UID": "4ce7671300ab208e" }, "Version": "1.1.5-r1", "Arch": "x86_64", "SrcName": "libxdmcp", "SrcVersion": "1.1.5-r1", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libbsd@0.12.2-r0", "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:99a24c0fa12282b5ef89a6e732a8d494b7696d9d", "InstalledFiles": [ "usr/lib/libXdmcp.so.6", "usr/lib/libXdmcp.so.6.0.0" ], "AnalyzedBy": "apk" }, { "ID": "libxext@1.3.6-r2", "Name": "libxext", "Identifier": { "PURL": "pkg:apk/alpine/libxext@1.3.6-r2?arch=x86_64\u0026distro=3.23.4", "UID": "6995b5d26ca62497" }, "Version": "1.3.6-r2", "Arch": "x86_64", "SrcName": "libxext", "SrcVersion": "1.3.6-r2", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libx11@1.8.12-r1", "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:92fb4f12c2170403d6a48c7485ecaee40c84bee2", "InstalledFiles": [ "usr/lib/libXext.so.6", "usr/lib/libXext.so.6.4.0" ], "AnalyzedBy": "apk" }, { "ID": "libxml2@2.13.9-r0", "Name": "libxml2", "Identifier": { "PURL": "pkg:apk/alpine/libxml2@2.13.9-r0?arch=x86_64\u0026distro=3.23.4", "UID": "a4c496351a710b02" }, "Version": "2.13.9-r0", "Arch": "x86_64", "SrcName": "libxml2", "SrcVersion": "2.13.9-r0", "Licenses": [ "MIT" ], "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r23", "xz-libs@5.8.3-r0", "zlib@1.3.2-r0" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:9fb56eb6e62b7b6658a8abe14cded8d87a47ebc7", "InstalledFiles": [ "usr/lib/libxml2.so.2", "usr/lib/libxml2.so.2.13.9" ], "AnalyzedBy": "apk" }, { "ID": "libxpm@3.5.19-r0", "Name": "libxpm", "Identifier": { "PURL": "pkg:apk/alpine/libxpm@3.5.19-r0?arch=x86_64\u0026distro=3.23.4", "UID": "9eb303ee5fb7801a" }, "Version": "3.5.19-r0", "Arch": "x86_64", "SrcName": "libxpm", "SrcVersion": "3.5.19-r0", "Licenses": [ "X-11" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libx11@1.8.12-r1", "libxext@1.3.6-r2", "libxt@1.3.1-r0", "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:0c1b2467462bd516e1f3b514854ccca30e0e59c0", "InstalledFiles": [ "usr/bin/cxpm", "usr/bin/sxpm", "usr/lib/libXpm.so.4", "usr/lib/libXpm.so.4.11.0" ], "AnalyzedBy": "apk" }, { "ID": "libxslt@1.1.43-r3", "Name": "libxslt", "Identifier": { "PURL": "pkg:apk/alpine/libxslt@1.1.43-r3?arch=x86_64\u0026distro=3.23.4", "UID": "f615d2a6378e26e8" }, "Version": "1.1.43-r3", "Arch": "x86_64", "SrcName": "libxslt", "SrcVersion": "1.1.43-r3", "Licenses": [ "X-11" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libxml2@2.13.9-r0", "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:7d73182371fbf2141e137329e5432b94551bdd1b", "InstalledFiles": [ "usr/bin/xsltproc", "usr/lib/libexslt.so.0", "usr/lib/libexslt.so.0.8.24", "usr/lib/libxslt.so.1", "usr/lib/libxslt.so.1.1.43" ], "AnalyzedBy": "apk" }, { "ID": "libxt@1.3.1-r0", "Name": "libxt", "Identifier": { "PURL": "pkg:apk/alpine/libxt@1.3.1-r0?arch=x86_64\u0026distro=3.23.4", "UID": "3def3ac035093072" }, "Version": "1.3.1-r0", "Arch": "x86_64", "SrcName": "libxt", "SrcVersion": "1.3.1-r0", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libice@1.1.2-r0", "libsm@1.2.6-r0", "libx11@1.8.12-r1", "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:1cffd892c392dcaac9ad017c999f9e268b5f8ee1", "InstalledFiles": [ "usr/lib/libXt.so.6", "usr/lib/libXt.so.6.0.0" ], "AnalyzedBy": "apk" }, { "ID": "libyuv@0.0.1887.20251502-r1", "Name": "libyuv", "Identifier": { "PURL": "pkg:apk/alpine/libyuv@0.0.1887.20251502-r1?arch=x86_64\u0026distro=3.23.4", "UID": "85b1ea36bf9f477d" }, "Version": "0.0.1887.20251502-r1", "Arch": "x86_64", "SrcName": "libyuv", "SrcVersion": "0.0.1887.20251502-r1", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Andy Postnikov \u003capostnikov@gmail.com\u003e", "DependsOn": [ "libgcc@15.2.0-r2", "libjpeg-turbo@3.1.2-r0", "libstdc++@15.2.0-r2", "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:8335fd57f5a479534322e6ac74968fdc7564d8d0", "InstalledFiles": [ "usr/bin/yuvconvert", "usr/lib/libyuv.so" ], "AnalyzedBy": "apk" }, { "ID": "musl@1.2.5-r23", "Name": "musl", "Identifier": { "PURL": "pkg:apk/alpine/musl@1.2.5-r23?arch=x86_64\u0026distro=3.23.4", "UID": "dca30b3fd6708a32" }, "Version": "1.2.5-r23", "Arch": "x86_64", "SrcName": "musl", "SrcVersion": "1.2.5-r23", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" }, "Digest": "sha1:1b6c50426d3c0656e9c5a567a5a59601c7f4307a", "InstalledFiles": [ "lib/ld-musl-x86_64.so.1", "lib/libc.musl-x86_64.so.1" ], "AnalyzedBy": "apk" }, { "ID": "musl-utils@1.2.5-r23", "Name": "musl-utils", "Identifier": { "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r23?arch=x86_64\u0026distro=3.23.4", "UID": "ffcf7198a9776c5f" }, "Version": "1.2.5-r23", "Arch": "x86_64", "SrcName": "musl", "SrcVersion": "1.2.5-r23", "Licenses": [ "MIT", "BSD-2-Clause", "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r23", "scanelf@1.3.8-r2" ], "Layer": { "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" }, "Digest": "sha1:92fdbe96d25f13fe3a3d297ada56e4fb907aacec", "InstalledFiles": [ "sbin/ldconfig", "usr/bin/getconf", "usr/bin/getent", "usr/bin/iconv", "usr/bin/ldd" ], "AnalyzedBy": "apk" }, { "ID": "ncurses-terminfo-base@6.5_p20251123-r0", "Name": "ncurses-terminfo-base", "Identifier": { "PURL": "pkg:apk/alpine/ncurses-terminfo-base@6.5_p20251123-r0?arch=x86_64\u0026distro=3.23.4", "UID": "5acf10991828fa7a" }, "Version": "6.5_p20251123-r0", "Arch": "x86_64", "SrcName": "ncurses", "SrcVersion": "6.5_p20251123-r0", "Licenses": [ "X-11" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:57bd1d8124ec957eefea2314bdf45b0ed1068cee", "InstalledFiles": [ "etc/terminfo/a/alacritty", "etc/terminfo/a/ansi", "etc/terminfo/d/dumb", "etc/terminfo/g/gnome", "etc/terminfo/g/gnome-256color", "etc/terminfo/k/konsole", "etc/terminfo/k/konsole-256color", "etc/terminfo/k/konsole-linux", "etc/terminfo/l/linux", "etc/terminfo/p/putty", "etc/terminfo/p/putty-256color", "etc/terminfo/r/rxvt", "etc/terminfo/r/rxvt-256color", "etc/terminfo/s/screen", "etc/terminfo/s/screen-256color", "etc/terminfo/s/st-0.6", "etc/terminfo/s/st-0.7", "etc/terminfo/s/st-0.8", "etc/terminfo/s/st-0.8.5", "etc/terminfo/s/st-16color", "etc/terminfo/s/st-256color", "etc/terminfo/s/st-direct", "etc/terminfo/s/sun", "etc/terminfo/t/terminator", "etc/terminfo/t/terminology", "etc/terminfo/t/terminology-0.6.1", "etc/terminfo/t/terminology-1.0.0", "etc/terminfo/t/terminology-1.8.1", "etc/terminfo/t/tmux", "etc/terminfo/t/tmux-256color", "etc/terminfo/v/vt100", "etc/terminfo/v/vt102", "etc/terminfo/v/vt200", "etc/terminfo/v/vt220", "etc/terminfo/v/vt52", "etc/terminfo/v/vte", "etc/terminfo/v/vte-256color", "etc/terminfo/x/xterm", "etc/terminfo/x/xterm-256color", "etc/terminfo/x/xterm-color", "etc/terminfo/x/xterm-xfree86" ], "AnalyzedBy": "apk" }, { "ID": "nghttp2-libs@1.69.0-r0", "Name": "nghttp2-libs", "Identifier": { "PURL": "pkg:apk/alpine/nghttp2-libs@1.69.0-r0?arch=x86_64\u0026distro=3.23.4", "UID": "1d18d06a4faec59f" }, "Version": "1.69.0-r0", "Arch": "x86_64", "SrcName": "nghttp2", "SrcVersion": "1.69.0-r0", "Licenses": [ "MIT" ], "Maintainer": "Francesco Colista \u003cfcolista@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:6b8651227dd3f9155ded30ddc171757a7f5b91a5", "InstalledFiles": [ "usr/lib/libnghttp2.so.14", "usr/lib/libnghttp2.so.14.29.4" ], "AnalyzedBy": "apk" }, { "ID": "nginx@1.30.1-r1", "Name": "nginx", "Identifier": { "PURL": "pkg:apk/alpine/nginx@1.30.1-r1?arch=x86_64\u0026distro=3.23.4", "UID": "ee93c3492a28a9" }, "Version": "1.30.1-r1", "Arch": "x86_64", "SrcName": "nginx", "SrcVersion": "1.30.1-r1", "Licenses": [ "2-clause", "BSD-3-Clause", "license" ], "Maintainer": "NGINX Packaging \u003cnginx-packaging@f5.com\u003e", "DependsOn": [ "busybox-binsh@1.37.0-r30", "libcrypto3@3.5.6-r0", "libssl3@3.5.6-r0", "musl@1.2.5-r23", "pcre2@10.47-r0", "zlib@1.3.2-r0" ], "Layer": { "Digest": "sha256:2761f2b929073faf02088d1cd321e4cdd3134ccb2eb483426a89aa7a29d17031", "DiffID": "sha256:5c5807454fd20888bebec1e53ba39804c582db55e8273de961a6c8b96c68e5c8" }, "Digest": "sha1:d4ce2b457870cc3e0205f6314ddba7d47535d52d", "InstalledFiles": [ "etc/init.d/nginx", "etc/init.d/nginx-debug", "etc/logrotate.d/nginx", "etc/nginx/fastcgi.conf", "etc/nginx/fastcgi_params", "etc/nginx/mime.types", "etc/nginx/modules", "etc/nginx/nginx.conf", "etc/nginx/scgi_params", "etc/nginx/uwsgi_params", "etc/nginx/conf.d/default.conf", "usr/sbin/nginx", "usr/sbin/nginx-debug", "usr/share/licenses/nginx/COPYRIGHT", "usr/share/man/man8/nginx.8.gz", "usr/share/nginx/html/50x.html", "usr/share/nginx/html/index.html" ], "AnalyzedBy": "apk" }, { "ID": "nginx-module-acme@1.30.1.0.4.1-r1", "Name": "nginx-module-acme", "Identifier": { "PURL": "pkg:apk/alpine/nginx-module-acme@1.30.1.0.4.1-r1?arch=x86_64\u0026distro=3.23.4", "UID": "c9745c5a58d2c9cc" }, "Version": "1.30.1.0.4.1-r1", "Arch": "x86_64", "SrcName": "nginx-module-acme", "SrcVersion": "1.30.1.0.4.1-r1", "Licenses": [ "2-clause", "BSD-3-Clause", "license" ], "Maintainer": "NGINX Packaging \u003cnginx-packaging@f5.com\u003e", "DependsOn": [ "busybox-binsh@1.37.0-r30", "libgcc@15.2.0-r2", "musl@1.2.5-r23", "nginx@1.30.1-r1" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:760fa970bf48788491402eddebdf5aa700d099bb", "InstalledFiles": [ "usr/lib/nginx/modules/ngx_http_acme_module-debug.so", "usr/lib/nginx/modules/ngx_http_acme_module.so", "usr/share/licenses/nginx-module-acme/COPYRIGHT" ], "AnalyzedBy": "apk" }, { "ID": "nginx-module-geoip@1.30.1-r1", "Name": "nginx-module-geoip", "Identifier": { "PURL": "pkg:apk/alpine/nginx-module-geoip@1.30.1-r1?arch=x86_64\u0026distro=3.23.4", "UID": "2f97b19406989bba" }, "Version": "1.30.1-r1", "Arch": "x86_64", "SrcName": "nginx-module-geoip", "SrcVersion": "1.30.1-r1", "Licenses": [ "2-clause", "BSD-3-Clause", "license" ], "Maintainer": "NGINX Packaging \u003cnginx-packaging@f5.com\u003e", "DependsOn": [ "busybox-binsh@1.37.0-r30", "geoip@1.6.12-r6", "musl@1.2.5-r23", "nginx@1.30.1-r1" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:8b055c7c6aab9d456bc794009fe3ed76578ba6ee", "InstalledFiles": [ "usr/lib/nginx/modules/ngx_http_geoip_module-debug.so", "usr/lib/nginx/modules/ngx_http_geoip_module.so", "usr/lib/nginx/modules/ngx_stream_geoip_module-debug.so", "usr/lib/nginx/modules/ngx_stream_geoip_module.so", "usr/share/licenses/nginx-module-geoip/COPYRIGHT" ], "AnalyzedBy": "apk" }, { "ID": "nginx-module-image-filter@1.30.1-r1", "Name": "nginx-module-image-filter", "Identifier": { "PURL": "pkg:apk/alpine/nginx-module-image-filter@1.30.1-r1?arch=x86_64\u0026distro=3.23.4", "UID": "ffb3020ef6edeefc" }, "Version": "1.30.1-r1", "Arch": "x86_64", "SrcName": "nginx-module-image-filter", "SrcVersion": "1.30.1-r1", "Licenses": [ "2-clause", "BSD-3-Clause", "license" ], "Maintainer": "NGINX Packaging \u003cnginx-packaging@f5.com\u003e", "DependsOn": [ "busybox-binsh@1.37.0-r30", "libgd@2.3.3-r10", "musl@1.2.5-r23", "nginx@1.30.1-r1" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:a8f8c1b5f8401207e51387d4a458f3a88155191b", "InstalledFiles": [ "usr/lib/nginx/modules/ngx_http_image_filter_module-debug.so", "usr/lib/nginx/modules/ngx_http_image_filter_module.so", "usr/share/licenses/nginx-module-image-filter/COPYRIGHT" ], "AnalyzedBy": "apk" }, { "ID": "nginx-module-njs@1.30.1.0.9.9-r1", "Name": "nginx-module-njs", "Identifier": { "PURL": "pkg:apk/alpine/nginx-module-njs@1.30.1.0.9.9-r1?arch=x86_64\u0026distro=3.23.4", "UID": "42e11b23b4d1132e" }, "Version": "1.30.1.0.9.9-r1", "Arch": "x86_64", "SrcName": "nginx-module-njs", "SrcVersion": "1.30.1.0.9.9-r1", "Licenses": [ "2-clause", "BSD-3-Clause", "license" ], "Maintainer": "NGINX Packaging \u003cnginx-packaging@f5.com\u003e", "DependsOn": [ "busybox-binsh@1.37.0-r30", "libcrypto3@3.5.6-r0", "libedit@20251016.3.1-r0", "libxml2@2.13.9-r0", "musl@1.2.5-r23", "nginx@1.30.1-r1", "pcre2@10.47-r0", "zlib@1.3.2-r0" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:8a28f607e7900e7af8c82185d67e56c9695bbb23", "InstalledFiles": [ "usr/bin/njs", "usr/lib/nginx/modules/ngx_http_js_module-debug.so", "usr/lib/nginx/modules/ngx_http_js_module.so", "usr/lib/nginx/modules/ngx_stream_js_module-debug.so", "usr/lib/nginx/modules/ngx_stream_js_module.so", "usr/share/doc/nginx-module-njs/CHANGES", "usr/share/licenses/nginx-module-njs/COPYRIGHT" ], "AnalyzedBy": "apk" }, { "ID": "nginx-module-xslt@1.30.1-r1", "Name": "nginx-module-xslt", "Identifier": { "PURL": "pkg:apk/alpine/nginx-module-xslt@1.30.1-r1?arch=x86_64\u0026distro=3.23.4", "UID": "7ce6e6221b100df" }, "Version": "1.30.1-r1", "Arch": "x86_64", "SrcName": "nginx-module-xslt", "SrcVersion": "1.30.1-r1", "Licenses": [ "2-clause", "BSD-3-Clause", "license" ], "Maintainer": "NGINX Packaging \u003cnginx-packaging@f5.com\u003e", "DependsOn": [ "busybox-binsh@1.37.0-r30", "libxml2@2.13.9-r0", "libxslt@1.1.43-r3", "musl@1.2.5-r23", "nginx@1.30.1-r1" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:f406cf62e97083ef3b445dfe494fd467925ecc2e", "InstalledFiles": [ "usr/lib/nginx/modules/ngx_http_xslt_filter_module-debug.so", "usr/lib/nginx/modules/ngx_http_xslt_filter_module.so", "usr/share/licenses/nginx-module-xslt/COPYRIGHT" ], "AnalyzedBy": "apk" }, { "ID": "pcre2@10.47-r0", "Name": "pcre2", "Identifier": { "PURL": "pkg:apk/alpine/pcre2@10.47-r0?arch=x86_64\u0026distro=3.23.4", "UID": "75fb7d2fe836dfdc" }, "Version": "10.47-r0", "Arch": "x86_64", "SrcName": "pcre2", "SrcVersion": "10.47-r0", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Jakub Jirutka \u003cjakub@jirutka.cz\u003e", "DependsOn": [ "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:2761f2b929073faf02088d1cd321e4cdd3134ccb2eb483426a89aa7a29d17031", "DiffID": "sha256:5c5807454fd20888bebec1e53ba39804c582db55e8273de961a6c8b96c68e5c8" }, "Digest": "sha1:549059958151627bb0f5469bded945988b1bc24b", "InstalledFiles": [ "usr/lib/libpcre2-8.so.0", "usr/lib/libpcre2-8.so.0.15.0", "usr/lib/libpcre2-posix.so.3", "usr/lib/libpcre2-posix.so.3.0.7" ], "AnalyzedBy": "apk" }, { "ID": "scanelf@1.3.8-r2", "Name": "scanelf", "Identifier": { "PURL": "pkg:apk/alpine/scanelf@1.3.8-r2?arch=x86_64\u0026distro=3.23.4", "UID": "4efd612ed6f16dca" }, "Version": "1.3.8-r2", "Arch": "x86_64", "SrcName": "pax-utils", "SrcVersion": "1.3.8-r2", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" }, "Digest": "sha1:6ea36dd44ef9f6364f0cdfabe09ea15d2fdbe229", "InstalledFiles": [ "usr/bin/scanelf" ], "AnalyzedBy": "apk" }, { "ID": "ssl_client@1.37.0-r30", "Name": "ssl_client", "Identifier": { "PURL": "pkg:apk/alpine/ssl_client@1.37.0-r30?arch=x86_64\u0026distro=3.23.4", "UID": "f1acb8f2a8f94f51" }, "Version": "1.37.0-r30", "Arch": "x86_64", "SrcName": "busybox", "SrcVersion": "1.37.0-r30", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", "DependsOn": [ "libcrypto3@3.5.6-r0", "libssl3@3.5.6-r0", "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" }, "Digest": "sha1:5b6ec0939cfc9be47d9677a3152c547cc18b5edd", "InstalledFiles": [ "usr/bin/ssl_client" ], "AnalyzedBy": "apk" }, { "ID": "tiff@4.7.1-r0", "Name": "tiff", "Identifier": { "PURL": "pkg:apk/alpine/tiff@4.7.1-r0?arch=x86_64\u0026distro=3.23.4", "UID": "551adcb8b716f210" }, "Version": "4.7.1-r0", "Arch": "x86_64", "SrcName": "tiff", "SrcVersion": "4.7.1-r0", "Licenses": [ "libtiff" ], "Maintainer": "Michael Mason \u003cms13sp@gmail.com\u003e", "DependsOn": [ "libjpeg-turbo@3.1.2-r0", "libwebp@1.6.0-r0", "musl@1.2.5-r23", "zlib@1.3.2-r0", "zstd-libs@1.5.7-r2" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:b92c3394d281f51345a9375da14f347b6c1619a6", "InstalledFiles": [ "usr/lib/libtiff.so.6", "usr/lib/libtiff.so.6.2.0" ], "AnalyzedBy": "apk" }, { "ID": "tzdata@2026b-r0", "Name": "tzdata", "Identifier": { "PURL": "pkg:apk/alpine/tzdata@2026b-r0?arch=x86_64\u0026distro=3.23.4", "UID": "86f2dfb9a4acee39" }, "Version": "2026b-r0", "Arch": "x86_64", "SrcName": "tzdata", "SrcVersion": "2026b-r0", "Licenses": [ "Public-Domain" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:2761f2b929073faf02088d1cd321e4cdd3134ccb2eb483426a89aa7a29d17031", "DiffID": "sha256:5c5807454fd20888bebec1e53ba39804c582db55e8273de961a6c8b96c68e5c8" }, "Digest": "sha1:2624b59cfb8182dfb3de19043c6867cd1b3e1779", "InstalledFiles": [ "usr/share/zoneinfo/CET", "usr/share/zoneinfo/CST6CDT", "usr/share/zoneinfo/Cuba", "usr/share/zoneinfo/EET", "usr/share/zoneinfo/EST", "usr/share/zoneinfo/EST5EDT", "usr/share/zoneinfo/Egypt", "usr/share/zoneinfo/Eire", "usr/share/zoneinfo/Factory", "usr/share/zoneinfo/GB", "usr/share/zoneinfo/GB-Eire", "usr/share/zoneinfo/GMT", "usr/share/zoneinfo/GMT+0", "usr/share/zoneinfo/GMT-0", "usr/share/zoneinfo/GMT0", "usr/share/zoneinfo/Greenwich", "usr/share/zoneinfo/HST", "usr/share/zoneinfo/Hongkong", "usr/share/zoneinfo/Iceland", "usr/share/zoneinfo/Iran", "usr/share/zoneinfo/Israel", "usr/share/zoneinfo/Jamaica", "usr/share/zoneinfo/Japan", "usr/share/zoneinfo/Kwajalein", "usr/share/zoneinfo/Libya", "usr/share/zoneinfo/MET", "usr/share/zoneinfo/MST", "usr/share/zoneinfo/MST7MDT", "usr/share/zoneinfo/NZ", "usr/share/zoneinfo/NZ-CHAT", "usr/share/zoneinfo/Navajo", "usr/share/zoneinfo/PRC", "usr/share/zoneinfo/PST8PDT", "usr/share/zoneinfo/Poland", "usr/share/zoneinfo/Portugal", "usr/share/zoneinfo/ROC", "usr/share/zoneinfo/ROK", "usr/share/zoneinfo/Singapore", "usr/share/zoneinfo/Turkey", "usr/share/zoneinfo/UCT", "usr/share/zoneinfo/UTC", "usr/share/zoneinfo/Universal", "usr/share/zoneinfo/W-SU", "usr/share/zoneinfo/WET", "usr/share/zoneinfo/Zulu", "usr/share/zoneinfo/iso3166.tab", "usr/share/zoneinfo/leap-seconds.list", "usr/share/zoneinfo/posixrules", "usr/share/zoneinfo/zone.tab", "usr/share/zoneinfo/zone1970.tab", "usr/share/zoneinfo/Africa/Abidjan", "usr/share/zoneinfo/Africa/Accra", "usr/share/zoneinfo/Africa/Addis_Ababa", "usr/share/zoneinfo/Africa/Algiers", "usr/share/zoneinfo/Africa/Asmara", "usr/share/zoneinfo/Africa/Asmera", "usr/share/zoneinfo/Africa/Bamako", "usr/share/zoneinfo/Africa/Bangui", "usr/share/zoneinfo/Africa/Banjul", "usr/share/zoneinfo/Africa/Bissau", "usr/share/zoneinfo/Africa/Blantyre", "usr/share/zoneinfo/Africa/Brazzaville", "usr/share/zoneinfo/Africa/Bujumbura", "usr/share/zoneinfo/Africa/Cairo", "usr/share/zoneinfo/Africa/Casablanca", "usr/share/zoneinfo/Africa/Ceuta", "usr/share/zoneinfo/Africa/Conakry", "usr/share/zoneinfo/Africa/Dakar", "usr/share/zoneinfo/Africa/Dar_es_Salaam", "usr/share/zoneinfo/Africa/Djibouti", "usr/share/zoneinfo/Africa/Douala", "usr/share/zoneinfo/Africa/El_Aaiun", "usr/share/zoneinfo/Africa/Freetown", "usr/share/zoneinfo/Africa/Gaborone", "usr/share/zoneinfo/Africa/Harare", "usr/share/zoneinfo/Africa/Johannesburg", "usr/share/zoneinfo/Africa/Juba", "usr/share/zoneinfo/Africa/Kampala", "usr/share/zoneinfo/Africa/Khartoum", "usr/share/zoneinfo/Africa/Kigali", "usr/share/zoneinfo/Africa/Kinshasa", "usr/share/zoneinfo/Africa/Lagos", "usr/share/zoneinfo/Africa/Libreville", "usr/share/zoneinfo/Africa/Lome", "usr/share/zoneinfo/Africa/Luanda", "usr/share/zoneinfo/Africa/Lubumbashi", "usr/share/zoneinfo/Africa/Lusaka", "usr/share/zoneinfo/Africa/Malabo", "usr/share/zoneinfo/Africa/Maputo", "usr/share/zoneinfo/Africa/Maseru", "usr/share/zoneinfo/Africa/Mbabane", "usr/share/zoneinfo/Africa/Mogadishu", "usr/share/zoneinfo/Africa/Monrovia", "usr/share/zoneinfo/Africa/Nairobi", "usr/share/zoneinfo/Africa/Ndjamena", "usr/share/zoneinfo/Africa/Niamey", "usr/share/zoneinfo/Africa/Nouakchott", "usr/share/zoneinfo/Africa/Ouagadougou", "usr/share/zoneinfo/Africa/Porto-Novo", "usr/share/zoneinfo/Africa/Sao_Tome", "usr/share/zoneinfo/Africa/Timbuktu", "usr/share/zoneinfo/Africa/Tripoli", "usr/share/zoneinfo/Africa/Tunis", "usr/share/zoneinfo/Africa/Windhoek", "usr/share/zoneinfo/America/Adak", "usr/share/zoneinfo/America/Anchorage", "usr/share/zoneinfo/America/Anguilla", "usr/share/zoneinfo/America/Antigua", "usr/share/zoneinfo/America/Araguaina", "usr/share/zoneinfo/America/Aruba", "usr/share/zoneinfo/America/Asuncion", "usr/share/zoneinfo/America/Atikokan", "usr/share/zoneinfo/America/Atka", "usr/share/zoneinfo/America/Bahia", "usr/share/zoneinfo/America/Bahia_Banderas", "usr/share/zoneinfo/America/Barbados", "usr/share/zoneinfo/America/Belem", "usr/share/zoneinfo/America/Belize", "usr/share/zoneinfo/America/Blanc-Sablon", "usr/share/zoneinfo/America/Boa_Vista", "usr/share/zoneinfo/America/Bogota", "usr/share/zoneinfo/America/Boise", "usr/share/zoneinfo/America/Buenos_Aires", "usr/share/zoneinfo/America/Cambridge_Bay", "usr/share/zoneinfo/America/Campo_Grande", "usr/share/zoneinfo/America/Cancun", "usr/share/zoneinfo/America/Caracas", "usr/share/zoneinfo/America/Catamarca", "usr/share/zoneinfo/America/Cayenne", "usr/share/zoneinfo/America/Cayman", "usr/share/zoneinfo/America/Chicago", "usr/share/zoneinfo/America/Chihuahua", "usr/share/zoneinfo/America/Ciudad_Juarez", "usr/share/zoneinfo/America/Coral_Harbour", "usr/share/zoneinfo/America/Cordoba", "usr/share/zoneinfo/America/Costa_Rica", "usr/share/zoneinfo/America/Coyhaique", "usr/share/zoneinfo/America/Creston", "usr/share/zoneinfo/America/Cuiaba", "usr/share/zoneinfo/America/Curacao", "usr/share/zoneinfo/America/Danmarkshavn", "usr/share/zoneinfo/America/Dawson", "usr/share/zoneinfo/America/Dawson_Creek", "usr/share/zoneinfo/America/Denver", "usr/share/zoneinfo/America/Detroit", "usr/share/zoneinfo/America/Dominica", "usr/share/zoneinfo/America/Edmonton", "usr/share/zoneinfo/America/Eirunepe", "usr/share/zoneinfo/America/El_Salvador", "usr/share/zoneinfo/America/Ensenada", "usr/share/zoneinfo/America/Fort_Nelson", "usr/share/zoneinfo/America/Fort_Wayne", "usr/share/zoneinfo/America/Fortaleza", "usr/share/zoneinfo/America/Glace_Bay", "usr/share/zoneinfo/America/Godthab", "usr/share/zoneinfo/America/Goose_Bay", "usr/share/zoneinfo/America/Grand_Turk", "usr/share/zoneinfo/America/Grenada", "usr/share/zoneinfo/America/Guadeloupe", "usr/share/zoneinfo/America/Guatemala", "usr/share/zoneinfo/America/Guayaquil", "usr/share/zoneinfo/America/Guyana", "usr/share/zoneinfo/America/Halifax", "usr/share/zoneinfo/America/Havana", "usr/share/zoneinfo/America/Hermosillo", "usr/share/zoneinfo/America/Indianapolis", "usr/share/zoneinfo/America/Inuvik", "usr/share/zoneinfo/America/Iqaluit", "usr/share/zoneinfo/America/Jamaica", "usr/share/zoneinfo/America/Jujuy", "usr/share/zoneinfo/America/Juneau", "usr/share/zoneinfo/America/Knox_IN", "usr/share/zoneinfo/America/Kralendijk", "usr/share/zoneinfo/America/La_Paz", "usr/share/zoneinfo/America/Lima", "usr/share/zoneinfo/America/Los_Angeles", "usr/share/zoneinfo/America/Louisville", "usr/share/zoneinfo/America/Lower_Princes", "usr/share/zoneinfo/America/Maceio", "usr/share/zoneinfo/America/Managua", "usr/share/zoneinfo/America/Manaus", "usr/share/zoneinfo/America/Marigot", "usr/share/zoneinfo/America/Martinique", "usr/share/zoneinfo/America/Matamoros", "usr/share/zoneinfo/America/Mazatlan", "usr/share/zoneinfo/America/Mendoza", "usr/share/zoneinfo/America/Menominee", "usr/share/zoneinfo/America/Merida", "usr/share/zoneinfo/America/Metlakatla", "usr/share/zoneinfo/America/Mexico_City", "usr/share/zoneinfo/America/Miquelon", "usr/share/zoneinfo/America/Moncton", "usr/share/zoneinfo/America/Monterrey", "usr/share/zoneinfo/America/Montevideo", "usr/share/zoneinfo/America/Montreal", "usr/share/zoneinfo/America/Montserrat", "usr/share/zoneinfo/America/Nassau", "usr/share/zoneinfo/America/New_York", "usr/share/zoneinfo/America/Nipigon", "usr/share/zoneinfo/America/Nome", "usr/share/zoneinfo/America/Noronha", "usr/share/zoneinfo/America/Nuuk", "usr/share/zoneinfo/America/Ojinaga", "usr/share/zoneinfo/America/Panama", "usr/share/zoneinfo/America/Pangnirtung", "usr/share/zoneinfo/America/Paramaribo", "usr/share/zoneinfo/America/Phoenix", "usr/share/zoneinfo/America/Port-au-Prince", "usr/share/zoneinfo/America/Port_of_Spain", "usr/share/zoneinfo/America/Porto_Acre", "usr/share/zoneinfo/America/Porto_Velho", "usr/share/zoneinfo/America/Puerto_Rico", "usr/share/zoneinfo/America/Punta_Arenas", "usr/share/zoneinfo/America/Rainy_River", "usr/share/zoneinfo/America/Rankin_Inlet", "usr/share/zoneinfo/America/Recife", "usr/share/zoneinfo/America/Regina", "usr/share/zoneinfo/America/Resolute", "usr/share/zoneinfo/America/Rio_Branco", "usr/share/zoneinfo/America/Rosario", "usr/share/zoneinfo/America/Santa_Isabel", "usr/share/zoneinfo/America/Santarem", "usr/share/zoneinfo/America/Santiago", "usr/share/zoneinfo/America/Santo_Domingo", "usr/share/zoneinfo/America/Sao_Paulo", "usr/share/zoneinfo/America/Scoresbysund", "usr/share/zoneinfo/America/Shiprock", "usr/share/zoneinfo/America/Sitka", "usr/share/zoneinfo/America/St_Barthelemy", "usr/share/zoneinfo/America/St_Johns", "usr/share/zoneinfo/America/St_Kitts", "usr/share/zoneinfo/America/St_Lucia", "usr/share/zoneinfo/America/St_Thomas", "usr/share/zoneinfo/America/St_Vincent", "usr/share/zoneinfo/America/Swift_Current", "usr/share/zoneinfo/America/Tegucigalpa", "usr/share/zoneinfo/America/Thule", "usr/share/zoneinfo/America/Thunder_Bay", "usr/share/zoneinfo/America/Tijuana", "usr/share/zoneinfo/America/Toronto", "usr/share/zoneinfo/America/Tortola", "usr/share/zoneinfo/America/Vancouver", "usr/share/zoneinfo/America/Virgin", "usr/share/zoneinfo/America/Whitehorse", "usr/share/zoneinfo/America/Winnipeg", "usr/share/zoneinfo/America/Yakutat", "usr/share/zoneinfo/America/Yellowknife", "usr/share/zoneinfo/America/Argentina/Buenos_Aires", "usr/share/zoneinfo/America/Argentina/Catamarca", "usr/share/zoneinfo/America/Argentina/ComodRivadavia", "usr/share/zoneinfo/America/Argentina/Cordoba", "usr/share/zoneinfo/America/Argentina/Jujuy", "usr/share/zoneinfo/America/Argentina/La_Rioja", "usr/share/zoneinfo/America/Argentina/Mendoza", "usr/share/zoneinfo/America/Argentina/Rio_Gallegos", "usr/share/zoneinfo/America/Argentina/Salta", "usr/share/zoneinfo/America/Argentina/San_Juan", "usr/share/zoneinfo/America/Argentina/San_Luis", "usr/share/zoneinfo/America/Argentina/Tucuman", "usr/share/zoneinfo/America/Argentina/Ushuaia", "usr/share/zoneinfo/America/Indiana/Indianapolis", "usr/share/zoneinfo/America/Indiana/Knox", "usr/share/zoneinfo/America/Indiana/Marengo", "usr/share/zoneinfo/America/Indiana/Petersburg", "usr/share/zoneinfo/America/Indiana/Tell_City", "usr/share/zoneinfo/America/Indiana/Vevay", "usr/share/zoneinfo/America/Indiana/Vincennes", "usr/share/zoneinfo/America/Indiana/Winamac", "usr/share/zoneinfo/America/Kentucky/Louisville", "usr/share/zoneinfo/America/Kentucky/Monticello", "usr/share/zoneinfo/America/North_Dakota/Beulah", "usr/share/zoneinfo/America/North_Dakota/Center", "usr/share/zoneinfo/America/North_Dakota/New_Salem", "usr/share/zoneinfo/Antarctica/Casey", "usr/share/zoneinfo/Antarctica/Davis", "usr/share/zoneinfo/Antarctica/DumontDUrville", "usr/share/zoneinfo/Antarctica/Macquarie", "usr/share/zoneinfo/Antarctica/Mawson", "usr/share/zoneinfo/Antarctica/McMurdo", "usr/share/zoneinfo/Antarctica/Palmer", "usr/share/zoneinfo/Antarctica/Rothera", "usr/share/zoneinfo/Antarctica/South_Pole", "usr/share/zoneinfo/Antarctica/Syowa", "usr/share/zoneinfo/Antarctica/Troll", "usr/share/zoneinfo/Antarctica/Vostok", "usr/share/zoneinfo/Arctic/Longyearbyen", "usr/share/zoneinfo/Asia/Aden", "usr/share/zoneinfo/Asia/Almaty", "usr/share/zoneinfo/Asia/Amman", "usr/share/zoneinfo/Asia/Anadyr", "usr/share/zoneinfo/Asia/Aqtau", "usr/share/zoneinfo/Asia/Aqtobe", "usr/share/zoneinfo/Asia/Ashgabat", "usr/share/zoneinfo/Asia/Ashkhabad", "usr/share/zoneinfo/Asia/Atyrau", "usr/share/zoneinfo/Asia/Baghdad", "usr/share/zoneinfo/Asia/Bahrain", "usr/share/zoneinfo/Asia/Baku", "usr/share/zoneinfo/Asia/Bangkok", "usr/share/zoneinfo/Asia/Barnaul", "usr/share/zoneinfo/Asia/Beirut", "usr/share/zoneinfo/Asia/Bishkek", "usr/share/zoneinfo/Asia/Brunei", "usr/share/zoneinfo/Asia/Calcutta", "usr/share/zoneinfo/Asia/Chita", "usr/share/zoneinfo/Asia/Choibalsan", "usr/share/zoneinfo/Asia/Chongqing", "usr/share/zoneinfo/Asia/Chungking", "usr/share/zoneinfo/Asia/Colombo", "usr/share/zoneinfo/Asia/Dacca", "usr/share/zoneinfo/Asia/Damascus", "usr/share/zoneinfo/Asia/Dhaka", "usr/share/zoneinfo/Asia/Dili", "usr/share/zoneinfo/Asia/Dubai", "usr/share/zoneinfo/Asia/Dushanbe", "usr/share/zoneinfo/Asia/Famagusta", "usr/share/zoneinfo/Asia/Gaza", "usr/share/zoneinfo/Asia/Harbin", "usr/share/zoneinfo/Asia/Hebron", "usr/share/zoneinfo/Asia/Ho_Chi_Minh", "usr/share/zoneinfo/Asia/Hong_Kong", "usr/share/zoneinfo/Asia/Hovd", "usr/share/zoneinfo/Asia/Irkutsk", "usr/share/zoneinfo/Asia/Istanbul", "usr/share/zoneinfo/Asia/Jakarta", "usr/share/zoneinfo/Asia/Jayapura", "usr/share/zoneinfo/Asia/Jerusalem", "usr/share/zoneinfo/Asia/Kabul", "usr/share/zoneinfo/Asia/Kamchatka", "usr/share/zoneinfo/Asia/Karachi", "usr/share/zoneinfo/Asia/Kashgar", "usr/share/zoneinfo/Asia/Kathmandu", "usr/share/zoneinfo/Asia/Katmandu", "usr/share/zoneinfo/Asia/Khandyga", "usr/share/zoneinfo/Asia/Kolkata", "usr/share/zoneinfo/Asia/Krasnoyarsk", "usr/share/zoneinfo/Asia/Kuala_Lumpur", "usr/share/zoneinfo/Asia/Kuching", "usr/share/zoneinfo/Asia/Kuwait", "usr/share/zoneinfo/Asia/Macao", "usr/share/zoneinfo/Asia/Macau", "usr/share/zoneinfo/Asia/Magadan", "usr/share/zoneinfo/Asia/Makassar", "usr/share/zoneinfo/Asia/Manila", "usr/share/zoneinfo/Asia/Muscat", "usr/share/zoneinfo/Asia/Nicosia", "usr/share/zoneinfo/Asia/Novokuznetsk", "usr/share/zoneinfo/Asia/Novosibirsk", "usr/share/zoneinfo/Asia/Omsk", "usr/share/zoneinfo/Asia/Oral", "usr/share/zoneinfo/Asia/Phnom_Penh", "usr/share/zoneinfo/Asia/Pontianak", "usr/share/zoneinfo/Asia/Pyongyang", "usr/share/zoneinfo/Asia/Qatar", "usr/share/zoneinfo/Asia/Qostanay", "usr/share/zoneinfo/Asia/Qyzylorda", "usr/share/zoneinfo/Asia/Rangoon", "usr/share/zoneinfo/Asia/Riyadh", "usr/share/zoneinfo/Asia/Saigon", "usr/share/zoneinfo/Asia/Sakhalin", "usr/share/zoneinfo/Asia/Samarkand", "usr/share/zoneinfo/Asia/Seoul", "usr/share/zoneinfo/Asia/Shanghai", "usr/share/zoneinfo/Asia/Singapore", "usr/share/zoneinfo/Asia/Srednekolymsk", "usr/share/zoneinfo/Asia/Taipei", "usr/share/zoneinfo/Asia/Tashkent", "usr/share/zoneinfo/Asia/Tbilisi", "usr/share/zoneinfo/Asia/Tehran", "usr/share/zoneinfo/Asia/Tel_Aviv", "usr/share/zoneinfo/Asia/Thimbu", "usr/share/zoneinfo/Asia/Thimphu", "usr/share/zoneinfo/Asia/Tokyo", "usr/share/zoneinfo/Asia/Tomsk", "usr/share/zoneinfo/Asia/Ujung_Pandang", "usr/share/zoneinfo/Asia/Ulaanbaatar", "usr/share/zoneinfo/Asia/Ulan_Bator", "usr/share/zoneinfo/Asia/Urumqi", "usr/share/zoneinfo/Asia/Ust-Nera", "usr/share/zoneinfo/Asia/Vientiane", "usr/share/zoneinfo/Asia/Vladivostok", "usr/share/zoneinfo/Asia/Yakutsk", "usr/share/zoneinfo/Asia/Yangon", "usr/share/zoneinfo/Asia/Yekaterinburg", "usr/share/zoneinfo/Asia/Yerevan", "usr/share/zoneinfo/Atlantic/Azores", "usr/share/zoneinfo/Atlantic/Bermuda", "usr/share/zoneinfo/Atlantic/Canary", "usr/share/zoneinfo/Atlantic/Cape_Verde", "usr/share/zoneinfo/Atlantic/Faeroe", "usr/share/zoneinfo/Atlantic/Faroe", "usr/share/zoneinfo/Atlantic/Jan_Mayen", "usr/share/zoneinfo/Atlantic/Madeira", "usr/share/zoneinfo/Atlantic/Reykjavik", "usr/share/zoneinfo/Atlantic/South_Georgia", "usr/share/zoneinfo/Atlantic/St_Helena", "usr/share/zoneinfo/Atlantic/Stanley", "usr/share/zoneinfo/Australia/ACT", "usr/share/zoneinfo/Australia/Adelaide", "usr/share/zoneinfo/Australia/Brisbane", "usr/share/zoneinfo/Australia/Broken_Hill", "usr/share/zoneinfo/Australia/Canberra", "usr/share/zoneinfo/Australia/Currie", "usr/share/zoneinfo/Australia/Darwin", "usr/share/zoneinfo/Australia/Eucla", "usr/share/zoneinfo/Australia/Hobart", "usr/share/zoneinfo/Australia/LHI", "usr/share/zoneinfo/Australia/Lindeman", "usr/share/zoneinfo/Australia/Lord_Howe", "usr/share/zoneinfo/Australia/Melbourne", "usr/share/zoneinfo/Australia/NSW", "usr/share/zoneinfo/Australia/North", "usr/share/zoneinfo/Australia/Perth", "usr/share/zoneinfo/Australia/Queensland", "usr/share/zoneinfo/Australia/South", "usr/share/zoneinfo/Australia/Sydney", "usr/share/zoneinfo/Australia/Tasmania", "usr/share/zoneinfo/Australia/Victoria", "usr/share/zoneinfo/Australia/West", "usr/share/zoneinfo/Australia/Yancowinna", "usr/share/zoneinfo/Brazil/Acre", "usr/share/zoneinfo/Brazil/DeNoronha", "usr/share/zoneinfo/Brazil/East", "usr/share/zoneinfo/Brazil/West", "usr/share/zoneinfo/Canada/Atlantic", "usr/share/zoneinfo/Canada/Central", "usr/share/zoneinfo/Canada/Eastern", "usr/share/zoneinfo/Canada/Mountain", "usr/share/zoneinfo/Canada/Newfoundland", "usr/share/zoneinfo/Canada/Pacific", "usr/share/zoneinfo/Canada/Saskatchewan", "usr/share/zoneinfo/Canada/Yukon", "usr/share/zoneinfo/Chile/Continental", "usr/share/zoneinfo/Chile/EasterIsland", "usr/share/zoneinfo/Etc/GMT", "usr/share/zoneinfo/Etc/GMT+0", "usr/share/zoneinfo/Etc/GMT+1", "usr/share/zoneinfo/Etc/GMT+10", "usr/share/zoneinfo/Etc/GMT+11", "usr/share/zoneinfo/Etc/GMT+12", "usr/share/zoneinfo/Etc/GMT+2", "usr/share/zoneinfo/Etc/GMT+3", "usr/share/zoneinfo/Etc/GMT+4", "usr/share/zoneinfo/Etc/GMT+5", "usr/share/zoneinfo/Etc/GMT+6", "usr/share/zoneinfo/Etc/GMT+7", "usr/share/zoneinfo/Etc/GMT+8", "usr/share/zoneinfo/Etc/GMT+9", "usr/share/zoneinfo/Etc/GMT-0", "usr/share/zoneinfo/Etc/GMT-1", "usr/share/zoneinfo/Etc/GMT-10", "usr/share/zoneinfo/Etc/GMT-11", "usr/share/zoneinfo/Etc/GMT-12", "usr/share/zoneinfo/Etc/GMT-13", "usr/share/zoneinfo/Etc/GMT-14", "usr/share/zoneinfo/Etc/GMT-2", "usr/share/zoneinfo/Etc/GMT-3", "usr/share/zoneinfo/Etc/GMT-4", "usr/share/zoneinfo/Etc/GMT-5", "usr/share/zoneinfo/Etc/GMT-6", "usr/share/zoneinfo/Etc/GMT-7", "usr/share/zoneinfo/Etc/GMT-8", "usr/share/zoneinfo/Etc/GMT-9", "usr/share/zoneinfo/Etc/GMT0", "usr/share/zoneinfo/Etc/Greenwich", "usr/share/zoneinfo/Etc/UCT", "usr/share/zoneinfo/Etc/UTC", "usr/share/zoneinfo/Etc/Universal", "usr/share/zoneinfo/Etc/Zulu", "usr/share/zoneinfo/Europe/Amsterdam", "usr/share/zoneinfo/Europe/Andorra", "usr/share/zoneinfo/Europe/Astrakhan", "usr/share/zoneinfo/Europe/Athens", "usr/share/zoneinfo/Europe/Belfast", "usr/share/zoneinfo/Europe/Belgrade", "usr/share/zoneinfo/Europe/Berlin", "usr/share/zoneinfo/Europe/Bratislava", "usr/share/zoneinfo/Europe/Brussels", "usr/share/zoneinfo/Europe/Bucharest", "usr/share/zoneinfo/Europe/Budapest", "usr/share/zoneinfo/Europe/Busingen", "usr/share/zoneinfo/Europe/Chisinau", "usr/share/zoneinfo/Europe/Copenhagen", "usr/share/zoneinfo/Europe/Dublin", "usr/share/zoneinfo/Europe/Gibraltar", "usr/share/zoneinfo/Europe/Guernsey", "usr/share/zoneinfo/Europe/Helsinki", "usr/share/zoneinfo/Europe/Isle_of_Man", "usr/share/zoneinfo/Europe/Istanbul", "usr/share/zoneinfo/Europe/Jersey", "usr/share/zoneinfo/Europe/Kaliningrad", "usr/share/zoneinfo/Europe/Kiev", "usr/share/zoneinfo/Europe/Kirov", "usr/share/zoneinfo/Europe/Kyiv", "usr/share/zoneinfo/Europe/Lisbon", "usr/share/zoneinfo/Europe/Ljubljana", "usr/share/zoneinfo/Europe/London", "usr/share/zoneinfo/Europe/Luxembourg", "usr/share/zoneinfo/Europe/Madrid", "usr/share/zoneinfo/Europe/Malta", "usr/share/zoneinfo/Europe/Mariehamn", "usr/share/zoneinfo/Europe/Minsk", "usr/share/zoneinfo/Europe/Monaco", "usr/share/zoneinfo/Europe/Moscow", "usr/share/zoneinfo/Europe/Nicosia", "usr/share/zoneinfo/Europe/Oslo", "usr/share/zoneinfo/Europe/Paris", "usr/share/zoneinfo/Europe/Podgorica", "usr/share/zoneinfo/Europe/Prague", "usr/share/zoneinfo/Europe/Riga", "usr/share/zoneinfo/Europe/Rome", "usr/share/zoneinfo/Europe/Samara", "usr/share/zoneinfo/Europe/San_Marino", "usr/share/zoneinfo/Europe/Sarajevo", "usr/share/zoneinfo/Europe/Saratov", "usr/share/zoneinfo/Europe/Simferopol", "usr/share/zoneinfo/Europe/Skopje", "usr/share/zoneinfo/Europe/Sofia", "usr/share/zoneinfo/Europe/Stockholm", "usr/share/zoneinfo/Europe/Tallinn", "usr/share/zoneinfo/Europe/Tirane", "usr/share/zoneinfo/Europe/Tiraspol", "usr/share/zoneinfo/Europe/Ulyanovsk", "usr/share/zoneinfo/Europe/Uzhgorod", "usr/share/zoneinfo/Europe/Vaduz", "usr/share/zoneinfo/Europe/Vatican", "usr/share/zoneinfo/Europe/Vienna", "usr/share/zoneinfo/Europe/Vilnius", "usr/share/zoneinfo/Europe/Volgograd", "usr/share/zoneinfo/Europe/Warsaw", "usr/share/zoneinfo/Europe/Zagreb", "usr/share/zoneinfo/Europe/Zaporozhye", "usr/share/zoneinfo/Europe/Zurich", "usr/share/zoneinfo/Indian/Antananarivo", "usr/share/zoneinfo/Indian/Chagos", "usr/share/zoneinfo/Indian/Christmas", "usr/share/zoneinfo/Indian/Cocos", "usr/share/zoneinfo/Indian/Comoro", "usr/share/zoneinfo/Indian/Kerguelen", "usr/share/zoneinfo/Indian/Mahe", "usr/share/zoneinfo/Indian/Maldives", "usr/share/zoneinfo/Indian/Mauritius", "usr/share/zoneinfo/Indian/Mayotte", "usr/share/zoneinfo/Indian/Reunion", "usr/share/zoneinfo/Mexico/BajaNorte", "usr/share/zoneinfo/Mexico/BajaSur", "usr/share/zoneinfo/Mexico/General", "usr/share/zoneinfo/Pacific/Apia", "usr/share/zoneinfo/Pacific/Auckland", "usr/share/zoneinfo/Pacific/Bougainville", "usr/share/zoneinfo/Pacific/Chatham", "usr/share/zoneinfo/Pacific/Chuuk", "usr/share/zoneinfo/Pacific/Easter", "usr/share/zoneinfo/Pacific/Efate", "usr/share/zoneinfo/Pacific/Enderbury", "usr/share/zoneinfo/Pacific/Fakaofo", "usr/share/zoneinfo/Pacific/Fiji", "usr/share/zoneinfo/Pacific/Funafuti", "usr/share/zoneinfo/Pacific/Galapagos", "usr/share/zoneinfo/Pacific/Gambier", "usr/share/zoneinfo/Pacific/Guadalcanal", "usr/share/zoneinfo/Pacific/Guam", "usr/share/zoneinfo/Pacific/Honolulu", "usr/share/zoneinfo/Pacific/Johnston", "usr/share/zoneinfo/Pacific/Kanton", "usr/share/zoneinfo/Pacific/Kiritimati", "usr/share/zoneinfo/Pacific/Kosrae", "usr/share/zoneinfo/Pacific/Kwajalein", "usr/share/zoneinfo/Pacific/Majuro", "usr/share/zoneinfo/Pacific/Marquesas", "usr/share/zoneinfo/Pacific/Midway", "usr/share/zoneinfo/Pacific/Nauru", "usr/share/zoneinfo/Pacific/Niue", "usr/share/zoneinfo/Pacific/Norfolk", "usr/share/zoneinfo/Pacific/Noumea", "usr/share/zoneinfo/Pacific/Pago_Pago", "usr/share/zoneinfo/Pacific/Palau", "usr/share/zoneinfo/Pacific/Pitcairn", "usr/share/zoneinfo/Pacific/Pohnpei", "usr/share/zoneinfo/Pacific/Ponape", "usr/share/zoneinfo/Pacific/Port_Moresby", "usr/share/zoneinfo/Pacific/Rarotonga", "usr/share/zoneinfo/Pacific/Saipan", "usr/share/zoneinfo/Pacific/Samoa", "usr/share/zoneinfo/Pacific/Tahiti", "usr/share/zoneinfo/Pacific/Tarawa", "usr/share/zoneinfo/Pacific/Tongatapu", "usr/share/zoneinfo/Pacific/Truk", "usr/share/zoneinfo/Pacific/Wake", "usr/share/zoneinfo/Pacific/Wallis", "usr/share/zoneinfo/Pacific/Yap", "usr/share/zoneinfo/US/Alaska", "usr/share/zoneinfo/US/Aleutian", "usr/share/zoneinfo/US/Arizona", "usr/share/zoneinfo/US/Central", "usr/share/zoneinfo/US/East-Indiana", "usr/share/zoneinfo/US/Eastern", "usr/share/zoneinfo/US/Hawaii", "usr/share/zoneinfo/US/Indiana-Starke", "usr/share/zoneinfo/US/Michigan", "usr/share/zoneinfo/US/Mountain", "usr/share/zoneinfo/US/Pacific", "usr/share/zoneinfo/US/Samoa" ], "AnalyzedBy": "apk" }, { "ID": "xz-libs@5.8.3-r0", "Name": "xz-libs", "Identifier": { "PURL": "pkg:apk/alpine/xz-libs@5.8.3-r0?arch=x86_64\u0026distro=3.23.4", "UID": "f68b0b2917b8b773" }, "Version": "5.8.3-r0", "Arch": "x86_64", "SrcName": "xz", "SrcVersion": "5.8.3-r0", "Licenses": [ "GPL-2.0-or-later", "0BSD", "Public-Domain", "LGPL-2.1-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:ddf3f8b1c3d2561ae67523b9baef398f971959bb", "InstalledFiles": [ "usr/lib/liblzma.so.5", "usr/lib/liblzma.so.5.8.3" ], "AnalyzedBy": "apk" }, { "ID": "zlib@1.3.2-r0", "Name": "zlib", "Identifier": { "PURL": "pkg:apk/alpine/zlib@1.3.2-r0?arch=x86_64\u0026distro=3.23.4", "UID": "23a5a7d167a86311" }, "Version": "1.3.2-r0", "Arch": "x86_64", "SrcName": "zlib", "SrcVersion": "1.3.2-r0", "Licenses": [ "Zlib" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:6a0ac1617861a677b045b7ff88545213ec31c0ff08763195a70a4a5adda577bb", "DiffID": "sha256:29df493baa13de438d6d2ece3a8333032e0b7b9b9d8cce4ee82194da255f61e1" }, "Digest": "sha1:68bb97ea5255e77aa974e65476d64832ad56288a", "InstalledFiles": [ "usr/lib/libz.so.1", "usr/lib/libz.so.1.3.2" ], "AnalyzedBy": "apk" }, { "ID": "zstd-libs@1.5.7-r2", "Name": "zstd-libs", "Identifier": { "PURL": "pkg:apk/alpine/zstd-libs@1.5.7-r2?arch=x86_64\u0026distro=3.23.4", "UID": "3653bba6b6680fed" }, "Version": "1.5.7-r2", "Arch": "x86_64", "SrcName": "zstd", "SrcVersion": "1.5.7-r2", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r23" ], "Layer": { "Digest": "sha256:f27930cd22b2187112be5098b67ad2f8d4cb973c469535b47ce4f7724605ae03", "DiffID": "sha256:200b162e46fd346bb51f09f16523641c73bca7871177da57203f4120d3afd0e0" }, "Digest": "sha1:d507b8ac3c4335a40405ac20e49bac9d43642be6", "InstalledFiles": [ "usr/lib/libzstd.so.1", "usr/lib/libzstd.so.1.5.7" ], "AnalyzedBy": "apk" } ] } ] }, { "Namespace": "ingress", "Kind": "DaemonSet", "Name": "nginx-ingress-microk8s-controller", "Metadata": [ { "Size": 300570624, "OS": { "Family": "alpine", "Name": "3.21.3" }, "ImageID": "sha256:6af992df6ef6254e4448bd51bb5b37e3f7dcd05e86f7abe99c4bd951dc4aef4a", "DiffIDs": [ "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350", "sha256:e33d3c45765e5be4b1162f7e8b066b22a5e5040fbd7bf1914d7c2f0ca6ff8d84", "sha256:c20fadd63d0c992903bb8b4f6e97907c65d8813ba9aeefe97ee266104512c1bb", "sha256:48a43f6596d39ee2a1b63d910cbb46f1a03ee2f2eeb3e67fefa09a4d773c4c96", "sha256:4c41abd1ea6c653ff23d2be5f5e7449f270a67172e45efdc8532184dec377004", "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb", "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef", "sha256:b4536ef30a85ae24d9be2699da4f8198706ce2d9bf92624e66a237a026918152", "sha256:9ce3e1ba2b9a8d047a1d56fbf7832dbc87e83ca28272b578860c980d6e6604cf", "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17", "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214", "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b", "sha256:8091455c14065d3454442ed87bd0c08ed4743259bd4e76458f3e9a6f5a84a3ed", "sha256:8092223828afad76fbb149b4e7772b18df8e643bf68e845552cf474291457eb2", "sha256:095ca2e2faf8197e860b1a0939052ab368bd2212ddff14745abfbb86cfcf9acd" ], "RepoTags": [ "registry.k8s.io/ingress-nginx/controller:v1.11.5" ], "RepoDigests": [ "registry.k8s.io/ingress-nginx/controller@sha256:a1cbad75b0a7098bf9325132794dddf9eef917e8a7fe246749a4cea7ff6f01eb" ], "Reference": "registry.k8s.io/ingress-nginx/controller:v1.11.5", "ImageConfig": { "architecture": "amd64", "created": "2025-03-24T23:16:01.197088025Z", "history": [ { "created": "2025-02-14T03:28:36Z", "created_by": "ADD alpine-minirootfs-3.21.3-x86_64.tar.gz / # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-02-14T03:28:36Z", "created_by": "CMD [\"/bin/sh\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-03-24T14:50:55.998977887Z", "created_by": "ENV PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/luajit/bin:/usr/local/nginx/sbin:/usr/local/nginx/bin", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-03-24T14:50:55.998977887Z", "created_by": "ENV LUA_PATH=/usr/local/share/luajit-2.1.0-beta3/?.lua;/usr/local/share/lua/5.1/?.lua;/usr/local/lib/lua/?.lua;;", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-03-24T14:50:55.998977887Z", "created_by": "ENV LUA_CPATH=/usr/local/lib/lua/?/?.so;/usr/local/lib/lua/?.so;;", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-03-24T14:50:55.998977887Z", "created_by": "COPY /usr/local /usr/local # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-03-24T14:50:56.537993831Z", "created_by": "COPY /usr/lib/libopentelemetry* /usr/local/lib # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-03-24T14:50:56.606565169Z", "created_by": "COPY /opt /opt # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-03-24T14:50:56.764343377Z", "created_by": "COPY /etc/nginx /etc/nginx # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-03-24T14:51:02.807362199Z", "created_by": "RUN /bin/sh -c apk update \u0026\u0026 apk upgrade \u0026\u0026 apk add -U --no-cache bash openssl pcre zlib ca-certificates patch yajl lmdb libxml2 libmaxminddb yaml-cpp dumb-init tzdata grpc-cpp libprotobuf abseil-cpp-crc-cpu-detect abseil-cpp-vlog-config-internal \u0026\u0026 ln -s /usr/local/nginx/sbin/nginx /sbin/nginx \u0026\u0026 adduser -S -D -H -u 101 -h /usr/local/nginx -s /sbin/nologin -G www-data -g www-data www-data \u0026\u0026 bash -eu -c ' writeDirs=( /var/log/nginx /var/lib/nginx/body /var/lib/nginx/fastcgi /var/lib/nginx/proxy /var/lib/nginx/scgi /var/lib/nginx/uwsgi /var/log/audit ); for dir in \"${writeDirs[@]}\"; do mkdir -p ${dir}; chown -R www-data:www-data ${dir}; done' # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-03-24T14:51:02.807362199Z", "created_by": "EXPOSE map[443/tcp:{} 80/tcp:{}]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-03-24T14:51:02.807362199Z", "created_by": "CMD [\"nginx\" \"-g\" \"daemon off;\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-03-24T23:15:54.15099068Z", "created_by": "ARG TARGETARCH=amd64", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-03-24T23:15:54.15099068Z", "created_by": "ARG VERSION=v1.11.5", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-03-24T23:15:54.15099068Z", "created_by": "ARG COMMIT_SHA=97ffeeee0fabd4b1c6b1cdabeaed881faab612de", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-03-24T23:15:54.15099068Z", "created_by": "ARG BUILD_ID=dd9cca89-47b4-498c-b5f7-8fe81f75df48", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-03-24T23:15:54.15099068Z", "created_by": "LABEL org.opencontainers.image.title=NGINX Ingress Controller for Kubernetes", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-03-24T23:15:54.15099068Z", "created_by": "LABEL org.opencontainers.image.documentation=https://kubernetes.github.io/ingress-nginx/", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-03-24T23:15:54.15099068Z", "created_by": "LABEL org.opencontainers.image.source=https://github.com/kubernetes/ingress-nginx", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-03-24T23:15:54.15099068Z", "created_by": "LABEL org.opencontainers.image.vendor=The Kubernetes Authors", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-03-24T23:15:54.15099068Z", "created_by": "LABEL org.opencontainers.image.licenses=Apache-2.0", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-03-24T23:15:54.15099068Z", "created_by": "LABEL org.opencontainers.image.version=v1.11.5", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-03-24T23:15:54.15099068Z", "created_by": "LABEL org.opencontainers.image.revision=97ffeeee0fabd4b1c6b1cdabeaed881faab612de", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-03-24T23:15:54.15099068Z", "created_by": "LABEL build_id=dd9cca89-47b4-498c-b5f7-8fe81f75df48", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-03-24T23:15:54.15099068Z", "created_by": "WORKDIR /etc/nginx", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-03-24T23:15:57.970914099Z", "created_by": "RUN |4 TARGETARCH=amd64 VERSION=v1.11.5 COMMIT_SHA=97ffeeee0fabd4b1c6b1cdabeaed881faab612de BUILD_ID=dd9cca89-47b4-498c-b5f7-8fe81f75df48 /bin/sh -c apk update \u0026\u0026 apk upgrade \u0026\u0026 apk add --no-cache diffutils \u0026\u0026 rm -rf /var/cache/apk/* # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-03-24T23:15:58.043497122Z", "created_by": "COPY --chown=www-data:www-data etc /etc # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-03-24T23:15:58.113742726Z", "created_by": "COPY --chown=www-data:www-data bin/amd64/dbg / # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-03-24T23:15:58.42043542Z", "created_by": "COPY --chown=www-data:www-data bin/amd64/nginx-ingress-controller / # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-03-24T23:15:58.480418849Z", "created_by": "COPY --chown=www-data:www-data bin/amd64/wait-shutdown / # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-03-24T23:15:58.765533366Z", "created_by": "RUN |4 TARGETARCH=amd64 VERSION=v1.11.5 COMMIT_SHA=97ffeeee0fabd4b1c6b1cdabeaed881faab612de BUILD_ID=dd9cca89-47b4-498c-b5f7-8fe81f75df48 /bin/sh -c bash -xeu -c ' writeDirs=( /etc/ingress-controller/ssl /etc/ingress-controller/auth /etc/ingress-controller/geoip /etc/ingress-controller/telemetry /var/log /var/log/nginx /tmp/nginx ); for dir in \"${writeDirs[@]}\"; do mkdir -p ${dir}; chown -R www-data:www-data ${dir}; done' \u0026\u0026 echo \"/lib:/usr/lib:/usr/local/lib:/modules_mount/etc/nginx/modules/otel\" \u003e /etc/ld-musl-x86_64.path # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-03-24T23:16:00.98914775Z", "created_by": "RUN |4 TARGETARCH=amd64 VERSION=v1.11.5 COMMIT_SHA=97ffeeee0fabd4b1c6b1cdabeaed881faab612de BUILD_ID=dd9cca89-47b4-498c-b5f7-8fe81f75df48 /bin/sh -c apk add --no-cache libcap \u0026\u0026 setcap cap_net_bind_service=+ep /nginx-ingress-controller \u0026\u0026 setcap -v cap_net_bind_service=+ep /nginx-ingress-controller \u0026\u0026 setcap cap_net_bind_service=+ep /usr/local/nginx/sbin/nginx \u0026\u0026 setcap -v cap_net_bind_service=+ep /usr/local/nginx/sbin/nginx \u0026\u0026 setcap cap_net_bind_service=+ep /usr/bin/dumb-init \u0026\u0026 setcap -v cap_net_bind_service=+ep /usr/bin/dumb-init \u0026\u0026 apk del libcap \u0026\u0026 ln -sf /usr/local/nginx/sbin/nginx /usr/bin/nginx # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-03-24T23:16:00.98914775Z", "created_by": "USER www-data", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-03-24T23:16:01.197088025Z", "created_by": "RUN |4 TARGETARCH=amd64 VERSION=v1.11.5 COMMIT_SHA=97ffeeee0fabd4b1c6b1cdabeaed881faab612de BUILD_ID=dd9cca89-47b4-498c-b5f7-8fe81f75df48 /bin/sh -c ln -sf /dev/stdout /var/log/nginx/access.log \u0026\u0026 ln -sf /dev/stderr /var/log/nginx/error.log # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-03-24T23:16:01.197088025Z", "created_by": "ENTRYPOINT [\"/usr/bin/dumb-init\" \"--\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-03-24T23:16:01.197088025Z", "created_by": "CMD [\"/nginx-ingress-controller\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true } ], "os": "linux", "rootfs": { "type": "layers", "diff_ids": [ "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350", "sha256:e33d3c45765e5be4b1162f7e8b066b22a5e5040fbd7bf1914d7c2f0ca6ff8d84", "sha256:c20fadd63d0c992903bb8b4f6e97907c65d8813ba9aeefe97ee266104512c1bb", "sha256:48a43f6596d39ee2a1b63d910cbb46f1a03ee2f2eeb3e67fefa09a4d773c4c96", "sha256:4c41abd1ea6c653ff23d2be5f5e7449f270a67172e45efdc8532184dec377004", "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb", "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef", "sha256:b4536ef30a85ae24d9be2699da4f8198706ce2d9bf92624e66a237a026918152", "sha256:9ce3e1ba2b9a8d047a1d56fbf7832dbc87e83ca28272b578860c980d6e6604cf", "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17", "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214", "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b", "sha256:8091455c14065d3454442ed87bd0c08ed4743259bd4e76458f3e9a6f5a84a3ed", "sha256:8092223828afad76fbb149b4e7772b18df8e643bf68e845552cf474291457eb2", "sha256:095ca2e2faf8197e860b1a0939052ab368bd2212ddff14745abfbb86cfcf9acd" ] }, "config": { "Cmd": [ "/nginx-ingress-controller" ], "Entrypoint": [ "/usr/bin/dumb-init", "--" ], "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/luajit/bin:/usr/local/nginx/sbin:/usr/local/nginx/bin", "LUA_PATH=/usr/local/share/luajit-2.1.0-beta3/?.lua;/usr/local/share/lua/5.1/?.lua;/usr/local/lib/lua/?.lua;;", "LUA_CPATH=/usr/local/lib/lua/?/?.so;/usr/local/lib/lua/?.so;;" ], "Labels": { "build_id": "dd9cca89-47b4-498c-b5f7-8fe81f75df48", "org.opencontainers.image.documentation": "https://kubernetes.github.io/ingress-nginx/", "org.opencontainers.image.licenses": "Apache-2.0", "org.opencontainers.image.revision": "97ffeeee0fabd4b1c6b1cdabeaed881faab612de", "org.opencontainers.image.source": "https://github.com/kubernetes/ingress-nginx", "org.opencontainers.image.title": "NGINX Ingress Controller for Kubernetes", "org.opencontainers.image.vendor": "The Kubernetes Authors", "org.opencontainers.image.version": "v1.11.5" }, "User": "www-data", "WorkingDir": "/etc/nginx", "ExposedPorts": { "443/tcp": {}, "80/tcp": {} }, "ArgsEscaped": true } }, "Layers": [ { "Size": 8120832, "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, { "Size": 80165376, "Digest": "sha256:5cc8abdb7c1985125d564afff276420817a2cbad9bc404c500758a1279eddb5e", "DiffID": "sha256:e33d3c45765e5be4b1162f7e8b066b22a5e5040fbd7bf1914d7c2f0ca6ff8d84" }, { "Size": 30490112, "Digest": "sha256:267ec1e9fef46f0a8a9f5532aa172afdad3d4fec238f3f1b94f98d77647f50cb", "DiffID": "sha256:c20fadd63d0c992903bb8b4f6e97907c65d8813ba9aeefe97ee266104512c1bb" }, { "Size": 4096, "Digest": "sha256:61928ff5d71793bd47b5f72457dff5f64926f8a8464435c39a2fd8567a70e3f1", "DiffID": "sha256:48a43f6596d39ee2a1b63d910cbb46f1a03ee2f2eeb3e67fefa09a4d773c4c96" }, { "Size": 2999296, "Digest": "sha256:b0c14f15d577ef9a503dce9d66dc233daea5a0d3aa092a67b6a3b4996490051b", "DiffID": "sha256:4c41abd1ea6c653ff23d2be5f5e7449f270a67172e45efdc8532184dec377004" }, { "Size": 48074752, "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, { "Size": 1024, "Digest": "sha256:4f4fb700ef54461cfa02571ae0db9a0dc1e0cdb5577484a6d75e68dc38e8acc1", "DiffID": "sha256:5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef" }, { "Size": 425984, "Digest": "sha256:d8bf483dcaa2136ca4275dfa783369b5159ffd96ac2a1748928cb4e1864710ba", "DiffID": "sha256:b4536ef30a85ae24d9be2699da4f8198706ce2d9bf92624e66a237a026918152" }, { "Size": 323072, "Digest": "sha256:622e118fdff9e0545c7f5a2903c6c6ee1e83575e476497564643958c5122d767", "DiffID": "sha256:9ce3e1ba2b9a8d047a1d56fbf7832dbc87e83ca28272b578860c980d6e6604cf" }, { "Size": 6465536, "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" }, { "Size": 52959232, "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, { "Size": 3930112, "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" }, { "Size": 7168, "Digest": "sha256:810f9f20a53c5f74e841b01240513cae267a347826549d794c7608a93964c8ee", "DiffID": "sha256:8091455c14065d3454442ed87bd0c08ed4743259bd4e76458f3e9a6f5a84a3ed" }, { "Size": 66600448, "Digest": "sha256:46d0fd62d2cff7737f0fb4748d92a080a4d1a75f1a4c61c776df46bbbb024d4a", "DiffID": "sha256:8092223828afad76fbb149b4e7772b18df8e643bf68e845552cf474291457eb2" }, { "Size": 3584, "Digest": "sha256:db5408ef777344225e7f6b3b5edbb0dd8187346fe6b8ef25d49b3206adbd589a", "DiffID": "sha256:095ca2e2faf8197e860b1a0939052ab368bd2212ddff14745abfbb86cfcf9acd" } ] } ], "Results": [ { "Target": "registry.k8s.io/ingress-nginx/controller:v1.11.5 (alpine 3.21.3)", "Class": "os-pkgs", "Type": "alpine", "Packages": [ { "ID": "abseil-cpp-base@20240722.0-r0", "Name": "abseil-cpp-base", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-base@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "b6e956a38dbfdfc7" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "abseil-cpp-raw-logging-internal@20240722.0-r0", "abseil-cpp-spinlock-wait@20240722.0-r0", "libgcc@14.2.0-r4", "libstdc++@14.2.0-r4", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:f119fb04ecdd04739a6b7c875976b0aaf381603f", "InstalledFiles": [ "usr/lib/libabsl_base.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-city@20240722.0-r0", "Name": "abseil-cpp-city", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-city@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "1db180a4f1711db6" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:9a8c072de15cc24b16c9471e597f17c429add617", "InstalledFiles": [ "usr/lib/libabsl_city.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-cord@20240722.0-r0", "Name": "abseil-cpp-cord", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-cord@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "5845a704427c8012" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "abseil-cpp-cord-internal@20240722.0-r0", "abseil-cpp-cordz-functions@20240722.0-r0", "abseil-cpp-cordz-info@20240722.0-r0", "abseil-cpp-crc-cord-state@20240722.0-r0", "abseil-cpp-raw-logging-internal@20240722.0-r0", "abseil-cpp-strings@20240722.0-r0", "libgcc@14.2.0-r4", "libstdc++@14.2.0-r4", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:4131a105d32960476940b51dd7ee2544d97ed4d3", "InstalledFiles": [ "usr/lib/libabsl_cord.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-cord-internal@20240722.0-r0", "Name": "abseil-cpp-cord-internal", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-cord-internal@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "82fcff44113f8f50" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "abseil-cpp-crc-cord-state@20240722.0-r0", "abseil-cpp-raw-logging-internal@20240722.0-r0", "abseil-cpp-strings@20240722.0-r0", "libgcc@14.2.0-r4", "libstdc++@14.2.0-r4", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:e29cf7add6748fa7606b17e71f8e8df8c0a23f86", "InstalledFiles": [ "usr/lib/libabsl_cord_internal.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-cordz-functions@20240722.0-r0", "Name": "abseil-cpp-cordz-functions", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-cordz-functions@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "5095b4f4ba95e23" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "abseil-cpp-exponential-biased@20240722.0-r0", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:2a1d89367bc392fcdaa7fbcd59aa3d4faee279cb", "InstalledFiles": [ "usr/lib/libabsl_cordz_functions.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-cordz-handle@20240722.0-r0", "Name": "abseil-cpp-cordz-handle", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-cordz-handle@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "ff14794af56e79ba" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "abseil-cpp-synchronization@20240722.0-r0", "libgcc@14.2.0-r4", "libstdc++@14.2.0-r4", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:734c3c1c0c68635797f50f2a198ac67da3b3bcbb", "InstalledFiles": [ "usr/lib/libabsl_cordz_handle.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-cordz-info@20240722.0-r0", "Name": "abseil-cpp-cordz-info", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-cordz-info@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "20f772fd64b5157c" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "abseil-cpp-base@20240722.0-r0", "abseil-cpp-cord-internal@20240722.0-r0", "abseil-cpp-cordz-handle@20240722.0-r0", "abseil-cpp-stacktrace@20240722.0-r0", "abseil-cpp-synchronization@20240722.0-r0", "abseil-cpp-time@20240722.0-r0", "libgcc@14.2.0-r4", "libstdc++@14.2.0-r4", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:3063f930f4c21a37694a362ff55a78aaa782fe40", "InstalledFiles": [ "usr/lib/libabsl_cordz_info.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-crc-cord-state@20240722.0-r0", "Name": "abseil-cpp-crc-cord-state", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-crc-cord-state@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "3e60ba26069972ee" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "abseil-cpp-crc32c@20240722.0-r0", "libgcc@14.2.0-r4", "libstdc++@14.2.0-r4", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:9b17e061d71812722b55bdc26e5ccc871218bd4d", "InstalledFiles": [ "usr/lib/libabsl_crc_cord_state.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-crc-cpu-detect@20240722.0-r0", "Name": "abseil-cpp-crc-cpu-detect", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-crc-cpu-detect@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "c76fd3a3c1a09787" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "libgcc@14.2.0-r4", "libstdc++@14.2.0-r4", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:76c5de2f09887eac1d935fc8ed2f538547df4d07", "InstalledFiles": [ "usr/lib/libabsl_crc_cpu_detect.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-crc-internal@20240722.0-r0", "Name": "abseil-cpp-crc-internal", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-crc-internal@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "25448508926240c8" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "abseil-cpp-raw-logging-internal@20240722.0-r0", "libgcc@14.2.0-r4", "libstdc++@14.2.0-r4", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:2979c617b6a34893d2ef113654e9c7a6321e4eab", "InstalledFiles": [ "usr/lib/libabsl_crc_internal.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-crc32c@20240722.0-r0", "Name": "abseil-cpp-crc32c", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-crc32c@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "b72b634388918bfd" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "abseil-cpp-crc-internal@20240722.0-r0", "libgcc@14.2.0-r4", "libstdc++@14.2.0-r4", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:6bcad6c81cde3be724d9ddbd0de8c1f061b0be86", "InstalledFiles": [ "usr/lib/libabsl_crc32c.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-debugging-internal@20240722.0-r0", "Name": "abseil-cpp-debugging-internal", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-debugging-internal@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "5a639103f2528133" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "abseil-cpp-raw-logging-internal@20240722.0-r0", "libgcc@14.2.0-r4", "libstdc++@14.2.0-r4", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:2caa5a3fc032c6bee66100c0399d154d50da628f", "InstalledFiles": [ "usr/lib/libabsl_debugging_internal.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-die-if-null@20240722.0-r0", "Name": "abseil-cpp-die-if-null", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-die-if-null@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "fb14fa1fe0d77e26" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "abseil-cpp-log-internal-message@20240722.0-r0", "abseil-cpp-strings@20240722.0-r0", "libstdc++@14.2.0-r4", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:248499948d709f2499dd839152e8c2c62456c65d", "InstalledFiles": [ "usr/lib/libabsl_die_if_null.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-examine-stack@20240722.0-r0", "Name": "abseil-cpp-examine-stack", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-examine-stack@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "3e53dab82ed518" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "abseil-cpp-stacktrace@20240722.0-r0", "abseil-cpp-symbolize@20240722.0-r0", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:e4c13972cf67967b571884d86c7bc9e8661b0054", "InstalledFiles": [ "usr/lib/libabsl_examine_stack.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-exponential-biased@20240722.0-r0", "Name": "abseil-cpp-exponential-biased", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-exponential-biased@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "8ebcec3a9c0b8bc2" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:8caf1c24f3f009cadb4de7e21d6aff4be93b3024", "InstalledFiles": [ "usr/lib/libabsl_exponential_biased.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-flags-commandlineflag@20240722.0-r0", "Name": "abseil-cpp-flags-commandlineflag", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-flags-commandlineflag@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "77e6d9de8c02c41c" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "libstdc++@14.2.0-r4" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:c8630701b27fdb9eb848d64d0682d993b7f308f1", "InstalledFiles": [ "usr/lib/libabsl_flags_commandlineflag.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-flags-commandlineflag-internal@20240722.0-r0", "Name": "abseil-cpp-flags-commandlineflag-internal", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-flags-commandlineflag-internal@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "bca11bb0422d4df1" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "libstdc++@14.2.0-r4" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:475dd40133d928762fcdae68acac4687c191b0ea", "InstalledFiles": [ "usr/lib/libabsl_flags_commandlineflag_internal.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-flags-config@20240722.0-r0", "Name": "abseil-cpp-flags-config", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-flags-config@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "a16c438db1d2a16c" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "abseil-cpp-flags-program-name@20240722.0-r0", "abseil-cpp-synchronization@20240722.0-r0", "libgcc@14.2.0-r4", "libstdc++@14.2.0-r4", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:b521bd8bc838b342934a51a25cdbaadc9e45c901", "InstalledFiles": [ "usr/lib/libabsl_flags_config.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-flags-internal@20240722.0-r0", "Name": "abseil-cpp-flags-internal", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-flags-internal@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "1f0671395adc3412" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "abseil-cpp-flags-commandlineflag-internal@20240722.0-r0", "abseil-cpp-flags-commandlineflag@20240722.0-r0", "abseil-cpp-flags-config@20240722.0-r0", "abseil-cpp-raw-logging-internal@20240722.0-r0", "abseil-cpp-spinlock-wait@20240722.0-r0", "abseil-cpp-strings@20240722.0-r0", "abseil-cpp-synchronization@20240722.0-r0", "libgcc@14.2.0-r4", "libstdc++@14.2.0-r4", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:8deabcef3489363f81090e4647cec18202ab74a4", "InstalledFiles": [ "usr/lib/libabsl_flags_internal.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-flags-marshalling@20240722.0-r0", "Name": "abseil-cpp-flags-marshalling", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-flags-marshalling@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "34d6575c83748db2" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "abseil-cpp-int128@20240722.0-r0", "abseil-cpp-str-format-internal@20240722.0-r0", "abseil-cpp-strings@20240722.0-r0", "libgcc@14.2.0-r4", "libstdc++@14.2.0-r4", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:b9a660b37d1dde155731ce29c5f744d67bf17aa4", "InstalledFiles": [ "usr/lib/libabsl_flags_marshalling.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-flags-private-handle-accessor@20240722.0-r0", "Name": "abseil-cpp-flags-private-handle-accessor", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-flags-private-handle-accessor@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "14dfe60e07741b7f" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:faa50b40dd8daa14931498cfd6523b02d21f2135", "InstalledFiles": [ "usr/lib/libabsl_flags_private_handle_accessor.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-flags-program-name@20240722.0-r0", "Name": "abseil-cpp-flags-program-name", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-flags-program-name@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "d164362caa03fcd3" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "abseil-cpp-synchronization@20240722.0-r0", "libgcc@14.2.0-r4", "libstdc++@14.2.0-r4", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:a397284a756437c20200990276f7a25b0cf050d1", "InstalledFiles": [ "usr/lib/libabsl_flags_program_name.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-flags-reflection@20240722.0-r0", "Name": "abseil-cpp-flags-reflection", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-flags-reflection@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "7d0d78ca5ab03a66" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "abseil-cpp-flags-commandlineflag@20240722.0-r0", "abseil-cpp-flags-config@20240722.0-r0", "abseil-cpp-flags-private-handle-accessor@20240722.0-r0", "abseil-cpp-hash@20240722.0-r0", "abseil-cpp-raw-hash-set@20240722.0-r0", "abseil-cpp-strings@20240722.0-r0", "abseil-cpp-synchronization@20240722.0-r0", "libgcc@14.2.0-r4", "libstdc++@14.2.0-r4", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:ea3a137ca1c8f97cf9ea705c3d196418aa7f34ab", "InstalledFiles": [ "usr/lib/libabsl_flags_reflection.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-hash@20240722.0-r0", "Name": "abseil-cpp-hash", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-hash@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "ca28f67edf2db634" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "abseil-cpp-city@20240722.0-r0", "abseil-cpp-low-level-hash@20240722.0-r0", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:91c90604a23db8567fb5eded0fe4b93aa0e8bb09", "InstalledFiles": [ "usr/lib/libabsl_hash.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-int128@20240722.0-r0", "Name": "abseil-cpp-int128", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-int128@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "887244893996a9b2" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "libgcc@14.2.0-r4", "libstdc++@14.2.0-r4", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:456cff991c6732e0470ee7d9cf9b890a86d0bd27", "InstalledFiles": [ "usr/lib/libabsl_int128.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-kernel-timeout-internal@20240722.0-r0", "Name": "abseil-cpp-kernel-timeout-internal", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-kernel-timeout-internal@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "96e43af988c89514" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "abseil-cpp-raw-logging-internal@20240722.0-r0", "abseil-cpp-time@20240722.0-r0", "libstdc++@14.2.0-r4", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:37081109feea1118fe9549e814d962d57a7504b0", "InstalledFiles": [ "usr/lib/libabsl_kernel_timeout_internal.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-log-globals@20240722.0-r0", "Name": "abseil-cpp-log-globals", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-log-globals@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "c0bed64b631dac7c" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "abseil-cpp-hash@20240722.0-r0", "abseil-cpp-raw-logging-internal@20240722.0-r0", "libgcc@14.2.0-r4", "libstdc++@14.2.0-r4", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:cf3ec4b66f015006d01ebda2e0cba7473478f61f", "InstalledFiles": [ "usr/lib/libabsl_log_globals.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-log-internal-check-op@20240722.0-r0", "Name": "abseil-cpp-log-internal-check-op", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-log-internal-check-op@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "71eb8367888b5b63" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "abseil-cpp-log-internal-nullguard@20240722.0-r0", "abseil-cpp-strings@20240722.0-r0", "libgcc@14.2.0-r4", "libstdc++@14.2.0-r4", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:a183b7dadf2c425e3c7b9f7d5dbabe6f1e8b23f0", "InstalledFiles": [ "usr/lib/libabsl_log_internal_check_op.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-log-internal-conditions@20240722.0-r0", "Name": "abseil-cpp-log-internal-conditions", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-log-internal-conditions@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "ce87a8a83ad2f0a5" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "abseil-cpp-base@20240722.0-r0" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:ae7d6454f7c39128b5b21cc513eaef330cdf459b", "InstalledFiles": [ "usr/lib/libabsl_log_internal_conditions.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-log-internal-fnmatch@20240722.0-r0", "Name": "abseil-cpp-log-internal-fnmatch", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-log-internal-fnmatch@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "d1cbb1781ad71d88" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "libstdc++@14.2.0-r4", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:d7d0fbd7b64f58d9343be0435000cdcdc5b9ec18", "InstalledFiles": [ "usr/lib/libabsl_log_internal_fnmatch.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-log-internal-format@20240722.0-r0", "Name": "abseil-cpp-log-internal-format", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-log-internal-format@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "3d4a37c26952ae" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "abseil-cpp-log-internal-globals@20240722.0-r0", "abseil-cpp-str-format-internal@20240722.0-r0", "abseil-cpp-strings@20240722.0-r0", "abseil-cpp-time@20240722.0-r0", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:4e87d467ed89f85670797d3308253557f3d25596", "InstalledFiles": [ "usr/lib/libabsl_log_internal_format.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-log-internal-globals@20240722.0-r0", "Name": "abseil-cpp-log-internal-globals", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-log-internal-globals@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "580bf4ad2491dd58" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "abseil-cpp-raw-logging-internal@20240722.0-r0", "libstdc++@14.2.0-r4", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:b1ad3f89916cfd368fe92fc9c36b575c5d017a56", "InstalledFiles": [ "usr/lib/libabsl_log_internal_globals.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-log-internal-log-sink-set@20240722.0-r0", "Name": "abseil-cpp-log-internal-log-sink-set", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-log-internal-log-sink-set@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "343a5d7b4df20552" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "abseil-cpp-log-globals@20240722.0-r0", "abseil-cpp-log-internal-globals@20240722.0-r0", "abseil-cpp-log-sink@20240722.0-r0", "abseil-cpp-raw-logging-internal@20240722.0-r0", "abseil-cpp-spinlock-wait@20240722.0-r0", "abseil-cpp-synchronization@20240722.0-r0", "libgcc@14.2.0-r4", "libstdc++@14.2.0-r4", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:5fdc8b05df4f0417a123db6ce33929977c2ed183", "InstalledFiles": [ "usr/lib/libabsl_log_internal_log_sink_set.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-log-internal-message@20240722.0-r0", "Name": "abseil-cpp-log-internal-message", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-log-internal-message@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "2bc70f16339e71dd" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "abseil-cpp-base@20240722.0-r0", "abseil-cpp-examine-stack@20240722.0-r0", "abseil-cpp-log-globals@20240722.0-r0", "abseil-cpp-log-internal-format@20240722.0-r0", "abseil-cpp-log-internal-globals@20240722.0-r0", "abseil-cpp-log-internal-log-sink-set@20240722.0-r0", "abseil-cpp-log-internal-proto@20240722.0-r0", "abseil-cpp-raw-logging-internal@20240722.0-r0", "abseil-cpp-strerror@20240722.0-r0", "abseil-cpp-time@20240722.0-r0", "libgcc@14.2.0-r4", "libstdc++@14.2.0-r4", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:d4fcb572a40a151bcc39b584c16aa32e069b72ff", "InstalledFiles": [ "usr/lib/libabsl_log_internal_message.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-log-internal-nullguard@20240722.0-r0", "Name": "abseil-cpp-log-internal-nullguard", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-log-internal-nullguard@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "f4958860bfac8a3" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:c611f1ce74f66a6091d61ca9c71117f0238ecbfc", "InstalledFiles": [ "usr/lib/libabsl_log_internal_nullguard.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-log-internal-proto@20240722.0-r0", "Name": "abseil-cpp-log-internal-proto", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-log-internal-proto@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "410b9b25c1437c68" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:a14778300945cf2e7519198b0bdf80d18121e997", "InstalledFiles": [ "usr/lib/libabsl_log_internal_proto.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-log-sink@20240722.0-r0", "Name": "abseil-cpp-log-sink", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-log-sink@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "26c672fc2a1de89e" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "libstdc++@14.2.0-r4" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:4ab74d275296e155a5b5855f43d4e3fce2ec06e2", "InstalledFiles": [ "usr/lib/libabsl_log_sink.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-low-level-hash@20240722.0-r0", "Name": "abseil-cpp-low-level-hash", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-low-level-hash@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "749e55ad4d3cd149" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:5c97f3e996f7c44e9b3956781cea8e56474ce637", "InstalledFiles": [ "usr/lib/libabsl_low_level_hash.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-malloc-internal@20240722.0-r0", "Name": "abseil-cpp-malloc-internal", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-malloc-internal@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "4065cac98d45c567" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "abseil-cpp-base@20240722.0-r0", "abseil-cpp-raw-logging-internal@20240722.0-r0", "abseil-cpp-spinlock-wait@20240722.0-r0", "libgcc@14.2.0-r4", "libstdc++@14.2.0-r4", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:2453932fc50587ba3ca052a80d4a2bcf09b353f5", "InstalledFiles": [ "usr/lib/libabsl_malloc_internal.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-random-internal-platform@20240722.0-r0", "Name": "abseil-cpp-random-internal-platform", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-random-internal-platform@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "d77e57c9f6a36e92" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:8c112185a73bea0e6961f4a4a6562b769bc89168", "InstalledFiles": [ "usr/lib/libabsl_random_internal_platform.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-random-internal-pool-urbg@20240722.0-r0", "Name": "abseil-cpp-random-internal-pool-urbg", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-random-internal-pool-urbg@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "3f91f5259426cb3a" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "abseil-cpp-base@20240722.0-r0", "abseil-cpp-random-internal-randen-hwaes-impl@20240722.0-r0", "abseil-cpp-random-internal-randen-slow@20240722.0-r0", "abseil-cpp-random-internal-randen@20240722.0-r0", "abseil-cpp-random-internal-seed-material@20240722.0-r0", "abseil-cpp-random-seed-gen-exception@20240722.0-r0", "abseil-cpp-spinlock-wait@20240722.0-r0", "libgcc@14.2.0-r4", "libstdc++@14.2.0-r4", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:75ee1f1a16e0ac8458391680dbed2b1400edab69", "InstalledFiles": [ "usr/lib/libabsl_random_internal_pool_urbg.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-random-internal-randen@20240722.0-r0", "Name": "abseil-cpp-random-internal-randen", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-random-internal-randen@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "c07c31180059fc45" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "abseil-cpp-random-internal-randen-hwaes-impl@20240722.0-r0", "abseil-cpp-random-internal-randen-hwaes@20240722.0-r0", "abseil-cpp-random-internal-randen-slow@20240722.0-r0", "libgcc@14.2.0-r4", "libstdc++@14.2.0-r4" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:033c401ca9df05b4aaf520ca202fe911e42c4ed0", "InstalledFiles": [ "usr/lib/libabsl_random_internal_randen.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-random-internal-randen-hwaes@20240722.0-r0", "Name": "abseil-cpp-random-internal-randen-hwaes", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-random-internal-randen-hwaes@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "9e3de93f3d0bb788" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:e4cf63a0b8761512c2ae5829314be3a71edc5685", "InstalledFiles": [ "usr/lib/libabsl_random_internal_randen_hwaes.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-random-internal-randen-hwaes-impl@20240722.0-r0", "Name": "abseil-cpp-random-internal-randen-hwaes-impl", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-random-internal-randen-hwaes-impl@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "ca1dd8014001fcc" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "abseil-cpp-random-internal-platform@20240722.0-r0" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:ea18e9fbe0f5175824fdad8b2d73b44ee17304ea", "InstalledFiles": [ "usr/lib/libabsl_random_internal_randen_hwaes_impl.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-random-internal-randen-slow@20240722.0-r0", "Name": "abseil-cpp-random-internal-randen-slow", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-random-internal-randen-slow@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "8fe4f12eacc94e1" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "abseil-cpp-random-internal-platform@20240722.0-r0", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:65582a7685600f06974688534e6fae7e30a8301a", "InstalledFiles": [ "usr/lib/libabsl_random_internal_randen_slow.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-random-internal-seed-material@20240722.0-r0", "Name": "abseil-cpp-random-internal-seed-material", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-random-internal-seed-material@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "7e7e19e25565a52b" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "libgcc@14.2.0-r4", "libstdc++@14.2.0-r4", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:900579c19597e37851acd08686f7680846780bd0", "InstalledFiles": [ "usr/lib/libabsl_random_internal_seed_material.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-random-seed-gen-exception@20240722.0-r0", "Name": "abseil-cpp-random-seed-gen-exception", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-random-seed-gen-exception@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "ba8d34c0851c1680" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "libstdc++@14.2.0-r4" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:dfea8ec7ce220fd91a8c5d299e91566792104c14", "InstalledFiles": [ "usr/lib/libabsl_random_seed_gen_exception.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-raw-hash-set@20240722.0-r0", "Name": "abseil-cpp-raw-hash-set", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-raw-hash-set@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "ce09167cd05be0d6" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "abseil-cpp-hash@20240722.0-r0", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:685ff5da9644daad578c9309d351749f5554633b", "InstalledFiles": [ "usr/lib/libabsl_raw_hash_set.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-raw-logging-internal@20240722.0-r0", "Name": "abseil-cpp-raw-logging-internal", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-raw-logging-internal@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "1f22b75a8a9602e1" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "libgcc@14.2.0-r4", "libstdc++@14.2.0-r4", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:76c969915dbdc64b61f78cca452227e743e6987e", "InstalledFiles": [ "usr/lib/libabsl_raw_logging_internal.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-spinlock-wait@20240722.0-r0", "Name": "abseil-cpp-spinlock-wait", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-spinlock-wait@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "5cb03fc35b356474" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "libgcc@14.2.0-r4", "libstdc++@14.2.0-r4", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:0a78577f9488cc44a4bbc63d0c96b068a2237e20", "InstalledFiles": [ "usr/lib/libabsl_spinlock_wait.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-stacktrace@20240722.0-r0", "Name": "abseil-cpp-stacktrace", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-stacktrace@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "da1fdaafb6d7c63e" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "abseil-cpp-debugging-internal@20240722.0-r0", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:48c4df2b650fce432c89c7fe0da9a69d753df126", "InstalledFiles": [ "usr/lib/libabsl_stacktrace.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-status@20240722.0-r0", "Name": "abseil-cpp-status", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-status@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "e5b7f9544a565a1d" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "abseil-cpp-cord@20240722.0-r0", "abseil-cpp-cordz-info@20240722.0-r0", "abseil-cpp-strerror@20240722.0-r0", "abseil-cpp-strings@20240722.0-r0", "libgcc@14.2.0-r4", "libstdc++@14.2.0-r4", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:a1248beccb8711a937a07ab1652b482db8921ee8", "InstalledFiles": [ "usr/lib/libabsl_status.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-statusor@20240722.0-r0", "Name": "abseil-cpp-statusor", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-statusor@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "c265637b4b2056c1" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "abseil-cpp-raw-logging-internal@20240722.0-r0", "abseil-cpp-spinlock-wait@20240722.0-r0", "abseil-cpp-status@20240722.0-r0", "abseil-cpp-strings@20240722.0-r0", "libgcc@14.2.0-r4", "libstdc++@14.2.0-r4", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:79d98f208425f33c4a5cb2033a8dd185453f7006", "InstalledFiles": [ "usr/lib/libabsl_statusor.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-str-format-internal@20240722.0-r0", "Name": "abseil-cpp-str-format-internal", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-str-format-internal@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "1ada1848124c8390" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "abseil-cpp-int128@20240722.0-r0", "abseil-cpp-strings@20240722.0-r0", "libgcc@14.2.0-r4", "libstdc++@14.2.0-r4", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:183ca56b4d2002cfb2c46dcaad5d86232510ec74", "InstalledFiles": [ "usr/lib/libabsl_str_format_internal.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-strerror@20240722.0-r0", "Name": "abseil-cpp-strerror", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-strerror@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "f7f6e904ceca5f5" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "libgcc@14.2.0-r4", "libstdc++@14.2.0-r4", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:ad0797656fcf0d4cef8c8596a65284ca4b005783", "InstalledFiles": [ "usr/lib/libabsl_strerror.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-strings@20240722.0-r0", "Name": "abseil-cpp-strings", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-strings@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "552ac9af594fecbe" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "abseil-cpp-raw-logging-internal@20240722.0-r0", "abseil-cpp-strings-internal@20240722.0-r0", "libgcc@14.2.0-r4", "libstdc++@14.2.0-r4", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:8f46d13939e5532b5606ad23d273a125a90f24d1", "InstalledFiles": [ "usr/lib/libabsl_strings.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-strings-internal@20240722.0-r0", "Name": "abseil-cpp-strings-internal", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-strings-internal@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "c1048be15db5251f" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "abseil-cpp-raw-logging-internal@20240722.0-r0", "libgcc@14.2.0-r4", "libstdc++@14.2.0-r4", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:0dd3ef0700337844cfbb6e692078fd8e2255478f", "InstalledFiles": [ "usr/lib/libabsl_strings_internal.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-symbolize@20240722.0-r0", "Name": "abseil-cpp-symbolize", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-symbolize@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "b0ada86ba5aefcf0" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:2eddeea9ed9bf8cb1e74b772b017fc7f4e01cade", "InstalledFiles": [ "usr/lib/libabsl_symbolize.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-synchronization@20240722.0-r0", "Name": "abseil-cpp-synchronization", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-synchronization@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "ecd8de69f50c5c67" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "abseil-cpp-base@20240722.0-r0", "abseil-cpp-kernel-timeout-internal@20240722.0-r0", "abseil-cpp-malloc-internal@20240722.0-r0", "abseil-cpp-raw-logging-internal@20240722.0-r0", "abseil-cpp-spinlock-wait@20240722.0-r0", "abseil-cpp-stacktrace@20240722.0-r0", "abseil-cpp-time@20240722.0-r0", "libgcc@14.2.0-r4", "libstdc++@14.2.0-r4", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:ea699a4bb26eca6d4d362ee4786b3401ddad8937", "InstalledFiles": [ "usr/lib/libabsl_synchronization.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-throw-delegate@20240722.0-r0", "Name": "abseil-cpp-throw-delegate", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-throw-delegate@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "39748295d271fe77" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "libgcc@14.2.0-r4", "libstdc++@14.2.0-r4" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:14f463939675faeb271c94b0728e4ae373d31841", "InstalledFiles": [ "usr/lib/libabsl_throw_delegate.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-time@20240722.0-r0", "Name": "abseil-cpp-time", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-time@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "e2e8f829b75b4612" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "abseil-cpp-raw-logging-internal@20240722.0-r0", "abseil-cpp-strings@20240722.0-r0", "abseil-cpp-time-zone@20240722.0-r0", "libgcc@14.2.0-r4", "libstdc++@14.2.0-r4", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:8cb0b174884d3dc0bfdfbc6d21d2f85aedb6f598", "InstalledFiles": [ "usr/lib/libabsl_time.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-time-zone@20240722.0-r0", "Name": "abseil-cpp-time-zone", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-time-zone@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "e0ef7f520548f434" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "libgcc@14.2.0-r4", "libstdc++@14.2.0-r4", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:862944d24407519f781e576628065f0997b7f01c", "InstalledFiles": [ "usr/lib/libabsl_time_zone.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "abseil-cpp-vlog-config-internal@20240722.0-r0", "Name": "abseil-cpp-vlog-config-internal", "Identifier": { "PURL": "pkg:apk/alpine/abseil-cpp-vlog-config-internal@20240722.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "53301d833f74c8e1" }, "Version": "20240722.0-r0", "Arch": "x86_64", "SrcName": "abseil-cpp", "SrcVersion": "20240722.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Duncan Bellamy \u003cdunk@denkimushi.com\u003e", "DependsOn": [ "abseil-cpp-base@20240722.0-r0", "abseil-cpp-log-internal-fnmatch@20240722.0-r0", "abseil-cpp-strings@20240722.0-r0", "abseil-cpp-synchronization@20240722.0-r0", "libgcc@14.2.0-r4", "libstdc++@14.2.0-r4", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:5ce4cd19787d7d45f4faf6dcbd39277a44a6f5fb", "InstalledFiles": [ "usr/lib/libabsl_vlog_config_internal.so.2407.0.0" ], "AnalyzedBy": "apk" }, { "ID": "alpine-baselayout@3.6.8-r1", "Name": "alpine-baselayout", "Identifier": { "PURL": "pkg:apk/alpine/alpine-baselayout@3.6.8-r1?arch=x86_64\u0026distro=3.21.3", "UID": "393060090f95beb4" }, "Version": "3.6.8-r1", "Arch": "x86_64", "SrcName": "alpine-baselayout", "SrcVersion": "3.6.8-r1", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "alpine-baselayout-data@3.6.8-r1", "busybox-binsh@1.37.0-r12" ], "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "Digest": "sha1:eceb5e3555e7f7f8925dc248d557fcc744d573d6", "InstalledFiles": [ "etc/motd", "etc/crontabs/root", "etc/modprobe.d/aliases.conf", "etc/modprobe.d/blacklist.conf", "etc/modprobe.d/i386.conf", "etc/modprobe.d/kms.conf", "etc/profile.d/20locale.sh", "etc/profile.d/README", "etc/profile.d/color_prompt.sh.disabled", "usr/lib/sysctl.d/00-alpine.conf", "var/lock", "var/run", "var/spool/mail", "var/spool/cron/crontabs" ], "AnalyzedBy": "apk" }, { "ID": "alpine-baselayout-data@3.6.8-r1", "Name": "alpine-baselayout-data", "Identifier": { "PURL": "pkg:apk/alpine/alpine-baselayout-data@3.6.8-r1?arch=x86_64\u0026distro=3.21.3", "UID": "a35ff814457b106b" }, "Version": "3.6.8-r1", "Arch": "x86_64", "SrcName": "alpine-baselayout", "SrcVersion": "3.6.8-r1", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "Digest": "sha1:7979a835bc317cedb997d3a42f3b10be86a8d18a", "InstalledFiles": [ "etc/fstab", "etc/group", "etc/hostname", "etc/hosts", "etc/inittab", "etc/modules", "etc/mtab", "etc/nsswitch.conf", "etc/passwd", "etc/profile", "etc/protocols", "etc/services", "etc/shadow", "etc/shells", "etc/sysctl.conf" ], "AnalyzedBy": "apk" }, { "ID": "alpine-keys@2.5-r0", "Name": "alpine-keys", "Identifier": { "PURL": "pkg:apk/alpine/alpine-keys@2.5-r0?arch=x86_64\u0026distro=3.21.3", "UID": "e87ecc7343d144e0" }, "Version": "2.5-r0", "Arch": "x86_64", "SrcName": "alpine-keys", "SrcVersion": "2.5-r0", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "Digest": "sha1:91014bfdba0e7f7b4505159466e9f19871606a59", "InstalledFiles": [ "etc/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-66ba20fe.rsa.pub", "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", "usr/share/apk/keys/loongarch64/alpine-devel@lists.alpinelinux.org-66ba20fe.rsa.pub", "usr/share/apk/keys/mips64/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub" ], "AnalyzedBy": "apk" }, { "ID": "alpine-release@3.21.3-r0", "Name": "alpine-release", "Identifier": { "PURL": "pkg:apk/alpine/alpine-release@3.21.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "67b837fa5630d327" }, "Version": "3.21.3-r0", "Arch": "x86_64", "SrcName": "alpine-base", "SrcVersion": "3.21.3-r0", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "alpine-keys@2.5-r0" ], "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "Digest": "sha1:b9fcfa5afb3341f82ec4f757c6dba8d8807017e3", "InstalledFiles": [ "etc/alpine-release", "etc/issue", "etc/os-release", "etc/secfixes.d/alpine", "usr/lib/os-release" ], "AnalyzedBy": "apk" }, { "ID": "apk-tools@2.14.6-r3", "Name": "apk-tools", "Identifier": { "PURL": "pkg:apk/alpine/apk-tools@2.14.6-r3?arch=x86_64\u0026distro=3.21.3", "UID": "d24a24462031f215" }, "Version": "2.14.6-r3", "Arch": "x86_64", "SrcName": "apk-tools", "SrcVersion": "2.14.6-r3", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "ca-certificates-bundle@20241121-r1", "libcrypto3@3.3.3-r0", "libssl3@3.3.3-r0", "musl@1.2.5-r9", "zlib@1.3.1-r2" ], "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "Digest": "sha1:9704358d1b44fa771e0a0a3a527d8a26830e3eba", "InstalledFiles": [ "sbin/apk", "usr/lib/libapk.so.2.14.0" ], "AnalyzedBy": "apk" }, { "ID": "bash@5.2.37-r0", "Name": "bash", "Identifier": { "PURL": "pkg:apk/alpine/bash@5.2.37-r0?arch=x86_64\u0026distro=3.21.3", "UID": "3a8832be3281bc02" }, "Version": "5.2.37-r0", "Arch": "x86_64", "SrcName": "bash", "SrcVersion": "5.2.37-r0", "Licenses": [ "GPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "busybox-binsh@1.37.0-r12", "musl@1.2.5-r9", "readline@8.2.13-r0" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:74ad67cbf2d2088eb064b74e377a7e5c5a85d8fb", "InstalledFiles": [ "bin/bash", "etc/bash/bashrc", "etc/profile.d/00-bashrc.sh", "usr/lib/bash/accept", "usr/lib/bash/basename", "usr/lib/bash/csv", "usr/lib/bash/cut", "usr/lib/bash/dirname", "usr/lib/bash/dsv", "usr/lib/bash/fdflags", "usr/lib/bash/finfo", "usr/lib/bash/getconf", "usr/lib/bash/head", "usr/lib/bash/id", "usr/lib/bash/ln", "usr/lib/bash/logname", "usr/lib/bash/mkdir", "usr/lib/bash/mkfifo", "usr/lib/bash/mktemp", "usr/lib/bash/mypid", "usr/lib/bash/pathchk", "usr/lib/bash/print", "usr/lib/bash/printenv", "usr/lib/bash/push", "usr/lib/bash/realpath", "usr/lib/bash/rm", "usr/lib/bash/rmdir", "usr/lib/bash/seq", "usr/lib/bash/setpgid", "usr/lib/bash/sleep", "usr/lib/bash/stat", "usr/lib/bash/strftime", "usr/lib/bash/sync", "usr/lib/bash/tee", "usr/lib/bash/truefalse", "usr/lib/bash/tty", "usr/lib/bash/uname", "usr/lib/bash/unlink", "usr/lib/bash/whoami" ], "AnalyzedBy": "apk" }, { "ID": "brotli-libs@1.1.0-r2", "Name": "brotli-libs", "Identifier": { "PURL": "pkg:apk/alpine/brotli-libs@1.1.0-r2?arch=x86_64\u0026distro=3.21.3", "UID": "cc9451d88db1a57f" }, "Version": "1.1.0-r2", "Arch": "x86_64", "SrcName": "brotli", "SrcVersion": "1.1.0-r2", "Licenses": [ "MIT" ], "Maintainer": "prspkt \u003cprspkt@protonmail.com\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:70f773919e72e35e8d9bbc364922178a7656f3a1", "InstalledFiles": [ "usr/lib/libbrotlicommon.so.1", "usr/lib/libbrotlicommon.so.1.1.0", "usr/lib/libbrotlidec.so.1", "usr/lib/libbrotlidec.so.1.1.0", "usr/lib/libbrotlienc.so.1", "usr/lib/libbrotlienc.so.1.1.0" ], "AnalyzedBy": "apk" }, { "ID": "busybox@1.37.0-r12", "Name": "busybox", "Identifier": { "PURL": "pkg:apk/alpine/busybox@1.37.0-r12?arch=x86_64\u0026distro=3.21.3", "UID": "40c5c5c69a5100e0" }, "Version": "1.37.0-r12", "Arch": "x86_64", "SrcName": "busybox", "SrcVersion": "1.37.0-r12", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "Digest": "sha1:b1234297831343477557fd0d4d702122363b36aa", "InstalledFiles": [ "bin/busybox", "etc/securetty", "etc/busybox-paths.d/busybox", "etc/logrotate.d/acpid", "etc/network/if-up.d/dad", "etc/udhcpc/udhcpc.conf", "usr/share/udhcpc/default.script" ], "AnalyzedBy": "apk" }, { "ID": "busybox-binsh@1.37.0-r12", "Name": "busybox-binsh", "Identifier": { "PURL": "pkg:apk/alpine/busybox-binsh@1.37.0-r12?arch=x86_64\u0026distro=3.21.3", "UID": "f727574eea8e47ea" }, "Version": "1.37.0-r12", "Arch": "x86_64", "SrcName": "busybox", "SrcVersion": "1.37.0-r12", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", "DependsOn": [ "busybox@1.37.0-r12" ], "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "Digest": "sha1:2a3dd16cd3f036f57a45e0b4819a7d9ffa74f101", "InstalledFiles": [ "bin/sh" ], "AnalyzedBy": "apk" }, { "ID": "c-ares@1.34.3-r0", "Name": "c-ares", "Identifier": { "PURL": "pkg:apk/alpine/c-ares@1.34.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "65e5c61e1dac77c8" }, "Version": "1.34.3-r0", "Arch": "x86_64", "SrcName": "c-ares", "SrcVersion": "1.34.3-r0", "Licenses": [ "MIT" ], "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:ce4b51a748e0f56676097438497c0d07ae2a10ba", "InstalledFiles": [ "usr/lib/libcares.so.2", "usr/lib/libcares.so.2.19.2" ], "AnalyzedBy": "apk" }, { "ID": "ca-certificates@20241121-r1", "Name": "ca-certificates", "Identifier": { "PURL": "pkg:apk/alpine/ca-certificates@20241121-r1?arch=x86_64\u0026distro=3.21.3", "UID": "7bc60c9beb5b71aa" }, "Version": "20241121-r1", "Arch": "x86_64", "SrcName": "ca-certificates", "SrcVersion": "20241121-r1", "Licenses": [ "MPL-2.0", "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "busybox-binsh@1.37.0-r12", "libcrypto3@3.3.3-r0", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:ec815ac3e1ae86c055bede3a0b697b62f2b6cca0", "InstalledFiles": [ "etc/ca-certificates.conf", "etc/apk/protected_paths.d/ca-certificates.list", "etc/ca-certificates/update.d/certhash", "usr/bin/c_rehash", "usr/sbin/update-ca-certificates", "usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt", "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt", "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt", "usr/share/ca-certificates/mozilla/ANF_Secure_Server_Root_CA.crt", "usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt", "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt", "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.crt", "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.crt", "usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt", "usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA1.crt", "usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA2.crt", "usr/share/ca-certificates/mozilla/Baltimore_CyberTrust_Root.crt", "usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt", "usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt", "usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt", "usr/share/ca-certificates/mozilla/CFCA_EV_ROOT.crt", "usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Certainly_Root_E1.crt", "usr/share/ca-certificates/mozilla/Certainly_Root_R1.crt", "usr/share/ca-certificates/mozilla/Certigna.crt", "usr/share/ca-certificates/mozilla/Certigna_Root_CA.crt", "usr/share/ca-certificates/mozilla/Certum_EC-384_CA.crt", "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt", "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt", "usr/share/ca-certificates/mozilla/Certum_Trusted_Root_CA.crt", "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-01.crt", "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-02.crt", "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-01.crt", "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-02.crt", "usr/share/ca-certificates/mozilla/Comodo_AAA_Services_root.crt", "usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_1_2020.crt", "usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_1_2020.crt", "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt", "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt", "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt", "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt", "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt", "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt", "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt", "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt", "usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt", "usr/share/ca-certificates/mozilla/DigiCert_TLS_ECC_P384_Root_G5.crt", "usr/share/ca-certificates/mozilla/DigiCert_TLS_RSA4096_Root_G5.crt", "usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt", "usr/share/ca-certificates/mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt", "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt", "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/FIRMAPROFESIONAL_CA_ROOT-A_WEB.crt", "usr/share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt", "usr/share/ca-certificates/mozilla/GLOBALTRUST_2020.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R1.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R2.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R3.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R4.crt", "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt", "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_E46.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_R46.crt", "usr/share/ca-certificates/mozilla/Go_Daddy_Class_2_CA.crt", "usr/share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/HARICA_TLS_ECC_Root_CA_2021.crt", "usr/share/ca-certificates/mozilla/HARICA_TLS_RSA_Root_CA_2021.crt", "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt", "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt", "usr/share/ca-certificates/mozilla/HiPKI_Root_CA_-_G1.crt", "usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt", "usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt", "usr/share/ca-certificates/mozilla/ISRG_Root_X2.crt", "usr/share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt", "usr/share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt", "usr/share/ca-certificates/mozilla/Izenpe.com.crt", "usr/share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt", "usr/share/ca-certificates/mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt", "usr/share/ca-certificates/mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt", "usr/share/ca-certificates/mozilla/NAVER_Global_Root_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt", "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt", "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt", "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt", "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt", "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt", "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt", "usr/share/ca-certificates/mozilla/SSL.com_TLS_ECC_Root_CA_2022.crt", "usr/share/ca-certificates/mozilla/SSL.com_TLS_RSA_Root_CA_2022.crt", "usr/share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt", "usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_E46.crt", "usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_R46.crt", "usr/share/ca-certificates/mozilla/SecureSign_Root_CA12.crt", "usr/share/ca-certificates/mozilla/SecureSign_Root_CA14.crt", "usr/share/ca-certificates/mozilla/SecureSign_Root_CA15.crt", "usr/share/ca-certificates/mozilla/SecureTrust_CA.crt", "usr/share/ca-certificates/mozilla/Secure_Global_CA.crt", "usr/share/ca-certificates/mozilla/Security_Communication_ECC_RootCA1.crt", "usr/share/ca-certificates/mozilla/Security_Communication_RootCA2.crt", "usr/share/ca-certificates/mozilla/Starfield_Class_2_CA.crt", "usr/share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt", "usr/share/ca-certificates/mozilla/SwissSign_Silver_CA_-_G2.crt", "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt", "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt", "usr/share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt", "usr/share/ca-certificates/mozilla/TWCA_CYBER_Root_CA.crt", "usr/share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt", "usr/share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Telekom_Security_TLS_ECC_Root_2020.crt", "usr/share/ca-certificates/mozilla/Telekom_Security_TLS_RSA_Root_2023.crt", "usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt", "usr/share/ca-certificates/mozilla/Telia_Root_CA_v2.crt", "usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G3.crt", "usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G4.crt", "usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/TunTrust_Root_CA.crt", "usr/share/ca-certificates/mozilla/UCA_Extended_Validation_Root.crt", "usr/share/ca-certificates/mozilla/UCA_Global_G2_Root.crt", "usr/share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/XRamp_Global_CA_Root.crt", "usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt", "usr/share/ca-certificates/mozilla/certSIGN_Root_CA_G2.crt", "usr/share/ca-certificates/mozilla/e-Szigno_Root_CA_2017.crt", "usr/share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_C3.crt", "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_G3.crt", "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_C1.crt", "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_G1.crt", "usr/share/ca-certificates/mozilla/vTrus_ECC_Root_CA.crt", "usr/share/ca-certificates/mozilla/vTrus_Root_CA.crt" ], "AnalyzedBy": "apk" }, { "ID": "ca-certificates-bundle@20241121-r1", "Name": "ca-certificates-bundle", "Identifier": { "PURL": "pkg:apk/alpine/ca-certificates-bundle@20241121-r1?arch=x86_64\u0026distro=3.21.3", "UID": "648ddfcaeba667a7" }, "Version": "20241121-r1", "Arch": "x86_64", "SrcName": "ca-certificates", "SrcVersion": "20241121-r1", "Licenses": [ "MPL-2.0", "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "Digest": "sha1:9cfd2df1eb4d8cf25007be42ad2818f3e5c9a37b", "InstalledFiles": [ "etc/ssl/cert.pem", "etc/ssl/certs/ca-certificates.crt", "etc/ssl1.1/cert.pem", "etc/ssl1.1/certs" ], "AnalyzedBy": "apk" }, { "ID": "curl@8.12.1-r1", "Name": "curl", "Identifier": { "PURL": "pkg:apk/alpine/curl@8.12.1-r1?arch=x86_64\u0026distro=3.21.3", "UID": "88c4306caf842e16" }, "Version": "8.12.1-r1", "Arch": "x86_64", "SrcName": "curl", "SrcVersion": "8.12.1-r1", "Licenses": [ "curl" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libcurl@8.12.1-r1", "musl@1.2.5-r9", "zlib@1.3.1-r2" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:2c50f1a2eae9946459a4fcceeaf8d31f43fdae48", "InstalledFiles": [ "usr/bin/curl" ], "AnalyzedBy": "apk" }, { "ID": "diffutils@3.10-r0", "Name": "diffutils", "Identifier": { "PURL": "pkg:apk/alpine/diffutils@3.10-r0?arch=x86_64\u0026distro=3.21.3", "UID": "b58dd7352a97773d" }, "Version": "3.10-r0", "Arch": "x86_64", "SrcName": "diffutils", "SrcVersion": "3.10-r0", "Licenses": [ "GPL-3.0-or-later" ], "Maintainer": "Leonardo Arena \u003crnalrd@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:d8bf483dcaa2136ca4275dfa783369b5159ffd96ac2a1748928cb4e1864710ba", "DiffID": "sha256:b4536ef30a85ae24d9be2699da4f8198706ce2d9bf92624e66a237a026918152" }, "Digest": "sha1:1dc7d9d822286f4e4563e540138a7ce2b6160be9", "InstalledFiles": [ "usr/bin/cmp", "usr/bin/diff", "usr/bin/diff3", "usr/bin/sdiff" ], "AnalyzedBy": "apk" }, { "ID": "dumb-init@1.2.5-r3", "Name": "dumb-init", "Identifier": { "PURL": "pkg:apk/alpine/dumb-init@1.2.5-r3?arch=x86_64\u0026distro=3.21.3", "UID": "316a7eff15127cd5" }, "Version": "1.2.5-r3", "Arch": "x86_64", "SrcName": "dumb-init", "SrcVersion": "1.2.5-r3", "Licenses": [ "MIT" ], "Maintainer": "Celeste \u003ccielesti@protonmail.com\u003e", "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:9538d2911af9aa304d7a593a76c3661893cc7bd2", "InstalledFiles": [ "usr/bin/dumb-init" ], "AnalyzedBy": "apk" }, { "ID": "grpc@1.62.1-r2", "Name": "grpc", "Identifier": { "PURL": "pkg:apk/alpine/grpc@1.62.1-r2?arch=x86_64\u0026distro=3.21.3", "UID": "58cb0c34ec8dd1ab" }, "Version": "1.62.1-r2", "Arch": "x86_64", "SrcName": "grpc", "SrcVersion": "1.62.1-r2", "Licenses": [ "Apache-2.0", "BSD-3-Clause", "MIT" ], "Maintainer": "wener \u003cwenermail@gmail.com\u003e", "DependsOn": [ "ca-certificates@20241121-r1" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:18b9a1fd9a77007bda064e56db44b9b282f4440f", "InstalledFiles": [ "usr/lib/libutf8_range_lib.so.39", "usr/lib/libutf8_range_lib.so.39.0.0", "usr/share/grpc/roots.pem" ], "AnalyzedBy": "apk" }, { "ID": "grpc-cpp@1.62.1-r2", "Name": "grpc-cpp", "Identifier": { "PURL": "pkg:apk/alpine/grpc-cpp@1.62.1-r2?arch=x86_64\u0026distro=3.21.3", "UID": "414602421fe3a462" }, "Version": "1.62.1-r2", "Arch": "x86_64", "SrcName": "grpc", "SrcVersion": "1.62.1-r2", "Licenses": [ "Apache-2.0", "BSD-3-Clause", "MIT" ], "Maintainer": "wener \u003cwenermail@gmail.com\u003e", "DependsOn": [ "abseil-cpp-cord@20240722.0-r0", "abseil-cpp-cordz-functions@20240722.0-r0", "abseil-cpp-cordz-info@20240722.0-r0", "abseil-cpp-hash@20240722.0-r0", "abseil-cpp-kernel-timeout-internal@20240722.0-r0", "abseil-cpp-raw-hash-set@20240722.0-r0", "abseil-cpp-status@20240722.0-r0", "abseil-cpp-statusor@20240722.0-r0", "abseil-cpp-str-format-internal@20240722.0-r0", "abseil-cpp-strings@20240722.0-r0", "abseil-cpp-synchronization@20240722.0-r0", "abseil-cpp-time@20240722.0-r0", "grpc@1.62.1-r2", "libgcc@14.2.0-r4", "libgpr@1.62.1-r2", "libgrpc@1.62.1-r2", "libgrpc_unsecure@1.62.1-r2", "libprotobuf@24.4-r4", "libprotoc@24.4-r4", "libstdc++@14.2.0-r4", "libupb_json_lib@1.62.1-r2", "libupb_mem_lib@1.62.1-r2", "libupb_message_lib@1.62.1-r2", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:eeba372be0d93aebec3975f5380a445c699f0049", "InstalledFiles": [ "usr/lib/libgrpc++.so.1.62", "usr/lib/libgrpc++.so.1.62.1", "usr/lib/libgrpc++_alts.so.1.62", "usr/lib/libgrpc++_alts.so.1.62.1", "usr/lib/libgrpc++_error_details.so.1.62", "usr/lib/libgrpc++_error_details.so.1.62.1", "usr/lib/libgrpc++_reflection.so.1.62", "usr/lib/libgrpc++_reflection.so.1.62.1", "usr/lib/libgrpc++_unsecure.so.1.62", "usr/lib/libgrpc++_unsecure.so.1.62.1", "usr/lib/libgrpc_plugin_support.so.1.62", "usr/lib/libgrpc_plugin_support.so.1.62.1", "usr/lib/libgrpcpp_channelz.so.1.62", "usr/lib/libgrpcpp_channelz.so.1.62.1" ], "AnalyzedBy": "apk" }, { "ID": "icu-data-en@74.2-r0", "Name": "icu-data-en", "Identifier": { "PURL": "pkg:apk/alpine/icu-data-en@74.2-r0?arch=x86_64\u0026distro=3.21.3", "UID": "74207ee7b1ed24e6" }, "Version": "74.2-r0", "Arch": "x86_64", "SrcName": "icu", "SrcVersion": "74.2-r0", "Licenses": [ "ICU" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "busybox-binsh@1.37.0-r12" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:815998abfea0e8775482826c85a72fe1718f09ac", "InstalledFiles": [ "usr/share/icu/74.2/icudt74l.dat" ], "AnalyzedBy": "apk" }, { "ID": "icu-libs@74.2-r0", "Name": "icu-libs", "Identifier": { "PURL": "pkg:apk/alpine/icu-libs@74.2-r0?arch=x86_64\u0026distro=3.21.3", "UID": "f5b3fee3128ff69c" }, "Version": "74.2-r0", "Arch": "x86_64", "SrcName": "icu", "SrcVersion": "74.2-r0", "Licenses": [ "ICU" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "icu-data-en@74.2-r0", "libgcc@14.2.0-r4", "libstdc++@14.2.0-r4", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:dfd42e43920a0639c902f491c7ce7849b9025956", "InstalledFiles": [ "usr/lib/libicudata.so.74", "usr/lib/libicudata.so.74.2", "usr/lib/libicui18n.so.74", "usr/lib/libicui18n.so.74.2", "usr/lib/libicuio.so.74", "usr/lib/libicuio.so.74.2", "usr/lib/libicuuc.so.74", "usr/lib/libicuuc.so.74.2" ], "AnalyzedBy": "apk" }, { "ID": "libaddress_sorting@1.62.1-r2", "Name": "libaddress_sorting", "Identifier": { "PURL": "pkg:apk/alpine/libaddress_sorting@1.62.1-r2?arch=x86_64\u0026distro=3.21.3", "UID": "27f9c27e0be175b6" }, "Version": "1.62.1-r2", "Arch": "x86_64", "SrcName": "grpc", "SrcVersion": "1.62.1-r2", "Licenses": [ "Apache-2.0", "BSD-3-Clause", "MIT" ], "Maintainer": "wener \u003cwenermail@gmail.com\u003e", "DependsOn": [ "grpc@1.62.1-r2", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:3f17a6ecb56934736114d5d60ceef2fcebe63149", "InstalledFiles": [ "usr/lib/libaddress_sorting.so.39", "usr/lib/libaddress_sorting.so.39.0.0" ], "AnalyzedBy": "apk" }, { "ID": "libcrypto3@3.3.3-r0", "Name": "libcrypto3", "Identifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "b6dee14d788cd234" }, "Version": "3.3.3-r0", "Arch": "x86_64", "SrcName": "openssl", "SrcVersion": "3.3.3-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "Digest": "sha1:ba21a974113543ebb687f9e18494c0ce736775f8", "InstalledFiles": [ "etc/ssl/ct_log_list.cnf", "etc/ssl/ct_log_list.cnf.dist", "etc/ssl/openssl.cnf", "etc/ssl/openssl.cnf.dist", "usr/lib/libcrypto.so.3", "usr/lib/engines-3/afalg.so", "usr/lib/engines-3/capi.so", "usr/lib/engines-3/loader_attic.so", "usr/lib/engines-3/padlock.so", "usr/lib/ossl-modules/legacy.so" ], "AnalyzedBy": "apk" }, { "ID": "libcurl@8.12.1-r1", "Name": "libcurl", "Identifier": { "PURL": "pkg:apk/alpine/libcurl@8.12.1-r1?arch=x86_64\u0026distro=3.21.3", "UID": "bb07c860cc2206ec" }, "Version": "8.12.1-r1", "Arch": "x86_64", "SrcName": "curl", "SrcVersion": "8.12.1-r1", "Licenses": [ "curl" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "brotli-libs@1.1.0-r2", "c-ares@1.34.3-r0", "ca-certificates-bundle@20241121-r1", "libcrypto3@3.3.3-r0", "libidn2@2.3.7-r0", "libpsl@0.21.5-r3", "libssl3@3.3.3-r0", "musl@1.2.5-r9", "nghttp2-libs@1.64.0-r0", "zlib@1.3.1-r2", "zstd-libs@1.5.6-r2" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:572244672981ad6e6331ef0d66c4040cf65509b4", "InstalledFiles": [ "usr/lib/libcurl.so.4", "usr/lib/libcurl.so.4.8.0" ], "AnalyzedBy": "apk" }, { "ID": "libgcc@14.2.0-r4", "Name": "libgcc", "Identifier": { "PURL": "pkg:apk/alpine/libgcc@14.2.0-r4?arch=x86_64\u0026distro=3.21.3", "UID": "595ba1f60ecb7aa4" }, "Version": "14.2.0-r4", "Arch": "x86_64", "SrcName": "gcc", "SrcVersion": "14.2.0-r4", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.1-or-later" ], "Maintainer": "Ariadne Conill \u003cariadne@dereferenced.org\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:b875969aa737f53cf28f8b5d50bb266d793a5664", "InstalledFiles": [ "usr/lib/libgcc_s.so.1" ], "AnalyzedBy": "apk" }, { "ID": "libgpr@1.62.1-r2", "Name": "libgpr", "Identifier": { "PURL": "pkg:apk/alpine/libgpr@1.62.1-r2?arch=x86_64\u0026distro=3.21.3", "UID": "887aaf0ce28c988d" }, "Version": "1.62.1-r2", "Arch": "x86_64", "SrcName": "grpc", "SrcVersion": "1.62.1-r2", "Licenses": [ "Apache-2.0", "BSD-3-Clause", "MIT" ], "Maintainer": "wener \u003cwenermail@gmail.com\u003e", "DependsOn": [ "abseil-cpp-flags-internal@20240722.0-r0", "abseil-cpp-flags-marshalling@20240722.0-r0", "abseil-cpp-flags-reflection@20240722.0-r0", "abseil-cpp-kernel-timeout-internal@20240722.0-r0", "abseil-cpp-spinlock-wait@20240722.0-r0", "abseil-cpp-status@20240722.0-r0", "abseil-cpp-str-format-internal@20240722.0-r0", "abseil-cpp-strings@20240722.0-r0", "abseil-cpp-synchronization@20240722.0-r0", "abseil-cpp-time@20240722.0-r0", "grpc@1.62.1-r2", "libgcc@14.2.0-r4", "libstdc++@14.2.0-r4", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:67a7aa6dbdd5c3aff685be2b0529a22949aa8549", "InstalledFiles": [ "usr/lib/libgpr.so.39", "usr/lib/libgpr.so.39.0.0" ], "AnalyzedBy": "apk" }, { "ID": "libgrpc@1.62.1-r2", "Name": "libgrpc", "Identifier": { "PURL": "pkg:apk/alpine/libgrpc@1.62.1-r2?arch=x86_64\u0026distro=3.21.3", "UID": "3fa05f930f1f93ee" }, "Version": "1.62.1-r2", "Arch": "x86_64", "SrcName": "grpc", "SrcVersion": "1.62.1-r2", "Licenses": [ "Apache-2.0", "BSD-3-Clause", "MIT" ], "Maintainer": "wener \u003cwenermail@gmail.com\u003e", "DependsOn": [ "abseil-cpp-cord@20240722.0-r0", "abseil-cpp-cordz-info@20240722.0-r0", "abseil-cpp-hash@20240722.0-r0", "abseil-cpp-kernel-timeout-internal@20240722.0-r0", "abseil-cpp-random-internal-pool-urbg@20240722.0-r0", "abseil-cpp-random-internal-randen-hwaes-impl@20240722.0-r0", "abseil-cpp-random-internal-randen-slow@20240722.0-r0", "abseil-cpp-random-internal-randen@20240722.0-r0", "abseil-cpp-raw-hash-set@20240722.0-r0", "abseil-cpp-status@20240722.0-r0", "abseil-cpp-statusor@20240722.0-r0", "abseil-cpp-str-format-internal@20240722.0-r0", "abseil-cpp-strings@20240722.0-r0", "abseil-cpp-synchronization@20240722.0-r0", "abseil-cpp-throw-delegate@20240722.0-r0", "abseil-cpp-time-zone@20240722.0-r0", "abseil-cpp-time@20240722.0-r0", "c-ares@1.34.3-r0", "grpc@1.62.1-r2", "libaddress_sorting@1.62.1-r2", "libcrypto3@3.3.3-r0", "libgcc@14.2.0-r4", "libgpr@1.62.1-r2", "libssl3@3.3.3-r0", "libstdc++@14.2.0-r4", "libupb_base_lib@1.62.1-r2", "libupb_json_lib@1.62.1-r2", "libupb_mem_lib@1.62.1-r2", "libupb_message_lib@1.62.1-r2", "libupb_textformat_lib@1.62.1-r2", "musl@1.2.5-r9", "re2@2024.07.02-r1", "zlib@1.3.1-r2" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:1497b2560828cfa5ca52e60d0c16c28c0396ea50", "InstalledFiles": [ "usr/lib/libgrpc.so.39", "usr/lib/libgrpc.so.39.0.0" ], "AnalyzedBy": "apk" }, { "ID": "libgrpc_unsecure@1.62.1-r2", "Name": "libgrpc_unsecure", "Identifier": { "PURL": "pkg:apk/alpine/libgrpc_unsecure@1.62.1-r2?arch=x86_64\u0026distro=3.21.3", "UID": "1250a9c54be1d932" }, "Version": "1.62.1-r2", "Arch": "x86_64", "SrcName": "grpc", "SrcVersion": "1.62.1-r2", "Licenses": [ "Apache-2.0", "BSD-3-Clause", "MIT" ], "Maintainer": "wener \u003cwenermail@gmail.com\u003e", "DependsOn": [ "abseil-cpp-cord@20240722.0-r0", "abseil-cpp-cordz-info@20240722.0-r0", "abseil-cpp-hash@20240722.0-r0", "abseil-cpp-kernel-timeout-internal@20240722.0-r0", "abseil-cpp-random-internal-pool-urbg@20240722.0-r0", "abseil-cpp-random-internal-randen-hwaes-impl@20240722.0-r0", "abseil-cpp-random-internal-randen-slow@20240722.0-r0", "abseil-cpp-random-internal-randen@20240722.0-r0", "abseil-cpp-raw-hash-set@20240722.0-r0", "abseil-cpp-status@20240722.0-r0", "abseil-cpp-statusor@20240722.0-r0", "abseil-cpp-str-format-internal@20240722.0-r0", "abseil-cpp-strings@20240722.0-r0", "abseil-cpp-synchronization@20240722.0-r0", "abseil-cpp-time-zone@20240722.0-r0", "abseil-cpp-time@20240722.0-r0", "c-ares@1.34.3-r0", "grpc@1.62.1-r2", "libaddress_sorting@1.62.1-r2", "libgcc@14.2.0-r4", "libgpr@1.62.1-r2", "libstdc++@14.2.0-r4", "libupb_base_lib@1.62.1-r2", "libupb_mem_lib@1.62.1-r2", "libupb_message_lib@1.62.1-r2", "musl@1.2.5-r9", "zlib@1.3.1-r2" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:30d0cedc624c5a294c8a58dd81576ddfcc6e67fa", "InstalledFiles": [ "usr/lib/libgrpc_unsecure.so.39", "usr/lib/libgrpc_unsecure.so.39.0.0" ], "AnalyzedBy": "apk" }, { "ID": "libidn2@2.3.7-r0", "Name": "libidn2", "Identifier": { "PURL": "pkg:apk/alpine/libidn2@2.3.7-r0?arch=x86_64\u0026distro=3.21.3", "UID": "7a5029ce71d1e992" }, "Version": "2.3.7-r0", "Arch": "x86_64", "SrcName": "libidn2", "SrcVersion": "2.3.7-r0", "Licenses": [ "GPL-2.0-or-later", "LGPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libunistring@1.2-r0", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:ae3b64134ad2a63718269dac2826bc514a3445e2", "InstalledFiles": [ "usr/lib/libidn2.so.0", "usr/lib/libidn2.so.0.4.0" ], "AnalyzedBy": "apk" }, { "ID": "libmaxminddb@1.9.1-r0", "Name": "libmaxminddb", "Identifier": { "PURL": "pkg:apk/alpine/libmaxminddb@1.9.1-r0?arch=x86_64\u0026distro=3.21.3", "UID": "2ffc4a04965340a3" }, "Version": "1.9.1-r0", "Arch": "x86_64", "SrcName": "libmaxminddb", "SrcVersion": "1.9.1-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Timo Teräs \u003ctimo.teras@iki.fi\u003e", "DependsOn": [ "busybox-binsh@1.37.0-r12", "curl@8.12.1-r1", "libmaxminddb-libs@1.9.1-r0", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:d7f9b6f9483fb24a2722ab50f6a322d2a511b4a4", "InstalledFiles": [ "etc/libmaxminddb.cron.conf", "etc/periodic/weekly/libmaxminddb", "usr/bin/mmdblookup" ], "AnalyzedBy": "apk" }, { "ID": "libmaxminddb-libs@1.9.1-r0", "Name": "libmaxminddb-libs", "Identifier": { "PURL": "pkg:apk/alpine/libmaxminddb-libs@1.9.1-r0?arch=x86_64\u0026distro=3.21.3", "UID": "8ff7b0872c407fda" }, "Version": "1.9.1-r0", "Arch": "x86_64", "SrcName": "libmaxminddb", "SrcVersion": "1.9.1-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Timo Teräs \u003ctimo.teras@iki.fi\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:577f6a0b6245bebefcaf95328f32a938f7f99fec", "InstalledFiles": [ "usr/lib/libmaxminddb.so.0", "usr/lib/libmaxminddb.so.0.0.7" ], "AnalyzedBy": "apk" }, { "ID": "libncursesw@6.5_p20241006-r3", "Name": "libncursesw", "Identifier": { "PURL": "pkg:apk/alpine/libncursesw@6.5_p20241006-r3?arch=x86_64\u0026distro=3.21.3", "UID": "75cdd41a72db6f1" }, "Version": "6.5_p20241006-r3", "Arch": "x86_64", "SrcName": "ncurses", "SrcVersion": "6.5_p20241006-r3", "Licenses": [ "X-11" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9", "ncurses-terminfo-base@6.5_p20241006-r3" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:1f4a0b567990a75699de992aa91da75bad914a57", "InstalledFiles": [ "usr/lib/libncursesw.so.6", "usr/lib/libncursesw.so.6.5" ], "AnalyzedBy": "apk" }, { "ID": "libprotobuf@24.4-r4", "Name": "libprotobuf", "Identifier": { "PURL": "pkg:apk/alpine/libprotobuf@24.4-r4?arch=x86_64\u0026distro=3.21.3", "UID": "e57f3191ff63cbf9" }, "Version": "24.4-r4", "Arch": "x86_64", "SrcName": "protobuf", "SrcVersion": "24.4-r4", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "abseil-cpp-cord-internal@20240722.0-r0", "abseil-cpp-cord@20240722.0-r0", "abseil-cpp-cordz-info@20240722.0-r0", "abseil-cpp-die-if-null@20240722.0-r0", "abseil-cpp-hash@20240722.0-r0", "abseil-cpp-log-internal-check-op@20240722.0-r0", "abseil-cpp-log-internal-conditions@20240722.0-r0", "abseil-cpp-log-internal-message@20240722.0-r0", "abseil-cpp-log-internal-nullguard@20240722.0-r0", "abseil-cpp-raw-hash-set@20240722.0-r0", "abseil-cpp-spinlock-wait@20240722.0-r0", "abseil-cpp-status@20240722.0-r0", "abseil-cpp-statusor@20240722.0-r0", "abseil-cpp-str-format-internal@20240722.0-r0", "abseil-cpp-strings@20240722.0-r0", "abseil-cpp-synchronization@20240722.0-r0", "abseil-cpp-throw-delegate@20240722.0-r0", "abseil-cpp-time-zone@20240722.0-r0", "abseil-cpp-time@20240722.0-r0", "libgcc@14.2.0-r4", "libstdc++@14.2.0-r4", "musl@1.2.5-r9", "zlib@1.3.1-r2" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:1fbaa0aaecc8f40c5801b6822fbb241a5b6f899f", "InstalledFiles": [ "usr/lib/libprotobuf.so.24", "usr/lib/libprotobuf.so.24.4.0" ], "AnalyzedBy": "apk" }, { "ID": "libprotoc@24.4-r4", "Name": "libprotoc", "Identifier": { "PURL": "pkg:apk/alpine/libprotoc@24.4-r4?arch=x86_64\u0026distro=3.21.3", "UID": "6c87bad9dc36f3df" }, "Version": "24.4-r4", "Arch": "x86_64", "SrcName": "protobuf", "SrcVersion": "24.4-r4", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "abseil-cpp-hash@20240722.0-r0", "abseil-cpp-log-internal-check-op@20240722.0-r0", "abseil-cpp-log-internal-conditions@20240722.0-r0", "abseil-cpp-log-internal-message@20240722.0-r0", "abseil-cpp-log-internal-nullguard@20240722.0-r0", "abseil-cpp-raw-hash-set@20240722.0-r0", "abseil-cpp-spinlock-wait@20240722.0-r0", "abseil-cpp-status@20240722.0-r0", "abseil-cpp-statusor@20240722.0-r0", "abseil-cpp-str-format-internal@20240722.0-r0", "abseil-cpp-strings@20240722.0-r0", "abseil-cpp-synchronization@20240722.0-r0", "abseil-cpp-throw-delegate@20240722.0-r0", "libgcc@14.2.0-r4", "libprotobuf@24.4-r4", "libstdc++@14.2.0-r4", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:ed909c12778522b502c6b485806530920e16a96f", "InstalledFiles": [ "usr/lib/libprotoc.so.24", "usr/lib/libprotoc.so.24.4.0" ], "AnalyzedBy": "apk" }, { "ID": "libpsl@0.21.5-r3", "Name": "libpsl", "Identifier": { "PURL": "pkg:apk/alpine/libpsl@0.21.5-r3?arch=x86_64\u0026distro=3.21.3", "UID": "240880a372fa2415" }, "Version": "0.21.5-r3", "Arch": "x86_64", "SrcName": "libpsl", "SrcVersion": "0.21.5-r3", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libidn2@2.3.7-r0", "libunistring@1.2-r0", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:9d21a9cf20d165ea68eafc7566a5da16ce9eabfc", "InstalledFiles": [ "usr/lib/libpsl.so.5", "usr/lib/libpsl.so.5.3.5" ], "AnalyzedBy": "apk" }, { "ID": "libssl3@3.3.3-r0", "Name": "libssl3", "Identifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "c19c85db06279baa" }, "Version": "3.3.3-r0", "Arch": "x86_64", "SrcName": "openssl", "SrcVersion": "3.3.3-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libcrypto3@3.3.3-r0", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "Digest": "sha1:f903912bd42fe4658ee2adf39744b36019f046b3", "InstalledFiles": [ "usr/lib/libssl.so.3" ], "AnalyzedBy": "apk" }, { "ID": "libstdc++@14.2.0-r4", "Name": "libstdc++", "Identifier": { "PURL": "pkg:apk/alpine/libstdc%2B%2B@14.2.0-r4?arch=x86_64\u0026distro=3.21.3", "UID": "82b61307dafb3df8" }, "Version": "14.2.0-r4", "Arch": "x86_64", "SrcName": "gcc", "SrcVersion": "14.2.0-r4", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.1-or-later" ], "Maintainer": "Ariadne Conill \u003cariadne@dereferenced.org\u003e", "DependsOn": [ "libgcc@14.2.0-r4", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:3a31f5d07864ea0b323a3c6d763ae6079ef1c91f", "InstalledFiles": [ "usr/lib/libstdc++.so.6", "usr/lib/libstdc++.so.6.0.33" ], "AnalyzedBy": "apk" }, { "ID": "libunistring@1.2-r0", "Name": "libunistring", "Identifier": { "PURL": "pkg:apk/alpine/libunistring@1.2-r0?arch=x86_64\u0026distro=3.21.3", "UID": "afda0efd6d9fe81d" }, "Version": "1.2-r0", "Arch": "x86_64", "SrcName": "libunistring", "SrcVersion": "1.2-r0", "Licenses": [ "GPL-2.0-or-later", "LGPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:79aac0821ef4e14fc6ceaacfbf7c2a770a80cf78", "InstalledFiles": [ "usr/lib/libunistring.so.5", "usr/lib/libunistring.so.5.1.0" ], "AnalyzedBy": "apk" }, { "ID": "libupb_base_lib@1.62.1-r2", "Name": "libupb_base_lib", "Identifier": { "PURL": "pkg:apk/alpine/libupb_base_lib@1.62.1-r2?arch=x86_64\u0026distro=3.21.3", "UID": "756cbdd2bb1b6527" }, "Version": "1.62.1-r2", "Arch": "x86_64", "SrcName": "grpc", "SrcVersion": "1.62.1-r2", "Licenses": [ "Apache-2.0", "BSD-3-Clause", "MIT" ], "Maintainer": "wener \u003cwenermail@gmail.com\u003e", "DependsOn": [ "grpc@1.62.1-r2", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:73003b0762a9f6876e7c32a8c3d6922d40d2e41a", "InstalledFiles": [ "usr/lib/libupb_base_lib.so.39", "usr/lib/libupb_base_lib.so.39.0.0" ], "AnalyzedBy": "apk" }, { "ID": "libupb_json_lib@1.62.1-r2", "Name": "libupb_json_lib", "Identifier": { "PURL": "pkg:apk/alpine/libupb_json_lib@1.62.1-r2?arch=x86_64\u0026distro=3.21.3", "UID": "4ebe31207d8b5b4d" }, "Version": "1.62.1-r2", "Arch": "x86_64", "SrcName": "grpc", "SrcVersion": "1.62.1-r2", "Licenses": [ "Apache-2.0", "BSD-3-Clause", "MIT" ], "Maintainer": "wener \u003cwenermail@gmail.com\u003e", "DependsOn": [ "grpc@1.62.1-r2", "libupb_base_lib@1.62.1-r2", "libupb_mem_lib@1.62.1-r2", "libupb_message_lib@1.62.1-r2", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:72c6d48dfd7b51ce9a192a3e026ea75c4236b575", "InstalledFiles": [ "usr/lib/libupb_json_lib.so.39", "usr/lib/libupb_json_lib.so.39.0.0" ], "AnalyzedBy": "apk" }, { "ID": "libupb_mem_lib@1.62.1-r2", "Name": "libupb_mem_lib", "Identifier": { "PURL": "pkg:apk/alpine/libupb_mem_lib@1.62.1-r2?arch=x86_64\u0026distro=3.21.3", "UID": "5546121ff45d2c67" }, "Version": "1.62.1-r2", "Arch": "x86_64", "SrcName": "grpc", "SrcVersion": "1.62.1-r2", "Licenses": [ "Apache-2.0", "BSD-3-Clause", "MIT" ], "Maintainer": "wener \u003cwenermail@gmail.com\u003e", "DependsOn": [ "grpc@1.62.1-r2", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:d921853a84126f5ef61acc394841d45a8f4b16cb", "InstalledFiles": [ "usr/lib/libupb_mem_lib.so.39", "usr/lib/libupb_mem_lib.so.39.0.0" ], "AnalyzedBy": "apk" }, { "ID": "libupb_message_lib@1.62.1-r2", "Name": "libupb_message_lib", "Identifier": { "PURL": "pkg:apk/alpine/libupb_message_lib@1.62.1-r2?arch=x86_64\u0026distro=3.21.3", "UID": "14e057ae698a1bfb" }, "Version": "1.62.1-r2", "Arch": "x86_64", "SrcName": "grpc", "SrcVersion": "1.62.1-r2", "Licenses": [ "Apache-2.0", "BSD-3-Clause", "MIT" ], "Maintainer": "wener \u003cwenermail@gmail.com\u003e", "DependsOn": [ "grpc@1.62.1-r2", "libupb_mem_lib@1.62.1-r2", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:ea998f6924395ce9e5bf5923bb0e854f20059480", "InstalledFiles": [ "usr/lib/libupb_message_lib.so.39", "usr/lib/libupb_message_lib.so.39.0.0" ], "AnalyzedBy": "apk" }, { "ID": "libupb_textformat_lib@1.62.1-r2", "Name": "libupb_textformat_lib", "Identifier": { "PURL": "pkg:apk/alpine/libupb_textformat_lib@1.62.1-r2?arch=x86_64\u0026distro=3.21.3", "UID": "805dea2bf4d244ca" }, "Version": "1.62.1-r2", "Arch": "x86_64", "SrcName": "grpc", "SrcVersion": "1.62.1-r2", "Licenses": [ "Apache-2.0", "BSD-3-Clause", "MIT" ], "Maintainer": "wener \u003cwenermail@gmail.com\u003e", "DependsOn": [ "grpc@1.62.1-r2", "libupb_base_lib@1.62.1-r2", "libupb_mem_lib@1.62.1-r2", "libupb_message_lib@1.62.1-r2", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:d2b87b0da4d3b6c29f65f12fdbf0c5756ede6040", "InstalledFiles": [ "usr/lib/libupb_textformat_lib.so.39", "usr/lib/libupb_textformat_lib.so.39.0.0" ], "AnalyzedBy": "apk" }, { "ID": "libxml2@2.13.4-r5", "Name": "libxml2", "Identifier": { "PURL": "pkg:apk/alpine/libxml2@2.13.4-r5?arch=x86_64\u0026distro=3.21.3", "UID": "21433495685e9e6d" }, "Version": "2.13.4-r5", "Arch": "x86_64", "SrcName": "libxml2", "SrcVersion": "2.13.4-r5", "Licenses": [ "MIT" ], "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9", "xz-libs@5.6.3-r0", "zlib@1.3.1-r2" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:c8d5933391e532dae14b06cc4be28715a9895b3d", "InstalledFiles": [ "usr/lib/libxml2.so.2", "usr/lib/libxml2.so.2.13.4" ], "AnalyzedBy": "apk" }, { "ID": "lmdb@0.9.33-r0", "Name": "lmdb", "Identifier": { "PURL": "pkg:apk/alpine/lmdb@0.9.33-r0?arch=x86_64\u0026distro=3.21.3", "UID": "ffe8c42f7e844604" }, "Version": "0.9.33-r0", "Arch": "x86_64", "SrcName": "lmdb", "SrcVersion": "0.9.33-r0", "Licenses": [ "OLDAP-2.8" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:834e8434e6b20fa68035356bfdf83588fdb6182f", "InstalledFiles": [ "usr/lib/liblmdb.so.0", "usr/lib/liblmdb.so.0.0.0" ], "AnalyzedBy": "apk" }, { "ID": "musl@1.2.5-r9", "Name": "musl", "Identifier": { "PURL": "pkg:apk/alpine/musl@1.2.5-r9?arch=x86_64\u0026distro=3.21.3", "UID": "d0316c4ab0862e6b" }, "Version": "1.2.5-r9", "Arch": "x86_64", "SrcName": "musl", "SrcVersion": "1.2.5-r9", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "Digest": "sha1:fcbef23891ec04f81a28b98dbbb521e58218d2d8", "InstalledFiles": [ "lib/ld-musl-x86_64.so.1", "lib/libc.musl-x86_64.so.1" ], "AnalyzedBy": "apk" }, { "ID": "musl-utils@1.2.5-r9", "Name": "musl-utils", "Identifier": { "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r9?arch=x86_64\u0026distro=3.21.3", "UID": "8991799c5350cf95" }, "Version": "1.2.5-r9", "Arch": "x86_64", "SrcName": "musl", "SrcVersion": "1.2.5-r9", "Licenses": [ "MIT", "BSD-2-Clause", "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9", "scanelf@1.3.8-r1" ], "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "Digest": "sha1:dd00323d3c0b14f2607f7a14ef503ebb4f737d22", "InstalledFiles": [ "sbin/ldconfig", "usr/bin/getconf", "usr/bin/getent", "usr/bin/iconv", "usr/bin/ldd" ], "AnalyzedBy": "apk" }, { "ID": "ncurses-terminfo-base@6.5_p20241006-r3", "Name": "ncurses-terminfo-base", "Identifier": { "PURL": "pkg:apk/alpine/ncurses-terminfo-base@6.5_p20241006-r3?arch=x86_64\u0026distro=3.21.3", "UID": "ba7a41d37c387447" }, "Version": "6.5_p20241006-r3", "Arch": "x86_64", "SrcName": "ncurses", "SrcVersion": "6.5_p20241006-r3", "Licenses": [ "X-11" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:a2bc82a235e7172605f069a36c371f955bc9d8fc", "InstalledFiles": [ "etc/terminfo/a/alacritty", "etc/terminfo/a/ansi", "etc/terminfo/d/dumb", "etc/terminfo/g/gnome", "etc/terminfo/g/gnome-256color", "etc/terminfo/k/konsole", "etc/terminfo/k/konsole-256color", "etc/terminfo/k/konsole-linux", "etc/terminfo/l/linux", "etc/terminfo/p/putty", "etc/terminfo/p/putty-256color", "etc/terminfo/r/rxvt", "etc/terminfo/r/rxvt-256color", "etc/terminfo/s/screen", "etc/terminfo/s/screen-256color", "etc/terminfo/s/st-0.6", "etc/terminfo/s/st-0.7", "etc/terminfo/s/st-0.8", "etc/terminfo/s/st-16color", "etc/terminfo/s/st-256color", "etc/terminfo/s/st-direct", "etc/terminfo/s/sun", "etc/terminfo/t/terminator", "etc/terminfo/t/terminology", "etc/terminfo/t/terminology-0.6.1", "etc/terminfo/t/terminology-1.0.0", "etc/terminfo/t/terminology-1.8.1", "etc/terminfo/t/tmux", "etc/terminfo/t/tmux-256color", "etc/terminfo/v/vt100", "etc/terminfo/v/vt102", "etc/terminfo/v/vt200", "etc/terminfo/v/vt220", "etc/terminfo/v/vt52", "etc/terminfo/v/vte", "etc/terminfo/v/vte-256color", "etc/terminfo/x/xterm", "etc/terminfo/x/xterm-256color", "etc/terminfo/x/xterm-color", "etc/terminfo/x/xterm-xfree86" ], "AnalyzedBy": "apk" }, { "ID": "nghttp2-libs@1.64.0-r0", "Name": "nghttp2-libs", "Identifier": { "PURL": "pkg:apk/alpine/nghttp2-libs@1.64.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "e522ca22ea4867ac" }, "Version": "1.64.0-r0", "Arch": "x86_64", "SrcName": "nghttp2", "SrcVersion": "1.64.0-r0", "Licenses": [ "MIT" ], "Maintainer": "Francesco Colista \u003cfcolista@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:239d49335b0c521c41d0823a619bf84c3f20722e", "InstalledFiles": [ "usr/lib/libnghttp2.so.14", "usr/lib/libnghttp2.so.14.28.3" ], "AnalyzedBy": "apk" }, { "ID": "openssl@3.3.3-r0", "Name": "openssl", "Identifier": { "PURL": "pkg:apk/alpine/openssl@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "627772e2e77f6983" }, "Version": "3.3.3-r0", "Arch": "x86_64", "SrcName": "openssl", "SrcVersion": "3.3.3-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libcrypto3@3.3.3-r0", "libssl3@3.3.3-r0", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:fcdc0397fcfe5bb3dd7d6ae9342a02bd11e9ac33", "InstalledFiles": [ "usr/bin/openssl" ], "AnalyzedBy": "apk" }, { "ID": "patch@2.7.6-r10", "Name": "patch", "Identifier": { "PURL": "pkg:apk/alpine/patch@2.7.6-r10?arch=x86_64\u0026distro=3.21.3", "UID": "b472ade3e0965a52" }, "Version": "2.7.6-r10", "Arch": "x86_64", "SrcName": "patch", "SrcVersion": "2.7.6-r10", "Licenses": [ "GPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:90ecec0bf17c6aeb300d68a1c032adfbc2e737ad", "InstalledFiles": [ "usr/bin/patch" ], "AnalyzedBy": "apk" }, { "ID": "pcre@8.45-r3", "Name": "pcre", "Identifier": { "PURL": "pkg:apk/alpine/pcre@8.45-r3?arch=x86_64\u0026distro=3.21.3", "UID": "15ba0caddc86e79d" }, "Version": "8.45-r3", "Arch": "x86_64", "SrcName": "pcre", "SrcVersion": "8.45-r3", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:2ea62a8c8ed4c25a831cdbe18d71c911cf3446a2", "InstalledFiles": [ "usr/lib/libpcre.so.1", "usr/lib/libpcre.so.1.2.13", "usr/lib/libpcreposix.so.0", "usr/lib/libpcreposix.so.0.0.7" ], "AnalyzedBy": "apk" }, { "ID": "re2@2024.07.02-r1", "Name": "re2", "Identifier": { "PURL": "pkg:apk/alpine/re2@2024.07.02-r1?arch=x86_64\u0026distro=3.21.3", "UID": "4286e90c5aa1b173" }, "Version": "2024.07.02-r1", "Arch": "x86_64", "SrcName": "re2", "SrcVersion": "2024.07.02-r1", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Francesco Colista \u003cfcolista@alpinelinux.org\u003e", "DependsOn": [ "abseil-cpp-hash@20240722.0-r0", "abseil-cpp-log-internal-check-op@20240722.0-r0", "abseil-cpp-log-internal-message@20240722.0-r0", "abseil-cpp-raw-hash-set@20240722.0-r0", "abseil-cpp-raw-logging-internal@20240722.0-r0", "abseil-cpp-spinlock-wait@20240722.0-r0", "abseil-cpp-str-format-internal@20240722.0-r0", "abseil-cpp-strings@20240722.0-r0", "abseil-cpp-synchronization@20240722.0-r0", "icu-libs@74.2-r0", "libgcc@14.2.0-r4", "libstdc++@14.2.0-r4", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:406087ea68ce75afc47a78126db41ad55284df70", "InstalledFiles": [ "usr/lib/libre2.so.11", "usr/lib/libre2.so.11.0.0" ], "AnalyzedBy": "apk" }, { "ID": "readline@8.2.13-r0", "Name": "readline", "Identifier": { "PURL": "pkg:apk/alpine/readline@8.2.13-r0?arch=x86_64\u0026distro=3.21.3", "UID": "8e448129748c2000" }, "Version": "8.2.13-r0", "Arch": "x86_64", "SrcName": "readline", "SrcVersion": "8.2.13-r0", "Licenses": [ "GPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libncursesw@6.5_p20241006-r3", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:b99e42766d2d37aa8b69820daa080ab50c28a150", "InstalledFiles": [ "etc/inputrc", "usr/lib/libreadline.so.8", "usr/lib/libreadline.so.8.2" ], "AnalyzedBy": "apk" }, { "ID": "scanelf@1.3.8-r1", "Name": "scanelf", "Identifier": { "PURL": "pkg:apk/alpine/scanelf@1.3.8-r1?arch=x86_64\u0026distro=3.21.3", "UID": "99c1bc01da347386" }, "Version": "1.3.8-r1", "Arch": "x86_64", "SrcName": "pax-utils", "SrcVersion": "1.3.8-r1", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "Digest": "sha1:77729f7622baeaafb6feaf7486f4f5452c1c7b62", "InstalledFiles": [ "usr/bin/scanelf" ], "AnalyzedBy": "apk" }, { "ID": "ssl_client@1.37.0-r12", "Name": "ssl_client", "Identifier": { "PURL": "pkg:apk/alpine/ssl_client@1.37.0-r12?arch=x86_64\u0026distro=3.21.3", "UID": "7637191a09ed06b3" }, "Version": "1.37.0-r12", "Arch": "x86_64", "SrcName": "busybox", "SrcVersion": "1.37.0-r12", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", "DependsOn": [ "libcrypto3@3.3.3-r0", "libssl3@3.3.3-r0", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "Digest": "sha1:69bfb6258ecb0a21e3b0ea12e6d4544192ab3766", "InstalledFiles": [ "usr/bin/ssl_client" ], "AnalyzedBy": "apk" }, { "ID": "tzdata@2025a-r0", "Name": "tzdata", "Identifier": { "PURL": "pkg:apk/alpine/tzdata@2025a-r0?arch=x86_64\u0026distro=3.21.3", "UID": "6202fbbc831770e0" }, "Version": "2025a-r0", "Arch": "x86_64", "SrcName": "tzdata", "SrcVersion": "2025a-r0", "Licenses": [ "Public-Domain" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:0b536b9594eb3a23cc3fcb9222d87999ee7a5a5e", "InstalledFiles": [ "usr/share/zoneinfo/CET", "usr/share/zoneinfo/CST6CDT", "usr/share/zoneinfo/Cuba", "usr/share/zoneinfo/EET", "usr/share/zoneinfo/EST", "usr/share/zoneinfo/EST5EDT", "usr/share/zoneinfo/Egypt", "usr/share/zoneinfo/Eire", "usr/share/zoneinfo/Factory", "usr/share/zoneinfo/GB", "usr/share/zoneinfo/GB-Eire", "usr/share/zoneinfo/GMT", "usr/share/zoneinfo/GMT+0", "usr/share/zoneinfo/GMT-0", "usr/share/zoneinfo/GMT0", "usr/share/zoneinfo/Greenwich", "usr/share/zoneinfo/HST", "usr/share/zoneinfo/Hongkong", "usr/share/zoneinfo/Iceland", "usr/share/zoneinfo/Iran", "usr/share/zoneinfo/Israel", "usr/share/zoneinfo/Jamaica", "usr/share/zoneinfo/Japan", "usr/share/zoneinfo/Kwajalein", "usr/share/zoneinfo/Libya", "usr/share/zoneinfo/MET", "usr/share/zoneinfo/MST", "usr/share/zoneinfo/MST7MDT", "usr/share/zoneinfo/NZ", "usr/share/zoneinfo/NZ-CHAT", "usr/share/zoneinfo/Navajo", "usr/share/zoneinfo/PRC", "usr/share/zoneinfo/PST8PDT", "usr/share/zoneinfo/Poland", "usr/share/zoneinfo/Portugal", "usr/share/zoneinfo/ROC", "usr/share/zoneinfo/ROK", "usr/share/zoneinfo/Singapore", "usr/share/zoneinfo/Turkey", "usr/share/zoneinfo/UCT", "usr/share/zoneinfo/UTC", "usr/share/zoneinfo/Universal", "usr/share/zoneinfo/W-SU", "usr/share/zoneinfo/WET", "usr/share/zoneinfo/Zulu", "usr/share/zoneinfo/iso3166.tab", "usr/share/zoneinfo/leap-seconds.list", "usr/share/zoneinfo/posixrules", "usr/share/zoneinfo/zone.tab", "usr/share/zoneinfo/zone1970.tab", "usr/share/zoneinfo/Africa/Abidjan", "usr/share/zoneinfo/Africa/Accra", "usr/share/zoneinfo/Africa/Addis_Ababa", "usr/share/zoneinfo/Africa/Algiers", "usr/share/zoneinfo/Africa/Asmara", "usr/share/zoneinfo/Africa/Asmera", "usr/share/zoneinfo/Africa/Bamako", "usr/share/zoneinfo/Africa/Bangui", "usr/share/zoneinfo/Africa/Banjul", "usr/share/zoneinfo/Africa/Bissau", "usr/share/zoneinfo/Africa/Blantyre", "usr/share/zoneinfo/Africa/Brazzaville", "usr/share/zoneinfo/Africa/Bujumbura", "usr/share/zoneinfo/Africa/Cairo", "usr/share/zoneinfo/Africa/Casablanca", "usr/share/zoneinfo/Africa/Ceuta", "usr/share/zoneinfo/Africa/Conakry", "usr/share/zoneinfo/Africa/Dakar", "usr/share/zoneinfo/Africa/Dar_es_Salaam", "usr/share/zoneinfo/Africa/Djibouti", "usr/share/zoneinfo/Africa/Douala", "usr/share/zoneinfo/Africa/El_Aaiun", "usr/share/zoneinfo/Africa/Freetown", "usr/share/zoneinfo/Africa/Gaborone", "usr/share/zoneinfo/Africa/Harare", "usr/share/zoneinfo/Africa/Johannesburg", "usr/share/zoneinfo/Africa/Juba", "usr/share/zoneinfo/Africa/Kampala", "usr/share/zoneinfo/Africa/Khartoum", "usr/share/zoneinfo/Africa/Kigali", "usr/share/zoneinfo/Africa/Kinshasa", "usr/share/zoneinfo/Africa/Lagos", "usr/share/zoneinfo/Africa/Libreville", "usr/share/zoneinfo/Africa/Lome", "usr/share/zoneinfo/Africa/Luanda", "usr/share/zoneinfo/Africa/Lubumbashi", "usr/share/zoneinfo/Africa/Lusaka", "usr/share/zoneinfo/Africa/Malabo", "usr/share/zoneinfo/Africa/Maputo", "usr/share/zoneinfo/Africa/Maseru", "usr/share/zoneinfo/Africa/Mbabane", "usr/share/zoneinfo/Africa/Mogadishu", "usr/share/zoneinfo/Africa/Monrovia", "usr/share/zoneinfo/Africa/Nairobi", "usr/share/zoneinfo/Africa/Ndjamena", "usr/share/zoneinfo/Africa/Niamey", "usr/share/zoneinfo/Africa/Nouakchott", "usr/share/zoneinfo/Africa/Ouagadougou", "usr/share/zoneinfo/Africa/Porto-Novo", "usr/share/zoneinfo/Africa/Sao_Tome", "usr/share/zoneinfo/Africa/Timbuktu", "usr/share/zoneinfo/Africa/Tripoli", "usr/share/zoneinfo/Africa/Tunis", "usr/share/zoneinfo/Africa/Windhoek", "usr/share/zoneinfo/America/Adak", "usr/share/zoneinfo/America/Anchorage", "usr/share/zoneinfo/America/Anguilla", "usr/share/zoneinfo/America/Antigua", "usr/share/zoneinfo/America/Araguaina", "usr/share/zoneinfo/America/Aruba", "usr/share/zoneinfo/America/Asuncion", "usr/share/zoneinfo/America/Atikokan", "usr/share/zoneinfo/America/Atka", "usr/share/zoneinfo/America/Bahia", "usr/share/zoneinfo/America/Bahia_Banderas", "usr/share/zoneinfo/America/Barbados", "usr/share/zoneinfo/America/Belem", "usr/share/zoneinfo/America/Belize", "usr/share/zoneinfo/America/Blanc-Sablon", "usr/share/zoneinfo/America/Boa_Vista", "usr/share/zoneinfo/America/Bogota", "usr/share/zoneinfo/America/Boise", "usr/share/zoneinfo/America/Buenos_Aires", "usr/share/zoneinfo/America/Cambridge_Bay", "usr/share/zoneinfo/America/Campo_Grande", "usr/share/zoneinfo/America/Cancun", "usr/share/zoneinfo/America/Caracas", "usr/share/zoneinfo/America/Catamarca", "usr/share/zoneinfo/America/Cayenne", "usr/share/zoneinfo/America/Cayman", "usr/share/zoneinfo/America/Chicago", "usr/share/zoneinfo/America/Chihuahua", "usr/share/zoneinfo/America/Ciudad_Juarez", "usr/share/zoneinfo/America/Coral_Harbour", "usr/share/zoneinfo/America/Cordoba", "usr/share/zoneinfo/America/Costa_Rica", "usr/share/zoneinfo/America/Creston", "usr/share/zoneinfo/America/Cuiaba", "usr/share/zoneinfo/America/Curacao", "usr/share/zoneinfo/America/Danmarkshavn", "usr/share/zoneinfo/America/Dawson", "usr/share/zoneinfo/America/Dawson_Creek", "usr/share/zoneinfo/America/Denver", "usr/share/zoneinfo/America/Detroit", "usr/share/zoneinfo/America/Dominica", "usr/share/zoneinfo/America/Edmonton", "usr/share/zoneinfo/America/Eirunepe", "usr/share/zoneinfo/America/El_Salvador", "usr/share/zoneinfo/America/Ensenada", "usr/share/zoneinfo/America/Fort_Nelson", "usr/share/zoneinfo/America/Fort_Wayne", "usr/share/zoneinfo/America/Fortaleza", "usr/share/zoneinfo/America/Glace_Bay", "usr/share/zoneinfo/America/Godthab", "usr/share/zoneinfo/America/Goose_Bay", "usr/share/zoneinfo/America/Grand_Turk", "usr/share/zoneinfo/America/Grenada", "usr/share/zoneinfo/America/Guadeloupe", "usr/share/zoneinfo/America/Guatemala", "usr/share/zoneinfo/America/Guayaquil", "usr/share/zoneinfo/America/Guyana", "usr/share/zoneinfo/America/Halifax", "usr/share/zoneinfo/America/Havana", "usr/share/zoneinfo/America/Hermosillo", "usr/share/zoneinfo/America/Indianapolis", "usr/share/zoneinfo/America/Inuvik", "usr/share/zoneinfo/America/Iqaluit", "usr/share/zoneinfo/America/Jamaica", "usr/share/zoneinfo/America/Jujuy", "usr/share/zoneinfo/America/Juneau", "usr/share/zoneinfo/America/Knox_IN", "usr/share/zoneinfo/America/Kralendijk", "usr/share/zoneinfo/America/La_Paz", "usr/share/zoneinfo/America/Lima", "usr/share/zoneinfo/America/Los_Angeles", "usr/share/zoneinfo/America/Louisville", "usr/share/zoneinfo/America/Lower_Princes", "usr/share/zoneinfo/America/Maceio", "usr/share/zoneinfo/America/Managua", "usr/share/zoneinfo/America/Manaus", "usr/share/zoneinfo/America/Marigot", "usr/share/zoneinfo/America/Martinique", "usr/share/zoneinfo/America/Matamoros", "usr/share/zoneinfo/America/Mazatlan", "usr/share/zoneinfo/America/Mendoza", "usr/share/zoneinfo/America/Menominee", "usr/share/zoneinfo/America/Merida", "usr/share/zoneinfo/America/Metlakatla", "usr/share/zoneinfo/America/Mexico_City", "usr/share/zoneinfo/America/Miquelon", "usr/share/zoneinfo/America/Moncton", "usr/share/zoneinfo/America/Monterrey", "usr/share/zoneinfo/America/Montevideo", "usr/share/zoneinfo/America/Montreal", "usr/share/zoneinfo/America/Montserrat", "usr/share/zoneinfo/America/Nassau", "usr/share/zoneinfo/America/New_York", "usr/share/zoneinfo/America/Nipigon", "usr/share/zoneinfo/America/Nome", "usr/share/zoneinfo/America/Noronha", "usr/share/zoneinfo/America/Nuuk", "usr/share/zoneinfo/America/Ojinaga", "usr/share/zoneinfo/America/Panama", "usr/share/zoneinfo/America/Pangnirtung", "usr/share/zoneinfo/America/Paramaribo", "usr/share/zoneinfo/America/Phoenix", "usr/share/zoneinfo/America/Port-au-Prince", "usr/share/zoneinfo/America/Port_of_Spain", "usr/share/zoneinfo/America/Porto_Acre", "usr/share/zoneinfo/America/Porto_Velho", "usr/share/zoneinfo/America/Puerto_Rico", "usr/share/zoneinfo/America/Punta_Arenas", "usr/share/zoneinfo/America/Rainy_River", "usr/share/zoneinfo/America/Rankin_Inlet", "usr/share/zoneinfo/America/Recife", "usr/share/zoneinfo/America/Regina", "usr/share/zoneinfo/America/Resolute", "usr/share/zoneinfo/America/Rio_Branco", "usr/share/zoneinfo/America/Rosario", "usr/share/zoneinfo/America/Santa_Isabel", "usr/share/zoneinfo/America/Santarem", "usr/share/zoneinfo/America/Santiago", "usr/share/zoneinfo/America/Santo_Domingo", "usr/share/zoneinfo/America/Sao_Paulo", "usr/share/zoneinfo/America/Scoresbysund", "usr/share/zoneinfo/America/Shiprock", "usr/share/zoneinfo/America/Sitka", "usr/share/zoneinfo/America/St_Barthelemy", "usr/share/zoneinfo/America/St_Johns", "usr/share/zoneinfo/America/St_Kitts", "usr/share/zoneinfo/America/St_Lucia", "usr/share/zoneinfo/America/St_Thomas", "usr/share/zoneinfo/America/St_Vincent", "usr/share/zoneinfo/America/Swift_Current", "usr/share/zoneinfo/America/Tegucigalpa", "usr/share/zoneinfo/America/Thule", "usr/share/zoneinfo/America/Thunder_Bay", "usr/share/zoneinfo/America/Tijuana", "usr/share/zoneinfo/America/Toronto", "usr/share/zoneinfo/America/Tortola", "usr/share/zoneinfo/America/Vancouver", "usr/share/zoneinfo/America/Virgin", "usr/share/zoneinfo/America/Whitehorse", "usr/share/zoneinfo/America/Winnipeg", "usr/share/zoneinfo/America/Yakutat", "usr/share/zoneinfo/America/Yellowknife", "usr/share/zoneinfo/America/Argentina/Buenos_Aires", "usr/share/zoneinfo/America/Argentina/Catamarca", "usr/share/zoneinfo/America/Argentina/ComodRivadavia", "usr/share/zoneinfo/America/Argentina/Cordoba", "usr/share/zoneinfo/America/Argentina/Jujuy", "usr/share/zoneinfo/America/Argentina/La_Rioja", "usr/share/zoneinfo/America/Argentina/Mendoza", "usr/share/zoneinfo/America/Argentina/Rio_Gallegos", "usr/share/zoneinfo/America/Argentina/Salta", "usr/share/zoneinfo/America/Argentina/San_Juan", "usr/share/zoneinfo/America/Argentina/San_Luis", "usr/share/zoneinfo/America/Argentina/Tucuman", "usr/share/zoneinfo/America/Argentina/Ushuaia", "usr/share/zoneinfo/America/Indiana/Indianapolis", "usr/share/zoneinfo/America/Indiana/Knox", "usr/share/zoneinfo/America/Indiana/Marengo", "usr/share/zoneinfo/America/Indiana/Petersburg", "usr/share/zoneinfo/America/Indiana/Tell_City", "usr/share/zoneinfo/America/Indiana/Vevay", "usr/share/zoneinfo/America/Indiana/Vincennes", "usr/share/zoneinfo/America/Indiana/Winamac", "usr/share/zoneinfo/America/Kentucky/Louisville", "usr/share/zoneinfo/America/Kentucky/Monticello", "usr/share/zoneinfo/America/North_Dakota/Beulah", "usr/share/zoneinfo/America/North_Dakota/Center", "usr/share/zoneinfo/America/North_Dakota/New_Salem", "usr/share/zoneinfo/Antarctica/Casey", "usr/share/zoneinfo/Antarctica/Davis", "usr/share/zoneinfo/Antarctica/DumontDUrville", "usr/share/zoneinfo/Antarctica/Macquarie", "usr/share/zoneinfo/Antarctica/Mawson", "usr/share/zoneinfo/Antarctica/McMurdo", "usr/share/zoneinfo/Antarctica/Palmer", "usr/share/zoneinfo/Antarctica/Rothera", "usr/share/zoneinfo/Antarctica/South_Pole", "usr/share/zoneinfo/Antarctica/Syowa", "usr/share/zoneinfo/Antarctica/Troll", "usr/share/zoneinfo/Antarctica/Vostok", "usr/share/zoneinfo/Arctic/Longyearbyen", "usr/share/zoneinfo/Asia/Aden", "usr/share/zoneinfo/Asia/Almaty", "usr/share/zoneinfo/Asia/Amman", "usr/share/zoneinfo/Asia/Anadyr", "usr/share/zoneinfo/Asia/Aqtau", "usr/share/zoneinfo/Asia/Aqtobe", "usr/share/zoneinfo/Asia/Ashgabat", "usr/share/zoneinfo/Asia/Ashkhabad", "usr/share/zoneinfo/Asia/Atyrau", "usr/share/zoneinfo/Asia/Baghdad", "usr/share/zoneinfo/Asia/Bahrain", "usr/share/zoneinfo/Asia/Baku", "usr/share/zoneinfo/Asia/Bangkok", "usr/share/zoneinfo/Asia/Barnaul", "usr/share/zoneinfo/Asia/Beirut", "usr/share/zoneinfo/Asia/Bishkek", "usr/share/zoneinfo/Asia/Brunei", "usr/share/zoneinfo/Asia/Calcutta", "usr/share/zoneinfo/Asia/Chita", "usr/share/zoneinfo/Asia/Choibalsan", "usr/share/zoneinfo/Asia/Chongqing", "usr/share/zoneinfo/Asia/Chungking", "usr/share/zoneinfo/Asia/Colombo", "usr/share/zoneinfo/Asia/Dacca", "usr/share/zoneinfo/Asia/Damascus", "usr/share/zoneinfo/Asia/Dhaka", "usr/share/zoneinfo/Asia/Dili", "usr/share/zoneinfo/Asia/Dubai", "usr/share/zoneinfo/Asia/Dushanbe", "usr/share/zoneinfo/Asia/Famagusta", "usr/share/zoneinfo/Asia/Gaza", "usr/share/zoneinfo/Asia/Harbin", "usr/share/zoneinfo/Asia/Hebron", "usr/share/zoneinfo/Asia/Ho_Chi_Minh", "usr/share/zoneinfo/Asia/Hong_Kong", "usr/share/zoneinfo/Asia/Hovd", "usr/share/zoneinfo/Asia/Irkutsk", "usr/share/zoneinfo/Asia/Istanbul", "usr/share/zoneinfo/Asia/Jakarta", "usr/share/zoneinfo/Asia/Jayapura", "usr/share/zoneinfo/Asia/Jerusalem", "usr/share/zoneinfo/Asia/Kabul", "usr/share/zoneinfo/Asia/Kamchatka", "usr/share/zoneinfo/Asia/Karachi", "usr/share/zoneinfo/Asia/Kashgar", "usr/share/zoneinfo/Asia/Kathmandu", "usr/share/zoneinfo/Asia/Katmandu", "usr/share/zoneinfo/Asia/Khandyga", "usr/share/zoneinfo/Asia/Kolkata", "usr/share/zoneinfo/Asia/Krasnoyarsk", "usr/share/zoneinfo/Asia/Kuala_Lumpur", "usr/share/zoneinfo/Asia/Kuching", "usr/share/zoneinfo/Asia/Kuwait", "usr/share/zoneinfo/Asia/Macao", "usr/share/zoneinfo/Asia/Macau", "usr/share/zoneinfo/Asia/Magadan", "usr/share/zoneinfo/Asia/Makassar", "usr/share/zoneinfo/Asia/Manila", "usr/share/zoneinfo/Asia/Muscat", "usr/share/zoneinfo/Asia/Nicosia", "usr/share/zoneinfo/Asia/Novokuznetsk", "usr/share/zoneinfo/Asia/Novosibirsk", "usr/share/zoneinfo/Asia/Omsk", "usr/share/zoneinfo/Asia/Oral", "usr/share/zoneinfo/Asia/Phnom_Penh", "usr/share/zoneinfo/Asia/Pontianak", "usr/share/zoneinfo/Asia/Pyongyang", "usr/share/zoneinfo/Asia/Qatar", "usr/share/zoneinfo/Asia/Qostanay", "usr/share/zoneinfo/Asia/Qyzylorda", "usr/share/zoneinfo/Asia/Rangoon", "usr/share/zoneinfo/Asia/Riyadh", "usr/share/zoneinfo/Asia/Saigon", "usr/share/zoneinfo/Asia/Sakhalin", "usr/share/zoneinfo/Asia/Samarkand", "usr/share/zoneinfo/Asia/Seoul", "usr/share/zoneinfo/Asia/Shanghai", "usr/share/zoneinfo/Asia/Singapore", "usr/share/zoneinfo/Asia/Srednekolymsk", "usr/share/zoneinfo/Asia/Taipei", "usr/share/zoneinfo/Asia/Tashkent", "usr/share/zoneinfo/Asia/Tbilisi", "usr/share/zoneinfo/Asia/Tehran", "usr/share/zoneinfo/Asia/Tel_Aviv", "usr/share/zoneinfo/Asia/Thimbu", "usr/share/zoneinfo/Asia/Thimphu", "usr/share/zoneinfo/Asia/Tokyo", "usr/share/zoneinfo/Asia/Tomsk", "usr/share/zoneinfo/Asia/Ujung_Pandang", "usr/share/zoneinfo/Asia/Ulaanbaatar", "usr/share/zoneinfo/Asia/Ulan_Bator", "usr/share/zoneinfo/Asia/Urumqi", "usr/share/zoneinfo/Asia/Ust-Nera", "usr/share/zoneinfo/Asia/Vientiane", "usr/share/zoneinfo/Asia/Vladivostok", "usr/share/zoneinfo/Asia/Yakutsk", "usr/share/zoneinfo/Asia/Yangon", "usr/share/zoneinfo/Asia/Yekaterinburg", "usr/share/zoneinfo/Asia/Yerevan", "usr/share/zoneinfo/Atlantic/Azores", "usr/share/zoneinfo/Atlantic/Bermuda", "usr/share/zoneinfo/Atlantic/Canary", "usr/share/zoneinfo/Atlantic/Cape_Verde", "usr/share/zoneinfo/Atlantic/Faeroe", "usr/share/zoneinfo/Atlantic/Faroe", "usr/share/zoneinfo/Atlantic/Jan_Mayen", "usr/share/zoneinfo/Atlantic/Madeira", "usr/share/zoneinfo/Atlantic/Reykjavik", "usr/share/zoneinfo/Atlantic/South_Georgia", "usr/share/zoneinfo/Atlantic/St_Helena", "usr/share/zoneinfo/Atlantic/Stanley", "usr/share/zoneinfo/Australia/ACT", "usr/share/zoneinfo/Australia/Adelaide", "usr/share/zoneinfo/Australia/Brisbane", "usr/share/zoneinfo/Australia/Broken_Hill", "usr/share/zoneinfo/Australia/Canberra", "usr/share/zoneinfo/Australia/Currie", "usr/share/zoneinfo/Australia/Darwin", "usr/share/zoneinfo/Australia/Eucla", "usr/share/zoneinfo/Australia/Hobart", "usr/share/zoneinfo/Australia/LHI", "usr/share/zoneinfo/Australia/Lindeman", "usr/share/zoneinfo/Australia/Lord_Howe", "usr/share/zoneinfo/Australia/Melbourne", "usr/share/zoneinfo/Australia/NSW", "usr/share/zoneinfo/Australia/North", "usr/share/zoneinfo/Australia/Perth", "usr/share/zoneinfo/Australia/Queensland", "usr/share/zoneinfo/Australia/South", "usr/share/zoneinfo/Australia/Sydney", "usr/share/zoneinfo/Australia/Tasmania", "usr/share/zoneinfo/Australia/Victoria", "usr/share/zoneinfo/Australia/West", "usr/share/zoneinfo/Australia/Yancowinna", "usr/share/zoneinfo/Brazil/Acre", "usr/share/zoneinfo/Brazil/DeNoronha", "usr/share/zoneinfo/Brazil/East", "usr/share/zoneinfo/Brazil/West", "usr/share/zoneinfo/Canada/Atlantic", "usr/share/zoneinfo/Canada/Central", "usr/share/zoneinfo/Canada/Eastern", "usr/share/zoneinfo/Canada/Mountain", "usr/share/zoneinfo/Canada/Newfoundland", "usr/share/zoneinfo/Canada/Pacific", "usr/share/zoneinfo/Canada/Saskatchewan", "usr/share/zoneinfo/Canada/Yukon", "usr/share/zoneinfo/Chile/Continental", "usr/share/zoneinfo/Chile/EasterIsland", "usr/share/zoneinfo/Etc/GMT", "usr/share/zoneinfo/Etc/GMT+0", "usr/share/zoneinfo/Etc/GMT+1", "usr/share/zoneinfo/Etc/GMT+10", "usr/share/zoneinfo/Etc/GMT+11", "usr/share/zoneinfo/Etc/GMT+12", "usr/share/zoneinfo/Etc/GMT+2", "usr/share/zoneinfo/Etc/GMT+3", "usr/share/zoneinfo/Etc/GMT+4", "usr/share/zoneinfo/Etc/GMT+5", "usr/share/zoneinfo/Etc/GMT+6", "usr/share/zoneinfo/Etc/GMT+7", "usr/share/zoneinfo/Etc/GMT+8", "usr/share/zoneinfo/Etc/GMT+9", "usr/share/zoneinfo/Etc/GMT-0", "usr/share/zoneinfo/Etc/GMT-1", "usr/share/zoneinfo/Etc/GMT-10", "usr/share/zoneinfo/Etc/GMT-11", "usr/share/zoneinfo/Etc/GMT-12", "usr/share/zoneinfo/Etc/GMT-13", "usr/share/zoneinfo/Etc/GMT-14", "usr/share/zoneinfo/Etc/GMT-2", "usr/share/zoneinfo/Etc/GMT-3", "usr/share/zoneinfo/Etc/GMT-4", "usr/share/zoneinfo/Etc/GMT-5", "usr/share/zoneinfo/Etc/GMT-6", "usr/share/zoneinfo/Etc/GMT-7", "usr/share/zoneinfo/Etc/GMT-8", "usr/share/zoneinfo/Etc/GMT-9", "usr/share/zoneinfo/Etc/GMT0", "usr/share/zoneinfo/Etc/Greenwich", "usr/share/zoneinfo/Etc/UCT", "usr/share/zoneinfo/Etc/UTC", "usr/share/zoneinfo/Etc/Universal", "usr/share/zoneinfo/Etc/Zulu", "usr/share/zoneinfo/Europe/Amsterdam", "usr/share/zoneinfo/Europe/Andorra", "usr/share/zoneinfo/Europe/Astrakhan", "usr/share/zoneinfo/Europe/Athens", "usr/share/zoneinfo/Europe/Belfast", "usr/share/zoneinfo/Europe/Belgrade", "usr/share/zoneinfo/Europe/Berlin", "usr/share/zoneinfo/Europe/Bratislava", "usr/share/zoneinfo/Europe/Brussels", "usr/share/zoneinfo/Europe/Bucharest", "usr/share/zoneinfo/Europe/Budapest", "usr/share/zoneinfo/Europe/Busingen", "usr/share/zoneinfo/Europe/Chisinau", "usr/share/zoneinfo/Europe/Copenhagen", "usr/share/zoneinfo/Europe/Dublin", "usr/share/zoneinfo/Europe/Gibraltar", "usr/share/zoneinfo/Europe/Guernsey", "usr/share/zoneinfo/Europe/Helsinki", "usr/share/zoneinfo/Europe/Isle_of_Man", "usr/share/zoneinfo/Europe/Istanbul", "usr/share/zoneinfo/Europe/Jersey", "usr/share/zoneinfo/Europe/Kaliningrad", "usr/share/zoneinfo/Europe/Kiev", "usr/share/zoneinfo/Europe/Kirov", "usr/share/zoneinfo/Europe/Kyiv", "usr/share/zoneinfo/Europe/Lisbon", "usr/share/zoneinfo/Europe/Ljubljana", "usr/share/zoneinfo/Europe/London", "usr/share/zoneinfo/Europe/Luxembourg", "usr/share/zoneinfo/Europe/Madrid", "usr/share/zoneinfo/Europe/Malta", "usr/share/zoneinfo/Europe/Mariehamn", "usr/share/zoneinfo/Europe/Minsk", "usr/share/zoneinfo/Europe/Monaco", "usr/share/zoneinfo/Europe/Moscow", "usr/share/zoneinfo/Europe/Nicosia", "usr/share/zoneinfo/Europe/Oslo", "usr/share/zoneinfo/Europe/Paris", "usr/share/zoneinfo/Europe/Podgorica", "usr/share/zoneinfo/Europe/Prague", "usr/share/zoneinfo/Europe/Riga", "usr/share/zoneinfo/Europe/Rome", "usr/share/zoneinfo/Europe/Samara", "usr/share/zoneinfo/Europe/San_Marino", "usr/share/zoneinfo/Europe/Sarajevo", "usr/share/zoneinfo/Europe/Saratov", "usr/share/zoneinfo/Europe/Simferopol", "usr/share/zoneinfo/Europe/Skopje", "usr/share/zoneinfo/Europe/Sofia", "usr/share/zoneinfo/Europe/Stockholm", "usr/share/zoneinfo/Europe/Tallinn", "usr/share/zoneinfo/Europe/Tirane", "usr/share/zoneinfo/Europe/Tiraspol", "usr/share/zoneinfo/Europe/Ulyanovsk", "usr/share/zoneinfo/Europe/Uzhgorod", "usr/share/zoneinfo/Europe/Vaduz", "usr/share/zoneinfo/Europe/Vatican", "usr/share/zoneinfo/Europe/Vienna", "usr/share/zoneinfo/Europe/Vilnius", "usr/share/zoneinfo/Europe/Volgograd", "usr/share/zoneinfo/Europe/Warsaw", "usr/share/zoneinfo/Europe/Zagreb", "usr/share/zoneinfo/Europe/Zaporozhye", "usr/share/zoneinfo/Europe/Zurich", "usr/share/zoneinfo/Indian/Antananarivo", "usr/share/zoneinfo/Indian/Chagos", "usr/share/zoneinfo/Indian/Christmas", "usr/share/zoneinfo/Indian/Cocos", "usr/share/zoneinfo/Indian/Comoro", "usr/share/zoneinfo/Indian/Kerguelen", "usr/share/zoneinfo/Indian/Mahe", "usr/share/zoneinfo/Indian/Maldives", "usr/share/zoneinfo/Indian/Mauritius", "usr/share/zoneinfo/Indian/Mayotte", "usr/share/zoneinfo/Indian/Reunion", "usr/share/zoneinfo/Mexico/BajaNorte", "usr/share/zoneinfo/Mexico/BajaSur", "usr/share/zoneinfo/Mexico/General", "usr/share/zoneinfo/Pacific/Apia", "usr/share/zoneinfo/Pacific/Auckland", "usr/share/zoneinfo/Pacific/Bougainville", "usr/share/zoneinfo/Pacific/Chatham", "usr/share/zoneinfo/Pacific/Chuuk", "usr/share/zoneinfo/Pacific/Easter", "usr/share/zoneinfo/Pacific/Efate", "usr/share/zoneinfo/Pacific/Enderbury", "usr/share/zoneinfo/Pacific/Fakaofo", "usr/share/zoneinfo/Pacific/Fiji", "usr/share/zoneinfo/Pacific/Funafuti", "usr/share/zoneinfo/Pacific/Galapagos", "usr/share/zoneinfo/Pacific/Gambier", "usr/share/zoneinfo/Pacific/Guadalcanal", "usr/share/zoneinfo/Pacific/Guam", "usr/share/zoneinfo/Pacific/Honolulu", "usr/share/zoneinfo/Pacific/Johnston", "usr/share/zoneinfo/Pacific/Kanton", "usr/share/zoneinfo/Pacific/Kiritimati", "usr/share/zoneinfo/Pacific/Kosrae", "usr/share/zoneinfo/Pacific/Kwajalein", "usr/share/zoneinfo/Pacific/Majuro", "usr/share/zoneinfo/Pacific/Marquesas", "usr/share/zoneinfo/Pacific/Midway", "usr/share/zoneinfo/Pacific/Nauru", "usr/share/zoneinfo/Pacific/Niue", "usr/share/zoneinfo/Pacific/Norfolk", "usr/share/zoneinfo/Pacific/Noumea", "usr/share/zoneinfo/Pacific/Pago_Pago", "usr/share/zoneinfo/Pacific/Palau", "usr/share/zoneinfo/Pacific/Pitcairn", "usr/share/zoneinfo/Pacific/Pohnpei", "usr/share/zoneinfo/Pacific/Ponape", "usr/share/zoneinfo/Pacific/Port_Moresby", "usr/share/zoneinfo/Pacific/Rarotonga", "usr/share/zoneinfo/Pacific/Saipan", "usr/share/zoneinfo/Pacific/Samoa", "usr/share/zoneinfo/Pacific/Tahiti", "usr/share/zoneinfo/Pacific/Tarawa", "usr/share/zoneinfo/Pacific/Tongatapu", "usr/share/zoneinfo/Pacific/Truk", "usr/share/zoneinfo/Pacific/Wake", "usr/share/zoneinfo/Pacific/Wallis", "usr/share/zoneinfo/Pacific/Yap", "usr/share/zoneinfo/US/Alaska", "usr/share/zoneinfo/US/Aleutian", "usr/share/zoneinfo/US/Arizona", "usr/share/zoneinfo/US/Central", "usr/share/zoneinfo/US/East-Indiana", "usr/share/zoneinfo/US/Eastern", "usr/share/zoneinfo/US/Hawaii", "usr/share/zoneinfo/US/Indiana-Starke", "usr/share/zoneinfo/US/Michigan", "usr/share/zoneinfo/US/Mountain", "usr/share/zoneinfo/US/Pacific", "usr/share/zoneinfo/US/Samoa" ], "AnalyzedBy": "apk" }, { "ID": "xz-libs@5.6.3-r0", "Name": "xz-libs", "Identifier": { "PURL": "pkg:apk/alpine/xz-libs@5.6.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "458a272f25e033f6" }, "Version": "5.6.3-r0", "Arch": "x86_64", "SrcName": "xz", "SrcVersion": "5.6.3-r0", "Licenses": [ "GPL-2.0-or-later", "0BSD", "Public-Domain", "LGPL-2.1-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:019d37b9326daf6a7a7840ec5957b7a65c79ccac", "InstalledFiles": [ "usr/lib/liblzma.so.5", "usr/lib/liblzma.so.5.6.3" ], "AnalyzedBy": "apk" }, { "ID": "yajl@2.1.0-r9", "Name": "yajl", "Identifier": { "PURL": "pkg:apk/alpine/yajl@2.1.0-r9?arch=x86_64\u0026distro=3.21.3", "UID": "9f268f83dfacd4e4" }, "Version": "2.1.0-r9", "Arch": "x86_64", "SrcName": "yajl", "SrcVersion": "2.1.0-r9", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:deeebb9f26dee94a268c7794b1c9999ba8cf7d2c", "InstalledFiles": [ "usr/lib/libyajl.so.2", "usr/lib/libyajl.so.2.1.0" ], "AnalyzedBy": "apk" }, { "ID": "yaml-cpp@0.8.0-r0", "Name": "yaml-cpp", "Identifier": { "PURL": "pkg:apk/alpine/yaml-cpp@0.8.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "93d263e84643ff61" }, "Version": "0.8.0-r0", "Arch": "x86_64", "SrcName": "yaml-cpp", "SrcVersion": "0.8.0-r0", "Licenses": [ "MIT" ], "Maintainer": "Jakub Jirutka \u003cjakub@jirutka.cz\u003e", "DependsOn": [ "libgcc@14.2.0-r4", "libstdc++@14.2.0-r4", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:bf8a86b5bf3434a9e461104384b38466ff1b3970", "InstalledFiles": [ "usr/lib/libyaml-cpp.so.0.8", "usr/lib/libyaml-cpp.so.0.8.0" ], "AnalyzedBy": "apk" }, { "ID": "zlib@1.3.1-r2", "Name": "zlib", "Identifier": { "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.21.3", "UID": "3b545badcbeb3bc0" }, "Version": "1.3.1-r2", "Arch": "x86_64", "SrcName": "zlib", "SrcVersion": "1.3.1-r2", "Licenses": [ "Zlib" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "Digest": "sha1:f0b90f76367ac51b4a3e70432ed00e6dca6a7432", "InstalledFiles": [ "usr/lib/libz.so.1", "usr/lib/libz.so.1.3.1" ], "AnalyzedBy": "apk" }, { "ID": "zstd-libs@1.5.6-r2", "Name": "zstd-libs", "Identifier": { "PURL": "pkg:apk/alpine/zstd-libs@1.5.6-r2?arch=x86_64\u0026distro=3.21.3", "UID": "12ea9cf6ad7ac333" }, "Version": "1.5.6-r2", "Arch": "x86_64", "SrcName": "zstd", "SrcVersion": "1.5.6-r2", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "Digest": "sha1:974f4e438a513770c78e286dae55203fc38604db", "InstalledFiles": [ "usr/lib/libzstd.so.1", "usr/lib/libzstd.so.1.5.6" ], "AnalyzedBy": "apk" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2024-58251", "PkgID": "busybox@1.37.0-r12", "PkgName": "busybox", "PkgIdentifier": { "PURL": "pkg:apk/alpine/busybox@1.37.0-r12?arch=x86_64\u0026distro=3.21.3", "UID": "40c5c5c69a5100e0" }, "InstalledVersion": "1.37.0-r12", "FixedVersion": "1.37.0-r14", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:5008ff6994044aa02c0026f5346f51c3f5eb54e36671aaea379d7d4c7c984cfc", "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", "Severity": "MEDIUM", "CweIDs": [ "CWE-150" ], "VendorSeverity": { "ubuntu": 2 }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/23/6", "https://bugs.busybox.net/show_bug.cgi?id=15922", "https://www.busybox.net", "https://www.busybox.net/downloads/", "https://www.cve.org/CVERecord?id=CVE-2024-58251" ], "PublishedDate": "2025-04-23T18:16:03.057Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-58251", "PkgID": "busybox-binsh@1.37.0-r12", "PkgName": "busybox-binsh", "PkgIdentifier": { "PURL": "pkg:apk/alpine/busybox-binsh@1.37.0-r12?arch=x86_64\u0026distro=3.21.3", "UID": "f727574eea8e47ea" }, "InstalledVersion": "1.37.0-r12", "FixedVersion": "1.37.0-r14", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:9391faf36c471b2225972a83f0f29f1ee22a3b91187a8bbfd675b82f1a0fd524", "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", "Severity": "MEDIUM", "CweIDs": [ "CWE-150" ], "VendorSeverity": { "ubuntu": 2 }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/23/6", "https://bugs.busybox.net/show_bug.cgi?id=15922", "https://www.busybox.net", "https://www.busybox.net/downloads/", "https://www.cve.org/CVERecord?id=CVE-2024-58251" ], "PublishedDate": "2025-04-23T18:16:03.057Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-31498", "PkgID": "c-ares@1.34.3-r0", "PkgName": "c-ares", "PkgIdentifier": { "PURL": "pkg:apk/alpine/c-ares@1.34.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "65e5c61e1dac77c8" }, "InstalledVersion": "1.34.3-r0", "FixedVersion": "1.34.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-31498", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:daa82d8dbf7e06b9bb819b9820844f16e7b4bab5dca39dd2d377cb80d8b86949", "Title": "c-ares: c-ares has a use-after-free in read_answers()", "Description": "c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in read_answers() when process_answer() may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if the remote closed the connection immediately after a response. If there was an issue trying to put that new transaction on the wire, it would close the connection handle, but read_answers() was still expecting the connection handle to be available to possibly dequeue other responses. In theory a remote attacker might be able to trigger this by flooding the target with ICMP UNREACHABLE packets if they also control the upstream nameserver and can return a result with one of those conditions, this has been untested. Otherwise only a local attacker might be able to change system behavior to make send()/write() return a failure condition. This vulnerability is fixed in 1.34.5.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 3, "oracle-oval": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H", "V3Score": 7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/08/3", "https://access.redhat.com/errata/RHSA-2025:7433", "https://access.redhat.com/security/cve/CVE-2025-31498", "https://bugzilla.redhat.com/2358271", "https://bugzilla.redhat.com/2359553", "https://bugzilla.redhat.com/show_bug.cgi?id=2358271", "https://bugzilla.redhat.com/show_bug.cgi?id=2359553", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31498", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-3277", "https://errata.almalinux.org/9/ALSA-2025-7433.html", "https://errata.rockylinux.org/RLSA-2025:7433", "https://github.com/c-ares/c-ares/commit/29d38719112639d8c0ba910254a3dd4f482ea2d1", "https://github.com/c-ares/c-ares/pull/821", "https://github.com/c-ares/c-ares/security/advisories/GHSA-6hxc-62jh-p29v", "https://linux.oracle.com/cve/CVE-2025-31498.html", "https://linux.oracle.com/errata/ELSA-2025-7502.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-31498", "https://ubuntu.com/security/notices/USN-7477-1", "https://www.cve.org/CVERecord?id=CVE-2025-31498" ], "PublishedDate": "2025-04-08T14:15:35.293Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-62408", "PkgID": "c-ares@1.34.3-r0", "PkgName": "c-ares", "PkgIdentifier": { "PURL": "pkg:apk/alpine/c-ares@1.34.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "65e5c61e1dac77c8" }, "InstalledVersion": "1.34.3-r0", "FixedVersion": "1.34.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-62408", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:553c2d877421fd43e6ef19fe3d24b67cd08ec722d5bdb7d15e0371d6b0319c8b", "Title": "c-ares: c-ares: Denial of Service due to query termination after maximum attempts", "Description": "c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using read_answer() and process_answer(), which can cause a Denial of Service. This issue is fixed in version 1.34.6.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 2, "azure": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-62408", "https://github.com/c-ares/c-ares/commit/714bf5675c541bd1e668a8db8e67ce012651e618", "https://github.com/c-ares/c-ares/security/advisories/GHSA-jq53-42q6-pqr5", "https://nvd.nist.gov/vuln/detail/CVE-2025-62408", "https://ubuntu.com/security/notices/USN-7925-1", "https://www.cve.org/CVERecord?id=CVE-2025-62408" ], "PublishedDate": "2025-12-08T22:15:52.62Z", "LastModifiedDate": "2026-02-02T14:40:44.843Z" }, { "VulnerabilityID": "CVE-2025-4947", "PkgID": "curl@8.12.1-r1", "PkgName": "curl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/curl@8.12.1-r1?arch=x86_64\u0026distro=3.21.3", "UID": "88c4306caf842e16" }, "InstalledVersion": "8.12.1-r1", "FixedVersion": "8.14.0-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4947", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:4fd9bb1c32eff8894a6690cbf709aeedbca4f99603382d9b88409a837da55762", "Title": "libcurl: curl: QUIC certificate check skip with wolfSSL", "Description": "libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "azure": 2, "julia": 2, "photon": 2, "redhat": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/05/28/4", "https://access.redhat.com/security/cve/CVE-2025-4947", "https://curl.se/docs/CVE-2025-4947.html", "https://curl.se/docs/CVE-2025-4947.json", "https://github.com/advisories/GHSA-ppfq-jg49-mqj4", "https://hackerone.com/reports/3150884", "https://nvd.nist.gov/vuln/detail/CVE-2025-4947", "https://www.cve.org/CVERecord?id=CVE-2025-4947" ], "PublishedDate": "2025-05-28T07:15:24.78Z", "LastModifiedDate": "2025-06-26T15:08:21.52Z" }, { "VulnerabilityID": "CVE-2025-5025", "PkgID": "curl@8.12.1-r1", "PkgName": "curl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/curl@8.12.1-r1?arch=x86_64\u0026distro=3.21.3", "UID": "88c4306caf842e16" }, "InstalledVersion": "8.12.1-r1", "FixedVersion": "8.14.0-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5025", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:64ab30e9d878106369ea1819bda44ccdbc2bdf5f7b292293e4d4ff1dfab7a472", "Title": "curl: libcurl: QUIC Certificate Pinning Bypass", "Description": "libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC and HTTP/3. Since pinning makes the transfer succeed if the pin is fine, users could unwittingly connect to an impostor server without noticing.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "azure": 2, "julia": 2, "photon": 2, "redhat": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/05/28/5", "https://access.redhat.com/security/cve/CVE-2025-5025", "https://curl.se/docs/CVE-2025-5025.html", "https://curl.se/docs/CVE-2025-5025.json", "https://github.com/advisories/GHSA-x8ch-h5vv-q6cm", "https://hackerone.com/reports/3153497", "https://nvd.nist.gov/vuln/detail/CVE-2025-5025", "https://www.cve.org/CVERecord?id=CVE-2025-5025" ], "PublishedDate": "2025-05-28T07:15:24.91Z", "LastModifiedDate": "2025-07-30T19:41:37.987Z" }, { "VulnerabilityID": "CVE-2025-5399", "PkgID": "curl@8.12.1-r1", "PkgName": "curl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/curl@8.12.1-r1?arch=x86_64\u0026distro=3.21.3", "UID": "88c4306caf842e16" }, "InstalledVersion": "8.12.1-r1", "FixedVersion": "8.14.1-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5399", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:0128598178f385c370fa49fb8756b4ca68ac94595c91f359e615af42cddfb713", "Title": "curl: libcurl: WebSocket endless loop", "Description": "Due to a mistake in libcurl's WebSocket code, a malicious server can send a\nparticularly crafted packet which makes libcurl get trapped in an endless\nbusy-loop.\n\nThere is no other way for the application to escape or exit this loop other\nthan killing the thread/process.\n\nThis might be used to DoS libcurl-using application.", "Severity": "MEDIUM", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "alma": 2, "julia": 3, "oracle-oval": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/06/04/2", "https://access.redhat.com/errata/RHSA-2025:16046", "https://access.redhat.com/security/cve/CVE-2025-5399", "https://bugzilla.redhat.com/2359885", "https://bugzilla.redhat.com/2359888", "https://bugzilla.redhat.com/2359892", "https://bugzilla.redhat.com/2359894", "https://bugzilla.redhat.com/2359895", "https://bugzilla.redhat.com/2359899", "https://bugzilla.redhat.com/2359900", "https://bugzilla.redhat.com/2359902", "https://bugzilla.redhat.com/2359903", "https://bugzilla.redhat.com/2359911", "https://bugzilla.redhat.com/2359918", "https://bugzilla.redhat.com/2359920", "https://bugzilla.redhat.com/2359924", "https://bugzilla.redhat.com/2359928", "https://bugzilla.redhat.com/2359930", "https://bugzilla.redhat.com/2359932", "https://bugzilla.redhat.com/2359934", "https://bugzilla.redhat.com/2359938", "https://bugzilla.redhat.com/2359940", "https://bugzilla.redhat.com/2359943", "https://bugzilla.redhat.com/2359944", "https://bugzilla.redhat.com/2359945", "https://bugzilla.redhat.com/2359947", "https://bugzilla.redhat.com/2359950", "https://bugzilla.redhat.com/2359963", "https://bugzilla.redhat.com/2359964", "https://bugzilla.redhat.com/2359972", "https://bugzilla.redhat.com/2370920", "https://bugzilla.redhat.com/2380264", "https://bugzilla.redhat.com/2380273", "https://bugzilla.redhat.com/2380274", "https://bugzilla.redhat.com/2380278", "https://bugzilla.redhat.com/2380280", "https://bugzilla.redhat.com/2380283", "https://bugzilla.redhat.com/2380284", "https://bugzilla.redhat.com/2380290", "https://bugzilla.redhat.com/2380291", "https://bugzilla.redhat.com/2380295", "https://bugzilla.redhat.com/2380298", "https://bugzilla.redhat.com/2380306", "https://bugzilla.redhat.com/2380308", "https://bugzilla.redhat.com/2380309", "https://bugzilla.redhat.com/2380310", "https://bugzilla.redhat.com/2380312", "https://bugzilla.redhat.com/2380313", "https://bugzilla.redhat.com/2380320", "https://bugzilla.redhat.com/2380321", "https://bugzilla.redhat.com/2380322", "https://bugzilla.redhat.com/2380326", "https://bugzilla.redhat.com/2380327", "https://bugzilla.redhat.com/2380334", "https://bugzilla.redhat.com/2380335", "https://bugzilla.redhat.com/show_bug.cgi?id=2338999", "https://bugzilla.redhat.com/show_bug.cgi?id=2359885", "https://bugzilla.redhat.com/show_bug.cgi?id=2359888", "https://bugzilla.redhat.com/show_bug.cgi?id=2359892", "https://bugzilla.redhat.com/show_bug.cgi?id=2359894", "https://bugzilla.redhat.com/show_bug.cgi?id=2359895", "https://bugzilla.redhat.com/show_bug.cgi?id=2359899", "https://bugzilla.redhat.com/show_bug.cgi?id=2359900", "https://bugzilla.redhat.com/show_bug.cgi?id=2359902", "https://bugzilla.redhat.com/show_bug.cgi?id=2359903", "https://bugzilla.redhat.com/show_bug.cgi?id=2359911", "https://bugzilla.redhat.com/show_bug.cgi?id=2359918", "https://bugzilla.redhat.com/show_bug.cgi?id=2359920", "https://bugzilla.redhat.com/show_bug.cgi?id=2359924", "https://bugzilla.redhat.com/show_bug.cgi?id=2359928", "https://bugzilla.redhat.com/show_bug.cgi?id=2359930", "https://bugzilla.redhat.com/show_bug.cgi?id=2359932", "https://bugzilla.redhat.com/show_bug.cgi?id=2359934", "https://bugzilla.redhat.com/show_bug.cgi?id=2359938", "https://bugzilla.redhat.com/show_bug.cgi?id=2359940", "https://bugzilla.redhat.com/show_bug.cgi?id=2359943", "https://bugzilla.redhat.com/show_bug.cgi?id=2359944", "https://bugzilla.redhat.com/show_bug.cgi?id=2359945", "https://bugzilla.redhat.com/show_bug.cgi?id=2359947", "https://bugzilla.redhat.com/show_bug.cgi?id=2359950", "https://bugzilla.redhat.com/show_bug.cgi?id=2359963", "https://bugzilla.redhat.com/show_bug.cgi?id=2359964", "https://bugzilla.redhat.com/show_bug.cgi?id=2359972", "https://bugzilla.redhat.com/show_bug.cgi?id=2370920", "https://bugzilla.redhat.com/show_bug.cgi?id=2380264", "https://bugzilla.redhat.com/show_bug.cgi?id=2380273", "https://bugzilla.redhat.com/show_bug.cgi?id=2380274", "https://bugzilla.redhat.com/show_bug.cgi?id=2380278", "https://bugzilla.redhat.com/show_bug.cgi?id=2380280", "https://bugzilla.redhat.com/show_bug.cgi?id=2380283", "https://bugzilla.redhat.com/show_bug.cgi?id=2380284", "https://bugzilla.redhat.com/show_bug.cgi?id=2380290", "https://bugzilla.redhat.com/show_bug.cgi?id=2380291", "https://bugzilla.redhat.com/show_bug.cgi?id=2380295", "https://bugzilla.redhat.com/show_bug.cgi?id=2380298", "https://bugzilla.redhat.com/show_bug.cgi?id=2380306", "https://bugzilla.redhat.com/show_bug.cgi?id=2380308", "https://bugzilla.redhat.com/show_bug.cgi?id=2380309", "https://bugzilla.redhat.com/show_bug.cgi?id=2380310", "https://bugzilla.redhat.com/show_bug.cgi?id=2380312", "https://bugzilla.redhat.com/show_bug.cgi?id=2380313", "https://bugzilla.redhat.com/show_bug.cgi?id=2380320", "https://bugzilla.redhat.com/show_bug.cgi?id=2380321", "https://bugzilla.redhat.com/show_bug.cgi?id=2380322", "https://bugzilla.redhat.com/show_bug.cgi?id=2380326", "https://bugzilla.redhat.com/show_bug.cgi?id=2380327", "https://bugzilla.redhat.com/show_bug.cgi?id=2380334", "https://bugzilla.redhat.com/show_bug.cgi?id=2380335", "https://curl.se/docs/CVE-2025-5399.html", "https://curl.se/docs/CVE-2025-5399.json", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21574", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21575", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21577", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21579", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21580", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21581", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21584", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21585", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21588", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30681", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30682", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30683", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30684", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30685", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30687", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30688", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30693", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30695", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30696", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30699", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30703", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30704", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30705", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30715", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30721", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30722", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50077", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50078", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50079", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50080", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50081", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50082", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50083", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50084", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50085", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50086", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50087", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50088", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50091", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50092", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50093", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50094", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50096", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50097", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50098", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50099", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50100", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50101", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50102", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50104", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5399", "https://errata.almalinux.org/9/ALSA-2025-16046.html", "https://errata.rockylinux.org/RLSA-2025:15699", "https://github.com/advisories/GHSA-8h93-38hx-vv92", "https://hackerone.com/reports/3168039", "https://linux.oracle.com/cve/CVE-2025-5399.html", "https://linux.oracle.com/errata/ELSA-2025-16046.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-5399", "https://www.cve.org/CVERecord?id=CVE-2025-5399", "https://www.oracle.com/security-alerts/cpujul2025.html#AppendixMSQL" ], "PublishedDate": "2025-06-07T08:15:20.687Z", "LastModifiedDate": "2025-07-30T19:41:33.457Z" }, { "VulnerabilityID": "CVE-2025-9086", "PkgID": "curl@8.12.1-r1", "PkgName": "curl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/curl@8.12.1-r1?arch=x86_64\u0026distro=3.21.3", "UID": "88c4306caf842e16" }, "InstalledVersion": "8.12.1-r1", "FixedVersion": "8.14.1-r2", "Status": "fixed", "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9086", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:23e3583f13b837a485d02386c6975dc9ffe90ac2ea1e1d39a1b119d50dba92c1", "Title": "curl: libcurl: Curl out of bounds read for cookie path", "Description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "alma": 2, "amazon": 1, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/09/10/1", "https://access.redhat.com/errata/RHSA-2026:1350", "https://access.redhat.com/security/cve/CVE-2025-9086", "https://bugzilla.redhat.com/2394750", "https://bugzilla.redhat.com/show_bug.cgi?id=2394750", "https://curl.se/docs/CVE-2025-9086.html", "https://curl.se/docs/CVE-2025-9086.json", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086", "https://errata.almalinux.org/9/ALSA-2026-1350.html", "https://errata.rockylinux.org/RLSA-2026:1350", "https://github.com/advisories/GHSA-v676-f8gm-92r9", "https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6", "https://hackerone.com/reports/3294999", "https://linux.oracle.com/cve/CVE-2025-9086.html", "https://linux.oracle.com/errata/ELSA-2026-1825.html", "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "https://ubuntu.com/security/notices/USN-8062-1", "https://www.cve.org/CVERecord?id=CVE-2025-9086" ], "PublishedDate": "2025-09-12T06:15:44.1Z", "LastModifiedDate": "2026-01-20T14:58:01.347Z" }, { "VulnerabilityID": "CVE-2025-5222", "PkgID": "icu-data-en@74.2-r0", "PkgName": "icu-data-en", "PkgIdentifier": { "PURL": "pkg:apk/alpine/icu-data-en@74.2-r0?arch=x86_64\u0026distro=3.21.3", "UID": "74207ee7b1ed24e6" }, "InstalledVersion": "74.2-r0", "FixedVersion": "74.2-r1", "Status": "fixed", "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5222", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:a46854b1a791c8ce12365f46b551d78715d7123fd13a5accec95fb9e76a0bfb2", "Title": "icu: Stack buffer overflow in the SRBRoot::addTag function", "Description": "A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.", "Severity": "MEDIUM", "CweIDs": [ "CWE-120" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "cbl-mariner": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:11888", "https://access.redhat.com/errata/RHSA-2025:12083", "https://access.redhat.com/errata/RHSA-2025:12331", "https://access.redhat.com/errata/RHSA-2025:12332", "https://access.redhat.com/errata/RHSA-2025:12333", "https://access.redhat.com/security/cve/CVE-2025-5222", "https://bugzilla.redhat.com/2368600", "https://bugzilla.redhat.com/show_bug.cgi?id=2368600", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5222", "https://errata.almalinux.org/9/ALSA-2025-12083.html", "https://errata.rockylinux.org/RLSA-2025:12083", "https://linux.oracle.com/cve/CVE-2025-5222.html", "https://linux.oracle.com/errata/ELSA-2025-12083.html", "https://lists.debian.org/debian-lts-announce/2025/06/msg00015.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-5222", "https://unicode-org.atlassian.net/jira/software/c/projects/ICU/issues/ICU-22957", "https://www.cve.org/CVERecord?id=CVE-2025-5222" ], "PublishedDate": "2025-05-27T21:15:23.03Z", "LastModifiedDate": "2026-04-23T00:16:44.093Z" }, { "VulnerabilityID": "CVE-2025-5222", "PkgID": "icu-libs@74.2-r0", "PkgName": "icu-libs", "PkgIdentifier": { "PURL": "pkg:apk/alpine/icu-libs@74.2-r0?arch=x86_64\u0026distro=3.21.3", "UID": "f5b3fee3128ff69c" }, "InstalledVersion": "74.2-r0", "FixedVersion": "74.2-r1", "Status": "fixed", "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5222", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:5365f3ab9f7d182830f7241ac6a7468fa9de559c9dbcf0dfd45b0860aade117c", "Title": "icu: Stack buffer overflow in the SRBRoot::addTag function", "Description": "A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.", "Severity": "MEDIUM", "CweIDs": [ "CWE-120" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "cbl-mariner": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 1 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:11888", "https://access.redhat.com/errata/RHSA-2025:12083", "https://access.redhat.com/errata/RHSA-2025:12331", "https://access.redhat.com/errata/RHSA-2025:12332", "https://access.redhat.com/errata/RHSA-2025:12333", "https://access.redhat.com/security/cve/CVE-2025-5222", "https://bugzilla.redhat.com/2368600", "https://bugzilla.redhat.com/show_bug.cgi?id=2368600", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5222", "https://errata.almalinux.org/9/ALSA-2025-12083.html", "https://errata.rockylinux.org/RLSA-2025:12083", "https://linux.oracle.com/cve/CVE-2025-5222.html", "https://linux.oracle.com/errata/ELSA-2025-12083.html", "https://lists.debian.org/debian-lts-announce/2025/06/msg00015.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-5222", "https://unicode-org.atlassian.net/jira/software/c/projects/ICU/issues/ICU-22957", "https://www.cve.org/CVERecord?id=CVE-2025-5222" ], "PublishedDate": "2025-05-27T21:15:23.03Z", "LastModifiedDate": "2026-04-23T00:16:44.093Z" }, { "VulnerabilityID": "CVE-2026-31789", "PkgID": "libcrypto3@3.3.3-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "b6dee14d788cd234" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31789", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:c2b2293c000a7726b321d64d6b79f3411e8cdb53d0de0bbe0ff99e2ebb194c06", "Title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing", "Description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "CRITICAL", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "azure": 2, "nvd": 4, "photon": 4, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", "V3Score": 5.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31789", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-j79m-9jxq-788r", "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-31789", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.617Z", "LastModifiedDate": "2026-05-12T13:17:34.57Z" }, { "VulnerabilityID": "CVE-2025-15467", "PkgID": "libcrypto3@3.3.3-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "b6dee14d788cd234" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15467", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:c4d596a302d97b4a2eb3c82e9da44d59f5e0f942d51b2f7fb96d52ee1fc9ca96", "Title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing", "Description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 4, "julia": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 8.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/27/10", "http://www.openwall.com/lists/oss-security/2026/02/25/6", "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-15467", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-wvhq-3h88-rf6g", "https://github.com/guiimoraes/CVE-2025-15467", "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://linux.oracle.com/cve/CVE-2025-15467.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://www.cve.org/CVERecord?id=CVE-2025-15467" ], "PublishedDate": "2026-01-27T16:16:14.257Z", "LastModifiedDate": "2026-05-07T18:12:43.253Z" }, { "VulnerabilityID": "CVE-2025-69421", "PkgID": "libcrypto3@3.3.3-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "b6dee14d788cd234" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69421", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:ef352c5cd5803b2747d077a826b2ec6137b19bf9d724dffd08d4b4cc169a1819", "Title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing", "Description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "cbl-mariner": 2, "julia": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 1, "rocky": 3, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-69421", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-w9rv-xc8m-cmqp", "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://linux.oracle.com/cve/CVE-2025-69421.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69421" ], "PublishedDate": "2026-01-27T16:16:34.437Z", "LastModifiedDate": "2026-05-12T13:17:26.71Z" }, { "VulnerabilityID": "CVE-2026-28387", "PkgID": "libcrypto3@3.3.3-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "b6dee14d788cd234" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28387", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:83cde2b0e941d5d1620c5350af9f4ee76e7f1c047f5fa251719018813500b210", "Title": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication", "Description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as 'unusable' any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28387", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b", "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe", "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3", "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7", "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177", "https://nvd.nist.gov/vuln/detail/CVE-2026-28387", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28387", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:20.7Z", "LastModifiedDate": "2026-05-12T13:17:33.27Z" }, { "VulnerabilityID": "CVE-2026-28388", "PkgID": "libcrypto3@3.3.3-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "b6dee14d788cd234" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28388", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:e726efbd36529ead0699c7e3be394cdd6fcfa9625e2c99787bd60bbcd9e0a6f7", "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing", "Description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28388", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28388", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:20.863Z", "LastModifiedDate": "2026-05-12T13:17:33.453Z" }, { "VulnerabilityID": "CVE-2026-28389", "PkgID": "libcrypto3@3.3.3-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "b6dee14d788cd234" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28389", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:1f8eb74470e013a5acd337751ec36b4cd7543b9472f3006444b4fdc09284ce52", "Title": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing", "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28389", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/advisories/GHSA-7x88-9hgc-69gf", "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28389", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.03Z", "LastModifiedDate": "2026-05-12T13:17:33.637Z" }, { "VulnerabilityID": "CVE-2026-28390", "PkgID": "libcrypto3@3.3.3-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "b6dee14d788cd234" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28390", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:2993df162cb6eb7c57b311da2301e251c474d4ce0e4a32829575c040edf2d6b2", "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing", "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28390", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", "https://nvd.nist.gov/vuln/detail/CVE-2026-28390", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28390", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.19Z", "LastModifiedDate": "2026-05-12T13:17:33.81Z" }, { "VulnerabilityID": "CVE-2025-69419", "PkgID": "libcrypto3@3.3.3-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "b6dee14d788cd234" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69419", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:ab61547f35fb0521c39204a475a9246c6faeba32419af243e0d506b3f4ebc724", "Title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing", "Description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "cbl-mariner": 3, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4472", "https://access.redhat.com/security/cve/CVE-2025-69419", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-4472.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-x77r-97gw-wh89", "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", "https://linux.oracle.com/cve/CVE-2025-69419.html", "https://linux.oracle.com/errata/ELSA-2026-50131.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69419" ], "PublishedDate": "2026-01-27T16:16:34.113Z", "LastModifiedDate": "2026-05-12T13:17:26.19Z" }, { "VulnerabilityID": "CVE-2025-9230", "PkgID": "libcrypto3@3.3.3-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "b6dee14d788cd234" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:31056f6e89f6449dfb80e8731a3cc0516cea7f4bbb52cac6030f426730a49cbb", "Title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap", "Description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125", "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "cbl-mariner": 3, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.6 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/09/30/5", "https://access.redhat.com/errata/RHSA-2026:2776", "https://access.redhat.com/security/cve/CVE-2025-9230", "https://bugzilla.redhat.com/2396054", "https://bugzilla.redhat.com/show_bug.cgi?id=2396054", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cert-portal.siemens.com/productcert/html/ssa-485750.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230", "https://errata.almalinux.org/9/ALSA-2026-2776.html", "https://errata.rockylinux.org/RLSA-2025:21255", "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", "https://linux.oracle.com/cve/CVE-2025-9230.html", "https://linux.oracle.com/errata/ELSA-2026-50114.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "https://openssl-library.org/news/secadv/20250930.txt", "https://ubuntu.com/security/notices/USN-7786-1", "https://www.cve.org/CVERecord?id=CVE-2025-9230" ], "PublishedDate": "2025-09-30T14:15:41.05Z", "LastModifiedDate": "2026-05-12T13:17:29.767Z" }, { "VulnerabilityID": "CVE-2025-9231", "PkgID": "libcrypto3@3.3.3-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "b6dee14d788cd234" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:48664925b9e964a36e4880b9b85f310edf4d319fd050325b18ab75828b6853d4", "Title": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", "Description": "Issue summary: A timing side-channel which could potentially allow remote\nrecovery of the private key exists in the SM2 algorithm implementation on 64 bit\nARM platforms.\n\nImpact summary: A timing side-channel in SM2 signature computations on 64 bit\nARM platforms could allow recovering the private key by an attacker..\n\nWhile remote key recovery over a network was not attempted by the reporter,\ntiming measurements revealed a timing signal which may allow such an attack.\n\nOpenSSL does not directly support certificates with SM2 keys in TLS, and so\nthis CVE is not relevant in most TLS contexts. However, given that it is\npossible to add support for such certificates via a custom provider, coupled\nwith the fact that in such a custom provider context the private key may be\nrecoverable via remote timing measurements, we consider this to be a Moderate\nseverity issue.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as SM2 is not an approved algorithm.", "Severity": "MEDIUM", "CweIDs": [ "CWE-385" ], "VendorSeverity": { "amazon": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/09/30/5", "http://www.openwall.com/lists/oss-security/2026/05/11/11", "https://access.redhat.com/security/cve/CVE-2025-9231", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", "https://github.com/advisories/GHSA-9mrx-mqmg-gwj9", "https://github.com/openssl/openssl/commit/567f64386e43683888212226824b6a179885a0fe", "https://github.com/openssl/openssl/commit/cba616c26ac8e7b37de5e77762e505ba5ca51698", "https://github.com/openssl/openssl/commit/eed5adc9f969d77c94f213767acbb41ff923b6f4", "https://github.com/openssl/openssl/commit/fc47a2ec078912b3e914fab5734535e76c4820c2", "https://nvd.nist.gov/vuln/detail/CVE-2025-9231", "https://openssl-library.org/news/secadv/20250930.txt", "https://ubuntu.com/security/notices/USN-7786-1", "https://www.cve.org/CVERecord?id=CVE-2025-9231" ], "PublishedDate": "2025-09-30T14:15:41.19Z", "LastModifiedDate": "2026-05-12T13:17:29.927Z" }, { "VulnerabilityID": "CVE-2026-31790", "PkgID": "libcrypto3@3.3.3-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "b6dee14d788cd234" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31790", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:2dcfc2c3a53862a8c0b3e3585fc070ac3b33764dd2d5a8da252bb0b6b17fc053", "Title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key", "Description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-754" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31790", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-vgxx-5xj5-q97x", "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-31790", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.77Z", "LastModifiedDate": "2026-05-12T13:17:34.75Z" }, { "VulnerabilityID": "CVE-2025-4947", "PkgID": "libcurl@8.12.1-r1", "PkgName": "libcurl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcurl@8.12.1-r1?arch=x86_64\u0026distro=3.21.3", "UID": "bb07c860cc2206ec" }, "InstalledVersion": "8.12.1-r1", "FixedVersion": "8.14.0-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4947", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:fff82804c7f1c82443ee44e0f80b2250bfadd3058d2f91cdac08922a3636046c", "Title": "libcurl: curl: QUIC certificate check skip with wolfSSL", "Description": "libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-middle attacks.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "azure": 2, "julia": 2, "photon": 2, "redhat": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/05/28/4", "https://access.redhat.com/security/cve/CVE-2025-4947", "https://curl.se/docs/CVE-2025-4947.html", "https://curl.se/docs/CVE-2025-4947.json", "https://github.com/advisories/GHSA-ppfq-jg49-mqj4", "https://hackerone.com/reports/3150884", "https://nvd.nist.gov/vuln/detail/CVE-2025-4947", "https://www.cve.org/CVERecord?id=CVE-2025-4947" ], "PublishedDate": "2025-05-28T07:15:24.78Z", "LastModifiedDate": "2025-06-26T15:08:21.52Z" }, { "VulnerabilityID": "CVE-2025-5025", "PkgID": "libcurl@8.12.1-r1", "PkgName": "libcurl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcurl@8.12.1-r1?arch=x86_64\u0026distro=3.21.3", "UID": "bb07c860cc2206ec" }, "InstalledVersion": "8.12.1-r1", "FixedVersion": "8.14.0-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5025", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:f9cb4cd10fb504a51313abea70f9d060018fef5bba0ffa9eba5b759539cea564", "Title": "curl: libcurl: QUIC Certificate Pinning Bypass", "Description": "libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolfSSL. Documentation says the option works with wolfSSL, failing to specify that it does not for QUIC and HTTP/3. Since pinning makes the transfer succeed if the pin is fine, users could unwittingly connect to an impostor server without noticing.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "azure": 2, "julia": 2, "photon": 2, "redhat": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/05/28/5", "https://access.redhat.com/security/cve/CVE-2025-5025", "https://curl.se/docs/CVE-2025-5025.html", "https://curl.se/docs/CVE-2025-5025.json", "https://github.com/advisories/GHSA-x8ch-h5vv-q6cm", "https://hackerone.com/reports/3153497", "https://nvd.nist.gov/vuln/detail/CVE-2025-5025", "https://www.cve.org/CVERecord?id=CVE-2025-5025" ], "PublishedDate": "2025-05-28T07:15:24.91Z", "LastModifiedDate": "2025-07-30T19:41:37.987Z" }, { "VulnerabilityID": "CVE-2025-5399", "PkgID": "libcurl@8.12.1-r1", "PkgName": "libcurl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcurl@8.12.1-r1?arch=x86_64\u0026distro=3.21.3", "UID": "bb07c860cc2206ec" }, "InstalledVersion": "8.12.1-r1", "FixedVersion": "8.14.1-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-5399", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:9f8793eef5fad1ef4c1a96161b310d238e89d69f8d875bc0103c196de5a42e30", "Title": "curl: libcurl: WebSocket endless loop", "Description": "Due to a mistake in libcurl's WebSocket code, a malicious server can send a\nparticularly crafted packet which makes libcurl get trapped in an endless\nbusy-loop.\n\nThere is no other way for the application to escape or exit this loop other\nthan killing the thread/process.\n\nThis might be used to DoS libcurl-using application.", "Severity": "MEDIUM", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "alma": 2, "julia": 3, "oracle-oval": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/06/04/2", "https://access.redhat.com/errata/RHSA-2025:16046", "https://access.redhat.com/security/cve/CVE-2025-5399", "https://bugzilla.redhat.com/2359885", "https://bugzilla.redhat.com/2359888", "https://bugzilla.redhat.com/2359892", "https://bugzilla.redhat.com/2359894", "https://bugzilla.redhat.com/2359895", "https://bugzilla.redhat.com/2359899", "https://bugzilla.redhat.com/2359900", "https://bugzilla.redhat.com/2359902", "https://bugzilla.redhat.com/2359903", "https://bugzilla.redhat.com/2359911", "https://bugzilla.redhat.com/2359918", "https://bugzilla.redhat.com/2359920", "https://bugzilla.redhat.com/2359924", "https://bugzilla.redhat.com/2359928", "https://bugzilla.redhat.com/2359930", "https://bugzilla.redhat.com/2359932", "https://bugzilla.redhat.com/2359934", "https://bugzilla.redhat.com/2359938", "https://bugzilla.redhat.com/2359940", "https://bugzilla.redhat.com/2359943", "https://bugzilla.redhat.com/2359944", "https://bugzilla.redhat.com/2359945", "https://bugzilla.redhat.com/2359947", "https://bugzilla.redhat.com/2359950", "https://bugzilla.redhat.com/2359963", "https://bugzilla.redhat.com/2359964", "https://bugzilla.redhat.com/2359972", "https://bugzilla.redhat.com/2370920", "https://bugzilla.redhat.com/2380264", "https://bugzilla.redhat.com/2380273", "https://bugzilla.redhat.com/2380274", "https://bugzilla.redhat.com/2380278", "https://bugzilla.redhat.com/2380280", "https://bugzilla.redhat.com/2380283", "https://bugzilla.redhat.com/2380284", "https://bugzilla.redhat.com/2380290", "https://bugzilla.redhat.com/2380291", "https://bugzilla.redhat.com/2380295", "https://bugzilla.redhat.com/2380298", "https://bugzilla.redhat.com/2380306", "https://bugzilla.redhat.com/2380308", "https://bugzilla.redhat.com/2380309", "https://bugzilla.redhat.com/2380310", "https://bugzilla.redhat.com/2380312", "https://bugzilla.redhat.com/2380313", "https://bugzilla.redhat.com/2380320", "https://bugzilla.redhat.com/2380321", "https://bugzilla.redhat.com/2380322", "https://bugzilla.redhat.com/2380326", "https://bugzilla.redhat.com/2380327", "https://bugzilla.redhat.com/2380334", "https://bugzilla.redhat.com/2380335", "https://bugzilla.redhat.com/show_bug.cgi?id=2338999", "https://bugzilla.redhat.com/show_bug.cgi?id=2359885", "https://bugzilla.redhat.com/show_bug.cgi?id=2359888", "https://bugzilla.redhat.com/show_bug.cgi?id=2359892", "https://bugzilla.redhat.com/show_bug.cgi?id=2359894", "https://bugzilla.redhat.com/show_bug.cgi?id=2359895", "https://bugzilla.redhat.com/show_bug.cgi?id=2359899", "https://bugzilla.redhat.com/show_bug.cgi?id=2359900", "https://bugzilla.redhat.com/show_bug.cgi?id=2359902", "https://bugzilla.redhat.com/show_bug.cgi?id=2359903", "https://bugzilla.redhat.com/show_bug.cgi?id=2359911", "https://bugzilla.redhat.com/show_bug.cgi?id=2359918", "https://bugzilla.redhat.com/show_bug.cgi?id=2359920", "https://bugzilla.redhat.com/show_bug.cgi?id=2359924", "https://bugzilla.redhat.com/show_bug.cgi?id=2359928", "https://bugzilla.redhat.com/show_bug.cgi?id=2359930", "https://bugzilla.redhat.com/show_bug.cgi?id=2359932", "https://bugzilla.redhat.com/show_bug.cgi?id=2359934", "https://bugzilla.redhat.com/show_bug.cgi?id=2359938", "https://bugzilla.redhat.com/show_bug.cgi?id=2359940", "https://bugzilla.redhat.com/show_bug.cgi?id=2359943", "https://bugzilla.redhat.com/show_bug.cgi?id=2359944", "https://bugzilla.redhat.com/show_bug.cgi?id=2359945", "https://bugzilla.redhat.com/show_bug.cgi?id=2359947", "https://bugzilla.redhat.com/show_bug.cgi?id=2359950", "https://bugzilla.redhat.com/show_bug.cgi?id=2359963", "https://bugzilla.redhat.com/show_bug.cgi?id=2359964", "https://bugzilla.redhat.com/show_bug.cgi?id=2359972", "https://bugzilla.redhat.com/show_bug.cgi?id=2370920", "https://bugzilla.redhat.com/show_bug.cgi?id=2380264", "https://bugzilla.redhat.com/show_bug.cgi?id=2380273", "https://bugzilla.redhat.com/show_bug.cgi?id=2380274", "https://bugzilla.redhat.com/show_bug.cgi?id=2380278", "https://bugzilla.redhat.com/show_bug.cgi?id=2380280", "https://bugzilla.redhat.com/show_bug.cgi?id=2380283", "https://bugzilla.redhat.com/show_bug.cgi?id=2380284", "https://bugzilla.redhat.com/show_bug.cgi?id=2380290", "https://bugzilla.redhat.com/show_bug.cgi?id=2380291", "https://bugzilla.redhat.com/show_bug.cgi?id=2380295", "https://bugzilla.redhat.com/show_bug.cgi?id=2380298", "https://bugzilla.redhat.com/show_bug.cgi?id=2380306", "https://bugzilla.redhat.com/show_bug.cgi?id=2380308", "https://bugzilla.redhat.com/show_bug.cgi?id=2380309", "https://bugzilla.redhat.com/show_bug.cgi?id=2380310", "https://bugzilla.redhat.com/show_bug.cgi?id=2380312", "https://bugzilla.redhat.com/show_bug.cgi?id=2380313", "https://bugzilla.redhat.com/show_bug.cgi?id=2380320", "https://bugzilla.redhat.com/show_bug.cgi?id=2380321", "https://bugzilla.redhat.com/show_bug.cgi?id=2380322", "https://bugzilla.redhat.com/show_bug.cgi?id=2380326", "https://bugzilla.redhat.com/show_bug.cgi?id=2380327", "https://bugzilla.redhat.com/show_bug.cgi?id=2380334", "https://bugzilla.redhat.com/show_bug.cgi?id=2380335", "https://curl.se/docs/CVE-2025-5399.html", "https://curl.se/docs/CVE-2025-5399.json", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21574", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21575", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21577", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21579", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21580", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21581", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21584", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21585", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-21588", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30681", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30682", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30683", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30684", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30685", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30687", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30688", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30693", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30695", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30696", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30699", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30703", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30704", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30705", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30715", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30721", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30722", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50077", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50078", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50079", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50080", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50081", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50082", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50083", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50084", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50085", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50086", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50087", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50088", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50091", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50092", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50093", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50094", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50096", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50097", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50098", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50099", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50100", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50101", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50102", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-50104", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5399", "https://errata.almalinux.org/9/ALSA-2025-16046.html", "https://errata.rockylinux.org/RLSA-2025:15699", "https://github.com/advisories/GHSA-8h93-38hx-vv92", "https://hackerone.com/reports/3168039", "https://linux.oracle.com/cve/CVE-2025-5399.html", "https://linux.oracle.com/errata/ELSA-2025-16046.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-5399", "https://www.cve.org/CVERecord?id=CVE-2025-5399", "https://www.oracle.com/security-alerts/cpujul2025.html#AppendixMSQL" ], "PublishedDate": "2025-06-07T08:15:20.687Z", "LastModifiedDate": "2025-07-30T19:41:33.457Z" }, { "VulnerabilityID": "CVE-2025-9086", "PkgID": "libcurl@8.12.1-r1", "PkgName": "libcurl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcurl@8.12.1-r1?arch=x86_64\u0026distro=3.21.3", "UID": "bb07c860cc2206ec" }, "InstalledVersion": "8.12.1-r1", "FixedVersion": "8.14.1-r2", "Status": "fixed", "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9086", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:2d89c5e99ace4b85335fc5ee212fbd36485b23ad513bc1f1febadf53159ad687", "Title": "curl: libcurl: Curl out of bounds read for cookie path", "Description": "1. A cookie is set using the `secure` keyword for `https://target` \n 2. curl is redirected to or otherwise made to speak with `http://target` (same \n hostname, but using clear text HTTP) using the same cookie set \n 3. The same cookie name is set - but with just a slash as path (`path=\\\"/\\\",`).\n Since this site is not secure, the cookie *should* just be ignored.\n4. A bug in the path comparison logic makes curl read outside a heap buffer\n boundary\n\nThe bug either causes a crash or it potentially makes the comparison come to\nthe wrong conclusion and lets the clear-text site override the contents of the\nsecure cookie, contrary to expectations and depending on the memory contents\nimmediately following the single-byte allocation that holds the path.\n\nThe presumed and correct behavior would be to plainly ignore the second set of\nthe cookie since it was already set as secure on a secure host so overriding\nit on an insecure host should not be okay.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "alma": 2, "amazon": 1, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/09/10/1", "https://access.redhat.com/errata/RHSA-2026:1350", "https://access.redhat.com/security/cve/CVE-2025-9086", "https://bugzilla.redhat.com/2394750", "https://bugzilla.redhat.com/show_bug.cgi?id=2394750", "https://curl.se/docs/CVE-2025-9086.html", "https://curl.se/docs/CVE-2025-9086.json", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9086", "https://errata.almalinux.org/9/ALSA-2026-1350.html", "https://errata.rockylinux.org/RLSA-2026:1350", "https://github.com/advisories/GHSA-v676-f8gm-92r9", "https://github.com/curl/curl/commit/c6ae07c6a541e0e96d0040afb6", "https://hackerone.com/reports/3294999", "https://linux.oracle.com/cve/CVE-2025-9086.html", "https://linux.oracle.com/errata/ELSA-2026-1825.html", "https://lists.debian.org/debian-lts-announce/2026/01/msg00002.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-9086", "https://ubuntu.com/security/notices/USN-8062-1", "https://www.cve.org/CVERecord?id=CVE-2025-9086" ], "PublishedDate": "2025-09-12T06:15:44.1Z", "LastModifiedDate": "2026-01-20T14:58:01.347Z" }, { "VulnerabilityID": "CVE-2026-31789", "PkgID": "libssl3@3.3.3-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "c19c85db06279baa" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31789", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:816165668cdeafe8ccab4343cd483689691346a0cfcf487c5c457ae3aa180752", "Title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing", "Description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "CRITICAL", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "azure": 2, "nvd": 4, "photon": 4, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", "V3Score": 5.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31789", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-j79m-9jxq-788r", "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-31789", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.617Z", "LastModifiedDate": "2026-05-12T13:17:34.57Z" }, { "VulnerabilityID": "CVE-2025-15467", "PkgID": "libssl3@3.3.3-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "c19c85db06279baa" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15467", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:38ea93bb541523ba36737dc4aa2412f26eae26c28badd9ba2ff62b74582d0204", "Title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing", "Description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 4, "julia": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 8.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/27/10", "http://www.openwall.com/lists/oss-security/2026/02/25/6", "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-15467", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-wvhq-3h88-rf6g", "https://github.com/guiimoraes/CVE-2025-15467", "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://linux.oracle.com/cve/CVE-2025-15467.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://www.cve.org/CVERecord?id=CVE-2025-15467" ], "PublishedDate": "2026-01-27T16:16:14.257Z", "LastModifiedDate": "2026-05-07T18:12:43.253Z" }, { "VulnerabilityID": "CVE-2025-69421", "PkgID": "libssl3@3.3.3-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "c19c85db06279baa" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69421", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:a4fd464c7070e02096ebd926a776f6ee06cb7d3e075ddbfadb6b9139e455123c", "Title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing", "Description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "cbl-mariner": 2, "julia": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 1, "rocky": 3, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-69421", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-w9rv-xc8m-cmqp", "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://linux.oracle.com/cve/CVE-2025-69421.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69421" ], "PublishedDate": "2026-01-27T16:16:34.437Z", "LastModifiedDate": "2026-05-12T13:17:26.71Z" }, { "VulnerabilityID": "CVE-2026-28387", "PkgID": "libssl3@3.3.3-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "c19c85db06279baa" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28387", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:2b0227ade8d119ef67ab6959401f922e798f3682f224abcc3bcf2f723d3f4cf9", "Title": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication", "Description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as 'unusable' any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28387", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b", "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe", "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3", "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7", "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177", "https://nvd.nist.gov/vuln/detail/CVE-2026-28387", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28387", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:20.7Z", "LastModifiedDate": "2026-05-12T13:17:33.27Z" }, { "VulnerabilityID": "CVE-2026-28388", "PkgID": "libssl3@3.3.3-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "c19c85db06279baa" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28388", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:ef645c458dc96d0b7d0cebdacafb586a689638d57cd54fa2ec329b885c8cb3d5", "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing", "Description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28388", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28388", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:20.863Z", "LastModifiedDate": "2026-05-12T13:17:33.453Z" }, { "VulnerabilityID": "CVE-2026-28389", "PkgID": "libssl3@3.3.3-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "c19c85db06279baa" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28389", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:7839eaa1050f4577bbc18131e7ca339b6f685e25f35892119fb395fb9493b19e", "Title": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing", "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28389", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/advisories/GHSA-7x88-9hgc-69gf", "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28389", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.03Z", "LastModifiedDate": "2026-05-12T13:17:33.637Z" }, { "VulnerabilityID": "CVE-2026-28390", "PkgID": "libssl3@3.3.3-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "c19c85db06279baa" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28390", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:21bdd7f8facc2f3f21b6c822c1bd2da2df2b432e8178f6b2bda0bef0ca493bca", "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing", "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28390", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", "https://nvd.nist.gov/vuln/detail/CVE-2026-28390", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28390", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.19Z", "LastModifiedDate": "2026-05-12T13:17:33.81Z" }, { "VulnerabilityID": "CVE-2025-69419", "PkgID": "libssl3@3.3.3-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "c19c85db06279baa" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69419", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:935ab403ff1dc74f0137c14f7c83a917e35f491a6e5792cb2c54668596749c0d", "Title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing", "Description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "cbl-mariner": 3, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4472", "https://access.redhat.com/security/cve/CVE-2025-69419", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-4472.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-x77r-97gw-wh89", "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", "https://linux.oracle.com/cve/CVE-2025-69419.html", "https://linux.oracle.com/errata/ELSA-2026-50131.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69419" ], "PublishedDate": "2026-01-27T16:16:34.113Z", "LastModifiedDate": "2026-05-12T13:17:26.19Z" }, { "VulnerabilityID": "CVE-2025-9230", "PkgID": "libssl3@3.3.3-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "c19c85db06279baa" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:ab8b38c2f4e46df8c58977fd069bfd17a6c81e9e0bf5198f81f015158f78e182", "Title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap", "Description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125", "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "cbl-mariner": 3, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.6 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/09/30/5", "https://access.redhat.com/errata/RHSA-2026:2776", "https://access.redhat.com/security/cve/CVE-2025-9230", "https://bugzilla.redhat.com/2396054", "https://bugzilla.redhat.com/show_bug.cgi?id=2396054", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cert-portal.siemens.com/productcert/html/ssa-485750.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230", "https://errata.almalinux.org/9/ALSA-2026-2776.html", "https://errata.rockylinux.org/RLSA-2025:21255", "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", "https://linux.oracle.com/cve/CVE-2025-9230.html", "https://linux.oracle.com/errata/ELSA-2026-50114.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "https://openssl-library.org/news/secadv/20250930.txt", "https://ubuntu.com/security/notices/USN-7786-1", "https://www.cve.org/CVERecord?id=CVE-2025-9230" ], "PublishedDate": "2025-09-30T14:15:41.05Z", "LastModifiedDate": "2026-05-12T13:17:29.767Z" }, { "VulnerabilityID": "CVE-2025-9231", "PkgID": "libssl3@3.3.3-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "c19c85db06279baa" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:4dba6f2517029002cdaf21625fd17646a1b03fdb18b860b9476d5ba49238e2dd", "Title": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", "Description": "Issue summary: A timing side-channel which could potentially allow remote\nrecovery of the private key exists in the SM2 algorithm implementation on 64 bit\nARM platforms.\n\nImpact summary: A timing side-channel in SM2 signature computations on 64 bit\nARM platforms could allow recovering the private key by an attacker..\n\nWhile remote key recovery over a network was not attempted by the reporter,\ntiming measurements revealed a timing signal which may allow such an attack.\n\nOpenSSL does not directly support certificates with SM2 keys in TLS, and so\nthis CVE is not relevant in most TLS contexts. However, given that it is\npossible to add support for such certificates via a custom provider, coupled\nwith the fact that in such a custom provider context the private key may be\nrecoverable via remote timing measurements, we consider this to be a Moderate\nseverity issue.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as SM2 is not an approved algorithm.", "Severity": "MEDIUM", "CweIDs": [ "CWE-385" ], "VendorSeverity": { "amazon": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/09/30/5", "http://www.openwall.com/lists/oss-security/2026/05/11/11", "https://access.redhat.com/security/cve/CVE-2025-9231", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", "https://github.com/advisories/GHSA-9mrx-mqmg-gwj9", "https://github.com/openssl/openssl/commit/567f64386e43683888212226824b6a179885a0fe", "https://github.com/openssl/openssl/commit/cba616c26ac8e7b37de5e77762e505ba5ca51698", "https://github.com/openssl/openssl/commit/eed5adc9f969d77c94f213767acbb41ff923b6f4", "https://github.com/openssl/openssl/commit/fc47a2ec078912b3e914fab5734535e76c4820c2", "https://nvd.nist.gov/vuln/detail/CVE-2025-9231", "https://openssl-library.org/news/secadv/20250930.txt", "https://ubuntu.com/security/notices/USN-7786-1", "https://www.cve.org/CVERecord?id=CVE-2025-9231" ], "PublishedDate": "2025-09-30T14:15:41.19Z", "LastModifiedDate": "2026-05-12T13:17:29.927Z" }, { "VulnerabilityID": "CVE-2026-31790", "PkgID": "libssl3@3.3.3-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "c19c85db06279baa" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31790", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:667fc0843fbdaab630a0412052cf31090e54932e93e34d68025dd8abe2ab43cc", "Title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key", "Description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-754" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31790", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-vgxx-5xj5-q97x", "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-31790", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.77Z", "LastModifiedDate": "2026-05-12T13:17:34.75Z" }, { "VulnerabilityID": "CVE-2025-32414", "PkgID": "libxml2@2.13.4-r5", "PkgName": "libxml2", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libxml2@2.13.4-r5?arch=x86_64\u0026distro=3.21.3", "UID": "21433495685e9e6d" }, "InstalledVersion": "2.13.4-r5", "FixedVersion": "2.13.4-r6", "Status": "fixed", "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-32414", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:e87e88de1a5222e42ed844a40fd201078c2eda22ced1783ff87b4bc20212b829", "Title": "libxml2: Out-of-Bounds Read in libxml2", "Description": "In libxml2 before 2.13.8 and 2.14.x before 2.14.2, out-of-bounds memory access can occur in the Python API (Python bindings) because of an incorrect return value. This occurs in xmlPythonFileRead and xmlPythonFileReadRaw because of a difference between bytes and characters.", "Severity": "HIGH", "CweIDs": [ "CWE-393", "CWE-252" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "bitnami": 3, "cbl-mariner": 2, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "V3Score": 5.6 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:13428", "https://access.redhat.com/security/cve/CVE-2025-32414", "https://bugzilla.redhat.com/2358121", "https://bugzilla.redhat.com/2360768", "https://bugzilla.redhat.com/show_bug.cgi?id=2358121", "https://bugzilla.redhat.com/show_bug.cgi?id=2360768", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32414", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32415", "https://errata.almalinux.org/9/ALSA-2025-13428.html", "https://errata.rockylinux.org/RLSA-2025:13428", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/889", "https://linux.oracle.com/cve/CVE-2025-32414.html", "https://linux.oracle.com/errata/ELSA-2025-8958.html", "https://lists.debian.org/debian-lts-announce/2025/04/msg00041.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-32414", "https://ubuntu.com/security/notices/USN-7467-1", "https://ubuntu.com/security/notices/USN-7467-2", "https://ubuntu.com/security/notices/USN-7896-1", "https://www.cve.org/CVERecord?id=CVE-2025-32414" ], "PublishedDate": "2025-04-08T03:15:15.94Z", "LastModifiedDate": "2025-11-03T20:18:27.087Z" }, { "VulnerabilityID": "CVE-2025-32415", "PkgID": "libxml2@2.13.4-r5", "PkgName": "libxml2", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libxml2@2.13.4-r5?arch=x86_64\u0026distro=3.21.3", "UID": "21433495685e9e6d" }, "InstalledVersion": "2.13.4-r5", "FixedVersion": "2.13.4-r6", "Status": "fixed", "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-32415", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:be0c7071563a002000a607caec69171601073920e850a605ed7f0ccf79235e88", "Title": "libxml2: Out-of-bounds Read in xmlSchemaIDCFillNodeTables", "Description": "In libxml2 before 2.13.8 and 2.14.x before 2.14.2, xmlSchemaIDCFillNodeTables in xmlschemas.c has a heap-based buffer under-read. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used.", "Severity": "HIGH", "CweIDs": [ "CWE-1284", "CWE-125" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 1, "bitnami": 3, "cbl-mariner": 1, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:13428", "https://access.redhat.com/security/cve/CVE-2025-32415", "https://bugzilla.redhat.com/2358121", "https://bugzilla.redhat.com/2360768", "https://bugzilla.redhat.com/show_bug.cgi?id=2358121", "https://bugzilla.redhat.com/show_bug.cgi?id=2360768", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32414", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-32415", "https://errata.almalinux.org/9/ALSA-2025-13428.html", "https://errata.rockylinux.org/RLSA-2025:13428", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/890", "https://linux.oracle.com/cve/CVE-2025-32415.html", "https://linux.oracle.com/errata/ELSA-2025-13789.html", "https://lists.debian.org/debian-lts-announce/2025/04/msg00041.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-32415", "https://ubuntu.com/security/notices/USN-7467-1", "https://ubuntu.com/security/notices/USN-7467-2", "https://ubuntu.com/security/notices/USN-7896-1", "https://www.cve.org/CVERecord?id=CVE-2025-32415" ], "PublishedDate": "2025-04-17T17:15:33.733Z", "LastModifiedDate": "2025-11-03T20:18:27.213Z" }, { "VulnerabilityID": "CVE-2025-49794", "PkgID": "libxml2@2.13.4-r5", "PkgName": "libxml2", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libxml2@2.13.4-r5?arch=x86_64\u0026distro=3.21.3", "UID": "21433495685e9e6d" }, "InstalledVersion": "2.13.4-r5", "FixedVersion": "2.13.9-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-49794", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:cce68ffe7cbd1036d931ca1abc271da2964f25b731f3d6ce738a2e2c96d31e1b", "Title": "libxml: Heap use after free (UAF) leads to Denial of service (DoS)", "Description": "A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the \u003csch:name path=\"...\"/\u003e schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.", "Severity": "HIGH", "CweIDs": [ "CWE-825" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 4, "cbl-mariner": 4, "oracle-oval": 3, "photon": 4, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "V3Score": 9.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:10630", "https://access.redhat.com/errata/RHSA-2025:10698", "https://access.redhat.com/errata/RHSA-2025:10699", "https://access.redhat.com/errata/RHSA-2025:11580", "https://access.redhat.com/errata/RHSA-2025:12098", "https://access.redhat.com/errata/RHSA-2025:12099", "https://access.redhat.com/errata/RHSA-2025:12199", "https://access.redhat.com/errata/RHSA-2025:12237", "https://access.redhat.com/errata/RHSA-2025:12239", "https://access.redhat.com/errata/RHSA-2025:12240", "https://access.redhat.com/errata/RHSA-2025:12241", "https://access.redhat.com/errata/RHSA-2025:13335", "https://access.redhat.com/errata/RHSA-2025:15397", "https://access.redhat.com/errata/RHSA-2025:15827", "https://access.redhat.com/errata/RHSA-2025:15828", "https://access.redhat.com/errata/RHSA-2025:18217", "https://access.redhat.com/errata/RHSA-2025:18218", "https://access.redhat.com/errata/RHSA-2025:18219", "https://access.redhat.com/errata/RHSA-2025:18240", "https://access.redhat.com/errata/RHSA-2025:19020", "https://access.redhat.com/errata/RHSA-2025:19041", "https://access.redhat.com/errata/RHSA-2025:19046", "https://access.redhat.com/errata/RHSA-2025:19894", "https://access.redhat.com/errata/RHSA-2025:21913", "https://access.redhat.com/errata/RHSA-2026:0934", "https://access.redhat.com/errata/RHSA-2026:7519", "https://access.redhat.com/security/cve/CVE-2025-49794", "https://bugzilla.redhat.com/2372373", "https://bugzilla.redhat.com/2372385", "https://bugzilla.redhat.com/2372406", "https://bugzilla.redhat.com/show_bug.cgi?id=2372373", "https://bugzilla.redhat.com/show_bug.cgi?id=2372385", "https://bugzilla.redhat.com/show_bug.cgi?id=2372406", "https://cert-portal.siemens.com/productcert/html/ssa-577017.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49794", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6021", "https://errata.almalinux.org/9/ALSA-2025-10699.html", "https://errata.rockylinux.org/RLSA-2025:10699", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/931", "https://linux.oracle.com/cve/CVE-2025-49794.html", "https://linux.oracle.com/errata/ELSA-2025-12240.html", "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-49794", "https://ubuntu.com/security/notices/USN-7694-1", "https://www.cve.org/CVERecord?id=CVE-2025-49794" ], "PublishedDate": "2025-06-16T16:15:18.997Z", "LastModifiedDate": "2026-05-12T13:17:20.283Z" }, { "VulnerabilityID": "CVE-2025-49795", "PkgID": "libxml2@2.13.4-r5", "PkgName": "libxml2", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libxml2@2.13.4-r5?arch=x86_64\u0026distro=3.21.3", "UID": "21433495685e9e6d" }, "InstalledVersion": "2.13.4-r5", "FixedVersion": "2.13.9-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-49795", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:6c156589e06beb5359c16aefca50e3e3f1d72e035f72fb9c3acf38aa752e0b97", "Title": "libxml: Null pointer dereference leads to Denial of service (DoS)", "Description": "A NULL pointer dereference vulnerability was found in libxml2 when processing XPath XML expressions. This flaw allows an attacker to craft a malicious XML input to libxml2, leading to a denial of service.", "Severity": "HIGH", "CweIDs": [ "CWE-825" ], "VendorSeverity": { "amazon": 3, "azure": 2, "cbl-mariner": 2, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:10630", "https://access.redhat.com/errata/RHSA-2025:19020", "https://access.redhat.com/errata/RHSA-2026:7519", "https://access.redhat.com/security/cve/CVE-2025-49795", "https://bugzilla.redhat.com/show_bug.cgi?id=2372373", "https://bugzilla.redhat.com/show_bug.cgi?id=2372379", "https://bugzilla.redhat.com/show_bug.cgi?id=2372385", "https://bugzilla.redhat.com/show_bug.cgi?id=2372406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49794", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6021", "https://errata.rockylinux.org/RLSA-2025:10630", "https://gitlab.gnome.org/GNOME/libxml2/-/commit/24d7e15914588cb45e7fb41cbe4fcf785e1a4861 (master)", "https://gitlab.gnome.org/GNOME/libxml2/-/commit/499bcb78ab389f60c2fd634ce410d4bb85c18765 (master)", "https://gitlab.gnome.org/GNOME/libxml2/-/commit/c24909ba2601848825b49a60f988222da3019667 (2.14)", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/932", "https://linux.oracle.com/cve/CVE-2025-49795.html", "https://linux.oracle.com/errata/ELSA-2025-10630.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-49795", "https://www.cve.org/CVERecord?id=CVE-2025-49795" ], "PublishedDate": "2025-06-16T16:15:19.203Z", "LastModifiedDate": "2026-04-19T20:16:21.54Z" }, { "VulnerabilityID": "CVE-2025-49796", "PkgID": "libxml2@2.13.4-r5", "PkgName": "libxml2", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libxml2@2.13.4-r5?arch=x86_64\u0026distro=3.21.3", "UID": "21433495685e9e6d" }, "InstalledVersion": "2.13.4-r5", "FixedVersion": "2.13.9-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-49796", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:f84655732ed464f978495faa9b5bbc7bb55684e32bf9f41d8c161182c8464e9d", "Title": "libxml: Type confusion leads to Denial of service (DoS)", "Description": "A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.", "Severity": "HIGH", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 4, "cbl-mariner": 4, "oracle-oval": 3, "photon": 4, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "V3Score": 9.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:10630", "https://access.redhat.com/errata/RHSA-2025:10698", "https://access.redhat.com/errata/RHSA-2025:10699", "https://access.redhat.com/errata/RHSA-2025:11580", "https://access.redhat.com/errata/RHSA-2025:12098", "https://access.redhat.com/errata/RHSA-2025:12099", "https://access.redhat.com/errata/RHSA-2025:12199", "https://access.redhat.com/errata/RHSA-2025:12237", "https://access.redhat.com/errata/RHSA-2025:12239", "https://access.redhat.com/errata/RHSA-2025:12240", "https://access.redhat.com/errata/RHSA-2025:12241", "https://access.redhat.com/errata/RHSA-2025:13267", "https://access.redhat.com/errata/RHSA-2025:13335", "https://access.redhat.com/errata/RHSA-2025:15397", "https://access.redhat.com/errata/RHSA-2025:15827", "https://access.redhat.com/errata/RHSA-2025:15828", "https://access.redhat.com/errata/RHSA-2025:18217", "https://access.redhat.com/errata/RHSA-2025:18218", "https://access.redhat.com/errata/RHSA-2025:18219", "https://access.redhat.com/errata/RHSA-2025:18240", "https://access.redhat.com/errata/RHSA-2025:19020", "https://access.redhat.com/errata/RHSA-2025:19041", "https://access.redhat.com/errata/RHSA-2025:19046", "https://access.redhat.com/errata/RHSA-2025:19894", "https://access.redhat.com/errata/RHSA-2025:21913", "https://access.redhat.com/errata/RHSA-2026:0934", "https://access.redhat.com/errata/RHSA-2026:7519", "https://access.redhat.com/security/cve/CVE-2025-49796", "https://bugzilla.redhat.com/2372373", "https://bugzilla.redhat.com/2372385", "https://bugzilla.redhat.com/2372406", "https://bugzilla.redhat.com/show_bug.cgi?id=2372373", "https://bugzilla.redhat.com/show_bug.cgi?id=2372385", "https://bugzilla.redhat.com/show_bug.cgi?id=2372406", "https://cert-portal.siemens.com/productcert/html/ssa-577017.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49794", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6021", "https://errata.almalinux.org/9/ALSA-2025-10699.html", "https://errata.rockylinux.org/RLSA-2025:10699", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/933", "https://linux.oracle.com/cve/CVE-2025-49796.html", "https://linux.oracle.com/errata/ELSA-2025-12240.html", "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-49796", "https://ubuntu.com/security/notices/USN-7694-1", "https://www.cve.org/CVERecord?id=CVE-2025-49796" ], "PublishedDate": "2025-06-16T16:15:19.37Z", "LastModifiedDate": "2026-05-12T13:17:20.66Z" }, { "VulnerabilityID": "CVE-2025-6021", "PkgID": "libxml2@2.13.4-r5", "PkgName": "libxml2", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libxml2@2.13.4-r5?arch=x86_64\u0026distro=3.21.3", "UID": "21433495685e9e6d" }, "InstalledVersion": "2.13.4-r5", "FixedVersion": "2.13.9-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-6021", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:7cdcd13f8036162b08f0123f403af4e6cc38b5225390b803ee973811241350aa", "Title": "libxml2: Integer Overflow in xmlBuildQName() Leads to Stack Buffer Overflow in libxml2", "Description": "A flaw was found in libxml2's xmlBuildQName function, where integer overflows in buffer size calculations can lead to a stack-based buffer overflow. This issue can result in memory corruption or a denial of service when processing crafted input.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "bitnami": 3, "cbl-mariner": 2, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:10630", "https://access.redhat.com/errata/RHSA-2025:10698", "https://access.redhat.com/errata/RHSA-2025:10699", "https://access.redhat.com/errata/RHSA-2025:11580", "https://access.redhat.com/errata/RHSA-2025:11673", "https://access.redhat.com/errata/RHSA-2025:12098", "https://access.redhat.com/errata/RHSA-2025:12099", "https://access.redhat.com/errata/RHSA-2025:12199", "https://access.redhat.com/errata/RHSA-2025:12237", "https://access.redhat.com/errata/RHSA-2025:12239", "https://access.redhat.com/errata/RHSA-2025:12240", "https://access.redhat.com/errata/RHSA-2025:12241", "https://access.redhat.com/errata/RHSA-2025:13267", "https://access.redhat.com/errata/RHSA-2025:13289", "https://access.redhat.com/errata/RHSA-2025:13325", "https://access.redhat.com/errata/RHSA-2025:13335", "https://access.redhat.com/errata/RHSA-2025:13336", "https://access.redhat.com/errata/RHSA-2025:14059", "https://access.redhat.com/errata/RHSA-2025:14396", "https://access.redhat.com/errata/RHSA-2025:15308", "https://access.redhat.com/errata/RHSA-2025:15672", "https://access.redhat.com/errata/RHSA-2025:19020", "https://access.redhat.com/errata/RHSA-2026:7519", "https://access.redhat.com/security/cve/CVE-2025-6021", "https://bugzilla.redhat.com/2372373", "https://bugzilla.redhat.com/2372385", "https://bugzilla.redhat.com/2372406", "https://bugzilla.redhat.com/show_bug.cgi?id=2372373", "https://bugzilla.redhat.com/show_bug.cgi?id=2372385", "https://bugzilla.redhat.com/show_bug.cgi?id=2372406", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49794", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-49796", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6021", "https://errata.almalinux.org/9/ALSA-2025-10699.html", "https://errata.rockylinux.org/RLSA-2025:10699", "https://gitlab.gnome.org/GNOME/libxml2/-/issues/926", "https://linux.oracle.com/cve/CVE-2025-6021.html", "https://linux.oracle.com/errata/ELSA-2025-12240.html", "https://lists.debian.org/debian-lts-announce/2025/07/msg00014.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-6021", "https://ubuntu.com/security/notices/USN-7694-1", "https://www.cve.org/CVERecord?id=CVE-2025-6021" ], "PublishedDate": "2025-06-12T13:15:25.59Z", "LastModifiedDate": "2026-05-12T13:17:27.99Z" }, { "VulnerabilityID": "CVE-2026-40200", "PkgID": "musl@1.2.5-r9", "PkgName": "musl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl@1.2.5-r9?arch=x86_64\u0026distro=3.21.3", "UID": "d0316c4ab0862e6b" }, "InstalledVersion": "1.2.5-r9", "FixedVersion": "1.2.5-r11", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40200", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:a8d383e1d32aebf6a8ac832fc2d82033273b0b81a750c4b0de38aca38c37d285", "Title": "musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort", "Description": "An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).", "Severity": "HIGH", "CweIDs": [ "CWE-670" ], "VendorSeverity": { "redhat": 3 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/10/13", "https://access.redhat.com/security/cve/CVE-2026-40200", "https://musl.libc.org/releases.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-40200", "https://www.cve.org/CVERecord?id=CVE-2026-40200", "https://www.openwall.com/lists/oss-security/2026/04/10/13" ], "PublishedDate": "2026-04-10T17:17:14.107Z", "LastModifiedDate": "2026-04-27T19:18:46.69Z" }, { "VulnerabilityID": "CVE-2026-6042", "PkgID": "musl@1.2.5-r9", "PkgName": "musl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl@1.2.5-r9?arch=x86_64\u0026distro=3.21.3", "UID": "d0316c4ab0862e6b" }, "InstalledVersion": "1.2.5-r9", "FixedVersion": "1.2.5-r10", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6042", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:6e743f39e00521a198ec5150a002f23ef1a6e8a49c6fbf1dc0fb644775873185", "Title": "musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv", "Description": "A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.", "Severity": "MEDIUM", "CweIDs": [ "CWE-404", "CWE-407" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/09/19", "https://access.redhat.com/security/cve/CVE-2026-6042", "https://nvd.nist.gov/vuln/detail/CVE-2026-6042", "https://vuldb.com/submit/796352", "https://vuldb.com/vuln/356620", "https://vuldb.com/vuln/356620/cti", "https://www.cve.org/CVERecord?id=CVE-2026-6042", "https://www.openwall.com/lists/oss-security/2026/04/02/10", "https://www.openwall.com/lists/oss-security/2026/04/03/2" ], "PublishedDate": "2026-04-10T09:16:25.45Z", "LastModifiedDate": "2026-04-24T18:01:13.913Z" }, { "VulnerabilityID": "CVE-2026-40200", "PkgID": "musl-utils@1.2.5-r9", "PkgName": "musl-utils", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r9?arch=x86_64\u0026distro=3.21.3", "UID": "8991799c5350cf95" }, "InstalledVersion": "1.2.5-r9", "FixedVersion": "1.2.5-r11", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40200", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:5ffac36e2f1da1e70fa48bde3b8995e0338949b6f02921c6ec0ceee34e9b4258", "Title": "musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort", "Description": "An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).", "Severity": "HIGH", "CweIDs": [ "CWE-670" ], "VendorSeverity": { "redhat": 3 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/10/13", "https://access.redhat.com/security/cve/CVE-2026-40200", "https://musl.libc.org/releases.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-40200", "https://www.cve.org/CVERecord?id=CVE-2026-40200", "https://www.openwall.com/lists/oss-security/2026/04/10/13" ], "PublishedDate": "2026-04-10T17:17:14.107Z", "LastModifiedDate": "2026-04-27T19:18:46.69Z" }, { "VulnerabilityID": "CVE-2026-6042", "PkgID": "musl-utils@1.2.5-r9", "PkgName": "musl-utils", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r9?arch=x86_64\u0026distro=3.21.3", "UID": "8991799c5350cf95" }, "InstalledVersion": "1.2.5-r9", "FixedVersion": "1.2.5-r10", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6042", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:ff9e6aa2a2197b8d8f7d13f356dfd6d07300112c69e695edbb88264d2e1a40b8", "Title": "musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv", "Description": "A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.", "Severity": "MEDIUM", "CweIDs": [ "CWE-404", "CWE-407" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/09/19", "https://access.redhat.com/security/cve/CVE-2026-6042", "https://nvd.nist.gov/vuln/detail/CVE-2026-6042", "https://vuldb.com/submit/796352", "https://vuldb.com/vuln/356620", "https://vuldb.com/vuln/356620/cti", "https://www.cve.org/CVERecord?id=CVE-2026-6042", "https://www.openwall.com/lists/oss-security/2026/04/02/10", "https://www.openwall.com/lists/oss-security/2026/04/03/2" ], "PublishedDate": "2026-04-10T09:16:25.45Z", "LastModifiedDate": "2026-04-24T18:01:13.913Z" }, { "VulnerabilityID": "CVE-2026-27135", "PkgID": "nghttp2-libs@1.64.0-r0", "PkgName": "nghttp2-libs", "PkgIdentifier": { "PURL": "pkg:apk/alpine/nghttp2-libs@1.64.0-r0?arch=x86_64\u0026distro=3.21.3", "UID": "e522ca22ea4867ac" }, "InstalledVersion": "1.64.0-r0", "FixedVersion": "1.68.1", "Status": "fixed", "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27135", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:db38bc77b6879b2836b12434eb25d332cbc24bf99c416ec7ad2e75093fe89fa0", "Title": "nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination", "Description": "nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_terminate_session2` is called by the application. They might be called internally by the library when it detects the situation that is subject to connection error. Due to the missing internal state validation, the library keeps reading the rest of the data after one of those APIs is called. Then receiving a malformed frame that causes FRAME_SIZE_ERROR causes assertion failure. nghttp2 v1.68.1 adds missing state validation to avoid assertion failure. No known workarounds are available.", "Severity": "HIGH", "CweIDs": [ "CWE-617" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/20/3", "https://access.redhat.com/errata/RHSA-2026:7896", "https://access.redhat.com/security/cve/CVE-2026-27135", "https://bugzilla.redhat.com/2441268", "https://bugzilla.redhat.com/2442922", "https://bugzilla.redhat.com/2448754", "https://bugzilla.redhat.com/2453151", "https://bugzilla.redhat.com/show_bug.cgi?id=2448754", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27135", "https://errata.almalinux.org/9/ALSA-2026-7896.html", "https://errata.rockylinux.org/RLSA-2026:7668", "https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1", "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6", "https://linux.oracle.com/cve/CVE-2026-27135.html", "https://linux.oracle.com/errata/ELSA-2026-8339.html", "https://lists.debian.org/debian-lts-announce/2026/05/msg00025.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-27135", "https://ubuntu.com/security/notices/USN-8233-1", "https://ubuntu.com/security/notices/USN-8233-2", "https://www.cve.org/CVERecord?id=CVE-2026-27135" ], "PublishedDate": "2026-03-18T18:16:26.723Z", "LastModifiedDate": "2026-05-13T22:16:42.337Z" }, { "VulnerabilityID": "CVE-2026-31789", "PkgID": "openssl@3.3.3-r0", "PkgName": "openssl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/openssl@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "627772e2e77f6983" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31789", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:3eb6a8e46d1964efaa3afc148a6e6437f7b8a3503d6dd3c0c436c8d8702004db", "Title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing", "Description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "CRITICAL", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "azure": 2, "nvd": 4, "photon": 4, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", "V3Score": 5.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31789", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-j79m-9jxq-788r", "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-31789", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.617Z", "LastModifiedDate": "2026-05-12T13:17:34.57Z" }, { "VulnerabilityID": "CVE-2025-15467", "PkgID": "openssl@3.3.3-r0", "PkgName": "openssl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/openssl@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "627772e2e77f6983" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15467", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:0190929a4b57c5005d5255ec29f27d7864a5a7d203f62d10ed1ac9c2d57d951a", "Title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing", "Description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 4, "julia": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 8.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/27/10", "http://www.openwall.com/lists/oss-security/2026/02/25/6", "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-15467", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-wvhq-3h88-rf6g", "https://github.com/guiimoraes/CVE-2025-15467", "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://linux.oracle.com/cve/CVE-2025-15467.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://www.cve.org/CVERecord?id=CVE-2025-15467" ], "PublishedDate": "2026-01-27T16:16:14.257Z", "LastModifiedDate": "2026-05-07T18:12:43.253Z" }, { "VulnerabilityID": "CVE-2025-69421", "PkgID": "openssl@3.3.3-r0", "PkgName": "openssl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/openssl@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "627772e2e77f6983" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69421", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:f0a66008460c2556a844bb5da5f8a2dfe6e5eb2ac1f525b096c1e5955d85354e", "Title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing", "Description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "cbl-mariner": 2, "julia": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 1, "rocky": 3, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-69421", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-w9rv-xc8m-cmqp", "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://linux.oracle.com/cve/CVE-2025-69421.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69421" ], "PublishedDate": "2026-01-27T16:16:34.437Z", "LastModifiedDate": "2026-05-12T13:17:26.71Z" }, { "VulnerabilityID": "CVE-2026-28387", "PkgID": "openssl@3.3.3-r0", "PkgName": "openssl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/openssl@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "627772e2e77f6983" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28387", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:97084352c8b28ff6a69a91ec0ecfc64f2808a19bed2b0df634c5656433c2195d", "Title": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication", "Description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as 'unusable' any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28387", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b", "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe", "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3", "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7", "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177", "https://nvd.nist.gov/vuln/detail/CVE-2026-28387", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28387", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:20.7Z", "LastModifiedDate": "2026-05-12T13:17:33.27Z" }, { "VulnerabilityID": "CVE-2026-28388", "PkgID": "openssl@3.3.3-r0", "PkgName": "openssl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/openssl@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "627772e2e77f6983" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28388", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:d83d51de270262c5598dc1e89d79ddf5ff5aa8acc055de26332a19ead7f05022", "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing", "Description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28388", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28388", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:20.863Z", "LastModifiedDate": "2026-05-12T13:17:33.453Z" }, { "VulnerabilityID": "CVE-2026-28389", "PkgID": "openssl@3.3.3-r0", "PkgName": "openssl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/openssl@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "627772e2e77f6983" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28389", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:44c1437d66e7885b694f27b65b71f599a6cf2ae99400cf3750ea021002e484d9", "Title": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing", "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28389", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/advisories/GHSA-7x88-9hgc-69gf", "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28389", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.03Z", "LastModifiedDate": "2026-05-12T13:17:33.637Z" }, { "VulnerabilityID": "CVE-2026-28390", "PkgID": "openssl@3.3.3-r0", "PkgName": "openssl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/openssl@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "627772e2e77f6983" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28390", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:7c7938214bab5110c34eeae0ffc9f28b75a87d580cb9eb9cbf2bd10340ecb65e", "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing", "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28390", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", "https://nvd.nist.gov/vuln/detail/CVE-2026-28390", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28390", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.19Z", "LastModifiedDate": "2026-05-12T13:17:33.81Z" }, { "VulnerabilityID": "CVE-2025-69419", "PkgID": "openssl@3.3.3-r0", "PkgName": "openssl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/openssl@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "627772e2e77f6983" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69419", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:7bd8cb63432435bf6a6f78e4ddd3154eca272681406c1ce794ac54b394b6644a", "Title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing", "Description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "cbl-mariner": 3, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4472", "https://access.redhat.com/security/cve/CVE-2025-69419", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-4472.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-x77r-97gw-wh89", "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", "https://linux.oracle.com/cve/CVE-2025-69419.html", "https://linux.oracle.com/errata/ELSA-2026-50131.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69419" ], "PublishedDate": "2026-01-27T16:16:34.113Z", "LastModifiedDate": "2026-05-12T13:17:26.19Z" }, { "VulnerabilityID": "CVE-2025-9230", "PkgID": "openssl@3.3.3-r0", "PkgName": "openssl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/openssl@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "627772e2e77f6983" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:419fa9a1e6be0b987d312c067c874c02aa4b425b5618647475000f0246b5c9a3", "Title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap", "Description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125", "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "cbl-mariner": 3, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.6 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/09/30/5", "https://access.redhat.com/errata/RHSA-2026:2776", "https://access.redhat.com/security/cve/CVE-2025-9230", "https://bugzilla.redhat.com/2396054", "https://bugzilla.redhat.com/show_bug.cgi?id=2396054", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cert-portal.siemens.com/productcert/html/ssa-485750.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230", "https://errata.almalinux.org/9/ALSA-2026-2776.html", "https://errata.rockylinux.org/RLSA-2025:21255", "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", "https://linux.oracle.com/cve/CVE-2025-9230.html", "https://linux.oracle.com/errata/ELSA-2026-50114.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "https://openssl-library.org/news/secadv/20250930.txt", "https://ubuntu.com/security/notices/USN-7786-1", "https://www.cve.org/CVERecord?id=CVE-2025-9230" ], "PublishedDate": "2025-09-30T14:15:41.05Z", "LastModifiedDate": "2026-05-12T13:17:29.767Z" }, { "VulnerabilityID": "CVE-2025-9231", "PkgID": "openssl@3.3.3-r0", "PkgName": "openssl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/openssl@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "627772e2e77f6983" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:7d6065367bccdaec0c8844497652eb3ff01c80e7d6db6bb7d5057c6e23385e1b", "Title": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", "Description": "Issue summary: A timing side-channel which could potentially allow remote\nrecovery of the private key exists in the SM2 algorithm implementation on 64 bit\nARM platforms.\n\nImpact summary: A timing side-channel in SM2 signature computations on 64 bit\nARM platforms could allow recovering the private key by an attacker..\n\nWhile remote key recovery over a network was not attempted by the reporter,\ntiming measurements revealed a timing signal which may allow such an attack.\n\nOpenSSL does not directly support certificates with SM2 keys in TLS, and so\nthis CVE is not relevant in most TLS contexts. However, given that it is\npossible to add support for such certificates via a custom provider, coupled\nwith the fact that in such a custom provider context the private key may be\nrecoverable via remote timing measurements, we consider this to be a Moderate\nseverity issue.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as SM2 is not an approved algorithm.", "Severity": "MEDIUM", "CweIDs": [ "CWE-385" ], "VendorSeverity": { "amazon": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/09/30/5", "http://www.openwall.com/lists/oss-security/2026/05/11/11", "https://access.redhat.com/security/cve/CVE-2025-9231", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", "https://github.com/advisories/GHSA-9mrx-mqmg-gwj9", "https://github.com/openssl/openssl/commit/567f64386e43683888212226824b6a179885a0fe", "https://github.com/openssl/openssl/commit/cba616c26ac8e7b37de5e77762e505ba5ca51698", "https://github.com/openssl/openssl/commit/eed5adc9f969d77c94f213767acbb41ff923b6f4", "https://github.com/openssl/openssl/commit/fc47a2ec078912b3e914fab5734535e76c4820c2", "https://nvd.nist.gov/vuln/detail/CVE-2025-9231", "https://openssl-library.org/news/secadv/20250930.txt", "https://ubuntu.com/security/notices/USN-7786-1", "https://www.cve.org/CVERecord?id=CVE-2025-9231" ], "PublishedDate": "2025-09-30T14:15:41.19Z", "LastModifiedDate": "2026-05-12T13:17:29.927Z" }, { "VulnerabilityID": "CVE-2026-31790", "PkgID": "openssl@3.3.3-r0", "PkgName": "openssl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/openssl@3.3.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "627772e2e77f6983" }, "InstalledVersion": "3.3.3-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31790", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:5ca45cffddc05117388629483fedddab896d92543f9c1ec08e24961941cfdc4b", "Title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key", "Description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-754" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31790", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-vgxx-5xj5-q97x", "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-31790", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.77Z", "LastModifiedDate": "2026-05-12T13:17:34.75Z" }, { "VulnerabilityID": "CVE-2024-58251", "PkgID": "ssl_client@1.37.0-r12", "PkgName": "ssl_client", "PkgIdentifier": { "PURL": "pkg:apk/alpine/ssl_client@1.37.0-r12?arch=x86_64\u0026distro=3.21.3", "UID": "7637191a09ed06b3" }, "InstalledVersion": "1.37.0-r12", "FixedVersion": "1.37.0-r14", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:30d97192c25f813ce5029bf633f9f616df39f99c1b34156d5bd79031ca89c2b4", "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", "Severity": "MEDIUM", "CweIDs": [ "CWE-150" ], "VendorSeverity": { "ubuntu": 2 }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/23/6", "https://bugs.busybox.net/show_bug.cgi?id=15922", "https://www.busybox.net", "https://www.busybox.net/downloads/", "https://www.cve.org/CVERecord?id=CVE-2024-58251" ], "PublishedDate": "2025-04-23T18:16:03.057Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-31115", "PkgID": "xz-libs@5.6.3-r0", "PkgName": "xz-libs", "PkgIdentifier": { "PURL": "pkg:apk/alpine/xz-libs@5.6.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "458a272f25e033f6" }, "InstalledVersion": "5.6.3-r0", "FixedVersion": "5.6.3-r1", "Status": "fixed", "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-31115", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:609fb8f1d168adea1b51136fd9ae8b0ad9d9d814fac1c0b55924a3c75ec83530", "Title": "xz: XZ has a heap-use-after-free bug in threaded .xz decoder", "Description": "XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on the null pointer plus an offset. Applications and libraries that use the lzma_stream_decoder_mt function are affected. The bug has been fixed in XZ Utils 5.8.1, and the fix has been committed to the v5.4, v5.6, v5.8, and master branches in the xz Git repository. No new release packages will be made from the old stable branches, but a standalone patch is available that applies to all affected releases.", "Severity": "HIGH", "CweIDs": [ "CWE-366", "CWE-416", "CWE-476", "CWE-826" ], "VendorSeverity": { "azure": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/03/1", "http://www.openwall.com/lists/oss-security/2025/04/03/2", "http://www.openwall.com/lists/oss-security/2025/04/03/3", "https://access.redhat.com/security/cve/CVE-2025-31115", "https://bugzilla.redhat.com/show_bug.cgi?id=2357249", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31115", "https://errata.rockylinux.org/RLSA-2025:7524", "https://github.com/tukaani-project/xz/commit/d5a2ffe41bb77b918a8c96084885d4dbe4bf6480", "https://github.com/tukaani-project/xz/security/advisories/GHSA-6cc8-p5mm-29w2", "https://linux.oracle.com/cve/CVE-2025-31115.html", "https://linux.oracle.com/errata/ELSA-2025-7524.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-31115", "https://tukaani.org/xz/xz-cve-2025-31115.patch", "https://ubuntu.com/security/notices/USN-7414-1", "https://www.cve.org/CVERecord?id=CVE-2025-31115" ], "PublishedDate": "2025-04-03T17:15:30.54Z", "LastModifiedDate": "2026-05-12T13:16:40.627Z" }, { "VulnerabilityID": "CVE-2026-34743", "PkgID": "xz-libs@5.6.3-r0", "PkgName": "xz-libs", "PkgIdentifier": { "PURL": "pkg:apk/alpine/xz-libs@5.6.3-r0?arch=x86_64\u0026distro=3.21.3", "UID": "458a272f25e033f6" }, "InstalledVersion": "5.6.3-r0", "FixedVersion": "5.8.3-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f22a2f15d15f4652aa32ba4589d5f6c6a5c36184a8c886883a6f206a5ff339df", "DiffID": "sha256:32fd6efced421ac4e70921f111e31a3cf915eb3aa1d3e0e721c8d910eab975fb" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34743", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:be20ef980430ae0a2b27a51474b80e5f9e4f420561b702a4a870288b1b0cc4cb", "Title": "xz: XZ Utils: Denial of Service via buffer overflow in index decoding", "Description": "XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.", "Severity": "MEDIUM", "CweIDs": [ "CWE-122" ], "VendorSeverity": { "azure": 1, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/31/13", "https://access.redhat.com/security/cve/CVE-2026-34743", "https://github.com/tukaani-project/xz/commit/c8c22869e780ff57c96b46939c3d79ff99395f87", "https://github.com/tukaani-project/xz/releases/tag/v5.8.3", "https://github.com/tukaani-project/xz/security/advisories/GHSA-x872-m794-cxhv", "https://nvd.nist.gov/vuln/detail/CVE-2026-34743", "https://www.cve.org/CVERecord?id=CVE-2026-34743" ], "PublishedDate": "2026-04-02T19:21:33.187Z", "LastModifiedDate": "2026-04-15T17:33:17.68Z" }, { "VulnerabilityID": "CVE-2026-22184", "PkgID": "zlib@1.3.1-r2", "PkgName": "zlib", "PkgIdentifier": { "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.21.3", "UID": "3b545badcbeb3bc0" }, "InstalledVersion": "1.3.1-r2", "FixedVersion": "1.3.2-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22184", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:ee9e6f10efc9e93cb106eb9aa68b15b6c168fec2e70f268d8864d8d91d563bad", "Title": "zlib: zlib: Arbitrary code execution via buffer overflow in untgz utility", "Description": "zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "nvd": 3, "redhat": 3 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "V3Score": 8.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-22184", "https://github.com/madler/zlib", "https://github.com/madler/zlib/issues/1142", "https://nvd.nist.gov/vuln/detail/CVE-2026-22184", "https://seclists.org/fulldisclosure/2026/Jan/3", "https://www.cve.org/CVERecord?id=CVE-2026-22184", "https://www.vulncheck.com/advisories/zlib-untgz-global-buffer-overflow-in-tgzfname", "https://zlib.net/" ], "PublishedDate": "2026-01-07T21:16:01.563Z", "LastModifiedDate": "2026-03-18T16:26:31.14Z" }, { "VulnerabilityID": "CVE-2026-27171", "PkgID": "zlib@1.3.1-r2", "PkgName": "zlib", "PkgIdentifier": { "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.21.3", "UID": "3b545badcbeb3bc0" }, "InstalledVersion": "1.3.1-r2", "FixedVersion": "1.3.2-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f18232174bc91741fdf3da96d85011092101a032a93a388b79e99e69c2d5c870", "DiffID": "sha256:08000c18d16dadf9553d747a58cf44023423a9ab010aab96cf263d2216b8b350" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27171", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:5bc54ddc9d2e32728d49d07ecd285a37cb08095c0369301dab18eb273e614999", "Title": "zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions", "Description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", "Severity": "MEDIUM", "CweIDs": [ "CWE-1284" ], "VendorSeverity": { "amazon": 1, "azure": 1, "cbl-mariner": 1, "julia": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 2.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit", "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", "https://access.redhat.com/security/cve/CVE-2026-27171", "https://github.com/advisories/GHSA-h858-mf2m-8jf4", "https://github.com/madler/zlib/issues/904", "https://github.com/madler/zlib/releases/tag/v1.3.2", "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", "https://ostif.org/zlib-audit-complete", "https://ostif.org/zlib-audit-complete/", "https://www.cve.org/CVERecord?id=CVE-2026-27171" ], "PublishedDate": "2026-02-18T04:16:01.263Z", "LastModifiedDate": "2026-03-25T21:27:04.603Z" } ] }, { "Target": "dbg", "Class": "lang-pkgs", "Type": "gobinary", "Packages": [ { "ID": "k8s.io/ingress-nginx", "Name": "k8s.io/ingress-nginx", "Identifier": { "PURL": "pkg:golang/k8s.io/ingress-nginx", "UID": "1b3f2b0a42b6cd85" }, "Relationship": "root", "DependsOn": [ "github.com/go-logr/logr@v1.4.2", "github.com/mitchellh/go-ps@v1.0.0", "github.com/spf13/cobra@v1.9.1", "github.com/spf13/pflag@v1.0.6", "k8s.io/apimachinery@v0.32.3", "k8s.io/klog/v2@v2.130.1", "k8s.io/utils@v0.0.0-20250321185631-1f6e0b77f77e", "stdlib@v1.24.1" ], "Layer": { "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" }, "AnalyzedBy": "gobinary" }, { "ID": "stdlib@v1.24.1", "Name": "stdlib", "Identifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "6817440068799a0a" }, "Version": "v1.24.1", "Relationship": "direct", "Layer": { "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-logr/logr@v1.4.2", "Name": "github.com/go-logr/logr", "Identifier": { "PURL": "pkg:golang/github.com/go-logr/logr@v1.4.2", "UID": "444b50d7e3f65db1" }, "Version": "v1.4.2", "Layer": { "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mitchellh/go-ps@v1.0.0", "Name": "github.com/mitchellh/go-ps", "Identifier": { "PURL": "pkg:golang/github.com/mitchellh/go-ps@v1.0.0", "UID": "321037fa9db5ac36" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/spf13/cobra@v1.9.1", "Name": "github.com/spf13/cobra", "Identifier": { "PURL": "pkg:golang/github.com/spf13/cobra@v1.9.1", "UID": "f8be94c557b947f" }, "Version": "v1.9.1", "Layer": { "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/spf13/pflag@v1.0.6", "Name": "github.com/spf13/pflag", "Identifier": { "PURL": "pkg:golang/github.com/spf13/pflag@v1.0.6", "UID": "27f0717e6c121941" }, "Version": "v1.0.6", "Layer": { "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/apimachinery@v0.32.3", "Name": "k8s.io/apimachinery", "Identifier": { "PURL": "pkg:golang/k8s.io/apimachinery@v0.32.3", "UID": "80857fc9182703f7" }, "Version": "v0.32.3", "Layer": { "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/klog/v2@v2.130.1", "Name": "k8s.io/klog/v2", "Identifier": { "PURL": "pkg:golang/k8s.io/klog/v2@v2.130.1", "UID": "a5314aaf5a16e18b" }, "Version": "v2.130.1", "Layer": { "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/utils@v0.0.0-20250321185631-1f6e0b77f77e", "Name": "k8s.io/utils", "Identifier": { "PURL": "pkg:golang/k8s.io/utils@v0.0.0-20250321185631-1f6e0b77f77e", "UID": "20f03459b73f19f" }, "Version": "v0.0.0-20250321185631-1f6e0b77f77e", "Layer": { "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" }, "AnalyzedBy": "gobinary" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2025-68121", "VendorIDs": [ "GO-2026-4337" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "6817440068799a0a" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3", "Status": "fixed", "Layer": { "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68121", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:9d16646cba1c014abc4b1680e3b7d86044d6e12df538b465b27650e74e8eef1b", "Title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption", "Description": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.", "Severity": "CRITICAL", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 4, "cbl-mariner": 2, "nvd": 4, "oracle-oval": 3, "photon": 4, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "V3Score": 10 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "V3Score": 10 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4177", "https://access.redhat.com/security/cve/CVE-2025-68121", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-4177.html", "https://errata.rockylinux.org/RLSA-2026:4177", "https://github.com/golang/go/issues/77113", "https://go.dev/cl/737700", "https://go.dev/issue/77217", "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-68121.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-68121", "https://pkg.go.dev/vuln/GO-2026-4337", "https://www.cve.org/CVERecord?id=CVE-2025-68121" ], "PublishedDate": "2026-02-05T18:16:10.857Z", "LastModifiedDate": "2026-04-29T14:16:16.17Z" }, { "VulnerabilityID": "CVE-2025-22874", "VendorIDs": [ "GO-2025-3749" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "6817440068799a0a" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.4", "Status": "fixed", "Layer": { "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22874", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:638e3b1f4da448d4f3dc5e1821c5efb6504189b83c3a8749680c5240f01796b3", "Title": "crypto/x509: Usage of ExtKeyUsageAny disables policy validation in crypto/x509", "Description": "Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.", "Severity": "HIGH", "VendorSeverity": { "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "redhat": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22874", "https://go.dev/cl/670375", "https://go.dev/issue/73612", "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "https://nvd.nist.gov/vuln/detail/CVE-2025-22874", "https://pkg.go.dev/vuln/GO-2025-3749", "https://www.cve.org/CVERecord?id=CVE-2025-22874" ], "PublishedDate": "2025-06-11T17:15:42.167Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-61726", "VendorIDs": [ "GO-2026-4341" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "6817440068799a0a" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61726", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:77af338f061fd0d3c30db136ea02e2a540a9a5f0d4229ac32562b87256fbd9e7", "Title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url", "Description": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 3, "cbl-mariner": 2, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4177", "https://access.redhat.com/security/cve/CVE-2025-61726", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-4177.html", "https://errata.rockylinux.org/RLSA-2026:4177", "https://go.dev/cl/736712", "https://go.dev/issue/77101", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-61726.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61726", "https://pkg.go.dev/vuln/GO-2026-4341", "https://www.cve.org/CVERecord?id=CVE-2025-61726" ], "PublishedDate": "2026-01-28T20:16:09.713Z", "LastModifiedDate": "2026-02-06T18:47:34.52Z" }, { "VulnerabilityID": "CVE-2025-61729", "VendorIDs": [ "GO-2025-4155" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "6817440068799a0a" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.11, 1.25.5", "Status": "fixed", "Layer": { "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61729", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:bb6455444a91459b66dc37f475d222dd37fc1fdfa6717c998bff78adda8b7e95", "Title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate", "Description": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 1, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:3928", "https://access.redhat.com/security/cve/CVE-2025-61729", "https://bugzilla.redhat.com/2418462", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-3928.html", "https://errata.rockylinux.org/RLSA-2026:3928", "https://go.dev/cl/725920", "https://go.dev/issue/76445", "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "https://linux.oracle.com/cve/CVE-2025-61729.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61729", "https://pkg.go.dev/vuln/GO-2025-4155", "https://www.cve.org/CVERecord?id=CVE-2025-61729" ], "PublishedDate": "2025-12-02T19:15:51.447Z", "LastModifiedDate": "2025-12-19T18:25:28.283Z" }, { "VulnerabilityID": "CVE-2026-25679", "VendorIDs": [ "GO-2026-4601" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "6817440068799a0a" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.8, 1.26.1", "Status": "fixed", "Layer": { "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25679", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:e4dc40e75a61dba24cfb861cbe793840bccef82c625f8c9fcdef41d3961b1eb9", "Title": "net/url: Incorrect parsing of IPv6 host literals in net/url", "Description": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.", "Severity": "HIGH", "CweIDs": [ "CWE-425" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:9044", "https://access.redhat.com/security/cve/CVE-2026-25679", "https://bugzilla.redhat.com/2445356", "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", "https://errata.almalinux.org/9/ALSA-2026-9044.html", "https://errata.rockylinux.org/RLSA-2026:8841", "https://go.dev/cl/752180", "https://go.dev/issue/77578", "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "https://linux.oracle.com/cve/CVE-2026-25679.html", "https://linux.oracle.com/errata/ELSA-2026-9044.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", "https://pkg.go.dev/vuln/GO-2026-4601", "https://www.cve.org/CVERecord?id=CVE-2026-25679" ], "PublishedDate": "2026-03-06T22:16:00.72Z", "LastModifiedDate": "2026-04-21T14:43:03.8Z" }, { "VulnerabilityID": "CVE-2026-32280", "VendorIDs": [ "GO-2026-4947" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "6817440068799a0a" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:cf29d8a89128bee5046fa7381d30bc4416a2125dc4ec5e352db8b21f567e51dc", "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32280", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/758320", "https://go.dev/issue/78282", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32280.html", "https://linux.oracle.com/errata/ELSA-2026-16875.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", "https://pkg.go.dev/vuln/GO-2026-4947", "https://www.cve.org/CVERecord?id=CVE-2026-32280" ], "PublishedDate": "2026-04-08T02:16:03.247Z", "LastModifiedDate": "2026-04-16T19:16:42.18Z" }, { "VulnerabilityID": "CVE-2026-32281", "VendorIDs": [ "GO-2026-4946" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "6817440068799a0a" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f66d7b56cca51fe9982d4945255dbd0f8ba2531620585ef39cb5f82f37aa6e4a", "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32281", "https://go.dev/cl/758061", "https://go.dev/issue/78281", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", "https://pkg.go.dev/vuln/GO-2026-4946", "https://www.cve.org/CVERecord?id=CVE-2026-32281" ], "PublishedDate": "2026-04-08T02:16:03.35Z", "LastModifiedDate": "2026-04-16T19:15:57.75Z" }, { "VulnerabilityID": "CVE-2026-32283", "VendorIDs": [ "GO-2026-4870" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "6817440068799a0a" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:788b25bbc577e0ffa049cdf22ff707132599b09f0649083535abd06cce37710a", "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "nvd": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32283", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763767", "https://go.dev/issue/78334", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32283.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", "https://pkg.go.dev/vuln/GO-2026-4870", "https://www.cve.org/CVERecord?id=CVE-2026-32283" ], "PublishedDate": "2026-04-08T02:16:03.58Z", "LastModifiedDate": "2026-04-16T19:12:10.54Z" }, { "VulnerabilityID": "CVE-2026-33811", "VendorIDs": [ "GO-2026-4981" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "6817440068799a0a" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:cc9901967dcb024398a2be97b8343d9e375d846ce8117f204f6cf963bcf256aa", "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", "Severity": "HIGH", "CweIDs": [ "CWE-415" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/767860", "https://go.dev/issue/78803", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", "https://pkg.go.dev/vuln/GO-2026-4981" ], "PublishedDate": "2026-05-07T20:16:42.77Z", "LastModifiedDate": "2026-05-12T20:23:02.333Z" }, { "VulnerabilityID": "CVE-2026-33814", "VendorIDs": [ "GO-2026-4918" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "6817440068799a0a" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f7f214d5876a41340ad77e543f35457c3d125ef19177ac3fc9b1047446f49abc", "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", "Severity": "HIGH", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/761581", "https://go.dev/cl/761640", "https://go.dev/issue/78476", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", "https://pkg.go.dev/vuln/GO-2026-4918" ], "PublishedDate": "2026-05-07T20:16:42.88Z", "LastModifiedDate": "2026-05-13T14:41:59.52Z" }, { "VulnerabilityID": "CVE-2026-39820", "VendorIDs": [ "GO-2026-4986" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "6817440068799a0a" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:63689b74e7f874c5be66fdb17add79cd243e2af6852d8034792dabb7f7c7df80", "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/759940", "https://go.dev/issue/78566", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", "https://pkg.go.dev/vuln/GO-2026-4986" ], "PublishedDate": "2026-05-07T20:16:43.187Z", "LastModifiedDate": "2026-05-13T15:10:58.65Z" }, { "VulnerabilityID": "CVE-2026-39836", "VendorIDs": [ "GO-2026-4971" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "6817440068799a0a" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:efede7a16fb84189ff026f15f3f605a638855c5d1b5b3991504023f2d60d5bd1", "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/775320", "https://go.dev/issue/79006", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", "https://pkg.go.dev/vuln/GO-2026-4971" ], "PublishedDate": "2026-05-07T20:16:43.593Z", "LastModifiedDate": "2026-05-13T15:11:10.31Z" }, { "VulnerabilityID": "CVE-2026-42499", "VendorIDs": [ "GO-2026-4977" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "6817440068799a0a" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:425a4904021cce990807ea1e340fcd3e8b001e40f9511a204a17e0f019bfbdf4", "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", "Severity": "HIGH", "VendorSeverity": { "bitnami": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/771520", "https://go.dev/issue/78987", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", "https://pkg.go.dev/vuln/GO-2026-4977" ], "PublishedDate": "2026-05-07T20:16:44.54Z", "LastModifiedDate": "2026-05-13T16:59:17.563Z" }, { "VulnerabilityID": "CVE-2025-0913", "VendorIDs": [ "GO-2025-3750" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "6817440068799a0a" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.23.10, 1.24.4", "Status": "fixed", "Layer": { "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:9a061b62b0f572d9ce016552a438618c66a4aac3615494ffe27cc03e48f9245e", "Title": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", "Description": "os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 } }, "References": [ "https://go.dev/cl/672396", "https://go.dev/issue/73702", "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "https://nvd.nist.gov/vuln/detail/CVE-2025-0913", "https://pkg.go.dev/vuln/GO-2025-3750" ], "PublishedDate": "2025-06-11T18:15:24.627Z", "LastModifiedDate": "2025-08-08T14:53:03.55Z" }, { "VulnerabilityID": "CVE-2025-22871", "VendorIDs": [ "GO-2025-3563" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "6817440068799a0a" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.23.8, 1.24.2", "Status": "fixed", "Layer": { "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22871", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:48c85f6495d18670b5880495150a77318e7a4ab12e7bbd21ba04fc010cda6711", "Title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http", "Description": "The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 4, "cbl-mariner": 3, "ghsa": 4, "oracle-oval": 2, "photon": 4, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/04/4", "https://access.redhat.com/errata/RHSA-2025:9635", "https://access.redhat.com/security/cve/CVE-2025-22871", "https://bugzilla.redhat.com/2358493", "https://bugzilla.redhat.com/show_bug.cgi?id=2358493", "https://cert-portal.siemens.com/productcert/html/ssa-783943.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871", "https://errata.almalinux.org/9/ALSA-2025-9635.html", "https://errata.rockylinux.org/RLSA-2025:9635", "https://github.com/roadrunner-server/roadrunner", "https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa", "https://github.com/roadrunner-server/roadrunner/issues/2166", "https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0", "https://go.dev/cl/652998", "https://go.dev/issue/71988", "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk", "https://linux.oracle.com/cve/CVE-2025-22871.html", "https://linux.oracle.com/errata/ELSA-2025-9845.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-22871", "https://pkg.go.dev/vuln/GO-2025-3563", "https://www.cve.org/CVERecord?id=CVE-2025-22871" ], "PublishedDate": "2025-04-08T20:15:20.183Z", "LastModifiedDate": "2026-05-12T13:16:39.897Z" }, { "VulnerabilityID": "CVE-2025-22873", "VendorIDs": [ "GO-2026-4403" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "6817440068799a0a" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.23.9, 1.24.3", "Status": "fixed", "Layer": { "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22873", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:e2ec04e1c18cb225c5597dd2a6bb9b68f9b4ba4fdeb263dbea862507af6a1b1d", "Title": "os: os: Information disclosure via path traversal using specially crafted filenames", "Description": "It was possible to improperly access the parent directory of an os.Root by opening a filename ending in \"../\". For example, Root.Open(\"../\") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.", "Severity": "MEDIUM", "CweIDs": [ "CWE-23" ], "VendorSeverity": { "amazon": 2, "bitnami": 1, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "V3Score": 3.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/05/06/2", "https://access.redhat.com/security/cve/CVE-2025-22873", "https://go.dev/cl/670036", "https://go.dev/issue/73555", "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ", "https://nvd.nist.gov/vuln/detail/CVE-2025-22873", "https://pkg.go.dev/vuln/GO-2026-4403", "https://www.cve.org/CVERecord?id=CVE-2025-22873" ], "PublishedDate": "2026-02-04T23:15:54.22Z", "LastModifiedDate": "2026-02-10T15:16:40.057Z" }, { "VulnerabilityID": "CVE-2025-4673", "VendorIDs": [ "GO-2025-3751" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "6817440068799a0a" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.23.10, 1.24.4", "Status": "fixed", "Layer": { "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:711dcd3e5eb78bcf7289f31dbb91b8c95fe890e1cd4bc0e2dcbd29f9df521ca3", "Title": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", "Description": "Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "V3Score": 6.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "V3Score": 6.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:15887", "https://access.redhat.com/security/cve/CVE-2025-4673", "https://bugzilla.redhat.com/2373305", "https://bugzilla.redhat.com/show_bug.cgi?id=2373305", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673", "https://errata.almalinux.org/9/ALSA-2025-15887.html", "https://errata.rockylinux.org/RLSA-2025:15887", "https://go.dev/cl/679257", "https://go.dev/issue/73816", "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "https://linux.oracle.com/cve/CVE-2025-4673.html", "https://linux.oracle.com/errata/ELSA-2025-10677.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-4673", "https://pkg.go.dev/vuln/GO-2025-3751", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-4673" ], "PublishedDate": "2025-06-11T17:15:42.993Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-47906", "VendorIDs": [ "GO-2025-3956" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "6817440068799a0a" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.23.12, 1.24.6", "Status": "fixed", "Layer": { "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:8c9dc9dc9fb5b512182cce5d31cb58871bc502b59d2d5c7783bf61aa29b876f7", "Title": "os/exec: Unexpected paths returned from LookPath in os/exec", "Description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/08/06/1", "https://access.redhat.com/errata/RHSA-2025:22005", "https://access.redhat.com/security/cve/CVE-2025-47906", "https://bugzilla.redhat.com/2396546", "https://bugzilla.redhat.com/show_bug.cgi?id=2396546", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906", "https://errata.almalinux.org/9/ALSA-2025-22005.html", "https://errata.rockylinux.org/RLSA-2025:22005", "https://go.dev/cl/691775", "https://go.dev/issue/74466", "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", "https://linux.oracle.com/cve/CVE-2025-47906.html", "https://linux.oracle.com/errata/ELSA-2025-22668.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-47906", "https://pkg.go.dev/vuln/GO-2025-3956", "https://www.cve.org/CVERecord?id=CVE-2025-47906" ], "PublishedDate": "2025-09-18T19:15:37.66Z", "LastModifiedDate": "2026-01-27T19:56:17.707Z" }, { "VulnerabilityID": "CVE-2025-47907", "VendorIDs": [ "GO-2025-3849" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "6817440068799a0a" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.23.12, 1.24.6", "Status": "fixed", "Layer": { "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:8c754b992679d9559188ae9472dde97e1e6c54efac0d1ddd98876d4d4cd48219", "Title": "database/sql: Postgres Scan Race Condition", "Description": "Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "V3Score": 7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/08/06/1", "https://access.redhat.com/errata/RHSA-2025:20909", "https://access.redhat.com/security/cve/CVE-2025-47907", "https://bugzilla.redhat.com/2387083", "https://bugzilla.redhat.com/2393152", "https://errata.almalinux.org/9/ALSA-2025-20909.html", "https://go.dev/cl/693735", "https://go.dev/issue/74831", "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", "https://linux.oracle.com/cve/CVE-2025-47907.html", "https://linux.oracle.com/errata/ELSA-2025-20983.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-47907", "https://pkg.go.dev/vuln/GO-2025-3849", "https://www.cve.org/CVERecord?id=CVE-2025-47907" ], "PublishedDate": "2025-08-07T16:15:30.357Z", "LastModifiedDate": "2026-01-29T19:11:50.67Z" }, { "VulnerabilityID": "CVE-2025-47912", "VendorIDs": [ "GO-2025-4010" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "6817440068799a0a" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47912", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:26b3c6be4b1c2ce72fe13e8e635d6d87aebdf60094ef5cc2089a3fd32bdd1701", "Title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url", "Description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-47912", "https://go.dev/cl/709857", "https://go.dev/issue/75678", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-47912", "https://pkg.go.dev/vuln/GO-2025-4010", "https://www.cve.org/CVERecord?id=CVE-2025-47912" ], "PublishedDate": "2025-10-29T23:16:18.187Z", "LastModifiedDate": "2026-01-29T13:57:18.69Z" }, { "VulnerabilityID": "CVE-2025-58183", "VendorIDs": [ "GO-2025-4014" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "6817440068799a0a" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58183", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:391e52fd189ea97e6ce757241530559325c29dc70c918cc777363c3a087efff5", "Title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map", "Description": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/errata/RHSA-2026:1381", "https://access.redhat.com/security/cve/CVE-2025-58183", "https://bugzilla.redhat.com/2407258", "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", "https://errata.almalinux.org/9/ALSA-2026-1381.html", "https://errata.rockylinux.org/RLSA-2025:23326", "https://go.dev/cl/709861", "https://go.dev/issue/75677", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://linux.oracle.com/cve/CVE-2025-58183.html", "https://linux.oracle.com/errata/ELSA-2026-50076.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-58183", "https://pkg.go.dev/vuln/GO-2025-4014", "https://www.cve.org/CVERecord?id=CVE-2025-58183" ], "PublishedDate": "2025-10-29T23:16:19.357Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-58185", "VendorIDs": [ "GO-2025-4011" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "6817440068799a0a" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58185", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:5fb5bf0d8a9f896e9b19c097839be9ff3e138bf4ddf2eb1960d4f247dc542949", "Title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1", "Description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58185", "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd", "https://go.dev/cl/709856", "https://go.dev/issue/75671", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58185", "https://pkg.go.dev/vuln/GO-2025-4011", "https://www.cve.org/CVERecord?id=CVE-2025-58185" ], "PublishedDate": "2025-10-29T23:16:19.45Z", "LastModifiedDate": "2026-02-06T20:26:41.997Z" }, { "VulnerabilityID": "CVE-2025-58187", "VendorIDs": [ "GO-2025-4007" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "6817440068799a0a" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.9, 1.25.3", "Status": "fixed", "Layer": { "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58187", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:5a170f7b166b6a45cde1d29a46c362f29a78ed19da22bf5f8aae8787e2b1ae54", "Title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509", "Description": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.", "Severity": "MEDIUM", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58187", "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4", "https://go.dev/cl/709854", "https://go.dev/issue/75681", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58187", "https://pkg.go.dev/vuln/GO-2025-4007", "https://www.cve.org/CVERecord?id=CVE-2025-58187" ], "PublishedDate": "2025-10-29T23:16:19.643Z", "LastModifiedDate": "2026-01-29T16:02:27.08Z" }, { "VulnerabilityID": "CVE-2025-58188", "VendorIDs": [ "GO-2025-4013" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "6817440068799a0a" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58188", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:8613488c215d9d2623d6c57d60a3ee8f3768ab6220e3fbb41bdb90743a552ff7", "Title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509", "Description": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58188", "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9", "https://go.dev/cl/709853", "https://go.dev/issue/75675", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58188", "https://pkg.go.dev/vuln/GO-2025-4013", "https://www.cve.org/CVERecord?id=CVE-2025-58188" ], "PublishedDate": "2025-10-29T23:16:19.74Z", "LastModifiedDate": "2026-01-29T15:55:11.97Z" }, { "VulnerabilityID": "CVE-2025-58189", "VendorIDs": [ "GO-2025-4008" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "6817440068799a0a" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58189", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:4a79149803385aab30bbac870920cfb9d29a2e9fe95972899602f046e5886861", "Title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information", "Description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", "Severity": "MEDIUM", "CweIDs": [ "CWE-532" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58189", "https://go.dev/cl/707776", "https://go.dev/issue/75652", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58189", "https://pkg.go.dev/vuln/GO-2025-4008", "https://www.cve.org/CVERecord?id=CVE-2025-58189" ], "PublishedDate": "2025-10-29T23:16:19.833Z", "LastModifiedDate": "2026-01-29T15:49:24.543Z" }, { "VulnerabilityID": "CVE-2025-61723", "VendorIDs": [ "GO-2025-4009" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "6817440068799a0a" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61723", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:a73612dba4b767db9b14ffba3cb3ed49035abeb838e7aca1d333e8603375ffa1", "Title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem", "Description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61723", "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b", "https://go.dev/cl/709858", "https://go.dev/issue/75676", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61723", "https://pkg.go.dev/vuln/GO-2025-4009", "https://www.cve.org/CVERecord?id=CVE-2025-61723" ], "PublishedDate": "2025-10-29T23:16:19.927Z", "LastModifiedDate": "2026-01-29T15:49:05.343Z" }, { "VulnerabilityID": "CVE-2025-61724", "VendorIDs": [ "GO-2025-4015" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "6817440068799a0a" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61724", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:d0888da54f9f949c3c0803c66096ba519c9c887a456cd1c39822d260f8b6c1f1", "Title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto", "Description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61724", "https://go.dev/cl/709859", "https://go.dev/issue/75716", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61724", "https://pkg.go.dev/vuln/GO-2025-4015", "https://www.cve.org/CVERecord?id=CVE-2025-61724" ], "PublishedDate": "2025-10-29T23:16:20.02Z", "LastModifiedDate": "2026-01-29T15:30:53.69Z" }, { "VulnerabilityID": "CVE-2025-61725", "VendorIDs": [ "GO-2025-4006" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "6817440068799a0a" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61725", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:fabe62e1acbbbc9f16dcd754740b494ee5c313390b353635e8a55f3643b534ac", "Title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail", "Description": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61725", "https://go.dev/cl/709860", "https://go.dev/issue/75680", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61725", "https://pkg.go.dev/vuln/GO-2025-4006", "https://www.cve.org/CVERecord?id=CVE-2025-61725" ], "PublishedDate": "2025-10-29T23:16:20.113Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-61727", "VendorIDs": [ "GO-2025-4175" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "6817440068799a0a" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.11, 1.25.5", "Status": "fixed", "Layer": { "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61727", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:51647d816847b92c817d1cad57b13bbba799c4cd66b970af871bbd99e0a1dc34", "Title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs", "Description": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-61727", "https://go.dev/cl/723900", "https://go.dev/issue/76442", "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "https://nvd.nist.gov/vuln/detail/CVE-2025-61727", "https://pkg.go.dev/vuln/GO-2025-4175", "https://www.cve.org/CVERecord?id=CVE-2025-61727" ], "PublishedDate": "2025-12-03T20:16:25.607Z", "LastModifiedDate": "2025-12-18T20:15:10.957Z" }, { "VulnerabilityID": "CVE-2025-61728", "VendorIDs": [ "GO-2026-4342" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "6817440068799a0a" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61728", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:d21940b4ba34724326b9a9e7c94518c956c6143426ae2a5b56e952501c38dec4", "Title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip", "Description": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/15/4", "https://access.redhat.com/errata/RHSA-2026:3753", "https://access.redhat.com/security/cve/CVE-2025-61728", "https://bugzilla.redhat.com/2418462", "https://bugzilla.redhat.com/2434431", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", "https://bugzilla.redhat.com/show_bug.cgi?id=2434431", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-3753.html", "https://errata.rockylinux.org/RLSA-2026:3337", "https://go.dev/cl/736713", "https://go.dev/issue/77102", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-61728.html", "https://linux.oracle.com/errata/ELSA-2026-4672.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61728", "https://pkg.go.dev/vuln/GO-2026-4342", "https://www.cve.org/CVERecord?id=CVE-2025-61728" ], "PublishedDate": "2026-01-28T20:16:09.83Z", "LastModifiedDate": "2026-02-06T18:45:10.42Z" }, { "VulnerabilityID": "CVE-2025-61730", "VendorIDs": [ "GO-2026-4340" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "6817440068799a0a" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61730", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:d07d5df77dfccbbf74ecdaf4464708feec771014c162015a9b875f7f77ed8d9d", "Title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls", "Description": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 2, "azure": 1, "bitnami": 2, "cbl-mariner": 1, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-61730", "https://go.dev/cl/724120", "https://go.dev/issue/76443", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://nvd.nist.gov/vuln/detail/CVE-2025-61730", "https://pkg.go.dev/vuln/GO-2026-4340", "https://www.cve.org/CVERecord?id=CVE-2025-61730" ], "PublishedDate": "2026-01-28T20:16:09.94Z", "LastModifiedDate": "2026-02-03T20:36:41.3Z" }, { "VulnerabilityID": "CVE-2026-27142", "VendorIDs": [ "GO-2026-4603" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "6817440068799a0a" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.8, 1.26.1", "Status": "fixed", "Layer": { "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27142", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:bcabaf9f6afe399bce6e559604aec3a3f5f9c3fba985293af94cb7f4c3a7c443", "Title": "html/template: URLs in meta content attribute actions are not escaped in html/template", "Description": "Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27142", "https://go.dev/cl/752081", "https://go.dev/issue/77954", "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "https://nvd.nist.gov/vuln/detail/CVE-2026-27142", "https://pkg.go.dev/vuln/GO-2026-4603", "https://www.cve.org/CVERecord?id=CVE-2026-27142" ], "PublishedDate": "2026-03-06T22:16:01.177Z", "LastModifiedDate": "2026-04-21T14:30:01.38Z" }, { "VulnerabilityID": "CVE-2026-32282", "VendorIDs": [ "GO-2026-4864" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "6817440068799a0a" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:79d3754b7b5f75975b123adfb7c62ac7b05c38e210a3d5e116b8c76c343201e1", "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32282", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763761", "https://go.dev/issue/78293", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32282.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", "https://pkg.go.dev/vuln/GO-2026-4864", "https://www.cve.org/CVERecord?id=CVE-2026-32282" ], "PublishedDate": "2026-04-08T02:16:03.467Z", "LastModifiedDate": "2026-04-16T19:15:39.4Z" }, { "VulnerabilityID": "CVE-2026-32288", "VendorIDs": [ "GO-2026-4869" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "6817440068799a0a" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b701605b37b4a21b8f074ce12367a37842a0a72dfd81406945aafb835bdefae1", "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "azure": 2, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32288", "https://go.dev/cl/763766", "https://go.dev/issue/78301", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", "https://pkg.go.dev/vuln/GO-2026-4869", "https://www.cve.org/CVERecord?id=CVE-2026-32288" ], "PublishedDate": "2026-04-08T02:16:03.707Z", "LastModifiedDate": "2026-04-16T19:08:52.24Z" }, { "VulnerabilityID": "CVE-2026-32289", "VendorIDs": [ "GO-2026-4865" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "6817440068799a0a" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:be865b5b3a4748cf8acce35652778efc6cf85f99cd3f5ff6784da140c680e72a", "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32289", "https://go.dev/cl/763762", "https://go.dev/issue/78331", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", "https://pkg.go.dev/vuln/GO-2026-4865", "https://www.cve.org/CVERecord?id=CVE-2026-32289" ], "PublishedDate": "2026-04-08T02:16:03.82Z", "LastModifiedDate": "2026-04-16T19:06:57.367Z" }, { "VulnerabilityID": "CVE-2026-39823", "VendorIDs": [ "GO-2026-4982" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "6817440068799a0a" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:1423bcb79c85b02f6714f2639458e0e4cf2af5ee075bb7de688cabdb01462307", "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/769920", "https://go.dev/issue/78913", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", "https://pkg.go.dev/vuln/GO-2026-4982" ], "PublishedDate": "2026-05-07T20:16:43.29Z", "LastModifiedDate": "2026-05-13T16:58:45.697Z" }, { "VulnerabilityID": "CVE-2026-39825", "VendorIDs": [ "GO-2026-4976" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "6817440068799a0a" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:6433d4dd438618d72a62af6304346a5f7f6b3c9e5822b163e523ca7da366275a", "Title": "ReverseProxy can forward queries containing parameters not visible to ...", "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", "Severity": "MEDIUM", "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://go.dev/cl/770541", "https://go.dev/issue/78948", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", "https://pkg.go.dev/vuln/GO-2026-4976" ], "PublishedDate": "2026-05-07T20:16:43.39Z", "LastModifiedDate": "2026-05-13T16:58:56.39Z" }, { "VulnerabilityID": "CVE-2026-39826", "VendorIDs": [ "GO-2026-4980" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "6817440068799a0a" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:3ec1bcf64bbc36696e1d018129ace9488c5b40fa2a9f9e1b5bef49264fc36efc", "DiffID": "sha256:f702a84ca7105edc93a7903a56043bbef007c2b1aa0584d247e47ed260b22c17" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:9c327d0ddfe26b1eb17c89633ce621a45030730d54a7785d454f7fe2528375ff", "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", "Severity": "MEDIUM", "CweIDs": [ "CWE-116" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/771180", "https://go.dev/issue/78981", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", "https://pkg.go.dev/vuln/GO-2026-4980" ], "PublishedDate": "2026-05-07T20:16:43.49Z", "LastModifiedDate": "2026-05-13T16:59:07.48Z" } ] }, { "Target": "nginx-ingress-controller", "Class": "lang-pkgs", "Type": "gobinary", "Packages": [ { "ID": "k8s.io/ingress-nginx", "Name": "k8s.io/ingress-nginx", "Identifier": { "PURL": "pkg:golang/k8s.io/ingress-nginx", "UID": "cc0109e0583b6498" }, "Relationship": "root", "DependsOn": [ "dario.cat/mergo@v1.0.1", "github.com/armon/go-proxyproto@v0.1.0", "github.com/beorn7/perks@v1.0.1", "github.com/blang/semver/v4@v4.0.0", "github.com/cespare/xxhash/v2@v2.3.0", "github.com/coreos/go-systemd/v22@v22.5.0", "github.com/cyphar/filepath-securejoin@v0.4.1", "github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", "github.com/eapache/channels@v1.1.0", "github.com/eapache/queue@v1.1.0", "github.com/emicklei/go-restful/v3@v3.12.2", "github.com/fsnotify/fsnotify@v1.8.0", "github.com/fullsailor/pkcs7@v0.0.0-20190404230743-d7302db945fa", "github.com/fxamacker/cbor/v2@v2.7.0", "github.com/go-logr/logr@v1.4.2", "github.com/go-openapi/jsonpointer@v0.21.1", "github.com/go-openapi/jsonreference@v0.21.0", "github.com/go-openapi/swag@v0.23.1", "github.com/godbus/dbus/v5@v5.1.0", "github.com/gogo/protobuf@v1.3.2", "github.com/golang/protobuf@v1.5.4", "github.com/google/gnostic-models@v0.6.9", "github.com/google/go-cmp@v0.7.0", "github.com/google/gofuzz@v1.2.0", "github.com/google/uuid@v1.6.0", "github.com/josharian/intern@v1.0.0", "github.com/json-iterator/go@v1.1.12", "github.com/klauspost/compress@v1.18.0", "github.com/mailru/easyjson@v0.9.0", "github.com/mitchellh/go-ps@v1.0.0", "github.com/mitchellh/hashstructure/v2@v2.0.2", "github.com/mitchellh/mapstructure@v1.5.0", "github.com/moby/sys/mountinfo@v0.7.2", "github.com/moby/sys/userns@v0.1.0", "github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", "github.com/modern-go/reflect2@v1.0.2", "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", "github.com/ncabatoff/go-seq@v0.0.0-20180805175032-b08ef85ed833", "github.com/ncabatoff/process-exporter@v0.8.5", "github.com/opencontainers/runc@v1.2.6", "github.com/opencontainers/runtime-spec@v1.2.1", "github.com/pkg/errors@v0.9.1", "github.com/prometheus/client_golang@v1.21.1", "github.com/prometheus/client_model@v0.6.1", "github.com/prometheus/common@v0.63.0", "github.com/prometheus/procfs@v0.16.0", "github.com/sirupsen/logrus@v1.9.3", "github.com/spf13/cobra@v1.9.1", "github.com/spf13/pflag@v1.0.6", "github.com/x448/float16@v0.8.4", "github.com/zakjan/cert-chain-resolver@v0.0.0-20221221105603-fcedb00c5b30", "go.opentelemetry.io/otel/trace@v1.35.0", "go.opentelemetry.io/otel@v1.35.0", "golang.org/x/net@v0.37.0", "golang.org/x/oauth2@v0.28.0", "golang.org/x/sys@v0.31.0", "golang.org/x/term@v0.30.0", "golang.org/x/text@v0.23.0", "golang.org/x/time@v0.11.0", "google.golang.org/protobuf@v1.36.6", "gopkg.in/evanphx/json-patch.v4@v4.12.0", "gopkg.in/go-playground/pool.v3@v3.1.1", "gopkg.in/inf.v0@v0.9.1", "gopkg.in/mcuadros/go-syslog.v2@v2.3.0", "gopkg.in/yaml.v3@v3.0.1", "k8s.io/api@v0.32.3", "k8s.io/apimachinery@v0.32.3", "k8s.io/apiserver@v0.32.3", "k8s.io/client-go@v0.32.3", "k8s.io/component-base@v0.32.3", "k8s.io/klog/v2@v2.130.1", "k8s.io/kube-openapi@v0.0.0-20250318190949-c8a335a9a2ff", "k8s.io/utils@v0.0.0-20250321185631-1f6e0b77f77e", "pault.ag/go/sniff@v0.0.0-20200207005214-cf7e4d167732", "sigs.k8s.io/json@v0.0.0-20241014173422-cfa47c3a1cc8", "sigs.k8s.io/randfill@v1.0.0", "sigs.k8s.io/structured-merge-diff/v4@v4.6.0", "sigs.k8s.io/yaml@v1.4.0", "stdlib@v1.24.1" ], "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "stdlib@v1.24.1", "Name": "stdlib", "Identifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9149befe453267f8" }, "Version": "v1.24.1", "Relationship": "direct", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "dario.cat/mergo@v1.0.1", "Name": "dario.cat/mergo", "Identifier": { "PURL": "pkg:golang/dario.cat/mergo@v1.0.1", "UID": "20b7cc2c1bb24ba6" }, "Version": "v1.0.1", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/armon/go-proxyproto@v0.1.0", "Name": "github.com/armon/go-proxyproto", "Identifier": { "PURL": "pkg:golang/github.com/armon/go-proxyproto@v0.1.0", "UID": "48505436afd03f69" }, "Version": "v0.1.0", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/beorn7/perks@v1.0.1", "Name": "github.com/beorn7/perks", "Identifier": { "PURL": "pkg:golang/github.com/beorn7/perks@v1.0.1", "UID": "df904d6dc239f39" }, "Version": "v1.0.1", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/blang/semver/v4@v4.0.0", "Name": "github.com/blang/semver/v4", "Identifier": { "PURL": "pkg:golang/github.com/blang/semver/v4@v4.0.0", "UID": "4929a22f297e930c" }, "Version": "v4.0.0", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cespare/xxhash/v2@v2.3.0", "Name": "github.com/cespare/xxhash/v2", "Identifier": { "PURL": "pkg:golang/github.com/cespare/xxhash/v2@v2.3.0", "UID": "45ca0a73782083a0" }, "Version": "v2.3.0", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/coreos/go-systemd/v22@v22.5.0", "Name": "github.com/coreos/go-systemd/v22", "Identifier": { "PURL": "pkg:golang/github.com/coreos/go-systemd/v22@v22.5.0", "UID": "6c3d217b027acd04" }, "Version": "v22.5.0", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cyphar/filepath-securejoin@v0.4.1", "Name": "github.com/cyphar/filepath-securejoin", "Identifier": { "PURL": "pkg:golang/github.com/cyphar/filepath-securejoin@v0.4.1", "UID": "b80d11a47fe88f8b" }, "Version": "v0.4.1", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", "Name": "github.com/davecgh/go-spew", "Identifier": { "PURL": "pkg:golang/github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", "UID": "27cb78199a071cd5" }, "Version": "v1.1.2-0.20180830191138-d8f796af33cc", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/eapache/channels@v1.1.0", "Name": "github.com/eapache/channels", "Identifier": { "PURL": "pkg:golang/github.com/eapache/channels@v1.1.0", "UID": "c712d68bc7afe0c5" }, "Version": "v1.1.0", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/eapache/queue@v1.1.0", "Name": "github.com/eapache/queue", "Identifier": { "PURL": "pkg:golang/github.com/eapache/queue@v1.1.0", "UID": "69c4d6c4f1da49ce" }, "Version": "v1.1.0", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/emicklei/go-restful/v3@v3.12.2", "Name": "github.com/emicklei/go-restful/v3", "Identifier": { "PURL": "pkg:golang/github.com/emicklei/go-restful/v3@v3.12.2", "UID": "2ace5a41fe9a7f2c" }, "Version": "v3.12.2", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/fsnotify/fsnotify@v1.8.0", "Name": "github.com/fsnotify/fsnotify", "Identifier": { "PURL": "pkg:golang/github.com/fsnotify/fsnotify@v1.8.0", "UID": "d2355c69ea66949" }, "Version": "v1.8.0", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/fullsailor/pkcs7@v0.0.0-20190404230743-d7302db945fa", "Name": "github.com/fullsailor/pkcs7", "Identifier": { "PURL": "pkg:golang/github.com/fullsailor/pkcs7@v0.0.0-20190404230743-d7302db945fa", "UID": "4c37d24d4549cd85" }, "Version": "v0.0.0-20190404230743-d7302db945fa", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/fxamacker/cbor/v2@v2.7.0", "Name": "github.com/fxamacker/cbor/v2", "Identifier": { "PURL": "pkg:golang/github.com/fxamacker/cbor/v2@v2.7.0", "UID": "24803a4a5038ac61" }, "Version": "v2.7.0", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-logr/logr@v1.4.2", "Name": "github.com/go-logr/logr", "Identifier": { "PURL": "pkg:golang/github.com/go-logr/logr@v1.4.2", "UID": "f1da301f55e646eb" }, "Version": "v1.4.2", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/jsonpointer@v0.21.1", "Name": "github.com/go-openapi/jsonpointer", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/jsonpointer@v0.21.1", "UID": "a832c43615bee1" }, "Version": "v0.21.1", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/jsonreference@v0.21.0", "Name": "github.com/go-openapi/jsonreference", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/jsonreference@v0.21.0", "UID": "319b05fe922f402f" }, "Version": "v0.21.0", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag@v0.23.1", "Name": "github.com/go-openapi/swag", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag@v0.23.1", "UID": "c49b44804a102164" }, "Version": "v0.23.1", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/godbus/dbus/v5@v5.1.0", "Name": "github.com/godbus/dbus/v5", "Identifier": { "PURL": "pkg:golang/github.com/godbus/dbus/v5@v5.1.0", "UID": "1729d241a89eca21" }, "Version": "v5.1.0", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/gogo/protobuf@v1.3.2", "Name": "github.com/gogo/protobuf", "Identifier": { "PURL": "pkg:golang/github.com/gogo/protobuf@v1.3.2", "UID": "77ccf57b45e9cfed" }, "Version": "v1.3.2", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/golang/protobuf@v1.5.4", "Name": "github.com/golang/protobuf", "Identifier": { "PURL": "pkg:golang/github.com/golang/protobuf@v1.5.4", "UID": "957dc5fe5a33c98f" }, "Version": "v1.5.4", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/gnostic-models@v0.6.9", "Name": "github.com/google/gnostic-models", "Identifier": { "PURL": "pkg:golang/github.com/google/gnostic-models@v0.6.9", "UID": "90b03d12a9938d50" }, "Version": "v0.6.9", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/go-cmp@v0.7.0", "Name": "github.com/google/go-cmp", "Identifier": { "PURL": "pkg:golang/github.com/google/go-cmp@v0.7.0", "UID": "20a2f80d6f5393c7" }, "Version": "v0.7.0", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/gofuzz@v1.2.0", "Name": "github.com/google/gofuzz", "Identifier": { "PURL": "pkg:golang/github.com/google/gofuzz@v1.2.0", "UID": "e183c655395772b6" }, "Version": "v1.2.0", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/uuid@v1.6.0", "Name": "github.com/google/uuid", "Identifier": { "PURL": "pkg:golang/github.com/google/uuid@v1.6.0", "UID": "3dd43b877a5d610f" }, "Version": "v1.6.0", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/josharian/intern@v1.0.0", "Name": "github.com/josharian/intern", "Identifier": { "PURL": "pkg:golang/github.com/josharian/intern@v1.0.0", "UID": "90c668bf046a2a31" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/json-iterator/go@v1.1.12", "Name": "github.com/json-iterator/go", "Identifier": { "PURL": "pkg:golang/github.com/json-iterator/go@v1.1.12", "UID": "4f1bf2e06414b299" }, "Version": "v1.1.12", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/klauspost/compress@v1.18.0", "Name": "github.com/klauspost/compress", "Identifier": { "PURL": "pkg:golang/github.com/klauspost/compress@v1.18.0", "UID": "7f3ce6e4c78adcd2" }, "Version": "v1.18.0", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mailru/easyjson@v0.9.0", "Name": "github.com/mailru/easyjson", "Identifier": { "PURL": "pkg:golang/github.com/mailru/easyjson@v0.9.0", "UID": "8e731b85a9403a51" }, "Version": "v0.9.0", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mitchellh/go-ps@v1.0.0", "Name": "github.com/mitchellh/go-ps", "Identifier": { "PURL": "pkg:golang/github.com/mitchellh/go-ps@v1.0.0", "UID": "959547c882e5c3cc" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mitchellh/hashstructure/v2@v2.0.2", "Name": "github.com/mitchellh/hashstructure/v2", "Identifier": { "PURL": "pkg:golang/github.com/mitchellh/hashstructure/v2@v2.0.2", "UID": "299b7baf789e1fe5" }, "Version": "v2.0.2", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mitchellh/mapstructure@v1.5.0", "Name": "github.com/mitchellh/mapstructure", "Identifier": { "PURL": "pkg:golang/github.com/mitchellh/mapstructure@v1.5.0", "UID": "2d2e1923a64fa913" }, "Version": "v1.5.0", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/moby/sys/mountinfo@v0.7.2", "Name": "github.com/moby/sys/mountinfo", "Identifier": { "PURL": "pkg:golang/github.com/moby/sys/mountinfo@v0.7.2", "UID": "d652a6dd9db3509" }, "Version": "v0.7.2", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/moby/sys/userns@v0.1.0", "Name": "github.com/moby/sys/userns", "Identifier": { "PURL": "pkg:golang/github.com/moby/sys/userns@v0.1.0", "UID": "a32d0f700bd01d80" }, "Version": "v0.1.0", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", "Name": "github.com/modern-go/concurrent", "Identifier": { "PURL": "pkg:golang/github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", "UID": "5e7d6ed6a9291007" }, "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/modern-go/reflect2@v1.0.2", "Name": "github.com/modern-go/reflect2", "Identifier": { "PURL": "pkg:golang/github.com/modern-go/reflect2@v1.0.2", "UID": "6336a204157ff67" }, "Version": "v1.0.2", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", "Name": "github.com/munnerz/goautoneg", "Identifier": { "PURL": "pkg:golang/github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", "UID": "f4d996da1db5f6dd" }, "Version": "v0.0.0-20191010083416-a7dc8b61c822", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/ncabatoff/go-seq@v0.0.0-20180805175032-b08ef85ed833", "Name": "github.com/ncabatoff/go-seq", "Identifier": { "PURL": "pkg:golang/github.com/ncabatoff/go-seq@v0.0.0-20180805175032-b08ef85ed833", "UID": "4d26efe5f13c379e" }, "Version": "v0.0.0-20180805175032-b08ef85ed833", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/ncabatoff/process-exporter@v0.8.5", "Name": "github.com/ncabatoff/process-exporter", "Identifier": { "PURL": "pkg:golang/github.com/ncabatoff/process-exporter@v0.8.5", "UID": "4194ef6fd5a53a54" }, "Version": "v0.8.5", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/opencontainers/runc@v1.2.6", "Name": "github.com/opencontainers/runc", "Identifier": { "PURL": "pkg:golang/github.com/opencontainers/runc@v1.2.6", "UID": "f11a96d6a05d4e5" }, "Version": "v1.2.6", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/opencontainers/runtime-spec@v1.2.1", "Name": "github.com/opencontainers/runtime-spec", "Identifier": { "PURL": "pkg:golang/github.com/opencontainers/runtime-spec@v1.2.1", "UID": "cfc051cbed42aa7f" }, "Version": "v1.2.1", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/pkg/errors@v0.9.1", "Name": "github.com/pkg/errors", "Identifier": { "PURL": "pkg:golang/github.com/pkg/errors@v0.9.1", "UID": "a4661d52661cde6f" }, "Version": "v0.9.1", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/client_golang@v1.21.1", "Name": "github.com/prometheus/client_golang", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/client_golang@v1.21.1", "UID": "cf0eec313a572c7d" }, "Version": "v1.21.1", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/client_model@v0.6.1", "Name": "github.com/prometheus/client_model", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/client_model@v0.6.1", "UID": "2969f265ba42259f" }, "Version": "v0.6.1", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/common@v0.63.0", "Name": "github.com/prometheus/common", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/common@v0.63.0", "UID": "aa68e5875a019f26" }, "Version": "v0.63.0", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/procfs@v0.16.0", "Name": "github.com/prometheus/procfs", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/procfs@v0.16.0", "UID": "17c0a79b577da7ad" }, "Version": "v0.16.0", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/sirupsen/logrus@v1.9.3", "Name": "github.com/sirupsen/logrus", "Identifier": { "PURL": "pkg:golang/github.com/sirupsen/logrus@v1.9.3", "UID": "c8cf16cd1ec59275" }, "Version": "v1.9.3", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/spf13/cobra@v1.9.1", "Name": "github.com/spf13/cobra", "Identifier": { "PURL": "pkg:golang/github.com/spf13/cobra@v1.9.1", "UID": "e5eb8289270112d1" }, "Version": "v1.9.1", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/spf13/pflag@v1.0.6", "Name": "github.com/spf13/pflag", "Identifier": { "PURL": "pkg:golang/github.com/spf13/pflag@v1.0.6", "UID": "acf06b9053b256c3" }, "Version": "v1.0.6", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/x448/float16@v0.8.4", "Name": "github.com/x448/float16", "Identifier": { "PURL": "pkg:golang/github.com/x448/float16@v0.8.4", "UID": "3d224f51b980140b" }, "Version": "v0.8.4", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/zakjan/cert-chain-resolver@v0.0.0-20221221105603-fcedb00c5b30", "Name": "github.com/zakjan/cert-chain-resolver", "Identifier": { "PURL": "pkg:golang/github.com/zakjan/cert-chain-resolver@v0.0.0-20221221105603-fcedb00c5b30", "UID": "9bf8c7dc9014a9e9" }, "Version": "v0.0.0-20221221105603-fcedb00c5b30", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/otel@v1.35.0", "Name": "go.opentelemetry.io/otel", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel@v1.35.0", "UID": "e61cdb231f62acab" }, "Version": "v1.35.0", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/otel/trace@v1.35.0", "Name": "go.opentelemetry.io/otel/trace", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel/trace@v1.35.0", "UID": "850bec1a9a53c219" }, "Version": "v1.35.0", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/net@v0.37.0", "Name": "golang.org/x/net", "Identifier": { "PURL": "pkg:golang/golang.org/x/net@v0.37.0", "UID": "594fc3192c58f71a" }, "Version": "v0.37.0", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/oauth2@v0.28.0", "Name": "golang.org/x/oauth2", "Identifier": { "PURL": "pkg:golang/golang.org/x/oauth2@v0.28.0", "UID": "850e9a7489590bbe" }, "Version": "v0.28.0", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/sys@v0.31.0", "Name": "golang.org/x/sys", "Identifier": { "PURL": "pkg:golang/golang.org/x/sys@v0.31.0", "UID": "1000bf2374c93aec" }, "Version": "v0.31.0", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/term@v0.30.0", "Name": "golang.org/x/term", "Identifier": { "PURL": "pkg:golang/golang.org/x/term@v0.30.0", "UID": "cd162b8c7e0dd85c" }, "Version": "v0.30.0", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/text@v0.23.0", "Name": "golang.org/x/text", "Identifier": { "PURL": "pkg:golang/golang.org/x/text@v0.23.0", "UID": "4335d38cd87c6b25" }, "Version": "v0.23.0", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/time@v0.11.0", "Name": "golang.org/x/time", "Identifier": { "PURL": "pkg:golang/golang.org/x/time@v0.11.0", "UID": "4f086c9601802602" }, "Version": "v0.11.0", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/protobuf@v1.36.6", "Name": "google.golang.org/protobuf", "Identifier": { "PURL": "pkg:golang/google.golang.org/protobuf@v1.36.6", "UID": "8a81e34769b7379c" }, "Version": "v1.36.6", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/evanphx/json-patch.v4@v4.12.0", "Name": "gopkg.in/evanphx/json-patch.v4", "Identifier": { "PURL": "pkg:golang/gopkg.in/evanphx/json-patch.v4@v4.12.0", "UID": "dc6c8579eea7bfd5" }, "Version": "v4.12.0", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/go-playground/pool.v3@v3.1.1", "Name": "gopkg.in/go-playground/pool.v3", "Identifier": { "PURL": "pkg:golang/gopkg.in/go-playground/pool.v3@v3.1.1", "UID": "51162c33768de56" }, "Version": "v3.1.1", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/inf.v0@v0.9.1", "Name": "gopkg.in/inf.v0", "Identifier": { "PURL": "pkg:golang/gopkg.in/inf.v0@v0.9.1", "UID": "e558b8f193113d77" }, "Version": "v0.9.1", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/mcuadros/go-syslog.v2@v2.3.0", "Name": "gopkg.in/mcuadros/go-syslog.v2", "Identifier": { "PURL": "pkg:golang/gopkg.in/mcuadros/go-syslog.v2@v2.3.0", "UID": "bace5db98b94d160" }, "Version": "v2.3.0", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/yaml.v3@v3.0.1", "Name": "gopkg.in/yaml.v3", "Identifier": { "PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1", "UID": "94e739c0cf8d230d" }, "Version": "v3.0.1", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/api@v0.32.3", "Name": "k8s.io/api", "Identifier": { "PURL": "pkg:golang/k8s.io/api@v0.32.3", "UID": "7bfe8e036a8dd27b" }, "Version": "v0.32.3", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/apimachinery@v0.32.3", "Name": "k8s.io/apimachinery", "Identifier": { "PURL": "pkg:golang/k8s.io/apimachinery@v0.32.3", "UID": "ec985c6a7a89cba9" }, "Version": "v0.32.3", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/apiserver@v0.32.3", "Name": "k8s.io/apiserver", "Identifier": { "PURL": "pkg:golang/k8s.io/apiserver@v0.32.3", "UID": "4adb1b3b54feba56" }, "Version": "v0.32.3", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/client-go@v0.32.3", "Name": "k8s.io/client-go", "Identifier": { "PURL": "pkg:golang/k8s.io/client-go@v0.32.3", "UID": "9eec946bc552f852" }, "Version": "v0.32.3", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/component-base@v0.32.3", "Name": "k8s.io/component-base", "Identifier": { "PURL": "pkg:golang/k8s.io/component-base@v0.32.3", "UID": "71b4acbfbd4d7c0f" }, "Version": "v0.32.3", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/klog/v2@v2.130.1", "Name": "k8s.io/klog/v2", "Identifier": { "PURL": "pkg:golang/k8s.io/klog/v2@v2.130.1", "UID": "9c74aedc99773d19" }, "Version": "v2.130.1", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/kube-openapi@v0.0.0-20250318190949-c8a335a9a2ff", "Name": "k8s.io/kube-openapi", "Identifier": { "PURL": "pkg:golang/k8s.io/kube-openapi@v0.0.0-20250318190949-c8a335a9a2ff", "UID": "26b8fa6ccc2fad64" }, "Version": "v0.0.0-20250318190949-c8a335a9a2ff", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/utils@v0.0.0-20250321185631-1f6e0b77f77e", "Name": "k8s.io/utils", "Identifier": { "PURL": "pkg:golang/k8s.io/utils@v0.0.0-20250321185631-1f6e0b77f77e", "UID": "e40f5642e5e8eefd" }, "Version": "v0.0.0-20250321185631-1f6e0b77f77e", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "pault.ag/go/sniff@v0.0.0-20200207005214-cf7e4d167732", "Name": "pault.ag/go/sniff", "Identifier": { "PURL": "pkg:golang/pault.ag/go/sniff@v0.0.0-20200207005214-cf7e4d167732", "UID": "f03b9756bc848d85" }, "Version": "v0.0.0-20200207005214-cf7e4d167732", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/json@v0.0.0-20241014173422-cfa47c3a1cc8", "Name": "sigs.k8s.io/json", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/json@v0.0.0-20241014173422-cfa47c3a1cc8", "UID": "357ccd18c4c5ac2a" }, "Version": "v0.0.0-20241014173422-cfa47c3a1cc8", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/randfill@v1.0.0", "Name": "sigs.k8s.io/randfill", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/randfill@v1.0.0", "UID": "1b2ad822c257fa0c" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/structured-merge-diff/v4@v4.6.0", "Name": "sigs.k8s.io/structured-merge-diff/v4", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/structured-merge-diff/v4@v4.6.0", "UID": "16c69a2f5d0abb9e" }, "Version": "v4.6.0", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/yaml@v1.4.0", "Name": "sigs.k8s.io/yaml", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/yaml@v1.4.0", "UID": "a72bbd84a84f9803" }, "Version": "v1.4.0", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "AnalyzedBy": "gobinary" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2025-31133", "VendorIDs": [ "GHSA-9493-h29p-rfm2" ], "PkgID": "github.com/opencontainers/runc@v1.2.6", "PkgName": "github.com/opencontainers/runc", "PkgIdentifier": { "PURL": "pkg:golang/github.com/opencontainers/runc@v1.2.6", "UID": "f11a96d6a05d4e5" }, "InstalledVersion": "v1.2.6", "FixedVersion": "1.2.8, 1.3.3, 1.4.0-rc.3", "Status": "fixed", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-31133", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:8a1e3328a292341418933349c356bdabc0d7ee1388c79188ffd08cff3516fdfa", "Title": "runc: container escape via 'masked path' abuse due to mount race conditions", "Description": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container's /dev/null) was actually a real /dev/null inode when using the container's /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.", "Severity": "HIGH", "CweIDs": [ "CWE-61", "CWE-363" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "V40Score": 7.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "V3Score": 8.2 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:20957", "https://access.redhat.com/security/cve/CVE-2025-31133", "https://bugzilla.redhat.com/2404705", "https://bugzilla.redhat.com/2404708", "https://bugzilla.redhat.com/2404715", "https://bugzilla.redhat.com/show_bug.cgi?id=2404705", "https://bugzilla.redhat.com/show_bug.cgi?id=2404708", "https://bugzilla.redhat.com/show_bug.cgi?id=2404715", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31133", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52565", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52881", "https://errata.almalinux.org/9/ALSA-2025-20957.html", "https://errata.rockylinux.org/RLSA-2025:20957", "https://github.com/opencontainers/runc", "https://github.com/opencontainers/runc/commit/1a30a8f3d921acbbb6a4bb7e99da2c05f8d48522", "https://github.com/opencontainers/runc/commit/5d7b2424072449872d1cd0c937f2ca25f418eb66", "https://github.com/opencontainers/runc/commit/8476df83b534a2522b878c0507b3491def48db9f", "https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64", "https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2", "https://linux.oracle.com/cve/CVE-2025-31133.html", "https://linux.oracle.com/errata/ELSA-2025-21232.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-31133", "https://ubuntu.com/security/notices/USN-7851-1", "https://www.cve.org/CVERecord?id=CVE-2025-31133" ], "PublishedDate": "2025-11-06T19:15:41.343Z", "LastModifiedDate": "2025-12-03T18:30:15.43Z" }, { "VulnerabilityID": "CVE-2025-52565", "VendorIDs": [ "GHSA-qw9x-cqr3-wc7r" ], "PkgID": "github.com/opencontainers/runc@v1.2.6", "PkgName": "github.com/opencontainers/runc", "PkgIdentifier": { "PURL": "pkg:golang/github.com/opencontainers/runc@v1.2.6", "UID": "f11a96d6a05d4e5" }, "InstalledVersion": "v1.2.6", "FixedVersion": "1.2.8, 1.3.3, 1.4.0-rc.3", "Status": "fixed", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-52565", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:1a071dfab898b8c241fa1d704bde7f6632d0271b2145af8956eaa79c5d96012c", "Title": "runc: container escape with malicious config due to /dev/console mount and related races", "Description": "runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively). This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.", "Severity": "HIGH", "CweIDs": [ "CWE-61", "CWE-363" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "V40Score": 7.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "V3Score": 8.2 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:20957", "https://access.redhat.com/security/cve/CVE-2025-52565", "https://bugzilla.redhat.com/2404705", "https://bugzilla.redhat.com/2404708", "https://bugzilla.redhat.com/2404715", "https://bugzilla.redhat.com/show_bug.cgi?id=2404705", "https://bugzilla.redhat.com/show_bug.cgi?id=2404708", "https://bugzilla.redhat.com/show_bug.cgi?id=2404715", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31133", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52565", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52881", "https://errata.almalinux.org/9/ALSA-2025-20957.html", "https://errata.rockylinux.org/RLSA-2025:20957", "https://github.com/opencontainers/runc", "https://github.com/opencontainers/runc/commit/01de9d65dc72f67b256ef03f9bfb795a2bf143b4", "https://github.com/opencontainers/runc/commit/398955bccb7f20565c224a3064d331c19e422398", "https://github.com/opencontainers/runc/commit/531ef794e4ecd628006a865ad334a048ee2b4b2e", "https://github.com/opencontainers/runc/commit/9be1dbf4ac67d9840a043ebd2df5c68f36705d1d", "https://github.com/opencontainers/runc/commit/aee7d3fe355dd02939d44155e308ea0052e0d53a", "https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64", "https://github.com/opencontainers/runc/commit/de87203e625cd7a27141fb5f2ad00a320c69c5e8", "https://github.com/opencontainers/runc/commit/ff94f9991bd32076c871ef0ad8bc1b763458e480", "https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r", "https://linux.oracle.com/cve/CVE-2025-52565.html", "https://linux.oracle.com/errata/ELSA-2025-21232.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-52565", "https://ubuntu.com/security/notices/USN-7851-1", "https://www.cve.org/CVERecord?id=CVE-2025-52565" ], "PublishedDate": "2025-11-06T20:15:49.24Z", "LastModifiedDate": "2025-12-03T18:33:33.357Z" }, { "VulnerabilityID": "CVE-2025-52881", "VendorIDs": [ "GHSA-cgrx-mc8f-2prm" ], "PkgID": "github.com/opencontainers/runc@v1.2.6", "PkgName": "github.com/opencontainers/runc", "PkgIdentifier": { "PURL": "pkg:golang/github.com/opencontainers/runc@v1.2.6", "UID": "f11a96d6a05d4e5" }, "InstalledVersion": "v1.2.6", "FixedVersion": "1.2.8, 1.3.3, 1.4.0-rc.3", "Status": "fixed", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-52881", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:93ad6b4cf6ae903c2dca1a11884dab938157f5e4298b73f4318b126e3a6eec57", "Title": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects", "Description": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.", "Severity": "HIGH", "CweIDs": [ "CWE-61", "CWE-363" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "cbl-mariner": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "V40Score": 7.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "V3Score": 8.2 } }, "References": [ "http://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322", "http://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3", "https://access.redhat.com/errata/RHSA-2025:22011", "https://access.redhat.com/security/cve/CVE-2025-52881", "https://bugzilla.redhat.com/2404715", "https://bugzilla.redhat.com/2407258", "https://bugzilla.redhat.com/show_bug.cgi?id=2404715", "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52881", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", "https://errata.almalinux.org/9/ALSA-2025-22011.html", "https://errata.rockylinux.org/RLSA-2025:22011", "https://github.com/opencontainers/runc", "https://github.com/opencontainers/runc/blob/v1.4.0-rc.2/RELEASES.md", "https://github.com/opencontainers/runc/commit/3f925525b44d247e390e529e772a0dc0c0bc3557", "https://github.com/opencontainers/runc/commit/435cc81be6b79cdec73b4002c0dae549b2f6ae6d", "https://github.com/opencontainers/runc/commit/44a0fcf685db051c80b8c269812bb177f5802c58", "https://github.com/opencontainers/runc/commit/4b37cd93f86e72feac866442988b549b5b7bf3e6", "https://github.com/opencontainers/runc/commit/6fc191449109ea14bb7d61238f24a33fe08c651f", "https://github.com/opencontainers/runc/commit/77889b56db939c323d29d1130f28f9aea2edb544", "https://github.com/opencontainers/runc/commit/77d217c7c3775d8ca5af89e477e81568ef4572db", "https://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322", "https://github.com/opencontainers/runc/commit/b3dd1bc562ed9996d1a0f249e056c16624046d28", "https://github.com/opencontainers/runc/commit/d40b3439a9614a86e87b81a94c6811ec6fa2d7d2", "https://github.com/opencontainers/runc/commit/d61fd29d854b416feaaf128bf650325cd2182165", "https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64", "https://github.com/opencontainers/runc/commit/ed6b1693b8b3ae7eb0250a7e76fc888cdacf98c1", "https://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3", "https://github.com/opencontainers/runc/commit/ff6fe1324663538167eca8b3d3eec61e1bd4fa51", "https://github.com/opencontainers/runc/commit/ff94f9991bd32076c871ef0ad8bc1b763458e480", "https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2", "https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm", "https://github.com/opencontainers/runc/security/advisories/GHSA-fh74-hm69-rqjw", "https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r", "https://github.com/opencontainers/selinux/pull/237", "https://github.com/opencontainers/selinux/releases/tag/v1.13.0", "https://linux.oracle.com/cve/CVE-2025-52881.html", "https://linux.oracle.com/errata/ELSA-2025-23543.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-52881", "https://pkg.go.dev/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs", "https://ubuntu.com/security/notices/USN-7851-1", "https://www.cve.org/CVERecord?id=CVE-2025-52881", "https://youtu.be/tGseJW_uBB8", "https://youtu.be/y1PaBzxwRWQ" ], "PublishedDate": "2025-11-06T21:15:42.817Z", "LastModifiedDate": "2025-12-03T18:37:17.917Z" }, { "VulnerabilityID": "CVE-2025-22872", "VendorIDs": [ "GHSA-vvgc-356p-c3xw" ], "PkgID": "golang.org/x/net@v0.37.0", "PkgName": "golang.org/x/net", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/net@v0.37.0", "UID": "594fc3192c58f71a" }, "InstalledVersion": "v0.37.0", "FixedVersion": "0.38.0", "Status": "fixed", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22872", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:dc0f68a9f6e7d52fc0eaf48378351169db30573fb90e155a750e6fd2f558941d", "Title": "golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net", "Description": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N", "V40Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22872", "https://github.com/TheDegenerateDev5150/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9", "https://github.com/advisories/GHSA-vvgc-356p-c3xw", "https://go.dev/cl/662715", "https://go.dev/issue/73070", "https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA", "https://nvd.nist.gov/vuln/detail/CVE-2025-22872", "https://pkg.go.dev/vuln/GO-2025-3595", "https://security.netapp.com/advisory/ntap-20250516-0007", "https://security.netapp.com/advisory/ntap-20250516-0007/", "https://ubuntu.com/security/notices/USN-8089-1", "https://ubuntu.com/security/notices/USN-8089-2", "https://ubuntu.com/security/notices/USN-8089-3", "https://www.cve.org/CVERecord?id=CVE-2025-22872" ], "PublishedDate": "2025-04-16T18:16:04.183Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-68121", "VendorIDs": [ "GO-2026-4337" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9149befe453267f8" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3", "Status": "fixed", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68121", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:905c609d711b56c3899791cbcfdf9f0be3bcbb8467f510952266fe8efa3a272a", "Title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption", "Description": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.", "Severity": "CRITICAL", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 4, "cbl-mariner": 2, "nvd": 4, "oracle-oval": 3, "photon": 4, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "V3Score": 10 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "V3Score": 10 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4177", "https://access.redhat.com/security/cve/CVE-2025-68121", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-4177.html", "https://errata.rockylinux.org/RLSA-2026:4177", "https://github.com/golang/go/issues/77113", "https://go.dev/cl/737700", "https://go.dev/issue/77217", "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-68121.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-68121", "https://pkg.go.dev/vuln/GO-2026-4337", "https://www.cve.org/CVERecord?id=CVE-2025-68121" ], "PublishedDate": "2026-02-05T18:16:10.857Z", "LastModifiedDate": "2026-04-29T14:16:16.17Z" }, { "VulnerabilityID": "CVE-2025-22874", "VendorIDs": [ "GO-2025-3749" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9149befe453267f8" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.4", "Status": "fixed", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22874", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:4e306579cbfbc62b3d7a4fc50463b7f719aaf364e59e4ae43440a85b80d895c0", "Title": "crypto/x509: Usage of ExtKeyUsageAny disables policy validation in crypto/x509", "Description": "Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.", "Severity": "HIGH", "VendorSeverity": { "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "redhat": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22874", "https://go.dev/cl/670375", "https://go.dev/issue/73612", "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "https://nvd.nist.gov/vuln/detail/CVE-2025-22874", "https://pkg.go.dev/vuln/GO-2025-3749", "https://www.cve.org/CVERecord?id=CVE-2025-22874" ], "PublishedDate": "2025-06-11T17:15:42.167Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-61726", "VendorIDs": [ "GO-2026-4341" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9149befe453267f8" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61726", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b65a0f771146f3dacb8fa1162ed384d4e146990c4dad91c1c05a40d1f88d9e62", "Title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url", "Description": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 3, "cbl-mariner": 2, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4177", "https://access.redhat.com/security/cve/CVE-2025-61726", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-4177.html", "https://errata.rockylinux.org/RLSA-2026:4177", "https://go.dev/cl/736712", "https://go.dev/issue/77101", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-61726.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61726", "https://pkg.go.dev/vuln/GO-2026-4341", "https://www.cve.org/CVERecord?id=CVE-2025-61726" ], "PublishedDate": "2026-01-28T20:16:09.713Z", "LastModifiedDate": "2026-02-06T18:47:34.52Z" }, { "VulnerabilityID": "CVE-2025-61729", "VendorIDs": [ "GO-2025-4155" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9149befe453267f8" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.11, 1.25.5", "Status": "fixed", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61729", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3f2216674acdf6152cca3b31c9b1349f121880f3c62de470407a033c45728b38", "Title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate", "Description": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 1, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:3928", "https://access.redhat.com/security/cve/CVE-2025-61729", "https://bugzilla.redhat.com/2418462", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-3928.html", "https://errata.rockylinux.org/RLSA-2026:3928", "https://go.dev/cl/725920", "https://go.dev/issue/76445", "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "https://linux.oracle.com/cve/CVE-2025-61729.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61729", "https://pkg.go.dev/vuln/GO-2025-4155", "https://www.cve.org/CVERecord?id=CVE-2025-61729" ], "PublishedDate": "2025-12-02T19:15:51.447Z", "LastModifiedDate": "2025-12-19T18:25:28.283Z" }, { "VulnerabilityID": "CVE-2026-25679", "VendorIDs": [ "GO-2026-4601" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9149befe453267f8" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.8, 1.26.1", "Status": "fixed", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25679", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:a5f2288a08ebc6d32e5f8b24a5e786c808e3363f9c79526a52b5ed13c3afb815", "Title": "net/url: Incorrect parsing of IPv6 host literals in net/url", "Description": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.", "Severity": "HIGH", "CweIDs": [ "CWE-425" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:9044", "https://access.redhat.com/security/cve/CVE-2026-25679", "https://bugzilla.redhat.com/2445356", "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", "https://errata.almalinux.org/9/ALSA-2026-9044.html", "https://errata.rockylinux.org/RLSA-2026:8841", "https://go.dev/cl/752180", "https://go.dev/issue/77578", "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "https://linux.oracle.com/cve/CVE-2026-25679.html", "https://linux.oracle.com/errata/ELSA-2026-9044.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", "https://pkg.go.dev/vuln/GO-2026-4601", "https://www.cve.org/CVERecord?id=CVE-2026-25679" ], "PublishedDate": "2026-03-06T22:16:00.72Z", "LastModifiedDate": "2026-04-21T14:43:03.8Z" }, { "VulnerabilityID": "CVE-2026-32280", "VendorIDs": [ "GO-2026-4947" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9149befe453267f8" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:236561b0d76fd633b3f8ea9589e28e8252d057ad45e61d8a715dd1089f69c2e9", "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32280", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/758320", "https://go.dev/issue/78282", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32280.html", "https://linux.oracle.com/errata/ELSA-2026-16875.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", "https://pkg.go.dev/vuln/GO-2026-4947", "https://www.cve.org/CVERecord?id=CVE-2026-32280" ], "PublishedDate": "2026-04-08T02:16:03.247Z", "LastModifiedDate": "2026-04-16T19:16:42.18Z" }, { "VulnerabilityID": "CVE-2026-32281", "VendorIDs": [ "GO-2026-4946" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9149befe453267f8" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:ee63850eeb0b98abc629e1bfb7f17c49fd370236ae287a7e0b158e537ecf174d", "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32281", "https://go.dev/cl/758061", "https://go.dev/issue/78281", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", "https://pkg.go.dev/vuln/GO-2026-4946", "https://www.cve.org/CVERecord?id=CVE-2026-32281" ], "PublishedDate": "2026-04-08T02:16:03.35Z", "LastModifiedDate": "2026-04-16T19:15:57.75Z" }, { "VulnerabilityID": "CVE-2026-32283", "VendorIDs": [ "GO-2026-4870" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9149befe453267f8" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:de867a86b12b18b068214c64fd3cf72e14c8998239fad5c6ea8af16b2980fb3e", "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "nvd": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32283", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763767", "https://go.dev/issue/78334", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32283.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", "https://pkg.go.dev/vuln/GO-2026-4870", "https://www.cve.org/CVERecord?id=CVE-2026-32283" ], "PublishedDate": "2026-04-08T02:16:03.58Z", "LastModifiedDate": "2026-04-16T19:12:10.54Z" }, { "VulnerabilityID": "CVE-2026-33811", "VendorIDs": [ "GO-2026-4981" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9149befe453267f8" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:5c5afc7c2011bb9c9d6b6113ed0f0aba5831f90e11562c96774057ef66974da6", "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", "Severity": "HIGH", "CweIDs": [ "CWE-415" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/767860", "https://go.dev/issue/78803", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", "https://pkg.go.dev/vuln/GO-2026-4981" ], "PublishedDate": "2026-05-07T20:16:42.77Z", "LastModifiedDate": "2026-05-12T20:23:02.333Z" }, { "VulnerabilityID": "CVE-2026-33814", "VendorIDs": [ "GO-2026-4918" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9149befe453267f8" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b97405d0eb81b04ef8ea44c11c96115e2de07497739d0828dd1fbac26176100a", "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", "Severity": "HIGH", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/761581", "https://go.dev/cl/761640", "https://go.dev/issue/78476", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", "https://pkg.go.dev/vuln/GO-2026-4918" ], "PublishedDate": "2026-05-07T20:16:42.88Z", "LastModifiedDate": "2026-05-13T14:41:59.52Z" }, { "VulnerabilityID": "CVE-2026-39820", "VendorIDs": [ "GO-2026-4986" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9149befe453267f8" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:96e6a93426f45d4edcb196b70256393c353ba11ddaab0077a95c02d83416992f", "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/759940", "https://go.dev/issue/78566", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", "https://pkg.go.dev/vuln/GO-2026-4986" ], "PublishedDate": "2026-05-07T20:16:43.187Z", "LastModifiedDate": "2026-05-13T15:10:58.65Z" }, { "VulnerabilityID": "CVE-2026-39836", "VendorIDs": [ "GO-2026-4971" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9149befe453267f8" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:eec37e0a1f9015bc4b2bea99e9dceb689b7941cc4971a017d9c2a7074e8bcf06", "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/775320", "https://go.dev/issue/79006", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", "https://pkg.go.dev/vuln/GO-2026-4971" ], "PublishedDate": "2026-05-07T20:16:43.593Z", "LastModifiedDate": "2026-05-13T15:11:10.31Z" }, { "VulnerabilityID": "CVE-2026-42499", "VendorIDs": [ "GO-2026-4977" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9149befe453267f8" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:ef41abd95fa90d96b0f449561d9da0b7fad3af0899abed58213a1bd2ef7067f0", "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", "Severity": "HIGH", "VendorSeverity": { "bitnami": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/771520", "https://go.dev/issue/78987", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", "https://pkg.go.dev/vuln/GO-2026-4977" ], "PublishedDate": "2026-05-07T20:16:44.54Z", "LastModifiedDate": "2026-05-13T16:59:17.563Z" }, { "VulnerabilityID": "CVE-2025-0913", "VendorIDs": [ "GO-2025-3750" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9149befe453267f8" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.23.10, 1.24.4", "Status": "fixed", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:e8f25fb842aafa1d4510df17b415b0b42eea5f7d9524b9023d9d81c353898edf", "Title": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", "Description": "os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 } }, "References": [ "https://go.dev/cl/672396", "https://go.dev/issue/73702", "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "https://nvd.nist.gov/vuln/detail/CVE-2025-0913", "https://pkg.go.dev/vuln/GO-2025-3750" ], "PublishedDate": "2025-06-11T18:15:24.627Z", "LastModifiedDate": "2025-08-08T14:53:03.55Z" }, { "VulnerabilityID": "CVE-2025-22871", "VendorIDs": [ "GO-2025-3563" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9149befe453267f8" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.23.8, 1.24.2", "Status": "fixed", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22871", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:7b32600685af15312db364035ee9a51baabfe175fa8872dd3b12b8d7d681f0cf", "Title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http", "Description": "The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 4, "cbl-mariner": 3, "ghsa": 4, "oracle-oval": 2, "photon": 4, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/04/4", "https://access.redhat.com/errata/RHSA-2025:9635", "https://access.redhat.com/security/cve/CVE-2025-22871", "https://bugzilla.redhat.com/2358493", "https://bugzilla.redhat.com/show_bug.cgi?id=2358493", "https://cert-portal.siemens.com/productcert/html/ssa-783943.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871", "https://errata.almalinux.org/9/ALSA-2025-9635.html", "https://errata.rockylinux.org/RLSA-2025:9635", "https://github.com/roadrunner-server/roadrunner", "https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa", "https://github.com/roadrunner-server/roadrunner/issues/2166", "https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0", "https://go.dev/cl/652998", "https://go.dev/issue/71988", "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk", "https://linux.oracle.com/cve/CVE-2025-22871.html", "https://linux.oracle.com/errata/ELSA-2025-9845.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-22871", "https://pkg.go.dev/vuln/GO-2025-3563", "https://www.cve.org/CVERecord?id=CVE-2025-22871" ], "PublishedDate": "2025-04-08T20:15:20.183Z", "LastModifiedDate": "2026-05-12T13:16:39.897Z" }, { "VulnerabilityID": "CVE-2025-22873", "VendorIDs": [ "GO-2026-4403" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9149befe453267f8" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.23.9, 1.24.3", "Status": "fixed", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22873", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:da02390ac3678a9292b2e3255207ed24f83efd0a0798a4e9717e986f573f3c60", "Title": "os: os: Information disclosure via path traversal using specially crafted filenames", "Description": "It was possible to improperly access the parent directory of an os.Root by opening a filename ending in \"../\". For example, Root.Open(\"../\") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.", "Severity": "MEDIUM", "CweIDs": [ "CWE-23" ], "VendorSeverity": { "amazon": 2, "bitnami": 1, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "V3Score": 3.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/05/06/2", "https://access.redhat.com/security/cve/CVE-2025-22873", "https://go.dev/cl/670036", "https://go.dev/issue/73555", "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ", "https://nvd.nist.gov/vuln/detail/CVE-2025-22873", "https://pkg.go.dev/vuln/GO-2026-4403", "https://www.cve.org/CVERecord?id=CVE-2025-22873" ], "PublishedDate": "2026-02-04T23:15:54.22Z", "LastModifiedDate": "2026-02-10T15:16:40.057Z" }, { "VulnerabilityID": "CVE-2025-4673", "VendorIDs": [ "GO-2025-3751" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9149befe453267f8" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.23.10, 1.24.4", "Status": "fixed", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:1377391e540050ec8f8e5c09fd39c39f4ec36ce1eef7b43b24cf8cf4c7640014", "Title": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", "Description": "Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "V3Score": 6.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "V3Score": 6.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:15887", "https://access.redhat.com/security/cve/CVE-2025-4673", "https://bugzilla.redhat.com/2373305", "https://bugzilla.redhat.com/show_bug.cgi?id=2373305", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673", "https://errata.almalinux.org/9/ALSA-2025-15887.html", "https://errata.rockylinux.org/RLSA-2025:15887", "https://go.dev/cl/679257", "https://go.dev/issue/73816", "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "https://linux.oracle.com/cve/CVE-2025-4673.html", "https://linux.oracle.com/errata/ELSA-2025-10677.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-4673", "https://pkg.go.dev/vuln/GO-2025-3751", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-4673" ], "PublishedDate": "2025-06-11T17:15:42.993Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-47906", "VendorIDs": [ "GO-2025-3956" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9149befe453267f8" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.23.12, 1.24.6", "Status": "fixed", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b6e59841725749146d67ff2f498cc4751595312973070f2b1701fd2278663100", "Title": "os/exec: Unexpected paths returned from LookPath in os/exec", "Description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/08/06/1", "https://access.redhat.com/errata/RHSA-2025:22005", "https://access.redhat.com/security/cve/CVE-2025-47906", "https://bugzilla.redhat.com/2396546", "https://bugzilla.redhat.com/show_bug.cgi?id=2396546", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906", "https://errata.almalinux.org/9/ALSA-2025-22005.html", "https://errata.rockylinux.org/RLSA-2025:22005", "https://go.dev/cl/691775", "https://go.dev/issue/74466", "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", "https://linux.oracle.com/cve/CVE-2025-47906.html", "https://linux.oracle.com/errata/ELSA-2025-22668.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-47906", "https://pkg.go.dev/vuln/GO-2025-3956", "https://www.cve.org/CVERecord?id=CVE-2025-47906" ], "PublishedDate": "2025-09-18T19:15:37.66Z", "LastModifiedDate": "2026-01-27T19:56:17.707Z" }, { "VulnerabilityID": "CVE-2025-47907", "VendorIDs": [ "GO-2025-3849" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9149befe453267f8" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.23.12, 1.24.6", "Status": "fixed", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:649d90c9ebdf7b874cb04cf6161460a587c957f61250d11f42e1241a4300c89c", "Title": "database/sql: Postgres Scan Race Condition", "Description": "Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "V3Score": 7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/08/06/1", "https://access.redhat.com/errata/RHSA-2025:20909", "https://access.redhat.com/security/cve/CVE-2025-47907", "https://bugzilla.redhat.com/2387083", "https://bugzilla.redhat.com/2393152", "https://errata.almalinux.org/9/ALSA-2025-20909.html", "https://go.dev/cl/693735", "https://go.dev/issue/74831", "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", "https://linux.oracle.com/cve/CVE-2025-47907.html", "https://linux.oracle.com/errata/ELSA-2025-20983.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-47907", "https://pkg.go.dev/vuln/GO-2025-3849", "https://www.cve.org/CVERecord?id=CVE-2025-47907" ], "PublishedDate": "2025-08-07T16:15:30.357Z", "LastModifiedDate": "2026-01-29T19:11:50.67Z" }, { "VulnerabilityID": "CVE-2025-47912", "VendorIDs": [ "GO-2025-4010" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9149befe453267f8" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47912", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:62f595be4d83b013d1cc95156516338d322dc7297e796d0a0772f446b5a0e4fa", "Title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url", "Description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-47912", "https://go.dev/cl/709857", "https://go.dev/issue/75678", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-47912", "https://pkg.go.dev/vuln/GO-2025-4010", "https://www.cve.org/CVERecord?id=CVE-2025-47912" ], "PublishedDate": "2025-10-29T23:16:18.187Z", "LastModifiedDate": "2026-01-29T13:57:18.69Z" }, { "VulnerabilityID": "CVE-2025-58183", "VendorIDs": [ "GO-2025-4014" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9149befe453267f8" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58183", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c18ad5fc7a4f26a20a4547b8fee7296280d64f503229435da38b4d2b58145f5b", "Title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map", "Description": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/errata/RHSA-2026:1381", "https://access.redhat.com/security/cve/CVE-2025-58183", "https://bugzilla.redhat.com/2407258", "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", "https://errata.almalinux.org/9/ALSA-2026-1381.html", "https://errata.rockylinux.org/RLSA-2025:23326", "https://go.dev/cl/709861", "https://go.dev/issue/75677", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://linux.oracle.com/cve/CVE-2025-58183.html", "https://linux.oracle.com/errata/ELSA-2026-50076.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-58183", "https://pkg.go.dev/vuln/GO-2025-4014", "https://www.cve.org/CVERecord?id=CVE-2025-58183" ], "PublishedDate": "2025-10-29T23:16:19.357Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-58185", "VendorIDs": [ "GO-2025-4011" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9149befe453267f8" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58185", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c4e3de936290d1ed3cd87066ad4bfc8a27f63d8778524ae15d31d2ebde5b6039", "Title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1", "Description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58185", "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd", "https://go.dev/cl/709856", "https://go.dev/issue/75671", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58185", "https://pkg.go.dev/vuln/GO-2025-4011", "https://www.cve.org/CVERecord?id=CVE-2025-58185" ], "PublishedDate": "2025-10-29T23:16:19.45Z", "LastModifiedDate": "2026-02-06T20:26:41.997Z" }, { "VulnerabilityID": "CVE-2025-58187", "VendorIDs": [ "GO-2025-4007" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9149befe453267f8" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.9, 1.25.3", "Status": "fixed", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58187", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:5f340d7dbc9bab368a91cf162d20d149c74771e38903e91a7d3a65cc4bef8ef0", "Title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509", "Description": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.", "Severity": "MEDIUM", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58187", "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4", "https://go.dev/cl/709854", "https://go.dev/issue/75681", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58187", "https://pkg.go.dev/vuln/GO-2025-4007", "https://www.cve.org/CVERecord?id=CVE-2025-58187" ], "PublishedDate": "2025-10-29T23:16:19.643Z", "LastModifiedDate": "2026-01-29T16:02:27.08Z" }, { "VulnerabilityID": "CVE-2025-58188", "VendorIDs": [ "GO-2025-4013" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9149befe453267f8" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58188", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3b62f995bb4fbb4828b54f06407e664a479bcb464c1d392905064051bc062f10", "Title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509", "Description": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58188", "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9", "https://go.dev/cl/709853", "https://go.dev/issue/75675", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58188", "https://pkg.go.dev/vuln/GO-2025-4013", "https://www.cve.org/CVERecord?id=CVE-2025-58188" ], "PublishedDate": "2025-10-29T23:16:19.74Z", "LastModifiedDate": "2026-01-29T15:55:11.97Z" }, { "VulnerabilityID": "CVE-2025-58189", "VendorIDs": [ "GO-2025-4008" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9149befe453267f8" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58189", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:73585e8d9c01715331b0d2c13794edcaf8add94519c45fffb5c6eda9af3d3c72", "Title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information", "Description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", "Severity": "MEDIUM", "CweIDs": [ "CWE-532" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58189", "https://go.dev/cl/707776", "https://go.dev/issue/75652", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58189", "https://pkg.go.dev/vuln/GO-2025-4008", "https://www.cve.org/CVERecord?id=CVE-2025-58189" ], "PublishedDate": "2025-10-29T23:16:19.833Z", "LastModifiedDate": "2026-01-29T15:49:24.543Z" }, { "VulnerabilityID": "CVE-2025-61723", "VendorIDs": [ "GO-2025-4009" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9149befe453267f8" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61723", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:15d2b0c3ca9a4ee3940d0d53254100273ce434292b6dd4a41be723789b5cc231", "Title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem", "Description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61723", "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b", "https://go.dev/cl/709858", "https://go.dev/issue/75676", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61723", "https://pkg.go.dev/vuln/GO-2025-4009", "https://www.cve.org/CVERecord?id=CVE-2025-61723" ], "PublishedDate": "2025-10-29T23:16:19.927Z", "LastModifiedDate": "2026-01-29T15:49:05.343Z" }, { "VulnerabilityID": "CVE-2025-61724", "VendorIDs": [ "GO-2025-4015" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9149befe453267f8" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61724", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c8e4688bcfc1d0200398ee18966da8e79f81c291cf17ccadb5e1bc18f67e6682", "Title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto", "Description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61724", "https://go.dev/cl/709859", "https://go.dev/issue/75716", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61724", "https://pkg.go.dev/vuln/GO-2025-4015", "https://www.cve.org/CVERecord?id=CVE-2025-61724" ], "PublishedDate": "2025-10-29T23:16:20.02Z", "LastModifiedDate": "2026-01-29T15:30:53.69Z" }, { "VulnerabilityID": "CVE-2025-61725", "VendorIDs": [ "GO-2025-4006" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9149befe453267f8" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61725", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:ab9a9a25cb7f5ecad2df7bb44c43b9cfb210ae7b41a21834f147061fd1748e32", "Title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail", "Description": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61725", "https://go.dev/cl/709860", "https://go.dev/issue/75680", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61725", "https://pkg.go.dev/vuln/GO-2025-4006", "https://www.cve.org/CVERecord?id=CVE-2025-61725" ], "PublishedDate": "2025-10-29T23:16:20.113Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-61727", "VendorIDs": [ "GO-2025-4175" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9149befe453267f8" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.11, 1.25.5", "Status": "fixed", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61727", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:6ae918c7459278d8fe59009f26ec24974334dad5d25f0b50ae8fbc96fb891b41", "Title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs", "Description": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-61727", "https://go.dev/cl/723900", "https://go.dev/issue/76442", "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "https://nvd.nist.gov/vuln/detail/CVE-2025-61727", "https://pkg.go.dev/vuln/GO-2025-4175", "https://www.cve.org/CVERecord?id=CVE-2025-61727" ], "PublishedDate": "2025-12-03T20:16:25.607Z", "LastModifiedDate": "2025-12-18T20:15:10.957Z" }, { "VulnerabilityID": "CVE-2025-61728", "VendorIDs": [ "GO-2026-4342" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9149befe453267f8" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61728", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:e6c3eda8cab18233ed7b0ba449b5346707c3f0b8b738ff63eed7518b9d802bbf", "Title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip", "Description": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/15/4", "https://access.redhat.com/errata/RHSA-2026:3753", "https://access.redhat.com/security/cve/CVE-2025-61728", "https://bugzilla.redhat.com/2418462", "https://bugzilla.redhat.com/2434431", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", "https://bugzilla.redhat.com/show_bug.cgi?id=2434431", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-3753.html", "https://errata.rockylinux.org/RLSA-2026:3337", "https://go.dev/cl/736713", "https://go.dev/issue/77102", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-61728.html", "https://linux.oracle.com/errata/ELSA-2026-4672.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61728", "https://pkg.go.dev/vuln/GO-2026-4342", "https://www.cve.org/CVERecord?id=CVE-2025-61728" ], "PublishedDate": "2026-01-28T20:16:09.83Z", "LastModifiedDate": "2026-02-06T18:45:10.42Z" }, { "VulnerabilityID": "CVE-2025-61730", "VendorIDs": [ "GO-2026-4340" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9149befe453267f8" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61730", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:109f6e7d728e3169d48d9d328d9e543125c3796aaa10a6b890eee3c36edf7df5", "Title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls", "Description": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 2, "azure": 1, "bitnami": 2, "cbl-mariner": 1, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-61730", "https://go.dev/cl/724120", "https://go.dev/issue/76443", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://nvd.nist.gov/vuln/detail/CVE-2025-61730", "https://pkg.go.dev/vuln/GO-2026-4340", "https://www.cve.org/CVERecord?id=CVE-2025-61730" ], "PublishedDate": "2026-01-28T20:16:09.94Z", "LastModifiedDate": "2026-02-03T20:36:41.3Z" }, { "VulnerabilityID": "CVE-2026-27142", "VendorIDs": [ "GO-2026-4603" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9149befe453267f8" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.8, 1.26.1", "Status": "fixed", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27142", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:6d9c37ff9b099d65e165bc41e65d23b3f5ff2848fc0672bee89f5298882780d6", "Title": "html/template: URLs in meta content attribute actions are not escaped in html/template", "Description": "Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27142", "https://go.dev/cl/752081", "https://go.dev/issue/77954", "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "https://nvd.nist.gov/vuln/detail/CVE-2026-27142", "https://pkg.go.dev/vuln/GO-2026-4603", "https://www.cve.org/CVERecord?id=CVE-2026-27142" ], "PublishedDate": "2026-03-06T22:16:01.177Z", "LastModifiedDate": "2026-04-21T14:30:01.38Z" }, { "VulnerabilityID": "CVE-2026-32282", "VendorIDs": [ "GO-2026-4864" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9149befe453267f8" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b5238b89aaea3e7586d8507322b59a246585b0f3540e02b0e73814d3bdc9d520", "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32282", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763761", "https://go.dev/issue/78293", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32282.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", "https://pkg.go.dev/vuln/GO-2026-4864", "https://www.cve.org/CVERecord?id=CVE-2026-32282" ], "PublishedDate": "2026-04-08T02:16:03.467Z", "LastModifiedDate": "2026-04-16T19:15:39.4Z" }, { "VulnerabilityID": "CVE-2026-32288", "VendorIDs": [ "GO-2026-4869" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9149befe453267f8" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:cd4f8b7b8d8c881d14c33749974bf2210d36ef246e16c6bef9fef5c97808495f", "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "azure": 2, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32288", "https://go.dev/cl/763766", "https://go.dev/issue/78301", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", "https://pkg.go.dev/vuln/GO-2026-4869", "https://www.cve.org/CVERecord?id=CVE-2026-32288" ], "PublishedDate": "2026-04-08T02:16:03.707Z", "LastModifiedDate": "2026-04-16T19:08:52.24Z" }, { "VulnerabilityID": "CVE-2026-32289", "VendorIDs": [ "GO-2026-4865" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9149befe453267f8" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:9135ecf33a4d829c8bc5c652a7d96a5c00668faa89aa586c209d9389f906ba51", "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32289", "https://go.dev/cl/763762", "https://go.dev/issue/78331", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", "https://pkg.go.dev/vuln/GO-2026-4865", "https://www.cve.org/CVERecord?id=CVE-2026-32289" ], "PublishedDate": "2026-04-08T02:16:03.82Z", "LastModifiedDate": "2026-04-16T19:06:57.367Z" }, { "VulnerabilityID": "CVE-2026-39823", "VendorIDs": [ "GO-2026-4982" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9149befe453267f8" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:180239ca3e68711c99a35526cec49967ddb671cf7d9a38f5afdbb367d40ea675", "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/769920", "https://go.dev/issue/78913", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", "https://pkg.go.dev/vuln/GO-2026-4982" ], "PublishedDate": "2026-05-07T20:16:43.29Z", "LastModifiedDate": "2026-05-13T16:58:45.697Z" }, { "VulnerabilityID": "CVE-2026-39825", "VendorIDs": [ "GO-2026-4976" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9149befe453267f8" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:cac40f1f0c4e56ef38ad7f10aa04948a38b1abfb031d38b8ace16da86018e890", "Title": "ReverseProxy can forward queries containing parameters not visible to ...", "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", "Severity": "MEDIUM", "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://go.dev/cl/770541", "https://go.dev/issue/78948", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", "https://pkg.go.dev/vuln/GO-2026-4976" ], "PublishedDate": "2026-05-07T20:16:43.39Z", "LastModifiedDate": "2026-05-13T16:58:56.39Z" }, { "VulnerabilityID": "CVE-2026-39826", "VendorIDs": [ "GO-2026-4980" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "9149befe453267f8" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:b97e88233fadc1ebe5cf65cd9925fa222006803b687dab9bec2cee1535fb901f", "DiffID": "sha256:40304d89c596ba5e04b254bd5c87476d111021182a28631bb8fec3688ad02214" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:1757647dd56db76b845c68ac9be53b169ca92e9300ba5030cd44ea5e5e065799", "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", "Severity": "MEDIUM", "CweIDs": [ "CWE-116" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/771180", "https://go.dev/issue/78981", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", "https://pkg.go.dev/vuln/GO-2026-4980" ], "PublishedDate": "2026-05-07T20:16:43.49Z", "LastModifiedDate": "2026-05-13T16:59:07.48Z" } ] }, { "Target": "wait-shutdown", "Class": "lang-pkgs", "Type": "gobinary", "Packages": [ { "ID": "k8s.io/ingress-nginx", "Name": "k8s.io/ingress-nginx", "Identifier": { "PURL": "pkg:golang/k8s.io/ingress-nginx", "UID": "f76d84a54a5e2866" }, "Relationship": "root", "DependsOn": [ "github.com/go-logr/logr@v1.4.2", "github.com/mitchellh/go-ps@v1.0.0", "k8s.io/apimachinery@v0.32.3", "k8s.io/klog/v2@v2.130.1", "k8s.io/utils@v0.0.0-20250321185631-1f6e0b77f77e", "stdlib@v1.24.1" ], "Layer": { "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" }, "AnalyzedBy": "gobinary" }, { "ID": "stdlib@v1.24.1", "Name": "stdlib", "Identifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "b74b75cc6e3e916d" }, "Version": "v1.24.1", "Relationship": "direct", "Layer": { "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-logr/logr@v1.4.2", "Name": "github.com/go-logr/logr", "Identifier": { "PURL": "pkg:golang/github.com/go-logr/logr@v1.4.2", "UID": "8ba57ce35feb736" }, "Version": "v1.4.2", "Layer": { "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mitchellh/go-ps@v1.0.0", "Name": "github.com/mitchellh/go-ps", "Identifier": { "PURL": "pkg:golang/github.com/mitchellh/go-ps@v1.0.0", "UID": "20a4401897df5931" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/apimachinery@v0.32.3", "Name": "k8s.io/apimachinery", "Identifier": { "PURL": "pkg:golang/k8s.io/apimachinery@v0.32.3", "UID": "e750bd3707f779e4" }, "Version": "v0.32.3", "Layer": { "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/klog/v2@v2.130.1", "Name": "k8s.io/klog/v2", "Identifier": { "PURL": "pkg:golang/k8s.io/klog/v2@v2.130.1", "UID": "329ce9d4ca4324c" }, "Version": "v2.130.1", "Layer": { "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/utils@v0.0.0-20250321185631-1f6e0b77f77e", "Name": "k8s.io/utils", "Identifier": { "PURL": "pkg:golang/k8s.io/utils@v0.0.0-20250321185631-1f6e0b77f77e", "UID": "31b8673771d1f678" }, "Version": "v0.0.0-20250321185631-1f6e0b77f77e", "Layer": { "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" }, "AnalyzedBy": "gobinary" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2025-68121", "VendorIDs": [ "GO-2026-4337" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "b74b75cc6e3e916d" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3", "Status": "fixed", "Layer": { "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68121", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:8b438b5ca93a4d831c4dbbdc9a1f2814098437ed85c53834cebd0c22f02e53be", "Title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption", "Description": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.", "Severity": "CRITICAL", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 4, "cbl-mariner": 2, "nvd": 4, "oracle-oval": 3, "photon": 4, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "V3Score": 10 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "V3Score": 10 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4177", "https://access.redhat.com/security/cve/CVE-2025-68121", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-4177.html", "https://errata.rockylinux.org/RLSA-2026:4177", "https://github.com/golang/go/issues/77113", "https://go.dev/cl/737700", "https://go.dev/issue/77217", "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-68121.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-68121", "https://pkg.go.dev/vuln/GO-2026-4337", "https://www.cve.org/CVERecord?id=CVE-2025-68121" ], "PublishedDate": "2026-02-05T18:16:10.857Z", "LastModifiedDate": "2026-04-29T14:16:16.17Z" }, { "VulnerabilityID": "CVE-2025-22874", "VendorIDs": [ "GO-2025-3749" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "b74b75cc6e3e916d" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.4", "Status": "fixed", "Layer": { "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22874", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:1a06adfc79b82f0e3aaee4aec31b8255872d052000188cc0b112ee3e0f238f9e", "Title": "crypto/x509: Usage of ExtKeyUsageAny disables policy validation in crypto/x509", "Description": "Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.", "Severity": "HIGH", "VendorSeverity": { "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "redhat": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22874", "https://go.dev/cl/670375", "https://go.dev/issue/73612", "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "https://nvd.nist.gov/vuln/detail/CVE-2025-22874", "https://pkg.go.dev/vuln/GO-2025-3749", "https://www.cve.org/CVERecord?id=CVE-2025-22874" ], "PublishedDate": "2025-06-11T17:15:42.167Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-61726", "VendorIDs": [ "GO-2026-4341" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "b74b75cc6e3e916d" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61726", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:ca7b6583714a29ce1ef91b43015c059503768aaa984f3aae6b55c9c58c4c49d3", "Title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url", "Description": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 3, "cbl-mariner": 2, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4177", "https://access.redhat.com/security/cve/CVE-2025-61726", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-4177.html", "https://errata.rockylinux.org/RLSA-2026:4177", "https://go.dev/cl/736712", "https://go.dev/issue/77101", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-61726.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61726", "https://pkg.go.dev/vuln/GO-2026-4341", "https://www.cve.org/CVERecord?id=CVE-2025-61726" ], "PublishedDate": "2026-01-28T20:16:09.713Z", "LastModifiedDate": "2026-02-06T18:47:34.52Z" }, { "VulnerabilityID": "CVE-2025-61729", "VendorIDs": [ "GO-2025-4155" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "b74b75cc6e3e916d" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.11, 1.25.5", "Status": "fixed", "Layer": { "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61729", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:bfd42409a798e77c47899901c419a06234ef7982f9293c4d272f6e1636b43d0a", "Title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate", "Description": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 1, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:3928", "https://access.redhat.com/security/cve/CVE-2025-61729", "https://bugzilla.redhat.com/2418462", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-3928.html", "https://errata.rockylinux.org/RLSA-2026:3928", "https://go.dev/cl/725920", "https://go.dev/issue/76445", "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "https://linux.oracle.com/cve/CVE-2025-61729.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61729", "https://pkg.go.dev/vuln/GO-2025-4155", "https://www.cve.org/CVERecord?id=CVE-2025-61729" ], "PublishedDate": "2025-12-02T19:15:51.447Z", "LastModifiedDate": "2025-12-19T18:25:28.283Z" }, { "VulnerabilityID": "CVE-2026-25679", "VendorIDs": [ "GO-2026-4601" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "b74b75cc6e3e916d" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.8, 1.26.1", "Status": "fixed", "Layer": { "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25679", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:787c0cc7871f3f82cd79a95e9e4ea9c229abdefacc9d2249d08693ffea6a00a3", "Title": "net/url: Incorrect parsing of IPv6 host literals in net/url", "Description": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.", "Severity": "HIGH", "CweIDs": [ "CWE-425" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:9044", "https://access.redhat.com/security/cve/CVE-2026-25679", "https://bugzilla.redhat.com/2445356", "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", "https://errata.almalinux.org/9/ALSA-2026-9044.html", "https://errata.rockylinux.org/RLSA-2026:8841", "https://go.dev/cl/752180", "https://go.dev/issue/77578", "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "https://linux.oracle.com/cve/CVE-2026-25679.html", "https://linux.oracle.com/errata/ELSA-2026-9044.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", "https://pkg.go.dev/vuln/GO-2026-4601", "https://www.cve.org/CVERecord?id=CVE-2026-25679" ], "PublishedDate": "2026-03-06T22:16:00.72Z", "LastModifiedDate": "2026-04-21T14:43:03.8Z" }, { "VulnerabilityID": "CVE-2026-32280", "VendorIDs": [ "GO-2026-4947" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "b74b75cc6e3e916d" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3b45aed6e12c97fe4615ce003c27d3da538b822e5dfc90066d1d9e80363f82e0", "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32280", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/758320", "https://go.dev/issue/78282", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32280.html", "https://linux.oracle.com/errata/ELSA-2026-16875.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", "https://pkg.go.dev/vuln/GO-2026-4947", "https://www.cve.org/CVERecord?id=CVE-2026-32280" ], "PublishedDate": "2026-04-08T02:16:03.247Z", "LastModifiedDate": "2026-04-16T19:16:42.18Z" }, { "VulnerabilityID": "CVE-2026-32281", "VendorIDs": [ "GO-2026-4946" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "b74b75cc6e3e916d" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:808d3de71e9a794b2cfd7a7f723cb3261d402ed328feeb9ffb0d7999a44787c7", "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32281", "https://go.dev/cl/758061", "https://go.dev/issue/78281", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", "https://pkg.go.dev/vuln/GO-2026-4946", "https://www.cve.org/CVERecord?id=CVE-2026-32281" ], "PublishedDate": "2026-04-08T02:16:03.35Z", "LastModifiedDate": "2026-04-16T19:15:57.75Z" }, { "VulnerabilityID": "CVE-2026-32283", "VendorIDs": [ "GO-2026-4870" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "b74b75cc6e3e916d" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:e9ccb4904a0592b16459ea57775d5962377b1bcf8565db5e07022faefa482fe4", "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "nvd": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32283", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763767", "https://go.dev/issue/78334", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32283.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", "https://pkg.go.dev/vuln/GO-2026-4870", "https://www.cve.org/CVERecord?id=CVE-2026-32283" ], "PublishedDate": "2026-04-08T02:16:03.58Z", "LastModifiedDate": "2026-04-16T19:12:10.54Z" }, { "VulnerabilityID": "CVE-2026-33811", "VendorIDs": [ "GO-2026-4981" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "b74b75cc6e3e916d" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:e08a9377494d825398d54991381662fd7cd3104fe6d54a30c4c238052651b262", "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", "Severity": "HIGH", "CweIDs": [ "CWE-415" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/767860", "https://go.dev/issue/78803", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", "https://pkg.go.dev/vuln/GO-2026-4981" ], "PublishedDate": "2026-05-07T20:16:42.77Z", "LastModifiedDate": "2026-05-12T20:23:02.333Z" }, { "VulnerabilityID": "CVE-2026-33814", "VendorIDs": [ "GO-2026-4918" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "b74b75cc6e3e916d" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:e9b1fea04b8fc34b33e6606fa6cc1db8518508d19ae385f92e7918430c41dae2", "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", "Severity": "HIGH", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/761581", "https://go.dev/cl/761640", "https://go.dev/issue/78476", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", "https://pkg.go.dev/vuln/GO-2026-4918" ], "PublishedDate": "2026-05-07T20:16:42.88Z", "LastModifiedDate": "2026-05-13T14:41:59.52Z" }, { "VulnerabilityID": "CVE-2026-39820", "VendorIDs": [ "GO-2026-4986" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "b74b75cc6e3e916d" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b1fb77bdade7f09410135d5a21695990fee8b0776f9246674209bddc9b929a5d", "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/759940", "https://go.dev/issue/78566", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", "https://pkg.go.dev/vuln/GO-2026-4986" ], "PublishedDate": "2026-05-07T20:16:43.187Z", "LastModifiedDate": "2026-05-13T15:10:58.65Z" }, { "VulnerabilityID": "CVE-2026-39836", "VendorIDs": [ "GO-2026-4971" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "b74b75cc6e3e916d" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:38756514ee19b979d9948ccd76fb8c79c7832e54aeeffe47f64ccdc4b8b8bcfa", "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/775320", "https://go.dev/issue/79006", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", "https://pkg.go.dev/vuln/GO-2026-4971" ], "PublishedDate": "2026-05-07T20:16:43.593Z", "LastModifiedDate": "2026-05-13T15:11:10.31Z" }, { "VulnerabilityID": "CVE-2026-42499", "VendorIDs": [ "GO-2026-4977" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "b74b75cc6e3e916d" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:2227cc02167cfde7c88f2b8e27b5fc288dd7d6ec5e51afbd4ea5397b05d46895", "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", "Severity": "HIGH", "VendorSeverity": { "bitnami": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/771520", "https://go.dev/issue/78987", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", "https://pkg.go.dev/vuln/GO-2026-4977" ], "PublishedDate": "2026-05-07T20:16:44.54Z", "LastModifiedDate": "2026-05-13T16:59:17.563Z" }, { "VulnerabilityID": "CVE-2025-0913", "VendorIDs": [ "GO-2025-3750" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "b74b75cc6e3e916d" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.23.10, 1.24.4", "Status": "fixed", "Layer": { "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f53a9254df5b2462b0b5da383e814ce2296735c29ebca0978ea23238d0179aac", "Title": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", "Description": "os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 } }, "References": [ "https://go.dev/cl/672396", "https://go.dev/issue/73702", "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "https://nvd.nist.gov/vuln/detail/CVE-2025-0913", "https://pkg.go.dev/vuln/GO-2025-3750" ], "PublishedDate": "2025-06-11T18:15:24.627Z", "LastModifiedDate": "2025-08-08T14:53:03.55Z" }, { "VulnerabilityID": "CVE-2025-22871", "VendorIDs": [ "GO-2025-3563" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "b74b75cc6e3e916d" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.23.8, 1.24.2", "Status": "fixed", "Layer": { "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22871", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c4f006ff5795197b93f24ac7c29a46bbf6c3a52d66121809cd1cf039c9b4fe9d", "Title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http", "Description": "The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 4, "cbl-mariner": 3, "ghsa": 4, "oracle-oval": 2, "photon": 4, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/04/4", "https://access.redhat.com/errata/RHSA-2025:9635", "https://access.redhat.com/security/cve/CVE-2025-22871", "https://bugzilla.redhat.com/2358493", "https://bugzilla.redhat.com/show_bug.cgi?id=2358493", "https://cert-portal.siemens.com/productcert/html/ssa-783943.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871", "https://errata.almalinux.org/9/ALSA-2025-9635.html", "https://errata.rockylinux.org/RLSA-2025:9635", "https://github.com/roadrunner-server/roadrunner", "https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa", "https://github.com/roadrunner-server/roadrunner/issues/2166", "https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0", "https://go.dev/cl/652998", "https://go.dev/issue/71988", "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk", "https://linux.oracle.com/cve/CVE-2025-22871.html", "https://linux.oracle.com/errata/ELSA-2025-9845.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-22871", "https://pkg.go.dev/vuln/GO-2025-3563", "https://www.cve.org/CVERecord?id=CVE-2025-22871" ], "PublishedDate": "2025-04-08T20:15:20.183Z", "LastModifiedDate": "2026-05-12T13:16:39.897Z" }, { "VulnerabilityID": "CVE-2025-22873", "VendorIDs": [ "GO-2026-4403" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "b74b75cc6e3e916d" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.23.9, 1.24.3", "Status": "fixed", "Layer": { "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22873", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c31c2db2782c5d2a6137ccb549009ce5d5618f9f9c80c081d3b0cae760728b4f", "Title": "os: os: Information disclosure via path traversal using specially crafted filenames", "Description": "It was possible to improperly access the parent directory of an os.Root by opening a filename ending in \"../\". For example, Root.Open(\"../\") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.", "Severity": "MEDIUM", "CweIDs": [ "CWE-23" ], "VendorSeverity": { "amazon": 2, "bitnami": 1, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "V3Score": 3.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/05/06/2", "https://access.redhat.com/security/cve/CVE-2025-22873", "https://go.dev/cl/670036", "https://go.dev/issue/73555", "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ", "https://nvd.nist.gov/vuln/detail/CVE-2025-22873", "https://pkg.go.dev/vuln/GO-2026-4403", "https://www.cve.org/CVERecord?id=CVE-2025-22873" ], "PublishedDate": "2026-02-04T23:15:54.22Z", "LastModifiedDate": "2026-02-10T15:16:40.057Z" }, { "VulnerabilityID": "CVE-2025-4673", "VendorIDs": [ "GO-2025-3751" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "b74b75cc6e3e916d" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.23.10, 1.24.4", "Status": "fixed", "Layer": { "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:d832e7c4f78bffb641f45933be75b831352817e629d4e4ce2e78ad8b19894316", "Title": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", "Description": "Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "V3Score": 6.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "V3Score": 6.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:15887", "https://access.redhat.com/security/cve/CVE-2025-4673", "https://bugzilla.redhat.com/2373305", "https://bugzilla.redhat.com/show_bug.cgi?id=2373305", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673", "https://errata.almalinux.org/9/ALSA-2025-15887.html", "https://errata.rockylinux.org/RLSA-2025:15887", "https://go.dev/cl/679257", "https://go.dev/issue/73816", "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "https://linux.oracle.com/cve/CVE-2025-4673.html", "https://linux.oracle.com/errata/ELSA-2025-10677.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-4673", "https://pkg.go.dev/vuln/GO-2025-3751", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-4673" ], "PublishedDate": "2025-06-11T17:15:42.993Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-47906", "VendorIDs": [ "GO-2025-3956" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "b74b75cc6e3e916d" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.23.12, 1.24.6", "Status": "fixed", "Layer": { "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b8d0993f109db42bc7a4a25d3d980b94987db3d32dfc0910cd6620c59d653730", "Title": "os/exec: Unexpected paths returned from LookPath in os/exec", "Description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/08/06/1", "https://access.redhat.com/errata/RHSA-2025:22005", "https://access.redhat.com/security/cve/CVE-2025-47906", "https://bugzilla.redhat.com/2396546", "https://bugzilla.redhat.com/show_bug.cgi?id=2396546", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906", "https://errata.almalinux.org/9/ALSA-2025-22005.html", "https://errata.rockylinux.org/RLSA-2025:22005", "https://go.dev/cl/691775", "https://go.dev/issue/74466", "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", "https://linux.oracle.com/cve/CVE-2025-47906.html", "https://linux.oracle.com/errata/ELSA-2025-22668.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-47906", "https://pkg.go.dev/vuln/GO-2025-3956", "https://www.cve.org/CVERecord?id=CVE-2025-47906" ], "PublishedDate": "2025-09-18T19:15:37.66Z", "LastModifiedDate": "2026-01-27T19:56:17.707Z" }, { "VulnerabilityID": "CVE-2025-47907", "VendorIDs": [ "GO-2025-3849" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "b74b75cc6e3e916d" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.23.12, 1.24.6", "Status": "fixed", "Layer": { "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:a63f50c7a2bd6717d185f143ca1d9b5e89d1976dc65435fec5cf5b3817301187", "Title": "database/sql: Postgres Scan Race Condition", "Description": "Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "V3Score": 7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/08/06/1", "https://access.redhat.com/errata/RHSA-2025:20909", "https://access.redhat.com/security/cve/CVE-2025-47907", "https://bugzilla.redhat.com/2387083", "https://bugzilla.redhat.com/2393152", "https://errata.almalinux.org/9/ALSA-2025-20909.html", "https://go.dev/cl/693735", "https://go.dev/issue/74831", "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", "https://linux.oracle.com/cve/CVE-2025-47907.html", "https://linux.oracle.com/errata/ELSA-2025-20983.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-47907", "https://pkg.go.dev/vuln/GO-2025-3849", "https://www.cve.org/CVERecord?id=CVE-2025-47907" ], "PublishedDate": "2025-08-07T16:15:30.357Z", "LastModifiedDate": "2026-01-29T19:11:50.67Z" }, { "VulnerabilityID": "CVE-2025-47912", "VendorIDs": [ "GO-2025-4010" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "b74b75cc6e3e916d" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47912", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:9ffeea68f0ccac5e73f8155644bac5822d40c9013c0cad37bd70a99c910ee935", "Title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url", "Description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-47912", "https://go.dev/cl/709857", "https://go.dev/issue/75678", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-47912", "https://pkg.go.dev/vuln/GO-2025-4010", "https://www.cve.org/CVERecord?id=CVE-2025-47912" ], "PublishedDate": "2025-10-29T23:16:18.187Z", "LastModifiedDate": "2026-01-29T13:57:18.69Z" }, { "VulnerabilityID": "CVE-2025-58183", "VendorIDs": [ "GO-2025-4014" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "b74b75cc6e3e916d" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58183", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:1e688386de97500e02d9306dbdca417285f5560b0bde700f1d5b792af8878fde", "Title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map", "Description": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/errata/RHSA-2026:1381", "https://access.redhat.com/security/cve/CVE-2025-58183", "https://bugzilla.redhat.com/2407258", "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", "https://errata.almalinux.org/9/ALSA-2026-1381.html", "https://errata.rockylinux.org/RLSA-2025:23326", "https://go.dev/cl/709861", "https://go.dev/issue/75677", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://linux.oracle.com/cve/CVE-2025-58183.html", "https://linux.oracle.com/errata/ELSA-2026-50076.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-58183", "https://pkg.go.dev/vuln/GO-2025-4014", "https://www.cve.org/CVERecord?id=CVE-2025-58183" ], "PublishedDate": "2025-10-29T23:16:19.357Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-58185", "VendorIDs": [ "GO-2025-4011" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "b74b75cc6e3e916d" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58185", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:16827813ecc3103ce94420897eedc128c33a50f2904bcdd2f8b06e58a3fd072e", "Title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1", "Description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58185", "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd", "https://go.dev/cl/709856", "https://go.dev/issue/75671", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58185", "https://pkg.go.dev/vuln/GO-2025-4011", "https://www.cve.org/CVERecord?id=CVE-2025-58185" ], "PublishedDate": "2025-10-29T23:16:19.45Z", "LastModifiedDate": "2026-02-06T20:26:41.997Z" }, { "VulnerabilityID": "CVE-2025-58187", "VendorIDs": [ "GO-2025-4007" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "b74b75cc6e3e916d" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.9, 1.25.3", "Status": "fixed", "Layer": { "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58187", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:df64cb72b5604e5ae8232c5368267481fed7efc9998a362fdf4c07bc5c784a37", "Title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509", "Description": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.", "Severity": "MEDIUM", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58187", "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4", "https://go.dev/cl/709854", "https://go.dev/issue/75681", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58187", "https://pkg.go.dev/vuln/GO-2025-4007", "https://www.cve.org/CVERecord?id=CVE-2025-58187" ], "PublishedDate": "2025-10-29T23:16:19.643Z", "LastModifiedDate": "2026-01-29T16:02:27.08Z" }, { "VulnerabilityID": "CVE-2025-58188", "VendorIDs": [ "GO-2025-4013" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "b74b75cc6e3e916d" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58188", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:ddb8efb7e5c3bf44c42d115877e36c99be12c18212cc33ea2d6f6c54e8acce0f", "Title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509", "Description": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58188", "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9", "https://go.dev/cl/709853", "https://go.dev/issue/75675", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58188", "https://pkg.go.dev/vuln/GO-2025-4013", "https://www.cve.org/CVERecord?id=CVE-2025-58188" ], "PublishedDate": "2025-10-29T23:16:19.74Z", "LastModifiedDate": "2026-01-29T15:55:11.97Z" }, { "VulnerabilityID": "CVE-2025-58189", "VendorIDs": [ "GO-2025-4008" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "b74b75cc6e3e916d" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58189", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:1b0511288bdf8943180225fa45f04d76ebd758a0472398282cf521c3b9882e3a", "Title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information", "Description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", "Severity": "MEDIUM", "CweIDs": [ "CWE-532" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58189", "https://go.dev/cl/707776", "https://go.dev/issue/75652", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58189", "https://pkg.go.dev/vuln/GO-2025-4008", "https://www.cve.org/CVERecord?id=CVE-2025-58189" ], "PublishedDate": "2025-10-29T23:16:19.833Z", "LastModifiedDate": "2026-01-29T15:49:24.543Z" }, { "VulnerabilityID": "CVE-2025-61723", "VendorIDs": [ "GO-2025-4009" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "b74b75cc6e3e916d" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61723", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:1b9bc4cf6275727483e9fc5d2628a3d56f69924f0960652ebbc79b9ab8577378", "Title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem", "Description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61723", "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b", "https://go.dev/cl/709858", "https://go.dev/issue/75676", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61723", "https://pkg.go.dev/vuln/GO-2025-4009", "https://www.cve.org/CVERecord?id=CVE-2025-61723" ], "PublishedDate": "2025-10-29T23:16:19.927Z", "LastModifiedDate": "2026-01-29T15:49:05.343Z" }, { "VulnerabilityID": "CVE-2025-61724", "VendorIDs": [ "GO-2025-4015" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "b74b75cc6e3e916d" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61724", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:36c84b57f8819e4c2ae8394af8cdee2d73aa26ca09275ce7d254e72fc92b9bc3", "Title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto", "Description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61724", "https://go.dev/cl/709859", "https://go.dev/issue/75716", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61724", "https://pkg.go.dev/vuln/GO-2025-4015", "https://www.cve.org/CVERecord?id=CVE-2025-61724" ], "PublishedDate": "2025-10-29T23:16:20.02Z", "LastModifiedDate": "2026-01-29T15:30:53.69Z" }, { "VulnerabilityID": "CVE-2025-61725", "VendorIDs": [ "GO-2025-4006" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "b74b75cc6e3e916d" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61725", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f5cfa1ceadfda7045d80f5a2c2052f928c8a1368b770f31b6a14af28eca3fd2c", "Title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail", "Description": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61725", "https://go.dev/cl/709860", "https://go.dev/issue/75680", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61725", "https://pkg.go.dev/vuln/GO-2025-4006", "https://www.cve.org/CVERecord?id=CVE-2025-61725" ], "PublishedDate": "2025-10-29T23:16:20.113Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-61727", "VendorIDs": [ "GO-2025-4175" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "b74b75cc6e3e916d" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.11, 1.25.5", "Status": "fixed", "Layer": { "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61727", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:cc34c0d3f0a3235f04491bebcca654a8a354ea63e298c40df6145b38829c5b82", "Title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs", "Description": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-61727", "https://go.dev/cl/723900", "https://go.dev/issue/76442", "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "https://nvd.nist.gov/vuln/detail/CVE-2025-61727", "https://pkg.go.dev/vuln/GO-2025-4175", "https://www.cve.org/CVERecord?id=CVE-2025-61727" ], "PublishedDate": "2025-12-03T20:16:25.607Z", "LastModifiedDate": "2025-12-18T20:15:10.957Z" }, { "VulnerabilityID": "CVE-2025-61728", "VendorIDs": [ "GO-2026-4342" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "b74b75cc6e3e916d" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61728", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:438a3d7944bd2083545b378d95bc783734d330053abc4753667ff263d33fc44c", "Title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip", "Description": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/15/4", "https://access.redhat.com/errata/RHSA-2026:3753", "https://access.redhat.com/security/cve/CVE-2025-61728", "https://bugzilla.redhat.com/2418462", "https://bugzilla.redhat.com/2434431", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", "https://bugzilla.redhat.com/show_bug.cgi?id=2434431", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-3753.html", "https://errata.rockylinux.org/RLSA-2026:3337", "https://go.dev/cl/736713", "https://go.dev/issue/77102", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-61728.html", "https://linux.oracle.com/errata/ELSA-2026-4672.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61728", "https://pkg.go.dev/vuln/GO-2026-4342", "https://www.cve.org/CVERecord?id=CVE-2025-61728" ], "PublishedDate": "2026-01-28T20:16:09.83Z", "LastModifiedDate": "2026-02-06T18:45:10.42Z" }, { "VulnerabilityID": "CVE-2025-61730", "VendorIDs": [ "GO-2026-4340" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "b74b75cc6e3e916d" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61730", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f3c7ac48a568ba7a0dbf1f45680c17aa82a342d80c83010674f37241c56e9ffc", "Title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls", "Description": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 2, "azure": 1, "bitnami": 2, "cbl-mariner": 1, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-61730", "https://go.dev/cl/724120", "https://go.dev/issue/76443", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://nvd.nist.gov/vuln/detail/CVE-2025-61730", "https://pkg.go.dev/vuln/GO-2026-4340", "https://www.cve.org/CVERecord?id=CVE-2025-61730" ], "PublishedDate": "2026-01-28T20:16:09.94Z", "LastModifiedDate": "2026-02-03T20:36:41.3Z" }, { "VulnerabilityID": "CVE-2026-27142", "VendorIDs": [ "GO-2026-4603" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "b74b75cc6e3e916d" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.8, 1.26.1", "Status": "fixed", "Layer": { "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27142", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c4549e9dd1a9a69a08497d6b41df239a2d93725522d8c7ebda19d9dd2ff80e82", "Title": "html/template: URLs in meta content attribute actions are not escaped in html/template", "Description": "Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27142", "https://go.dev/cl/752081", "https://go.dev/issue/77954", "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "https://nvd.nist.gov/vuln/detail/CVE-2026-27142", "https://pkg.go.dev/vuln/GO-2026-4603", "https://www.cve.org/CVERecord?id=CVE-2026-27142" ], "PublishedDate": "2026-03-06T22:16:01.177Z", "LastModifiedDate": "2026-04-21T14:30:01.38Z" }, { "VulnerabilityID": "CVE-2026-32282", "VendorIDs": [ "GO-2026-4864" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "b74b75cc6e3e916d" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:538346bfa9c3654d11bb4d6f38dad64e1e41de0cd2516f768a4eca67e84f001c", "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32282", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763761", "https://go.dev/issue/78293", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32282.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", "https://pkg.go.dev/vuln/GO-2026-4864", "https://www.cve.org/CVERecord?id=CVE-2026-32282" ], "PublishedDate": "2026-04-08T02:16:03.467Z", "LastModifiedDate": "2026-04-16T19:15:39.4Z" }, { "VulnerabilityID": "CVE-2026-32288", "VendorIDs": [ "GO-2026-4869" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "b74b75cc6e3e916d" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:7679e18655b68a427396c23aa24c27fcfcdb0c73c9c596902b876087030f8cf5", "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "azure": 2, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32288", "https://go.dev/cl/763766", "https://go.dev/issue/78301", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", "https://pkg.go.dev/vuln/GO-2026-4869", "https://www.cve.org/CVERecord?id=CVE-2026-32288" ], "PublishedDate": "2026-04-08T02:16:03.707Z", "LastModifiedDate": "2026-04-16T19:08:52.24Z" }, { "VulnerabilityID": "CVE-2026-32289", "VendorIDs": [ "GO-2026-4865" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "b74b75cc6e3e916d" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f4bd48071eeaf9f922a82b15cc3f5fac84d715174c85c9e0d39c8edd2ce76c02", "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32289", "https://go.dev/cl/763762", "https://go.dev/issue/78331", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", "https://pkg.go.dev/vuln/GO-2026-4865", "https://www.cve.org/CVERecord?id=CVE-2026-32289" ], "PublishedDate": "2026-04-08T02:16:03.82Z", "LastModifiedDate": "2026-04-16T19:06:57.367Z" }, { "VulnerabilityID": "CVE-2026-39823", "VendorIDs": [ "GO-2026-4982" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "b74b75cc6e3e916d" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:72632e2d9bff9f54d791923e01385e51f55719f03c4c8fe19b6c3f71da4faf07", "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/769920", "https://go.dev/issue/78913", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", "https://pkg.go.dev/vuln/GO-2026-4982" ], "PublishedDate": "2026-05-07T20:16:43.29Z", "LastModifiedDate": "2026-05-13T16:58:45.697Z" }, { "VulnerabilityID": "CVE-2026-39825", "VendorIDs": [ "GO-2026-4976" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "b74b75cc6e3e916d" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:7a8aee16e92208e6febd37c5128e812bee9431e6ba2bd597c2c36828e3051868", "Title": "ReverseProxy can forward queries containing parameters not visible to ...", "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", "Severity": "MEDIUM", "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://go.dev/cl/770541", "https://go.dev/issue/78948", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", "https://pkg.go.dev/vuln/GO-2026-4976" ], "PublishedDate": "2026-05-07T20:16:43.39Z", "LastModifiedDate": "2026-05-13T16:58:56.39Z" }, { "VulnerabilityID": "CVE-2026-39826", "VendorIDs": [ "GO-2026-4980" ], "PkgID": "stdlib@v1.24.1", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.1", "UID": "b74b75cc6e3e916d" }, "InstalledVersion": "v1.24.1", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:95674566bed77c1ec388b1b86a692453e688af9fbfbce448b2a1c8b2b6daea21", "DiffID": "sha256:92ab49d2f22c64ebe8565f806b84ac587371164a5544c9e21d524a8e92edc66b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:8e5e80c6d5b929995b0941508c0b5e398f5b6f336707758df23b90b16fad4e51", "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", "Severity": "MEDIUM", "CweIDs": [ "CWE-116" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/771180", "https://go.dev/issue/78981", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", "https://pkg.go.dev/vuln/GO-2026-4980" ], "PublishedDate": "2026-05-07T20:16:43.49Z", "LastModifiedDate": "2026-05-13T16:59:07.48Z" } ] } ] }, { "Namespace": "metallb-system", "Kind": "DaemonSet", "Name": "speaker", "Metadata": [ { "Size": 128373248, "OS": { "Family": "debian", "Name": "12.8" }, "ImageID": "sha256:dacabb789863ddefff263613ea3345cfde0f8edf85253efc6d38742e89e4fdfa", "DiffIDs": [ "sha256:03af251906410714c5aef9fa705b63f6bbc39c4a5e787de7361eeb18886c2ed2", "sha256:8fa10c0194df9b7c054c90dbe482585f768a54428fc90a5b78a0066a123b1bba", "sha256:a80545a98dcd0866ae5eeadc9a28dec703b1e54a01ce8ff245e83f48261fe575", "sha256:4d049f83d9cf21d1f5cc0e11deaf36df02790d0e60c1a3829538fb4b61685368", "sha256:af5aa97ebe6ce1604747ec1e21af7136ded391bcabe4acef882e718a87c86bcc", "sha256:6f1cdceb6a3146f0ccb986521156bef8a422cdbb0863396f7f751f575ba308f4", "sha256:bbb6cacb8c82e4da4e8143e03351e939eab5e21ce0ef333c42e637af86c5217b", "sha256:2a92d6ac9e4fcc274d5168b217ca4458a9fec6f094ead68d99c77073f08caac1", "sha256:1a73b54f556b477f0a8b939d13c504a3b4f4db71f7a09c63afbc10acb3de5849", "sha256:f4aee9e53c42a22ed82451218c3ea03d1eea8d6ca8fbe8eb4e950304ba8a8bb3", "sha256:b336e209998fa5cf0eec3dabf93a21194198a35f4f75612d8da03693f8c30217", "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250", "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0", "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b", "sha256:850b6e87aff37bbb683118a6d8f549d991d4e316766d9dfc8db6304d9ef73ea0", "sha256:920976b98aa632190d3608c2a91d4f3454112f7a9d43f025865b8e6a88d87a9d" ], "RepoTags": [ "quay.io/metallb/speaker:v0.14.9" ], "RepoDigests": [ "quay.io/metallb/speaker@sha256:b09a1dfcf330938950b65115cd58f6989108c0c21d3c096040e7fe9a25a92993" ], "Reference": "quay.io/metallb/speaker:v0.14.9", "ImageConfig": { "architecture": "amd64", "created": "2024-12-17T14:55:52.242396277Z", "history": [ { "created": "0001-01-01T00:00:00Z" }, { "created": "0001-01-01T00:00:00Z" }, { "created": "0001-01-01T00:00:00Z" }, { "created": "0001-01-01T00:00:00Z" }, { "created": "0001-01-01T00:00:00Z" }, { "created": "0001-01-01T00:00:00Z" }, { "created": "0001-01-01T00:00:00Z" }, { "created": "0001-01-01T00:00:00Z" }, { "created": "0001-01-01T00:00:00Z" }, { "created": "0001-01-01T00:00:00Z" }, { "created": "0001-01-01T00:00:00Z" }, { "created": "2024-12-17T13:46:15.014506473Z", "created_by": "COPY /build/cp-tool /cp-tool # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2024-12-17T14:55:52.098710856Z", "created_by": "COPY /build/speaker /speaker # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2024-12-17T14:55:52.220646866Z", "created_by": "COPY /build/frr-metrics /frr-metrics # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2024-12-17T14:55:52.231171864Z", "created_by": "COPY frr-tools/reloader/frr-reloader.sh /frr-reloader.sh # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2024-12-17T14:55:52.242396277Z", "created_by": "COPY LICENSE / # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2024-12-17T14:55:52.242396277Z", "created_by": "LABEL org.opencontainers.image.authors=metallb org.opencontainers.image.url=https://github.com/metallb/metallb org.opencontainers.image.documentation=https://metallb.universe.tf org.opencontainers.image.source=https://github.com/metallb/metallb org.opencontainers.image.vendor=metallb org.opencontainers.image.licenses=Apache-2.0 org.opencontainers.image.description=Metallb speaker org.opencontainers.image.title=speaker org.opencontainers.image.base.name=gcr.io/distroless/static:latest", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2024-12-17T14:55:52.242396277Z", "created_by": "ENTRYPOINT [\"/speaker\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true } ], "os": "linux", "rootfs": { "type": "layers", "diff_ids": [ "sha256:03af251906410714c5aef9fa705b63f6bbc39c4a5e787de7361eeb18886c2ed2", "sha256:8fa10c0194df9b7c054c90dbe482585f768a54428fc90a5b78a0066a123b1bba", "sha256:a80545a98dcd0866ae5eeadc9a28dec703b1e54a01ce8ff245e83f48261fe575", "sha256:4d049f83d9cf21d1f5cc0e11deaf36df02790d0e60c1a3829538fb4b61685368", "sha256:af5aa97ebe6ce1604747ec1e21af7136ded391bcabe4acef882e718a87c86bcc", "sha256:6f1cdceb6a3146f0ccb986521156bef8a422cdbb0863396f7f751f575ba308f4", "sha256:bbb6cacb8c82e4da4e8143e03351e939eab5e21ce0ef333c42e637af86c5217b", "sha256:2a92d6ac9e4fcc274d5168b217ca4458a9fec6f094ead68d99c77073f08caac1", "sha256:1a73b54f556b477f0a8b939d13c504a3b4f4db71f7a09c63afbc10acb3de5849", "sha256:f4aee9e53c42a22ed82451218c3ea03d1eea8d6ca8fbe8eb4e950304ba8a8bb3", "sha256:b336e209998fa5cf0eec3dabf93a21194198a35f4f75612d8da03693f8c30217", "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250", "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0", "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b", "sha256:850b6e87aff37bbb683118a6d8f549d991d4e316766d9dfc8db6304d9ef73ea0", "sha256:920976b98aa632190d3608c2a91d4f3454112f7a9d43f025865b8e6a88d87a9d" ] }, "config": { "Entrypoint": [ "/speaker" ], "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt" ], "Labels": { "org.opencontainers.image.authors": "metallb", "org.opencontainers.image.base.name": "gcr.io/distroless/static:latest", "org.opencontainers.image.created": "2024-12-17T14:50:37.322Z", "org.opencontainers.image.description": "speaker for metallb, a network load-balancer implementation for Kubernetes using standard routing protocols", "org.opencontainers.image.documentation": "https://metallb.universe.tf", "org.opencontainers.image.licenses": "Apache-2.0", "org.opencontainers.image.revision": "5765ee504d21a3a237d9dab223ca707661269ecd", "org.opencontainers.image.source": "https://github.com/metallb/metallb", "org.opencontainers.image.title": "speaker", "org.opencontainers.image.url": "https://github.com/metallb/metallb", "org.opencontainers.image.vendor": "metallb", "org.opencontainers.image.version": "v0.14.9" }, "User": "0", "WorkingDir": "/" } }, "Layers": [ { "Size": 327680, "Digest": "sha256:0baecf37abeec25aad5f5bb99f3fa20e90f15361468ef5b66fae93e9c8283c3d", "DiffID": "sha256:03af251906410714c5aef9fa705b63f6bbc39c4a5e787de7361eeb18886c2ed2" }, { "Size": 40960, "Digest": "sha256:bfb59b82a9b65e47d485e53b3e815bca3b3e21a095bd0cb88ced9ac0b48062bf", "DiffID": "sha256:8fa10c0194df9b7c054c90dbe482585f768a54428fc90a5b78a0066a123b1bba" }, { "Size": 2396160, "Digest": "sha256:efa9d1d5d3a286c60a7261496166fdf31cec2284dafe7eef7cda89eba2f675d6", "DiffID": "sha256:a80545a98dcd0866ae5eeadc9a28dec703b1e54a01ce8ff245e83f48261fe575" }, { "Size": 1536, "Digest": "sha256:0f8b424aa0b96c1c388a5fd4d90735604459256336853082afb61733438872b5", "DiffID": "sha256:4d049f83d9cf21d1f5cc0e11deaf36df02790d0e60c1a3829538fb4b61685368" }, { "Size": 2560, "Digest": "sha256:d557676654e572af3e3173c90e7874644207fda32cd87e9d3d66b5d7b98a7b21", "DiffID": "sha256:af5aa97ebe6ce1604747ec1e21af7136ded391bcabe4acef882e718a87c86bcc" }, { "Size": 2560, "Digest": "sha256:3214acf345c0cc6bbdb56b698a41ccdefc624a09d6beb0d38b5de0b2303ecaf4", "DiffID": "sha256:6f1cdceb6a3146f0ccb986521156bef8a422cdbb0863396f7f751f575ba308f4" }, { "Size": 2560, "Digest": "sha256:d858cbc252ade14879807ff8dbc3043a26bbdb92087da98cda831ee040b172b3", "DiffID": "sha256:bbb6cacb8c82e4da4e8143e03351e939eab5e21ce0ef333c42e637af86c5217b" }, { "Size": 1536, "Digest": "sha256:1069fc2daed1aceff7232f4b8ab21200dd3d8b04f61be9da86977a34a105dfdc", "DiffID": "sha256:2a92d6ac9e4fcc274d5168b217ca4458a9fec6f094ead68d99c77073f08caac1" }, { "Size": 10240, "Digest": "sha256:b40161cd83fc5d470d6abe50e87aa288481b6b89137012881d74187cfbf9f502", "DiffID": "sha256:1a73b54f556b477f0a8b939d13c504a3b4f4db71f7a09c63afbc10acb3de5849" }, { "Size": 3072, "Digest": "sha256:3f4e2c5863480125882d92060440a5250766bce764fee10acdbac18c872e4dc7", "DiffID": "sha256:f4aee9e53c42a22ed82451218c3ea03d1eea8d6ca8fbe8eb4e950304ba8a8bb3" }, { "Size": 238592, "Digest": "sha256:80a8c047508ae5cd6a591060fc43422cb8e3aea1bd908d913e8f0146e2297fea", "DiffID": "sha256:b336e209998fa5cf0eec3dabf93a21194198a35f4f75612d8da03693f8c30217" }, { "Size": 2136576, "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" }, { "Size": 72461824, "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, { "Size": 50730496, "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, { "Size": 3584, "Digest": "sha256:b46ec170c3ced5da812e2570e4f54175c22d688b6736485136bd9fccc5cdd465", "DiffID": "sha256:850b6e87aff37bbb683118a6d8f549d991d4e316766d9dfc8db6304d9ef73ea0" }, { "Size": 13312, "Digest": "sha256:bb22fecdd8f317c65b63e46dbea45a05f9dc5498ffd5cc5440e6840311efed67", "DiffID": "sha256:920976b98aa632190d3608c2a91d4f3454112f7a9d43f025865b8e6a88d87a9d" } ] } ], "Results": [ { "Target": "quay.io/metallb/speaker:v0.14.9 (debian 12.8)", "Class": "os-pkgs", "Type": "debian", "Packages": [ { "ID": "base-files@12.4+deb12u8", "Name": "base-files", "Identifier": { "PURL": "pkg:deb/debian/base-files@12.4%2Bdeb12u8?arch=amd64\u0026distro=debian-12.8", "UID": "d14c71402a4a6855" }, "Version": "12.4+deb12u8", "Arch": "amd64", "SrcName": "base-files", "SrcVersion": "12.4+deb12u8", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Santiago Vila \u003csanvila@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:0baecf37abeec25aad5f5bb99f3fa20e90f15361468ef5b66fae93e9c8283c3d", "DiffID": "sha256:03af251906410714c5aef9fa705b63f6bbc39c4a5e787de7361eeb18886c2ed2" }, "InstalledFiles": [ "/usr/lib/os-release", "/usr/share/base-files/dot.bashrc", "/usr/share/base-files/dot.profile", "/usr/share/base-files/dot.profile.md5sums", "/usr/share/base-files/info.dir", "/usr/share/base-files/motd", "/usr/share/base-files/profile", "/usr/share/base-files/profile.md5sums", "/usr/share/base-files/staff-group-for-usr-local", "/usr/share/common-licenses/Apache-2.0", "/usr/share/common-licenses/Artistic", "/usr/share/common-licenses/BSD", "/usr/share/common-licenses/CC0-1.0", "/usr/share/common-licenses/GFDL-1.2", "/usr/share/common-licenses/GFDL-1.3", "/usr/share/common-licenses/GPL-1", "/usr/share/common-licenses/GPL-2", "/usr/share/common-licenses/GPL-3", "/usr/share/common-licenses/LGPL-2", "/usr/share/common-licenses/LGPL-2.1", "/usr/share/common-licenses/LGPL-3", "/usr/share/common-licenses/MPL-1.1", "/usr/share/common-licenses/MPL-2.0", "/usr/share/doc/base-files/README", "/usr/share/doc/base-files/README.FHS", "/usr/share/doc/base-files/changelog.gz", "/usr/share/doc/base-files/copyright", "/usr/share/lintian/overrides/base-files" ], "AnalyzedBy": "dpkg" }, { "ID": "netbase@6.4", "Name": "netbase", "Identifier": { "PURL": "pkg:deb/debian/netbase@6.4?arch=all\u0026distro=debian-12.8", "UID": "64adcbea2e4e887c" }, "Version": "6.4", "Arch": "all", "SrcName": "netbase", "SrcVersion": "6.4", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Marco d'Itri \u003cmd@linux.it\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:bfb59b82a9b65e47d485e53b3e815bca3b3e21a095bd0cb88ced9ac0b48062bf", "DiffID": "sha256:8fa10c0194df9b7c054c90dbe482585f768a54428fc90a5b78a0066a123b1bba" }, "InstalledFiles": [ "/usr/share/doc/netbase/changelog.gz", "/usr/share/doc/netbase/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "tzdata@2024b-0+deb12u1", "Name": "tzdata", "Identifier": { "PURL": "pkg:deb/debian/tzdata@2024b-0%2Bdeb12u1?arch=all\u0026distro=debian-12.8", "UID": "3a3b46fd2f480cbf" }, "Version": "2024b", "Release": "0+deb12u1", "Arch": "all", "SrcName": "tzdata", "SrcVersion": "2024b", "SrcRelease": "0+deb12u1", "Licenses": [ "public-domain" ], "Maintainer": "GNU Libc Maintainers \u003cdebian-glibc@lists.debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:efa9d1d5d3a286c60a7261496166fdf31cec2284dafe7eef7cda89eba2f675d6", "DiffID": "sha256:a80545a98dcd0866ae5eeadc9a28dec703b1e54a01ce8ff245e83f48261fe575" }, "InstalledFiles": [ "/usr/share/doc/tzdata/README.Debian", "/usr/share/doc/tzdata/changelog.Debian.gz", "/usr/share/doc/tzdata/changelog.gz", "/usr/share/doc/tzdata/copyright", "/usr/share/lintian/overrides/tzdata", "/usr/share/zoneinfo/Africa/Abidjan", "/usr/share/zoneinfo/Africa/Accra", "/usr/share/zoneinfo/Africa/Addis_Ababa", "/usr/share/zoneinfo/Africa/Algiers", "/usr/share/zoneinfo/Africa/Asmara", "/usr/share/zoneinfo/Africa/Bamako", "/usr/share/zoneinfo/Africa/Bangui", "/usr/share/zoneinfo/Africa/Banjul", "/usr/share/zoneinfo/Africa/Bissau", "/usr/share/zoneinfo/Africa/Blantyre", "/usr/share/zoneinfo/Africa/Brazzaville", "/usr/share/zoneinfo/Africa/Bujumbura", "/usr/share/zoneinfo/Africa/Cairo", "/usr/share/zoneinfo/Africa/Casablanca", "/usr/share/zoneinfo/Africa/Ceuta", "/usr/share/zoneinfo/Africa/Conakry", "/usr/share/zoneinfo/Africa/Dakar", "/usr/share/zoneinfo/Africa/Dar_es_Salaam", "/usr/share/zoneinfo/Africa/Djibouti", "/usr/share/zoneinfo/Africa/Douala", "/usr/share/zoneinfo/Africa/El_Aaiun", "/usr/share/zoneinfo/Africa/Freetown", "/usr/share/zoneinfo/Africa/Gaborone", "/usr/share/zoneinfo/Africa/Harare", "/usr/share/zoneinfo/Africa/Johannesburg", "/usr/share/zoneinfo/Africa/Juba", "/usr/share/zoneinfo/Africa/Kampala", "/usr/share/zoneinfo/Africa/Khartoum", "/usr/share/zoneinfo/Africa/Kigali", "/usr/share/zoneinfo/Africa/Kinshasa", "/usr/share/zoneinfo/Africa/Lagos", "/usr/share/zoneinfo/Africa/Libreville", "/usr/share/zoneinfo/Africa/Lome", "/usr/share/zoneinfo/Africa/Luanda", "/usr/share/zoneinfo/Africa/Lubumbashi", "/usr/share/zoneinfo/Africa/Lusaka", "/usr/share/zoneinfo/Africa/Malabo", "/usr/share/zoneinfo/Africa/Maputo", "/usr/share/zoneinfo/Africa/Maseru", "/usr/share/zoneinfo/Africa/Mbabane", "/usr/share/zoneinfo/Africa/Mogadishu", "/usr/share/zoneinfo/Africa/Monrovia", "/usr/share/zoneinfo/Africa/Nairobi", "/usr/share/zoneinfo/Africa/Ndjamena", "/usr/share/zoneinfo/Africa/Niamey", "/usr/share/zoneinfo/Africa/Nouakchott", "/usr/share/zoneinfo/Africa/Ouagadougou", "/usr/share/zoneinfo/Africa/Porto-Novo", "/usr/share/zoneinfo/Africa/Sao_Tome", "/usr/share/zoneinfo/Africa/Tripoli", "/usr/share/zoneinfo/Africa/Tunis", "/usr/share/zoneinfo/Africa/Windhoek", "/usr/share/zoneinfo/America/Adak", "/usr/share/zoneinfo/America/Anchorage", "/usr/share/zoneinfo/America/Anguilla", "/usr/share/zoneinfo/America/Antigua", "/usr/share/zoneinfo/America/Araguaina", "/usr/share/zoneinfo/America/Argentina/Buenos_Aires", "/usr/share/zoneinfo/America/Argentina/Catamarca", "/usr/share/zoneinfo/America/Argentina/Cordoba", "/usr/share/zoneinfo/America/Argentina/Jujuy", "/usr/share/zoneinfo/America/Argentina/La_Rioja", "/usr/share/zoneinfo/America/Argentina/Mendoza", "/usr/share/zoneinfo/America/Argentina/Rio_Gallegos", "/usr/share/zoneinfo/America/Argentina/Salta", "/usr/share/zoneinfo/America/Argentina/San_Juan", "/usr/share/zoneinfo/America/Argentina/San_Luis", "/usr/share/zoneinfo/America/Argentina/Tucuman", "/usr/share/zoneinfo/America/Argentina/Ushuaia", "/usr/share/zoneinfo/America/Aruba", "/usr/share/zoneinfo/America/Asuncion", "/usr/share/zoneinfo/America/Atikokan", "/usr/share/zoneinfo/America/Bahia", "/usr/share/zoneinfo/America/Bahia_Banderas", "/usr/share/zoneinfo/America/Barbados", "/usr/share/zoneinfo/America/Belem", "/usr/share/zoneinfo/America/Belize", "/usr/share/zoneinfo/America/Blanc-Sablon", "/usr/share/zoneinfo/America/Boa_Vista", "/usr/share/zoneinfo/America/Bogota", "/usr/share/zoneinfo/America/Boise", "/usr/share/zoneinfo/America/Cambridge_Bay", "/usr/share/zoneinfo/America/Campo_Grande", "/usr/share/zoneinfo/America/Cancun", "/usr/share/zoneinfo/America/Caracas", "/usr/share/zoneinfo/America/Cayenne", "/usr/share/zoneinfo/America/Cayman", "/usr/share/zoneinfo/America/Chicago", "/usr/share/zoneinfo/America/Chihuahua", "/usr/share/zoneinfo/America/Ciudad_Juarez", "/usr/share/zoneinfo/America/Costa_Rica", "/usr/share/zoneinfo/America/Creston", "/usr/share/zoneinfo/America/Cuiaba", "/usr/share/zoneinfo/America/Curacao", "/usr/share/zoneinfo/America/Danmarkshavn", "/usr/share/zoneinfo/America/Dawson", "/usr/share/zoneinfo/America/Dawson_Creek", "/usr/share/zoneinfo/America/Denver", "/usr/share/zoneinfo/America/Detroit", "/usr/share/zoneinfo/America/Dominica", "/usr/share/zoneinfo/America/Edmonton", "/usr/share/zoneinfo/America/Eirunepe", "/usr/share/zoneinfo/America/El_Salvador", "/usr/share/zoneinfo/America/Fort_Nelson", "/usr/share/zoneinfo/America/Fortaleza", "/usr/share/zoneinfo/America/Glace_Bay", "/usr/share/zoneinfo/America/Goose_Bay", "/usr/share/zoneinfo/America/Grand_Turk", "/usr/share/zoneinfo/America/Grenada", "/usr/share/zoneinfo/America/Guadeloupe", "/usr/share/zoneinfo/America/Guatemala", "/usr/share/zoneinfo/America/Guayaquil", "/usr/share/zoneinfo/America/Guyana", "/usr/share/zoneinfo/America/Halifax", "/usr/share/zoneinfo/America/Havana", "/usr/share/zoneinfo/America/Hermosillo", "/usr/share/zoneinfo/America/Indiana/Indianapolis", "/usr/share/zoneinfo/America/Indiana/Knox", "/usr/share/zoneinfo/America/Indiana/Marengo", "/usr/share/zoneinfo/America/Indiana/Petersburg", "/usr/share/zoneinfo/America/Indiana/Tell_City", "/usr/share/zoneinfo/America/Indiana/Vevay", "/usr/share/zoneinfo/America/Indiana/Vincennes", "/usr/share/zoneinfo/America/Indiana/Winamac", "/usr/share/zoneinfo/America/Inuvik", "/usr/share/zoneinfo/America/Iqaluit", "/usr/share/zoneinfo/America/Jamaica", "/usr/share/zoneinfo/America/Juneau", "/usr/share/zoneinfo/America/Kentucky/Louisville", "/usr/share/zoneinfo/America/Kentucky/Monticello", "/usr/share/zoneinfo/America/La_Paz", "/usr/share/zoneinfo/America/Lima", "/usr/share/zoneinfo/America/Los_Angeles", "/usr/share/zoneinfo/America/Maceio", "/usr/share/zoneinfo/America/Managua", "/usr/share/zoneinfo/America/Manaus", "/usr/share/zoneinfo/America/Martinique", "/usr/share/zoneinfo/America/Matamoros", "/usr/share/zoneinfo/America/Mazatlan", "/usr/share/zoneinfo/America/Menominee", "/usr/share/zoneinfo/America/Merida", "/usr/share/zoneinfo/America/Metlakatla", "/usr/share/zoneinfo/America/Mexico_City", "/usr/share/zoneinfo/America/Miquelon", "/usr/share/zoneinfo/America/Moncton", "/usr/share/zoneinfo/America/Monterrey", "/usr/share/zoneinfo/America/Montevideo", "/usr/share/zoneinfo/America/Montserrat", "/usr/share/zoneinfo/America/Nassau", "/usr/share/zoneinfo/America/New_York", "/usr/share/zoneinfo/America/Nome", "/usr/share/zoneinfo/America/Noronha", "/usr/share/zoneinfo/America/North_Dakota/Beulah", "/usr/share/zoneinfo/America/North_Dakota/Center", "/usr/share/zoneinfo/America/North_Dakota/New_Salem", "/usr/share/zoneinfo/America/Nuuk", "/usr/share/zoneinfo/America/Ojinaga", "/usr/share/zoneinfo/America/Panama", "/usr/share/zoneinfo/America/Paramaribo", "/usr/share/zoneinfo/America/Phoenix", "/usr/share/zoneinfo/America/Port-au-Prince", "/usr/share/zoneinfo/America/Port_of_Spain", "/usr/share/zoneinfo/America/Porto_Velho", "/usr/share/zoneinfo/America/Puerto_Rico", "/usr/share/zoneinfo/America/Punta_Arenas", "/usr/share/zoneinfo/America/Rankin_Inlet", "/usr/share/zoneinfo/America/Recife", "/usr/share/zoneinfo/America/Regina", "/usr/share/zoneinfo/America/Resolute", "/usr/share/zoneinfo/America/Rio_Branco", "/usr/share/zoneinfo/America/Santarem", "/usr/share/zoneinfo/America/Santiago", "/usr/share/zoneinfo/America/Santo_Domingo", "/usr/share/zoneinfo/America/Sao_Paulo", "/usr/share/zoneinfo/America/Scoresbysund", "/usr/share/zoneinfo/America/Sitka", "/usr/share/zoneinfo/America/St_Johns", "/usr/share/zoneinfo/America/St_Kitts", "/usr/share/zoneinfo/America/St_Lucia", "/usr/share/zoneinfo/America/St_Thomas", "/usr/share/zoneinfo/America/St_Vincent", "/usr/share/zoneinfo/America/Swift_Current", "/usr/share/zoneinfo/America/Tegucigalpa", "/usr/share/zoneinfo/America/Thule", "/usr/share/zoneinfo/America/Tijuana", "/usr/share/zoneinfo/America/Toronto", "/usr/share/zoneinfo/America/Tortola", "/usr/share/zoneinfo/America/Vancouver", "/usr/share/zoneinfo/America/Whitehorse", "/usr/share/zoneinfo/America/Winnipeg", "/usr/share/zoneinfo/America/Yakutat", "/usr/share/zoneinfo/Antarctica/Casey", "/usr/share/zoneinfo/Antarctica/Davis", "/usr/share/zoneinfo/Antarctica/DumontDUrville", "/usr/share/zoneinfo/Antarctica/Macquarie", "/usr/share/zoneinfo/Antarctica/Mawson", "/usr/share/zoneinfo/Antarctica/McMurdo", "/usr/share/zoneinfo/Antarctica/Palmer", "/usr/share/zoneinfo/Antarctica/Rothera", "/usr/share/zoneinfo/Antarctica/Syowa", "/usr/share/zoneinfo/Antarctica/Troll", "/usr/share/zoneinfo/Antarctica/Vostok", "/usr/share/zoneinfo/Asia/Aden", "/usr/share/zoneinfo/Asia/Almaty", "/usr/share/zoneinfo/Asia/Amman", "/usr/share/zoneinfo/Asia/Anadyr", "/usr/share/zoneinfo/Asia/Aqtau", "/usr/share/zoneinfo/Asia/Aqtobe", "/usr/share/zoneinfo/Asia/Ashgabat", "/usr/share/zoneinfo/Asia/Atyrau", "/usr/share/zoneinfo/Asia/Baghdad", "/usr/share/zoneinfo/Asia/Bahrain", "/usr/share/zoneinfo/Asia/Baku", "/usr/share/zoneinfo/Asia/Bangkok", "/usr/share/zoneinfo/Asia/Barnaul", "/usr/share/zoneinfo/Asia/Beirut", "/usr/share/zoneinfo/Asia/Bishkek", "/usr/share/zoneinfo/Asia/Brunei", "/usr/share/zoneinfo/Asia/Chita", "/usr/share/zoneinfo/Asia/Colombo", "/usr/share/zoneinfo/Asia/Damascus", "/usr/share/zoneinfo/Asia/Dhaka", "/usr/share/zoneinfo/Asia/Dili", "/usr/share/zoneinfo/Asia/Dubai", "/usr/share/zoneinfo/Asia/Dushanbe", "/usr/share/zoneinfo/Asia/Famagusta", "/usr/share/zoneinfo/Asia/Gaza", "/usr/share/zoneinfo/Asia/Hebron", "/usr/share/zoneinfo/Asia/Ho_Chi_Minh", "/usr/share/zoneinfo/Asia/Hong_Kong", "/usr/share/zoneinfo/Asia/Hovd", "/usr/share/zoneinfo/Asia/Irkutsk", "/usr/share/zoneinfo/Asia/Jakarta", "/usr/share/zoneinfo/Asia/Jayapura", "/usr/share/zoneinfo/Asia/Jerusalem", "/usr/share/zoneinfo/Asia/Kabul", "/usr/share/zoneinfo/Asia/Kamchatka", "/usr/share/zoneinfo/Asia/Karachi", "/usr/share/zoneinfo/Asia/Kathmandu", "/usr/share/zoneinfo/Asia/Khandyga", "/usr/share/zoneinfo/Asia/Kolkata", "/usr/share/zoneinfo/Asia/Krasnoyarsk", "/usr/share/zoneinfo/Asia/Kuala_Lumpur", "/usr/share/zoneinfo/Asia/Kuching", "/usr/share/zoneinfo/Asia/Kuwait", "/usr/share/zoneinfo/Asia/Macau", "/usr/share/zoneinfo/Asia/Magadan", "/usr/share/zoneinfo/Asia/Makassar", "/usr/share/zoneinfo/Asia/Manila", "/usr/share/zoneinfo/Asia/Muscat", "/usr/share/zoneinfo/Asia/Nicosia", "/usr/share/zoneinfo/Asia/Novokuznetsk", "/usr/share/zoneinfo/Asia/Novosibirsk", "/usr/share/zoneinfo/Asia/Omsk", "/usr/share/zoneinfo/Asia/Oral", "/usr/share/zoneinfo/Asia/Phnom_Penh", "/usr/share/zoneinfo/Asia/Pontianak", "/usr/share/zoneinfo/Asia/Pyongyang", "/usr/share/zoneinfo/Asia/Qatar", "/usr/share/zoneinfo/Asia/Qostanay", "/usr/share/zoneinfo/Asia/Qyzylorda", "/usr/share/zoneinfo/Asia/Riyadh", "/usr/share/zoneinfo/Asia/Sakhalin", "/usr/share/zoneinfo/Asia/Samarkand", "/usr/share/zoneinfo/Asia/Seoul", "/usr/share/zoneinfo/Asia/Shanghai", "/usr/share/zoneinfo/Asia/Singapore", "/usr/share/zoneinfo/Asia/Srednekolymsk", "/usr/share/zoneinfo/Asia/Taipei", "/usr/share/zoneinfo/Asia/Tashkent", "/usr/share/zoneinfo/Asia/Tbilisi", "/usr/share/zoneinfo/Asia/Tehran", "/usr/share/zoneinfo/Asia/Thimphu", "/usr/share/zoneinfo/Asia/Tokyo", "/usr/share/zoneinfo/Asia/Tomsk", "/usr/share/zoneinfo/Asia/Ulaanbaatar", "/usr/share/zoneinfo/Asia/Urumqi", "/usr/share/zoneinfo/Asia/Ust-Nera", "/usr/share/zoneinfo/Asia/Vientiane", "/usr/share/zoneinfo/Asia/Vladivostok", "/usr/share/zoneinfo/Asia/Yakutsk", "/usr/share/zoneinfo/Asia/Yangon", "/usr/share/zoneinfo/Asia/Yekaterinburg", "/usr/share/zoneinfo/Asia/Yerevan", "/usr/share/zoneinfo/Atlantic/Azores", "/usr/share/zoneinfo/Atlantic/Bermuda", "/usr/share/zoneinfo/Atlantic/Canary", "/usr/share/zoneinfo/Atlantic/Cape_Verde", "/usr/share/zoneinfo/Atlantic/Faroe", "/usr/share/zoneinfo/Atlantic/Madeira", "/usr/share/zoneinfo/Atlantic/Reykjavik", "/usr/share/zoneinfo/Atlantic/South_Georgia", "/usr/share/zoneinfo/Atlantic/St_Helena", "/usr/share/zoneinfo/Atlantic/Stanley", "/usr/share/zoneinfo/Australia/Adelaide", "/usr/share/zoneinfo/Australia/Brisbane", "/usr/share/zoneinfo/Australia/Broken_Hill", "/usr/share/zoneinfo/Australia/Darwin", "/usr/share/zoneinfo/Australia/Eucla", "/usr/share/zoneinfo/Australia/Hobart", "/usr/share/zoneinfo/Australia/Lindeman", "/usr/share/zoneinfo/Australia/Lord_Howe", "/usr/share/zoneinfo/Australia/Melbourne", "/usr/share/zoneinfo/Australia/Perth", "/usr/share/zoneinfo/Australia/Sydney", "/usr/share/zoneinfo/CET", "/usr/share/zoneinfo/CST6CDT", "/usr/share/zoneinfo/EET", "/usr/share/zoneinfo/EST", "/usr/share/zoneinfo/EST5EDT", "/usr/share/zoneinfo/Etc/GMT", "/usr/share/zoneinfo/Etc/GMT+1", "/usr/share/zoneinfo/Etc/GMT+10", "/usr/share/zoneinfo/Etc/GMT+11", "/usr/share/zoneinfo/Etc/GMT+12", "/usr/share/zoneinfo/Etc/GMT+2", "/usr/share/zoneinfo/Etc/GMT+3", "/usr/share/zoneinfo/Etc/GMT+4", "/usr/share/zoneinfo/Etc/GMT+5", "/usr/share/zoneinfo/Etc/GMT+6", "/usr/share/zoneinfo/Etc/GMT+7", "/usr/share/zoneinfo/Etc/GMT+8", "/usr/share/zoneinfo/Etc/GMT+9", "/usr/share/zoneinfo/Etc/GMT-1", "/usr/share/zoneinfo/Etc/GMT-10", "/usr/share/zoneinfo/Etc/GMT-11", "/usr/share/zoneinfo/Etc/GMT-12", "/usr/share/zoneinfo/Etc/GMT-13", "/usr/share/zoneinfo/Etc/GMT-14", "/usr/share/zoneinfo/Etc/GMT-2", "/usr/share/zoneinfo/Etc/GMT-3", "/usr/share/zoneinfo/Etc/GMT-4", "/usr/share/zoneinfo/Etc/GMT-5", "/usr/share/zoneinfo/Etc/GMT-6", "/usr/share/zoneinfo/Etc/GMT-7", "/usr/share/zoneinfo/Etc/GMT-8", "/usr/share/zoneinfo/Etc/GMT-9", "/usr/share/zoneinfo/Etc/UTC", "/usr/share/zoneinfo/Europe/Amsterdam", "/usr/share/zoneinfo/Europe/Andorra", "/usr/share/zoneinfo/Europe/Astrakhan", "/usr/share/zoneinfo/Europe/Athens", "/usr/share/zoneinfo/Europe/Belgrade", "/usr/share/zoneinfo/Europe/Berlin", "/usr/share/zoneinfo/Europe/Brussels", "/usr/share/zoneinfo/Europe/Bucharest", "/usr/share/zoneinfo/Europe/Budapest", "/usr/share/zoneinfo/Europe/Chisinau", "/usr/share/zoneinfo/Europe/Copenhagen", "/usr/share/zoneinfo/Europe/Dublin", "/usr/share/zoneinfo/Europe/Gibraltar", "/usr/share/zoneinfo/Europe/Guernsey", "/usr/share/zoneinfo/Europe/Helsinki", "/usr/share/zoneinfo/Europe/Isle_of_Man", "/usr/share/zoneinfo/Europe/Istanbul", "/usr/share/zoneinfo/Europe/Jersey", "/usr/share/zoneinfo/Europe/Kaliningrad", "/usr/share/zoneinfo/Europe/Kirov", "/usr/share/zoneinfo/Europe/Kyiv", "/usr/share/zoneinfo/Europe/Lisbon", "/usr/share/zoneinfo/Europe/Ljubljana", "/usr/share/zoneinfo/Europe/London", "/usr/share/zoneinfo/Europe/Luxembourg", "/usr/share/zoneinfo/Europe/Madrid", "/usr/share/zoneinfo/Europe/Malta", "/usr/share/zoneinfo/Europe/Minsk", "/usr/share/zoneinfo/Europe/Monaco", "/usr/share/zoneinfo/Europe/Moscow", "/usr/share/zoneinfo/Europe/Oslo", "/usr/share/zoneinfo/Europe/Paris", "/usr/share/zoneinfo/Europe/Prague", "/usr/share/zoneinfo/Europe/Riga", "/usr/share/zoneinfo/Europe/Rome", "/usr/share/zoneinfo/Europe/Samara", "/usr/share/zoneinfo/Europe/Sarajevo", "/usr/share/zoneinfo/Europe/Saratov", "/usr/share/zoneinfo/Europe/Simferopol", "/usr/share/zoneinfo/Europe/Skopje", "/usr/share/zoneinfo/Europe/Sofia", "/usr/share/zoneinfo/Europe/Stockholm", "/usr/share/zoneinfo/Europe/Tallinn", "/usr/share/zoneinfo/Europe/Tirane", "/usr/share/zoneinfo/Europe/Ulyanovsk", "/usr/share/zoneinfo/Europe/Vaduz", "/usr/share/zoneinfo/Europe/Vienna", "/usr/share/zoneinfo/Europe/Vilnius", "/usr/share/zoneinfo/Europe/Volgograd", "/usr/share/zoneinfo/Europe/Warsaw", "/usr/share/zoneinfo/Europe/Zagreb", "/usr/share/zoneinfo/Europe/Zurich", "/usr/share/zoneinfo/Factory", "/usr/share/zoneinfo/HST", "/usr/share/zoneinfo/Indian/Antananarivo", "/usr/share/zoneinfo/Indian/Chagos", "/usr/share/zoneinfo/Indian/Christmas", "/usr/share/zoneinfo/Indian/Cocos", "/usr/share/zoneinfo/Indian/Comoro", "/usr/share/zoneinfo/Indian/Kerguelen", "/usr/share/zoneinfo/Indian/Mahe", "/usr/share/zoneinfo/Indian/Maldives", "/usr/share/zoneinfo/Indian/Mauritius", "/usr/share/zoneinfo/Indian/Mayotte", "/usr/share/zoneinfo/Indian/Reunion", "/usr/share/zoneinfo/MET", "/usr/share/zoneinfo/MST", "/usr/share/zoneinfo/MST7MDT", "/usr/share/zoneinfo/PST8PDT", "/usr/share/zoneinfo/Pacific/Apia", "/usr/share/zoneinfo/Pacific/Auckland", "/usr/share/zoneinfo/Pacific/Bougainville", "/usr/share/zoneinfo/Pacific/Chatham", "/usr/share/zoneinfo/Pacific/Chuuk", "/usr/share/zoneinfo/Pacific/Easter", "/usr/share/zoneinfo/Pacific/Efate", "/usr/share/zoneinfo/Pacific/Fakaofo", "/usr/share/zoneinfo/Pacific/Fiji", "/usr/share/zoneinfo/Pacific/Funafuti", "/usr/share/zoneinfo/Pacific/Galapagos", "/usr/share/zoneinfo/Pacific/Gambier", "/usr/share/zoneinfo/Pacific/Guadalcanal", "/usr/share/zoneinfo/Pacific/Guam", "/usr/share/zoneinfo/Pacific/Honolulu", "/usr/share/zoneinfo/Pacific/Kanton", "/usr/share/zoneinfo/Pacific/Kiritimati", "/usr/share/zoneinfo/Pacific/Kosrae", "/usr/share/zoneinfo/Pacific/Kwajalein", "/usr/share/zoneinfo/Pacific/Majuro", "/usr/share/zoneinfo/Pacific/Marquesas", "/usr/share/zoneinfo/Pacific/Midway", "/usr/share/zoneinfo/Pacific/Nauru", "/usr/share/zoneinfo/Pacific/Niue", "/usr/share/zoneinfo/Pacific/Norfolk", "/usr/share/zoneinfo/Pacific/Noumea", "/usr/share/zoneinfo/Pacific/Pago_Pago", "/usr/share/zoneinfo/Pacific/Palau", "/usr/share/zoneinfo/Pacific/Pitcairn", "/usr/share/zoneinfo/Pacific/Pohnpei", "/usr/share/zoneinfo/Pacific/Port_Moresby", "/usr/share/zoneinfo/Pacific/Rarotonga", "/usr/share/zoneinfo/Pacific/Saipan", "/usr/share/zoneinfo/Pacific/Tahiti", "/usr/share/zoneinfo/Pacific/Tarawa", "/usr/share/zoneinfo/Pacific/Tongatapu", "/usr/share/zoneinfo/Pacific/Wake", "/usr/share/zoneinfo/Pacific/Wallis", "/usr/share/zoneinfo/WET", "/usr/share/zoneinfo/iso3166.tab", "/usr/share/zoneinfo/leap-seconds.list", "/usr/share/zoneinfo/leapseconds", "/usr/share/zoneinfo/right/Africa/Abidjan", "/usr/share/zoneinfo/right/Africa/Accra", "/usr/share/zoneinfo/right/Africa/Addis_Ababa", "/usr/share/zoneinfo/right/Africa/Algiers", "/usr/share/zoneinfo/right/Africa/Asmara", "/usr/share/zoneinfo/right/Africa/Bamako", "/usr/share/zoneinfo/right/Africa/Bangui", "/usr/share/zoneinfo/right/Africa/Banjul", "/usr/share/zoneinfo/right/Africa/Bissau", "/usr/share/zoneinfo/right/Africa/Blantyre", "/usr/share/zoneinfo/right/Africa/Brazzaville", "/usr/share/zoneinfo/right/Africa/Bujumbura", "/usr/share/zoneinfo/right/Africa/Cairo", "/usr/share/zoneinfo/right/Africa/Casablanca", "/usr/share/zoneinfo/right/Africa/Ceuta", "/usr/share/zoneinfo/right/Africa/Conakry", "/usr/share/zoneinfo/right/Africa/Dakar", "/usr/share/zoneinfo/right/Africa/Dar_es_Salaam", "/usr/share/zoneinfo/right/Africa/Djibouti", "/usr/share/zoneinfo/right/Africa/Douala", "/usr/share/zoneinfo/right/Africa/El_Aaiun", "/usr/share/zoneinfo/right/Africa/Freetown", "/usr/share/zoneinfo/right/Africa/Gaborone", "/usr/share/zoneinfo/right/Africa/Harare", "/usr/share/zoneinfo/right/Africa/Johannesburg", "/usr/share/zoneinfo/right/Africa/Juba", "/usr/share/zoneinfo/right/Africa/Kampala", "/usr/share/zoneinfo/right/Africa/Khartoum", "/usr/share/zoneinfo/right/Africa/Kigali", "/usr/share/zoneinfo/right/Africa/Kinshasa", "/usr/share/zoneinfo/right/Africa/Lagos", "/usr/share/zoneinfo/right/Africa/Libreville", "/usr/share/zoneinfo/right/Africa/Lome", "/usr/share/zoneinfo/right/Africa/Luanda", "/usr/share/zoneinfo/right/Africa/Lubumbashi", "/usr/share/zoneinfo/right/Africa/Lusaka", "/usr/share/zoneinfo/right/Africa/Malabo", "/usr/share/zoneinfo/right/Africa/Maputo", "/usr/share/zoneinfo/right/Africa/Maseru", "/usr/share/zoneinfo/right/Africa/Mbabane", "/usr/share/zoneinfo/right/Africa/Mogadishu", "/usr/share/zoneinfo/right/Africa/Monrovia", "/usr/share/zoneinfo/right/Africa/Nairobi", "/usr/share/zoneinfo/right/Africa/Ndjamena", "/usr/share/zoneinfo/right/Africa/Niamey", "/usr/share/zoneinfo/right/Africa/Nouakchott", "/usr/share/zoneinfo/right/Africa/Ouagadougou", "/usr/share/zoneinfo/right/Africa/Porto-Novo", "/usr/share/zoneinfo/right/Africa/Sao_Tome", "/usr/share/zoneinfo/right/Africa/Tripoli", "/usr/share/zoneinfo/right/Africa/Tunis", "/usr/share/zoneinfo/right/Africa/Windhoek", "/usr/share/zoneinfo/right/America/Adak", "/usr/share/zoneinfo/right/America/Anchorage", "/usr/share/zoneinfo/right/America/Anguilla", "/usr/share/zoneinfo/right/America/Antigua", "/usr/share/zoneinfo/right/America/Araguaina", "/usr/share/zoneinfo/right/America/Argentina/Buenos_Aires", "/usr/share/zoneinfo/right/America/Argentina/Catamarca", "/usr/share/zoneinfo/right/America/Argentina/Cordoba", "/usr/share/zoneinfo/right/America/Argentina/Jujuy", "/usr/share/zoneinfo/right/America/Argentina/La_Rioja", "/usr/share/zoneinfo/right/America/Argentina/Mendoza", "/usr/share/zoneinfo/right/America/Argentina/Rio_Gallegos", "/usr/share/zoneinfo/right/America/Argentina/Salta", "/usr/share/zoneinfo/right/America/Argentina/San_Juan", "/usr/share/zoneinfo/right/America/Argentina/San_Luis", "/usr/share/zoneinfo/right/America/Argentina/Tucuman", "/usr/share/zoneinfo/right/America/Argentina/Ushuaia", "/usr/share/zoneinfo/right/America/Aruba", "/usr/share/zoneinfo/right/America/Asuncion", "/usr/share/zoneinfo/right/America/Atikokan", "/usr/share/zoneinfo/right/America/Bahia", "/usr/share/zoneinfo/right/America/Bahia_Banderas", "/usr/share/zoneinfo/right/America/Barbados", "/usr/share/zoneinfo/right/America/Belem", "/usr/share/zoneinfo/right/America/Belize", "/usr/share/zoneinfo/right/America/Blanc-Sablon", "/usr/share/zoneinfo/right/America/Boa_Vista", "/usr/share/zoneinfo/right/America/Bogota", "/usr/share/zoneinfo/right/America/Boise", "/usr/share/zoneinfo/right/America/Cambridge_Bay", "/usr/share/zoneinfo/right/America/Campo_Grande", "/usr/share/zoneinfo/right/America/Cancun", "/usr/share/zoneinfo/right/America/Caracas", "/usr/share/zoneinfo/right/America/Cayenne", "/usr/share/zoneinfo/right/America/Cayman", "/usr/share/zoneinfo/right/America/Chicago", "/usr/share/zoneinfo/right/America/Chihuahua", "/usr/share/zoneinfo/right/America/Ciudad_Juarez", "/usr/share/zoneinfo/right/America/Costa_Rica", "/usr/share/zoneinfo/right/America/Creston", "/usr/share/zoneinfo/right/America/Cuiaba", "/usr/share/zoneinfo/right/America/Curacao", "/usr/share/zoneinfo/right/America/Danmarkshavn", "/usr/share/zoneinfo/right/America/Dawson", "/usr/share/zoneinfo/right/America/Dawson_Creek", "/usr/share/zoneinfo/right/America/Denver", "/usr/share/zoneinfo/right/America/Detroit", "/usr/share/zoneinfo/right/America/Dominica", "/usr/share/zoneinfo/right/America/Edmonton", "/usr/share/zoneinfo/right/America/Eirunepe", "/usr/share/zoneinfo/right/America/El_Salvador", "/usr/share/zoneinfo/right/America/Fort_Nelson", "/usr/share/zoneinfo/right/America/Fortaleza", "/usr/share/zoneinfo/right/America/Glace_Bay", "/usr/share/zoneinfo/right/America/Goose_Bay", "/usr/share/zoneinfo/right/America/Grand_Turk", "/usr/share/zoneinfo/right/America/Grenada", "/usr/share/zoneinfo/right/America/Guadeloupe", "/usr/share/zoneinfo/right/America/Guatemala", "/usr/share/zoneinfo/right/America/Guayaquil", "/usr/share/zoneinfo/right/America/Guyana", "/usr/share/zoneinfo/right/America/Halifax", "/usr/share/zoneinfo/right/America/Havana", "/usr/share/zoneinfo/right/America/Hermosillo", "/usr/share/zoneinfo/right/America/Indiana/Indianapolis", "/usr/share/zoneinfo/right/America/Indiana/Knox", "/usr/share/zoneinfo/right/America/Indiana/Marengo", "/usr/share/zoneinfo/right/America/Indiana/Petersburg", "/usr/share/zoneinfo/right/America/Indiana/Tell_City", "/usr/share/zoneinfo/right/America/Indiana/Vevay", "/usr/share/zoneinfo/right/America/Indiana/Vincennes", "/usr/share/zoneinfo/right/America/Indiana/Winamac", "/usr/share/zoneinfo/right/America/Inuvik", "/usr/share/zoneinfo/right/America/Iqaluit", "/usr/share/zoneinfo/right/America/Jamaica", "/usr/share/zoneinfo/right/America/Juneau", "/usr/share/zoneinfo/right/America/Kentucky/Louisville", "/usr/share/zoneinfo/right/America/Kentucky/Monticello", "/usr/share/zoneinfo/right/America/La_Paz", "/usr/share/zoneinfo/right/America/Lima", "/usr/share/zoneinfo/right/America/Los_Angeles", "/usr/share/zoneinfo/right/America/Maceio", "/usr/share/zoneinfo/right/America/Managua", "/usr/share/zoneinfo/right/America/Manaus", "/usr/share/zoneinfo/right/America/Martinique", "/usr/share/zoneinfo/right/America/Matamoros", "/usr/share/zoneinfo/right/America/Mazatlan", "/usr/share/zoneinfo/right/America/Menominee", "/usr/share/zoneinfo/right/America/Merida", "/usr/share/zoneinfo/right/America/Metlakatla", "/usr/share/zoneinfo/right/America/Mexico_City", "/usr/share/zoneinfo/right/America/Miquelon", "/usr/share/zoneinfo/right/America/Moncton", "/usr/share/zoneinfo/right/America/Monterrey", "/usr/share/zoneinfo/right/America/Montevideo", "/usr/share/zoneinfo/right/America/Montserrat", "/usr/share/zoneinfo/right/America/Nassau", "/usr/share/zoneinfo/right/America/New_York", "/usr/share/zoneinfo/right/America/Nome", "/usr/share/zoneinfo/right/America/Noronha", "/usr/share/zoneinfo/right/America/North_Dakota/Beulah", "/usr/share/zoneinfo/right/America/North_Dakota/Center", "/usr/share/zoneinfo/right/America/North_Dakota/New_Salem", "/usr/share/zoneinfo/right/America/Nuuk", "/usr/share/zoneinfo/right/America/Ojinaga", "/usr/share/zoneinfo/right/America/Panama", "/usr/share/zoneinfo/right/America/Paramaribo", "/usr/share/zoneinfo/right/America/Phoenix", "/usr/share/zoneinfo/right/America/Port-au-Prince", "/usr/share/zoneinfo/right/America/Port_of_Spain", "/usr/share/zoneinfo/right/America/Porto_Velho", "/usr/share/zoneinfo/right/America/Puerto_Rico", "/usr/share/zoneinfo/right/America/Punta_Arenas", "/usr/share/zoneinfo/right/America/Rankin_Inlet", "/usr/share/zoneinfo/right/America/Recife", "/usr/share/zoneinfo/right/America/Regina", "/usr/share/zoneinfo/right/America/Resolute", "/usr/share/zoneinfo/right/America/Rio_Branco", "/usr/share/zoneinfo/right/America/Santarem", "/usr/share/zoneinfo/right/America/Santiago", "/usr/share/zoneinfo/right/America/Santo_Domingo", "/usr/share/zoneinfo/right/America/Sao_Paulo", "/usr/share/zoneinfo/right/America/Scoresbysund", "/usr/share/zoneinfo/right/America/Sitka", "/usr/share/zoneinfo/right/America/St_Johns", "/usr/share/zoneinfo/right/America/St_Kitts", "/usr/share/zoneinfo/right/America/St_Lucia", "/usr/share/zoneinfo/right/America/St_Thomas", "/usr/share/zoneinfo/right/America/St_Vincent", "/usr/share/zoneinfo/right/America/Swift_Current", "/usr/share/zoneinfo/right/America/Tegucigalpa", "/usr/share/zoneinfo/right/America/Thule", "/usr/share/zoneinfo/right/America/Tijuana", "/usr/share/zoneinfo/right/America/Toronto", "/usr/share/zoneinfo/right/America/Tortola", "/usr/share/zoneinfo/right/America/Vancouver", "/usr/share/zoneinfo/right/America/Whitehorse", "/usr/share/zoneinfo/right/America/Winnipeg", "/usr/share/zoneinfo/right/America/Yakutat", "/usr/share/zoneinfo/right/Antarctica/Casey", "/usr/share/zoneinfo/right/Antarctica/Davis", "/usr/share/zoneinfo/right/Antarctica/DumontDUrville", "/usr/share/zoneinfo/right/Antarctica/Macquarie", "/usr/share/zoneinfo/right/Antarctica/Mawson", "/usr/share/zoneinfo/right/Antarctica/McMurdo", "/usr/share/zoneinfo/right/Antarctica/Palmer", "/usr/share/zoneinfo/right/Antarctica/Rothera", "/usr/share/zoneinfo/right/Antarctica/Syowa", "/usr/share/zoneinfo/right/Antarctica/Troll", "/usr/share/zoneinfo/right/Antarctica/Vostok", "/usr/share/zoneinfo/right/Asia/Aden", "/usr/share/zoneinfo/right/Asia/Almaty", "/usr/share/zoneinfo/right/Asia/Amman", "/usr/share/zoneinfo/right/Asia/Anadyr", "/usr/share/zoneinfo/right/Asia/Aqtau", "/usr/share/zoneinfo/right/Asia/Aqtobe", "/usr/share/zoneinfo/right/Asia/Ashgabat", "/usr/share/zoneinfo/right/Asia/Atyrau", "/usr/share/zoneinfo/right/Asia/Baghdad", "/usr/share/zoneinfo/right/Asia/Bahrain", "/usr/share/zoneinfo/right/Asia/Baku", "/usr/share/zoneinfo/right/Asia/Bangkok", "/usr/share/zoneinfo/right/Asia/Barnaul", "/usr/share/zoneinfo/right/Asia/Beirut", "/usr/share/zoneinfo/right/Asia/Bishkek", "/usr/share/zoneinfo/right/Asia/Brunei", "/usr/share/zoneinfo/right/Asia/Chita", "/usr/share/zoneinfo/right/Asia/Colombo", "/usr/share/zoneinfo/right/Asia/Damascus", "/usr/share/zoneinfo/right/Asia/Dhaka", "/usr/share/zoneinfo/right/Asia/Dili", "/usr/share/zoneinfo/right/Asia/Dubai", "/usr/share/zoneinfo/right/Asia/Dushanbe", "/usr/share/zoneinfo/right/Asia/Famagusta", "/usr/share/zoneinfo/right/Asia/Gaza", "/usr/share/zoneinfo/right/Asia/Hebron", "/usr/share/zoneinfo/right/Asia/Ho_Chi_Minh", "/usr/share/zoneinfo/right/Asia/Hong_Kong", "/usr/share/zoneinfo/right/Asia/Hovd", "/usr/share/zoneinfo/right/Asia/Irkutsk", "/usr/share/zoneinfo/right/Asia/Jakarta", "/usr/share/zoneinfo/right/Asia/Jayapura", "/usr/share/zoneinfo/right/Asia/Jerusalem", "/usr/share/zoneinfo/right/Asia/Kabul", "/usr/share/zoneinfo/right/Asia/Kamchatka", "/usr/share/zoneinfo/right/Asia/Karachi", "/usr/share/zoneinfo/right/Asia/Kathmandu", "/usr/share/zoneinfo/right/Asia/Khandyga", "/usr/share/zoneinfo/right/Asia/Kolkata", "/usr/share/zoneinfo/right/Asia/Krasnoyarsk", "/usr/share/zoneinfo/right/Asia/Kuala_Lumpur", "/usr/share/zoneinfo/right/Asia/Kuching", "/usr/share/zoneinfo/right/Asia/Kuwait", "/usr/share/zoneinfo/right/Asia/Macau", "/usr/share/zoneinfo/right/Asia/Magadan", "/usr/share/zoneinfo/right/Asia/Makassar", "/usr/share/zoneinfo/right/Asia/Manila", "/usr/share/zoneinfo/right/Asia/Muscat", "/usr/share/zoneinfo/right/Asia/Nicosia", "/usr/share/zoneinfo/right/Asia/Novokuznetsk", "/usr/share/zoneinfo/right/Asia/Novosibirsk", "/usr/share/zoneinfo/right/Asia/Omsk", "/usr/share/zoneinfo/right/Asia/Oral", "/usr/share/zoneinfo/right/Asia/Phnom_Penh", "/usr/share/zoneinfo/right/Asia/Pontianak", "/usr/share/zoneinfo/right/Asia/Pyongyang", "/usr/share/zoneinfo/right/Asia/Qatar", "/usr/share/zoneinfo/right/Asia/Qostanay", "/usr/share/zoneinfo/right/Asia/Qyzylorda", "/usr/share/zoneinfo/right/Asia/Riyadh", "/usr/share/zoneinfo/right/Asia/Sakhalin", "/usr/share/zoneinfo/right/Asia/Samarkand", "/usr/share/zoneinfo/right/Asia/Seoul", "/usr/share/zoneinfo/right/Asia/Shanghai", "/usr/share/zoneinfo/right/Asia/Singapore", "/usr/share/zoneinfo/right/Asia/Srednekolymsk", "/usr/share/zoneinfo/right/Asia/Taipei", "/usr/share/zoneinfo/right/Asia/Tashkent", "/usr/share/zoneinfo/right/Asia/Tbilisi", "/usr/share/zoneinfo/right/Asia/Tehran", "/usr/share/zoneinfo/right/Asia/Thimphu", "/usr/share/zoneinfo/right/Asia/Tokyo", "/usr/share/zoneinfo/right/Asia/Tomsk", "/usr/share/zoneinfo/right/Asia/Ulaanbaatar", "/usr/share/zoneinfo/right/Asia/Urumqi", "/usr/share/zoneinfo/right/Asia/Ust-Nera", "/usr/share/zoneinfo/right/Asia/Vientiane", "/usr/share/zoneinfo/right/Asia/Vladivostok", "/usr/share/zoneinfo/right/Asia/Yakutsk", "/usr/share/zoneinfo/right/Asia/Yangon", "/usr/share/zoneinfo/right/Asia/Yekaterinburg", "/usr/share/zoneinfo/right/Asia/Yerevan", "/usr/share/zoneinfo/right/Atlantic/Azores", "/usr/share/zoneinfo/right/Atlantic/Bermuda", "/usr/share/zoneinfo/right/Atlantic/Canary", "/usr/share/zoneinfo/right/Atlantic/Cape_Verde", "/usr/share/zoneinfo/right/Atlantic/Faroe", "/usr/share/zoneinfo/right/Atlantic/Madeira", "/usr/share/zoneinfo/right/Atlantic/Reykjavik", "/usr/share/zoneinfo/right/Atlantic/South_Georgia", "/usr/share/zoneinfo/right/Atlantic/St_Helena", "/usr/share/zoneinfo/right/Atlantic/Stanley", "/usr/share/zoneinfo/right/Australia/Adelaide", "/usr/share/zoneinfo/right/Australia/Brisbane", "/usr/share/zoneinfo/right/Australia/Broken_Hill", "/usr/share/zoneinfo/right/Australia/Darwin", "/usr/share/zoneinfo/right/Australia/Eucla", "/usr/share/zoneinfo/right/Australia/Hobart", "/usr/share/zoneinfo/right/Australia/Lindeman", "/usr/share/zoneinfo/right/Australia/Lord_Howe", "/usr/share/zoneinfo/right/Australia/Melbourne", "/usr/share/zoneinfo/right/Australia/Perth", "/usr/share/zoneinfo/right/Australia/Sydney", "/usr/share/zoneinfo/right/CET", "/usr/share/zoneinfo/right/CST6CDT", "/usr/share/zoneinfo/right/EET", "/usr/share/zoneinfo/right/EST", "/usr/share/zoneinfo/right/EST5EDT", "/usr/share/zoneinfo/right/Etc/GMT", "/usr/share/zoneinfo/right/Etc/GMT+1", "/usr/share/zoneinfo/right/Etc/GMT+10", "/usr/share/zoneinfo/right/Etc/GMT+11", "/usr/share/zoneinfo/right/Etc/GMT+12", "/usr/share/zoneinfo/right/Etc/GMT+2", "/usr/share/zoneinfo/right/Etc/GMT+3", "/usr/share/zoneinfo/right/Etc/GMT+4", "/usr/share/zoneinfo/right/Etc/GMT+5", "/usr/share/zoneinfo/right/Etc/GMT+6", "/usr/share/zoneinfo/right/Etc/GMT+7", "/usr/share/zoneinfo/right/Etc/GMT+8", "/usr/share/zoneinfo/right/Etc/GMT+9", "/usr/share/zoneinfo/right/Etc/GMT-1", "/usr/share/zoneinfo/right/Etc/GMT-10", "/usr/share/zoneinfo/right/Etc/GMT-11", "/usr/share/zoneinfo/right/Etc/GMT-12", "/usr/share/zoneinfo/right/Etc/GMT-13", "/usr/share/zoneinfo/right/Etc/GMT-14", "/usr/share/zoneinfo/right/Etc/GMT-2", "/usr/share/zoneinfo/right/Etc/GMT-3", "/usr/share/zoneinfo/right/Etc/GMT-4", "/usr/share/zoneinfo/right/Etc/GMT-5", "/usr/share/zoneinfo/right/Etc/GMT-6", "/usr/share/zoneinfo/right/Etc/GMT-7", "/usr/share/zoneinfo/right/Etc/GMT-8", "/usr/share/zoneinfo/right/Etc/GMT-9", "/usr/share/zoneinfo/right/Etc/UTC", "/usr/share/zoneinfo/right/Europe/Amsterdam", "/usr/share/zoneinfo/right/Europe/Andorra", "/usr/share/zoneinfo/right/Europe/Astrakhan", "/usr/share/zoneinfo/right/Europe/Athens", "/usr/share/zoneinfo/right/Europe/Belgrade", "/usr/share/zoneinfo/right/Europe/Berlin", "/usr/share/zoneinfo/right/Europe/Brussels", "/usr/share/zoneinfo/right/Europe/Bucharest", "/usr/share/zoneinfo/right/Europe/Budapest", "/usr/share/zoneinfo/right/Europe/Chisinau", "/usr/share/zoneinfo/right/Europe/Copenhagen", "/usr/share/zoneinfo/right/Europe/Dublin", "/usr/share/zoneinfo/right/Europe/Gibraltar", "/usr/share/zoneinfo/right/Europe/Guernsey", "/usr/share/zoneinfo/right/Europe/Helsinki", "/usr/share/zoneinfo/right/Europe/Isle_of_Man", "/usr/share/zoneinfo/right/Europe/Istanbul", "/usr/share/zoneinfo/right/Europe/Jersey", "/usr/share/zoneinfo/right/Europe/Kaliningrad", "/usr/share/zoneinfo/right/Europe/Kirov", "/usr/share/zoneinfo/right/Europe/Kyiv", "/usr/share/zoneinfo/right/Europe/Lisbon", "/usr/share/zoneinfo/right/Europe/Ljubljana", "/usr/share/zoneinfo/right/Europe/London", "/usr/share/zoneinfo/right/Europe/Luxembourg", "/usr/share/zoneinfo/right/Europe/Madrid", "/usr/share/zoneinfo/right/Europe/Malta", "/usr/share/zoneinfo/right/Europe/Minsk", "/usr/share/zoneinfo/right/Europe/Monaco", "/usr/share/zoneinfo/right/Europe/Moscow", "/usr/share/zoneinfo/right/Europe/Oslo", "/usr/share/zoneinfo/right/Europe/Paris", "/usr/share/zoneinfo/right/Europe/Prague", "/usr/share/zoneinfo/right/Europe/Riga", "/usr/share/zoneinfo/right/Europe/Rome", "/usr/share/zoneinfo/right/Europe/Samara", "/usr/share/zoneinfo/right/Europe/Sarajevo", "/usr/share/zoneinfo/right/Europe/Saratov", "/usr/share/zoneinfo/right/Europe/Simferopol", "/usr/share/zoneinfo/right/Europe/Skopje", "/usr/share/zoneinfo/right/Europe/Sofia", "/usr/share/zoneinfo/right/Europe/Stockholm", "/usr/share/zoneinfo/right/Europe/Tallinn", "/usr/share/zoneinfo/right/Europe/Tirane", "/usr/share/zoneinfo/right/Europe/Ulyanovsk", "/usr/share/zoneinfo/right/Europe/Vaduz", "/usr/share/zoneinfo/right/Europe/Vienna", "/usr/share/zoneinfo/right/Europe/Vilnius", "/usr/share/zoneinfo/right/Europe/Volgograd", "/usr/share/zoneinfo/right/Europe/Warsaw", "/usr/share/zoneinfo/right/Europe/Zagreb", "/usr/share/zoneinfo/right/Europe/Zurich", "/usr/share/zoneinfo/right/Factory", "/usr/share/zoneinfo/right/HST", "/usr/share/zoneinfo/right/Indian/Antananarivo", "/usr/share/zoneinfo/right/Indian/Chagos", "/usr/share/zoneinfo/right/Indian/Christmas", "/usr/share/zoneinfo/right/Indian/Cocos", "/usr/share/zoneinfo/right/Indian/Comoro", "/usr/share/zoneinfo/right/Indian/Kerguelen", "/usr/share/zoneinfo/right/Indian/Mahe", "/usr/share/zoneinfo/right/Indian/Maldives", "/usr/share/zoneinfo/right/Indian/Mauritius", "/usr/share/zoneinfo/right/Indian/Mayotte", "/usr/share/zoneinfo/right/Indian/Reunion", "/usr/share/zoneinfo/right/MET", "/usr/share/zoneinfo/right/MST", "/usr/share/zoneinfo/right/MST7MDT", "/usr/share/zoneinfo/right/PST8PDT", "/usr/share/zoneinfo/right/Pacific/Apia", "/usr/share/zoneinfo/right/Pacific/Auckland", "/usr/share/zoneinfo/right/Pacific/Bougainville", "/usr/share/zoneinfo/right/Pacific/Chatham", "/usr/share/zoneinfo/right/Pacific/Chuuk", "/usr/share/zoneinfo/right/Pacific/Easter", "/usr/share/zoneinfo/right/Pacific/Efate", "/usr/share/zoneinfo/right/Pacific/Fakaofo", "/usr/share/zoneinfo/right/Pacific/Fiji", "/usr/share/zoneinfo/right/Pacific/Funafuti", "/usr/share/zoneinfo/right/Pacific/Galapagos", "/usr/share/zoneinfo/right/Pacific/Gambier", "/usr/share/zoneinfo/right/Pacific/Guadalcanal", "/usr/share/zoneinfo/right/Pacific/Guam", "/usr/share/zoneinfo/right/Pacific/Honolulu", "/usr/share/zoneinfo/right/Pacific/Kanton", "/usr/share/zoneinfo/right/Pacific/Kiritimati", "/usr/share/zoneinfo/right/Pacific/Kosrae", "/usr/share/zoneinfo/right/Pacific/Kwajalein", "/usr/share/zoneinfo/right/Pacific/Majuro", "/usr/share/zoneinfo/right/Pacific/Marquesas", "/usr/share/zoneinfo/right/Pacific/Midway", "/usr/share/zoneinfo/right/Pacific/Nauru", "/usr/share/zoneinfo/right/Pacific/Niue", "/usr/share/zoneinfo/right/Pacific/Norfolk", "/usr/share/zoneinfo/right/Pacific/Noumea", "/usr/share/zoneinfo/right/Pacific/Pago_Pago", "/usr/share/zoneinfo/right/Pacific/Palau", "/usr/share/zoneinfo/right/Pacific/Pitcairn", "/usr/share/zoneinfo/right/Pacific/Pohnpei", "/usr/share/zoneinfo/right/Pacific/Port_Moresby", "/usr/share/zoneinfo/right/Pacific/Rarotonga", "/usr/share/zoneinfo/right/Pacific/Saipan", "/usr/share/zoneinfo/right/Pacific/Tahiti", "/usr/share/zoneinfo/right/Pacific/Tarawa", "/usr/share/zoneinfo/right/Pacific/Tongatapu", "/usr/share/zoneinfo/right/Pacific/Wake", "/usr/share/zoneinfo/right/Pacific/Wallis", "/usr/share/zoneinfo/right/WET", "/usr/share/zoneinfo/tzdata.zi", "/usr/share/zoneinfo/zone.tab", "/usr/share/zoneinfo/zone1970.tab" ], "AnalyzedBy": "dpkg" } ] }, { "Target": "cp-tool", "Class": "lang-pkgs", "Type": "gobinary", "Packages": [ { "ID": "stdlib@v1.22.7", "Name": "stdlib", "Identifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "bb56958abc5dab22" }, "Version": "v1.22.7", "Relationship": "direct", "Layer": { "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" }, "AnalyzedBy": "gobinary" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2025-68121", "VendorIDs": [ "GO-2026-4337" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "bb56958abc5dab22" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3", "Status": "fixed", "Layer": { "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68121", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3de90334117941c4e0e32fe0ccd9cdea80fb1e36e712301f5601e902c4c8a9ec", "Title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption", "Description": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.", "Severity": "CRITICAL", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 4, "cbl-mariner": 2, "nvd": 4, "oracle-oval": 3, "photon": 4, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "V3Score": 10 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "V3Score": 10 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4177", "https://access.redhat.com/security/cve/CVE-2025-68121", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-4177.html", "https://errata.rockylinux.org/RLSA-2026:4177", "https://github.com/golang/go/issues/77113", "https://go.dev/cl/737700", "https://go.dev/issue/77217", "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-68121.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-68121", "https://pkg.go.dev/vuln/GO-2026-4337", "https://www.cve.org/CVERecord?id=CVE-2025-68121" ], "PublishedDate": "2026-02-05T18:16:10.857Z", "LastModifiedDate": "2026-04-29T14:16:16.17Z" }, { "VulnerabilityID": "CVE-2025-61726", "VendorIDs": [ "GO-2026-4341" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "bb56958abc5dab22" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61726", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:4b8e942799553284577c1944fcf32858ac4e00abfdc291581c32206dfa96f6e6", "Title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url", "Description": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 3, "cbl-mariner": 2, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4177", "https://access.redhat.com/security/cve/CVE-2025-61726", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-4177.html", "https://errata.rockylinux.org/RLSA-2026:4177", "https://go.dev/cl/736712", "https://go.dev/issue/77101", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-61726.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61726", "https://pkg.go.dev/vuln/GO-2026-4341", "https://www.cve.org/CVERecord?id=CVE-2025-61726" ], "PublishedDate": "2026-01-28T20:16:09.713Z", "LastModifiedDate": "2026-02-06T18:47:34.52Z" }, { "VulnerabilityID": "CVE-2025-61729", "VendorIDs": [ "GO-2025-4155" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "bb56958abc5dab22" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.11, 1.25.5", "Status": "fixed", "Layer": { "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61729", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f6be3d8de86ce06ad638f9a7c682a609b1d8d906967180cfa09c6ddbc17ec5c0", "Title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate", "Description": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 1, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:3928", "https://access.redhat.com/security/cve/CVE-2025-61729", "https://bugzilla.redhat.com/2418462", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-3928.html", "https://errata.rockylinux.org/RLSA-2026:3928", "https://go.dev/cl/725920", "https://go.dev/issue/76445", "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "https://linux.oracle.com/cve/CVE-2025-61729.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61729", "https://pkg.go.dev/vuln/GO-2025-4155", "https://www.cve.org/CVERecord?id=CVE-2025-61729" ], "PublishedDate": "2025-12-02T19:15:51.447Z", "LastModifiedDate": "2025-12-19T18:25:28.283Z" }, { "VulnerabilityID": "CVE-2026-25679", "VendorIDs": [ "GO-2026-4601" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "bb56958abc5dab22" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.8, 1.26.1", "Status": "fixed", "Layer": { "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25679", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3ad5931e0ac6d48068ce64a63a5f5d9d5674f13aa5d3fd1d8f69f4bbb856bd2f", "Title": "net/url: Incorrect parsing of IPv6 host literals in net/url", "Description": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.", "Severity": "HIGH", "CweIDs": [ "CWE-425" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:9044", "https://access.redhat.com/security/cve/CVE-2026-25679", "https://bugzilla.redhat.com/2445356", "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", "https://errata.almalinux.org/9/ALSA-2026-9044.html", "https://errata.rockylinux.org/RLSA-2026:8841", "https://go.dev/cl/752180", "https://go.dev/issue/77578", "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "https://linux.oracle.com/cve/CVE-2026-25679.html", "https://linux.oracle.com/errata/ELSA-2026-9044.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", "https://pkg.go.dev/vuln/GO-2026-4601", "https://www.cve.org/CVERecord?id=CVE-2026-25679" ], "PublishedDate": "2026-03-06T22:16:00.72Z", "LastModifiedDate": "2026-04-21T14:43:03.8Z" }, { "VulnerabilityID": "CVE-2026-32280", "VendorIDs": [ "GO-2026-4947" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "bb56958abc5dab22" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:7663d9825925adef01f87f0f591197a62d9a6297bc4cab77f862509f1154bbe9", "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32280", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/758320", "https://go.dev/issue/78282", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32280.html", "https://linux.oracle.com/errata/ELSA-2026-16875.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", "https://pkg.go.dev/vuln/GO-2026-4947", "https://www.cve.org/CVERecord?id=CVE-2026-32280" ], "PublishedDate": "2026-04-08T02:16:03.247Z", "LastModifiedDate": "2026-04-16T19:16:42.18Z" }, { "VulnerabilityID": "CVE-2026-32281", "VendorIDs": [ "GO-2026-4946" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "bb56958abc5dab22" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f26a4ca5135f99bbe0efd3f30fd8a476c811351ccf86e56f13c243fcb8d8807c", "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32281", "https://go.dev/cl/758061", "https://go.dev/issue/78281", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", "https://pkg.go.dev/vuln/GO-2026-4946", "https://www.cve.org/CVERecord?id=CVE-2026-32281" ], "PublishedDate": "2026-04-08T02:16:03.35Z", "LastModifiedDate": "2026-04-16T19:15:57.75Z" }, { "VulnerabilityID": "CVE-2026-32283", "VendorIDs": [ "GO-2026-4870" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "bb56958abc5dab22" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:62b76b8470f2938b2448692ea71fbcfaf801c3c7fcfa549132adf67d64da00b4", "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "nvd": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32283", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763767", "https://go.dev/issue/78334", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32283.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", "https://pkg.go.dev/vuln/GO-2026-4870", "https://www.cve.org/CVERecord?id=CVE-2026-32283" ], "PublishedDate": "2026-04-08T02:16:03.58Z", "LastModifiedDate": "2026-04-16T19:12:10.54Z" }, { "VulnerabilityID": "CVE-2026-33811", "VendorIDs": [ "GO-2026-4981" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "bb56958abc5dab22" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:334a73a3426e5876d709e596f6ead7ac658c0ca51263e59ff0dee15a7373c01c", "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", "Severity": "HIGH", "CweIDs": [ "CWE-415" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/767860", "https://go.dev/issue/78803", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", "https://pkg.go.dev/vuln/GO-2026-4981" ], "PublishedDate": "2026-05-07T20:16:42.77Z", "LastModifiedDate": "2026-05-12T20:23:02.333Z" }, { "VulnerabilityID": "CVE-2026-33814", "VendorIDs": [ "GO-2026-4918" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "bb56958abc5dab22" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:df642f2f9268b59762155433cb3b3199a03bb7d9be9f425fedb3fb44cb70d8ba", "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", "Severity": "HIGH", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/761581", "https://go.dev/cl/761640", "https://go.dev/issue/78476", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", "https://pkg.go.dev/vuln/GO-2026-4918" ], "PublishedDate": "2026-05-07T20:16:42.88Z", "LastModifiedDate": "2026-05-13T14:41:59.52Z" }, { "VulnerabilityID": "CVE-2026-39820", "VendorIDs": [ "GO-2026-4986" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "bb56958abc5dab22" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:5c8ffdb77e459eeee5d186b8b1132faa14ff1c90edd791280650af959bf99cd6", "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/759940", "https://go.dev/issue/78566", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", "https://pkg.go.dev/vuln/GO-2026-4986" ], "PublishedDate": "2026-05-07T20:16:43.187Z", "LastModifiedDate": "2026-05-13T15:10:58.65Z" }, { "VulnerabilityID": "CVE-2026-39836", "VendorIDs": [ "GO-2026-4971" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "bb56958abc5dab22" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:001e6ce2930e28e6acfadab14b2479051a7b92175524ce92382ee7b31b0d5154", "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/775320", "https://go.dev/issue/79006", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", "https://pkg.go.dev/vuln/GO-2026-4971" ], "PublishedDate": "2026-05-07T20:16:43.593Z", "LastModifiedDate": "2026-05-13T15:11:10.31Z" }, { "VulnerabilityID": "CVE-2026-42499", "VendorIDs": [ "GO-2026-4977" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "bb56958abc5dab22" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:da548109ba51a5c0dc10abdbe1cc784efc5a2ebced090f6e35768588c220b39c", "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", "Severity": "HIGH", "VendorSeverity": { "bitnami": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/771520", "https://go.dev/issue/78987", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", "https://pkg.go.dev/vuln/GO-2026-4977" ], "PublishedDate": "2026-05-07T20:16:44.54Z", "LastModifiedDate": "2026-05-13T16:59:17.563Z" }, { "VulnerabilityID": "CVE-2024-45336", "VendorIDs": [ "GO-2025-3420" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "bb56958abc5dab22" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.22.11, 1.23.5, 1.24.0-rc.2", "Status": "fixed", "Layer": { "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-45336", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:fa9314908a82908126a26e7fc576a432fc65adb47b894cef25e489db9a9f0289", "Title": "golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect", "Description": "The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "bitnami": 2, "cbl-mariner": 3, "oracle-oval": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:3772", "https://access.redhat.com/security/cve/CVE-2024-45336", "https://bugzilla.redhat.com/2341750", "https://bugzilla.redhat.com/2341751", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", "https://errata.almalinux.org/8/ALSA-2025-3772.html", "https://errata.rockylinux.org/RLSA-2025:3773", "https://github.com/golang/go/issues/70530", "https://go.dev/cl/643100", "https://go.dev/issue/70530", "https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI", "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ", "https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ", "https://linux.oracle.com/cve/CVE-2024-45336.html", "https://linux.oracle.com/errata/ELSA-2025-7592.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-45336", "https://pkg.go.dev/vuln/GO-2025-3420", "https://security.netapp.com/advisory/ntap-20250221-0003/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2024-45336" ], "PublishedDate": "2025-01-28T02:15:28.807Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-0913", "VendorIDs": [ "GO-2025-3750" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "bb56958abc5dab22" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.23.10, 1.24.4", "Status": "fixed", "Layer": { "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:750abab068ab222c42032a476e32af8d7822157ac352659b8d4c7f874921efbd", "Title": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", "Description": "os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 } }, "References": [ "https://go.dev/cl/672396", "https://go.dev/issue/73702", "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "https://nvd.nist.gov/vuln/detail/CVE-2025-0913", "https://pkg.go.dev/vuln/GO-2025-3750" ], "PublishedDate": "2025-06-11T18:15:24.627Z", "LastModifiedDate": "2025-08-08T14:53:03.55Z" }, { "VulnerabilityID": "CVE-2025-22866", "VendorIDs": [ "GO-2025-3447" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "bb56958abc5dab22" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.22.12, 1.23.6, 1.24.0-rc.3", "Status": "fixed", "Layer": { "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22866", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:49e89f3195b631abb3efd4fed6d80990b292e6db87eb5c45857593383c1ac409", "Title": "crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec", "Description": "Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.", "Severity": "MEDIUM", "VendorSeverity": { "bitnami": 2, "oracle-oval": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22866", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", "https://errata.rockylinux.org/RLSA-2025:3773", "https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12)", "https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6)", "https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3)", "https://github.com/golang/go/issues/71383", "https://go.dev/cl/643735", "https://go.dev/issue/71383", "https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k", "https://linux.oracle.com/cve/CVE-2025-22866.html", "https://linux.oracle.com/errata/ELSA-2025-7466.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-22866", "https://pkg.go.dev/vuln/GO-2025-3447", "https://security.netapp.com/advisory/ntap-20250221-0002/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-22866" ], "PublishedDate": "2025-02-06T17:15:21.41Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-22870", "VendorIDs": [ "GHSA-qxp5-gwg8-xv66", "GO-2025-3503" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "bb56958abc5dab22" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.23.7, 1.24.1", "Status": "fixed", "Layer": { "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:94802da85f2cee6023633374364e6b49cc0b0935c7c16828f08ef948676e35f7", "Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", "Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.", "Severity": "MEDIUM", "CweIDs": [ "CWE-115" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/03/07/2", "https://access.redhat.com/security/cve/CVE-2025-22870", "https://github.com/golang/go/issues/71984", "https://go-review.googlesource.com/q/project:net", "https://go.dev/cl/654697", "https://go.dev/issue/71984", "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", "https://nvd.nist.gov/vuln/detail/CVE-2025-22870", "https://pkg.go.dev/vuln/GO-2025-3503", "https://security.netapp.com/advisory/ntap-20250509-0007", "https://security.netapp.com/advisory/ntap-20250509-0007/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-22870" ], "PublishedDate": "2025-03-12T19:15:38.31Z", "LastModifiedDate": "2026-04-16T23:16:32.86Z" }, { "VulnerabilityID": "CVE-2025-22871", "VendorIDs": [ "GO-2025-3563" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "bb56958abc5dab22" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.23.8, 1.24.2", "Status": "fixed", "Layer": { "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22871", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:85c991b1bcf468d295c7ddcd5ffd5b12c8db1d263ca67a643933eb50d2ac051f", "Title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http", "Description": "The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 4, "cbl-mariner": 3, "ghsa": 4, "oracle-oval": 2, "photon": 4, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/04/4", "https://access.redhat.com/errata/RHSA-2025:9635", "https://access.redhat.com/security/cve/CVE-2025-22871", "https://bugzilla.redhat.com/2358493", "https://bugzilla.redhat.com/show_bug.cgi?id=2358493", "https://cert-portal.siemens.com/productcert/html/ssa-783943.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871", "https://errata.almalinux.org/9/ALSA-2025-9635.html", "https://errata.rockylinux.org/RLSA-2025:9635", "https://github.com/roadrunner-server/roadrunner", "https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa", "https://github.com/roadrunner-server/roadrunner/issues/2166", "https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0", "https://go.dev/cl/652998", "https://go.dev/issue/71988", "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk", "https://linux.oracle.com/cve/CVE-2025-22871.html", "https://linux.oracle.com/errata/ELSA-2025-9845.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-22871", "https://pkg.go.dev/vuln/GO-2025-3563", "https://www.cve.org/CVERecord?id=CVE-2025-22871" ], "PublishedDate": "2025-04-08T20:15:20.183Z", "LastModifiedDate": "2026-05-12T13:16:39.897Z" }, { "VulnerabilityID": "CVE-2025-22873", "VendorIDs": [ "GO-2026-4403" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "bb56958abc5dab22" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.23.9, 1.24.3", "Status": "fixed", "Layer": { "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22873", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:6ec5506ee6ba905178211231040d3b1db5f0870b9eea11f5417118e993f2462a", "Title": "os: os: Information disclosure via path traversal using specially crafted filenames", "Description": "It was possible to improperly access the parent directory of an os.Root by opening a filename ending in \"../\". For example, Root.Open(\"../\") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.", "Severity": "MEDIUM", "CweIDs": [ "CWE-23" ], "VendorSeverity": { "amazon": 2, "bitnami": 1, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "V3Score": 3.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/05/06/2", "https://access.redhat.com/security/cve/CVE-2025-22873", "https://go.dev/cl/670036", "https://go.dev/issue/73555", "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ", "https://nvd.nist.gov/vuln/detail/CVE-2025-22873", "https://pkg.go.dev/vuln/GO-2026-4403", "https://www.cve.org/CVERecord?id=CVE-2025-22873" ], "PublishedDate": "2026-02-04T23:15:54.22Z", "LastModifiedDate": "2026-02-10T15:16:40.057Z" }, { "VulnerabilityID": "CVE-2025-4673", "VendorIDs": [ "GO-2025-3751" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "bb56958abc5dab22" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.23.10, 1.24.4", "Status": "fixed", "Layer": { "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:511fc01cb46c568281565eb167d03b6a3c138f7a9617f456fb060cabe8c88dbe", "Title": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", "Description": "Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "V3Score": 6.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "V3Score": 6.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:15887", "https://access.redhat.com/security/cve/CVE-2025-4673", "https://bugzilla.redhat.com/2373305", "https://bugzilla.redhat.com/show_bug.cgi?id=2373305", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673", "https://errata.almalinux.org/9/ALSA-2025-15887.html", "https://errata.rockylinux.org/RLSA-2025:15887", "https://go.dev/cl/679257", "https://go.dev/issue/73816", "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "https://linux.oracle.com/cve/CVE-2025-4673.html", "https://linux.oracle.com/errata/ELSA-2025-10677.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-4673", "https://pkg.go.dev/vuln/GO-2025-3751", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-4673" ], "PublishedDate": "2025-06-11T17:15:42.993Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-47906", "VendorIDs": [ "GO-2025-3956" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "bb56958abc5dab22" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.23.12, 1.24.6", "Status": "fixed", "Layer": { "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c72708901d217b134b57484609bfd62546bdf80682348da7be9cf6dfd544e166", "Title": "os/exec: Unexpected paths returned from LookPath in os/exec", "Description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/08/06/1", "https://access.redhat.com/errata/RHSA-2025:22005", "https://access.redhat.com/security/cve/CVE-2025-47906", "https://bugzilla.redhat.com/2396546", "https://bugzilla.redhat.com/show_bug.cgi?id=2396546", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906", "https://errata.almalinux.org/9/ALSA-2025-22005.html", "https://errata.rockylinux.org/RLSA-2025:22005", "https://go.dev/cl/691775", "https://go.dev/issue/74466", "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", "https://linux.oracle.com/cve/CVE-2025-47906.html", "https://linux.oracle.com/errata/ELSA-2025-22668.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-47906", "https://pkg.go.dev/vuln/GO-2025-3956", "https://www.cve.org/CVERecord?id=CVE-2025-47906" ], "PublishedDate": "2025-09-18T19:15:37.66Z", "LastModifiedDate": "2026-01-27T19:56:17.707Z" }, { "VulnerabilityID": "CVE-2025-47907", "VendorIDs": [ "GO-2025-3849" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "bb56958abc5dab22" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.23.12, 1.24.6", "Status": "fixed", "Layer": { "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:5e55f707f307d5384fb2ad1fa65219ab8c56750687ec4ec1c569c09315f824fe", "Title": "database/sql: Postgres Scan Race Condition", "Description": "Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "V3Score": 7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/08/06/1", "https://access.redhat.com/errata/RHSA-2025:20909", "https://access.redhat.com/security/cve/CVE-2025-47907", "https://bugzilla.redhat.com/2387083", "https://bugzilla.redhat.com/2393152", "https://errata.almalinux.org/9/ALSA-2025-20909.html", "https://go.dev/cl/693735", "https://go.dev/issue/74831", "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", "https://linux.oracle.com/cve/CVE-2025-47907.html", "https://linux.oracle.com/errata/ELSA-2025-20983.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-47907", "https://pkg.go.dev/vuln/GO-2025-3849", "https://www.cve.org/CVERecord?id=CVE-2025-47907" ], "PublishedDate": "2025-08-07T16:15:30.357Z", "LastModifiedDate": "2026-01-29T19:11:50.67Z" }, { "VulnerabilityID": "CVE-2025-47912", "VendorIDs": [ "GO-2025-4010" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "bb56958abc5dab22" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47912", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:89adf6a57b69a050b57118198d00c65048ed6c551a94d4e3b7449e52f9d8b20d", "Title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url", "Description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-47912", "https://go.dev/cl/709857", "https://go.dev/issue/75678", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-47912", "https://pkg.go.dev/vuln/GO-2025-4010", "https://www.cve.org/CVERecord?id=CVE-2025-47912" ], "PublishedDate": "2025-10-29T23:16:18.187Z", "LastModifiedDate": "2026-01-29T13:57:18.69Z" }, { "VulnerabilityID": "CVE-2025-58183", "VendorIDs": [ "GO-2025-4014" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "bb56958abc5dab22" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58183", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:41417d34393cb320066c8173341e599973a47611e1424c9dd0e86a67fe0bd1a9", "Title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map", "Description": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/errata/RHSA-2026:1381", "https://access.redhat.com/security/cve/CVE-2025-58183", "https://bugzilla.redhat.com/2407258", "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", "https://errata.almalinux.org/9/ALSA-2026-1381.html", "https://errata.rockylinux.org/RLSA-2025:23326", "https://go.dev/cl/709861", "https://go.dev/issue/75677", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://linux.oracle.com/cve/CVE-2025-58183.html", "https://linux.oracle.com/errata/ELSA-2026-50076.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-58183", "https://pkg.go.dev/vuln/GO-2025-4014", "https://www.cve.org/CVERecord?id=CVE-2025-58183" ], "PublishedDate": "2025-10-29T23:16:19.357Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-58185", "VendorIDs": [ "GO-2025-4011" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "bb56958abc5dab22" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58185", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:31889789b7e61a3cb366e33baf28cdb8a3d0607daea8a2fc674ce33b1dc40764", "Title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1", "Description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58185", "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd", "https://go.dev/cl/709856", "https://go.dev/issue/75671", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58185", "https://pkg.go.dev/vuln/GO-2025-4011", "https://www.cve.org/CVERecord?id=CVE-2025-58185" ], "PublishedDate": "2025-10-29T23:16:19.45Z", "LastModifiedDate": "2026-02-06T20:26:41.997Z" }, { "VulnerabilityID": "CVE-2025-58187", "VendorIDs": [ "GO-2025-4007" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "bb56958abc5dab22" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.9, 1.25.3", "Status": "fixed", "Layer": { "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58187", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:d36f0f80bb49565fb4af523ffc748b9f737c8c6a1db4de59e06b861eb5642ba1", "Title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509", "Description": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.", "Severity": "MEDIUM", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58187", "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4", "https://go.dev/cl/709854", "https://go.dev/issue/75681", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58187", "https://pkg.go.dev/vuln/GO-2025-4007", "https://www.cve.org/CVERecord?id=CVE-2025-58187" ], "PublishedDate": "2025-10-29T23:16:19.643Z", "LastModifiedDate": "2026-01-29T16:02:27.08Z" }, { "VulnerabilityID": "CVE-2025-58188", "VendorIDs": [ "GO-2025-4013" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "bb56958abc5dab22" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58188", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:6a8b877deae38b96929fabdbd38cad3475ba990604a75be61bc4803b9eb25c20", "Title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509", "Description": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58188", "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9", "https://go.dev/cl/709853", "https://go.dev/issue/75675", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58188", "https://pkg.go.dev/vuln/GO-2025-4013", "https://www.cve.org/CVERecord?id=CVE-2025-58188" ], "PublishedDate": "2025-10-29T23:16:19.74Z", "LastModifiedDate": "2026-01-29T15:55:11.97Z" }, { "VulnerabilityID": "CVE-2025-58189", "VendorIDs": [ "GO-2025-4008" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "bb56958abc5dab22" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58189", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:da03354f144ff5f02d6f1b2f65f507b39acb91dac2c1410678ea1d442d3fef2a", "Title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information", "Description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", "Severity": "MEDIUM", "CweIDs": [ "CWE-532" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58189", "https://go.dev/cl/707776", "https://go.dev/issue/75652", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58189", "https://pkg.go.dev/vuln/GO-2025-4008", "https://www.cve.org/CVERecord?id=CVE-2025-58189" ], "PublishedDate": "2025-10-29T23:16:19.833Z", "LastModifiedDate": "2026-01-29T15:49:24.543Z" }, { "VulnerabilityID": "CVE-2025-61723", "VendorIDs": [ "GO-2025-4009" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "bb56958abc5dab22" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61723", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:39fdc4198eba9b1f7f279dfc843639046bc583d65ca3483b68de134d5c1b3208", "Title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem", "Description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61723", "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b", "https://go.dev/cl/709858", "https://go.dev/issue/75676", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61723", "https://pkg.go.dev/vuln/GO-2025-4009", "https://www.cve.org/CVERecord?id=CVE-2025-61723" ], "PublishedDate": "2025-10-29T23:16:19.927Z", "LastModifiedDate": "2026-01-29T15:49:05.343Z" }, { "VulnerabilityID": "CVE-2025-61724", "VendorIDs": [ "GO-2025-4015" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "bb56958abc5dab22" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61724", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:619ffc9abb08fc9f9e4d4be18a4efb148c7bea169035e718a7241b882bf875dc", "Title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto", "Description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61724", "https://go.dev/cl/709859", "https://go.dev/issue/75716", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61724", "https://pkg.go.dev/vuln/GO-2025-4015", "https://www.cve.org/CVERecord?id=CVE-2025-61724" ], "PublishedDate": "2025-10-29T23:16:20.02Z", "LastModifiedDate": "2026-01-29T15:30:53.69Z" }, { "VulnerabilityID": "CVE-2025-61725", "VendorIDs": [ "GO-2025-4006" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "bb56958abc5dab22" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61725", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:91dd5e3760ca80b331b1ed79fff4c9549de2f0044e1c4affc69bcf38fbdd105a", "Title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail", "Description": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61725", "https://go.dev/cl/709860", "https://go.dev/issue/75680", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61725", "https://pkg.go.dev/vuln/GO-2025-4006", "https://www.cve.org/CVERecord?id=CVE-2025-61725" ], "PublishedDate": "2025-10-29T23:16:20.113Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-61727", "VendorIDs": [ "GO-2025-4175" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "bb56958abc5dab22" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.11, 1.25.5", "Status": "fixed", "Layer": { "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61727", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:01c2ba90b379c3e0a613fc081e114be945f6a20fd4a417a765494ba1fbe24078", "Title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs", "Description": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-61727", "https://go.dev/cl/723900", "https://go.dev/issue/76442", "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "https://nvd.nist.gov/vuln/detail/CVE-2025-61727", "https://pkg.go.dev/vuln/GO-2025-4175", "https://www.cve.org/CVERecord?id=CVE-2025-61727" ], "PublishedDate": "2025-12-03T20:16:25.607Z", "LastModifiedDate": "2025-12-18T20:15:10.957Z" }, { "VulnerabilityID": "CVE-2025-61728", "VendorIDs": [ "GO-2026-4342" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "bb56958abc5dab22" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61728", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:ad80bfe990b0ec9586c9d17ecf1016e08bea7015c231679955858bd7ae8d93aa", "Title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip", "Description": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/15/4", "https://access.redhat.com/errata/RHSA-2026:3753", "https://access.redhat.com/security/cve/CVE-2025-61728", "https://bugzilla.redhat.com/2418462", "https://bugzilla.redhat.com/2434431", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", "https://bugzilla.redhat.com/show_bug.cgi?id=2434431", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-3753.html", "https://errata.rockylinux.org/RLSA-2026:3337", "https://go.dev/cl/736713", "https://go.dev/issue/77102", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-61728.html", "https://linux.oracle.com/errata/ELSA-2026-4672.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61728", "https://pkg.go.dev/vuln/GO-2026-4342", "https://www.cve.org/CVERecord?id=CVE-2025-61728" ], "PublishedDate": "2026-01-28T20:16:09.83Z", "LastModifiedDate": "2026-02-06T18:45:10.42Z" }, { "VulnerabilityID": "CVE-2025-61730", "VendorIDs": [ "GO-2026-4340" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "bb56958abc5dab22" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61730", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:a3de42a1e102318bca34e9e072b0c1377bf7b9695a79e0974dd79c05fddb8139", "Title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls", "Description": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 2, "azure": 1, "bitnami": 2, "cbl-mariner": 1, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-61730", "https://go.dev/cl/724120", "https://go.dev/issue/76443", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://nvd.nist.gov/vuln/detail/CVE-2025-61730", "https://pkg.go.dev/vuln/GO-2026-4340", "https://www.cve.org/CVERecord?id=CVE-2025-61730" ], "PublishedDate": "2026-01-28T20:16:09.94Z", "LastModifiedDate": "2026-02-03T20:36:41.3Z" }, { "VulnerabilityID": "CVE-2026-27142", "VendorIDs": [ "GO-2026-4603" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "bb56958abc5dab22" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.8, 1.26.1", "Status": "fixed", "Layer": { "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27142", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:638f009430de74261068f593c94e4ebd400cd2831c5c1590cac245ce9856bdf5", "Title": "html/template: URLs in meta content attribute actions are not escaped in html/template", "Description": "Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27142", "https://go.dev/cl/752081", "https://go.dev/issue/77954", "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "https://nvd.nist.gov/vuln/detail/CVE-2026-27142", "https://pkg.go.dev/vuln/GO-2026-4603", "https://www.cve.org/CVERecord?id=CVE-2026-27142" ], "PublishedDate": "2026-03-06T22:16:01.177Z", "LastModifiedDate": "2026-04-21T14:30:01.38Z" }, { "VulnerabilityID": "CVE-2026-32282", "VendorIDs": [ "GO-2026-4864" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "bb56958abc5dab22" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:34ecf63f8cff7598d1615278c4da604692d293414cf79ea6a8f0754c9a36801e", "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32282", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763761", "https://go.dev/issue/78293", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32282.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", "https://pkg.go.dev/vuln/GO-2026-4864", "https://www.cve.org/CVERecord?id=CVE-2026-32282" ], "PublishedDate": "2026-04-08T02:16:03.467Z", "LastModifiedDate": "2026-04-16T19:15:39.4Z" }, { "VulnerabilityID": "CVE-2026-32288", "VendorIDs": [ "GO-2026-4869" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "bb56958abc5dab22" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:995179a41e43804896fce2c131df4302e4bb936e51868c90005e055b75e00bb8", "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "azure": 2, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32288", "https://go.dev/cl/763766", "https://go.dev/issue/78301", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", "https://pkg.go.dev/vuln/GO-2026-4869", "https://www.cve.org/CVERecord?id=CVE-2026-32288" ], "PublishedDate": "2026-04-08T02:16:03.707Z", "LastModifiedDate": "2026-04-16T19:08:52.24Z" }, { "VulnerabilityID": "CVE-2026-32289", "VendorIDs": [ "GO-2026-4865" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "bb56958abc5dab22" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:38fd293da161df018af8d3b89f574dc88824335f33742b31a37f10b02ed8a08d", "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32289", "https://go.dev/cl/763762", "https://go.dev/issue/78331", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", "https://pkg.go.dev/vuln/GO-2026-4865", "https://www.cve.org/CVERecord?id=CVE-2026-32289" ], "PublishedDate": "2026-04-08T02:16:03.82Z", "LastModifiedDate": "2026-04-16T19:06:57.367Z" }, { "VulnerabilityID": "CVE-2026-39823", "VendorIDs": [ "GO-2026-4982" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "bb56958abc5dab22" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:86d288cad13fc333f386231e8a69d85455a034bde636ecaf0945419897a458bf", "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/769920", "https://go.dev/issue/78913", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", "https://pkg.go.dev/vuln/GO-2026-4982" ], "PublishedDate": "2026-05-07T20:16:43.29Z", "LastModifiedDate": "2026-05-13T16:58:45.697Z" }, { "VulnerabilityID": "CVE-2026-39825", "VendorIDs": [ "GO-2026-4976" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "bb56958abc5dab22" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:8cf30882f6447587edef6f0a9edcfd52af8084d1051213e6412da6479e5e66cf", "Title": "ReverseProxy can forward queries containing parameters not visible to ...", "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", "Severity": "MEDIUM", "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://go.dev/cl/770541", "https://go.dev/issue/78948", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", "https://pkg.go.dev/vuln/GO-2026-4976" ], "PublishedDate": "2026-05-07T20:16:43.39Z", "LastModifiedDate": "2026-05-13T16:58:56.39Z" }, { "VulnerabilityID": "CVE-2026-39826", "VendorIDs": [ "GO-2026-4980" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "bb56958abc5dab22" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:3d3fa78f5f48d7de10552b580b3a5ba6b49e1962886f7af91bfac991c96f42ae", "DiffID": "sha256:cd482371d296ca100efb59ceb49f38ab220e2b63a33ef47712ec16f477dce250" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:66328304fe027ec260b1833d5685fc2ffeb610be0c6117dce57b48b1163cca6b", "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", "Severity": "MEDIUM", "CweIDs": [ "CWE-116" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/771180", "https://go.dev/issue/78981", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", "https://pkg.go.dev/vuln/GO-2026-4980" ], "PublishedDate": "2026-05-07T20:16:43.49Z", "LastModifiedDate": "2026-05-13T16:59:07.48Z" } ] }, { "Target": "frr-metrics", "Class": "lang-pkgs", "Type": "gobinary", "Packages": [ { "ID": "stdlib@v1.22.7", "Name": "stdlib", "Identifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "e7c76fb91746ebdb" }, "Version": "v1.22.7", "Relationship": "direct", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/beorn7/perks@v1.0.1", "Name": "github.com/beorn7/perks", "Identifier": { "PURL": "pkg:golang/github.com/beorn7/perks@v1.0.1", "UID": "3f4112e8c62b5170" }, "Version": "v1.0.1", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cespare/xxhash/v2@v2.3.0", "Name": "github.com/cespare/xxhash/v2", "Identifier": { "PURL": "pkg:golang/github.com/cespare/xxhash/v2@v2.3.0", "UID": "ec10368b5a43be21" }, "Version": "v2.3.0", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", "Name": "github.com/davecgh/go-spew", "Identifier": { "PURL": "pkg:golang/github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", "UID": "6eaf11643eda2698" }, "Version": "v1.1.2-0.20180830191138-d8f796af33cc", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/emicklei/go-restful/v3@v3.12.1", "Name": "github.com/emicklei/go-restful/v3", "Identifier": { "PURL": "pkg:golang/github.com/emicklei/go-restful/v3@v3.12.1", "UID": "7f8756a02d0a521d" }, "Version": "v3.12.1", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/evanphx/json-patch/v5@v5.9.0", "Name": "github.com/evanphx/json-patch/v5", "Identifier": { "PURL": "pkg:golang/github.com/evanphx/json-patch/v5@v5.9.0", "UID": "4c4760f22f6ac60e" }, "Version": "v5.9.0", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/fxamacker/cbor/v2@v2.7.0", "Name": "github.com/fxamacker/cbor/v2", "Identifier": { "PURL": "pkg:golang/github.com/fxamacker/cbor/v2@v2.7.0", "UID": "7c0dcabc9fe2dc" }, "Version": "v2.7.0", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-kit/log@v0.2.1", "Name": "github.com/go-kit/log", "Identifier": { "PURL": "pkg:golang/github.com/go-kit/log@v0.2.1", "UID": "12796a87d4abc695" }, "Version": "v0.2.1", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-logfmt/logfmt@v0.5.1", "Name": "github.com/go-logfmt/logfmt", "Identifier": { "PURL": "pkg:golang/github.com/go-logfmt/logfmt@v0.5.1", "UID": "bd9e1c1b4c5554aa" }, "Version": "v0.5.1", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-logr/logr@v1.4.2", "Name": "github.com/go-logr/logr", "Identifier": { "PURL": "pkg:golang/github.com/go-logr/logr@v1.4.2", "UID": "85e3cb4f429909a2" }, "Version": "v1.4.2", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-logr/zapr@v1.3.0", "Name": "github.com/go-logr/zapr", "Identifier": { "PURL": "pkg:golang/github.com/go-logr/zapr@v1.3.0", "UID": "b54546ada330d2ec" }, "Version": "v1.3.0", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/jsonpointer@v0.21.0", "Name": "github.com/go-openapi/jsonpointer", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/jsonpointer@v0.21.0", "UID": "72db4264218eca2a" }, "Version": "v0.21.0", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/jsonreference@v0.21.0", "Name": "github.com/go-openapi/jsonreference", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/jsonreference@v0.21.0", "UID": "77c6301ec1642f72" }, "Version": "v0.21.0", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag@v0.23.0", "Name": "github.com/go-openapi/swag", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag@v0.23.0", "UID": "79bd1d4b2f066d7b" }, "Version": "v0.23.0", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/gogo/protobuf@v1.3.2", "Name": "github.com/gogo/protobuf", "Identifier": { "PURL": "pkg:golang/github.com/gogo/protobuf@v1.3.2", "UID": "67e0b01bfbbe3dc" }, "Version": "v1.3.2", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/golang/groupcache@v0.0.0-20210331224755-41bb18bfe9da", "Name": "github.com/golang/groupcache", "Identifier": { "PURL": "pkg:golang/github.com/golang/groupcache@v0.0.0-20210331224755-41bb18bfe9da", "UID": "63ce058a03dce34" }, "Version": "v0.0.0-20210331224755-41bb18bfe9da", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/golang/protobuf@v1.5.4", "Name": "github.com/golang/protobuf", "Identifier": { "PURL": "pkg:golang/github.com/golang/protobuf@v1.5.4", "UID": "b26e0b0a0e24c70e" }, "Version": "v1.5.4", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/gnostic-models@v0.6.8", "Name": "github.com/google/gnostic-models", "Identifier": { "PURL": "pkg:golang/github.com/google/gnostic-models@v0.6.8", "UID": "a6774857156882c2" }, "Version": "v0.6.8", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/go-cmp@v0.6.0", "Name": "github.com/google/go-cmp", "Identifier": { "PURL": "pkg:golang/github.com/google/go-cmp@v0.6.0", "UID": "954cdf1aa78855a8" }, "Version": "v0.6.0", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/gofuzz@v1.2.0", "Name": "github.com/google/gofuzz", "Identifier": { "PURL": "pkg:golang/github.com/google/gofuzz@v1.2.0", "UID": "98d23cf8b0539bb" }, "Version": "v1.2.0", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/uuid@v1.6.0", "Name": "github.com/google/uuid", "Identifier": { "PURL": "pkg:golang/github.com/google/uuid@v1.6.0", "UID": "b77ff0ce3237b67a" }, "Version": "v1.6.0", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/imdario/mergo@v0.3.16", "Name": "github.com/imdario/mergo", "Identifier": { "PURL": "pkg:golang/github.com/imdario/mergo@v0.3.16", "UID": "8e6aa5c346d3a5b4" }, "Version": "v0.3.16", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/josharian/intern@v1.0.0", "Name": "github.com/josharian/intern", "Identifier": { "PURL": "pkg:golang/github.com/josharian/intern@v1.0.0", "UID": "987ad9ce1e4abec" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/json-iterator/go@v1.1.12", "Name": "github.com/json-iterator/go", "Identifier": { "PURL": "pkg:golang/github.com/json-iterator/go@v1.1.12", "UID": "c684ac70896d0b08" }, "Version": "v1.1.12", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mailru/easyjson@v0.7.7", "Name": "github.com/mailru/easyjson", "Identifier": { "PURL": "pkg:golang/github.com/mailru/easyjson@v0.7.7", "UID": "45c5c1511bfff204" }, "Version": "v0.7.7", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mikioh/ipaddr@v0.0.0-20190404000644-d465c8ab6721", "Name": "github.com/mikioh/ipaddr", "Identifier": { "PURL": "pkg:golang/github.com/mikioh/ipaddr@v0.0.0-20190404000644-d465c8ab6721", "UID": "2eea64a2c23f2ff4" }, "Version": "v0.0.0-20190404000644-d465c8ab6721", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", "Name": "github.com/modern-go/concurrent", "Identifier": { "PURL": "pkg:golang/github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", "UID": "95b42a31f1582eee" }, "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/modern-go/reflect2@v1.0.2", "Name": "github.com/modern-go/reflect2", "Identifier": { "PURL": "pkg:golang/github.com/modern-go/reflect2@v1.0.2", "UID": "fec19c7be7edd982" }, "Version": "v1.0.2", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", "Name": "github.com/munnerz/goautoneg", "Identifier": { "PURL": "pkg:golang/github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", "UID": "8bbe8fe7a984b484" }, "Version": "v0.0.0-20191010083416-a7dc8b61c822", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/pkg/errors@v0.9.1", "Name": "github.com/pkg/errors", "Identifier": { "PURL": "pkg:golang/github.com/pkg/errors@v0.9.1", "UID": "6b2a37f55e7cf71e" }, "Version": "v0.9.1", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/client_golang@v1.19.1", "Name": "github.com/prometheus/client_golang", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/client_golang@v1.19.1", "UID": "d10b93dcbd5765c" }, "Version": "v1.19.1", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/client_model@v0.6.1", "Name": "github.com/prometheus/client_model", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/client_model@v0.6.1", "UID": "27f8813ce576e52a" }, "Version": "v0.6.1", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/common@v0.55.0", "Name": "github.com/prometheus/common", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/common@v0.55.0", "UID": "c15341a93fbdf6f5" }, "Version": "v0.55.0", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/procfs@v0.15.1", "Name": "github.com/prometheus/procfs", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/procfs@v0.15.1", "UID": "2eadfe2f2968ad41" }, "Version": "v0.15.1", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/spf13/pflag@v1.0.5", "Name": "github.com/spf13/pflag", "Identifier": { "PURL": "pkg:golang/github.com/spf13/pflag@v1.0.5", "UID": "3ca738efa6547118" }, "Version": "v1.0.5", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/x448/float16@v0.8.4", "Name": "github.com/x448/float16", "Identifier": { "PURL": "pkg:golang/github.com/x448/float16@v0.8.4", "UID": "b258dc21f3c9908a" }, "Version": "v0.8.4", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "go.uber.org/multierr@v1.11.0", "Name": "go.uber.org/multierr", "Identifier": { "PURL": "pkg:golang/go.uber.org/multierr@v1.11.0", "UID": "4f3a0a33979b08c4" }, "Version": "v1.11.0", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "go.uber.org/zap@v1.27.0", "Name": "go.uber.org/zap", "Identifier": { "PURL": "pkg:golang/go.uber.org/zap@v1.27.0", "UID": "714deacd573d510e" }, "Version": "v1.27.0", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "go.universe.tf/metallb", "Name": "go.universe.tf/metallb", "Identifier": { "PURL": "pkg:golang/go.universe.tf/metallb", "UID": "90200d942f588ebe" }, "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/exp@v0.0.0-20240719175910-8a7402abbf56", "Name": "golang.org/x/exp", "Identifier": { "PURL": "pkg:golang/golang.org/x/exp@v0.0.0-20240719175910-8a7402abbf56", "UID": "98ec82c538996e06" }, "Version": "v0.0.0-20240719175910-8a7402abbf56", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/net@v0.30.0", "Name": "golang.org/x/net", "Identifier": { "PURL": "pkg:golang/golang.org/x/net@v0.30.0", "UID": "c18e934b6f916ed6" }, "Version": "v0.30.0", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/oauth2@v0.21.0", "Name": "golang.org/x/oauth2", "Identifier": { "PURL": "pkg:golang/golang.org/x/oauth2@v0.21.0", "UID": "2e16bfc11bde4a59" }, "Version": "v0.21.0", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/sys@v0.26.0", "Name": "golang.org/x/sys", "Identifier": { "PURL": "pkg:golang/golang.org/x/sys@v0.26.0", "UID": "206d608b323ee0b9" }, "Version": "v0.26.0", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/term@v0.25.0", "Name": "golang.org/x/term", "Identifier": { "PURL": "pkg:golang/golang.org/x/term@v0.25.0", "UID": "9fa6eb70c1184c26" }, "Version": "v0.25.0", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/text@v0.19.0", "Name": "golang.org/x/text", "Identifier": { "PURL": "pkg:golang/golang.org/x/text@v0.19.0", "UID": "55ea6b0bf0211f1b" }, "Version": "v0.19.0", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/time@v0.5.0", "Name": "golang.org/x/time", "Identifier": { "PURL": "pkg:golang/golang.org/x/time@v0.5.0", "UID": "e83ec802d68af88" }, "Version": "v0.5.0", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "gomodules.xyz/jsonpatch/v2@v2.4.0", "Name": "gomodules.xyz/jsonpatch/v2", "Identifier": { "PURL": "pkg:golang/gomodules.xyz/jsonpatch/v2@v2.4.0", "UID": "7392231f771e2fa2" }, "Version": "v2.4.0", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/protobuf@v1.35.1", "Name": "google.golang.org/protobuf", "Identifier": { "PURL": "pkg:golang/google.golang.org/protobuf@v1.35.1", "UID": "e7909224d64a9cfa" }, "Version": "v1.35.1", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/inf.v0@v0.9.1", "Name": "gopkg.in/inf.v0", "Identifier": { "PURL": "pkg:golang/gopkg.in/inf.v0@v0.9.1", "UID": "4b572ab72110163e" }, "Version": "v0.9.1", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/yaml.v2@v2.4.0", "Name": "gopkg.in/yaml.v2", "Identifier": { "PURL": "pkg:golang/gopkg.in/yaml.v2@v2.4.0", "UID": "36c1c06ad9298730" }, "Version": "v2.4.0", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/yaml.v3@v3.0.1", "Name": "gopkg.in/yaml.v3", "Identifier": { "PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1", "UID": "594d55702ac05688" }, "Version": "v3.0.1", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/api@v0.31.4", "Name": "k8s.io/api", "Identifier": { "PURL": "pkg:golang/k8s.io/api@v0.31.4", "UID": "dbf41b6530a0dfd8" }, "Version": "v0.31.4", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/apiextensions-apiserver@v0.31.1", "Name": "k8s.io/apiextensions-apiserver", "Identifier": { "PURL": "pkg:golang/k8s.io/apiextensions-apiserver@v0.31.1", "UID": "b467bfdf9a61da5f" }, "Version": "v0.31.1", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/apimachinery@v0.31.4", "Name": "k8s.io/apimachinery", "Identifier": { "PURL": "pkg:golang/k8s.io/apimachinery@v0.31.4", "UID": "df12b7dc65971aee" }, "Version": "v0.31.4", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/client-go@v0.31.4", "Name": "k8s.io/client-go", "Identifier": { "PURL": "pkg:golang/k8s.io/client-go@v0.31.4", "UID": "145c981cd0b47579" }, "Version": "v0.31.4", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/klog@v1.0.0", "Name": "k8s.io/klog", "Identifier": { "PURL": "pkg:golang/k8s.io/klog@v1.0.0", "UID": "ee15ce60faf56dcc" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/klog/v2@v2.130.1", "Name": "k8s.io/klog/v2", "Identifier": { "PURL": "pkg:golang/k8s.io/klog/v2@v2.130.1", "UID": "3ef017b4c32a3e10" }, "Version": "v2.130.1", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/kube-openapi@v0.0.0-20240521193020-835d969ad83a", "Name": "k8s.io/kube-openapi", "Identifier": { "PURL": "pkg:golang/k8s.io/kube-openapi@v0.0.0-20240521193020-835d969ad83a", "UID": "cb9b8838969ba85" }, "Version": "v0.0.0-20240521193020-835d969ad83a", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/utils@v0.0.0-20240711033017-18e509b52bc8", "Name": "k8s.io/utils", "Identifier": { "PURL": "pkg:golang/k8s.io/utils@v0.0.0-20240711033017-18e509b52bc8", "UID": "f93bfbac62194d9b" }, "Version": "v0.0.0-20240711033017-18e509b52bc8", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/controller-runtime@v0.19.3", "Name": "sigs.k8s.io/controller-runtime", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/controller-runtime@v0.19.3", "UID": "8ca34ba914911295" }, "Version": "v0.19.3", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/json@v0.0.0-20221116044647-bc3834ca7abd", "Name": "sigs.k8s.io/json", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/json@v0.0.0-20221116044647-bc3834ca7abd", "UID": "23b88bcc9ee297df" }, "Version": "v0.0.0-20221116044647-bc3834ca7abd", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/structured-merge-diff/v4@v4.4.1", "Name": "sigs.k8s.io/structured-merge-diff/v4", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/structured-merge-diff/v4@v4.4.1", "UID": "1b70600b48e83e33" }, "Version": "v4.4.1", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/yaml@v1.4.0", "Name": "sigs.k8s.io/yaml", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/yaml@v1.4.0", "UID": "24f0db3636d27d36" }, "Version": "v1.4.0", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "AnalyzedBy": "gobinary" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2025-22870", "VendorIDs": [ "GHSA-qxp5-gwg8-xv66" ], "PkgID": "golang.org/x/net@v0.30.0", "PkgName": "golang.org/x/net", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/net@v0.30.0", "UID": "c18e934b6f916ed6" }, "InstalledVersion": "v0.30.0", "FixedVersion": "0.36.0", "Status": "fixed", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:7e228cf2dcbbb75a585e4a248fabf15ac0ab3d36aefe8924beb6fd5f1b5ae0f2", "Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", "Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.", "Severity": "MEDIUM", "CweIDs": [ "CWE-115" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/03/07/2", "https://access.redhat.com/security/cve/CVE-2025-22870", "https://github.com/golang/go/issues/71984", "https://go-review.googlesource.com/q/project:net", "https://go.dev/cl/654697", "https://go.dev/issue/71984", "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", "https://nvd.nist.gov/vuln/detail/CVE-2025-22870", "https://pkg.go.dev/vuln/GO-2025-3503", "https://security.netapp.com/advisory/ntap-20250509-0007", "https://security.netapp.com/advisory/ntap-20250509-0007/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-22870" ], "PublishedDate": "2025-03-12T19:15:38.31Z", "LastModifiedDate": "2026-04-16T23:16:32.86Z" }, { "VulnerabilityID": "CVE-2025-22872", "VendorIDs": [ "GHSA-vvgc-356p-c3xw" ], "PkgID": "golang.org/x/net@v0.30.0", "PkgName": "golang.org/x/net", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/net@v0.30.0", "UID": "c18e934b6f916ed6" }, "InstalledVersion": "v0.30.0", "FixedVersion": "0.38.0", "Status": "fixed", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22872", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:2ec0e3c34bf87edfce636c6787d0e3f322dc3b95c57eddcced91e411036fcdbb", "Title": "golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net", "Description": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N", "V40Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22872", "https://github.com/TheDegenerateDev5150/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9", "https://github.com/advisories/GHSA-vvgc-356p-c3xw", "https://go.dev/cl/662715", "https://go.dev/issue/73070", "https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA", "https://nvd.nist.gov/vuln/detail/CVE-2025-22872", "https://pkg.go.dev/vuln/GO-2025-3595", "https://security.netapp.com/advisory/ntap-20250516-0007", "https://security.netapp.com/advisory/ntap-20250516-0007/", "https://ubuntu.com/security/notices/USN-8089-1", "https://ubuntu.com/security/notices/USN-8089-2", "https://ubuntu.com/security/notices/USN-8089-3", "https://www.cve.org/CVERecord?id=CVE-2025-22872" ], "PublishedDate": "2025-04-16T18:16:04.183Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-22868", "VendorIDs": [ "GHSA-6v2p-p543-phr9" ], "PkgID": "golang.org/x/oauth2@v0.21.0", "PkgName": "golang.org/x/oauth2", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/oauth2@v0.21.0", "UID": "2e16bfc11bde4a59" }, "InstalledVersion": "v0.21.0", "FixedVersion": "0.27.0", "Status": "fixed", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22868", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:9e0826ac7420bb2f977db7ba6a08dcd443fd9d97febba66e9b022c59fc207968", "Title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws", "Description": "An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.", "Severity": "HIGH", "CweIDs": [ "CWE-1286" ], "VendorSeverity": { "amazon": 3, "azure": 3, "cbl-mariner": 3, "ghsa": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22868", "https://bugzilla.redhat.com/show_bug.cgi?id=2347423", "https://bugzilla.redhat.com/show_bug.cgi?id=2348366", "https://bugzilla.redhat.com/show_bug.cgi?id=2352914", "https://bugzilla.redhat.com/show_bug.cgi?id=2354195", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22868", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27144", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30204", "https://errata.rockylinux.org/RLSA-2025:7479", "https://go.dev/cl/652155", "https://go.dev/issue/71490", "https://nvd.nist.gov/vuln/detail/CVE-2025-22868", "https://pkg.go.dev/vuln/GO-2025-3488", "https://www.cve.org/CVERecord?id=CVE-2025-22868" ], "PublishedDate": "2025-02-26T08:14:24.897Z", "LastModifiedDate": "2025-05-01T19:27:10.43Z" }, { "VulnerabilityID": "CVE-2025-68121", "VendorIDs": [ "GO-2026-4337" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "e7c76fb91746ebdb" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3", "Status": "fixed", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68121", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c1beccf80a968726ce1d868ed98b65a1ff95562a2760b23bd1de7f00db659320", "Title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption", "Description": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.", "Severity": "CRITICAL", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 4, "cbl-mariner": 2, "nvd": 4, "oracle-oval": 3, "photon": 4, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "V3Score": 10 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "V3Score": 10 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4177", "https://access.redhat.com/security/cve/CVE-2025-68121", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-4177.html", "https://errata.rockylinux.org/RLSA-2026:4177", "https://github.com/golang/go/issues/77113", "https://go.dev/cl/737700", "https://go.dev/issue/77217", "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-68121.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-68121", "https://pkg.go.dev/vuln/GO-2026-4337", "https://www.cve.org/CVERecord?id=CVE-2025-68121" ], "PublishedDate": "2026-02-05T18:16:10.857Z", "LastModifiedDate": "2026-04-29T14:16:16.17Z" }, { "VulnerabilityID": "CVE-2025-61726", "VendorIDs": [ "GO-2026-4341" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "e7c76fb91746ebdb" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61726", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:4062270fe341e2220e7bf1299935d2f90045cbb8667059cddf88e4dcab357872", "Title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url", "Description": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 3, "cbl-mariner": 2, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4177", "https://access.redhat.com/security/cve/CVE-2025-61726", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-4177.html", "https://errata.rockylinux.org/RLSA-2026:4177", "https://go.dev/cl/736712", "https://go.dev/issue/77101", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-61726.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61726", "https://pkg.go.dev/vuln/GO-2026-4341", "https://www.cve.org/CVERecord?id=CVE-2025-61726" ], "PublishedDate": "2026-01-28T20:16:09.713Z", "LastModifiedDate": "2026-02-06T18:47:34.52Z" }, { "VulnerabilityID": "CVE-2025-61729", "VendorIDs": [ "GO-2025-4155" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "e7c76fb91746ebdb" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.11, 1.25.5", "Status": "fixed", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61729", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:6e1e9ca78ce1c6998a0ab391325c343e6024dcefa2706436e669957a8044d522", "Title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate", "Description": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 1, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:3928", "https://access.redhat.com/security/cve/CVE-2025-61729", "https://bugzilla.redhat.com/2418462", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-3928.html", "https://errata.rockylinux.org/RLSA-2026:3928", "https://go.dev/cl/725920", "https://go.dev/issue/76445", "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "https://linux.oracle.com/cve/CVE-2025-61729.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61729", "https://pkg.go.dev/vuln/GO-2025-4155", "https://www.cve.org/CVERecord?id=CVE-2025-61729" ], "PublishedDate": "2025-12-02T19:15:51.447Z", "LastModifiedDate": "2025-12-19T18:25:28.283Z" }, { "VulnerabilityID": "CVE-2026-25679", "VendorIDs": [ "GO-2026-4601" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "e7c76fb91746ebdb" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.8, 1.26.1", "Status": "fixed", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25679", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:4b6e5df62405ee110ea66edf148348c9e625c55bfdd98b76f5233c0c19f2c169", "Title": "net/url: Incorrect parsing of IPv6 host literals in net/url", "Description": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.", "Severity": "HIGH", "CweIDs": [ "CWE-425" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:9044", "https://access.redhat.com/security/cve/CVE-2026-25679", "https://bugzilla.redhat.com/2445356", "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", "https://errata.almalinux.org/9/ALSA-2026-9044.html", "https://errata.rockylinux.org/RLSA-2026:8841", "https://go.dev/cl/752180", "https://go.dev/issue/77578", "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "https://linux.oracle.com/cve/CVE-2026-25679.html", "https://linux.oracle.com/errata/ELSA-2026-9044.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", "https://pkg.go.dev/vuln/GO-2026-4601", "https://www.cve.org/CVERecord?id=CVE-2026-25679" ], "PublishedDate": "2026-03-06T22:16:00.72Z", "LastModifiedDate": "2026-04-21T14:43:03.8Z" }, { "VulnerabilityID": "CVE-2026-32280", "VendorIDs": [ "GO-2026-4947" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "e7c76fb91746ebdb" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:352243f34386be0af1e12f7aee5dd6353882d34b70db16f0b7f4416b07126627", "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32280", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/758320", "https://go.dev/issue/78282", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32280.html", "https://linux.oracle.com/errata/ELSA-2026-16875.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", "https://pkg.go.dev/vuln/GO-2026-4947", "https://www.cve.org/CVERecord?id=CVE-2026-32280" ], "PublishedDate": "2026-04-08T02:16:03.247Z", "LastModifiedDate": "2026-04-16T19:16:42.18Z" }, { "VulnerabilityID": "CVE-2026-32281", "VendorIDs": [ "GO-2026-4946" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "e7c76fb91746ebdb" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:789997cfcf9dcf77dc556e55a02c6bd73ec9c9e4a97f33708f4ed961e6e828df", "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32281", "https://go.dev/cl/758061", "https://go.dev/issue/78281", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", "https://pkg.go.dev/vuln/GO-2026-4946", "https://www.cve.org/CVERecord?id=CVE-2026-32281" ], "PublishedDate": "2026-04-08T02:16:03.35Z", "LastModifiedDate": "2026-04-16T19:15:57.75Z" }, { "VulnerabilityID": "CVE-2026-32283", "VendorIDs": [ "GO-2026-4870" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "e7c76fb91746ebdb" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:d51f6d5c759ae7f858c27d1e29103977e6e0b195ba2ac66e17512e03780b701f", "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "nvd": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32283", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763767", "https://go.dev/issue/78334", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32283.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", "https://pkg.go.dev/vuln/GO-2026-4870", "https://www.cve.org/CVERecord?id=CVE-2026-32283" ], "PublishedDate": "2026-04-08T02:16:03.58Z", "LastModifiedDate": "2026-04-16T19:12:10.54Z" }, { "VulnerabilityID": "CVE-2026-33811", "VendorIDs": [ "GO-2026-4981" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "e7c76fb91746ebdb" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:de131786c68a22bb248c107a6aa94cc6eafd3616b0b8eced5951522d51f8e6d2", "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", "Severity": "HIGH", "CweIDs": [ "CWE-415" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/767860", "https://go.dev/issue/78803", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", "https://pkg.go.dev/vuln/GO-2026-4981" ], "PublishedDate": "2026-05-07T20:16:42.77Z", "LastModifiedDate": "2026-05-12T20:23:02.333Z" }, { "VulnerabilityID": "CVE-2026-33814", "VendorIDs": [ "GO-2026-4918" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "e7c76fb91746ebdb" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:4c72d350e73b6f28fc317c221bb4300d0579f8e61b7a75a9d0f88280b1ad63d4", "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", "Severity": "HIGH", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/761581", "https://go.dev/cl/761640", "https://go.dev/issue/78476", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", "https://pkg.go.dev/vuln/GO-2026-4918" ], "PublishedDate": "2026-05-07T20:16:42.88Z", "LastModifiedDate": "2026-05-13T14:41:59.52Z" }, { "VulnerabilityID": "CVE-2026-39820", "VendorIDs": [ "GO-2026-4986" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "e7c76fb91746ebdb" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:ea4efcda40185d3171a991421d4c5afb3533698be37ffd477d3e3a97c4c86202", "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/759940", "https://go.dev/issue/78566", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", "https://pkg.go.dev/vuln/GO-2026-4986" ], "PublishedDate": "2026-05-07T20:16:43.187Z", "LastModifiedDate": "2026-05-13T15:10:58.65Z" }, { "VulnerabilityID": "CVE-2026-39836", "VendorIDs": [ "GO-2026-4971" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "e7c76fb91746ebdb" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:ba1ed0e7d0cb04aedc71aadb5551520d8dd06e9ffbea61f93e018663c674ce3d", "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/775320", "https://go.dev/issue/79006", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", "https://pkg.go.dev/vuln/GO-2026-4971" ], "PublishedDate": "2026-05-07T20:16:43.593Z", "LastModifiedDate": "2026-05-13T15:11:10.31Z" }, { "VulnerabilityID": "CVE-2026-42499", "VendorIDs": [ "GO-2026-4977" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "e7c76fb91746ebdb" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:180b3b5b96d266cb5b04626f43fc3eac98e3ce4627d8ae69fd20ecb1c593e750", "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", "Severity": "HIGH", "VendorSeverity": { "bitnami": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/771520", "https://go.dev/issue/78987", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", "https://pkg.go.dev/vuln/GO-2026-4977" ], "PublishedDate": "2026-05-07T20:16:44.54Z", "LastModifiedDate": "2026-05-13T16:59:17.563Z" }, { "VulnerabilityID": "CVE-2024-45336", "VendorIDs": [ "GO-2025-3420" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "e7c76fb91746ebdb" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.22.11, 1.23.5, 1.24.0-rc.2", "Status": "fixed", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-45336", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:dbf092dfbf846c0472c6a9d12182a9a538b168fb5826e31ba02311a7b6c6d099", "Title": "golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect", "Description": "The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "bitnami": 2, "cbl-mariner": 3, "oracle-oval": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:3772", "https://access.redhat.com/security/cve/CVE-2024-45336", "https://bugzilla.redhat.com/2341750", "https://bugzilla.redhat.com/2341751", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", "https://errata.almalinux.org/8/ALSA-2025-3772.html", "https://errata.rockylinux.org/RLSA-2025:3773", "https://github.com/golang/go/issues/70530", "https://go.dev/cl/643100", "https://go.dev/issue/70530", "https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI", "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ", "https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ", "https://linux.oracle.com/cve/CVE-2024-45336.html", "https://linux.oracle.com/errata/ELSA-2025-7592.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-45336", "https://pkg.go.dev/vuln/GO-2025-3420", "https://security.netapp.com/advisory/ntap-20250221-0003/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2024-45336" ], "PublishedDate": "2025-01-28T02:15:28.807Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-0913", "VendorIDs": [ "GO-2025-3750" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "e7c76fb91746ebdb" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.23.10, 1.24.4", "Status": "fixed", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:0a40b5a4a5c38c75d67d14fb682c3b9e498f89261b9e6da522b7d429dbb1cb2a", "Title": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", "Description": "os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 } }, "References": [ "https://go.dev/cl/672396", "https://go.dev/issue/73702", "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "https://nvd.nist.gov/vuln/detail/CVE-2025-0913", "https://pkg.go.dev/vuln/GO-2025-3750" ], "PublishedDate": "2025-06-11T18:15:24.627Z", "LastModifiedDate": "2025-08-08T14:53:03.55Z" }, { "VulnerabilityID": "CVE-2025-22866", "VendorIDs": [ "GO-2025-3447" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "e7c76fb91746ebdb" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.22.12, 1.23.6, 1.24.0-rc.3", "Status": "fixed", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22866", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:9890e5bb778fbcba2fcfc6f20c92a1af807f088ff8a3dfdd5b71353e65075be4", "Title": "crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec", "Description": "Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.", "Severity": "MEDIUM", "VendorSeverity": { "bitnami": 2, "oracle-oval": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22866", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", "https://errata.rockylinux.org/RLSA-2025:3773", "https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12)", "https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6)", "https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3)", "https://github.com/golang/go/issues/71383", "https://go.dev/cl/643735", "https://go.dev/issue/71383", "https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k", "https://linux.oracle.com/cve/CVE-2025-22866.html", "https://linux.oracle.com/errata/ELSA-2025-7466.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-22866", "https://pkg.go.dev/vuln/GO-2025-3447", "https://security.netapp.com/advisory/ntap-20250221-0002/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-22866" ], "PublishedDate": "2025-02-06T17:15:21.41Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-22870", "VendorIDs": [ "GHSA-qxp5-gwg8-xv66", "GO-2025-3503" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "e7c76fb91746ebdb" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.23.7, 1.24.1", "Status": "fixed", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:ee259276a1387526d41833edf0688ee799e602e38174ace6b3f95b97cbc6a030", "Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", "Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.", "Severity": "MEDIUM", "CweIDs": [ "CWE-115" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/03/07/2", "https://access.redhat.com/security/cve/CVE-2025-22870", "https://github.com/golang/go/issues/71984", "https://go-review.googlesource.com/q/project:net", "https://go.dev/cl/654697", "https://go.dev/issue/71984", "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", "https://nvd.nist.gov/vuln/detail/CVE-2025-22870", "https://pkg.go.dev/vuln/GO-2025-3503", "https://security.netapp.com/advisory/ntap-20250509-0007", "https://security.netapp.com/advisory/ntap-20250509-0007/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-22870" ], "PublishedDate": "2025-03-12T19:15:38.31Z", "LastModifiedDate": "2026-04-16T23:16:32.86Z" }, { "VulnerabilityID": "CVE-2025-22871", "VendorIDs": [ "GO-2025-3563" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "e7c76fb91746ebdb" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.23.8, 1.24.2", "Status": "fixed", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22871", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:027f4cd1d3edf70c44b7fd080dc53ab56be01b92582cf8c3a46b597fe69fb357", "Title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http", "Description": "The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 4, "cbl-mariner": 3, "ghsa": 4, "oracle-oval": 2, "photon": 4, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/04/4", "https://access.redhat.com/errata/RHSA-2025:9635", "https://access.redhat.com/security/cve/CVE-2025-22871", "https://bugzilla.redhat.com/2358493", "https://bugzilla.redhat.com/show_bug.cgi?id=2358493", "https://cert-portal.siemens.com/productcert/html/ssa-783943.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871", "https://errata.almalinux.org/9/ALSA-2025-9635.html", "https://errata.rockylinux.org/RLSA-2025:9635", "https://github.com/roadrunner-server/roadrunner", "https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa", "https://github.com/roadrunner-server/roadrunner/issues/2166", "https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0", "https://go.dev/cl/652998", "https://go.dev/issue/71988", "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk", "https://linux.oracle.com/cve/CVE-2025-22871.html", "https://linux.oracle.com/errata/ELSA-2025-9845.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-22871", "https://pkg.go.dev/vuln/GO-2025-3563", "https://www.cve.org/CVERecord?id=CVE-2025-22871" ], "PublishedDate": "2025-04-08T20:15:20.183Z", "LastModifiedDate": "2026-05-12T13:16:39.897Z" }, { "VulnerabilityID": "CVE-2025-22873", "VendorIDs": [ "GO-2026-4403" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "e7c76fb91746ebdb" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.23.9, 1.24.3", "Status": "fixed", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22873", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:63d7c37ab1ca068b569a68d53e4c01c533cf0c907f880d47d5db387dd3aa9982", "Title": "os: os: Information disclosure via path traversal using specially crafted filenames", "Description": "It was possible to improperly access the parent directory of an os.Root by opening a filename ending in \"../\". For example, Root.Open(\"../\") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.", "Severity": "MEDIUM", "CweIDs": [ "CWE-23" ], "VendorSeverity": { "amazon": 2, "bitnami": 1, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "V3Score": 3.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/05/06/2", "https://access.redhat.com/security/cve/CVE-2025-22873", "https://go.dev/cl/670036", "https://go.dev/issue/73555", "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ", "https://nvd.nist.gov/vuln/detail/CVE-2025-22873", "https://pkg.go.dev/vuln/GO-2026-4403", "https://www.cve.org/CVERecord?id=CVE-2025-22873" ], "PublishedDate": "2026-02-04T23:15:54.22Z", "LastModifiedDate": "2026-02-10T15:16:40.057Z" }, { "VulnerabilityID": "CVE-2025-4673", "VendorIDs": [ "GO-2025-3751" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "e7c76fb91746ebdb" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.23.10, 1.24.4", "Status": "fixed", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c65787f3c82fd4c377c9eb41ade9af1d14c2c3fb9c194cd8d5cc73478cf1c65c", "Title": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", "Description": "Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "V3Score": 6.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "V3Score": 6.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:15887", "https://access.redhat.com/security/cve/CVE-2025-4673", "https://bugzilla.redhat.com/2373305", "https://bugzilla.redhat.com/show_bug.cgi?id=2373305", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673", "https://errata.almalinux.org/9/ALSA-2025-15887.html", "https://errata.rockylinux.org/RLSA-2025:15887", "https://go.dev/cl/679257", "https://go.dev/issue/73816", "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "https://linux.oracle.com/cve/CVE-2025-4673.html", "https://linux.oracle.com/errata/ELSA-2025-10677.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-4673", "https://pkg.go.dev/vuln/GO-2025-3751", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-4673" ], "PublishedDate": "2025-06-11T17:15:42.993Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-47906", "VendorIDs": [ "GO-2025-3956" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "e7c76fb91746ebdb" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.23.12, 1.24.6", "Status": "fixed", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3070ff5ee6fcba4ec7ad21151468127927b05e15fdfa7f908b95bcd29349d520", "Title": "os/exec: Unexpected paths returned from LookPath in os/exec", "Description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/08/06/1", "https://access.redhat.com/errata/RHSA-2025:22005", "https://access.redhat.com/security/cve/CVE-2025-47906", "https://bugzilla.redhat.com/2396546", "https://bugzilla.redhat.com/show_bug.cgi?id=2396546", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906", "https://errata.almalinux.org/9/ALSA-2025-22005.html", "https://errata.rockylinux.org/RLSA-2025:22005", "https://go.dev/cl/691775", "https://go.dev/issue/74466", "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", "https://linux.oracle.com/cve/CVE-2025-47906.html", "https://linux.oracle.com/errata/ELSA-2025-22668.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-47906", "https://pkg.go.dev/vuln/GO-2025-3956", "https://www.cve.org/CVERecord?id=CVE-2025-47906" ], "PublishedDate": "2025-09-18T19:15:37.66Z", "LastModifiedDate": "2026-01-27T19:56:17.707Z" }, { "VulnerabilityID": "CVE-2025-47907", "VendorIDs": [ "GO-2025-3849" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "e7c76fb91746ebdb" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.23.12, 1.24.6", "Status": "fixed", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c53bc24f2f2415aa76306b2bd7d9d7919d157e0f931bcc8c3ce243b8fcf7ef14", "Title": "database/sql: Postgres Scan Race Condition", "Description": "Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "V3Score": 7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/08/06/1", "https://access.redhat.com/errata/RHSA-2025:20909", "https://access.redhat.com/security/cve/CVE-2025-47907", "https://bugzilla.redhat.com/2387083", "https://bugzilla.redhat.com/2393152", "https://errata.almalinux.org/9/ALSA-2025-20909.html", "https://go.dev/cl/693735", "https://go.dev/issue/74831", "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", "https://linux.oracle.com/cve/CVE-2025-47907.html", "https://linux.oracle.com/errata/ELSA-2025-20983.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-47907", "https://pkg.go.dev/vuln/GO-2025-3849", "https://www.cve.org/CVERecord?id=CVE-2025-47907" ], "PublishedDate": "2025-08-07T16:15:30.357Z", "LastModifiedDate": "2026-01-29T19:11:50.67Z" }, { "VulnerabilityID": "CVE-2025-47912", "VendorIDs": [ "GO-2025-4010" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "e7c76fb91746ebdb" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47912", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f6863c65c6019e17b8b8182cc903d9d32b641ff0664b43dce295d0f2c4bbabe4", "Title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url", "Description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-47912", "https://go.dev/cl/709857", "https://go.dev/issue/75678", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-47912", "https://pkg.go.dev/vuln/GO-2025-4010", "https://www.cve.org/CVERecord?id=CVE-2025-47912" ], "PublishedDate": "2025-10-29T23:16:18.187Z", "LastModifiedDate": "2026-01-29T13:57:18.69Z" }, { "VulnerabilityID": "CVE-2025-58183", "VendorIDs": [ "GO-2025-4014" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "e7c76fb91746ebdb" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58183", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:825e95904783b55fdf82dd72717367da8562d7ed91f8e81a7aaf57cfef572b32", "Title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map", "Description": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/errata/RHSA-2026:1381", "https://access.redhat.com/security/cve/CVE-2025-58183", "https://bugzilla.redhat.com/2407258", "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", "https://errata.almalinux.org/9/ALSA-2026-1381.html", "https://errata.rockylinux.org/RLSA-2025:23326", "https://go.dev/cl/709861", "https://go.dev/issue/75677", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://linux.oracle.com/cve/CVE-2025-58183.html", "https://linux.oracle.com/errata/ELSA-2026-50076.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-58183", "https://pkg.go.dev/vuln/GO-2025-4014", "https://www.cve.org/CVERecord?id=CVE-2025-58183" ], "PublishedDate": "2025-10-29T23:16:19.357Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-58185", "VendorIDs": [ "GO-2025-4011" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "e7c76fb91746ebdb" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58185", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:a26e21bce6b6f8099db776391f028efc17782dd97006b823d167938de16b69d1", "Title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1", "Description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58185", "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd", "https://go.dev/cl/709856", "https://go.dev/issue/75671", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58185", "https://pkg.go.dev/vuln/GO-2025-4011", "https://www.cve.org/CVERecord?id=CVE-2025-58185" ], "PublishedDate": "2025-10-29T23:16:19.45Z", "LastModifiedDate": "2026-02-06T20:26:41.997Z" }, { "VulnerabilityID": "CVE-2025-58187", "VendorIDs": [ "GO-2025-4007" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "e7c76fb91746ebdb" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.9, 1.25.3", "Status": "fixed", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58187", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b7d82423a809c9441e690f9b82dd917902196c1d4782945056acd2b76862f327", "Title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509", "Description": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.", "Severity": "MEDIUM", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58187", "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4", "https://go.dev/cl/709854", "https://go.dev/issue/75681", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58187", "https://pkg.go.dev/vuln/GO-2025-4007", "https://www.cve.org/CVERecord?id=CVE-2025-58187" ], "PublishedDate": "2025-10-29T23:16:19.643Z", "LastModifiedDate": "2026-01-29T16:02:27.08Z" }, { "VulnerabilityID": "CVE-2025-58188", "VendorIDs": [ "GO-2025-4013" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "e7c76fb91746ebdb" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58188", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:2fe77d2013ad31e9d3ad044b5dfd873cf02193076e4a750089e6a0f4ded19f92", "Title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509", "Description": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58188", "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9", "https://go.dev/cl/709853", "https://go.dev/issue/75675", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58188", "https://pkg.go.dev/vuln/GO-2025-4013", "https://www.cve.org/CVERecord?id=CVE-2025-58188" ], "PublishedDate": "2025-10-29T23:16:19.74Z", "LastModifiedDate": "2026-01-29T15:55:11.97Z" }, { "VulnerabilityID": "CVE-2025-58189", "VendorIDs": [ "GO-2025-4008" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "e7c76fb91746ebdb" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58189", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b9fc084d08e657ef0e5a478f2cbe25be08ea7e3f0031a1a90d9aeedf22002068", "Title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information", "Description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", "Severity": "MEDIUM", "CweIDs": [ "CWE-532" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58189", "https://go.dev/cl/707776", "https://go.dev/issue/75652", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58189", "https://pkg.go.dev/vuln/GO-2025-4008", "https://www.cve.org/CVERecord?id=CVE-2025-58189" ], "PublishedDate": "2025-10-29T23:16:19.833Z", "LastModifiedDate": "2026-01-29T15:49:24.543Z" }, { "VulnerabilityID": "CVE-2025-61723", "VendorIDs": [ "GO-2025-4009" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "e7c76fb91746ebdb" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61723", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:ceb0a7d5c3b64357db65c8869a9af6d4b9af3a370f54482d24b43a5551b67ee8", "Title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem", "Description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61723", "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b", "https://go.dev/cl/709858", "https://go.dev/issue/75676", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61723", "https://pkg.go.dev/vuln/GO-2025-4009", "https://www.cve.org/CVERecord?id=CVE-2025-61723" ], "PublishedDate": "2025-10-29T23:16:19.927Z", "LastModifiedDate": "2026-01-29T15:49:05.343Z" }, { "VulnerabilityID": "CVE-2025-61724", "VendorIDs": [ "GO-2025-4015" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "e7c76fb91746ebdb" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61724", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:078f79b998b63225dc9f08fd2ac2fc7692e41d99dc380bf4ce14cea115bd0515", "Title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto", "Description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61724", "https://go.dev/cl/709859", "https://go.dev/issue/75716", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61724", "https://pkg.go.dev/vuln/GO-2025-4015", "https://www.cve.org/CVERecord?id=CVE-2025-61724" ], "PublishedDate": "2025-10-29T23:16:20.02Z", "LastModifiedDate": "2026-01-29T15:30:53.69Z" }, { "VulnerabilityID": "CVE-2025-61725", "VendorIDs": [ "GO-2025-4006" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "e7c76fb91746ebdb" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61725", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:7bb22380be3ab55a86aaf82b755cea597f4c2d0895ed332f936e877c1fa33cb8", "Title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail", "Description": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61725", "https://go.dev/cl/709860", "https://go.dev/issue/75680", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61725", "https://pkg.go.dev/vuln/GO-2025-4006", "https://www.cve.org/CVERecord?id=CVE-2025-61725" ], "PublishedDate": "2025-10-29T23:16:20.113Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-61727", "VendorIDs": [ "GO-2025-4175" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "e7c76fb91746ebdb" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.11, 1.25.5", "Status": "fixed", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61727", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:bba295c54174163967e2744ca6e70e34c8bf2e19a45d03b551fce44b26ff493f", "Title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs", "Description": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-61727", "https://go.dev/cl/723900", "https://go.dev/issue/76442", "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "https://nvd.nist.gov/vuln/detail/CVE-2025-61727", "https://pkg.go.dev/vuln/GO-2025-4175", "https://www.cve.org/CVERecord?id=CVE-2025-61727" ], "PublishedDate": "2025-12-03T20:16:25.607Z", "LastModifiedDate": "2025-12-18T20:15:10.957Z" }, { "VulnerabilityID": "CVE-2025-61728", "VendorIDs": [ "GO-2026-4342" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "e7c76fb91746ebdb" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61728", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:10725ecde417e2a07aa13d3d7fd99a51a4c982f8859583ae132880fc1c5ea276", "Title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip", "Description": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/15/4", "https://access.redhat.com/errata/RHSA-2026:3753", "https://access.redhat.com/security/cve/CVE-2025-61728", "https://bugzilla.redhat.com/2418462", "https://bugzilla.redhat.com/2434431", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", "https://bugzilla.redhat.com/show_bug.cgi?id=2434431", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-3753.html", "https://errata.rockylinux.org/RLSA-2026:3337", "https://go.dev/cl/736713", "https://go.dev/issue/77102", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-61728.html", "https://linux.oracle.com/errata/ELSA-2026-4672.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61728", "https://pkg.go.dev/vuln/GO-2026-4342", "https://www.cve.org/CVERecord?id=CVE-2025-61728" ], "PublishedDate": "2026-01-28T20:16:09.83Z", "LastModifiedDate": "2026-02-06T18:45:10.42Z" }, { "VulnerabilityID": "CVE-2025-61730", "VendorIDs": [ "GO-2026-4340" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "e7c76fb91746ebdb" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61730", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:8966ac6fd829389f344fcc68a4bd62349bab662878c0e380b31d25012967d830", "Title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls", "Description": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 2, "azure": 1, "bitnami": 2, "cbl-mariner": 1, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-61730", "https://go.dev/cl/724120", "https://go.dev/issue/76443", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://nvd.nist.gov/vuln/detail/CVE-2025-61730", "https://pkg.go.dev/vuln/GO-2026-4340", "https://www.cve.org/CVERecord?id=CVE-2025-61730" ], "PublishedDate": "2026-01-28T20:16:09.94Z", "LastModifiedDate": "2026-02-03T20:36:41.3Z" }, { "VulnerabilityID": "CVE-2026-27142", "VendorIDs": [ "GO-2026-4603" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "e7c76fb91746ebdb" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.8, 1.26.1", "Status": "fixed", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27142", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b293c598e4f5c0183d74d791dee54a1a10654cf93839720819bffd2d21861e46", "Title": "html/template: URLs in meta content attribute actions are not escaped in html/template", "Description": "Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27142", "https://go.dev/cl/752081", "https://go.dev/issue/77954", "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "https://nvd.nist.gov/vuln/detail/CVE-2026-27142", "https://pkg.go.dev/vuln/GO-2026-4603", "https://www.cve.org/CVERecord?id=CVE-2026-27142" ], "PublishedDate": "2026-03-06T22:16:01.177Z", "LastModifiedDate": "2026-04-21T14:30:01.38Z" }, { "VulnerabilityID": "CVE-2026-32282", "VendorIDs": [ "GO-2026-4864" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "e7c76fb91746ebdb" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:5e6edfcfb97ec2ea354b97bd97c19580bc97d17564688cb5d5266b5212a9c379", "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32282", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763761", "https://go.dev/issue/78293", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32282.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", "https://pkg.go.dev/vuln/GO-2026-4864", "https://www.cve.org/CVERecord?id=CVE-2026-32282" ], "PublishedDate": "2026-04-08T02:16:03.467Z", "LastModifiedDate": "2026-04-16T19:15:39.4Z" }, { "VulnerabilityID": "CVE-2026-32288", "VendorIDs": [ "GO-2026-4869" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "e7c76fb91746ebdb" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:0e746cb410fddcd9f486658f64dc3169b2076672e221eed655f8bde7b51e8ebe", "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "azure": 2, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32288", "https://go.dev/cl/763766", "https://go.dev/issue/78301", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", "https://pkg.go.dev/vuln/GO-2026-4869", "https://www.cve.org/CVERecord?id=CVE-2026-32288" ], "PublishedDate": "2026-04-08T02:16:03.707Z", "LastModifiedDate": "2026-04-16T19:08:52.24Z" }, { "VulnerabilityID": "CVE-2026-32289", "VendorIDs": [ "GO-2026-4865" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "e7c76fb91746ebdb" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f48bd326b753bf5589ed81e9242d182639e3e366713a64a3c47b9d7a630b8a05", "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32289", "https://go.dev/cl/763762", "https://go.dev/issue/78331", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", "https://pkg.go.dev/vuln/GO-2026-4865", "https://www.cve.org/CVERecord?id=CVE-2026-32289" ], "PublishedDate": "2026-04-08T02:16:03.82Z", "LastModifiedDate": "2026-04-16T19:06:57.367Z" }, { "VulnerabilityID": "CVE-2026-39823", "VendorIDs": [ "GO-2026-4982" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "e7c76fb91746ebdb" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:8447fa2a7e3830dc56c2ceceb2f8526fb4d65b382071afd5a4423b84323a179c", "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/769920", "https://go.dev/issue/78913", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", "https://pkg.go.dev/vuln/GO-2026-4982" ], "PublishedDate": "2026-05-07T20:16:43.29Z", "LastModifiedDate": "2026-05-13T16:58:45.697Z" }, { "VulnerabilityID": "CVE-2026-39825", "VendorIDs": [ "GO-2026-4976" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "e7c76fb91746ebdb" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:ff99b9ef454863921152770cefe9fd857cbdd953170e5343a7dea62aef4ba615", "Title": "ReverseProxy can forward queries containing parameters not visible to ...", "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", "Severity": "MEDIUM", "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://go.dev/cl/770541", "https://go.dev/issue/78948", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", "https://pkg.go.dev/vuln/GO-2026-4976" ], "PublishedDate": "2026-05-07T20:16:43.39Z", "LastModifiedDate": "2026-05-13T16:58:56.39Z" }, { "VulnerabilityID": "CVE-2026-39826", "VendorIDs": [ "GO-2026-4980" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "e7c76fb91746ebdb" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:c51af32f309e7bc69a89b2ceefc1b6bc26c2ecc38888074782731718115adcea", "DiffID": "sha256:34ca436a6f84835e6b041bd246e6c87e367fe972cc066b81896d06bd8686f63b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:1755360c1aa3da8bff66435cf700d1f977c962f4d5b6bc5f3aca6a00e86db57d", "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", "Severity": "MEDIUM", "CweIDs": [ "CWE-116" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/771180", "https://go.dev/issue/78981", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", "https://pkg.go.dev/vuln/GO-2026-4980" ], "PublishedDate": "2026-05-07T20:16:43.49Z", "LastModifiedDate": "2026-05-13T16:59:07.48Z" } ] }, { "Target": "speaker", "Class": "lang-pkgs", "Type": "gobinary", "Packages": [ { "ID": "go.universe.tf/metallb", "Name": "go.universe.tf/metallb", "Identifier": { "PURL": "pkg:golang/go.universe.tf/metallb", "UID": "846feac804b4039d" }, "Relationship": "root", "DependsOn": [ "github.com/armon/go-metrics@v0.3.9", "github.com/beorn7/perks@v1.0.1", "github.com/cespare/xxhash/v2@v2.3.0", "github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", "github.com/emicklei/go-restful/v3@v3.12.1", "github.com/evanphx/json-patch/v5@v5.9.0", "github.com/fxamacker/cbor/v2@v2.7.0", "github.com/go-kit/log@v0.2.1", "github.com/go-logfmt/logfmt@v0.5.1", "github.com/go-logr/logr@v1.4.2", "github.com/go-logr/zapr@v1.3.0", "github.com/go-openapi/jsonpointer@v0.21.0", "github.com/go-openapi/jsonreference@v0.21.0", "github.com/go-openapi/swag@v0.23.0", "github.com/gogo/protobuf@v1.3.2", "github.com/golang/groupcache@v0.0.0-20210331224755-41bb18bfe9da", "github.com/golang/protobuf@v1.5.4", "github.com/google/btree@v1.0.1", "github.com/google/gnostic-models@v0.6.8", "github.com/google/go-cmp@v0.6.0", "github.com/google/gofuzz@v1.2.0", "github.com/google/uuid@v1.6.0", "github.com/hashicorp/errwrap@v1.0.0", "github.com/hashicorp/go-immutable-radix@v1.3.1", "github.com/hashicorp/go-msgpack/v2@v2.1.1", "github.com/hashicorp/go-multierror@v1.1.0", "github.com/hashicorp/go-sockaddr@v1.0.0", "github.com/hashicorp/golang-lru@v0.5.1", "github.com/hashicorp/memberlist@v0.5.1", "github.com/imdario/mergo@v0.3.16", "github.com/josharian/intern@v1.0.0", "github.com/josharian/native@v1.0.0", "github.com/json-iterator/go@v1.1.12", "github.com/mailru/easyjson@v0.7.7", "github.com/mdlayher/arp@v0.0.0-20220221190821-c37aaafac7f9", "github.com/mdlayher/ethernet@v0.0.0-20220221185849-529eae5b6118", "github.com/mdlayher/ndp@v0.0.0-20200602162440-17ab9e3e5567", "github.com/mdlayher/packet@v1.0.0", "github.com/mdlayher/socket@v0.2.1", "github.com/metallb/frr-k8s@v0.0.16", "github.com/miekg/dns@v1.1.43", "github.com/mikioh/ipaddr@v0.0.0-20190404000644-d465c8ab6721", "github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", "github.com/modern-go/reflect2@v1.0.2", "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", "github.com/open-policy-agent/cert-controller@v0.10.2-0.20240531181455-2649f121ab97", "github.com/pkg/errors@v0.9.1", "github.com/prometheus/client_golang@v1.19.1", "github.com/prometheus/client_model@v0.6.1", "github.com/prometheus/common@v0.55.0", "github.com/prometheus/procfs@v0.15.1", "github.com/sean-/seed@v0.0.0-20170313163322-e2103e2c3529", "github.com/spf13/pflag@v1.0.5", "github.com/x448/float16@v0.8.4", "gitlab.com/golang-commonmark/puny@v0.0.0-20191124015043-9f83538fa04f", "go.uber.org/atomic@v1.11.0", "go.uber.org/multierr@v1.11.0", "go.uber.org/zap@v1.27.0", "golang.org/x/exp@v0.0.0-20240719175910-8a7402abbf56", "golang.org/x/net@v0.30.0", "golang.org/x/oauth2@v0.21.0", "golang.org/x/sync@v0.8.0", "golang.org/x/sys@v0.26.0", "golang.org/x/term@v0.25.0", "golang.org/x/text@v0.19.0", "golang.org/x/time@v0.5.0", "gomodules.xyz/jsonpatch/v2@v2.4.0", "google.golang.org/protobuf@v1.35.1", "gopkg.in/inf.v0@v0.9.1", "gopkg.in/yaml.v2@v2.4.0", "gopkg.in/yaml.v3@v3.0.1", "k8s.io/api@v0.31.4", "k8s.io/apiextensions-apiserver@v0.31.1", "k8s.io/apimachinery@v0.31.4", "k8s.io/client-go@v0.31.4", "k8s.io/klog/v2@v2.130.1", "k8s.io/klog@v1.0.0", "k8s.io/kube-openapi@v0.0.0-20240521193020-835d969ad83a", "k8s.io/utils@v0.0.0-20240711033017-18e509b52bc8", "sigs.k8s.io/controller-runtime@v0.19.3", "sigs.k8s.io/json@v0.0.0-20221116044647-bc3834ca7abd", "sigs.k8s.io/structured-merge-diff/v4@v4.4.1", "sigs.k8s.io/yaml@v1.4.0", "stdlib@v1.22.7" ], "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "stdlib@v1.22.7", "Name": "stdlib", "Identifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "75b9fce06fbac122" }, "Version": "v1.22.7", "Relationship": "direct", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/armon/go-metrics@v0.3.9", "Name": "github.com/armon/go-metrics", "Identifier": { "PURL": "pkg:golang/github.com/armon/go-metrics@v0.3.9", "UID": "ad35c19656d60ddf" }, "Version": "v0.3.9", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/beorn7/perks@v1.0.1", "Name": "github.com/beorn7/perks", "Identifier": { "PURL": "pkg:golang/github.com/beorn7/perks@v1.0.1", "UID": "ebcec89966eba1c1" }, "Version": "v1.0.1", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cespare/xxhash/v2@v2.3.0", "Name": "github.com/cespare/xxhash/v2", "Identifier": { "PURL": "pkg:golang/github.com/cespare/xxhash/v2@v2.3.0", "UID": "c707159f7c2c0754" }, "Version": "v2.3.0", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", "Name": "github.com/davecgh/go-spew", "Identifier": { "PURL": "pkg:golang/github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", "UID": "99e546a5f4c86c65" }, "Version": "v1.1.2-0.20180830191138-d8f796af33cc", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/emicklei/go-restful/v3@v3.12.1", "Name": "github.com/emicklei/go-restful/v3", "Identifier": { "PURL": "pkg:golang/github.com/emicklei/go-restful/v3@v3.12.1", "UID": "4665349f9903af7c" }, "Version": "v3.12.1", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/evanphx/json-patch/v5@v5.9.0", "Name": "github.com/evanphx/json-patch/v5", "Identifier": { "PURL": "pkg:golang/github.com/evanphx/json-patch/v5@v5.9.0", "UID": "f4d0b4210873f34f" }, "Version": "v5.9.0", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/fxamacker/cbor/v2@v2.7.0", "Name": "github.com/fxamacker/cbor/v2", "Identifier": { "PURL": "pkg:golang/github.com/fxamacker/cbor/v2@v2.7.0", "UID": "c57e8ebf4db985c1" }, "Version": "v2.7.0", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-kit/log@v0.2.1", "Name": "github.com/go-kit/log", "Identifier": { "PURL": "pkg:golang/github.com/go-kit/log@v0.2.1", "UID": "a171694966ee4bf8" }, "Version": "v0.2.1", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-logfmt/logfmt@v0.5.1", "Name": "github.com/go-logfmt/logfmt", "Identifier": { "PURL": "pkg:golang/github.com/go-logfmt/logfmt@v0.5.1", "UID": "b2ce925d846c17e7" }, "Version": "v0.5.1", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-logr/logr@v1.4.2", "Name": "github.com/go-logr/logr", "Identifier": { "PURL": "pkg:golang/github.com/go-logr/logr@v1.4.2", "UID": "6756e1424cc5ac23" }, "Version": "v1.4.2", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-logr/zapr@v1.3.0", "Name": "github.com/go-logr/zapr", "Identifier": { "PURL": "pkg:golang/github.com/go-logr/zapr@v1.3.0", "UID": "39b830a9b442b725" }, "Version": "v1.3.0", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/jsonpointer@v0.21.0", "Name": "github.com/go-openapi/jsonpointer", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/jsonpointer@v0.21.0", "UID": "c6e49a2b629fbe5b" }, "Version": "v0.21.0", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/jsonreference@v0.21.0", "Name": "github.com/go-openapi/jsonreference", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/jsonreference@v0.21.0", "UID": "9cac29b88c64f6af" }, "Version": "v0.21.0", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag@v0.23.0", "Name": "github.com/go-openapi/swag", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag@v0.23.0", "UID": "d119ba8f52cc1fce" }, "Version": "v0.23.0", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/gogo/protobuf@v1.3.2", "Name": "github.com/gogo/protobuf", "Identifier": { "PURL": "pkg:golang/github.com/gogo/protobuf@v1.3.2", "UID": "e6091e39c90c45b5" }, "Version": "v1.3.2", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/golang/groupcache@v0.0.0-20210331224755-41bb18bfe9da", "Name": "github.com/golang/groupcache", "Identifier": { "PURL": "pkg:golang/github.com/golang/groupcache@v0.0.0-20210331224755-41bb18bfe9da", "UID": "b0048ea94d61c289" }, "Version": "v0.0.0-20210331224755-41bb18bfe9da", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/golang/protobuf@v1.5.4", "Name": "github.com/golang/protobuf", "Identifier": { "PURL": "pkg:golang/github.com/golang/protobuf@v1.5.4", "UID": "eb0d87225bff573b" }, "Version": "v1.5.4", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/btree@v1.0.1", "Name": "github.com/google/btree", "Identifier": { "PURL": "pkg:golang/github.com/google/btree@v1.0.1", "UID": "c272a3297801d626" }, "Version": "v1.0.1", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/gnostic-models@v0.6.8", "Name": "github.com/google/gnostic-models", "Identifier": { "PURL": "pkg:golang/github.com/google/gnostic-models@v0.6.8", "UID": "98c7beea1782a5b" }, "Version": "v0.6.8", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/go-cmp@v0.6.0", "Name": "github.com/google/go-cmp", "Identifier": { "PURL": "pkg:golang/github.com/google/go-cmp@v0.6.0", "UID": "e4be95a96b5329e9" }, "Version": "v0.6.0", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/gofuzz@v1.2.0", "Name": "github.com/google/gofuzz", "Identifier": { "PURL": "pkg:golang/github.com/google/gofuzz@v1.2.0", "UID": "7000d8bec1030e9a" }, "Version": "v1.2.0", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/uuid@v1.6.0", "Name": "github.com/google/uuid", "Identifier": { "PURL": "pkg:golang/github.com/google/uuid@v1.6.0", "UID": "3ca6bbd5ba55ffb" }, "Version": "v1.6.0", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/errwrap@v1.0.0", "Name": "github.com/hashicorp/errwrap", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/errwrap@v1.0.0", "UID": "e91c5ee03d492a28" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/go-immutable-radix@v1.3.1", "Name": "github.com/hashicorp/go-immutable-radix", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/go-immutable-radix@v1.3.1", "UID": "ae488d8c5f58ab39" }, "Version": "v1.3.1", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/go-msgpack/v2@v2.1.1", "Name": "github.com/hashicorp/go-msgpack/v2", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/go-msgpack/v2@v2.1.1", "UID": "bfcd44526ff3ed48" }, "Version": "v2.1.1", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/go-multierror@v1.1.0", "Name": "github.com/hashicorp/go-multierror", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/go-multierror@v1.1.0", "UID": "95d827c5bedead6b" }, "Version": "v1.1.0", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/go-sockaddr@v1.0.0", "Name": "github.com/hashicorp/go-sockaddr", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/go-sockaddr@v1.0.0", "UID": "bdc76ac51a35102a" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/golang-lru@v0.5.1", "Name": "github.com/hashicorp/golang-lru", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/golang-lru@v0.5.1", "UID": "5d8a4c4ab5c0856d" }, "Version": "v0.5.1", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/memberlist@v0.5.1", "Name": "github.com/hashicorp/memberlist", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/memberlist@v0.5.1", "UID": "691be15f0ca56e65" }, "Version": "v0.5.1", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/imdario/mergo@v0.3.16", "Name": "github.com/imdario/mergo", "Identifier": { "PURL": "pkg:golang/github.com/imdario/mergo@v0.3.16", "UID": "69e87650d2ffef25" }, "Version": "v0.3.16", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/josharian/intern@v1.0.0", "Name": "github.com/josharian/intern", "Identifier": { "PURL": "pkg:golang/github.com/josharian/intern@v1.0.0", "UID": "2869f5b358cf2459" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/josharian/native@v1.0.0", "Name": "github.com/josharian/native", "Identifier": { "PURL": "pkg:golang/github.com/josharian/native@v1.0.0", "UID": "b640a6daf80877ce" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/json-iterator/go@v1.1.12", "Name": "github.com/json-iterator/go", "Identifier": { "PURL": "pkg:golang/github.com/json-iterator/go@v1.1.12", "UID": "1beec885044e8835" }, "Version": "v1.1.12", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mailru/easyjson@v0.7.7", "Name": "github.com/mailru/easyjson", "Identifier": { "PURL": "pkg:golang/github.com/mailru/easyjson@v0.7.7", "UID": "8dc3bb6fedd177b9" }, "Version": "v0.7.7", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mdlayher/arp@v0.0.0-20220221190821-c37aaafac7f9", "Name": "github.com/mdlayher/arp", "Identifier": { "PURL": "pkg:golang/github.com/mdlayher/arp@v0.0.0-20220221190821-c37aaafac7f9", "UID": "a6d52c57995f670d" }, "Version": "v0.0.0-20220221190821-c37aaafac7f9", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mdlayher/ethernet@v0.0.0-20220221185849-529eae5b6118", "Name": "github.com/mdlayher/ethernet", "Identifier": { "PURL": "pkg:golang/github.com/mdlayher/ethernet@v0.0.0-20220221185849-529eae5b6118", "UID": "95c78005b2df027c" }, "Version": "v0.0.0-20220221185849-529eae5b6118", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mdlayher/ndp@v0.0.0-20200602162440-17ab9e3e5567", "Name": "github.com/mdlayher/ndp", "Identifier": { "PURL": "pkg:golang/github.com/mdlayher/ndp@v0.0.0-20200602162440-17ab9e3e5567", "UID": "fcf03e789d108e0b" }, "Version": "v0.0.0-20200602162440-17ab9e3e5567", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mdlayher/packet@v1.0.0", "Name": "github.com/mdlayher/packet", "Identifier": { "PURL": "pkg:golang/github.com/mdlayher/packet@v1.0.0", "UID": "9c8140fdfe95b84e" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mdlayher/socket@v0.2.1", "Name": "github.com/mdlayher/socket", "Identifier": { "PURL": "pkg:golang/github.com/mdlayher/socket@v0.2.1", "UID": "9e73233d9723694f" }, "Version": "v0.2.1", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/metallb/frr-k8s@v0.0.16", "Name": "github.com/metallb/frr-k8s", "Identifier": { "PURL": "pkg:golang/github.com/metallb/frr-k8s@v0.0.16", "UID": "220cd0ba1c85be73" }, "Version": "v0.0.16", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/miekg/dns@v1.1.43", "Name": "github.com/miekg/dns", "Identifier": { "PURL": "pkg:golang/github.com/miekg/dns@v1.1.43", "UID": "e7ed3271254d7e76" }, "Version": "v1.1.43", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mikioh/ipaddr@v0.0.0-20190404000644-d465c8ab6721", "Name": "github.com/mikioh/ipaddr", "Identifier": { "PURL": "pkg:golang/github.com/mikioh/ipaddr@v0.0.0-20190404000644-d465c8ab6721", "UID": "14e92593b7c7c1" }, "Version": "v0.0.0-20190404000644-d465c8ab6721", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", "Name": "github.com/modern-go/concurrent", "Identifier": { "PURL": "pkg:golang/github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", "UID": "7110fe8532e4ff7f" }, "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/modern-go/reflect2@v1.0.2", "Name": "github.com/modern-go/reflect2", "Identifier": { "PURL": "pkg:golang/github.com/modern-go/reflect2@v1.0.2", "UID": "763b77867080cd27" }, "Version": "v1.0.2", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", "Name": "github.com/munnerz/goautoneg", "Identifier": { "PURL": "pkg:golang/github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", "UID": "404dcadbf5ee3d7d" }, "Version": "v0.0.0-20191010083416-a7dc8b61c822", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/open-policy-agent/cert-controller@v0.10.2-0.20240531181455-2649f121ab97", "Name": "github.com/open-policy-agent/cert-controller", "Identifier": { "PURL": "pkg:golang/github.com/open-policy-agent/cert-controller@v0.10.2-0.20240531181455-2649f121ab97", "UID": "d16c89f0f2be7a07" }, "Version": "v0.10.2-0.20240531181455-2649f121ab97", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/pkg/errors@v0.9.1", "Name": "github.com/pkg/errors", "Identifier": { "PURL": "pkg:golang/github.com/pkg/errors@v0.9.1", "UID": "1a584c0a9542b353" }, "Version": "v0.9.1", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/client_golang@v1.19.1", "Name": "github.com/prometheus/client_golang", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/client_golang@v1.19.1", "UID": "5e232bca3c73f671" }, "Version": "v1.19.1", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/client_model@v0.6.1", "Name": "github.com/prometheus/client_model", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/client_model@v0.6.1", "UID": "9aabacfb6b704f2f" }, "Version": "v0.6.1", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/common@v0.55.0", "Name": "github.com/prometheus/common", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/common@v0.55.0", "UID": "ccfbb9bce77066ac" }, "Version": "v0.55.0", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/procfs@v0.15.1", "Name": "github.com/prometheus/procfs", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/procfs@v0.15.1", "UID": "e6023fc832d77bc4" }, "Version": "v0.15.1", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/sean-/seed@v0.0.0-20170313163322-e2103e2c3529", "Name": "github.com/sean-/seed", "Identifier": { "PURL": "pkg:golang/github.com/sean-/seed@v0.0.0-20170313163322-e2103e2c3529", "UID": "4ea27b150cb63770" }, "Version": "v0.0.0-20170313163322-e2103e2c3529", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/spf13/pflag@v1.0.5", "Name": "github.com/spf13/pflag", "Identifier": { "PURL": "pkg:golang/github.com/spf13/pflag@v1.0.5", "UID": "533af7d5e683a689" }, "Version": "v1.0.5", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/x448/float16@v0.8.4", "Name": "github.com/x448/float16", "Identifier": { "PURL": "pkg:golang/github.com/x448/float16@v0.8.4", "UID": "97b18b10cd7e2073" }, "Version": "v0.8.4", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "gitlab.com/golang-commonmark/puny@v0.0.0-20191124015043-9f83538fa04f", "Name": "gitlab.com/golang-commonmark/puny", "Identifier": { "PURL": "pkg:golang/gitlab.com/golang-commonmark/puny@v0.0.0-20191124015043-9f83538fa04f", "UID": "d99e2101a794b9a0" }, "Version": "v0.0.0-20191124015043-9f83538fa04f", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "go.uber.org/atomic@v1.11.0", "Name": "go.uber.org/atomic", "Identifier": { "PURL": "pkg:golang/go.uber.org/atomic@v1.11.0", "UID": "664106a99540c098" }, "Version": "v1.11.0", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "go.uber.org/multierr@v1.11.0", "Name": "go.uber.org/multierr", "Identifier": { "PURL": "pkg:golang/go.uber.org/multierr@v1.11.0", "UID": "7e400c34809a2f25" }, "Version": "v1.11.0", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "go.uber.org/zap@v1.27.0", "Name": "go.uber.org/zap", "Identifier": { "PURL": "pkg:golang/go.uber.org/zap@v1.27.0", "UID": "9975bb49143b152f" }, "Version": "v1.27.0", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/exp@v0.0.0-20240719175910-8a7402abbf56", "Name": "golang.org/x/exp", "Identifier": { "PURL": "pkg:golang/golang.org/x/exp@v0.0.0-20240719175910-8a7402abbf56", "UID": "c129a3056a1b52c7" }, "Version": "v0.0.0-20240719175910-8a7402abbf56", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/net@v0.30.0", "Name": "golang.org/x/net", "Identifier": { "PURL": "pkg:golang/golang.org/x/net@v0.30.0", "UID": "62560f1af17e4a7" }, "Version": "v0.30.0", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/oauth2@v0.21.0", "Name": "golang.org/x/oauth2", "Identifier": { "PURL": "pkg:golang/golang.org/x/oauth2@v0.21.0", "UID": "ea72d8a716851a40" }, "Version": "v0.21.0", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/sync@v0.8.0", "Name": "golang.org/x/sync", "Identifier": { "PURL": "pkg:golang/golang.org/x/sync@v0.8.0", "UID": "1b75368d1354d3b0" }, "Version": "v0.8.0", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/sys@v0.26.0", "Name": "golang.org/x/sys", "Identifier": { "PURL": "pkg:golang/golang.org/x/sys@v0.26.0", "UID": "6d49970dbcf08fd0" }, "Version": "v0.26.0", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/term@v0.25.0", "Name": "golang.org/x/term", "Identifier": { "PURL": "pkg:golang/golang.org/x/term@v0.25.0", "UID": "3942a48f2b5a7bbf" }, "Version": "v0.25.0", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/text@v0.19.0", "Name": "golang.org/x/text", "Identifier": { "PURL": "pkg:golang/golang.org/x/text@v0.19.0", "UID": "f31ade4ee6e4a1d2" }, "Version": "v0.19.0", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/time@v0.5.0", "Name": "golang.org/x/time", "Identifier": { "PURL": "pkg:golang/golang.org/x/time@v0.5.0", "UID": "a07f0543ae051ae9" }, "Version": "v0.5.0", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "gomodules.xyz/jsonpatch/v2@v2.4.0", "Name": "gomodules.xyz/jsonpatch/v2", "Identifier": { "PURL": "pkg:golang/gomodules.xyz/jsonpatch/v2@v2.4.0", "UID": "608bfbe0f5f9c0e7" }, "Version": "v2.4.0", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/protobuf@v1.35.1", "Name": "google.golang.org/protobuf", "Identifier": { "PURL": "pkg:golang/google.golang.org/protobuf@v1.35.1", "UID": "3ab19043fd0f4fcb" }, "Version": "v1.35.1", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/inf.v0@v0.9.1", "Name": "gopkg.in/inf.v0", "Identifier": { "PURL": "pkg:golang/gopkg.in/inf.v0@v0.9.1", "UID": "aecbe9ff65bd4707" }, "Version": "v0.9.1", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/yaml.v2@v2.4.0", "Name": "gopkg.in/yaml.v2", "Identifier": { "PURL": "pkg:golang/gopkg.in/yaml.v2@v2.4.0", "UID": "fe648cf817247a8d" }, "Version": "v2.4.0", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/yaml.v3@v3.0.1", "Name": "gopkg.in/yaml.v3", "Identifier": { "PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1", "UID": "57223ab354f48a6d" }, "Version": "v3.0.1", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/api@v0.31.4", "Name": "k8s.io/api", "Identifier": { "PURL": "pkg:golang/k8s.io/api@v0.31.4", "UID": "2ff21172aa1ca469" }, "Version": "v0.31.4", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/apiextensions-apiserver@v0.31.1", "Name": "k8s.io/apiextensions-apiserver", "Identifier": { "PURL": "pkg:golang/k8s.io/apiextensions-apiserver@v0.31.1", "UID": "e3b23220cdf65e8a" }, "Version": "v0.31.1", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/apimachinery@v0.31.4", "Name": "k8s.io/apimachinery", "Identifier": { "PURL": "pkg:golang/k8s.io/apimachinery@v0.31.4", "UID": "37f2c2aa8bfc6817" }, "Version": "v0.31.4", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/client-go@v0.31.4", "Name": "k8s.io/client-go", "Identifier": { "PURL": "pkg:golang/k8s.io/client-go@v0.31.4", "UID": "416d034f5a10c848" }, "Version": "v0.31.4", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/klog@v1.0.0", "Name": "k8s.io/klog", "Identifier": { "PURL": "pkg:golang/k8s.io/klog@v1.0.0", "UID": "17572448ac96bdf1" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/klog/v2@v2.130.1", "Name": "k8s.io/klog/v2", "Identifier": { "PURL": "pkg:golang/k8s.io/klog/v2@v2.130.1", "UID": "84d1dd02c99f9691" }, "Version": "v2.130.1", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/kube-openapi@v0.0.0-20240521193020-835d969ad83a", "Name": "k8s.io/kube-openapi", "Identifier": { "PURL": "pkg:golang/k8s.io/kube-openapi@v0.0.0-20240521193020-835d969ad83a", "UID": "2cf7784861cba350" }, "Version": "v0.0.0-20240521193020-835d969ad83a", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/utils@v0.0.0-20240711033017-18e509b52bc8", "Name": "k8s.io/utils", "Identifier": { "PURL": "pkg:golang/k8s.io/utils@v0.0.0-20240711033017-18e509b52bc8", "UID": "df70dd6b0a3c58a2" }, "Version": "v0.0.0-20240711033017-18e509b52bc8", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/controller-runtime@v0.19.3", "Name": "sigs.k8s.io/controller-runtime", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/controller-runtime@v0.19.3", "UID": "7a485c2b64e70780" }, "Version": "v0.19.3", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/json@v0.0.0-20221116044647-bc3834ca7abd", "Name": "sigs.k8s.io/json", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/json@v0.0.0-20221116044647-bc3834ca7abd", "UID": "15e184c410ae5656" }, "Version": "v0.0.0-20221116044647-bc3834ca7abd", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/structured-merge-diff/v4@v4.4.1", "Name": "sigs.k8s.io/structured-merge-diff/v4", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/structured-merge-diff/v4@v4.4.1", "UID": "303719e5681eb34a" }, "Version": "v4.4.1", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/yaml@v1.4.0", "Name": "sigs.k8s.io/yaml", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/yaml@v1.4.0", "UID": "e13ea9508618b52b" }, "Version": "v1.4.0", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "AnalyzedBy": "gobinary" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2025-22870", "VendorIDs": [ "GHSA-qxp5-gwg8-xv66" ], "PkgID": "golang.org/x/net@v0.30.0", "PkgName": "golang.org/x/net", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/net@v0.30.0", "UID": "62560f1af17e4a7" }, "InstalledVersion": "v0.30.0", "FixedVersion": "0.36.0", "Status": "fixed", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:18fce90bb5fb3db60d239b37d5648f901740f483b5f5cd2b18f116ee6f23c4c2", "Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", "Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.", "Severity": "MEDIUM", "CweIDs": [ "CWE-115" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/03/07/2", "https://access.redhat.com/security/cve/CVE-2025-22870", "https://github.com/golang/go/issues/71984", "https://go-review.googlesource.com/q/project:net", "https://go.dev/cl/654697", "https://go.dev/issue/71984", "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", "https://nvd.nist.gov/vuln/detail/CVE-2025-22870", "https://pkg.go.dev/vuln/GO-2025-3503", "https://security.netapp.com/advisory/ntap-20250509-0007", "https://security.netapp.com/advisory/ntap-20250509-0007/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-22870" ], "PublishedDate": "2025-03-12T19:15:38.31Z", "LastModifiedDate": "2026-04-16T23:16:32.86Z" }, { "VulnerabilityID": "CVE-2025-22872", "VendorIDs": [ "GHSA-vvgc-356p-c3xw" ], "PkgID": "golang.org/x/net@v0.30.0", "PkgName": "golang.org/x/net", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/net@v0.30.0", "UID": "62560f1af17e4a7" }, "InstalledVersion": "v0.30.0", "FixedVersion": "0.38.0", "Status": "fixed", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22872", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:4e2f6e53d2f5909cde76a3a4b7ecd4725bfb573a81324e9072002ee2e1f1a5dd", "Title": "golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net", "Description": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N", "V40Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22872", "https://github.com/TheDegenerateDev5150/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9", "https://github.com/advisories/GHSA-vvgc-356p-c3xw", "https://go.dev/cl/662715", "https://go.dev/issue/73070", "https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA", "https://nvd.nist.gov/vuln/detail/CVE-2025-22872", "https://pkg.go.dev/vuln/GO-2025-3595", "https://security.netapp.com/advisory/ntap-20250516-0007", "https://security.netapp.com/advisory/ntap-20250516-0007/", "https://ubuntu.com/security/notices/USN-8089-1", "https://ubuntu.com/security/notices/USN-8089-2", "https://ubuntu.com/security/notices/USN-8089-3", "https://www.cve.org/CVERecord?id=CVE-2025-22872" ], "PublishedDate": "2025-04-16T18:16:04.183Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-22868", "VendorIDs": [ "GHSA-6v2p-p543-phr9" ], "PkgID": "golang.org/x/oauth2@v0.21.0", "PkgName": "golang.org/x/oauth2", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/oauth2@v0.21.0", "UID": "ea72d8a716851a40" }, "InstalledVersion": "v0.21.0", "FixedVersion": "0.27.0", "Status": "fixed", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22868", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:aa19e3ea355d54b30a375e6b0a9b7cc03ad580e02c411484b7c4351901b02850", "Title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws", "Description": "An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.", "Severity": "HIGH", "CweIDs": [ "CWE-1286" ], "VendorSeverity": { "amazon": 3, "azure": 3, "cbl-mariner": 3, "ghsa": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22868", "https://bugzilla.redhat.com/show_bug.cgi?id=2347423", "https://bugzilla.redhat.com/show_bug.cgi?id=2348366", "https://bugzilla.redhat.com/show_bug.cgi?id=2352914", "https://bugzilla.redhat.com/show_bug.cgi?id=2354195", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22868", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27144", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30204", "https://errata.rockylinux.org/RLSA-2025:7479", "https://go.dev/cl/652155", "https://go.dev/issue/71490", "https://nvd.nist.gov/vuln/detail/CVE-2025-22868", "https://pkg.go.dev/vuln/GO-2025-3488", "https://www.cve.org/CVERecord?id=CVE-2025-22868" ], "PublishedDate": "2025-02-26T08:14:24.897Z", "LastModifiedDate": "2025-05-01T19:27:10.43Z" }, { "VulnerabilityID": "CVE-2025-68121", "VendorIDs": [ "GO-2026-4337" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "75b9fce06fbac122" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3", "Status": "fixed", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68121", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:ed7b2e1a9bdedff04bf6a466f8d4fa9be8f3f92c7821970cd5ee9a5f579fbb22", "Title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption", "Description": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.", "Severity": "CRITICAL", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 4, "cbl-mariner": 2, "nvd": 4, "oracle-oval": 3, "photon": 4, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "V3Score": 10 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "V3Score": 10 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4177", "https://access.redhat.com/security/cve/CVE-2025-68121", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-4177.html", "https://errata.rockylinux.org/RLSA-2026:4177", "https://github.com/golang/go/issues/77113", "https://go.dev/cl/737700", "https://go.dev/issue/77217", "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-68121.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-68121", "https://pkg.go.dev/vuln/GO-2026-4337", "https://www.cve.org/CVERecord?id=CVE-2025-68121" ], "PublishedDate": "2026-02-05T18:16:10.857Z", "LastModifiedDate": "2026-04-29T14:16:16.17Z" }, { "VulnerabilityID": "CVE-2025-61726", "VendorIDs": [ "GO-2026-4341" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "75b9fce06fbac122" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61726", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:1a7ff5deace5f405c9e72af926adb02663ab9e4693e6058a819073e8d8a22683", "Title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url", "Description": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 3, "cbl-mariner": 2, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4177", "https://access.redhat.com/security/cve/CVE-2025-61726", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-4177.html", "https://errata.rockylinux.org/RLSA-2026:4177", "https://go.dev/cl/736712", "https://go.dev/issue/77101", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-61726.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61726", "https://pkg.go.dev/vuln/GO-2026-4341", "https://www.cve.org/CVERecord?id=CVE-2025-61726" ], "PublishedDate": "2026-01-28T20:16:09.713Z", "LastModifiedDate": "2026-02-06T18:47:34.52Z" }, { "VulnerabilityID": "CVE-2025-61729", "VendorIDs": [ "GO-2025-4155" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "75b9fce06fbac122" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.11, 1.25.5", "Status": "fixed", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61729", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:cea3ad9ddd1aa9d5a09392da01769f7517a0b09419c5c632fc78a8c657622852", "Title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate", "Description": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 1, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:3928", "https://access.redhat.com/security/cve/CVE-2025-61729", "https://bugzilla.redhat.com/2418462", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-3928.html", "https://errata.rockylinux.org/RLSA-2026:3928", "https://go.dev/cl/725920", "https://go.dev/issue/76445", "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "https://linux.oracle.com/cve/CVE-2025-61729.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61729", "https://pkg.go.dev/vuln/GO-2025-4155", "https://www.cve.org/CVERecord?id=CVE-2025-61729" ], "PublishedDate": "2025-12-02T19:15:51.447Z", "LastModifiedDate": "2025-12-19T18:25:28.283Z" }, { "VulnerabilityID": "CVE-2026-25679", "VendorIDs": [ "GO-2026-4601" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "75b9fce06fbac122" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.8, 1.26.1", "Status": "fixed", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25679", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:a6f4c23f55339cd6ce0a0e09b52c8c33ddbee9ddb003a1ba5927cb098f3c8530", "Title": "net/url: Incorrect parsing of IPv6 host literals in net/url", "Description": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.", "Severity": "HIGH", "CweIDs": [ "CWE-425" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:9044", "https://access.redhat.com/security/cve/CVE-2026-25679", "https://bugzilla.redhat.com/2445356", "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", "https://errata.almalinux.org/9/ALSA-2026-9044.html", "https://errata.rockylinux.org/RLSA-2026:8841", "https://go.dev/cl/752180", "https://go.dev/issue/77578", "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "https://linux.oracle.com/cve/CVE-2026-25679.html", "https://linux.oracle.com/errata/ELSA-2026-9044.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", "https://pkg.go.dev/vuln/GO-2026-4601", "https://www.cve.org/CVERecord?id=CVE-2026-25679" ], "PublishedDate": "2026-03-06T22:16:00.72Z", "LastModifiedDate": "2026-04-21T14:43:03.8Z" }, { "VulnerabilityID": "CVE-2026-32280", "VendorIDs": [ "GO-2026-4947" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "75b9fce06fbac122" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b628b03eb6f10bfe73230086ec654d75afe29dc5dff589b30fe1e61c465d17a4", "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32280", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/758320", "https://go.dev/issue/78282", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32280.html", "https://linux.oracle.com/errata/ELSA-2026-16875.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", "https://pkg.go.dev/vuln/GO-2026-4947", "https://www.cve.org/CVERecord?id=CVE-2026-32280" ], "PublishedDate": "2026-04-08T02:16:03.247Z", "LastModifiedDate": "2026-04-16T19:16:42.18Z" }, { "VulnerabilityID": "CVE-2026-32281", "VendorIDs": [ "GO-2026-4946" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "75b9fce06fbac122" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:40a91455408edd29079df701a51e0eab4ada8ef1d753afaa21a2299c2495744c", "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32281", "https://go.dev/cl/758061", "https://go.dev/issue/78281", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", "https://pkg.go.dev/vuln/GO-2026-4946", "https://www.cve.org/CVERecord?id=CVE-2026-32281" ], "PublishedDate": "2026-04-08T02:16:03.35Z", "LastModifiedDate": "2026-04-16T19:15:57.75Z" }, { "VulnerabilityID": "CVE-2026-32283", "VendorIDs": [ "GO-2026-4870" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "75b9fce06fbac122" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:d5b74b3f6dbd2141d7fbd2d3a4fdeece096e19a98e4dd251fe3709b95fb9687a", "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "nvd": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32283", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763767", "https://go.dev/issue/78334", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32283.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", "https://pkg.go.dev/vuln/GO-2026-4870", "https://www.cve.org/CVERecord?id=CVE-2026-32283" ], "PublishedDate": "2026-04-08T02:16:03.58Z", "LastModifiedDate": "2026-04-16T19:12:10.54Z" }, { "VulnerabilityID": "CVE-2026-33811", "VendorIDs": [ "GO-2026-4981" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "75b9fce06fbac122" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:57dc868b1c860c0aae298e0656c4ba6be8a3d9c7a0b56ec1ddd2f9f4b101452c", "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", "Severity": "HIGH", "CweIDs": [ "CWE-415" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/767860", "https://go.dev/issue/78803", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", "https://pkg.go.dev/vuln/GO-2026-4981" ], "PublishedDate": "2026-05-07T20:16:42.77Z", "LastModifiedDate": "2026-05-12T20:23:02.333Z" }, { "VulnerabilityID": "CVE-2026-33814", "VendorIDs": [ "GO-2026-4918" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "75b9fce06fbac122" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:96d8e419e8054cfa8c7723477aa16e2ddb9705ca8ba85c2455d16e6fd6609c4c", "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", "Severity": "HIGH", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/761581", "https://go.dev/cl/761640", "https://go.dev/issue/78476", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", "https://pkg.go.dev/vuln/GO-2026-4918" ], "PublishedDate": "2026-05-07T20:16:42.88Z", "LastModifiedDate": "2026-05-13T14:41:59.52Z" }, { "VulnerabilityID": "CVE-2026-39820", "VendorIDs": [ "GO-2026-4986" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "75b9fce06fbac122" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:ad2b5a38c1e64253f6fbd883a1ff5266b7180a5db94eacb98b465b13b4dfbe17", "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/759940", "https://go.dev/issue/78566", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", "https://pkg.go.dev/vuln/GO-2026-4986" ], "PublishedDate": "2026-05-07T20:16:43.187Z", "LastModifiedDate": "2026-05-13T15:10:58.65Z" }, { "VulnerabilityID": "CVE-2026-39836", "VendorIDs": [ "GO-2026-4971" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "75b9fce06fbac122" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:d306a1bef8c3609b28ce7963a1e4c82ed6e80337f4e0ebe9be6dad0d04991764", "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/775320", "https://go.dev/issue/79006", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", "https://pkg.go.dev/vuln/GO-2026-4971" ], "PublishedDate": "2026-05-07T20:16:43.593Z", "LastModifiedDate": "2026-05-13T15:11:10.31Z" }, { "VulnerabilityID": "CVE-2026-42499", "VendorIDs": [ "GO-2026-4977" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "75b9fce06fbac122" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:2cbb060e729cfc979f83fc19d9748cfaf97537814a14b59bae99398508c8936b", "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", "Severity": "HIGH", "VendorSeverity": { "bitnami": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/771520", "https://go.dev/issue/78987", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", "https://pkg.go.dev/vuln/GO-2026-4977" ], "PublishedDate": "2026-05-07T20:16:44.54Z", "LastModifiedDate": "2026-05-13T16:59:17.563Z" }, { "VulnerabilityID": "CVE-2024-45336", "VendorIDs": [ "GO-2025-3420" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "75b9fce06fbac122" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.22.11, 1.23.5, 1.24.0-rc.2", "Status": "fixed", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-45336", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:9f56dff53196874fed2e12906d1ca3924373744db38ed097da1b8acda60611c8", "Title": "golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect", "Description": "The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "bitnami": 2, "cbl-mariner": 3, "oracle-oval": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:3772", "https://access.redhat.com/security/cve/CVE-2024-45336", "https://bugzilla.redhat.com/2341750", "https://bugzilla.redhat.com/2341751", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", "https://errata.almalinux.org/8/ALSA-2025-3772.html", "https://errata.rockylinux.org/RLSA-2025:3773", "https://github.com/golang/go/issues/70530", "https://go.dev/cl/643100", "https://go.dev/issue/70530", "https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI", "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ", "https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ", "https://linux.oracle.com/cve/CVE-2024-45336.html", "https://linux.oracle.com/errata/ELSA-2025-7592.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-45336", "https://pkg.go.dev/vuln/GO-2025-3420", "https://security.netapp.com/advisory/ntap-20250221-0003/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2024-45336" ], "PublishedDate": "2025-01-28T02:15:28.807Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-0913", "VendorIDs": [ "GO-2025-3750" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "75b9fce06fbac122" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.23.10, 1.24.4", "Status": "fixed", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:6481f0d806780b7b2caebfa029af68e9e80a73b5ac722f04608bc2294a434353", "Title": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", "Description": "os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 } }, "References": [ "https://go.dev/cl/672396", "https://go.dev/issue/73702", "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "https://nvd.nist.gov/vuln/detail/CVE-2025-0913", "https://pkg.go.dev/vuln/GO-2025-3750" ], "PublishedDate": "2025-06-11T18:15:24.627Z", "LastModifiedDate": "2025-08-08T14:53:03.55Z" }, { "VulnerabilityID": "CVE-2025-22866", "VendorIDs": [ "GO-2025-3447" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "75b9fce06fbac122" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.22.12, 1.23.6, 1.24.0-rc.3", "Status": "fixed", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22866", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:5f3ee0a3ece6d9afb820ac6bbc5622d597e748b9c4b67dbecc157f29d2184071", "Title": "crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec", "Description": "Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.", "Severity": "MEDIUM", "VendorSeverity": { "bitnami": 2, "oracle-oval": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22866", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", "https://errata.rockylinux.org/RLSA-2025:3773", "https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12)", "https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6)", "https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3)", "https://github.com/golang/go/issues/71383", "https://go.dev/cl/643735", "https://go.dev/issue/71383", "https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k", "https://linux.oracle.com/cve/CVE-2025-22866.html", "https://linux.oracle.com/errata/ELSA-2025-7466.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-22866", "https://pkg.go.dev/vuln/GO-2025-3447", "https://security.netapp.com/advisory/ntap-20250221-0002/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-22866" ], "PublishedDate": "2025-02-06T17:15:21.41Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-22870", "VendorIDs": [ "GHSA-qxp5-gwg8-xv66", "GO-2025-3503" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "75b9fce06fbac122" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.23.7, 1.24.1", "Status": "fixed", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:22222297d6c92e04064070fd63559e430d66def94014d583945271bd69d081c0", "Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", "Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.", "Severity": "MEDIUM", "CweIDs": [ "CWE-115" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/03/07/2", "https://access.redhat.com/security/cve/CVE-2025-22870", "https://github.com/golang/go/issues/71984", "https://go-review.googlesource.com/q/project:net", "https://go.dev/cl/654697", "https://go.dev/issue/71984", "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", "https://nvd.nist.gov/vuln/detail/CVE-2025-22870", "https://pkg.go.dev/vuln/GO-2025-3503", "https://security.netapp.com/advisory/ntap-20250509-0007", "https://security.netapp.com/advisory/ntap-20250509-0007/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-22870" ], "PublishedDate": "2025-03-12T19:15:38.31Z", "LastModifiedDate": "2026-04-16T23:16:32.86Z" }, { "VulnerabilityID": "CVE-2025-22871", "VendorIDs": [ "GO-2025-3563" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "75b9fce06fbac122" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.23.8, 1.24.2", "Status": "fixed", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22871", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:a8f5fec3127cff0a5901336344e53ac0b6378cf19cd6d79e0712a29db2c9a63f", "Title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http", "Description": "The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 4, "cbl-mariner": 3, "ghsa": 4, "oracle-oval": 2, "photon": 4, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/04/4", "https://access.redhat.com/errata/RHSA-2025:9635", "https://access.redhat.com/security/cve/CVE-2025-22871", "https://bugzilla.redhat.com/2358493", "https://bugzilla.redhat.com/show_bug.cgi?id=2358493", "https://cert-portal.siemens.com/productcert/html/ssa-783943.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871", "https://errata.almalinux.org/9/ALSA-2025-9635.html", "https://errata.rockylinux.org/RLSA-2025:9635", "https://github.com/roadrunner-server/roadrunner", "https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa", "https://github.com/roadrunner-server/roadrunner/issues/2166", "https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0", "https://go.dev/cl/652998", "https://go.dev/issue/71988", "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk", "https://linux.oracle.com/cve/CVE-2025-22871.html", "https://linux.oracle.com/errata/ELSA-2025-9845.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-22871", "https://pkg.go.dev/vuln/GO-2025-3563", "https://www.cve.org/CVERecord?id=CVE-2025-22871" ], "PublishedDate": "2025-04-08T20:15:20.183Z", "LastModifiedDate": "2026-05-12T13:16:39.897Z" }, { "VulnerabilityID": "CVE-2025-22873", "VendorIDs": [ "GO-2026-4403" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "75b9fce06fbac122" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.23.9, 1.24.3", "Status": "fixed", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22873", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:48b572e8ccf575a8a8c5f18815eef1b8288a147583c5720e4c96c4a32eb3769e", "Title": "os: os: Information disclosure via path traversal using specially crafted filenames", "Description": "It was possible to improperly access the parent directory of an os.Root by opening a filename ending in \"../\". For example, Root.Open(\"../\") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.", "Severity": "MEDIUM", "CweIDs": [ "CWE-23" ], "VendorSeverity": { "amazon": 2, "bitnami": 1, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "V3Score": 3.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/05/06/2", "https://access.redhat.com/security/cve/CVE-2025-22873", "https://go.dev/cl/670036", "https://go.dev/issue/73555", "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ", "https://nvd.nist.gov/vuln/detail/CVE-2025-22873", "https://pkg.go.dev/vuln/GO-2026-4403", "https://www.cve.org/CVERecord?id=CVE-2025-22873" ], "PublishedDate": "2026-02-04T23:15:54.22Z", "LastModifiedDate": "2026-02-10T15:16:40.057Z" }, { "VulnerabilityID": "CVE-2025-4673", "VendorIDs": [ "GO-2025-3751" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "75b9fce06fbac122" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.23.10, 1.24.4", "Status": "fixed", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c6377358f881e300d67df927c8d0eb693642bb9a134f8ea83ce13cc945490c65", "Title": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", "Description": "Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "V3Score": 6.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "V3Score": 6.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:15887", "https://access.redhat.com/security/cve/CVE-2025-4673", "https://bugzilla.redhat.com/2373305", "https://bugzilla.redhat.com/show_bug.cgi?id=2373305", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673", "https://errata.almalinux.org/9/ALSA-2025-15887.html", "https://errata.rockylinux.org/RLSA-2025:15887", "https://go.dev/cl/679257", "https://go.dev/issue/73816", "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "https://linux.oracle.com/cve/CVE-2025-4673.html", "https://linux.oracle.com/errata/ELSA-2025-10677.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-4673", "https://pkg.go.dev/vuln/GO-2025-3751", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-4673" ], "PublishedDate": "2025-06-11T17:15:42.993Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-47906", "VendorIDs": [ "GO-2025-3956" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "75b9fce06fbac122" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.23.12, 1.24.6", "Status": "fixed", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f691d9c06713ce8a674c3504b7d107e84273236ca11ab408e5c5464777b2836f", "Title": "os/exec: Unexpected paths returned from LookPath in os/exec", "Description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/08/06/1", "https://access.redhat.com/errata/RHSA-2025:22005", "https://access.redhat.com/security/cve/CVE-2025-47906", "https://bugzilla.redhat.com/2396546", "https://bugzilla.redhat.com/show_bug.cgi?id=2396546", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906", "https://errata.almalinux.org/9/ALSA-2025-22005.html", "https://errata.rockylinux.org/RLSA-2025:22005", "https://go.dev/cl/691775", "https://go.dev/issue/74466", "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", "https://linux.oracle.com/cve/CVE-2025-47906.html", "https://linux.oracle.com/errata/ELSA-2025-22668.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-47906", "https://pkg.go.dev/vuln/GO-2025-3956", "https://www.cve.org/CVERecord?id=CVE-2025-47906" ], "PublishedDate": "2025-09-18T19:15:37.66Z", "LastModifiedDate": "2026-01-27T19:56:17.707Z" }, { "VulnerabilityID": "CVE-2025-47907", "VendorIDs": [ "GO-2025-3849" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "75b9fce06fbac122" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.23.12, 1.24.6", "Status": "fixed", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:8bea06ed0390511ce5e7085e0c71dbb85a91f9b4c0be60bd6f6f1aaef37efde2", "Title": "database/sql: Postgres Scan Race Condition", "Description": "Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "V3Score": 7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/08/06/1", "https://access.redhat.com/errata/RHSA-2025:20909", "https://access.redhat.com/security/cve/CVE-2025-47907", "https://bugzilla.redhat.com/2387083", "https://bugzilla.redhat.com/2393152", "https://errata.almalinux.org/9/ALSA-2025-20909.html", "https://go.dev/cl/693735", "https://go.dev/issue/74831", "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", "https://linux.oracle.com/cve/CVE-2025-47907.html", "https://linux.oracle.com/errata/ELSA-2025-20983.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-47907", "https://pkg.go.dev/vuln/GO-2025-3849", "https://www.cve.org/CVERecord?id=CVE-2025-47907" ], "PublishedDate": "2025-08-07T16:15:30.357Z", "LastModifiedDate": "2026-01-29T19:11:50.67Z" }, { "VulnerabilityID": "CVE-2025-47912", "VendorIDs": [ "GO-2025-4010" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "75b9fce06fbac122" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47912", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:9b94e718368daf9c8d9a0da7270976925b6ea7f146618bad7ab94ed2220dfdab", "Title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url", "Description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-47912", "https://go.dev/cl/709857", "https://go.dev/issue/75678", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-47912", "https://pkg.go.dev/vuln/GO-2025-4010", "https://www.cve.org/CVERecord?id=CVE-2025-47912" ], "PublishedDate": "2025-10-29T23:16:18.187Z", "LastModifiedDate": "2026-01-29T13:57:18.69Z" }, { "VulnerabilityID": "CVE-2025-58183", "VendorIDs": [ "GO-2025-4014" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "75b9fce06fbac122" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58183", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:8270aaab59505d131d572bbcd7aafe4c5b2da3224d1444d56189a25e4ba57cc9", "Title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map", "Description": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/errata/RHSA-2026:1381", "https://access.redhat.com/security/cve/CVE-2025-58183", "https://bugzilla.redhat.com/2407258", "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", "https://errata.almalinux.org/9/ALSA-2026-1381.html", "https://errata.rockylinux.org/RLSA-2025:23326", "https://go.dev/cl/709861", "https://go.dev/issue/75677", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://linux.oracle.com/cve/CVE-2025-58183.html", "https://linux.oracle.com/errata/ELSA-2026-50076.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-58183", "https://pkg.go.dev/vuln/GO-2025-4014", "https://www.cve.org/CVERecord?id=CVE-2025-58183" ], "PublishedDate": "2025-10-29T23:16:19.357Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-58185", "VendorIDs": [ "GO-2025-4011" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "75b9fce06fbac122" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58185", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:d88a48801304969cdabf96b43ce16047d86d21da62c883ad3ac722cef996e70e", "Title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1", "Description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58185", "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd", "https://go.dev/cl/709856", "https://go.dev/issue/75671", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58185", "https://pkg.go.dev/vuln/GO-2025-4011", "https://www.cve.org/CVERecord?id=CVE-2025-58185" ], "PublishedDate": "2025-10-29T23:16:19.45Z", "LastModifiedDate": "2026-02-06T20:26:41.997Z" }, { "VulnerabilityID": "CVE-2025-58187", "VendorIDs": [ "GO-2025-4007" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "75b9fce06fbac122" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.9, 1.25.3", "Status": "fixed", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58187", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:de27bedbf9f9a6a7de03235126ee703c69ac9db6dc5b0967da01e7e0106cb75f", "Title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509", "Description": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.", "Severity": "MEDIUM", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58187", "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4", "https://go.dev/cl/709854", "https://go.dev/issue/75681", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58187", "https://pkg.go.dev/vuln/GO-2025-4007", "https://www.cve.org/CVERecord?id=CVE-2025-58187" ], "PublishedDate": "2025-10-29T23:16:19.643Z", "LastModifiedDate": "2026-01-29T16:02:27.08Z" }, { "VulnerabilityID": "CVE-2025-58188", "VendorIDs": [ "GO-2025-4013" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "75b9fce06fbac122" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58188", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f9bd828b02a1511583bc8ad386afc98f5de6da5eee69a6c9045c6639b781ff64", "Title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509", "Description": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58188", "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9", "https://go.dev/cl/709853", "https://go.dev/issue/75675", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58188", "https://pkg.go.dev/vuln/GO-2025-4013", "https://www.cve.org/CVERecord?id=CVE-2025-58188" ], "PublishedDate": "2025-10-29T23:16:19.74Z", "LastModifiedDate": "2026-01-29T15:55:11.97Z" }, { "VulnerabilityID": "CVE-2025-58189", "VendorIDs": [ "GO-2025-4008" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "75b9fce06fbac122" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58189", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:a9858d4e81eec0b51ff0220e6ebfcb34c4ef9825fc9b37d8800fac68dfc4d5ff", "Title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information", "Description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", "Severity": "MEDIUM", "CweIDs": [ "CWE-532" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58189", "https://go.dev/cl/707776", "https://go.dev/issue/75652", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58189", "https://pkg.go.dev/vuln/GO-2025-4008", "https://www.cve.org/CVERecord?id=CVE-2025-58189" ], "PublishedDate": "2025-10-29T23:16:19.833Z", "LastModifiedDate": "2026-01-29T15:49:24.543Z" }, { "VulnerabilityID": "CVE-2025-61723", "VendorIDs": [ "GO-2025-4009" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "75b9fce06fbac122" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61723", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:71827ca2dbb4a70c906dbdc1fc61cbb310b738614c8b235a3d6636d526b80d21", "Title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem", "Description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61723", "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b", "https://go.dev/cl/709858", "https://go.dev/issue/75676", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61723", "https://pkg.go.dev/vuln/GO-2025-4009", "https://www.cve.org/CVERecord?id=CVE-2025-61723" ], "PublishedDate": "2025-10-29T23:16:19.927Z", "LastModifiedDate": "2026-01-29T15:49:05.343Z" }, { "VulnerabilityID": "CVE-2025-61724", "VendorIDs": [ "GO-2025-4015" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "75b9fce06fbac122" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61724", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:099192d8b992cbed4323a3cbf13f125bef85276d23d2b46e3bc4ec4ee98d9a25", "Title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto", "Description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61724", "https://go.dev/cl/709859", "https://go.dev/issue/75716", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61724", "https://pkg.go.dev/vuln/GO-2025-4015", "https://www.cve.org/CVERecord?id=CVE-2025-61724" ], "PublishedDate": "2025-10-29T23:16:20.02Z", "LastModifiedDate": "2026-01-29T15:30:53.69Z" }, { "VulnerabilityID": "CVE-2025-61725", "VendorIDs": [ "GO-2025-4006" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "75b9fce06fbac122" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61725", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:6ef8f85f21f91a41d4e12c007346a95136a8529ff0a2544136a945c0e649f0e2", "Title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail", "Description": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61725", "https://go.dev/cl/709860", "https://go.dev/issue/75680", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61725", "https://pkg.go.dev/vuln/GO-2025-4006", "https://www.cve.org/CVERecord?id=CVE-2025-61725" ], "PublishedDate": "2025-10-29T23:16:20.113Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-61727", "VendorIDs": [ "GO-2025-4175" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "75b9fce06fbac122" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.11, 1.25.5", "Status": "fixed", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61727", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f88222de178935db29db47551f291b98a8fa8e9bec0398544ecf3f2c3e5bdfb6", "Title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs", "Description": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-61727", "https://go.dev/cl/723900", "https://go.dev/issue/76442", "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "https://nvd.nist.gov/vuln/detail/CVE-2025-61727", "https://pkg.go.dev/vuln/GO-2025-4175", "https://www.cve.org/CVERecord?id=CVE-2025-61727" ], "PublishedDate": "2025-12-03T20:16:25.607Z", "LastModifiedDate": "2025-12-18T20:15:10.957Z" }, { "VulnerabilityID": "CVE-2025-61728", "VendorIDs": [ "GO-2026-4342" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "75b9fce06fbac122" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61728", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:ece9ad0c48168e304f69d6a613cd86e4cd22dd9ac0176c9ccd6c000d64c434c7", "Title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip", "Description": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/15/4", "https://access.redhat.com/errata/RHSA-2026:3753", "https://access.redhat.com/security/cve/CVE-2025-61728", "https://bugzilla.redhat.com/2418462", "https://bugzilla.redhat.com/2434431", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", "https://bugzilla.redhat.com/show_bug.cgi?id=2434431", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-3753.html", "https://errata.rockylinux.org/RLSA-2026:3337", "https://go.dev/cl/736713", "https://go.dev/issue/77102", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-61728.html", "https://linux.oracle.com/errata/ELSA-2026-4672.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61728", "https://pkg.go.dev/vuln/GO-2026-4342", "https://www.cve.org/CVERecord?id=CVE-2025-61728" ], "PublishedDate": "2026-01-28T20:16:09.83Z", "LastModifiedDate": "2026-02-06T18:45:10.42Z" }, { "VulnerabilityID": "CVE-2025-61730", "VendorIDs": [ "GO-2026-4340" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "75b9fce06fbac122" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61730", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:dcaea82e35bbdf6fa7661c7d5e383d2feab4d33389fb575e2c03d93eb9d4e5c5", "Title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls", "Description": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 2, "azure": 1, "bitnami": 2, "cbl-mariner": 1, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-61730", "https://go.dev/cl/724120", "https://go.dev/issue/76443", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://nvd.nist.gov/vuln/detail/CVE-2025-61730", "https://pkg.go.dev/vuln/GO-2026-4340", "https://www.cve.org/CVERecord?id=CVE-2025-61730" ], "PublishedDate": "2026-01-28T20:16:09.94Z", "LastModifiedDate": "2026-02-03T20:36:41.3Z" }, { "VulnerabilityID": "CVE-2026-27142", "VendorIDs": [ "GO-2026-4603" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "75b9fce06fbac122" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.8, 1.26.1", "Status": "fixed", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27142", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:7e22f42d64c7eb103726cee18598ab59ad3e82e885209c8ef64dde2c6d4b572c", "Title": "html/template: URLs in meta content attribute actions are not escaped in html/template", "Description": "Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27142", "https://go.dev/cl/752081", "https://go.dev/issue/77954", "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "https://nvd.nist.gov/vuln/detail/CVE-2026-27142", "https://pkg.go.dev/vuln/GO-2026-4603", "https://www.cve.org/CVERecord?id=CVE-2026-27142" ], "PublishedDate": "2026-03-06T22:16:01.177Z", "LastModifiedDate": "2026-04-21T14:30:01.38Z" }, { "VulnerabilityID": "CVE-2026-32282", "VendorIDs": [ "GO-2026-4864" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "75b9fce06fbac122" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:9609e2c648d4d6509fec78f6407b60b04bd86370fbc7c27ce661595f7738e35b", "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32282", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763761", "https://go.dev/issue/78293", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32282.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", "https://pkg.go.dev/vuln/GO-2026-4864", "https://www.cve.org/CVERecord?id=CVE-2026-32282" ], "PublishedDate": "2026-04-08T02:16:03.467Z", "LastModifiedDate": "2026-04-16T19:15:39.4Z" }, { "VulnerabilityID": "CVE-2026-32288", "VendorIDs": [ "GO-2026-4869" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "75b9fce06fbac122" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:87a03bed7e97063b96220dfd5030d9c76c2f7b1ffb3730be3fdfd7e8ebeceaf4", "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "azure": 2, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32288", "https://go.dev/cl/763766", "https://go.dev/issue/78301", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", "https://pkg.go.dev/vuln/GO-2026-4869", "https://www.cve.org/CVERecord?id=CVE-2026-32288" ], "PublishedDate": "2026-04-08T02:16:03.707Z", "LastModifiedDate": "2026-04-16T19:08:52.24Z" }, { "VulnerabilityID": "CVE-2026-32289", "VendorIDs": [ "GO-2026-4865" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "75b9fce06fbac122" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:51060211f1844d15dcf2c9c0d392c316220bd6c3f9d63f371c12f5be7e752f1d", "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32289", "https://go.dev/cl/763762", "https://go.dev/issue/78331", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", "https://pkg.go.dev/vuln/GO-2026-4865", "https://www.cve.org/CVERecord?id=CVE-2026-32289" ], "PublishedDate": "2026-04-08T02:16:03.82Z", "LastModifiedDate": "2026-04-16T19:06:57.367Z" }, { "VulnerabilityID": "CVE-2026-39823", "VendorIDs": [ "GO-2026-4982" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "75b9fce06fbac122" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f70fea5d5201f6e3b387edd9b1cbbb95cf29b2ab57a525297069f2476fbb7d1d", "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/769920", "https://go.dev/issue/78913", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", "https://pkg.go.dev/vuln/GO-2026-4982" ], "PublishedDate": "2026-05-07T20:16:43.29Z", "LastModifiedDate": "2026-05-13T16:58:45.697Z" }, { "VulnerabilityID": "CVE-2026-39825", "VendorIDs": [ "GO-2026-4976" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "75b9fce06fbac122" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:40ac66572eb4a9711c4eeee5871114bd5d090d31fe768de6c00f01019ca91d86", "Title": "ReverseProxy can forward queries containing parameters not visible to ...", "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", "Severity": "MEDIUM", "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://go.dev/cl/770541", "https://go.dev/issue/78948", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", "https://pkg.go.dev/vuln/GO-2026-4976" ], "PublishedDate": "2026-05-07T20:16:43.39Z", "LastModifiedDate": "2026-05-13T16:58:56.39Z" }, { "VulnerabilityID": "CVE-2026-39826", "VendorIDs": [ "GO-2026-4980" ], "PkgID": "stdlib@v1.22.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.22.7", "UID": "75b9fce06fbac122" }, "InstalledVersion": "v1.22.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:45988054d609f346c162891a1ad4c7d83b8758b5742cf316a8839e507e103c7b", "DiffID": "sha256:c1a0e3cf00fcbc523de1df1d2a15f58aa3dc0341674edee750bcd3c1b800cae0" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:335ed88394a0846dafc5157ed262a1eb25d87f888725955e7be6483da04abc98", "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", "Severity": "MEDIUM", "CweIDs": [ "CWE-116" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/771180", "https://go.dev/issue/78981", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", "https://pkg.go.dev/vuln/GO-2026-4980" ], "PublishedDate": "2026-05-07T20:16:43.49Z", "LastModifiedDate": "2026-05-13T16:59:07.48Z" } ] } ] }, { "Namespace": "gitea", "Kind": "CronJob", "Name": "gitea-backup", "Metadata": [ { "Size": 59774464, "OS": { "Family": "alpine", "Name": "3.17.0", "EOSL": true }, "ImageID": "sha256:465689cd5f3a7c6709efcc91fb5418249674d1aedbe23e6bed3c1e2ee2fb1627", "DiffIDs": [ "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf", "sha256:62e842859b7236f68a494bb2ccc03b4ada62270c8410cd26cb1c2586c5cdd4d7", "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779", "sha256:6823946f0ba7ae98d1587bb23122ee932bc17f32bb56cef6016883628c19b0f0", "sha256:b4b66d1ee6ce658c9408aba14a7876cefb24449f6f48ea33ddbf85f051843b48" ], "RepoTags": [ "rclone/rclone:1.61.1" ], "RepoDigests": [ "rclone/rclone@sha256:bdda91757fbcb10c857417f442ed13518ac292703c9dca42d8399f5f88e2da6c" ], "Reference": "rclone/rclone:1.61.1", "ImageConfig": { "architecture": "amd64", "created": "2022-12-23T18:30:20.435655422Z", "history": [ { "created": "2022-11-22T22:19:28.870801855Z", "created_by": "/bin/sh -c #(nop) ADD file:587cae71969871d3c6456d844a8795df9b64b12c710c275295a1182b46f630e7 in / " }, { "created": "2022-11-22T22:19:29.008562326Z", "created_by": "/bin/sh -c #(nop) CMD [\"/bin/sh\"]", "empty_layer": true }, { "created": "2022-12-23T18:21:20.552610746Z", "created_by": "RUN /bin/sh -c apk --no-cache add ca-certificates fuse tzdata \u0026\u0026 echo \"user_allow_other\" \u003e\u003e /etc/fuse.conf # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2022-12-23T18:30:20.174824107Z", "created_by": "COPY /go/src/github.com/rclone/rclone/rclone /usr/local/bin/ # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2022-12-23T18:30:20.421025837Z", "created_by": "RUN /bin/sh -c addgroup -g 1009 rclone \u0026\u0026 adduser -u 1009 -Ds /bin/sh -G rclone rclone # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2022-12-23T18:30:20.435655422Z", "created_by": "ENTRYPOINT [\"rclone\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2022-12-23T18:30:20.435655422Z", "created_by": "WORKDIR /data", "comment": "buildkit.dockerfile.v0" }, { "created": "2022-12-23T18:30:20.435655422Z", "created_by": "ENV XDG_CONFIG_HOME=/config", "comment": "buildkit.dockerfile.v0", "empty_layer": true } ], "os": "linux", "rootfs": { "type": "layers", "diff_ids": [ "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf", "sha256:62e842859b7236f68a494bb2ccc03b4ada62270c8410cd26cb1c2586c5cdd4d7", "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779", "sha256:6823946f0ba7ae98d1587bb23122ee932bc17f32bb56cef6016883628c19b0f0", "sha256:b4b66d1ee6ce658c9408aba14a7876cefb24449f6f48ea33ddbf85f051843b48" ] }, "config": { "Entrypoint": [ "rclone" ], "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "XDG_CONFIG_HOME=/config" ], "WorkingDir": "/data" } }, "Layers": [ { "Size": 7337984, "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, { "Size": 3042816, "Digest": "sha256:218554a38a3b1cfdc7e018c6611c9fac89e96e5c509a1472cd144154c6a96786", "DiffID": "sha256:62e842859b7236f68a494bb2ccc03b4ada62270c8410cd26cb1c2586c5cdd4d7" }, { "Size": 49380352, "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, { "Size": 11776, "Digest": "sha256:8ca9a3048278c27e08bbccd3670f2c5caff0128842689a9c86ed1fb0f9ce1cc9", "DiffID": "sha256:6823946f0ba7ae98d1587bb23122ee932bc17f32bb56cef6016883628c19b0f0" }, { "Size": 1536, "Digest": "sha256:109cd48fac6cc902363d1ab766beec1fc3e4c2c95a1e7a7cde7f3407c18b3af3", "DiffID": "sha256:b4b66d1ee6ce658c9408aba14a7876cefb24449f6f48ea33ddbf85f051843b48" } ] } ], "Results": [ { "Target": "rclone/rclone:1.61.1 (alpine 3.17.0)", "Class": "os-pkgs", "Type": "alpine", "Packages": [ { "ID": "alpine-baselayout@3.4.0-r0", "Name": "alpine-baselayout", "Identifier": { "PURL": "pkg:apk/alpine/alpine-baselayout@3.4.0-r0?arch=x86_64\u0026distro=3.17.0", "UID": "30c2f9800d728f28" }, "Version": "3.4.0-r0", "Arch": "x86_64", "SrcName": "alpine-baselayout", "SrcVersion": "3.4.0-r0", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "alpine-baselayout-data@3.4.0-r0", "busybox-binsh@1.35.0-r29" ], "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "Digest": "sha1:fde5df99b613d565de9c54aa2a3ae86322bce0d1", "InstalledFiles": [ "etc/motd", "etc/crontabs/root", "etc/modprobe.d/aliases.conf", "etc/modprobe.d/blacklist.conf", "etc/modprobe.d/i386.conf", "etc/modprobe.d/kms.conf", "etc/profile.d/README", "etc/profile.d/color_prompt.sh.disabled", "etc/profile.d/locale.sh", "lib/sysctl.d/00-alpine.conf", "var/run", "var/spool/mail", "var/spool/cron/crontabs" ], "AnalyzedBy": "apk" }, { "ID": "alpine-baselayout-data@3.4.0-r0", "Name": "alpine-baselayout-data", "Identifier": { "PURL": "pkg:apk/alpine/alpine-baselayout-data@3.4.0-r0?arch=x86_64\u0026distro=3.17.0", "UID": "e51ffe20d7623a8b" }, "Version": "3.4.0-r0", "Arch": "x86_64", "SrcName": "alpine-baselayout", "SrcVersion": "3.4.0-r0", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "Digest": "sha1:fc982933c27a0d623fe78d6d517fae1c4cd28eaa", "InstalledFiles": [ "etc/fstab", "etc/group", "etc/hostname", "etc/hosts", "etc/inittab", "etc/modules", "etc/mtab", "etc/nsswitch.conf", "etc/passwd", "etc/profile", "etc/protocols", "etc/services", "etc/shadow", "etc/shells", "etc/sysctl.conf" ], "AnalyzedBy": "apk" }, { "ID": "alpine-keys@2.4-r1", "Name": "alpine-keys", "Identifier": { "PURL": "pkg:apk/alpine/alpine-keys@2.4-r1?arch=x86_64\u0026distro=3.17.0", "UID": "3164c80d593e4cb3" }, "Version": "2.4-r1", "Arch": "x86_64", "SrcName": "alpine-keys", "SrcVersion": "2.4-r1", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "Digest": "sha1:28cd3595f295a7e804667db76b0ba3aa34a4acdf", "InstalledFiles": [ "etc/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", "usr/share/apk/keys/mips64/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub" ], "AnalyzedBy": "apk" }, { "ID": "apk-tools@2.12.10-r1", "Name": "apk-tools", "Identifier": { "PURL": "pkg:apk/alpine/apk-tools@2.12.10-r1?arch=x86_64\u0026distro=3.17.0", "UID": "5b5afd5889ede5eb" }, "Version": "2.12.10-r1", "Arch": "x86_64", "SrcName": "apk-tools", "SrcVersion": "2.12.10-r1", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "ca-certificates-bundle@20220614-r2", "libcrypto3@3.0.7-r0", "libssl3@3.0.7-r0", "musl@1.2.3-r4", "zlib@1.2.13-r0" ], "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "Digest": "sha1:11fde2c2df9c31d1a780481a16bd944482612b34", "InstalledFiles": [ "lib/libapk.so.3.12.0", "sbin/apk" ], "AnalyzedBy": "apk" }, { "ID": "busybox@1.35.0-r29", "Name": "busybox", "Identifier": { "PURL": "pkg:apk/alpine/busybox@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", "UID": "63663e79f1d78cba" }, "Version": "1.35.0-r29", "Arch": "x86_64", "SrcName": "busybox", "SrcVersion": "1.35.0-r29", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", "DependsOn": [ "musl@1.2.3-r4" ], "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "Digest": "sha1:34ddeca74cabf7d6ed472b2ab72de7414ad61da6", "InstalledFiles": [ "bin/busybox", "etc/securetty", "etc/udhcpd.conf", "etc/logrotate.d/acpid", "etc/network/if-up.d/dad", "usr/share/udhcpc/default.script" ], "AnalyzedBy": "apk" }, { "ID": "busybox-binsh@1.35.0-r29", "Name": "busybox-binsh", "Identifier": { "PURL": "pkg:apk/alpine/busybox-binsh@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", "UID": "45c394fb49457fb2" }, "Version": "1.35.0-r29", "Arch": "x86_64", "SrcName": "busybox", "SrcVersion": "1.35.0-r29", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", "DependsOn": [ "busybox@1.35.0-r29" ], "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "Digest": "sha1:9a25b0ca158a5d51224582e1980ad5d5328cb3a0", "InstalledFiles": [ "bin/sh" ], "AnalyzedBy": "apk" }, { "ID": "ca-certificates@20220614-r3", "Name": "ca-certificates", "Identifier": { "PURL": "pkg:apk/alpine/ca-certificates@20220614-r3?arch=x86_64\u0026distro=3.17.0", "UID": "2cf7b443ea323e5e" }, "Version": "20220614-r3", "Arch": "x86_64", "SrcName": "ca-certificates", "SrcVersion": "20220614-r3", "Licenses": [ "MPL-2.0", "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "busybox-binsh@1.35.0-r29", "libcrypto3@3.0.7-r0", "musl@1.2.3-r4" ], "Layer": { "Digest": "sha256:218554a38a3b1cfdc7e018c6611c9fac89e96e5c509a1472cd144154c6a96786", "DiffID": "sha256:62e842859b7236f68a494bb2ccc03b4ada62270c8410cd26cb1c2586c5cdd4d7" }, "Digest": "sha1:54e1755c00b5cceca1c08c2f40e448bdca0265e8", "InstalledFiles": [ "etc/ca-certificates.conf", "etc/apk/protected_paths.d/ca-certificates.list", "etc/ca-certificates/update.d/certhash", "usr/bin/c_rehash", "usr/sbin/update-ca-certificates", "usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt", "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt", "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt", "usr/share/ca-certificates/mozilla/ANF_Secure_Server_Root_CA.crt", "usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt", "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt", "usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt", "usr/share/ca-certificates/mozilla/Baltimore_CyberTrust_Root.crt", "usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt", "usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt", "usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt", "usr/share/ca-certificates/mozilla/CFCA_EV_ROOT.crt", "usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Certainly_Root_E1.crt", "usr/share/ca-certificates/mozilla/Certainly_Root_R1.crt", "usr/share/ca-certificates/mozilla/Certigna.crt", "usr/share/ca-certificates/mozilla/Certigna_Root_CA.crt", "usr/share/ca-certificates/mozilla/Certum_EC-384_CA.crt", "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt", "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt", "usr/share/ca-certificates/mozilla/Certum_Trusted_Root_CA.crt", "usr/share/ca-certificates/mozilla/Comodo_AAA_Services_root.crt", "usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_1_2020.crt", "usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_1_2020.crt", "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt", "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt", "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt", "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt", "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt", "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt", "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt", "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt", "usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt", "usr/share/ca-certificates/mozilla/DigiCert_TLS_ECC_P384_Root_G5.crt", "usr/share/ca-certificates/mozilla/DigiCert_TLS_RSA4096_Root_G5.crt", "usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt", "usr/share/ca-certificates/mozilla/E-Tugra_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/E-Tugra_Global_Root_CA_ECC_v3.crt", "usr/share/ca-certificates/mozilla/E-Tugra_Global_Root_CA_RSA_v3.crt", "usr/share/ca-certificates/mozilla/EC-ACC.crt", "usr/share/ca-certificates/mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt", "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt", "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G4.crt", "usr/share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt", "usr/share/ca-certificates/mozilla/GLOBALTRUST_2020.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R1.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R2.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R3.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R4.crt", "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt", "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_E46.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_R46.crt", "usr/share/ca-certificates/mozilla/Go_Daddy_Class_2_CA.crt", "usr/share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/HARICA_TLS_ECC_Root_CA_2021.crt", "usr/share/ca-certificates/mozilla/HARICA_TLS_RSA_Root_CA_2021.crt", "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt", "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt", "usr/share/ca-certificates/mozilla/HiPKI_Root_CA_-_G1.crt", "usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_1.crt", "usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt", "usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt", "usr/share/ca-certificates/mozilla/ISRG_Root_X2.crt", "usr/share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt", "usr/share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt", "usr/share/ca-certificates/mozilla/Izenpe.com.crt", "usr/share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt", "usr/share/ca-certificates/mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt", "usr/share/ca-certificates/mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt", "usr/share/ca-certificates/mozilla/NAVER_Global_Root_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt", "usr/share/ca-certificates/mozilla/Network_Solutions_Certificate_Authority.crt", "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt", "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt", "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt", "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt", "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt", "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt", "usr/share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt", "usr/share/ca-certificates/mozilla/SecureSign_RootCA11.crt", "usr/share/ca-certificates/mozilla/SecureTrust_CA.crt", "usr/share/ca-certificates/mozilla/Secure_Global_CA.crt", "usr/share/ca-certificates/mozilla/Security_Communication_RootCA2.crt", "usr/share/ca-certificates/mozilla/Security_Communication_Root_CA.crt", "usr/share/ca-certificates/mozilla/Staat_der_Nederlanden_EV_Root_CA.crt", "usr/share/ca-certificates/mozilla/Starfield_Class_2_CA.crt", "usr/share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt", "usr/share/ca-certificates/mozilla/SwissSign_Silver_CA_-_G2.crt", "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt", "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt", "usr/share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt", "usr/share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt", "usr/share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt", "usr/share/ca-certificates/mozilla/Telia_Root_CA_v2.crt", "usr/share/ca-certificates/mozilla/TrustCor_ECA-1.crt", "usr/share/ca-certificates/mozilla/TrustCor_RootCert_CA-1.crt", "usr/share/ca-certificates/mozilla/TrustCor_RootCert_CA-2.crt", "usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/TunTrust_Root_CA.crt", "usr/share/ca-certificates/mozilla/UCA_Extended_Validation_Root.crt", "usr/share/ca-certificates/mozilla/UCA_Global_G2_Root.crt", "usr/share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/XRamp_Global_CA_Root.crt", "usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt", "usr/share/ca-certificates/mozilla/certSIGN_Root_CA_G2.crt", "usr/share/ca-certificates/mozilla/e-Szigno_Root_CA_2017.crt", "usr/share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_C3.crt", "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_G3.crt", "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_C1.crt", "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_G1.crt", "usr/share/ca-certificates/mozilla/vTrus_ECC_Root_CA.crt", "usr/share/ca-certificates/mozilla/vTrus_Root_CA.crt" ], "AnalyzedBy": "apk" }, { "ID": "ca-certificates-bundle@20220614-r2", "Name": "ca-certificates-bundle", "Identifier": { "PURL": "pkg:apk/alpine/ca-certificates-bundle@20220614-r2?arch=x86_64\u0026distro=3.17.0", "UID": "abbaa17475b8f0df" }, "Version": "20220614-r2", "Arch": "x86_64", "SrcName": "ca-certificates", "SrcVersion": "20220614-r2", "Licenses": [ "MPL-2.0", "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "Digest": "sha1:9e3c4b432e3820273336d5c48c732fcf81615959", "InstalledFiles": [ "etc/ssl/cert.pem", "etc/ssl/certs/ca-certificates.crt", "etc/ssl1.1/cert.pem", "etc/ssl1.1/certs" ], "AnalyzedBy": "apk" }, { "ID": "fuse@2.9.9-r2", "Name": "fuse", "Identifier": { "PURL": "pkg:apk/alpine/fuse@2.9.9-r2?arch=x86_64\u0026distro=3.17.0", "UID": "87e240d6e1600fa2" }, "Version": "2.9.9-r2", "Arch": "x86_64", "SrcName": "fuse", "SrcVersion": "2.9.9-r2", "Licenses": [ "GPL-2.0-only", "LGPL-2.1-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "fuse-common@3.12.0-r0", "musl@1.2.3-r4" ], "Layer": { "Digest": "sha256:218554a38a3b1cfdc7e018c6611c9fac89e96e5c509a1472cd144154c6a96786", "DiffID": "sha256:62e842859b7236f68a494bb2ccc03b4ada62270c8410cd26cb1c2586c5cdd4d7" }, "Digest": "sha1:db75c36ba00ca0b9e3f361b011c40ca9c28cbe8a", "InstalledFiles": [ "bin/fusermount", "bin/ulockmgr_server", "lib/udev/rules.d/99-fuse.rules", "sbin/mount.fuse", "usr/lib/libfuse.so.2", "usr/lib/libfuse.so.2.9.9", "usr/lib/libulockmgr.so.1", "usr/lib/libulockmgr.so.1.0.1" ], "AnalyzedBy": "apk" }, { "ID": "fuse-common@3.12.0-r0", "Name": "fuse-common", "Identifier": { "PURL": "pkg:apk/alpine/fuse-common@3.12.0-r0?arch=x86_64\u0026distro=3.17.0", "UID": "ee399eecaf7a9402" }, "Version": "3.12.0-r0", "Arch": "x86_64", "SrcName": "fuse3", "SrcVersion": "3.12.0-r0", "Licenses": [ "GPL-2.0-only", "LGPL-2.1-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:218554a38a3b1cfdc7e018c6611c9fac89e96e5c509a1472cd144154c6a96786", "DiffID": "sha256:62e842859b7236f68a494bb2ccc03b4ada62270c8410cd26cb1c2586c5cdd4d7" }, "Digest": "sha1:e059a354f3525151167d71a48b5f2619c12d2ec0", "InstalledFiles": [ "etc/fuse.conf" ], "AnalyzedBy": "apk" }, { "ID": "libc-utils@0.7.2-r3", "Name": "libc-utils", "Identifier": { "PURL": "pkg:apk/alpine/libc-utils@0.7.2-r3?arch=x86_64\u0026distro=3.17.0", "UID": "1b227ba5c763f776" }, "Version": "0.7.2-r3", "Arch": "x86_64", "SrcName": "libc-dev", "SrcVersion": "0.7.2-r3", "Licenses": [ "BSD-2-Clause", "BSD-3-Clause" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl-utils@1.2.3-r4" ], "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "Digest": "sha1:f46834ea904f8a21bd50df78aa5eea226b074944", "AnalyzedBy": "apk" }, { "ID": "libcrypto3@3.0.7-r0", "Name": "libcrypto3", "Identifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "Version": "3.0.7-r0", "Arch": "x86_64", "SrcName": "openssl", "SrcVersion": "3.0.7-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Ariadne Conill \u003cariadne@dereferenced.org\u003e", "DependsOn": [ "musl@1.2.3-r4" ], "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "Digest": "sha1:4e39ab0046b93ca778d0f373e8e229a3e6c1796d", "InstalledFiles": [ "etc/ssl/ct_log_list.cnf", "etc/ssl/ct_log_list.cnf.dist", "etc/ssl/openssl.cnf", "etc/ssl/openssl.cnf.dist", "etc/ssl/misc/CA.pl", "etc/ssl/misc/tsget", "etc/ssl/misc/tsget.pl", "lib/libcrypto.so.3", "usr/lib/libcrypto.so.3", "usr/lib/engines-3/afalg.so", "usr/lib/engines-3/capi.so", "usr/lib/engines-3/loader_attic.so", "usr/lib/engines-3/padlock.so", "usr/lib/ossl-modules/legacy.so" ], "AnalyzedBy": "apk" }, { "ID": "libssl3@3.0.7-r0", "Name": "libssl3", "Identifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "Version": "3.0.7-r0", "Arch": "x86_64", "SrcName": "openssl", "SrcVersion": "3.0.7-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Ariadne Conill \u003cariadne@dereferenced.org\u003e", "DependsOn": [ "libcrypto3@3.0.7-r0", "musl@1.2.3-r4" ], "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "Digest": "sha1:133e78acb5153e50229dcb89d9e0edc589eb7a4e", "InstalledFiles": [ "lib/libssl.so.3", "usr/lib/libssl.so.3" ], "AnalyzedBy": "apk" }, { "ID": "musl@1.2.3-r4", "Name": "musl", "Identifier": { "PURL": "pkg:apk/alpine/musl@1.2.3-r4?arch=x86_64\u0026distro=3.17.0", "UID": "af5f98cf83a00dc2" }, "Version": "1.2.3-r4", "Arch": "x86_64", "SrcName": "musl", "SrcVersion": "1.2.3-r4", "Licenses": [ "MIT" ], "Maintainer": "Timo Teräs \u003ctimo.teras@iki.fi\u003e", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "Digest": "sha1:3e4ef1d70a00adb0759f390c3c93ead53102c2eb", "InstalledFiles": [ "lib/ld-musl-x86_64.so.1", "lib/libc.musl-x86_64.so.1" ], "AnalyzedBy": "apk" }, { "ID": "musl-utils@1.2.3-r4", "Name": "musl-utils", "Identifier": { "PURL": "pkg:apk/alpine/musl-utils@1.2.3-r4?arch=x86_64\u0026distro=3.17.0", "UID": "69e5c84e7222babe" }, "Version": "1.2.3-r4", "Arch": "x86_64", "SrcName": "musl", "SrcVersion": "1.2.3-r4", "Licenses": [ "MIT", "BSD-2-Clause", "GPL-2.0-or-later" ], "Maintainer": "Timo Teräs \u003ctimo.teras@iki.fi\u003e", "DependsOn": [ "musl@1.2.3-r4", "scanelf@1.3.5-r1" ], "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "Digest": "sha1:65624be1ec92c7c9cf4a3175140260432bee36ce", "InstalledFiles": [ "sbin/ldconfig", "usr/bin/getconf", "usr/bin/getent", "usr/bin/iconv", "usr/bin/ldd" ], "AnalyzedBy": "apk" }, { "ID": "scanelf@1.3.5-r1", "Name": "scanelf", "Identifier": { "PURL": "pkg:apk/alpine/scanelf@1.3.5-r1?arch=x86_64\u0026distro=3.17.0", "UID": "9beb1e687687f8d6" }, "Version": "1.3.5-r1", "Arch": "x86_64", "SrcName": "pax-utils", "SrcVersion": "1.3.5-r1", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.3-r4" ], "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "Digest": "sha1:d5dc5816c1ef045033cc7183a3980e4c33490f24", "InstalledFiles": [ "usr/bin/scanelf" ], "AnalyzedBy": "apk" }, { "ID": "ssl_client@1.35.0-r29", "Name": "ssl_client", "Identifier": { "PURL": "pkg:apk/alpine/ssl_client@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", "UID": "4d574a05a4da5141" }, "Version": "1.35.0-r29", "Arch": "x86_64", "SrcName": "busybox", "SrcVersion": "1.35.0-r29", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", "DependsOn": [ "libcrypto3@3.0.7-r0", "libssl3@3.0.7-r0", "musl@1.2.3-r4" ], "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "Digest": "sha1:42ea998de3fa5c6f39236f6d3a2096a1f2fc0a3d", "InstalledFiles": [ "usr/bin/ssl_client" ], "AnalyzedBy": "apk" }, { "ID": "tzdata@2022f-r1", "Name": "tzdata", "Identifier": { "PURL": "pkg:apk/alpine/tzdata@2022f-r1?arch=x86_64\u0026distro=3.17.0", "UID": "16cbdb52acce2be1" }, "Version": "2022f-r1", "Arch": "x86_64", "SrcName": "tzdata", "SrcVersion": "2022f-r1", "Licenses": [ "Public-Domain" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:218554a38a3b1cfdc7e018c6611c9fac89e96e5c509a1472cd144154c6a96786", "DiffID": "sha256:62e842859b7236f68a494bb2ccc03b4ada62270c8410cd26cb1c2586c5cdd4d7" }, "Digest": "sha1:7752b6fc9e327fcddcd2055382debad1362804fd", "InstalledFiles": [ "usr/share/zoneinfo/CET", "usr/share/zoneinfo/CST6CDT", "usr/share/zoneinfo/Cuba", "usr/share/zoneinfo/EET", "usr/share/zoneinfo/EST", "usr/share/zoneinfo/EST5EDT", "usr/share/zoneinfo/Egypt", "usr/share/zoneinfo/Eire", "usr/share/zoneinfo/Factory", "usr/share/zoneinfo/GB", "usr/share/zoneinfo/GB-Eire", "usr/share/zoneinfo/GMT", "usr/share/zoneinfo/GMT+0", "usr/share/zoneinfo/GMT-0", "usr/share/zoneinfo/GMT0", "usr/share/zoneinfo/Greenwich", "usr/share/zoneinfo/HST", "usr/share/zoneinfo/Hongkong", "usr/share/zoneinfo/Iceland", "usr/share/zoneinfo/Iran", "usr/share/zoneinfo/Israel", "usr/share/zoneinfo/Jamaica", "usr/share/zoneinfo/Japan", "usr/share/zoneinfo/Kwajalein", "usr/share/zoneinfo/Libya", "usr/share/zoneinfo/MET", "usr/share/zoneinfo/MST", "usr/share/zoneinfo/MST7MDT", "usr/share/zoneinfo/NZ", "usr/share/zoneinfo/NZ-CHAT", "usr/share/zoneinfo/Navajo", "usr/share/zoneinfo/PRC", "usr/share/zoneinfo/PST8PDT", "usr/share/zoneinfo/Poland", "usr/share/zoneinfo/Portugal", "usr/share/zoneinfo/ROC", "usr/share/zoneinfo/ROK", "usr/share/zoneinfo/Singapore", "usr/share/zoneinfo/Turkey", "usr/share/zoneinfo/UCT", "usr/share/zoneinfo/UTC", "usr/share/zoneinfo/Universal", "usr/share/zoneinfo/W-SU", "usr/share/zoneinfo/WET", "usr/share/zoneinfo/Zulu", "usr/share/zoneinfo/iso3166.tab", "usr/share/zoneinfo/leap-seconds.list", "usr/share/zoneinfo/posixrules", "usr/share/zoneinfo/zone.tab", "usr/share/zoneinfo/zone1970.tab", "usr/share/zoneinfo/Africa/Abidjan", "usr/share/zoneinfo/Africa/Accra", "usr/share/zoneinfo/Africa/Addis_Ababa", "usr/share/zoneinfo/Africa/Algiers", "usr/share/zoneinfo/Africa/Asmara", "usr/share/zoneinfo/Africa/Asmera", "usr/share/zoneinfo/Africa/Bamako", "usr/share/zoneinfo/Africa/Bangui", "usr/share/zoneinfo/Africa/Banjul", "usr/share/zoneinfo/Africa/Bissau", "usr/share/zoneinfo/Africa/Blantyre", "usr/share/zoneinfo/Africa/Brazzaville", "usr/share/zoneinfo/Africa/Bujumbura", "usr/share/zoneinfo/Africa/Cairo", "usr/share/zoneinfo/Africa/Casablanca", "usr/share/zoneinfo/Africa/Ceuta", "usr/share/zoneinfo/Africa/Conakry", "usr/share/zoneinfo/Africa/Dakar", "usr/share/zoneinfo/Africa/Dar_es_Salaam", "usr/share/zoneinfo/Africa/Djibouti", "usr/share/zoneinfo/Africa/Douala", "usr/share/zoneinfo/Africa/El_Aaiun", "usr/share/zoneinfo/Africa/Freetown", "usr/share/zoneinfo/Africa/Gaborone", "usr/share/zoneinfo/Africa/Harare", "usr/share/zoneinfo/Africa/Johannesburg", "usr/share/zoneinfo/Africa/Juba", "usr/share/zoneinfo/Africa/Kampala", "usr/share/zoneinfo/Africa/Khartoum", "usr/share/zoneinfo/Africa/Kigali", "usr/share/zoneinfo/Africa/Kinshasa", "usr/share/zoneinfo/Africa/Lagos", "usr/share/zoneinfo/Africa/Libreville", "usr/share/zoneinfo/Africa/Lome", "usr/share/zoneinfo/Africa/Luanda", "usr/share/zoneinfo/Africa/Lubumbashi", "usr/share/zoneinfo/Africa/Lusaka", "usr/share/zoneinfo/Africa/Malabo", "usr/share/zoneinfo/Africa/Maputo", "usr/share/zoneinfo/Africa/Maseru", "usr/share/zoneinfo/Africa/Mbabane", "usr/share/zoneinfo/Africa/Mogadishu", "usr/share/zoneinfo/Africa/Monrovia", "usr/share/zoneinfo/Africa/Nairobi", "usr/share/zoneinfo/Africa/Ndjamena", "usr/share/zoneinfo/Africa/Niamey", "usr/share/zoneinfo/Africa/Nouakchott", "usr/share/zoneinfo/Africa/Ouagadougou", "usr/share/zoneinfo/Africa/Porto-Novo", "usr/share/zoneinfo/Africa/Sao_Tome", "usr/share/zoneinfo/Africa/Timbuktu", "usr/share/zoneinfo/Africa/Tripoli", "usr/share/zoneinfo/Africa/Tunis", "usr/share/zoneinfo/Africa/Windhoek", "usr/share/zoneinfo/America/Adak", "usr/share/zoneinfo/America/Anchorage", "usr/share/zoneinfo/America/Anguilla", "usr/share/zoneinfo/America/Antigua", "usr/share/zoneinfo/America/Araguaina", "usr/share/zoneinfo/America/Aruba", "usr/share/zoneinfo/America/Asuncion", "usr/share/zoneinfo/America/Atikokan", "usr/share/zoneinfo/America/Atka", "usr/share/zoneinfo/America/Bahia", "usr/share/zoneinfo/America/Bahia_Banderas", "usr/share/zoneinfo/America/Barbados", "usr/share/zoneinfo/America/Belem", "usr/share/zoneinfo/America/Belize", "usr/share/zoneinfo/America/Blanc-Sablon", "usr/share/zoneinfo/America/Boa_Vista", "usr/share/zoneinfo/America/Bogota", "usr/share/zoneinfo/America/Boise", "usr/share/zoneinfo/America/Buenos_Aires", "usr/share/zoneinfo/America/Cambridge_Bay", "usr/share/zoneinfo/America/Campo_Grande", "usr/share/zoneinfo/America/Cancun", "usr/share/zoneinfo/America/Caracas", "usr/share/zoneinfo/America/Catamarca", "usr/share/zoneinfo/America/Cayenne", "usr/share/zoneinfo/America/Cayman", "usr/share/zoneinfo/America/Chicago", "usr/share/zoneinfo/America/Chihuahua", "usr/share/zoneinfo/America/Coral_Harbour", "usr/share/zoneinfo/America/Cordoba", "usr/share/zoneinfo/America/Costa_Rica", "usr/share/zoneinfo/America/Creston", "usr/share/zoneinfo/America/Cuiaba", "usr/share/zoneinfo/America/Curacao", "usr/share/zoneinfo/America/Danmarkshavn", "usr/share/zoneinfo/America/Dawson", "usr/share/zoneinfo/America/Dawson_Creek", "usr/share/zoneinfo/America/Denver", "usr/share/zoneinfo/America/Detroit", "usr/share/zoneinfo/America/Dominica", "usr/share/zoneinfo/America/Edmonton", "usr/share/zoneinfo/America/Eirunepe", "usr/share/zoneinfo/America/El_Salvador", "usr/share/zoneinfo/America/Ensenada", "usr/share/zoneinfo/America/Fort_Nelson", "usr/share/zoneinfo/America/Fort_Wayne", "usr/share/zoneinfo/America/Fortaleza", "usr/share/zoneinfo/America/Glace_Bay", "usr/share/zoneinfo/America/Godthab", "usr/share/zoneinfo/America/Goose_Bay", "usr/share/zoneinfo/America/Grand_Turk", "usr/share/zoneinfo/America/Grenada", "usr/share/zoneinfo/America/Guadeloupe", "usr/share/zoneinfo/America/Guatemala", "usr/share/zoneinfo/America/Guayaquil", "usr/share/zoneinfo/America/Guyana", "usr/share/zoneinfo/America/Halifax", "usr/share/zoneinfo/America/Havana", "usr/share/zoneinfo/America/Hermosillo", "usr/share/zoneinfo/America/Indianapolis", "usr/share/zoneinfo/America/Inuvik", "usr/share/zoneinfo/America/Iqaluit", "usr/share/zoneinfo/America/Jamaica", "usr/share/zoneinfo/America/Jujuy", "usr/share/zoneinfo/America/Juneau", "usr/share/zoneinfo/America/Knox_IN", "usr/share/zoneinfo/America/Kralendijk", "usr/share/zoneinfo/America/La_Paz", "usr/share/zoneinfo/America/Lima", "usr/share/zoneinfo/America/Los_Angeles", "usr/share/zoneinfo/America/Louisville", "usr/share/zoneinfo/America/Lower_Princes", "usr/share/zoneinfo/America/Maceio", "usr/share/zoneinfo/America/Managua", "usr/share/zoneinfo/America/Manaus", "usr/share/zoneinfo/America/Marigot", "usr/share/zoneinfo/America/Martinique", "usr/share/zoneinfo/America/Matamoros", "usr/share/zoneinfo/America/Mazatlan", "usr/share/zoneinfo/America/Mendoza", "usr/share/zoneinfo/America/Menominee", "usr/share/zoneinfo/America/Merida", "usr/share/zoneinfo/America/Metlakatla", "usr/share/zoneinfo/America/Mexico_City", "usr/share/zoneinfo/America/Miquelon", "usr/share/zoneinfo/America/Moncton", "usr/share/zoneinfo/America/Monterrey", "usr/share/zoneinfo/America/Montevideo", "usr/share/zoneinfo/America/Montreal", "usr/share/zoneinfo/America/Montserrat", "usr/share/zoneinfo/America/Nassau", "usr/share/zoneinfo/America/New_York", "usr/share/zoneinfo/America/Nipigon", "usr/share/zoneinfo/America/Nome", "usr/share/zoneinfo/America/Noronha", "usr/share/zoneinfo/America/Nuuk", "usr/share/zoneinfo/America/Ojinaga", "usr/share/zoneinfo/America/Panama", "usr/share/zoneinfo/America/Pangnirtung", "usr/share/zoneinfo/America/Paramaribo", "usr/share/zoneinfo/America/Phoenix", "usr/share/zoneinfo/America/Port-au-Prince", "usr/share/zoneinfo/America/Port_of_Spain", "usr/share/zoneinfo/America/Porto_Acre", "usr/share/zoneinfo/America/Porto_Velho", "usr/share/zoneinfo/America/Puerto_Rico", "usr/share/zoneinfo/America/Punta_Arenas", "usr/share/zoneinfo/America/Rainy_River", "usr/share/zoneinfo/America/Rankin_Inlet", "usr/share/zoneinfo/America/Recife", "usr/share/zoneinfo/America/Regina", "usr/share/zoneinfo/America/Resolute", "usr/share/zoneinfo/America/Rio_Branco", "usr/share/zoneinfo/America/Rosario", "usr/share/zoneinfo/America/Santa_Isabel", "usr/share/zoneinfo/America/Santarem", "usr/share/zoneinfo/America/Santiago", "usr/share/zoneinfo/America/Santo_Domingo", "usr/share/zoneinfo/America/Sao_Paulo", "usr/share/zoneinfo/America/Scoresbysund", "usr/share/zoneinfo/America/Shiprock", "usr/share/zoneinfo/America/Sitka", "usr/share/zoneinfo/America/St_Barthelemy", "usr/share/zoneinfo/America/St_Johns", "usr/share/zoneinfo/America/St_Kitts", "usr/share/zoneinfo/America/St_Lucia", "usr/share/zoneinfo/America/St_Thomas", "usr/share/zoneinfo/America/St_Vincent", "usr/share/zoneinfo/America/Swift_Current", "usr/share/zoneinfo/America/Tegucigalpa", "usr/share/zoneinfo/America/Thule", "usr/share/zoneinfo/America/Thunder_Bay", "usr/share/zoneinfo/America/Tijuana", "usr/share/zoneinfo/America/Toronto", "usr/share/zoneinfo/America/Tortola", "usr/share/zoneinfo/America/Vancouver", "usr/share/zoneinfo/America/Virgin", "usr/share/zoneinfo/America/Whitehorse", "usr/share/zoneinfo/America/Winnipeg", "usr/share/zoneinfo/America/Yakutat", "usr/share/zoneinfo/America/Yellowknife", "usr/share/zoneinfo/America/Argentina/Buenos_Aires", "usr/share/zoneinfo/America/Argentina/Catamarca", "usr/share/zoneinfo/America/Argentina/ComodRivadavia", "usr/share/zoneinfo/America/Argentina/Cordoba", "usr/share/zoneinfo/America/Argentina/Jujuy", "usr/share/zoneinfo/America/Argentina/La_Rioja", "usr/share/zoneinfo/America/Argentina/Mendoza", "usr/share/zoneinfo/America/Argentina/Rio_Gallegos", "usr/share/zoneinfo/America/Argentina/Salta", "usr/share/zoneinfo/America/Argentina/San_Juan", "usr/share/zoneinfo/America/Argentina/San_Luis", "usr/share/zoneinfo/America/Argentina/Tucuman", "usr/share/zoneinfo/America/Argentina/Ushuaia", "usr/share/zoneinfo/America/Indiana/Indianapolis", "usr/share/zoneinfo/America/Indiana/Knox", "usr/share/zoneinfo/America/Indiana/Marengo", "usr/share/zoneinfo/America/Indiana/Petersburg", "usr/share/zoneinfo/America/Indiana/Tell_City", "usr/share/zoneinfo/America/Indiana/Vevay", "usr/share/zoneinfo/America/Indiana/Vincennes", "usr/share/zoneinfo/America/Indiana/Winamac", "usr/share/zoneinfo/America/Kentucky/Louisville", "usr/share/zoneinfo/America/Kentucky/Monticello", "usr/share/zoneinfo/America/North_Dakota/Beulah", "usr/share/zoneinfo/America/North_Dakota/Center", "usr/share/zoneinfo/America/North_Dakota/New_Salem", "usr/share/zoneinfo/Antarctica/Casey", "usr/share/zoneinfo/Antarctica/Davis", "usr/share/zoneinfo/Antarctica/DumontDUrville", "usr/share/zoneinfo/Antarctica/Macquarie", "usr/share/zoneinfo/Antarctica/Mawson", "usr/share/zoneinfo/Antarctica/McMurdo", "usr/share/zoneinfo/Antarctica/Palmer", "usr/share/zoneinfo/Antarctica/Rothera", "usr/share/zoneinfo/Antarctica/South_Pole", "usr/share/zoneinfo/Antarctica/Syowa", "usr/share/zoneinfo/Antarctica/Troll", "usr/share/zoneinfo/Antarctica/Vostok", "usr/share/zoneinfo/Arctic/Longyearbyen", "usr/share/zoneinfo/Asia/Aden", "usr/share/zoneinfo/Asia/Almaty", "usr/share/zoneinfo/Asia/Amman", "usr/share/zoneinfo/Asia/Anadyr", "usr/share/zoneinfo/Asia/Aqtau", "usr/share/zoneinfo/Asia/Aqtobe", "usr/share/zoneinfo/Asia/Ashgabat", "usr/share/zoneinfo/Asia/Ashkhabad", "usr/share/zoneinfo/Asia/Atyrau", "usr/share/zoneinfo/Asia/Baghdad", "usr/share/zoneinfo/Asia/Bahrain", "usr/share/zoneinfo/Asia/Baku", "usr/share/zoneinfo/Asia/Bangkok", "usr/share/zoneinfo/Asia/Barnaul", "usr/share/zoneinfo/Asia/Beirut", "usr/share/zoneinfo/Asia/Bishkek", "usr/share/zoneinfo/Asia/Brunei", "usr/share/zoneinfo/Asia/Calcutta", "usr/share/zoneinfo/Asia/Chita", "usr/share/zoneinfo/Asia/Choibalsan", "usr/share/zoneinfo/Asia/Chongqing", "usr/share/zoneinfo/Asia/Chungking", "usr/share/zoneinfo/Asia/Colombo", "usr/share/zoneinfo/Asia/Dacca", "usr/share/zoneinfo/Asia/Damascus", "usr/share/zoneinfo/Asia/Dhaka", "usr/share/zoneinfo/Asia/Dili", "usr/share/zoneinfo/Asia/Dubai", "usr/share/zoneinfo/Asia/Dushanbe", "usr/share/zoneinfo/Asia/Famagusta", "usr/share/zoneinfo/Asia/Gaza", "usr/share/zoneinfo/Asia/Harbin", "usr/share/zoneinfo/Asia/Hebron", "usr/share/zoneinfo/Asia/Ho_Chi_Minh", "usr/share/zoneinfo/Asia/Hong_Kong", "usr/share/zoneinfo/Asia/Hovd", "usr/share/zoneinfo/Asia/Irkutsk", "usr/share/zoneinfo/Asia/Istanbul", "usr/share/zoneinfo/Asia/Jakarta", "usr/share/zoneinfo/Asia/Jayapura", "usr/share/zoneinfo/Asia/Jerusalem", "usr/share/zoneinfo/Asia/Kabul", "usr/share/zoneinfo/Asia/Kamchatka", "usr/share/zoneinfo/Asia/Karachi", "usr/share/zoneinfo/Asia/Kashgar", "usr/share/zoneinfo/Asia/Kathmandu", "usr/share/zoneinfo/Asia/Katmandu", "usr/share/zoneinfo/Asia/Khandyga", "usr/share/zoneinfo/Asia/Kolkata", "usr/share/zoneinfo/Asia/Krasnoyarsk", "usr/share/zoneinfo/Asia/Kuala_Lumpur", "usr/share/zoneinfo/Asia/Kuching", "usr/share/zoneinfo/Asia/Kuwait", "usr/share/zoneinfo/Asia/Macao", "usr/share/zoneinfo/Asia/Macau", "usr/share/zoneinfo/Asia/Magadan", "usr/share/zoneinfo/Asia/Makassar", "usr/share/zoneinfo/Asia/Manila", "usr/share/zoneinfo/Asia/Muscat", "usr/share/zoneinfo/Asia/Nicosia", "usr/share/zoneinfo/Asia/Novokuznetsk", "usr/share/zoneinfo/Asia/Novosibirsk", "usr/share/zoneinfo/Asia/Omsk", "usr/share/zoneinfo/Asia/Oral", "usr/share/zoneinfo/Asia/Phnom_Penh", "usr/share/zoneinfo/Asia/Pontianak", "usr/share/zoneinfo/Asia/Pyongyang", "usr/share/zoneinfo/Asia/Qatar", "usr/share/zoneinfo/Asia/Qostanay", "usr/share/zoneinfo/Asia/Qyzylorda", "usr/share/zoneinfo/Asia/Rangoon", "usr/share/zoneinfo/Asia/Riyadh", "usr/share/zoneinfo/Asia/Saigon", "usr/share/zoneinfo/Asia/Sakhalin", "usr/share/zoneinfo/Asia/Samarkand", "usr/share/zoneinfo/Asia/Seoul", "usr/share/zoneinfo/Asia/Shanghai", "usr/share/zoneinfo/Asia/Singapore", "usr/share/zoneinfo/Asia/Srednekolymsk", "usr/share/zoneinfo/Asia/Taipei", "usr/share/zoneinfo/Asia/Tashkent", "usr/share/zoneinfo/Asia/Tbilisi", "usr/share/zoneinfo/Asia/Tehran", "usr/share/zoneinfo/Asia/Tel_Aviv", "usr/share/zoneinfo/Asia/Thimbu", "usr/share/zoneinfo/Asia/Thimphu", "usr/share/zoneinfo/Asia/Tokyo", "usr/share/zoneinfo/Asia/Tomsk", "usr/share/zoneinfo/Asia/Ujung_Pandang", "usr/share/zoneinfo/Asia/Ulaanbaatar", "usr/share/zoneinfo/Asia/Ulan_Bator", "usr/share/zoneinfo/Asia/Urumqi", "usr/share/zoneinfo/Asia/Ust-Nera", "usr/share/zoneinfo/Asia/Vientiane", "usr/share/zoneinfo/Asia/Vladivostok", "usr/share/zoneinfo/Asia/Yakutsk", "usr/share/zoneinfo/Asia/Yangon", "usr/share/zoneinfo/Asia/Yekaterinburg", "usr/share/zoneinfo/Asia/Yerevan", "usr/share/zoneinfo/Atlantic/Azores", "usr/share/zoneinfo/Atlantic/Bermuda", "usr/share/zoneinfo/Atlantic/Canary", "usr/share/zoneinfo/Atlantic/Cape_Verde", "usr/share/zoneinfo/Atlantic/Faeroe", "usr/share/zoneinfo/Atlantic/Faroe", "usr/share/zoneinfo/Atlantic/Jan_Mayen", "usr/share/zoneinfo/Atlantic/Madeira", "usr/share/zoneinfo/Atlantic/Reykjavik", "usr/share/zoneinfo/Atlantic/South_Georgia", "usr/share/zoneinfo/Atlantic/St_Helena", "usr/share/zoneinfo/Atlantic/Stanley", "usr/share/zoneinfo/Australia/ACT", "usr/share/zoneinfo/Australia/Adelaide", "usr/share/zoneinfo/Australia/Brisbane", "usr/share/zoneinfo/Australia/Broken_Hill", "usr/share/zoneinfo/Australia/Canberra", "usr/share/zoneinfo/Australia/Currie", "usr/share/zoneinfo/Australia/Darwin", "usr/share/zoneinfo/Australia/Eucla", "usr/share/zoneinfo/Australia/Hobart", "usr/share/zoneinfo/Australia/LHI", "usr/share/zoneinfo/Australia/Lindeman", "usr/share/zoneinfo/Australia/Lord_Howe", "usr/share/zoneinfo/Australia/Melbourne", "usr/share/zoneinfo/Australia/NSW", "usr/share/zoneinfo/Australia/North", "usr/share/zoneinfo/Australia/Perth", "usr/share/zoneinfo/Australia/Queensland", "usr/share/zoneinfo/Australia/South", "usr/share/zoneinfo/Australia/Sydney", "usr/share/zoneinfo/Australia/Tasmania", "usr/share/zoneinfo/Australia/Victoria", "usr/share/zoneinfo/Australia/West", "usr/share/zoneinfo/Australia/Yancowinna", "usr/share/zoneinfo/Brazil/Acre", "usr/share/zoneinfo/Brazil/DeNoronha", "usr/share/zoneinfo/Brazil/East", "usr/share/zoneinfo/Brazil/West", "usr/share/zoneinfo/Canada/Atlantic", "usr/share/zoneinfo/Canada/Central", "usr/share/zoneinfo/Canada/Eastern", "usr/share/zoneinfo/Canada/Mountain", "usr/share/zoneinfo/Canada/Newfoundland", "usr/share/zoneinfo/Canada/Pacific", "usr/share/zoneinfo/Canada/Saskatchewan", "usr/share/zoneinfo/Canada/Yukon", "usr/share/zoneinfo/Chile/Continental", "usr/share/zoneinfo/Chile/EasterIsland", "usr/share/zoneinfo/Etc/GMT", "usr/share/zoneinfo/Etc/GMT+0", "usr/share/zoneinfo/Etc/GMT+1", "usr/share/zoneinfo/Etc/GMT+10", "usr/share/zoneinfo/Etc/GMT+11", "usr/share/zoneinfo/Etc/GMT+12", "usr/share/zoneinfo/Etc/GMT+2", "usr/share/zoneinfo/Etc/GMT+3", "usr/share/zoneinfo/Etc/GMT+4", "usr/share/zoneinfo/Etc/GMT+5", "usr/share/zoneinfo/Etc/GMT+6", "usr/share/zoneinfo/Etc/GMT+7", "usr/share/zoneinfo/Etc/GMT+8", "usr/share/zoneinfo/Etc/GMT+9", "usr/share/zoneinfo/Etc/GMT-0", "usr/share/zoneinfo/Etc/GMT-1", "usr/share/zoneinfo/Etc/GMT-10", "usr/share/zoneinfo/Etc/GMT-11", "usr/share/zoneinfo/Etc/GMT-12", "usr/share/zoneinfo/Etc/GMT-13", "usr/share/zoneinfo/Etc/GMT-14", "usr/share/zoneinfo/Etc/GMT-2", "usr/share/zoneinfo/Etc/GMT-3", "usr/share/zoneinfo/Etc/GMT-4", "usr/share/zoneinfo/Etc/GMT-5", "usr/share/zoneinfo/Etc/GMT-6", "usr/share/zoneinfo/Etc/GMT-7", "usr/share/zoneinfo/Etc/GMT-8", "usr/share/zoneinfo/Etc/GMT-9", "usr/share/zoneinfo/Etc/GMT0", "usr/share/zoneinfo/Etc/Greenwich", "usr/share/zoneinfo/Etc/UCT", "usr/share/zoneinfo/Etc/UTC", "usr/share/zoneinfo/Etc/Universal", "usr/share/zoneinfo/Etc/Zulu", "usr/share/zoneinfo/Europe/Amsterdam", "usr/share/zoneinfo/Europe/Andorra", "usr/share/zoneinfo/Europe/Astrakhan", "usr/share/zoneinfo/Europe/Athens", "usr/share/zoneinfo/Europe/Belfast", "usr/share/zoneinfo/Europe/Belgrade", "usr/share/zoneinfo/Europe/Berlin", "usr/share/zoneinfo/Europe/Bratislava", "usr/share/zoneinfo/Europe/Brussels", "usr/share/zoneinfo/Europe/Bucharest", "usr/share/zoneinfo/Europe/Budapest", "usr/share/zoneinfo/Europe/Busingen", "usr/share/zoneinfo/Europe/Chisinau", "usr/share/zoneinfo/Europe/Copenhagen", "usr/share/zoneinfo/Europe/Dublin", "usr/share/zoneinfo/Europe/Gibraltar", "usr/share/zoneinfo/Europe/Guernsey", "usr/share/zoneinfo/Europe/Helsinki", "usr/share/zoneinfo/Europe/Isle_of_Man", "usr/share/zoneinfo/Europe/Istanbul", "usr/share/zoneinfo/Europe/Jersey", "usr/share/zoneinfo/Europe/Kaliningrad", "usr/share/zoneinfo/Europe/Kiev", "usr/share/zoneinfo/Europe/Kirov", "usr/share/zoneinfo/Europe/Kyiv", "usr/share/zoneinfo/Europe/Lisbon", "usr/share/zoneinfo/Europe/Ljubljana", "usr/share/zoneinfo/Europe/London", "usr/share/zoneinfo/Europe/Luxembourg", "usr/share/zoneinfo/Europe/Madrid", "usr/share/zoneinfo/Europe/Malta", "usr/share/zoneinfo/Europe/Mariehamn", "usr/share/zoneinfo/Europe/Minsk", "usr/share/zoneinfo/Europe/Monaco", "usr/share/zoneinfo/Europe/Moscow", "usr/share/zoneinfo/Europe/Nicosia", "usr/share/zoneinfo/Europe/Oslo", "usr/share/zoneinfo/Europe/Paris", "usr/share/zoneinfo/Europe/Podgorica", "usr/share/zoneinfo/Europe/Prague", "usr/share/zoneinfo/Europe/Riga", "usr/share/zoneinfo/Europe/Rome", "usr/share/zoneinfo/Europe/Samara", "usr/share/zoneinfo/Europe/San_Marino", "usr/share/zoneinfo/Europe/Sarajevo", "usr/share/zoneinfo/Europe/Saratov", "usr/share/zoneinfo/Europe/Simferopol", "usr/share/zoneinfo/Europe/Skopje", "usr/share/zoneinfo/Europe/Sofia", "usr/share/zoneinfo/Europe/Stockholm", "usr/share/zoneinfo/Europe/Tallinn", "usr/share/zoneinfo/Europe/Tirane", "usr/share/zoneinfo/Europe/Tiraspol", "usr/share/zoneinfo/Europe/Ulyanovsk", "usr/share/zoneinfo/Europe/Uzhgorod", "usr/share/zoneinfo/Europe/Vaduz", "usr/share/zoneinfo/Europe/Vatican", "usr/share/zoneinfo/Europe/Vienna", "usr/share/zoneinfo/Europe/Vilnius", "usr/share/zoneinfo/Europe/Volgograd", "usr/share/zoneinfo/Europe/Warsaw", "usr/share/zoneinfo/Europe/Zagreb", "usr/share/zoneinfo/Europe/Zaporozhye", "usr/share/zoneinfo/Europe/Zurich", "usr/share/zoneinfo/Indian/Antananarivo", "usr/share/zoneinfo/Indian/Chagos", "usr/share/zoneinfo/Indian/Christmas", "usr/share/zoneinfo/Indian/Cocos", "usr/share/zoneinfo/Indian/Comoro", "usr/share/zoneinfo/Indian/Kerguelen", "usr/share/zoneinfo/Indian/Mahe", "usr/share/zoneinfo/Indian/Maldives", "usr/share/zoneinfo/Indian/Mauritius", "usr/share/zoneinfo/Indian/Mayotte", "usr/share/zoneinfo/Indian/Reunion", "usr/share/zoneinfo/Mexico/BajaNorte", "usr/share/zoneinfo/Mexico/BajaSur", "usr/share/zoneinfo/Mexico/General", "usr/share/zoneinfo/Pacific/Apia", "usr/share/zoneinfo/Pacific/Auckland", "usr/share/zoneinfo/Pacific/Bougainville", "usr/share/zoneinfo/Pacific/Chatham", "usr/share/zoneinfo/Pacific/Chuuk", "usr/share/zoneinfo/Pacific/Easter", "usr/share/zoneinfo/Pacific/Efate", "usr/share/zoneinfo/Pacific/Enderbury", "usr/share/zoneinfo/Pacific/Fakaofo", "usr/share/zoneinfo/Pacific/Fiji", "usr/share/zoneinfo/Pacific/Funafuti", "usr/share/zoneinfo/Pacific/Galapagos", "usr/share/zoneinfo/Pacific/Gambier", "usr/share/zoneinfo/Pacific/Guadalcanal", "usr/share/zoneinfo/Pacific/Guam", "usr/share/zoneinfo/Pacific/Honolulu", "usr/share/zoneinfo/Pacific/Johnston", "usr/share/zoneinfo/Pacific/Kanton", "usr/share/zoneinfo/Pacific/Kiritimati", "usr/share/zoneinfo/Pacific/Kosrae", "usr/share/zoneinfo/Pacific/Kwajalein", "usr/share/zoneinfo/Pacific/Majuro", "usr/share/zoneinfo/Pacific/Marquesas", "usr/share/zoneinfo/Pacific/Midway", "usr/share/zoneinfo/Pacific/Nauru", "usr/share/zoneinfo/Pacific/Niue", "usr/share/zoneinfo/Pacific/Norfolk", "usr/share/zoneinfo/Pacific/Noumea", "usr/share/zoneinfo/Pacific/Pago_Pago", "usr/share/zoneinfo/Pacific/Palau", "usr/share/zoneinfo/Pacific/Pitcairn", "usr/share/zoneinfo/Pacific/Pohnpei", "usr/share/zoneinfo/Pacific/Ponape", "usr/share/zoneinfo/Pacific/Port_Moresby", "usr/share/zoneinfo/Pacific/Rarotonga", "usr/share/zoneinfo/Pacific/Saipan", "usr/share/zoneinfo/Pacific/Samoa", "usr/share/zoneinfo/Pacific/Tahiti", "usr/share/zoneinfo/Pacific/Tarawa", "usr/share/zoneinfo/Pacific/Tongatapu", "usr/share/zoneinfo/Pacific/Truk", "usr/share/zoneinfo/Pacific/Wake", "usr/share/zoneinfo/Pacific/Wallis", "usr/share/zoneinfo/Pacific/Yap", "usr/share/zoneinfo/US/Alaska", "usr/share/zoneinfo/US/Aleutian", "usr/share/zoneinfo/US/Arizona", "usr/share/zoneinfo/US/Central", "usr/share/zoneinfo/US/East-Indiana", "usr/share/zoneinfo/US/Eastern", "usr/share/zoneinfo/US/Hawaii", "usr/share/zoneinfo/US/Indiana-Starke", "usr/share/zoneinfo/US/Michigan", "usr/share/zoneinfo/US/Mountain", "usr/share/zoneinfo/US/Pacific", "usr/share/zoneinfo/US/Samoa", "usr/share/zoneinfo/right/CET", "usr/share/zoneinfo/right/CST6CDT", "usr/share/zoneinfo/right/Cuba", "usr/share/zoneinfo/right/EET", "usr/share/zoneinfo/right/EST", "usr/share/zoneinfo/right/EST5EDT", "usr/share/zoneinfo/right/Egypt", "usr/share/zoneinfo/right/Eire", "usr/share/zoneinfo/right/Factory", "usr/share/zoneinfo/right/GB", "usr/share/zoneinfo/right/GB-Eire", "usr/share/zoneinfo/right/GMT", "usr/share/zoneinfo/right/GMT+0", "usr/share/zoneinfo/right/GMT-0", "usr/share/zoneinfo/right/GMT0", "usr/share/zoneinfo/right/Greenwich", "usr/share/zoneinfo/right/HST", "usr/share/zoneinfo/right/Hongkong", "usr/share/zoneinfo/right/Iceland", "usr/share/zoneinfo/right/Iran", "usr/share/zoneinfo/right/Israel", "usr/share/zoneinfo/right/Jamaica", "usr/share/zoneinfo/right/Japan", "usr/share/zoneinfo/right/Kwajalein", "usr/share/zoneinfo/right/Libya", "usr/share/zoneinfo/right/MET", "usr/share/zoneinfo/right/MST", "usr/share/zoneinfo/right/MST7MDT", "usr/share/zoneinfo/right/NZ", "usr/share/zoneinfo/right/NZ-CHAT", "usr/share/zoneinfo/right/Navajo", "usr/share/zoneinfo/right/PRC", "usr/share/zoneinfo/right/PST8PDT", "usr/share/zoneinfo/right/Poland", "usr/share/zoneinfo/right/Portugal", "usr/share/zoneinfo/right/ROC", "usr/share/zoneinfo/right/ROK", "usr/share/zoneinfo/right/Singapore", "usr/share/zoneinfo/right/Turkey", "usr/share/zoneinfo/right/UCT", "usr/share/zoneinfo/right/UTC", "usr/share/zoneinfo/right/Universal", "usr/share/zoneinfo/right/W-SU", "usr/share/zoneinfo/right/WET", "usr/share/zoneinfo/right/Zulu", "usr/share/zoneinfo/right/Africa/Abidjan", "usr/share/zoneinfo/right/Africa/Accra", "usr/share/zoneinfo/right/Africa/Addis_Ababa", "usr/share/zoneinfo/right/Africa/Algiers", "usr/share/zoneinfo/right/Africa/Asmara", "usr/share/zoneinfo/right/Africa/Asmera", "usr/share/zoneinfo/right/Africa/Bamako", "usr/share/zoneinfo/right/Africa/Bangui", "usr/share/zoneinfo/right/Africa/Banjul", "usr/share/zoneinfo/right/Africa/Bissau", "usr/share/zoneinfo/right/Africa/Blantyre", "usr/share/zoneinfo/right/Africa/Brazzaville", "usr/share/zoneinfo/right/Africa/Bujumbura", "usr/share/zoneinfo/right/Africa/Cairo", "usr/share/zoneinfo/right/Africa/Casablanca", "usr/share/zoneinfo/right/Africa/Ceuta", "usr/share/zoneinfo/right/Africa/Conakry", "usr/share/zoneinfo/right/Africa/Dakar", "usr/share/zoneinfo/right/Africa/Dar_es_Salaam", "usr/share/zoneinfo/right/Africa/Djibouti", "usr/share/zoneinfo/right/Africa/Douala", "usr/share/zoneinfo/right/Africa/El_Aaiun", "usr/share/zoneinfo/right/Africa/Freetown", "usr/share/zoneinfo/right/Africa/Gaborone", "usr/share/zoneinfo/right/Africa/Harare", "usr/share/zoneinfo/right/Africa/Johannesburg", "usr/share/zoneinfo/right/Africa/Juba", "usr/share/zoneinfo/right/Africa/Kampala", "usr/share/zoneinfo/right/Africa/Khartoum", "usr/share/zoneinfo/right/Africa/Kigali", "usr/share/zoneinfo/right/Africa/Kinshasa", "usr/share/zoneinfo/right/Africa/Lagos", "usr/share/zoneinfo/right/Africa/Libreville", "usr/share/zoneinfo/right/Africa/Lome", "usr/share/zoneinfo/right/Africa/Luanda", "usr/share/zoneinfo/right/Africa/Lubumbashi", "usr/share/zoneinfo/right/Africa/Lusaka", "usr/share/zoneinfo/right/Africa/Malabo", "usr/share/zoneinfo/right/Africa/Maputo", "usr/share/zoneinfo/right/Africa/Maseru", "usr/share/zoneinfo/right/Africa/Mbabane", "usr/share/zoneinfo/right/Africa/Mogadishu", "usr/share/zoneinfo/right/Africa/Monrovia", "usr/share/zoneinfo/right/Africa/Nairobi", "usr/share/zoneinfo/right/Africa/Ndjamena", "usr/share/zoneinfo/right/Africa/Niamey", "usr/share/zoneinfo/right/Africa/Nouakchott", "usr/share/zoneinfo/right/Africa/Ouagadougou", "usr/share/zoneinfo/right/Africa/Porto-Novo", "usr/share/zoneinfo/right/Africa/Sao_Tome", "usr/share/zoneinfo/right/Africa/Timbuktu", "usr/share/zoneinfo/right/Africa/Tripoli", "usr/share/zoneinfo/right/Africa/Tunis", "usr/share/zoneinfo/right/Africa/Windhoek", "usr/share/zoneinfo/right/America/Adak", "usr/share/zoneinfo/right/America/Anchorage", "usr/share/zoneinfo/right/America/Anguilla", "usr/share/zoneinfo/right/America/Antigua", "usr/share/zoneinfo/right/America/Araguaina", "usr/share/zoneinfo/right/America/Aruba", "usr/share/zoneinfo/right/America/Asuncion", "usr/share/zoneinfo/right/America/Atikokan", "usr/share/zoneinfo/right/America/Atka", "usr/share/zoneinfo/right/America/Bahia", "usr/share/zoneinfo/right/America/Bahia_Banderas", "usr/share/zoneinfo/right/America/Barbados", "usr/share/zoneinfo/right/America/Belem", "usr/share/zoneinfo/right/America/Belize", "usr/share/zoneinfo/right/America/Blanc-Sablon", "usr/share/zoneinfo/right/America/Boa_Vista", "usr/share/zoneinfo/right/America/Bogota", "usr/share/zoneinfo/right/America/Boise", "usr/share/zoneinfo/right/America/Buenos_Aires", "usr/share/zoneinfo/right/America/Cambridge_Bay", "usr/share/zoneinfo/right/America/Campo_Grande", "usr/share/zoneinfo/right/America/Cancun", "usr/share/zoneinfo/right/America/Caracas", "usr/share/zoneinfo/right/America/Catamarca", "usr/share/zoneinfo/right/America/Cayenne", "usr/share/zoneinfo/right/America/Cayman", "usr/share/zoneinfo/right/America/Chicago", "usr/share/zoneinfo/right/America/Chihuahua", "usr/share/zoneinfo/right/America/Coral_Harbour", "usr/share/zoneinfo/right/America/Cordoba", "usr/share/zoneinfo/right/America/Costa_Rica", "usr/share/zoneinfo/right/America/Creston", "usr/share/zoneinfo/right/America/Cuiaba", "usr/share/zoneinfo/right/America/Curacao", "usr/share/zoneinfo/right/America/Danmarkshavn", "usr/share/zoneinfo/right/America/Dawson", "usr/share/zoneinfo/right/America/Dawson_Creek", "usr/share/zoneinfo/right/America/Denver", "usr/share/zoneinfo/right/America/Detroit", "usr/share/zoneinfo/right/America/Dominica", "usr/share/zoneinfo/right/America/Edmonton", "usr/share/zoneinfo/right/America/Eirunepe", "usr/share/zoneinfo/right/America/El_Salvador", "usr/share/zoneinfo/right/America/Ensenada", "usr/share/zoneinfo/right/America/Fort_Nelson", "usr/share/zoneinfo/right/America/Fort_Wayne", "usr/share/zoneinfo/right/America/Fortaleza", "usr/share/zoneinfo/right/America/Glace_Bay", "usr/share/zoneinfo/right/America/Godthab", "usr/share/zoneinfo/right/America/Goose_Bay", "usr/share/zoneinfo/right/America/Grand_Turk", "usr/share/zoneinfo/right/America/Grenada", "usr/share/zoneinfo/right/America/Guadeloupe", "usr/share/zoneinfo/right/America/Guatemala", "usr/share/zoneinfo/right/America/Guayaquil", "usr/share/zoneinfo/right/America/Guyana", "usr/share/zoneinfo/right/America/Halifax", "usr/share/zoneinfo/right/America/Havana", "usr/share/zoneinfo/right/America/Hermosillo", "usr/share/zoneinfo/right/America/Indianapolis", "usr/share/zoneinfo/right/America/Inuvik", "usr/share/zoneinfo/right/America/Iqaluit", "usr/share/zoneinfo/right/America/Jamaica", "usr/share/zoneinfo/right/America/Jujuy", "usr/share/zoneinfo/right/America/Juneau", "usr/share/zoneinfo/right/America/Knox_IN", "usr/share/zoneinfo/right/America/Kralendijk", "usr/share/zoneinfo/right/America/La_Paz", "usr/share/zoneinfo/right/America/Lima", "usr/share/zoneinfo/right/America/Los_Angeles", "usr/share/zoneinfo/right/America/Louisville", "usr/share/zoneinfo/right/America/Lower_Princes", "usr/share/zoneinfo/right/America/Maceio", "usr/share/zoneinfo/right/America/Managua", "usr/share/zoneinfo/right/America/Manaus", "usr/share/zoneinfo/right/America/Marigot", "usr/share/zoneinfo/right/America/Martinique", "usr/share/zoneinfo/right/America/Matamoros", "usr/share/zoneinfo/right/America/Mazatlan", "usr/share/zoneinfo/right/America/Mendoza", "usr/share/zoneinfo/right/America/Menominee", "usr/share/zoneinfo/right/America/Merida", "usr/share/zoneinfo/right/America/Metlakatla", "usr/share/zoneinfo/right/America/Mexico_City", "usr/share/zoneinfo/right/America/Miquelon", "usr/share/zoneinfo/right/America/Moncton", "usr/share/zoneinfo/right/America/Monterrey", "usr/share/zoneinfo/right/America/Montevideo", "usr/share/zoneinfo/right/America/Montreal", "usr/share/zoneinfo/right/America/Montserrat", "usr/share/zoneinfo/right/America/Nassau", "usr/share/zoneinfo/right/America/New_York", "usr/share/zoneinfo/right/America/Nipigon", "usr/share/zoneinfo/right/America/Nome", "usr/share/zoneinfo/right/America/Noronha", "usr/share/zoneinfo/right/America/Nuuk", "usr/share/zoneinfo/right/America/Ojinaga", "usr/share/zoneinfo/right/America/Panama", "usr/share/zoneinfo/right/America/Pangnirtung", "usr/share/zoneinfo/right/America/Paramaribo", "usr/share/zoneinfo/right/America/Phoenix", "usr/share/zoneinfo/right/America/Port-au-Prince", "usr/share/zoneinfo/right/America/Port_of_Spain", "usr/share/zoneinfo/right/America/Porto_Acre", "usr/share/zoneinfo/right/America/Porto_Velho", "usr/share/zoneinfo/right/America/Puerto_Rico", "usr/share/zoneinfo/right/America/Punta_Arenas", "usr/share/zoneinfo/right/America/Rainy_River", "usr/share/zoneinfo/right/America/Rankin_Inlet", "usr/share/zoneinfo/right/America/Recife", "usr/share/zoneinfo/right/America/Regina", "usr/share/zoneinfo/right/America/Resolute", "usr/share/zoneinfo/right/America/Rio_Branco", "usr/share/zoneinfo/right/America/Rosario", "usr/share/zoneinfo/right/America/Santa_Isabel", "usr/share/zoneinfo/right/America/Santarem", "usr/share/zoneinfo/right/America/Santiago", "usr/share/zoneinfo/right/America/Santo_Domingo", "usr/share/zoneinfo/right/America/Sao_Paulo", "usr/share/zoneinfo/right/America/Scoresbysund", "usr/share/zoneinfo/right/America/Shiprock", "usr/share/zoneinfo/right/America/Sitka", "usr/share/zoneinfo/right/America/St_Barthelemy", "usr/share/zoneinfo/right/America/St_Johns", "usr/share/zoneinfo/right/America/St_Kitts", "usr/share/zoneinfo/right/America/St_Lucia", "usr/share/zoneinfo/right/America/St_Thomas", "usr/share/zoneinfo/right/America/St_Vincent", "usr/share/zoneinfo/right/America/Swift_Current", "usr/share/zoneinfo/right/America/Tegucigalpa", "usr/share/zoneinfo/right/America/Thule", "usr/share/zoneinfo/right/America/Thunder_Bay", "usr/share/zoneinfo/right/America/Tijuana", "usr/share/zoneinfo/right/America/Toronto", "usr/share/zoneinfo/right/America/Tortola", "usr/share/zoneinfo/right/America/Vancouver", "usr/share/zoneinfo/right/America/Virgin", "usr/share/zoneinfo/right/America/Whitehorse", "usr/share/zoneinfo/right/America/Winnipeg", "usr/share/zoneinfo/right/America/Yakutat", "usr/share/zoneinfo/right/America/Yellowknife", "usr/share/zoneinfo/right/America/Argentina/Buenos_Aires", "usr/share/zoneinfo/right/America/Argentina/Catamarca", "usr/share/zoneinfo/right/America/Argentina/ComodRivadavia", "usr/share/zoneinfo/right/America/Argentina/Cordoba", "usr/share/zoneinfo/right/America/Argentina/Jujuy", "usr/share/zoneinfo/right/America/Argentina/La_Rioja", "usr/share/zoneinfo/right/America/Argentina/Mendoza", "usr/share/zoneinfo/right/America/Argentina/Rio_Gallegos", "usr/share/zoneinfo/right/America/Argentina/Salta", "usr/share/zoneinfo/right/America/Argentina/San_Juan", "usr/share/zoneinfo/right/America/Argentina/San_Luis", "usr/share/zoneinfo/right/America/Argentina/Tucuman", "usr/share/zoneinfo/right/America/Argentina/Ushuaia", "usr/share/zoneinfo/right/America/Indiana/Indianapolis", "usr/share/zoneinfo/right/America/Indiana/Knox", "usr/share/zoneinfo/right/America/Indiana/Marengo", "usr/share/zoneinfo/right/America/Indiana/Petersburg", "usr/share/zoneinfo/right/America/Indiana/Tell_City", "usr/share/zoneinfo/right/America/Indiana/Vevay", "usr/share/zoneinfo/right/America/Indiana/Vincennes", "usr/share/zoneinfo/right/America/Indiana/Winamac", "usr/share/zoneinfo/right/America/Kentucky/Louisville", "usr/share/zoneinfo/right/America/Kentucky/Monticello", "usr/share/zoneinfo/right/America/North_Dakota/Beulah", "usr/share/zoneinfo/right/America/North_Dakota/Center", "usr/share/zoneinfo/right/America/North_Dakota/New_Salem", "usr/share/zoneinfo/right/Antarctica/Casey", "usr/share/zoneinfo/right/Antarctica/Davis", "usr/share/zoneinfo/right/Antarctica/DumontDUrville", "usr/share/zoneinfo/right/Antarctica/Macquarie", "usr/share/zoneinfo/right/Antarctica/Mawson", "usr/share/zoneinfo/right/Antarctica/McMurdo", "usr/share/zoneinfo/right/Antarctica/Palmer", "usr/share/zoneinfo/right/Antarctica/Rothera", "usr/share/zoneinfo/right/Antarctica/South_Pole", "usr/share/zoneinfo/right/Antarctica/Syowa", "usr/share/zoneinfo/right/Antarctica/Troll", "usr/share/zoneinfo/right/Antarctica/Vostok", "usr/share/zoneinfo/right/Arctic/Longyearbyen", "usr/share/zoneinfo/right/Asia/Aden", "usr/share/zoneinfo/right/Asia/Almaty", "usr/share/zoneinfo/right/Asia/Amman", "usr/share/zoneinfo/right/Asia/Anadyr", "usr/share/zoneinfo/right/Asia/Aqtau", "usr/share/zoneinfo/right/Asia/Aqtobe", "usr/share/zoneinfo/right/Asia/Ashgabat", "usr/share/zoneinfo/right/Asia/Ashkhabad", "usr/share/zoneinfo/right/Asia/Atyrau", "usr/share/zoneinfo/right/Asia/Baghdad", "usr/share/zoneinfo/right/Asia/Bahrain", "usr/share/zoneinfo/right/Asia/Baku", "usr/share/zoneinfo/right/Asia/Bangkok", "usr/share/zoneinfo/right/Asia/Barnaul", "usr/share/zoneinfo/right/Asia/Beirut", "usr/share/zoneinfo/right/Asia/Bishkek", "usr/share/zoneinfo/right/Asia/Brunei", "usr/share/zoneinfo/right/Asia/Calcutta", "usr/share/zoneinfo/right/Asia/Chita", "usr/share/zoneinfo/right/Asia/Choibalsan", "usr/share/zoneinfo/right/Asia/Chongqing", "usr/share/zoneinfo/right/Asia/Chungking", "usr/share/zoneinfo/right/Asia/Colombo", "usr/share/zoneinfo/right/Asia/Dacca", "usr/share/zoneinfo/right/Asia/Damascus", "usr/share/zoneinfo/right/Asia/Dhaka", "usr/share/zoneinfo/right/Asia/Dili", "usr/share/zoneinfo/right/Asia/Dubai", "usr/share/zoneinfo/right/Asia/Dushanbe", "usr/share/zoneinfo/right/Asia/Famagusta", "usr/share/zoneinfo/right/Asia/Gaza", "usr/share/zoneinfo/right/Asia/Harbin", "usr/share/zoneinfo/right/Asia/Hebron", "usr/share/zoneinfo/right/Asia/Ho_Chi_Minh", "usr/share/zoneinfo/right/Asia/Hong_Kong", "usr/share/zoneinfo/right/Asia/Hovd", "usr/share/zoneinfo/right/Asia/Irkutsk", "usr/share/zoneinfo/right/Asia/Istanbul", "usr/share/zoneinfo/right/Asia/Jakarta", "usr/share/zoneinfo/right/Asia/Jayapura", "usr/share/zoneinfo/right/Asia/Jerusalem", "usr/share/zoneinfo/right/Asia/Kabul", "usr/share/zoneinfo/right/Asia/Kamchatka", "usr/share/zoneinfo/right/Asia/Karachi", "usr/share/zoneinfo/right/Asia/Kashgar", "usr/share/zoneinfo/right/Asia/Kathmandu", "usr/share/zoneinfo/right/Asia/Katmandu", "usr/share/zoneinfo/right/Asia/Khandyga", "usr/share/zoneinfo/right/Asia/Kolkata", "usr/share/zoneinfo/right/Asia/Krasnoyarsk", "usr/share/zoneinfo/right/Asia/Kuala_Lumpur", "usr/share/zoneinfo/right/Asia/Kuching", "usr/share/zoneinfo/right/Asia/Kuwait", "usr/share/zoneinfo/right/Asia/Macao", "usr/share/zoneinfo/right/Asia/Macau", "usr/share/zoneinfo/right/Asia/Magadan", "usr/share/zoneinfo/right/Asia/Makassar", "usr/share/zoneinfo/right/Asia/Manila", "usr/share/zoneinfo/right/Asia/Muscat", "usr/share/zoneinfo/right/Asia/Nicosia", "usr/share/zoneinfo/right/Asia/Novokuznetsk", "usr/share/zoneinfo/right/Asia/Novosibirsk", "usr/share/zoneinfo/right/Asia/Omsk", "usr/share/zoneinfo/right/Asia/Oral", "usr/share/zoneinfo/right/Asia/Phnom_Penh", "usr/share/zoneinfo/right/Asia/Pontianak", "usr/share/zoneinfo/right/Asia/Pyongyang", "usr/share/zoneinfo/right/Asia/Qatar", "usr/share/zoneinfo/right/Asia/Qostanay", "usr/share/zoneinfo/right/Asia/Qyzylorda", "usr/share/zoneinfo/right/Asia/Rangoon", "usr/share/zoneinfo/right/Asia/Riyadh", "usr/share/zoneinfo/right/Asia/Saigon", "usr/share/zoneinfo/right/Asia/Sakhalin", "usr/share/zoneinfo/right/Asia/Samarkand", "usr/share/zoneinfo/right/Asia/Seoul", "usr/share/zoneinfo/right/Asia/Shanghai", "usr/share/zoneinfo/right/Asia/Singapore", "usr/share/zoneinfo/right/Asia/Srednekolymsk", "usr/share/zoneinfo/right/Asia/Taipei", "usr/share/zoneinfo/right/Asia/Tashkent", "usr/share/zoneinfo/right/Asia/Tbilisi", "usr/share/zoneinfo/right/Asia/Tehran", "usr/share/zoneinfo/right/Asia/Tel_Aviv", "usr/share/zoneinfo/right/Asia/Thimbu", "usr/share/zoneinfo/right/Asia/Thimphu", "usr/share/zoneinfo/right/Asia/Tokyo", "usr/share/zoneinfo/right/Asia/Tomsk", "usr/share/zoneinfo/right/Asia/Ujung_Pandang", "usr/share/zoneinfo/right/Asia/Ulaanbaatar", "usr/share/zoneinfo/right/Asia/Ulan_Bator", "usr/share/zoneinfo/right/Asia/Urumqi", "usr/share/zoneinfo/right/Asia/Ust-Nera", "usr/share/zoneinfo/right/Asia/Vientiane", "usr/share/zoneinfo/right/Asia/Vladivostok", "usr/share/zoneinfo/right/Asia/Yakutsk", "usr/share/zoneinfo/right/Asia/Yangon", "usr/share/zoneinfo/right/Asia/Yekaterinburg", "usr/share/zoneinfo/right/Asia/Yerevan", "usr/share/zoneinfo/right/Atlantic/Azores", "usr/share/zoneinfo/right/Atlantic/Bermuda", "usr/share/zoneinfo/right/Atlantic/Canary", "usr/share/zoneinfo/right/Atlantic/Cape_Verde", "usr/share/zoneinfo/right/Atlantic/Faeroe", "usr/share/zoneinfo/right/Atlantic/Faroe", "usr/share/zoneinfo/right/Atlantic/Jan_Mayen", "usr/share/zoneinfo/right/Atlantic/Madeira", "usr/share/zoneinfo/right/Atlantic/Reykjavik", "usr/share/zoneinfo/right/Atlantic/South_Georgia", "usr/share/zoneinfo/right/Atlantic/St_Helena", "usr/share/zoneinfo/right/Atlantic/Stanley", "usr/share/zoneinfo/right/Australia/ACT", "usr/share/zoneinfo/right/Australia/Adelaide", "usr/share/zoneinfo/right/Australia/Brisbane", "usr/share/zoneinfo/right/Australia/Broken_Hill", "usr/share/zoneinfo/right/Australia/Canberra", "usr/share/zoneinfo/right/Australia/Currie", "usr/share/zoneinfo/right/Australia/Darwin", "usr/share/zoneinfo/right/Australia/Eucla", "usr/share/zoneinfo/right/Australia/Hobart", "usr/share/zoneinfo/right/Australia/LHI", "usr/share/zoneinfo/right/Australia/Lindeman", "usr/share/zoneinfo/right/Australia/Lord_Howe", "usr/share/zoneinfo/right/Australia/Melbourne", "usr/share/zoneinfo/right/Australia/NSW", "usr/share/zoneinfo/right/Australia/North", "usr/share/zoneinfo/right/Australia/Perth", "usr/share/zoneinfo/right/Australia/Queensland", "usr/share/zoneinfo/right/Australia/South", "usr/share/zoneinfo/right/Australia/Sydney", "usr/share/zoneinfo/right/Australia/Tasmania", "usr/share/zoneinfo/right/Australia/Victoria", "usr/share/zoneinfo/right/Australia/West", "usr/share/zoneinfo/right/Australia/Yancowinna", "usr/share/zoneinfo/right/Brazil/Acre", "usr/share/zoneinfo/right/Brazil/DeNoronha", "usr/share/zoneinfo/right/Brazil/East", "usr/share/zoneinfo/right/Brazil/West", "usr/share/zoneinfo/right/Canada/Atlantic", "usr/share/zoneinfo/right/Canada/Central", "usr/share/zoneinfo/right/Canada/Eastern", "usr/share/zoneinfo/right/Canada/Mountain", "usr/share/zoneinfo/right/Canada/Newfoundland", "usr/share/zoneinfo/right/Canada/Pacific", "usr/share/zoneinfo/right/Canada/Saskatchewan", "usr/share/zoneinfo/right/Canada/Yukon", "usr/share/zoneinfo/right/Chile/Continental", "usr/share/zoneinfo/right/Chile/EasterIsland", "usr/share/zoneinfo/right/Etc/GMT", "usr/share/zoneinfo/right/Etc/GMT+0", "usr/share/zoneinfo/right/Etc/GMT+1", "usr/share/zoneinfo/right/Etc/GMT+10", "usr/share/zoneinfo/right/Etc/GMT+11", "usr/share/zoneinfo/right/Etc/GMT+12", "usr/share/zoneinfo/right/Etc/GMT+2", "usr/share/zoneinfo/right/Etc/GMT+3", "usr/share/zoneinfo/right/Etc/GMT+4", "usr/share/zoneinfo/right/Etc/GMT+5", "usr/share/zoneinfo/right/Etc/GMT+6", "usr/share/zoneinfo/right/Etc/GMT+7", "usr/share/zoneinfo/right/Etc/GMT+8", "usr/share/zoneinfo/right/Etc/GMT+9", "usr/share/zoneinfo/right/Etc/GMT-0", "usr/share/zoneinfo/right/Etc/GMT-1", "usr/share/zoneinfo/right/Etc/GMT-10", "usr/share/zoneinfo/right/Etc/GMT-11", "usr/share/zoneinfo/right/Etc/GMT-12", "usr/share/zoneinfo/right/Etc/GMT-13", "usr/share/zoneinfo/right/Etc/GMT-14", "usr/share/zoneinfo/right/Etc/GMT-2", "usr/share/zoneinfo/right/Etc/GMT-3", "usr/share/zoneinfo/right/Etc/GMT-4", "usr/share/zoneinfo/right/Etc/GMT-5", "usr/share/zoneinfo/right/Etc/GMT-6", "usr/share/zoneinfo/right/Etc/GMT-7", "usr/share/zoneinfo/right/Etc/GMT-8", "usr/share/zoneinfo/right/Etc/GMT-9", "usr/share/zoneinfo/right/Etc/GMT0", "usr/share/zoneinfo/right/Etc/Greenwich", "usr/share/zoneinfo/right/Etc/UCT", "usr/share/zoneinfo/right/Etc/UTC", "usr/share/zoneinfo/right/Etc/Universal", "usr/share/zoneinfo/right/Etc/Zulu", "usr/share/zoneinfo/right/Europe/Amsterdam", "usr/share/zoneinfo/right/Europe/Andorra", "usr/share/zoneinfo/right/Europe/Astrakhan", "usr/share/zoneinfo/right/Europe/Athens", "usr/share/zoneinfo/right/Europe/Belfast", "usr/share/zoneinfo/right/Europe/Belgrade", "usr/share/zoneinfo/right/Europe/Berlin", "usr/share/zoneinfo/right/Europe/Bratislava", "usr/share/zoneinfo/right/Europe/Brussels", "usr/share/zoneinfo/right/Europe/Bucharest", "usr/share/zoneinfo/right/Europe/Budapest", "usr/share/zoneinfo/right/Europe/Busingen", "usr/share/zoneinfo/right/Europe/Chisinau", "usr/share/zoneinfo/right/Europe/Copenhagen", "usr/share/zoneinfo/right/Europe/Dublin", "usr/share/zoneinfo/right/Europe/Gibraltar", "usr/share/zoneinfo/right/Europe/Guernsey", "usr/share/zoneinfo/right/Europe/Helsinki", "usr/share/zoneinfo/right/Europe/Isle_of_Man", "usr/share/zoneinfo/right/Europe/Istanbul", "usr/share/zoneinfo/right/Europe/Jersey", "usr/share/zoneinfo/right/Europe/Kaliningrad", "usr/share/zoneinfo/right/Europe/Kiev", "usr/share/zoneinfo/right/Europe/Kirov", "usr/share/zoneinfo/right/Europe/Kyiv", "usr/share/zoneinfo/right/Europe/Lisbon", "usr/share/zoneinfo/right/Europe/Ljubljana", "usr/share/zoneinfo/right/Europe/London", "usr/share/zoneinfo/right/Europe/Luxembourg", "usr/share/zoneinfo/right/Europe/Madrid", "usr/share/zoneinfo/right/Europe/Malta", "usr/share/zoneinfo/right/Europe/Mariehamn", "usr/share/zoneinfo/right/Europe/Minsk", "usr/share/zoneinfo/right/Europe/Monaco", "usr/share/zoneinfo/right/Europe/Moscow", "usr/share/zoneinfo/right/Europe/Nicosia", "usr/share/zoneinfo/right/Europe/Oslo", "usr/share/zoneinfo/right/Europe/Paris", "usr/share/zoneinfo/right/Europe/Podgorica", "usr/share/zoneinfo/right/Europe/Prague", "usr/share/zoneinfo/right/Europe/Riga", "usr/share/zoneinfo/right/Europe/Rome", "usr/share/zoneinfo/right/Europe/Samara", "usr/share/zoneinfo/right/Europe/San_Marino", "usr/share/zoneinfo/right/Europe/Sarajevo", "usr/share/zoneinfo/right/Europe/Saratov", "usr/share/zoneinfo/right/Europe/Simferopol", "usr/share/zoneinfo/right/Europe/Skopje", "usr/share/zoneinfo/right/Europe/Sofia", "usr/share/zoneinfo/right/Europe/Stockholm", "usr/share/zoneinfo/right/Europe/Tallinn", "usr/share/zoneinfo/right/Europe/Tirane", "usr/share/zoneinfo/right/Europe/Tiraspol", "usr/share/zoneinfo/right/Europe/Ulyanovsk", "usr/share/zoneinfo/right/Europe/Uzhgorod", "usr/share/zoneinfo/right/Europe/Vaduz", "usr/share/zoneinfo/right/Europe/Vatican", "usr/share/zoneinfo/right/Europe/Vienna", "usr/share/zoneinfo/right/Europe/Vilnius", "usr/share/zoneinfo/right/Europe/Volgograd", "usr/share/zoneinfo/right/Europe/Warsaw", "usr/share/zoneinfo/right/Europe/Zagreb", "usr/share/zoneinfo/right/Europe/Zaporozhye", "usr/share/zoneinfo/right/Europe/Zurich", "usr/share/zoneinfo/right/Indian/Antananarivo", "usr/share/zoneinfo/right/Indian/Chagos", "usr/share/zoneinfo/right/Indian/Christmas", "usr/share/zoneinfo/right/Indian/Cocos", "usr/share/zoneinfo/right/Indian/Comoro", "usr/share/zoneinfo/right/Indian/Kerguelen", "usr/share/zoneinfo/right/Indian/Mahe", "usr/share/zoneinfo/right/Indian/Maldives", "usr/share/zoneinfo/right/Indian/Mauritius", "usr/share/zoneinfo/right/Indian/Mayotte", "usr/share/zoneinfo/right/Indian/Reunion", "usr/share/zoneinfo/right/Mexico/BajaNorte", "usr/share/zoneinfo/right/Mexico/BajaSur", "usr/share/zoneinfo/right/Mexico/General", "usr/share/zoneinfo/right/Pacific/Apia", "usr/share/zoneinfo/right/Pacific/Auckland", "usr/share/zoneinfo/right/Pacific/Bougainville", "usr/share/zoneinfo/right/Pacific/Chatham", "usr/share/zoneinfo/right/Pacific/Chuuk", "usr/share/zoneinfo/right/Pacific/Easter", "usr/share/zoneinfo/right/Pacific/Efate", "usr/share/zoneinfo/right/Pacific/Enderbury", "usr/share/zoneinfo/right/Pacific/Fakaofo", "usr/share/zoneinfo/right/Pacific/Fiji", "usr/share/zoneinfo/right/Pacific/Funafuti", "usr/share/zoneinfo/right/Pacific/Galapagos", "usr/share/zoneinfo/right/Pacific/Gambier", "usr/share/zoneinfo/right/Pacific/Guadalcanal", "usr/share/zoneinfo/right/Pacific/Guam", "usr/share/zoneinfo/right/Pacific/Honolulu", "usr/share/zoneinfo/right/Pacific/Johnston", "usr/share/zoneinfo/right/Pacific/Kanton", "usr/share/zoneinfo/right/Pacific/Kiritimati", "usr/share/zoneinfo/right/Pacific/Kosrae", "usr/share/zoneinfo/right/Pacific/Kwajalein", "usr/share/zoneinfo/right/Pacific/Majuro", "usr/share/zoneinfo/right/Pacific/Marquesas", "usr/share/zoneinfo/right/Pacific/Midway", "usr/share/zoneinfo/right/Pacific/Nauru", "usr/share/zoneinfo/right/Pacific/Niue", "usr/share/zoneinfo/right/Pacific/Norfolk", "usr/share/zoneinfo/right/Pacific/Noumea", "usr/share/zoneinfo/right/Pacific/Pago_Pago", "usr/share/zoneinfo/right/Pacific/Palau", "usr/share/zoneinfo/right/Pacific/Pitcairn", "usr/share/zoneinfo/right/Pacific/Pohnpei", "usr/share/zoneinfo/right/Pacific/Ponape", "usr/share/zoneinfo/right/Pacific/Port_Moresby", "usr/share/zoneinfo/right/Pacific/Rarotonga", "usr/share/zoneinfo/right/Pacific/Saipan", "usr/share/zoneinfo/right/Pacific/Samoa", "usr/share/zoneinfo/right/Pacific/Tahiti", "usr/share/zoneinfo/right/Pacific/Tarawa", "usr/share/zoneinfo/right/Pacific/Tongatapu", "usr/share/zoneinfo/right/Pacific/Truk", "usr/share/zoneinfo/right/Pacific/Wake", "usr/share/zoneinfo/right/Pacific/Wallis", "usr/share/zoneinfo/right/Pacific/Yap", "usr/share/zoneinfo/right/US/Alaska", "usr/share/zoneinfo/right/US/Aleutian", "usr/share/zoneinfo/right/US/Arizona", "usr/share/zoneinfo/right/US/Central", "usr/share/zoneinfo/right/US/East-Indiana", "usr/share/zoneinfo/right/US/Eastern", "usr/share/zoneinfo/right/US/Hawaii", "usr/share/zoneinfo/right/US/Indiana-Starke", "usr/share/zoneinfo/right/US/Michigan", "usr/share/zoneinfo/right/US/Mountain", "usr/share/zoneinfo/right/US/Pacific", "usr/share/zoneinfo/right/US/Samoa" ], "AnalyzedBy": "apk" }, { "ID": "zlib@1.2.13-r0", "Name": "zlib", "Identifier": { "PURL": "pkg:apk/alpine/zlib@1.2.13-r0?arch=x86_64\u0026distro=3.17.0", "UID": "1565fe2d821c716a" }, "Version": "1.2.13-r0", "Arch": "x86_64", "SrcName": "zlib", "SrcVersion": "1.2.13-r0", "Licenses": [ "Zlib" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.3-r4" ], "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "Digest": "sha1:ae39d74f4d65d4f0315e1794c5ee0e95d979ac59", "InstalledFiles": [ "lib/libz.so.1", "lib/libz.so.1.2.13" ], "AnalyzedBy": "apk" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2023-42363", "PkgID": "busybox@1.35.0-r29", "PkgName": "busybox", "PkgIdentifier": { "PURL": "pkg:apk/alpine/busybox@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", "UID": "63663e79f1d78cba" }, "InstalledVersion": "1.35.0-r29", "FixedVersion": "1.35.0-r31", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-42363", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:137ff178bcd2a5f630515ace41391dd6d5b151ca921dae7ec3506afd1adf7e79", "Title": "busybox: use-after-free in awk", "Description": "A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://lists.busybox.net/pipermail/busybox/2024-May/090760.html", "https://access.redhat.com/security/cve/CVE-2023-42363", "https://bugs.busybox.net/show_bug.cgi?id=15865", "https://nvd.nist.gov/vuln/detail/CVE-2023-42363", "https://ubuntu.com/security/notices/USN-6961-1", "https://www.cve.org/CVERecord?id=CVE-2023-42363" ], "PublishedDate": "2023-11-27T22:15:07.94Z", "LastModifiedDate": "2024-11-21T08:22:28.403Z" }, { "VulnerabilityID": "CVE-2023-42364", "PkgID": "busybox@1.35.0-r29", "PkgName": "busybox", "PkgIdentifier": { "PURL": "pkg:apk/alpine/busybox@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", "UID": "63663e79f1d78cba" }, "InstalledVersion": "1.35.0-r29", "FixedVersion": "1.35.0-r31", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-42364", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:8272d84f0a7c05ee5438d6438476f9ef1fffea0c127124f904ed427481a15b7a", "Title": "busybox: use-after-free", "Description": "A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://lists.busybox.net/pipermail/busybox/2024-May/090762.html", "https://access.redhat.com/security/cve/CVE-2023-42364", "https://bugs.busybox.net/show_bug.cgi?id=15868", "https://gitlab.alpinelinux.org/alpine/aports/-/blob/master/main/busybox/CVE-2023-42364-CVE-2023-42365.patch", "https://lists.debian.org/debian-lts-announce/2025/01/msg00012.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-42364", "https://ubuntu.com/security/notices/USN-6961-1", "https://www.cve.org/CVERecord?id=CVE-2023-42364" ], "PublishedDate": "2023-11-27T23:15:07.313Z", "LastModifiedDate": "2025-11-03T21:16:01.17Z" }, { "VulnerabilityID": "CVE-2023-42365", "PkgID": "busybox@1.35.0-r29", "PkgName": "busybox", "PkgIdentifier": { "PURL": "pkg:apk/alpine/busybox@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", "UID": "63663e79f1d78cba" }, "InstalledVersion": "1.35.0-r29", "FixedVersion": "1.35.0-r31", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-42365", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:6e6b6e251633451cf3c4bec7399fc2ebe4aa68865b7e36913f394dfac29a1dfa", "Title": "busybox: use-after-free", "Description": "A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://lists.busybox.net/pipermail/busybox/2024-May/090762.html", "https://access.redhat.com/security/cve/CVE-2023-42365", "https://bugs.busybox.net/show_bug.cgi?id=15871", "https://gitlab.alpinelinux.org/alpine/aports/-/blob/master/main/busybox/CVE-2023-42364-CVE-2023-42365.patch", "https://lists.debian.org/debian-lts-announce/2025/01/msg00012.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-42365", "https://ubuntu.com/security/notices/USN-6961-1", "https://www.cve.org/CVERecord?id=CVE-2023-42365" ], "PublishedDate": "2023-11-27T23:15:07.373Z", "LastModifiedDate": "2025-11-03T21:16:01.393Z" }, { "VulnerabilityID": "CVE-2023-42366", "PkgID": "busybox@1.35.0-r29", "PkgName": "busybox", "PkgIdentifier": { "PURL": "pkg:apk/alpine/busybox@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", "UID": "63663e79f1d78cba" }, "InstalledVersion": "1.35.0-r29", "FixedVersion": "1.35.0-r30", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-42366", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:615b398e19029f654d228e19075090fe1efa506523ff7e670b4c19241f4ffee7", "Title": "busybox: A heap-buffer-overflow", "Description": "A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-42366", "https://bugs.busybox.net/show_bug.cgi?id=15874", "https://nvd.nist.gov/vuln/detail/CVE-2023-42366", "https://security.netapp.com/advisory/ntap-20241206-0007/", "https://www.cve.org/CVERecord?id=CVE-2023-42366" ], "PublishedDate": "2023-11-27T23:15:07.42Z", "LastModifiedDate": "2024-12-06T14:15:19.53Z" }, { "VulnerabilityID": "CVE-2023-42363", "PkgID": "busybox-binsh@1.35.0-r29", "PkgName": "busybox-binsh", "PkgIdentifier": { "PURL": "pkg:apk/alpine/busybox-binsh@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", "UID": "45c394fb49457fb2" }, "InstalledVersion": "1.35.0-r29", "FixedVersion": "1.35.0-r31", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-42363", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:621c482752dd822e488913d85fdfa0d31232e9844cc1aa4e0fb4fa181a6e7a7c", "Title": "busybox: use-after-free in awk", "Description": "A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://lists.busybox.net/pipermail/busybox/2024-May/090760.html", "https://access.redhat.com/security/cve/CVE-2023-42363", "https://bugs.busybox.net/show_bug.cgi?id=15865", "https://nvd.nist.gov/vuln/detail/CVE-2023-42363", "https://ubuntu.com/security/notices/USN-6961-1", "https://www.cve.org/CVERecord?id=CVE-2023-42363" ], "PublishedDate": "2023-11-27T22:15:07.94Z", "LastModifiedDate": "2024-11-21T08:22:28.403Z" }, { "VulnerabilityID": "CVE-2023-42364", "PkgID": "busybox-binsh@1.35.0-r29", "PkgName": "busybox-binsh", "PkgIdentifier": { "PURL": "pkg:apk/alpine/busybox-binsh@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", "UID": "45c394fb49457fb2" }, "InstalledVersion": "1.35.0-r29", "FixedVersion": "1.35.0-r31", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-42364", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:e9567f7f6523fd07f41456a306af9c7e75ff299072c654439daaaddd0ba56c6c", "Title": "busybox: use-after-free", "Description": "A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://lists.busybox.net/pipermail/busybox/2024-May/090762.html", "https://access.redhat.com/security/cve/CVE-2023-42364", "https://bugs.busybox.net/show_bug.cgi?id=15868", "https://gitlab.alpinelinux.org/alpine/aports/-/blob/master/main/busybox/CVE-2023-42364-CVE-2023-42365.patch", "https://lists.debian.org/debian-lts-announce/2025/01/msg00012.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-42364", "https://ubuntu.com/security/notices/USN-6961-1", "https://www.cve.org/CVERecord?id=CVE-2023-42364" ], "PublishedDate": "2023-11-27T23:15:07.313Z", "LastModifiedDate": "2025-11-03T21:16:01.17Z" }, { "VulnerabilityID": "CVE-2023-42365", "PkgID": "busybox-binsh@1.35.0-r29", "PkgName": "busybox-binsh", "PkgIdentifier": { "PURL": "pkg:apk/alpine/busybox-binsh@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", "UID": "45c394fb49457fb2" }, "InstalledVersion": "1.35.0-r29", "FixedVersion": "1.35.0-r31", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-42365", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:518febeb07948d101e7eab1f39815bbd020325a1bdebb8a8425cbe554a0acbf6", "Title": "busybox: use-after-free", "Description": "A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://lists.busybox.net/pipermail/busybox/2024-May/090762.html", "https://access.redhat.com/security/cve/CVE-2023-42365", "https://bugs.busybox.net/show_bug.cgi?id=15871", "https://gitlab.alpinelinux.org/alpine/aports/-/blob/master/main/busybox/CVE-2023-42364-CVE-2023-42365.patch", "https://lists.debian.org/debian-lts-announce/2025/01/msg00012.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-42365", "https://ubuntu.com/security/notices/USN-6961-1", "https://www.cve.org/CVERecord?id=CVE-2023-42365" ], "PublishedDate": "2023-11-27T23:15:07.373Z", "LastModifiedDate": "2025-11-03T21:16:01.393Z" }, { "VulnerabilityID": "CVE-2023-42366", "PkgID": "busybox-binsh@1.35.0-r29", "PkgName": "busybox-binsh", "PkgIdentifier": { "PURL": "pkg:apk/alpine/busybox-binsh@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", "UID": "45c394fb49457fb2" }, "InstalledVersion": "1.35.0-r29", "FixedVersion": "1.35.0-r30", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-42366", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:a0a53bc355c04705000f4ad707170d27723b21d02330c8b5860d3074b27c4734", "Title": "busybox: A heap-buffer-overflow", "Description": "A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-42366", "https://bugs.busybox.net/show_bug.cgi?id=15874", "https://nvd.nist.gov/vuln/detail/CVE-2023-42366", "https://security.netapp.com/advisory/ntap-20241206-0007/", "https://www.cve.org/CVERecord?id=CVE-2023-42366" ], "PublishedDate": "2023-11-27T23:15:07.42Z", "LastModifiedDate": "2024-12-06T14:15:19.53Z" }, { "VulnerabilityID": "CVE-2022-3996", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.7-r2", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3996", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:10bde7a1066ae65c13325d797715658d43c9f868a802880d876d644b7160e480", "Title": "openssl: double locking leads to denial of service", "Description": "If an X.509 certificate contains a malformed policy constraint and\npolicy processing is enabled, then a write lock will be taken twice\nrecursively. On some operating systems (most widely: Windows) this\nresults in a denial of service when the affected process hangs. Policy\nprocessing being enabled on a publicly facing server is not considered\nto be a common setup.\n\nPolicy processing is enabled by passing the `-policy'\nargument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.\n\nUpdate (31 March 2023): The description of the policy processing enablement\nwas corrected based on CVE-2023-0466.", "Severity": "HIGH", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "amazon": 1, "azure": 3, "ghsa": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "V3Score": 7.5, "V40Score": 8.7 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-3996", "https://github.com/alexcrichton/openssl-src-rs", "https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7", "https://nvd.nist.gov/vuln/detail/CVE-2022-3996", "https://security.netapp.com/advisory/ntap-20230203-0003/", "https://ubuntu.com/security/notices/USN-6039-1", "https://www.cve.org/CVERecord?id=CVE-2022-3996", "https://www.openssl.org/news/secadv/20221213.txt" ], "PublishedDate": "2022-12-13T16:15:22.007Z", "LastModifiedDate": "2024-11-21T07:20:42.003Z" }, { "VulnerabilityID": "CVE-2022-4450", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.8-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-4450", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:32dc6959f898bb8912fa49d39bcc14d55cd7086f7a15c96e96bc4b2e1d9a330c", "Title": "openssl: double free after calling PEM_read_bio_ex", "Description": "The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and\ndecodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data.\nIf the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are\npopulated with pointers to buffers containing the relevant decoded data. The\ncaller is responsible for freeing those buffers. It is possible to construct a\nPEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex()\nwill return a failure code but will populate the header argument with a pointer\nto a buffer that has already been freed. If the caller also frees this buffer\nthen a double free will occur. This will most likely lead to a crash. This\ncould be exploited by an attacker who has the ability to supply malicious PEM\nfiles for parsing to achieve a denial of service attack.\n\nThe functions PEM_read_bio() and PEM_read() are simple wrappers around\nPEM_read_bio_ex() and therefore these functions are also directly affected.\n\nThese functions are also called indirectly by a number of other OpenSSL\nfunctions including PEM_X509_INFO_read_bio_ex() and\nSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal\nuses of these functions are not vulnerable because the caller does not free the\nheader argument if PEM_read_bio_ex() returns a failure code. These locations\ninclude the PEM_read_bio_TYPE() functions as well as the decoders introduced in\nOpenSSL 3.0.\n\nThe OpenSSL asn1parse command line application is also impacted by this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-415" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "ghsa": 3, "julia": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:2165", "https://access.redhat.com/security/cve/CVE-2022-4450", "https://bugzilla.redhat.com/1960321", "https://bugzilla.redhat.com/2164440", "https://bugzilla.redhat.com/2164487", "https://bugzilla.redhat.com/2164492", "https://bugzilla.redhat.com/2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", "https://errata.almalinux.org/9/ALSA-2023-2165.html", "https://errata.rockylinux.org/RLSA-2023:0946", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=63bcf189be73a9cc1264059bed6f57974be74a83", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bbcf509bd046b34cca19c766bbddc31683d0858b", "https://github.com/advisories/GHSA-v5w6-wcm8-jm4q", "https://linux.oracle.com/cve/CVE-2022-4450.html", "https://linux.oracle.com/errata/ELSA-2023-32791.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-4450", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", "https://rustsec.org/advisories/RUSTSEC-2023-0010.html", "https://security.gentoo.org/glsa/202402-08", "https://ubuntu.com/security/notices/USN-5844-1", "https://ubuntu.com/security/notices/USN-6564-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2022-4450", "https://www.openssl.org/news/secadv/20230207.txt" ], "PublishedDate": "2023-02-08T20:15:23.973Z", "LastModifiedDate": "2025-11-04T20:16:15.06Z" }, { "VulnerabilityID": "CVE-2023-0215", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.8-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0215", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:dbaea0fdb8bc24a428a0992102d2ac296edbbdaea86cdc9a6ec3fb3a073c5cd5", "Title": "openssl: use-after-free following BIO_new_NDEF", "Description": "The public API function BIO_new_NDEF is a helper function used for streaming\nASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the\nSMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by\nend user applications.\n\nThe function receives a BIO from the caller, prepends a new BIO_f_asn1 filter\nBIO onto the front of it to form a BIO chain, and then returns the new head of\nthe BIO chain to the caller. Under certain conditions, for example if a CMS\nrecipient public key is invalid, the new filter BIO is freed and the function\nreturns a NULL result indicating a failure. However, in this case, the BIO chain\nis not properly cleaned up and the BIO passed by the caller still retains\ninternal pointers to the previously freed filter BIO. If the caller then goes on\nto call BIO_pop() on the BIO then a use-after-free will occur. This will most\nlikely result in a crash.\n\n\n\nThis scenario occurs directly in the internal function B64_write_ASN1() which\nmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on\nthe BIO. This internal function is in turn called by the public API functions\nPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream,\nSMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.\n\nOther public API functions that may be impacted by this include\ni2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and\ni2d_PKCS7_bio_stream.\n\nThe OpenSSL cms and smime command line applications are similarly affected.", "Severity": "HIGH", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "ghsa": 3, "julia": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:2165", "https://access.redhat.com/security/cve/CVE-2023-0215", "https://bugzilla.redhat.com/1960321", "https://bugzilla.redhat.com/2164440", "https://bugzilla.redhat.com/2164487", "https://bugzilla.redhat.com/2164492", "https://bugzilla.redhat.com/2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", "https://errata.almalinux.org/9/ALSA-2023-2165.html", "https://errata.rockylinux.org/RLSA-2023:0946", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344", "https://github.com/advisories/GHSA-r7jw-wp68-3xch", "https://linux.oracle.com/cve/CVE-2023-0215.html", "https://linux.oracle.com/errata/ELSA-2023-32791.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-0215", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", "https://rustsec.org/advisories/RUSTSEC-2023-0009.html", "https://security.gentoo.org/glsa/202402-08", "https://security.netapp.com/advisory/ntap-20230427-0007", "https://security.netapp.com/advisory/ntap-20230427-0007/", "https://security.netapp.com/advisory/ntap-20230427-0009", "https://security.netapp.com/advisory/ntap-20230427-0009/", "https://security.netapp.com/advisory/ntap-20240621-0006", "https://security.netapp.com/advisory/ntap-20240621-0006/", "https://ubuntu.com/security/notices/USN-5844-1", "https://ubuntu.com/security/notices/USN-5845-1", "https://ubuntu.com/security/notices/USN-5845-2", "https://ubuntu.com/security/notices/USN-6564-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2023-0215", "https://www.openssl.org/news/secadv/20230207.txt" ], "PublishedDate": "2023-02-08T20:15:24.107Z", "LastModifiedDate": "2025-11-04T20:16:15.847Z" }, { "VulnerabilityID": "CVE-2023-0216", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.8-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0216", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:ef5596e04d3268f7337138ce58c66f9e4fb4e62ac2967404bc99af6bcb0b18c7", "Title": "openssl: invalid pointer dereference in d2i_PKCS7 functions", "Description": "An invalid pointer dereference on read can be triggered when an\napplication tries to load malformed PKCS7 data with the\nd2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.\n\nThe result of the dereference is an application crash which could\nlead to a denial of service attack. The TLS implementation in OpenSSL\ndoes not call this function however third party applications might\ncall these functions on untrusted data.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 2, "amazon": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:0946", "https://access.redhat.com/security/cve/CVE-2023-0216", "https://bugzilla.redhat.com/2164440", "https://bugzilla.redhat.com/2164487", "https://bugzilla.redhat.com/2164488", "https://bugzilla.redhat.com/2164492", "https://bugzilla.redhat.com/2164494", "https://bugzilla.redhat.com/2164497", "https://bugzilla.redhat.com/2164499", "https://bugzilla.redhat.com/2164500", "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", "https://errata.almalinux.org/9/ALSA-2023-0946.html", "https://errata.rockylinux.org/RLSA-2023:0946", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=934a04f0e775309cadbef0aa6b9692e1b12a76c6", "https://linux.oracle.com/cve/CVE-2023-0216.html", "https://linux.oracle.com/errata/ELSA-2023-12152.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-0216", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", "https://rustsec.org/advisories/RUSTSEC-2023-0011.html", "https://security.gentoo.org/glsa/202402-08", "https://ubuntu.com/security/notices/USN-5844-1", "https://www.cve.org/CVERecord?id=CVE-2023-0216", "https://www.openssl.org/news/secadv/20230207.txt" ], "PublishedDate": "2023-02-08T20:15:24.16Z", "LastModifiedDate": "2025-11-04T20:16:16.043Z" }, { "VulnerabilityID": "CVE-2023-0217", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.8-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0217", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:4741c0cfae27a4879a2121c808f1a4da126ddfd33c6fb7eb27365fa6c6a4fb18", "Title": "openssl: NULL dereference validating DSA public key", "Description": "An invalid pointer dereference on read can be triggered when an\napplication tries to check a malformed DSA public key by the\nEVP_PKEY_public_check() function. This will most likely lead\nto an application crash. This function can be called on public\nkeys supplied from untrusted sources which could allow an attacker\nto cause a denial of service attack.\n\nThe TLS implementation in OpenSSL does not call this function\nbut applications might call the function if there are additional\nsecurity requirements imposed by standards such as FIPS 140-3.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 2, "amazon": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:0946", "https://access.redhat.com/security/cve/CVE-2023-0217", "https://bugzilla.redhat.com/2164440", "https://bugzilla.redhat.com/2164487", "https://bugzilla.redhat.com/2164488", "https://bugzilla.redhat.com/2164492", "https://bugzilla.redhat.com/2164494", "https://bugzilla.redhat.com/2164497", "https://bugzilla.redhat.com/2164499", "https://bugzilla.redhat.com/2164500", "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", "https://errata.almalinux.org/9/ALSA-2023-0946.html", "https://errata.rockylinux.org/RLSA-2023:0946", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=23985bac83fd50c8e29431009302b5442f985096", "https://linux.oracle.com/cve/CVE-2023-0217.html", "https://linux.oracle.com/errata/ELSA-2023-12152.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-0217", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", "https://rustsec.org/advisories/RUSTSEC-2023-0012.html", "https://security.gentoo.org/glsa/202402-08", "https://ubuntu.com/security/notices/USN-5844-1", "https://www.cve.org/CVERecord?id=CVE-2023-0217", "https://www.openssl.org/news/secadv/20230207.txt" ], "PublishedDate": "2023-02-08T20:15:24.213Z", "LastModifiedDate": "2025-11-04T20:16:16.197Z" }, { "VulnerabilityID": "CVE-2023-0286", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.8-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0286", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:63acd88afaf3250a4b590fe0de36a69111fcaaa2113d4612158897a93a8ffd46", "Title": "openssl: X.400 address type confusion in X.509 GeneralName", "Description": "There is a type confusion vulnerability relating to X.400 address processing\ninside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but\nthe public structure definition for GENERAL_NAME incorrectly specified the type\nof the x400Address field as ASN1_TYPE. This field is subsequently interpreted by\nthe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an\nASN1_STRING.\n\nWhen CRL checking is enabled (i.e. the application sets the\nX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass\narbitrary pointers to a memcmp call, enabling them to read memory contents or\nenact a denial of service. In most cases, the attack requires the attacker to\nprovide both the certificate chain and CRL, neither of which need to have a\nvalid signature. If the attacker only controls one of these inputs, the other\ninput must already contain an X.400 address as a CRL distribution point, which\nis uncommon. As such, this vulnerability is most likely to only affect\napplications which have implemented their own functionality for retrieving CRLs\nover a network.", "Severity": "HIGH", "CweIDs": [ "CWE-843" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "ghsa": 3, "julia": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.4 }, "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.4 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:7937", "https://access.redhat.com/security/cve/CVE-2023-0286", "https://access.redhat.com/security/cve/cve-2023-0286", "https://bugzilla.redhat.com/2164440", "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", "https://errata.almalinux.org/9/ALSA-2025-7937.html", "https://errata.rockylinux.org/RLSA-2023:0946", "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt", "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d", "https://github.com/advisories/GHSA-x4qr-2fvf-3mr5", "https://github.com/pyca/cryptography", "https://github.com/pyca/cryptography/security/advisories/GHSA-x4qr-2fvf-3mr5", "https://linux.oracle.com/cve/CVE-2023-0286.html", "https://linux.oracle.com/errata/ELSA-2025-7937.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-0286", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", "https://rustsec.org/advisories/RUSTSEC-2023-0006.html", "https://security.gentoo.org/glsa/202402-08", "https://ubuntu.com/security/notices/USN-5844-1", "https://ubuntu.com/security/notices/USN-5845-1", "https://ubuntu.com/security/notices/USN-5845-2", "https://ubuntu.com/security/notices/USN-6564-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2023-0286", "https://www.openssl.org/news/secadv/20230207.txt" ], "PublishedDate": "2023-02-08T20:15:24.267Z", "LastModifiedDate": "2025-11-04T20:16:16.35Z" }, { "VulnerabilityID": "CVE-2023-0401", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.8-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0401", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:56fa68c9fd45445e81ce51bda360c61574bcdc9b4086dea9a32dc8e88028e086", "Title": "openssl: NULL dereference during PKCS7 data verification", "Description": "A NULL pointer can be dereferenced when signatures are being\nverified on PKCS7 signed or signedAndEnveloped data. In case the hash\nalgorithm used for the signature is known to the OpenSSL library but\nthe implementation of the hash algorithm is not available the digest\ninitialization will fail. There is a missing check for the return\nvalue from the initialization function which later leads to invalid\nusage of the digest API most likely leading to a crash.\n\nThe unavailability of an algorithm can be caused by using FIPS\nenabled configuration of providers or more commonly by not loading\nthe legacy provider.\n\nPKCS7 data is processed by the SMIME library calls and also by the\ntime stamp (TS) library calls. The TLS implementation in OpenSSL does\nnot call these functions however third party applications would be\naffected if they call these functions to verify signatures on untrusted\ndata.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 2, "amazon": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:0946", "https://access.redhat.com/security/cve/CVE-2023-0401", "https://bugzilla.redhat.com/2164440", "https://bugzilla.redhat.com/2164487", "https://bugzilla.redhat.com/2164488", "https://bugzilla.redhat.com/2164492", "https://bugzilla.redhat.com/2164494", "https://bugzilla.redhat.com/2164497", "https://bugzilla.redhat.com/2164499", "https://bugzilla.redhat.com/2164500", "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", "https://errata.almalinux.org/9/ALSA-2023-0946.html", "https://errata.rockylinux.org/RLSA-2023:0946", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d3b6dfd70db844c4499bec6ad6601623a565e674", "https://github.com/alexcrichton/openssl-src-rs", "https://linux.oracle.com/cve/CVE-2023-0401.html", "https://linux.oracle.com/errata/ELSA-2023-12152.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-0401", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", "https://rustsec.org/advisories/RUSTSEC-2023-0013.html", "https://security.gentoo.org/glsa/202402-08", "https://ubuntu.com/security/notices/USN-5844-1", "https://ubuntu.com/security/notices/USN-6564-1", "https://www.cve.org/CVERecord?id=CVE-2023-0401", "https://www.openssl.org/news/secadv/20230207.txt" ], "PublishedDate": "2023-02-08T20:15:24.323Z", "LastModifiedDate": "2025-11-04T20:16:16.527Z" }, { "VulnerabilityID": "CVE-2023-0464", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.8-r1", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0464", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:461bb3b307b4fe4b13cc129d5b6e7fc198da87a4ac6fedfef9eba6814b577d84", "Title": "openssl: Denial of service by excessive resource usage in verifying X509 policy constraints", "Description": "A security vulnerability has been identified in all supported versions\n\nof OpenSSL related to the verification of X.509 certificate chains\nthat include policy constraints. Attackers may be able to exploit this\nvulnerability by creating a malicious certificate chain that triggers\nexponential use of computational resources, leading to a denial-of-service\n(DoS) attack on affected systems.\n\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy' argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "cbl-mariner": 3, "julia": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:3722", "https://access.redhat.com/security/cve/CVE-2023-0464", "https://bugzilla.redhat.com/2181082", "https://bugzilla.redhat.com/2182561", "https://bugzilla.redhat.com/2182565", "https://bugzilla.redhat.com/2188461", "https://bugzilla.redhat.com/2207947", "https://errata.almalinux.org/9/ALSA-2023-3722.html", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642e", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1", "https://github.com/advisories/GHSA-w2w6-xp88-5cvw", "https://linux.oracle.com/cve/CVE-2023-0464.html", "https://linux.oracle.com/errata/ELSA-2023-3722.html", "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-0464", "https://security.gentoo.org/glsa/202402-08", "https://security.netapp.com/advisory/ntap-20230406-0006", "https://security.netapp.com/advisory/ntap-20230406-0006/", "https://security.netapp.com/advisory/ntap-20240621-0006", "https://security.netapp.com/advisory/ntap-20240621-0006/", "https://ubuntu.com/security/notices/USN-6039-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.couchbase.com/alerts", "https://www.couchbase.com/alerts/", "https://www.cve.org/CVERecord?id=CVE-2023-0464", "https://www.debian.org/security/2023/dsa-5417", "https://www.openssl.org/news/secadv/20230322.txt" ], "PublishedDate": "2023-03-22T17:15:13.13Z", "LastModifiedDate": "2025-05-05T16:15:26.103Z" }, { "VulnerabilityID": "CVE-2023-5363", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.12-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-5363", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:4eea907804afa4d9f649cb6df8442f44e541df9005e291a0a801cd2d19cdab9e", "Title": "openssl: Incorrect cipher key and IV length processing", "Description": "Issue summary: A bug has been identified in the processing of key and\ninitialisation vector (IV) lengths. This can lead to potential truncation\nor overruns during the initialisation of some symmetric ciphers.\n\nImpact summary: A truncation in the IV can result in non-uniqueness,\nwhich could result in loss of confidentiality for some cipher modes.\n\nWhen calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or\nEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after\nthe key and IV have been established. Any alterations to the key length,\nvia the \"keylen\" parameter or the IV length, via the \"ivlen\" parameter,\nwithin the OSSL_PARAM array will not take effect as intended, potentially\ncausing truncation or overreading of these values. The following ciphers\nand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.\n\nFor the CCM, GCM and OCB cipher modes, truncation of the IV can result in\nloss of confidentiality. For example, when following NIST's SP 800-38D\nsection 8.2.1 guidance for constructing a deterministic IV for AES in\nGCM mode, truncation of the counter portion could lead to IV reuse.\n\nBoth truncations and overruns of the key and overruns of the IV will\nproduce incorrect results and could, in some cases, trigger a memory\nexception. However, these issues are not currently assessed as security\ncritical.\n\nChanging the key and/or IV lengths is not considered to be a common operation\nand the vulnerable API was recently introduced. Furthermore it is likely that\napplication developers will have spotted this problem during testing since\ndecryption would fail unless both peers in the communication were similarly\nvulnerable. For these reasons we expect the probability of an application being\nvulnerable to this to be quite low. However if an application is vulnerable then\nthis issue is considered very serious. For these reasons we have assessed this\nissue as Moderate severity overall.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because\nthe issue lies outside of the FIPS provider boundary.\n\nOpenSSL 3.1 and 3.0 are vulnerable to this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-684" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "cbl-mariner": 3, "julia": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/10/24/1", "https://access.redhat.com/errata/RHSA-2024:0310", "https://access.redhat.com/security/cve/CVE-2023-5363", "https://bugzilla.redhat.com/2243839", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-093430.html", "https://cert-portal.siemens.com/productcert/html/ssa-277137.html", "https://cert-portal.siemens.com/productcert/html/ssa-331112.html", "https://cert-portal.siemens.com/productcert/html/ssa-769027.html", "https://errata.almalinux.org/9/ALSA-2024-0310.html", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee", "https://github.com/advisories/GHSA-xw78-pcr6-wrg8", "https://linux.oracle.com/cve/CVE-2023-5363.html", "https://linux.oracle.com/errata/ELSA-2024-12093.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-5363", "https://security.netapp.com/advisory/ntap-20231027-0010", "https://security.netapp.com/advisory/ntap-20231027-0010/", "https://security.netapp.com/advisory/ntap-20240201-0003", "https://security.netapp.com/advisory/ntap-20240201-0003/", "https://security.netapp.com/advisory/ntap-20240201-0004", "https://security.netapp.com/advisory/ntap-20240201-0004/", "https://security.netapp.com/advisory/ntap-20241108-0002", "https://security.netapp.com/advisory/ntap-20241108-0002/", "https://ubuntu.com/security/notices/USN-6450-1", "https://www.cve.org/CVERecord?id=CVE-2023-5363", "https://www.debian.org/security/2023/dsa-5532", "https://www.openssl.org/news/secadv/20231024.txt" ], "PublishedDate": "2023-10-25T18:17:43.613Z", "LastModifiedDate": "2026-05-12T11:16:16.87Z" }, { "VulnerabilityID": "CVE-2024-6119", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.15-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-6119", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:7c7cb5a5bd99bb0252b7ac1adf6ff05b0eb395a346aedc843535dc725a52f520", "Title": "openssl: Possible denial of service in X.509 name checks", "Description": "Issue summary: Applications performing certificate name checks (e.g., TLS\nclients checking server certificates) may attempt to read an invalid memory\naddress resulting in abnormal termination of the application process.\n\nImpact summary: Abnormal termination of an application can a cause a denial of\nservice.\n\nApplications performing certificate name checks (e.g., TLS clients checking\nserver certificates) may attempt to read an invalid memory address when\ncomparing the expected name with an `otherName` subject alternative name of an\nX.509 certificate. This may result in an exception that terminates the\napplication program.\n\nNote that basic certificate chain validation (signatures, dates, ...) is not\naffected, the denial of service can occur only when the application also\nspecifies an expected DNS name, Email address or IP address.\n\nTLS servers rarely solicit client certificates, and even when they do, they\ngenerally don't perform a name check against a reference identifier (expected\nidentity), but rather extract the presented identity after checking the\ncertificate chain. So TLS servers are generally not affected and the severity\nof the issue is Moderate.\n\nThe FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-843" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "cbl-mariner": 3, "julia": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/09/03/4", "https://access.redhat.com/errata/RHSA-2024:8935", "https://access.redhat.com/security/cve/CVE-2024-6119", "https://bugzilla.redhat.com/2306158", "https://bugzilla.redhat.com/show_bug.cgi?id=2306158", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-613116.html", "https://cert-portal.siemens.com/productcert/html/ssa-769027.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6119", "https://errata.almalinux.org/9/ALSA-2024-8935.html", "https://errata.rockylinux.org/RLSA-2024:6783", "https://github.com/advisories/GHSA-7m4m-pwhv-49c5", "https://github.com/openssl/openssl/commit/05f360d9e849a1b277db628f1f13083a7f8dd04f", "https://github.com/openssl/openssl/commit/06d1dc3fa96a2ba5a3e22735a033012aadc9f0d6", "https://github.com/openssl/openssl/commit/621f3729831b05ee828a3203eddb621d014ff2b2", "https://github.com/openssl/openssl/commit/7dfcee2cd2a63b2c64b9b4b0850be64cb695b0a0", "https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj", "https://linux.oracle.com/cve/CVE-2024-6119.html", "https://linux.oracle.com/errata/ELSA-2024-8935.html", "https://lists.freebsd.org/archives/freebsd-security/2024-September/000303.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-6119", "https://openssl-library.org/news/secadv/20240903.txt", "https://security.netapp.com/advisory/ntap-20240912-0001", "https://security.netapp.com/advisory/ntap-20240912-0001/", "https://ubuntu.com/security/notices/USN-6986-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2024-6119" ], "PublishedDate": "2024-09-03T16:15:07.177Z", "LastModifiedDate": "2026-05-12T12:17:20.647Z" }, { "VulnerabilityID": "CVE-2025-15467", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.19-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15467", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:811819248bd346b7ded1a9b5ac45e6387f5c121b361753c2ef71137978209848", "Title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing", "Description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 4, "julia": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 8.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/27/10", "http://www.openwall.com/lists/oss-security/2026/02/25/6", "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-15467", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-wvhq-3h88-rf6g", "https://github.com/guiimoraes/CVE-2025-15467", "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://linux.oracle.com/cve/CVE-2025-15467.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://www.cve.org/CVERecord?id=CVE-2025-15467" ], "PublishedDate": "2026-01-27T16:16:14.257Z", "LastModifiedDate": "2026-05-07T18:12:43.253Z" }, { "VulnerabilityID": "CVE-2025-69421", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.19-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69421", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:159afc701f235571ca34aa246d99c2c21c107a8dafd550271fb912fc3b9edc44", "Title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing", "Description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "cbl-mariner": 2, "julia": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 1, "rocky": 3, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-69421", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-w9rv-xc8m-cmqp", "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://linux.oracle.com/cve/CVE-2025-69421.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69421" ], "PublishedDate": "2026-01-27T16:16:34.437Z", "LastModifiedDate": "2026-05-12T13:17:26.71Z" }, { "VulnerabilityID": "CVE-2022-4203", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.8-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-4203", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:c2349b4b1cc2cc0d30beb853657b2562e04ec1385e49a4a79c45fae836f1fd7a", "Title": "openssl: read buffer overflow in X.509 certificate verification", "Description": "A read buffer overrun can be triggered in X.509 certificate verification,\nspecifically in name constraint checking. Note that this occurs\nafter certificate chain signature verification and requires either a\nCA to have signed the malicious certificate or for the application to\ncontinue certificate verification despite failure to construct a path\nto a trusted issuer.\n\nThe read buffer overrun might result in a crash which could lead to\na denial of service attack. In theory it could also result in the disclosure\nof private memory contents (such as private keys, or sensitive plaintext)\nalthough we are not aware of any working exploit leading to memory\ncontents disclosure as of the time of release of this advisory.\n\nIn a TLS client, this can be triggered by connecting to a malicious\nserver. In a TLS server, this can be triggered if the server requests\nclient authentication and a malicious client connects.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "alma": 2, "amazon": 3, "ghsa": 4, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "V3Score": 9.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:0946", "https://access.redhat.com/security/cve/CVE-2022-4203", "https://bugzilla.redhat.com/2164440", "https://bugzilla.redhat.com/2164487", "https://bugzilla.redhat.com/2164488", "https://bugzilla.redhat.com/2164492", "https://bugzilla.redhat.com/2164494", "https://bugzilla.redhat.com/2164497", "https://bugzilla.redhat.com/2164499", "https://bugzilla.redhat.com/2164500", "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", "https://errata.almalinux.org/9/ALSA-2023-0946.html", "https://errata.rockylinux.org/RLSA-2023:0946", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c927a3492698c254637da836762f9b1f86cffabc", "https://linux.oracle.com/cve/CVE-2022-4203.html", "https://linux.oracle.com/errata/ELSA-2023-12152.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-4203", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", "https://rustsec.org/advisories/RUSTSEC-2023-0008.html", "https://security.gentoo.org/glsa/202402-08", "https://ubuntu.com/security/notices/USN-5844-1", "https://www.cve.org/CVERecord?id=CVE-2022-4203", "https://www.openssl.org/news/secadv/20230207.txt" ], "PublishedDate": "2023-02-24T15:15:11.98Z", "LastModifiedDate": "2025-11-04T20:16:14.693Z" }, { "VulnerabilityID": "CVE-2022-4304", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.8-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-4304", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:ca5c10e709a2da5196d6026efaeedc3e39a676f7b7136f2d2092435142a7f921", "Title": "openssl: timing attack in RSA Decryption implementation", "Description": "A timing based side channel exists in the OpenSSL RSA Decryption implementation\nwhich could be sufficient to recover a plaintext across a network in a\nBleichenbacher style attack. To achieve a successful decryption an attacker\nwould have to be able to send a very large number of trial messages for\ndecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,\nRSA-OEAP and RSASVE.\n\nFor example, in a TLS connection, RSA is commonly used by a client to send an\nencrypted pre-master secret to the server. An attacker that had observed a\ngenuine connection between a client and a server could use this flaw to send\ntrial messages to the server and record the time taken to process them. After a\nsufficiently large number of messages the attacker could recover the pre-master\nsecret used for the original connection and thus be able to decrypt the\napplication data sent over that connection.", "Severity": "MEDIUM", "CweIDs": [ "CWE-203" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "julia": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 }, "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:2165", "https://access.redhat.com/security/cve/CVE-2022-4304", "https://bugzilla.redhat.com/1960321", "https://bugzilla.redhat.com/2164440", "https://bugzilla.redhat.com/2164487", "https://bugzilla.redhat.com/2164492", "https://bugzilla.redhat.com/2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", "https://errata.almalinux.org/9/ALSA-2023-2165.html", "https://errata.rockylinux.org/RLSA-2023:0946", "https://github.com/advisories/GHSA-p52g-cm5j-mjv4", "https://linux.oracle.com/cve/CVE-2022-4304.html", "https://linux.oracle.com/errata/ELSA-2023-32791.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-4304", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", "https://rustsec.org/advisories/RUSTSEC-2023-0007.html", "https://security.gentoo.org/glsa/202402-08", "https://ubuntu.com/security/notices/USN-5844-1", "https://ubuntu.com/security/notices/USN-6564-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2022-4304", "https://www.openssl.org/news/secadv/20230207.txt" ], "PublishedDate": "2023-02-08T20:15:23.887Z", "LastModifiedDate": "2025-11-04T20:16:14.897Z" }, { "VulnerabilityID": "CVE-2023-0465", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.8-r2", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0465", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:52ed5f91896343bee3d4b7e035ff0764016df2e8f32dae6a6f4fea3e166ecee2", "Title": "openssl: Invalid certificate policies in leaf certificates are silently ignored", "Description": "Applications that use a non-default option when verifying certificates may be\nvulnerable to an attack from a malicious CA to circumvent certain checks.\n\nInvalid certificate policies in leaf certificates are silently ignored by\nOpenSSL and other certificate policy checks are skipped for that certificate.\nA malicious CA could use this to deliberately assert invalid certificate policies\nin order to circumvent policy checking on the certificate altogether.\n\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy' argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "cbl-mariner": 2, "julia": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:3722", "https://access.redhat.com/security/cve/CVE-2023-0465", "https://bugzilla.redhat.com/2181082", "https://bugzilla.redhat.com/2182561", "https://bugzilla.redhat.com/2182565", "https://bugzilla.redhat.com/2188461", "https://bugzilla.redhat.com/2207947", "https://errata.almalinux.org/9/ALSA-2023-3722.html", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=10325176f3d3e98c6e2b3bf5ab1e3b334de6947a", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=facfb1ab745646e97a1920977ae4a9965ea61d5c", "https://github.com/advisories/GHSA-77f3-6546-6rj7", "https://linux.oracle.com/cve/CVE-2023-0465.html", "https://linux.oracle.com/errata/ELSA-2023-3722.html", "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-0465", "https://security.gentoo.org/glsa/202402-08", "https://security.netapp.com/advisory/ntap-20230414-0001", "https://security.netapp.com/advisory/ntap-20230414-0001/", "https://ubuntu.com/security/notices/USN-6039-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2023-0465", "https://www.debian.org/security/2023/dsa-5417", "https://www.openssl.org/news/secadv/20230328.txt" ], "PublishedDate": "2023-03-28T15:15:06.82Z", "LastModifiedDate": "2025-02-18T21:15:13.877Z" }, { "VulnerabilityID": "CVE-2023-0466", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.8-r3", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0466", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:ba780eb34a2227e36f8c8b4b81d675705a7bf71af9ec98ed1d432dcc89303633", "Title": "openssl: Certificate policy check not enabled", "Description": "The function X509_VERIFY_PARAM_add0_policy() is documented to\nimplicitly enable the certificate policy check when doing certificate\nverification. However the implementation of the function does not\nenable the check which allows certificates with invalid or incorrect\npolicies to pass the certificate verification.\n\nAs suddenly enabling the policy check could break existing deployments it was\ndecided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy()\nfunction.\n\nInstead the applications that require OpenSSL to perform certificate\npolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly\nenable the policy check by calling X509_VERIFY_PARAM_set_flags() with\nthe X509_V_FLAG_POLICY_CHECK flag argument.\n\nCertificate policy checks are disabled by default in OpenSSL and are not\ncommonly used by applications.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 2, "amazon": 3, "cbl-mariner": 2, "julia": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/09/28/4", "https://access.redhat.com/errata/RHSA-2023:3722", "https://access.redhat.com/security/cve/CVE-2023-0466", "https://bugzilla.redhat.com/2181082", "https://bugzilla.redhat.com/2182561", "https://bugzilla.redhat.com/2182565", "https://bugzilla.redhat.com/2188461", "https://bugzilla.redhat.com/2207947", "https://errata.almalinux.org/9/ALSA-2023-3722.html", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=73398dea26de9899fb4baa94098ad0a61f435c72", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc814a30fc4f0bc54fcea7d9a7462f5457aab061", "https://github.com/advisories/GHSA-pxvj-4wx4-gv6w", "https://linux.oracle.com/cve/CVE-2023-0466.html", "https://linux.oracle.com/errata/ELSA-2023-3722.html", "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-0466", "https://security.gentoo.org/glsa/202402-08", "https://security.netapp.com/advisory/ntap-20230414-0001", "https://security.netapp.com/advisory/ntap-20230414-0001/", "https://ubuntu.com/security/notices/USN-6039-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2023-0466", "https://www.debian.org/security/2023/dsa-5417", "https://www.openssl.org/news/secadv/20230328.txt" ], "PublishedDate": "2023-03-28T15:15:06.88Z", "LastModifiedDate": "2025-02-19T18:15:22.177Z" }, { "VulnerabilityID": "CVE-2023-1255", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.8-r4", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-1255", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:42f86951ca08ed0e659f02e3eeae71e10b1c7f78d2630833950893cb0a872f7d", "Title": "openssl: Input buffer over-read in AES-XTS implementation on 64 bit ARM", "Description": "Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM\nplatform contains a bug that could cause it to read past the input buffer,\nleading to a crash.\n\nImpact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM\nplatform can crash in rare circumstances. The AES-XTS algorithm is usually\nused for disk encryption.\n\nThe AES-XTS cipher decryption implementation for 64 bit ARM platform will read\npast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16\nbyte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext\nbuffer is unmapped, this will trigger a crash which results in a denial of\nservice.\n\nIf an attacker can control the size and location of the ciphertext buffer\nbeing decrypted by an application using AES-XTS on 64 bit ARM, the\napplication is affected. This is fairly unlikely making this issue\na Low severity one.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "alma": 2, "amazon": 2, "julia": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.1 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/04/20/13", "https://access.redhat.com/errata/RHSA-2023:3722", "https://access.redhat.com/security/cve/CVE-2023-1255", "https://bugzilla.redhat.com/2181082", "https://bugzilla.redhat.com/2182561", "https://bugzilla.redhat.com/2182565", "https://bugzilla.redhat.com/2188461", "https://bugzilla.redhat.com/2207947", "https://errata.almalinux.org/9/ALSA-2023-3722.html", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=02ac9c9420275868472f33b01def01218742b8bb", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bc2f61ad70971869b242fc1cb445b98bad50074a", "https://github.com/advisories/GHSA-4wp2-xw7p-2gfx", "https://linux.oracle.com/cve/CVE-2023-1255.html", "https://linux.oracle.com/errata/ELSA-2023-3722.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-1255", "https://security.netapp.com/advisory/ntap-20230908-0006/", "https://ubuntu.com/security/notices/USN-6119-1", "https://www.cve.org/CVERecord?id=CVE-2023-1255", "https://www.openssl.org/news/secadv/20230419.txt", "https://www.openssl.org/news/secadv/20230420.txt" ], "PublishedDate": "2023-04-20T17:15:06.883Z", "LastModifiedDate": "2025-02-04T22:15:39.327Z" }, { "VulnerabilityID": "CVE-2023-2650", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.9-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2650", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:db8405d450cb906bde57ccdb261306826eb867d33a9016705545694fde9fab61", "Title": "openssl: Possible DoS translating ASN.1 object identifiers", "Description": "Issue summary: Processing some specially crafted ASN.1 object identifiers or\ndata containing them may be very slow.\n\nImpact summary: Applications that use OBJ_obj2txt() directly, or use any of\nthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message\nsize limit may experience notable to very long delays when processing those\nmessages, which may lead to a Denial of Service.\n\nAn OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -\nmost of which have no size limit. OBJ_obj2txt() may be used to translate\nan ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL\ntype ASN1_OBJECT) to its canonical numeric text form, which are the\nsub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by\nperiods.\n\nWhen one of the sub-identifiers in the OBJECT IDENTIFIER is very large\n(these are sizes that are seen as absurdly large, taking up tens or hundreds\nof KiBs), the translation to a decimal number in text may take a very long\ntime. The time complexity is O(n^2) with 'n' being the size of the\nsub-identifiers in bytes (*).\n\nWith OpenSSL 3.0, support to fetch cryptographic algorithms using names /\nidentifiers in string form was introduced. This includes using OBJECT\nIDENTIFIERs in canonical numeric text form as identifiers for fetching\nalgorithms.\n\nSuch OBJECT IDENTIFIERs may be received through the ASN.1 structure\nAlgorithmIdentifier, which is commonly used in multiple protocols to specify\nwhat cryptographic algorithm should be used to sign or verify, encrypt or\ndecrypt, or digest passed data.\n\nApplications that call OBJ_obj2txt() directly with untrusted data are\naffected, with any version of OpenSSL. If the use is for the mere purpose\nof display, the severity is considered low.\n\nIn OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,\nCMS, CMP/CRMF or TS. It also impacts anything that processes X.509\ncertificates, including simple things like verifying its signature.\n\nThe impact on TLS is relatively low, because all versions of OpenSSL have a\n100KiB limit on the peer's certificate chain. Additionally, this only\nimpacts clients, or servers that have explicitly enabled client\nauthentication.\n\nIn OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,\nsuch as X.509 certificates. This is assumed to not happen in such a way\nthat it would cause a Denial of Service, so these versions are considered\nnot affected by this issue in such a way that it would be cause for concern,\nand the severity is therefore considered low.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "cbl-mariner": 2, "julia": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/05/30/1", "https://access.redhat.com/errata/RHSA-2023:6330", "https://access.redhat.com/security/cve/CVE-2023-2650", "https://bugzilla.redhat.com/1858038", "https://bugzilla.redhat.com/2207947", "https://errata.almalinux.org/9/ALSA-2023-6330.html", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=423a2bc737a908ad0c77bda470b2b59dc879936b", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=853c5e56ee0b8650c73140816bb8b91d6163422c", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9e209944b35cf82368071f160a744b6178f9b098", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a", "https://github.com/advisories/GHSA-gqxg-9vfr-p9cg", "https://linux.oracle.com/cve/CVE-2023-2650.html", "https://linux.oracle.com/errata/ELSA-2023-6330.html", "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-2650", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0009", "https://security.gentoo.org/glsa/202402-08", "https://security.netapp.com/advisory/ntap-20230703-0001/", "https://security.netapp.com/advisory/ntap-20231027-0009/", "https://ubuntu.com/security/notices/USN-6119-1", "https://ubuntu.com/security/notices/USN-6188-1", "https://ubuntu.com/security/notices/USN-6672-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2023-2650", "https://www.debian.org/security/2023/dsa-5417", "https://www.openssl.org/news/secadv/20230530.txt" ], "PublishedDate": "2023-05-30T14:15:09.683Z", "LastModifiedDate": "2025-03-19T16:15:21.89Z" }, { "VulnerabilityID": "CVE-2023-2975", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.9-r2", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2975", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:d217cf4c9a81bbfa5a676e83c071e25a89e5073390c0acc251517d841ac52d4e", "Title": "openssl: AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries", "Description": "Issue summary: The AES-SIV cipher implementation contains a bug that causes\nit to ignore empty associated data entries which are unauthenticated as\na consequence.\n\nImpact summary: Applications that use the AES-SIV algorithm and want to\nauthenticate empty data entries as associated data can be misled by removing,\nadding or reordering such empty entries as these are ignored by the OpenSSL\nimplementation. We are currently unaware of any such applications.\n\nThe AES-SIV algorithm allows for authentication of multiple associated\ndata entries along with the encryption. To authenticate empty data the\napplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with\nNULL pointer as the output buffer and 0 as the input buffer length.\nThe AES-SIV implementation in OpenSSL just returns success for such a call\ninstead of performing the associated data authentication operation.\nThe empty data thus will not be authenticated.\n\nAs this issue does not affect non-empty associated data authentication and\nwe expect it to be rare for an application to use empty associated data\nentries this is qualified as Low severity issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-354", "CWE-287" ], "VendorSeverity": { "alma": 1, "amazon": 2, "cbl-mariner": 2, "julia": 2, "nvd": 2, "oracle-oval": 1, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/07/15/1", "http://www.openwall.com/lists/oss-security/2023/07/19/5", "https://access.redhat.com/errata/RHSA-2024:2447", "https://access.redhat.com/security/cve/CVE-2023-2975", "https://bugzilla.redhat.com/2223016", "https://bugzilla.redhat.com/2224962", "https://bugzilla.redhat.com/2227852", "https://bugzilla.redhat.com/2248616", "https://bugzilla.redhat.com/2257571", "https://bugzilla.redhat.com/2258502", "https://bugzilla.redhat.com/2259944", "https://errata.almalinux.org/9/ALSA-2024-2447.html", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=00e2f5eea29994d19293ec4e8c8775ba73678598", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc", "https://github.com/advisories/GHSA-hpqg-7fjp-436p", "https://linux.oracle.com/cve/CVE-2023-2975.html", "https://linux.oracle.com/errata/ELSA-2024-2447.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-2975", "https://security.gentoo.org/glsa/202402-08", "https://security.netapp.com/advisory/ntap-20230725-0004", "https://security.netapp.com/advisory/ntap-20230725-0004/", "https://ubuntu.com/security/notices/USN-6450-1", "https://www.cve.org/CVERecord?id=CVE-2023-2975", "https://www.openssl.org/news/secadv/20230714.txt" ], "PublishedDate": "2023-07-14T12:15:09.023Z", "LastModifiedDate": "2025-04-23T17:16:32.467Z" }, { "VulnerabilityID": "CVE-2023-3446", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.9-r3", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3446", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:18f518d78e8c78b0839bdba171c36e6fe45872f3b876c3a9eab85d591d229de4", "Title": "openssl: Excessive time spent checking DH keys and parameters", "Description": "Issue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. One of those\nchecks confirms that the modulus ('p' parameter) is not too large. Trying to use\na very large modulus is slow and OpenSSL will not normally use a modulus which\nis over 10,000 bits in length.\n\nHowever the DH_check() function checks numerous aspects of the key or parameters\nthat have been supplied. Some of those checks use the supplied modulus value\neven if it has already been found to be too large.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulernable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the '-check' option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-606", "CWE-1333" ], "VendorSeverity": { "alma": 1, "amazon": 3, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 1, "photon": 2, "redhat": 1, "rocky": 3, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/07/19/4", "http://www.openwall.com/lists/oss-security/2023/07/19/5", "http://www.openwall.com/lists/oss-security/2023/07/19/6", "http://www.openwall.com/lists/oss-security/2023/07/31/1", "http://www.openwall.com/lists/oss-security/2024/05/16/1", "https://access.redhat.com/errata/RHSA-2024:2447", "https://access.redhat.com/security/cve/CVE-2023-3446", "https://bugzilla.redhat.com/2223016", "https://bugzilla.redhat.com/2224962", "https://bugzilla.redhat.com/2227852", "https://bugzilla.redhat.com/2248616", "https://bugzilla.redhat.com/2257571", "https://bugzilla.redhat.com/2258502", "https://bugzilla.redhat.com/2259944", "https://bugzilla.redhat.com/show_bug.cgi?id=2224962", "https://bugzilla.redhat.com/show_bug.cgi?id=2257582", "https://bugzilla.redhat.com/show_bug.cgi?id=2257583", "https://bugzilla.redhat.com/show_bug.cgi?id=2258677", "https://bugzilla.redhat.com/show_bug.cgi?id=2258688", "https://bugzilla.redhat.com/show_bug.cgi?id=2258691", "https://bugzilla.redhat.com/show_bug.cgi?id=2258694", "https://bugzilla.redhat.com/show_bug.cgi?id=2258700", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36763", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36764", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3446", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45229", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45231", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45232", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45233", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45235", "https://errata.almalinux.org/9/ALSA-2024-2447.html", "https://errata.rockylinux.org/RLSA-2024:2264", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23", "https://linux.oracle.com/cve/CVE-2023-3446.html", "https://linux.oracle.com/errata/ELSA-2024-2447.html", "https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3446", "https://security.gentoo.org/glsa/202402-08", "https://security.netapp.com/advisory/ntap-20230803-0011/", "https://ubuntu.com/security/notices/USN-6435-1", "https://ubuntu.com/security/notices/USN-6435-2", "https://ubuntu.com/security/notices/USN-6450-1", "https://ubuntu.com/security/notices/USN-6709-1", "https://ubuntu.com/security/notices/USN-7018-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2023-3446", "https://www.openssl.org/news/secadv/20230719.txt" ], "PublishedDate": "2023-07-19T12:15:10.003Z", "LastModifiedDate": "2025-04-23T17:16:36.967Z" }, { "VulnerabilityID": "CVE-2023-3817", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.10-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3817", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:b9e025ad75b22e285d0307215d8d25839e241b89fe5641023bae53a195a28b0b", "Title": "OpenSSL: Excessive time spent checking DH q parameter value", "Description": "Issue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. After fixing\nCVE-2023-3446 it was discovered that a large q parameter value can also trigger\nan overly long computation during some of these checks. A correct q value,\nif present, cannot be larger than the modulus p parameter, thus it is\nunnecessary to perform these checks if q is larger than p.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulnerable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the \"-check\" option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-606", "CWE-834" ], "VendorSeverity": { "alma": 1, "amazon": 2, "azure": 2, "cbl-mariner": 2, "julia": 2, "nvd": 2, "oracle-oval": 1, "photon": 2, "redhat": 1, "rocky": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://seclists.org/fulldisclosure/2023/Jul/43", "http://www.openwall.com/lists/oss-security/2023/07/31/1", "http://www.openwall.com/lists/oss-security/2023/09/22/11", "http://www.openwall.com/lists/oss-security/2023/09/22/9", "http://www.openwall.com/lists/oss-security/2023/11/06/2", "https://access.redhat.com/errata/RHSA-2024:2447", "https://access.redhat.com/security/cve/CVE-2023-3817", "https://bugzilla.redhat.com/2223016", "https://bugzilla.redhat.com/2224962", "https://bugzilla.redhat.com/2227852", "https://bugzilla.redhat.com/2248616", "https://bugzilla.redhat.com/2257571", "https://bugzilla.redhat.com/2258502", "https://bugzilla.redhat.com/2259944", "https://bugzilla.redhat.com/show_bug.cgi?id=2224962", "https://bugzilla.redhat.com/show_bug.cgi?id=2227852", "https://bugzilla.redhat.com/show_bug.cgi?id=2248616", "https://bugzilla.redhat.com/show_bug.cgi?id=2270358", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3446", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3817", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5678", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2408", "https://errata.almalinux.org/9/ALSA-2024-2447.html", "https://errata.rockylinux.org/RLSA-2023:7877", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5", "https://github.com/advisories/GHSA-c945-cqj5-wfv6", "https://linux.oracle.com/cve/CVE-2023-3817.html", "https://linux.oracle.com/errata/ELSA-2024-2447.html", "https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3817", "https://security.gentoo.org/glsa/202402-08", "https://security.netapp.com/advisory/ntap-20230818-0014", "https://security.netapp.com/advisory/ntap-20230818-0014/", "https://security.netapp.com/advisory/ntap-20231027-0008", "https://security.netapp.com/advisory/ntap-20231027-0008/", "https://security.netapp.com/advisory/ntap-20240621-0006", "https://security.netapp.com/advisory/ntap-20240621-0006/", "https://ubuntu.com/security/notices/USN-6435-1", "https://ubuntu.com/security/notices/USN-6435-2", "https://ubuntu.com/security/notices/USN-6450-1", "https://ubuntu.com/security/notices/USN-6709-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2023-3817", "https://www.openssl.org/news/secadv/20230731.txt" ], "PublishedDate": "2023-07-31T16:15:10.497Z", "LastModifiedDate": "2025-05-05T16:15:47.343Z" }, { "VulnerabilityID": "CVE-2023-5678", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.12-r1", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-5678", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:b4470fc33821ba2514083274cc7bb898452d335e9e766ebf6623b4e1a8d4c498", "Title": "openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow", "Description": "Issue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn't make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn't check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n\"-pubcheck\" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-606", "CWE-754" ], "VendorSeverity": { "alma": 1, "amazon": 3, "azure": 2, "cbl-mariner": 2, "julia": 2, "nvd": 2, "oracle-oval": 1, "photon": 2, "redhat": 1, "rocky": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/11/06/2", "http://www.openwall.com/lists/oss-security/2024/03/11/1", "https://access.redhat.com/errata/RHSA-2024:2447", "https://access.redhat.com/security/cve/CVE-2023-5678", "https://bugzilla.redhat.com/2223016", "https://bugzilla.redhat.com/2224962", "https://bugzilla.redhat.com/2227852", "https://bugzilla.redhat.com/2248616", "https://bugzilla.redhat.com/2257571", "https://bugzilla.redhat.com/2258502", "https://bugzilla.redhat.com/2259944", "https://bugzilla.redhat.com/show_bug.cgi?id=2224962", "https://bugzilla.redhat.com/show_bug.cgi?id=2227852", "https://bugzilla.redhat.com/show_bug.cgi?id=2248616", "https://bugzilla.redhat.com/show_bug.cgi?id=2270358", "https://cert-portal.siemens.com/productcert/html/ssa-093430.html", "https://cert-portal.siemens.com/productcert/html/ssa-128433.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cert-portal.siemens.com/productcert/html/ssa-277137.html", "https://cert-portal.siemens.com/productcert/html/ssa-331112.html", "https://cert-portal.siemens.com/productcert/html/ssa-341067.html", "https://cert-portal.siemens.com/productcert/html/ssa-398330.html", "https://cert-portal.siemens.com/productcert/html/ssa-556635.html", "https://cert-portal.siemens.com/productcert/html/ssa-613116.html", "https://cert-portal.siemens.com/productcert/html/ssa-769027.html", "https://cert-portal.siemens.com/productcert/html/ssa-794697.html", "https://cert-portal.siemens.com/productcert/html/ssa-915275.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3446", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3817", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5678", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2408", "https://errata.almalinux.org/9/ALSA-2024-2447.html", "https://errata.rockylinux.org/RLSA-2023:7877", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6", "https://github.com/advisories/GHSA-2cj7-mg3x-9mhq", "https://linux.oracle.com/cve/CVE-2023-5678.html", "https://linux.oracle.com/errata/ELSA-2024-2447.html", "https://lists.debian.org/debian-lts-announce/2024/10/msg00033.html", "https://lists.debian.org/debian-lts-announce/2024/11/msg00000.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-5678", "https://security.netapp.com/advisory/ntap-20231130-0010", "https://security.netapp.com/advisory/ntap-20231130-0010/", "https://ubuntu.com/security/notices/USN-6622-1", "https://ubuntu.com/security/notices/USN-6632-1", "https://ubuntu.com/security/notices/USN-6709-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2023-5678", "https://www.openssl.org/news/secadv/20231106.txt" ], "PublishedDate": "2023-11-06T16:15:42.67Z", "LastModifiedDate": "2026-05-12T11:16:17.123Z" }, { "VulnerabilityID": "CVE-2023-6129", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.12-r2", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-6129", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:c2446353807d01ebe3bdf89c198e076fe137670fa0eb216538b20419bbd81beb", "Title": "openssl: POLY1305 MAC implementation corrupts vector registers on PowerPC", "Description": "Issue summary: The POLY1305 MAC (message authentication code) implementation\ncontains a bug that might corrupt the internal state of applications running\non PowerPC CPU based platforms if the CPU provides vector instructions.\n\nImpact summary: If an attacker can influence whether the POLY1305 MAC\nalgorithm is used, the application state might be corrupted with various\napplication dependent consequences.\n\nThe POLY1305 MAC (message authentication code) implementation in OpenSSL for\nPowerPC CPUs restores the contents of vector registers in a different order\nthan they are saved. Thus the contents of some of these vector registers\nare corrupted when returning to the caller. The vulnerable code is used only\non newer PowerPC processors supporting the PowerISA 2.07 instructions.\n\nThe consequences of this kind of internal application state corruption can\nbe various - from no consequences, if the calling application does not\ndepend on the contents of non-volatile XMM registers at all, to the worst\nconsequences, where the attacker could get complete control of the application\nprocess. However unless the compiler uses the vector registers for storing\npointers, the most likely consequence, if any, would be an incorrect result\nof some application dependent calculations or a crash leading to a denial of\nservice.\n\nThe POLY1305 MAC algorithm is most frequently used as part of the\nCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)\nalgorithm. The most common usage of this AEAD cipher is with TLS protocol\nversions 1.2 and 1.3. If this cipher is enabled on the server a malicious\nclient can influence whether this AEAD cipher is used. This implies that\nTLS server applications using OpenSSL can be potentially impacted. However\nwe are currently not aware of any concrete application that would be affected\nby this issue therefore we consider this a Low severity security issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-440", "CWE-787" ], "VendorSeverity": { "alma": 2, "azure": 2, "cbl-mariner": 2, "julia": 2, "nvd": 2, "oracle-oval": 2, "redhat": 1, "rocky": 2, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "V3Score": 6.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/01/09/1", "http://www.openwall.com/lists/oss-security/2024/03/11/1", "https://access.redhat.com/errata/RHSA-2024:9088", "https://access.redhat.com/security/cve/CVE-2023-6129", "https://bugzilla.redhat.com/2257571", "https://bugzilla.redhat.com/2258502", "https://bugzilla.redhat.com/2259944", "https://bugzilla.redhat.com/2284243", "https://bugzilla.redhat.com/show_bug.cgi?id=2257571", "https://bugzilla.redhat.com/show_bug.cgi?id=2258502", "https://bugzilla.redhat.com/show_bug.cgi?id=2259944", "https://bugzilla.redhat.com/show_bug.cgi?id=2284243", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cert-portal.siemens.com/productcert/html/ssa-331112.html", "https://cert-portal.siemens.com/productcert/html/ssa-769027.html", "https://cert-portal.siemens.com/productcert/html/ssa-915275.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6129", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6237", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0727", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1298", "https://errata.almalinux.org/9/ALSA-2024-9088.html", "https://errata.rockylinux.org/RLSA-2024:9088", "https://github.com/advisories/GHSA-rj8q-prqp-jwfg", "https://github.com/openssl/openssl/commit/050d26383d4e264966fb83428e72d5d48f402d35", "https://github.com/openssl/openssl/commit/5b139f95c9a47a55a0c54100f3837b1eee942b04", "https://github.com/openssl/openssl/commit/f3fc5808fe9ff74042d639839610d03b8fdcc015", "https://linux.oracle.com/cve/CVE-2023-6129.html", "https://linux.oracle.com/errata/ELSA-2024-9088.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-6129", "https://security.netapp.com/advisory/ntap-20240216-0009", "https://security.netapp.com/advisory/ntap-20240216-0009/", "https://security.netapp.com/advisory/ntap-20240426-0008", "https://security.netapp.com/advisory/ntap-20240426-0008/", "https://security.netapp.com/advisory/ntap-20240426-0013", "https://security.netapp.com/advisory/ntap-20240426-0013/", "https://security.netapp.com/advisory/ntap-20240503-0011", "https://security.netapp.com/advisory/ntap-20240503-0011/", "https://ubuntu.com/security/notices/USN-6622-1", "https://www.cve.org/CVERecord?id=CVE-2023-6129", "https://www.openssl.org/news/secadv/20240109.txt", "https://www.openwall.com/lists/oss-security/2024/01/09/1" ], "PublishedDate": "2024-01-09T17:15:12.147Z", "LastModifiedDate": "2026-05-12T11:16:17.563Z" }, { "VulnerabilityID": "CVE-2024-0727", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.12-r4", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-0727", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:46b83be43a22c4f4a3ae7620234fb589bf479b2fe9ad75040008280869c1aa90", "Title": "openssl: denial of service via null dereference", "Description": "Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL\nto crash leading to a potential Denial of Service attack\n\nImpact summary: Applications loading files in the PKCS12 format from untrusted\nsources might terminate abruptly.\n\nA file in PKCS12 format can contain certificates and keys and may come from an\nuntrusted source. The PKCS12 specification allows certain fields to be NULL, but\nOpenSSL does not correctly check for this case. This can lead to a NULL pointer\ndereference that results in OpenSSL crashing. If an application processes PKCS12\nfiles from an untrusted source using the OpenSSL APIs then that application will\nbe vulnerable to this issue.\n\nOpenSSL APIs that are vulnerable to this are: PKCS12_parse(),\nPKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()\nand PKCS12_newpass().\n\nWe have also fixed a similar issue in SMIME_write_PKCS7(). However since this\nfunction is related to writing data we do not consider it security significant.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "julia": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 1, "rocky": 2, "ubuntu": 1 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/11/1", "https://access.redhat.com/errata/RHSA-2024:9088", "https://access.redhat.com/security/cve/CVE-2024-0727", "https://bugzilla.redhat.com/2257571", "https://bugzilla.redhat.com/2258502", "https://bugzilla.redhat.com/2259944", "https://bugzilla.redhat.com/2284243", "https://bugzilla.redhat.com/show_bug.cgi?id=2257571", "https://bugzilla.redhat.com/show_bug.cgi?id=2258502", "https://bugzilla.redhat.com/show_bug.cgi?id=2259944", "https://bugzilla.redhat.com/show_bug.cgi?id=2284243", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cert-portal.siemens.com/productcert/html/ssa-277137.html", "https://cert-portal.siemens.com/productcert/html/ssa-331112.html", "https://cert-portal.siemens.com/productcert/html/ssa-769027.html", "https://cert-portal.siemens.com/productcert/html/ssa-915275.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6129", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6237", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0727", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1298", "https://errata.almalinux.org/9/ALSA-2024-9088.html", "https://errata.rockylinux.org/RLSA-2024:9088", "https://github.com/advisories/GHSA-9v9h-cgj8-h64p", "https://github.com/alexcrichton/openssl-src-rs/commit/add20f73b6b42be7451af2e1044d4e0e778992b2", "https://github.com/github/advisory-database/pull/3472", "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2", "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a", "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c", "https://github.com/openssl/openssl/pull/23362", "https://github.com/pyca/cryptography/commit/3519591d255d4506fbcd0d04037d45271903c64d", "https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8", "https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539", "https://linux.oracle.com/cve/CVE-2024-0727.html", "https://linux.oracle.com/errata/ELSA-2024-9088.html", "https://lists.debian.org/debian-lts-announce/2024/10/msg00033.html", "https://lists.debian.org/debian-lts-announce/2024/11/msg00000.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-0727", "https://security.netapp.com/advisory/ntap-20240208-0006", "https://security.netapp.com/advisory/ntap-20240208-0006/", "https://ubuntu.com/security/notices/USN-6622-1", "https://ubuntu.com/security/notices/USN-6632-1", "https://ubuntu.com/security/notices/USN-6709-1", "https://ubuntu.com/security/notices/USN-7018-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2024-0727", "https://www.openssl.org/news/secadv/20240125.txt" ], "PublishedDate": "2024-01-26T09:15:07.637Z", "LastModifiedDate": "2026-05-12T12:16:16.567Z" }, { "VulnerabilityID": "CVE-2025-69419", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.19-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69419", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:aacacbfd4dac79d085ac307b73e5efbc0cab7c5af5093b34af1103284b627dba", "Title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing", "Description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "cbl-mariner": 3, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4472", "https://access.redhat.com/security/cve/CVE-2025-69419", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-4472.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-x77r-97gw-wh89", "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", "https://linux.oracle.com/cve/CVE-2025-69419.html", "https://linux.oracle.com/errata/ELSA-2026-50131.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69419" ], "PublishedDate": "2026-01-27T16:16:34.113Z", "LastModifiedDate": "2026-05-12T13:17:26.19Z" }, { "VulnerabilityID": "CVE-2025-9230", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.19-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:9af34992240fabe114f6ee2b8ef8e974550d6d961d118742cde6862debe1b306", "Title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap", "Description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125", "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "cbl-mariner": 3, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.6 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/09/30/5", "https://access.redhat.com/errata/RHSA-2026:2776", "https://access.redhat.com/security/cve/CVE-2025-9230", "https://bugzilla.redhat.com/2396054", "https://bugzilla.redhat.com/show_bug.cgi?id=2396054", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cert-portal.siemens.com/productcert/html/ssa-485750.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230", "https://errata.almalinux.org/9/ALSA-2026-2776.html", "https://errata.rockylinux.org/RLSA-2025:21255", "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", "https://linux.oracle.com/cve/CVE-2025-9230.html", "https://linux.oracle.com/errata/ELSA-2026-50114.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "https://openssl-library.org/news/secadv/20250930.txt", "https://ubuntu.com/security/notices/USN-7786-1", "https://www.cve.org/CVERecord?id=CVE-2025-9230" ], "PublishedDate": "2025-09-30T14:15:41.05Z", "LastModifiedDate": "2026-05-12T13:17:29.767Z" }, { "VulnerabilityID": "CVE-2022-3996", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.7-r2", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3996", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:c521e9b16a4a958dab38c1647f1f5b3b101fcb3ddd8a70210f415278d10d7a09", "Title": "openssl: double locking leads to denial of service", "Description": "If an X.509 certificate contains a malformed policy constraint and\npolicy processing is enabled, then a write lock will be taken twice\nrecursively. On some operating systems (most widely: Windows) this\nresults in a denial of service when the affected process hangs. Policy\nprocessing being enabled on a publicly facing server is not considered\nto be a common setup.\n\nPolicy processing is enabled by passing the `-policy'\nargument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.\n\nUpdate (31 March 2023): The description of the policy processing enablement\nwas corrected based on CVE-2023-0466.", "Severity": "HIGH", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "amazon": 1, "azure": 3, "ghsa": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "V3Score": 7.5, "V40Score": 8.7 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-3996", "https://github.com/alexcrichton/openssl-src-rs", "https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7", "https://nvd.nist.gov/vuln/detail/CVE-2022-3996", "https://security.netapp.com/advisory/ntap-20230203-0003/", "https://ubuntu.com/security/notices/USN-6039-1", "https://www.cve.org/CVERecord?id=CVE-2022-3996", "https://www.openssl.org/news/secadv/20221213.txt" ], "PublishedDate": "2022-12-13T16:15:22.007Z", "LastModifiedDate": "2024-11-21T07:20:42.003Z" }, { "VulnerabilityID": "CVE-2022-4450", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.8-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-4450", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:e74ef67483321d454c4280e88d696ca3567fe79aed2a61c673096e9f61ebedc7", "Title": "openssl: double free after calling PEM_read_bio_ex", "Description": "The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and\ndecodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data.\nIf the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are\npopulated with pointers to buffers containing the relevant decoded data. The\ncaller is responsible for freeing those buffers. It is possible to construct a\nPEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex()\nwill return a failure code but will populate the header argument with a pointer\nto a buffer that has already been freed. If the caller also frees this buffer\nthen a double free will occur. This will most likely lead to a crash. This\ncould be exploited by an attacker who has the ability to supply malicious PEM\nfiles for parsing to achieve a denial of service attack.\n\nThe functions PEM_read_bio() and PEM_read() are simple wrappers around\nPEM_read_bio_ex() and therefore these functions are also directly affected.\n\nThese functions are also called indirectly by a number of other OpenSSL\nfunctions including PEM_X509_INFO_read_bio_ex() and\nSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal\nuses of these functions are not vulnerable because the caller does not free the\nheader argument if PEM_read_bio_ex() returns a failure code. These locations\ninclude the PEM_read_bio_TYPE() functions as well as the decoders introduced in\nOpenSSL 3.0.\n\nThe OpenSSL asn1parse command line application is also impacted by this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-415" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "ghsa": 3, "julia": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:2165", "https://access.redhat.com/security/cve/CVE-2022-4450", "https://bugzilla.redhat.com/1960321", "https://bugzilla.redhat.com/2164440", "https://bugzilla.redhat.com/2164487", "https://bugzilla.redhat.com/2164492", "https://bugzilla.redhat.com/2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", "https://errata.almalinux.org/9/ALSA-2023-2165.html", "https://errata.rockylinux.org/RLSA-2023:0946", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=63bcf189be73a9cc1264059bed6f57974be74a83", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bbcf509bd046b34cca19c766bbddc31683d0858b", "https://github.com/advisories/GHSA-v5w6-wcm8-jm4q", "https://linux.oracle.com/cve/CVE-2022-4450.html", "https://linux.oracle.com/errata/ELSA-2023-32791.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-4450", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", "https://rustsec.org/advisories/RUSTSEC-2023-0010.html", "https://security.gentoo.org/glsa/202402-08", "https://ubuntu.com/security/notices/USN-5844-1", "https://ubuntu.com/security/notices/USN-6564-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2022-4450", "https://www.openssl.org/news/secadv/20230207.txt" ], "PublishedDate": "2023-02-08T20:15:23.973Z", "LastModifiedDate": "2025-11-04T20:16:15.06Z" }, { "VulnerabilityID": "CVE-2023-0215", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.8-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0215", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:392f9688e7ed5b359fb574c7ca196ea6e72759c6506f484e0b7dd53e82563c16", "Title": "openssl: use-after-free following BIO_new_NDEF", "Description": "The public API function BIO_new_NDEF is a helper function used for streaming\nASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the\nSMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by\nend user applications.\n\nThe function receives a BIO from the caller, prepends a new BIO_f_asn1 filter\nBIO onto the front of it to form a BIO chain, and then returns the new head of\nthe BIO chain to the caller. Under certain conditions, for example if a CMS\nrecipient public key is invalid, the new filter BIO is freed and the function\nreturns a NULL result indicating a failure. However, in this case, the BIO chain\nis not properly cleaned up and the BIO passed by the caller still retains\ninternal pointers to the previously freed filter BIO. If the caller then goes on\nto call BIO_pop() on the BIO then a use-after-free will occur. This will most\nlikely result in a crash.\n\n\n\nThis scenario occurs directly in the internal function B64_write_ASN1() which\nmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on\nthe BIO. This internal function is in turn called by the public API functions\nPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream,\nSMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.\n\nOther public API functions that may be impacted by this include\ni2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and\ni2d_PKCS7_bio_stream.\n\nThe OpenSSL cms and smime command line applications are similarly affected.", "Severity": "HIGH", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "ghsa": 3, "julia": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:2165", "https://access.redhat.com/security/cve/CVE-2023-0215", "https://bugzilla.redhat.com/1960321", "https://bugzilla.redhat.com/2164440", "https://bugzilla.redhat.com/2164487", "https://bugzilla.redhat.com/2164492", "https://bugzilla.redhat.com/2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", "https://errata.almalinux.org/9/ALSA-2023-2165.html", "https://errata.rockylinux.org/RLSA-2023:0946", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344", "https://github.com/advisories/GHSA-r7jw-wp68-3xch", "https://linux.oracle.com/cve/CVE-2023-0215.html", "https://linux.oracle.com/errata/ELSA-2023-32791.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-0215", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", "https://rustsec.org/advisories/RUSTSEC-2023-0009.html", "https://security.gentoo.org/glsa/202402-08", "https://security.netapp.com/advisory/ntap-20230427-0007", "https://security.netapp.com/advisory/ntap-20230427-0007/", "https://security.netapp.com/advisory/ntap-20230427-0009", "https://security.netapp.com/advisory/ntap-20230427-0009/", "https://security.netapp.com/advisory/ntap-20240621-0006", "https://security.netapp.com/advisory/ntap-20240621-0006/", "https://ubuntu.com/security/notices/USN-5844-1", "https://ubuntu.com/security/notices/USN-5845-1", "https://ubuntu.com/security/notices/USN-5845-2", "https://ubuntu.com/security/notices/USN-6564-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2023-0215", "https://www.openssl.org/news/secadv/20230207.txt" ], "PublishedDate": "2023-02-08T20:15:24.107Z", "LastModifiedDate": "2025-11-04T20:16:15.847Z" }, { "VulnerabilityID": "CVE-2023-0216", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.8-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0216", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:255fc55b5c458369ee489fc9f8cd7d23bda6f0f4dae6be569e435846e2ca049b", "Title": "openssl: invalid pointer dereference in d2i_PKCS7 functions", "Description": "An invalid pointer dereference on read can be triggered when an\napplication tries to load malformed PKCS7 data with the\nd2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.\n\nThe result of the dereference is an application crash which could\nlead to a denial of service attack. The TLS implementation in OpenSSL\ndoes not call this function however third party applications might\ncall these functions on untrusted data.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 2, "amazon": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:0946", "https://access.redhat.com/security/cve/CVE-2023-0216", "https://bugzilla.redhat.com/2164440", "https://bugzilla.redhat.com/2164487", "https://bugzilla.redhat.com/2164488", "https://bugzilla.redhat.com/2164492", "https://bugzilla.redhat.com/2164494", "https://bugzilla.redhat.com/2164497", "https://bugzilla.redhat.com/2164499", "https://bugzilla.redhat.com/2164500", "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", "https://errata.almalinux.org/9/ALSA-2023-0946.html", "https://errata.rockylinux.org/RLSA-2023:0946", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=934a04f0e775309cadbef0aa6b9692e1b12a76c6", "https://linux.oracle.com/cve/CVE-2023-0216.html", "https://linux.oracle.com/errata/ELSA-2023-12152.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-0216", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", "https://rustsec.org/advisories/RUSTSEC-2023-0011.html", "https://security.gentoo.org/glsa/202402-08", "https://ubuntu.com/security/notices/USN-5844-1", "https://www.cve.org/CVERecord?id=CVE-2023-0216", "https://www.openssl.org/news/secadv/20230207.txt" ], "PublishedDate": "2023-02-08T20:15:24.16Z", "LastModifiedDate": "2025-11-04T20:16:16.043Z" }, { "VulnerabilityID": "CVE-2023-0217", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.8-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0217", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:486e4e8ecccc52e35126714cf099e3efe98b4c68552565fef6a469b1bd77c89c", "Title": "openssl: NULL dereference validating DSA public key", "Description": "An invalid pointer dereference on read can be triggered when an\napplication tries to check a malformed DSA public key by the\nEVP_PKEY_public_check() function. This will most likely lead\nto an application crash. This function can be called on public\nkeys supplied from untrusted sources which could allow an attacker\nto cause a denial of service attack.\n\nThe TLS implementation in OpenSSL does not call this function\nbut applications might call the function if there are additional\nsecurity requirements imposed by standards such as FIPS 140-3.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 2, "amazon": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:0946", "https://access.redhat.com/security/cve/CVE-2023-0217", "https://bugzilla.redhat.com/2164440", "https://bugzilla.redhat.com/2164487", "https://bugzilla.redhat.com/2164488", "https://bugzilla.redhat.com/2164492", "https://bugzilla.redhat.com/2164494", "https://bugzilla.redhat.com/2164497", "https://bugzilla.redhat.com/2164499", "https://bugzilla.redhat.com/2164500", "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", "https://errata.almalinux.org/9/ALSA-2023-0946.html", "https://errata.rockylinux.org/RLSA-2023:0946", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=23985bac83fd50c8e29431009302b5442f985096", "https://linux.oracle.com/cve/CVE-2023-0217.html", "https://linux.oracle.com/errata/ELSA-2023-12152.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-0217", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", "https://rustsec.org/advisories/RUSTSEC-2023-0012.html", "https://security.gentoo.org/glsa/202402-08", "https://ubuntu.com/security/notices/USN-5844-1", "https://www.cve.org/CVERecord?id=CVE-2023-0217", "https://www.openssl.org/news/secadv/20230207.txt" ], "PublishedDate": "2023-02-08T20:15:24.213Z", "LastModifiedDate": "2025-11-04T20:16:16.197Z" }, { "VulnerabilityID": "CVE-2023-0286", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.8-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0286", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:f30a334136a9ca647beb24f0c7f9e961698345eb6b2f27e1fbe9c88496aaea50", "Title": "openssl: X.400 address type confusion in X.509 GeneralName", "Description": "There is a type confusion vulnerability relating to X.400 address processing\ninside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but\nthe public structure definition for GENERAL_NAME incorrectly specified the type\nof the x400Address field as ASN1_TYPE. This field is subsequently interpreted by\nthe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an\nASN1_STRING.\n\nWhen CRL checking is enabled (i.e. the application sets the\nX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass\narbitrary pointers to a memcmp call, enabling them to read memory contents or\nenact a denial of service. In most cases, the attack requires the attacker to\nprovide both the certificate chain and CRL, neither of which need to have a\nvalid signature. If the attacker only controls one of these inputs, the other\ninput must already contain an X.400 address as a CRL distribution point, which\nis uncommon. As such, this vulnerability is most likely to only affect\napplications which have implemented their own functionality for retrieving CRLs\nover a network.", "Severity": "HIGH", "CweIDs": [ "CWE-843" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "ghsa": 3, "julia": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.4 }, "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.4 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:7937", "https://access.redhat.com/security/cve/CVE-2023-0286", "https://access.redhat.com/security/cve/cve-2023-0286", "https://bugzilla.redhat.com/2164440", "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", "https://errata.almalinux.org/9/ALSA-2025-7937.html", "https://errata.rockylinux.org/RLSA-2023:0946", "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt", "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d", "https://github.com/advisories/GHSA-x4qr-2fvf-3mr5", "https://github.com/pyca/cryptography", "https://github.com/pyca/cryptography/security/advisories/GHSA-x4qr-2fvf-3mr5", "https://linux.oracle.com/cve/CVE-2023-0286.html", "https://linux.oracle.com/errata/ELSA-2025-7937.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-0286", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", "https://rustsec.org/advisories/RUSTSEC-2023-0006.html", "https://security.gentoo.org/glsa/202402-08", "https://ubuntu.com/security/notices/USN-5844-1", "https://ubuntu.com/security/notices/USN-5845-1", "https://ubuntu.com/security/notices/USN-5845-2", "https://ubuntu.com/security/notices/USN-6564-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2023-0286", "https://www.openssl.org/news/secadv/20230207.txt" ], "PublishedDate": "2023-02-08T20:15:24.267Z", "LastModifiedDate": "2025-11-04T20:16:16.35Z" }, { "VulnerabilityID": "CVE-2023-0401", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.8-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0401", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:31a959243f5e9c166807f33178da6ebe3455303aa2e6ea50039a5b7a0bbd39b0", "Title": "openssl: NULL dereference during PKCS7 data verification", "Description": "A NULL pointer can be dereferenced when signatures are being\nverified on PKCS7 signed or signedAndEnveloped data. In case the hash\nalgorithm used for the signature is known to the OpenSSL library but\nthe implementation of the hash algorithm is not available the digest\ninitialization will fail. There is a missing check for the return\nvalue from the initialization function which later leads to invalid\nusage of the digest API most likely leading to a crash.\n\nThe unavailability of an algorithm can be caused by using FIPS\nenabled configuration of providers or more commonly by not loading\nthe legacy provider.\n\nPKCS7 data is processed by the SMIME library calls and also by the\ntime stamp (TS) library calls. The TLS implementation in OpenSSL does\nnot call these functions however third party applications would be\naffected if they call these functions to verify signatures on untrusted\ndata.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 2, "amazon": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:0946", "https://access.redhat.com/security/cve/CVE-2023-0401", "https://bugzilla.redhat.com/2164440", "https://bugzilla.redhat.com/2164487", "https://bugzilla.redhat.com/2164488", "https://bugzilla.redhat.com/2164492", "https://bugzilla.redhat.com/2164494", "https://bugzilla.redhat.com/2164497", "https://bugzilla.redhat.com/2164499", "https://bugzilla.redhat.com/2164500", "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", "https://errata.almalinux.org/9/ALSA-2023-0946.html", "https://errata.rockylinux.org/RLSA-2023:0946", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d3b6dfd70db844c4499bec6ad6601623a565e674", "https://github.com/alexcrichton/openssl-src-rs", "https://linux.oracle.com/cve/CVE-2023-0401.html", "https://linux.oracle.com/errata/ELSA-2023-12152.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-0401", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", "https://rustsec.org/advisories/RUSTSEC-2023-0013.html", "https://security.gentoo.org/glsa/202402-08", "https://ubuntu.com/security/notices/USN-5844-1", "https://ubuntu.com/security/notices/USN-6564-1", "https://www.cve.org/CVERecord?id=CVE-2023-0401", "https://www.openssl.org/news/secadv/20230207.txt" ], "PublishedDate": "2023-02-08T20:15:24.323Z", "LastModifiedDate": "2025-11-04T20:16:16.527Z" }, { "VulnerabilityID": "CVE-2023-0464", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.8-r1", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0464", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:12d9ad41e98263971ded819a76c1ab64a534449c182740de5771b13a5308126b", "Title": "openssl: Denial of service by excessive resource usage in verifying X509 policy constraints", "Description": "A security vulnerability has been identified in all supported versions\n\nof OpenSSL related to the verification of X.509 certificate chains\nthat include policy constraints. Attackers may be able to exploit this\nvulnerability by creating a malicious certificate chain that triggers\nexponential use of computational resources, leading to a denial-of-service\n(DoS) attack on affected systems.\n\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy' argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "cbl-mariner": 3, "julia": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:3722", "https://access.redhat.com/security/cve/CVE-2023-0464", "https://bugzilla.redhat.com/2181082", "https://bugzilla.redhat.com/2182561", "https://bugzilla.redhat.com/2182565", "https://bugzilla.redhat.com/2188461", "https://bugzilla.redhat.com/2207947", "https://errata.almalinux.org/9/ALSA-2023-3722.html", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642e", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1", "https://github.com/advisories/GHSA-w2w6-xp88-5cvw", "https://linux.oracle.com/cve/CVE-2023-0464.html", "https://linux.oracle.com/errata/ELSA-2023-3722.html", "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-0464", "https://security.gentoo.org/glsa/202402-08", "https://security.netapp.com/advisory/ntap-20230406-0006", "https://security.netapp.com/advisory/ntap-20230406-0006/", "https://security.netapp.com/advisory/ntap-20240621-0006", "https://security.netapp.com/advisory/ntap-20240621-0006/", "https://ubuntu.com/security/notices/USN-6039-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.couchbase.com/alerts", "https://www.couchbase.com/alerts/", "https://www.cve.org/CVERecord?id=CVE-2023-0464", "https://www.debian.org/security/2023/dsa-5417", "https://www.openssl.org/news/secadv/20230322.txt" ], "PublishedDate": "2023-03-22T17:15:13.13Z", "LastModifiedDate": "2025-05-05T16:15:26.103Z" }, { "VulnerabilityID": "CVE-2023-5363", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.12-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-5363", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:bebc404882ec0523640e8bae9f51917d984f6d175a31eac54f7978c1842d397a", "Title": "openssl: Incorrect cipher key and IV length processing", "Description": "Issue summary: A bug has been identified in the processing of key and\ninitialisation vector (IV) lengths. This can lead to potential truncation\nor overruns during the initialisation of some symmetric ciphers.\n\nImpact summary: A truncation in the IV can result in non-uniqueness,\nwhich could result in loss of confidentiality for some cipher modes.\n\nWhen calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or\nEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after\nthe key and IV have been established. Any alterations to the key length,\nvia the \"keylen\" parameter or the IV length, via the \"ivlen\" parameter,\nwithin the OSSL_PARAM array will not take effect as intended, potentially\ncausing truncation or overreading of these values. The following ciphers\nand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.\n\nFor the CCM, GCM and OCB cipher modes, truncation of the IV can result in\nloss of confidentiality. For example, when following NIST's SP 800-38D\nsection 8.2.1 guidance for constructing a deterministic IV for AES in\nGCM mode, truncation of the counter portion could lead to IV reuse.\n\nBoth truncations and overruns of the key and overruns of the IV will\nproduce incorrect results and could, in some cases, trigger a memory\nexception. However, these issues are not currently assessed as security\ncritical.\n\nChanging the key and/or IV lengths is not considered to be a common operation\nand the vulnerable API was recently introduced. Furthermore it is likely that\napplication developers will have spotted this problem during testing since\ndecryption would fail unless both peers in the communication were similarly\nvulnerable. For these reasons we expect the probability of an application being\nvulnerable to this to be quite low. However if an application is vulnerable then\nthis issue is considered very serious. For these reasons we have assessed this\nissue as Moderate severity overall.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because\nthe issue lies outside of the FIPS provider boundary.\n\nOpenSSL 3.1 and 3.0 are vulnerable to this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-684" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "cbl-mariner": 3, "julia": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/10/24/1", "https://access.redhat.com/errata/RHSA-2024:0310", "https://access.redhat.com/security/cve/CVE-2023-5363", "https://bugzilla.redhat.com/2243839", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-093430.html", "https://cert-portal.siemens.com/productcert/html/ssa-277137.html", "https://cert-portal.siemens.com/productcert/html/ssa-331112.html", "https://cert-portal.siemens.com/productcert/html/ssa-769027.html", "https://errata.almalinux.org/9/ALSA-2024-0310.html", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee", "https://github.com/advisories/GHSA-xw78-pcr6-wrg8", "https://linux.oracle.com/cve/CVE-2023-5363.html", "https://linux.oracle.com/errata/ELSA-2024-12093.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-5363", "https://security.netapp.com/advisory/ntap-20231027-0010", "https://security.netapp.com/advisory/ntap-20231027-0010/", "https://security.netapp.com/advisory/ntap-20240201-0003", "https://security.netapp.com/advisory/ntap-20240201-0003/", "https://security.netapp.com/advisory/ntap-20240201-0004", "https://security.netapp.com/advisory/ntap-20240201-0004/", "https://security.netapp.com/advisory/ntap-20241108-0002", "https://security.netapp.com/advisory/ntap-20241108-0002/", "https://ubuntu.com/security/notices/USN-6450-1", "https://www.cve.org/CVERecord?id=CVE-2023-5363", "https://www.debian.org/security/2023/dsa-5532", "https://www.openssl.org/news/secadv/20231024.txt" ], "PublishedDate": "2023-10-25T18:17:43.613Z", "LastModifiedDate": "2026-05-12T11:16:16.87Z" }, { "VulnerabilityID": "CVE-2024-6119", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.15-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-6119", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:53a56bf3947e197e3bc575eb1b1d86b8629d2fc4f5e02873c0f385ddbf94be7a", "Title": "openssl: Possible denial of service in X.509 name checks", "Description": "Issue summary: Applications performing certificate name checks (e.g., TLS\nclients checking server certificates) may attempt to read an invalid memory\naddress resulting in abnormal termination of the application process.\n\nImpact summary: Abnormal termination of an application can a cause a denial of\nservice.\n\nApplications performing certificate name checks (e.g., TLS clients checking\nserver certificates) may attempt to read an invalid memory address when\ncomparing the expected name with an `otherName` subject alternative name of an\nX.509 certificate. This may result in an exception that terminates the\napplication program.\n\nNote that basic certificate chain validation (signatures, dates, ...) is not\naffected, the denial of service can occur only when the application also\nspecifies an expected DNS name, Email address or IP address.\n\nTLS servers rarely solicit client certificates, and even when they do, they\ngenerally don't perform a name check against a reference identifier (expected\nidentity), but rather extract the presented identity after checking the\ncertificate chain. So TLS servers are generally not affected and the severity\nof the issue is Moderate.\n\nThe FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-843" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "cbl-mariner": 3, "julia": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/09/03/4", "https://access.redhat.com/errata/RHSA-2024:8935", "https://access.redhat.com/security/cve/CVE-2024-6119", "https://bugzilla.redhat.com/2306158", "https://bugzilla.redhat.com/show_bug.cgi?id=2306158", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-613116.html", "https://cert-portal.siemens.com/productcert/html/ssa-769027.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6119", "https://errata.almalinux.org/9/ALSA-2024-8935.html", "https://errata.rockylinux.org/RLSA-2024:6783", "https://github.com/advisories/GHSA-7m4m-pwhv-49c5", "https://github.com/openssl/openssl/commit/05f360d9e849a1b277db628f1f13083a7f8dd04f", "https://github.com/openssl/openssl/commit/06d1dc3fa96a2ba5a3e22735a033012aadc9f0d6", "https://github.com/openssl/openssl/commit/621f3729831b05ee828a3203eddb621d014ff2b2", "https://github.com/openssl/openssl/commit/7dfcee2cd2a63b2c64b9b4b0850be64cb695b0a0", "https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj", "https://linux.oracle.com/cve/CVE-2024-6119.html", "https://linux.oracle.com/errata/ELSA-2024-8935.html", "https://lists.freebsd.org/archives/freebsd-security/2024-September/000303.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-6119", "https://openssl-library.org/news/secadv/20240903.txt", "https://security.netapp.com/advisory/ntap-20240912-0001", "https://security.netapp.com/advisory/ntap-20240912-0001/", "https://ubuntu.com/security/notices/USN-6986-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2024-6119" ], "PublishedDate": "2024-09-03T16:15:07.177Z", "LastModifiedDate": "2026-05-12T12:17:20.647Z" }, { "VulnerabilityID": "CVE-2025-15467", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.19-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15467", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:f02e6f09f8c1e6494a54d4e304b04a079e71fba32afaa7c4acc7bd4cae8f199f", "Title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing", "Description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 4, "julia": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 8.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/27/10", "http://www.openwall.com/lists/oss-security/2026/02/25/6", "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-15467", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-wvhq-3h88-rf6g", "https://github.com/guiimoraes/CVE-2025-15467", "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://linux.oracle.com/cve/CVE-2025-15467.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://www.cve.org/CVERecord?id=CVE-2025-15467" ], "PublishedDate": "2026-01-27T16:16:14.257Z", "LastModifiedDate": "2026-05-07T18:12:43.253Z" }, { "VulnerabilityID": "CVE-2025-69421", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.19-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69421", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:32661166f09cd2a399ab80e16d014797156616a2430e13bed7b9c96d4042174c", "Title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing", "Description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "cbl-mariner": 2, "julia": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 1, "rocky": 3, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-69421", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-w9rv-xc8m-cmqp", "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://linux.oracle.com/cve/CVE-2025-69421.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69421" ], "PublishedDate": "2026-01-27T16:16:34.437Z", "LastModifiedDate": "2026-05-12T13:17:26.71Z" }, { "VulnerabilityID": "CVE-2022-4203", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.8-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-4203", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:7006af1cfd8970c922a3ed64ba95a4eb26cf1ad57cf540db3061c28818105e85", "Title": "openssl: read buffer overflow in X.509 certificate verification", "Description": "A read buffer overrun can be triggered in X.509 certificate verification,\nspecifically in name constraint checking. Note that this occurs\nafter certificate chain signature verification and requires either a\nCA to have signed the malicious certificate or for the application to\ncontinue certificate verification despite failure to construct a path\nto a trusted issuer.\n\nThe read buffer overrun might result in a crash which could lead to\na denial of service attack. In theory it could also result in the disclosure\nof private memory contents (such as private keys, or sensitive plaintext)\nalthough we are not aware of any working exploit leading to memory\ncontents disclosure as of the time of release of this advisory.\n\nIn a TLS client, this can be triggered by connecting to a malicious\nserver. In a TLS server, this can be triggered if the server requests\nclient authentication and a malicious client connects.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "alma": 2, "amazon": 3, "ghsa": 4, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "V3Score": 9.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:0946", "https://access.redhat.com/security/cve/CVE-2022-4203", "https://bugzilla.redhat.com/2164440", "https://bugzilla.redhat.com/2164487", "https://bugzilla.redhat.com/2164488", "https://bugzilla.redhat.com/2164492", "https://bugzilla.redhat.com/2164494", "https://bugzilla.redhat.com/2164497", "https://bugzilla.redhat.com/2164499", "https://bugzilla.redhat.com/2164500", "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", "https://errata.almalinux.org/9/ALSA-2023-0946.html", "https://errata.rockylinux.org/RLSA-2023:0946", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c927a3492698c254637da836762f9b1f86cffabc", "https://linux.oracle.com/cve/CVE-2022-4203.html", "https://linux.oracle.com/errata/ELSA-2023-12152.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-4203", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", "https://rustsec.org/advisories/RUSTSEC-2023-0008.html", "https://security.gentoo.org/glsa/202402-08", "https://ubuntu.com/security/notices/USN-5844-1", "https://www.cve.org/CVERecord?id=CVE-2022-4203", "https://www.openssl.org/news/secadv/20230207.txt" ], "PublishedDate": "2023-02-24T15:15:11.98Z", "LastModifiedDate": "2025-11-04T20:16:14.693Z" }, { "VulnerabilityID": "CVE-2022-4304", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.8-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-4304", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:0fe3eb2c69166b6e855a8c250deba63c09a51859ce3a1b867b03685f3d6866c9", "Title": "openssl: timing attack in RSA Decryption implementation", "Description": "A timing based side channel exists in the OpenSSL RSA Decryption implementation\nwhich could be sufficient to recover a plaintext across a network in a\nBleichenbacher style attack. To achieve a successful decryption an attacker\nwould have to be able to send a very large number of trial messages for\ndecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,\nRSA-OEAP and RSASVE.\n\nFor example, in a TLS connection, RSA is commonly used by a client to send an\nencrypted pre-master secret to the server. An attacker that had observed a\ngenuine connection between a client and a server could use this flaw to send\ntrial messages to the server and record the time taken to process them. After a\nsufficiently large number of messages the attacker could recover the pre-master\nsecret used for the original connection and thus be able to decrypt the\napplication data sent over that connection.", "Severity": "MEDIUM", "CweIDs": [ "CWE-203" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "julia": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 }, "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:2165", "https://access.redhat.com/security/cve/CVE-2022-4304", "https://bugzilla.redhat.com/1960321", "https://bugzilla.redhat.com/2164440", "https://bugzilla.redhat.com/2164487", "https://bugzilla.redhat.com/2164492", "https://bugzilla.redhat.com/2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", "https://errata.almalinux.org/9/ALSA-2023-2165.html", "https://errata.rockylinux.org/RLSA-2023:0946", "https://github.com/advisories/GHSA-p52g-cm5j-mjv4", "https://linux.oracle.com/cve/CVE-2022-4304.html", "https://linux.oracle.com/errata/ELSA-2023-32791.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-4304", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", "https://rustsec.org/advisories/RUSTSEC-2023-0007.html", "https://security.gentoo.org/glsa/202402-08", "https://ubuntu.com/security/notices/USN-5844-1", "https://ubuntu.com/security/notices/USN-6564-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2022-4304", "https://www.openssl.org/news/secadv/20230207.txt" ], "PublishedDate": "2023-02-08T20:15:23.887Z", "LastModifiedDate": "2025-11-04T20:16:14.897Z" }, { "VulnerabilityID": "CVE-2023-0465", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.8-r2", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0465", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:3eec4f631f80c46a487cd6aa0b8c3e9d7086833e0dfb82eceb302b8e74599dfc", "Title": "openssl: Invalid certificate policies in leaf certificates are silently ignored", "Description": "Applications that use a non-default option when verifying certificates may be\nvulnerable to an attack from a malicious CA to circumvent certain checks.\n\nInvalid certificate policies in leaf certificates are silently ignored by\nOpenSSL and other certificate policy checks are skipped for that certificate.\nA malicious CA could use this to deliberately assert invalid certificate policies\nin order to circumvent policy checking on the certificate altogether.\n\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy' argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "cbl-mariner": 2, "julia": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:3722", "https://access.redhat.com/security/cve/CVE-2023-0465", "https://bugzilla.redhat.com/2181082", "https://bugzilla.redhat.com/2182561", "https://bugzilla.redhat.com/2182565", "https://bugzilla.redhat.com/2188461", "https://bugzilla.redhat.com/2207947", "https://errata.almalinux.org/9/ALSA-2023-3722.html", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=10325176f3d3e98c6e2b3bf5ab1e3b334de6947a", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=facfb1ab745646e97a1920977ae4a9965ea61d5c", "https://github.com/advisories/GHSA-77f3-6546-6rj7", "https://linux.oracle.com/cve/CVE-2023-0465.html", "https://linux.oracle.com/errata/ELSA-2023-3722.html", "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-0465", "https://security.gentoo.org/glsa/202402-08", "https://security.netapp.com/advisory/ntap-20230414-0001", "https://security.netapp.com/advisory/ntap-20230414-0001/", "https://ubuntu.com/security/notices/USN-6039-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2023-0465", "https://www.debian.org/security/2023/dsa-5417", "https://www.openssl.org/news/secadv/20230328.txt" ], "PublishedDate": "2023-03-28T15:15:06.82Z", "LastModifiedDate": "2025-02-18T21:15:13.877Z" }, { "VulnerabilityID": "CVE-2023-0466", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.8-r3", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0466", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:7c1f6c43f6b72b0eeea6202edb2e4c587f2051fdfff616117f07e631de1c0aa5", "Title": "openssl: Certificate policy check not enabled", "Description": "The function X509_VERIFY_PARAM_add0_policy() is documented to\nimplicitly enable the certificate policy check when doing certificate\nverification. However the implementation of the function does not\nenable the check which allows certificates with invalid or incorrect\npolicies to pass the certificate verification.\n\nAs suddenly enabling the policy check could break existing deployments it was\ndecided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy()\nfunction.\n\nInstead the applications that require OpenSSL to perform certificate\npolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly\nenable the policy check by calling X509_VERIFY_PARAM_set_flags() with\nthe X509_V_FLAG_POLICY_CHECK flag argument.\n\nCertificate policy checks are disabled by default in OpenSSL and are not\ncommonly used by applications.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 2, "amazon": 3, "cbl-mariner": 2, "julia": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/09/28/4", "https://access.redhat.com/errata/RHSA-2023:3722", "https://access.redhat.com/security/cve/CVE-2023-0466", "https://bugzilla.redhat.com/2181082", "https://bugzilla.redhat.com/2182561", "https://bugzilla.redhat.com/2182565", "https://bugzilla.redhat.com/2188461", "https://bugzilla.redhat.com/2207947", "https://errata.almalinux.org/9/ALSA-2023-3722.html", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=73398dea26de9899fb4baa94098ad0a61f435c72", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc814a30fc4f0bc54fcea7d9a7462f5457aab061", "https://github.com/advisories/GHSA-pxvj-4wx4-gv6w", "https://linux.oracle.com/cve/CVE-2023-0466.html", "https://linux.oracle.com/errata/ELSA-2023-3722.html", "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-0466", "https://security.gentoo.org/glsa/202402-08", "https://security.netapp.com/advisory/ntap-20230414-0001", "https://security.netapp.com/advisory/ntap-20230414-0001/", "https://ubuntu.com/security/notices/USN-6039-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2023-0466", "https://www.debian.org/security/2023/dsa-5417", "https://www.openssl.org/news/secadv/20230328.txt" ], "PublishedDate": "2023-03-28T15:15:06.88Z", "LastModifiedDate": "2025-02-19T18:15:22.177Z" }, { "VulnerabilityID": "CVE-2023-1255", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.8-r4", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-1255", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:ce8a0b2a3042b1f00335c51a0277a2af1c6179102b0f727118b8d5262bfc094f", "Title": "openssl: Input buffer over-read in AES-XTS implementation on 64 bit ARM", "Description": "Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM\nplatform contains a bug that could cause it to read past the input buffer,\nleading to a crash.\n\nImpact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM\nplatform can crash in rare circumstances. The AES-XTS algorithm is usually\nused for disk encryption.\n\nThe AES-XTS cipher decryption implementation for 64 bit ARM platform will read\npast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16\nbyte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext\nbuffer is unmapped, this will trigger a crash which results in a denial of\nservice.\n\nIf an attacker can control the size and location of the ciphertext buffer\nbeing decrypted by an application using AES-XTS on 64 bit ARM, the\napplication is affected. This is fairly unlikely making this issue\na Low severity one.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "alma": 2, "amazon": 2, "julia": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.1 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/04/20/13", "https://access.redhat.com/errata/RHSA-2023:3722", "https://access.redhat.com/security/cve/CVE-2023-1255", "https://bugzilla.redhat.com/2181082", "https://bugzilla.redhat.com/2182561", "https://bugzilla.redhat.com/2182565", "https://bugzilla.redhat.com/2188461", "https://bugzilla.redhat.com/2207947", "https://errata.almalinux.org/9/ALSA-2023-3722.html", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=02ac9c9420275868472f33b01def01218742b8bb", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bc2f61ad70971869b242fc1cb445b98bad50074a", "https://github.com/advisories/GHSA-4wp2-xw7p-2gfx", "https://linux.oracle.com/cve/CVE-2023-1255.html", "https://linux.oracle.com/errata/ELSA-2023-3722.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-1255", "https://security.netapp.com/advisory/ntap-20230908-0006/", "https://ubuntu.com/security/notices/USN-6119-1", "https://www.cve.org/CVERecord?id=CVE-2023-1255", "https://www.openssl.org/news/secadv/20230419.txt", "https://www.openssl.org/news/secadv/20230420.txt" ], "PublishedDate": "2023-04-20T17:15:06.883Z", "LastModifiedDate": "2025-02-04T22:15:39.327Z" }, { "VulnerabilityID": "CVE-2023-2650", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.9-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2650", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:ae73f9697fc9ca15460fb53262566ac4e15682475fe51e9849f3b2a717b5e05a", "Title": "openssl: Possible DoS translating ASN.1 object identifiers", "Description": "Issue summary: Processing some specially crafted ASN.1 object identifiers or\ndata containing them may be very slow.\n\nImpact summary: Applications that use OBJ_obj2txt() directly, or use any of\nthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message\nsize limit may experience notable to very long delays when processing those\nmessages, which may lead to a Denial of Service.\n\nAn OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -\nmost of which have no size limit. OBJ_obj2txt() may be used to translate\nan ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL\ntype ASN1_OBJECT) to its canonical numeric text form, which are the\nsub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by\nperiods.\n\nWhen one of the sub-identifiers in the OBJECT IDENTIFIER is very large\n(these are sizes that are seen as absurdly large, taking up tens or hundreds\nof KiBs), the translation to a decimal number in text may take a very long\ntime. The time complexity is O(n^2) with 'n' being the size of the\nsub-identifiers in bytes (*).\n\nWith OpenSSL 3.0, support to fetch cryptographic algorithms using names /\nidentifiers in string form was introduced. This includes using OBJECT\nIDENTIFIERs in canonical numeric text form as identifiers for fetching\nalgorithms.\n\nSuch OBJECT IDENTIFIERs may be received through the ASN.1 structure\nAlgorithmIdentifier, which is commonly used in multiple protocols to specify\nwhat cryptographic algorithm should be used to sign or verify, encrypt or\ndecrypt, or digest passed data.\n\nApplications that call OBJ_obj2txt() directly with untrusted data are\naffected, with any version of OpenSSL. If the use is for the mere purpose\nof display, the severity is considered low.\n\nIn OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,\nCMS, CMP/CRMF or TS. It also impacts anything that processes X.509\ncertificates, including simple things like verifying its signature.\n\nThe impact on TLS is relatively low, because all versions of OpenSSL have a\n100KiB limit on the peer's certificate chain. Additionally, this only\nimpacts clients, or servers that have explicitly enabled client\nauthentication.\n\nIn OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,\nsuch as X.509 certificates. This is assumed to not happen in such a way\nthat it would cause a Denial of Service, so these versions are considered\nnot affected by this issue in such a way that it would be cause for concern,\nand the severity is therefore considered low.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "cbl-mariner": 2, "julia": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/05/30/1", "https://access.redhat.com/errata/RHSA-2023:6330", "https://access.redhat.com/security/cve/CVE-2023-2650", "https://bugzilla.redhat.com/1858038", "https://bugzilla.redhat.com/2207947", "https://errata.almalinux.org/9/ALSA-2023-6330.html", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=423a2bc737a908ad0c77bda470b2b59dc879936b", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=853c5e56ee0b8650c73140816bb8b91d6163422c", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9e209944b35cf82368071f160a744b6178f9b098", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a", "https://github.com/advisories/GHSA-gqxg-9vfr-p9cg", "https://linux.oracle.com/cve/CVE-2023-2650.html", "https://linux.oracle.com/errata/ELSA-2023-6330.html", "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-2650", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0009", "https://security.gentoo.org/glsa/202402-08", "https://security.netapp.com/advisory/ntap-20230703-0001/", "https://security.netapp.com/advisory/ntap-20231027-0009/", "https://ubuntu.com/security/notices/USN-6119-1", "https://ubuntu.com/security/notices/USN-6188-1", "https://ubuntu.com/security/notices/USN-6672-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2023-2650", "https://www.debian.org/security/2023/dsa-5417", "https://www.openssl.org/news/secadv/20230530.txt" ], "PublishedDate": "2023-05-30T14:15:09.683Z", "LastModifiedDate": "2025-03-19T16:15:21.89Z" }, { "VulnerabilityID": "CVE-2023-2975", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.9-r2", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2975", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:3ab0b1b24a02e8662f16cffb57ad74a3926d34e72c6b5cd39ea7261db5da2b93", "Title": "openssl: AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries", "Description": "Issue summary: The AES-SIV cipher implementation contains a bug that causes\nit to ignore empty associated data entries which are unauthenticated as\na consequence.\n\nImpact summary: Applications that use the AES-SIV algorithm and want to\nauthenticate empty data entries as associated data can be misled by removing,\nadding or reordering such empty entries as these are ignored by the OpenSSL\nimplementation. We are currently unaware of any such applications.\n\nThe AES-SIV algorithm allows for authentication of multiple associated\ndata entries along with the encryption. To authenticate empty data the\napplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with\nNULL pointer as the output buffer and 0 as the input buffer length.\nThe AES-SIV implementation in OpenSSL just returns success for such a call\ninstead of performing the associated data authentication operation.\nThe empty data thus will not be authenticated.\n\nAs this issue does not affect non-empty associated data authentication and\nwe expect it to be rare for an application to use empty associated data\nentries this is qualified as Low severity issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-354", "CWE-287" ], "VendorSeverity": { "alma": 1, "amazon": 2, "cbl-mariner": 2, "julia": 2, "nvd": 2, "oracle-oval": 1, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/07/15/1", "http://www.openwall.com/lists/oss-security/2023/07/19/5", "https://access.redhat.com/errata/RHSA-2024:2447", "https://access.redhat.com/security/cve/CVE-2023-2975", "https://bugzilla.redhat.com/2223016", "https://bugzilla.redhat.com/2224962", "https://bugzilla.redhat.com/2227852", "https://bugzilla.redhat.com/2248616", "https://bugzilla.redhat.com/2257571", "https://bugzilla.redhat.com/2258502", "https://bugzilla.redhat.com/2259944", "https://errata.almalinux.org/9/ALSA-2024-2447.html", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=00e2f5eea29994d19293ec4e8c8775ba73678598", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc", "https://github.com/advisories/GHSA-hpqg-7fjp-436p", "https://linux.oracle.com/cve/CVE-2023-2975.html", "https://linux.oracle.com/errata/ELSA-2024-2447.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-2975", "https://security.gentoo.org/glsa/202402-08", "https://security.netapp.com/advisory/ntap-20230725-0004", "https://security.netapp.com/advisory/ntap-20230725-0004/", "https://ubuntu.com/security/notices/USN-6450-1", "https://www.cve.org/CVERecord?id=CVE-2023-2975", "https://www.openssl.org/news/secadv/20230714.txt" ], "PublishedDate": "2023-07-14T12:15:09.023Z", "LastModifiedDate": "2025-04-23T17:16:32.467Z" }, { "VulnerabilityID": "CVE-2023-3446", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.9-r3", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3446", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:79957f0d103f50daa6c155489296ffb4503591b2952fcd8d3a8a121969908888", "Title": "openssl: Excessive time spent checking DH keys and parameters", "Description": "Issue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. One of those\nchecks confirms that the modulus ('p' parameter) is not too large. Trying to use\na very large modulus is slow and OpenSSL will not normally use a modulus which\nis over 10,000 bits in length.\n\nHowever the DH_check() function checks numerous aspects of the key or parameters\nthat have been supplied. Some of those checks use the supplied modulus value\neven if it has already been found to be too large.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulernable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the '-check' option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-606", "CWE-1333" ], "VendorSeverity": { "alma": 1, "amazon": 3, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 1, "photon": 2, "redhat": 1, "rocky": 3, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/07/19/4", "http://www.openwall.com/lists/oss-security/2023/07/19/5", "http://www.openwall.com/lists/oss-security/2023/07/19/6", "http://www.openwall.com/lists/oss-security/2023/07/31/1", "http://www.openwall.com/lists/oss-security/2024/05/16/1", "https://access.redhat.com/errata/RHSA-2024:2447", "https://access.redhat.com/security/cve/CVE-2023-3446", "https://bugzilla.redhat.com/2223016", "https://bugzilla.redhat.com/2224962", "https://bugzilla.redhat.com/2227852", "https://bugzilla.redhat.com/2248616", "https://bugzilla.redhat.com/2257571", "https://bugzilla.redhat.com/2258502", "https://bugzilla.redhat.com/2259944", "https://bugzilla.redhat.com/show_bug.cgi?id=2224962", "https://bugzilla.redhat.com/show_bug.cgi?id=2257582", "https://bugzilla.redhat.com/show_bug.cgi?id=2257583", "https://bugzilla.redhat.com/show_bug.cgi?id=2258677", "https://bugzilla.redhat.com/show_bug.cgi?id=2258688", "https://bugzilla.redhat.com/show_bug.cgi?id=2258691", "https://bugzilla.redhat.com/show_bug.cgi?id=2258694", "https://bugzilla.redhat.com/show_bug.cgi?id=2258700", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36763", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36764", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3446", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45229", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45231", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45232", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45233", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45235", "https://errata.almalinux.org/9/ALSA-2024-2447.html", "https://errata.rockylinux.org/RLSA-2024:2264", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23", "https://linux.oracle.com/cve/CVE-2023-3446.html", "https://linux.oracle.com/errata/ELSA-2024-2447.html", "https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3446", "https://security.gentoo.org/glsa/202402-08", "https://security.netapp.com/advisory/ntap-20230803-0011/", "https://ubuntu.com/security/notices/USN-6435-1", "https://ubuntu.com/security/notices/USN-6435-2", "https://ubuntu.com/security/notices/USN-6450-1", "https://ubuntu.com/security/notices/USN-6709-1", "https://ubuntu.com/security/notices/USN-7018-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2023-3446", "https://www.openssl.org/news/secadv/20230719.txt" ], "PublishedDate": "2023-07-19T12:15:10.003Z", "LastModifiedDate": "2025-04-23T17:16:36.967Z" }, { "VulnerabilityID": "CVE-2023-3817", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.10-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3817", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:96637ef64ca0979577e7acbecaf6e745387663235341e76fc7047c3e846c51b9", "Title": "OpenSSL: Excessive time spent checking DH q parameter value", "Description": "Issue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. After fixing\nCVE-2023-3446 it was discovered that a large q parameter value can also trigger\nan overly long computation during some of these checks. A correct q value,\nif present, cannot be larger than the modulus p parameter, thus it is\nunnecessary to perform these checks if q is larger than p.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulnerable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the \"-check\" option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-606", "CWE-834" ], "VendorSeverity": { "alma": 1, "amazon": 2, "azure": 2, "cbl-mariner": 2, "julia": 2, "nvd": 2, "oracle-oval": 1, "photon": 2, "redhat": 1, "rocky": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://seclists.org/fulldisclosure/2023/Jul/43", "http://www.openwall.com/lists/oss-security/2023/07/31/1", "http://www.openwall.com/lists/oss-security/2023/09/22/11", "http://www.openwall.com/lists/oss-security/2023/09/22/9", "http://www.openwall.com/lists/oss-security/2023/11/06/2", "https://access.redhat.com/errata/RHSA-2024:2447", "https://access.redhat.com/security/cve/CVE-2023-3817", "https://bugzilla.redhat.com/2223016", "https://bugzilla.redhat.com/2224962", "https://bugzilla.redhat.com/2227852", "https://bugzilla.redhat.com/2248616", "https://bugzilla.redhat.com/2257571", "https://bugzilla.redhat.com/2258502", "https://bugzilla.redhat.com/2259944", "https://bugzilla.redhat.com/show_bug.cgi?id=2224962", "https://bugzilla.redhat.com/show_bug.cgi?id=2227852", "https://bugzilla.redhat.com/show_bug.cgi?id=2248616", "https://bugzilla.redhat.com/show_bug.cgi?id=2270358", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3446", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3817", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5678", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2408", "https://errata.almalinux.org/9/ALSA-2024-2447.html", "https://errata.rockylinux.org/RLSA-2023:7877", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5", "https://github.com/advisories/GHSA-c945-cqj5-wfv6", "https://linux.oracle.com/cve/CVE-2023-3817.html", "https://linux.oracle.com/errata/ELSA-2024-2447.html", "https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3817", "https://security.gentoo.org/glsa/202402-08", "https://security.netapp.com/advisory/ntap-20230818-0014", "https://security.netapp.com/advisory/ntap-20230818-0014/", "https://security.netapp.com/advisory/ntap-20231027-0008", "https://security.netapp.com/advisory/ntap-20231027-0008/", "https://security.netapp.com/advisory/ntap-20240621-0006", "https://security.netapp.com/advisory/ntap-20240621-0006/", "https://ubuntu.com/security/notices/USN-6435-1", "https://ubuntu.com/security/notices/USN-6435-2", "https://ubuntu.com/security/notices/USN-6450-1", "https://ubuntu.com/security/notices/USN-6709-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2023-3817", "https://www.openssl.org/news/secadv/20230731.txt" ], "PublishedDate": "2023-07-31T16:15:10.497Z", "LastModifiedDate": "2025-05-05T16:15:47.343Z" }, { "VulnerabilityID": "CVE-2023-5678", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.12-r1", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-5678", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:ad1a8827f667f499bedc0eb3e830a79d076d92900bdff7d180658450414136a2", "Title": "openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow", "Description": "Issue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn't make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn't check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n\"-pubcheck\" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-606", "CWE-754" ], "VendorSeverity": { "alma": 1, "amazon": 3, "azure": 2, "cbl-mariner": 2, "julia": 2, "nvd": 2, "oracle-oval": 1, "photon": 2, "redhat": 1, "rocky": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/11/06/2", "http://www.openwall.com/lists/oss-security/2024/03/11/1", "https://access.redhat.com/errata/RHSA-2024:2447", "https://access.redhat.com/security/cve/CVE-2023-5678", "https://bugzilla.redhat.com/2223016", "https://bugzilla.redhat.com/2224962", "https://bugzilla.redhat.com/2227852", "https://bugzilla.redhat.com/2248616", "https://bugzilla.redhat.com/2257571", "https://bugzilla.redhat.com/2258502", "https://bugzilla.redhat.com/2259944", "https://bugzilla.redhat.com/show_bug.cgi?id=2224962", "https://bugzilla.redhat.com/show_bug.cgi?id=2227852", "https://bugzilla.redhat.com/show_bug.cgi?id=2248616", "https://bugzilla.redhat.com/show_bug.cgi?id=2270358", "https://cert-portal.siemens.com/productcert/html/ssa-093430.html", "https://cert-portal.siemens.com/productcert/html/ssa-128433.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cert-portal.siemens.com/productcert/html/ssa-277137.html", "https://cert-portal.siemens.com/productcert/html/ssa-331112.html", "https://cert-portal.siemens.com/productcert/html/ssa-341067.html", "https://cert-portal.siemens.com/productcert/html/ssa-398330.html", "https://cert-portal.siemens.com/productcert/html/ssa-556635.html", "https://cert-portal.siemens.com/productcert/html/ssa-613116.html", "https://cert-portal.siemens.com/productcert/html/ssa-769027.html", "https://cert-portal.siemens.com/productcert/html/ssa-794697.html", "https://cert-portal.siemens.com/productcert/html/ssa-915275.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3446", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3817", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5678", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2408", "https://errata.almalinux.org/9/ALSA-2024-2447.html", "https://errata.rockylinux.org/RLSA-2023:7877", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6", "https://github.com/advisories/GHSA-2cj7-mg3x-9mhq", "https://linux.oracle.com/cve/CVE-2023-5678.html", "https://linux.oracle.com/errata/ELSA-2024-2447.html", "https://lists.debian.org/debian-lts-announce/2024/10/msg00033.html", "https://lists.debian.org/debian-lts-announce/2024/11/msg00000.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-5678", "https://security.netapp.com/advisory/ntap-20231130-0010", "https://security.netapp.com/advisory/ntap-20231130-0010/", "https://ubuntu.com/security/notices/USN-6622-1", "https://ubuntu.com/security/notices/USN-6632-1", "https://ubuntu.com/security/notices/USN-6709-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2023-5678", "https://www.openssl.org/news/secadv/20231106.txt" ], "PublishedDate": "2023-11-06T16:15:42.67Z", "LastModifiedDate": "2026-05-12T11:16:17.123Z" }, { "VulnerabilityID": "CVE-2023-6129", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.12-r2", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-6129", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:a77cdc3bc75a9786555250faa492a3c79a4430cda7739e4da2a868d07fb2b7bd", "Title": "openssl: POLY1305 MAC implementation corrupts vector registers on PowerPC", "Description": "Issue summary: The POLY1305 MAC (message authentication code) implementation\ncontains a bug that might corrupt the internal state of applications running\non PowerPC CPU based platforms if the CPU provides vector instructions.\n\nImpact summary: If an attacker can influence whether the POLY1305 MAC\nalgorithm is used, the application state might be corrupted with various\napplication dependent consequences.\n\nThe POLY1305 MAC (message authentication code) implementation in OpenSSL for\nPowerPC CPUs restores the contents of vector registers in a different order\nthan they are saved. Thus the contents of some of these vector registers\nare corrupted when returning to the caller. The vulnerable code is used only\non newer PowerPC processors supporting the PowerISA 2.07 instructions.\n\nThe consequences of this kind of internal application state corruption can\nbe various - from no consequences, if the calling application does not\ndepend on the contents of non-volatile XMM registers at all, to the worst\nconsequences, where the attacker could get complete control of the application\nprocess. However unless the compiler uses the vector registers for storing\npointers, the most likely consequence, if any, would be an incorrect result\nof some application dependent calculations or a crash leading to a denial of\nservice.\n\nThe POLY1305 MAC algorithm is most frequently used as part of the\nCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)\nalgorithm. The most common usage of this AEAD cipher is with TLS protocol\nversions 1.2 and 1.3. If this cipher is enabled on the server a malicious\nclient can influence whether this AEAD cipher is used. This implies that\nTLS server applications using OpenSSL can be potentially impacted. However\nwe are currently not aware of any concrete application that would be affected\nby this issue therefore we consider this a Low severity security issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-440", "CWE-787" ], "VendorSeverity": { "alma": 2, "azure": 2, "cbl-mariner": 2, "julia": 2, "nvd": 2, "oracle-oval": 2, "redhat": 1, "rocky": 2, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "V3Score": 6.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/01/09/1", "http://www.openwall.com/lists/oss-security/2024/03/11/1", "https://access.redhat.com/errata/RHSA-2024:9088", "https://access.redhat.com/security/cve/CVE-2023-6129", "https://bugzilla.redhat.com/2257571", "https://bugzilla.redhat.com/2258502", "https://bugzilla.redhat.com/2259944", "https://bugzilla.redhat.com/2284243", "https://bugzilla.redhat.com/show_bug.cgi?id=2257571", "https://bugzilla.redhat.com/show_bug.cgi?id=2258502", "https://bugzilla.redhat.com/show_bug.cgi?id=2259944", "https://bugzilla.redhat.com/show_bug.cgi?id=2284243", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cert-portal.siemens.com/productcert/html/ssa-331112.html", "https://cert-portal.siemens.com/productcert/html/ssa-769027.html", "https://cert-portal.siemens.com/productcert/html/ssa-915275.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6129", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6237", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0727", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1298", "https://errata.almalinux.org/9/ALSA-2024-9088.html", "https://errata.rockylinux.org/RLSA-2024:9088", "https://github.com/advisories/GHSA-rj8q-prqp-jwfg", "https://github.com/openssl/openssl/commit/050d26383d4e264966fb83428e72d5d48f402d35", "https://github.com/openssl/openssl/commit/5b139f95c9a47a55a0c54100f3837b1eee942b04", "https://github.com/openssl/openssl/commit/f3fc5808fe9ff74042d639839610d03b8fdcc015", "https://linux.oracle.com/cve/CVE-2023-6129.html", "https://linux.oracle.com/errata/ELSA-2024-9088.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-6129", "https://security.netapp.com/advisory/ntap-20240216-0009", "https://security.netapp.com/advisory/ntap-20240216-0009/", "https://security.netapp.com/advisory/ntap-20240426-0008", "https://security.netapp.com/advisory/ntap-20240426-0008/", "https://security.netapp.com/advisory/ntap-20240426-0013", "https://security.netapp.com/advisory/ntap-20240426-0013/", "https://security.netapp.com/advisory/ntap-20240503-0011", "https://security.netapp.com/advisory/ntap-20240503-0011/", "https://ubuntu.com/security/notices/USN-6622-1", "https://www.cve.org/CVERecord?id=CVE-2023-6129", "https://www.openssl.org/news/secadv/20240109.txt", "https://www.openwall.com/lists/oss-security/2024/01/09/1" ], "PublishedDate": "2024-01-09T17:15:12.147Z", "LastModifiedDate": "2026-05-12T11:16:17.563Z" }, { "VulnerabilityID": "CVE-2024-0727", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.12-r4", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-0727", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:b83e50f2405b9491e40f4c09055a3be6b87bf960d8127881d78052fd3967cc15", "Title": "openssl: denial of service via null dereference", "Description": "Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL\nto crash leading to a potential Denial of Service attack\n\nImpact summary: Applications loading files in the PKCS12 format from untrusted\nsources might terminate abruptly.\n\nA file in PKCS12 format can contain certificates and keys and may come from an\nuntrusted source. The PKCS12 specification allows certain fields to be NULL, but\nOpenSSL does not correctly check for this case. This can lead to a NULL pointer\ndereference that results in OpenSSL crashing. If an application processes PKCS12\nfiles from an untrusted source using the OpenSSL APIs then that application will\nbe vulnerable to this issue.\n\nOpenSSL APIs that are vulnerable to this are: PKCS12_parse(),\nPKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()\nand PKCS12_newpass().\n\nWe have also fixed a similar issue in SMIME_write_PKCS7(). However since this\nfunction is related to writing data we do not consider it security significant.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "julia": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 1, "rocky": 2, "ubuntu": 1 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/11/1", "https://access.redhat.com/errata/RHSA-2024:9088", "https://access.redhat.com/security/cve/CVE-2024-0727", "https://bugzilla.redhat.com/2257571", "https://bugzilla.redhat.com/2258502", "https://bugzilla.redhat.com/2259944", "https://bugzilla.redhat.com/2284243", "https://bugzilla.redhat.com/show_bug.cgi?id=2257571", "https://bugzilla.redhat.com/show_bug.cgi?id=2258502", "https://bugzilla.redhat.com/show_bug.cgi?id=2259944", "https://bugzilla.redhat.com/show_bug.cgi?id=2284243", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cert-portal.siemens.com/productcert/html/ssa-277137.html", "https://cert-portal.siemens.com/productcert/html/ssa-331112.html", "https://cert-portal.siemens.com/productcert/html/ssa-769027.html", "https://cert-portal.siemens.com/productcert/html/ssa-915275.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6129", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6237", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0727", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1298", "https://errata.almalinux.org/9/ALSA-2024-9088.html", "https://errata.rockylinux.org/RLSA-2024:9088", "https://github.com/advisories/GHSA-9v9h-cgj8-h64p", "https://github.com/alexcrichton/openssl-src-rs/commit/add20f73b6b42be7451af2e1044d4e0e778992b2", "https://github.com/github/advisory-database/pull/3472", "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2", "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a", "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c", "https://github.com/openssl/openssl/pull/23362", "https://github.com/pyca/cryptography/commit/3519591d255d4506fbcd0d04037d45271903c64d", "https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8", "https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539", "https://linux.oracle.com/cve/CVE-2024-0727.html", "https://linux.oracle.com/errata/ELSA-2024-9088.html", "https://lists.debian.org/debian-lts-announce/2024/10/msg00033.html", "https://lists.debian.org/debian-lts-announce/2024/11/msg00000.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-0727", "https://security.netapp.com/advisory/ntap-20240208-0006", "https://security.netapp.com/advisory/ntap-20240208-0006/", "https://ubuntu.com/security/notices/USN-6622-1", "https://ubuntu.com/security/notices/USN-6632-1", "https://ubuntu.com/security/notices/USN-6709-1", "https://ubuntu.com/security/notices/USN-7018-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2024-0727", "https://www.openssl.org/news/secadv/20240125.txt" ], "PublishedDate": "2024-01-26T09:15:07.637Z", "LastModifiedDate": "2026-05-12T12:16:16.567Z" }, { "VulnerabilityID": "CVE-2025-69419", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.19-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69419", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:0acae399f7629b8fe9565fb24dbfc603c81db73a4e0b4ddb794e6ff64c29a526", "Title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing", "Description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "cbl-mariner": 3, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4472", "https://access.redhat.com/security/cve/CVE-2025-69419", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-4472.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-x77r-97gw-wh89", "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", "https://linux.oracle.com/cve/CVE-2025-69419.html", "https://linux.oracle.com/errata/ELSA-2026-50131.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69419" ], "PublishedDate": "2026-01-27T16:16:34.113Z", "LastModifiedDate": "2026-05-12T13:17:26.19Z" }, { "VulnerabilityID": "CVE-2025-9230", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.19-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:e1ce935857188d04d582bc29ae324301fb4625054080388375d2eeeac33f78da", "Title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap", "Description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125", "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "cbl-mariner": 3, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.6 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/09/30/5", "https://access.redhat.com/errata/RHSA-2026:2776", "https://access.redhat.com/security/cve/CVE-2025-9230", "https://bugzilla.redhat.com/2396054", "https://bugzilla.redhat.com/show_bug.cgi?id=2396054", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cert-portal.siemens.com/productcert/html/ssa-485750.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230", "https://errata.almalinux.org/9/ALSA-2026-2776.html", "https://errata.rockylinux.org/RLSA-2025:21255", "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", "https://linux.oracle.com/cve/CVE-2025-9230.html", "https://linux.oracle.com/errata/ELSA-2026-50114.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "https://openssl-library.org/news/secadv/20250930.txt", "https://ubuntu.com/security/notices/USN-7786-1", "https://www.cve.org/CVERecord?id=CVE-2025-9230" ], "PublishedDate": "2025-09-30T14:15:41.05Z", "LastModifiedDate": "2026-05-12T13:17:29.767Z" }, { "VulnerabilityID": "CVE-2025-26519", "PkgID": "musl@1.2.3-r4", "PkgName": "musl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl@1.2.3-r4?arch=x86_64\u0026distro=3.17.0", "UID": "af5f98cf83a00dc2" }, "InstalledVersion": "1.2.3-r4", "FixedVersion": "1.2.3-r6", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-26519", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:c3db28160797c13f6c86972e6208dcd15f750c966dc5922502b2874ce8b817e3", "Title": "musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write ...", "Description": "musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "nvd": 3 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/02/13/2", "http://www.openwall.com/lists/oss-security/2025/02/13/3", "http://www.openwall.com/lists/oss-security/2025/02/13/4", "http://www.openwall.com/lists/oss-security/2025/02/13/5", "http://www.openwall.com/lists/oss-security/2025/02/14/5", "http://www.openwall.com/lists/oss-security/2025/02/14/6", "https://git.musl-libc.org/cgit/musl/commit/?id=c47ad25ea3b484e10326f933e927c0bc8cded3da", "https://git.musl-libc.org/cgit/musl/commit/?id=e5adcd97b5196e29991b524237381a0202a60659", "https://www.openwall.com/lists/oss-security/2025/02/13/2" ], "PublishedDate": "2025-02-14T04:15:09.05Z", "LastModifiedDate": "2025-12-10T20:03:59.273Z" }, { "VulnerabilityID": "CVE-2025-26519", "PkgID": "musl-utils@1.2.3-r4", "PkgName": "musl-utils", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl-utils@1.2.3-r4?arch=x86_64\u0026distro=3.17.0", "UID": "69e5c84e7222babe" }, "InstalledVersion": "1.2.3-r4", "FixedVersion": "1.2.3-r6", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-26519", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:8ab4cf830760b396c98023ad8599965608375435c48f99d6da4ba24f66fb8df6", "Title": "musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write ...", "Description": "musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "nvd": 3 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/02/13/2", "http://www.openwall.com/lists/oss-security/2025/02/13/3", "http://www.openwall.com/lists/oss-security/2025/02/13/4", "http://www.openwall.com/lists/oss-security/2025/02/13/5", "http://www.openwall.com/lists/oss-security/2025/02/14/5", "http://www.openwall.com/lists/oss-security/2025/02/14/6", "https://git.musl-libc.org/cgit/musl/commit/?id=c47ad25ea3b484e10326f933e927c0bc8cded3da", "https://git.musl-libc.org/cgit/musl/commit/?id=e5adcd97b5196e29991b524237381a0202a60659", "https://www.openwall.com/lists/oss-security/2025/02/13/2" ], "PublishedDate": "2025-02-14T04:15:09.05Z", "LastModifiedDate": "2025-12-10T20:03:59.273Z" }, { "VulnerabilityID": "CVE-2023-42363", "PkgID": "ssl_client@1.35.0-r29", "PkgName": "ssl_client", "PkgIdentifier": { "PURL": "pkg:apk/alpine/ssl_client@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", "UID": "4d574a05a4da5141" }, "InstalledVersion": "1.35.0-r29", "FixedVersion": "1.35.0-r31", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-42363", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:a04960cdd2abbd5f6f409edc1c188372293c862a8dd58f08547f66aa824f675a", "Title": "busybox: use-after-free in awk", "Description": "A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://lists.busybox.net/pipermail/busybox/2024-May/090760.html", "https://access.redhat.com/security/cve/CVE-2023-42363", "https://bugs.busybox.net/show_bug.cgi?id=15865", "https://nvd.nist.gov/vuln/detail/CVE-2023-42363", "https://ubuntu.com/security/notices/USN-6961-1", "https://www.cve.org/CVERecord?id=CVE-2023-42363" ], "PublishedDate": "2023-11-27T22:15:07.94Z", "LastModifiedDate": "2024-11-21T08:22:28.403Z" }, { "VulnerabilityID": "CVE-2023-42364", "PkgID": "ssl_client@1.35.0-r29", "PkgName": "ssl_client", "PkgIdentifier": { "PURL": "pkg:apk/alpine/ssl_client@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", "UID": "4d574a05a4da5141" }, "InstalledVersion": "1.35.0-r29", "FixedVersion": "1.35.0-r31", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-42364", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:3a2b5e125722f465bd528378cb522881325f83a46afe8e6199234fdbdfd5a223", "Title": "busybox: use-after-free", "Description": "A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://lists.busybox.net/pipermail/busybox/2024-May/090762.html", "https://access.redhat.com/security/cve/CVE-2023-42364", "https://bugs.busybox.net/show_bug.cgi?id=15868", "https://gitlab.alpinelinux.org/alpine/aports/-/blob/master/main/busybox/CVE-2023-42364-CVE-2023-42365.patch", "https://lists.debian.org/debian-lts-announce/2025/01/msg00012.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-42364", "https://ubuntu.com/security/notices/USN-6961-1", "https://www.cve.org/CVERecord?id=CVE-2023-42364" ], "PublishedDate": "2023-11-27T23:15:07.313Z", "LastModifiedDate": "2025-11-03T21:16:01.17Z" }, { "VulnerabilityID": "CVE-2023-42365", "PkgID": "ssl_client@1.35.0-r29", "PkgName": "ssl_client", "PkgIdentifier": { "PURL": "pkg:apk/alpine/ssl_client@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", "UID": "4d574a05a4da5141" }, "InstalledVersion": "1.35.0-r29", "FixedVersion": "1.35.0-r31", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-42365", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:980a5d2525cf2154b839f7ae93bf5b6ee255a3c8459d293123b8691139fa3d91", "Title": "busybox: use-after-free", "Description": "A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://lists.busybox.net/pipermail/busybox/2024-May/090762.html", "https://access.redhat.com/security/cve/CVE-2023-42365", "https://bugs.busybox.net/show_bug.cgi?id=15871", "https://gitlab.alpinelinux.org/alpine/aports/-/blob/master/main/busybox/CVE-2023-42364-CVE-2023-42365.patch", "https://lists.debian.org/debian-lts-announce/2025/01/msg00012.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-42365", "https://ubuntu.com/security/notices/USN-6961-1", "https://www.cve.org/CVERecord?id=CVE-2023-42365" ], "PublishedDate": "2023-11-27T23:15:07.373Z", "LastModifiedDate": "2025-11-03T21:16:01.393Z" }, { "VulnerabilityID": "CVE-2023-42366", "PkgID": "ssl_client@1.35.0-r29", "PkgName": "ssl_client", "PkgIdentifier": { "PURL": "pkg:apk/alpine/ssl_client@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", "UID": "4d574a05a4da5141" }, "InstalledVersion": "1.35.0-r29", "FixedVersion": "1.35.0-r30", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-42366", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:66ead9d5e38cbeda8bd521e1695b3aa49f833fda8fef553eb312da917af688af", "Title": "busybox: A heap-buffer-overflow", "Description": "A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-42366", "https://bugs.busybox.net/show_bug.cgi?id=15874", "https://nvd.nist.gov/vuln/detail/CVE-2023-42366", "https://security.netapp.com/advisory/ntap-20241206-0007/", "https://www.cve.org/CVERecord?id=CVE-2023-42366" ], "PublishedDate": "2023-11-27T23:15:07.42Z", "LastModifiedDate": "2024-12-06T14:15:19.53Z" } ] }, { "Target": "usr/local/bin/rclone", "Class": "lang-pkgs", "Type": "gobinary", "Packages": [ { "ID": "github.com/rclone/rclone@v1.61.1", "Name": "github.com/rclone/rclone", "Identifier": { "PURL": "pkg:golang/github.com/rclone/rclone@v1.61.1", "UID": "ae64505d118b4275" }, "Version": "v1.61.1", "Relationship": "root", "DependsOn": [ "bazil.org/fuse@v0.0.0-20200524192727-fb710f7dfd05", "cloud.google.com/go/compute/metadata@v0.2.1", "github.com/Azure/azure-sdk-for-go/sdk/azcore@v1.1.4", "github.com/Azure/azure-sdk-for-go/sdk/azidentity@v1.2.0", "github.com/Azure/azure-sdk-for-go/sdk/internal@v1.0.1", "github.com/Azure/azure-sdk-for-go/sdk/storage/azblob@v0.5.1", "github.com/Azure/go-ntlmssp@v0.0.0-20220621081337-cb9428e4ac1e", "github.com/AzureAD/microsoft-authentication-library-for-go@v0.7.0", "github.com/Max-Sum/base32768@v0.0.0-20191205131208-7937843c71d5", "github.com/ProtonMail/go-crypto@v0.0.0-20221026131551-cf6655e29de4", "github.com/Unknwon/goconfig@v1.0.0", "github.com/a8m/tree@v0.0.0-20210414114729-ce3525c5c2ef", "github.com/aalpar/deheap@v0.0.0-20210914013432-0cc84d79dec3", "github.com/abbot/go-http-auth@v0.4.0", "github.com/anacrolix/dms@v1.5.0", "github.com/anacrolix/log@v0.13.1", "github.com/artyom/mtab@v1.0.0", "github.com/atotto/clipboard@v0.1.4", "github.com/aws/aws-sdk-go@v1.44.145", "github.com/beorn7/perks@v1.0.1", "github.com/buengese/sgzip@v0.1.1", "github.com/calebcase/tmpfile@v1.0.3", "github.com/cespare/xxhash/v2@v2.1.2", "github.com/cloudflare/circl@v1.1.0", "github.com/colinmarc/hdfs/v2@v2.3.0", "github.com/coreos/go-semver@v0.3.0", "github.com/coreos/go-systemd@v0.0.0-20191104093116-d3cd4ed1dbcf", "github.com/cpuguy83/go-md2man/v2@v2.0.2", "github.com/dropbox/dropbox-sdk-go-unofficial/v6@v6.0.5", "github.com/gabriel-vasile/mimetype@v1.4.1", "github.com/gdamore/encoding@v1.0.0", "github.com/gdamore/tcell/v2@v2.5.3", "github.com/geoffgarside/ber@v1.1.0", "github.com/go-chi/chi/v5@v5.0.7", "github.com/gofrs/flock@v0.8.1", "github.com/gogo/protobuf@v1.3.2", "github.com/golang-jwt/jwt/v4@v4.4.2", "github.com/golang/groupcache@v0.0.0-20210331224755-41bb18bfe9da", "github.com/golang/protobuf@v1.5.2", "github.com/google/go-querystring@v1.1.0", "github.com/google/uuid@v1.3.0", "github.com/googleapis/enterprise-certificate-proxy@v0.2.0", "github.com/googleapis/gax-go/v2@v2.7.0", "github.com/hanwen/go-fuse/v2@v2.1.0", "github.com/hashicorp/errwrap@v1.0.0", "github.com/hashicorp/go-multierror@v1.1.1", "github.com/hashicorp/go-uuid@v1.0.3", "github.com/hirochachacha/go-smb2@v1.1.0", "github.com/iguanesolutions/go-systemd/v5@v5.1.0", "github.com/jcmturner/aescts/v2@v2.0.0", "github.com/jcmturner/dnsutils/v2@v2.0.0", "github.com/jcmturner/gofork@v1.7.6", "github.com/jcmturner/goidentity/v6@v6.0.1", "github.com/jcmturner/gokrb5/v8@v8.4.3", "github.com/jcmturner/rpc/v2@v2.0.3", "github.com/jmespath/go-jmespath@v0.4.0", "github.com/jzelinskie/whirlpool@v0.0.0-20201016144138-0675e54bb004", "github.com/klauspost/compress@v1.15.12", "github.com/koofr/go-httpclient@v0.0.0-20200420163713-93aa7c75b348", "github.com/koofr/go-koofrclient@v0.0.0-20190724113126-8e5366da203a", "github.com/kr/fs@v0.1.0", "github.com/kylelemons/godebug@v1.1.0", "github.com/lucasb-eyer/go-colorful@v1.2.0", "github.com/mattn/go-colorable@v0.1.13", "github.com/mattn/go-isatty@v0.0.16", "github.com/mattn/go-runewidth@v0.0.14", "github.com/matttproud/golang_protobuf_extensions@v1.0.1", "github.com/mitchellh/go-homedir@v1.1.0", "github.com/ncw/go-acd@v0.0.0-20201019170801-fe55f33415b1", "github.com/ncw/swift/v2@v2.0.1", "github.com/oracle/oci-go-sdk/v65@v65.26.1", "github.com/patrickmn/go-cache@v2.1.0+incompatible", "github.com/pengsrc/go-shared@v0.2.1-0.20190131101655-1999055a4a14", "github.com/pkg/browser@v0.0.0-20210115035449-ce105d075bb4", "github.com/pkg/sftp@v1.13.5", "github.com/pkg/xattr@v0.4.9", "github.com/prometheus/client_golang@v1.14.0", "github.com/prometheus/client_model@v0.3.0", "github.com/prometheus/common@v0.37.0", "github.com/prometheus/procfs@v0.8.0", "github.com/putdotio/go-putio/putio@v0.0.0-20200123120452-16d982cac2b8", "github.com/rclone/ftp@v0.0.0-20221014110213-e44dedbc76c6", "github.com/rfjakob/eme@v1.1.2", "github.com/rivo/uniseg@v0.2.0", "github.com/russross/blackfriday/v2@v2.1.0", "github.com/shirou/gopsutil/v3@v3.22.10", "github.com/sirupsen/logrus@v1.9.0", "github.com/skratchdot/open-golang@v0.0.0-20200116055534-eef842397966", "github.com/sony/gobreaker@v0.5.0", "github.com/spacemonkeygo/monkit/v3@v3.0.17", "github.com/spf13/cobra@v1.6.1", "github.com/spf13/pflag@v1.0.5", "github.com/t3rm1n4l/go-mega@v0.0.0-20220725095014-c4e0c2b5debf", "github.com/vivint/infectious@v0.0.0-20200605153912-25a574ae18a3", "github.com/xanzy/ssh-agent@v0.3.3", "github.com/youmark/pkcs8@v0.0.0-20201027041543-1326539a0a0a", "github.com/yunify/qingstor-sdk-go/v3@v3.2.0", "github.com/zeebo/errs@v1.3.0", "go.etcd.io/bbolt@v1.3.6", "go.opencensus.io@v0.24.0", "goftp.io/server@v0.4.1", "golang.org/x/crypto@v0.3.0", "golang.org/x/net@v0.4.0", "golang.org/x/oauth2@v0.2.0", "golang.org/x/sync@v0.1.0", "golang.org/x/sys@v0.3.0", "golang.org/x/term@v0.3.0", "golang.org/x/text@v0.5.0", "golang.org/x/time@v0.2.0", "google.golang.org/api@v0.103.0", "google.golang.org/genproto@v0.0.0-20221027153422-115e99e71e1c", "google.golang.org/grpc@v1.50.1", "google.golang.org/protobuf@v1.28.1", "gopkg.in/yaml.v2@v2.4.0", "gopkg.in/yaml.v3@v3.0.1", "stdlib@v1.19.4", "storj.io/common@v0.0.0-20220414110316-a5cb7172d6bf", "storj.io/drpc@v0.0.30", "storj.io/uplink@v1.9.0" ], "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "stdlib@v1.19.4", "Name": "stdlib", "Identifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "Version": "v1.19.4", "Relationship": "direct", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "bazil.org/fuse@v0.0.0-20200524192727-fb710f7dfd05", "Name": "bazil.org/fuse", "Identifier": { "PURL": "pkg:golang/bazil.org/fuse@v0.0.0-20200524192727-fb710f7dfd05", "UID": "e326377e7594e90d" }, "Version": "v0.0.0-20200524192727-fb710f7dfd05", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "cloud.google.com/go/compute/metadata@v0.2.1", "Name": "cloud.google.com/go/compute/metadata", "Identifier": { "PURL": "pkg:golang/cloud.google.com/go/compute/metadata@v0.2.1", "UID": "c49fe0c9fb0922d3" }, "Version": "v0.2.1", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Azure/azure-sdk-for-go/sdk/azcore@v1.1.4", "Name": "github.com/Azure/azure-sdk-for-go/sdk/azcore", "Identifier": { "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/azcore@v1.1.4", "UID": "588de0eb9d873f03" }, "Version": "v1.1.4", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Azure/azure-sdk-for-go/sdk/azidentity@v1.2.0", "Name": "github.com/Azure/azure-sdk-for-go/sdk/azidentity", "Identifier": { "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/azidentity@v1.2.0", "UID": "9e2e4303a4195ef3" }, "Version": "v1.2.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Azure/azure-sdk-for-go/sdk/internal@v1.0.1", "Name": "github.com/Azure/azure-sdk-for-go/sdk/internal", "Identifier": { "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/internal@v1.0.1", "UID": "3af85f292175432e" }, "Version": "v1.0.1", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Azure/azure-sdk-for-go/sdk/storage/azblob@v0.5.1", "Name": "github.com/Azure/azure-sdk-for-go/sdk/storage/azblob", "Identifier": { "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/storage/azblob@v0.5.1", "UID": "fd812700db42447b" }, "Version": "v0.5.1", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Azure/go-ntlmssp@v0.0.0-20220621081337-cb9428e4ac1e", "Name": "github.com/Azure/go-ntlmssp", "Identifier": { "PURL": "pkg:golang/github.com/azure/go-ntlmssp@v0.0.0-20220621081337-cb9428e4ac1e", "UID": "94423296cb8be0a" }, "Version": "v0.0.0-20220621081337-cb9428e4ac1e", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/AzureAD/microsoft-authentication-library-for-go@v0.7.0", "Name": "github.com/AzureAD/microsoft-authentication-library-for-go", "Identifier": { "PURL": "pkg:golang/github.com/azuread/microsoft-authentication-library-for-go@v0.7.0", "UID": "a5d005e8ef29fde0" }, "Version": "v0.7.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Max-Sum/base32768@v0.0.0-20191205131208-7937843c71d5", "Name": "github.com/Max-Sum/base32768", "Identifier": { "PURL": "pkg:golang/github.com/max-sum/base32768@v0.0.0-20191205131208-7937843c71d5", "UID": "dc1ed91e88817ecd" }, "Version": "v0.0.0-20191205131208-7937843c71d5", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/ProtonMail/go-crypto@v0.0.0-20221026131551-cf6655e29de4", "Name": "github.com/ProtonMail/go-crypto", "Identifier": { "PURL": "pkg:golang/github.com/protonmail/go-crypto@v0.0.0-20221026131551-cf6655e29de4", "UID": "47bd36c43c7a11ed" }, "Version": "v0.0.0-20221026131551-cf6655e29de4", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Unknwon/goconfig@v1.0.0", "Name": "github.com/Unknwon/goconfig", "Identifier": { "PURL": "pkg:golang/github.com/unknwon/goconfig@v1.0.0", "UID": "b9fcd5d99373376d" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/a8m/tree@v0.0.0-20210414114729-ce3525c5c2ef", "Name": "github.com/a8m/tree", "Identifier": { "PURL": "pkg:golang/github.com/a8m/tree@v0.0.0-20210414114729-ce3525c5c2ef", "UID": "dfe87a11b16fd373" }, "Version": "v0.0.0-20210414114729-ce3525c5c2ef", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aalpar/deheap@v0.0.0-20210914013432-0cc84d79dec3", "Name": "github.com/aalpar/deheap", "Identifier": { "PURL": "pkg:golang/github.com/aalpar/deheap@v0.0.0-20210914013432-0cc84d79dec3", "UID": "de2ea7084056b52e" }, "Version": "v0.0.0-20210914013432-0cc84d79dec3", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/abbot/go-http-auth@v0.4.0", "Name": "github.com/abbot/go-http-auth", "Identifier": { "PURL": "pkg:golang/github.com/abbot/go-http-auth@v0.4.0", "UID": "5ab0773158a33925" }, "Version": "v0.4.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/anacrolix/dms@v1.5.0", "Name": "github.com/anacrolix/dms", "Identifier": { "PURL": "pkg:golang/github.com/anacrolix/dms@v1.5.0", "UID": "8b414c8d1bd80ab5" }, "Version": "v1.5.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/anacrolix/log@v0.13.1", "Name": "github.com/anacrolix/log", "Identifier": { "PURL": "pkg:golang/github.com/anacrolix/log@v0.13.1", "UID": "35d0179d7bf6f042" }, "Version": "v0.13.1", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/artyom/mtab@v1.0.0", "Name": "github.com/artyom/mtab", "Identifier": { "PURL": "pkg:golang/github.com/artyom/mtab@v1.0.0", "UID": "34ec9fb92a539633" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/atotto/clipboard@v0.1.4", "Name": "github.com/atotto/clipboard", "Identifier": { "PURL": "pkg:golang/github.com/atotto/clipboard@v0.1.4", "UID": "9b148df82c4aaf1" }, "Version": "v0.1.4", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go@v1.44.145", "Name": "github.com/aws/aws-sdk-go", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go@v1.44.145", "UID": "64d3196ec3dc43c9" }, "Version": "v1.44.145", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/beorn7/perks@v1.0.1", "Name": "github.com/beorn7/perks", "Identifier": { "PURL": "pkg:golang/github.com/beorn7/perks@v1.0.1", "UID": "9db812384db82867" }, "Version": "v1.0.1", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/buengese/sgzip@v0.1.1", "Name": "github.com/buengese/sgzip", "Identifier": { "PURL": "pkg:golang/github.com/buengese/sgzip@v0.1.1", "UID": "90a6fb3367798697" }, "Version": "v0.1.1", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/calebcase/tmpfile@v1.0.3", "Name": "github.com/calebcase/tmpfile", "Identifier": { "PURL": "pkg:golang/github.com/calebcase/tmpfile@v1.0.3", "UID": "c92ea277cada4584" }, "Version": "v1.0.3", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cespare/xxhash/v2@v2.1.2", "Name": "github.com/cespare/xxhash/v2", "Identifier": { "PURL": "pkg:golang/github.com/cespare/xxhash/v2@v2.1.2", "UID": "594caa752e9c787b" }, "Version": "v2.1.2", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cloudflare/circl@v1.1.0", "Name": "github.com/cloudflare/circl", "Identifier": { "PURL": "pkg:golang/github.com/cloudflare/circl@v1.1.0", "UID": "6ad71c4815031930" }, "Version": "v1.1.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/colinmarc/hdfs/v2@v2.3.0", "Name": "github.com/colinmarc/hdfs/v2", "Identifier": { "PURL": "pkg:golang/github.com/colinmarc/hdfs/v2@v2.3.0", "UID": "3935051519b0ce30" }, "Version": "v2.3.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/coreos/go-semver@v0.3.0", "Name": "github.com/coreos/go-semver", "Identifier": { "PURL": "pkg:golang/github.com/coreos/go-semver@v0.3.0", "UID": "2f634c91c54af7ae" }, "Version": "v0.3.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/coreos/go-systemd@v0.0.0-20191104093116-d3cd4ed1dbcf", "Name": "github.com/coreos/go-systemd", "Identifier": { "PURL": "pkg:golang/github.com/coreos/go-systemd@v0.0.0-20191104093116-d3cd4ed1dbcf", "UID": "6346de3a92a6be0a" }, "Version": "v0.0.0-20191104093116-d3cd4ed1dbcf", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cpuguy83/go-md2man/v2@v2.0.2", "Name": "github.com/cpuguy83/go-md2man/v2", "Identifier": { "PURL": "pkg:golang/github.com/cpuguy83/go-md2man/v2@v2.0.2", "UID": "601256f06f150e1f" }, "Version": "v2.0.2", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/dropbox/dropbox-sdk-go-unofficial/v6@v6.0.5", "Name": "github.com/dropbox/dropbox-sdk-go-unofficial/v6", "Identifier": { "PURL": "pkg:golang/github.com/dropbox/dropbox-sdk-go-unofficial/v6@v6.0.5", "UID": "ab721ef79da4c7b9" }, "Version": "v6.0.5", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/gabriel-vasile/mimetype@v1.4.1", "Name": "github.com/gabriel-vasile/mimetype", "Identifier": { "PURL": "pkg:golang/github.com/gabriel-vasile/mimetype@v1.4.1", "UID": "3e6e996ab1ed72ee" }, "Version": "v1.4.1", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/gdamore/encoding@v1.0.0", "Name": "github.com/gdamore/encoding", "Identifier": { "PURL": "pkg:golang/github.com/gdamore/encoding@v1.0.0", "UID": "d8de5b1778213249" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/gdamore/tcell/v2@v2.5.3", "Name": "github.com/gdamore/tcell/v2", "Identifier": { "PURL": "pkg:golang/github.com/gdamore/tcell/v2@v2.5.3", "UID": "f000ef08ec14b3ae" }, "Version": "v2.5.3", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/geoffgarside/ber@v1.1.0", "Name": "github.com/geoffgarside/ber", "Identifier": { "PURL": "pkg:golang/github.com/geoffgarside/ber@v1.1.0", "UID": "9684e2b37bb6c350" }, "Version": "v1.1.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-chi/chi/v5@v5.0.7", "Name": "github.com/go-chi/chi/v5", "Identifier": { "PURL": "pkg:golang/github.com/go-chi/chi/v5@v5.0.7", "UID": "174827b0972b6f93" }, "Version": "v5.0.7", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/gofrs/flock@v0.8.1", "Name": "github.com/gofrs/flock", "Identifier": { "PURL": "pkg:golang/github.com/gofrs/flock@v0.8.1", "UID": "9a13242c499925ec" }, "Version": "v0.8.1", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/gogo/protobuf@v1.3.2", "Name": "github.com/gogo/protobuf", "Identifier": { "PURL": "pkg:golang/github.com/gogo/protobuf@v1.3.2", "UID": "d87d9eff3e69d867" }, "Version": "v1.3.2", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/golang-jwt/jwt/v4@v4.4.2", "Name": "github.com/golang-jwt/jwt/v4", "Identifier": { "PURL": "pkg:golang/github.com/golang-jwt/jwt/v4@v4.4.2", "UID": "a02ec5d34a9debc5" }, "Version": "v4.4.2", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/golang/groupcache@v0.0.0-20210331224755-41bb18bfe9da", "Name": "github.com/golang/groupcache", "Identifier": { "PURL": "pkg:golang/github.com/golang/groupcache@v0.0.0-20210331224755-41bb18bfe9da", "UID": "afd14c25f4ee5d4b" }, "Version": "v0.0.0-20210331224755-41bb18bfe9da", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/golang/protobuf@v1.5.2", "Name": "github.com/golang/protobuf", "Identifier": { "PURL": "pkg:golang/github.com/golang/protobuf@v1.5.2", "UID": "33bde5d5d825dd96" }, "Version": "v1.5.2", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/go-querystring@v1.1.0", "Name": "github.com/google/go-querystring", "Identifier": { "PURL": "pkg:golang/github.com/google/go-querystring@v1.1.0", "UID": "3dd1c5f700d031dd" }, "Version": "v1.1.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/uuid@v1.3.0", "Name": "github.com/google/uuid", "Identifier": { "PURL": "pkg:golang/github.com/google/uuid@v1.3.0", "UID": "4c55dd47bd0c005c" }, "Version": "v1.3.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/googleapis/enterprise-certificate-proxy@v0.2.0", "Name": "github.com/googleapis/enterprise-certificate-proxy", "Identifier": { "PURL": "pkg:golang/github.com/googleapis/enterprise-certificate-proxy@v0.2.0", "UID": "e26fa96544cf98a1" }, "Version": "v0.2.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/googleapis/gax-go/v2@v2.7.0", "Name": "github.com/googleapis/gax-go/v2", "Identifier": { "PURL": "pkg:golang/github.com/googleapis/gax-go/v2@v2.7.0", "UID": "c5e85822c4cfb999" }, "Version": "v2.7.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hanwen/go-fuse/v2@v2.1.0", "Name": "github.com/hanwen/go-fuse/v2", "Identifier": { "PURL": "pkg:golang/github.com/hanwen/go-fuse/v2@v2.1.0", "UID": "d89ade7dbb7dc768" }, "Version": "v2.1.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/errwrap@v1.0.0", "Name": "github.com/hashicorp/errwrap", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/errwrap@v1.0.0", "UID": "3af0290f673165be" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/go-multierror@v1.1.1", "Name": "github.com/hashicorp/go-multierror", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/go-multierror@v1.1.1", "UID": "63bc31e1a7f3db3f" }, "Version": "v1.1.1", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/go-uuid@v1.0.3", "Name": "github.com/hashicorp/go-uuid", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/go-uuid@v1.0.3", "UID": "e2650d386c0e7227" }, "Version": "v1.0.3", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hirochachacha/go-smb2@v1.1.0", "Name": "github.com/hirochachacha/go-smb2", "Identifier": { "PURL": "pkg:golang/github.com/hirochachacha/go-smb2@v1.1.0", "UID": "f665b457a9d6481b" }, "Version": "v1.1.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/iguanesolutions/go-systemd/v5@v5.1.0", "Name": "github.com/iguanesolutions/go-systemd/v5", "Identifier": { "PURL": "pkg:golang/github.com/iguanesolutions/go-systemd/v5@v5.1.0", "UID": "fc6b6d77c91423bb" }, "Version": "v5.1.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/jcmturner/aescts/v2@v2.0.0", "Name": "github.com/jcmturner/aescts/v2", "Identifier": { "PURL": "pkg:golang/github.com/jcmturner/aescts/v2@v2.0.0", "UID": "c78cb1254b6a8e5b" }, "Version": "v2.0.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/jcmturner/dnsutils/v2@v2.0.0", "Name": "github.com/jcmturner/dnsutils/v2", "Identifier": { "PURL": "pkg:golang/github.com/jcmturner/dnsutils/v2@v2.0.0", "UID": "a7ad42b7cad868aa" }, "Version": "v2.0.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/jcmturner/gofork@v1.7.6", "Name": "github.com/jcmturner/gofork", "Identifier": { "PURL": "pkg:golang/github.com/jcmturner/gofork@v1.7.6", "UID": "49af178ed17b2905" }, "Version": "v1.7.6", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/jcmturner/goidentity/v6@v6.0.1", "Name": "github.com/jcmturner/goidentity/v6", "Identifier": { "PURL": "pkg:golang/github.com/jcmturner/goidentity/v6@v6.0.1", "UID": "7ef3be726cac9ac" }, "Version": "v6.0.1", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/jcmturner/gokrb5/v8@v8.4.3", "Name": "github.com/jcmturner/gokrb5/v8", "Identifier": { "PURL": "pkg:golang/github.com/jcmturner/gokrb5/v8@v8.4.3", "UID": "7db6c4a4e6014e0c" }, "Version": "v8.4.3", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/jcmturner/rpc/v2@v2.0.3", "Name": "github.com/jcmturner/rpc/v2", "Identifier": { "PURL": "pkg:golang/github.com/jcmturner/rpc/v2@v2.0.3", "UID": "c2fadbabdb422851" }, "Version": "v2.0.3", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/jmespath/go-jmespath@v0.4.0", "Name": "github.com/jmespath/go-jmespath", "Identifier": { "PURL": "pkg:golang/github.com/jmespath/go-jmespath@v0.4.0", "UID": "18998ac4dc32a50a" }, "Version": "v0.4.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/jzelinskie/whirlpool@v0.0.0-20201016144138-0675e54bb004", "Name": "github.com/jzelinskie/whirlpool", "Identifier": { "PURL": "pkg:golang/github.com/jzelinskie/whirlpool@v0.0.0-20201016144138-0675e54bb004", "UID": "36634c97ac70a026" }, "Version": "v0.0.0-20201016144138-0675e54bb004", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/klauspost/compress@v1.15.12", "Name": "github.com/klauspost/compress", "Identifier": { "PURL": "pkg:golang/github.com/klauspost/compress@v1.15.12", "UID": "11829bcf817fab6f" }, "Version": "v1.15.12", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/koofr/go-httpclient@v0.0.0-20200420163713-93aa7c75b348", "Name": "github.com/koofr/go-httpclient", "Identifier": { "PURL": "pkg:golang/github.com/koofr/go-httpclient@v0.0.0-20200420163713-93aa7c75b348", "UID": "5c1ae4b9a87e2d29" }, "Version": "v0.0.0-20200420163713-93aa7c75b348", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/koofr/go-koofrclient@v0.0.0-20190724113126-8e5366da203a", "Name": "github.com/koofr/go-koofrclient", "Identifier": { "PURL": "pkg:golang/github.com/koofr/go-koofrclient@v0.0.0-20190724113126-8e5366da203a", "UID": "4eeaabca6565cb54" }, "Version": "v0.0.0-20190724113126-8e5366da203a", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/kr/fs@v0.1.0", "Name": "github.com/kr/fs", "Identifier": { "PURL": "pkg:golang/github.com/kr/fs@v0.1.0", "UID": "5afdf97ff7f34072" }, "Version": "v0.1.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/kylelemons/godebug@v1.1.0", "Name": "github.com/kylelemons/godebug", "Identifier": { "PURL": "pkg:golang/github.com/kylelemons/godebug@v1.1.0", "UID": "52283410ea03b5a8" }, "Version": "v1.1.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/lucasb-eyer/go-colorful@v1.2.0", "Name": "github.com/lucasb-eyer/go-colorful", "Identifier": { "PURL": "pkg:golang/github.com/lucasb-eyer/go-colorful@v1.2.0", "UID": "2da086943997a1b5" }, "Version": "v1.2.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mattn/go-colorable@v0.1.13", "Name": "github.com/mattn/go-colorable", "Identifier": { "PURL": "pkg:golang/github.com/mattn/go-colorable@v0.1.13", "UID": "cb2af01d187a561" }, "Version": "v0.1.13", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mattn/go-isatty@v0.0.16", "Name": "github.com/mattn/go-isatty", "Identifier": { "PURL": "pkg:golang/github.com/mattn/go-isatty@v0.0.16", "UID": "b95725f615939ad4" }, "Version": "v0.0.16", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mattn/go-runewidth@v0.0.14", "Name": "github.com/mattn/go-runewidth", "Identifier": { "PURL": "pkg:golang/github.com/mattn/go-runewidth@v0.0.14", "UID": "c08692dec378934b" }, "Version": "v0.0.14", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/matttproud/golang_protobuf_extensions@v1.0.1", "Name": "github.com/matttproud/golang_protobuf_extensions", "Identifier": { "PURL": "pkg:golang/github.com/matttproud/golang_protobuf_extensions@v1.0.1", "UID": "22bcf68bfde6516d" }, "Version": "v1.0.1", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mitchellh/go-homedir@v1.1.0", "Name": "github.com/mitchellh/go-homedir", "Identifier": { "PURL": "pkg:golang/github.com/mitchellh/go-homedir@v1.1.0", "UID": "b20939d7367e68a4" }, "Version": "v1.1.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/ncw/go-acd@v0.0.0-20201019170801-fe55f33415b1", "Name": "github.com/ncw/go-acd", "Identifier": { "PURL": "pkg:golang/github.com/ncw/go-acd@v0.0.0-20201019170801-fe55f33415b1", "UID": "1ce220826a0c2f83" }, "Version": "v0.0.0-20201019170801-fe55f33415b1", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/ncw/swift/v2@v2.0.1", "Name": "github.com/ncw/swift/v2", "Identifier": { "PURL": "pkg:golang/github.com/ncw/swift/v2@v2.0.1", "UID": "209168f39bc7757e" }, "Version": "v2.0.1", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/oracle/oci-go-sdk/v65@v65.26.1", "Name": "github.com/oracle/oci-go-sdk/v65", "Identifier": { "PURL": "pkg:golang/github.com/oracle/oci-go-sdk/v65@v65.26.1", "UID": "2a8c17704b1629a4" }, "Version": "v65.26.1", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/patrickmn/go-cache@v2.1.0+incompatible", "Name": "github.com/patrickmn/go-cache", "Identifier": { "PURL": "pkg:golang/github.com/patrickmn/go-cache@v2.1.0%2Bincompatible", "UID": "62374a16aa2bb819" }, "Version": "v2.1.0+incompatible", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/pengsrc/go-shared@v0.2.1-0.20190131101655-1999055a4a14", "Name": "github.com/pengsrc/go-shared", "Identifier": { "PURL": "pkg:golang/github.com/pengsrc/go-shared@v0.2.1-0.20190131101655-1999055a4a14", "UID": "cb8aece86917d49e" }, "Version": "v0.2.1-0.20190131101655-1999055a4a14", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/pkg/browser@v0.0.0-20210115035449-ce105d075bb4", "Name": "github.com/pkg/browser", "Identifier": { "PURL": "pkg:golang/github.com/pkg/browser@v0.0.0-20210115035449-ce105d075bb4", "UID": "47f3b57c556ac34b" }, "Version": "v0.0.0-20210115035449-ce105d075bb4", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/pkg/sftp@v1.13.5", "Name": "github.com/pkg/sftp", "Identifier": { "PURL": "pkg:golang/github.com/pkg/sftp@v1.13.5", "UID": "bf37bef6f1d969d0" }, "Version": "v1.13.5", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/pkg/xattr@v0.4.9", "Name": "github.com/pkg/xattr", "Identifier": { "PURL": "pkg:golang/github.com/pkg/xattr@v0.4.9", "UID": "2d970b6cad9ee09e" }, "Version": "v0.4.9", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/client_golang@v1.14.0", "Name": "github.com/prometheus/client_golang", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/client_golang@v1.14.0", "UID": "115000457136cc6f" }, "Version": "v1.14.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/client_model@v0.3.0", "Name": "github.com/prometheus/client_model", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/client_model@v0.3.0", "UID": "844dd84e5c6d6a74" }, "Version": "v0.3.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/common@v0.37.0", "Name": "github.com/prometheus/common", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/common@v0.37.0", "UID": "467a5b50e5eb9bd1" }, "Version": "v0.37.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/procfs@v0.8.0", "Name": "github.com/prometheus/procfs", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/procfs@v0.8.0", "UID": "e043b2ebc83e40f7" }, "Version": "v0.8.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/putdotio/go-putio/putio@v0.0.0-20200123120452-16d982cac2b8", "Name": "github.com/putdotio/go-putio/putio", "Identifier": { "PURL": "pkg:golang/github.com/putdotio/go-putio/putio@v0.0.0-20200123120452-16d982cac2b8", "UID": "52f596004ac71629" }, "Version": "v0.0.0-20200123120452-16d982cac2b8", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/rclone/ftp@v0.0.0-20221014110213-e44dedbc76c6", "Name": "github.com/rclone/ftp", "Identifier": { "PURL": "pkg:golang/github.com/rclone/ftp@v0.0.0-20221014110213-e44dedbc76c6", "UID": "24808aef510d50da" }, "Version": "v0.0.0-20221014110213-e44dedbc76c6", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/rfjakob/eme@v1.1.2", "Name": "github.com/rfjakob/eme", "Identifier": { "PURL": "pkg:golang/github.com/rfjakob/eme@v1.1.2", "UID": "13f83c9ba1855e00" }, "Version": "v1.1.2", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/rivo/uniseg@v0.2.0", "Name": "github.com/rivo/uniseg", "Identifier": { "PURL": "pkg:golang/github.com/rivo/uniseg@v0.2.0", "UID": "1fa9d8777d37cd57" }, "Version": "v0.2.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/russross/blackfriday/v2@v2.1.0", "Name": "github.com/russross/blackfriday/v2", "Identifier": { "PURL": "pkg:golang/github.com/russross/blackfriday/v2@v2.1.0", "UID": "e1681825ad1c209b" }, "Version": "v2.1.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/shirou/gopsutil/v3@v3.22.10", "Name": "github.com/shirou/gopsutil/v3", "Identifier": { "PURL": "pkg:golang/github.com/shirou/gopsutil/v3@v3.22.10", "UID": "d10e401e488fe27b" }, "Version": "v3.22.10", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/sirupsen/logrus@v1.9.0", "Name": "github.com/sirupsen/logrus", "Identifier": { "PURL": "pkg:golang/github.com/sirupsen/logrus@v1.9.0", "UID": "46b956ac4d3f77c5" }, "Version": "v1.9.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/skratchdot/open-golang@v0.0.0-20200116055534-eef842397966", "Name": "github.com/skratchdot/open-golang", "Identifier": { "PURL": "pkg:golang/github.com/skratchdot/open-golang@v0.0.0-20200116055534-eef842397966", "UID": "f5602cfe94cfcc8" }, "Version": "v0.0.0-20200116055534-eef842397966", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/sony/gobreaker@v0.5.0", "Name": "github.com/sony/gobreaker", "Identifier": { "PURL": "pkg:golang/github.com/sony/gobreaker@v0.5.0", "UID": "dac01ec8c4f4ee11" }, "Version": "v0.5.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/spacemonkeygo/monkit/v3@v3.0.17", "Name": "github.com/spacemonkeygo/monkit/v3", "Identifier": { "PURL": "pkg:golang/github.com/spacemonkeygo/monkit/v3@v3.0.17", "UID": "2bfd9f0c62daae32" }, "Version": "v3.0.17", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/spf13/cobra@v1.6.1", "Name": "github.com/spf13/cobra", "Identifier": { "PURL": "pkg:golang/github.com/spf13/cobra@v1.6.1", "UID": "efe1f0c40742c59f" }, "Version": "v1.6.1", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/spf13/pflag@v1.0.5", "Name": "github.com/spf13/pflag", "Identifier": { "PURL": "pkg:golang/github.com/spf13/pflag@v1.0.5", "UID": "24ad49a893d9b4b3" }, "Version": "v1.0.5", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/t3rm1n4l/go-mega@v0.0.0-20220725095014-c4e0c2b5debf", "Name": "github.com/t3rm1n4l/go-mega", "Identifier": { "PURL": "pkg:golang/github.com/t3rm1n4l/go-mega@v0.0.0-20220725095014-c4e0c2b5debf", "UID": "bc3cce22ed41d26e" }, "Version": "v0.0.0-20220725095014-c4e0c2b5debf", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/vivint/infectious@v0.0.0-20200605153912-25a574ae18a3", "Name": "github.com/vivint/infectious", "Identifier": { "PURL": "pkg:golang/github.com/vivint/infectious@v0.0.0-20200605153912-25a574ae18a3", "UID": "c0a9f0339f01b2b8" }, "Version": "v0.0.0-20200605153912-25a574ae18a3", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/xanzy/ssh-agent@v0.3.3", "Name": "github.com/xanzy/ssh-agent", "Identifier": { "PURL": "pkg:golang/github.com/xanzy/ssh-agent@v0.3.3", "UID": "9f0f8fa279374e90" }, "Version": "v0.3.3", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/youmark/pkcs8@v0.0.0-20201027041543-1326539a0a0a", "Name": "github.com/youmark/pkcs8", "Identifier": { "PURL": "pkg:golang/github.com/youmark/pkcs8@v0.0.0-20201027041543-1326539a0a0a", "UID": "76c01c2387b0ff5a" }, "Version": "v0.0.0-20201027041543-1326539a0a0a", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/yunify/qingstor-sdk-go/v3@v3.2.0", "Name": "github.com/yunify/qingstor-sdk-go/v3", "Identifier": { "PURL": "pkg:golang/github.com/yunify/qingstor-sdk-go/v3@v3.2.0", "UID": "486856d66f8bbad" }, "Version": "v3.2.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/zeebo/errs@v1.3.0", "Name": "github.com/zeebo/errs", "Identifier": { "PURL": "pkg:golang/github.com/zeebo/errs@v1.3.0", "UID": "1d3e33ea493fb64d" }, "Version": "v1.3.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "go.etcd.io/bbolt@v1.3.6", "Name": "go.etcd.io/bbolt", "Identifier": { "PURL": "pkg:golang/go.etcd.io/bbolt@v1.3.6", "UID": "cc3b8641d2eec17a" }, "Version": "v1.3.6", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opencensus.io@v0.24.0", "Name": "go.opencensus.io", "Identifier": { "PURL": "pkg:golang/go.opencensus.io@v0.24.0", "UID": "f4fa8432d922fc4d" }, "Version": "v0.24.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "goftp.io/server@v0.4.1", "Name": "goftp.io/server", "Identifier": { "PURL": "pkg:golang/goftp.io/server@v0.4.1", "UID": "a4291f5e4219beb2" }, "Version": "v0.4.1", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/crypto@v0.3.0", "Name": "golang.org/x/crypto", "Identifier": { "PURL": "pkg:golang/golang.org/x/crypto@v0.3.0", "UID": "31a497eb63876334" }, "Version": "v0.3.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/net@v0.4.0", "Name": "golang.org/x/net", "Identifier": { "PURL": "pkg:golang/golang.org/x/net@v0.4.0", "UID": "80db47ca242657ea" }, "Version": "v0.4.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/oauth2@v0.2.0", "Name": "golang.org/x/oauth2", "Identifier": { "PURL": "pkg:golang/golang.org/x/oauth2@v0.2.0", "UID": "31dfa10cd8116308" }, "Version": "v0.2.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/sync@v0.1.0", "Name": "golang.org/x/sync", "Identifier": { "PURL": "pkg:golang/golang.org/x/sync@v0.1.0", "UID": "60a1b9b8c78daac4" }, "Version": "v0.1.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/sys@v0.3.0", "Name": "golang.org/x/sys", "Identifier": { "PURL": "pkg:golang/golang.org/x/sys@v0.3.0", "UID": "5c94e87c92f3707f" }, "Version": "v0.3.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/term@v0.3.0", "Name": "golang.org/x/term", "Identifier": { "PURL": "pkg:golang/golang.org/x/term@v0.3.0", "UID": "2dc4b367dc027924" }, "Version": "v0.3.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/text@v0.5.0", "Name": "golang.org/x/text", "Identifier": { "PURL": "pkg:golang/golang.org/x/text@v0.5.0", "UID": "5935d9bdb1a25c6" }, "Version": "v0.5.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/time@v0.2.0", "Name": "golang.org/x/time", "Identifier": { "PURL": "pkg:golang/golang.org/x/time@v0.2.0", "UID": "dbcaba973097174b" }, "Version": "v0.2.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/api@v0.103.0", "Name": "google.golang.org/api", "Identifier": { "PURL": "pkg:golang/google.golang.org/api@v0.103.0", "UID": "dfab0203996e51b7" }, "Version": "v0.103.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/genproto@v0.0.0-20221027153422-115e99e71e1c", "Name": "google.golang.org/genproto", "Identifier": { "PURL": "pkg:golang/google.golang.org/genproto@v0.0.0-20221027153422-115e99e71e1c", "UID": "8311452352132e6d" }, "Version": "v0.0.0-20221027153422-115e99e71e1c", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/grpc@v1.50.1", "Name": "google.golang.org/grpc", "Identifier": { "PURL": "pkg:golang/google.golang.org/grpc@v1.50.1", "UID": "295cade235701834" }, "Version": "v1.50.1", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/protobuf@v1.28.1", "Name": "google.golang.org/protobuf", "Identifier": { "PURL": "pkg:golang/google.golang.org/protobuf@v1.28.1", "UID": "92d88af829581f08" }, "Version": "v1.28.1", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/yaml.v2@v2.4.0", "Name": "gopkg.in/yaml.v2", "Identifier": { "PURL": "pkg:golang/gopkg.in/yaml.v2@v2.4.0", "UID": "8f604011369f2d83" }, "Version": "v2.4.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/yaml.v3@v3.0.1", "Name": "gopkg.in/yaml.v3", "Identifier": { "PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1", "UID": "e7eb1f43223c25c7" }, "Version": "v3.0.1", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "storj.io/common@v0.0.0-20220414110316-a5cb7172d6bf", "Name": "storj.io/common", "Identifier": { "PURL": "pkg:golang/storj.io/common@v0.0.0-20220414110316-a5cb7172d6bf", "UID": "11d5433de310f275" }, "Version": "v0.0.0-20220414110316-a5cb7172d6bf", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "storj.io/drpc@v0.0.30", "Name": "storj.io/drpc", "Identifier": { "PURL": "pkg:golang/storj.io/drpc@v0.0.30", "UID": "68c10d13a5960cc8" }, "Version": "v0.0.30", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "storj.io/uplink@v1.9.0", "Name": "storj.io/uplink", "Identifier": { "PURL": "pkg:golang/storj.io/uplink@v1.9.0", "UID": "127009b06e999ae" }, "Version": "v1.9.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2024-35255", "VendorIDs": [ "GHSA-m5vv-6r4h-3vj9" ], "PkgID": "github.com/Azure/azure-sdk-for-go/sdk/azidentity@v1.2.0", "PkgName": "github.com/Azure/azure-sdk-for-go/sdk/azidentity", "PkgIdentifier": { "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/azidentity@v1.2.0", "UID": "9e2e4303a4195ef3" }, "InstalledVersion": "v1.2.0", "FixedVersion": "1.6.0-beta.4.0.20240610221955-50774cd97099", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-35255", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:236e960be66ee3006fa47e021696bcd2ea517532797861744a6df27accc1c8c2", "Title": "azure-identity: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity", "Description": "Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "amazon": 3, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "V3Score": 5.5, "V40Score": 6.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-35255", "https://github.com/Azure/azure-sdk-for-go/commit/50774cd9709905523136fb05e8c85a50e8984499", "https://github.com/Azure/azure-sdk-for-java/commit/5bf020d6ea056de40e2738e3647a4e06f902c18d", "https://github.com/Azure/azure-sdk-for-js/commit/c6aa75d312ae463e744163cedfd8fc480cc8d492", "https://github.com/Azure/azure-sdk-for-net/commit/9279a4f38bf69b457cfb9b354f210e0a540a5c53", "https://github.com/Azure/azure-sdk-for-python/commit/cb065acd7d0f957327dc4f02d1646d4e51a94178", "https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/4806#issuecomment-2178960340", "https://github.com/advisories/GHSA-m5vv-6r4h-3vj9", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35255", "https://nvd.nist.gov/vuln/detail/CVE-2024-35255", "https://www.cve.org/CVERecord?id=CVE-2024-35255" ], "PublishedDate": "2024-06-11T17:16:03.55Z", "LastModifiedDate": "2024-11-21T09:20:01.923Z" }, { "VulnerabilityID": "CVE-2026-32952", "VendorIDs": [ "GHSA-pjcq-xvwq-hhpj" ], "PkgID": "github.com/Azure/go-ntlmssp@v0.0.0-20220621081337-cb9428e4ac1e", "PkgName": "github.com/Azure/go-ntlmssp", "PkgIdentifier": { "PURL": "pkg:golang/github.com/azure/go-ntlmssp@v0.0.0-20220621081337-cb9428e4ac1e", "UID": "94423296cb8be0a" }, "InstalledVersion": "v0.0.0-20220621081337-cb9428e4ac1e", "FixedVersion": "0.1.1", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32952", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:88c2b915391c6b89f809f457edf17cce689d488f0935877a2308cb038cd0c8ac", "Title": "go-ntlmssp: go-ntlmssp: Denial of Service via malicious NTLM challenge", "Description": "go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using `ntlmssp.Negotiator` as an HTTP transport. Version 0.1.1 patches the issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "ghsa": 2, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32952", "https://github.com/Azure/go-ntlmssp", "https://github.com/Azure/go-ntlmssp/releases/tag/v0.1.1", "https://github.com/Azure/go-ntlmssp/security/advisories/GHSA-pjcq-xvwq-hhpj", "https://nvd.nist.gov/vuln/detail/CVE-2026-32952", "https://www.cve.org/CVERecord?id=CVE-2026-32952" ], "PublishedDate": "2026-04-24T03:16:07.833Z", "LastModifiedDate": "2026-05-21T18:22:06.247Z" }, { "VulnerabilityID": "GHSA-9763-4f94-gfch", "PkgID": "github.com/cloudflare/circl@v1.1.0", "PkgName": "github.com/cloudflare/circl", "PkgIdentifier": { "PURL": "pkg:golang/github.com/cloudflare/circl@v1.1.0", "UID": "6ad71c4815031930" }, "InstalledVersion": "v1.1.0", "FixedVersion": "1.3.7", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://github.com/advisories/GHSA-9763-4f94-gfch", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:78120b5b1441853998c1ae8a5421ed5c7b60ff2d06fc50faba065fe4c588ca4f", "Title": "CIRCL's Kyber: timing side-channel (kyberslash2)", "Description": "### Impact\nOn some platforms, when an attacker can time decapsulation of Kyber on forged cipher texts, they could possibly learn (parts of) the secret key.\n\nDoes not apply to ephemeral usage, such as when used in the regular way in TLS.\n\n### Patches\nPatched in 1.3.7.\n\n### References\n- [kyberslash.cr.yp.to](https://kyberslash.cr.yp.to/)", "Severity": "HIGH", "VendorSeverity": { "ghsa": 3 }, "References": [ "https://github.com/cloudflare/circl", "https://github.com/cloudflare/circl/commit/75ef91e8a2f438e6ce2b6e620d236add8be1887d", "https://github.com/cloudflare/circl/security/advisories/GHSA-9763-4f94-gfch", "https://kyberslash.cr.yp.to" ], "PublishedDate": "2024-01-08T16:45:05Z", "LastModifiedDate": "2024-05-20T22:00:44Z" }, { "VulnerabilityID": "CVE-2023-1732", "VendorIDs": [ "GHSA-2q89-485c-9j2x" ], "PkgID": "github.com/cloudflare/circl@v1.1.0", "PkgName": "github.com/cloudflare/circl", "PkgIdentifier": { "PURL": "pkg:golang/github.com/cloudflare/circl@v1.1.0", "UID": "6ad71c4815031930" }, "InstalledVersion": "v1.1.0", "FixedVersion": "1.3.3", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-1732", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:aa573fc370c353010b43190ff83fb6a9144608eb269ad13de86a3bb115cfb6e5", "Title": "Improper random reading in CIRCL", "Description": "When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read() returns an error. In rare deployment cases (error thrown by the Read() function), this could lead to a predictable shared secret.\n\nThe tkn20 and blindrsa components did not check whether enough randomness was returned from the user provided randomness source. Typically the user provides crypto/rand.Reader, which in the vast majority of cases will always return the right number random bytes. In the cases where it does not, or the user provides a source that does not, the blinding for blindrsa is weak and integrity of the plaintext is not ensured in tkn20.\n\n", "Severity": "MEDIUM", "CweIDs": [ "CWE-20", "CWE-755" ], "VendorSeverity": { "ghsa": 2, "nvd": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", "V3Score": 8.2 } }, "References": [ "https://github.com/cloudflare/circl", "https://github.com/cloudflare/circl/commit/ff8d91225f8954b4970b6d6382d2e4c78f4a4cf8", "https://github.com/cloudflare/circl/releases/tag/v1.3.3", "https://github.com/cloudflare/circl/security/advisories/GHSA-2q89-485c-9j2x", "https://nvd.nist.gov/vuln/detail/CVE-2023-1732" ], "PublishedDate": "2023-05-10T12:15:10.523Z", "LastModifiedDate": "2024-11-21T07:39:47.283Z" }, { "VulnerabilityID": "GHSA-vrw8-fxc6-2r93", "PkgID": "github.com/go-chi/chi/v5@v5.0.7", "PkgName": "github.com/go-chi/chi/v5", "PkgIdentifier": { "PURL": "pkg:golang/github.com/go-chi/chi/v5@v5.0.7", "UID": "174827b0972b6f93" }, "InstalledVersion": "v5.0.7", "FixedVersion": "5.2.2", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://github.com/advisories/GHSA-vrw8-fxc6-2r93", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:016e1306448b6bfd8ea1c2a0203cde51d109c6335b91a860de368bfcc5e2f02b", "Title": "chi Allows Host Header Injection which Leads to Open Redirect in RedirectSlashes", "Description": "### Summary\nThe RedirectSlashes function in middleware/strip.go is vulnerable to host header injection which leads to open redirect.\n\nWe consider this a **lower-severity** open redirect, as it can't be exploited from browsers or email clients (requires manipulation of a Host header).\n\n### Details\nThe RedirectSlashes method uses the Host header to construct the redirectURL at this line https://github.com/go-chi/chi/blob/master/middleware/strip.go#L55\n\nThe Host header can be manipulated by a user to be any arbitrary host. This leads to open redirect when using the RedirectSlashes middleware\n\n### PoC\nCreate a simple server which uses the RedirectSlashes middleware\n```\npackage main\n\nimport (\n\t\"fmt\"\n\t\"net/http\"\n\n\t\"github.com/go-chi/chi/v5\"\n\t\"github.com/go-chi/chi/v5/middleware\" // Import the middleware package\n)\n\nfunc main() {\n\t// Create a new Chi router\n\tr := chi.NewRouter()\n\n\t// Use the built-in RedirectSlashes middleware\n\tr.Use(middleware.RedirectSlashes) // Use middleware.RedirectSlashes\n\n\t// Define a route handler\n\tr.Get(\"/\", func(w http.ResponseWriter, r *http.Request) {\n\t\t// A simple response\n\t\tw.Write([]byte(\"Hello, World!\"))\n\t})\n\n\t// Start the server\n\tfmt.Println(\"Starting server on :8080\")\n\thttp.ListenAndServe(\":8080\", r)\n}\n```\nRun the server `go run main.go`\n\nOnce the server is running, send a request that will trigger the RedirectSlashes function with an arbitrary Host header\n`curl -iL -H \"Host: example.com\" http://localhost:8080/test/`\n\nObserve that the request will be redirected to example.com\n\n```\ncurl -L -H \"Host: example.com\" http://localhost:8080/test/\n\n\u003c!doctype html\u003e\n\u003chtml\u003e\n\u003chead\u003e\n \u003ctitle\u003eExample Domain\u003c/title\u003e\n\n \u003cmeta charset=\"utf-8\" /\u003e\n \u003cmeta http-equiv=\"Content-type\" content=\"text/html; charset=utf-8\" /\u003e\n \u003cmeta name=\"viewport\" content=\"width=device-width, initial-scale=1\" /\u003e\n \u003cstyle type=\"text/css\"\u003e\n body {\n background-color: #f0f0f2;\n margin: 0;\n padding: 0;\n font-family: -apple-system, system-ui, BlinkMacSystemFont, \"Segoe UI\", \"Open Sans\", \"Helvetica Neue\", Helvetica, Arial, sans-serif;\n... snipped ...\n```\nWithout the host header, the response is returned from the test server\n```\ncurl -L http://localhost:8080/test/\n\n404 page not found\n```\n\n### Impact\nAn open redirect vulnerability allows attackers to trick users into visiting malicious sites. This can lead to phishing attacks, credential theft, and malware distribution, as users trust the application’s domain while being redirected to harmful sites.\n\n### Potential mitigation\nIt seems that the purpose of the RedirectSlashes function is to redirect within the same application. In that case r.RequestURI can be used instead of r.Host by default. If there is a use case to redirect to a different host, a flag can be added to use the Host header instead. As this flag will be controlled by the developer they will make the decision of allowing redirects to arbitrary hosts based on their judgement.", "Severity": "MEDIUM", "VendorSeverity": { "ghsa": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N", "V40Score": 5.1 } }, "References": [ "https://github.com/go-chi/chi", "https://github.com/go-chi/chi/commit/1be7ad938cc9c5b39a9dea01a5c518848928ab65", "https://github.com/go-chi/chi/security/advisories/GHSA-vrw8-fxc6-2r93" ], "PublishedDate": "2025-06-20T16:37:47Z", "LastModifiedDate": "2025-10-13T15:41:17Z" }, { "VulnerabilityID": "CVE-2025-30204", "VendorIDs": [ "GHSA-mh63-6h87-95cp" ], "PkgID": "github.com/golang-jwt/jwt/v4@v4.4.2", "PkgName": "github.com/golang-jwt/jwt/v4", "PkgIdentifier": { "PURL": "pkg:golang/github.com/golang-jwt/jwt/v4@v4.4.2", "UID": "a02ec5d34a9debc5" }, "InstalledVersion": "v4.4.2", "FixedVersion": "4.5.2", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-30204", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:57fc0ace77216019aaba8c33854d887fd8b9817865f89ef3987be09779123962", "Title": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing", "Description": "golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.", "Severity": "HIGH", "CweIDs": [ "CWE-405" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "cbl-mariner": 2, "ghsa": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "V3Score": 7.5, "V40Score": 8.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:7425", "https://access.redhat.com/security/cve/CVE-2025-30204", "https://bugzilla.redhat.com/2354195", "https://bugzilla.redhat.com/show_bug.cgi?id=2354195", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30204", "https://errata.almalinux.org/9/ALSA-2025-7425.html", "https://errata.rockylinux.org/RLSA-2025:3411", "https://github.com/golang-jwt/jwt", "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3", "https://github.com/golang-jwt/jwt/commit/bf316c48137a1212f8d0af9288cc9ce8e59f1afb", "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp", "https://linux.oracle.com/cve/CVE-2025-30204.html", "https://linux.oracle.com/errata/ELSA-2025-7967.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-30204", "https://pkg.go.dev/vuln/GO-2025-3553", "https://security.netapp.com/advisory/ntap-20250404-0002", "https://security.netapp.com/advisory/ntap-20250404-0002/", "https://www.cve.org/CVERecord?id=CVE-2025-30204" ], "PublishedDate": "2025-03-21T22:15:26.42Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2026-41176", "VendorIDs": [ "GHSA-25qr-6mpr-f7qx" ], "PkgID": "github.com/rclone/rclone@v1.61.1", "PkgName": "github.com/rclone/rclone", "PkgIdentifier": { "PURL": "pkg:golang/github.com/rclone/rclone@v1.61.1", "UID": "ae64505d118b4275" }, "InstalledVersion": "v1.61.1", "FixedVersion": "1.73.5", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-41176", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:bcf52b90588616e7bbeb0969945fcbc644ea5c64ff42147e5f32ad7924afeaee", "Title": "github.com/rclone/rclone: Rclone: Unauthorized access to administrative functions through unauthenticated Remote Control endpoint.", "Description": "Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint `options/set` is exposed without `AuthRequired: true`, but it can mutate global runtime configuration, including the RC option block itself. Starting in version 1.45.0 and prior to version 1.73.5, an unauthenticated attacker can set `rc.NoAuth=true`, which disables the authorization gate for many RC methods registered with `AuthRequired: true` on reachable RC servers that are started without global HTTP authentication. This can lead to unauthorized access to sensitive administrative functionality, including configuration and operational RC methods. Version 1.73.5 patches the issue.", "Severity": "CRITICAL", "CweIDs": [ "CWE-306" ], "VendorSeverity": { "amazon": 3, "bitnami": 4, "ghsa": 4, "julia": 4, "nvd": 4, "redhat": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "V40Score": 9.2 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "V3Score": 9.8, "V40Score": 9.2 }, "julia": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "V40Score": 9.2 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-41176", "https://github.com/advisories/GHSA-25qr-6mpr-f7qx", "https://github.com/rclone/rclone", "https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/fs/rc/config.go", "https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/fs/rc/rcserver/rcserver.go", "https://github.com/rclone/rclone/security/advisories/GHSA-25qr-6mpr-f7qx", "https://nvd.nist.gov/vuln/detail/CVE-2026-41176", "https://www.cve.org/CVERecord?id=CVE-2026-41176" ], "PublishedDate": "2026-04-23T00:16:45.8Z", "LastModifiedDate": "2026-04-27T18:19:45.303Z" }, { "VulnerabilityID": "CVE-2026-41179", "VendorIDs": [ "GHSA-jfwf-28xr-xw6q" ], "PkgID": "github.com/rclone/rclone@v1.61.1", "PkgName": "github.com/rclone/rclone", "PkgIdentifier": { "PURL": "pkg:golang/github.com/rclone/rclone@v1.61.1", "UID": "ae64505d118b4275" }, "InstalledVersion": "v1.61.1", "FixedVersion": "1.73.5", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-41179", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:cd5af0614e2eca73ccf268d222ea886db8465e055c84f67f6194cdaba58bb3d9", "Title": "github.com/rclone/rclone: Rclone: Unauthenticated local command execution via exposed RC endpoint", "Description": "Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint `operations/fsinfo` is exposed without `AuthRequired: true` and accepts attacker-controlled `fs` input. Because `rc.GetFs(...)` supports inline backend definitions, an unauthenticated attacker can instantiate an attacker-controlled backend on demand. For the WebDAV backend, `bearer_token_command` is executed during backend initialization, making single-request unauthenticated local command execution possible on reachable RC deployments without global HTTP authentication. Version 1.73.5 patches the issue.", "Severity": "CRITICAL", "CweIDs": [ "CWE-78", "CWE-306" ], "VendorSeverity": { "amazon": 3, "bitnami": 4, "ghsa": 4, "julia": 4, "nvd": 4, "redhat": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "V40Score": 9.2 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "V3Score": 9.8, "V40Score": 9.2 }, "julia": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "V40Score": 9.2 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-41179", "https://github.com/advisories/GHSA-jfwf-28xr-xw6q", "https://github.com/rclone/rclone", "https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/backend/webdav/webdav.go", "https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/fs/operations/rc.go", "https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/fs/rc/cache.go", "https://github.com/rclone/rclone/commit/2a9e952b38e03a96bf40c9eb6e8e22199865ee3b", "https://github.com/rclone/rclone/releases/tag/v1.73.5", "https://github.com/rclone/rclone/security/advisories/GHSA-jfwf-28xr-xw6q", "https://nvd.nist.gov/vuln/detail/CVE-2026-41179", "https://rclone.org/changelog/#v1-73-5-2026-04-19", "https://www.cve.org/CVERecord?id=CVE-2026-41179" ], "PublishedDate": "2026-04-23T00:16:45.947Z", "LastModifiedDate": "2026-05-20T02:16:35.92Z" }, { "VulnerabilityID": "CVE-2024-52522", "VendorIDs": [ "GHSA-hrxh-9w67-g4cv" ], "PkgID": "github.com/rclone/rclone@v1.61.1", "PkgName": "github.com/rclone/rclone", "PkgIdentifier": { "PURL": "pkg:golang/github.com/rclone/rclone@v1.61.1", "UID": "ae64505d118b4275" }, "InstalledVersion": "v1.61.1", "FixedVersion": "1.68.2", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-52522", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:0f080ae295e471601d22a1a1b951743804f3fe915e2b3143e7aae75c42c3fd9d", "Title": "rclone: librclone: improper permission and ownership handling on symlink targets with --links and --metadata", "Description": "Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Insecure handling of symlinks with --links and --metadata in rclone while copying to local disk allows unprivileged users to indirectly modify ownership and permissions on symlink target files when a superuser or privileged process performs a copy. This vulnerability could enable privilege escalation and unauthorized access to critical system files, compromising system integrity, confidentiality, and availability. This vulnerability is fixed in 1.68.2.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59", "CWE-61", "CWE-281" ], "VendorSeverity": { "bitnami": 2, "ghsa": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L", "V40Score": 5.4 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L", "V3Score": 5.5, "V40Score": 5.4 }, "julia": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L", "V40Score": 5.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "V3Score": 6.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-52522", "https://github.com/advisories/GHSA-hrxh-9w67-g4cv", "https://github.com/rclone/rclone", "https://github.com/rclone/rclone/commit/01ccf204f42b4f68541b16843292439090a2dcf0", "https://github.com/rclone/rclone/commit/01ccf204f42b4f68541b16843292439090a2dcf0 (master)", "https://github.com/rclone/rclone/commit/669b2f2669cacd634faa2bcecb589b76e1402533 (v1.68.2)", "https://github.com/rclone/rclone/security/advisories/GHSA-hrxh-9w67-g4cv", "https://nvd.nist.gov/vuln/detail/CVE-2024-52522", "https://www.cve.org/CVERecord?id=CVE-2024-52522" ], "PublishedDate": "2024-11-15T18:15:30.643Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-65637", "VendorIDs": [ "GHSA-4f99-4q7p-p3gh" ], "PkgID": "github.com/sirupsen/logrus@v1.9.0", "PkgName": "github.com/sirupsen/logrus", "PkgIdentifier": { "PURL": "pkg:golang/github.com/sirupsen/logrus@v1.9.0", "UID": "46b956ac4d3f77c5" }, "InstalledVersion": "v1.9.0", "FixedVersion": "1.8.3, 1.9.1, 1.9.3", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-65637", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:754c7fc53cb7352f8025b37d2af657d82c86c5f309553b10cdc4b0329e5b91ed", "Title": "github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload", "Description": "A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with \"token too long\" and the writer pipe is closed, leaving Writer() unusable and causing application unavailability (DoS). This affects versions \u003c 1.8.3, 1.9.0, and 1.9.2. The issue is fixed in 1.8.3, 1.9.1, and 1.9.3+, where the input is chunked and the writer continues to function even if an error is logged.", "Severity": "HIGH", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "cbl-mariner": 2, "ghsa": 3, "oracle-oval": 3, "redhat": 2, "rocky": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "V40Score": 8.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:3428", "https://access.redhat.com/security/cve/CVE-2025-65637", "https://bugzilla.redhat.com/2268022", "https://bugzilla.redhat.com/2418462", "https://bugzilla.redhat.com/2418900", "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", "https://bugzilla.redhat.com/show_bug.cgi?id=2418900", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24785", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65637", "https://errata.almalinux.org/8/ALSA-2026-3428.html", "https://errata.rockylinux.org/RLSA-2026:3428", "https://github.com/mjuanxd/logrus-dos-poc", "https://github.com/mjuanxd/logrus-dos-poc/blob/main/README.md", "https://github.com/sirupsen/logrus", "https://github.com/sirupsen/logrus/commit/6acd903758687c4a3db3c11701e6c414fcf1c1f7", "https://github.com/sirupsen/logrus/issues/1370", "https://github.com/sirupsen/logrus/pull/1376", "https://github.com/sirupsen/logrus/releases/tag/v1.8.3", "https://github.com/sirupsen/logrus/releases/tag/v1.9.1", "https://github.com/sirupsen/logrus/releases/tag/v1.9.3", "https://linux.oracle.com/cve/CVE-2025-65637.html", "https://linux.oracle.com/errata/ELSA-2026-3428.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-65637", "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSIRUPSENLOGRUS-5564391", "https://www.cve.org/CVERecord?id=CVE-2025-65637" ], "PublishedDate": "2025-12-04T19:16:05.223Z", "LastModifiedDate": "2025-12-23T00:26:00.703Z" }, { "VulnerabilityID": "CVE-2024-45337", "VendorIDs": [ "GHSA-v778-237x-gjrc" ], "PkgID": "golang.org/x/crypto@v0.3.0", "PkgName": "golang.org/x/crypto", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/crypto@v0.3.0", "UID": "31a497eb63876334" }, "InstalledVersion": "v0.3.0", "FixedVersion": "0.31.0", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-45337", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:ffb42832210e292eb14d8f5794b0d1fb19589dabde60cf7d2c1c184deb3d3b20", "Title": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto", "Description": "Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that \"A call to this function does not guarantee that the key offered is in fact used to authenticate.\" Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/cry...@v0.31.0 enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.", "Severity": "CRITICAL", "VendorSeverity": { "amazon": 3, "azure": 4, "cbl-mariner": 4, "ghsa": 4, "redhat": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N", "V3Score": 8.2 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/12/11/2", "https://access.redhat.com/security/cve/CVE-2024-45337", "https://github.com/golang/crypto", "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909", "https://go-review.googlesource.com/c/crypto/+/635315/", "https://go.dev/cl/635315", "https://go.dev/issue/70779", "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ", "https://nvd.nist.gov/vuln/detail/CVE-2024-45337", "https://pkg.go.dev/vuln/GO-2024-3321", "https://security.netapp.com/advisory/ntap-20250131-0007", "https://security.netapp.com/advisory/ntap-20250131-0007/", "https://ubuntu.com/security/notices/USN-7839-1", "https://ubuntu.com/security/notices/USN-7839-2", "https://www.cve.org/CVERecord?id=CVE-2024-45337" ], "PublishedDate": "2024-12-12T02:02:07.97Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-22869", "VendorIDs": [ "GHSA-hcg3-q754-cr77" ], "PkgID": "golang.org/x/crypto@v0.3.0", "PkgName": "golang.org/x/crypto", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/crypto@v0.3.0", "UID": "31a497eb63876334" }, "InstalledVersion": "v0.3.0", "FixedVersion": "0.35.0", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22869", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:07a4bad0898b8c30a4bbd97a8173952df4cbb7f186d776d0936c8531b2b17412", "Title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh", "Description": "SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "ghsa": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:3833", "https://access.redhat.com/security/cve/CVE-2025-22869", "https://bugzilla.redhat.com/2348367", "https://bugzilla.redhat.com/show_bug.cgi?id=2348367", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22869", "https://errata.almalinux.org/9/ALSA-2025-3833.html", "https://errata.rockylinux.org/RLSA-2025:7416", "https://github.com/golang/crypto", "https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22", "https://go-review.googlesource.com/c/crypto/+/652135", "https://go.dev/cl/652135", "https://go.dev/issue/71931", "https://linux.oracle.com/cve/CVE-2025-22869.html", "https://linux.oracle.com/errata/ELSA-2025-7484.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-22869", "https://pkg.go.dev/vuln/GO-2025-3487", "https://security.netapp.com/advisory/ntap-20250411-0010", "https://security.netapp.com/advisory/ntap-20250411-0010/", "https://www.cve.org/CVERecord?id=CVE-2025-22869" ], "PublishedDate": "2025-02-26T08:14:24.997Z", "LastModifiedDate": "2025-05-01T19:28:20.74Z" }, { "VulnerabilityID": "CVE-2023-48795", "VendorIDs": [ "GHSA-45x7-px36-x8w8" ], "PkgID": "golang.org/x/crypto@v0.3.0", "PkgName": "golang.org/x/crypto", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/crypto@v0.3.0", "UID": "31a497eb63876334" }, "InstalledVersion": "v0.3.0", "FixedVersion": "0.17.0, 0.0.0-20231218163308-9d2ee975ef9f", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-48795", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:f9288b1830f5a977111e89cf1128900ab775351cf4adb38607aca75ac356529c", "Title": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)", "Description": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.", "Severity": "MEDIUM", "CweIDs": [ "CWE-354" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.9 } }, "References": [ "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html", "http://seclists.org/fulldisclosure/2024/Mar/21", "http://www.openwall.com/lists/oss-security/2023/12/18/3", "http://www.openwall.com/lists/oss-security/2023/12/19/5", "http://www.openwall.com/lists/oss-security/2023/12/20/3", "http://www.openwall.com/lists/oss-security/2024/03/06/3", "http://www.openwall.com/lists/oss-security/2024/04/17/8", "https://access.redhat.com/errata/RHSA-2024:1150", "https://access.redhat.com/security/cve/CVE-2023-48795", "https://access.redhat.com/security/cve/cve-2023-48795", "https://access.redhat.com/solutions/7071748", "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack", "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/", "https://bugs.gentoo.org/920280", "https://bugzilla.redhat.com/2254210", "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", "https://bugzilla.suse.com/show_bug.cgi?id=1217950", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-364175.html", "https://cert-portal.siemens.com/productcert/html/ssa-769027.html", "https://cert-portal.siemens.com/productcert/html/ssa-794697.html", "https://cert-portal.siemens.com/productcert/html/ssa-915275.html", "https://crates.io/crates/thrussh/versions", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", "https://errata.almalinux.org/9/ALSA-2024-1150.html", "https://errata.rockylinux.org/RLSA-2024:0628", "https://filezilla-project.org/versions.php", "https://forum.netgate.com/topic/184941/terrapin-ssh-attack", "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10\u0026id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6", "https://github.com/NixOS/nixpkgs/pull/275249", "https://github.com/PowerShell/Win32-OpenSSH/issues/2189", "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta", "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0", "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1", "https://github.com/advisories/GHSA-45x7-px36-x8w8", "https://github.com/apache/mina-sshd/issues/445", "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab", "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22", "https://github.com/cyd01/KiTTY/issues/520", "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6", "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42", "https://github.com/erlang/otp/releases/tag/OTP-26.2.1", "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d", "https://github.com/hierynomus/sshj/issues/916", "https://github.com/janmojzis/tinyssh/issues/81", "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5", "https://github.com/libssh2/libssh2/pull/1291", "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25", "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3", "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15", "https://github.com/mwiede/jsch/issues/457", "https://github.com/mwiede/jsch/pull/461", "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16", "https://github.com/openssh/openssh-portable/commits/master", "https://github.com/paramiko/paramiko/issues/2337", "https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773", "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES", "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES", "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES", "https://github.com/proftpd/proftpd/issues/456", "https://github.com/rapier1/hpn-ssh/releases", "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst", "https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55", "https://github.com/ronf/asyncssh/tags", "https://github.com/ssh-mitm/ssh-mitm/issues/165", "https://github.com/warp-tech/russh", "https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951", "https://github.com/warp-tech/russh/releases/tag/v0.40.2", "https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8", "https://gitlab.com/libssh/libssh-mirror/-/tags", "https://go.dev/cl/550715", "https://go.dev/issue/64784", "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ", "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg", "https://help.panic.com/releasenotes/transmit5", "https://help.panic.com/releasenotes/transmit5/", "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795", "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/", "https://linux.oracle.com/cve/CVE-2023-48795.html", "https://linux.oracle.com/errata/ELSA-2024-2988.html", "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html", "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html", "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html", "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html", "https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html", "https://lists.debian.org/debian-lts-announce/2024/11/msg00032.html", "https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/", "https://matt.ucc.asn.au/dropbear/CHANGES", "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC", "https://news.ycombinator.com/item?id=38684904", "https://news.ycombinator.com/item?id=38685286", "https://news.ycombinator.com/item?id=38732005", "https://nova.app/releases/#v11.8", "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", "https://oryx-embedded.com/download/#changelog", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002", "https://roumenpetrov.info/secsh/#news20231220", "https://security-tracker.debian.org/tracker/CVE-2023-48795", "https://security-tracker.debian.org/tracker/source-package/libssh2", "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg", "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2", "https://security.gentoo.org/glsa/202312-16", "https://security.gentoo.org/glsa/202312-17", "https://security.netapp.com/advisory/ntap-20240105-0004", "https://security.netapp.com/advisory/ntap-20240105-0004/", "https://support.apple.com/kb/HT214084", "https://terrapin-attack.com/", "https://thorntech.com/cve-2023-48795-and-sftp-gateway", "https://thorntech.com/cve-2023-48795-and-sftp-gateway/", "https://twitter.com/TrueSkrillor/status/1736774389725565005", "https://ubuntu.com/security/CVE-2023-48795", "https://ubuntu.com/security/notices/USN-6560-1", "https://ubuntu.com/security/notices/USN-6560-2", "https://ubuntu.com/security/notices/USN-6561-1", "https://ubuntu.com/security/notices/USN-6585-1", "https://ubuntu.com/security/notices/USN-6589-1", "https://ubuntu.com/security/notices/USN-6598-1", "https://ubuntu.com/security/notices/USN-6738-1", "https://ubuntu.com/security/notices/USN-7051-1", "https://ubuntu.com/security/notices/USN-7292-1", "https://ubuntu.com/security/notices/USN-7297-1", "https://winscp.net/eng/docs/history#6.2.2", "https://www.bitvise.com/ssh-client-version-history#933", "https://www.bitvise.com/ssh-server-version-history", "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html", "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update", "https://www.cve.org/CVERecord?id=CVE-2023-48795", "https://www.debian.org/security/2023/dsa-5586", "https://www.debian.org/security/2023/dsa-5588", "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc", "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508", "https://www.netsarang.com/en/xshell-update-history", "https://www.netsarang.com/en/xshell-update-history/", "https://www.openssh.com/openbsd.html", "https://www.openssh.com/txt/release-9.6", "https://www.openwall.com/lists/oss-security/2023/12/18/2", "https://www.openwall.com/lists/oss-security/2023/12/18/3", "https://www.openwall.com/lists/oss-security/2023/12/20/3", "https://www.paramiko.org/changelog.html", "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed", "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/", "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795", "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/", "https://www.terrapin-attack.com", "https://www.theregister.com/2023/12/20/terrapin_attack_ssh", "https://www.vandyke.com/products/securecrt/history.txt", "https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit", "https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability" ], "PublishedDate": "2023-12-18T16:15:10.897Z", "LastModifiedDate": "2026-05-12T11:16:15.01Z" }, { "VulnerabilityID": "CVE-2025-47914", "VendorIDs": [ "GHSA-f6x5-jh6r-wrfv" ], "PkgID": "golang.org/x/crypto@v0.3.0", "PkgName": "golang.org/x/crypto", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/crypto@v0.3.0", "UID": "31a497eb63876334" }, "InstalledVersion": "v0.3.0", "FixedVersion": "0.45.0", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47914", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:2690db819220b94406ce696cdea2be233e20da33a34652ae913fef9ee946bb05", "Title": "golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages", "Description": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "amazon": 2, "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-47914", "https://go.dev/cl/721960", "https://go.dev/issue/76364", "https://go.googlesource.com/crypto", "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA", "https://nvd.nist.gov/vuln/detail/CVE-2025-47914", "https://pkg.go.dev/vuln/GO-2025-4135", "https://www.cve.org/CVERecord?id=CVE-2025-47914" ], "PublishedDate": "2025-11-19T21:15:50.517Z", "LastModifiedDate": "2025-12-11T19:36:41.373Z" }, { "VulnerabilityID": "CVE-2025-58181", "VendorIDs": [ "GHSA-j5w8-q4qc-rx2x" ], "PkgID": "golang.org/x/crypto@v0.3.0", "PkgName": "golang.org/x/crypto", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/crypto@v0.3.0", "UID": "31a497eb63876334" }, "InstalledVersion": "v0.3.0", "FixedVersion": "0.45.0", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58181", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:60d584c4834f246dbb5f52a714d4375b4b3974ae99423ef93d42bdaf382fcfd1", "Title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication", "Description": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 2, "ghsa": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-58181", "https://github.com/golang/crypto/commit/e79546e28b85ea53dd37afe1c4102746ef553b9c", "https://github.com/golang/go/issues/76363", "https://go.dev/cl/721961", "https://go.dev/issue/76363", "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA", "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA?pli=1", "https://nvd.nist.gov/vuln/detail/CVE-2025-58181", "https://pkg.go.dev/vuln/GO-2025-4134", "https://ubuntu.com/security/notices/USN-7956-1", "https://www.cve.org/CVERecord?id=CVE-2025-58181" ], "PublishedDate": "2025-11-19T21:15:50.85Z", "LastModifiedDate": "2025-12-11T19:29:24.9Z" }, { "VulnerabilityID": "CVE-2022-41723", "VendorIDs": [ "GHSA-vvpx-j8f3-3w6h" ], "PkgID": "golang.org/x/net@v0.4.0", "PkgName": "golang.org/x/net", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/net@v0.4.0", "UID": "80db47ca242657ea" }, "InstalledVersion": "v0.4.0", "FixedVersion": "0.7.0", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:0ef5d936a03196cd892e3f6b6427829606633f58f8f5681e6a8b32406038e086", "Title": "golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding", "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", "Severity": "HIGH", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2022-41723", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", "https://go.dev/cl/468135", "https://go.dev/cl/468295", "https://go.dev/issue/57855", "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "https://linux.oracle.com/cve/CVE-2022-41723.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", "https://pkg.go.dev/vuln/GO-2023-1571", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20230331-0010/", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://ubuntu.com/security/notices/USN-8089-1", "https://ubuntu.com/security/notices/USN-8089-2", "https://ubuntu.com/security/notices/USN-8089-3", "https://vuln.go.dev/ID/GO-2023-1571.json", "https://www.couchbase.com/alerts", "https://www.couchbase.com/alerts/", "https://www.cve.org/CVERecord?id=CVE-2022-41723" ], "PublishedDate": "2023-02-28T18:15:09.98Z", "LastModifiedDate": "2025-05-05T16:15:20.433Z" }, { "VulnerabilityID": "CVE-2023-39325", "VendorIDs": [ "GHSA-4374-p667-p6c8" ], "PkgID": "golang.org/x/net@v0.4.0", "PkgName": "golang.org/x/net", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/net@v0.4.0", "UID": "80db47ca242657ea" }, "InstalledVersion": "v0.4.0", "FixedVersion": "0.17.0", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39325", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:bfadcf552603313016822f7f1c8601aaa62cdea79df76256144fefce9adcc665", "Title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)", "Description": "A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 2, "redhat": 3, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "golang.org/x/net", "https://access.redhat.com/errata/RHSA-2023:6077", "https://access.redhat.com/security/cve/CVE-2023-39325", "https://access.redhat.com/security/cve/CVE-2023-44487", "https://bugzilla.redhat.com/2242803", "https://bugzilla.redhat.com/2243296", "https://bugzilla.redhat.com/show_bug.cgi?id=2242803", "https://bugzilla.redhat.com/show_bug.cgi?id=2243296", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39325", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487", "https://errata.almalinux.org/9/ALSA-2023-6077.html", "https://errata.rockylinux.org/RLSA-2023:6077", "https://github.com/golang/go/commit/24ae2d927285c697440fdde3ad7f26028354bcf3 [golang- 1.21]", "https://github.com/golang/go/commit/e175f27f58aa7b9cd4d79607ae65d2cd5baaee68 [golang-1.20]", "https://github.com/golang/go/issues/63417", "https://go.dev/cl/534215", "https://go.dev/cl/534235", "https://go.dev/issue/63417", "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ", "https://linux.oracle.com/cve/CVE-2023-39325.html", "https://linux.oracle.com/errata/ELSA-2023-5867.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/", "https://nvd.nist.gov/vuln/detail/CVE-2023-39325", "https://pkg.go.dev/vuln/GO-2023-2102", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20231110-0008", "https://security.netapp.com/advisory/ntap-20231110-0008/", "https://ubuntu.com/security/notices/USN-6574-1", "https://ubuntu.com/security/notices/USN-7061-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", "https://www.cve.org/CVERecord?id=CVE-2023-39325" ], "PublishedDate": "2023-10-11T22:15:09.88Z", "LastModifiedDate": "2024-11-21T08:15:09.627Z" }, { "VulnerabilityID": "CVE-2023-3978", "VendorIDs": [ "GHSA-2wrh-6pvc-2jm9" ], "PkgID": "golang.org/x/net@v0.4.0", "PkgName": "golang.org/x/net", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/net@v0.4.0", "UID": "80db47ca242657ea" }, "InstalledVersion": "v0.4.0", "FixedVersion": "0.13.0", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3978", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:35f3bba783524453933832a39f7bf146106028dd265bfa2fae3bbc63fd7d79e1", "Title": "golang.org/x/net/html: Cross site scripting", "Description": "Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "nvd": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2023-3978", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://go.dev/cl/514896", "https://go.dev/issue/61615", "https://linux.oracle.com/cve/CVE-2023-3978.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3978", "https://pkg.go.dev/vuln/GO-2023-1988", "https://ubuntu.com/security/notices/USN-8089-1", "https://ubuntu.com/security/notices/USN-8089-2", "https://ubuntu.com/security/notices/USN-8089-3", "https://www.cve.org/CVERecord?id=CVE-2023-3978" ], "PublishedDate": "2023-08-02T20:15:12.097Z", "LastModifiedDate": "2024-11-21T08:18:27.68Z" }, { "VulnerabilityID": "CVE-2023-44487", "VendorIDs": [ "GHSA-qppj-fm5r-hxr3" ], "PkgID": "golang.org/x/net@v0.4.0", "PkgName": "golang.org/x/net", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/net@v0.4.0", "UID": "80db47ca242657ea" }, "InstalledVersion": "v0.4.0", "FixedVersion": "0.17.0", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-44487", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:191a4066133e521d814ef03388f6f19d698cca0b3ecbde513d5dcb2053a32ad9", "Title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)", "Description": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.", "Severity": "MEDIUM", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "ghsa": 2, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:H", "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:A", "V3Score": 5.3, "V40Score": 6.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/10/10/6", "http://www.openwall.com/lists/oss-security/2023/10/10/7", "http://www.openwall.com/lists/oss-security/2023/10/13/4", "http://www.openwall.com/lists/oss-security/2023/10/13/9", "http://www.openwall.com/lists/oss-security/2023/10/18/4", "http://www.openwall.com/lists/oss-security/2023/10/18/8", "http://www.openwall.com/lists/oss-security/2023/10/19/6", "http://www.openwall.com/lists/oss-security/2023/10/20/8", "http://www.openwall.com/lists/oss-security/2025/08/13/6", "https://access.redhat.com/errata/RHSA-2023:6746", "https://access.redhat.com/security/cve/CVE-2023-44487", "https://access.redhat.com/security/cve/cve-2023-44487", "https://akka.io/security/akka-http-cve-2023-44487.html", "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size", "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/", "https://aws.amazon.com/security/security-bulletins/AWS-2023-011", "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/", "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack", "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/", "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack", "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/", "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty", "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/", "https://blog.powerdns.com/2024/02/16/powerdns-dnsdist-1.9.0-released", "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack", "https://blog.vespa.ai/cve-2023-44487", "https://blog.vespa.ai/cve-2023-44487/", "https://bugzilla.proxmox.com/show_bug.cgi?id=4988", "https://bugzilla.redhat.com/2242803", "https://bugzilla.redhat.com/show_bug.cgi?id=2242803", "https://bugzilla.suse.com/show_bug.cgi?id=1216123", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-341067.html", "https://cert-portal.siemens.com/productcert/html/ssa-784301.html", "https://cert-portal.siemens.com/productcert/html/ssa-832273.html", "https://cert-portal.siemens.com/productcert/html/ssa-915275.html", "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9", "https://chaos.social/@icing/111210915918780532", "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps", "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/", "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack", "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487", "https://devblogs.microsoft.com/dotnet/october-2023-updates/", "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715", "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve", "https://errata.almalinux.org/9/ALSA-2023-6746.html", "https://errata.rockylinux.org/RLSA-2023:5838", "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764", "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088", "https://github.com/Azure/AKS/issues/3947", "https://github.com/Kong/kong/discussions/11741", "https://github.com/advisories/GHSA-qppj-fm5r-hxr3", "https://github.com/advisories/GHSA-vx74-f528-fxqg", "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p", "https://github.com/akka/akka-http/issues/4323", "https://github.com/akka/akka-http/pull/4324", "https://github.com/akka/akka-http/pull/4325", "https://github.com/alibaba/tengine/issues/1872", "https://github.com/apache/apisix/issues/10320", "https://github.com/apache/httpd-site/pull/10", "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113", "https://github.com/apache/tomcat/commit/944332bb15bd2f3bf76ec2caeb1ff0a58a3bc628", "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2", "https://github.com/apache/trafficserver/pull/10564", "https://github.com/apple/swift-nio-http2", "https://github.com/apple/swift-nio-http2/security/advisories/GHSA-qppj-fm5r-hxr3", "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487", "https://github.com/bcdannyboy/CVE-2023-44487", "https://github.com/caddyserver/caddy/issues/5877", "https://github.com/caddyserver/caddy/releases/tag/v2.7.5", "https://github.com/dotnet/announcements/issues/277", "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73", "https://github.com/eclipse/jetty.project/issues/10679", "https://github.com/envoyproxy/envoy/pull/30055", "https://github.com/envoyproxy/envoy/security/advisories/GHSA-jhv4-f7mr-xx76", "https://github.com/etcd-io/etcd/issues/16740", "https://github.com/facebook/proxygen/pull/466", "https://github.com/golang/go/issues/63417", "https://github.com/grpc/grpc-go/pull/6703", "https://github.com/grpc/grpc-go/releases", "https://github.com/grpc/grpc/releases/tag/v1.59.2", "https://github.com/h2o/h2o/pull/3291", "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf", "https://github.com/haproxy/haproxy/issues/2312", "https://github.com/hyperium/hyper/issues/3337", "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244", "https://github.com/junkurihara/rust-rpxy/issues/97", "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1", "https://github.com/kazu-yamamoto/http2/issues/93", "https://github.com/kubernetes/ingress-nginx/blob/4b5c5efe2508dc915a48c54de7f23912ff2ec695/changelog/controller-1.9.3.md?plain=1#L15", "https://github.com/kubernetes/kubernetes/pull/121120", "https://github.com/line/armeria/pull/5232", "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632", "https://github.com/micrictor/http2-rst-stream", "https://github.com/microsoft/CBL-Mariner/pull/6381", "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61", "https://github.com/nghttp2/nghttp2/pull/1961", "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0", "https://github.com/ninenines/cowboy/issues/1615", "https://github.com/nodejs/node/pull/50121", "https://github.com/openresty/openresty/issues/930", "https://github.com/opensearch-project/data-prepper/issues/3474", "https://github.com/oqtane/oqtane.framework/discussions/3367", "https://github.com/projectcontour/contour/pull/5826", "https://github.com/tempesta-tech/tempesta/issues/1986", "https://github.com/varnishcache/varnish-cache/issues/3996", "https://go.dev/cl/534215", "https://go.dev/cl/534235", "https://go.dev/issue/63417", "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo", "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ", "https://istio.io/latest/news/security/istio-security-2023-004", "https://istio.io/latest/news/security/istio-security-2023-004/", "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487", "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/", "https://linux.oracle.com/cve/CVE-2023-44487.html", "https://linux.oracle.com/errata/ELSA-2024-1444.html", "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q", "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html", "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html", "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html", "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html", "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html", "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html", "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/", "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html", "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html", "https://mailman.powerdns.com/pipermail/dnsdist/2023-October/001409.html", "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html", "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2", "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487", "https://my.f5.com/manage/s/article/K000137106", "https://netty.io/news/2023/10/10/4-1-100-Final.html", "https://news.ycombinator.com/item?id=37830987", "https://news.ycombinator.com/item?id=37830998", "https://news.ycombinator.com/item?id=37831062", "https://news.ycombinator.com/item?id=37837043", "https://nodejs.org/en/blog/vulnerability/october-2023-security-releases", "https://nvd.nist.gov/vuln/detail/CVE-2023-44487", "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response", "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/", "https://pkg.go.dev/vuln/GO-2023-2102", "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected", "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20231016-0001", "https://security.netapp.com/advisory/ntap-20231016-0001/", "https://security.netapp.com/advisory/ntap-20240426-0007", "https://security.netapp.com/advisory/ntap-20240426-0007/", "https://security.netapp.com/advisory/ntap-20240621-0006", "https://security.netapp.com/advisory/ntap-20240621-0006/", "https://security.netapp.com/advisory/ntap-20240621-0007", "https://security.netapp.com/advisory/ntap-20240621-0007/", "https://security.paloaltonetworks.com/CVE-2023-44487", "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14", "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.0-M12", "https://tomcat.apache.org/security-8.html", "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.94", "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.81", "https://ubuntu.com/security/CVE-2023-44487", "https://ubuntu.com/security/notices/USN-6427-1", "https://ubuntu.com/security/notices/USN-6427-2", "https://ubuntu.com/security/notices/USN-6438-1", "https://ubuntu.com/security/notices/USN-6505-1", "https://ubuntu.com/security/notices/USN-6574-1", "https://ubuntu.com/security/notices/USN-6754-1", "https://ubuntu.com/security/notices/USN-6994-1", "https://ubuntu.com/security/notices/USN-7067-1", "https://ubuntu.com/security/notices/USN-7410-1", "https://ubuntu.com/security/notices/USN-7469-1", "https://ubuntu.com/security/notices/USN-7469-2", "https://ubuntu.com/security/notices/USN-7469-3", "https://ubuntu.com/security/notices/USN-7469-4", "https://ubuntu.com/security/notices/USN-7892-1", "https://varnish-cache.org/releases/rel6.0.12.html#rel6-0-12", "https://varnish-cache.org/releases/rel7.3.1.html#rel7-3-1", "https://varnish-cache.org/releases/rel7.4.2.html#rel7-4-2", "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records", "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/", "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487", "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", "https://www.cve.org/CVERecord?id=CVE-2023-44487", "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event", "https://www.debian.org/security/2023/dsa-5521", "https://www.debian.org/security/2023/dsa-5522", "https://www.debian.org/security/2023/dsa-5540", "https://www.debian.org/security/2023/dsa-5549", "https://www.debian.org/security/2023/dsa-5558", "https://www.debian.org/security/2023/dsa-5570", "https://www.eclipse.org/lists/jetty-announce/msg00181.html", "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487", "https://www.mail-archive.com/haproxy@formilux.org/msg44134.html", "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487", "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/", "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products", "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/", "https://www.openwall.com/lists/oss-security/2023/10/10/6", "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack", "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday", "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/", "https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause" ], "PublishedDate": "2023-10-10T14:15:10.883Z", "LastModifiedDate": "2026-05-12T15:10:32.26Z" }, { "VulnerabilityID": "CVE-2023-45288", "VendorIDs": [ "GHSA-4v7x-pqxf-cx7m" ], "PkgID": "golang.org/x/net@v0.4.0", "PkgName": "golang.org/x/net", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/net@v0.4.0", "UID": "80db47ca242657ea" }, "InstalledVersion": "v0.4.0", "FixedVersion": "0.23.0", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45288", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:07a8b6a3e3be3b01d17fd9b632323f9e5ae742675d5b03a985dc5aa585f394a3", "Title": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS", "Description": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "ghsa": 2, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/04/03/16", "http://www.openwall.com/lists/oss-security/2024/04/05/4", "https://access.redhat.com/errata/RHSA-2024:2724", "https://access.redhat.com/security/cve/CVE-2023-45288", "https://bugzilla.redhat.com/2268017", "https://bugzilla.redhat.com/2268018", "https://bugzilla.redhat.com/2268019", "https://bugzilla.redhat.com/2268273", "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", "https://errata.almalinux.org/9/ALSA-2024-2724.html", "https://errata.rockylinux.org/RLSA-2024:2724", "https://go.dev/cl/576155", "https://go.dev/issue/65051", "https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M", "https://kb.cert.org/vuls/id/421644", "https://linux.oracle.com/cve/CVE-2023-45288.html", "https://linux.oracle.com/errata/ELSA-2024-3346.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/", "https://nowotarski.info/http2-continuation-flood-technical-details", "https://nowotarski.info/http2-continuation-flood/", "https://nvd.nist.gov/vuln/detail/CVE-2023-45288", "https://pkg.go.dev/vuln/GO-2024-2687", "https://security.netapp.com/advisory/ntap-20240419-0009", "https://security.netapp.com/advisory/ntap-20240419-0009/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2023-45288", "https://www.kb.cert.org/vuls/id/421644" ], "PublishedDate": "2024-04-04T21:15:16.113Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-22870", "VendorIDs": [ "GHSA-qxp5-gwg8-xv66" ], "PkgID": "golang.org/x/net@v0.4.0", "PkgName": "golang.org/x/net", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/net@v0.4.0", "UID": "80db47ca242657ea" }, "InstalledVersion": "v0.4.0", "FixedVersion": "0.36.0", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:d03ba5ebc75ffa2958093fe403616c5fdd5b3e539c29cca792f26392479bc545", "Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", "Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.", "Severity": "MEDIUM", "CweIDs": [ "CWE-115" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/03/07/2", "https://access.redhat.com/security/cve/CVE-2025-22870", "https://github.com/golang/go/issues/71984", "https://go-review.googlesource.com/q/project:net", "https://go.dev/cl/654697", "https://go.dev/issue/71984", "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", "https://nvd.nist.gov/vuln/detail/CVE-2025-22870", "https://pkg.go.dev/vuln/GO-2025-3503", "https://security.netapp.com/advisory/ntap-20250509-0007", "https://security.netapp.com/advisory/ntap-20250509-0007/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-22870" ], "PublishedDate": "2025-03-12T19:15:38.31Z", "LastModifiedDate": "2026-04-16T23:16:32.86Z" }, { "VulnerabilityID": "CVE-2025-22872", "VendorIDs": [ "GHSA-vvgc-356p-c3xw" ], "PkgID": "golang.org/x/net@v0.4.0", "PkgName": "golang.org/x/net", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/net@v0.4.0", "UID": "80db47ca242657ea" }, "InstalledVersion": "v0.4.0", "FixedVersion": "0.38.0", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22872", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:ac56483ae9c2dff44002a2b83d335b712847d0946f48490c7250cde32b0cd96a", "Title": "golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net", "Description": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N", "V40Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22872", "https://github.com/TheDegenerateDev5150/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9", "https://github.com/advisories/GHSA-vvgc-356p-c3xw", "https://go.dev/cl/662715", "https://go.dev/issue/73070", "https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA", "https://nvd.nist.gov/vuln/detail/CVE-2025-22872", "https://pkg.go.dev/vuln/GO-2025-3595", "https://security.netapp.com/advisory/ntap-20250516-0007", "https://security.netapp.com/advisory/ntap-20250516-0007/", "https://ubuntu.com/security/notices/USN-8089-1", "https://ubuntu.com/security/notices/USN-8089-2", "https://ubuntu.com/security/notices/USN-8089-3", "https://www.cve.org/CVERecord?id=CVE-2025-22872" ], "PublishedDate": "2025-04-16T18:16:04.183Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-22868", "VendorIDs": [ "GHSA-6v2p-p543-phr9" ], "PkgID": "golang.org/x/oauth2@v0.2.0", "PkgName": "golang.org/x/oauth2", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/oauth2@v0.2.0", "UID": "31dfa10cd8116308" }, "InstalledVersion": "v0.2.0", "FixedVersion": "0.27.0", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22868", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:89ee97870da51ebbcdfc3fc4a81aa094ec76330d0f64bf4a74106bf25778faa5", "Title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws", "Description": "An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.", "Severity": "HIGH", "CweIDs": [ "CWE-1286" ], "VendorSeverity": { "amazon": 3, "azure": 3, "cbl-mariner": 3, "ghsa": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22868", "https://bugzilla.redhat.com/show_bug.cgi?id=2347423", "https://bugzilla.redhat.com/show_bug.cgi?id=2348366", "https://bugzilla.redhat.com/show_bug.cgi?id=2352914", "https://bugzilla.redhat.com/show_bug.cgi?id=2354195", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22868", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27144", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30204", "https://errata.rockylinux.org/RLSA-2025:7479", "https://go.dev/cl/652155", "https://go.dev/issue/71490", "https://nvd.nist.gov/vuln/detail/CVE-2025-22868", "https://pkg.go.dev/vuln/GO-2025-3488", "https://www.cve.org/CVERecord?id=CVE-2025-22868" ], "PublishedDate": "2025-02-26T08:14:24.897Z", "LastModifiedDate": "2025-05-01T19:27:10.43Z" }, { "VulnerabilityID": "CVE-2026-33186", "VendorIDs": [ "GHSA-p77j-4mvh-x3m3" ], "PkgID": "google.golang.org/grpc@v1.50.1", "PkgName": "google.golang.org/grpc", "PkgIdentifier": { "PURL": "pkg:golang/google.golang.org/grpc@v1.50.1", "UID": "295cade235701834" }, "InstalledVersion": "v1.50.1", "FixedVersion": "1.79.3", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33186", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:f8650128a970a747ecbae3514f6e8fb3c38d7ca531c312e6ea6493ef96a2bbb0", "Title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation", "Description": "gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, \"deny\" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback \"allow\" rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific \"deny\" rules for canonical paths but allows other requests by default (a fallback \"allow\" rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening.", "Severity": "CRITICAL", "CweIDs": [ "CWE-285" ], "VendorSeverity": { "amazon": 3, "ghsa": 4, "photon": 4, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33186", "https://github.com/grpc/grpc-go", "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3", "https://nvd.nist.gov/vuln/detail/CVE-2026-33186", "https://www.cve.org/CVERecord?id=CVE-2026-33186" ], "PublishedDate": "2026-03-20T23:16:45.18Z", "LastModifiedDate": "2026-04-10T20:49:17.737Z" }, { "VulnerabilityID": "GHSA-m425-mq94-257g", "PkgID": "google.golang.org/grpc@v1.50.1", "PkgName": "google.golang.org/grpc", "PkgIdentifier": { "PURL": "pkg:golang/google.golang.org/grpc@v1.50.1", "UID": "295cade235701834" }, "InstalledVersion": "v1.50.1", "FixedVersion": "1.56.3, 1.57.1, 1.58.3", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://github.com/advisories/GHSA-m425-mq94-257g", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:42bf88f80cb34c9c3bb9e9def493bfe2e849a4f963398348ff333222ab3573c5", "Title": "gRPC-Go HTTP/2 Rapid Reset vulnerability", "Description": "### Impact\nIn affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit.\n\n### Patches\nThis vulnerability was addressed by #6703 and has been included in patch releases: 1.56.3, 1.57.1, 1.58.3. It is also included in the latest release, 1.59.0.\n\nAlong with applying the patch, users should also ensure they are using the `grpc.MaxConcurrentStreams` server option to apply a limit to the server's resources used for any single connection.\n\n### Workarounds\nNone.\n\n### References\n#6703\n", "Severity": "HIGH", "VendorSeverity": { "ghsa": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://github.com/grpc/grpc-go", "https://github.com/grpc/grpc-go/commit/f2180b4d5403d2210b30b93098eb7da31c05c721", "https://github.com/grpc/grpc-go/pull/6703", "https://github.com/grpc/grpc-go/security/advisories/GHSA-m425-mq94-257g", "https://nvd.nist.gov/vuln/detail/CVE-2023-44487" ], "PublishedDate": "2023-10-25T21:17:37Z", "LastModifiedDate": "2024-07-19T16:32:30Z" }, { "VulnerabilityID": "CVE-2024-24786", "VendorIDs": [ "GHSA-8r3f-844c-mc37" ], "PkgID": "google.golang.org/protobuf@v1.28.1", "PkgName": "google.golang.org/protobuf", "PkgIdentifier": { "PURL": "pkg:golang/google.golang.org/protobuf@v1.28.1", "UID": "92d88af829581f08" }, "InstalledVersion": "v1.28.1", "FixedVersion": "1.33.0", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24786", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:07adec91e1637dff377dfec82466e574fc5ad6f052a37396e270301f59bbd147", "Title": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", "Description": "The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "cbl-mariner": 3, "ghsa": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U", "V3Score": 7.5, "V40Score": 6.6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/08/4", "https://access.redhat.com/errata/RHSA-2024:2550", "https://access.redhat.com/security/cve/CVE-2024-24786", "https://bugzilla.redhat.com/2268046", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24786", "https://errata.almalinux.org/9/ALSA-2024-2550.html", "https://errata.rockylinux.org/RLSA-2024:2550", "https://github.com/protocolbuffers/protobuf-go", "https://github.com/protocolbuffers/protobuf-go/commit/f01a588e5810b90996452eec4a28f22a0afae023", "https://github.com/protocolbuffers/protobuf-go/releases/tag/v1.33.0", "https://go-review.googlesource.com/c/protobuf/+/569356", "https://go.dev/cl/569356", "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/", "https://linux.oracle.com/cve/CVE-2024-24786.html", "https://linux.oracle.com/errata/ELSA-2024-4246.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU/", "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", "https://pkg.go.dev/vuln/GO-2024-2611", "https://security.netapp.com/advisory/ntap-20240517-0002", "https://security.netapp.com/advisory/ntap-20240517-0002/", "https://ubuntu.com/security/notices/USN-6746-1", "https://ubuntu.com/security/notices/USN-6746-2", "https://www.cve.org/CVERecord?id=CVE-2024-24786" ], "PublishedDate": "2024-03-05T23:15:07.82Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2023-24538", "VendorIDs": [ "GO-2023-1703" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.19.8, 1.20.3", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24538", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:fe43916ec2bf6fafb2cc29ed43f06670dc11a24635c2e467c1c07491fb399769", "Title": "golang: html/template: backticks not treated as string delimiters", "Description": "Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g. \"var a = {{.}}\"), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template.Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported, but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution.", "Severity": "CRITICAL", "CweIDs": [ "CWE-94" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 4, "bitnami": 4, "cbl-mariner": 4, "nvd": 4, "oracle-oval": 2, "photon": 4, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2023-24538", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://github.com/golang/go/commit/20374d1d759bc4e17486bde1cb9dca5be37d9e52 (go1.20.3)", "https://github.com/golang/go/commit/b1e3ecfa06b67014429a197ec5e134ce4303ad9b (go1.19.8)", "https://github.com/golang/go/issues/59234", "https://go.dev/cl/482079", "https://go.dev/issue/59234", "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", "https://linux.oracle.com/cve/CVE-2023-24538.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-24538", "https://pkg.go.dev/vuln/GO-2023-1703", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20241115-0007/", "https://ubuntu.com/security/notices/USN-6038-1", "https://ubuntu.com/security/notices/USN-6038-2", "https://ubuntu.com/security/notices/USN-6140-1", "https://ubuntu.com/security/notices/USN-7061-1", "https://www.cve.org/CVERecord?id=CVE-2023-24538" ], "PublishedDate": "2023-04-06T16:15:07.8Z", "LastModifiedDate": "2025-02-12T17:15:14.19Z" }, { "VulnerabilityID": "CVE-2023-24540", "VendorIDs": [ "GO-2023-1752" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.19.9, 1.20.4", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24540", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:d0a08621f1760feeabcd99aba1b2996fec587eb1657090e63a89ab56c772dcac", "Title": "golang: html/template: improper handling of JavaScript whitespace", "Description": "Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set \"\\t\\n\\f\\r\\u0020\\u2028\\u2029\" in JavaScript contexts that also contain actions may not be properly sanitized during execution.", "Severity": "CRITICAL", "CweIDs": [ "CWE-77" ], "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 4, "cbl-mariner": 4, "nvd": 4, "oracle-oval": 2, "photon": 4, "redhat": 3, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2023-24540", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://github.com/golang/go/commit/4a28cad66655ee01c6e944271e23c33cab021765 (go1.20.4)", "https://github.com/golang/go/commit/ce7bd33345416e6d8cac901792060591cafc2797 (go1.19.9)", "https://github.com/golang/go/issues/59721", "https://go.dev/cl/491616", "https://go.dev/issue/59721", "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU", "https://linux.oracle.com/cve/CVE-2023-24540.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-24540", "https://pkg.go.dev/vuln/GO-2023-1752", "https://security.netapp.com/advisory/ntap-20241115-0008/", "https://ubuntu.com/security/notices/USN-6140-1", "https://www.cve.org/CVERecord?id=CVE-2023-24540" ], "PublishedDate": "2023-05-11T16:15:09.687Z", "LastModifiedDate": "2025-01-24T17:15:10.893Z" }, { "VulnerabilityID": "CVE-2024-24790", "VendorIDs": [ "GO-2024-2887" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.21.11, 1.22.4", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24790", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:8803796c078fe993f501b97ea170ccd8766431cbf7fd63c9e89b967ac3262fc2", "Title": "golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses", "Description": "The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.", "Severity": "CRITICAL", "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 4, "cbl-mariner": 4, "nvd": 4, "oracle-oval": 2, "photon": 4, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 6.7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/06/04/1", "https://access.redhat.com/errata/RHSA-2025:7256", "https://access.redhat.com/security/cve/CVE-2024-24790", "https://bugzilla.redhat.com/2237777", "https://bugzilla.redhat.com/2237778", "https://bugzilla.redhat.com/2279814", "https://bugzilla.redhat.com/2292787", "https://bugzilla.redhat.com/2295310", "https://bugzilla.redhat.com/2315719", "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", "https://bugzilla.redhat.com/show_bug.cgi?id=2292787", "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", "https://bugzilla.redhat.com/show_bug.cgi?id=2315719", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9355", "https://errata.almalinux.org/9/ALSA-2025-7256.html", "https://errata.rockylinux.org/RLSA-2025:7256", "https://github.com/golang/go/commit/051bdf3fd12a40307606ff9381138039c5f452f0 (1.21)", "https://github.com/golang/go/commit/12d5810cdb1f73cf23d7a86462143e9463317fca (1.22)", "https://github.com/golang/go/issues/67680", "https://go.dev/cl/590316", "https://go.dev/issue/67680", "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k", "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ", "https://linux.oracle.com/cve/CVE-2024-24790.html", "https://linux.oracle.com/errata/ELSA-2025-7256.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-24790", "https://pkg.go.dev/vuln/GO-2024-2887", "https://security.netapp.com/advisory/ntap-20240905-0002/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://www.cve.org/CVERecord?id=CVE-2024-24790" ], "PublishedDate": "2024-06-05T16:15:10.56Z", "LastModifiedDate": "2024-11-21T08:59:42.813Z" }, { "VulnerabilityID": "CVE-2025-68121", "VendorIDs": [ "GO-2026-4337" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68121", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:7740a96800e3667ab632ff3053b2b964df01a9283bc049863773799c4f04c18d", "Title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption", "Description": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.", "Severity": "CRITICAL", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 4, "cbl-mariner": 2, "nvd": 4, "oracle-oval": 3, "photon": 4, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "V3Score": 10 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "V3Score": 10 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4177", "https://access.redhat.com/security/cve/CVE-2025-68121", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-4177.html", "https://errata.rockylinux.org/RLSA-2026:4177", "https://github.com/golang/go/issues/77113", "https://go.dev/cl/737700", "https://go.dev/issue/77217", "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-68121.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-68121", "https://pkg.go.dev/vuln/GO-2026-4337", "https://www.cve.org/CVERecord?id=CVE-2025-68121" ], "PublishedDate": "2026-02-05T18:16:10.857Z", "LastModifiedDate": "2026-04-29T14:16:16.17Z" }, { "VulnerabilityID": "CVE-2022-41722", "VendorIDs": [ "GO-2023-1568" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.19.6, 1.20.1", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41722", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f8063f23d310aa8edccad2e55fd9eefc5e16a99a1f15b3f172bce8e538b0a092", "Title": "golang: path/filepath: path-filepath filepath.Clean path traversal", "Description": "A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as \"a/../c:/b\" into the valid path \"c:\\b\". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path \".\\c:\\b\".", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-41722", "https://go.dev/cl/468123", "https://go.dev/issue/57274", "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "https://nvd.nist.gov/vuln/detail/CVE-2022-41722", "https://pkg.go.dev/vuln/GO-2023-1568", "https://www.cve.org/CVERecord?id=CVE-2022-41722" ], "PublishedDate": "2023-02-28T18:15:09.887Z", "LastModifiedDate": "2024-11-21T07:23:44.303Z" }, { "VulnerabilityID": "CVE-2022-41723", "VendorIDs": [ "GHSA-vvpx-j8f3-3w6h", "GO-2023-1571" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.19.6, 1.20.1", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:bce00a1800d2238cfad4839b3e63b58184750e2d2394f75bd9a51cd32dba24b0", "Title": "golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding", "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", "Severity": "HIGH", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2022-41723", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", "https://go.dev/cl/468135", "https://go.dev/cl/468295", "https://go.dev/issue/57855", "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "https://linux.oracle.com/cve/CVE-2022-41723.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", "https://pkg.go.dev/vuln/GO-2023-1571", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20230331-0010/", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://ubuntu.com/security/notices/USN-8089-1", "https://ubuntu.com/security/notices/USN-8089-2", "https://ubuntu.com/security/notices/USN-8089-3", "https://vuln.go.dev/ID/GO-2023-1571.json", "https://www.couchbase.com/alerts", "https://www.couchbase.com/alerts/", "https://www.cve.org/CVERecord?id=CVE-2022-41723" ], "PublishedDate": "2023-02-28T18:15:09.98Z", "LastModifiedDate": "2025-05-05T16:15:20.433Z" }, { "VulnerabilityID": "CVE-2022-41724", "VendorIDs": [ "GO-2023-1570" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.19.6, 1.20.1", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41724", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:a63f44b7335b31397b3139fec01e8f48cbc10dd1b30cec4d10eacf88d0f3ee25", "Title": "golang: crypto/tls: large handshake records may cause panics", "Description": "Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth \u003e= RequestClientCert).", "Severity": "HIGH", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2022-41724", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://go.dev/cl/468125", "https://go.dev/issue/58001", "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "https://linux.oracle.com/cve/CVE-2022-41724.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-41724", "https://pkg.go.dev/vuln/GO-2023-1570", "https://security.gentoo.org/glsa/202311-09", "https://ubuntu.com/security/notices/USN-6140-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2022-41724" ], "PublishedDate": "2023-02-28T18:15:10.043Z", "LastModifiedDate": "2024-11-21T07:23:44.603Z" }, { "VulnerabilityID": "CVE-2022-41725", "VendorIDs": [ "GO-2023-1569" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.19.6, 1.20.1", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41725", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:269e20a23c370b9ad9672165a75784a8191b2fc1ab0804c78aae0a0c69275f54", "Title": "golang: net/http, mime/multipart: denial of service from excessive resource consumption", "Description": "A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. ReadForm takes a maxMemory parameter, and is documented as storing \"up to maxMemory bytes +10MB (reserved for non-file parts) in memory\". File parts which cannot be stored in memory are stored on disk in temporary files. The unconfigurable 10MB reserved for non-file parts is excessively large and can potentially open a denial of service vector on its own. However, ReadForm did not properly account for all memory consumed by a parsed form, such as map entry overhead, part names, and MIME headers, permitting a maliciously crafted form to consume well over 10MB. In addition, ReadForm contained no limit on the number of disk files created, permitting a relatively small request body to create a large number of disk temporary files. With fix, ReadForm now properly accounts for various forms of memory overhead, and should now stay within its documented limit of 10MB + maxMemory bytes of memory consumption. Users should still be aware that this limit is high and may still be hazardous. In addition, ReadForm now creates at most one on-disk temporary file, combining multiple form parts into a single temporary file. The mime/multipart.File interface type's documentation states, \"If stored on disk, the File's underlying concrete type will be an *os.File.\". This is no longer the case when a form contains more than one file part, due to this coalescing of parts into a single file. The previous behavior of using distinct files for each form part may be reenabled with the environment variable GODEBUG=multipartfiles=distinct. Users should be aware that multipart.ReadForm and the http.Request methods that call it do not limit the amount of disk consumed by temporary files. Callers can limit the size of form data with http.MaxBytesReader.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2022-41725", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://github.com/golang/go/commit/5c55ac9bf1e5f779220294c843526536605f42ab [1.19]", "https://go.dev/cl/468124", "https://go.dev/issue/58006", "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "https://linux.oracle.com/cve/CVE-2022-41725.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-41725", "https://pkg.go.dev/vuln/GO-2023-1569", "https://security.gentoo.org/glsa/202311-09", "https://ubuntu.com/security/notices/USN-6140-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2022-41725" ], "PublishedDate": "2023-02-28T18:15:10.12Z", "LastModifiedDate": "2024-11-21T07:23:44.733Z" }, { "VulnerabilityID": "CVE-2023-24534", "VendorIDs": [ "GO-2023-1704" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.19.8, 1.20.3", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24534", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:972e8f83c2e05947b1ac835779d76edf0e1888a8132802cb1fb85d1333cbb446", "Title": "golang: net/http, net/textproto: denial of service from excessive memory allocation", "Description": "HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than required to hold the parsed headers. An attacker can exploit this behavior to cause an HTTP server to allocate large amounts of memory from a small request, potentially leading to memory exhaustion and a denial of service. With fix, header parsing now correctly allocates only the memory required to hold parsed headers.", "Severity": "HIGH", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2023-24534", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://github.com/golang/go/commit/3991f6c41c7dfd167e889234c0cf1d840475e93c (go1.20.3)", "https://github.com/golang/go/commit/d6759e7a059f4208f07aa781402841d7ddaaef96 (go1.19.8)", "https://go.dev/cl/481994", "https://go.dev/issue/58975", "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", "https://linux.oracle.com/cve/CVE-2023-24534.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-24534", "https://pkg.go.dev/vuln/GO-2023-1704", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20230526-0007/", "https://ubuntu.com/security/notices/USN-6038-1", "https://ubuntu.com/security/notices/USN-6038-2", "https://ubuntu.com/security/notices/USN-6140-1", "https://www.cve.org/CVERecord?id=CVE-2023-24534" ], "PublishedDate": "2023-04-06T16:15:07.657Z", "LastModifiedDate": "2025-02-12T18:15:19.837Z" }, { "VulnerabilityID": "CVE-2023-24536", "VendorIDs": [ "GO-2023-1705" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.19.8, 1.20.3", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24536", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:81885dda742ccaa999d19161793546c14fabd5067cd676ac9836ab3356812310", "Title": "golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption", "Description": "Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount of memory consumed, leading it to accept larger inputs than intended. 2. Limiting total memory does not account for increased pressure on the garbage collector from large numbers of small allocations in forms with many parts. 3. ReadForm can allocate a large number of short-lived buffers, further increasing pressure on the garbage collector. The combination of these factors can permit an attacker to cause an program that parses multipart forms to consume large amounts of CPU and memory, potentially resulting in a denial of service. This affects programs that use mime/multipart.Reader.ReadForm, as well as form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. With fix, ReadForm now does a better job of estimating the memory consumption of parsed forms, and performs many fewer short-lived allocations. In addition, the fixed mime/multipart.Reader imposes the following limits on the size of parsed forms: 1. Forms parsed with ReadForm may contain no more than 1000 parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxparts=. 2. Form parts parsed with NextPart and NextRawPart may contain no more than 10,000 header fields. In addition, forms parsed with ReadForm may contain no more than 10,000 header fields across all parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxheaders=.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2023-24536", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://github.com/golang/go/commit/7917b5f31204528ea72e0629f0b7d52b35b27538 (go.1.19.8)", "https://github.com/golang/go/commit/bf8c7c575c8a552d9d79deb29e80854dc88528d0 (go1.20.3)", "https://go.dev/cl/482075", "https://go.dev/cl/482076", "https://go.dev/cl/482077", "https://go.dev/issue/59153", "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", "https://linux.oracle.com/cve/CVE-2023-24536.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-24536", "https://pkg.go.dev/vuln/GO-2023-1705", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20230526-0007/", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2023-24536" ], "PublishedDate": "2023-04-06T16:15:07.71Z", "LastModifiedDate": "2025-02-12T18:15:20.083Z" }, { "VulnerabilityID": "CVE-2023-24537", "VendorIDs": [ "GO-2023-1702" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.19.8, 1.20.3", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24537", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:d3e9ace5a6688a352012c8d8cc8f39da8a3d3936a4ff893990dd4184c891c6be", "Title": "golang: go/parser: Infinite loop in parsing", "Description": "Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.", "Severity": "HIGH", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2023-24537", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://github.com/golang/go/commit/126a1d02da82f93ede7ce0bd8d3c51ef627f2104 (go1.19.8)", "https://github.com/golang/go/commit/e7c4b07ecf6b367f1afc9cc48cde963829dd0aab (go1.20.3)", "https://github.com/golang/go/issues/59180", "https://go.dev/cl/482078", "https://go.dev/issue/59180", "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", "https://linux.oracle.com/cve/CVE-2023-24537.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-24537", "https://pkg.go.dev/vuln/GO-2023-1702", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20241129-0004/", "https://ubuntu.com/security/notices/USN-6038-1", "https://ubuntu.com/security/notices/USN-6038-2", "https://ubuntu.com/security/notices/USN-6140-1", "https://www.cve.org/CVERecord?id=CVE-2023-24537" ], "PublishedDate": "2023-04-06T16:15:07.753Z", "LastModifiedDate": "2025-02-12T17:15:13.973Z" }, { "VulnerabilityID": "CVE-2023-24539", "VendorIDs": [ "GO-2023-1751" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.19.9, 1.20.4", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24539", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:bdfedff25c419e1a29cedfaf8b2ded39e7a02de5fe8c289b30164937f01a5436", "Title": "golang: html/template: improper sanitization of CSS values", "Description": "Angle brackets (\u003c\u003e) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input.", "Severity": "HIGH", "CweIDs": [ "CWE-74", "CWE-94" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 7.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 7.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 7.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2023-24539", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://github.com/golang/go/commit/090590fdccc8442728aa31601927da1bf2ef1288 (go1.20.4)", "https://github.com/golang/go/commit/e49282327b05192e46086bf25fd3ac691205fe80 (go1.19.9)", "https://github.com/golang/go/issues/59720", "https://go.dev/cl/491615", "https://go.dev/issue/59720", "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU", "https://linux.oracle.com/cve/CVE-2023-24539.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-24539", "https://pkg.go.dev/vuln/GO-2023-1751", "https://security.netapp.com/advisory/ntap-20241129-0005/", "https://ubuntu.com/security/notices/USN-6140-1", "https://www.cve.org/CVERecord?id=CVE-2023-24539" ], "PublishedDate": "2023-05-11T16:15:09.6Z", "LastModifiedDate": "2025-01-24T17:15:10.67Z" }, { "VulnerabilityID": "CVE-2023-29400", "VendorIDs": [ "GO-2023-1753" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.19.9, 1.20.4", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29400", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:9a2e83e8c6c052945dd72db18389ad1cfebc272cd598538d894f0c0847838298", "Title": "golang: html/template: improper handling of empty HTML attributes", "Description": "Templates containing actions in unquoted HTML attributes (e.g. \"attr={{.}}\") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.", "Severity": "HIGH", "CweIDs": [ "CWE-74", "CWE-94" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 7.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 7.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 7.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2023-29400", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://github.com/golang/go/commit/337dd75343145b74ed2073d793322eb4103b56ad (go1.20.4)", "https://github.com/golang/go/commit/9db0e74f606b8afb28cc71d4b1c8b4ed24cabbf5 (go1.19.9)", "https://github.com/golang/go/issues/59722", "https://go.dev/cl/491617", "https://go.dev/issue/59722", "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU", "https://linux.oracle.com/cve/CVE-2023-29400.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-29400", "https://pkg.go.dev/vuln/GO-2023-1753", "https://security.netapp.com/advisory/ntap-20241213-0005/", "https://ubuntu.com/security/notices/USN-6140-1", "https://www.cve.org/CVERecord?id=CVE-2023-29400" ], "PublishedDate": "2023-05-11T16:15:09.85Z", "LastModifiedDate": "2025-01-24T17:15:12.747Z" }, { "VulnerabilityID": "CVE-2023-29403", "VendorIDs": [ "GO-2023-1840" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.19.10, 1.20.5", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29403", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c318c40a0a611e885cda10e51a384fdc124fd9a8dece3cb2f6d55df9a57eda4d", "Title": "golang: runtime: unexpected behavior of setuid/setgid binaries", "Description": "On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.", "Severity": "HIGH", "CweIDs": [ "CWE-668" ], "VendorSeverity": { "alma": 4, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 4, "photon": 3, "redhat": 3, "rocky": 4, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:3923", "https://access.redhat.com/security/cve/CVE-2023-29403", "https://bugzilla.redhat.com/2216965", "https://bugzilla.redhat.com/2217562", "https://bugzilla.redhat.com/2217565", "https://bugzilla.redhat.com/2217569", "https://bugzilla.redhat.com/show_bug.cgi?id=2216965", "https://bugzilla.redhat.com/show_bug.cgi?id=2217562", "https://bugzilla.redhat.com/show_bug.cgi?id=2217565", "https://bugzilla.redhat.com/show_bug.cgi?id=2217569", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29402", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29403", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29404", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29405", "https://errata.almalinux.org/9/ALSA-2023-3923.html", "https://errata.rockylinux.org/RLSA-2023:3923", "https://github.com/golang/go/commit/36144ba429ef2650940c72e7a0b932af3612d420 (go1.20.5)", "https://github.com/golang/go/commit/a7b1cd452ddc69a6606c2f35ac5786dc892e62cb (go1.19.10)", "https://github.com/golang/go/issues/60272", "https://go.dev/cl/501223", "https://go.dev/issue/60272", "https://groups.google.com/g/golang-announce/c/q5135a9d924", "https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ", "https://linux.oracle.com/cve/CVE-2023-29403.html", "https://linux.oracle.com/errata/ELSA-2023-3923.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZ2O6YCO2IZMZJELQGZYR2WAUNEDLYV6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBS3IIK6ADV24C5ULQU55QLT2UE762ZX/", "https://nvd.nist.gov/vuln/detail/CVE-2023-29403", "https://pkg.go.dev/vuln/GO-2023-1840", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20241220-0009/", "https://ubuntu.com/security/notices/USN-7061-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://www.cve.org/CVERecord?id=CVE-2023-29403" ], "PublishedDate": "2023-06-08T21:15:16.927Z", "LastModifiedDate": "2025-01-06T20:15:25.82Z" }, { "VulnerabilityID": "CVE-2023-39325", "VendorIDs": [ "GHSA-4374-p667-p6c8", "GO-2023-2102" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.20.10, 1.21.3", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39325", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:32f3ae9d667c42356b100251444303b7961e32422f764a487b7a8bf9be1b112f", "Title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)", "Description": "A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 2, "redhat": 3, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "golang.org/x/net", "https://access.redhat.com/errata/RHSA-2023:6077", "https://access.redhat.com/security/cve/CVE-2023-39325", "https://access.redhat.com/security/cve/CVE-2023-44487", "https://bugzilla.redhat.com/2242803", "https://bugzilla.redhat.com/2243296", "https://bugzilla.redhat.com/show_bug.cgi?id=2242803", "https://bugzilla.redhat.com/show_bug.cgi?id=2243296", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39325", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487", "https://errata.almalinux.org/9/ALSA-2023-6077.html", "https://errata.rockylinux.org/RLSA-2023:6077", "https://github.com/golang/go/commit/24ae2d927285c697440fdde3ad7f26028354bcf3 [golang- 1.21]", "https://github.com/golang/go/commit/e175f27f58aa7b9cd4d79607ae65d2cd5baaee68 [golang-1.20]", "https://github.com/golang/go/issues/63417", "https://go.dev/cl/534215", "https://go.dev/cl/534235", "https://go.dev/issue/63417", "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ", "https://linux.oracle.com/cve/CVE-2023-39325.html", "https://linux.oracle.com/errata/ELSA-2023-5867.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/", "https://nvd.nist.gov/vuln/detail/CVE-2023-39325", "https://pkg.go.dev/vuln/GO-2023-2102", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20231110-0008", "https://security.netapp.com/advisory/ntap-20231110-0008/", "https://ubuntu.com/security/notices/USN-6574-1", "https://ubuntu.com/security/notices/USN-7061-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", "https://www.cve.org/CVERecord?id=CVE-2023-39325" ], "PublishedDate": "2023-10-11T22:15:09.88Z", "LastModifiedDate": "2024-11-21T08:15:09.627Z" }, { "VulnerabilityID": "CVE-2023-45283", "VendorIDs": [ "GO-2023-2185" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.20.11, 1.21.4, 1.20.12, 1.21.5", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45283", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f181b31a0b2199ef517f005c9ed002a9ae262fb48388e66615df82ba5399c79b", "Title": "The filepath package does not recognize paths with a \\??\\ prefix as sp ...", "Description": "The filepath package does not recognize paths with a \\??\\ prefix as special. On Windows, a path beginning with \\??\\ is a Root Local Device path equivalent to a path beginning with \\\\?\\. Paths with a \\??\\ prefix may be used to access arbitrary locations on the system. For example, the path \\??\\c:\\x is equivalent to the more common path c:\\x. Before fix, Clean could convert a rooted path such as \\a\\..\\??\\b into the root local device path \\??\\b. Clean will now convert this to .\\??\\b. Similarly, Join(\\, ??, b) could convert a seemingly innocent sequence of path elements into the root local device path \\??\\b. Join will now convert this to \\.\\??\\b. In addition, with fix, IsAbs now correctly reports paths beginning with \\??\\ as absolute, and VolumeName correctly reports the \\??\\ prefix as a volume name. UPDATE: Go 1.20.11 and Go 1.21.4 inadvertently changed the definition of the volume name in Windows paths starting with \\?, resulting in filepath.Clean(\\?\\c:) returning \\?\\c: rather than \\?\\c:\\ (among other effects). The previous behavior has been restored.", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "amazon": 2, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "photon": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/12/05/2", "https://go.dev/cl/540277", "https://go.dev/cl/541175", "https://go.dev/issue/63713", "https://go.dev/issue/64028", "https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY", "https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ", "https://nvd.nist.gov/vuln/detail/CVE-2023-45283", "https://pkg.go.dev/vuln/GO-2023-2185", "https://security.netapp.com/advisory/ntap-20231214-0008/" ], "PublishedDate": "2023-11-09T17:15:08.757Z", "LastModifiedDate": "2024-11-21T08:26:41.567Z" }, { "VulnerabilityID": "CVE-2023-45287", "VendorIDs": [ "GO-2023-2375" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.20.0", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45287", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:a281efe4814305f41f4e9a85bb2afed9ea1d5961a3c90f2dd01ea7ad6a756cba", "Title": "golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges.", "Description": "Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS#1 padding may leak timing information, which in turn could be used to recover session key bits. In Go 1.20, the crypto/tls library switched to a fully constant time RSA implementation, which we do not believe exhibits any timing side channels.", "Severity": "HIGH", "CweIDs": [ "CWE-203" ], "VendorSeverity": { "alma": 2, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:2272", "https://access.redhat.com/security/cve/CVE-2023-45287", "https://bugzilla.redhat.com/2253193", "https://bugzilla.redhat.com/2253330", "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", "https://bugzilla.redhat.com/show_bug.cgi?id=2244340", "https://bugzilla.redhat.com/show_bug.cgi?id=2246840", "https://bugzilla.redhat.com/show_bug.cgi?id=2253193", "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", "https://bugzilla.redhat.com/show_bug.cgi?id=2262272", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39326", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650", "https://errata.almalinux.org/9/ALSA-2024-2272.html", "https://errata.rockylinux.org/RLSA-2024:2988", "https://go.dev/cl/326012/26", "https://go.dev/issue/20654", "https://groups.google.com/g/golang-announce/c/QMK8IQALDvA", "https://linux.oracle.com/cve/CVE-2023-45287.html", "https://linux.oracle.com/errata/ELSA-2024-2988.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-45287", "https://people.redhat.com/~hkario/marvin/", "https://pkg.go.dev/vuln/GO-2023-2375", "https://security.netapp.com/advisory/ntap-20240112-0005/", "https://www.cve.org/CVERecord?id=CVE-2023-45287" ], "PublishedDate": "2023-12-05T17:15:08.57Z", "LastModifiedDate": "2024-11-21T08:26:42.25Z" }, { "VulnerabilityID": "CVE-2023-45288", "VendorIDs": [ "GHSA-4v7x-pqxf-cx7m", "GO-2024-2687" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.21.9, 1.22.2", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45288", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f6be9f62129c24e80b5597380b940118bd36ed754f613d2fb0845717789a3f5e", "Title": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS", "Description": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.", "Severity": "HIGH", "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "ghsa": 2, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/04/03/16", "http://www.openwall.com/lists/oss-security/2024/04/05/4", "https://access.redhat.com/errata/RHSA-2024:2724", "https://access.redhat.com/security/cve/CVE-2023-45288", "https://bugzilla.redhat.com/2268017", "https://bugzilla.redhat.com/2268018", "https://bugzilla.redhat.com/2268019", "https://bugzilla.redhat.com/2268273", "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", "https://errata.almalinux.org/9/ALSA-2024-2724.html", "https://errata.rockylinux.org/RLSA-2024:2724", "https://go.dev/cl/576155", "https://go.dev/issue/65051", "https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M", "https://kb.cert.org/vuls/id/421644", "https://linux.oracle.com/cve/CVE-2023-45288.html", "https://linux.oracle.com/errata/ELSA-2024-3346.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/", "https://nowotarski.info/http2-continuation-flood-technical-details", "https://nowotarski.info/http2-continuation-flood/", "https://nvd.nist.gov/vuln/detail/CVE-2023-45288", "https://pkg.go.dev/vuln/GO-2024-2687", "https://security.netapp.com/advisory/ntap-20240419-0009", "https://security.netapp.com/advisory/ntap-20240419-0009/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2023-45288", "https://www.kb.cert.org/vuls/id/421644" ], "PublishedDate": "2024-04-04T21:15:16.113Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-34156", "VendorIDs": [ "GO-2024-3106" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.22.7, 1.23.1", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34156", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:37d8bcf0b840db0ef0ae42b284dbf936b2cca9cbd0f17d9b260c3a92eed4c881", "Title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion", "Description": "Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "Severity": "HIGH", "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:3773", "https://access.redhat.com/security/cve/CVE-2024-34156", "https://bugzilla.redhat.com/2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", "https://errata.almalinux.org/9/ALSA-2025-3773.html", "https://errata.rockylinux.org/RLSA-2025:3773", "https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7)", "https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1)", "https://go.dev/cl/611239", "https://go.dev/issue/69139", "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "https://linux.oracle.com/cve/CVE-2024-34156.html", "https://linux.oracle.com/errata/ELSA-2025-3773.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-34156", "https://pkg.go.dev/vuln/GO-2024-3106", "https://security.netapp.com/advisory/ntap-20240926-0004/", "https://ubuntu.com/security/notices/USN-7081-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-34156" ], "PublishedDate": "2024-09-06T21:15:12.02Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-61726", "VendorIDs": [ "GO-2026-4341" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61726", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:181c81d64a32e335780303fc7761d90274ebc76aff13fcf7cd9f49bed47ac1b4", "Title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url", "Description": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 3, "cbl-mariner": 2, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4177", "https://access.redhat.com/security/cve/CVE-2025-61726", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-4177.html", "https://errata.rockylinux.org/RLSA-2026:4177", "https://go.dev/cl/736712", "https://go.dev/issue/77101", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-61726.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61726", "https://pkg.go.dev/vuln/GO-2026-4341", "https://www.cve.org/CVERecord?id=CVE-2025-61726" ], "PublishedDate": "2026-01-28T20:16:09.713Z", "LastModifiedDate": "2026-02-06T18:47:34.52Z" }, { "VulnerabilityID": "CVE-2025-61729", "VendorIDs": [ "GO-2025-4155" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.24.11, 1.25.5", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61729", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:abe15e6f740d63febc0702199fa3be24f1647f94e0d2aeece2decf0c7cdd60c4", "Title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate", "Description": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 1, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:3928", "https://access.redhat.com/security/cve/CVE-2025-61729", "https://bugzilla.redhat.com/2418462", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-3928.html", "https://errata.rockylinux.org/RLSA-2026:3928", "https://go.dev/cl/725920", "https://go.dev/issue/76445", "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "https://linux.oracle.com/cve/CVE-2025-61729.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61729", "https://pkg.go.dev/vuln/GO-2025-4155", "https://www.cve.org/CVERecord?id=CVE-2025-61729" ], "PublishedDate": "2025-12-02T19:15:51.447Z", "LastModifiedDate": "2025-12-19T18:25:28.283Z" }, { "VulnerabilityID": "CVE-2026-25679", "VendorIDs": [ "GO-2026-4601" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.25.8, 1.26.1", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25679", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:5d811edcb18298105199bbdf6697cba230737a059a3cd8cc23efcc76f080a1a9", "Title": "net/url: Incorrect parsing of IPv6 host literals in net/url", "Description": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.", "Severity": "HIGH", "CweIDs": [ "CWE-425" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:9044", "https://access.redhat.com/security/cve/CVE-2026-25679", "https://bugzilla.redhat.com/2445356", "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", "https://errata.almalinux.org/9/ALSA-2026-9044.html", "https://errata.rockylinux.org/RLSA-2026:8841", "https://go.dev/cl/752180", "https://go.dev/issue/77578", "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "https://linux.oracle.com/cve/CVE-2026-25679.html", "https://linux.oracle.com/errata/ELSA-2026-9044.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", "https://pkg.go.dev/vuln/GO-2026-4601", "https://www.cve.org/CVERecord?id=CVE-2026-25679" ], "PublishedDate": "2026-03-06T22:16:00.72Z", "LastModifiedDate": "2026-04-21T14:43:03.8Z" }, { "VulnerabilityID": "CVE-2026-32280", "VendorIDs": [ "GO-2026-4947" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:7ba4c6d596d13262ce37232d2662abbf7ecae4b02510be295052cab82b3bdb7f", "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32280", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/758320", "https://go.dev/issue/78282", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32280.html", "https://linux.oracle.com/errata/ELSA-2026-16875.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", "https://pkg.go.dev/vuln/GO-2026-4947", "https://www.cve.org/CVERecord?id=CVE-2026-32280" ], "PublishedDate": "2026-04-08T02:16:03.247Z", "LastModifiedDate": "2026-04-16T19:16:42.18Z" }, { "VulnerabilityID": "CVE-2026-32281", "VendorIDs": [ "GO-2026-4946" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:e56849be0f1dce8c8b91afbb9346e451bb9970fa48251c32ce9015cafb71d70b", "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32281", "https://go.dev/cl/758061", "https://go.dev/issue/78281", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", "https://pkg.go.dev/vuln/GO-2026-4946", "https://www.cve.org/CVERecord?id=CVE-2026-32281" ], "PublishedDate": "2026-04-08T02:16:03.35Z", "LastModifiedDate": "2026-04-16T19:15:57.75Z" }, { "VulnerabilityID": "CVE-2026-32283", "VendorIDs": [ "GO-2026-4870" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:6f3c01031a807df8cbc956c45d9f624dfe330b46a6ce5a21b3029d5662a0dfc5", "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "nvd": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32283", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763767", "https://go.dev/issue/78334", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32283.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", "https://pkg.go.dev/vuln/GO-2026-4870", "https://www.cve.org/CVERecord?id=CVE-2026-32283" ], "PublishedDate": "2026-04-08T02:16:03.58Z", "LastModifiedDate": "2026-04-16T19:12:10.54Z" }, { "VulnerabilityID": "CVE-2026-33811", "VendorIDs": [ "GO-2026-4981" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:83120e85f61a7c54b012cbcdaafa3983ab5a5f45943d3f7e789dd43f232c5625", "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", "Severity": "HIGH", "CweIDs": [ "CWE-415" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/767860", "https://go.dev/issue/78803", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", "https://pkg.go.dev/vuln/GO-2026-4981" ], "PublishedDate": "2026-05-07T20:16:42.77Z", "LastModifiedDate": "2026-05-12T20:23:02.333Z" }, { "VulnerabilityID": "CVE-2026-33814", "VendorIDs": [ "GO-2026-4918" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:4f45024d3fd77f6e8ceb3121c8db4ceb6ceec9766749095125b24bc44ca97f85", "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", "Severity": "HIGH", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/761581", "https://go.dev/cl/761640", "https://go.dev/issue/78476", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", "https://pkg.go.dev/vuln/GO-2026-4918" ], "PublishedDate": "2026-05-07T20:16:42.88Z", "LastModifiedDate": "2026-05-13T14:41:59.52Z" }, { "VulnerabilityID": "CVE-2026-39820", "VendorIDs": [ "GO-2026-4986" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:248ea6931e7670cfdab2dab79cab4bed8ed1cd3c9f66c8c7535f0ae4fb47a67d", "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/759940", "https://go.dev/issue/78566", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", "https://pkg.go.dev/vuln/GO-2026-4986" ], "PublishedDate": "2026-05-07T20:16:43.187Z", "LastModifiedDate": "2026-05-13T15:10:58.65Z" }, { "VulnerabilityID": "CVE-2026-39836", "VendorIDs": [ "GO-2026-4971" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:76929011b788af6a3291a3b5100a0ceec6807048039ca552c55c6ddb11518ee8", "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/775320", "https://go.dev/issue/79006", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", "https://pkg.go.dev/vuln/GO-2026-4971" ], "PublishedDate": "2026-05-07T20:16:43.593Z", "LastModifiedDate": "2026-05-13T15:11:10.31Z" }, { "VulnerabilityID": "CVE-2026-42499", "VendorIDs": [ "GO-2026-4977" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:bc0c240af7bad79be8cc558195a2eacaaaf3e3e47179c7cca74bb686050b4c7d", "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", "Severity": "HIGH", "VendorSeverity": { "bitnami": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/771520", "https://go.dev/issue/78987", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", "https://pkg.go.dev/vuln/GO-2026-4977" ], "PublishedDate": "2026-05-07T20:16:44.54Z", "LastModifiedDate": "2026-05-13T16:59:17.563Z" }, { "VulnerabilityID": "CVE-2023-24532", "VendorIDs": [ "GO-2023-1621" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.19.7, 1.20.2", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24532", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:29671bca4f9eb6693c2d8d3f38cc67c380adb1b80a302cb311917ab32ae42cec", "Title": "golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results", "Description": "The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages of crypto/ecdsa or crypto/ecdh.", "Severity": "MEDIUM", "CweIDs": [ "CWE-682" ], "VendorSeverity": { "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-24532", "https://go.dev/cl/471255", "https://go.dev/issue/58647", "https://groups.google.com/g/golang-announce/c/3-TpUx48iQY", "https://nvd.nist.gov/vuln/detail/CVE-2023-24532", "https://pkg.go.dev/vuln/GO-2023-1621", "https://security.netapp.com/advisory/ntap-20230331-0011/", "https://www.cve.org/CVERecord?id=CVE-2023-24532" ], "PublishedDate": "2023-03-08T20:15:09.413Z", "LastModifiedDate": "2024-11-21T07:48:04.383Z" }, { "VulnerabilityID": "CVE-2023-29406", "VendorIDs": [ "GO-2023-1878" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.19.11, 1.20.6", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29406", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:38e3f306d927d80632017510da112f9ce1b1bedbf99016453c9662b589b3cd32", "Title": "golang: net/http: insufficient sanitization of Host header", "Description": "The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.", "Severity": "MEDIUM", "CweIDs": [ "CWE-436" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "V3Score": 6.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2023-29406", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2242871", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:7202", "https://github.com/golang/go/commit/312920c00aac9897b2a0693e752390b5b0711a5a (go1.20.6)", "https://github.com/golang/go/commit/5fa6923b1ea891400153d04ddf1545e23b40041b (go1.19.11)", "https://github.com/golang/go/issues/60374", "https://go.dev/cl/506996", "https://go.dev/issue/60374", "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0", "https://linux.oracle.com/cve/CVE-2023-29406.html", "https://linux.oracle.com/errata/ELSA-2023-7202.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-29406", "https://pkg.go.dev/vuln/GO-2023-1878", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20230814-0002/", "https://ubuntu.com/security/notices/USN-7061-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://www.cve.org/CVERecord?id=CVE-2023-29406" ], "PublishedDate": "2023-07-11T20:15:10.643Z", "LastModifiedDate": "2024-11-21T07:56:59.913Z" }, { "VulnerabilityID": "CVE-2023-29409", "VendorIDs": [ "GO-2023-1987" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.19.12, 1.20.7, 1.21.0-rc.4", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29409", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:4d5f55332c355531dd1f13f52555279ea58f0e77a154b78d2831f65bdef27718", "Title": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys", "Description": "Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to \u003c= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable.", "Severity": "MEDIUM", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:7766", "https://access.redhat.com/security/cve/CVE-2023-29409", "https://bugzilla.redhat.com/2228743", "https://bugzilla.redhat.com/2237773", "https://bugzilla.redhat.com/2237776", "https://bugzilla.redhat.com/2237777", "https://bugzilla.redhat.com/2237778", "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", "https://bugzilla.redhat.com/show_bug.cgi?id=2244340", "https://bugzilla.redhat.com/show_bug.cgi?id=2246840", "https://bugzilla.redhat.com/show_bug.cgi?id=2253193", "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", "https://bugzilla.redhat.com/show_bug.cgi?id=2262272", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39326", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650", "https://errata.almalinux.org/9/ALSA-2023-7766.html", "https://errata.rockylinux.org/RLSA-2024:2988", "https://go.dev/cl/515257", "https://go.dev/issue/61460", "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ", "https://linux.oracle.com/cve/CVE-2023-29409.html", "https://linux.oracle.com/errata/ELSA-2024-2988.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-29409", "https://pkg.go.dev/vuln/GO-2023-1987", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20230831-0010/", "https://www.cve.org/CVERecord?id=CVE-2023-29409" ], "PublishedDate": "2023-08-02T20:15:11.94Z", "LastModifiedDate": "2024-11-21T07:57:00.287Z" }, { "VulnerabilityID": "CVE-2023-39318", "VendorIDs": [ "GO-2023-2041" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.20.8, 1.21.1", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39318", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:5068dedd2bdbac42f4ffb3fa94bd0e312cc32031f1a05c5040539212088c5b2b", "Title": "golang: html/template: improper handling of HTML-like comments within script contexts", "Description": "The html/template package does not properly handle HTML-like \"\" comment tokens, nor hashbang \"#!\" comment tokens, in \u003cscript\u003e contexts. This may cause the template parser to improperly interpret the contents of \u003cscript\u003e contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:2160", "https://access.redhat.com/security/cve/CVE-2023-39318", "https://bugzilla.redhat.com/2237773", "https://bugzilla.redhat.com/2237776", "https://bugzilla.redhat.com/2253330", "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", "https://bugzilla.redhat.com/show_bug.cgi?id=2244340", "https://bugzilla.redhat.com/show_bug.cgi?id=2246840", "https://bugzilla.redhat.com/show_bug.cgi?id=2253193", "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", "https://bugzilla.redhat.com/show_bug.cgi?id=2262272", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39326", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650", "https://errata.almalinux.org/9/ALSA-2024-2160.html", "https://errata.rockylinux.org/RLSA-2024:2988", "https://github.com/golang/go/commit/023b542edf38e2a1f87fcefb9f75ff2f99401b4c (go1.20.8)", "https://github.com/golang/go/commit/b0e1d3ea26e8e8fce7726690c9ef0597e60739fb (go1.21.1)", "https://go.dev/cl/526156", "https://go.dev/issue/62196", "https://groups.google.com/g/golang-announce/c/Fm51GRLNRvM", "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", "https://linux.oracle.com/cve/CVE-2023-39318.html", "https://linux.oracle.com/errata/ELSA-2024-2988.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-39318", "https://pkg.go.dev/vuln/GO-2023-2041", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20231020-0009/", "https://ubuntu.com/security/notices/USN-6574-1", "https://ubuntu.com/security/notices/USN-7061-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://vuln.go.dev/ID/GO-2023-2041.json", "https://www.cve.org/CVERecord?id=CVE-2023-39318" ], "PublishedDate": "2023-09-08T17:15:27.823Z", "LastModifiedDate": "2024-11-21T08:15:08.737Z" }, { "VulnerabilityID": "CVE-2023-39319", "VendorIDs": [ "GO-2023-2043" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.20.8, 1.21.1", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39319", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:e4d6e843468339cde7a767bb38d37de85cfc1d9e662b67545087b4d46fead81f", "Title": "golang: html/template: improper handling of special tags within script contexts", "Description": "The html/template package does not apply the proper rules for handling occurrences of \"\u003cscript\", \"\u003c!--\", and \"\u003c/script\" within JS literals in \u003cscript\u003e contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:2160", "https://access.redhat.com/security/cve/CVE-2023-39319", "https://bugzilla.redhat.com/2237773", "https://bugzilla.redhat.com/2237776", "https://bugzilla.redhat.com/2253330", "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", "https://bugzilla.redhat.com/show_bug.cgi?id=2244340", "https://bugzilla.redhat.com/show_bug.cgi?id=2246840", "https://bugzilla.redhat.com/show_bug.cgi?id=2253193", "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", "https://bugzilla.redhat.com/show_bug.cgi?id=2262272", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39326", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650", "https://errata.almalinux.org/9/ALSA-2024-2160.html", "https://errata.rockylinux.org/RLSA-2024:2988", "https://github.com/golang/go/commit/2070531d2f53df88e312edace6c8dfc9686ab2f5 (go1.20.8)", "https://github.com/golang/go/commit/bbd043ff0d6d59f1a9232d31ecd5eacf6507bf6a (go1.21.1)", "https://go.dev/cl/526157", "https://go.dev/issue/62197", "https://groups.google.com/g/golang-announce/c/Fm51GRLNRvM", "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", "https://linux.oracle.com/cve/CVE-2023-39319.html", "https://linux.oracle.com/errata/ELSA-2024-2988.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-39319", "https://pkg.go.dev/vuln/GO-2023-2043", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20231020-0009/", "https://ubuntu.com/security/notices/USN-6574-1", "https://ubuntu.com/security/notices/USN-7061-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://vuln.go.dev/ID/GO-2023-2043.json", "https://www.cve.org/CVERecord?id=CVE-2023-39319" ], "PublishedDate": "2023-09-08T17:15:27.91Z", "LastModifiedDate": "2024-11-21T08:15:08.89Z" }, { "VulnerabilityID": "CVE-2023-39326", "VendorIDs": [ "GO-2023-2382" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.20.12, 1.21.5", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39326", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:41179a56d694ad09d1ddc67c1fc96f31b62f79bce42b1744f42d4ffde2c0866e", "Title": "golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests", "Description": "A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:2272", "https://access.redhat.com/security/cve/CVE-2023-39326", "https://bugzilla.redhat.com/2253193", "https://bugzilla.redhat.com/2253330", "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", "https://bugzilla.redhat.com/show_bug.cgi?id=2244340", "https://bugzilla.redhat.com/show_bug.cgi?id=2246840", "https://bugzilla.redhat.com/show_bug.cgi?id=2253193", "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", "https://bugzilla.redhat.com/show_bug.cgi?id=2262272", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39326", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650", "https://errata.almalinux.org/9/ALSA-2024-2272.html", "https://errata.rockylinux.org/RLSA-2024:2988", "https://github.com/golang/go/commit/6446af942e2e2b161c4ec1b60d9703a2b55dc4dd (go1.20.12)", "https://github.com/golang/go/commit/ec8c526e4be720e94b98ca509e6364f0efaf28f7 (go1.21.5)", "https://go.dev/cl/547335", "https://go.dev/issue/64433", "https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ", "https://linux.oracle.com/cve/CVE-2023-39326.html", "https://linux.oracle.com/errata/ELSA-2024-2988.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UIU6HOGV6RRIKWM57LOXQA75BGZSIH6G/", "https://nvd.nist.gov/vuln/detail/CVE-2023-39326", "https://pkg.go.dev/vuln/GO-2023-2382", "https://ubuntu.com/security/notices/USN-6574-1", "https://www.cve.org/CVERecord?id=CVE-2023-39326" ], "PublishedDate": "2023-12-06T17:15:07.147Z", "LastModifiedDate": "2024-11-21T08:15:09.89Z" }, { "VulnerabilityID": "CVE-2023-45284", "VendorIDs": [ "GO-2023-2186" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.20.11, 1.21.4", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45284", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:224aa7cafc846f9e8320ccee4b9e4ff4b77f2a7d0c1ea5ced378ea0ee75a61f3", "Title": "On Windows, The IsLocal function does not correctly detect reserved de ...", "Description": "On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as \"COM1 \", and reserved names \"COM\" and \"LPT\" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "photon": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://go.dev/cl/540277", "https://go.dev/issue/63713", "https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY", "https://nvd.nist.gov/vuln/detail/CVE-2023-45284", "https://pkg.go.dev/vuln/GO-2023-2186" ], "PublishedDate": "2023-11-09T17:15:08.813Z", "LastModifiedDate": "2024-11-21T08:26:41.737Z" }, { "VulnerabilityID": "CVE-2023-45289", "VendorIDs": [ "GO-2024-2600" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.21.8, 1.22.1", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45289", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:70cd8eea89882d751fcc2faeb412709535d7586c7afac25c554cf7eb435dc09a", "Title": "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect", "Description": "When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 3, "amazon": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "V3Score": 4.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/08/4", "https://access.redhat.com/errata/RHSA-2024:2724", "https://access.redhat.com/security/cve/CVE-2023-45289", "https://bugzilla.redhat.com/2268017", "https://bugzilla.redhat.com/2268018", "https://bugzilla.redhat.com/2268019", "https://bugzilla.redhat.com/2268273", "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", "https://errata.almalinux.org/9/ALSA-2024-2724.html", "https://errata.rockylinux.org/RLSA-2024:2724", "https://github.com/golang/go/commit/20586c0dbe03d144f914155f879fa5ee287591a1 (go1.21.8)", "https://github.com/golang/go/commit/3a855208e3efed2e9d7c20ad023f1fa78afcc0be (go1.22.1)", "https://github.com/golang/go/issues/65065", "https://go.dev/cl/569340", "https://go.dev/issue/65065", "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "https://linux.oracle.com/cve/CVE-2023-45289.html", "https://linux.oracle.com/errata/ELSA-2024-3346.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-45289", "https://pkg.go.dev/vuln/GO-2024-2600", "https://security.netapp.com/advisory/ntap-20240329-0006/", "https://ubuntu.com/security/notices/USN-6886-1", "https://www.cve.org/CVERecord?id=CVE-2023-45289" ], "PublishedDate": "2024-03-05T23:15:07.137Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2023-45290", "VendorIDs": [ "GO-2024-2599" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.21.8, 1.22.1", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45290", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:e31c5afe6927f3943c4a81abe6a9624cfa8561345ed7c0a8276192d95a2a31d5", "Title": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm", "Description": "When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 2, "amazon": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/08/4", "https://access.redhat.com/errata/RHSA-2024:9135", "https://access.redhat.com/security/cve/CVE-2023-45290", "https://bugzilla.redhat.com/2268017", "https://bugzilla.redhat.com/2268022", "https://bugzilla.redhat.com/2279814", "https://bugzilla.redhat.com/2295310", "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24785", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", "https://errata.almalinux.org/9/ALSA-2024-9135.html", "https://errata.rockylinux.org/RLSA-2024:9135", "https://github.com/golang/go/commit/041a47712e765e94f86d841c3110c840e76d8f82 (go1.22.1)", "https://github.com/golang/go/commit/bf80213b121074f4ad9b449410a4d13bae5e9be0 (go1.21.8)", "https://github.com/golang/go/issues/65383", "https://go.dev/cl/569341", "https://go.dev/issue/65383", "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "https://linux.oracle.com/cve/CVE-2023-45290.html", "https://linux.oracle.com/errata/ELSA-2024-8038.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-45290", "https://pkg.go.dev/vuln/GO-2024-2599", "https://security.netapp.com/advisory/ntap-20240329-0004", "https://security.netapp.com/advisory/ntap-20240329-0004/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2023-45290" ], "PublishedDate": "2024-03-05T23:15:07.21Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-24783", "VendorIDs": [ "GO-2024-2598" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.21.8, 1.22.1", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24783", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c94893d8d04872a7a9ed7cfb56b0171957f4bdd080870a84754b9ff979de3592", "Title": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm", "Description": "Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 2, "amazon": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/08/4", "https://access.redhat.com/errata/RHSA-2024:6195", "https://access.redhat.com/security/cve/CVE-2024-24783", "https://bugzilla.redhat.com/2268019", "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", "https://errata.almalinux.org/9/ALSA-2024-6195.html", "https://errata.rockylinux.org/RLSA-2024:2724", "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp", "https://github.com/golang/go/commit/337b8e9cbfa749d9d5c899e0dc358e2208d5e54f (go1.22.1)", "https://github.com/golang/go/commit/be5b52bea674190ef7de272664be6c7ae93ec5a0 (go1.21.8)", "https://github.com/golang/go/issues/65390", "https://go.dev/cl/569339", "https://go.dev/issue/65390", "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "https://linux.oracle.com/cve/CVE-2024-24783.html", "https://linux.oracle.com/errata/ELSA-2024-6969.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-24783", "https://pkg.go.dev/vuln/GO-2024-2598", "https://security.netapp.com/advisory/ntap-20240329-0005", "https://security.netapp.com/advisory/ntap-20240329-0005/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-24783" ], "PublishedDate": "2024-03-05T23:15:07.683Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-24784", "VendorIDs": [ "GO-2024-2609" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.21.8, 1.22.1", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24784", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:49b7957f7b2c18863c9e96dc47db5f04708fd4aeb38d35e5ea62473fa761aa4c", "Title": "golang: net/mail: comments in display names are incorrectly handled", "Description": "The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 3, "amazon": 2, "bitnami": 3, "cbl-mariner": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/08/4", "https://access.redhat.com/errata/RHSA-2024:2562", "https://access.redhat.com/security/cve/CVE-2024-24784", "https://bugzilla.redhat.com/2262921", "https://bugzilla.redhat.com/2268017", "https://bugzilla.redhat.com/2268018", "https://bugzilla.redhat.com/2268019", "https://bugzilla.redhat.com/2268021", "https://bugzilla.redhat.com/2268022", "https://bugzilla.redhat.com/2268273", "https://bugzilla.redhat.com/show_bug.cgi?id=2262921", "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", "https://bugzilla.redhat.com/show_bug.cgi?id=2268021", "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1394", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24784", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24785", "https://errata.almalinux.org/9/ALSA-2024-2562.html", "https://errata.rockylinux.org/RLSA-2024:2562", "https://github.com/golang/go/commit/263c059b09fdd40d9dd945f2ecb20c89ea28efe5 (go1.21.8)", "https://github.com/golang/go/commit/5330cd225ba54c7dc78c1b46dcdf61a4671a632c (go1.22.1)", "https://github.com/golang/go/issues/65083", "https://go.dev/cl/555596", "https://go.dev/issue/65083", "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "https://linux.oracle.com/cve/CVE-2024-24784.html", "https://linux.oracle.com/errata/ELSA-2024-6969.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-24784", "https://pkg.go.dev/vuln/GO-2024-2609", "https://security.netapp.com/advisory/ntap-20240329-0007/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-24784" ], "PublishedDate": "2024-03-05T23:15:07.733Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-24785", "VendorIDs": [ "GO-2024-2610" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.21.8, 1.22.1", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24785", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:cee21c20d0d01583b7478be478d26da0beed4077249a0a9e4523d28727a5c8db", "Title": "golang: html/template: errors returned from MarshalJSON methods may break template escaping", "Description": "If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "V3Score": 5.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/08/4", "https://access.redhat.com/errata/RHSA-2024:9135", "https://access.redhat.com/security/cve/CVE-2024-24785", "https://bugzilla.redhat.com/2268017", "https://bugzilla.redhat.com/2268022", "https://bugzilla.redhat.com/2279814", "https://bugzilla.redhat.com/2295310", "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24785", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", "https://errata.almalinux.org/9/ALSA-2024-9135.html", "https://errata.rockylinux.org/RLSA-2024:9135", "https://github.com/golang/go/commit/056b0edcb8c152152021eebf4cf42adbfbe77992 (go1.22.1)", "https://github.com/golang/go/commit/3643147a29352ca2894fd5d0d2069bc4b4335a7e (go1.21.8)", "https://github.com/golang/go/issues/65697", "https://go.dev/cl/564196", "https://go.dev/issue/65697", "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "https://linux.oracle.com/cve/CVE-2024-24785.html", "https://linux.oracle.com/errata/ELSA-2026-3428.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-24785", "https://pkg.go.dev/vuln/GO-2024-2610", "https://security.netapp.com/advisory/ntap-20240329-0008/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7061-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://vuln.go.dev/ID/GO-2024-2610.json", "https://www.cve.org/CVERecord?id=CVE-2024-24785" ], "PublishedDate": "2024-03-05T23:15:07.777Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-24789", "VendorIDs": [ "GO-2024-2888" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.21.11, 1.22.4", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24789", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:fba2082adce1e9d10e95bb8cf345b7f44868fa938996d5a40297d9b6b728705e", "Title": "golang: archive/zip: Incorrect handling of certain ZIP files", "Description": "The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/06/04/1", "https://access.redhat.com/errata/RHSA-2024:9115", "https://access.redhat.com/security/cve/CVE-2024-24789", "https://bugzilla.redhat.com/2279814", "https://bugzilla.redhat.com/2292668", "https://bugzilla.redhat.com/2292787", "https://bugzilla.redhat.com/2294000", "https://bugzilla.redhat.com/2295310", "https://bugzilla.redhat.com/show_bug.cgi?id=2144983", "https://bugzilla.redhat.com/show_bug.cgi?id=2274767", "https://bugzilla.redhat.com/show_bug.cgi?id=2292668", "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4122", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24789", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3727", "https://errata.almalinux.org/9/ALSA-2024-9115.html", "https://errata.rockylinux.org/RLSA-2024:9102", "https://github.com/golang/go/commit/c8e40338cf00f3c1d86c8fb23863ad67a4c72bcc (1.21)", "https://github.com/golang/go/commit/cf501ac0c5fe351a8582d20b43562027927906e7 (1.22)", "https://github.com/golang/go/issues/66869", "https://go.dev/cl/585397", "https://go.dev/issue/66869", "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k", "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ", "https://linux.oracle.com/cve/CVE-2024-24789.html", "https://linux.oracle.com/errata/ELSA-2024-9115.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5YAEIA6IUHUNGJ7AIXXPQT6D2GYENX7/", "https://nvd.nist.gov/vuln/detail/CVE-2024-24789", "https://pkg.go.dev/vuln/GO-2024-2888", "https://security.netapp.com/advisory/ntap-20250131-0008/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-24789" ], "PublishedDate": "2024-06-05T16:15:10.47Z", "LastModifiedDate": "2025-01-31T15:15:12.74Z" }, { "VulnerabilityID": "CVE-2024-24791", "VendorIDs": [ "GO-2024-2963" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.21.12, 1.22.5", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24791", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:a338a1059fbb3495f90b1e1a875395f2887aef6aa80aa35ff9024cb41d7b3c36", "Title": "net/http: Denial of service due to improper 100-continue handling in net/http", "Description": "The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an \"Expect: 100-continue\" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending \"Expect: 100-continue\" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "bitnami": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:7256", "https://access.redhat.com/security/cve/CVE-2024-24791", "https://bugzilla.redhat.com/2237777", "https://bugzilla.redhat.com/2237778", "https://bugzilla.redhat.com/2279814", "https://bugzilla.redhat.com/2292787", "https://bugzilla.redhat.com/2295310", "https://bugzilla.redhat.com/2315719", "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", "https://bugzilla.redhat.com/show_bug.cgi?id=2292787", "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", "https://bugzilla.redhat.com/show_bug.cgi?id=2315719", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9355", "https://errata.almalinux.org/9/ALSA-2025-7256.html", "https://errata.rockylinux.org/RLSA-2025:7256", "https://go.dev/cl/591255", "https://go.dev/issue/67555", "https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ", "https://linux.oracle.com/cve/CVE-2024-24791.html", "https://linux.oracle.com/errata/ELSA-2025-7256.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-24791", "https://pkg.go.dev/vuln/GO-2024-2963", "https://security.netapp.com/advisory/ntap-20241004-0004/", "https://ubuntu.com/security/notices/USN-7081-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-24791" ], "PublishedDate": "2024-07-02T22:15:04.833Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-34155", "VendorIDs": [ "GO-2024-3105" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.22.7, 1.23.1", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34155", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f62137d5251fcb141fc8399085898bcc5fb8643b0f533ab1408f0bc14be49687", "Title": "go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion", "Description": "Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 4.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:9459", "https://access.redhat.com/security/cve/CVE-2024-34155", "https://bugzilla.redhat.com/2310527", "https://bugzilla.redhat.com/2310528", "https://bugzilla.redhat.com/2310529", "https://bugzilla.redhat.com/2315691", "https://bugzilla.redhat.com/2315887", "https://bugzilla.redhat.com/2317458", "https://bugzilla.redhat.com/2317467", "https://bugzilla.redhat.com/show_bug.cgi?id=2310527", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2310529", "https://bugzilla.redhat.com/show_bug.cgi?id=2315691", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341", "https://errata.almalinux.org/9/ALSA-2024-9459.html", "https://errata.rockylinux.org/RLSA-2024:8039", "https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1)", "https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7)", "https://go.dev/cl/611238", "https://go.dev/issue/69138", "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "https://linux.oracle.com/cve/CVE-2024-34155.html", "https://linux.oracle.com/errata/ELSA-2024-9459.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-34155", "https://pkg.go.dev/vuln/GO-2024-3105", "https://security.netapp.com/advisory/ntap-20240926-0005/", "https://ubuntu.com/security/notices/USN-7081-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-34155" ], "PublishedDate": "2024-09-06T21:15:11.947Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-34158", "VendorIDs": [ "GO-2024-3107" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.22.7, 1.23.1", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34158", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:ae51e5d43fb278b56e41b3c170cdaf2711319f66578e4bfedc28c8d427174617", "Title": "go/build/constraint: golang: Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion", "Description": "Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.", "Severity": "MEDIUM", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:7118", "https://access.redhat.com/security/cve/CVE-2024-34158", "https://bugzilla.redhat.com/2262921", "https://bugzilla.redhat.com/2310529", "https://bugzilla.redhat.com/2315719", "https://bugzilla.redhat.com/show_bug.cgi?id=2310527", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2310529", "https://bugzilla.redhat.com/show_bug.cgi?id=2315691", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341", "https://errata.almalinux.org/9/ALSA-2025-7118.html", "https://errata.rockylinux.org/RLSA-2024:8039", "https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1)", "https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7)", "https://go.dev/cl/611240", "https://go.dev/issue/69141", "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "https://linux.oracle.com/cve/CVE-2024-34158.html", "https://linux.oracle.com/errata/ELSA-2025-7118.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-34158", "https://pkg.go.dev/vuln/GO-2024-3107", "https://security.netapp.com/advisory/ntap-20241004-0003/", "https://ubuntu.com/security/notices/USN-7081-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-34158" ], "PublishedDate": "2024-09-06T21:15:12.083Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-45336", "VendorIDs": [ "GO-2025-3420" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.22.11, 1.23.5, 1.24.0-rc.2", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-45336", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c14ef97ec56baf2619235292569636b8f123c7f0cc112f0b4c01a95499c2295d", "Title": "golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect", "Description": "The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "bitnami": 2, "cbl-mariner": 3, "oracle-oval": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:3772", "https://access.redhat.com/security/cve/CVE-2024-45336", "https://bugzilla.redhat.com/2341750", "https://bugzilla.redhat.com/2341751", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", "https://errata.almalinux.org/8/ALSA-2025-3772.html", "https://errata.rockylinux.org/RLSA-2025:3773", "https://github.com/golang/go/issues/70530", "https://go.dev/cl/643100", "https://go.dev/issue/70530", "https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI", "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ", "https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ", "https://linux.oracle.com/cve/CVE-2024-45336.html", "https://linux.oracle.com/errata/ELSA-2025-7592.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-45336", "https://pkg.go.dev/vuln/GO-2025-3420", "https://security.netapp.com/advisory/ntap-20250221-0003/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2024-45336" ], "PublishedDate": "2025-01-28T02:15:28.807Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-0913", "VendorIDs": [ "GO-2025-3750" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.23.10, 1.24.4", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:14ddebbee470370c02c409a533d7ea4a592dad4b8c1c98a240858f92d196810b", "Title": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", "Description": "os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 } }, "References": [ "https://go.dev/cl/672396", "https://go.dev/issue/73702", "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "https://nvd.nist.gov/vuln/detail/CVE-2025-0913", "https://pkg.go.dev/vuln/GO-2025-3750" ], "PublishedDate": "2025-06-11T18:15:24.627Z", "LastModifiedDate": "2025-08-08T14:53:03.55Z" }, { "VulnerabilityID": "CVE-2025-22866", "VendorIDs": [ "GO-2025-3447" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.22.12, 1.23.6, 1.24.0-rc.3", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22866", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:fdab53a51469005bfd93892d21e0dc7586862838f05b58c7a4102b9104683122", "Title": "crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec", "Description": "Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.", "Severity": "MEDIUM", "VendorSeverity": { "bitnami": 2, "oracle-oval": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22866", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", "https://errata.rockylinux.org/RLSA-2025:3773", "https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12)", "https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6)", "https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3)", "https://github.com/golang/go/issues/71383", "https://go.dev/cl/643735", "https://go.dev/issue/71383", "https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k", "https://linux.oracle.com/cve/CVE-2025-22866.html", "https://linux.oracle.com/errata/ELSA-2025-7466.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-22866", "https://pkg.go.dev/vuln/GO-2025-3447", "https://security.netapp.com/advisory/ntap-20250221-0002/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-22866" ], "PublishedDate": "2025-02-06T17:15:21.41Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-22870", "VendorIDs": [ "GHSA-qxp5-gwg8-xv66", "GO-2025-3503" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.23.7, 1.24.1", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:2907e9ab9b01a306610b07f7cea441309f05d427c9abfcc859c3e6d8605e772a", "Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", "Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.", "Severity": "MEDIUM", "CweIDs": [ "CWE-115" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/03/07/2", "https://access.redhat.com/security/cve/CVE-2025-22870", "https://github.com/golang/go/issues/71984", "https://go-review.googlesource.com/q/project:net", "https://go.dev/cl/654697", "https://go.dev/issue/71984", "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", "https://nvd.nist.gov/vuln/detail/CVE-2025-22870", "https://pkg.go.dev/vuln/GO-2025-3503", "https://security.netapp.com/advisory/ntap-20250509-0007", "https://security.netapp.com/advisory/ntap-20250509-0007/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-22870" ], "PublishedDate": "2025-03-12T19:15:38.31Z", "LastModifiedDate": "2026-04-16T23:16:32.86Z" }, { "VulnerabilityID": "CVE-2025-22871", "VendorIDs": [ "GO-2025-3563" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.23.8, 1.24.2", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22871", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:28fbf2d6b32cb8c3fd90e4177de755d5fbb8509f117c5561d95b1fc490b889ed", "Title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http", "Description": "The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 4, "cbl-mariner": 3, "ghsa": 4, "oracle-oval": 2, "photon": 4, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/04/4", "https://access.redhat.com/errata/RHSA-2025:9635", "https://access.redhat.com/security/cve/CVE-2025-22871", "https://bugzilla.redhat.com/2358493", "https://bugzilla.redhat.com/show_bug.cgi?id=2358493", "https://cert-portal.siemens.com/productcert/html/ssa-783943.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871", "https://errata.almalinux.org/9/ALSA-2025-9635.html", "https://errata.rockylinux.org/RLSA-2025:9635", "https://github.com/roadrunner-server/roadrunner", "https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa", "https://github.com/roadrunner-server/roadrunner/issues/2166", "https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0", "https://go.dev/cl/652998", "https://go.dev/issue/71988", "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk", "https://linux.oracle.com/cve/CVE-2025-22871.html", "https://linux.oracle.com/errata/ELSA-2025-9845.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-22871", "https://pkg.go.dev/vuln/GO-2025-3563", "https://www.cve.org/CVERecord?id=CVE-2025-22871" ], "PublishedDate": "2025-04-08T20:15:20.183Z", "LastModifiedDate": "2026-05-12T13:16:39.897Z" }, { "VulnerabilityID": "CVE-2025-22873", "VendorIDs": [ "GO-2026-4403" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.23.9, 1.24.3", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22873", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:00d7abccbe5efbc0f96ae5f671a7af06d8ccdee974d39f5944c3cce4748da71e", "Title": "os: os: Information disclosure via path traversal using specially crafted filenames", "Description": "It was possible to improperly access the parent directory of an os.Root by opening a filename ending in \"../\". For example, Root.Open(\"../\") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.", "Severity": "MEDIUM", "CweIDs": [ "CWE-23" ], "VendorSeverity": { "amazon": 2, "bitnami": 1, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "V3Score": 3.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/05/06/2", "https://access.redhat.com/security/cve/CVE-2025-22873", "https://go.dev/cl/670036", "https://go.dev/issue/73555", "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ", "https://nvd.nist.gov/vuln/detail/CVE-2025-22873", "https://pkg.go.dev/vuln/GO-2026-4403", "https://www.cve.org/CVERecord?id=CVE-2025-22873" ], "PublishedDate": "2026-02-04T23:15:54.22Z", "LastModifiedDate": "2026-02-10T15:16:40.057Z" }, { "VulnerabilityID": "CVE-2025-4673", "VendorIDs": [ "GO-2025-3751" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.23.10, 1.24.4", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:5c91e4fd9a76acfe823b6e3fec59ef1a1cc667a1960f73203cce377535c3b1fd", "Title": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", "Description": "Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "V3Score": 6.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "V3Score": 6.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:15887", "https://access.redhat.com/security/cve/CVE-2025-4673", "https://bugzilla.redhat.com/2373305", "https://bugzilla.redhat.com/show_bug.cgi?id=2373305", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673", "https://errata.almalinux.org/9/ALSA-2025-15887.html", "https://errata.rockylinux.org/RLSA-2025:15887", "https://go.dev/cl/679257", "https://go.dev/issue/73816", "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "https://linux.oracle.com/cve/CVE-2025-4673.html", "https://linux.oracle.com/errata/ELSA-2025-10677.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-4673", "https://pkg.go.dev/vuln/GO-2025-3751", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-4673" ], "PublishedDate": "2025-06-11T17:15:42.993Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-47906", "VendorIDs": [ "GO-2025-3956" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.23.12, 1.24.6", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b6b9cffca5ca6b70aa069b499d70ec5dc0016af850fafa9c251f5e30aa821cde", "Title": "os/exec: Unexpected paths returned from LookPath in os/exec", "Description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/08/06/1", "https://access.redhat.com/errata/RHSA-2025:22005", "https://access.redhat.com/security/cve/CVE-2025-47906", "https://bugzilla.redhat.com/2396546", "https://bugzilla.redhat.com/show_bug.cgi?id=2396546", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906", "https://errata.almalinux.org/9/ALSA-2025-22005.html", "https://errata.rockylinux.org/RLSA-2025:22005", "https://go.dev/cl/691775", "https://go.dev/issue/74466", "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", "https://linux.oracle.com/cve/CVE-2025-47906.html", "https://linux.oracle.com/errata/ELSA-2025-22668.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-47906", "https://pkg.go.dev/vuln/GO-2025-3956", "https://www.cve.org/CVERecord?id=CVE-2025-47906" ], "PublishedDate": "2025-09-18T19:15:37.66Z", "LastModifiedDate": "2026-01-27T19:56:17.707Z" }, { "VulnerabilityID": "CVE-2025-47907", "VendorIDs": [ "GO-2025-3849" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.23.12, 1.24.6", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:957b47b92caea30c5a20bdae1971ba3422ff6ac65690704d2028bbb4e6d93226", "Title": "database/sql: Postgres Scan Race Condition", "Description": "Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "V3Score": 7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/08/06/1", "https://access.redhat.com/errata/RHSA-2025:20909", "https://access.redhat.com/security/cve/CVE-2025-47907", "https://bugzilla.redhat.com/2387083", "https://bugzilla.redhat.com/2393152", "https://errata.almalinux.org/9/ALSA-2025-20909.html", "https://go.dev/cl/693735", "https://go.dev/issue/74831", "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", "https://linux.oracle.com/cve/CVE-2025-47907.html", "https://linux.oracle.com/errata/ELSA-2025-20983.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-47907", "https://pkg.go.dev/vuln/GO-2025-3849", "https://www.cve.org/CVERecord?id=CVE-2025-47907" ], "PublishedDate": "2025-08-07T16:15:30.357Z", "LastModifiedDate": "2026-01-29T19:11:50.67Z" }, { "VulnerabilityID": "CVE-2025-47912", "VendorIDs": [ "GO-2025-4010" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47912", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:5b7e31ce6654356bf991da6242ee5224ce9c8a1a25d0d398073b697d0d4553e1", "Title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url", "Description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-47912", "https://go.dev/cl/709857", "https://go.dev/issue/75678", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-47912", "https://pkg.go.dev/vuln/GO-2025-4010", "https://www.cve.org/CVERecord?id=CVE-2025-47912" ], "PublishedDate": "2025-10-29T23:16:18.187Z", "LastModifiedDate": "2026-01-29T13:57:18.69Z" }, { "VulnerabilityID": "CVE-2025-58183", "VendorIDs": [ "GO-2025-4014" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58183", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:26f3683659b6d23b903513bc38fd9dc0ab5a97b9dd3939b562adbf8710a7d6db", "Title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map", "Description": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/errata/RHSA-2026:1381", "https://access.redhat.com/security/cve/CVE-2025-58183", "https://bugzilla.redhat.com/2407258", "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", "https://errata.almalinux.org/9/ALSA-2026-1381.html", "https://errata.rockylinux.org/RLSA-2025:23326", "https://go.dev/cl/709861", "https://go.dev/issue/75677", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://linux.oracle.com/cve/CVE-2025-58183.html", "https://linux.oracle.com/errata/ELSA-2026-50076.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-58183", "https://pkg.go.dev/vuln/GO-2025-4014", "https://www.cve.org/CVERecord?id=CVE-2025-58183" ], "PublishedDate": "2025-10-29T23:16:19.357Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-58185", "VendorIDs": [ "GO-2025-4011" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58185", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3add98952fa224b80d4c1ffd250f0cfb77aeae99616bae59493f069cbdd020ce", "Title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1", "Description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58185", "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd", "https://go.dev/cl/709856", "https://go.dev/issue/75671", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58185", "https://pkg.go.dev/vuln/GO-2025-4011", "https://www.cve.org/CVERecord?id=CVE-2025-58185" ], "PublishedDate": "2025-10-29T23:16:19.45Z", "LastModifiedDate": "2026-02-06T20:26:41.997Z" }, { "VulnerabilityID": "CVE-2025-58187", "VendorIDs": [ "GO-2025-4007" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.24.9, 1.25.3", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58187", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:6221e937d05c2864bd6bb2dc3c53115f97d81ebf8fd9f342d00438ab8f27f258", "Title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509", "Description": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.", "Severity": "MEDIUM", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58187", "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4", "https://go.dev/cl/709854", "https://go.dev/issue/75681", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58187", "https://pkg.go.dev/vuln/GO-2025-4007", "https://www.cve.org/CVERecord?id=CVE-2025-58187" ], "PublishedDate": "2025-10-29T23:16:19.643Z", "LastModifiedDate": "2026-01-29T16:02:27.08Z" }, { "VulnerabilityID": "CVE-2025-58188", "VendorIDs": [ "GO-2025-4013" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58188", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:cfa57f3e05f6437ce97204f89f35befd9420b14d939a7e7a33aa08f2f38c7843", "Title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509", "Description": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58188", "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9", "https://go.dev/cl/709853", "https://go.dev/issue/75675", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58188", "https://pkg.go.dev/vuln/GO-2025-4013", "https://www.cve.org/CVERecord?id=CVE-2025-58188" ], "PublishedDate": "2025-10-29T23:16:19.74Z", "LastModifiedDate": "2026-01-29T15:55:11.97Z" }, { "VulnerabilityID": "CVE-2025-58189", "VendorIDs": [ "GO-2025-4008" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58189", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:a6aafc1960afa4f843f8b57d755727989eeb2ba3aada897b6e63108626261904", "Title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information", "Description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", "Severity": "MEDIUM", "CweIDs": [ "CWE-532" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58189", "https://go.dev/cl/707776", "https://go.dev/issue/75652", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58189", "https://pkg.go.dev/vuln/GO-2025-4008", "https://www.cve.org/CVERecord?id=CVE-2025-58189" ], "PublishedDate": "2025-10-29T23:16:19.833Z", "LastModifiedDate": "2026-01-29T15:49:24.543Z" }, { "VulnerabilityID": "CVE-2025-61723", "VendorIDs": [ "GO-2025-4009" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61723", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:98e262117166ca75d1f59d8c39642fd9a1fcc8ad8681dcd47afcd9f2533cee80", "Title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem", "Description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61723", "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b", "https://go.dev/cl/709858", "https://go.dev/issue/75676", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61723", "https://pkg.go.dev/vuln/GO-2025-4009", "https://www.cve.org/CVERecord?id=CVE-2025-61723" ], "PublishedDate": "2025-10-29T23:16:19.927Z", "LastModifiedDate": "2026-01-29T15:49:05.343Z" }, { "VulnerabilityID": "CVE-2025-61724", "VendorIDs": [ "GO-2025-4015" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61724", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:453b8fc13857014f95220c866590f031d6cda2b9a180d004b8a938566058c6ea", "Title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto", "Description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61724", "https://go.dev/cl/709859", "https://go.dev/issue/75716", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61724", "https://pkg.go.dev/vuln/GO-2025-4015", "https://www.cve.org/CVERecord?id=CVE-2025-61724" ], "PublishedDate": "2025-10-29T23:16:20.02Z", "LastModifiedDate": "2026-01-29T15:30:53.69Z" }, { "VulnerabilityID": "CVE-2025-61725", "VendorIDs": [ "GO-2025-4006" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61725", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:782057f0693bdb1f7f58d4e421b320da28c5088dae9a0840a6d7fa17ccc99614", "Title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail", "Description": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61725", "https://go.dev/cl/709860", "https://go.dev/issue/75680", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61725", "https://pkg.go.dev/vuln/GO-2025-4006", "https://www.cve.org/CVERecord?id=CVE-2025-61725" ], "PublishedDate": "2025-10-29T23:16:20.113Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-61727", "VendorIDs": [ "GO-2025-4175" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.24.11, 1.25.5", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61727", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:6206511f6f1d73f83577debfce16ccdced127090afff50954041e3f5616bff26", "Title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs", "Description": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-61727", "https://go.dev/cl/723900", "https://go.dev/issue/76442", "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "https://nvd.nist.gov/vuln/detail/CVE-2025-61727", "https://pkg.go.dev/vuln/GO-2025-4175", "https://www.cve.org/CVERecord?id=CVE-2025-61727" ], "PublishedDate": "2025-12-03T20:16:25.607Z", "LastModifiedDate": "2025-12-18T20:15:10.957Z" }, { "VulnerabilityID": "CVE-2025-61728", "VendorIDs": [ "GO-2026-4342" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61728", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f569d53f380a167acff9df4a5d1d5c587802f29bd5c998987e6585930beb9821", "Title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip", "Description": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/15/4", "https://access.redhat.com/errata/RHSA-2026:3753", "https://access.redhat.com/security/cve/CVE-2025-61728", "https://bugzilla.redhat.com/2418462", "https://bugzilla.redhat.com/2434431", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", "https://bugzilla.redhat.com/show_bug.cgi?id=2434431", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-3753.html", "https://errata.rockylinux.org/RLSA-2026:3337", "https://go.dev/cl/736713", "https://go.dev/issue/77102", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-61728.html", "https://linux.oracle.com/errata/ELSA-2026-4672.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61728", "https://pkg.go.dev/vuln/GO-2026-4342", "https://www.cve.org/CVERecord?id=CVE-2025-61728" ], "PublishedDate": "2026-01-28T20:16:09.83Z", "LastModifiedDate": "2026-02-06T18:45:10.42Z" }, { "VulnerabilityID": "CVE-2025-61730", "VendorIDs": [ "GO-2026-4340" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61730", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:df66b0e3389c82664171428c2ce2831fcd713c21fc1810965397bcd924335c57", "Title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls", "Description": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 2, "azure": 1, "bitnami": 2, "cbl-mariner": 1, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-61730", "https://go.dev/cl/724120", "https://go.dev/issue/76443", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://nvd.nist.gov/vuln/detail/CVE-2025-61730", "https://pkg.go.dev/vuln/GO-2026-4340", "https://www.cve.org/CVERecord?id=CVE-2025-61730" ], "PublishedDate": "2026-01-28T20:16:09.94Z", "LastModifiedDate": "2026-02-03T20:36:41.3Z" }, { "VulnerabilityID": "CVE-2026-27142", "VendorIDs": [ "GO-2026-4603" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.25.8, 1.26.1", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27142", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:eb28418183119f561a5fae648c1de99f9d6d598420efb1ec2c63b40c76a227d3", "Title": "html/template: URLs in meta content attribute actions are not escaped in html/template", "Description": "Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27142", "https://go.dev/cl/752081", "https://go.dev/issue/77954", "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "https://nvd.nist.gov/vuln/detail/CVE-2026-27142", "https://pkg.go.dev/vuln/GO-2026-4603", "https://www.cve.org/CVERecord?id=CVE-2026-27142" ], "PublishedDate": "2026-03-06T22:16:01.177Z", "LastModifiedDate": "2026-04-21T14:30:01.38Z" }, { "VulnerabilityID": "CVE-2026-32282", "VendorIDs": [ "GO-2026-4864" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:55201a898329dd656fd5d526225d23defc384bc9307d6cfd068c633580e0b268", "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32282", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763761", "https://go.dev/issue/78293", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32282.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", "https://pkg.go.dev/vuln/GO-2026-4864", "https://www.cve.org/CVERecord?id=CVE-2026-32282" ], "PublishedDate": "2026-04-08T02:16:03.467Z", "LastModifiedDate": "2026-04-16T19:15:39.4Z" }, { "VulnerabilityID": "CVE-2026-32288", "VendorIDs": [ "GO-2026-4869" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:4fa1d5931d64ffaddeed4f274e3f068e14995dacc9b068fcad5fad9111027105", "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "azure": 2, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32288", "https://go.dev/cl/763766", "https://go.dev/issue/78301", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", "https://pkg.go.dev/vuln/GO-2026-4869", "https://www.cve.org/CVERecord?id=CVE-2026-32288" ], "PublishedDate": "2026-04-08T02:16:03.707Z", "LastModifiedDate": "2026-04-16T19:08:52.24Z" }, { "VulnerabilityID": "CVE-2026-32289", "VendorIDs": [ "GO-2026-4865" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:efb28f6d50e07a11dd5317d05b1cd20e89dae69c2c3cf92f0224fdb98f31376f", "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32289", "https://go.dev/cl/763762", "https://go.dev/issue/78331", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", "https://pkg.go.dev/vuln/GO-2026-4865", "https://www.cve.org/CVERecord?id=CVE-2026-32289" ], "PublishedDate": "2026-04-08T02:16:03.82Z", "LastModifiedDate": "2026-04-16T19:06:57.367Z" }, { "VulnerabilityID": "CVE-2026-39823", "VendorIDs": [ "GO-2026-4982" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:8e00e230f2f471bb84731e0ea4b1556a339e803e368a38083a1971836cc98139", "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/769920", "https://go.dev/issue/78913", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", "https://pkg.go.dev/vuln/GO-2026-4982" ], "PublishedDate": "2026-05-07T20:16:43.29Z", "LastModifiedDate": "2026-05-13T16:58:45.697Z" }, { "VulnerabilityID": "CVE-2026-39825", "VendorIDs": [ "GO-2026-4976" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b13b028b908425e894c7173419e77012837f72a2b5e068ed0682d6cdafeffef4", "Title": "ReverseProxy can forward queries containing parameters not visible to ...", "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", "Severity": "MEDIUM", "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://go.dev/cl/770541", "https://go.dev/issue/78948", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", "https://pkg.go.dev/vuln/GO-2026-4976" ], "PublishedDate": "2026-05-07T20:16:43.39Z", "LastModifiedDate": "2026-05-13T16:58:56.39Z" }, { "VulnerabilityID": "CVE-2026-39826", "VendorIDs": [ "GO-2026-4980" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:15640cacc7629040cea94faba3388e2db9327f78d2ed2b9b76a31b4907003594", "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", "Severity": "MEDIUM", "CweIDs": [ "CWE-116" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/771180", "https://go.dev/issue/78981", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", "https://pkg.go.dev/vuln/GO-2026-4980" ], "PublishedDate": "2026-05-07T20:16:43.49Z", "LastModifiedDate": "2026-05-13T16:59:07.48Z" } ] } ] }, { "Namespace": "gitea", "Kind": "CronJob", "Name": "mariadb-backup-job", "Metadata": [ { "Size": 401847808, "OS": { "Family": "ubuntu", "Name": "20.04", "EOSL": true }, "ImageID": "sha256:895b6c8829c35f8081afd5229fe4a2e179a646fd96b807e5fb784cd09fd2483b", "DiffIDs": [ "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20", "sha256:e5e0f54fc85f7dd4bb1311ea35493d640d9719c2facc78564a3c2eaae0ebc462", "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227", "sha256:b03ce6585035a7adcce2a273ac32c43e38ab714d791e5e1a67078c836ccc375b", "sha256:992908eeb145870620987b7a9ecd1538fab185fe01e3a9ec38766480c7dc0f10", "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d", "sha256:7cf9fe3aa27d644bd193db2cdd9319617e8bdcded73f5bf257a1495d8b57ea92", "sha256:1c44195f988bba0f2987beb739f7285d767671f28dbb816fc259c9b1c21d0cf9" ], "RepoTags": [ "mariadb:10.7.8" ], "RepoDigests": [ "mariadb@sha256:9a48ac9f196f3d4fd6fea2cab59a49df9e7ca459bf14b2f7b85a0e38a5454571" ], "Reference": "mariadb:10.7.8", "ImageConfig": { "architecture": "amd64", "container": "8b22bdca404ecc0b289883de74130ad53c4db8207f83e1a3eba910d5c9a18969", "created": "2023-04-18T02:26:04.354855496Z", "docker_version": "20.10.23", "history": [ { "created": "2023-04-13T13:05:13.496726073Z", "created_by": "/bin/sh -c #(nop) ARG RELEASE", "empty_layer": true }, { "created": "2023-04-13T13:05:13.557712287Z", "created_by": "/bin/sh -c #(nop) ARG LAUNCHPAD_BUILD_ARCH", "empty_layer": true }, { "created": "2023-04-13T13:05:13.637326115Z", "created_by": "/bin/sh -c #(nop) LABEL org.opencontainers.image.ref.name=ubuntu", "empty_layer": true }, { "created": "2023-04-13T13:05:13.704319522Z", "created_by": "/bin/sh -c #(nop) LABEL org.opencontainers.image.version=20.04", "empty_layer": true }, { "created": "2023-04-13T13:05:15.451478418Z", "created_by": "/bin/sh -c #(nop) ADD file:d05d1c0936b046937bd5755876db2f8da3ed8ccbcf464bb56c312fbc7ed78589 in / " }, { "created": "2023-04-13T13:05:15.714908196Z", "created_by": "/bin/sh -c #(nop) CMD [\"/bin/bash\"]", "empty_layer": true }, { "created": "2023-04-18T02:25:16.913240864Z", "created_by": "/bin/sh -c groupadd -r mysql \u0026\u0026 useradd -r -g mysql mysql" }, { "created": "2023-04-18T02:25:16.997468606Z", "created_by": "/bin/sh -c #(nop) ENV GOSU_VERSION=1.14", "empty_layer": true }, { "created": "2023-04-18T02:25:17.08103298Z", "created_by": "/bin/sh -c #(nop) ARG GPG_KEYS=177F4010FE56CA3336300305F1656F24C74CD1D8", "empty_layer": true }, { "created": "2023-04-18T02:25:35.975629558Z", "created_by": "|1 GPG_KEYS=177F4010FE56CA3336300305F1656F24C74CD1D8 /bin/sh -c set -eux; \tapt-get update; \tDEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \t\tca-certificates \t\tgpg \t\tgpgv \t\tlibjemalloc2 \t\tpwgen \t\ttzdata \t\txz-utils \t\tzstd ; \tsavedAptMark=\"$(apt-mark showmanual)\"; \tapt-get install -y --no-install-recommends \t\tdirmngr \t\tgpg-agent \t\twget; \trm -rf /var/lib/apt/lists/*; \tdpkgArch=\"$(dpkg --print-architecture | awk -F- '{ print $NF }')\"; \twget -q -O /usr/local/bin/gosu \"https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch\"; \twget -q -O /usr/local/bin/gosu.asc \"https://github.com/tianon/gosu/releases/download/$GOSU_VERSION/gosu-$dpkgArch.asc\"; \tGNUPGHOME=\"$(mktemp -d)\"; \texport GNUPGHOME; \tgpg --batch --keyserver hkps://keys.openpgp.org --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4; \tfor key in $GPG_KEYS; do \t\tgpg --batch --keyserver keyserver.ubuntu.com --recv-keys \"$key\"; \tdone; \tgpg --batch --export \"$GPG_KEYS\" \u003e /etc/apt/trusted.gpg.d/mariadb.gpg; \tif command -v gpgconf \u003e/dev/null; then \t\tgpgconf --kill all; \tfi; \tgpg --batch --verify /usr/local/bin/gosu.asc /usr/local/bin/gosu; \tgpgconf --kill all; \trm -rf \"$GNUPGHOME\" /usr/local/bin/gosu.asc; \tapt-mark auto '.*' \u003e /dev/null; \t[ -z \"$savedAptMark\" ] ||\tapt-mark manual $savedAptMark \u003e/dev/null; \tapt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \tchmod +x /usr/local/bin/gosu; \tgosu --version; \tgosu nobody true" }, { "created": "2023-04-18T02:25:36.54142562Z", "created_by": "|1 GPG_KEYS=177F4010FE56CA3336300305F1656F24C74CD1D8 /bin/sh -c mkdir /docker-entrypoint-initdb.d" }, { "created": "2023-04-18T02:25:36.622581314Z", "created_by": "/bin/sh -c #(nop) ENV LANG=C.UTF-8", "empty_layer": true }, { "created": "2023-04-18T02:25:36.704840537Z", "created_by": "/bin/sh -c #(nop) LABEL org.opencontainers.image.authors=MariaDB Community org.opencontainers.image.title=MariaDB Database org.opencontainers.image.description=MariaDB Database for relational SQL org.opencontainers.image.documentation=https://hub.docker.com/_/mariadb/ org.opencontainers.image.base.name=docker.io/library/ubuntu:focal org.opencontainers.image.licenses=GPL-2.0 org.opencontainers.image.source=https://github.com/MariaDB/mariadb-docker org.opencontainers.image.vendor=MariaDB Community org.opencontainers.image.version=10.7.8 org.opencontainers.image.url=https://github.com/MariaDB/mariadb-docker", "empty_layer": true }, { "created": "2023-04-18T02:25:36.790323935Z", "created_by": "/bin/sh -c #(nop) ARG MARIADB_MAJOR=10.7", "empty_layer": true }, { "created": "2023-04-18T02:25:36.876741874Z", "created_by": "/bin/sh -c #(nop) ENV MARIADB_MAJOR=10.7", "empty_layer": true }, { "created": "2023-04-18T02:25:36.965346145Z", "created_by": "/bin/sh -c #(nop) ARG MARIADB_VERSION=1:10.7.8+maria~ubu2004", "empty_layer": true }, { "created": "2023-04-18T02:25:37.049419355Z", "created_by": "/bin/sh -c #(nop) ENV MARIADB_VERSION=1:10.7.8+maria~ubu2004", "empty_layer": true }, { "created": "2023-04-18T02:25:37.132419958Z", "created_by": "/bin/sh -c #(nop) ARG REPOSITORY=http://archive.mariadb.org/mariadb-10.7.8/repo/ubuntu/ focal main", "empty_layer": true }, { "created": "2023-04-18T02:25:37.636803336Z", "created_by": "|2 GPG_KEYS=177F4010FE56CA3336300305F1656F24C74CD1D8 REPOSITORY=http://archive.mariadb.org/mariadb-10.7.8/repo/ubuntu/ focal main /bin/sh -c set -e;\techo \"deb ${REPOSITORY}\" \u003e /etc/apt/sources.list.d/mariadb.list; \t{ \t\techo 'Package: *'; \t\techo 'Pin: release o=MariaDB'; \t\techo 'Pin-Priority: 999'; \t} \u003e /etc/apt/preferences.d/mariadb" }, { "created": "2023-04-18T02:26:03.284314995Z", "created_by": "|2 GPG_KEYS=177F4010FE56CA3336300305F1656F24C74CD1D8 REPOSITORY=http://archive.mariadb.org/mariadb-10.7.8/repo/ubuntu/ focal main /bin/sh -c set -ex; \t{ \t\techo \"mariadb-server-$MARIADB_MAJOR\" mysql-server/root_password password 'unused'; \t\techo \"mariadb-server-$MARIADB_MAJOR\" mysql-server/root_password_again password 'unused'; \t} | debconf-set-selections; \tapt-get update; \tapt-get install -y --no-install-recommends mariadb-server=\"$MARIADB_VERSION\" mariadb-backup socat \t; \trm -rf /var/lib/apt/lists/*; \trm -rf /var/lib/mysql; \tmkdir -p /var/lib/mysql /var/run/mysqld; \tchown -R mysql:mysql /var/lib/mysql /var/run/mysqld; \tchmod 777 /var/run/mysqld; \tfind /etc/mysql/ -name '*.cnf' -print0 \t\t| xargs -0 grep -lZE '^(bind-address|log|user\\s)' \t\t| xargs -rt -0 sed -Ei 's/^(bind-address|log|user\\s)/#\u0026/'; \tprintf \"[mariadb]\\nhost-cache-size=0\\nskip-name-resolve\\n\" \u003e /etc/mysql/mariadb.conf.d/05-skipcache.cnf; \tif [ -L /etc/mysql/my.cnf ]; then \t\tsed -i -e '/includedir/ {N;s/\\(.*\\)\\n\\(.*\\)/\\n\\2\\n\\1/}' /etc/mysql/mariadb.cnf; \tfi" }, { "created": "2023-04-18T02:26:03.894441855Z", "created_by": "/bin/sh -c #(nop) VOLUME [/var/lib/mysql]", "empty_layer": true }, { "created": "2023-04-18T02:26:03.995686971Z", "created_by": "/bin/sh -c #(nop) COPY file:cee75098a882f7d33ad2c4c4325b29adc56fc66450e6cee3711d5a1af1bda714 in /usr/local/bin/healthcheck.sh " }, { "created": "2023-04-18T02:26:04.091124973Z", "created_by": "/bin/sh -c #(nop) COPY file:ebdfbcbc74dda1874f1c75d86e1c32733edb402d13440b2b7140a952010bc21f in /usr/local/bin/ " }, { "created": "2023-04-18T02:26:04.176557383Z", "created_by": "/bin/sh -c #(nop) ENTRYPOINT [\"docker-entrypoint.sh\"]", "empty_layer": true }, { "created": "2023-04-18T02:26:04.26544875Z", "created_by": "/bin/sh -c #(nop) EXPOSE 3306", "empty_layer": true }, { "created": "2023-04-18T02:26:04.354855496Z", "created_by": "/bin/sh -c #(nop) CMD [\"mariadbd\"]", "empty_layer": true } ], "os": "linux", "rootfs": { "type": "layers", "diff_ids": [ "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20", "sha256:e5e0f54fc85f7dd4bb1311ea35493d640d9719c2facc78564a3c2eaae0ebc462", "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227", "sha256:b03ce6585035a7adcce2a273ac32c43e38ab714d791e5e1a67078c836ccc375b", "sha256:992908eeb145870620987b7a9ecd1538fab185fe01e3a9ec38766480c7dc0f10", "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d", "sha256:7cf9fe3aa27d644bd193db2cdd9319617e8bdcded73f5bf257a1495d8b57ea92", "sha256:1c44195f988bba0f2987beb739f7285d767671f28dbb816fc259c9b1c21d0cf9" ] }, "config": { "Cmd": [ "mariadbd" ], "Entrypoint": [ "docker-entrypoint.sh" ], "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "GOSU_VERSION=1.14", "LANG=C.UTF-8", "MARIADB_MAJOR=10.7", "MARIADB_VERSION=1:10.7.8+maria~ubu2004" ], "Image": "sha256:debc8f5123f31a10ce40605b47621d700f71022f610514046e34b9530cf8415b", "Labels": { "org.opencontainers.image.authors": "MariaDB Community", "org.opencontainers.image.base.name": "docker.io/library/ubuntu:focal", "org.opencontainers.image.description": "MariaDB Database for relational SQL", "org.opencontainers.image.documentation": "https://hub.docker.com/_/mariadb/", "org.opencontainers.image.licenses": "GPL-2.0", "org.opencontainers.image.ref.name": "ubuntu", "org.opencontainers.image.source": "https://github.com/MariaDB/mariadb-docker", "org.opencontainers.image.title": "MariaDB Database", "org.opencontainers.image.url": "https://github.com/MariaDB/mariadb-docker", "org.opencontainers.image.vendor": "MariaDB Community", "org.opencontainers.image.version": "10.7.8" }, "Volumes": { "/var/lib/mysql": {} }, "ExposedPorts": { "3306/tcp": {} } } }, "Layers": [ { "Size": 75160576, "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, { "Size": 338432, "Digest": "sha256:b8bc823a83fdf1329ae53f092d8f3641a60f92ee9f69e8785f5a3fd046eee30f", "DiffID": "sha256:e5e0f54fc85f7dd4bb1311ea35493d640d9719c2facc78564a3c2eaae0ebc462" }, { "Size": 19365376, "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, { "Size": 2048, "Digest": "sha256:b5660ff630580a5fee05c112e916f0bbca3234820aea68e604a23dba51f23d65", "DiffID": "sha256:b03ce6585035a7adcce2a273ac32c43e38ab714d791e5e1a67078c836ccc375b" }, { "Size": 5120, "Digest": "sha256:8b13582f0741982078be0add491f4d0662adad57d09a34a8abb34b7bc5be8896", "DiffID": "sha256:992908eeb145870620987b7a9ecd1538fab185fe01e3a9ec38766480c7dc0f10" }, { "Size": 306940928, "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, { "Size": 12288, "Digest": "sha256:6e4fbbea63e0936e45c5f62878243de963a19e359da68f8c9c9a189fd8568420", "DiffID": "sha256:7cf9fe3aa27d644bd193db2cdd9319617e8bdcded73f5bf257a1495d8b57ea92" }, { "Size": 23040, "Digest": "sha256:d3da1767155997ce7c8d108928c0ef1e3f3395a12cb611f0858d12a80c8af674", "DiffID": "sha256:1c44195f988bba0f2987beb739f7285d767671f28dbb816fc259c9b1c21d0cf9" } ] } ], "Results": [ { "Target": "mariadb:10.7.8 (ubuntu 20.04)", "Class": "os-pkgs", "Type": "ubuntu", "Packages": [ { "ID": "adduser@3.118ubuntu2", "Name": "adduser", "Identifier": { "PURL": "pkg:deb/ubuntu/adduser@3.118ubuntu2?arch=all\u0026distro=ubuntu-20.04", "UID": "1305e599e05e2743" }, "Version": "3.118ubuntu2", "Arch": "all", "SrcName": "adduser", "SrcVersion": "3.118ubuntu2", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Ubuntu Core Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debconf@1.5.73", "passwd@1:4.8.1-1ubuntu5.20.04.4" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/sbin/adduser", "/usr/sbin/deluser", "/usr/share/adduser/adduser.conf", "/usr/share/doc/adduser/TODO", "/usr/share/doc/adduser/changelog.gz", "/usr/share/doc/adduser/copyright", "/usr/share/doc/adduser/examples/INSTALL", "/usr/share/doc/adduser/examples/README.gz", "/usr/share/doc/adduser/examples/adduser.local", "/usr/share/doc/adduser/examples/adduser.local.conf", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/adduser.conf", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/bash.bashrc", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/profile", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel.other/index.html", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bash_logout", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bash_profile", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bashrc", "/usr/share/man/da/man5/adduser.conf.5.gz", "/usr/share/man/da/man5/deluser.conf.5.gz", "/usr/share/man/da/man8/adduser.8.gz", "/usr/share/man/da/man8/deluser.8.gz", "/usr/share/man/de/man5/adduser.conf.5.gz", "/usr/share/man/de/man5/deluser.conf.5.gz", "/usr/share/man/de/man8/adduser.8.gz", "/usr/share/man/de/man8/deluser.8.gz", "/usr/share/man/es/man5/adduser.conf.5.gz", "/usr/share/man/es/man5/deluser.conf.5.gz", "/usr/share/man/es/man8/adduser.8.gz", "/usr/share/man/es/man8/deluser.8.gz", "/usr/share/man/fr/man5/adduser.conf.5.gz", "/usr/share/man/fr/man5/deluser.conf.5.gz", "/usr/share/man/fr/man8/adduser.8.gz", "/usr/share/man/fr/man8/deluser.8.gz", "/usr/share/man/it/man5/adduser.conf.5.gz", "/usr/share/man/it/man5/deluser.conf.5.gz", "/usr/share/man/it/man8/adduser.8.gz", "/usr/share/man/it/man8/deluser.8.gz", "/usr/share/man/man5/adduser.conf.5.gz", "/usr/share/man/man5/deluser.conf.5.gz", "/usr/share/man/man8/adduser.8.gz", "/usr/share/man/man8/deluser.8.gz", "/usr/share/man/pl/man5/adduser.conf.5.gz", "/usr/share/man/pl/man5/deluser.conf.5.gz", "/usr/share/man/pl/man8/adduser.8.gz", "/usr/share/man/pl/man8/deluser.8.gz", "/usr/share/man/pt/man5/adduser.conf.5.gz", "/usr/share/man/pt/man5/deluser.conf.5.gz", "/usr/share/man/pt/man8/adduser.8.gz", "/usr/share/man/pt/man8/deluser.8.gz", "/usr/share/man/ru/man5/adduser.conf.5.gz", "/usr/share/man/ru/man5/deluser.conf.5.gz", "/usr/share/man/ru/man8/adduser.8.gz", "/usr/share/man/ru/man8/deluser.8.gz", "/usr/share/man/sv/man5/adduser.conf.5.gz", "/usr/share/man/sv/man5/deluser.conf.5.gz", "/usr/share/man/sv/man8/adduser.8.gz", "/usr/share/man/sv/man8/deluser.8.gz", "/usr/share/perl5/Debian/AdduserCommon.pm" ], "AnalyzedBy": "dpkg" }, { "ID": "apt@2.0.9", "Name": "apt", "Identifier": { "PURL": "pkg:deb/ubuntu/apt@2.0.9?arch=amd64\u0026distro=ubuntu-20.04", "UID": "a4e6a5232e3c5d53" }, "Version": "2.0.9", "Arch": "amd64", "SrcName": "apt", "SrcVersion": "2.0.9", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "adduser@3.118ubuntu2", "gpgv@2.2.19-3ubuntu2.2", "libapt-pkg6.0@2.0.9", "libc6@2.31-0ubuntu9.9", "libgcc-s1@10.3.0-1ubuntu1~20.04", "libgnutls30@3.6.13-2ubuntu1.8", "libseccomp2@2.5.1-1ubuntu1~20.04.2", "libstdc++6@10.3.0-1ubuntu1~20.04", "libsystemd0@245.4-4ubuntu3.21", "ubuntu-keyring@2020.02.11.4" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/systemd/system/apt-daily-upgrade.service", "/lib/systemd/system/apt-daily-upgrade.timer", "/lib/systemd/system/apt-daily.service", "/lib/systemd/system/apt-daily.timer", "/usr/bin/apt", "/usr/bin/apt-cache", "/usr/bin/apt-cdrom", "/usr/bin/apt-config", "/usr/bin/apt-get", "/usr/bin/apt-key", "/usr/bin/apt-mark", "/usr/lib/apt/apt-helper", "/usr/lib/apt/apt.systemd.daily", "/usr/lib/apt/methods/cdrom", "/usr/lib/apt/methods/copy", "/usr/lib/apt/methods/file", "/usr/lib/apt/methods/ftp", "/usr/lib/apt/methods/gpgv", "/usr/lib/apt/methods/http", "/usr/lib/apt/methods/mirror", "/usr/lib/apt/methods/rred", "/usr/lib/apt/methods/rsh", "/usr/lib/apt/methods/store", "/usr/lib/apt/solvers/dump", "/usr/lib/dpkg/methods/apt/desc.apt", "/usr/lib/dpkg/methods/apt/install", "/usr/lib/dpkg/methods/apt/names", "/usr/lib/dpkg/methods/apt/setup", "/usr/lib/dpkg/methods/apt/update", "/usr/lib/x86_64-linux-gnu/libapt-private.so.0.0.0", "/usr/share/bash-completion/completions/apt", "/usr/share/bug/apt/script", "/usr/share/doc/apt/copyright", "/usr/share/doc/apt/examples/apt.conf", "/usr/share/doc/apt/examples/configure-index", "/usr/share/doc/apt/examples/preferences", "/usr/share/doc/apt/examples/sources.list", "/usr/share/lintian/overrides/apt", "/usr/share/locale/ar/LC_MESSAGES/apt.mo", "/usr/share/locale/ast/LC_MESSAGES/apt.mo", "/usr/share/locale/bg/LC_MESSAGES/apt.mo", "/usr/share/locale/bs/LC_MESSAGES/apt.mo", "/usr/share/locale/ca/LC_MESSAGES/apt.mo", "/usr/share/locale/cs/LC_MESSAGES/apt.mo", "/usr/share/locale/cy/LC_MESSAGES/apt.mo", "/usr/share/locale/da/LC_MESSAGES/apt.mo", "/usr/share/locale/de/LC_MESSAGES/apt.mo", "/usr/share/locale/dz/LC_MESSAGES/apt.mo", "/usr/share/locale/el/LC_MESSAGES/apt.mo", "/usr/share/locale/es/LC_MESSAGES/apt.mo", "/usr/share/locale/eu/LC_MESSAGES/apt.mo", "/usr/share/locale/fi/LC_MESSAGES/apt.mo", "/usr/share/locale/fr/LC_MESSAGES/apt.mo", "/usr/share/locale/gl/LC_MESSAGES/apt.mo", "/usr/share/locale/hu/LC_MESSAGES/apt.mo", "/usr/share/locale/it/LC_MESSAGES/apt.mo", "/usr/share/locale/ja/LC_MESSAGES/apt.mo", "/usr/share/locale/km/LC_MESSAGES/apt.mo", "/usr/share/locale/ko/LC_MESSAGES/apt.mo", "/usr/share/locale/ku/LC_MESSAGES/apt.mo", "/usr/share/locale/lt/LC_MESSAGES/apt.mo", "/usr/share/locale/mr/LC_MESSAGES/apt.mo", "/usr/share/locale/nb/LC_MESSAGES/apt.mo", "/usr/share/locale/ne/LC_MESSAGES/apt.mo", "/usr/share/locale/nl/LC_MESSAGES/apt.mo", "/usr/share/locale/nn/LC_MESSAGES/apt.mo", "/usr/share/locale/pl/LC_MESSAGES/apt.mo", "/usr/share/locale/pt/LC_MESSAGES/apt.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/apt.mo", "/usr/share/locale/ro/LC_MESSAGES/apt.mo", "/usr/share/locale/ru/LC_MESSAGES/apt.mo", "/usr/share/locale/sk/LC_MESSAGES/apt.mo", "/usr/share/locale/sl/LC_MESSAGES/apt.mo", "/usr/share/locale/sv/LC_MESSAGES/apt.mo", "/usr/share/locale/th/LC_MESSAGES/apt.mo", "/usr/share/locale/tl/LC_MESSAGES/apt.mo", "/usr/share/locale/tr/LC_MESSAGES/apt.mo", "/usr/share/locale/uk/LC_MESSAGES/apt.mo", "/usr/share/locale/vi/LC_MESSAGES/apt.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/apt.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/apt.mo", "/usr/share/man/de/man1/apt-transport-http.1.gz", "/usr/share/man/de/man1/apt-transport-https.1.gz", "/usr/share/man/de/man1/apt-transport-mirror.1.gz", "/usr/share/man/de/man5/apt.conf.5.gz", "/usr/share/man/de/man5/apt_auth.conf.5.gz", "/usr/share/man/de/man5/apt_preferences.5.gz", "/usr/share/man/de/man5/sources.list.5.gz", "/usr/share/man/de/man8/apt-cache.8.gz", "/usr/share/man/de/man8/apt-cdrom.8.gz", "/usr/share/man/de/man8/apt-config.8.gz", "/usr/share/man/de/man8/apt-get.8.gz", "/usr/share/man/de/man8/apt-key.8.gz", "/usr/share/man/de/man8/apt-mark.8.gz", "/usr/share/man/de/man8/apt-secure.8.gz", "/usr/share/man/de/man8/apt.8.gz", "/usr/share/man/es/man5/apt_preferences.5.gz", "/usr/share/man/es/man8/apt-cache.8.gz", "/usr/share/man/es/man8/apt-cdrom.8.gz", "/usr/share/man/es/man8/apt-config.8.gz", "/usr/share/man/fr/man1/apt-transport-http.1.gz", "/usr/share/man/fr/man1/apt-transport-https.1.gz", "/usr/share/man/fr/man1/apt-transport-mirror.1.gz", "/usr/share/man/fr/man5/apt.conf.5.gz", "/usr/share/man/fr/man5/apt_auth.conf.5.gz", "/usr/share/man/fr/man5/apt_preferences.5.gz", "/usr/share/man/fr/man5/sources.list.5.gz", "/usr/share/man/fr/man8/apt-cache.8.gz", "/usr/share/man/fr/man8/apt-cdrom.8.gz", "/usr/share/man/fr/man8/apt-config.8.gz", "/usr/share/man/fr/man8/apt-get.8.gz", "/usr/share/man/fr/man8/apt-key.8.gz", "/usr/share/man/fr/man8/apt-mark.8.gz", "/usr/share/man/fr/man8/apt-secure.8.gz", "/usr/share/man/fr/man8/apt.8.gz", "/usr/share/man/it/man5/apt.conf.5.gz", "/usr/share/man/it/man5/apt_preferences.5.gz", "/usr/share/man/it/man5/sources.list.5.gz", "/usr/share/man/it/man8/apt-cache.8.gz", "/usr/share/man/it/man8/apt-cdrom.8.gz", "/usr/share/man/it/man8/apt-config.8.gz", "/usr/share/man/it/man8/apt-get.8.gz", "/usr/share/man/it/man8/apt-key.8.gz", "/usr/share/man/it/man8/apt-mark.8.gz", "/usr/share/man/it/man8/apt-secure.8.gz", "/usr/share/man/it/man8/apt.8.gz", "/usr/share/man/ja/man5/apt.conf.5.gz", "/usr/share/man/ja/man5/apt_preferences.5.gz", "/usr/share/man/ja/man5/sources.list.5.gz", "/usr/share/man/ja/man8/apt-cache.8.gz", "/usr/share/man/ja/man8/apt-cdrom.8.gz", "/usr/share/man/ja/man8/apt-config.8.gz", "/usr/share/man/ja/man8/apt-get.8.gz", "/usr/share/man/ja/man8/apt-key.8.gz", "/usr/share/man/ja/man8/apt-mark.8.gz", "/usr/share/man/ja/man8/apt-secure.8.gz", "/usr/share/man/ja/man8/apt.8.gz", "/usr/share/man/man1/apt-transport-http.1.gz", "/usr/share/man/man1/apt-transport-https.1.gz", "/usr/share/man/man1/apt-transport-mirror.1.gz", "/usr/share/man/man5/apt.conf.5.gz", "/usr/share/man/man5/apt_auth.conf.5.gz", "/usr/share/man/man5/apt_preferences.5.gz", "/usr/share/man/man5/sources.list.5.gz", "/usr/share/man/man7/apt-patterns.7.gz", "/usr/share/man/man8/apt-cache.8.gz", "/usr/share/man/man8/apt-cdrom.8.gz", "/usr/share/man/man8/apt-config.8.gz", "/usr/share/man/man8/apt-get.8.gz", "/usr/share/man/man8/apt-key.8.gz", "/usr/share/man/man8/apt-mark.8.gz", "/usr/share/man/man8/apt-secure.8.gz", "/usr/share/man/man8/apt.8.gz", "/usr/share/man/nl/man1/apt-transport-http.1.gz", "/usr/share/man/nl/man1/apt-transport-https.1.gz", "/usr/share/man/nl/man1/apt-transport-mirror.1.gz", "/usr/share/man/nl/man5/apt.conf.5.gz", "/usr/share/man/nl/man5/apt_auth.conf.5.gz", "/usr/share/man/nl/man5/apt_preferences.5.gz", "/usr/share/man/nl/man5/sources.list.5.gz", "/usr/share/man/nl/man8/apt-cache.8.gz", "/usr/share/man/nl/man8/apt-cdrom.8.gz", "/usr/share/man/nl/man8/apt-config.8.gz", "/usr/share/man/nl/man8/apt-get.8.gz", "/usr/share/man/nl/man8/apt-key.8.gz", "/usr/share/man/nl/man8/apt-mark.8.gz", "/usr/share/man/nl/man8/apt-secure.8.gz", "/usr/share/man/nl/man8/apt.8.gz", "/usr/share/man/pl/man5/apt_preferences.5.gz", "/usr/share/man/pl/man8/apt-cache.8.gz", "/usr/share/man/pl/man8/apt-cdrom.8.gz", "/usr/share/man/pl/man8/apt-config.8.gz", "/usr/share/man/pt/man1/apt-transport-http.1.gz", "/usr/share/man/pt/man1/apt-transport-https.1.gz", "/usr/share/man/pt/man1/apt-transport-mirror.1.gz", "/usr/share/man/pt/man5/apt.conf.5.gz", "/usr/share/man/pt/man5/apt_auth.conf.5.gz", "/usr/share/man/pt/man5/apt_preferences.5.gz", "/usr/share/man/pt/man5/sources.list.5.gz", "/usr/share/man/pt/man8/apt-cache.8.gz", "/usr/share/man/pt/man8/apt-cdrom.8.gz", "/usr/share/man/pt/man8/apt-config.8.gz", "/usr/share/man/pt/man8/apt-get.8.gz", "/usr/share/man/pt/man8/apt-key.8.gz", "/usr/share/man/pt/man8/apt-mark.8.gz", "/usr/share/man/pt/man8/apt-secure.8.gz", "/usr/share/man/pt/man8/apt.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "base-files@11ubuntu5.7", "Name": "base-files", "Identifier": { "PURL": "pkg:deb/ubuntu/base-files@11ubuntu5.7?arch=amd64\u0026distro=ubuntu-20.04", "UID": "a5180b5a90fc72da" }, "Version": "11ubuntu5.7", "Arch": "amd64", "SrcName": "base-files", "SrcVersion": "11ubuntu5.7", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libcrypt1@1:4.4.10-10ubuntu4" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/systemd/system/motd-news.service", "/lib/systemd/system/motd-news.timer", "/usr/bin/locale-check", "/usr/lib/os-release", "/usr/share/base-files/dot.bashrc", "/usr/share/base-files/dot.profile", "/usr/share/base-files/dot.profile.md5sums", "/usr/share/base-files/info.dir", "/usr/share/base-files/motd", "/usr/share/base-files/networks", "/usr/share/base-files/profile", "/usr/share/base-files/profile.md5sums", "/usr/share/base-files/staff-group-for-usr-local", "/usr/share/common-licenses/Apache-2.0", "/usr/share/common-licenses/Artistic", "/usr/share/common-licenses/BSD", "/usr/share/common-licenses/CC0-1.0", "/usr/share/common-licenses/GFDL-1.2", "/usr/share/common-licenses/GFDL-1.3", "/usr/share/common-licenses/GPL-1", "/usr/share/common-licenses/GPL-2", "/usr/share/common-licenses/GPL-3", "/usr/share/common-licenses/LGPL-2", "/usr/share/common-licenses/LGPL-2.1", "/usr/share/common-licenses/LGPL-3", "/usr/share/common-licenses/MPL-1.1", "/usr/share/common-licenses/MPL-2.0", "/usr/share/doc/base-files/README", "/usr/share/doc/base-files/README.FHS", "/usr/share/doc/base-files/changelog.gz", "/usr/share/doc/base-files/copyright", "/usr/share/lintian/overrides/base-files" ], "AnalyzedBy": "dpkg" }, { "ID": "base-passwd@3.5.47", "Name": "base-passwd", "Identifier": { "PURL": "pkg:deb/ubuntu/base-passwd@3.5.47?arch=amd64\u0026distro=ubuntu-20.04", "UID": "39e258627f1fe698" }, "Version": "3.5.47", "Arch": "amd64", "SrcName": "base-passwd", "SrcVersion": "3.5.47", "Licenses": [ "GPL-2.0-only", "PD" ], "Maintainer": "Colin Watson \u003ccjwatson@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libdebconfclient0@0.251ubuntu1" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/sbin/update-passwd", "/usr/share/base-passwd/group.master", "/usr/share/base-passwd/passwd.master", "/usr/share/doc-base/users-and-groups", "/usr/share/doc/base-passwd/README", "/usr/share/doc/base-passwd/changelog.gz", "/usr/share/doc/base-passwd/copyright", "/usr/share/doc/base-passwd/users-and-groups.html", "/usr/share/doc/base-passwd/users-and-groups.txt.gz", "/usr/share/lintian/overrides/base-passwd", "/usr/share/man/de/man8/update-passwd.8.gz", "/usr/share/man/es/man8/update-passwd.8.gz", "/usr/share/man/fr/man8/update-passwd.8.gz", "/usr/share/man/ja/man8/update-passwd.8.gz", "/usr/share/man/man8/update-passwd.8.gz", "/usr/share/man/pl/man8/update-passwd.8.gz", "/usr/share/man/ru/man8/update-passwd.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "bash@5.0-6ubuntu1.2", "Name": "bash", "Identifier": { "PURL": "pkg:deb/ubuntu/bash@5.0-6ubuntu1.2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "63630bb56302d371" }, "Version": "5.0", "Release": "6ubuntu1.2", "Arch": "amd64", "SrcName": "bash", "SrcVersion": "5.0", "SrcRelease": "6ubuntu1.2", "Licenses": [ "GPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "base-files@11ubuntu5.7", "debianutils@4.9.1" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/bin/bash", "/usr/bin/bashbug", "/usr/bin/clear_console", "/usr/share/doc/bash/COMPAT.gz", "/usr/share/doc/bash/INTRO.gz", "/usr/share/doc/bash/NEWS.gz", "/usr/share/doc/bash/POSIX.gz", "/usr/share/doc/bash/RBASH", "/usr/share/doc/bash/README.Debian.gz", "/usr/share/doc/bash/README.abs-guide", "/usr/share/doc/bash/README.commands.gz", "/usr/share/doc/bash/README.gz", "/usr/share/doc/bash/changelog.Debian.gz", "/usr/share/doc/bash/copyright", "/usr/share/doc/bash/inputrc.arrows", "/usr/share/lintian/overrides/bash", "/usr/share/man/man1/bash.1.gz", "/usr/share/man/man1/bashbug.1.gz", "/usr/share/man/man1/clear_console.1.gz", "/usr/share/man/man1/rbash.1.gz", "/usr/share/man/man7/bash-builtins.7.gz", "/usr/share/menu/bash" ], "AnalyzedBy": "dpkg" }, { "ID": "bsdutils@1:2.34-0.1ubuntu9.3", "Name": "bsdutils", "Identifier": { "PURL": "pkg:deb/ubuntu/bsdutils@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "c2f19fe3db589c3b" }, "Version": "2.34", "Release": "0.1ubuntu9.3", "Epoch": 1, "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.34", "SrcRelease": "0.1ubuntu9.3", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "public-domain", "BSD-4-Clause", "MIT", "BSD-2-Clause", "BSD-3-Clause", "LGPL-2.0-or-later", "LGPL-2.1-or-later", "GPL-3.0-or-later", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/bin/logger", "/usr/bin/renice", "/usr/bin/script", "/usr/bin/scriptreplay", "/usr/bin/wall", "/usr/share/bash-completion/completions/logger", "/usr/share/bash-completion/completions/renice", "/usr/share/bash-completion/completions/script", "/usr/share/bash-completion/completions/scriptreplay", "/usr/share/bash-completion/completions/wall", "/usr/share/doc/bsdutils/changelog.Debian.gz", "/usr/share/doc/bsdutils/copyright", "/usr/share/lintian/overrides/bsdutils", "/usr/share/man/man1/logger.1.gz", "/usr/share/man/man1/renice.1.gz", "/usr/share/man/man1/script.1.gz", "/usr/share/man/man1/scriptreplay.1.gz", "/usr/share/man/man1/wall.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "bzip2@1.0.8-2", "Name": "bzip2", "Identifier": { "PURL": "pkg:deb/ubuntu/bzip2@1.0.8-2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "8421c1f7cecd080f" }, "Version": "1.0.8", "Release": "2", "Arch": "amd64", "SrcName": "bzip2", "SrcVersion": "1.0.8", "SrcRelease": "2", "Licenses": [ "BSD-3-Clause", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libbz2-1.0@1.0.8-2", "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/bin/bunzip2", "/bin/bzcat", "/bin/bzdiff", "/bin/bzexe", "/bin/bzgrep", "/bin/bzip2", "/bin/bzip2recover", "/bin/bzmore", "/usr/share/doc/bzip2/copyright", "/usr/share/man/man1/bzdiff.1.gz", "/usr/share/man/man1/bzexe.1.gz", "/usr/share/man/man1/bzgrep.1.gz", "/usr/share/man/man1/bzip2.1.gz", "/usr/share/man/man1/bzmore.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "ca-certificates@20211016ubuntu0.20.04.1", "Name": "ca-certificates", "Identifier": { "PURL": "pkg:deb/ubuntu/ca-certificates@20211016ubuntu0.20.04.1?arch=all\u0026distro=ubuntu-20.04", "UID": "ef025fc6e4caa49c" }, "Version": "20211016ubuntu0.20.04.1", "Arch": "all", "SrcName": "ca-certificates", "SrcVersion": "20211016ubuntu0.20.04.1", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "MPL-2.0" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debconf@1.5.73", "openssl@1.1.1f-1ubuntu2.17" ], "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "InstalledFiles": [ "/usr/sbin/update-ca-certificates", "/usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt", "/usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt", "/usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt", "/usr/share/ca-certificates/mozilla/ANF_Secure_Server_Root_CA.crt", "/usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt", "/usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt", "/usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt", "/usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt", "/usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt", "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt", "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt", "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt", "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt", "/usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt", "/usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt", "/usr/share/ca-certificates/mozilla/Baltimore_CyberTrust_Root.crt", "/usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt", "/usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt", "/usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt", "/usr/share/ca-certificates/mozilla/CFCA_EV_ROOT.crt", "/usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/Certigna.crt", "/usr/share/ca-certificates/mozilla/Certigna_Root_CA.crt", "/usr/share/ca-certificates/mozilla/Certum_EC-384_CA.crt", "/usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt", "/usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt", "/usr/share/ca-certificates/mozilla/Certum_Trusted_Root_CA.crt", "/usr/share/ca-certificates/mozilla/Comodo_AAA_Services_root.crt", "/usr/share/ca-certificates/mozilla/Cybertrust_Global_Root.crt", "/usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt", "/usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt", "/usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt", "/usr/share/ca-certificates/mozilla/E-Tugra_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/EC-ACC.crt", "/usr/share/ca-certificates/mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt", "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt", "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt", "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G4.crt", "/usr/share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt", "/usr/share/ca-certificates/mozilla/GLOBALTRUST_2020.crt", "/usr/share/ca-certificates/mozilla/GTS_Root_R1.crt", "/usr/share/ca-certificates/mozilla/GTS_Root_R2.crt", "/usr/share/ca-certificates/mozilla/GTS_Root_R3.crt", "/usr/share/ca-certificates/mozilla/GTS_Root_R4.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R2.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_Root_E46.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_Root_R46.crt", "/usr/share/ca-certificates/mozilla/Go_Daddy_Class_2_CA.crt", "/usr/share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt", "/usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt", "/usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt", "/usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt", "/usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_1.crt", "/usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt", "/usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt", "/usr/share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt", "/usr/share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt", "/usr/share/ca-certificates/mozilla/Izenpe.com.crt", "/usr/share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt", "/usr/share/ca-certificates/mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt", "/usr/share/ca-certificates/mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt", "/usr/share/ca-certificates/mozilla/NAVER_Global_Root_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt", "/usr/share/ca-certificates/mozilla/Network_Solutions_Certificate_Authority.crt", "/usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt", "/usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt", "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt", "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt", "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt", "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt", "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt", "/usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt", "/usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt", "/usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt", "/usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt", "/usr/share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt", "/usr/share/ca-certificates/mozilla/SecureSign_RootCA11.crt", "/usr/share/ca-certificates/mozilla/SecureTrust_CA.crt", "/usr/share/ca-certificates/mozilla/Secure_Global_CA.crt", "/usr/share/ca-certificates/mozilla/Security_Communication_RootCA2.crt", "/usr/share/ca-certificates/mozilla/Security_Communication_Root_CA.crt", "/usr/share/ca-certificates/mozilla/Staat_der_Nederlanden_EV_Root_CA.crt", "/usr/share/ca-certificates/mozilla/Starfield_Class_2_CA.crt", "/usr/share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt", "/usr/share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt", "/usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt", "/usr/share/ca-certificates/mozilla/SwissSign_Silver_CA_-_G2.crt", "/usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt", "/usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt", "/usr/share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt", "/usr/share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt", "/usr/share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt", "/usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/UCA_Extended_Validation_Root.crt", "/usr/share/ca-certificates/mozilla/UCA_Global_G2_Root.crt", "/usr/share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/XRamp_Global_CA_Root.crt", "/usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt", "/usr/share/ca-certificates/mozilla/certSIGN_Root_CA_G2.crt", "/usr/share/ca-certificates/mozilla/e-Szigno_Root_CA_2017.crt", "/usr/share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_C3.crt", "/usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_G3.crt", "/usr/share/ca-certificates/mozilla/emSign_Root_CA_-_C1.crt", "/usr/share/ca-certificates/mozilla/emSign_Root_CA_-_G1.crt", "/usr/share/doc/ca-certificates/README.Debian", "/usr/share/doc/ca-certificates/changelog.gz", "/usr/share/doc/ca-certificates/copyright", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/Makefile", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/README", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/ca-certificates-local.triggers", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/changelog", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/compat", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/control", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/copyright", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/postrm", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/rules", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/source/format", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/local/Local_Root_CA.crt", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/local/Makefile", "/usr/share/man/man8/update-ca-certificates.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "coreutils@8.30-3ubuntu2", "Name": "coreutils", "Identifier": { "PURL": "pkg:deb/ubuntu/coreutils@8.30-3ubuntu2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "186bbd0abf222082" }, "Version": "8.30", "Release": "3ubuntu2", "Arch": "amd64", "SrcName": "coreutils", "SrcVersion": "8.30", "SrcRelease": "3ubuntu2", "Licenses": [ "GPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/bin/cat", "/bin/chgrp", "/bin/chmod", "/bin/chown", "/bin/cp", "/bin/date", "/bin/dd", "/bin/df", "/bin/dir", "/bin/echo", "/bin/false", "/bin/ln", "/bin/ls", "/bin/mkdir", "/bin/mknod", "/bin/mktemp", "/bin/mv", "/bin/pwd", "/bin/readlink", "/bin/rm", "/bin/rmdir", "/bin/sleep", "/bin/stty", "/bin/sync", "/bin/touch", "/bin/true", "/bin/uname", "/bin/vdir", "/usr/bin/[", "/usr/bin/arch", "/usr/bin/b2sum", "/usr/bin/base32", "/usr/bin/base64", "/usr/bin/basename", "/usr/bin/chcon", "/usr/bin/cksum", "/usr/bin/comm", "/usr/bin/csplit", "/usr/bin/cut", "/usr/bin/dircolors", "/usr/bin/dirname", "/usr/bin/du", "/usr/bin/env", "/usr/bin/expand", "/usr/bin/expr", "/usr/bin/factor", "/usr/bin/fmt", "/usr/bin/fold", "/usr/bin/groups", "/usr/bin/head", "/usr/bin/hostid", "/usr/bin/id", "/usr/bin/install", "/usr/bin/join", "/usr/bin/link", "/usr/bin/logname", "/usr/bin/md5sum", "/usr/bin/mkfifo", "/usr/bin/nice", "/usr/bin/nl", "/usr/bin/nohup", "/usr/bin/nproc", "/usr/bin/numfmt", "/usr/bin/od", "/usr/bin/paste", "/usr/bin/pathchk", "/usr/bin/pinky", "/usr/bin/pr", "/usr/bin/printenv", "/usr/bin/printf", "/usr/bin/ptx", "/usr/bin/realpath", "/usr/bin/runcon", "/usr/bin/seq", "/usr/bin/sha1sum", "/usr/bin/sha224sum", "/usr/bin/sha256sum", "/usr/bin/sha384sum", "/usr/bin/sha512sum", "/usr/bin/shred", "/usr/bin/shuf", "/usr/bin/sort", "/usr/bin/split", "/usr/bin/stat", "/usr/bin/stdbuf", "/usr/bin/sum", "/usr/bin/tac", "/usr/bin/tail", "/usr/bin/tee", "/usr/bin/test", "/usr/bin/timeout", "/usr/bin/tr", "/usr/bin/truncate", "/usr/bin/tsort", "/usr/bin/tty", "/usr/bin/unexpand", "/usr/bin/uniq", "/usr/bin/unlink", "/usr/bin/users", "/usr/bin/wc", "/usr/bin/who", "/usr/bin/whoami", "/usr/bin/yes", "/usr/lib/x86_64-linux-gnu/coreutils/libstdbuf.so", "/usr/sbin/chroot", "/usr/share/doc/coreutils/AUTHORS", "/usr/share/doc/coreutils/NEWS.Debian.gz", "/usr/share/doc/coreutils/NEWS.gz", "/usr/share/doc/coreutils/README.Debian", "/usr/share/doc/coreutils/README.gz", "/usr/share/doc/coreutils/THANKS.gz", "/usr/share/doc/coreutils/TODO.gz", "/usr/share/doc/coreutils/changelog.Debian.gz", "/usr/share/doc/coreutils/copyright", "/usr/share/info/coreutils.info.gz", "/usr/share/man/man1/arch.1.gz", "/usr/share/man/man1/b2sum.1.gz", "/usr/share/man/man1/base32.1.gz", "/usr/share/man/man1/base64.1.gz", "/usr/share/man/man1/basename.1.gz", "/usr/share/man/man1/cat.1.gz", "/usr/share/man/man1/chcon.1.gz", "/usr/share/man/man1/chgrp.1.gz", "/usr/share/man/man1/chmod.1.gz", "/usr/share/man/man1/chown.1.gz", "/usr/share/man/man1/cksum.1.gz", "/usr/share/man/man1/comm.1.gz", "/usr/share/man/man1/cp.1.gz", "/usr/share/man/man1/csplit.1.gz", "/usr/share/man/man1/cut.1.gz", "/usr/share/man/man1/date.1.gz", "/usr/share/man/man1/dd.1.gz", "/usr/share/man/man1/df.1.gz", "/usr/share/man/man1/dir.1.gz", "/usr/share/man/man1/dircolors.1.gz", "/usr/share/man/man1/dirname.1.gz", "/usr/share/man/man1/du.1.gz", "/usr/share/man/man1/echo.1.gz", "/usr/share/man/man1/env.1.gz", "/usr/share/man/man1/expand.1.gz", "/usr/share/man/man1/expr.1.gz", "/usr/share/man/man1/factor.1.gz", "/usr/share/man/man1/false.1.gz", "/usr/share/man/man1/fmt.1.gz", "/usr/share/man/man1/fold.1.gz", "/usr/share/man/man1/groups.1.gz", "/usr/share/man/man1/head.1.gz", "/usr/share/man/man1/hostid.1.gz", "/usr/share/man/man1/id.1.gz", "/usr/share/man/man1/install.1.gz", "/usr/share/man/man1/join.1.gz", "/usr/share/man/man1/link.1.gz", "/usr/share/man/man1/ln.1.gz", "/usr/share/man/man1/logname.1.gz", "/usr/share/man/man1/ls.1.gz", "/usr/share/man/man1/md5sum.1.gz", "/usr/share/man/man1/mkdir.1.gz", "/usr/share/man/man1/mkfifo.1.gz", "/usr/share/man/man1/mknod.1.gz", "/usr/share/man/man1/mktemp.1.gz", "/usr/share/man/man1/mv.1.gz", "/usr/share/man/man1/nice.1.gz", "/usr/share/man/man1/nl.1.gz", "/usr/share/man/man1/nohup.1.gz", "/usr/share/man/man1/nproc.1.gz", "/usr/share/man/man1/numfmt.1.gz", "/usr/share/man/man1/od.1.gz", "/usr/share/man/man1/paste.1.gz", "/usr/share/man/man1/pathchk.1.gz", "/usr/share/man/man1/pinky.1.gz", "/usr/share/man/man1/pr.1.gz", "/usr/share/man/man1/printenv.1.gz", "/usr/share/man/man1/printf.1.gz", "/usr/share/man/man1/ptx.1.gz", "/usr/share/man/man1/pwd.1.gz", "/usr/share/man/man1/readlink.1.gz", "/usr/share/man/man1/realpath.1.gz", "/usr/share/man/man1/rm.1.gz", "/usr/share/man/man1/rmdir.1.gz", "/usr/share/man/man1/runcon.1.gz", "/usr/share/man/man1/seq.1.gz", "/usr/share/man/man1/sha1sum.1.gz", "/usr/share/man/man1/sha224sum.1.gz", "/usr/share/man/man1/sha256sum.1.gz", "/usr/share/man/man1/sha384sum.1.gz", "/usr/share/man/man1/sha512sum.1.gz", "/usr/share/man/man1/shred.1.gz", "/usr/share/man/man1/shuf.1.gz", "/usr/share/man/man1/sleep.1.gz", "/usr/share/man/man1/sort.1.gz", "/usr/share/man/man1/split.1.gz", "/usr/share/man/man1/stat.1.gz", "/usr/share/man/man1/stdbuf.1.gz", "/usr/share/man/man1/stty.1.gz", "/usr/share/man/man1/sum.1.gz", "/usr/share/man/man1/sync.1.gz", "/usr/share/man/man1/tac.1.gz", "/usr/share/man/man1/tail.1.gz", "/usr/share/man/man1/tee.1.gz", "/usr/share/man/man1/test.1.gz", "/usr/share/man/man1/timeout.1.gz", "/usr/share/man/man1/touch.1.gz", "/usr/share/man/man1/tr.1.gz", "/usr/share/man/man1/true.1.gz", "/usr/share/man/man1/truncate.1.gz", "/usr/share/man/man1/tsort.1.gz", "/usr/share/man/man1/tty.1.gz", "/usr/share/man/man1/uname.1.gz", "/usr/share/man/man1/unexpand.1.gz", "/usr/share/man/man1/uniq.1.gz", "/usr/share/man/man1/unlink.1.gz", "/usr/share/man/man1/users.1.gz", "/usr/share/man/man1/vdir.1.gz", "/usr/share/man/man1/wc.1.gz", "/usr/share/man/man1/who.1.gz", "/usr/share/man/man1/whoami.1.gz", "/usr/share/man/man1/yes.1.gz", "/usr/share/man/man8/chroot.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "dash@0.5.10.2-6", "Name": "dash", "Identifier": { "PURL": "pkg:deb/ubuntu/dash@0.5.10.2-6?arch=amd64\u0026distro=ubuntu-20.04", "UID": "339907d4c6dfa92b" }, "Version": "0.5.10.2", "Release": "6", "Arch": "amd64", "SrcName": "dash", "SrcVersion": "0.5.10.2", "SrcRelease": "6", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debconf@1.5.73", "debianutils@4.9.1", "dpkg@1.19.7ubuntu3.2" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/bin/dash", "/usr/share/doc/dash/NEWS.Debian.gz", "/usr/share/doc/dash/README.Debian.diet", "/usr/share/doc/dash/README.source", "/usr/share/doc/dash/changelog.Debian.gz", "/usr/share/doc/dash/copyright", "/usr/share/lintian/overrides/dash", "/usr/share/man/man1/dash.1.gz", "/usr/share/menu/dash" ], "AnalyzedBy": "dpkg" }, { "ID": "debconf@1.5.73", "Name": "debconf", "Identifier": { "PURL": "pkg:deb/ubuntu/debconf@1.5.73?arch=all\u0026distro=ubuntu-20.04", "UID": "e57d99b341400824" }, "Version": "1.5.73", "Arch": "all", "SrcName": "debconf", "SrcVersion": "1.5.73", "Licenses": [ "BSD-2-Clause" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/bin/debconf", "/usr/bin/debconf-apt-progress", "/usr/bin/debconf-communicate", "/usr/bin/debconf-copydb", "/usr/bin/debconf-escape", "/usr/bin/debconf-set-selections", "/usr/bin/debconf-show", "/usr/sbin/dpkg-preconfigure", "/usr/sbin/dpkg-reconfigure", "/usr/share/bash-completion/completions/debconf", "/usr/share/debconf/confmodule", "/usr/share/debconf/confmodule.sh", "/usr/share/debconf/debconf.conf", "/usr/share/debconf/fix_db.pl", "/usr/share/debconf/frontend", "/usr/share/debconf/transition_db.pl", "/usr/share/doc/debconf/NEWS.Debian.gz", "/usr/share/doc/debconf/README.Debian", "/usr/share/doc/debconf/changelog.gz", "/usr/share/doc/debconf/copyright", "/usr/share/lintian/overrides/debconf", "/usr/share/man/man1/debconf-apt-progress.1.gz", "/usr/share/man/man1/debconf-communicate.1.gz", "/usr/share/man/man1/debconf-copydb.1.gz", "/usr/share/man/man1/debconf-escape.1.gz", "/usr/share/man/man1/debconf-set-selections.1.gz", "/usr/share/man/man1/debconf-show.1.gz", "/usr/share/man/man1/debconf.1.gz", "/usr/share/man/man8/dpkg-preconfigure.8.gz", "/usr/share/man/man8/dpkg-reconfigure.8.gz", "/usr/share/perl5/Debconf/AutoSelect.pm", "/usr/share/perl5/Debconf/Base.pm", "/usr/share/perl5/Debconf/Client/ConfModule.pm", "/usr/share/perl5/Debconf/ConfModule.pm", "/usr/share/perl5/Debconf/Config.pm", "/usr/share/perl5/Debconf/Db.pm", "/usr/share/perl5/Debconf/DbDriver.pm", "/usr/share/perl5/Debconf/DbDriver/Backup.pm", "/usr/share/perl5/Debconf/DbDriver/Cache.pm", "/usr/share/perl5/Debconf/DbDriver/Copy.pm", "/usr/share/perl5/Debconf/DbDriver/Debug.pm", "/usr/share/perl5/Debconf/DbDriver/DirTree.pm", "/usr/share/perl5/Debconf/DbDriver/Directory.pm", "/usr/share/perl5/Debconf/DbDriver/File.pm", "/usr/share/perl5/Debconf/DbDriver/LDAP.pm", "/usr/share/perl5/Debconf/DbDriver/PackageDir.pm", "/usr/share/perl5/Debconf/DbDriver/Pipe.pm", "/usr/share/perl5/Debconf/DbDriver/Stack.pm", "/usr/share/perl5/Debconf/Element.pm", "/usr/share/perl5/Debconf/Element/Dialog/Boolean.pm", "/usr/share/perl5/Debconf/Element/Dialog/Error.pm", "/usr/share/perl5/Debconf/Element/Dialog/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Dialog/Note.pm", "/usr/share/perl5/Debconf/Element/Dialog/Password.pm", "/usr/share/perl5/Debconf/Element/Dialog/Progress.pm", "/usr/share/perl5/Debconf/Element/Dialog/Select.pm", "/usr/share/perl5/Debconf/Element/Dialog/String.pm", "/usr/share/perl5/Debconf/Element/Dialog/Text.pm", "/usr/share/perl5/Debconf/Element/Editor/Boolean.pm", "/usr/share/perl5/Debconf/Element/Editor/Error.pm", "/usr/share/perl5/Debconf/Element/Editor/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Editor/Note.pm", "/usr/share/perl5/Debconf/Element/Editor/Password.pm", "/usr/share/perl5/Debconf/Element/Editor/Progress.pm", "/usr/share/perl5/Debconf/Element/Editor/Select.pm", "/usr/share/perl5/Debconf/Element/Editor/String.pm", "/usr/share/perl5/Debconf/Element/Editor/Text.pm", "/usr/share/perl5/Debconf/Element/Gnome.pm", "/usr/share/perl5/Debconf/Element/Gnome/Boolean.pm", "/usr/share/perl5/Debconf/Element/Gnome/Error.pm", "/usr/share/perl5/Debconf/Element/Gnome/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Gnome/Note.pm", "/usr/share/perl5/Debconf/Element/Gnome/Password.pm", "/usr/share/perl5/Debconf/Element/Gnome/Progress.pm", "/usr/share/perl5/Debconf/Element/Gnome/Select.pm", "/usr/share/perl5/Debconf/Element/Gnome/String.pm", "/usr/share/perl5/Debconf/Element/Gnome/Text.pm", "/usr/share/perl5/Debconf/Element/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Noninteractive.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Boolean.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Error.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Note.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Password.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Progress.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Select.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/String.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Text.pm", "/usr/share/perl5/Debconf/Element/Select.pm", "/usr/share/perl5/Debconf/Element/Teletype/Boolean.pm", "/usr/share/perl5/Debconf/Element/Teletype/Error.pm", "/usr/share/perl5/Debconf/Element/Teletype/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Teletype/Note.pm", "/usr/share/perl5/Debconf/Element/Teletype/Password.pm", "/usr/share/perl5/Debconf/Element/Teletype/Progress.pm", "/usr/share/perl5/Debconf/Element/Teletype/Select.pm", "/usr/share/perl5/Debconf/Element/Teletype/String.pm", "/usr/share/perl5/Debconf/Element/Teletype/Text.pm", "/usr/share/perl5/Debconf/Element/Web/Boolean.pm", "/usr/share/perl5/Debconf/Element/Web/Error.pm", "/usr/share/perl5/Debconf/Element/Web/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Web/Note.pm", "/usr/share/perl5/Debconf/Element/Web/Password.pm", "/usr/share/perl5/Debconf/Element/Web/Progress.pm", "/usr/share/perl5/Debconf/Element/Web/Select.pm", "/usr/share/perl5/Debconf/Element/Web/String.pm", "/usr/share/perl5/Debconf/Element/Web/Text.pm", "/usr/share/perl5/Debconf/Encoding.pm", "/usr/share/perl5/Debconf/Format.pm", "/usr/share/perl5/Debconf/Format/822.pm", "/usr/share/perl5/Debconf/FrontEnd.pm", "/usr/share/perl5/Debconf/FrontEnd/Dialog.pm", "/usr/share/perl5/Debconf/FrontEnd/Editor.pm", "/usr/share/perl5/Debconf/FrontEnd/Gnome.pm", "/usr/share/perl5/Debconf/FrontEnd/Kde.pm", "/usr/share/perl5/Debconf/FrontEnd/Noninteractive.pm", "/usr/share/perl5/Debconf/FrontEnd/Passthrough.pm", "/usr/share/perl5/Debconf/FrontEnd/Readline.pm", "/usr/share/perl5/Debconf/FrontEnd/ScreenSize.pm", "/usr/share/perl5/Debconf/FrontEnd/Teletype.pm", "/usr/share/perl5/Debconf/FrontEnd/Text.pm", "/usr/share/perl5/Debconf/FrontEnd/Web.pm", "/usr/share/perl5/Debconf/Gettext.pm", "/usr/share/perl5/Debconf/Iterator.pm", "/usr/share/perl5/Debconf/Log.pm", "/usr/share/perl5/Debconf/Path.pm", "/usr/share/perl5/Debconf/Priority.pm", "/usr/share/perl5/Debconf/Question.pm", "/usr/share/perl5/Debconf/Template.pm", "/usr/share/perl5/Debconf/Template/Transient.pm", "/usr/share/perl5/Debconf/TmpFile.pm", "/usr/share/perl5/Debian/DebConf/Client/ConfModule.pm", "/usr/share/pixmaps/debian-logo.png" ], "AnalyzedBy": "dpkg" }, { "ID": "debianutils@4.9.1", "Name": "debianutils", "Identifier": { "PURL": "pkg:deb/ubuntu/debianutils@4.9.1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "33c033894c33c0a9" }, "Version": "4.9.1", "Arch": "amd64", "SrcName": "debianutils", "SrcVersion": "4.9.1", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/bin/run-parts", "/bin/tempfile", "/bin/which", "/sbin/installkernel", "/usr/bin/ischroot", "/usr/bin/savelog", "/usr/sbin/add-shell", "/usr/sbin/remove-shell", "/usr/share/debianutils/shells", "/usr/share/doc/debianutils/README.shells.gz", "/usr/share/doc/debianutils/changelog.gz", "/usr/share/doc/debianutils/copyright", "/usr/share/man/de/man1/tempfile.1.gz", "/usr/share/man/de/man1/which.1.gz", "/usr/share/man/de/man8/add-shell.8.gz", "/usr/share/man/de/man8/installkernel.8.gz", "/usr/share/man/de/man8/remove-shell.8.gz", "/usr/share/man/de/man8/run-parts.8.gz", "/usr/share/man/de/man8/savelog.8.gz", "/usr/share/man/es/man1/tempfile.1.gz", "/usr/share/man/es/man1/which.1.gz", "/usr/share/man/es/man8/add-shell.8.gz", "/usr/share/man/es/man8/installkernel.8.gz", "/usr/share/man/es/man8/remove-shell.8.gz", "/usr/share/man/es/man8/run-parts.8.gz", "/usr/share/man/es/man8/savelog.8.gz", "/usr/share/man/fr/man1/tempfile.1.gz", "/usr/share/man/fr/man1/which.1.gz", "/usr/share/man/fr/man8/add-shell.8.gz", "/usr/share/man/fr/man8/installkernel.8.gz", "/usr/share/man/fr/man8/remove-shell.8.gz", "/usr/share/man/fr/man8/run-parts.8.gz", "/usr/share/man/fr/man8/savelog.8.gz", "/usr/share/man/it/man1/tempfile.1.gz", "/usr/share/man/it/man1/which.1.gz", "/usr/share/man/it/man8/add-shell.8.gz", "/usr/share/man/it/man8/installkernel.8.gz", "/usr/share/man/it/man8/remove-shell.8.gz", "/usr/share/man/it/man8/run-parts.8.gz", "/usr/share/man/it/man8/savelog.8.gz", "/usr/share/man/ja/man1/tempfile.1.gz", "/usr/share/man/ja/man1/which.1.gz", "/usr/share/man/ja/man8/add-shell.8.gz", "/usr/share/man/ja/man8/installkernel.8.gz", "/usr/share/man/ja/man8/remove-shell.8.gz", "/usr/share/man/ja/man8/run-parts.8.gz", "/usr/share/man/ja/man8/savelog.8.gz", "/usr/share/man/man1/ischroot.1.gz", "/usr/share/man/man1/tempfile.1.gz", "/usr/share/man/man1/which.1.gz", "/usr/share/man/man8/add-shell.8.gz", "/usr/share/man/man8/installkernel.8.gz", "/usr/share/man/man8/remove-shell.8.gz", "/usr/share/man/man8/run-parts.8.gz", "/usr/share/man/man8/savelog.8.gz", "/usr/share/man/pl/man1/tempfile.1.gz", "/usr/share/man/pl/man1/which.1.gz", "/usr/share/man/pl/man8/add-shell.8.gz", "/usr/share/man/pl/man8/installkernel.8.gz", "/usr/share/man/pl/man8/remove-shell.8.gz", "/usr/share/man/pl/man8/run-parts.8.gz", "/usr/share/man/pl/man8/savelog.8.gz", "/usr/share/man/sl/man1/tempfile.1.gz", "/usr/share/man/sl/man1/which.1.gz", "/usr/share/man/sl/man8/add-shell.8.gz", "/usr/share/man/sl/man8/installkernel.8.gz", "/usr/share/man/sl/man8/remove-shell.8.gz", "/usr/share/man/sl/man8/run-parts.8.gz", "/usr/share/man/sl/man8/savelog.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "diffutils@1:3.7-3", "Name": "diffutils", "Identifier": { "PURL": "pkg:deb/ubuntu/diffutils@3.7-3?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "20a16873c3eab51c" }, "Version": "3.7", "Release": "3", "Epoch": 1, "Arch": "amd64", "SrcName": "diffutils", "SrcVersion": "3.7", "SrcRelease": "3", "SrcEpoch": 1, "Licenses": [ "GPL-2.0-or-later", "GFDL-1.3-or-later" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/bin/cmp", "/usr/bin/diff", "/usr/bin/diff3", "/usr/bin/sdiff", "/usr/share/doc/diffutils/NEWS.gz", "/usr/share/doc/diffutils/changelog.Debian.gz", "/usr/share/doc/diffutils/copyright", "/usr/share/info/diffutils.info.gz", "/usr/share/man/man1/cmp.1.gz", "/usr/share/man/man1/diff.1.gz", "/usr/share/man/man1/diff3.1.gz", "/usr/share/man/man1/sdiff.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "dpkg@1.19.7ubuntu3.2", "Name": "dpkg", "Identifier": { "PURL": "pkg:deb/ubuntu/dpkg@1.19.7ubuntu3.2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "ee837475a82dbbe7" }, "Version": "1.19.7ubuntu3.2", "Arch": "amd64", "SrcName": "dpkg", "SrcVersion": "1.19.7ubuntu3.2", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "BSD-2-Clause", "public-domain-s-s-d", "public-domain-md5" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "tar@1.30+dfsg-7ubuntu0.20.04.3" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/sbin/start-stop-daemon", "/usr/bin/dpkg", "/usr/bin/dpkg-deb", "/usr/bin/dpkg-divert", "/usr/bin/dpkg-maintscript-helper", "/usr/bin/dpkg-query", "/usr/bin/dpkg-split", "/usr/bin/dpkg-statoverride", "/usr/bin/dpkg-trigger", "/usr/bin/update-alternatives", "/usr/share/bug/dpkg", "/usr/share/doc/dpkg/AUTHORS", "/usr/share/doc/dpkg/README.feature-removal-schedule.gz", "/usr/share/doc/dpkg/THANKS.gz", "/usr/share/doc/dpkg/changelog.Debian.gz", "/usr/share/doc/dpkg/copyright", "/usr/share/doc/dpkg/usertags.gz", "/usr/share/dpkg/abitable", "/usr/share/dpkg/cputable", "/usr/share/dpkg/ostable", "/usr/share/dpkg/tupletable", "/usr/share/lintian/overrides/dpkg", "/usr/share/lintian/profiles/dpkg/main.profile", "/usr/share/locale/ast/LC_MESSAGES/dpkg.mo", "/usr/share/locale/bs/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ca/LC_MESSAGES/dpkg.mo", "/usr/share/locale/cs/LC_MESSAGES/dpkg.mo", "/usr/share/locale/da/LC_MESSAGES/dpkg.mo", "/usr/share/locale/de/LC_MESSAGES/dpkg.mo", "/usr/share/locale/dz/LC_MESSAGES/dpkg.mo", "/usr/share/locale/el/LC_MESSAGES/dpkg.mo", "/usr/share/locale/eo/LC_MESSAGES/dpkg.mo", "/usr/share/locale/es/LC_MESSAGES/dpkg.mo", "/usr/share/locale/et/LC_MESSAGES/dpkg.mo", "/usr/share/locale/eu/LC_MESSAGES/dpkg.mo", "/usr/share/locale/fr/LC_MESSAGES/dpkg.mo", "/usr/share/locale/gl/LC_MESSAGES/dpkg.mo", "/usr/share/locale/hu/LC_MESSAGES/dpkg.mo", "/usr/share/locale/id/LC_MESSAGES/dpkg.mo", "/usr/share/locale/it/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ja/LC_MESSAGES/dpkg.mo", "/usr/share/locale/km/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ko/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ku/LC_MESSAGES/dpkg.mo", "/usr/share/locale/lt/LC_MESSAGES/dpkg.mo", "/usr/share/locale/mr/LC_MESSAGES/dpkg.mo", "/usr/share/locale/nb/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ne/LC_MESSAGES/dpkg.mo", "/usr/share/locale/nl/LC_MESSAGES/dpkg.mo", "/usr/share/locale/nn/LC_MESSAGES/dpkg.mo", "/usr/share/locale/pa/LC_MESSAGES/dpkg.mo", "/usr/share/locale/pl/LC_MESSAGES/dpkg.mo", "/usr/share/locale/pt/LC_MESSAGES/dpkg.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ro/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ru/LC_MESSAGES/dpkg.mo", "/usr/share/locale/sk/LC_MESSAGES/dpkg.mo", "/usr/share/locale/sv/LC_MESSAGES/dpkg.mo", "/usr/share/locale/th/LC_MESSAGES/dpkg.mo", "/usr/share/locale/tl/LC_MESSAGES/dpkg.mo", "/usr/share/locale/tr/LC_MESSAGES/dpkg.mo", "/usr/share/locale/vi/LC_MESSAGES/dpkg.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/dpkg.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/dpkg.mo", "/usr/share/man/de/man1/dpkg-deb.1.gz", "/usr/share/man/de/man1/dpkg-divert.1.gz", "/usr/share/man/de/man1/dpkg-maintscript-helper.1.gz", "/usr/share/man/de/man1/dpkg-query.1.gz", "/usr/share/man/de/man1/dpkg-split.1.gz", "/usr/share/man/de/man1/dpkg-statoverride.1.gz", "/usr/share/man/de/man1/dpkg-trigger.1.gz", "/usr/share/man/de/man1/dpkg.1.gz", "/usr/share/man/de/man1/update-alternatives.1.gz", "/usr/share/man/de/man5/dpkg.cfg.5.gz", "/usr/share/man/de/man8/start-stop-daemon.8.gz", "/usr/share/man/es/man1/dpkg-split.1.gz", "/usr/share/man/es/man1/update-alternatives.1.gz", "/usr/share/man/fr/man1/dpkg-deb.1.gz", "/usr/share/man/fr/man1/dpkg-divert.1.gz", "/usr/share/man/fr/man1/dpkg-maintscript-helper.1.gz", "/usr/share/man/fr/man1/dpkg-query.1.gz", "/usr/share/man/fr/man1/dpkg-split.1.gz", "/usr/share/man/fr/man1/dpkg-statoverride.1.gz", "/usr/share/man/fr/man1/dpkg-trigger.1.gz", "/usr/share/man/fr/man1/dpkg.1.gz", "/usr/share/man/fr/man1/update-alternatives.1.gz", "/usr/share/man/fr/man5/dpkg.cfg.5.gz", "/usr/share/man/fr/man8/start-stop-daemon.8.gz", "/usr/share/man/it/man1/dpkg-maintscript-helper.1.gz", "/usr/share/man/it/man1/dpkg-split.1.gz", "/usr/share/man/it/man1/update-alternatives.1.gz", "/usr/share/man/ja/man1/dpkg-split.1.gz", "/usr/share/man/ja/man1/update-alternatives.1.gz", "/usr/share/man/man1/dpkg-deb.1.gz", "/usr/share/man/man1/dpkg-divert.1.gz", "/usr/share/man/man1/dpkg-maintscript-helper.1.gz", "/usr/share/man/man1/dpkg-query.1.gz", "/usr/share/man/man1/dpkg-split.1.gz", "/usr/share/man/man1/dpkg-statoverride.1.gz", "/usr/share/man/man1/dpkg-trigger.1.gz", "/usr/share/man/man1/dpkg.1.gz", "/usr/share/man/man1/update-alternatives.1.gz", "/usr/share/man/man5/dpkg.cfg.5.gz", "/usr/share/man/man8/start-stop-daemon.8.gz", "/usr/share/man/nl/man1/dpkg-deb.1.gz", "/usr/share/man/nl/man1/dpkg-divert.1.gz", "/usr/share/man/nl/man1/dpkg-maintscript-helper.1.gz", "/usr/share/man/nl/man1/dpkg-query.1.gz", "/usr/share/man/nl/man1/dpkg-split.1.gz", "/usr/share/man/nl/man1/dpkg-statoverride.1.gz", "/usr/share/man/nl/man1/dpkg-trigger.1.gz", "/usr/share/man/nl/man1/dpkg.1.gz", "/usr/share/man/nl/man1/update-alternatives.1.gz", "/usr/share/man/nl/man5/dpkg.cfg.5.gz", "/usr/share/man/nl/man8/start-stop-daemon.8.gz", "/usr/share/man/pl/man1/dpkg-split.1.gz", "/usr/share/man/pl/man1/update-alternatives.1.gz", "/usr/share/man/sv/man1/dpkg-maintscript-helper.1.gz", "/usr/share/man/sv/man1/dpkg-split.1.gz", "/usr/share/man/sv/man1/dpkg-trigger.1.gz", "/usr/share/man/sv/man1/update-alternatives.1.gz", "/usr/share/polkit-1/actions/org.dpkg.pkexec.update-alternatives.policy" ], "AnalyzedBy": "dpkg" }, { "ID": "e2fsprogs@1.45.5-2ubuntu1.1", "Name": "e2fsprogs", "Identifier": { "PURL": "pkg:deb/ubuntu/e2fsprogs@1.45.5-2ubuntu1.1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "837d9bdbf71f5a70" }, "Version": "1.45.5", "Release": "2ubuntu1.1", "Arch": "amd64", "SrcName": "e2fsprogs", "SrcVersion": "1.45.5", "SrcRelease": "2ubuntu1.1", "Licenses": [ "GPL-2.0-only", "LGPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "logsave@1.45.5-2ubuntu1.1" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/systemd/system/e2scrub@.service", "/lib/systemd/system/e2scrub_all.service", "/lib/systemd/system/e2scrub_all.timer", "/lib/systemd/system/e2scrub_fail@.service", "/lib/systemd/system/e2scrub_reap.service", "/lib/udev/rules.d/96-e2scrub.rules", "/sbin/badblocks", "/sbin/debugfs", "/sbin/dumpe2fs", "/sbin/e2fsck", "/sbin/e2image", "/sbin/e2scrub", "/sbin/e2scrub_all", "/sbin/e2undo", "/sbin/mke2fs", "/sbin/resize2fs", "/sbin/tune2fs", "/usr/bin/chattr", "/usr/bin/lsattr", "/usr/lib/x86_64-linux-gnu/e2fsprogs/e2scrub_all_cron", "/usr/lib/x86_64-linux-gnu/e2fsprogs/e2scrub_fail", "/usr/sbin/e2freefrag", "/usr/sbin/e4crypt", "/usr/sbin/e4defrag", "/usr/sbin/filefrag", "/usr/sbin/mklost+found", "/usr/share/doc/e2fsprogs/NEWS.gz", "/usr/share/doc/e2fsprogs/README", "/usr/share/doc/e2fsprogs/copyright", "/usr/share/lintian/overrides/e2fsprogs", "/usr/share/man/man1/chattr.1.gz", "/usr/share/man/man1/lsattr.1.gz", "/usr/share/man/man5/e2fsck.conf.5.gz", "/usr/share/man/man5/ext4.5.gz", "/usr/share/man/man5/mke2fs.conf.5.gz", "/usr/share/man/man8/badblocks.8.gz", "/usr/share/man/man8/debugfs.8.gz", "/usr/share/man/man8/dumpe2fs.8.gz", "/usr/share/man/man8/e2freefrag.8.gz", "/usr/share/man/man8/e2fsck.8.gz", "/usr/share/man/man8/e2image.8.gz", "/usr/share/man/man8/e2label.8.gz", "/usr/share/man/man8/e2mmpstatus.8.gz", "/usr/share/man/man8/e2scrub.8.gz", "/usr/share/man/man8/e2scrub_all.8.gz", "/usr/share/man/man8/e2undo.8.gz", "/usr/share/man/man8/e4crypt.8.gz", "/usr/share/man/man8/e4defrag.8.gz", "/usr/share/man/man8/filefrag.8.gz", "/usr/share/man/man8/mke2fs.8.gz", "/usr/share/man/man8/mklost+found.8.gz", "/usr/share/man/man8/resize2fs.8.gz", "/usr/share/man/man8/tune2fs.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "fdisk@2.34-0.1ubuntu9.3", "Name": "fdisk", "Identifier": { "PURL": "pkg:deb/ubuntu/fdisk@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "e93cc0834325a9d6" }, "Version": "2.34", "Release": "0.1ubuntu9.3", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.34", "SrcRelease": "0.1ubuntu9.3", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "public-domain", "BSD-4-Clause", "MIT", "BSD-2-Clause", "BSD-3-Clause", "LGPL-2.0-or-later", "LGPL-2.1-or-later", "GPL-3.0-or-later", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libfdisk1@2.34-0.1ubuntu9.3", "libmount1@2.34-0.1ubuntu9.3", "libncursesw6@6.2-0ubuntu2", "libsmartcols1@2.34-0.1ubuntu9.3", "libtinfo6@6.2-0ubuntu2" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/sbin/cfdisk", "/sbin/fdisk", "/sbin/sfdisk", "/usr/share/bash-completion/completions/cfdisk", "/usr/share/bash-completion/completions/fdisk", "/usr/share/bash-completion/completions/sfdisk", "/usr/share/doc/fdisk/copyright", "/usr/share/man/man8/cfdisk.8.gz", "/usr/share/man/man8/fdisk.8.gz", "/usr/share/man/man8/sfdisk.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "findutils@4.7.0-1ubuntu1", "Name": "findutils", "Identifier": { "PURL": "pkg:deb/ubuntu/findutils@4.7.0-1ubuntu1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "cf6c12ae56df7c0c" }, "Version": "4.7.0", "Release": "1ubuntu1", "Arch": "amd64", "SrcName": "findutils", "SrcVersion": "4.7.0", "SrcRelease": "1ubuntu1", "Licenses": [ "GPL-3.0-only", "GFDL-1.3-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/bin/find", "/usr/bin/xargs", "/usr/share/doc-base/findutils", "/usr/share/doc/findutils/NEWS.Debian.gz", "/usr/share/doc/findutils/NEWS.gz", "/usr/share/doc/findutils/README.gz", "/usr/share/doc/findutils/TODO", "/usr/share/doc/findutils/changelog.Debian.gz", "/usr/share/doc/findutils/copyright", "/usr/share/info/find-maint.info.gz", "/usr/share/info/find.info-1.gz", "/usr/share/info/find.info-2.gz", "/usr/share/info/find.info.gz", "/usr/share/man/man1/find.1.gz", "/usr/share/man/man1/xargs.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "galera-4@26.4.14-ubu2004", "Name": "galera-4", "Identifier": { "PURL": "pkg:deb/ubuntu/galera-4@26.4.14-ubu2004?arch=amd64\u0026distro=ubuntu-20.04", "UID": "75c6738053f429f6" }, "Version": "26.4.14", "Release": "ubu2004", "Arch": "amd64", "SrcName": "galera-4", "SrcVersion": "26.4.14", "SrcRelease": "ubu2004", "Licenses": [ "GPL-2.0-only", "other", "GFDL-1.1-or-later", "CC-BY-SA-3.0", "GFDL-1.2-only" ], "Maintainer": "Codership Oy \u003cinfo@codership.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libgcc-s1@10.3.0-1ubuntu1~20.04", "libssl1.1@1.1.1f-1ubuntu2.17", "libstdc++6@10.3.0-1ubuntu1~20.04" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/lib/libgalera_smm.so", "/usr/share/doc/galera-4/AUTHORS", "/usr/share/doc/galera-4/README.gz", "/usr/share/doc/galera-4/changelog.Debian.gz", "/usr/share/doc/galera-4/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "gawk@1:5.0.1+dfsg-1", "Name": "gawk", "Identifier": { "PURL": "pkg:deb/ubuntu/gawk@5.0.1%2Bdfsg-1?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "e7d9fd5e0ccccae5" }, "Version": "5.0.1+dfsg", "Release": "1", "Epoch": 1, "Arch": "amd64", "SrcName": "gawk", "SrcVersion": "5.0.1+dfsg", "SrcRelease": "1", "SrcEpoch": 1, "Licenses": [ "GPL-3.0-or-later", "GPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/bin/gawk", "/usr/include/gawkapi.h", "/usr/lib/x86_64-linux-gnu/awk/grcat", "/usr/lib/x86_64-linux-gnu/awk/pwcat", "/usr/lib/x86_64-linux-gnu/gawk/filefuncs.so", "/usr/lib/x86_64-linux-gnu/gawk/fnmatch.so", "/usr/lib/x86_64-linux-gnu/gawk/fork.so", "/usr/lib/x86_64-linux-gnu/gawk/inplace.so", "/usr/lib/x86_64-linux-gnu/gawk/intdiv.so", "/usr/lib/x86_64-linux-gnu/gawk/ordchr.so", "/usr/lib/x86_64-linux-gnu/gawk/readdir.so", "/usr/lib/x86_64-linux-gnu/gawk/readfile.so", "/usr/lib/x86_64-linux-gnu/gawk/revoutput.so", "/usr/lib/x86_64-linux-gnu/gawk/revtwoway.so", "/usr/lib/x86_64-linux-gnu/gawk/rwarray.so", "/usr/lib/x86_64-linux-gnu/gawk/time.so", "/usr/share/awk/assert.awk", "/usr/share/awk/bits2str.awk", "/usr/share/awk/cliff_rand.awk", "/usr/share/awk/ctime.awk", "/usr/share/awk/ftrans.awk", "/usr/share/awk/getopt.awk", "/usr/share/awk/gettime.awk", "/usr/share/awk/group.awk", "/usr/share/awk/have_mpfr.awk", "/usr/share/awk/inplace.awk", "/usr/share/awk/intdiv0.awk", "/usr/share/awk/join.awk", "/usr/share/awk/libintl.awk", "/usr/share/awk/noassign.awk", "/usr/share/awk/ns_passwd.awk", "/usr/share/awk/ord.awk", "/usr/share/awk/passwd.awk", "/usr/share/awk/processarray.awk", "/usr/share/awk/quicksort.awk", "/usr/share/awk/readable.awk", "/usr/share/awk/readfile.awk", "/usr/share/awk/rewind.awk", "/usr/share/awk/round.awk", "/usr/share/awk/shellquote.awk", "/usr/share/awk/strtonum.awk", "/usr/share/awk/walkarray.awk", "/usr/share/awk/zerofile.awk", "/usr/share/doc/gawk/AUTHORS", "/usr/share/doc/gawk/NEWS.gz", "/usr/share/doc/gawk/POSIX.STD", "/usr/share/doc/gawk/README", "/usr/share/doc/gawk/changelog.Debian.gz", "/usr/share/doc/gawk/copyright", "/usr/share/doc/gawk/examples/data/class_data1", "/usr/share/doc/gawk/examples/data/class_data2", "/usr/share/doc/gawk/examples/data/guide-mellow.po", "/usr/share/doc/gawk/examples/data/guide.po", "/usr/share/doc/gawk/examples/data/inventory-shipped", "/usr/share/doc/gawk/examples/data/mail-list", "/usr/share/doc/gawk/examples/lib/assert.awk", "/usr/share/doc/gawk/examples/lib/bits2str.awk", "/usr/share/doc/gawk/examples/lib/cliff_rand.awk", "/usr/share/doc/gawk/examples/lib/ctime.awk", "/usr/share/doc/gawk/examples/lib/ftrans.awk", "/usr/share/doc/gawk/examples/lib/getopt.awk", "/usr/share/doc/gawk/examples/lib/gettime.awk", "/usr/share/doc/gawk/examples/lib/grcat.c", "/usr/share/doc/gawk/examples/lib/groupawk.in", "/usr/share/doc/gawk/examples/lib/have_mpfr.awk", "/usr/share/doc/gawk/examples/lib/inplace.awk", "/usr/share/doc/gawk/examples/lib/intdiv0.awk", "/usr/share/doc/gawk/examples/lib/join.awk", "/usr/share/doc/gawk/examples/lib/libintl.awk", "/usr/share/doc/gawk/examples/lib/noassign.awk", "/usr/share/doc/gawk/examples/lib/ns_passwd.awk", "/usr/share/doc/gawk/examples/lib/ord.awk", "/usr/share/doc/gawk/examples/lib/passwdawk.in", "/usr/share/doc/gawk/examples/lib/processarray.awk", "/usr/share/doc/gawk/examples/lib/pwcat.c", "/usr/share/doc/gawk/examples/lib/quicksort.awk", "/usr/share/doc/gawk/examples/lib/readable.awk", "/usr/share/doc/gawk/examples/lib/readfile.awk", "/usr/share/doc/gawk/examples/lib/rewind.awk", "/usr/share/doc/gawk/examples/lib/round.awk", "/usr/share/doc/gawk/examples/lib/shellquote.awk", "/usr/share/doc/gawk/examples/lib/strtonum.awk", "/usr/share/doc/gawk/examples/lib/walkarray.awk", "/usr/share/doc/gawk/examples/lib/zerofile.awk", "/usr/share/doc/gawk/examples/misc/addresses.csv", "/usr/share/doc/gawk/examples/misc/arraymax.awk", "/usr/share/doc/gawk/examples/misc/arraymax.data", "/usr/share/doc/gawk/examples/misc/findpat.awk", "/usr/share/doc/gawk/examples/misc/findpat.data", "/usr/share/doc/gawk/examples/misc/simple-csv.awk", "/usr/share/doc/gawk/examples/network/PostAgent.sh", "/usr/share/doc/gawk/examples/network/coreserv.awk", "/usr/share/doc/gawk/examples/network/eliza.awk", "/usr/share/doc/gawk/examples/network/fingerclient.awk", "/usr/share/doc/gawk/examples/network/geturl.awk", "/usr/share/doc/gawk/examples/network/hello-serv.awk", "/usr/share/doc/gawk/examples/network/maze.awk", "/usr/share/doc/gawk/examples/network/mobag.awk", "/usr/share/doc/gawk/examples/network/panic.awk", "/usr/share/doc/gawk/examples/network/protbase.awk", "/usr/share/doc/gawk/examples/network/protbase.request", "/usr/share/doc/gawk/examples/network/protbase.result", "/usr/share/doc/gawk/examples/network/remconf.awk", "/usr/share/doc/gawk/examples/network/statist.awk", "/usr/share/doc/gawk/examples/network/stoxdata.txt", "/usr/share/doc/gawk/examples/network/stoxpred.awk", "/usr/share/doc/gawk/examples/network/testserv.awk", "/usr/share/doc/gawk/examples/network/urlchk.awk", "/usr/share/doc/gawk/examples/network/webgrab.awk", "/usr/share/doc/gawk/examples/prog/alarm.awk", "/usr/share/doc/gawk/examples/prog/anagram.awk", "/usr/share/doc/gawk/examples/prog/awksed.awk", "/usr/share/doc/gawk/examples/prog/cut.awk", "/usr/share/doc/gawk/examples/prog/dupword.awk", "/usr/share/doc/gawk/examples/prog/egrep.awk", "/usr/share/doc/gawk/examples/prog/extract.awk", "/usr/share/doc/gawk/examples/prog/guide.awk", "/usr/share/doc/gawk/examples/prog/histsort.awk", "/usr/share/doc/gawk/examples/prog/id.awk", "/usr/share/doc/gawk/examples/prog/igawk.sh", "/usr/share/doc/gawk/examples/prog/indirectcall.awk", "/usr/share/doc/gawk/examples/prog/labels.awk", "/usr/share/doc/gawk/examples/prog/pi.awk", "/usr/share/doc/gawk/examples/prog/split.awk", "/usr/share/doc/gawk/examples/prog/tee.awk", "/usr/share/doc/gawk/examples/prog/testbits.awk", "/usr/share/doc/gawk/examples/prog/translate.awk", "/usr/share/doc/gawk/examples/prog/uniq.awk", "/usr/share/doc/gawk/examples/prog/wc.awk", "/usr/share/doc/gawk/examples/prog/wordfreq.awk", "/usr/share/man/man1/gawk.1.gz", "/usr/share/man/man3/filefuncs.3am.gz", "/usr/share/man/man3/fnmatch.3am.gz", "/usr/share/man/man3/fork.3am.gz", "/usr/share/man/man3/inplace.3am.gz", "/usr/share/man/man3/ordchr.3am.gz", "/usr/share/man/man3/readdir.3am.gz", "/usr/share/man/man3/readfile.3am.gz", "/usr/share/man/man3/revoutput.3am.gz", "/usr/share/man/man3/revtwoway.3am.gz", "/usr/share/man/man3/rwarray.3am.gz", "/usr/share/man/man3/time.3am.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "gcc-10-base@10.3.0-1ubuntu1~20.04", "Name": "gcc-10-base", "Identifier": { "PURL": "pkg:deb/ubuntu/gcc-10-base@10.3.0-1ubuntu1~20.04?arch=amd64\u0026distro=ubuntu-20.04", "UID": "df235c8a65403143" }, "Version": "10.3.0", "Release": "1ubuntu1~20.04", "Arch": "amd64", "SrcName": "gcc-10", "SrcVersion": "10.3.0", "SrcRelease": "1ubuntu1~20.04", "Licenses": [ "GPL-2.0-or-later", "GPL-3.0-only", "GFDL-1.2-only", "GPL-2.0-only", "Artistic-2.0", "LGPL-2.0-or-later" ], "Maintainer": "Ubuntu Core developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/share/doc/gcc-10-base/README.Debian.amd64.gz", "/usr/share/doc/gcc-10-base/TODO.Debian", "/usr/share/doc/gcc-10-base/changelog.Debian.gz", "/usr/share/doc/gcc-10-base/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "gpg@2.2.19-3ubuntu2.2", "Name": "gpg", "Identifier": { "PURL": "pkg:deb/ubuntu/gpg@2.2.19-3ubuntu2.2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "c3f3b0f55f5d5301" }, "Version": "2.2.19", "Release": "3ubuntu2.2", "Arch": "amd64", "SrcName": "gnupg2", "SrcVersion": "2.2.19", "SrcRelease": "3ubuntu2.2", "Licenses": [ "GPL-3.0-or-later", "permissive", "LGPL-2.1-or-later", "MIT", "BSD-3-Clause", "LGPL-3.0-or-later", "RFC-Reference", "TinySCHEME", "CC0-1.0", "GPL-3.0-only", "LGPL-3.0-only", "LGPL-2.1-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "gpgconf@2.2.19-3ubuntu2.2", "libassuan0@2.5.3-7ubuntu2", "libbz2-1.0@1.0.8-2", "libc6@2.31-0ubuntu9.9", "libgcrypt20@1.8.5-5ubuntu1.1", "libgpg-error0@1.37-1", "libreadline8@8.0-4", "libsqlite3-0@3.31.1-4ubuntu0.5", "zlib1g@1:1.2.11.dfsg-2ubuntu1.5" ], "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "InstalledFiles": [ "/usr/bin/gpg", "/usr/share/doc/gpg/copyright", "/usr/share/man/man1/gpg.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "gpgconf@2.2.19-3ubuntu2.2", "Name": "gpgconf", "Identifier": { "PURL": "pkg:deb/ubuntu/gpgconf@2.2.19-3ubuntu2.2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "fc417bd7bd03106c" }, "Version": "2.2.19", "Release": "3ubuntu2.2", "Arch": "amd64", "SrcName": "gnupg2", "SrcVersion": "2.2.19", "SrcRelease": "3ubuntu2.2", "Licenses": [ "GPL-3.0-or-later", "permissive", "LGPL-2.1-or-later", "MIT", "BSD-3-Clause", "LGPL-3.0-or-later", "RFC-Reference", "TinySCHEME", "CC0-1.0", "GPL-3.0-only", "LGPL-3.0-only", "LGPL-2.1-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libassuan0@2.5.3-7ubuntu2", "libc6@2.31-0ubuntu9.9", "libgcrypt20@1.8.5-5ubuntu1.1", "libgpg-error0@1.37-1", "libreadline8@8.0-4" ], "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "InstalledFiles": [ "/usr/bin/gpg-connect-agent", "/usr/bin/gpgconf", "/usr/share/doc/gpgconf/NEWS.Debian.gz", "/usr/share/doc/gpgconf/changelog.Debian.gz", "/usr/share/doc/gpgconf/copyright", "/usr/share/doc/gpgconf/examples/gpgconf.conf", "/usr/share/gnupg/distsigkey.gpg", "/usr/share/man/man1/gpg-connect-agent.1.gz", "/usr/share/man/man1/gpgconf.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "gpgv@2.2.19-3ubuntu2.2", "Name": "gpgv", "Identifier": { "PURL": "pkg:deb/ubuntu/gpgv@2.2.19-3ubuntu2.2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "94c47271b8f35208" }, "Version": "2.2.19", "Release": "3ubuntu2.2", "Arch": "amd64", "SrcName": "gnupg2", "SrcVersion": "2.2.19", "SrcRelease": "3ubuntu2.2", "Licenses": [ "GPL-3.0-or-later", "permissive", "LGPL-2.1-or-later", "MIT", "BSD-3-Clause", "LGPL-3.0-or-later", "RFC-Reference", "TinySCHEME", "CC0-1.0", "GPL-3.0-only", "LGPL-3.0-only", "LGPL-2.1-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libbz2-1.0@1.0.8-2", "libc6@2.31-0ubuntu9.9", "libgcrypt20@1.8.5-5ubuntu1.1", "libgpg-error0@1.37-1", "zlib1g@1:1.2.11.dfsg-2ubuntu1.5" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/bin/gpgv", "/usr/share/doc/gpgv/NEWS.Debian.gz", "/usr/share/doc/gpgv/changelog.Debian.gz", "/usr/share/doc/gpgv/copyright", "/usr/share/man/man1/gpgv.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "grep@3.4-1", "Name": "grep", "Identifier": { "PURL": "pkg:deb/ubuntu/grep@3.4-1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "7a64eb88e96b3c53" }, "Version": "3.4", "Release": "1", "Arch": "amd64", "SrcName": "grep", "SrcVersion": "3.4", "SrcRelease": "1", "Licenses": [ "GPL-3.0-or-later", "GPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "dpkg@1.19.7ubuntu3.2" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/bin/egrep", "/bin/fgrep", "/bin/grep", "/usr/bin/rgrep", "/usr/share/doc/grep/AUTHORS", "/usr/share/doc/grep/NEWS.gz", "/usr/share/doc/grep/README", "/usr/share/doc/grep/THANKS.gz", "/usr/share/doc/grep/TODO.gz", "/usr/share/doc/grep/changelog.Debian.gz", "/usr/share/doc/grep/copyright", "/usr/share/info/grep.info.gz", "/usr/share/man/man1/grep.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "gzip@1.10-0ubuntu4.1", "Name": "gzip", "Identifier": { "PURL": "pkg:deb/ubuntu/gzip@1.10-0ubuntu4.1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "e900beb6c8058551" }, "Version": "1.10", "Release": "0ubuntu4.1", "Arch": "amd64", "SrcName": "gzip", "SrcVersion": "1.10", "SrcRelease": "0ubuntu4.1", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "dpkg@1.19.7ubuntu3.2" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/bin/gunzip", "/bin/gzexe", "/bin/gzip", "/bin/uncompress", "/bin/zcat", "/bin/zcmp", "/bin/zdiff", "/bin/zegrep", "/bin/zfgrep", "/bin/zforce", "/bin/zgrep", "/bin/zless", "/bin/zmore", "/bin/znew", "/usr/share/doc/gzip/NEWS.gz", "/usr/share/doc/gzip/README.gz", "/usr/share/doc/gzip/TODO", "/usr/share/doc/gzip/changelog.Debian.gz", "/usr/share/doc/gzip/copyright", "/usr/share/info/gzip.info.gz", "/usr/share/man/man1/gzexe.1.gz", "/usr/share/man/man1/gzip.1.gz", "/usr/share/man/man1/zdiff.1.gz", "/usr/share/man/man1/zforce.1.gz", "/usr/share/man/man1/zgrep.1.gz", "/usr/share/man/man1/zless.1.gz", "/usr/share/man/man1/zmore.1.gz", "/usr/share/man/man1/znew.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "hostname@3.23", "Name": "hostname", "Identifier": { "PURL": "pkg:deb/ubuntu/hostname@3.23?arch=amd64\u0026distro=ubuntu-20.04", "UID": "293246be199a9132" }, "Version": "3.23", "Arch": "amd64", "SrcName": "hostname", "SrcVersion": "3.23", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/bin/hostname", "/usr/share/doc/hostname/changelog.gz", "/usr/share/doc/hostname/copyright", "/usr/share/man/man1/hostname.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "init-system-helpers@1.57", "Name": "init-system-helpers", "Identifier": { "PURL": "pkg:deb/ubuntu/init-system-helpers@1.57?arch=all\u0026distro=ubuntu-20.04", "UID": "f62a7ab2bd759edf" }, "Version": "1.57", "Arch": "all", "SrcName": "init-system-helpers", "SrcVersion": "1.57", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "perl-base@5.30.0-9ubuntu0.3" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/bin/deb-systemd-helper", "/usr/bin/deb-systemd-invoke", "/usr/sbin/invoke-rc.d", "/usr/sbin/service", "/usr/sbin/update-rc.d", "/usr/share/bug/init-system-helpers/control", "/usr/share/doc/init-system-helpers/README.invoke-rc.d.gz", "/usr/share/doc/init-system-helpers/README.policy-rc.d.gz", "/usr/share/doc/init-system-helpers/changelog.gz", "/usr/share/doc/init-system-helpers/copyright", "/usr/share/lintian/overrides/init-system-helpers", "/usr/share/man/man1/deb-systemd-helper.1p.gz", "/usr/share/man/man1/deb-systemd-invoke.1p.gz", "/usr/share/man/man8/invoke-rc.d.8.gz", "/usr/share/man/man8/service.8.gz", "/usr/share/man/man8/update-rc.d.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "iproute2@5.5.0-1ubuntu1", "Name": "iproute2", "Identifier": { "PURL": "pkg:deb/ubuntu/iproute2@5.5.0-1ubuntu1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "8bf7bfdbafc1af2e" }, "Version": "5.5.0", "Release": "1ubuntu1", "Arch": "amd64", "SrcName": "iproute2", "SrcVersion": "5.5.0", "SrcRelease": "1ubuntu1", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debconf@1.5.73", "libbsd0@0.10.0-1", "libc6@2.31-0ubuntu9.9", "libcap2-bin@1:2.32-1", "libcap2@1:2.32-1", "libdb5.3@5.3.28+dfsg1-0.6ubuntu2", "libelf1@0.176-1.1build1", "libmnl0@1.0.4-2", "libselinux1@3.0-1build2", "libxtables12@1.8.4-3ubuntu2" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/bin/ip", "/bin/ss", "/sbin/bridge", "/sbin/devlink", "/sbin/rtacct", "/sbin/rtmon", "/sbin/tc", "/sbin/tipc", "/usr/bin/lnstat", "/usr/bin/nstat", "/usr/bin/rdma", "/usr/bin/routef", "/usr/bin/routel", "/usr/include/iproute2/bpf_elf.h", "/usr/lib/tc/experimental.dist", "/usr/lib/tc/m_xt.so", "/usr/lib/tc/normal.dist", "/usr/lib/tc/pareto.dist", "/usr/lib/tc/paretonormal.dist", "/usr/lib/tc/q_atm.so", "/usr/sbin/arpd", "/usr/sbin/genl", "/usr/share/bash-completion/completions/tc", "/usr/share/doc/iproute2/README.Debian", "/usr/share/doc/iproute2/changelog.Debian.gz", "/usr/share/doc/iproute2/copyright", "/usr/share/man/man3/libnetlink.3.gz", "/usr/share/man/man7/tc-hfsc.7.gz", "/usr/share/man/man8/arpd.8.gz", "/usr/share/man/man8/bridge.8.gz", "/usr/share/man/man8/devlink-dev.8.gz", "/usr/share/man/man8/devlink-health.8.gz", "/usr/share/man/man8/devlink-monitor.8.gz", "/usr/share/man/man8/devlink-port.8.gz", "/usr/share/man/man8/devlink-region.8.gz", "/usr/share/man/man8/devlink-resource.8.gz", "/usr/share/man/man8/devlink-sb.8.gz", "/usr/share/man/man8/devlink-trap.8.gz", "/usr/share/man/man8/devlink.8.gz", "/usr/share/man/man8/genl.8.gz", "/usr/share/man/man8/ifcfg.8.gz", "/usr/share/man/man8/ip-address.8.gz", "/usr/share/man/man8/ip-addrlabel.8.gz", "/usr/share/man/man8/ip-fou.8.gz", "/usr/share/man/man8/ip-l2tp.8.gz", "/usr/share/man/man8/ip-link.8.gz", "/usr/share/man/man8/ip-macsec.8.gz", "/usr/share/man/man8/ip-maddress.8.gz", "/usr/share/man/man8/ip-monitor.8.gz", "/usr/share/man/man8/ip-mroute.8.gz", "/usr/share/man/man8/ip-neighbour.8.gz", "/usr/share/man/man8/ip-netconf.8.gz", "/usr/share/man/man8/ip-netns.8.gz", "/usr/share/man/man8/ip-nexthop.8.gz", "/usr/share/man/man8/ip-ntable.8.gz", "/usr/share/man/man8/ip-route.8.gz", "/usr/share/man/man8/ip-rule.8.gz", "/usr/share/man/man8/ip-sr.8.gz", "/usr/share/man/man8/ip-tcp_metrics.8.gz", "/usr/share/man/man8/ip-token.8.gz", "/usr/share/man/man8/ip-tunnel.8.gz", "/usr/share/man/man8/ip-vrf.8.gz", "/usr/share/man/man8/ip-xfrm.8.gz", "/usr/share/man/man8/ip.8.gz", "/usr/share/man/man8/lnstat.8.gz", "/usr/share/man/man8/rdma-dev.8.gz", "/usr/share/man/man8/rdma-link.8.gz", "/usr/share/man/man8/rdma-resource.8.gz", "/usr/share/man/man8/rdma-statistic.8.gz", "/usr/share/man/man8/rdma-system.8.gz", "/usr/share/man/man8/rdma.8.gz", "/usr/share/man/man8/routel.8.gz", "/usr/share/man/man8/rtacct.8.gz", "/usr/share/man/man8/rtmon.8.gz", "/usr/share/man/man8/rtpr.8.gz", "/usr/share/man/man8/ss.8.gz", "/usr/share/man/man8/tc-actions.8.gz", "/usr/share/man/man8/tc-basic.8.gz", "/usr/share/man/man8/tc-bfifo.8.gz", "/usr/share/man/man8/tc-bpf.8.gz", "/usr/share/man/man8/tc-cake.8.gz", "/usr/share/man/man8/tc-cbq-details.8.gz", "/usr/share/man/man8/tc-cbq.8.gz", "/usr/share/man/man8/tc-cbs.8.gz", "/usr/share/man/man8/tc-cgroup.8.gz", "/usr/share/man/man8/tc-choke.8.gz", "/usr/share/man/man8/tc-codel.8.gz", "/usr/share/man/man8/tc-connmark.8.gz", "/usr/share/man/man8/tc-csum.8.gz", "/usr/share/man/man8/tc-ctinfo.8.gz", "/usr/share/man/man8/tc-drr.8.gz", "/usr/share/man/man8/tc-ematch.8.gz", "/usr/share/man/man8/tc-etf.8.gz", "/usr/share/man/man8/tc-flow.8.gz", "/usr/share/man/man8/tc-flower.8.gz", "/usr/share/man/man8/tc-fq.8.gz", "/usr/share/man/man8/tc-fq_codel.8.gz", "/usr/share/man/man8/tc-fw.8.gz", "/usr/share/man/man8/tc-hfsc.8.gz", "/usr/share/man/man8/tc-htb.8.gz", "/usr/share/man/man8/tc-ife.8.gz", "/usr/share/man/man8/tc-matchall.8.gz", "/usr/share/man/man8/tc-mirred.8.gz", "/usr/share/man/man8/tc-mpls.8.gz", "/usr/share/man/man8/tc-mqprio.8.gz", "/usr/share/man/man8/tc-nat.8.gz", "/usr/share/man/man8/tc-netem.8.gz", "/usr/share/man/man8/tc-pedit.8.gz", "/usr/share/man/man8/tc-pfifo_fast.8.gz", "/usr/share/man/man8/tc-pie.8.gz", "/usr/share/man/man8/tc-police.8.gz", "/usr/share/man/man8/tc-prio.8.gz", "/usr/share/man/man8/tc-red.8.gz", "/usr/share/man/man8/tc-route.8.gz", "/usr/share/man/man8/tc-sample.8.gz", "/usr/share/man/man8/tc-sfb.8.gz", "/usr/share/man/man8/tc-sfq.8.gz", "/usr/share/man/man8/tc-simple.8.gz", "/usr/share/man/man8/tc-skbedit.8.gz", "/usr/share/man/man8/tc-skbmod.8.gz", "/usr/share/man/man8/tc-skbprio.8.gz", "/usr/share/man/man8/tc-stab.8.gz", "/usr/share/man/man8/tc-taprio.8.gz", "/usr/share/man/man8/tc-tbf.8.gz", "/usr/share/man/man8/tc-tcindex.8.gz", "/usr/share/man/man8/tc-tunnel_key.8.gz", "/usr/share/man/man8/tc-u32.8.gz", "/usr/share/man/man8/tc-vlan.8.gz", "/usr/share/man/man8/tc-xt.8.gz", "/usr/share/man/man8/tc.8.gz", "/usr/share/man/man8/tipc-bearer.8.gz", "/usr/share/man/man8/tipc-link.8.gz", "/usr/share/man/man8/tipc-media.8.gz", "/usr/share/man/man8/tipc-nametable.8.gz", "/usr/share/man/man8/tipc-node.8.gz", "/usr/share/man/man8/tipc-peer.8.gz", "/usr/share/man/man8/tipc-socket.8.gz", "/usr/share/man/man8/tipc.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "libacl1@2.2.53-6", "Name": "libacl1", "Identifier": { "PURL": "pkg:deb/ubuntu/libacl1@2.2.53-6?arch=amd64\u0026distro=ubuntu-20.04", "UID": "ec9a773bcdb37f83" }, "Version": "2.2.53", "Release": "6", "Arch": "amd64", "SrcName": "acl", "SrcVersion": "2.2.53", "SrcRelease": "6", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "LGPL-2.0-or-later", "LGPL-2.1-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libacl.so.1.1.2253", "/usr/share/doc/libacl1/changelog.Debian.gz", "/usr/share/doc/libacl1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libaio1@0.3.112-5", "Name": "libaio1", "Identifier": { "PURL": "pkg:deb/ubuntu/libaio1@0.3.112-5?arch=amd64\u0026distro=ubuntu-20.04", "UID": "fbe69978497c82ad" }, "Version": "0.3.112", "Release": "5", "Arch": "amd64", "SrcName": "libaio", "SrcVersion": "0.3.112", "SrcRelease": "5", "Licenses": [ "LGPL-2.1-or-later", "LGPL-2.1-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libaio.so.1.0.1", "/usr/share/doc/libaio1/changelog.Debian.gz", "/usr/share/doc/libaio1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libapt-pkg6.0@2.0.9", "Name": "libapt-pkg6.0", "Identifier": { "PURL": "pkg:deb/ubuntu/libapt-pkg6.0@2.0.9?arch=amd64\u0026distro=ubuntu-20.04", "UID": "dbbcdbf32458636f" }, "Version": "2.0.9", "Arch": "amd64", "SrcName": "apt", "SrcVersion": "2.0.9", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libbz2-1.0@1.0.8-2", "libc6@2.31-0ubuntu9.9", "libgcc-s1@10.3.0-1ubuntu1~20.04", "libgcrypt20@1.8.5-5ubuntu1.1", "liblz4-1@1.9.2-2ubuntu0.20.04.1", "liblzma5@5.2.4-1ubuntu1.1", "libstdc++6@10.3.0-1ubuntu1~20.04", "libsystemd0@245.4-4ubuntu3.21", "libudev1@245.4-4ubuntu3.21", "libzstd1@1.4.4+dfsg-3ubuntu0.1", "zlib1g@1:1.2.11.dfsg-2ubuntu1.5" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libapt-pkg.so.6.0.0", "/usr/share/doc/libapt-pkg6.0/NEWS.Debian.gz", "/usr/share/doc/libapt-pkg6.0/changelog.gz", "/usr/share/doc/libapt-pkg6.0/copyright", "/usr/share/locale/ar/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/ast/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/bg/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/bs/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/ca/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/cs/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/cy/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/da/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/de/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/dz/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/el/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/es/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/eu/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/fi/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/fr/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/gl/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/hu/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/it/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/ja/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/km/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/ko/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/ku/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/lt/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/mr/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/nb/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/ne/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/nl/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/nn/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/pl/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/pt/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/ro/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/ru/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/sk/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/sl/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/sv/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/th/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/tl/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/tr/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/uk/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/vi/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/libapt-pkg6.0.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/libapt-pkg6.0.mo" ], "AnalyzedBy": "dpkg" }, { "ID": "libassuan0@2.5.3-7ubuntu2", "Name": "libassuan0", "Identifier": { "PURL": "pkg:deb/ubuntu/libassuan0@2.5.3-7ubuntu2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "c29dfbde852c14ee" }, "Version": "2.5.3", "Release": "7ubuntu2", "Arch": "amd64", "SrcName": "libassuan", "SrcVersion": "2.5.3", "SrcRelease": "7ubuntu2", "Licenses": [ "LGPL-2.1-or-later", "GAP~FSF", "LGPL-3.0-or-later", "LGPL-3.0-only", "GPL-2+ with libtool exception", "GPL-2.0-only", "GPL-3.0-or-later", "GPL-3.0-only", "GAP", "GPL-2.0-or-later", "LGPL-2.1-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libgpg-error0@1.37-1" ], "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libassuan.so.0.8.3", "/usr/share/doc/libassuan0/changelog.Debian.gz", "/usr/share/doc/libassuan0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libattr1@1:2.4.48-5", "Name": "libattr1", "Identifier": { "PURL": "pkg:deb/ubuntu/libattr1@2.4.48-5?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "9898a89fadd05f28" }, "Version": "2.4.48", "Release": "5", "Epoch": 1, "Arch": "amd64", "SrcName": "attr", "SrcVersion": "2.4.48", "SrcRelease": "5", "SrcEpoch": 1, "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "LGPL-2.0-or-later", "LGPL-2.1-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libattr.so.1.1.2448", "/usr/share/doc/libattr1/changelog.Debian.gz", "/usr/share/doc/libattr1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libaudit-common@1:2.8.5-2ubuntu6", "Name": "libaudit-common", "Identifier": { "PURL": "pkg:deb/ubuntu/libaudit-common@2.8.5-2ubuntu6?arch=all\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "f4ed5d0e78145801" }, "Version": "2.8.5", "Release": "2ubuntu6", "Epoch": 1, "Arch": "all", "SrcName": "audit", "SrcVersion": "2.8.5", "SrcRelease": "2ubuntu6", "SrcEpoch": 1, "Licenses": [ "GPL-2.0-only", "LGPL-2.1-only", "GPL-1.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/share/doc/libaudit-common/changelog.Debian.gz", "/usr/share/doc/libaudit-common/copyright", "/usr/share/man/man5/libaudit.conf.5.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "libaudit1@1:2.8.5-2ubuntu6", "Name": "libaudit1", "Identifier": { "PURL": "pkg:deb/ubuntu/libaudit1@2.8.5-2ubuntu6?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "cf583359012b0cc0" }, "Version": "2.8.5", "Release": "2ubuntu6", "Epoch": 1, "Arch": "amd64", "SrcName": "audit", "SrcVersion": "2.8.5", "SrcRelease": "2ubuntu6", "SrcEpoch": 1, "Licenses": [ "GPL-2.0-only", "LGPL-2.1-only", "GPL-1.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libaudit-common@1:2.8.5-2ubuntu6", "libc6@2.31-0ubuntu9.9", "libcap-ng0@0.7.9-2.1build1" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libaudit.so.1.0.0", "/usr/share/doc/libaudit1/changelog.Debian.gz", "/usr/share/doc/libaudit1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libblkid1@2.34-0.1ubuntu9.3", "Name": "libblkid1", "Identifier": { "PURL": "pkg:deb/ubuntu/libblkid1@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "97537d4ff7af8af0" }, "Version": "2.34", "Release": "0.1ubuntu9.3", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.34", "SrcRelease": "0.1ubuntu9.3", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "public-domain", "BSD-4-Clause", "MIT", "BSD-2-Clause", "BSD-3-Clause", "LGPL-2.0-or-later", "LGPL-2.1-or-later", "GPL-3.0-or-later", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libblkid.so.1.1.0", "/usr/share/doc/libblkid1/changelog.Debian.gz", "/usr/share/doc/libblkid1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libbsd0@0.10.0-1", "Name": "libbsd0", "Identifier": { "PURL": "pkg:deb/ubuntu/libbsd0@0.10.0-1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "a3df79191315c8dc" }, "Version": "0.10.0", "Release": "1", "Arch": "amd64", "SrcName": "libbsd", "SrcVersion": "0.10.0", "SrcRelease": "1", "Licenses": [ "BSD-3-Clause", "BSD-4-clause-Niels-Provos", "BSD-4-clause-Christopher-G-Demetriou", "BSD-3-clause-Regents", "BSD-2-Clause-NetBSD", "BSD-3-clause-author", "BSD-3-clause-John-Birrell", "BSD-5-clause-Peter-Wemm", "BSD-2-Clause", "BSD-2-clause-verbatim", "BSD-2-clause-author", "ISC", "ISC-Original", "MIT", "public-domain-Colin-Plumb", "public-domain", "Beerware" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libbsd.so.0.10.0", "/usr/share/doc/libbsd0/changelog.Debian.gz", "/usr/share/doc/libbsd0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libbz2-1.0@1.0.8-2", "Name": "libbz2-1.0", "Identifier": { "PURL": "pkg:deb/ubuntu/libbz2-1.0@1.0.8-2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "25645d614e464d4" }, "Version": "1.0.8", "Release": "2", "Arch": "amd64", "SrcName": "bzip2", "SrcVersion": "1.0.8", "SrcRelease": "2", "Licenses": [ "BSD-3-Clause", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libbz2.so.1.0.4", "/usr/share/doc/libbz2-1.0/changelog.Debian.gz", "/usr/share/doc/libbz2-1.0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libc-bin@2.31-0ubuntu9.9", "Name": "libc-bin", "Identifier": { "PURL": "pkg:deb/ubuntu/libc-bin@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", "UID": "e0f705ec068d1f26" }, "Version": "2.31", "Release": "0ubuntu9.9", "Arch": "amd64", "SrcName": "glibc", "SrcVersion": "2.31", "SrcRelease": "0ubuntu9.9", "Licenses": [ "LGPL-2.1-only", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/sbin/ldconfig", "/sbin/ldconfig.real", "/usr/bin/catchsegv", "/usr/bin/getconf", "/usr/bin/getent", "/usr/bin/iconv", "/usr/bin/ldd", "/usr/bin/locale", "/usr/bin/localedef", "/usr/bin/pldd", "/usr/bin/tzselect", "/usr/bin/zdump", "/usr/lib/locale/C.UTF-8/LC_ADDRESS", "/usr/lib/locale/C.UTF-8/LC_COLLATE", "/usr/lib/locale/C.UTF-8/LC_CTYPE", "/usr/lib/locale/C.UTF-8/LC_IDENTIFICATION", "/usr/lib/locale/C.UTF-8/LC_MEASUREMENT", "/usr/lib/locale/C.UTF-8/LC_MESSAGES/SYS_LC_MESSAGES", "/usr/lib/locale/C.UTF-8/LC_MONETARY", "/usr/lib/locale/C.UTF-8/LC_NAME", "/usr/lib/locale/C.UTF-8/LC_NUMERIC", "/usr/lib/locale/C.UTF-8/LC_PAPER", "/usr/lib/locale/C.UTF-8/LC_TELEPHONE", "/usr/lib/locale/C.UTF-8/LC_TIME", "/usr/sbin/iconvconfig", "/usr/sbin/zic", "/usr/share/doc/libc-bin/copyright", "/usr/share/libc-bin/nsswitch.conf", "/usr/share/lintian/overrides/libc-bin", "/usr/share/man/man1/catchsegv.1.gz", "/usr/share/man/man1/getconf.1.gz", "/usr/share/man/man1/tzselect.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "libc6@2.31-0ubuntu9.9", "Name": "libc6", "Identifier": { "PURL": "pkg:deb/ubuntu/libc6@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", "UID": "6938ab7eef7e556c" }, "Version": "2.31", "Release": "0ubuntu9.9", "Arch": "amd64", "SrcName": "glibc", "SrcVersion": "2.31", "SrcRelease": "0ubuntu9.9", "Licenses": [ "LGPL-2.1-only", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libcrypt1@1:4.4.10-10ubuntu4", "libgcc-s1@10.3.0-1ubuntu1~20.04" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/ld-2.31.so", "/lib/x86_64-linux-gnu/libBrokenLocale-2.31.so", "/lib/x86_64-linux-gnu/libSegFault.so", "/lib/x86_64-linux-gnu/libanl-2.31.so", "/lib/x86_64-linux-gnu/libc-2.31.so", "/lib/x86_64-linux-gnu/libdl-2.31.so", "/lib/x86_64-linux-gnu/libm-2.31.so", "/lib/x86_64-linux-gnu/libmemusage.so", "/lib/x86_64-linux-gnu/libmvec-2.31.so", "/lib/x86_64-linux-gnu/libnsl-2.31.so", "/lib/x86_64-linux-gnu/libnss_compat-2.31.so", "/lib/x86_64-linux-gnu/libnss_dns-2.31.so", "/lib/x86_64-linux-gnu/libnss_files-2.31.so", "/lib/x86_64-linux-gnu/libnss_hesiod-2.31.so", "/lib/x86_64-linux-gnu/libnss_nis-2.31.so", "/lib/x86_64-linux-gnu/libnss_nisplus-2.31.so", "/lib/x86_64-linux-gnu/libpcprofile.so", "/lib/x86_64-linux-gnu/libpthread-2.31.so", "/lib/x86_64-linux-gnu/libresolv-2.31.so", "/lib/x86_64-linux-gnu/librt-2.31.so", "/lib/x86_64-linux-gnu/libthread_db-1.0.so", "/lib/x86_64-linux-gnu/libutil-2.31.so", "/usr/lib/x86_64-linux-gnu/audit/sotruss-lib.so", "/usr/lib/x86_64-linux-gnu/gconv/ANSI_X3.110.so", "/usr/lib/x86_64-linux-gnu/gconv/ARMSCII-8.so", "/usr/lib/x86_64-linux-gnu/gconv/ASMO_449.so", "/usr/lib/x86_64-linux-gnu/gconv/BIG5.so", "/usr/lib/x86_64-linux-gnu/gconv/BIG5HKSCS.so", "/usr/lib/x86_64-linux-gnu/gconv/BRF.so", "/usr/lib/x86_64-linux-gnu/gconv/CP10007.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1125.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1250.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1251.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1252.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1253.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1254.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1255.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1256.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1257.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1258.so", "/usr/lib/x86_64-linux-gnu/gconv/CP737.so", "/usr/lib/x86_64-linux-gnu/gconv/CP770.so", "/usr/lib/x86_64-linux-gnu/gconv/CP771.so", "/usr/lib/x86_64-linux-gnu/gconv/CP772.so", "/usr/lib/x86_64-linux-gnu/gconv/CP773.so", "/usr/lib/x86_64-linux-gnu/gconv/CP774.so", "/usr/lib/x86_64-linux-gnu/gconv/CP775.so", "/usr/lib/x86_64-linux-gnu/gconv/CP932.so", "/usr/lib/x86_64-linux-gnu/gconv/CSN_369103.so", "/usr/lib/x86_64-linux-gnu/gconv/CWI.so", "/usr/lib/x86_64-linux-gnu/gconv/DEC-MCS.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-AT-DE-A.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-AT-DE.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-CA-FR.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-DK-NO-A.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-DK-NO.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES-A.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES-S.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FI-SE-A.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FI-SE.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FR.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-IS-FRISS.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-IT.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-PT.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-UK.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-US.so", "/usr/lib/x86_64-linux-gnu/gconv/ECMA-CYRILLIC.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-CN.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-JISX0213.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-JP-MS.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-JP.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-KR.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-TW.so", "/usr/lib/x86_64-linux-gnu/gconv/GB18030.so", "/usr/lib/x86_64-linux-gnu/gconv/GBBIG5.so", "/usr/lib/x86_64-linux-gnu/gconv/GBGBK.so", "/usr/lib/x86_64-linux-gnu/gconv/GBK.so", "/usr/lib/x86_64-linux-gnu/gconv/GEORGIAN-ACADEMY.so", "/usr/lib/x86_64-linux-gnu/gconv/GEORGIAN-PS.so", "/usr/lib/x86_64-linux-gnu/gconv/GOST_19768-74.so", "/usr/lib/x86_64-linux-gnu/gconv/GREEK-CCITT.so", "/usr/lib/x86_64-linux-gnu/gconv/GREEK7-OLD.so", "/usr/lib/x86_64-linux-gnu/gconv/GREEK7.so", "/usr/lib/x86_64-linux-gnu/gconv/HP-GREEK8.so", "/usr/lib/x86_64-linux-gnu/gconv/HP-ROMAN8.so", "/usr/lib/x86_64-linux-gnu/gconv/HP-ROMAN9.so", "/usr/lib/x86_64-linux-gnu/gconv/HP-THAI8.so", "/usr/lib/x86_64-linux-gnu/gconv/HP-TURKISH8.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM037.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM038.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1004.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1008.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1008_420.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1025.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1026.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1046.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1047.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1097.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1112.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1122.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1123.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1124.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1129.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1130.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1132.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1133.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1137.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1140.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1141.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1142.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1143.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1144.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1145.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1146.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1147.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1148.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1149.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1153.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1154.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1155.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1156.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1157.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1158.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1160.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1161.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1162.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1163.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1164.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1166.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1167.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM12712.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1364.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1371.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1388.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1390.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1399.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM16804.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM256.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM273.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM274.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM275.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM277.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM278.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM280.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM281.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM284.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM285.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM290.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM297.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM420.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM423.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM424.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM437.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM4517.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM4899.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM4909.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM4971.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM500.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM5347.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM803.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM850.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM851.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM852.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM855.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM856.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM857.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM858.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM860.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM861.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM862.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM863.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM864.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM865.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM866.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM866NAV.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM868.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM869.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM870.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM871.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM874.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM875.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM880.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM891.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM901.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM902.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM903.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM9030.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM904.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM905.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM9066.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM918.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM921.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM922.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM930.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM932.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM933.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM935.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM937.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM939.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM943.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM9448.so", "/usr/lib/x86_64-linux-gnu/gconv/IEC_P27-1.so", "/usr/lib/x86_64-linux-gnu/gconv/INIS-8.so", "/usr/lib/x86_64-linux-gnu/gconv/INIS-CYRILLIC.so", "/usr/lib/x86_64-linux-gnu/gconv/INIS.so", "/usr/lib/x86_64-linux-gnu/gconv/ISIRI-3342.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-CN-EXT.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-CN.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-JP-3.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-JP.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-KR.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-IR-197.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-IR-209.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO646.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-1.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-10.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-11.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-13.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-14.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-15.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-16.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-2.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-3.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-4.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-5.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-6.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-7.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-8.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-9.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-9E.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_10367-BOX.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_11548-1.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_2033.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_5427-EXT.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_5427.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_5428.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_6937-2.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_6937.so", "/usr/lib/x86_64-linux-gnu/gconv/JOHAB.so", "/usr/lib/x86_64-linux-gnu/gconv/KOI-8.so", "/usr/lib/x86_64-linux-gnu/gconv/KOI8-R.so", "/usr/lib/x86_64-linux-gnu/gconv/KOI8-RU.so", "/usr/lib/x86_64-linux-gnu/gconv/KOI8-T.so", "/usr/lib/x86_64-linux-gnu/gconv/KOI8-U.so", "/usr/lib/x86_64-linux-gnu/gconv/LATIN-GREEK-1.so", "/usr/lib/x86_64-linux-gnu/gconv/LATIN-GREEK.so", "/usr/lib/x86_64-linux-gnu/gconv/MAC-CENTRALEUROPE.so", "/usr/lib/x86_64-linux-gnu/gconv/MAC-IS.so", "/usr/lib/x86_64-linux-gnu/gconv/MAC-SAMI.so", "/usr/lib/x86_64-linux-gnu/gconv/MAC-UK.so", "/usr/lib/x86_64-linux-gnu/gconv/MACINTOSH.so", "/usr/lib/x86_64-linux-gnu/gconv/MIK.so", "/usr/lib/x86_64-linux-gnu/gconv/NATS-DANO.so", "/usr/lib/x86_64-linux-gnu/gconv/NATS-SEFI.so", "/usr/lib/x86_64-linux-gnu/gconv/PT154.so", "/usr/lib/x86_64-linux-gnu/gconv/RK1048.so", "/usr/lib/x86_64-linux-gnu/gconv/SAMI-WS2.so", "/usr/lib/x86_64-linux-gnu/gconv/SHIFT_JISX0213.so", "/usr/lib/x86_64-linux-gnu/gconv/SJIS.so", "/usr/lib/x86_64-linux-gnu/gconv/T.61.so", "/usr/lib/x86_64-linux-gnu/gconv/TCVN5712-1.so", "/usr/lib/x86_64-linux-gnu/gconv/TIS-620.so", "/usr/lib/x86_64-linux-gnu/gconv/TSCII.so", "/usr/lib/x86_64-linux-gnu/gconv/UHC.so", "/usr/lib/x86_64-linux-gnu/gconv/UNICODE.so", "/usr/lib/x86_64-linux-gnu/gconv/UTF-16.so", "/usr/lib/x86_64-linux-gnu/gconv/UTF-32.so", "/usr/lib/x86_64-linux-gnu/gconv/UTF-7.so", "/usr/lib/x86_64-linux-gnu/gconv/VISCII.so", "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules", "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache", "/usr/lib/x86_64-linux-gnu/gconv/libCNS.so", "/usr/lib/x86_64-linux-gnu/gconv/libGB.so", "/usr/lib/x86_64-linux-gnu/gconv/libISOIR165.so", "/usr/lib/x86_64-linux-gnu/gconv/libJIS.so", "/usr/lib/x86_64-linux-gnu/gconv/libJISX0213.so", "/usr/lib/x86_64-linux-gnu/gconv/libKSC.so", "/usr/share/doc/libc6/NEWS.Debian.gz", "/usr/share/doc/libc6/NEWS.gz", "/usr/share/doc/libc6/README.Debian.gz", "/usr/share/doc/libc6/README.hesiod.gz", "/usr/share/doc/libc6/changelog.Debian.gz", "/usr/share/doc/libc6/copyright", "/usr/share/lintian/overrides/libc6" ], "AnalyzedBy": "dpkg" }, { "ID": "libcap-ng0@0.7.9-2.1build1", "Name": "libcap-ng0", "Identifier": { "PURL": "pkg:deb/ubuntu/libcap-ng0@0.7.9-2.1build1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "e6957a49e8589507" }, "Version": "0.7.9", "Release": "2.1build1", "Arch": "amd64", "SrcName": "libcap-ng", "SrcVersion": "0.7.9", "SrcRelease": "2.1build1", "Licenses": [ "LGPL-2.1-only", "GPL-2.0-only", "GPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libcap-ng.so.0.0.0", "/usr/share/doc/libcap-ng0/changelog.Debian.gz", "/usr/share/doc/libcap-ng0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libcap2@1:2.32-1", "Name": "libcap2", "Identifier": { "PURL": "pkg:deb/ubuntu/libcap2@2.32-1?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "f3ac8127b4642fab" }, "Version": "2.32", "Release": "1", "Epoch": 1, "Arch": "amd64", "SrcName": "libcap2", "SrcVersion": "2.32", "SrcRelease": "1", "SrcEpoch": 1, "Licenses": [ "BSD-3-Clause", "GPL-2.0-only", "GPL-2.0-or-later" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libcap.so.2.32", "/usr/share/doc/libcap2/changelog.Debian.gz", "/usr/share/doc/libcap2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libcap2-bin@1:2.32-1", "Name": "libcap2-bin", "Identifier": { "PURL": "pkg:deb/ubuntu/libcap2-bin@2.32-1?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "e90e2456a8d78be" }, "Version": "2.32", "Release": "1", "Epoch": 1, "Arch": "amd64", "SrcName": "libcap2", "SrcVersion": "2.32", "SrcRelease": "1", "SrcEpoch": 1, "Licenses": [ "BSD-3-Clause", "GPL-2.0-only", "GPL-2.0-or-later" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libcap2@1:2.32-1" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/sbin/capsh", "/sbin/getcap", "/sbin/getpcaps", "/sbin/setcap", "/usr/share/doc/libcap2-bin/README.Debian", "/usr/share/doc/libcap2-bin/copyright", "/usr/share/lintian/overrides/libcap2-bin", "/usr/share/man/man1/capsh.1.gz", "/usr/share/man/man1/getpcaps.1.gz", "/usr/share/man/man5/capability.conf.5.gz", "/usr/share/man/man8/getcap.8.gz", "/usr/share/man/man8/getpcaps.8.gz", "/usr/share/man/man8/pam_cap.8.gz", "/usr/share/man/man8/setcap.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "libcom-err2@1.45.5-2ubuntu1.1", "Name": "libcom-err2", "Identifier": { "PURL": "pkg:deb/ubuntu/libcom-err2@1.45.5-2ubuntu1.1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "36e525f208a3e1fd" }, "Version": "1.45.5", "Release": "2ubuntu1.1", "Arch": "amd64", "SrcName": "e2fsprogs", "SrcVersion": "1.45.5", "SrcRelease": "2ubuntu1.1", "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libcom_err.so.2.1", "/usr/share/doc/libcom-err2/changelog.Debian.gz", "/usr/share/doc/libcom-err2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libconfig-inifiles-perl@3.000002-1", "Name": "libconfig-inifiles-perl", "Identifier": { "PURL": "pkg:deb/ubuntu/libconfig-inifiles-perl@3.000002-1?arch=all\u0026distro=ubuntu-20.04", "UID": "cd3bc5c431f610b3" }, "Version": "3.000002", "Release": "1", "Arch": "all", "SrcName": "libconfig-inifiles-perl", "SrcVersion": "3.000002", "SrcRelease": "1", "Licenses": [ "Artistic-2.0", "GPL-1.0-or-later", "MIT", "GPL-3.0-or-later", "GPL-1.0-only", "GPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/share/doc/libconfig-inifiles-perl/changelog.Debian.gz", "/usr/share/doc/libconfig-inifiles-perl/copyright", "/usr/share/man/man3/Config::IniFiles.3pm.gz", "/usr/share/perl5/Config/IniFiles.pm" ], "AnalyzedBy": "dpkg" }, { "ID": "libcrypt1@1:4.4.10-10ubuntu4", "Name": "libcrypt1", "Identifier": { "PURL": "pkg:deb/ubuntu/libcrypt1@4.4.10-10ubuntu4?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "e08bb2dc0672c92e" }, "Version": "4.4.10", "Release": "10ubuntu4", "Epoch": 1, "Arch": "amd64", "SrcName": "libxcrypt", "SrcVersion": "4.4.10", "SrcRelease": "10ubuntu4", "SrcEpoch": 1, "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libcrypt.so.1.1.0", "/usr/share/doc/libcrypt1/changelog.Debian.gz", "/usr/share/doc/libcrypt1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libdb5.3@5.3.28+dfsg1-0.6ubuntu2", "Name": "libdb5.3", "Identifier": { "PURL": "pkg:deb/ubuntu/libdb5.3@5.3.28%2Bdfsg1-0.6ubuntu2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "3b12cbcbfee838db" }, "Version": "5.3.28+dfsg1", "Release": "0.6ubuntu2", "Arch": "amd64", "SrcName": "db5.3", "SrcVersion": "5.3.28+dfsg1", "SrcRelease": "0.6ubuntu2", "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libdb-5.3.so", "/usr/share/doc/libdb5.3/build_signature_amd64.txt", "/usr/share/doc/libdb5.3/changelog.Debian.gz", "/usr/share/doc/libdb5.3/copyright", "/usr/share/lintian/overrides/libdb5.3" ], "AnalyzedBy": "dpkg" }, { "ID": "libdbi-perl@1.643-1ubuntu0.1", "Name": "libdbi-perl", "Identifier": { "PURL": "pkg:deb/ubuntu/libdbi-perl@1.643-1ubuntu0.1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "d12390ca45ce189d" }, "Version": "1.643", "Release": "1ubuntu0.1", "Arch": "amd64", "SrcName": "libdbi-perl", "SrcVersion": "1.643", "SrcRelease": "1ubuntu0.1", "Licenses": [ "Artistic-2.0", "GPL-1.0-or-later", "GPL-1.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "perl@5.30.0-9ubuntu0.3" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/bin/dbilogstrip", "/usr/bin/dbiprof", "/usr/bin/dbiproxy", "/usr/bin/dh_perl_dbi", "/usr/lib/x86_64-linux-gnu/perl5/5.30/Bundle/DBI.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/DBM.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/ExampleP.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/File.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/File/Developers.pod", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/File/HowTo.pod", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/File/Roadmap.pod", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Gofer.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Gofer/Policy/Base.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Gofer/Policy/classic.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Gofer/Policy/pedantic.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Gofer/Policy/rush.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Gofer/Transport/Base.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Gofer/Transport/corostream.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Gofer/Transport/null.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Gofer/Transport/pipeone.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Gofer/Transport/stream.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Mem.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/NullP.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Proxy.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBD/Sponge.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Changes.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Const/GetInfo/ANSI.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Const/GetInfo/ODBC.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Const/GetInfoReturn.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Const/GetInfoType.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/DBD.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/DBD/Metadata.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/DBD/SqlEngine.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/DBD/SqlEngine/Developers.pod", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/DBD/SqlEngine/HowTo.pod", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Gofer/Execute.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Gofer/Request.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Gofer/Response.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Gofer/Serializer/Base.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Gofer/Serializer/DataDumper.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Gofer/Serializer/Storable.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Gofer/Transport/Base.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Gofer/Transport/pipeone.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Gofer/Transport/stream.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Profile.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/ProfileData.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/ProfileDumper.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/ProfileDumper/Apache.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/ProfileSubs.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/ProxyServer.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/PurePerl.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/SQL/Nano.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Util/CacheMemory.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/Util/_accessor.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/DBI/W32ODBC.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/Win32/DBIODBC.pm", "/usr/lib/x86_64-linux-gnu/perl5/5.30/auto/DBI/DBI.so", "/usr/lib/x86_64-linux-gnu/perl5/5.30/auto/DBI/DBIXS.h", "/usr/lib/x86_64-linux-gnu/perl5/5.30/auto/DBI/Driver.xst", "/usr/lib/x86_64-linux-gnu/perl5/5.30/auto/DBI/Driver_xst.h", "/usr/lib/x86_64-linux-gnu/perl5/5.30/auto/DBI/dbd_xsh.h", "/usr/lib/x86_64-linux-gnu/perl5/5.30/auto/DBI/dbi_sql.h", "/usr/lib/x86_64-linux-gnu/perl5/5.30/auto/DBI/dbipport.h", "/usr/lib/x86_64-linux-gnu/perl5/5.30/auto/DBI/dbivport.h", "/usr/lib/x86_64-linux-gnu/perl5/5.30/auto/DBI/dbixs_rev.h", "/usr/lib/x86_64-linux-gnu/perl5/5.30/dbixs_rev.pl", "/usr/share/doc/libdbi-perl/NEWS.Developer.gz", "/usr/share/doc/libdbi-perl/README.Debian", "/usr/share/doc/libdbi-perl/changelog.Debian.gz", "/usr/share/doc/libdbi-perl/copyright", "/usr/share/doc/libdbi-perl/examples/corogofer.pl", "/usr/share/doc/libdbi-perl/examples/perl_dbi_nulls_test.pl", "/usr/share/doc/libdbi-perl/examples/profile.pl", "/usr/share/doc/libdbi-perl/examples/test.pl", "/usr/share/libdbi-perl/perl-dbdabi.make", "/usr/share/lintian/overrides/libdbi-perl", "/usr/share/man/man1/dbilogstrip.1p.gz", "/usr/share/man/man1/dbiprof.1p.gz", "/usr/share/man/man1/dbiproxy.1p.gz", "/usr/share/man/man1/dh_perl_dbi.1.gz", "/usr/share/man/man3/Bundle::DBI.3pm.gz", "/usr/share/man/man3/DBD::DBM.3pm.gz", "/usr/share/man/man3/DBD::File.3pm.gz", "/usr/share/man/man3/DBD::File::Developers.3pm.gz", "/usr/share/man/man3/DBD::File::HowTo.3pm.gz", "/usr/share/man/man3/DBD::File::Roadmap.3pm.gz", "/usr/share/man/man3/DBD::Gofer.3pm.gz", "/usr/share/man/man3/DBD::Gofer::Policy::Base.3pm.gz", "/usr/share/man/man3/DBD::Gofer::Policy::classic.3pm.gz", "/usr/share/man/man3/DBD::Gofer::Policy::pedantic.3pm.gz", "/usr/share/man/man3/DBD::Gofer::Policy::rush.3pm.gz", "/usr/share/man/man3/DBD::Gofer::Transport::Base.3pm.gz", "/usr/share/man/man3/DBD::Gofer::Transport::corostream.3pm.gz", "/usr/share/man/man3/DBD::Gofer::Transport::null.3pm.gz", "/usr/share/man/man3/DBD::Gofer::Transport::pipeone.3pm.gz", "/usr/share/man/man3/DBD::Gofer::Transport::stream.3pm.gz", "/usr/share/man/man3/DBD::Mem.3pm.gz", "/usr/share/man/man3/DBD::Proxy.3pm.gz", "/usr/share/man/man3/DBD::Sponge.3pm.gz", "/usr/share/man/man3/DBI.3pm.gz", "/usr/share/man/man3/DBI::Const::GetInfo::ANSI.3pm.gz", "/usr/share/man/man3/DBI::Const::GetInfo::ODBC.3pm.gz", "/usr/share/man/man3/DBI::Const::GetInfoReturn.3pm.gz", "/usr/share/man/man3/DBI::Const::GetInfoType.3pm.gz", "/usr/share/man/man3/DBI::DBD.3pm.gz", "/usr/share/man/man3/DBI::DBD::Metadata.3pm.gz", "/usr/share/man/man3/DBI::DBD::SqlEngine.3pm.gz", "/usr/share/man/man3/DBI::DBD::SqlEngine::Developers.3pm.gz", "/usr/share/man/man3/DBI::DBD::SqlEngine::HowTo.3pm.gz", "/usr/share/man/man3/DBI::Gofer::Execute.3pm.gz", "/usr/share/man/man3/DBI::Gofer::Request.3pm.gz", "/usr/share/man/man3/DBI::Gofer::Response.3pm.gz", "/usr/share/man/man3/DBI::Gofer::Serializer::Base.3pm.gz", "/usr/share/man/man3/DBI::Gofer::Serializer::DataDumper.3pm.gz", "/usr/share/man/man3/DBI::Gofer::Serializer::Storable.3pm.gz", "/usr/share/man/man3/DBI::Gofer::Transport::Base.3pm.gz", "/usr/share/man/man3/DBI::Gofer::Transport::pipeone.3pm.gz", "/usr/share/man/man3/DBI::Gofer::Transport::stream.3pm.gz", "/usr/share/man/man3/DBI::Profile.3pm.gz", "/usr/share/man/man3/DBI::ProfileData.3pm.gz", "/usr/share/man/man3/DBI::ProfileDumper.3pm.gz", "/usr/share/man/man3/DBI::ProfileDumper::Apache.3pm.gz", "/usr/share/man/man3/DBI::ProfileSubs.3pm.gz", "/usr/share/man/man3/DBI::ProxyServer.3pm.gz", "/usr/share/man/man3/DBI::PurePerl.3pm.gz", "/usr/share/man/man3/DBI::SQL::Nano.3pm.gz", "/usr/share/man/man3/DBI::Util::CacheMemory.3pm.gz", "/usr/share/man/man3/DBI::W32ODBC.3pm.gz", "/usr/share/man/man3/Win32::DBIODBC.3pm.gz", "/usr/share/perl5/Debian/Debhelper/Sequence/perl_dbi.pm" ], "AnalyzedBy": "dpkg" }, { "ID": "libdebconfclient0@0.251ubuntu1", "Name": "libdebconfclient0", "Identifier": { "PURL": "pkg:deb/ubuntu/libdebconfclient0@0.251ubuntu1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "2e3d9c7fd6546037" }, "Version": "0.251ubuntu1", "Arch": "amd64", "SrcName": "cdebconf", "SrcVersion": "0.251ubuntu1", "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libdebconfclient.so.0.0.0", "/usr/share/doc/libdebconfclient0/changelog.gz", "/usr/share/doc/libdebconfclient0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libelf1@0.176-1.1build1", "Name": "libelf1", "Identifier": { "PURL": "pkg:deb/ubuntu/libelf1@0.176-1.1build1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "a3374c93655a9823" }, "Version": "0.176", "Release": "1.1build1", "Arch": "amd64", "SrcName": "elfutils", "SrcVersion": "0.176", "SrcRelease": "1.1build1", "Licenses": [ "GPL-2.0-only", "GPL-3.0-only", "LGPL-2.0-or-later" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "zlib1g@1:1.2.11.dfsg-2ubuntu1.5" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libelf-0.176.so", "/usr/share/doc/libelf1/changelog.Debian.gz", "/usr/share/doc/libelf1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libext2fs2@1.45.5-2ubuntu1.1", "Name": "libext2fs2", "Identifier": { "PURL": "pkg:deb/ubuntu/libext2fs2@1.45.5-2ubuntu1.1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "534dde847f051859" }, "Version": "1.45.5", "Release": "2ubuntu1.1", "Arch": "amd64", "SrcName": "e2fsprogs", "SrcVersion": "1.45.5", "SrcRelease": "2ubuntu1.1", "Licenses": [ "GPL-2.0-only", "LGPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libe2p.so.2.3", "/lib/x86_64-linux-gnu/libext2fs.so.2.4", "/usr/share/doc/libext2fs2/changelog.Debian.gz", "/usr/share/doc/libext2fs2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libfdisk1@2.34-0.1ubuntu9.3", "Name": "libfdisk1", "Identifier": { "PURL": "pkg:deb/ubuntu/libfdisk1@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "d7ae8926642fd1bc" }, "Version": "2.34", "Release": "0.1ubuntu9.3", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.34", "SrcRelease": "0.1ubuntu9.3", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "public-domain", "BSD-4-Clause", "MIT", "BSD-2-Clause", "BSD-3-Clause", "LGPL-2.0-or-later", "LGPL-2.1-or-later", "GPL-3.0-or-later", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libblkid1@2.34-0.1ubuntu9.3", "libc6@2.31-0ubuntu9.9", "libuuid1@2.34-0.1ubuntu9.3" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libfdisk.so.1.1.0", "/usr/share/doc/libfdisk1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libffi7@3.3-4", "Name": "libffi7", "Identifier": { "PURL": "pkg:deb/ubuntu/libffi7@3.3-4?arch=amd64\u0026distro=ubuntu-20.04", "UID": "9cb3138802972730" }, "Version": "3.3", "Release": "4", "Arch": "amd64", "SrcName": "libffi", "SrcVersion": "3.3", "SrcRelease": "4", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libffi.so.7.1.0", "/usr/share/doc/libffi7/changelog.Debian.gz", "/usr/share/doc/libffi7/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libgcc-s1@10.3.0-1ubuntu1~20.04", "Name": "libgcc-s1", "Identifier": { "PURL": "pkg:deb/ubuntu/libgcc-s1@10.3.0-1ubuntu1~20.04?arch=amd64\u0026distro=ubuntu-20.04", "UID": "307d7f89e43985bb" }, "Version": "10.3.0", "Release": "1ubuntu1~20.04", "Arch": "amd64", "SrcName": "gcc-10", "SrcVersion": "10.3.0", "SrcRelease": "1ubuntu1~20.04", "Maintainer": "Ubuntu Core developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "gcc-10-base@10.3.0-1ubuntu1~20.04", "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libgcc_s.so.1", "/usr/share/lintian/overrides/libgcc-s1" ], "AnalyzedBy": "dpkg" }, { "ID": "libgcrypt20@1.8.5-5ubuntu1.1", "Name": "libgcrypt20", "Identifier": { "PURL": "pkg:deb/ubuntu/libgcrypt20@1.8.5-5ubuntu1.1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "736a4f36c99fbc42" }, "Version": "1.8.5", "Release": "5ubuntu1.1", "Arch": "amd64", "SrcName": "libgcrypt20", "SrcVersion": "1.8.5", "SrcRelease": "5ubuntu1.1", "Licenses": [ "LGPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libgpg-error0@1.37-1" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libgcrypt.so.20.2.5", "/usr/share/doc/libgcrypt20/AUTHORS.gz", "/usr/share/doc/libgcrypt20/NEWS.gz", "/usr/share/doc/libgcrypt20/README.gz", "/usr/share/doc/libgcrypt20/THANKS.gz", "/usr/share/doc/libgcrypt20/changelog.Debian.gz", "/usr/share/doc/libgcrypt20/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libgdbm-compat4@1.18.1-5", "Name": "libgdbm-compat4", "Identifier": { "PURL": "pkg:deb/ubuntu/libgdbm-compat4@1.18.1-5?arch=amd64\u0026distro=ubuntu-20.04", "UID": "90f68a4641003772" }, "Version": "1.18.1", "Release": "5", "Arch": "amd64", "SrcName": "gdbm", "SrcVersion": "1.18.1", "SrcRelease": "5", "Licenses": [ "GPL-3.0-or-later", "GPL-2.0-or-later", "GFDL-1.3-no-invariants-or-later", "GPL-3.0-only", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libgdbm6@1.18.1-5" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libgdbm_compat.so.4.0.0", "/usr/share/doc/libgdbm-compat4/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libgdbm6@1.18.1-5", "Name": "libgdbm6", "Identifier": { "PURL": "pkg:deb/ubuntu/libgdbm6@1.18.1-5?arch=amd64\u0026distro=ubuntu-20.04", "UID": "7194f66c9d05cbb6" }, "Version": "1.18.1", "Release": "5", "Arch": "amd64", "SrcName": "gdbm", "SrcVersion": "1.18.1", "SrcRelease": "5", "Licenses": [ "GPL-3.0-or-later", "GPL-2.0-or-later", "GFDL-1.3-no-invariants-or-later", "GPL-3.0-only", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libgdbm.so.6.0.0", "/usr/share/doc/libgdbm6/changelog.Debian.gz", "/usr/share/doc/libgdbm6/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libgmp10@2:6.2.0+dfsg-4ubuntu0.1", "Name": "libgmp10", "Identifier": { "PURL": "pkg:deb/ubuntu/libgmp10@6.2.0%2Bdfsg-4ubuntu0.1?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=2", "UID": "986ac56e16e89784" }, "Version": "6.2.0+dfsg", "Release": "4ubuntu0.1", "Epoch": 2, "Arch": "amd64", "SrcName": "gmp", "SrcVersion": "6.2.0+dfsg", "SrcRelease": "4ubuntu0.1", "SrcEpoch": 2, "Licenses": [ "LGPL-3.0-only", "GPL-2.0-only", "GPL-3.0-only", "GPL-2.0-or-later" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libgmp.so.10.4.0", "/usr/share/doc/libgmp10/README.Debian", "/usr/share/doc/libgmp10/changelog.Debian.gz", "/usr/share/doc/libgmp10/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libgnutls30@3.6.13-2ubuntu1.8", "Name": "libgnutls30", "Identifier": { "PURL": "pkg:deb/ubuntu/libgnutls30@3.6.13-2ubuntu1.8?arch=amd64\u0026distro=ubuntu-20.04", "UID": "601976e667e60bf5" }, "Version": "3.6.13", "Release": "2ubuntu1.8", "Arch": "amd64", "SrcName": "gnutls28", "SrcVersion": "3.6.13", "SrcRelease": "2ubuntu1.8", "Licenses": [ "LGPL-2.1-only", "LGPL-2.0-or-later", "LGPL-3.0-only", "GPL-2.0-or-later", "GPL-3.0-only", "GFDL-1.3-only", "CC0-1.0", "MIT", "Apache-2.0", "LGPL-3.0-or-later", "LGPL-2.1-or-later", "GPL-3.0-or-later", "BSD-3-Clause" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libgmp10@2:6.2.0+dfsg-4ubuntu0.1", "libhogweed5@3.5.1+really3.5.1-2ubuntu0.2", "libidn2-0@2.2.0-2", "libnettle7@3.5.1+really3.5.1-2ubuntu0.2", "libp11-kit0@0.23.20-1ubuntu0.1", "libtasn1-6@4.16.0-2", "libunistring2@0.9.10-2" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libgnutls.so.30.27.0", "/usr/share/doc/libgnutls30/AUTHORS.gz", "/usr/share/doc/libgnutls30/NEWS.Debian.gz", "/usr/share/doc/libgnutls30/NEWS.gz", "/usr/share/doc/libgnutls30/README.md.gz", "/usr/share/doc/libgnutls30/THANKS.gz", "/usr/share/doc/libgnutls30/changelog.Debian.gz", "/usr/share/doc/libgnutls30/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libgpg-error0@1.37-1", "Name": "libgpg-error0", "Identifier": { "PURL": "pkg:deb/ubuntu/libgpg-error0@1.37-1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "119f68f873331ca8" }, "Version": "1.37", "Release": "1", "Arch": "amd64", "SrcName": "libgpg-error", "SrcVersion": "1.37", "SrcRelease": "1", "Licenses": [ "LGPL-2.1-or-later", "BSD-3-Clause", "g10-permissive", "GPL-3.0-or-later", "LGPL-2.1-only", "GPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libgpg-error.so.0.28.0", "/usr/share/doc/libgpg-error0/README.gz", "/usr/share/doc/libgpg-error0/changelog.Debian.gz", "/usr/share/doc/libgpg-error0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libhogweed5@3.5.1+really3.5.1-2ubuntu0.2", "Name": "libhogweed5", "Identifier": { "PURL": "pkg:deb/ubuntu/libhogweed5@3.5.1%2Breally3.5.1-2ubuntu0.2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "5173cc2e9efda0fe" }, "Version": "3.5.1+really3.5.1", "Release": "2ubuntu0.2", "Arch": "amd64", "SrcName": "nettle", "SrcVersion": "3.5.1+really3.5.1", "SrcRelease": "2ubuntu0.2", "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libgmp10@2:6.2.0+dfsg-4ubuntu0.1", "libnettle7@3.5.1+really3.5.1-2ubuntu0.2" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libhogweed.so.5.0" ], "AnalyzedBy": "dpkg" }, { "ID": "libidn2-0@2.2.0-2", "Name": "libidn2-0", "Identifier": { "PURL": "pkg:deb/ubuntu/libidn2-0@2.2.0-2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "a4d22b46c8b443be" }, "Version": "2.2.0", "Release": "2", "Arch": "amd64", "SrcName": "libidn2", "SrcVersion": "2.2.0", "SrcRelease": "2", "Licenses": [ "GPL-3.0-or-later", "LGPL-3.0-or-later", "GPL-2.0-or-later", "Unicode", "GPL-3.0-only", "GPL-2.0-only", "LGPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libunistring2@0.9.10-2" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libidn2.so.0.3.6", "/usr/share/doc/libidn2-0/AUTHORS", "/usr/share/doc/libidn2-0/NEWS.gz", "/usr/share/doc/libidn2-0/README.md.gz", "/usr/share/doc/libidn2-0/changelog.Debian.gz", "/usr/share/doc/libidn2-0/copyright", "/usr/share/lintian/overrides/libidn2-0" ], "AnalyzedBy": "dpkg" }, { "ID": "libjemalloc2@5.2.1-1ubuntu1", "Name": "libjemalloc2", "Identifier": { "PURL": "pkg:deb/ubuntu/libjemalloc2@5.2.1-1ubuntu1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "dfa342d22c9cd4aa" }, "Version": "5.2.1", "Release": "1ubuntu1", "Arch": "amd64", "SrcName": "jemalloc", "SrcVersion": "5.2.1", "SrcRelease": "1ubuntu1", "Licenses": [ "BSD-2-Clause", "BSD-2-Clause-Chemeris", "BSD-3-Clause-Google", "MIT", "BSD-3-Clause-Hiroshima-University", "BSD-3-Clause" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libgcc-s1@10.3.0-1ubuntu1~20.04", "libstdc++6@10.3.0-1ubuntu1~20.04" ], "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libjemalloc.so.2", "/usr/share/doc/libjemalloc2/README", "/usr/share/doc/libjemalloc2/changelog.Debian.gz", "/usr/share/doc/libjemalloc2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "liblz4-1@1.9.2-2ubuntu0.20.04.1", "Name": "liblz4-1", "Identifier": { "PURL": "pkg:deb/ubuntu/liblz4-1@1.9.2-2ubuntu0.20.04.1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "360de62e84e688a2" }, "Version": "1.9.2", "Release": "2ubuntu0.20.04.1", "Arch": "amd64", "SrcName": "lz4", "SrcVersion": "1.9.2", "SrcRelease": "2ubuntu0.20.04.1", "Licenses": [ "BSD-2-Clause", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/liblz4.so.1.9.2", "/usr/share/doc/liblz4-1/changelog.Debian.gz", "/usr/share/doc/liblz4-1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "liblzma5@5.2.4-1ubuntu1.1", "Name": "liblzma5", "Identifier": { "PURL": "pkg:deb/ubuntu/liblzma5@5.2.4-1ubuntu1.1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "c2ae5f7a21c980c7" }, "Version": "5.2.4", "Release": "1ubuntu1.1", "Arch": "amd64", "SrcName": "xz-utils", "SrcVersion": "5.2.4", "SrcRelease": "1ubuntu1.1", "Licenses": [ "PD", "probably-PD", "GPL-2.0-or-later", "LGPL-2.1-or-later", "permissive-fsf", "Autoconf", "permissive-nowarranty", "GPL-2.0-only", "none", "config-h", "LGPL-2.0-only", "LGPL-2.1-only", "noderivs", "PD-debian", "GPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/liblzma.so.5.2.4", "/usr/share/doc/liblzma5/AUTHORS", "/usr/share/doc/liblzma5/NEWS.gz", "/usr/share/doc/liblzma5/THANKS", "/usr/share/doc/liblzma5/changelog.Debian.gz", "/usr/share/doc/liblzma5/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libmariadb3@1:10.7.8+maria~ubu2004", "Name": "libmariadb3", "Identifier": { "PURL": "pkg:deb/ubuntu/libmariadb3@10.7.8%2Bmaria~ubu2004?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "3b5ea273e7b67371" }, "Version": "10.7.8+maria~ubu2004", "Epoch": 1, "Arch": "amd64", "SrcName": "mariadb-10.7", "SrcVersion": "10.7.8+maria~ubu2004", "SrcEpoch": 1, "Maintainer": "MariaDB Developers \u003cmaria-developers@lists.launchpad.net\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libssl1.1@1.1.1f-1ubuntu2.17", "mariadb-common@1:10.7.8+maria~ubu2004", "zlib1g@1:1.2.11.dfsg-2ubuntu1.5" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libmariadb.so.3", "/usr/lib/x86_64-linux-gnu/libmariadb3/plugin/caching_sha2_password.so", "/usr/lib/x86_64-linux-gnu/libmariadb3/plugin/client_ed25519.so", "/usr/lib/x86_64-linux-gnu/libmariadb3/plugin/dialog.so", "/usr/lib/x86_64-linux-gnu/libmariadb3/plugin/mysql_clear_password.so", "/usr/lib/x86_64-linux-gnu/libmariadb3/plugin/sha256_password.so", "/usr/share/doc/libmariadb3/changelog.gz", "/usr/share/doc/libmariadb3/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libmnl0@1.0.4-2", "Name": "libmnl0", "Identifier": { "PURL": "pkg:deb/ubuntu/libmnl0@1.0.4-2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "f052539b06152f0c" }, "Version": "1.0.4", "Release": "2", "Arch": "amd64", "SrcName": "libmnl", "SrcVersion": "1.0.4", "SrcRelease": "2", "Licenses": [ "LGPL-2.1-only", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libmnl.so.0.2.0", "/usr/share/doc/libmnl0/changelog.Debian.gz", "/usr/share/doc/libmnl0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libmount1@2.34-0.1ubuntu9.3", "Name": "libmount1", "Identifier": { "PURL": "pkg:deb/ubuntu/libmount1@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "149aad062a67d915" }, "Version": "2.34", "Release": "0.1ubuntu9.3", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.34", "SrcRelease": "0.1ubuntu9.3", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "public-domain", "BSD-4-Clause", "MIT", "BSD-2-Clause", "BSD-3-Clause", "LGPL-2.0-or-later", "LGPL-2.1-or-later", "GPL-3.0-or-later", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libblkid1@2.34-0.1ubuntu9.3", "libc6@2.31-0ubuntu9.9", "libselinux1@3.0-1build2" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libmount.so.1.1.0", "/usr/share/doc/libmount1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libmpfr6@4.0.2-1", "Name": "libmpfr6", "Identifier": { "PURL": "pkg:deb/ubuntu/libmpfr6@4.0.2-1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "cbee374cc2146325" }, "Version": "4.0.2", "Release": "1", "Arch": "amd64", "SrcName": "mpfr4", "SrcVersion": "4.0.2", "SrcRelease": "1", "Licenses": [ "LGPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libgmp10@2:6.2.0+dfsg-4ubuntu0.1" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libmpfr.so.6.0.2", "/usr/share/doc/libmpfr6/AUTHORS", "/usr/share/doc/libmpfr6/BUGS", "/usr/share/doc/libmpfr6/NEWS.gz", "/usr/share/doc/libmpfr6/README", "/usr/share/doc/libmpfr6/TODO.gz", "/usr/share/doc/libmpfr6/changelog.Debian.gz", "/usr/share/doc/libmpfr6/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libncurses6@6.2-0ubuntu2", "Name": "libncurses6", "Identifier": { "PURL": "pkg:deb/ubuntu/libncurses6@6.2-0ubuntu2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "daf9ae3f810ae3f0" }, "Version": "6.2", "Release": "0ubuntu2", "Arch": "amd64", "SrcName": "ncurses", "SrcVersion": "6.2", "SrcRelease": "0ubuntu2", "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libtinfo6@6.2-0ubuntu2" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libncurses.so.6.2", "/usr/lib/x86_64-linux-gnu/libform.so.6.2", "/usr/lib/x86_64-linux-gnu/libmenu.so.6.2", "/usr/lib/x86_64-linux-gnu/libpanel.so.6.2" ], "AnalyzedBy": "dpkg" }, { "ID": "libncursesw6@6.2-0ubuntu2", "Name": "libncursesw6", "Identifier": { "PURL": "pkg:deb/ubuntu/libncursesw6@6.2-0ubuntu2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "dca50c9cdd5fdd35" }, "Version": "6.2", "Release": "0ubuntu2", "Arch": "amd64", "SrcName": "ncurses", "SrcVersion": "6.2", "SrcRelease": "0ubuntu2", "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libtinfo6@6.2-0ubuntu2" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libncursesw.so.6.2", "/usr/lib/x86_64-linux-gnu/libformw.so.6.2", "/usr/lib/x86_64-linux-gnu/libmenuw.so.6.2", "/usr/lib/x86_64-linux-gnu/libpanelw.so.6.2" ], "AnalyzedBy": "dpkg" }, { "ID": "libnettle7@3.5.1+really3.5.1-2ubuntu0.2", "Name": "libnettle7", "Identifier": { "PURL": "pkg:deb/ubuntu/libnettle7@3.5.1%2Breally3.5.1-2ubuntu0.2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "2056b6e9d75f6357" }, "Version": "3.5.1+really3.5.1", "Release": "2ubuntu0.2", "Arch": "amd64", "SrcName": "nettle", "SrcVersion": "3.5.1+really3.5.1", "SrcRelease": "2ubuntu0.2", "Licenses": [ "LGPL-2.1-or-later", "LGPL-2.0-or-later", "LGPL-2.0-only", "other", "GPL-2.0-or-later", "GPL-2.0-with-autoconf-exception+", "public-domain", "GPL-2.0-only", "GAP" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libnettle.so.7.0", "/usr/share/doc/libnettle7/NEWS.gz", "/usr/share/doc/libnettle7/README", "/usr/share/doc/libnettle7/changelog.Debian.gz", "/usr/share/doc/libnettle7/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libp11-kit0@0.23.20-1ubuntu0.1", "Name": "libp11-kit0", "Identifier": { "PURL": "pkg:deb/ubuntu/libp11-kit0@0.23.20-1ubuntu0.1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "10976beda344eb50" }, "Version": "0.23.20", "Release": "1ubuntu0.1", "Arch": "amd64", "SrcName": "p11-kit", "SrcVersion": "0.23.20", "SrcRelease": "1ubuntu0.1", "Licenses": [ "BSD-3-Clause", "permissive-like-automake-output", "ISC", "ISC+IBM", "same-as-rest-of-p11kit" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libffi7@3.3-4" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libp11-kit.so.0.3.0", "/usr/share/doc/libp11-kit0/changelog.Debian.gz", "/usr/share/doc/libp11-kit0/copyright", "/usr/share/doc/libp11-kit0/examples/pkcs11.conf.example" ], "AnalyzedBy": "dpkg" }, { "ID": "libpam-modules@1.3.1-5ubuntu4.6", "Name": "libpam-modules", "Identifier": { "PURL": "pkg:deb/ubuntu/libpam-modules@1.3.1-5ubuntu4.6?arch=amd64\u0026distro=ubuntu-20.04", "UID": "8238c76ab6208fd" }, "Version": "1.3.1", "Release": "5ubuntu4.6", "Arch": "amd64", "SrcName": "pam", "SrcVersion": "1.3.1", "SrcRelease": "5ubuntu4.6", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/security/pam_access.so", "/lib/x86_64-linux-gnu/security/pam_debug.so", "/lib/x86_64-linux-gnu/security/pam_deny.so", "/lib/x86_64-linux-gnu/security/pam_echo.so", "/lib/x86_64-linux-gnu/security/pam_env.so", "/lib/x86_64-linux-gnu/security/pam_exec.so", "/lib/x86_64-linux-gnu/security/pam_extrausers.so", "/lib/x86_64-linux-gnu/security/pam_faildelay.so", "/lib/x86_64-linux-gnu/security/pam_faillock.so", "/lib/x86_64-linux-gnu/security/pam_filter.so", "/lib/x86_64-linux-gnu/security/pam_ftp.so", "/lib/x86_64-linux-gnu/security/pam_group.so", "/lib/x86_64-linux-gnu/security/pam_issue.so", "/lib/x86_64-linux-gnu/security/pam_keyinit.so", "/lib/x86_64-linux-gnu/security/pam_lastlog.so", "/lib/x86_64-linux-gnu/security/pam_limits.so", "/lib/x86_64-linux-gnu/security/pam_listfile.so", "/lib/x86_64-linux-gnu/security/pam_localuser.so", "/lib/x86_64-linux-gnu/security/pam_loginuid.so", "/lib/x86_64-linux-gnu/security/pam_mail.so", "/lib/x86_64-linux-gnu/security/pam_mkhomedir.so", "/lib/x86_64-linux-gnu/security/pam_motd.so", "/lib/x86_64-linux-gnu/security/pam_namespace.so", "/lib/x86_64-linux-gnu/security/pam_nologin.so", "/lib/x86_64-linux-gnu/security/pam_permit.so", "/lib/x86_64-linux-gnu/security/pam_pwhistory.so", "/lib/x86_64-linux-gnu/security/pam_rhosts.so", "/lib/x86_64-linux-gnu/security/pam_rootok.so", "/lib/x86_64-linux-gnu/security/pam_securetty.so", "/lib/x86_64-linux-gnu/security/pam_selinux.so", "/lib/x86_64-linux-gnu/security/pam_sepermit.so", "/lib/x86_64-linux-gnu/security/pam_shells.so", "/lib/x86_64-linux-gnu/security/pam_stress.so", "/lib/x86_64-linux-gnu/security/pam_succeed_if.so", "/lib/x86_64-linux-gnu/security/pam_tally.so", "/lib/x86_64-linux-gnu/security/pam_tally2.so", "/lib/x86_64-linux-gnu/security/pam_time.so", "/lib/x86_64-linux-gnu/security/pam_timestamp.so", "/lib/x86_64-linux-gnu/security/pam_tty_audit.so", "/lib/x86_64-linux-gnu/security/pam_umask.so", "/lib/x86_64-linux-gnu/security/pam_unix.so", "/lib/x86_64-linux-gnu/security/pam_userdb.so", "/lib/x86_64-linux-gnu/security/pam_warn.so", "/lib/x86_64-linux-gnu/security/pam_wheel.so", "/lib/x86_64-linux-gnu/security/pam_xauth.so", "/usr/share/doc/libpam-modules/copyright", "/usr/share/doc/libpam-modules/examples/upperLOWER.c", "/usr/share/lintian/overrides/libpam-modules", "/usr/share/man/man5/access.conf.5.gz", "/usr/share/man/man5/faillock.conf.5.gz", "/usr/share/man/man5/group.conf.5.gz", "/usr/share/man/man5/limits.conf.5.gz", "/usr/share/man/man5/namespace.conf.5.gz", "/usr/share/man/man5/pam_env.conf.5.gz", "/usr/share/man/man5/sepermit.conf.5.gz", "/usr/share/man/man5/time.conf.5.gz", "/usr/share/man/man5/update-motd.5.gz", "/usr/share/man/man7/pam_env.7.gz", "/usr/share/man/man7/pam_selinux.7.gz", "/usr/share/man/man8/pam_access.8.gz", "/usr/share/man/man8/pam_debug.8.gz", "/usr/share/man/man8/pam_deny.8.gz", "/usr/share/man/man8/pam_echo.8.gz", "/usr/share/man/man8/pam_exec.8.gz", "/usr/share/man/man8/pam_extrausers.8.gz", "/usr/share/man/man8/pam_faildelay.8.gz", "/usr/share/man/man8/pam_faillock.8.gz", "/usr/share/man/man8/pam_filter.8.gz", "/usr/share/man/man8/pam_ftp.8.gz", "/usr/share/man/man8/pam_group.8.gz", "/usr/share/man/man8/pam_issue.8.gz", "/usr/share/man/man8/pam_keyinit.8.gz", "/usr/share/man/man8/pam_lastlog.8.gz", "/usr/share/man/man8/pam_limits.8.gz", "/usr/share/man/man8/pam_listfile.8.gz", "/usr/share/man/man8/pam_localuser.8.gz", "/usr/share/man/man8/pam_loginuid.8.gz", "/usr/share/man/man8/pam_mail.8.gz", "/usr/share/man/man8/pam_mkhomedir.8.gz", "/usr/share/man/man8/pam_motd.8.gz", "/usr/share/man/man8/pam_namespace.8.gz", "/usr/share/man/man8/pam_nologin.8.gz", "/usr/share/man/man8/pam_permit.8.gz", "/usr/share/man/man8/pam_pwhistory.8.gz", "/usr/share/man/man8/pam_rhosts.8.gz", "/usr/share/man/man8/pam_rootok.8.gz", "/usr/share/man/man8/pam_securetty.8.gz", "/usr/share/man/man8/pam_sepermit.8.gz", "/usr/share/man/man8/pam_shells.8.gz", "/usr/share/man/man8/pam_succeed_if.8.gz", "/usr/share/man/man8/pam_tally.8.gz", "/usr/share/man/man8/pam_tally2.8.gz", "/usr/share/man/man8/pam_time.8.gz", "/usr/share/man/man8/pam_timestamp.8.gz", "/usr/share/man/man8/pam_tty_audit.8.gz", "/usr/share/man/man8/pam_umask.8.gz", "/usr/share/man/man8/pam_unix.8.gz", "/usr/share/man/man8/pam_userdb.8.gz", "/usr/share/man/man8/pam_warn.8.gz", "/usr/share/man/man8/pam_wheel.8.gz", "/usr/share/man/man8/pam_xauth.8.gz", "/usr/share/pam-configs/mkhomedir" ], "AnalyzedBy": "dpkg" }, { "ID": "libpam-modules-bin@1.3.1-5ubuntu4.6", "Name": "libpam-modules-bin", "Identifier": { "PURL": "pkg:deb/ubuntu/libpam-modules-bin@1.3.1-5ubuntu4.6?arch=amd64\u0026distro=ubuntu-20.04", "UID": "92c88fd5e3403ef2" }, "Version": "1.3.1", "Release": "5ubuntu4.6", "Arch": "amd64", "SrcName": "pam", "SrcVersion": "1.3.1", "SrcRelease": "5ubuntu4.6", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libaudit1@1:2.8.5-2ubuntu6", "libc6@2.31-0ubuntu9.9", "libcrypt1@1:4.4.10-10ubuntu4", "libpam0g@1.3.1-5ubuntu4.6", "libselinux1@3.0-1build2" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/sbin/mkhomedir_helper", "/sbin/pam_extrausers_chkpwd", "/sbin/pam_extrausers_update", "/sbin/pam_tally", "/sbin/pam_tally2", "/sbin/unix_chkpwd", "/sbin/unix_update", "/usr/sbin/faillock", "/usr/sbin/pam_timestamp_check", "/usr/share/doc/libpam-modules-bin/copyright", "/usr/share/lintian/overrides/libpam-modules-bin", "/usr/share/man/man8/faillock.8.gz", "/usr/share/man/man8/mkhomedir_helper.8.gz", "/usr/share/man/man8/pam_timestamp_check.8.gz", "/usr/share/man/man8/unix_chkpwd.8.gz", "/usr/share/man/man8/unix_update.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "libpam-runtime@1.3.1-5ubuntu4.6", "Name": "libpam-runtime", "Identifier": { "PURL": "pkg:deb/ubuntu/libpam-runtime@1.3.1-5ubuntu4.6?arch=all\u0026distro=ubuntu-20.04", "UID": "815077e96d38fc4a" }, "Version": "1.3.1", "Release": "5ubuntu4.6", "Arch": "all", "SrcName": "pam", "SrcVersion": "1.3.1", "SrcRelease": "5ubuntu4.6", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debconf@1.5.73", "libpam-modules@1.3.1-5ubuntu4.6" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/sbin/pam-auth-update", "/usr/sbin/pam_getenv", "/usr/share/doc/libpam-runtime/copyright", "/usr/share/lintian/overrides/libpam-runtime", "/usr/share/man/man5/pam.conf.5.gz", "/usr/share/man/man7/PAM.7.gz", "/usr/share/man/man8/pam-auth-update.8.gz", "/usr/share/man/man8/pam_getenv.8.gz", "/usr/share/pam-configs/unix", "/usr/share/pam/common-account", "/usr/share/pam/common-account.md5sums", "/usr/share/pam/common-auth", "/usr/share/pam/common-auth.md5sums", "/usr/share/pam/common-password", "/usr/share/pam/common-password.md5sums", "/usr/share/pam/common-session", "/usr/share/pam/common-session-noninteractive", "/usr/share/pam/common-session-noninteractive.md5sums", "/usr/share/pam/common-session.md5sums" ], "AnalyzedBy": "dpkg" }, { "ID": "libpam0g@1.3.1-5ubuntu4.6", "Name": "libpam0g", "Identifier": { "PURL": "pkg:deb/ubuntu/libpam0g@1.3.1-5ubuntu4.6?arch=amd64\u0026distro=ubuntu-20.04", "UID": "65460bc2f0872763" }, "Version": "1.3.1", "Release": "5ubuntu4.6", "Arch": "amd64", "SrcName": "pam", "SrcVersion": "1.3.1", "SrcRelease": "5ubuntu4.6", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debconf@1.5.73", "libaudit1@1:2.8.5-2ubuntu6", "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libpam.so.0.84.2", "/lib/x86_64-linux-gnu/libpam_misc.so.0.82.1", "/lib/x86_64-linux-gnu/libpamc.so.0.82.1", "/usr/share/doc/libpam0g/Debian-PAM-MiniPolicy.gz", "/usr/share/doc/libpam0g/NEWS.Debian.gz", "/usr/share/doc/libpam0g/README", "/usr/share/doc/libpam0g/README.Debian", "/usr/share/doc/libpam0g/TODO.Debian", "/usr/share/doc/libpam0g/changelog.Debian.gz", "/usr/share/doc/libpam0g/copyright", "/usr/share/lintian/overrides/libpam0g" ], "AnalyzedBy": "dpkg" }, { "ID": "libpcre2-8-0@10.34-7ubuntu0.1", "Name": "libpcre2-8-0", "Identifier": { "PURL": "pkg:deb/ubuntu/libpcre2-8-0@10.34-7ubuntu0.1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "a2ff44836db84cd4" }, "Version": "10.34", "Release": "7ubuntu0.1", "Arch": "amd64", "SrcName": "pcre2", "SrcVersion": "10.34", "SrcRelease": "7ubuntu0.1", "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libpcre2-8.so.0.9.0", "/usr/share/doc/libpcre2-8-0/README.Debian", "/usr/share/doc/libpcre2-8-0/changelog.Debian.gz", "/usr/share/doc/libpcre2-8-0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libpcre3@2:8.39-12ubuntu0.1", "Name": "libpcre3", "Identifier": { "PURL": "pkg:deb/ubuntu/libpcre3@8.39-12ubuntu0.1?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=2", "UID": "27d387d3c4e2fd01" }, "Version": "8.39", "Release": "12ubuntu0.1", "Epoch": 2, "Arch": "amd64", "SrcName": "pcre3", "SrcVersion": "8.39", "SrcRelease": "12ubuntu0.1", "SrcEpoch": 2, "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libpcre.so.3.13.3", "/usr/lib/x86_64-linux-gnu/libpcreposix.so.3.13.3", "/usr/share/doc/libpcre3/AUTHORS", "/usr/share/doc/libpcre3/NEWS.gz", "/usr/share/doc/libpcre3/README.Debian", "/usr/share/doc/libpcre3/README.gz", "/usr/share/doc/libpcre3/changelog.Debian.gz", "/usr/share/doc/libpcre3/copyright", "/usr/share/man/man3/pcrepattern.3.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "libperl5.30@5.30.0-9ubuntu0.3", "Name": "libperl5.30", "Identifier": { "PURL": "pkg:deb/ubuntu/libperl5.30@5.30.0-9ubuntu0.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "a3acb4d09929d454" }, "Version": "5.30.0", "Release": "9ubuntu0.3", "Arch": "amd64", "SrcName": "perl", "SrcVersion": "5.30.0", "SrcRelease": "9ubuntu0.3", "Licenses": [ "GPL-1.0-or-later", "Artistic-2.0", "MIT", "REGCOMP", "GPL-2.0-with-bison-exception+", "Unicode", "BZIP", "Zlib", "GPL-2.0-or-later", "RRA-KEEP-THIS-NOTICE", "BSD-3-clause-with-weird-numbering", "CC0-1.0", "TEXT-TABS", "BSD-4-clause-POWERDOG", "BSD-3-clause-GENERIC", "BSD-3-Clause", "SDBM-PUBLIC-DOMAIN", "DONT-CHANGE-THE-GPL", "Artistic-dist", "LGPL-2.1-only", "GPL-1.0-only", "GPL-2.0-only", "Artistic-2", "HSIEH-DERIVATIVE", "HSIEH-BSD" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libbz2-1.0@1.0.8-2", "libc6@2.31-0ubuntu9.9", "libcrypt1@1:4.4.10-10ubuntu4", "libdb5.3@5.3.28+dfsg1-0.6ubuntu2", "libgdbm-compat4@1.18.1-5", "libgdbm6@1.18.1-5", "perl-modules-5.30@5.30.0-9ubuntu0.3", "zlib1g@1:1.2.11.dfsg-2ubuntu1.5" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/bin/cpan5.30-x86_64-linux-gnu", "/usr/bin/perl5.30-x86_64-linux-gnu", "/usr/lib/x86_64-linux-gnu/libperl.so.5.30.0", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/B.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/B/Concise.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/B/Showlex.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/B/Terse.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/B/Xref.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/EXTERN.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/INTERN.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/XSUB.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/av.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/bitcount.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/charclass_invlists.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/config.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/cop.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/cv.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/dosish.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/dquote_inline.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/ebcdic_tables.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/embed.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/embedvar.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/fakesdio.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/feature.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/form.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/git_version.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/gv.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/handy.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/hv.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/hv_func.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/hv_macro.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/inline.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/intrpvar.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/invlist_inline.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/iperlsys.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/keywords.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/l1_char_class_tab.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/malloc_ctl.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/metaconfig.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/mg.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/mg_data.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/mg_raw.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/mg_vtable.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/mydtrace.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/nostdio.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/op.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/op_reg_common.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/opcode.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/opnames.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/overload.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/pad.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/parser.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/patchlevel-debian.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/patchlevel.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/perl.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/perl_inc_macro.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/perl_langinfo.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/perlapi.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/perlio.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/perliol.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/perlsdio.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/perlvars.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/perly.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/pp.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/pp_proto.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/proto.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/reentr.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/regcharclass.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/regcomp.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/regexp.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/regnodes.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/sbox32_hash.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/scope.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/stadtx_hash.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/sv.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/thread.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/time64.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/time64_config.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/uconfig.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/uni_keywords.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/unicode_constants.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/unixish.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/utf8.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/utfebcdic.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/util.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/uudmap.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/vutil.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/warnings.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/CORE/zaphod32_hash.h", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Compress/Raw/Bzip2.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Compress/Raw/Zlib.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Config.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Config.pod", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Config_git.pl", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Config_heavy.pl", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Cwd.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/DB_File.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Data/Dumper.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Devel/PPPort.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Devel/Peek.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Digest/MD5.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Digest/SHA.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/DynaLoader.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/Alias.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/Byte.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/CJKConstants.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/CN.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/CN/HZ.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/Config.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/EBCDIC.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/Encoder.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/Encoding.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/GSM0338.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/Guess.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/JP.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/JP/H2Z.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/JP/JIS7.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/KR.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/KR/2022_KR.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/MIME/Header.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/MIME/Header/ISO_2022_JP.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/MIME/Name.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/Symbol.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/TW.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/Unicode.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Encode/Unicode/UTF7.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Errno.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Fcntl.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/File/DosGlob.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/File/Glob.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/File/Spec.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/File/Spec/AmigaOS.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/File/Spec/Cygwin.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/File/Spec/Epoc.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/File/Spec/Functions.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/File/Spec/Mac.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/File/Spec/OS2.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/File/Spec/Unix.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/File/Spec/VMS.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/File/Spec/Win32.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Filter/Util/Call.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/GDBM_File.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Hash/Util.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Hash/Util/FieldHash.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/I18N/Langinfo.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IO.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IO/Dir.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IO/File.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IO/Handle.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IO/Pipe.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IO/Poll.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IO/Seekable.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IO/Select.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IO/Socket.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IO/Socket/INET.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IO/Socket/UNIX.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IPC/Msg.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IPC/Semaphore.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IPC/SharedMem.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/IPC/SysV.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/List/Util.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/List/Util/XS.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/MIME/Base64.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/MIME/QuotedPrint.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Math/BigInt/FastCalc.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/NDBM_File.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/O.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/ODBM_File.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Opcode.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/POSIX.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/POSIX.pod", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/PerlIO/encoding.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/PerlIO/mmap.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/PerlIO/scalar.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/PerlIO/via.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/SDBM_File.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Scalar/Util.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Socket.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Storable.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Sub/Util.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Sys/Hostname.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Sys/Syslog.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Tie/Hash/NamedCapture.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Time/HiRes.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Time/Piece.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Time/Seconds.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Unicode/Collate.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Unicode/Collate/Locale.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/Unicode/Normalize.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/_h2ph_pre.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm-generic/bitsperlong.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm-generic/ioctl.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm-generic/ioctls.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm-generic/posix_types.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm-generic/socket.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm-generic/sockios.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm-generic/termbits.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm-generic/termios.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/bitsperlong.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/ioctl.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/ioctls.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/posix_types.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/posix_types_32.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/posix_types_64.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/posix_types_x32.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/socket.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/sockios.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/termbits.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/termios.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/unistd.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/unistd_32.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/unistd_64.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/asm/unistd_x32.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/attributes.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/B/B.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Compress/Raw/Bzip2/Bzip2.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Compress/Raw/Zlib/Zlib.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Cwd/Cwd.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/DB_File/DB_File.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Data/Dumper/Dumper.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Devel/Peek/Peek.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Digest/MD5/MD5.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Digest/SHA/SHA.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Encode/Byte/Byte.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Encode/CN/CN.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Encode/EBCDIC/EBCDIC.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Encode/Encode.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Encode/JP/JP.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Encode/KR/KR.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Encode/Symbol/Symbol.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Encode/TW/TW.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Encode/Unicode/Unicode.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Fcntl/Fcntl.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/File/DosGlob/DosGlob.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/File/Glob/Glob.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Filter/Util/Call/Call.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/GDBM_File/GDBM_File.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Hash/Util/FieldHash/FieldHash.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Hash/Util/Util.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/I18N/Langinfo/Langinfo.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/IO/IO.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/IPC/SysV/SysV.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/List/Util/Util.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/MIME/Base64/Base64.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Math/BigInt/FastCalc/FastCalc.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/NDBM_File/NDBM_File.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/ODBM_File/ODBM_File.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Opcode/Opcode.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/POSIX/POSIX.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/PerlIO/encoding/encoding.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/PerlIO/mmap/mmap.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/PerlIO/scalar/scalar.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/PerlIO/via/via.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/SDBM_File/SDBM_File.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Socket/Socket.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Storable/Storable.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Sys/Hostname/Hostname.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Sys/Syslog/Syslog.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Tie/Hash/NamedCapture/NamedCapture.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Time/HiRes/HiRes.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Time/Piece/Piece.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Unicode/Collate/Collate.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/Unicode/Normalize/Normalize.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/attributes/attributes.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/mro/mro.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/re/re.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/threads/shared/shared.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/auto/threads/threads.so", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/byteswap.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/endian.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/endianness.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/ioctl-types.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/ioctls.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/long-double.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/pthreadtypes-arch.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/pthreadtypes.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/select.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/select2.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/sigaction.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/sigcontext.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/sigevent-consts.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/siginfo-arch.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/siginfo-consts-arch.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/siginfo-consts.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/signal_ext.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/signum-generic.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/signum.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/sigstack.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/sigthread.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/sockaddr.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/socket-constants.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/socket.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/socket2.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/socket_type.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/ss_flags.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/stdint-intn.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/struct_mutex.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/struct_rwlock.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/syscall.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/syslog-ldbl.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/syslog-path.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/syslog.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/thread-shared-types.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/time64.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/timesize.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/__sigset_t.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/__sigval_t.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/clock_t.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/clockid_t.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/sig_atomic_t.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/sigevent_t.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/siginfo_t.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/sigset_t.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/sigval_t.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/stack_t.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/struct_iovec.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/struct_osockaddr.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/struct_rusage.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/struct_sigstack.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/struct_timespec.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/struct_timeval.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/time_t.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/types/timer_t.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/typesizes.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/uintn-identity.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/waitflags.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/waitstatus.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/bits/wordsize.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/encoding.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/endian.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/errno.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/features.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/gnu/stubs-64.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/gnu/stubs.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/lib.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/linux/ioctl.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/linux/posix_types.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/linux/stddef.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/mro.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/ops.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/re.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/signal.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/stdarg.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/stdc-predef.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/stddef.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/sys/cdefs.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/sys/ioctl.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/sys/select.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/sys/socket.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/sys/syscall.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/sys/syslog.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/sys/time.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/sys/ttydefaults.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/sys/types.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/sys/ucontext.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/sys/wait.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/syscall.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/sysexits.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/syslimits.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/syslog.ph", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/threads.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/threads/shared.pm", "/usr/lib/x86_64-linux-gnu/perl/5.30.0/wait.ph", "/usr/lib/x86_64-linux-gnu/perl/debian-config-data-5.30.0/README", "/usr/lib/x86_64-linux-gnu/perl/debian-config-data-5.30.0/config.sh.debug.gz", "/usr/lib/x86_64-linux-gnu/perl/debian-config-data-5.30.0/config.sh.shared.gz", "/usr/lib/x86_64-linux-gnu/perl/debian-config-data-5.30.0/config.sh.static.gz", "/usr/share/doc/libperl5.30/changelog.Debian.gz", "/usr/share/doc/libperl5.30/copyright", "/usr/share/man/man1/cpan5.30-x86_64-linux-gnu.1.gz", "/usr/share/man/man1/perl5.30-x86_64-linux-gnu.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "libpmem1@1.8-1ubuntu1", "Name": "libpmem1", "Identifier": { "PURL": "pkg:deb/ubuntu/libpmem1@1.8-1ubuntu1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "b5e316fd5e28e714" }, "Version": "1.8", "Release": "1ubuntu1", "Arch": "amd64", "SrcName": "pmdk", "SrcVersion": "1.8", "SrcRelease": "1ubuntu1", "Licenses": [ "BSD-3-Clause", "CDDL-1.0" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libpmem.so.1.0.0", "/usr/share/doc/libpmem1/NEWS.Debian.gz", "/usr/share/doc/libpmem1/changelog.Debian.gz", "/usr/share/doc/libpmem1/copyright", "/usr/share/man/man5/poolset.5.gz", "/usr/share/pmdk/pmdk.magic" ], "AnalyzedBy": "dpkg" }, { "ID": "libpopt0@1.16-14", "Name": "libpopt0", "Identifier": { "PURL": "pkg:deb/ubuntu/libpopt0@1.16-14?arch=amd64\u0026distro=ubuntu-20.04", "UID": "6a08802bc0d6d486" }, "Version": "1.16", "Release": "14", "Arch": "amd64", "SrcName": "popt", "SrcVersion": "1.16", "SrcRelease": "14", "Licenses": [ "X-Consortium", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libpopt.so.0.0.0", "/usr/share/doc/libpopt0/README", "/usr/share/doc/libpopt0/changelog.Debian.gz", "/usr/share/doc/libpopt0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libprocps8@2:3.3.16-1ubuntu2.3", "Name": "libprocps8", "Identifier": { "PURL": "pkg:deb/ubuntu/libprocps8@3.3.16-1ubuntu2.3?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=2", "UID": "75a220dc5c5b9715" }, "Version": "3.3.16", "Release": "1ubuntu2.3", "Epoch": 2, "Arch": "amd64", "SrcName": "procps", "SrcVersion": "3.3.16", "SrcRelease": "1ubuntu2.3", "SrcEpoch": 2, "Licenses": [ "LGPL-2.1-or-later", "LGPL-2.0-or-later", "GPL-2.0-or-later", "GPL-2.0-only", "LGPL-2.0-only", "LGPL-2.1-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libsystemd0@245.4-4ubuntu3.21" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libprocps.so.8.0.2", "/usr/share/doc/libprocps8/NEWS.Debian.gz", "/usr/share/doc/libprocps8/changelog.Debian.gz", "/usr/share/doc/libprocps8/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libreadline5@5.2+dfsg-3build3", "Name": "libreadline5", "Identifier": { "PURL": "pkg:deb/ubuntu/libreadline5@5.2%2Bdfsg-3build3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "234af31bdc63d43c" }, "Version": "5.2+dfsg", "Release": "3build3", "Arch": "amd64", "SrcName": "readline5", "SrcVersion": "5.2+dfsg", "SrcRelease": "3build3", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libtinfo6@6.2-0ubuntu2", "readline-common@8.0-4" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libhistory.so.5.2", "/lib/x86_64-linux-gnu/libreadline.so.5.2", "/usr/share/doc/libreadline5/README.Debian", "/usr/share/doc/libreadline5/USAGE", "/usr/share/doc/libreadline5/changelog.Debian.gz", "/usr/share/doc/libreadline5/copyright", "/usr/share/doc/libreadline5/examples/Inputrc", "/usr/share/doc/libreadline5/inputrc.arrows" ], "AnalyzedBy": "dpkg" }, { "ID": "libreadline8@8.0-4", "Name": "libreadline8", "Identifier": { "PURL": "pkg:deb/ubuntu/libreadline8@8.0-4?arch=amd64\u0026distro=ubuntu-20.04", "UID": "f9e655d4edc2d8e2" }, "Version": "8.0", "Release": "4", "Arch": "amd64", "SrcName": "readline", "SrcVersion": "8.0", "SrcRelease": "4", "Licenses": [ "GPL-3.0-only", "GFDL-1.3-or-later" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libtinfo6@6.2-0ubuntu2", "readline-common@8.0-4" ], "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libhistory.so.8.0", "/lib/x86_64-linux-gnu/libreadline.so.8.0", "/usr/share/doc/libreadline8/README.Debian", "/usr/share/doc/libreadline8/USAGE", "/usr/share/doc/libreadline8/changelog.Debian.gz", "/usr/share/doc/libreadline8/copyright", "/usr/share/doc/libreadline8/examples/Inputrc", "/usr/share/doc/libreadline8/inputrc.arrows" ], "AnalyzedBy": "dpkg" }, { "ID": "libseccomp2@2.5.1-1ubuntu1~20.04.2", "Name": "libseccomp2", "Identifier": { "PURL": "pkg:deb/ubuntu/libseccomp2@2.5.1-1ubuntu1~20.04.2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "db3912914568b1ad" }, "Version": "2.5.1", "Release": "1ubuntu1~20.04.2", "Arch": "amd64", "SrcName": "libseccomp", "SrcVersion": "2.5.1", "SrcRelease": "1ubuntu1~20.04.2", "Licenses": [ "LGPL-2.1-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libseccomp.so.2.5.1", "/usr/share/doc/libseccomp2/changelog.Debian.gz", "/usr/share/doc/libseccomp2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libselinux1@3.0-1build2", "Name": "libselinux1", "Identifier": { "PURL": "pkg:deb/ubuntu/libselinux1@3.0-1build2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "a9c070ddf7ca5ca6" }, "Version": "3.0", "Release": "1build2", "Arch": "amd64", "SrcName": "libselinux", "SrcVersion": "3.0", "SrcRelease": "1build2", "Licenses": [ "LGPL-2.1-only", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libpcre2-8-0@10.34-7ubuntu0.1" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libselinux.so.1", "/usr/share/doc/libselinux1/changelog.Debian.gz", "/usr/share/doc/libselinux1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libsemanage-common@3.0-1build2", "Name": "libsemanage-common", "Identifier": { "PURL": "pkg:deb/ubuntu/libsemanage-common@3.0-1build2?arch=all\u0026distro=ubuntu-20.04", "UID": "f8b9732e3155b5b4" }, "Version": "3.0", "Release": "1build2", "Arch": "all", "SrcName": "libsemanage", "SrcVersion": "3.0", "SrcRelease": "1build2", "Licenses": [ "LGPL-2.0-or-later", "GPL-2.0-or-later" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/share/doc/libsemanage-common/changelog.Debian.gz", "/usr/share/doc/libsemanage-common/copyright", "/usr/share/man/man5/semanage.conf.5.gz", "/usr/share/man/ru/man5/semanage.conf.5.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "libsemanage1@3.0-1build2", "Name": "libsemanage1", "Identifier": { "PURL": "pkg:deb/ubuntu/libsemanage1@3.0-1build2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "eeefe3ed36f03f79" }, "Version": "3.0", "Release": "1build2", "Arch": "amd64", "SrcName": "libsemanage", "SrcVersion": "3.0", "SrcRelease": "1build2", "Licenses": [ "LGPL-2.0-or-later", "GPL-2.0-or-later" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libaudit1@1:2.8.5-2ubuntu6", "libbz2-1.0@1.0.8-2", "libc6@2.31-0ubuntu9.9", "libselinux1@3.0-1build2", "libsemanage-common@3.0-1build2", "libsepol1@3.0-1ubuntu0.1" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libsemanage.so.1", "/usr/share/doc/libsemanage1/changelog.Debian.gz", "/usr/share/doc/libsemanage1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libsepol1@3.0-1ubuntu0.1", "Name": "libsepol1", "Identifier": { "PURL": "pkg:deb/ubuntu/libsepol1@3.0-1ubuntu0.1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "2c4a00b1d72fefc9" }, "Version": "3.0", "Release": "1ubuntu0.1", "Arch": "amd64", "SrcName": "libsepol", "SrcVersion": "3.0", "SrcRelease": "1ubuntu0.1", "Licenses": [ "LGPL-2.0-or-later", "GPL-2.0-or-later" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libsepol.so.1", "/usr/share/doc/libsepol1/changelog.Debian.gz", "/usr/share/doc/libsepol1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libsigsegv2@2.12-2", "Name": "libsigsegv2", "Identifier": { "PURL": "pkg:deb/ubuntu/libsigsegv2@2.12-2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "7e770d77096955f1" }, "Version": "2.12", "Release": "2", "Arch": "amd64", "SrcName": "libsigsegv", "SrcVersion": "2.12", "SrcRelease": "2", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-with-autoconf-exception+", "GPL-2.0-only", "permissive-fsf", "permissive-other" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libsigsegv.so.2.0.5", "/usr/share/doc/libsigsegv2/NEWS.gz", "/usr/share/doc/libsigsegv2/README.gz", "/usr/share/doc/libsigsegv2/changelog.Debian.gz", "/usr/share/doc/libsigsegv2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libsmartcols1@2.34-0.1ubuntu9.3", "Name": "libsmartcols1", "Identifier": { "PURL": "pkg:deb/ubuntu/libsmartcols1@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "e0fe2b0ba0e3d931" }, "Version": "2.34", "Release": "0.1ubuntu9.3", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.34", "SrcRelease": "0.1ubuntu9.3", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "public-domain", "BSD-4-Clause", "MIT", "BSD-2-Clause", "BSD-3-Clause", "LGPL-2.0-or-later", "LGPL-2.1-or-later", "GPL-3.0-or-later", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libsmartcols.so.1.1.0", "/usr/share/doc/libsmartcols1/changelog.Debian.gz", "/usr/share/doc/libsmartcols1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libsqlite3-0@3.31.1-4ubuntu0.5", "Name": "libsqlite3-0", "Identifier": { "PURL": "pkg:deb/ubuntu/libsqlite3-0@3.31.1-4ubuntu0.5?arch=amd64\u0026distro=ubuntu-20.04", "UID": "a3370ed119e5344f" }, "Version": "3.31.1", "Release": "4ubuntu0.5", "Arch": "amd64", "SrcName": "sqlite3", "SrcVersion": "3.31.1", "SrcRelease": "4ubuntu0.5", "Licenses": [ "public-domain", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libsqlite3.so.0.8.6", "/usr/share/doc/libsqlite3-0/README.Debian", "/usr/share/doc/libsqlite3-0/changelog.Debian.gz", "/usr/share/doc/libsqlite3-0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libss2@1.45.5-2ubuntu1.1", "Name": "libss2", "Identifier": { "PURL": "pkg:deb/ubuntu/libss2@1.45.5-2ubuntu1.1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "3e46290b129f0387" }, "Version": "1.45.5", "Release": "2ubuntu1.1", "Arch": "amd64", "SrcName": "e2fsprogs", "SrcVersion": "1.45.5", "SrcRelease": "2ubuntu1.1", "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libcom-err2@1.45.5-2ubuntu1.1" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libss.so.2.0", "/usr/share/doc/libss2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libssl1.1@1.1.1f-1ubuntu2.17", "Name": "libssl1.1", "Identifier": { "PURL": "pkg:deb/ubuntu/libssl1.1@1.1.1f-1ubuntu2.17?arch=amd64\u0026distro=ubuntu-20.04", "UID": "b87ebee76c1b0f05" }, "Version": "1.1.1f", "Release": "1ubuntu2.17", "Arch": "amd64", "SrcName": "openssl", "SrcVersion": "1.1.1f", "SrcRelease": "1ubuntu2.17", "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debconf@1.5.73", "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/engines-1.1/afalg.so", "/usr/lib/x86_64-linux-gnu/engines-1.1/capi.so", "/usr/lib/x86_64-linux-gnu/engines-1.1/padlock.so", "/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1", "/usr/lib/x86_64-linux-gnu/libssl.so.1.1", "/usr/share/doc/libssl1.1/NEWS.Debian.gz", "/usr/share/doc/libssl1.1/changelog.Debian.gz", "/usr/share/doc/libssl1.1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libstdc++6@10.3.0-1ubuntu1~20.04", "Name": "libstdc++6", "Identifier": { "PURL": "pkg:deb/ubuntu/libstdc%2B%2B6@10.3.0-1ubuntu1~20.04?arch=amd64\u0026distro=ubuntu-20.04", "UID": "fcbb911f1af25c92" }, "Version": "10.3.0", "Release": "1ubuntu1~20.04", "Arch": "amd64", "SrcName": "gcc-10", "SrcVersion": "10.3.0", "SrcRelease": "1ubuntu1~20.04", "Maintainer": "Ubuntu Core developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "gcc-10-base@10.3.0-1ubuntu1~20.04", "libc6@2.31-0ubuntu9.9", "libgcc-s1@10.3.0-1ubuntu1~20.04" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.28", "/usr/share/gcc/python/libstdcxx/__init__.py", "/usr/share/gcc/python/libstdcxx/v6/__init__.py", "/usr/share/gcc/python/libstdcxx/v6/printers.py", "/usr/share/gcc/python/libstdcxx/v6/xmethods.py", "/usr/share/gdb/auto-load/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.28-gdb.py" ], "AnalyzedBy": "dpkg" }, { "ID": "libsystemd0@245.4-4ubuntu3.21", "Name": "libsystemd0", "Identifier": { "PURL": "pkg:deb/ubuntu/libsystemd0@245.4-4ubuntu3.21?arch=amd64\u0026distro=ubuntu-20.04", "UID": "2ca4bda860660f7" }, "Version": "245.4", "Release": "4ubuntu3.21", "Arch": "amd64", "SrcName": "systemd", "SrcVersion": "245.4", "SrcRelease": "4ubuntu3.21", "Licenses": [ "LGPL-2.1-or-later", "CC0-1.0", "GPL-2.0-only", "GPL-2 with Linux-syscall-note exception", "MIT", "public-domain", "GPL-2.0-or-later", "LGPL-2.1-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libsystemd.so.0.28.0", "/usr/share/doc/libsystemd0/changelog.Debian.gz", "/usr/share/doc/libsystemd0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libtasn1-6@4.16.0-2", "Name": "libtasn1-6", "Identifier": { "PURL": "pkg:deb/ubuntu/libtasn1-6@4.16.0-2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "1f3fac8fa7795921" }, "Version": "4.16.0", "Release": "2", "Arch": "amd64", "SrcName": "libtasn1-6", "SrcVersion": "4.16.0", "SrcRelease": "2", "Licenses": [ "LGPL-2.0-or-later", "LGPL-2.1-only", "GPL-3.0-only", "GFDL-1.3-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libtasn1.so.6.6.0", "/usr/share/doc/libtasn1-6/AUTHORS", "/usr/share/doc/libtasn1-6/README.md", "/usr/share/doc/libtasn1-6/THANKS", "/usr/share/doc/libtasn1-6/changelog.Debian.gz", "/usr/share/doc/libtasn1-6/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libtinfo6@6.2-0ubuntu2", "Name": "libtinfo6", "Identifier": { "PURL": "pkg:deb/ubuntu/libtinfo6@6.2-0ubuntu2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "a7882c12b2088277" }, "Version": "6.2", "Release": "0ubuntu2", "Arch": "amd64", "SrcName": "ncurses", "SrcVersion": "6.2", "SrcRelease": "0ubuntu2", "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libtinfo.so.6.2", "/usr/lib/x86_64-linux-gnu/libtic.so.6.2", "/usr/share/doc/libtinfo6/FAQ", "/usr/share/doc/libtinfo6/TODO.Debian", "/usr/share/doc/libtinfo6/changelog.Debian.gz", "/usr/share/doc/libtinfo6/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libudev1@245.4-4ubuntu3.21", "Name": "libudev1", "Identifier": { "PURL": "pkg:deb/ubuntu/libudev1@245.4-4ubuntu3.21?arch=amd64\u0026distro=ubuntu-20.04", "UID": "f95ec49e3ef20df4" }, "Version": "245.4", "Release": "4ubuntu3.21", "Arch": "amd64", "SrcName": "systemd", "SrcVersion": "245.4", "SrcRelease": "4ubuntu3.21", "Licenses": [ "LGPL-2.1-or-later", "CC0-1.0", "GPL-2.0-only", "GPL-2 with Linux-syscall-note exception", "MIT", "public-domain", "GPL-2.0-or-later", "LGPL-2.1-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libudev.so.1.6.17", "/usr/share/doc/libudev1/changelog.Debian.gz", "/usr/share/doc/libudev1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libunistring2@0.9.10-2", "Name": "libunistring2", "Identifier": { "PURL": "pkg:deb/ubuntu/libunistring2@0.9.10-2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "d67bce3ae373329f" }, "Version": "0.9.10", "Release": "2", "Arch": "amd64", "SrcName": "libunistring", "SrcVersion": "0.9.10", "SrcRelease": "2", "Licenses": [ "LGPL-3.0-or-later", "GPL-2.0-or-later", "FreeSoftware", "GPL-2+ with distribution exception", "GPL-3.0-or-later", "GFDL-1.2-or-later", "MIT", "LGPL-3.0-only", "GPL-3.0-only", "GPL-2.0-only", "GFDL-1.2-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libunistring.so.2.1.0", "/usr/share/doc/libunistring2/changelog.Debian.gz", "/usr/share/doc/libunistring2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libuuid1@2.34-0.1ubuntu9.3", "Name": "libuuid1", "Identifier": { "PURL": "pkg:deb/ubuntu/libuuid1@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "51a8ab06722bbc14" }, "Version": "2.34", "Release": "0.1ubuntu9.3", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.34", "SrcRelease": "0.1ubuntu9.3", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "public-domain", "BSD-4-Clause", "MIT", "BSD-2-Clause", "BSD-3-Clause", "LGPL-2.0-or-later", "LGPL-2.1-or-later", "GPL-3.0-or-later", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libuuid.so.1.3.0", "/usr/share/doc/libuuid1/changelog.Debian.gz", "/usr/share/doc/libuuid1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libwrap0@7.6.q-30", "Name": "libwrap0", "Identifier": { "PURL": "pkg:deb/ubuntu/libwrap0@7.6.q-30?arch=amd64\u0026distro=ubuntu-20.04", "UID": "5018efec0f7a250d" }, "Version": "7.6.q", "Release": "30", "Arch": "amd64", "SrcName": "tcp-wrappers", "SrcVersion": "7.6.q", "SrcRelease": "30", "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libwrap.so.0.7.6", "/usr/share/doc/libwrap0/README.Debian", "/usr/share/doc/libwrap0/README.gz", "/usr/share/doc/libwrap0/changelog.Debian.gz", "/usr/share/doc/libwrap0/copyright", "/usr/share/man/man5/hosts_access.5.gz", "/usr/share/man/man5/hosts_options.5.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "libxtables12@1.8.4-3ubuntu2", "Name": "libxtables12", "Identifier": { "PURL": "pkg:deb/ubuntu/libxtables12@1.8.4-3ubuntu2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "e8e30686839cc4b5" }, "Version": "1.8.4", "Release": "3ubuntu2", "Arch": "amd64", "SrcName": "iptables", "SrcVersion": "1.8.4", "SrcRelease": "3ubuntu2", "Licenses": [ "GPL-2.0-only", "Artistic-2.0", "GPL-2.0-or-later", "custom" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libxtables.so.12.2.0", "/usr/share/doc/libxtables12/NEWS.Debian.gz", "/usr/share/doc/libxtables12/changelog.Debian.gz", "/usr/share/doc/libxtables12/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libzstd1@1.4.4+dfsg-3ubuntu0.1", "Name": "libzstd1", "Identifier": { "PURL": "pkg:deb/ubuntu/libzstd1@1.4.4%2Bdfsg-3ubuntu0.1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "f4f84047570c3dd6" }, "Version": "1.4.4+dfsg", "Release": "3ubuntu0.1", "Arch": "amd64", "SrcName": "libzstd", "SrcVersion": "1.4.4+dfsg", "SrcRelease": "3ubuntu0.1", "Licenses": [ "BSD-3-Clause", "GPL-2.0-only", "Zlib", "GPL-2.0-or-later", "MIT" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libzstd.so.1.4.4", "/usr/share/doc/libzstd1/changelog.Debian.gz", "/usr/share/doc/libzstd1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "login@1:4.8.1-1ubuntu5.20.04.4", "Name": "login", "Identifier": { "PURL": "pkg:deb/ubuntu/login@4.8.1-1ubuntu5.20.04.4?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "a79aae34849faa64" }, "Version": "4.8.1", "Release": "1ubuntu5.20.04.4", "Epoch": 1, "Arch": "amd64", "SrcName": "shadow", "SrcVersion": "4.8.1", "SrcRelease": "1ubuntu5.20.04.4", "SrcEpoch": 1, "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/bin/login", "/usr/bin/faillog", "/usr/bin/lastlog", "/usr/bin/newgrp", "/usr/sbin/nologin", "/usr/share/apport/package-hooks/source_shadow.py", "/usr/share/doc/login/NEWS.Debian.gz", "/usr/share/doc/login/changelog.Debian.gz", "/usr/share/doc/login/copyright", "/usr/share/lintian/overrides/login", "/usr/share/man/cs/man5/faillog.5.gz", "/usr/share/man/cs/man8/faillog.8.gz", "/usr/share/man/cs/man8/lastlog.8.gz", "/usr/share/man/cs/man8/nologin.8.gz", "/usr/share/man/da/man1/newgrp.1.gz", "/usr/share/man/da/man1/sg.1.gz", "/usr/share/man/da/man8/nologin.8.gz", "/usr/share/man/de/man1/login.1.gz", "/usr/share/man/de/man1/newgrp.1.gz", "/usr/share/man/de/man1/sg.1.gz", "/usr/share/man/de/man5/faillog.5.gz", "/usr/share/man/de/man5/login.defs.5.gz", "/usr/share/man/de/man8/faillog.8.gz", "/usr/share/man/de/man8/lastlog.8.gz", "/usr/share/man/de/man8/nologin.8.gz", "/usr/share/man/fr/man1/login.1.gz", "/usr/share/man/fr/man1/newgrp.1.gz", "/usr/share/man/fr/man1/sg.1.gz", "/usr/share/man/fr/man5/faillog.5.gz", "/usr/share/man/fr/man5/login.defs.5.gz", "/usr/share/man/fr/man8/faillog.8.gz", "/usr/share/man/fr/man8/lastlog.8.gz", "/usr/share/man/fr/man8/nologin.8.gz", "/usr/share/man/hu/man1/login.1.gz", "/usr/share/man/hu/man1/newgrp.1.gz", "/usr/share/man/hu/man8/lastlog.8.gz", "/usr/share/man/id/man1/login.1.gz", "/usr/share/man/it/man1/login.1.gz", "/usr/share/man/it/man1/newgrp.1.gz", "/usr/share/man/it/man1/sg.1.gz", "/usr/share/man/it/man5/faillog.5.gz", "/usr/share/man/it/man5/login.defs.5.gz", "/usr/share/man/it/man8/faillog.8.gz", "/usr/share/man/it/man8/lastlog.8.gz", "/usr/share/man/it/man8/nologin.8.gz", "/usr/share/man/ja/man1/login.1.gz", "/usr/share/man/ja/man1/newgrp.1.gz", "/usr/share/man/ja/man5/faillog.5.gz", "/usr/share/man/ja/man5/login.defs.5.gz", "/usr/share/man/ja/man8/faillog.8.gz", "/usr/share/man/ja/man8/lastlog.8.gz", "/usr/share/man/ko/man1/login.1.gz", "/usr/share/man/man1/login.1.gz", "/usr/share/man/man1/newgrp.1.gz", "/usr/share/man/man1/sg.1.gz", "/usr/share/man/man5/faillog.5.gz", "/usr/share/man/man5/login.defs.5.gz", "/usr/share/man/man8/faillog.8.gz", "/usr/share/man/man8/lastlog.8.gz", "/usr/share/man/man8/nologin.8.gz", "/usr/share/man/pl/man1/newgrp.1.gz", "/usr/share/man/pl/man1/sg.1.gz", "/usr/share/man/pl/man5/faillog.5.gz", "/usr/share/man/pl/man8/faillog.8.gz", "/usr/share/man/pl/man8/lastlog.8.gz", "/usr/share/man/ru/man1/login.1.gz", "/usr/share/man/ru/man1/newgrp.1.gz", "/usr/share/man/ru/man1/sg.1.gz", "/usr/share/man/ru/man5/faillog.5.gz", "/usr/share/man/ru/man5/login.defs.5.gz", "/usr/share/man/ru/man8/faillog.8.gz", "/usr/share/man/ru/man8/lastlog.8.gz", "/usr/share/man/ru/man8/nologin.8.gz", "/usr/share/man/sv/man1/newgrp.1.gz", "/usr/share/man/sv/man1/sg.1.gz", "/usr/share/man/sv/man5/faillog.5.gz", "/usr/share/man/sv/man8/faillog.8.gz", "/usr/share/man/sv/man8/lastlog.8.gz", "/usr/share/man/sv/man8/nologin.8.gz", "/usr/share/man/tr/man1/login.1.gz", "/usr/share/man/zh_CN/man1/login.1.gz", "/usr/share/man/zh_CN/man1/newgrp.1.gz", "/usr/share/man/zh_CN/man1/sg.1.gz", "/usr/share/man/zh_CN/man5/faillog.5.gz", "/usr/share/man/zh_CN/man5/login.defs.5.gz", "/usr/share/man/zh_CN/man8/faillog.8.gz", "/usr/share/man/zh_CN/man8/lastlog.8.gz", "/usr/share/man/zh_CN/man8/nologin.8.gz", "/usr/share/man/zh_TW/man1/newgrp.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "logsave@1.45.5-2ubuntu1.1", "Name": "logsave", "Identifier": { "PURL": "pkg:deb/ubuntu/logsave@1.45.5-2ubuntu1.1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "8308a2b238c2c56" }, "Version": "1.45.5", "Release": "2ubuntu1.1", "Arch": "amd64", "SrcName": "e2fsprogs", "SrcVersion": "1.45.5", "SrcRelease": "2ubuntu1.1", "Licenses": [ "GPL-2.0-only", "LGPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/sbin/logsave", "/usr/share/doc/logsave/changelog.Debian.gz", "/usr/share/doc/logsave/copyright", "/usr/share/man/man8/logsave.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "lsb-base@11.1.0ubuntu2", "Name": "lsb-base", "Identifier": { "PURL": "pkg:deb/ubuntu/lsb-base@11.1.0ubuntu2?arch=all\u0026distro=ubuntu-20.04", "UID": "b3b9f72789fe717e" }, "Version": "11.1.0ubuntu2", "Arch": "all", "SrcName": "lsb", "SrcVersion": "11.1.0ubuntu2", "Licenses": [ "GPL-2.0-only", "BSD-3-Clause" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/lsb/init-functions", "/lib/lsb/init-functions.d/00-verbose", "/lib/lsb/init-functions.d/50-ubuntu-logging", "/usr/share/doc/lsb-base/NEWS.Debian.gz", "/usr/share/doc/lsb-base/README.Debian.gz", "/usr/share/doc/lsb-base/changelog.gz", "/usr/share/doc/lsb-base/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "lsof@4.93.2+dfsg-1ubuntu0.20.04.1", "Name": "lsof", "Identifier": { "PURL": "pkg:deb/ubuntu/lsof@4.93.2%2Bdfsg-1ubuntu0.20.04.1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "3ca8feeece8ad23d" }, "Version": "4.93.2+dfsg", "Release": "1ubuntu0.20.04.1", "Arch": "amd64", "SrcName": "lsof", "SrcVersion": "4.93.2+dfsg", "SrcRelease": "1ubuntu0.20.04.1", "Licenses": [ "Purdue", "BSD-4-Clause", "GPL-2.0-or-later", "LGPL-2.0-or-later", "Sendmail", "LGPL-2.0-only", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libselinux1@3.0-1build2" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/bin/lsof", "/usr/share/doc/lsof/00FAQ.gz", "/usr/share/doc/lsof/00LSOF-L", "/usr/share/doc/lsof/00QUICKSTART.gz", "/usr/share/doc/lsof/README.Debian", "/usr/share/doc/lsof/changelog.Debian.gz", "/usr/share/doc/lsof/copyright", "/usr/share/doc/lsof/examples/00MANIFEST", "/usr/share/doc/lsof/examples/00README", "/usr/share/doc/lsof/examples/big_brother.perl5.gz", "/usr/share/doc/lsof/examples/count_pf.perl", "/usr/share/doc/lsof/examples/count_pf.perl5", "/usr/share/doc/lsof/examples/identd.perl5", "/usr/share/doc/lsof/examples/idrlogin.perl.gz", "/usr/share/doc/lsof/examples/idrlogin.perl5.gz", "/usr/share/doc/lsof/examples/list_NULf.perl5.gz", "/usr/share/doc/lsof/examples/list_fields.awk.gz", "/usr/share/doc/lsof/examples/list_fields.perl.gz", "/usr/share/doc/lsof/examples/shared.perl5.gz", "/usr/share/doc/lsof/examples/sort_res.perl5", "/usr/share/doc/lsof/examples/watch_a_file.perl", "/usr/share/doc/lsof/examples/xusers.awk", "/usr/share/man/man8/lsof.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "mariadb-backup@1:10.7.8+maria~ubu2004", "Name": "mariadb-backup", "Identifier": { "PURL": "pkg:deb/ubuntu/mariadb-backup@10.7.8%2Bmaria~ubu2004?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "a46abd81895bde74" }, "Version": "10.7.8+maria~ubu2004", "Epoch": 1, "Arch": "amd64", "SrcName": "mariadb-10.7", "SrcVersion": "10.7.8+maria~ubu2004", "SrcEpoch": 1, "Maintainer": "MariaDB Developers \u003cmaria-developers@lists.launchpad.net\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libaio1@0.3.112-5", "libc6@2.31-0ubuntu9.9", "libcrypt1@1:4.4.10-10ubuntu4", "libpcre2-8-0@10.34-7ubuntu0.1", "libpmem1@1.8-1ubuntu1", "libssl1.1@1.1.1f-1ubuntu2.17", "libstdc++6@10.3.0-1ubuntu1~20.04", "libsystemd0@245.4-4ubuntu3.21", "mariadb-client-core-10.7@1:10.7.8+maria~ubu2004", "zlib1g@1:1.2.11.dfsg-2ubuntu1.5" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/bin/mariadb-backup", "/usr/bin/mbstream", "/usr/share/doc/mariadb-backup/changelog.gz", "/usr/share/doc/mariadb-backup/copyright", "/usr/share/man/man1/mariabackup.1.gz", "/usr/share/man/man1/mbstream.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "mariadb-client-10.7@1:10.7.8+maria~ubu2004", "Name": "mariadb-client-10.7", "Identifier": { "PURL": "pkg:deb/ubuntu/mariadb-client-10.7@10.7.8%2Bmaria~ubu2004?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "ce20d725795d726c" }, "Version": "10.7.8+maria~ubu2004", "Epoch": 1, "Arch": "amd64", "SrcName": "mariadb-10.7", "SrcVersion": "10.7.8+maria~ubu2004", "SrcEpoch": 1, "Maintainer": "MariaDB Developers \u003cmaria-developers@lists.launchpad.net\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debianutils@4.9.1", "libc6@2.31-0ubuntu9.9", "libconfig-inifiles-perl@3.000002-1", "libssl1.1@1.1.1f-1ubuntu2.17", "libstdc++6@10.3.0-1ubuntu1~20.04", "mariadb-client-core-10.7@1:10.7.8+maria~ubu2004", "mariadb-common@1:10.7.8+maria~ubu2004", "zlib1g@1:1.2.11.dfsg-2ubuntu1.5" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/bin/innotop", "/usr/bin/mariadb-access", "/usr/bin/mariadb-admin", "/usr/bin/mariadb-binlog", "/usr/bin/mariadb-conv", "/usr/bin/mariadb-convert-table-format", "/usr/bin/mariadb-dump", "/usr/bin/mariadb-dumpslow", "/usr/bin/mariadb-find-rows", "/usr/bin/mariadb-fix-extensions", "/usr/bin/mariadb-hotcopy", "/usr/bin/mariadb-import", "/usr/bin/mariadb-plugin", "/usr/bin/mariadb-report", "/usr/bin/mariadb-secure-installation", "/usr/bin/mariadb-setpermission", "/usr/bin/mariadb-show", "/usr/bin/mariadb-slap", "/usr/bin/mariadb-tzinfo-to-sql", "/usr/bin/mariadb-waitpid", "/usr/bin/msql2mysql", "/usr/bin/mytop", "/usr/bin/perror", "/usr/bin/replace", "/usr/bin/resolve_stack_dump", "/usr/share/doc/mariadb-client-10.7/README.Debian", "/usr/share/doc/mariadb-client-10.7/README.md", "/usr/share/doc/mariadb-client-10.7/changelog.gz", "/usr/share/doc/mariadb-client-10.7/changelog.innotop.gz", "/usr/share/doc/mariadb-client-10.7/copyright", "/usr/share/man/man1/innotop.1.gz", "/usr/share/man/man1/mariadb-conv.1.gz", "/usr/share/man/man1/mariadb-report.1.gz", "/usr/share/man/man1/msql2mysql.1.gz", "/usr/share/man/man1/mysql_convert_table_format.1.gz", "/usr/share/man/man1/mysql_find_rows.1.gz", "/usr/share/man/man1/mysql_fix_extensions.1.gz", "/usr/share/man/man1/mysql_plugin.1.gz", "/usr/share/man/man1/mysql_secure_installation.1.gz", "/usr/share/man/man1/mysql_setpermission.1.gz", "/usr/share/man/man1/mysql_tzinfo_to_sql.1.gz", "/usr/share/man/man1/mysql_waitpid.1.gz", "/usr/share/man/man1/mysqlaccess.1.gz", "/usr/share/man/man1/mysqladmin.1.gz", "/usr/share/man/man1/mysqlbinlog.1.gz", "/usr/share/man/man1/mysqldump.1.gz", "/usr/share/man/man1/mysqldumpslow.1.gz", "/usr/share/man/man1/mysqlhotcopy.1.gz", "/usr/share/man/man1/mysqlimport.1.gz", "/usr/share/man/man1/mysqlshow.1.gz", "/usr/share/man/man1/mysqlslap.1.gz", "/usr/share/man/man1/mytop.1.gz", "/usr/share/man/man1/perror.1.gz", "/usr/share/man/man1/replace.1.gz", "/usr/share/man/man1/resolve_stack_dump.1.gz", "/usr/share/menu/mariadb-client-10.7" ], "AnalyzedBy": "dpkg" }, { "ID": "mariadb-client-core-10.7@1:10.7.8+maria~ubu2004", "Name": "mariadb-client-core-10.7", "Identifier": { "PURL": "pkg:deb/ubuntu/mariadb-client-core-10.7@10.7.8%2Bmaria~ubu2004?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "d75d249eff74841" }, "Version": "10.7.8+maria~ubu2004", "Epoch": 1, "Arch": "amd64", "SrcName": "mariadb-10.7", "SrcVersion": "10.7.8+maria~ubu2004", "SrcEpoch": 1, "Maintainer": "MariaDB Developers \u003cmaria-developers@lists.launchpad.net\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libmariadb3@1:10.7.8+maria~ubu2004", "libncurses6@6.2-0ubuntu2", "libreadline5@5.2+dfsg-3build3", "libssl1.1@1.1.1f-1ubuntu2.17", "libstdc++6@10.3.0-1ubuntu1~20.04", "libtinfo6@6.2-0ubuntu2", "mariadb-common@1:10.7.8+maria~ubu2004", "zlib1g@1:1.2.11.dfsg-2ubuntu1.5" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/bin/mariadb", "/usr/bin/mariadb-check", "/usr/bin/my_print_defaults", "/usr/share/doc/mariadb-client-core-10.7/changelog.gz", "/usr/share/doc/mariadb-client-core-10.7/copyright", "/usr/share/man/man1/my_print_defaults.1.gz", "/usr/share/man/man1/mysql.1.gz", "/usr/share/man/man1/mysqlcheck.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "mariadb-common@1:10.7.8+maria~ubu2004", "Name": "mariadb-common", "Identifier": { "PURL": "pkg:deb/ubuntu/mariadb-common@10.7.8%2Bmaria~ubu2004?arch=all\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "328c7a59af1dc0f8" }, "Version": "10.7.8+maria~ubu2004", "Epoch": 1, "Arch": "all", "SrcName": "mariadb-10.7", "SrcVersion": "10.7.8+maria~ubu2004", "SrcEpoch": 1, "Maintainer": "MariaDB Developers \u003cmaria-developers@lists.launchpad.net\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "mysql-common@1:10.7.8+maria~ubu2004" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/share/doc/mariadb-common/changelog.gz", "/usr/share/doc/mariadb-common/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "mariadb-server@1:10.7.8+maria~ubu2004", "Name": "mariadb-server", "Identifier": { "PURL": "pkg:deb/ubuntu/mariadb-server@10.7.8%2Bmaria~ubu2004?arch=all\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "cec014dd99a06d48" }, "Version": "10.7.8+maria~ubu2004", "Epoch": 1, "Arch": "all", "SrcName": "mariadb-10.7", "SrcVersion": "10.7.8+maria~ubu2004", "SrcEpoch": 1, "Maintainer": "MariaDB Developers \u003cmaria-developers@lists.launchpad.net\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "mariadb-server-10.7@1:10.7.8+maria~ubu2004" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/share/doc/mariadb-server/changelog.gz", "/usr/share/doc/mariadb-server/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "mariadb-server-10.7@1:10.7.8+maria~ubu2004", "Name": "mariadb-server-10.7", "Identifier": { "PURL": "pkg:deb/ubuntu/mariadb-server-10.7@10.7.8%2Bmaria~ubu2004?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "a0491ccb107eab6a" }, "Version": "10.7.8+maria~ubu2004", "Epoch": 1, "Arch": "amd64", "SrcName": "mariadb-10.7", "SrcVersion": "10.7.8+maria~ubu2004", "SrcEpoch": 1, "Maintainer": "MariaDB Developers \u003cmaria-developers@lists.launchpad.net\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debconf@1.5.73", "galera-4@26.4.14-ubu2004", "gawk@1:5.0.1+dfsg-1", "iproute2@5.5.0-1ubuntu1", "libc6@2.31-0ubuntu9.9", "libdbi-perl@1.643-1ubuntu0.1", "libpam0g@1.3.1-5ubuntu4.6", "libssl1.1@1.1.1f-1ubuntu2.17", "libstdc++6@10.3.0-1ubuntu1~20.04", "lsb-base@11.1.0ubuntu2", "lsof@4.93.2+dfsg-1ubuntu0.20.04.1", "mariadb-client-10.7@1:10.7.8+maria~ubu2004", "mariadb-server-core-10.7@1:10.7.8+maria~ubu2004", "passwd@1:4.8.1-1ubuntu5.20.04.4", "perl@5.30.0-9ubuntu0.3", "procps@2:3.3.16-1ubuntu2.3", "psmisc@23.3-1", "rsync@3.1.3-8ubuntu0.5", "socat@1.7.3.3-2", "zlib1g@1:1.2.11.dfsg-2ubuntu1.5" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/lib/systemd/system/mariadb-extra.socket", "/lib/systemd/system/mariadb-extra@.socket", "/lib/systemd/system/mariadb.service", "/lib/systemd/system/mariadb.socket", "/lib/systemd/system/mariadb@.service", "/lib/systemd/system/mariadb@.socket", "/lib/systemd/system/mariadb@bootstrap.service.d/use_galera_new_cluster.conf", "/lib/x86_64-linux-gnu/security/pam_user_map.so", "/usr/bin/aria_chk", "/usr/bin/aria_dump_log", "/usr/bin/aria_ftdump", "/usr/bin/aria_pack", "/usr/bin/aria_read_log", "/usr/bin/galera_new_cluster", "/usr/bin/galera_recovery", "/usr/bin/mariadb-service-convert", "/usr/bin/mariadbd-multi", "/usr/bin/mariadbd-safe", "/usr/bin/mariadbd-safe-helper", "/usr/bin/myisam_ftdump", "/usr/bin/myisamchk", "/usr/bin/myisamlog", "/usr/bin/myisampack", "/usr/bin/wsrep_sst_common", "/usr/bin/wsrep_sst_mariabackup", "/usr/bin/wsrep_sst_mysqldump", "/usr/bin/wsrep_sst_rsync", "/usr/lib/mysql/plugin/auth_ed25519.so", "/usr/lib/mysql/plugin/auth_pam.so", "/usr/lib/mysql/plugin/auth_pam_tool_dir/auth_pam_tool", "/usr/lib/mysql/plugin/auth_pam_v1.so", "/usr/lib/mysql/plugin/disks.so", "/usr/lib/mysql/plugin/file_key_management.so", "/usr/lib/mysql/plugin/ha_archive.so", "/usr/lib/mysql/plugin/ha_blackhole.so", "/usr/lib/mysql/plugin/ha_federated.so", "/usr/lib/mysql/plugin/ha_federatedx.so", "/usr/lib/mysql/plugin/ha_sphinx.so", "/usr/lib/mysql/plugin/handlersocket.so", "/usr/lib/mysql/plugin/locales.so", "/usr/lib/mysql/plugin/metadata_lock_info.so", "/usr/lib/mysql/plugin/password_reuse_check.so", "/usr/lib/mysql/plugin/query_cache_info.so", "/usr/lib/mysql/plugin/query_response_time.so", "/usr/lib/mysql/plugin/server_audit.so", "/usr/lib/mysql/plugin/simple_password_check.so", "/usr/lib/mysql/plugin/sql_errlog.so", "/usr/lib/mysql/plugin/type_mysql_json.so", "/usr/lib/mysql/plugin/wsrep_info.so", "/usr/share/apport/package-hooks/source_mariadb-10.7.py", "/usr/share/doc/mariadb-server-10.7/README.Debian.gz", "/usr/share/doc/mariadb-server-10.7/changelog.gz", "/usr/share/doc/mariadb-server-10.7/copyright", "/usr/share/doc/mariadb-server-10.7/mariadbd.sym.gz", "/usr/share/man/man1/aria_chk.1.gz", "/usr/share/man/man1/aria_dump_log.1.gz", "/usr/share/man/man1/aria_ftdump.1.gz", "/usr/share/man/man1/aria_pack.1.gz", "/usr/share/man/man1/aria_read_log.1.gz", "/usr/share/man/man1/galera_new_cluster.1.gz", "/usr/share/man/man1/galera_recovery.1.gz", "/usr/share/man/man1/mariadb-service-convert.1.gz", "/usr/share/man/man1/myisam_ftdump.1.gz", "/usr/share/man/man1/myisamchk.1.gz", "/usr/share/man/man1/myisamlog.1.gz", "/usr/share/man/man1/myisampack.1.gz", "/usr/share/man/man1/mysqld_multi.1.gz", "/usr/share/man/man1/mysqld_safe.1.gz", "/usr/share/man/man1/mysqld_safe_helper.1.gz", "/usr/share/man/man1/wsrep_sst_common.1.gz", "/usr/share/man/man1/wsrep_sst_mariabackup.1.gz", "/usr/share/man/man1/wsrep_sst_mysqldump.1.gz", "/usr/share/man/man1/wsrep_sst_rsync.1.gz", "/usr/share/man/man1/wsrep_sst_rsync_wan.1.gz", "/usr/share/mysql/debian-start.inc.sh", "/usr/share/mysql/echo_stderr", "/usr/share/mysql/errmsg-utf8.txt", "/usr/share/mysql/wsrep.cnf", "/usr/share/mysql/wsrep_notify" ], "AnalyzedBy": "dpkg" }, { "ID": "mariadb-server-core-10.7@1:10.7.8+maria~ubu2004", "Name": "mariadb-server-core-10.7", "Identifier": { "PURL": "pkg:deb/ubuntu/mariadb-server-core-10.7@10.7.8%2Bmaria~ubu2004?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "919704cfe08b9b7b" }, "Version": "10.7.8+maria~ubu2004", "Epoch": 1, "Arch": "amd64", "SrcName": "mariadb-10.7", "SrcVersion": "10.7.8+maria~ubu2004", "SrcEpoch": 1, "Maintainer": "MariaDB Developers \u003cmaria-developers@lists.launchpad.net\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libaio1@0.3.112-5", "libc6@2.31-0ubuntu9.9", "libcrypt1@1:4.4.10-10ubuntu4", "libpcre2-8-0@10.34-7ubuntu0.1", "libpmem1@1.8-1ubuntu1", "libssl1.1@1.1.1f-1ubuntu2.17", "libstdc++6@10.3.0-1ubuntu1~20.04", "libsystemd0@245.4-4ubuntu3.21", "mariadb-common@1:10.7.8+maria~ubu2004", "zlib1g@1:1.2.11.dfsg-2ubuntu1.5" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/bin/innochecksum", "/usr/bin/mariadb-install-db", "/usr/bin/mariadb-upgrade", "/usr/bin/resolveip", "/usr/sbin/mariadbd", "/usr/share/doc/mariadb-server-core-10.7/changelog.gz", "/usr/share/doc/mariadb-server-core-10.7/copyright", "/usr/share/man/man1/innochecksum.1.gz", "/usr/share/man/man1/mysql_install_db.1.gz", "/usr/share/man/man1/mysql_upgrade.1.gz", "/usr/share/man/man1/resolveip.1.gz", "/usr/share/man/man8/mysqld.8.gz", "/usr/share/mysql/bulgarian/errmsg.sys", "/usr/share/mysql/charsets/Index.xml", "/usr/share/mysql/charsets/README", "/usr/share/mysql/charsets/armscii8.xml", "/usr/share/mysql/charsets/ascii.xml", "/usr/share/mysql/charsets/cp1250.xml", "/usr/share/mysql/charsets/cp1251.xml", "/usr/share/mysql/charsets/cp1256.xml", "/usr/share/mysql/charsets/cp1257.xml", "/usr/share/mysql/charsets/cp850.xml", "/usr/share/mysql/charsets/cp852.xml", "/usr/share/mysql/charsets/cp866.xml", "/usr/share/mysql/charsets/dec8.xml", "/usr/share/mysql/charsets/geostd8.xml", "/usr/share/mysql/charsets/greek.xml", "/usr/share/mysql/charsets/hebrew.xml", "/usr/share/mysql/charsets/hp8.xml", "/usr/share/mysql/charsets/keybcs2.xml", "/usr/share/mysql/charsets/koi8r.xml", "/usr/share/mysql/charsets/koi8u.xml", "/usr/share/mysql/charsets/latin1.xml", "/usr/share/mysql/charsets/latin2.xml", "/usr/share/mysql/charsets/latin5.xml", "/usr/share/mysql/charsets/latin7.xml", "/usr/share/mysql/charsets/macce.xml", "/usr/share/mysql/charsets/macroman.xml", "/usr/share/mysql/charsets/swe7.xml", "/usr/share/mysql/chinese/errmsg.sys", "/usr/share/mysql/czech/errmsg.sys", "/usr/share/mysql/danish/errmsg.sys", "/usr/share/mysql/dutch/errmsg.sys", "/usr/share/mysql/english/errmsg.sys", "/usr/share/mysql/estonian/errmsg.sys", "/usr/share/mysql/fill_help_tables.sql", "/usr/share/mysql/french/errmsg.sys", "/usr/share/mysql/german/errmsg.sys", "/usr/share/mysql/greek/errmsg.sys", "/usr/share/mysql/hindi/errmsg.sys", "/usr/share/mysql/hungarian/errmsg.sys", "/usr/share/mysql/italian/errmsg.sys", "/usr/share/mysql/japanese/errmsg.sys", "/usr/share/mysql/korean/errmsg.sys", "/usr/share/mysql/maria_add_gis_sp_bootstrap.sql", "/usr/share/mysql/mysql_performance_tables.sql", "/usr/share/mysql/mysql_sys_schema.sql", "/usr/share/mysql/mysql_system_tables.sql", "/usr/share/mysql/mysql_system_tables_data.sql", "/usr/share/mysql/mysql_test_data_timezone.sql", "/usr/share/mysql/mysql_test_db.sql", "/usr/share/mysql/norwegian-ny/errmsg.sys", "/usr/share/mysql/norwegian/errmsg.sys", "/usr/share/mysql/polish/errmsg.sys", "/usr/share/mysql/portuguese/errmsg.sys", "/usr/share/mysql/romanian/errmsg.sys", "/usr/share/mysql/russian/errmsg.sys", "/usr/share/mysql/serbian/errmsg.sys", "/usr/share/mysql/slovak/errmsg.sys", "/usr/share/mysql/spanish/errmsg.sys", "/usr/share/mysql/swedish/errmsg.sys", "/usr/share/mysql/ukrainian/errmsg.sys" ], "AnalyzedBy": "dpkg" }, { "ID": "mawk@1.3.4.20200120-2", "Name": "mawk", "Identifier": { "PURL": "pkg:deb/ubuntu/mawk@1.3.4.20200120-2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "7247efd69179ae3d" }, "Version": "1.3.4.20200120", "Release": "2", "Arch": "amd64", "SrcName": "mawk", "SrcVersion": "1.3.4.20200120", "SrcRelease": "2", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/bin/mawk", "/usr/share/doc/mawk/ACKNOWLEDGMENT", "/usr/share/doc/mawk/README", "/usr/share/doc/mawk/changelog.Debian.gz", "/usr/share/doc/mawk/copyright", "/usr/share/doc/mawk/examples/ct_length.awk", "/usr/share/doc/mawk/examples/decl.awk", "/usr/share/doc/mawk/examples/deps.awk", "/usr/share/doc/mawk/examples/eatc.awk", "/usr/share/doc/mawk/examples/gdecl.awk", "/usr/share/doc/mawk/examples/hcal", "/usr/share/doc/mawk/examples/hical", "/usr/share/doc/mawk/examples/nocomment.awk", "/usr/share/doc/mawk/examples/primes.awk", "/usr/share/doc/mawk/examples/qsort.awk", "/usr/share/man/man1/mawk.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "mount@2.34-0.1ubuntu9.3", "Name": "mount", "Identifier": { "PURL": "pkg:deb/ubuntu/mount@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "5dec57b54f278111" }, "Version": "2.34", "Release": "0.1ubuntu9.3", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.34", "SrcRelease": "0.1ubuntu9.3", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "public-domain", "BSD-4-Clause", "MIT", "BSD-2-Clause", "BSD-3-Clause", "LGPL-2.0-or-later", "LGPL-2.1-or-later", "GPL-3.0-or-later", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "util-linux@2.34-0.1ubuntu9.3" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/bin/mount", "/bin/umount", "/sbin/losetup", "/sbin/swapoff", "/sbin/swapon", "/usr/share/bash-completion/completions/losetup", "/usr/share/bash-completion/completions/mount", "/usr/share/bash-completion/completions/swapoff", "/usr/share/bash-completion/completions/swapon", "/usr/share/bash-completion/completions/umount", "/usr/share/doc/mount/NEWS.Debian.gz", "/usr/share/doc/mount/copyright", "/usr/share/doc/mount/examples/mount.fstab", "/usr/share/lintian/overrides/mount", "/usr/share/man/man5/fstab.5.gz", "/usr/share/man/man8/losetup.8.gz", "/usr/share/man/man8/mount.8.gz", "/usr/share/man/man8/swapon.8.gz", "/usr/share/man/man8/umount.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "mysql-common@1:10.7.8+maria~ubu2004", "Name": "mysql-common", "Identifier": { "PURL": "pkg:deb/ubuntu/mysql-common@10.7.8%2Bmaria~ubu2004?arch=all\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "7a316d77b6050a6b" }, "Version": "10.7.8+maria~ubu2004", "Epoch": 1, "Arch": "all", "SrcName": "mariadb-10.7", "SrcVersion": "10.7.8+maria~ubu2004", "SrcEpoch": 1, "Maintainer": "MariaDB Developers \u003cmaria-developers@lists.launchpad.net\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/share/doc/mysql-common/changelog.gz", "/usr/share/doc/mysql-common/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "ncurses-base@6.2-0ubuntu2", "Name": "ncurses-base", "Identifier": { "PURL": "pkg:deb/ubuntu/ncurses-base@6.2-0ubuntu2?arch=all\u0026distro=ubuntu-20.04", "UID": "11c3ebabbf3b213f" }, "Version": "6.2", "Release": "0ubuntu2", "Arch": "all", "SrcName": "ncurses", "SrcVersion": "6.2", "SrcRelease": "0ubuntu2", "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/terminfo/E/Eterm", "/lib/terminfo/a/ansi", "/lib/terminfo/c/cons25", "/lib/terminfo/c/cons25-debian", "/lib/terminfo/c/cygwin", "/lib/terminfo/d/dumb", "/lib/terminfo/h/hurd", "/lib/terminfo/l/linux", "/lib/terminfo/m/mach", "/lib/terminfo/m/mach-bold", "/lib/terminfo/m/mach-color", "/lib/terminfo/m/mach-gnu", "/lib/terminfo/m/mach-gnu-color", "/lib/terminfo/p/pcansi", "/lib/terminfo/r/rxvt", "/lib/terminfo/r/rxvt-basic", "/lib/terminfo/r/rxvt-unicode", "/lib/terminfo/r/rxvt-unicode-256color", "/lib/terminfo/s/screen", "/lib/terminfo/s/screen-256color", "/lib/terminfo/s/screen-256color-bce", "/lib/terminfo/s/screen-bce", "/lib/terminfo/s/screen-s", "/lib/terminfo/s/screen-w", "/lib/terminfo/s/screen.xterm-256color", "/lib/terminfo/s/sun", "/lib/terminfo/t/tmux", "/lib/terminfo/t/tmux-256color", "/lib/terminfo/v/vt100", "/lib/terminfo/v/vt102", "/lib/terminfo/v/vt220", "/lib/terminfo/v/vt52", "/lib/terminfo/w/wsvt25", "/lib/terminfo/w/wsvt25m", "/lib/terminfo/x/xterm", "/lib/terminfo/x/xterm-256color", "/lib/terminfo/x/xterm-color", "/lib/terminfo/x/xterm-mono", "/lib/terminfo/x/xterm-r5", "/lib/terminfo/x/xterm-r6", "/lib/terminfo/x/xterm-vt220", "/lib/terminfo/x/xterm-xfree86", "/usr/share/doc/ncurses-base/changelog.Debian.gz", "/usr/share/doc/ncurses-base/copyright", "/usr/share/lintian/overrides/ncurses-base", "/usr/share/tabset/std", "/usr/share/tabset/stdcrt", "/usr/share/tabset/vt100", "/usr/share/tabset/vt300" ], "AnalyzedBy": "dpkg" }, { "ID": "ncurses-bin@6.2-0ubuntu2", "Name": "ncurses-bin", "Identifier": { "PURL": "pkg:deb/ubuntu/ncurses-bin@6.2-0ubuntu2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "f840bf3c896244a7" }, "Version": "6.2", "Release": "0ubuntu2", "Arch": "amd64", "SrcName": "ncurses", "SrcVersion": "6.2", "SrcRelease": "0ubuntu2", "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/bin/clear", "/usr/bin/infocmp", "/usr/bin/tabs", "/usr/bin/tic", "/usr/bin/toe", "/usr/bin/tput", "/usr/bin/tset", "/usr/share/doc/ncurses-bin/copyright", "/usr/share/man/man1/captoinfo.1.gz", "/usr/share/man/man1/clear.1.gz", "/usr/share/man/man1/infocmp.1.gz", "/usr/share/man/man1/infotocap.1.gz", "/usr/share/man/man1/tabs.1.gz", "/usr/share/man/man1/tic.1.gz", "/usr/share/man/man1/toe.1.gz", "/usr/share/man/man1/tput.1.gz", "/usr/share/man/man1/tset.1.gz", "/usr/share/man/man5/scr_dump.5.gz", "/usr/share/man/man5/term.5.gz", "/usr/share/man/man5/terminfo.5.gz", "/usr/share/man/man5/user_caps.5.gz", "/usr/share/man/man7/term.7.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "openssl@1.1.1f-1ubuntu2.17", "Name": "openssl", "Identifier": { "PURL": "pkg:deb/ubuntu/openssl@1.1.1f-1ubuntu2.17?arch=amd64\u0026distro=ubuntu-20.04", "UID": "d05522de581addaf" }, "Version": "1.1.1f", "Release": "1ubuntu2.17", "Arch": "amd64", "SrcName": "openssl", "SrcVersion": "1.1.1f", "SrcRelease": "1ubuntu2.17", "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libssl1.1@1.1.1f-1ubuntu2.17" ], "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "InstalledFiles": [ "/usr/bin/c_rehash", "/usr/bin/openssl", "/usr/lib/ssl/misc/CA.pl", "/usr/lib/ssl/misc/tsget.pl", "/usr/share/doc/openssl/FAQ", "/usr/share/doc/openssl/HOWTO/certificates.txt.gz", "/usr/share/doc/openssl/HOWTO/keys.txt", "/usr/share/doc/openssl/NEWS.Debian.gz", "/usr/share/doc/openssl/NEWS.gz", "/usr/share/doc/openssl/README", "/usr/share/doc/openssl/README.Debian", "/usr/share/doc/openssl/README.ENGINE.gz", "/usr/share/doc/openssl/README.optimization", "/usr/share/doc/openssl/fingerprints.txt", "/usr/share/lintian/overrides/openssl", "/usr/share/man/man1/CA.pl.1ssl.gz", "/usr/share/man/man1/asn1parse.1ssl.gz", "/usr/share/man/man1/ca.1ssl.gz", "/usr/share/man/man1/ciphers.1ssl.gz", "/usr/share/man/man1/cms.1ssl.gz", "/usr/share/man/man1/crl.1ssl.gz", "/usr/share/man/man1/crl2pkcs7.1ssl.gz", "/usr/share/man/man1/dgst.1ssl.gz", "/usr/share/man/man1/dhparam.1ssl.gz", "/usr/share/man/man1/dsa.1ssl.gz", "/usr/share/man/man1/dsaparam.1ssl.gz", "/usr/share/man/man1/ec.1ssl.gz", "/usr/share/man/man1/ecparam.1ssl.gz", "/usr/share/man/man1/enc.1ssl.gz", "/usr/share/man/man1/engine.1ssl.gz", "/usr/share/man/man1/errstr.1ssl.gz", "/usr/share/man/man1/gendsa.1ssl.gz", "/usr/share/man/man1/genpkey.1ssl.gz", "/usr/share/man/man1/genrsa.1ssl.gz", "/usr/share/man/man1/list.1ssl.gz", "/usr/share/man/man1/nseq.1ssl.gz", "/usr/share/man/man1/ocsp.1ssl.gz", "/usr/share/man/man1/openssl.1ssl.gz", "/usr/share/man/man1/passwd.1ssl.gz", "/usr/share/man/man1/pkcs12.1ssl.gz", "/usr/share/man/man1/pkcs7.1ssl.gz", "/usr/share/man/man1/pkcs8.1ssl.gz", "/usr/share/man/man1/pkey.1ssl.gz", "/usr/share/man/man1/pkeyparam.1ssl.gz", "/usr/share/man/man1/pkeyutl.1ssl.gz", "/usr/share/man/man1/prime.1ssl.gz", "/usr/share/man/man1/rand.1ssl.gz", "/usr/share/man/man1/rehash.1ssl.gz", "/usr/share/man/man1/req.1ssl.gz", "/usr/share/man/man1/rsa.1ssl.gz", "/usr/share/man/man1/rsautl.1ssl.gz", "/usr/share/man/man1/s_client.1ssl.gz", "/usr/share/man/man1/s_server.1ssl.gz", "/usr/share/man/man1/s_time.1ssl.gz", "/usr/share/man/man1/sess_id.1ssl.gz", "/usr/share/man/man1/smime.1ssl.gz", "/usr/share/man/man1/speed.1ssl.gz", "/usr/share/man/man1/spkac.1ssl.gz", "/usr/share/man/man1/srp.1ssl.gz", "/usr/share/man/man1/storeutl.1ssl.gz", "/usr/share/man/man1/ts.1ssl.gz", "/usr/share/man/man1/tsget.1ssl.gz", "/usr/share/man/man1/verify.1ssl.gz", "/usr/share/man/man1/version.1ssl.gz", "/usr/share/man/man1/x509.1ssl.gz", "/usr/share/man/man5/config.5ssl.gz", "/usr/share/man/man5/x509v3_config.5ssl.gz", "/usr/share/man/man7/Ed25519.7ssl.gz", "/usr/share/man/man7/RAND.7ssl.gz", "/usr/share/man/man7/RAND_DRBG.7ssl.gz", "/usr/share/man/man7/RSA-PSS.7ssl.gz", "/usr/share/man/man7/SM2.7ssl.gz", "/usr/share/man/man7/X25519.7ssl.gz", "/usr/share/man/man7/bio.7ssl.gz", "/usr/share/man/man7/crypto.7ssl.gz", "/usr/share/man/man7/ct.7ssl.gz", "/usr/share/man/man7/des_modes.7ssl.gz", "/usr/share/man/man7/evp.7ssl.gz", "/usr/share/man/man7/ossl_store-file.7ssl.gz", "/usr/share/man/man7/ossl_store.7ssl.gz", "/usr/share/man/man7/passphrase-encoding.7ssl.gz", "/usr/share/man/man7/proxy-certificates.7ssl.gz", "/usr/share/man/man7/scrypt.7ssl.gz", "/usr/share/man/man7/ssl.7ssl.gz", "/usr/share/man/man7/x509.7ssl.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "passwd@1:4.8.1-1ubuntu5.20.04.4", "Name": "passwd", "Identifier": { "PURL": "pkg:deb/ubuntu/passwd@4.8.1-1ubuntu5.20.04.4?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "d3a91d4da26b7b0b" }, "Version": "4.8.1", "Release": "1ubuntu5.20.04.4", "Epoch": 1, "Arch": "amd64", "SrcName": "shadow", "SrcVersion": "4.8.1", "SrcRelease": "1ubuntu5.20.04.4", "SrcEpoch": 1, "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libaudit1@1:2.8.5-2ubuntu6", "libc6@2.31-0ubuntu9.9", "libcrypt1@1:4.4.10-10ubuntu4", "libpam-modules@1.3.1-5ubuntu4.6", "libpam0g@1.3.1-5ubuntu4.6", "libselinux1@3.0-1build2", "libsemanage1@3.0-1build2" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/sbin/shadowconfig", "/usr/bin/chage", "/usr/bin/chfn", "/usr/bin/chsh", "/usr/bin/expiry", "/usr/bin/gpasswd", "/usr/bin/passwd", "/usr/lib/tmpfiles.d/passwd.conf", "/usr/sbin/chgpasswd", "/usr/sbin/chpasswd", "/usr/sbin/cppw", "/usr/sbin/groupadd", "/usr/sbin/groupdel", "/usr/sbin/groupmems", "/usr/sbin/groupmod", "/usr/sbin/grpck", "/usr/sbin/grpconv", "/usr/sbin/grpunconv", "/usr/sbin/newusers", "/usr/sbin/pwck", "/usr/sbin/pwconv", "/usr/sbin/pwunconv", "/usr/sbin/useradd", "/usr/sbin/userdel", "/usr/sbin/usermod", "/usr/sbin/vipw", "/usr/share/doc/passwd/NEWS.Debian.gz", "/usr/share/doc/passwd/README.Debian", "/usr/share/doc/passwd/TODO.Debian", "/usr/share/doc/passwd/changelog.Debian.gz", "/usr/share/doc/passwd/copyright", "/usr/share/doc/passwd/examples/passwd.expire.cron", "/usr/share/lintian/overrides/passwd", "/usr/share/man/cs/man1/expiry.1.gz", "/usr/share/man/cs/man1/gpasswd.1.gz", "/usr/share/man/cs/man5/gshadow.5.gz", "/usr/share/man/cs/man5/passwd.5.gz", "/usr/share/man/cs/man5/shadow.5.gz", "/usr/share/man/cs/man8/groupadd.8.gz", "/usr/share/man/cs/man8/groupdel.8.gz", "/usr/share/man/cs/man8/groupmod.8.gz", "/usr/share/man/cs/man8/grpck.8.gz", "/usr/share/man/cs/man8/vipw.8.gz", "/usr/share/man/da/man1/chfn.1.gz", "/usr/share/man/da/man5/gshadow.5.gz", "/usr/share/man/da/man8/groupdel.8.gz", "/usr/share/man/da/man8/vipw.8.gz", "/usr/share/man/de/man1/chage.1.gz", "/usr/share/man/de/man1/chfn.1.gz", "/usr/share/man/de/man1/chsh.1.gz", "/usr/share/man/de/man1/expiry.1.gz", "/usr/share/man/de/man1/gpasswd.1.gz", "/usr/share/man/de/man1/passwd.1.gz", "/usr/share/man/de/man5/gshadow.5.gz", "/usr/share/man/de/man5/passwd.5.gz", "/usr/share/man/de/man5/shadow.5.gz", "/usr/share/man/de/man8/chpasswd.8.gz", "/usr/share/man/de/man8/groupadd.8.gz", "/usr/share/man/de/man8/groupdel.8.gz", "/usr/share/man/de/man8/groupmems.8.gz", "/usr/share/man/de/man8/groupmod.8.gz", "/usr/share/man/de/man8/grpck.8.gz", "/usr/share/man/de/man8/newusers.8.gz", "/usr/share/man/de/man8/pwck.8.gz", "/usr/share/man/de/man8/pwconv.8.gz", "/usr/share/man/de/man8/useradd.8.gz", "/usr/share/man/de/man8/userdel.8.gz", "/usr/share/man/de/man8/usermod.8.gz", "/usr/share/man/de/man8/vipw.8.gz", "/usr/share/man/fi/man1/chfn.1.gz", "/usr/share/man/fi/man1/chsh.1.gz", "/usr/share/man/fr/man1/chage.1.gz", "/usr/share/man/fr/man1/chfn.1.gz", "/usr/share/man/fr/man1/chsh.1.gz", "/usr/share/man/fr/man1/expiry.1.gz", "/usr/share/man/fr/man1/gpasswd.1.gz", "/usr/share/man/fr/man1/passwd.1.gz", "/usr/share/man/fr/man5/gshadow.5.gz", "/usr/share/man/fr/man5/passwd.5.gz", "/usr/share/man/fr/man5/shadow.5.gz", "/usr/share/man/fr/man8/chpasswd.8.gz", "/usr/share/man/fr/man8/groupadd.8.gz", "/usr/share/man/fr/man8/groupdel.8.gz", "/usr/share/man/fr/man8/groupmems.8.gz", "/usr/share/man/fr/man8/groupmod.8.gz", "/usr/share/man/fr/man8/grpck.8.gz", "/usr/share/man/fr/man8/newusers.8.gz", "/usr/share/man/fr/man8/pwck.8.gz", "/usr/share/man/fr/man8/pwconv.8.gz", "/usr/share/man/fr/man8/useradd.8.gz", "/usr/share/man/fr/man8/userdel.8.gz", "/usr/share/man/fr/man8/usermod.8.gz", "/usr/share/man/fr/man8/vipw.8.gz", "/usr/share/man/hu/man1/chsh.1.gz", "/usr/share/man/hu/man1/gpasswd.1.gz", "/usr/share/man/hu/man1/passwd.1.gz", "/usr/share/man/hu/man5/passwd.5.gz", "/usr/share/man/id/man1/chsh.1.gz", "/usr/share/man/id/man8/useradd.8.gz", "/usr/share/man/it/man1/chage.1.gz", "/usr/share/man/it/man1/chfn.1.gz", "/usr/share/man/it/man1/chsh.1.gz", "/usr/share/man/it/man1/expiry.1.gz", "/usr/share/man/it/man1/gpasswd.1.gz", "/usr/share/man/it/man1/passwd.1.gz", "/usr/share/man/it/man5/gshadow.5.gz", "/usr/share/man/it/man5/passwd.5.gz", "/usr/share/man/it/man5/shadow.5.gz", "/usr/share/man/it/man8/chpasswd.8.gz", "/usr/share/man/it/man8/groupadd.8.gz", "/usr/share/man/it/man8/groupdel.8.gz", "/usr/share/man/it/man8/groupmems.8.gz", "/usr/share/man/it/man8/groupmod.8.gz", "/usr/share/man/it/man8/grpck.8.gz", "/usr/share/man/it/man8/newusers.8.gz", "/usr/share/man/it/man8/pwck.8.gz", "/usr/share/man/it/man8/pwconv.8.gz", "/usr/share/man/it/man8/useradd.8.gz", "/usr/share/man/it/man8/userdel.8.gz", "/usr/share/man/it/man8/usermod.8.gz", "/usr/share/man/it/man8/vipw.8.gz", "/usr/share/man/ja/man1/chage.1.gz", "/usr/share/man/ja/man1/chfn.1.gz", "/usr/share/man/ja/man1/chsh.1.gz", "/usr/share/man/ja/man1/expiry.1.gz", "/usr/share/man/ja/man1/gpasswd.1.gz", "/usr/share/man/ja/man1/passwd.1.gz", "/usr/share/man/ja/man5/passwd.5.gz", "/usr/share/man/ja/man5/shadow.5.gz", "/usr/share/man/ja/man8/chpasswd.8.gz", "/usr/share/man/ja/man8/groupadd.8.gz", "/usr/share/man/ja/man8/groupdel.8.gz", "/usr/share/man/ja/man8/groupmod.8.gz", "/usr/share/man/ja/man8/grpck.8.gz", "/usr/share/man/ja/man8/newusers.8.gz", "/usr/share/man/ja/man8/pwck.8.gz", "/usr/share/man/ja/man8/pwconv.8.gz", "/usr/share/man/ja/man8/useradd.8.gz", "/usr/share/man/ja/man8/userdel.8.gz", "/usr/share/man/ja/man8/usermod.8.gz", "/usr/share/man/ja/man8/vipw.8.gz", "/usr/share/man/ko/man1/chfn.1.gz", "/usr/share/man/ko/man1/chsh.1.gz", "/usr/share/man/ko/man5/passwd.5.gz", "/usr/share/man/ko/man8/vipw.8.gz", "/usr/share/man/man1/chage.1.gz", "/usr/share/man/man1/chfn.1.gz", "/usr/share/man/man1/chsh.1.gz", "/usr/share/man/man1/expiry.1.gz", "/usr/share/man/man1/gpasswd.1.gz", "/usr/share/man/man1/passwd.1.gz", "/usr/share/man/man5/gshadow.5.gz", "/usr/share/man/man5/passwd.5.gz", "/usr/share/man/man5/shadow.5.gz", "/usr/share/man/man5/subgid.5.gz", "/usr/share/man/man5/subuid.5.gz", "/usr/share/man/man8/chgpasswd.8.gz", "/usr/share/man/man8/chpasswd.8.gz", "/usr/share/man/man8/cppw.8.gz", "/usr/share/man/man8/groupadd.8.gz", "/usr/share/man/man8/groupdel.8.gz", "/usr/share/man/man8/groupmems.8.gz", "/usr/share/man/man8/groupmod.8.gz", "/usr/share/man/man8/grpck.8.gz", "/usr/share/man/man8/newusers.8.gz", "/usr/share/man/man8/pwck.8.gz", "/usr/share/man/man8/pwconv.8.gz", "/usr/share/man/man8/useradd.8.gz", "/usr/share/man/man8/userdel.8.gz", "/usr/share/man/man8/usermod.8.gz", "/usr/share/man/man8/vipw.8.gz", "/usr/share/man/pl/man1/chage.1.gz", "/usr/share/man/pl/man1/chsh.1.gz", "/usr/share/man/pl/man1/expiry.1.gz", "/usr/share/man/pl/man8/groupadd.8.gz", "/usr/share/man/pl/man8/groupdel.8.gz", "/usr/share/man/pl/man8/groupmems.8.gz", "/usr/share/man/pl/man8/groupmod.8.gz", "/usr/share/man/pl/man8/grpck.8.gz", "/usr/share/man/pl/man8/userdel.8.gz", "/usr/share/man/pl/man8/usermod.8.gz", "/usr/share/man/pl/man8/vipw.8.gz", "/usr/share/man/pt_BR/man1/gpasswd.1.gz", "/usr/share/man/pt_BR/man5/passwd.5.gz", "/usr/share/man/pt_BR/man5/shadow.5.gz", "/usr/share/man/pt_BR/man8/groupadd.8.gz", "/usr/share/man/pt_BR/man8/groupdel.8.gz", "/usr/share/man/pt_BR/man8/groupmod.8.gz", "/usr/share/man/ru/man1/chage.1.gz", "/usr/share/man/ru/man1/chfn.1.gz", "/usr/share/man/ru/man1/chsh.1.gz", "/usr/share/man/ru/man1/expiry.1.gz", "/usr/share/man/ru/man1/gpasswd.1.gz", "/usr/share/man/ru/man1/passwd.1.gz", "/usr/share/man/ru/man5/gshadow.5.gz", "/usr/share/man/ru/man5/passwd.5.gz", "/usr/share/man/ru/man5/shadow.5.gz", "/usr/share/man/ru/man8/chpasswd.8.gz", "/usr/share/man/ru/man8/groupadd.8.gz", "/usr/share/man/ru/man8/groupdel.8.gz", "/usr/share/man/ru/man8/groupmems.8.gz", "/usr/share/man/ru/man8/groupmod.8.gz", "/usr/share/man/ru/man8/grpck.8.gz", "/usr/share/man/ru/man8/newusers.8.gz", "/usr/share/man/ru/man8/pwck.8.gz", "/usr/share/man/ru/man8/pwconv.8.gz", "/usr/share/man/ru/man8/useradd.8.gz", "/usr/share/man/ru/man8/userdel.8.gz", "/usr/share/man/ru/man8/usermod.8.gz", "/usr/share/man/ru/man8/vipw.8.gz", "/usr/share/man/sv/man1/chage.1.gz", "/usr/share/man/sv/man1/chsh.1.gz", "/usr/share/man/sv/man1/expiry.1.gz", "/usr/share/man/sv/man1/passwd.1.gz", "/usr/share/man/sv/man5/gshadow.5.gz", "/usr/share/man/sv/man5/passwd.5.gz", "/usr/share/man/sv/man8/groupadd.8.gz", "/usr/share/man/sv/man8/groupdel.8.gz", "/usr/share/man/sv/man8/groupmems.8.gz", "/usr/share/man/sv/man8/groupmod.8.gz", "/usr/share/man/sv/man8/grpck.8.gz", "/usr/share/man/sv/man8/pwck.8.gz", "/usr/share/man/sv/man8/userdel.8.gz", "/usr/share/man/sv/man8/vipw.8.gz", "/usr/share/man/tr/man1/chage.1.gz", "/usr/share/man/tr/man1/chfn.1.gz", "/usr/share/man/tr/man1/passwd.1.gz", "/usr/share/man/tr/man5/passwd.5.gz", "/usr/share/man/tr/man5/shadow.5.gz", "/usr/share/man/tr/man8/groupadd.8.gz", "/usr/share/man/tr/man8/groupdel.8.gz", "/usr/share/man/tr/man8/groupmod.8.gz", "/usr/share/man/tr/man8/useradd.8.gz", "/usr/share/man/tr/man8/userdel.8.gz", "/usr/share/man/tr/man8/usermod.8.gz", "/usr/share/man/zh_CN/man1/chage.1.gz", "/usr/share/man/zh_CN/man1/chfn.1.gz", "/usr/share/man/zh_CN/man1/chsh.1.gz", "/usr/share/man/zh_CN/man1/expiry.1.gz", "/usr/share/man/zh_CN/man1/gpasswd.1.gz", "/usr/share/man/zh_CN/man1/passwd.1.gz", "/usr/share/man/zh_CN/man5/gshadow.5.gz", "/usr/share/man/zh_CN/man5/passwd.5.gz", "/usr/share/man/zh_CN/man5/shadow.5.gz", "/usr/share/man/zh_CN/man8/chpasswd.8.gz", "/usr/share/man/zh_CN/man8/groupadd.8.gz", "/usr/share/man/zh_CN/man8/groupdel.8.gz", "/usr/share/man/zh_CN/man8/groupmems.8.gz", "/usr/share/man/zh_CN/man8/groupmod.8.gz", "/usr/share/man/zh_CN/man8/grpck.8.gz", "/usr/share/man/zh_CN/man8/newusers.8.gz", "/usr/share/man/zh_CN/man8/pwck.8.gz", "/usr/share/man/zh_CN/man8/pwconv.8.gz", "/usr/share/man/zh_CN/man8/useradd.8.gz", "/usr/share/man/zh_CN/man8/userdel.8.gz", "/usr/share/man/zh_CN/man8/usermod.8.gz", "/usr/share/man/zh_CN/man8/vipw.8.gz", "/usr/share/man/zh_TW/man1/chfn.1.gz", "/usr/share/man/zh_TW/man1/chsh.1.gz", "/usr/share/man/zh_TW/man5/passwd.5.gz", "/usr/share/man/zh_TW/man8/chpasswd.8.gz", "/usr/share/man/zh_TW/man8/groupadd.8.gz", "/usr/share/man/zh_TW/man8/groupdel.8.gz", "/usr/share/man/zh_TW/man8/groupmod.8.gz", "/usr/share/man/zh_TW/man8/useradd.8.gz", "/usr/share/man/zh_TW/man8/userdel.8.gz", "/usr/share/man/zh_TW/man8/usermod.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "perl@5.30.0-9ubuntu0.3", "Name": "perl", "Identifier": { "PURL": "pkg:deb/ubuntu/perl@5.30.0-9ubuntu0.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "e4ac000ef35e9648" }, "Version": "5.30.0", "Release": "9ubuntu0.3", "Arch": "amd64", "SrcName": "perl", "SrcVersion": "5.30.0", "SrcRelease": "9ubuntu0.3", "Licenses": [ "GPL-1.0-or-later", "Artistic-2.0", "MIT", "REGCOMP", "GPL-2.0-with-bison-exception+", "Unicode", "BZIP", "Zlib", "GPL-2.0-or-later", "RRA-KEEP-THIS-NOTICE", "BSD-3-clause-with-weird-numbering", "CC0-1.0", "TEXT-TABS", "BSD-4-clause-POWERDOG", "BSD-3-clause-GENERIC", "BSD-3-Clause", "SDBM-PUBLIC-DOMAIN", "DONT-CHANGE-THE-GPL", "Artistic-dist", "LGPL-2.1-only", "GPL-1.0-only", "GPL-2.0-only", "Artistic-2", "HSIEH-DERIVATIVE", "HSIEH-BSD" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libperl5.30@5.30.0-9ubuntu0.3", "perl-base@5.30.0-9ubuntu0.3", "perl-modules-5.30@5.30.0-9ubuntu0.3" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/bin/corelist", "/usr/bin/cpan", "/usr/bin/enc2xs", "/usr/bin/encguess", "/usr/bin/h2ph", "/usr/bin/h2xs", "/usr/bin/instmodsh", "/usr/bin/json_pp", "/usr/bin/libnetcfg", "/usr/bin/perlbug", "/usr/bin/perldoc", "/usr/bin/perlivp", "/usr/bin/perlthanks", "/usr/bin/piconv", "/usr/bin/pl2pm", "/usr/bin/pod2html", "/usr/bin/pod2man", "/usr/bin/pod2text", "/usr/bin/pod2usage", "/usr/bin/podchecker", "/usr/bin/podselect", "/usr/bin/prove", "/usr/bin/ptar", "/usr/bin/ptardiff", "/usr/bin/ptargrep", "/usr/bin/shasum", "/usr/bin/splain", "/usr/bin/xsubpp", "/usr/bin/zipdetails", "/usr/share/doc/perl/README.Debian", "/usr/share/doc/perl/copyright", "/usr/share/lintian/overrides/perl", "/usr/share/man/man1/corelist.1.gz", "/usr/share/man/man1/cpan.1.gz", "/usr/share/man/man1/enc2xs.1.gz", "/usr/share/man/man1/encguess.1.gz", "/usr/share/man/man1/h2ph.1.gz", "/usr/share/man/man1/h2xs.1.gz", "/usr/share/man/man1/instmodsh.1.gz", "/usr/share/man/man1/json_pp.1.gz", "/usr/share/man/man1/libnetcfg.1.gz", "/usr/share/man/man1/perlbug.1.gz", "/usr/share/man/man1/perlivp.1.gz", "/usr/share/man/man1/piconv.1.gz", "/usr/share/man/man1/pl2pm.1.gz", "/usr/share/man/man1/pod2html.1.gz", "/usr/share/man/man1/pod2man.1.gz", "/usr/share/man/man1/pod2text.1.gz", "/usr/share/man/man1/pod2usage.1.gz", "/usr/share/man/man1/podchecker.1.gz", "/usr/share/man/man1/podselect.1.gz", "/usr/share/man/man1/prove.1.gz", "/usr/share/man/man1/ptar.1.gz", "/usr/share/man/man1/ptardiff.1.gz", "/usr/share/man/man1/ptargrep.1.gz", "/usr/share/man/man1/shasum.1.gz", "/usr/share/man/man1/splain.1.gz", "/usr/share/man/man1/xsubpp.1.gz", "/usr/share/man/man1/zipdetails.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "perl-base@5.30.0-9ubuntu0.3", "Name": "perl-base", "Identifier": { "PURL": "pkg:deb/ubuntu/perl-base@5.30.0-9ubuntu0.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "2289117557075356" }, "Version": "5.30.0", "Release": "9ubuntu0.3", "Arch": "amd64", "SrcName": "perl", "SrcVersion": "5.30.0", "SrcRelease": "9ubuntu0.3", "Licenses": [ "GPL-1.0-or-later", "Artistic-2.0", "MIT", "REGCOMP", "GPL-2.0-with-bison-exception+", "Unicode", "BZIP", "Zlib", "GPL-2.0-or-later", "RRA-KEEP-THIS-NOTICE", "BSD-3-clause-with-weird-numbering", "CC0-1.0", "TEXT-TABS", "BSD-4-clause-POWERDOG", "BSD-3-clause-GENERIC", "BSD-3-Clause", "SDBM-PUBLIC-DOMAIN", "DONT-CHANGE-THE-GPL", "Artistic-dist", "LGPL-2.1-only", "GPL-1.0-only", "GPL-2.0-only", "Artistic-2", "HSIEH-DERIVATIVE", "HSIEH-BSD" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/bin/perl", "/usr/bin/perl5.30.0", "/usr/lib/x86_64-linux-gnu/perl-base/AutoLoader.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Carp.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Carp/Heavy.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Config.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Config_git.pl", "/usr/lib/x86_64-linux-gnu/perl-base/Config_heavy.pl", "/usr/lib/x86_64-linux-gnu/perl-base/Cwd.pm", "/usr/lib/x86_64-linux-gnu/perl-base/DynaLoader.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Errno.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Exporter.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Exporter/Heavy.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Fcntl.pm", "/usr/lib/x86_64-linux-gnu/perl-base/File/Basename.pm", "/usr/lib/x86_64-linux-gnu/perl-base/File/Glob.pm", "/usr/lib/x86_64-linux-gnu/perl-base/File/Path.pm", "/usr/lib/x86_64-linux-gnu/perl-base/File/Spec.pm", "/usr/lib/x86_64-linux-gnu/perl-base/File/Spec/Unix.pm", "/usr/lib/x86_64-linux-gnu/perl-base/File/Temp.pm", "/usr/lib/x86_64-linux-gnu/perl-base/FileHandle.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Getopt/Long.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Hash/Util.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/File.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Handle.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Pipe.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Seekable.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Select.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket/INET.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket/IP.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket/UNIX.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IPC/Open2.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IPC/Open3.pm", "/usr/lib/x86_64-linux-gnu/perl-base/List/Util.pm", "/usr/lib/x86_64-linux-gnu/perl-base/POSIX.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Scalar/Util.pm", "/usr/lib/x86_64-linux-gnu/perl-base/SelectSaver.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Socket.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Symbol.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Text/ParseWords.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Text/Tabs.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Text/Wrap.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Tie/Hash.pm", "/usr/lib/x86_64-linux-gnu/perl-base/XSLoader.pm", "/usr/lib/x86_64-linux-gnu/perl-base/attributes.pm", "/usr/lib/x86_64-linux-gnu/perl-base/auto/Cwd/Cwd.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/Fcntl/Fcntl.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/File/Glob/Glob.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/Hash/Util/Util.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/IO/IO.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/List/Util/Util.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/POSIX/POSIX.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/Socket/Socket.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/attributes/attributes.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/re/re.so", "/usr/lib/x86_64-linux-gnu/perl-base/base.pm", "/usr/lib/x86_64-linux-gnu/perl-base/bytes.pm", "/usr/lib/x86_64-linux-gnu/perl-base/bytes_heavy.pl", "/usr/lib/x86_64-linux-gnu/perl-base/constant.pm", "/usr/lib/x86_64-linux-gnu/perl-base/feature.pm", "/usr/lib/x86_64-linux-gnu/perl-base/fields.pm", "/usr/lib/x86_64-linux-gnu/perl-base/integer.pm", "/usr/lib/x86_64-linux-gnu/perl-base/lib.pm", "/usr/lib/x86_64-linux-gnu/perl-base/locale.pm", "/usr/lib/x86_64-linux-gnu/perl-base/overload.pm", "/usr/lib/x86_64-linux-gnu/perl-base/overloading.pm", "/usr/lib/x86_64-linux-gnu/perl-base/parent.pm", "/usr/lib/x86_64-linux-gnu/perl-base/re.pm", "/usr/lib/x86_64-linux-gnu/perl-base/strict.pm", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/Heavy.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Age.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bmg.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bpb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bpt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Cf.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Digit.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Ea.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/EqUIdeo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Fold.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/GCB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Gc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Hst.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/InPC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/InSC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Isc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Jg.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Jt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Lb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Lc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Lower.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFCQC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFDQC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFKCCF.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFKCQC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFKDQC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Na1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NameAlia.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Nt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Nv.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/PerlDeci.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/SB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Sc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Scx.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Tc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Title.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Uc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Upper.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Vo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/WB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/_PerlLB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/_PerlSCX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/NA.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V100.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V11.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V110.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V120.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V20.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V30.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V31.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V32.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V40.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V41.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V50.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V51.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V52.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V60.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V61.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V70.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V80.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V90.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Alpha/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/AL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/AN.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/B.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/BN.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/CS.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/EN.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/ES.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/ET.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/L.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/NSM.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/ON.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/R.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/WS.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/BidiC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/BidiM/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Blk/NB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bpt/C.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bpt/N.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bpt/O.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CE/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CI/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWCF/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWCM/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWKCF/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWL/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWT/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWU/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Cased/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/A.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/AL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/AR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/ATAR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/B.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/BR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/DB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/NK.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/NR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/OV.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/VR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CompEx/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/DI/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dash/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dep/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dia/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Com.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Enc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Fin.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Font.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Init.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Iso.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Med.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Nar.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Nb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/NonCanon.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Sqr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Sub.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Sup.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Vert.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/A.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/H.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/N.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/Na.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/W.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ext/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/CN.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/EX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/LV.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/LVT.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/PP.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/SM.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/XX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/C.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Cf.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Cn.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/L.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/LC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Ll.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Lm.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Lo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Lu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/M.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Mc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Me.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Mn.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/N.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Nd.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Nl.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/No.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/P.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pd.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pe.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pf.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Po.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Ps.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/S.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Sc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Sk.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Sm.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/So.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Z.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Zs.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GrBase/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GrExt/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Hex/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Hst/NA.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Hyphen/T.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IDC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IDS/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ideo/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/10_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/11_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/12_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/12_1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/2_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/2_1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/3_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/3_1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/3_2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/4_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/4_1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/5_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/5_1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/5_2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_3.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/7_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/8_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/9_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Bottom.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Left.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/LeftAndR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/NA.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Overstru.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Right.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Top.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndBo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndL2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndLe.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndRi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/VisualOr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Avagraha.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Bindu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Cantilla.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona3.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona4.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona5.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona6.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona7.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consonan.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Invisibl.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Nukta.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Number.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Other.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/PureKill.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Syllable.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/ToneMark.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Virama.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Visarga.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Vowel.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/VowelDep.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/VowelInd.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Ain.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Alef.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Beh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Dal.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/FarsiYeh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Feh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Gaf.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Hah.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/HanifiRo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Kaf.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Lam.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/NoJoinin.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Qaf.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Reh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Sad.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Seen.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Waw.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Yeh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/C.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/D.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/L.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/R.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/T.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/U.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/AI.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/AL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/BA.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/BB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/CJ.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/CL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/CM.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/EB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/EX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/GL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/ID.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/IN.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/IS.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/NS.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/NU.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/OP.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/PO.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/PR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/QU.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/SA.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/XX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lower/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Math/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFCQC/M.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFCQC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFDQC/N.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFDQC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKCQC/N.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKCQC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKDQC/N.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKDQC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nt/Di.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nt/None.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nt/Nu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/10.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/100.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/10000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/100000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/11.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/12.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/13.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/14.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/15.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/16.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/17.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/18.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/19.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_16.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_3.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_4.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_6.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_8.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/20.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/200.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/2000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/20000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/2_3.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/30.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/300.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/30000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3_16.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3_4.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/4.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/40.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/400.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/4000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/40000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/5.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/50.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/500.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/5000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/50000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/6.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/60.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/600.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/6000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/60000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/7.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/70.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/700.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/7000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/70000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/8.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/80.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/800.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/8000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/80000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/9.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/90.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/900.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/9000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/90000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/PCM/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/PatSyn/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Alnum.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Assigned.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Blank.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Graph.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/PerlWord.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/PosixPun.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Print.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/SpacePer.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Title.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Word.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/XPosixPu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlAny.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlCh2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlCha.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlFol.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlIDC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlIDS.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlIsI.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlNch.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlNon.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlPat.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlPr2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlPro.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlQuo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/QMark/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/AT.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/CL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/EX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/FO.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/LE.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/LO.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/NU.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/SC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/ST.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/Sp.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/UP.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/XX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SD/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/STerm/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Arab.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Armn.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Beng.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Cprt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Cyrl.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Deva.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Dupl.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Geor.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Glag.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gong.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gonm.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gran.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Grek.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gujr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Guru.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Han.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Hang.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Hira.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Kana.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Knda.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Latn.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Limb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Linb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Mlym.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Mong.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Mult.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Orya.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Sinh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Syrc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Taml.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Telu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Zinh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Zyyy.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Adlm.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Arab.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Armn.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Beng.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Bhks.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Bopo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cakm.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cham.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Copt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cprt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cyrl.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Deva.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Dupl.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Ethi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Geor.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Glag.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gong.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gonm.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gran.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Grek.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gujr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Guru.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Han.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hang.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hebr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hira.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hmng.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hmnp.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Kana.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Khar.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Khmr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Khoj.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Knda.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Kthi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Lana.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Lao.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Latn.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Limb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Lina.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Linb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mlym.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mong.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mult.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mymr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Nand.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Orya.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Phlp.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Rohg.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Shrd.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Sind.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Sinh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Syrc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tagb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Takr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Talu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Taml.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Telu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Thaa.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tibt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tirh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Xsux.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Yi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Zinh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Zyyy.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Zzzz.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Term/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/UIdeo/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Upper/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/R.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/Tr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/Tu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/U.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/EX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/Extend.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/FO.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/HL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/KA.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/LE.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/MB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/ML.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/MN.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/NU.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/WSegSpac.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/XX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/XIDC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/XIDS/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/utf8.pm", "/usr/lib/x86_64-linux-gnu/perl-base/utf8_heavy.pl", "/usr/lib/x86_64-linux-gnu/perl-base/vars.pm", "/usr/lib/x86_64-linux-gnu/perl-base/warnings.pm", "/usr/lib/x86_64-linux-gnu/perl-base/warnings/register.pm", "/usr/share/doc/perl-base/changelog.Debian.gz", "/usr/share/doc/perl-base/copyright", "/usr/share/doc/perl/AUTHORS.gz", "/usr/share/doc/perl/Documentation", "/usr/share/lintian/overrides/perl-base", "/usr/share/man/man1/perl.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "perl-modules-5.30@5.30.0-9ubuntu0.3", "Name": "perl-modules-5.30", "Identifier": { "PURL": "pkg:deb/ubuntu/perl-modules-5.30@5.30.0-9ubuntu0.3?arch=all\u0026distro=ubuntu-20.04", "UID": "23ac15a776adbce9" }, "Version": "5.30.0", "Release": "9ubuntu0.3", "Arch": "all", "SrcName": "perl", "SrcVersion": "5.30.0", "SrcRelease": "9ubuntu0.3", "Licenses": [ "GPL-1.0-or-later", "Artistic-2.0", "MIT", "REGCOMP", "GPL-2.0-with-bison-exception+", "Unicode", "BZIP", "Zlib", "GPL-2.0-or-later", "RRA-KEEP-THIS-NOTICE", "BSD-3-clause-with-weird-numbering", "CC0-1.0", "TEXT-TABS", "BSD-4-clause-POWERDOG", "BSD-3-clause-GENERIC", "BSD-3-Clause", "SDBM-PUBLIC-DOMAIN", "DONT-CHANGE-THE-GPL", "Artistic-dist", "LGPL-2.1-only", "GPL-1.0-only", "GPL-2.0-only", "Artistic-2", "HSIEH-DERIVATIVE", "HSIEH-BSD" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "perl-base@5.30.0-9ubuntu0.3" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/share/doc/perl-modules-5.30/README.Debian", "/usr/share/doc/perl-modules-5.30/copyright", "/usr/share/lintian/overrides/perl-modules-5.30", "/usr/share/perl/5.30.0/AnyDBM_File.pm", "/usr/share/perl/5.30.0/App/Cpan.pm", "/usr/share/perl/5.30.0/App/Prove.pm", "/usr/share/perl/5.30.0/App/Prove/State.pm", "/usr/share/perl/5.30.0/App/Prove/State/Result.pm", "/usr/share/perl/5.30.0/App/Prove/State/Result/Test.pm", "/usr/share/perl/5.30.0/Archive/Tar.pm", "/usr/share/perl/5.30.0/Archive/Tar/Constant.pm", "/usr/share/perl/5.30.0/Archive/Tar/File.pm", "/usr/share/perl/5.30.0/Attribute/Handlers.pm", "/usr/share/perl/5.30.0/AutoLoader.pm", "/usr/share/perl/5.30.0/AutoSplit.pm", "/usr/share/perl/5.30.0/B/Deparse.pm", "/usr/share/perl/5.30.0/B/Op_private.pm", "/usr/share/perl/5.30.0/Benchmark.pm", "/usr/share/perl/5.30.0/CORE.pod", "/usr/share/perl/5.30.0/CPAN.pm", "/usr/share/perl/5.30.0/CPAN/API/HOWTO.pod", "/usr/share/perl/5.30.0/CPAN/Author.pm", "/usr/share/perl/5.30.0/CPAN/Bundle.pm", "/usr/share/perl/5.30.0/CPAN/CacheMgr.pm", "/usr/share/perl/5.30.0/CPAN/Complete.pm", "/usr/share/perl/5.30.0/CPAN/Debug.pm", "/usr/share/perl/5.30.0/CPAN/DeferredCode.pm", "/usr/share/perl/5.30.0/CPAN/Distribution.pm", "/usr/share/perl/5.30.0/CPAN/Distroprefs.pm", "/usr/share/perl/5.30.0/CPAN/Distrostatus.pm", "/usr/share/perl/5.30.0/CPAN/Exception/RecursiveDependency.pm", "/usr/share/perl/5.30.0/CPAN/Exception/blocked_urllist.pm", "/usr/share/perl/5.30.0/CPAN/Exception/yaml_not_installed.pm", "/usr/share/perl/5.30.0/CPAN/Exception/yaml_process_error.pm", "/usr/share/perl/5.30.0/CPAN/FTP.pm", "/usr/share/perl/5.30.0/CPAN/FTP/netrc.pm", "/usr/share/perl/5.30.0/CPAN/FirstTime.pm", "/usr/share/perl/5.30.0/CPAN/HTTP/Client.pm", "/usr/share/perl/5.30.0/CPAN/HTTP/Credentials.pm", "/usr/share/perl/5.30.0/CPAN/HandleConfig.pm", "/usr/share/perl/5.30.0/CPAN/Index.pm", "/usr/share/perl/5.30.0/CPAN/InfoObj.pm", "/usr/share/perl/5.30.0/CPAN/Kwalify.pm", "/usr/share/perl/5.30.0/CPAN/Kwalify/distroprefs.dd", "/usr/share/perl/5.30.0/CPAN/Kwalify/distroprefs.yml", "/usr/share/perl/5.30.0/CPAN/LWP/UserAgent.pm", "/usr/share/perl/5.30.0/CPAN/Meta.pm", "/usr/share/perl/5.30.0/CPAN/Meta/Converter.pm", "/usr/share/perl/5.30.0/CPAN/Meta/Feature.pm", "/usr/share/perl/5.30.0/CPAN/Meta/History.pm", "/usr/share/perl/5.30.0/CPAN/Meta/History/Meta_1_0.pod", "/usr/share/perl/5.30.0/CPAN/Meta/History/Meta_1_1.pod", "/usr/share/perl/5.30.0/CPAN/Meta/History/Meta_1_2.pod", "/usr/share/perl/5.30.0/CPAN/Meta/History/Meta_1_3.pod", "/usr/share/perl/5.30.0/CPAN/Meta/History/Meta_1_4.pod", "/usr/share/perl/5.30.0/CPAN/Meta/Merge.pm", "/usr/share/perl/5.30.0/CPAN/Meta/Prereqs.pm", "/usr/share/perl/5.30.0/CPAN/Meta/Requirements.pm", "/usr/share/perl/5.30.0/CPAN/Meta/Spec.pm", "/usr/share/perl/5.30.0/CPAN/Meta/Validator.pm", "/usr/share/perl/5.30.0/CPAN/Meta/YAML.pm", "/usr/share/perl/5.30.0/CPAN/Mirrors.pm", "/usr/share/perl/5.30.0/CPAN/Module.pm", "/usr/share/perl/5.30.0/CPAN/Nox.pm", "/usr/share/perl/5.30.0/CPAN/Plugin.pm", "/usr/share/perl/5.30.0/CPAN/Plugin/Specfile.pm", "/usr/share/perl/5.30.0/CPAN/Prompt.pm", "/usr/share/perl/5.30.0/CPAN/Queue.pm", "/usr/share/perl/5.30.0/CPAN/Shell.pm", "/usr/share/perl/5.30.0/CPAN/Tarzip.pm", "/usr/share/perl/5.30.0/CPAN/URL.pm", "/usr/share/perl/5.30.0/CPAN/Version.pm", "/usr/share/perl/5.30.0/Carp.pm", "/usr/share/perl/5.30.0/Carp/Heavy.pm", "/usr/share/perl/5.30.0/Class/Struct.pm", "/usr/share/perl/5.30.0/Compress/Zlib.pm", "/usr/share/perl/5.30.0/Config/Extensions.pm", "/usr/share/perl/5.30.0/Config/Perl/V.pm", "/usr/share/perl/5.30.0/DB.pm", "/usr/share/perl/5.30.0/DBM_Filter.pm", "/usr/share/perl/5.30.0/DBM_Filter/compress.pm", "/usr/share/perl/5.30.0/DBM_Filter/encode.pm", "/usr/share/perl/5.30.0/DBM_Filter/int32.pm", "/usr/share/perl/5.30.0/DBM_Filter/null.pm", "/usr/share/perl/5.30.0/DBM_Filter/utf8.pm", "/usr/share/perl/5.30.0/Devel/SelfStubber.pm", "/usr/share/perl/5.30.0/Digest.pm", "/usr/share/perl/5.30.0/Digest/base.pm", "/usr/share/perl/5.30.0/Digest/file.pm", "/usr/share/perl/5.30.0/DirHandle.pm", "/usr/share/perl/5.30.0/Dumpvalue.pm", "/usr/share/perl/5.30.0/Encode/Changes.e2x", "/usr/share/perl/5.30.0/Encode/ConfigLocal_PM.e2x", "/usr/share/perl/5.30.0/Encode/Makefile_PL.e2x", "/usr/share/perl/5.30.0/Encode/PerlIO.pod", "/usr/share/perl/5.30.0/Encode/README.e2x", "/usr/share/perl/5.30.0/Encode/Supported.pod", "/usr/share/perl/5.30.0/Encode/_PM.e2x", "/usr/share/perl/5.30.0/Encode/_T.e2x", "/usr/share/perl/5.30.0/Encode/encode.h", "/usr/share/perl/5.30.0/English.pm", "/usr/share/perl/5.30.0/Env.pm", "/usr/share/perl/5.30.0/Exporter.pm", "/usr/share/perl/5.30.0/Exporter/Heavy.pm", "/usr/share/perl/5.30.0/ExtUtils/CBuilder.pm", "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Base.pm", "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Platform/Unix.pm", "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Platform/VMS.pm", "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Platform/Windows.pm", "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Platform/Windows/BCC.pm", "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Platform/Windows/GCC.pm", "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Platform/Windows/MSVC.pm", "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Platform/aix.pm", "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Platform/android.pm", "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Platform/cygwin.pm", "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Platform/darwin.pm", "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Platform/dec_osf.pm", "/usr/share/perl/5.30.0/ExtUtils/CBuilder/Platform/os2.pm", "/usr/share/perl/5.30.0/ExtUtils/Command.pm", "/usr/share/perl/5.30.0/ExtUtils/Command/MM.pm", "/usr/share/perl/5.30.0/ExtUtils/Constant.pm", "/usr/share/perl/5.30.0/ExtUtils/Constant/Base.pm", "/usr/share/perl/5.30.0/ExtUtils/Constant/ProxySubs.pm", "/usr/share/perl/5.30.0/ExtUtils/Constant/Utils.pm", "/usr/share/perl/5.30.0/ExtUtils/Constant/XS.pm", "/usr/share/perl/5.30.0/ExtUtils/Embed.pm", "/usr/share/perl/5.30.0/ExtUtils/Install.pm", "/usr/share/perl/5.30.0/ExtUtils/Installed.pm", "/usr/share/perl/5.30.0/ExtUtils/Liblist.pm", "/usr/share/perl/5.30.0/ExtUtils/Liblist/Kid.pm", "/usr/share/perl/5.30.0/ExtUtils/MANIFEST.SKIP", "/usr/share/perl/5.30.0/ExtUtils/MM.pm", "/usr/share/perl/5.30.0/ExtUtils/MM_AIX.pm", "/usr/share/perl/5.30.0/ExtUtils/MM_Any.pm", "/usr/share/perl/5.30.0/ExtUtils/MM_BeOS.pm", "/usr/share/perl/5.30.0/ExtUtils/MM_Cygwin.pm", "/usr/share/perl/5.30.0/ExtUtils/MM_DOS.pm", "/usr/share/perl/5.30.0/ExtUtils/MM_Darwin.pm", "/usr/share/perl/5.30.0/ExtUtils/MM_MacOS.pm", "/usr/share/perl/5.30.0/ExtUtils/MM_NW5.pm", "/usr/share/perl/5.30.0/ExtUtils/MM_OS2.pm", "/usr/share/perl/5.30.0/ExtUtils/MM_QNX.pm", "/usr/share/perl/5.30.0/ExtUtils/MM_UWIN.pm", "/usr/share/perl/5.30.0/ExtUtils/MM_Unix.pm", "/usr/share/perl/5.30.0/ExtUtils/MM_VMS.pm", "/usr/share/perl/5.30.0/ExtUtils/MM_VOS.pm", "/usr/share/perl/5.30.0/ExtUtils/MM_Win32.pm", "/usr/share/perl/5.30.0/ExtUtils/MM_Win95.pm", "/usr/share/perl/5.30.0/ExtUtils/MY.pm", "/usr/share/perl/5.30.0/ExtUtils/MakeMaker.pm", "/usr/share/perl/5.30.0/ExtUtils/MakeMaker/Config.pm", "/usr/share/perl/5.30.0/ExtUtils/MakeMaker/FAQ.pod", "/usr/share/perl/5.30.0/ExtUtils/MakeMaker/Locale.pm", "/usr/share/perl/5.30.0/ExtUtils/MakeMaker/Tutorial.pod", "/usr/share/perl/5.30.0/ExtUtils/MakeMaker/version.pm", "/usr/share/perl/5.30.0/ExtUtils/Manifest.pm", "/usr/share/perl/5.30.0/ExtUtils/Miniperl.pm", "/usr/share/perl/5.30.0/ExtUtils/Mkbootstrap.pm", "/usr/share/perl/5.30.0/ExtUtils/Mksymlists.pm", "/usr/share/perl/5.30.0/ExtUtils/Packlist.pm", "/usr/share/perl/5.30.0/ExtUtils/ParseXS.pm", "/usr/share/perl/5.30.0/ExtUtils/ParseXS.pod", "/usr/share/perl/5.30.0/ExtUtils/ParseXS/Constants.pm", "/usr/share/perl/5.30.0/ExtUtils/ParseXS/CountLines.pm", "/usr/share/perl/5.30.0/ExtUtils/ParseXS/Eval.pm", "/usr/share/perl/5.30.0/ExtUtils/ParseXS/Utilities.pm", "/usr/share/perl/5.30.0/ExtUtils/Typemaps.pm", "/usr/share/perl/5.30.0/ExtUtils/Typemaps/Cmd.pm", "/usr/share/perl/5.30.0/ExtUtils/Typemaps/InputMap.pm", "/usr/share/perl/5.30.0/ExtUtils/Typemaps/OutputMap.pm", "/usr/share/perl/5.30.0/ExtUtils/Typemaps/Type.pm", "/usr/share/perl/5.30.0/ExtUtils/testlib.pm", "/usr/share/perl/5.30.0/ExtUtils/typemap", "/usr/share/perl/5.30.0/ExtUtils/xsubpp", "/usr/share/perl/5.30.0/Fatal.pm", "/usr/share/perl/5.30.0/File/Basename.pm", "/usr/share/perl/5.30.0/File/Compare.pm", "/usr/share/perl/5.30.0/File/Copy.pm", "/usr/share/perl/5.30.0/File/Fetch.pm", "/usr/share/perl/5.30.0/File/Find.pm", "/usr/share/perl/5.30.0/File/GlobMapper.pm", "/usr/share/perl/5.30.0/File/Path.pm", "/usr/share/perl/5.30.0/File/Temp.pm", "/usr/share/perl/5.30.0/File/stat.pm", "/usr/share/perl/5.30.0/FileCache.pm", "/usr/share/perl/5.30.0/FileHandle.pm", "/usr/share/perl/5.30.0/Filter/Simple.pm", "/usr/share/perl/5.30.0/FindBin.pm", "/usr/share/perl/5.30.0/Getopt/Long.pm", "/usr/share/perl/5.30.0/Getopt/Std.pm", "/usr/share/perl/5.30.0/HTTP/Tiny.pm", "/usr/share/perl/5.30.0/I18N/Collate.pm", "/usr/share/perl/5.30.0/I18N/LangTags.pm", "/usr/share/perl/5.30.0/I18N/LangTags/Detect.pm", "/usr/share/perl/5.30.0/I18N/LangTags/List.pm", "/usr/share/perl/5.30.0/IO/Compress/Adapter/Bzip2.pm", "/usr/share/perl/5.30.0/IO/Compress/Adapter/Deflate.pm", "/usr/share/perl/5.30.0/IO/Compress/Adapter/Identity.pm", "/usr/share/perl/5.30.0/IO/Compress/Base.pm", "/usr/share/perl/5.30.0/IO/Compress/Base/Common.pm", "/usr/share/perl/5.30.0/IO/Compress/Bzip2.pm", "/usr/share/perl/5.30.0/IO/Compress/Deflate.pm", "/usr/share/perl/5.30.0/IO/Compress/FAQ.pod", "/usr/share/perl/5.30.0/IO/Compress/Gzip.pm", "/usr/share/perl/5.30.0/IO/Compress/Gzip/Constants.pm", "/usr/share/perl/5.30.0/IO/Compress/RawDeflate.pm", "/usr/share/perl/5.30.0/IO/Compress/Zip.pm", "/usr/share/perl/5.30.0/IO/Compress/Zip/Constants.pm", "/usr/share/perl/5.30.0/IO/Compress/Zlib/Constants.pm", "/usr/share/perl/5.30.0/IO/Compress/Zlib/Extra.pm", "/usr/share/perl/5.30.0/IO/Socket/IP.pm", "/usr/share/perl/5.30.0/IO/Uncompress/Adapter/Bunzip2.pm", "/usr/share/perl/5.30.0/IO/Uncompress/Adapter/Identity.pm", "/usr/share/perl/5.30.0/IO/Uncompress/Adapter/Inflate.pm", "/usr/share/perl/5.30.0/IO/Uncompress/AnyInflate.pm", "/usr/share/perl/5.30.0/IO/Uncompress/AnyUncompress.pm", "/usr/share/perl/5.30.0/IO/Uncompress/Base.pm", "/usr/share/perl/5.30.0/IO/Uncompress/Bunzip2.pm", "/usr/share/perl/5.30.0/IO/Uncompress/Gunzip.pm", "/usr/share/perl/5.30.0/IO/Uncompress/Inflate.pm", "/usr/share/perl/5.30.0/IO/Uncompress/RawInflate.pm", "/usr/share/perl/5.30.0/IO/Uncompress/Unzip.pm", "/usr/share/perl/5.30.0/IO/Zlib.pm", "/usr/share/perl/5.30.0/IPC/Cmd.pm", "/usr/share/perl/5.30.0/IPC/Open2.pm", "/usr/share/perl/5.30.0/IPC/Open3.pm", "/usr/share/perl/5.30.0/Internals.pod", "/usr/share/perl/5.30.0/JSON/PP.pm", "/usr/share/perl/5.30.0/JSON/PP/Boolean.pm", "/usr/share/perl/5.30.0/Locale/Maketext.pm", "/usr/share/perl/5.30.0/Locale/Maketext.pod", "/usr/share/perl/5.30.0/Locale/Maketext/Cookbook.pod", "/usr/share/perl/5.30.0/Locale/Maketext/Guts.pm", "/usr/share/perl/5.30.0/Locale/Maketext/GutsLoader.pm", "/usr/share/perl/5.30.0/Locale/Maketext/Simple.pm", "/usr/share/perl/5.30.0/Locale/Maketext/TPJ13.pod", "/usr/share/perl/5.30.0/Math/BigFloat.pm", "/usr/share/perl/5.30.0/Math/BigFloat/Trace.pm", "/usr/share/perl/5.30.0/Math/BigInt.pm", "/usr/share/perl/5.30.0/Math/BigInt/Calc.pm", "/usr/share/perl/5.30.0/Math/BigInt/Lib.pm", "/usr/share/perl/5.30.0/Math/BigInt/Trace.pm", "/usr/share/perl/5.30.0/Math/BigRat.pm", "/usr/share/perl/5.30.0/Math/Complex.pm", "/usr/share/perl/5.30.0/Math/Trig.pm", "/usr/share/perl/5.30.0/Memoize.pm", "/usr/share/perl/5.30.0/Memoize/AnyDBM_File.pm", "/usr/share/perl/5.30.0/Memoize/Expire.pm", "/usr/share/perl/5.30.0/Memoize/ExpireFile.pm", "/usr/share/perl/5.30.0/Memoize/ExpireTest.pm", "/usr/share/perl/5.30.0/Memoize/NDBM_File.pm", "/usr/share/perl/5.30.0/Memoize/SDBM_File.pm", "/usr/share/perl/5.30.0/Memoize/Storable.pm", "/usr/share/perl/5.30.0/Module/CoreList.pm", "/usr/share/perl/5.30.0/Module/CoreList.pod", "/usr/share/perl/5.30.0/Module/CoreList/Utils.pm", "/usr/share/perl/5.30.0/Module/Load.pm", "/usr/share/perl/5.30.0/Module/Load/Conditional.pm", "/usr/share/perl/5.30.0/Module/Loaded.pm", "/usr/share/perl/5.30.0/Module/Metadata.pm", "/usr/share/perl/5.30.0/NEXT.pm", "/usr/share/perl/5.30.0/Net/Cmd.pm", "/usr/share/perl/5.30.0/Net/Config.pm", "/usr/share/perl/5.30.0/Net/Domain.pm", "/usr/share/perl/5.30.0/Net/FTP.pm", "/usr/share/perl/5.30.0/Net/FTP/A.pm", "/usr/share/perl/5.30.0/Net/FTP/E.pm", "/usr/share/perl/5.30.0/Net/FTP/I.pm", "/usr/share/perl/5.30.0/Net/FTP/L.pm", "/usr/share/perl/5.30.0/Net/FTP/dataconn.pm", "/usr/share/perl/5.30.0/Net/NNTP.pm", "/usr/share/perl/5.30.0/Net/Netrc.pm", "/usr/share/perl/5.30.0/Net/POP3.pm", "/usr/share/perl/5.30.0/Net/Ping.pm", "/usr/share/perl/5.30.0/Net/SMTP.pm", "/usr/share/perl/5.30.0/Net/Time.pm", "/usr/share/perl/5.30.0/Net/hostent.pm", "/usr/share/perl/5.30.0/Net/libnetFAQ.pod", "/usr/share/perl/5.30.0/Net/netent.pm", "/usr/share/perl/5.30.0/Net/protoent.pm", "/usr/share/perl/5.30.0/Net/servent.pm", "/usr/share/perl/5.30.0/Params/Check.pm", "/usr/share/perl/5.30.0/Parse/CPAN/Meta.pm", "/usr/share/perl/5.30.0/Perl/OSType.pm", "/usr/share/perl/5.30.0/PerlIO.pm", "/usr/share/perl/5.30.0/PerlIO/via/QuotedPrint.pm", "/usr/share/perl/5.30.0/Pod/Checker.pm", "/usr/share/perl/5.30.0/Pod/Escapes.pm", "/usr/share/perl/5.30.0/Pod/Find.pm", "/usr/share/perl/5.30.0/Pod/Functions.pm", "/usr/share/perl/5.30.0/Pod/Html.pm", "/usr/share/perl/5.30.0/Pod/InputObjects.pm", "/usr/share/perl/5.30.0/Pod/Man.pm", "/usr/share/perl/5.30.0/Pod/ParseLink.pm", "/usr/share/perl/5.30.0/Pod/ParseUtils.pm", "/usr/share/perl/5.30.0/Pod/Parser.pm", "/usr/share/perl/5.30.0/Pod/Perldoc.pm", "/usr/share/perl/5.30.0/Pod/Perldoc/BaseTo.pm", "/usr/share/perl/5.30.0/Pod/Perldoc/GetOptsOO.pm", "/usr/share/perl/5.30.0/Pod/Perldoc/ToANSI.pm", "/usr/share/perl/5.30.0/Pod/Perldoc/ToChecker.pm", "/usr/share/perl/5.30.0/Pod/Perldoc/ToMan.pm", "/usr/share/perl/5.30.0/Pod/Perldoc/ToNroff.pm", "/usr/share/perl/5.30.0/Pod/Perldoc/ToPod.pm", "/usr/share/perl/5.30.0/Pod/Perldoc/ToRtf.pm", "/usr/share/perl/5.30.0/Pod/Perldoc/ToTerm.pm", "/usr/share/perl/5.30.0/Pod/Perldoc/ToText.pm", "/usr/share/perl/5.30.0/Pod/Perldoc/ToTk.pm", "/usr/share/perl/5.30.0/Pod/Perldoc/ToXml.pm", "/usr/share/perl/5.30.0/Pod/PlainText.pm", "/usr/share/perl/5.30.0/Pod/Select.pm", "/usr/share/perl/5.30.0/Pod/Simple.pm", "/usr/share/perl/5.30.0/Pod/Simple.pod", "/usr/share/perl/5.30.0/Pod/Simple/BlackBox.pm", "/usr/share/perl/5.30.0/Pod/Simple/Checker.pm", "/usr/share/perl/5.30.0/Pod/Simple/Debug.pm", "/usr/share/perl/5.30.0/Pod/Simple/DumpAsText.pm", "/usr/share/perl/5.30.0/Pod/Simple/DumpAsXML.pm", "/usr/share/perl/5.30.0/Pod/Simple/HTML.pm", "/usr/share/perl/5.30.0/Pod/Simple/HTMLBatch.pm", "/usr/share/perl/5.30.0/Pod/Simple/HTMLLegacy.pm", "/usr/share/perl/5.30.0/Pod/Simple/LinkSection.pm", "/usr/share/perl/5.30.0/Pod/Simple/Methody.pm", "/usr/share/perl/5.30.0/Pod/Simple/Progress.pm", "/usr/share/perl/5.30.0/Pod/Simple/PullParser.pm", "/usr/share/perl/5.30.0/Pod/Simple/PullParserEndToken.pm", "/usr/share/perl/5.30.0/Pod/Simple/PullParserStartToken.pm", "/usr/share/perl/5.30.0/Pod/Simple/PullParserTextToken.pm", "/usr/share/perl/5.30.0/Pod/Simple/PullParserToken.pm", "/usr/share/perl/5.30.0/Pod/Simple/RTF.pm", "/usr/share/perl/5.30.0/Pod/Simple/Search.pm", "/usr/share/perl/5.30.0/Pod/Simple/SimpleTree.pm", "/usr/share/perl/5.30.0/Pod/Simple/Subclassing.pod", "/usr/share/perl/5.30.0/Pod/Simple/Text.pm", "/usr/share/perl/5.30.0/Pod/Simple/TextContent.pm", "/usr/share/perl/5.30.0/Pod/Simple/TiedOutFH.pm", "/usr/share/perl/5.30.0/Pod/Simple/Transcode.pm", "/usr/share/perl/5.30.0/Pod/Simple/TranscodeDumb.pm", "/usr/share/perl/5.30.0/Pod/Simple/TranscodeSmart.pm", "/usr/share/perl/5.30.0/Pod/Simple/XHTML.pm", "/usr/share/perl/5.30.0/Pod/Simple/XMLOutStream.pm", "/usr/share/perl/5.30.0/Pod/Text.pm", "/usr/share/perl/5.30.0/Pod/Text/Color.pm", "/usr/share/perl/5.30.0/Pod/Text/Overstrike.pm", "/usr/share/perl/5.30.0/Pod/Text/Termcap.pm", "/usr/share/perl/5.30.0/Pod/Usage.pm", "/usr/share/perl/5.30.0/Safe.pm", "/usr/share/perl/5.30.0/Search/Dict.pm", "/usr/share/perl/5.30.0/SelectSaver.pm", "/usr/share/perl/5.30.0/SelfLoader.pm", "/usr/share/perl/5.30.0/Symbol.pm", "/usr/share/perl/5.30.0/TAP/Base.pm", "/usr/share/perl/5.30.0/TAP/Formatter/Base.pm", "/usr/share/perl/5.30.0/TAP/Formatter/Color.pm", "/usr/share/perl/5.30.0/TAP/Formatter/Console.pm", "/usr/share/perl/5.30.0/TAP/Formatter/Console/ParallelSession.pm", "/usr/share/perl/5.30.0/TAP/Formatter/Console/Session.pm", "/usr/share/perl/5.30.0/TAP/Formatter/File.pm", "/usr/share/perl/5.30.0/TAP/Formatter/File/Session.pm", "/usr/share/perl/5.30.0/TAP/Formatter/Session.pm", "/usr/share/perl/5.30.0/TAP/Harness.pm", "/usr/share/perl/5.30.0/TAP/Harness/Beyond.pod", "/usr/share/perl/5.30.0/TAP/Harness/Env.pm", "/usr/share/perl/5.30.0/TAP/Object.pm", "/usr/share/perl/5.30.0/TAP/Parser.pm", "/usr/share/perl/5.30.0/TAP/Parser/Aggregator.pm", "/usr/share/perl/5.30.0/TAP/Parser/Grammar.pm", "/usr/share/perl/5.30.0/TAP/Parser/Iterator.pm", "/usr/share/perl/5.30.0/TAP/Parser/Iterator/Array.pm", "/usr/share/perl/5.30.0/TAP/Parser/Iterator/Process.pm", "/usr/share/perl/5.30.0/TAP/Parser/Iterator/Stream.pm", "/usr/share/perl/5.30.0/TAP/Parser/IteratorFactory.pm", "/usr/share/perl/5.30.0/TAP/Parser/Multiplexer.pm", "/usr/share/perl/5.30.0/TAP/Parser/Result.pm", "/usr/share/perl/5.30.0/TAP/Parser/Result/Bailout.pm", "/usr/share/perl/5.30.0/TAP/Parser/Result/Comment.pm", "/usr/share/perl/5.30.0/TAP/Parser/Result/Plan.pm", "/usr/share/perl/5.30.0/TAP/Parser/Result/Pragma.pm", "/usr/share/perl/5.30.0/TAP/Parser/Result/Test.pm", "/usr/share/perl/5.30.0/TAP/Parser/Result/Unknown.pm", "/usr/share/perl/5.30.0/TAP/Parser/Result/Version.pm", "/usr/share/perl/5.30.0/TAP/Parser/Result/YAML.pm", "/usr/share/perl/5.30.0/TAP/Parser/ResultFactory.pm", "/usr/share/perl/5.30.0/TAP/Parser/Scheduler.pm", "/usr/share/perl/5.30.0/TAP/Parser/Scheduler/Job.pm", "/usr/share/perl/5.30.0/TAP/Parser/Scheduler/Spinner.pm", "/usr/share/perl/5.30.0/TAP/Parser/Source.pm", "/usr/share/perl/5.30.0/TAP/Parser/SourceHandler.pm", "/usr/share/perl/5.30.0/TAP/Parser/SourceHandler/Executable.pm", "/usr/share/perl/5.30.0/TAP/Parser/SourceHandler/File.pm", "/usr/share/perl/5.30.0/TAP/Parser/SourceHandler/Handle.pm", "/usr/share/perl/5.30.0/TAP/Parser/SourceHandler/Perl.pm", "/usr/share/perl/5.30.0/TAP/Parser/SourceHandler/RawTAP.pm", "/usr/share/perl/5.30.0/TAP/Parser/YAMLish/Reader.pm", "/usr/share/perl/5.30.0/TAP/Parser/YAMLish/Writer.pm", "/usr/share/perl/5.30.0/Term/ANSIColor.pm", "/usr/share/perl/5.30.0/Term/Cap.pm", "/usr/share/perl/5.30.0/Term/Complete.pm", "/usr/share/perl/5.30.0/Term/ReadLine.pm", "/usr/share/perl/5.30.0/Test.pm", "/usr/share/perl/5.30.0/Test/Builder.pm", "/usr/share/perl/5.30.0/Test/Builder/Formatter.pm", "/usr/share/perl/5.30.0/Test/Builder/IO/Scalar.pm", "/usr/share/perl/5.30.0/Test/Builder/Module.pm", "/usr/share/perl/5.30.0/Test/Builder/Tester.pm", "/usr/share/perl/5.30.0/Test/Builder/Tester/Color.pm", "/usr/share/perl/5.30.0/Test/Builder/TodoDiag.pm", "/usr/share/perl/5.30.0/Test/Harness.pm", "/usr/share/perl/5.30.0/Test/More.pm", "/usr/share/perl/5.30.0/Test/Simple.pm", "/usr/share/perl/5.30.0/Test/Tester.pm", "/usr/share/perl/5.30.0/Test/Tester/Capture.pm", "/usr/share/perl/5.30.0/Test/Tester/CaptureRunner.pm", "/usr/share/perl/5.30.0/Test/Tester/Delegate.pm", "/usr/share/perl/5.30.0/Test/Tutorial.pod", "/usr/share/perl/5.30.0/Test/use/ok.pm", "/usr/share/perl/5.30.0/Test2.pm", "/usr/share/perl/5.30.0/Test2/API.pm", "/usr/share/perl/5.30.0/Test2/API/Breakage.pm", "/usr/share/perl/5.30.0/Test2/API/Context.pm", "/usr/share/perl/5.30.0/Test2/API/Instance.pm", "/usr/share/perl/5.30.0/Test2/API/Stack.pm", "/usr/share/perl/5.30.0/Test2/Event.pm", "/usr/share/perl/5.30.0/Test2/Event/Bail.pm", "/usr/share/perl/5.30.0/Test2/Event/Diag.pm", "/usr/share/perl/5.30.0/Test2/Event/Encoding.pm", "/usr/share/perl/5.30.0/Test2/Event/Exception.pm", "/usr/share/perl/5.30.0/Test2/Event/Fail.pm", "/usr/share/perl/5.30.0/Test2/Event/Generic.pm", "/usr/share/perl/5.30.0/Test2/Event/Note.pm", "/usr/share/perl/5.30.0/Test2/Event/Ok.pm", "/usr/share/perl/5.30.0/Test2/Event/Pass.pm", "/usr/share/perl/5.30.0/Test2/Event/Plan.pm", "/usr/share/perl/5.30.0/Test2/Event/Skip.pm", "/usr/share/perl/5.30.0/Test2/Event/Subtest.pm", "/usr/share/perl/5.30.0/Test2/Event/TAP/Version.pm", "/usr/share/perl/5.30.0/Test2/Event/V2.pm", "/usr/share/perl/5.30.0/Test2/Event/Waiting.pm", "/usr/share/perl/5.30.0/Test2/EventFacet.pm", "/usr/share/perl/5.30.0/Test2/EventFacet/About.pm", "/usr/share/perl/5.30.0/Test2/EventFacet/Amnesty.pm", "/usr/share/perl/5.30.0/Test2/EventFacet/Assert.pm", "/usr/share/perl/5.30.0/Test2/EventFacet/Control.pm", "/usr/share/perl/5.30.0/Test2/EventFacet/Error.pm", "/usr/share/perl/5.30.0/Test2/EventFacet/Hub.pm", "/usr/share/perl/5.30.0/Test2/EventFacet/Info.pm", "/usr/share/perl/5.30.0/Test2/EventFacet/Info/Table.pm", "/usr/share/perl/5.30.0/Test2/EventFacet/Meta.pm", "/usr/share/perl/5.30.0/Test2/EventFacet/Parent.pm", "/usr/share/perl/5.30.0/Test2/EventFacet/Plan.pm", "/usr/share/perl/5.30.0/Test2/EventFacet/Render.pm", "/usr/share/perl/5.30.0/Test2/EventFacet/Trace.pm", "/usr/share/perl/5.30.0/Test2/Formatter.pm", "/usr/share/perl/5.30.0/Test2/Formatter/TAP.pm", "/usr/share/perl/5.30.0/Test2/Hub.pm", "/usr/share/perl/5.30.0/Test2/Hub/Interceptor.pm", "/usr/share/perl/5.30.0/Test2/Hub/Interceptor/Terminator.pm", "/usr/share/perl/5.30.0/Test2/Hub/Subtest.pm", "/usr/share/perl/5.30.0/Test2/IPC.pm", "/usr/share/perl/5.30.0/Test2/IPC/Driver.pm", "/usr/share/perl/5.30.0/Test2/IPC/Driver/Files.pm", "/usr/share/perl/5.30.0/Test2/Tools/Tiny.pm", "/usr/share/perl/5.30.0/Test2/Transition.pod", "/usr/share/perl/5.30.0/Test2/Util.pm", "/usr/share/perl/5.30.0/Test2/Util/ExternalMeta.pm", "/usr/share/perl/5.30.0/Test2/Util/Facets2Legacy.pm", "/usr/share/perl/5.30.0/Test2/Util/HashBase.pm", "/usr/share/perl/5.30.0/Test2/Util/Trace.pm", "/usr/share/perl/5.30.0/Text/Abbrev.pm", "/usr/share/perl/5.30.0/Text/Balanced.pm", "/usr/share/perl/5.30.0/Text/ParseWords.pm", "/usr/share/perl/5.30.0/Text/Tabs.pm", "/usr/share/perl/5.30.0/Text/Wrap.pm", "/usr/share/perl/5.30.0/Thread.pm", "/usr/share/perl/5.30.0/Thread/Queue.pm", "/usr/share/perl/5.30.0/Thread/Semaphore.pm", "/usr/share/perl/5.30.0/Tie/Array.pm", "/usr/share/perl/5.30.0/Tie/File.pm", "/usr/share/perl/5.30.0/Tie/Handle.pm", "/usr/share/perl/5.30.0/Tie/Hash.pm", "/usr/share/perl/5.30.0/Tie/Memoize.pm", "/usr/share/perl/5.30.0/Tie/RefHash.pm", "/usr/share/perl/5.30.0/Tie/Scalar.pm", "/usr/share/perl/5.30.0/Tie/StdHandle.pm", "/usr/share/perl/5.30.0/Tie/SubstrHash.pm", "/usr/share/perl/5.30.0/Time/Local.pm", "/usr/share/perl/5.30.0/Time/gmtime.pm", "/usr/share/perl/5.30.0/Time/localtime.pm", "/usr/share/perl/5.30.0/Time/tm.pm", "/usr/share/perl/5.30.0/UNIVERSAL.pm", "/usr/share/perl/5.30.0/Unicode/Collate/CJK/Big5.pm", "/usr/share/perl/5.30.0/Unicode/Collate/CJK/GB2312.pm", "/usr/share/perl/5.30.0/Unicode/Collate/CJK/JISX0208.pm", "/usr/share/perl/5.30.0/Unicode/Collate/CJK/Korean.pm", "/usr/share/perl/5.30.0/Unicode/Collate/CJK/Pinyin.pm", "/usr/share/perl/5.30.0/Unicode/Collate/CJK/Stroke.pm", "/usr/share/perl/5.30.0/Unicode/Collate/CJK/Zhuyin.pm", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/af.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ar.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/as.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/az.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/be.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/bn.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ca.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/cs.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/cu.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/cy.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/da.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/de_at_ph.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/de_phone.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/dsb.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ee.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/eo.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/es.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/es_trad.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/et.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/fa.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/fi.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/fi_phone.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/fil.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/fo.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/fr_ca.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/gu.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ha.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/haw.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/he.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/hi.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/hr.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/hu.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/hy.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ig.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/is.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ja.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/kk.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/kl.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/kn.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ko.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/kok.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/lkt.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ln.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/lt.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/lv.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/mk.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ml.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/mr.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/mt.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/nb.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/nn.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/nso.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/om.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/or.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/pa.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/pl.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ro.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/sa.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/se.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/si.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/si_dict.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/sk.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/sl.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/sq.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/sr.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/sv.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/sv_refo.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ta.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/te.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/th.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/tn.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/to.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/tr.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ug_cyrl.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/uk.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/ur.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/vi.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/vo.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/wae.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/wo.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/yo.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/zh.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/zh_big5.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/zh_gb.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/zh_pin.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/zh_strk.pl", "/usr/share/perl/5.30.0/Unicode/Collate/Locale/zh_zhu.pl", "/usr/share/perl/5.30.0/Unicode/Collate/allkeys.txt", "/usr/share/perl/5.30.0/Unicode/Collate/keys.txt", "/usr/share/perl/5.30.0/Unicode/UCD.pm", "/usr/share/perl/5.30.0/User/grent.pm", "/usr/share/perl/5.30.0/User/pwent.pm", "/usr/share/perl/5.30.0/XSLoader.pm", "/usr/share/perl/5.30.0/_charnames.pm", "/usr/share/perl/5.30.0/autodie.pm", "/usr/share/perl/5.30.0/autodie/Scope/Guard.pm", "/usr/share/perl/5.30.0/autodie/Scope/GuardStack.pm", "/usr/share/perl/5.30.0/autodie/Util.pm", "/usr/share/perl/5.30.0/autodie/exception.pm", "/usr/share/perl/5.30.0/autodie/exception/system.pm", "/usr/share/perl/5.30.0/autodie/hints.pm", "/usr/share/perl/5.30.0/autodie/skip.pm", "/usr/share/perl/5.30.0/autouse.pm", "/usr/share/perl/5.30.0/base.pm", "/usr/share/perl/5.30.0/bigint.pm", "/usr/share/perl/5.30.0/bignum.pm", "/usr/share/perl/5.30.0/bigrat.pm", "/usr/share/perl/5.30.0/blib.pm", "/usr/share/perl/5.30.0/bytes.pm", "/usr/share/perl/5.30.0/bytes_heavy.pl", "/usr/share/perl/5.30.0/charnames.pm", "/usr/share/perl/5.30.0/constant.pm", "/usr/share/perl/5.30.0/deprecate.pm", "/usr/share/perl/5.30.0/diagnostics.pm", "/usr/share/perl/5.30.0/dumpvar.pl", "/usr/share/perl/5.30.0/encoding/warnings.pm", "/usr/share/perl/5.30.0/experimental.pm", "/usr/share/perl/5.30.0/feature.pm", "/usr/share/perl/5.30.0/fields.pm", "/usr/share/perl/5.30.0/filetest.pm", "/usr/share/perl/5.30.0/if.pm", "/usr/share/perl/5.30.0/integer.pm", "/usr/share/perl/5.30.0/less.pm", "/usr/share/perl/5.30.0/locale.pm", "/usr/share/perl/5.30.0/meta_notation.pm", "/usr/share/perl/5.30.0/ok.pm", "/usr/share/perl/5.30.0/open.pm", "/usr/share/perl/5.30.0/overload.pm", "/usr/share/perl/5.30.0/overload/numbers.pm", "/usr/share/perl/5.30.0/overloading.pm", "/usr/share/perl/5.30.0/parent.pm", "/usr/share/perl/5.30.0/perl5db.pl", "/usr/share/perl/5.30.0/perlfaq.pm", "/usr/share/perl/5.30.0/pod/perldiag.pod", "/usr/share/perl/5.30.0/sigtrap.pm", "/usr/share/perl/5.30.0/sort.pm", "/usr/share/perl/5.30.0/strict.pm", "/usr/share/perl/5.30.0/subs.pm", "/usr/share/perl/5.30.0/unicore/Blocks.txt", "/usr/share/perl/5.30.0/unicore/CombiningClass.pl", "/usr/share/perl/5.30.0/unicore/Decomposition.pl", "/usr/share/perl/5.30.0/unicore/Heavy.pl", "/usr/share/perl/5.30.0/unicore/Name.pl", "/usr/share/perl/5.30.0/unicore/Name.pm", "/usr/share/perl/5.30.0/unicore/NamedSequences.txt", "/usr/share/perl/5.30.0/unicore/SpecialCasing.txt", "/usr/share/perl/5.30.0/unicore/To/Age.pl", "/usr/share/perl/5.30.0/unicore/To/Bc.pl", "/usr/share/perl/5.30.0/unicore/To/Bmg.pl", "/usr/share/perl/5.30.0/unicore/To/Bpb.pl", "/usr/share/perl/5.30.0/unicore/To/Bpt.pl", "/usr/share/perl/5.30.0/unicore/To/Cf.pl", "/usr/share/perl/5.30.0/unicore/To/Digit.pl", "/usr/share/perl/5.30.0/unicore/To/Ea.pl", "/usr/share/perl/5.30.0/unicore/To/EqUIdeo.pl", "/usr/share/perl/5.30.0/unicore/To/Fold.pl", "/usr/share/perl/5.30.0/unicore/To/GCB.pl", "/usr/share/perl/5.30.0/unicore/To/Gc.pl", "/usr/share/perl/5.30.0/unicore/To/Hst.pl", "/usr/share/perl/5.30.0/unicore/To/InPC.pl", "/usr/share/perl/5.30.0/unicore/To/InSC.pl", "/usr/share/perl/5.30.0/unicore/To/Isc.pl", "/usr/share/perl/5.30.0/unicore/To/Jg.pl", "/usr/share/perl/5.30.0/unicore/To/Jt.pl", "/usr/share/perl/5.30.0/unicore/To/Lb.pl", "/usr/share/perl/5.30.0/unicore/To/Lc.pl", "/usr/share/perl/5.30.0/unicore/To/Lower.pl", "/usr/share/perl/5.30.0/unicore/To/NFCQC.pl", "/usr/share/perl/5.30.0/unicore/To/NFDQC.pl", "/usr/share/perl/5.30.0/unicore/To/NFKCCF.pl", "/usr/share/perl/5.30.0/unicore/To/NFKCQC.pl", "/usr/share/perl/5.30.0/unicore/To/NFKDQC.pl", "/usr/share/perl/5.30.0/unicore/To/Na1.pl", "/usr/share/perl/5.30.0/unicore/To/NameAlia.pl", "/usr/share/perl/5.30.0/unicore/To/Nt.pl", "/usr/share/perl/5.30.0/unicore/To/Nv.pl", "/usr/share/perl/5.30.0/unicore/To/PerlDeci.pl", "/usr/share/perl/5.30.0/unicore/To/SB.pl", "/usr/share/perl/5.30.0/unicore/To/Sc.pl", "/usr/share/perl/5.30.0/unicore/To/Scx.pl", "/usr/share/perl/5.30.0/unicore/To/Tc.pl", "/usr/share/perl/5.30.0/unicore/To/Title.pl", "/usr/share/perl/5.30.0/unicore/To/Uc.pl", "/usr/share/perl/5.30.0/unicore/To/Upper.pl", "/usr/share/perl/5.30.0/unicore/To/Vo.pl", "/usr/share/perl/5.30.0/unicore/To/WB.pl", "/usr/share/perl/5.30.0/unicore/To/_PerlLB.pl", "/usr/share/perl/5.30.0/unicore/To/_PerlSCX.pl", "/usr/share/perl/5.30.0/unicore/UCD.pl", "/usr/share/perl/5.30.0/unicore/lib/Age/NA.pl", "/usr/share/perl/5.30.0/unicore/lib/Age/V100.pl", "/usr/share/perl/5.30.0/unicore/lib/Age/V11.pl", "/usr/share/perl/5.30.0/unicore/lib/Age/V110.pl", "/usr/share/perl/5.30.0/unicore/lib/Age/V120.pl", "/usr/share/perl/5.30.0/unicore/lib/Age/V20.pl", "/usr/share/perl/5.30.0/unicore/lib/Age/V30.pl", "/usr/share/perl/5.30.0/unicore/lib/Age/V31.pl", "/usr/share/perl/5.30.0/unicore/lib/Age/V32.pl", "/usr/share/perl/5.30.0/unicore/lib/Age/V40.pl", "/usr/share/perl/5.30.0/unicore/lib/Age/V41.pl", "/usr/share/perl/5.30.0/unicore/lib/Age/V50.pl", "/usr/share/perl/5.30.0/unicore/lib/Age/V51.pl", "/usr/share/perl/5.30.0/unicore/lib/Age/V52.pl", "/usr/share/perl/5.30.0/unicore/lib/Age/V60.pl", "/usr/share/perl/5.30.0/unicore/lib/Age/V61.pl", "/usr/share/perl/5.30.0/unicore/lib/Age/V70.pl", "/usr/share/perl/5.30.0/unicore/lib/Age/V80.pl", "/usr/share/perl/5.30.0/unicore/lib/Age/V90.pl", "/usr/share/perl/5.30.0/unicore/lib/Alpha/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/Bc/AL.pl", "/usr/share/perl/5.30.0/unicore/lib/Bc/AN.pl", "/usr/share/perl/5.30.0/unicore/lib/Bc/B.pl", "/usr/share/perl/5.30.0/unicore/lib/Bc/BN.pl", "/usr/share/perl/5.30.0/unicore/lib/Bc/CS.pl", "/usr/share/perl/5.30.0/unicore/lib/Bc/EN.pl", "/usr/share/perl/5.30.0/unicore/lib/Bc/ES.pl", "/usr/share/perl/5.30.0/unicore/lib/Bc/ET.pl", "/usr/share/perl/5.30.0/unicore/lib/Bc/L.pl", "/usr/share/perl/5.30.0/unicore/lib/Bc/NSM.pl", "/usr/share/perl/5.30.0/unicore/lib/Bc/ON.pl", "/usr/share/perl/5.30.0/unicore/lib/Bc/R.pl", "/usr/share/perl/5.30.0/unicore/lib/Bc/WS.pl", "/usr/share/perl/5.30.0/unicore/lib/BidiC/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/BidiM/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/Blk/NB.pl", "/usr/share/perl/5.30.0/unicore/lib/Bpt/C.pl", "/usr/share/perl/5.30.0/unicore/lib/Bpt/N.pl", "/usr/share/perl/5.30.0/unicore/lib/Bpt/O.pl", "/usr/share/perl/5.30.0/unicore/lib/CE/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/CI/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/CWCF/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/CWCM/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/CWKCF/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/CWL/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/CWT/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/CWU/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/Cased/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/Ccc/A.pl", "/usr/share/perl/5.30.0/unicore/lib/Ccc/AL.pl", "/usr/share/perl/5.30.0/unicore/lib/Ccc/AR.pl", "/usr/share/perl/5.30.0/unicore/lib/Ccc/ATAR.pl", "/usr/share/perl/5.30.0/unicore/lib/Ccc/B.pl", "/usr/share/perl/5.30.0/unicore/lib/Ccc/BR.pl", "/usr/share/perl/5.30.0/unicore/lib/Ccc/DB.pl", "/usr/share/perl/5.30.0/unicore/lib/Ccc/NK.pl", "/usr/share/perl/5.30.0/unicore/lib/Ccc/NR.pl", "/usr/share/perl/5.30.0/unicore/lib/Ccc/OV.pl", "/usr/share/perl/5.30.0/unicore/lib/Ccc/VR.pl", "/usr/share/perl/5.30.0/unicore/lib/CompEx/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/DI/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/Dash/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/Dep/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/Dia/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/Dt/Com.pl", "/usr/share/perl/5.30.0/unicore/lib/Dt/Enc.pl", "/usr/share/perl/5.30.0/unicore/lib/Dt/Fin.pl", "/usr/share/perl/5.30.0/unicore/lib/Dt/Font.pl", "/usr/share/perl/5.30.0/unicore/lib/Dt/Init.pl", "/usr/share/perl/5.30.0/unicore/lib/Dt/Iso.pl", "/usr/share/perl/5.30.0/unicore/lib/Dt/Med.pl", "/usr/share/perl/5.30.0/unicore/lib/Dt/Nar.pl", "/usr/share/perl/5.30.0/unicore/lib/Dt/Nb.pl", "/usr/share/perl/5.30.0/unicore/lib/Dt/NonCanon.pl", "/usr/share/perl/5.30.0/unicore/lib/Dt/Sqr.pl", "/usr/share/perl/5.30.0/unicore/lib/Dt/Sub.pl", "/usr/share/perl/5.30.0/unicore/lib/Dt/Sup.pl", "/usr/share/perl/5.30.0/unicore/lib/Dt/Vert.pl", "/usr/share/perl/5.30.0/unicore/lib/Ea/A.pl", "/usr/share/perl/5.30.0/unicore/lib/Ea/H.pl", "/usr/share/perl/5.30.0/unicore/lib/Ea/N.pl", "/usr/share/perl/5.30.0/unicore/lib/Ea/Na.pl", "/usr/share/perl/5.30.0/unicore/lib/Ea/W.pl", "/usr/share/perl/5.30.0/unicore/lib/Ext/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/GCB/CN.pl", "/usr/share/perl/5.30.0/unicore/lib/GCB/EX.pl", "/usr/share/perl/5.30.0/unicore/lib/GCB/LV.pl", "/usr/share/perl/5.30.0/unicore/lib/GCB/LVT.pl", "/usr/share/perl/5.30.0/unicore/lib/GCB/PP.pl", "/usr/share/perl/5.30.0/unicore/lib/GCB/SM.pl", "/usr/share/perl/5.30.0/unicore/lib/GCB/XX.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/C.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/Cf.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/Cn.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/L.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/LC.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/Ll.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/Lm.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/Lo.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/Lu.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/M.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/Mc.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/Me.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/Mn.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/N.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/Nd.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/Nl.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/No.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/P.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/Pc.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/Pd.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/Pe.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/Pf.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/Pi.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/Po.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/Ps.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/S.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/Sc.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/Sk.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/Sm.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/So.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/Z.pl", "/usr/share/perl/5.30.0/unicore/lib/Gc/Zs.pl", "/usr/share/perl/5.30.0/unicore/lib/GrBase/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/GrExt/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/Hex/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/Hst/NA.pl", "/usr/share/perl/5.30.0/unicore/lib/Hyphen/T.pl", "/usr/share/perl/5.30.0/unicore/lib/IDC/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/IDS/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/Ideo/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/In/10_0.pl", "/usr/share/perl/5.30.0/unicore/lib/In/11_0.pl", "/usr/share/perl/5.30.0/unicore/lib/In/12_0.pl", "/usr/share/perl/5.30.0/unicore/lib/In/12_1.pl", "/usr/share/perl/5.30.0/unicore/lib/In/2_0.pl", "/usr/share/perl/5.30.0/unicore/lib/In/2_1.pl", "/usr/share/perl/5.30.0/unicore/lib/In/3_0.pl", "/usr/share/perl/5.30.0/unicore/lib/In/3_1.pl", "/usr/share/perl/5.30.0/unicore/lib/In/3_2.pl", "/usr/share/perl/5.30.0/unicore/lib/In/4_0.pl", "/usr/share/perl/5.30.0/unicore/lib/In/4_1.pl", "/usr/share/perl/5.30.0/unicore/lib/In/5_0.pl", "/usr/share/perl/5.30.0/unicore/lib/In/5_1.pl", "/usr/share/perl/5.30.0/unicore/lib/In/5_2.pl", "/usr/share/perl/5.30.0/unicore/lib/In/6_0.pl", "/usr/share/perl/5.30.0/unicore/lib/In/6_1.pl", "/usr/share/perl/5.30.0/unicore/lib/In/6_2.pl", "/usr/share/perl/5.30.0/unicore/lib/In/6_3.pl", "/usr/share/perl/5.30.0/unicore/lib/In/7_0.pl", "/usr/share/perl/5.30.0/unicore/lib/In/8_0.pl", "/usr/share/perl/5.30.0/unicore/lib/In/9_0.pl", "/usr/share/perl/5.30.0/unicore/lib/InPC/Bottom.pl", "/usr/share/perl/5.30.0/unicore/lib/InPC/Left.pl", "/usr/share/perl/5.30.0/unicore/lib/InPC/LeftAndR.pl", "/usr/share/perl/5.30.0/unicore/lib/InPC/NA.pl", "/usr/share/perl/5.30.0/unicore/lib/InPC/Overstru.pl", "/usr/share/perl/5.30.0/unicore/lib/InPC/Right.pl", "/usr/share/perl/5.30.0/unicore/lib/InPC/Top.pl", "/usr/share/perl/5.30.0/unicore/lib/InPC/TopAndBo.pl", "/usr/share/perl/5.30.0/unicore/lib/InPC/TopAndL2.pl", "/usr/share/perl/5.30.0/unicore/lib/InPC/TopAndLe.pl", "/usr/share/perl/5.30.0/unicore/lib/InPC/TopAndRi.pl", "/usr/share/perl/5.30.0/unicore/lib/InPC/VisualOr.pl", "/usr/share/perl/5.30.0/unicore/lib/InSC/Avagraha.pl", "/usr/share/perl/5.30.0/unicore/lib/InSC/Bindu.pl", "/usr/share/perl/5.30.0/unicore/lib/InSC/Cantilla.pl", "/usr/share/perl/5.30.0/unicore/lib/InSC/Consona2.pl", "/usr/share/perl/5.30.0/unicore/lib/InSC/Consona3.pl", "/usr/share/perl/5.30.0/unicore/lib/InSC/Consona4.pl", "/usr/share/perl/5.30.0/unicore/lib/InSC/Consona5.pl", "/usr/share/perl/5.30.0/unicore/lib/InSC/Consona6.pl", "/usr/share/perl/5.30.0/unicore/lib/InSC/Consona7.pl", "/usr/share/perl/5.30.0/unicore/lib/InSC/Consonan.pl", "/usr/share/perl/5.30.0/unicore/lib/InSC/Invisibl.pl", "/usr/share/perl/5.30.0/unicore/lib/InSC/Nukta.pl", "/usr/share/perl/5.30.0/unicore/lib/InSC/Number.pl", "/usr/share/perl/5.30.0/unicore/lib/InSC/Other.pl", "/usr/share/perl/5.30.0/unicore/lib/InSC/PureKill.pl", "/usr/share/perl/5.30.0/unicore/lib/InSC/Syllable.pl", "/usr/share/perl/5.30.0/unicore/lib/InSC/ToneMark.pl", "/usr/share/perl/5.30.0/unicore/lib/InSC/Virama.pl", "/usr/share/perl/5.30.0/unicore/lib/InSC/Visarga.pl", "/usr/share/perl/5.30.0/unicore/lib/InSC/Vowel.pl", "/usr/share/perl/5.30.0/unicore/lib/InSC/VowelDep.pl", "/usr/share/perl/5.30.0/unicore/lib/InSC/VowelInd.pl", "/usr/share/perl/5.30.0/unicore/lib/Jg/Ain.pl", "/usr/share/perl/5.30.0/unicore/lib/Jg/Alef.pl", "/usr/share/perl/5.30.0/unicore/lib/Jg/Beh.pl", "/usr/share/perl/5.30.0/unicore/lib/Jg/Dal.pl", "/usr/share/perl/5.30.0/unicore/lib/Jg/FarsiYeh.pl", "/usr/share/perl/5.30.0/unicore/lib/Jg/Feh.pl", "/usr/share/perl/5.30.0/unicore/lib/Jg/Gaf.pl", "/usr/share/perl/5.30.0/unicore/lib/Jg/Hah.pl", "/usr/share/perl/5.30.0/unicore/lib/Jg/HanifiRo.pl", "/usr/share/perl/5.30.0/unicore/lib/Jg/Kaf.pl", "/usr/share/perl/5.30.0/unicore/lib/Jg/Lam.pl", "/usr/share/perl/5.30.0/unicore/lib/Jg/NoJoinin.pl", "/usr/share/perl/5.30.0/unicore/lib/Jg/Qaf.pl", "/usr/share/perl/5.30.0/unicore/lib/Jg/Reh.pl", "/usr/share/perl/5.30.0/unicore/lib/Jg/Sad.pl", "/usr/share/perl/5.30.0/unicore/lib/Jg/Seen.pl", "/usr/share/perl/5.30.0/unicore/lib/Jg/Waw.pl", "/usr/share/perl/5.30.0/unicore/lib/Jg/Yeh.pl", "/usr/share/perl/5.30.0/unicore/lib/Jt/C.pl", "/usr/share/perl/5.30.0/unicore/lib/Jt/D.pl", "/usr/share/perl/5.30.0/unicore/lib/Jt/L.pl", "/usr/share/perl/5.30.0/unicore/lib/Jt/R.pl", "/usr/share/perl/5.30.0/unicore/lib/Jt/T.pl", "/usr/share/perl/5.30.0/unicore/lib/Jt/U.pl", "/usr/share/perl/5.30.0/unicore/lib/Lb/AI.pl", "/usr/share/perl/5.30.0/unicore/lib/Lb/AL.pl", "/usr/share/perl/5.30.0/unicore/lib/Lb/BA.pl", "/usr/share/perl/5.30.0/unicore/lib/Lb/BB.pl", "/usr/share/perl/5.30.0/unicore/lib/Lb/CJ.pl", "/usr/share/perl/5.30.0/unicore/lib/Lb/CL.pl", "/usr/share/perl/5.30.0/unicore/lib/Lb/CM.pl", "/usr/share/perl/5.30.0/unicore/lib/Lb/EB.pl", "/usr/share/perl/5.30.0/unicore/lib/Lb/EX.pl", "/usr/share/perl/5.30.0/unicore/lib/Lb/GL.pl", "/usr/share/perl/5.30.0/unicore/lib/Lb/ID.pl", "/usr/share/perl/5.30.0/unicore/lib/Lb/IN.pl", "/usr/share/perl/5.30.0/unicore/lib/Lb/IS.pl", "/usr/share/perl/5.30.0/unicore/lib/Lb/NS.pl", "/usr/share/perl/5.30.0/unicore/lib/Lb/NU.pl", "/usr/share/perl/5.30.0/unicore/lib/Lb/OP.pl", "/usr/share/perl/5.30.0/unicore/lib/Lb/PO.pl", "/usr/share/perl/5.30.0/unicore/lib/Lb/PR.pl", "/usr/share/perl/5.30.0/unicore/lib/Lb/QU.pl", "/usr/share/perl/5.30.0/unicore/lib/Lb/SA.pl", "/usr/share/perl/5.30.0/unicore/lib/Lb/XX.pl", "/usr/share/perl/5.30.0/unicore/lib/Lower/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/Math/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/NFCQC/M.pl", "/usr/share/perl/5.30.0/unicore/lib/NFCQC/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/NFDQC/N.pl", "/usr/share/perl/5.30.0/unicore/lib/NFDQC/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/NFKCQC/N.pl", "/usr/share/perl/5.30.0/unicore/lib/NFKCQC/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/NFKDQC/N.pl", "/usr/share/perl/5.30.0/unicore/lib/NFKDQC/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/Nt/Di.pl", "/usr/share/perl/5.30.0/unicore/lib/Nt/None.pl", "/usr/share/perl/5.30.0/unicore/lib/Nt/Nu.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/0.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/1.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/10.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/100.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/1000.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/10000.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/100000.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/11.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/12.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/13.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/14.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/15.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/16.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/17.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/18.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/19.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/1_16.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/1_2.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/1_3.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/1_4.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/1_6.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/1_8.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/2.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/20.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/200.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/2000.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/20000.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/2_3.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/3.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/30.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/300.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/3000.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/30000.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/3_16.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/3_4.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/4.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/40.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/400.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/4000.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/40000.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/5.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/50.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/500.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/5000.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/50000.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/6.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/60.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/600.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/6000.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/60000.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/7.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/70.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/700.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/7000.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/70000.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/8.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/80.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/800.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/8000.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/80000.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/9.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/90.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/900.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/9000.pl", "/usr/share/perl/5.30.0/unicore/lib/Nv/90000.pl", "/usr/share/perl/5.30.0/unicore/lib/PCM/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/PatSyn/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/Perl/Alnum.pl", "/usr/share/perl/5.30.0/unicore/lib/Perl/Assigned.pl", "/usr/share/perl/5.30.0/unicore/lib/Perl/Blank.pl", "/usr/share/perl/5.30.0/unicore/lib/Perl/Graph.pl", "/usr/share/perl/5.30.0/unicore/lib/Perl/PerlWord.pl", "/usr/share/perl/5.30.0/unicore/lib/Perl/PosixPun.pl", "/usr/share/perl/5.30.0/unicore/lib/Perl/Print.pl", "/usr/share/perl/5.30.0/unicore/lib/Perl/SpacePer.pl", "/usr/share/perl/5.30.0/unicore/lib/Perl/Title.pl", "/usr/share/perl/5.30.0/unicore/lib/Perl/Word.pl", "/usr/share/perl/5.30.0/unicore/lib/Perl/XPosixPu.pl", "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlAny.pl", "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlCh2.pl", "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlCha.pl", "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlFol.pl", "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlIDC.pl", "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlIDS.pl", "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlIsI.pl", "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlNch.pl", "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlNon.pl", "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlPat.pl", "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlPr2.pl", "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlPro.pl", "/usr/share/perl/5.30.0/unicore/lib/Perl/_PerlQuo.pl", "/usr/share/perl/5.30.0/unicore/lib/QMark/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/SB/AT.pl", "/usr/share/perl/5.30.0/unicore/lib/SB/CL.pl", "/usr/share/perl/5.30.0/unicore/lib/SB/EX.pl", "/usr/share/perl/5.30.0/unicore/lib/SB/FO.pl", "/usr/share/perl/5.30.0/unicore/lib/SB/LE.pl", "/usr/share/perl/5.30.0/unicore/lib/SB/LO.pl", "/usr/share/perl/5.30.0/unicore/lib/SB/NU.pl", "/usr/share/perl/5.30.0/unicore/lib/SB/SC.pl", "/usr/share/perl/5.30.0/unicore/lib/SB/ST.pl", "/usr/share/perl/5.30.0/unicore/lib/SB/Sp.pl", "/usr/share/perl/5.30.0/unicore/lib/SB/UP.pl", "/usr/share/perl/5.30.0/unicore/lib/SB/XX.pl", "/usr/share/perl/5.30.0/unicore/lib/SD/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/STerm/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Arab.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Armn.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Beng.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Cprt.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Cyrl.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Deva.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Dupl.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Geor.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Glag.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Gong.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Gonm.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Gran.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Grek.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Gujr.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Guru.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Han.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Hang.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Hira.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Kana.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Knda.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Latn.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Limb.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Linb.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Mlym.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Mong.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Mult.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Orya.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Sinh.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Syrc.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Taml.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Telu.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Zinh.pl", "/usr/share/perl/5.30.0/unicore/lib/Sc/Zyyy.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Adlm.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Arab.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Armn.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Beng.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Bhks.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Bopo.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Cakm.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Cham.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Copt.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Cprt.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Cyrl.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Deva.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Dupl.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Ethi.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Geor.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Glag.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Gong.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Gonm.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Gran.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Grek.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Gujr.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Guru.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Han.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Hang.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Hebr.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Hira.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Hmng.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Hmnp.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Kana.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Khar.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Khmr.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Khoj.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Knda.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Kthi.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Lana.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Lao.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Latn.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Limb.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Lina.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Linb.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Mlym.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Mong.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Mult.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Mymr.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Nand.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Orya.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Phlp.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Rohg.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Shrd.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Sind.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Sinh.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Syrc.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Tagb.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Takr.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Talu.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Taml.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Telu.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Thaa.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Tibt.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Tirh.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Xsux.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Yi.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Zinh.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Zyyy.pl", "/usr/share/perl/5.30.0/unicore/lib/Scx/Zzzz.pl", "/usr/share/perl/5.30.0/unicore/lib/Term/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/UIdeo/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/Upper/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/Vo/R.pl", "/usr/share/perl/5.30.0/unicore/lib/Vo/Tr.pl", "/usr/share/perl/5.30.0/unicore/lib/Vo/Tu.pl", "/usr/share/perl/5.30.0/unicore/lib/Vo/U.pl", "/usr/share/perl/5.30.0/unicore/lib/WB/EX.pl", "/usr/share/perl/5.30.0/unicore/lib/WB/Extend.pl", "/usr/share/perl/5.30.0/unicore/lib/WB/FO.pl", "/usr/share/perl/5.30.0/unicore/lib/WB/HL.pl", "/usr/share/perl/5.30.0/unicore/lib/WB/KA.pl", "/usr/share/perl/5.30.0/unicore/lib/WB/LE.pl", "/usr/share/perl/5.30.0/unicore/lib/WB/MB.pl", "/usr/share/perl/5.30.0/unicore/lib/WB/ML.pl", "/usr/share/perl/5.30.0/unicore/lib/WB/MN.pl", "/usr/share/perl/5.30.0/unicore/lib/WB/NU.pl", "/usr/share/perl/5.30.0/unicore/lib/WB/WSegSpac.pl", "/usr/share/perl/5.30.0/unicore/lib/WB/XX.pl", "/usr/share/perl/5.30.0/unicore/lib/XIDC/Y.pl", "/usr/share/perl/5.30.0/unicore/lib/XIDS/Y.pl", "/usr/share/perl/5.30.0/unicore/uni_keywords.pl", "/usr/share/perl/5.30.0/unicore/version", "/usr/share/perl/5.30.0/utf8.pm", "/usr/share/perl/5.30.0/utf8_heavy.pl", "/usr/share/perl/5.30.0/vars.pm", "/usr/share/perl/5.30.0/version.pm", "/usr/share/perl/5.30.0/version.pod", "/usr/share/perl/5.30.0/version/Internals.pod", "/usr/share/perl/5.30.0/version/regex.pm", "/usr/share/perl/5.30.0/vmsish.pm", "/usr/share/perl/5.30.0/warnings.pm", "/usr/share/perl/5.30.0/warnings/register.pm" ], "AnalyzedBy": "dpkg" }, { "ID": "procps@2:3.3.16-1ubuntu2.3", "Name": "procps", "Identifier": { "PURL": "pkg:deb/ubuntu/procps@3.3.16-1ubuntu2.3?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=2", "UID": "2e438941f5c4c412" }, "Version": "3.3.16", "Release": "1ubuntu2.3", "Epoch": 2, "Arch": "amd64", "SrcName": "procps", "SrcVersion": "3.3.16", "SrcRelease": "1ubuntu2.3", "SrcEpoch": 2, "Licenses": [ "LGPL-2.1-or-later", "LGPL-2.0-or-later", "GPL-2.0-or-later", "GPL-2.0-only", "LGPL-2.0-only", "LGPL-2.1-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "init-system-helpers@1.57", "libc6@2.31-0ubuntu9.9", "libncurses6@6.2-0ubuntu2", "libncursesw6@6.2-0ubuntu2", "libprocps8@2:3.3.16-1ubuntu2.3", "libtinfo6@6.2-0ubuntu2", "lsb-base@11.1.0ubuntu2" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/bin/kill", "/bin/ps", "/sbin/sysctl", "/usr/bin/free", "/usr/bin/pgrep", "/usr/bin/pmap", "/usr/bin/pwdx", "/usr/bin/skill", "/usr/bin/slabtop", "/usr/bin/tload", "/usr/bin/top", "/usr/bin/uptime", "/usr/bin/vmstat", "/usr/bin/w.procps", "/usr/bin/watch", "/usr/lib/sysctl.d/protect-links.conf", "/usr/share/bug/procps/presubj", "/usr/share/doc/procps/FAQ.gz", "/usr/share/doc/procps/README.Debian", "/usr/share/doc/procps/TODO.gz", "/usr/share/doc/procps/bugs.md", "/usr/share/doc/procps/copyright", "/usr/share/doc/procps/examples/sysctl.conf", "/usr/share/lintian/overrides/procps", "/usr/share/man/de/man1/w.1.gz", "/usr/share/man/man1/free.1.gz", "/usr/share/man/man1/kill.1.gz", "/usr/share/man/man1/pgrep.1.gz", "/usr/share/man/man1/pmap.1.gz", "/usr/share/man/man1/procps.1.gz", "/usr/share/man/man1/ps.1.gz", "/usr/share/man/man1/pwdx.1.gz", "/usr/share/man/man1/skill.1.gz", "/usr/share/man/man1/slabtop.1.gz", "/usr/share/man/man1/tload.1.gz", "/usr/share/man/man1/top.1.gz", "/usr/share/man/man1/uptime.1.gz", "/usr/share/man/man1/w.procps.1.gz", "/usr/share/man/man1/watch.1.gz", "/usr/share/man/man3/openproc.3.gz", "/usr/share/man/man3/readproc.3.gz", "/usr/share/man/man3/readproctab.3.gz", "/usr/share/man/man5/sysctl.conf.5.gz", "/usr/share/man/man8/sysctl.8.gz", "/usr/share/man/man8/vmstat.8.gz", "/usr/share/menu/procps" ], "AnalyzedBy": "dpkg" }, { "ID": "psmisc@23.3-1", "Name": "psmisc", "Identifier": { "PURL": "pkg:deb/ubuntu/psmisc@23.3-1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "d4b50a8f897d1f4" }, "Version": "23.3", "Release": "1", "Arch": "amd64", "SrcName": "psmisc", "SrcVersion": "23.3", "SrcRelease": "1", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libselinux1@3.0-1build2", "libtinfo6@6.2-0ubuntu2" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/bin/fuser", "/usr/bin/killall", "/usr/bin/peekfd", "/usr/bin/prtstat", "/usr/bin/pslog", "/usr/bin/pstree", "/usr/share/doc/psmisc/README.Debian", "/usr/share/doc/psmisc/README.md", "/usr/share/doc/psmisc/changelog.Debian.gz", "/usr/share/doc/psmisc/copyright", "/usr/share/man/man1/fuser.1.gz", "/usr/share/man/man1/killall.1.gz", "/usr/share/man/man1/peekfd.1.gz", "/usr/share/man/man1/prtstat.1.gz", "/usr/share/man/man1/pslog.1.gz", "/usr/share/man/man1/pstree.1.gz", "/usr/share/menu/psmisc", "/usr/share/pixmaps/pstree16.xpm", "/usr/share/pixmaps/pstree32.xpm" ], "AnalyzedBy": "dpkg" }, { "ID": "pwgen@2.08-2", "Name": "pwgen", "Identifier": { "PURL": "pkg:deb/ubuntu/pwgen@2.08-2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "4a7a5c2fdec829c3" }, "Version": "2.08", "Release": "2", "Arch": "amd64", "SrcName": "pwgen", "SrcVersion": "2.08", "SrcRelease": "2", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "InstalledFiles": [ "/usr/bin/pwgen", "/usr/share/doc/pwgen/changelog.Debian.gz", "/usr/share/doc/pwgen/copyright", "/usr/share/man/man1/pwgen.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "readline-common@8.0-4", "Name": "readline-common", "Identifier": { "PURL": "pkg:deb/ubuntu/readline-common@8.0-4?arch=all\u0026distro=ubuntu-20.04", "UID": "f219905ad569d7cb" }, "Version": "8.0", "Release": "4", "Arch": "all", "SrcName": "readline", "SrcVersion": "8.0", "SrcRelease": "4", "Licenses": [ "GPL-3.0-only", "GFDL-1.3-or-later" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "dpkg@1.19.7ubuntu3.2" ], "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "InstalledFiles": [ "/usr/share/doc/readline-common/changelog.Debian.gz", "/usr/share/doc/readline-common/copyright", "/usr/share/doc/readline-common/inputrc.arrows", "/usr/share/info/rluserman.info.gz", "/usr/share/lintian/overrides/readline-common", "/usr/share/man/man3/history.3readline.gz", "/usr/share/man/man3/readline.3readline.gz", "/usr/share/readline/inputrc" ], "AnalyzedBy": "dpkg" }, { "ID": "rsync@3.1.3-8ubuntu0.5", "Name": "rsync", "Identifier": { "PURL": "pkg:deb/ubuntu/rsync@3.1.3-8ubuntu0.5?arch=amd64\u0026distro=ubuntu-20.04", "UID": "9f4dd363bd033b68" }, "Version": "3.1.3", "Release": "8ubuntu0.5", "Arch": "amd64", "SrcName": "rsync", "SrcVersion": "3.1.3", "SrcRelease": "8ubuntu0.5", "Licenses": [ "GPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libacl1@2.2.53-6", "libc6@2.31-0ubuntu9.9", "libpopt0@1.16-14", "lsb-base@11.1.0ubuntu2" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/lib/systemd/system/rsync.service", "/usr/bin/rsync", "/usr/share/doc/rsync/NEWS.Debian.gz", "/usr/share/doc/rsync/README.Debian", "/usr/share/doc/rsync/changelog.Debian.gz", "/usr/share/doc/rsync/copyright", "/usr/share/doc/rsync/examples/logrotate.conf.rsync", "/usr/share/doc/rsync/examples/rsyncd.conf", "/usr/share/lintian/overrides/rsync", "/usr/share/man/man1/rsync.1.gz", "/usr/share/man/man5/rsyncd.conf.5.gz", "/usr/share/rsync/scripts/atomic-rsync", "/usr/share/rsync/scripts/cull_options", "/usr/share/rsync/scripts/cvs2includes", "/usr/share/rsync/scripts/file-attr-restore", "/usr/share/rsync/scripts/files-to-excludes", "/usr/share/rsync/scripts/git-set-file-times", "/usr/share/rsync/scripts/logfilter", "/usr/share/rsync/scripts/lsh", "/usr/share/rsync/scripts/mnt-excl", "/usr/share/rsync/scripts/munge-symlinks", "/usr/share/rsync/scripts/rrsync", "/usr/share/rsync/scripts/rsyncstats" ], "AnalyzedBy": "dpkg" }, { "ID": "sed@4.7-1", "Name": "sed", "Identifier": { "PURL": "pkg:deb/ubuntu/sed@4.7-1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "7b2d46e37a3b9f9f" }, "Version": "4.7", "Release": "1", "Arch": "amd64", "SrcName": "sed", "SrcVersion": "4.7", "SrcRelease": "1", "Licenses": [ "GPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/bin/sed", "/usr/share/doc/sed/AUTHORS", "/usr/share/doc/sed/BUGS.gz", "/usr/share/doc/sed/NEWS.gz", "/usr/share/doc/sed/README", "/usr/share/doc/sed/THANKS.gz", "/usr/share/doc/sed/changelog.Debian.gz", "/usr/share/doc/sed/copyright", "/usr/share/doc/sed/examples/dc.sed.gz", "/usr/share/doc/sed/sedfaq.txt.gz", "/usr/share/info/sed.info.gz", "/usr/share/man/man1/sed.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "sensible-utils@0.0.12+nmu1", "Name": "sensible-utils", "Identifier": { "PURL": "pkg:deb/ubuntu/sensible-utils@0.0.12%2Bnmu1?arch=all\u0026distro=ubuntu-20.04", "UID": "ead6f16917c55499" }, "Version": "0.0.12+nmu1", "Arch": "all", "SrcName": "sensible-utils", "SrcVersion": "0.0.12+nmu1", "Licenses": [ "GPL-2.0-or-later", "All-permissive", "configure", "installsh", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/usr/bin/select-editor", "/usr/bin/sensible-browser", "/usr/bin/sensible-editor", "/usr/bin/sensible-pager", "/usr/lib/mime/packages/sensible-utils", "/usr/share/doc/sensible-utils/changelog.gz", "/usr/share/doc/sensible-utils/copyright", "/usr/share/man/cs/man1/sensible-editor.1.gz", "/usr/share/man/de/man1/sensible-editor.1.gz", "/usr/share/man/es/man1/sensible-editor.1.gz", "/usr/share/man/fr/man1/sensible-editor.1.gz", "/usr/share/man/it/man1/sensible-editor.1.gz", "/usr/share/man/ja/man1/sensible-editor.1.gz", "/usr/share/man/man1/select-editor.1.gz", "/usr/share/man/man1/sensible-browser.1.gz", "/usr/share/man/man1/sensible-editor.1.gz", "/usr/share/man/man1/sensible-pager.1.gz", "/usr/share/man/pl/man1/sensible-editor.1.gz", "/usr/share/man/pt/man1/sensible-editor.1.gz", "/usr/share/sensible-utils/bin/gettext" ], "AnalyzedBy": "dpkg" }, { "ID": "socat@1.7.3.3-2", "Name": "socat", "Identifier": { "PURL": "pkg:deb/ubuntu/socat@1.7.3.3-2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "5a107641e68652a2" }, "Version": "1.7.3.3", "Release": "2", "Arch": "amd64", "SrcName": "socat", "SrcVersion": "1.7.3.3", "SrcRelease": "2", "Licenses": [ "GPL-2.0-only", "GPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libssl1.1@1.1.1f-1ubuntu2.17", "libwrap0@7.6.q-30" ], "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "InstalledFiles": [ "/usr/bin/filan", "/usr/bin/procan", "/usr/bin/socat", "/usr/share/doc-base/socat", "/usr/share/doc/socat/BUGREPORTS", "/usr/share/doc/socat/DEVELOPMENT.gz", "/usr/share/doc/socat/EXAMPLES.gz", "/usr/share/doc/socat/FAQ", "/usr/share/doc/socat/NEWS.Debian.gz", "/usr/share/doc/socat/PORTING", "/usr/share/doc/socat/README.Debian", "/usr/share/doc/socat/README.FIPS", "/usr/share/doc/socat/README.gz", "/usr/share/doc/socat/SECURITY", "/usr/share/doc/socat/changelog.Debian.gz", "/usr/share/doc/socat/copyright", "/usr/share/doc/socat/dest-unreach.css", "/usr/share/doc/socat/examples/daemon.sh", "/usr/share/doc/socat/examples/ftp.sh", "/usr/share/doc/socat/examples/mail.sh", "/usr/share/doc/socat/examples/proxy.sh", "/usr/share/doc/socat/examples/proxyecho.sh", "/usr/share/doc/socat/examples/readline-test.sh", "/usr/share/doc/socat/examples/readline.sh", "/usr/share/doc/socat/examples/socks4a-echo.sh", "/usr/share/doc/socat/examples/socks4echo.sh", "/usr/share/doc/socat/examples/test.sh", "/usr/share/doc/socat/index.html", "/usr/share/doc/socat/socat-genericsocket.html", "/usr/share/doc/socat/socat-multicast.html", "/usr/share/doc/socat/socat-openssltunnel.html", "/usr/share/doc/socat/socat-tun.html", "/usr/share/doc/socat/socat.html", "/usr/share/doc/socat/xio.help.gz", "/usr/share/lintian/overrides/socat", "/usr/share/man/man1/socat.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "sysvinit-utils@2.96-2.1ubuntu1", "Name": "sysvinit-utils", "Identifier": { "PURL": "pkg:deb/ubuntu/sysvinit-utils@2.96-2.1ubuntu1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "4abc2fedcb9de463" }, "Version": "2.96", "Release": "2.1ubuntu1", "Arch": "amd64", "SrcName": "sysvinit", "SrcVersion": "2.96", "SrcRelease": "2.1ubuntu1", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "init-system-helpers@1.57", "libc6@2.31-0ubuntu9.9", "lsb-base@11.1.0ubuntu2", "util-linux@2.34-0.1ubuntu9.3" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/init/init-d-script", "/lib/init/vars.sh", "/sbin/fstab-decode", "/sbin/killall5", "/usr/share/doc/sysvinit-utils/copyright", "/usr/share/man/man5/init-d-script.5.gz", "/usr/share/man/man8/fstab-decode.8.gz", "/usr/share/man/man8/killall5.8.gz", "/usr/share/man/man8/pidof.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "tar@1.30+dfsg-7ubuntu0.20.04.3", "Name": "tar", "Identifier": { "PURL": "pkg:deb/ubuntu/tar@1.30%2Bdfsg-7ubuntu0.20.04.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "9e3a2b3027b922ad" }, "Version": "1.30+dfsg", "Release": "7ubuntu0.20.04.3", "Arch": "amd64", "SrcName": "tar", "SrcVersion": "1.30+dfsg", "SrcRelease": "7ubuntu0.20.04.3", "Licenses": [ "GPL-3.0-only", "GPL-2.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/bin/tar", "/usr/lib/mime/packages/tar", "/usr/sbin/rmt-tar", "/usr/sbin/tarcat", "/usr/share/doc/tar/AUTHORS", "/usr/share/doc/tar/NEWS.gz", "/usr/share/doc/tar/README.Debian", "/usr/share/doc/tar/THANKS.gz", "/usr/share/doc/tar/changelog.Debian.gz", "/usr/share/doc/tar/copyright", "/usr/share/man/man1/tar.1.gz", "/usr/share/man/man1/tarcat.1.gz", "/usr/share/man/man8/rmt-tar.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "tzdata@2023c-0ubuntu0.20.04.0", "Name": "tzdata", "Identifier": { "PURL": "pkg:deb/ubuntu/tzdata@2023c-0ubuntu0.20.04.0?arch=all\u0026distro=ubuntu-20.04", "UID": "89e162f2934a9272" }, "Version": "2023c", "Release": "0ubuntu0.20.04.0", "Arch": "all", "SrcName": "tzdata", "SrcVersion": "2023c", "SrcRelease": "0ubuntu0.20.04.0", "Licenses": [ "ICU" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debconf@1.5.73" ], "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "InstalledFiles": [ "/usr/sbin/tzconfig", "/usr/share/doc/tzdata/README.Debian", "/usr/share/doc/tzdata/changelog.Debian.gz", "/usr/share/doc/tzdata/copyright", "/usr/share/zoneinfo-icu/44/be/metaZones.res", "/usr/share/zoneinfo-icu/44/be/timezoneTypes.res", "/usr/share/zoneinfo-icu/44/be/windowsZones.res", "/usr/share/zoneinfo-icu/44/be/zoneinfo64.res", "/usr/share/zoneinfo-icu/44/le/metaZones.res", "/usr/share/zoneinfo-icu/44/le/timezoneTypes.res", "/usr/share/zoneinfo-icu/44/le/windowsZones.res", "/usr/share/zoneinfo-icu/44/le/zoneinfo64.res", "/usr/share/zoneinfo/Africa/Abidjan", "/usr/share/zoneinfo/Africa/Algiers", "/usr/share/zoneinfo/Africa/Bissau", "/usr/share/zoneinfo/Africa/Cairo", "/usr/share/zoneinfo/Africa/Casablanca", "/usr/share/zoneinfo/Africa/Ceuta", "/usr/share/zoneinfo/Africa/El_Aaiun", "/usr/share/zoneinfo/Africa/Johannesburg", "/usr/share/zoneinfo/Africa/Juba", "/usr/share/zoneinfo/Africa/Khartoum", "/usr/share/zoneinfo/Africa/Lagos", "/usr/share/zoneinfo/Africa/Maputo", "/usr/share/zoneinfo/Africa/Monrovia", "/usr/share/zoneinfo/Africa/Nairobi", "/usr/share/zoneinfo/Africa/Ndjamena", "/usr/share/zoneinfo/Africa/Sao_Tome", "/usr/share/zoneinfo/Africa/Tripoli", "/usr/share/zoneinfo/Africa/Tunis", "/usr/share/zoneinfo/Africa/Windhoek", "/usr/share/zoneinfo/America/Adak", "/usr/share/zoneinfo/America/Anchorage", "/usr/share/zoneinfo/America/Araguaina", "/usr/share/zoneinfo/America/Argentina/Buenos_Aires", "/usr/share/zoneinfo/America/Argentina/Catamarca", "/usr/share/zoneinfo/America/Argentina/Cordoba", "/usr/share/zoneinfo/America/Argentina/Jujuy", "/usr/share/zoneinfo/America/Argentina/La_Rioja", "/usr/share/zoneinfo/America/Argentina/Mendoza", "/usr/share/zoneinfo/America/Argentina/Rio_Gallegos", "/usr/share/zoneinfo/America/Argentina/Salta", "/usr/share/zoneinfo/America/Argentina/San_Juan", "/usr/share/zoneinfo/America/Argentina/San_Luis", "/usr/share/zoneinfo/America/Argentina/Tucuman", "/usr/share/zoneinfo/America/Argentina/Ushuaia", "/usr/share/zoneinfo/America/Asuncion", "/usr/share/zoneinfo/America/Bahia", "/usr/share/zoneinfo/America/Bahia_Banderas", "/usr/share/zoneinfo/America/Barbados", "/usr/share/zoneinfo/America/Belem", "/usr/share/zoneinfo/America/Belize", "/usr/share/zoneinfo/America/Boa_Vista", "/usr/share/zoneinfo/America/Bogota", "/usr/share/zoneinfo/America/Boise", "/usr/share/zoneinfo/America/Cambridge_Bay", "/usr/share/zoneinfo/America/Campo_Grande", "/usr/share/zoneinfo/America/Cancun", "/usr/share/zoneinfo/America/Caracas", "/usr/share/zoneinfo/America/Cayenne", "/usr/share/zoneinfo/America/Chicago", "/usr/share/zoneinfo/America/Chihuahua", "/usr/share/zoneinfo/America/Ciudad_Juarez", "/usr/share/zoneinfo/America/Costa_Rica", "/usr/share/zoneinfo/America/Cuiaba", "/usr/share/zoneinfo/America/Danmarkshavn", "/usr/share/zoneinfo/America/Dawson", "/usr/share/zoneinfo/America/Dawson_Creek", "/usr/share/zoneinfo/America/Denver", "/usr/share/zoneinfo/America/Detroit", "/usr/share/zoneinfo/America/Edmonton", "/usr/share/zoneinfo/America/Eirunepe", "/usr/share/zoneinfo/America/El_Salvador", "/usr/share/zoneinfo/America/Fort_Nelson", "/usr/share/zoneinfo/America/Fortaleza", "/usr/share/zoneinfo/America/Glace_Bay", "/usr/share/zoneinfo/America/Goose_Bay", "/usr/share/zoneinfo/America/Grand_Turk", "/usr/share/zoneinfo/America/Guatemala", "/usr/share/zoneinfo/America/Guayaquil", "/usr/share/zoneinfo/America/Guyana", "/usr/share/zoneinfo/America/Halifax", "/usr/share/zoneinfo/America/Havana", "/usr/share/zoneinfo/America/Hermosillo", "/usr/share/zoneinfo/America/Indiana/Indianapolis", "/usr/share/zoneinfo/America/Indiana/Knox", "/usr/share/zoneinfo/America/Indiana/Marengo", "/usr/share/zoneinfo/America/Indiana/Petersburg", "/usr/share/zoneinfo/America/Indiana/Tell_City", "/usr/share/zoneinfo/America/Indiana/Vevay", "/usr/share/zoneinfo/America/Indiana/Vincennes", "/usr/share/zoneinfo/America/Indiana/Winamac", "/usr/share/zoneinfo/America/Inuvik", "/usr/share/zoneinfo/America/Iqaluit", "/usr/share/zoneinfo/America/Jamaica", "/usr/share/zoneinfo/America/Juneau", "/usr/share/zoneinfo/America/Kentucky/Louisville", "/usr/share/zoneinfo/America/Kentucky/Monticello", "/usr/share/zoneinfo/America/La_Paz", "/usr/share/zoneinfo/America/Lima", "/usr/share/zoneinfo/America/Los_Angeles", "/usr/share/zoneinfo/America/Maceio", "/usr/share/zoneinfo/America/Managua", "/usr/share/zoneinfo/America/Manaus", "/usr/share/zoneinfo/America/Martinique", "/usr/share/zoneinfo/America/Matamoros", "/usr/share/zoneinfo/America/Mazatlan", "/usr/share/zoneinfo/America/Menominee", "/usr/share/zoneinfo/America/Merida", "/usr/share/zoneinfo/America/Metlakatla", "/usr/share/zoneinfo/America/Mexico_City", "/usr/share/zoneinfo/America/Miquelon", "/usr/share/zoneinfo/America/Moncton", "/usr/share/zoneinfo/America/Monterrey", "/usr/share/zoneinfo/America/Montevideo", "/usr/share/zoneinfo/America/New_York", "/usr/share/zoneinfo/America/Nome", "/usr/share/zoneinfo/America/Noronha", "/usr/share/zoneinfo/America/North_Dakota/Beulah", "/usr/share/zoneinfo/America/North_Dakota/Center", "/usr/share/zoneinfo/America/North_Dakota/New_Salem", "/usr/share/zoneinfo/America/Nuuk", "/usr/share/zoneinfo/America/Ojinaga", "/usr/share/zoneinfo/America/Panama", "/usr/share/zoneinfo/America/Paramaribo", "/usr/share/zoneinfo/America/Phoenix", "/usr/share/zoneinfo/America/Port-au-Prince", "/usr/share/zoneinfo/America/Porto_Velho", "/usr/share/zoneinfo/America/Puerto_Rico", "/usr/share/zoneinfo/America/Punta_Arenas", "/usr/share/zoneinfo/America/Rankin_Inlet", "/usr/share/zoneinfo/America/Recife", "/usr/share/zoneinfo/America/Regina", "/usr/share/zoneinfo/America/Resolute", "/usr/share/zoneinfo/America/Rio_Branco", "/usr/share/zoneinfo/America/Santarem", "/usr/share/zoneinfo/America/Santiago", "/usr/share/zoneinfo/America/Santo_Domingo", "/usr/share/zoneinfo/America/Sao_Paulo", "/usr/share/zoneinfo/America/Scoresbysund", "/usr/share/zoneinfo/America/Sitka", "/usr/share/zoneinfo/America/St_Johns", "/usr/share/zoneinfo/America/Swift_Current", "/usr/share/zoneinfo/America/Tegucigalpa", "/usr/share/zoneinfo/America/Thule", "/usr/share/zoneinfo/America/Tijuana", "/usr/share/zoneinfo/America/Toronto", "/usr/share/zoneinfo/America/Vancouver", "/usr/share/zoneinfo/America/Whitehorse", "/usr/share/zoneinfo/America/Winnipeg", "/usr/share/zoneinfo/America/Yakutat", "/usr/share/zoneinfo/Antarctica/Casey", "/usr/share/zoneinfo/Antarctica/Davis", "/usr/share/zoneinfo/Antarctica/Macquarie", "/usr/share/zoneinfo/Antarctica/Mawson", "/usr/share/zoneinfo/Antarctica/Palmer", "/usr/share/zoneinfo/Antarctica/Rothera", "/usr/share/zoneinfo/Antarctica/Troll", "/usr/share/zoneinfo/Asia/Almaty", "/usr/share/zoneinfo/Asia/Amman", "/usr/share/zoneinfo/Asia/Anadyr", "/usr/share/zoneinfo/Asia/Aqtau", "/usr/share/zoneinfo/Asia/Aqtobe", "/usr/share/zoneinfo/Asia/Ashgabat", "/usr/share/zoneinfo/Asia/Atyrau", "/usr/share/zoneinfo/Asia/Baghdad", "/usr/share/zoneinfo/Asia/Baku", "/usr/share/zoneinfo/Asia/Bangkok", "/usr/share/zoneinfo/Asia/Barnaul", "/usr/share/zoneinfo/Asia/Beirut", "/usr/share/zoneinfo/Asia/Bishkek", "/usr/share/zoneinfo/Asia/Chita", "/usr/share/zoneinfo/Asia/Choibalsan", "/usr/share/zoneinfo/Asia/Colombo", "/usr/share/zoneinfo/Asia/Damascus", "/usr/share/zoneinfo/Asia/Dhaka", "/usr/share/zoneinfo/Asia/Dili", "/usr/share/zoneinfo/Asia/Dubai", "/usr/share/zoneinfo/Asia/Dushanbe", "/usr/share/zoneinfo/Asia/Famagusta", "/usr/share/zoneinfo/Asia/Gaza", "/usr/share/zoneinfo/Asia/Hebron", "/usr/share/zoneinfo/Asia/Ho_Chi_Minh", "/usr/share/zoneinfo/Asia/Hong_Kong", "/usr/share/zoneinfo/Asia/Hovd", "/usr/share/zoneinfo/Asia/Irkutsk", "/usr/share/zoneinfo/Asia/Jakarta", "/usr/share/zoneinfo/Asia/Jayapura", "/usr/share/zoneinfo/Asia/Jerusalem", "/usr/share/zoneinfo/Asia/Kabul", "/usr/share/zoneinfo/Asia/Kamchatka", "/usr/share/zoneinfo/Asia/Karachi", "/usr/share/zoneinfo/Asia/Kathmandu", "/usr/share/zoneinfo/Asia/Khandyga", "/usr/share/zoneinfo/Asia/Kolkata", "/usr/share/zoneinfo/Asia/Krasnoyarsk", "/usr/share/zoneinfo/Asia/Kuching", "/usr/share/zoneinfo/Asia/Macau", "/usr/share/zoneinfo/Asia/Magadan", "/usr/share/zoneinfo/Asia/Makassar", "/usr/share/zoneinfo/Asia/Manila", "/usr/share/zoneinfo/Asia/Nicosia", "/usr/share/zoneinfo/Asia/Novokuznetsk", "/usr/share/zoneinfo/Asia/Novosibirsk", "/usr/share/zoneinfo/Asia/Omsk", "/usr/share/zoneinfo/Asia/Oral", "/usr/share/zoneinfo/Asia/Pontianak", "/usr/share/zoneinfo/Asia/Pyongyang", "/usr/share/zoneinfo/Asia/Qatar", "/usr/share/zoneinfo/Asia/Qostanay", "/usr/share/zoneinfo/Asia/Qyzylorda", "/usr/share/zoneinfo/Asia/Riyadh", "/usr/share/zoneinfo/Asia/Sakhalin", "/usr/share/zoneinfo/Asia/Samarkand", "/usr/share/zoneinfo/Asia/Seoul", "/usr/share/zoneinfo/Asia/Shanghai", "/usr/share/zoneinfo/Asia/Singapore", "/usr/share/zoneinfo/Asia/Srednekolymsk", "/usr/share/zoneinfo/Asia/Taipei", "/usr/share/zoneinfo/Asia/Tashkent", "/usr/share/zoneinfo/Asia/Tbilisi", "/usr/share/zoneinfo/Asia/Tehran", "/usr/share/zoneinfo/Asia/Thimphu", "/usr/share/zoneinfo/Asia/Tokyo", "/usr/share/zoneinfo/Asia/Tomsk", "/usr/share/zoneinfo/Asia/Ulaanbaatar", "/usr/share/zoneinfo/Asia/Urumqi", "/usr/share/zoneinfo/Asia/Ust-Nera", "/usr/share/zoneinfo/Asia/Vladivostok", "/usr/share/zoneinfo/Asia/Yakutsk", "/usr/share/zoneinfo/Asia/Yangon", "/usr/share/zoneinfo/Asia/Yekaterinburg", "/usr/share/zoneinfo/Asia/Yerevan", "/usr/share/zoneinfo/Atlantic/Azores", "/usr/share/zoneinfo/Atlantic/Bermuda", "/usr/share/zoneinfo/Atlantic/Canary", "/usr/share/zoneinfo/Atlantic/Cape_Verde", "/usr/share/zoneinfo/Atlantic/Faroe", "/usr/share/zoneinfo/Atlantic/Madeira", "/usr/share/zoneinfo/Atlantic/South_Georgia", "/usr/share/zoneinfo/Atlantic/Stanley", "/usr/share/zoneinfo/Australia/Adelaide", "/usr/share/zoneinfo/Australia/Brisbane", "/usr/share/zoneinfo/Australia/Broken_Hill", "/usr/share/zoneinfo/Australia/Darwin", "/usr/share/zoneinfo/Australia/Eucla", "/usr/share/zoneinfo/Australia/Hobart", "/usr/share/zoneinfo/Australia/Lindeman", "/usr/share/zoneinfo/Australia/Lord_Howe", "/usr/share/zoneinfo/Australia/Melbourne", "/usr/share/zoneinfo/Australia/Perth", "/usr/share/zoneinfo/Australia/Sydney", "/usr/share/zoneinfo/CET", "/usr/share/zoneinfo/CST6CDT", "/usr/share/zoneinfo/EET", "/usr/share/zoneinfo/EST", "/usr/share/zoneinfo/EST5EDT", "/usr/share/zoneinfo/Etc/GMT", "/usr/share/zoneinfo/Etc/GMT+1", "/usr/share/zoneinfo/Etc/GMT+10", "/usr/share/zoneinfo/Etc/GMT+11", "/usr/share/zoneinfo/Etc/GMT+12", "/usr/share/zoneinfo/Etc/GMT+2", "/usr/share/zoneinfo/Etc/GMT+3", "/usr/share/zoneinfo/Etc/GMT+4", "/usr/share/zoneinfo/Etc/GMT+5", "/usr/share/zoneinfo/Etc/GMT+6", "/usr/share/zoneinfo/Etc/GMT+7", "/usr/share/zoneinfo/Etc/GMT+8", "/usr/share/zoneinfo/Etc/GMT+9", "/usr/share/zoneinfo/Etc/GMT-1", "/usr/share/zoneinfo/Etc/GMT-10", "/usr/share/zoneinfo/Etc/GMT-11", "/usr/share/zoneinfo/Etc/GMT-12", "/usr/share/zoneinfo/Etc/GMT-13", "/usr/share/zoneinfo/Etc/GMT-14", "/usr/share/zoneinfo/Etc/GMT-2", "/usr/share/zoneinfo/Etc/GMT-3", "/usr/share/zoneinfo/Etc/GMT-4", "/usr/share/zoneinfo/Etc/GMT-5", "/usr/share/zoneinfo/Etc/GMT-6", "/usr/share/zoneinfo/Etc/GMT-7", "/usr/share/zoneinfo/Etc/GMT-8", "/usr/share/zoneinfo/Etc/GMT-9", "/usr/share/zoneinfo/Etc/UTC", "/usr/share/zoneinfo/Europe/Andorra", "/usr/share/zoneinfo/Europe/Astrakhan", "/usr/share/zoneinfo/Europe/Athens", "/usr/share/zoneinfo/Europe/Belgrade", "/usr/share/zoneinfo/Europe/Berlin", "/usr/share/zoneinfo/Europe/Brussels", "/usr/share/zoneinfo/Europe/Bucharest", "/usr/share/zoneinfo/Europe/Budapest", "/usr/share/zoneinfo/Europe/Chisinau", "/usr/share/zoneinfo/Europe/Dublin", "/usr/share/zoneinfo/Europe/Gibraltar", "/usr/share/zoneinfo/Europe/Helsinki", "/usr/share/zoneinfo/Europe/Istanbul", "/usr/share/zoneinfo/Europe/Kaliningrad", "/usr/share/zoneinfo/Europe/Kirov", "/usr/share/zoneinfo/Europe/Kyiv", "/usr/share/zoneinfo/Europe/Lisbon", "/usr/share/zoneinfo/Europe/London", "/usr/share/zoneinfo/Europe/Madrid", "/usr/share/zoneinfo/Europe/Malta", "/usr/share/zoneinfo/Europe/Minsk", "/usr/share/zoneinfo/Europe/Moscow", "/usr/share/zoneinfo/Europe/Paris", "/usr/share/zoneinfo/Europe/Prague", "/usr/share/zoneinfo/Europe/Riga", "/usr/share/zoneinfo/Europe/Rome", "/usr/share/zoneinfo/Europe/Samara", "/usr/share/zoneinfo/Europe/Saratov", "/usr/share/zoneinfo/Europe/Simferopol", "/usr/share/zoneinfo/Europe/Sofia", "/usr/share/zoneinfo/Europe/Tallinn", "/usr/share/zoneinfo/Europe/Tirane", "/usr/share/zoneinfo/Europe/Ulyanovsk", "/usr/share/zoneinfo/Europe/Vienna", "/usr/share/zoneinfo/Europe/Vilnius", "/usr/share/zoneinfo/Europe/Volgograd", "/usr/share/zoneinfo/Europe/Warsaw", "/usr/share/zoneinfo/Europe/Zurich", "/usr/share/zoneinfo/Factory", "/usr/share/zoneinfo/HST", "/usr/share/zoneinfo/Indian/Chagos", "/usr/share/zoneinfo/Indian/Maldives", "/usr/share/zoneinfo/Indian/Mauritius", "/usr/share/zoneinfo/MET", "/usr/share/zoneinfo/MST", "/usr/share/zoneinfo/MST7MDT", "/usr/share/zoneinfo/PST8PDT", "/usr/share/zoneinfo/Pacific/Apia", "/usr/share/zoneinfo/Pacific/Auckland", "/usr/share/zoneinfo/Pacific/Bougainville", "/usr/share/zoneinfo/Pacific/Chatham", "/usr/share/zoneinfo/Pacific/Easter", "/usr/share/zoneinfo/Pacific/Efate", "/usr/share/zoneinfo/Pacific/Fakaofo", "/usr/share/zoneinfo/Pacific/Fiji", "/usr/share/zoneinfo/Pacific/Galapagos", "/usr/share/zoneinfo/Pacific/Gambier", "/usr/share/zoneinfo/Pacific/Guadalcanal", "/usr/share/zoneinfo/Pacific/Guam", "/usr/share/zoneinfo/Pacific/Honolulu", "/usr/share/zoneinfo/Pacific/Kanton", "/usr/share/zoneinfo/Pacific/Kiritimati", "/usr/share/zoneinfo/Pacific/Kosrae", "/usr/share/zoneinfo/Pacific/Kwajalein", "/usr/share/zoneinfo/Pacific/Marquesas", "/usr/share/zoneinfo/Pacific/Nauru", "/usr/share/zoneinfo/Pacific/Niue", "/usr/share/zoneinfo/Pacific/Norfolk", "/usr/share/zoneinfo/Pacific/Noumea", "/usr/share/zoneinfo/Pacific/Pago_Pago", "/usr/share/zoneinfo/Pacific/Palau", "/usr/share/zoneinfo/Pacific/Pitcairn", "/usr/share/zoneinfo/Pacific/Port_Moresby", "/usr/share/zoneinfo/Pacific/Rarotonga", "/usr/share/zoneinfo/Pacific/Tahiti", "/usr/share/zoneinfo/Pacific/Tarawa", "/usr/share/zoneinfo/Pacific/Tongatapu", "/usr/share/zoneinfo/WET", "/usr/share/zoneinfo/iso3166.tab", "/usr/share/zoneinfo/leap-seconds.list", "/usr/share/zoneinfo/leapseconds", "/usr/share/zoneinfo/posix/Africa/Abidjan", "/usr/share/zoneinfo/posix/Africa/Algiers", "/usr/share/zoneinfo/posix/Africa/Bissau", "/usr/share/zoneinfo/posix/Africa/Cairo", "/usr/share/zoneinfo/posix/Africa/Casablanca", "/usr/share/zoneinfo/posix/Africa/Ceuta", "/usr/share/zoneinfo/posix/Africa/El_Aaiun", "/usr/share/zoneinfo/posix/Africa/Johannesburg", "/usr/share/zoneinfo/posix/Africa/Juba", "/usr/share/zoneinfo/posix/Africa/Khartoum", "/usr/share/zoneinfo/posix/Africa/Lagos", "/usr/share/zoneinfo/posix/Africa/Maputo", "/usr/share/zoneinfo/posix/Africa/Monrovia", "/usr/share/zoneinfo/posix/Africa/Nairobi", "/usr/share/zoneinfo/posix/Africa/Ndjamena", "/usr/share/zoneinfo/posix/Africa/Sao_Tome", "/usr/share/zoneinfo/posix/Africa/Tripoli", "/usr/share/zoneinfo/posix/Africa/Tunis", "/usr/share/zoneinfo/posix/Africa/Windhoek", "/usr/share/zoneinfo/posix/America/Adak", "/usr/share/zoneinfo/posix/America/Anchorage", "/usr/share/zoneinfo/posix/America/Araguaina", "/usr/share/zoneinfo/posix/America/Argentina/Buenos_Aires", "/usr/share/zoneinfo/posix/America/Argentina/Catamarca", "/usr/share/zoneinfo/posix/America/Argentina/Cordoba", "/usr/share/zoneinfo/posix/America/Argentina/Jujuy", "/usr/share/zoneinfo/posix/America/Argentina/La_Rioja", "/usr/share/zoneinfo/posix/America/Argentina/Mendoza", "/usr/share/zoneinfo/posix/America/Argentina/Rio_Gallegos", "/usr/share/zoneinfo/posix/America/Argentina/Salta", "/usr/share/zoneinfo/posix/America/Argentina/San_Juan", "/usr/share/zoneinfo/posix/America/Argentina/San_Luis", "/usr/share/zoneinfo/posix/America/Argentina/Tucuman", "/usr/share/zoneinfo/posix/America/Argentina/Ushuaia", "/usr/share/zoneinfo/posix/America/Asuncion", "/usr/share/zoneinfo/posix/America/Bahia", "/usr/share/zoneinfo/posix/America/Bahia_Banderas", "/usr/share/zoneinfo/posix/America/Barbados", "/usr/share/zoneinfo/posix/America/Belem", "/usr/share/zoneinfo/posix/America/Belize", "/usr/share/zoneinfo/posix/America/Boa_Vista", "/usr/share/zoneinfo/posix/America/Bogota", "/usr/share/zoneinfo/posix/America/Boise", "/usr/share/zoneinfo/posix/America/Cambridge_Bay", "/usr/share/zoneinfo/posix/America/Campo_Grande", "/usr/share/zoneinfo/posix/America/Cancun", "/usr/share/zoneinfo/posix/America/Caracas", "/usr/share/zoneinfo/posix/America/Cayenne", "/usr/share/zoneinfo/posix/America/Chicago", "/usr/share/zoneinfo/posix/America/Chihuahua", "/usr/share/zoneinfo/posix/America/Ciudad_Juarez", "/usr/share/zoneinfo/posix/America/Costa_Rica", "/usr/share/zoneinfo/posix/America/Cuiaba", "/usr/share/zoneinfo/posix/America/Danmarkshavn", "/usr/share/zoneinfo/posix/America/Dawson", "/usr/share/zoneinfo/posix/America/Dawson_Creek", "/usr/share/zoneinfo/posix/America/Denver", "/usr/share/zoneinfo/posix/America/Detroit", "/usr/share/zoneinfo/posix/America/Edmonton", "/usr/share/zoneinfo/posix/America/Eirunepe", "/usr/share/zoneinfo/posix/America/El_Salvador", "/usr/share/zoneinfo/posix/America/Fort_Nelson", "/usr/share/zoneinfo/posix/America/Fortaleza", "/usr/share/zoneinfo/posix/America/Glace_Bay", "/usr/share/zoneinfo/posix/America/Goose_Bay", "/usr/share/zoneinfo/posix/America/Grand_Turk", "/usr/share/zoneinfo/posix/America/Guatemala", "/usr/share/zoneinfo/posix/America/Guayaquil", "/usr/share/zoneinfo/posix/America/Guyana", "/usr/share/zoneinfo/posix/America/Halifax", "/usr/share/zoneinfo/posix/America/Havana", "/usr/share/zoneinfo/posix/America/Hermosillo", "/usr/share/zoneinfo/posix/America/Indiana/Indianapolis", "/usr/share/zoneinfo/posix/America/Indiana/Knox", "/usr/share/zoneinfo/posix/America/Indiana/Marengo", "/usr/share/zoneinfo/posix/America/Indiana/Petersburg", "/usr/share/zoneinfo/posix/America/Indiana/Tell_City", "/usr/share/zoneinfo/posix/America/Indiana/Vevay", "/usr/share/zoneinfo/posix/America/Indiana/Vincennes", "/usr/share/zoneinfo/posix/America/Indiana/Winamac", "/usr/share/zoneinfo/posix/America/Inuvik", "/usr/share/zoneinfo/posix/America/Iqaluit", "/usr/share/zoneinfo/posix/America/Jamaica", "/usr/share/zoneinfo/posix/America/Juneau", "/usr/share/zoneinfo/posix/America/Kentucky/Louisville", "/usr/share/zoneinfo/posix/America/Kentucky/Monticello", "/usr/share/zoneinfo/posix/America/La_Paz", "/usr/share/zoneinfo/posix/America/Lima", "/usr/share/zoneinfo/posix/America/Los_Angeles", "/usr/share/zoneinfo/posix/America/Maceio", "/usr/share/zoneinfo/posix/America/Managua", "/usr/share/zoneinfo/posix/America/Manaus", "/usr/share/zoneinfo/posix/America/Martinique", "/usr/share/zoneinfo/posix/America/Matamoros", "/usr/share/zoneinfo/posix/America/Mazatlan", "/usr/share/zoneinfo/posix/America/Menominee", "/usr/share/zoneinfo/posix/America/Merida", "/usr/share/zoneinfo/posix/America/Metlakatla", "/usr/share/zoneinfo/posix/America/Mexico_City", "/usr/share/zoneinfo/posix/America/Miquelon", "/usr/share/zoneinfo/posix/America/Moncton", "/usr/share/zoneinfo/posix/America/Monterrey", "/usr/share/zoneinfo/posix/America/Montevideo", "/usr/share/zoneinfo/posix/America/New_York", "/usr/share/zoneinfo/posix/America/Nome", "/usr/share/zoneinfo/posix/America/Noronha", "/usr/share/zoneinfo/posix/America/North_Dakota/Beulah", "/usr/share/zoneinfo/posix/America/North_Dakota/Center", "/usr/share/zoneinfo/posix/America/North_Dakota/New_Salem", "/usr/share/zoneinfo/posix/America/Nuuk", "/usr/share/zoneinfo/posix/America/Ojinaga", "/usr/share/zoneinfo/posix/America/Panama", "/usr/share/zoneinfo/posix/America/Paramaribo", "/usr/share/zoneinfo/posix/America/Phoenix", "/usr/share/zoneinfo/posix/America/Port-au-Prince", "/usr/share/zoneinfo/posix/America/Porto_Velho", "/usr/share/zoneinfo/posix/America/Puerto_Rico", "/usr/share/zoneinfo/posix/America/Punta_Arenas", "/usr/share/zoneinfo/posix/America/Rankin_Inlet", "/usr/share/zoneinfo/posix/America/Recife", "/usr/share/zoneinfo/posix/America/Regina", "/usr/share/zoneinfo/posix/America/Resolute", "/usr/share/zoneinfo/posix/America/Rio_Branco", "/usr/share/zoneinfo/posix/America/Santarem", "/usr/share/zoneinfo/posix/America/Santiago", "/usr/share/zoneinfo/posix/America/Santo_Domingo", "/usr/share/zoneinfo/posix/America/Sao_Paulo", "/usr/share/zoneinfo/posix/America/Scoresbysund", "/usr/share/zoneinfo/posix/America/Sitka", "/usr/share/zoneinfo/posix/America/St_Johns", "/usr/share/zoneinfo/posix/America/Swift_Current", "/usr/share/zoneinfo/posix/America/Tegucigalpa", "/usr/share/zoneinfo/posix/America/Thule", "/usr/share/zoneinfo/posix/America/Tijuana", "/usr/share/zoneinfo/posix/America/Toronto", "/usr/share/zoneinfo/posix/America/Vancouver", "/usr/share/zoneinfo/posix/America/Whitehorse", "/usr/share/zoneinfo/posix/America/Winnipeg", "/usr/share/zoneinfo/posix/America/Yakutat", "/usr/share/zoneinfo/posix/Antarctica/Casey", "/usr/share/zoneinfo/posix/Antarctica/Davis", "/usr/share/zoneinfo/posix/Antarctica/Macquarie", "/usr/share/zoneinfo/posix/Antarctica/Mawson", "/usr/share/zoneinfo/posix/Antarctica/Palmer", "/usr/share/zoneinfo/posix/Antarctica/Rothera", "/usr/share/zoneinfo/posix/Antarctica/Troll", "/usr/share/zoneinfo/posix/Asia/Almaty", "/usr/share/zoneinfo/posix/Asia/Amman", "/usr/share/zoneinfo/posix/Asia/Anadyr", "/usr/share/zoneinfo/posix/Asia/Aqtau", "/usr/share/zoneinfo/posix/Asia/Aqtobe", "/usr/share/zoneinfo/posix/Asia/Ashgabat", "/usr/share/zoneinfo/posix/Asia/Atyrau", "/usr/share/zoneinfo/posix/Asia/Baghdad", "/usr/share/zoneinfo/posix/Asia/Baku", "/usr/share/zoneinfo/posix/Asia/Bangkok", "/usr/share/zoneinfo/posix/Asia/Barnaul", "/usr/share/zoneinfo/posix/Asia/Beirut", "/usr/share/zoneinfo/posix/Asia/Bishkek", "/usr/share/zoneinfo/posix/Asia/Chita", "/usr/share/zoneinfo/posix/Asia/Choibalsan", "/usr/share/zoneinfo/posix/Asia/Colombo", "/usr/share/zoneinfo/posix/Asia/Damascus", "/usr/share/zoneinfo/posix/Asia/Dhaka", "/usr/share/zoneinfo/posix/Asia/Dili", "/usr/share/zoneinfo/posix/Asia/Dubai", "/usr/share/zoneinfo/posix/Asia/Dushanbe", "/usr/share/zoneinfo/posix/Asia/Famagusta", "/usr/share/zoneinfo/posix/Asia/Gaza", "/usr/share/zoneinfo/posix/Asia/Hebron", "/usr/share/zoneinfo/posix/Asia/Ho_Chi_Minh", "/usr/share/zoneinfo/posix/Asia/Hong_Kong", "/usr/share/zoneinfo/posix/Asia/Hovd", "/usr/share/zoneinfo/posix/Asia/Irkutsk", "/usr/share/zoneinfo/posix/Asia/Jakarta", "/usr/share/zoneinfo/posix/Asia/Jayapura", "/usr/share/zoneinfo/posix/Asia/Jerusalem", "/usr/share/zoneinfo/posix/Asia/Kabul", "/usr/share/zoneinfo/posix/Asia/Kamchatka", "/usr/share/zoneinfo/posix/Asia/Karachi", "/usr/share/zoneinfo/posix/Asia/Kathmandu", "/usr/share/zoneinfo/posix/Asia/Khandyga", "/usr/share/zoneinfo/posix/Asia/Kolkata", "/usr/share/zoneinfo/posix/Asia/Krasnoyarsk", "/usr/share/zoneinfo/posix/Asia/Kuching", "/usr/share/zoneinfo/posix/Asia/Macau", "/usr/share/zoneinfo/posix/Asia/Magadan", "/usr/share/zoneinfo/posix/Asia/Makassar", "/usr/share/zoneinfo/posix/Asia/Manila", "/usr/share/zoneinfo/posix/Asia/Nicosia", "/usr/share/zoneinfo/posix/Asia/Novokuznetsk", "/usr/share/zoneinfo/posix/Asia/Novosibirsk", "/usr/share/zoneinfo/posix/Asia/Omsk", "/usr/share/zoneinfo/posix/Asia/Oral", "/usr/share/zoneinfo/posix/Asia/Pontianak", "/usr/share/zoneinfo/posix/Asia/Pyongyang", "/usr/share/zoneinfo/posix/Asia/Qatar", "/usr/share/zoneinfo/posix/Asia/Qostanay", "/usr/share/zoneinfo/posix/Asia/Qyzylorda", "/usr/share/zoneinfo/posix/Asia/Riyadh", "/usr/share/zoneinfo/posix/Asia/Sakhalin", "/usr/share/zoneinfo/posix/Asia/Samarkand", "/usr/share/zoneinfo/posix/Asia/Seoul", "/usr/share/zoneinfo/posix/Asia/Shanghai", "/usr/share/zoneinfo/posix/Asia/Singapore", "/usr/share/zoneinfo/posix/Asia/Srednekolymsk", "/usr/share/zoneinfo/posix/Asia/Taipei", "/usr/share/zoneinfo/posix/Asia/Tashkent", "/usr/share/zoneinfo/posix/Asia/Tbilisi", "/usr/share/zoneinfo/posix/Asia/Tehran", "/usr/share/zoneinfo/posix/Asia/Thimphu", "/usr/share/zoneinfo/posix/Asia/Tokyo", "/usr/share/zoneinfo/posix/Asia/Tomsk", "/usr/share/zoneinfo/posix/Asia/Ulaanbaatar", "/usr/share/zoneinfo/posix/Asia/Urumqi", "/usr/share/zoneinfo/posix/Asia/Ust-Nera", "/usr/share/zoneinfo/posix/Asia/Vladivostok", "/usr/share/zoneinfo/posix/Asia/Yakutsk", "/usr/share/zoneinfo/posix/Asia/Yangon", "/usr/share/zoneinfo/posix/Asia/Yekaterinburg", "/usr/share/zoneinfo/posix/Asia/Yerevan", "/usr/share/zoneinfo/posix/Atlantic/Azores", "/usr/share/zoneinfo/posix/Atlantic/Bermuda", "/usr/share/zoneinfo/posix/Atlantic/Canary", "/usr/share/zoneinfo/posix/Atlantic/Cape_Verde", "/usr/share/zoneinfo/posix/Atlantic/Faroe", "/usr/share/zoneinfo/posix/Atlantic/Madeira", "/usr/share/zoneinfo/posix/Atlantic/South_Georgia", "/usr/share/zoneinfo/posix/Atlantic/Stanley", "/usr/share/zoneinfo/posix/Australia/Adelaide", "/usr/share/zoneinfo/posix/Australia/Brisbane", "/usr/share/zoneinfo/posix/Australia/Broken_Hill", "/usr/share/zoneinfo/posix/Australia/Darwin", "/usr/share/zoneinfo/posix/Australia/Eucla", "/usr/share/zoneinfo/posix/Australia/Hobart", "/usr/share/zoneinfo/posix/Australia/Lindeman", "/usr/share/zoneinfo/posix/Australia/Lord_Howe", "/usr/share/zoneinfo/posix/Australia/Melbourne", "/usr/share/zoneinfo/posix/Australia/Perth", "/usr/share/zoneinfo/posix/Australia/Sydney", "/usr/share/zoneinfo/posix/CET", "/usr/share/zoneinfo/posix/CST6CDT", "/usr/share/zoneinfo/posix/EET", "/usr/share/zoneinfo/posix/EST", "/usr/share/zoneinfo/posix/EST5EDT", "/usr/share/zoneinfo/posix/Etc/GMT", "/usr/share/zoneinfo/posix/Etc/GMT+1", "/usr/share/zoneinfo/posix/Etc/GMT+10", "/usr/share/zoneinfo/posix/Etc/GMT+11", "/usr/share/zoneinfo/posix/Etc/GMT+12", "/usr/share/zoneinfo/posix/Etc/GMT+2", "/usr/share/zoneinfo/posix/Etc/GMT+3", "/usr/share/zoneinfo/posix/Etc/GMT+4", "/usr/share/zoneinfo/posix/Etc/GMT+5", "/usr/share/zoneinfo/posix/Etc/GMT+6", "/usr/share/zoneinfo/posix/Etc/GMT+7", "/usr/share/zoneinfo/posix/Etc/GMT+8", "/usr/share/zoneinfo/posix/Etc/GMT+9", "/usr/share/zoneinfo/posix/Etc/GMT-1", "/usr/share/zoneinfo/posix/Etc/GMT-10", "/usr/share/zoneinfo/posix/Etc/GMT-11", "/usr/share/zoneinfo/posix/Etc/GMT-12", "/usr/share/zoneinfo/posix/Etc/GMT-13", "/usr/share/zoneinfo/posix/Etc/GMT-14", "/usr/share/zoneinfo/posix/Etc/GMT-2", "/usr/share/zoneinfo/posix/Etc/GMT-3", "/usr/share/zoneinfo/posix/Etc/GMT-4", "/usr/share/zoneinfo/posix/Etc/GMT-5", "/usr/share/zoneinfo/posix/Etc/GMT-6", "/usr/share/zoneinfo/posix/Etc/GMT-7", "/usr/share/zoneinfo/posix/Etc/GMT-8", "/usr/share/zoneinfo/posix/Etc/GMT-9", "/usr/share/zoneinfo/posix/Etc/UTC", "/usr/share/zoneinfo/posix/Europe/Andorra", "/usr/share/zoneinfo/posix/Europe/Astrakhan", "/usr/share/zoneinfo/posix/Europe/Athens", "/usr/share/zoneinfo/posix/Europe/Belgrade", "/usr/share/zoneinfo/posix/Europe/Berlin", "/usr/share/zoneinfo/posix/Europe/Brussels", "/usr/share/zoneinfo/posix/Europe/Bucharest", "/usr/share/zoneinfo/posix/Europe/Budapest", "/usr/share/zoneinfo/posix/Europe/Chisinau", "/usr/share/zoneinfo/posix/Europe/Dublin", "/usr/share/zoneinfo/posix/Europe/Gibraltar", "/usr/share/zoneinfo/posix/Europe/Helsinki", "/usr/share/zoneinfo/posix/Europe/Istanbul", "/usr/share/zoneinfo/posix/Europe/Kaliningrad", "/usr/share/zoneinfo/posix/Europe/Kirov", "/usr/share/zoneinfo/posix/Europe/Kyiv", "/usr/share/zoneinfo/posix/Europe/Lisbon", "/usr/share/zoneinfo/posix/Europe/London", "/usr/share/zoneinfo/posix/Europe/Madrid", "/usr/share/zoneinfo/posix/Europe/Malta", "/usr/share/zoneinfo/posix/Europe/Minsk", "/usr/share/zoneinfo/posix/Europe/Moscow", "/usr/share/zoneinfo/posix/Europe/Paris", "/usr/share/zoneinfo/posix/Europe/Prague", "/usr/share/zoneinfo/posix/Europe/Riga", "/usr/share/zoneinfo/posix/Europe/Rome", "/usr/share/zoneinfo/posix/Europe/Samara", "/usr/share/zoneinfo/posix/Europe/Saratov", "/usr/share/zoneinfo/posix/Europe/Simferopol", "/usr/share/zoneinfo/posix/Europe/Sofia", "/usr/share/zoneinfo/posix/Europe/Tallinn", "/usr/share/zoneinfo/posix/Europe/Tirane", "/usr/share/zoneinfo/posix/Europe/Ulyanovsk", "/usr/share/zoneinfo/posix/Europe/Vienna", "/usr/share/zoneinfo/posix/Europe/Vilnius", "/usr/share/zoneinfo/posix/Europe/Volgograd", "/usr/share/zoneinfo/posix/Europe/Warsaw", "/usr/share/zoneinfo/posix/Europe/Zurich", "/usr/share/zoneinfo/posix/Factory", "/usr/share/zoneinfo/posix/HST", "/usr/share/zoneinfo/posix/Indian/Chagos", "/usr/share/zoneinfo/posix/Indian/Maldives", "/usr/share/zoneinfo/posix/Indian/Mauritius", "/usr/share/zoneinfo/posix/MET", "/usr/share/zoneinfo/posix/MST", "/usr/share/zoneinfo/posix/MST7MDT", "/usr/share/zoneinfo/posix/PST8PDT", "/usr/share/zoneinfo/posix/Pacific/Apia", "/usr/share/zoneinfo/posix/Pacific/Auckland", "/usr/share/zoneinfo/posix/Pacific/Bougainville", "/usr/share/zoneinfo/posix/Pacific/Chatham", "/usr/share/zoneinfo/posix/Pacific/Easter", "/usr/share/zoneinfo/posix/Pacific/Efate", "/usr/share/zoneinfo/posix/Pacific/Fakaofo", "/usr/share/zoneinfo/posix/Pacific/Fiji", "/usr/share/zoneinfo/posix/Pacific/Galapagos", "/usr/share/zoneinfo/posix/Pacific/Gambier", "/usr/share/zoneinfo/posix/Pacific/Guadalcanal", "/usr/share/zoneinfo/posix/Pacific/Guam", "/usr/share/zoneinfo/posix/Pacific/Honolulu", "/usr/share/zoneinfo/posix/Pacific/Kanton", "/usr/share/zoneinfo/posix/Pacific/Kiritimati", "/usr/share/zoneinfo/posix/Pacific/Kosrae", "/usr/share/zoneinfo/posix/Pacific/Kwajalein", "/usr/share/zoneinfo/posix/Pacific/Marquesas", "/usr/share/zoneinfo/posix/Pacific/Nauru", "/usr/share/zoneinfo/posix/Pacific/Niue", "/usr/share/zoneinfo/posix/Pacific/Norfolk", "/usr/share/zoneinfo/posix/Pacific/Noumea", "/usr/share/zoneinfo/posix/Pacific/Pago_Pago", "/usr/share/zoneinfo/posix/Pacific/Palau", "/usr/share/zoneinfo/posix/Pacific/Pitcairn", "/usr/share/zoneinfo/posix/Pacific/Port_Moresby", "/usr/share/zoneinfo/posix/Pacific/Rarotonga", "/usr/share/zoneinfo/posix/Pacific/Tahiti", "/usr/share/zoneinfo/posix/Pacific/Tarawa", "/usr/share/zoneinfo/posix/Pacific/Tongatapu", "/usr/share/zoneinfo/posix/WET", "/usr/share/zoneinfo/right/Africa/Abidjan", "/usr/share/zoneinfo/right/Africa/Algiers", "/usr/share/zoneinfo/right/Africa/Bissau", "/usr/share/zoneinfo/right/Africa/Cairo", "/usr/share/zoneinfo/right/Africa/Casablanca", "/usr/share/zoneinfo/right/Africa/Ceuta", "/usr/share/zoneinfo/right/Africa/El_Aaiun", "/usr/share/zoneinfo/right/Africa/Johannesburg", "/usr/share/zoneinfo/right/Africa/Juba", "/usr/share/zoneinfo/right/Africa/Khartoum", "/usr/share/zoneinfo/right/Africa/Lagos", "/usr/share/zoneinfo/right/Africa/Maputo", "/usr/share/zoneinfo/right/Africa/Monrovia", "/usr/share/zoneinfo/right/Africa/Nairobi", "/usr/share/zoneinfo/right/Africa/Ndjamena", "/usr/share/zoneinfo/right/Africa/Sao_Tome", "/usr/share/zoneinfo/right/Africa/Tripoli", "/usr/share/zoneinfo/right/Africa/Tunis", "/usr/share/zoneinfo/right/Africa/Windhoek", "/usr/share/zoneinfo/right/America/Adak", "/usr/share/zoneinfo/right/America/Anchorage", "/usr/share/zoneinfo/right/America/Araguaina", "/usr/share/zoneinfo/right/America/Argentina/Buenos_Aires", "/usr/share/zoneinfo/right/America/Argentina/Catamarca", "/usr/share/zoneinfo/right/America/Argentina/Cordoba", "/usr/share/zoneinfo/right/America/Argentina/Jujuy", "/usr/share/zoneinfo/right/America/Argentina/La_Rioja", "/usr/share/zoneinfo/right/America/Argentina/Mendoza", "/usr/share/zoneinfo/right/America/Argentina/Rio_Gallegos", "/usr/share/zoneinfo/right/America/Argentina/Salta", "/usr/share/zoneinfo/right/America/Argentina/San_Juan", "/usr/share/zoneinfo/right/America/Argentina/San_Luis", "/usr/share/zoneinfo/right/America/Argentina/Tucuman", "/usr/share/zoneinfo/right/America/Argentina/Ushuaia", "/usr/share/zoneinfo/right/America/Asuncion", "/usr/share/zoneinfo/right/America/Bahia", "/usr/share/zoneinfo/right/America/Bahia_Banderas", "/usr/share/zoneinfo/right/America/Barbados", "/usr/share/zoneinfo/right/America/Belem", "/usr/share/zoneinfo/right/America/Belize", "/usr/share/zoneinfo/right/America/Boa_Vista", "/usr/share/zoneinfo/right/America/Bogota", "/usr/share/zoneinfo/right/America/Boise", "/usr/share/zoneinfo/right/America/Cambridge_Bay", "/usr/share/zoneinfo/right/America/Campo_Grande", "/usr/share/zoneinfo/right/America/Cancun", "/usr/share/zoneinfo/right/America/Caracas", "/usr/share/zoneinfo/right/America/Cayenne", "/usr/share/zoneinfo/right/America/Chicago", "/usr/share/zoneinfo/right/America/Chihuahua", "/usr/share/zoneinfo/right/America/Ciudad_Juarez", "/usr/share/zoneinfo/right/America/Costa_Rica", "/usr/share/zoneinfo/right/America/Cuiaba", "/usr/share/zoneinfo/right/America/Danmarkshavn", "/usr/share/zoneinfo/right/America/Dawson", "/usr/share/zoneinfo/right/America/Dawson_Creek", "/usr/share/zoneinfo/right/America/Denver", "/usr/share/zoneinfo/right/America/Detroit", "/usr/share/zoneinfo/right/America/Edmonton", "/usr/share/zoneinfo/right/America/Eirunepe", "/usr/share/zoneinfo/right/America/El_Salvador", "/usr/share/zoneinfo/right/America/Fort_Nelson", "/usr/share/zoneinfo/right/America/Fortaleza", "/usr/share/zoneinfo/right/America/Glace_Bay", "/usr/share/zoneinfo/right/America/Goose_Bay", "/usr/share/zoneinfo/right/America/Grand_Turk", "/usr/share/zoneinfo/right/America/Guatemala", "/usr/share/zoneinfo/right/America/Guayaquil", "/usr/share/zoneinfo/right/America/Guyana", "/usr/share/zoneinfo/right/America/Halifax", "/usr/share/zoneinfo/right/America/Havana", "/usr/share/zoneinfo/right/America/Hermosillo", "/usr/share/zoneinfo/right/America/Indiana/Indianapolis", "/usr/share/zoneinfo/right/America/Indiana/Knox", "/usr/share/zoneinfo/right/America/Indiana/Marengo", "/usr/share/zoneinfo/right/America/Indiana/Petersburg", "/usr/share/zoneinfo/right/America/Indiana/Tell_City", "/usr/share/zoneinfo/right/America/Indiana/Vevay", "/usr/share/zoneinfo/right/America/Indiana/Vincennes", "/usr/share/zoneinfo/right/America/Indiana/Winamac", "/usr/share/zoneinfo/right/America/Inuvik", "/usr/share/zoneinfo/right/America/Iqaluit", "/usr/share/zoneinfo/right/America/Jamaica", "/usr/share/zoneinfo/right/America/Juneau", "/usr/share/zoneinfo/right/America/Kentucky/Louisville", "/usr/share/zoneinfo/right/America/Kentucky/Monticello", "/usr/share/zoneinfo/right/America/La_Paz", "/usr/share/zoneinfo/right/America/Lima", "/usr/share/zoneinfo/right/America/Los_Angeles", "/usr/share/zoneinfo/right/America/Maceio", "/usr/share/zoneinfo/right/America/Managua", "/usr/share/zoneinfo/right/America/Manaus", "/usr/share/zoneinfo/right/America/Martinique", "/usr/share/zoneinfo/right/America/Matamoros", "/usr/share/zoneinfo/right/America/Mazatlan", "/usr/share/zoneinfo/right/America/Menominee", "/usr/share/zoneinfo/right/America/Merida", "/usr/share/zoneinfo/right/America/Metlakatla", "/usr/share/zoneinfo/right/America/Mexico_City", "/usr/share/zoneinfo/right/America/Miquelon", "/usr/share/zoneinfo/right/America/Moncton", "/usr/share/zoneinfo/right/America/Monterrey", "/usr/share/zoneinfo/right/America/Montevideo", "/usr/share/zoneinfo/right/America/New_York", "/usr/share/zoneinfo/right/America/Nome", "/usr/share/zoneinfo/right/America/Noronha", "/usr/share/zoneinfo/right/America/North_Dakota/Beulah", "/usr/share/zoneinfo/right/America/North_Dakota/Center", "/usr/share/zoneinfo/right/America/North_Dakota/New_Salem", "/usr/share/zoneinfo/right/America/Nuuk", "/usr/share/zoneinfo/right/America/Ojinaga", "/usr/share/zoneinfo/right/America/Panama", "/usr/share/zoneinfo/right/America/Paramaribo", "/usr/share/zoneinfo/right/America/Phoenix", "/usr/share/zoneinfo/right/America/Port-au-Prince", "/usr/share/zoneinfo/right/America/Porto_Velho", "/usr/share/zoneinfo/right/America/Puerto_Rico", "/usr/share/zoneinfo/right/America/Punta_Arenas", "/usr/share/zoneinfo/right/America/Rankin_Inlet", "/usr/share/zoneinfo/right/America/Recife", "/usr/share/zoneinfo/right/America/Regina", "/usr/share/zoneinfo/right/America/Resolute", "/usr/share/zoneinfo/right/America/Rio_Branco", "/usr/share/zoneinfo/right/America/Santarem", "/usr/share/zoneinfo/right/America/Santiago", "/usr/share/zoneinfo/right/America/Santo_Domingo", "/usr/share/zoneinfo/right/America/Sao_Paulo", "/usr/share/zoneinfo/right/America/Scoresbysund", "/usr/share/zoneinfo/right/America/Sitka", "/usr/share/zoneinfo/right/America/St_Johns", "/usr/share/zoneinfo/right/America/Swift_Current", "/usr/share/zoneinfo/right/America/Tegucigalpa", "/usr/share/zoneinfo/right/America/Thule", "/usr/share/zoneinfo/right/America/Tijuana", "/usr/share/zoneinfo/right/America/Toronto", "/usr/share/zoneinfo/right/America/Vancouver", "/usr/share/zoneinfo/right/America/Whitehorse", "/usr/share/zoneinfo/right/America/Winnipeg", "/usr/share/zoneinfo/right/America/Yakutat", "/usr/share/zoneinfo/right/Antarctica/Casey", "/usr/share/zoneinfo/right/Antarctica/Davis", "/usr/share/zoneinfo/right/Antarctica/Macquarie", "/usr/share/zoneinfo/right/Antarctica/Mawson", "/usr/share/zoneinfo/right/Antarctica/Palmer", "/usr/share/zoneinfo/right/Antarctica/Rothera", "/usr/share/zoneinfo/right/Antarctica/Troll", "/usr/share/zoneinfo/right/Asia/Almaty", "/usr/share/zoneinfo/right/Asia/Amman", "/usr/share/zoneinfo/right/Asia/Anadyr", "/usr/share/zoneinfo/right/Asia/Aqtau", "/usr/share/zoneinfo/right/Asia/Aqtobe", "/usr/share/zoneinfo/right/Asia/Ashgabat", "/usr/share/zoneinfo/right/Asia/Atyrau", "/usr/share/zoneinfo/right/Asia/Baghdad", "/usr/share/zoneinfo/right/Asia/Baku", "/usr/share/zoneinfo/right/Asia/Bangkok", "/usr/share/zoneinfo/right/Asia/Barnaul", "/usr/share/zoneinfo/right/Asia/Beirut", "/usr/share/zoneinfo/right/Asia/Bishkek", "/usr/share/zoneinfo/right/Asia/Chita", "/usr/share/zoneinfo/right/Asia/Choibalsan", "/usr/share/zoneinfo/right/Asia/Colombo", "/usr/share/zoneinfo/right/Asia/Damascus", "/usr/share/zoneinfo/right/Asia/Dhaka", "/usr/share/zoneinfo/right/Asia/Dili", "/usr/share/zoneinfo/right/Asia/Dubai", "/usr/share/zoneinfo/right/Asia/Dushanbe", "/usr/share/zoneinfo/right/Asia/Famagusta", "/usr/share/zoneinfo/right/Asia/Gaza", "/usr/share/zoneinfo/right/Asia/Hebron", "/usr/share/zoneinfo/right/Asia/Ho_Chi_Minh", "/usr/share/zoneinfo/right/Asia/Hong_Kong", "/usr/share/zoneinfo/right/Asia/Hovd", "/usr/share/zoneinfo/right/Asia/Irkutsk", "/usr/share/zoneinfo/right/Asia/Jakarta", "/usr/share/zoneinfo/right/Asia/Jayapura", "/usr/share/zoneinfo/right/Asia/Jerusalem", "/usr/share/zoneinfo/right/Asia/Kabul", "/usr/share/zoneinfo/right/Asia/Kamchatka", "/usr/share/zoneinfo/right/Asia/Karachi", "/usr/share/zoneinfo/right/Asia/Kathmandu", "/usr/share/zoneinfo/right/Asia/Khandyga", "/usr/share/zoneinfo/right/Asia/Kolkata", "/usr/share/zoneinfo/right/Asia/Krasnoyarsk", "/usr/share/zoneinfo/right/Asia/Kuching", "/usr/share/zoneinfo/right/Asia/Macau", "/usr/share/zoneinfo/right/Asia/Magadan", "/usr/share/zoneinfo/right/Asia/Makassar", "/usr/share/zoneinfo/right/Asia/Manila", "/usr/share/zoneinfo/right/Asia/Nicosia", "/usr/share/zoneinfo/right/Asia/Novokuznetsk", "/usr/share/zoneinfo/right/Asia/Novosibirsk", "/usr/share/zoneinfo/right/Asia/Omsk", "/usr/share/zoneinfo/right/Asia/Oral", "/usr/share/zoneinfo/right/Asia/Pontianak", "/usr/share/zoneinfo/right/Asia/Pyongyang", "/usr/share/zoneinfo/right/Asia/Qatar", "/usr/share/zoneinfo/right/Asia/Qostanay", "/usr/share/zoneinfo/right/Asia/Qyzylorda", "/usr/share/zoneinfo/right/Asia/Riyadh", "/usr/share/zoneinfo/right/Asia/Sakhalin", "/usr/share/zoneinfo/right/Asia/Samarkand", "/usr/share/zoneinfo/right/Asia/Seoul", "/usr/share/zoneinfo/right/Asia/Shanghai", "/usr/share/zoneinfo/right/Asia/Singapore", "/usr/share/zoneinfo/right/Asia/Srednekolymsk", "/usr/share/zoneinfo/right/Asia/Taipei", "/usr/share/zoneinfo/right/Asia/Tashkent", "/usr/share/zoneinfo/right/Asia/Tbilisi", "/usr/share/zoneinfo/right/Asia/Tehran", "/usr/share/zoneinfo/right/Asia/Thimphu", "/usr/share/zoneinfo/right/Asia/Tokyo", "/usr/share/zoneinfo/right/Asia/Tomsk", "/usr/share/zoneinfo/right/Asia/Ulaanbaatar", "/usr/share/zoneinfo/right/Asia/Urumqi", "/usr/share/zoneinfo/right/Asia/Ust-Nera", "/usr/share/zoneinfo/right/Asia/Vladivostok", "/usr/share/zoneinfo/right/Asia/Yakutsk", "/usr/share/zoneinfo/right/Asia/Yangon", "/usr/share/zoneinfo/right/Asia/Yekaterinburg", "/usr/share/zoneinfo/right/Asia/Yerevan", "/usr/share/zoneinfo/right/Atlantic/Azores", "/usr/share/zoneinfo/right/Atlantic/Bermuda", "/usr/share/zoneinfo/right/Atlantic/Canary", "/usr/share/zoneinfo/right/Atlantic/Cape_Verde", "/usr/share/zoneinfo/right/Atlantic/Faroe", "/usr/share/zoneinfo/right/Atlantic/Madeira", "/usr/share/zoneinfo/right/Atlantic/South_Georgia", "/usr/share/zoneinfo/right/Atlantic/Stanley", "/usr/share/zoneinfo/right/Australia/Adelaide", "/usr/share/zoneinfo/right/Australia/Brisbane", "/usr/share/zoneinfo/right/Australia/Broken_Hill", "/usr/share/zoneinfo/right/Australia/Darwin", "/usr/share/zoneinfo/right/Australia/Eucla", "/usr/share/zoneinfo/right/Australia/Hobart", "/usr/share/zoneinfo/right/Australia/Lindeman", "/usr/share/zoneinfo/right/Australia/Lord_Howe", "/usr/share/zoneinfo/right/Australia/Melbourne", "/usr/share/zoneinfo/right/Australia/Perth", "/usr/share/zoneinfo/right/Australia/Sydney", "/usr/share/zoneinfo/right/CET", "/usr/share/zoneinfo/right/CST6CDT", "/usr/share/zoneinfo/right/EET", "/usr/share/zoneinfo/right/EST", "/usr/share/zoneinfo/right/EST5EDT", "/usr/share/zoneinfo/right/Etc/GMT", "/usr/share/zoneinfo/right/Etc/GMT+1", "/usr/share/zoneinfo/right/Etc/GMT+10", "/usr/share/zoneinfo/right/Etc/GMT+11", "/usr/share/zoneinfo/right/Etc/GMT+12", "/usr/share/zoneinfo/right/Etc/GMT+2", "/usr/share/zoneinfo/right/Etc/GMT+3", "/usr/share/zoneinfo/right/Etc/GMT+4", "/usr/share/zoneinfo/right/Etc/GMT+5", "/usr/share/zoneinfo/right/Etc/GMT+6", "/usr/share/zoneinfo/right/Etc/GMT+7", "/usr/share/zoneinfo/right/Etc/GMT+8", "/usr/share/zoneinfo/right/Etc/GMT+9", "/usr/share/zoneinfo/right/Etc/GMT-1", "/usr/share/zoneinfo/right/Etc/GMT-10", "/usr/share/zoneinfo/right/Etc/GMT-11", "/usr/share/zoneinfo/right/Etc/GMT-12", "/usr/share/zoneinfo/right/Etc/GMT-13", "/usr/share/zoneinfo/right/Etc/GMT-14", "/usr/share/zoneinfo/right/Etc/GMT-2", "/usr/share/zoneinfo/right/Etc/GMT-3", "/usr/share/zoneinfo/right/Etc/GMT-4", "/usr/share/zoneinfo/right/Etc/GMT-5", "/usr/share/zoneinfo/right/Etc/GMT-6", "/usr/share/zoneinfo/right/Etc/GMT-7", "/usr/share/zoneinfo/right/Etc/GMT-8", "/usr/share/zoneinfo/right/Etc/GMT-9", "/usr/share/zoneinfo/right/Etc/UTC", "/usr/share/zoneinfo/right/Europe/Andorra", "/usr/share/zoneinfo/right/Europe/Astrakhan", "/usr/share/zoneinfo/right/Europe/Athens", "/usr/share/zoneinfo/right/Europe/Belgrade", "/usr/share/zoneinfo/right/Europe/Berlin", "/usr/share/zoneinfo/right/Europe/Brussels", "/usr/share/zoneinfo/right/Europe/Bucharest", "/usr/share/zoneinfo/right/Europe/Budapest", "/usr/share/zoneinfo/right/Europe/Chisinau", "/usr/share/zoneinfo/right/Europe/Dublin", "/usr/share/zoneinfo/right/Europe/Gibraltar", "/usr/share/zoneinfo/right/Europe/Helsinki", "/usr/share/zoneinfo/right/Europe/Istanbul", "/usr/share/zoneinfo/right/Europe/Kaliningrad", "/usr/share/zoneinfo/right/Europe/Kirov", "/usr/share/zoneinfo/right/Europe/Kyiv", "/usr/share/zoneinfo/right/Europe/Lisbon", "/usr/share/zoneinfo/right/Europe/London", "/usr/share/zoneinfo/right/Europe/Madrid", "/usr/share/zoneinfo/right/Europe/Malta", "/usr/share/zoneinfo/right/Europe/Minsk", "/usr/share/zoneinfo/right/Europe/Moscow", "/usr/share/zoneinfo/right/Europe/Paris", "/usr/share/zoneinfo/right/Europe/Prague", "/usr/share/zoneinfo/right/Europe/Riga", "/usr/share/zoneinfo/right/Europe/Rome", "/usr/share/zoneinfo/right/Europe/Samara", "/usr/share/zoneinfo/right/Europe/Saratov", "/usr/share/zoneinfo/right/Europe/Simferopol", "/usr/share/zoneinfo/right/Europe/Sofia", "/usr/share/zoneinfo/right/Europe/Tallinn", "/usr/share/zoneinfo/right/Europe/Tirane", "/usr/share/zoneinfo/right/Europe/Ulyanovsk", "/usr/share/zoneinfo/right/Europe/Vienna", "/usr/share/zoneinfo/right/Europe/Vilnius", "/usr/share/zoneinfo/right/Europe/Volgograd", "/usr/share/zoneinfo/right/Europe/Warsaw", "/usr/share/zoneinfo/right/Europe/Zurich", "/usr/share/zoneinfo/right/Factory", "/usr/share/zoneinfo/right/HST", "/usr/share/zoneinfo/right/Indian/Chagos", "/usr/share/zoneinfo/right/Indian/Maldives", "/usr/share/zoneinfo/right/Indian/Mauritius", "/usr/share/zoneinfo/right/MET", "/usr/share/zoneinfo/right/MST", "/usr/share/zoneinfo/right/MST7MDT", "/usr/share/zoneinfo/right/PST8PDT", "/usr/share/zoneinfo/right/Pacific/Apia", "/usr/share/zoneinfo/right/Pacific/Auckland", "/usr/share/zoneinfo/right/Pacific/Bougainville", "/usr/share/zoneinfo/right/Pacific/Chatham", "/usr/share/zoneinfo/right/Pacific/Easter", "/usr/share/zoneinfo/right/Pacific/Efate", "/usr/share/zoneinfo/right/Pacific/Fakaofo", "/usr/share/zoneinfo/right/Pacific/Fiji", "/usr/share/zoneinfo/right/Pacific/Galapagos", "/usr/share/zoneinfo/right/Pacific/Gambier", "/usr/share/zoneinfo/right/Pacific/Guadalcanal", "/usr/share/zoneinfo/right/Pacific/Guam", "/usr/share/zoneinfo/right/Pacific/Honolulu", "/usr/share/zoneinfo/right/Pacific/Kanton", "/usr/share/zoneinfo/right/Pacific/Kiritimati", "/usr/share/zoneinfo/right/Pacific/Kosrae", "/usr/share/zoneinfo/right/Pacific/Kwajalein", "/usr/share/zoneinfo/right/Pacific/Marquesas", "/usr/share/zoneinfo/right/Pacific/Nauru", "/usr/share/zoneinfo/right/Pacific/Niue", "/usr/share/zoneinfo/right/Pacific/Norfolk", "/usr/share/zoneinfo/right/Pacific/Noumea", "/usr/share/zoneinfo/right/Pacific/Pago_Pago", "/usr/share/zoneinfo/right/Pacific/Palau", "/usr/share/zoneinfo/right/Pacific/Pitcairn", "/usr/share/zoneinfo/right/Pacific/Port_Moresby", "/usr/share/zoneinfo/right/Pacific/Rarotonga", "/usr/share/zoneinfo/right/Pacific/Tahiti", "/usr/share/zoneinfo/right/Pacific/Tarawa", "/usr/share/zoneinfo/right/Pacific/Tongatapu", "/usr/share/zoneinfo/right/WET", "/usr/share/zoneinfo/tzdata.zi", "/usr/share/zoneinfo/zone.tab", "/usr/share/zoneinfo/zone1970.tab" ], "AnalyzedBy": "dpkg" }, { "ID": "ubuntu-keyring@2020.02.11.4", "Name": "ubuntu-keyring", "Identifier": { "PURL": "pkg:deb/ubuntu/ubuntu-keyring@2020.02.11.4?arch=all\u0026distro=ubuntu-20.04", "UID": "171f129b474e838b" }, "Version": "2020.02.11.4", "Arch": "all", "SrcName": "ubuntu-keyring", "SrcVersion": "2020.02.11.4", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Dimitri John Ledkov \u003cdimitri.ledkov@canonical.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg", "/etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg", "/etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg", "/usr/share/doc/ubuntu-keyring/changelog.gz", "/usr/share/doc/ubuntu-keyring/copyright", "/usr/share/keyrings/ubuntu-archive-keyring.gpg", "/usr/share/keyrings/ubuntu-archive-removed-keys.gpg", "/usr/share/keyrings/ubuntu-cloudimage-keyring.gpg", "/usr/share/keyrings/ubuntu-cloudimage-removed-keys.gpg", "/usr/share/keyrings/ubuntu-master-keyring.gpg" ], "AnalyzedBy": "dpkg" }, { "ID": "util-linux@2.34-0.1ubuntu9.3", "Name": "util-linux", "Identifier": { "PURL": "pkg:deb/ubuntu/util-linux@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "7e27c675dec861ed" }, "Version": "2.34", "Release": "0.1ubuntu9.3", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.34", "SrcRelease": "0.1ubuntu9.3", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "public-domain", "BSD-4-Clause", "MIT", "BSD-2-Clause", "BSD-3-Clause", "LGPL-2.0-or-later", "LGPL-2.1-or-later", "GPL-3.0-or-later", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "login@1:4.8.1-1ubuntu5.20.04.4" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/bin/dmesg", "/bin/findmnt", "/bin/lsblk", "/bin/more", "/bin/mountpoint", "/bin/su", "/bin/wdctl", "/lib/systemd/system/fstrim.service", "/lib/systemd/system/fstrim.timer", "/lib/udev/hwclock-set", "/sbin/agetty", "/sbin/blkdiscard", "/sbin/blkid", "/sbin/blkzone", "/sbin/blockdev", "/sbin/chcpu", "/sbin/ctrlaltdel", "/sbin/findfs", "/sbin/fsck", "/sbin/fsck.cramfs", "/sbin/fsck.minix", "/sbin/fsfreeze", "/sbin/fstrim", "/sbin/hwclock", "/sbin/isosize", "/sbin/mkfs", "/sbin/mkfs.bfs", "/sbin/mkfs.cramfs", "/sbin/mkfs.minix", "/sbin/mkswap", "/sbin/pivot_root", "/sbin/raw", "/sbin/runuser", "/sbin/sulogin", "/sbin/swaplabel", "/sbin/switch_root", "/sbin/wipefs", "/sbin/zramctl", "/usr/bin/addpart", "/usr/bin/choom", "/usr/bin/chrt", "/usr/bin/delpart", "/usr/bin/fallocate", "/usr/bin/fincore", "/usr/bin/flock", "/usr/bin/getopt", "/usr/bin/ionice", "/usr/bin/ipcmk", "/usr/bin/ipcrm", "/usr/bin/ipcs", "/usr/bin/last", "/usr/bin/lscpu", "/usr/bin/lsipc", "/usr/bin/lslocks", "/usr/bin/lslogins", "/usr/bin/lsmem", "/usr/bin/lsns", "/usr/bin/mcookie", "/usr/bin/mesg", "/usr/bin/namei", "/usr/bin/nsenter", "/usr/bin/partx", "/usr/bin/prlimit", "/usr/bin/rename.ul", "/usr/bin/resizepart", "/usr/bin/rev", "/usr/bin/setarch", "/usr/bin/setpriv", "/usr/bin/setsid", "/usr/bin/setterm", "/usr/bin/taskset", "/usr/bin/unshare", "/usr/bin/utmpdump", "/usr/bin/whereis", "/usr/lib/mime/packages/util-linux", "/usr/sbin/chmem", "/usr/sbin/fdformat", "/usr/sbin/ldattach", "/usr/sbin/readprofile", "/usr/sbin/rtcwake", "/usr/share/bash-completion/completions/addpart", "/usr/share/bash-completion/completions/blkdiscard", "/usr/share/bash-completion/completions/blkid", "/usr/share/bash-completion/completions/blkzone", "/usr/share/bash-completion/completions/blockdev", "/usr/share/bash-completion/completions/chcpu", "/usr/share/bash-completion/completions/chmem", "/usr/share/bash-completion/completions/chrt", "/usr/share/bash-completion/completions/ctrlaltdel", "/usr/share/bash-completion/completions/delpart", "/usr/share/bash-completion/completions/dmesg", "/usr/share/bash-completion/completions/fallocate", "/usr/share/bash-completion/completions/fdformat", "/usr/share/bash-completion/completions/fincore", "/usr/share/bash-completion/completions/findfs", "/usr/share/bash-completion/completions/findmnt", "/usr/share/bash-completion/completions/flock", "/usr/share/bash-completion/completions/fsck", "/usr/share/bash-completion/completions/fsck.cramfs", "/usr/share/bash-completion/completions/fsck.minix", "/usr/share/bash-completion/completions/fsfreeze", "/usr/share/bash-completion/completions/fstrim", "/usr/share/bash-completion/completions/getopt", "/usr/share/bash-completion/completions/hwclock", "/usr/share/bash-completion/completions/ionice", "/usr/share/bash-completion/completions/ipcmk", "/usr/share/bash-completion/completions/ipcrm", "/usr/share/bash-completion/completions/ipcs", "/usr/share/bash-completion/completions/isosize", "/usr/share/bash-completion/completions/last", "/usr/share/bash-completion/completions/ldattach", "/usr/share/bash-completion/completions/lsblk", "/usr/share/bash-completion/completions/lscpu", "/usr/share/bash-completion/completions/lsipc", "/usr/share/bash-completion/completions/lslocks", "/usr/share/bash-completion/completions/lslogins", "/usr/share/bash-completion/completions/lsmem", "/usr/share/bash-completion/completions/lsns", "/usr/share/bash-completion/completions/mcookie", "/usr/share/bash-completion/completions/mesg", "/usr/share/bash-completion/completions/mkfs", "/usr/share/bash-completion/completions/mkfs.bfs", "/usr/share/bash-completion/completions/mkfs.cramfs", "/usr/share/bash-completion/completions/mkfs.minix", "/usr/share/bash-completion/completions/mkswap", "/usr/share/bash-completion/completions/more", "/usr/share/bash-completion/completions/mountpoint", "/usr/share/bash-completion/completions/namei", "/usr/share/bash-completion/completions/nsenter", "/usr/share/bash-completion/completions/partx", "/usr/share/bash-completion/completions/pivot_root", "/usr/share/bash-completion/completions/prlimit", "/usr/share/bash-completion/completions/raw", "/usr/share/bash-completion/completions/readprofile", "/usr/share/bash-completion/completions/resizepart", "/usr/share/bash-completion/completions/rev", "/usr/share/bash-completion/completions/rtcwake", "/usr/share/bash-completion/completions/setarch", "/usr/share/bash-completion/completions/setpriv", "/usr/share/bash-completion/completions/setsid", "/usr/share/bash-completion/completions/setterm", "/usr/share/bash-completion/completions/su", "/usr/share/bash-completion/completions/swaplabel", "/usr/share/bash-completion/completions/taskset", "/usr/share/bash-completion/completions/unshare", "/usr/share/bash-completion/completions/utmpdump", "/usr/share/bash-completion/completions/wdctl", "/usr/share/bash-completion/completions/whereis", "/usr/share/bash-completion/completions/wipefs", "/usr/share/bash-completion/completions/zramctl", "/usr/share/doc/util-linux/00-about-docs.txt", "/usr/share/doc/util-linux/AUTHORS.gz", "/usr/share/doc/util-linux/NEWS.Debian.gz", "/usr/share/doc/util-linux/PAM-configuration.txt", "/usr/share/doc/util-linux/README.Debian", "/usr/share/doc/util-linux/blkid.txt", "/usr/share/doc/util-linux/cal.txt", "/usr/share/doc/util-linux/col.txt", "/usr/share/doc/util-linux/copyright", "/usr/share/doc/util-linux/deprecated.txt", "/usr/share/doc/util-linux/examples/filesystems", "/usr/share/doc/util-linux/examples/fstab", "/usr/share/doc/util-linux/examples/fstab.example2", "/usr/share/doc/util-linux/examples/getopt-parse.bash", "/usr/share/doc/util-linux/examples/getopt-parse.tcsh", "/usr/share/doc/util-linux/examples/motd", "/usr/share/doc/util-linux/examples/securetty", "/usr/share/doc/util-linux/examples/shells", "/usr/share/doc/util-linux/examples/udev-raw.rules", "/usr/share/doc/util-linux/getopt.txt", "/usr/share/doc/util-linux/getopt_changelog.txt", "/usr/share/doc/util-linux/howto-build-sys.txt", "/usr/share/doc/util-linux/howto-compilation.txt", "/usr/share/doc/util-linux/howto-contribute.txt.gz", "/usr/share/doc/util-linux/howto-debug.txt", "/usr/share/doc/util-linux/howto-man-page.txt.gz", "/usr/share/doc/util-linux/howto-pull-request.txt.gz", "/usr/share/doc/util-linux/howto-tests.txt", "/usr/share/doc/util-linux/howto-usage-function.txt.gz", "/usr/share/doc/util-linux/hwclock.txt", "/usr/share/doc/util-linux/modems-with-agetty.txt", "/usr/share/doc/util-linux/mount.txt", "/usr/share/doc/util-linux/parse-date.txt.gz", "/usr/share/doc/util-linux/pg.txt", "/usr/share/doc/util-linux/poeigl.txt.gz", "/usr/share/doc/util-linux/release-schedule.txt", "/usr/share/doc/util-linux/releases/v2.13-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.14-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.15-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.16-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.17-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.18-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.19-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.20-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.21-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.22-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.23-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.24-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.25-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.26-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.27-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.28-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.29-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.30-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.31-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.32-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.33-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.34-ReleaseNotes.gz", "/usr/share/lintian/overrides/util-linux", "/usr/share/man/man1/choom.1.gz", "/usr/share/man/man1/chrt.1.gz", "/usr/share/man/man1/dmesg.1.gz", "/usr/share/man/man1/fallocate.1.gz", "/usr/share/man/man1/fincore.1.gz", "/usr/share/man/man1/flock.1.gz", "/usr/share/man/man1/getopt.1.gz", "/usr/share/man/man1/ionice.1.gz", "/usr/share/man/man1/ipcmk.1.gz", "/usr/share/man/man1/ipcrm.1.gz", "/usr/share/man/man1/ipcs.1.gz", "/usr/share/man/man1/last.1.gz", "/usr/share/man/man1/lscpu.1.gz", "/usr/share/man/man1/lsipc.1.gz", "/usr/share/man/man1/lslogins.1.gz", "/usr/share/man/man1/lsmem.1.gz", "/usr/share/man/man1/mcookie.1.gz", "/usr/share/man/man1/mesg.1.gz", "/usr/share/man/man1/more.1.gz", "/usr/share/man/man1/mountpoint.1.gz", "/usr/share/man/man1/namei.1.gz", "/usr/share/man/man1/nsenter.1.gz", "/usr/share/man/man1/prlimit.1.gz", "/usr/share/man/man1/rename.ul.1.gz", "/usr/share/man/man1/rev.1.gz", "/usr/share/man/man1/runuser.1.gz", "/usr/share/man/man1/setpriv.1.gz", "/usr/share/man/man1/setsid.1.gz", "/usr/share/man/man1/setterm.1.gz", "/usr/share/man/man1/su.1.gz", "/usr/share/man/man1/taskset.1.gz", "/usr/share/man/man1/unshare.1.gz", "/usr/share/man/man1/utmpdump.1.gz", "/usr/share/man/man1/whereis.1.gz", "/usr/share/man/man5/adjtime_config.5.gz", "/usr/share/man/man5/hwclock.5.gz", "/usr/share/man/man5/terminal-colors.d.5.gz", "/usr/share/man/man8/addpart.8.gz", "/usr/share/man/man8/agetty.8.gz", "/usr/share/man/man8/blkdiscard.8.gz", "/usr/share/man/man8/blkid.8.gz", "/usr/share/man/man8/blkzone.8.gz", "/usr/share/man/man8/blockdev.8.gz", "/usr/share/man/man8/chcpu.8.gz", "/usr/share/man/man8/chmem.8.gz", "/usr/share/man/man8/ctrlaltdel.8.gz", "/usr/share/man/man8/delpart.8.gz", "/usr/share/man/man8/fdformat.8.gz", "/usr/share/man/man8/findfs.8.gz", "/usr/share/man/man8/findmnt.8.gz", "/usr/share/man/man8/fsck.8.gz", "/usr/share/man/man8/fsck.cramfs.8.gz", "/usr/share/man/man8/fsck.minix.8.gz", "/usr/share/man/man8/fsfreeze.8.gz", "/usr/share/man/man8/fstrim.8.gz", "/usr/share/man/man8/hwclock.8.gz", "/usr/share/man/man8/isosize.8.gz", "/usr/share/man/man8/ldattach.8.gz", "/usr/share/man/man8/lsblk.8.gz", "/usr/share/man/man8/lslocks.8.gz", "/usr/share/man/man8/lsns.8.gz", "/usr/share/man/man8/mkfs.8.gz", "/usr/share/man/man8/mkfs.bfs.8.gz", "/usr/share/man/man8/mkfs.cramfs.8.gz", "/usr/share/man/man8/mkfs.minix.8.gz", "/usr/share/man/man8/mkswap.8.gz", "/usr/share/man/man8/partx.8.gz", "/usr/share/man/man8/pivot_root.8.gz", "/usr/share/man/man8/raw.8.gz", "/usr/share/man/man8/readprofile.8.gz", "/usr/share/man/man8/resizepart.8.gz", "/usr/share/man/man8/rtcwake.8.gz", "/usr/share/man/man8/setarch.8.gz", "/usr/share/man/man8/sulogin.8.gz", "/usr/share/man/man8/swaplabel.8.gz", "/usr/share/man/man8/switch_root.8.gz", "/usr/share/man/man8/wdctl.8.gz", "/usr/share/man/man8/wipefs.8.gz", "/usr/share/man/man8/zramctl.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "xz-utils@5.2.4-1ubuntu1.1", "Name": "xz-utils", "Identifier": { "PURL": "pkg:deb/ubuntu/xz-utils@5.2.4-1ubuntu1.1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "974d966ce8465f86" }, "Version": "5.2.4", "Release": "1ubuntu1.1", "Arch": "amd64", "SrcName": "xz-utils", "SrcVersion": "5.2.4", "SrcRelease": "1ubuntu1.1", "Licenses": [ "PD", "probably-PD", "GPL-2.0-or-later", "LGPL-2.1-or-later", "permissive-fsf", "Autoconf", "permissive-nowarranty", "GPL-2.0-only", "none", "config-h", "LGPL-2.0-only", "LGPL-2.1-only", "noderivs", "PD-debian", "GPL-3.0-only" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "liblzma5@5.2.4-1ubuntu1.1" ], "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "InstalledFiles": [ "/usr/bin/lzmainfo", "/usr/bin/xz", "/usr/bin/xzdiff", "/usr/bin/xzgrep", "/usr/bin/xzless", "/usr/bin/xzmore", "/usr/share/doc/xz-utils/README.Debian", "/usr/share/doc/xz-utils/README.gz", "/usr/share/doc/xz-utils/copyright", "/usr/share/doc/xz-utils/extra/7z2lzma/7z2lzma.bash", "/usr/share/doc/xz-utils/extra/scanlzma/scanlzma.c", "/usr/share/doc/xz-utils/faq.txt.gz", "/usr/share/doc/xz-utils/history.txt.gz", "/usr/share/man/man1/lzmainfo.1.gz", "/usr/share/man/man1/xz.1.gz", "/usr/share/man/man1/xzdiff.1.gz", "/usr/share/man/man1/xzgrep.1.gz", "/usr/share/man/man1/xzless.1.gz", "/usr/share/man/man1/xzmore.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "zlib1g@1:1.2.11.dfsg-2ubuntu1.5", "Name": "zlib1g", "Identifier": { "PURL": "pkg:deb/ubuntu/zlib1g@1.2.11.dfsg-2ubuntu1.5?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "cfc4093dfe4613c8" }, "Version": "1.2.11.dfsg", "Release": "2ubuntu1.5", "Epoch": 1, "Arch": "amd64", "SrcName": "zlib", "SrcVersion": "1.2.11.dfsg", "SrcRelease": "2ubuntu1.5", "SrcEpoch": 1, "Licenses": [ "Zlib" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9" ], "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "InstalledFiles": [ "/lib/x86_64-linux-gnu/libz.so.1.2.11", "/usr/share/doc/zlib1g/changelog.Debian.gz", "/usr/share/doc/zlib1g/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "zstd@1.4.4+dfsg-3ubuntu0.1", "Name": "zstd", "Identifier": { "PURL": "pkg:deb/ubuntu/zstd@1.4.4%2Bdfsg-3ubuntu0.1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "c241c66ea148cdc1" }, "Version": "1.4.4+dfsg", "Release": "3ubuntu0.1", "Arch": "amd64", "SrcName": "libzstd", "SrcVersion": "1.4.4+dfsg", "SrcRelease": "3ubuntu0.1", "Licenses": [ "BSD-3-Clause", "GPL-2.0-only", "Zlib", "GPL-2.0-or-later", "MIT" ], "Maintainer": "Ubuntu Developers \u003cubuntu-devel-discuss@lists.ubuntu.com\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.31-0ubuntu9.9", "libgcc-s1@10.3.0-1ubuntu1~20.04", "liblz4-1@1.9.2-2ubuntu0.20.04.1", "liblzma5@5.2.4-1ubuntu1.1", "libstdc++6@10.3.0-1ubuntu1~20.04", "zlib1g@1:1.2.11.dfsg-2ubuntu1.5" ], "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "InstalledFiles": [ "/usr/bin/pzstd", "/usr/bin/zstd", "/usr/bin/zstdgrep", "/usr/bin/zstdless", "/usr/share/doc/zstd/CODE_OF_CONDUCT.md", "/usr/share/doc/zstd/CONTRIBUTING.md", "/usr/share/doc/zstd/README.md.gz", "/usr/share/doc/zstd/TESTING.md", "/usr/share/doc/zstd/changelog.Debian.gz", "/usr/share/doc/zstd/copyright", "/usr/share/man/man1/pzstd.1.gz", "/usr/share/man/man1/unzstd.1.gz", "/usr/share/man/man1/zstd.1.gz", "/usr/share/man/man1/zstdcat.1.gz", "/usr/share/man/man1/zstdgrep.1.gz", "/usr/share/man/man1/zstdless.1.gz", "/usr/share/man/man1/zstdmt.1.gz" ], "AnalyzedBy": "dpkg" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2024-28085", "PkgID": "bsdutils@1:2.34-0.1ubuntu9.3", "PkgName": "bsdutils", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/bsdutils@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "c2f19fe3db589c3b" }, "InstalledVersion": "1:2.34-0.1ubuntu9.3", "FixedVersion": "2.34-0.1ubuntu9.6", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28085", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:dcc86debc2625a2205e72ae130e4acb371c763f9526934b0f197a308b03528ba", "Title": "util-linux: CVE-2024-28085: wall: escape sequence injection", "Description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "Severity": "MEDIUM", "CweIDs": [ "CWE-150" ], "VendorSeverity": { "azure": 1, "cbl-mariner": 1, "photon": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.4 } }, "References": [ "http://seclists.org/fulldisclosure/2024/Mar/35", "http://www.openwall.com/lists/oss-security/2024/03/27/5", "http://www.openwall.com/lists/oss-security/2024/03/27/6", "http://www.openwall.com/lists/oss-security/2024/03/27/7", "http://www.openwall.com/lists/oss-security/2024/03/27/8", "http://www.openwall.com/lists/oss-security/2024/03/27/9", "http://www.openwall.com/lists/oss-security/2024/03/28/1", "http://www.openwall.com/lists/oss-security/2024/03/28/2", "http://www.openwall.com/lists/oss-security/2024/03/28/3", "https://access.redhat.com/security/cve/CVE-2024-28085", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-202008.html", "https://github.com/skyler-ferrante/CVE-2024-28085", "https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq", "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", "https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/", "https://nvd.nist.gov/vuln/detail/CVE-2024-28085", "https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt", "https://security.netapp.com/advisory/ntap-20240531-0003/", "https://ubuntu.com/security/notices/USN-6719-1", "https://ubuntu.com/security/notices/USN-6719-2", "https://www.cve.org/CVERecord?id=CVE-2024-28085", "https://www.openwall.com/lists/oss-security/2024/03/27/5" ], "PublishedDate": "2024-03-27T19:15:48.367Z", "LastModifiedDate": "2026-05-12T12:16:33.7Z" }, { "VulnerabilityID": "CVE-2024-28085", "PkgID": "fdisk@2.34-0.1ubuntu9.3", "PkgName": "fdisk", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/fdisk@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "e93cc0834325a9d6" }, "InstalledVersion": "2.34-0.1ubuntu9.3", "FixedVersion": "2.34-0.1ubuntu9.6", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28085", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8c6d839b16d74a99a59a1c5e87c95b3646588a7a0c3049e1be96153369d3f7cc", "Title": "util-linux: CVE-2024-28085: wall: escape sequence injection", "Description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "Severity": "MEDIUM", "CweIDs": [ "CWE-150" ], "VendorSeverity": { "azure": 1, "cbl-mariner": 1, "photon": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.4 } }, "References": [ "http://seclists.org/fulldisclosure/2024/Mar/35", "http://www.openwall.com/lists/oss-security/2024/03/27/5", "http://www.openwall.com/lists/oss-security/2024/03/27/6", "http://www.openwall.com/lists/oss-security/2024/03/27/7", "http://www.openwall.com/lists/oss-security/2024/03/27/8", "http://www.openwall.com/lists/oss-security/2024/03/27/9", "http://www.openwall.com/lists/oss-security/2024/03/28/1", "http://www.openwall.com/lists/oss-security/2024/03/28/2", "http://www.openwall.com/lists/oss-security/2024/03/28/3", "https://access.redhat.com/security/cve/CVE-2024-28085", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-202008.html", "https://github.com/skyler-ferrante/CVE-2024-28085", "https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq", "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", "https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/", "https://nvd.nist.gov/vuln/detail/CVE-2024-28085", "https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt", "https://security.netapp.com/advisory/ntap-20240531-0003/", "https://ubuntu.com/security/notices/USN-6719-1", "https://ubuntu.com/security/notices/USN-6719-2", "https://www.cve.org/CVERecord?id=CVE-2024-28085", "https://www.openwall.com/lists/oss-security/2024/03/27/5" ], "PublishedDate": "2024-03-27T19:15:48.367Z", "LastModifiedDate": "2026-05-12T12:16:33.7Z" }, { "VulnerabilityID": "CVE-2023-4156", "PkgID": "gawk@1:5.0.1+dfsg-1", "PkgName": "gawk", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/gawk@5.0.1%2Bdfsg-1?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "e7d9fd5e0ccccae5" }, "InstalledVersion": "1:5.0.1+dfsg-1", "FixedVersion": "1:5.0.1+dfsg-1ubuntu0.1", "Status": "fixed", "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-4156", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a5586142305ed8f70b5c5b8742c0eda9264fc5ad7e521a2f24bc30b4b64403cc", "Title": "gawk: heap out of bound read in builtin.c", "Description": "A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "amazon": 1, "cbl-mariner": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "V3Score": 7.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-4156", "https://bugzilla.redhat.com/show_bug.cgi?id=2215930", "https://git.savannah.gnu.org/gitweb/?p=gawk.git;a=commitdiff;h=e709eb829448ce040087a3fc5481db6bfcaae212 (gawk-5.2.0)", "https://mail.gnu.org/archive/html/bug-gawk/2022-08/msg00000.html", "https://mail.gnu.org/archive/html/bug-gawk/2022-08/msg00023.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-4156", "https://ubuntu.com/security/notices/USN-6373-1", "https://www.cve.org/CVERecord?id=CVE-2023-4156" ], "PublishedDate": "2023-09-25T18:15:11.013Z", "LastModifiedDate": "2024-11-21T08:34:30.16Z" }, { "VulnerabilityID": "CVE-2025-30258", "PkgID": "gpg@2.2.19-3ubuntu2.2", "PkgName": "gpg", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/gpg@2.2.19-3ubuntu2.2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "c3f3b0f55f5d5301" }, "InstalledVersion": "2.2.19-3ubuntu2.2", "FixedVersion": "2.2.19-3ubuntu2.4", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:50bd8b9ac64aae0c6357ec1b119ba46be2753a04929fa5b368def5c3face3ade", "Title": "gnupg: verification DoS due to a malicious subkey in the keyring", "Description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "Severity": "MEDIUM", "CweIDs": [ "CWE-754" ], "VendorSeverity": { "amazon": 1, "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "V3Score": 2.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-30258", "https://dev.gnupg.org/T7527", "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "https://ubuntu.com/security/notices/USN-7412-1", "https://ubuntu.com/security/notices/USN-7412-3", "https://www.cve.org/CVERecord?id=CVE-2025-30258" ], "PublishedDate": "2025-03-19T20:15:20.14Z", "LastModifiedDate": "2025-10-16T16:53:07.557Z" }, { "VulnerabilityID": "CVE-2025-30258", "PkgID": "gpgconf@2.2.19-3ubuntu2.2", "PkgName": "gpgconf", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/gpgconf@2.2.19-3ubuntu2.2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "fc417bd7bd03106c" }, "InstalledVersion": "2.2.19-3ubuntu2.2", "FixedVersion": "2.2.19-3ubuntu2.4", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:67958bf0bc9cf0c596f07ea49621022d056aabf5c0f3483160f6bcf0ee04b33b", "Title": "gnupg: verification DoS due to a malicious subkey in the keyring", "Description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "Severity": "MEDIUM", "CweIDs": [ "CWE-754" ], "VendorSeverity": { "amazon": 1, "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "V3Score": 2.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-30258", "https://dev.gnupg.org/T7527", "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "https://ubuntu.com/security/notices/USN-7412-1", "https://ubuntu.com/security/notices/USN-7412-3", "https://www.cve.org/CVERecord?id=CVE-2025-30258" ], "PublishedDate": "2025-03-19T20:15:20.14Z", "LastModifiedDate": "2025-10-16T16:53:07.557Z" }, { "VulnerabilityID": "CVE-2025-30258", "PkgID": "gpgv@2.2.19-3ubuntu2.2", "PkgName": "gpgv", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/gpgv@2.2.19-3ubuntu2.2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "94c47271b8f35208" }, "InstalledVersion": "2.2.19-3ubuntu2.2", "FixedVersion": "2.2.19-3ubuntu2.4", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d0a360b33ea7a53f366e8c6b8fa3910517df123cad4e0649ee9a3c6ad95b8ab1", "Title": "gnupg: verification DoS due to a malicious subkey in the keyring", "Description": "In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a \"verification DoS.\"", "Severity": "MEDIUM", "CweIDs": [ "CWE-754" ], "VendorSeverity": { "amazon": 1, "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L", "V3Score": 2.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-30258", "https://dev.gnupg.org/T7527", "https://dev.gnupg.org/rG48978ccb4e20866472ef18436a32744350a65158", "https://lists.gnupg.org/pipermail/gnupg-announce/2025q1/000491.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-30258", "https://ubuntu.com/security/notices/USN-7412-1", "https://ubuntu.com/security/notices/USN-7412-3", "https://www.cve.org/CVERecord?id=CVE-2025-30258" ], "PublishedDate": "2025-03-19T20:15:20.14Z", "LastModifiedDate": "2025-10-16T16:53:07.557Z" }, { "VulnerabilityID": "CVE-2024-28085", "PkgID": "libblkid1@2.34-0.1ubuntu9.3", "PkgName": "libblkid1", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libblkid1@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "97537d4ff7af8af0" }, "InstalledVersion": "2.34-0.1ubuntu9.3", "FixedVersion": "2.34-0.1ubuntu9.6", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28085", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:2bc304354120fa98c9e0875a3d760707d9b4fcea877568abf9b330193b15ce10", "Title": "util-linux: CVE-2024-28085: wall: escape sequence injection", "Description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "Severity": "MEDIUM", "CweIDs": [ "CWE-150" ], "VendorSeverity": { "azure": 1, "cbl-mariner": 1, "photon": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.4 } }, "References": [ "http://seclists.org/fulldisclosure/2024/Mar/35", "http://www.openwall.com/lists/oss-security/2024/03/27/5", "http://www.openwall.com/lists/oss-security/2024/03/27/6", "http://www.openwall.com/lists/oss-security/2024/03/27/7", "http://www.openwall.com/lists/oss-security/2024/03/27/8", "http://www.openwall.com/lists/oss-security/2024/03/27/9", "http://www.openwall.com/lists/oss-security/2024/03/28/1", "http://www.openwall.com/lists/oss-security/2024/03/28/2", "http://www.openwall.com/lists/oss-security/2024/03/28/3", "https://access.redhat.com/security/cve/CVE-2024-28085", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-202008.html", "https://github.com/skyler-ferrante/CVE-2024-28085", "https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq", "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", "https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/", "https://nvd.nist.gov/vuln/detail/CVE-2024-28085", "https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt", "https://security.netapp.com/advisory/ntap-20240531-0003/", "https://ubuntu.com/security/notices/USN-6719-1", "https://ubuntu.com/security/notices/USN-6719-2", "https://www.cve.org/CVERecord?id=CVE-2024-28085", "https://www.openwall.com/lists/oss-security/2024/03/27/5" ], "PublishedDate": "2024-03-27T19:15:48.367Z", "LastModifiedDate": "2026-05-12T12:16:33.7Z" }, { "VulnerabilityID": "CVE-2024-2961", "PkgID": "libc-bin@2.31-0ubuntu9.9", "PkgName": "libc-bin", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libc-bin@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", "UID": "e0f705ec068d1f26" }, "InstalledVersion": "2.31-0ubuntu9.9", "FixedVersion": "2.31-0ubuntu9.15", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-2961", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1f2b6349b89ac60d1388c9bd6ee6f113b4a2c859ea30810d8efed362d102cc57", "Title": "glibc: Out of bounds write in iconv may lead to remote code execution", "Description": "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/04/17/9", "http://www.openwall.com/lists/oss-security/2024/04/18/4", "http://www.openwall.com/lists/oss-security/2024/04/24/2", "http://www.openwall.com/lists/oss-security/2024/05/27/1", "http://www.openwall.com/lists/oss-security/2024/05/27/2", "http://www.openwall.com/lists/oss-security/2024/05/27/3", "http://www.openwall.com/lists/oss-security/2024/05/27/4", "http://www.openwall.com/lists/oss-security/2024/05/27/5", "http://www.openwall.com/lists/oss-security/2024/05/27/6", "http://www.openwall.com/lists/oss-security/2024/07/22/5", "https://access.redhat.com/errata/RHSA-2024:3339", "https://access.redhat.com/security/cve/CVE-2024-2961", "https://bugzilla.redhat.com/2273404", "https://bugzilla.redhat.com/2277202", "https://bugzilla.redhat.com/2277204", "https://bugzilla.redhat.com/2277205", "https://bugzilla.redhat.com/2277206", "https://bugzilla.redhat.com/show_bug.cgi?id=2273404", "https://bugzilla.redhat.com/show_bug.cgi?id=2277202", "https://bugzilla.redhat.com/show_bug.cgi?id=2277204", "https://bugzilla.redhat.com/show_bug.cgi?id=2277205", "https://bugzilla.redhat.com/show_bug.cgi?id=2277206", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602", "https://errata.almalinux.org/9/ALSA-2024-3339.html", "https://errata.rockylinux.org/RLSA-2024:3339", "https://linux.oracle.com/cve/CVE-2024-2961.html", "https://linux.oracle.com/errata/ELSA-2024-3588.html", "https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/", "https://nvd.nist.gov/vuln/detail/CVE-2024-2961", "https://security.netapp.com/advisory/ntap-20240531-0002/", "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004", "https://ubuntu.com/security/notices/USN-6737-1", "https://ubuntu.com/security/notices/USN-6737-2", "https://ubuntu.com/security/notices/USN-6762-1", "https://www.ambionics.io/blog/iconv-cve-2024-2961-p1", "https://www.ambionics.io/blog/iconv-cve-2024-2961-p2", "https://www.ambionics.io/blog/iconv-cve-2024-2961-p3", "https://www.cve.org/CVERecord?id=CVE-2024-2961", "https://www.openwall.com/lists/oss-security/2024/04/17/9" ], "PublishedDate": "2024-04-17T18:15:15.833Z", "LastModifiedDate": "2026-05-12T12:16:34.22Z" }, { "VulnerabilityID": "CVE-2024-33599", "PkgID": "libc-bin@2.31-0ubuntu9.9", "PkgName": "libc-bin", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libc-bin@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", "UID": "e0f705ec068d1f26" }, "InstalledVersion": "2.31-0ubuntu9.9", "FixedVersion": "2.31-0ubuntu9.16", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-33599", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a0e7d6b2813e32d617abe362bd6a5fba363f14cb80e9966d8178c3a1db196b9d", "Title": "glibc: stack-based buffer overflow in netgroup cache", "Description": "nscd: Stack-based buffer overflow in netgroup cache\n\nIf the Name Service Cache Daemon's (nscd) fixed size cache is exhausted\nby client requests then a subsequent client request for netgroup data\nmay result in a stack-based buffer overflow. This flaw was introduced\nin glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.", "Severity": "MEDIUM", "CweIDs": [ "CWE-121" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "V3Score": 7.6 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/07/22/5", "https://access.redhat.com/errata/RHSA-2024:3339", "https://access.redhat.com/security/cve/CVE-2024-33599", "https://bugzilla.redhat.com/2273404", "https://bugzilla.redhat.com/2277202", "https://bugzilla.redhat.com/2277204", "https://bugzilla.redhat.com/2277205", "https://bugzilla.redhat.com/2277206", "https://bugzilla.redhat.com/show_bug.cgi?id=2273404", "https://bugzilla.redhat.com/show_bug.cgi?id=2277202", "https://bugzilla.redhat.com/show_bug.cgi?id=2277204", "https://bugzilla.redhat.com/show_bug.cgi?id=2277205", "https://bugzilla.redhat.com/show_bug.cgi?id=2277206", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602", "https://errata.almalinux.org/9/ALSA-2024-3339.html", "https://errata.rockylinux.org/RLSA-2024:3339", "https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/", "https://linux.oracle.com/cve/CVE-2024-33599.html", "https://linux.oracle.com/errata/ELSA-2024-3588.html", "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-33599", "https://security.netapp.com/advisory/ntap-20240524-0011/", "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0005", "https://ubuntu.com/security/notices/USN-6804-1", "https://www.cve.org/CVERecord?id=CVE-2024-33599", "https://www.openwall.com/lists/oss-security/2024/04/24/2" ], "PublishedDate": "2024-05-06T20:15:11.437Z", "LastModifiedDate": "2026-05-12T12:16:34.477Z" }, { "VulnerabilityID": "CVE-2024-33600", "PkgID": "libc-bin@2.31-0ubuntu9.9", "PkgName": "libc-bin", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libc-bin@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", "UID": "e0f705ec068d1f26" }, "InstalledVersion": "2.31-0ubuntu9.9", "FixedVersion": "2.31-0ubuntu9.16", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-33600", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:efebe046bdb4ad4a453378598d50cc2e9b87f6fd8d5938cae1581dde3532546c", "Title": "glibc: null pointer dereferences after failed netgroup cache insertion", "Description": "nscd: Null pointer crashes after notfound response\n\nIf the Name Service Cache Daemon's (nscd) cache fails to add a not-found\nnetgroup response to the cache, the client request can result in a null\npointer dereference. This flaw was introduced in glibc 2.15 when the\ncache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "cbl-mariner": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/07/22/5", "https://access.redhat.com/errata/RHSA-2024:3339", "https://access.redhat.com/security/cve/CVE-2024-33600", "https://bugzilla.redhat.com/2273404", "https://bugzilla.redhat.com/2277202", "https://bugzilla.redhat.com/2277204", "https://bugzilla.redhat.com/2277205", "https://bugzilla.redhat.com/2277206", "https://bugzilla.redhat.com/show_bug.cgi?id=2273404", "https://bugzilla.redhat.com/show_bug.cgi?id=2277202", "https://bugzilla.redhat.com/show_bug.cgi?id=2277204", "https://bugzilla.redhat.com/show_bug.cgi?id=2277205", "https://bugzilla.redhat.com/show_bug.cgi?id=2277206", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602", "https://errata.almalinux.org/9/ALSA-2024-3339.html", "https://errata.rockylinux.org/RLSA-2024:3339", "https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/", "https://linux.oracle.com/cve/CVE-2024-33600.html", "https://linux.oracle.com/errata/ELSA-2024-3588.html", "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-33600", "https://security.netapp.com/advisory/ntap-20240524-0013/", "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0006", "https://ubuntu.com/security/notices/USN-6804-1", "https://www.cve.org/CVERecord?id=CVE-2024-33600", "https://www.openwall.com/lists/oss-security/2024/04/24/2" ], "PublishedDate": "2024-05-06T20:15:11.523Z", "LastModifiedDate": "2026-05-12T12:16:34.687Z" }, { "VulnerabilityID": "CVE-2024-33601", "PkgID": "libc-bin@2.31-0ubuntu9.9", "PkgName": "libc-bin", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libc-bin@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", "UID": "e0f705ec068d1f26" }, "InstalledVersion": "2.31-0ubuntu9.9", "FixedVersion": "2.31-0ubuntu9.16", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-33601", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3cfa8d003e22285ea0551a5bcce8137199273c64b3b3fc0348bcdab5b2a46dc3", "Title": "glibc: netgroup cache may terminate daemon on memory allocation failure", "Description": "nscd: netgroup cache may terminate daemon on memory allocation failure\n\nThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or\nxrealloc and these functions may terminate the process due to a memory\nallocation failure resulting in a denial of service to the clients. The\nflaw was introduced in glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.", "Severity": "MEDIUM", "CweIDs": [ "CWE-617" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 1, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/07/22/5", "https://access.redhat.com/errata/RHSA-2024:3339", "https://access.redhat.com/security/cve/CVE-2024-33601", "https://bugzilla.redhat.com/2273404", "https://bugzilla.redhat.com/2277202", "https://bugzilla.redhat.com/2277204", "https://bugzilla.redhat.com/2277205", "https://bugzilla.redhat.com/2277206", "https://bugzilla.redhat.com/show_bug.cgi?id=2273404", "https://bugzilla.redhat.com/show_bug.cgi?id=2277202", "https://bugzilla.redhat.com/show_bug.cgi?id=2277204", "https://bugzilla.redhat.com/show_bug.cgi?id=2277205", "https://bugzilla.redhat.com/show_bug.cgi?id=2277206", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602", "https://errata.almalinux.org/9/ALSA-2024-3339.html", "https://errata.rockylinux.org/RLSA-2024:3339", "https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/", "https://linux.oracle.com/cve/CVE-2024-33601.html", "https://linux.oracle.com/errata/ELSA-2024-3588.html", "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-33601", "https://security.netapp.com/advisory/ntap-20240524-0014/", "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007", "https://ubuntu.com/security/notices/USN-6804-1", "https://www.cve.org/CVERecord?id=CVE-2024-33601", "https://www.openwall.com/lists/oss-security/2024/04/24/2" ], "PublishedDate": "2024-05-06T20:15:11.603Z", "LastModifiedDate": "2026-05-12T12:16:34.87Z" }, { "VulnerabilityID": "CVE-2024-33602", "PkgID": "libc-bin@2.31-0ubuntu9.9", "PkgName": "libc-bin", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libc-bin@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", "UID": "e0f705ec068d1f26" }, "InstalledVersion": "2.31-0ubuntu9.9", "FixedVersion": "2.31-0ubuntu9.16", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-33602", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9ae2ecfe27586e7c26fcb978b7d1e9b91cf7a5706c5d50d0d8785cc7da6ed685", "Title": "glibc: netgroup cache assumes NSS callback uses in-buffer strings", "Description": "nscd: netgroup cache assumes NSS callback uses in-buffer strings\n\nThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory\nwhen the NSS callback does not store all strings in the provided buffer.\nThe flaw was introduced in glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.", "Severity": "MEDIUM", "CweIDs": [ "CWE-466" ], "VendorSeverity": { "alma": 3, "amazon": 2, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 1, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/07/22/5", "https://access.redhat.com/errata/RHSA-2024:3339", "https://access.redhat.com/security/cve/CVE-2024-33602", "https://bugzilla.redhat.com/2273404", "https://bugzilla.redhat.com/2277202", "https://bugzilla.redhat.com/2277204", "https://bugzilla.redhat.com/2277205", "https://bugzilla.redhat.com/2277206", "https://bugzilla.redhat.com/show_bug.cgi?id=2273404", "https://bugzilla.redhat.com/show_bug.cgi?id=2277202", "https://bugzilla.redhat.com/show_bug.cgi?id=2277204", "https://bugzilla.redhat.com/show_bug.cgi?id=2277205", "https://bugzilla.redhat.com/show_bug.cgi?id=2277206", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602", "https://errata.almalinux.org/9/ALSA-2024-3339.html", "https://errata.rockylinux.org/RLSA-2024:3339", "https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/", "https://linux.oracle.com/cve/CVE-2024-33602.html", "https://linux.oracle.com/errata/ELSA-2024-3588.html", "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-33602", "https://security.netapp.com/advisory/ntap-20240524-0012/", "https://sourceware.org/bugzilla/show_bug.cgi?id=31680", "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008", "https://ubuntu.com/security/notices/USN-6804-1", "https://www.cve.org/CVERecord?id=CVE-2024-33602", "https://www.openwall.com/lists/oss-security/2024/04/24/2" ], "PublishedDate": "2024-05-06T20:15:11.68Z", "LastModifiedDate": "2026-05-12T12:16:35.07Z" }, { "VulnerabilityID": "CVE-2025-0395", "PkgID": "libc-bin@2.31-0ubuntu9.9", "PkgName": "libc-bin", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libc-bin@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", "UID": "e0f705ec068d1f26" }, "InstalledVersion": "2.31-0ubuntu9.9", "FixedVersion": "2.31-0ubuntu9.17", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-0395", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:85e15b000ca9835a279b8ce1f6891d26a97feaf6cfa9a2811b3badc4bbeaa744", "Title": "glibc: buffer overflow in the GNU C Library's assert()", "Description": "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "Severity": "MEDIUM", "CweIDs": [ "CWE-131" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 1, "cbl-mariner": 1, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/01/22/4", "http://www.openwall.com/lists/oss-security/2025/01/23/2", "http://www.openwall.com/lists/oss-security/2025/04/13/1", "http://www.openwall.com/lists/oss-security/2025/04/24/7", "https://access.redhat.com/errata/RHSA-2025:4244", "https://access.redhat.com/security/cve/CVE-2025-0395", "https://bugzilla.redhat.com/2339460", "https://bugzilla.redhat.com/show_bug.cgi?id=2339460", "https://cert-portal.siemens.com/productcert/html/ssa-398330.html", "https://cert-portal.siemens.com/productcert/html/ssa-577017.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0395", "https://errata.almalinux.org/9/ALSA-2025-4244.html", "https://errata.rockylinux.org/RLSA-2025:4244", "https://linux.oracle.com/cve/CVE-2025-0395.html", "https://linux.oracle.com/errata/ELSA-2025-4244.html", "https://lists.debian.org/debian-lts-announce/2025/04/msg00039.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-0395", "https://security.netapp.com/advisory/ntap-20250228-0006/", "https://sourceware.org/bugzilla/show_bug.cgi?id=32582", "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2025-0001", "https://sourceware.org/pipermail/libc-announce/2025/000044.html", "https://ubuntu.com/security/notices/USN-7259-1", "https://ubuntu.com/security/notices/USN-7259-2", "https://ubuntu.com/security/notices/USN-7259-3", "https://www.cve.org/CVERecord?id=CVE-2025-0395", "https://www.openwall.com/lists/oss-security/2025/01/22/4" ], "PublishedDate": "2025-01-22T13:15:20.933Z", "LastModifiedDate": "2026-05-12T13:16:27.947Z" }, { "VulnerabilityID": "CVE-2025-4802", "PkgID": "libc-bin@2.31-0ubuntu9.9", "PkgName": "libc-bin", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libc-bin@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", "UID": "e0f705ec068d1f26" }, "InstalledVersion": "2.31-0ubuntu9.9", "FixedVersion": "2.31-0ubuntu9.18", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4802", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6382b637e2a5ac61bb24bf8bc5964288d1772cd670d2af4c8cd108aa17f1f7b0", "Title": "glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH", "Description": "Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).", "Severity": "MEDIUM", "CweIDs": [ "CWE-426" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/05/16/7", "http://www.openwall.com/lists/oss-security/2025/05/17/2", "https://access.redhat.com/errata/RHSA-2025:8655", "https://access.redhat.com/security/cve/CVE-2025-4802", "https://bugzilla.redhat.com/2367468", "https://bugzilla.redhat.com/show_bug.cgi?id=2367468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4802", "https://errata.almalinux.org/9/ALSA-2025-8655.html", "https://errata.rockylinux.org/RLSA-2025:8655", "https://inbox.sourceware.org/libc-announce/3ac997b0-28a5-4129-af53-675efe4c2dec@redhat.com/T/#u", "https://linux.oracle.com/cve/CVE-2025-4802.html", "https://linux.oracle.com/errata/ELSA-2025-8686.html", "https://lists.debian.org/debian-lts-announce/2025/05/msg00033.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-4802", "https://sourceware.org/bugzilla/show_bug.cgi?id=32976", "https://sourceware.org/cgit/glibc/commit/?id=1e18586c5820e329f741d5c710275e165581380e", "https://sourceware.org/cgit/glibc/commit/?id=5451fa962cd0a90a0e2ec1d8910a559ace02bba0", "https://ubuntu.com/security/notices/USN-7541-1", "https://www.cve.org/CVERecord?id=CVE-2025-4802", "https://www.openwall.com/lists/oss-security/2025/05/16/7", "https://www.openwall.com/lists/oss-security/2025/05/17/2" ], "PublishedDate": "2025-05-16T20:15:22.28Z", "LastModifiedDate": "2025-11-03T20:19:11.153Z" }, { "VulnerabilityID": "CVE-2024-2961", "PkgID": "libc6@2.31-0ubuntu9.9", "PkgName": "libc6", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libc6@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", "UID": "6938ab7eef7e556c" }, "InstalledVersion": "2.31-0ubuntu9.9", "FixedVersion": "2.31-0ubuntu9.15", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-2961", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a4483c5c905c58cca72650a0ccd0f013b853cc842c0ad49280823a315385b0f8", "Title": "glibc: Out of bounds write in iconv may lead to remote code execution", "Description": "The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/04/17/9", "http://www.openwall.com/lists/oss-security/2024/04/18/4", "http://www.openwall.com/lists/oss-security/2024/04/24/2", "http://www.openwall.com/lists/oss-security/2024/05/27/1", "http://www.openwall.com/lists/oss-security/2024/05/27/2", "http://www.openwall.com/lists/oss-security/2024/05/27/3", "http://www.openwall.com/lists/oss-security/2024/05/27/4", "http://www.openwall.com/lists/oss-security/2024/05/27/5", "http://www.openwall.com/lists/oss-security/2024/05/27/6", "http://www.openwall.com/lists/oss-security/2024/07/22/5", "https://access.redhat.com/errata/RHSA-2024:3339", "https://access.redhat.com/security/cve/CVE-2024-2961", "https://bugzilla.redhat.com/2273404", "https://bugzilla.redhat.com/2277202", "https://bugzilla.redhat.com/2277204", "https://bugzilla.redhat.com/2277205", "https://bugzilla.redhat.com/2277206", "https://bugzilla.redhat.com/show_bug.cgi?id=2273404", "https://bugzilla.redhat.com/show_bug.cgi?id=2277202", "https://bugzilla.redhat.com/show_bug.cgi?id=2277204", "https://bugzilla.redhat.com/show_bug.cgi?id=2277205", "https://bugzilla.redhat.com/show_bug.cgi?id=2277206", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602", "https://errata.almalinux.org/9/ALSA-2024-3339.html", "https://errata.rockylinux.org/RLSA-2024:3339", "https://linux.oracle.com/cve/CVE-2024-2961.html", "https://linux.oracle.com/errata/ELSA-2024-3588.html", "https://lists.debian.org/debian-lts-announce/2024/05/msg00001.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BTJFBGHDYG5PEIFD5WSSSKSFZ2AZWC5N/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3I4KYS6EU6S7QZ47WFNTPVAHFIUQNEL/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YAMJQI3Y6BHWV3CUTYBXOZONCUJNOB2Z/", "https://nvd.nist.gov/vuln/detail/CVE-2024-2961", "https://security.netapp.com/advisory/ntap-20240531-0002/", "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004", "https://ubuntu.com/security/notices/USN-6737-1", "https://ubuntu.com/security/notices/USN-6737-2", "https://ubuntu.com/security/notices/USN-6762-1", "https://www.ambionics.io/blog/iconv-cve-2024-2961-p1", "https://www.ambionics.io/blog/iconv-cve-2024-2961-p2", "https://www.ambionics.io/blog/iconv-cve-2024-2961-p3", "https://www.cve.org/CVERecord?id=CVE-2024-2961", "https://www.openwall.com/lists/oss-security/2024/04/17/9" ], "PublishedDate": "2024-04-17T18:15:15.833Z", "LastModifiedDate": "2026-05-12T12:16:34.22Z" }, { "VulnerabilityID": "CVE-2024-33599", "PkgID": "libc6@2.31-0ubuntu9.9", "PkgName": "libc6", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libc6@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", "UID": "6938ab7eef7e556c" }, "InstalledVersion": "2.31-0ubuntu9.9", "FixedVersion": "2.31-0ubuntu9.16", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-33599", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ba8e58b689de97b9e613def5aff744e895d3fedb00caf73b27f3085b02392a63", "Title": "glibc: stack-based buffer overflow in netgroup cache", "Description": "nscd: Stack-based buffer overflow in netgroup cache\n\nIf the Name Service Cache Daemon's (nscd) fixed size cache is exhausted\nby client requests then a subsequent client request for netgroup data\nmay result in a stack-based buffer overflow. This flaw was introduced\nin glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.", "Severity": "MEDIUM", "CweIDs": [ "CWE-121" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H", "V3Score": 7.6 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/07/22/5", "https://access.redhat.com/errata/RHSA-2024:3339", "https://access.redhat.com/security/cve/CVE-2024-33599", "https://bugzilla.redhat.com/2273404", "https://bugzilla.redhat.com/2277202", "https://bugzilla.redhat.com/2277204", "https://bugzilla.redhat.com/2277205", "https://bugzilla.redhat.com/2277206", "https://bugzilla.redhat.com/show_bug.cgi?id=2273404", "https://bugzilla.redhat.com/show_bug.cgi?id=2277202", "https://bugzilla.redhat.com/show_bug.cgi?id=2277204", "https://bugzilla.redhat.com/show_bug.cgi?id=2277205", "https://bugzilla.redhat.com/show_bug.cgi?id=2277206", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602", "https://errata.almalinux.org/9/ALSA-2024-3339.html", "https://errata.rockylinux.org/RLSA-2024:3339", "https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/", "https://linux.oracle.com/cve/CVE-2024-33599.html", "https://linux.oracle.com/errata/ELSA-2024-3588.html", "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-33599", "https://security.netapp.com/advisory/ntap-20240524-0011/", "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0005", "https://ubuntu.com/security/notices/USN-6804-1", "https://www.cve.org/CVERecord?id=CVE-2024-33599", "https://www.openwall.com/lists/oss-security/2024/04/24/2" ], "PublishedDate": "2024-05-06T20:15:11.437Z", "LastModifiedDate": "2026-05-12T12:16:34.477Z" }, { "VulnerabilityID": "CVE-2024-33600", "PkgID": "libc6@2.31-0ubuntu9.9", "PkgName": "libc6", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libc6@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", "UID": "6938ab7eef7e556c" }, "InstalledVersion": "2.31-0ubuntu9.9", "FixedVersion": "2.31-0ubuntu9.16", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-33600", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:17b234455a979b22bac53ca8114639e70dd26978b4d5e40875069e3441de23aa", "Title": "glibc: null pointer dereferences after failed netgroup cache insertion", "Description": "nscd: Null pointer crashes after notfound response\n\nIf the Name Service Cache Daemon's (nscd) cache fails to add a not-found\nnetgroup response to the cache, the client request can result in a null\npointer dereference. This flaw was introduced in glibc 2.15 when the\ncache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "cbl-mariner": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/07/22/5", "https://access.redhat.com/errata/RHSA-2024:3339", "https://access.redhat.com/security/cve/CVE-2024-33600", "https://bugzilla.redhat.com/2273404", "https://bugzilla.redhat.com/2277202", "https://bugzilla.redhat.com/2277204", "https://bugzilla.redhat.com/2277205", "https://bugzilla.redhat.com/2277206", "https://bugzilla.redhat.com/show_bug.cgi?id=2273404", "https://bugzilla.redhat.com/show_bug.cgi?id=2277202", "https://bugzilla.redhat.com/show_bug.cgi?id=2277204", "https://bugzilla.redhat.com/show_bug.cgi?id=2277205", "https://bugzilla.redhat.com/show_bug.cgi?id=2277206", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602", "https://errata.almalinux.org/9/ALSA-2024-3339.html", "https://errata.rockylinux.org/RLSA-2024:3339", "https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/", "https://linux.oracle.com/cve/CVE-2024-33600.html", "https://linux.oracle.com/errata/ELSA-2024-3588.html", "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-33600", "https://security.netapp.com/advisory/ntap-20240524-0013/", "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0006", "https://ubuntu.com/security/notices/USN-6804-1", "https://www.cve.org/CVERecord?id=CVE-2024-33600", "https://www.openwall.com/lists/oss-security/2024/04/24/2" ], "PublishedDate": "2024-05-06T20:15:11.523Z", "LastModifiedDate": "2026-05-12T12:16:34.687Z" }, { "VulnerabilityID": "CVE-2024-33601", "PkgID": "libc6@2.31-0ubuntu9.9", "PkgName": "libc6", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libc6@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", "UID": "6938ab7eef7e556c" }, "InstalledVersion": "2.31-0ubuntu9.9", "FixedVersion": "2.31-0ubuntu9.16", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-33601", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6f15f413c0efd0602a23f01c4c2cc251ebb66e853063810e34e7667e480a6a0c", "Title": "glibc: netgroup cache may terminate daemon on memory allocation failure", "Description": "nscd: netgroup cache may terminate daemon on memory allocation failure\n\nThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or\nxrealloc and these functions may terminate the process due to a memory\nallocation failure resulting in a denial of service to the clients. The\nflaw was introduced in glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.", "Severity": "MEDIUM", "CweIDs": [ "CWE-617" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 1, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/07/22/5", "https://access.redhat.com/errata/RHSA-2024:3339", "https://access.redhat.com/security/cve/CVE-2024-33601", "https://bugzilla.redhat.com/2273404", "https://bugzilla.redhat.com/2277202", "https://bugzilla.redhat.com/2277204", "https://bugzilla.redhat.com/2277205", "https://bugzilla.redhat.com/2277206", "https://bugzilla.redhat.com/show_bug.cgi?id=2273404", "https://bugzilla.redhat.com/show_bug.cgi?id=2277202", "https://bugzilla.redhat.com/show_bug.cgi?id=2277204", "https://bugzilla.redhat.com/show_bug.cgi?id=2277205", "https://bugzilla.redhat.com/show_bug.cgi?id=2277206", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602", "https://errata.almalinux.org/9/ALSA-2024-3339.html", "https://errata.rockylinux.org/RLSA-2024:3339", "https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/", "https://linux.oracle.com/cve/CVE-2024-33601.html", "https://linux.oracle.com/errata/ELSA-2024-3588.html", "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-33601", "https://security.netapp.com/advisory/ntap-20240524-0014/", "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007", "https://ubuntu.com/security/notices/USN-6804-1", "https://www.cve.org/CVERecord?id=CVE-2024-33601", "https://www.openwall.com/lists/oss-security/2024/04/24/2" ], "PublishedDate": "2024-05-06T20:15:11.603Z", "LastModifiedDate": "2026-05-12T12:16:34.87Z" }, { "VulnerabilityID": "CVE-2024-33602", "PkgID": "libc6@2.31-0ubuntu9.9", "PkgName": "libc6", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libc6@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", "UID": "6938ab7eef7e556c" }, "InstalledVersion": "2.31-0ubuntu9.9", "FixedVersion": "2.31-0ubuntu9.16", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-33602", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a36507878d8eebf931b3feaa4fa907fc7f18bd0aadec0f0cef7247a2c3267333", "Title": "glibc: netgroup cache assumes NSS callback uses in-buffer strings", "Description": "nscd: netgroup cache assumes NSS callback uses in-buffer strings\n\nThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory\nwhen the NSS callback does not store all strings in the provided buffer.\nThe flaw was introduced in glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.", "Severity": "MEDIUM", "CweIDs": [ "CWE-466" ], "VendorSeverity": { "alma": 3, "amazon": 2, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 1, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/07/22/5", "https://access.redhat.com/errata/RHSA-2024:3339", "https://access.redhat.com/security/cve/CVE-2024-33602", "https://bugzilla.redhat.com/2273404", "https://bugzilla.redhat.com/2277202", "https://bugzilla.redhat.com/2277204", "https://bugzilla.redhat.com/2277205", "https://bugzilla.redhat.com/2277206", "https://bugzilla.redhat.com/show_bug.cgi?id=2273404", "https://bugzilla.redhat.com/show_bug.cgi?id=2277202", "https://bugzilla.redhat.com/show_bug.cgi?id=2277204", "https://bugzilla.redhat.com/show_bug.cgi?id=2277205", "https://bugzilla.redhat.com/show_bug.cgi?id=2277206", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602", "https://errata.almalinux.org/9/ALSA-2024-3339.html", "https://errata.rockylinux.org/RLSA-2024:3339", "https://inbox.sourceware.org/libc-alpha/cover.1713974801.git.fweimer@redhat.com/", "https://linux.oracle.com/cve/CVE-2024-33602.html", "https://linux.oracle.com/errata/ELSA-2024-3588.html", "https://lists.debian.org/debian-lts-announce/2024/06/msg00026.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-33602", "https://security.netapp.com/advisory/ntap-20240524-0012/", "https://sourceware.org/bugzilla/show_bug.cgi?id=31680", "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008", "https://ubuntu.com/security/notices/USN-6804-1", "https://www.cve.org/CVERecord?id=CVE-2024-33602", "https://www.openwall.com/lists/oss-security/2024/04/24/2" ], "PublishedDate": "2024-05-06T20:15:11.68Z", "LastModifiedDate": "2026-05-12T12:16:35.07Z" }, { "VulnerabilityID": "CVE-2025-0395", "PkgID": "libc6@2.31-0ubuntu9.9", "PkgName": "libc6", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libc6@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", "UID": "6938ab7eef7e556c" }, "InstalledVersion": "2.31-0ubuntu9.9", "FixedVersion": "2.31-0ubuntu9.17", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-0395", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:25646668e82b3be8e55b17cceaf3d35499ed8da2c4075e14cbaa3e1dbf758b35", "Title": "glibc: buffer overflow in the GNU C Library's assert()", "Description": "When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.", "Severity": "MEDIUM", "CweIDs": [ "CWE-131" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 1, "cbl-mariner": 1, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/01/22/4", "http://www.openwall.com/lists/oss-security/2025/01/23/2", "http://www.openwall.com/lists/oss-security/2025/04/13/1", "http://www.openwall.com/lists/oss-security/2025/04/24/7", "https://access.redhat.com/errata/RHSA-2025:4244", "https://access.redhat.com/security/cve/CVE-2025-0395", "https://bugzilla.redhat.com/2339460", "https://bugzilla.redhat.com/show_bug.cgi?id=2339460", "https://cert-portal.siemens.com/productcert/html/ssa-398330.html", "https://cert-portal.siemens.com/productcert/html/ssa-577017.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0395", "https://errata.almalinux.org/9/ALSA-2025-4244.html", "https://errata.rockylinux.org/RLSA-2025:4244", "https://linux.oracle.com/cve/CVE-2025-0395.html", "https://linux.oracle.com/errata/ELSA-2025-4244.html", "https://lists.debian.org/debian-lts-announce/2025/04/msg00039.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-0395", "https://security.netapp.com/advisory/ntap-20250228-0006/", "https://sourceware.org/bugzilla/show_bug.cgi?id=32582", "https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2025-0001", "https://sourceware.org/pipermail/libc-announce/2025/000044.html", "https://ubuntu.com/security/notices/USN-7259-1", "https://ubuntu.com/security/notices/USN-7259-2", "https://ubuntu.com/security/notices/USN-7259-3", "https://www.cve.org/CVERecord?id=CVE-2025-0395", "https://www.openwall.com/lists/oss-security/2025/01/22/4" ], "PublishedDate": "2025-01-22T13:15:20.933Z", "LastModifiedDate": "2026-05-12T13:16:27.947Z" }, { "VulnerabilityID": "CVE-2025-4802", "PkgID": "libc6@2.31-0ubuntu9.9", "PkgName": "libc6", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libc6@2.31-0ubuntu9.9?arch=amd64\u0026distro=ubuntu-20.04", "UID": "6938ab7eef7e556c" }, "InstalledVersion": "2.31-0ubuntu9.9", "FixedVersion": "2.31-0ubuntu9.18", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4802", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:04a137b9e7256443c0e3870e0e442da747c4cb0130e5a4d342fbe5c3935667c1", "Title": "glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH", "Description": "Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).", "Severity": "MEDIUM", "CweIDs": [ "CWE-426" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/05/16/7", "http://www.openwall.com/lists/oss-security/2025/05/17/2", "https://access.redhat.com/errata/RHSA-2025:8655", "https://access.redhat.com/security/cve/CVE-2025-4802", "https://bugzilla.redhat.com/2367468", "https://bugzilla.redhat.com/show_bug.cgi?id=2367468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4802", "https://errata.almalinux.org/9/ALSA-2025-8655.html", "https://errata.rockylinux.org/RLSA-2025:8655", "https://inbox.sourceware.org/libc-announce/3ac997b0-28a5-4129-af53-675efe4c2dec@redhat.com/T/#u", "https://linux.oracle.com/cve/CVE-2025-4802.html", "https://linux.oracle.com/errata/ELSA-2025-8686.html", "https://lists.debian.org/debian-lts-announce/2025/05/msg00033.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-4802", "https://sourceware.org/bugzilla/show_bug.cgi?id=32976", "https://sourceware.org/cgit/glibc/commit/?id=1e18586c5820e329f741d5c710275e165581380e", "https://sourceware.org/cgit/glibc/commit/?id=5451fa962cd0a90a0e2ec1d8910a559ace02bba0", "https://ubuntu.com/security/notices/USN-7541-1", "https://www.cve.org/CVERecord?id=CVE-2025-4802", "https://www.openwall.com/lists/oss-security/2025/05/16/7", "https://www.openwall.com/lists/oss-security/2025/05/17/2" ], "PublishedDate": "2025-05-16T20:15:22.28Z", "LastModifiedDate": "2025-11-03T20:19:11.153Z" }, { "VulnerabilityID": "CVE-2023-2603", "PkgID": "libcap2@1:2.32-1", "PkgName": "libcap2", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libcap2@2.32-1?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "f3ac8127b4642fab" }, "InstalledVersion": "1:2.32-1", "FixedVersion": "1:2.32-1ubuntu0.1", "Status": "fixed", "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2603", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1b3dac737ee463f4476c95ca96f0adfdebc0dbd9971dd2cb4a9d2bbaf607d5aa", "Title": "libcap: Integer Overflow in _libcap_strdup()", "Description": "A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "alma": 2, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:5071", "https://access.redhat.com/security/cve/CVE-2023-2603", "https://bugzilla.redhat.com/2209113", "https://bugzilla.redhat.com/2209114", "https://bugzilla.redhat.com/show_bug.cgi?id=2209113", "https://bugzilla.redhat.com/show_bug.cgi?id=2209114", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2602", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2603", "https://errata.almalinux.org/9/ALSA-2023-5071.html", "https://errata.rockylinux.org/RLSA-2023:4524", "https://linux.oracle.com/cve/CVE-2023-2603.html", "https://linux.oracle.com/errata/ELSA-2023-5071.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ57ICDLMVYEREXQGZWL4GWI7FRJCRQT/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPEGCFMCN5KGCFX5Y2VTKR732TTD4ADW/", "https://nvd.nist.gov/vuln/detail/CVE-2023-2603", "https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.iuvg7sbjg8pe", "https://ubuntu.com/security/notices/USN-6166-1", "https://ubuntu.com/security/notices/USN-6166-2", "https://www.cve.org/CVERecord?id=CVE-2023-2603", "https://www.openwall.com/lists/oss-security/2023/05/15/4", "https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf" ], "PublishedDate": "2023-06-06T20:15:13.187Z", "LastModifiedDate": "2025-12-02T21:15:51.163Z" }, { "VulnerabilityID": "CVE-2025-1390", "PkgID": "libcap2@1:2.32-1", "PkgName": "libcap2", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libcap2@2.32-1?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "f3ac8127b4642fab" }, "InstalledVersion": "1:2.32-1", "FixedVersion": "1:2.32-1ubuntu0.2", "Status": "fixed", "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1390", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8446c0d98f147a632b0f8b18c4ff9c0e714945af931829fbb2754df903a5152b", "Title": "libcap: pam_cap: Fix potential configuration parsing error", "Description": "The PAM module pam_cap.so of libcap configuration supports group names starting with “@”, during actual parsing, configurations not starting with “@” are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potentially leading to security risks. Attackers can exploit this vulnerability to achieve local privilege escalation on systems where /etc/security/capability.conf is used to configure user inherited privileges by constructing specific usernames.", "Severity": "MEDIUM", "CweIDs": [ "CWE-284" ], "VendorSeverity": { "amazon": 3, "azure": 2, "cbl-mariner": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1390", "https://bugzilla.openanolis.cn/show_bug.cgi?id=18804", "https://nvd.nist.gov/vuln/detail/CVE-2025-1390", "https://ubuntu.com/security/notices/USN-7287-1", "https://www.cve.org/CVERecord?id=CVE-2025-1390" ], "PublishedDate": "2025-02-18T03:15:10.447Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2023-2603", "PkgID": "libcap2-bin@1:2.32-1", "PkgName": "libcap2-bin", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libcap2-bin@2.32-1?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "e90e2456a8d78be" }, "InstalledVersion": "1:2.32-1", "FixedVersion": "1:2.32-1ubuntu0.1", "Status": "fixed", "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2603", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:50cf6604bf4a3ad601aff7496250206abf136607ce27b2daadd7ab0171d8e185", "Title": "libcap: Integer Overflow in _libcap_strdup()", "Description": "A vulnerability was found in libcap. This issue occurs in the _libcap_strdup() function and can lead to an integer overflow if the input string is close to 4GiB.", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "alma": 2, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:5071", "https://access.redhat.com/security/cve/CVE-2023-2603", "https://bugzilla.redhat.com/2209113", "https://bugzilla.redhat.com/2209114", "https://bugzilla.redhat.com/show_bug.cgi?id=2209113", "https://bugzilla.redhat.com/show_bug.cgi?id=2209114", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2602", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2603", "https://errata.almalinux.org/9/ALSA-2023-5071.html", "https://errata.rockylinux.org/RLSA-2023:4524", "https://linux.oracle.com/cve/CVE-2023-2603.html", "https://linux.oracle.com/errata/ELSA-2023-5071.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZ57ICDLMVYEREXQGZWL4GWI7FRJCRQT/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IPEGCFMCN5KGCFX5Y2VTKR732TTD4ADW/", "https://nvd.nist.gov/vuln/detail/CVE-2023-2603", "https://sites.google.com/site/fullycapable/release-notes-for-libcap#h.iuvg7sbjg8pe", "https://ubuntu.com/security/notices/USN-6166-1", "https://ubuntu.com/security/notices/USN-6166-2", "https://www.cve.org/CVERecord?id=CVE-2023-2603", "https://www.openwall.com/lists/oss-security/2023/05/15/4", "https://www.x41-dsec.de/static/reports/X41-libcap-Code-Review-2023-OSTIF-Final-Report.pdf" ], "PublishedDate": "2023-06-06T20:15:13.187Z", "LastModifiedDate": "2025-12-02T21:15:51.163Z" }, { "VulnerabilityID": "CVE-2025-1390", "PkgID": "libcap2-bin@1:2.32-1", "PkgName": "libcap2-bin", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libcap2-bin@2.32-1?arch=amd64\u0026distro=ubuntu-20.04\u0026epoch=1", "UID": "e90e2456a8d78be" }, "InstalledVersion": "1:2.32-1", "FixedVersion": "1:2.32-1ubuntu0.2", "Status": "fixed", "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1390", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1ec65cfbf2954b014fdbb47ced333986079f68d2aeffbb65570e6fc58963eee9", "Title": "libcap: pam_cap: Fix potential configuration parsing error", "Description": "The PAM module pam_cap.so of libcap configuration supports group names starting with “@”, during actual parsing, configurations not starting with “@” are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potentially leading to security risks. Attackers can exploit this vulnerability to achieve local privilege escalation on systems where /etc/security/capability.conf is used to configure user inherited privileges by constructing specific usernames.", "Severity": "MEDIUM", "CweIDs": [ "CWE-284" ], "VendorSeverity": { "amazon": 3, "azure": 2, "cbl-mariner": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-1390", "https://bugzilla.openanolis.cn/show_bug.cgi?id=18804", "https://nvd.nist.gov/vuln/detail/CVE-2025-1390", "https://ubuntu.com/security/notices/USN-7287-1", "https://www.cve.org/CVERecord?id=CVE-2025-1390" ], "PublishedDate": "2025-02-18T03:15:10.447Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2020-21047", "PkgID": "libelf1@0.176-1.1build1", "PkgName": "libelf1", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libelf1@0.176-1.1build1?arch=amd64\u0026distro=ubuntu-20.04", "UID": "a3374c93655a9823" }, "InstalledVersion": "0.176-1.1build1", "FixedVersion": "0.176-1.1ubuntu0.1", "Status": "fixed", "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-21047", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:54a621d5128ff9d0541636414038349a61eb16b968995815f3d016300795e2b3", "Title": "The libcpu component which is used by libasm of elfutils version 0.177 ...", "Description": "The libcpu component which is used by libasm of elfutils version 0.177 (git 47780c9e), suffers from denial-of-service vulnerability caused by application crashes due to out-of-bounds write (CWE-787), off-by-one error (CWE-193) and reachable assertion (CWE-617); to exploit the vulnerability, the attackers need to craft certain ELF files which bypass the missing bound checks.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "amazon": 2, "nvd": 2, "photon": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://lists.debian.org/debian-lts-announce/2023/09/msg00026.html", "https://sourceware.org/bugzilla/show_bug.cgi?id=25068", "https://sourceware.org/git/?p=elfutils.git%3Ba=commitdiff%3Bh=99dc63b10b3878616b85df2dfd2e4e7103e414b8", "https://sourceware.org/git/?p=elfutils.git;a=commitdiff;h=99dc63b10b3878616b85df2dfd2e4e7103e414b8", "https://ubuntu.com/security/notices/USN-6322-1", "https://www.cve.org/CVERecord?id=CVE-2020-21047" ], "PublishedDate": "2023-08-22T19:16:09.657Z", "LastModifiedDate": "2024-11-21T05:12:23.31Z" }, { "VulnerabilityID": "CVE-2024-28085", "PkgID": "libfdisk1@2.34-0.1ubuntu9.3", "PkgName": "libfdisk1", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libfdisk1@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "d7ae8926642fd1bc" }, "InstalledVersion": "2.34-0.1ubuntu9.3", "FixedVersion": "2.34-0.1ubuntu9.6", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28085", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ca592a8a34aed4eef0e38e48edfed53d50f668db29c82e2e9cea90241071fe89", "Title": "util-linux: CVE-2024-28085: wall: escape sequence injection", "Description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "Severity": "MEDIUM", "CweIDs": [ "CWE-150" ], "VendorSeverity": { "azure": 1, "cbl-mariner": 1, "photon": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.4 } }, "References": [ "http://seclists.org/fulldisclosure/2024/Mar/35", "http://www.openwall.com/lists/oss-security/2024/03/27/5", "http://www.openwall.com/lists/oss-security/2024/03/27/6", "http://www.openwall.com/lists/oss-security/2024/03/27/7", "http://www.openwall.com/lists/oss-security/2024/03/27/8", "http://www.openwall.com/lists/oss-security/2024/03/27/9", "http://www.openwall.com/lists/oss-security/2024/03/28/1", "http://www.openwall.com/lists/oss-security/2024/03/28/2", "http://www.openwall.com/lists/oss-security/2024/03/28/3", "https://access.redhat.com/security/cve/CVE-2024-28085", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-202008.html", "https://github.com/skyler-ferrante/CVE-2024-28085", "https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq", "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", "https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/", "https://nvd.nist.gov/vuln/detail/CVE-2024-28085", "https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt", "https://security.netapp.com/advisory/ntap-20240531-0003/", "https://ubuntu.com/security/notices/USN-6719-1", "https://ubuntu.com/security/notices/USN-6719-2", "https://www.cve.org/CVERecord?id=CVE-2024-28085", "https://www.openwall.com/lists/oss-security/2024/03/27/5" ], "PublishedDate": "2024-03-27T19:15:48.367Z", "LastModifiedDate": "2026-05-12T12:16:33.7Z" }, { "VulnerabilityID": "CVE-2023-5981", "PkgID": "libgnutls30@3.6.13-2ubuntu1.8", "PkgName": "libgnutls30", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libgnutls30@3.6.13-2ubuntu1.8?arch=amd64\u0026distro=ubuntu-20.04", "UID": "601976e667e60bf5" }, "InstalledVersion": "3.6.13-2ubuntu1.8", "FixedVersion": "3.6.13-2ubuntu1.9", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-5981", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:b7a5bdd6870d925e64b2a011129e45d04c0d9b4aaa99ac8fadabdc1f39ce4e4d", "Title": "gnutls: timing side-channel in the RSA-PSK authentication", "Description": "A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.", "Severity": "MEDIUM", "CweIDs": [ "CWE-208", "CWE-203" ], "VendorSeverity": { "alma": 2, "amazon": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/01/19/3", "https://access.redhat.com/errata/RHSA-2024:0155", "https://access.redhat.com/errata/RHSA-2024:0319", "https://access.redhat.com/errata/RHSA-2024:0399", "https://access.redhat.com/errata/RHSA-2024:0451", "https://access.redhat.com/errata/RHSA-2024:0533", "https://access.redhat.com/errata/RHSA-2024:1383", "https://access.redhat.com/errata/RHSA-2024:2094", "https://access.redhat.com/security/cve/CVE-2023-5981", "https://bugzilla.redhat.com/2248445", "https://bugzilla.redhat.com/2258412", "https://bugzilla.redhat.com/2258544", "https://bugzilla.redhat.com/show_bug.cgi?id=2248445", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5981", "https://errata.almalinux.org/9/ALSA-2024-0533.html", "https://errata.rockylinux.org/RLSA-2024:0155", "https://gnutls.org/security-new.html#GNUTLS-SA-2023-10-23", "https://linux.oracle.com/cve/CVE-2023-5981.html", "https://linux.oracle.com/errata/ELSA-2024-12336.html", "https://lists.debian.org/debian-lts-announce/2023/11/msg00016.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/", "https://lists.gnupg.org/pipermail/gnutls-help/2023-November/004837.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-5981", "https://ubuntu.com/security/notices/USN-6499-1", "https://ubuntu.com/security/notices/USN-6499-2", "https://www.cve.org/CVERecord?id=CVE-2023-5981" ], "PublishedDate": "2023-11-28T12:15:07.04Z", "LastModifiedDate": "2026-03-25T20:01:09.507Z" }, { "VulnerabilityID": "CVE-2024-0553", "PkgID": "libgnutls30@3.6.13-2ubuntu1.8", "PkgName": "libgnutls30", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libgnutls30@3.6.13-2ubuntu1.8?arch=amd64\u0026distro=ubuntu-20.04", "UID": "601976e667e60bf5" }, "InstalledVersion": "3.6.13-2ubuntu1.8", "FixedVersion": "3.6.13-2ubuntu1.10", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-0553", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1df6c7342f33be1d73a447e14069958ed1c973b417b3d949fe608e486ab9453f", "Title": "gnutls: incomplete fix for CVE-2023-5981", "Description": "A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.", "Severity": "MEDIUM", "CweIDs": [ "CWE-203" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/01/19/3", "https://access.redhat.com/errata/RHSA-2024:0533", "https://access.redhat.com/errata/RHSA-2024:0627", "https://access.redhat.com/errata/RHSA-2024:0796", "https://access.redhat.com/errata/RHSA-2024:1082", "https://access.redhat.com/errata/RHSA-2024:1108", "https://access.redhat.com/errata/RHSA-2024:1383", "https://access.redhat.com/errata/RHSA-2024:2094", "https://access.redhat.com/security/cve/CVE-2024-0553", "https://bugzilla.redhat.com/2248445", "https://bugzilla.redhat.com/2258412", "https://bugzilla.redhat.com/2258544", "https://bugzilla.redhat.com/show_bug.cgi?id=2258412", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0553", "https://errata.almalinux.org/9/ALSA-2024-0533.html", "https://errata.rockylinux.org/RLSA-2024:0627", "https://gitlab.com/gnutls/gnutls/-/issues/1522", "https://gnutls.org/security-new.html#GNUTLS-SA-2024-01-14", "https://linux.oracle.com/cve/CVE-2024-0553.html", "https://linux.oracle.com/errata/ELSA-2024-12336.html", "https://lists.debian.org/debian-lts-announce/2024/02/msg00010.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/", "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-0553", "https://security.netapp.com/advisory/ntap-20240202-0011/", "https://ubuntu.com/security/notices/USN-6593-1", "https://www.cve.org/CVERecord?id=CVE-2024-0553" ], "PublishedDate": "2024-01-16T12:15:45.557Z", "LastModifiedDate": "2026-03-24T12:16:10.683Z" }, { "VulnerabilityID": "CVE-2024-12243", "PkgID": "libgnutls30@3.6.13-2ubuntu1.8", "PkgName": "libgnutls30", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libgnutls30@3.6.13-2ubuntu1.8?arch=amd64\u0026distro=ubuntu-20.04", "UID": "601976e667e60bf5" }, "InstalledVersion": "3.6.13-2ubuntu1.8", "FixedVersion": "3.6.13-2ubuntu1.12", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-12243", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:053a1bc135949797afd708491f67c8f9481bf892687df14212de00002f053e38", "Title": "gnutls: GnuTLS Impacted by Inefficient DER Decoding in libtasn1 Leading to Remote DoS", "Description": "A flaw was found in GnuTLS, which relies on libtasn1 for ASN.1 data processing. Due to an inefficient algorithm in libtasn1, decoding certain DER-encoded certificate data can take excessive time, leading to increased resource consumption. This flaw allows a remote attacker to send a specially crafted certificate, causing GnuTLS to become unresponsive or slow, resulting in a denial-of-service condition.", "Severity": "MEDIUM", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:17361", "https://access.redhat.com/errata/RHSA-2025:4051", "https://access.redhat.com/errata/RHSA-2025:7076", "https://access.redhat.com/errata/RHSA-2025:8020", "https://access.redhat.com/errata/RHSA-2025:8385", "https://access.redhat.com/security/cve/CVE-2024-12243", "https://bugzilla.redhat.com/2344615", "https://bugzilla.redhat.com/show_bug.cgi?id=2344615", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-202008.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12243", "https://errata.almalinux.org/9/ALSA-2025-7076.html", "https://errata.rockylinux.org/RLSA-2025:7076", "https://gitlab.com/gnutls/gnutls/-/issues/1553", "https://gitlab.com/gnutls/libtasn1/-/issues/52", "https://linux.oracle.com/cve/CVE-2024-12243.html", "https://linux.oracle.com/errata/ELSA-2025-7076.html", "https://lists.debian.org/debian-lts-announce/2025/02/msg00027.html", "https://lists.gnupg.org/pipermail/gnutls-help/2025-February/004875.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-12243", "https://security.netapp.com/advisory/ntap-20250523-0002/", "https://ubuntu.com/security/notices/USN-7281-1", "https://www.cve.org/CVERecord?id=CVE-2024-12243", "https://www.gnutls.org/security-new.html#GNUTLS-SA-2025-02-07" ], "PublishedDate": "2025-02-10T16:15:37.423Z", "LastModifiedDate": "2026-05-12T12:16:17.007Z" }, { "VulnerabilityID": "CVE-2024-28834", "PkgID": "libgnutls30@3.6.13-2ubuntu1.8", "PkgName": "libgnutls30", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libgnutls30@3.6.13-2ubuntu1.8?arch=amd64\u0026distro=ubuntu-20.04", "UID": "601976e667e60bf5" }, "InstalledVersion": "3.6.13-2ubuntu1.8", "FixedVersion": "3.6.13-2ubuntu1.11", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28834", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ad1200dea4e8c648e5db545bbfd27658dc9ab16f6305f99f949ec7463cf05ad7", "Title": "gnutls: vulnerable to Minerva side-channel information leak", "Description": "A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.", "Severity": "MEDIUM", "CweIDs": [ "CWE-327" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/22/1", "http://www.openwall.com/lists/oss-security/2024/03/22/2", "https://access.redhat.com/errata/RHSA-2024:1784", "https://access.redhat.com/errata/RHSA-2024:1879", "https://access.redhat.com/errata/RHSA-2024:1997", "https://access.redhat.com/errata/RHSA-2024:2044", "https://access.redhat.com/errata/RHSA-2024:2570", "https://access.redhat.com/errata/RHSA-2024:2889", "https://access.redhat.com/security/cve/CVE-2024-28834", "https://bugzilla.redhat.com/2269084", "https://bugzilla.redhat.com/2269228", "https://bugzilla.redhat.com/show_bug.cgi?id=2269084", "https://bugzilla.redhat.com/show_bug.cgi?id=2269228", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28834", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28835", "https://errata.almalinux.org/9/ALSA-2024-2570.html", "https://errata.rockylinux.org/RLSA-2024:2570", "https://linux.oracle.com/cve/CVE-2024-28834.html", "https://linux.oracle.com/errata/ELSA-2024-2570.html", "https://lists.debian.org/debian-lts-announce/2024/09/msg00019.html", "https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html", "https://minerva.crocs.fi.muni.cz/", "https://nvd.nist.gov/vuln/detail/CVE-2024-28834", "https://people.redhat.com/~hkario/marvin/", "https://security.netapp.com/advisory/ntap-20240524-0004/", "https://ubuntu.com/security/notices/USN-6733-1", "https://ubuntu.com/security/notices/USN-6733-2", "https://www.cve.org/CVERecord?id=CVE-2024-28834", "https://www.gnutls.org/security-new.html#GNUTLS-SA-2023-12-04" ], "PublishedDate": "2024-03-21T14:15:07.547Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-28085", "PkgID": "libmount1@2.34-0.1ubuntu9.3", "PkgName": "libmount1", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libmount1@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "149aad062a67d915" }, "InstalledVersion": "2.34-0.1ubuntu9.3", "FixedVersion": "2.34-0.1ubuntu9.6", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28085", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d58cd328ba4a3a8620b7b3c682a503228a03967b24d01d65c1d2a1f183919ecd", "Title": "util-linux: CVE-2024-28085: wall: escape sequence injection", "Description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "Severity": "MEDIUM", "CweIDs": [ "CWE-150" ], "VendorSeverity": { "azure": 1, "cbl-mariner": 1, "photon": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.4 } }, "References": [ "http://seclists.org/fulldisclosure/2024/Mar/35", "http://www.openwall.com/lists/oss-security/2024/03/27/5", "http://www.openwall.com/lists/oss-security/2024/03/27/6", "http://www.openwall.com/lists/oss-security/2024/03/27/7", "http://www.openwall.com/lists/oss-security/2024/03/27/8", "http://www.openwall.com/lists/oss-security/2024/03/27/9", "http://www.openwall.com/lists/oss-security/2024/03/28/1", "http://www.openwall.com/lists/oss-security/2024/03/28/2", "http://www.openwall.com/lists/oss-security/2024/03/28/3", "https://access.redhat.com/security/cve/CVE-2024-28085", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-202008.html", "https://github.com/skyler-ferrante/CVE-2024-28085", "https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq", "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", "https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/", "https://nvd.nist.gov/vuln/detail/CVE-2024-28085", "https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt", "https://security.netapp.com/advisory/ntap-20240531-0003/", "https://ubuntu.com/security/notices/USN-6719-1", "https://ubuntu.com/security/notices/USN-6719-2", "https://www.cve.org/CVERecord?id=CVE-2024-28085", "https://www.openwall.com/lists/oss-security/2024/03/27/5" ], "PublishedDate": "2024-03-27T19:15:48.367Z", "LastModifiedDate": "2026-05-12T12:16:33.7Z" }, { "VulnerabilityID": "CVE-2023-29491", "PkgID": "libncurses6@6.2-0ubuntu2", "PkgName": "libncurses6", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libncurses6@6.2-0ubuntu2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "daf9ae3f810ae3f0" }, "InstalledVersion": "6.2-0ubuntu2", "FixedVersion": "6.2-0ubuntu2.1", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29491", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c17ef77e3337af3e0c82132a6e10585d996ce4ebaa3abdac8b912046b6e1a383", "Title": "ncurses: Local users can trigger security-relevant memory corruption via malformed data", "Description": "ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://ncurses.scripts.mit.edu/?p=ncurses.git%3Ba=commit%3Bh=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", "http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commit;h=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", "http://www.openwall.com/lists/oss-security/2023/04/19/10", "http://www.openwall.com/lists/oss-security/2023/04/19/11", "https://access.redhat.com/errata/RHSA-2023:6698", "https://access.redhat.com/security/cve/CVE-2023-29491", "https://bugzilla.redhat.com/2191704", "https://errata.almalinux.org/9/ALSA-2023-6698.html", "https://invisible-island.net/ncurses/NEWS.html#index-t20230408", "https://linux.oracle.com/cve/CVE-2023-29491.html", "https://linux.oracle.com/errata/ELSA-2023-6698.html", "https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", "https://nvd.nist.gov/vuln/detail/CVE-2023-29491", "https://security.netapp.com/advisory/ntap-20230517-0009/", "https://support.apple.com/kb/HT213843", "https://support.apple.com/kb/HT213844", "https://support.apple.com/kb/HT213845", "https://ubuntu.com/security/notices/USN-6099-1", "https://www.cve.org/CVERecord?id=CVE-2023-29491", "https://www.openwall.com/lists/oss-security/2023/04/12/5", "https://www.openwall.com/lists/oss-security/2023/04/13/4" ], "PublishedDate": "2023-04-14T01:15:08.57Z", "LastModifiedDate": "2025-11-04T19:15:42.307Z" }, { "VulnerabilityID": "CVE-2023-29491", "PkgID": "libncursesw6@6.2-0ubuntu2", "PkgName": "libncursesw6", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libncursesw6@6.2-0ubuntu2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "dca50c9cdd5fdd35" }, "InstalledVersion": "6.2-0ubuntu2", "FixedVersion": "6.2-0ubuntu2.1", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29491", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:300f996cb37a8b19355d852145b2afc1698895332f75bfb67a4ff9f41e7e4a70", "Title": "ncurses: Local users can trigger security-relevant memory corruption via malformed data", "Description": "ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://ncurses.scripts.mit.edu/?p=ncurses.git%3Ba=commit%3Bh=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", "http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commit;h=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", "http://www.openwall.com/lists/oss-security/2023/04/19/10", "http://www.openwall.com/lists/oss-security/2023/04/19/11", "https://access.redhat.com/errata/RHSA-2023:6698", "https://access.redhat.com/security/cve/CVE-2023-29491", "https://bugzilla.redhat.com/2191704", "https://errata.almalinux.org/9/ALSA-2023-6698.html", "https://invisible-island.net/ncurses/NEWS.html#index-t20230408", "https://linux.oracle.com/cve/CVE-2023-29491.html", "https://linux.oracle.com/errata/ELSA-2023-6698.html", "https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", "https://nvd.nist.gov/vuln/detail/CVE-2023-29491", "https://security.netapp.com/advisory/ntap-20230517-0009/", "https://support.apple.com/kb/HT213843", "https://support.apple.com/kb/HT213844", "https://support.apple.com/kb/HT213845", "https://ubuntu.com/security/notices/USN-6099-1", "https://www.cve.org/CVERecord?id=CVE-2023-29491", "https://www.openwall.com/lists/oss-security/2023/04/12/5", "https://www.openwall.com/lists/oss-security/2023/04/13/4" ], "PublishedDate": "2023-04-14T01:15:08.57Z", "LastModifiedDate": "2025-11-04T19:15:42.307Z" }, { "VulnerabilityID": "CVE-2024-22365", "PkgID": "libpam-modules@1.3.1-5ubuntu4.6", "PkgName": "libpam-modules", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libpam-modules@1.3.1-5ubuntu4.6?arch=amd64\u0026distro=ubuntu-20.04", "UID": "8238c76ab6208fd" }, "InstalledVersion": "1.3.1-5ubuntu4.6", "FixedVersion": "1.3.1-5ubuntu4.7", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-22365", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a03f2ae9a99b374e08cc99118b1f0a1db05124c307c5e0c4fd5522304a1d61db", "Title": "pam: allowing unprivileged user to block another user namespace", "Description": "linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.", "Severity": "MEDIUM", "CweIDs": [ "CWE-664" ], "VendorSeverity": { "alma": 2, "amazon": 1, "azure": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/01/18/3", "https://access.redhat.com/errata/RHSA-2024:2438", "https://access.redhat.com/security/cve/CVE-2024-22365", "https://bugzilla.redhat.com/2257722", "https://bugzilla.redhat.com/show_bug.cgi?id=2257722", "https://cert-portal.siemens.com/productcert/html/ssa-577017.html", "https://cert-portal.siemens.com/productcert/html/ssa-794697.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22365", "https://errata.almalinux.org/9/ALSA-2024-2438.html", "https://errata.rockylinux.org/RLSA-2024:3163", "https://github.com/linux-pam/linux-pam", "https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb", "https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0", "https://linux.oracle.com/cve/CVE-2024-22365.html", "https://linux.oracle.com/errata/ELSA-2024-3163.html", "https://lists.debian.org/debian-lts-announce/2025/09/msg00021.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-22365", "https://ubuntu.com/security/notices/USN-6588-1", "https://ubuntu.com/security/notices/USN-6588-2", "https://www.cve.org/CVERecord?id=CVE-2024-22365", "https://www.openwall.com/lists/oss-security/2024/01/18/3" ], "PublishedDate": "2024-02-06T08:15:52.203Z", "LastModifiedDate": "2026-05-12T12:16:17.363Z" }, { "VulnerabilityID": "CVE-2024-22365", "PkgID": "libpam-modules-bin@1.3.1-5ubuntu4.6", "PkgName": "libpam-modules-bin", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libpam-modules-bin@1.3.1-5ubuntu4.6?arch=amd64\u0026distro=ubuntu-20.04", "UID": "92c88fd5e3403ef2" }, "InstalledVersion": "1.3.1-5ubuntu4.6", "FixedVersion": "1.3.1-5ubuntu4.7", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-22365", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:1e515484b616575eb85086cba33c1316a74b048f516f8cc823056666c60a60f5", "Title": "pam: allowing unprivileged user to block another user namespace", "Description": "linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.", "Severity": "MEDIUM", "CweIDs": [ "CWE-664" ], "VendorSeverity": { "alma": 2, "amazon": 1, "azure": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/01/18/3", "https://access.redhat.com/errata/RHSA-2024:2438", "https://access.redhat.com/security/cve/CVE-2024-22365", "https://bugzilla.redhat.com/2257722", "https://bugzilla.redhat.com/show_bug.cgi?id=2257722", "https://cert-portal.siemens.com/productcert/html/ssa-577017.html", "https://cert-portal.siemens.com/productcert/html/ssa-794697.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22365", "https://errata.almalinux.org/9/ALSA-2024-2438.html", "https://errata.rockylinux.org/RLSA-2024:3163", "https://github.com/linux-pam/linux-pam", "https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb", "https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0", "https://linux.oracle.com/cve/CVE-2024-22365.html", "https://linux.oracle.com/errata/ELSA-2024-3163.html", "https://lists.debian.org/debian-lts-announce/2025/09/msg00021.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-22365", "https://ubuntu.com/security/notices/USN-6588-1", "https://ubuntu.com/security/notices/USN-6588-2", "https://www.cve.org/CVERecord?id=CVE-2024-22365", "https://www.openwall.com/lists/oss-security/2024/01/18/3" ], "PublishedDate": "2024-02-06T08:15:52.203Z", "LastModifiedDate": "2026-05-12T12:16:17.363Z" }, { "VulnerabilityID": "CVE-2024-22365", "PkgID": "libpam-runtime@1.3.1-5ubuntu4.6", "PkgName": "libpam-runtime", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libpam-runtime@1.3.1-5ubuntu4.6?arch=all\u0026distro=ubuntu-20.04", "UID": "815077e96d38fc4a" }, "InstalledVersion": "1.3.1-5ubuntu4.6", "FixedVersion": "1.3.1-5ubuntu4.7", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-22365", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a606e3839ff7ec9ec9e605b5b0d975838b3a372cb16312ef45bfe5dbeef3554e", "Title": "pam: allowing unprivileged user to block another user namespace", "Description": "linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.", "Severity": "MEDIUM", "CweIDs": [ "CWE-664" ], "VendorSeverity": { "alma": 2, "amazon": 1, "azure": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/01/18/3", "https://access.redhat.com/errata/RHSA-2024:2438", "https://access.redhat.com/security/cve/CVE-2024-22365", "https://bugzilla.redhat.com/2257722", "https://bugzilla.redhat.com/show_bug.cgi?id=2257722", "https://cert-portal.siemens.com/productcert/html/ssa-577017.html", "https://cert-portal.siemens.com/productcert/html/ssa-794697.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22365", "https://errata.almalinux.org/9/ALSA-2024-2438.html", "https://errata.rockylinux.org/RLSA-2024:3163", "https://github.com/linux-pam/linux-pam", "https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb", "https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0", "https://linux.oracle.com/cve/CVE-2024-22365.html", "https://linux.oracle.com/errata/ELSA-2024-3163.html", "https://lists.debian.org/debian-lts-announce/2025/09/msg00021.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-22365", "https://ubuntu.com/security/notices/USN-6588-1", "https://ubuntu.com/security/notices/USN-6588-2", "https://www.cve.org/CVERecord?id=CVE-2024-22365", "https://www.openwall.com/lists/oss-security/2024/01/18/3" ], "PublishedDate": "2024-02-06T08:15:52.203Z", "LastModifiedDate": "2026-05-12T12:16:17.363Z" }, { "VulnerabilityID": "CVE-2024-22365", "PkgID": "libpam0g@1.3.1-5ubuntu4.6", "PkgName": "libpam0g", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libpam0g@1.3.1-5ubuntu4.6?arch=amd64\u0026distro=ubuntu-20.04", "UID": "65460bc2f0872763" }, "InstalledVersion": "1.3.1-5ubuntu4.6", "FixedVersion": "1.3.1-5ubuntu4.7", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-22365", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3b1a8c54fc9d867d0adc15cda701f3f0ffaace3d8cad138262619870974f91f0", "Title": "pam: allowing unprivileged user to block another user namespace", "Description": "linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY.", "Severity": "MEDIUM", "CweIDs": [ "CWE-664" ], "VendorSeverity": { "alma": 2, "amazon": 1, "azure": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/01/18/3", "https://access.redhat.com/errata/RHSA-2024:2438", "https://access.redhat.com/security/cve/CVE-2024-22365", "https://bugzilla.redhat.com/2257722", "https://bugzilla.redhat.com/show_bug.cgi?id=2257722", "https://cert-portal.siemens.com/productcert/html/ssa-577017.html", "https://cert-portal.siemens.com/productcert/html/ssa-794697.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22365", "https://errata.almalinux.org/9/ALSA-2024-2438.html", "https://errata.rockylinux.org/RLSA-2024:3163", "https://github.com/linux-pam/linux-pam", "https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb", "https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0", "https://linux.oracle.com/cve/CVE-2024-22365.html", "https://linux.oracle.com/errata/ELSA-2024-3163.html", "https://lists.debian.org/debian-lts-announce/2025/09/msg00021.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-22365", "https://ubuntu.com/security/notices/USN-6588-1", "https://ubuntu.com/security/notices/USN-6588-2", "https://www.cve.org/CVERecord?id=CVE-2024-22365", "https://www.openwall.com/lists/oss-security/2024/01/18/3" ], "PublishedDate": "2024-02-06T08:15:52.203Z", "LastModifiedDate": "2026-05-12T12:16:17.363Z" }, { "VulnerabilityID": "CVE-2023-31484", "PkgID": "libperl5.30@5.30.0-9ubuntu0.3", "PkgName": "libperl5.30", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libperl5.30@5.30.0-9ubuntu0.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "a3acb4d09929d454" }, "InstalledVersion": "5.30.0-9ubuntu0.3", "FixedVersion": "5.30.0-9ubuntu0.4", "Status": "fixed", "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31484", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:35cbc69f39d5cc2eb7edbeaa87027fa6a982b93a0e70308cd765782db965f9c5", "Title": "perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS", "Description": "CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 2, "amazon": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/04/29/1", "http://www.openwall.com/lists/oss-security/2023/05/03/3", "http://www.openwall.com/lists/oss-security/2023/05/03/5", "http://www.openwall.com/lists/oss-security/2023/05/07/2", "https://access.redhat.com/errata/RHSA-2023:6539", "https://access.redhat.com/security/cve/CVE-2023-31484", "https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/", "https://bugzilla.redhat.com/2218667", "https://bugzilla.redhat.com/show_bug.cgi?id=2218667", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31484", "https://errata.almalinux.org/9/ALSA-2023-6539.html", "https://errata.rockylinux.org/RLSA-2023:6539", "https://github.com/andk/cpanpm/commit/9c98370287f4e709924aee7c58ef21c85289a7f0 (2.35-TRIAL)", "https://github.com/andk/cpanpm/pull/175", "https://linux.oracle.com/cve/CVE-2023-31484.html", "https://linux.oracle.com/errata/ELSA-2026-0079.html", "https://lists.debian.org/debian-lts-announce/2024/10/msg00017.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/", "https://metacpan.org/dist/CPAN/changes", "https://nvd.nist.gov/vuln/detail/CVE-2023-31484", "https://security.netapp.com/advisory/ntap-20240621-0007/", "https://ubuntu.com/security/notices/USN-6112-1", "https://ubuntu.com/security/notices/USN-6112-2", "https://www.cve.org/CVERecord?id=CVE-2023-31484", "https://www.openwall.com/lists/oss-security/2023/04/18/14" ], "PublishedDate": "2023-04-29T00:15:09Z", "LastModifiedDate": "2025-11-03T22:16:19.47Z" }, { "VulnerabilityID": "CVE-2023-47038", "PkgID": "libperl5.30@5.30.0-9ubuntu0.3", "PkgName": "libperl5.30", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libperl5.30@5.30.0-9ubuntu0.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "a3acb4d09929d454" }, "InstalledVersion": "5.30.0-9ubuntu0.3", "FixedVersion": "5.30.0-9ubuntu0.5", "Status": "fixed", "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-47038", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:8aaee366230042651d6d28762fe976621fc6a1e4e77cbbb1a504531d1f4f3a89", "Title": "perl: Write past buffer end via illegal user-defined Unicode property", "Description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "Severity": "MEDIUM", "CweIDs": [ "CWE-122", "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 2, "nvd": 3, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:2228", "https://access.redhat.com/errata/RHSA-2024:3128", "https://access.redhat.com/security/cve/CVE-2023-47038", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746", "https://bugzilla.redhat.com/2249523", "https://bugzilla.redhat.com/show_bug.cgi?id=2249523", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47038", "https://errata.almalinux.org/9/ALSA-2024-2228.html", "https://errata.rockylinux.org/RLSA-2024:2228", "https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010", "https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6", "https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3", "https://github.com/aquasecurity/trivy/discussions/8400", "https://linux.oracle.com/cve/CVE-2023-47038.html", "https://linux.oracle.com/errata/ELSA-2024-3128.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNEEWAACXQCEEAKSG7XX2D5YDRWLCIZJ/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMDZZ4SCEW6FRWZDMXGAKZ35THTAWFG6/", "https://nvd.nist.gov/vuln/detail/CVE-2023-47038", "https://perldoc.perl.org/perl5382delta#CVE-2023-47038-Write-past-buffer-end-via-illegal-user-defined-Unicode-property", "https://ubuntu.com/security/CVE-2023-47100", "https://ubuntu.com/security/notices/USN-6517-1", "https://www.cve.org/CVERecord?id=CVE-2023-47038", "https://www.suse.com/security/cve/CVE-2023-47100.html" ], "PublishedDate": "2023-12-18T14:15:08.933Z", "LastModifiedDate": "2025-11-04T19:16:05.573Z" }, { "VulnerabilityID": "CVE-2024-28085", "PkgID": "libsmartcols1@2.34-0.1ubuntu9.3", "PkgName": "libsmartcols1", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libsmartcols1@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "e0fe2b0ba0e3d931" }, "InstalledVersion": "2.34-0.1ubuntu9.3", "FixedVersion": "2.34-0.1ubuntu9.6", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28085", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:73f04dd6b4e03922d44eb3bc8d6ba47d23909833555cf6698863f5d900d161d6", "Title": "util-linux: CVE-2024-28085: wall: escape sequence injection", "Description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "Severity": "MEDIUM", "CweIDs": [ "CWE-150" ], "VendorSeverity": { "azure": 1, "cbl-mariner": 1, "photon": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.4 } }, "References": [ "http://seclists.org/fulldisclosure/2024/Mar/35", "http://www.openwall.com/lists/oss-security/2024/03/27/5", "http://www.openwall.com/lists/oss-security/2024/03/27/6", "http://www.openwall.com/lists/oss-security/2024/03/27/7", "http://www.openwall.com/lists/oss-security/2024/03/27/8", "http://www.openwall.com/lists/oss-security/2024/03/27/9", "http://www.openwall.com/lists/oss-security/2024/03/28/1", "http://www.openwall.com/lists/oss-security/2024/03/28/2", "http://www.openwall.com/lists/oss-security/2024/03/28/3", "https://access.redhat.com/security/cve/CVE-2024-28085", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-202008.html", "https://github.com/skyler-ferrante/CVE-2024-28085", "https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq", "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", "https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/", "https://nvd.nist.gov/vuln/detail/CVE-2024-28085", "https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt", "https://security.netapp.com/advisory/ntap-20240531-0003/", "https://ubuntu.com/security/notices/USN-6719-1", "https://ubuntu.com/security/notices/USN-6719-2", "https://www.cve.org/CVERecord?id=CVE-2024-28085", "https://www.openwall.com/lists/oss-security/2024/03/27/5" ], "PublishedDate": "2024-03-27T19:15:48.367Z", "LastModifiedDate": "2026-05-12T12:16:33.7Z" }, { "VulnerabilityID": "CVE-2023-7104", "PkgID": "libsqlite3-0@3.31.1-4ubuntu0.5", "PkgName": "libsqlite3-0", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libsqlite3-0@3.31.1-4ubuntu0.5?arch=amd64\u0026distro=ubuntu-20.04", "UID": "a3370ed119e5344f" }, "InstalledVersion": "3.31.1-4ubuntu0.5", "FixedVersion": "3.31.1-4ubuntu0.6", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-7104", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a7ef5fdd30f5253a93ae8132db5595e51c01c28bfc92f346ae8e8df81740218c", "Title": "sqlite: heap-buffer-overflow at sessionfuzz", "Description": "A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-248999.", "Severity": "MEDIUM", "CweIDs": [ "CWE-122", "CWE-119" ], "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 7.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 7.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 7.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:0465", "https://access.redhat.com/security/cve/CVE-2023-7104", "https://bugzilla.redhat.com/2256194", "https://bugzilla.redhat.com/show_bug.cgi?id=2256194", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7104", "https://errata.almalinux.org/9/ALSA-2024-0465.html", "https://errata.rockylinux.org/RLSA-2024:0465", "https://linux.oracle.com/cve/CVE-2023-7104.html", "https://linux.oracle.com/errata/ELSA-2024-0465.html", "https://lists.debian.org/debian-lts-announce/2024/09/msg00050.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/", "https://nvd.nist.gov/vuln/detail/CVE-2023-7104", "https://security.netapp.com/advisory/ntap-20240112-0008/", "https://sqlite.org/forum/forumpost/5bcbf4571c", "https://sqlite.org/src/info/0e4e7a05c4204b47", "https://ubuntu.com/security/notices/USN-6566-1", "https://ubuntu.com/security/notices/USN-6566-2", "https://vuldb.com/?ctiid.248999", "https://vuldb.com/?id.248999", "https://www.cve.org/CVERecord?id=CVE-2023-7104" ], "PublishedDate": "2023-12-29T10:15:13.89Z", "LastModifiedDate": "2025-11-03T22:16:33.307Z" }, { "VulnerabilityID": "CVE-2025-29088", "PkgID": "libsqlite3-0@3.31.1-4ubuntu0.5", "PkgName": "libsqlite3-0", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libsqlite3-0@3.31.1-4ubuntu0.5?arch=amd64\u0026distro=ubuntu-20.04", "UID": "a3370ed119e5344f" }, "InstalledVersion": "3.31.1-4ubuntu0.5", "FixedVersion": "3.31.1-4ubuntu0.7", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-29088", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:3821036529667ae99046d5980ef6b28ba44f9dc66cb6b60c703e89b0215c9b69", "Title": "sqlite: Denial of Service in SQLite", "Description": "In SQLite 3.49.0 before 3.49.1, certain argument values to sqlite3_db_config (in the C-language API) can cause a denial of service (application crash). An sz*nBig multiplication is not cast to a 64-bit integer, and consequently some memory allocations may be incorrect.", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-29088", "https://gist.github.com/ylwango613/d3883fb9f6ba8a78086356779ce88248", "https://github.com/sqlite/sqlite/commit/56d2fd008b108109f489339f5fd55212bb50afd4", "https://nvd.nist.gov/vuln/detail/CVE-2025-29088", "https://sqlite.org/forum/forumpost/48f365daec", "https://sqlite.org/releaselog/3_49_1.html", "https://ubuntu.com/security/notices/USN-7528-1", "https://ubuntu.com/security/notices/USN-7679-1", "https://www.cve.org/CVERecord?id=CVE-2025-29088", "https://www.sqlite.org/cves.html" ], "PublishedDate": "2025-04-10T14:15:27.163Z", "LastModifiedDate": "2025-09-30T16:59:27.32Z" }, { "VulnerabilityID": "CVE-2023-2650", "PkgID": "libssl1.1@1.1.1f-1ubuntu2.17", "PkgName": "libssl1.1", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libssl1.1@1.1.1f-1ubuntu2.17?arch=amd64\u0026distro=ubuntu-20.04", "UID": "b87ebee76c1b0f05" }, "InstalledVersion": "1.1.1f-1ubuntu2.17", "FixedVersion": "1.1.1f-1ubuntu2.19", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2650", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:03bc9ea1810b09c88e08bb4950d3535f09ceba2f6c477a08030579ebf0936fd2", "Title": "openssl: Possible DoS translating ASN.1 object identifiers", "Description": "Issue summary: Processing some specially crafted ASN.1 object identifiers or\ndata containing them may be very slow.\n\nImpact summary: Applications that use OBJ_obj2txt() directly, or use any of\nthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message\nsize limit may experience notable to very long delays when processing those\nmessages, which may lead to a Denial of Service.\n\nAn OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -\nmost of which have no size limit. OBJ_obj2txt() may be used to translate\nan ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL\ntype ASN1_OBJECT) to its canonical numeric text form, which are the\nsub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by\nperiods.\n\nWhen one of the sub-identifiers in the OBJECT IDENTIFIER is very large\n(these are sizes that are seen as absurdly large, taking up tens or hundreds\nof KiBs), the translation to a decimal number in text may take a very long\ntime. The time complexity is O(n^2) with 'n' being the size of the\nsub-identifiers in bytes (*).\n\nWith OpenSSL 3.0, support to fetch cryptographic algorithms using names /\nidentifiers in string form was introduced. This includes using OBJECT\nIDENTIFIERs in canonical numeric text form as identifiers for fetching\nalgorithms.\n\nSuch OBJECT IDENTIFIERs may be received through the ASN.1 structure\nAlgorithmIdentifier, which is commonly used in multiple protocols to specify\nwhat cryptographic algorithm should be used to sign or verify, encrypt or\ndecrypt, or digest passed data.\n\nApplications that call OBJ_obj2txt() directly with untrusted data are\naffected, with any version of OpenSSL. If the use is for the mere purpose\nof display, the severity is considered low.\n\nIn OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,\nCMS, CMP/CRMF or TS. It also impacts anything that processes X.509\ncertificates, including simple things like verifying its signature.\n\nThe impact on TLS is relatively low, because all versions of OpenSSL have a\n100KiB limit on the peer's certificate chain. Additionally, this only\nimpacts clients, or servers that have explicitly enabled client\nauthentication.\n\nIn OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,\nsuch as X.509 certificates. This is assumed to not happen in such a way\nthat it would cause a Denial of Service, so these versions are considered\nnot affected by this issue in such a way that it would be cause for concern,\nand the severity is therefore considered low.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "cbl-mariner": 2, "julia": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/05/30/1", "https://access.redhat.com/errata/RHSA-2023:6330", "https://access.redhat.com/security/cve/CVE-2023-2650", "https://bugzilla.redhat.com/1858038", "https://bugzilla.redhat.com/2207947", "https://errata.almalinux.org/9/ALSA-2023-6330.html", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=423a2bc737a908ad0c77bda470b2b59dc879936b", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=853c5e56ee0b8650c73140816bb8b91d6163422c", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9e209944b35cf82368071f160a744b6178f9b098", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a", "https://github.com/advisories/GHSA-gqxg-9vfr-p9cg", "https://linux.oracle.com/cve/CVE-2023-2650.html", "https://linux.oracle.com/errata/ELSA-2023-6330.html", "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-2650", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0009", "https://security.gentoo.org/glsa/202402-08", "https://security.netapp.com/advisory/ntap-20230703-0001/", "https://security.netapp.com/advisory/ntap-20231027-0009/", "https://ubuntu.com/security/notices/USN-6119-1", "https://ubuntu.com/security/notices/USN-6188-1", "https://ubuntu.com/security/notices/USN-6672-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2023-2650", "https://www.debian.org/security/2023/dsa-5417", "https://www.openssl.org/news/secadv/20230530.txt" ], "PublishedDate": "2023-05-30T14:15:09.683Z", "LastModifiedDate": "2025-03-19T16:15:21.89Z" }, { "VulnerabilityID": "CVE-2024-12133", "PkgID": "libtasn1-6@4.16.0-2", "PkgName": "libtasn1-6", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libtasn1-6@4.16.0-2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "1f3fac8fa7795921" }, "InstalledVersion": "4.16.0-2", "FixedVersion": "4.16.0-2ubuntu0.1", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-12133", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:cbdd707e25661c3cfe25b7a620ec346f4c9f8334bfb694ba5bfaee373639a856", "Title": "libtasn1: Inefficient DER Decoding in libtasn1 Leading to Potential Remote DoS", "Description": "A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack.", "Severity": "MEDIUM", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/02/06/6", "https://access.redhat.com/errata/RHSA-2025:17347", "https://access.redhat.com/errata/RHSA-2025:4049", "https://access.redhat.com/errata/RHSA-2025:7077", "https://access.redhat.com/errata/RHSA-2025:8021", "https://access.redhat.com/errata/RHSA-2025:8385", "https://access.redhat.com/security/cve/CVE-2024-12133", "https://bugzilla.redhat.com/2344611", "https://bugzilla.redhat.com/show_bug.cgi?id=2344611", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-202008.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12133", "https://errata.almalinux.org/9/ALSA-2025-7077.html", "https://errata.rockylinux.org/RLSA-2025:7077", "https://gitlab.com/gnutls/libtasn1/-/blob/master/doc/security/CVE-2024-12133.md", "https://gitlab.com/gnutls/libtasn1/-/blob/master/doc/security/CVE-2024-12133.md?ref_type=heads", "https://gitlab.com/gnutls/libtasn1/-/issues/52", "https://linux.oracle.com/cve/CVE-2024-12133.html", "https://linux.oracle.com/errata/ELSA-2025-7077.html", "https://lists.debian.org/debian-lts-announce/2025/02/msg00025.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-12133", "https://security.netapp.com/advisory/ntap-20250523-0003/", "https://ubuntu.com/security/notices/USN-7275-1", "https://ubuntu.com/security/notices/USN-7275-2", "https://www.cve.org/CVERecord?id=CVE-2024-12133" ], "PublishedDate": "2025-02-10T16:15:37.26Z", "LastModifiedDate": "2026-05-12T12:16:16.793Z" }, { "VulnerabilityID": "CVE-2023-29491", "PkgID": "libtinfo6@6.2-0ubuntu2", "PkgName": "libtinfo6", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libtinfo6@6.2-0ubuntu2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "a7882c12b2088277" }, "InstalledVersion": "6.2-0ubuntu2", "FixedVersion": "6.2-0ubuntu2.1", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29491", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:7f9e7b78ef03929beda03dc515dbafd02fd6fcb3576d4289eca9975628470cb8", "Title": "ncurses: Local users can trigger security-relevant memory corruption via malformed data", "Description": "ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://ncurses.scripts.mit.edu/?p=ncurses.git%3Ba=commit%3Bh=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", "http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commit;h=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", "http://www.openwall.com/lists/oss-security/2023/04/19/10", "http://www.openwall.com/lists/oss-security/2023/04/19/11", "https://access.redhat.com/errata/RHSA-2023:6698", "https://access.redhat.com/security/cve/CVE-2023-29491", "https://bugzilla.redhat.com/2191704", "https://errata.almalinux.org/9/ALSA-2023-6698.html", "https://invisible-island.net/ncurses/NEWS.html#index-t20230408", "https://linux.oracle.com/cve/CVE-2023-29491.html", "https://linux.oracle.com/errata/ELSA-2023-6698.html", "https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", "https://nvd.nist.gov/vuln/detail/CVE-2023-29491", "https://security.netapp.com/advisory/ntap-20230517-0009/", "https://support.apple.com/kb/HT213843", "https://support.apple.com/kb/HT213844", "https://support.apple.com/kb/HT213845", "https://ubuntu.com/security/notices/USN-6099-1", "https://www.cve.org/CVERecord?id=CVE-2023-29491", "https://www.openwall.com/lists/oss-security/2023/04/12/5", "https://www.openwall.com/lists/oss-security/2023/04/13/4" ], "PublishedDate": "2023-04-14T01:15:08.57Z", "LastModifiedDate": "2025-11-04T19:15:42.307Z" }, { "VulnerabilityID": "CVE-2024-28085", "PkgID": "libuuid1@2.34-0.1ubuntu9.3", "PkgName": "libuuid1", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/libuuid1@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "51a8ab06722bbc14" }, "InstalledVersion": "2.34-0.1ubuntu9.3", "FixedVersion": "2.34-0.1ubuntu9.6", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28085", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d67929107a1932cbad609c90607fde6329b6348e5b651ea005ee4ed00313ac26", "Title": "util-linux: CVE-2024-28085: wall: escape sequence injection", "Description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "Severity": "MEDIUM", "CweIDs": [ "CWE-150" ], "VendorSeverity": { "azure": 1, "cbl-mariner": 1, "photon": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.4 } }, "References": [ "http://seclists.org/fulldisclosure/2024/Mar/35", "http://www.openwall.com/lists/oss-security/2024/03/27/5", "http://www.openwall.com/lists/oss-security/2024/03/27/6", "http://www.openwall.com/lists/oss-security/2024/03/27/7", "http://www.openwall.com/lists/oss-security/2024/03/27/8", "http://www.openwall.com/lists/oss-security/2024/03/27/9", "http://www.openwall.com/lists/oss-security/2024/03/28/1", "http://www.openwall.com/lists/oss-security/2024/03/28/2", "http://www.openwall.com/lists/oss-security/2024/03/28/3", "https://access.redhat.com/security/cve/CVE-2024-28085", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-202008.html", "https://github.com/skyler-ferrante/CVE-2024-28085", "https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq", "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", "https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/", "https://nvd.nist.gov/vuln/detail/CVE-2024-28085", "https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt", "https://security.netapp.com/advisory/ntap-20240531-0003/", "https://ubuntu.com/security/notices/USN-6719-1", "https://ubuntu.com/security/notices/USN-6719-2", "https://www.cve.org/CVERecord?id=CVE-2024-28085", "https://www.openwall.com/lists/oss-security/2024/03/27/5" ], "PublishedDate": "2024-03-27T19:15:48.367Z", "LastModifiedDate": "2026-05-12T12:16:33.7Z" }, { "VulnerabilityID": "CVE-2024-28085", "PkgID": "mount@2.34-0.1ubuntu9.3", "PkgName": "mount", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/mount@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "5dec57b54f278111" }, "InstalledVersion": "2.34-0.1ubuntu9.3", "FixedVersion": "2.34-0.1ubuntu9.6", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28085", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:ceb0714dc862dd302222c985a047b427dda610e90eb58d9b954bf6e7049f0090", "Title": "util-linux: CVE-2024-28085: wall: escape sequence injection", "Description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "Severity": "MEDIUM", "CweIDs": [ "CWE-150" ], "VendorSeverity": { "azure": 1, "cbl-mariner": 1, "photon": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.4 } }, "References": [ "http://seclists.org/fulldisclosure/2024/Mar/35", "http://www.openwall.com/lists/oss-security/2024/03/27/5", "http://www.openwall.com/lists/oss-security/2024/03/27/6", "http://www.openwall.com/lists/oss-security/2024/03/27/7", "http://www.openwall.com/lists/oss-security/2024/03/27/8", "http://www.openwall.com/lists/oss-security/2024/03/27/9", "http://www.openwall.com/lists/oss-security/2024/03/28/1", "http://www.openwall.com/lists/oss-security/2024/03/28/2", "http://www.openwall.com/lists/oss-security/2024/03/28/3", "https://access.redhat.com/security/cve/CVE-2024-28085", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-202008.html", "https://github.com/skyler-ferrante/CVE-2024-28085", "https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq", "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", "https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/", "https://nvd.nist.gov/vuln/detail/CVE-2024-28085", "https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt", "https://security.netapp.com/advisory/ntap-20240531-0003/", "https://ubuntu.com/security/notices/USN-6719-1", "https://ubuntu.com/security/notices/USN-6719-2", "https://www.cve.org/CVERecord?id=CVE-2024-28085", "https://www.openwall.com/lists/oss-security/2024/03/27/5" ], "PublishedDate": "2024-03-27T19:15:48.367Z", "LastModifiedDate": "2026-05-12T12:16:33.7Z" }, { "VulnerabilityID": "CVE-2023-29491", "PkgID": "ncurses-base@6.2-0ubuntu2", "PkgName": "ncurses-base", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/ncurses-base@6.2-0ubuntu2?arch=all\u0026distro=ubuntu-20.04", "UID": "11c3ebabbf3b213f" }, "InstalledVersion": "6.2-0ubuntu2", "FixedVersion": "6.2-0ubuntu2.1", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29491", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:7698d8c3a532211a152f70974ef4d923f583a6f4ed2f1bdf0d344e2f7f961c41", "Title": "ncurses: Local users can trigger security-relevant memory corruption via malformed data", "Description": "ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://ncurses.scripts.mit.edu/?p=ncurses.git%3Ba=commit%3Bh=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", "http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commit;h=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", "http://www.openwall.com/lists/oss-security/2023/04/19/10", "http://www.openwall.com/lists/oss-security/2023/04/19/11", "https://access.redhat.com/errata/RHSA-2023:6698", "https://access.redhat.com/security/cve/CVE-2023-29491", "https://bugzilla.redhat.com/2191704", "https://errata.almalinux.org/9/ALSA-2023-6698.html", "https://invisible-island.net/ncurses/NEWS.html#index-t20230408", "https://linux.oracle.com/cve/CVE-2023-29491.html", "https://linux.oracle.com/errata/ELSA-2023-6698.html", "https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", "https://nvd.nist.gov/vuln/detail/CVE-2023-29491", "https://security.netapp.com/advisory/ntap-20230517-0009/", "https://support.apple.com/kb/HT213843", "https://support.apple.com/kb/HT213844", "https://support.apple.com/kb/HT213845", "https://ubuntu.com/security/notices/USN-6099-1", "https://www.cve.org/CVERecord?id=CVE-2023-29491", "https://www.openwall.com/lists/oss-security/2023/04/12/5", "https://www.openwall.com/lists/oss-security/2023/04/13/4" ], "PublishedDate": "2023-04-14T01:15:08.57Z", "LastModifiedDate": "2025-11-04T19:15:42.307Z" }, { "VulnerabilityID": "CVE-2023-29491", "PkgID": "ncurses-bin@6.2-0ubuntu2", "PkgName": "ncurses-bin", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/ncurses-bin@6.2-0ubuntu2?arch=amd64\u0026distro=ubuntu-20.04", "UID": "f840bf3c896244a7" }, "InstalledVersion": "6.2-0ubuntu2", "FixedVersion": "6.2-0ubuntu2.1", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29491", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:aadc18fa84a45be374f61b8f9e978f891dd907bb47c91d2d29980e4c4b923ccd", "Title": "ncurses: Local users can trigger security-relevant memory corruption via malformed data", "Description": "ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://ncurses.scripts.mit.edu/?p=ncurses.git%3Ba=commit%3Bh=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", "http://ncurses.scripts.mit.edu/?p=ncurses.git;a=commit;h=eb51b1ea1f75a0ec17c9c5937cb28df1e8eeec56", "http://www.openwall.com/lists/oss-security/2023/04/19/10", "http://www.openwall.com/lists/oss-security/2023/04/19/11", "https://access.redhat.com/errata/RHSA-2023:6698", "https://access.redhat.com/security/cve/CVE-2023-29491", "https://bugzilla.redhat.com/2191704", "https://errata.almalinux.org/9/ALSA-2023-6698.html", "https://invisible-island.net/ncurses/NEWS.html#index-t20230408", "https://linux.oracle.com/cve/CVE-2023-29491.html", "https://linux.oracle.com/errata/ELSA-2023-6698.html", "https://lists.debian.org/debian-lts-announce/2023/12/msg00004.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LU4MYMKFEZQ5VSCVLRIZGDQOUW3T44GT/", "https://nvd.nist.gov/vuln/detail/CVE-2023-29491", "https://security.netapp.com/advisory/ntap-20230517-0009/", "https://support.apple.com/kb/HT213843", "https://support.apple.com/kb/HT213844", "https://support.apple.com/kb/HT213845", "https://ubuntu.com/security/notices/USN-6099-1", "https://www.cve.org/CVERecord?id=CVE-2023-29491", "https://www.openwall.com/lists/oss-security/2023/04/12/5", "https://www.openwall.com/lists/oss-security/2023/04/13/4" ], "PublishedDate": "2023-04-14T01:15:08.57Z", "LastModifiedDate": "2025-11-04T19:15:42.307Z" }, { "VulnerabilityID": "CVE-2023-2650", "PkgID": "openssl@1.1.1f-1ubuntu2.17", "PkgName": "openssl", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/openssl@1.1.1f-1ubuntu2.17?arch=amd64\u0026distro=ubuntu-20.04", "UID": "d05522de581addaf" }, "InstalledVersion": "1.1.1f-1ubuntu2.17", "FixedVersion": "1.1.1f-1ubuntu2.19", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2650", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:abf1c7876d89ebc6e675c79849155ece11c2aa148b727e64d58150ac7a322a20", "Title": "openssl: Possible DoS translating ASN.1 object identifiers", "Description": "Issue summary: Processing some specially crafted ASN.1 object identifiers or\ndata containing them may be very slow.\n\nImpact summary: Applications that use OBJ_obj2txt() directly, or use any of\nthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message\nsize limit may experience notable to very long delays when processing those\nmessages, which may lead to a Denial of Service.\n\nAn OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -\nmost of which have no size limit. OBJ_obj2txt() may be used to translate\nan ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL\ntype ASN1_OBJECT) to its canonical numeric text form, which are the\nsub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by\nperiods.\n\nWhen one of the sub-identifiers in the OBJECT IDENTIFIER is very large\n(these are sizes that are seen as absurdly large, taking up tens or hundreds\nof KiBs), the translation to a decimal number in text may take a very long\ntime. The time complexity is O(n^2) with 'n' being the size of the\nsub-identifiers in bytes (*).\n\nWith OpenSSL 3.0, support to fetch cryptographic algorithms using names /\nidentifiers in string form was introduced. This includes using OBJECT\nIDENTIFIERs in canonical numeric text form as identifiers for fetching\nalgorithms.\n\nSuch OBJECT IDENTIFIERs may be received through the ASN.1 structure\nAlgorithmIdentifier, which is commonly used in multiple protocols to specify\nwhat cryptographic algorithm should be used to sign or verify, encrypt or\ndecrypt, or digest passed data.\n\nApplications that call OBJ_obj2txt() directly with untrusted data are\naffected, with any version of OpenSSL. If the use is for the mere purpose\nof display, the severity is considered low.\n\nIn OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,\nCMS, CMP/CRMF or TS. It also impacts anything that processes X.509\ncertificates, including simple things like verifying its signature.\n\nThe impact on TLS is relatively low, because all versions of OpenSSL have a\n100KiB limit on the peer's certificate chain. Additionally, this only\nimpacts clients, or servers that have explicitly enabled client\nauthentication.\n\nIn OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,\nsuch as X.509 certificates. This is assumed to not happen in such a way\nthat it would cause a Denial of Service, so these versions are considered\nnot affected by this issue in such a way that it would be cause for concern,\nand the severity is therefore considered low.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "cbl-mariner": 2, "julia": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/05/30/1", "https://access.redhat.com/errata/RHSA-2023:6330", "https://access.redhat.com/security/cve/CVE-2023-2650", "https://bugzilla.redhat.com/1858038", "https://bugzilla.redhat.com/2207947", "https://errata.almalinux.org/9/ALSA-2023-6330.html", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=423a2bc737a908ad0c77bda470b2b59dc879936b", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=853c5e56ee0b8650c73140816bb8b91d6163422c", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9e209944b35cf82368071f160a744b6178f9b098", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a", "https://github.com/advisories/GHSA-gqxg-9vfr-p9cg", "https://linux.oracle.com/cve/CVE-2023-2650.html", "https://linux.oracle.com/errata/ELSA-2023-6330.html", "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-2650", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0009", "https://security.gentoo.org/glsa/202402-08", "https://security.netapp.com/advisory/ntap-20230703-0001/", "https://security.netapp.com/advisory/ntap-20231027-0009/", "https://ubuntu.com/security/notices/USN-6119-1", "https://ubuntu.com/security/notices/USN-6188-1", "https://ubuntu.com/security/notices/USN-6672-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2023-2650", "https://www.debian.org/security/2023/dsa-5417", "https://www.openssl.org/news/secadv/20230530.txt" ], "PublishedDate": "2023-05-30T14:15:09.683Z", "LastModifiedDate": "2025-03-19T16:15:21.89Z" }, { "VulnerabilityID": "CVE-2023-31484", "PkgID": "perl@5.30.0-9ubuntu0.3", "PkgName": "perl", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/perl@5.30.0-9ubuntu0.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "e4ac000ef35e9648" }, "InstalledVersion": "5.30.0-9ubuntu0.3", "FixedVersion": "5.30.0-9ubuntu0.4", "Status": "fixed", "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31484", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:c581e71dd9498d31833e08451482d794b9dca4fbe0d984e84d2ca045579597d1", "Title": "perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS", "Description": "CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 2, "amazon": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/04/29/1", "http://www.openwall.com/lists/oss-security/2023/05/03/3", "http://www.openwall.com/lists/oss-security/2023/05/03/5", "http://www.openwall.com/lists/oss-security/2023/05/07/2", "https://access.redhat.com/errata/RHSA-2023:6539", "https://access.redhat.com/security/cve/CVE-2023-31484", "https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/", "https://bugzilla.redhat.com/2218667", "https://bugzilla.redhat.com/show_bug.cgi?id=2218667", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31484", "https://errata.almalinux.org/9/ALSA-2023-6539.html", "https://errata.rockylinux.org/RLSA-2023:6539", "https://github.com/andk/cpanpm/commit/9c98370287f4e709924aee7c58ef21c85289a7f0 (2.35-TRIAL)", "https://github.com/andk/cpanpm/pull/175", "https://linux.oracle.com/cve/CVE-2023-31484.html", "https://linux.oracle.com/errata/ELSA-2026-0079.html", "https://lists.debian.org/debian-lts-announce/2024/10/msg00017.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/", "https://metacpan.org/dist/CPAN/changes", "https://nvd.nist.gov/vuln/detail/CVE-2023-31484", "https://security.netapp.com/advisory/ntap-20240621-0007/", "https://ubuntu.com/security/notices/USN-6112-1", "https://ubuntu.com/security/notices/USN-6112-2", "https://www.cve.org/CVERecord?id=CVE-2023-31484", "https://www.openwall.com/lists/oss-security/2023/04/18/14" ], "PublishedDate": "2023-04-29T00:15:09Z", "LastModifiedDate": "2025-11-03T22:16:19.47Z" }, { "VulnerabilityID": "CVE-2023-47038", "PkgID": "perl@5.30.0-9ubuntu0.3", "PkgName": "perl", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/perl@5.30.0-9ubuntu0.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "e4ac000ef35e9648" }, "InstalledVersion": "5.30.0-9ubuntu0.3", "FixedVersion": "5.30.0-9ubuntu0.5", "Status": "fixed", "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-47038", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:e321f1290d681502c27e967380483e41f8d097b5dd5887156e08fc782011a769", "Title": "perl: Write past buffer end via illegal user-defined Unicode property", "Description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "Severity": "MEDIUM", "CweIDs": [ "CWE-122", "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 2, "nvd": 3, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:2228", "https://access.redhat.com/errata/RHSA-2024:3128", "https://access.redhat.com/security/cve/CVE-2023-47038", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746", "https://bugzilla.redhat.com/2249523", "https://bugzilla.redhat.com/show_bug.cgi?id=2249523", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47038", "https://errata.almalinux.org/9/ALSA-2024-2228.html", "https://errata.rockylinux.org/RLSA-2024:2228", "https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010", "https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6", "https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3", "https://github.com/aquasecurity/trivy/discussions/8400", "https://linux.oracle.com/cve/CVE-2023-47038.html", "https://linux.oracle.com/errata/ELSA-2024-3128.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNEEWAACXQCEEAKSG7XX2D5YDRWLCIZJ/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMDZZ4SCEW6FRWZDMXGAKZ35THTAWFG6/", "https://nvd.nist.gov/vuln/detail/CVE-2023-47038", "https://perldoc.perl.org/perl5382delta#CVE-2023-47038-Write-past-buffer-end-via-illegal-user-defined-Unicode-property", "https://ubuntu.com/security/CVE-2023-47100", "https://ubuntu.com/security/notices/USN-6517-1", "https://www.cve.org/CVERecord?id=CVE-2023-47038", "https://www.suse.com/security/cve/CVE-2023-47100.html" ], "PublishedDate": "2023-12-18T14:15:08.933Z", "LastModifiedDate": "2025-11-04T19:16:05.573Z" }, { "VulnerabilityID": "CVE-2023-31484", "PkgID": "perl-base@5.30.0-9ubuntu0.3", "PkgName": "perl-base", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/perl-base@5.30.0-9ubuntu0.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "2289117557075356" }, "InstalledVersion": "5.30.0-9ubuntu0.3", "FixedVersion": "5.30.0-9ubuntu0.4", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31484", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:83aa268dbcedb9eba21938b2c8331b13b67a149ad18591ec3c3fcd68e8df14f2", "Title": "perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS", "Description": "CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 2, "amazon": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/04/29/1", "http://www.openwall.com/lists/oss-security/2023/05/03/3", "http://www.openwall.com/lists/oss-security/2023/05/03/5", "http://www.openwall.com/lists/oss-security/2023/05/07/2", "https://access.redhat.com/errata/RHSA-2023:6539", "https://access.redhat.com/security/cve/CVE-2023-31484", "https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/", "https://bugzilla.redhat.com/2218667", "https://bugzilla.redhat.com/show_bug.cgi?id=2218667", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31484", "https://errata.almalinux.org/9/ALSA-2023-6539.html", "https://errata.rockylinux.org/RLSA-2023:6539", "https://github.com/andk/cpanpm/commit/9c98370287f4e709924aee7c58ef21c85289a7f0 (2.35-TRIAL)", "https://github.com/andk/cpanpm/pull/175", "https://linux.oracle.com/cve/CVE-2023-31484.html", "https://linux.oracle.com/errata/ELSA-2026-0079.html", "https://lists.debian.org/debian-lts-announce/2024/10/msg00017.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/", "https://metacpan.org/dist/CPAN/changes", "https://nvd.nist.gov/vuln/detail/CVE-2023-31484", "https://security.netapp.com/advisory/ntap-20240621-0007/", "https://ubuntu.com/security/notices/USN-6112-1", "https://ubuntu.com/security/notices/USN-6112-2", "https://www.cve.org/CVERecord?id=CVE-2023-31484", "https://www.openwall.com/lists/oss-security/2023/04/18/14" ], "PublishedDate": "2023-04-29T00:15:09Z", "LastModifiedDate": "2025-11-03T22:16:19.47Z" }, { "VulnerabilityID": "CVE-2023-47038", "PkgID": "perl-base@5.30.0-9ubuntu0.3", "PkgName": "perl-base", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/perl-base@5.30.0-9ubuntu0.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "2289117557075356" }, "InstalledVersion": "5.30.0-9ubuntu0.3", "FixedVersion": "5.30.0-9ubuntu0.5", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-47038", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:6219a076250c5b9f87e1722ca07ac6a7c46d0b4bf60900f0813deb110a1da954", "Title": "perl: Write past buffer end via illegal user-defined Unicode property", "Description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "Severity": "MEDIUM", "CweIDs": [ "CWE-122", "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 2, "nvd": 3, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:2228", "https://access.redhat.com/errata/RHSA-2024:3128", "https://access.redhat.com/security/cve/CVE-2023-47038", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746", "https://bugzilla.redhat.com/2249523", "https://bugzilla.redhat.com/show_bug.cgi?id=2249523", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47038", "https://errata.almalinux.org/9/ALSA-2024-2228.html", "https://errata.rockylinux.org/RLSA-2024:2228", "https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010", "https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6", "https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3", "https://github.com/aquasecurity/trivy/discussions/8400", "https://linux.oracle.com/cve/CVE-2023-47038.html", "https://linux.oracle.com/errata/ELSA-2024-3128.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNEEWAACXQCEEAKSG7XX2D5YDRWLCIZJ/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMDZZ4SCEW6FRWZDMXGAKZ35THTAWFG6/", "https://nvd.nist.gov/vuln/detail/CVE-2023-47038", "https://perldoc.perl.org/perl5382delta#CVE-2023-47038-Write-past-buffer-end-via-illegal-user-defined-Unicode-property", "https://ubuntu.com/security/CVE-2023-47100", "https://ubuntu.com/security/notices/USN-6517-1", "https://www.cve.org/CVERecord?id=CVE-2023-47038", "https://www.suse.com/security/cve/CVE-2023-47100.html" ], "PublishedDate": "2023-12-18T14:15:08.933Z", "LastModifiedDate": "2025-11-04T19:16:05.573Z" }, { "VulnerabilityID": "CVE-2023-31484", "PkgID": "perl-modules-5.30@5.30.0-9ubuntu0.3", "PkgName": "perl-modules-5.30", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/perl-modules-5.30@5.30.0-9ubuntu0.3?arch=all\u0026distro=ubuntu-20.04", "UID": "23ac15a776adbce9" }, "InstalledVersion": "5.30.0-9ubuntu0.3", "FixedVersion": "5.30.0-9ubuntu0.4", "Status": "fixed", "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-31484", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:9723ee8d6e5e76f2d08cf46e4e841f620af3780a50c4fc2fcca4c6c81b3e1d24", "Title": "perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS", "Description": "CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 2, "amazon": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/04/29/1", "http://www.openwall.com/lists/oss-security/2023/05/03/3", "http://www.openwall.com/lists/oss-security/2023/05/03/5", "http://www.openwall.com/lists/oss-security/2023/05/07/2", "https://access.redhat.com/errata/RHSA-2023:6539", "https://access.redhat.com/security/cve/CVE-2023-31484", "https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/", "https://bugzilla.redhat.com/2218667", "https://bugzilla.redhat.com/show_bug.cgi?id=2218667", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31484", "https://errata.almalinux.org/9/ALSA-2023-6539.html", "https://errata.rockylinux.org/RLSA-2023:6539", "https://github.com/andk/cpanpm/commit/9c98370287f4e709924aee7c58ef21c85289a7f0 (2.35-TRIAL)", "https://github.com/andk/cpanpm/pull/175", "https://linux.oracle.com/cve/CVE-2023-31484.html", "https://linux.oracle.com/errata/ELSA-2026-0079.html", "https://lists.debian.org/debian-lts-announce/2024/10/msg00017.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/", "https://metacpan.org/dist/CPAN/changes", "https://nvd.nist.gov/vuln/detail/CVE-2023-31484", "https://security.netapp.com/advisory/ntap-20240621-0007/", "https://ubuntu.com/security/notices/USN-6112-1", "https://ubuntu.com/security/notices/USN-6112-2", "https://www.cve.org/CVERecord?id=CVE-2023-31484", "https://www.openwall.com/lists/oss-security/2023/04/18/14" ], "PublishedDate": "2023-04-29T00:15:09Z", "LastModifiedDate": "2025-11-03T22:16:19.47Z" }, { "VulnerabilityID": "CVE-2023-47038", "PkgID": "perl-modules-5.30@5.30.0-9ubuntu0.3", "PkgName": "perl-modules-5.30", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/perl-modules-5.30@5.30.0-9ubuntu0.3?arch=all\u0026distro=ubuntu-20.04", "UID": "23ac15a776adbce9" }, "InstalledVersion": "5.30.0-9ubuntu0.3", "FixedVersion": "5.30.0-9ubuntu0.5", "Status": "fixed", "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-47038", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:060d5145657351635861c52c235e66c3f393fb2fd0879840c8e17754f355504d", "Title": "perl: Write past buffer end via illegal user-defined Unicode property", "Description": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.", "Severity": "MEDIUM", "CweIDs": [ "CWE-122", "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 2, "nvd": 3, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:2228", "https://access.redhat.com/errata/RHSA-2024:3128", "https://access.redhat.com/security/cve/CVE-2023-47038", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746", "https://bugzilla.redhat.com/2249523", "https://bugzilla.redhat.com/show_bug.cgi?id=2249523", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47038", "https://errata.almalinux.org/9/ALSA-2024-2228.html", "https://errata.rockylinux.org/RLSA-2024:2228", "https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010", "https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6", "https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3", "https://github.com/aquasecurity/trivy/discussions/8400", "https://linux.oracle.com/cve/CVE-2023-47038.html", "https://linux.oracle.com/errata/ELSA-2024-3128.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNEEWAACXQCEEAKSG7XX2D5YDRWLCIZJ/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UMDZZ4SCEW6FRWZDMXGAKZ35THTAWFG6/", "https://nvd.nist.gov/vuln/detail/CVE-2023-47038", "https://perldoc.perl.org/perl5382delta#CVE-2023-47038-Write-past-buffer-end-via-illegal-user-defined-Unicode-property", "https://ubuntu.com/security/CVE-2023-47100", "https://ubuntu.com/security/notices/USN-6517-1", "https://www.cve.org/CVERecord?id=CVE-2023-47038", "https://www.suse.com/security/cve/CVE-2023-47100.html" ], "PublishedDate": "2023-12-18T14:15:08.933Z", "LastModifiedDate": "2025-11-04T19:16:05.573Z" }, { "VulnerabilityID": "CVE-2024-12085", "PkgID": "rsync@3.1.3-8ubuntu0.5", "PkgName": "rsync", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/rsync@3.1.3-8ubuntu0.5?arch=amd64\u0026distro=ubuntu-20.04", "UID": "9f4dd363bd033b68" }, "InstalledVersion": "3.1.3-8ubuntu0.5", "FixedVersion": "3.1.3-8ubuntu0.8", "Status": "fixed", "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-12085", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:82ddf8beab0a68e5a1eaf9a1da587e80bd48217229ec1d3c16af160b632b3060", "Title": "rsync: Info Leak via Uninitialized Stack Contents", "Description": "A flaw was found in rsync which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time.", "Severity": "MEDIUM", "CweIDs": [ "CWE-908" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHBA-2025:6470", "https://access.redhat.com/errata/RHSA-2025:0324", "https://access.redhat.com/errata/RHSA-2025:0325", "https://access.redhat.com/errata/RHSA-2025:0637", "https://access.redhat.com/errata/RHSA-2025:0688", "https://access.redhat.com/errata/RHSA-2025:0714", "https://access.redhat.com/errata/RHSA-2025:0774", "https://access.redhat.com/errata/RHSA-2025:0787", "https://access.redhat.com/errata/RHSA-2025:0790", "https://access.redhat.com/errata/RHSA-2025:0849", "https://access.redhat.com/errata/RHSA-2025:0884", "https://access.redhat.com/errata/RHSA-2025:0885", "https://access.redhat.com/errata/RHSA-2025:1120", "https://access.redhat.com/errata/RHSA-2025:1123", "https://access.redhat.com/errata/RHSA-2025:1128", "https://access.redhat.com/errata/RHSA-2025:1225", "https://access.redhat.com/errata/RHSA-2025:1227", "https://access.redhat.com/errata/RHSA-2025:1242", "https://access.redhat.com/errata/RHSA-2025:1451", "https://access.redhat.com/errata/RHSA-2025:21885", "https://access.redhat.com/errata/RHSA-2025:2701", "https://access.redhat.com/security/cve/CVE-2024-12085", "https://bugzilla.redhat.com/2330539", "https://bugzilla.redhat.com/show_bug.cgi?id=2330539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12085", "https://errata.almalinux.org/9/ALSA-2025-0324.html", "https://errata.rockylinux.org/RLSA-2025:0324", "https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj", "https://kb.cert.org/vince/comm/case/2083/", "https://kb.cert.org/vuls/id/952657", "https://linux.oracle.com/cve/CVE-2024-12085.html", "https://linux.oracle.com/errata/ELSA-2025-0714.html", "https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-12085", "https://security.netapp.com/advisory/ntap-20250131-0002/", "https://ubuntu.com/security/notices/USN-7206-1", "https://ubuntu.com/security/notices/USN-7206-3", "https://www.cve.org/CVERecord?id=CVE-2024-12085", "https://www.kb.cert.org/vuls/id/952657" ], "PublishedDate": "2025-01-14T18:15:25.123Z", "LastModifiedDate": "2026-04-14T22:16:24.497Z" }, { "VulnerabilityID": "CVE-2024-12086", "PkgID": "rsync@3.1.3-8ubuntu0.5", "PkgName": "rsync", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/rsync@3.1.3-8ubuntu0.5?arch=amd64\u0026distro=ubuntu-20.04", "UID": "9f4dd363bd033b68" }, "InstalledVersion": "3.1.3-8ubuntu0.5", "FixedVersion": "3.1.3-8ubuntu0.8", "Status": "fixed", "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-12086", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:20ba46ddc7c0f2657d494d1ee7ce27baf776c56cd1a85c9f33b0e1b1b4051cea", "Title": "rsync: rsync server leaks arbitrary client files", "Description": "A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client.", "Severity": "MEDIUM", "CweIDs": [ "CWE-390" ], "VendorSeverity": { "amazon": 3, "azure": 2, "cbl-mariner": 2, "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "V3Score": 6.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/errata/RHBA-2025:6470", "https://access.redhat.com/errata/RHSA-2026:19368", "https://access.redhat.com/security/cve/CVE-2024-12086", "https://bugzilla.redhat.com/show_bug.cgi?id=2330577", "https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj", "https://kb.cert.org/vince/comm/case/2083/", "https://kb.cert.org/vuls/id/952657", "https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-12086", "https://security.netapp.com/advisory/ntap-20250131-0002/", "https://ubuntu.com/security/notices/USN-7206-1", "https://ubuntu.com/security/notices/USN-7206-3", "https://www.cve.org/CVERecord?id=CVE-2024-12086", "https://www.kb.cert.org/vuls/id/952657" ], "PublishedDate": "2025-01-14T18:15:25.297Z", "LastModifiedDate": "2026-05-20T04:16:31.217Z" }, { "VulnerabilityID": "CVE-2024-12087", "PkgID": "rsync@3.1.3-8ubuntu0.5", "PkgName": "rsync", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/rsync@3.1.3-8ubuntu0.5?arch=amd64\u0026distro=ubuntu-20.04", "UID": "9f4dd363bd033b68" }, "InstalledVersion": "3.1.3-8ubuntu0.5", "FixedVersion": "3.1.3-8ubuntu0.8", "Status": "fixed", "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-12087", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:a94e14429b5d76dc4e62f5b39f13fef6e6e0d4b533a00519d43e42b0558618e1", "Title": "rsync: Path traversal vulnerability in rsync", "Description": "A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client.", "Severity": "MEDIUM", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "cbl-mariner": 2, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHBA-2025:6470", "https://access.redhat.com/errata/RHSA-2025:23154", "https://access.redhat.com/errata/RHSA-2025:23235", "https://access.redhat.com/errata/RHSA-2025:23407", "https://access.redhat.com/errata/RHSA-2025:23415", "https://access.redhat.com/errata/RHSA-2025:23416", "https://access.redhat.com/errata/RHSA-2025:23842", "https://access.redhat.com/errata/RHSA-2025:23853", "https://access.redhat.com/errata/RHSA-2025:23854", "https://access.redhat.com/errata/RHSA-2025:23858", "https://access.redhat.com/errata/RHSA-2025:2600", "https://access.redhat.com/errata/RHSA-2025:7050", "https://access.redhat.com/errata/RHSA-2025:8385", "https://access.redhat.com/security/cve/CVE-2024-12087", "https://bugzilla.redhat.com/2330672", "https://bugzilla.redhat.com/2330676", "https://bugzilla.redhat.com/2332968", "https://bugzilla.redhat.com/show_bug.cgi?id=2330672", "https://bugzilla.redhat.com/show_bug.cgi?id=2330676", "https://bugzilla.redhat.com/show_bug.cgi?id=2332968", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12087", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12088", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12747", "https://errata.almalinux.org/9/ALSA-2025-7050.html", "https://errata.rockylinux.org/RLSA-2025:7050", "https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj", "https://kb.cert.org/vince/comm/case/2083/", "https://kb.cert.org/vuls/id/952657", "https://linux.oracle.com/cve/CVE-2024-12087.html", "https://linux.oracle.com/errata/ELSA-2025-7050.html", "https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-12087", "https://security.netapp.com/advisory/ntap-20250131-0002/", "https://ubuntu.com/security/notices/USN-7206-1", "https://ubuntu.com/security/notices/USN-7206-3", "https://www.cve.org/CVERecord?id=CVE-2024-12087", "https://www.kb.cert.org/vuls/id/952657" ], "PublishedDate": "2025-01-14T18:15:25.467Z", "LastModifiedDate": "2026-04-14T22:16:26.837Z" }, { "VulnerabilityID": "CVE-2024-12088", "PkgID": "rsync@3.1.3-8ubuntu0.5", "PkgName": "rsync", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/rsync@3.1.3-8ubuntu0.5?arch=amd64\u0026distro=ubuntu-20.04", "UID": "9f4dd363bd033b68" }, "InstalledVersion": "3.1.3-8ubuntu0.5", "FixedVersion": "3.1.3-8ubuntu0.8", "Status": "fixed", "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-12088", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d044336f5b9f5c962b2389d6b4dec877a8248ba29dcfb58e789b22ecef4ddab2", "Title": "rsync: --safe-links option bypass leads to path traversal", "Description": "A flaw was found in rsync. When using the `--safe-links` option, the rsync client fails to properly verify if a symbolic link destination sent from the server contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory.", "Severity": "MEDIUM", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "cbl-mariner": 2, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHBA-2025:6470", "https://access.redhat.com/errata/RHSA-2025:2600", "https://access.redhat.com/errata/RHSA-2025:7050", "https://access.redhat.com/errata/RHSA-2025:8385", "https://access.redhat.com/security/cve/CVE-2024-12088", "https://bugzilla.redhat.com/2330672", "https://bugzilla.redhat.com/2330676", "https://bugzilla.redhat.com/2332968", "https://bugzilla.redhat.com/show_bug.cgi?id=2330672", "https://bugzilla.redhat.com/show_bug.cgi?id=2330676", "https://bugzilla.redhat.com/show_bug.cgi?id=2332968", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12087", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12088", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12747", "https://errata.almalinux.org/9/ALSA-2025-7050.html", "https://errata.rockylinux.org/RLSA-2025:7050", "https://github.com/google/security-research/security/advisories/GHSA-p5pg-x43v-mvqj", "https://kb.cert.org/vince/comm/case/2083/", "https://kb.cert.org/vuls/id/952657", "https://linux.oracle.com/cve/CVE-2024-12088.html", "https://linux.oracle.com/errata/ELSA-2025-7050.html", "https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-12088", "https://security.netapp.com/advisory/ntap-20250131-0002/", "https://ubuntu.com/security/notices/USN-7206-1", "https://ubuntu.com/security/notices/USN-7206-3", "https://www.cve.org/CVERecord?id=CVE-2024-12088", "https://www.kb.cert.org/vuls/id/952657" ], "PublishedDate": "2025-01-14T18:15:25.643Z", "LastModifiedDate": "2026-04-14T22:16:27.247Z" }, { "VulnerabilityID": "CVE-2024-12747", "PkgID": "rsync@3.1.3-8ubuntu0.5", "PkgName": "rsync", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/rsync@3.1.3-8ubuntu0.5?arch=amd64\u0026distro=ubuntu-20.04", "UID": "9f4dd363bd033b68" }, "InstalledVersion": "3.1.3-8ubuntu0.5", "FixedVersion": "3.1.3-8ubuntu0.8", "Status": "fixed", "Layer": { "Digest": "sha256:7d98acc143e640fde58cebdb37d1f81d818e2a130ce317f3bcc97c95600d4ec9", "DiffID": "sha256:67d186d52c08ca1eb954f9412c336725fb90e30677be47e50acc05cf90cca41d" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-12747", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:d474ba9aec1fd9fa7a30fb58023d7271df57b174348b7b46b4347024e07e5c7a", "Title": "rsync: Race Condition in rsync Handling Symbolic Links", "Description": "A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "V3Score": 5.6 } }, "References": [ "https://access.redhat.com/errata/RHBA-2025:6470", "https://access.redhat.com/errata/RHSA-2025:2600", "https://access.redhat.com/errata/RHSA-2025:7050", "https://access.redhat.com/errata/RHSA-2025:8385", "https://access.redhat.com/security/cve/CVE-2024-12747", "https://bugzilla.redhat.com/2330672", "https://bugzilla.redhat.com/2330676", "https://bugzilla.redhat.com/2332968", "https://bugzilla.redhat.com/show_bug.cgi?id=2330672", "https://bugzilla.redhat.com/show_bug.cgi?id=2330676", "https://bugzilla.redhat.com/show_bug.cgi?id=2332968", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12087", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12088", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12747", "https://errata.almalinux.org/9/ALSA-2025-7050.html", "https://errata.rockylinux.org/RLSA-2025:7050", "https://kb.cert.org/vince/comm/case/2083/", "https://kb.cert.org/vuls/id/952657", "https://linux.oracle.com/cve/CVE-2024-12747.html", "https://linux.oracle.com/errata/ELSA-2025-7050.html", "https://lists.debian.org/debian-lts-announce/2025/01/msg00008.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-12747", "https://security.netapp.com/advisory/ntap-20250131-0002/", "https://ubuntu.com/security/notices/USN-7206-1", "https://ubuntu.com/security/notices/USN-7206-3", "https://www.cve.org/CVERecord?id=CVE-2024-12747", "https://www.kb.cert.org/vuls/id/952657" ], "PublishedDate": "2025-01-14T18:15:25.83Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2023-39804", "PkgID": "tar@1.30+dfsg-7ubuntu0.20.04.3", "PkgName": "tar", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/tar@1.30%2Bdfsg-7ubuntu0.20.04.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "9e3a2b3027b922ad" }, "InstalledVersion": "1.30+dfsg-7ubuntu0.20.04.3", "FixedVersion": "1.30+dfsg-7ubuntu0.20.04.4", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39804", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:f77174d302da2e8fbf6e8be732c14315efdc788cc572912263e2749399652450", "Title": "tar: Incorrectly handled extension attributes in PAX archives can lead to a crash", "Description": "In GNU tar before 1.35, mishandled extension attributes in a PAX archive can lead to an application crash in xheader.c.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 1, "cbl-mariner": 2, "photon": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-39804", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058079", "https://git.savannah.gnu.org/cgit/tar.git/commit/?id=a339f05cd269013fa133d2f148d73f6f7d4247e4", "https://git.savannah.gnu.org/cgit/tar.git/tree/src/xheader.c?h=release_1_34#n1723", "https://lists.debian.org/debian-lts-announce/2024/03/msg00008.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-39804", "https://ubuntu.com/security/notices/USN-6543-1", "https://www.cve.org/CVERecord?id=CVE-2023-39804" ], "PublishedDate": "2024-03-27T04:15:08.897Z", "LastModifiedDate": "2025-11-04T19:15:55.43Z" }, { "VulnerabilityID": "CVE-2024-28085", "PkgID": "util-linux@2.34-0.1ubuntu9.3", "PkgName": "util-linux", "PkgIdentifier": { "PURL": "pkg:deb/ubuntu/util-linux@2.34-0.1ubuntu9.3?arch=amd64\u0026distro=ubuntu-20.04", "UID": "7e27c675dec861ed" }, "InstalledVersion": "2.34-0.1ubuntu9.3", "FixedVersion": "2.34-0.1ubuntu9.6", "Status": "fixed", "Layer": { "Digest": "sha256:99803d4b97f3db529ae9ca4174b0951afac6b309e7deaa8ec3214c584e02b3a8", "DiffID": "sha256:6f37ca73c74f2cef0ddefd960260f2033c16c84583c5507a4f37b1cf7631dc20" }, "SeveritySource": "ubuntu", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-28085", "DataSource": { "ID": "ubuntu", "Name": "Ubuntu CVE Tracker", "URL": "https://git.launchpad.net/ubuntu-cve-tracker" }, "Fingerprint": "sha256:04d44a51ed719412d0116319893d8420281b00a6054cca1ccc7df684a5dfe2d5", "Title": "util-linux: CVE-2024-28085: wall: escape sequence injection", "Description": "wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.", "Severity": "MEDIUM", "CweIDs": [ "CWE-150" ], "VendorSeverity": { "azure": 1, "cbl-mariner": 1, "photon": 1, "redhat": 1, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.4 } }, "References": [ "http://seclists.org/fulldisclosure/2024/Mar/35", "http://www.openwall.com/lists/oss-security/2024/03/27/5", "http://www.openwall.com/lists/oss-security/2024/03/27/6", "http://www.openwall.com/lists/oss-security/2024/03/27/7", "http://www.openwall.com/lists/oss-security/2024/03/27/8", "http://www.openwall.com/lists/oss-security/2024/03/27/9", "http://www.openwall.com/lists/oss-security/2024/03/28/1", "http://www.openwall.com/lists/oss-security/2024/03/28/2", "http://www.openwall.com/lists/oss-security/2024/03/28/3", "https://access.redhat.com/security/cve/CVE-2024-28085", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-202008.html", "https://github.com/skyler-ferrante/CVE-2024-28085", "https://github.com/util-linux/util-linux/security/advisories/GHSA-xv2h-c6ww-mrjq", "https://lists.debian.org/debian-lts-announce/2024/04/msg00005.html", "https://mirrors.edge.kernel.org/pub/linux/utils/util-linux/", "https://nvd.nist.gov/vuln/detail/CVE-2024-28085", "https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt", "https://security.netapp.com/advisory/ntap-20240531-0003/", "https://ubuntu.com/security/notices/USN-6719-1", "https://ubuntu.com/security/notices/USN-6719-2", "https://www.cve.org/CVERecord?id=CVE-2024-28085", "https://www.openwall.com/lists/oss-security/2024/03/27/5" ], "PublishedDate": "2024-03-27T19:15:48.367Z", "LastModifiedDate": "2026-05-12T12:16:33.7Z" } ] }, { "Target": "usr/local/bin/gosu", "Class": "lang-pkgs", "Type": "gobinary", "Packages": [ { "ID": "github.com/tianon/gosu", "Name": "github.com/tianon/gosu", "Identifier": { "PURL": "pkg:golang/github.com/tianon/gosu", "UID": "f8be0ac9ee9f0640" }, "Relationship": "root", "DependsOn": [ "github.com/opencontainers/runc@v1.0.1", "golang.org/x/sys@v0.0.0-20210817142637-7d9622a276b7", "stdlib@v1.16.7" ], "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "AnalyzedBy": "gobinary" }, { "ID": "stdlib@v1.16.7", "Name": "stdlib", "Identifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "Version": "v1.16.7", "Relationship": "direct", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/opencontainers/runc@v1.0.1", "Name": "github.com/opencontainers/runc", "Identifier": { "PURL": "pkg:golang/github.com/opencontainers/runc@v1.0.1", "UID": "393c951d0b8eb33d" }, "Version": "v1.0.1", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/sys@v0.0.0-20210817142637-7d9622a276b7", "Name": "golang.org/x/sys", "Identifier": { "PURL": "pkg:golang/golang.org/x/sys@v0.0.0-20210817142637-7d9622a276b7", "UID": "9f8e6d3b2db2ec49" }, "Version": "v0.0.0-20210817142637-7d9622a276b7", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "AnalyzedBy": "gobinary" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2023-27561", "VendorIDs": [ "GHSA-vpvm-3wq2-2wvm" ], "PkgID": "github.com/opencontainers/runc@v1.0.1", "PkgName": "github.com/opencontainers/runc", "PkgIdentifier": { "PURL": "pkg:golang/github.com/opencontainers/runc@v1.0.1", "UID": "393c951d0b8eb33d" }, "InstalledVersion": "v1.0.1", "FixedVersion": "1.1.5", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-27561", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:6803b92b4954fcff324a846c6596339a7f6eec534d769c2ea6d16ddae676df64", "Title": "runc: volume mount race condition (regression of CVE-2019-19921)", "Description": "runc through 1.1.4 has Incorrect Access Control leading to Escalation of Privileges, related to libcontainer/rootfs_linux.go. To exploit this, an attacker must be able to spawn two containers with custom volume-mount configurations, and be able to run custom images. NOTE: this issue exists because of a CVE-2019-19921 regression.", "Severity": "HIGH", "CweIDs": [ "CWE-706" ], "VendorSeverity": { "alma": 2, "amazon": 3, "cbl-mariner": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6380", "https://access.redhat.com/security/cve/CVE-2023-27561", "https://bugzilla.redhat.com/2029439", "https://bugzilla.redhat.com/2175721", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2182883", "https://bugzilla.redhat.com/2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6380.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://gist.github.com/LiveOverflow/c937820b688922eb127fb760ce06dab9", "https://github.com/opencontainers/runc", "https://github.com/opencontainers/runc/issues/2197#issuecomment-1437617334", "https://github.com/opencontainers/runc/issues/3751", "https://github.com/opencontainers/runc/pull/3785", "https://github.com/opencontainers/runc/releases/tag/v1.1.5", "https://linux.oracle.com/cve/CVE-2023-27561.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANUGDBJ7NBUMSUFZUSKU3ZMQYZ2Z3STN", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DHGVGGMKGZSJ7YO67TGGPFEHBYMS63VF", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNB2UEDIIJCRQW4WJLZOPQJZXCVSXMLD", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FYVE3GB4OG3BNT5DLQHYO4M5SXX33AQ5", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I6BF24VCZRFTYBTT3T7HDZUOTKOTNPLZ", "https://nvd.nist.gov/vuln/detail/CVE-2023-27561", "https://security.netapp.com/advisory/ntap-20241206-0004", "https://security.netapp.com/advisory/ntap-20241206-0004/", "https://ubuntu.com/security/notices/USN-6088-1", "https://ubuntu.com/security/notices/USN-6088-2", "https://www.cve.org/CVERecord?id=CVE-2023-27561" ], "PublishedDate": "2023-03-03T19:15:11.33Z", "LastModifiedDate": "2024-12-06T14:15:19.037Z" }, { "VulnerabilityID": "CVE-2024-21626", "VendorIDs": [ "GHSA-xr7r-f8xq-vfvv" ], "PkgID": "github.com/opencontainers/runc@v1.0.1", "PkgName": "github.com/opencontainers/runc", "PkgIdentifier": { "PURL": "pkg:golang/github.com/opencontainers/runc@v1.0.1", "UID": "393c951d0b8eb33d" }, "InstalledVersion": "v1.0.1", "FixedVersion": "1.1.12", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-21626", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:c25ce5d902cd400e0e1e8612784e5451080a86de1b3e2892fa915e277c48937f", "Title": "runc: file descriptor leak", "Description": "runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem (\"attack 2\"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run (\"attack 1\"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes (\"attack 3a\" and \"attack 3b\"). runc 1.1.12 includes patches for this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-403", "CWE-668" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "V3Score": 8.6 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "V3Score": 8.6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", "V3Score": 8.6 } }, "References": [ "http://packetstormsecurity.com/files/176993/runc-1.1.11-File-Descriptor-Leak-Privilege-Escalation.html", "http://www.openwall.com/lists/oss-security/2024/02/01/1", "http://www.openwall.com/lists/oss-security/2024/02/02/3", "https://access.redhat.com/errata/RHSA-2024:0670", "https://access.redhat.com/security/cve/CVE-2024-21626", "https://bugzilla.redhat.com/2258725", "https://bugzilla.redhat.com/show_bug.cgi?id=2258725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21626", "https://errata.almalinux.org/9/ALSA-2024-0670.html", "https://errata.rockylinux.org/RLSA-2024:0752", "https://github.com/opencontainers/runc", "https://github.com/opencontainers/runc/commit/02120488a4c0fc487d1ed2867e901eeed7ce8ecf", "https://github.com/opencontainers/runc/releases/tag/v1.1.12", "https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv", "https://linux.oracle.com/cve/CVE-2024-21626.html", "https://linux.oracle.com/errata/ELSA-2024-17931.html", "https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NLXNE23Q5ESQUAI22Z7A63JX2WMPJ2J", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NLXNE23Q5ESQUAI22Z7A63JX2WMPJ2J/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SYMO3BANINS6RGFQFKPRG4FIOJ7GWYTL", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SYMO3BANINS6RGFQFKPRG4FIOJ7GWYTL/", "https://nvd.nist.gov/vuln/detail/CVE-2024-21626", "https://ubuntu.com/security/notices/USN-6619-1", "https://www.cve.org/CVERecord?id=CVE-2024-21626", "https://www.vicarius.io/vsociety/posts/leaky-vessels-part-1-cve-2024-21626" ], "PublishedDate": "2024-01-31T22:15:53.78Z", "LastModifiedDate": "2024-11-21T08:54:45.18Z" }, { "VulnerabilityID": "CVE-2025-31133", "VendorIDs": [ "GHSA-9493-h29p-rfm2" ], "PkgID": "github.com/opencontainers/runc@v1.0.1", "PkgName": "github.com/opencontainers/runc", "PkgIdentifier": { "PURL": "pkg:golang/github.com/opencontainers/runc@v1.0.1", "UID": "393c951d0b8eb33d" }, "InstalledVersion": "v1.0.1", "FixedVersion": "1.2.8, 1.3.3, 1.4.0-rc.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-31133", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:13665e3c39489164fa3631f04801910a84728adfd0322b4726c0fe6cd7302163", "Title": "runc: container escape via 'masked path' abuse due to mount race conditions", "Description": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7 and below, 1.3.0-rc.1 through 1.3.1, 1.4.0-rc.1 and 1.4.0-rc.2 files, runc would not perform sufficient verification that the source of the bind-mount (i.e., the container's /dev/null) was actually a real /dev/null inode when using the container's /dev/null to mask. This exposes two methods of attack: an arbitrary mount gadget, leading to host information disclosure, host denial of service, container escape, or a bypassing of maskedPaths. This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.", "Severity": "HIGH", "CweIDs": [ "CWE-61", "CWE-363" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "V40Score": 7.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "V3Score": 8.2 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:20957", "https://access.redhat.com/security/cve/CVE-2025-31133", "https://bugzilla.redhat.com/2404705", "https://bugzilla.redhat.com/2404708", "https://bugzilla.redhat.com/2404715", "https://bugzilla.redhat.com/show_bug.cgi?id=2404705", "https://bugzilla.redhat.com/show_bug.cgi?id=2404708", "https://bugzilla.redhat.com/show_bug.cgi?id=2404715", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31133", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52565", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52881", "https://errata.almalinux.org/9/ALSA-2025-20957.html", "https://errata.rockylinux.org/RLSA-2025:20957", "https://github.com/opencontainers/runc", "https://github.com/opencontainers/runc/commit/1a30a8f3d921acbbb6a4bb7e99da2c05f8d48522", "https://github.com/opencontainers/runc/commit/5d7b2424072449872d1cd0c937f2ca25f418eb66", "https://github.com/opencontainers/runc/commit/8476df83b534a2522b878c0507b3491def48db9f", "https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64", "https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2", "https://linux.oracle.com/cve/CVE-2025-31133.html", "https://linux.oracle.com/errata/ELSA-2025-21232.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-31133", "https://ubuntu.com/security/notices/USN-7851-1", "https://www.cve.org/CVERecord?id=CVE-2025-31133" ], "PublishedDate": "2025-11-06T19:15:41.343Z", "LastModifiedDate": "2025-12-03T18:30:15.43Z" }, { "VulnerabilityID": "CVE-2025-52565", "VendorIDs": [ "GHSA-qw9x-cqr3-wc7r" ], "PkgID": "github.com/opencontainers/runc@v1.0.1", "PkgName": "github.com/opencontainers/runc", "PkgIdentifier": { "PURL": "pkg:golang/github.com/opencontainers/runc@v1.0.1", "UID": "393c951d0b8eb33d" }, "InstalledVersion": "v1.0.1", "FixedVersion": "1.2.8, 1.3.3, 1.4.0-rc.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-52565", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:9bf5ac549932065f84ac95fb64379b2b2ecf56ce45a1c21b9abdd74427ab4cf8", "Title": "runc: container escape with malicious config due to /dev/console mount and related races", "Description": "runc is a CLI tool for spawning and running containers according to the OCI specification. Versions 1.0.0-rc3 through 1.2.7, 1.3.0-rc.1 through 1.3.2, and 1.4.0-rc.1 through 1.4.0-rc.2, due to insufficient checks when bind-mounting `/dev/pts/$n` to `/dev/console` inside the container, an attacker can trick runc into bind-mounting paths which would normally be made read-only or be masked onto a path that the attacker can write to. This attack is very similar in concept and application to CVE-2025-31133, except that it attacks a similar vulnerability in a different target (namely, the bind-mount of `/dev/pts/$n` to `/dev/console` as configured for all containers that allocate a console). This happens after `pivot_root(2)`, so this cannot be used to write to host files directly -- however, as with CVE-2025-31133, this can load to denial of service of the host or a container breakout by providing the attacker with a writable copy of `/proc/sysrq-trigger` or `/proc/sys/kernel/core_pattern` (respectively). This issue is fixed in versions 1.2.8, 1.3.3 and 1.4.0-rc.3.", "Severity": "HIGH", "CweIDs": [ "CWE-61", "CWE-363" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "V40Score": 7.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "V3Score": 8.2 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:20957", "https://access.redhat.com/security/cve/CVE-2025-52565", "https://bugzilla.redhat.com/2404705", "https://bugzilla.redhat.com/2404708", "https://bugzilla.redhat.com/2404715", "https://bugzilla.redhat.com/show_bug.cgi?id=2404705", "https://bugzilla.redhat.com/show_bug.cgi?id=2404708", "https://bugzilla.redhat.com/show_bug.cgi?id=2404715", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-31133", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52565", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52881", "https://errata.almalinux.org/9/ALSA-2025-20957.html", "https://errata.rockylinux.org/RLSA-2025:20957", "https://github.com/opencontainers/runc", "https://github.com/opencontainers/runc/commit/01de9d65dc72f67b256ef03f9bfb795a2bf143b4", "https://github.com/opencontainers/runc/commit/398955bccb7f20565c224a3064d331c19e422398", "https://github.com/opencontainers/runc/commit/531ef794e4ecd628006a865ad334a048ee2b4b2e", "https://github.com/opencontainers/runc/commit/9be1dbf4ac67d9840a043ebd2df5c68f36705d1d", "https://github.com/opencontainers/runc/commit/aee7d3fe355dd02939d44155e308ea0052e0d53a", "https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64", "https://github.com/opencontainers/runc/commit/de87203e625cd7a27141fb5f2ad00a320c69c5e8", "https://github.com/opencontainers/runc/commit/ff94f9991bd32076c871ef0ad8bc1b763458e480", "https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r", "https://linux.oracle.com/cve/CVE-2025-52565.html", "https://linux.oracle.com/errata/ELSA-2025-21232.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-52565", "https://ubuntu.com/security/notices/USN-7851-1", "https://www.cve.org/CVERecord?id=CVE-2025-52565" ], "PublishedDate": "2025-11-06T20:15:49.24Z", "LastModifiedDate": "2025-12-03T18:33:33.357Z" }, { "VulnerabilityID": "CVE-2025-52881", "VendorIDs": [ "GHSA-cgrx-mc8f-2prm" ], "PkgID": "github.com/opencontainers/runc@v1.0.1", "PkgName": "github.com/opencontainers/runc", "PkgIdentifier": { "PURL": "pkg:golang/github.com/opencontainers/runc@v1.0.1", "UID": "393c951d0b8eb33d" }, "InstalledVersion": "v1.0.1", "FixedVersion": "1.2.8, 1.3.3, 1.4.0-rc.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-52881", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:251926c142387b6deacfca4536b5807557c1cec0bc296211e140b48524ebfc11", "Title": "runc: opencontainers/selinux: container escape and denial of service due to arbitrary write gadgets and procfs write redirects", "Description": "runc is a CLI tool for spawning and running containers according to the OCI specification. In versions 1.2.7, 1.3.2 and 1.4.0-rc.2, an attacker can trick runc into misdirecting writes to /proc to other procfs files through the use of a racing container with shared mounts (we have also verified this attack is possible to exploit using a standard Dockerfile with docker buildx build as that also permits triggering parallel execution of containers with custom shared mounts configured). This redirect could be through symbolic links in a tmpfs or theoretically other methods such as regular bind-mounts. While similar, the mitigation applied for the related CVE, CVE-2019-19921, was fairly limited and effectively only caused runc to verify that when LSM labels are written they are actually procfs files. This issue is fixed in versions 1.2.8, 1.3.3, and 1.4.0-rc.3.", "Severity": "HIGH", "CweIDs": [ "CWE-61", "CWE-363" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "cbl-mariner": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "V40Score": 7.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "V3Score": 8.2 } }, "References": [ "http://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322", "http://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3", "https://access.redhat.com/errata/RHSA-2025:22011", "https://access.redhat.com/security/cve/CVE-2025-52881", "https://bugzilla.redhat.com/2404715", "https://bugzilla.redhat.com/2407258", "https://bugzilla.redhat.com/show_bug.cgi?id=2404715", "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-52881", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", "https://errata.almalinux.org/9/ALSA-2025-22011.html", "https://errata.rockylinux.org/RLSA-2025:22011", "https://github.com/opencontainers/runc", "https://github.com/opencontainers/runc/blob/v1.4.0-rc.2/RELEASES.md", "https://github.com/opencontainers/runc/commit/3f925525b44d247e390e529e772a0dc0c0bc3557", "https://github.com/opencontainers/runc/commit/435cc81be6b79cdec73b4002c0dae549b2f6ae6d", "https://github.com/opencontainers/runc/commit/44a0fcf685db051c80b8c269812bb177f5802c58", "https://github.com/opencontainers/runc/commit/4b37cd93f86e72feac866442988b549b5b7bf3e6", "https://github.com/opencontainers/runc/commit/6fc191449109ea14bb7d61238f24a33fe08c651f", "https://github.com/opencontainers/runc/commit/77889b56db939c323d29d1130f28f9aea2edb544", "https://github.com/opencontainers/runc/commit/77d217c7c3775d8ca5af89e477e81568ef4572db", "https://github.com/opencontainers/runc/commit/a41366e74080fa9f26a2cd3544e2801449697322", "https://github.com/opencontainers/runc/commit/b3dd1bc562ed9996d1a0f249e056c16624046d28", "https://github.com/opencontainers/runc/commit/d40b3439a9614a86e87b81a94c6811ec6fa2d7d2", "https://github.com/opencontainers/runc/commit/d61fd29d854b416feaaf128bf650325cd2182165", "https://github.com/opencontainers/runc/commit/db19bbed5348847da433faa9d69e9f90192bfa64", "https://github.com/opencontainers/runc/commit/ed6b1693b8b3ae7eb0250a7e76fc888cdacf98c1", "https://github.com/opencontainers/runc/commit/fdcc9d3cad2f85954a241ccb910a61aaa1ef47f3", "https://github.com/opencontainers/runc/commit/ff6fe1324663538167eca8b3d3eec61e1bd4fa51", "https://github.com/opencontainers/runc/commit/ff94f9991bd32076c871ef0ad8bc1b763458e480", "https://github.com/opencontainers/runc/security/advisories/GHSA-9493-h29p-rfm2", "https://github.com/opencontainers/runc/security/advisories/GHSA-cgrx-mc8f-2prm", "https://github.com/opencontainers/runc/security/advisories/GHSA-fh74-hm69-rqjw", "https://github.com/opencontainers/runc/security/advisories/GHSA-qw9x-cqr3-wc7r", "https://github.com/opencontainers/selinux/pull/237", "https://github.com/opencontainers/selinux/releases/tag/v1.13.0", "https://linux.oracle.com/cve/CVE-2025-52881.html", "https://linux.oracle.com/errata/ELSA-2025-23543.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-52881", "https://pkg.go.dev/github.com/cyphar/filepath-securejoin/pathrs-lite/procfs", "https://ubuntu.com/security/notices/USN-7851-1", "https://www.cve.org/CVERecord?id=CVE-2025-52881", "https://youtu.be/tGseJW_uBB8", "https://youtu.be/y1PaBzxwRWQ" ], "PublishedDate": "2025-11-06T21:15:42.817Z", "LastModifiedDate": "2025-12-03T18:37:17.917Z" }, { "VulnerabilityID": "CVE-2021-43784", "VendorIDs": [ "GHSA-v95c-p5hm-xq8f" ], "PkgID": "github.com/opencontainers/runc@v1.0.1", "PkgName": "github.com/opencontainers/runc", "PkgIdentifier": { "PURL": "pkg:golang/github.com/opencontainers/runc@v1.0.1", "UID": "393c951d0b8eb33d" }, "InstalledVersion": "v1.0.1", "FixedVersion": "1.0.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-43784", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:ce6650dbfa114abae5db2c90134ba032100d7765e550d12747025a7def687277", "Title": "runc: integer overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration", "Description": "runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization system for specifying the relevant container configuration to the `C` portion of the code (responsible for the based namespace setup of containers). In all versions of runc prior to 1.0.3, the encoder did not handle the possibility of an integer overflow in the 16-bit length field for the byte array attribute type, meaning that a large enough malicious byte array attribute could result in the length overflowing and the attribute contents being parsed as netlink messages for container configuration. This vulnerability requires the attacker to have some control over the configuration of the container and would allow the attacker to bypass the namespace restrictions of the container by simply adding their own netlink payload which disables all namespaces. The main users impacted are those who allow untrusted images with untrusted configurations to run on their machines (such as with shared cloud infrastructure). runc version 1.0.3 contains a fix for this bug. As a workaround, one may try disallowing untrusted namespace paths from your container. It should be noted that untrusted namespace paths would allow the attacker to disable namespace protections entirely even in the absence of this bug.", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "alma": 2, "cbl-mariner": 2, "ghsa": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L", "V3Score": 6 }, "nvd": { "V2Vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "V2Score": 6, "V3Score": 5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6380", "https://access.redhat.com/security/cve/CVE-2021-43784", "https://bugs.chromium.org/p/project-zero/issues/detail?id=2241", "https://bugzilla.redhat.com/2029439", "https://bugzilla.redhat.com/2175721", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2182883", "https://bugzilla.redhat.com/2182884", "https://errata.almalinux.org/9/ALSA-2023-6380.html", "https://github.com/opencontainers/runc", "https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554", "https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae", "https://github.com/opencontainers/runc/commit/dde509df4e28cec33b3c99c6cda3d4fd5beafc77", "https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed", "https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f", "https://linux.oracle.com/cve/CVE-2021-43784.html", "https://linux.oracle.com/errata/ELSA-2023-6380.html", "https://lists.debian.org/debian-lts-announce/2021/12/msg00005.html", "https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-43784", "https://pkg.go.dev/vuln/GO-2022-0274", "https://ubuntu.com/security/notices/USN-6088-2", "https://www.cve.org/CVERecord?id=CVE-2021-43784", "https://www.openwall.com/lists/oss-security/2021/12/06/1" ], "PublishedDate": "2021-12-06T18:15:08.24Z", "LastModifiedDate": "2024-11-21T06:29:46.873Z" }, { "VulnerabilityID": "CVE-2022-29162", "VendorIDs": [ "GHSA-f3fp-gc8g-vw66" ], "PkgID": "github.com/opencontainers/runc@v1.0.1", "PkgName": "github.com/opencontainers/runc", "PkgIdentifier": { "PURL": "pkg:golang/github.com/opencontainers/runc@v1.0.1", "UID": "393c951d0b8eb33d" }, "InstalledVersion": "v1.0.1", "FixedVersion": "1.1.2", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-29162", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:cfba7434a916e00b5f196ad3952fed146bd82230b5ad485f6966013113393fe7", "Title": "runc: incorrect handling of inheritable capabilities", "Description": "runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. A bug was found in runc prior to version 1.1.2 where `runc exec --cap` created processes with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during execve(2). This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in runc 1.1.2. This fix changes `runc exec --cap` behavior such that the additional capabilities granted to the process being executed (as specified via `--cap` arguments) do not include inheritable capabilities. In addition, `runc spec` is changed to not set any inheritable capabilities in the created example OCI spec (`config.json`) file.", "Severity": "MEDIUM", "CweIDs": [ "CWE-276" ], "VendorSeverity": { "alma": 1, "amazon": 1, "cbl-mariner": 3, "ghsa": 2, "nvd": 3, "oracle-oval": 1, "photon": 3, "redhat": 1, "rocky": 1, "ubuntu": 1 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.9 }, "nvd": { "V2Vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V2Score": 4.6, "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.6 } }, "References": [ "github.com/opencontainers/runc", "https://access.redhat.com/errata/RHSA-2022:8090", "https://access.redhat.com/security/cve/CVE-2022-29162", "https://bugzilla.redhat.com/2086398", "https://bugzilla.redhat.com/show_bug.cgi?id=2086398", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29162", "https://errata.almalinux.org/9/ALSA-2022-8090.html", "https://errata.rockylinux.org/RLSA-2022:8090", "https://github.com/opencontainers/runc/commit/98fe566c527479195ce3c8167136d2a555fe6b65", "https://github.com/opencontainers/runc/commit/d04de3a9b72d7a2455c1885fc75eb36d02cd17b5", "https://github.com/opencontainers/runc/releases/tag/v1.1.2", "https://github.com/opencontainers/runc/security/advisories/GHSA-f3fp-gc8g-vw66", "https://linux.oracle.com/cve/CVE-2022-29162.html", "https://linux.oracle.com/errata/ELSA-2022-8090.html", "https://lists.debian.org/debian-lts-announce/2023/03/msg00023.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AVPZBV7ISA7QKRPTC7ZXWKMIQI2HZEBB/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/D77CKD3AXPMU4PMQIQI5Q74SI4JATNND/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GPQU4YC4AAY54JDXGDQHJEYKSXXG5T2Y/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVPZBV7ISA7QKRPTC7ZXWKMIQI2HZEBB", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D77CKD3AXPMU4PMQIQI5Q74SI4JATNND", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GPQU4YC4AAY54JDXGDQHJEYKSXXG5T2Y", "https://nvd.nist.gov/vuln/detail/CVE-2022-29162", "https://ubuntu.com/security/notices/USN-6088-2", "https://www.cve.org/CVERecord?id=CVE-2022-29162", "https://www.openwall.com/lists/oss-security/2022/05/12/1" ], "PublishedDate": "2022-05-17T21:15:08.32Z", "LastModifiedDate": "2024-11-21T06:58:36.893Z" }, { "VulnerabilityID": "CVE-2023-28642", "VendorIDs": [ "GHSA-g2j6-57v7-gm8c" ], "PkgID": "github.com/opencontainers/runc@v1.0.1", "PkgName": "github.com/opencontainers/runc", "PkgIdentifier": { "PURL": "pkg:golang/github.com/opencontainers/runc@v1.0.1", "UID": "393c951d0b8eb33d" }, "InstalledVersion": "v1.0.1", "FixedVersion": "1.1.5", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-28642", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:baeba50ed00bccb64eeb21147c04cd162d5df57787d2e22415bbefd1dd60fe57", "Title": "runc: AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration", "Description": "runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image.\n\n", "Severity": "MEDIUM", "CweIDs": [ "CWE-281", "CWE-59" ], "VendorSeverity": { "alma": 2, "amazon": 3, "cbl-mariner": 3, "ghsa": 2, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "V3Score": 6.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6380", "https://access.redhat.com/security/cve/CVE-2023-28642", "https://bugzilla.redhat.com/2029439", "https://bugzilla.redhat.com/2175721", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2182883", "https://bugzilla.redhat.com/2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6380.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://github.com/advisories/GHSA-g2j6-57v7-gm8c", "https://github.com/opencontainers/runc", "https://github.com/opencontainers/runc/pull/3785", "https://github.com/opencontainers/runc/security/advisories/GHSA-g2j6-57v7-gm8c", "https://linux.oracle.com/cve/CVE-2023-28642.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-28642", "https://security.netapp.com/advisory/ntap-20241206-0005", "https://security.netapp.com/advisory/ntap-20241206-0005/", "https://ubuntu.com/security/notices/USN-6088-1", "https://ubuntu.com/security/notices/USN-6088-2", "https://www.cve.org/CVERecord?id=CVE-2023-28642" ], "PublishedDate": "2023-03-29T19:15:22.397Z", "LastModifiedDate": "2024-12-06T14:15:19.25Z" }, { "VulnerabilityID": "CVE-2024-45310", "VendorIDs": [ "GHSA-jfvp-7x6p-h2pv" ], "PkgID": "github.com/opencontainers/runc@v1.0.1", "PkgName": "github.com/opencontainers/runc", "PkgIdentifier": { "PURL": "pkg:golang/github.com/opencontainers/runc@v1.0.1", "UID": "393c951d0b8eb33d" }, "InstalledVersion": "v1.0.1", "FixedVersion": "1.1.14, 1.2.0-rc.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-45310", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:05aef3760112253d5b156ed1f3879105aad792c9f20daa3384b68b553898fc69", "Title": "runc: runc can be tricked into creating empty files/directories on host", "Description": "runc is a CLI tool for spawning and running containers according to the OCI specification. runc 1.1.13 and earlier, as well as 1.2.0-rc2 and earlier, can be tricked into creating empty files or directories in arbitrary locations in the host filesystem by sharing a volume between two containers and exploiting a race with `os.MkdirAll`. While this could be used to create empty files, existing files would not be truncated. An attacker must have the ability to start containers using some kind of custom volume configuration. Containers using user namespaces are still affected, but the scope of places an attacker can create inodes can be significantly reduced. Sufficiently strict LSM policies (SELinux/Apparmor) can also in principle block this attack -- we suspect the industry standard SELinux policy may restrict this attack's scope but the exact scope of protection hasn't been analysed. This is exploitable using runc directly as well as through Docker and Kubernetes. The issue is fixed in runc v1.1.14 and v1.2.0-rc3.\n\nSome workarounds are available. Using user namespaces restricts this attack fairly significantly such that the attacker can only create inodes in directories that the remapped root user/group has write access to. Unless the root user is remapped to an actual\nuser on the host (such as with rootless containers that don't use `/etc/sub[ug]id`), this in practice means that an attacker would only be able to create inodes in world-writable directories. A strict enough SELinux or AppArmor policy could in principle also restrict the scope if a specific label is applied to the runc runtime, though neither the extent to which the standard existing policies block this attack nor what exact policies are needed to sufficiently restrict this attack have been thoroughly tested.", "Severity": "MEDIUM", "CweIDs": [ "CWE-61", "CWE-363" ], "VendorSeverity": { "amazon": 1, "azure": 1, "cbl-mariner": 1, "ghsa": 2, "nvd": 1, "photon": 1, "redhat": 1, "ubuntu": 1 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/U:Green", "V3Score": 3.6, "V40Score": 4.8 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", "V3Score": 3.6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", "V3Score": 3.6 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/09/03/1", "https://access.redhat.com/security/cve/CVE-2024-45310", "https://github.com/opencontainers/runc", "https://github.com/opencontainers/runc/commit/63c2908164f3a1daea455bf5bcd8d363d70328c7", "https://github.com/opencontainers/runc/commit/8781993968fd964ac723ff5f360b6f259e809a3e", "https://github.com/opencontainers/runc/commit/f0b652ea61ff6750a8fcc69865d45a7abf37accf", "https://github.com/opencontainers/runc/pull/4359", "https://github.com/opencontainers/runc/security/advisories/GHSA-jfvp-7x6p-h2pv", "https://nvd.nist.gov/vuln/detail/CVE-2024-45310", "https://security.netapp.com/advisory/ntap-20250221-0008", "https://security.netapp.com/advisory/ntap-20250221-0008/", "https://www.cve.org/CVERecord?id=CVE-2024-45310", "https://www.openwall.com/lists/oss-security/2024/09/03/1" ], "PublishedDate": "2024-09-03T19:15:15.243Z", "LastModifiedDate": "2025-11-25T14:07:27.74Z" }, { "VulnerabilityID": "CVE-2022-29526", "VendorIDs": [ "GHSA-p782-xgp4-8hr8" ], "PkgID": "golang.org/x/sys@v0.0.0-20210817142637-7d9622a276b7", "PkgName": "golang.org/x/sys", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/sys@v0.0.0-20210817142637-7d9622a276b7", "UID": "9f8e6d3b2db2ec49" }, "InstalledVersion": "v0.0.0-20210817142637-7d9622a276b7", "FixedVersion": "0.0.0-20220412211240-33da011f77ad", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-29526", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:7077e32ac241117b3be3937a652d44c8dbce7d5c7d6e69a4862ac48590d170fe", "Title": "golang: syscall: faccessat checks wrong group", "Description": "Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.", "Severity": "MEDIUM", "CweIDs": [ "CWE-269" ], "VendorSeverity": { "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "ghsa": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V2Score": 5, "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-29526", "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1962", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24675", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24921", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28131", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28327", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29526", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30629", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30633", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", "https://errata.rockylinux.org/RLSA-2022:5799", "https://github.com/golang/go", "https://github.com/golang/go/commit/f66925e854e71e0c54b581885380a490d7afa30c", "https://github.com/golang/go/issues/52313", "https://go.dev/cl/399539", "https://go.dev/cl/400074", "https://go.dev/issue/52313", "https://groups.google.com/g/golang-announce", "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU", "https://linux.oracle.com/cve/CVE-2022-29526.html", "https://linux.oracle.com/errata/ELSA-2022-5337.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6GE5EQGE4L2KRVGW4T75QVIYAXCLO5X/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q6GE5EQGE4L2KRVGW4T75QVIYAXCLO5X", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR", "https://nvd.nist.gov/vuln/detail/CVE-2022-29526", "https://pkg.go.dev/vuln/GO-2022-0493", "https://security.gentoo.org/glsa/202208-02", "https://security.netapp.com/advisory/ntap-20220729-0001", "https://security.netapp.com/advisory/ntap-20220729-0001/", "https://ubuntu.com/security/notices/USN-6038-1", "https://ubuntu.com/security/notices/USN-6038-2", "https://www.cve.org/CVERecord?id=CVE-2022-29526" ], "PublishedDate": "2022-06-23T17:15:12.747Z", "LastModifiedDate": "2024-11-21T06:59:15.563Z" }, { "VulnerabilityID": "CVE-2022-23806", "VendorIDs": [ "GO-2021-0319" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.16.14, 1.17.7", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-23806", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:9cbae64c748e8eed132183466377c2865dc249f54dcbac4af51ac00967729870", "Title": "golang: crypto/elliptic: IsOnCurve returns true for invalid field elements", "Description": "Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.", "Severity": "CRITICAL", "CweIDs": [ "CWE-252" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 4, "bitnami": 4, "cbl-mariner": 4, "nvd": 4, "oracle-oval": 2, "photon": 4, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "V3Score": 9.1 }, "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:P/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "V2Score": 6.4, "V3Score": 9.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38297.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39293.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41771.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41772.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23772.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23773.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23806.json", "https://access.redhat.com/security/cve/CVE-2022-23806", "https://errata.almalinux.org/8/ALSA-2022-1819.html", "https://go.dev/cl/382455", "https://go.dev/issue/50974", "https://go.googlesource.com/go/+/7f9494c277a471f6f47f4af3036285c0b1419816", "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", "https://linux.oracle.com/cve/CVE-2022-23806.html", "https://linux.oracle.com/errata/ELSA-2022-1819.html", "https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html", "https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html", "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-23806", "https://pkg.go.dev/vuln/GO-2021-0319", "https://security.gentoo.org/glsa/202208-02", "https://security.netapp.com/advisory/ntap-20220225-0006/", "https://www.cve.org/CVERecord?id=CVE-2022-23806", "https://www.oracle.com/security-alerts/cpujul2022.html" ], "PublishedDate": "2022-02-11T01:15:07.747Z", "LastModifiedDate": "2024-11-21T06:49:17.407Z" }, { "VulnerabilityID": "CVE-2023-24538", "VendorIDs": [ "GO-2023-1703" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.19.8, 1.20.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24538", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:ba13741997a8cf16d0f4e20a7dbf2704e4688620e6c0ed7ed38a3acc9aee0cb3", "Title": "golang: html/template: backticks not treated as string delimiters", "Description": "Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g. \"var a = {{.}}\"), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template.Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported, but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution.", "Severity": "CRITICAL", "CweIDs": [ "CWE-94" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 4, "bitnami": 4, "cbl-mariner": 4, "nvd": 4, "oracle-oval": 2, "photon": 4, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2023-24538", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://github.com/golang/go/commit/20374d1d759bc4e17486bde1cb9dca5be37d9e52 (go1.20.3)", "https://github.com/golang/go/commit/b1e3ecfa06b67014429a197ec5e134ce4303ad9b (go1.19.8)", "https://github.com/golang/go/issues/59234", "https://go.dev/cl/482079", "https://go.dev/issue/59234", "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", "https://linux.oracle.com/cve/CVE-2023-24538.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-24538", "https://pkg.go.dev/vuln/GO-2023-1703", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20241115-0007/", "https://ubuntu.com/security/notices/USN-6038-1", "https://ubuntu.com/security/notices/USN-6038-2", "https://ubuntu.com/security/notices/USN-6140-1", "https://ubuntu.com/security/notices/USN-7061-1", "https://www.cve.org/CVERecord?id=CVE-2023-24538" ], "PublishedDate": "2023-04-06T16:15:07.8Z", "LastModifiedDate": "2025-02-12T17:15:14.19Z" }, { "VulnerabilityID": "CVE-2023-24540", "VendorIDs": [ "GO-2023-1752" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.19.9, 1.20.4", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24540", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:d4aaf45671e59cbf1bdc0301ecea3ed227cf55fb7677fc0c815b8baa80d27d4e", "Title": "golang: html/template: improper handling of JavaScript whitespace", "Description": "Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set \"\\t\\n\\f\\r\\u0020\\u2028\\u2029\" in JavaScript contexts that also contain actions may not be properly sanitized during execution.", "Severity": "CRITICAL", "CweIDs": [ "CWE-77" ], "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 4, "cbl-mariner": 4, "nvd": 4, "oracle-oval": 2, "photon": 4, "redhat": 3, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2023-24540", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://github.com/golang/go/commit/4a28cad66655ee01c6e944271e23c33cab021765 (go1.20.4)", "https://github.com/golang/go/commit/ce7bd33345416e6d8cac901792060591cafc2797 (go1.19.9)", "https://github.com/golang/go/issues/59721", "https://go.dev/cl/491616", "https://go.dev/issue/59721", "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU", "https://linux.oracle.com/cve/CVE-2023-24540.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-24540", "https://pkg.go.dev/vuln/GO-2023-1752", "https://security.netapp.com/advisory/ntap-20241115-0008/", "https://ubuntu.com/security/notices/USN-6140-1", "https://www.cve.org/CVERecord?id=CVE-2023-24540" ], "PublishedDate": "2023-05-11T16:15:09.687Z", "LastModifiedDate": "2025-01-24T17:15:10.893Z" }, { "VulnerabilityID": "CVE-2024-24790", "VendorIDs": [ "GO-2024-2887" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.21.11, 1.22.4", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24790", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:60b31dc984c9612b6f157002820f95fb662b3614c6914369ecd1c2810aad0eb1", "Title": "golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses", "Description": "The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.", "Severity": "CRITICAL", "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 4, "cbl-mariner": 4, "nvd": 4, "oracle-oval": 2, "photon": 4, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 6.7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/06/04/1", "https://access.redhat.com/errata/RHSA-2025:7256", "https://access.redhat.com/security/cve/CVE-2024-24790", "https://bugzilla.redhat.com/2237777", "https://bugzilla.redhat.com/2237778", "https://bugzilla.redhat.com/2279814", "https://bugzilla.redhat.com/2292787", "https://bugzilla.redhat.com/2295310", "https://bugzilla.redhat.com/2315719", "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", "https://bugzilla.redhat.com/show_bug.cgi?id=2292787", "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", "https://bugzilla.redhat.com/show_bug.cgi?id=2315719", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9355", "https://errata.almalinux.org/9/ALSA-2025-7256.html", "https://errata.rockylinux.org/RLSA-2025:7256", "https://github.com/golang/go/commit/051bdf3fd12a40307606ff9381138039c5f452f0 (1.21)", "https://github.com/golang/go/commit/12d5810cdb1f73cf23d7a86462143e9463317fca (1.22)", "https://github.com/golang/go/issues/67680", "https://go.dev/cl/590316", "https://go.dev/issue/67680", "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k", "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ", "https://linux.oracle.com/cve/CVE-2024-24790.html", "https://linux.oracle.com/errata/ELSA-2025-7256.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-24790", "https://pkg.go.dev/vuln/GO-2024-2887", "https://security.netapp.com/advisory/ntap-20240905-0002/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://www.cve.org/CVERecord?id=CVE-2024-24790" ], "PublishedDate": "2024-06-05T16:15:10.56Z", "LastModifiedDate": "2024-11-21T08:59:42.813Z" }, { "VulnerabilityID": "CVE-2025-68121", "VendorIDs": [ "GO-2026-4337" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68121", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c459470ee439dc9e6152908a75cb25dfdef47c1168eee506295be62533fb1bd4", "Title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption", "Description": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.", "Severity": "CRITICAL", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 4, "cbl-mariner": 2, "nvd": 4, "oracle-oval": 3, "photon": 4, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "V3Score": 10 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "V3Score": 10 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4177", "https://access.redhat.com/security/cve/CVE-2025-68121", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-4177.html", "https://errata.rockylinux.org/RLSA-2026:4177", "https://github.com/golang/go/issues/77113", "https://go.dev/cl/737700", "https://go.dev/issue/77217", "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-68121.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-68121", "https://pkg.go.dev/vuln/GO-2026-4337", "https://www.cve.org/CVERecord?id=CVE-2025-68121" ], "PublishedDate": "2026-02-05T18:16:10.857Z", "LastModifiedDate": "2026-04-29T14:16:16.17Z" }, { "VulnerabilityID": "CVE-2021-39293", "VendorIDs": [ "GO-2022-0273" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.16.8, 1.17.1", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-39293", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:99569ae912f003f3c8086b9059682006ff5586edfbec582a405e4c98b3a27db3", "Title": "golang: archive/zip: malformed archive may cause panic or memory exhaustion (incomplete fix of CVE-2021-33196)", "Description": "In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38297.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39293.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41771.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41772.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23772.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23773.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23806.json", "https://access.redhat.com/security/cve/CVE-2021-39293", "https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf", "https://errata.almalinux.org/8/ALSA-2022-1819.html", "https://go.dev/cl/343434", "https://go.dev/issue/47801", "https://go.googlesource.com/go/+/bacbc33439b124ffd7392c91a5f5d96eca8c0c0b", "https://groups.google.com/g/golang-announce/c/dx9d7IOseHw", "https://linux.oracle.com/cve/CVE-2021-39293.html", "https://linux.oracle.com/errata/ELSA-2022-1819.html", "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-39293", "https://pkg.go.dev/vuln/GO-2022-0273", "https://security.netapp.com/advisory/ntap-20220217-0009/", "https://www.cve.org/CVERecord?id=CVE-2021-39293" ], "PublishedDate": "2022-01-24T01:15:07.92Z", "LastModifiedDate": "2024-11-21T06:19:08.18Z" }, { "VulnerabilityID": "CVE-2021-41771", "VendorIDs": [ "GO-2021-0263" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.16.10, 1.17.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-41771", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:62b6e7e510f71e5bf6592f72bcb0d5669c5c4b112e1e009d732383e996fbc9ca", "Title": "golang: debug/macho: invalid dynamic symbol table command can cause panic", "Description": "ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.", "Severity": "HIGH", "CweIDs": [ "CWE-119" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38297.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39293.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41771.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41772.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23772.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23773.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23806.json", "https://access.redhat.com/security/cve/CVE-2021-41771", "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf", "https://errata.almalinux.org/8/ALSA-2022-1819.html", "https://go.dev/cl/367075", "https://go.dev/issue/48990", "https://go.googlesource.com/go/+/61536ec03063b4951163bd09609c86d82631fa27", "https://groups.google.com/g/golang-announce/c/0fM21h43arc", "https://linux.oracle.com/cve/CVE-2021-41771.html", "https://linux.oracle.com/errata/ELSA-2022-1819.html", "https://lists.debian.org/debian-lts-announce/2022/01/msg00016.html", "https://lists.debian.org/debian-lts-announce/2022/01/msg00017.html", "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OFS3M3OFB24SWPTIAPARKGPUMQVUY6Z/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ON7BQRRJZBOR5TJHURBAB3WLF4YXFC6Z/", "https://nvd.nist.gov/vuln/detail/CVE-2021-41771", "https://pkg.go.dev/vuln/GO-2021-0263", "https://security.gentoo.org/glsa/202208-02", "https://security.netapp.com/advisory/ntap-20211210-0003/", "https://www.cve.org/CVERecord?id=CVE-2021-41771", "https://www.oracle.com/security-alerts/cpujul2022.html" ], "PublishedDate": "2021-11-08T06:15:08.057Z", "LastModifiedDate": "2024-11-21T06:26:44.027Z" }, { "VulnerabilityID": "CVE-2021-41772", "VendorIDs": [ "GO-2021-0264" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.16.10, 1.17.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-41772", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3825f9aae9819a3f9386596ac617c1878dc1ede5412bdbf94b63705ac13e35be", "Title": "golang: archive/zip: Reader.Open panics on empty string", "Description": "Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field.", "Severity": "HIGH", "CweIDs": [ "CWE-20" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38297.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39293.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41771.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41772.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23772.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23773.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23806.json", "https://access.redhat.com/security/cve/CVE-2021-41772", "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf", "https://errata.almalinux.org/8/ALSA-2022-1819.html", "https://go.dev/cl/349770", "https://go.dev/issue/48085", "https://go.googlesource.com/go/+/b24687394b55a93449e2be4e6892ead58ea9a10f", "https://groups.google.com/g/golang-announce/c/0fM21h43arc", "https://linux.oracle.com/cve/CVE-2021-41772.html", "https://linux.oracle.com/errata/ELSA-2022-1819.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4OFS3M3OFB24SWPTIAPARKGPUMQVUY6Z/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ON7BQRRJZBOR5TJHURBAB3WLF4YXFC6Z/", "https://nvd.nist.gov/vuln/detail/CVE-2021-41772", "https://pkg.go.dev/vuln/GO-2021-0264", "https://security.gentoo.org/glsa/202208-02", "https://security.netapp.com/advisory/ntap-20211210-0003/", "https://www.cve.org/CVERecord?id=CVE-2021-41772", "https://www.oracle.com/security-alerts/cpujul2022.html" ], "PublishedDate": "2021-11-08T06:15:08.107Z", "LastModifiedDate": "2024-11-21T06:26:44.223Z" }, { "VulnerabilityID": "CVE-2021-44716", "VendorIDs": [ "GHSA-vc3p-29h2-gpcp", "GO-2022-0288" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.16.12, 1.17.5", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-44716", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:5c90dfbb0e5e652218c2a09559411dd43eb276a3f461b75f4d37c2613075182d", "Title": "golang: net/http: limit growth of header canonicalization cache", "Description": "net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.", "Severity": "HIGH", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-44716", "https://bugzilla.redhat.com/show_bug.cgi?id=2030801", "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44716", "https://errata.rockylinux.org/RLSA-2022:0001", "https://github.com/golang/go/commit/48d948963c5ce7add72af5665a871caff6c1d35a (go1.17.5)", "https://github.com/golang/net/commit/491a49abca63de5e07ef554052d180a1b5fe2d70", "https://go.dev/cl/369794", "https://go.dev/issue/50058", "https://groups.google.com/g/golang-announce/c/hcmEScgc00k", "https://groups.google.com/g/golang-announce/c/hcmEScgc00k/m/ZWnOjeY4CQAJ", "https://linux.oracle.com/cve/CVE-2021-44716.html", "https://linux.oracle.com/errata/ELSA-2022-0001.html", "https://lists.debian.org/debian-lts-announce/2022/01/msg00016.html", "https://lists.debian.org/debian-lts-announce/2022/01/msg00017.html", "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-44716", "https://pkg.go.dev/vuln/GO-2022-0288", "https://security.gentoo.org/glsa/202208-02", "https://security.netapp.com/advisory/ntap-20220121-0002", "https://security.netapp.com/advisory/ntap-20220121-0002/", "https://www.cve.org/CVERecord?id=CVE-2021-44716" ], "PublishedDate": "2022-01-01T05:15:08.307Z", "LastModifiedDate": "2024-11-21T06:31:26.96Z" }, { "VulnerabilityID": "CVE-2022-23772", "VendorIDs": [ "GO-2021-0317" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.16.14, 1.17.7", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-23772", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:1cf6103b28c2858c5460e4a73846c144b45e7b3e667d5e979dcb28ef7de5211c", "Title": "golang: math/big: uncontrolled memory consumption due to an unhandled overflow via Rat.SetString", "Description": "Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.", "Severity": "HIGH", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 7.8, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-38297.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39293.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41771.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41772.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23772.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23773.json", "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23806.json", "https://access.redhat.com/security/cve/CVE-2022-23772", "https://errata.almalinux.org/8/ALSA-2022-1819.html", "https://go.dev/cl/379537", "https://go.dev/issue/50699", "https://go.googlesource.com/go/+/ad345c265916bbf6c646865e4642eafce6d39e78", "https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ", "https://linux.oracle.com/cve/CVE-2022-23772.html", "https://linux.oracle.com/errata/ELSA-2022-1819.html", "https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html", "https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-23772", "https://pkg.go.dev/vuln/GO-2021-0317", "https://security.gentoo.org/glsa/202208-02", "https://security.netapp.com/advisory/ntap-20220225-0006/", "https://www.cve.org/CVERecord?id=CVE-2022-23772", "https://www.oracle.com/security-alerts/cpujul2022.html" ], "PublishedDate": "2022-02-11T01:15:07.657Z", "LastModifiedDate": "2024-11-21T06:49:15.127Z" }, { "VulnerabilityID": "CVE-2022-24675", "VendorIDs": [ "GO-2022-0433" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.17.9, 1.18.1", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-24675", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:9965f691f18dbfea9d6fc41f3749753b748639835c59b8f630cc483973b1a302", "Title": "golang: encoding/pem: fix stack overflow in Decode", "Description": "encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data.", "Severity": "HIGH", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-24675", "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1962", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24675", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24921", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28131", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28327", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29526", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30629", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30633", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", "https://errata.rockylinux.org/RLSA-2022:5799", "https://go.dev/cl/399820", "https://go.dev/issue/51853", "https://go.googlesource.com/go/+/45c3387d777caf28f4b992ad9a6216e3085bb8fe", "https://groups.google.com/g/golang-announce", "https://groups.google.com/g/golang-announce/c/oecdBNLOml8", "https://linux.oracle.com/cve/CVE-2022-24675.html", "https://linux.oracle.com/errata/ELSA-2022-5337.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TYZC4OAY54TO75FBEFAPV5G7O4D5TM/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3BMW5QGX53CMIJIZWKXFKBJX2C5GWTY/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RCRSABD6CUDIZULZPZL5BJ3ET3A2NEJP/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/", "https://nvd.nist.gov/vuln/detail/CVE-2022-24675", "https://pkg.go.dev/vuln/GO-2022-0433", "https://security.gentoo.org/glsa/202208-02", "https://security.netapp.com/advisory/ntap-20220915-0010/", "https://www.cve.org/CVERecord?id=CVE-2022-24675" ], "PublishedDate": "2022-04-20T10:15:07.93Z", "LastModifiedDate": "2024-11-21T06:50:50.78Z" }, { "VulnerabilityID": "CVE-2022-24921", "VendorIDs": [ "GO-2021-0347" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.16.15, 1.17.8", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-24921", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:58676bdef07a0196016da531117327096b1c27806e8e2c817df010bd79704904", "Title": "golang: regexp: stack exhaustion via a deeply nested expression", "Description": "regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.", "Severity": "HIGH", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-24921", "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1962", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24675", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24921", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28131", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28327", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29526", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30629", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30633", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", "https://errata.rockylinux.org/RLSA-2022:5799", "https://go.dev/cl/384616", "https://go.dev/issue/51112", "https://go.googlesource.com/go/+/452f24ae94f38afa3704d4361d91d51218405c0a", "https://groups.google.com/g/golang-announce/c/RP1hfrBYVuk", "https://linux.oracle.com/cve/CVE-2022-24921.html", "https://linux.oracle.com/errata/ELSA-2022-9363.html", "https://lists.debian.org/debian-lts-announce/2022/04/msg00017.html", "https://lists.debian.org/debian-lts-announce/2022/04/msg00018.html", "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-24921", "https://pkg.go.dev/vuln/GO-2021-0347", "https://security.gentoo.org/glsa/202208-02", "https://security.netapp.com/advisory/ntap-20220325-0010/", "https://www.cve.org/CVERecord?id=CVE-2022-24921" ], "PublishedDate": "2022-03-05T20:15:08.323Z", "LastModifiedDate": "2024-11-21T06:51:23.59Z" }, { "VulnerabilityID": "CVE-2022-27664", "VendorIDs": [ "GHSA-69cg-p879-7622", "GO-2022-0969" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.18.6, 1.19.1", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-27664", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:87afd35453b7aa9bb00f993eeee667bf03cdd6a21e02000b3b7d20175d4e128d", "Title": "golang: net/http: handle server errors after sending GOAWAY", "Description": "In net/http in Go before 1.18.6 and 1.19.x before 1.19.1, attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.", "Severity": "HIGH", "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:2357", "https://access.redhat.com/security/cve/CVE-2022-27664", "https://bugzilla.redhat.com/2107371", "https://bugzilla.redhat.com/2107374", "https://bugzilla.redhat.com/2107383", "https://bugzilla.redhat.com/2107386", "https://bugzilla.redhat.com/2107388", "https://bugzilla.redhat.com/2113814", "https://bugzilla.redhat.com/2124669", "https://bugzilla.redhat.com/2132868", "https://bugzilla.redhat.com/2132872", "https://bugzilla.redhat.com/2161274", "https://bugzilla.redhat.com/show_bug.cgi?id=1913333", "https://bugzilla.redhat.com/show_bug.cgi?id=1913338", "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", "https://bugzilla.redhat.com/show_bug.cgi?id=2113814", "https://bugzilla.redhat.com/show_bug.cgi?id=2124669", "https://cs.opensource.google/go/x/net", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28851", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28852", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189", "https://errata.almalinux.org/9/ALSA-2023-2357.html", "https://errata.rockylinux.org/RLSA-2022:7129", "https://github.com/golang/go/commit/5bc9106458fc07851ac324a4157132a91b1f3479 (go1.18.6)", "https://github.com/golang/go/commit/9cfe4e258b1c9d4a04a42539c21c7bdb2e227824 (go1.19.1)", "https://github.com/golang/go/issues/54658", "https://go.dev/cl/428735", "https://go.dev/issue/54658", "https://groups.google.com/g/golang-announce", "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s", "https://groups.google.com/g/golang-announce/c/x49AQzIVX-s/m/0tgO0pjiBQAJ", "https://linux.oracle.com/cve/CVE-2022-27664.html", "https://linux.oracle.com/errata/ELSA-2024-0121.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXKTHIGE5F576MAPFYCIJXNRGBSPISUF", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXS2OQ57KZC5XZKK5UW4SYKPVQAHIOJX", "https://nvd.nist.gov/vuln/detail/CVE-2022-27664", "https://pkg.go.dev/vuln/GO-2022-0969", "https://security.gentoo.org/glsa/202209-26", "https://security.netapp.com/advisory/ntap-20220923-0004", "https://security.netapp.com/advisory/ntap-20220923-0004/", "https://ubuntu.com/security/notices/USN-6038-1", "https://ubuntu.com/security/notices/USN-6038-2", "https://ubuntu.com/security/notices/USN-8089-1", "https://ubuntu.com/security/notices/USN-8089-2", "https://ubuntu.com/security/notices/USN-8089-3", "https://www.cve.org/CVERecord?id=CVE-2022-27664" ], "PublishedDate": "2022-09-06T18:15:12.747Z", "LastModifiedDate": "2024-11-21T06:56:07.703Z" }, { "VulnerabilityID": "CVE-2022-28131", "VendorIDs": [ "GO-2022-0521" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.17.12, 1.18.4", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-28131", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:ead4cef14ebdd659423a18f57136db99211cefeefbbaec63afaf32291516bcf4", "Title": "golang: encoding/xml: stack exhaustion in Decoder.Skip", "Description": "Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document.", "Severity": "HIGH", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "V3Score": 7.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2022:8057", "https://access.redhat.com/security/cve/CVE-2022-28131", "https://bugzilla.redhat.com/2044628", "https://bugzilla.redhat.com/2045880", "https://bugzilla.redhat.com/2050648", "https://bugzilla.redhat.com/2050742", "https://bugzilla.redhat.com/2050743", "https://bugzilla.redhat.com/2065290", "https://bugzilla.redhat.com/2107342", "https://bugzilla.redhat.com/2107371", "https://bugzilla.redhat.com/2107374", "https://bugzilla.redhat.com/2107376", "https://bugzilla.redhat.com/2107383", "https://bugzilla.redhat.com/2107386", "https://bugzilla.redhat.com/2107388", "https://bugzilla.redhat.com/2107390", "https://bugzilla.redhat.com/2107392", "https://bugzilla.redhat.com/show_bug.cgi?id=2044628", "https://bugzilla.redhat.com/show_bug.cgi?id=2045880", "https://bugzilla.redhat.com/show_bug.cgi?id=2050648", "https://bugzilla.redhat.com/show_bug.cgi?id=2050742", "https://bugzilla.redhat.com/show_bug.cgi?id=2050743", "https://bugzilla.redhat.com/show_bug.cgi?id=2055349", "https://bugzilla.redhat.com/show_bug.cgi?id=2065290", "https://bugzilla.redhat.com/show_bug.cgi?id=2104367", "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1962", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21673", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21698", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21702", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21703", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21713", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28131", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30633", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", "https://errata.almalinux.org/9/ALSA-2022-8057.html", "https://errata.rockylinux.org/RLSA-2022:8057", "https://github.com/golang/go/commit/90f040ec510dd678b7860d70ca77e5682f4c7e96", "https://go.dev/cl/417062", "https://go.dev/issue/53614", "https://go.googlesource.com/go/+/08c46ed43d80bbb67cb904944ea3417989be4af3", "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "https://linux.oracle.com/cve/CVE-2022-28131.html", "https://linux.oracle.com/errata/ELSA-2023-2802.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-28131", "https://pkg.go.dev/vuln/GO-2022-0521", "https://ubuntu.com/security/notices/USN-6038-1", "https://ubuntu.com/security/notices/USN-6038-2", "https://www.cve.org/CVERecord?id=CVE-2022-28131" ], "PublishedDate": "2022-08-10T20:15:32.767Z", "LastModifiedDate": "2024-11-21T06:56:48.57Z" }, { "VulnerabilityID": "CVE-2022-28327", "VendorIDs": [ "GO-2022-0435" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.17.9, 1.18.1", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-28327", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:ca44594540f3dc4840863e4b27396c86bd908785967fd032f9733724e8d50689", "Title": "golang: crypto/elliptic: panic caused by oversized scalar", "Description": "The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input.", "Severity": "HIGH", "VendorSeverity": { "amazon": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V2Score": 5, "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-28327", "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1962", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24675", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24921", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28131", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28327", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29526", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30629", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30633", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", "https://errata.rockylinux.org/RLSA-2022:5799", "https://go.dev/cl/397135", "https://go.dev/issue/52075", "https://go.googlesource.com/go/+/37065847d87df92b5eb246c88ba2085efcf0b331", "https://groups.google.com/g/golang-announce", "https://groups.google.com/g/golang-announce/c/oecdBNLOml8", "https://linux.oracle.com/cve/CVE-2022-28327.html", "https://linux.oracle.com/errata/ELSA-2022-5337.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/42TYZC4OAY54TO75FBEFAPV5G7O4D5TM/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F3BMW5QGX53CMIJIZWKXFKBJX2C5GWTY/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NY6GEAJMNKKMU5H46QO4D7D6A24KSPXE/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RCRSABD6CUDIZULZPZL5BJ3ET3A2NEJP/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/", "https://nvd.nist.gov/vuln/detail/CVE-2022-28327", "https://pkg.go.dev/vuln/GO-2022-0435", "https://security.gentoo.org/glsa/202208-02", "https://security.netapp.com/advisory/ntap-20220915-0010/", "https://www.cve.org/CVERecord?id=CVE-2022-28327" ], "PublishedDate": "2022-04-20T10:15:08.03Z", "LastModifiedDate": "2024-11-21T06:57:10.2Z" }, { "VulnerabilityID": "CVE-2022-2879", "VendorIDs": [ "GO-2022-1037" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.18.7, 1.19.2", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-2879", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:42766c2a9617363abd27436b723c3109e43d2704e429be31044fc32f144582e0", "Title": "golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers", "Description": "Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amounts of memory, potentially causing resource exhaustion or panics. After fix, Reader.Read limits the maximum size of header blocks to 1 MiB.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:2204", "https://access.redhat.com/security/cve/CVE-2022-2879", "https://bugzilla.redhat.com/2124669", "https://bugzilla.redhat.com/2132867", "https://bugzilla.redhat.com/2132868", "https://bugzilla.redhat.com/2132872", "https://bugzilla.redhat.com/2161274", "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", "https://bugzilla.redhat.com/show_bug.cgi?id=2149311", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", "https://errata.almalinux.org/9/ALSA-2023-2204.html", "https://errata.rockylinux.org/RLSA-2023:0328", "https://github.com/golang/go/commit/0a723816cd205576945fa57fbdde7e6532d59d08 (go1.18.7)", "https://github.com/golang/go/commit/4fa773cdefd20be093c84f731be7d4febf5536fa (go1.19.2)", "https://github.com/golang/go/issues/54853", "https://github.com/vbatts/tar-split/releases/tag/v0.12.1", "https://go.dev/cl/439355", "https://go.dev/issue/54853", "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU", "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1", "https://linux.oracle.com/cve/CVE-2022-2879.html", "https://linux.oracle.com/errata/ELSA-2024-2988.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-2879", "https://pkg.go.dev/vuln/GO-2022-1037", "https://security.gentoo.org/glsa/202311-09", "https://ubuntu.com/security/notices/USN-6038-1", "https://ubuntu.com/security/notices/USN-6038-2", "https://www.cve.org/CVERecord?id=CVE-2022-2879" ], "PublishedDate": "2022-10-14T15:15:17.647Z", "LastModifiedDate": "2024-11-21T07:01:51.487Z" }, { "VulnerabilityID": "CVE-2022-2880", "VendorIDs": [ "GO-2022-1038" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.18.7, 1.19.2", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-2880", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b2c717c2361d4d5cb8762f5a4f94004ee958ddaaa08f0f1ad3c97b3e02f07ead", "Title": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters", "Description": "Requests forwarded by ReverseProxy include the raw query parameters from the inbound request, including unparsable parameters rejected by net/http. This could permit query parameter smuggling when a Go proxy forwards a parameter with an unparsable value. After fix, ReverseProxy sanitizes the query parameters in the forwarded query when the outbound request's Form field is set after the ReverseProxy. Director function returns, indicating that the proxy has parsed the query parameters. Proxies which do not parse query parameters continue to forward the original query parameters unchanged.", "Severity": "HIGH", "CweIDs": [ "CWE-444" ], "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:2357", "https://access.redhat.com/security/cve/CVE-2022-2880", "https://bugzilla.redhat.com/2107371", "https://bugzilla.redhat.com/2107374", "https://bugzilla.redhat.com/2107383", "https://bugzilla.redhat.com/2107386", "https://bugzilla.redhat.com/2107388", "https://bugzilla.redhat.com/2113814", "https://bugzilla.redhat.com/2124669", "https://bugzilla.redhat.com/2132868", "https://bugzilla.redhat.com/2132872", "https://bugzilla.redhat.com/2161274", "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", "https://bugzilla.redhat.com/show_bug.cgi?id=2149311", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", "https://errata.almalinux.org/9/ALSA-2023-2357.html", "https://errata.rockylinux.org/RLSA-2023:0328", "https://github.com/golang/go/commit/9d2c73a9fd69e45876509bb3bdb2af99bf77da1e (go1.18.7)", "https://github.com/golang/go/commit/f6d844510d5f1e3b3098eba255d9b633d45eac3b (go1.19.2)", "https://github.com/golang/go/issues/54663", "https://go.dev/cl/432976", "https://go.dev/issue/54663", "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU", "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1", "https://linux.oracle.com/cve/CVE-2022-2880.html", "https://linux.oracle.com/errata/ELSA-2024-3254.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-2880", "https://pkg.go.dev/vuln/GO-2022-1038", "https://security.gentoo.org/glsa/202311-09", "https://ubuntu.com/security/notices/USN-6038-1", "https://ubuntu.com/security/notices/USN-6038-2", "https://www.cve.org/CVERecord?id=CVE-2022-2880" ], "PublishedDate": "2022-10-14T15:15:18.09Z", "LastModifiedDate": "2024-11-21T07:01:51.61Z" }, { "VulnerabilityID": "CVE-2022-29804", "VendorIDs": [ "GO-2022-0533" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.17.11, 1.18.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-29804", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:70ca816504b69e64be8ff94c09e0b504417317fc89d55a0f3ec0f68304727cd8", "Title": "ELSA-2022-17957: ol8addon security update (IMPORTANT)", "Description": "Incorrect conversion of certain invalid paths to valid, absolute paths in Clean in path/filepath before Go 1.17.11 and Go 1.18.3 on Windows allows potential directory traversal attack.", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "bitnami": 3, "nvd": 3, "oracle-oval": 3, "photon": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/401595", "https://go.dev/issue/52476", "https://go.googlesource.com/go/+/9cd1818a7d019c02fa4898b3e45a323e35033290", "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ", "https://linux.oracle.com/cve/CVE-2022-29804.html", "https://linux.oracle.com/errata/ELSA-2022-17957.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-29804", "https://pkg.go.dev/vuln/GO-2022-0533" ], "PublishedDate": "2022-08-10T20:15:34.89Z", "LastModifiedDate": "2024-11-21T06:59:42.8Z" }, { "VulnerabilityID": "CVE-2022-30580", "VendorIDs": [ "GO-2022-0532" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.17.11, 1.18.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-30580", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:342b9814a7093362462314331ae3dfc7388f6bc5f092e07f82a7d4ca59dbd74a", "Title": "golang: os/exec: Code injection in Cmd.Start", "Description": "Code injection in Cmd.Start in os/exec before Go 1.17.11 and Go 1.18.3 allows execution of any binaries in the working directory named either \"..com\" or \"..exe\" by calling Cmd.Run, Cmd.Start, Cmd.Output, or Cmd.CombinedOutput when Cmd.Path is unset.", "Severity": "HIGH", "CweIDs": [ "CWE-94" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-30580", "https://go.dev/cl/403759", "https://go.dev/issue/52574", "https://go.googlesource.com/go/+/960ffa98ce73ef2c2060c84c7ac28d37a83f345e", "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ", "https://linux.oracle.com/cve/CVE-2022-30580.html", "https://linux.oracle.com/errata/ELSA-2022-17957.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-30580", "https://pkg.go.dev/vuln/GO-2022-0532", "https://www.cve.org/CVERecord?id=CVE-2022-30580" ], "PublishedDate": "2022-08-10T20:15:40.227Z", "LastModifiedDate": "2026-03-06T18:16:11.913Z" }, { "VulnerabilityID": "CVE-2022-30630", "VendorIDs": [ "GO-2022-0527" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.17.12, 1.18.4", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-30630", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:7a023b35951286e85c4038b39893da626d510cb9cfb0b26620be0ff44b6df68c", "Title": "golang: io/fs: stack exhaustion in Glob", "Description": "Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators.", "Severity": "HIGH", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:2180", "https://access.redhat.com/security/cve/CVE-2022-30630", "https://bugzilla.redhat.com/2107342", "https://bugzilla.redhat.com/2107371", "https://bugzilla.redhat.com/2107386", "https://bugzilla.redhat.com/2253193", "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", "https://errata.almalinux.org/9/ALSA-2024-2180.html", "https://errata.rockylinux.org/RLSA-2022:8250", "https://github.com/golang/go/commit/315e80d293b684ac2902819e58f618f1b5a14d49 (1.18)", "https://go.dev/cl/417065", "https://go.dev/issue/53415", "https://go.googlesource.com/go/+/fa2d41d0ca736f3ad6b200b2a4e134364e9acc59", "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "https://linux.oracle.com/cve/CVE-2022-30630.html", "https://linux.oracle.com/errata/ELSA-2024-2180.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-30630", "https://pkg.go.dev/vuln/GO-2022-0527", "https://ubuntu.com/security/notices/USN-6038-1", "https://ubuntu.com/security/notices/USN-6038-2", "https://www.cve.org/CVERecord?id=CVE-2022-30630" ], "PublishedDate": "2022-08-10T20:15:40.977Z", "LastModifiedDate": "2026-03-06T18:16:13.45Z" }, { "VulnerabilityID": "CVE-2022-30631", "VendorIDs": [ "GO-2022-0524" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.17.12, 1.18.4", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-30631", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:7cb7508b8641ecd44b0922ebe4aa2c7a93061572a27376a8ce60df24b74adfbe", "Title": "golang: compress/gzip: stack exhaustion in Reader.Read", "Description": "Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files.", "Severity": "HIGH", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:2180", "https://access.redhat.com/security/cve/CVE-2022-30631", "https://bugzilla.redhat.com/2107342", "https://bugzilla.redhat.com/2107371", "https://bugzilla.redhat.com/2107386", "https://bugzilla.redhat.com/2253193", "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", "https://errata.almalinux.org/9/ALSA-2024-2180.html", "https://errata.rockylinux.org/RLSA-2022:8250", "https://github.com/golang/go/commit/8e27a8ac4c001c27713810b75925aa3794049c48 (1.18)", "https://go.dev/cl/417067", "https://go.dev/issue/53168", "https://go.googlesource.com/go/+/b2b8872c876201eac2d0707276c6999ff3eb185e", "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "https://linux.oracle.com/cve/CVE-2022-30631.html", "https://linux.oracle.com/errata/ELSA-2024-2180.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-30631", "https://pkg.go.dev/vuln/GO-2022-0524", "https://ubuntu.com/security/notices/USN-6038-1", "https://ubuntu.com/security/notices/USN-6038-2", "https://www.cve.org/CVERecord?id=CVE-2022-30631" ], "PublishedDate": "2022-08-10T20:15:41.373Z", "LastModifiedDate": "2025-10-20T18:15:36.863Z" }, { "VulnerabilityID": "CVE-2022-30632", "VendorIDs": [ "GO-2022-0522" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.17.12, 1.18.4", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-30632", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f27af4e81eeb8da72d20085930b838365f5f8642343bec4db07151b7f43f3d64", "Title": "golang: path/filepath: stack exhaustion in Glob", "Description": "Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.", "Severity": "HIGH", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:2180", "https://access.redhat.com/security/cve/CVE-2022-30632", "https://bugzilla.redhat.com/2107342", "https://bugzilla.redhat.com/2107371", "https://bugzilla.redhat.com/2107386", "https://bugzilla.redhat.com/2253193", "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", "https://errata.almalinux.org/9/ALSA-2024-2180.html", "https://errata.rockylinux.org/RLSA-2022:8250", "https://github.com/golang/go/commit/5ebd862b1714dad1544bd10a24c47cdb53ad7f46 (1.18)", "https://go.dev/cl/417066", "https://go.dev/issue/53416", "https://go.googlesource.com/go/+/ac68c6c683409f98250d34ad282b9e1b0c9095ef", "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "https://linux.oracle.com/cve/CVE-2022-30632.html", "https://linux.oracle.com/errata/ELSA-2024-2180.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-30632", "https://pkg.go.dev/vuln/GO-2022-0522", "https://ubuntu.com/security/notices/USN-6038-1", "https://ubuntu.com/security/notices/USN-6038-2", "https://www.cve.org/CVERecord?id=CVE-2022-30632" ], "PublishedDate": "2022-08-10T20:15:41.877Z", "LastModifiedDate": "2024-11-21T07:03:04.097Z" }, { "VulnerabilityID": "CVE-2022-30633", "VendorIDs": [ "GO-2022-0523" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.17.12, 1.18.4", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-30633", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c8cabc3f0806d68609c66a4a661740b76b4d5e91bedbfe163918efd0a1dde75e", "Title": "golang: encoding/xml: stack exhaustion in Unmarshal", "Description": "Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag.", "Severity": "HIGH", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2022:8057", "https://access.redhat.com/security/cve/CVE-2022-30633", "https://bugzilla.redhat.com/2044628", "https://bugzilla.redhat.com/2045880", "https://bugzilla.redhat.com/2050648", "https://bugzilla.redhat.com/2050742", "https://bugzilla.redhat.com/2050743", "https://bugzilla.redhat.com/2065290", "https://bugzilla.redhat.com/2107342", "https://bugzilla.redhat.com/2107371", "https://bugzilla.redhat.com/2107374", "https://bugzilla.redhat.com/2107376", "https://bugzilla.redhat.com/2107383", "https://bugzilla.redhat.com/2107386", "https://bugzilla.redhat.com/2107388", "https://bugzilla.redhat.com/2107390", "https://bugzilla.redhat.com/2107392", "https://bugzilla.redhat.com/show_bug.cgi?id=2044628", "https://bugzilla.redhat.com/show_bug.cgi?id=2045880", "https://bugzilla.redhat.com/show_bug.cgi?id=2050648", "https://bugzilla.redhat.com/show_bug.cgi?id=2050742", "https://bugzilla.redhat.com/show_bug.cgi?id=2050743", "https://bugzilla.redhat.com/show_bug.cgi?id=2055349", "https://bugzilla.redhat.com/show_bug.cgi?id=2065290", "https://bugzilla.redhat.com/show_bug.cgi?id=2104367", "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1962", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21673", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21698", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21702", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21703", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21713", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28131", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30633", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", "https://errata.almalinux.org/9/ALSA-2022-8057.html", "https://errata.rockylinux.org/RLSA-2022:8057", "https://github.com/golang/go/commit/2924ced71d16297320e8ff18829c2038e6ad8d9b (1.18)", "https://go.dev/cl/417061", "https://go.dev/issue/53611", "https://go.googlesource.com/go/+/c4c1993fd2a5b26fe45c09592af6d3388a3b2e08", "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "https://linux.oracle.com/cve/CVE-2022-30633.html", "https://linux.oracle.com/errata/ELSA-2023-2802.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-30633", "https://pkg.go.dev/vuln/GO-2022-0523", "https://ubuntu.com/security/notices/USN-6038-1", "https://ubuntu.com/security/notices/USN-6038-2", "https://www.cve.org/CVERecord?id=CVE-2022-30633" ], "PublishedDate": "2022-08-10T20:15:42.21Z", "LastModifiedDate": "2026-03-06T18:16:13.833Z" }, { "VulnerabilityID": "CVE-2022-30634", "VendorIDs": [ "GO-2022-0477" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.17.11, 1.18.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-30634", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:26f822c19ebc8bcbecfb72bc8129009d326719638096c4296044e824d0504f92", "Title": "ELSA-2022-17957: ol8addon security update (IMPORTANT)", "Description": "Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 \u003c\u003c 32 - 1 bytes.", "Severity": "HIGH", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "nvd": 3, "oracle-oval": 3, "photon": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/402257", "https://go.dev/issue/52561", "https://go.googlesource.com/go/+/bb1f4416180511231de6d17a1f2f55c82aafc863", "https://groups.google.com/g/golang-announce/c/TzIC9-t8Ytg/m/IWz5T6x7AAAJ", "https://linux.oracle.com/cve/CVE-2022-30634.html", "https://linux.oracle.com/errata/ELSA-2022-17957.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-30634", "https://pkg.go.dev/vuln/GO-2022-0477" ], "PublishedDate": "2022-07-15T20:15:08.597Z", "LastModifiedDate": "2024-11-21T07:03:04.353Z" }, { "VulnerabilityID": "CVE-2022-30635", "VendorIDs": [ "GO-2022-0526" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.17.12, 1.18.4", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-30635", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:21be5ea0594f60724b6511f5ab6f7dd3bcbee7de5051043f873110782bb49da7", "Title": "golang: encoding/gob: stack exhaustion in Decoder.Decode", "Description": "Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures.", "Severity": "HIGH", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:2357", "https://access.redhat.com/security/cve/CVE-2022-30635", "https://bugzilla.redhat.com/2107371", "https://bugzilla.redhat.com/2107374", "https://bugzilla.redhat.com/2107383", "https://bugzilla.redhat.com/2107386", "https://bugzilla.redhat.com/2107388", "https://bugzilla.redhat.com/2113814", "https://bugzilla.redhat.com/2124669", "https://bugzilla.redhat.com/2132868", "https://bugzilla.redhat.com/2132872", "https://bugzilla.redhat.com/2161274", "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", "https://errata.almalinux.org/9/ALSA-2023-2357.html", "https://errata.rockylinux.org/RLSA-2022:8250", "https://github.com/golang/go/commit/fb979a50823e5a0575cf6166b3f17a13364cbf81 (1.18)", "https://go.dev/cl/417064", "https://go.dev/issue/53615", "https://go.googlesource.com/go/+/6fa37e98ea4382bf881428ee0c150ce591500eb7", "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "https://linux.oracle.com/cve/CVE-2022-30635.html", "https://linux.oracle.com/errata/ELSA-2023-2802.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-30635", "https://pkg.go.dev/vuln/GO-2022-0526", "https://ubuntu.com/security/notices/USN-6038-1", "https://ubuntu.com/security/notices/USN-6038-2", "https://www.cve.org/CVERecord?id=CVE-2022-30635" ], "PublishedDate": "2022-08-10T20:15:42.64Z", "LastModifiedDate": "2026-03-06T18:16:14.177Z" }, { "VulnerabilityID": "CVE-2022-32189", "VendorIDs": [ "GO-2022-0537" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.17.13, 1.18.5", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-32189", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:0b9e226d42faf8c63037263f1ab92fd4e9e3fa1aba61630b6db7fa1f5c28f33d", "Title": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service", "Description": "A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service.", "Severity": "HIGH", "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 1, "rocky": 1, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:2357", "https://access.redhat.com/security/cve/CVE-2022-32189", "https://bugzilla.redhat.com/2107371", "https://bugzilla.redhat.com/2107374", "https://bugzilla.redhat.com/2107383", "https://bugzilla.redhat.com/2107386", "https://bugzilla.redhat.com/2107388", "https://bugzilla.redhat.com/2113814", "https://bugzilla.redhat.com/2124669", "https://bugzilla.redhat.com/2132868", "https://bugzilla.redhat.com/2132872", "https://bugzilla.redhat.com/2161274", "https://bugzilla.redhat.com/show_bug.cgi?id=2059869", "https://bugzilla.redhat.com/show_bug.cgi?id=2059870", "https://bugzilla.redhat.com/show_bug.cgi?id=2060061", "https://bugzilla.redhat.com/show_bug.cgi?id=2062597", "https://bugzilla.redhat.com/show_bug.cgi?id=2064087", "https://bugzilla.redhat.com/show_bug.cgi?id=2088459", "https://bugzilla.redhat.com/show_bug.cgi?id=2105961", "https://bugzilla.redhat.com/show_bug.cgi?id=2110864", "https://bugzilla.redhat.com/show_bug.cgi?id=2113814", "https://bugzilla.redhat.com/show_bug.cgi?id=2118831", "https://bugzilla.redhat.com/show_bug.cgi?id=2123055", "https://bugzilla.redhat.com/show_bug.cgi?id=2123210", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189", "https://errata.almalinux.org/9/ALSA-2023-2357.html", "https://errata.rockylinux.org/RLSA-2022:7950", "https://github.com/golang/go/commit/9240558e4f342fc6e98fec22de17c04b45089349 (1.18)", "https://go.dev/cl/417774", "https://go.dev/issue/53871", "https://go.googlesource.com/go/+/055113ef364337607e3e72ed7d48df67fde6fc66", "https://groups.google.com/g/golang-announce/c/YqYYG87xB10", "https://groups.google.com/g/golang-nuts/c/DCFSyTGM0wU", "https://linux.oracle.com/cve/CVE-2022-32189.html", "https://linux.oracle.com/errata/ELSA-2023-2802.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-32189", "https://pkg.go.dev/vuln/GO-2022-0537", "https://ubuntu.com/security/notices/USN-6038-1", "https://ubuntu.com/security/notices/USN-6038-2", "https://www.cve.org/CVERecord?id=CVE-2022-32189" ], "PublishedDate": "2022-08-10T20:15:47.507Z", "LastModifiedDate": "2024-11-21T07:05:53.513Z" }, { "VulnerabilityID": "CVE-2022-41715", "VendorIDs": [ "GO-2022-1039" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.18.7, 1.19.2", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41715", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:2b3b2b59280e67cf4591a1c7e1eccf50c52bb1444faf79abc4a8ae4453ed17f0", "Title": "golang: regexp/syntax: limit memory used by parsing regexps", "Description": "Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected.", "Severity": "HIGH", "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:2592", "https://access.redhat.com/security/cve/CVE-2022-41715", "https://bugzilla.redhat.com/2132872", "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", "https://bugzilla.redhat.com/show_bug.cgi?id=2149311", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", "https://errata.almalinux.org/9/ALSA-2023-2592.html", "https://errata.rockylinux.org/RLSA-2023:0328", "https://github.com/golang/go/commit/645abfe529dc325e16daa17210640c2907d1c17a (go1.19.2)", "https://github.com/golang/go/commit/e9017c2416ad0ef642f5e0c2eab2dbf3cba4d997 (go1.18.7)", "https://github.com/golang/go/issues/55949", "https://go.dev/cl/439356", "https://go.dev/issue/55949", "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU", "https://groups.google.com/g/golang-announce/c/xtuG5faxtaU?pli=1", "https://linux.oracle.com/cve/CVE-2022-41715.html", "https://linux.oracle.com/errata/ELSA-2024-3254.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-41715", "https://pkg.go.dev/vuln/GO-2022-1039", "https://security.gentoo.org/glsa/202311-09", "https://ubuntu.com/security/notices/USN-6038-1", "https://www.cve.org/CVERecord?id=CVE-2022-41715" ], "PublishedDate": "2022-10-14T15:16:20.78Z", "LastModifiedDate": "2024-11-21T07:23:43.367Z" }, { "VulnerabilityID": "CVE-2022-41716", "VendorIDs": [ "GO-2022-1095" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.18.8, 1.19.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41716", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:7b94f78ee26c9699e11eff028fbede52a2dadcb657f32b7db932a056fb086c63", "Title": "Due to unsanitized NUL values, attackers may be able to maliciously se ...", "Description": "Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string \"A=B\\x00C=D\" sets the variables \"A=B\" and \"C=D\".", "Severity": "HIGH", "VendorSeverity": { "amazon": 3, "bitnami": 3, "nvd": 3, "oracle-oval": 3, "photon": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/446916", "https://go.dev/issue/56284", "https://groups.google.com/g/golang-announce/c/mbHY1UY3BaM/m/hSpmRzk-AgAJ", "https://linux.oracle.com/cve/CVE-2022-41716.html", "https://linux.oracle.com/errata/ELSA-2023-18908.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-41716", "https://pkg.go.dev/vuln/GO-2022-1095", "https://security.netapp.com/advisory/ntap-20230120-0007/" ], "PublishedDate": "2022-11-02T16:15:11.15Z", "LastModifiedDate": "2024-11-21T07:23:43.507Z" }, { "VulnerabilityID": "CVE-2022-41720", "VendorIDs": [ "GO-2022-1143" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.18.9, 1.19.4", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41720", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:4c0b38e344d59b3fe15077bf550dda699b9138a28e432240a4e748fba5e7d678", "Title": "golang: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows", "Description": "On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir type provide access to a tree of files rooted at a given directory. These functions permit access to Windows device files under that root. For example, os.DirFS(\"C:/tmp\").Open(\"COM1\") opens the COM1 device. Both os.DirFS and http.Dir only provide read-only filesystem access. In addition, on Windows, an os.DirFS for the directory (the root of the current drive) can permit a maliciously crafted path to escape from the drive and access any path on the system. With fix applied, the behavior of os.DirFS(\"\") has changed. Previously, an empty root was treated equivalently to \"/\", so os.DirFS(\"\").Open(\"tmp\") would open the path \"/tmp\". This now returns an error.", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "bitnami": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-41720", "https://go.dev/cl/455716", "https://go.dev/issue/56694", "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ", "https://linux.oracle.com/cve/CVE-2022-41720.html", "https://linux.oracle.com/errata/ELSA-2023-18908.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-41720", "https://pkg.go.dev/vuln/GO-2022-1143", "https://www.cve.org/CVERecord?id=CVE-2022-41720" ], "PublishedDate": "2022-12-07T17:15:10.293Z", "LastModifiedDate": "2025-04-23T16:15:25.373Z" }, { "VulnerabilityID": "CVE-2022-41722", "VendorIDs": [ "GO-2023-1568" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.19.6, 1.20.1", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41722", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:5c1818eb503635e192d7073b8a815be223ecbd563c2221de2f1ad7a5ec46acd3", "Title": "golang: path/filepath: path-filepath filepath.Clean path traversal", "Description": "A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as \"a/../c:/b\" into the valid path \"c:\\b\". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path \".\\c:\\b\".", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-41722", "https://go.dev/cl/468123", "https://go.dev/issue/57274", "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "https://nvd.nist.gov/vuln/detail/CVE-2022-41722", "https://pkg.go.dev/vuln/GO-2023-1568", "https://www.cve.org/CVERecord?id=CVE-2022-41722" ], "PublishedDate": "2023-02-28T18:15:09.887Z", "LastModifiedDate": "2024-11-21T07:23:44.303Z" }, { "VulnerabilityID": "CVE-2022-41723", "VendorIDs": [ "GHSA-vvpx-j8f3-3w6h", "GO-2023-1571" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.19.6, 1.20.1", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:5d07c115f59a9ae3c92d1aaa91771e45d9dbe4be27e9a7564a1ee4b628cdfbe5", "Title": "golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding", "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", "Severity": "HIGH", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2022-41723", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", "https://go.dev/cl/468135", "https://go.dev/cl/468295", "https://go.dev/issue/57855", "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "https://linux.oracle.com/cve/CVE-2022-41723.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", "https://pkg.go.dev/vuln/GO-2023-1571", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20230331-0010/", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://ubuntu.com/security/notices/USN-8089-1", "https://ubuntu.com/security/notices/USN-8089-2", "https://ubuntu.com/security/notices/USN-8089-3", "https://vuln.go.dev/ID/GO-2023-1571.json", "https://www.couchbase.com/alerts", "https://www.couchbase.com/alerts/", "https://www.cve.org/CVERecord?id=CVE-2022-41723" ], "PublishedDate": "2023-02-28T18:15:09.98Z", "LastModifiedDate": "2025-05-05T16:15:20.433Z" }, { "VulnerabilityID": "CVE-2022-41724", "VendorIDs": [ "GO-2023-1570" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.19.6, 1.20.1", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41724", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:fcf971526bbc647e429c4795eeb0e396758ac0a88e1d643a5424effad7fe02dd", "Title": "golang: crypto/tls: large handshake records may cause panics", "Description": "Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth \u003e= RequestClientCert).", "Severity": "HIGH", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2022-41724", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://go.dev/cl/468125", "https://go.dev/issue/58001", "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "https://linux.oracle.com/cve/CVE-2022-41724.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-41724", "https://pkg.go.dev/vuln/GO-2023-1570", "https://security.gentoo.org/glsa/202311-09", "https://ubuntu.com/security/notices/USN-6140-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2022-41724" ], "PublishedDate": "2023-02-28T18:15:10.043Z", "LastModifiedDate": "2024-11-21T07:23:44.603Z" }, { "VulnerabilityID": "CVE-2022-41725", "VendorIDs": [ "GO-2023-1569" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.19.6, 1.20.1", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41725", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:78f833dac11e22b716598b9aab6ebd699f872e59ed5daaaec29d62262442702e", "Title": "golang: net/http, mime/multipart: denial of service from excessive resource consumption", "Description": "A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. ReadForm takes a maxMemory parameter, and is documented as storing \"up to maxMemory bytes +10MB (reserved for non-file parts) in memory\". File parts which cannot be stored in memory are stored on disk in temporary files. The unconfigurable 10MB reserved for non-file parts is excessively large and can potentially open a denial of service vector on its own. However, ReadForm did not properly account for all memory consumed by a parsed form, such as map entry overhead, part names, and MIME headers, permitting a maliciously crafted form to consume well over 10MB. In addition, ReadForm contained no limit on the number of disk files created, permitting a relatively small request body to create a large number of disk temporary files. With fix, ReadForm now properly accounts for various forms of memory overhead, and should now stay within its documented limit of 10MB + maxMemory bytes of memory consumption. Users should still be aware that this limit is high and may still be hazardous. In addition, ReadForm now creates at most one on-disk temporary file, combining multiple form parts into a single temporary file. The mime/multipart.File interface type's documentation states, \"If stored on disk, the File's underlying concrete type will be an *os.File.\". This is no longer the case when a form contains more than one file part, due to this coalescing of parts into a single file. The previous behavior of using distinct files for each form part may be reenabled with the environment variable GODEBUG=multipartfiles=distinct. Users should be aware that multipart.ReadForm and the http.Request methods that call it do not limit the amount of disk consumed by temporary files. Callers can limit the size of form data with http.MaxBytesReader.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2022-41725", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://github.com/golang/go/commit/5c55ac9bf1e5f779220294c843526536605f42ab [1.19]", "https://go.dev/cl/468124", "https://go.dev/issue/58006", "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "https://linux.oracle.com/cve/CVE-2022-41725.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-41725", "https://pkg.go.dev/vuln/GO-2023-1569", "https://security.gentoo.org/glsa/202311-09", "https://ubuntu.com/security/notices/USN-6140-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2022-41725" ], "PublishedDate": "2023-02-28T18:15:10.12Z", "LastModifiedDate": "2024-11-21T07:23:44.733Z" }, { "VulnerabilityID": "CVE-2023-24534", "VendorIDs": [ "GO-2023-1704" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.19.8, 1.20.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24534", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:4ef6a8e9761fd2694eba1ef38494db1cf4e96102c188166298a2d551a6b67cae", "Title": "golang: net/http, net/textproto: denial of service from excessive memory allocation", "Description": "HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than required to hold the parsed headers. An attacker can exploit this behavior to cause an HTTP server to allocate large amounts of memory from a small request, potentially leading to memory exhaustion and a denial of service. With fix, header parsing now correctly allocates only the memory required to hold parsed headers.", "Severity": "HIGH", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2023-24534", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://github.com/golang/go/commit/3991f6c41c7dfd167e889234c0cf1d840475e93c (go1.20.3)", "https://github.com/golang/go/commit/d6759e7a059f4208f07aa781402841d7ddaaef96 (go1.19.8)", "https://go.dev/cl/481994", "https://go.dev/issue/58975", "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", "https://linux.oracle.com/cve/CVE-2023-24534.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-24534", "https://pkg.go.dev/vuln/GO-2023-1704", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20230526-0007/", "https://ubuntu.com/security/notices/USN-6038-1", "https://ubuntu.com/security/notices/USN-6038-2", "https://ubuntu.com/security/notices/USN-6140-1", "https://www.cve.org/CVERecord?id=CVE-2023-24534" ], "PublishedDate": "2023-04-06T16:15:07.657Z", "LastModifiedDate": "2025-02-12T18:15:19.837Z" }, { "VulnerabilityID": "CVE-2023-24536", "VendorIDs": [ "GO-2023-1705" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.19.8, 1.20.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24536", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:38c1cc86fff275157c1d02a8131aa92eab0d7fba6b02b3d8bf31934c4ee2d5c2", "Title": "golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption", "Description": "Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount of memory consumed, leading it to accept larger inputs than intended. 2. Limiting total memory does not account for increased pressure on the garbage collector from large numbers of small allocations in forms with many parts. 3. ReadForm can allocate a large number of short-lived buffers, further increasing pressure on the garbage collector. The combination of these factors can permit an attacker to cause an program that parses multipart forms to consume large amounts of CPU and memory, potentially resulting in a denial of service. This affects programs that use mime/multipart.Reader.ReadForm, as well as form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. With fix, ReadForm now does a better job of estimating the memory consumption of parsed forms, and performs many fewer short-lived allocations. In addition, the fixed mime/multipart.Reader imposes the following limits on the size of parsed forms: 1. Forms parsed with ReadForm may contain no more than 1000 parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxparts=. 2. Form parts parsed with NextPart and NextRawPart may contain no more than 10,000 header fields. In addition, forms parsed with ReadForm may contain no more than 10,000 header fields across all parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxheaders=.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2023-24536", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://github.com/golang/go/commit/7917b5f31204528ea72e0629f0b7d52b35b27538 (go.1.19.8)", "https://github.com/golang/go/commit/bf8c7c575c8a552d9d79deb29e80854dc88528d0 (go1.20.3)", "https://go.dev/cl/482075", "https://go.dev/cl/482076", "https://go.dev/cl/482077", "https://go.dev/issue/59153", "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", "https://linux.oracle.com/cve/CVE-2023-24536.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-24536", "https://pkg.go.dev/vuln/GO-2023-1705", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20230526-0007/", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2023-24536" ], "PublishedDate": "2023-04-06T16:15:07.71Z", "LastModifiedDate": "2025-02-12T18:15:20.083Z" }, { "VulnerabilityID": "CVE-2023-24537", "VendorIDs": [ "GO-2023-1702" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.19.8, 1.20.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24537", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:830fbec9d37c8045eaf6e00967380bc594f593ce9fecabbe39323ffbc9e2aea6", "Title": "golang: go/parser: Infinite loop in parsing", "Description": "Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.", "Severity": "HIGH", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2023-24537", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://github.com/golang/go/commit/126a1d02da82f93ede7ce0bd8d3c51ef627f2104 (go1.19.8)", "https://github.com/golang/go/commit/e7c4b07ecf6b367f1afc9cc48cde963829dd0aab (go1.20.3)", "https://github.com/golang/go/issues/59180", "https://go.dev/cl/482078", "https://go.dev/issue/59180", "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", "https://linux.oracle.com/cve/CVE-2023-24537.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-24537", "https://pkg.go.dev/vuln/GO-2023-1702", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20241129-0004/", "https://ubuntu.com/security/notices/USN-6038-1", "https://ubuntu.com/security/notices/USN-6038-2", "https://ubuntu.com/security/notices/USN-6140-1", "https://www.cve.org/CVERecord?id=CVE-2023-24537" ], "PublishedDate": "2023-04-06T16:15:07.753Z", "LastModifiedDate": "2025-02-12T17:15:13.973Z" }, { "VulnerabilityID": "CVE-2023-24539", "VendorIDs": [ "GO-2023-1751" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.19.9, 1.20.4", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24539", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:72e9653f27e79605c69824822f4aa24b74e1ae44d2ef5ecbe201d134291eb64b", "Title": "golang: html/template: improper sanitization of CSS values", "Description": "Angle brackets (\u003c\u003e) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input.", "Severity": "HIGH", "CweIDs": [ "CWE-74", "CWE-94" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 7.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 7.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 7.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2023-24539", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://github.com/golang/go/commit/090590fdccc8442728aa31601927da1bf2ef1288 (go1.20.4)", "https://github.com/golang/go/commit/e49282327b05192e46086bf25fd3ac691205fe80 (go1.19.9)", "https://github.com/golang/go/issues/59720", "https://go.dev/cl/491615", "https://go.dev/issue/59720", "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU", "https://linux.oracle.com/cve/CVE-2023-24539.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-24539", "https://pkg.go.dev/vuln/GO-2023-1751", "https://security.netapp.com/advisory/ntap-20241129-0005/", "https://ubuntu.com/security/notices/USN-6140-1", "https://www.cve.org/CVERecord?id=CVE-2023-24539" ], "PublishedDate": "2023-05-11T16:15:09.6Z", "LastModifiedDate": "2025-01-24T17:15:10.67Z" }, { "VulnerabilityID": "CVE-2023-29400", "VendorIDs": [ "GO-2023-1753" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.19.9, 1.20.4", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29400", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:e2d71cac62575ad4343cb8f83ca96c12f8d8dd2e5fbff9a32f6b80b39a77101a", "Title": "golang: html/template: improper handling of empty HTML attributes", "Description": "Templates containing actions in unquoted HTML attributes (e.g. \"attr={{.}}\") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.", "Severity": "HIGH", "CweIDs": [ "CWE-74", "CWE-94" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 7.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 7.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 7.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2023-29400", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://github.com/golang/go/commit/337dd75343145b74ed2073d793322eb4103b56ad (go1.20.4)", "https://github.com/golang/go/commit/9db0e74f606b8afb28cc71d4b1c8b4ed24cabbf5 (go1.19.9)", "https://github.com/golang/go/issues/59722", "https://go.dev/cl/491617", "https://go.dev/issue/59722", "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU", "https://linux.oracle.com/cve/CVE-2023-29400.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-29400", "https://pkg.go.dev/vuln/GO-2023-1753", "https://security.netapp.com/advisory/ntap-20241213-0005/", "https://ubuntu.com/security/notices/USN-6140-1", "https://www.cve.org/CVERecord?id=CVE-2023-29400" ], "PublishedDate": "2023-05-11T16:15:09.85Z", "LastModifiedDate": "2025-01-24T17:15:12.747Z" }, { "VulnerabilityID": "CVE-2023-29403", "VendorIDs": [ "GO-2023-1840" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.19.10, 1.20.5", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29403", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:76e5afe10c7625d790f1819b62886af77e4b932ac7643b576d1f1b518ec55c55", "Title": "golang: runtime: unexpected behavior of setuid/setgid binaries", "Description": "On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.", "Severity": "HIGH", "CweIDs": [ "CWE-668" ], "VendorSeverity": { "alma": 4, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 4, "photon": 3, "redhat": 3, "rocky": 4, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:3923", "https://access.redhat.com/security/cve/CVE-2023-29403", "https://bugzilla.redhat.com/2216965", "https://bugzilla.redhat.com/2217562", "https://bugzilla.redhat.com/2217565", "https://bugzilla.redhat.com/2217569", "https://bugzilla.redhat.com/show_bug.cgi?id=2216965", "https://bugzilla.redhat.com/show_bug.cgi?id=2217562", "https://bugzilla.redhat.com/show_bug.cgi?id=2217565", "https://bugzilla.redhat.com/show_bug.cgi?id=2217569", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29402", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29403", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29404", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29405", "https://errata.almalinux.org/9/ALSA-2023-3923.html", "https://errata.rockylinux.org/RLSA-2023:3923", "https://github.com/golang/go/commit/36144ba429ef2650940c72e7a0b932af3612d420 (go1.20.5)", "https://github.com/golang/go/commit/a7b1cd452ddc69a6606c2f35ac5786dc892e62cb (go1.19.10)", "https://github.com/golang/go/issues/60272", "https://go.dev/cl/501223", "https://go.dev/issue/60272", "https://groups.google.com/g/golang-announce/c/q5135a9d924", "https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ", "https://linux.oracle.com/cve/CVE-2023-29403.html", "https://linux.oracle.com/errata/ELSA-2023-3923.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZ2O6YCO2IZMZJELQGZYR2WAUNEDLYV6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBS3IIK6ADV24C5ULQU55QLT2UE762ZX/", "https://nvd.nist.gov/vuln/detail/CVE-2023-29403", "https://pkg.go.dev/vuln/GO-2023-1840", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20241220-0009/", "https://ubuntu.com/security/notices/USN-7061-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://www.cve.org/CVERecord?id=CVE-2023-29403" ], "PublishedDate": "2023-06-08T21:15:16.927Z", "LastModifiedDate": "2025-01-06T20:15:25.82Z" }, { "VulnerabilityID": "CVE-2023-39325", "VendorIDs": [ "GHSA-4374-p667-p6c8", "GO-2023-2102" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.20.10, 1.21.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39325", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:12d710ff6a5075c72b494e08e169e02cd1c2ed22e45fd24abfb2cfa14fd9b172", "Title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)", "Description": "A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 2, "redhat": 3, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "golang.org/x/net", "https://access.redhat.com/errata/RHSA-2023:6077", "https://access.redhat.com/security/cve/CVE-2023-39325", "https://access.redhat.com/security/cve/CVE-2023-44487", "https://bugzilla.redhat.com/2242803", "https://bugzilla.redhat.com/2243296", "https://bugzilla.redhat.com/show_bug.cgi?id=2242803", "https://bugzilla.redhat.com/show_bug.cgi?id=2243296", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39325", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487", "https://errata.almalinux.org/9/ALSA-2023-6077.html", "https://errata.rockylinux.org/RLSA-2023:6077", "https://github.com/golang/go/commit/24ae2d927285c697440fdde3ad7f26028354bcf3 [golang- 1.21]", "https://github.com/golang/go/commit/e175f27f58aa7b9cd4d79607ae65d2cd5baaee68 [golang-1.20]", "https://github.com/golang/go/issues/63417", "https://go.dev/cl/534215", "https://go.dev/cl/534235", "https://go.dev/issue/63417", "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ", "https://linux.oracle.com/cve/CVE-2023-39325.html", "https://linux.oracle.com/errata/ELSA-2023-5867.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/", "https://nvd.nist.gov/vuln/detail/CVE-2023-39325", "https://pkg.go.dev/vuln/GO-2023-2102", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20231110-0008", "https://security.netapp.com/advisory/ntap-20231110-0008/", "https://ubuntu.com/security/notices/USN-6574-1", "https://ubuntu.com/security/notices/USN-7061-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", "https://www.cve.org/CVERecord?id=CVE-2023-39325" ], "PublishedDate": "2023-10-11T22:15:09.88Z", "LastModifiedDate": "2024-11-21T08:15:09.627Z" }, { "VulnerabilityID": "CVE-2023-45283", "VendorIDs": [ "GO-2023-2185" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.20.11, 1.21.4, 1.20.12, 1.21.5", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45283", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:165df9d6435c3737e8c3e12db298e7001717a445f4bd71eff2bb88f5cf3b3977", "Title": "The filepath package does not recognize paths with a \\??\\ prefix as sp ...", "Description": "The filepath package does not recognize paths with a \\??\\ prefix as special. On Windows, a path beginning with \\??\\ is a Root Local Device path equivalent to a path beginning with \\\\?\\. Paths with a \\??\\ prefix may be used to access arbitrary locations on the system. For example, the path \\??\\c:\\x is equivalent to the more common path c:\\x. Before fix, Clean could convert a rooted path such as \\a\\..\\??\\b into the root local device path \\??\\b. Clean will now convert this to .\\??\\b. Similarly, Join(\\, ??, b) could convert a seemingly innocent sequence of path elements into the root local device path \\??\\b. Join will now convert this to \\.\\??\\b. In addition, with fix, IsAbs now correctly reports paths beginning with \\??\\ as absolute, and VolumeName correctly reports the \\??\\ prefix as a volume name. UPDATE: Go 1.20.11 and Go 1.21.4 inadvertently changed the definition of the volume name in Windows paths starting with \\?, resulting in filepath.Clean(\\?\\c:) returning \\?\\c: rather than \\?\\c:\\ (among other effects). The previous behavior has been restored.", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "amazon": 2, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "photon": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/12/05/2", "https://go.dev/cl/540277", "https://go.dev/cl/541175", "https://go.dev/issue/63713", "https://go.dev/issue/64028", "https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY", "https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ", "https://nvd.nist.gov/vuln/detail/CVE-2023-45283", "https://pkg.go.dev/vuln/GO-2023-2185", "https://security.netapp.com/advisory/ntap-20231214-0008/" ], "PublishedDate": "2023-11-09T17:15:08.757Z", "LastModifiedDate": "2024-11-21T08:26:41.567Z" }, { "VulnerabilityID": "CVE-2023-45287", "VendorIDs": [ "GO-2023-2375" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.20.0", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45287", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f6e3e75c0ccdf7442b7c5d25bfd468d263fb887c52373604bd239f39aa272704", "Title": "golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges.", "Description": "Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS#1 padding may leak timing information, which in turn could be used to recover session key bits. In Go 1.20, the crypto/tls library switched to a fully constant time RSA implementation, which we do not believe exhibits any timing side channels.", "Severity": "HIGH", "CweIDs": [ "CWE-203" ], "VendorSeverity": { "alma": 2, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:2272", "https://access.redhat.com/security/cve/CVE-2023-45287", "https://bugzilla.redhat.com/2253193", "https://bugzilla.redhat.com/2253330", "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", "https://bugzilla.redhat.com/show_bug.cgi?id=2244340", "https://bugzilla.redhat.com/show_bug.cgi?id=2246840", "https://bugzilla.redhat.com/show_bug.cgi?id=2253193", "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", "https://bugzilla.redhat.com/show_bug.cgi?id=2262272", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39326", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650", "https://errata.almalinux.org/9/ALSA-2024-2272.html", "https://errata.rockylinux.org/RLSA-2024:2988", "https://go.dev/cl/326012/26", "https://go.dev/issue/20654", "https://groups.google.com/g/golang-announce/c/QMK8IQALDvA", "https://linux.oracle.com/cve/CVE-2023-45287.html", "https://linux.oracle.com/errata/ELSA-2024-2988.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-45287", "https://people.redhat.com/~hkario/marvin/", "https://pkg.go.dev/vuln/GO-2023-2375", "https://security.netapp.com/advisory/ntap-20240112-0005/", "https://www.cve.org/CVERecord?id=CVE-2023-45287" ], "PublishedDate": "2023-12-05T17:15:08.57Z", "LastModifiedDate": "2024-11-21T08:26:42.25Z" }, { "VulnerabilityID": "CVE-2023-45288", "VendorIDs": [ "GHSA-4v7x-pqxf-cx7m", "GO-2024-2687" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.21.9, 1.22.2", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45288", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:33e3e6cec2e0a8a14801eeb1d8716f05423232c7f15daf971ef304384e9c0e93", "Title": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS", "Description": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.", "Severity": "HIGH", "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "ghsa": 2, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/04/03/16", "http://www.openwall.com/lists/oss-security/2024/04/05/4", "https://access.redhat.com/errata/RHSA-2024:2724", "https://access.redhat.com/security/cve/CVE-2023-45288", "https://bugzilla.redhat.com/2268017", "https://bugzilla.redhat.com/2268018", "https://bugzilla.redhat.com/2268019", "https://bugzilla.redhat.com/2268273", "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", "https://errata.almalinux.org/9/ALSA-2024-2724.html", "https://errata.rockylinux.org/RLSA-2024:2724", "https://go.dev/cl/576155", "https://go.dev/issue/65051", "https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M", "https://kb.cert.org/vuls/id/421644", "https://linux.oracle.com/cve/CVE-2023-45288.html", "https://linux.oracle.com/errata/ELSA-2024-3346.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/", "https://nowotarski.info/http2-continuation-flood-technical-details", "https://nowotarski.info/http2-continuation-flood/", "https://nvd.nist.gov/vuln/detail/CVE-2023-45288", "https://pkg.go.dev/vuln/GO-2024-2687", "https://security.netapp.com/advisory/ntap-20240419-0009", "https://security.netapp.com/advisory/ntap-20240419-0009/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2023-45288", "https://www.kb.cert.org/vuls/id/421644" ], "PublishedDate": "2024-04-04T21:15:16.113Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-34156", "VendorIDs": [ "GO-2024-3106" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.22.7, 1.23.1", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34156", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:bdcaa72a77b65cfd3f0147d8b775934cd536f804cefec54d833409673b1321df", "Title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion", "Description": "Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "Severity": "HIGH", "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:3773", "https://access.redhat.com/security/cve/CVE-2024-34156", "https://bugzilla.redhat.com/2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", "https://errata.almalinux.org/9/ALSA-2025-3773.html", "https://errata.rockylinux.org/RLSA-2025:3773", "https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7)", "https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1)", "https://go.dev/cl/611239", "https://go.dev/issue/69139", "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "https://linux.oracle.com/cve/CVE-2024-34156.html", "https://linux.oracle.com/errata/ELSA-2025-3773.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-34156", "https://pkg.go.dev/vuln/GO-2024-3106", "https://security.netapp.com/advisory/ntap-20240926-0004/", "https://ubuntu.com/security/notices/USN-7081-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-34156" ], "PublishedDate": "2024-09-06T21:15:12.02Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-61726", "VendorIDs": [ "GO-2026-4341" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61726", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:9ffda6afe921799e41373fb5ceb7374cd72eef03510d02a6a098521764d408f8", "Title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url", "Description": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 3, "cbl-mariner": 2, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4177", "https://access.redhat.com/security/cve/CVE-2025-61726", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-4177.html", "https://errata.rockylinux.org/RLSA-2026:4177", "https://go.dev/cl/736712", "https://go.dev/issue/77101", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-61726.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61726", "https://pkg.go.dev/vuln/GO-2026-4341", "https://www.cve.org/CVERecord?id=CVE-2025-61726" ], "PublishedDate": "2026-01-28T20:16:09.713Z", "LastModifiedDate": "2026-02-06T18:47:34.52Z" }, { "VulnerabilityID": "CVE-2025-61729", "VendorIDs": [ "GO-2025-4155" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.24.11, 1.25.5", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61729", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b435c4f50c1fc7deecad6df9c48227db683e3da32eead6d16c174b13683048f1", "Title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate", "Description": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 1, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:3928", "https://access.redhat.com/security/cve/CVE-2025-61729", "https://bugzilla.redhat.com/2418462", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-3928.html", "https://errata.rockylinux.org/RLSA-2026:3928", "https://go.dev/cl/725920", "https://go.dev/issue/76445", "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "https://linux.oracle.com/cve/CVE-2025-61729.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61729", "https://pkg.go.dev/vuln/GO-2025-4155", "https://www.cve.org/CVERecord?id=CVE-2025-61729" ], "PublishedDate": "2025-12-02T19:15:51.447Z", "LastModifiedDate": "2025-12-19T18:25:28.283Z" }, { "VulnerabilityID": "CVE-2026-25679", "VendorIDs": [ "GO-2026-4601" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.25.8, 1.26.1", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25679", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:6ee63655d232783a957627b31a9c2be2f11ae29a5ebfaf8880756565584e4c89", "Title": "net/url: Incorrect parsing of IPv6 host literals in net/url", "Description": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.", "Severity": "HIGH", "CweIDs": [ "CWE-425" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:9044", "https://access.redhat.com/security/cve/CVE-2026-25679", "https://bugzilla.redhat.com/2445356", "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", "https://errata.almalinux.org/9/ALSA-2026-9044.html", "https://errata.rockylinux.org/RLSA-2026:8841", "https://go.dev/cl/752180", "https://go.dev/issue/77578", "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "https://linux.oracle.com/cve/CVE-2026-25679.html", "https://linux.oracle.com/errata/ELSA-2026-9044.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", "https://pkg.go.dev/vuln/GO-2026-4601", "https://www.cve.org/CVERecord?id=CVE-2026-25679" ], "PublishedDate": "2026-03-06T22:16:00.72Z", "LastModifiedDate": "2026-04-21T14:43:03.8Z" }, { "VulnerabilityID": "CVE-2026-32280", "VendorIDs": [ "GO-2026-4947" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:2f13f7c4dac3ce333bf8bf9d62d636c3bae4d8aeb95f06c433b729e6fd6312bb", "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32280", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/758320", "https://go.dev/issue/78282", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32280.html", "https://linux.oracle.com/errata/ELSA-2026-16875.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", "https://pkg.go.dev/vuln/GO-2026-4947", "https://www.cve.org/CVERecord?id=CVE-2026-32280" ], "PublishedDate": "2026-04-08T02:16:03.247Z", "LastModifiedDate": "2026-04-16T19:16:42.18Z" }, { "VulnerabilityID": "CVE-2026-32281", "VendorIDs": [ "GO-2026-4946" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:14e2962bfcc4c6f26c1101e787b2f26b98d8fbab641b21e3d5dcfe0b993a8a64", "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32281", "https://go.dev/cl/758061", "https://go.dev/issue/78281", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", "https://pkg.go.dev/vuln/GO-2026-4946", "https://www.cve.org/CVERecord?id=CVE-2026-32281" ], "PublishedDate": "2026-04-08T02:16:03.35Z", "LastModifiedDate": "2026-04-16T19:15:57.75Z" }, { "VulnerabilityID": "CVE-2026-32283", "VendorIDs": [ "GO-2026-4870" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3a70f3bf90c64722e30f9842c041ef3418f7395073fe425e6c234de028f3272c", "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "nvd": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32283", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763767", "https://go.dev/issue/78334", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32283.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", "https://pkg.go.dev/vuln/GO-2026-4870", "https://www.cve.org/CVERecord?id=CVE-2026-32283" ], "PublishedDate": "2026-04-08T02:16:03.58Z", "LastModifiedDate": "2026-04-16T19:12:10.54Z" }, { "VulnerabilityID": "CVE-2026-33811", "VendorIDs": [ "GO-2026-4981" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:5d493121e766550a8bab956bf2c54b2f69aefd525cdbf3cba053bf90a4f72fc8", "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", "Severity": "HIGH", "CweIDs": [ "CWE-415" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/767860", "https://go.dev/issue/78803", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", "https://pkg.go.dev/vuln/GO-2026-4981" ], "PublishedDate": "2026-05-07T20:16:42.77Z", "LastModifiedDate": "2026-05-12T20:23:02.333Z" }, { "VulnerabilityID": "CVE-2026-33814", "VendorIDs": [ "GO-2026-4918" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3fa6302a4c4910efc40ab28d954f71a44ba458dee644bf8655b556bd3b8693e3", "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", "Severity": "HIGH", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/761581", "https://go.dev/cl/761640", "https://go.dev/issue/78476", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", "https://pkg.go.dev/vuln/GO-2026-4918" ], "PublishedDate": "2026-05-07T20:16:42.88Z", "LastModifiedDate": "2026-05-13T14:41:59.52Z" }, { "VulnerabilityID": "CVE-2026-39820", "VendorIDs": [ "GO-2026-4986" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:ac084dc68ec056a40664808035b454458215fd1f8efec3299325c96cb229218b", "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/759940", "https://go.dev/issue/78566", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", "https://pkg.go.dev/vuln/GO-2026-4986" ], "PublishedDate": "2026-05-07T20:16:43.187Z", "LastModifiedDate": "2026-05-13T15:10:58.65Z" }, { "VulnerabilityID": "CVE-2026-39836", "VendorIDs": [ "GO-2026-4971" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:2f31defc56731108f7ff6ff598a6da131dd3a11964c92132ba07596c2f04dfed", "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/775320", "https://go.dev/issue/79006", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", "https://pkg.go.dev/vuln/GO-2026-4971" ], "PublishedDate": "2026-05-07T20:16:43.593Z", "LastModifiedDate": "2026-05-13T15:11:10.31Z" }, { "VulnerabilityID": "CVE-2026-42499", "VendorIDs": [ "GO-2026-4977" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:881cdb92f6c2ff8c4c6b419047daa15c282752b216c0687077d9df22c056a096", "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", "Severity": "HIGH", "VendorSeverity": { "bitnami": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/771520", "https://go.dev/issue/78987", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", "https://pkg.go.dev/vuln/GO-2026-4977" ], "PublishedDate": "2026-05-07T20:16:44.54Z", "LastModifiedDate": "2026-05-13T16:59:17.563Z" }, { "VulnerabilityID": "CVE-2021-44717", "VendorIDs": [ "GO-2022-0289" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.16.12, 1.17.5", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2021-44717", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f3915de774619f28cdf3f5915d9e3550d2bc575964605f1425fc22b544c59bc0", "Title": "golang: syscall: don't close fd 0 on ForkExec error", "Description": "Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-descriptor exhaustion.", "Severity": "MEDIUM", "CweIDs": [ "CWE-404" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.8 }, "nvd": { "V2Vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "V2Score": 5.8, "V3Score": 4.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2021-44717", "https://bugzilla.redhat.com/show_bug.cgi?id=2030801", "https://bugzilla.redhat.com/show_bug.cgi?id=2030806", "https://cert-portal.siemens.com/productcert/pdf/ssa-744259.pdf", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44716", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44717", "https://errata.rockylinux.org/RLSA-2021:5160", "https://github.com/golang/go/commit/44a3fb49d99cc8a4de4925b69650f97bb07faf1d (go1.17.5)", "https://github.com/golang/go/issues/50057", "https://go.dev/cl/370576", "https://go.dev/cl/370577", "https://go.dev/cl/370795", "https://go.dev/issue/50057", "https://go.googlesource.com/go/+/a76511f3a40ea69ee4f5cd86e735e1c8a84f0aa2", "https://groups.google.com/g/golang-announce/c/hcmEScgc00k", "https://groups.google.com/g/golang-announce/c/hcmEScgc00k/m/ZWnOjeY4CQAJ", "https://linux.oracle.com/cve/CVE-2021-44717.html", "https://linux.oracle.com/errata/ELSA-2021-5160.html", "https://lists.debian.org/debian-lts-announce/2022/01/msg00016.html", "https://lists.debian.org/debian-lts-announce/2022/01/msg00017.html", "https://lists.debian.org/debian-lts-announce/2023/04/msg00021.html", "https://nvd.nist.gov/vuln/detail/CVE-2021-44717", "https://pkg.go.dev/vuln/GO-2022-0289", "https://security.gentoo.org/glsa/202208-02", "https://www.cve.org/CVERecord?id=CVE-2021-44717" ], "PublishedDate": "2022-01-01T05:15:08.367Z", "LastModifiedDate": "2024-11-21T06:31:27.117Z" }, { "VulnerabilityID": "CVE-2022-1705", "VendorIDs": [ "GO-2022-0525" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.17.12, 1.18.4", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-1705", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3cd3a66542b1cd87133e944a9c0fca7a603a58ab7934ce035b042b153c86bf47", "Title": "golang: net/http: improper sanitization of Transfer-Encoding header", "Description": "Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid.", "Severity": "MEDIUM", "CweIDs": [ "CWE-444" ], "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:2357", "https://access.redhat.com/security/cve/CVE-2022-1705", "https://bugzilla.redhat.com/2107371", "https://bugzilla.redhat.com/2107374", "https://bugzilla.redhat.com/2107383", "https://bugzilla.redhat.com/2107386", "https://bugzilla.redhat.com/2107388", "https://bugzilla.redhat.com/2113814", "https://bugzilla.redhat.com/2124669", "https://bugzilla.redhat.com/2132868", "https://bugzilla.redhat.com/2132872", "https://bugzilla.redhat.com/2161274", "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", "https://errata.almalinux.org/9/ALSA-2023-2357.html", "https://errata.rockylinux.org/RLSA-2022:8250", "https://github.com/golang/go/commit/e5017a93fcde94f09836200bca55324af037ee5f", "https://go.dev/cl/409874", "https://go.dev/cl/410714", "https://go.dev/issue/53188", "https://go.googlesource.com/go/+/e5017a93fcde94f09836200bca55324af037ee5f", "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "https://linux.oracle.com/cve/CVE-2022-1705.html", "https://linux.oracle.com/errata/ELSA-2023-2802.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-1705", "https://pkg.go.dev/vuln/GO-2022-0525", "https://ubuntu.com/security/notices/USN-6038-1", "https://ubuntu.com/security/notices/USN-6038-2", "https://www.cve.org/CVERecord?id=CVE-2022-1705" ], "PublishedDate": "2022-08-10T20:15:25.353Z", "LastModifiedDate": "2026-03-06T18:16:10.133Z" }, { "VulnerabilityID": "CVE-2022-1962", "VendorIDs": [ "GO-2022-0515" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.17.12, 1.18.4", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-1962", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:5013335449f280a81fb5c3c9aeb2c6001d21b3c949fc34e8bc44459ac881fe04", "Title": "golang: go/parser: stack exhaustion in all Parse* functions", "Description": "Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations.", "Severity": "MEDIUM", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2022:8057", "https://access.redhat.com/security/cve/CVE-2022-1962", "https://bugzilla.redhat.com/2044628", "https://bugzilla.redhat.com/2045880", "https://bugzilla.redhat.com/2050648", "https://bugzilla.redhat.com/2050742", "https://bugzilla.redhat.com/2050743", "https://bugzilla.redhat.com/2065290", "https://bugzilla.redhat.com/2107342", "https://bugzilla.redhat.com/2107371", "https://bugzilla.redhat.com/2107374", "https://bugzilla.redhat.com/2107376", "https://bugzilla.redhat.com/2107383", "https://bugzilla.redhat.com/2107386", "https://bugzilla.redhat.com/2107388", "https://bugzilla.redhat.com/2107390", "https://bugzilla.redhat.com/2107392", "https://bugzilla.redhat.com/show_bug.cgi?id=2044628", "https://bugzilla.redhat.com/show_bug.cgi?id=2045880", "https://bugzilla.redhat.com/show_bug.cgi?id=2050648", "https://bugzilla.redhat.com/show_bug.cgi?id=2050742", "https://bugzilla.redhat.com/show_bug.cgi?id=2050743", "https://bugzilla.redhat.com/show_bug.cgi?id=2055349", "https://bugzilla.redhat.com/show_bug.cgi?id=2065290", "https://bugzilla.redhat.com/show_bug.cgi?id=2104367", "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23648", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1962", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21673", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21698", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21702", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21703", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21713", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28131", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30633", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", "https://errata.almalinux.org/9/ALSA-2022-8057.html", "https://errata.rockylinux.org/RLSA-2022:8057", "https://github.com/golang/go/commit/695be961d57508da5a82217f7415200a11845879", "https://go.dev/cl/417063", "https://go.dev/issue/53616", "https://go.googlesource.com/go/+/695be961d57508da5a82217f7415200a11845879", "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "https://linux.oracle.com/cve/CVE-2022-1962.html", "https://linux.oracle.com/errata/ELSA-2023-2802.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-1962", "https://pkg.go.dev/vuln/GO-2022-0515", "https://ubuntu.com/security/notices/USN-6038-1", "https://www.cve.org/CVERecord?id=CVE-2022-1962" ], "PublishedDate": "2022-08-10T20:15:26.25Z", "LastModifiedDate": "2026-03-06T20:16:09.373Z" }, { "VulnerabilityID": "CVE-2022-29526", "VendorIDs": [ "GHSA-p782-xgp4-8hr8", "GO-2022-0493" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.17.10, 1.18.2", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-29526", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:9708d907ace5d079cf43b525dd6cc48ade871e3826cb19d33936d8d93a256d72", "Title": "golang: syscall: faccessat checks wrong group", "Description": "Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.", "Severity": "MEDIUM", "CweIDs": [ "CWE-269" ], "VendorSeverity": { "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "ghsa": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "nvd": { "V2Vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V2Score": 5, "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.2 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-29526", "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1962", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24675", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24921", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28131", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28327", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29526", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30629", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30633", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", "https://errata.rockylinux.org/RLSA-2022:5799", "https://github.com/golang/go", "https://github.com/golang/go/commit/f66925e854e71e0c54b581885380a490d7afa30c", "https://github.com/golang/go/issues/52313", "https://go.dev/cl/399539", "https://go.dev/cl/400074", "https://go.dev/issue/52313", "https://groups.google.com/g/golang-announce", "https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU", "https://linux.oracle.com/cve/CVE-2022-29526.html", "https://linux.oracle.com/errata/ELSA-2022-5337.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6GE5EQGE4L2KRVGW4T75QVIYAXCLO5X/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q6GE5EQGE4L2KRVGW4T75QVIYAXCLO5X", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR", "https://nvd.nist.gov/vuln/detail/CVE-2022-29526", "https://pkg.go.dev/vuln/GO-2022-0493", "https://security.gentoo.org/glsa/202208-02", "https://security.netapp.com/advisory/ntap-20220729-0001", "https://security.netapp.com/advisory/ntap-20220729-0001/", "https://ubuntu.com/security/notices/USN-6038-1", "https://ubuntu.com/security/notices/USN-6038-2", "https://www.cve.org/CVERecord?id=CVE-2022-29526" ], "PublishedDate": "2022-06-23T17:15:12.747Z", "LastModifiedDate": "2024-11-21T06:59:15.563Z" }, { "VulnerabilityID": "CVE-2022-32148", "VendorIDs": [ "GO-2022-0520" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.17.12, 1.18.4", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-32148", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:27df03e5cd15a51661ee796e22cbd5dd8c5ffc60be9bce740b351d726f49d115", "Title": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working", "Description": "Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:2357", "https://access.redhat.com/security/cve/CVE-2022-32148", "https://bugzilla.redhat.com/2107371", "https://bugzilla.redhat.com/2107374", "https://bugzilla.redhat.com/2107383", "https://bugzilla.redhat.com/2107386", "https://bugzilla.redhat.com/2107388", "https://bugzilla.redhat.com/2113814", "https://bugzilla.redhat.com/2124669", "https://bugzilla.redhat.com/2132868", "https://bugzilla.redhat.com/2132872", "https://bugzilla.redhat.com/2161274", "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", "https://errata.almalinux.org/9/ALSA-2023-2357.html", "https://errata.rockylinux.org/RLSA-2022:8250", "https://github.com/golang/go/commit/ebea1e3353fa766025aa5190b9c7cc05cf069187 (1.18)", "https://go.dev/cl/412857", "https://go.dev/issue/53423", "https://go.googlesource.com/go/+/b2cc0fecc2ccd80e6d5d16542cc684f97b3a9c8a", "https://groups.google.com/g/golang-announce/c/nqrv9fbR0zE", "https://linux.oracle.com/cve/CVE-2022-32148.html", "https://linux.oracle.com/errata/ELSA-2023-2802.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-32148", "https://pkg.go.dev/vuln/GO-2022-0520", "https://ubuntu.com/security/notices/USN-6038-1", "https://ubuntu.com/security/notices/USN-6038-2", "https://www.cve.org/CVERecord?id=CVE-2022-32148" ], "PublishedDate": "2022-08-10T20:15:47.133Z", "LastModifiedDate": "2026-03-06T20:16:10.927Z" }, { "VulnerabilityID": "CVE-2022-41717", "VendorIDs": [ "GHSA-xrjj-mj9h-534m", "GO-2022-1144" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.18.9, 1.19.4", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41717", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:d8e1483200f49c5b02562d1d5c4f8253ee92920ab045a68904b217132eb98758", "Title": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests", "Description": "An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "ghsa": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6420", "https://access.redhat.com/security/cve/CVE-2022-41717", "https://bugzilla.redhat.com/2131146", "https://bugzilla.redhat.com/2131147", "https://bugzilla.redhat.com/2131148", "https://bugzilla.redhat.com/2138014", "https://bugzilla.redhat.com/2138015", "https://bugzilla.redhat.com/2148252", "https://bugzilla.redhat.com/2158420", "https://bugzilla.redhat.com/2161274", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2107342", "https://bugzilla.redhat.com/show_bug.cgi?id=2107371", "https://bugzilla.redhat.com/show_bug.cgi?id=2107374", "https://bugzilla.redhat.com/show_bug.cgi?id=2107376", "https://bugzilla.redhat.com/show_bug.cgi?id=2107383", "https://bugzilla.redhat.com/show_bug.cgi?id=2107386", "https://bugzilla.redhat.com/show_bug.cgi?id=2107388", "https://bugzilla.redhat.com/show_bug.cgi?id=2107390", "https://bugzilla.redhat.com/show_bug.cgi?id=2107392", "https://bugzilla.redhat.com/show_bug.cgi?id=2113814", "https://bugzilla.redhat.com/show_bug.cgi?id=2121445", "https://bugzilla.redhat.com/show_bug.cgi?id=2124669", "https://bugzilla.redhat.com/show_bug.cgi?id=2161274", "https://bugzilla.redhat.com/show_bug.cgi?id=2168256", "https://cs.opensource.google/go/x/net", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1962", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-27664", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28131", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2989", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30633", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41717", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0778", "https://errata.almalinux.org/9/ALSA-2023-6420.html", "https://errata.rockylinux.org/RLSA-2023:2802", "https://github.com/golang/go/commit/618120c165669c00a1606505defea6ca755cdc27 (go1.19.4)", "https://github.com/golang/go/commit/76cad4edc29d28432a7a0aa27e87385d3d7db7a1 (go1.18.9)", "https://go.dev/cl/455635", "https://go.dev/cl/455717", "https://go.dev/issue/56350", "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU", "https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU/m/yZDrXjIiBQAJ", "https://linux.oracle.com/cve/CVE-2022-41717.html", "https://linux.oracle.com/errata/ELSA-2023-6420.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/56B2FFESRYYP6IY2AZ3UWXLWKZ5IYZN4/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CSVIS6MTMFVBA7JPMRAUNKUOYEVSJYSB/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NQGNAXK3YBPMUP3J4TECIRDHFGW37522/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PUM4DIVOLJCBK5ZDP4LJOL24GXT3YSIR/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Q52IQI754YAE4XPR4QBRWPIVZWYGZ4FS/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QBKBAZBIOXZV5QCFHZNSVXULR32XJCYD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WPEIZ7AMEJCZXU3FEJZMVRNHQZXX5P3I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/", "https://nvd.nist.gov/vuln/detail/CVE-2022-41717", "https://pkg.go.dev/vuln/GO-2022-1144", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20230120-0008/", "https://ubuntu.com/security/notices/USN-6038-1", "https://ubuntu.com/security/notices/USN-6038-2", "https://www.cve.org/CVERecord?id=CVE-2022-41717" ], "PublishedDate": "2022-12-08T20:15:10.33Z", "LastModifiedDate": "2024-11-21T07:23:43.713Z" }, { "VulnerabilityID": "CVE-2023-24532", "VendorIDs": [ "GO-2023-1621" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.19.7, 1.20.2", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24532", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:bafcaa013819d6566c66aa96159651af7606fb6c60c218507dd6d939d94af43b", "Title": "golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results", "Description": "The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages of crypto/ecdsa or crypto/ecdh.", "Severity": "MEDIUM", "CweIDs": [ "CWE-682" ], "VendorSeverity": { "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-24532", "https://go.dev/cl/471255", "https://go.dev/issue/58647", "https://groups.google.com/g/golang-announce/c/3-TpUx48iQY", "https://nvd.nist.gov/vuln/detail/CVE-2023-24532", "https://pkg.go.dev/vuln/GO-2023-1621", "https://security.netapp.com/advisory/ntap-20230331-0011/", "https://www.cve.org/CVERecord?id=CVE-2023-24532" ], "PublishedDate": "2023-03-08T20:15:09.413Z", "LastModifiedDate": "2024-11-21T07:48:04.383Z" }, { "VulnerabilityID": "CVE-2023-29406", "VendorIDs": [ "GO-2023-1878" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.19.11, 1.20.6", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29406", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:55a5565d6ceb101d96d8d128191d5aa5cab53d19ff3ba05ea9761fcf388c3e7e", "Title": "golang: net/http: insufficient sanitization of Host header", "Description": "The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.", "Severity": "MEDIUM", "CweIDs": [ "CWE-436" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "V3Score": 6.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2023-29406", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2242871", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:7202", "https://github.com/golang/go/commit/312920c00aac9897b2a0693e752390b5b0711a5a (go1.20.6)", "https://github.com/golang/go/commit/5fa6923b1ea891400153d04ddf1545e23b40041b (go1.19.11)", "https://github.com/golang/go/issues/60374", "https://go.dev/cl/506996", "https://go.dev/issue/60374", "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0", "https://linux.oracle.com/cve/CVE-2023-29406.html", "https://linux.oracle.com/errata/ELSA-2023-7202.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-29406", "https://pkg.go.dev/vuln/GO-2023-1878", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20230814-0002/", "https://ubuntu.com/security/notices/USN-7061-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://www.cve.org/CVERecord?id=CVE-2023-29406" ], "PublishedDate": "2023-07-11T20:15:10.643Z", "LastModifiedDate": "2024-11-21T07:56:59.913Z" }, { "VulnerabilityID": "CVE-2023-29409", "VendorIDs": [ "GO-2023-1987" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.19.12, 1.20.7, 1.21.0-rc.4", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29409", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:ec065511e36172b45d84be88ce411e08f67c47a15ce94eda1f5c9d698de1a2d7", "Title": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys", "Description": "Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to \u003c= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable.", "Severity": "MEDIUM", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:7766", "https://access.redhat.com/security/cve/CVE-2023-29409", "https://bugzilla.redhat.com/2228743", "https://bugzilla.redhat.com/2237773", "https://bugzilla.redhat.com/2237776", "https://bugzilla.redhat.com/2237777", "https://bugzilla.redhat.com/2237778", "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", "https://bugzilla.redhat.com/show_bug.cgi?id=2244340", "https://bugzilla.redhat.com/show_bug.cgi?id=2246840", "https://bugzilla.redhat.com/show_bug.cgi?id=2253193", "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", "https://bugzilla.redhat.com/show_bug.cgi?id=2262272", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39326", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650", "https://errata.almalinux.org/9/ALSA-2023-7766.html", "https://errata.rockylinux.org/RLSA-2024:2988", "https://go.dev/cl/515257", "https://go.dev/issue/61460", "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ", "https://linux.oracle.com/cve/CVE-2023-29409.html", "https://linux.oracle.com/errata/ELSA-2024-2988.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-29409", "https://pkg.go.dev/vuln/GO-2023-1987", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20230831-0010/", "https://www.cve.org/CVERecord?id=CVE-2023-29409" ], "PublishedDate": "2023-08-02T20:15:11.94Z", "LastModifiedDate": "2024-11-21T07:57:00.287Z" }, { "VulnerabilityID": "CVE-2023-39318", "VendorIDs": [ "GO-2023-2041" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.20.8, 1.21.1", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39318", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3c7d75ca72905eb28d783c82764f9e7992cd0dc08bcb2f9346fc1e4fe2a82b85", "Title": "golang: html/template: improper handling of HTML-like comments within script contexts", "Description": "The html/template package does not properly handle HTML-like \"\" comment tokens, nor hashbang \"#!\" comment tokens, in \u003cscript\u003e contexts. This may cause the template parser to improperly interpret the contents of \u003cscript\u003e contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:2160", "https://access.redhat.com/security/cve/CVE-2023-39318", "https://bugzilla.redhat.com/2237773", "https://bugzilla.redhat.com/2237776", "https://bugzilla.redhat.com/2253330", "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", "https://bugzilla.redhat.com/show_bug.cgi?id=2244340", "https://bugzilla.redhat.com/show_bug.cgi?id=2246840", "https://bugzilla.redhat.com/show_bug.cgi?id=2253193", "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", "https://bugzilla.redhat.com/show_bug.cgi?id=2262272", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39326", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650", "https://errata.almalinux.org/9/ALSA-2024-2160.html", "https://errata.rockylinux.org/RLSA-2024:2988", "https://github.com/golang/go/commit/023b542edf38e2a1f87fcefb9f75ff2f99401b4c (go1.20.8)", "https://github.com/golang/go/commit/b0e1d3ea26e8e8fce7726690c9ef0597e60739fb (go1.21.1)", "https://go.dev/cl/526156", "https://go.dev/issue/62196", "https://groups.google.com/g/golang-announce/c/Fm51GRLNRvM", "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", "https://linux.oracle.com/cve/CVE-2023-39318.html", "https://linux.oracle.com/errata/ELSA-2024-2988.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-39318", "https://pkg.go.dev/vuln/GO-2023-2041", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20231020-0009/", "https://ubuntu.com/security/notices/USN-6574-1", "https://ubuntu.com/security/notices/USN-7061-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://vuln.go.dev/ID/GO-2023-2041.json", "https://www.cve.org/CVERecord?id=CVE-2023-39318" ], "PublishedDate": "2023-09-08T17:15:27.823Z", "LastModifiedDate": "2024-11-21T08:15:08.737Z" }, { "VulnerabilityID": "CVE-2023-39319", "VendorIDs": [ "GO-2023-2043" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.20.8, 1.21.1", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39319", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:bb45f155fd7caffa1c2d3d0fbba06c06cd3e628d2f5bfa847b32cce406b1b48b", "Title": "golang: html/template: improper handling of special tags within script contexts", "Description": "The html/template package does not apply the proper rules for handling occurrences of \"\u003cscript\", \"\u003c!--\", and \"\u003c/script\" within JS literals in \u003cscript\u003e contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:2160", "https://access.redhat.com/security/cve/CVE-2023-39319", "https://bugzilla.redhat.com/2237773", "https://bugzilla.redhat.com/2237776", "https://bugzilla.redhat.com/2253330", "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", "https://bugzilla.redhat.com/show_bug.cgi?id=2244340", "https://bugzilla.redhat.com/show_bug.cgi?id=2246840", "https://bugzilla.redhat.com/show_bug.cgi?id=2253193", "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", "https://bugzilla.redhat.com/show_bug.cgi?id=2262272", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39326", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650", "https://errata.almalinux.org/9/ALSA-2024-2160.html", "https://errata.rockylinux.org/RLSA-2024:2988", "https://github.com/golang/go/commit/2070531d2f53df88e312edace6c8dfc9686ab2f5 (go1.20.8)", "https://github.com/golang/go/commit/bbd043ff0d6d59f1a9232d31ecd5eacf6507bf6a (go1.21.1)", "https://go.dev/cl/526157", "https://go.dev/issue/62197", "https://groups.google.com/g/golang-announce/c/Fm51GRLNRvM", "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", "https://linux.oracle.com/cve/CVE-2023-39319.html", "https://linux.oracle.com/errata/ELSA-2024-2988.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-39319", "https://pkg.go.dev/vuln/GO-2023-2043", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20231020-0009/", "https://ubuntu.com/security/notices/USN-6574-1", "https://ubuntu.com/security/notices/USN-7061-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://vuln.go.dev/ID/GO-2023-2043.json", "https://www.cve.org/CVERecord?id=CVE-2023-39319" ], "PublishedDate": "2023-09-08T17:15:27.91Z", "LastModifiedDate": "2024-11-21T08:15:08.89Z" }, { "VulnerabilityID": "CVE-2023-39326", "VendorIDs": [ "GO-2023-2382" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.20.12, 1.21.5", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39326", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:ae2aebc72a72a7e2a72eb25adc4b59b78b249c4dde261544c4b4d72199e2ae38", "Title": "golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests", "Description": "A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:2272", "https://access.redhat.com/security/cve/CVE-2023-39326", "https://bugzilla.redhat.com/2253193", "https://bugzilla.redhat.com/2253330", "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", "https://bugzilla.redhat.com/show_bug.cgi?id=2244340", "https://bugzilla.redhat.com/show_bug.cgi?id=2246840", "https://bugzilla.redhat.com/show_bug.cgi?id=2253193", "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", "https://bugzilla.redhat.com/show_bug.cgi?id=2262272", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39326", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650", "https://errata.almalinux.org/9/ALSA-2024-2272.html", "https://errata.rockylinux.org/RLSA-2024:2988", "https://github.com/golang/go/commit/6446af942e2e2b161c4ec1b60d9703a2b55dc4dd (go1.20.12)", "https://github.com/golang/go/commit/ec8c526e4be720e94b98ca509e6364f0efaf28f7 (go1.21.5)", "https://go.dev/cl/547335", "https://go.dev/issue/64433", "https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ", "https://linux.oracle.com/cve/CVE-2023-39326.html", "https://linux.oracle.com/errata/ELSA-2024-2988.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UIU6HOGV6RRIKWM57LOXQA75BGZSIH6G/", "https://nvd.nist.gov/vuln/detail/CVE-2023-39326", "https://pkg.go.dev/vuln/GO-2023-2382", "https://ubuntu.com/security/notices/USN-6574-1", "https://www.cve.org/CVERecord?id=CVE-2023-39326" ], "PublishedDate": "2023-12-06T17:15:07.147Z", "LastModifiedDate": "2024-11-21T08:15:09.89Z" }, { "VulnerabilityID": "CVE-2023-45284", "VendorIDs": [ "GO-2023-2186" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.20.11, 1.21.4", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45284", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:1a0ebbd8ffc902c7e6695b3c2c230ff18263440c45725cf22bb23d7916599564", "Title": "On Windows, The IsLocal function does not correctly detect reserved de ...", "Description": "On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as \"COM1 \", and reserved names \"COM\" and \"LPT\" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "photon": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://go.dev/cl/540277", "https://go.dev/issue/63713", "https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY", "https://nvd.nist.gov/vuln/detail/CVE-2023-45284", "https://pkg.go.dev/vuln/GO-2023-2186" ], "PublishedDate": "2023-11-09T17:15:08.813Z", "LastModifiedDate": "2024-11-21T08:26:41.737Z" }, { "VulnerabilityID": "CVE-2023-45289", "VendorIDs": [ "GO-2024-2600" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.21.8, 1.22.1", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45289", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:7240ce9aa087588f666e7b7f3c6989a0b30a2b67c4cb3a04eb35af0f83f3325e", "Title": "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect", "Description": "When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 3, "amazon": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "V3Score": 4.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/08/4", "https://access.redhat.com/errata/RHSA-2024:2724", "https://access.redhat.com/security/cve/CVE-2023-45289", "https://bugzilla.redhat.com/2268017", "https://bugzilla.redhat.com/2268018", "https://bugzilla.redhat.com/2268019", "https://bugzilla.redhat.com/2268273", "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", "https://errata.almalinux.org/9/ALSA-2024-2724.html", "https://errata.rockylinux.org/RLSA-2024:2724", "https://github.com/golang/go/commit/20586c0dbe03d144f914155f879fa5ee287591a1 (go1.21.8)", "https://github.com/golang/go/commit/3a855208e3efed2e9d7c20ad023f1fa78afcc0be (go1.22.1)", "https://github.com/golang/go/issues/65065", "https://go.dev/cl/569340", "https://go.dev/issue/65065", "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "https://linux.oracle.com/cve/CVE-2023-45289.html", "https://linux.oracle.com/errata/ELSA-2024-3346.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-45289", "https://pkg.go.dev/vuln/GO-2024-2600", "https://security.netapp.com/advisory/ntap-20240329-0006/", "https://ubuntu.com/security/notices/USN-6886-1", "https://www.cve.org/CVERecord?id=CVE-2023-45289" ], "PublishedDate": "2024-03-05T23:15:07.137Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2023-45290", "VendorIDs": [ "GO-2024-2599" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.21.8, 1.22.1", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45290", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:bc286a66f570ecb062d5ab156f03d2e5690bdff35c40d4078236978230eccb60", "Title": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm", "Description": "When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 2, "amazon": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/08/4", "https://access.redhat.com/errata/RHSA-2024:9135", "https://access.redhat.com/security/cve/CVE-2023-45290", "https://bugzilla.redhat.com/2268017", "https://bugzilla.redhat.com/2268022", "https://bugzilla.redhat.com/2279814", "https://bugzilla.redhat.com/2295310", "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24785", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", "https://errata.almalinux.org/9/ALSA-2024-9135.html", "https://errata.rockylinux.org/RLSA-2024:9135", "https://github.com/golang/go/commit/041a47712e765e94f86d841c3110c840e76d8f82 (go1.22.1)", "https://github.com/golang/go/commit/bf80213b121074f4ad9b449410a4d13bae5e9be0 (go1.21.8)", "https://github.com/golang/go/issues/65383", "https://go.dev/cl/569341", "https://go.dev/issue/65383", "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "https://linux.oracle.com/cve/CVE-2023-45290.html", "https://linux.oracle.com/errata/ELSA-2024-8038.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-45290", "https://pkg.go.dev/vuln/GO-2024-2599", "https://security.netapp.com/advisory/ntap-20240329-0004", "https://security.netapp.com/advisory/ntap-20240329-0004/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2023-45290" ], "PublishedDate": "2024-03-05T23:15:07.21Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-24783", "VendorIDs": [ "GO-2024-2598" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.21.8, 1.22.1", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24783", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b3101838f2bc40a624b23862b46b726e02c12a68e5c1af31222e76869f71fecf", "Title": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm", "Description": "Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 2, "amazon": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/08/4", "https://access.redhat.com/errata/RHSA-2024:6195", "https://access.redhat.com/security/cve/CVE-2024-24783", "https://bugzilla.redhat.com/2268019", "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", "https://errata.almalinux.org/9/ALSA-2024-6195.html", "https://errata.rockylinux.org/RLSA-2024:2724", "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp", "https://github.com/golang/go/commit/337b8e9cbfa749d9d5c899e0dc358e2208d5e54f (go1.22.1)", "https://github.com/golang/go/commit/be5b52bea674190ef7de272664be6c7ae93ec5a0 (go1.21.8)", "https://github.com/golang/go/issues/65390", "https://go.dev/cl/569339", "https://go.dev/issue/65390", "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "https://linux.oracle.com/cve/CVE-2024-24783.html", "https://linux.oracle.com/errata/ELSA-2024-6969.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-24783", "https://pkg.go.dev/vuln/GO-2024-2598", "https://security.netapp.com/advisory/ntap-20240329-0005", "https://security.netapp.com/advisory/ntap-20240329-0005/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-24783" ], "PublishedDate": "2024-03-05T23:15:07.683Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-24784", "VendorIDs": [ "GO-2024-2609" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.21.8, 1.22.1", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24784", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c2c15fde57f2dd529cad85660f5b192916f1340998779461ce41e33fea341987", "Title": "golang: net/mail: comments in display names are incorrectly handled", "Description": "The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 3, "amazon": 2, "bitnami": 3, "cbl-mariner": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/08/4", "https://access.redhat.com/errata/RHSA-2024:2562", "https://access.redhat.com/security/cve/CVE-2024-24784", "https://bugzilla.redhat.com/2262921", "https://bugzilla.redhat.com/2268017", "https://bugzilla.redhat.com/2268018", "https://bugzilla.redhat.com/2268019", "https://bugzilla.redhat.com/2268021", "https://bugzilla.redhat.com/2268022", "https://bugzilla.redhat.com/2268273", "https://bugzilla.redhat.com/show_bug.cgi?id=2262921", "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", "https://bugzilla.redhat.com/show_bug.cgi?id=2268021", "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1394", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24784", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24785", "https://errata.almalinux.org/9/ALSA-2024-2562.html", "https://errata.rockylinux.org/RLSA-2024:2562", "https://github.com/golang/go/commit/263c059b09fdd40d9dd945f2ecb20c89ea28efe5 (go1.21.8)", "https://github.com/golang/go/commit/5330cd225ba54c7dc78c1b46dcdf61a4671a632c (go1.22.1)", "https://github.com/golang/go/issues/65083", "https://go.dev/cl/555596", "https://go.dev/issue/65083", "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "https://linux.oracle.com/cve/CVE-2024-24784.html", "https://linux.oracle.com/errata/ELSA-2024-6969.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-24784", "https://pkg.go.dev/vuln/GO-2024-2609", "https://security.netapp.com/advisory/ntap-20240329-0007/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-24784" ], "PublishedDate": "2024-03-05T23:15:07.733Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-24785", "VendorIDs": [ "GO-2024-2610" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.21.8, 1.22.1", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24785", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:713e37b2951b5b8b8dc030ffed78b41649e8e2b7f2d015ef64db5d8e8b889591", "Title": "golang: html/template: errors returned from MarshalJSON methods may break template escaping", "Description": "If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "V3Score": 5.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/08/4", "https://access.redhat.com/errata/RHSA-2024:9135", "https://access.redhat.com/security/cve/CVE-2024-24785", "https://bugzilla.redhat.com/2268017", "https://bugzilla.redhat.com/2268022", "https://bugzilla.redhat.com/2279814", "https://bugzilla.redhat.com/2295310", "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24785", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", "https://errata.almalinux.org/9/ALSA-2024-9135.html", "https://errata.rockylinux.org/RLSA-2024:9135", "https://github.com/golang/go/commit/056b0edcb8c152152021eebf4cf42adbfbe77992 (go1.22.1)", "https://github.com/golang/go/commit/3643147a29352ca2894fd5d0d2069bc4b4335a7e (go1.21.8)", "https://github.com/golang/go/issues/65697", "https://go.dev/cl/564196", "https://go.dev/issue/65697", "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "https://linux.oracle.com/cve/CVE-2024-24785.html", "https://linux.oracle.com/errata/ELSA-2026-3428.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-24785", "https://pkg.go.dev/vuln/GO-2024-2610", "https://security.netapp.com/advisory/ntap-20240329-0008/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7061-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://vuln.go.dev/ID/GO-2024-2610.json", "https://www.cve.org/CVERecord?id=CVE-2024-24785" ], "PublishedDate": "2024-03-05T23:15:07.777Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-24789", "VendorIDs": [ "GO-2024-2888" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.21.11, 1.22.4", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24789", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:7729a47f99c6a6f90adfc0dc1792f13a03e22f8f54df9581ddb0e68d2a950ecd", "Title": "golang: archive/zip: Incorrect handling of certain ZIP files", "Description": "The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/06/04/1", "https://access.redhat.com/errata/RHSA-2024:9115", "https://access.redhat.com/security/cve/CVE-2024-24789", "https://bugzilla.redhat.com/2279814", "https://bugzilla.redhat.com/2292668", "https://bugzilla.redhat.com/2292787", "https://bugzilla.redhat.com/2294000", "https://bugzilla.redhat.com/2295310", "https://bugzilla.redhat.com/show_bug.cgi?id=2144983", "https://bugzilla.redhat.com/show_bug.cgi?id=2274767", "https://bugzilla.redhat.com/show_bug.cgi?id=2292668", "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4122", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24789", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3727", "https://errata.almalinux.org/9/ALSA-2024-9115.html", "https://errata.rockylinux.org/RLSA-2024:9102", "https://github.com/golang/go/commit/c8e40338cf00f3c1d86c8fb23863ad67a4c72bcc (1.21)", "https://github.com/golang/go/commit/cf501ac0c5fe351a8582d20b43562027927906e7 (1.22)", "https://github.com/golang/go/issues/66869", "https://go.dev/cl/585397", "https://go.dev/issue/66869", "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k", "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ", "https://linux.oracle.com/cve/CVE-2024-24789.html", "https://linux.oracle.com/errata/ELSA-2024-9115.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5YAEIA6IUHUNGJ7AIXXPQT6D2GYENX7/", "https://nvd.nist.gov/vuln/detail/CVE-2024-24789", "https://pkg.go.dev/vuln/GO-2024-2888", "https://security.netapp.com/advisory/ntap-20250131-0008/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-24789" ], "PublishedDate": "2024-06-05T16:15:10.47Z", "LastModifiedDate": "2025-01-31T15:15:12.74Z" }, { "VulnerabilityID": "CVE-2024-24791", "VendorIDs": [ "GO-2024-2963" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.21.12, 1.22.5", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24791", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:1340cf8d1aacfff2212daaef053cfd71ce02c142ceaff31fbf1013b17f95cef9", "Title": "net/http: Denial of service due to improper 100-continue handling in net/http", "Description": "The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an \"Expect: 100-continue\" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending \"Expect: 100-continue\" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "bitnami": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:7256", "https://access.redhat.com/security/cve/CVE-2024-24791", "https://bugzilla.redhat.com/2237777", "https://bugzilla.redhat.com/2237778", "https://bugzilla.redhat.com/2279814", "https://bugzilla.redhat.com/2292787", "https://bugzilla.redhat.com/2295310", "https://bugzilla.redhat.com/2315719", "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", "https://bugzilla.redhat.com/show_bug.cgi?id=2292787", "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", "https://bugzilla.redhat.com/show_bug.cgi?id=2315719", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9355", "https://errata.almalinux.org/9/ALSA-2025-7256.html", "https://errata.rockylinux.org/RLSA-2025:7256", "https://go.dev/cl/591255", "https://go.dev/issue/67555", "https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ", "https://linux.oracle.com/cve/CVE-2024-24791.html", "https://linux.oracle.com/errata/ELSA-2025-7256.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-24791", "https://pkg.go.dev/vuln/GO-2024-2963", "https://security.netapp.com/advisory/ntap-20241004-0004/", "https://ubuntu.com/security/notices/USN-7081-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-24791" ], "PublishedDate": "2024-07-02T22:15:04.833Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-34155", "VendorIDs": [ "GO-2024-3105" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.22.7, 1.23.1", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34155", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:05ef7c7347c7db2b9bb17045b7d28fca7be773add5ca8abb3a16a5a51a42445f", "Title": "go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion", "Description": "Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 4.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:9459", "https://access.redhat.com/security/cve/CVE-2024-34155", "https://bugzilla.redhat.com/2310527", "https://bugzilla.redhat.com/2310528", "https://bugzilla.redhat.com/2310529", "https://bugzilla.redhat.com/2315691", "https://bugzilla.redhat.com/2315887", "https://bugzilla.redhat.com/2317458", "https://bugzilla.redhat.com/2317467", "https://bugzilla.redhat.com/show_bug.cgi?id=2310527", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2310529", "https://bugzilla.redhat.com/show_bug.cgi?id=2315691", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341", "https://errata.almalinux.org/9/ALSA-2024-9459.html", "https://errata.rockylinux.org/RLSA-2024:8039", "https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1)", "https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7)", "https://go.dev/cl/611238", "https://go.dev/issue/69138", "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "https://linux.oracle.com/cve/CVE-2024-34155.html", "https://linux.oracle.com/errata/ELSA-2024-9459.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-34155", "https://pkg.go.dev/vuln/GO-2024-3105", "https://security.netapp.com/advisory/ntap-20240926-0005/", "https://ubuntu.com/security/notices/USN-7081-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-34155" ], "PublishedDate": "2024-09-06T21:15:11.947Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-34158", "VendorIDs": [ "GO-2024-3107" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.22.7, 1.23.1", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34158", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:a68dda0de4ec86c4e8a264b8f27e15b8177d1222063c907636ba820ae641a948", "Title": "go/build/constraint: golang: Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion", "Description": "Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.", "Severity": "MEDIUM", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:7118", "https://access.redhat.com/security/cve/CVE-2024-34158", "https://bugzilla.redhat.com/2262921", "https://bugzilla.redhat.com/2310529", "https://bugzilla.redhat.com/2315719", "https://bugzilla.redhat.com/show_bug.cgi?id=2310527", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2310529", "https://bugzilla.redhat.com/show_bug.cgi?id=2315691", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341", "https://errata.almalinux.org/9/ALSA-2025-7118.html", "https://errata.rockylinux.org/RLSA-2024:8039", "https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1)", "https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7)", "https://go.dev/cl/611240", "https://go.dev/issue/69141", "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "https://linux.oracle.com/cve/CVE-2024-34158.html", "https://linux.oracle.com/errata/ELSA-2025-7118.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-34158", "https://pkg.go.dev/vuln/GO-2024-3107", "https://security.netapp.com/advisory/ntap-20241004-0003/", "https://ubuntu.com/security/notices/USN-7081-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-34158" ], "PublishedDate": "2024-09-06T21:15:12.083Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-45336", "VendorIDs": [ "GO-2025-3420" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.22.11, 1.23.5, 1.24.0-rc.2", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-45336", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:65325ca53709d2a4a1ee76f49c59aac20bd16e88d47ea0582dbf823a7873405e", "Title": "golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect", "Description": "The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "bitnami": 2, "cbl-mariner": 3, "oracle-oval": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:3772", "https://access.redhat.com/security/cve/CVE-2024-45336", "https://bugzilla.redhat.com/2341750", "https://bugzilla.redhat.com/2341751", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", "https://errata.almalinux.org/8/ALSA-2025-3772.html", "https://errata.rockylinux.org/RLSA-2025:3773", "https://github.com/golang/go/issues/70530", "https://go.dev/cl/643100", "https://go.dev/issue/70530", "https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI", "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ", "https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ", "https://linux.oracle.com/cve/CVE-2024-45336.html", "https://linux.oracle.com/errata/ELSA-2025-7592.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-45336", "https://pkg.go.dev/vuln/GO-2025-3420", "https://security.netapp.com/advisory/ntap-20250221-0003/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2024-45336" ], "PublishedDate": "2025-01-28T02:15:28.807Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-0913", "VendorIDs": [ "GO-2025-3750" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.23.10, 1.24.4", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b87af4df90f90c65e5fef0db8cda1c3702200724ff28c7cfbaca2c7786060295", "Title": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", "Description": "os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 } }, "References": [ "https://go.dev/cl/672396", "https://go.dev/issue/73702", "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "https://nvd.nist.gov/vuln/detail/CVE-2025-0913", "https://pkg.go.dev/vuln/GO-2025-3750" ], "PublishedDate": "2025-06-11T18:15:24.627Z", "LastModifiedDate": "2025-08-08T14:53:03.55Z" }, { "VulnerabilityID": "CVE-2025-22866", "VendorIDs": [ "GO-2025-3447" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.22.12, 1.23.6, 1.24.0-rc.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22866", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:258bf93f0929c32ac94547437025a98a62834eef3fe548a5edce473cf3c19412", "Title": "crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec", "Description": "Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.", "Severity": "MEDIUM", "VendorSeverity": { "bitnami": 2, "oracle-oval": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22866", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", "https://errata.rockylinux.org/RLSA-2025:3773", "https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12)", "https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6)", "https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3)", "https://github.com/golang/go/issues/71383", "https://go.dev/cl/643735", "https://go.dev/issue/71383", "https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k", "https://linux.oracle.com/cve/CVE-2025-22866.html", "https://linux.oracle.com/errata/ELSA-2025-7466.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-22866", "https://pkg.go.dev/vuln/GO-2025-3447", "https://security.netapp.com/advisory/ntap-20250221-0002/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-22866" ], "PublishedDate": "2025-02-06T17:15:21.41Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-22870", "VendorIDs": [ "GHSA-qxp5-gwg8-xv66", "GO-2025-3503" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.23.7, 1.24.1", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:5b5550d8d9f10001a2808329e62d447e0d9e03f826fff76af2ffb15af4240ef0", "Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", "Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.", "Severity": "MEDIUM", "CweIDs": [ "CWE-115" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/03/07/2", "https://access.redhat.com/security/cve/CVE-2025-22870", "https://github.com/golang/go/issues/71984", "https://go-review.googlesource.com/q/project:net", "https://go.dev/cl/654697", "https://go.dev/issue/71984", "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", "https://nvd.nist.gov/vuln/detail/CVE-2025-22870", "https://pkg.go.dev/vuln/GO-2025-3503", "https://security.netapp.com/advisory/ntap-20250509-0007", "https://security.netapp.com/advisory/ntap-20250509-0007/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-22870" ], "PublishedDate": "2025-03-12T19:15:38.31Z", "LastModifiedDate": "2026-04-16T23:16:32.86Z" }, { "VulnerabilityID": "CVE-2025-22871", "VendorIDs": [ "GO-2025-3563" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.23.8, 1.24.2", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22871", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:6858011badccfe4078bac8e2f4aab450902640e84e399945c6b16fee1805bfd0", "Title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http", "Description": "The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 4, "cbl-mariner": 3, "ghsa": 4, "oracle-oval": 2, "photon": 4, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/04/4", "https://access.redhat.com/errata/RHSA-2025:9635", "https://access.redhat.com/security/cve/CVE-2025-22871", "https://bugzilla.redhat.com/2358493", "https://bugzilla.redhat.com/show_bug.cgi?id=2358493", "https://cert-portal.siemens.com/productcert/html/ssa-783943.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871", "https://errata.almalinux.org/9/ALSA-2025-9635.html", "https://errata.rockylinux.org/RLSA-2025:9635", "https://github.com/roadrunner-server/roadrunner", "https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa", "https://github.com/roadrunner-server/roadrunner/issues/2166", "https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0", "https://go.dev/cl/652998", "https://go.dev/issue/71988", "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk", "https://linux.oracle.com/cve/CVE-2025-22871.html", "https://linux.oracle.com/errata/ELSA-2025-9845.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-22871", "https://pkg.go.dev/vuln/GO-2025-3563", "https://www.cve.org/CVERecord?id=CVE-2025-22871" ], "PublishedDate": "2025-04-08T20:15:20.183Z", "LastModifiedDate": "2026-05-12T13:16:39.897Z" }, { "VulnerabilityID": "CVE-2025-22873", "VendorIDs": [ "GO-2026-4403" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.23.9, 1.24.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22873", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c1293b90729ecaf702a01a0f37bb2c813b5c5b7aefc49def44efa8af582eb910", "Title": "os: os: Information disclosure via path traversal using specially crafted filenames", "Description": "It was possible to improperly access the parent directory of an os.Root by opening a filename ending in \"../\". For example, Root.Open(\"../\") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.", "Severity": "MEDIUM", "CweIDs": [ "CWE-23" ], "VendorSeverity": { "amazon": 2, "bitnami": 1, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "V3Score": 3.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/05/06/2", "https://access.redhat.com/security/cve/CVE-2025-22873", "https://go.dev/cl/670036", "https://go.dev/issue/73555", "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ", "https://nvd.nist.gov/vuln/detail/CVE-2025-22873", "https://pkg.go.dev/vuln/GO-2026-4403", "https://www.cve.org/CVERecord?id=CVE-2025-22873" ], "PublishedDate": "2026-02-04T23:15:54.22Z", "LastModifiedDate": "2026-02-10T15:16:40.057Z" }, { "VulnerabilityID": "CVE-2025-4673", "VendorIDs": [ "GO-2025-3751" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.23.10, 1.24.4", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:04950be515e97208f8858f80763c111618cbb49f93c738babcb40c569677ba38", "Title": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", "Description": "Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "V3Score": 6.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "V3Score": 6.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:15887", "https://access.redhat.com/security/cve/CVE-2025-4673", "https://bugzilla.redhat.com/2373305", "https://bugzilla.redhat.com/show_bug.cgi?id=2373305", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673", "https://errata.almalinux.org/9/ALSA-2025-15887.html", "https://errata.rockylinux.org/RLSA-2025:15887", "https://go.dev/cl/679257", "https://go.dev/issue/73816", "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "https://linux.oracle.com/cve/CVE-2025-4673.html", "https://linux.oracle.com/errata/ELSA-2025-10677.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-4673", "https://pkg.go.dev/vuln/GO-2025-3751", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-4673" ], "PublishedDate": "2025-06-11T17:15:42.993Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-47906", "VendorIDs": [ "GO-2025-3956" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.23.12, 1.24.6", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c91525bcd5643394fe3e9779e299a8eab3559de97044221894f2ecbb6c5c83fe", "Title": "os/exec: Unexpected paths returned from LookPath in os/exec", "Description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/08/06/1", "https://access.redhat.com/errata/RHSA-2025:22005", "https://access.redhat.com/security/cve/CVE-2025-47906", "https://bugzilla.redhat.com/2396546", "https://bugzilla.redhat.com/show_bug.cgi?id=2396546", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906", "https://errata.almalinux.org/9/ALSA-2025-22005.html", "https://errata.rockylinux.org/RLSA-2025:22005", "https://go.dev/cl/691775", "https://go.dev/issue/74466", "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", "https://linux.oracle.com/cve/CVE-2025-47906.html", "https://linux.oracle.com/errata/ELSA-2025-22668.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-47906", "https://pkg.go.dev/vuln/GO-2025-3956", "https://www.cve.org/CVERecord?id=CVE-2025-47906" ], "PublishedDate": "2025-09-18T19:15:37.66Z", "LastModifiedDate": "2026-01-27T19:56:17.707Z" }, { "VulnerabilityID": "CVE-2025-47907", "VendorIDs": [ "GO-2025-3849" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.23.12, 1.24.6", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:44a134cdbbf06250470ed0522690f43de09fa40d68a03e0fd92b0a85cdc6f100", "Title": "database/sql: Postgres Scan Race Condition", "Description": "Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "V3Score": 7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/08/06/1", "https://access.redhat.com/errata/RHSA-2025:20909", "https://access.redhat.com/security/cve/CVE-2025-47907", "https://bugzilla.redhat.com/2387083", "https://bugzilla.redhat.com/2393152", "https://errata.almalinux.org/9/ALSA-2025-20909.html", "https://go.dev/cl/693735", "https://go.dev/issue/74831", "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", "https://linux.oracle.com/cve/CVE-2025-47907.html", "https://linux.oracle.com/errata/ELSA-2025-20983.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-47907", "https://pkg.go.dev/vuln/GO-2025-3849", "https://www.cve.org/CVERecord?id=CVE-2025-47907" ], "PublishedDate": "2025-08-07T16:15:30.357Z", "LastModifiedDate": "2026-01-29T19:11:50.67Z" }, { "VulnerabilityID": "CVE-2025-47912", "VendorIDs": [ "GO-2025-4010" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47912", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:68b5939d4cdb1194b5b55b14ce2246f3637a3e6e30d7671c17d1a01fa4130bd0", "Title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url", "Description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-47912", "https://go.dev/cl/709857", "https://go.dev/issue/75678", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-47912", "https://pkg.go.dev/vuln/GO-2025-4010", "https://www.cve.org/CVERecord?id=CVE-2025-47912" ], "PublishedDate": "2025-10-29T23:16:18.187Z", "LastModifiedDate": "2026-01-29T13:57:18.69Z" }, { "VulnerabilityID": "CVE-2025-58183", "VendorIDs": [ "GO-2025-4014" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58183", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:ce6d0bc7680092205141ce6ee1116888e2e043a31dff7a9c00f43f97981e6e69", "Title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map", "Description": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/errata/RHSA-2026:1381", "https://access.redhat.com/security/cve/CVE-2025-58183", "https://bugzilla.redhat.com/2407258", "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", "https://errata.almalinux.org/9/ALSA-2026-1381.html", "https://errata.rockylinux.org/RLSA-2025:23326", "https://go.dev/cl/709861", "https://go.dev/issue/75677", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://linux.oracle.com/cve/CVE-2025-58183.html", "https://linux.oracle.com/errata/ELSA-2026-50076.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-58183", "https://pkg.go.dev/vuln/GO-2025-4014", "https://www.cve.org/CVERecord?id=CVE-2025-58183" ], "PublishedDate": "2025-10-29T23:16:19.357Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-58185", "VendorIDs": [ "GO-2025-4011" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58185", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f5cf5f81e613eb1dfa52b88d392d64c2075fe7e4320a31d8b5a2b12220065829", "Title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1", "Description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58185", "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd", "https://go.dev/cl/709856", "https://go.dev/issue/75671", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58185", "https://pkg.go.dev/vuln/GO-2025-4011", "https://www.cve.org/CVERecord?id=CVE-2025-58185" ], "PublishedDate": "2025-10-29T23:16:19.45Z", "LastModifiedDate": "2026-02-06T20:26:41.997Z" }, { "VulnerabilityID": "CVE-2025-58187", "VendorIDs": [ "GO-2025-4007" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.24.9, 1.25.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58187", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:bbcba2352edd6d942d7123f021a28cf563577da314fdde33990ff2bf8fed8fb1", "Title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509", "Description": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.", "Severity": "MEDIUM", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58187", "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4", "https://go.dev/cl/709854", "https://go.dev/issue/75681", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58187", "https://pkg.go.dev/vuln/GO-2025-4007", "https://www.cve.org/CVERecord?id=CVE-2025-58187" ], "PublishedDate": "2025-10-29T23:16:19.643Z", "LastModifiedDate": "2026-01-29T16:02:27.08Z" }, { "VulnerabilityID": "CVE-2025-58188", "VendorIDs": [ "GO-2025-4013" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58188", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:bee973e1ccbf3bd422399a7a5656b226f862ca1b0d1c099df7a02906ed337de4", "Title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509", "Description": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58188", "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9", "https://go.dev/cl/709853", "https://go.dev/issue/75675", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58188", "https://pkg.go.dev/vuln/GO-2025-4013", "https://www.cve.org/CVERecord?id=CVE-2025-58188" ], "PublishedDate": "2025-10-29T23:16:19.74Z", "LastModifiedDate": "2026-01-29T15:55:11.97Z" }, { "VulnerabilityID": "CVE-2025-58189", "VendorIDs": [ "GO-2025-4008" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58189", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:00da960d62aabcc580c3480402caedc2ba66ad9b7af790d53ac2fdc1592d8c62", "Title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information", "Description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", "Severity": "MEDIUM", "CweIDs": [ "CWE-532" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58189", "https://go.dev/cl/707776", "https://go.dev/issue/75652", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58189", "https://pkg.go.dev/vuln/GO-2025-4008", "https://www.cve.org/CVERecord?id=CVE-2025-58189" ], "PublishedDate": "2025-10-29T23:16:19.833Z", "LastModifiedDate": "2026-01-29T15:49:24.543Z" }, { "VulnerabilityID": "CVE-2025-61723", "VendorIDs": [ "GO-2025-4009" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61723", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:1738df9520b519789d56e37ec8f7635857bbe98fe65e909d720daad3009cbeae", "Title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem", "Description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61723", "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b", "https://go.dev/cl/709858", "https://go.dev/issue/75676", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61723", "https://pkg.go.dev/vuln/GO-2025-4009", "https://www.cve.org/CVERecord?id=CVE-2025-61723" ], "PublishedDate": "2025-10-29T23:16:19.927Z", "LastModifiedDate": "2026-01-29T15:49:05.343Z" }, { "VulnerabilityID": "CVE-2025-61724", "VendorIDs": [ "GO-2025-4015" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61724", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f39764349d5d15a275aa1f5e729f0ef85e32e2c9013520238139a2a0fa336c57", "Title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto", "Description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61724", "https://go.dev/cl/709859", "https://go.dev/issue/75716", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61724", "https://pkg.go.dev/vuln/GO-2025-4015", "https://www.cve.org/CVERecord?id=CVE-2025-61724" ], "PublishedDate": "2025-10-29T23:16:20.02Z", "LastModifiedDate": "2026-01-29T15:30:53.69Z" }, { "VulnerabilityID": "CVE-2025-61725", "VendorIDs": [ "GO-2025-4006" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61725", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:86dba3886dda4f257f8ed37e9135a833eb6558d43cdf03a5e881b1789c1c9747", "Title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail", "Description": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61725", "https://go.dev/cl/709860", "https://go.dev/issue/75680", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61725", "https://pkg.go.dev/vuln/GO-2025-4006", "https://www.cve.org/CVERecord?id=CVE-2025-61725" ], "PublishedDate": "2025-10-29T23:16:20.113Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-61727", "VendorIDs": [ "GO-2025-4175" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.24.11, 1.25.5", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61727", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3f84dfe8a7541f46eaf48731e2f88c425d948ef5f68da5c8e0a0d497b344e92d", "Title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs", "Description": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-61727", "https://go.dev/cl/723900", "https://go.dev/issue/76442", "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "https://nvd.nist.gov/vuln/detail/CVE-2025-61727", "https://pkg.go.dev/vuln/GO-2025-4175", "https://www.cve.org/CVERecord?id=CVE-2025-61727" ], "PublishedDate": "2025-12-03T20:16:25.607Z", "LastModifiedDate": "2025-12-18T20:15:10.957Z" }, { "VulnerabilityID": "CVE-2025-61728", "VendorIDs": [ "GO-2026-4342" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61728", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:053d2524af94a204c04caf2398b8847cd157f8763afab7c117823d56427ecb48", "Title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip", "Description": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/15/4", "https://access.redhat.com/errata/RHSA-2026:3753", "https://access.redhat.com/security/cve/CVE-2025-61728", "https://bugzilla.redhat.com/2418462", "https://bugzilla.redhat.com/2434431", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", "https://bugzilla.redhat.com/show_bug.cgi?id=2434431", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-3753.html", "https://errata.rockylinux.org/RLSA-2026:3337", "https://go.dev/cl/736713", "https://go.dev/issue/77102", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-61728.html", "https://linux.oracle.com/errata/ELSA-2026-4672.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61728", "https://pkg.go.dev/vuln/GO-2026-4342", "https://www.cve.org/CVERecord?id=CVE-2025-61728" ], "PublishedDate": "2026-01-28T20:16:09.83Z", "LastModifiedDate": "2026-02-06T18:45:10.42Z" }, { "VulnerabilityID": "CVE-2025-61730", "VendorIDs": [ "GO-2026-4340" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61730", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b9ee830a115cc19c2ceac762bb6084d4a2d6ab4c2ffd22557059df5d480f513d", "Title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls", "Description": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 2, "azure": 1, "bitnami": 2, "cbl-mariner": 1, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-61730", "https://go.dev/cl/724120", "https://go.dev/issue/76443", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://nvd.nist.gov/vuln/detail/CVE-2025-61730", "https://pkg.go.dev/vuln/GO-2026-4340", "https://www.cve.org/CVERecord?id=CVE-2025-61730" ], "PublishedDate": "2026-01-28T20:16:09.94Z", "LastModifiedDate": "2026-02-03T20:36:41.3Z" }, { "VulnerabilityID": "CVE-2026-27142", "VendorIDs": [ "GO-2026-4603" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.25.8, 1.26.1", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27142", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:6fddd0ccb942b6635289b13a2e5fc7f8cfcf7e88556a0f1af7d7ddc4415ddf11", "Title": "html/template: URLs in meta content attribute actions are not escaped in html/template", "Description": "Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27142", "https://go.dev/cl/752081", "https://go.dev/issue/77954", "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "https://nvd.nist.gov/vuln/detail/CVE-2026-27142", "https://pkg.go.dev/vuln/GO-2026-4603", "https://www.cve.org/CVERecord?id=CVE-2026-27142" ], "PublishedDate": "2026-03-06T22:16:01.177Z", "LastModifiedDate": "2026-04-21T14:30:01.38Z" }, { "VulnerabilityID": "CVE-2026-32282", "VendorIDs": [ "GO-2026-4864" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:cb3c313b174dc07bc2ec3e3f0a2ede18eb93cd9b5f8aa7dbe34cd4ab666d6590", "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32282", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763761", "https://go.dev/issue/78293", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32282.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", "https://pkg.go.dev/vuln/GO-2026-4864", "https://www.cve.org/CVERecord?id=CVE-2026-32282" ], "PublishedDate": "2026-04-08T02:16:03.467Z", "LastModifiedDate": "2026-04-16T19:15:39.4Z" }, { "VulnerabilityID": "CVE-2026-32288", "VendorIDs": [ "GO-2026-4869" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:bff6319f0195a747007b15235b0cee1c5bf25826ce03a4e6068cc3047061132c", "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "azure": 2, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32288", "https://go.dev/cl/763766", "https://go.dev/issue/78301", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", "https://pkg.go.dev/vuln/GO-2026-4869", "https://www.cve.org/CVERecord?id=CVE-2026-32288" ], "PublishedDate": "2026-04-08T02:16:03.707Z", "LastModifiedDate": "2026-04-16T19:08:52.24Z" }, { "VulnerabilityID": "CVE-2026-32289", "VendorIDs": [ "GO-2026-4865" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:afb3468447b09de481871673ffefd4a4431c7d946a92f25b4e9a88d083b202da", "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32289", "https://go.dev/cl/763762", "https://go.dev/issue/78331", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", "https://pkg.go.dev/vuln/GO-2026-4865", "https://www.cve.org/CVERecord?id=CVE-2026-32289" ], "PublishedDate": "2026-04-08T02:16:03.82Z", "LastModifiedDate": "2026-04-16T19:06:57.367Z" }, { "VulnerabilityID": "CVE-2026-39823", "VendorIDs": [ "GO-2026-4982" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:d20f93a1f12bde8dfe7a1cd125bc7a1e1f8fb9eafdfc7f9d06890f248b62c077", "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/769920", "https://go.dev/issue/78913", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", "https://pkg.go.dev/vuln/GO-2026-4982" ], "PublishedDate": "2026-05-07T20:16:43.29Z", "LastModifiedDate": "2026-05-13T16:58:45.697Z" }, { "VulnerabilityID": "CVE-2026-39825", "VendorIDs": [ "GO-2026-4976" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f1b23859f09ef74a55dc825f4478cd99ec293ed3ec6b5b5eeff4e28117c764ce", "Title": "ReverseProxy can forward queries containing parameters not visible to ...", "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", "Severity": "MEDIUM", "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://go.dev/cl/770541", "https://go.dev/issue/78948", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", "https://pkg.go.dev/vuln/GO-2026-4976" ], "PublishedDate": "2026-05-07T20:16:43.39Z", "LastModifiedDate": "2026-05-13T16:58:56.39Z" }, { "VulnerabilityID": "CVE-2026-39826", "VendorIDs": [ "GO-2026-4980" ], "PkgID": "stdlib@v1.16.7", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.16.7", "UID": "842f8cb891eb0d61" }, "InstalledVersion": "v1.16.7", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:16685f710f5dded64d14b2537a025d665da5e257c4be3d921737f5f246b0fb9a", "DiffID": "sha256:37bfcf898d29568e1c80fb5c8d968e360f8bb544f4f0147e7b7b6daa6e6a9227" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:4b024e76e5bc69b3939f6dc0c27ab2674dc1bb108622cf26c56a09489de644c2", "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", "Severity": "MEDIUM", "CweIDs": [ "CWE-116" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/771180", "https://go.dev/issue/78981", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", "https://pkg.go.dev/vuln/GO-2026-4980" ], "PublishedDate": "2026-05-07T20:16:43.49Z", "LastModifiedDate": "2026-05-13T16:59:07.48Z" } ] } ] }, { "Namespace": "m3uproxy", "Kind": "CronJob", "Name": "geoip-update", "Metadata": [ { "Size": 18586624, "OS": { "Family": "alpine", "Name": "3.22.0" }, "ImageID": "sha256:9c9bbdc7527b0ded5cb99953f638220a88bbab20bcb7a0aab765e669e0ea439e", "DiffIDs": [ "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4", "sha256:c5660a38cc9818e577cfb7157f48548aec9563399b78cae92d75cfca3786f1b7", "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51", "sha256:503d147e482637d20b5f6c82e9dca4d56ce203ef7bf33594bda2564859d02255", "sha256:9c323009d257d2df356a4f7991e6a65999d484e2b30e537b1c884da939d17017", "sha256:0cc55a3417a6931dde3668c57d0f3a5b728d280f7d4be4769c85e12e6889d3ef" ], "RepoTags": [ "maxmindinc/geoipupdate:latest" ], "RepoDigests": [ "maxmindinc/geoipupdate@sha256:faecdca22579730ab0b7dea5aa9af350bb3c93cb9d39845c173639ead30346d2" ], "Reference": "maxmindinc/geoipupdate:latest", "ImageConfig": { "architecture": "amd64", "created": "2025-07-09T20:56:27.445175667Z", "history": [ { "created": "2025-05-30T16:20:41Z", "created_by": "ADD alpine-minirootfs-3.22.0-x86_64.tar.gz / # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-05-30T16:20:41Z", "created_by": "CMD [\"/bin/sh\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-07-09T20:47:09.854741761Z", "created_by": "RUN /bin/sh -c apk update \u0026\u0026 apk add jq # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-07-09T20:56:27.318595732Z", "created_by": "COPY geoipupdate /usr/bin/geoipupdate # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-07-09T20:56:27.358576842Z", "created_by": "COPY docker/entry.sh /usr/bin/entry.sh # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-07-09T20:56:27.399214452Z", "created_by": "COPY docker/healthcheck.sh /usr/bin/healthcheck.sh # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-07-09T20:56:27.445175667Z", "created_by": "ENTRYPOINT [\"/usr/bin/entry.sh\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-07-09T20:56:27.445175667Z", "created_by": "HEALTHCHECK \u0026{[\"CMD\" \"/usr/bin/healthcheck.sh\"] \"10s\" \"10s\" \"0s\" \"0s\" '\\x00'}", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-07-09T20:56:27.445175667Z", "created_by": "VOLUME [/usr/share/GeoIP]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-07-09T20:56:27.445175667Z", "created_by": "WORKDIR /var/lib/geoipupdate", "comment": "buildkit.dockerfile.v0" } ], "os": "linux", "rootfs": { "type": "layers", "diff_ids": [ "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4", "sha256:c5660a38cc9818e577cfb7157f48548aec9563399b78cae92d75cfca3786f1b7", "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51", "sha256:503d147e482637d20b5f6c82e9dca4d56ce203ef7bf33594bda2564859d02255", "sha256:9c323009d257d2df356a4f7991e6a65999d484e2b30e537b1c884da939d17017", "sha256:0cc55a3417a6931dde3668c57d0f3a5b728d280f7d4be4769c85e12e6889d3ef" ] }, "config": { "Healthcheck": { "Test": [ "CMD", "/usr/bin/healthcheck.sh" ], "Interval": 10000000000, "Timeout": 10000000000 }, "Entrypoint": [ "/usr/bin/entry.sh" ], "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ], "Volumes": { "/usr/share/GeoIP": {} }, "WorkingDir": "/var/lib/geoipupdate" } }, "Layers": [ { "Size": 8593920, "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, { "Size": 3548672, "Digest": "sha256:3a3d1989b42039025876d69ab36ecac567ed65b78b711ced035d06a7e01711d5", "DiffID": "sha256:c5660a38cc9818e577cfb7157f48548aec9563399b78cae92d75cfca3786f1b7" }, { "Size": 6433792, "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" }, { "Size": 4096, "Digest": "sha256:b59fdcd4cae99a4190a87d3f08190b1aff3c94768d7ef4975750789934d7a3f4", "DiffID": "sha256:503d147e482637d20b5f6c82e9dca4d56ce203ef7bf33594bda2564859d02255" }, { "Size": 3584, "Digest": "sha256:f58d0f0a3a4ea79f9f8f550e9a39d6d7e00e424d9e625aac1dc9ec8c06b9a71f", "DiffID": "sha256:9c323009d257d2df356a4f7991e6a65999d484e2b30e537b1c884da939d17017" }, { "Size": 2560, "Digest": "sha256:7d09e20a91f5010530d801c18812ed4fdb08c83727f01516a7731a668e4b5bda", "DiffID": "sha256:0cc55a3417a6931dde3668c57d0f3a5b728d280f7d4be4769c85e12e6889d3ef" } ] } ], "Results": [ { "Target": "maxmindinc/geoipupdate:latest (alpine 3.22.0)", "Class": "os-pkgs", "Type": "alpine", "Packages": [ { "ID": "alpine-baselayout@3.7.0-r0", "Name": "alpine-baselayout", "Identifier": { "PURL": "pkg:apk/alpine/alpine-baselayout@3.7.0-r0?arch=x86_64\u0026distro=3.22.0", "UID": "e1b004c7909e5e42" }, "Version": "3.7.0-r0", "Arch": "x86_64", "SrcName": "alpine-baselayout", "SrcVersion": "3.7.0-r0", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "alpine-baselayout-data@3.7.0-r0", "busybox-binsh@1.37.0-r18" ], "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "Digest": "sha1:29f99748eea1ffe01f70b34024dc45c46d211f8d", "InstalledFiles": [ "etc/motd", "etc/crontabs/root", "etc/modprobe.d/aliases.conf", "etc/modprobe.d/blacklist.conf", "etc/modprobe.d/i386.conf", "etc/profile.d/20locale.sh", "etc/profile.d/README", "etc/profile.d/color_prompt.sh.disabled", "usr/lib/sysctl.d/00-alpine.conf", "var/lock", "var/run", "var/spool/mail", "var/spool/cron/crontabs" ], "AnalyzedBy": "apk" }, { "ID": "alpine-baselayout-data@3.7.0-r0", "Name": "alpine-baselayout-data", "Identifier": { "PURL": "pkg:apk/alpine/alpine-baselayout-data@3.7.0-r0?arch=x86_64\u0026distro=3.22.0", "UID": "ab78613e89e34197" }, "Version": "3.7.0-r0", "Arch": "x86_64", "SrcName": "alpine-baselayout", "SrcVersion": "3.7.0-r0", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "Digest": "sha1:73f5ef65f8333a1784102df973c076d5a7d5b5fe", "InstalledFiles": [ "etc/fstab", "etc/group", "etc/hostname", "etc/hosts", "etc/inittab", "etc/modules", "etc/mtab", "etc/nsswitch.conf", "etc/passwd", "etc/profile", "etc/protocols", "etc/services", "etc/shadow", "etc/shells", "etc/sysctl.conf" ], "AnalyzedBy": "apk" }, { "ID": "alpine-keys@2.5-r0", "Name": "alpine-keys", "Identifier": { "PURL": "pkg:apk/alpine/alpine-keys@2.5-r0?arch=x86_64\u0026distro=3.22.0", "UID": "82fba6933d3c7e01" }, "Version": "2.5-r0", "Arch": "x86_64", "SrcName": "alpine-keys", "SrcVersion": "2.5-r0", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "Digest": "sha1:b175e48144ebad03d6ba11d45b25aafc2de310c1", "InstalledFiles": [ "etc/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-66ba20fe.rsa.pub", "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", "usr/share/apk/keys/loongarch64/alpine-devel@lists.alpinelinux.org-66ba20fe.rsa.pub", "usr/share/apk/keys/mips64/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub" ], "AnalyzedBy": "apk" }, { "ID": "alpine-release@3.22.0-r0", "Name": "alpine-release", "Identifier": { "PURL": "pkg:apk/alpine/alpine-release@3.22.0-r0?arch=x86_64\u0026distro=3.22.0", "UID": "e327396de1f915d" }, "Version": "3.22.0-r0", "Arch": "x86_64", "SrcName": "alpine-base", "SrcVersion": "3.22.0-r0", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "alpine-keys@2.5-r0" ], "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "Digest": "sha1:cf85a5b0d8654cc10db1058c8c13f521729d5dfd", "InstalledFiles": [ "etc/alpine-release", "etc/issue", "etc/os-release", "etc/secfixes.d/alpine", "usr/lib/os-release" ], "AnalyzedBy": "apk" }, { "ID": "apk-tools@2.14.9-r2", "Name": "apk-tools", "Identifier": { "PURL": "pkg:apk/alpine/apk-tools@2.14.9-r2?arch=x86_64\u0026distro=3.22.0", "UID": "36b8bfe2ff266466" }, "Version": "2.14.9-r2", "Arch": "x86_64", "SrcName": "apk-tools", "SrcVersion": "2.14.9-r2", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "ca-certificates-bundle@20241121-r2", "libapk2@2.14.9-r2", "libcrypto3@3.5.0-r0", "musl@1.2.5-r10", "zlib@1.3.1-r2" ], "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "Digest": "sha1:2a8910d00ac31df2e1ccd94127488ea3a06e2d48", "InstalledFiles": [ "sbin/apk" ], "AnalyzedBy": "apk" }, { "ID": "busybox@1.37.0-r18", "Name": "busybox", "Identifier": { "PURL": "pkg:apk/alpine/busybox@1.37.0-r18?arch=x86_64\u0026distro=3.22.0", "UID": "3da78128164dbbc4" }, "Version": "1.37.0-r18", "Arch": "x86_64", "SrcName": "busybox", "SrcVersion": "1.37.0-r18", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "Digest": "sha1:21558d4968f31dcc377c0f27dae9bb0f32bb25d2", "InstalledFiles": [ "bin/busybox", "etc/securetty", "etc/busybox-paths.d/busybox", "etc/logrotate.d/acpid", "etc/network/if-up.d/dad", "etc/udhcpc/udhcpc.conf", "usr/share/udhcpc/default.script" ], "AnalyzedBy": "apk" }, { "ID": "busybox-binsh@1.37.0-r18", "Name": "busybox-binsh", "Identifier": { "PURL": "pkg:apk/alpine/busybox-binsh@1.37.0-r18?arch=x86_64\u0026distro=3.22.0", "UID": "c66405e3f8ffde54" }, "Version": "1.37.0-r18", "Arch": "x86_64", "SrcName": "busybox", "SrcVersion": "1.37.0-r18", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", "DependsOn": [ "busybox@1.37.0-r18" ], "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "Digest": "sha1:4bcdab5f9122afb4de71bfe8b1125c0c02796793", "InstalledFiles": [ "bin/sh" ], "AnalyzedBy": "apk" }, { "ID": "ca-certificates-bundle@20241121-r2", "Name": "ca-certificates-bundle", "Identifier": { "PURL": "pkg:apk/alpine/ca-certificates-bundle@20241121-r2?arch=x86_64\u0026distro=3.22.0", "UID": "7f70be79a84f59a3" }, "Version": "20241121-r2", "Arch": "x86_64", "SrcName": "ca-certificates", "SrcVersion": "20241121-r2", "Licenses": [ "MPL-2.0", "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "Digest": "sha1:9d2aaa4ca9f2446fc14264d515907f2e024fafab", "InstalledFiles": [ "etc/ssl/cert.pem", "etc/ssl/certs/ca-certificates.crt", "etc/ssl1.1/cert.pem", "etc/ssl1.1/certs" ], "AnalyzedBy": "apk" }, { "ID": "jq@1.8.0-r0", "Name": "jq", "Identifier": { "PURL": "pkg:apk/alpine/jq@1.8.0-r0?arch=x86_64\u0026distro=3.22.0", "UID": "bbe3dd443ebd92cf" }, "Version": "1.8.0-r0", "Arch": "x86_64", "SrcName": "jq", "SrcVersion": "1.8.0-r0", "Licenses": [ "MIT" ], "Maintainer": "Patrycja Rosa \u003calpine@ptrcnull.me\u003e", "DependsOn": [ "musl@1.2.5-r10", "oniguruma@6.9.10-r0" ], "Layer": { "Digest": "sha256:3a3d1989b42039025876d69ab36ecac567ed65b78b711ced035d06a7e01711d5", "DiffID": "sha256:c5660a38cc9818e577cfb7157f48548aec9563399b78cae92d75cfca3786f1b7" }, "Digest": "sha1:046d6a5ebd03c022be79d5ee4f32a73b96af8ab2", "InstalledFiles": [ "usr/bin/jq", "usr/lib/libjq.so.1", "usr/lib/libjq.so.1.0.4" ], "AnalyzedBy": "apk" }, { "ID": "libapk2@2.14.9-r2", "Name": "libapk2", "Identifier": { "PURL": "pkg:apk/alpine/libapk2@2.14.9-r2?arch=x86_64\u0026distro=3.22.0", "UID": "e8d5029390f2f066" }, "Version": "2.14.9-r2", "Arch": "x86_64", "SrcName": "apk-tools", "SrcVersion": "2.14.9-r2", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "ca-certificates-bundle@20241121-r2", "libcrypto3@3.5.0-r0", "libssl3@3.5.0-r0", "musl@1.2.5-r10", "zlib@1.3.1-r2" ], "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "Digest": "sha1:d3a20797fcda1b5742c119ffc146c1e110ed418e", "InstalledFiles": [ "usr/lib/libapk.so.2.14.9" ], "AnalyzedBy": "apk" }, { "ID": "libcrypto3@3.5.0-r0", "Name": "libcrypto3", "Identifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", "UID": "4cbb55f7384d8982" }, "Version": "3.5.0-r0", "Arch": "x86_64", "SrcName": "openssl", "SrcVersion": "3.5.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "Digest": "sha1:3749edc5c03dedec613b9e2ee94740249dab2754", "InstalledFiles": [ "etc/ssl/ct_log_list.cnf", "etc/ssl/ct_log_list.cnf.dist", "etc/ssl/openssl.cnf", "etc/ssl/openssl.cnf.dist", "usr/lib/libcrypto.so.3", "usr/lib/engines-3/afalg.so", "usr/lib/engines-3/capi.so", "usr/lib/engines-3/loader_attic.so", "usr/lib/engines-3/padlock.so", "usr/lib/ossl-modules/legacy.so" ], "AnalyzedBy": "apk" }, { "ID": "libssl3@3.5.0-r0", "Name": "libssl3", "Identifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", "UID": "2eea6099948a2fb" }, "Version": "3.5.0-r0", "Arch": "x86_64", "SrcName": "openssl", "SrcVersion": "3.5.0-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libcrypto3@3.5.0-r0", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "Digest": "sha1:8282bdd4fed1379f22e199f05aefd3d50a10e49b", "InstalledFiles": [ "usr/lib/libssl.so.3" ], "AnalyzedBy": "apk" }, { "ID": "musl@1.2.5-r10", "Name": "musl", "Identifier": { "PURL": "pkg:apk/alpine/musl@1.2.5-r10?arch=x86_64\u0026distro=3.22.0", "UID": "55e7e479f5580f45" }, "Version": "1.2.5-r10", "Arch": "x86_64", "SrcName": "musl", "SrcVersion": "1.2.5-r10", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "Digest": "sha1:59283b61db830a0a0309c98f4db906a2d8fa342b", "InstalledFiles": [ "lib/ld-musl-x86_64.so.1", "lib/libc.musl-x86_64.so.1" ], "AnalyzedBy": "apk" }, { "ID": "musl-utils@1.2.5-r10", "Name": "musl-utils", "Identifier": { "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r10?arch=x86_64\u0026distro=3.22.0", "UID": "73256102bfd5faee" }, "Version": "1.2.5-r10", "Arch": "x86_64", "SrcName": "musl", "SrcVersion": "1.2.5-r10", "Licenses": [ "MIT", "BSD-2-Clause", "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10", "scanelf@1.3.8-r1" ], "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "Digest": "sha1:7e60d0820813baa8ac266bee158394c0a69f104a", "InstalledFiles": [ "sbin/ldconfig", "usr/bin/getconf", "usr/bin/getent", "usr/bin/iconv", "usr/bin/ldd" ], "AnalyzedBy": "apk" }, { "ID": "oniguruma@6.9.10-r0", "Name": "oniguruma", "Identifier": { "PURL": "pkg:apk/alpine/oniguruma@6.9.10-r0?arch=x86_64\u0026distro=3.22.0", "UID": "1ed61c4d240e1101" }, "Version": "6.9.10-r0", "Arch": "x86_64", "SrcName": "oniguruma", "SrcVersion": "6.9.10-r0", "Licenses": [ "BSD-2-Clause" ], "Maintainer": "Francesco Colista \u003cfcolista@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:3a3d1989b42039025876d69ab36ecac567ed65b78b711ced035d06a7e01711d5", "DiffID": "sha256:c5660a38cc9818e577cfb7157f48548aec9563399b78cae92d75cfca3786f1b7" }, "Digest": "sha1:41d4b327e97551f00edeeeeb41288466c6d04477", "InstalledFiles": [ "usr/lib/libonig.so.5", "usr/lib/libonig.so.5.5.0" ], "AnalyzedBy": "apk" }, { "ID": "scanelf@1.3.8-r1", "Name": "scanelf", "Identifier": { "PURL": "pkg:apk/alpine/scanelf@1.3.8-r1?arch=x86_64\u0026distro=3.22.0", "UID": "be156a8575875ef7" }, "Version": "1.3.8-r1", "Arch": "x86_64", "SrcName": "pax-utils", "SrcVersion": "1.3.8-r1", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "Digest": "sha1:bd6dd1c820d476bcdf8ee38f003bcf2a73323b13", "InstalledFiles": [ "usr/bin/scanelf" ], "AnalyzedBy": "apk" }, { "ID": "ssl_client@1.37.0-r18", "Name": "ssl_client", "Identifier": { "PURL": "pkg:apk/alpine/ssl_client@1.37.0-r18?arch=x86_64\u0026distro=3.22.0", "UID": "8c85a01420c1a048" }, "Version": "1.37.0-r18", "Arch": "x86_64", "SrcName": "busybox", "SrcVersion": "1.37.0-r18", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", "DependsOn": [ "libcrypto3@3.5.0-r0", "libssl3@3.5.0-r0", "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "Digest": "sha1:7fa2e0f5a78d7061d18653bc5e38cb83c42d2f3a", "InstalledFiles": [ "usr/bin/ssl_client" ], "AnalyzedBy": "apk" }, { "ID": "zlib@1.3.1-r2", "Name": "zlib", "Identifier": { "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.22.0", "UID": "23095b6210429e11" }, "Version": "1.3.1-r2", "Arch": "x86_64", "SrcName": "zlib", "SrcVersion": "1.3.1-r2", "Licenses": [ "Zlib" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r10" ], "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "Digest": "sha1:bf7d90d89e5429c18167b91ab8d7e6256cfc7fdf", "InstalledFiles": [ "usr/lib/libz.so.1", "usr/lib/libz.so.1.3.1" ], "AnalyzedBy": "apk" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2024-58251", "PkgID": "busybox@1.37.0-r18", "PkgName": "busybox", "PkgIdentifier": { "PURL": "pkg:apk/alpine/busybox@1.37.0-r18?arch=x86_64\u0026distro=3.22.0", "UID": "3da78128164dbbc4" }, "InstalledVersion": "1.37.0-r18", "FixedVersion": "1.37.0-r20", "Status": "fixed", "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:33d5b0c0db42c7f1bb832edf39490540f247229f61da5f1465e9725e5bde25d4", "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", "Severity": "MEDIUM", "CweIDs": [ "CWE-150" ], "VendorSeverity": { "ubuntu": 2 }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/23/6", "https://bugs.busybox.net/show_bug.cgi?id=15922", "https://www.busybox.net", "https://www.busybox.net/downloads/", "https://www.cve.org/CVERecord?id=CVE-2024-58251" ], "PublishedDate": "2025-04-23T18:16:03.057Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-58251", "PkgID": "busybox-binsh@1.37.0-r18", "PkgName": "busybox-binsh", "PkgIdentifier": { "PURL": "pkg:apk/alpine/busybox-binsh@1.37.0-r18?arch=x86_64\u0026distro=3.22.0", "UID": "c66405e3f8ffde54" }, "InstalledVersion": "1.37.0-r18", "FixedVersion": "1.37.0-r20", "Status": "fixed", "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:1502160de79420af95b3cff87ba5037faf6e180da4ad458686571216c6d8a6c0", "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", "Severity": "MEDIUM", "CweIDs": [ "CWE-150" ], "VendorSeverity": { "ubuntu": 2 }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/23/6", "https://bugs.busybox.net/show_bug.cgi?id=15922", "https://www.busybox.net", "https://www.busybox.net/downloads/", "https://www.cve.org/CVERecord?id=CVE-2024-58251" ], "PublishedDate": "2025-04-23T18:16:03.057Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-49014", "PkgID": "jq@1.8.0-r0", "PkgName": "jq", "PkgIdentifier": { "PURL": "pkg:apk/alpine/jq@1.8.0-r0?arch=x86_64\u0026distro=3.22.0", "UID": "bbe3dd443ebd92cf" }, "InstalledVersion": "1.8.0-r0", "FixedVersion": "1.8.1-r0", "Status": "fixed", "Layer": { "Digest": "sha256:3a3d1989b42039025876d69ab36ecac567ed65b78b711ced035d06a7e01711d5", "DiffID": "sha256:c5660a38cc9818e577cfb7157f48548aec9563399b78cae92d75cfca3786f1b7" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-49014", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:b0c40c16862457cd8a4405922d4af54c707119c5582eb9db11a760f02b33540c", "Title": "jq: jq Heap Use-After-Free Vulnerability", "Description": "jq is a command-line JSON processor. In version 1.8.0 a heap use after free vulnerability exists within the function f_strflocaltime of /src/builtin.c. This issue has been patched in commit 499c91b, no known fix version exists at time of publication.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-49014", "https://github.com/jqlang/jq/commit/499c91bca9d4d027833bc62787d1bb075c03680e", "https://github.com/jqlang/jq/security/advisories/GHSA-rmjp-cr27-wpg2", "https://nvd.nist.gov/vuln/detail/CVE-2025-49014", "https://www.cve.org/CVERecord?id=CVE-2025-49014" ], "PublishedDate": "2025-06-19T15:15:20.65Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2026-31789", "PkgID": "libcrypto3@3.5.0-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", "UID": "4cbb55f7384d8982" }, "InstalledVersion": "3.5.0-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31789", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:b6a0321a2833ef901ce0d6da909d7478ac5f469f4cc9037ffb1b21fa8049d9a2", "Title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing", "Description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "CRITICAL", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "azure": 2, "nvd": 4, "photon": 4, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", "V3Score": 5.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31789", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-j79m-9jxq-788r", "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-31789", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.617Z", "LastModifiedDate": "2026-05-12T13:17:34.57Z" }, { "VulnerabilityID": "CVE-2025-15467", "PkgID": "libcrypto3@3.5.0-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", "UID": "4cbb55f7384d8982" }, "InstalledVersion": "3.5.0-r0", "FixedVersion": "3.5.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15467", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:8a7ac29c9c3ee11a0bdd0f76b473925909f3467bc521b7d6b75d36c62b24d729", "Title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing", "Description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 4, "julia": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 8.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/27/10", "http://www.openwall.com/lists/oss-security/2026/02/25/6", "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-15467", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-wvhq-3h88-rf6g", "https://github.com/guiimoraes/CVE-2025-15467", "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://linux.oracle.com/cve/CVE-2025-15467.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://www.cve.org/CVERecord?id=CVE-2025-15467" ], "PublishedDate": "2026-01-27T16:16:14.257Z", "LastModifiedDate": "2026-05-07T18:12:43.253Z" }, { "VulnerabilityID": "CVE-2025-69421", "PkgID": "libcrypto3@3.5.0-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", "UID": "4cbb55f7384d8982" }, "InstalledVersion": "3.5.0-r0", "FixedVersion": "3.5.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69421", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:893f73a56166c73c218570fcee053bb675863382642ed20de85c710e627711b2", "Title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing", "Description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "cbl-mariner": 2, "julia": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 1, "rocky": 3, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-69421", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-w9rv-xc8m-cmqp", "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://linux.oracle.com/cve/CVE-2025-69421.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69421" ], "PublishedDate": "2026-01-27T16:16:34.437Z", "LastModifiedDate": "2026-05-12T13:17:26.71Z" }, { "VulnerabilityID": "CVE-2026-28387", "PkgID": "libcrypto3@3.5.0-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", "UID": "4cbb55f7384d8982" }, "InstalledVersion": "3.5.0-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28387", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:6c79a6e6f8984df42fda1ae0ca8941244d9dca51a878c4e449084c3005b595d1", "Title": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication", "Description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as 'unusable' any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28387", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b", "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe", "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3", "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7", "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177", "https://nvd.nist.gov/vuln/detail/CVE-2026-28387", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28387", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:20.7Z", "LastModifiedDate": "2026-05-12T13:17:33.27Z" }, { "VulnerabilityID": "CVE-2026-28388", "PkgID": "libcrypto3@3.5.0-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", "UID": "4cbb55f7384d8982" }, "InstalledVersion": "3.5.0-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28388", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:1d4c149c95f1aa465dc91262841c7f91bf1c56cd646abd7bf3f0cbc2f71640f5", "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing", "Description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28388", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28388", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:20.863Z", "LastModifiedDate": "2026-05-12T13:17:33.453Z" }, { "VulnerabilityID": "CVE-2026-28389", "PkgID": "libcrypto3@3.5.0-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", "UID": "4cbb55f7384d8982" }, "InstalledVersion": "3.5.0-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28389", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:0a15bc4edf19170cc956e0ac987604a0d1b71d155275869cbd2341cb6871ca99", "Title": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing", "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28389", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/advisories/GHSA-7x88-9hgc-69gf", "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28389", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.03Z", "LastModifiedDate": "2026-05-12T13:17:33.637Z" }, { "VulnerabilityID": "CVE-2026-28390", "PkgID": "libcrypto3@3.5.0-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", "UID": "4cbb55f7384d8982" }, "InstalledVersion": "3.5.0-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28390", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:aafb18796a85e9894a53464afb3244e3682f12c465bdb22329610206a2ca965a", "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing", "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28390", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", "https://nvd.nist.gov/vuln/detail/CVE-2026-28390", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28390", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.19Z", "LastModifiedDate": "2026-05-12T13:17:33.81Z" }, { "VulnerabilityID": "CVE-2025-11187", "PkgID": "libcrypto3@3.5.0-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", "UID": "4cbb55f7384d8982" }, "InstalledVersion": "3.5.0-r0", "FixedVersion": "3.5.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11187", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:82500943046483034d5abe872e288466779357258095b0ad837000dd06c9a4fd", "Title": "openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file", "Description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476", "CWE-787" ], "VendorSeverity": { "alma": 3, "julia": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-11187", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-hpc7-gcqm-58fv", "https://github.com/metadust/CVE-2025-11187", "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", "https://linux.oracle.com/cve/CVE-2025-11187.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://www.cve.org/CVERecord?id=CVE-2025-11187" ], "PublishedDate": "2026-01-27T16:16:14.093Z", "LastModifiedDate": "2026-03-20T14:16:13.89Z" }, { "VulnerabilityID": "CVE-2025-4575", "PkgID": "libcrypto3@3.5.0-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", "UID": "4cbb55f7384d8982" }, "InstalledVersion": "3.5.0-r0", "FixedVersion": "3.5.1-r0", "Status": "fixed", "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4575", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:5a7672d1f2cc73e9882ae40dfb536944555590b8f9ea4e3d65e0b73d6a1396a7", "Title": "Issue summary: Use of -addreject option with the openssl x509 applicat ...", "Description": "Issue summary: Use of -addreject option with the openssl x509 application adds\na trusted use instead of a rejected use for a certificate.\n\nImpact summary: If a user intends to make a trusted certificate rejected for\na particular use it will be instead marked as trusted for that use.\n\nA copy \u0026 paste error during minor refactoring of the code introduced this\nissue in the OpenSSL 3.5 version. If, for example, a trusted CA certificate\nshould be trusted only for the purpose of authenticating TLS servers but not\nfor CMS signature verification and the CMS signature verification is intended\nto be marked as rejected with the -addreject option, the resulting CA\ncertificate will be trusted for CMS signature verification purpose instead.\n\nOnly users which use the trusted certificate format who use the openssl x509\ncommand line application to add rejected uses are affected by this issue.\nThe issues affecting only the command line application are considered to\nbe Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue.\n\nOpenSSL 3.4, 3.3, 3.2, 3.1, 3.0, 1.1.1 and 1.0.2 are also not affected by this\nissue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "julia": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/05/22/1", "https://github.com/advisories/GHSA-v8qh-5c5w-48pp", "https://github.com/openssl/openssl/commit/e96d22446e633d117e6c9904cb15b4693e956eaa", "https://nvd.nist.gov/vuln/detail/CVE-2025-4575", "https://openssl-library.org/news/secadv/20250522.txt" ], "PublishedDate": "2025-05-22T14:16:07.63Z", "LastModifiedDate": "2025-10-23T14:51:30.377Z" }, { "VulnerabilityID": "CVE-2025-69419", "PkgID": "libcrypto3@3.5.0-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", "UID": "4cbb55f7384d8982" }, "InstalledVersion": "3.5.0-r0", "FixedVersion": "3.5.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69419", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:329ca292c906103e9c94999ba937af59c3255a1a5fb3db25f1807a33268953e2", "Title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing", "Description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "cbl-mariner": 3, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4472", "https://access.redhat.com/security/cve/CVE-2025-69419", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-4472.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-x77r-97gw-wh89", "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", "https://linux.oracle.com/cve/CVE-2025-69419.html", "https://linux.oracle.com/errata/ELSA-2026-50131.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69419" ], "PublishedDate": "2026-01-27T16:16:34.113Z", "LastModifiedDate": "2026-05-12T13:17:26.19Z" }, { "VulnerabilityID": "CVE-2025-9230", "PkgID": "libcrypto3@3.5.0-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", "UID": "4cbb55f7384d8982" }, "InstalledVersion": "3.5.0-r0", "FixedVersion": "3.5.4-r0", "Status": "fixed", "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:401ee2dfd28878e1f0e8f203aa3001a696f3ee4b60584a908f3f5a0fcd290d71", "Title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap", "Description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125", "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "cbl-mariner": 3, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.6 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/09/30/5", "https://access.redhat.com/errata/RHSA-2026:2776", "https://access.redhat.com/security/cve/CVE-2025-9230", "https://bugzilla.redhat.com/2396054", "https://bugzilla.redhat.com/show_bug.cgi?id=2396054", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cert-portal.siemens.com/productcert/html/ssa-485750.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230", "https://errata.almalinux.org/9/ALSA-2026-2776.html", "https://errata.rockylinux.org/RLSA-2025:21255", "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", "https://linux.oracle.com/cve/CVE-2025-9230.html", "https://linux.oracle.com/errata/ELSA-2026-50114.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "https://openssl-library.org/news/secadv/20250930.txt", "https://ubuntu.com/security/notices/USN-7786-1", "https://www.cve.org/CVERecord?id=CVE-2025-9230" ], "PublishedDate": "2025-09-30T14:15:41.05Z", "LastModifiedDate": "2026-05-12T13:17:29.767Z" }, { "VulnerabilityID": "CVE-2025-9231", "PkgID": "libcrypto3@3.5.0-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", "UID": "4cbb55f7384d8982" }, "InstalledVersion": "3.5.0-r0", "FixedVersion": "3.5.4-r0", "Status": "fixed", "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:e69988bf421e9e5c06c890d9dbf90415babf73cfdca6592322514a36178f6857", "Title": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", "Description": "Issue summary: A timing side-channel which could potentially allow remote\nrecovery of the private key exists in the SM2 algorithm implementation on 64 bit\nARM platforms.\n\nImpact summary: A timing side-channel in SM2 signature computations on 64 bit\nARM platforms could allow recovering the private key by an attacker..\n\nWhile remote key recovery over a network was not attempted by the reporter,\ntiming measurements revealed a timing signal which may allow such an attack.\n\nOpenSSL does not directly support certificates with SM2 keys in TLS, and so\nthis CVE is not relevant in most TLS contexts. However, given that it is\npossible to add support for such certificates via a custom provider, coupled\nwith the fact that in such a custom provider context the private key may be\nrecoverable via remote timing measurements, we consider this to be a Moderate\nseverity issue.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as SM2 is not an approved algorithm.", "Severity": "MEDIUM", "CweIDs": [ "CWE-385" ], "VendorSeverity": { "amazon": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/09/30/5", "http://www.openwall.com/lists/oss-security/2026/05/11/11", "https://access.redhat.com/security/cve/CVE-2025-9231", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", "https://github.com/advisories/GHSA-9mrx-mqmg-gwj9", "https://github.com/openssl/openssl/commit/567f64386e43683888212226824b6a179885a0fe", "https://github.com/openssl/openssl/commit/cba616c26ac8e7b37de5e77762e505ba5ca51698", "https://github.com/openssl/openssl/commit/eed5adc9f969d77c94f213767acbb41ff923b6f4", "https://github.com/openssl/openssl/commit/fc47a2ec078912b3e914fab5734535e76c4820c2", "https://nvd.nist.gov/vuln/detail/CVE-2025-9231", "https://openssl-library.org/news/secadv/20250930.txt", "https://ubuntu.com/security/notices/USN-7786-1", "https://www.cve.org/CVERecord?id=CVE-2025-9231" ], "PublishedDate": "2025-09-30T14:15:41.19Z", "LastModifiedDate": "2026-05-12T13:17:29.927Z" }, { "VulnerabilityID": "CVE-2026-2673", "PkgID": "libcrypto3@3.5.0-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", "UID": "4cbb55f7384d8982" }, "InstalledVersion": "3.5.0-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-2673", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:d7a360c69af30b24c668e18363d0cefa47ed335f4049b3e614907672be704a89", "Title": "openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group", "Description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-757" ], "VendorSeverity": { "amazon": 1, "julia": 3, "redhat": 2, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/13/3", "https://access.redhat.com/security/cve/CVE-2026-2673", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-wj64-gh9j-xm82", "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "https://openssl-library.org/news/secadv/20260313.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-2673" ], "PublishedDate": "2026-03-13T19:54:34.033Z", "LastModifiedDate": "2026-05-18T20:16:37.763Z" }, { "VulnerabilityID": "CVE-2026-31790", "PkgID": "libcrypto3@3.5.0-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", "UID": "4cbb55f7384d8982" }, "InstalledVersion": "3.5.0-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31790", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:239fe000b3709b599671228100bfd056fd9f50b79f0534ab7f515feb5eeae54b", "Title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key", "Description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-754" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31790", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-vgxx-5xj5-q97x", "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-31790", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.77Z", "LastModifiedDate": "2026-05-12T13:17:34.75Z" }, { "VulnerabilityID": "CVE-2026-31789", "PkgID": "libssl3@3.5.0-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", "UID": "2eea6099948a2fb" }, "InstalledVersion": "3.5.0-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31789", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:8ab96dd031df5aa92f842c09b9bc3a8547e1e64000597895e9f440cf05c7bec2", "Title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing", "Description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "CRITICAL", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "azure": 2, "nvd": 4, "photon": 4, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", "V3Score": 5.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31789", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-j79m-9jxq-788r", "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-31789", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.617Z", "LastModifiedDate": "2026-05-12T13:17:34.57Z" }, { "VulnerabilityID": "CVE-2025-15467", "PkgID": "libssl3@3.5.0-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", "UID": "2eea6099948a2fb" }, "InstalledVersion": "3.5.0-r0", "FixedVersion": "3.5.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15467", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:541936b67fa7a770e7dd387e4a79500f03e653897cb0c34cbe8359a65eed0308", "Title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing", "Description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 4, "julia": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 8.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/27/10", "http://www.openwall.com/lists/oss-security/2026/02/25/6", "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-15467", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-wvhq-3h88-rf6g", "https://github.com/guiimoraes/CVE-2025-15467", "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://linux.oracle.com/cve/CVE-2025-15467.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://www.cve.org/CVERecord?id=CVE-2025-15467" ], "PublishedDate": "2026-01-27T16:16:14.257Z", "LastModifiedDate": "2026-05-07T18:12:43.253Z" }, { "VulnerabilityID": "CVE-2025-69421", "PkgID": "libssl3@3.5.0-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", "UID": "2eea6099948a2fb" }, "InstalledVersion": "3.5.0-r0", "FixedVersion": "3.5.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69421", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:347548b31bd15e3d1d83e7ee2d7bd455a25eb341deb34789d67990a0aacd1ae5", "Title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing", "Description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "cbl-mariner": 2, "julia": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 1, "rocky": 3, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-69421", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-w9rv-xc8m-cmqp", "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://linux.oracle.com/cve/CVE-2025-69421.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69421" ], "PublishedDate": "2026-01-27T16:16:34.437Z", "LastModifiedDate": "2026-05-12T13:17:26.71Z" }, { "VulnerabilityID": "CVE-2026-28387", "PkgID": "libssl3@3.5.0-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", "UID": "2eea6099948a2fb" }, "InstalledVersion": "3.5.0-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28387", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:431a86303059eb4fddf40959554db3779e6d6b2573e4aa156faf70ea6feffdc0", "Title": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication", "Description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as 'unusable' any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28387", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b", "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe", "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3", "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7", "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177", "https://nvd.nist.gov/vuln/detail/CVE-2026-28387", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28387", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:20.7Z", "LastModifiedDate": "2026-05-12T13:17:33.27Z" }, { "VulnerabilityID": "CVE-2026-28388", "PkgID": "libssl3@3.5.0-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", "UID": "2eea6099948a2fb" }, "InstalledVersion": "3.5.0-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28388", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:c83dc8da0a0b9574529eef6220a4c4161f046f8e8789cb261e18d500dbf65398", "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing", "Description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28388", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28388", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:20.863Z", "LastModifiedDate": "2026-05-12T13:17:33.453Z" }, { "VulnerabilityID": "CVE-2026-28389", "PkgID": "libssl3@3.5.0-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", "UID": "2eea6099948a2fb" }, "InstalledVersion": "3.5.0-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28389", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:36f481152bfa5a48589f1ef8fe451230c13120f209a6463928b49248970ddee0", "Title": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing", "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28389", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/advisories/GHSA-7x88-9hgc-69gf", "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28389", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.03Z", "LastModifiedDate": "2026-05-12T13:17:33.637Z" }, { "VulnerabilityID": "CVE-2026-28390", "PkgID": "libssl3@3.5.0-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", "UID": "2eea6099948a2fb" }, "InstalledVersion": "3.5.0-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28390", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:f7c3bca817cbcffbe76a46bfaa22b59feb1693657b71290591ca6748b0cb6099", "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing", "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28390", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", "https://nvd.nist.gov/vuln/detail/CVE-2026-28390", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28390", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.19Z", "LastModifiedDate": "2026-05-12T13:17:33.81Z" }, { "VulnerabilityID": "CVE-2025-11187", "PkgID": "libssl3@3.5.0-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", "UID": "2eea6099948a2fb" }, "InstalledVersion": "3.5.0-r0", "FixedVersion": "3.5.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-11187", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:adc6f34754ce15d7c1a25769625c4cb81a5d59e689f9dfede7fd231235d79d0d", "Title": "openssl: OpenSSL: Arbitrary code execution or denial of service through crafted PKCS#12 file", "Description": "Issue summary: PBMAC1 parameters in PKCS#12 files are missing validation\nwhich can trigger a stack-based buffer overflow, invalid pointer or NULL\npointer dereference during MAC verification.\n\nImpact summary: The stack buffer overflow or NULL pointer dereference may\ncause a crash leading to Denial of Service for an application that parses\nuntrusted PKCS#12 files. The buffer overflow may also potentially enable\ncode execution depending on platform mitigations.\n\nWhen verifying a PKCS#12 file that uses PBMAC1 for the MAC, the PBKDF2\nsalt and keylength parameters from the file are used without validation.\nIf the value of keylength exceeds the size of the fixed stack buffer used\nfor the derived key (64 bytes), the key derivation will overflow the buffer.\nThe overflow length is attacker-controlled. Also, if the salt parameter is\nnot an OCTET STRING type this can lead to invalid or NULL pointer\ndereference.\n\nExploiting this issue requires a user or application to process\na maliciously crafted PKCS#12 file. It is uncommon to accept untrusted\nPKCS#12 files in applications as they are usually used to store private\nkeys which are trusted by definition. For this reason the issue was assessed\nas Moderate severity.\n\nThe FIPS modules in 3.6, 3.5 and 3.4 are not affected by this issue, as\nPKCS#12 processing is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5 and 3.4 are vulnerable to this issue.\n\nOpenSSL 3.3, 3.0, 1.1.1 and 1.0.2 are not affected by this issue as they do\nnot support PBMAC1 in PKCS#12.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476", "CWE-787" ], "VendorSeverity": { "alma": 3, "julia": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-11187", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-hpc7-gcqm-58fv", "https://github.com/metadust/CVE-2025-11187", "https://github.com/openssl/openssl/commit/205e3a55e16e4bd08c12fdbd3416ab829c0f6206", "https://github.com/openssl/openssl/commit/8caf359d6e46fb413e8f5f0df765d2e8a51df4e8", "https://github.com/openssl/openssl/commit/e1079bc17ed93ff16f6b86f33a2fe3336e78817e", "https://linux.oracle.com/cve/CVE-2025-11187.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-11187", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://www.cve.org/CVERecord?id=CVE-2025-11187" ], "PublishedDate": "2026-01-27T16:16:14.093Z", "LastModifiedDate": "2026-03-20T14:16:13.89Z" }, { "VulnerabilityID": "CVE-2025-4575", "PkgID": "libssl3@3.5.0-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", "UID": "2eea6099948a2fb" }, "InstalledVersion": "3.5.0-r0", "FixedVersion": "3.5.1-r0", "Status": "fixed", "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4575", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:e803b485f6802af83b53d40c97cc43a180f3cb7449a9e8566f2a56a952928998", "Title": "Issue summary: Use of -addreject option with the openssl x509 applicat ...", "Description": "Issue summary: Use of -addreject option with the openssl x509 application adds\na trusted use instead of a rejected use for a certificate.\n\nImpact summary: If a user intends to make a trusted certificate rejected for\na particular use it will be instead marked as trusted for that use.\n\nA copy \u0026 paste error during minor refactoring of the code introduced this\nissue in the OpenSSL 3.5 version. If, for example, a trusted CA certificate\nshould be trusted only for the purpose of authenticating TLS servers but not\nfor CMS signature verification and the CMS signature verification is intended\nto be marked as rejected with the -addreject option, the resulting CA\ncertificate will be trusted for CMS signature verification purpose instead.\n\nOnly users which use the trusted certificate format who use the openssl x509\ncommand line application to add rejected uses are affected by this issue.\nThe issues affecting only the command line application are considered to\nbe Low severity.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue.\n\nOpenSSL 3.4, 3.3, 3.2, 3.1, 3.0, 1.1.1 and 1.0.2 are also not affected by this\nissue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "julia": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/05/22/1", "https://github.com/advisories/GHSA-v8qh-5c5w-48pp", "https://github.com/openssl/openssl/commit/e96d22446e633d117e6c9904cb15b4693e956eaa", "https://nvd.nist.gov/vuln/detail/CVE-2025-4575", "https://openssl-library.org/news/secadv/20250522.txt" ], "PublishedDate": "2025-05-22T14:16:07.63Z", "LastModifiedDate": "2025-10-23T14:51:30.377Z" }, { "VulnerabilityID": "CVE-2025-69419", "PkgID": "libssl3@3.5.0-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", "UID": "2eea6099948a2fb" }, "InstalledVersion": "3.5.0-r0", "FixedVersion": "3.5.5-r0", "Status": "fixed", "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69419", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:36d03b9df531e3268c7fc878e00b9efbc0ed29e98829f3e5f7d2aa4362c6bfab", "Title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing", "Description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "cbl-mariner": 3, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4472", "https://access.redhat.com/security/cve/CVE-2025-69419", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-4472.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-x77r-97gw-wh89", "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", "https://linux.oracle.com/cve/CVE-2025-69419.html", "https://linux.oracle.com/errata/ELSA-2026-50131.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69419" ], "PublishedDate": "2026-01-27T16:16:34.113Z", "LastModifiedDate": "2026-05-12T13:17:26.19Z" }, { "VulnerabilityID": "CVE-2025-9230", "PkgID": "libssl3@3.5.0-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", "UID": "2eea6099948a2fb" }, "InstalledVersion": "3.5.0-r0", "FixedVersion": "3.5.4-r0", "Status": "fixed", "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:325dd25f68b26d381146578e9f51508e913a9db754d2100807201952ff29a698", "Title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap", "Description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125", "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "cbl-mariner": 3, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.6 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/09/30/5", "https://access.redhat.com/errata/RHSA-2026:2776", "https://access.redhat.com/security/cve/CVE-2025-9230", "https://bugzilla.redhat.com/2396054", "https://bugzilla.redhat.com/show_bug.cgi?id=2396054", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cert-portal.siemens.com/productcert/html/ssa-485750.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230", "https://errata.almalinux.org/9/ALSA-2026-2776.html", "https://errata.rockylinux.org/RLSA-2025:21255", "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", "https://linux.oracle.com/cve/CVE-2025-9230.html", "https://linux.oracle.com/errata/ELSA-2026-50114.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "https://openssl-library.org/news/secadv/20250930.txt", "https://ubuntu.com/security/notices/USN-7786-1", "https://www.cve.org/CVERecord?id=CVE-2025-9230" ], "PublishedDate": "2025-09-30T14:15:41.05Z", "LastModifiedDate": "2026-05-12T13:17:29.767Z" }, { "VulnerabilityID": "CVE-2025-9231", "PkgID": "libssl3@3.5.0-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", "UID": "2eea6099948a2fb" }, "InstalledVersion": "3.5.0-r0", "FixedVersion": "3.5.4-r0", "Status": "fixed", "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:14e045a369fa0fcbda373b5371edcac51d02d376239042dce7fe15e43bd3da30", "Title": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", "Description": "Issue summary: A timing side-channel which could potentially allow remote\nrecovery of the private key exists in the SM2 algorithm implementation on 64 bit\nARM platforms.\n\nImpact summary: A timing side-channel in SM2 signature computations on 64 bit\nARM platforms could allow recovering the private key by an attacker..\n\nWhile remote key recovery over a network was not attempted by the reporter,\ntiming measurements revealed a timing signal which may allow such an attack.\n\nOpenSSL does not directly support certificates with SM2 keys in TLS, and so\nthis CVE is not relevant in most TLS contexts. However, given that it is\npossible to add support for such certificates via a custom provider, coupled\nwith the fact that in such a custom provider context the private key may be\nrecoverable via remote timing measurements, we consider this to be a Moderate\nseverity issue.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as SM2 is not an approved algorithm.", "Severity": "MEDIUM", "CweIDs": [ "CWE-385" ], "VendorSeverity": { "amazon": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/09/30/5", "http://www.openwall.com/lists/oss-security/2026/05/11/11", "https://access.redhat.com/security/cve/CVE-2025-9231", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", "https://github.com/advisories/GHSA-9mrx-mqmg-gwj9", "https://github.com/openssl/openssl/commit/567f64386e43683888212226824b6a179885a0fe", "https://github.com/openssl/openssl/commit/cba616c26ac8e7b37de5e77762e505ba5ca51698", "https://github.com/openssl/openssl/commit/eed5adc9f969d77c94f213767acbb41ff923b6f4", "https://github.com/openssl/openssl/commit/fc47a2ec078912b3e914fab5734535e76c4820c2", "https://nvd.nist.gov/vuln/detail/CVE-2025-9231", "https://openssl-library.org/news/secadv/20250930.txt", "https://ubuntu.com/security/notices/USN-7786-1", "https://www.cve.org/CVERecord?id=CVE-2025-9231" ], "PublishedDate": "2025-09-30T14:15:41.19Z", "LastModifiedDate": "2026-05-12T13:17:29.927Z" }, { "VulnerabilityID": "CVE-2026-2673", "PkgID": "libssl3@3.5.0-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", "UID": "2eea6099948a2fb" }, "InstalledVersion": "3.5.0-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-2673", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:2bddf31a12a2ae2c4da6fa403b0ca090a75cd136f79b247ce364a111f3332b08", "Title": "openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group", "Description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-757" ], "VendorSeverity": { "amazon": 1, "julia": 3, "redhat": 2, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/13/3", "https://access.redhat.com/security/cve/CVE-2026-2673", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-wj64-gh9j-xm82", "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "https://openssl-library.org/news/secadv/20260313.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-2673" ], "PublishedDate": "2026-03-13T19:54:34.033Z", "LastModifiedDate": "2026-05-18T20:16:37.763Z" }, { "VulnerabilityID": "CVE-2026-31790", "PkgID": "libssl3@3.5.0-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.0-r0?arch=x86_64\u0026distro=3.22.0", "UID": "2eea6099948a2fb" }, "InstalledVersion": "3.5.0-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31790", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:8363fe7909335c3719bfb78136ba1b36d1858c67669500f567d6b1ef2b7fd5f6", "Title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key", "Description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-754" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31790", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-vgxx-5xj5-q97x", "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-31790", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.77Z", "LastModifiedDate": "2026-05-12T13:17:34.75Z" }, { "VulnerabilityID": "CVE-2026-40200", "PkgID": "musl@1.2.5-r10", "PkgName": "musl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl@1.2.5-r10?arch=x86_64\u0026distro=3.22.0", "UID": "55e7e479f5580f45" }, "InstalledVersion": "1.2.5-r10", "FixedVersion": "1.2.5-r12", "Status": "fixed", "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40200", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:6e70462bdf3b6769a89826c9f265f673ee62312ed4c9854f5166f4c8373af98e", "Title": "musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort", "Description": "An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).", "Severity": "HIGH", "CweIDs": [ "CWE-670" ], "VendorSeverity": { "redhat": 3 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/10/13", "https://access.redhat.com/security/cve/CVE-2026-40200", "https://musl.libc.org/releases.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-40200", "https://www.cve.org/CVERecord?id=CVE-2026-40200", "https://www.openwall.com/lists/oss-security/2026/04/10/13" ], "PublishedDate": "2026-04-10T17:17:14.107Z", "LastModifiedDate": "2026-04-27T19:18:46.69Z" }, { "VulnerabilityID": "CVE-2026-6042", "PkgID": "musl@1.2.5-r10", "PkgName": "musl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl@1.2.5-r10?arch=x86_64\u0026distro=3.22.0", "UID": "55e7e479f5580f45" }, "InstalledVersion": "1.2.5-r10", "FixedVersion": "1.2.5-r11", "Status": "fixed", "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6042", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:d4790bf3f1ebde2e805e7b855e6c5f0d4b60d52a2f3ccd622628a9c500b7f3ca", "Title": "musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv", "Description": "A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.", "Severity": "MEDIUM", "CweIDs": [ "CWE-404", "CWE-407" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/09/19", "https://access.redhat.com/security/cve/CVE-2026-6042", "https://nvd.nist.gov/vuln/detail/CVE-2026-6042", "https://vuldb.com/submit/796352", "https://vuldb.com/vuln/356620", "https://vuldb.com/vuln/356620/cti", "https://www.cve.org/CVERecord?id=CVE-2026-6042", "https://www.openwall.com/lists/oss-security/2026/04/02/10", "https://www.openwall.com/lists/oss-security/2026/04/03/2" ], "PublishedDate": "2026-04-10T09:16:25.45Z", "LastModifiedDate": "2026-04-24T18:01:13.913Z" }, { "VulnerabilityID": "CVE-2026-40200", "PkgID": "musl-utils@1.2.5-r10", "PkgName": "musl-utils", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r10?arch=x86_64\u0026distro=3.22.0", "UID": "73256102bfd5faee" }, "InstalledVersion": "1.2.5-r10", "FixedVersion": "1.2.5-r12", "Status": "fixed", "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40200", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:e59626b61d4fce53be37ea019dc6a6afc1b388b44181a4e7f55f5534ce31ab6a", "Title": "musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort", "Description": "An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).", "Severity": "HIGH", "CweIDs": [ "CWE-670" ], "VendorSeverity": { "redhat": 3 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/10/13", "https://access.redhat.com/security/cve/CVE-2026-40200", "https://musl.libc.org/releases.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-40200", "https://www.cve.org/CVERecord?id=CVE-2026-40200", "https://www.openwall.com/lists/oss-security/2026/04/10/13" ], "PublishedDate": "2026-04-10T17:17:14.107Z", "LastModifiedDate": "2026-04-27T19:18:46.69Z" }, { "VulnerabilityID": "CVE-2026-6042", "PkgID": "musl-utils@1.2.5-r10", "PkgName": "musl-utils", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r10?arch=x86_64\u0026distro=3.22.0", "UID": "73256102bfd5faee" }, "InstalledVersion": "1.2.5-r10", "FixedVersion": "1.2.5-r11", "Status": "fixed", "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6042", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:1314eed578262b13492bfed1ac058afebb1901f53faebba7653f9dac83afa90f", "Title": "musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv", "Description": "A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.", "Severity": "MEDIUM", "CweIDs": [ "CWE-404", "CWE-407" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/09/19", "https://access.redhat.com/security/cve/CVE-2026-6042", "https://nvd.nist.gov/vuln/detail/CVE-2026-6042", "https://vuldb.com/submit/796352", "https://vuldb.com/vuln/356620", "https://vuldb.com/vuln/356620/cti", "https://www.cve.org/CVERecord?id=CVE-2026-6042", "https://www.openwall.com/lists/oss-security/2026/04/02/10", "https://www.openwall.com/lists/oss-security/2026/04/03/2" ], "PublishedDate": "2026-04-10T09:16:25.45Z", "LastModifiedDate": "2026-04-24T18:01:13.913Z" }, { "VulnerabilityID": "CVE-2024-58251", "PkgID": "ssl_client@1.37.0-r18", "PkgName": "ssl_client", "PkgIdentifier": { "PURL": "pkg:apk/alpine/ssl_client@1.37.0-r18?arch=x86_64\u0026distro=3.22.0", "UID": "8c85a01420c1a048" }, "InstalledVersion": "1.37.0-r18", "FixedVersion": "1.37.0-r20", "Status": "fixed", "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:947b627345c7f3b1a633452e185156054b64e3f39466ce4259a37e67fddc40ee", "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", "Severity": "MEDIUM", "CweIDs": [ "CWE-150" ], "VendorSeverity": { "ubuntu": 2 }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/23/6", "https://bugs.busybox.net/show_bug.cgi?id=15922", "https://www.busybox.net", "https://www.busybox.net/downloads/", "https://www.cve.org/CVERecord?id=CVE-2024-58251" ], "PublishedDate": "2025-04-23T18:16:03.057Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2026-22184", "PkgID": "zlib@1.3.1-r2", "PkgName": "zlib", "PkgIdentifier": { "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.22.0", "UID": "23095b6210429e11" }, "InstalledVersion": "1.3.1-r2", "FixedVersion": "1.3.2-r0", "Status": "fixed", "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22184", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:464fac6a261877fae15a641b43e7cb86acde5907ef7361b65b9f97c50f1fb121", "Title": "zlib: zlib: Arbitrary code execution via buffer overflow in untgz utility", "Description": "zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "nvd": 3, "redhat": 3 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "V3Score": 8.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-22184", "https://github.com/madler/zlib", "https://github.com/madler/zlib/issues/1142", "https://nvd.nist.gov/vuln/detail/CVE-2026-22184", "https://seclists.org/fulldisclosure/2026/Jan/3", "https://www.cve.org/CVERecord?id=CVE-2026-22184", "https://www.vulncheck.com/advisories/zlib-untgz-global-buffer-overflow-in-tgzfname", "https://zlib.net/" ], "PublishedDate": "2026-01-07T21:16:01.563Z", "LastModifiedDate": "2026-03-18T16:26:31.14Z" }, { "VulnerabilityID": "CVE-2026-27171", "PkgID": "zlib@1.3.1-r2", "PkgName": "zlib", "PkgIdentifier": { "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.22.0", "UID": "23095b6210429e11" }, "InstalledVersion": "1.3.1-r2", "FixedVersion": "1.3.2-r0", "Status": "fixed", "Layer": { "Digest": "sha256:fe07684b16b82247c3539ed86a65ff37a76138ec25d380bd80c869a1a4c73236", "DiffID": "sha256:fd2758d7a50e2b78d275ee7d1c218489f2439084449d895fa17eede6c61ab2c4" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27171", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:bcdfc0a4b483f3d8730b468430b53ce925f705f8dd2d40355bb40490f48b1b7a", "Title": "zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions", "Description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", "Severity": "MEDIUM", "CweIDs": [ "CWE-1284" ], "VendorSeverity": { "amazon": 1, "azure": 1, "cbl-mariner": 1, "julia": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 2.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit", "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", "https://access.redhat.com/security/cve/CVE-2026-27171", "https://github.com/advisories/GHSA-h858-mf2m-8jf4", "https://github.com/madler/zlib/issues/904", "https://github.com/madler/zlib/releases/tag/v1.3.2", "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", "https://ostif.org/zlib-audit-complete", "https://ostif.org/zlib-audit-complete/", "https://www.cve.org/CVERecord?id=CVE-2026-27171" ], "PublishedDate": "2026-02-18T04:16:01.263Z", "LastModifiedDate": "2026-03-25T21:27:04.603Z" } ] }, { "Target": "usr/bin/geoipupdate", "Class": "lang-pkgs", "Type": "gobinary", "Packages": [ { "ID": "github.com/maxmind/geoipupdate/v7@v7.1.1", "Name": "github.com/maxmind/geoipupdate/v7", "Identifier": { "PURL": "pkg:golang/github.com/maxmind/geoipupdate/v7@7.1.1", "UID": "e1fdcc684bf30e09" }, "Version": "7.1.1", "Relationship": "root", "DependsOn": [ "github.com/cenkalti/backoff/v5@v5.0.2", "github.com/gofrs/flock@v0.12.1", "github.com/spf13/pflag@v1.0.6", "golang.org/x/sync@v0.15.0", "golang.org/x/sys@v0.33.0", "stdlib@v1.24.5" ], "Layer": { "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" }, "AnalyzedBy": "gobinary" }, { "ID": "stdlib@v1.24.5", "Name": "stdlib", "Identifier": { "PURL": "pkg:golang/stdlib@v1.24.5", "UID": "e64ea349133d28dc" }, "Version": "v1.24.5", "Relationship": "direct", "Layer": { "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cenkalti/backoff/v5@v5.0.2", "Name": "github.com/cenkalti/backoff/v5", "Identifier": { "PURL": "pkg:golang/github.com/cenkalti/backoff/v5@v5.0.2", "UID": "a43adcbfe8b44757" }, "Version": "v5.0.2", "Layer": { "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/gofrs/flock@v0.12.1", "Name": "github.com/gofrs/flock", "Identifier": { "PURL": "pkg:golang/github.com/gofrs/flock@v0.12.1", "UID": "f90ca946ec076daf" }, "Version": "v0.12.1", "Layer": { "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/spf13/pflag@v1.0.6", "Name": "github.com/spf13/pflag", "Identifier": { "PURL": "pkg:golang/github.com/spf13/pflag@v1.0.6", "UID": "7a283d31fee624cf" }, "Version": "v1.0.6", "Layer": { "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/sync@v0.15.0", "Name": "golang.org/x/sync", "Identifier": { "PURL": "pkg:golang/golang.org/x/sync@v0.15.0", "UID": "93b3ef4b47fcc611" }, "Version": "v0.15.0", "Layer": { "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/sys@v0.33.0", "Name": "golang.org/x/sys", "Identifier": { "PURL": "pkg:golang/golang.org/x/sys@v0.33.0", "UID": "645ad521ee651f38" }, "Version": "v0.33.0", "Layer": { "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" }, "AnalyzedBy": "gobinary" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2025-68121", "VendorIDs": [ "GO-2026-4337" ], "PkgID": "stdlib@v1.24.5", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.5", "UID": "e64ea349133d28dc" }, "InstalledVersion": "v1.24.5", "FixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3", "Status": "fixed", "Layer": { "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68121", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:093bc5d316cb119321362ea811a922d0e4d95e389e1ab69f0b6af59d46c5e988", "Title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption", "Description": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.", "Severity": "CRITICAL", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 4, "cbl-mariner": 2, "nvd": 4, "oracle-oval": 3, "photon": 4, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "V3Score": 10 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "V3Score": 10 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4177", "https://access.redhat.com/security/cve/CVE-2025-68121", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-4177.html", "https://errata.rockylinux.org/RLSA-2026:4177", "https://github.com/golang/go/issues/77113", "https://go.dev/cl/737700", "https://go.dev/issue/77217", "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-68121.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-68121", "https://pkg.go.dev/vuln/GO-2026-4337", "https://www.cve.org/CVERecord?id=CVE-2025-68121" ], "PublishedDate": "2026-02-05T18:16:10.857Z", "LastModifiedDate": "2026-04-29T14:16:16.17Z" }, { "VulnerabilityID": "CVE-2025-61726", "VendorIDs": [ "GO-2026-4341" ], "PkgID": "stdlib@v1.24.5", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.5", "UID": "e64ea349133d28dc" }, "InstalledVersion": "v1.24.5", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61726", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:dea0a683dd96dc39796f0e1e9caa5675babc3f81133519f1847badd75fbda9bb", "Title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url", "Description": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 3, "cbl-mariner": 2, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4177", "https://access.redhat.com/security/cve/CVE-2025-61726", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-4177.html", "https://errata.rockylinux.org/RLSA-2026:4177", "https://go.dev/cl/736712", "https://go.dev/issue/77101", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-61726.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61726", "https://pkg.go.dev/vuln/GO-2026-4341", "https://www.cve.org/CVERecord?id=CVE-2025-61726" ], "PublishedDate": "2026-01-28T20:16:09.713Z", "LastModifiedDate": "2026-02-06T18:47:34.52Z" }, { "VulnerabilityID": "CVE-2025-61729", "VendorIDs": [ "GO-2025-4155" ], "PkgID": "stdlib@v1.24.5", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.5", "UID": "e64ea349133d28dc" }, "InstalledVersion": "v1.24.5", "FixedVersion": "1.24.11, 1.25.5", "Status": "fixed", "Layer": { "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61729", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:d5012b2e4e8fe1ddb676cb56ae6045a7bca9a0ce890c2d1a459bc26726b1557d", "Title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate", "Description": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 1, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:3928", "https://access.redhat.com/security/cve/CVE-2025-61729", "https://bugzilla.redhat.com/2418462", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-3928.html", "https://errata.rockylinux.org/RLSA-2026:3928", "https://go.dev/cl/725920", "https://go.dev/issue/76445", "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "https://linux.oracle.com/cve/CVE-2025-61729.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61729", "https://pkg.go.dev/vuln/GO-2025-4155", "https://www.cve.org/CVERecord?id=CVE-2025-61729" ], "PublishedDate": "2025-12-02T19:15:51.447Z", "LastModifiedDate": "2025-12-19T18:25:28.283Z" }, { "VulnerabilityID": "CVE-2026-25679", "VendorIDs": [ "GO-2026-4601" ], "PkgID": "stdlib@v1.24.5", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.5", "UID": "e64ea349133d28dc" }, "InstalledVersion": "v1.24.5", "FixedVersion": "1.25.8, 1.26.1", "Status": "fixed", "Layer": { "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25679", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c732aff18c6b4b63282e35c5c2931b574c78061542de02581533c50e648554d7", "Title": "net/url: Incorrect parsing of IPv6 host literals in net/url", "Description": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.", "Severity": "HIGH", "CweIDs": [ "CWE-425" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:9044", "https://access.redhat.com/security/cve/CVE-2026-25679", "https://bugzilla.redhat.com/2445356", "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", "https://errata.almalinux.org/9/ALSA-2026-9044.html", "https://errata.rockylinux.org/RLSA-2026:8841", "https://go.dev/cl/752180", "https://go.dev/issue/77578", "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "https://linux.oracle.com/cve/CVE-2026-25679.html", "https://linux.oracle.com/errata/ELSA-2026-9044.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", "https://pkg.go.dev/vuln/GO-2026-4601", "https://www.cve.org/CVERecord?id=CVE-2026-25679" ], "PublishedDate": "2026-03-06T22:16:00.72Z", "LastModifiedDate": "2026-04-21T14:43:03.8Z" }, { "VulnerabilityID": "CVE-2026-32280", "VendorIDs": [ "GO-2026-4947" ], "PkgID": "stdlib@v1.24.5", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.5", "UID": "e64ea349133d28dc" }, "InstalledVersion": "v1.24.5", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f507a42e6b845dc5a2d4404d1d78ea2a049c118029af485087dc19cc52af04d4", "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32280", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/758320", "https://go.dev/issue/78282", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32280.html", "https://linux.oracle.com/errata/ELSA-2026-16875.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", "https://pkg.go.dev/vuln/GO-2026-4947", "https://www.cve.org/CVERecord?id=CVE-2026-32280" ], "PublishedDate": "2026-04-08T02:16:03.247Z", "LastModifiedDate": "2026-04-16T19:16:42.18Z" }, { "VulnerabilityID": "CVE-2026-32281", "VendorIDs": [ "GO-2026-4946" ], "PkgID": "stdlib@v1.24.5", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.5", "UID": "e64ea349133d28dc" }, "InstalledVersion": "v1.24.5", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f0f9fc3c761331a8de4013a327c8b405aa885cf719b1445019103f2120a8507b", "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32281", "https://go.dev/cl/758061", "https://go.dev/issue/78281", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", "https://pkg.go.dev/vuln/GO-2026-4946", "https://www.cve.org/CVERecord?id=CVE-2026-32281" ], "PublishedDate": "2026-04-08T02:16:03.35Z", "LastModifiedDate": "2026-04-16T19:15:57.75Z" }, { "VulnerabilityID": "CVE-2026-32283", "VendorIDs": [ "GO-2026-4870" ], "PkgID": "stdlib@v1.24.5", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.5", "UID": "e64ea349133d28dc" }, "InstalledVersion": "v1.24.5", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b237d367d9bd437a04e67e9e5b8b6d4efe335d30b53361e8cae69af6b1b8706b", "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "nvd": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32283", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763767", "https://go.dev/issue/78334", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32283.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", "https://pkg.go.dev/vuln/GO-2026-4870", "https://www.cve.org/CVERecord?id=CVE-2026-32283" ], "PublishedDate": "2026-04-08T02:16:03.58Z", "LastModifiedDate": "2026-04-16T19:12:10.54Z" }, { "VulnerabilityID": "CVE-2026-33811", "VendorIDs": [ "GO-2026-4981" ], "PkgID": "stdlib@v1.24.5", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.5", "UID": "e64ea349133d28dc" }, "InstalledVersion": "v1.24.5", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:e26fa4c6638b4ef6131abb59a21dbae1e712e499790ae853e5c9fcd6d83e1de1", "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", "Severity": "HIGH", "CweIDs": [ "CWE-415" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/767860", "https://go.dev/issue/78803", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", "https://pkg.go.dev/vuln/GO-2026-4981" ], "PublishedDate": "2026-05-07T20:16:42.77Z", "LastModifiedDate": "2026-05-12T20:23:02.333Z" }, { "VulnerabilityID": "CVE-2026-33814", "VendorIDs": [ "GO-2026-4918" ], "PkgID": "stdlib@v1.24.5", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.5", "UID": "e64ea349133d28dc" }, "InstalledVersion": "v1.24.5", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:4129b1b80f4fffa1e3e3bd08e6c7a2a8a69c5f23afeff227b40f0953b3252a9a", "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", "Severity": "HIGH", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/761581", "https://go.dev/cl/761640", "https://go.dev/issue/78476", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", "https://pkg.go.dev/vuln/GO-2026-4918" ], "PublishedDate": "2026-05-07T20:16:42.88Z", "LastModifiedDate": "2026-05-13T14:41:59.52Z" }, { "VulnerabilityID": "CVE-2026-39820", "VendorIDs": [ "GO-2026-4986" ], "PkgID": "stdlib@v1.24.5", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.5", "UID": "e64ea349133d28dc" }, "InstalledVersion": "v1.24.5", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:75200116d1b4f9153bee1a58800c9f7c094c3c37f8d9dfbcc6944f294621dde3", "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/759940", "https://go.dev/issue/78566", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", "https://pkg.go.dev/vuln/GO-2026-4986" ], "PublishedDate": "2026-05-07T20:16:43.187Z", "LastModifiedDate": "2026-05-13T15:10:58.65Z" }, { "VulnerabilityID": "CVE-2026-39836", "VendorIDs": [ "GO-2026-4971" ], "PkgID": "stdlib@v1.24.5", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.5", "UID": "e64ea349133d28dc" }, "InstalledVersion": "v1.24.5", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:1f08a6d50a66c86f9052af17a414b9b098e14f5b68a20d63c32b25f1bf9aac41", "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/775320", "https://go.dev/issue/79006", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", "https://pkg.go.dev/vuln/GO-2026-4971" ], "PublishedDate": "2026-05-07T20:16:43.593Z", "LastModifiedDate": "2026-05-13T15:11:10.31Z" }, { "VulnerabilityID": "CVE-2026-42499", "VendorIDs": [ "GO-2026-4977" ], "PkgID": "stdlib@v1.24.5", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.5", "UID": "e64ea349133d28dc" }, "InstalledVersion": "v1.24.5", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:afca3edc09ef2176d396bc2a1584d06ea56f5175b9e17209a5dc5e9f806028b2", "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", "Severity": "HIGH", "VendorSeverity": { "bitnami": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/771520", "https://go.dev/issue/78987", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", "https://pkg.go.dev/vuln/GO-2026-4977" ], "PublishedDate": "2026-05-07T20:16:44.54Z", "LastModifiedDate": "2026-05-13T16:59:17.563Z" }, { "VulnerabilityID": "CVE-2025-47906", "VendorIDs": [ "GO-2025-3956" ], "PkgID": "stdlib@v1.24.5", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.5", "UID": "e64ea349133d28dc" }, "InstalledVersion": "v1.24.5", "FixedVersion": "1.23.12, 1.24.6", "Status": "fixed", "Layer": { "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:80da27d0a372870498fff6767cb39195dbcbc26409fa4ba40c29f06742e12e44", "Title": "os/exec: Unexpected paths returned from LookPath in os/exec", "Description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/08/06/1", "https://access.redhat.com/errata/RHSA-2025:22005", "https://access.redhat.com/security/cve/CVE-2025-47906", "https://bugzilla.redhat.com/2396546", "https://bugzilla.redhat.com/show_bug.cgi?id=2396546", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906", "https://errata.almalinux.org/9/ALSA-2025-22005.html", "https://errata.rockylinux.org/RLSA-2025:22005", "https://go.dev/cl/691775", "https://go.dev/issue/74466", "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", "https://linux.oracle.com/cve/CVE-2025-47906.html", "https://linux.oracle.com/errata/ELSA-2025-22668.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-47906", "https://pkg.go.dev/vuln/GO-2025-3956", "https://www.cve.org/CVERecord?id=CVE-2025-47906" ], "PublishedDate": "2025-09-18T19:15:37.66Z", "LastModifiedDate": "2026-01-27T19:56:17.707Z" }, { "VulnerabilityID": "CVE-2025-47907", "VendorIDs": [ "GO-2025-3849" ], "PkgID": "stdlib@v1.24.5", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.5", "UID": "e64ea349133d28dc" }, "InstalledVersion": "v1.24.5", "FixedVersion": "1.23.12, 1.24.6", "Status": "fixed", "Layer": { "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:788f4a475cee3e385d45ac7876f9a316ee675c58f53ccea22f31d5539fc3a033", "Title": "database/sql: Postgres Scan Race Condition", "Description": "Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "V3Score": 7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/08/06/1", "https://access.redhat.com/errata/RHSA-2025:20909", "https://access.redhat.com/security/cve/CVE-2025-47907", "https://bugzilla.redhat.com/2387083", "https://bugzilla.redhat.com/2393152", "https://errata.almalinux.org/9/ALSA-2025-20909.html", "https://go.dev/cl/693735", "https://go.dev/issue/74831", "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", "https://linux.oracle.com/cve/CVE-2025-47907.html", "https://linux.oracle.com/errata/ELSA-2025-20983.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-47907", "https://pkg.go.dev/vuln/GO-2025-3849", "https://www.cve.org/CVERecord?id=CVE-2025-47907" ], "PublishedDate": "2025-08-07T16:15:30.357Z", "LastModifiedDate": "2026-01-29T19:11:50.67Z" }, { "VulnerabilityID": "CVE-2025-47912", "VendorIDs": [ "GO-2025-4010" ], "PkgID": "stdlib@v1.24.5", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.5", "UID": "e64ea349133d28dc" }, "InstalledVersion": "v1.24.5", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47912", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:282c3558c2174bd2af9b4f30d2e7cacd34ee2e7b6385c65ef675b4b19b92c331", "Title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url", "Description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-47912", "https://go.dev/cl/709857", "https://go.dev/issue/75678", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-47912", "https://pkg.go.dev/vuln/GO-2025-4010", "https://www.cve.org/CVERecord?id=CVE-2025-47912" ], "PublishedDate": "2025-10-29T23:16:18.187Z", "LastModifiedDate": "2026-01-29T13:57:18.69Z" }, { "VulnerabilityID": "CVE-2025-58183", "VendorIDs": [ "GO-2025-4014" ], "PkgID": "stdlib@v1.24.5", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.5", "UID": "e64ea349133d28dc" }, "InstalledVersion": "v1.24.5", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58183", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:5f78cf255752f6c2431076f987af8297ac458c6a6ab43e8a5036467e298f9bef", "Title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map", "Description": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/errata/RHSA-2026:1381", "https://access.redhat.com/security/cve/CVE-2025-58183", "https://bugzilla.redhat.com/2407258", "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", "https://errata.almalinux.org/9/ALSA-2026-1381.html", "https://errata.rockylinux.org/RLSA-2025:23326", "https://go.dev/cl/709861", "https://go.dev/issue/75677", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://linux.oracle.com/cve/CVE-2025-58183.html", "https://linux.oracle.com/errata/ELSA-2026-50076.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-58183", "https://pkg.go.dev/vuln/GO-2025-4014", "https://www.cve.org/CVERecord?id=CVE-2025-58183" ], "PublishedDate": "2025-10-29T23:16:19.357Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-58185", "VendorIDs": [ "GO-2025-4011" ], "PkgID": "stdlib@v1.24.5", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.5", "UID": "e64ea349133d28dc" }, "InstalledVersion": "v1.24.5", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58185", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:72fa7268764fcafc3f6e34a643d5126de2513ae9c4577954d19ca77c71f14d58", "Title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1", "Description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58185", "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd", "https://go.dev/cl/709856", "https://go.dev/issue/75671", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58185", "https://pkg.go.dev/vuln/GO-2025-4011", "https://www.cve.org/CVERecord?id=CVE-2025-58185" ], "PublishedDate": "2025-10-29T23:16:19.45Z", "LastModifiedDate": "2026-02-06T20:26:41.997Z" }, { "VulnerabilityID": "CVE-2025-58187", "VendorIDs": [ "GO-2025-4007" ], "PkgID": "stdlib@v1.24.5", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.5", "UID": "e64ea349133d28dc" }, "InstalledVersion": "v1.24.5", "FixedVersion": "1.24.9, 1.25.3", "Status": "fixed", "Layer": { "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58187", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:47b38f19418d214d52b12817390a7940a4a1f45f40fbcd5f6145eb71bee951de", "Title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509", "Description": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.", "Severity": "MEDIUM", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58187", "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4", "https://go.dev/cl/709854", "https://go.dev/issue/75681", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58187", "https://pkg.go.dev/vuln/GO-2025-4007", "https://www.cve.org/CVERecord?id=CVE-2025-58187" ], "PublishedDate": "2025-10-29T23:16:19.643Z", "LastModifiedDate": "2026-01-29T16:02:27.08Z" }, { "VulnerabilityID": "CVE-2025-58188", "VendorIDs": [ "GO-2025-4013" ], "PkgID": "stdlib@v1.24.5", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.5", "UID": "e64ea349133d28dc" }, "InstalledVersion": "v1.24.5", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58188", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:8eb5ab30a3104b447f5b46103e8ab21b4f6f2d98bc8e7afcc55eacd47c554c05", "Title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509", "Description": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58188", "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9", "https://go.dev/cl/709853", "https://go.dev/issue/75675", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58188", "https://pkg.go.dev/vuln/GO-2025-4013", "https://www.cve.org/CVERecord?id=CVE-2025-58188" ], "PublishedDate": "2025-10-29T23:16:19.74Z", "LastModifiedDate": "2026-01-29T15:55:11.97Z" }, { "VulnerabilityID": "CVE-2025-58189", "VendorIDs": [ "GO-2025-4008" ], "PkgID": "stdlib@v1.24.5", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.5", "UID": "e64ea349133d28dc" }, "InstalledVersion": "v1.24.5", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58189", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3d9b8af6df25f4dcfa032e43eefd678ecd9deb95af0310f184258b7eb93b7691", "Title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information", "Description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", "Severity": "MEDIUM", "CweIDs": [ "CWE-532" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58189", "https://go.dev/cl/707776", "https://go.dev/issue/75652", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58189", "https://pkg.go.dev/vuln/GO-2025-4008", "https://www.cve.org/CVERecord?id=CVE-2025-58189" ], "PublishedDate": "2025-10-29T23:16:19.833Z", "LastModifiedDate": "2026-01-29T15:49:24.543Z" }, { "VulnerabilityID": "CVE-2025-61723", "VendorIDs": [ "GO-2025-4009" ], "PkgID": "stdlib@v1.24.5", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.5", "UID": "e64ea349133d28dc" }, "InstalledVersion": "v1.24.5", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61723", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:7a63959f166c2df1094d180fe284e856ecba718ec5e0623dfbf5ede880e7ab08", "Title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem", "Description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61723", "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b", "https://go.dev/cl/709858", "https://go.dev/issue/75676", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61723", "https://pkg.go.dev/vuln/GO-2025-4009", "https://www.cve.org/CVERecord?id=CVE-2025-61723" ], "PublishedDate": "2025-10-29T23:16:19.927Z", "LastModifiedDate": "2026-01-29T15:49:05.343Z" }, { "VulnerabilityID": "CVE-2025-61724", "VendorIDs": [ "GO-2025-4015" ], "PkgID": "stdlib@v1.24.5", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.5", "UID": "e64ea349133d28dc" }, "InstalledVersion": "v1.24.5", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61724", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:6d31a4be3ed1621dcbe7f409382967e73772787845639a3ca29c5c1002e1e0ff", "Title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto", "Description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61724", "https://go.dev/cl/709859", "https://go.dev/issue/75716", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61724", "https://pkg.go.dev/vuln/GO-2025-4015", "https://www.cve.org/CVERecord?id=CVE-2025-61724" ], "PublishedDate": "2025-10-29T23:16:20.02Z", "LastModifiedDate": "2026-01-29T15:30:53.69Z" }, { "VulnerabilityID": "CVE-2025-61725", "VendorIDs": [ "GO-2025-4006" ], "PkgID": "stdlib@v1.24.5", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.5", "UID": "e64ea349133d28dc" }, "InstalledVersion": "v1.24.5", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61725", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c9842dcbb1ab9dfb88ce5a6eb7b81b2a51cf2e82d630cf4aff10f75be23314e8", "Title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail", "Description": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61725", "https://go.dev/cl/709860", "https://go.dev/issue/75680", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61725", "https://pkg.go.dev/vuln/GO-2025-4006", "https://www.cve.org/CVERecord?id=CVE-2025-61725" ], "PublishedDate": "2025-10-29T23:16:20.113Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-61727", "VendorIDs": [ "GO-2025-4175" ], "PkgID": "stdlib@v1.24.5", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.5", "UID": "e64ea349133d28dc" }, "InstalledVersion": "v1.24.5", "FixedVersion": "1.24.11, 1.25.5", "Status": "fixed", "Layer": { "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61727", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:ce60332360f44405338d8ecf78ca478bb2b67bc807e199084381aaa96623aee0", "Title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs", "Description": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-61727", "https://go.dev/cl/723900", "https://go.dev/issue/76442", "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "https://nvd.nist.gov/vuln/detail/CVE-2025-61727", "https://pkg.go.dev/vuln/GO-2025-4175", "https://www.cve.org/CVERecord?id=CVE-2025-61727" ], "PublishedDate": "2025-12-03T20:16:25.607Z", "LastModifiedDate": "2025-12-18T20:15:10.957Z" }, { "VulnerabilityID": "CVE-2025-61728", "VendorIDs": [ "GO-2026-4342" ], "PkgID": "stdlib@v1.24.5", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.5", "UID": "e64ea349133d28dc" }, "InstalledVersion": "v1.24.5", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61728", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c1891b9d2d1df336c4c5d9648ed2f15ec83e32a2544f03d8ba195222771d9c8d", "Title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip", "Description": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/15/4", "https://access.redhat.com/errata/RHSA-2026:3753", "https://access.redhat.com/security/cve/CVE-2025-61728", "https://bugzilla.redhat.com/2418462", "https://bugzilla.redhat.com/2434431", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", "https://bugzilla.redhat.com/show_bug.cgi?id=2434431", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-3753.html", "https://errata.rockylinux.org/RLSA-2026:3337", "https://go.dev/cl/736713", "https://go.dev/issue/77102", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-61728.html", "https://linux.oracle.com/errata/ELSA-2026-4672.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61728", "https://pkg.go.dev/vuln/GO-2026-4342", "https://www.cve.org/CVERecord?id=CVE-2025-61728" ], "PublishedDate": "2026-01-28T20:16:09.83Z", "LastModifiedDate": "2026-02-06T18:45:10.42Z" }, { "VulnerabilityID": "CVE-2025-61730", "VendorIDs": [ "GO-2026-4340" ], "PkgID": "stdlib@v1.24.5", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.5", "UID": "e64ea349133d28dc" }, "InstalledVersion": "v1.24.5", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61730", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:7cd038c76c10c2284593b3d142f55fe3a91ef11b4013150df62e99b24520e093", "Title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls", "Description": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 2, "azure": 1, "bitnami": 2, "cbl-mariner": 1, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-61730", "https://go.dev/cl/724120", "https://go.dev/issue/76443", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://nvd.nist.gov/vuln/detail/CVE-2025-61730", "https://pkg.go.dev/vuln/GO-2026-4340", "https://www.cve.org/CVERecord?id=CVE-2025-61730" ], "PublishedDate": "2026-01-28T20:16:09.94Z", "LastModifiedDate": "2026-02-03T20:36:41.3Z" }, { "VulnerabilityID": "CVE-2026-27142", "VendorIDs": [ "GO-2026-4603" ], "PkgID": "stdlib@v1.24.5", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.5", "UID": "e64ea349133d28dc" }, "InstalledVersion": "v1.24.5", "FixedVersion": "1.25.8, 1.26.1", "Status": "fixed", "Layer": { "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27142", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:38e0c53b25c5cf750d4c7ce1dc2f38246f08daf9fd0fff82508acbebfec89874", "Title": "html/template: URLs in meta content attribute actions are not escaped in html/template", "Description": "Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27142", "https://go.dev/cl/752081", "https://go.dev/issue/77954", "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "https://nvd.nist.gov/vuln/detail/CVE-2026-27142", "https://pkg.go.dev/vuln/GO-2026-4603", "https://www.cve.org/CVERecord?id=CVE-2026-27142" ], "PublishedDate": "2026-03-06T22:16:01.177Z", "LastModifiedDate": "2026-04-21T14:30:01.38Z" }, { "VulnerabilityID": "CVE-2026-32282", "VendorIDs": [ "GO-2026-4864" ], "PkgID": "stdlib@v1.24.5", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.5", "UID": "e64ea349133d28dc" }, "InstalledVersion": "v1.24.5", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:06f48b8053e63adaa0fedf551cd8a56b2d1c5929c707827f72dad17368a7bdd8", "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32282", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763761", "https://go.dev/issue/78293", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32282.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", "https://pkg.go.dev/vuln/GO-2026-4864", "https://www.cve.org/CVERecord?id=CVE-2026-32282" ], "PublishedDate": "2026-04-08T02:16:03.467Z", "LastModifiedDate": "2026-04-16T19:15:39.4Z" }, { "VulnerabilityID": "CVE-2026-32288", "VendorIDs": [ "GO-2026-4869" ], "PkgID": "stdlib@v1.24.5", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.5", "UID": "e64ea349133d28dc" }, "InstalledVersion": "v1.24.5", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:79d60a74f35ea4ccf0cb2d3fd3a84ac99b3b6f9f710d781f0cfbb9d7d2ff6a3e", "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "azure": 2, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32288", "https://go.dev/cl/763766", "https://go.dev/issue/78301", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", "https://pkg.go.dev/vuln/GO-2026-4869", "https://www.cve.org/CVERecord?id=CVE-2026-32288" ], "PublishedDate": "2026-04-08T02:16:03.707Z", "LastModifiedDate": "2026-04-16T19:08:52.24Z" }, { "VulnerabilityID": "CVE-2026-32289", "VendorIDs": [ "GO-2026-4865" ], "PkgID": "stdlib@v1.24.5", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.5", "UID": "e64ea349133d28dc" }, "InstalledVersion": "v1.24.5", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c8962a2c0745c725d9abcb83e60938100283faba90dd354bcf35de9a9d925ee6", "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32289", "https://go.dev/cl/763762", "https://go.dev/issue/78331", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", "https://pkg.go.dev/vuln/GO-2026-4865", "https://www.cve.org/CVERecord?id=CVE-2026-32289" ], "PublishedDate": "2026-04-08T02:16:03.82Z", "LastModifiedDate": "2026-04-16T19:06:57.367Z" }, { "VulnerabilityID": "CVE-2026-39823", "VendorIDs": [ "GO-2026-4982" ], "PkgID": "stdlib@v1.24.5", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.5", "UID": "e64ea349133d28dc" }, "InstalledVersion": "v1.24.5", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:76543e94a81a90053e1fe3ed8ee3d08777877b14bb0a811cf914cbe6e8b7e808", "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/769920", "https://go.dev/issue/78913", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", "https://pkg.go.dev/vuln/GO-2026-4982" ], "PublishedDate": "2026-05-07T20:16:43.29Z", "LastModifiedDate": "2026-05-13T16:58:45.697Z" }, { "VulnerabilityID": "CVE-2026-39825", "VendorIDs": [ "GO-2026-4976" ], "PkgID": "stdlib@v1.24.5", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.5", "UID": "e64ea349133d28dc" }, "InstalledVersion": "v1.24.5", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:2950219e14a82571987279110b76d7e5c72f19be6cde5b06e7db6bc19206cbf3", "Title": "ReverseProxy can forward queries containing parameters not visible to ...", "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", "Severity": "MEDIUM", "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://go.dev/cl/770541", "https://go.dev/issue/78948", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", "https://pkg.go.dev/vuln/GO-2026-4976" ], "PublishedDate": "2026-05-07T20:16:43.39Z", "LastModifiedDate": "2026-05-13T16:58:56.39Z" }, { "VulnerabilityID": "CVE-2026-39826", "VendorIDs": [ "GO-2026-4980" ], "PkgID": "stdlib@v1.24.5", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.24.5", "UID": "e64ea349133d28dc" }, "InstalledVersion": "v1.24.5", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:dc8c0cce08e9a50686a634e318703911122c37270c15c16a0b7b8f9d5cda1f30", "DiffID": "sha256:28da2cfb6d305d504e3519b25dcadcb42358c328d34c1225f9ecd9962961db51" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f9f8da8a94524c41bd0de8e40f9236dcebafd888e8b209a3bcdd0032e0f844c0", "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", "Severity": "MEDIUM", "CweIDs": [ "CWE-116" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/771180", "https://go.dev/issue/78981", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", "https://pkg.go.dev/vuln/GO-2026-4980" ], "PublishedDate": "2026-05-07T20:16:43.49Z", "LastModifiedDate": "2026-05-13T16:59:07.48Z" } ] } ] }, { "Namespace": "mail", "Kind": "CronJob", "Name": "cert-checker-dovecot", "Metadata": [ { "Size": 123288576, "OS": { "Family": "debian", "Name": "13.5" }, "ImageID": "sha256:e1054bc5a9f2ddbdd6d0247997c45f2201a4e9b4c6f824b247064a558e877070", "DiffIDs": [ "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40", "sha256:ae0096d57d7f18e7861848f1103983488102f78517c11444120d8a938884de54", "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939", "sha256:6872606a6b819a8348189e0d99b8e730aa74d558c158d96f1dd2406a7c6baaf7" ], "RepoTags": [ "python:3.12-slim" ], "RepoDigests": [ "python@sha256:9d3abd9fc11d06998ccdbdd93b4dd49b5ad7d67fcbbc11c016eb0eb2c2194891" ], "Reference": "python:3.12-slim", "ImageConfig": { "architecture": "amd64", "created": "2026-05-19T23:50:55.52769964Z", "history": [ { "created": "2026-05-18T00:00:00Z", "created_by": "# debian.sh --arch 'amd64' out/ 'trixie' '@1779062400'", "comment": "debuerreotype 0.17" }, { "created": "2026-05-19T23:42:40.234278553Z", "created_by": "ENV PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-19T23:42:40.234278553Z", "created_by": "ENV LANG=C.UTF-8", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-19T23:42:40.234278553Z", "created_by": "RUN /bin/sh -c set -eux; \tapt-get update; \tapt-get install -y --no-install-recommends \t\tca-certificates \t\tnetbase \t\ttzdata \t; \tapt-get dist-clean # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-05-19T23:42:40.234278553Z", "created_by": "ENV GPG_KEY=7169605F62C751356D054A26A821E680E5FA6305", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-19T23:42:40.234278553Z", "created_by": "ENV PYTHON_VERSION=3.12.13", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-19T23:42:40.234278553Z", "created_by": "ENV PYTHON_SHA256=c08bc65a81971c1dd5783182826503369466c7e67374d1646519adf05207b684", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-19T23:50:55.41770734Z", "created_by": "RUN /bin/sh -c set -eux; \t\tsavedAptMark=\"$(apt-mark showmanual)\"; \tapt-get update; \tapt-get install -y --no-install-recommends \t\tdpkg-dev \t\tgcc \t\tgnupg \t\tlibbluetooth-dev \t\tlibbz2-dev \t\tlibc6-dev \t\tlibdb-dev \t\tlibffi-dev \t\tlibgdbm-dev \t\tliblzma-dev \t\tlibncursesw5-dev \t\tlibreadline-dev \t\tlibsqlite3-dev \t\tlibssl-dev \t\tmake \t\ttk-dev \t\tuuid-dev \t\twget \t\txz-utils \t\tzlib1g-dev \t; \t\twget -O python.tar.xz \"https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz\"; \techo \"$PYTHON_SHA256 *python.tar.xz\" | sha256sum -c -; \twget -O python.tar.xz.asc \"https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc\"; \tGNUPGHOME=\"$(mktemp -d)\"; export GNUPGHOME; \tgpg --batch --keyserver hkps://keys.openpgp.org --recv-keys \"$GPG_KEY\"; \tgpg --batch --verify python.tar.xz.asc python.tar.xz; \tgpgconf --kill all; \trm -rf \"$GNUPGHOME\" python.tar.xz.asc; \tmkdir -p /usr/src/python; \ttar --extract --directory /usr/src/python --strip-components=1 --file python.tar.xz; \trm python.tar.xz; \t\tcd /usr/src/python; \tgnuArch=\"$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)\"; \t./configure \t\t--build=\"$gnuArch\" \t\t--enable-loadable-sqlite-extensions \t\t--enable-optimizations \t\t--enable-option-checking=fatal \t\t--enable-shared \t\t$(test \"${gnuArch%%-*}\" != 'riscv64' \u0026\u0026 echo '--with-lto') \t\t--with-ensurepip \t; \tnproc=\"$(nproc)\"; \tEXTRA_CFLAGS=\"$(dpkg-buildflags --get CFLAGS)\"; \tLDFLAGS=\"$(dpkg-buildflags --get LDFLAGS)\"; \tLDFLAGS=\"${LDFLAGS:-} -Wl,--strip-all\"; \tarch=\"$(dpkg --print-architecture)\"; arch=\"${arch##*-}\"; \tcase \"$arch\" in \t\tamd64|arm64) \t\t\tEXTRA_CFLAGS=\"${EXTRA_CFLAGS:-} -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer\"; \t\t\t;; \t\ti386) \t\t\t;; \t\t*) \t\t\tEXTRA_CFLAGS=\"${EXTRA_CFLAGS:-} -fno-omit-frame-pointer\"; \t\t\t;; \tesac; \tmake -j \"$nproc\" \t\t\"EXTRA_CFLAGS=${EXTRA_CFLAGS:-}\" \t\t\"LDFLAGS=${LDFLAGS:-}\" \t; \trm python; \tmake -j \"$nproc\" \t\t\"EXTRA_CFLAGS=${EXTRA_CFLAGS:-}\" \t\t\"LDFLAGS=${LDFLAGS:-} -Wl,-rpath='\\$\\$ORIGIN/../lib'\" \t\tpython \t; \tmake install; \t\tcd /; \trm -rf /usr/src/python; \t\tfind /usr/local -depth \t\t\\( \t\t\t\\( -type d -a \\( -name test -o -name tests -o -name idle_test \\) \\) \t\t\t-o \\( -type f -a \\( -name '*.pyc' -o -name '*.pyo' -o -name 'libpython*.a' \\) \\) \t\t\\) -exec rm -rf '{}' + \t; \t\tldconfig; \t\tapt-mark auto '.*' \u003e /dev/null; \tapt-mark manual $savedAptMark; \tfind /usr/local -type f -executable -not \\( -name '*tkinter*' \\) -exec ldd '{}' ';' \t\t| awk '/=\u003e/ { so = $(NF-1); if (index(so, \"/usr/local/\") == 1) { next }; gsub(\"^/(usr/)?\", \"\", so); printf \"*%s\\n\", so }' \t\t| sort -u \t\t| xargs -rt dpkg-query --search \t\t| awk 'sub(\":$\", \"\", $1) { print $1 }' \t\t| sort -u \t\t| xargs -r apt-mark manual \t; \tapt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \tapt-get dist-clean; \t\texport PYTHONDONTWRITEBYTECODE=1; \tpython3 --version; \tpip3 --version # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-05-19T23:50:55.52769964Z", "created_by": "RUN /bin/sh -c set -eux; \tfor src in idle3 pip3 pydoc3 python3 python3-config; do \t\tdst=\"$(echo \"$src\" | tr -d 3)\"; \t\t[ -s \"/usr/local/bin/$src\" ]; \t\t[ ! -e \"/usr/local/bin/$dst\" ]; \t\tln -svT \"$src\" \"/usr/local/bin/$dst\"; \tdone # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-05-19T23:50:55.52769964Z", "created_by": "CMD [\"python3\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true } ], "os": "linux", "rootfs": { "type": "layers", "diff_ids": [ "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40", "sha256:ae0096d57d7f18e7861848f1103983488102f78517c11444120d8a938884de54", "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939", "sha256:6872606a6b819a8348189e0d99b8e730aa74d558c158d96f1dd2406a7c6baaf7" ] }, "config": { "Cmd": [ "python3" ], "Env": [ "PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "LANG=C.UTF-8", "GPG_KEY=7169605F62C751356D054A26A821E680E5FA6305", "PYTHON_VERSION=3.12.13", "PYTHON_SHA256=c08bc65a81971c1dd5783182826503369466c7e67374d1646519adf05207b684" ] } }, "Layers": [ { "Size": 81049600, "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, { "Size": 4127232, "Digest": "sha256:4a9dde5cdde190bfa0a3ab17863a083e66ea9636b157638c315357dfa476ba76", "DiffID": "sha256:ae0096d57d7f18e7861848f1103983488102f78517c11444120d8a938884de54" }, { "Size": 38106624, "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" }, { "Size": 5120, "Digest": "sha256:07342fe545e640a2c4960e97ffe33a301cd8e61e0c4d4307d7ac66b6b8a9eb2d", "DiffID": "sha256:6872606a6b819a8348189e0d99b8e730aa74d558c158d96f1dd2406a7c6baaf7" } ] } ], "Results": [ { "Target": "python:3.12-slim (debian 13.5)", "Class": "os-pkgs", "Type": "debian", "Packages": [ { "ID": "adduser@3.152", "Name": "adduser", "Identifier": { "PURL": "pkg:deb/debian/adduser@3.152?arch=all\u0026distro=debian-13.5", "UID": "681428a4291e51" }, "Version": "3.152", "Arch": "all", "SrcName": "adduser", "SrcVersion": "3.152", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Debian Adduser Developers \u003cadduser@packages.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "passwd@1:4.17.4-2" ], "Layer": { "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" }, "InstalledFiles": [ "/usr/sbin/adduser", "/usr/sbin/deluser", "/usr/share/doc/adduser/NEWS.Debian.gz", "/usr/share/doc/adduser/README.gz", "/usr/share/doc/adduser/TODO", "/usr/share/doc/adduser/changelog.gz", "/usr/share/doc/adduser/copyright", "/usr/share/doc/adduser/examples/INSTALL", "/usr/share/doc/adduser/examples/README", "/usr/share/doc/adduser/examples/adduser.conf", "/usr/share/doc/adduser/examples/adduser.local", "/usr/share/doc/adduser/examples/adduser.local.conf", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/bash.bashrc", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/profile", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel.other/index.html", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bash_logout", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bash_profile", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bashrc", "/usr/share/doc/adduser/examples/deluser.conf", "/usr/share/man/da/man5/deluser.conf.5.gz", "/usr/share/man/de/man5/adduser.conf.5.gz", "/usr/share/man/de/man5/deluser.conf.5.gz", "/usr/share/man/de/man8/adduser.8.gz", "/usr/share/man/de/man8/adduser.local.8.gz", "/usr/share/man/de/man8/deluser.8.gz", "/usr/share/man/es/man5/deluser.conf.5.gz", "/usr/share/man/fr/man5/adduser.conf.5.gz", "/usr/share/man/fr/man5/deluser.conf.5.gz", "/usr/share/man/fr/man8/adduser.8.gz", "/usr/share/man/fr/man8/deluser.8.gz", "/usr/share/man/it/man5/deluser.conf.5.gz", "/usr/share/man/man5/adduser.conf.5.gz", "/usr/share/man/man5/deluser.conf.5.gz", "/usr/share/man/man8/adduser.8.gz", "/usr/share/man/man8/adduser.local.8.gz", "/usr/share/man/man8/deluser.8.gz", "/usr/share/man/nl/man5/adduser.conf.5.gz", "/usr/share/man/nl/man5/deluser.conf.5.gz", "/usr/share/man/nl/man8/adduser.8.gz", "/usr/share/man/nl/man8/adduser.local.8.gz", "/usr/share/man/nl/man8/deluser.8.gz", "/usr/share/man/pl/man5/deluser.conf.5.gz", "/usr/share/man/pt/man5/adduser.conf.5.gz", "/usr/share/man/pt/man5/deluser.conf.5.gz", "/usr/share/man/pt/man8/adduser.8.gz", "/usr/share/man/pt/man8/adduser.local.8.gz", "/usr/share/man/pt/man8/deluser.8.gz", "/usr/share/man/ro/man5/adduser.conf.5.gz", "/usr/share/man/ro/man5/deluser.conf.5.gz", "/usr/share/man/ro/man8/adduser.8.gz", "/usr/share/man/ro/man8/adduser.local.8.gz", "/usr/share/man/ro/man8/deluser.8.gz", "/usr/share/man/ru/man5/deluser.conf.5.gz", "/usr/share/man/sv/man5/deluser.conf.5.gz", "/usr/share/perl5/Debian/AdduserCommon.pm", "/usr/share/perl5/Debian/AdduserLogging.pm", "/usr/share/perl5/Debian/AdduserRetvalues.pm" ], "AnalyzedBy": "dpkg" }, { "ID": "apt@3.0.3", "Name": "apt", "Identifier": { "PURL": "pkg:deb/debian/apt@3.0.3?arch=amd64\u0026distro=debian-13.5", "UID": "2e5d8c8032700559" }, "Version": "3.0.3", "Arch": "amd64", "SrcName": "apt", "SrcVersion": "3.0.3", "Licenses": [ "GPL-2.0-or-later", "curl", "BSD-3-Clause", "MIT", "GPL-2.0-only" ], "Maintainer": "APT Development Team \u003cdeity@lists.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "adduser@3.152", "base-passwd@3.6.7", "debian-archive-keyring@2025.1", "libapt-pkg7.0@3.0.3", "libc6@2.41-12+deb13u3", "libgcc-s1@14.2.0-19", "libseccomp2@2.6.0-2", "libssl3t64@3.5.6-1~deb13u1", "libstdc++6@14.2.0-19", "libsystemd0@257.13-1~deb13u1", "sqv@1.3.0-3+b2" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/apt", "/usr/bin/apt-cache", "/usr/bin/apt-cdrom", "/usr/bin/apt-config", "/usr/bin/apt-get", "/usr/bin/apt-mark", "/usr/lib/apt/apt-extracttemplates", "/usr/lib/apt/apt-helper", "/usr/lib/apt/apt.systemd.daily", "/usr/lib/apt/methods/cdrom", "/usr/lib/apt/methods/copy", "/usr/lib/apt/methods/file", "/usr/lib/apt/methods/gpgv", "/usr/lib/apt/methods/http", "/usr/lib/apt/methods/mirror", "/usr/lib/apt/methods/rred", "/usr/lib/apt/methods/sqv", "/usr/lib/apt/methods/store", "/usr/lib/apt/solvers/dump", "/usr/lib/dpkg/methods/apt/desc.apt", "/usr/lib/dpkg/methods/apt/install", "/usr/lib/dpkg/methods/apt/names", "/usr/lib/dpkg/methods/apt/setup", "/usr/lib/dpkg/methods/apt/update", "/usr/lib/systemd/system/apt-daily-upgrade.service", "/usr/lib/systemd/system/apt-daily-upgrade.timer", "/usr/lib/systemd/system/apt-daily.service", "/usr/lib/systemd/system/apt-daily.timer", "/usr/lib/x86_64-linux-gnu/libapt-private.so.0.0.0", "/usr/share/apt/default-sequoia.config", "/usr/share/bash-completion/completions/apt", "/usr/share/bug/apt/script", "/usr/share/doc/apt/NEWS.Debian.gz", "/usr/share/doc/apt/README.md.gz", "/usr/share/doc/apt/changelog.gz", "/usr/share/doc/apt/copyright", "/usr/share/doc/apt/examples/apt.conf", "/usr/share/doc/apt/examples/configure-index", "/usr/share/doc/apt/examples/debian.sources", "/usr/share/doc/apt/examples/preferences", "/usr/share/lintian/overrides/apt", "/usr/share/locale/ar/LC_MESSAGES/apt.mo", "/usr/share/locale/ast/LC_MESSAGES/apt.mo", "/usr/share/locale/bg/LC_MESSAGES/apt.mo", "/usr/share/locale/bs/LC_MESSAGES/apt.mo", "/usr/share/locale/ca/LC_MESSAGES/apt.mo", "/usr/share/locale/cs/LC_MESSAGES/apt.mo", "/usr/share/locale/cy/LC_MESSAGES/apt.mo", "/usr/share/locale/da/LC_MESSAGES/apt.mo", "/usr/share/locale/de/LC_MESSAGES/apt.mo", "/usr/share/locale/dz/LC_MESSAGES/apt.mo", "/usr/share/locale/el/LC_MESSAGES/apt.mo", "/usr/share/locale/es/LC_MESSAGES/apt.mo", "/usr/share/locale/eu/LC_MESSAGES/apt.mo", "/usr/share/locale/fi/LC_MESSAGES/apt.mo", "/usr/share/locale/fr/LC_MESSAGES/apt.mo", "/usr/share/locale/gl/LC_MESSAGES/apt.mo", "/usr/share/locale/hu/LC_MESSAGES/apt.mo", "/usr/share/locale/it/LC_MESSAGES/apt.mo", "/usr/share/locale/ja/LC_MESSAGES/apt.mo", "/usr/share/locale/km/LC_MESSAGES/apt.mo", "/usr/share/locale/ko/LC_MESSAGES/apt.mo", "/usr/share/locale/ku/LC_MESSAGES/apt.mo", "/usr/share/locale/lt/LC_MESSAGES/apt.mo", "/usr/share/locale/mr/LC_MESSAGES/apt.mo", "/usr/share/locale/nb/LC_MESSAGES/apt.mo", "/usr/share/locale/ne/LC_MESSAGES/apt.mo", "/usr/share/locale/nl/LC_MESSAGES/apt.mo", "/usr/share/locale/nn/LC_MESSAGES/apt.mo", "/usr/share/locale/pl/LC_MESSAGES/apt.mo", "/usr/share/locale/pt/LC_MESSAGES/apt.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/apt.mo", "/usr/share/locale/ro/LC_MESSAGES/apt.mo", "/usr/share/locale/ru/LC_MESSAGES/apt.mo", "/usr/share/locale/sk/LC_MESSAGES/apt.mo", "/usr/share/locale/sl/LC_MESSAGES/apt.mo", "/usr/share/locale/sv/LC_MESSAGES/apt.mo", "/usr/share/locale/th/LC_MESSAGES/apt.mo", "/usr/share/locale/tl/LC_MESSAGES/apt.mo", "/usr/share/locale/tr/LC_MESSAGES/apt.mo", "/usr/share/locale/uk/LC_MESSAGES/apt.mo", "/usr/share/locale/vi/LC_MESSAGES/apt.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/apt.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/apt.mo", "/usr/share/man/de/man1/apt-transport-http.1.gz", "/usr/share/man/de/man1/apt-transport-https.1.gz", "/usr/share/man/de/man1/apt-transport-mirror.1.gz", "/usr/share/man/de/man5/apt.conf.5.gz", "/usr/share/man/de/man5/apt_auth.conf.5.gz", "/usr/share/man/de/man5/apt_preferences.5.gz", "/usr/share/man/de/man5/sources.list.5.gz", "/usr/share/man/de/man7/apt-patterns.7.gz", "/usr/share/man/de/man8/apt-cache.8.gz", "/usr/share/man/de/man8/apt-cdrom.8.gz", "/usr/share/man/de/man8/apt-config.8.gz", "/usr/share/man/de/man8/apt-get.8.gz", "/usr/share/man/de/man8/apt-mark.8.gz", "/usr/share/man/de/man8/apt-secure.8.gz", "/usr/share/man/de/man8/apt.8.gz", "/usr/share/man/es/man5/apt_preferences.5.gz", "/usr/share/man/es/man8/apt-cache.8.gz", "/usr/share/man/es/man8/apt-cdrom.8.gz", "/usr/share/man/es/man8/apt-config.8.gz", "/usr/share/man/fr/man1/apt-transport-http.1.gz", "/usr/share/man/fr/man1/apt-transport-https.1.gz", "/usr/share/man/fr/man1/apt-transport-mirror.1.gz", "/usr/share/man/fr/man5/apt.conf.5.gz", "/usr/share/man/fr/man5/apt_auth.conf.5.gz", "/usr/share/man/fr/man5/apt_preferences.5.gz", "/usr/share/man/fr/man5/sources.list.5.gz", "/usr/share/man/fr/man7/apt-patterns.7.gz", "/usr/share/man/fr/man8/apt-cache.8.gz", "/usr/share/man/fr/man8/apt-cdrom.8.gz", "/usr/share/man/fr/man8/apt-config.8.gz", "/usr/share/man/fr/man8/apt-get.8.gz", "/usr/share/man/fr/man8/apt-mark.8.gz", "/usr/share/man/fr/man8/apt-secure.8.gz", "/usr/share/man/fr/man8/apt.8.gz", "/usr/share/man/it/man5/apt.conf.5.gz", "/usr/share/man/it/man5/apt_preferences.5.gz", "/usr/share/man/it/man8/apt-cache.8.gz", "/usr/share/man/it/man8/apt-cdrom.8.gz", "/usr/share/man/it/man8/apt-config.8.gz", "/usr/share/man/it/man8/apt-mark.8.gz", "/usr/share/man/it/man8/apt.8.gz", "/usr/share/man/ja/man5/apt.conf.5.gz", "/usr/share/man/ja/man5/apt_preferences.5.gz", "/usr/share/man/ja/man8/apt-cache.8.gz", "/usr/share/man/ja/man8/apt-cdrom.8.gz", "/usr/share/man/ja/man8/apt-config.8.gz", "/usr/share/man/ja/man8/apt-mark.8.gz", "/usr/share/man/ja/man8/apt.8.gz", "/usr/share/man/man1/apt-transport-http.1.gz", "/usr/share/man/man1/apt-transport-https.1.gz", "/usr/share/man/man1/apt-transport-mirror.1.gz", "/usr/share/man/man5/apt.conf.5.gz", "/usr/share/man/man5/apt_auth.conf.5.gz", "/usr/share/man/man5/apt_preferences.5.gz", "/usr/share/man/man5/sources.list.5.gz", "/usr/share/man/man7/apt-patterns.7.gz", "/usr/share/man/man8/apt-cache.8.gz", "/usr/share/man/man8/apt-cdrom.8.gz", "/usr/share/man/man8/apt-config.8.gz", "/usr/share/man/man8/apt-get.8.gz", "/usr/share/man/man8/apt-mark.8.gz", "/usr/share/man/man8/apt-secure.8.gz", "/usr/share/man/man8/apt.8.gz", "/usr/share/man/nl/man1/apt-transport-http.1.gz", "/usr/share/man/nl/man1/apt-transport-https.1.gz", "/usr/share/man/nl/man1/apt-transport-mirror.1.gz", "/usr/share/man/nl/man5/apt.conf.5.gz", "/usr/share/man/nl/man5/apt_auth.conf.5.gz", "/usr/share/man/nl/man5/apt_preferences.5.gz", "/usr/share/man/nl/man5/sources.list.5.gz", "/usr/share/man/nl/man7/apt-patterns.7.gz", "/usr/share/man/nl/man8/apt-cache.8.gz", "/usr/share/man/nl/man8/apt-cdrom.8.gz", "/usr/share/man/nl/man8/apt-config.8.gz", "/usr/share/man/nl/man8/apt-get.8.gz", "/usr/share/man/nl/man8/apt-mark.8.gz", "/usr/share/man/nl/man8/apt-secure.8.gz", "/usr/share/man/nl/man8/apt.8.gz", "/usr/share/man/pl/man5/apt_preferences.5.gz", "/usr/share/man/pl/man8/apt-cache.8.gz", "/usr/share/man/pl/man8/apt-cdrom.8.gz", "/usr/share/man/pl/man8/apt-config.8.gz", "/usr/share/man/pt/man1/apt-transport-http.1.gz", "/usr/share/man/pt/man1/apt-transport-https.1.gz", "/usr/share/man/pt/man1/apt-transport-mirror.1.gz", "/usr/share/man/pt/man5/apt.conf.5.gz", "/usr/share/man/pt/man5/apt_auth.conf.5.gz", "/usr/share/man/pt/man5/apt_preferences.5.gz", "/usr/share/man/pt/man5/sources.list.5.gz", "/usr/share/man/pt/man7/apt-patterns.7.gz", "/usr/share/man/pt/man8/apt-cache.8.gz", "/usr/share/man/pt/man8/apt-cdrom.8.gz", "/usr/share/man/pt/man8/apt-config.8.gz", "/usr/share/man/pt/man8/apt-get.8.gz", "/usr/share/man/pt/man8/apt-mark.8.gz", "/usr/share/man/pt/man8/apt-secure.8.gz", "/usr/share/man/pt/man8/apt.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "base-files@13.8+deb13u5", "Name": "base-files", "Identifier": { "PURL": "pkg:deb/debian/base-files@13.8%2Bdeb13u5?arch=amd64\u0026distro=debian-13.5", "UID": "6b13e330b45e6f4f" }, "Version": "13.8+deb13u5", "Arch": "amd64", "SrcName": "base-files", "SrcVersion": "13.8+deb13u5", "Licenses": [ "GPL-2.0-or-later", "verbatim" ], "Maintainer": "Santiago Vila \u003csanvila@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/os-release", "/usr/share/base-files/dot.bashrc", "/usr/share/base-files/dot.profile", "/usr/share/base-files/dot.profile.md5sums", "/usr/share/base-files/info.dir", "/usr/share/base-files/motd", "/usr/share/base-files/profile", "/usr/share/base-files/profile.md5sums", "/usr/share/base-files/staff-group-for-usr-local", "/usr/share/common-licenses/Apache-2.0", "/usr/share/common-licenses/Artistic", "/usr/share/common-licenses/BSD", "/usr/share/common-licenses/CC0-1.0", "/usr/share/common-licenses/GFDL-1.2", "/usr/share/common-licenses/GFDL-1.3", "/usr/share/common-licenses/GPL-1", "/usr/share/common-licenses/GPL-2", "/usr/share/common-licenses/GPL-3", "/usr/share/common-licenses/LGPL-2", "/usr/share/common-licenses/LGPL-2.1", "/usr/share/common-licenses/LGPL-3", "/usr/share/common-licenses/MPL-1.1", "/usr/share/common-licenses/MPL-2.0", "/usr/share/doc/base-files/NEWS.Debian.gz", "/usr/share/doc/base-files/README", "/usr/share/doc/base-files/README.FHS", "/usr/share/doc/base-files/changelog.gz", "/usr/share/doc/base-files/copyright", "/usr/share/lintian/overrides/base-files" ], "AnalyzedBy": "dpkg" }, { "ID": "base-passwd@3.6.7", "Name": "base-passwd", "Identifier": { "PURL": "pkg:deb/debian/base-passwd@3.6.7?arch=amd64\u0026distro=debian-13.5", "UID": "f77779fa356eca05" }, "Version": "3.6.7", "Arch": "amd64", "SrcName": "base-passwd", "SrcVersion": "3.6.7", "Licenses": [ "GPL-2.0-only", "public-domain" ], "Maintainer": "Shadow package maintainers \u003cpkg-shadow-devel@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libdebconfclient0@0.280", "libselinux1@3.8.1-1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/sbin/update-passwd", "/usr/share/base-passwd/group.master", "/usr/share/base-passwd/passwd.master", "/usr/share/doc-base/base-passwd.users-and-groups", "/usr/share/doc/base-passwd/README", "/usr/share/doc/base-passwd/changelog.gz", "/usr/share/doc/base-passwd/copyright", "/usr/share/doc/base-passwd/users-and-groups.html", "/usr/share/doc/base-passwd/users-and-groups.txt.gz", "/usr/share/lintian/overrides/base-passwd", "/usr/share/man/de/man8/update-passwd.8.gz", "/usr/share/man/es/man8/update-passwd.8.gz", "/usr/share/man/fr/man8/update-passwd.8.gz", "/usr/share/man/ja/man8/update-passwd.8.gz", "/usr/share/man/man8/update-passwd.8.gz", "/usr/share/man/pl/man8/update-passwd.8.gz", "/usr/share/man/ro/man8/update-passwd.8.gz", "/usr/share/man/ru/man8/update-passwd.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "bash@5.2.37-2+b9", "Name": "bash", "Identifier": { "PURL": "pkg:deb/debian/bash@5.2.37-2%2Bb9?arch=amd64\u0026distro=debian-13.5", "UID": "f36f9b3693158651" }, "Version": "5.2.37", "Release": "2+b9", "Arch": "amd64", "SrcName": "bash", "SrcVersion": "5.2.37", "SrcRelease": "2", "Licenses": [ "GPL-3.0-or-later", "GPL-3.0-only", "GPL-3+ with Bison exception", "GPL-2.0-or-later", "GPL-2.0-only", "GFDL-1.3-no-invariants-only", "GFDL-1.3-only", "Latex2e", "BSD-4-Clause-UC", "MIT", "permissive" ], "Maintainer": "Matthias Klose \u003cdoko@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "base-files@13.8+deb13u5", "debianutils@5.23.2" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/bash", "/usr/bin/bashbug", "/usr/bin/clear_console", "/usr/share/debianutils/shells.d/bash", "/usr/share/doc/bash/CHANGES.gz", "/usr/share/doc/bash/COMPAT.gz", "/usr/share/doc/bash/INTRO.gz", "/usr/share/doc/bash/NEWS.gz", "/usr/share/doc/bash/POSIX.gz", "/usr/share/doc/bash/RBASH", "/usr/share/doc/bash/README.Debian.gz", "/usr/share/doc/bash/README.abs-guide", "/usr/share/doc/bash/README.commands.gz", "/usr/share/doc/bash/README.gz", "/usr/share/doc/bash/changelog.Debian.amd64.gz", "/usr/share/doc/bash/changelog.Debian.gz", "/usr/share/doc/bash/changelog.gz", "/usr/share/doc/bash/copyright", "/usr/share/doc/bash/inputrc.arrows", "/usr/share/lintian/overrides/bash", "/usr/share/locale/af/LC_MESSAGES/bash.mo", "/usr/share/locale/bg/LC_MESSAGES/bash.mo", "/usr/share/locale/ca/LC_MESSAGES/bash.mo", "/usr/share/locale/cs/LC_MESSAGES/bash.mo", "/usr/share/locale/da/LC_MESSAGES/bash.mo", "/usr/share/locale/de/LC_MESSAGES/bash.mo", "/usr/share/locale/el/LC_MESSAGES/bash.mo", "/usr/share/locale/en@boldquot/LC_MESSAGES/bash.mo", "/usr/share/locale/en@quot/LC_MESSAGES/bash.mo", "/usr/share/locale/eo/LC_MESSAGES/bash.mo", "/usr/share/locale/es/LC_MESSAGES/bash.mo", "/usr/share/locale/et/LC_MESSAGES/bash.mo", "/usr/share/locale/fi/LC_MESSAGES/bash.mo", "/usr/share/locale/fr/LC_MESSAGES/bash.mo", "/usr/share/locale/ga/LC_MESSAGES/bash.mo", "/usr/share/locale/gl/LC_MESSAGES/bash.mo", "/usr/share/locale/hr/LC_MESSAGES/bash.mo", "/usr/share/locale/hu/LC_MESSAGES/bash.mo", "/usr/share/locale/id/LC_MESSAGES/bash.mo", "/usr/share/locale/it/LC_MESSAGES/bash.mo", "/usr/share/locale/ja/LC_MESSAGES/bash.mo", "/usr/share/locale/ko/LC_MESSAGES/bash.mo", "/usr/share/locale/lt/LC_MESSAGES/bash.mo", "/usr/share/locale/nb/LC_MESSAGES/bash.mo", "/usr/share/locale/nl/LC_MESSAGES/bash.mo", "/usr/share/locale/pl/LC_MESSAGES/bash.mo", "/usr/share/locale/pt/LC_MESSAGES/bash.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/bash.mo", "/usr/share/locale/ro/LC_MESSAGES/bash.mo", "/usr/share/locale/ru/LC_MESSAGES/bash.mo", "/usr/share/locale/sk/LC_MESSAGES/bash.mo", "/usr/share/locale/sl/LC_MESSAGES/bash.mo", "/usr/share/locale/sr/LC_MESSAGES/bash.mo", "/usr/share/locale/sv/LC_MESSAGES/bash.mo", "/usr/share/locale/tr/LC_MESSAGES/bash.mo", "/usr/share/locale/uk/LC_MESSAGES/bash.mo", "/usr/share/locale/vi/LC_MESSAGES/bash.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/bash.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/bash.mo", "/usr/share/man/man1/bash.1.gz", "/usr/share/man/man1/bashbug.1.gz", "/usr/share/man/man1/clear_console.1.gz", "/usr/share/man/man1/rbash.1.gz", "/usr/share/man/man7/bash-builtins.7.gz", "/usr/share/menu/bash" ], "AnalyzedBy": "dpkg" }, { "ID": "bsdutils@1:2.41-5", "Name": "bsdutils", "Identifier": { "PURL": "pkg:deb/debian/bsdutils@2.41-5?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "5843733a461e6ce1" }, "Version": "2.41", "Release": "5", "Epoch": 1, "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/logger", "/usr/bin/renice", "/usr/bin/script", "/usr/bin/scriptlive", "/usr/bin/scriptreplay", "/usr/bin/wall", "/usr/share/bash-completion/completions/logger", "/usr/share/bash-completion/completions/renice", "/usr/share/bash-completion/completions/script", "/usr/share/bash-completion/completions/scriptlive", "/usr/share/bash-completion/completions/scriptreplay", "/usr/share/bash-completion/completions/wall", "/usr/share/doc/bsdutils/NEWS.Debian.gz", "/usr/share/doc/bsdutils/changelog.Debian.gz", "/usr/share/doc/bsdutils/changelog.gz", "/usr/share/doc/bsdutils/copyright", "/usr/share/lintian/overrides/bsdutils", "/usr/share/man/man1/logger.1.gz", "/usr/share/man/man1/renice.1.gz", "/usr/share/man/man1/script.1.gz", "/usr/share/man/man1/scriptlive.1.gz", "/usr/share/man/man1/scriptreplay.1.gz", "/usr/share/man/man1/wall.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "ca-certificates@20250419", "Name": "ca-certificates", "Identifier": { "PURL": "pkg:deb/debian/ca-certificates@20250419?arch=all\u0026distro=debian-13.5", "UID": "2c691dbd8cebdf2a" }, "Version": "20250419", "Arch": "all", "SrcName": "ca-certificates", "SrcVersion": "20250419", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "MPL-2.0" ], "Maintainer": "Julien Cristau \u003cjcristau@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debconf@1.5.91", "openssl@3.5.6-1~deb13u1" ], "Layer": { "Digest": "sha256:4a9dde5cdde190bfa0a3ab17863a083e66ea9636b157638c315357dfa476ba76", "DiffID": "sha256:ae0096d57d7f18e7861848f1103983488102f78517c11444120d8a938884de54" }, "InstalledFiles": [ "/usr/sbin/update-ca-certificates", "/usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt", "/usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt", "/usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt", "/usr/share/ca-certificates/mozilla/ANF_Secure_Server_Root_CA.crt", "/usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt", "/usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt", "/usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt", "/usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt", "/usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt", "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt", "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt", "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt", "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt", "/usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt", "/usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.crt", "/usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.crt", "/usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt", "/usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA1.crt", "/usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA2.crt", "/usr/share/ca-certificates/mozilla/Baltimore_CyberTrust_Root.crt", "/usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt", "/usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt", "/usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt", "/usr/share/ca-certificates/mozilla/CFCA_EV_ROOT.crt", "/usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/Certainly_Root_E1.crt", "/usr/share/ca-certificates/mozilla/Certainly_Root_R1.crt", "/usr/share/ca-certificates/mozilla/Certigna.crt", "/usr/share/ca-certificates/mozilla/Certigna_Root_CA.crt", "/usr/share/ca-certificates/mozilla/Certum_EC-384_CA.crt", "/usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt", "/usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt", "/usr/share/ca-certificates/mozilla/Certum_Trusted_Root_CA.crt", "/usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-01.crt", "/usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-02.crt", "/usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-01.crt", "/usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-02.crt", "/usr/share/ca-certificates/mozilla/Comodo_AAA_Services_root.crt", "/usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_1_2020.crt", "/usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_2_2023.crt", "/usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_1_2020.crt", "/usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_2_2023.crt", "/usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt", "/usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt", "/usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt", "/usr/share/ca-certificates/mozilla/DigiCert_TLS_ECC_P384_Root_G5.crt", "/usr/share/ca-certificates/mozilla/DigiCert_TLS_RSA4096_Root_G5.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt", "/usr/share/ca-certificates/mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt", "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt", "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt", "/usr/share/ca-certificates/mozilla/FIRMAPROFESIONAL_CA_ROOT-A_WEB.crt", "/usr/share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt", "/usr/share/ca-certificates/mozilla/GLOBALTRUST_2020.crt", "/usr/share/ca-certificates/mozilla/GTS_Root_R1.crt", "/usr/share/ca-certificates/mozilla/GTS_Root_R2.crt", "/usr/share/ca-certificates/mozilla/GTS_Root_R3.crt", "/usr/share/ca-certificates/mozilla/GTS_Root_R4.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_Root_E46.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_Root_R46.crt", "/usr/share/ca-certificates/mozilla/Go_Daddy_Class_2_CA.crt", "/usr/share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt", "/usr/share/ca-certificates/mozilla/HARICA_TLS_ECC_Root_CA_2021.crt", "/usr/share/ca-certificates/mozilla/HARICA_TLS_RSA_Root_CA_2021.crt", "/usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt", "/usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt", "/usr/share/ca-certificates/mozilla/HiPKI_Root_CA_-_G1.crt", "/usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt", "/usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt", "/usr/share/ca-certificates/mozilla/ISRG_Root_X2.crt", "/usr/share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt", "/usr/share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt", "/usr/share/ca-certificates/mozilla/Izenpe.com.crt", "/usr/share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt", "/usr/share/ca-certificates/mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt", "/usr/share/ca-certificates/mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt", "/usr/share/ca-certificates/mozilla/NAVER_Global_Root_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt", "/usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt", "/usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt", "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt", "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt", "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt", "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt", "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt", "/usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt", "/usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt", "/usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt", "/usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt", "/usr/share/ca-certificates/mozilla/SSL.com_TLS_ECC_Root_CA_2022.crt", "/usr/share/ca-certificates/mozilla/SSL.com_TLS_RSA_Root_CA_2022.crt", "/usr/share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt", "/usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_E46.crt", "/usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_R46.crt", "/usr/share/ca-certificates/mozilla/SecureSign_Root_CA12.crt", "/usr/share/ca-certificates/mozilla/SecureSign_Root_CA14.crt", "/usr/share/ca-certificates/mozilla/SecureSign_Root_CA15.crt", "/usr/share/ca-certificates/mozilla/SecureTrust_CA.crt", "/usr/share/ca-certificates/mozilla/Secure_Global_CA.crt", "/usr/share/ca-certificates/mozilla/Security_Communication_ECC_RootCA1.crt", "/usr/share/ca-certificates/mozilla/Security_Communication_RootCA2.crt", "/usr/share/ca-certificates/mozilla/Starfield_Class_2_CA.crt", "/usr/share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt", "/usr/share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt", "/usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt", "/usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt", "/usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt", "/usr/share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt", "/usr/share/ca-certificates/mozilla/TWCA_CYBER_Root_CA.crt", "/usr/share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt", "/usr/share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/Telekom_Security_TLS_ECC_Root_2020.crt", "/usr/share/ca-certificates/mozilla/Telekom_Security_TLS_RSA_Root_2023.crt", "/usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt", "/usr/share/ca-certificates/mozilla/Telia_Root_CA_v2.crt", "/usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G3.crt", "/usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G4.crt", "/usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/TunTrust_Root_CA.crt", "/usr/share/ca-certificates/mozilla/UCA_Extended_Validation_Root.crt", "/usr/share/ca-certificates/mozilla/UCA_Global_G2_Root.crt", "/usr/share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/XRamp_Global_CA_Root.crt", "/usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt", "/usr/share/ca-certificates/mozilla/certSIGN_Root_CA_G2.crt", "/usr/share/ca-certificates/mozilla/e-Szigno_Root_CA_2017.crt", "/usr/share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_C3.crt", "/usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_G3.crt", "/usr/share/ca-certificates/mozilla/emSign_Root_CA_-_C1.crt", "/usr/share/ca-certificates/mozilla/emSign_Root_CA_-_G1.crt", "/usr/share/ca-certificates/mozilla/vTrus_ECC_Root_CA.crt", "/usr/share/ca-certificates/mozilla/vTrus_Root_CA.crt", "/usr/share/doc/ca-certificates/README.Debian", "/usr/share/doc/ca-certificates/changelog.gz", "/usr/share/doc/ca-certificates/copyright", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/Makefile", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/README", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/ca-certificates-local.triggers", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/changelog", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/compat", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/control", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/copyright", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/postrm", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/rules", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/source/format", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/local/Local_Root_CA.crt", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/local/Makefile", "/usr/share/man/man8/update-ca-certificates.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "coreutils@9.7-3", "Name": "coreutils", "Identifier": { "PURL": "pkg:deb/debian/coreutils@9.7-3?arch=amd64\u0026distro=debian-13.5", "UID": "cb4a55f50bda2393" }, "Version": "9.7", "Release": "3", "Arch": "amd64", "SrcName": "coreutils", "SrcVersion": "9.7", "SrcRelease": "3", "Licenses": [ "GPL-3.0-or-later", "BSD-4-Clause-UC", "GPL-3.0-only", "ISC", "FSFULLR", "GFDL-1.3-no-invariants-only", "GFDL-1.3-only" ], "Maintainer": "Michael Stone \u003cmstone@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/[", "/usr/bin/arch", "/usr/bin/b2sum", "/usr/bin/base32", "/usr/bin/base64", "/usr/bin/basename", "/usr/bin/basenc", "/usr/bin/cat", "/usr/bin/chcon", "/usr/bin/chgrp", "/usr/bin/chmod", "/usr/bin/chown", "/usr/bin/cksum", "/usr/bin/comm", "/usr/bin/cp", "/usr/bin/csplit", "/usr/bin/cut", "/usr/bin/date", "/usr/bin/dd", "/usr/bin/df", "/usr/bin/dir", "/usr/bin/dircolors", "/usr/bin/dirname", "/usr/bin/du", "/usr/bin/echo", "/usr/bin/env", "/usr/bin/expand", "/usr/bin/expr", "/usr/bin/factor", "/usr/bin/false", "/usr/bin/fmt", "/usr/bin/fold", "/usr/bin/groups", "/usr/bin/head", "/usr/bin/hostid", "/usr/bin/id", "/usr/bin/install", "/usr/bin/join", "/usr/bin/link", "/usr/bin/ln", "/usr/bin/logname", "/usr/bin/ls", "/usr/bin/md5sum", "/usr/bin/mkdir", "/usr/bin/mkfifo", "/usr/bin/mknod", "/usr/bin/mktemp", "/usr/bin/mv", "/usr/bin/nice", "/usr/bin/nl", "/usr/bin/nohup", "/usr/bin/nproc", "/usr/bin/numfmt", "/usr/bin/od", "/usr/bin/paste", "/usr/bin/pathchk", "/usr/bin/pinky", "/usr/bin/pr", "/usr/bin/printenv", "/usr/bin/printf", "/usr/bin/ptx", "/usr/bin/pwd", "/usr/bin/readlink", "/usr/bin/realpath", "/usr/bin/rm", "/usr/bin/rmdir", "/usr/bin/runcon", "/usr/bin/seq", "/usr/bin/sha1sum", "/usr/bin/sha224sum", "/usr/bin/sha256sum", "/usr/bin/sha384sum", "/usr/bin/sha512sum", "/usr/bin/shred", "/usr/bin/shuf", "/usr/bin/sleep", "/usr/bin/sort", "/usr/bin/split", "/usr/bin/stat", "/usr/bin/stdbuf", "/usr/bin/stty", "/usr/bin/sum", "/usr/bin/sync", "/usr/bin/tac", "/usr/bin/tail", "/usr/bin/tee", "/usr/bin/test", "/usr/bin/timeout", "/usr/bin/touch", "/usr/bin/tr", "/usr/bin/true", "/usr/bin/truncate", "/usr/bin/tsort", "/usr/bin/tty", "/usr/bin/uname", "/usr/bin/unexpand", "/usr/bin/uniq", "/usr/bin/unlink", "/usr/bin/users", "/usr/bin/vdir", "/usr/bin/wc", "/usr/bin/who", "/usr/bin/whoami", "/usr/bin/yes", "/usr/libexec/coreutils/libstdbuf.so", "/usr/sbin/chroot", "/usr/share/doc/coreutils/AUTHORS", "/usr/share/doc/coreutils/NEWS.gz", "/usr/share/doc/coreutils/README.Debian", "/usr/share/doc/coreutils/README.gz", "/usr/share/doc/coreutils/THANKS.gz", "/usr/share/doc/coreutils/TODO.gz", "/usr/share/doc/coreutils/changelog.Debian.gz", "/usr/share/doc/coreutils/changelog.gz", "/usr/share/doc/coreutils/copyright", "/usr/share/info/coreutils.info.gz", "/usr/share/lintian/overrides/coreutils", "/usr/share/locale/af/LC_MESSAGES/coreutils.mo", "/usr/share/locale/be/LC_MESSAGES/coreutils.mo", "/usr/share/locale/bg/LC_MESSAGES/coreutils.mo", "/usr/share/locale/ca/LC_MESSAGES/coreutils.mo", "/usr/share/locale/cs/LC_MESSAGES/coreutils.mo", "/usr/share/locale/da/LC_MESSAGES/coreutils.mo", "/usr/share/locale/de/LC_MESSAGES/coreutils.mo", "/usr/share/locale/el/LC_MESSAGES/coreutils.mo", "/usr/share/locale/eo/LC_MESSAGES/coreutils.mo", "/usr/share/locale/es/LC_MESSAGES/coreutils.mo", "/usr/share/locale/et/LC_MESSAGES/coreutils.mo", "/usr/share/locale/eu/LC_MESSAGES/coreutils.mo", "/usr/share/locale/fi/LC_MESSAGES/coreutils.mo", "/usr/share/locale/fr/LC_MESSAGES/coreutils.mo", "/usr/share/locale/ga/LC_MESSAGES/coreutils.mo", "/usr/share/locale/gl/LC_MESSAGES/coreutils.mo", "/usr/share/locale/hr/LC_MESSAGES/coreutils.mo", "/usr/share/locale/hu/LC_MESSAGES/coreutils.mo", "/usr/share/locale/ia/LC_MESSAGES/coreutils.mo", "/usr/share/locale/id/LC_MESSAGES/coreutils.mo", "/usr/share/locale/it/LC_MESSAGES/coreutils.mo", "/usr/share/locale/ja/LC_MESSAGES/coreutils.mo", "/usr/share/locale/ka/LC_MESSAGES/coreutils.mo", "/usr/share/locale/kk/LC_MESSAGES/coreutils.mo", "/usr/share/locale/ko/LC_MESSAGES/coreutils.mo", "/usr/share/locale/lg/LC_MESSAGES/coreutils.mo", "/usr/share/locale/lt/LC_MESSAGES/coreutils.mo", "/usr/share/locale/ms/LC_MESSAGES/coreutils.mo", "/usr/share/locale/nb/LC_MESSAGES/coreutils.mo", "/usr/share/locale/nl/LC_MESSAGES/coreutils.mo", "/usr/share/locale/pl/LC_MESSAGES/coreutils.mo", "/usr/share/locale/pt/LC_MESSAGES/coreutils.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/coreutils.mo", "/usr/share/locale/ro/LC_MESSAGES/coreutils.mo", "/usr/share/locale/ru/LC_MESSAGES/coreutils.mo", "/usr/share/locale/sk/LC_MESSAGES/coreutils.mo", "/usr/share/locale/sl/LC_MESSAGES/coreutils.mo", "/usr/share/locale/sr/LC_MESSAGES/coreutils.mo", "/usr/share/locale/sv/LC_MESSAGES/coreutils.mo", "/usr/share/locale/ta/LC_MESSAGES/coreutils.mo", "/usr/share/locale/tr/LC_MESSAGES/coreutils.mo", "/usr/share/locale/uk/LC_MESSAGES/coreutils.mo", "/usr/share/locale/vi/LC_MESSAGES/coreutils.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/coreutils.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/coreutils.mo", "/usr/share/man/man1/arch.1.gz", "/usr/share/man/man1/b2sum.1.gz", "/usr/share/man/man1/base32.1.gz", "/usr/share/man/man1/base64.1.gz", "/usr/share/man/man1/basename.1.gz", "/usr/share/man/man1/basenc.1.gz", "/usr/share/man/man1/cat.1.gz", "/usr/share/man/man1/chcon.1.gz", "/usr/share/man/man1/chgrp.1.gz", "/usr/share/man/man1/chmod.1.gz", "/usr/share/man/man1/chown.1.gz", "/usr/share/man/man1/cksum.1.gz", "/usr/share/man/man1/comm.1.gz", "/usr/share/man/man1/cp.1.gz", "/usr/share/man/man1/csplit.1.gz", "/usr/share/man/man1/cut.1.gz", "/usr/share/man/man1/date.1.gz", "/usr/share/man/man1/dd.1.gz", "/usr/share/man/man1/df.1.gz", "/usr/share/man/man1/dir.1.gz", "/usr/share/man/man1/dircolors.1.gz", "/usr/share/man/man1/dirname.1.gz", "/usr/share/man/man1/du.1.gz", "/usr/share/man/man1/echo.1.gz", "/usr/share/man/man1/env.1.gz", "/usr/share/man/man1/expand.1.gz", "/usr/share/man/man1/expr.1.gz", "/usr/share/man/man1/factor.1.gz", "/usr/share/man/man1/false.1.gz", "/usr/share/man/man1/fmt.1.gz", "/usr/share/man/man1/fold.1.gz", "/usr/share/man/man1/groups.1.gz", "/usr/share/man/man1/head.1.gz", "/usr/share/man/man1/hostid.1.gz", "/usr/share/man/man1/id.1.gz", "/usr/share/man/man1/install.1.gz", "/usr/share/man/man1/join.1.gz", "/usr/share/man/man1/link.1.gz", "/usr/share/man/man1/ln.1.gz", "/usr/share/man/man1/logname.1.gz", "/usr/share/man/man1/ls.1.gz", "/usr/share/man/man1/md5sum.1.gz", "/usr/share/man/man1/mkdir.1.gz", "/usr/share/man/man1/mkfifo.1.gz", "/usr/share/man/man1/mknod.1.gz", "/usr/share/man/man1/mktemp.1.gz", "/usr/share/man/man1/mv.1.gz", "/usr/share/man/man1/nice.1.gz", "/usr/share/man/man1/nl.1.gz", "/usr/share/man/man1/nohup.1.gz", "/usr/share/man/man1/nproc.1.gz", "/usr/share/man/man1/numfmt.1.gz", "/usr/share/man/man1/od.1.gz", "/usr/share/man/man1/paste.1.gz", "/usr/share/man/man1/pathchk.1.gz", "/usr/share/man/man1/pinky.1.gz", "/usr/share/man/man1/pr.1.gz", "/usr/share/man/man1/printenv.1.gz", "/usr/share/man/man1/printf.1.gz", "/usr/share/man/man1/ptx.1.gz", "/usr/share/man/man1/pwd.1.gz", "/usr/share/man/man1/readlink.1.gz", "/usr/share/man/man1/realpath.1.gz", "/usr/share/man/man1/rm.1.gz", "/usr/share/man/man1/rmdir.1.gz", "/usr/share/man/man1/runcon.1.gz", "/usr/share/man/man1/seq.1.gz", "/usr/share/man/man1/sha1sum.1.gz", "/usr/share/man/man1/sha224sum.1.gz", "/usr/share/man/man1/sha256sum.1.gz", "/usr/share/man/man1/sha384sum.1.gz", "/usr/share/man/man1/sha512sum.1.gz", "/usr/share/man/man1/shred.1.gz", "/usr/share/man/man1/shuf.1.gz", "/usr/share/man/man1/sleep.1.gz", "/usr/share/man/man1/sort.1.gz", "/usr/share/man/man1/split.1.gz", "/usr/share/man/man1/stat.1.gz", "/usr/share/man/man1/stdbuf.1.gz", "/usr/share/man/man1/stty.1.gz", "/usr/share/man/man1/sum.1.gz", "/usr/share/man/man1/sync.1.gz", "/usr/share/man/man1/tac.1.gz", "/usr/share/man/man1/tail.1.gz", "/usr/share/man/man1/tee.1.gz", "/usr/share/man/man1/test.1.gz", "/usr/share/man/man1/timeout.1.gz", "/usr/share/man/man1/touch.1.gz", "/usr/share/man/man1/tr.1.gz", "/usr/share/man/man1/true.1.gz", "/usr/share/man/man1/truncate.1.gz", "/usr/share/man/man1/tsort.1.gz", "/usr/share/man/man1/tty.1.gz", "/usr/share/man/man1/uname.1.gz", "/usr/share/man/man1/unexpand.1.gz", "/usr/share/man/man1/uniq.1.gz", "/usr/share/man/man1/unlink.1.gz", "/usr/share/man/man1/users.1.gz", "/usr/share/man/man1/vdir.1.gz", "/usr/share/man/man1/wc.1.gz", "/usr/share/man/man1/who.1.gz", "/usr/share/man/man1/whoami.1.gz", "/usr/share/man/man1/yes.1.gz", "/usr/share/man/man8/chroot.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "dash@0.5.12-12", "Name": "dash", "Identifier": { "PURL": "pkg:deb/debian/dash@0.5.12-12?arch=amd64\u0026distro=debian-13.5", "UID": "4990b2098a2a3724" }, "Version": "0.5.12", "Release": "12", "Arch": "amd64", "SrcName": "dash", "SrcVersion": "0.5.12", "SrcRelease": "12", "Licenses": [ "BSD-3-Clause", "public-domain", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Andrej Shadura \u003candrewsh@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debianutils@5.23.2" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/dash", "/usr/share/debianutils/shells.d/dash", "/usr/share/doc/dash/README.Debian.diet", "/usr/share/doc/dash/README.source", "/usr/share/doc/dash/changelog.Debian.gz", "/usr/share/doc/dash/changelog.gz", "/usr/share/doc/dash/copyright", "/usr/share/lintian/overrides/dash", "/usr/share/man/man1/dash.1.gz", "/usr/share/menu/dash" ], "AnalyzedBy": "dpkg" }, { "ID": "debconf@1.5.91", "Name": "debconf", "Identifier": { "PURL": "pkg:deb/debian/debconf@1.5.91?arch=all\u0026distro=debian-13.5", "UID": "f7c8b7ba83ed5cfe" }, "Version": "1.5.91", "Arch": "all", "SrcName": "debconf", "SrcVersion": "1.5.91", "Licenses": [ "BSD-2-Clause" ], "Maintainer": "Debconf Developers \u003cdebconf-devel@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/debconf", "/usr/bin/debconf-apt-progress", "/usr/bin/debconf-communicate", "/usr/bin/debconf-copydb", "/usr/bin/debconf-escape", "/usr/bin/debconf-set-selections", "/usr/bin/debconf-show", "/usr/sbin/dpkg-preconfigure", "/usr/sbin/dpkg-reconfigure", "/usr/share/bash-completion/completions/debconf", "/usr/share/debconf/confmodule", "/usr/share/debconf/confmodule.sh", "/usr/share/debconf/debconf.conf", "/usr/share/debconf/fix_db.pl", "/usr/share/debconf/frontend", "/usr/share/doc/debconf/README.Debian", "/usr/share/doc/debconf/changelog.gz", "/usr/share/doc/debconf/copyright", "/usr/share/lintian/overrides/debconf", "/usr/share/man/man1/debconf-apt-progress.1.gz", "/usr/share/man/man1/debconf-communicate.1.gz", "/usr/share/man/man1/debconf-copydb.1.gz", "/usr/share/man/man1/debconf-escape.1.gz", "/usr/share/man/man1/debconf-set-selections.1.gz", "/usr/share/man/man1/debconf-show.1.gz", "/usr/share/man/man1/debconf.1.gz", "/usr/share/man/man8/dpkg-preconfigure.8.gz", "/usr/share/man/man8/dpkg-reconfigure.8.gz", "/usr/share/perl5/Debconf/AutoSelect.pm", "/usr/share/perl5/Debconf/Base.pm", "/usr/share/perl5/Debconf/Client/ConfModule.pm", "/usr/share/perl5/Debconf/ConfModule.pm", "/usr/share/perl5/Debconf/Config.pm", "/usr/share/perl5/Debconf/Db.pm", "/usr/share/perl5/Debconf/DbDriver.pm", "/usr/share/perl5/Debconf/DbDriver/Backup.pm", "/usr/share/perl5/Debconf/DbDriver/Cache.pm", "/usr/share/perl5/Debconf/DbDriver/Copy.pm", "/usr/share/perl5/Debconf/DbDriver/Debug.pm", "/usr/share/perl5/Debconf/DbDriver/DirTree.pm", "/usr/share/perl5/Debconf/DbDriver/Directory.pm", "/usr/share/perl5/Debconf/DbDriver/File.pm", "/usr/share/perl5/Debconf/DbDriver/LDAP.pm", "/usr/share/perl5/Debconf/DbDriver/PackageDir.pm", "/usr/share/perl5/Debconf/DbDriver/Pipe.pm", "/usr/share/perl5/Debconf/DbDriver/Stack.pm", "/usr/share/perl5/Debconf/Element.pm", "/usr/share/perl5/Debconf/Element/Dialog/Boolean.pm", "/usr/share/perl5/Debconf/Element/Dialog/Error.pm", "/usr/share/perl5/Debconf/Element/Dialog/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Dialog/Note.pm", "/usr/share/perl5/Debconf/Element/Dialog/Password.pm", "/usr/share/perl5/Debconf/Element/Dialog/Progress.pm", "/usr/share/perl5/Debconf/Element/Dialog/Select.pm", "/usr/share/perl5/Debconf/Element/Dialog/String.pm", "/usr/share/perl5/Debconf/Element/Dialog/Text.pm", "/usr/share/perl5/Debconf/Element/Editor/Boolean.pm", "/usr/share/perl5/Debconf/Element/Editor/Error.pm", "/usr/share/perl5/Debconf/Element/Editor/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Editor/Note.pm", "/usr/share/perl5/Debconf/Element/Editor/Password.pm", "/usr/share/perl5/Debconf/Element/Editor/Progress.pm", "/usr/share/perl5/Debconf/Element/Editor/Select.pm", "/usr/share/perl5/Debconf/Element/Editor/String.pm", "/usr/share/perl5/Debconf/Element/Editor/Text.pm", "/usr/share/perl5/Debconf/Element/Gnome.pm", "/usr/share/perl5/Debconf/Element/Gnome/Boolean.pm", "/usr/share/perl5/Debconf/Element/Gnome/Error.pm", "/usr/share/perl5/Debconf/Element/Gnome/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Gnome/Note.pm", "/usr/share/perl5/Debconf/Element/Gnome/Password.pm", "/usr/share/perl5/Debconf/Element/Gnome/Progress.pm", "/usr/share/perl5/Debconf/Element/Gnome/Select.pm", "/usr/share/perl5/Debconf/Element/Gnome/String.pm", "/usr/share/perl5/Debconf/Element/Gnome/Text.pm", "/usr/share/perl5/Debconf/Element/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Noninteractive.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Boolean.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Error.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Note.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Password.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Progress.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Select.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/String.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Text.pm", "/usr/share/perl5/Debconf/Element/Select.pm", "/usr/share/perl5/Debconf/Element/Teletype/Boolean.pm", "/usr/share/perl5/Debconf/Element/Teletype/Error.pm", "/usr/share/perl5/Debconf/Element/Teletype/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Teletype/Note.pm", "/usr/share/perl5/Debconf/Element/Teletype/Password.pm", "/usr/share/perl5/Debconf/Element/Teletype/Progress.pm", "/usr/share/perl5/Debconf/Element/Teletype/Select.pm", "/usr/share/perl5/Debconf/Element/Teletype/String.pm", "/usr/share/perl5/Debconf/Element/Teletype/Text.pm", "/usr/share/perl5/Debconf/Element/Web/Boolean.pm", "/usr/share/perl5/Debconf/Element/Web/Error.pm", "/usr/share/perl5/Debconf/Element/Web/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Web/Note.pm", "/usr/share/perl5/Debconf/Element/Web/Password.pm", "/usr/share/perl5/Debconf/Element/Web/Progress.pm", "/usr/share/perl5/Debconf/Element/Web/Select.pm", "/usr/share/perl5/Debconf/Element/Web/String.pm", "/usr/share/perl5/Debconf/Element/Web/Text.pm", "/usr/share/perl5/Debconf/Encoding.pm", "/usr/share/perl5/Debconf/Format.pm", "/usr/share/perl5/Debconf/Format/822.pm", "/usr/share/perl5/Debconf/FrontEnd.pm", "/usr/share/perl5/Debconf/FrontEnd/Dialog.pm", "/usr/share/perl5/Debconf/FrontEnd/Editor.pm", "/usr/share/perl5/Debconf/FrontEnd/Gnome.pm", "/usr/share/perl5/Debconf/FrontEnd/Kde.pm", "/usr/share/perl5/Debconf/FrontEnd/Noninteractive.pm", "/usr/share/perl5/Debconf/FrontEnd/Passthrough.pm", "/usr/share/perl5/Debconf/FrontEnd/Readline.pm", "/usr/share/perl5/Debconf/FrontEnd/ScreenSize.pm", "/usr/share/perl5/Debconf/FrontEnd/Teletype.pm", "/usr/share/perl5/Debconf/FrontEnd/Text.pm", "/usr/share/perl5/Debconf/FrontEnd/Web.pm", "/usr/share/perl5/Debconf/Gettext.pm", "/usr/share/perl5/Debconf/Iterator.pm", "/usr/share/perl5/Debconf/Log.pm", "/usr/share/perl5/Debconf/Path.pm", "/usr/share/perl5/Debconf/Priority.pm", "/usr/share/perl5/Debconf/Question.pm", "/usr/share/perl5/Debconf/Template.pm", "/usr/share/perl5/Debconf/Template/Transient.pm", "/usr/share/perl5/Debconf/TmpFile.pm", "/usr/share/perl5/Debian/DebConf/Client/ConfModule.pm", "/usr/share/pixmaps/debian-logo.png" ], "AnalyzedBy": "dpkg" }, { "ID": "debian-archive-keyring@2025.1", "Name": "debian-archive-keyring", "Identifier": { "PURL": "pkg:deb/debian/debian-archive-keyring@2025.1?arch=all\u0026distro=debian-13.5", "UID": "a22d861380b1187c" }, "Version": "2025.1", "Arch": "all", "SrcName": "debian-archive-keyring", "SrcVersion": "2025.1", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Debian Release Team \u003cpackages@release.debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/share/doc/debian-archive-keyring/NEWS.Debian.gz", "/usr/share/doc/debian-archive-keyring/README", "/usr/share/doc/debian-archive-keyring/changelog.gz", "/usr/share/doc/debian-archive-keyring/copyright", "/usr/share/keyrings/debian-archive-bookworm-automatic.pgp", "/usr/share/keyrings/debian-archive-bookworm-security-automatic.pgp", "/usr/share/keyrings/debian-archive-bookworm-stable.pgp", "/usr/share/keyrings/debian-archive-bullseye-automatic.pgp", "/usr/share/keyrings/debian-archive-bullseye-security-automatic.pgp", "/usr/share/keyrings/debian-archive-bullseye-stable.pgp", "/usr/share/keyrings/debian-archive-keyring.pgp", "/usr/share/keyrings/debian-archive-removed-keys.pgp", "/usr/share/keyrings/debian-archive-trixie-automatic.pgp", "/usr/share/keyrings/debian-archive-trixie-security-automatic.pgp", "/usr/share/keyrings/debian-archive-trixie-stable.pgp" ], "AnalyzedBy": "dpkg" }, { "ID": "debianutils@5.23.2", "Name": "debianutils", "Identifier": { "PURL": "pkg:deb/debian/debianutils@5.23.2?arch=amd64\u0026distro=debian-13.5", "UID": "3c5d0b66afafddbb" }, "Version": "5.23.2", "Arch": "amd64", "SrcName": "debianutils", "SrcVersion": "5.23.2", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "public-domain", "SMAIL-GPL" ], "Maintainer": "Ileana Dumitrescu \u003cileanadumitrescu95@gmail.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/ischroot", "/usr/bin/run-parts", "/usr/bin/savelog", "/usr/bin/tempfile", "/usr/bin/which.debianutils", "/usr/sbin/add-shell", "/usr/sbin/installkernel", "/usr/sbin/remove-shell", "/usr/sbin/update-shells", "/usr/share/debianutils/shells", "/usr/share/doc/debianutils/README.shells", "/usr/share/doc/debianutils/changelog.gz", "/usr/share/doc/debianutils/copyright", "/usr/share/man/de/man1/which.debianutils.1.gz", "/usr/share/man/de/man8/add-shell.8.gz", "/usr/share/man/de/man8/installkernel.8.gz", "/usr/share/man/de/man8/remove-shell.8.gz", "/usr/share/man/de/man8/run-parts.8.gz", "/usr/share/man/de/man8/savelog.8.gz", "/usr/share/man/es/man1/which.debianutils.1.gz", "/usr/share/man/es/man8/add-shell.8.gz", "/usr/share/man/es/man8/installkernel.8.gz", "/usr/share/man/es/man8/remove-shell.8.gz", "/usr/share/man/es/man8/run-parts.8.gz", "/usr/share/man/es/man8/savelog.8.gz", "/usr/share/man/fr/man1/which.debianutils.1.gz", "/usr/share/man/fr/man8/add-shell.8.gz", "/usr/share/man/fr/man8/installkernel.8.gz", "/usr/share/man/fr/man8/remove-shell.8.gz", "/usr/share/man/fr/man8/run-parts.8.gz", "/usr/share/man/fr/man8/savelog.8.gz", "/usr/share/man/it/man1/which.debianutils.1.gz", "/usr/share/man/it/man8/add-shell.8.gz", "/usr/share/man/it/man8/installkernel.8.gz", "/usr/share/man/it/man8/remove-shell.8.gz", "/usr/share/man/it/man8/run-parts.8.gz", "/usr/share/man/it/man8/savelog.8.gz", "/usr/share/man/ja/man1/which.debianutils.1.gz", "/usr/share/man/ja/man8/add-shell.8.gz", "/usr/share/man/ja/man8/installkernel.8.gz", "/usr/share/man/ja/man8/remove-shell.8.gz", "/usr/share/man/ja/man8/run-parts.8.gz", "/usr/share/man/ja/man8/savelog.8.gz", "/usr/share/man/man1/ischroot.1.gz", "/usr/share/man/man1/tempfile.1.gz", "/usr/share/man/man1/which.debianutils.1.gz", "/usr/share/man/man8/add-shell.8.gz", "/usr/share/man/man8/installkernel.8.gz", "/usr/share/man/man8/remove-shell.8.gz", "/usr/share/man/man8/run-parts.8.gz", "/usr/share/man/man8/savelog.8.gz", "/usr/share/man/man8/update-shells.8.gz", "/usr/share/man/pl/man1/which.debianutils.1.gz", "/usr/share/man/pl/man8/add-shell.8.gz", "/usr/share/man/pl/man8/installkernel.8.gz", "/usr/share/man/pl/man8/remove-shell.8.gz", "/usr/share/man/pl/man8/run-parts.8.gz", "/usr/share/man/pl/man8/savelog.8.gz", "/usr/share/man/pt/man1/which.debianutils.1.gz", "/usr/share/man/pt/man8/add-shell.8.gz", "/usr/share/man/pt/man8/installkernel.8.gz", "/usr/share/man/pt/man8/remove-shell.8.gz", "/usr/share/man/pt/man8/run-parts.8.gz", "/usr/share/man/pt/man8/savelog.8.gz", "/usr/share/man/sl/man1/which.debianutils.1.gz", "/usr/share/man/sl/man8/add-shell.8.gz", "/usr/share/man/sl/man8/installkernel.8.gz", "/usr/share/man/sl/man8/remove-shell.8.gz", "/usr/share/man/sl/man8/run-parts.8.gz", "/usr/share/man/sl/man8/savelog.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "diffutils@1:3.10-4", "Name": "diffutils", "Identifier": { "PURL": "pkg:deb/debian/diffutils@3.10-4?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "852f693a78aaa149" }, "Version": "3.10", "Release": "4", "Epoch": 1, "Arch": "amd64", "SrcName": "diffutils", "SrcVersion": "3.10", "SrcRelease": "4", "SrcEpoch": 1, "Licenses": [ "GPL-3.0-or-later", "FSFULLR", "LGPL-2.1-or-later", "GPL-3.0-with-autoconf-exception+", "GPL-3.0-only", "GPL-3+ with texinfo exception", "LGPL-2.0-or-later", "GPL-2.0-or-later", "X11", "FSFAP", "GFDL-1.3-no-invariants-only", "LGPL-3.0-or-later", "LGPL-3.0-only", "public-domain", "LGPL-2.0-only", "LGPL-2.1-only", "GPL-2.0-only", "GFDL-1.3-only" ], "Maintainer": "Santiago Vila \u003csanvila@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/cmp", "/usr/bin/diff", "/usr/bin/diff3", "/usr/bin/sdiff", "/usr/share/doc/diffutils/NEWS.gz", "/usr/share/doc/diffutils/changelog.Debian.gz", "/usr/share/doc/diffutils/changelog.gz", "/usr/share/doc/diffutils/copyright", "/usr/share/info/diffutils.info.gz", "/usr/share/locale/bg/LC_MESSAGES/diffutils.mo", "/usr/share/locale/ca/LC_MESSAGES/diffutils.mo", "/usr/share/locale/cs/LC_MESSAGES/diffutils.mo", "/usr/share/locale/da/LC_MESSAGES/diffutils.mo", "/usr/share/locale/de/LC_MESSAGES/diffutils.mo", "/usr/share/locale/el/LC_MESSAGES/diffutils.mo", "/usr/share/locale/eo/LC_MESSAGES/diffutils.mo", "/usr/share/locale/es/LC_MESSAGES/diffutils.mo", "/usr/share/locale/fi/LC_MESSAGES/diffutils.mo", "/usr/share/locale/fr/LC_MESSAGES/diffutils.mo", "/usr/share/locale/ga/LC_MESSAGES/diffutils.mo", "/usr/share/locale/gl/LC_MESSAGES/diffutils.mo", "/usr/share/locale/he/LC_MESSAGES/diffutils.mo", "/usr/share/locale/hr/LC_MESSAGES/diffutils.mo", "/usr/share/locale/hu/LC_MESSAGES/diffutils.mo", "/usr/share/locale/id/LC_MESSAGES/diffutils.mo", "/usr/share/locale/it/LC_MESSAGES/diffutils.mo", "/usr/share/locale/ja/LC_MESSAGES/diffutils.mo", "/usr/share/locale/ka/LC_MESSAGES/diffutils.mo", "/usr/share/locale/ko/LC_MESSAGES/diffutils.mo", "/usr/share/locale/lv/LC_MESSAGES/diffutils.mo", "/usr/share/locale/ms/LC_MESSAGES/diffutils.mo", "/usr/share/locale/nb/LC_MESSAGES/diffutils.mo", "/usr/share/locale/nl/LC_MESSAGES/diffutils.mo", "/usr/share/locale/pl/LC_MESSAGES/diffutils.mo", "/usr/share/locale/pt/LC_MESSAGES/diffutils.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/diffutils.mo", "/usr/share/locale/ro/LC_MESSAGES/diffutils.mo", "/usr/share/locale/ru/LC_MESSAGES/diffutils.mo", "/usr/share/locale/sr/LC_MESSAGES/diffutils.mo", "/usr/share/locale/sv/LC_MESSAGES/diffutils.mo", "/usr/share/locale/tr/LC_MESSAGES/diffutils.mo", "/usr/share/locale/uk/LC_MESSAGES/diffutils.mo", "/usr/share/locale/vi/LC_MESSAGES/diffutils.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/diffutils.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/diffutils.mo", "/usr/share/man/man1/cmp.1.gz", "/usr/share/man/man1/diff.1.gz", "/usr/share/man/man1/diff3.1.gz", "/usr/share/man/man1/sdiff.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "dpkg@1.22.22", "Name": "dpkg", "Identifier": { "PURL": "pkg:deb/debian/dpkg@1.22.22?arch=amd64\u0026distro=debian-13.5", "UID": "7b97f27e3bec0417" }, "Version": "1.22.22", "Arch": "amd64", "SrcName": "dpkg", "SrcVersion": "1.22.22", "Licenses": [ "GPL-2.0-or-later", "public-domain-s-s-d", "GPL-2.0-only" ], "Maintainer": "Dpkg Developers \u003cdebian-dpkg@lists.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "tar@1.35+dfsg-3.1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/dpkg", "/usr/bin/dpkg-deb", "/usr/bin/dpkg-divert", "/usr/bin/dpkg-maintscript-helper", "/usr/bin/dpkg-query", "/usr/bin/dpkg-realpath", "/usr/bin/dpkg-split", "/usr/bin/dpkg-statoverride", "/usr/bin/dpkg-trigger", "/usr/bin/update-alternatives", "/usr/lib/systemd/system/dpkg-db-backup.service", "/usr/lib/systemd/system/dpkg-db-backup.timer", "/usr/libexec/dpkg/dpkg-db-backup", "/usr/libexec/dpkg/dpkg-db-keeper", "/usr/sbin/start-stop-daemon", "/usr/share/doc/dpkg/AUTHORS", "/usr/share/doc/dpkg/README.api", "/usr/share/doc/dpkg/README.bug-usertags.gz", "/usr/share/doc/dpkg/README.feature-removal-schedule.gz", "/usr/share/doc/dpkg/THANKS.gz", "/usr/share/doc/dpkg/changelog.gz", "/usr/share/doc/dpkg/copyright", "/usr/share/dpkg/abitable", "/usr/share/dpkg/cputable", "/usr/share/dpkg/ostable", "/usr/share/dpkg/sh/dpkg-error.sh", "/usr/share/dpkg/tupletable", "/usr/share/lintian/overrides/dpkg", "/usr/share/lintian/profiles/dpkg/main.profile", "/usr/share/locale/ast/LC_MESSAGES/dpkg.mo", "/usr/share/locale/bs/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ca/LC_MESSAGES/dpkg.mo", "/usr/share/locale/cs/LC_MESSAGES/dpkg.mo", "/usr/share/locale/da/LC_MESSAGES/dpkg.mo", "/usr/share/locale/de/LC_MESSAGES/dpkg.mo", "/usr/share/locale/dz/LC_MESSAGES/dpkg.mo", "/usr/share/locale/el/LC_MESSAGES/dpkg.mo", "/usr/share/locale/eo/LC_MESSAGES/dpkg.mo", "/usr/share/locale/es/LC_MESSAGES/dpkg.mo", "/usr/share/locale/et/LC_MESSAGES/dpkg.mo", "/usr/share/locale/eu/LC_MESSAGES/dpkg.mo", "/usr/share/locale/fr/LC_MESSAGES/dpkg.mo", "/usr/share/locale/gl/LC_MESSAGES/dpkg.mo", "/usr/share/locale/hu/LC_MESSAGES/dpkg.mo", "/usr/share/locale/id/LC_MESSAGES/dpkg.mo", "/usr/share/locale/it/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ja/LC_MESSAGES/dpkg.mo", "/usr/share/locale/km/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ko/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ku/LC_MESSAGES/dpkg.mo", "/usr/share/locale/lt/LC_MESSAGES/dpkg.mo", "/usr/share/locale/mr/LC_MESSAGES/dpkg.mo", "/usr/share/locale/nb/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ne/LC_MESSAGES/dpkg.mo", "/usr/share/locale/nl/LC_MESSAGES/dpkg.mo", "/usr/share/locale/nn/LC_MESSAGES/dpkg.mo", "/usr/share/locale/oc/LC_MESSAGES/dpkg.mo", "/usr/share/locale/pa/LC_MESSAGES/dpkg.mo", "/usr/share/locale/pl/LC_MESSAGES/dpkg.mo", "/usr/share/locale/pt/LC_MESSAGES/dpkg.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ro/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ru/LC_MESSAGES/dpkg.mo", "/usr/share/locale/sk/LC_MESSAGES/dpkg.mo", "/usr/share/locale/sv/LC_MESSAGES/dpkg.mo", "/usr/share/locale/th/LC_MESSAGES/dpkg.mo", "/usr/share/locale/tl/LC_MESSAGES/dpkg.mo", "/usr/share/locale/tr/LC_MESSAGES/dpkg.mo", "/usr/share/locale/vi/LC_MESSAGES/dpkg.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/dpkg.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/dpkg.mo", "/usr/share/man/de/man1/dpkg-deb.1.gz", "/usr/share/man/de/man1/dpkg-divert.1.gz", "/usr/share/man/de/man1/dpkg-maintscript-helper.1.gz", "/usr/share/man/de/man1/dpkg-query.1.gz", "/usr/share/man/de/man1/dpkg-realpath.1.gz", "/usr/share/man/de/man1/dpkg-split.1.gz", "/usr/share/man/de/man1/dpkg-statoverride.1.gz", "/usr/share/man/de/man1/dpkg-trigger.1.gz", "/usr/share/man/de/man1/dpkg.1.gz", "/usr/share/man/de/man1/update-alternatives.1.gz", "/usr/share/man/de/man5/dpkg.cfg.5.gz", "/usr/share/man/de/man8/start-stop-daemon.8.gz", "/usr/share/man/es/man5/dpkg.cfg.5.gz", "/usr/share/man/fr/man1/dpkg-divert.1.gz", "/usr/share/man/fr/man1/dpkg-maintscript-helper.1.gz", "/usr/share/man/fr/man1/dpkg-query.1.gz", "/usr/share/man/fr/man1/dpkg-realpath.1.gz", "/usr/share/man/fr/man1/dpkg-split.1.gz", "/usr/share/man/fr/man1/dpkg-trigger.1.gz", "/usr/share/man/fr/man1/update-alternatives.1.gz", "/usr/share/man/fr/man5/dpkg.cfg.5.gz", "/usr/share/man/fr/man8/start-stop-daemon.8.gz", "/usr/share/man/it/man5/dpkg.cfg.5.gz", "/usr/share/man/ja/man5/dpkg.cfg.5.gz", "/usr/share/man/man1/dpkg-deb.1.gz", "/usr/share/man/man1/dpkg-divert.1.gz", "/usr/share/man/man1/dpkg-maintscript-helper.1.gz", "/usr/share/man/man1/dpkg-query.1.gz", "/usr/share/man/man1/dpkg-realpath.1.gz", "/usr/share/man/man1/dpkg-split.1.gz", "/usr/share/man/man1/dpkg-statoverride.1.gz", "/usr/share/man/man1/dpkg-trigger.1.gz", "/usr/share/man/man1/dpkg.1.gz", "/usr/share/man/man1/update-alternatives.1.gz", "/usr/share/man/man5/dpkg.cfg.5.gz", "/usr/share/man/man8/start-stop-daemon.8.gz", "/usr/share/man/nl/man1/dpkg-deb.1.gz", "/usr/share/man/nl/man1/dpkg-divert.1.gz", "/usr/share/man/nl/man1/dpkg-maintscript-helper.1.gz", "/usr/share/man/nl/man1/dpkg-query.1.gz", "/usr/share/man/nl/man1/dpkg-realpath.1.gz", "/usr/share/man/nl/man1/dpkg-split.1.gz", "/usr/share/man/nl/man1/dpkg-statoverride.1.gz", "/usr/share/man/nl/man1/dpkg-trigger.1.gz", "/usr/share/man/nl/man1/dpkg.1.gz", "/usr/share/man/nl/man1/update-alternatives.1.gz", "/usr/share/man/nl/man5/dpkg.cfg.5.gz", "/usr/share/man/nl/man8/start-stop-daemon.8.gz", "/usr/share/man/pl/man5/dpkg.cfg.5.gz", "/usr/share/man/pt/man1/dpkg-deb.1.gz", "/usr/share/man/pt/man1/dpkg-divert.1.gz", "/usr/share/man/pt/man1/dpkg-maintscript-helper.1.gz", "/usr/share/man/pt/man1/dpkg-query.1.gz", "/usr/share/man/pt/man1/dpkg-realpath.1.gz", "/usr/share/man/pt/man1/dpkg-split.1.gz", "/usr/share/man/pt/man1/dpkg-statoverride.1.gz", "/usr/share/man/pt/man1/dpkg-trigger.1.gz", "/usr/share/man/pt/man1/dpkg.1.gz", "/usr/share/man/pt/man1/update-alternatives.1.gz", "/usr/share/man/pt/man5/dpkg.cfg.5.gz", "/usr/share/man/pt/man8/start-stop-daemon.8.gz", "/usr/share/man/sv/man1/dpkg-deb.1.gz", "/usr/share/man/sv/man1/dpkg-divert.1.gz", "/usr/share/man/sv/man1/dpkg-maintscript-helper.1.gz", "/usr/share/man/sv/man1/dpkg-query.1.gz", "/usr/share/man/sv/man1/dpkg-realpath.1.gz", "/usr/share/man/sv/man1/dpkg-split.1.gz", "/usr/share/man/sv/man1/dpkg-statoverride.1.gz", "/usr/share/man/sv/man1/dpkg-trigger.1.gz", "/usr/share/man/sv/man1/dpkg.1.gz", "/usr/share/man/sv/man1/update-alternatives.1.gz", "/usr/share/man/sv/man5/dpkg.cfg.5.gz", "/usr/share/man/sv/man8/start-stop-daemon.8.gz", "/usr/share/polkit-1/actions/org.dpkg.pkexec.update-alternatives.policy" ], "AnalyzedBy": "dpkg" }, { "ID": "findutils@4.10.0-3", "Name": "findutils", "Identifier": { "PURL": "pkg:deb/debian/findutils@4.10.0-3?arch=amd64\u0026distro=debian-13.5", "UID": "12e741692291b42a" }, "Version": "4.10.0", "Release": "3", "Arch": "amd64", "SrcName": "findutils", "SrcVersion": "4.10.0", "SrcRelease": "3", "Licenses": [ "GFDL-1.3-no-invariants-or-later", "GPL-3.0-or-later", "FSFAP", "GPL-2+ with Autoconf-data exception", "GPL-3+ with Autoconf-data exception", "FSFULLR", "GPL-2.0-or-later", "X11", "public-domain", "LGPL-2.1-or-later", "GPL with automake exception", "LGPL-2.0-or-later", "LGPL-3.0-or-later", "BSD-3-Clause", "GPL-3+ with Bison-2.2 exception", "LGPL-3.0-only", "ISC", "GFDL-1.3-only", "GPL-2.0-only", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only" ], "Maintainer": "Andreas Metzler \u003cametzler@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/find", "/usr/bin/xargs", "/usr/share/doc-base/findutils.findutils", "/usr/share/doc/findutils/NEWS.gz", "/usr/share/doc/findutils/README.gz", "/usr/share/doc/findutils/TODO", "/usr/share/doc/findutils/changelog.Debian.gz", "/usr/share/doc/findutils/changelog.gz", "/usr/share/doc/findutils/copyright", "/usr/share/info/find-maint.info.gz", "/usr/share/info/find.info.gz", "/usr/share/locale/be/LC_MESSAGES/findutils.mo", "/usr/share/locale/bg/LC_MESSAGES/findutils.mo", "/usr/share/locale/ca/LC_MESSAGES/findutils.mo", "/usr/share/locale/cs/LC_MESSAGES/findutils.mo", "/usr/share/locale/da/LC_MESSAGES/findutils.mo", "/usr/share/locale/de/LC_MESSAGES/findutils.mo", "/usr/share/locale/el/LC_MESSAGES/findutils.mo", "/usr/share/locale/eo/LC_MESSAGES/findutils.mo", "/usr/share/locale/es/LC_MESSAGES/findutils.mo", "/usr/share/locale/et/LC_MESSAGES/findutils.mo", "/usr/share/locale/fi/LC_MESSAGES/findutils.mo", "/usr/share/locale/fr/LC_MESSAGES/findutils.mo", "/usr/share/locale/ga/LC_MESSAGES/findutils.mo", "/usr/share/locale/gl/LC_MESSAGES/findutils.mo", "/usr/share/locale/hr/LC_MESSAGES/findutils.mo", "/usr/share/locale/hu/LC_MESSAGES/findutils.mo", "/usr/share/locale/id/LC_MESSAGES/findutils.mo", "/usr/share/locale/it/LC_MESSAGES/findutils.mo", "/usr/share/locale/ja/LC_MESSAGES/findutils.mo", "/usr/share/locale/ka/LC_MESSAGES/findutils.mo", "/usr/share/locale/ko/LC_MESSAGES/findutils.mo", "/usr/share/locale/lg/LC_MESSAGES/findutils.mo", "/usr/share/locale/lt/LC_MESSAGES/findutils.mo", "/usr/share/locale/ms/LC_MESSAGES/findutils.mo", "/usr/share/locale/nb/LC_MESSAGES/findutils.mo", "/usr/share/locale/nl/LC_MESSAGES/findutils.mo", "/usr/share/locale/pl/LC_MESSAGES/findutils.mo", "/usr/share/locale/pt/LC_MESSAGES/findutils.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/findutils.mo", "/usr/share/locale/ro/LC_MESSAGES/findutils.mo", "/usr/share/locale/ru/LC_MESSAGES/findutils.mo", "/usr/share/locale/sk/LC_MESSAGES/findutils.mo", "/usr/share/locale/sl/LC_MESSAGES/findutils.mo", "/usr/share/locale/sr/LC_MESSAGES/findutils.mo", "/usr/share/locale/sv/LC_MESSAGES/findutils.mo", "/usr/share/locale/tr/LC_MESSAGES/findutils.mo", "/usr/share/locale/uk/LC_MESSAGES/findutils.mo", "/usr/share/locale/vi/LC_MESSAGES/findutils.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/findutils.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/findutils.mo", "/usr/share/man/man1/find.1.gz", "/usr/share/man/man1/xargs.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "gcc-14-base@14.2.0-19", "Name": "gcc-14-base", "Identifier": { "PURL": "pkg:deb/debian/gcc-14-base@14.2.0-19?arch=amd64\u0026distro=debian-13.5", "UID": "371c061d08215a1b" }, "Version": "14.2.0", "Release": "19", "Arch": "amd64", "SrcName": "gcc-14", "SrcVersion": "14.2.0", "SrcRelease": "19", "Licenses": [ "GPL-2.0-or-later", "GPL-3.0-only", "GFDL-1.2-only", "Artistic-2.0", "LGPL-2.0-or-later" ], "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/share/doc/gcc-14-base/README.Debian.amd64.gz", "/usr/share/doc/gcc-14-base/TODO.Debian", "/usr/share/doc/gcc-14-base/changelog.Debian.gz", "/usr/share/doc/gcc-14-base/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "grep@3.11-4", "Name": "grep", "Identifier": { "PURL": "pkg:deb/debian/grep@3.11-4?arch=amd64\u0026distro=debian-13.5", "UID": "6ce8b4eed9c0d137" }, "Version": "3.11", "Release": "4", "Arch": "amd64", "SrcName": "grep", "SrcVersion": "3.11", "SrcRelease": "4", "Licenses": [ "GPL-3.0-or-later", "GPL-3.0-only" ], "Maintainer": "Anibal Monsalve Salazar \u003canibal@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/egrep", "/usr/bin/fgrep", "/usr/bin/grep", "/usr/bin/rgrep", "/usr/share/doc/grep/AUTHORS", "/usr/share/doc/grep/NEWS.Debian.gz", "/usr/share/doc/grep/NEWS.gz", "/usr/share/doc/grep/README", "/usr/share/doc/grep/THANKS.gz", "/usr/share/doc/grep/TODO.gz", "/usr/share/doc/grep/changelog.Debian.gz", "/usr/share/doc/grep/changelog.gz", "/usr/share/doc/grep/copyright", "/usr/share/info/grep.info.gz", "/usr/share/locale/af/LC_MESSAGES/grep.mo", "/usr/share/locale/be/LC_MESSAGES/grep.mo", "/usr/share/locale/bg/LC_MESSAGES/grep.mo", "/usr/share/locale/ca/LC_MESSAGES/grep.mo", "/usr/share/locale/cs/LC_MESSAGES/grep.mo", "/usr/share/locale/da/LC_MESSAGES/grep.mo", "/usr/share/locale/de/LC_MESSAGES/grep.mo", "/usr/share/locale/el/LC_MESSAGES/grep.mo", "/usr/share/locale/eo/LC_MESSAGES/grep.mo", "/usr/share/locale/es/LC_MESSAGES/grep.mo", "/usr/share/locale/et/LC_MESSAGES/grep.mo", "/usr/share/locale/eu/LC_MESSAGES/grep.mo", "/usr/share/locale/fi/LC_MESSAGES/grep.mo", "/usr/share/locale/fr/LC_MESSAGES/grep.mo", "/usr/share/locale/ga/LC_MESSAGES/grep.mo", "/usr/share/locale/gl/LC_MESSAGES/grep.mo", "/usr/share/locale/he/LC_MESSAGES/grep.mo", "/usr/share/locale/hr/LC_MESSAGES/grep.mo", "/usr/share/locale/hu/LC_MESSAGES/grep.mo", "/usr/share/locale/id/LC_MESSAGES/grep.mo", "/usr/share/locale/it/LC_MESSAGES/grep.mo", "/usr/share/locale/ja/LC_MESSAGES/grep.mo", "/usr/share/locale/ka/LC_MESSAGES/grep.mo", "/usr/share/locale/ko/LC_MESSAGES/grep.mo", "/usr/share/locale/ky/LC_MESSAGES/grep.mo", "/usr/share/locale/lt/LC_MESSAGES/grep.mo", "/usr/share/locale/nb/LC_MESSAGES/grep.mo", "/usr/share/locale/nl/LC_MESSAGES/grep.mo", "/usr/share/locale/pa/LC_MESSAGES/grep.mo", "/usr/share/locale/pl/LC_MESSAGES/grep.mo", "/usr/share/locale/pt/LC_MESSAGES/grep.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/grep.mo", "/usr/share/locale/ro/LC_MESSAGES/grep.mo", "/usr/share/locale/ru/LC_MESSAGES/grep.mo", "/usr/share/locale/sk/LC_MESSAGES/grep.mo", "/usr/share/locale/sl/LC_MESSAGES/grep.mo", "/usr/share/locale/sr/LC_MESSAGES/grep.mo", "/usr/share/locale/sv/LC_MESSAGES/grep.mo", "/usr/share/locale/ta/LC_MESSAGES/grep.mo", "/usr/share/locale/th/LC_MESSAGES/grep.mo", "/usr/share/locale/tr/LC_MESSAGES/grep.mo", "/usr/share/locale/uk/LC_MESSAGES/grep.mo", "/usr/share/locale/vi/LC_MESSAGES/grep.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/grep.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/grep.mo", "/usr/share/man/man1/grep.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "gzip@1.13-1", "Name": "gzip", "Identifier": { "PURL": "pkg:deb/debian/gzip@1.13-1?arch=amd64\u0026distro=debian-13.5", "UID": "954545ce99bc687e" }, "Version": "1.13", "Release": "1", "Arch": "amd64", "SrcName": "gzip", "SrcVersion": "1.13", "SrcRelease": "1", "Licenses": [ "GPL-3.0-or-later", "GFDL-1.3+-no-invariant", "FSF-manpages", "GPL-3.0-only", "GFDL-3" ], "Maintainer": "Milan Kupcevic \u003cmilan@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/gunzip", "/usr/bin/gzexe", "/usr/bin/gzip", "/usr/bin/zcat", "/usr/bin/zcmp", "/usr/bin/zdiff", "/usr/bin/zegrep", "/usr/bin/zfgrep", "/usr/bin/zforce", "/usr/bin/zgrep", "/usr/bin/zless", "/usr/bin/zmore", "/usr/bin/znew", "/usr/share/doc/gzip/NEWS.gz", "/usr/share/doc/gzip/README.gz", "/usr/share/doc/gzip/TODO", "/usr/share/doc/gzip/changelog.Debian.gz", "/usr/share/doc/gzip/changelog.gz", "/usr/share/doc/gzip/copyright", "/usr/share/info/gzip.info.gz", "/usr/share/man/man1/gzexe.1.gz", "/usr/share/man/man1/gzip.1.gz", "/usr/share/man/man1/zdiff.1.gz", "/usr/share/man/man1/zforce.1.gz", "/usr/share/man/man1/zgrep.1.gz", "/usr/share/man/man1/zless.1.gz", "/usr/share/man/man1/zmore.1.gz", "/usr/share/man/man1/znew.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "hostname@3.25", "Name": "hostname", "Identifier": { "PURL": "pkg:deb/debian/hostname@3.25?arch=amd64\u0026distro=debian-13.5", "UID": "641772722328aedf" }, "Version": "3.25", "Arch": "amd64", "SrcName": "hostname", "SrcVersion": "3.25", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Michael Meskes \u003cmeskes@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/hostname", "/usr/share/doc/hostname/changelog.gz", "/usr/share/doc/hostname/copyright", "/usr/share/man/man1/hostname.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "init-system-helpers@1.69~deb13u1", "Name": "init-system-helpers", "Identifier": { "PURL": "pkg:deb/debian/init-system-helpers@1.69~deb13u1?arch=all\u0026distro=debian-13.5", "UID": "cb52819ec2f1a236" }, "Version": "1.69~deb13u1", "Arch": "all", "SrcName": "init-system-helpers", "SrcVersion": "1.69~deb13u1", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Debian systemd Maintainers \u003cpkg-systemd-maintainers@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/deb-systemd-helper", "/usr/bin/deb-systemd-invoke", "/usr/sbin/invoke-rc.d", "/usr/sbin/service", "/usr/sbin/update-rc.d", "/usr/share/bug/init-system-helpers/control", "/usr/share/doc/init-system-helpers/README.invoke-rc.d.gz", "/usr/share/doc/init-system-helpers/README.policy-rc.d.gz", "/usr/share/doc/init-system-helpers/changelog.gz", "/usr/share/doc/init-system-helpers/copyright", "/usr/share/lintian/overrides/init-system-helpers", "/usr/share/man/man1/deb-systemd-helper.1p.gz", "/usr/share/man/man1/deb-systemd-invoke.1p.gz", "/usr/share/man/man8/invoke-rc.d.8.gz", "/usr/share/man/man8/service.8.gz", "/usr/share/man/man8/update-rc.d.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "libacl1@2.3.2-2+b1", "Name": "libacl1", "Identifier": { "PURL": "pkg:deb/debian/libacl1@2.3.2-2%2Bb1?arch=amd64\u0026distro=debian-13.5", "UID": "f9f7789d147b9636" }, "Version": "2.3.2", "Release": "2+b1", "Arch": "amd64", "SrcName": "acl", "SrcVersion": "2.3.2", "SrcRelease": "2", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "LGPL-2.0-or-later", "LGPL-2.1-only" ], "Maintainer": "Guillem Jover \u003cguillem@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libacl.so.1.1.2302", "/usr/share/doc/libacl1/changelog.Debian.amd64.gz", "/usr/share/doc/libacl1/changelog.Debian.gz", "/usr/share/doc/libacl1/changelog.gz", "/usr/share/doc/libacl1/copyright", "/usr/share/lintian/overrides/libacl1" ], "AnalyzedBy": "dpkg" }, { "ID": "libapt-pkg7.0@3.0.3", "Name": "libapt-pkg7.0", "Identifier": { "PURL": "pkg:deb/debian/libapt-pkg7.0@3.0.3?arch=amd64\u0026distro=debian-13.5", "UID": "5549812c55d79bea" }, "Version": "3.0.3", "Arch": "amd64", "SrcName": "apt", "SrcVersion": "3.0.3", "Licenses": [ "GPL-2.0-or-later", "curl", "BSD-3-Clause", "MIT", "GPL-2.0-only" ], "Maintainer": "APT Development Team \u003cdeity@lists.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libbz2-1.0@1.0.8-6", "libc6@2.41-12+deb13u3", "libgcc-s1@14.2.0-19", "liblz4-1@1.10.0-4", "liblzma5@5.8.1-1", "libssl3t64@3.5.6-1~deb13u1", "libstdc++6@14.2.0-19", "libsystemd0@257.13-1~deb13u1", "libudev1@257.13-1~deb13u1", "libxxhash0@0.8.3-2", "libzstd1@1.5.7+dfsg-1", "zlib1g@1:1.3.dfsg+really1.3.1-1+b1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libapt-pkg.so.7.0.0", "/usr/share/doc/libapt-pkg7.0/NEWS.Debian.gz", "/usr/share/doc/libapt-pkg7.0/changelog.gz", "/usr/share/doc/libapt-pkg7.0/copyright", "/usr/share/locale/ar/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/ast/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/bg/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/bs/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/ca/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/cs/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/cy/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/da/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/de/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/dz/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/el/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/es/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/eu/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/fi/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/fr/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/gl/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/hu/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/it/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/ja/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/km/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/ko/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/ku/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/lt/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/mr/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/nb/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/ne/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/nl/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/nn/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/pl/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/pt/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/ro/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/ru/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/sk/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/sl/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/sv/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/th/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/tl/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/tr/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/uk/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/vi/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/libapt-pkg7.0.mo" ], "AnalyzedBy": "dpkg" }, { "ID": "libattr1@1:2.5.2-3", "Name": "libattr1", "Identifier": { "PURL": "pkg:deb/debian/libattr1@2.5.2-3?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "90d554a582a8683b" }, "Version": "2.5.2", "Release": "3", "Epoch": 1, "Arch": "amd64", "SrcName": "attr", "SrcVersion": "2.5.2", "SrcRelease": "3", "SrcEpoch": 1, "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "LGPL-2.0-or-later", "LGPL-2.1-only" ], "Maintainer": "Guillem Jover \u003cguillem@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libattr.so.1.1.2502", "/usr/share/doc/libattr1/changelog.Debian.gz", "/usr/share/doc/libattr1/changelog.gz", "/usr/share/doc/libattr1/copyright", "/usr/share/lintian/overrides/libattr1" ], "AnalyzedBy": "dpkg" }, { "ID": "libaudit-common@1:4.0.2-2", "Name": "libaudit-common", "Identifier": { "PURL": "pkg:deb/debian/libaudit-common@4.0.2-2?arch=all\u0026distro=debian-13.5\u0026epoch=1", "UID": "d20cd9a11d8e018d" }, "Version": "4.0.2", "Release": "2", "Epoch": 1, "Arch": "all", "SrcName": "audit", "SrcVersion": "4.0.2", "SrcRelease": "2", "SrcEpoch": 1, "Licenses": [ "GPL-2.0-only", "LGPL-2.1-only", "GPL-1.0-only" ], "Maintainer": "Laurent Bigonville \u003cbigon@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/share/doc/libaudit-common/changelog.Debian.gz", "/usr/share/doc/libaudit-common/changelog.gz", "/usr/share/doc/libaudit-common/copyright", "/usr/share/man/man5/libaudit.conf.5.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "libaudit1@1:4.0.2-2+b2", "Name": "libaudit1", "Identifier": { "PURL": "pkg:deb/debian/libaudit1@4.0.2-2%2Bb2?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "c47a55b8e27ace3c" }, "Version": "4.0.2", "Release": "2+b2", "Epoch": 1, "Arch": "amd64", "SrcName": "audit", "SrcVersion": "4.0.2", "SrcRelease": "2", "SrcEpoch": 1, "Licenses": [ "GPL-2.0-only", "LGPL-2.1-only", "GPL-1.0-only" ], "Maintainer": "Laurent Bigonville \u003cbigon@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libaudit-common@1:4.0.2-2", "libc6@2.41-12+deb13u3", "libcap-ng0@0.8.5-4+b1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libaudit.so.1.0.0", "/usr/share/doc/libaudit1/changelog.Debian.amd64.gz", "/usr/share/doc/libaudit1/changelog.Debian.gz", "/usr/share/doc/libaudit1/changelog.gz", "/usr/share/doc/libaudit1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libblkid1@2.41-5", "Name": "libblkid1", "Identifier": { "PURL": "pkg:deb/debian/libblkid1@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "51bf0af8d40f4a01" }, "Version": "2.41", "Release": "5", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libblkid.so.1.1.0", "/usr/share/doc/libblkid1/NEWS.Debian.gz", "/usr/share/doc/libblkid1/changelog.Debian.gz", "/usr/share/doc/libblkid1/changelog.gz", "/usr/share/doc/libblkid1/copyright", "/usr/share/lintian/overrides/libblkid1" ], "AnalyzedBy": "dpkg" }, { "ID": "libbsd0@0.12.2-2", "Name": "libbsd0", "Identifier": { "PURL": "pkg:deb/debian/libbsd0@0.12.2-2?arch=amd64\u0026distro=debian-13.5", "UID": "a8f4afa42f768363" }, "Version": "0.12.2", "Release": "2", "Arch": "amd64", "SrcName": "libbsd", "SrcVersion": "0.12.2", "SrcRelease": "2", "Licenses": [ "BSD-3-Clause", "BSD-3-clause-Regents", "BSD-2-Clause-NetBSD", "BSD-3-clause-author", "BSD-3-clause-John-Birrell", "BSD-5-clause-Peter-Wemm", "BSD-2-Clause", "BSD-2-clause-verbatim", "BSD-2-clause-author", "ISC", "ISC-Original", "MIT", "public-domain", "Beerware" ], "Maintainer": "Guillem Jover \u003cguillem@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libmd0@1.1.0-2+b1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libbsd.so.0.12.2", "/usr/share/doc/libbsd0/changelog.Debian.gz", "/usr/share/doc/libbsd0/changelog.gz", "/usr/share/doc/libbsd0/copyright", "/usr/share/lintian/overrides/libbsd0" ], "AnalyzedBy": "dpkg" }, { "ID": "libbz2-1.0@1.0.8-6", "Name": "libbz2-1.0", "Identifier": { "PURL": "pkg:deb/debian/libbz2-1.0@1.0.8-6?arch=amd64\u0026distro=debian-13.5", "UID": "2da429aca83dde92" }, "Version": "1.0.8", "Release": "6", "Arch": "amd64", "SrcName": "bzip2", "SrcVersion": "1.0.8", "SrcRelease": "6", "Licenses": [ "BSD-3-Clause", "GPL-2.0-only" ], "Maintainer": "Anibal Monsalve Salazar \u003canibal@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libbz2.so.1.0.4", "/usr/share/doc/libbz2-1.0/changelog.Debian.gz", "/usr/share/doc/libbz2-1.0/changelog.gz", "/usr/share/doc/libbz2-1.0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libc-bin@2.41-12+deb13u3", "Name": "libc-bin", "Identifier": { "PURL": "pkg:deb/debian/libc-bin@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", "UID": "c45af597301c8c0b" }, "Version": "2.41", "Release": "12+deb13u3", "Arch": "amd64", "SrcName": "glibc", "SrcVersion": "2.41", "SrcRelease": "12+deb13u3", "Licenses": [ "LGPL-2.1-or-later", "LGPL-2.0-or-later", "LGPL-2.1+-with-link-exception", "LGPL-3.0-or-later", "GPL-2.0-or-later", "GPL-2+-with-link-exception", "GPL-2.0-only", "GPL-3.0-or-later", "FSFAP", "Carnegie", "Inner-Net", "MIT-like-Lord", "BSD-like-Spencer", "PCRE", "BSD-3-clause-Carnegie", "Unicode-DFS-2016", "BSL-1.0", "SunPro", "CORE-MATH", "BSD-3-clause-Berkeley", "BSD-3-clause-WIDE", "BSD-2-Clause", "BSD-3-clause-Oracle", "DEC", "IBM", "ISC", "Univ-Coimbra", "public-domain", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "GNU Libc Maintainers \u003cdebian-glibc@lists.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/getconf", "/usr/bin/getent", "/usr/bin/iconv", "/usr/bin/ldd", "/usr/bin/locale", "/usr/bin/localedef", "/usr/bin/pldd", "/usr/bin/tzselect", "/usr/bin/zdump", "/usr/lib/locale/C.utf8/LC_ADDRESS", "/usr/lib/locale/C.utf8/LC_COLLATE", "/usr/lib/locale/C.utf8/LC_CTYPE", "/usr/lib/locale/C.utf8/LC_IDENTIFICATION", "/usr/lib/locale/C.utf8/LC_MEASUREMENT", "/usr/lib/locale/C.utf8/LC_MESSAGES/SYS_LC_MESSAGES", "/usr/lib/locale/C.utf8/LC_MONETARY", "/usr/lib/locale/C.utf8/LC_NAME", "/usr/lib/locale/C.utf8/LC_NUMERIC", "/usr/lib/locale/C.utf8/LC_PAPER", "/usr/lib/locale/C.utf8/LC_TELEPHONE", "/usr/lib/locale/C.utf8/LC_TIME", "/usr/sbin/iconvconfig", "/usr/sbin/ldconfig", "/usr/sbin/zic", "/usr/share/doc/libc-bin/changelog.Debian.gz", "/usr/share/doc/libc-bin/changelog.gz", "/usr/share/doc/libc-bin/copyright", "/usr/share/libc-bin/nsswitch.conf", "/usr/share/lintian/overrides/libc-bin", "/usr/share/man/man1/getconf.1.gz", "/usr/share/man/man1/tzselect.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "libc6@2.41-12+deb13u3", "Name": "libc6", "Identifier": { "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", "UID": "2a1acf211abcdd46" }, "Version": "2.41", "Release": "12+deb13u3", "Arch": "amd64", "SrcName": "glibc", "SrcVersion": "2.41", "SrcRelease": "12+deb13u3", "Licenses": [ "LGPL-2.1-or-later", "LGPL-2.0-or-later", "LGPL-2.1+-with-link-exception", "LGPL-3.0-or-later", "GPL-2.0-or-later", "GPL-2+-with-link-exception", "GPL-2.0-only", "GPL-3.0-or-later", "FSFAP", "Carnegie", "Inner-Net", "MIT-like-Lord", "BSD-like-Spencer", "PCRE", "BSD-3-clause-Carnegie", "Unicode-DFS-2016", "BSL-1.0", "SunPro", "CORE-MATH", "BSD-3-clause-Berkeley", "BSD-3-clause-WIDE", "BSD-2-Clause", "BSD-3-clause-Oracle", "DEC", "IBM", "ISC", "Univ-Coimbra", "public-domain", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "GNU Libc Maintainers \u003cdebian-glibc@lists.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libgcc-s1@14.2.0-19" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/gconv/ANSI_X3.110.so", "/usr/lib/x86_64-linux-gnu/gconv/ARMSCII-8.so", "/usr/lib/x86_64-linux-gnu/gconv/ASMO_449.so", "/usr/lib/x86_64-linux-gnu/gconv/BIG5.so", "/usr/lib/x86_64-linux-gnu/gconv/BIG5HKSCS.so", "/usr/lib/x86_64-linux-gnu/gconv/BRF.so", "/usr/lib/x86_64-linux-gnu/gconv/CP10007.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1125.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1250.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1251.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1252.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1253.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1254.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1255.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1256.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1257.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1258.so", "/usr/lib/x86_64-linux-gnu/gconv/CP737.so", "/usr/lib/x86_64-linux-gnu/gconv/CP770.so", "/usr/lib/x86_64-linux-gnu/gconv/CP771.so", "/usr/lib/x86_64-linux-gnu/gconv/CP772.so", "/usr/lib/x86_64-linux-gnu/gconv/CP773.so", "/usr/lib/x86_64-linux-gnu/gconv/CP774.so", "/usr/lib/x86_64-linux-gnu/gconv/CP775.so", "/usr/lib/x86_64-linux-gnu/gconv/CP932.so", "/usr/lib/x86_64-linux-gnu/gconv/CSN_369103.so", "/usr/lib/x86_64-linux-gnu/gconv/CWI.so", "/usr/lib/x86_64-linux-gnu/gconv/DEC-MCS.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-AT-DE-A.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-AT-DE.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-CA-FR.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-DK-NO-A.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-DK-NO.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES-A.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES-S.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FI-SE-A.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FI-SE.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FR.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-IS-FRISS.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-IT.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-PT.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-UK.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-US.so", "/usr/lib/x86_64-linux-gnu/gconv/ECMA-CYRILLIC.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-CN.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-JISX0213.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-JP-MS.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-JP.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-KR.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-TW.so", "/usr/lib/x86_64-linux-gnu/gconv/GB18030.so", "/usr/lib/x86_64-linux-gnu/gconv/GBBIG5.so", "/usr/lib/x86_64-linux-gnu/gconv/GBGBK.so", "/usr/lib/x86_64-linux-gnu/gconv/GBK.so", "/usr/lib/x86_64-linux-gnu/gconv/GEORGIAN-ACADEMY.so", "/usr/lib/x86_64-linux-gnu/gconv/GEORGIAN-PS.so", "/usr/lib/x86_64-linux-gnu/gconv/GOST_19768-74.so", "/usr/lib/x86_64-linux-gnu/gconv/GREEK-CCITT.so", "/usr/lib/x86_64-linux-gnu/gconv/GREEK7-OLD.so", "/usr/lib/x86_64-linux-gnu/gconv/GREEK7.so", "/usr/lib/x86_64-linux-gnu/gconv/HP-GREEK8.so", "/usr/lib/x86_64-linux-gnu/gconv/HP-ROMAN8.so", "/usr/lib/x86_64-linux-gnu/gconv/HP-ROMAN9.so", "/usr/lib/x86_64-linux-gnu/gconv/HP-THAI8.so", "/usr/lib/x86_64-linux-gnu/gconv/HP-TURKISH8.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM037.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM038.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1004.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1008.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1008_420.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1025.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1026.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1046.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1047.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1097.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1112.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1122.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1123.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1124.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1129.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1130.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1132.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1133.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1137.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1140.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1141.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1142.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1143.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1144.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1145.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1146.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1147.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1148.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1149.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1153.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1154.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1155.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1156.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1157.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1158.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1160.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1161.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1162.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1163.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1164.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1166.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1167.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM12712.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1364.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1371.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1388.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1390.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1399.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM16804.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM256.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM273.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM274.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM275.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM277.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM278.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM280.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM281.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM284.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM285.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM290.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM297.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM420.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM423.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM424.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM437.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM4517.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM4899.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM4909.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM4971.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM500.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM5347.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM803.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM850.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM851.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM852.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM855.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM856.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM857.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM858.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM860.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM861.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM862.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM863.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM864.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM865.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM866.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM866NAV.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM868.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM869.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM870.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM871.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM874.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM875.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM880.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM891.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM901.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM902.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM903.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM9030.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM904.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM905.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM9066.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM918.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM921.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM922.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM930.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM932.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM933.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM935.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM937.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM939.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM943.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM9448.so", "/usr/lib/x86_64-linux-gnu/gconv/IEC_P27-1.so", "/usr/lib/x86_64-linux-gnu/gconv/INIS-8.so", "/usr/lib/x86_64-linux-gnu/gconv/INIS-CYRILLIC.so", "/usr/lib/x86_64-linux-gnu/gconv/INIS.so", "/usr/lib/x86_64-linux-gnu/gconv/ISIRI-3342.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-CN-EXT.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-CN.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-JP-3.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-JP.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-KR.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-IR-197.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-IR-209.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO646.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-1.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-10.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-11.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-13.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-14.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-15.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-16.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-2.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-3.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-4.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-5.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-6.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-7.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-8.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-9.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-9E.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_10367-BOX.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_11548-1.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_2033.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_5427-EXT.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_5427.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_5428.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_6937-2.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_6937.so", "/usr/lib/x86_64-linux-gnu/gconv/JOHAB.so", "/usr/lib/x86_64-linux-gnu/gconv/KOI-8.so", "/usr/lib/x86_64-linux-gnu/gconv/KOI8-R.so", "/usr/lib/x86_64-linux-gnu/gconv/KOI8-RU.so", "/usr/lib/x86_64-linux-gnu/gconv/KOI8-T.so", "/usr/lib/x86_64-linux-gnu/gconv/KOI8-U.so", "/usr/lib/x86_64-linux-gnu/gconv/LATIN-GREEK-1.so", "/usr/lib/x86_64-linux-gnu/gconv/LATIN-GREEK.so", "/usr/lib/x86_64-linux-gnu/gconv/MAC-CENTRALEUROPE.so", "/usr/lib/x86_64-linux-gnu/gconv/MAC-IS.so", "/usr/lib/x86_64-linux-gnu/gconv/MAC-SAMI.so", "/usr/lib/x86_64-linux-gnu/gconv/MAC-UK.so", "/usr/lib/x86_64-linux-gnu/gconv/MACINTOSH.so", "/usr/lib/x86_64-linux-gnu/gconv/MIK.so", "/usr/lib/x86_64-linux-gnu/gconv/NATS-DANO.so", "/usr/lib/x86_64-linux-gnu/gconv/NATS-SEFI.so", "/usr/lib/x86_64-linux-gnu/gconv/PT154.so", "/usr/lib/x86_64-linux-gnu/gconv/RK1048.so", "/usr/lib/x86_64-linux-gnu/gconv/SAMI-WS2.so", "/usr/lib/x86_64-linux-gnu/gconv/SHIFT_JISX0213.so", "/usr/lib/x86_64-linux-gnu/gconv/SJIS.so", "/usr/lib/x86_64-linux-gnu/gconv/T.61.so", "/usr/lib/x86_64-linux-gnu/gconv/TCVN5712-1.so", "/usr/lib/x86_64-linux-gnu/gconv/TIS-620.so", "/usr/lib/x86_64-linux-gnu/gconv/TSCII.so", "/usr/lib/x86_64-linux-gnu/gconv/UHC.so", "/usr/lib/x86_64-linux-gnu/gconv/UNICODE.so", "/usr/lib/x86_64-linux-gnu/gconv/UTF-16.so", "/usr/lib/x86_64-linux-gnu/gconv/UTF-32.so", "/usr/lib/x86_64-linux-gnu/gconv/UTF-7.so", "/usr/lib/x86_64-linux-gnu/gconv/VISCII.so", "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules", "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache", "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.d/gconv-modules-extra.conf", "/usr/lib/x86_64-linux-gnu/gconv/libCNS.so", "/usr/lib/x86_64-linux-gnu/gconv/libGB.so", "/usr/lib/x86_64-linux-gnu/gconv/libISOIR165.so", "/usr/lib/x86_64-linux-gnu/gconv/libJIS.so", "/usr/lib/x86_64-linux-gnu/gconv/libJISX0213.so", "/usr/lib/x86_64-linux-gnu/gconv/libKSC.so", "/usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2", "/usr/lib/x86_64-linux-gnu/libBrokenLocale.so.1", "/usr/lib/x86_64-linux-gnu/libanl.so.1", "/usr/lib/x86_64-linux-gnu/libc.so.6", "/usr/lib/x86_64-linux-gnu/libc_malloc_debug.so.0", "/usr/lib/x86_64-linux-gnu/libdl.so.2", "/usr/lib/x86_64-linux-gnu/libm.so.6", "/usr/lib/x86_64-linux-gnu/libmemusage.so", "/usr/lib/x86_64-linux-gnu/libmvec.so.1", "/usr/lib/x86_64-linux-gnu/libnsl.so.1", "/usr/lib/x86_64-linux-gnu/libnss_compat.so.2", "/usr/lib/x86_64-linux-gnu/libnss_dns.so.2", "/usr/lib/x86_64-linux-gnu/libnss_files.so.2", "/usr/lib/x86_64-linux-gnu/libnss_hesiod.so.2", "/usr/lib/x86_64-linux-gnu/libpcprofile.so", "/usr/lib/x86_64-linux-gnu/libpthread.so.0", "/usr/lib/x86_64-linux-gnu/libresolv.so.2", "/usr/lib/x86_64-linux-gnu/librt.so.1", "/usr/lib/x86_64-linux-gnu/libthread_db.so.1", "/usr/lib/x86_64-linux-gnu/libutil.so.1", "/usr/share/doc/libc6/NEWS.Debian.gz", "/usr/share/doc/libc6/NEWS.gz", "/usr/share/doc/libc6/README.Debian.gz", "/usr/share/doc/libc6/README.hesiod.gz", "/usr/share/doc/libc6/changelog.Debian.gz", "/usr/share/doc/libc6/changelog.gz", "/usr/share/doc/libc6/copyright", "/usr/share/lintian/overrides/libc6" ], "AnalyzedBy": "dpkg" }, { "ID": "libcap-ng0@0.8.5-4+b1", "Name": "libcap-ng0", "Identifier": { "PURL": "pkg:deb/debian/libcap-ng0@0.8.5-4%2Bb1?arch=amd64\u0026distro=debian-13.5", "UID": "9b7c2d5667513e48" }, "Version": "0.8.5", "Release": "4+b1", "Arch": "amd64", "SrcName": "libcap-ng", "SrcVersion": "0.8.5", "SrcRelease": "4", "Licenses": [ "LGPL-2.1-or-later", "GPL-2.0-or-later", "GPL-3.0-only", "LGPL-2.1-only", "GPL-2.0-only" ], "Maintainer": "Håvard F. Aasen \u003chavard.f.aasen@pfft.no\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libcap-ng.so.0.0.0", "/usr/lib/x86_64-linux-gnu/libdrop_ambient.so.0.0.0", "/usr/share/doc/libcap-ng0/changelog.Debian.amd64.gz", "/usr/share/doc/libcap-ng0/changelog.Debian.gz", "/usr/share/doc/libcap-ng0/changelog.gz", "/usr/share/doc/libcap-ng0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libcap2@1:2.75-10+deb13u1+b1", "Name": "libcap2", "Identifier": { "PURL": "pkg:deb/debian/libcap2@2.75-10%2Bdeb13u1%2Bb1?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "7cefa0399e4d88d4" }, "Version": "2.75", "Release": "10+deb13u1+b1", "Epoch": 1, "Arch": "amd64", "SrcName": "libcap2", "SrcVersion": "2.75", "SrcRelease": "10+deb13u1", "SrcEpoch": 1, "Licenses": [ "BSD-3-Clause", "GPL-2.0-only", "GPL-2.0-or-later" ], "Maintainer": "Christian Kastner \u003cckk@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libcap.so.2.75", "/usr/lib/x86_64-linux-gnu/libpsx.so.2.75", "/usr/share/doc/libcap2/changelog.Debian.amd64.gz", "/usr/share/doc/libcap2/changelog.Debian.gz", "/usr/share/doc/libcap2/changelog.gz", "/usr/share/doc/libcap2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libcrypt1@1:4.4.38-1", "Name": "libcrypt1", "Identifier": { "PURL": "pkg:deb/debian/libcrypt1@4.4.38-1?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "afe984ba824f92ac" }, "Version": "4.4.38", "Release": "1", "Epoch": 1, "Arch": "amd64", "SrcName": "libxcrypt", "SrcVersion": "4.4.38", "SrcRelease": "1", "SrcEpoch": 1, "Maintainer": "Marco d'Itri \u003cmd@linux.it\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libcrypt.so.1.1.0", "/usr/share/doc/libcrypt1/changelog.Debian.gz", "/usr/share/doc/libcrypt1/changelog.gz", "/usr/share/doc/libcrypt1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libdb5.3t64@5.3.28+dfsg2-9", "Name": "libdb5.3t64", "Identifier": { "PURL": "pkg:deb/debian/libdb5.3t64@5.3.28%2Bdfsg2-9?arch=amd64\u0026distro=debian-13.5", "UID": "2f5f1c2fd77295dc" }, "Version": "5.3.28+dfsg2", "Release": "9", "Arch": "amd64", "SrcName": "db5.3", "SrcVersion": "5.3.28+dfsg2", "SrcRelease": "9", "Licenses": [ "Sleepycat", "BSD-3-Clause", "MS-PL", "GPL-2.0-or-later", "Artistic-2.0", "X11", "MIT-old", "TCL-like", "BSD-3-clause-fjord", "GPL-3.0-only", "Zlib" ], "Maintainer": "Debian QA Group \u003cpackages@qa.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libdb-5.3.so", "/usr/share/doc/libdb5.3t64/build_signature_amd64.txt", "/usr/share/doc/libdb5.3t64/changelog.Debian.gz", "/usr/share/doc/libdb5.3t64/copyright", "/usr/share/lintian/overrides/libdb5.3t64" ], "AnalyzedBy": "dpkg" }, { "ID": "libdebconfclient0@0.280", "Name": "libdebconfclient0", "Identifier": { "PURL": "pkg:deb/debian/libdebconfclient0@0.280?arch=amd64\u0026distro=debian-13.5", "UID": "fcad452fa456130" }, "Version": "0.280", "Arch": "amd64", "SrcName": "cdebconf", "SrcVersion": "0.280", "Licenses": [ "BSD-2-Clause", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Debian Install System Team \u003cdebian-boot@lists.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libdebconfclient.so.0.0.0", "/usr/share/doc/libdebconfclient0/changelog.gz", "/usr/share/doc/libdebconfclient0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libffi8@3.4.8-2", "Name": "libffi8", "Identifier": { "PURL": "pkg:deb/debian/libffi8@3.4.8-2?arch=amd64\u0026distro=debian-13.5", "UID": "e57a61a9119138e1" }, "Version": "3.4.8", "Release": "2", "Arch": "amd64", "SrcName": "libffi", "SrcVersion": "3.4.8", "SrcRelease": "2", "Licenses": [ "MIT", "X11", "GPL-2.0-or-later", "GPL-3.0-or-later", "MPL-1.1", "LGPL-2.1-or-later", "public-domain" ], "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libffi.so.8.1.4", "/usr/share/doc/libffi8/changelog.Debian.gz", "/usr/share/doc/libffi8/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libgcc-s1@14.2.0-19", "Name": "libgcc-s1", "Identifier": { "PURL": "pkg:deb/debian/libgcc-s1@14.2.0-19?arch=amd64\u0026distro=debian-13.5", "UID": "6ebf985ba3bd76f3" }, "Version": "14.2.0", "Release": "19", "Arch": "amd64", "SrcName": "gcc-14", "SrcVersion": "14.2.0", "SrcRelease": "19", "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "gcc-14-base@14.2.0-19", "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libgcc_s.so.1", "/usr/share/lintian/overrides/libgcc-s1" ], "AnalyzedBy": "dpkg" }, { "ID": "libgdbm6t64@1.24-2", "Name": "libgdbm6t64", "Identifier": { "PURL": "pkg:deb/debian/libgdbm6t64@1.24-2?arch=amd64\u0026distro=debian-13.5", "UID": "a978781f1be6197e" }, "Version": "1.24", "Release": "2", "Arch": "amd64", "SrcName": "gdbm", "SrcVersion": "1.24", "SrcRelease": "2", "Licenses": [ "GPL-3.0-or-later", "GPL-2.0-or-later", "GFDL-1.3-no-invariants-or-later", "GPL-3.0-only", "GPL-2.0-only" ], "Maintainer": "Nicolas Mora \u003cbabelouest@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libgdbm.so.6.0.0", "/usr/share/doc/libgdbm6t64/changelog.Debian.gz", "/usr/share/doc/libgdbm6t64/changelog.gz", "/usr/share/doc/libgdbm6t64/copyright", "/usr/share/lintian/overrides/libgdbm6t64" ], "AnalyzedBy": "dpkg" }, { "ID": "libgmp10@2:6.3.0+dfsg-3", "Name": "libgmp10", "Identifier": { "PURL": "pkg:deb/debian/libgmp10@6.3.0%2Bdfsg-3?arch=amd64\u0026distro=debian-13.5\u0026epoch=2", "UID": "fec85c1b440262e2" }, "Version": "6.3.0+dfsg", "Release": "3", "Epoch": 2, "Arch": "amd64", "SrcName": "gmp", "SrcVersion": "6.3.0+dfsg", "SrcRelease": "3", "SrcEpoch": 2, "Licenses": [ "GPL-2.0-or-later", "LGPL-3.0-or-later", "GPL-3.0-or-later", "GPL-3+ with Bison exception", "GPL-2.0-only", "GPL-3.0-only", "LGPL-3.0-only" ], "Maintainer": "Debian Science Maintainers \u003cdebian-science-maintainers@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libgmp.so.10.5.0", "/usr/share/doc/libgmp10/README.Debian", "/usr/share/doc/libgmp10/changelog.Debian.gz", "/usr/share/doc/libgmp10/changelog.gz", "/usr/share/doc/libgmp10/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libhogweed6t64@3.10.1-1", "Name": "libhogweed6t64", "Identifier": { "PURL": "pkg:deb/debian/libhogweed6t64@3.10.1-1?arch=amd64\u0026distro=debian-13.5", "UID": "8a048285d77ff6c0" }, "Version": "3.10.1", "Release": "1", "Arch": "amd64", "SrcName": "nettle", "SrcVersion": "3.10.1", "SrcRelease": "1", "Licenses": [ "LGPL-3.0-or-later", "GPL-2.0-or-later", "LGPL-2.0-or-later", "LGPL-2.0-only", "MIT", "GPL-3.0-with-autoconf-exception+", "public-domain", "GPL-2.0-only", "GAP" ], "Maintainer": "Magnus Holmgren \u003cholmgren@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libgmp10@2:6.3.0+dfsg-3", "libnettle8t64@3.10.1-1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libhogweed.so.6.10", "/usr/share/doc/libhogweed6t64/changelog.Debian.gz", "/usr/share/doc/libhogweed6t64/changelog.gz", "/usr/share/doc/libhogweed6t64/copyright", "/usr/share/lintian/overrides/libhogweed6t64" ], "AnalyzedBy": "dpkg" }, { "ID": "liblastlog2-2@2.41-5", "Name": "liblastlog2-2", "Identifier": { "PURL": "pkg:deb/debian/liblastlog2-2@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "eb4f5430aea34a10" }, "Version": "2.41", "Release": "5", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libsqlite3-0@3.46.1-7+deb13u1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/liblastlog2.so.2.0.0", "/usr/share/doc/liblastlog2-2/NEWS.Debian.gz", "/usr/share/doc/liblastlog2-2/changelog.Debian.gz", "/usr/share/doc/liblastlog2-2/changelog.gz", "/usr/share/doc/liblastlog2-2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "liblz4-1@1.10.0-4", "Name": "liblz4-1", "Identifier": { "PURL": "pkg:deb/debian/liblz4-1@1.10.0-4?arch=amd64\u0026distro=debian-13.5", "UID": "c31b43410c927de" }, "Version": "1.10.0", "Release": "4", "Arch": "amd64", "SrcName": "lz4", "SrcVersion": "1.10.0", "SrcRelease": "4", "Licenses": [ "GPL-2.0-or-later", "BSD-2-Clause", "GPL-2.0-only" ], "Maintainer": "Nobuhiro Iwamatsu \u003ciwamatsu@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libxxhash0@0.8.3-2" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/liblz4.so.1.10.0", "/usr/share/doc/liblz4-1/changelog.Debian.gz", "/usr/share/doc/liblz4-1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "liblzma5@5.8.1-1", "Name": "liblzma5", "Identifier": { "PURL": "pkg:deb/debian/liblzma5@5.8.1-1?arch=amd64\u0026distro=debian-13.5", "UID": "d7b58e04f1a265ed" }, "Version": "5.8.1", "Release": "1", "Arch": "amd64", "SrcName": "xz-utils", "SrcVersion": "5.8.1", "SrcRelease": "1", "Licenses": [ "0BSD", "GPL-2.0-or-later", "LGPL-2.1-or-later", "FSFULLR", "GPL-3.0-or-later-WITH-Autoconf-exception-macro", "none", "PD", "permissive-nowarranty", "FSFUL", "noderivs", "PD-debian", "LGPL-2.1-only", "GPL-2.0-only", "GPL-3.0-only" ], "Maintainer": "Sebastian Andrzej Siewior \u003csebastian@breakpoint.cc\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/liblzma.so.5.8.1", "/usr/share/doc/liblzma5/AUTHORS", "/usr/share/doc/liblzma5/NEWS.gz", "/usr/share/doc/liblzma5/THANKS.gz", "/usr/share/doc/liblzma5/changelog.Debian.gz", "/usr/share/doc/liblzma5/changelog.gz", "/usr/share/doc/liblzma5/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libmd0@1.1.0-2+b1", "Name": "libmd0", "Identifier": { "PURL": "pkg:deb/debian/libmd0@1.1.0-2%2Bb1?arch=amd64\u0026distro=debian-13.5", "UID": "f3971c5b48c68b3c" }, "Version": "1.1.0", "Release": "2+b1", "Arch": "amd64", "SrcName": "libmd", "SrcVersion": "1.1.0", "SrcRelease": "2", "Licenses": [ "BSD-3-Clause", "BSD-3-clause-Aaron-D-Gifford", "BSD-2-Clause", "BSD-2-Clause-NetBSD", "ISC", "Beerware", "public-domain-md4", "public-domain-md5", "public-domain-sha1" ], "Maintainer": "Guillem Jover \u003cguillem@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libmd.so.0.1.0", "/usr/share/doc/libmd0/changelog.Debian.amd64.gz", "/usr/share/doc/libmd0/changelog.Debian.gz", "/usr/share/doc/libmd0/changelog.gz", "/usr/share/doc/libmd0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libmount1@2.41-5", "Name": "libmount1", "Identifier": { "PURL": "pkg:deb/debian/libmount1@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "84ccd0371833b76" }, "Version": "2.41", "Release": "5", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libblkid1@2.41-5", "libc6@2.41-12+deb13u3", "libselinux1@3.8.1-1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libmount.so.1.1.0", "/usr/share/doc/libmount1/NEWS.Debian.gz", "/usr/share/doc/libmount1/changelog.Debian.gz", "/usr/share/doc/libmount1/changelog.gz", "/usr/share/doc/libmount1/copyright", "/usr/share/lintian/overrides/libmount1" ], "AnalyzedBy": "dpkg" }, { "ID": "libncursesw6@6.5+20250216-2", "Name": "libncursesw6", "Identifier": { "PURL": "pkg:deb/debian/libncursesw6@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.5", "UID": "5efa2a2068c240d8" }, "Version": "6.5+20250216", "Release": "2", "Arch": "amd64", "SrcName": "ncurses", "SrcVersion": "6.5+20250216", "SrcRelease": "2", "Maintainer": "Ncurses Maintainers \u003cncurses@packages.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libtinfo6@6.5+20250216-2" ], "Layer": { "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libformw.so.6.5", "/usr/lib/x86_64-linux-gnu/libmenuw.so.6.5", "/usr/lib/x86_64-linux-gnu/libncursesw.so.6.5", "/usr/lib/x86_64-linux-gnu/libpanelw.so.6.5" ], "AnalyzedBy": "dpkg" }, { "ID": "libnettle8t64@3.10.1-1", "Name": "libnettle8t64", "Identifier": { "PURL": "pkg:deb/debian/libnettle8t64@3.10.1-1?arch=amd64\u0026distro=debian-13.5", "UID": "fd78e15d23b25c1f" }, "Version": "3.10.1", "Release": "1", "Arch": "amd64", "SrcName": "nettle", "SrcVersion": "3.10.1", "SrcRelease": "1", "Licenses": [ "LGPL-3.0-or-later", "GPL-2.0-or-later", "LGPL-2.0-or-later", "LGPL-2.0-only", "MIT", "GPL-3.0-with-autoconf-exception+", "public-domain", "GPL-2.0-only", "GAP" ], "Maintainer": "Magnus Holmgren \u003cholmgren@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libnettle.so.8.10", "/usr/share/doc/libnettle8t64/NEWS.gz", "/usr/share/doc/libnettle8t64/README", "/usr/share/doc/libnettle8t64/changelog.Debian.gz", "/usr/share/doc/libnettle8t64/changelog.gz", "/usr/share/doc/libnettle8t64/copyright", "/usr/share/lintian/overrides/libnettle8t64" ], "AnalyzedBy": "dpkg" }, { "ID": "libpam-modules@1.7.0-5", "Name": "libpam-modules", "Identifier": { "PURL": "pkg:deb/debian/libpam-modules@1.7.0-5?arch=amd64\u0026distro=debian-13.5", "UID": "274a704398461ef0" }, "Version": "1.7.0", "Release": "5", "Arch": "amd64", "SrcName": "pam", "SrcVersion": "1.7.0", "SrcRelease": "5", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later", "GPL-1.0-only", "GPL-2.0-only", "GPL-3.0-only", "GPL-3+ with Bison exception", "BSD-tcp_wrappers", "LGPL-2.0-or-later", "LGPL-2.0-only", "public-domain", "Beerware" ], "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/security/pam_access.so", "/usr/lib/x86_64-linux-gnu/security/pam_canonicalize_user.so", "/usr/lib/x86_64-linux-gnu/security/pam_debug.so", "/usr/lib/x86_64-linux-gnu/security/pam_deny.so", "/usr/lib/x86_64-linux-gnu/security/pam_echo.so", "/usr/lib/x86_64-linux-gnu/security/pam_env.so", "/usr/lib/x86_64-linux-gnu/security/pam_exec.so", "/usr/lib/x86_64-linux-gnu/security/pam_faildelay.so", "/usr/lib/x86_64-linux-gnu/security/pam_faillock.so", "/usr/lib/x86_64-linux-gnu/security/pam_filter.so", "/usr/lib/x86_64-linux-gnu/security/pam_ftp.so", "/usr/lib/x86_64-linux-gnu/security/pam_group.so", "/usr/lib/x86_64-linux-gnu/security/pam_issue.so", "/usr/lib/x86_64-linux-gnu/security/pam_keyinit.so", "/usr/lib/x86_64-linux-gnu/security/pam_limits.so", "/usr/lib/x86_64-linux-gnu/security/pam_listfile.so", "/usr/lib/x86_64-linux-gnu/security/pam_localuser.so", "/usr/lib/x86_64-linux-gnu/security/pam_loginuid.so", "/usr/lib/x86_64-linux-gnu/security/pam_mail.so", "/usr/lib/x86_64-linux-gnu/security/pam_mkhomedir.so", "/usr/lib/x86_64-linux-gnu/security/pam_motd.so", "/usr/lib/x86_64-linux-gnu/security/pam_namespace.so", "/usr/lib/x86_64-linux-gnu/security/pam_nologin.so", "/usr/lib/x86_64-linux-gnu/security/pam_permit.so", "/usr/lib/x86_64-linux-gnu/security/pam_pwhistory.so", "/usr/lib/x86_64-linux-gnu/security/pam_rhosts.so", "/usr/lib/x86_64-linux-gnu/security/pam_rootok.so", "/usr/lib/x86_64-linux-gnu/security/pam_securetty.so", "/usr/lib/x86_64-linux-gnu/security/pam_selinux.so", "/usr/lib/x86_64-linux-gnu/security/pam_sepermit.so", "/usr/lib/x86_64-linux-gnu/security/pam_setquota.so", "/usr/lib/x86_64-linux-gnu/security/pam_shells.so", "/usr/lib/x86_64-linux-gnu/security/pam_stress.so", "/usr/lib/x86_64-linux-gnu/security/pam_succeed_if.so", "/usr/lib/x86_64-linux-gnu/security/pam_time.so", "/usr/lib/x86_64-linux-gnu/security/pam_timestamp.so", "/usr/lib/x86_64-linux-gnu/security/pam_tty_audit.so", "/usr/lib/x86_64-linux-gnu/security/pam_umask.so", "/usr/lib/x86_64-linux-gnu/security/pam_unix.so", "/usr/lib/x86_64-linux-gnu/security/pam_userdb.so", "/usr/lib/x86_64-linux-gnu/security/pam_usertype.so", "/usr/lib/x86_64-linux-gnu/security/pam_warn.so", "/usr/lib/x86_64-linux-gnu/security/pam_wheel.so", "/usr/lib/x86_64-linux-gnu/security/pam_xauth.so", "/usr/share/doc/libpam-modules/NEWS.Debian.gz", "/usr/share/doc/libpam-modules/changelog.Debian.gz", "/usr/share/doc/libpam-modules/changelog.gz", "/usr/share/doc/libpam-modules/copyright", "/usr/share/doc/libpam-modules/examples/upperLOWER.c", "/usr/share/lintian/overrides/libpam-modules", "/usr/share/pam-configs/mkhomedir" ], "AnalyzedBy": "dpkg" }, { "ID": "libpam-modules-bin@1.7.0-5", "Name": "libpam-modules-bin", "Identifier": { "PURL": "pkg:deb/debian/libpam-modules-bin@1.7.0-5?arch=amd64\u0026distro=debian-13.5", "UID": "c9cbae9084b28bae" }, "Version": "1.7.0", "Release": "5", "Arch": "amd64", "SrcName": "pam", "SrcVersion": "1.7.0", "SrcRelease": "5", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later", "GPL-1.0-only", "GPL-2.0-only", "GPL-3.0-only", "GPL-3+ with Bison exception", "BSD-tcp_wrappers", "LGPL-2.0-or-later", "LGPL-2.0-only", "public-domain", "Beerware" ], "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libaudit1@1:4.0.2-2+b2", "libc6@2.41-12+deb13u3", "libcrypt1@1:4.4.38-1", "libpam0g@1.7.0-5", "libselinux1@3.8.1-1", "libsystemd0@257.13-1~deb13u1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/systemd/system/pam_namespace.service", "/usr/sbin/faillock", "/usr/sbin/mkhomedir_helper", "/usr/sbin/pam_namespace_helper", "/usr/sbin/pam_timestamp_check", "/usr/sbin/pwhistory_helper", "/usr/sbin/unix_chkpwd", "/usr/sbin/unix_update", "/usr/share/doc/libpam-modules-bin/changelog.Debian.gz", "/usr/share/doc/libpam-modules-bin/changelog.gz", "/usr/share/doc/libpam-modules-bin/copyright", "/usr/share/lintian/overrides/libpam-modules-bin" ], "AnalyzedBy": "dpkg" }, { "ID": "libpam-runtime@1.7.0-5", "Name": "libpam-runtime", "Identifier": { "PURL": "pkg:deb/debian/libpam-runtime@1.7.0-5?arch=all\u0026distro=debian-13.5", "UID": "1d4f3eaf1c0f9548" }, "Version": "1.7.0", "Release": "5", "Arch": "all", "SrcName": "pam", "SrcVersion": "1.7.0", "SrcRelease": "5", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later", "GPL-1.0-only", "GPL-2.0-only", "GPL-3.0-only", "GPL-3+ with Bison exception", "BSD-tcp_wrappers", "LGPL-2.0-or-later", "LGPL-2.0-only", "public-domain", "Beerware" ], "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debconf@1.5.91", "libpam-modules@1.7.0-5" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/sbin/pam-auth-update", "/usr/sbin/pam_getenv", "/usr/share/doc/libpam-runtime/changelog.Debian.gz", "/usr/share/doc/libpam-runtime/changelog.gz", "/usr/share/doc/libpam-runtime/copyright", "/usr/share/lintian/overrides/libpam-runtime", "/usr/share/locale/af/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/am/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ar/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/as/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/az/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/be/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/bg/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/bn/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/bn_IN/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/bs/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ca/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/cs/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/cy/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/da/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/de/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/de_CH/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/el/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/eo/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/es/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/et/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/eu/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/fa/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/fi/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/fr/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ga/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/gl/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/gu/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/he/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/hi/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/hr/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/hu/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ia/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/id/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/is/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/it/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ja/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ka/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/kk/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/km/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/kn/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ko/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/kw_GB/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ky/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/lt/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/lv/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/mk/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ml/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/mn/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/mr/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ms/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/my/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/nb/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ne/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/nl/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/nn/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/or/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/pa/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/pl/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/pt/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ro/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ru/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/si/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/sk/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/sl/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/sq/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/sr/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/sr@latin/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/sv/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ta/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/te/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/tg/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/th/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/tr/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/uk/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ur/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/vi/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/yo/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/zh_HK/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/zu/LC_MESSAGES/Linux-PAM.mo", "/usr/share/man/man5/access.conf.5.gz", "/usr/share/man/man5/faillock.conf.5.gz", "/usr/share/man/man5/group.conf.5.gz", "/usr/share/man/man5/limits.conf.5.gz", "/usr/share/man/man5/namespace.conf.5.gz", "/usr/share/man/man5/pam.conf.5.gz", "/usr/share/man/man5/pam_env.conf.5.gz", "/usr/share/man/man5/pwhistory.conf.5.gz", "/usr/share/man/man5/sepermit.conf.5.gz", "/usr/share/man/man5/time.conf.5.gz", "/usr/share/man/man7/PAM.7.gz", "/usr/share/man/man8/faillock.8.gz", "/usr/share/man/man8/mkhomedir_helper.8.gz", "/usr/share/man/man8/pam-auth-update.8.gz", "/usr/share/man/man8/pam_access.8.gz", "/usr/share/man/man8/pam_canonicalize_user.8.gz", "/usr/share/man/man8/pam_debug.8.gz", "/usr/share/man/man8/pam_deny.8.gz", "/usr/share/man/man8/pam_echo.8.gz", "/usr/share/man/man8/pam_env.8.gz", "/usr/share/man/man8/pam_exec.8.gz", "/usr/share/man/man8/pam_faildelay.8.gz", "/usr/share/man/man8/pam_faillock.8.gz", "/usr/share/man/man8/pam_filter.8.gz", "/usr/share/man/man8/pam_ftp.8.gz", "/usr/share/man/man8/pam_getenv.8.gz", "/usr/share/man/man8/pam_group.8.gz", "/usr/share/man/man8/pam_issue.8.gz", "/usr/share/man/man8/pam_keyinit.8.gz", "/usr/share/man/man8/pam_limits.8.gz", "/usr/share/man/man8/pam_listfile.8.gz", "/usr/share/man/man8/pam_localuser.8.gz", "/usr/share/man/man8/pam_loginuid.8.gz", "/usr/share/man/man8/pam_mail.8.gz", "/usr/share/man/man8/pam_mkhomedir.8.gz", "/usr/share/man/man8/pam_motd.8.gz", "/usr/share/man/man8/pam_namespace.8.gz", "/usr/share/man/man8/pam_namespace_helper.8.gz", "/usr/share/man/man8/pam_nologin.8.gz", "/usr/share/man/man8/pam_permit.8.gz", "/usr/share/man/man8/pam_pwhistory.8.gz", "/usr/share/man/man8/pam_rhosts.8.gz", "/usr/share/man/man8/pam_rootok.8.gz", "/usr/share/man/man8/pam_securetty.8.gz", "/usr/share/man/man8/pam_selinux.8.gz", "/usr/share/man/man8/pam_sepermit.8.gz", "/usr/share/man/man8/pam_setquota.8.gz", "/usr/share/man/man8/pam_shells.8.gz", "/usr/share/man/man8/pam_stress.8.gz", "/usr/share/man/man8/pam_succeed_if.8.gz", "/usr/share/man/man8/pam_time.8.gz", "/usr/share/man/man8/pam_timestamp.8.gz", "/usr/share/man/man8/pam_timestamp_check.8.gz", "/usr/share/man/man8/pam_tty_audit.8.gz", "/usr/share/man/man8/pam_umask.8.gz", "/usr/share/man/man8/pam_unix.8.gz", "/usr/share/man/man8/pam_userdb.8.gz", "/usr/share/man/man8/pam_usertype.8.gz", "/usr/share/man/man8/pam_warn.8.gz", "/usr/share/man/man8/pam_wheel.8.gz", "/usr/share/man/man8/pam_xauth.8.gz", "/usr/share/man/man8/pwhistory_helper.8.gz", "/usr/share/man/man8/unix_chkpwd.8.gz", "/usr/share/man/man8/unix_update.8.gz", "/usr/share/pam-configs/unix", "/usr/share/pam/common-account", "/usr/share/pam/common-account.md5sums", "/usr/share/pam/common-auth", "/usr/share/pam/common-auth.md5sums", "/usr/share/pam/common-password", "/usr/share/pam/common-password.md5sums", "/usr/share/pam/common-session", "/usr/share/pam/common-session-noninteractive", "/usr/share/pam/common-session-noninteractive.md5sums", "/usr/share/pam/common-session.md5sums" ], "AnalyzedBy": "dpkg" }, { "ID": "libpam0g@1.7.0-5", "Name": "libpam0g", "Identifier": { "PURL": "pkg:deb/debian/libpam0g@1.7.0-5?arch=amd64\u0026distro=debian-13.5", "UID": "50a3886f7361785c" }, "Version": "1.7.0", "Release": "5", "Arch": "amd64", "SrcName": "pam", "SrcVersion": "1.7.0", "SrcRelease": "5", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later", "GPL-1.0-only", "GPL-2.0-only", "GPL-3.0-only", "GPL-3+ with Bison exception", "BSD-tcp_wrappers", "LGPL-2.0-or-later", "LGPL-2.0-only", "public-domain", "Beerware" ], "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debconf@1.5.91", "libaudit1@1:4.0.2-2+b2", "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libpam.so.0.85.1", "/usr/lib/x86_64-linux-gnu/libpam_misc.so.0.82.1", "/usr/lib/x86_64-linux-gnu/libpamc.so.0.82.1", "/usr/share/doc/libpam0g/Debian-PAM-MiniPolicy.gz", "/usr/share/doc/libpam0g/README", "/usr/share/doc/libpam0g/README.Debian", "/usr/share/doc/libpam0g/TODO.Debian", "/usr/share/doc/libpam0g/changelog.Debian.gz", "/usr/share/doc/libpam0g/changelog.gz", "/usr/share/doc/libpam0g/copyright", "/usr/share/lintian/overrides/libpam0g" ], "AnalyzedBy": "dpkg" }, { "ID": "libpcre2-8-0@10.46-1~deb13u1", "Name": "libpcre2-8-0", "Identifier": { "PURL": "pkg:deb/debian/libpcre2-8-0@10.46-1~deb13u1?arch=amd64\u0026distro=debian-13.5", "UID": "aa7e3a6ab471d889" }, "Version": "10.46", "Release": "1~deb13u1", "Arch": "amd64", "SrcName": "pcre2", "SrcVersion": "10.46", "SrcRelease": "1~deb13u1", "Licenses": [ "BSD-3-clause-Cambridge with BINARY LIBRARY-LIKE PACKAGES exception", "BSD-3-Clause", "X11", "BSD-2-Clause", "public-domain" ], "Maintainer": "Matthew Vernon \u003cmatthew@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libpcre2-8.so.0.14.0", "/usr/share/doc/libpcre2-8-0/README.Debian", "/usr/share/doc/libpcre2-8-0/changelog.Debian.gz", "/usr/share/doc/libpcre2-8-0/changelog.gz", "/usr/share/doc/libpcre2-8-0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libreadline8t64@8.2-6", "Name": "libreadline8t64", "Identifier": { "PURL": "pkg:deb/debian/libreadline8t64@8.2-6?arch=amd64\u0026distro=debian-13.5", "UID": "a41a60a40a941961" }, "Version": "8.2", "Release": "6", "Arch": "amd64", "SrcName": "readline", "SrcVersion": "8.2", "SrcRelease": "6", "Licenses": [ "GPL-3.0-or-later", "GPL-3.0-only", "GPL-2.0-or-later", "GPL-2.0-only", "GFDL-1.3-no-invariants-or-later", "GFDL-1.3-or-later", "ISC-no-attribution" ], "Maintainer": "Matthias Klose \u003cdoko@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libtinfo6@6.5+20250216-2", "readline-common@8.2-6" ], "Layer": { "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libhistory.so.8.2", "/usr/lib/x86_64-linux-gnu/libreadline.so.8.2", "/usr/share/doc/libreadline8t64/README.Debian", "/usr/share/doc/libreadline8t64/USAGE", "/usr/share/doc/libreadline8t64/changelog.Debian.gz", "/usr/share/doc/libreadline8t64/changelog.gz", "/usr/share/doc/libreadline8t64/copyright", "/usr/share/doc/libreadline8t64/examples/Inputrc", "/usr/share/doc/libreadline8t64/inputrc.arrows" ], "AnalyzedBy": "dpkg" }, { "ID": "libseccomp2@2.6.0-2", "Name": "libseccomp2", "Identifier": { "PURL": "pkg:deb/debian/libseccomp2@2.6.0-2?arch=amd64\u0026distro=debian-13.5", "UID": "97e0ed663a98e78b" }, "Version": "2.6.0", "Release": "2", "Arch": "amd64", "SrcName": "libseccomp", "SrcVersion": "2.6.0", "SrcRelease": "2", "Licenses": [ "LGPL-2.1-only" ], "Maintainer": "Kees Cook \u003ckees@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libseccomp.so.2.6.0", "/usr/share/doc/libseccomp2/changelog.Debian.gz", "/usr/share/doc/libseccomp2/changelog.gz", "/usr/share/doc/libseccomp2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libselinux1@3.8.1-1", "Name": "libselinux1", "Identifier": { "PURL": "pkg:deb/debian/libselinux1@3.8.1-1?arch=amd64\u0026distro=debian-13.5", "UID": "f7d3a23ad693e5cb" }, "Version": "3.8.1", "Release": "1", "Arch": "amd64", "SrcName": "libselinux", "SrcVersion": "3.8.1", "SrcRelease": "1", "Licenses": [ "public-domain", "GPL-2.0-only" ], "Maintainer": "Debian SELinux maintainers \u003cselinux-devel@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libpcre2-8-0@10.46-1~deb13u1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/tmpfiles.d/libselinux1.conf", "/usr/lib/x86_64-linux-gnu/libselinux.so.1", "/usr/share/doc/libselinux1/changelog.Debian.gz", "/usr/share/doc/libselinux1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libsemanage-common@3.8.1-1", "Name": "libsemanage-common", "Identifier": { "PURL": "pkg:deb/debian/libsemanage-common@3.8.1-1?arch=all\u0026distro=debian-13.5", "UID": "ecc6b54d8bc6318c" }, "Version": "3.8.1", "Release": "1", "Arch": "all", "SrcName": "libsemanage", "SrcVersion": "3.8.1", "SrcRelease": "1", "Licenses": [ "LGPL-2.1-or-later", "LGPL-2.1-only", "GPL-2.0-only" ], "Maintainer": "Debian SELinux maintainers \u003cselinux-devel@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/share/doc/libsemanage-common/changelog.Debian.gz", "/usr/share/doc/libsemanage-common/copyright", "/usr/share/man/man5/semanage.conf.5.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "libsemanage2@3.8.1-1", "Name": "libsemanage2", "Identifier": { "PURL": "pkg:deb/debian/libsemanage2@3.8.1-1?arch=amd64\u0026distro=debian-13.5", "UID": "5684bd063761ddb3" }, "Version": "3.8.1", "Release": "1", "Arch": "amd64", "SrcName": "libsemanage", "SrcVersion": "3.8.1", "SrcRelease": "1", "Licenses": [ "LGPL-2.1-or-later", "LGPL-2.1-only", "GPL-2.0-only" ], "Maintainer": "Debian SELinux maintainers \u003cselinux-devel@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libaudit1@1:4.0.2-2+b2", "libbz2-1.0@1.0.8-6", "libc6@2.41-12+deb13u3", "libselinux1@3.8.1-1", "libsemanage-common@3.8.1-1", "libsepol2@3.8.1-1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libsemanage.so.2", "/usr/share/doc/libsemanage2/changelog.Debian.gz", "/usr/share/doc/libsemanage2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libsepol2@3.8.1-1", "Name": "libsepol2", "Identifier": { "PURL": "pkg:deb/debian/libsepol2@3.8.1-1?arch=amd64\u0026distro=debian-13.5", "UID": "9990a97d658e13ae" }, "Version": "3.8.1", "Release": "1", "Arch": "amd64", "SrcName": "libsepol", "SrcVersion": "3.8.1", "SrcRelease": "1", "Licenses": [ "LGPL-2.1-or-later", "LGPL-2.1-only", "Zlib", "GPL-2.0-only", "GPL-2.0-or-later" ], "Maintainer": "Debian SELinux maintainers \u003cselinux-devel@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libsepol.so.2", "/usr/share/doc/libsepol2/changelog.Debian.gz", "/usr/share/doc/libsepol2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libsmartcols1@2.41-5", "Name": "libsmartcols1", "Identifier": { "PURL": "pkg:deb/debian/libsmartcols1@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "780dbec0869ab8e" }, "Version": "2.41", "Release": "5", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libsmartcols.so.1.1.0", "/usr/share/doc/libsmartcols1/NEWS.Debian.gz", "/usr/share/doc/libsmartcols1/changelog.Debian.gz", "/usr/share/doc/libsmartcols1/changelog.gz", "/usr/share/doc/libsmartcols1/copyright", "/usr/share/lintian/overrides/libsmartcols1" ], "AnalyzedBy": "dpkg" }, { "ID": "libsqlite3-0@3.46.1-7+deb13u1", "Name": "libsqlite3-0", "Identifier": { "PURL": "pkg:deb/debian/libsqlite3-0@3.46.1-7%2Bdeb13u1?arch=amd64\u0026distro=debian-13.5", "UID": "c7da287e696e8198" }, "Version": "3.46.1", "Release": "7+deb13u1", "Arch": "amd64", "SrcName": "sqlite3", "SrcVersion": "3.46.1", "SrcRelease": "7+deb13u1", "Licenses": [ "public-domain", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Laszlo Boszormenyi (GCS) \u003cgcs@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libsqlite3.so.0.8.6", "/usr/share/doc/libsqlite3-0/README.Debian", "/usr/share/doc/libsqlite3-0/changelog.Debian.gz", "/usr/share/doc/libsqlite3-0/changelog.gz", "/usr/share/doc/libsqlite3-0/changelog.html.gz", "/usr/share/doc/libsqlite3-0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libssl3t64@3.5.6-1~deb13u1", "Name": "libssl3t64", "Identifier": { "PURL": "pkg:deb/debian/libssl3t64@3.5.6-1~deb13u1?arch=amd64\u0026distro=debian-13.5", "UID": "19bca5c02c5a9632" }, "Version": "3.5.6", "Release": "1~deb13u1", "Arch": "amd64", "SrcName": "openssl", "SrcVersion": "3.5.6", "SrcRelease": "1~deb13u1", "Licenses": [ "Apache-2.0", "Artistic-2.0", "GPL-1.0-or-later", "GPL-1.0-only" ], "Maintainer": "Debian OpenSSL Team \u003cpkg-openssl-devel@alioth-lists.debian.net\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libzstd1@1.5.7+dfsg-1", "openssl-provider-legacy@3.5.6-1~deb13u1", "zlib1g@1:1.3.dfsg+really1.3.1-1+b1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/engines-3/afalg.so", "/usr/lib/x86_64-linux-gnu/engines-3/loader_attic.so", "/usr/lib/x86_64-linux-gnu/engines-3/padlock.so", "/usr/lib/x86_64-linux-gnu/libcrypto.so.3", "/usr/lib/x86_64-linux-gnu/libssl.so.3", "/usr/share/doc/libssl3t64/NEWS.Debian.gz", "/usr/share/doc/libssl3t64/changelog.Debian.gz", "/usr/share/doc/libssl3t64/changelog.gz", "/usr/share/doc/libssl3t64/copyright", "/usr/share/lintian/overrides/libssl3t64" ], "AnalyzedBy": "dpkg" }, { "ID": "libstdc++6@14.2.0-19", "Name": "libstdc++6", "Identifier": { "PURL": "pkg:deb/debian/libstdc%2B%2B6@14.2.0-19?arch=amd64\u0026distro=debian-13.5", "UID": "1b384a6346513d7c" }, "Version": "14.2.0", "Release": "19", "Arch": "amd64", "SrcName": "gcc-14", "SrcVersion": "14.2.0", "SrcRelease": "19", "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "gcc-14-base@14.2.0-19", "libc6@2.41-12+deb13u3", "libgcc-s1@14.2.0-19" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.33", "/usr/share/gcc/python/libstdcxx/__init__.py", "/usr/share/gcc/python/libstdcxx/v6/__init__.py", "/usr/share/gcc/python/libstdcxx/v6/printers.py", "/usr/share/gcc/python/libstdcxx/v6/xmethods.py", "/usr/share/gdb/auto-load/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.33-gdb.py" ], "AnalyzedBy": "dpkg" }, { "ID": "libsystemd0@257.13-1~deb13u1", "Name": "libsystemd0", "Identifier": { "PURL": "pkg:deb/debian/libsystemd0@257.13-1~deb13u1?arch=amd64\u0026distro=debian-13.5", "UID": "a2b4ba47389f858e" }, "Version": "257.13", "Release": "1~deb13u1", "Arch": "amd64", "SrcName": "systemd", "SrcVersion": "257.13", "SrcRelease": "1~deb13u1", "Licenses": [ "LGPL-2.1-or-later", "CC0-1.0", "GPL-2 with Linux-syscall-note exception", "MIT", "public-domain", "GPL-2.0-or-later", "GPL-2.0-only", "LGPL-2.1-only" ], "Maintainer": "Debian systemd Maintainers \u003cpkg-systemd-maintainers@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libcap2@1:2.75-10+deb13u1+b1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "/usr/share/doc/libsystemd0/NEWS.Debian.gz", "/usr/share/doc/libsystemd0/changelog.Debian.gz", "/usr/share/doc/libsystemd0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libtinfo6@6.5+20250216-2", "Name": "libtinfo6", "Identifier": { "PURL": "pkg:deb/debian/libtinfo6@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.5", "UID": "ba2c2b464f07108a" }, "Version": "6.5+20250216", "Release": "2", "Arch": "amd64", "SrcName": "ncurses", "SrcVersion": "6.5+20250216", "SrcRelease": "2", "Licenses": [ "MIT/X11", "X11", "BSD-3-Clause" ], "Maintainer": "Ncurses Maintainers \u003cncurses@packages.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libtic.so.6.5", "/usr/lib/x86_64-linux-gnu/libtinfo.so.6.5", "/usr/share/doc/libtinfo6/changelog.Debian.gz", "/usr/share/doc/libtinfo6/changelog.gz", "/usr/share/doc/libtinfo6/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libudev1@257.13-1~deb13u1", "Name": "libudev1", "Identifier": { "PURL": "pkg:deb/debian/libudev1@257.13-1~deb13u1?arch=amd64\u0026distro=debian-13.5", "UID": "3b7a2f1a9ab169b" }, "Version": "257.13", "Release": "1~deb13u1", "Arch": "amd64", "SrcName": "systemd", "SrcVersion": "257.13", "SrcRelease": "1~deb13u1", "Licenses": [ "LGPL-2.1-or-later", "CC0-1.0", "GPL-2 with Linux-syscall-note exception", "MIT", "public-domain", "GPL-2.0-or-later", "GPL-2.0-only", "LGPL-2.1-only" ], "Maintainer": "Debian systemd Maintainers \u003cpkg-systemd-maintainers@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libcap2@1:2.75-10+deb13u1+b1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libudev.so.1.7.10", "/usr/share/doc/libudev1/NEWS.Debian.gz", "/usr/share/doc/libudev1/changelog.Debian.gz", "/usr/share/doc/libudev1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libuuid1@2.41-5", "Name": "libuuid1", "Identifier": { "PURL": "pkg:deb/debian/libuuid1@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "1afbb50818377478" }, "Version": "2.41", "Release": "5", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libuuid.so.1.3.0", "/usr/share/doc/libuuid1/NEWS.Debian.gz", "/usr/share/doc/libuuid1/changelog.Debian.gz", "/usr/share/doc/libuuid1/changelog.gz", "/usr/share/doc/libuuid1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libxxhash0@0.8.3-2", "Name": "libxxhash0", "Identifier": { "PURL": "pkg:deb/debian/libxxhash0@0.8.3-2?arch=amd64\u0026distro=debian-13.5", "UID": "d91110b5edcae2d8" }, "Version": "0.8.3", "Release": "2", "Arch": "amd64", "SrcName": "xxhash", "SrcVersion": "0.8.3", "SrcRelease": "2", "Licenses": [ "BSD-2-Clause", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Josue Ortega \u003cjosue@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libxxhash.so.0.8.3", "/usr/share/doc/libxxhash0/changelog.Debian.gz", "/usr/share/doc/libxxhash0/changelog.gz", "/usr/share/doc/libxxhash0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libzstd1@1.5.7+dfsg-1", "Name": "libzstd1", "Identifier": { "PURL": "pkg:deb/debian/libzstd1@1.5.7%2Bdfsg-1?arch=amd64\u0026distro=debian-13.5", "UID": "ca4814a2bfd07696" }, "Version": "1.5.7+dfsg", "Release": "1", "Arch": "amd64", "SrcName": "libzstd", "SrcVersion": "1.5.7+dfsg", "SrcRelease": "1", "Licenses": [ "BSD-3-Clause", "GPL-2.0-only", "Zlib", "MIT" ], "Maintainer": "RPM packaging team \u003cteam+pkg-rpm@tracker.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libzstd.so.1.5.7", "/usr/share/doc/libzstd1/changelog.Debian.gz", "/usr/share/doc/libzstd1/changelog.gz", "/usr/share/doc/libzstd1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "login@1:4.16.0-2+really2.41-5", "Name": "login", "Identifier": { "PURL": "pkg:deb/debian/login@4.16.0-2%2Breally2.41-5?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "c0ab0b857644733b" }, "Version": "4.16.0-2+really2.41", "Release": "5", "Epoch": 1, "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libaudit1@1:4.0.2-2+b2", "libc6@2.41-12+deb13u3", "libcrypt1@1:4.4.38-1", "libpam-modules@1.7.0-5", "libpam-runtime@1.7.0-5", "libpam0g@1.7.0-5" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/login", "/usr/bin/newgrp", "/usr/sbin/nologin", "/usr/share/bash-completion/completions/newgrp", "/usr/share/doc/login/NEWS.Debian.gz", "/usr/share/doc/login/changelog.Debian.gz", "/usr/share/doc/login/changelog.gz", "/usr/share/doc/login/copyright", "/usr/share/lintian/overrides/login", "/usr/share/man/de/man1/login.1.gz", "/usr/share/man/de/man8/nologin.8.gz", "/usr/share/man/fr/man1/login.1.gz", "/usr/share/man/man1/login.1.gz", "/usr/share/man/man1/newgrp.1.gz", "/usr/share/man/man8/nologin.8.gz", "/usr/share/man/pl/man1/login.1.gz", "/usr/share/man/pl/man1/newgrp.1.gz", "/usr/share/man/pl/man8/nologin.8.gz", "/usr/share/man/ro/man1/login.1.gz", "/usr/share/man/ro/man1/newgrp.1.gz", "/usr/share/man/ro/man8/nologin.8.gz", "/usr/share/man/sr/man1/login.1.gz", "/usr/share/man/sr/man8/nologin.8.gz", "/usr/share/man/uk/man1/login.1.gz", "/usr/share/man/uk/man1/newgrp.1.gz", "/usr/share/man/uk/man8/nologin.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "login.defs@1:4.17.4-2", "Name": "login.defs", "Identifier": { "PURL": "pkg:deb/debian/login.defs@4.17.4-2?arch=all\u0026distro=debian-13.5\u0026epoch=1", "UID": "b6a337588c67d5a3" }, "Version": "4.17.4", "Release": "2", "Epoch": 1, "Arch": "all", "SrcName": "shadow", "SrcVersion": "4.17.4", "SrcRelease": "2", "SrcEpoch": 1, "Licenses": [ "BSD-3-Clause", "GPL-1.0-only", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Shadow package maintainers \u003cpkg-shadow-devel@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/share/doc/login.defs/NEWS.Debian.gz", "/usr/share/doc/login.defs/changelog.Debian.gz", "/usr/share/doc/login.defs/changelog.gz", "/usr/share/doc/login.defs/copyright", "/usr/share/man/de/man5/login.defs.5.gz", "/usr/share/man/fr/man5/login.defs.5.gz", "/usr/share/man/it/man5/login.defs.5.gz", "/usr/share/man/ja/man5/login.defs.5.gz", "/usr/share/man/man5/login.defs.5.gz", "/usr/share/man/ru/man5/login.defs.5.gz", "/usr/share/man/uk/man5/login.defs.5.gz", "/usr/share/man/zh_CN/man5/login.defs.5.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "mawk@1.3.4.20250131-1", "Name": "mawk", "Identifier": { "PURL": "pkg:deb/debian/mawk@1.3.4.20250131-1?arch=amd64\u0026distro=debian-13.5", "UID": "a4460701c66e182d" }, "Version": "1.3.4.20250131", "Release": "1", "Arch": "amd64", "SrcName": "mawk", "SrcVersion": "1.3.4.20250131", "SrcRelease": "1", "Licenses": [ "GPL-2.0-only", "X11", "CC-BY-3.0" ], "Maintainer": "Boyuan Yang \u003cbyang@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/mawk", "/usr/share/doc/mawk/ACKNOWLEDGMENT", "/usr/share/doc/mawk/README", "/usr/share/doc/mawk/changelog.Debian.gz", "/usr/share/doc/mawk/changelog.gz", "/usr/share/doc/mawk/copyright", "/usr/share/doc/mawk/examples/ct_length.awk", "/usr/share/doc/mawk/examples/decl.awk", "/usr/share/doc/mawk/examples/deps.awk", "/usr/share/doc/mawk/examples/eatc.awk", "/usr/share/doc/mawk/examples/gdecl.awk", "/usr/share/doc/mawk/examples/hcal", "/usr/share/doc/mawk/examples/hical", "/usr/share/doc/mawk/examples/nocomment.awk", "/usr/share/doc/mawk/examples/primes.awk", "/usr/share/doc/mawk/examples/qsort.awk", "/usr/share/man/man1/mawk.1.gz", "/usr/share/man/man7/mawk-arrays.7.gz", "/usr/share/man/man7/mawk-code.7.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "mount@2.41-5", "Name": "mount", "Identifier": { "PURL": "pkg:deb/debian/mount@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "55c835c674d0a0e5" }, "Version": "2.41", "Release": "5", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/mount", "/usr/bin/umount", "/usr/sbin/losetup", "/usr/sbin/swapoff", "/usr/sbin/swapon", "/usr/share/bash-completion/completions/losetup", "/usr/share/bash-completion/completions/mount", "/usr/share/bash-completion/completions/swapoff", "/usr/share/bash-completion/completions/swapon", "/usr/share/bash-completion/completions/umount", "/usr/share/doc/mount/NEWS.Debian.gz", "/usr/share/doc/mount/changelog.Debian.gz", "/usr/share/doc/mount/changelog.gz", "/usr/share/doc/mount/copyright", "/usr/share/doc/mount/examples/filesystems", "/usr/share/doc/mount/examples/fstab", "/usr/share/doc/mount/examples/mount.fstab", "/usr/share/doc/mount/mount.txt", "/usr/share/lintian/overrides/mount", "/usr/share/man/man5/fstab.5.gz", "/usr/share/man/man8/losetup.8.gz", "/usr/share/man/man8/mount.8.gz", "/usr/share/man/man8/swapon.8.gz", "/usr/share/man/man8/umount.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "ncurses-base@6.5+20250216-2", "Name": "ncurses-base", "Identifier": { "PURL": "pkg:deb/debian/ncurses-base@6.5%2B20250216-2?arch=all\u0026distro=debian-13.5", "UID": "767a0231348a5cb5" }, "Version": "6.5+20250216", "Release": "2", "Arch": "all", "SrcName": "ncurses", "SrcVersion": "6.5+20250216", "SrcRelease": "2", "Licenses": [ "MIT/X11", "X11", "BSD-3-Clause" ], "Maintainer": "Ncurses Maintainers \u003cncurses@packages.debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/share/doc/ncurses-base/FAQ", "/usr/share/doc/ncurses-base/TODO.Debian", "/usr/share/doc/ncurses-base/changelog.Debian.gz", "/usr/share/doc/ncurses-base/changelog.gz", "/usr/share/doc/ncurses-base/copyright", "/usr/share/lintian/overrides/ncurses-base", "/usr/share/tabset/std", "/usr/share/tabset/stdcrt", "/usr/share/tabset/vt100", "/usr/share/tabset/vt300", "/usr/share/terminfo/E/Eterm", "/usr/share/terminfo/a/ansi", "/usr/share/terminfo/c/cons25", "/usr/share/terminfo/c/cygwin", "/usr/share/terminfo/d/dumb", "/usr/share/terminfo/h/hurd", "/usr/share/terminfo/l/linux", "/usr/share/terminfo/m/mach", "/usr/share/terminfo/m/mach-bold", "/usr/share/terminfo/m/mach-color", "/usr/share/terminfo/m/mach-gnu", "/usr/share/terminfo/m/mach-gnu-color", "/usr/share/terminfo/p/pcansi", "/usr/share/terminfo/r/rxvt", "/usr/share/terminfo/r/rxvt-basic", "/usr/share/terminfo/r/rxvt-unicode", "/usr/share/terminfo/r/rxvt-unicode-256color", "/usr/share/terminfo/s/screen", "/usr/share/terminfo/s/screen-256color", "/usr/share/terminfo/s/screen-256color-bce", "/usr/share/terminfo/s/screen-bce", "/usr/share/terminfo/s/screen-s", "/usr/share/terminfo/s/screen-w", "/usr/share/terminfo/s/screen.xterm-256color", "/usr/share/terminfo/s/sun", "/usr/share/terminfo/t/tmux", "/usr/share/terminfo/t/tmux-256color", "/usr/share/terminfo/v/vt100", "/usr/share/terminfo/v/vt102", "/usr/share/terminfo/v/vt220", "/usr/share/terminfo/v/vt52", "/usr/share/terminfo/w/wsvt25", "/usr/share/terminfo/w/wsvt25m", "/usr/share/terminfo/x/xterm", "/usr/share/terminfo/x/xterm-256color", "/usr/share/terminfo/x/xterm-color", "/usr/share/terminfo/x/xterm-mono", "/usr/share/terminfo/x/xterm-r5", "/usr/share/terminfo/x/xterm-r6", "/usr/share/terminfo/x/xterm-vt220", "/usr/share/terminfo/x/xterm-xfree86" ], "AnalyzedBy": "dpkg" }, { "ID": "ncurses-bin@6.5+20250216-2", "Name": "ncurses-bin", "Identifier": { "PURL": "pkg:deb/debian/ncurses-bin@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.5", "UID": "5b541563cf6587e5" }, "Version": "6.5+20250216", "Release": "2", "Arch": "amd64", "SrcName": "ncurses", "SrcVersion": "6.5+20250216", "SrcRelease": "2", "Licenses": [ "MIT/X11", "X11", "BSD-3-Clause" ], "Maintainer": "Ncurses Maintainers \u003cncurses@packages.debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/clear", "/usr/bin/infocmp", "/usr/bin/tabs", "/usr/bin/tic", "/usr/bin/toe", "/usr/bin/tput", "/usr/bin/tset", "/usr/share/doc/ncurses-bin/changelog.Debian.gz", "/usr/share/doc/ncurses-bin/changelog.gz", "/usr/share/doc/ncurses-bin/copyright", "/usr/share/man/man1/captoinfo.1.gz", "/usr/share/man/man1/clear.1.gz", "/usr/share/man/man1/infocmp.1.gz", "/usr/share/man/man1/infotocap.1.gz", "/usr/share/man/man1/tabs.1.gz", "/usr/share/man/man1/tic.1.gz", "/usr/share/man/man1/toe.1.gz", "/usr/share/man/man1/tput.1.gz", "/usr/share/man/man1/tset.1.gz", "/usr/share/man/man5/scr_dump.5.gz", "/usr/share/man/man5/term.5.gz", "/usr/share/man/man5/terminfo.5.gz", "/usr/share/man/man5/user_caps.5.gz", "/usr/share/man/man7/term.7.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "netbase@6.5", "Name": "netbase", "Identifier": { "PURL": "pkg:deb/debian/netbase@6.5?arch=all\u0026distro=debian-13.5", "UID": "9929ff265179fc61" }, "Version": "6.5", "Arch": "all", "SrcName": "netbase", "SrcVersion": "6.5", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Marco d'Itri \u003cmd@linux.it\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:4a9dde5cdde190bfa0a3ab17863a083e66ea9636b157638c315357dfa476ba76", "DiffID": "sha256:ae0096d57d7f18e7861848f1103983488102f78517c11444120d8a938884de54" }, "InstalledFiles": [ "/usr/share/doc/netbase/changelog.gz", "/usr/share/doc/netbase/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "openssl@3.5.6-1~deb13u1", "Name": "openssl", "Identifier": { "PURL": "pkg:deb/debian/openssl@3.5.6-1~deb13u1?arch=amd64\u0026distro=debian-13.5", "UID": "ee88be94d89898bf" }, "Version": "3.5.6", "Release": "1~deb13u1", "Arch": "amd64", "SrcName": "openssl", "SrcVersion": "3.5.6", "SrcRelease": "1~deb13u1", "Licenses": [ "Apache-2.0", "Artistic-2.0", "GPL-1.0-or-later", "GPL-1.0-only" ], "Maintainer": "Debian OpenSSL Team \u003cpkg-openssl-devel@alioth-lists.debian.net\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libssl3t64@3.5.6-1~deb13u1" ], "Layer": { "Digest": "sha256:4a9dde5cdde190bfa0a3ab17863a083e66ea9636b157638c315357dfa476ba76", "DiffID": "sha256:ae0096d57d7f18e7861848f1103983488102f78517c11444120d8a938884de54" }, "InstalledFiles": [ "/usr/bin/c_rehash", "/usr/bin/openssl", "/usr/lib/ssl/misc/CA.pl", "/usr/lib/ssl/misc/tsget.pl", "/usr/share/doc/openssl/HOWTO/certificates.txt.gz", "/usr/share/doc/openssl/HOWTO/documenting-functions-and-macros.md.gz", "/usr/share/doc/openssl/HOWTO/keys.txt.gz", "/usr/share/doc/openssl/NEWS.md.gz", "/usr/share/doc/openssl/README-ENGINES.md.gz", "/usr/share/doc/openssl/README-PROVIDERS.md.gz", "/usr/share/doc/openssl/README-QUIC.md.gz", "/usr/share/doc/openssl/README.Debian", "/usr/share/doc/openssl/README.md.gz", "/usr/share/doc/openssl/changelog.Debian.gz", "/usr/share/doc/openssl/changelog.gz", "/usr/share/doc/openssl/copyright", "/usr/share/doc/openssl/fingerprints.txt", "/usr/share/lintian/overrides/openssl", "/usr/share/man/man1/CA.pl.1ssl.gz", "/usr/share/man/man1/openssl-asn1parse.1ssl.gz", "/usr/share/man/man1/openssl-ca.1ssl.gz", "/usr/share/man/man1/openssl-ciphers.1ssl.gz", "/usr/share/man/man1/openssl-cmds.1ssl.gz", "/usr/share/man/man1/openssl-cmp.1ssl.gz", "/usr/share/man/man1/openssl-cms.1ssl.gz", "/usr/share/man/man1/openssl-crl.1ssl.gz", "/usr/share/man/man1/openssl-crl2pkcs7.1ssl.gz", "/usr/share/man/man1/openssl-dgst.1ssl.gz", "/usr/share/man/man1/openssl-dhparam.1ssl.gz", "/usr/share/man/man1/openssl-dsa.1ssl.gz", "/usr/share/man/man1/openssl-dsaparam.1ssl.gz", "/usr/share/man/man1/openssl-ec.1ssl.gz", "/usr/share/man/man1/openssl-ecparam.1ssl.gz", "/usr/share/man/man1/openssl-enc.1ssl.gz", "/usr/share/man/man1/openssl-engine.1ssl.gz", "/usr/share/man/man1/openssl-errstr.1ssl.gz", "/usr/share/man/man1/openssl-fipsinstall.1ssl.gz", "/usr/share/man/man1/openssl-format-options.1ssl.gz", "/usr/share/man/man1/openssl-gendsa.1ssl.gz", "/usr/share/man/man1/openssl-genpkey.1ssl.gz", "/usr/share/man/man1/openssl-genrsa.1ssl.gz", "/usr/share/man/man1/openssl-info.1ssl.gz", "/usr/share/man/man1/openssl-kdf.1ssl.gz", "/usr/share/man/man1/openssl-list.1ssl.gz", "/usr/share/man/man1/openssl-mac.1ssl.gz", "/usr/share/man/man1/openssl-namedisplay-options.1ssl.gz", "/usr/share/man/man1/openssl-nseq.1ssl.gz", "/usr/share/man/man1/openssl-ocsp.1ssl.gz", "/usr/share/man/man1/openssl-passphrase-options.1ssl.gz", "/usr/share/man/man1/openssl-passwd.1ssl.gz", "/usr/share/man/man1/openssl-pkcs12.1ssl.gz", "/usr/share/man/man1/openssl-pkcs7.1ssl.gz", "/usr/share/man/man1/openssl-pkcs8.1ssl.gz", "/usr/share/man/man1/openssl-pkey.1ssl.gz", "/usr/share/man/man1/openssl-pkeyparam.1ssl.gz", "/usr/share/man/man1/openssl-pkeyutl.1ssl.gz", "/usr/share/man/man1/openssl-prime.1ssl.gz", "/usr/share/man/man1/openssl-rand.1ssl.gz", "/usr/share/man/man1/openssl-rehash.1ssl.gz", "/usr/share/man/man1/openssl-req.1ssl.gz", "/usr/share/man/man1/openssl-rsa.1ssl.gz", "/usr/share/man/man1/openssl-rsautl.1ssl.gz", "/usr/share/man/man1/openssl-s_client.1ssl.gz", "/usr/share/man/man1/openssl-s_server.1ssl.gz", "/usr/share/man/man1/openssl-s_time.1ssl.gz", "/usr/share/man/man1/openssl-sess_id.1ssl.gz", "/usr/share/man/man1/openssl-skeyutl.1ssl.gz", "/usr/share/man/man1/openssl-smime.1ssl.gz", "/usr/share/man/man1/openssl-speed.1ssl.gz", "/usr/share/man/man1/openssl-spkac.1ssl.gz", "/usr/share/man/man1/openssl-srp.1ssl.gz", "/usr/share/man/man1/openssl-storeutl.1ssl.gz", "/usr/share/man/man1/openssl-ts.1ssl.gz", "/usr/share/man/man1/openssl-verification-options.1ssl.gz", "/usr/share/man/man1/openssl-verify.1ssl.gz", "/usr/share/man/man1/openssl-version.1ssl.gz", "/usr/share/man/man1/openssl-x509.1ssl.gz", "/usr/share/man/man1/openssl.1ssl.gz", "/usr/share/man/man1/tsget.1ssl.gz", "/usr/share/man/man5/config.5ssl.gz", "/usr/share/man/man5/fips_config.5ssl.gz", "/usr/share/man/man5/x509v3_config.5ssl.gz", "/usr/share/man/man7/EVP_ASYM_CIPHER-RSA.7ssl.gz", "/usr/share/man/man7/EVP_ASYM_CIPHER-SM2.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-AES.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-ARIA.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-BLOWFISH.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-CAMELLIA.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-CAST.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-CHACHA.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-DES.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-IDEA.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-NULL.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-RC2.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-RC4.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-RC5.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-SEED.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-SM4.7ssl.gz", "/usr/share/man/man7/EVP_KDF-ARGON2.7ssl.gz", "/usr/share/man/man7/EVP_KDF-HKDF.7ssl.gz", "/usr/share/man/man7/EVP_KDF-HMAC-DRBG.7ssl.gz", "/usr/share/man/man7/EVP_KDF-KB.7ssl.gz", "/usr/share/man/man7/EVP_KDF-KRB5KDF.7ssl.gz", "/usr/share/man/man7/EVP_KDF-PBKDF1.7ssl.gz", "/usr/share/man/man7/EVP_KDF-PBKDF2.7ssl.gz", "/usr/share/man/man7/EVP_KDF-PKCS12KDF.7ssl.gz", "/usr/share/man/man7/EVP_KDF-PVKKDF.7ssl.gz", "/usr/share/man/man7/EVP_KDF-SCRYPT.7ssl.gz", "/usr/share/man/man7/EVP_KDF-SS.7ssl.gz", "/usr/share/man/man7/EVP_KDF-SSHKDF.7ssl.gz", "/usr/share/man/man7/EVP_KDF-TLS13_KDF.7ssl.gz", "/usr/share/man/man7/EVP_KDF-TLS1_PRF.7ssl.gz", "/usr/share/man/man7/EVP_KDF-X942-ASN1.7ssl.gz", "/usr/share/man/man7/EVP_KDF-X942-CONCAT.7ssl.gz", "/usr/share/man/man7/EVP_KDF-X963.7ssl.gz", "/usr/share/man/man7/EVP_KEM-EC.7ssl.gz", "/usr/share/man/man7/EVP_KEM-ML-KEM.7ssl.gz", "/usr/share/man/man7/EVP_KEM-RSA.7ssl.gz", "/usr/share/man/man7/EVP_KEM-X25519.7ssl.gz", "/usr/share/man/man7/EVP_KEYEXCH-DH.7ssl.gz", "/usr/share/man/man7/EVP_KEYEXCH-ECDH.7ssl.gz", "/usr/share/man/man7/EVP_KEYEXCH-X25519.7ssl.gz", "/usr/share/man/man7/EVP_MAC-BLAKE2.7ssl.gz", "/usr/share/man/man7/EVP_MAC-CMAC.7ssl.gz", "/usr/share/man/man7/EVP_MAC-GMAC.7ssl.gz", "/usr/share/man/man7/EVP_MAC-HMAC.7ssl.gz", "/usr/share/man/man7/EVP_MAC-KMAC.7ssl.gz", "/usr/share/man/man7/EVP_MAC-Poly1305.7ssl.gz", "/usr/share/man/man7/EVP_MAC-Siphash.7ssl.gz", "/usr/share/man/man7/EVP_MD-BLAKE2.7ssl.gz", "/usr/share/man/man7/EVP_MD-KECCAK.7ssl.gz", "/usr/share/man/man7/EVP_MD-MD2.7ssl.gz", "/usr/share/man/man7/EVP_MD-MD4.7ssl.gz", "/usr/share/man/man7/EVP_MD-MD5-SHA1.7ssl.gz", "/usr/share/man/man7/EVP_MD-MD5.7ssl.gz", "/usr/share/man/man7/EVP_MD-MDC2.7ssl.gz", "/usr/share/man/man7/EVP_MD-NULL.7ssl.gz", "/usr/share/man/man7/EVP_MD-RIPEMD160.7ssl.gz", "/usr/share/man/man7/EVP_MD-SHA1.7ssl.gz", "/usr/share/man/man7/EVP_MD-SHA2.7ssl.gz", "/usr/share/man/man7/EVP_MD-SHA3.7ssl.gz", "/usr/share/man/man7/EVP_MD-SHAKE.7ssl.gz", "/usr/share/man/man7/EVP_MD-SM3.7ssl.gz", "/usr/share/man/man7/EVP_MD-WHIRLPOOL.7ssl.gz", "/usr/share/man/man7/EVP_MD-common.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-DH.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-DSA.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-EC.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-FFC.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-HMAC.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-ML-DSA.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-ML-KEM.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-RSA.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-SLH-DSA.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-SM2.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-X25519.7ssl.gz", "/usr/share/man/man7/EVP_RAND-CRNG-TEST.7ssl.gz", "/usr/share/man/man7/EVP_RAND-CTR-DRBG.7ssl.gz", "/usr/share/man/man7/EVP_RAND-HASH-DRBG.7ssl.gz", "/usr/share/man/man7/EVP_RAND-HMAC-DRBG.7ssl.gz", "/usr/share/man/man7/EVP_RAND-JITTER.7ssl.gz", "/usr/share/man/man7/EVP_RAND-SEED-SRC.7ssl.gz", "/usr/share/man/man7/EVP_RAND-TEST-RAND.7ssl.gz", "/usr/share/man/man7/EVP_RAND.7ssl.gz", "/usr/share/man/man7/EVP_SIGNATURE-DSA.7ssl.gz", "/usr/share/man/man7/EVP_SIGNATURE-ECDSA.7ssl.gz", "/usr/share/man/man7/EVP_SIGNATURE-ED25519.7ssl.gz", "/usr/share/man/man7/EVP_SIGNATURE-HMAC.7ssl.gz", "/usr/share/man/man7/EVP_SIGNATURE-ML-DSA.7ssl.gz", "/usr/share/man/man7/EVP_SIGNATURE-RSA.7ssl.gz", "/usr/share/man/man7/EVP_SIGNATURE-SLH-DSA.7ssl.gz", "/usr/share/man/man7/OSSL_PROVIDER-FIPS.7ssl.gz", "/usr/share/man/man7/OSSL_PROVIDER-base.7ssl.gz", "/usr/share/man/man7/OSSL_PROVIDER-default.7ssl.gz", "/usr/share/man/man7/OSSL_PROVIDER-legacy.7ssl.gz", "/usr/share/man/man7/OSSL_PROVIDER-null.7ssl.gz", "/usr/share/man/man7/OSSL_STORE-winstore.7ssl.gz", "/usr/share/man/man7/RAND.7ssl.gz", "/usr/share/man/man7/RSA-PSS.7ssl.gz", "/usr/share/man/man7/X25519.7ssl.gz", "/usr/share/man/man7/bio.7ssl.gz", "/usr/share/man/man7/ct.7ssl.gz", "/usr/share/man/man7/des_modes.7ssl.gz", "/usr/share/man/man7/evp.7ssl.gz", "/usr/share/man/man7/fips_module.7ssl.gz", "/usr/share/man/man7/life_cycle-cipher.7ssl.gz", "/usr/share/man/man7/life_cycle-digest.7ssl.gz", "/usr/share/man/man7/life_cycle-kdf.7ssl.gz", "/usr/share/man/man7/life_cycle-mac.7ssl.gz", "/usr/share/man/man7/life_cycle-pkey.7ssl.gz", "/usr/share/man/man7/life_cycle-rand.7ssl.gz", "/usr/share/man/man7/openssl-core.h.7ssl.gz", "/usr/share/man/man7/openssl-core_dispatch.h.7ssl.gz", "/usr/share/man/man7/openssl-core_names.h.7ssl.gz", "/usr/share/man/man7/openssl-env.7ssl.gz", "/usr/share/man/man7/openssl-glossary.7ssl.gz", "/usr/share/man/man7/openssl-qlog.7ssl.gz", "/usr/share/man/man7/openssl-quic-concurrency.7ssl.gz", "/usr/share/man/man7/openssl-quic.7ssl.gz", "/usr/share/man/man7/openssl-threads.7ssl.gz", "/usr/share/man/man7/openssl_user_macros.7ssl.gz", "/usr/share/man/man7/ossl-guide-introduction.7ssl.gz", "/usr/share/man/man7/ossl-guide-libcrypto-introduction.7ssl.gz", "/usr/share/man/man7/ossl-guide-libraries-introduction.7ssl.gz", "/usr/share/man/man7/ossl-guide-libssl-introduction.7ssl.gz", "/usr/share/man/man7/ossl-guide-migration.7ssl.gz", "/usr/share/man/man7/ossl-guide-quic-client-block.7ssl.gz", "/usr/share/man/man7/ossl-guide-quic-client-non-block.7ssl.gz", "/usr/share/man/man7/ossl-guide-quic-introduction.7ssl.gz", "/usr/share/man/man7/ossl-guide-quic-multi-stream.7ssl.gz", "/usr/share/man/man7/ossl-guide-quic-server-block.7ssl.gz", "/usr/share/man/man7/ossl-guide-quic-server-non-block.7ssl.gz", "/usr/share/man/man7/ossl-guide-tls-client-block.7ssl.gz", "/usr/share/man/man7/ossl-guide-tls-client-non-block.7ssl.gz", "/usr/share/man/man7/ossl-guide-tls-introduction.7ssl.gz", "/usr/share/man/man7/ossl-guide-tls-server-block.7ssl.gz", "/usr/share/man/man7/ossl_store-file.7ssl.gz", "/usr/share/man/man7/ossl_store.7ssl.gz", "/usr/share/man/man7/passphrase-encoding.7ssl.gz", "/usr/share/man/man7/property.7ssl.gz", "/usr/share/man/man7/provider-asym_cipher.7ssl.gz", "/usr/share/man/man7/provider-base.7ssl.gz", "/usr/share/man/man7/provider-cipher.7ssl.gz", "/usr/share/man/man7/provider-decoder.7ssl.gz", "/usr/share/man/man7/provider-digest.7ssl.gz", "/usr/share/man/man7/provider-encoder.7ssl.gz", "/usr/share/man/man7/provider-kdf.7ssl.gz", "/usr/share/man/man7/provider-kem.7ssl.gz", "/usr/share/man/man7/provider-keyexch.7ssl.gz", "/usr/share/man/man7/provider-keymgmt.7ssl.gz", "/usr/share/man/man7/provider-mac.7ssl.gz", "/usr/share/man/man7/provider-object.7ssl.gz", "/usr/share/man/man7/provider-rand.7ssl.gz", "/usr/share/man/man7/provider-signature.7ssl.gz", "/usr/share/man/man7/provider-skeymgmt.7ssl.gz", "/usr/share/man/man7/provider-storemgmt.7ssl.gz", "/usr/share/man/man7/provider.7ssl.gz", "/usr/share/man/man7/proxy-certificates.7ssl.gz", "/usr/share/man/man7/x509.7ssl.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "openssl-provider-legacy@3.5.6-1~deb13u1", "Name": "openssl-provider-legacy", "Identifier": { "PURL": "pkg:deb/debian/openssl-provider-legacy@3.5.6-1~deb13u1?arch=amd64\u0026distro=debian-13.5", "UID": "c38741326d0e034f" }, "Version": "3.5.6", "Release": "1~deb13u1", "Arch": "amd64", "SrcName": "openssl", "SrcVersion": "3.5.6", "SrcRelease": "1~deb13u1", "Licenses": [ "Apache-2.0", "Artistic-2.0", "GPL-1.0-or-later", "GPL-1.0-only" ], "Maintainer": "Debian OpenSSL Team \u003cpkg-openssl-devel@alioth-lists.debian.net\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libssl3t64@3.5.6-1~deb13u1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/ossl-modules/legacy.so", "/usr/share/doc/openssl-provider-legacy/changelog.Debian.gz", "/usr/share/doc/openssl-provider-legacy/changelog.gz", "/usr/share/doc/openssl-provider-legacy/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "passwd@1:4.17.4-2", "Name": "passwd", "Identifier": { "PURL": "pkg:deb/debian/passwd@4.17.4-2?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "d93f813ae3092e32" }, "Version": "4.17.4", "Release": "2", "Epoch": 1, "Arch": "amd64", "SrcName": "shadow", "SrcVersion": "4.17.4", "SrcRelease": "2", "SrcEpoch": 1, "Licenses": [ "BSD-3-Clause", "GPL-1.0-only", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Shadow package maintainers \u003cpkg-shadow-devel@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "base-passwd@3.6.7", "libacl1@2.3.2-2+b1", "libattr1@1:2.5.2-3", "libaudit1@1:4.0.2-2+b2", "libbsd0@0.12.2-2", "libc6@2.41-12+deb13u3", "libcrypt1@1:4.4.38-1", "libpam-modules@1.7.0-5", "libpam0g@1.7.0-5", "libselinux1@3.8.1-1", "libsemanage2@3.8.1-1", "login.defs@1:4.17.4-2" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/chage", "/usr/bin/chfn", "/usr/bin/chsh", "/usr/bin/expiry", "/usr/bin/gpasswd", "/usr/bin/passwd", "/usr/lib/tmpfiles.d/passwd.conf", "/usr/sbin/chgpasswd", "/usr/sbin/chpasswd", "/usr/sbin/groupadd", "/usr/sbin/groupdel", "/usr/sbin/groupmod", "/usr/sbin/grpck", "/usr/sbin/grpconv", "/usr/sbin/grpunconv", "/usr/sbin/newusers", "/usr/sbin/pwck", "/usr/sbin/pwconv", "/usr/sbin/pwunconv", "/usr/sbin/shadowconfig", "/usr/sbin/useradd", "/usr/sbin/userdel", "/usr/sbin/usermod", "/usr/sbin/vipw", "/usr/share/doc/passwd/NEWS.Debian.gz", "/usr/share/doc/passwd/README.Debian", "/usr/share/doc/passwd/TODO.Debian", "/usr/share/doc/passwd/changelog.Debian.gz", "/usr/share/doc/passwd/changelog.gz", "/usr/share/doc/passwd/copyright", "/usr/share/doc/passwd/examples/passwd.expire.cron", "/usr/share/lintian/overrides/passwd", "/usr/share/locale/bs/LC_MESSAGES/shadow.mo", "/usr/share/locale/ca/LC_MESSAGES/shadow.mo", "/usr/share/locale/cs/LC_MESSAGES/shadow.mo", "/usr/share/locale/da/LC_MESSAGES/shadow.mo", "/usr/share/locale/de/LC_MESSAGES/shadow.mo", "/usr/share/locale/dz/LC_MESSAGES/shadow.mo", "/usr/share/locale/el/LC_MESSAGES/shadow.mo", "/usr/share/locale/es/LC_MESSAGES/shadow.mo", "/usr/share/locale/eu/LC_MESSAGES/shadow.mo", "/usr/share/locale/fi/LC_MESSAGES/shadow.mo", "/usr/share/locale/fr/LC_MESSAGES/shadow.mo", "/usr/share/locale/gl/LC_MESSAGES/shadow.mo", "/usr/share/locale/he/LC_MESSAGES/shadow.mo", "/usr/share/locale/hu/LC_MESSAGES/shadow.mo", "/usr/share/locale/id/LC_MESSAGES/shadow.mo", "/usr/share/locale/it/LC_MESSAGES/shadow.mo", "/usr/share/locale/ja/LC_MESSAGES/shadow.mo", "/usr/share/locale/ka/LC_MESSAGES/shadow.mo", "/usr/share/locale/kk/LC_MESSAGES/shadow.mo", "/usr/share/locale/km/LC_MESSAGES/shadow.mo", "/usr/share/locale/ko/LC_MESSAGES/shadow.mo", "/usr/share/locale/nb/LC_MESSAGES/shadow.mo", "/usr/share/locale/ne/LC_MESSAGES/shadow.mo", "/usr/share/locale/nl/LC_MESSAGES/shadow.mo", "/usr/share/locale/nn/LC_MESSAGES/shadow.mo", "/usr/share/locale/pl/LC_MESSAGES/shadow.mo", "/usr/share/locale/pt/LC_MESSAGES/shadow.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/shadow.mo", "/usr/share/locale/ro/LC_MESSAGES/shadow.mo", "/usr/share/locale/ru/LC_MESSAGES/shadow.mo", "/usr/share/locale/sk/LC_MESSAGES/shadow.mo", "/usr/share/locale/sq/LC_MESSAGES/shadow.mo", "/usr/share/locale/sv/LC_MESSAGES/shadow.mo", "/usr/share/locale/tl/LC_MESSAGES/shadow.mo", "/usr/share/locale/tr/LC_MESSAGES/shadow.mo", "/usr/share/locale/uk/LC_MESSAGES/shadow.mo", "/usr/share/locale/vi/LC_MESSAGES/shadow.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/shadow.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/shadow.mo", "/usr/share/man/cs/man1/expiry.1.gz", "/usr/share/man/cs/man1/gpasswd.1.gz", "/usr/share/man/cs/man5/gshadow.5.gz", "/usr/share/man/cs/man5/passwd.5.gz", "/usr/share/man/cs/man5/shadow.5.gz", "/usr/share/man/cs/man8/groupadd.8.gz", "/usr/share/man/cs/man8/groupdel.8.gz", "/usr/share/man/cs/man8/groupmod.8.gz", "/usr/share/man/cs/man8/grpck.8.gz", "/usr/share/man/cs/man8/vipw.8.gz", "/usr/share/man/da/man1/chfn.1.gz", "/usr/share/man/da/man5/gshadow.5.gz", "/usr/share/man/da/man8/groupdel.8.gz", "/usr/share/man/da/man8/vipw.8.gz", "/usr/share/man/de/man1/chage.1.gz", "/usr/share/man/de/man1/chfn.1.gz", "/usr/share/man/de/man1/chsh.1.gz", "/usr/share/man/de/man1/expiry.1.gz", "/usr/share/man/de/man1/gpasswd.1.gz", "/usr/share/man/de/man1/passwd.1.gz", "/usr/share/man/de/man5/gshadow.5.gz", "/usr/share/man/de/man5/passwd.5.gz", "/usr/share/man/de/man5/shadow.5.gz", "/usr/share/man/de/man8/chgpasswd.8.gz", "/usr/share/man/de/man8/chpasswd.8.gz", "/usr/share/man/de/man8/groupadd.8.gz", "/usr/share/man/de/man8/groupdel.8.gz", "/usr/share/man/de/man8/groupmod.8.gz", "/usr/share/man/de/man8/grpck.8.gz", "/usr/share/man/de/man8/newusers.8.gz", "/usr/share/man/de/man8/pwck.8.gz", "/usr/share/man/de/man8/pwconv.8.gz", "/usr/share/man/de/man8/useradd.8.gz", "/usr/share/man/de/man8/userdel.8.gz", "/usr/share/man/de/man8/usermod.8.gz", "/usr/share/man/de/man8/vipw.8.gz", "/usr/share/man/fi/man1/chfn.1.gz", "/usr/share/man/fi/man1/chsh.1.gz", "/usr/share/man/fr/man1/chage.1.gz", "/usr/share/man/fr/man1/chfn.1.gz", "/usr/share/man/fr/man1/chsh.1.gz", "/usr/share/man/fr/man1/expiry.1.gz", "/usr/share/man/fr/man1/gpasswd.1.gz", "/usr/share/man/fr/man1/passwd.1.gz", "/usr/share/man/fr/man5/gshadow.5.gz", "/usr/share/man/fr/man5/passwd.5.gz", "/usr/share/man/fr/man5/shadow.5.gz", "/usr/share/man/fr/man5/subgid.5.gz", "/usr/share/man/fr/man5/subuid.5.gz", "/usr/share/man/fr/man8/chgpasswd.8.gz", "/usr/share/man/fr/man8/chpasswd.8.gz", "/usr/share/man/fr/man8/groupadd.8.gz", "/usr/share/man/fr/man8/groupdel.8.gz", "/usr/share/man/fr/man8/groupmod.8.gz", "/usr/share/man/fr/man8/grpck.8.gz", "/usr/share/man/fr/man8/newusers.8.gz", "/usr/share/man/fr/man8/pwck.8.gz", "/usr/share/man/fr/man8/pwconv.8.gz", "/usr/share/man/fr/man8/useradd.8.gz", "/usr/share/man/fr/man8/userdel.8.gz", "/usr/share/man/fr/man8/usermod.8.gz", "/usr/share/man/fr/man8/vipw.8.gz", "/usr/share/man/hu/man1/chsh.1.gz", "/usr/share/man/hu/man1/gpasswd.1.gz", "/usr/share/man/hu/man1/passwd.1.gz", "/usr/share/man/hu/man5/passwd.5.gz", "/usr/share/man/id/man1/chsh.1.gz", "/usr/share/man/id/man8/useradd.8.gz", "/usr/share/man/it/man1/chage.1.gz", "/usr/share/man/it/man1/chfn.1.gz", "/usr/share/man/it/man1/chsh.1.gz", "/usr/share/man/it/man1/expiry.1.gz", "/usr/share/man/it/man1/gpasswd.1.gz", "/usr/share/man/it/man1/passwd.1.gz", "/usr/share/man/it/man5/gshadow.5.gz", "/usr/share/man/it/man5/passwd.5.gz", "/usr/share/man/it/man5/shadow.5.gz", "/usr/share/man/it/man8/chgpasswd.8.gz", "/usr/share/man/it/man8/chpasswd.8.gz", "/usr/share/man/it/man8/groupadd.8.gz", "/usr/share/man/it/man8/groupdel.8.gz", "/usr/share/man/it/man8/groupmod.8.gz", "/usr/share/man/it/man8/grpck.8.gz", "/usr/share/man/it/man8/newusers.8.gz", "/usr/share/man/it/man8/pwck.8.gz", "/usr/share/man/it/man8/pwconv.8.gz", "/usr/share/man/it/man8/useradd.8.gz", "/usr/share/man/it/man8/userdel.8.gz", "/usr/share/man/it/man8/usermod.8.gz", "/usr/share/man/it/man8/vipw.8.gz", "/usr/share/man/ja/man1/chage.1.gz", "/usr/share/man/ja/man1/chfn.1.gz", "/usr/share/man/ja/man1/chsh.1.gz", "/usr/share/man/ja/man1/expiry.1.gz", "/usr/share/man/ja/man1/gpasswd.1.gz", "/usr/share/man/ja/man1/passwd.1.gz", "/usr/share/man/ja/man5/passwd.5.gz", "/usr/share/man/ja/man5/shadow.5.gz", "/usr/share/man/ja/man8/chpasswd.8.gz", "/usr/share/man/ja/man8/groupadd.8.gz", "/usr/share/man/ja/man8/groupdel.8.gz", "/usr/share/man/ja/man8/groupmod.8.gz", "/usr/share/man/ja/man8/grpck.8.gz", "/usr/share/man/ja/man8/newusers.8.gz", "/usr/share/man/ja/man8/pwck.8.gz", "/usr/share/man/ja/man8/pwconv.8.gz", "/usr/share/man/ja/man8/useradd.8.gz", "/usr/share/man/ja/man8/userdel.8.gz", "/usr/share/man/ja/man8/usermod.8.gz", "/usr/share/man/ja/man8/vipw.8.gz", "/usr/share/man/ko/man1/chfn.1.gz", "/usr/share/man/ko/man1/chsh.1.gz", "/usr/share/man/ko/man5/passwd.5.gz", "/usr/share/man/ko/man8/vipw.8.gz", "/usr/share/man/man1/chage.1.gz", "/usr/share/man/man1/chfn.1.gz", "/usr/share/man/man1/chsh.1.gz", "/usr/share/man/man1/expiry.1.gz", "/usr/share/man/man1/gpasswd.1.gz", "/usr/share/man/man1/passwd.1.gz", "/usr/share/man/man5/gshadow.5.gz", "/usr/share/man/man5/passwd.5.gz", "/usr/share/man/man5/shadow.5.gz", "/usr/share/man/man5/subgid.5.gz", "/usr/share/man/man5/subuid.5.gz", "/usr/share/man/man8/chgpasswd.8.gz", "/usr/share/man/man8/chpasswd.8.gz", "/usr/share/man/man8/groupadd.8.gz", "/usr/share/man/man8/groupdel.8.gz", "/usr/share/man/man8/groupmod.8.gz", "/usr/share/man/man8/grpck.8.gz", "/usr/share/man/man8/newusers.8.gz", "/usr/share/man/man8/pwck.8.gz", "/usr/share/man/man8/pwconv.8.gz", "/usr/share/man/man8/shadowconfig.8.gz", "/usr/share/man/man8/useradd.8.gz", "/usr/share/man/man8/userdel.8.gz", "/usr/share/man/man8/usermod.8.gz", "/usr/share/man/man8/vipw.8.gz", "/usr/share/man/pl/man1/chage.1.gz", "/usr/share/man/pl/man1/chsh.1.gz", "/usr/share/man/pl/man1/expiry.1.gz", "/usr/share/man/pl/man8/groupadd.8.gz", "/usr/share/man/pl/man8/groupdel.8.gz", "/usr/share/man/pl/man8/groupmod.8.gz", "/usr/share/man/pl/man8/grpck.8.gz", "/usr/share/man/pl/man8/userdel.8.gz", "/usr/share/man/pl/man8/usermod.8.gz", "/usr/share/man/pl/man8/vipw.8.gz", "/usr/share/man/pt_BR/man1/gpasswd.1.gz", "/usr/share/man/pt_BR/man5/passwd.5.gz", "/usr/share/man/pt_BR/man5/shadow.5.gz", "/usr/share/man/pt_BR/man8/groupadd.8.gz", "/usr/share/man/pt_BR/man8/groupdel.8.gz", "/usr/share/man/pt_BR/man8/groupmod.8.gz", "/usr/share/man/ru/man1/chage.1.gz", "/usr/share/man/ru/man1/chfn.1.gz", "/usr/share/man/ru/man1/chsh.1.gz", "/usr/share/man/ru/man1/expiry.1.gz", "/usr/share/man/ru/man1/gpasswd.1.gz", "/usr/share/man/ru/man1/passwd.1.gz", "/usr/share/man/ru/man5/gshadow.5.gz", "/usr/share/man/ru/man5/passwd.5.gz", "/usr/share/man/ru/man5/shadow.5.gz", "/usr/share/man/ru/man8/chgpasswd.8.gz", "/usr/share/man/ru/man8/chpasswd.8.gz", "/usr/share/man/ru/man8/groupadd.8.gz", "/usr/share/man/ru/man8/groupdel.8.gz", "/usr/share/man/ru/man8/groupmod.8.gz", "/usr/share/man/ru/man8/grpck.8.gz", "/usr/share/man/ru/man8/newusers.8.gz", "/usr/share/man/ru/man8/pwck.8.gz", "/usr/share/man/ru/man8/pwconv.8.gz", "/usr/share/man/ru/man8/useradd.8.gz", "/usr/share/man/ru/man8/userdel.8.gz", "/usr/share/man/ru/man8/usermod.8.gz", "/usr/share/man/ru/man8/vipw.8.gz", "/usr/share/man/sv/man1/chage.1.gz", "/usr/share/man/sv/man1/chsh.1.gz", "/usr/share/man/sv/man1/expiry.1.gz", "/usr/share/man/sv/man1/passwd.1.gz", "/usr/share/man/sv/man5/gshadow.5.gz", "/usr/share/man/sv/man5/passwd.5.gz", "/usr/share/man/sv/man8/groupadd.8.gz", "/usr/share/man/sv/man8/groupdel.8.gz", "/usr/share/man/sv/man8/groupmod.8.gz", "/usr/share/man/sv/man8/grpck.8.gz", "/usr/share/man/sv/man8/pwck.8.gz", "/usr/share/man/sv/man8/userdel.8.gz", "/usr/share/man/sv/man8/vipw.8.gz", "/usr/share/man/tr/man1/chage.1.gz", "/usr/share/man/tr/man1/chfn.1.gz", "/usr/share/man/tr/man1/passwd.1.gz", "/usr/share/man/tr/man5/passwd.5.gz", "/usr/share/man/tr/man5/shadow.5.gz", "/usr/share/man/tr/man8/groupadd.8.gz", "/usr/share/man/tr/man8/groupdel.8.gz", "/usr/share/man/tr/man8/groupmod.8.gz", "/usr/share/man/tr/man8/useradd.8.gz", "/usr/share/man/tr/man8/userdel.8.gz", "/usr/share/man/tr/man8/usermod.8.gz", "/usr/share/man/uk/man1/chage.1.gz", "/usr/share/man/uk/man1/chfn.1.gz", "/usr/share/man/uk/man1/chsh.1.gz", "/usr/share/man/uk/man1/expiry.1.gz", "/usr/share/man/uk/man1/gpasswd.1.gz", "/usr/share/man/uk/man1/passwd.1.gz", "/usr/share/man/uk/man5/gshadow.5.gz", "/usr/share/man/uk/man5/passwd.5.gz", "/usr/share/man/uk/man5/shadow.5.gz", "/usr/share/man/uk/man8/chgpasswd.8.gz", "/usr/share/man/uk/man8/chpasswd.8.gz", "/usr/share/man/uk/man8/groupadd.8.gz", "/usr/share/man/uk/man8/groupdel.8.gz", "/usr/share/man/uk/man8/groupmod.8.gz", "/usr/share/man/uk/man8/grpck.8.gz", "/usr/share/man/uk/man8/newusers.8.gz", "/usr/share/man/uk/man8/pwck.8.gz", "/usr/share/man/uk/man8/pwconv.8.gz", "/usr/share/man/uk/man8/useradd.8.gz", "/usr/share/man/uk/man8/userdel.8.gz", "/usr/share/man/uk/man8/usermod.8.gz", "/usr/share/man/uk/man8/vipw.8.gz", "/usr/share/man/zh_CN/man1/chage.1.gz", "/usr/share/man/zh_CN/man1/chfn.1.gz", "/usr/share/man/zh_CN/man1/chsh.1.gz", "/usr/share/man/zh_CN/man1/expiry.1.gz", "/usr/share/man/zh_CN/man1/gpasswd.1.gz", "/usr/share/man/zh_CN/man1/passwd.1.gz", "/usr/share/man/zh_CN/man5/gshadow.5.gz", "/usr/share/man/zh_CN/man5/passwd.5.gz", "/usr/share/man/zh_CN/man5/shadow.5.gz", "/usr/share/man/zh_CN/man8/chgpasswd.8.gz", "/usr/share/man/zh_CN/man8/chpasswd.8.gz", "/usr/share/man/zh_CN/man8/groupadd.8.gz", "/usr/share/man/zh_CN/man8/groupdel.8.gz", "/usr/share/man/zh_CN/man8/groupmod.8.gz", "/usr/share/man/zh_CN/man8/grpck.8.gz", "/usr/share/man/zh_CN/man8/newusers.8.gz", "/usr/share/man/zh_CN/man8/pwck.8.gz", "/usr/share/man/zh_CN/man8/pwconv.8.gz", "/usr/share/man/zh_CN/man8/useradd.8.gz", "/usr/share/man/zh_CN/man8/userdel.8.gz", "/usr/share/man/zh_CN/man8/usermod.8.gz", "/usr/share/man/zh_CN/man8/vipw.8.gz", "/usr/share/man/zh_TW/man1/chfn.1.gz", "/usr/share/man/zh_TW/man1/chsh.1.gz", "/usr/share/man/zh_TW/man5/passwd.5.gz", "/usr/share/man/zh_TW/man8/chpasswd.8.gz", "/usr/share/man/zh_TW/man8/groupadd.8.gz", "/usr/share/man/zh_TW/man8/groupdel.8.gz", "/usr/share/man/zh_TW/man8/groupmod.8.gz", "/usr/share/man/zh_TW/man8/useradd.8.gz", "/usr/share/man/zh_TW/man8/userdel.8.gz", "/usr/share/man/zh_TW/man8/usermod.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "perl-base@5.40.1-6", "Name": "perl-base", "Identifier": { "PURL": "pkg:deb/debian/perl-base@5.40.1-6?arch=amd64\u0026distro=debian-13.5", "UID": "546ba1bdcd66d61" }, "Version": "5.40.1", "Release": "6", "Arch": "amd64", "SrcName": "perl", "SrcVersion": "5.40.1", "SrcRelease": "6", "Licenses": [ "GPL-1.0-or-later", "Artistic-2.0", "MIT", "REGCOMP", "GPL-2.0-with-bison-exception+", "Unicode", "BZIP", "Zlib", "GPL-2.0-or-later", "FSFAP", "BSD-3-clause-with-weird-numbering", "CC0-1.0", "TEXT-TABS", "BSD-4-clause-POWERDOG", "BSD-3-clause-GENERIC", "BSD-3-Clause", "SDBM-PUBLIC-DOMAIN", "DONT-CHANGE-THE-GPL", "Artistic-dist", "LGPL-2.1-only", "GPL-1.0-only", "GPL-2.0-only", "Artistic-2" ], "Maintainer": "Niko Tyni \u003cntyni@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/perl", "/usr/bin/perl5.40.1", "/usr/lib/x86_64-linux-gnu/perl-base/AutoLoader.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Carp.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Carp/Heavy.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Config.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Config_git.pl", "/usr/lib/x86_64-linux-gnu/perl-base/Config_heavy.pl", "/usr/lib/x86_64-linux-gnu/perl-base/Cwd.pm", "/usr/lib/x86_64-linux-gnu/perl-base/DynaLoader.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Errno.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Exporter.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Exporter/Heavy.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Fcntl.pm", "/usr/lib/x86_64-linux-gnu/perl-base/File/Basename.pm", "/usr/lib/x86_64-linux-gnu/perl-base/File/Glob.pm", "/usr/lib/x86_64-linux-gnu/perl-base/File/Path.pm", "/usr/lib/x86_64-linux-gnu/perl-base/File/Spec.pm", "/usr/lib/x86_64-linux-gnu/perl-base/File/Spec/Unix.pm", "/usr/lib/x86_64-linux-gnu/perl-base/File/Temp.pm", "/usr/lib/x86_64-linux-gnu/perl-base/FileHandle.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Getopt/Long.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Getopt/Long/Parser.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Hash/Util.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/File.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Handle.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Pipe.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Seekable.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Select.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket/INET.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket/IP.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket/UNIX.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IPC/Open2.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IPC/Open3.pm", "/usr/lib/x86_64-linux-gnu/perl-base/List/Util.pm", "/usr/lib/x86_64-linux-gnu/perl-base/POSIX.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Scalar/Util.pm", "/usr/lib/x86_64-linux-gnu/perl-base/SelectSaver.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Socket.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Symbol.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Text/ParseWords.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Text/Tabs.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Text/Wrap.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Tie/Hash.pm", "/usr/lib/x86_64-linux-gnu/perl-base/XSLoader.pm", "/usr/lib/x86_64-linux-gnu/perl-base/attributes.pm", "/usr/lib/x86_64-linux-gnu/perl-base/auto/Cwd/Cwd.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/Fcntl/Fcntl.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/File/Glob/Glob.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/Hash/Util/Util.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/IO/IO.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/List/Util/Util.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/POSIX/POSIX.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/Socket/Socket.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/attributes/attributes.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/re/re.so", "/usr/lib/x86_64-linux-gnu/perl-base/base.pm", "/usr/lib/x86_64-linux-gnu/perl-base/builtin.pm", "/usr/lib/x86_64-linux-gnu/perl-base/bytes.pm", "/usr/lib/x86_64-linux-gnu/perl-base/constant.pm", "/usr/lib/x86_64-linux-gnu/perl-base/feature.pm", "/usr/lib/x86_64-linux-gnu/perl-base/fields.pm", "/usr/lib/x86_64-linux-gnu/perl-base/integer.pm", "/usr/lib/x86_64-linux-gnu/perl-base/lib.pm", "/usr/lib/x86_64-linux-gnu/perl-base/locale.pm", "/usr/lib/x86_64-linux-gnu/perl-base/overload.pm", "/usr/lib/x86_64-linux-gnu/perl-base/overloading.pm", "/usr/lib/x86_64-linux-gnu/perl-base/parent.pm", "/usr/lib/x86_64-linux-gnu/perl-base/re.pm", "/usr/lib/x86_64-linux-gnu/perl-base/strict.pm", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Age.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bmg.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bpb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bpt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Cf.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Ea.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/EqUIdeo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/GCB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Gc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Hst.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Identif2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Identifi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/InPC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/InSC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Isc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Jg.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Jt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Lb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Lc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFCQC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFDQC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFKCCF.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFKCQC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFKDQC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Na1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NameAlia.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Nt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Nv.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/PerlDeci.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/SB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Sc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Scx.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Tc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Uc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Vo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/WB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/_PerlLB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/_PerlSCX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/NA.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V100.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V11.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V110.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V120.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V130.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V140.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V150.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V20.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V30.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V31.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V32.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V40.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V41.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V50.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V51.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V52.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V60.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V61.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V70.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V80.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V90.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Alpha/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/AL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/AN.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/B.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/BN.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/CS.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/EN.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/ES.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/ET.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/L.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/NSM.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/ON.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/R.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/WS.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/BidiC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/BidiM/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Blk/NB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bpt/C.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bpt/N.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bpt/O.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CE/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CI/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWCF/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWCM/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWKCF/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWL/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWT/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWU/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Cased/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/A.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/AL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/AR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/ATAR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/B.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/BR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/DB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/NK.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/NR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/OV.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/VR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CompEx/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/DI/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dash/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dep/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dia/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Com.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Enc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Fin.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Font.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Init.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Iso.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Med.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Nar.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Nb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/NonCanon.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Sqr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Sub.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Sup.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Vert.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/EBase/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/EComp/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/EPres/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/A.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/H.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/N.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/Na.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/W.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Emoji/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ext/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/ExtPict/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/CN.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/EX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/LV.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/LVT.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/PP.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/SM.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/XX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/C.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Cf.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Cn.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/L.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/LC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Ll.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Lm.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Lo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Lu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/M.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Mc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Me.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Mn.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/N.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Nd.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Nl.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/No.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/P.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pd.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pe.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pf.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Po.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Ps.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/S.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Sc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Sk.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Sm.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/So.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Z.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Zs.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GrBase/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GrExt/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Hex/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Hst/NA.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Hyphen/T.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IDC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IDS/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdStatus/Allowed.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdStatus/Restrict.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/DefaultI.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Exclusio.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Inclusio.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/LimitedU.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/NotChara.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/NotNFKC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/NotXID.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Obsolete.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Recommen.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Technica.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Uncommon.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ideo/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/10_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/11_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/12_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/12_1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/13_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/14_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/15_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/2_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/2_1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/3_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/3_1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/3_2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/4_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/4_1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/5_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/5_1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/5_2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_3.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/7_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/8_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/9_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Bottom.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/BottomAn.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Left.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/LeftAndR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/NA.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Overstru.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Right.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Top.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndBo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndL2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndLe.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndRi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/VisualOr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Avagraha.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Bindu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Cantilla.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona3.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona4.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona5.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona6.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona7.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona8.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona9.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consonan.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Geminati.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Invisibl.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Nukta.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Number.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Other.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/PureKill.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Syllable.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/ToneMark.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Virama.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Visarga.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Vowel.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/VowelDep.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/VowelInd.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Ain.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Alef.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Beh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Dal.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/FarsiYeh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Feh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Gaf.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Hah.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/HanifiRo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Kaf.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Lam.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/NoJoinin.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Noon.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Qaf.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Reh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Sad.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Seen.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Tah.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Waw.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Yeh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/C.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/D.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/L.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/R.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/T.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/U.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/AI.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/AL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/BA.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/BB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/CJ.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/CL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/CM.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/EX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/GL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/ID.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/IN.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/IS.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/NS.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/NU.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/OP.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/PO.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/PR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/QU.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/SA.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/XX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lower/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Math/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFCQC/M.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFCQC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFDQC/N.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFDQC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKCQC/N.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKCQC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKDQC/N.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKDQC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nt/Di.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nt/None.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nt/Nu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/10.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/100.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/10000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/100000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/11.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/12.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/13.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/14.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/15.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/16.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/17.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/18.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/19.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_16.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_3.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_4.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_6.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_8.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/20.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/200.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/2000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/20000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/2_3.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/30.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/300.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/30000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3_16.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3_4.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/4.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/40.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/400.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/4000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/40000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/5.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/50.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/500.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/5000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/50000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/6.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/60.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/600.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/6000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/60000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/7.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/70.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/700.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/7000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/70000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/8.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/80.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/800.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/8000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/80000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/9.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/90.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/900.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/9000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/90000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/PCM/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/PatSyn/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Alnum.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Assigned.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Blank.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Graph.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/PerlWord.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/PosixPun.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Print.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/SpacePer.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Title.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Word.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/XPosixPu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlAny.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlCh2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlCha.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlFol.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlIDC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlIDS.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlIsI.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlNch.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlPat.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlPr2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlPro.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlQuo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/QMark/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/AT.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/CL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/EX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/FO.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/LE.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/LO.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/NU.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/SC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/ST.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/Sp.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/UP.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/XX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SD/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/STerm/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Arab.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Beng.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Cprt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Cyrl.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Deva.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Dupl.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Geor.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Glag.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gong.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gonm.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gran.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Grek.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gujr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Guru.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Han.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Hang.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Hira.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Kana.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Knda.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Latn.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Limb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Linb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Mlym.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Mong.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Mult.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Orya.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Sinh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Syrc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Taml.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Telu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Zinh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Zyyy.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Adlm.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Arab.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Armn.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Beng.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Bhks.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Bopo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cakm.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cham.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Copt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cprt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cyrl.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Deva.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Diak.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Dupl.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Ethi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Geor.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Glag.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gong.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gonm.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gran.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Grek.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gujr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Guru.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Han.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hang.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hebr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hira.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hmng.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hmnp.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Kana.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Khar.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Khmr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Khoj.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Knda.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Kthi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Lana.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Lao.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Latn.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Limb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Lina.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Linb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mlym.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mong.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mult.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mymr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Nand.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Nko.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Orya.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Phlp.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Rohg.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Shrd.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Sind.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Sinh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Syrc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tagb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Takr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Talu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Taml.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tang.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Telu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Thaa.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tibt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tirh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Vith.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Xsux.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Yezi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Yi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Zinh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Zyyy.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Zzzz.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Term/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/UIdeo/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Upper/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/VS/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/R.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/Tr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/Tu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/U.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/EX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/Extend.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/FO.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/HL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/KA.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/LE.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/MB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/ML.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/MN.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/NU.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/WSegSpac.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/XX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/XIDC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/XIDS/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/utf8.pm", "/usr/lib/x86_64-linux-gnu/perl-base/vars.pm", "/usr/lib/x86_64-linux-gnu/perl-base/warnings.pm", "/usr/lib/x86_64-linux-gnu/perl-base/warnings/register.pm", "/usr/share/doc/perl-base/changelog.Debian.gz", "/usr/share/doc/perl-base/changelog.gz", "/usr/share/doc/perl-base/copyright", "/usr/share/doc/perl/AUTHORS.gz", "/usr/share/doc/perl/Documentation", "/usr/share/lintian/overrides/perl-base", "/usr/share/man/man1/perl.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "readline-common@8.2-6", "Name": "readline-common", "Identifier": { "PURL": "pkg:deb/debian/readline-common@8.2-6?arch=all\u0026distro=debian-13.5", "UID": "e762758a1681f62e" }, "Version": "8.2", "Release": "6", "Arch": "all", "SrcName": "readline", "SrcVersion": "8.2", "SrcRelease": "6", "Licenses": [ "GPL-3.0-or-later", "GPL-3.0-only", "GPL-2.0-or-later", "GPL-2.0-only", "GFDL-1.3-no-invariants-or-later", "GFDL-1.3-or-later", "ISC-no-attribution" ], "Maintainer": "Matthias Klose \u003cdoko@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" }, "InstalledFiles": [ "/usr/share/doc/readline-common/changelog.Debian.gz", "/usr/share/doc/readline-common/changelog.gz", "/usr/share/doc/readline-common/copyright", "/usr/share/doc/readline-common/inputrc.arrows", "/usr/share/info/rluserman.info.gz", "/usr/share/lintian/overrides/readline-common", "/usr/share/man/man3/history.3readline.gz", "/usr/share/man/man3/readline.3readline.gz", "/usr/share/readline/inputrc" ], "AnalyzedBy": "dpkg" }, { "ID": "sed@4.9-2+deb13u1", "Name": "sed", "Identifier": { "PURL": "pkg:deb/debian/sed@4.9-2%2Bdeb13u1?arch=amd64\u0026distro=debian-13.5", "UID": "a041ea16982bb927" }, "Version": "4.9", "Release": "2+deb13u1", "Arch": "amd64", "SrcName": "sed", "SrcVersion": "4.9", "SrcRelease": "2+deb13u1", "Licenses": [ "GPL-3.0-or-later", "GPL-3.0-only", "X11", "GFDL-1.3-no-invariants-or-later", "GFDL-1.3-only", "ISC", "BSD-4-Clause-UC", "BSL-1", "pcre" ], "Maintainer": "Clint Adams \u003cclint@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/sed", "/usr/share/doc/sed/AUTHORS", "/usr/share/doc/sed/BUGS.gz", "/usr/share/doc/sed/NEWS.gz", "/usr/share/doc/sed/README", "/usr/share/doc/sed/THANKS.gz", "/usr/share/doc/sed/changelog.Debian.gz", "/usr/share/doc/sed/changelog.gz", "/usr/share/doc/sed/copyright", "/usr/share/doc/sed/examples/dc.sed", "/usr/share/doc/sed/sedfaq.txt.gz", "/usr/share/info/sed.info.gz", "/usr/share/locale/af/LC_MESSAGES/sed.mo", "/usr/share/locale/ast/LC_MESSAGES/sed.mo", "/usr/share/locale/bg/LC_MESSAGES/sed.mo", "/usr/share/locale/ca/LC_MESSAGES/sed.mo", "/usr/share/locale/cs/LC_MESSAGES/sed.mo", "/usr/share/locale/da/LC_MESSAGES/sed.mo", "/usr/share/locale/de/LC_MESSAGES/sed.mo", "/usr/share/locale/el/LC_MESSAGES/sed.mo", "/usr/share/locale/eo/LC_MESSAGES/sed.mo", "/usr/share/locale/es/LC_MESSAGES/sed.mo", "/usr/share/locale/et/LC_MESSAGES/sed.mo", "/usr/share/locale/eu/LC_MESSAGES/sed.mo", "/usr/share/locale/fi/LC_MESSAGES/sed.mo", "/usr/share/locale/fr/LC_MESSAGES/sed.mo", "/usr/share/locale/ga/LC_MESSAGES/sed.mo", "/usr/share/locale/gl/LC_MESSAGES/sed.mo", "/usr/share/locale/he/LC_MESSAGES/sed.mo", "/usr/share/locale/hr/LC_MESSAGES/sed.mo", "/usr/share/locale/hu/LC_MESSAGES/sed.mo", "/usr/share/locale/id/LC_MESSAGES/sed.mo", "/usr/share/locale/it/LC_MESSAGES/sed.mo", "/usr/share/locale/ja/LC_MESSAGES/sed.mo", "/usr/share/locale/ka/LC_MESSAGES/sed.mo", "/usr/share/locale/ko/LC_MESSAGES/sed.mo", "/usr/share/locale/nb/LC_MESSAGES/sed.mo", "/usr/share/locale/nl/LC_MESSAGES/sed.mo", "/usr/share/locale/pl/LC_MESSAGES/sed.mo", "/usr/share/locale/pt/LC_MESSAGES/sed.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/sed.mo", "/usr/share/locale/ro/LC_MESSAGES/sed.mo", "/usr/share/locale/ru/LC_MESSAGES/sed.mo", "/usr/share/locale/sk/LC_MESSAGES/sed.mo", "/usr/share/locale/sl/LC_MESSAGES/sed.mo", "/usr/share/locale/sr/LC_MESSAGES/sed.mo", "/usr/share/locale/sv/LC_MESSAGES/sed.mo", "/usr/share/locale/tr/LC_MESSAGES/sed.mo", "/usr/share/locale/uk/LC_MESSAGES/sed.mo", "/usr/share/locale/vi/LC_MESSAGES/sed.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/sed.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/sed.mo", "/usr/share/man/man1/sed.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "sqv@1.3.0-3+b2", "Name": "sqv", "Identifier": { "PURL": "pkg:deb/debian/sqv@1.3.0-3%2Bb2?arch=amd64\u0026distro=debian-13.5", "UID": "2bf11ffe79190750" }, "Version": "1.3.0", "Release": "3+b2", "Arch": "amd64", "SrcName": "rust-sequoia-sqv", "SrcVersion": "1.3.0", "SrcRelease": "3", "Licenses": [ "LGPL-2.0-or-later", "LGPL-2.0-only" ], "Maintainer": "Debian Rust Maintainers \u003cpkg-rust-maintainers@alioth-lists.debian.net\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libgcc-s1@14.2.0-19", "libgmp10@2:6.3.0+dfsg-3", "libhogweed6t64@3.10.1-1", "libnettle8t64@3.10.1-1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/sqv", "/usr/share/bash-completion/completions/sqv.bash", "/usr/share/doc/sqv/NEWS.gz", "/usr/share/doc/sqv/changelog.Debian.amd64.gz", "/usr/share/doc/sqv/changelog.Debian.gz", "/usr/share/doc/sqv/copyright", "/usr/share/fish/completions/sqv.fish", "/usr/share/man/man1/sqv.1.gz", "/usr/share/zsh/vendor-completions/_sqv" ], "AnalyzedBy": "dpkg" }, { "ID": "sysvinit-utils@3.14-4", "Name": "sysvinit-utils", "Identifier": { "PURL": "pkg:deb/debian/sysvinit-utils@3.14-4?arch=amd64\u0026distro=debian-13.5", "UID": "f7fb888c58ca826e" }, "Version": "3.14", "Release": "4", "Arch": "amd64", "SrcName": "sysvinit", "SrcVersion": "3.14", "SrcRelease": "4", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.1-or-later", "GPL-3.0-only", "GPL-2.0-only", "LGPL-2.1-only" ], "Maintainer": "Debian sysvinit maintainers \u003cdebian-init-diversity@chiark.greenend.org.uk\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/init/init-d-script", "/usr/lib/init/vars.sh", "/usr/lib/lsb/init-functions", "/usr/lib/lsb/init-functions.d/00-verbose", "/usr/sbin/fstab-decode", "/usr/sbin/killall5", "/usr/share/doc/sysvinit-utils/changelog.Debian.gz", "/usr/share/doc/sysvinit-utils/copyright", "/usr/share/man/man5/init-d-script.5.gz", "/usr/share/man/man8/fstab-decode.8.gz", "/usr/share/man/man8/killall5.8.gz", "/usr/share/man/man8/pidof.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "tar@1.35+dfsg-3.1", "Name": "tar", "Identifier": { "PURL": "pkg:deb/debian/tar@1.35%2Bdfsg-3.1?arch=amd64\u0026distro=debian-13.5", "UID": "4f69996c49afbaca" }, "Version": "1.35+dfsg", "Release": "3.1", "Arch": "amd64", "SrcName": "tar", "SrcVersion": "1.35+dfsg", "SrcRelease": "3.1", "Licenses": [ "GPL-3.0-or-later", "GPL-3.0-only", "GPL-3+ with Bison exception", "LGPL-2.1-or-later", "LGPL-2.1-only", "LGPL-3.0-or-later", "LGPL-3.0-only", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Janos Lenart \u003cocsi@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/tar", "/usr/lib/mime/packages/tar", "/usr/sbin/rmt-tar", "/usr/sbin/tarcat", "/usr/share/doc/tar/AUTHORS", "/usr/share/doc/tar/NEWS.gz", "/usr/share/doc/tar/README.Debian", "/usr/share/doc/tar/THANKS.gz", "/usr/share/doc/tar/changelog.1.gz", "/usr/share/doc/tar/changelog.Debian.gz", "/usr/share/doc/tar/changelog.gz", "/usr/share/doc/tar/copyright", "/usr/share/locale/bg/LC_MESSAGES/tar.mo", "/usr/share/locale/ca/LC_MESSAGES/tar.mo", "/usr/share/locale/cs/LC_MESSAGES/tar.mo", "/usr/share/locale/da/LC_MESSAGES/tar.mo", "/usr/share/locale/de/LC_MESSAGES/tar.mo", "/usr/share/locale/el/LC_MESSAGES/tar.mo", "/usr/share/locale/eo/LC_MESSAGES/tar.mo", "/usr/share/locale/es/LC_MESSAGES/tar.mo", "/usr/share/locale/et/LC_MESSAGES/tar.mo", "/usr/share/locale/eu/LC_MESSAGES/tar.mo", "/usr/share/locale/fi/LC_MESSAGES/tar.mo", "/usr/share/locale/fr/LC_MESSAGES/tar.mo", "/usr/share/locale/ga/LC_MESSAGES/tar.mo", "/usr/share/locale/gl/LC_MESSAGES/tar.mo", "/usr/share/locale/hr/LC_MESSAGES/tar.mo", "/usr/share/locale/hu/LC_MESSAGES/tar.mo", "/usr/share/locale/id/LC_MESSAGES/tar.mo", "/usr/share/locale/it/LC_MESSAGES/tar.mo", "/usr/share/locale/ja/LC_MESSAGES/tar.mo", "/usr/share/locale/ka/LC_MESSAGES/tar.mo", "/usr/share/locale/ko/LC_MESSAGES/tar.mo", "/usr/share/locale/ky/LC_MESSAGES/tar.mo", "/usr/share/locale/ms/LC_MESSAGES/tar.mo", "/usr/share/locale/nb/LC_MESSAGES/tar.mo", "/usr/share/locale/nl/LC_MESSAGES/tar.mo", "/usr/share/locale/pl/LC_MESSAGES/tar.mo", "/usr/share/locale/pt/LC_MESSAGES/tar.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/tar.mo", "/usr/share/locale/ro/LC_MESSAGES/tar.mo", "/usr/share/locale/ru/LC_MESSAGES/tar.mo", "/usr/share/locale/sk/LC_MESSAGES/tar.mo", "/usr/share/locale/sl/LC_MESSAGES/tar.mo", "/usr/share/locale/sr/LC_MESSAGES/tar.mo", "/usr/share/locale/sv/LC_MESSAGES/tar.mo", "/usr/share/locale/tr/LC_MESSAGES/tar.mo", "/usr/share/locale/uk/LC_MESSAGES/tar.mo", "/usr/share/locale/vi/LC_MESSAGES/tar.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/tar.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/tar.mo", "/usr/share/man/man1/tar.1.gz", "/usr/share/man/man1/tarcat.1.gz", "/usr/share/man/man8/rmt-tar.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "tzdata@2026b-0+deb13u1", "Name": "tzdata", "Identifier": { "PURL": "pkg:deb/debian/tzdata@2026b-0%2Bdeb13u1?arch=all\u0026distro=debian-13.5", "UID": "9e352e373d8245f0" }, "Version": "2026b", "Release": "0+deb13u1", "Arch": "all", "SrcName": "tzdata", "SrcVersion": "2026b", "SrcRelease": "0+deb13u1", "Licenses": [ "public-domain" ], "Maintainer": "GNU Libc Maintainers \u003cdebian-glibc@lists.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debconf@1.5.91" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/share/doc/tzdata/NEWS.Debian.gz", "/usr/share/doc/tzdata/README.Debian", "/usr/share/doc/tzdata/changelog.Debian.gz", "/usr/share/doc/tzdata/changelog.gz", "/usr/share/doc/tzdata/copyright", "/usr/share/lintian/overrides/tzdata", "/usr/share/zoneinfo/Africa/Abidjan", "/usr/share/zoneinfo/Africa/Accra", "/usr/share/zoneinfo/Africa/Addis_Ababa", "/usr/share/zoneinfo/Africa/Algiers", "/usr/share/zoneinfo/Africa/Asmara", "/usr/share/zoneinfo/Africa/Bamako", "/usr/share/zoneinfo/Africa/Bangui", "/usr/share/zoneinfo/Africa/Banjul", "/usr/share/zoneinfo/Africa/Bissau", "/usr/share/zoneinfo/Africa/Blantyre", "/usr/share/zoneinfo/Africa/Brazzaville", "/usr/share/zoneinfo/Africa/Bujumbura", "/usr/share/zoneinfo/Africa/Cairo", "/usr/share/zoneinfo/Africa/Casablanca", "/usr/share/zoneinfo/Africa/Ceuta", "/usr/share/zoneinfo/Africa/Conakry", "/usr/share/zoneinfo/Africa/Dakar", "/usr/share/zoneinfo/Africa/Dar_es_Salaam", "/usr/share/zoneinfo/Africa/Djibouti", "/usr/share/zoneinfo/Africa/Douala", "/usr/share/zoneinfo/Africa/El_Aaiun", "/usr/share/zoneinfo/Africa/Freetown", "/usr/share/zoneinfo/Africa/Gaborone", "/usr/share/zoneinfo/Africa/Harare", "/usr/share/zoneinfo/Africa/Johannesburg", "/usr/share/zoneinfo/Africa/Juba", "/usr/share/zoneinfo/Africa/Kampala", "/usr/share/zoneinfo/Africa/Khartoum", "/usr/share/zoneinfo/Africa/Kigali", "/usr/share/zoneinfo/Africa/Kinshasa", "/usr/share/zoneinfo/Africa/Lagos", "/usr/share/zoneinfo/Africa/Libreville", "/usr/share/zoneinfo/Africa/Lome", "/usr/share/zoneinfo/Africa/Luanda", "/usr/share/zoneinfo/Africa/Lubumbashi", "/usr/share/zoneinfo/Africa/Lusaka", "/usr/share/zoneinfo/Africa/Malabo", "/usr/share/zoneinfo/Africa/Maputo", "/usr/share/zoneinfo/Africa/Maseru", "/usr/share/zoneinfo/Africa/Mbabane", "/usr/share/zoneinfo/Africa/Mogadishu", "/usr/share/zoneinfo/Africa/Monrovia", "/usr/share/zoneinfo/Africa/Nairobi", "/usr/share/zoneinfo/Africa/Ndjamena", "/usr/share/zoneinfo/Africa/Niamey", "/usr/share/zoneinfo/Africa/Nouakchott", "/usr/share/zoneinfo/Africa/Ouagadougou", "/usr/share/zoneinfo/Africa/Porto-Novo", "/usr/share/zoneinfo/Africa/Sao_Tome", "/usr/share/zoneinfo/Africa/Tripoli", "/usr/share/zoneinfo/Africa/Tunis", "/usr/share/zoneinfo/Africa/Windhoek", "/usr/share/zoneinfo/America/Adak", "/usr/share/zoneinfo/America/Anchorage", "/usr/share/zoneinfo/America/Anguilla", "/usr/share/zoneinfo/America/Antigua", "/usr/share/zoneinfo/America/Araguaina", "/usr/share/zoneinfo/America/Argentina/Buenos_Aires", "/usr/share/zoneinfo/America/Argentina/Catamarca", "/usr/share/zoneinfo/America/Argentina/Cordoba", "/usr/share/zoneinfo/America/Argentina/Jujuy", "/usr/share/zoneinfo/America/Argentina/La_Rioja", "/usr/share/zoneinfo/America/Argentina/Mendoza", "/usr/share/zoneinfo/America/Argentina/Rio_Gallegos", "/usr/share/zoneinfo/America/Argentina/Salta", "/usr/share/zoneinfo/America/Argentina/San_Juan", "/usr/share/zoneinfo/America/Argentina/San_Luis", "/usr/share/zoneinfo/America/Argentina/Tucuman", "/usr/share/zoneinfo/America/Argentina/Ushuaia", "/usr/share/zoneinfo/America/Aruba", "/usr/share/zoneinfo/America/Asuncion", "/usr/share/zoneinfo/America/Atikokan", "/usr/share/zoneinfo/America/Bahia", "/usr/share/zoneinfo/America/Bahia_Banderas", "/usr/share/zoneinfo/America/Barbados", "/usr/share/zoneinfo/America/Belem", "/usr/share/zoneinfo/America/Belize", "/usr/share/zoneinfo/America/Blanc-Sablon", "/usr/share/zoneinfo/America/Boa_Vista", "/usr/share/zoneinfo/America/Bogota", "/usr/share/zoneinfo/America/Boise", "/usr/share/zoneinfo/America/Cambridge_Bay", "/usr/share/zoneinfo/America/Campo_Grande", "/usr/share/zoneinfo/America/Cancun", "/usr/share/zoneinfo/America/Caracas", "/usr/share/zoneinfo/America/Cayenne", "/usr/share/zoneinfo/America/Cayman", "/usr/share/zoneinfo/America/Chicago", "/usr/share/zoneinfo/America/Chihuahua", "/usr/share/zoneinfo/America/Ciudad_Juarez", "/usr/share/zoneinfo/America/Costa_Rica", "/usr/share/zoneinfo/America/Coyhaique", "/usr/share/zoneinfo/America/Creston", "/usr/share/zoneinfo/America/Cuiaba", "/usr/share/zoneinfo/America/Curacao", "/usr/share/zoneinfo/America/Danmarkshavn", "/usr/share/zoneinfo/America/Dawson", "/usr/share/zoneinfo/America/Dawson_Creek", "/usr/share/zoneinfo/America/Denver", "/usr/share/zoneinfo/America/Detroit", "/usr/share/zoneinfo/America/Dominica", "/usr/share/zoneinfo/America/Edmonton", "/usr/share/zoneinfo/America/Eirunepe", "/usr/share/zoneinfo/America/El_Salvador", "/usr/share/zoneinfo/America/Fort_Nelson", "/usr/share/zoneinfo/America/Fortaleza", "/usr/share/zoneinfo/America/Glace_Bay", "/usr/share/zoneinfo/America/Goose_Bay", "/usr/share/zoneinfo/America/Grand_Turk", "/usr/share/zoneinfo/America/Grenada", "/usr/share/zoneinfo/America/Guadeloupe", "/usr/share/zoneinfo/America/Guatemala", "/usr/share/zoneinfo/America/Guayaquil", "/usr/share/zoneinfo/America/Guyana", "/usr/share/zoneinfo/America/Halifax", "/usr/share/zoneinfo/America/Havana", "/usr/share/zoneinfo/America/Hermosillo", "/usr/share/zoneinfo/America/Indiana/Indianapolis", "/usr/share/zoneinfo/America/Indiana/Knox", "/usr/share/zoneinfo/America/Indiana/Marengo", "/usr/share/zoneinfo/America/Indiana/Petersburg", "/usr/share/zoneinfo/America/Indiana/Tell_City", "/usr/share/zoneinfo/America/Indiana/Vevay", "/usr/share/zoneinfo/America/Indiana/Vincennes", "/usr/share/zoneinfo/America/Indiana/Winamac", "/usr/share/zoneinfo/America/Inuvik", "/usr/share/zoneinfo/America/Iqaluit", "/usr/share/zoneinfo/America/Jamaica", "/usr/share/zoneinfo/America/Juneau", "/usr/share/zoneinfo/America/Kentucky/Louisville", "/usr/share/zoneinfo/America/Kentucky/Monticello", "/usr/share/zoneinfo/America/La_Paz", "/usr/share/zoneinfo/America/Lima", "/usr/share/zoneinfo/America/Los_Angeles", "/usr/share/zoneinfo/America/Maceio", "/usr/share/zoneinfo/America/Managua", "/usr/share/zoneinfo/America/Manaus", "/usr/share/zoneinfo/America/Martinique", "/usr/share/zoneinfo/America/Matamoros", "/usr/share/zoneinfo/America/Mazatlan", "/usr/share/zoneinfo/America/Menominee", "/usr/share/zoneinfo/America/Merida", "/usr/share/zoneinfo/America/Metlakatla", "/usr/share/zoneinfo/America/Mexico_City", "/usr/share/zoneinfo/America/Miquelon", "/usr/share/zoneinfo/America/Moncton", "/usr/share/zoneinfo/America/Monterrey", "/usr/share/zoneinfo/America/Montevideo", "/usr/share/zoneinfo/America/Montserrat", "/usr/share/zoneinfo/America/Nassau", "/usr/share/zoneinfo/America/New_York", "/usr/share/zoneinfo/America/Nome", "/usr/share/zoneinfo/America/Noronha", "/usr/share/zoneinfo/America/North_Dakota/Beulah", "/usr/share/zoneinfo/America/North_Dakota/Center", "/usr/share/zoneinfo/America/North_Dakota/New_Salem", "/usr/share/zoneinfo/America/Nuuk", "/usr/share/zoneinfo/America/Ojinaga", "/usr/share/zoneinfo/America/Panama", "/usr/share/zoneinfo/America/Paramaribo", "/usr/share/zoneinfo/America/Phoenix", "/usr/share/zoneinfo/America/Port-au-Prince", "/usr/share/zoneinfo/America/Port_of_Spain", "/usr/share/zoneinfo/America/Porto_Velho", "/usr/share/zoneinfo/America/Puerto_Rico", "/usr/share/zoneinfo/America/Punta_Arenas", "/usr/share/zoneinfo/America/Rankin_Inlet", "/usr/share/zoneinfo/America/Recife", "/usr/share/zoneinfo/America/Regina", "/usr/share/zoneinfo/America/Resolute", "/usr/share/zoneinfo/America/Rio_Branco", "/usr/share/zoneinfo/America/Santarem", "/usr/share/zoneinfo/America/Santiago", "/usr/share/zoneinfo/America/Santo_Domingo", "/usr/share/zoneinfo/America/Sao_Paulo", "/usr/share/zoneinfo/America/Scoresbysund", "/usr/share/zoneinfo/America/Sitka", "/usr/share/zoneinfo/America/St_Johns", "/usr/share/zoneinfo/America/St_Kitts", "/usr/share/zoneinfo/America/St_Lucia", "/usr/share/zoneinfo/America/St_Thomas", "/usr/share/zoneinfo/America/St_Vincent", "/usr/share/zoneinfo/America/Swift_Current", "/usr/share/zoneinfo/America/Tegucigalpa", "/usr/share/zoneinfo/America/Thule", "/usr/share/zoneinfo/America/Tijuana", "/usr/share/zoneinfo/America/Toronto", "/usr/share/zoneinfo/America/Tortola", "/usr/share/zoneinfo/America/Vancouver", "/usr/share/zoneinfo/America/Whitehorse", "/usr/share/zoneinfo/America/Winnipeg", "/usr/share/zoneinfo/America/Yakutat", "/usr/share/zoneinfo/Antarctica/Casey", "/usr/share/zoneinfo/Antarctica/Davis", "/usr/share/zoneinfo/Antarctica/DumontDUrville", "/usr/share/zoneinfo/Antarctica/Macquarie", "/usr/share/zoneinfo/Antarctica/Mawson", "/usr/share/zoneinfo/Antarctica/McMurdo", "/usr/share/zoneinfo/Antarctica/Palmer", "/usr/share/zoneinfo/Antarctica/Rothera", "/usr/share/zoneinfo/Antarctica/Syowa", "/usr/share/zoneinfo/Antarctica/Troll", "/usr/share/zoneinfo/Antarctica/Vostok", "/usr/share/zoneinfo/Asia/Aden", "/usr/share/zoneinfo/Asia/Almaty", "/usr/share/zoneinfo/Asia/Amman", "/usr/share/zoneinfo/Asia/Anadyr", "/usr/share/zoneinfo/Asia/Aqtau", "/usr/share/zoneinfo/Asia/Aqtobe", "/usr/share/zoneinfo/Asia/Ashgabat", "/usr/share/zoneinfo/Asia/Atyrau", "/usr/share/zoneinfo/Asia/Baghdad", "/usr/share/zoneinfo/Asia/Bahrain", "/usr/share/zoneinfo/Asia/Baku", "/usr/share/zoneinfo/Asia/Bangkok", "/usr/share/zoneinfo/Asia/Barnaul", "/usr/share/zoneinfo/Asia/Beirut", "/usr/share/zoneinfo/Asia/Bishkek", "/usr/share/zoneinfo/Asia/Brunei", "/usr/share/zoneinfo/Asia/Chita", "/usr/share/zoneinfo/Asia/Colombo", "/usr/share/zoneinfo/Asia/Damascus", "/usr/share/zoneinfo/Asia/Dhaka", "/usr/share/zoneinfo/Asia/Dili", "/usr/share/zoneinfo/Asia/Dubai", "/usr/share/zoneinfo/Asia/Dushanbe", "/usr/share/zoneinfo/Asia/Famagusta", "/usr/share/zoneinfo/Asia/Gaza", "/usr/share/zoneinfo/Asia/Hebron", "/usr/share/zoneinfo/Asia/Ho_Chi_Minh", "/usr/share/zoneinfo/Asia/Hong_Kong", "/usr/share/zoneinfo/Asia/Hovd", "/usr/share/zoneinfo/Asia/Irkutsk", "/usr/share/zoneinfo/Asia/Jakarta", "/usr/share/zoneinfo/Asia/Jayapura", "/usr/share/zoneinfo/Asia/Jerusalem", "/usr/share/zoneinfo/Asia/Kabul", "/usr/share/zoneinfo/Asia/Kamchatka", "/usr/share/zoneinfo/Asia/Karachi", "/usr/share/zoneinfo/Asia/Kathmandu", "/usr/share/zoneinfo/Asia/Khandyga", "/usr/share/zoneinfo/Asia/Kolkata", "/usr/share/zoneinfo/Asia/Krasnoyarsk", "/usr/share/zoneinfo/Asia/Kuala_Lumpur", "/usr/share/zoneinfo/Asia/Kuching", "/usr/share/zoneinfo/Asia/Kuwait", "/usr/share/zoneinfo/Asia/Macau", "/usr/share/zoneinfo/Asia/Magadan", "/usr/share/zoneinfo/Asia/Makassar", "/usr/share/zoneinfo/Asia/Manila", "/usr/share/zoneinfo/Asia/Muscat", "/usr/share/zoneinfo/Asia/Nicosia", "/usr/share/zoneinfo/Asia/Novokuznetsk", "/usr/share/zoneinfo/Asia/Novosibirsk", "/usr/share/zoneinfo/Asia/Omsk", "/usr/share/zoneinfo/Asia/Oral", "/usr/share/zoneinfo/Asia/Phnom_Penh", "/usr/share/zoneinfo/Asia/Pontianak", "/usr/share/zoneinfo/Asia/Pyongyang", "/usr/share/zoneinfo/Asia/Qatar", "/usr/share/zoneinfo/Asia/Qostanay", "/usr/share/zoneinfo/Asia/Qyzylorda", "/usr/share/zoneinfo/Asia/Riyadh", "/usr/share/zoneinfo/Asia/Sakhalin", "/usr/share/zoneinfo/Asia/Samarkand", "/usr/share/zoneinfo/Asia/Seoul", "/usr/share/zoneinfo/Asia/Shanghai", "/usr/share/zoneinfo/Asia/Singapore", "/usr/share/zoneinfo/Asia/Srednekolymsk", "/usr/share/zoneinfo/Asia/Taipei", "/usr/share/zoneinfo/Asia/Tashkent", "/usr/share/zoneinfo/Asia/Tbilisi", "/usr/share/zoneinfo/Asia/Tehran", "/usr/share/zoneinfo/Asia/Thimphu", "/usr/share/zoneinfo/Asia/Tokyo", "/usr/share/zoneinfo/Asia/Tomsk", "/usr/share/zoneinfo/Asia/Ulaanbaatar", "/usr/share/zoneinfo/Asia/Urumqi", "/usr/share/zoneinfo/Asia/Ust-Nera", "/usr/share/zoneinfo/Asia/Vientiane", "/usr/share/zoneinfo/Asia/Vladivostok", "/usr/share/zoneinfo/Asia/Yakutsk", "/usr/share/zoneinfo/Asia/Yangon", "/usr/share/zoneinfo/Asia/Yekaterinburg", "/usr/share/zoneinfo/Asia/Yerevan", "/usr/share/zoneinfo/Atlantic/Azores", "/usr/share/zoneinfo/Atlantic/Bermuda", "/usr/share/zoneinfo/Atlantic/Canary", "/usr/share/zoneinfo/Atlantic/Cape_Verde", "/usr/share/zoneinfo/Atlantic/Faroe", "/usr/share/zoneinfo/Atlantic/Madeira", "/usr/share/zoneinfo/Atlantic/Reykjavik", "/usr/share/zoneinfo/Atlantic/South_Georgia", "/usr/share/zoneinfo/Atlantic/St_Helena", "/usr/share/zoneinfo/Atlantic/Stanley", "/usr/share/zoneinfo/Australia/Adelaide", "/usr/share/zoneinfo/Australia/Brisbane", "/usr/share/zoneinfo/Australia/Broken_Hill", "/usr/share/zoneinfo/Australia/Darwin", "/usr/share/zoneinfo/Australia/Eucla", "/usr/share/zoneinfo/Australia/Hobart", "/usr/share/zoneinfo/Australia/Lindeman", "/usr/share/zoneinfo/Australia/Lord_Howe", "/usr/share/zoneinfo/Australia/Melbourne", "/usr/share/zoneinfo/Australia/Perth", "/usr/share/zoneinfo/Australia/Sydney", "/usr/share/zoneinfo/Etc/GMT", "/usr/share/zoneinfo/Etc/GMT+1", "/usr/share/zoneinfo/Etc/GMT+10", "/usr/share/zoneinfo/Etc/GMT+11", "/usr/share/zoneinfo/Etc/GMT+12", "/usr/share/zoneinfo/Etc/GMT+2", "/usr/share/zoneinfo/Etc/GMT+3", "/usr/share/zoneinfo/Etc/GMT+4", "/usr/share/zoneinfo/Etc/GMT+5", "/usr/share/zoneinfo/Etc/GMT+6", "/usr/share/zoneinfo/Etc/GMT+7", "/usr/share/zoneinfo/Etc/GMT+8", "/usr/share/zoneinfo/Etc/GMT+9", "/usr/share/zoneinfo/Etc/GMT-1", "/usr/share/zoneinfo/Etc/GMT-10", "/usr/share/zoneinfo/Etc/GMT-11", "/usr/share/zoneinfo/Etc/GMT-12", "/usr/share/zoneinfo/Etc/GMT-13", "/usr/share/zoneinfo/Etc/GMT-14", "/usr/share/zoneinfo/Etc/GMT-2", "/usr/share/zoneinfo/Etc/GMT-3", "/usr/share/zoneinfo/Etc/GMT-4", "/usr/share/zoneinfo/Etc/GMT-5", "/usr/share/zoneinfo/Etc/GMT-6", "/usr/share/zoneinfo/Etc/GMT-7", "/usr/share/zoneinfo/Etc/GMT-8", "/usr/share/zoneinfo/Etc/GMT-9", "/usr/share/zoneinfo/Etc/UTC", "/usr/share/zoneinfo/Europe/Amsterdam", "/usr/share/zoneinfo/Europe/Andorra", "/usr/share/zoneinfo/Europe/Astrakhan", "/usr/share/zoneinfo/Europe/Athens", "/usr/share/zoneinfo/Europe/Belgrade", "/usr/share/zoneinfo/Europe/Berlin", "/usr/share/zoneinfo/Europe/Brussels", "/usr/share/zoneinfo/Europe/Bucharest", "/usr/share/zoneinfo/Europe/Budapest", "/usr/share/zoneinfo/Europe/Chisinau", "/usr/share/zoneinfo/Europe/Copenhagen", "/usr/share/zoneinfo/Europe/Dublin", "/usr/share/zoneinfo/Europe/Gibraltar", "/usr/share/zoneinfo/Europe/Guernsey", "/usr/share/zoneinfo/Europe/Helsinki", "/usr/share/zoneinfo/Europe/Isle_of_Man", "/usr/share/zoneinfo/Europe/Istanbul", "/usr/share/zoneinfo/Europe/Jersey", "/usr/share/zoneinfo/Europe/Kaliningrad", "/usr/share/zoneinfo/Europe/Kirov", "/usr/share/zoneinfo/Europe/Kyiv", "/usr/share/zoneinfo/Europe/Lisbon", "/usr/share/zoneinfo/Europe/Ljubljana", "/usr/share/zoneinfo/Europe/London", "/usr/share/zoneinfo/Europe/Luxembourg", "/usr/share/zoneinfo/Europe/Madrid", "/usr/share/zoneinfo/Europe/Malta", "/usr/share/zoneinfo/Europe/Minsk", "/usr/share/zoneinfo/Europe/Monaco", "/usr/share/zoneinfo/Europe/Moscow", "/usr/share/zoneinfo/Europe/Oslo", "/usr/share/zoneinfo/Europe/Paris", "/usr/share/zoneinfo/Europe/Prague", "/usr/share/zoneinfo/Europe/Riga", "/usr/share/zoneinfo/Europe/Rome", "/usr/share/zoneinfo/Europe/Samara", "/usr/share/zoneinfo/Europe/Sarajevo", "/usr/share/zoneinfo/Europe/Saratov", "/usr/share/zoneinfo/Europe/Simferopol", "/usr/share/zoneinfo/Europe/Skopje", "/usr/share/zoneinfo/Europe/Sofia", "/usr/share/zoneinfo/Europe/Stockholm", "/usr/share/zoneinfo/Europe/Tallinn", "/usr/share/zoneinfo/Europe/Tirane", "/usr/share/zoneinfo/Europe/Ulyanovsk", "/usr/share/zoneinfo/Europe/Vaduz", "/usr/share/zoneinfo/Europe/Vienna", "/usr/share/zoneinfo/Europe/Vilnius", "/usr/share/zoneinfo/Europe/Volgograd", "/usr/share/zoneinfo/Europe/Warsaw", "/usr/share/zoneinfo/Europe/Zagreb", "/usr/share/zoneinfo/Europe/Zurich", "/usr/share/zoneinfo/Factory", "/usr/share/zoneinfo/Indian/Antananarivo", "/usr/share/zoneinfo/Indian/Chagos", "/usr/share/zoneinfo/Indian/Christmas", "/usr/share/zoneinfo/Indian/Cocos", "/usr/share/zoneinfo/Indian/Comoro", "/usr/share/zoneinfo/Indian/Kerguelen", "/usr/share/zoneinfo/Indian/Mahe", "/usr/share/zoneinfo/Indian/Maldives", "/usr/share/zoneinfo/Indian/Mauritius", "/usr/share/zoneinfo/Indian/Mayotte", "/usr/share/zoneinfo/Indian/Reunion", "/usr/share/zoneinfo/Pacific/Apia", "/usr/share/zoneinfo/Pacific/Auckland", "/usr/share/zoneinfo/Pacific/Bougainville", "/usr/share/zoneinfo/Pacific/Chatham", "/usr/share/zoneinfo/Pacific/Chuuk", "/usr/share/zoneinfo/Pacific/Easter", "/usr/share/zoneinfo/Pacific/Efate", "/usr/share/zoneinfo/Pacific/Fakaofo", "/usr/share/zoneinfo/Pacific/Fiji", "/usr/share/zoneinfo/Pacific/Funafuti", "/usr/share/zoneinfo/Pacific/Galapagos", "/usr/share/zoneinfo/Pacific/Gambier", "/usr/share/zoneinfo/Pacific/Guadalcanal", "/usr/share/zoneinfo/Pacific/Guam", "/usr/share/zoneinfo/Pacific/Honolulu", "/usr/share/zoneinfo/Pacific/Kanton", "/usr/share/zoneinfo/Pacific/Kiritimati", "/usr/share/zoneinfo/Pacific/Kosrae", "/usr/share/zoneinfo/Pacific/Kwajalein", "/usr/share/zoneinfo/Pacific/Majuro", "/usr/share/zoneinfo/Pacific/Marquesas", "/usr/share/zoneinfo/Pacific/Midway", "/usr/share/zoneinfo/Pacific/Nauru", "/usr/share/zoneinfo/Pacific/Niue", "/usr/share/zoneinfo/Pacific/Norfolk", "/usr/share/zoneinfo/Pacific/Noumea", "/usr/share/zoneinfo/Pacific/Pago_Pago", "/usr/share/zoneinfo/Pacific/Palau", "/usr/share/zoneinfo/Pacific/Pitcairn", "/usr/share/zoneinfo/Pacific/Pohnpei", "/usr/share/zoneinfo/Pacific/Port_Moresby", "/usr/share/zoneinfo/Pacific/Rarotonga", "/usr/share/zoneinfo/Pacific/Saipan", "/usr/share/zoneinfo/Pacific/Tahiti", "/usr/share/zoneinfo/Pacific/Tarawa", "/usr/share/zoneinfo/Pacific/Tongatapu", "/usr/share/zoneinfo/Pacific/Wake", "/usr/share/zoneinfo/Pacific/Wallis", "/usr/share/zoneinfo/iso3166.tab", "/usr/share/zoneinfo/leap-seconds.list", "/usr/share/zoneinfo/leapseconds", "/usr/share/zoneinfo/tzdata.zi", "/usr/share/zoneinfo/zone.tab", "/usr/share/zoneinfo/zone1970.tab", "/usr/share/zoneinfo/zonenow.tab" ], "AnalyzedBy": "dpkg" }, { "ID": "util-linux@2.41-5", "Name": "util-linux", "Identifier": { "PURL": "pkg:deb/debian/util-linux@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "972fb85b9c9e83e7" }, "Version": "2.41", "Release": "5", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/choom", "/usr/bin/chrt", "/usr/bin/dmesg", "/usr/bin/fallocate", "/usr/bin/findmnt", "/usr/bin/flock", "/usr/bin/getopt", "/usr/bin/hardlink", "/usr/bin/ionice", "/usr/bin/ipcmk", "/usr/bin/ipcrm", "/usr/bin/ipcs", "/usr/bin/lsblk", "/usr/bin/lscpu", "/usr/bin/lsipc", "/usr/bin/lslocks", "/usr/bin/lslogins", "/usr/bin/lsmem", "/usr/bin/lsns", "/usr/bin/mcookie", "/usr/bin/more", "/usr/bin/mountpoint", "/usr/bin/namei", "/usr/bin/nsenter", "/usr/bin/partx", "/usr/bin/prlimit", "/usr/bin/rename.ul", "/usr/bin/rev", "/usr/bin/setarch", "/usr/bin/setpriv", "/usr/bin/setsid", "/usr/bin/setterm", "/usr/bin/su", "/usr/bin/taskset", "/usr/bin/uclampset", "/usr/bin/unshare", "/usr/bin/wdctl", "/usr/bin/whereis", "/usr/lib/mime/packages/util-linux", "/usr/lib/systemd/system/fstrim.service", "/usr/lib/systemd/system/fstrim.timer", "/usr/sbin/agetty", "/usr/sbin/blkdiscard", "/usr/sbin/blkid", "/usr/sbin/blkzone", "/usr/sbin/blockdev", "/usr/sbin/chcpu", "/usr/sbin/chmem", "/usr/sbin/findfs", "/usr/sbin/fsck", "/usr/sbin/fsfreeze", "/usr/sbin/fstrim", "/usr/sbin/isosize", "/usr/sbin/ldattach", "/usr/sbin/mkfs", "/usr/sbin/mkswap", "/usr/sbin/pivot_root", "/usr/sbin/readprofile", "/usr/sbin/rtcwake", "/usr/sbin/runuser", "/usr/sbin/sulogin", "/usr/sbin/swaplabel", "/usr/sbin/switch_root", "/usr/sbin/wipefs", "/usr/sbin/zramctl", "/usr/share/bash-completion/completions/blkdiscard", "/usr/share/bash-completion/completions/blkid", "/usr/share/bash-completion/completions/blkzone", "/usr/share/bash-completion/completions/blockdev", "/usr/share/bash-completion/completions/chcpu", "/usr/share/bash-completion/completions/chmem", "/usr/share/bash-completion/completions/chrt", "/usr/share/bash-completion/completions/dmesg", "/usr/share/bash-completion/completions/fallocate", "/usr/share/bash-completion/completions/findfs", "/usr/share/bash-completion/completions/findmnt", "/usr/share/bash-completion/completions/flock", "/usr/share/bash-completion/completions/fsck", "/usr/share/bash-completion/completions/fsfreeze", "/usr/share/bash-completion/completions/fstrim", "/usr/share/bash-completion/completions/getopt", "/usr/share/bash-completion/completions/hardlink", "/usr/share/bash-completion/completions/ionice", "/usr/share/bash-completion/completions/ipcmk", "/usr/share/bash-completion/completions/ipcrm", "/usr/share/bash-completion/completions/ipcs", "/usr/share/bash-completion/completions/isosize", "/usr/share/bash-completion/completions/ldattach", "/usr/share/bash-completion/completions/lsblk", "/usr/share/bash-completion/completions/lscpu", "/usr/share/bash-completion/completions/lsipc", "/usr/share/bash-completion/completions/lslocks", "/usr/share/bash-completion/completions/lslogins", "/usr/share/bash-completion/completions/lsmem", "/usr/share/bash-completion/completions/lsns", "/usr/share/bash-completion/completions/mcookie", "/usr/share/bash-completion/completions/mkfs", "/usr/share/bash-completion/completions/mkswap", "/usr/share/bash-completion/completions/more", "/usr/share/bash-completion/completions/mountpoint", "/usr/share/bash-completion/completions/namei", "/usr/share/bash-completion/completions/nsenter", "/usr/share/bash-completion/completions/partx", "/usr/share/bash-completion/completions/pivot_root", "/usr/share/bash-completion/completions/prlimit", "/usr/share/bash-completion/completions/readprofile", "/usr/share/bash-completion/completions/rename.ul", "/usr/share/bash-completion/completions/rev", "/usr/share/bash-completion/completions/rtcwake", "/usr/share/bash-completion/completions/setarch", "/usr/share/bash-completion/completions/setpriv", "/usr/share/bash-completion/completions/setsid", "/usr/share/bash-completion/completions/setterm", "/usr/share/bash-completion/completions/su", "/usr/share/bash-completion/completions/swaplabel", "/usr/share/bash-completion/completions/taskset", "/usr/share/bash-completion/completions/uclampset", "/usr/share/bash-completion/completions/unshare", "/usr/share/bash-completion/completions/wdctl", "/usr/share/bash-completion/completions/whereis", "/usr/share/bash-completion/completions/wipefs", "/usr/share/bash-completion/completions/zramctl", "/usr/share/doc/util-linux/00-about-docs.txt", "/usr/share/doc/util-linux/AUTHORS.gz", "/usr/share/doc/util-linux/NEWS.Debian.gz", "/usr/share/doc/util-linux/PAM-configuration.txt", "/usr/share/doc/util-linux/README.Debian", "/usr/share/doc/util-linux/blkid.txt", "/usr/share/doc/util-linux/cal.txt", "/usr/share/doc/util-linux/changelog.Debian.gz", "/usr/share/doc/util-linux/changelog.gz", "/usr/share/doc/util-linux/col.txt", "/usr/share/doc/util-linux/copyright", "/usr/share/doc/util-linux/deprecated.txt", "/usr/share/doc/util-linux/examples/getopt-example.bash", "/usr/share/doc/util-linux/getopt.txt", "/usr/share/doc/util-linux/getopt_changelog.txt", "/usr/share/doc/util-linux/howto-build-sys.txt", "/usr/share/doc/util-linux/howto-compilation.txt", "/usr/share/doc/util-linux/howto-contribute.txt.gz", "/usr/share/doc/util-linux/howto-debug.txt", "/usr/share/doc/util-linux/howto-man-page.txt", "/usr/share/doc/util-linux/howto-pull-request.txt.gz", "/usr/share/doc/util-linux/howto-tests.txt", "/usr/share/doc/util-linux/howto-usage-function.txt.gz", "/usr/share/doc/util-linux/hwclock.txt", "/usr/share/doc/util-linux/modems-with-agetty.txt", "/usr/share/doc/util-linux/mount.txt", "/usr/share/doc/util-linux/parse-date.txt.gz", "/usr/share/doc/util-linux/pg.txt", "/usr/share/doc/util-linux/poeigl.txt.gz", "/usr/share/doc/util-linux/release-schedule.txt", "/usr/share/doc/util-linux/releases/v2.13-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.14-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.15-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.16-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.17-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.18-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.19-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.20-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.21-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.22-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.23-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.24-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.25-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.26-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.27-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.28-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.29-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.30-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.31-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.32-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.33-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.34-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.35-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.36-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.37-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.38-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.39-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.40-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.41-ReleaseNotes.gz", "/usr/share/lintian/overrides/util-linux", "/usr/share/man/man1/choom.1.gz", "/usr/share/man/man1/chrt.1.gz", "/usr/share/man/man1/dmesg.1.gz", "/usr/share/man/man1/fallocate.1.gz", "/usr/share/man/man1/flock.1.gz", "/usr/share/man/man1/getopt.1.gz", "/usr/share/man/man1/hardlink.1.gz", "/usr/share/man/man1/ionice.1.gz", "/usr/share/man/man1/ipcmk.1.gz", "/usr/share/man/man1/ipcrm.1.gz", "/usr/share/man/man1/ipcs.1.gz", "/usr/share/man/man1/lscpu.1.gz", "/usr/share/man/man1/lsipc.1.gz", "/usr/share/man/man1/lslogins.1.gz", "/usr/share/man/man1/lsmem.1.gz", "/usr/share/man/man1/mcookie.1.gz", "/usr/share/man/man1/more.1.gz", "/usr/share/man/man1/mountpoint.1.gz", "/usr/share/man/man1/namei.1.gz", "/usr/share/man/man1/nsenter.1.gz", "/usr/share/man/man1/prlimit.1.gz", "/usr/share/man/man1/rename.ul.1.gz", "/usr/share/man/man1/rev.1.gz", "/usr/share/man/man1/runuser.1.gz", "/usr/share/man/man1/setpriv.1.gz", "/usr/share/man/man1/setsid.1.gz", "/usr/share/man/man1/setterm.1.gz", "/usr/share/man/man1/su.1.gz", "/usr/share/man/man1/taskset.1.gz", "/usr/share/man/man1/uclampset.1.gz", "/usr/share/man/man1/unshare.1.gz", "/usr/share/man/man1/whereis.1.gz", "/usr/share/man/man5/adjtime_config.5.gz", "/usr/share/man/man5/scols-filter.5.gz", "/usr/share/man/man5/terminal-colors.d.5.gz", "/usr/share/man/man8/agetty.8.gz", "/usr/share/man/man8/blkdiscard.8.gz", "/usr/share/man/man8/blkid.8.gz", "/usr/share/man/man8/blkzone.8.gz", "/usr/share/man/man8/blockdev.8.gz", "/usr/share/man/man8/chcpu.8.gz", "/usr/share/man/man8/chmem.8.gz", "/usr/share/man/man8/findfs.8.gz", "/usr/share/man/man8/findmnt.8.gz", "/usr/share/man/man8/fsck.8.gz", "/usr/share/man/man8/fsfreeze.8.gz", "/usr/share/man/man8/fstrim.8.gz", "/usr/share/man/man8/isosize.8.gz", "/usr/share/man/man8/ldattach.8.gz", "/usr/share/man/man8/lsblk.8.gz", "/usr/share/man/man8/lslocks.8.gz", "/usr/share/man/man8/lsns.8.gz", "/usr/share/man/man8/mkfs.8.gz", "/usr/share/man/man8/mkswap.8.gz", "/usr/share/man/man8/partx.8.gz", "/usr/share/man/man8/pivot_root.8.gz", "/usr/share/man/man8/readprofile.8.gz", "/usr/share/man/man8/rtcwake.8.gz", "/usr/share/man/man8/setarch.8.gz", "/usr/share/man/man8/sulogin.8.gz", "/usr/share/man/man8/swaplabel.8.gz", "/usr/share/man/man8/switch_root.8.gz", "/usr/share/man/man8/wdctl.8.gz", "/usr/share/man/man8/wipefs.8.gz", "/usr/share/man/man8/zramctl.8.gz", "/usr/share/util-linux/logcheck/ignore.d.server/util-linux" ], "AnalyzedBy": "dpkg" }, { "ID": "zlib1g@1:1.3.dfsg+really1.3.1-1+b1", "Name": "zlib1g", "Identifier": { "PURL": "pkg:deb/debian/zlib1g@1.3.dfsg%2Breally1.3.1-1%2Bb1?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "ff182eb2a26a8142" }, "Version": "1.3.dfsg+really1.3.1", "Release": "1+b1", "Epoch": 1, "Arch": "amd64", "SrcName": "zlib", "SrcVersion": "1.3.dfsg+really1.3.1", "SrcRelease": "1", "SrcEpoch": 1, "Licenses": [ "Zlib" ], "Maintainer": "Mark Brown \u003cbroonie@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libz.so.1.3.1", "/usr/share/doc/zlib1g/changelog.Debian.amd64.gz", "/usr/share/doc/zlib1g/changelog.Debian.gz", "/usr/share/doc/zlib1g/changelog.gz", "/usr/share/doc/zlib1g/copyright" ], "AnalyzedBy": "dpkg" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2026-27456", "PkgID": "bsdutils@1:2.41-5", "PkgName": "bsdutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/bsdutils@2.41-5?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "5843733a461e6ce1" }, "InstalledVersion": "1:2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:48d45065fd36f9b29605ea9e40dcda4160994ad29bfaa13740de33043026e270", "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59", "CWE-269", "CWE-367" ], "VendorSeverity": { "azure": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27456", "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "https://www.cve.org/CVERecord?id=CVE-2026-27456" ], "PublishedDate": "2026-04-03T22:16:25.4Z", "LastModifiedDate": "2026-04-22T16:08:55.1Z" }, { "VulnerabilityID": "CVE-2026-3184", "PkgID": "bsdutils@1:2.41-5", "PkgName": "bsdutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/bsdutils@2.41-5?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "5843733a461e6ce1" }, "InstalledVersion": "1:2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:24958e6e74e26b300133f285c228b9f461b52b95614b7a6a11a8c375f56fd1ad", "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", "Severity": "MEDIUM", "CweIDs": [ "CWE-289" ], "VendorSeverity": { "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7180", "https://access.redhat.com/security/cve/CVE-2026-3184", "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", "https://www.cve.org/CVERecord?id=CVE-2026-3184" ], "PublishedDate": "2026-04-03T19:17:23.377Z", "LastModifiedDate": "2026-05-01T19:29:51.02Z" }, { "VulnerabilityID": "CVE-2026-27456", "PkgID": "libblkid1@2.41-5", "PkgName": "libblkid1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libblkid1@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "51bf0af8d40f4a01" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:208d533fb99315acb62e1e9ea4784a159117a77fde3e0e2ecd946a623ec63e05", "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59", "CWE-269", "CWE-367" ], "VendorSeverity": { "azure": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27456", "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "https://www.cve.org/CVERecord?id=CVE-2026-27456" ], "PublishedDate": "2026-04-03T22:16:25.4Z", "LastModifiedDate": "2026-04-22T16:08:55.1Z" }, { "VulnerabilityID": "CVE-2026-3184", "PkgID": "libblkid1@2.41-5", "PkgName": "libblkid1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libblkid1@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "51bf0af8d40f4a01" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:6c64f70629ab0593fa1bf5c32fccbdd6becc9bd93e29919dad32d10e21c7b220", "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", "Severity": "MEDIUM", "CweIDs": [ "CWE-289" ], "VendorSeverity": { "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7180", "https://access.redhat.com/security/cve/CVE-2026-3184", "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", "https://www.cve.org/CVERecord?id=CVE-2026-3184" ], "PublishedDate": "2026-04-03T19:17:23.377Z", "LastModifiedDate": "2026-05-01T19:29:51.02Z" }, { "VulnerabilityID": "CVE-2026-5435", "PkgID": "libc-bin@2.41-12+deb13u3", "PkgName": "libc-bin", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc-bin@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", "UID": "c45af597301c8c0b" }, "InstalledVersion": "2.41-12+deb13u3", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5435", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:b3629142443e8ebf9958830b2ca46a0923ef41f10d95ed80964f96f8d430d6fb", "Title": "glibc: glibc: Out-of-bounds write via TSIG record processing", "Description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-5435", "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2026-5435", "https://sourceware.org/bugzilla/show_bug.cgi?id=34033", "https://www.cve.org/CVERecord?id=CVE-2026-5435" ], "PublishedDate": "2026-04-28T13:19:22.29Z", "LastModifiedDate": "2026-05-05T17:38:37.03Z" }, { "VulnerabilityID": "CVE-2026-5450", "PkgID": "libc-bin@2.41-12+deb13u3", "PkgName": "libc-bin", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc-bin@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", "UID": "c45af597301c8c0b" }, "InstalledVersion": "2.41-12+deb13u3", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5450", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:6b2c53bb9c79464e2f0dec6316df2631ed75aa71b95b1f19e5ac05de11c9f099", "Title": "glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width", "Description": "Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.", "Severity": "MEDIUM", "CweIDs": [ "CWE-122", "CWE-787" ], "VendorSeverity": { "photon": 4, "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H", "V3Score": 5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-5450", "https://inbox.sourceware.org/libc-announce/b11f0003-6ec1-4bd6-b9de-9e38a4efeca3@redhat.com/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2026-5450", "https://nvd.nist.gov/vuln/detail/CVE-2026-5450#range-21286997", "https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450", "https://www.cve.org/CVERecord?id=CVE-2026-5450" ], "PublishedDate": "2026-04-20T21:16:36.85Z", "LastModifiedDate": "2026-04-23T15:33:34.277Z" }, { "VulnerabilityID": "CVE-2026-5928", "PkgID": "libc-bin@2.41-12+deb13u3", "PkgName": "libc-bin", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc-bin@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", "UID": "c45af597301c8c0b" }, "InstalledVersion": "2.41-12+deb13u3", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5928", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:f30717acc188a932e74e113d90b2fa1d0d6e93472dc89eaa63e3d2f7bb298274", "Title": "glibc: glibc: Information disclosure or denial of service via ungetwc function with specific wide character encodings", "Description": "Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially resulting in unintentional disclosure of neighboring data in the heap, or a program crash.\n\nA bug in the wide character pushback implementation (_IO_wdefault_pbackfail in libio/wgenops.c) causes ungetwc() to operate on the regular character buffer (fp-\u003e_IO_read_ptr) instead of the actual wide-stream read pointer (fp-\u003e_wide_data-\u003e_IO_read_ptr). The program crash may happen in cases where fp-\u003e_IO_read_ptr is not initialized and hence points to NULL. The buffer under-read requires a special situation where the input character encoding is such that there are overlaps between single byte representations and multibyte representations in that encoding, resulting in spurious matches. The spurious match case is not possible in the standard Unicode character sets.", "Severity": "MEDIUM", "CweIDs": [ "CWE-127" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H", "V3Score": 5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-5928", "https://nvd.nist.gov/vuln/detail/CVE-2026-5928", "https://sourceware.org/bugzilla/show_bug.cgi?id=33998", "https://www.cve.org/CVERecord?id=CVE-2026-5928" ], "PublishedDate": "2026-04-20T21:16:36.963Z", "LastModifiedDate": "2026-04-23T15:33:43.69Z" }, { "VulnerabilityID": "CVE-2026-6238", "PkgID": "libc-bin@2.41-12+deb13u3", "PkgName": "libc-bin", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc-bin@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", "UID": "c45af597301c8c0b" }, "InstalledVersion": "2.41-12+deb13u3", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6238", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:5632cb45b00790fcb54577cca57d9deadf8594b579bad2da7b4c9523a96e7e17", "Title": "glibc: glibc: Application crash or uninitialized memory read via crafted DNS response", "Description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory.\n\nThese functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions.", "Severity": "MEDIUM", "CweIDs": [ "CWE-126" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-6238", "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2026-6238", "https://sourceware.org/bugzilla/show_bug.cgi?id=34069", "https://www.cve.org/CVERecord?id=CVE-2026-6238" ], "PublishedDate": "2026-04-28T19:37:47.523Z", "LastModifiedDate": "2026-05-04T17:57:24.007Z" }, { "VulnerabilityID": "CVE-2026-5435", "PkgID": "libc6@2.41-12+deb13u3", "PkgName": "libc6", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", "UID": "2a1acf211abcdd46" }, "InstalledVersion": "2.41-12+deb13u3", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5435", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:5a8735a67c5528254a880003379960bf48d334877ea38796a8e0a0d0fc196082", "Title": "glibc: glibc: Out-of-bounds write via TSIG record processing", "Description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-5435", "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2026-5435", "https://sourceware.org/bugzilla/show_bug.cgi?id=34033", "https://www.cve.org/CVERecord?id=CVE-2026-5435" ], "PublishedDate": "2026-04-28T13:19:22.29Z", "LastModifiedDate": "2026-05-05T17:38:37.03Z" }, { "VulnerabilityID": "CVE-2026-5450", "PkgID": "libc6@2.41-12+deb13u3", "PkgName": "libc6", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", "UID": "2a1acf211abcdd46" }, "InstalledVersion": "2.41-12+deb13u3", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5450", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:557af5ca4f16b799113e71a4c02df0775e2633618c3da39aa59d62a9c9cb9173", "Title": "glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width", "Description": "Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.", "Severity": "MEDIUM", "CweIDs": [ "CWE-122", "CWE-787" ], "VendorSeverity": { "photon": 4, "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H", "V3Score": 5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-5450", "https://inbox.sourceware.org/libc-announce/b11f0003-6ec1-4bd6-b9de-9e38a4efeca3@redhat.com/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2026-5450", "https://nvd.nist.gov/vuln/detail/CVE-2026-5450#range-21286997", "https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450", "https://www.cve.org/CVERecord?id=CVE-2026-5450" ], "PublishedDate": "2026-04-20T21:16:36.85Z", "LastModifiedDate": "2026-04-23T15:33:34.277Z" }, { "VulnerabilityID": "CVE-2026-5928", "PkgID": "libc6@2.41-12+deb13u3", "PkgName": "libc6", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", "UID": "2a1acf211abcdd46" }, "InstalledVersion": "2.41-12+deb13u3", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5928", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:2c364f60364adcd795282d836c525d2d9580ff33848aaacc76918b133bd782c6", "Title": "glibc: glibc: Information disclosure or denial of service via ungetwc function with specific wide character encodings", "Description": "Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially resulting in unintentional disclosure of neighboring data in the heap, or a program crash.\n\nA bug in the wide character pushback implementation (_IO_wdefault_pbackfail in libio/wgenops.c) causes ungetwc() to operate on the regular character buffer (fp-\u003e_IO_read_ptr) instead of the actual wide-stream read pointer (fp-\u003e_wide_data-\u003e_IO_read_ptr). The program crash may happen in cases where fp-\u003e_IO_read_ptr is not initialized and hence points to NULL. The buffer under-read requires a special situation where the input character encoding is such that there are overlaps between single byte representations and multibyte representations in that encoding, resulting in spurious matches. The spurious match case is not possible in the standard Unicode character sets.", "Severity": "MEDIUM", "CweIDs": [ "CWE-127" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H", "V3Score": 5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-5928", "https://nvd.nist.gov/vuln/detail/CVE-2026-5928", "https://sourceware.org/bugzilla/show_bug.cgi?id=33998", "https://www.cve.org/CVERecord?id=CVE-2026-5928" ], "PublishedDate": "2026-04-20T21:16:36.963Z", "LastModifiedDate": "2026-04-23T15:33:43.69Z" }, { "VulnerabilityID": "CVE-2026-6238", "PkgID": "libc6@2.41-12+deb13u3", "PkgName": "libc6", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", "UID": "2a1acf211abcdd46" }, "InstalledVersion": "2.41-12+deb13u3", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6238", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:f1e6150153fa20a27fd1d8c7890a10aadb565bbcd41c56c6354bff22c2b98a0d", "Title": "glibc: glibc: Application crash or uninitialized memory read via crafted DNS response", "Description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory.\n\nThese functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions.", "Severity": "MEDIUM", "CweIDs": [ "CWE-126" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-6238", "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2026-6238", "https://sourceware.org/bugzilla/show_bug.cgi?id=34069", "https://www.cve.org/CVERecord?id=CVE-2026-6238" ], "PublishedDate": "2026-04-28T19:37:47.523Z", "LastModifiedDate": "2026-05-04T17:57:24.007Z" }, { "VulnerabilityID": "CVE-2026-27456", "PkgID": "liblastlog2-2@2.41-5", "PkgName": "liblastlog2-2", "PkgIdentifier": { "PURL": "pkg:deb/debian/liblastlog2-2@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "eb4f5430aea34a10" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:3c38d5dfebf43ad288b31d346954f63e024106bb02129276cf89249a8daa3c0f", "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59", "CWE-269", "CWE-367" ], "VendorSeverity": { "azure": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27456", "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "https://www.cve.org/CVERecord?id=CVE-2026-27456" ], "PublishedDate": "2026-04-03T22:16:25.4Z", "LastModifiedDate": "2026-04-22T16:08:55.1Z" }, { "VulnerabilityID": "CVE-2026-3184", "PkgID": "liblastlog2-2@2.41-5", "PkgName": "liblastlog2-2", "PkgIdentifier": { "PURL": "pkg:deb/debian/liblastlog2-2@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "eb4f5430aea34a10" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:f130dbdbae22fc4b1c7349d3a6714730f734e338f00e4a9b128e1b73962b3876", "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", "Severity": "MEDIUM", "CweIDs": [ "CWE-289" ], "VendorSeverity": { "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7180", "https://access.redhat.com/security/cve/CVE-2026-3184", "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", "https://www.cve.org/CVERecord?id=CVE-2026-3184" ], "PublishedDate": "2026-04-03T19:17:23.377Z", "LastModifiedDate": "2026-05-01T19:29:51.02Z" }, { "VulnerabilityID": "CVE-2026-34743", "PkgID": "liblzma5@5.8.1-1", "PkgName": "liblzma5", "PkgIdentifier": { "PURL": "pkg:deb/debian/liblzma5@5.8.1-1?arch=amd64\u0026distro=debian-13.5", "UID": "d7b58e04f1a265ed" }, "InstalledVersion": "5.8.1-1", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34743", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:60084a3cd4b884c5709e460ec100a32d128b23729546865106a2cb844f42456a", "Title": "xz: XZ Utils: Denial of Service via buffer overflow in index decoding", "Description": "XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.", "Severity": "MEDIUM", "CweIDs": [ "CWE-122" ], "VendorSeverity": { "azure": 1, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/31/13", "https://access.redhat.com/security/cve/CVE-2026-34743", "https://github.com/tukaani-project/xz/commit/c8c22869e780ff57c96b46939c3d79ff99395f87", "https://github.com/tukaani-project/xz/releases/tag/v5.8.3", "https://github.com/tukaani-project/xz/security/advisories/GHSA-x872-m794-cxhv", "https://nvd.nist.gov/vuln/detail/CVE-2026-34743", "https://www.cve.org/CVERecord?id=CVE-2026-34743" ], "PublishedDate": "2026-04-02T19:21:33.187Z", "LastModifiedDate": "2026-04-15T17:33:17.68Z" }, { "VulnerabilityID": "CVE-2026-27456", "PkgID": "libmount1@2.41-5", "PkgName": "libmount1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libmount1@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "84ccd0371833b76" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:367889648a8f344f1a26014bcfac03328b7ecb97ca9ef56d880e8bae4c4eb2b3", "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59", "CWE-269", "CWE-367" ], "VendorSeverity": { "azure": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27456", "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "https://www.cve.org/CVERecord?id=CVE-2026-27456" ], "PublishedDate": "2026-04-03T22:16:25.4Z", "LastModifiedDate": "2026-04-22T16:08:55.1Z" }, { "VulnerabilityID": "CVE-2026-3184", "PkgID": "libmount1@2.41-5", "PkgName": "libmount1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libmount1@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "84ccd0371833b76" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:f77fd9fe2df1096b0a48c53a57120f7cc957a8ccc6427a72d98ff72f8cb90b79", "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", "Severity": "MEDIUM", "CweIDs": [ "CWE-289" ], "VendorSeverity": { "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7180", "https://access.redhat.com/security/cve/CVE-2026-3184", "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", "https://www.cve.org/CVERecord?id=CVE-2026-3184" ], "PublishedDate": "2026-04-03T19:17:23.377Z", "LastModifiedDate": "2026-05-01T19:29:51.02Z" }, { "VulnerabilityID": "CVE-2025-69720", "PkgID": "libncursesw6@6.5+20250216-2", "PkgName": "libncursesw6", "PkgIdentifier": { "PURL": "pkg:deb/debian/libncursesw6@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.5", "UID": "5efa2a2068c240d8" }, "InstalledVersion": "6.5+20250216-2", "Status": "affected", "Layer": { "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69720", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:4d57d21013edd86f841c91aca2d842828d24719fe3ec6ac4e58977f3c2213a44", "Title": "ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.", "Description": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "Severity": "HIGH", "CweIDs": [ "CWE-121", "CWE-120" ], "VendorSeverity": { "alma": 2, "azure": 4, "cbl-mariner": 4, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:5913", "https://access.redhat.com/security/cve/CVE-2025-69720", "https://bugzilla.redhat.com/2449037", "https://bugzilla.redhat.com/show_bug.cgi?id=2449037", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69720", "https://errata.almalinux.org/10/ALSA-2026-5913.html", "https://errata.rockylinux.org/RLSA-2026:5913", "https://github.com/Cao-Wuhui/CVE-2025-69720", "https://invisible-island.net/archives/ncurses/6.5/", "https://invisible-island.net/ncurses/", "https://linux.oracle.com/cve/CVE-2025-69720.html", "https://linux.oracle.com/errata/ELSA-2026-5913.html", "https://marc.info/?l=ncurses-bug\u0026m=176539968328570\u0026w=2", "https://marc.info/?l=ncurses-bug\u0026m=176540731801330\u0026w=2", "https://marc.info/?l=ncurses-bug\u0026m=176545557728083\u0026w=2", "https://nvd.nist.gov/vuln/detail/CVE-2025-69720", "https://www.cve.org/CVERecord?id=CVE-2025-69720" ], "PublishedDate": "2026-03-19T15:16:21.293Z", "LastModifiedDate": "2026-03-26T19:35:10.547Z" }, { "VulnerabilityID": "CVE-2026-27456", "PkgID": "libsmartcols1@2.41-5", "PkgName": "libsmartcols1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsmartcols1@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "780dbec0869ab8e" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:bfbd68f5f2157efeec31929024ed24baa54fb339adaecda9d72eaf97d64afeec", "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59", "CWE-269", "CWE-367" ], "VendorSeverity": { "azure": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27456", "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "https://www.cve.org/CVERecord?id=CVE-2026-27456" ], "PublishedDate": "2026-04-03T22:16:25.4Z", "LastModifiedDate": "2026-04-22T16:08:55.1Z" }, { "VulnerabilityID": "CVE-2026-3184", "PkgID": "libsmartcols1@2.41-5", "PkgName": "libsmartcols1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsmartcols1@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "780dbec0869ab8e" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:9650bf90815644bd7452abf1b641da490c28fa22ce8e98f6f96c3d09dc924d3b", "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", "Severity": "MEDIUM", "CweIDs": [ "CWE-289" ], "VendorSeverity": { "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7180", "https://access.redhat.com/security/cve/CVE-2026-3184", "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", "https://www.cve.org/CVERecord?id=CVE-2026-3184" ], "PublishedDate": "2026-04-03T19:17:23.377Z", "LastModifiedDate": "2026-05-01T19:29:51.02Z" }, { "VulnerabilityID": "CVE-2025-69720", "PkgID": "libtinfo6@6.5+20250216-2", "PkgName": "libtinfo6", "PkgIdentifier": { "PURL": "pkg:deb/debian/libtinfo6@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.5", "UID": "ba2c2b464f07108a" }, "InstalledVersion": "6.5+20250216-2", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69720", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:a909bd893728c34e84d63a7248be944e4dcfd752e481f53a8f04edf766c02b3f", "Title": "ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.", "Description": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "Severity": "HIGH", "CweIDs": [ "CWE-121", "CWE-120" ], "VendorSeverity": { "alma": 2, "azure": 4, "cbl-mariner": 4, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:5913", "https://access.redhat.com/security/cve/CVE-2025-69720", "https://bugzilla.redhat.com/2449037", "https://bugzilla.redhat.com/show_bug.cgi?id=2449037", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69720", "https://errata.almalinux.org/10/ALSA-2026-5913.html", "https://errata.rockylinux.org/RLSA-2026:5913", "https://github.com/Cao-Wuhui/CVE-2025-69720", "https://invisible-island.net/archives/ncurses/6.5/", "https://invisible-island.net/ncurses/", "https://linux.oracle.com/cve/CVE-2025-69720.html", "https://linux.oracle.com/errata/ELSA-2026-5913.html", "https://marc.info/?l=ncurses-bug\u0026m=176539968328570\u0026w=2", "https://marc.info/?l=ncurses-bug\u0026m=176540731801330\u0026w=2", "https://marc.info/?l=ncurses-bug\u0026m=176545557728083\u0026w=2", "https://nvd.nist.gov/vuln/detail/CVE-2025-69720", "https://www.cve.org/CVERecord?id=CVE-2025-69720" ], "PublishedDate": "2026-03-19T15:16:21.293Z", "LastModifiedDate": "2026-03-26T19:35:10.547Z" }, { "VulnerabilityID": "CVE-2026-27456", "PkgID": "libuuid1@2.41-5", "PkgName": "libuuid1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libuuid1@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "1afbb50818377478" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:3b69a00de2c02ec54249af8e1ff7cddb7fa5a1783783c62347c47e9128444395", "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59", "CWE-269", "CWE-367" ], "VendorSeverity": { "azure": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27456", "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "https://www.cve.org/CVERecord?id=CVE-2026-27456" ], "PublishedDate": "2026-04-03T22:16:25.4Z", "LastModifiedDate": "2026-04-22T16:08:55.1Z" }, { "VulnerabilityID": "CVE-2026-3184", "PkgID": "libuuid1@2.41-5", "PkgName": "libuuid1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libuuid1@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "1afbb50818377478" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:2f240b864e2ccdb5b47f89a5e698a2cae073228852916f4e53e2a1c97829c73d", "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", "Severity": "MEDIUM", "CweIDs": [ "CWE-289" ], "VendorSeverity": { "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7180", "https://access.redhat.com/security/cve/CVE-2026-3184", "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", "https://www.cve.org/CVERecord?id=CVE-2026-3184" ], "PublishedDate": "2026-04-03T19:17:23.377Z", "LastModifiedDate": "2026-05-01T19:29:51.02Z" }, { "VulnerabilityID": "CVE-2026-27456", "PkgID": "login@1:4.16.0-2+really2.41-5", "PkgName": "login", "PkgIdentifier": { "PURL": "pkg:deb/debian/login@4.16.0-2%2Breally2.41-5?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "c0ab0b857644733b" }, "InstalledVersion": "1:4.16.0-2+really2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:ad3fb67c2c1cfac7c7ca3788194728a8a9a94cf4a5917a13f2072e6c0af7a350", "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59", "CWE-269", "CWE-367" ], "VendorSeverity": { "azure": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27456", "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "https://www.cve.org/CVERecord?id=CVE-2026-27456" ], "PublishedDate": "2026-04-03T22:16:25.4Z", "LastModifiedDate": "2026-04-22T16:08:55.1Z" }, { "VulnerabilityID": "CVE-2026-3184", "PkgID": "login@1:4.16.0-2+really2.41-5", "PkgName": "login", "PkgIdentifier": { "PURL": "pkg:deb/debian/login@4.16.0-2%2Breally2.41-5?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "c0ab0b857644733b" }, "InstalledVersion": "1:4.16.0-2+really2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:fb5eb329a8139c265be893d38c331dbd2c789abe300b5ce939b6ab4e0cd82bbf", "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", "Severity": "MEDIUM", "CweIDs": [ "CWE-289" ], "VendorSeverity": { "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7180", "https://access.redhat.com/security/cve/CVE-2026-3184", "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", "https://www.cve.org/CVERecord?id=CVE-2026-3184" ], "PublishedDate": "2026-04-03T19:17:23.377Z", "LastModifiedDate": "2026-05-01T19:29:51.02Z" }, { "VulnerabilityID": "CVE-2026-27456", "PkgID": "mount@2.41-5", "PkgName": "mount", "PkgIdentifier": { "PURL": "pkg:deb/debian/mount@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "55c835c674d0a0e5" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:106a84cd7883c06968fcd11d3092990ea04c50c21fcaa677d38ce047fa8742da", "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59", "CWE-269", "CWE-367" ], "VendorSeverity": { "azure": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27456", "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "https://www.cve.org/CVERecord?id=CVE-2026-27456" ], "PublishedDate": "2026-04-03T22:16:25.4Z", "LastModifiedDate": "2026-04-22T16:08:55.1Z" }, { "VulnerabilityID": "CVE-2026-3184", "PkgID": "mount@2.41-5", "PkgName": "mount", "PkgIdentifier": { "PURL": "pkg:deb/debian/mount@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "55c835c674d0a0e5" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:2dd84bb9ffd00958438e2b069976dafcf778dad93f30a0ad778c2691e27475cb", "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", "Severity": "MEDIUM", "CweIDs": [ "CWE-289" ], "VendorSeverity": { "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7180", "https://access.redhat.com/security/cve/CVE-2026-3184", "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", "https://www.cve.org/CVERecord?id=CVE-2026-3184" ], "PublishedDate": "2026-04-03T19:17:23.377Z", "LastModifiedDate": "2026-05-01T19:29:51.02Z" }, { "VulnerabilityID": "CVE-2025-69720", "PkgID": "ncurses-base@6.5+20250216-2", "PkgName": "ncurses-base", "PkgIdentifier": { "PURL": "pkg:deb/debian/ncurses-base@6.5%2B20250216-2?arch=all\u0026distro=debian-13.5", "UID": "767a0231348a5cb5" }, "InstalledVersion": "6.5+20250216-2", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69720", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:c66678f7af162644c73504b2cd8d87bd9aec4095d1d1bcfe42329e78187f366b", "Title": "ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.", "Description": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "Severity": "HIGH", "CweIDs": [ "CWE-121", "CWE-120" ], "VendorSeverity": { "alma": 2, "azure": 4, "cbl-mariner": 4, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:5913", "https://access.redhat.com/security/cve/CVE-2025-69720", "https://bugzilla.redhat.com/2449037", "https://bugzilla.redhat.com/show_bug.cgi?id=2449037", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69720", "https://errata.almalinux.org/10/ALSA-2026-5913.html", "https://errata.rockylinux.org/RLSA-2026:5913", "https://github.com/Cao-Wuhui/CVE-2025-69720", "https://invisible-island.net/archives/ncurses/6.5/", "https://invisible-island.net/ncurses/", "https://linux.oracle.com/cve/CVE-2025-69720.html", "https://linux.oracle.com/errata/ELSA-2026-5913.html", "https://marc.info/?l=ncurses-bug\u0026m=176539968328570\u0026w=2", "https://marc.info/?l=ncurses-bug\u0026m=176540731801330\u0026w=2", "https://marc.info/?l=ncurses-bug\u0026m=176545557728083\u0026w=2", "https://nvd.nist.gov/vuln/detail/CVE-2025-69720", "https://www.cve.org/CVERecord?id=CVE-2025-69720" ], "PublishedDate": "2026-03-19T15:16:21.293Z", "LastModifiedDate": "2026-03-26T19:35:10.547Z" }, { "VulnerabilityID": "CVE-2025-69720", "PkgID": "ncurses-bin@6.5+20250216-2", "PkgName": "ncurses-bin", "PkgIdentifier": { "PURL": "pkg:deb/debian/ncurses-bin@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.5", "UID": "5b541563cf6587e5" }, "InstalledVersion": "6.5+20250216-2", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69720", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:5c62c30e5dd0b9165b4bc1c123ad4d01ae809c974f4911cad2f47e09e5033541", "Title": "ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.", "Description": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "Severity": "HIGH", "CweIDs": [ "CWE-121", "CWE-120" ], "VendorSeverity": { "alma": 2, "azure": 4, "cbl-mariner": 4, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:5913", "https://access.redhat.com/security/cve/CVE-2025-69720", "https://bugzilla.redhat.com/2449037", "https://bugzilla.redhat.com/show_bug.cgi?id=2449037", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69720", "https://errata.almalinux.org/10/ALSA-2026-5913.html", "https://errata.rockylinux.org/RLSA-2026:5913", "https://github.com/Cao-Wuhui/CVE-2025-69720", "https://invisible-island.net/archives/ncurses/6.5/", "https://invisible-island.net/ncurses/", "https://linux.oracle.com/cve/CVE-2025-69720.html", "https://linux.oracle.com/errata/ELSA-2026-5913.html", "https://marc.info/?l=ncurses-bug\u0026m=176539968328570\u0026w=2", "https://marc.info/?l=ncurses-bug\u0026m=176540731801330\u0026w=2", "https://marc.info/?l=ncurses-bug\u0026m=176545557728083\u0026w=2", "https://nvd.nist.gov/vuln/detail/CVE-2025-69720", "https://www.cve.org/CVERecord?id=CVE-2025-69720" ], "PublishedDate": "2026-03-19T15:16:21.293Z", "LastModifiedDate": "2026-03-26T19:35:10.547Z" }, { "VulnerabilityID": "CVE-2026-5704", "PkgID": "tar@1.35+dfsg-3.1", "PkgName": "tar", "PkgIdentifier": { "PURL": "pkg:deb/debian/tar@1.35%2Bdfsg-3.1?arch=amd64\u0026distro=debian-13.5", "UID": "4f69996c49afbaca" }, "InstalledVersion": "1.35+dfsg-3.1", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5704", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:dba3b85f8665a48ab473c378207a09a8b34da3047907f53125a50d132564de74", "Title": "tar: tar: Hidden file injection via crafted archives", "Description": "A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection.", "Severity": "MEDIUM", "CweIDs": [ "CWE-434" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "V3Score": 5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/11/10", "http://www.openwall.com/lists/oss-security/2026/04/11/11", "http://www.openwall.com/lists/oss-security/2026/04/12/2", "https://access.redhat.com/security/cve/CVE-2026-5704", "https://bugzilla.redhat.com/show_bug.cgi?id=2455360", "https://nvd.nist.gov/vuln/detail/CVE-2026-5704", "https://www.cve.org/CVERecord?id=CVE-2026-5704" ], "PublishedDate": "2026-04-06T16:16:42.14Z", "LastModifiedDate": "2026-04-22T20:08:59.92Z" }, { "VulnerabilityID": "CVE-2026-27456", "PkgID": "util-linux@2.41-5", "PkgName": "util-linux", "PkgIdentifier": { "PURL": "pkg:deb/debian/util-linux@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "972fb85b9c9e83e7" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:ec60f9924a55c1f9ad836fae64b1b02f24e3c2259288502dad705a073235719d", "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59", "CWE-269", "CWE-367" ], "VendorSeverity": { "azure": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27456", "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "https://www.cve.org/CVERecord?id=CVE-2026-27456" ], "PublishedDate": "2026-04-03T22:16:25.4Z", "LastModifiedDate": "2026-04-22T16:08:55.1Z" }, { "VulnerabilityID": "CVE-2026-3184", "PkgID": "util-linux@2.41-5", "PkgName": "util-linux", "PkgIdentifier": { "PURL": "pkg:deb/debian/util-linux@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "972fb85b9c9e83e7" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:e9e56abe608dcfe0bd1d69e938e9be3eb06d81ae7b7e6d82fe022198d4d0d4dc", "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", "Severity": "MEDIUM", "CweIDs": [ "CWE-289" ], "VendorSeverity": { "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7180", "https://access.redhat.com/security/cve/CVE-2026-3184", "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", "https://www.cve.org/CVERecord?id=CVE-2026-3184" ], "PublishedDate": "2026-04-03T19:17:23.377Z", "LastModifiedDate": "2026-05-01T19:29:51.02Z" }, { "VulnerabilityID": "CVE-2026-27171", "PkgID": "zlib1g@1:1.3.dfsg+really1.3.1-1+b1", "PkgName": "zlib1g", "PkgIdentifier": { "PURL": "pkg:deb/debian/zlib1g@1.3.dfsg%2Breally1.3.1-1%2Bb1?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "ff182eb2a26a8142" }, "InstalledVersion": "1:1.3.dfsg+really1.3.1-1+b1", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27171", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:bf46a3644bc01c553b46ca0ad39c24caf0bef6e14a5aec064021802c26cb0284", "Title": "zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions", "Description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", "Severity": "MEDIUM", "CweIDs": [ "CWE-1284" ], "VendorSeverity": { "amazon": 1, "azure": 1, "cbl-mariner": 1, "julia": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 2.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit", "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", "https://access.redhat.com/security/cve/CVE-2026-27171", "https://github.com/advisories/GHSA-h858-mf2m-8jf4", "https://github.com/madler/zlib/issues/904", "https://github.com/madler/zlib/releases/tag/v1.3.2", "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", "https://ostif.org/zlib-audit-complete", "https://ostif.org/zlib-audit-complete/", "https://www.cve.org/CVERecord?id=CVE-2026-27171" ], "PublishedDate": "2026-02-18T04:16:01.263Z", "LastModifiedDate": "2026-03-25T21:27:04.603Z" } ] }, { "Target": "Python", "Class": "lang-pkgs", "Type": "python-pkg", "Packages": [ { "Name": "pip", "Identifier": { "PURL": "pkg:pypi/pip@25.0.1", "UID": "7d864d9a4bf3bfe8" }, "Version": "25.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" }, "FilePath": "usr/local/lib/python3.12/site-packages/pip-25.0.1.dist-info/METADATA", "AnalyzedBy": "python-pkg" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2025-8869", "VendorIDs": [ "GHSA-4xh5-x5gv-qwph" ], "PkgName": "pip", "PkgPath": "usr/local/lib/python3.12/site-packages/pip-25.0.1.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/pip@25.0.1", "UID": "7d864d9a4bf3bfe8" }, "InstalledVersion": "25.0.1", "FixedVersion": "25.3", "Status": "fixed", "Layer": { "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8869", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:42863a411c9517557e1744d4dfd39ff9bc29495eff1e5499dcd724418ce89c2d", "Title": "pip: pip missing checks on symbolic link extraction", "Description": "When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706.\nNote that upgrading pip to a \"fixed\" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python version that implements PEP 706.\n\nNote that this is a vulnerability in pip's fallback implementation of tar extraction for Python versions that don't implement PEP 706\nand therefore are not secure to all vulnerabilities in the Python 'tarfile' module. If you're using a Python version that implements PEP 706\nthen pip doesn't use the \"vulnerable\" fallback code.\n\nMitigations include upgrading to a version of pip that includes the fix, upgrading to a Python version that implements PEP 706 (Python \u003e=3.9.17, \u003e=3.10.12, \u003e=3.11.4, or \u003e=3.12),\napplying the linked patch, or inspecting source distributions (sdists) before installation as is already a best-practice.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 2, "azure": 2, "ghsa": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "V40Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-8869", "https://github.com/pypa/pip", "https://github.com/pypa/pip/commit/f2b92314da012b9fffa36b3f3e67748a37ef464a", "https://github.com/pypa/pip/pull/13550", "https://lists.debian.org/debian-lts-announce/2025/10/msg00028.html", "https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN", "https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN/", "https://nvd.nist.gov/vuln/detail/CVE-2025-8869", "https://pip.pypa.io/en/stable/news/#v25-2", "https://www.cve.org/CVERecord?id=CVE-2025-8869" ], "PublishedDate": "2025-09-24T15:15:41.293Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2026-3219", "VendorIDs": [ "GHSA-58qw-9mgm-455v" ], "PkgName": "pip", "PkgPath": "usr/local/lib/python3.12/site-packages/pip-25.0.1.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/pip@25.0.1", "UID": "7d864d9a4bf3bfe8" }, "InstalledVersion": "25.0.1", "FixedVersion": "26.1", "Status": "fixed", "Layer": { "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3219", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:7bf17290665b4787fc0122d98ffb36d3c01a88784921e24e7c39276cc7339c42", "Title": "pip: pip: Incorrect file installation due to improper archive handling", "Description": "pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing \"incorrect\" files according to the filename of the archive. New behavior only proceeds with installation if the file identifies uniquely as a ZIP or tar archive, not as both.", "Severity": "MEDIUM", "CweIDs": [ "CWE-434" ], "VendorSeverity": { "amazon": 3, "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "V40Score": 4.6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "V3Score": 5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/20/8", "https://access.redhat.com/security/cve/CVE-2026-3219", "https://github.com/pypa/pip", "https://github.com/pypa/pip/issues/13867", "https://github.com/pypa/pip/pull/13870", "https://mail.python.org/archives/list/security-announce@python.org/thread/QAJ5JIVWWCAJ4EZL2FP5MOOW35JS7LRJ", "https://mail.python.org/archives/list/security-announce@python.org/thread/QAJ5JIVWWCAJ4EZL2FP5MOOW35JS7LRJ/", "https://nvd.nist.gov/vuln/detail/CVE-2026-3219", "https://www.cve.org/CVERecord?id=CVE-2026-3219" ], "PublishedDate": "2026-04-20T16:16:45.43Z", "LastModifiedDate": "2026-04-20T21:16:36.42Z" }, { "VulnerabilityID": "CVE-2026-6357", "VendorIDs": [ "GHSA-jp4c-xjxw-mgf9" ], "PkgName": "pip", "PkgPath": "usr/local/lib/python3.12/site-packages/pip-25.0.1.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/pip@25.0.1", "UID": "7d864d9a4bf3bfe8" }, "InstalledVersion": "25.0.1", "FixedVersion": "26.1", "Status": "fixed", "Layer": { "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6357", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:50c01cddfb2d5c6addeb179114d8bb183aab36219080d055522332e33d4d5aa1", "Title": "pip: pip: Arbitrary code execution or information disclosure via malicious wheel package installation", "Description": "pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run before wheels are installed to prevent newly-installed modules from being imported shortly after the installation of a wheel package. Users should still review package contents prior to installation.", "Severity": "MEDIUM", "CweIDs": [ "CWE-829" ], "VendorSeverity": { "amazon": 3, "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N", "V40Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", "V3Score": 5.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/27/7", "https://access.redhat.com/security/cve/CVE-2026-6357", "https://github.com/pypa/pip", "https://github.com/pypa/pip/commit/b369bfc96cc524e00c267e1693290e6599c36bad", "https://github.com/pypa/pip/pull/13923", "https://ichard26.github.io/blog/2026/04/whats-new-in-pip-26.1/#security-fixes", "https://nvd.nist.gov/vuln/detail/CVE-2026-6357", "https://www.cve.org/CVERecord?id=CVE-2026-6357" ], "PublishedDate": "2026-04-27T15:16:20.857Z", "LastModifiedDate": "2026-04-27T23:16:03.533Z" } ] } ] }, { "Namespace": "mail", "Kind": "CronJob", "Name": "cert-checker-postfix", "Metadata": [ { "Size": 123288576, "OS": { "Family": "debian", "Name": "13.5" }, "ImageID": "sha256:e1054bc5a9f2ddbdd6d0247997c45f2201a4e9b4c6f824b247064a558e877070", "DiffIDs": [ "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40", "sha256:ae0096d57d7f18e7861848f1103983488102f78517c11444120d8a938884de54", "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939", "sha256:6872606a6b819a8348189e0d99b8e730aa74d558c158d96f1dd2406a7c6baaf7" ], "RepoTags": [ "python:3.12-slim" ], "RepoDigests": [ "python@sha256:9d3abd9fc11d06998ccdbdd93b4dd49b5ad7d67fcbbc11c016eb0eb2c2194891" ], "Reference": "python:3.12-slim", "ImageConfig": { "architecture": "amd64", "created": "2026-05-19T23:50:55.52769964Z", "history": [ { "created": "2026-05-18T00:00:00Z", "created_by": "# debian.sh --arch 'amd64' out/ 'trixie' '@1779062400'", "comment": "debuerreotype 0.17" }, { "created": "2026-05-19T23:42:40.234278553Z", "created_by": "ENV PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-19T23:42:40.234278553Z", "created_by": "ENV LANG=C.UTF-8", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-19T23:42:40.234278553Z", "created_by": "RUN /bin/sh -c set -eux; \tapt-get update; \tapt-get install -y --no-install-recommends \t\tca-certificates \t\tnetbase \t\ttzdata \t; \tapt-get dist-clean # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-05-19T23:42:40.234278553Z", "created_by": "ENV GPG_KEY=7169605F62C751356D054A26A821E680E5FA6305", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-19T23:42:40.234278553Z", "created_by": "ENV PYTHON_VERSION=3.12.13", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-19T23:42:40.234278553Z", "created_by": "ENV PYTHON_SHA256=c08bc65a81971c1dd5783182826503369466c7e67374d1646519adf05207b684", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-05-19T23:50:55.41770734Z", "created_by": "RUN /bin/sh -c set -eux; \t\tsavedAptMark=\"$(apt-mark showmanual)\"; \tapt-get update; \tapt-get install -y --no-install-recommends \t\tdpkg-dev \t\tgcc \t\tgnupg \t\tlibbluetooth-dev \t\tlibbz2-dev \t\tlibc6-dev \t\tlibdb-dev \t\tlibffi-dev \t\tlibgdbm-dev \t\tliblzma-dev \t\tlibncursesw5-dev \t\tlibreadline-dev \t\tlibsqlite3-dev \t\tlibssl-dev \t\tmake \t\ttk-dev \t\tuuid-dev \t\twget \t\txz-utils \t\tzlib1g-dev \t; \t\twget -O python.tar.xz \"https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz\"; \techo \"$PYTHON_SHA256 *python.tar.xz\" | sha256sum -c -; \twget -O python.tar.xz.asc \"https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc\"; \tGNUPGHOME=\"$(mktemp -d)\"; export GNUPGHOME; \tgpg --batch --keyserver hkps://keys.openpgp.org --recv-keys \"$GPG_KEY\"; \tgpg --batch --verify python.tar.xz.asc python.tar.xz; \tgpgconf --kill all; \trm -rf \"$GNUPGHOME\" python.tar.xz.asc; \tmkdir -p /usr/src/python; \ttar --extract --directory /usr/src/python --strip-components=1 --file python.tar.xz; \trm python.tar.xz; \t\tcd /usr/src/python; \tgnuArch=\"$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)\"; \t./configure \t\t--build=\"$gnuArch\" \t\t--enable-loadable-sqlite-extensions \t\t--enable-optimizations \t\t--enable-option-checking=fatal \t\t--enable-shared \t\t$(test \"${gnuArch%%-*}\" != 'riscv64' \u0026\u0026 echo '--with-lto') \t\t--with-ensurepip \t; \tnproc=\"$(nproc)\"; \tEXTRA_CFLAGS=\"$(dpkg-buildflags --get CFLAGS)\"; \tLDFLAGS=\"$(dpkg-buildflags --get LDFLAGS)\"; \tLDFLAGS=\"${LDFLAGS:-} -Wl,--strip-all\"; \tarch=\"$(dpkg --print-architecture)\"; arch=\"${arch##*-}\"; \tcase \"$arch\" in \t\tamd64|arm64) \t\t\tEXTRA_CFLAGS=\"${EXTRA_CFLAGS:-} -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer\"; \t\t\t;; \t\ti386) \t\t\t;; \t\t*) \t\t\tEXTRA_CFLAGS=\"${EXTRA_CFLAGS:-} -fno-omit-frame-pointer\"; \t\t\t;; \tesac; \tmake -j \"$nproc\" \t\t\"EXTRA_CFLAGS=${EXTRA_CFLAGS:-}\" \t\t\"LDFLAGS=${LDFLAGS:-}\" \t; \trm python; \tmake -j \"$nproc\" \t\t\"EXTRA_CFLAGS=${EXTRA_CFLAGS:-}\" \t\t\"LDFLAGS=${LDFLAGS:-} -Wl,-rpath='\\$\\$ORIGIN/../lib'\" \t\tpython \t; \tmake install; \t\tcd /; \trm -rf /usr/src/python; \t\tfind /usr/local -depth \t\t\\( \t\t\t\\( -type d -a \\( -name test -o -name tests -o -name idle_test \\) \\) \t\t\t-o \\( -type f -a \\( -name '*.pyc' -o -name '*.pyo' -o -name 'libpython*.a' \\) \\) \t\t\\) -exec rm -rf '{}' + \t; \t\tldconfig; \t\tapt-mark auto '.*' \u003e /dev/null; \tapt-mark manual $savedAptMark; \tfind /usr/local -type f -executable -not \\( -name '*tkinter*' \\) -exec ldd '{}' ';' \t\t| awk '/=\u003e/ { so = $(NF-1); if (index(so, \"/usr/local/\") == 1) { next }; gsub(\"^/(usr/)?\", \"\", so); printf \"*%s\\n\", so }' \t\t| sort -u \t\t| xargs -rt dpkg-query --search \t\t| awk 'sub(\":$\", \"\", $1) { print $1 }' \t\t| sort -u \t\t| xargs -r apt-mark manual \t; \tapt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; \tapt-get dist-clean; \t\texport PYTHONDONTWRITEBYTECODE=1; \tpython3 --version; \tpip3 --version # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-05-19T23:50:55.52769964Z", "created_by": "RUN /bin/sh -c set -eux; \tfor src in idle3 pip3 pydoc3 python3 python3-config; do \t\tdst=\"$(echo \"$src\" | tr -d 3)\"; \t\t[ -s \"/usr/local/bin/$src\" ]; \t\t[ ! -e \"/usr/local/bin/$dst\" ]; \t\tln -svT \"$src\" \"/usr/local/bin/$dst\"; \tdone # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-05-19T23:50:55.52769964Z", "created_by": "CMD [\"python3\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true } ], "os": "linux", "rootfs": { "type": "layers", "diff_ids": [ "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40", "sha256:ae0096d57d7f18e7861848f1103983488102f78517c11444120d8a938884de54", "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939", "sha256:6872606a6b819a8348189e0d99b8e730aa74d558c158d96f1dd2406a7c6baaf7" ] }, "config": { "Cmd": [ "python3" ], "Env": [ "PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "LANG=C.UTF-8", "GPG_KEY=7169605F62C751356D054A26A821E680E5FA6305", "PYTHON_VERSION=3.12.13", "PYTHON_SHA256=c08bc65a81971c1dd5783182826503369466c7e67374d1646519adf05207b684" ] } }, "Layers": [ { "Size": 81049600, "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, { "Size": 4127232, "Digest": "sha256:4a9dde5cdde190bfa0a3ab17863a083e66ea9636b157638c315357dfa476ba76", "DiffID": "sha256:ae0096d57d7f18e7861848f1103983488102f78517c11444120d8a938884de54" }, { "Size": 38106624, "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" }, { "Size": 5120, "Digest": "sha256:07342fe545e640a2c4960e97ffe33a301cd8e61e0c4d4307d7ac66b6b8a9eb2d", "DiffID": "sha256:6872606a6b819a8348189e0d99b8e730aa74d558c158d96f1dd2406a7c6baaf7" } ] } ], "Results": [ { "Target": "python:3.12-slim (debian 13.5)", "Class": "os-pkgs", "Type": "debian", "Packages": [ { "ID": "adduser@3.152", "Name": "adduser", "Identifier": { "PURL": "pkg:deb/debian/adduser@3.152?arch=all\u0026distro=debian-13.5", "UID": "681428a4291e51" }, "Version": "3.152", "Arch": "all", "SrcName": "adduser", "SrcVersion": "3.152", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Debian Adduser Developers \u003cadduser@packages.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "passwd@1:4.17.4-2" ], "Layer": { "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" }, "InstalledFiles": [ "/usr/sbin/adduser", "/usr/sbin/deluser", "/usr/share/doc/adduser/NEWS.Debian.gz", "/usr/share/doc/adduser/README.gz", "/usr/share/doc/adduser/TODO", "/usr/share/doc/adduser/changelog.gz", "/usr/share/doc/adduser/copyright", "/usr/share/doc/adduser/examples/INSTALL", "/usr/share/doc/adduser/examples/README", "/usr/share/doc/adduser/examples/adduser.conf", "/usr/share/doc/adduser/examples/adduser.local", "/usr/share/doc/adduser/examples/adduser.local.conf", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/bash.bashrc", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/profile", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel.other/index.html", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bash_logout", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bash_profile", "/usr/share/doc/adduser/examples/adduser.local.conf.examples/skel/dot.bashrc", "/usr/share/doc/adduser/examples/deluser.conf", "/usr/share/man/da/man5/deluser.conf.5.gz", "/usr/share/man/de/man5/adduser.conf.5.gz", "/usr/share/man/de/man5/deluser.conf.5.gz", "/usr/share/man/de/man8/adduser.8.gz", "/usr/share/man/de/man8/adduser.local.8.gz", "/usr/share/man/de/man8/deluser.8.gz", "/usr/share/man/es/man5/deluser.conf.5.gz", "/usr/share/man/fr/man5/adduser.conf.5.gz", "/usr/share/man/fr/man5/deluser.conf.5.gz", "/usr/share/man/fr/man8/adduser.8.gz", "/usr/share/man/fr/man8/deluser.8.gz", "/usr/share/man/it/man5/deluser.conf.5.gz", "/usr/share/man/man5/adduser.conf.5.gz", "/usr/share/man/man5/deluser.conf.5.gz", "/usr/share/man/man8/adduser.8.gz", "/usr/share/man/man8/adduser.local.8.gz", "/usr/share/man/man8/deluser.8.gz", "/usr/share/man/nl/man5/adduser.conf.5.gz", "/usr/share/man/nl/man5/deluser.conf.5.gz", "/usr/share/man/nl/man8/adduser.8.gz", "/usr/share/man/nl/man8/adduser.local.8.gz", "/usr/share/man/nl/man8/deluser.8.gz", "/usr/share/man/pl/man5/deluser.conf.5.gz", "/usr/share/man/pt/man5/adduser.conf.5.gz", "/usr/share/man/pt/man5/deluser.conf.5.gz", "/usr/share/man/pt/man8/adduser.8.gz", "/usr/share/man/pt/man8/adduser.local.8.gz", "/usr/share/man/pt/man8/deluser.8.gz", "/usr/share/man/ro/man5/adduser.conf.5.gz", "/usr/share/man/ro/man5/deluser.conf.5.gz", "/usr/share/man/ro/man8/adduser.8.gz", "/usr/share/man/ro/man8/adduser.local.8.gz", "/usr/share/man/ro/man8/deluser.8.gz", "/usr/share/man/ru/man5/deluser.conf.5.gz", "/usr/share/man/sv/man5/deluser.conf.5.gz", "/usr/share/perl5/Debian/AdduserCommon.pm", "/usr/share/perl5/Debian/AdduserLogging.pm", "/usr/share/perl5/Debian/AdduserRetvalues.pm" ], "AnalyzedBy": "dpkg" }, { "ID": "apt@3.0.3", "Name": "apt", "Identifier": { "PURL": "pkg:deb/debian/apt@3.0.3?arch=amd64\u0026distro=debian-13.5", "UID": "2e5d8c8032700559" }, "Version": "3.0.3", "Arch": "amd64", "SrcName": "apt", "SrcVersion": "3.0.3", "Licenses": [ "GPL-2.0-or-later", "curl", "BSD-3-Clause", "MIT", "GPL-2.0-only" ], "Maintainer": "APT Development Team \u003cdeity@lists.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "adduser@3.152", "base-passwd@3.6.7", "debian-archive-keyring@2025.1", "libapt-pkg7.0@3.0.3", "libc6@2.41-12+deb13u3", "libgcc-s1@14.2.0-19", "libseccomp2@2.6.0-2", "libssl3t64@3.5.6-1~deb13u1", "libstdc++6@14.2.0-19", "libsystemd0@257.13-1~deb13u1", "sqv@1.3.0-3+b2" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/apt", "/usr/bin/apt-cache", "/usr/bin/apt-cdrom", "/usr/bin/apt-config", "/usr/bin/apt-get", "/usr/bin/apt-mark", "/usr/lib/apt/apt-extracttemplates", "/usr/lib/apt/apt-helper", "/usr/lib/apt/apt.systemd.daily", "/usr/lib/apt/methods/cdrom", "/usr/lib/apt/methods/copy", "/usr/lib/apt/methods/file", "/usr/lib/apt/methods/gpgv", "/usr/lib/apt/methods/http", "/usr/lib/apt/methods/mirror", "/usr/lib/apt/methods/rred", "/usr/lib/apt/methods/sqv", "/usr/lib/apt/methods/store", "/usr/lib/apt/solvers/dump", "/usr/lib/dpkg/methods/apt/desc.apt", "/usr/lib/dpkg/methods/apt/install", "/usr/lib/dpkg/methods/apt/names", "/usr/lib/dpkg/methods/apt/setup", "/usr/lib/dpkg/methods/apt/update", "/usr/lib/systemd/system/apt-daily-upgrade.service", "/usr/lib/systemd/system/apt-daily-upgrade.timer", "/usr/lib/systemd/system/apt-daily.service", "/usr/lib/systemd/system/apt-daily.timer", "/usr/lib/x86_64-linux-gnu/libapt-private.so.0.0.0", "/usr/share/apt/default-sequoia.config", "/usr/share/bash-completion/completions/apt", "/usr/share/bug/apt/script", "/usr/share/doc/apt/NEWS.Debian.gz", "/usr/share/doc/apt/README.md.gz", "/usr/share/doc/apt/changelog.gz", "/usr/share/doc/apt/copyright", "/usr/share/doc/apt/examples/apt.conf", "/usr/share/doc/apt/examples/configure-index", "/usr/share/doc/apt/examples/debian.sources", "/usr/share/doc/apt/examples/preferences", "/usr/share/lintian/overrides/apt", "/usr/share/locale/ar/LC_MESSAGES/apt.mo", "/usr/share/locale/ast/LC_MESSAGES/apt.mo", "/usr/share/locale/bg/LC_MESSAGES/apt.mo", "/usr/share/locale/bs/LC_MESSAGES/apt.mo", "/usr/share/locale/ca/LC_MESSAGES/apt.mo", "/usr/share/locale/cs/LC_MESSAGES/apt.mo", "/usr/share/locale/cy/LC_MESSAGES/apt.mo", "/usr/share/locale/da/LC_MESSAGES/apt.mo", "/usr/share/locale/de/LC_MESSAGES/apt.mo", "/usr/share/locale/dz/LC_MESSAGES/apt.mo", "/usr/share/locale/el/LC_MESSAGES/apt.mo", "/usr/share/locale/es/LC_MESSAGES/apt.mo", "/usr/share/locale/eu/LC_MESSAGES/apt.mo", "/usr/share/locale/fi/LC_MESSAGES/apt.mo", "/usr/share/locale/fr/LC_MESSAGES/apt.mo", "/usr/share/locale/gl/LC_MESSAGES/apt.mo", "/usr/share/locale/hu/LC_MESSAGES/apt.mo", "/usr/share/locale/it/LC_MESSAGES/apt.mo", "/usr/share/locale/ja/LC_MESSAGES/apt.mo", "/usr/share/locale/km/LC_MESSAGES/apt.mo", "/usr/share/locale/ko/LC_MESSAGES/apt.mo", "/usr/share/locale/ku/LC_MESSAGES/apt.mo", "/usr/share/locale/lt/LC_MESSAGES/apt.mo", "/usr/share/locale/mr/LC_MESSAGES/apt.mo", "/usr/share/locale/nb/LC_MESSAGES/apt.mo", "/usr/share/locale/ne/LC_MESSAGES/apt.mo", "/usr/share/locale/nl/LC_MESSAGES/apt.mo", "/usr/share/locale/nn/LC_MESSAGES/apt.mo", "/usr/share/locale/pl/LC_MESSAGES/apt.mo", "/usr/share/locale/pt/LC_MESSAGES/apt.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/apt.mo", "/usr/share/locale/ro/LC_MESSAGES/apt.mo", "/usr/share/locale/ru/LC_MESSAGES/apt.mo", "/usr/share/locale/sk/LC_MESSAGES/apt.mo", "/usr/share/locale/sl/LC_MESSAGES/apt.mo", "/usr/share/locale/sv/LC_MESSAGES/apt.mo", "/usr/share/locale/th/LC_MESSAGES/apt.mo", "/usr/share/locale/tl/LC_MESSAGES/apt.mo", "/usr/share/locale/tr/LC_MESSAGES/apt.mo", "/usr/share/locale/uk/LC_MESSAGES/apt.mo", "/usr/share/locale/vi/LC_MESSAGES/apt.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/apt.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/apt.mo", "/usr/share/man/de/man1/apt-transport-http.1.gz", "/usr/share/man/de/man1/apt-transport-https.1.gz", "/usr/share/man/de/man1/apt-transport-mirror.1.gz", "/usr/share/man/de/man5/apt.conf.5.gz", "/usr/share/man/de/man5/apt_auth.conf.5.gz", "/usr/share/man/de/man5/apt_preferences.5.gz", "/usr/share/man/de/man5/sources.list.5.gz", "/usr/share/man/de/man7/apt-patterns.7.gz", "/usr/share/man/de/man8/apt-cache.8.gz", "/usr/share/man/de/man8/apt-cdrom.8.gz", "/usr/share/man/de/man8/apt-config.8.gz", "/usr/share/man/de/man8/apt-get.8.gz", "/usr/share/man/de/man8/apt-mark.8.gz", "/usr/share/man/de/man8/apt-secure.8.gz", "/usr/share/man/de/man8/apt.8.gz", "/usr/share/man/es/man5/apt_preferences.5.gz", "/usr/share/man/es/man8/apt-cache.8.gz", "/usr/share/man/es/man8/apt-cdrom.8.gz", "/usr/share/man/es/man8/apt-config.8.gz", "/usr/share/man/fr/man1/apt-transport-http.1.gz", "/usr/share/man/fr/man1/apt-transport-https.1.gz", "/usr/share/man/fr/man1/apt-transport-mirror.1.gz", "/usr/share/man/fr/man5/apt.conf.5.gz", "/usr/share/man/fr/man5/apt_auth.conf.5.gz", "/usr/share/man/fr/man5/apt_preferences.5.gz", "/usr/share/man/fr/man5/sources.list.5.gz", "/usr/share/man/fr/man7/apt-patterns.7.gz", "/usr/share/man/fr/man8/apt-cache.8.gz", "/usr/share/man/fr/man8/apt-cdrom.8.gz", "/usr/share/man/fr/man8/apt-config.8.gz", "/usr/share/man/fr/man8/apt-get.8.gz", "/usr/share/man/fr/man8/apt-mark.8.gz", "/usr/share/man/fr/man8/apt-secure.8.gz", "/usr/share/man/fr/man8/apt.8.gz", "/usr/share/man/it/man5/apt.conf.5.gz", "/usr/share/man/it/man5/apt_preferences.5.gz", "/usr/share/man/it/man8/apt-cache.8.gz", "/usr/share/man/it/man8/apt-cdrom.8.gz", "/usr/share/man/it/man8/apt-config.8.gz", "/usr/share/man/it/man8/apt-mark.8.gz", "/usr/share/man/it/man8/apt.8.gz", "/usr/share/man/ja/man5/apt.conf.5.gz", "/usr/share/man/ja/man5/apt_preferences.5.gz", "/usr/share/man/ja/man8/apt-cache.8.gz", "/usr/share/man/ja/man8/apt-cdrom.8.gz", "/usr/share/man/ja/man8/apt-config.8.gz", "/usr/share/man/ja/man8/apt-mark.8.gz", "/usr/share/man/ja/man8/apt.8.gz", "/usr/share/man/man1/apt-transport-http.1.gz", "/usr/share/man/man1/apt-transport-https.1.gz", "/usr/share/man/man1/apt-transport-mirror.1.gz", "/usr/share/man/man5/apt.conf.5.gz", "/usr/share/man/man5/apt_auth.conf.5.gz", "/usr/share/man/man5/apt_preferences.5.gz", "/usr/share/man/man5/sources.list.5.gz", "/usr/share/man/man7/apt-patterns.7.gz", "/usr/share/man/man8/apt-cache.8.gz", "/usr/share/man/man8/apt-cdrom.8.gz", "/usr/share/man/man8/apt-config.8.gz", "/usr/share/man/man8/apt-get.8.gz", "/usr/share/man/man8/apt-mark.8.gz", "/usr/share/man/man8/apt-secure.8.gz", "/usr/share/man/man8/apt.8.gz", "/usr/share/man/nl/man1/apt-transport-http.1.gz", "/usr/share/man/nl/man1/apt-transport-https.1.gz", "/usr/share/man/nl/man1/apt-transport-mirror.1.gz", "/usr/share/man/nl/man5/apt.conf.5.gz", "/usr/share/man/nl/man5/apt_auth.conf.5.gz", "/usr/share/man/nl/man5/apt_preferences.5.gz", "/usr/share/man/nl/man5/sources.list.5.gz", "/usr/share/man/nl/man7/apt-patterns.7.gz", "/usr/share/man/nl/man8/apt-cache.8.gz", "/usr/share/man/nl/man8/apt-cdrom.8.gz", "/usr/share/man/nl/man8/apt-config.8.gz", "/usr/share/man/nl/man8/apt-get.8.gz", "/usr/share/man/nl/man8/apt-mark.8.gz", "/usr/share/man/nl/man8/apt-secure.8.gz", "/usr/share/man/nl/man8/apt.8.gz", "/usr/share/man/pl/man5/apt_preferences.5.gz", "/usr/share/man/pl/man8/apt-cache.8.gz", "/usr/share/man/pl/man8/apt-cdrom.8.gz", "/usr/share/man/pl/man8/apt-config.8.gz", "/usr/share/man/pt/man1/apt-transport-http.1.gz", "/usr/share/man/pt/man1/apt-transport-https.1.gz", "/usr/share/man/pt/man1/apt-transport-mirror.1.gz", "/usr/share/man/pt/man5/apt.conf.5.gz", "/usr/share/man/pt/man5/apt_auth.conf.5.gz", "/usr/share/man/pt/man5/apt_preferences.5.gz", "/usr/share/man/pt/man5/sources.list.5.gz", "/usr/share/man/pt/man7/apt-patterns.7.gz", "/usr/share/man/pt/man8/apt-cache.8.gz", "/usr/share/man/pt/man8/apt-cdrom.8.gz", "/usr/share/man/pt/man8/apt-config.8.gz", "/usr/share/man/pt/man8/apt-get.8.gz", "/usr/share/man/pt/man8/apt-mark.8.gz", "/usr/share/man/pt/man8/apt-secure.8.gz", "/usr/share/man/pt/man8/apt.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "base-files@13.8+deb13u5", "Name": "base-files", "Identifier": { "PURL": "pkg:deb/debian/base-files@13.8%2Bdeb13u5?arch=amd64\u0026distro=debian-13.5", "UID": "6b13e330b45e6f4f" }, "Version": "13.8+deb13u5", "Arch": "amd64", "SrcName": "base-files", "SrcVersion": "13.8+deb13u5", "Licenses": [ "GPL-2.0-or-later", "verbatim" ], "Maintainer": "Santiago Vila \u003csanvila@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/os-release", "/usr/share/base-files/dot.bashrc", "/usr/share/base-files/dot.profile", "/usr/share/base-files/dot.profile.md5sums", "/usr/share/base-files/info.dir", "/usr/share/base-files/motd", "/usr/share/base-files/profile", "/usr/share/base-files/profile.md5sums", "/usr/share/base-files/staff-group-for-usr-local", "/usr/share/common-licenses/Apache-2.0", "/usr/share/common-licenses/Artistic", "/usr/share/common-licenses/BSD", "/usr/share/common-licenses/CC0-1.0", "/usr/share/common-licenses/GFDL-1.2", "/usr/share/common-licenses/GFDL-1.3", "/usr/share/common-licenses/GPL-1", "/usr/share/common-licenses/GPL-2", "/usr/share/common-licenses/GPL-3", "/usr/share/common-licenses/LGPL-2", "/usr/share/common-licenses/LGPL-2.1", "/usr/share/common-licenses/LGPL-3", "/usr/share/common-licenses/MPL-1.1", "/usr/share/common-licenses/MPL-2.0", "/usr/share/doc/base-files/NEWS.Debian.gz", "/usr/share/doc/base-files/README", "/usr/share/doc/base-files/README.FHS", "/usr/share/doc/base-files/changelog.gz", "/usr/share/doc/base-files/copyright", "/usr/share/lintian/overrides/base-files" ], "AnalyzedBy": "dpkg" }, { "ID": "base-passwd@3.6.7", "Name": "base-passwd", "Identifier": { "PURL": "pkg:deb/debian/base-passwd@3.6.7?arch=amd64\u0026distro=debian-13.5", "UID": "f77779fa356eca05" }, "Version": "3.6.7", "Arch": "amd64", "SrcName": "base-passwd", "SrcVersion": "3.6.7", "Licenses": [ "GPL-2.0-only", "public-domain" ], "Maintainer": "Shadow package maintainers \u003cpkg-shadow-devel@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libdebconfclient0@0.280", "libselinux1@3.8.1-1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/sbin/update-passwd", "/usr/share/base-passwd/group.master", "/usr/share/base-passwd/passwd.master", "/usr/share/doc-base/base-passwd.users-and-groups", "/usr/share/doc/base-passwd/README", "/usr/share/doc/base-passwd/changelog.gz", "/usr/share/doc/base-passwd/copyright", "/usr/share/doc/base-passwd/users-and-groups.html", "/usr/share/doc/base-passwd/users-and-groups.txt.gz", "/usr/share/lintian/overrides/base-passwd", "/usr/share/man/de/man8/update-passwd.8.gz", "/usr/share/man/es/man8/update-passwd.8.gz", "/usr/share/man/fr/man8/update-passwd.8.gz", "/usr/share/man/ja/man8/update-passwd.8.gz", "/usr/share/man/man8/update-passwd.8.gz", "/usr/share/man/pl/man8/update-passwd.8.gz", "/usr/share/man/ro/man8/update-passwd.8.gz", "/usr/share/man/ru/man8/update-passwd.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "bash@5.2.37-2+b9", "Name": "bash", "Identifier": { "PURL": "pkg:deb/debian/bash@5.2.37-2%2Bb9?arch=amd64\u0026distro=debian-13.5", "UID": "f36f9b3693158651" }, "Version": "5.2.37", "Release": "2+b9", "Arch": "amd64", "SrcName": "bash", "SrcVersion": "5.2.37", "SrcRelease": "2", "Licenses": [ "GPL-3.0-or-later", "GPL-3.0-only", "GPL-3+ with Bison exception", "GPL-2.0-or-later", "GPL-2.0-only", "GFDL-1.3-no-invariants-only", "GFDL-1.3-only", "Latex2e", "BSD-4-Clause-UC", "MIT", "permissive" ], "Maintainer": "Matthias Klose \u003cdoko@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "base-files@13.8+deb13u5", "debianutils@5.23.2" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/bash", "/usr/bin/bashbug", "/usr/bin/clear_console", "/usr/share/debianutils/shells.d/bash", "/usr/share/doc/bash/CHANGES.gz", "/usr/share/doc/bash/COMPAT.gz", "/usr/share/doc/bash/INTRO.gz", "/usr/share/doc/bash/NEWS.gz", "/usr/share/doc/bash/POSIX.gz", "/usr/share/doc/bash/RBASH", "/usr/share/doc/bash/README.Debian.gz", "/usr/share/doc/bash/README.abs-guide", "/usr/share/doc/bash/README.commands.gz", "/usr/share/doc/bash/README.gz", "/usr/share/doc/bash/changelog.Debian.amd64.gz", "/usr/share/doc/bash/changelog.Debian.gz", "/usr/share/doc/bash/changelog.gz", "/usr/share/doc/bash/copyright", "/usr/share/doc/bash/inputrc.arrows", "/usr/share/lintian/overrides/bash", "/usr/share/locale/af/LC_MESSAGES/bash.mo", "/usr/share/locale/bg/LC_MESSAGES/bash.mo", "/usr/share/locale/ca/LC_MESSAGES/bash.mo", "/usr/share/locale/cs/LC_MESSAGES/bash.mo", "/usr/share/locale/da/LC_MESSAGES/bash.mo", "/usr/share/locale/de/LC_MESSAGES/bash.mo", "/usr/share/locale/el/LC_MESSAGES/bash.mo", "/usr/share/locale/en@boldquot/LC_MESSAGES/bash.mo", "/usr/share/locale/en@quot/LC_MESSAGES/bash.mo", "/usr/share/locale/eo/LC_MESSAGES/bash.mo", "/usr/share/locale/es/LC_MESSAGES/bash.mo", "/usr/share/locale/et/LC_MESSAGES/bash.mo", "/usr/share/locale/fi/LC_MESSAGES/bash.mo", "/usr/share/locale/fr/LC_MESSAGES/bash.mo", "/usr/share/locale/ga/LC_MESSAGES/bash.mo", "/usr/share/locale/gl/LC_MESSAGES/bash.mo", "/usr/share/locale/hr/LC_MESSAGES/bash.mo", "/usr/share/locale/hu/LC_MESSAGES/bash.mo", "/usr/share/locale/id/LC_MESSAGES/bash.mo", "/usr/share/locale/it/LC_MESSAGES/bash.mo", "/usr/share/locale/ja/LC_MESSAGES/bash.mo", "/usr/share/locale/ko/LC_MESSAGES/bash.mo", "/usr/share/locale/lt/LC_MESSAGES/bash.mo", "/usr/share/locale/nb/LC_MESSAGES/bash.mo", "/usr/share/locale/nl/LC_MESSAGES/bash.mo", "/usr/share/locale/pl/LC_MESSAGES/bash.mo", "/usr/share/locale/pt/LC_MESSAGES/bash.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/bash.mo", "/usr/share/locale/ro/LC_MESSAGES/bash.mo", "/usr/share/locale/ru/LC_MESSAGES/bash.mo", "/usr/share/locale/sk/LC_MESSAGES/bash.mo", "/usr/share/locale/sl/LC_MESSAGES/bash.mo", "/usr/share/locale/sr/LC_MESSAGES/bash.mo", "/usr/share/locale/sv/LC_MESSAGES/bash.mo", "/usr/share/locale/tr/LC_MESSAGES/bash.mo", "/usr/share/locale/uk/LC_MESSAGES/bash.mo", "/usr/share/locale/vi/LC_MESSAGES/bash.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/bash.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/bash.mo", "/usr/share/man/man1/bash.1.gz", "/usr/share/man/man1/bashbug.1.gz", "/usr/share/man/man1/clear_console.1.gz", "/usr/share/man/man1/rbash.1.gz", "/usr/share/man/man7/bash-builtins.7.gz", "/usr/share/menu/bash" ], "AnalyzedBy": "dpkg" }, { "ID": "bsdutils@1:2.41-5", "Name": "bsdutils", "Identifier": { "PURL": "pkg:deb/debian/bsdutils@2.41-5?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "5843733a461e6ce1" }, "Version": "2.41", "Release": "5", "Epoch": 1, "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/logger", "/usr/bin/renice", "/usr/bin/script", "/usr/bin/scriptlive", "/usr/bin/scriptreplay", "/usr/bin/wall", "/usr/share/bash-completion/completions/logger", "/usr/share/bash-completion/completions/renice", "/usr/share/bash-completion/completions/script", "/usr/share/bash-completion/completions/scriptlive", "/usr/share/bash-completion/completions/scriptreplay", "/usr/share/bash-completion/completions/wall", "/usr/share/doc/bsdutils/NEWS.Debian.gz", "/usr/share/doc/bsdutils/changelog.Debian.gz", "/usr/share/doc/bsdutils/changelog.gz", "/usr/share/doc/bsdutils/copyright", "/usr/share/lintian/overrides/bsdutils", "/usr/share/man/man1/logger.1.gz", "/usr/share/man/man1/renice.1.gz", "/usr/share/man/man1/script.1.gz", "/usr/share/man/man1/scriptlive.1.gz", "/usr/share/man/man1/scriptreplay.1.gz", "/usr/share/man/man1/wall.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "ca-certificates@20250419", "Name": "ca-certificates", "Identifier": { "PURL": "pkg:deb/debian/ca-certificates@20250419?arch=all\u0026distro=debian-13.5", "UID": "2c691dbd8cebdf2a" }, "Version": "20250419", "Arch": "all", "SrcName": "ca-certificates", "SrcVersion": "20250419", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "MPL-2.0" ], "Maintainer": "Julien Cristau \u003cjcristau@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debconf@1.5.91", "openssl@3.5.6-1~deb13u1" ], "Layer": { "Digest": "sha256:4a9dde5cdde190bfa0a3ab17863a083e66ea9636b157638c315357dfa476ba76", "DiffID": "sha256:ae0096d57d7f18e7861848f1103983488102f78517c11444120d8a938884de54" }, "InstalledFiles": [ "/usr/sbin/update-ca-certificates", "/usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt", "/usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt", "/usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt", "/usr/share/ca-certificates/mozilla/ANF_Secure_Server_Root_CA.crt", "/usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt", "/usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt", "/usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt", "/usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt", "/usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt", "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt", "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt", "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt", "/usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt", "/usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt", "/usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.crt", "/usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.crt", "/usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt", "/usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA1.crt", "/usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA2.crt", "/usr/share/ca-certificates/mozilla/Baltimore_CyberTrust_Root.crt", "/usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt", "/usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt", "/usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt", "/usr/share/ca-certificates/mozilla/CFCA_EV_ROOT.crt", "/usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/Certainly_Root_E1.crt", "/usr/share/ca-certificates/mozilla/Certainly_Root_R1.crt", "/usr/share/ca-certificates/mozilla/Certigna.crt", "/usr/share/ca-certificates/mozilla/Certigna_Root_CA.crt", "/usr/share/ca-certificates/mozilla/Certum_EC-384_CA.crt", "/usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt", "/usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt", "/usr/share/ca-certificates/mozilla/Certum_Trusted_Root_CA.crt", "/usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-01.crt", "/usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-02.crt", "/usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-01.crt", "/usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-02.crt", "/usr/share/ca-certificates/mozilla/Comodo_AAA_Services_root.crt", "/usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_1_2020.crt", "/usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_2_2023.crt", "/usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_1_2020.crt", "/usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_2_2023.crt", "/usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt", "/usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt", "/usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt", "/usr/share/ca-certificates/mozilla/DigiCert_TLS_ECC_P384_Root_G5.crt", "/usr/share/ca-certificates/mozilla/DigiCert_TLS_RSA4096_Root_G5.crt", "/usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt", "/usr/share/ca-certificates/mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt", "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt", "/usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt", "/usr/share/ca-certificates/mozilla/FIRMAPROFESIONAL_CA_ROOT-A_WEB.crt", "/usr/share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt", "/usr/share/ca-certificates/mozilla/GLOBALTRUST_2020.crt", "/usr/share/ca-certificates/mozilla/GTS_Root_R1.crt", "/usr/share/ca-certificates/mozilla/GTS_Root_R2.crt", "/usr/share/ca-certificates/mozilla/GTS_Root_R3.crt", "/usr/share/ca-certificates/mozilla/GTS_Root_R4.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_Root_E46.crt", "/usr/share/ca-certificates/mozilla/GlobalSign_Root_R46.crt", "/usr/share/ca-certificates/mozilla/Go_Daddy_Class_2_CA.crt", "/usr/share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt", "/usr/share/ca-certificates/mozilla/HARICA_TLS_ECC_Root_CA_2021.crt", "/usr/share/ca-certificates/mozilla/HARICA_TLS_RSA_Root_CA_2021.crt", "/usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt", "/usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt", "/usr/share/ca-certificates/mozilla/HiPKI_Root_CA_-_G1.crt", "/usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt", "/usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt", "/usr/share/ca-certificates/mozilla/ISRG_Root_X2.crt", "/usr/share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt", "/usr/share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt", "/usr/share/ca-certificates/mozilla/Izenpe.com.crt", "/usr/share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt", "/usr/share/ca-certificates/mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt", "/usr/share/ca-certificates/mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt", "/usr/share/ca-certificates/mozilla/NAVER_Global_Root_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt", "/usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt", "/usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt", "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt", "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt", "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt", "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt", "/usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt", "/usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt", "/usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt", "/usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt", "/usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt", "/usr/share/ca-certificates/mozilla/SSL.com_TLS_ECC_Root_CA_2022.crt", "/usr/share/ca-certificates/mozilla/SSL.com_TLS_RSA_Root_CA_2022.crt", "/usr/share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt", "/usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_E46.crt", "/usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_R46.crt", "/usr/share/ca-certificates/mozilla/SecureSign_Root_CA12.crt", "/usr/share/ca-certificates/mozilla/SecureSign_Root_CA14.crt", "/usr/share/ca-certificates/mozilla/SecureSign_Root_CA15.crt", "/usr/share/ca-certificates/mozilla/SecureTrust_CA.crt", "/usr/share/ca-certificates/mozilla/Secure_Global_CA.crt", "/usr/share/ca-certificates/mozilla/Security_Communication_ECC_RootCA1.crt", "/usr/share/ca-certificates/mozilla/Security_Communication_RootCA2.crt", "/usr/share/ca-certificates/mozilla/Starfield_Class_2_CA.crt", "/usr/share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt", "/usr/share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt", "/usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt", "/usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt", "/usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt", "/usr/share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt", "/usr/share/ca-certificates/mozilla/TWCA_CYBER_Root_CA.crt", "/usr/share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt", "/usr/share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/Telekom_Security_TLS_ECC_Root_2020.crt", "/usr/share/ca-certificates/mozilla/Telekom_Security_TLS_RSA_Root_2023.crt", "/usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt", "/usr/share/ca-certificates/mozilla/Telia_Root_CA_v2.crt", "/usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G3.crt", "/usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G4.crt", "/usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/TunTrust_Root_CA.crt", "/usr/share/ca-certificates/mozilla/UCA_Extended_Validation_Root.crt", "/usr/share/ca-certificates/mozilla/UCA_Global_G2_Root.crt", "/usr/share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/XRamp_Global_CA_Root.crt", "/usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt", "/usr/share/ca-certificates/mozilla/certSIGN_Root_CA_G2.crt", "/usr/share/ca-certificates/mozilla/e-Szigno_Root_CA_2017.crt", "/usr/share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt", "/usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_C3.crt", "/usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_G3.crt", "/usr/share/ca-certificates/mozilla/emSign_Root_CA_-_C1.crt", "/usr/share/ca-certificates/mozilla/emSign_Root_CA_-_G1.crt", "/usr/share/ca-certificates/mozilla/vTrus_ECC_Root_CA.crt", "/usr/share/ca-certificates/mozilla/vTrus_Root_CA.crt", "/usr/share/doc/ca-certificates/README.Debian", "/usr/share/doc/ca-certificates/changelog.gz", "/usr/share/doc/ca-certificates/copyright", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/Makefile", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/README", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/ca-certificates-local.triggers", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/changelog", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/compat", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/control", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/copyright", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/postrm", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/rules", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/debian/source/format", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/local/Local_Root_CA.crt", "/usr/share/doc/ca-certificates/examples/ca-certificates-local/local/Makefile", "/usr/share/man/man8/update-ca-certificates.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "coreutils@9.7-3", "Name": "coreutils", "Identifier": { "PURL": "pkg:deb/debian/coreutils@9.7-3?arch=amd64\u0026distro=debian-13.5", "UID": "cb4a55f50bda2393" }, "Version": "9.7", "Release": "3", "Arch": "amd64", "SrcName": "coreutils", "SrcVersion": "9.7", "SrcRelease": "3", "Licenses": [ "GPL-3.0-or-later", "BSD-4-Clause-UC", "GPL-3.0-only", "ISC", "FSFULLR", "GFDL-1.3-no-invariants-only", "GFDL-1.3-only" ], "Maintainer": "Michael Stone \u003cmstone@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/[", "/usr/bin/arch", "/usr/bin/b2sum", "/usr/bin/base32", "/usr/bin/base64", "/usr/bin/basename", "/usr/bin/basenc", "/usr/bin/cat", "/usr/bin/chcon", "/usr/bin/chgrp", "/usr/bin/chmod", "/usr/bin/chown", "/usr/bin/cksum", "/usr/bin/comm", "/usr/bin/cp", "/usr/bin/csplit", "/usr/bin/cut", "/usr/bin/date", "/usr/bin/dd", "/usr/bin/df", "/usr/bin/dir", "/usr/bin/dircolors", "/usr/bin/dirname", "/usr/bin/du", "/usr/bin/echo", "/usr/bin/env", "/usr/bin/expand", "/usr/bin/expr", "/usr/bin/factor", "/usr/bin/false", "/usr/bin/fmt", "/usr/bin/fold", "/usr/bin/groups", "/usr/bin/head", "/usr/bin/hostid", "/usr/bin/id", "/usr/bin/install", "/usr/bin/join", "/usr/bin/link", "/usr/bin/ln", "/usr/bin/logname", "/usr/bin/ls", "/usr/bin/md5sum", "/usr/bin/mkdir", "/usr/bin/mkfifo", "/usr/bin/mknod", "/usr/bin/mktemp", "/usr/bin/mv", "/usr/bin/nice", "/usr/bin/nl", "/usr/bin/nohup", "/usr/bin/nproc", "/usr/bin/numfmt", "/usr/bin/od", "/usr/bin/paste", "/usr/bin/pathchk", "/usr/bin/pinky", "/usr/bin/pr", "/usr/bin/printenv", "/usr/bin/printf", "/usr/bin/ptx", "/usr/bin/pwd", "/usr/bin/readlink", "/usr/bin/realpath", "/usr/bin/rm", "/usr/bin/rmdir", "/usr/bin/runcon", "/usr/bin/seq", "/usr/bin/sha1sum", "/usr/bin/sha224sum", "/usr/bin/sha256sum", "/usr/bin/sha384sum", "/usr/bin/sha512sum", "/usr/bin/shred", "/usr/bin/shuf", "/usr/bin/sleep", "/usr/bin/sort", "/usr/bin/split", "/usr/bin/stat", "/usr/bin/stdbuf", "/usr/bin/stty", "/usr/bin/sum", "/usr/bin/sync", "/usr/bin/tac", "/usr/bin/tail", "/usr/bin/tee", "/usr/bin/test", "/usr/bin/timeout", "/usr/bin/touch", "/usr/bin/tr", "/usr/bin/true", "/usr/bin/truncate", "/usr/bin/tsort", "/usr/bin/tty", "/usr/bin/uname", "/usr/bin/unexpand", "/usr/bin/uniq", "/usr/bin/unlink", "/usr/bin/users", "/usr/bin/vdir", "/usr/bin/wc", "/usr/bin/who", "/usr/bin/whoami", "/usr/bin/yes", "/usr/libexec/coreutils/libstdbuf.so", "/usr/sbin/chroot", "/usr/share/doc/coreutils/AUTHORS", "/usr/share/doc/coreutils/NEWS.gz", "/usr/share/doc/coreutils/README.Debian", "/usr/share/doc/coreutils/README.gz", "/usr/share/doc/coreutils/THANKS.gz", "/usr/share/doc/coreutils/TODO.gz", "/usr/share/doc/coreutils/changelog.Debian.gz", "/usr/share/doc/coreutils/changelog.gz", "/usr/share/doc/coreutils/copyright", "/usr/share/info/coreutils.info.gz", "/usr/share/lintian/overrides/coreutils", "/usr/share/locale/af/LC_MESSAGES/coreutils.mo", "/usr/share/locale/be/LC_MESSAGES/coreutils.mo", "/usr/share/locale/bg/LC_MESSAGES/coreutils.mo", "/usr/share/locale/ca/LC_MESSAGES/coreutils.mo", "/usr/share/locale/cs/LC_MESSAGES/coreutils.mo", "/usr/share/locale/da/LC_MESSAGES/coreutils.mo", "/usr/share/locale/de/LC_MESSAGES/coreutils.mo", "/usr/share/locale/el/LC_MESSAGES/coreutils.mo", "/usr/share/locale/eo/LC_MESSAGES/coreutils.mo", "/usr/share/locale/es/LC_MESSAGES/coreutils.mo", "/usr/share/locale/et/LC_MESSAGES/coreutils.mo", "/usr/share/locale/eu/LC_MESSAGES/coreutils.mo", "/usr/share/locale/fi/LC_MESSAGES/coreutils.mo", "/usr/share/locale/fr/LC_MESSAGES/coreutils.mo", "/usr/share/locale/ga/LC_MESSAGES/coreutils.mo", "/usr/share/locale/gl/LC_MESSAGES/coreutils.mo", "/usr/share/locale/hr/LC_MESSAGES/coreutils.mo", "/usr/share/locale/hu/LC_MESSAGES/coreutils.mo", "/usr/share/locale/ia/LC_MESSAGES/coreutils.mo", "/usr/share/locale/id/LC_MESSAGES/coreutils.mo", "/usr/share/locale/it/LC_MESSAGES/coreutils.mo", "/usr/share/locale/ja/LC_MESSAGES/coreutils.mo", "/usr/share/locale/ka/LC_MESSAGES/coreutils.mo", "/usr/share/locale/kk/LC_MESSAGES/coreutils.mo", "/usr/share/locale/ko/LC_MESSAGES/coreutils.mo", "/usr/share/locale/lg/LC_MESSAGES/coreutils.mo", "/usr/share/locale/lt/LC_MESSAGES/coreutils.mo", "/usr/share/locale/ms/LC_MESSAGES/coreutils.mo", "/usr/share/locale/nb/LC_MESSAGES/coreutils.mo", "/usr/share/locale/nl/LC_MESSAGES/coreutils.mo", "/usr/share/locale/pl/LC_MESSAGES/coreutils.mo", "/usr/share/locale/pt/LC_MESSAGES/coreutils.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/coreutils.mo", "/usr/share/locale/ro/LC_MESSAGES/coreutils.mo", "/usr/share/locale/ru/LC_MESSAGES/coreutils.mo", "/usr/share/locale/sk/LC_MESSAGES/coreutils.mo", "/usr/share/locale/sl/LC_MESSAGES/coreutils.mo", "/usr/share/locale/sr/LC_MESSAGES/coreutils.mo", "/usr/share/locale/sv/LC_MESSAGES/coreutils.mo", "/usr/share/locale/ta/LC_MESSAGES/coreutils.mo", "/usr/share/locale/tr/LC_MESSAGES/coreutils.mo", "/usr/share/locale/uk/LC_MESSAGES/coreutils.mo", "/usr/share/locale/vi/LC_MESSAGES/coreutils.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/coreutils.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/coreutils.mo", "/usr/share/man/man1/arch.1.gz", "/usr/share/man/man1/b2sum.1.gz", "/usr/share/man/man1/base32.1.gz", "/usr/share/man/man1/base64.1.gz", "/usr/share/man/man1/basename.1.gz", "/usr/share/man/man1/basenc.1.gz", "/usr/share/man/man1/cat.1.gz", "/usr/share/man/man1/chcon.1.gz", "/usr/share/man/man1/chgrp.1.gz", "/usr/share/man/man1/chmod.1.gz", "/usr/share/man/man1/chown.1.gz", "/usr/share/man/man1/cksum.1.gz", "/usr/share/man/man1/comm.1.gz", "/usr/share/man/man1/cp.1.gz", "/usr/share/man/man1/csplit.1.gz", "/usr/share/man/man1/cut.1.gz", "/usr/share/man/man1/date.1.gz", "/usr/share/man/man1/dd.1.gz", "/usr/share/man/man1/df.1.gz", "/usr/share/man/man1/dir.1.gz", "/usr/share/man/man1/dircolors.1.gz", "/usr/share/man/man1/dirname.1.gz", "/usr/share/man/man1/du.1.gz", "/usr/share/man/man1/echo.1.gz", "/usr/share/man/man1/env.1.gz", "/usr/share/man/man1/expand.1.gz", "/usr/share/man/man1/expr.1.gz", "/usr/share/man/man1/factor.1.gz", "/usr/share/man/man1/false.1.gz", "/usr/share/man/man1/fmt.1.gz", "/usr/share/man/man1/fold.1.gz", "/usr/share/man/man1/groups.1.gz", "/usr/share/man/man1/head.1.gz", "/usr/share/man/man1/hostid.1.gz", "/usr/share/man/man1/id.1.gz", "/usr/share/man/man1/install.1.gz", "/usr/share/man/man1/join.1.gz", "/usr/share/man/man1/link.1.gz", "/usr/share/man/man1/ln.1.gz", "/usr/share/man/man1/logname.1.gz", "/usr/share/man/man1/ls.1.gz", "/usr/share/man/man1/md5sum.1.gz", "/usr/share/man/man1/mkdir.1.gz", "/usr/share/man/man1/mkfifo.1.gz", "/usr/share/man/man1/mknod.1.gz", "/usr/share/man/man1/mktemp.1.gz", "/usr/share/man/man1/mv.1.gz", "/usr/share/man/man1/nice.1.gz", "/usr/share/man/man1/nl.1.gz", "/usr/share/man/man1/nohup.1.gz", "/usr/share/man/man1/nproc.1.gz", "/usr/share/man/man1/numfmt.1.gz", "/usr/share/man/man1/od.1.gz", "/usr/share/man/man1/paste.1.gz", "/usr/share/man/man1/pathchk.1.gz", "/usr/share/man/man1/pinky.1.gz", "/usr/share/man/man1/pr.1.gz", "/usr/share/man/man1/printenv.1.gz", "/usr/share/man/man1/printf.1.gz", "/usr/share/man/man1/ptx.1.gz", "/usr/share/man/man1/pwd.1.gz", "/usr/share/man/man1/readlink.1.gz", "/usr/share/man/man1/realpath.1.gz", "/usr/share/man/man1/rm.1.gz", "/usr/share/man/man1/rmdir.1.gz", "/usr/share/man/man1/runcon.1.gz", "/usr/share/man/man1/seq.1.gz", "/usr/share/man/man1/sha1sum.1.gz", "/usr/share/man/man1/sha224sum.1.gz", "/usr/share/man/man1/sha256sum.1.gz", "/usr/share/man/man1/sha384sum.1.gz", "/usr/share/man/man1/sha512sum.1.gz", "/usr/share/man/man1/shred.1.gz", "/usr/share/man/man1/shuf.1.gz", "/usr/share/man/man1/sleep.1.gz", "/usr/share/man/man1/sort.1.gz", "/usr/share/man/man1/split.1.gz", "/usr/share/man/man1/stat.1.gz", "/usr/share/man/man1/stdbuf.1.gz", "/usr/share/man/man1/stty.1.gz", "/usr/share/man/man1/sum.1.gz", "/usr/share/man/man1/sync.1.gz", "/usr/share/man/man1/tac.1.gz", "/usr/share/man/man1/tail.1.gz", "/usr/share/man/man1/tee.1.gz", "/usr/share/man/man1/test.1.gz", "/usr/share/man/man1/timeout.1.gz", "/usr/share/man/man1/touch.1.gz", "/usr/share/man/man1/tr.1.gz", "/usr/share/man/man1/true.1.gz", "/usr/share/man/man1/truncate.1.gz", "/usr/share/man/man1/tsort.1.gz", "/usr/share/man/man1/tty.1.gz", "/usr/share/man/man1/uname.1.gz", "/usr/share/man/man1/unexpand.1.gz", "/usr/share/man/man1/uniq.1.gz", "/usr/share/man/man1/unlink.1.gz", "/usr/share/man/man1/users.1.gz", "/usr/share/man/man1/vdir.1.gz", "/usr/share/man/man1/wc.1.gz", "/usr/share/man/man1/who.1.gz", "/usr/share/man/man1/whoami.1.gz", "/usr/share/man/man1/yes.1.gz", "/usr/share/man/man8/chroot.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "dash@0.5.12-12", "Name": "dash", "Identifier": { "PURL": "pkg:deb/debian/dash@0.5.12-12?arch=amd64\u0026distro=debian-13.5", "UID": "4990b2098a2a3724" }, "Version": "0.5.12", "Release": "12", "Arch": "amd64", "SrcName": "dash", "SrcVersion": "0.5.12", "SrcRelease": "12", "Licenses": [ "BSD-3-Clause", "public-domain", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Andrej Shadura \u003candrewsh@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debianutils@5.23.2" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/dash", "/usr/share/debianutils/shells.d/dash", "/usr/share/doc/dash/README.Debian.diet", "/usr/share/doc/dash/README.source", "/usr/share/doc/dash/changelog.Debian.gz", "/usr/share/doc/dash/changelog.gz", "/usr/share/doc/dash/copyright", "/usr/share/lintian/overrides/dash", "/usr/share/man/man1/dash.1.gz", "/usr/share/menu/dash" ], "AnalyzedBy": "dpkg" }, { "ID": "debconf@1.5.91", "Name": "debconf", "Identifier": { "PURL": "pkg:deb/debian/debconf@1.5.91?arch=all\u0026distro=debian-13.5", "UID": "f7c8b7ba83ed5cfe" }, "Version": "1.5.91", "Arch": "all", "SrcName": "debconf", "SrcVersion": "1.5.91", "Licenses": [ "BSD-2-Clause" ], "Maintainer": "Debconf Developers \u003cdebconf-devel@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/debconf", "/usr/bin/debconf-apt-progress", "/usr/bin/debconf-communicate", "/usr/bin/debconf-copydb", "/usr/bin/debconf-escape", "/usr/bin/debconf-set-selections", "/usr/bin/debconf-show", "/usr/sbin/dpkg-preconfigure", "/usr/sbin/dpkg-reconfigure", "/usr/share/bash-completion/completions/debconf", "/usr/share/debconf/confmodule", "/usr/share/debconf/confmodule.sh", "/usr/share/debconf/debconf.conf", "/usr/share/debconf/fix_db.pl", "/usr/share/debconf/frontend", "/usr/share/doc/debconf/README.Debian", "/usr/share/doc/debconf/changelog.gz", "/usr/share/doc/debconf/copyright", "/usr/share/lintian/overrides/debconf", "/usr/share/man/man1/debconf-apt-progress.1.gz", "/usr/share/man/man1/debconf-communicate.1.gz", "/usr/share/man/man1/debconf-copydb.1.gz", "/usr/share/man/man1/debconf-escape.1.gz", "/usr/share/man/man1/debconf-set-selections.1.gz", "/usr/share/man/man1/debconf-show.1.gz", "/usr/share/man/man1/debconf.1.gz", "/usr/share/man/man8/dpkg-preconfigure.8.gz", "/usr/share/man/man8/dpkg-reconfigure.8.gz", "/usr/share/perl5/Debconf/AutoSelect.pm", "/usr/share/perl5/Debconf/Base.pm", "/usr/share/perl5/Debconf/Client/ConfModule.pm", "/usr/share/perl5/Debconf/ConfModule.pm", "/usr/share/perl5/Debconf/Config.pm", "/usr/share/perl5/Debconf/Db.pm", "/usr/share/perl5/Debconf/DbDriver.pm", "/usr/share/perl5/Debconf/DbDriver/Backup.pm", "/usr/share/perl5/Debconf/DbDriver/Cache.pm", "/usr/share/perl5/Debconf/DbDriver/Copy.pm", "/usr/share/perl5/Debconf/DbDriver/Debug.pm", "/usr/share/perl5/Debconf/DbDriver/DirTree.pm", "/usr/share/perl5/Debconf/DbDriver/Directory.pm", "/usr/share/perl5/Debconf/DbDriver/File.pm", "/usr/share/perl5/Debconf/DbDriver/LDAP.pm", "/usr/share/perl5/Debconf/DbDriver/PackageDir.pm", "/usr/share/perl5/Debconf/DbDriver/Pipe.pm", "/usr/share/perl5/Debconf/DbDriver/Stack.pm", "/usr/share/perl5/Debconf/Element.pm", "/usr/share/perl5/Debconf/Element/Dialog/Boolean.pm", "/usr/share/perl5/Debconf/Element/Dialog/Error.pm", "/usr/share/perl5/Debconf/Element/Dialog/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Dialog/Note.pm", "/usr/share/perl5/Debconf/Element/Dialog/Password.pm", "/usr/share/perl5/Debconf/Element/Dialog/Progress.pm", "/usr/share/perl5/Debconf/Element/Dialog/Select.pm", "/usr/share/perl5/Debconf/Element/Dialog/String.pm", "/usr/share/perl5/Debconf/Element/Dialog/Text.pm", "/usr/share/perl5/Debconf/Element/Editor/Boolean.pm", "/usr/share/perl5/Debconf/Element/Editor/Error.pm", "/usr/share/perl5/Debconf/Element/Editor/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Editor/Note.pm", "/usr/share/perl5/Debconf/Element/Editor/Password.pm", "/usr/share/perl5/Debconf/Element/Editor/Progress.pm", "/usr/share/perl5/Debconf/Element/Editor/Select.pm", "/usr/share/perl5/Debconf/Element/Editor/String.pm", "/usr/share/perl5/Debconf/Element/Editor/Text.pm", "/usr/share/perl5/Debconf/Element/Gnome.pm", "/usr/share/perl5/Debconf/Element/Gnome/Boolean.pm", "/usr/share/perl5/Debconf/Element/Gnome/Error.pm", "/usr/share/perl5/Debconf/Element/Gnome/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Gnome/Note.pm", "/usr/share/perl5/Debconf/Element/Gnome/Password.pm", "/usr/share/perl5/Debconf/Element/Gnome/Progress.pm", "/usr/share/perl5/Debconf/Element/Gnome/Select.pm", "/usr/share/perl5/Debconf/Element/Gnome/String.pm", "/usr/share/perl5/Debconf/Element/Gnome/Text.pm", "/usr/share/perl5/Debconf/Element/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Noninteractive.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Boolean.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Error.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Note.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Password.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Progress.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Select.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/String.pm", "/usr/share/perl5/Debconf/Element/Noninteractive/Text.pm", "/usr/share/perl5/Debconf/Element/Select.pm", "/usr/share/perl5/Debconf/Element/Teletype/Boolean.pm", "/usr/share/perl5/Debconf/Element/Teletype/Error.pm", "/usr/share/perl5/Debconf/Element/Teletype/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Teletype/Note.pm", "/usr/share/perl5/Debconf/Element/Teletype/Password.pm", "/usr/share/perl5/Debconf/Element/Teletype/Progress.pm", "/usr/share/perl5/Debconf/Element/Teletype/Select.pm", "/usr/share/perl5/Debconf/Element/Teletype/String.pm", "/usr/share/perl5/Debconf/Element/Teletype/Text.pm", "/usr/share/perl5/Debconf/Element/Web/Boolean.pm", "/usr/share/perl5/Debconf/Element/Web/Error.pm", "/usr/share/perl5/Debconf/Element/Web/Multiselect.pm", "/usr/share/perl5/Debconf/Element/Web/Note.pm", "/usr/share/perl5/Debconf/Element/Web/Password.pm", "/usr/share/perl5/Debconf/Element/Web/Progress.pm", "/usr/share/perl5/Debconf/Element/Web/Select.pm", "/usr/share/perl5/Debconf/Element/Web/String.pm", "/usr/share/perl5/Debconf/Element/Web/Text.pm", "/usr/share/perl5/Debconf/Encoding.pm", "/usr/share/perl5/Debconf/Format.pm", "/usr/share/perl5/Debconf/Format/822.pm", "/usr/share/perl5/Debconf/FrontEnd.pm", "/usr/share/perl5/Debconf/FrontEnd/Dialog.pm", "/usr/share/perl5/Debconf/FrontEnd/Editor.pm", "/usr/share/perl5/Debconf/FrontEnd/Gnome.pm", "/usr/share/perl5/Debconf/FrontEnd/Kde.pm", "/usr/share/perl5/Debconf/FrontEnd/Noninteractive.pm", "/usr/share/perl5/Debconf/FrontEnd/Passthrough.pm", "/usr/share/perl5/Debconf/FrontEnd/Readline.pm", "/usr/share/perl5/Debconf/FrontEnd/ScreenSize.pm", "/usr/share/perl5/Debconf/FrontEnd/Teletype.pm", "/usr/share/perl5/Debconf/FrontEnd/Text.pm", "/usr/share/perl5/Debconf/FrontEnd/Web.pm", "/usr/share/perl5/Debconf/Gettext.pm", "/usr/share/perl5/Debconf/Iterator.pm", "/usr/share/perl5/Debconf/Log.pm", "/usr/share/perl5/Debconf/Path.pm", "/usr/share/perl5/Debconf/Priority.pm", "/usr/share/perl5/Debconf/Question.pm", "/usr/share/perl5/Debconf/Template.pm", "/usr/share/perl5/Debconf/Template/Transient.pm", "/usr/share/perl5/Debconf/TmpFile.pm", "/usr/share/perl5/Debian/DebConf/Client/ConfModule.pm", "/usr/share/pixmaps/debian-logo.png" ], "AnalyzedBy": "dpkg" }, { "ID": "debian-archive-keyring@2025.1", "Name": "debian-archive-keyring", "Identifier": { "PURL": "pkg:deb/debian/debian-archive-keyring@2025.1?arch=all\u0026distro=debian-13.5", "UID": "a22d861380b1187c" }, "Version": "2025.1", "Arch": "all", "SrcName": "debian-archive-keyring", "SrcVersion": "2025.1", "Licenses": [ "GPL-2.0-or-later" ], "Maintainer": "Debian Release Team \u003cpackages@release.debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/share/doc/debian-archive-keyring/NEWS.Debian.gz", "/usr/share/doc/debian-archive-keyring/README", "/usr/share/doc/debian-archive-keyring/changelog.gz", "/usr/share/doc/debian-archive-keyring/copyright", "/usr/share/keyrings/debian-archive-bookworm-automatic.pgp", "/usr/share/keyrings/debian-archive-bookworm-security-automatic.pgp", "/usr/share/keyrings/debian-archive-bookworm-stable.pgp", "/usr/share/keyrings/debian-archive-bullseye-automatic.pgp", "/usr/share/keyrings/debian-archive-bullseye-security-automatic.pgp", "/usr/share/keyrings/debian-archive-bullseye-stable.pgp", "/usr/share/keyrings/debian-archive-keyring.pgp", "/usr/share/keyrings/debian-archive-removed-keys.pgp", "/usr/share/keyrings/debian-archive-trixie-automatic.pgp", "/usr/share/keyrings/debian-archive-trixie-security-automatic.pgp", "/usr/share/keyrings/debian-archive-trixie-stable.pgp" ], "AnalyzedBy": "dpkg" }, { "ID": "debianutils@5.23.2", "Name": "debianutils", "Identifier": { "PURL": "pkg:deb/debian/debianutils@5.23.2?arch=amd64\u0026distro=debian-13.5", "UID": "3c5d0b66afafddbb" }, "Version": "5.23.2", "Arch": "amd64", "SrcName": "debianutils", "SrcVersion": "5.23.2", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "public-domain", "SMAIL-GPL" ], "Maintainer": "Ileana Dumitrescu \u003cileanadumitrescu95@gmail.com\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/ischroot", "/usr/bin/run-parts", "/usr/bin/savelog", "/usr/bin/tempfile", "/usr/bin/which.debianutils", "/usr/sbin/add-shell", "/usr/sbin/installkernel", "/usr/sbin/remove-shell", "/usr/sbin/update-shells", "/usr/share/debianutils/shells", "/usr/share/doc/debianutils/README.shells", "/usr/share/doc/debianutils/changelog.gz", "/usr/share/doc/debianutils/copyright", "/usr/share/man/de/man1/which.debianutils.1.gz", "/usr/share/man/de/man8/add-shell.8.gz", "/usr/share/man/de/man8/installkernel.8.gz", "/usr/share/man/de/man8/remove-shell.8.gz", "/usr/share/man/de/man8/run-parts.8.gz", "/usr/share/man/de/man8/savelog.8.gz", "/usr/share/man/es/man1/which.debianutils.1.gz", "/usr/share/man/es/man8/add-shell.8.gz", "/usr/share/man/es/man8/installkernel.8.gz", "/usr/share/man/es/man8/remove-shell.8.gz", "/usr/share/man/es/man8/run-parts.8.gz", "/usr/share/man/es/man8/savelog.8.gz", "/usr/share/man/fr/man1/which.debianutils.1.gz", "/usr/share/man/fr/man8/add-shell.8.gz", "/usr/share/man/fr/man8/installkernel.8.gz", "/usr/share/man/fr/man8/remove-shell.8.gz", "/usr/share/man/fr/man8/run-parts.8.gz", "/usr/share/man/fr/man8/savelog.8.gz", "/usr/share/man/it/man1/which.debianutils.1.gz", "/usr/share/man/it/man8/add-shell.8.gz", "/usr/share/man/it/man8/installkernel.8.gz", "/usr/share/man/it/man8/remove-shell.8.gz", "/usr/share/man/it/man8/run-parts.8.gz", "/usr/share/man/it/man8/savelog.8.gz", "/usr/share/man/ja/man1/which.debianutils.1.gz", "/usr/share/man/ja/man8/add-shell.8.gz", "/usr/share/man/ja/man8/installkernel.8.gz", "/usr/share/man/ja/man8/remove-shell.8.gz", "/usr/share/man/ja/man8/run-parts.8.gz", "/usr/share/man/ja/man8/savelog.8.gz", "/usr/share/man/man1/ischroot.1.gz", "/usr/share/man/man1/tempfile.1.gz", "/usr/share/man/man1/which.debianutils.1.gz", "/usr/share/man/man8/add-shell.8.gz", "/usr/share/man/man8/installkernel.8.gz", "/usr/share/man/man8/remove-shell.8.gz", "/usr/share/man/man8/run-parts.8.gz", "/usr/share/man/man8/savelog.8.gz", "/usr/share/man/man8/update-shells.8.gz", "/usr/share/man/pl/man1/which.debianutils.1.gz", "/usr/share/man/pl/man8/add-shell.8.gz", "/usr/share/man/pl/man8/installkernel.8.gz", "/usr/share/man/pl/man8/remove-shell.8.gz", "/usr/share/man/pl/man8/run-parts.8.gz", "/usr/share/man/pl/man8/savelog.8.gz", "/usr/share/man/pt/man1/which.debianutils.1.gz", "/usr/share/man/pt/man8/add-shell.8.gz", "/usr/share/man/pt/man8/installkernel.8.gz", "/usr/share/man/pt/man8/remove-shell.8.gz", "/usr/share/man/pt/man8/run-parts.8.gz", "/usr/share/man/pt/man8/savelog.8.gz", "/usr/share/man/sl/man1/which.debianutils.1.gz", "/usr/share/man/sl/man8/add-shell.8.gz", "/usr/share/man/sl/man8/installkernel.8.gz", "/usr/share/man/sl/man8/remove-shell.8.gz", "/usr/share/man/sl/man8/run-parts.8.gz", "/usr/share/man/sl/man8/savelog.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "diffutils@1:3.10-4", "Name": "diffutils", "Identifier": { "PURL": "pkg:deb/debian/diffutils@3.10-4?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "852f693a78aaa149" }, "Version": "3.10", "Release": "4", "Epoch": 1, "Arch": "amd64", "SrcName": "diffutils", "SrcVersion": "3.10", "SrcRelease": "4", "SrcEpoch": 1, "Licenses": [ "GPL-3.0-or-later", "FSFULLR", "LGPL-2.1-or-later", "GPL-3.0-with-autoconf-exception+", "GPL-3.0-only", "GPL-3+ with texinfo exception", "LGPL-2.0-or-later", "GPL-2.0-or-later", "X11", "FSFAP", "GFDL-1.3-no-invariants-only", "LGPL-3.0-or-later", "LGPL-3.0-only", "public-domain", "LGPL-2.0-only", "LGPL-2.1-only", "GPL-2.0-only", "GFDL-1.3-only" ], "Maintainer": "Santiago Vila \u003csanvila@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/cmp", "/usr/bin/diff", "/usr/bin/diff3", "/usr/bin/sdiff", "/usr/share/doc/diffutils/NEWS.gz", "/usr/share/doc/diffutils/changelog.Debian.gz", "/usr/share/doc/diffutils/changelog.gz", "/usr/share/doc/diffutils/copyright", "/usr/share/info/diffutils.info.gz", "/usr/share/locale/bg/LC_MESSAGES/diffutils.mo", "/usr/share/locale/ca/LC_MESSAGES/diffutils.mo", "/usr/share/locale/cs/LC_MESSAGES/diffutils.mo", "/usr/share/locale/da/LC_MESSAGES/diffutils.mo", "/usr/share/locale/de/LC_MESSAGES/diffutils.mo", "/usr/share/locale/el/LC_MESSAGES/diffutils.mo", "/usr/share/locale/eo/LC_MESSAGES/diffutils.mo", "/usr/share/locale/es/LC_MESSAGES/diffutils.mo", "/usr/share/locale/fi/LC_MESSAGES/diffutils.mo", "/usr/share/locale/fr/LC_MESSAGES/diffutils.mo", "/usr/share/locale/ga/LC_MESSAGES/diffutils.mo", "/usr/share/locale/gl/LC_MESSAGES/diffutils.mo", "/usr/share/locale/he/LC_MESSAGES/diffutils.mo", "/usr/share/locale/hr/LC_MESSAGES/diffutils.mo", "/usr/share/locale/hu/LC_MESSAGES/diffutils.mo", "/usr/share/locale/id/LC_MESSAGES/diffutils.mo", "/usr/share/locale/it/LC_MESSAGES/diffutils.mo", "/usr/share/locale/ja/LC_MESSAGES/diffutils.mo", "/usr/share/locale/ka/LC_MESSAGES/diffutils.mo", "/usr/share/locale/ko/LC_MESSAGES/diffutils.mo", "/usr/share/locale/lv/LC_MESSAGES/diffutils.mo", "/usr/share/locale/ms/LC_MESSAGES/diffutils.mo", "/usr/share/locale/nb/LC_MESSAGES/diffutils.mo", "/usr/share/locale/nl/LC_MESSAGES/diffutils.mo", "/usr/share/locale/pl/LC_MESSAGES/diffutils.mo", "/usr/share/locale/pt/LC_MESSAGES/diffutils.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/diffutils.mo", "/usr/share/locale/ro/LC_MESSAGES/diffutils.mo", "/usr/share/locale/ru/LC_MESSAGES/diffutils.mo", "/usr/share/locale/sr/LC_MESSAGES/diffutils.mo", "/usr/share/locale/sv/LC_MESSAGES/diffutils.mo", "/usr/share/locale/tr/LC_MESSAGES/diffutils.mo", "/usr/share/locale/uk/LC_MESSAGES/diffutils.mo", "/usr/share/locale/vi/LC_MESSAGES/diffutils.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/diffutils.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/diffutils.mo", "/usr/share/man/man1/cmp.1.gz", "/usr/share/man/man1/diff.1.gz", "/usr/share/man/man1/diff3.1.gz", "/usr/share/man/man1/sdiff.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "dpkg@1.22.22", "Name": "dpkg", "Identifier": { "PURL": "pkg:deb/debian/dpkg@1.22.22?arch=amd64\u0026distro=debian-13.5", "UID": "7b97f27e3bec0417" }, "Version": "1.22.22", "Arch": "amd64", "SrcName": "dpkg", "SrcVersion": "1.22.22", "Licenses": [ "GPL-2.0-or-later", "public-domain-s-s-d", "GPL-2.0-only" ], "Maintainer": "Dpkg Developers \u003cdebian-dpkg@lists.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "tar@1.35+dfsg-3.1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/dpkg", "/usr/bin/dpkg-deb", "/usr/bin/dpkg-divert", "/usr/bin/dpkg-maintscript-helper", "/usr/bin/dpkg-query", "/usr/bin/dpkg-realpath", "/usr/bin/dpkg-split", "/usr/bin/dpkg-statoverride", "/usr/bin/dpkg-trigger", "/usr/bin/update-alternatives", "/usr/lib/systemd/system/dpkg-db-backup.service", "/usr/lib/systemd/system/dpkg-db-backup.timer", "/usr/libexec/dpkg/dpkg-db-backup", "/usr/libexec/dpkg/dpkg-db-keeper", "/usr/sbin/start-stop-daemon", "/usr/share/doc/dpkg/AUTHORS", "/usr/share/doc/dpkg/README.api", "/usr/share/doc/dpkg/README.bug-usertags.gz", "/usr/share/doc/dpkg/README.feature-removal-schedule.gz", "/usr/share/doc/dpkg/THANKS.gz", "/usr/share/doc/dpkg/changelog.gz", "/usr/share/doc/dpkg/copyright", "/usr/share/dpkg/abitable", "/usr/share/dpkg/cputable", "/usr/share/dpkg/ostable", "/usr/share/dpkg/sh/dpkg-error.sh", "/usr/share/dpkg/tupletable", "/usr/share/lintian/overrides/dpkg", "/usr/share/lintian/profiles/dpkg/main.profile", "/usr/share/locale/ast/LC_MESSAGES/dpkg.mo", "/usr/share/locale/bs/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ca/LC_MESSAGES/dpkg.mo", "/usr/share/locale/cs/LC_MESSAGES/dpkg.mo", "/usr/share/locale/da/LC_MESSAGES/dpkg.mo", "/usr/share/locale/de/LC_MESSAGES/dpkg.mo", "/usr/share/locale/dz/LC_MESSAGES/dpkg.mo", "/usr/share/locale/el/LC_MESSAGES/dpkg.mo", "/usr/share/locale/eo/LC_MESSAGES/dpkg.mo", "/usr/share/locale/es/LC_MESSAGES/dpkg.mo", "/usr/share/locale/et/LC_MESSAGES/dpkg.mo", "/usr/share/locale/eu/LC_MESSAGES/dpkg.mo", "/usr/share/locale/fr/LC_MESSAGES/dpkg.mo", "/usr/share/locale/gl/LC_MESSAGES/dpkg.mo", "/usr/share/locale/hu/LC_MESSAGES/dpkg.mo", "/usr/share/locale/id/LC_MESSAGES/dpkg.mo", "/usr/share/locale/it/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ja/LC_MESSAGES/dpkg.mo", "/usr/share/locale/km/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ko/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ku/LC_MESSAGES/dpkg.mo", "/usr/share/locale/lt/LC_MESSAGES/dpkg.mo", "/usr/share/locale/mr/LC_MESSAGES/dpkg.mo", "/usr/share/locale/nb/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ne/LC_MESSAGES/dpkg.mo", "/usr/share/locale/nl/LC_MESSAGES/dpkg.mo", "/usr/share/locale/nn/LC_MESSAGES/dpkg.mo", "/usr/share/locale/oc/LC_MESSAGES/dpkg.mo", "/usr/share/locale/pa/LC_MESSAGES/dpkg.mo", "/usr/share/locale/pl/LC_MESSAGES/dpkg.mo", "/usr/share/locale/pt/LC_MESSAGES/dpkg.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ro/LC_MESSAGES/dpkg.mo", "/usr/share/locale/ru/LC_MESSAGES/dpkg.mo", "/usr/share/locale/sk/LC_MESSAGES/dpkg.mo", "/usr/share/locale/sv/LC_MESSAGES/dpkg.mo", "/usr/share/locale/th/LC_MESSAGES/dpkg.mo", "/usr/share/locale/tl/LC_MESSAGES/dpkg.mo", "/usr/share/locale/tr/LC_MESSAGES/dpkg.mo", "/usr/share/locale/vi/LC_MESSAGES/dpkg.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/dpkg.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/dpkg.mo", "/usr/share/man/de/man1/dpkg-deb.1.gz", "/usr/share/man/de/man1/dpkg-divert.1.gz", "/usr/share/man/de/man1/dpkg-maintscript-helper.1.gz", "/usr/share/man/de/man1/dpkg-query.1.gz", "/usr/share/man/de/man1/dpkg-realpath.1.gz", "/usr/share/man/de/man1/dpkg-split.1.gz", "/usr/share/man/de/man1/dpkg-statoverride.1.gz", "/usr/share/man/de/man1/dpkg-trigger.1.gz", "/usr/share/man/de/man1/dpkg.1.gz", "/usr/share/man/de/man1/update-alternatives.1.gz", "/usr/share/man/de/man5/dpkg.cfg.5.gz", "/usr/share/man/de/man8/start-stop-daemon.8.gz", "/usr/share/man/es/man5/dpkg.cfg.5.gz", "/usr/share/man/fr/man1/dpkg-divert.1.gz", "/usr/share/man/fr/man1/dpkg-maintscript-helper.1.gz", "/usr/share/man/fr/man1/dpkg-query.1.gz", "/usr/share/man/fr/man1/dpkg-realpath.1.gz", "/usr/share/man/fr/man1/dpkg-split.1.gz", "/usr/share/man/fr/man1/dpkg-trigger.1.gz", "/usr/share/man/fr/man1/update-alternatives.1.gz", "/usr/share/man/fr/man5/dpkg.cfg.5.gz", "/usr/share/man/fr/man8/start-stop-daemon.8.gz", "/usr/share/man/it/man5/dpkg.cfg.5.gz", "/usr/share/man/ja/man5/dpkg.cfg.5.gz", "/usr/share/man/man1/dpkg-deb.1.gz", "/usr/share/man/man1/dpkg-divert.1.gz", "/usr/share/man/man1/dpkg-maintscript-helper.1.gz", "/usr/share/man/man1/dpkg-query.1.gz", "/usr/share/man/man1/dpkg-realpath.1.gz", "/usr/share/man/man1/dpkg-split.1.gz", "/usr/share/man/man1/dpkg-statoverride.1.gz", "/usr/share/man/man1/dpkg-trigger.1.gz", "/usr/share/man/man1/dpkg.1.gz", "/usr/share/man/man1/update-alternatives.1.gz", "/usr/share/man/man5/dpkg.cfg.5.gz", "/usr/share/man/man8/start-stop-daemon.8.gz", "/usr/share/man/nl/man1/dpkg-deb.1.gz", "/usr/share/man/nl/man1/dpkg-divert.1.gz", "/usr/share/man/nl/man1/dpkg-maintscript-helper.1.gz", "/usr/share/man/nl/man1/dpkg-query.1.gz", "/usr/share/man/nl/man1/dpkg-realpath.1.gz", "/usr/share/man/nl/man1/dpkg-split.1.gz", "/usr/share/man/nl/man1/dpkg-statoverride.1.gz", "/usr/share/man/nl/man1/dpkg-trigger.1.gz", "/usr/share/man/nl/man1/dpkg.1.gz", "/usr/share/man/nl/man1/update-alternatives.1.gz", "/usr/share/man/nl/man5/dpkg.cfg.5.gz", "/usr/share/man/nl/man8/start-stop-daemon.8.gz", "/usr/share/man/pl/man5/dpkg.cfg.5.gz", "/usr/share/man/pt/man1/dpkg-deb.1.gz", "/usr/share/man/pt/man1/dpkg-divert.1.gz", "/usr/share/man/pt/man1/dpkg-maintscript-helper.1.gz", "/usr/share/man/pt/man1/dpkg-query.1.gz", "/usr/share/man/pt/man1/dpkg-realpath.1.gz", "/usr/share/man/pt/man1/dpkg-split.1.gz", "/usr/share/man/pt/man1/dpkg-statoverride.1.gz", "/usr/share/man/pt/man1/dpkg-trigger.1.gz", "/usr/share/man/pt/man1/dpkg.1.gz", "/usr/share/man/pt/man1/update-alternatives.1.gz", "/usr/share/man/pt/man5/dpkg.cfg.5.gz", "/usr/share/man/pt/man8/start-stop-daemon.8.gz", "/usr/share/man/sv/man1/dpkg-deb.1.gz", "/usr/share/man/sv/man1/dpkg-divert.1.gz", "/usr/share/man/sv/man1/dpkg-maintscript-helper.1.gz", "/usr/share/man/sv/man1/dpkg-query.1.gz", "/usr/share/man/sv/man1/dpkg-realpath.1.gz", "/usr/share/man/sv/man1/dpkg-split.1.gz", "/usr/share/man/sv/man1/dpkg-statoverride.1.gz", "/usr/share/man/sv/man1/dpkg-trigger.1.gz", "/usr/share/man/sv/man1/dpkg.1.gz", "/usr/share/man/sv/man1/update-alternatives.1.gz", "/usr/share/man/sv/man5/dpkg.cfg.5.gz", "/usr/share/man/sv/man8/start-stop-daemon.8.gz", "/usr/share/polkit-1/actions/org.dpkg.pkexec.update-alternatives.policy" ], "AnalyzedBy": "dpkg" }, { "ID": "findutils@4.10.0-3", "Name": "findutils", "Identifier": { "PURL": "pkg:deb/debian/findutils@4.10.0-3?arch=amd64\u0026distro=debian-13.5", "UID": "12e741692291b42a" }, "Version": "4.10.0", "Release": "3", "Arch": "amd64", "SrcName": "findutils", "SrcVersion": "4.10.0", "SrcRelease": "3", "Licenses": [ "GFDL-1.3-no-invariants-or-later", "GPL-3.0-or-later", "FSFAP", "GPL-2+ with Autoconf-data exception", "GPL-3+ with Autoconf-data exception", "FSFULLR", "GPL-2.0-or-later", "X11", "public-domain", "LGPL-2.1-or-later", "GPL with automake exception", "LGPL-2.0-or-later", "LGPL-3.0-or-later", "BSD-3-Clause", "GPL-3+ with Bison-2.2 exception", "LGPL-3.0-only", "ISC", "GFDL-1.3-only", "GPL-2.0-only", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only" ], "Maintainer": "Andreas Metzler \u003cametzler@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/find", "/usr/bin/xargs", "/usr/share/doc-base/findutils.findutils", "/usr/share/doc/findutils/NEWS.gz", "/usr/share/doc/findutils/README.gz", "/usr/share/doc/findutils/TODO", "/usr/share/doc/findutils/changelog.Debian.gz", "/usr/share/doc/findutils/changelog.gz", "/usr/share/doc/findutils/copyright", "/usr/share/info/find-maint.info.gz", "/usr/share/info/find.info.gz", "/usr/share/locale/be/LC_MESSAGES/findutils.mo", "/usr/share/locale/bg/LC_MESSAGES/findutils.mo", "/usr/share/locale/ca/LC_MESSAGES/findutils.mo", "/usr/share/locale/cs/LC_MESSAGES/findutils.mo", "/usr/share/locale/da/LC_MESSAGES/findutils.mo", "/usr/share/locale/de/LC_MESSAGES/findutils.mo", "/usr/share/locale/el/LC_MESSAGES/findutils.mo", "/usr/share/locale/eo/LC_MESSAGES/findutils.mo", "/usr/share/locale/es/LC_MESSAGES/findutils.mo", "/usr/share/locale/et/LC_MESSAGES/findutils.mo", "/usr/share/locale/fi/LC_MESSAGES/findutils.mo", "/usr/share/locale/fr/LC_MESSAGES/findutils.mo", "/usr/share/locale/ga/LC_MESSAGES/findutils.mo", "/usr/share/locale/gl/LC_MESSAGES/findutils.mo", "/usr/share/locale/hr/LC_MESSAGES/findutils.mo", "/usr/share/locale/hu/LC_MESSAGES/findutils.mo", "/usr/share/locale/id/LC_MESSAGES/findutils.mo", "/usr/share/locale/it/LC_MESSAGES/findutils.mo", "/usr/share/locale/ja/LC_MESSAGES/findutils.mo", "/usr/share/locale/ka/LC_MESSAGES/findutils.mo", "/usr/share/locale/ko/LC_MESSAGES/findutils.mo", "/usr/share/locale/lg/LC_MESSAGES/findutils.mo", "/usr/share/locale/lt/LC_MESSAGES/findutils.mo", "/usr/share/locale/ms/LC_MESSAGES/findutils.mo", "/usr/share/locale/nb/LC_MESSAGES/findutils.mo", "/usr/share/locale/nl/LC_MESSAGES/findutils.mo", "/usr/share/locale/pl/LC_MESSAGES/findutils.mo", "/usr/share/locale/pt/LC_MESSAGES/findutils.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/findutils.mo", "/usr/share/locale/ro/LC_MESSAGES/findutils.mo", "/usr/share/locale/ru/LC_MESSAGES/findutils.mo", "/usr/share/locale/sk/LC_MESSAGES/findutils.mo", "/usr/share/locale/sl/LC_MESSAGES/findutils.mo", "/usr/share/locale/sr/LC_MESSAGES/findutils.mo", "/usr/share/locale/sv/LC_MESSAGES/findutils.mo", "/usr/share/locale/tr/LC_MESSAGES/findutils.mo", "/usr/share/locale/uk/LC_MESSAGES/findutils.mo", "/usr/share/locale/vi/LC_MESSAGES/findutils.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/findutils.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/findutils.mo", "/usr/share/man/man1/find.1.gz", "/usr/share/man/man1/xargs.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "gcc-14-base@14.2.0-19", "Name": "gcc-14-base", "Identifier": { "PURL": "pkg:deb/debian/gcc-14-base@14.2.0-19?arch=amd64\u0026distro=debian-13.5", "UID": "371c061d08215a1b" }, "Version": "14.2.0", "Release": "19", "Arch": "amd64", "SrcName": "gcc-14", "SrcVersion": "14.2.0", "SrcRelease": "19", "Licenses": [ "GPL-2.0-or-later", "GPL-3.0-only", "GFDL-1.2-only", "Artistic-2.0", "LGPL-2.0-or-later" ], "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/share/doc/gcc-14-base/README.Debian.amd64.gz", "/usr/share/doc/gcc-14-base/TODO.Debian", "/usr/share/doc/gcc-14-base/changelog.Debian.gz", "/usr/share/doc/gcc-14-base/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "grep@3.11-4", "Name": "grep", "Identifier": { "PURL": "pkg:deb/debian/grep@3.11-4?arch=amd64\u0026distro=debian-13.5", "UID": "6ce8b4eed9c0d137" }, "Version": "3.11", "Release": "4", "Arch": "amd64", "SrcName": "grep", "SrcVersion": "3.11", "SrcRelease": "4", "Licenses": [ "GPL-3.0-or-later", "GPL-3.0-only" ], "Maintainer": "Anibal Monsalve Salazar \u003canibal@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/egrep", "/usr/bin/fgrep", "/usr/bin/grep", "/usr/bin/rgrep", "/usr/share/doc/grep/AUTHORS", "/usr/share/doc/grep/NEWS.Debian.gz", "/usr/share/doc/grep/NEWS.gz", "/usr/share/doc/grep/README", "/usr/share/doc/grep/THANKS.gz", "/usr/share/doc/grep/TODO.gz", "/usr/share/doc/grep/changelog.Debian.gz", "/usr/share/doc/grep/changelog.gz", "/usr/share/doc/grep/copyright", "/usr/share/info/grep.info.gz", "/usr/share/locale/af/LC_MESSAGES/grep.mo", "/usr/share/locale/be/LC_MESSAGES/grep.mo", "/usr/share/locale/bg/LC_MESSAGES/grep.mo", "/usr/share/locale/ca/LC_MESSAGES/grep.mo", "/usr/share/locale/cs/LC_MESSAGES/grep.mo", "/usr/share/locale/da/LC_MESSAGES/grep.mo", "/usr/share/locale/de/LC_MESSAGES/grep.mo", "/usr/share/locale/el/LC_MESSAGES/grep.mo", "/usr/share/locale/eo/LC_MESSAGES/grep.mo", "/usr/share/locale/es/LC_MESSAGES/grep.mo", "/usr/share/locale/et/LC_MESSAGES/grep.mo", "/usr/share/locale/eu/LC_MESSAGES/grep.mo", "/usr/share/locale/fi/LC_MESSAGES/grep.mo", "/usr/share/locale/fr/LC_MESSAGES/grep.mo", "/usr/share/locale/ga/LC_MESSAGES/grep.mo", "/usr/share/locale/gl/LC_MESSAGES/grep.mo", "/usr/share/locale/he/LC_MESSAGES/grep.mo", "/usr/share/locale/hr/LC_MESSAGES/grep.mo", "/usr/share/locale/hu/LC_MESSAGES/grep.mo", "/usr/share/locale/id/LC_MESSAGES/grep.mo", "/usr/share/locale/it/LC_MESSAGES/grep.mo", "/usr/share/locale/ja/LC_MESSAGES/grep.mo", "/usr/share/locale/ka/LC_MESSAGES/grep.mo", "/usr/share/locale/ko/LC_MESSAGES/grep.mo", "/usr/share/locale/ky/LC_MESSAGES/grep.mo", "/usr/share/locale/lt/LC_MESSAGES/grep.mo", "/usr/share/locale/nb/LC_MESSAGES/grep.mo", "/usr/share/locale/nl/LC_MESSAGES/grep.mo", "/usr/share/locale/pa/LC_MESSAGES/grep.mo", "/usr/share/locale/pl/LC_MESSAGES/grep.mo", "/usr/share/locale/pt/LC_MESSAGES/grep.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/grep.mo", "/usr/share/locale/ro/LC_MESSAGES/grep.mo", "/usr/share/locale/ru/LC_MESSAGES/grep.mo", "/usr/share/locale/sk/LC_MESSAGES/grep.mo", "/usr/share/locale/sl/LC_MESSAGES/grep.mo", "/usr/share/locale/sr/LC_MESSAGES/grep.mo", "/usr/share/locale/sv/LC_MESSAGES/grep.mo", "/usr/share/locale/ta/LC_MESSAGES/grep.mo", "/usr/share/locale/th/LC_MESSAGES/grep.mo", "/usr/share/locale/tr/LC_MESSAGES/grep.mo", "/usr/share/locale/uk/LC_MESSAGES/grep.mo", "/usr/share/locale/vi/LC_MESSAGES/grep.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/grep.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/grep.mo", "/usr/share/man/man1/grep.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "gzip@1.13-1", "Name": "gzip", "Identifier": { "PURL": "pkg:deb/debian/gzip@1.13-1?arch=amd64\u0026distro=debian-13.5", "UID": "954545ce99bc687e" }, "Version": "1.13", "Release": "1", "Arch": "amd64", "SrcName": "gzip", "SrcVersion": "1.13", "SrcRelease": "1", "Licenses": [ "GPL-3.0-or-later", "GFDL-1.3+-no-invariant", "FSF-manpages", "GPL-3.0-only", "GFDL-3" ], "Maintainer": "Milan Kupcevic \u003cmilan@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/gunzip", "/usr/bin/gzexe", "/usr/bin/gzip", "/usr/bin/zcat", "/usr/bin/zcmp", "/usr/bin/zdiff", "/usr/bin/zegrep", "/usr/bin/zfgrep", "/usr/bin/zforce", "/usr/bin/zgrep", "/usr/bin/zless", "/usr/bin/zmore", "/usr/bin/znew", "/usr/share/doc/gzip/NEWS.gz", "/usr/share/doc/gzip/README.gz", "/usr/share/doc/gzip/TODO", "/usr/share/doc/gzip/changelog.Debian.gz", "/usr/share/doc/gzip/changelog.gz", "/usr/share/doc/gzip/copyright", "/usr/share/info/gzip.info.gz", "/usr/share/man/man1/gzexe.1.gz", "/usr/share/man/man1/gzip.1.gz", "/usr/share/man/man1/zdiff.1.gz", "/usr/share/man/man1/zforce.1.gz", "/usr/share/man/man1/zgrep.1.gz", "/usr/share/man/man1/zless.1.gz", "/usr/share/man/man1/zmore.1.gz", "/usr/share/man/man1/znew.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "hostname@3.25", "Name": "hostname", "Identifier": { "PURL": "pkg:deb/debian/hostname@3.25?arch=amd64\u0026distro=debian-13.5", "UID": "641772722328aedf" }, "Version": "3.25", "Arch": "amd64", "SrcName": "hostname", "SrcVersion": "3.25", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Michael Meskes \u003cmeskes@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/hostname", "/usr/share/doc/hostname/changelog.gz", "/usr/share/doc/hostname/copyright", "/usr/share/man/man1/hostname.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "init-system-helpers@1.69~deb13u1", "Name": "init-system-helpers", "Identifier": { "PURL": "pkg:deb/debian/init-system-helpers@1.69~deb13u1?arch=all\u0026distro=debian-13.5", "UID": "cb52819ec2f1a236" }, "Version": "1.69~deb13u1", "Arch": "all", "SrcName": "init-system-helpers", "SrcVersion": "1.69~deb13u1", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Debian systemd Maintainers \u003cpkg-systemd-maintainers@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/deb-systemd-helper", "/usr/bin/deb-systemd-invoke", "/usr/sbin/invoke-rc.d", "/usr/sbin/service", "/usr/sbin/update-rc.d", "/usr/share/bug/init-system-helpers/control", "/usr/share/doc/init-system-helpers/README.invoke-rc.d.gz", "/usr/share/doc/init-system-helpers/README.policy-rc.d.gz", "/usr/share/doc/init-system-helpers/changelog.gz", "/usr/share/doc/init-system-helpers/copyright", "/usr/share/lintian/overrides/init-system-helpers", "/usr/share/man/man1/deb-systemd-helper.1p.gz", "/usr/share/man/man1/deb-systemd-invoke.1p.gz", "/usr/share/man/man8/invoke-rc.d.8.gz", "/usr/share/man/man8/service.8.gz", "/usr/share/man/man8/update-rc.d.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "libacl1@2.3.2-2+b1", "Name": "libacl1", "Identifier": { "PURL": "pkg:deb/debian/libacl1@2.3.2-2%2Bb1?arch=amd64\u0026distro=debian-13.5", "UID": "f9f7789d147b9636" }, "Version": "2.3.2", "Release": "2+b1", "Arch": "amd64", "SrcName": "acl", "SrcVersion": "2.3.2", "SrcRelease": "2", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "LGPL-2.0-or-later", "LGPL-2.1-only" ], "Maintainer": "Guillem Jover \u003cguillem@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libacl.so.1.1.2302", "/usr/share/doc/libacl1/changelog.Debian.amd64.gz", "/usr/share/doc/libacl1/changelog.Debian.gz", "/usr/share/doc/libacl1/changelog.gz", "/usr/share/doc/libacl1/copyright", "/usr/share/lintian/overrides/libacl1" ], "AnalyzedBy": "dpkg" }, { "ID": "libapt-pkg7.0@3.0.3", "Name": "libapt-pkg7.0", "Identifier": { "PURL": "pkg:deb/debian/libapt-pkg7.0@3.0.3?arch=amd64\u0026distro=debian-13.5", "UID": "5549812c55d79bea" }, "Version": "3.0.3", "Arch": "amd64", "SrcName": "apt", "SrcVersion": "3.0.3", "Licenses": [ "GPL-2.0-or-later", "curl", "BSD-3-Clause", "MIT", "GPL-2.0-only" ], "Maintainer": "APT Development Team \u003cdeity@lists.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libbz2-1.0@1.0.8-6", "libc6@2.41-12+deb13u3", "libgcc-s1@14.2.0-19", "liblz4-1@1.10.0-4", "liblzma5@5.8.1-1", "libssl3t64@3.5.6-1~deb13u1", "libstdc++6@14.2.0-19", "libsystemd0@257.13-1~deb13u1", "libudev1@257.13-1~deb13u1", "libxxhash0@0.8.3-2", "libzstd1@1.5.7+dfsg-1", "zlib1g@1:1.3.dfsg+really1.3.1-1+b1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libapt-pkg.so.7.0.0", "/usr/share/doc/libapt-pkg7.0/NEWS.Debian.gz", "/usr/share/doc/libapt-pkg7.0/changelog.gz", "/usr/share/doc/libapt-pkg7.0/copyright", "/usr/share/locale/ar/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/ast/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/bg/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/bs/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/ca/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/cs/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/cy/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/da/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/de/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/dz/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/el/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/es/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/eu/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/fi/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/fr/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/gl/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/hu/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/it/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/ja/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/km/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/ko/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/ku/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/lt/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/mr/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/nb/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/ne/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/nl/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/nn/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/pl/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/pt/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/ro/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/ru/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/sk/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/sl/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/sv/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/th/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/tl/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/tr/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/uk/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/vi/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/libapt-pkg7.0.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/libapt-pkg7.0.mo" ], "AnalyzedBy": "dpkg" }, { "ID": "libattr1@1:2.5.2-3", "Name": "libattr1", "Identifier": { "PURL": "pkg:deb/debian/libattr1@2.5.2-3?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "90d554a582a8683b" }, "Version": "2.5.2", "Release": "3", "Epoch": 1, "Arch": "amd64", "SrcName": "attr", "SrcVersion": "2.5.2", "SrcRelease": "3", "SrcEpoch": 1, "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "LGPL-2.0-or-later", "LGPL-2.1-only" ], "Maintainer": "Guillem Jover \u003cguillem@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libattr.so.1.1.2502", "/usr/share/doc/libattr1/changelog.Debian.gz", "/usr/share/doc/libattr1/changelog.gz", "/usr/share/doc/libattr1/copyright", "/usr/share/lintian/overrides/libattr1" ], "AnalyzedBy": "dpkg" }, { "ID": "libaudit-common@1:4.0.2-2", "Name": "libaudit-common", "Identifier": { "PURL": "pkg:deb/debian/libaudit-common@4.0.2-2?arch=all\u0026distro=debian-13.5\u0026epoch=1", "UID": "d20cd9a11d8e018d" }, "Version": "4.0.2", "Release": "2", "Epoch": 1, "Arch": "all", "SrcName": "audit", "SrcVersion": "4.0.2", "SrcRelease": "2", "SrcEpoch": 1, "Licenses": [ "GPL-2.0-only", "LGPL-2.1-only", "GPL-1.0-only" ], "Maintainer": "Laurent Bigonville \u003cbigon@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/share/doc/libaudit-common/changelog.Debian.gz", "/usr/share/doc/libaudit-common/changelog.gz", "/usr/share/doc/libaudit-common/copyright", "/usr/share/man/man5/libaudit.conf.5.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "libaudit1@1:4.0.2-2+b2", "Name": "libaudit1", "Identifier": { "PURL": "pkg:deb/debian/libaudit1@4.0.2-2%2Bb2?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "c47a55b8e27ace3c" }, "Version": "4.0.2", "Release": "2+b2", "Epoch": 1, "Arch": "amd64", "SrcName": "audit", "SrcVersion": "4.0.2", "SrcRelease": "2", "SrcEpoch": 1, "Licenses": [ "GPL-2.0-only", "LGPL-2.1-only", "GPL-1.0-only" ], "Maintainer": "Laurent Bigonville \u003cbigon@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libaudit-common@1:4.0.2-2", "libc6@2.41-12+deb13u3", "libcap-ng0@0.8.5-4+b1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libaudit.so.1.0.0", "/usr/share/doc/libaudit1/changelog.Debian.amd64.gz", "/usr/share/doc/libaudit1/changelog.Debian.gz", "/usr/share/doc/libaudit1/changelog.gz", "/usr/share/doc/libaudit1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libblkid1@2.41-5", "Name": "libblkid1", "Identifier": { "PURL": "pkg:deb/debian/libblkid1@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "51bf0af8d40f4a01" }, "Version": "2.41", "Release": "5", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libblkid.so.1.1.0", "/usr/share/doc/libblkid1/NEWS.Debian.gz", "/usr/share/doc/libblkid1/changelog.Debian.gz", "/usr/share/doc/libblkid1/changelog.gz", "/usr/share/doc/libblkid1/copyright", "/usr/share/lintian/overrides/libblkid1" ], "AnalyzedBy": "dpkg" }, { "ID": "libbsd0@0.12.2-2", "Name": "libbsd0", "Identifier": { "PURL": "pkg:deb/debian/libbsd0@0.12.2-2?arch=amd64\u0026distro=debian-13.5", "UID": "a8f4afa42f768363" }, "Version": "0.12.2", "Release": "2", "Arch": "amd64", "SrcName": "libbsd", "SrcVersion": "0.12.2", "SrcRelease": "2", "Licenses": [ "BSD-3-Clause", "BSD-3-clause-Regents", "BSD-2-Clause-NetBSD", "BSD-3-clause-author", "BSD-3-clause-John-Birrell", "BSD-5-clause-Peter-Wemm", "BSD-2-Clause", "BSD-2-clause-verbatim", "BSD-2-clause-author", "ISC", "ISC-Original", "MIT", "public-domain", "Beerware" ], "Maintainer": "Guillem Jover \u003cguillem@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libmd0@1.1.0-2+b1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libbsd.so.0.12.2", "/usr/share/doc/libbsd0/changelog.Debian.gz", "/usr/share/doc/libbsd0/changelog.gz", "/usr/share/doc/libbsd0/copyright", "/usr/share/lintian/overrides/libbsd0" ], "AnalyzedBy": "dpkg" }, { "ID": "libbz2-1.0@1.0.8-6", "Name": "libbz2-1.0", "Identifier": { "PURL": "pkg:deb/debian/libbz2-1.0@1.0.8-6?arch=amd64\u0026distro=debian-13.5", "UID": "2da429aca83dde92" }, "Version": "1.0.8", "Release": "6", "Arch": "amd64", "SrcName": "bzip2", "SrcVersion": "1.0.8", "SrcRelease": "6", "Licenses": [ "BSD-3-Clause", "GPL-2.0-only" ], "Maintainer": "Anibal Monsalve Salazar \u003canibal@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libbz2.so.1.0.4", "/usr/share/doc/libbz2-1.0/changelog.Debian.gz", "/usr/share/doc/libbz2-1.0/changelog.gz", "/usr/share/doc/libbz2-1.0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libc-bin@2.41-12+deb13u3", "Name": "libc-bin", "Identifier": { "PURL": "pkg:deb/debian/libc-bin@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", "UID": "c45af597301c8c0b" }, "Version": "2.41", "Release": "12+deb13u3", "Arch": "amd64", "SrcName": "glibc", "SrcVersion": "2.41", "SrcRelease": "12+deb13u3", "Licenses": [ "LGPL-2.1-or-later", "LGPL-2.0-or-later", "LGPL-2.1+-with-link-exception", "LGPL-3.0-or-later", "GPL-2.0-or-later", "GPL-2+-with-link-exception", "GPL-2.0-only", "GPL-3.0-or-later", "FSFAP", "Carnegie", "Inner-Net", "MIT-like-Lord", "BSD-like-Spencer", "PCRE", "BSD-3-clause-Carnegie", "Unicode-DFS-2016", "BSL-1.0", "SunPro", "CORE-MATH", "BSD-3-clause-Berkeley", "BSD-3-clause-WIDE", "BSD-2-Clause", "BSD-3-clause-Oracle", "DEC", "IBM", "ISC", "Univ-Coimbra", "public-domain", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "GNU Libc Maintainers \u003cdebian-glibc@lists.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/getconf", "/usr/bin/getent", "/usr/bin/iconv", "/usr/bin/ldd", "/usr/bin/locale", "/usr/bin/localedef", "/usr/bin/pldd", "/usr/bin/tzselect", "/usr/bin/zdump", "/usr/lib/locale/C.utf8/LC_ADDRESS", "/usr/lib/locale/C.utf8/LC_COLLATE", "/usr/lib/locale/C.utf8/LC_CTYPE", "/usr/lib/locale/C.utf8/LC_IDENTIFICATION", "/usr/lib/locale/C.utf8/LC_MEASUREMENT", "/usr/lib/locale/C.utf8/LC_MESSAGES/SYS_LC_MESSAGES", "/usr/lib/locale/C.utf8/LC_MONETARY", "/usr/lib/locale/C.utf8/LC_NAME", "/usr/lib/locale/C.utf8/LC_NUMERIC", "/usr/lib/locale/C.utf8/LC_PAPER", "/usr/lib/locale/C.utf8/LC_TELEPHONE", "/usr/lib/locale/C.utf8/LC_TIME", "/usr/sbin/iconvconfig", "/usr/sbin/ldconfig", "/usr/sbin/zic", "/usr/share/doc/libc-bin/changelog.Debian.gz", "/usr/share/doc/libc-bin/changelog.gz", "/usr/share/doc/libc-bin/copyright", "/usr/share/libc-bin/nsswitch.conf", "/usr/share/lintian/overrides/libc-bin", "/usr/share/man/man1/getconf.1.gz", "/usr/share/man/man1/tzselect.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "libc6@2.41-12+deb13u3", "Name": "libc6", "Identifier": { "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", "UID": "2a1acf211abcdd46" }, "Version": "2.41", "Release": "12+deb13u3", "Arch": "amd64", "SrcName": "glibc", "SrcVersion": "2.41", "SrcRelease": "12+deb13u3", "Licenses": [ "LGPL-2.1-or-later", "LGPL-2.0-or-later", "LGPL-2.1+-with-link-exception", "LGPL-3.0-or-later", "GPL-2.0-or-later", "GPL-2+-with-link-exception", "GPL-2.0-only", "GPL-3.0-or-later", "FSFAP", "Carnegie", "Inner-Net", "MIT-like-Lord", "BSD-like-Spencer", "PCRE", "BSD-3-clause-Carnegie", "Unicode-DFS-2016", "BSL-1.0", "SunPro", "CORE-MATH", "BSD-3-clause-Berkeley", "BSD-3-clause-WIDE", "BSD-2-Clause", "BSD-3-clause-Oracle", "DEC", "IBM", "ISC", "Univ-Coimbra", "public-domain", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "GNU Libc Maintainers \u003cdebian-glibc@lists.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libgcc-s1@14.2.0-19" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/gconv/ANSI_X3.110.so", "/usr/lib/x86_64-linux-gnu/gconv/ARMSCII-8.so", "/usr/lib/x86_64-linux-gnu/gconv/ASMO_449.so", "/usr/lib/x86_64-linux-gnu/gconv/BIG5.so", "/usr/lib/x86_64-linux-gnu/gconv/BIG5HKSCS.so", "/usr/lib/x86_64-linux-gnu/gconv/BRF.so", "/usr/lib/x86_64-linux-gnu/gconv/CP10007.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1125.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1250.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1251.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1252.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1253.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1254.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1255.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1256.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1257.so", "/usr/lib/x86_64-linux-gnu/gconv/CP1258.so", "/usr/lib/x86_64-linux-gnu/gconv/CP737.so", "/usr/lib/x86_64-linux-gnu/gconv/CP770.so", "/usr/lib/x86_64-linux-gnu/gconv/CP771.so", "/usr/lib/x86_64-linux-gnu/gconv/CP772.so", "/usr/lib/x86_64-linux-gnu/gconv/CP773.so", "/usr/lib/x86_64-linux-gnu/gconv/CP774.so", "/usr/lib/x86_64-linux-gnu/gconv/CP775.so", "/usr/lib/x86_64-linux-gnu/gconv/CP932.so", "/usr/lib/x86_64-linux-gnu/gconv/CSN_369103.so", "/usr/lib/x86_64-linux-gnu/gconv/CWI.so", "/usr/lib/x86_64-linux-gnu/gconv/DEC-MCS.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-AT-DE-A.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-AT-DE.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-CA-FR.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-DK-NO-A.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-DK-NO.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES-A.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES-S.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-ES.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FI-SE-A.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FI-SE.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-FR.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-IS-FRISS.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-IT.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-PT.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-UK.so", "/usr/lib/x86_64-linux-gnu/gconv/EBCDIC-US.so", "/usr/lib/x86_64-linux-gnu/gconv/ECMA-CYRILLIC.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-CN.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-JISX0213.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-JP-MS.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-JP.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-KR.so", "/usr/lib/x86_64-linux-gnu/gconv/EUC-TW.so", "/usr/lib/x86_64-linux-gnu/gconv/GB18030.so", "/usr/lib/x86_64-linux-gnu/gconv/GBBIG5.so", "/usr/lib/x86_64-linux-gnu/gconv/GBGBK.so", "/usr/lib/x86_64-linux-gnu/gconv/GBK.so", "/usr/lib/x86_64-linux-gnu/gconv/GEORGIAN-ACADEMY.so", "/usr/lib/x86_64-linux-gnu/gconv/GEORGIAN-PS.so", "/usr/lib/x86_64-linux-gnu/gconv/GOST_19768-74.so", "/usr/lib/x86_64-linux-gnu/gconv/GREEK-CCITT.so", "/usr/lib/x86_64-linux-gnu/gconv/GREEK7-OLD.so", "/usr/lib/x86_64-linux-gnu/gconv/GREEK7.so", "/usr/lib/x86_64-linux-gnu/gconv/HP-GREEK8.so", "/usr/lib/x86_64-linux-gnu/gconv/HP-ROMAN8.so", "/usr/lib/x86_64-linux-gnu/gconv/HP-ROMAN9.so", "/usr/lib/x86_64-linux-gnu/gconv/HP-THAI8.so", "/usr/lib/x86_64-linux-gnu/gconv/HP-TURKISH8.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM037.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM038.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1004.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1008.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1008_420.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1025.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1026.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1046.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1047.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1097.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1112.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1122.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1123.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1124.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1129.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1130.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1132.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1133.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1137.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1140.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1141.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1142.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1143.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1144.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1145.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1146.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1147.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1148.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1149.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1153.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1154.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1155.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1156.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1157.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1158.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1160.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1161.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1162.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1163.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1164.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1166.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1167.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM12712.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1364.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1371.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1388.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1390.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM1399.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM16804.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM256.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM273.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM274.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM275.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM277.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM278.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM280.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM281.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM284.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM285.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM290.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM297.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM420.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM423.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM424.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM437.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM4517.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM4899.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM4909.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM4971.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM500.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM5347.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM803.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM850.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM851.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM852.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM855.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM856.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM857.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM858.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM860.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM861.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM862.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM863.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM864.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM865.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM866.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM866NAV.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM868.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM869.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM870.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM871.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM874.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM875.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM880.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM891.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM901.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM902.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM903.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM9030.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM904.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM905.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM9066.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM918.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM921.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM922.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM930.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM932.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM933.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM935.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM937.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM939.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM943.so", "/usr/lib/x86_64-linux-gnu/gconv/IBM9448.so", "/usr/lib/x86_64-linux-gnu/gconv/IEC_P27-1.so", "/usr/lib/x86_64-linux-gnu/gconv/INIS-8.so", "/usr/lib/x86_64-linux-gnu/gconv/INIS-CYRILLIC.so", "/usr/lib/x86_64-linux-gnu/gconv/INIS.so", "/usr/lib/x86_64-linux-gnu/gconv/ISIRI-3342.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-CN-EXT.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-CN.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-JP-3.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-JP.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-2022-KR.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-IR-197.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO-IR-209.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO646.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-1.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-10.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-11.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-13.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-14.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-15.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-16.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-2.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-3.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-4.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-5.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-6.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-7.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-8.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-9.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO8859-9E.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_10367-BOX.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_11548-1.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_2033.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_5427-EXT.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_5427.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_5428.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_6937-2.so", "/usr/lib/x86_64-linux-gnu/gconv/ISO_6937.so", "/usr/lib/x86_64-linux-gnu/gconv/JOHAB.so", "/usr/lib/x86_64-linux-gnu/gconv/KOI-8.so", "/usr/lib/x86_64-linux-gnu/gconv/KOI8-R.so", "/usr/lib/x86_64-linux-gnu/gconv/KOI8-RU.so", "/usr/lib/x86_64-linux-gnu/gconv/KOI8-T.so", "/usr/lib/x86_64-linux-gnu/gconv/KOI8-U.so", "/usr/lib/x86_64-linux-gnu/gconv/LATIN-GREEK-1.so", "/usr/lib/x86_64-linux-gnu/gconv/LATIN-GREEK.so", "/usr/lib/x86_64-linux-gnu/gconv/MAC-CENTRALEUROPE.so", "/usr/lib/x86_64-linux-gnu/gconv/MAC-IS.so", "/usr/lib/x86_64-linux-gnu/gconv/MAC-SAMI.so", "/usr/lib/x86_64-linux-gnu/gconv/MAC-UK.so", "/usr/lib/x86_64-linux-gnu/gconv/MACINTOSH.so", "/usr/lib/x86_64-linux-gnu/gconv/MIK.so", "/usr/lib/x86_64-linux-gnu/gconv/NATS-DANO.so", "/usr/lib/x86_64-linux-gnu/gconv/NATS-SEFI.so", "/usr/lib/x86_64-linux-gnu/gconv/PT154.so", "/usr/lib/x86_64-linux-gnu/gconv/RK1048.so", "/usr/lib/x86_64-linux-gnu/gconv/SAMI-WS2.so", "/usr/lib/x86_64-linux-gnu/gconv/SHIFT_JISX0213.so", "/usr/lib/x86_64-linux-gnu/gconv/SJIS.so", "/usr/lib/x86_64-linux-gnu/gconv/T.61.so", "/usr/lib/x86_64-linux-gnu/gconv/TCVN5712-1.so", "/usr/lib/x86_64-linux-gnu/gconv/TIS-620.so", "/usr/lib/x86_64-linux-gnu/gconv/TSCII.so", "/usr/lib/x86_64-linux-gnu/gconv/UHC.so", "/usr/lib/x86_64-linux-gnu/gconv/UNICODE.so", "/usr/lib/x86_64-linux-gnu/gconv/UTF-16.so", "/usr/lib/x86_64-linux-gnu/gconv/UTF-32.so", "/usr/lib/x86_64-linux-gnu/gconv/UTF-7.so", "/usr/lib/x86_64-linux-gnu/gconv/VISCII.so", "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules", "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache", "/usr/lib/x86_64-linux-gnu/gconv/gconv-modules.d/gconv-modules-extra.conf", "/usr/lib/x86_64-linux-gnu/gconv/libCNS.so", "/usr/lib/x86_64-linux-gnu/gconv/libGB.so", "/usr/lib/x86_64-linux-gnu/gconv/libISOIR165.so", "/usr/lib/x86_64-linux-gnu/gconv/libJIS.so", "/usr/lib/x86_64-linux-gnu/gconv/libJISX0213.so", "/usr/lib/x86_64-linux-gnu/gconv/libKSC.so", "/usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2", "/usr/lib/x86_64-linux-gnu/libBrokenLocale.so.1", "/usr/lib/x86_64-linux-gnu/libanl.so.1", "/usr/lib/x86_64-linux-gnu/libc.so.6", "/usr/lib/x86_64-linux-gnu/libc_malloc_debug.so.0", "/usr/lib/x86_64-linux-gnu/libdl.so.2", "/usr/lib/x86_64-linux-gnu/libm.so.6", "/usr/lib/x86_64-linux-gnu/libmemusage.so", "/usr/lib/x86_64-linux-gnu/libmvec.so.1", "/usr/lib/x86_64-linux-gnu/libnsl.so.1", "/usr/lib/x86_64-linux-gnu/libnss_compat.so.2", "/usr/lib/x86_64-linux-gnu/libnss_dns.so.2", "/usr/lib/x86_64-linux-gnu/libnss_files.so.2", "/usr/lib/x86_64-linux-gnu/libnss_hesiod.so.2", "/usr/lib/x86_64-linux-gnu/libpcprofile.so", "/usr/lib/x86_64-linux-gnu/libpthread.so.0", "/usr/lib/x86_64-linux-gnu/libresolv.so.2", "/usr/lib/x86_64-linux-gnu/librt.so.1", "/usr/lib/x86_64-linux-gnu/libthread_db.so.1", "/usr/lib/x86_64-linux-gnu/libutil.so.1", "/usr/share/doc/libc6/NEWS.Debian.gz", "/usr/share/doc/libc6/NEWS.gz", "/usr/share/doc/libc6/README.Debian.gz", "/usr/share/doc/libc6/README.hesiod.gz", "/usr/share/doc/libc6/changelog.Debian.gz", "/usr/share/doc/libc6/changelog.gz", "/usr/share/doc/libc6/copyright", "/usr/share/lintian/overrides/libc6" ], "AnalyzedBy": "dpkg" }, { "ID": "libcap-ng0@0.8.5-4+b1", "Name": "libcap-ng0", "Identifier": { "PURL": "pkg:deb/debian/libcap-ng0@0.8.5-4%2Bb1?arch=amd64\u0026distro=debian-13.5", "UID": "9b7c2d5667513e48" }, "Version": "0.8.5", "Release": "4+b1", "Arch": "amd64", "SrcName": "libcap-ng", "SrcVersion": "0.8.5", "SrcRelease": "4", "Licenses": [ "LGPL-2.1-or-later", "GPL-2.0-or-later", "GPL-3.0-only", "LGPL-2.1-only", "GPL-2.0-only" ], "Maintainer": "Håvard F. Aasen \u003chavard.f.aasen@pfft.no\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libcap-ng.so.0.0.0", "/usr/lib/x86_64-linux-gnu/libdrop_ambient.so.0.0.0", "/usr/share/doc/libcap-ng0/changelog.Debian.amd64.gz", "/usr/share/doc/libcap-ng0/changelog.Debian.gz", "/usr/share/doc/libcap-ng0/changelog.gz", "/usr/share/doc/libcap-ng0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libcap2@1:2.75-10+deb13u1+b1", "Name": "libcap2", "Identifier": { "PURL": "pkg:deb/debian/libcap2@2.75-10%2Bdeb13u1%2Bb1?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "7cefa0399e4d88d4" }, "Version": "2.75", "Release": "10+deb13u1+b1", "Epoch": 1, "Arch": "amd64", "SrcName": "libcap2", "SrcVersion": "2.75", "SrcRelease": "10+deb13u1", "SrcEpoch": 1, "Licenses": [ "BSD-3-Clause", "GPL-2.0-only", "GPL-2.0-or-later" ], "Maintainer": "Christian Kastner \u003cckk@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libcap.so.2.75", "/usr/lib/x86_64-linux-gnu/libpsx.so.2.75", "/usr/share/doc/libcap2/changelog.Debian.amd64.gz", "/usr/share/doc/libcap2/changelog.Debian.gz", "/usr/share/doc/libcap2/changelog.gz", "/usr/share/doc/libcap2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libcrypt1@1:4.4.38-1", "Name": "libcrypt1", "Identifier": { "PURL": "pkg:deb/debian/libcrypt1@4.4.38-1?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "afe984ba824f92ac" }, "Version": "4.4.38", "Release": "1", "Epoch": 1, "Arch": "amd64", "SrcName": "libxcrypt", "SrcVersion": "4.4.38", "SrcRelease": "1", "SrcEpoch": 1, "Maintainer": "Marco d'Itri \u003cmd@linux.it\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libcrypt.so.1.1.0", "/usr/share/doc/libcrypt1/changelog.Debian.gz", "/usr/share/doc/libcrypt1/changelog.gz", "/usr/share/doc/libcrypt1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libdb5.3t64@5.3.28+dfsg2-9", "Name": "libdb5.3t64", "Identifier": { "PURL": "pkg:deb/debian/libdb5.3t64@5.3.28%2Bdfsg2-9?arch=amd64\u0026distro=debian-13.5", "UID": "2f5f1c2fd77295dc" }, "Version": "5.3.28+dfsg2", "Release": "9", "Arch": "amd64", "SrcName": "db5.3", "SrcVersion": "5.3.28+dfsg2", "SrcRelease": "9", "Licenses": [ "Sleepycat", "BSD-3-Clause", "MS-PL", "GPL-2.0-or-later", "Artistic-2.0", "X11", "MIT-old", "TCL-like", "BSD-3-clause-fjord", "GPL-3.0-only", "Zlib" ], "Maintainer": "Debian QA Group \u003cpackages@qa.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libdb-5.3.so", "/usr/share/doc/libdb5.3t64/build_signature_amd64.txt", "/usr/share/doc/libdb5.3t64/changelog.Debian.gz", "/usr/share/doc/libdb5.3t64/copyright", "/usr/share/lintian/overrides/libdb5.3t64" ], "AnalyzedBy": "dpkg" }, { "ID": "libdebconfclient0@0.280", "Name": "libdebconfclient0", "Identifier": { "PURL": "pkg:deb/debian/libdebconfclient0@0.280?arch=amd64\u0026distro=debian-13.5", "UID": "fcad452fa456130" }, "Version": "0.280", "Arch": "amd64", "SrcName": "cdebconf", "SrcVersion": "0.280", "Licenses": [ "BSD-2-Clause", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Debian Install System Team \u003cdebian-boot@lists.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libdebconfclient.so.0.0.0", "/usr/share/doc/libdebconfclient0/changelog.gz", "/usr/share/doc/libdebconfclient0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libffi8@3.4.8-2", "Name": "libffi8", "Identifier": { "PURL": "pkg:deb/debian/libffi8@3.4.8-2?arch=amd64\u0026distro=debian-13.5", "UID": "e57a61a9119138e1" }, "Version": "3.4.8", "Release": "2", "Arch": "amd64", "SrcName": "libffi", "SrcVersion": "3.4.8", "SrcRelease": "2", "Licenses": [ "MIT", "X11", "GPL-2.0-or-later", "GPL-3.0-or-later", "MPL-1.1", "LGPL-2.1-or-later", "public-domain" ], "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libffi.so.8.1.4", "/usr/share/doc/libffi8/changelog.Debian.gz", "/usr/share/doc/libffi8/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libgcc-s1@14.2.0-19", "Name": "libgcc-s1", "Identifier": { "PURL": "pkg:deb/debian/libgcc-s1@14.2.0-19?arch=amd64\u0026distro=debian-13.5", "UID": "6ebf985ba3bd76f3" }, "Version": "14.2.0", "Release": "19", "Arch": "amd64", "SrcName": "gcc-14", "SrcVersion": "14.2.0", "SrcRelease": "19", "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "gcc-14-base@14.2.0-19", "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libgcc_s.so.1", "/usr/share/lintian/overrides/libgcc-s1" ], "AnalyzedBy": "dpkg" }, { "ID": "libgdbm6t64@1.24-2", "Name": "libgdbm6t64", "Identifier": { "PURL": "pkg:deb/debian/libgdbm6t64@1.24-2?arch=amd64\u0026distro=debian-13.5", "UID": "a978781f1be6197e" }, "Version": "1.24", "Release": "2", "Arch": "amd64", "SrcName": "gdbm", "SrcVersion": "1.24", "SrcRelease": "2", "Licenses": [ "GPL-3.0-or-later", "GPL-2.0-or-later", "GFDL-1.3-no-invariants-or-later", "GPL-3.0-only", "GPL-2.0-only" ], "Maintainer": "Nicolas Mora \u003cbabelouest@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libgdbm.so.6.0.0", "/usr/share/doc/libgdbm6t64/changelog.Debian.gz", "/usr/share/doc/libgdbm6t64/changelog.gz", "/usr/share/doc/libgdbm6t64/copyright", "/usr/share/lintian/overrides/libgdbm6t64" ], "AnalyzedBy": "dpkg" }, { "ID": "libgmp10@2:6.3.0+dfsg-3", "Name": "libgmp10", "Identifier": { "PURL": "pkg:deb/debian/libgmp10@6.3.0%2Bdfsg-3?arch=amd64\u0026distro=debian-13.5\u0026epoch=2", "UID": "fec85c1b440262e2" }, "Version": "6.3.0+dfsg", "Release": "3", "Epoch": 2, "Arch": "amd64", "SrcName": "gmp", "SrcVersion": "6.3.0+dfsg", "SrcRelease": "3", "SrcEpoch": 2, "Licenses": [ "GPL-2.0-or-later", "LGPL-3.0-or-later", "GPL-3.0-or-later", "GPL-3+ with Bison exception", "GPL-2.0-only", "GPL-3.0-only", "LGPL-3.0-only" ], "Maintainer": "Debian Science Maintainers \u003cdebian-science-maintainers@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libgmp.so.10.5.0", "/usr/share/doc/libgmp10/README.Debian", "/usr/share/doc/libgmp10/changelog.Debian.gz", "/usr/share/doc/libgmp10/changelog.gz", "/usr/share/doc/libgmp10/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libhogweed6t64@3.10.1-1", "Name": "libhogweed6t64", "Identifier": { "PURL": "pkg:deb/debian/libhogweed6t64@3.10.1-1?arch=amd64\u0026distro=debian-13.5", "UID": "8a048285d77ff6c0" }, "Version": "3.10.1", "Release": "1", "Arch": "amd64", "SrcName": "nettle", "SrcVersion": "3.10.1", "SrcRelease": "1", "Licenses": [ "LGPL-3.0-or-later", "GPL-2.0-or-later", "LGPL-2.0-or-later", "LGPL-2.0-only", "MIT", "GPL-3.0-with-autoconf-exception+", "public-domain", "GPL-2.0-only", "GAP" ], "Maintainer": "Magnus Holmgren \u003cholmgren@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libgmp10@2:6.3.0+dfsg-3", "libnettle8t64@3.10.1-1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libhogweed.so.6.10", "/usr/share/doc/libhogweed6t64/changelog.Debian.gz", "/usr/share/doc/libhogweed6t64/changelog.gz", "/usr/share/doc/libhogweed6t64/copyright", "/usr/share/lintian/overrides/libhogweed6t64" ], "AnalyzedBy": "dpkg" }, { "ID": "liblastlog2-2@2.41-5", "Name": "liblastlog2-2", "Identifier": { "PURL": "pkg:deb/debian/liblastlog2-2@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "eb4f5430aea34a10" }, "Version": "2.41", "Release": "5", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libsqlite3-0@3.46.1-7+deb13u1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/liblastlog2.so.2.0.0", "/usr/share/doc/liblastlog2-2/NEWS.Debian.gz", "/usr/share/doc/liblastlog2-2/changelog.Debian.gz", "/usr/share/doc/liblastlog2-2/changelog.gz", "/usr/share/doc/liblastlog2-2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "liblz4-1@1.10.0-4", "Name": "liblz4-1", "Identifier": { "PURL": "pkg:deb/debian/liblz4-1@1.10.0-4?arch=amd64\u0026distro=debian-13.5", "UID": "c31b43410c927de" }, "Version": "1.10.0", "Release": "4", "Arch": "amd64", "SrcName": "lz4", "SrcVersion": "1.10.0", "SrcRelease": "4", "Licenses": [ "GPL-2.0-or-later", "BSD-2-Clause", "GPL-2.0-only" ], "Maintainer": "Nobuhiro Iwamatsu \u003ciwamatsu@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libxxhash0@0.8.3-2" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/liblz4.so.1.10.0", "/usr/share/doc/liblz4-1/changelog.Debian.gz", "/usr/share/doc/liblz4-1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "liblzma5@5.8.1-1", "Name": "liblzma5", "Identifier": { "PURL": "pkg:deb/debian/liblzma5@5.8.1-1?arch=amd64\u0026distro=debian-13.5", "UID": "d7b58e04f1a265ed" }, "Version": "5.8.1", "Release": "1", "Arch": "amd64", "SrcName": "xz-utils", "SrcVersion": "5.8.1", "SrcRelease": "1", "Licenses": [ "0BSD", "GPL-2.0-or-later", "LGPL-2.1-or-later", "FSFULLR", "GPL-3.0-or-later-WITH-Autoconf-exception-macro", "none", "PD", "permissive-nowarranty", "FSFUL", "noderivs", "PD-debian", "LGPL-2.1-only", "GPL-2.0-only", "GPL-3.0-only" ], "Maintainer": "Sebastian Andrzej Siewior \u003csebastian@breakpoint.cc\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/liblzma.so.5.8.1", "/usr/share/doc/liblzma5/AUTHORS", "/usr/share/doc/liblzma5/NEWS.gz", "/usr/share/doc/liblzma5/THANKS.gz", "/usr/share/doc/liblzma5/changelog.Debian.gz", "/usr/share/doc/liblzma5/changelog.gz", "/usr/share/doc/liblzma5/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libmd0@1.1.0-2+b1", "Name": "libmd0", "Identifier": { "PURL": "pkg:deb/debian/libmd0@1.1.0-2%2Bb1?arch=amd64\u0026distro=debian-13.5", "UID": "f3971c5b48c68b3c" }, "Version": "1.1.0", "Release": "2+b1", "Arch": "amd64", "SrcName": "libmd", "SrcVersion": "1.1.0", "SrcRelease": "2", "Licenses": [ "BSD-3-Clause", "BSD-3-clause-Aaron-D-Gifford", "BSD-2-Clause", "BSD-2-Clause-NetBSD", "ISC", "Beerware", "public-domain-md4", "public-domain-md5", "public-domain-sha1" ], "Maintainer": "Guillem Jover \u003cguillem@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libmd.so.0.1.0", "/usr/share/doc/libmd0/changelog.Debian.amd64.gz", "/usr/share/doc/libmd0/changelog.Debian.gz", "/usr/share/doc/libmd0/changelog.gz", "/usr/share/doc/libmd0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libmount1@2.41-5", "Name": "libmount1", "Identifier": { "PURL": "pkg:deb/debian/libmount1@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "84ccd0371833b76" }, "Version": "2.41", "Release": "5", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libblkid1@2.41-5", "libc6@2.41-12+deb13u3", "libselinux1@3.8.1-1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libmount.so.1.1.0", "/usr/share/doc/libmount1/NEWS.Debian.gz", "/usr/share/doc/libmount1/changelog.Debian.gz", "/usr/share/doc/libmount1/changelog.gz", "/usr/share/doc/libmount1/copyright", "/usr/share/lintian/overrides/libmount1" ], "AnalyzedBy": "dpkg" }, { "ID": "libncursesw6@6.5+20250216-2", "Name": "libncursesw6", "Identifier": { "PURL": "pkg:deb/debian/libncursesw6@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.5", "UID": "5efa2a2068c240d8" }, "Version": "6.5+20250216", "Release": "2", "Arch": "amd64", "SrcName": "ncurses", "SrcVersion": "6.5+20250216", "SrcRelease": "2", "Maintainer": "Ncurses Maintainers \u003cncurses@packages.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libtinfo6@6.5+20250216-2" ], "Layer": { "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libformw.so.6.5", "/usr/lib/x86_64-linux-gnu/libmenuw.so.6.5", "/usr/lib/x86_64-linux-gnu/libncursesw.so.6.5", "/usr/lib/x86_64-linux-gnu/libpanelw.so.6.5" ], "AnalyzedBy": "dpkg" }, { "ID": "libnettle8t64@3.10.1-1", "Name": "libnettle8t64", "Identifier": { "PURL": "pkg:deb/debian/libnettle8t64@3.10.1-1?arch=amd64\u0026distro=debian-13.5", "UID": "fd78e15d23b25c1f" }, "Version": "3.10.1", "Release": "1", "Arch": "amd64", "SrcName": "nettle", "SrcVersion": "3.10.1", "SrcRelease": "1", "Licenses": [ "LGPL-3.0-or-later", "GPL-2.0-or-later", "LGPL-2.0-or-later", "LGPL-2.0-only", "MIT", "GPL-3.0-with-autoconf-exception+", "public-domain", "GPL-2.0-only", "GAP" ], "Maintainer": "Magnus Holmgren \u003cholmgren@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libnettle.so.8.10", "/usr/share/doc/libnettle8t64/NEWS.gz", "/usr/share/doc/libnettle8t64/README", "/usr/share/doc/libnettle8t64/changelog.Debian.gz", "/usr/share/doc/libnettle8t64/changelog.gz", "/usr/share/doc/libnettle8t64/copyright", "/usr/share/lintian/overrides/libnettle8t64" ], "AnalyzedBy": "dpkg" }, { "ID": "libpam-modules@1.7.0-5", "Name": "libpam-modules", "Identifier": { "PURL": "pkg:deb/debian/libpam-modules@1.7.0-5?arch=amd64\u0026distro=debian-13.5", "UID": "274a704398461ef0" }, "Version": "1.7.0", "Release": "5", "Arch": "amd64", "SrcName": "pam", "SrcVersion": "1.7.0", "SrcRelease": "5", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later", "GPL-1.0-only", "GPL-2.0-only", "GPL-3.0-only", "GPL-3+ with Bison exception", "BSD-tcp_wrappers", "LGPL-2.0-or-later", "LGPL-2.0-only", "public-domain", "Beerware" ], "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/security/pam_access.so", "/usr/lib/x86_64-linux-gnu/security/pam_canonicalize_user.so", "/usr/lib/x86_64-linux-gnu/security/pam_debug.so", "/usr/lib/x86_64-linux-gnu/security/pam_deny.so", "/usr/lib/x86_64-linux-gnu/security/pam_echo.so", "/usr/lib/x86_64-linux-gnu/security/pam_env.so", "/usr/lib/x86_64-linux-gnu/security/pam_exec.so", "/usr/lib/x86_64-linux-gnu/security/pam_faildelay.so", "/usr/lib/x86_64-linux-gnu/security/pam_faillock.so", "/usr/lib/x86_64-linux-gnu/security/pam_filter.so", "/usr/lib/x86_64-linux-gnu/security/pam_ftp.so", "/usr/lib/x86_64-linux-gnu/security/pam_group.so", "/usr/lib/x86_64-linux-gnu/security/pam_issue.so", "/usr/lib/x86_64-linux-gnu/security/pam_keyinit.so", "/usr/lib/x86_64-linux-gnu/security/pam_limits.so", "/usr/lib/x86_64-linux-gnu/security/pam_listfile.so", "/usr/lib/x86_64-linux-gnu/security/pam_localuser.so", "/usr/lib/x86_64-linux-gnu/security/pam_loginuid.so", "/usr/lib/x86_64-linux-gnu/security/pam_mail.so", "/usr/lib/x86_64-linux-gnu/security/pam_mkhomedir.so", "/usr/lib/x86_64-linux-gnu/security/pam_motd.so", "/usr/lib/x86_64-linux-gnu/security/pam_namespace.so", "/usr/lib/x86_64-linux-gnu/security/pam_nologin.so", "/usr/lib/x86_64-linux-gnu/security/pam_permit.so", "/usr/lib/x86_64-linux-gnu/security/pam_pwhistory.so", "/usr/lib/x86_64-linux-gnu/security/pam_rhosts.so", "/usr/lib/x86_64-linux-gnu/security/pam_rootok.so", "/usr/lib/x86_64-linux-gnu/security/pam_securetty.so", "/usr/lib/x86_64-linux-gnu/security/pam_selinux.so", "/usr/lib/x86_64-linux-gnu/security/pam_sepermit.so", "/usr/lib/x86_64-linux-gnu/security/pam_setquota.so", "/usr/lib/x86_64-linux-gnu/security/pam_shells.so", "/usr/lib/x86_64-linux-gnu/security/pam_stress.so", "/usr/lib/x86_64-linux-gnu/security/pam_succeed_if.so", "/usr/lib/x86_64-linux-gnu/security/pam_time.so", "/usr/lib/x86_64-linux-gnu/security/pam_timestamp.so", "/usr/lib/x86_64-linux-gnu/security/pam_tty_audit.so", "/usr/lib/x86_64-linux-gnu/security/pam_umask.so", "/usr/lib/x86_64-linux-gnu/security/pam_unix.so", "/usr/lib/x86_64-linux-gnu/security/pam_userdb.so", "/usr/lib/x86_64-linux-gnu/security/pam_usertype.so", "/usr/lib/x86_64-linux-gnu/security/pam_warn.so", "/usr/lib/x86_64-linux-gnu/security/pam_wheel.so", "/usr/lib/x86_64-linux-gnu/security/pam_xauth.so", "/usr/share/doc/libpam-modules/NEWS.Debian.gz", "/usr/share/doc/libpam-modules/changelog.Debian.gz", "/usr/share/doc/libpam-modules/changelog.gz", "/usr/share/doc/libpam-modules/copyright", "/usr/share/doc/libpam-modules/examples/upperLOWER.c", "/usr/share/lintian/overrides/libpam-modules", "/usr/share/pam-configs/mkhomedir" ], "AnalyzedBy": "dpkg" }, { "ID": "libpam-modules-bin@1.7.0-5", "Name": "libpam-modules-bin", "Identifier": { "PURL": "pkg:deb/debian/libpam-modules-bin@1.7.0-5?arch=amd64\u0026distro=debian-13.5", "UID": "c9cbae9084b28bae" }, "Version": "1.7.0", "Release": "5", "Arch": "amd64", "SrcName": "pam", "SrcVersion": "1.7.0", "SrcRelease": "5", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later", "GPL-1.0-only", "GPL-2.0-only", "GPL-3.0-only", "GPL-3+ with Bison exception", "BSD-tcp_wrappers", "LGPL-2.0-or-later", "LGPL-2.0-only", "public-domain", "Beerware" ], "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libaudit1@1:4.0.2-2+b2", "libc6@2.41-12+deb13u3", "libcrypt1@1:4.4.38-1", "libpam0g@1.7.0-5", "libselinux1@3.8.1-1", "libsystemd0@257.13-1~deb13u1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/systemd/system/pam_namespace.service", "/usr/sbin/faillock", "/usr/sbin/mkhomedir_helper", "/usr/sbin/pam_namespace_helper", "/usr/sbin/pam_timestamp_check", "/usr/sbin/pwhistory_helper", "/usr/sbin/unix_chkpwd", "/usr/sbin/unix_update", "/usr/share/doc/libpam-modules-bin/changelog.Debian.gz", "/usr/share/doc/libpam-modules-bin/changelog.gz", "/usr/share/doc/libpam-modules-bin/copyright", "/usr/share/lintian/overrides/libpam-modules-bin" ], "AnalyzedBy": "dpkg" }, { "ID": "libpam-runtime@1.7.0-5", "Name": "libpam-runtime", "Identifier": { "PURL": "pkg:deb/debian/libpam-runtime@1.7.0-5?arch=all\u0026distro=debian-13.5", "UID": "1d4f3eaf1c0f9548" }, "Version": "1.7.0", "Release": "5", "Arch": "all", "SrcName": "pam", "SrcVersion": "1.7.0", "SrcRelease": "5", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later", "GPL-1.0-only", "GPL-2.0-only", "GPL-3.0-only", "GPL-3+ with Bison exception", "BSD-tcp_wrappers", "LGPL-2.0-or-later", "LGPL-2.0-only", "public-domain", "Beerware" ], "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debconf@1.5.91", "libpam-modules@1.7.0-5" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/sbin/pam-auth-update", "/usr/sbin/pam_getenv", "/usr/share/doc/libpam-runtime/changelog.Debian.gz", "/usr/share/doc/libpam-runtime/changelog.gz", "/usr/share/doc/libpam-runtime/copyright", "/usr/share/lintian/overrides/libpam-runtime", "/usr/share/locale/af/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/am/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ar/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/as/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/az/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/be/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/bg/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/bn/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/bn_IN/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/bs/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ca/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/cs/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/cy/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/da/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/de/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/de_CH/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/el/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/eo/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/es/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/et/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/eu/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/fa/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/fi/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/fr/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ga/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/gl/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/gu/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/he/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/hi/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/hr/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/hu/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ia/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/id/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/is/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/it/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ja/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ka/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/kk/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/km/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/kn/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ko/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/kw_GB/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ky/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/lt/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/lv/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/mk/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ml/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/mn/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/mr/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ms/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/my/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/nb/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ne/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/nl/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/nn/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/or/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/pa/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/pl/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/pt/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ro/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ru/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/si/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/sk/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/sl/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/sq/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/sr/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/sr@latin/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/sv/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ta/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/te/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/tg/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/th/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/tr/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/uk/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/ur/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/vi/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/yo/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/zh_HK/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/Linux-PAM.mo", "/usr/share/locale/zu/LC_MESSAGES/Linux-PAM.mo", "/usr/share/man/man5/access.conf.5.gz", "/usr/share/man/man5/faillock.conf.5.gz", "/usr/share/man/man5/group.conf.5.gz", "/usr/share/man/man5/limits.conf.5.gz", "/usr/share/man/man5/namespace.conf.5.gz", "/usr/share/man/man5/pam.conf.5.gz", "/usr/share/man/man5/pam_env.conf.5.gz", "/usr/share/man/man5/pwhistory.conf.5.gz", "/usr/share/man/man5/sepermit.conf.5.gz", "/usr/share/man/man5/time.conf.5.gz", "/usr/share/man/man7/PAM.7.gz", "/usr/share/man/man8/faillock.8.gz", "/usr/share/man/man8/mkhomedir_helper.8.gz", "/usr/share/man/man8/pam-auth-update.8.gz", "/usr/share/man/man8/pam_access.8.gz", "/usr/share/man/man8/pam_canonicalize_user.8.gz", "/usr/share/man/man8/pam_debug.8.gz", "/usr/share/man/man8/pam_deny.8.gz", "/usr/share/man/man8/pam_echo.8.gz", "/usr/share/man/man8/pam_env.8.gz", "/usr/share/man/man8/pam_exec.8.gz", "/usr/share/man/man8/pam_faildelay.8.gz", "/usr/share/man/man8/pam_faillock.8.gz", "/usr/share/man/man8/pam_filter.8.gz", "/usr/share/man/man8/pam_ftp.8.gz", "/usr/share/man/man8/pam_getenv.8.gz", "/usr/share/man/man8/pam_group.8.gz", "/usr/share/man/man8/pam_issue.8.gz", "/usr/share/man/man8/pam_keyinit.8.gz", "/usr/share/man/man8/pam_limits.8.gz", "/usr/share/man/man8/pam_listfile.8.gz", "/usr/share/man/man8/pam_localuser.8.gz", "/usr/share/man/man8/pam_loginuid.8.gz", "/usr/share/man/man8/pam_mail.8.gz", "/usr/share/man/man8/pam_mkhomedir.8.gz", "/usr/share/man/man8/pam_motd.8.gz", "/usr/share/man/man8/pam_namespace.8.gz", "/usr/share/man/man8/pam_namespace_helper.8.gz", "/usr/share/man/man8/pam_nologin.8.gz", "/usr/share/man/man8/pam_permit.8.gz", "/usr/share/man/man8/pam_pwhistory.8.gz", "/usr/share/man/man8/pam_rhosts.8.gz", "/usr/share/man/man8/pam_rootok.8.gz", "/usr/share/man/man8/pam_securetty.8.gz", "/usr/share/man/man8/pam_selinux.8.gz", "/usr/share/man/man8/pam_sepermit.8.gz", "/usr/share/man/man8/pam_setquota.8.gz", "/usr/share/man/man8/pam_shells.8.gz", "/usr/share/man/man8/pam_stress.8.gz", "/usr/share/man/man8/pam_succeed_if.8.gz", "/usr/share/man/man8/pam_time.8.gz", "/usr/share/man/man8/pam_timestamp.8.gz", "/usr/share/man/man8/pam_timestamp_check.8.gz", "/usr/share/man/man8/pam_tty_audit.8.gz", "/usr/share/man/man8/pam_umask.8.gz", "/usr/share/man/man8/pam_unix.8.gz", "/usr/share/man/man8/pam_userdb.8.gz", "/usr/share/man/man8/pam_usertype.8.gz", "/usr/share/man/man8/pam_warn.8.gz", "/usr/share/man/man8/pam_wheel.8.gz", "/usr/share/man/man8/pam_xauth.8.gz", "/usr/share/man/man8/pwhistory_helper.8.gz", "/usr/share/man/man8/unix_chkpwd.8.gz", "/usr/share/man/man8/unix_update.8.gz", "/usr/share/pam-configs/unix", "/usr/share/pam/common-account", "/usr/share/pam/common-account.md5sums", "/usr/share/pam/common-auth", "/usr/share/pam/common-auth.md5sums", "/usr/share/pam/common-password", "/usr/share/pam/common-password.md5sums", "/usr/share/pam/common-session", "/usr/share/pam/common-session-noninteractive", "/usr/share/pam/common-session-noninteractive.md5sums", "/usr/share/pam/common-session.md5sums" ], "AnalyzedBy": "dpkg" }, { "ID": "libpam0g@1.7.0-5", "Name": "libpam0g", "Identifier": { "PURL": "pkg:deb/debian/libpam0g@1.7.0-5?arch=amd64\u0026distro=debian-13.5", "UID": "50a3886f7361785c" }, "Version": "1.7.0", "Release": "5", "Arch": "amd64", "SrcName": "pam", "SrcVersion": "1.7.0", "SrcRelease": "5", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later", "GPL-1.0-only", "GPL-2.0-only", "GPL-3.0-only", "GPL-3+ with Bison exception", "BSD-tcp_wrappers", "LGPL-2.0-or-later", "LGPL-2.0-only", "public-domain", "Beerware" ], "Maintainer": "Sam Hartman \u003chartmans@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debconf@1.5.91", "libaudit1@1:4.0.2-2+b2", "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libpam.so.0.85.1", "/usr/lib/x86_64-linux-gnu/libpam_misc.so.0.82.1", "/usr/lib/x86_64-linux-gnu/libpamc.so.0.82.1", "/usr/share/doc/libpam0g/Debian-PAM-MiniPolicy.gz", "/usr/share/doc/libpam0g/README", "/usr/share/doc/libpam0g/README.Debian", "/usr/share/doc/libpam0g/TODO.Debian", "/usr/share/doc/libpam0g/changelog.Debian.gz", "/usr/share/doc/libpam0g/changelog.gz", "/usr/share/doc/libpam0g/copyright", "/usr/share/lintian/overrides/libpam0g" ], "AnalyzedBy": "dpkg" }, { "ID": "libpcre2-8-0@10.46-1~deb13u1", "Name": "libpcre2-8-0", "Identifier": { "PURL": "pkg:deb/debian/libpcre2-8-0@10.46-1~deb13u1?arch=amd64\u0026distro=debian-13.5", "UID": "aa7e3a6ab471d889" }, "Version": "10.46", "Release": "1~deb13u1", "Arch": "amd64", "SrcName": "pcre2", "SrcVersion": "10.46", "SrcRelease": "1~deb13u1", "Licenses": [ "BSD-3-clause-Cambridge with BINARY LIBRARY-LIKE PACKAGES exception", "BSD-3-Clause", "X11", "BSD-2-Clause", "public-domain" ], "Maintainer": "Matthew Vernon \u003cmatthew@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libpcre2-8.so.0.14.0", "/usr/share/doc/libpcre2-8-0/README.Debian", "/usr/share/doc/libpcre2-8-0/changelog.Debian.gz", "/usr/share/doc/libpcre2-8-0/changelog.gz", "/usr/share/doc/libpcre2-8-0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libreadline8t64@8.2-6", "Name": "libreadline8t64", "Identifier": { "PURL": "pkg:deb/debian/libreadline8t64@8.2-6?arch=amd64\u0026distro=debian-13.5", "UID": "a41a60a40a941961" }, "Version": "8.2", "Release": "6", "Arch": "amd64", "SrcName": "readline", "SrcVersion": "8.2", "SrcRelease": "6", "Licenses": [ "GPL-3.0-or-later", "GPL-3.0-only", "GPL-2.0-or-later", "GPL-2.0-only", "GFDL-1.3-no-invariants-or-later", "GFDL-1.3-or-later", "ISC-no-attribution" ], "Maintainer": "Matthias Klose \u003cdoko@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libtinfo6@6.5+20250216-2", "readline-common@8.2-6" ], "Layer": { "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libhistory.so.8.2", "/usr/lib/x86_64-linux-gnu/libreadline.so.8.2", "/usr/share/doc/libreadline8t64/README.Debian", "/usr/share/doc/libreadline8t64/USAGE", "/usr/share/doc/libreadline8t64/changelog.Debian.gz", "/usr/share/doc/libreadline8t64/changelog.gz", "/usr/share/doc/libreadline8t64/copyright", "/usr/share/doc/libreadline8t64/examples/Inputrc", "/usr/share/doc/libreadline8t64/inputrc.arrows" ], "AnalyzedBy": "dpkg" }, { "ID": "libseccomp2@2.6.0-2", "Name": "libseccomp2", "Identifier": { "PURL": "pkg:deb/debian/libseccomp2@2.6.0-2?arch=amd64\u0026distro=debian-13.5", "UID": "97e0ed663a98e78b" }, "Version": "2.6.0", "Release": "2", "Arch": "amd64", "SrcName": "libseccomp", "SrcVersion": "2.6.0", "SrcRelease": "2", "Licenses": [ "LGPL-2.1-only" ], "Maintainer": "Kees Cook \u003ckees@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libseccomp.so.2.6.0", "/usr/share/doc/libseccomp2/changelog.Debian.gz", "/usr/share/doc/libseccomp2/changelog.gz", "/usr/share/doc/libseccomp2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libselinux1@3.8.1-1", "Name": "libselinux1", "Identifier": { "PURL": "pkg:deb/debian/libselinux1@3.8.1-1?arch=amd64\u0026distro=debian-13.5", "UID": "f7d3a23ad693e5cb" }, "Version": "3.8.1", "Release": "1", "Arch": "amd64", "SrcName": "libselinux", "SrcVersion": "3.8.1", "SrcRelease": "1", "Licenses": [ "public-domain", "GPL-2.0-only" ], "Maintainer": "Debian SELinux maintainers \u003cselinux-devel@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libpcre2-8-0@10.46-1~deb13u1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/tmpfiles.d/libselinux1.conf", "/usr/lib/x86_64-linux-gnu/libselinux.so.1", "/usr/share/doc/libselinux1/changelog.Debian.gz", "/usr/share/doc/libselinux1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libsemanage-common@3.8.1-1", "Name": "libsemanage-common", "Identifier": { "PURL": "pkg:deb/debian/libsemanage-common@3.8.1-1?arch=all\u0026distro=debian-13.5", "UID": "ecc6b54d8bc6318c" }, "Version": "3.8.1", "Release": "1", "Arch": "all", "SrcName": "libsemanage", "SrcVersion": "3.8.1", "SrcRelease": "1", "Licenses": [ "LGPL-2.1-or-later", "LGPL-2.1-only", "GPL-2.0-only" ], "Maintainer": "Debian SELinux maintainers \u003cselinux-devel@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/share/doc/libsemanage-common/changelog.Debian.gz", "/usr/share/doc/libsemanage-common/copyright", "/usr/share/man/man5/semanage.conf.5.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "libsemanage2@3.8.1-1", "Name": "libsemanage2", "Identifier": { "PURL": "pkg:deb/debian/libsemanage2@3.8.1-1?arch=amd64\u0026distro=debian-13.5", "UID": "5684bd063761ddb3" }, "Version": "3.8.1", "Release": "1", "Arch": "amd64", "SrcName": "libsemanage", "SrcVersion": "3.8.1", "SrcRelease": "1", "Licenses": [ "LGPL-2.1-or-later", "LGPL-2.1-only", "GPL-2.0-only" ], "Maintainer": "Debian SELinux maintainers \u003cselinux-devel@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libaudit1@1:4.0.2-2+b2", "libbz2-1.0@1.0.8-6", "libc6@2.41-12+deb13u3", "libselinux1@3.8.1-1", "libsemanage-common@3.8.1-1", "libsepol2@3.8.1-1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libsemanage.so.2", "/usr/share/doc/libsemanage2/changelog.Debian.gz", "/usr/share/doc/libsemanage2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libsepol2@3.8.1-1", "Name": "libsepol2", "Identifier": { "PURL": "pkg:deb/debian/libsepol2@3.8.1-1?arch=amd64\u0026distro=debian-13.5", "UID": "9990a97d658e13ae" }, "Version": "3.8.1", "Release": "1", "Arch": "amd64", "SrcName": "libsepol", "SrcVersion": "3.8.1", "SrcRelease": "1", "Licenses": [ "LGPL-2.1-or-later", "LGPL-2.1-only", "Zlib", "GPL-2.0-only", "GPL-2.0-or-later" ], "Maintainer": "Debian SELinux maintainers \u003cselinux-devel@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libsepol.so.2", "/usr/share/doc/libsepol2/changelog.Debian.gz", "/usr/share/doc/libsepol2/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libsmartcols1@2.41-5", "Name": "libsmartcols1", "Identifier": { "PURL": "pkg:deb/debian/libsmartcols1@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "780dbec0869ab8e" }, "Version": "2.41", "Release": "5", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libsmartcols.so.1.1.0", "/usr/share/doc/libsmartcols1/NEWS.Debian.gz", "/usr/share/doc/libsmartcols1/changelog.Debian.gz", "/usr/share/doc/libsmartcols1/changelog.gz", "/usr/share/doc/libsmartcols1/copyright", "/usr/share/lintian/overrides/libsmartcols1" ], "AnalyzedBy": "dpkg" }, { "ID": "libsqlite3-0@3.46.1-7+deb13u1", "Name": "libsqlite3-0", "Identifier": { "PURL": "pkg:deb/debian/libsqlite3-0@3.46.1-7%2Bdeb13u1?arch=amd64\u0026distro=debian-13.5", "UID": "c7da287e696e8198" }, "Version": "3.46.1", "Release": "7+deb13u1", "Arch": "amd64", "SrcName": "sqlite3", "SrcVersion": "3.46.1", "SrcRelease": "7+deb13u1", "Licenses": [ "public-domain", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Laszlo Boszormenyi (GCS) \u003cgcs@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libsqlite3.so.0.8.6", "/usr/share/doc/libsqlite3-0/README.Debian", "/usr/share/doc/libsqlite3-0/changelog.Debian.gz", "/usr/share/doc/libsqlite3-0/changelog.gz", "/usr/share/doc/libsqlite3-0/changelog.html.gz", "/usr/share/doc/libsqlite3-0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libssl3t64@3.5.6-1~deb13u1", "Name": "libssl3t64", "Identifier": { "PURL": "pkg:deb/debian/libssl3t64@3.5.6-1~deb13u1?arch=amd64\u0026distro=debian-13.5", "UID": "19bca5c02c5a9632" }, "Version": "3.5.6", "Release": "1~deb13u1", "Arch": "amd64", "SrcName": "openssl", "SrcVersion": "3.5.6", "SrcRelease": "1~deb13u1", "Licenses": [ "Apache-2.0", "Artistic-2.0", "GPL-1.0-or-later", "GPL-1.0-only" ], "Maintainer": "Debian OpenSSL Team \u003cpkg-openssl-devel@alioth-lists.debian.net\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libzstd1@1.5.7+dfsg-1", "openssl-provider-legacy@3.5.6-1~deb13u1", "zlib1g@1:1.3.dfsg+really1.3.1-1+b1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/engines-3/afalg.so", "/usr/lib/x86_64-linux-gnu/engines-3/loader_attic.so", "/usr/lib/x86_64-linux-gnu/engines-3/padlock.so", "/usr/lib/x86_64-linux-gnu/libcrypto.so.3", "/usr/lib/x86_64-linux-gnu/libssl.so.3", "/usr/share/doc/libssl3t64/NEWS.Debian.gz", "/usr/share/doc/libssl3t64/changelog.Debian.gz", "/usr/share/doc/libssl3t64/changelog.gz", "/usr/share/doc/libssl3t64/copyright", "/usr/share/lintian/overrides/libssl3t64" ], "AnalyzedBy": "dpkg" }, { "ID": "libstdc++6@14.2.0-19", "Name": "libstdc++6", "Identifier": { "PURL": "pkg:deb/debian/libstdc%2B%2B6@14.2.0-19?arch=amd64\u0026distro=debian-13.5", "UID": "1b384a6346513d7c" }, "Version": "14.2.0", "Release": "19", "Arch": "amd64", "SrcName": "gcc-14", "SrcVersion": "14.2.0", "SrcRelease": "19", "Maintainer": "Debian GCC Maintainers \u003cdebian-gcc@lists.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "gcc-14-base@14.2.0-19", "libc6@2.41-12+deb13u3", "libgcc-s1@14.2.0-19" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.33", "/usr/share/gcc/python/libstdcxx/__init__.py", "/usr/share/gcc/python/libstdcxx/v6/__init__.py", "/usr/share/gcc/python/libstdcxx/v6/printers.py", "/usr/share/gcc/python/libstdcxx/v6/xmethods.py", "/usr/share/gdb/auto-load/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.33-gdb.py" ], "AnalyzedBy": "dpkg" }, { "ID": "libsystemd0@257.13-1~deb13u1", "Name": "libsystemd0", "Identifier": { "PURL": "pkg:deb/debian/libsystemd0@257.13-1~deb13u1?arch=amd64\u0026distro=debian-13.5", "UID": "a2b4ba47389f858e" }, "Version": "257.13", "Release": "1~deb13u1", "Arch": "amd64", "SrcName": "systemd", "SrcVersion": "257.13", "SrcRelease": "1~deb13u1", "Licenses": [ "LGPL-2.1-or-later", "CC0-1.0", "GPL-2 with Linux-syscall-note exception", "MIT", "public-domain", "GPL-2.0-or-later", "GPL-2.0-only", "LGPL-2.1-only" ], "Maintainer": "Debian systemd Maintainers \u003cpkg-systemd-maintainers@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libcap2@1:2.75-10+deb13u1+b1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0", "/usr/share/doc/libsystemd0/NEWS.Debian.gz", "/usr/share/doc/libsystemd0/changelog.Debian.gz", "/usr/share/doc/libsystemd0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libtinfo6@6.5+20250216-2", "Name": "libtinfo6", "Identifier": { "PURL": "pkg:deb/debian/libtinfo6@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.5", "UID": "ba2c2b464f07108a" }, "Version": "6.5+20250216", "Release": "2", "Arch": "amd64", "SrcName": "ncurses", "SrcVersion": "6.5+20250216", "SrcRelease": "2", "Licenses": [ "MIT/X11", "X11", "BSD-3-Clause" ], "Maintainer": "Ncurses Maintainers \u003cncurses@packages.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libtic.so.6.5", "/usr/lib/x86_64-linux-gnu/libtinfo.so.6.5", "/usr/share/doc/libtinfo6/changelog.Debian.gz", "/usr/share/doc/libtinfo6/changelog.gz", "/usr/share/doc/libtinfo6/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libudev1@257.13-1~deb13u1", "Name": "libudev1", "Identifier": { "PURL": "pkg:deb/debian/libudev1@257.13-1~deb13u1?arch=amd64\u0026distro=debian-13.5", "UID": "3b7a2f1a9ab169b" }, "Version": "257.13", "Release": "1~deb13u1", "Arch": "amd64", "SrcName": "systemd", "SrcVersion": "257.13", "SrcRelease": "1~deb13u1", "Licenses": [ "LGPL-2.1-or-later", "CC0-1.0", "GPL-2 with Linux-syscall-note exception", "MIT", "public-domain", "GPL-2.0-or-later", "GPL-2.0-only", "LGPL-2.1-only" ], "Maintainer": "Debian systemd Maintainers \u003cpkg-systemd-maintainers@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libcap2@1:2.75-10+deb13u1+b1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libudev.so.1.7.10", "/usr/share/doc/libudev1/NEWS.Debian.gz", "/usr/share/doc/libudev1/changelog.Debian.gz", "/usr/share/doc/libudev1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libuuid1@2.41-5", "Name": "libuuid1", "Identifier": { "PURL": "pkg:deb/debian/libuuid1@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "1afbb50818377478" }, "Version": "2.41", "Release": "5", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libuuid.so.1.3.0", "/usr/share/doc/libuuid1/NEWS.Debian.gz", "/usr/share/doc/libuuid1/changelog.Debian.gz", "/usr/share/doc/libuuid1/changelog.gz", "/usr/share/doc/libuuid1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libxxhash0@0.8.3-2", "Name": "libxxhash0", "Identifier": { "PURL": "pkg:deb/debian/libxxhash0@0.8.3-2?arch=amd64\u0026distro=debian-13.5", "UID": "d91110b5edcae2d8" }, "Version": "0.8.3", "Release": "2", "Arch": "amd64", "SrcName": "xxhash", "SrcVersion": "0.8.3", "SrcRelease": "2", "Licenses": [ "BSD-2-Clause", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Josue Ortega \u003cjosue@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libxxhash.so.0.8.3", "/usr/share/doc/libxxhash0/changelog.Debian.gz", "/usr/share/doc/libxxhash0/changelog.gz", "/usr/share/doc/libxxhash0/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "libzstd1@1.5.7+dfsg-1", "Name": "libzstd1", "Identifier": { "PURL": "pkg:deb/debian/libzstd1@1.5.7%2Bdfsg-1?arch=amd64\u0026distro=debian-13.5", "UID": "ca4814a2bfd07696" }, "Version": "1.5.7+dfsg", "Release": "1", "Arch": "amd64", "SrcName": "libzstd", "SrcVersion": "1.5.7+dfsg", "SrcRelease": "1", "Licenses": [ "BSD-3-Clause", "GPL-2.0-only", "Zlib", "MIT" ], "Maintainer": "RPM packaging team \u003cteam+pkg-rpm@tracker.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libzstd.so.1.5.7", "/usr/share/doc/libzstd1/changelog.Debian.gz", "/usr/share/doc/libzstd1/changelog.gz", "/usr/share/doc/libzstd1/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "login@1:4.16.0-2+really2.41-5", "Name": "login", "Identifier": { "PURL": "pkg:deb/debian/login@4.16.0-2%2Breally2.41-5?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "c0ab0b857644733b" }, "Version": "4.16.0-2+really2.41", "Release": "5", "Epoch": 1, "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libaudit1@1:4.0.2-2+b2", "libc6@2.41-12+deb13u3", "libcrypt1@1:4.4.38-1", "libpam-modules@1.7.0-5", "libpam-runtime@1.7.0-5", "libpam0g@1.7.0-5" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/login", "/usr/bin/newgrp", "/usr/sbin/nologin", "/usr/share/bash-completion/completions/newgrp", "/usr/share/doc/login/NEWS.Debian.gz", "/usr/share/doc/login/changelog.Debian.gz", "/usr/share/doc/login/changelog.gz", "/usr/share/doc/login/copyright", "/usr/share/lintian/overrides/login", "/usr/share/man/de/man1/login.1.gz", "/usr/share/man/de/man8/nologin.8.gz", "/usr/share/man/fr/man1/login.1.gz", "/usr/share/man/man1/login.1.gz", "/usr/share/man/man1/newgrp.1.gz", "/usr/share/man/man8/nologin.8.gz", "/usr/share/man/pl/man1/login.1.gz", "/usr/share/man/pl/man1/newgrp.1.gz", "/usr/share/man/pl/man8/nologin.8.gz", "/usr/share/man/ro/man1/login.1.gz", "/usr/share/man/ro/man1/newgrp.1.gz", "/usr/share/man/ro/man8/nologin.8.gz", "/usr/share/man/sr/man1/login.1.gz", "/usr/share/man/sr/man8/nologin.8.gz", "/usr/share/man/uk/man1/login.1.gz", "/usr/share/man/uk/man1/newgrp.1.gz", "/usr/share/man/uk/man8/nologin.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "login.defs@1:4.17.4-2", "Name": "login.defs", "Identifier": { "PURL": "pkg:deb/debian/login.defs@4.17.4-2?arch=all\u0026distro=debian-13.5\u0026epoch=1", "UID": "b6a337588c67d5a3" }, "Version": "4.17.4", "Release": "2", "Epoch": 1, "Arch": "all", "SrcName": "shadow", "SrcVersion": "4.17.4", "SrcRelease": "2", "SrcEpoch": 1, "Licenses": [ "BSD-3-Clause", "GPL-1.0-only", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Shadow package maintainers \u003cpkg-shadow-devel@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/share/doc/login.defs/NEWS.Debian.gz", "/usr/share/doc/login.defs/changelog.Debian.gz", "/usr/share/doc/login.defs/changelog.gz", "/usr/share/doc/login.defs/copyright", "/usr/share/man/de/man5/login.defs.5.gz", "/usr/share/man/fr/man5/login.defs.5.gz", "/usr/share/man/it/man5/login.defs.5.gz", "/usr/share/man/ja/man5/login.defs.5.gz", "/usr/share/man/man5/login.defs.5.gz", "/usr/share/man/ru/man5/login.defs.5.gz", "/usr/share/man/uk/man5/login.defs.5.gz", "/usr/share/man/zh_CN/man5/login.defs.5.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "mawk@1.3.4.20250131-1", "Name": "mawk", "Identifier": { "PURL": "pkg:deb/debian/mawk@1.3.4.20250131-1?arch=amd64\u0026distro=debian-13.5", "UID": "a4460701c66e182d" }, "Version": "1.3.4.20250131", "Release": "1", "Arch": "amd64", "SrcName": "mawk", "SrcVersion": "1.3.4.20250131", "SrcRelease": "1", "Licenses": [ "GPL-2.0-only", "X11", "CC-BY-3.0" ], "Maintainer": "Boyuan Yang \u003cbyang@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/mawk", "/usr/share/doc/mawk/ACKNOWLEDGMENT", "/usr/share/doc/mawk/README", "/usr/share/doc/mawk/changelog.Debian.gz", "/usr/share/doc/mawk/changelog.gz", "/usr/share/doc/mawk/copyright", "/usr/share/doc/mawk/examples/ct_length.awk", "/usr/share/doc/mawk/examples/decl.awk", "/usr/share/doc/mawk/examples/deps.awk", "/usr/share/doc/mawk/examples/eatc.awk", "/usr/share/doc/mawk/examples/gdecl.awk", "/usr/share/doc/mawk/examples/hcal", "/usr/share/doc/mawk/examples/hical", "/usr/share/doc/mawk/examples/nocomment.awk", "/usr/share/doc/mawk/examples/primes.awk", "/usr/share/doc/mawk/examples/qsort.awk", "/usr/share/man/man1/mawk.1.gz", "/usr/share/man/man7/mawk-arrays.7.gz", "/usr/share/man/man7/mawk-code.7.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "mount@2.41-5", "Name": "mount", "Identifier": { "PURL": "pkg:deb/debian/mount@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "55c835c674d0a0e5" }, "Version": "2.41", "Release": "5", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/mount", "/usr/bin/umount", "/usr/sbin/losetup", "/usr/sbin/swapoff", "/usr/sbin/swapon", "/usr/share/bash-completion/completions/losetup", "/usr/share/bash-completion/completions/mount", "/usr/share/bash-completion/completions/swapoff", "/usr/share/bash-completion/completions/swapon", "/usr/share/bash-completion/completions/umount", "/usr/share/doc/mount/NEWS.Debian.gz", "/usr/share/doc/mount/changelog.Debian.gz", "/usr/share/doc/mount/changelog.gz", "/usr/share/doc/mount/copyright", "/usr/share/doc/mount/examples/filesystems", "/usr/share/doc/mount/examples/fstab", "/usr/share/doc/mount/examples/mount.fstab", "/usr/share/doc/mount/mount.txt", "/usr/share/lintian/overrides/mount", "/usr/share/man/man5/fstab.5.gz", "/usr/share/man/man8/losetup.8.gz", "/usr/share/man/man8/mount.8.gz", "/usr/share/man/man8/swapon.8.gz", "/usr/share/man/man8/umount.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "ncurses-base@6.5+20250216-2", "Name": "ncurses-base", "Identifier": { "PURL": "pkg:deb/debian/ncurses-base@6.5%2B20250216-2?arch=all\u0026distro=debian-13.5", "UID": "767a0231348a5cb5" }, "Version": "6.5+20250216", "Release": "2", "Arch": "all", "SrcName": "ncurses", "SrcVersion": "6.5+20250216", "SrcRelease": "2", "Licenses": [ "MIT/X11", "X11", "BSD-3-Clause" ], "Maintainer": "Ncurses Maintainers \u003cncurses@packages.debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/share/doc/ncurses-base/FAQ", "/usr/share/doc/ncurses-base/TODO.Debian", "/usr/share/doc/ncurses-base/changelog.Debian.gz", "/usr/share/doc/ncurses-base/changelog.gz", "/usr/share/doc/ncurses-base/copyright", "/usr/share/lintian/overrides/ncurses-base", "/usr/share/tabset/std", "/usr/share/tabset/stdcrt", "/usr/share/tabset/vt100", "/usr/share/tabset/vt300", "/usr/share/terminfo/E/Eterm", "/usr/share/terminfo/a/ansi", "/usr/share/terminfo/c/cons25", "/usr/share/terminfo/c/cygwin", "/usr/share/terminfo/d/dumb", "/usr/share/terminfo/h/hurd", "/usr/share/terminfo/l/linux", "/usr/share/terminfo/m/mach", "/usr/share/terminfo/m/mach-bold", "/usr/share/terminfo/m/mach-color", "/usr/share/terminfo/m/mach-gnu", "/usr/share/terminfo/m/mach-gnu-color", "/usr/share/terminfo/p/pcansi", "/usr/share/terminfo/r/rxvt", "/usr/share/terminfo/r/rxvt-basic", "/usr/share/terminfo/r/rxvt-unicode", "/usr/share/terminfo/r/rxvt-unicode-256color", "/usr/share/terminfo/s/screen", "/usr/share/terminfo/s/screen-256color", "/usr/share/terminfo/s/screen-256color-bce", "/usr/share/terminfo/s/screen-bce", "/usr/share/terminfo/s/screen-s", "/usr/share/terminfo/s/screen-w", "/usr/share/terminfo/s/screen.xterm-256color", "/usr/share/terminfo/s/sun", "/usr/share/terminfo/t/tmux", "/usr/share/terminfo/t/tmux-256color", "/usr/share/terminfo/v/vt100", "/usr/share/terminfo/v/vt102", "/usr/share/terminfo/v/vt220", "/usr/share/terminfo/v/vt52", "/usr/share/terminfo/w/wsvt25", "/usr/share/terminfo/w/wsvt25m", "/usr/share/terminfo/x/xterm", "/usr/share/terminfo/x/xterm-256color", "/usr/share/terminfo/x/xterm-color", "/usr/share/terminfo/x/xterm-mono", "/usr/share/terminfo/x/xterm-r5", "/usr/share/terminfo/x/xterm-r6", "/usr/share/terminfo/x/xterm-vt220", "/usr/share/terminfo/x/xterm-xfree86" ], "AnalyzedBy": "dpkg" }, { "ID": "ncurses-bin@6.5+20250216-2", "Name": "ncurses-bin", "Identifier": { "PURL": "pkg:deb/debian/ncurses-bin@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.5", "UID": "5b541563cf6587e5" }, "Version": "6.5+20250216", "Release": "2", "Arch": "amd64", "SrcName": "ncurses", "SrcVersion": "6.5+20250216", "SrcRelease": "2", "Licenses": [ "MIT/X11", "X11", "BSD-3-Clause" ], "Maintainer": "Ncurses Maintainers \u003cncurses@packages.debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/clear", "/usr/bin/infocmp", "/usr/bin/tabs", "/usr/bin/tic", "/usr/bin/toe", "/usr/bin/tput", "/usr/bin/tset", "/usr/share/doc/ncurses-bin/changelog.Debian.gz", "/usr/share/doc/ncurses-bin/changelog.gz", "/usr/share/doc/ncurses-bin/copyright", "/usr/share/man/man1/captoinfo.1.gz", "/usr/share/man/man1/clear.1.gz", "/usr/share/man/man1/infocmp.1.gz", "/usr/share/man/man1/infotocap.1.gz", "/usr/share/man/man1/tabs.1.gz", "/usr/share/man/man1/tic.1.gz", "/usr/share/man/man1/toe.1.gz", "/usr/share/man/man1/tput.1.gz", "/usr/share/man/man1/tset.1.gz", "/usr/share/man/man5/scr_dump.5.gz", "/usr/share/man/man5/term.5.gz", "/usr/share/man/man5/terminfo.5.gz", "/usr/share/man/man5/user_caps.5.gz", "/usr/share/man/man7/term.7.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "netbase@6.5", "Name": "netbase", "Identifier": { "PURL": "pkg:deb/debian/netbase@6.5?arch=all\u0026distro=debian-13.5", "UID": "9929ff265179fc61" }, "Version": "6.5", "Arch": "all", "SrcName": "netbase", "SrcVersion": "6.5", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Marco d'Itri \u003cmd@linux.it\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:4a9dde5cdde190bfa0a3ab17863a083e66ea9636b157638c315357dfa476ba76", "DiffID": "sha256:ae0096d57d7f18e7861848f1103983488102f78517c11444120d8a938884de54" }, "InstalledFiles": [ "/usr/share/doc/netbase/changelog.gz", "/usr/share/doc/netbase/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "openssl@3.5.6-1~deb13u1", "Name": "openssl", "Identifier": { "PURL": "pkg:deb/debian/openssl@3.5.6-1~deb13u1?arch=amd64\u0026distro=debian-13.5", "UID": "ee88be94d89898bf" }, "Version": "3.5.6", "Release": "1~deb13u1", "Arch": "amd64", "SrcName": "openssl", "SrcVersion": "3.5.6", "SrcRelease": "1~deb13u1", "Licenses": [ "Apache-2.0", "Artistic-2.0", "GPL-1.0-or-later", "GPL-1.0-only" ], "Maintainer": "Debian OpenSSL Team \u003cpkg-openssl-devel@alioth-lists.debian.net\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libssl3t64@3.5.6-1~deb13u1" ], "Layer": { "Digest": "sha256:4a9dde5cdde190bfa0a3ab17863a083e66ea9636b157638c315357dfa476ba76", "DiffID": "sha256:ae0096d57d7f18e7861848f1103983488102f78517c11444120d8a938884de54" }, "InstalledFiles": [ "/usr/bin/c_rehash", "/usr/bin/openssl", "/usr/lib/ssl/misc/CA.pl", "/usr/lib/ssl/misc/tsget.pl", "/usr/share/doc/openssl/HOWTO/certificates.txt.gz", "/usr/share/doc/openssl/HOWTO/documenting-functions-and-macros.md.gz", "/usr/share/doc/openssl/HOWTO/keys.txt.gz", "/usr/share/doc/openssl/NEWS.md.gz", "/usr/share/doc/openssl/README-ENGINES.md.gz", "/usr/share/doc/openssl/README-PROVIDERS.md.gz", "/usr/share/doc/openssl/README-QUIC.md.gz", "/usr/share/doc/openssl/README.Debian", "/usr/share/doc/openssl/README.md.gz", "/usr/share/doc/openssl/changelog.Debian.gz", "/usr/share/doc/openssl/changelog.gz", "/usr/share/doc/openssl/copyright", "/usr/share/doc/openssl/fingerprints.txt", "/usr/share/lintian/overrides/openssl", "/usr/share/man/man1/CA.pl.1ssl.gz", "/usr/share/man/man1/openssl-asn1parse.1ssl.gz", "/usr/share/man/man1/openssl-ca.1ssl.gz", "/usr/share/man/man1/openssl-ciphers.1ssl.gz", "/usr/share/man/man1/openssl-cmds.1ssl.gz", "/usr/share/man/man1/openssl-cmp.1ssl.gz", "/usr/share/man/man1/openssl-cms.1ssl.gz", "/usr/share/man/man1/openssl-crl.1ssl.gz", "/usr/share/man/man1/openssl-crl2pkcs7.1ssl.gz", "/usr/share/man/man1/openssl-dgst.1ssl.gz", "/usr/share/man/man1/openssl-dhparam.1ssl.gz", "/usr/share/man/man1/openssl-dsa.1ssl.gz", "/usr/share/man/man1/openssl-dsaparam.1ssl.gz", "/usr/share/man/man1/openssl-ec.1ssl.gz", "/usr/share/man/man1/openssl-ecparam.1ssl.gz", "/usr/share/man/man1/openssl-enc.1ssl.gz", "/usr/share/man/man1/openssl-engine.1ssl.gz", "/usr/share/man/man1/openssl-errstr.1ssl.gz", "/usr/share/man/man1/openssl-fipsinstall.1ssl.gz", "/usr/share/man/man1/openssl-format-options.1ssl.gz", "/usr/share/man/man1/openssl-gendsa.1ssl.gz", "/usr/share/man/man1/openssl-genpkey.1ssl.gz", "/usr/share/man/man1/openssl-genrsa.1ssl.gz", "/usr/share/man/man1/openssl-info.1ssl.gz", "/usr/share/man/man1/openssl-kdf.1ssl.gz", "/usr/share/man/man1/openssl-list.1ssl.gz", "/usr/share/man/man1/openssl-mac.1ssl.gz", "/usr/share/man/man1/openssl-namedisplay-options.1ssl.gz", "/usr/share/man/man1/openssl-nseq.1ssl.gz", "/usr/share/man/man1/openssl-ocsp.1ssl.gz", "/usr/share/man/man1/openssl-passphrase-options.1ssl.gz", "/usr/share/man/man1/openssl-passwd.1ssl.gz", "/usr/share/man/man1/openssl-pkcs12.1ssl.gz", "/usr/share/man/man1/openssl-pkcs7.1ssl.gz", "/usr/share/man/man1/openssl-pkcs8.1ssl.gz", "/usr/share/man/man1/openssl-pkey.1ssl.gz", "/usr/share/man/man1/openssl-pkeyparam.1ssl.gz", "/usr/share/man/man1/openssl-pkeyutl.1ssl.gz", "/usr/share/man/man1/openssl-prime.1ssl.gz", "/usr/share/man/man1/openssl-rand.1ssl.gz", "/usr/share/man/man1/openssl-rehash.1ssl.gz", "/usr/share/man/man1/openssl-req.1ssl.gz", "/usr/share/man/man1/openssl-rsa.1ssl.gz", "/usr/share/man/man1/openssl-rsautl.1ssl.gz", "/usr/share/man/man1/openssl-s_client.1ssl.gz", "/usr/share/man/man1/openssl-s_server.1ssl.gz", "/usr/share/man/man1/openssl-s_time.1ssl.gz", "/usr/share/man/man1/openssl-sess_id.1ssl.gz", "/usr/share/man/man1/openssl-skeyutl.1ssl.gz", "/usr/share/man/man1/openssl-smime.1ssl.gz", "/usr/share/man/man1/openssl-speed.1ssl.gz", "/usr/share/man/man1/openssl-spkac.1ssl.gz", "/usr/share/man/man1/openssl-srp.1ssl.gz", "/usr/share/man/man1/openssl-storeutl.1ssl.gz", "/usr/share/man/man1/openssl-ts.1ssl.gz", "/usr/share/man/man1/openssl-verification-options.1ssl.gz", "/usr/share/man/man1/openssl-verify.1ssl.gz", "/usr/share/man/man1/openssl-version.1ssl.gz", "/usr/share/man/man1/openssl-x509.1ssl.gz", "/usr/share/man/man1/openssl.1ssl.gz", "/usr/share/man/man1/tsget.1ssl.gz", "/usr/share/man/man5/config.5ssl.gz", "/usr/share/man/man5/fips_config.5ssl.gz", "/usr/share/man/man5/x509v3_config.5ssl.gz", "/usr/share/man/man7/EVP_ASYM_CIPHER-RSA.7ssl.gz", "/usr/share/man/man7/EVP_ASYM_CIPHER-SM2.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-AES.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-ARIA.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-BLOWFISH.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-CAMELLIA.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-CAST.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-CHACHA.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-DES.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-IDEA.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-NULL.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-RC2.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-RC4.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-RC5.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-SEED.7ssl.gz", "/usr/share/man/man7/EVP_CIPHER-SM4.7ssl.gz", "/usr/share/man/man7/EVP_KDF-ARGON2.7ssl.gz", "/usr/share/man/man7/EVP_KDF-HKDF.7ssl.gz", "/usr/share/man/man7/EVP_KDF-HMAC-DRBG.7ssl.gz", "/usr/share/man/man7/EVP_KDF-KB.7ssl.gz", "/usr/share/man/man7/EVP_KDF-KRB5KDF.7ssl.gz", "/usr/share/man/man7/EVP_KDF-PBKDF1.7ssl.gz", "/usr/share/man/man7/EVP_KDF-PBKDF2.7ssl.gz", "/usr/share/man/man7/EVP_KDF-PKCS12KDF.7ssl.gz", "/usr/share/man/man7/EVP_KDF-PVKKDF.7ssl.gz", "/usr/share/man/man7/EVP_KDF-SCRYPT.7ssl.gz", "/usr/share/man/man7/EVP_KDF-SS.7ssl.gz", "/usr/share/man/man7/EVP_KDF-SSHKDF.7ssl.gz", "/usr/share/man/man7/EVP_KDF-TLS13_KDF.7ssl.gz", "/usr/share/man/man7/EVP_KDF-TLS1_PRF.7ssl.gz", "/usr/share/man/man7/EVP_KDF-X942-ASN1.7ssl.gz", "/usr/share/man/man7/EVP_KDF-X942-CONCAT.7ssl.gz", "/usr/share/man/man7/EVP_KDF-X963.7ssl.gz", "/usr/share/man/man7/EVP_KEM-EC.7ssl.gz", "/usr/share/man/man7/EVP_KEM-ML-KEM.7ssl.gz", "/usr/share/man/man7/EVP_KEM-RSA.7ssl.gz", "/usr/share/man/man7/EVP_KEM-X25519.7ssl.gz", "/usr/share/man/man7/EVP_KEYEXCH-DH.7ssl.gz", "/usr/share/man/man7/EVP_KEYEXCH-ECDH.7ssl.gz", "/usr/share/man/man7/EVP_KEYEXCH-X25519.7ssl.gz", "/usr/share/man/man7/EVP_MAC-BLAKE2.7ssl.gz", "/usr/share/man/man7/EVP_MAC-CMAC.7ssl.gz", "/usr/share/man/man7/EVP_MAC-GMAC.7ssl.gz", "/usr/share/man/man7/EVP_MAC-HMAC.7ssl.gz", "/usr/share/man/man7/EVP_MAC-KMAC.7ssl.gz", "/usr/share/man/man7/EVP_MAC-Poly1305.7ssl.gz", "/usr/share/man/man7/EVP_MAC-Siphash.7ssl.gz", "/usr/share/man/man7/EVP_MD-BLAKE2.7ssl.gz", "/usr/share/man/man7/EVP_MD-KECCAK.7ssl.gz", "/usr/share/man/man7/EVP_MD-MD2.7ssl.gz", "/usr/share/man/man7/EVP_MD-MD4.7ssl.gz", "/usr/share/man/man7/EVP_MD-MD5-SHA1.7ssl.gz", "/usr/share/man/man7/EVP_MD-MD5.7ssl.gz", "/usr/share/man/man7/EVP_MD-MDC2.7ssl.gz", "/usr/share/man/man7/EVP_MD-NULL.7ssl.gz", "/usr/share/man/man7/EVP_MD-RIPEMD160.7ssl.gz", "/usr/share/man/man7/EVP_MD-SHA1.7ssl.gz", "/usr/share/man/man7/EVP_MD-SHA2.7ssl.gz", "/usr/share/man/man7/EVP_MD-SHA3.7ssl.gz", "/usr/share/man/man7/EVP_MD-SHAKE.7ssl.gz", "/usr/share/man/man7/EVP_MD-SM3.7ssl.gz", "/usr/share/man/man7/EVP_MD-WHIRLPOOL.7ssl.gz", "/usr/share/man/man7/EVP_MD-common.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-DH.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-DSA.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-EC.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-FFC.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-HMAC.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-ML-DSA.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-ML-KEM.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-RSA.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-SLH-DSA.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-SM2.7ssl.gz", "/usr/share/man/man7/EVP_PKEY-X25519.7ssl.gz", "/usr/share/man/man7/EVP_RAND-CRNG-TEST.7ssl.gz", "/usr/share/man/man7/EVP_RAND-CTR-DRBG.7ssl.gz", "/usr/share/man/man7/EVP_RAND-HASH-DRBG.7ssl.gz", "/usr/share/man/man7/EVP_RAND-HMAC-DRBG.7ssl.gz", "/usr/share/man/man7/EVP_RAND-JITTER.7ssl.gz", "/usr/share/man/man7/EVP_RAND-SEED-SRC.7ssl.gz", "/usr/share/man/man7/EVP_RAND-TEST-RAND.7ssl.gz", "/usr/share/man/man7/EVP_RAND.7ssl.gz", "/usr/share/man/man7/EVP_SIGNATURE-DSA.7ssl.gz", "/usr/share/man/man7/EVP_SIGNATURE-ECDSA.7ssl.gz", "/usr/share/man/man7/EVP_SIGNATURE-ED25519.7ssl.gz", "/usr/share/man/man7/EVP_SIGNATURE-HMAC.7ssl.gz", "/usr/share/man/man7/EVP_SIGNATURE-ML-DSA.7ssl.gz", "/usr/share/man/man7/EVP_SIGNATURE-RSA.7ssl.gz", "/usr/share/man/man7/EVP_SIGNATURE-SLH-DSA.7ssl.gz", "/usr/share/man/man7/OSSL_PROVIDER-FIPS.7ssl.gz", "/usr/share/man/man7/OSSL_PROVIDER-base.7ssl.gz", "/usr/share/man/man7/OSSL_PROVIDER-default.7ssl.gz", "/usr/share/man/man7/OSSL_PROVIDER-legacy.7ssl.gz", "/usr/share/man/man7/OSSL_PROVIDER-null.7ssl.gz", "/usr/share/man/man7/OSSL_STORE-winstore.7ssl.gz", "/usr/share/man/man7/RAND.7ssl.gz", "/usr/share/man/man7/RSA-PSS.7ssl.gz", "/usr/share/man/man7/X25519.7ssl.gz", "/usr/share/man/man7/bio.7ssl.gz", "/usr/share/man/man7/ct.7ssl.gz", "/usr/share/man/man7/des_modes.7ssl.gz", "/usr/share/man/man7/evp.7ssl.gz", "/usr/share/man/man7/fips_module.7ssl.gz", "/usr/share/man/man7/life_cycle-cipher.7ssl.gz", "/usr/share/man/man7/life_cycle-digest.7ssl.gz", "/usr/share/man/man7/life_cycle-kdf.7ssl.gz", "/usr/share/man/man7/life_cycle-mac.7ssl.gz", "/usr/share/man/man7/life_cycle-pkey.7ssl.gz", "/usr/share/man/man7/life_cycle-rand.7ssl.gz", "/usr/share/man/man7/openssl-core.h.7ssl.gz", "/usr/share/man/man7/openssl-core_dispatch.h.7ssl.gz", "/usr/share/man/man7/openssl-core_names.h.7ssl.gz", "/usr/share/man/man7/openssl-env.7ssl.gz", "/usr/share/man/man7/openssl-glossary.7ssl.gz", "/usr/share/man/man7/openssl-qlog.7ssl.gz", "/usr/share/man/man7/openssl-quic-concurrency.7ssl.gz", "/usr/share/man/man7/openssl-quic.7ssl.gz", "/usr/share/man/man7/openssl-threads.7ssl.gz", "/usr/share/man/man7/openssl_user_macros.7ssl.gz", "/usr/share/man/man7/ossl-guide-introduction.7ssl.gz", "/usr/share/man/man7/ossl-guide-libcrypto-introduction.7ssl.gz", "/usr/share/man/man7/ossl-guide-libraries-introduction.7ssl.gz", "/usr/share/man/man7/ossl-guide-libssl-introduction.7ssl.gz", "/usr/share/man/man7/ossl-guide-migration.7ssl.gz", "/usr/share/man/man7/ossl-guide-quic-client-block.7ssl.gz", "/usr/share/man/man7/ossl-guide-quic-client-non-block.7ssl.gz", "/usr/share/man/man7/ossl-guide-quic-introduction.7ssl.gz", "/usr/share/man/man7/ossl-guide-quic-multi-stream.7ssl.gz", "/usr/share/man/man7/ossl-guide-quic-server-block.7ssl.gz", "/usr/share/man/man7/ossl-guide-quic-server-non-block.7ssl.gz", "/usr/share/man/man7/ossl-guide-tls-client-block.7ssl.gz", "/usr/share/man/man7/ossl-guide-tls-client-non-block.7ssl.gz", "/usr/share/man/man7/ossl-guide-tls-introduction.7ssl.gz", "/usr/share/man/man7/ossl-guide-tls-server-block.7ssl.gz", "/usr/share/man/man7/ossl_store-file.7ssl.gz", "/usr/share/man/man7/ossl_store.7ssl.gz", "/usr/share/man/man7/passphrase-encoding.7ssl.gz", "/usr/share/man/man7/property.7ssl.gz", "/usr/share/man/man7/provider-asym_cipher.7ssl.gz", "/usr/share/man/man7/provider-base.7ssl.gz", "/usr/share/man/man7/provider-cipher.7ssl.gz", "/usr/share/man/man7/provider-decoder.7ssl.gz", "/usr/share/man/man7/provider-digest.7ssl.gz", "/usr/share/man/man7/provider-encoder.7ssl.gz", "/usr/share/man/man7/provider-kdf.7ssl.gz", "/usr/share/man/man7/provider-kem.7ssl.gz", "/usr/share/man/man7/provider-keyexch.7ssl.gz", "/usr/share/man/man7/provider-keymgmt.7ssl.gz", "/usr/share/man/man7/provider-mac.7ssl.gz", "/usr/share/man/man7/provider-object.7ssl.gz", "/usr/share/man/man7/provider-rand.7ssl.gz", "/usr/share/man/man7/provider-signature.7ssl.gz", "/usr/share/man/man7/provider-skeymgmt.7ssl.gz", "/usr/share/man/man7/provider-storemgmt.7ssl.gz", "/usr/share/man/man7/provider.7ssl.gz", "/usr/share/man/man7/proxy-certificates.7ssl.gz", "/usr/share/man/man7/x509.7ssl.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "openssl-provider-legacy@3.5.6-1~deb13u1", "Name": "openssl-provider-legacy", "Identifier": { "PURL": "pkg:deb/debian/openssl-provider-legacy@3.5.6-1~deb13u1?arch=amd64\u0026distro=debian-13.5", "UID": "c38741326d0e034f" }, "Version": "3.5.6", "Release": "1~deb13u1", "Arch": "amd64", "SrcName": "openssl", "SrcVersion": "3.5.6", "SrcRelease": "1~deb13u1", "Licenses": [ "Apache-2.0", "Artistic-2.0", "GPL-1.0-or-later", "GPL-1.0-only" ], "Maintainer": "Debian OpenSSL Team \u003cpkg-openssl-devel@alioth-lists.debian.net\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libssl3t64@3.5.6-1~deb13u1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/ossl-modules/legacy.so", "/usr/share/doc/openssl-provider-legacy/changelog.Debian.gz", "/usr/share/doc/openssl-provider-legacy/changelog.gz", "/usr/share/doc/openssl-provider-legacy/copyright" ], "AnalyzedBy": "dpkg" }, { "ID": "passwd@1:4.17.4-2", "Name": "passwd", "Identifier": { "PURL": "pkg:deb/debian/passwd@4.17.4-2?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "d93f813ae3092e32" }, "Version": "4.17.4", "Release": "2", "Epoch": 1, "Arch": "amd64", "SrcName": "shadow", "SrcVersion": "4.17.4", "SrcRelease": "2", "SrcEpoch": 1, "Licenses": [ "BSD-3-Clause", "GPL-1.0-only", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Shadow package maintainers \u003cpkg-shadow-devel@lists.alioth.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "base-passwd@3.6.7", "libacl1@2.3.2-2+b1", "libattr1@1:2.5.2-3", "libaudit1@1:4.0.2-2+b2", "libbsd0@0.12.2-2", "libc6@2.41-12+deb13u3", "libcrypt1@1:4.4.38-1", "libpam-modules@1.7.0-5", "libpam0g@1.7.0-5", "libselinux1@3.8.1-1", "libsemanage2@3.8.1-1", "login.defs@1:4.17.4-2" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/chage", "/usr/bin/chfn", "/usr/bin/chsh", "/usr/bin/expiry", "/usr/bin/gpasswd", "/usr/bin/passwd", "/usr/lib/tmpfiles.d/passwd.conf", "/usr/sbin/chgpasswd", "/usr/sbin/chpasswd", "/usr/sbin/groupadd", "/usr/sbin/groupdel", "/usr/sbin/groupmod", "/usr/sbin/grpck", "/usr/sbin/grpconv", "/usr/sbin/grpunconv", "/usr/sbin/newusers", "/usr/sbin/pwck", "/usr/sbin/pwconv", "/usr/sbin/pwunconv", "/usr/sbin/shadowconfig", "/usr/sbin/useradd", "/usr/sbin/userdel", "/usr/sbin/usermod", "/usr/sbin/vipw", "/usr/share/doc/passwd/NEWS.Debian.gz", "/usr/share/doc/passwd/README.Debian", "/usr/share/doc/passwd/TODO.Debian", "/usr/share/doc/passwd/changelog.Debian.gz", "/usr/share/doc/passwd/changelog.gz", "/usr/share/doc/passwd/copyright", "/usr/share/doc/passwd/examples/passwd.expire.cron", "/usr/share/lintian/overrides/passwd", "/usr/share/locale/bs/LC_MESSAGES/shadow.mo", "/usr/share/locale/ca/LC_MESSAGES/shadow.mo", "/usr/share/locale/cs/LC_MESSAGES/shadow.mo", "/usr/share/locale/da/LC_MESSAGES/shadow.mo", "/usr/share/locale/de/LC_MESSAGES/shadow.mo", "/usr/share/locale/dz/LC_MESSAGES/shadow.mo", "/usr/share/locale/el/LC_MESSAGES/shadow.mo", "/usr/share/locale/es/LC_MESSAGES/shadow.mo", "/usr/share/locale/eu/LC_MESSAGES/shadow.mo", "/usr/share/locale/fi/LC_MESSAGES/shadow.mo", "/usr/share/locale/fr/LC_MESSAGES/shadow.mo", "/usr/share/locale/gl/LC_MESSAGES/shadow.mo", "/usr/share/locale/he/LC_MESSAGES/shadow.mo", "/usr/share/locale/hu/LC_MESSAGES/shadow.mo", "/usr/share/locale/id/LC_MESSAGES/shadow.mo", "/usr/share/locale/it/LC_MESSAGES/shadow.mo", "/usr/share/locale/ja/LC_MESSAGES/shadow.mo", "/usr/share/locale/ka/LC_MESSAGES/shadow.mo", "/usr/share/locale/kk/LC_MESSAGES/shadow.mo", "/usr/share/locale/km/LC_MESSAGES/shadow.mo", "/usr/share/locale/ko/LC_MESSAGES/shadow.mo", "/usr/share/locale/nb/LC_MESSAGES/shadow.mo", "/usr/share/locale/ne/LC_MESSAGES/shadow.mo", "/usr/share/locale/nl/LC_MESSAGES/shadow.mo", "/usr/share/locale/nn/LC_MESSAGES/shadow.mo", "/usr/share/locale/pl/LC_MESSAGES/shadow.mo", "/usr/share/locale/pt/LC_MESSAGES/shadow.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/shadow.mo", "/usr/share/locale/ro/LC_MESSAGES/shadow.mo", "/usr/share/locale/ru/LC_MESSAGES/shadow.mo", "/usr/share/locale/sk/LC_MESSAGES/shadow.mo", "/usr/share/locale/sq/LC_MESSAGES/shadow.mo", "/usr/share/locale/sv/LC_MESSAGES/shadow.mo", "/usr/share/locale/tl/LC_MESSAGES/shadow.mo", "/usr/share/locale/tr/LC_MESSAGES/shadow.mo", "/usr/share/locale/uk/LC_MESSAGES/shadow.mo", "/usr/share/locale/vi/LC_MESSAGES/shadow.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/shadow.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/shadow.mo", "/usr/share/man/cs/man1/expiry.1.gz", "/usr/share/man/cs/man1/gpasswd.1.gz", "/usr/share/man/cs/man5/gshadow.5.gz", "/usr/share/man/cs/man5/passwd.5.gz", "/usr/share/man/cs/man5/shadow.5.gz", "/usr/share/man/cs/man8/groupadd.8.gz", "/usr/share/man/cs/man8/groupdel.8.gz", "/usr/share/man/cs/man8/groupmod.8.gz", "/usr/share/man/cs/man8/grpck.8.gz", "/usr/share/man/cs/man8/vipw.8.gz", "/usr/share/man/da/man1/chfn.1.gz", "/usr/share/man/da/man5/gshadow.5.gz", "/usr/share/man/da/man8/groupdel.8.gz", "/usr/share/man/da/man8/vipw.8.gz", "/usr/share/man/de/man1/chage.1.gz", "/usr/share/man/de/man1/chfn.1.gz", "/usr/share/man/de/man1/chsh.1.gz", "/usr/share/man/de/man1/expiry.1.gz", "/usr/share/man/de/man1/gpasswd.1.gz", "/usr/share/man/de/man1/passwd.1.gz", "/usr/share/man/de/man5/gshadow.5.gz", "/usr/share/man/de/man5/passwd.5.gz", "/usr/share/man/de/man5/shadow.5.gz", "/usr/share/man/de/man8/chgpasswd.8.gz", "/usr/share/man/de/man8/chpasswd.8.gz", "/usr/share/man/de/man8/groupadd.8.gz", "/usr/share/man/de/man8/groupdel.8.gz", "/usr/share/man/de/man8/groupmod.8.gz", "/usr/share/man/de/man8/grpck.8.gz", "/usr/share/man/de/man8/newusers.8.gz", "/usr/share/man/de/man8/pwck.8.gz", "/usr/share/man/de/man8/pwconv.8.gz", "/usr/share/man/de/man8/useradd.8.gz", "/usr/share/man/de/man8/userdel.8.gz", "/usr/share/man/de/man8/usermod.8.gz", "/usr/share/man/de/man8/vipw.8.gz", "/usr/share/man/fi/man1/chfn.1.gz", "/usr/share/man/fi/man1/chsh.1.gz", "/usr/share/man/fr/man1/chage.1.gz", "/usr/share/man/fr/man1/chfn.1.gz", "/usr/share/man/fr/man1/chsh.1.gz", "/usr/share/man/fr/man1/expiry.1.gz", "/usr/share/man/fr/man1/gpasswd.1.gz", "/usr/share/man/fr/man1/passwd.1.gz", "/usr/share/man/fr/man5/gshadow.5.gz", "/usr/share/man/fr/man5/passwd.5.gz", "/usr/share/man/fr/man5/shadow.5.gz", "/usr/share/man/fr/man5/subgid.5.gz", "/usr/share/man/fr/man5/subuid.5.gz", "/usr/share/man/fr/man8/chgpasswd.8.gz", "/usr/share/man/fr/man8/chpasswd.8.gz", "/usr/share/man/fr/man8/groupadd.8.gz", "/usr/share/man/fr/man8/groupdel.8.gz", "/usr/share/man/fr/man8/groupmod.8.gz", "/usr/share/man/fr/man8/grpck.8.gz", "/usr/share/man/fr/man8/newusers.8.gz", "/usr/share/man/fr/man8/pwck.8.gz", "/usr/share/man/fr/man8/pwconv.8.gz", "/usr/share/man/fr/man8/useradd.8.gz", "/usr/share/man/fr/man8/userdel.8.gz", "/usr/share/man/fr/man8/usermod.8.gz", "/usr/share/man/fr/man8/vipw.8.gz", "/usr/share/man/hu/man1/chsh.1.gz", "/usr/share/man/hu/man1/gpasswd.1.gz", "/usr/share/man/hu/man1/passwd.1.gz", "/usr/share/man/hu/man5/passwd.5.gz", "/usr/share/man/id/man1/chsh.1.gz", "/usr/share/man/id/man8/useradd.8.gz", "/usr/share/man/it/man1/chage.1.gz", "/usr/share/man/it/man1/chfn.1.gz", "/usr/share/man/it/man1/chsh.1.gz", "/usr/share/man/it/man1/expiry.1.gz", "/usr/share/man/it/man1/gpasswd.1.gz", "/usr/share/man/it/man1/passwd.1.gz", "/usr/share/man/it/man5/gshadow.5.gz", "/usr/share/man/it/man5/passwd.5.gz", "/usr/share/man/it/man5/shadow.5.gz", "/usr/share/man/it/man8/chgpasswd.8.gz", "/usr/share/man/it/man8/chpasswd.8.gz", "/usr/share/man/it/man8/groupadd.8.gz", "/usr/share/man/it/man8/groupdel.8.gz", "/usr/share/man/it/man8/groupmod.8.gz", "/usr/share/man/it/man8/grpck.8.gz", "/usr/share/man/it/man8/newusers.8.gz", "/usr/share/man/it/man8/pwck.8.gz", "/usr/share/man/it/man8/pwconv.8.gz", "/usr/share/man/it/man8/useradd.8.gz", "/usr/share/man/it/man8/userdel.8.gz", "/usr/share/man/it/man8/usermod.8.gz", "/usr/share/man/it/man8/vipw.8.gz", "/usr/share/man/ja/man1/chage.1.gz", "/usr/share/man/ja/man1/chfn.1.gz", "/usr/share/man/ja/man1/chsh.1.gz", "/usr/share/man/ja/man1/expiry.1.gz", "/usr/share/man/ja/man1/gpasswd.1.gz", "/usr/share/man/ja/man1/passwd.1.gz", "/usr/share/man/ja/man5/passwd.5.gz", "/usr/share/man/ja/man5/shadow.5.gz", "/usr/share/man/ja/man8/chpasswd.8.gz", "/usr/share/man/ja/man8/groupadd.8.gz", "/usr/share/man/ja/man8/groupdel.8.gz", "/usr/share/man/ja/man8/groupmod.8.gz", "/usr/share/man/ja/man8/grpck.8.gz", "/usr/share/man/ja/man8/newusers.8.gz", "/usr/share/man/ja/man8/pwck.8.gz", "/usr/share/man/ja/man8/pwconv.8.gz", "/usr/share/man/ja/man8/useradd.8.gz", "/usr/share/man/ja/man8/userdel.8.gz", "/usr/share/man/ja/man8/usermod.8.gz", "/usr/share/man/ja/man8/vipw.8.gz", "/usr/share/man/ko/man1/chfn.1.gz", "/usr/share/man/ko/man1/chsh.1.gz", "/usr/share/man/ko/man5/passwd.5.gz", "/usr/share/man/ko/man8/vipw.8.gz", "/usr/share/man/man1/chage.1.gz", "/usr/share/man/man1/chfn.1.gz", "/usr/share/man/man1/chsh.1.gz", "/usr/share/man/man1/expiry.1.gz", "/usr/share/man/man1/gpasswd.1.gz", "/usr/share/man/man1/passwd.1.gz", "/usr/share/man/man5/gshadow.5.gz", "/usr/share/man/man5/passwd.5.gz", "/usr/share/man/man5/shadow.5.gz", "/usr/share/man/man5/subgid.5.gz", "/usr/share/man/man5/subuid.5.gz", "/usr/share/man/man8/chgpasswd.8.gz", "/usr/share/man/man8/chpasswd.8.gz", "/usr/share/man/man8/groupadd.8.gz", "/usr/share/man/man8/groupdel.8.gz", "/usr/share/man/man8/groupmod.8.gz", "/usr/share/man/man8/grpck.8.gz", "/usr/share/man/man8/newusers.8.gz", "/usr/share/man/man8/pwck.8.gz", "/usr/share/man/man8/pwconv.8.gz", "/usr/share/man/man8/shadowconfig.8.gz", "/usr/share/man/man8/useradd.8.gz", "/usr/share/man/man8/userdel.8.gz", "/usr/share/man/man8/usermod.8.gz", "/usr/share/man/man8/vipw.8.gz", "/usr/share/man/pl/man1/chage.1.gz", "/usr/share/man/pl/man1/chsh.1.gz", "/usr/share/man/pl/man1/expiry.1.gz", "/usr/share/man/pl/man8/groupadd.8.gz", "/usr/share/man/pl/man8/groupdel.8.gz", "/usr/share/man/pl/man8/groupmod.8.gz", "/usr/share/man/pl/man8/grpck.8.gz", "/usr/share/man/pl/man8/userdel.8.gz", "/usr/share/man/pl/man8/usermod.8.gz", "/usr/share/man/pl/man8/vipw.8.gz", "/usr/share/man/pt_BR/man1/gpasswd.1.gz", "/usr/share/man/pt_BR/man5/passwd.5.gz", "/usr/share/man/pt_BR/man5/shadow.5.gz", "/usr/share/man/pt_BR/man8/groupadd.8.gz", "/usr/share/man/pt_BR/man8/groupdel.8.gz", "/usr/share/man/pt_BR/man8/groupmod.8.gz", "/usr/share/man/ru/man1/chage.1.gz", "/usr/share/man/ru/man1/chfn.1.gz", "/usr/share/man/ru/man1/chsh.1.gz", "/usr/share/man/ru/man1/expiry.1.gz", "/usr/share/man/ru/man1/gpasswd.1.gz", "/usr/share/man/ru/man1/passwd.1.gz", "/usr/share/man/ru/man5/gshadow.5.gz", "/usr/share/man/ru/man5/passwd.5.gz", "/usr/share/man/ru/man5/shadow.5.gz", "/usr/share/man/ru/man8/chgpasswd.8.gz", "/usr/share/man/ru/man8/chpasswd.8.gz", "/usr/share/man/ru/man8/groupadd.8.gz", "/usr/share/man/ru/man8/groupdel.8.gz", "/usr/share/man/ru/man8/groupmod.8.gz", "/usr/share/man/ru/man8/grpck.8.gz", "/usr/share/man/ru/man8/newusers.8.gz", "/usr/share/man/ru/man8/pwck.8.gz", "/usr/share/man/ru/man8/pwconv.8.gz", "/usr/share/man/ru/man8/useradd.8.gz", "/usr/share/man/ru/man8/userdel.8.gz", "/usr/share/man/ru/man8/usermod.8.gz", "/usr/share/man/ru/man8/vipw.8.gz", "/usr/share/man/sv/man1/chage.1.gz", "/usr/share/man/sv/man1/chsh.1.gz", "/usr/share/man/sv/man1/expiry.1.gz", "/usr/share/man/sv/man1/passwd.1.gz", "/usr/share/man/sv/man5/gshadow.5.gz", "/usr/share/man/sv/man5/passwd.5.gz", "/usr/share/man/sv/man8/groupadd.8.gz", "/usr/share/man/sv/man8/groupdel.8.gz", "/usr/share/man/sv/man8/groupmod.8.gz", "/usr/share/man/sv/man8/grpck.8.gz", "/usr/share/man/sv/man8/pwck.8.gz", "/usr/share/man/sv/man8/userdel.8.gz", "/usr/share/man/sv/man8/vipw.8.gz", "/usr/share/man/tr/man1/chage.1.gz", "/usr/share/man/tr/man1/chfn.1.gz", "/usr/share/man/tr/man1/passwd.1.gz", "/usr/share/man/tr/man5/passwd.5.gz", "/usr/share/man/tr/man5/shadow.5.gz", "/usr/share/man/tr/man8/groupadd.8.gz", "/usr/share/man/tr/man8/groupdel.8.gz", "/usr/share/man/tr/man8/groupmod.8.gz", "/usr/share/man/tr/man8/useradd.8.gz", "/usr/share/man/tr/man8/userdel.8.gz", "/usr/share/man/tr/man8/usermod.8.gz", "/usr/share/man/uk/man1/chage.1.gz", "/usr/share/man/uk/man1/chfn.1.gz", "/usr/share/man/uk/man1/chsh.1.gz", "/usr/share/man/uk/man1/expiry.1.gz", "/usr/share/man/uk/man1/gpasswd.1.gz", "/usr/share/man/uk/man1/passwd.1.gz", "/usr/share/man/uk/man5/gshadow.5.gz", "/usr/share/man/uk/man5/passwd.5.gz", "/usr/share/man/uk/man5/shadow.5.gz", "/usr/share/man/uk/man8/chgpasswd.8.gz", "/usr/share/man/uk/man8/chpasswd.8.gz", "/usr/share/man/uk/man8/groupadd.8.gz", "/usr/share/man/uk/man8/groupdel.8.gz", "/usr/share/man/uk/man8/groupmod.8.gz", "/usr/share/man/uk/man8/grpck.8.gz", "/usr/share/man/uk/man8/newusers.8.gz", "/usr/share/man/uk/man8/pwck.8.gz", "/usr/share/man/uk/man8/pwconv.8.gz", "/usr/share/man/uk/man8/useradd.8.gz", "/usr/share/man/uk/man8/userdel.8.gz", "/usr/share/man/uk/man8/usermod.8.gz", "/usr/share/man/uk/man8/vipw.8.gz", "/usr/share/man/zh_CN/man1/chage.1.gz", "/usr/share/man/zh_CN/man1/chfn.1.gz", "/usr/share/man/zh_CN/man1/chsh.1.gz", "/usr/share/man/zh_CN/man1/expiry.1.gz", "/usr/share/man/zh_CN/man1/gpasswd.1.gz", "/usr/share/man/zh_CN/man1/passwd.1.gz", "/usr/share/man/zh_CN/man5/gshadow.5.gz", "/usr/share/man/zh_CN/man5/passwd.5.gz", "/usr/share/man/zh_CN/man5/shadow.5.gz", "/usr/share/man/zh_CN/man8/chgpasswd.8.gz", "/usr/share/man/zh_CN/man8/chpasswd.8.gz", "/usr/share/man/zh_CN/man8/groupadd.8.gz", "/usr/share/man/zh_CN/man8/groupdel.8.gz", "/usr/share/man/zh_CN/man8/groupmod.8.gz", "/usr/share/man/zh_CN/man8/grpck.8.gz", "/usr/share/man/zh_CN/man8/newusers.8.gz", "/usr/share/man/zh_CN/man8/pwck.8.gz", "/usr/share/man/zh_CN/man8/pwconv.8.gz", "/usr/share/man/zh_CN/man8/useradd.8.gz", "/usr/share/man/zh_CN/man8/userdel.8.gz", "/usr/share/man/zh_CN/man8/usermod.8.gz", "/usr/share/man/zh_CN/man8/vipw.8.gz", "/usr/share/man/zh_TW/man1/chfn.1.gz", "/usr/share/man/zh_TW/man1/chsh.1.gz", "/usr/share/man/zh_TW/man5/passwd.5.gz", "/usr/share/man/zh_TW/man8/chpasswd.8.gz", "/usr/share/man/zh_TW/man8/groupadd.8.gz", "/usr/share/man/zh_TW/man8/groupdel.8.gz", "/usr/share/man/zh_TW/man8/groupmod.8.gz", "/usr/share/man/zh_TW/man8/useradd.8.gz", "/usr/share/man/zh_TW/man8/userdel.8.gz", "/usr/share/man/zh_TW/man8/usermod.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "perl-base@5.40.1-6", "Name": "perl-base", "Identifier": { "PURL": "pkg:deb/debian/perl-base@5.40.1-6?arch=amd64\u0026distro=debian-13.5", "UID": "546ba1bdcd66d61" }, "Version": "5.40.1", "Release": "6", "Arch": "amd64", "SrcName": "perl", "SrcVersion": "5.40.1", "SrcRelease": "6", "Licenses": [ "GPL-1.0-or-later", "Artistic-2.0", "MIT", "REGCOMP", "GPL-2.0-with-bison-exception+", "Unicode", "BZIP", "Zlib", "GPL-2.0-or-later", "FSFAP", "BSD-3-clause-with-weird-numbering", "CC0-1.0", "TEXT-TABS", "BSD-4-clause-POWERDOG", "BSD-3-clause-GENERIC", "BSD-3-Clause", "SDBM-PUBLIC-DOMAIN", "DONT-CHANGE-THE-GPL", "Artistic-dist", "LGPL-2.1-only", "GPL-1.0-only", "GPL-2.0-only", "Artistic-2" ], "Maintainer": "Niko Tyni \u003cntyni@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/perl", "/usr/bin/perl5.40.1", "/usr/lib/x86_64-linux-gnu/perl-base/AutoLoader.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Carp.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Carp/Heavy.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Config.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Config_git.pl", "/usr/lib/x86_64-linux-gnu/perl-base/Config_heavy.pl", "/usr/lib/x86_64-linux-gnu/perl-base/Cwd.pm", "/usr/lib/x86_64-linux-gnu/perl-base/DynaLoader.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Errno.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Exporter.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Exporter/Heavy.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Fcntl.pm", "/usr/lib/x86_64-linux-gnu/perl-base/File/Basename.pm", "/usr/lib/x86_64-linux-gnu/perl-base/File/Glob.pm", "/usr/lib/x86_64-linux-gnu/perl-base/File/Path.pm", "/usr/lib/x86_64-linux-gnu/perl-base/File/Spec.pm", "/usr/lib/x86_64-linux-gnu/perl-base/File/Spec/Unix.pm", "/usr/lib/x86_64-linux-gnu/perl-base/File/Temp.pm", "/usr/lib/x86_64-linux-gnu/perl-base/FileHandle.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Getopt/Long.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Getopt/Long/Parser.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Hash/Util.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/File.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Handle.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Pipe.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Seekable.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Select.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket/INET.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket/IP.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IO/Socket/UNIX.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IPC/Open2.pm", "/usr/lib/x86_64-linux-gnu/perl-base/IPC/Open3.pm", "/usr/lib/x86_64-linux-gnu/perl-base/List/Util.pm", "/usr/lib/x86_64-linux-gnu/perl-base/POSIX.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Scalar/Util.pm", "/usr/lib/x86_64-linux-gnu/perl-base/SelectSaver.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Socket.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Symbol.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Text/ParseWords.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Text/Tabs.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Text/Wrap.pm", "/usr/lib/x86_64-linux-gnu/perl-base/Tie/Hash.pm", "/usr/lib/x86_64-linux-gnu/perl-base/XSLoader.pm", "/usr/lib/x86_64-linux-gnu/perl-base/attributes.pm", "/usr/lib/x86_64-linux-gnu/perl-base/auto/Cwd/Cwd.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/Fcntl/Fcntl.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/File/Glob/Glob.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/Hash/Util/Util.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/IO/IO.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/List/Util/Util.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/POSIX/POSIX.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/Socket/Socket.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/attributes/attributes.so", "/usr/lib/x86_64-linux-gnu/perl-base/auto/re/re.so", "/usr/lib/x86_64-linux-gnu/perl-base/base.pm", "/usr/lib/x86_64-linux-gnu/perl-base/builtin.pm", "/usr/lib/x86_64-linux-gnu/perl-base/bytes.pm", "/usr/lib/x86_64-linux-gnu/perl-base/constant.pm", "/usr/lib/x86_64-linux-gnu/perl-base/feature.pm", "/usr/lib/x86_64-linux-gnu/perl-base/fields.pm", "/usr/lib/x86_64-linux-gnu/perl-base/integer.pm", "/usr/lib/x86_64-linux-gnu/perl-base/lib.pm", "/usr/lib/x86_64-linux-gnu/perl-base/locale.pm", "/usr/lib/x86_64-linux-gnu/perl-base/overload.pm", "/usr/lib/x86_64-linux-gnu/perl-base/overloading.pm", "/usr/lib/x86_64-linux-gnu/perl-base/parent.pm", "/usr/lib/x86_64-linux-gnu/perl-base/re.pm", "/usr/lib/x86_64-linux-gnu/perl-base/strict.pm", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Age.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bmg.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bpb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Bpt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Cf.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Ea.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/EqUIdeo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/GCB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Gc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Hst.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Identif2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Identifi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/InPC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/InSC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Isc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Jg.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Jt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Lb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Lc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFCQC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFDQC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFKCCF.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFKCQC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NFKDQC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Na1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/NameAlia.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Nt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Nv.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/PerlDeci.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/SB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Sc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Scx.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Tc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Uc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/Vo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/WB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/_PerlLB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/To/_PerlSCX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/NA.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V100.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V11.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V110.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V120.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V130.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V140.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V150.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V20.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V30.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V31.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V32.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V40.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V41.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V50.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V51.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V52.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V60.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V61.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V70.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V80.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Age/V90.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Alpha/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/AL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/AN.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/B.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/BN.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/CS.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/EN.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/ES.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/ET.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/L.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/NSM.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/ON.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/R.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bc/WS.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/BidiC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/BidiM/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Blk/NB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bpt/C.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bpt/N.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Bpt/O.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CE/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CI/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWCF/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWCM/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWKCF/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWL/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWT/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CWU/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Cased/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/A.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/AL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/AR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/ATAR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/B.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/BR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/DB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/NK.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/NR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/OV.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ccc/VR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/CompEx/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/DI/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dash/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dep/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dia/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Com.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Enc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Fin.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Font.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Init.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Iso.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Med.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Nar.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Nb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/NonCanon.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Sqr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Sub.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Sup.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Dt/Vert.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/EBase/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/EComp/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/EPres/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/A.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/H.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/N.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/Na.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ea/W.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Emoji/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ext/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/ExtPict/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/CN.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/EX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/LV.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/LVT.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/PP.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/SM.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GCB/XX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/C.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Cf.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Cn.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/L.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/LC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Ll.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Lm.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Lo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Lu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/M.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Mc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Me.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Mn.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/N.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Nd.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Nl.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/No.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/P.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pd.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pe.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pf.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Pi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Po.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Ps.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/S.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Sc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Sk.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Sm.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/So.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Z.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Gc/Zs.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GrBase/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/GrExt/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Hex/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Hst/NA.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Hyphen/T.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IDC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IDS/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdStatus/Allowed.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdStatus/Restrict.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/DefaultI.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Exclusio.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Inclusio.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/LimitedU.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/NotChara.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/NotNFKC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/NotXID.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Obsolete.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Recommen.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Technica.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/IdType/Uncommon.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Ideo/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/10_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/11_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/12_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/12_1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/13_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/14_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/15_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/2_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/2_1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/3_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/3_1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/3_2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/4_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/4_1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/5_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/5_1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/5_2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/6_3.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/7_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/8_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/In/9_0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Bottom.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/BottomAn.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Left.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/LeftAndR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/NA.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Overstru.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Right.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/Top.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndBo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndL2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndLe.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/TopAndRi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InPC/VisualOr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Avagraha.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Bindu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Cantilla.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona3.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona4.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona5.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona6.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona7.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona8.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consona9.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Consonan.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Geminati.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Invisibl.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Nukta.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Number.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Other.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/PureKill.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Syllable.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/ToneMark.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Virama.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Visarga.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/Vowel.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/VowelDep.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/InSC/VowelInd.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Ain.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Alef.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Beh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Dal.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/FarsiYeh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Feh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Gaf.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Hah.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/HanifiRo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Kaf.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Lam.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/NoJoinin.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Noon.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Qaf.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Reh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Sad.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Seen.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Tah.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Waw.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jg/Yeh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/C.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/D.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/L.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/R.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/T.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Jt/U.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/AI.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/AL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/BA.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/BB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/CJ.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/CL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/CM.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/EX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/GL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/ID.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/IN.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/IS.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/NS.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/NU.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/OP.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/PO.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/PR.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/QU.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/SA.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lb/XX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Lower/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Math/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFCQC/M.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFCQC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFDQC/N.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFDQC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKCQC/N.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKCQC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKDQC/N.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/NFKDQC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nt/Di.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nt/None.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nt/Nu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/0.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/10.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/100.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/10000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/100000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/11.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/12.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/13.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/14.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/15.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/16.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/17.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/18.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/19.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_16.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_3.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_4.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_6.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/1_8.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/20.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/200.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/2000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/20000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/2_3.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/30.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/300.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/30000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3_16.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/3_4.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/4.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/40.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/400.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/4000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/40000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/5.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/50.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/500.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/5000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/50000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/6.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/60.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/600.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/6000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/60000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/7.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/70.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/700.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/7000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/70000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/8.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/80.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/800.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/8000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/80000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/9.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/90.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/900.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/9000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Nv/90000.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/PCM/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/PatSyn/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Alnum.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Assigned.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Blank.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Graph.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/PerlWord.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/PosixPun.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Print.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/SpacePer.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Title.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/Word.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/XPosixPu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlAny.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlCh2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlCha.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlFol.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlIDC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlIDS.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlIsI.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlNch.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlPat.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlPr2.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlPro.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Perl/_PerlQuo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/QMark/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/AT.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/CL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/EX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/FO.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/LE.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/LO.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/NU.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/SC.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/ST.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/Sp.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/UP.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SB/XX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/SD/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/STerm/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Arab.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Beng.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Cprt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Cyrl.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Deva.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Dupl.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Geor.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Glag.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gong.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gonm.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gran.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Grek.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Gujr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Guru.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Han.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Hang.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Hira.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Kana.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Knda.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Latn.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Limb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Linb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Mlym.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Mong.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Mult.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Orya.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Sinh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Syrc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Taml.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Telu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Zinh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Sc/Zyyy.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Adlm.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Arab.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Armn.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Beng.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Bhks.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Bopo.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cakm.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cham.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Copt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cprt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Cyrl.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Deva.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Diak.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Dupl.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Ethi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Geor.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Glag.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gong.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gonm.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gran.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Grek.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Gujr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Guru.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Han.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hang.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hebr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hira.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hmng.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Hmnp.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Kana.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Khar.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Khmr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Khoj.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Knda.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Kthi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Lana.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Lao.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Latn.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Limb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Lina.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Linb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mlym.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mong.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mult.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Mymr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Nand.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Nko.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Orya.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Phlp.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Rohg.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Shrd.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Sind.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Sinh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Syrc.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tagb.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Takr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Talu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Taml.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tang.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Telu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Thaa.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tibt.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Tirh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Vith.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Xsux.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Yezi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Yi.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Zinh.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Zyyy.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Scx/Zzzz.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Term/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/UIdeo/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Upper/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/VS/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/R.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/Tr.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/Tu.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/Vo/U.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/EX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/Extend.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/FO.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/HL.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/KA.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/LE.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/MB.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/ML.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/MN.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/NU.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/WSegSpac.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/WB/XX.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/XIDC/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/unicore/lib/XIDS/Y.pl", "/usr/lib/x86_64-linux-gnu/perl-base/utf8.pm", "/usr/lib/x86_64-linux-gnu/perl-base/vars.pm", "/usr/lib/x86_64-linux-gnu/perl-base/warnings.pm", "/usr/lib/x86_64-linux-gnu/perl-base/warnings/register.pm", "/usr/share/doc/perl-base/changelog.Debian.gz", "/usr/share/doc/perl-base/changelog.gz", "/usr/share/doc/perl-base/copyright", "/usr/share/doc/perl/AUTHORS.gz", "/usr/share/doc/perl/Documentation", "/usr/share/lintian/overrides/perl-base", "/usr/share/man/man1/perl.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "readline-common@8.2-6", "Name": "readline-common", "Identifier": { "PURL": "pkg:deb/debian/readline-common@8.2-6?arch=all\u0026distro=debian-13.5", "UID": "e762758a1681f62e" }, "Version": "8.2", "Release": "6", "Arch": "all", "SrcName": "readline", "SrcVersion": "8.2", "SrcRelease": "6", "Licenses": [ "GPL-3.0-or-later", "GPL-3.0-only", "GPL-2.0-or-later", "GPL-2.0-only", "GFDL-1.3-no-invariants-or-later", "GFDL-1.3-or-later", "ISC-no-attribution" ], "Maintainer": "Matthias Klose \u003cdoko@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" }, "InstalledFiles": [ "/usr/share/doc/readline-common/changelog.Debian.gz", "/usr/share/doc/readline-common/changelog.gz", "/usr/share/doc/readline-common/copyright", "/usr/share/doc/readline-common/inputrc.arrows", "/usr/share/info/rluserman.info.gz", "/usr/share/lintian/overrides/readline-common", "/usr/share/man/man3/history.3readline.gz", "/usr/share/man/man3/readline.3readline.gz", "/usr/share/readline/inputrc" ], "AnalyzedBy": "dpkg" }, { "ID": "sed@4.9-2+deb13u1", "Name": "sed", "Identifier": { "PURL": "pkg:deb/debian/sed@4.9-2%2Bdeb13u1?arch=amd64\u0026distro=debian-13.5", "UID": "a041ea16982bb927" }, "Version": "4.9", "Release": "2+deb13u1", "Arch": "amd64", "SrcName": "sed", "SrcVersion": "4.9", "SrcRelease": "2+deb13u1", "Licenses": [ "GPL-3.0-or-later", "GPL-3.0-only", "X11", "GFDL-1.3-no-invariants-or-later", "GFDL-1.3-only", "ISC", "BSD-4-Clause-UC", "BSL-1", "pcre" ], "Maintainer": "Clint Adams \u003cclint@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/sed", "/usr/share/doc/sed/AUTHORS", "/usr/share/doc/sed/BUGS.gz", "/usr/share/doc/sed/NEWS.gz", "/usr/share/doc/sed/README", "/usr/share/doc/sed/THANKS.gz", "/usr/share/doc/sed/changelog.Debian.gz", "/usr/share/doc/sed/changelog.gz", "/usr/share/doc/sed/copyright", "/usr/share/doc/sed/examples/dc.sed", "/usr/share/doc/sed/sedfaq.txt.gz", "/usr/share/info/sed.info.gz", "/usr/share/locale/af/LC_MESSAGES/sed.mo", "/usr/share/locale/ast/LC_MESSAGES/sed.mo", "/usr/share/locale/bg/LC_MESSAGES/sed.mo", "/usr/share/locale/ca/LC_MESSAGES/sed.mo", "/usr/share/locale/cs/LC_MESSAGES/sed.mo", "/usr/share/locale/da/LC_MESSAGES/sed.mo", "/usr/share/locale/de/LC_MESSAGES/sed.mo", "/usr/share/locale/el/LC_MESSAGES/sed.mo", "/usr/share/locale/eo/LC_MESSAGES/sed.mo", "/usr/share/locale/es/LC_MESSAGES/sed.mo", "/usr/share/locale/et/LC_MESSAGES/sed.mo", "/usr/share/locale/eu/LC_MESSAGES/sed.mo", "/usr/share/locale/fi/LC_MESSAGES/sed.mo", "/usr/share/locale/fr/LC_MESSAGES/sed.mo", "/usr/share/locale/ga/LC_MESSAGES/sed.mo", "/usr/share/locale/gl/LC_MESSAGES/sed.mo", "/usr/share/locale/he/LC_MESSAGES/sed.mo", "/usr/share/locale/hr/LC_MESSAGES/sed.mo", "/usr/share/locale/hu/LC_MESSAGES/sed.mo", "/usr/share/locale/id/LC_MESSAGES/sed.mo", "/usr/share/locale/it/LC_MESSAGES/sed.mo", "/usr/share/locale/ja/LC_MESSAGES/sed.mo", "/usr/share/locale/ka/LC_MESSAGES/sed.mo", "/usr/share/locale/ko/LC_MESSAGES/sed.mo", "/usr/share/locale/nb/LC_MESSAGES/sed.mo", "/usr/share/locale/nl/LC_MESSAGES/sed.mo", "/usr/share/locale/pl/LC_MESSAGES/sed.mo", "/usr/share/locale/pt/LC_MESSAGES/sed.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/sed.mo", "/usr/share/locale/ro/LC_MESSAGES/sed.mo", "/usr/share/locale/ru/LC_MESSAGES/sed.mo", "/usr/share/locale/sk/LC_MESSAGES/sed.mo", "/usr/share/locale/sl/LC_MESSAGES/sed.mo", "/usr/share/locale/sr/LC_MESSAGES/sed.mo", "/usr/share/locale/sv/LC_MESSAGES/sed.mo", "/usr/share/locale/tr/LC_MESSAGES/sed.mo", "/usr/share/locale/uk/LC_MESSAGES/sed.mo", "/usr/share/locale/vi/LC_MESSAGES/sed.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/sed.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/sed.mo", "/usr/share/man/man1/sed.1.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "sqv@1.3.0-3+b2", "Name": "sqv", "Identifier": { "PURL": "pkg:deb/debian/sqv@1.3.0-3%2Bb2?arch=amd64\u0026distro=debian-13.5", "UID": "2bf11ffe79190750" }, "Version": "1.3.0", "Release": "3+b2", "Arch": "amd64", "SrcName": "rust-sequoia-sqv", "SrcVersion": "1.3.0", "SrcRelease": "3", "Licenses": [ "LGPL-2.0-or-later", "LGPL-2.0-only" ], "Maintainer": "Debian Rust Maintainers \u003cpkg-rust-maintainers@alioth-lists.debian.net\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3", "libgcc-s1@14.2.0-19", "libgmp10@2:6.3.0+dfsg-3", "libhogweed6t64@3.10.1-1", "libnettle8t64@3.10.1-1" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/sqv", "/usr/share/bash-completion/completions/sqv.bash", "/usr/share/doc/sqv/NEWS.gz", "/usr/share/doc/sqv/changelog.Debian.amd64.gz", "/usr/share/doc/sqv/changelog.Debian.gz", "/usr/share/doc/sqv/copyright", "/usr/share/fish/completions/sqv.fish", "/usr/share/man/man1/sqv.1.gz", "/usr/share/zsh/vendor-completions/_sqv" ], "AnalyzedBy": "dpkg" }, { "ID": "sysvinit-utils@3.14-4", "Name": "sysvinit-utils", "Identifier": { "PURL": "pkg:deb/debian/sysvinit-utils@3.14-4?arch=amd64\u0026distro=debian-13.5", "UID": "f7fb888c58ca826e" }, "Version": "3.14", "Release": "4", "Arch": "amd64", "SrcName": "sysvinit", "SrcVersion": "3.14", "SrcRelease": "4", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.1-or-later", "GPL-3.0-only", "GPL-2.0-only", "LGPL-2.1-only" ], "Maintainer": "Debian sysvinit maintainers \u003cdebian-init-diversity@chiark.greenend.org.uk\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/init/init-d-script", "/usr/lib/init/vars.sh", "/usr/lib/lsb/init-functions", "/usr/lib/lsb/init-functions.d/00-verbose", "/usr/sbin/fstab-decode", "/usr/sbin/killall5", "/usr/share/doc/sysvinit-utils/changelog.Debian.gz", "/usr/share/doc/sysvinit-utils/copyright", "/usr/share/man/man5/init-d-script.5.gz", "/usr/share/man/man8/fstab-decode.8.gz", "/usr/share/man/man8/killall5.8.gz", "/usr/share/man/man8/pidof.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "tar@1.35+dfsg-3.1", "Name": "tar", "Identifier": { "PURL": "pkg:deb/debian/tar@1.35%2Bdfsg-3.1?arch=amd64\u0026distro=debian-13.5", "UID": "4f69996c49afbaca" }, "Version": "1.35+dfsg", "Release": "3.1", "Arch": "amd64", "SrcName": "tar", "SrcVersion": "1.35+dfsg", "SrcRelease": "3.1", "Licenses": [ "GPL-3.0-or-later", "GPL-3.0-only", "GPL-3+ with Bison exception", "LGPL-2.1-or-later", "LGPL-2.1-only", "LGPL-3.0-or-later", "LGPL-3.0-only", "GPL-2.0-or-later", "GPL-2.0-only" ], "Maintainer": "Janos Lenart \u003cocsi@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/tar", "/usr/lib/mime/packages/tar", "/usr/sbin/rmt-tar", "/usr/sbin/tarcat", "/usr/share/doc/tar/AUTHORS", "/usr/share/doc/tar/NEWS.gz", "/usr/share/doc/tar/README.Debian", "/usr/share/doc/tar/THANKS.gz", "/usr/share/doc/tar/changelog.1.gz", "/usr/share/doc/tar/changelog.Debian.gz", "/usr/share/doc/tar/changelog.gz", "/usr/share/doc/tar/copyright", "/usr/share/locale/bg/LC_MESSAGES/tar.mo", "/usr/share/locale/ca/LC_MESSAGES/tar.mo", "/usr/share/locale/cs/LC_MESSAGES/tar.mo", "/usr/share/locale/da/LC_MESSAGES/tar.mo", "/usr/share/locale/de/LC_MESSAGES/tar.mo", "/usr/share/locale/el/LC_MESSAGES/tar.mo", "/usr/share/locale/eo/LC_MESSAGES/tar.mo", "/usr/share/locale/es/LC_MESSAGES/tar.mo", "/usr/share/locale/et/LC_MESSAGES/tar.mo", "/usr/share/locale/eu/LC_MESSAGES/tar.mo", "/usr/share/locale/fi/LC_MESSAGES/tar.mo", "/usr/share/locale/fr/LC_MESSAGES/tar.mo", "/usr/share/locale/ga/LC_MESSAGES/tar.mo", "/usr/share/locale/gl/LC_MESSAGES/tar.mo", "/usr/share/locale/hr/LC_MESSAGES/tar.mo", "/usr/share/locale/hu/LC_MESSAGES/tar.mo", "/usr/share/locale/id/LC_MESSAGES/tar.mo", "/usr/share/locale/it/LC_MESSAGES/tar.mo", "/usr/share/locale/ja/LC_MESSAGES/tar.mo", "/usr/share/locale/ka/LC_MESSAGES/tar.mo", "/usr/share/locale/ko/LC_MESSAGES/tar.mo", "/usr/share/locale/ky/LC_MESSAGES/tar.mo", "/usr/share/locale/ms/LC_MESSAGES/tar.mo", "/usr/share/locale/nb/LC_MESSAGES/tar.mo", "/usr/share/locale/nl/LC_MESSAGES/tar.mo", "/usr/share/locale/pl/LC_MESSAGES/tar.mo", "/usr/share/locale/pt/LC_MESSAGES/tar.mo", "/usr/share/locale/pt_BR/LC_MESSAGES/tar.mo", "/usr/share/locale/ro/LC_MESSAGES/tar.mo", "/usr/share/locale/ru/LC_MESSAGES/tar.mo", "/usr/share/locale/sk/LC_MESSAGES/tar.mo", "/usr/share/locale/sl/LC_MESSAGES/tar.mo", "/usr/share/locale/sr/LC_MESSAGES/tar.mo", "/usr/share/locale/sv/LC_MESSAGES/tar.mo", "/usr/share/locale/tr/LC_MESSAGES/tar.mo", "/usr/share/locale/uk/LC_MESSAGES/tar.mo", "/usr/share/locale/vi/LC_MESSAGES/tar.mo", "/usr/share/locale/zh_CN/LC_MESSAGES/tar.mo", "/usr/share/locale/zh_TW/LC_MESSAGES/tar.mo", "/usr/share/man/man1/tar.1.gz", "/usr/share/man/man1/tarcat.1.gz", "/usr/share/man/man8/rmt-tar.8.gz" ], "AnalyzedBy": "dpkg" }, { "ID": "tzdata@2026b-0+deb13u1", "Name": "tzdata", "Identifier": { "PURL": "pkg:deb/debian/tzdata@2026b-0%2Bdeb13u1?arch=all\u0026distro=debian-13.5", "UID": "9e352e373d8245f0" }, "Version": "2026b", "Release": "0+deb13u1", "Arch": "all", "SrcName": "tzdata", "SrcVersion": "2026b", "SrcRelease": "0+deb13u1", "Licenses": [ "public-domain" ], "Maintainer": "GNU Libc Maintainers \u003cdebian-glibc@lists.debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "debconf@1.5.91" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/share/doc/tzdata/NEWS.Debian.gz", "/usr/share/doc/tzdata/README.Debian", "/usr/share/doc/tzdata/changelog.Debian.gz", "/usr/share/doc/tzdata/changelog.gz", "/usr/share/doc/tzdata/copyright", "/usr/share/lintian/overrides/tzdata", "/usr/share/zoneinfo/Africa/Abidjan", "/usr/share/zoneinfo/Africa/Accra", "/usr/share/zoneinfo/Africa/Addis_Ababa", "/usr/share/zoneinfo/Africa/Algiers", "/usr/share/zoneinfo/Africa/Asmara", "/usr/share/zoneinfo/Africa/Bamako", "/usr/share/zoneinfo/Africa/Bangui", "/usr/share/zoneinfo/Africa/Banjul", "/usr/share/zoneinfo/Africa/Bissau", "/usr/share/zoneinfo/Africa/Blantyre", "/usr/share/zoneinfo/Africa/Brazzaville", "/usr/share/zoneinfo/Africa/Bujumbura", "/usr/share/zoneinfo/Africa/Cairo", "/usr/share/zoneinfo/Africa/Casablanca", "/usr/share/zoneinfo/Africa/Ceuta", "/usr/share/zoneinfo/Africa/Conakry", "/usr/share/zoneinfo/Africa/Dakar", "/usr/share/zoneinfo/Africa/Dar_es_Salaam", "/usr/share/zoneinfo/Africa/Djibouti", "/usr/share/zoneinfo/Africa/Douala", "/usr/share/zoneinfo/Africa/El_Aaiun", "/usr/share/zoneinfo/Africa/Freetown", "/usr/share/zoneinfo/Africa/Gaborone", "/usr/share/zoneinfo/Africa/Harare", "/usr/share/zoneinfo/Africa/Johannesburg", "/usr/share/zoneinfo/Africa/Juba", "/usr/share/zoneinfo/Africa/Kampala", "/usr/share/zoneinfo/Africa/Khartoum", "/usr/share/zoneinfo/Africa/Kigali", "/usr/share/zoneinfo/Africa/Kinshasa", "/usr/share/zoneinfo/Africa/Lagos", "/usr/share/zoneinfo/Africa/Libreville", "/usr/share/zoneinfo/Africa/Lome", "/usr/share/zoneinfo/Africa/Luanda", "/usr/share/zoneinfo/Africa/Lubumbashi", "/usr/share/zoneinfo/Africa/Lusaka", "/usr/share/zoneinfo/Africa/Malabo", "/usr/share/zoneinfo/Africa/Maputo", "/usr/share/zoneinfo/Africa/Maseru", "/usr/share/zoneinfo/Africa/Mbabane", "/usr/share/zoneinfo/Africa/Mogadishu", "/usr/share/zoneinfo/Africa/Monrovia", "/usr/share/zoneinfo/Africa/Nairobi", "/usr/share/zoneinfo/Africa/Ndjamena", "/usr/share/zoneinfo/Africa/Niamey", "/usr/share/zoneinfo/Africa/Nouakchott", "/usr/share/zoneinfo/Africa/Ouagadougou", "/usr/share/zoneinfo/Africa/Porto-Novo", "/usr/share/zoneinfo/Africa/Sao_Tome", "/usr/share/zoneinfo/Africa/Tripoli", "/usr/share/zoneinfo/Africa/Tunis", "/usr/share/zoneinfo/Africa/Windhoek", "/usr/share/zoneinfo/America/Adak", "/usr/share/zoneinfo/America/Anchorage", "/usr/share/zoneinfo/America/Anguilla", "/usr/share/zoneinfo/America/Antigua", "/usr/share/zoneinfo/America/Araguaina", "/usr/share/zoneinfo/America/Argentina/Buenos_Aires", "/usr/share/zoneinfo/America/Argentina/Catamarca", "/usr/share/zoneinfo/America/Argentina/Cordoba", "/usr/share/zoneinfo/America/Argentina/Jujuy", "/usr/share/zoneinfo/America/Argentina/La_Rioja", "/usr/share/zoneinfo/America/Argentina/Mendoza", "/usr/share/zoneinfo/America/Argentina/Rio_Gallegos", "/usr/share/zoneinfo/America/Argentina/Salta", "/usr/share/zoneinfo/America/Argentina/San_Juan", "/usr/share/zoneinfo/America/Argentina/San_Luis", "/usr/share/zoneinfo/America/Argentina/Tucuman", "/usr/share/zoneinfo/America/Argentina/Ushuaia", "/usr/share/zoneinfo/America/Aruba", "/usr/share/zoneinfo/America/Asuncion", "/usr/share/zoneinfo/America/Atikokan", "/usr/share/zoneinfo/America/Bahia", "/usr/share/zoneinfo/America/Bahia_Banderas", "/usr/share/zoneinfo/America/Barbados", "/usr/share/zoneinfo/America/Belem", "/usr/share/zoneinfo/America/Belize", "/usr/share/zoneinfo/America/Blanc-Sablon", "/usr/share/zoneinfo/America/Boa_Vista", "/usr/share/zoneinfo/America/Bogota", "/usr/share/zoneinfo/America/Boise", "/usr/share/zoneinfo/America/Cambridge_Bay", "/usr/share/zoneinfo/America/Campo_Grande", "/usr/share/zoneinfo/America/Cancun", "/usr/share/zoneinfo/America/Caracas", "/usr/share/zoneinfo/America/Cayenne", "/usr/share/zoneinfo/America/Cayman", "/usr/share/zoneinfo/America/Chicago", "/usr/share/zoneinfo/America/Chihuahua", "/usr/share/zoneinfo/America/Ciudad_Juarez", "/usr/share/zoneinfo/America/Costa_Rica", "/usr/share/zoneinfo/America/Coyhaique", "/usr/share/zoneinfo/America/Creston", "/usr/share/zoneinfo/America/Cuiaba", "/usr/share/zoneinfo/America/Curacao", "/usr/share/zoneinfo/America/Danmarkshavn", "/usr/share/zoneinfo/America/Dawson", "/usr/share/zoneinfo/America/Dawson_Creek", "/usr/share/zoneinfo/America/Denver", "/usr/share/zoneinfo/America/Detroit", "/usr/share/zoneinfo/America/Dominica", "/usr/share/zoneinfo/America/Edmonton", "/usr/share/zoneinfo/America/Eirunepe", "/usr/share/zoneinfo/America/El_Salvador", "/usr/share/zoneinfo/America/Fort_Nelson", "/usr/share/zoneinfo/America/Fortaleza", "/usr/share/zoneinfo/America/Glace_Bay", "/usr/share/zoneinfo/America/Goose_Bay", "/usr/share/zoneinfo/America/Grand_Turk", "/usr/share/zoneinfo/America/Grenada", "/usr/share/zoneinfo/America/Guadeloupe", "/usr/share/zoneinfo/America/Guatemala", "/usr/share/zoneinfo/America/Guayaquil", "/usr/share/zoneinfo/America/Guyana", "/usr/share/zoneinfo/America/Halifax", "/usr/share/zoneinfo/America/Havana", "/usr/share/zoneinfo/America/Hermosillo", "/usr/share/zoneinfo/America/Indiana/Indianapolis", "/usr/share/zoneinfo/America/Indiana/Knox", "/usr/share/zoneinfo/America/Indiana/Marengo", "/usr/share/zoneinfo/America/Indiana/Petersburg", "/usr/share/zoneinfo/America/Indiana/Tell_City", "/usr/share/zoneinfo/America/Indiana/Vevay", "/usr/share/zoneinfo/America/Indiana/Vincennes", "/usr/share/zoneinfo/America/Indiana/Winamac", "/usr/share/zoneinfo/America/Inuvik", "/usr/share/zoneinfo/America/Iqaluit", "/usr/share/zoneinfo/America/Jamaica", "/usr/share/zoneinfo/America/Juneau", "/usr/share/zoneinfo/America/Kentucky/Louisville", "/usr/share/zoneinfo/America/Kentucky/Monticello", "/usr/share/zoneinfo/America/La_Paz", "/usr/share/zoneinfo/America/Lima", "/usr/share/zoneinfo/America/Los_Angeles", "/usr/share/zoneinfo/America/Maceio", "/usr/share/zoneinfo/America/Managua", "/usr/share/zoneinfo/America/Manaus", "/usr/share/zoneinfo/America/Martinique", "/usr/share/zoneinfo/America/Matamoros", "/usr/share/zoneinfo/America/Mazatlan", "/usr/share/zoneinfo/America/Menominee", "/usr/share/zoneinfo/America/Merida", "/usr/share/zoneinfo/America/Metlakatla", "/usr/share/zoneinfo/America/Mexico_City", "/usr/share/zoneinfo/America/Miquelon", "/usr/share/zoneinfo/America/Moncton", "/usr/share/zoneinfo/America/Monterrey", "/usr/share/zoneinfo/America/Montevideo", "/usr/share/zoneinfo/America/Montserrat", "/usr/share/zoneinfo/America/Nassau", "/usr/share/zoneinfo/America/New_York", "/usr/share/zoneinfo/America/Nome", "/usr/share/zoneinfo/America/Noronha", "/usr/share/zoneinfo/America/North_Dakota/Beulah", "/usr/share/zoneinfo/America/North_Dakota/Center", "/usr/share/zoneinfo/America/North_Dakota/New_Salem", "/usr/share/zoneinfo/America/Nuuk", "/usr/share/zoneinfo/America/Ojinaga", "/usr/share/zoneinfo/America/Panama", "/usr/share/zoneinfo/America/Paramaribo", "/usr/share/zoneinfo/America/Phoenix", "/usr/share/zoneinfo/America/Port-au-Prince", "/usr/share/zoneinfo/America/Port_of_Spain", "/usr/share/zoneinfo/America/Porto_Velho", "/usr/share/zoneinfo/America/Puerto_Rico", "/usr/share/zoneinfo/America/Punta_Arenas", "/usr/share/zoneinfo/America/Rankin_Inlet", "/usr/share/zoneinfo/America/Recife", "/usr/share/zoneinfo/America/Regina", "/usr/share/zoneinfo/America/Resolute", "/usr/share/zoneinfo/America/Rio_Branco", "/usr/share/zoneinfo/America/Santarem", "/usr/share/zoneinfo/America/Santiago", "/usr/share/zoneinfo/America/Santo_Domingo", "/usr/share/zoneinfo/America/Sao_Paulo", "/usr/share/zoneinfo/America/Scoresbysund", "/usr/share/zoneinfo/America/Sitka", "/usr/share/zoneinfo/America/St_Johns", "/usr/share/zoneinfo/America/St_Kitts", "/usr/share/zoneinfo/America/St_Lucia", "/usr/share/zoneinfo/America/St_Thomas", "/usr/share/zoneinfo/America/St_Vincent", "/usr/share/zoneinfo/America/Swift_Current", "/usr/share/zoneinfo/America/Tegucigalpa", "/usr/share/zoneinfo/America/Thule", "/usr/share/zoneinfo/America/Tijuana", "/usr/share/zoneinfo/America/Toronto", "/usr/share/zoneinfo/America/Tortola", "/usr/share/zoneinfo/America/Vancouver", "/usr/share/zoneinfo/America/Whitehorse", "/usr/share/zoneinfo/America/Winnipeg", "/usr/share/zoneinfo/America/Yakutat", "/usr/share/zoneinfo/Antarctica/Casey", "/usr/share/zoneinfo/Antarctica/Davis", "/usr/share/zoneinfo/Antarctica/DumontDUrville", "/usr/share/zoneinfo/Antarctica/Macquarie", "/usr/share/zoneinfo/Antarctica/Mawson", "/usr/share/zoneinfo/Antarctica/McMurdo", "/usr/share/zoneinfo/Antarctica/Palmer", "/usr/share/zoneinfo/Antarctica/Rothera", "/usr/share/zoneinfo/Antarctica/Syowa", "/usr/share/zoneinfo/Antarctica/Troll", "/usr/share/zoneinfo/Antarctica/Vostok", "/usr/share/zoneinfo/Asia/Aden", "/usr/share/zoneinfo/Asia/Almaty", "/usr/share/zoneinfo/Asia/Amman", "/usr/share/zoneinfo/Asia/Anadyr", "/usr/share/zoneinfo/Asia/Aqtau", "/usr/share/zoneinfo/Asia/Aqtobe", "/usr/share/zoneinfo/Asia/Ashgabat", "/usr/share/zoneinfo/Asia/Atyrau", "/usr/share/zoneinfo/Asia/Baghdad", "/usr/share/zoneinfo/Asia/Bahrain", "/usr/share/zoneinfo/Asia/Baku", "/usr/share/zoneinfo/Asia/Bangkok", "/usr/share/zoneinfo/Asia/Barnaul", "/usr/share/zoneinfo/Asia/Beirut", "/usr/share/zoneinfo/Asia/Bishkek", "/usr/share/zoneinfo/Asia/Brunei", "/usr/share/zoneinfo/Asia/Chita", "/usr/share/zoneinfo/Asia/Colombo", "/usr/share/zoneinfo/Asia/Damascus", "/usr/share/zoneinfo/Asia/Dhaka", "/usr/share/zoneinfo/Asia/Dili", "/usr/share/zoneinfo/Asia/Dubai", "/usr/share/zoneinfo/Asia/Dushanbe", "/usr/share/zoneinfo/Asia/Famagusta", "/usr/share/zoneinfo/Asia/Gaza", "/usr/share/zoneinfo/Asia/Hebron", "/usr/share/zoneinfo/Asia/Ho_Chi_Minh", "/usr/share/zoneinfo/Asia/Hong_Kong", "/usr/share/zoneinfo/Asia/Hovd", "/usr/share/zoneinfo/Asia/Irkutsk", "/usr/share/zoneinfo/Asia/Jakarta", "/usr/share/zoneinfo/Asia/Jayapura", "/usr/share/zoneinfo/Asia/Jerusalem", "/usr/share/zoneinfo/Asia/Kabul", "/usr/share/zoneinfo/Asia/Kamchatka", "/usr/share/zoneinfo/Asia/Karachi", "/usr/share/zoneinfo/Asia/Kathmandu", "/usr/share/zoneinfo/Asia/Khandyga", "/usr/share/zoneinfo/Asia/Kolkata", "/usr/share/zoneinfo/Asia/Krasnoyarsk", "/usr/share/zoneinfo/Asia/Kuala_Lumpur", "/usr/share/zoneinfo/Asia/Kuching", "/usr/share/zoneinfo/Asia/Kuwait", "/usr/share/zoneinfo/Asia/Macau", "/usr/share/zoneinfo/Asia/Magadan", "/usr/share/zoneinfo/Asia/Makassar", "/usr/share/zoneinfo/Asia/Manila", "/usr/share/zoneinfo/Asia/Muscat", "/usr/share/zoneinfo/Asia/Nicosia", "/usr/share/zoneinfo/Asia/Novokuznetsk", "/usr/share/zoneinfo/Asia/Novosibirsk", "/usr/share/zoneinfo/Asia/Omsk", "/usr/share/zoneinfo/Asia/Oral", "/usr/share/zoneinfo/Asia/Phnom_Penh", "/usr/share/zoneinfo/Asia/Pontianak", "/usr/share/zoneinfo/Asia/Pyongyang", "/usr/share/zoneinfo/Asia/Qatar", "/usr/share/zoneinfo/Asia/Qostanay", "/usr/share/zoneinfo/Asia/Qyzylorda", "/usr/share/zoneinfo/Asia/Riyadh", "/usr/share/zoneinfo/Asia/Sakhalin", "/usr/share/zoneinfo/Asia/Samarkand", "/usr/share/zoneinfo/Asia/Seoul", "/usr/share/zoneinfo/Asia/Shanghai", "/usr/share/zoneinfo/Asia/Singapore", "/usr/share/zoneinfo/Asia/Srednekolymsk", "/usr/share/zoneinfo/Asia/Taipei", "/usr/share/zoneinfo/Asia/Tashkent", "/usr/share/zoneinfo/Asia/Tbilisi", "/usr/share/zoneinfo/Asia/Tehran", "/usr/share/zoneinfo/Asia/Thimphu", "/usr/share/zoneinfo/Asia/Tokyo", "/usr/share/zoneinfo/Asia/Tomsk", "/usr/share/zoneinfo/Asia/Ulaanbaatar", "/usr/share/zoneinfo/Asia/Urumqi", "/usr/share/zoneinfo/Asia/Ust-Nera", "/usr/share/zoneinfo/Asia/Vientiane", "/usr/share/zoneinfo/Asia/Vladivostok", "/usr/share/zoneinfo/Asia/Yakutsk", "/usr/share/zoneinfo/Asia/Yangon", "/usr/share/zoneinfo/Asia/Yekaterinburg", "/usr/share/zoneinfo/Asia/Yerevan", "/usr/share/zoneinfo/Atlantic/Azores", "/usr/share/zoneinfo/Atlantic/Bermuda", "/usr/share/zoneinfo/Atlantic/Canary", "/usr/share/zoneinfo/Atlantic/Cape_Verde", "/usr/share/zoneinfo/Atlantic/Faroe", "/usr/share/zoneinfo/Atlantic/Madeira", "/usr/share/zoneinfo/Atlantic/Reykjavik", "/usr/share/zoneinfo/Atlantic/South_Georgia", "/usr/share/zoneinfo/Atlantic/St_Helena", "/usr/share/zoneinfo/Atlantic/Stanley", "/usr/share/zoneinfo/Australia/Adelaide", "/usr/share/zoneinfo/Australia/Brisbane", "/usr/share/zoneinfo/Australia/Broken_Hill", "/usr/share/zoneinfo/Australia/Darwin", "/usr/share/zoneinfo/Australia/Eucla", "/usr/share/zoneinfo/Australia/Hobart", "/usr/share/zoneinfo/Australia/Lindeman", "/usr/share/zoneinfo/Australia/Lord_Howe", "/usr/share/zoneinfo/Australia/Melbourne", "/usr/share/zoneinfo/Australia/Perth", "/usr/share/zoneinfo/Australia/Sydney", "/usr/share/zoneinfo/Etc/GMT", "/usr/share/zoneinfo/Etc/GMT+1", "/usr/share/zoneinfo/Etc/GMT+10", "/usr/share/zoneinfo/Etc/GMT+11", "/usr/share/zoneinfo/Etc/GMT+12", "/usr/share/zoneinfo/Etc/GMT+2", "/usr/share/zoneinfo/Etc/GMT+3", "/usr/share/zoneinfo/Etc/GMT+4", "/usr/share/zoneinfo/Etc/GMT+5", "/usr/share/zoneinfo/Etc/GMT+6", "/usr/share/zoneinfo/Etc/GMT+7", "/usr/share/zoneinfo/Etc/GMT+8", "/usr/share/zoneinfo/Etc/GMT+9", "/usr/share/zoneinfo/Etc/GMT-1", "/usr/share/zoneinfo/Etc/GMT-10", "/usr/share/zoneinfo/Etc/GMT-11", "/usr/share/zoneinfo/Etc/GMT-12", "/usr/share/zoneinfo/Etc/GMT-13", "/usr/share/zoneinfo/Etc/GMT-14", "/usr/share/zoneinfo/Etc/GMT-2", "/usr/share/zoneinfo/Etc/GMT-3", "/usr/share/zoneinfo/Etc/GMT-4", "/usr/share/zoneinfo/Etc/GMT-5", "/usr/share/zoneinfo/Etc/GMT-6", "/usr/share/zoneinfo/Etc/GMT-7", "/usr/share/zoneinfo/Etc/GMT-8", "/usr/share/zoneinfo/Etc/GMT-9", "/usr/share/zoneinfo/Etc/UTC", "/usr/share/zoneinfo/Europe/Amsterdam", "/usr/share/zoneinfo/Europe/Andorra", "/usr/share/zoneinfo/Europe/Astrakhan", "/usr/share/zoneinfo/Europe/Athens", "/usr/share/zoneinfo/Europe/Belgrade", "/usr/share/zoneinfo/Europe/Berlin", "/usr/share/zoneinfo/Europe/Brussels", "/usr/share/zoneinfo/Europe/Bucharest", "/usr/share/zoneinfo/Europe/Budapest", "/usr/share/zoneinfo/Europe/Chisinau", "/usr/share/zoneinfo/Europe/Copenhagen", "/usr/share/zoneinfo/Europe/Dublin", "/usr/share/zoneinfo/Europe/Gibraltar", "/usr/share/zoneinfo/Europe/Guernsey", "/usr/share/zoneinfo/Europe/Helsinki", "/usr/share/zoneinfo/Europe/Isle_of_Man", "/usr/share/zoneinfo/Europe/Istanbul", "/usr/share/zoneinfo/Europe/Jersey", "/usr/share/zoneinfo/Europe/Kaliningrad", "/usr/share/zoneinfo/Europe/Kirov", "/usr/share/zoneinfo/Europe/Kyiv", "/usr/share/zoneinfo/Europe/Lisbon", "/usr/share/zoneinfo/Europe/Ljubljana", "/usr/share/zoneinfo/Europe/London", "/usr/share/zoneinfo/Europe/Luxembourg", "/usr/share/zoneinfo/Europe/Madrid", "/usr/share/zoneinfo/Europe/Malta", "/usr/share/zoneinfo/Europe/Minsk", "/usr/share/zoneinfo/Europe/Monaco", "/usr/share/zoneinfo/Europe/Moscow", "/usr/share/zoneinfo/Europe/Oslo", "/usr/share/zoneinfo/Europe/Paris", "/usr/share/zoneinfo/Europe/Prague", "/usr/share/zoneinfo/Europe/Riga", "/usr/share/zoneinfo/Europe/Rome", "/usr/share/zoneinfo/Europe/Samara", "/usr/share/zoneinfo/Europe/Sarajevo", "/usr/share/zoneinfo/Europe/Saratov", "/usr/share/zoneinfo/Europe/Simferopol", "/usr/share/zoneinfo/Europe/Skopje", "/usr/share/zoneinfo/Europe/Sofia", "/usr/share/zoneinfo/Europe/Stockholm", "/usr/share/zoneinfo/Europe/Tallinn", "/usr/share/zoneinfo/Europe/Tirane", "/usr/share/zoneinfo/Europe/Ulyanovsk", "/usr/share/zoneinfo/Europe/Vaduz", "/usr/share/zoneinfo/Europe/Vienna", "/usr/share/zoneinfo/Europe/Vilnius", "/usr/share/zoneinfo/Europe/Volgograd", "/usr/share/zoneinfo/Europe/Warsaw", "/usr/share/zoneinfo/Europe/Zagreb", "/usr/share/zoneinfo/Europe/Zurich", "/usr/share/zoneinfo/Factory", "/usr/share/zoneinfo/Indian/Antananarivo", "/usr/share/zoneinfo/Indian/Chagos", "/usr/share/zoneinfo/Indian/Christmas", "/usr/share/zoneinfo/Indian/Cocos", "/usr/share/zoneinfo/Indian/Comoro", "/usr/share/zoneinfo/Indian/Kerguelen", "/usr/share/zoneinfo/Indian/Mahe", "/usr/share/zoneinfo/Indian/Maldives", "/usr/share/zoneinfo/Indian/Mauritius", "/usr/share/zoneinfo/Indian/Mayotte", "/usr/share/zoneinfo/Indian/Reunion", "/usr/share/zoneinfo/Pacific/Apia", "/usr/share/zoneinfo/Pacific/Auckland", "/usr/share/zoneinfo/Pacific/Bougainville", "/usr/share/zoneinfo/Pacific/Chatham", "/usr/share/zoneinfo/Pacific/Chuuk", "/usr/share/zoneinfo/Pacific/Easter", "/usr/share/zoneinfo/Pacific/Efate", "/usr/share/zoneinfo/Pacific/Fakaofo", "/usr/share/zoneinfo/Pacific/Fiji", "/usr/share/zoneinfo/Pacific/Funafuti", "/usr/share/zoneinfo/Pacific/Galapagos", "/usr/share/zoneinfo/Pacific/Gambier", "/usr/share/zoneinfo/Pacific/Guadalcanal", "/usr/share/zoneinfo/Pacific/Guam", "/usr/share/zoneinfo/Pacific/Honolulu", "/usr/share/zoneinfo/Pacific/Kanton", "/usr/share/zoneinfo/Pacific/Kiritimati", "/usr/share/zoneinfo/Pacific/Kosrae", "/usr/share/zoneinfo/Pacific/Kwajalein", "/usr/share/zoneinfo/Pacific/Majuro", "/usr/share/zoneinfo/Pacific/Marquesas", "/usr/share/zoneinfo/Pacific/Midway", "/usr/share/zoneinfo/Pacific/Nauru", "/usr/share/zoneinfo/Pacific/Niue", "/usr/share/zoneinfo/Pacific/Norfolk", "/usr/share/zoneinfo/Pacific/Noumea", "/usr/share/zoneinfo/Pacific/Pago_Pago", "/usr/share/zoneinfo/Pacific/Palau", "/usr/share/zoneinfo/Pacific/Pitcairn", "/usr/share/zoneinfo/Pacific/Pohnpei", "/usr/share/zoneinfo/Pacific/Port_Moresby", "/usr/share/zoneinfo/Pacific/Rarotonga", "/usr/share/zoneinfo/Pacific/Saipan", "/usr/share/zoneinfo/Pacific/Tahiti", "/usr/share/zoneinfo/Pacific/Tarawa", "/usr/share/zoneinfo/Pacific/Tongatapu", "/usr/share/zoneinfo/Pacific/Wake", "/usr/share/zoneinfo/Pacific/Wallis", "/usr/share/zoneinfo/iso3166.tab", "/usr/share/zoneinfo/leap-seconds.list", "/usr/share/zoneinfo/leapseconds", "/usr/share/zoneinfo/tzdata.zi", "/usr/share/zoneinfo/zone.tab", "/usr/share/zoneinfo/zone1970.tab", "/usr/share/zoneinfo/zonenow.tab" ], "AnalyzedBy": "dpkg" }, { "ID": "util-linux@2.41-5", "Name": "util-linux", "Identifier": { "PURL": "pkg:deb/debian/util-linux@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "972fb85b9c9e83e7" }, "Version": "2.41", "Release": "5", "Arch": "amd64", "SrcName": "util-linux", "SrcVersion": "2.41", "SrcRelease": "5", "Licenses": [ "GPL-2.0-or-later", "GPL-2.0-only", "GPL-3.0-or-later", "LGPL-2.1-or-later", "public-domain", "BSD-4-Clause", "MIT", "ISC", "BSD-3-Clause", "BSLA", "LGPL-2.0-or-later", "BSD-2-Clause", "LGPL-3.0-or-later", "GPL-3.0-only", "LGPL-2.0-only", "LGPL-2.1-only", "LGPL-3.0-only" ], "Maintainer": "Chris Hofstaedtler \u003czeha@debian.org\u003e", "Repository": { "Class": "official" }, "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/bin/choom", "/usr/bin/chrt", "/usr/bin/dmesg", "/usr/bin/fallocate", "/usr/bin/findmnt", "/usr/bin/flock", "/usr/bin/getopt", "/usr/bin/hardlink", "/usr/bin/ionice", "/usr/bin/ipcmk", "/usr/bin/ipcrm", "/usr/bin/ipcs", "/usr/bin/lsblk", "/usr/bin/lscpu", "/usr/bin/lsipc", "/usr/bin/lslocks", "/usr/bin/lslogins", "/usr/bin/lsmem", "/usr/bin/lsns", "/usr/bin/mcookie", "/usr/bin/more", "/usr/bin/mountpoint", "/usr/bin/namei", "/usr/bin/nsenter", "/usr/bin/partx", "/usr/bin/prlimit", "/usr/bin/rename.ul", "/usr/bin/rev", "/usr/bin/setarch", "/usr/bin/setpriv", "/usr/bin/setsid", "/usr/bin/setterm", "/usr/bin/su", "/usr/bin/taskset", "/usr/bin/uclampset", "/usr/bin/unshare", "/usr/bin/wdctl", "/usr/bin/whereis", "/usr/lib/mime/packages/util-linux", "/usr/lib/systemd/system/fstrim.service", "/usr/lib/systemd/system/fstrim.timer", "/usr/sbin/agetty", "/usr/sbin/blkdiscard", "/usr/sbin/blkid", "/usr/sbin/blkzone", "/usr/sbin/blockdev", "/usr/sbin/chcpu", "/usr/sbin/chmem", "/usr/sbin/findfs", "/usr/sbin/fsck", "/usr/sbin/fsfreeze", "/usr/sbin/fstrim", "/usr/sbin/isosize", "/usr/sbin/ldattach", "/usr/sbin/mkfs", "/usr/sbin/mkswap", "/usr/sbin/pivot_root", "/usr/sbin/readprofile", "/usr/sbin/rtcwake", "/usr/sbin/runuser", "/usr/sbin/sulogin", "/usr/sbin/swaplabel", "/usr/sbin/switch_root", "/usr/sbin/wipefs", "/usr/sbin/zramctl", "/usr/share/bash-completion/completions/blkdiscard", "/usr/share/bash-completion/completions/blkid", "/usr/share/bash-completion/completions/blkzone", "/usr/share/bash-completion/completions/blockdev", "/usr/share/bash-completion/completions/chcpu", "/usr/share/bash-completion/completions/chmem", "/usr/share/bash-completion/completions/chrt", "/usr/share/bash-completion/completions/dmesg", "/usr/share/bash-completion/completions/fallocate", "/usr/share/bash-completion/completions/findfs", "/usr/share/bash-completion/completions/findmnt", "/usr/share/bash-completion/completions/flock", "/usr/share/bash-completion/completions/fsck", "/usr/share/bash-completion/completions/fsfreeze", "/usr/share/bash-completion/completions/fstrim", "/usr/share/bash-completion/completions/getopt", "/usr/share/bash-completion/completions/hardlink", "/usr/share/bash-completion/completions/ionice", "/usr/share/bash-completion/completions/ipcmk", "/usr/share/bash-completion/completions/ipcrm", "/usr/share/bash-completion/completions/ipcs", "/usr/share/bash-completion/completions/isosize", "/usr/share/bash-completion/completions/ldattach", "/usr/share/bash-completion/completions/lsblk", "/usr/share/bash-completion/completions/lscpu", "/usr/share/bash-completion/completions/lsipc", "/usr/share/bash-completion/completions/lslocks", "/usr/share/bash-completion/completions/lslogins", "/usr/share/bash-completion/completions/lsmem", "/usr/share/bash-completion/completions/lsns", "/usr/share/bash-completion/completions/mcookie", "/usr/share/bash-completion/completions/mkfs", "/usr/share/bash-completion/completions/mkswap", "/usr/share/bash-completion/completions/more", "/usr/share/bash-completion/completions/mountpoint", "/usr/share/bash-completion/completions/namei", "/usr/share/bash-completion/completions/nsenter", "/usr/share/bash-completion/completions/partx", "/usr/share/bash-completion/completions/pivot_root", "/usr/share/bash-completion/completions/prlimit", "/usr/share/bash-completion/completions/readprofile", "/usr/share/bash-completion/completions/rename.ul", "/usr/share/bash-completion/completions/rev", "/usr/share/bash-completion/completions/rtcwake", "/usr/share/bash-completion/completions/setarch", "/usr/share/bash-completion/completions/setpriv", "/usr/share/bash-completion/completions/setsid", "/usr/share/bash-completion/completions/setterm", "/usr/share/bash-completion/completions/su", "/usr/share/bash-completion/completions/swaplabel", "/usr/share/bash-completion/completions/taskset", "/usr/share/bash-completion/completions/uclampset", "/usr/share/bash-completion/completions/unshare", "/usr/share/bash-completion/completions/wdctl", "/usr/share/bash-completion/completions/whereis", "/usr/share/bash-completion/completions/wipefs", "/usr/share/bash-completion/completions/zramctl", "/usr/share/doc/util-linux/00-about-docs.txt", "/usr/share/doc/util-linux/AUTHORS.gz", "/usr/share/doc/util-linux/NEWS.Debian.gz", "/usr/share/doc/util-linux/PAM-configuration.txt", "/usr/share/doc/util-linux/README.Debian", "/usr/share/doc/util-linux/blkid.txt", "/usr/share/doc/util-linux/cal.txt", "/usr/share/doc/util-linux/changelog.Debian.gz", "/usr/share/doc/util-linux/changelog.gz", "/usr/share/doc/util-linux/col.txt", "/usr/share/doc/util-linux/copyright", "/usr/share/doc/util-linux/deprecated.txt", "/usr/share/doc/util-linux/examples/getopt-example.bash", "/usr/share/doc/util-linux/getopt.txt", "/usr/share/doc/util-linux/getopt_changelog.txt", "/usr/share/doc/util-linux/howto-build-sys.txt", "/usr/share/doc/util-linux/howto-compilation.txt", "/usr/share/doc/util-linux/howto-contribute.txt.gz", "/usr/share/doc/util-linux/howto-debug.txt", "/usr/share/doc/util-linux/howto-man-page.txt", "/usr/share/doc/util-linux/howto-pull-request.txt.gz", "/usr/share/doc/util-linux/howto-tests.txt", "/usr/share/doc/util-linux/howto-usage-function.txt.gz", "/usr/share/doc/util-linux/hwclock.txt", "/usr/share/doc/util-linux/modems-with-agetty.txt", "/usr/share/doc/util-linux/mount.txt", "/usr/share/doc/util-linux/parse-date.txt.gz", "/usr/share/doc/util-linux/pg.txt", "/usr/share/doc/util-linux/poeigl.txt.gz", "/usr/share/doc/util-linux/release-schedule.txt", "/usr/share/doc/util-linux/releases/v2.13-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.14-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.15-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.16-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.17-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.18-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.19-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.20-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.21-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.22-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.23-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.24-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.25-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.26-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.27-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.28-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.29-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.30-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.31-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.32-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.33-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.34-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.35-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.36-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.37-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.38-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.39-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.40-ReleaseNotes.gz", "/usr/share/doc/util-linux/releases/v2.41-ReleaseNotes.gz", "/usr/share/lintian/overrides/util-linux", "/usr/share/man/man1/choom.1.gz", "/usr/share/man/man1/chrt.1.gz", "/usr/share/man/man1/dmesg.1.gz", "/usr/share/man/man1/fallocate.1.gz", "/usr/share/man/man1/flock.1.gz", "/usr/share/man/man1/getopt.1.gz", "/usr/share/man/man1/hardlink.1.gz", "/usr/share/man/man1/ionice.1.gz", "/usr/share/man/man1/ipcmk.1.gz", "/usr/share/man/man1/ipcrm.1.gz", "/usr/share/man/man1/ipcs.1.gz", "/usr/share/man/man1/lscpu.1.gz", "/usr/share/man/man1/lsipc.1.gz", "/usr/share/man/man1/lslogins.1.gz", "/usr/share/man/man1/lsmem.1.gz", "/usr/share/man/man1/mcookie.1.gz", "/usr/share/man/man1/more.1.gz", "/usr/share/man/man1/mountpoint.1.gz", "/usr/share/man/man1/namei.1.gz", "/usr/share/man/man1/nsenter.1.gz", "/usr/share/man/man1/prlimit.1.gz", "/usr/share/man/man1/rename.ul.1.gz", "/usr/share/man/man1/rev.1.gz", "/usr/share/man/man1/runuser.1.gz", "/usr/share/man/man1/setpriv.1.gz", "/usr/share/man/man1/setsid.1.gz", "/usr/share/man/man1/setterm.1.gz", "/usr/share/man/man1/su.1.gz", "/usr/share/man/man1/taskset.1.gz", "/usr/share/man/man1/uclampset.1.gz", "/usr/share/man/man1/unshare.1.gz", "/usr/share/man/man1/whereis.1.gz", "/usr/share/man/man5/adjtime_config.5.gz", "/usr/share/man/man5/scols-filter.5.gz", "/usr/share/man/man5/terminal-colors.d.5.gz", "/usr/share/man/man8/agetty.8.gz", "/usr/share/man/man8/blkdiscard.8.gz", "/usr/share/man/man8/blkid.8.gz", "/usr/share/man/man8/blkzone.8.gz", "/usr/share/man/man8/blockdev.8.gz", "/usr/share/man/man8/chcpu.8.gz", "/usr/share/man/man8/chmem.8.gz", "/usr/share/man/man8/findfs.8.gz", "/usr/share/man/man8/findmnt.8.gz", "/usr/share/man/man8/fsck.8.gz", "/usr/share/man/man8/fsfreeze.8.gz", "/usr/share/man/man8/fstrim.8.gz", "/usr/share/man/man8/isosize.8.gz", "/usr/share/man/man8/ldattach.8.gz", "/usr/share/man/man8/lsblk.8.gz", "/usr/share/man/man8/lslocks.8.gz", "/usr/share/man/man8/lsns.8.gz", "/usr/share/man/man8/mkfs.8.gz", "/usr/share/man/man8/mkswap.8.gz", "/usr/share/man/man8/partx.8.gz", "/usr/share/man/man8/pivot_root.8.gz", "/usr/share/man/man8/readprofile.8.gz", "/usr/share/man/man8/rtcwake.8.gz", "/usr/share/man/man8/setarch.8.gz", "/usr/share/man/man8/sulogin.8.gz", "/usr/share/man/man8/swaplabel.8.gz", "/usr/share/man/man8/switch_root.8.gz", "/usr/share/man/man8/wdctl.8.gz", "/usr/share/man/man8/wipefs.8.gz", "/usr/share/man/man8/zramctl.8.gz", "/usr/share/util-linux/logcheck/ignore.d.server/util-linux" ], "AnalyzedBy": "dpkg" }, { "ID": "zlib1g@1:1.3.dfsg+really1.3.1-1+b1", "Name": "zlib1g", "Identifier": { "PURL": "pkg:deb/debian/zlib1g@1.3.dfsg%2Breally1.3.1-1%2Bb1?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "ff182eb2a26a8142" }, "Version": "1.3.dfsg+really1.3.1", "Release": "1+b1", "Epoch": 1, "Arch": "amd64", "SrcName": "zlib", "SrcVersion": "1.3.dfsg+really1.3.1", "SrcRelease": "1", "SrcEpoch": 1, "Licenses": [ "Zlib" ], "Maintainer": "Mark Brown \u003cbroonie@debian.org\u003e", "Repository": { "Class": "official" }, "DependsOn": [ "libc6@2.41-12+deb13u3" ], "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "InstalledFiles": [ "/usr/lib/x86_64-linux-gnu/libz.so.1.3.1", "/usr/share/doc/zlib1g/changelog.Debian.amd64.gz", "/usr/share/doc/zlib1g/changelog.Debian.gz", "/usr/share/doc/zlib1g/changelog.gz", "/usr/share/doc/zlib1g/copyright" ], "AnalyzedBy": "dpkg" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2026-27456", "PkgID": "bsdutils@1:2.41-5", "PkgName": "bsdutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/bsdutils@2.41-5?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "5843733a461e6ce1" }, "InstalledVersion": "1:2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:48d45065fd36f9b29605ea9e40dcda4160994ad29bfaa13740de33043026e270", "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59", "CWE-269", "CWE-367" ], "VendorSeverity": { "azure": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27456", "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "https://www.cve.org/CVERecord?id=CVE-2026-27456" ], "PublishedDate": "2026-04-03T22:16:25.4Z", "LastModifiedDate": "2026-04-22T16:08:55.1Z" }, { "VulnerabilityID": "CVE-2026-3184", "PkgID": "bsdutils@1:2.41-5", "PkgName": "bsdutils", "PkgIdentifier": { "PURL": "pkg:deb/debian/bsdutils@2.41-5?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "5843733a461e6ce1" }, "InstalledVersion": "1:2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:24958e6e74e26b300133f285c228b9f461b52b95614b7a6a11a8c375f56fd1ad", "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", "Severity": "MEDIUM", "CweIDs": [ "CWE-289" ], "VendorSeverity": { "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7180", "https://access.redhat.com/security/cve/CVE-2026-3184", "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", "https://www.cve.org/CVERecord?id=CVE-2026-3184" ], "PublishedDate": "2026-04-03T19:17:23.377Z", "LastModifiedDate": "2026-05-01T19:29:51.02Z" }, { "VulnerabilityID": "CVE-2026-27456", "PkgID": "libblkid1@2.41-5", "PkgName": "libblkid1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libblkid1@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "51bf0af8d40f4a01" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:208d533fb99315acb62e1e9ea4784a159117a77fde3e0e2ecd946a623ec63e05", "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59", "CWE-269", "CWE-367" ], "VendorSeverity": { "azure": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27456", "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "https://www.cve.org/CVERecord?id=CVE-2026-27456" ], "PublishedDate": "2026-04-03T22:16:25.4Z", "LastModifiedDate": "2026-04-22T16:08:55.1Z" }, { "VulnerabilityID": "CVE-2026-3184", "PkgID": "libblkid1@2.41-5", "PkgName": "libblkid1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libblkid1@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "51bf0af8d40f4a01" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:6c64f70629ab0593fa1bf5c32fccbdd6becc9bd93e29919dad32d10e21c7b220", "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", "Severity": "MEDIUM", "CweIDs": [ "CWE-289" ], "VendorSeverity": { "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7180", "https://access.redhat.com/security/cve/CVE-2026-3184", "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", "https://www.cve.org/CVERecord?id=CVE-2026-3184" ], "PublishedDate": "2026-04-03T19:17:23.377Z", "LastModifiedDate": "2026-05-01T19:29:51.02Z" }, { "VulnerabilityID": "CVE-2026-5435", "PkgID": "libc-bin@2.41-12+deb13u3", "PkgName": "libc-bin", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc-bin@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", "UID": "c45af597301c8c0b" }, "InstalledVersion": "2.41-12+deb13u3", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5435", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:b3629142443e8ebf9958830b2ca46a0923ef41f10d95ed80964f96f8d430d6fb", "Title": "glibc: glibc: Out-of-bounds write via TSIG record processing", "Description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-5435", "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2026-5435", "https://sourceware.org/bugzilla/show_bug.cgi?id=34033", "https://www.cve.org/CVERecord?id=CVE-2026-5435" ], "PublishedDate": "2026-04-28T13:19:22.29Z", "LastModifiedDate": "2026-05-05T17:38:37.03Z" }, { "VulnerabilityID": "CVE-2026-5450", "PkgID": "libc-bin@2.41-12+deb13u3", "PkgName": "libc-bin", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc-bin@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", "UID": "c45af597301c8c0b" }, "InstalledVersion": "2.41-12+deb13u3", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5450", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:6b2c53bb9c79464e2f0dec6316df2631ed75aa71b95b1f19e5ac05de11c9f099", "Title": "glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width", "Description": "Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.", "Severity": "MEDIUM", "CweIDs": [ "CWE-122", "CWE-787" ], "VendorSeverity": { "photon": 4, "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H", "V3Score": 5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-5450", "https://inbox.sourceware.org/libc-announce/b11f0003-6ec1-4bd6-b9de-9e38a4efeca3@redhat.com/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2026-5450", "https://nvd.nist.gov/vuln/detail/CVE-2026-5450#range-21286997", "https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450", "https://www.cve.org/CVERecord?id=CVE-2026-5450" ], "PublishedDate": "2026-04-20T21:16:36.85Z", "LastModifiedDate": "2026-04-23T15:33:34.277Z" }, { "VulnerabilityID": "CVE-2026-5928", "PkgID": "libc-bin@2.41-12+deb13u3", "PkgName": "libc-bin", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc-bin@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", "UID": "c45af597301c8c0b" }, "InstalledVersion": "2.41-12+deb13u3", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5928", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:f30717acc188a932e74e113d90b2fa1d0d6e93472dc89eaa63e3d2f7bb298274", "Title": "glibc: glibc: Information disclosure or denial of service via ungetwc function with specific wide character encodings", "Description": "Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially resulting in unintentional disclosure of neighboring data in the heap, or a program crash.\n\nA bug in the wide character pushback implementation (_IO_wdefault_pbackfail in libio/wgenops.c) causes ungetwc() to operate on the regular character buffer (fp-\u003e_IO_read_ptr) instead of the actual wide-stream read pointer (fp-\u003e_wide_data-\u003e_IO_read_ptr). The program crash may happen in cases where fp-\u003e_IO_read_ptr is not initialized and hence points to NULL. The buffer under-read requires a special situation where the input character encoding is such that there are overlaps between single byte representations and multibyte representations in that encoding, resulting in spurious matches. The spurious match case is not possible in the standard Unicode character sets.", "Severity": "MEDIUM", "CweIDs": [ "CWE-127" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H", "V3Score": 5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-5928", "https://nvd.nist.gov/vuln/detail/CVE-2026-5928", "https://sourceware.org/bugzilla/show_bug.cgi?id=33998", "https://www.cve.org/CVERecord?id=CVE-2026-5928" ], "PublishedDate": "2026-04-20T21:16:36.963Z", "LastModifiedDate": "2026-04-23T15:33:43.69Z" }, { "VulnerabilityID": "CVE-2026-6238", "PkgID": "libc-bin@2.41-12+deb13u3", "PkgName": "libc-bin", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc-bin@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", "UID": "c45af597301c8c0b" }, "InstalledVersion": "2.41-12+deb13u3", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6238", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:5632cb45b00790fcb54577cca57d9deadf8594b579bad2da7b4c9523a96e7e17", "Title": "glibc: glibc: Application crash or uninitialized memory read via crafted DNS response", "Description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory.\n\nThese functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions.", "Severity": "MEDIUM", "CweIDs": [ "CWE-126" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-6238", "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2026-6238", "https://sourceware.org/bugzilla/show_bug.cgi?id=34069", "https://www.cve.org/CVERecord?id=CVE-2026-6238" ], "PublishedDate": "2026-04-28T19:37:47.523Z", "LastModifiedDate": "2026-05-04T17:57:24.007Z" }, { "VulnerabilityID": "CVE-2026-5435", "PkgID": "libc6@2.41-12+deb13u3", "PkgName": "libc6", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", "UID": "2a1acf211abcdd46" }, "InstalledVersion": "2.41-12+deb13u3", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5435", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:5a8735a67c5528254a880003379960bf48d334877ea38796a8e0a0d0fc196082", "Title": "glibc: glibc: Out-of-bounds write via TSIG record processing", "Description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-5435", "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2026-5435", "https://sourceware.org/bugzilla/show_bug.cgi?id=34033", "https://www.cve.org/CVERecord?id=CVE-2026-5435" ], "PublishedDate": "2026-04-28T13:19:22.29Z", "LastModifiedDate": "2026-05-05T17:38:37.03Z" }, { "VulnerabilityID": "CVE-2026-5450", "PkgID": "libc6@2.41-12+deb13u3", "PkgName": "libc6", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", "UID": "2a1acf211abcdd46" }, "InstalledVersion": "2.41-12+deb13u3", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5450", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:557af5ca4f16b799113e71a4c02df0775e2633618c3da39aa59d62a9c9cb9173", "Title": "glibc: glibc: Heap Buffer Overflow in `scanf` with `%mc` format specifier and large width", "Description": "Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.", "Severity": "MEDIUM", "CweIDs": [ "CWE-122", "CWE-787" ], "VendorSeverity": { "photon": 4, "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H", "V3Score": 5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-5450", "https://inbox.sourceware.org/libc-announce/b11f0003-6ec1-4bd6-b9de-9e38a4efeca3@redhat.com/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2026-5450", "https://nvd.nist.gov/vuln/detail/CVE-2026-5450#range-21286997", "https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2026-5450", "https://www.cve.org/CVERecord?id=CVE-2026-5450" ], "PublishedDate": "2026-04-20T21:16:36.85Z", "LastModifiedDate": "2026-04-23T15:33:34.277Z" }, { "VulnerabilityID": "CVE-2026-5928", "PkgID": "libc6@2.41-12+deb13u3", "PkgName": "libc6", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", "UID": "2a1acf211abcdd46" }, "InstalledVersion": "2.41-12+deb13u3", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5928", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:2c364f60364adcd795282d836c525d2d9580ff33848aaacc76918b133bd782c6", "Title": "glibc: glibc: Information disclosure or denial of service via ungetwc function with specific wide character encodings", "Description": "Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially resulting in unintentional disclosure of neighboring data in the heap, or a program crash.\n\nA bug in the wide character pushback implementation (_IO_wdefault_pbackfail in libio/wgenops.c) causes ungetwc() to operate on the regular character buffer (fp-\u003e_IO_read_ptr) instead of the actual wide-stream read pointer (fp-\u003e_wide_data-\u003e_IO_read_ptr). The program crash may happen in cases where fp-\u003e_IO_read_ptr is not initialized and hence points to NULL. The buffer under-read requires a special situation where the input character encoding is such that there are overlaps between single byte representations and multibyte representations in that encoding, resulting in spurious matches. The spurious match case is not possible in the standard Unicode character sets.", "Severity": "MEDIUM", "CweIDs": [ "CWE-127" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H", "V3Score": 5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-5928", "https://nvd.nist.gov/vuln/detail/CVE-2026-5928", "https://sourceware.org/bugzilla/show_bug.cgi?id=33998", "https://www.cve.org/CVERecord?id=CVE-2026-5928" ], "PublishedDate": "2026-04-20T21:16:36.963Z", "LastModifiedDate": "2026-04-23T15:33:43.69Z" }, { "VulnerabilityID": "CVE-2026-6238", "PkgID": "libc6@2.41-12+deb13u3", "PkgName": "libc6", "PkgIdentifier": { "PURL": "pkg:deb/debian/libc6@2.41-12%2Bdeb13u3?arch=amd64\u0026distro=debian-13.5", "UID": "2a1acf211abcdd46" }, "InstalledVersion": "2.41-12+deb13u3", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6238", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:f1e6150153fa20a27fd1d8c7890a10aadb565bbcd41c56c6354bff22c2b98a0d", "Title": "glibc: glibc: Application crash or uninitialized memory read via crafted DNS response", "Description": "The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory.\n\nThese functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions.", "Severity": "MEDIUM", "CweIDs": [ "CWE-126" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-6238", "https://inbox.sourceware.org/libc-announce/7a655d55-276f-41fe-b550-feb3ebb2ce91@redhat.com/T/#u", "https://nvd.nist.gov/vuln/detail/CVE-2026-6238", "https://sourceware.org/bugzilla/show_bug.cgi?id=34069", "https://www.cve.org/CVERecord?id=CVE-2026-6238" ], "PublishedDate": "2026-04-28T19:37:47.523Z", "LastModifiedDate": "2026-05-04T17:57:24.007Z" }, { "VulnerabilityID": "CVE-2026-27456", "PkgID": "liblastlog2-2@2.41-5", "PkgName": "liblastlog2-2", "PkgIdentifier": { "PURL": "pkg:deb/debian/liblastlog2-2@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "eb4f5430aea34a10" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:3c38d5dfebf43ad288b31d346954f63e024106bb02129276cf89249a8daa3c0f", "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59", "CWE-269", "CWE-367" ], "VendorSeverity": { "azure": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27456", "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "https://www.cve.org/CVERecord?id=CVE-2026-27456" ], "PublishedDate": "2026-04-03T22:16:25.4Z", "LastModifiedDate": "2026-04-22T16:08:55.1Z" }, { "VulnerabilityID": "CVE-2026-3184", "PkgID": "liblastlog2-2@2.41-5", "PkgName": "liblastlog2-2", "PkgIdentifier": { "PURL": "pkg:deb/debian/liblastlog2-2@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "eb4f5430aea34a10" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:f130dbdbae22fc4b1c7349d3a6714730f734e338f00e4a9b128e1b73962b3876", "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", "Severity": "MEDIUM", "CweIDs": [ "CWE-289" ], "VendorSeverity": { "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7180", "https://access.redhat.com/security/cve/CVE-2026-3184", "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", "https://www.cve.org/CVERecord?id=CVE-2026-3184" ], "PublishedDate": "2026-04-03T19:17:23.377Z", "LastModifiedDate": "2026-05-01T19:29:51.02Z" }, { "VulnerabilityID": "CVE-2026-34743", "PkgID": "liblzma5@5.8.1-1", "PkgName": "liblzma5", "PkgIdentifier": { "PURL": "pkg:deb/debian/liblzma5@5.8.1-1?arch=amd64\u0026distro=debian-13.5", "UID": "d7b58e04f1a265ed" }, "InstalledVersion": "5.8.1-1", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34743", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:60084a3cd4b884c5709e460ec100a32d128b23729546865106a2cb844f42456a", "Title": "xz: XZ Utils: Denial of Service via buffer overflow in index decoding", "Description": "XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.", "Severity": "MEDIUM", "CweIDs": [ "CWE-122" ], "VendorSeverity": { "azure": 1, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/31/13", "https://access.redhat.com/security/cve/CVE-2026-34743", "https://github.com/tukaani-project/xz/commit/c8c22869e780ff57c96b46939c3d79ff99395f87", "https://github.com/tukaani-project/xz/releases/tag/v5.8.3", "https://github.com/tukaani-project/xz/security/advisories/GHSA-x872-m794-cxhv", "https://nvd.nist.gov/vuln/detail/CVE-2026-34743", "https://www.cve.org/CVERecord?id=CVE-2026-34743" ], "PublishedDate": "2026-04-02T19:21:33.187Z", "LastModifiedDate": "2026-04-15T17:33:17.68Z" }, { "VulnerabilityID": "CVE-2026-27456", "PkgID": "libmount1@2.41-5", "PkgName": "libmount1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libmount1@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "84ccd0371833b76" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:367889648a8f344f1a26014bcfac03328b7ecb97ca9ef56d880e8bae4c4eb2b3", "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59", "CWE-269", "CWE-367" ], "VendorSeverity": { "azure": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27456", "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "https://www.cve.org/CVERecord?id=CVE-2026-27456" ], "PublishedDate": "2026-04-03T22:16:25.4Z", "LastModifiedDate": "2026-04-22T16:08:55.1Z" }, { "VulnerabilityID": "CVE-2026-3184", "PkgID": "libmount1@2.41-5", "PkgName": "libmount1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libmount1@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "84ccd0371833b76" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:f77fd9fe2df1096b0a48c53a57120f7cc957a8ccc6427a72d98ff72f8cb90b79", "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", "Severity": "MEDIUM", "CweIDs": [ "CWE-289" ], "VendorSeverity": { "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7180", "https://access.redhat.com/security/cve/CVE-2026-3184", "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", "https://www.cve.org/CVERecord?id=CVE-2026-3184" ], "PublishedDate": "2026-04-03T19:17:23.377Z", "LastModifiedDate": "2026-05-01T19:29:51.02Z" }, { "VulnerabilityID": "CVE-2025-69720", "PkgID": "libncursesw6@6.5+20250216-2", "PkgName": "libncursesw6", "PkgIdentifier": { "PURL": "pkg:deb/debian/libncursesw6@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.5", "UID": "5efa2a2068c240d8" }, "InstalledVersion": "6.5+20250216-2", "Status": "affected", "Layer": { "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69720", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:4d57d21013edd86f841c91aca2d842828d24719fe3ec6ac4e58977f3c2213a44", "Title": "ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.", "Description": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "Severity": "HIGH", "CweIDs": [ "CWE-121", "CWE-120" ], "VendorSeverity": { "alma": 2, "azure": 4, "cbl-mariner": 4, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:5913", "https://access.redhat.com/security/cve/CVE-2025-69720", "https://bugzilla.redhat.com/2449037", "https://bugzilla.redhat.com/show_bug.cgi?id=2449037", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69720", "https://errata.almalinux.org/10/ALSA-2026-5913.html", "https://errata.rockylinux.org/RLSA-2026:5913", "https://github.com/Cao-Wuhui/CVE-2025-69720", "https://invisible-island.net/archives/ncurses/6.5/", "https://invisible-island.net/ncurses/", "https://linux.oracle.com/cve/CVE-2025-69720.html", "https://linux.oracle.com/errata/ELSA-2026-5913.html", "https://marc.info/?l=ncurses-bug\u0026m=176539968328570\u0026w=2", "https://marc.info/?l=ncurses-bug\u0026m=176540731801330\u0026w=2", "https://marc.info/?l=ncurses-bug\u0026m=176545557728083\u0026w=2", "https://nvd.nist.gov/vuln/detail/CVE-2025-69720", "https://www.cve.org/CVERecord?id=CVE-2025-69720" ], "PublishedDate": "2026-03-19T15:16:21.293Z", "LastModifiedDate": "2026-03-26T19:35:10.547Z" }, { "VulnerabilityID": "CVE-2026-27456", "PkgID": "libsmartcols1@2.41-5", "PkgName": "libsmartcols1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsmartcols1@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "780dbec0869ab8e" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:bfbd68f5f2157efeec31929024ed24baa54fb339adaecda9d72eaf97d64afeec", "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59", "CWE-269", "CWE-367" ], "VendorSeverity": { "azure": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27456", "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "https://www.cve.org/CVERecord?id=CVE-2026-27456" ], "PublishedDate": "2026-04-03T22:16:25.4Z", "LastModifiedDate": "2026-04-22T16:08:55.1Z" }, { "VulnerabilityID": "CVE-2026-3184", "PkgID": "libsmartcols1@2.41-5", "PkgName": "libsmartcols1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libsmartcols1@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "780dbec0869ab8e" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:9650bf90815644bd7452abf1b641da490c28fa22ce8e98f6f96c3d09dc924d3b", "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", "Severity": "MEDIUM", "CweIDs": [ "CWE-289" ], "VendorSeverity": { "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7180", "https://access.redhat.com/security/cve/CVE-2026-3184", "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", "https://www.cve.org/CVERecord?id=CVE-2026-3184" ], "PublishedDate": "2026-04-03T19:17:23.377Z", "LastModifiedDate": "2026-05-01T19:29:51.02Z" }, { "VulnerabilityID": "CVE-2025-69720", "PkgID": "libtinfo6@6.5+20250216-2", "PkgName": "libtinfo6", "PkgIdentifier": { "PURL": "pkg:deb/debian/libtinfo6@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.5", "UID": "ba2c2b464f07108a" }, "InstalledVersion": "6.5+20250216-2", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69720", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:a909bd893728c34e84d63a7248be944e4dcfd752e481f53a8f04edf766c02b3f", "Title": "ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.", "Description": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "Severity": "HIGH", "CweIDs": [ "CWE-121", "CWE-120" ], "VendorSeverity": { "alma": 2, "azure": 4, "cbl-mariner": 4, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:5913", "https://access.redhat.com/security/cve/CVE-2025-69720", "https://bugzilla.redhat.com/2449037", "https://bugzilla.redhat.com/show_bug.cgi?id=2449037", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69720", "https://errata.almalinux.org/10/ALSA-2026-5913.html", "https://errata.rockylinux.org/RLSA-2026:5913", "https://github.com/Cao-Wuhui/CVE-2025-69720", "https://invisible-island.net/archives/ncurses/6.5/", "https://invisible-island.net/ncurses/", "https://linux.oracle.com/cve/CVE-2025-69720.html", "https://linux.oracle.com/errata/ELSA-2026-5913.html", "https://marc.info/?l=ncurses-bug\u0026m=176539968328570\u0026w=2", "https://marc.info/?l=ncurses-bug\u0026m=176540731801330\u0026w=2", "https://marc.info/?l=ncurses-bug\u0026m=176545557728083\u0026w=2", "https://nvd.nist.gov/vuln/detail/CVE-2025-69720", "https://www.cve.org/CVERecord?id=CVE-2025-69720" ], "PublishedDate": "2026-03-19T15:16:21.293Z", "LastModifiedDate": "2026-03-26T19:35:10.547Z" }, { "VulnerabilityID": "CVE-2026-27456", "PkgID": "libuuid1@2.41-5", "PkgName": "libuuid1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libuuid1@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "1afbb50818377478" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:3b69a00de2c02ec54249af8e1ff7cddb7fa5a1783783c62347c47e9128444395", "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59", "CWE-269", "CWE-367" ], "VendorSeverity": { "azure": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27456", "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "https://www.cve.org/CVERecord?id=CVE-2026-27456" ], "PublishedDate": "2026-04-03T22:16:25.4Z", "LastModifiedDate": "2026-04-22T16:08:55.1Z" }, { "VulnerabilityID": "CVE-2026-3184", "PkgID": "libuuid1@2.41-5", "PkgName": "libuuid1", "PkgIdentifier": { "PURL": "pkg:deb/debian/libuuid1@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "1afbb50818377478" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:2f240b864e2ccdb5b47f89a5e698a2cae073228852916f4e53e2a1c97829c73d", "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", "Severity": "MEDIUM", "CweIDs": [ "CWE-289" ], "VendorSeverity": { "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7180", "https://access.redhat.com/security/cve/CVE-2026-3184", "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", "https://www.cve.org/CVERecord?id=CVE-2026-3184" ], "PublishedDate": "2026-04-03T19:17:23.377Z", "LastModifiedDate": "2026-05-01T19:29:51.02Z" }, { "VulnerabilityID": "CVE-2026-27456", "PkgID": "login@1:4.16.0-2+really2.41-5", "PkgName": "login", "PkgIdentifier": { "PURL": "pkg:deb/debian/login@4.16.0-2%2Breally2.41-5?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "c0ab0b857644733b" }, "InstalledVersion": "1:4.16.0-2+really2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:ad3fb67c2c1cfac7c7ca3788194728a8a9a94cf4a5917a13f2072e6c0af7a350", "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59", "CWE-269", "CWE-367" ], "VendorSeverity": { "azure": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27456", "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "https://www.cve.org/CVERecord?id=CVE-2026-27456" ], "PublishedDate": "2026-04-03T22:16:25.4Z", "LastModifiedDate": "2026-04-22T16:08:55.1Z" }, { "VulnerabilityID": "CVE-2026-3184", "PkgID": "login@1:4.16.0-2+really2.41-5", "PkgName": "login", "PkgIdentifier": { "PURL": "pkg:deb/debian/login@4.16.0-2%2Breally2.41-5?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "c0ab0b857644733b" }, "InstalledVersion": "1:4.16.0-2+really2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:fb5eb329a8139c265be893d38c331dbd2c789abe300b5ce939b6ab4e0cd82bbf", "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", "Severity": "MEDIUM", "CweIDs": [ "CWE-289" ], "VendorSeverity": { "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7180", "https://access.redhat.com/security/cve/CVE-2026-3184", "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", "https://www.cve.org/CVERecord?id=CVE-2026-3184" ], "PublishedDate": "2026-04-03T19:17:23.377Z", "LastModifiedDate": "2026-05-01T19:29:51.02Z" }, { "VulnerabilityID": "CVE-2026-27456", "PkgID": "mount@2.41-5", "PkgName": "mount", "PkgIdentifier": { "PURL": "pkg:deb/debian/mount@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "55c835c674d0a0e5" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:106a84cd7883c06968fcd11d3092990ea04c50c21fcaa677d38ce047fa8742da", "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59", "CWE-269", "CWE-367" ], "VendorSeverity": { "azure": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27456", "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "https://www.cve.org/CVERecord?id=CVE-2026-27456" ], "PublishedDate": "2026-04-03T22:16:25.4Z", "LastModifiedDate": "2026-04-22T16:08:55.1Z" }, { "VulnerabilityID": "CVE-2026-3184", "PkgID": "mount@2.41-5", "PkgName": "mount", "PkgIdentifier": { "PURL": "pkg:deb/debian/mount@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "55c835c674d0a0e5" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:2dd84bb9ffd00958438e2b069976dafcf778dad93f30a0ad778c2691e27475cb", "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", "Severity": "MEDIUM", "CweIDs": [ "CWE-289" ], "VendorSeverity": { "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7180", "https://access.redhat.com/security/cve/CVE-2026-3184", "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", "https://www.cve.org/CVERecord?id=CVE-2026-3184" ], "PublishedDate": "2026-04-03T19:17:23.377Z", "LastModifiedDate": "2026-05-01T19:29:51.02Z" }, { "VulnerabilityID": "CVE-2025-69720", "PkgID": "ncurses-base@6.5+20250216-2", "PkgName": "ncurses-base", "PkgIdentifier": { "PURL": "pkg:deb/debian/ncurses-base@6.5%2B20250216-2?arch=all\u0026distro=debian-13.5", "UID": "767a0231348a5cb5" }, "InstalledVersion": "6.5+20250216-2", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69720", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:c66678f7af162644c73504b2cd8d87bd9aec4095d1d1bcfe42329e78187f366b", "Title": "ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.", "Description": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "Severity": "HIGH", "CweIDs": [ "CWE-121", "CWE-120" ], "VendorSeverity": { "alma": 2, "azure": 4, "cbl-mariner": 4, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:5913", "https://access.redhat.com/security/cve/CVE-2025-69720", "https://bugzilla.redhat.com/2449037", "https://bugzilla.redhat.com/show_bug.cgi?id=2449037", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69720", "https://errata.almalinux.org/10/ALSA-2026-5913.html", "https://errata.rockylinux.org/RLSA-2026:5913", "https://github.com/Cao-Wuhui/CVE-2025-69720", "https://invisible-island.net/archives/ncurses/6.5/", "https://invisible-island.net/ncurses/", "https://linux.oracle.com/cve/CVE-2025-69720.html", "https://linux.oracle.com/errata/ELSA-2026-5913.html", "https://marc.info/?l=ncurses-bug\u0026m=176539968328570\u0026w=2", "https://marc.info/?l=ncurses-bug\u0026m=176540731801330\u0026w=2", "https://marc.info/?l=ncurses-bug\u0026m=176545557728083\u0026w=2", "https://nvd.nist.gov/vuln/detail/CVE-2025-69720", "https://www.cve.org/CVERecord?id=CVE-2025-69720" ], "PublishedDate": "2026-03-19T15:16:21.293Z", "LastModifiedDate": "2026-03-26T19:35:10.547Z" }, { "VulnerabilityID": "CVE-2025-69720", "PkgID": "ncurses-bin@6.5+20250216-2", "PkgName": "ncurses-bin", "PkgIdentifier": { "PURL": "pkg:deb/debian/ncurses-bin@6.5%2B20250216-2?arch=amd64\u0026distro=debian-13.5", "UID": "5b541563cf6587e5" }, "InstalledVersion": "6.5+20250216-2", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69720", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:5c62c30e5dd0b9165b4bc1c123ad4d01ae809c974f4911cad2f47e09e5033541", "Title": "ncurses: ncurses: Buffer overflow vulnerability may lead to arbitrary code execution.", "Description": "The infocmp command-line tool in ncurses before 6.5-20251213 has a stack-based buffer overflow in analyze_string in progs/infocmp.c.", "Severity": "HIGH", "CweIDs": [ "CWE-121", "CWE-120" ], "VendorSeverity": { "alma": 2, "azure": 4, "cbl-mariner": 4, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:5913", "https://access.redhat.com/security/cve/CVE-2025-69720", "https://bugzilla.redhat.com/2449037", "https://bugzilla.redhat.com/show_bug.cgi?id=2449037", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69720", "https://errata.almalinux.org/10/ALSA-2026-5913.html", "https://errata.rockylinux.org/RLSA-2026:5913", "https://github.com/Cao-Wuhui/CVE-2025-69720", "https://invisible-island.net/archives/ncurses/6.5/", "https://invisible-island.net/ncurses/", "https://linux.oracle.com/cve/CVE-2025-69720.html", "https://linux.oracle.com/errata/ELSA-2026-5913.html", "https://marc.info/?l=ncurses-bug\u0026m=176539968328570\u0026w=2", "https://marc.info/?l=ncurses-bug\u0026m=176540731801330\u0026w=2", "https://marc.info/?l=ncurses-bug\u0026m=176545557728083\u0026w=2", "https://nvd.nist.gov/vuln/detail/CVE-2025-69720", "https://www.cve.org/CVERecord?id=CVE-2025-69720" ], "PublishedDate": "2026-03-19T15:16:21.293Z", "LastModifiedDate": "2026-03-26T19:35:10.547Z" }, { "VulnerabilityID": "CVE-2026-5704", "PkgID": "tar@1.35+dfsg-3.1", "PkgName": "tar", "PkgIdentifier": { "PURL": "pkg:deb/debian/tar@1.35%2Bdfsg-3.1?arch=amd64\u0026distro=debian-13.5", "UID": "4f69996c49afbaca" }, "InstalledVersion": "1.35+dfsg-3.1", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-5704", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:dba3b85f8665a48ab473c378207a09a8b34da3047907f53125a50d132564de74", "Title": "tar: tar: Hidden file injection via crafted archives", "Description": "A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection.", "Severity": "MEDIUM", "CweIDs": [ "CWE-434" ], "VendorSeverity": { "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "V3Score": 5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/11/10", "http://www.openwall.com/lists/oss-security/2026/04/11/11", "http://www.openwall.com/lists/oss-security/2026/04/12/2", "https://access.redhat.com/security/cve/CVE-2026-5704", "https://bugzilla.redhat.com/show_bug.cgi?id=2455360", "https://nvd.nist.gov/vuln/detail/CVE-2026-5704", "https://www.cve.org/CVERecord?id=CVE-2026-5704" ], "PublishedDate": "2026-04-06T16:16:42.14Z", "LastModifiedDate": "2026-04-22T20:08:59.92Z" }, { "VulnerabilityID": "CVE-2026-27456", "PkgID": "util-linux@2.41-5", "PkgName": "util-linux", "PkgIdentifier": { "PURL": "pkg:deb/debian/util-linux@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "972fb85b9c9e83e7" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27456", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:ec60f9924a55c1f9ad836fae64b1b02f24e3c2259288502dad705a073235719d", "Title": "util-linux: TOCTOU in the mount program when setting up loop devices", "Description": "util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing the SUID binary to open and mount it as root. Exploitation requires an /etc/fstab entry with user,loop options whose path points to a directory where the attacker has write permission, and that /usr/bin/mount has the SUID bit set (the default configuration on virtually all Linux distributions). The impact is unauthorized read access to root-protected files and block devices, including backup images, disk volumes, and any file containing a valid filesystem. This issue has been patched in version 2.41.4.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59", "CWE-269", "CWE-367" ], "VendorSeverity": { "azure": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 4.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27456", "https://github.com/util-linux/util-linux/commit/5e390467b26a3cf3fecc04e1a0d482dff3162fc4", "https://github.com/util-linux/util-linux/releases/tag/v2.41.4", "https://github.com/util-linux/util-linux/security/advisories/GHSA-qq4x-vfq4-9h9g", "https://nvd.nist.gov/vuln/detail/CVE-2026-27456", "https://www.cve.org/CVERecord?id=CVE-2026-27456" ], "PublishedDate": "2026-04-03T22:16:25.4Z", "LastModifiedDate": "2026-04-22T16:08:55.1Z" }, { "VulnerabilityID": "CVE-2026-3184", "PkgID": "util-linux@2.41-5", "PkgName": "util-linux", "PkgIdentifier": { "PURL": "pkg:deb/debian/util-linux@2.41-5?arch=amd64\u0026distro=debian-13.5", "UID": "972fb85b9c9e83e7" }, "InstalledVersion": "2.41-5", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3184", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:e9e56abe608dcfe0bd1d69e938e9be3eb06d81ae7b7e6d82fe022198d4d0d4dc", "Title": "util-linux: util-linux: Access control bypass due to improper hostname canonicalization", "Description": "A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access.", "Severity": "MEDIUM", "CweIDs": [ "CWE-289" ], "VendorSeverity": { "azure": 1, "nvd": 2, "redhat": 1, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:7180", "https://access.redhat.com/security/cve/CVE-2026-3184", "https://bugzilla.redhat.com/show_bug.cgi?id=2442570", "https://nvd.nist.gov/vuln/detail/CVE-2026-3184", "https://www.cve.org/CVERecord?id=CVE-2026-3184" ], "PublishedDate": "2026-04-03T19:17:23.377Z", "LastModifiedDate": "2026-05-01T19:29:51.02Z" }, { "VulnerabilityID": "CVE-2026-27171", "PkgID": "zlib1g@1:1.3.dfsg+really1.3.1-1+b1", "PkgName": "zlib1g", "PkgIdentifier": { "PURL": "pkg:deb/debian/zlib1g@1.3.dfsg%2Breally1.3.1-1%2Bb1?arch=amd64\u0026distro=debian-13.5\u0026epoch=1", "UID": "ff182eb2a26a8142" }, "InstalledVersion": "1:1.3.dfsg+really1.3.1-1+b1", "Status": "affected", "Layer": { "Digest": "sha256:5b4d6ff92fc4e14e911b7753c954fac965d48c40fe1075758d284148ccace970", "DiffID": "sha256:219a998c60509502b47b97f1158067d5dd62640d2d689560d32cfd5594f6bc40" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27171", "DataSource": { "ID": "debian", "Name": "Debian Security Tracker", "URL": "https://salsa.debian.org/security-tracker-team/security-tracker" }, "Fingerprint": "sha256:bf46a3644bc01c553b46ca0ad39c24caf0bef6e14a5aec064021802c26cb0284", "Title": "zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions", "Description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", "Severity": "MEDIUM", "CweIDs": [ "CWE-1284" ], "VendorSeverity": { "amazon": 1, "azure": 1, "cbl-mariner": 1, "julia": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 2.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit", "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", "https://access.redhat.com/security/cve/CVE-2026-27171", "https://github.com/advisories/GHSA-h858-mf2m-8jf4", "https://github.com/madler/zlib/issues/904", "https://github.com/madler/zlib/releases/tag/v1.3.2", "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", "https://ostif.org/zlib-audit-complete", "https://ostif.org/zlib-audit-complete/", "https://www.cve.org/CVERecord?id=CVE-2026-27171" ], "PublishedDate": "2026-02-18T04:16:01.263Z", "LastModifiedDate": "2026-03-25T21:27:04.603Z" } ] }, { "Target": "Python", "Class": "lang-pkgs", "Type": "python-pkg", "Packages": [ { "Name": "pip", "Identifier": { "PURL": "pkg:pypi/pip@25.0.1", "UID": "7d864d9a4bf3bfe8" }, "Version": "25.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" }, "FilePath": "usr/local/lib/python3.12/site-packages/pip-25.0.1.dist-info/METADATA", "AnalyzedBy": "python-pkg" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2025-8869", "VendorIDs": [ "GHSA-4xh5-x5gv-qwph" ], "PkgName": "pip", "PkgPath": "usr/local/lib/python3.12/site-packages/pip-25.0.1.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/pip@25.0.1", "UID": "7d864d9a4bf3bfe8" }, "InstalledVersion": "25.0.1", "FixedVersion": "25.3", "Status": "fixed", "Layer": { "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8869", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:42863a411c9517557e1744d4dfd39ff9bc29495eff1e5499dcd724418ce89c2d", "Title": "pip: pip missing checks on symbolic link extraction", "Description": "When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706.\nNote that upgrading pip to a \"fixed\" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python version that implements PEP 706.\n\nNote that this is a vulnerability in pip's fallback implementation of tar extraction for Python versions that don't implement PEP 706\nand therefore are not secure to all vulnerabilities in the Python 'tarfile' module. If you're using a Python version that implements PEP 706\nthen pip doesn't use the \"vulnerable\" fallback code.\n\nMitigations include upgrading to a version of pip that includes the fix, upgrading to a Python version that implements PEP 706 (Python \u003e=3.9.17, \u003e=3.10.12, \u003e=3.11.4, or \u003e=3.12),\napplying the linked patch, or inspecting source distributions (sdists) before installation as is already a best-practice.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 2, "azure": 2, "ghsa": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "V40Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-8869", "https://github.com/pypa/pip", "https://github.com/pypa/pip/commit/f2b92314da012b9fffa36b3f3e67748a37ef464a", "https://github.com/pypa/pip/pull/13550", "https://lists.debian.org/debian-lts-announce/2025/10/msg00028.html", "https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN", "https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN/", "https://nvd.nist.gov/vuln/detail/CVE-2025-8869", "https://pip.pypa.io/en/stable/news/#v25-2", "https://www.cve.org/CVERecord?id=CVE-2025-8869" ], "PublishedDate": "2025-09-24T15:15:41.293Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2026-3219", "VendorIDs": [ "GHSA-58qw-9mgm-455v" ], "PkgName": "pip", "PkgPath": "usr/local/lib/python3.12/site-packages/pip-25.0.1.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/pip@25.0.1", "UID": "7d864d9a4bf3bfe8" }, "InstalledVersion": "25.0.1", "FixedVersion": "26.1", "Status": "fixed", "Layer": { "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3219", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:7bf17290665b4787fc0122d98ffb36d3c01a88784921e24e7c39276cc7339c42", "Title": "pip: pip: Incorrect file installation due to improper archive handling", "Description": "pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing \"incorrect\" files according to the filename of the archive. New behavior only proceeds with installation if the file identifies uniquely as a ZIP or tar archive, not as both.", "Severity": "MEDIUM", "CweIDs": [ "CWE-434" ], "VendorSeverity": { "amazon": 3, "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "V40Score": 4.6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "V3Score": 5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/20/8", "https://access.redhat.com/security/cve/CVE-2026-3219", "https://github.com/pypa/pip", "https://github.com/pypa/pip/issues/13867", "https://github.com/pypa/pip/pull/13870", "https://mail.python.org/archives/list/security-announce@python.org/thread/QAJ5JIVWWCAJ4EZL2FP5MOOW35JS7LRJ", "https://mail.python.org/archives/list/security-announce@python.org/thread/QAJ5JIVWWCAJ4EZL2FP5MOOW35JS7LRJ/", "https://nvd.nist.gov/vuln/detail/CVE-2026-3219", "https://www.cve.org/CVERecord?id=CVE-2026-3219" ], "PublishedDate": "2026-04-20T16:16:45.43Z", "LastModifiedDate": "2026-04-20T21:16:36.42Z" }, { "VulnerabilityID": "CVE-2026-6357", "VendorIDs": [ "GHSA-jp4c-xjxw-mgf9" ], "PkgName": "pip", "PkgPath": "usr/local/lib/python3.12/site-packages/pip-25.0.1.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/pip@25.0.1", "UID": "7d864d9a4bf3bfe8" }, "InstalledVersion": "25.0.1", "FixedVersion": "26.1", "Status": "fixed", "Layer": { "Digest": "sha256:e113665b194b20ba7e9093ef6a1a38edbaebbfb983c00e379a45a142a95a86ef", "DiffID": "sha256:c529e1b2553946dcc9afa2d77e33a75f23d3702e0b4a7911b67e2f1fe45a4939" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6357", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:50c01cddfb2d5c6addeb179114d8bb183aab36219080d055522332e33d4d5aa1", "Title": "pip: pip: Arbitrary code execution or information disclosure via malicious wheel package installation", "Description": "pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run before wheels are installed to prevent newly-installed modules from being imported shortly after the installation of a wheel package. Users should still review package contents prior to installation.", "Severity": "MEDIUM", "CweIDs": [ "CWE-829" ], "VendorSeverity": { "amazon": 3, "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N", "V40Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", "V3Score": 5.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/27/7", "https://access.redhat.com/security/cve/CVE-2026-6357", "https://github.com/pypa/pip", "https://github.com/pypa/pip/commit/b369bfc96cc524e00c267e1693290e6599c36bad", "https://github.com/pypa/pip/pull/13923", "https://ichard26.github.io/blog/2026/04/whats-new-in-pip-26.1/#security-fixes", "https://nvd.nist.gov/vuln/detail/CVE-2026-6357", "https://www.cve.org/CVERecord?id=CVE-2026-6357" ], "PublishedDate": "2026-04-27T15:16:20.857Z", "LastModifiedDate": "2026-04-27T23:16:03.533Z" } ] } ] }, { "Namespace": "mail", "Kind": "CronJob", "Name": "mail-backup", "Metadata": [ { "Size": 59774464, "OS": { "Family": "alpine", "Name": "3.17.0", "EOSL": true }, "ImageID": "sha256:465689cd5f3a7c6709efcc91fb5418249674d1aedbe23e6bed3c1e2ee2fb1627", "DiffIDs": [ "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf", "sha256:62e842859b7236f68a494bb2ccc03b4ada62270c8410cd26cb1c2586c5cdd4d7", "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779", "sha256:6823946f0ba7ae98d1587bb23122ee932bc17f32bb56cef6016883628c19b0f0", "sha256:b4b66d1ee6ce658c9408aba14a7876cefb24449f6f48ea33ddbf85f051843b48" ], "RepoTags": [ "rclone/rclone:1.61.1" ], "RepoDigests": [ "rclone/rclone@sha256:bdda91757fbcb10c857417f442ed13518ac292703c9dca42d8399f5f88e2da6c" ], "Reference": "rclone/rclone:1.61.1", "ImageConfig": { "architecture": "amd64", "created": "2022-12-23T18:30:20.435655422Z", "history": [ { "created": "2022-11-22T22:19:28.870801855Z", "created_by": "/bin/sh -c #(nop) ADD file:587cae71969871d3c6456d844a8795df9b64b12c710c275295a1182b46f630e7 in / " }, { "created": "2022-11-22T22:19:29.008562326Z", "created_by": "/bin/sh -c #(nop) CMD [\"/bin/sh\"]", "empty_layer": true }, { "created": "2022-12-23T18:21:20.552610746Z", "created_by": "RUN /bin/sh -c apk --no-cache add ca-certificates fuse tzdata \u0026\u0026 echo \"user_allow_other\" \u003e\u003e /etc/fuse.conf # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2022-12-23T18:30:20.174824107Z", "created_by": "COPY /go/src/github.com/rclone/rclone/rclone /usr/local/bin/ # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2022-12-23T18:30:20.421025837Z", "created_by": "RUN /bin/sh -c addgroup -g 1009 rclone \u0026\u0026 adduser -u 1009 -Ds /bin/sh -G rclone rclone # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2022-12-23T18:30:20.435655422Z", "created_by": "ENTRYPOINT [\"rclone\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2022-12-23T18:30:20.435655422Z", "created_by": "WORKDIR /data", "comment": "buildkit.dockerfile.v0" }, { "created": "2022-12-23T18:30:20.435655422Z", "created_by": "ENV XDG_CONFIG_HOME=/config", "comment": "buildkit.dockerfile.v0", "empty_layer": true } ], "os": "linux", "rootfs": { "type": "layers", "diff_ids": [ "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf", "sha256:62e842859b7236f68a494bb2ccc03b4ada62270c8410cd26cb1c2586c5cdd4d7", "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779", "sha256:6823946f0ba7ae98d1587bb23122ee932bc17f32bb56cef6016883628c19b0f0", "sha256:b4b66d1ee6ce658c9408aba14a7876cefb24449f6f48ea33ddbf85f051843b48" ] }, "config": { "Entrypoint": [ "rclone" ], "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "XDG_CONFIG_HOME=/config" ], "WorkingDir": "/data" } }, "Layers": [ { "Size": 7337984, "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, { "Size": 3042816, "Digest": "sha256:218554a38a3b1cfdc7e018c6611c9fac89e96e5c509a1472cd144154c6a96786", "DiffID": "sha256:62e842859b7236f68a494bb2ccc03b4ada62270c8410cd26cb1c2586c5cdd4d7" }, { "Size": 49380352, "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, { "Size": 11776, "Digest": "sha256:8ca9a3048278c27e08bbccd3670f2c5caff0128842689a9c86ed1fb0f9ce1cc9", "DiffID": "sha256:6823946f0ba7ae98d1587bb23122ee932bc17f32bb56cef6016883628c19b0f0" }, { "Size": 1536, "Digest": "sha256:109cd48fac6cc902363d1ab766beec1fc3e4c2c95a1e7a7cde7f3407c18b3af3", "DiffID": "sha256:b4b66d1ee6ce658c9408aba14a7876cefb24449f6f48ea33ddbf85f051843b48" } ] } ], "Results": [ { "Target": "rclone/rclone:1.61.1 (alpine 3.17.0)", "Class": "os-pkgs", "Type": "alpine", "Packages": [ { "ID": "alpine-baselayout@3.4.0-r0", "Name": "alpine-baselayout", "Identifier": { "PURL": "pkg:apk/alpine/alpine-baselayout@3.4.0-r0?arch=x86_64\u0026distro=3.17.0", "UID": "30c2f9800d728f28" }, "Version": "3.4.0-r0", "Arch": "x86_64", "SrcName": "alpine-baselayout", "SrcVersion": "3.4.0-r0", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "alpine-baselayout-data@3.4.0-r0", "busybox-binsh@1.35.0-r29" ], "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "Digest": "sha1:fde5df99b613d565de9c54aa2a3ae86322bce0d1", "InstalledFiles": [ "etc/motd", "etc/crontabs/root", "etc/modprobe.d/aliases.conf", "etc/modprobe.d/blacklist.conf", "etc/modprobe.d/i386.conf", "etc/modprobe.d/kms.conf", "etc/profile.d/README", "etc/profile.d/color_prompt.sh.disabled", "etc/profile.d/locale.sh", "lib/sysctl.d/00-alpine.conf", "var/run", "var/spool/mail", "var/spool/cron/crontabs" ], "AnalyzedBy": "apk" }, { "ID": "alpine-baselayout-data@3.4.0-r0", "Name": "alpine-baselayout-data", "Identifier": { "PURL": "pkg:apk/alpine/alpine-baselayout-data@3.4.0-r0?arch=x86_64\u0026distro=3.17.0", "UID": "e51ffe20d7623a8b" }, "Version": "3.4.0-r0", "Arch": "x86_64", "SrcName": "alpine-baselayout", "SrcVersion": "3.4.0-r0", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "Digest": "sha1:fc982933c27a0d623fe78d6d517fae1c4cd28eaa", "InstalledFiles": [ "etc/fstab", "etc/group", "etc/hostname", "etc/hosts", "etc/inittab", "etc/modules", "etc/mtab", "etc/nsswitch.conf", "etc/passwd", "etc/profile", "etc/protocols", "etc/services", "etc/shadow", "etc/shells", "etc/sysctl.conf" ], "AnalyzedBy": "apk" }, { "ID": "alpine-keys@2.4-r1", "Name": "alpine-keys", "Identifier": { "PURL": "pkg:apk/alpine/alpine-keys@2.4-r1?arch=x86_64\u0026distro=3.17.0", "UID": "3164c80d593e4cb3" }, "Version": "2.4-r1", "Arch": "x86_64", "SrcName": "alpine-keys", "SrcVersion": "2.4-r1", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "Digest": "sha1:28cd3595f295a7e804667db76b0ba3aa34a4acdf", "InstalledFiles": [ "etc/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", "usr/share/apk/keys/mips64/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub" ], "AnalyzedBy": "apk" }, { "ID": "apk-tools@2.12.10-r1", "Name": "apk-tools", "Identifier": { "PURL": "pkg:apk/alpine/apk-tools@2.12.10-r1?arch=x86_64\u0026distro=3.17.0", "UID": "5b5afd5889ede5eb" }, "Version": "2.12.10-r1", "Arch": "x86_64", "SrcName": "apk-tools", "SrcVersion": "2.12.10-r1", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "ca-certificates-bundle@20220614-r2", "libcrypto3@3.0.7-r0", "libssl3@3.0.7-r0", "musl@1.2.3-r4", "zlib@1.2.13-r0" ], "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "Digest": "sha1:11fde2c2df9c31d1a780481a16bd944482612b34", "InstalledFiles": [ "lib/libapk.so.3.12.0", "sbin/apk" ], "AnalyzedBy": "apk" }, { "ID": "busybox@1.35.0-r29", "Name": "busybox", "Identifier": { "PURL": "pkg:apk/alpine/busybox@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", "UID": "63663e79f1d78cba" }, "Version": "1.35.0-r29", "Arch": "x86_64", "SrcName": "busybox", "SrcVersion": "1.35.0-r29", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", "DependsOn": [ "musl@1.2.3-r4" ], "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "Digest": "sha1:34ddeca74cabf7d6ed472b2ab72de7414ad61da6", "InstalledFiles": [ "bin/busybox", "etc/securetty", "etc/udhcpd.conf", "etc/logrotate.d/acpid", "etc/network/if-up.d/dad", "usr/share/udhcpc/default.script" ], "AnalyzedBy": "apk" }, { "ID": "busybox-binsh@1.35.0-r29", "Name": "busybox-binsh", "Identifier": { "PURL": "pkg:apk/alpine/busybox-binsh@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", "UID": "45c394fb49457fb2" }, "Version": "1.35.0-r29", "Arch": "x86_64", "SrcName": "busybox", "SrcVersion": "1.35.0-r29", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", "DependsOn": [ "busybox@1.35.0-r29" ], "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "Digest": "sha1:9a25b0ca158a5d51224582e1980ad5d5328cb3a0", "InstalledFiles": [ "bin/sh" ], "AnalyzedBy": "apk" }, { "ID": "ca-certificates@20220614-r3", "Name": "ca-certificates", "Identifier": { "PURL": "pkg:apk/alpine/ca-certificates@20220614-r3?arch=x86_64\u0026distro=3.17.0", "UID": "2cf7b443ea323e5e" }, "Version": "20220614-r3", "Arch": "x86_64", "SrcName": "ca-certificates", "SrcVersion": "20220614-r3", "Licenses": [ "MPL-2.0", "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "busybox-binsh@1.35.0-r29", "libcrypto3@3.0.7-r0", "musl@1.2.3-r4" ], "Layer": { "Digest": "sha256:218554a38a3b1cfdc7e018c6611c9fac89e96e5c509a1472cd144154c6a96786", "DiffID": "sha256:62e842859b7236f68a494bb2ccc03b4ada62270c8410cd26cb1c2586c5cdd4d7" }, "Digest": "sha1:54e1755c00b5cceca1c08c2f40e448bdca0265e8", "InstalledFiles": [ "etc/ca-certificates.conf", "etc/apk/protected_paths.d/ca-certificates.list", "etc/ca-certificates/update.d/certhash", "usr/bin/c_rehash", "usr/sbin/update-ca-certificates", "usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt", "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt", "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt", "usr/share/ca-certificates/mozilla/ANF_Secure_Server_Root_CA.crt", "usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt", "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt", "usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt", "usr/share/ca-certificates/mozilla/Baltimore_CyberTrust_Root.crt", "usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt", "usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt", "usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt", "usr/share/ca-certificates/mozilla/CFCA_EV_ROOT.crt", "usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Certainly_Root_E1.crt", "usr/share/ca-certificates/mozilla/Certainly_Root_R1.crt", "usr/share/ca-certificates/mozilla/Certigna.crt", "usr/share/ca-certificates/mozilla/Certigna_Root_CA.crt", "usr/share/ca-certificates/mozilla/Certum_EC-384_CA.crt", "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt", "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt", "usr/share/ca-certificates/mozilla/Certum_Trusted_Root_CA.crt", "usr/share/ca-certificates/mozilla/Comodo_AAA_Services_root.crt", "usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_1_2020.crt", "usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_1_2020.crt", "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt", "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt", "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt", "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt", "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt", "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt", "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt", "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt", "usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt", "usr/share/ca-certificates/mozilla/DigiCert_TLS_ECC_P384_Root_G5.crt", "usr/share/ca-certificates/mozilla/DigiCert_TLS_RSA4096_Root_G5.crt", "usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt", "usr/share/ca-certificates/mozilla/E-Tugra_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/E-Tugra_Global_Root_CA_ECC_v3.crt", "usr/share/ca-certificates/mozilla/E-Tugra_Global_Root_CA_RSA_v3.crt", "usr/share/ca-certificates/mozilla/EC-ACC.crt", "usr/share/ca-certificates/mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt", "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt", "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G4.crt", "usr/share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt", "usr/share/ca-certificates/mozilla/GLOBALTRUST_2020.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R1.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R2.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R3.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R4.crt", "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt", "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_E46.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_R46.crt", "usr/share/ca-certificates/mozilla/Go_Daddy_Class_2_CA.crt", "usr/share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/HARICA_TLS_ECC_Root_CA_2021.crt", "usr/share/ca-certificates/mozilla/HARICA_TLS_RSA_Root_CA_2021.crt", "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt", "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt", "usr/share/ca-certificates/mozilla/HiPKI_Root_CA_-_G1.crt", "usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_1.crt", "usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt", "usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt", "usr/share/ca-certificates/mozilla/ISRG_Root_X2.crt", "usr/share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt", "usr/share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt", "usr/share/ca-certificates/mozilla/Izenpe.com.crt", "usr/share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt", "usr/share/ca-certificates/mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt", "usr/share/ca-certificates/mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt", "usr/share/ca-certificates/mozilla/NAVER_Global_Root_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt", "usr/share/ca-certificates/mozilla/Network_Solutions_Certificate_Authority.crt", "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt", "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt", "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt", "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt", "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt", "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt", "usr/share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt", "usr/share/ca-certificates/mozilla/SecureSign_RootCA11.crt", "usr/share/ca-certificates/mozilla/SecureTrust_CA.crt", "usr/share/ca-certificates/mozilla/Secure_Global_CA.crt", "usr/share/ca-certificates/mozilla/Security_Communication_RootCA2.crt", "usr/share/ca-certificates/mozilla/Security_Communication_Root_CA.crt", "usr/share/ca-certificates/mozilla/Staat_der_Nederlanden_EV_Root_CA.crt", "usr/share/ca-certificates/mozilla/Starfield_Class_2_CA.crt", "usr/share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt", "usr/share/ca-certificates/mozilla/SwissSign_Silver_CA_-_G2.crt", "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt", "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt", "usr/share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt", "usr/share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt", "usr/share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt", "usr/share/ca-certificates/mozilla/Telia_Root_CA_v2.crt", "usr/share/ca-certificates/mozilla/TrustCor_ECA-1.crt", "usr/share/ca-certificates/mozilla/TrustCor_RootCert_CA-1.crt", "usr/share/ca-certificates/mozilla/TrustCor_RootCert_CA-2.crt", "usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/TunTrust_Root_CA.crt", "usr/share/ca-certificates/mozilla/UCA_Extended_Validation_Root.crt", "usr/share/ca-certificates/mozilla/UCA_Global_G2_Root.crt", "usr/share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/XRamp_Global_CA_Root.crt", "usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt", "usr/share/ca-certificates/mozilla/certSIGN_Root_CA_G2.crt", "usr/share/ca-certificates/mozilla/e-Szigno_Root_CA_2017.crt", "usr/share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_C3.crt", "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_G3.crt", "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_C1.crt", "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_G1.crt", "usr/share/ca-certificates/mozilla/vTrus_ECC_Root_CA.crt", "usr/share/ca-certificates/mozilla/vTrus_Root_CA.crt" ], "AnalyzedBy": "apk" }, { "ID": "ca-certificates-bundle@20220614-r2", "Name": "ca-certificates-bundle", "Identifier": { "PURL": "pkg:apk/alpine/ca-certificates-bundle@20220614-r2?arch=x86_64\u0026distro=3.17.0", "UID": "abbaa17475b8f0df" }, "Version": "20220614-r2", "Arch": "x86_64", "SrcName": "ca-certificates", "SrcVersion": "20220614-r2", "Licenses": [ "MPL-2.0", "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "Digest": "sha1:9e3c4b432e3820273336d5c48c732fcf81615959", "InstalledFiles": [ "etc/ssl/cert.pem", "etc/ssl/certs/ca-certificates.crt", "etc/ssl1.1/cert.pem", "etc/ssl1.1/certs" ], "AnalyzedBy": "apk" }, { "ID": "fuse@2.9.9-r2", "Name": "fuse", "Identifier": { "PURL": "pkg:apk/alpine/fuse@2.9.9-r2?arch=x86_64\u0026distro=3.17.0", "UID": "87e240d6e1600fa2" }, "Version": "2.9.9-r2", "Arch": "x86_64", "SrcName": "fuse", "SrcVersion": "2.9.9-r2", "Licenses": [ "GPL-2.0-only", "LGPL-2.1-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "fuse-common@3.12.0-r0", "musl@1.2.3-r4" ], "Layer": { "Digest": "sha256:218554a38a3b1cfdc7e018c6611c9fac89e96e5c509a1472cd144154c6a96786", "DiffID": "sha256:62e842859b7236f68a494bb2ccc03b4ada62270c8410cd26cb1c2586c5cdd4d7" }, "Digest": "sha1:db75c36ba00ca0b9e3f361b011c40ca9c28cbe8a", "InstalledFiles": [ "bin/fusermount", "bin/ulockmgr_server", "lib/udev/rules.d/99-fuse.rules", "sbin/mount.fuse", "usr/lib/libfuse.so.2", "usr/lib/libfuse.so.2.9.9", "usr/lib/libulockmgr.so.1", "usr/lib/libulockmgr.so.1.0.1" ], "AnalyzedBy": "apk" }, { "ID": "fuse-common@3.12.0-r0", "Name": "fuse-common", "Identifier": { "PURL": "pkg:apk/alpine/fuse-common@3.12.0-r0?arch=x86_64\u0026distro=3.17.0", "UID": "ee399eecaf7a9402" }, "Version": "3.12.0-r0", "Arch": "x86_64", "SrcName": "fuse3", "SrcVersion": "3.12.0-r0", "Licenses": [ "GPL-2.0-only", "LGPL-2.1-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:218554a38a3b1cfdc7e018c6611c9fac89e96e5c509a1472cd144154c6a96786", "DiffID": "sha256:62e842859b7236f68a494bb2ccc03b4ada62270c8410cd26cb1c2586c5cdd4d7" }, "Digest": "sha1:e059a354f3525151167d71a48b5f2619c12d2ec0", "InstalledFiles": [ "etc/fuse.conf" ], "AnalyzedBy": "apk" }, { "ID": "libc-utils@0.7.2-r3", "Name": "libc-utils", "Identifier": { "PURL": "pkg:apk/alpine/libc-utils@0.7.2-r3?arch=x86_64\u0026distro=3.17.0", "UID": "1b227ba5c763f776" }, "Version": "0.7.2-r3", "Arch": "x86_64", "SrcName": "libc-dev", "SrcVersion": "0.7.2-r3", "Licenses": [ "BSD-2-Clause", "BSD-3-Clause" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl-utils@1.2.3-r4" ], "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "Digest": "sha1:f46834ea904f8a21bd50df78aa5eea226b074944", "AnalyzedBy": "apk" }, { "ID": "libcrypto3@3.0.7-r0", "Name": "libcrypto3", "Identifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "Version": "3.0.7-r0", "Arch": "x86_64", "SrcName": "openssl", "SrcVersion": "3.0.7-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Ariadne Conill \u003cariadne@dereferenced.org\u003e", "DependsOn": [ "musl@1.2.3-r4" ], "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "Digest": "sha1:4e39ab0046b93ca778d0f373e8e229a3e6c1796d", "InstalledFiles": [ "etc/ssl/ct_log_list.cnf", "etc/ssl/ct_log_list.cnf.dist", "etc/ssl/openssl.cnf", "etc/ssl/openssl.cnf.dist", "etc/ssl/misc/CA.pl", "etc/ssl/misc/tsget", "etc/ssl/misc/tsget.pl", "lib/libcrypto.so.3", "usr/lib/libcrypto.so.3", "usr/lib/engines-3/afalg.so", "usr/lib/engines-3/capi.so", "usr/lib/engines-3/loader_attic.so", "usr/lib/engines-3/padlock.so", "usr/lib/ossl-modules/legacy.so" ], "AnalyzedBy": "apk" }, { "ID": "libssl3@3.0.7-r0", "Name": "libssl3", "Identifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "Version": "3.0.7-r0", "Arch": "x86_64", "SrcName": "openssl", "SrcVersion": "3.0.7-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Ariadne Conill \u003cariadne@dereferenced.org\u003e", "DependsOn": [ "libcrypto3@3.0.7-r0", "musl@1.2.3-r4" ], "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "Digest": "sha1:133e78acb5153e50229dcb89d9e0edc589eb7a4e", "InstalledFiles": [ "lib/libssl.so.3", "usr/lib/libssl.so.3" ], "AnalyzedBy": "apk" }, { "ID": "musl@1.2.3-r4", "Name": "musl", "Identifier": { "PURL": "pkg:apk/alpine/musl@1.2.3-r4?arch=x86_64\u0026distro=3.17.0", "UID": "af5f98cf83a00dc2" }, "Version": "1.2.3-r4", "Arch": "x86_64", "SrcName": "musl", "SrcVersion": "1.2.3-r4", "Licenses": [ "MIT" ], "Maintainer": "Timo Teräs \u003ctimo.teras@iki.fi\u003e", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "Digest": "sha1:3e4ef1d70a00adb0759f390c3c93ead53102c2eb", "InstalledFiles": [ "lib/ld-musl-x86_64.so.1", "lib/libc.musl-x86_64.so.1" ], "AnalyzedBy": "apk" }, { "ID": "musl-utils@1.2.3-r4", "Name": "musl-utils", "Identifier": { "PURL": "pkg:apk/alpine/musl-utils@1.2.3-r4?arch=x86_64\u0026distro=3.17.0", "UID": "69e5c84e7222babe" }, "Version": "1.2.3-r4", "Arch": "x86_64", "SrcName": "musl", "SrcVersion": "1.2.3-r4", "Licenses": [ "MIT", "BSD-2-Clause", "GPL-2.0-or-later" ], "Maintainer": "Timo Teräs \u003ctimo.teras@iki.fi\u003e", "DependsOn": [ "musl@1.2.3-r4", "scanelf@1.3.5-r1" ], "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "Digest": "sha1:65624be1ec92c7c9cf4a3175140260432bee36ce", "InstalledFiles": [ "sbin/ldconfig", "usr/bin/getconf", "usr/bin/getent", "usr/bin/iconv", "usr/bin/ldd" ], "AnalyzedBy": "apk" }, { "ID": "scanelf@1.3.5-r1", "Name": "scanelf", "Identifier": { "PURL": "pkg:apk/alpine/scanelf@1.3.5-r1?arch=x86_64\u0026distro=3.17.0", "UID": "9beb1e687687f8d6" }, "Version": "1.3.5-r1", "Arch": "x86_64", "SrcName": "pax-utils", "SrcVersion": "1.3.5-r1", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.3-r4" ], "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "Digest": "sha1:d5dc5816c1ef045033cc7183a3980e4c33490f24", "InstalledFiles": [ "usr/bin/scanelf" ], "AnalyzedBy": "apk" }, { "ID": "ssl_client@1.35.0-r29", "Name": "ssl_client", "Identifier": { "PURL": "pkg:apk/alpine/ssl_client@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", "UID": "4d574a05a4da5141" }, "Version": "1.35.0-r29", "Arch": "x86_64", "SrcName": "busybox", "SrcVersion": "1.35.0-r29", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", "DependsOn": [ "libcrypto3@3.0.7-r0", "libssl3@3.0.7-r0", "musl@1.2.3-r4" ], "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "Digest": "sha1:42ea998de3fa5c6f39236f6d3a2096a1f2fc0a3d", "InstalledFiles": [ "usr/bin/ssl_client" ], "AnalyzedBy": "apk" }, { "ID": "tzdata@2022f-r1", "Name": "tzdata", "Identifier": { "PURL": "pkg:apk/alpine/tzdata@2022f-r1?arch=x86_64\u0026distro=3.17.0", "UID": "16cbdb52acce2be1" }, "Version": "2022f-r1", "Arch": "x86_64", "SrcName": "tzdata", "SrcVersion": "2022f-r1", "Licenses": [ "Public-Domain" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:218554a38a3b1cfdc7e018c6611c9fac89e96e5c509a1472cd144154c6a96786", "DiffID": "sha256:62e842859b7236f68a494bb2ccc03b4ada62270c8410cd26cb1c2586c5cdd4d7" }, "Digest": "sha1:7752b6fc9e327fcddcd2055382debad1362804fd", "InstalledFiles": [ "usr/share/zoneinfo/CET", "usr/share/zoneinfo/CST6CDT", "usr/share/zoneinfo/Cuba", "usr/share/zoneinfo/EET", "usr/share/zoneinfo/EST", "usr/share/zoneinfo/EST5EDT", "usr/share/zoneinfo/Egypt", "usr/share/zoneinfo/Eire", "usr/share/zoneinfo/Factory", "usr/share/zoneinfo/GB", "usr/share/zoneinfo/GB-Eire", "usr/share/zoneinfo/GMT", "usr/share/zoneinfo/GMT+0", "usr/share/zoneinfo/GMT-0", "usr/share/zoneinfo/GMT0", "usr/share/zoneinfo/Greenwich", "usr/share/zoneinfo/HST", "usr/share/zoneinfo/Hongkong", "usr/share/zoneinfo/Iceland", "usr/share/zoneinfo/Iran", "usr/share/zoneinfo/Israel", "usr/share/zoneinfo/Jamaica", "usr/share/zoneinfo/Japan", "usr/share/zoneinfo/Kwajalein", "usr/share/zoneinfo/Libya", "usr/share/zoneinfo/MET", "usr/share/zoneinfo/MST", "usr/share/zoneinfo/MST7MDT", "usr/share/zoneinfo/NZ", "usr/share/zoneinfo/NZ-CHAT", "usr/share/zoneinfo/Navajo", "usr/share/zoneinfo/PRC", "usr/share/zoneinfo/PST8PDT", "usr/share/zoneinfo/Poland", "usr/share/zoneinfo/Portugal", "usr/share/zoneinfo/ROC", "usr/share/zoneinfo/ROK", "usr/share/zoneinfo/Singapore", "usr/share/zoneinfo/Turkey", "usr/share/zoneinfo/UCT", "usr/share/zoneinfo/UTC", "usr/share/zoneinfo/Universal", "usr/share/zoneinfo/W-SU", "usr/share/zoneinfo/WET", "usr/share/zoneinfo/Zulu", "usr/share/zoneinfo/iso3166.tab", "usr/share/zoneinfo/leap-seconds.list", "usr/share/zoneinfo/posixrules", "usr/share/zoneinfo/zone.tab", "usr/share/zoneinfo/zone1970.tab", "usr/share/zoneinfo/Africa/Abidjan", "usr/share/zoneinfo/Africa/Accra", "usr/share/zoneinfo/Africa/Addis_Ababa", "usr/share/zoneinfo/Africa/Algiers", "usr/share/zoneinfo/Africa/Asmara", "usr/share/zoneinfo/Africa/Asmera", "usr/share/zoneinfo/Africa/Bamako", "usr/share/zoneinfo/Africa/Bangui", "usr/share/zoneinfo/Africa/Banjul", "usr/share/zoneinfo/Africa/Bissau", "usr/share/zoneinfo/Africa/Blantyre", "usr/share/zoneinfo/Africa/Brazzaville", "usr/share/zoneinfo/Africa/Bujumbura", "usr/share/zoneinfo/Africa/Cairo", "usr/share/zoneinfo/Africa/Casablanca", "usr/share/zoneinfo/Africa/Ceuta", "usr/share/zoneinfo/Africa/Conakry", "usr/share/zoneinfo/Africa/Dakar", "usr/share/zoneinfo/Africa/Dar_es_Salaam", "usr/share/zoneinfo/Africa/Djibouti", "usr/share/zoneinfo/Africa/Douala", "usr/share/zoneinfo/Africa/El_Aaiun", "usr/share/zoneinfo/Africa/Freetown", "usr/share/zoneinfo/Africa/Gaborone", "usr/share/zoneinfo/Africa/Harare", "usr/share/zoneinfo/Africa/Johannesburg", "usr/share/zoneinfo/Africa/Juba", "usr/share/zoneinfo/Africa/Kampala", "usr/share/zoneinfo/Africa/Khartoum", "usr/share/zoneinfo/Africa/Kigali", "usr/share/zoneinfo/Africa/Kinshasa", "usr/share/zoneinfo/Africa/Lagos", "usr/share/zoneinfo/Africa/Libreville", "usr/share/zoneinfo/Africa/Lome", "usr/share/zoneinfo/Africa/Luanda", "usr/share/zoneinfo/Africa/Lubumbashi", "usr/share/zoneinfo/Africa/Lusaka", "usr/share/zoneinfo/Africa/Malabo", "usr/share/zoneinfo/Africa/Maputo", "usr/share/zoneinfo/Africa/Maseru", "usr/share/zoneinfo/Africa/Mbabane", "usr/share/zoneinfo/Africa/Mogadishu", "usr/share/zoneinfo/Africa/Monrovia", "usr/share/zoneinfo/Africa/Nairobi", "usr/share/zoneinfo/Africa/Ndjamena", "usr/share/zoneinfo/Africa/Niamey", "usr/share/zoneinfo/Africa/Nouakchott", "usr/share/zoneinfo/Africa/Ouagadougou", "usr/share/zoneinfo/Africa/Porto-Novo", "usr/share/zoneinfo/Africa/Sao_Tome", "usr/share/zoneinfo/Africa/Timbuktu", "usr/share/zoneinfo/Africa/Tripoli", "usr/share/zoneinfo/Africa/Tunis", "usr/share/zoneinfo/Africa/Windhoek", "usr/share/zoneinfo/America/Adak", "usr/share/zoneinfo/America/Anchorage", "usr/share/zoneinfo/America/Anguilla", "usr/share/zoneinfo/America/Antigua", "usr/share/zoneinfo/America/Araguaina", "usr/share/zoneinfo/America/Aruba", "usr/share/zoneinfo/America/Asuncion", "usr/share/zoneinfo/America/Atikokan", "usr/share/zoneinfo/America/Atka", "usr/share/zoneinfo/America/Bahia", "usr/share/zoneinfo/America/Bahia_Banderas", "usr/share/zoneinfo/America/Barbados", "usr/share/zoneinfo/America/Belem", "usr/share/zoneinfo/America/Belize", "usr/share/zoneinfo/America/Blanc-Sablon", "usr/share/zoneinfo/America/Boa_Vista", "usr/share/zoneinfo/America/Bogota", "usr/share/zoneinfo/America/Boise", "usr/share/zoneinfo/America/Buenos_Aires", "usr/share/zoneinfo/America/Cambridge_Bay", "usr/share/zoneinfo/America/Campo_Grande", "usr/share/zoneinfo/America/Cancun", "usr/share/zoneinfo/America/Caracas", "usr/share/zoneinfo/America/Catamarca", "usr/share/zoneinfo/America/Cayenne", "usr/share/zoneinfo/America/Cayman", "usr/share/zoneinfo/America/Chicago", "usr/share/zoneinfo/America/Chihuahua", "usr/share/zoneinfo/America/Coral_Harbour", "usr/share/zoneinfo/America/Cordoba", "usr/share/zoneinfo/America/Costa_Rica", "usr/share/zoneinfo/America/Creston", "usr/share/zoneinfo/America/Cuiaba", "usr/share/zoneinfo/America/Curacao", "usr/share/zoneinfo/America/Danmarkshavn", "usr/share/zoneinfo/America/Dawson", "usr/share/zoneinfo/America/Dawson_Creek", "usr/share/zoneinfo/America/Denver", "usr/share/zoneinfo/America/Detroit", "usr/share/zoneinfo/America/Dominica", "usr/share/zoneinfo/America/Edmonton", "usr/share/zoneinfo/America/Eirunepe", "usr/share/zoneinfo/America/El_Salvador", "usr/share/zoneinfo/America/Ensenada", "usr/share/zoneinfo/America/Fort_Nelson", "usr/share/zoneinfo/America/Fort_Wayne", "usr/share/zoneinfo/America/Fortaleza", "usr/share/zoneinfo/America/Glace_Bay", "usr/share/zoneinfo/America/Godthab", "usr/share/zoneinfo/America/Goose_Bay", "usr/share/zoneinfo/America/Grand_Turk", "usr/share/zoneinfo/America/Grenada", "usr/share/zoneinfo/America/Guadeloupe", "usr/share/zoneinfo/America/Guatemala", "usr/share/zoneinfo/America/Guayaquil", "usr/share/zoneinfo/America/Guyana", "usr/share/zoneinfo/America/Halifax", "usr/share/zoneinfo/America/Havana", "usr/share/zoneinfo/America/Hermosillo", "usr/share/zoneinfo/America/Indianapolis", "usr/share/zoneinfo/America/Inuvik", "usr/share/zoneinfo/America/Iqaluit", "usr/share/zoneinfo/America/Jamaica", "usr/share/zoneinfo/America/Jujuy", "usr/share/zoneinfo/America/Juneau", "usr/share/zoneinfo/America/Knox_IN", "usr/share/zoneinfo/America/Kralendijk", "usr/share/zoneinfo/America/La_Paz", "usr/share/zoneinfo/America/Lima", "usr/share/zoneinfo/America/Los_Angeles", "usr/share/zoneinfo/America/Louisville", "usr/share/zoneinfo/America/Lower_Princes", "usr/share/zoneinfo/America/Maceio", "usr/share/zoneinfo/America/Managua", "usr/share/zoneinfo/America/Manaus", "usr/share/zoneinfo/America/Marigot", "usr/share/zoneinfo/America/Martinique", "usr/share/zoneinfo/America/Matamoros", "usr/share/zoneinfo/America/Mazatlan", "usr/share/zoneinfo/America/Mendoza", "usr/share/zoneinfo/America/Menominee", "usr/share/zoneinfo/America/Merida", "usr/share/zoneinfo/America/Metlakatla", "usr/share/zoneinfo/America/Mexico_City", "usr/share/zoneinfo/America/Miquelon", "usr/share/zoneinfo/America/Moncton", "usr/share/zoneinfo/America/Monterrey", "usr/share/zoneinfo/America/Montevideo", "usr/share/zoneinfo/America/Montreal", "usr/share/zoneinfo/America/Montserrat", "usr/share/zoneinfo/America/Nassau", "usr/share/zoneinfo/America/New_York", "usr/share/zoneinfo/America/Nipigon", "usr/share/zoneinfo/America/Nome", "usr/share/zoneinfo/America/Noronha", "usr/share/zoneinfo/America/Nuuk", "usr/share/zoneinfo/America/Ojinaga", "usr/share/zoneinfo/America/Panama", "usr/share/zoneinfo/America/Pangnirtung", "usr/share/zoneinfo/America/Paramaribo", "usr/share/zoneinfo/America/Phoenix", "usr/share/zoneinfo/America/Port-au-Prince", "usr/share/zoneinfo/America/Port_of_Spain", "usr/share/zoneinfo/America/Porto_Acre", "usr/share/zoneinfo/America/Porto_Velho", "usr/share/zoneinfo/America/Puerto_Rico", "usr/share/zoneinfo/America/Punta_Arenas", "usr/share/zoneinfo/America/Rainy_River", "usr/share/zoneinfo/America/Rankin_Inlet", "usr/share/zoneinfo/America/Recife", "usr/share/zoneinfo/America/Regina", "usr/share/zoneinfo/America/Resolute", "usr/share/zoneinfo/America/Rio_Branco", "usr/share/zoneinfo/America/Rosario", "usr/share/zoneinfo/America/Santa_Isabel", "usr/share/zoneinfo/America/Santarem", "usr/share/zoneinfo/America/Santiago", "usr/share/zoneinfo/America/Santo_Domingo", "usr/share/zoneinfo/America/Sao_Paulo", "usr/share/zoneinfo/America/Scoresbysund", "usr/share/zoneinfo/America/Shiprock", "usr/share/zoneinfo/America/Sitka", "usr/share/zoneinfo/America/St_Barthelemy", "usr/share/zoneinfo/America/St_Johns", "usr/share/zoneinfo/America/St_Kitts", "usr/share/zoneinfo/America/St_Lucia", "usr/share/zoneinfo/America/St_Thomas", "usr/share/zoneinfo/America/St_Vincent", "usr/share/zoneinfo/America/Swift_Current", "usr/share/zoneinfo/America/Tegucigalpa", "usr/share/zoneinfo/America/Thule", "usr/share/zoneinfo/America/Thunder_Bay", "usr/share/zoneinfo/America/Tijuana", "usr/share/zoneinfo/America/Toronto", "usr/share/zoneinfo/America/Tortola", "usr/share/zoneinfo/America/Vancouver", "usr/share/zoneinfo/America/Virgin", "usr/share/zoneinfo/America/Whitehorse", "usr/share/zoneinfo/America/Winnipeg", "usr/share/zoneinfo/America/Yakutat", "usr/share/zoneinfo/America/Yellowknife", "usr/share/zoneinfo/America/Argentina/Buenos_Aires", "usr/share/zoneinfo/America/Argentina/Catamarca", "usr/share/zoneinfo/America/Argentina/ComodRivadavia", "usr/share/zoneinfo/America/Argentina/Cordoba", "usr/share/zoneinfo/America/Argentina/Jujuy", "usr/share/zoneinfo/America/Argentina/La_Rioja", "usr/share/zoneinfo/America/Argentina/Mendoza", "usr/share/zoneinfo/America/Argentina/Rio_Gallegos", "usr/share/zoneinfo/America/Argentina/Salta", "usr/share/zoneinfo/America/Argentina/San_Juan", "usr/share/zoneinfo/America/Argentina/San_Luis", "usr/share/zoneinfo/America/Argentina/Tucuman", "usr/share/zoneinfo/America/Argentina/Ushuaia", "usr/share/zoneinfo/America/Indiana/Indianapolis", "usr/share/zoneinfo/America/Indiana/Knox", "usr/share/zoneinfo/America/Indiana/Marengo", "usr/share/zoneinfo/America/Indiana/Petersburg", "usr/share/zoneinfo/America/Indiana/Tell_City", "usr/share/zoneinfo/America/Indiana/Vevay", "usr/share/zoneinfo/America/Indiana/Vincennes", "usr/share/zoneinfo/America/Indiana/Winamac", "usr/share/zoneinfo/America/Kentucky/Louisville", "usr/share/zoneinfo/America/Kentucky/Monticello", "usr/share/zoneinfo/America/North_Dakota/Beulah", "usr/share/zoneinfo/America/North_Dakota/Center", "usr/share/zoneinfo/America/North_Dakota/New_Salem", "usr/share/zoneinfo/Antarctica/Casey", "usr/share/zoneinfo/Antarctica/Davis", "usr/share/zoneinfo/Antarctica/DumontDUrville", "usr/share/zoneinfo/Antarctica/Macquarie", "usr/share/zoneinfo/Antarctica/Mawson", "usr/share/zoneinfo/Antarctica/McMurdo", "usr/share/zoneinfo/Antarctica/Palmer", "usr/share/zoneinfo/Antarctica/Rothera", "usr/share/zoneinfo/Antarctica/South_Pole", "usr/share/zoneinfo/Antarctica/Syowa", "usr/share/zoneinfo/Antarctica/Troll", "usr/share/zoneinfo/Antarctica/Vostok", "usr/share/zoneinfo/Arctic/Longyearbyen", "usr/share/zoneinfo/Asia/Aden", "usr/share/zoneinfo/Asia/Almaty", "usr/share/zoneinfo/Asia/Amman", "usr/share/zoneinfo/Asia/Anadyr", "usr/share/zoneinfo/Asia/Aqtau", "usr/share/zoneinfo/Asia/Aqtobe", "usr/share/zoneinfo/Asia/Ashgabat", "usr/share/zoneinfo/Asia/Ashkhabad", "usr/share/zoneinfo/Asia/Atyrau", "usr/share/zoneinfo/Asia/Baghdad", "usr/share/zoneinfo/Asia/Bahrain", "usr/share/zoneinfo/Asia/Baku", "usr/share/zoneinfo/Asia/Bangkok", "usr/share/zoneinfo/Asia/Barnaul", "usr/share/zoneinfo/Asia/Beirut", "usr/share/zoneinfo/Asia/Bishkek", "usr/share/zoneinfo/Asia/Brunei", "usr/share/zoneinfo/Asia/Calcutta", "usr/share/zoneinfo/Asia/Chita", "usr/share/zoneinfo/Asia/Choibalsan", "usr/share/zoneinfo/Asia/Chongqing", "usr/share/zoneinfo/Asia/Chungking", "usr/share/zoneinfo/Asia/Colombo", "usr/share/zoneinfo/Asia/Dacca", "usr/share/zoneinfo/Asia/Damascus", "usr/share/zoneinfo/Asia/Dhaka", "usr/share/zoneinfo/Asia/Dili", "usr/share/zoneinfo/Asia/Dubai", "usr/share/zoneinfo/Asia/Dushanbe", "usr/share/zoneinfo/Asia/Famagusta", "usr/share/zoneinfo/Asia/Gaza", "usr/share/zoneinfo/Asia/Harbin", "usr/share/zoneinfo/Asia/Hebron", "usr/share/zoneinfo/Asia/Ho_Chi_Minh", "usr/share/zoneinfo/Asia/Hong_Kong", "usr/share/zoneinfo/Asia/Hovd", "usr/share/zoneinfo/Asia/Irkutsk", "usr/share/zoneinfo/Asia/Istanbul", "usr/share/zoneinfo/Asia/Jakarta", "usr/share/zoneinfo/Asia/Jayapura", "usr/share/zoneinfo/Asia/Jerusalem", "usr/share/zoneinfo/Asia/Kabul", "usr/share/zoneinfo/Asia/Kamchatka", "usr/share/zoneinfo/Asia/Karachi", "usr/share/zoneinfo/Asia/Kashgar", "usr/share/zoneinfo/Asia/Kathmandu", "usr/share/zoneinfo/Asia/Katmandu", "usr/share/zoneinfo/Asia/Khandyga", "usr/share/zoneinfo/Asia/Kolkata", "usr/share/zoneinfo/Asia/Krasnoyarsk", "usr/share/zoneinfo/Asia/Kuala_Lumpur", "usr/share/zoneinfo/Asia/Kuching", "usr/share/zoneinfo/Asia/Kuwait", "usr/share/zoneinfo/Asia/Macao", "usr/share/zoneinfo/Asia/Macau", "usr/share/zoneinfo/Asia/Magadan", "usr/share/zoneinfo/Asia/Makassar", "usr/share/zoneinfo/Asia/Manila", "usr/share/zoneinfo/Asia/Muscat", "usr/share/zoneinfo/Asia/Nicosia", "usr/share/zoneinfo/Asia/Novokuznetsk", "usr/share/zoneinfo/Asia/Novosibirsk", "usr/share/zoneinfo/Asia/Omsk", "usr/share/zoneinfo/Asia/Oral", "usr/share/zoneinfo/Asia/Phnom_Penh", "usr/share/zoneinfo/Asia/Pontianak", "usr/share/zoneinfo/Asia/Pyongyang", "usr/share/zoneinfo/Asia/Qatar", "usr/share/zoneinfo/Asia/Qostanay", "usr/share/zoneinfo/Asia/Qyzylorda", "usr/share/zoneinfo/Asia/Rangoon", "usr/share/zoneinfo/Asia/Riyadh", "usr/share/zoneinfo/Asia/Saigon", "usr/share/zoneinfo/Asia/Sakhalin", "usr/share/zoneinfo/Asia/Samarkand", "usr/share/zoneinfo/Asia/Seoul", "usr/share/zoneinfo/Asia/Shanghai", "usr/share/zoneinfo/Asia/Singapore", "usr/share/zoneinfo/Asia/Srednekolymsk", "usr/share/zoneinfo/Asia/Taipei", "usr/share/zoneinfo/Asia/Tashkent", "usr/share/zoneinfo/Asia/Tbilisi", "usr/share/zoneinfo/Asia/Tehran", "usr/share/zoneinfo/Asia/Tel_Aviv", "usr/share/zoneinfo/Asia/Thimbu", "usr/share/zoneinfo/Asia/Thimphu", "usr/share/zoneinfo/Asia/Tokyo", "usr/share/zoneinfo/Asia/Tomsk", "usr/share/zoneinfo/Asia/Ujung_Pandang", "usr/share/zoneinfo/Asia/Ulaanbaatar", "usr/share/zoneinfo/Asia/Ulan_Bator", "usr/share/zoneinfo/Asia/Urumqi", "usr/share/zoneinfo/Asia/Ust-Nera", "usr/share/zoneinfo/Asia/Vientiane", "usr/share/zoneinfo/Asia/Vladivostok", "usr/share/zoneinfo/Asia/Yakutsk", "usr/share/zoneinfo/Asia/Yangon", "usr/share/zoneinfo/Asia/Yekaterinburg", "usr/share/zoneinfo/Asia/Yerevan", "usr/share/zoneinfo/Atlantic/Azores", "usr/share/zoneinfo/Atlantic/Bermuda", "usr/share/zoneinfo/Atlantic/Canary", "usr/share/zoneinfo/Atlantic/Cape_Verde", "usr/share/zoneinfo/Atlantic/Faeroe", "usr/share/zoneinfo/Atlantic/Faroe", "usr/share/zoneinfo/Atlantic/Jan_Mayen", "usr/share/zoneinfo/Atlantic/Madeira", "usr/share/zoneinfo/Atlantic/Reykjavik", "usr/share/zoneinfo/Atlantic/South_Georgia", "usr/share/zoneinfo/Atlantic/St_Helena", "usr/share/zoneinfo/Atlantic/Stanley", "usr/share/zoneinfo/Australia/ACT", "usr/share/zoneinfo/Australia/Adelaide", "usr/share/zoneinfo/Australia/Brisbane", "usr/share/zoneinfo/Australia/Broken_Hill", "usr/share/zoneinfo/Australia/Canberra", "usr/share/zoneinfo/Australia/Currie", "usr/share/zoneinfo/Australia/Darwin", "usr/share/zoneinfo/Australia/Eucla", "usr/share/zoneinfo/Australia/Hobart", "usr/share/zoneinfo/Australia/LHI", "usr/share/zoneinfo/Australia/Lindeman", "usr/share/zoneinfo/Australia/Lord_Howe", "usr/share/zoneinfo/Australia/Melbourne", "usr/share/zoneinfo/Australia/NSW", "usr/share/zoneinfo/Australia/North", "usr/share/zoneinfo/Australia/Perth", "usr/share/zoneinfo/Australia/Queensland", "usr/share/zoneinfo/Australia/South", "usr/share/zoneinfo/Australia/Sydney", "usr/share/zoneinfo/Australia/Tasmania", "usr/share/zoneinfo/Australia/Victoria", "usr/share/zoneinfo/Australia/West", "usr/share/zoneinfo/Australia/Yancowinna", "usr/share/zoneinfo/Brazil/Acre", "usr/share/zoneinfo/Brazil/DeNoronha", "usr/share/zoneinfo/Brazil/East", "usr/share/zoneinfo/Brazil/West", "usr/share/zoneinfo/Canada/Atlantic", "usr/share/zoneinfo/Canada/Central", "usr/share/zoneinfo/Canada/Eastern", "usr/share/zoneinfo/Canada/Mountain", "usr/share/zoneinfo/Canada/Newfoundland", "usr/share/zoneinfo/Canada/Pacific", "usr/share/zoneinfo/Canada/Saskatchewan", "usr/share/zoneinfo/Canada/Yukon", "usr/share/zoneinfo/Chile/Continental", "usr/share/zoneinfo/Chile/EasterIsland", "usr/share/zoneinfo/Etc/GMT", "usr/share/zoneinfo/Etc/GMT+0", "usr/share/zoneinfo/Etc/GMT+1", "usr/share/zoneinfo/Etc/GMT+10", "usr/share/zoneinfo/Etc/GMT+11", "usr/share/zoneinfo/Etc/GMT+12", "usr/share/zoneinfo/Etc/GMT+2", "usr/share/zoneinfo/Etc/GMT+3", "usr/share/zoneinfo/Etc/GMT+4", "usr/share/zoneinfo/Etc/GMT+5", "usr/share/zoneinfo/Etc/GMT+6", "usr/share/zoneinfo/Etc/GMT+7", "usr/share/zoneinfo/Etc/GMT+8", "usr/share/zoneinfo/Etc/GMT+9", "usr/share/zoneinfo/Etc/GMT-0", "usr/share/zoneinfo/Etc/GMT-1", "usr/share/zoneinfo/Etc/GMT-10", "usr/share/zoneinfo/Etc/GMT-11", "usr/share/zoneinfo/Etc/GMT-12", "usr/share/zoneinfo/Etc/GMT-13", "usr/share/zoneinfo/Etc/GMT-14", "usr/share/zoneinfo/Etc/GMT-2", "usr/share/zoneinfo/Etc/GMT-3", "usr/share/zoneinfo/Etc/GMT-4", "usr/share/zoneinfo/Etc/GMT-5", "usr/share/zoneinfo/Etc/GMT-6", "usr/share/zoneinfo/Etc/GMT-7", "usr/share/zoneinfo/Etc/GMT-8", "usr/share/zoneinfo/Etc/GMT-9", "usr/share/zoneinfo/Etc/GMT0", "usr/share/zoneinfo/Etc/Greenwich", "usr/share/zoneinfo/Etc/UCT", "usr/share/zoneinfo/Etc/UTC", "usr/share/zoneinfo/Etc/Universal", "usr/share/zoneinfo/Etc/Zulu", "usr/share/zoneinfo/Europe/Amsterdam", "usr/share/zoneinfo/Europe/Andorra", "usr/share/zoneinfo/Europe/Astrakhan", "usr/share/zoneinfo/Europe/Athens", "usr/share/zoneinfo/Europe/Belfast", "usr/share/zoneinfo/Europe/Belgrade", "usr/share/zoneinfo/Europe/Berlin", "usr/share/zoneinfo/Europe/Bratislava", "usr/share/zoneinfo/Europe/Brussels", "usr/share/zoneinfo/Europe/Bucharest", "usr/share/zoneinfo/Europe/Budapest", "usr/share/zoneinfo/Europe/Busingen", "usr/share/zoneinfo/Europe/Chisinau", "usr/share/zoneinfo/Europe/Copenhagen", "usr/share/zoneinfo/Europe/Dublin", "usr/share/zoneinfo/Europe/Gibraltar", "usr/share/zoneinfo/Europe/Guernsey", "usr/share/zoneinfo/Europe/Helsinki", "usr/share/zoneinfo/Europe/Isle_of_Man", "usr/share/zoneinfo/Europe/Istanbul", "usr/share/zoneinfo/Europe/Jersey", "usr/share/zoneinfo/Europe/Kaliningrad", "usr/share/zoneinfo/Europe/Kiev", "usr/share/zoneinfo/Europe/Kirov", "usr/share/zoneinfo/Europe/Kyiv", "usr/share/zoneinfo/Europe/Lisbon", "usr/share/zoneinfo/Europe/Ljubljana", "usr/share/zoneinfo/Europe/London", "usr/share/zoneinfo/Europe/Luxembourg", "usr/share/zoneinfo/Europe/Madrid", "usr/share/zoneinfo/Europe/Malta", "usr/share/zoneinfo/Europe/Mariehamn", "usr/share/zoneinfo/Europe/Minsk", "usr/share/zoneinfo/Europe/Monaco", "usr/share/zoneinfo/Europe/Moscow", "usr/share/zoneinfo/Europe/Nicosia", "usr/share/zoneinfo/Europe/Oslo", "usr/share/zoneinfo/Europe/Paris", "usr/share/zoneinfo/Europe/Podgorica", "usr/share/zoneinfo/Europe/Prague", "usr/share/zoneinfo/Europe/Riga", "usr/share/zoneinfo/Europe/Rome", "usr/share/zoneinfo/Europe/Samara", "usr/share/zoneinfo/Europe/San_Marino", "usr/share/zoneinfo/Europe/Sarajevo", "usr/share/zoneinfo/Europe/Saratov", "usr/share/zoneinfo/Europe/Simferopol", "usr/share/zoneinfo/Europe/Skopje", "usr/share/zoneinfo/Europe/Sofia", "usr/share/zoneinfo/Europe/Stockholm", "usr/share/zoneinfo/Europe/Tallinn", "usr/share/zoneinfo/Europe/Tirane", "usr/share/zoneinfo/Europe/Tiraspol", "usr/share/zoneinfo/Europe/Ulyanovsk", "usr/share/zoneinfo/Europe/Uzhgorod", "usr/share/zoneinfo/Europe/Vaduz", "usr/share/zoneinfo/Europe/Vatican", "usr/share/zoneinfo/Europe/Vienna", "usr/share/zoneinfo/Europe/Vilnius", "usr/share/zoneinfo/Europe/Volgograd", "usr/share/zoneinfo/Europe/Warsaw", "usr/share/zoneinfo/Europe/Zagreb", "usr/share/zoneinfo/Europe/Zaporozhye", "usr/share/zoneinfo/Europe/Zurich", "usr/share/zoneinfo/Indian/Antananarivo", "usr/share/zoneinfo/Indian/Chagos", "usr/share/zoneinfo/Indian/Christmas", "usr/share/zoneinfo/Indian/Cocos", "usr/share/zoneinfo/Indian/Comoro", "usr/share/zoneinfo/Indian/Kerguelen", "usr/share/zoneinfo/Indian/Mahe", "usr/share/zoneinfo/Indian/Maldives", "usr/share/zoneinfo/Indian/Mauritius", "usr/share/zoneinfo/Indian/Mayotte", "usr/share/zoneinfo/Indian/Reunion", "usr/share/zoneinfo/Mexico/BajaNorte", "usr/share/zoneinfo/Mexico/BajaSur", "usr/share/zoneinfo/Mexico/General", "usr/share/zoneinfo/Pacific/Apia", "usr/share/zoneinfo/Pacific/Auckland", "usr/share/zoneinfo/Pacific/Bougainville", "usr/share/zoneinfo/Pacific/Chatham", "usr/share/zoneinfo/Pacific/Chuuk", "usr/share/zoneinfo/Pacific/Easter", "usr/share/zoneinfo/Pacific/Efate", "usr/share/zoneinfo/Pacific/Enderbury", "usr/share/zoneinfo/Pacific/Fakaofo", "usr/share/zoneinfo/Pacific/Fiji", "usr/share/zoneinfo/Pacific/Funafuti", "usr/share/zoneinfo/Pacific/Galapagos", "usr/share/zoneinfo/Pacific/Gambier", "usr/share/zoneinfo/Pacific/Guadalcanal", "usr/share/zoneinfo/Pacific/Guam", "usr/share/zoneinfo/Pacific/Honolulu", "usr/share/zoneinfo/Pacific/Johnston", "usr/share/zoneinfo/Pacific/Kanton", "usr/share/zoneinfo/Pacific/Kiritimati", "usr/share/zoneinfo/Pacific/Kosrae", "usr/share/zoneinfo/Pacific/Kwajalein", "usr/share/zoneinfo/Pacific/Majuro", "usr/share/zoneinfo/Pacific/Marquesas", "usr/share/zoneinfo/Pacific/Midway", "usr/share/zoneinfo/Pacific/Nauru", "usr/share/zoneinfo/Pacific/Niue", "usr/share/zoneinfo/Pacific/Norfolk", "usr/share/zoneinfo/Pacific/Noumea", "usr/share/zoneinfo/Pacific/Pago_Pago", "usr/share/zoneinfo/Pacific/Palau", "usr/share/zoneinfo/Pacific/Pitcairn", "usr/share/zoneinfo/Pacific/Pohnpei", "usr/share/zoneinfo/Pacific/Ponape", "usr/share/zoneinfo/Pacific/Port_Moresby", "usr/share/zoneinfo/Pacific/Rarotonga", "usr/share/zoneinfo/Pacific/Saipan", "usr/share/zoneinfo/Pacific/Samoa", "usr/share/zoneinfo/Pacific/Tahiti", "usr/share/zoneinfo/Pacific/Tarawa", "usr/share/zoneinfo/Pacific/Tongatapu", "usr/share/zoneinfo/Pacific/Truk", "usr/share/zoneinfo/Pacific/Wake", "usr/share/zoneinfo/Pacific/Wallis", "usr/share/zoneinfo/Pacific/Yap", "usr/share/zoneinfo/US/Alaska", "usr/share/zoneinfo/US/Aleutian", "usr/share/zoneinfo/US/Arizona", "usr/share/zoneinfo/US/Central", "usr/share/zoneinfo/US/East-Indiana", "usr/share/zoneinfo/US/Eastern", "usr/share/zoneinfo/US/Hawaii", "usr/share/zoneinfo/US/Indiana-Starke", "usr/share/zoneinfo/US/Michigan", "usr/share/zoneinfo/US/Mountain", "usr/share/zoneinfo/US/Pacific", "usr/share/zoneinfo/US/Samoa", "usr/share/zoneinfo/right/CET", "usr/share/zoneinfo/right/CST6CDT", "usr/share/zoneinfo/right/Cuba", "usr/share/zoneinfo/right/EET", "usr/share/zoneinfo/right/EST", "usr/share/zoneinfo/right/EST5EDT", "usr/share/zoneinfo/right/Egypt", "usr/share/zoneinfo/right/Eire", "usr/share/zoneinfo/right/Factory", "usr/share/zoneinfo/right/GB", "usr/share/zoneinfo/right/GB-Eire", "usr/share/zoneinfo/right/GMT", "usr/share/zoneinfo/right/GMT+0", "usr/share/zoneinfo/right/GMT-0", "usr/share/zoneinfo/right/GMT0", "usr/share/zoneinfo/right/Greenwich", "usr/share/zoneinfo/right/HST", "usr/share/zoneinfo/right/Hongkong", "usr/share/zoneinfo/right/Iceland", "usr/share/zoneinfo/right/Iran", "usr/share/zoneinfo/right/Israel", "usr/share/zoneinfo/right/Jamaica", "usr/share/zoneinfo/right/Japan", "usr/share/zoneinfo/right/Kwajalein", "usr/share/zoneinfo/right/Libya", "usr/share/zoneinfo/right/MET", "usr/share/zoneinfo/right/MST", "usr/share/zoneinfo/right/MST7MDT", "usr/share/zoneinfo/right/NZ", "usr/share/zoneinfo/right/NZ-CHAT", "usr/share/zoneinfo/right/Navajo", "usr/share/zoneinfo/right/PRC", "usr/share/zoneinfo/right/PST8PDT", "usr/share/zoneinfo/right/Poland", "usr/share/zoneinfo/right/Portugal", "usr/share/zoneinfo/right/ROC", "usr/share/zoneinfo/right/ROK", "usr/share/zoneinfo/right/Singapore", "usr/share/zoneinfo/right/Turkey", "usr/share/zoneinfo/right/UCT", "usr/share/zoneinfo/right/UTC", "usr/share/zoneinfo/right/Universal", "usr/share/zoneinfo/right/W-SU", "usr/share/zoneinfo/right/WET", "usr/share/zoneinfo/right/Zulu", "usr/share/zoneinfo/right/Africa/Abidjan", "usr/share/zoneinfo/right/Africa/Accra", "usr/share/zoneinfo/right/Africa/Addis_Ababa", "usr/share/zoneinfo/right/Africa/Algiers", "usr/share/zoneinfo/right/Africa/Asmara", "usr/share/zoneinfo/right/Africa/Asmera", "usr/share/zoneinfo/right/Africa/Bamako", "usr/share/zoneinfo/right/Africa/Bangui", "usr/share/zoneinfo/right/Africa/Banjul", "usr/share/zoneinfo/right/Africa/Bissau", "usr/share/zoneinfo/right/Africa/Blantyre", "usr/share/zoneinfo/right/Africa/Brazzaville", "usr/share/zoneinfo/right/Africa/Bujumbura", "usr/share/zoneinfo/right/Africa/Cairo", "usr/share/zoneinfo/right/Africa/Casablanca", "usr/share/zoneinfo/right/Africa/Ceuta", "usr/share/zoneinfo/right/Africa/Conakry", "usr/share/zoneinfo/right/Africa/Dakar", "usr/share/zoneinfo/right/Africa/Dar_es_Salaam", "usr/share/zoneinfo/right/Africa/Djibouti", "usr/share/zoneinfo/right/Africa/Douala", "usr/share/zoneinfo/right/Africa/El_Aaiun", "usr/share/zoneinfo/right/Africa/Freetown", "usr/share/zoneinfo/right/Africa/Gaborone", "usr/share/zoneinfo/right/Africa/Harare", "usr/share/zoneinfo/right/Africa/Johannesburg", "usr/share/zoneinfo/right/Africa/Juba", "usr/share/zoneinfo/right/Africa/Kampala", "usr/share/zoneinfo/right/Africa/Khartoum", "usr/share/zoneinfo/right/Africa/Kigali", "usr/share/zoneinfo/right/Africa/Kinshasa", "usr/share/zoneinfo/right/Africa/Lagos", "usr/share/zoneinfo/right/Africa/Libreville", "usr/share/zoneinfo/right/Africa/Lome", "usr/share/zoneinfo/right/Africa/Luanda", "usr/share/zoneinfo/right/Africa/Lubumbashi", "usr/share/zoneinfo/right/Africa/Lusaka", "usr/share/zoneinfo/right/Africa/Malabo", "usr/share/zoneinfo/right/Africa/Maputo", "usr/share/zoneinfo/right/Africa/Maseru", "usr/share/zoneinfo/right/Africa/Mbabane", "usr/share/zoneinfo/right/Africa/Mogadishu", "usr/share/zoneinfo/right/Africa/Monrovia", "usr/share/zoneinfo/right/Africa/Nairobi", "usr/share/zoneinfo/right/Africa/Ndjamena", "usr/share/zoneinfo/right/Africa/Niamey", "usr/share/zoneinfo/right/Africa/Nouakchott", "usr/share/zoneinfo/right/Africa/Ouagadougou", "usr/share/zoneinfo/right/Africa/Porto-Novo", "usr/share/zoneinfo/right/Africa/Sao_Tome", "usr/share/zoneinfo/right/Africa/Timbuktu", "usr/share/zoneinfo/right/Africa/Tripoli", "usr/share/zoneinfo/right/Africa/Tunis", "usr/share/zoneinfo/right/Africa/Windhoek", "usr/share/zoneinfo/right/America/Adak", "usr/share/zoneinfo/right/America/Anchorage", "usr/share/zoneinfo/right/America/Anguilla", "usr/share/zoneinfo/right/America/Antigua", "usr/share/zoneinfo/right/America/Araguaina", "usr/share/zoneinfo/right/America/Aruba", "usr/share/zoneinfo/right/America/Asuncion", "usr/share/zoneinfo/right/America/Atikokan", "usr/share/zoneinfo/right/America/Atka", "usr/share/zoneinfo/right/America/Bahia", "usr/share/zoneinfo/right/America/Bahia_Banderas", "usr/share/zoneinfo/right/America/Barbados", "usr/share/zoneinfo/right/America/Belem", "usr/share/zoneinfo/right/America/Belize", "usr/share/zoneinfo/right/America/Blanc-Sablon", "usr/share/zoneinfo/right/America/Boa_Vista", "usr/share/zoneinfo/right/America/Bogota", "usr/share/zoneinfo/right/America/Boise", "usr/share/zoneinfo/right/America/Buenos_Aires", "usr/share/zoneinfo/right/America/Cambridge_Bay", "usr/share/zoneinfo/right/America/Campo_Grande", "usr/share/zoneinfo/right/America/Cancun", "usr/share/zoneinfo/right/America/Caracas", "usr/share/zoneinfo/right/America/Catamarca", "usr/share/zoneinfo/right/America/Cayenne", "usr/share/zoneinfo/right/America/Cayman", "usr/share/zoneinfo/right/America/Chicago", "usr/share/zoneinfo/right/America/Chihuahua", "usr/share/zoneinfo/right/America/Coral_Harbour", "usr/share/zoneinfo/right/America/Cordoba", "usr/share/zoneinfo/right/America/Costa_Rica", "usr/share/zoneinfo/right/America/Creston", "usr/share/zoneinfo/right/America/Cuiaba", "usr/share/zoneinfo/right/America/Curacao", "usr/share/zoneinfo/right/America/Danmarkshavn", "usr/share/zoneinfo/right/America/Dawson", "usr/share/zoneinfo/right/America/Dawson_Creek", "usr/share/zoneinfo/right/America/Denver", "usr/share/zoneinfo/right/America/Detroit", "usr/share/zoneinfo/right/America/Dominica", "usr/share/zoneinfo/right/America/Edmonton", "usr/share/zoneinfo/right/America/Eirunepe", "usr/share/zoneinfo/right/America/El_Salvador", "usr/share/zoneinfo/right/America/Ensenada", "usr/share/zoneinfo/right/America/Fort_Nelson", "usr/share/zoneinfo/right/America/Fort_Wayne", "usr/share/zoneinfo/right/America/Fortaleza", "usr/share/zoneinfo/right/America/Glace_Bay", "usr/share/zoneinfo/right/America/Godthab", "usr/share/zoneinfo/right/America/Goose_Bay", "usr/share/zoneinfo/right/America/Grand_Turk", "usr/share/zoneinfo/right/America/Grenada", "usr/share/zoneinfo/right/America/Guadeloupe", "usr/share/zoneinfo/right/America/Guatemala", "usr/share/zoneinfo/right/America/Guayaquil", "usr/share/zoneinfo/right/America/Guyana", "usr/share/zoneinfo/right/America/Halifax", "usr/share/zoneinfo/right/America/Havana", "usr/share/zoneinfo/right/America/Hermosillo", "usr/share/zoneinfo/right/America/Indianapolis", "usr/share/zoneinfo/right/America/Inuvik", "usr/share/zoneinfo/right/America/Iqaluit", "usr/share/zoneinfo/right/America/Jamaica", "usr/share/zoneinfo/right/America/Jujuy", "usr/share/zoneinfo/right/America/Juneau", "usr/share/zoneinfo/right/America/Knox_IN", "usr/share/zoneinfo/right/America/Kralendijk", "usr/share/zoneinfo/right/America/La_Paz", "usr/share/zoneinfo/right/America/Lima", "usr/share/zoneinfo/right/America/Los_Angeles", "usr/share/zoneinfo/right/America/Louisville", "usr/share/zoneinfo/right/America/Lower_Princes", "usr/share/zoneinfo/right/America/Maceio", "usr/share/zoneinfo/right/America/Managua", "usr/share/zoneinfo/right/America/Manaus", "usr/share/zoneinfo/right/America/Marigot", "usr/share/zoneinfo/right/America/Martinique", "usr/share/zoneinfo/right/America/Matamoros", "usr/share/zoneinfo/right/America/Mazatlan", "usr/share/zoneinfo/right/America/Mendoza", "usr/share/zoneinfo/right/America/Menominee", "usr/share/zoneinfo/right/America/Merida", "usr/share/zoneinfo/right/America/Metlakatla", "usr/share/zoneinfo/right/America/Mexico_City", "usr/share/zoneinfo/right/America/Miquelon", "usr/share/zoneinfo/right/America/Moncton", "usr/share/zoneinfo/right/America/Monterrey", "usr/share/zoneinfo/right/America/Montevideo", "usr/share/zoneinfo/right/America/Montreal", "usr/share/zoneinfo/right/America/Montserrat", "usr/share/zoneinfo/right/America/Nassau", "usr/share/zoneinfo/right/America/New_York", "usr/share/zoneinfo/right/America/Nipigon", "usr/share/zoneinfo/right/America/Nome", "usr/share/zoneinfo/right/America/Noronha", "usr/share/zoneinfo/right/America/Nuuk", "usr/share/zoneinfo/right/America/Ojinaga", "usr/share/zoneinfo/right/America/Panama", "usr/share/zoneinfo/right/America/Pangnirtung", "usr/share/zoneinfo/right/America/Paramaribo", "usr/share/zoneinfo/right/America/Phoenix", "usr/share/zoneinfo/right/America/Port-au-Prince", "usr/share/zoneinfo/right/America/Port_of_Spain", "usr/share/zoneinfo/right/America/Porto_Acre", "usr/share/zoneinfo/right/America/Porto_Velho", "usr/share/zoneinfo/right/America/Puerto_Rico", "usr/share/zoneinfo/right/America/Punta_Arenas", "usr/share/zoneinfo/right/America/Rainy_River", "usr/share/zoneinfo/right/America/Rankin_Inlet", "usr/share/zoneinfo/right/America/Recife", "usr/share/zoneinfo/right/America/Regina", "usr/share/zoneinfo/right/America/Resolute", "usr/share/zoneinfo/right/America/Rio_Branco", "usr/share/zoneinfo/right/America/Rosario", "usr/share/zoneinfo/right/America/Santa_Isabel", "usr/share/zoneinfo/right/America/Santarem", "usr/share/zoneinfo/right/America/Santiago", "usr/share/zoneinfo/right/America/Santo_Domingo", "usr/share/zoneinfo/right/America/Sao_Paulo", "usr/share/zoneinfo/right/America/Scoresbysund", "usr/share/zoneinfo/right/America/Shiprock", "usr/share/zoneinfo/right/America/Sitka", "usr/share/zoneinfo/right/America/St_Barthelemy", "usr/share/zoneinfo/right/America/St_Johns", "usr/share/zoneinfo/right/America/St_Kitts", "usr/share/zoneinfo/right/America/St_Lucia", "usr/share/zoneinfo/right/America/St_Thomas", "usr/share/zoneinfo/right/America/St_Vincent", "usr/share/zoneinfo/right/America/Swift_Current", "usr/share/zoneinfo/right/America/Tegucigalpa", "usr/share/zoneinfo/right/America/Thule", "usr/share/zoneinfo/right/America/Thunder_Bay", "usr/share/zoneinfo/right/America/Tijuana", "usr/share/zoneinfo/right/America/Toronto", "usr/share/zoneinfo/right/America/Tortola", "usr/share/zoneinfo/right/America/Vancouver", "usr/share/zoneinfo/right/America/Virgin", "usr/share/zoneinfo/right/America/Whitehorse", "usr/share/zoneinfo/right/America/Winnipeg", "usr/share/zoneinfo/right/America/Yakutat", "usr/share/zoneinfo/right/America/Yellowknife", "usr/share/zoneinfo/right/America/Argentina/Buenos_Aires", "usr/share/zoneinfo/right/America/Argentina/Catamarca", "usr/share/zoneinfo/right/America/Argentina/ComodRivadavia", "usr/share/zoneinfo/right/America/Argentina/Cordoba", "usr/share/zoneinfo/right/America/Argentina/Jujuy", "usr/share/zoneinfo/right/America/Argentina/La_Rioja", "usr/share/zoneinfo/right/America/Argentina/Mendoza", "usr/share/zoneinfo/right/America/Argentina/Rio_Gallegos", "usr/share/zoneinfo/right/America/Argentina/Salta", "usr/share/zoneinfo/right/America/Argentina/San_Juan", "usr/share/zoneinfo/right/America/Argentina/San_Luis", "usr/share/zoneinfo/right/America/Argentina/Tucuman", "usr/share/zoneinfo/right/America/Argentina/Ushuaia", "usr/share/zoneinfo/right/America/Indiana/Indianapolis", "usr/share/zoneinfo/right/America/Indiana/Knox", "usr/share/zoneinfo/right/America/Indiana/Marengo", "usr/share/zoneinfo/right/America/Indiana/Petersburg", "usr/share/zoneinfo/right/America/Indiana/Tell_City", "usr/share/zoneinfo/right/America/Indiana/Vevay", "usr/share/zoneinfo/right/America/Indiana/Vincennes", "usr/share/zoneinfo/right/America/Indiana/Winamac", "usr/share/zoneinfo/right/America/Kentucky/Louisville", "usr/share/zoneinfo/right/America/Kentucky/Monticello", "usr/share/zoneinfo/right/America/North_Dakota/Beulah", "usr/share/zoneinfo/right/America/North_Dakota/Center", "usr/share/zoneinfo/right/America/North_Dakota/New_Salem", "usr/share/zoneinfo/right/Antarctica/Casey", "usr/share/zoneinfo/right/Antarctica/Davis", "usr/share/zoneinfo/right/Antarctica/DumontDUrville", "usr/share/zoneinfo/right/Antarctica/Macquarie", "usr/share/zoneinfo/right/Antarctica/Mawson", "usr/share/zoneinfo/right/Antarctica/McMurdo", "usr/share/zoneinfo/right/Antarctica/Palmer", "usr/share/zoneinfo/right/Antarctica/Rothera", "usr/share/zoneinfo/right/Antarctica/South_Pole", "usr/share/zoneinfo/right/Antarctica/Syowa", "usr/share/zoneinfo/right/Antarctica/Troll", "usr/share/zoneinfo/right/Antarctica/Vostok", "usr/share/zoneinfo/right/Arctic/Longyearbyen", "usr/share/zoneinfo/right/Asia/Aden", "usr/share/zoneinfo/right/Asia/Almaty", "usr/share/zoneinfo/right/Asia/Amman", "usr/share/zoneinfo/right/Asia/Anadyr", "usr/share/zoneinfo/right/Asia/Aqtau", "usr/share/zoneinfo/right/Asia/Aqtobe", "usr/share/zoneinfo/right/Asia/Ashgabat", "usr/share/zoneinfo/right/Asia/Ashkhabad", "usr/share/zoneinfo/right/Asia/Atyrau", "usr/share/zoneinfo/right/Asia/Baghdad", "usr/share/zoneinfo/right/Asia/Bahrain", "usr/share/zoneinfo/right/Asia/Baku", "usr/share/zoneinfo/right/Asia/Bangkok", "usr/share/zoneinfo/right/Asia/Barnaul", "usr/share/zoneinfo/right/Asia/Beirut", "usr/share/zoneinfo/right/Asia/Bishkek", "usr/share/zoneinfo/right/Asia/Brunei", "usr/share/zoneinfo/right/Asia/Calcutta", "usr/share/zoneinfo/right/Asia/Chita", "usr/share/zoneinfo/right/Asia/Choibalsan", "usr/share/zoneinfo/right/Asia/Chongqing", "usr/share/zoneinfo/right/Asia/Chungking", "usr/share/zoneinfo/right/Asia/Colombo", "usr/share/zoneinfo/right/Asia/Dacca", "usr/share/zoneinfo/right/Asia/Damascus", "usr/share/zoneinfo/right/Asia/Dhaka", "usr/share/zoneinfo/right/Asia/Dili", "usr/share/zoneinfo/right/Asia/Dubai", "usr/share/zoneinfo/right/Asia/Dushanbe", "usr/share/zoneinfo/right/Asia/Famagusta", "usr/share/zoneinfo/right/Asia/Gaza", "usr/share/zoneinfo/right/Asia/Harbin", "usr/share/zoneinfo/right/Asia/Hebron", "usr/share/zoneinfo/right/Asia/Ho_Chi_Minh", "usr/share/zoneinfo/right/Asia/Hong_Kong", "usr/share/zoneinfo/right/Asia/Hovd", "usr/share/zoneinfo/right/Asia/Irkutsk", "usr/share/zoneinfo/right/Asia/Istanbul", "usr/share/zoneinfo/right/Asia/Jakarta", "usr/share/zoneinfo/right/Asia/Jayapura", "usr/share/zoneinfo/right/Asia/Jerusalem", "usr/share/zoneinfo/right/Asia/Kabul", "usr/share/zoneinfo/right/Asia/Kamchatka", "usr/share/zoneinfo/right/Asia/Karachi", "usr/share/zoneinfo/right/Asia/Kashgar", "usr/share/zoneinfo/right/Asia/Kathmandu", "usr/share/zoneinfo/right/Asia/Katmandu", "usr/share/zoneinfo/right/Asia/Khandyga", "usr/share/zoneinfo/right/Asia/Kolkata", "usr/share/zoneinfo/right/Asia/Krasnoyarsk", "usr/share/zoneinfo/right/Asia/Kuala_Lumpur", "usr/share/zoneinfo/right/Asia/Kuching", "usr/share/zoneinfo/right/Asia/Kuwait", "usr/share/zoneinfo/right/Asia/Macao", "usr/share/zoneinfo/right/Asia/Macau", "usr/share/zoneinfo/right/Asia/Magadan", "usr/share/zoneinfo/right/Asia/Makassar", "usr/share/zoneinfo/right/Asia/Manila", "usr/share/zoneinfo/right/Asia/Muscat", "usr/share/zoneinfo/right/Asia/Nicosia", "usr/share/zoneinfo/right/Asia/Novokuznetsk", "usr/share/zoneinfo/right/Asia/Novosibirsk", "usr/share/zoneinfo/right/Asia/Omsk", "usr/share/zoneinfo/right/Asia/Oral", "usr/share/zoneinfo/right/Asia/Phnom_Penh", "usr/share/zoneinfo/right/Asia/Pontianak", "usr/share/zoneinfo/right/Asia/Pyongyang", "usr/share/zoneinfo/right/Asia/Qatar", "usr/share/zoneinfo/right/Asia/Qostanay", "usr/share/zoneinfo/right/Asia/Qyzylorda", "usr/share/zoneinfo/right/Asia/Rangoon", "usr/share/zoneinfo/right/Asia/Riyadh", "usr/share/zoneinfo/right/Asia/Saigon", "usr/share/zoneinfo/right/Asia/Sakhalin", "usr/share/zoneinfo/right/Asia/Samarkand", "usr/share/zoneinfo/right/Asia/Seoul", "usr/share/zoneinfo/right/Asia/Shanghai", "usr/share/zoneinfo/right/Asia/Singapore", "usr/share/zoneinfo/right/Asia/Srednekolymsk", "usr/share/zoneinfo/right/Asia/Taipei", "usr/share/zoneinfo/right/Asia/Tashkent", "usr/share/zoneinfo/right/Asia/Tbilisi", "usr/share/zoneinfo/right/Asia/Tehran", "usr/share/zoneinfo/right/Asia/Tel_Aviv", "usr/share/zoneinfo/right/Asia/Thimbu", "usr/share/zoneinfo/right/Asia/Thimphu", "usr/share/zoneinfo/right/Asia/Tokyo", "usr/share/zoneinfo/right/Asia/Tomsk", "usr/share/zoneinfo/right/Asia/Ujung_Pandang", "usr/share/zoneinfo/right/Asia/Ulaanbaatar", "usr/share/zoneinfo/right/Asia/Ulan_Bator", "usr/share/zoneinfo/right/Asia/Urumqi", "usr/share/zoneinfo/right/Asia/Ust-Nera", "usr/share/zoneinfo/right/Asia/Vientiane", "usr/share/zoneinfo/right/Asia/Vladivostok", "usr/share/zoneinfo/right/Asia/Yakutsk", "usr/share/zoneinfo/right/Asia/Yangon", "usr/share/zoneinfo/right/Asia/Yekaterinburg", "usr/share/zoneinfo/right/Asia/Yerevan", "usr/share/zoneinfo/right/Atlantic/Azores", "usr/share/zoneinfo/right/Atlantic/Bermuda", "usr/share/zoneinfo/right/Atlantic/Canary", "usr/share/zoneinfo/right/Atlantic/Cape_Verde", "usr/share/zoneinfo/right/Atlantic/Faeroe", "usr/share/zoneinfo/right/Atlantic/Faroe", "usr/share/zoneinfo/right/Atlantic/Jan_Mayen", "usr/share/zoneinfo/right/Atlantic/Madeira", "usr/share/zoneinfo/right/Atlantic/Reykjavik", "usr/share/zoneinfo/right/Atlantic/South_Georgia", "usr/share/zoneinfo/right/Atlantic/St_Helena", "usr/share/zoneinfo/right/Atlantic/Stanley", "usr/share/zoneinfo/right/Australia/ACT", "usr/share/zoneinfo/right/Australia/Adelaide", "usr/share/zoneinfo/right/Australia/Brisbane", "usr/share/zoneinfo/right/Australia/Broken_Hill", "usr/share/zoneinfo/right/Australia/Canberra", "usr/share/zoneinfo/right/Australia/Currie", "usr/share/zoneinfo/right/Australia/Darwin", "usr/share/zoneinfo/right/Australia/Eucla", "usr/share/zoneinfo/right/Australia/Hobart", "usr/share/zoneinfo/right/Australia/LHI", "usr/share/zoneinfo/right/Australia/Lindeman", "usr/share/zoneinfo/right/Australia/Lord_Howe", "usr/share/zoneinfo/right/Australia/Melbourne", "usr/share/zoneinfo/right/Australia/NSW", "usr/share/zoneinfo/right/Australia/North", "usr/share/zoneinfo/right/Australia/Perth", "usr/share/zoneinfo/right/Australia/Queensland", "usr/share/zoneinfo/right/Australia/South", "usr/share/zoneinfo/right/Australia/Sydney", "usr/share/zoneinfo/right/Australia/Tasmania", "usr/share/zoneinfo/right/Australia/Victoria", "usr/share/zoneinfo/right/Australia/West", "usr/share/zoneinfo/right/Australia/Yancowinna", "usr/share/zoneinfo/right/Brazil/Acre", "usr/share/zoneinfo/right/Brazil/DeNoronha", "usr/share/zoneinfo/right/Brazil/East", "usr/share/zoneinfo/right/Brazil/West", "usr/share/zoneinfo/right/Canada/Atlantic", "usr/share/zoneinfo/right/Canada/Central", "usr/share/zoneinfo/right/Canada/Eastern", "usr/share/zoneinfo/right/Canada/Mountain", "usr/share/zoneinfo/right/Canada/Newfoundland", "usr/share/zoneinfo/right/Canada/Pacific", "usr/share/zoneinfo/right/Canada/Saskatchewan", "usr/share/zoneinfo/right/Canada/Yukon", "usr/share/zoneinfo/right/Chile/Continental", "usr/share/zoneinfo/right/Chile/EasterIsland", "usr/share/zoneinfo/right/Etc/GMT", "usr/share/zoneinfo/right/Etc/GMT+0", "usr/share/zoneinfo/right/Etc/GMT+1", "usr/share/zoneinfo/right/Etc/GMT+10", "usr/share/zoneinfo/right/Etc/GMT+11", "usr/share/zoneinfo/right/Etc/GMT+12", "usr/share/zoneinfo/right/Etc/GMT+2", "usr/share/zoneinfo/right/Etc/GMT+3", "usr/share/zoneinfo/right/Etc/GMT+4", "usr/share/zoneinfo/right/Etc/GMT+5", "usr/share/zoneinfo/right/Etc/GMT+6", "usr/share/zoneinfo/right/Etc/GMT+7", "usr/share/zoneinfo/right/Etc/GMT+8", "usr/share/zoneinfo/right/Etc/GMT+9", "usr/share/zoneinfo/right/Etc/GMT-0", "usr/share/zoneinfo/right/Etc/GMT-1", "usr/share/zoneinfo/right/Etc/GMT-10", "usr/share/zoneinfo/right/Etc/GMT-11", "usr/share/zoneinfo/right/Etc/GMT-12", "usr/share/zoneinfo/right/Etc/GMT-13", "usr/share/zoneinfo/right/Etc/GMT-14", "usr/share/zoneinfo/right/Etc/GMT-2", "usr/share/zoneinfo/right/Etc/GMT-3", "usr/share/zoneinfo/right/Etc/GMT-4", "usr/share/zoneinfo/right/Etc/GMT-5", "usr/share/zoneinfo/right/Etc/GMT-6", "usr/share/zoneinfo/right/Etc/GMT-7", "usr/share/zoneinfo/right/Etc/GMT-8", "usr/share/zoneinfo/right/Etc/GMT-9", "usr/share/zoneinfo/right/Etc/GMT0", "usr/share/zoneinfo/right/Etc/Greenwich", "usr/share/zoneinfo/right/Etc/UCT", "usr/share/zoneinfo/right/Etc/UTC", "usr/share/zoneinfo/right/Etc/Universal", "usr/share/zoneinfo/right/Etc/Zulu", "usr/share/zoneinfo/right/Europe/Amsterdam", "usr/share/zoneinfo/right/Europe/Andorra", "usr/share/zoneinfo/right/Europe/Astrakhan", "usr/share/zoneinfo/right/Europe/Athens", "usr/share/zoneinfo/right/Europe/Belfast", "usr/share/zoneinfo/right/Europe/Belgrade", "usr/share/zoneinfo/right/Europe/Berlin", "usr/share/zoneinfo/right/Europe/Bratislava", "usr/share/zoneinfo/right/Europe/Brussels", "usr/share/zoneinfo/right/Europe/Bucharest", "usr/share/zoneinfo/right/Europe/Budapest", "usr/share/zoneinfo/right/Europe/Busingen", "usr/share/zoneinfo/right/Europe/Chisinau", "usr/share/zoneinfo/right/Europe/Copenhagen", "usr/share/zoneinfo/right/Europe/Dublin", "usr/share/zoneinfo/right/Europe/Gibraltar", "usr/share/zoneinfo/right/Europe/Guernsey", "usr/share/zoneinfo/right/Europe/Helsinki", "usr/share/zoneinfo/right/Europe/Isle_of_Man", "usr/share/zoneinfo/right/Europe/Istanbul", "usr/share/zoneinfo/right/Europe/Jersey", "usr/share/zoneinfo/right/Europe/Kaliningrad", "usr/share/zoneinfo/right/Europe/Kiev", "usr/share/zoneinfo/right/Europe/Kirov", "usr/share/zoneinfo/right/Europe/Kyiv", "usr/share/zoneinfo/right/Europe/Lisbon", "usr/share/zoneinfo/right/Europe/Ljubljana", "usr/share/zoneinfo/right/Europe/London", "usr/share/zoneinfo/right/Europe/Luxembourg", "usr/share/zoneinfo/right/Europe/Madrid", "usr/share/zoneinfo/right/Europe/Malta", "usr/share/zoneinfo/right/Europe/Mariehamn", "usr/share/zoneinfo/right/Europe/Minsk", "usr/share/zoneinfo/right/Europe/Monaco", "usr/share/zoneinfo/right/Europe/Moscow", "usr/share/zoneinfo/right/Europe/Nicosia", "usr/share/zoneinfo/right/Europe/Oslo", "usr/share/zoneinfo/right/Europe/Paris", "usr/share/zoneinfo/right/Europe/Podgorica", "usr/share/zoneinfo/right/Europe/Prague", "usr/share/zoneinfo/right/Europe/Riga", "usr/share/zoneinfo/right/Europe/Rome", "usr/share/zoneinfo/right/Europe/Samara", "usr/share/zoneinfo/right/Europe/San_Marino", "usr/share/zoneinfo/right/Europe/Sarajevo", "usr/share/zoneinfo/right/Europe/Saratov", "usr/share/zoneinfo/right/Europe/Simferopol", "usr/share/zoneinfo/right/Europe/Skopje", "usr/share/zoneinfo/right/Europe/Sofia", "usr/share/zoneinfo/right/Europe/Stockholm", "usr/share/zoneinfo/right/Europe/Tallinn", "usr/share/zoneinfo/right/Europe/Tirane", "usr/share/zoneinfo/right/Europe/Tiraspol", "usr/share/zoneinfo/right/Europe/Ulyanovsk", "usr/share/zoneinfo/right/Europe/Uzhgorod", "usr/share/zoneinfo/right/Europe/Vaduz", "usr/share/zoneinfo/right/Europe/Vatican", "usr/share/zoneinfo/right/Europe/Vienna", "usr/share/zoneinfo/right/Europe/Vilnius", "usr/share/zoneinfo/right/Europe/Volgograd", "usr/share/zoneinfo/right/Europe/Warsaw", "usr/share/zoneinfo/right/Europe/Zagreb", "usr/share/zoneinfo/right/Europe/Zaporozhye", "usr/share/zoneinfo/right/Europe/Zurich", "usr/share/zoneinfo/right/Indian/Antananarivo", "usr/share/zoneinfo/right/Indian/Chagos", "usr/share/zoneinfo/right/Indian/Christmas", "usr/share/zoneinfo/right/Indian/Cocos", "usr/share/zoneinfo/right/Indian/Comoro", "usr/share/zoneinfo/right/Indian/Kerguelen", "usr/share/zoneinfo/right/Indian/Mahe", "usr/share/zoneinfo/right/Indian/Maldives", "usr/share/zoneinfo/right/Indian/Mauritius", "usr/share/zoneinfo/right/Indian/Mayotte", "usr/share/zoneinfo/right/Indian/Reunion", "usr/share/zoneinfo/right/Mexico/BajaNorte", "usr/share/zoneinfo/right/Mexico/BajaSur", "usr/share/zoneinfo/right/Mexico/General", "usr/share/zoneinfo/right/Pacific/Apia", "usr/share/zoneinfo/right/Pacific/Auckland", "usr/share/zoneinfo/right/Pacific/Bougainville", "usr/share/zoneinfo/right/Pacific/Chatham", "usr/share/zoneinfo/right/Pacific/Chuuk", "usr/share/zoneinfo/right/Pacific/Easter", "usr/share/zoneinfo/right/Pacific/Efate", "usr/share/zoneinfo/right/Pacific/Enderbury", "usr/share/zoneinfo/right/Pacific/Fakaofo", "usr/share/zoneinfo/right/Pacific/Fiji", "usr/share/zoneinfo/right/Pacific/Funafuti", "usr/share/zoneinfo/right/Pacific/Galapagos", "usr/share/zoneinfo/right/Pacific/Gambier", "usr/share/zoneinfo/right/Pacific/Guadalcanal", "usr/share/zoneinfo/right/Pacific/Guam", "usr/share/zoneinfo/right/Pacific/Honolulu", "usr/share/zoneinfo/right/Pacific/Johnston", "usr/share/zoneinfo/right/Pacific/Kanton", "usr/share/zoneinfo/right/Pacific/Kiritimati", "usr/share/zoneinfo/right/Pacific/Kosrae", "usr/share/zoneinfo/right/Pacific/Kwajalein", "usr/share/zoneinfo/right/Pacific/Majuro", "usr/share/zoneinfo/right/Pacific/Marquesas", "usr/share/zoneinfo/right/Pacific/Midway", "usr/share/zoneinfo/right/Pacific/Nauru", "usr/share/zoneinfo/right/Pacific/Niue", "usr/share/zoneinfo/right/Pacific/Norfolk", "usr/share/zoneinfo/right/Pacific/Noumea", "usr/share/zoneinfo/right/Pacific/Pago_Pago", "usr/share/zoneinfo/right/Pacific/Palau", "usr/share/zoneinfo/right/Pacific/Pitcairn", "usr/share/zoneinfo/right/Pacific/Pohnpei", "usr/share/zoneinfo/right/Pacific/Ponape", "usr/share/zoneinfo/right/Pacific/Port_Moresby", "usr/share/zoneinfo/right/Pacific/Rarotonga", "usr/share/zoneinfo/right/Pacific/Saipan", "usr/share/zoneinfo/right/Pacific/Samoa", "usr/share/zoneinfo/right/Pacific/Tahiti", "usr/share/zoneinfo/right/Pacific/Tarawa", "usr/share/zoneinfo/right/Pacific/Tongatapu", "usr/share/zoneinfo/right/Pacific/Truk", "usr/share/zoneinfo/right/Pacific/Wake", "usr/share/zoneinfo/right/Pacific/Wallis", "usr/share/zoneinfo/right/Pacific/Yap", "usr/share/zoneinfo/right/US/Alaska", "usr/share/zoneinfo/right/US/Aleutian", "usr/share/zoneinfo/right/US/Arizona", "usr/share/zoneinfo/right/US/Central", "usr/share/zoneinfo/right/US/East-Indiana", "usr/share/zoneinfo/right/US/Eastern", "usr/share/zoneinfo/right/US/Hawaii", "usr/share/zoneinfo/right/US/Indiana-Starke", "usr/share/zoneinfo/right/US/Michigan", "usr/share/zoneinfo/right/US/Mountain", "usr/share/zoneinfo/right/US/Pacific", "usr/share/zoneinfo/right/US/Samoa" ], "AnalyzedBy": "apk" }, { "ID": "zlib@1.2.13-r0", "Name": "zlib", "Identifier": { "PURL": "pkg:apk/alpine/zlib@1.2.13-r0?arch=x86_64\u0026distro=3.17.0", "UID": "1565fe2d821c716a" }, "Version": "1.2.13-r0", "Arch": "x86_64", "SrcName": "zlib", "SrcVersion": "1.2.13-r0", "Licenses": [ "Zlib" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.3-r4" ], "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "Digest": "sha1:ae39d74f4d65d4f0315e1794c5ee0e95d979ac59", "InstalledFiles": [ "lib/libz.so.1", "lib/libz.so.1.2.13" ], "AnalyzedBy": "apk" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2023-42363", "PkgID": "busybox@1.35.0-r29", "PkgName": "busybox", "PkgIdentifier": { "PURL": "pkg:apk/alpine/busybox@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", "UID": "63663e79f1d78cba" }, "InstalledVersion": "1.35.0-r29", "FixedVersion": "1.35.0-r31", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-42363", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:137ff178bcd2a5f630515ace41391dd6d5b151ca921dae7ec3506afd1adf7e79", "Title": "busybox: use-after-free in awk", "Description": "A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://lists.busybox.net/pipermail/busybox/2024-May/090760.html", "https://access.redhat.com/security/cve/CVE-2023-42363", "https://bugs.busybox.net/show_bug.cgi?id=15865", "https://nvd.nist.gov/vuln/detail/CVE-2023-42363", "https://ubuntu.com/security/notices/USN-6961-1", "https://www.cve.org/CVERecord?id=CVE-2023-42363" ], "PublishedDate": "2023-11-27T22:15:07.94Z", "LastModifiedDate": "2024-11-21T08:22:28.403Z" }, { "VulnerabilityID": "CVE-2023-42364", "PkgID": "busybox@1.35.0-r29", "PkgName": "busybox", "PkgIdentifier": { "PURL": "pkg:apk/alpine/busybox@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", "UID": "63663e79f1d78cba" }, "InstalledVersion": "1.35.0-r29", "FixedVersion": "1.35.0-r31", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-42364", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:8272d84f0a7c05ee5438d6438476f9ef1fffea0c127124f904ed427481a15b7a", "Title": "busybox: use-after-free", "Description": "A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://lists.busybox.net/pipermail/busybox/2024-May/090762.html", "https://access.redhat.com/security/cve/CVE-2023-42364", "https://bugs.busybox.net/show_bug.cgi?id=15868", "https://gitlab.alpinelinux.org/alpine/aports/-/blob/master/main/busybox/CVE-2023-42364-CVE-2023-42365.patch", "https://lists.debian.org/debian-lts-announce/2025/01/msg00012.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-42364", "https://ubuntu.com/security/notices/USN-6961-1", "https://www.cve.org/CVERecord?id=CVE-2023-42364" ], "PublishedDate": "2023-11-27T23:15:07.313Z", "LastModifiedDate": "2025-11-03T21:16:01.17Z" }, { "VulnerabilityID": "CVE-2023-42365", "PkgID": "busybox@1.35.0-r29", "PkgName": "busybox", "PkgIdentifier": { "PURL": "pkg:apk/alpine/busybox@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", "UID": "63663e79f1d78cba" }, "InstalledVersion": "1.35.0-r29", "FixedVersion": "1.35.0-r31", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-42365", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:6e6b6e251633451cf3c4bec7399fc2ebe4aa68865b7e36913f394dfac29a1dfa", "Title": "busybox: use-after-free", "Description": "A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://lists.busybox.net/pipermail/busybox/2024-May/090762.html", "https://access.redhat.com/security/cve/CVE-2023-42365", "https://bugs.busybox.net/show_bug.cgi?id=15871", "https://gitlab.alpinelinux.org/alpine/aports/-/blob/master/main/busybox/CVE-2023-42364-CVE-2023-42365.patch", "https://lists.debian.org/debian-lts-announce/2025/01/msg00012.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-42365", "https://ubuntu.com/security/notices/USN-6961-1", "https://www.cve.org/CVERecord?id=CVE-2023-42365" ], "PublishedDate": "2023-11-27T23:15:07.373Z", "LastModifiedDate": "2025-11-03T21:16:01.393Z" }, { "VulnerabilityID": "CVE-2023-42366", "PkgID": "busybox@1.35.0-r29", "PkgName": "busybox", "PkgIdentifier": { "PURL": "pkg:apk/alpine/busybox@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", "UID": "63663e79f1d78cba" }, "InstalledVersion": "1.35.0-r29", "FixedVersion": "1.35.0-r30", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-42366", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:615b398e19029f654d228e19075090fe1efa506523ff7e670b4c19241f4ffee7", "Title": "busybox: A heap-buffer-overflow", "Description": "A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-42366", "https://bugs.busybox.net/show_bug.cgi?id=15874", "https://nvd.nist.gov/vuln/detail/CVE-2023-42366", "https://security.netapp.com/advisory/ntap-20241206-0007/", "https://www.cve.org/CVERecord?id=CVE-2023-42366" ], "PublishedDate": "2023-11-27T23:15:07.42Z", "LastModifiedDate": "2024-12-06T14:15:19.53Z" }, { "VulnerabilityID": "CVE-2023-42363", "PkgID": "busybox-binsh@1.35.0-r29", "PkgName": "busybox-binsh", "PkgIdentifier": { "PURL": "pkg:apk/alpine/busybox-binsh@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", "UID": "45c394fb49457fb2" }, "InstalledVersion": "1.35.0-r29", "FixedVersion": "1.35.0-r31", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-42363", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:621c482752dd822e488913d85fdfa0d31232e9844cc1aa4e0fb4fa181a6e7a7c", "Title": "busybox: use-after-free in awk", "Description": "A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://lists.busybox.net/pipermail/busybox/2024-May/090760.html", "https://access.redhat.com/security/cve/CVE-2023-42363", "https://bugs.busybox.net/show_bug.cgi?id=15865", "https://nvd.nist.gov/vuln/detail/CVE-2023-42363", "https://ubuntu.com/security/notices/USN-6961-1", "https://www.cve.org/CVERecord?id=CVE-2023-42363" ], "PublishedDate": "2023-11-27T22:15:07.94Z", "LastModifiedDate": "2024-11-21T08:22:28.403Z" }, { "VulnerabilityID": "CVE-2023-42364", "PkgID": "busybox-binsh@1.35.0-r29", "PkgName": "busybox-binsh", "PkgIdentifier": { "PURL": "pkg:apk/alpine/busybox-binsh@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", "UID": "45c394fb49457fb2" }, "InstalledVersion": "1.35.0-r29", "FixedVersion": "1.35.0-r31", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-42364", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:e9567f7f6523fd07f41456a306af9c7e75ff299072c654439daaaddd0ba56c6c", "Title": "busybox: use-after-free", "Description": "A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://lists.busybox.net/pipermail/busybox/2024-May/090762.html", "https://access.redhat.com/security/cve/CVE-2023-42364", "https://bugs.busybox.net/show_bug.cgi?id=15868", "https://gitlab.alpinelinux.org/alpine/aports/-/blob/master/main/busybox/CVE-2023-42364-CVE-2023-42365.patch", "https://lists.debian.org/debian-lts-announce/2025/01/msg00012.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-42364", "https://ubuntu.com/security/notices/USN-6961-1", "https://www.cve.org/CVERecord?id=CVE-2023-42364" ], "PublishedDate": "2023-11-27T23:15:07.313Z", "LastModifiedDate": "2025-11-03T21:16:01.17Z" }, { "VulnerabilityID": "CVE-2023-42365", "PkgID": "busybox-binsh@1.35.0-r29", "PkgName": "busybox-binsh", "PkgIdentifier": { "PURL": "pkg:apk/alpine/busybox-binsh@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", "UID": "45c394fb49457fb2" }, "InstalledVersion": "1.35.0-r29", "FixedVersion": "1.35.0-r31", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-42365", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:518febeb07948d101e7eab1f39815bbd020325a1bdebb8a8425cbe554a0acbf6", "Title": "busybox: use-after-free", "Description": "A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://lists.busybox.net/pipermail/busybox/2024-May/090762.html", "https://access.redhat.com/security/cve/CVE-2023-42365", "https://bugs.busybox.net/show_bug.cgi?id=15871", "https://gitlab.alpinelinux.org/alpine/aports/-/blob/master/main/busybox/CVE-2023-42364-CVE-2023-42365.patch", "https://lists.debian.org/debian-lts-announce/2025/01/msg00012.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-42365", "https://ubuntu.com/security/notices/USN-6961-1", "https://www.cve.org/CVERecord?id=CVE-2023-42365" ], "PublishedDate": "2023-11-27T23:15:07.373Z", "LastModifiedDate": "2025-11-03T21:16:01.393Z" }, { "VulnerabilityID": "CVE-2023-42366", "PkgID": "busybox-binsh@1.35.0-r29", "PkgName": "busybox-binsh", "PkgIdentifier": { "PURL": "pkg:apk/alpine/busybox-binsh@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", "UID": "45c394fb49457fb2" }, "InstalledVersion": "1.35.0-r29", "FixedVersion": "1.35.0-r30", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-42366", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:a0a53bc355c04705000f4ad707170d27723b21d02330c8b5860d3074b27c4734", "Title": "busybox: A heap-buffer-overflow", "Description": "A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-42366", "https://bugs.busybox.net/show_bug.cgi?id=15874", "https://nvd.nist.gov/vuln/detail/CVE-2023-42366", "https://security.netapp.com/advisory/ntap-20241206-0007/", "https://www.cve.org/CVERecord?id=CVE-2023-42366" ], "PublishedDate": "2023-11-27T23:15:07.42Z", "LastModifiedDate": "2024-12-06T14:15:19.53Z" }, { "VulnerabilityID": "CVE-2022-3996", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.7-r2", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3996", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:10bde7a1066ae65c13325d797715658d43c9f868a802880d876d644b7160e480", "Title": "openssl: double locking leads to denial of service", "Description": "If an X.509 certificate contains a malformed policy constraint and\npolicy processing is enabled, then a write lock will be taken twice\nrecursively. On some operating systems (most widely: Windows) this\nresults in a denial of service when the affected process hangs. Policy\nprocessing being enabled on a publicly facing server is not considered\nto be a common setup.\n\nPolicy processing is enabled by passing the `-policy'\nargument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.\n\nUpdate (31 March 2023): The description of the policy processing enablement\nwas corrected based on CVE-2023-0466.", "Severity": "HIGH", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "amazon": 1, "azure": 3, "ghsa": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "V3Score": 7.5, "V40Score": 8.7 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-3996", "https://github.com/alexcrichton/openssl-src-rs", "https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7", "https://nvd.nist.gov/vuln/detail/CVE-2022-3996", "https://security.netapp.com/advisory/ntap-20230203-0003/", "https://ubuntu.com/security/notices/USN-6039-1", "https://www.cve.org/CVERecord?id=CVE-2022-3996", "https://www.openssl.org/news/secadv/20221213.txt" ], "PublishedDate": "2022-12-13T16:15:22.007Z", "LastModifiedDate": "2024-11-21T07:20:42.003Z" }, { "VulnerabilityID": "CVE-2022-4450", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.8-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-4450", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:32dc6959f898bb8912fa49d39bcc14d55cd7086f7a15c96e96bc4b2e1d9a330c", "Title": "openssl: double free after calling PEM_read_bio_ex", "Description": "The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and\ndecodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data.\nIf the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are\npopulated with pointers to buffers containing the relevant decoded data. The\ncaller is responsible for freeing those buffers. It is possible to construct a\nPEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex()\nwill return a failure code but will populate the header argument with a pointer\nto a buffer that has already been freed. If the caller also frees this buffer\nthen a double free will occur. This will most likely lead to a crash. This\ncould be exploited by an attacker who has the ability to supply malicious PEM\nfiles for parsing to achieve a denial of service attack.\n\nThe functions PEM_read_bio() and PEM_read() are simple wrappers around\nPEM_read_bio_ex() and therefore these functions are also directly affected.\n\nThese functions are also called indirectly by a number of other OpenSSL\nfunctions including PEM_X509_INFO_read_bio_ex() and\nSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal\nuses of these functions are not vulnerable because the caller does not free the\nheader argument if PEM_read_bio_ex() returns a failure code. These locations\ninclude the PEM_read_bio_TYPE() functions as well as the decoders introduced in\nOpenSSL 3.0.\n\nThe OpenSSL asn1parse command line application is also impacted by this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-415" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "ghsa": 3, "julia": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:2165", "https://access.redhat.com/security/cve/CVE-2022-4450", "https://bugzilla.redhat.com/1960321", "https://bugzilla.redhat.com/2164440", "https://bugzilla.redhat.com/2164487", "https://bugzilla.redhat.com/2164492", "https://bugzilla.redhat.com/2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", "https://errata.almalinux.org/9/ALSA-2023-2165.html", "https://errata.rockylinux.org/RLSA-2023:0946", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=63bcf189be73a9cc1264059bed6f57974be74a83", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bbcf509bd046b34cca19c766bbddc31683d0858b", "https://github.com/advisories/GHSA-v5w6-wcm8-jm4q", "https://linux.oracle.com/cve/CVE-2022-4450.html", "https://linux.oracle.com/errata/ELSA-2023-32791.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-4450", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", "https://rustsec.org/advisories/RUSTSEC-2023-0010.html", "https://security.gentoo.org/glsa/202402-08", "https://ubuntu.com/security/notices/USN-5844-1", "https://ubuntu.com/security/notices/USN-6564-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2022-4450", "https://www.openssl.org/news/secadv/20230207.txt" ], "PublishedDate": "2023-02-08T20:15:23.973Z", "LastModifiedDate": "2025-11-04T20:16:15.06Z" }, { "VulnerabilityID": "CVE-2023-0215", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.8-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0215", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:dbaea0fdb8bc24a428a0992102d2ac296edbbdaea86cdc9a6ec3fb3a073c5cd5", "Title": "openssl: use-after-free following BIO_new_NDEF", "Description": "The public API function BIO_new_NDEF is a helper function used for streaming\nASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the\nSMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by\nend user applications.\n\nThe function receives a BIO from the caller, prepends a new BIO_f_asn1 filter\nBIO onto the front of it to form a BIO chain, and then returns the new head of\nthe BIO chain to the caller. Under certain conditions, for example if a CMS\nrecipient public key is invalid, the new filter BIO is freed and the function\nreturns a NULL result indicating a failure. However, in this case, the BIO chain\nis not properly cleaned up and the BIO passed by the caller still retains\ninternal pointers to the previously freed filter BIO. If the caller then goes on\nto call BIO_pop() on the BIO then a use-after-free will occur. This will most\nlikely result in a crash.\n\n\n\nThis scenario occurs directly in the internal function B64_write_ASN1() which\nmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on\nthe BIO. This internal function is in turn called by the public API functions\nPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream,\nSMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.\n\nOther public API functions that may be impacted by this include\ni2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and\ni2d_PKCS7_bio_stream.\n\nThe OpenSSL cms and smime command line applications are similarly affected.", "Severity": "HIGH", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "ghsa": 3, "julia": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:2165", "https://access.redhat.com/security/cve/CVE-2023-0215", "https://bugzilla.redhat.com/1960321", "https://bugzilla.redhat.com/2164440", "https://bugzilla.redhat.com/2164487", "https://bugzilla.redhat.com/2164492", "https://bugzilla.redhat.com/2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", "https://errata.almalinux.org/9/ALSA-2023-2165.html", "https://errata.rockylinux.org/RLSA-2023:0946", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344", "https://github.com/advisories/GHSA-r7jw-wp68-3xch", "https://linux.oracle.com/cve/CVE-2023-0215.html", "https://linux.oracle.com/errata/ELSA-2023-32791.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-0215", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", "https://rustsec.org/advisories/RUSTSEC-2023-0009.html", "https://security.gentoo.org/glsa/202402-08", "https://security.netapp.com/advisory/ntap-20230427-0007", "https://security.netapp.com/advisory/ntap-20230427-0007/", "https://security.netapp.com/advisory/ntap-20230427-0009", "https://security.netapp.com/advisory/ntap-20230427-0009/", "https://security.netapp.com/advisory/ntap-20240621-0006", "https://security.netapp.com/advisory/ntap-20240621-0006/", "https://ubuntu.com/security/notices/USN-5844-1", "https://ubuntu.com/security/notices/USN-5845-1", "https://ubuntu.com/security/notices/USN-5845-2", "https://ubuntu.com/security/notices/USN-6564-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2023-0215", "https://www.openssl.org/news/secadv/20230207.txt" ], "PublishedDate": "2023-02-08T20:15:24.107Z", "LastModifiedDate": "2025-11-04T20:16:15.847Z" }, { "VulnerabilityID": "CVE-2023-0216", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.8-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0216", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:ef5596e04d3268f7337138ce58c66f9e4fb4e62ac2967404bc99af6bcb0b18c7", "Title": "openssl: invalid pointer dereference in d2i_PKCS7 functions", "Description": "An invalid pointer dereference on read can be triggered when an\napplication tries to load malformed PKCS7 data with the\nd2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.\n\nThe result of the dereference is an application crash which could\nlead to a denial of service attack. The TLS implementation in OpenSSL\ndoes not call this function however third party applications might\ncall these functions on untrusted data.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 2, "amazon": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:0946", "https://access.redhat.com/security/cve/CVE-2023-0216", "https://bugzilla.redhat.com/2164440", "https://bugzilla.redhat.com/2164487", "https://bugzilla.redhat.com/2164488", "https://bugzilla.redhat.com/2164492", "https://bugzilla.redhat.com/2164494", "https://bugzilla.redhat.com/2164497", "https://bugzilla.redhat.com/2164499", "https://bugzilla.redhat.com/2164500", "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", "https://errata.almalinux.org/9/ALSA-2023-0946.html", "https://errata.rockylinux.org/RLSA-2023:0946", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=934a04f0e775309cadbef0aa6b9692e1b12a76c6", "https://linux.oracle.com/cve/CVE-2023-0216.html", "https://linux.oracle.com/errata/ELSA-2023-12152.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-0216", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", "https://rustsec.org/advisories/RUSTSEC-2023-0011.html", "https://security.gentoo.org/glsa/202402-08", "https://ubuntu.com/security/notices/USN-5844-1", "https://www.cve.org/CVERecord?id=CVE-2023-0216", "https://www.openssl.org/news/secadv/20230207.txt" ], "PublishedDate": "2023-02-08T20:15:24.16Z", "LastModifiedDate": "2025-11-04T20:16:16.043Z" }, { "VulnerabilityID": "CVE-2023-0217", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.8-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0217", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:4741c0cfae27a4879a2121c808f1a4da126ddfd33c6fb7eb27365fa6c6a4fb18", "Title": "openssl: NULL dereference validating DSA public key", "Description": "An invalid pointer dereference on read can be triggered when an\napplication tries to check a malformed DSA public key by the\nEVP_PKEY_public_check() function. This will most likely lead\nto an application crash. This function can be called on public\nkeys supplied from untrusted sources which could allow an attacker\nto cause a denial of service attack.\n\nThe TLS implementation in OpenSSL does not call this function\nbut applications might call the function if there are additional\nsecurity requirements imposed by standards such as FIPS 140-3.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 2, "amazon": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:0946", "https://access.redhat.com/security/cve/CVE-2023-0217", "https://bugzilla.redhat.com/2164440", "https://bugzilla.redhat.com/2164487", "https://bugzilla.redhat.com/2164488", "https://bugzilla.redhat.com/2164492", "https://bugzilla.redhat.com/2164494", "https://bugzilla.redhat.com/2164497", "https://bugzilla.redhat.com/2164499", "https://bugzilla.redhat.com/2164500", "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", "https://errata.almalinux.org/9/ALSA-2023-0946.html", "https://errata.rockylinux.org/RLSA-2023:0946", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=23985bac83fd50c8e29431009302b5442f985096", "https://linux.oracle.com/cve/CVE-2023-0217.html", "https://linux.oracle.com/errata/ELSA-2023-12152.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-0217", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", "https://rustsec.org/advisories/RUSTSEC-2023-0012.html", "https://security.gentoo.org/glsa/202402-08", "https://ubuntu.com/security/notices/USN-5844-1", "https://www.cve.org/CVERecord?id=CVE-2023-0217", "https://www.openssl.org/news/secadv/20230207.txt" ], "PublishedDate": "2023-02-08T20:15:24.213Z", "LastModifiedDate": "2025-11-04T20:16:16.197Z" }, { "VulnerabilityID": "CVE-2023-0286", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.8-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0286", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:63acd88afaf3250a4b590fe0de36a69111fcaaa2113d4612158897a93a8ffd46", "Title": "openssl: X.400 address type confusion in X.509 GeneralName", "Description": "There is a type confusion vulnerability relating to X.400 address processing\ninside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but\nthe public structure definition for GENERAL_NAME incorrectly specified the type\nof the x400Address field as ASN1_TYPE. This field is subsequently interpreted by\nthe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an\nASN1_STRING.\n\nWhen CRL checking is enabled (i.e. the application sets the\nX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass\narbitrary pointers to a memcmp call, enabling them to read memory contents or\nenact a denial of service. In most cases, the attack requires the attacker to\nprovide both the certificate chain and CRL, neither of which need to have a\nvalid signature. If the attacker only controls one of these inputs, the other\ninput must already contain an X.400 address as a CRL distribution point, which\nis uncommon. As such, this vulnerability is most likely to only affect\napplications which have implemented their own functionality for retrieving CRLs\nover a network.", "Severity": "HIGH", "CweIDs": [ "CWE-843" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "ghsa": 3, "julia": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.4 }, "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.4 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:7937", "https://access.redhat.com/security/cve/CVE-2023-0286", "https://access.redhat.com/security/cve/cve-2023-0286", "https://bugzilla.redhat.com/2164440", "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", "https://errata.almalinux.org/9/ALSA-2025-7937.html", "https://errata.rockylinux.org/RLSA-2023:0946", "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt", "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d", "https://github.com/advisories/GHSA-x4qr-2fvf-3mr5", "https://github.com/pyca/cryptography", "https://github.com/pyca/cryptography/security/advisories/GHSA-x4qr-2fvf-3mr5", "https://linux.oracle.com/cve/CVE-2023-0286.html", "https://linux.oracle.com/errata/ELSA-2025-7937.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-0286", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", "https://rustsec.org/advisories/RUSTSEC-2023-0006.html", "https://security.gentoo.org/glsa/202402-08", "https://ubuntu.com/security/notices/USN-5844-1", "https://ubuntu.com/security/notices/USN-5845-1", "https://ubuntu.com/security/notices/USN-5845-2", "https://ubuntu.com/security/notices/USN-6564-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2023-0286", "https://www.openssl.org/news/secadv/20230207.txt" ], "PublishedDate": "2023-02-08T20:15:24.267Z", "LastModifiedDate": "2025-11-04T20:16:16.35Z" }, { "VulnerabilityID": "CVE-2023-0401", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.8-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0401", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:56fa68c9fd45445e81ce51bda360c61574bcdc9b4086dea9a32dc8e88028e086", "Title": "openssl: NULL dereference during PKCS7 data verification", "Description": "A NULL pointer can be dereferenced when signatures are being\nverified on PKCS7 signed or signedAndEnveloped data. In case the hash\nalgorithm used for the signature is known to the OpenSSL library but\nthe implementation of the hash algorithm is not available the digest\ninitialization will fail. There is a missing check for the return\nvalue from the initialization function which later leads to invalid\nusage of the digest API most likely leading to a crash.\n\nThe unavailability of an algorithm can be caused by using FIPS\nenabled configuration of providers or more commonly by not loading\nthe legacy provider.\n\nPKCS7 data is processed by the SMIME library calls and also by the\ntime stamp (TS) library calls. The TLS implementation in OpenSSL does\nnot call these functions however third party applications would be\naffected if they call these functions to verify signatures on untrusted\ndata.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 2, "amazon": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:0946", "https://access.redhat.com/security/cve/CVE-2023-0401", "https://bugzilla.redhat.com/2164440", "https://bugzilla.redhat.com/2164487", "https://bugzilla.redhat.com/2164488", "https://bugzilla.redhat.com/2164492", "https://bugzilla.redhat.com/2164494", "https://bugzilla.redhat.com/2164497", "https://bugzilla.redhat.com/2164499", "https://bugzilla.redhat.com/2164500", "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", "https://errata.almalinux.org/9/ALSA-2023-0946.html", "https://errata.rockylinux.org/RLSA-2023:0946", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d3b6dfd70db844c4499bec6ad6601623a565e674", "https://github.com/alexcrichton/openssl-src-rs", "https://linux.oracle.com/cve/CVE-2023-0401.html", "https://linux.oracle.com/errata/ELSA-2023-12152.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-0401", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", "https://rustsec.org/advisories/RUSTSEC-2023-0013.html", "https://security.gentoo.org/glsa/202402-08", "https://ubuntu.com/security/notices/USN-5844-1", "https://ubuntu.com/security/notices/USN-6564-1", "https://www.cve.org/CVERecord?id=CVE-2023-0401", "https://www.openssl.org/news/secadv/20230207.txt" ], "PublishedDate": "2023-02-08T20:15:24.323Z", "LastModifiedDate": "2025-11-04T20:16:16.527Z" }, { "VulnerabilityID": "CVE-2023-0464", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.8-r1", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0464", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:461bb3b307b4fe4b13cc129d5b6e7fc198da87a4ac6fedfef9eba6814b577d84", "Title": "openssl: Denial of service by excessive resource usage in verifying X509 policy constraints", "Description": "A security vulnerability has been identified in all supported versions\n\nof OpenSSL related to the verification of X.509 certificate chains\nthat include policy constraints. Attackers may be able to exploit this\nvulnerability by creating a malicious certificate chain that triggers\nexponential use of computational resources, leading to a denial-of-service\n(DoS) attack on affected systems.\n\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy' argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "cbl-mariner": 3, "julia": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:3722", "https://access.redhat.com/security/cve/CVE-2023-0464", "https://bugzilla.redhat.com/2181082", "https://bugzilla.redhat.com/2182561", "https://bugzilla.redhat.com/2182565", "https://bugzilla.redhat.com/2188461", "https://bugzilla.redhat.com/2207947", "https://errata.almalinux.org/9/ALSA-2023-3722.html", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642e", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1", "https://github.com/advisories/GHSA-w2w6-xp88-5cvw", "https://linux.oracle.com/cve/CVE-2023-0464.html", "https://linux.oracle.com/errata/ELSA-2023-3722.html", "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-0464", "https://security.gentoo.org/glsa/202402-08", "https://security.netapp.com/advisory/ntap-20230406-0006", "https://security.netapp.com/advisory/ntap-20230406-0006/", "https://security.netapp.com/advisory/ntap-20240621-0006", "https://security.netapp.com/advisory/ntap-20240621-0006/", "https://ubuntu.com/security/notices/USN-6039-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.couchbase.com/alerts", "https://www.couchbase.com/alerts/", "https://www.cve.org/CVERecord?id=CVE-2023-0464", "https://www.debian.org/security/2023/dsa-5417", "https://www.openssl.org/news/secadv/20230322.txt" ], "PublishedDate": "2023-03-22T17:15:13.13Z", "LastModifiedDate": "2025-05-05T16:15:26.103Z" }, { "VulnerabilityID": "CVE-2023-5363", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.12-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-5363", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:4eea907804afa4d9f649cb6df8442f44e541df9005e291a0a801cd2d19cdab9e", "Title": "openssl: Incorrect cipher key and IV length processing", "Description": "Issue summary: A bug has been identified in the processing of key and\ninitialisation vector (IV) lengths. This can lead to potential truncation\nor overruns during the initialisation of some symmetric ciphers.\n\nImpact summary: A truncation in the IV can result in non-uniqueness,\nwhich could result in loss of confidentiality for some cipher modes.\n\nWhen calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or\nEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after\nthe key and IV have been established. Any alterations to the key length,\nvia the \"keylen\" parameter or the IV length, via the \"ivlen\" parameter,\nwithin the OSSL_PARAM array will not take effect as intended, potentially\ncausing truncation or overreading of these values. The following ciphers\nand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.\n\nFor the CCM, GCM and OCB cipher modes, truncation of the IV can result in\nloss of confidentiality. For example, when following NIST's SP 800-38D\nsection 8.2.1 guidance for constructing a deterministic IV for AES in\nGCM mode, truncation of the counter portion could lead to IV reuse.\n\nBoth truncations and overruns of the key and overruns of the IV will\nproduce incorrect results and could, in some cases, trigger a memory\nexception. However, these issues are not currently assessed as security\ncritical.\n\nChanging the key and/or IV lengths is not considered to be a common operation\nand the vulnerable API was recently introduced. Furthermore it is likely that\napplication developers will have spotted this problem during testing since\ndecryption would fail unless both peers in the communication were similarly\nvulnerable. For these reasons we expect the probability of an application being\nvulnerable to this to be quite low. However if an application is vulnerable then\nthis issue is considered very serious. For these reasons we have assessed this\nissue as Moderate severity overall.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because\nthe issue lies outside of the FIPS provider boundary.\n\nOpenSSL 3.1 and 3.0 are vulnerable to this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-684" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "cbl-mariner": 3, "julia": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/10/24/1", "https://access.redhat.com/errata/RHSA-2024:0310", "https://access.redhat.com/security/cve/CVE-2023-5363", "https://bugzilla.redhat.com/2243839", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-093430.html", "https://cert-portal.siemens.com/productcert/html/ssa-277137.html", "https://cert-portal.siemens.com/productcert/html/ssa-331112.html", "https://cert-portal.siemens.com/productcert/html/ssa-769027.html", "https://errata.almalinux.org/9/ALSA-2024-0310.html", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee", "https://github.com/advisories/GHSA-xw78-pcr6-wrg8", "https://linux.oracle.com/cve/CVE-2023-5363.html", "https://linux.oracle.com/errata/ELSA-2024-12093.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-5363", "https://security.netapp.com/advisory/ntap-20231027-0010", "https://security.netapp.com/advisory/ntap-20231027-0010/", "https://security.netapp.com/advisory/ntap-20240201-0003", "https://security.netapp.com/advisory/ntap-20240201-0003/", "https://security.netapp.com/advisory/ntap-20240201-0004", "https://security.netapp.com/advisory/ntap-20240201-0004/", "https://security.netapp.com/advisory/ntap-20241108-0002", "https://security.netapp.com/advisory/ntap-20241108-0002/", "https://ubuntu.com/security/notices/USN-6450-1", "https://www.cve.org/CVERecord?id=CVE-2023-5363", "https://www.debian.org/security/2023/dsa-5532", "https://www.openssl.org/news/secadv/20231024.txt" ], "PublishedDate": "2023-10-25T18:17:43.613Z", "LastModifiedDate": "2026-05-12T11:16:16.87Z" }, { "VulnerabilityID": "CVE-2024-6119", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.15-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-6119", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:7c7cb5a5bd99bb0252b7ac1adf6ff05b0eb395a346aedc843535dc725a52f520", "Title": "openssl: Possible denial of service in X.509 name checks", "Description": "Issue summary: Applications performing certificate name checks (e.g., TLS\nclients checking server certificates) may attempt to read an invalid memory\naddress resulting in abnormal termination of the application process.\n\nImpact summary: Abnormal termination of an application can a cause a denial of\nservice.\n\nApplications performing certificate name checks (e.g., TLS clients checking\nserver certificates) may attempt to read an invalid memory address when\ncomparing the expected name with an `otherName` subject alternative name of an\nX.509 certificate. This may result in an exception that terminates the\napplication program.\n\nNote that basic certificate chain validation (signatures, dates, ...) is not\naffected, the denial of service can occur only when the application also\nspecifies an expected DNS name, Email address or IP address.\n\nTLS servers rarely solicit client certificates, and even when they do, they\ngenerally don't perform a name check against a reference identifier (expected\nidentity), but rather extract the presented identity after checking the\ncertificate chain. So TLS servers are generally not affected and the severity\nof the issue is Moderate.\n\nThe FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-843" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "cbl-mariner": 3, "julia": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/09/03/4", "https://access.redhat.com/errata/RHSA-2024:8935", "https://access.redhat.com/security/cve/CVE-2024-6119", "https://bugzilla.redhat.com/2306158", "https://bugzilla.redhat.com/show_bug.cgi?id=2306158", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-613116.html", "https://cert-portal.siemens.com/productcert/html/ssa-769027.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6119", "https://errata.almalinux.org/9/ALSA-2024-8935.html", "https://errata.rockylinux.org/RLSA-2024:6783", "https://github.com/advisories/GHSA-7m4m-pwhv-49c5", "https://github.com/openssl/openssl/commit/05f360d9e849a1b277db628f1f13083a7f8dd04f", "https://github.com/openssl/openssl/commit/06d1dc3fa96a2ba5a3e22735a033012aadc9f0d6", "https://github.com/openssl/openssl/commit/621f3729831b05ee828a3203eddb621d014ff2b2", "https://github.com/openssl/openssl/commit/7dfcee2cd2a63b2c64b9b4b0850be64cb695b0a0", "https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj", "https://linux.oracle.com/cve/CVE-2024-6119.html", "https://linux.oracle.com/errata/ELSA-2024-8935.html", "https://lists.freebsd.org/archives/freebsd-security/2024-September/000303.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-6119", "https://openssl-library.org/news/secadv/20240903.txt", "https://security.netapp.com/advisory/ntap-20240912-0001", "https://security.netapp.com/advisory/ntap-20240912-0001/", "https://ubuntu.com/security/notices/USN-6986-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2024-6119" ], "PublishedDate": "2024-09-03T16:15:07.177Z", "LastModifiedDate": "2026-05-12T12:17:20.647Z" }, { "VulnerabilityID": "CVE-2025-15467", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.19-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15467", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:811819248bd346b7ded1a9b5ac45e6387f5c121b361753c2ef71137978209848", "Title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing", "Description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 4, "julia": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 8.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/27/10", "http://www.openwall.com/lists/oss-security/2026/02/25/6", "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-15467", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-wvhq-3h88-rf6g", "https://github.com/guiimoraes/CVE-2025-15467", "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://linux.oracle.com/cve/CVE-2025-15467.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://www.cve.org/CVERecord?id=CVE-2025-15467" ], "PublishedDate": "2026-01-27T16:16:14.257Z", "LastModifiedDate": "2026-05-07T18:12:43.253Z" }, { "VulnerabilityID": "CVE-2025-69421", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.19-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69421", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:159afc701f235571ca34aa246d99c2c21c107a8dafd550271fb912fc3b9edc44", "Title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing", "Description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "cbl-mariner": 2, "julia": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 1, "rocky": 3, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-69421", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-w9rv-xc8m-cmqp", "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://linux.oracle.com/cve/CVE-2025-69421.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69421" ], "PublishedDate": "2026-01-27T16:16:34.437Z", "LastModifiedDate": "2026-05-12T13:17:26.71Z" }, { "VulnerabilityID": "CVE-2022-4203", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.8-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-4203", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:c2349b4b1cc2cc0d30beb853657b2562e04ec1385e49a4a79c45fae836f1fd7a", "Title": "openssl: read buffer overflow in X.509 certificate verification", "Description": "A read buffer overrun can be triggered in X.509 certificate verification,\nspecifically in name constraint checking. Note that this occurs\nafter certificate chain signature verification and requires either a\nCA to have signed the malicious certificate or for the application to\ncontinue certificate verification despite failure to construct a path\nto a trusted issuer.\n\nThe read buffer overrun might result in a crash which could lead to\na denial of service attack. In theory it could also result in the disclosure\nof private memory contents (such as private keys, or sensitive plaintext)\nalthough we are not aware of any working exploit leading to memory\ncontents disclosure as of the time of release of this advisory.\n\nIn a TLS client, this can be triggered by connecting to a malicious\nserver. In a TLS server, this can be triggered if the server requests\nclient authentication and a malicious client connects.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "alma": 2, "amazon": 3, "ghsa": 4, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "V3Score": 9.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:0946", "https://access.redhat.com/security/cve/CVE-2022-4203", "https://bugzilla.redhat.com/2164440", "https://bugzilla.redhat.com/2164487", "https://bugzilla.redhat.com/2164488", "https://bugzilla.redhat.com/2164492", "https://bugzilla.redhat.com/2164494", "https://bugzilla.redhat.com/2164497", "https://bugzilla.redhat.com/2164499", "https://bugzilla.redhat.com/2164500", "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", "https://errata.almalinux.org/9/ALSA-2023-0946.html", "https://errata.rockylinux.org/RLSA-2023:0946", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c927a3492698c254637da836762f9b1f86cffabc", "https://linux.oracle.com/cve/CVE-2022-4203.html", "https://linux.oracle.com/errata/ELSA-2023-12152.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-4203", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", "https://rustsec.org/advisories/RUSTSEC-2023-0008.html", "https://security.gentoo.org/glsa/202402-08", "https://ubuntu.com/security/notices/USN-5844-1", "https://www.cve.org/CVERecord?id=CVE-2022-4203", "https://www.openssl.org/news/secadv/20230207.txt" ], "PublishedDate": "2023-02-24T15:15:11.98Z", "LastModifiedDate": "2025-11-04T20:16:14.693Z" }, { "VulnerabilityID": "CVE-2022-4304", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.8-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-4304", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:ca5c10e709a2da5196d6026efaeedc3e39a676f7b7136f2d2092435142a7f921", "Title": "openssl: timing attack in RSA Decryption implementation", "Description": "A timing based side channel exists in the OpenSSL RSA Decryption implementation\nwhich could be sufficient to recover a plaintext across a network in a\nBleichenbacher style attack. To achieve a successful decryption an attacker\nwould have to be able to send a very large number of trial messages for\ndecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,\nRSA-OEAP and RSASVE.\n\nFor example, in a TLS connection, RSA is commonly used by a client to send an\nencrypted pre-master secret to the server. An attacker that had observed a\ngenuine connection between a client and a server could use this flaw to send\ntrial messages to the server and record the time taken to process them. After a\nsufficiently large number of messages the attacker could recover the pre-master\nsecret used for the original connection and thus be able to decrypt the\napplication data sent over that connection.", "Severity": "MEDIUM", "CweIDs": [ "CWE-203" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "julia": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 }, "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:2165", "https://access.redhat.com/security/cve/CVE-2022-4304", "https://bugzilla.redhat.com/1960321", "https://bugzilla.redhat.com/2164440", "https://bugzilla.redhat.com/2164487", "https://bugzilla.redhat.com/2164492", "https://bugzilla.redhat.com/2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", "https://errata.almalinux.org/9/ALSA-2023-2165.html", "https://errata.rockylinux.org/RLSA-2023:0946", "https://github.com/advisories/GHSA-p52g-cm5j-mjv4", "https://linux.oracle.com/cve/CVE-2022-4304.html", "https://linux.oracle.com/errata/ELSA-2023-32791.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-4304", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", "https://rustsec.org/advisories/RUSTSEC-2023-0007.html", "https://security.gentoo.org/glsa/202402-08", "https://ubuntu.com/security/notices/USN-5844-1", "https://ubuntu.com/security/notices/USN-6564-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2022-4304", "https://www.openssl.org/news/secadv/20230207.txt" ], "PublishedDate": "2023-02-08T20:15:23.887Z", "LastModifiedDate": "2025-11-04T20:16:14.897Z" }, { "VulnerabilityID": "CVE-2023-0465", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.8-r2", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0465", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:52ed5f91896343bee3d4b7e035ff0764016df2e8f32dae6a6f4fea3e166ecee2", "Title": "openssl: Invalid certificate policies in leaf certificates are silently ignored", "Description": "Applications that use a non-default option when verifying certificates may be\nvulnerable to an attack from a malicious CA to circumvent certain checks.\n\nInvalid certificate policies in leaf certificates are silently ignored by\nOpenSSL and other certificate policy checks are skipped for that certificate.\nA malicious CA could use this to deliberately assert invalid certificate policies\nin order to circumvent policy checking on the certificate altogether.\n\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy' argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "cbl-mariner": 2, "julia": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:3722", "https://access.redhat.com/security/cve/CVE-2023-0465", "https://bugzilla.redhat.com/2181082", "https://bugzilla.redhat.com/2182561", "https://bugzilla.redhat.com/2182565", "https://bugzilla.redhat.com/2188461", "https://bugzilla.redhat.com/2207947", "https://errata.almalinux.org/9/ALSA-2023-3722.html", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=10325176f3d3e98c6e2b3bf5ab1e3b334de6947a", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=facfb1ab745646e97a1920977ae4a9965ea61d5c", "https://github.com/advisories/GHSA-77f3-6546-6rj7", "https://linux.oracle.com/cve/CVE-2023-0465.html", "https://linux.oracle.com/errata/ELSA-2023-3722.html", "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-0465", "https://security.gentoo.org/glsa/202402-08", "https://security.netapp.com/advisory/ntap-20230414-0001", "https://security.netapp.com/advisory/ntap-20230414-0001/", "https://ubuntu.com/security/notices/USN-6039-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2023-0465", "https://www.debian.org/security/2023/dsa-5417", "https://www.openssl.org/news/secadv/20230328.txt" ], "PublishedDate": "2023-03-28T15:15:06.82Z", "LastModifiedDate": "2025-02-18T21:15:13.877Z" }, { "VulnerabilityID": "CVE-2023-0466", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.8-r3", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0466", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:ba780eb34a2227e36f8c8b4b81d675705a7bf71af9ec98ed1d432dcc89303633", "Title": "openssl: Certificate policy check not enabled", "Description": "The function X509_VERIFY_PARAM_add0_policy() is documented to\nimplicitly enable the certificate policy check when doing certificate\nverification. However the implementation of the function does not\nenable the check which allows certificates with invalid or incorrect\npolicies to pass the certificate verification.\n\nAs suddenly enabling the policy check could break existing deployments it was\ndecided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy()\nfunction.\n\nInstead the applications that require OpenSSL to perform certificate\npolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly\nenable the policy check by calling X509_VERIFY_PARAM_set_flags() with\nthe X509_V_FLAG_POLICY_CHECK flag argument.\n\nCertificate policy checks are disabled by default in OpenSSL and are not\ncommonly used by applications.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 2, "amazon": 3, "cbl-mariner": 2, "julia": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/09/28/4", "https://access.redhat.com/errata/RHSA-2023:3722", "https://access.redhat.com/security/cve/CVE-2023-0466", "https://bugzilla.redhat.com/2181082", "https://bugzilla.redhat.com/2182561", "https://bugzilla.redhat.com/2182565", "https://bugzilla.redhat.com/2188461", "https://bugzilla.redhat.com/2207947", "https://errata.almalinux.org/9/ALSA-2023-3722.html", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=73398dea26de9899fb4baa94098ad0a61f435c72", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc814a30fc4f0bc54fcea7d9a7462f5457aab061", "https://github.com/advisories/GHSA-pxvj-4wx4-gv6w", "https://linux.oracle.com/cve/CVE-2023-0466.html", "https://linux.oracle.com/errata/ELSA-2023-3722.html", "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-0466", "https://security.gentoo.org/glsa/202402-08", "https://security.netapp.com/advisory/ntap-20230414-0001", "https://security.netapp.com/advisory/ntap-20230414-0001/", "https://ubuntu.com/security/notices/USN-6039-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2023-0466", "https://www.debian.org/security/2023/dsa-5417", "https://www.openssl.org/news/secadv/20230328.txt" ], "PublishedDate": "2023-03-28T15:15:06.88Z", "LastModifiedDate": "2025-02-19T18:15:22.177Z" }, { "VulnerabilityID": "CVE-2023-1255", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.8-r4", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-1255", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:42f86951ca08ed0e659f02e3eeae71e10b1c7f78d2630833950893cb0a872f7d", "Title": "openssl: Input buffer over-read in AES-XTS implementation on 64 bit ARM", "Description": "Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM\nplatform contains a bug that could cause it to read past the input buffer,\nleading to a crash.\n\nImpact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM\nplatform can crash in rare circumstances. The AES-XTS algorithm is usually\nused for disk encryption.\n\nThe AES-XTS cipher decryption implementation for 64 bit ARM platform will read\npast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16\nbyte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext\nbuffer is unmapped, this will trigger a crash which results in a denial of\nservice.\n\nIf an attacker can control the size and location of the ciphertext buffer\nbeing decrypted by an application using AES-XTS on 64 bit ARM, the\napplication is affected. This is fairly unlikely making this issue\na Low severity one.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "alma": 2, "amazon": 2, "julia": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.1 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/04/20/13", "https://access.redhat.com/errata/RHSA-2023:3722", "https://access.redhat.com/security/cve/CVE-2023-1255", "https://bugzilla.redhat.com/2181082", "https://bugzilla.redhat.com/2182561", "https://bugzilla.redhat.com/2182565", "https://bugzilla.redhat.com/2188461", "https://bugzilla.redhat.com/2207947", "https://errata.almalinux.org/9/ALSA-2023-3722.html", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=02ac9c9420275868472f33b01def01218742b8bb", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bc2f61ad70971869b242fc1cb445b98bad50074a", "https://github.com/advisories/GHSA-4wp2-xw7p-2gfx", "https://linux.oracle.com/cve/CVE-2023-1255.html", "https://linux.oracle.com/errata/ELSA-2023-3722.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-1255", "https://security.netapp.com/advisory/ntap-20230908-0006/", "https://ubuntu.com/security/notices/USN-6119-1", "https://www.cve.org/CVERecord?id=CVE-2023-1255", "https://www.openssl.org/news/secadv/20230419.txt", "https://www.openssl.org/news/secadv/20230420.txt" ], "PublishedDate": "2023-04-20T17:15:06.883Z", "LastModifiedDate": "2025-02-04T22:15:39.327Z" }, { "VulnerabilityID": "CVE-2023-2650", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.9-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2650", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:db8405d450cb906bde57ccdb261306826eb867d33a9016705545694fde9fab61", "Title": "openssl: Possible DoS translating ASN.1 object identifiers", "Description": "Issue summary: Processing some specially crafted ASN.1 object identifiers or\ndata containing them may be very slow.\n\nImpact summary: Applications that use OBJ_obj2txt() directly, or use any of\nthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message\nsize limit may experience notable to very long delays when processing those\nmessages, which may lead to a Denial of Service.\n\nAn OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -\nmost of which have no size limit. OBJ_obj2txt() may be used to translate\nan ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL\ntype ASN1_OBJECT) to its canonical numeric text form, which are the\nsub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by\nperiods.\n\nWhen one of the sub-identifiers in the OBJECT IDENTIFIER is very large\n(these are sizes that are seen as absurdly large, taking up tens or hundreds\nof KiBs), the translation to a decimal number in text may take a very long\ntime. The time complexity is O(n^2) with 'n' being the size of the\nsub-identifiers in bytes (*).\n\nWith OpenSSL 3.0, support to fetch cryptographic algorithms using names /\nidentifiers in string form was introduced. This includes using OBJECT\nIDENTIFIERs in canonical numeric text form as identifiers for fetching\nalgorithms.\n\nSuch OBJECT IDENTIFIERs may be received through the ASN.1 structure\nAlgorithmIdentifier, which is commonly used in multiple protocols to specify\nwhat cryptographic algorithm should be used to sign or verify, encrypt or\ndecrypt, or digest passed data.\n\nApplications that call OBJ_obj2txt() directly with untrusted data are\naffected, with any version of OpenSSL. If the use is for the mere purpose\nof display, the severity is considered low.\n\nIn OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,\nCMS, CMP/CRMF or TS. It also impacts anything that processes X.509\ncertificates, including simple things like verifying its signature.\n\nThe impact on TLS is relatively low, because all versions of OpenSSL have a\n100KiB limit on the peer's certificate chain. Additionally, this only\nimpacts clients, or servers that have explicitly enabled client\nauthentication.\n\nIn OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,\nsuch as X.509 certificates. This is assumed to not happen in such a way\nthat it would cause a Denial of Service, so these versions are considered\nnot affected by this issue in such a way that it would be cause for concern,\nand the severity is therefore considered low.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "cbl-mariner": 2, "julia": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/05/30/1", "https://access.redhat.com/errata/RHSA-2023:6330", "https://access.redhat.com/security/cve/CVE-2023-2650", "https://bugzilla.redhat.com/1858038", "https://bugzilla.redhat.com/2207947", "https://errata.almalinux.org/9/ALSA-2023-6330.html", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=423a2bc737a908ad0c77bda470b2b59dc879936b", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=853c5e56ee0b8650c73140816bb8b91d6163422c", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9e209944b35cf82368071f160a744b6178f9b098", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a", "https://github.com/advisories/GHSA-gqxg-9vfr-p9cg", "https://linux.oracle.com/cve/CVE-2023-2650.html", "https://linux.oracle.com/errata/ELSA-2023-6330.html", "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-2650", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0009", "https://security.gentoo.org/glsa/202402-08", "https://security.netapp.com/advisory/ntap-20230703-0001/", "https://security.netapp.com/advisory/ntap-20231027-0009/", "https://ubuntu.com/security/notices/USN-6119-1", "https://ubuntu.com/security/notices/USN-6188-1", "https://ubuntu.com/security/notices/USN-6672-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2023-2650", "https://www.debian.org/security/2023/dsa-5417", "https://www.openssl.org/news/secadv/20230530.txt" ], "PublishedDate": "2023-05-30T14:15:09.683Z", "LastModifiedDate": "2025-03-19T16:15:21.89Z" }, { "VulnerabilityID": "CVE-2023-2975", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.9-r2", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2975", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:d217cf4c9a81bbfa5a676e83c071e25a89e5073390c0acc251517d841ac52d4e", "Title": "openssl: AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries", "Description": "Issue summary: The AES-SIV cipher implementation contains a bug that causes\nit to ignore empty associated data entries which are unauthenticated as\na consequence.\n\nImpact summary: Applications that use the AES-SIV algorithm and want to\nauthenticate empty data entries as associated data can be misled by removing,\nadding or reordering such empty entries as these are ignored by the OpenSSL\nimplementation. We are currently unaware of any such applications.\n\nThe AES-SIV algorithm allows for authentication of multiple associated\ndata entries along with the encryption. To authenticate empty data the\napplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with\nNULL pointer as the output buffer and 0 as the input buffer length.\nThe AES-SIV implementation in OpenSSL just returns success for such a call\ninstead of performing the associated data authentication operation.\nThe empty data thus will not be authenticated.\n\nAs this issue does not affect non-empty associated data authentication and\nwe expect it to be rare for an application to use empty associated data\nentries this is qualified as Low severity issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-354", "CWE-287" ], "VendorSeverity": { "alma": 1, "amazon": 2, "cbl-mariner": 2, "julia": 2, "nvd": 2, "oracle-oval": 1, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/07/15/1", "http://www.openwall.com/lists/oss-security/2023/07/19/5", "https://access.redhat.com/errata/RHSA-2024:2447", "https://access.redhat.com/security/cve/CVE-2023-2975", "https://bugzilla.redhat.com/2223016", "https://bugzilla.redhat.com/2224962", "https://bugzilla.redhat.com/2227852", "https://bugzilla.redhat.com/2248616", "https://bugzilla.redhat.com/2257571", "https://bugzilla.redhat.com/2258502", "https://bugzilla.redhat.com/2259944", "https://errata.almalinux.org/9/ALSA-2024-2447.html", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=00e2f5eea29994d19293ec4e8c8775ba73678598", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc", "https://github.com/advisories/GHSA-hpqg-7fjp-436p", "https://linux.oracle.com/cve/CVE-2023-2975.html", "https://linux.oracle.com/errata/ELSA-2024-2447.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-2975", "https://security.gentoo.org/glsa/202402-08", "https://security.netapp.com/advisory/ntap-20230725-0004", "https://security.netapp.com/advisory/ntap-20230725-0004/", "https://ubuntu.com/security/notices/USN-6450-1", "https://www.cve.org/CVERecord?id=CVE-2023-2975", "https://www.openssl.org/news/secadv/20230714.txt" ], "PublishedDate": "2023-07-14T12:15:09.023Z", "LastModifiedDate": "2025-04-23T17:16:32.467Z" }, { "VulnerabilityID": "CVE-2023-3446", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.9-r3", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3446", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:18f518d78e8c78b0839bdba171c36e6fe45872f3b876c3a9eab85d591d229de4", "Title": "openssl: Excessive time spent checking DH keys and parameters", "Description": "Issue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. One of those\nchecks confirms that the modulus ('p' parameter) is not too large. Trying to use\na very large modulus is slow and OpenSSL will not normally use a modulus which\nis over 10,000 bits in length.\n\nHowever the DH_check() function checks numerous aspects of the key or parameters\nthat have been supplied. Some of those checks use the supplied modulus value\neven if it has already been found to be too large.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulernable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the '-check' option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-606", "CWE-1333" ], "VendorSeverity": { "alma": 1, "amazon": 3, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 1, "photon": 2, "redhat": 1, "rocky": 3, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/07/19/4", "http://www.openwall.com/lists/oss-security/2023/07/19/5", "http://www.openwall.com/lists/oss-security/2023/07/19/6", "http://www.openwall.com/lists/oss-security/2023/07/31/1", "http://www.openwall.com/lists/oss-security/2024/05/16/1", "https://access.redhat.com/errata/RHSA-2024:2447", "https://access.redhat.com/security/cve/CVE-2023-3446", "https://bugzilla.redhat.com/2223016", "https://bugzilla.redhat.com/2224962", "https://bugzilla.redhat.com/2227852", "https://bugzilla.redhat.com/2248616", "https://bugzilla.redhat.com/2257571", "https://bugzilla.redhat.com/2258502", "https://bugzilla.redhat.com/2259944", "https://bugzilla.redhat.com/show_bug.cgi?id=2224962", "https://bugzilla.redhat.com/show_bug.cgi?id=2257582", "https://bugzilla.redhat.com/show_bug.cgi?id=2257583", "https://bugzilla.redhat.com/show_bug.cgi?id=2258677", "https://bugzilla.redhat.com/show_bug.cgi?id=2258688", "https://bugzilla.redhat.com/show_bug.cgi?id=2258691", "https://bugzilla.redhat.com/show_bug.cgi?id=2258694", "https://bugzilla.redhat.com/show_bug.cgi?id=2258700", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36763", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36764", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3446", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45229", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45231", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45232", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45233", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45235", "https://errata.almalinux.org/9/ALSA-2024-2447.html", "https://errata.rockylinux.org/RLSA-2024:2264", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23", "https://linux.oracle.com/cve/CVE-2023-3446.html", "https://linux.oracle.com/errata/ELSA-2024-2447.html", "https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3446", "https://security.gentoo.org/glsa/202402-08", "https://security.netapp.com/advisory/ntap-20230803-0011/", "https://ubuntu.com/security/notices/USN-6435-1", "https://ubuntu.com/security/notices/USN-6435-2", "https://ubuntu.com/security/notices/USN-6450-1", "https://ubuntu.com/security/notices/USN-6709-1", "https://ubuntu.com/security/notices/USN-7018-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2023-3446", "https://www.openssl.org/news/secadv/20230719.txt" ], "PublishedDate": "2023-07-19T12:15:10.003Z", "LastModifiedDate": "2025-04-23T17:16:36.967Z" }, { "VulnerabilityID": "CVE-2023-3817", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.10-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3817", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:b9e025ad75b22e285d0307215d8d25839e241b89fe5641023bae53a195a28b0b", "Title": "OpenSSL: Excessive time spent checking DH q parameter value", "Description": "Issue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. After fixing\nCVE-2023-3446 it was discovered that a large q parameter value can also trigger\nan overly long computation during some of these checks. A correct q value,\nif present, cannot be larger than the modulus p parameter, thus it is\nunnecessary to perform these checks if q is larger than p.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulnerable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the \"-check\" option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-606", "CWE-834" ], "VendorSeverity": { "alma": 1, "amazon": 2, "azure": 2, "cbl-mariner": 2, "julia": 2, "nvd": 2, "oracle-oval": 1, "photon": 2, "redhat": 1, "rocky": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://seclists.org/fulldisclosure/2023/Jul/43", "http://www.openwall.com/lists/oss-security/2023/07/31/1", "http://www.openwall.com/lists/oss-security/2023/09/22/11", "http://www.openwall.com/lists/oss-security/2023/09/22/9", "http://www.openwall.com/lists/oss-security/2023/11/06/2", "https://access.redhat.com/errata/RHSA-2024:2447", "https://access.redhat.com/security/cve/CVE-2023-3817", "https://bugzilla.redhat.com/2223016", "https://bugzilla.redhat.com/2224962", "https://bugzilla.redhat.com/2227852", "https://bugzilla.redhat.com/2248616", "https://bugzilla.redhat.com/2257571", "https://bugzilla.redhat.com/2258502", "https://bugzilla.redhat.com/2259944", "https://bugzilla.redhat.com/show_bug.cgi?id=2224962", "https://bugzilla.redhat.com/show_bug.cgi?id=2227852", "https://bugzilla.redhat.com/show_bug.cgi?id=2248616", "https://bugzilla.redhat.com/show_bug.cgi?id=2270358", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3446", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3817", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5678", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2408", "https://errata.almalinux.org/9/ALSA-2024-2447.html", "https://errata.rockylinux.org/RLSA-2023:7877", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5", "https://github.com/advisories/GHSA-c945-cqj5-wfv6", "https://linux.oracle.com/cve/CVE-2023-3817.html", "https://linux.oracle.com/errata/ELSA-2024-2447.html", "https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3817", "https://security.gentoo.org/glsa/202402-08", "https://security.netapp.com/advisory/ntap-20230818-0014", "https://security.netapp.com/advisory/ntap-20230818-0014/", "https://security.netapp.com/advisory/ntap-20231027-0008", "https://security.netapp.com/advisory/ntap-20231027-0008/", "https://security.netapp.com/advisory/ntap-20240621-0006", "https://security.netapp.com/advisory/ntap-20240621-0006/", "https://ubuntu.com/security/notices/USN-6435-1", "https://ubuntu.com/security/notices/USN-6435-2", "https://ubuntu.com/security/notices/USN-6450-1", "https://ubuntu.com/security/notices/USN-6709-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2023-3817", "https://www.openssl.org/news/secadv/20230731.txt" ], "PublishedDate": "2023-07-31T16:15:10.497Z", "LastModifiedDate": "2025-05-05T16:15:47.343Z" }, { "VulnerabilityID": "CVE-2023-5678", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.12-r1", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-5678", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:b4470fc33821ba2514083274cc7bb898452d335e9e766ebf6623b4e1a8d4c498", "Title": "openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow", "Description": "Issue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn't make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn't check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n\"-pubcheck\" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-606", "CWE-754" ], "VendorSeverity": { "alma": 1, "amazon": 3, "azure": 2, "cbl-mariner": 2, "julia": 2, "nvd": 2, "oracle-oval": 1, "photon": 2, "redhat": 1, "rocky": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/11/06/2", "http://www.openwall.com/lists/oss-security/2024/03/11/1", "https://access.redhat.com/errata/RHSA-2024:2447", "https://access.redhat.com/security/cve/CVE-2023-5678", "https://bugzilla.redhat.com/2223016", "https://bugzilla.redhat.com/2224962", "https://bugzilla.redhat.com/2227852", "https://bugzilla.redhat.com/2248616", "https://bugzilla.redhat.com/2257571", "https://bugzilla.redhat.com/2258502", "https://bugzilla.redhat.com/2259944", "https://bugzilla.redhat.com/show_bug.cgi?id=2224962", "https://bugzilla.redhat.com/show_bug.cgi?id=2227852", "https://bugzilla.redhat.com/show_bug.cgi?id=2248616", "https://bugzilla.redhat.com/show_bug.cgi?id=2270358", "https://cert-portal.siemens.com/productcert/html/ssa-093430.html", "https://cert-portal.siemens.com/productcert/html/ssa-128433.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cert-portal.siemens.com/productcert/html/ssa-277137.html", "https://cert-portal.siemens.com/productcert/html/ssa-331112.html", "https://cert-portal.siemens.com/productcert/html/ssa-341067.html", "https://cert-portal.siemens.com/productcert/html/ssa-398330.html", "https://cert-portal.siemens.com/productcert/html/ssa-556635.html", "https://cert-portal.siemens.com/productcert/html/ssa-613116.html", "https://cert-portal.siemens.com/productcert/html/ssa-769027.html", "https://cert-portal.siemens.com/productcert/html/ssa-794697.html", "https://cert-portal.siemens.com/productcert/html/ssa-915275.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3446", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3817", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5678", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2408", "https://errata.almalinux.org/9/ALSA-2024-2447.html", "https://errata.rockylinux.org/RLSA-2023:7877", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6", "https://github.com/advisories/GHSA-2cj7-mg3x-9mhq", "https://linux.oracle.com/cve/CVE-2023-5678.html", "https://linux.oracle.com/errata/ELSA-2024-2447.html", "https://lists.debian.org/debian-lts-announce/2024/10/msg00033.html", "https://lists.debian.org/debian-lts-announce/2024/11/msg00000.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-5678", "https://security.netapp.com/advisory/ntap-20231130-0010", "https://security.netapp.com/advisory/ntap-20231130-0010/", "https://ubuntu.com/security/notices/USN-6622-1", "https://ubuntu.com/security/notices/USN-6632-1", "https://ubuntu.com/security/notices/USN-6709-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2023-5678", "https://www.openssl.org/news/secadv/20231106.txt" ], "PublishedDate": "2023-11-06T16:15:42.67Z", "LastModifiedDate": "2026-05-12T11:16:17.123Z" }, { "VulnerabilityID": "CVE-2023-6129", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.12-r2", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-6129", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:c2446353807d01ebe3bdf89c198e076fe137670fa0eb216538b20419bbd81beb", "Title": "openssl: POLY1305 MAC implementation corrupts vector registers on PowerPC", "Description": "Issue summary: The POLY1305 MAC (message authentication code) implementation\ncontains a bug that might corrupt the internal state of applications running\non PowerPC CPU based platforms if the CPU provides vector instructions.\n\nImpact summary: If an attacker can influence whether the POLY1305 MAC\nalgorithm is used, the application state might be corrupted with various\napplication dependent consequences.\n\nThe POLY1305 MAC (message authentication code) implementation in OpenSSL for\nPowerPC CPUs restores the contents of vector registers in a different order\nthan they are saved. Thus the contents of some of these vector registers\nare corrupted when returning to the caller. The vulnerable code is used only\non newer PowerPC processors supporting the PowerISA 2.07 instructions.\n\nThe consequences of this kind of internal application state corruption can\nbe various - from no consequences, if the calling application does not\ndepend on the contents of non-volatile XMM registers at all, to the worst\nconsequences, where the attacker could get complete control of the application\nprocess. However unless the compiler uses the vector registers for storing\npointers, the most likely consequence, if any, would be an incorrect result\nof some application dependent calculations or a crash leading to a denial of\nservice.\n\nThe POLY1305 MAC algorithm is most frequently used as part of the\nCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)\nalgorithm. The most common usage of this AEAD cipher is with TLS protocol\nversions 1.2 and 1.3. If this cipher is enabled on the server a malicious\nclient can influence whether this AEAD cipher is used. This implies that\nTLS server applications using OpenSSL can be potentially impacted. However\nwe are currently not aware of any concrete application that would be affected\nby this issue therefore we consider this a Low severity security issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-440", "CWE-787" ], "VendorSeverity": { "alma": 2, "azure": 2, "cbl-mariner": 2, "julia": 2, "nvd": 2, "oracle-oval": 2, "redhat": 1, "rocky": 2, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "V3Score": 6.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/01/09/1", "http://www.openwall.com/lists/oss-security/2024/03/11/1", "https://access.redhat.com/errata/RHSA-2024:9088", "https://access.redhat.com/security/cve/CVE-2023-6129", "https://bugzilla.redhat.com/2257571", "https://bugzilla.redhat.com/2258502", "https://bugzilla.redhat.com/2259944", "https://bugzilla.redhat.com/2284243", "https://bugzilla.redhat.com/show_bug.cgi?id=2257571", "https://bugzilla.redhat.com/show_bug.cgi?id=2258502", "https://bugzilla.redhat.com/show_bug.cgi?id=2259944", "https://bugzilla.redhat.com/show_bug.cgi?id=2284243", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cert-portal.siemens.com/productcert/html/ssa-331112.html", "https://cert-portal.siemens.com/productcert/html/ssa-769027.html", "https://cert-portal.siemens.com/productcert/html/ssa-915275.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6129", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6237", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0727", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1298", "https://errata.almalinux.org/9/ALSA-2024-9088.html", "https://errata.rockylinux.org/RLSA-2024:9088", "https://github.com/advisories/GHSA-rj8q-prqp-jwfg", "https://github.com/openssl/openssl/commit/050d26383d4e264966fb83428e72d5d48f402d35", "https://github.com/openssl/openssl/commit/5b139f95c9a47a55a0c54100f3837b1eee942b04", "https://github.com/openssl/openssl/commit/f3fc5808fe9ff74042d639839610d03b8fdcc015", "https://linux.oracle.com/cve/CVE-2023-6129.html", "https://linux.oracle.com/errata/ELSA-2024-9088.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-6129", "https://security.netapp.com/advisory/ntap-20240216-0009", "https://security.netapp.com/advisory/ntap-20240216-0009/", "https://security.netapp.com/advisory/ntap-20240426-0008", "https://security.netapp.com/advisory/ntap-20240426-0008/", "https://security.netapp.com/advisory/ntap-20240426-0013", "https://security.netapp.com/advisory/ntap-20240426-0013/", "https://security.netapp.com/advisory/ntap-20240503-0011", "https://security.netapp.com/advisory/ntap-20240503-0011/", "https://ubuntu.com/security/notices/USN-6622-1", "https://www.cve.org/CVERecord?id=CVE-2023-6129", "https://www.openssl.org/news/secadv/20240109.txt", "https://www.openwall.com/lists/oss-security/2024/01/09/1" ], "PublishedDate": "2024-01-09T17:15:12.147Z", "LastModifiedDate": "2026-05-12T11:16:17.563Z" }, { "VulnerabilityID": "CVE-2024-0727", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.12-r4", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-0727", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:46b83be43a22c4f4a3ae7620234fb589bf479b2fe9ad75040008280869c1aa90", "Title": "openssl: denial of service via null dereference", "Description": "Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL\nto crash leading to a potential Denial of Service attack\n\nImpact summary: Applications loading files in the PKCS12 format from untrusted\nsources might terminate abruptly.\n\nA file in PKCS12 format can contain certificates and keys and may come from an\nuntrusted source. The PKCS12 specification allows certain fields to be NULL, but\nOpenSSL does not correctly check for this case. This can lead to a NULL pointer\ndereference that results in OpenSSL crashing. If an application processes PKCS12\nfiles from an untrusted source using the OpenSSL APIs then that application will\nbe vulnerable to this issue.\n\nOpenSSL APIs that are vulnerable to this are: PKCS12_parse(),\nPKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()\nand PKCS12_newpass().\n\nWe have also fixed a similar issue in SMIME_write_PKCS7(). However since this\nfunction is related to writing data we do not consider it security significant.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "julia": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 1, "rocky": 2, "ubuntu": 1 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/11/1", "https://access.redhat.com/errata/RHSA-2024:9088", "https://access.redhat.com/security/cve/CVE-2024-0727", "https://bugzilla.redhat.com/2257571", "https://bugzilla.redhat.com/2258502", "https://bugzilla.redhat.com/2259944", "https://bugzilla.redhat.com/2284243", "https://bugzilla.redhat.com/show_bug.cgi?id=2257571", "https://bugzilla.redhat.com/show_bug.cgi?id=2258502", "https://bugzilla.redhat.com/show_bug.cgi?id=2259944", "https://bugzilla.redhat.com/show_bug.cgi?id=2284243", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cert-portal.siemens.com/productcert/html/ssa-277137.html", "https://cert-portal.siemens.com/productcert/html/ssa-331112.html", "https://cert-portal.siemens.com/productcert/html/ssa-769027.html", "https://cert-portal.siemens.com/productcert/html/ssa-915275.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6129", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6237", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0727", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1298", "https://errata.almalinux.org/9/ALSA-2024-9088.html", "https://errata.rockylinux.org/RLSA-2024:9088", "https://github.com/advisories/GHSA-9v9h-cgj8-h64p", "https://github.com/alexcrichton/openssl-src-rs/commit/add20f73b6b42be7451af2e1044d4e0e778992b2", "https://github.com/github/advisory-database/pull/3472", "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2", "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a", "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c", "https://github.com/openssl/openssl/pull/23362", "https://github.com/pyca/cryptography/commit/3519591d255d4506fbcd0d04037d45271903c64d", "https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8", "https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539", "https://linux.oracle.com/cve/CVE-2024-0727.html", "https://linux.oracle.com/errata/ELSA-2024-9088.html", "https://lists.debian.org/debian-lts-announce/2024/10/msg00033.html", "https://lists.debian.org/debian-lts-announce/2024/11/msg00000.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-0727", "https://security.netapp.com/advisory/ntap-20240208-0006", "https://security.netapp.com/advisory/ntap-20240208-0006/", "https://ubuntu.com/security/notices/USN-6622-1", "https://ubuntu.com/security/notices/USN-6632-1", "https://ubuntu.com/security/notices/USN-6709-1", "https://ubuntu.com/security/notices/USN-7018-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2024-0727", "https://www.openssl.org/news/secadv/20240125.txt" ], "PublishedDate": "2024-01-26T09:15:07.637Z", "LastModifiedDate": "2026-05-12T12:16:16.567Z" }, { "VulnerabilityID": "CVE-2025-69419", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.19-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69419", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:aacacbfd4dac79d085ac307b73e5efbc0cab7c5af5093b34af1103284b627dba", "Title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing", "Description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "cbl-mariner": 3, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4472", "https://access.redhat.com/security/cve/CVE-2025-69419", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-4472.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-x77r-97gw-wh89", "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", "https://linux.oracle.com/cve/CVE-2025-69419.html", "https://linux.oracle.com/errata/ELSA-2026-50131.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69419" ], "PublishedDate": "2026-01-27T16:16:34.113Z", "LastModifiedDate": "2026-05-12T13:17:26.19Z" }, { "VulnerabilityID": "CVE-2025-9230", "PkgID": "libcrypto3@3.0.7-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "4c265b9f9fb6f74e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.19-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:9af34992240fabe114f6ee2b8ef8e974550d6d961d118742cde6862debe1b306", "Title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap", "Description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125", "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "cbl-mariner": 3, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.6 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/09/30/5", "https://access.redhat.com/errata/RHSA-2026:2776", "https://access.redhat.com/security/cve/CVE-2025-9230", "https://bugzilla.redhat.com/2396054", "https://bugzilla.redhat.com/show_bug.cgi?id=2396054", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cert-portal.siemens.com/productcert/html/ssa-485750.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230", "https://errata.almalinux.org/9/ALSA-2026-2776.html", "https://errata.rockylinux.org/RLSA-2025:21255", "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", "https://linux.oracle.com/cve/CVE-2025-9230.html", "https://linux.oracle.com/errata/ELSA-2026-50114.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "https://openssl-library.org/news/secadv/20250930.txt", "https://ubuntu.com/security/notices/USN-7786-1", "https://www.cve.org/CVERecord?id=CVE-2025-9230" ], "PublishedDate": "2025-09-30T14:15:41.05Z", "LastModifiedDate": "2026-05-12T13:17:29.767Z" }, { "VulnerabilityID": "CVE-2022-3996", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.7-r2", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-3996", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:c521e9b16a4a958dab38c1647f1f5b3b101fcb3ddd8a70210f415278d10d7a09", "Title": "openssl: double locking leads to denial of service", "Description": "If an X.509 certificate contains a malformed policy constraint and\npolicy processing is enabled, then a write lock will be taken twice\nrecursively. On some operating systems (most widely: Windows) this\nresults in a denial of service when the affected process hangs. Policy\nprocessing being enabled on a publicly facing server is not considered\nto be a common setup.\n\nPolicy processing is enabled by passing the `-policy'\nargument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.\n\nUpdate (31 March 2023): The description of the policy processing enablement\nwas corrected based on CVE-2023-0466.", "Severity": "HIGH", "CweIDs": [ "CWE-667" ], "VendorSeverity": { "amazon": 1, "azure": 3, "ghsa": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "V3Score": 7.5, "V40Score": 8.7 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-3996", "https://github.com/alexcrichton/openssl-src-rs", "https://github.com/openssl/openssl/commit/7725e7bfe6f2ce8146b6552b44e0d226be7638e7", "https://nvd.nist.gov/vuln/detail/CVE-2022-3996", "https://security.netapp.com/advisory/ntap-20230203-0003/", "https://ubuntu.com/security/notices/USN-6039-1", "https://www.cve.org/CVERecord?id=CVE-2022-3996", "https://www.openssl.org/news/secadv/20221213.txt" ], "PublishedDate": "2022-12-13T16:15:22.007Z", "LastModifiedDate": "2024-11-21T07:20:42.003Z" }, { "VulnerabilityID": "CVE-2022-4450", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.8-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-4450", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:e74ef67483321d454c4280e88d696ca3567fe79aed2a61c673096e9f61ebedc7", "Title": "openssl: double free after calling PEM_read_bio_ex", "Description": "The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and\ndecodes the \"name\" (e.g. \"CERTIFICATE\"), any header data and the payload data.\nIf the function succeeds then the \"name_out\", \"header\" and \"data\" arguments are\npopulated with pointers to buffers containing the relevant decoded data. The\ncaller is responsible for freeing those buffers. It is possible to construct a\nPEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex()\nwill return a failure code but will populate the header argument with a pointer\nto a buffer that has already been freed. If the caller also frees this buffer\nthen a double free will occur. This will most likely lead to a crash. This\ncould be exploited by an attacker who has the ability to supply malicious PEM\nfiles for parsing to achieve a denial of service attack.\n\nThe functions PEM_read_bio() and PEM_read() are simple wrappers around\nPEM_read_bio_ex() and therefore these functions are also directly affected.\n\nThese functions are also called indirectly by a number of other OpenSSL\nfunctions including PEM_X509_INFO_read_bio_ex() and\nSSL_CTX_use_serverinfo_file() which are also vulnerable. Some OpenSSL internal\nuses of these functions are not vulnerable because the caller does not free the\nheader argument if PEM_read_bio_ex() returns a failure code. These locations\ninclude the PEM_read_bio_TYPE() functions as well as the decoders introduced in\nOpenSSL 3.0.\n\nThe OpenSSL asn1parse command line application is also impacted by this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-415" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "ghsa": 3, "julia": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:2165", "https://access.redhat.com/security/cve/CVE-2022-4450", "https://bugzilla.redhat.com/1960321", "https://bugzilla.redhat.com/2164440", "https://bugzilla.redhat.com/2164487", "https://bugzilla.redhat.com/2164492", "https://bugzilla.redhat.com/2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", "https://errata.almalinux.org/9/ALSA-2023-2165.html", "https://errata.rockylinux.org/RLSA-2023:0946", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=63bcf189be73a9cc1264059bed6f57974be74a83", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bbcf509bd046b34cca19c766bbddc31683d0858b", "https://github.com/advisories/GHSA-v5w6-wcm8-jm4q", "https://linux.oracle.com/cve/CVE-2022-4450.html", "https://linux.oracle.com/errata/ELSA-2023-32791.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-4450", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", "https://rustsec.org/advisories/RUSTSEC-2023-0010.html", "https://security.gentoo.org/glsa/202402-08", "https://ubuntu.com/security/notices/USN-5844-1", "https://ubuntu.com/security/notices/USN-6564-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2022-4450", "https://www.openssl.org/news/secadv/20230207.txt" ], "PublishedDate": "2023-02-08T20:15:23.973Z", "LastModifiedDate": "2025-11-04T20:16:15.06Z" }, { "VulnerabilityID": "CVE-2023-0215", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.8-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0215", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:392f9688e7ed5b359fb574c7ca196ea6e72759c6506f484e0b7dd53e82563c16", "Title": "openssl: use-after-free following BIO_new_NDEF", "Description": "The public API function BIO_new_NDEF is a helper function used for streaming\nASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the\nSMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by\nend user applications.\n\nThe function receives a BIO from the caller, prepends a new BIO_f_asn1 filter\nBIO onto the front of it to form a BIO chain, and then returns the new head of\nthe BIO chain to the caller. Under certain conditions, for example if a CMS\nrecipient public key is invalid, the new filter BIO is freed and the function\nreturns a NULL result indicating a failure. However, in this case, the BIO chain\nis not properly cleaned up and the BIO passed by the caller still retains\ninternal pointers to the previously freed filter BIO. If the caller then goes on\nto call BIO_pop() on the BIO then a use-after-free will occur. This will most\nlikely result in a crash.\n\n\n\nThis scenario occurs directly in the internal function B64_write_ASN1() which\nmay cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on\nthe BIO. This internal function is in turn called by the public API functions\nPEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream,\nSMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.\n\nOther public API functions that may be impacted by this include\ni2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and\ni2d_PKCS7_bio_stream.\n\nThe OpenSSL cms and smime command line applications are similarly affected.", "Severity": "HIGH", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "ghsa": 3, "julia": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:2165", "https://access.redhat.com/security/cve/CVE-2023-0215", "https://bugzilla.redhat.com/1960321", "https://bugzilla.redhat.com/2164440", "https://bugzilla.redhat.com/2164487", "https://bugzilla.redhat.com/2164492", "https://bugzilla.redhat.com/2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", "https://errata.almalinux.org/9/ALSA-2023-2165.html", "https://errata.rockylinux.org/RLSA-2023:0946", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8818064ce3c3c0f1b740a5aaba2a987e75bfbafd", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9816136fe31d92ace4037d5da5257f763aeeb4eb", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c3829dd8825c654652201e16f8a0a0c46ee3f344", "https://github.com/advisories/GHSA-r7jw-wp68-3xch", "https://linux.oracle.com/cve/CVE-2023-0215.html", "https://linux.oracle.com/errata/ELSA-2023-32791.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-0215", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", "https://rustsec.org/advisories/RUSTSEC-2023-0009.html", "https://security.gentoo.org/glsa/202402-08", "https://security.netapp.com/advisory/ntap-20230427-0007", "https://security.netapp.com/advisory/ntap-20230427-0007/", "https://security.netapp.com/advisory/ntap-20230427-0009", "https://security.netapp.com/advisory/ntap-20230427-0009/", "https://security.netapp.com/advisory/ntap-20240621-0006", "https://security.netapp.com/advisory/ntap-20240621-0006/", "https://ubuntu.com/security/notices/USN-5844-1", "https://ubuntu.com/security/notices/USN-5845-1", "https://ubuntu.com/security/notices/USN-5845-2", "https://ubuntu.com/security/notices/USN-6564-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2023-0215", "https://www.openssl.org/news/secadv/20230207.txt" ], "PublishedDate": "2023-02-08T20:15:24.107Z", "LastModifiedDate": "2025-11-04T20:16:15.847Z" }, { "VulnerabilityID": "CVE-2023-0216", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.8-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0216", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:255fc55b5c458369ee489fc9f8cd7d23bda6f0f4dae6be569e435846e2ca049b", "Title": "openssl: invalid pointer dereference in d2i_PKCS7 functions", "Description": "An invalid pointer dereference on read can be triggered when an\napplication tries to load malformed PKCS7 data with the\nd2i_PKCS7(), d2i_PKCS7_bio() or d2i_PKCS7_fp() functions.\n\nThe result of the dereference is an application crash which could\nlead to a denial of service attack. The TLS implementation in OpenSSL\ndoes not call this function however third party applications might\ncall these functions on untrusted data.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 2, "amazon": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:0946", "https://access.redhat.com/security/cve/CVE-2023-0216", "https://bugzilla.redhat.com/2164440", "https://bugzilla.redhat.com/2164487", "https://bugzilla.redhat.com/2164488", "https://bugzilla.redhat.com/2164492", "https://bugzilla.redhat.com/2164494", "https://bugzilla.redhat.com/2164497", "https://bugzilla.redhat.com/2164499", "https://bugzilla.redhat.com/2164500", "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", "https://errata.almalinux.org/9/ALSA-2023-0946.html", "https://errata.rockylinux.org/RLSA-2023:0946", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=934a04f0e775309cadbef0aa6b9692e1b12a76c6", "https://linux.oracle.com/cve/CVE-2023-0216.html", "https://linux.oracle.com/errata/ELSA-2023-12152.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-0216", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", "https://rustsec.org/advisories/RUSTSEC-2023-0011.html", "https://security.gentoo.org/glsa/202402-08", "https://ubuntu.com/security/notices/USN-5844-1", "https://www.cve.org/CVERecord?id=CVE-2023-0216", "https://www.openssl.org/news/secadv/20230207.txt" ], "PublishedDate": "2023-02-08T20:15:24.16Z", "LastModifiedDate": "2025-11-04T20:16:16.043Z" }, { "VulnerabilityID": "CVE-2023-0217", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.8-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0217", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:486e4e8ecccc52e35126714cf099e3efe98b4c68552565fef6a469b1bd77c89c", "Title": "openssl: NULL dereference validating DSA public key", "Description": "An invalid pointer dereference on read can be triggered when an\napplication tries to check a malformed DSA public key by the\nEVP_PKEY_public_check() function. This will most likely lead\nto an application crash. This function can be called on public\nkeys supplied from untrusted sources which could allow an attacker\nto cause a denial of service attack.\n\nThe TLS implementation in OpenSSL does not call this function\nbut applications might call the function if there are additional\nsecurity requirements imposed by standards such as FIPS 140-3.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 2, "amazon": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:0946", "https://access.redhat.com/security/cve/CVE-2023-0217", "https://bugzilla.redhat.com/2164440", "https://bugzilla.redhat.com/2164487", "https://bugzilla.redhat.com/2164488", "https://bugzilla.redhat.com/2164492", "https://bugzilla.redhat.com/2164494", "https://bugzilla.redhat.com/2164497", "https://bugzilla.redhat.com/2164499", "https://bugzilla.redhat.com/2164500", "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", "https://errata.almalinux.org/9/ALSA-2023-0946.html", "https://errata.rockylinux.org/RLSA-2023:0946", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=23985bac83fd50c8e29431009302b5442f985096", "https://linux.oracle.com/cve/CVE-2023-0217.html", "https://linux.oracle.com/errata/ELSA-2023-12152.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-0217", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", "https://rustsec.org/advisories/RUSTSEC-2023-0012.html", "https://security.gentoo.org/glsa/202402-08", "https://ubuntu.com/security/notices/USN-5844-1", "https://www.cve.org/CVERecord?id=CVE-2023-0217", "https://www.openssl.org/news/secadv/20230207.txt" ], "PublishedDate": "2023-02-08T20:15:24.213Z", "LastModifiedDate": "2025-11-04T20:16:16.197Z" }, { "VulnerabilityID": "CVE-2023-0286", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.8-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0286", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:f30a334136a9ca647beb24f0c7f9e961698345eb6b2f27e1fbe9c88496aaea50", "Title": "openssl: X.400 address type confusion in X.509 GeneralName", "Description": "There is a type confusion vulnerability relating to X.400 address processing\ninside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but\nthe public structure definition for GENERAL_NAME incorrectly specified the type\nof the x400Address field as ASN1_TYPE. This field is subsequently interpreted by\nthe OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an\nASN1_STRING.\n\nWhen CRL checking is enabled (i.e. the application sets the\nX509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass\narbitrary pointers to a memcmp call, enabling them to read memory contents or\nenact a denial of service. In most cases, the attack requires the attacker to\nprovide both the certificate chain and CRL, neither of which need to have a\nvalid signature. If the attacker only controls one of these inputs, the other\ninput must already contain an X.400 address as a CRL distribution point, which\nis uncommon. As such, this vulnerability is most likely to only affect\napplications which have implemented their own functionality for retrieving CRLs\nover a network.", "Severity": "HIGH", "CweIDs": [ "CWE-843" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "ghsa": 3, "julia": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.4 }, "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.4 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:7937", "https://access.redhat.com/security/cve/CVE-2023-0286", "https://access.redhat.com/security/cve/cve-2023-0286", "https://bugzilla.redhat.com/2164440", "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", "https://errata.almalinux.org/9/ALSA-2025-7937.html", "https://errata.rockylinux.org/RLSA-2023:0946", "https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt", "https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d", "https://github.com/advisories/GHSA-x4qr-2fvf-3mr5", "https://github.com/pyca/cryptography", "https://github.com/pyca/cryptography/security/advisories/GHSA-x4qr-2fvf-3mr5", "https://linux.oracle.com/cve/CVE-2023-0286.html", "https://linux.oracle.com/errata/ELSA-2025-7937.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-0286", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", "https://rustsec.org/advisories/RUSTSEC-2023-0006.html", "https://security.gentoo.org/glsa/202402-08", "https://ubuntu.com/security/notices/USN-5844-1", "https://ubuntu.com/security/notices/USN-5845-1", "https://ubuntu.com/security/notices/USN-5845-2", "https://ubuntu.com/security/notices/USN-6564-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2023-0286", "https://www.openssl.org/news/secadv/20230207.txt" ], "PublishedDate": "2023-02-08T20:15:24.267Z", "LastModifiedDate": "2025-11-04T20:16:16.35Z" }, { "VulnerabilityID": "CVE-2023-0401", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.8-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0401", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:31a959243f5e9c166807f33178da6ebe3455303aa2e6ea50039a5b7a0bbd39b0", "Title": "openssl: NULL dereference during PKCS7 data verification", "Description": "A NULL pointer can be dereferenced when signatures are being\nverified on PKCS7 signed or signedAndEnveloped data. In case the hash\nalgorithm used for the signature is known to the OpenSSL library but\nthe implementation of the hash algorithm is not available the digest\ninitialization will fail. There is a missing check for the return\nvalue from the initialization function which later leads to invalid\nusage of the digest API most likely leading to a crash.\n\nThe unavailability of an algorithm can be caused by using FIPS\nenabled configuration of providers or more commonly by not loading\nthe legacy provider.\n\nPKCS7 data is processed by the SMIME library calls and also by the\ntime stamp (TS) library calls. The TLS implementation in OpenSSL does\nnot call these functions however third party applications would be\naffected if they call these functions to verify signatures on untrusted\ndata.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 2, "amazon": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:0946", "https://access.redhat.com/security/cve/CVE-2023-0401", "https://bugzilla.redhat.com/2164440", "https://bugzilla.redhat.com/2164487", "https://bugzilla.redhat.com/2164488", "https://bugzilla.redhat.com/2164492", "https://bugzilla.redhat.com/2164494", "https://bugzilla.redhat.com/2164497", "https://bugzilla.redhat.com/2164499", "https://bugzilla.redhat.com/2164500", "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", "https://errata.almalinux.org/9/ALSA-2023-0946.html", "https://errata.rockylinux.org/RLSA-2023:0946", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=d3b6dfd70db844c4499bec6ad6601623a565e674", "https://github.com/alexcrichton/openssl-src-rs", "https://linux.oracle.com/cve/CVE-2023-0401.html", "https://linux.oracle.com/errata/ELSA-2023-12152.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-0401", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", "https://rustsec.org/advisories/RUSTSEC-2023-0013.html", "https://security.gentoo.org/glsa/202402-08", "https://ubuntu.com/security/notices/USN-5844-1", "https://ubuntu.com/security/notices/USN-6564-1", "https://www.cve.org/CVERecord?id=CVE-2023-0401", "https://www.openssl.org/news/secadv/20230207.txt" ], "PublishedDate": "2023-02-08T20:15:24.323Z", "LastModifiedDate": "2025-11-04T20:16:16.527Z" }, { "VulnerabilityID": "CVE-2023-0464", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.8-r1", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0464", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:12d9ad41e98263971ded819a76c1ab64a534449c182740de5771b13a5308126b", "Title": "openssl: Denial of service by excessive resource usage in verifying X509 policy constraints", "Description": "A security vulnerability has been identified in all supported versions\n\nof OpenSSL related to the verification of X.509 certificate chains\nthat include policy constraints. Attackers may be able to exploit this\nvulnerability by creating a malicious certificate chain that triggers\nexponential use of computational resources, leading to a denial-of-service\n(DoS) attack on affected systems.\n\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy' argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "cbl-mariner": 3, "julia": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:3722", "https://access.redhat.com/security/cve/CVE-2023-0464", "https://bugzilla.redhat.com/2181082", "https://bugzilla.redhat.com/2182561", "https://bugzilla.redhat.com/2182565", "https://bugzilla.redhat.com/2188461", "https://bugzilla.redhat.com/2207947", "https://errata.almalinux.org/9/ALSA-2023-3722.html", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2017771e2db3e2b96f89bbe8766c3209f6a99545", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2dcd4f1e3115f38cefa43e3efbe9b801c27e642e", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=879f7080d7e141f415c79eaa3a8ac4a3dad0348b", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=959c59c7a0164117e7f8366466a32bb1f8d77ff1", "https://github.com/advisories/GHSA-w2w6-xp88-5cvw", "https://linux.oracle.com/cve/CVE-2023-0464.html", "https://linux.oracle.com/errata/ELSA-2023-3722.html", "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-0464", "https://security.gentoo.org/glsa/202402-08", "https://security.netapp.com/advisory/ntap-20230406-0006", "https://security.netapp.com/advisory/ntap-20230406-0006/", "https://security.netapp.com/advisory/ntap-20240621-0006", "https://security.netapp.com/advisory/ntap-20240621-0006/", "https://ubuntu.com/security/notices/USN-6039-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.couchbase.com/alerts", "https://www.couchbase.com/alerts/", "https://www.cve.org/CVERecord?id=CVE-2023-0464", "https://www.debian.org/security/2023/dsa-5417", "https://www.openssl.org/news/secadv/20230322.txt" ], "PublishedDate": "2023-03-22T17:15:13.13Z", "LastModifiedDate": "2025-05-05T16:15:26.103Z" }, { "VulnerabilityID": "CVE-2023-5363", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.12-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-5363", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:bebc404882ec0523640e8bae9f51917d984f6d175a31eac54f7978c1842d397a", "Title": "openssl: Incorrect cipher key and IV length processing", "Description": "Issue summary: A bug has been identified in the processing of key and\ninitialisation vector (IV) lengths. This can lead to potential truncation\nor overruns during the initialisation of some symmetric ciphers.\n\nImpact summary: A truncation in the IV can result in non-uniqueness,\nwhich could result in loss of confidentiality for some cipher modes.\n\nWhen calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or\nEVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after\nthe key and IV have been established. Any alterations to the key length,\nvia the \"keylen\" parameter or the IV length, via the \"ivlen\" parameter,\nwithin the OSSL_PARAM array will not take effect as intended, potentially\ncausing truncation or overreading of these values. The following ciphers\nand cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.\n\nFor the CCM, GCM and OCB cipher modes, truncation of the IV can result in\nloss of confidentiality. For example, when following NIST's SP 800-38D\nsection 8.2.1 guidance for constructing a deterministic IV for AES in\nGCM mode, truncation of the counter portion could lead to IV reuse.\n\nBoth truncations and overruns of the key and overruns of the IV will\nproduce incorrect results and could, in some cases, trigger a memory\nexception. However, these issues are not currently assessed as security\ncritical.\n\nChanging the key and/or IV lengths is not considered to be a common operation\nand the vulnerable API was recently introduced. Furthermore it is likely that\napplication developers will have spotted this problem during testing since\ndecryption would fail unless both peers in the communication were similarly\nvulnerable. For these reasons we expect the probability of an application being\nvulnerable to this to be quite low. However if an application is vulnerable then\nthis issue is considered very serious. For these reasons we have assessed this\nissue as Moderate severity overall.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because\nthe issue lies outside of the FIPS provider boundary.\n\nOpenSSL 3.1 and 3.0 are vulnerable to this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-684" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "cbl-mariner": 3, "julia": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/10/24/1", "https://access.redhat.com/errata/RHSA-2024:0310", "https://access.redhat.com/security/cve/CVE-2023-5363", "https://bugzilla.redhat.com/2243839", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-093430.html", "https://cert-portal.siemens.com/productcert/html/ssa-277137.html", "https://cert-portal.siemens.com/productcert/html/ssa-331112.html", "https://cert-portal.siemens.com/productcert/html/ssa-769027.html", "https://errata.almalinux.org/9/ALSA-2024-0310.html", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0df40630850fb2740e6be6890bb905d3fc623b2d", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=5f69f5c65e483928c4b28ed16af6e5742929f1ee", "https://github.com/advisories/GHSA-xw78-pcr6-wrg8", "https://linux.oracle.com/cve/CVE-2023-5363.html", "https://linux.oracle.com/errata/ELSA-2024-12093.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-5363", "https://security.netapp.com/advisory/ntap-20231027-0010", "https://security.netapp.com/advisory/ntap-20231027-0010/", "https://security.netapp.com/advisory/ntap-20240201-0003", "https://security.netapp.com/advisory/ntap-20240201-0003/", "https://security.netapp.com/advisory/ntap-20240201-0004", "https://security.netapp.com/advisory/ntap-20240201-0004/", "https://security.netapp.com/advisory/ntap-20241108-0002", "https://security.netapp.com/advisory/ntap-20241108-0002/", "https://ubuntu.com/security/notices/USN-6450-1", "https://www.cve.org/CVERecord?id=CVE-2023-5363", "https://www.debian.org/security/2023/dsa-5532", "https://www.openssl.org/news/secadv/20231024.txt" ], "PublishedDate": "2023-10-25T18:17:43.613Z", "LastModifiedDate": "2026-05-12T11:16:16.87Z" }, { "VulnerabilityID": "CVE-2024-6119", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.15-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-6119", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:53a56bf3947e197e3bc575eb1b1d86b8629d2fc4f5e02873c0f385ddbf94be7a", "Title": "openssl: Possible denial of service in X.509 name checks", "Description": "Issue summary: Applications performing certificate name checks (e.g., TLS\nclients checking server certificates) may attempt to read an invalid memory\naddress resulting in abnormal termination of the application process.\n\nImpact summary: Abnormal termination of an application can a cause a denial of\nservice.\n\nApplications performing certificate name checks (e.g., TLS clients checking\nserver certificates) may attempt to read an invalid memory address when\ncomparing the expected name with an `otherName` subject alternative name of an\nX.509 certificate. This may result in an exception that terminates the\napplication program.\n\nNote that basic certificate chain validation (signatures, dates, ...) is not\naffected, the denial of service can occur only when the application also\nspecifies an expected DNS name, Email address or IP address.\n\nTLS servers rarely solicit client certificates, and even when they do, they\ngenerally don't perform a name check against a reference identifier (expected\nidentity), but rather extract the presented identity after checking the\ncertificate chain. So TLS servers are generally not affected and the severity\nof the issue is Moderate.\n\nThe FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-843" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "cbl-mariner": 3, "julia": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/09/03/4", "https://access.redhat.com/errata/RHSA-2024:8935", "https://access.redhat.com/security/cve/CVE-2024-6119", "https://bugzilla.redhat.com/2306158", "https://bugzilla.redhat.com/show_bug.cgi?id=2306158", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-613116.html", "https://cert-portal.siemens.com/productcert/html/ssa-769027.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6119", "https://errata.almalinux.org/9/ALSA-2024-8935.html", "https://errata.rockylinux.org/RLSA-2024:6783", "https://github.com/advisories/GHSA-7m4m-pwhv-49c5", "https://github.com/openssl/openssl/commit/05f360d9e849a1b277db628f1f13083a7f8dd04f", "https://github.com/openssl/openssl/commit/06d1dc3fa96a2ba5a3e22735a033012aadc9f0d6", "https://github.com/openssl/openssl/commit/621f3729831b05ee828a3203eddb621d014ff2b2", "https://github.com/openssl/openssl/commit/7dfcee2cd2a63b2c64b9b4b0850be64cb695b0a0", "https://github.com/openssl/openssl/security/advisories/GHSA-5qrj-vq78-58fj", "https://linux.oracle.com/cve/CVE-2024-6119.html", "https://linux.oracle.com/errata/ELSA-2024-8935.html", "https://lists.freebsd.org/archives/freebsd-security/2024-September/000303.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-6119", "https://openssl-library.org/news/secadv/20240903.txt", "https://security.netapp.com/advisory/ntap-20240912-0001", "https://security.netapp.com/advisory/ntap-20240912-0001/", "https://ubuntu.com/security/notices/USN-6986-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2024-6119" ], "PublishedDate": "2024-09-03T16:15:07.177Z", "LastModifiedDate": "2026-05-12T12:17:20.647Z" }, { "VulnerabilityID": "CVE-2025-15467", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.19-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15467", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:f02e6f09f8c1e6494a54d4e304b04a079e71fba32afaa7c4acc7bd4cae8f199f", "Title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing", "Description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 4, "julia": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 8.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/27/10", "http://www.openwall.com/lists/oss-security/2026/02/25/6", "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-15467", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-wvhq-3h88-rf6g", "https://github.com/guiimoraes/CVE-2025-15467", "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://linux.oracle.com/cve/CVE-2025-15467.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://www.cve.org/CVERecord?id=CVE-2025-15467" ], "PublishedDate": "2026-01-27T16:16:14.257Z", "LastModifiedDate": "2026-05-07T18:12:43.253Z" }, { "VulnerabilityID": "CVE-2025-69421", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.19-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69421", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:32661166f09cd2a399ab80e16d014797156616a2430e13bed7b9c96d4042174c", "Title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing", "Description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "cbl-mariner": 2, "julia": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 1, "rocky": 3, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-69421", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-w9rv-xc8m-cmqp", "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://linux.oracle.com/cve/CVE-2025-69421.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69421" ], "PublishedDate": "2026-01-27T16:16:34.437Z", "LastModifiedDate": "2026-05-12T13:17:26.71Z" }, { "VulnerabilityID": "CVE-2022-4203", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.8-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-4203", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:7006af1cfd8970c922a3ed64ba95a4eb26cf1ad57cf540db3061c28818105e85", "Title": "openssl: read buffer overflow in X.509 certificate verification", "Description": "A read buffer overrun can be triggered in X.509 certificate verification,\nspecifically in name constraint checking. Note that this occurs\nafter certificate chain signature verification and requires either a\nCA to have signed the malicious certificate or for the application to\ncontinue certificate verification despite failure to construct a path\nto a trusted issuer.\n\nThe read buffer overrun might result in a crash which could lead to\na denial of service attack. In theory it could also result in the disclosure\nof private memory contents (such as private keys, or sensitive plaintext)\nalthough we are not aware of any working exploit leading to memory\ncontents disclosure as of the time of release of this advisory.\n\nIn a TLS client, this can be triggered by connecting to a malicious\nserver. In a TLS server, this can be triggered if the server requests\nclient authentication and a malicious client connects.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "alma": 2, "amazon": 3, "ghsa": 4, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "V3Score": 9.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", "V3Score": 4.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:0946", "https://access.redhat.com/security/cve/CVE-2022-4203", "https://bugzilla.redhat.com/2164440", "https://bugzilla.redhat.com/2164487", "https://bugzilla.redhat.com/2164488", "https://bugzilla.redhat.com/2164492", "https://bugzilla.redhat.com/2164494", "https://bugzilla.redhat.com/2164497", "https://bugzilla.redhat.com/2164499", "https://bugzilla.redhat.com/2164500", "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", "https://errata.almalinux.org/9/ALSA-2023-0946.html", "https://errata.rockylinux.org/RLSA-2023:0946", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=c927a3492698c254637da836762f9b1f86cffabc", "https://linux.oracle.com/cve/CVE-2022-4203.html", "https://linux.oracle.com/errata/ELSA-2023-12152.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-4203", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", "https://rustsec.org/advisories/RUSTSEC-2023-0008.html", "https://security.gentoo.org/glsa/202402-08", "https://ubuntu.com/security/notices/USN-5844-1", "https://www.cve.org/CVERecord?id=CVE-2022-4203", "https://www.openssl.org/news/secadv/20230207.txt" ], "PublishedDate": "2023-02-24T15:15:11.98Z", "LastModifiedDate": "2025-11-04T20:16:14.693Z" }, { "VulnerabilityID": "CVE-2022-4304", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.8-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-4304", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:0fe3eb2c69166b6e855a8c250deba63c09a51859ce3a1b867b03685f3d6866c9", "Title": "openssl: timing attack in RSA Decryption implementation", "Description": "A timing based side channel exists in the OpenSSL RSA Decryption implementation\nwhich could be sufficient to recover a plaintext across a network in a\nBleichenbacher style attack. To achieve a successful decryption an attacker\nwould have to be able to send a very large number of trial messages for\ndecryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5,\nRSA-OEAP and RSASVE.\n\nFor example, in a TLS connection, RSA is commonly used by a client to send an\nencrypted pre-master secret to the server. An attacker that had observed a\ngenuine connection between a client and a server could use this flaw to send\ntrial messages to the server and record the time taken to process them. After a\nsufficiently large number of messages the attacker could recover the pre-master\nsecret used for the original connection and thus be able to decrypt the\napplication data sent over that connection.", "Severity": "MEDIUM", "CweIDs": [ "CWE-203" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "julia": 2, "nvd": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 }, "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:2165", "https://access.redhat.com/security/cve/CVE-2022-4304", "https://bugzilla.redhat.com/1960321", "https://bugzilla.redhat.com/2164440", "https://bugzilla.redhat.com/2164487", "https://bugzilla.redhat.com/2164492", "https://bugzilla.redhat.com/2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2144000", "https://bugzilla.redhat.com/show_bug.cgi?id=2144003", "https://bugzilla.redhat.com/show_bug.cgi?id=2144006", "https://bugzilla.redhat.com/show_bug.cgi?id=2144008", "https://bugzilla.redhat.com/show_bug.cgi?id=2144010", "https://bugzilla.redhat.com/show_bug.cgi?id=2144012", "https://bugzilla.redhat.com/show_bug.cgi?id=2144015", "https://bugzilla.redhat.com/show_bug.cgi?id=2144017", "https://bugzilla.redhat.com/show_bug.cgi?id=2144019", "https://bugzilla.redhat.com/show_bug.cgi?id=2145170", "https://bugzilla.redhat.com/show_bug.cgi?id=2158412", "https://bugzilla.redhat.com/show_bug.cgi?id=2164440", "https://bugzilla.redhat.com/show_bug.cgi?id=2164487", "https://bugzilla.redhat.com/show_bug.cgi?id=2164488", "https://bugzilla.redhat.com/show_bug.cgi?id=2164492", "https://bugzilla.redhat.com/show_bug.cgi?id=2164494", "https://bugzilla.redhat.com/show_bug.cgi?id=2164497", "https://bugzilla.redhat.com/show_bug.cgi?id=2164499", "https://bugzilla.redhat.com/show_bug.cgi?id=2164500", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4203", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4304", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4450", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0215", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0216", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0217", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0286", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0401", "https://errata.almalinux.org/9/ALSA-2023-2165.html", "https://errata.rockylinux.org/RLSA-2023:0946", "https://github.com/advisories/GHSA-p52g-cm5j-mjv4", "https://linux.oracle.com/cve/CVE-2022-4304.html", "https://linux.oracle.com/errata/ELSA-2023-32791.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-4304", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003", "https://rustsec.org/advisories/RUSTSEC-2023-0007.html", "https://security.gentoo.org/glsa/202402-08", "https://ubuntu.com/security/notices/USN-5844-1", "https://ubuntu.com/security/notices/USN-6564-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2022-4304", "https://www.openssl.org/news/secadv/20230207.txt" ], "PublishedDate": "2023-02-08T20:15:23.887Z", "LastModifiedDate": "2025-11-04T20:16:14.897Z" }, { "VulnerabilityID": "CVE-2023-0465", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.8-r2", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0465", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:3eec4f631f80c46a487cd6aa0b8c3e9d7086833e0dfb82eceb302b8e74599dfc", "Title": "openssl: Invalid certificate policies in leaf certificates are silently ignored", "Description": "Applications that use a non-default option when verifying certificates may be\nvulnerable to an attack from a malicious CA to circumvent certain checks.\n\nInvalid certificate policies in leaf certificates are silently ignored by\nOpenSSL and other certificate policy checks are skipped for that certificate.\nA malicious CA could use this to deliberately assert invalid certificate policies\nin order to circumvent policy checking on the certificate altogether.\n\nPolicy processing is disabled by default but can be enabled by passing\nthe `-policy' argument to the command line utilities or by calling the\n`X509_VERIFY_PARAM_set1_policies()' function.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "cbl-mariner": 2, "julia": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:3722", "https://access.redhat.com/security/cve/CVE-2023-0465", "https://bugzilla.redhat.com/2181082", "https://bugzilla.redhat.com/2182561", "https://bugzilla.redhat.com/2182565", "https://bugzilla.redhat.com/2188461", "https://bugzilla.redhat.com/2207947", "https://errata.almalinux.org/9/ALSA-2023-3722.html", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=10325176f3d3e98c6e2b3bf5ab1e3b334de6947a", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1dd43e0709fece299b15208f36cc7c76209ba0bb", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=b013765abfa80036dc779dd0e50602c57bb3bf95", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=facfb1ab745646e97a1920977ae4a9965ea61d5c", "https://github.com/advisories/GHSA-77f3-6546-6rj7", "https://linux.oracle.com/cve/CVE-2023-0465.html", "https://linux.oracle.com/errata/ELSA-2023-3722.html", "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-0465", "https://security.gentoo.org/glsa/202402-08", "https://security.netapp.com/advisory/ntap-20230414-0001", "https://security.netapp.com/advisory/ntap-20230414-0001/", "https://ubuntu.com/security/notices/USN-6039-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2023-0465", "https://www.debian.org/security/2023/dsa-5417", "https://www.openssl.org/news/secadv/20230328.txt" ], "PublishedDate": "2023-03-28T15:15:06.82Z", "LastModifiedDate": "2025-02-18T21:15:13.877Z" }, { "VulnerabilityID": "CVE-2023-0466", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.8-r3", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-0466", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:7c1f6c43f6b72b0eeea6202edb2e4c587f2051fdfff616117f07e631de1c0aa5", "Title": "openssl: Certificate policy check not enabled", "Description": "The function X509_VERIFY_PARAM_add0_policy() is documented to\nimplicitly enable the certificate policy check when doing certificate\nverification. However the implementation of the function does not\nenable the check which allows certificates with invalid or incorrect\npolicies to pass the certificate verification.\n\nAs suddenly enabling the policy check could break existing deployments it was\ndecided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy()\nfunction.\n\nInstead the applications that require OpenSSL to perform certificate\npolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly\nenable the policy check by calling X509_VERIFY_PARAM_set_flags() with\nthe X509_V_FLAG_POLICY_CHECK flag argument.\n\nCertificate policy checks are disabled by default in OpenSSL and are not\ncommonly used by applications.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 2, "amazon": 3, "cbl-mariner": 2, "julia": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/09/28/4", "https://access.redhat.com/errata/RHSA-2023:3722", "https://access.redhat.com/security/cve/CVE-2023-0466", "https://bugzilla.redhat.com/2181082", "https://bugzilla.redhat.com/2182561", "https://bugzilla.redhat.com/2182565", "https://bugzilla.redhat.com/2188461", "https://bugzilla.redhat.com/2207947", "https://errata.almalinux.org/9/ALSA-2023-3722.html", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0d16b7e99aafc0b4a6d729eec65a411a7e025f0a", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=51e8a84ce742db0f6c70510d0159dad8f7825908", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=73398dea26de9899fb4baa94098ad0a61f435c72", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc814a30fc4f0bc54fcea7d9a7462f5457aab061", "https://github.com/advisories/GHSA-pxvj-4wx4-gv6w", "https://linux.oracle.com/cve/CVE-2023-0466.html", "https://linux.oracle.com/errata/ELSA-2023-3722.html", "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-0466", "https://security.gentoo.org/glsa/202402-08", "https://security.netapp.com/advisory/ntap-20230414-0001", "https://security.netapp.com/advisory/ntap-20230414-0001/", "https://ubuntu.com/security/notices/USN-6039-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2023-0466", "https://www.debian.org/security/2023/dsa-5417", "https://www.openssl.org/news/secadv/20230328.txt" ], "PublishedDate": "2023-03-28T15:15:06.88Z", "LastModifiedDate": "2025-02-19T18:15:22.177Z" }, { "VulnerabilityID": "CVE-2023-1255", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.8-r4", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-1255", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:ce8a0b2a3042b1f00335c51a0277a2af1c6179102b0f727118b8d5262bfc094f", "Title": "openssl: Input buffer over-read in AES-XTS implementation on 64 bit ARM", "Description": "Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM\nplatform contains a bug that could cause it to read past the input buffer,\nleading to a crash.\n\nImpact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM\nplatform can crash in rare circumstances. The AES-XTS algorithm is usually\nused for disk encryption.\n\nThe AES-XTS cipher decryption implementation for 64 bit ARM platform will read\npast the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16\nbyte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext\nbuffer is unmapped, this will trigger a crash which results in a denial of\nservice.\n\nIf an attacker can control the size and location of the ciphertext buffer\nbeing decrypted by an application using AES-XTS on 64 bit ARM, the\napplication is affected. This is fairly unlikely making this issue\na Low severity one.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "alma": 2, "amazon": 2, "julia": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.1 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/04/20/13", "https://access.redhat.com/errata/RHSA-2023:3722", "https://access.redhat.com/security/cve/CVE-2023-1255", "https://bugzilla.redhat.com/2181082", "https://bugzilla.redhat.com/2182561", "https://bugzilla.redhat.com/2182565", "https://bugzilla.redhat.com/2188461", "https://bugzilla.redhat.com/2207947", "https://errata.almalinux.org/9/ALSA-2023-3722.html", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=02ac9c9420275868472f33b01def01218742b8bb", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=bc2f61ad70971869b242fc1cb445b98bad50074a", "https://github.com/advisories/GHSA-4wp2-xw7p-2gfx", "https://linux.oracle.com/cve/CVE-2023-1255.html", "https://linux.oracle.com/errata/ELSA-2023-3722.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-1255", "https://security.netapp.com/advisory/ntap-20230908-0006/", "https://ubuntu.com/security/notices/USN-6119-1", "https://www.cve.org/CVERecord?id=CVE-2023-1255", "https://www.openssl.org/news/secadv/20230419.txt", "https://www.openssl.org/news/secadv/20230420.txt" ], "PublishedDate": "2023-04-20T17:15:06.883Z", "LastModifiedDate": "2025-02-04T22:15:39.327Z" }, { "VulnerabilityID": "CVE-2023-2650", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.9-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2650", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:ae73f9697fc9ca15460fb53262566ac4e15682475fe51e9849f3b2a717b5e05a", "Title": "openssl: Possible DoS translating ASN.1 object identifiers", "Description": "Issue summary: Processing some specially crafted ASN.1 object identifiers or\ndata containing them may be very slow.\n\nImpact summary: Applications that use OBJ_obj2txt() directly, or use any of\nthe OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message\nsize limit may experience notable to very long delays when processing those\nmessages, which may lead to a Denial of Service.\n\nAn OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers -\nmost of which have no size limit. OBJ_obj2txt() may be used to translate\nan ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL\ntype ASN1_OBJECT) to its canonical numeric text form, which are the\nsub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by\nperiods.\n\nWhen one of the sub-identifiers in the OBJECT IDENTIFIER is very large\n(these are sizes that are seen as absurdly large, taking up tens or hundreds\nof KiBs), the translation to a decimal number in text may take a very long\ntime. The time complexity is O(n^2) with 'n' being the size of the\nsub-identifiers in bytes (*).\n\nWith OpenSSL 3.0, support to fetch cryptographic algorithms using names /\nidentifiers in string form was introduced. This includes using OBJECT\nIDENTIFIERs in canonical numeric text form as identifiers for fetching\nalgorithms.\n\nSuch OBJECT IDENTIFIERs may be received through the ASN.1 structure\nAlgorithmIdentifier, which is commonly used in multiple protocols to specify\nwhat cryptographic algorithm should be used to sign or verify, encrypt or\ndecrypt, or digest passed data.\n\nApplications that call OBJ_obj2txt() directly with untrusted data are\naffected, with any version of OpenSSL. If the use is for the mere purpose\nof display, the severity is considered low.\n\nIn OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME,\nCMS, CMP/CRMF or TS. It also impacts anything that processes X.509\ncertificates, including simple things like verifying its signature.\n\nThe impact on TLS is relatively low, because all versions of OpenSSL have a\n100KiB limit on the peer's certificate chain. Additionally, this only\nimpacts clients, or servers that have explicitly enabled client\nauthentication.\n\nIn OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects,\nsuch as X.509 certificates. This is assumed to not happen in such a way\nthat it would cause a Denial of Service, so these versions are considered\nnot affected by this issue in such a way that it would be cause for concern,\nand the severity is therefore considered low.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "cbl-mariner": 2, "julia": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/05/30/1", "https://access.redhat.com/errata/RHSA-2023:6330", "https://access.redhat.com/security/cve/CVE-2023-2650", "https://bugzilla.redhat.com/1858038", "https://bugzilla.redhat.com/2207947", "https://errata.almalinux.org/9/ALSA-2023-6330.html", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=423a2bc737a908ad0c77bda470b2b59dc879936b", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=853c5e56ee0b8650c73140816bb8b91d6163422c", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9e209944b35cf82368071f160a744b6178f9b098", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db779b0e10b047f2585615e0b8f2acdf21f8544a", "https://github.com/advisories/GHSA-gqxg-9vfr-p9cg", "https://linux.oracle.com/cve/CVE-2023-2650.html", "https://linux.oracle.com/errata/ELSA-2023-6330.html", "https://lists.debian.org/debian-lts-announce/2023/06/msg00011.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-2650", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0009", "https://security.gentoo.org/glsa/202402-08", "https://security.netapp.com/advisory/ntap-20230703-0001/", "https://security.netapp.com/advisory/ntap-20231027-0009/", "https://ubuntu.com/security/notices/USN-6119-1", "https://ubuntu.com/security/notices/USN-6188-1", "https://ubuntu.com/security/notices/USN-6672-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2023-2650", "https://www.debian.org/security/2023/dsa-5417", "https://www.openssl.org/news/secadv/20230530.txt" ], "PublishedDate": "2023-05-30T14:15:09.683Z", "LastModifiedDate": "2025-03-19T16:15:21.89Z" }, { "VulnerabilityID": "CVE-2023-2975", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.9-r2", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-2975", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:3ab0b1b24a02e8662f16cffb57ad74a3926d34e72c6b5cd39ea7261db5da2b93", "Title": "openssl: AES-SIV cipher implementation contains a bug that causes it to ignore empty associated data entries", "Description": "Issue summary: The AES-SIV cipher implementation contains a bug that causes\nit to ignore empty associated data entries which are unauthenticated as\na consequence.\n\nImpact summary: Applications that use the AES-SIV algorithm and want to\nauthenticate empty data entries as associated data can be misled by removing,\nadding or reordering such empty entries as these are ignored by the OpenSSL\nimplementation. We are currently unaware of any such applications.\n\nThe AES-SIV algorithm allows for authentication of multiple associated\ndata entries along with the encryption. To authenticate empty data the\napplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with\nNULL pointer as the output buffer and 0 as the input buffer length.\nThe AES-SIV implementation in OpenSSL just returns success for such a call\ninstead of performing the associated data authentication operation.\nThe empty data thus will not be authenticated.\n\nAs this issue does not affect non-empty associated data authentication and\nwe expect it to be rare for an application to use empty associated data\nentries this is qualified as Low severity issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-354", "CWE-287" ], "VendorSeverity": { "alma": 1, "amazon": 2, "cbl-mariner": 2, "julia": 2, "nvd": 2, "oracle-oval": 1, "photon": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/07/15/1", "http://www.openwall.com/lists/oss-security/2023/07/19/5", "https://access.redhat.com/errata/RHSA-2024:2447", "https://access.redhat.com/security/cve/CVE-2023-2975", "https://bugzilla.redhat.com/2223016", "https://bugzilla.redhat.com/2224962", "https://bugzilla.redhat.com/2227852", "https://bugzilla.redhat.com/2248616", "https://bugzilla.redhat.com/2257571", "https://bugzilla.redhat.com/2258502", "https://bugzilla.redhat.com/2259944", "https://errata.almalinux.org/9/ALSA-2024-2447.html", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=00e2f5eea29994d19293ec4e8c8775ba73678598", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a83f0c958811f07e0d11dfc6b5a6a98edfd5bdc", "https://github.com/advisories/GHSA-hpqg-7fjp-436p", "https://linux.oracle.com/cve/CVE-2023-2975.html", "https://linux.oracle.com/errata/ELSA-2024-2447.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-2975", "https://security.gentoo.org/glsa/202402-08", "https://security.netapp.com/advisory/ntap-20230725-0004", "https://security.netapp.com/advisory/ntap-20230725-0004/", "https://ubuntu.com/security/notices/USN-6450-1", "https://www.cve.org/CVERecord?id=CVE-2023-2975", "https://www.openssl.org/news/secadv/20230714.txt" ], "PublishedDate": "2023-07-14T12:15:09.023Z", "LastModifiedDate": "2025-04-23T17:16:32.467Z" }, { "VulnerabilityID": "CVE-2023-3446", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.9-r3", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3446", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:79957f0d103f50daa6c155489296ffb4503591b2952fcd8d3a8a121969908888", "Title": "openssl: Excessive time spent checking DH keys and parameters", "Description": "Issue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. One of those\nchecks confirms that the modulus ('p' parameter) is not too large. Trying to use\na very large modulus is slow and OpenSSL will not normally use a modulus which\nis over 10,000 bits in length.\n\nHowever the DH_check() function checks numerous aspects of the key or parameters\nthat have been supplied. Some of those checks use the supplied modulus value\neven if it has already been found to be too large.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulernable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the '-check' option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-606", "CWE-1333" ], "VendorSeverity": { "alma": 1, "amazon": 3, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 1, "photon": 2, "redhat": 1, "rocky": 3, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/07/19/4", "http://www.openwall.com/lists/oss-security/2023/07/19/5", "http://www.openwall.com/lists/oss-security/2023/07/19/6", "http://www.openwall.com/lists/oss-security/2023/07/31/1", "http://www.openwall.com/lists/oss-security/2024/05/16/1", "https://access.redhat.com/errata/RHSA-2024:2447", "https://access.redhat.com/security/cve/CVE-2023-3446", "https://bugzilla.redhat.com/2223016", "https://bugzilla.redhat.com/2224962", "https://bugzilla.redhat.com/2227852", "https://bugzilla.redhat.com/2248616", "https://bugzilla.redhat.com/2257571", "https://bugzilla.redhat.com/2258502", "https://bugzilla.redhat.com/2259944", "https://bugzilla.redhat.com/show_bug.cgi?id=2224962", "https://bugzilla.redhat.com/show_bug.cgi?id=2257582", "https://bugzilla.redhat.com/show_bug.cgi?id=2257583", "https://bugzilla.redhat.com/show_bug.cgi?id=2258677", "https://bugzilla.redhat.com/show_bug.cgi?id=2258688", "https://bugzilla.redhat.com/show_bug.cgi?id=2258691", "https://bugzilla.redhat.com/show_bug.cgi?id=2258694", "https://bugzilla.redhat.com/show_bug.cgi?id=2258700", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36763", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36764", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3446", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45229", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45231", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45232", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45233", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45235", "https://errata.almalinux.org/9/ALSA-2024-2447.html", "https://errata.rockylinux.org/RLSA-2024:2264", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=1fa20cf2f506113c761777127a38bce5068740eb", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8780a896543a654e757db1b9396383f9d8095528", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9a0a4d3c1e7138915563c0df4fe6a3f9377b839c", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fc9867c1e03c22ebf56943be205202e576aabf23", "https://linux.oracle.com/cve/CVE-2023-3446.html", "https://linux.oracle.com/errata/ELSA-2024-2447.html", "https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3446", "https://security.gentoo.org/glsa/202402-08", "https://security.netapp.com/advisory/ntap-20230803-0011/", "https://ubuntu.com/security/notices/USN-6435-1", "https://ubuntu.com/security/notices/USN-6435-2", "https://ubuntu.com/security/notices/USN-6450-1", "https://ubuntu.com/security/notices/USN-6709-1", "https://ubuntu.com/security/notices/USN-7018-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2023-3446", "https://www.openssl.org/news/secadv/20230719.txt" ], "PublishedDate": "2023-07-19T12:15:10.003Z", "LastModifiedDate": "2025-04-23T17:16:36.967Z" }, { "VulnerabilityID": "CVE-2023-3817", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.10-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3817", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:96637ef64ca0979577e7acbecaf6e745387663235341e76fc7047c3e846c51b9", "Title": "OpenSSL: Excessive time spent checking DH q parameter value", "Description": "Issue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. After fixing\nCVE-2023-3446 it was discovered that a large q parameter value can also trigger\nan overly long computation during some of these checks. A correct q value,\nif present, cannot be larger than the modulus p parameter, thus it is\nunnecessary to perform these checks if q is larger than p.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulnerable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the \"-check\" option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-606", "CWE-834" ], "VendorSeverity": { "alma": 1, "amazon": 2, "azure": 2, "cbl-mariner": 2, "julia": 2, "nvd": 2, "oracle-oval": 1, "photon": 2, "redhat": 1, "rocky": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://seclists.org/fulldisclosure/2023/Jul/43", "http://www.openwall.com/lists/oss-security/2023/07/31/1", "http://www.openwall.com/lists/oss-security/2023/09/22/11", "http://www.openwall.com/lists/oss-security/2023/09/22/9", "http://www.openwall.com/lists/oss-security/2023/11/06/2", "https://access.redhat.com/errata/RHSA-2024:2447", "https://access.redhat.com/security/cve/CVE-2023-3817", "https://bugzilla.redhat.com/2223016", "https://bugzilla.redhat.com/2224962", "https://bugzilla.redhat.com/2227852", "https://bugzilla.redhat.com/2248616", "https://bugzilla.redhat.com/2257571", "https://bugzilla.redhat.com/2258502", "https://bugzilla.redhat.com/2259944", "https://bugzilla.redhat.com/show_bug.cgi?id=2224962", "https://bugzilla.redhat.com/show_bug.cgi?id=2227852", "https://bugzilla.redhat.com/show_bug.cgi?id=2248616", "https://bugzilla.redhat.com/show_bug.cgi?id=2270358", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3446", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3817", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5678", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2408", "https://errata.almalinux.org/9/ALSA-2024-2447.html", "https://errata.rockylinux.org/RLSA-2023:7877", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a1eb62c29db6cb5eec707f9338aee00f44e26f5", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=869ad69aadd985c7b8ca6f4e5dd0eb274c9f3644", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9002fd07327a91f35ba6c1307e71fa6fd4409b7f", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=91ddeba0f2269b017dc06c46c993a788974b1aa5", "https://github.com/advisories/GHSA-c945-cqj5-wfv6", "https://linux.oracle.com/cve/CVE-2023-3817.html", "https://linux.oracle.com/errata/ELSA-2024-2447.html", "https://lists.debian.org/debian-lts-announce/2023/08/msg00019.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3817", "https://security.gentoo.org/glsa/202402-08", "https://security.netapp.com/advisory/ntap-20230818-0014", "https://security.netapp.com/advisory/ntap-20230818-0014/", "https://security.netapp.com/advisory/ntap-20231027-0008", "https://security.netapp.com/advisory/ntap-20231027-0008/", "https://security.netapp.com/advisory/ntap-20240621-0006", "https://security.netapp.com/advisory/ntap-20240621-0006/", "https://ubuntu.com/security/notices/USN-6435-1", "https://ubuntu.com/security/notices/USN-6435-2", "https://ubuntu.com/security/notices/USN-6450-1", "https://ubuntu.com/security/notices/USN-6709-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2023-3817", "https://www.openssl.org/news/secadv/20230731.txt" ], "PublishedDate": "2023-07-31T16:15:10.497Z", "LastModifiedDate": "2025-05-05T16:15:47.343Z" }, { "VulnerabilityID": "CVE-2023-5678", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.12-r1", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-5678", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:ad1a8827f667f499bedc0eb3e830a79d076d92900bdff7d180658450414136a2", "Title": "openssl: Generating excessively long X9.42 DH keys or checking excessively long X9.42 DH keys or parameters may be very slow", "Description": "Issue summary: Generating excessively long X9.42 DH keys or checking\nexcessively long X9.42 DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_generate_key() to\ngenerate an X9.42 DH key may experience long delays. Likewise, applications\nthat use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check()\nto check an X9.42 DH key or X9.42 DH parameters may experience long delays.\nWhere the key or parameters that are being checked have been obtained from\nan untrusted source this may lead to a Denial of Service.\n\nWhile DH_check() performs all the necessary checks (as of CVE-2023-3817),\nDH_check_pub_key() doesn't make any of these checks, and is therefore\nvulnerable for excessively large P and Q parameters.\n\nLikewise, while DH_generate_key() performs a check for an excessively large\nP, it doesn't check for an excessively large Q.\n\nAn application that calls DH_generate_key() or DH_check_pub_key() and\nsupplies a key or parameters obtained from an untrusted source could be\nvulnerable to a Denial of Service attack.\n\nDH_generate_key() and DH_check_pub_key() are also called by a number of\nother OpenSSL functions. An application calling any of those other\nfunctions may similarly be affected. The other functions affected by this\nare DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().\n\nAlso vulnerable are the OpenSSL pkey command line application when using the\n\"-pubcheck\" option, as well as the OpenSSL genpkey command line application.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-606", "CWE-754" ], "VendorSeverity": { "alma": 1, "amazon": 3, "azure": 2, "cbl-mariner": 2, "julia": 2, "nvd": 2, "oracle-oval": 1, "photon": 2, "redhat": 1, "rocky": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/11/06/2", "http://www.openwall.com/lists/oss-security/2024/03/11/1", "https://access.redhat.com/errata/RHSA-2024:2447", "https://access.redhat.com/security/cve/CVE-2023-5678", "https://bugzilla.redhat.com/2223016", "https://bugzilla.redhat.com/2224962", "https://bugzilla.redhat.com/2227852", "https://bugzilla.redhat.com/2248616", "https://bugzilla.redhat.com/2257571", "https://bugzilla.redhat.com/2258502", "https://bugzilla.redhat.com/2259944", "https://bugzilla.redhat.com/show_bug.cgi?id=2224962", "https://bugzilla.redhat.com/show_bug.cgi?id=2227852", "https://bugzilla.redhat.com/show_bug.cgi?id=2248616", "https://bugzilla.redhat.com/show_bug.cgi?id=2270358", "https://cert-portal.siemens.com/productcert/html/ssa-093430.html", "https://cert-portal.siemens.com/productcert/html/ssa-128433.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cert-portal.siemens.com/productcert/html/ssa-277137.html", "https://cert-portal.siemens.com/productcert/html/ssa-331112.html", "https://cert-portal.siemens.com/productcert/html/ssa-341067.html", "https://cert-portal.siemens.com/productcert/html/ssa-398330.html", "https://cert-portal.siemens.com/productcert/html/ssa-556635.html", "https://cert-portal.siemens.com/productcert/html/ssa-613116.html", "https://cert-portal.siemens.com/productcert/html/ssa-769027.html", "https://cert-portal.siemens.com/productcert/html/ssa-794697.html", "https://cert-portal.siemens.com/productcert/html/ssa-915275.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3446", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3817", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5678", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2408", "https://errata.almalinux.org/9/ALSA-2024-2447.html", "https://errata.rockylinux.org/RLSA-2023:7877", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=34efaef6c103d636ab507a0cc34dca4d3aecc055", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=710fee740904b6290fef0dd5536fbcedbc38ff0c", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=db925ae2e65d0d925adef429afc37f75bd1c2017", "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ddeb4b6c6d527e54ce9a99cba785c0f7776e54b6", "https://github.com/advisories/GHSA-2cj7-mg3x-9mhq", "https://linux.oracle.com/cve/CVE-2023-5678.html", "https://linux.oracle.com/errata/ELSA-2024-2447.html", "https://lists.debian.org/debian-lts-announce/2024/10/msg00033.html", "https://lists.debian.org/debian-lts-announce/2024/11/msg00000.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-5678", "https://security.netapp.com/advisory/ntap-20231130-0010", "https://security.netapp.com/advisory/ntap-20231130-0010/", "https://ubuntu.com/security/notices/USN-6622-1", "https://ubuntu.com/security/notices/USN-6632-1", "https://ubuntu.com/security/notices/USN-6709-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2023-5678", "https://www.openssl.org/news/secadv/20231106.txt" ], "PublishedDate": "2023-11-06T16:15:42.67Z", "LastModifiedDate": "2026-05-12T11:16:17.123Z" }, { "VulnerabilityID": "CVE-2023-6129", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.12-r2", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-6129", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:a77cdc3bc75a9786555250faa492a3c79a4430cda7739e4da2a868d07fb2b7bd", "Title": "openssl: POLY1305 MAC implementation corrupts vector registers on PowerPC", "Description": "Issue summary: The POLY1305 MAC (message authentication code) implementation\ncontains a bug that might corrupt the internal state of applications running\non PowerPC CPU based platforms if the CPU provides vector instructions.\n\nImpact summary: If an attacker can influence whether the POLY1305 MAC\nalgorithm is used, the application state might be corrupted with various\napplication dependent consequences.\n\nThe POLY1305 MAC (message authentication code) implementation in OpenSSL for\nPowerPC CPUs restores the contents of vector registers in a different order\nthan they are saved. Thus the contents of some of these vector registers\nare corrupted when returning to the caller. The vulnerable code is used only\non newer PowerPC processors supporting the PowerISA 2.07 instructions.\n\nThe consequences of this kind of internal application state corruption can\nbe various - from no consequences, if the calling application does not\ndepend on the contents of non-volatile XMM registers at all, to the worst\nconsequences, where the attacker could get complete control of the application\nprocess. However unless the compiler uses the vector registers for storing\npointers, the most likely consequence, if any, would be an incorrect result\nof some application dependent calculations or a crash leading to a denial of\nservice.\n\nThe POLY1305 MAC algorithm is most frequently used as part of the\nCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)\nalgorithm. The most common usage of this AEAD cipher is with TLS protocol\nversions 1.2 and 1.3. If this cipher is enabled on the server a malicious\nclient can influence whether this AEAD cipher is used. This implies that\nTLS server applications using OpenSSL can be potentially impacted. However\nwe are currently not aware of any concrete application that would be affected\nby this issue therefore we consider this a Low severity security issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-440", "CWE-787" ], "VendorSeverity": { "alma": 2, "azure": 2, "cbl-mariner": 2, "julia": 2, "nvd": 2, "oracle-oval": 2, "redhat": 1, "rocky": 2, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "V3Score": 6.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/01/09/1", "http://www.openwall.com/lists/oss-security/2024/03/11/1", "https://access.redhat.com/errata/RHSA-2024:9088", "https://access.redhat.com/security/cve/CVE-2023-6129", "https://bugzilla.redhat.com/2257571", "https://bugzilla.redhat.com/2258502", "https://bugzilla.redhat.com/2259944", "https://bugzilla.redhat.com/2284243", "https://bugzilla.redhat.com/show_bug.cgi?id=2257571", "https://bugzilla.redhat.com/show_bug.cgi?id=2258502", "https://bugzilla.redhat.com/show_bug.cgi?id=2259944", "https://bugzilla.redhat.com/show_bug.cgi?id=2284243", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cert-portal.siemens.com/productcert/html/ssa-331112.html", "https://cert-portal.siemens.com/productcert/html/ssa-769027.html", "https://cert-portal.siemens.com/productcert/html/ssa-915275.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6129", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6237", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0727", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1298", "https://errata.almalinux.org/9/ALSA-2024-9088.html", "https://errata.rockylinux.org/RLSA-2024:9088", "https://github.com/advisories/GHSA-rj8q-prqp-jwfg", "https://github.com/openssl/openssl/commit/050d26383d4e264966fb83428e72d5d48f402d35", "https://github.com/openssl/openssl/commit/5b139f95c9a47a55a0c54100f3837b1eee942b04", "https://github.com/openssl/openssl/commit/f3fc5808fe9ff74042d639839610d03b8fdcc015", "https://linux.oracle.com/cve/CVE-2023-6129.html", "https://linux.oracle.com/errata/ELSA-2024-9088.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-6129", "https://security.netapp.com/advisory/ntap-20240216-0009", "https://security.netapp.com/advisory/ntap-20240216-0009/", "https://security.netapp.com/advisory/ntap-20240426-0008", "https://security.netapp.com/advisory/ntap-20240426-0008/", "https://security.netapp.com/advisory/ntap-20240426-0013", "https://security.netapp.com/advisory/ntap-20240426-0013/", "https://security.netapp.com/advisory/ntap-20240503-0011", "https://security.netapp.com/advisory/ntap-20240503-0011/", "https://ubuntu.com/security/notices/USN-6622-1", "https://www.cve.org/CVERecord?id=CVE-2023-6129", "https://www.openssl.org/news/secadv/20240109.txt", "https://www.openwall.com/lists/oss-security/2024/01/09/1" ], "PublishedDate": "2024-01-09T17:15:12.147Z", "LastModifiedDate": "2026-05-12T11:16:17.563Z" }, { "VulnerabilityID": "CVE-2024-0727", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.12-r4", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-0727", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:b83e50f2405b9491e40f4c09055a3be6b87bf960d8127881d78052fd3967cc15", "Title": "openssl: denial of service via null dereference", "Description": "Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL\nto crash leading to a potential Denial of Service attack\n\nImpact summary: Applications loading files in the PKCS12 format from untrusted\nsources might terminate abruptly.\n\nA file in PKCS12 format can contain certificates and keys and may come from an\nuntrusted source. The PKCS12 specification allows certain fields to be NULL, but\nOpenSSL does not correctly check for this case. This can lead to a NULL pointer\ndereference that results in OpenSSL crashing. If an application processes PKCS12\nfiles from an untrusted source using the OpenSSL APIs then that application will\nbe vulnerable to this issue.\n\nOpenSSL APIs that are vulnerable to this are: PKCS12_parse(),\nPKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()\nand PKCS12_newpass().\n\nWe have also fixed a similar issue in SMIME_write_PKCS7(). However since this\nfunction is related to writing data we do not consider it security significant.\n\nThe FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "julia": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 1, "rocky": 2, "ubuntu": 1 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/11/1", "https://access.redhat.com/errata/RHSA-2024:9088", "https://access.redhat.com/security/cve/CVE-2024-0727", "https://bugzilla.redhat.com/2257571", "https://bugzilla.redhat.com/2258502", "https://bugzilla.redhat.com/2259944", "https://bugzilla.redhat.com/2284243", "https://bugzilla.redhat.com/show_bug.cgi?id=2257571", "https://bugzilla.redhat.com/show_bug.cgi?id=2258502", "https://bugzilla.redhat.com/show_bug.cgi?id=2259944", "https://bugzilla.redhat.com/show_bug.cgi?id=2284243", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cert-portal.siemens.com/productcert/html/ssa-277137.html", "https://cert-portal.siemens.com/productcert/html/ssa-331112.html", "https://cert-portal.siemens.com/productcert/html/ssa-769027.html", "https://cert-portal.siemens.com/productcert/html/ssa-915275.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6129", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6237", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0727", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1298", "https://errata.almalinux.org/9/ALSA-2024-9088.html", "https://errata.rockylinux.org/RLSA-2024:9088", "https://github.com/advisories/GHSA-9v9h-cgj8-h64p", "https://github.com/alexcrichton/openssl-src-rs/commit/add20f73b6b42be7451af2e1044d4e0e778992b2", "https://github.com/github/advisory-database/pull/3472", "https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2", "https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a", "https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c", "https://github.com/openssl/openssl/pull/23362", "https://github.com/pyca/cryptography/commit/3519591d255d4506fbcd0d04037d45271903c64d", "https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8", "https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539", "https://linux.oracle.com/cve/CVE-2024-0727.html", "https://linux.oracle.com/errata/ELSA-2024-9088.html", "https://lists.debian.org/debian-lts-announce/2024/10/msg00033.html", "https://lists.debian.org/debian-lts-announce/2024/11/msg00000.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-0727", "https://security.netapp.com/advisory/ntap-20240208-0006", "https://security.netapp.com/advisory/ntap-20240208-0006/", "https://ubuntu.com/security/notices/USN-6622-1", "https://ubuntu.com/security/notices/USN-6632-1", "https://ubuntu.com/security/notices/USN-6709-1", "https://ubuntu.com/security/notices/USN-7018-1", "https://ubuntu.com/security/notices/USN-7894-1", "https://www.cve.org/CVERecord?id=CVE-2024-0727", "https://www.openssl.org/news/secadv/20240125.txt" ], "PublishedDate": "2024-01-26T09:15:07.637Z", "LastModifiedDate": "2026-05-12T12:16:16.567Z" }, { "VulnerabilityID": "CVE-2025-69419", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.19-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69419", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:0acae399f7629b8fe9565fb24dbfc603c81db73a4e0b4ddb794e6ff64c29a526", "Title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing", "Description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "cbl-mariner": 3, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4472", "https://access.redhat.com/security/cve/CVE-2025-69419", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-4472.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-x77r-97gw-wh89", "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", "https://linux.oracle.com/cve/CVE-2025-69419.html", "https://linux.oracle.com/errata/ELSA-2026-50131.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69419" ], "PublishedDate": "2026-01-27T16:16:34.113Z", "LastModifiedDate": "2026-05-12T13:17:26.19Z" }, { "VulnerabilityID": "CVE-2025-9230", "PkgID": "libssl3@3.0.7-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.0.7-r0?arch=x86_64\u0026distro=3.17.0", "UID": "b9e47beded0d444e" }, "InstalledVersion": "3.0.7-r0", "FixedVersion": "3.0.19-r0", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:e1ce935857188d04d582bc29ae324301fb4625054080388375d2eeeac33f78da", "Title": "openssl: Out-of-bounds read \u0026 write in RFC 3211 KEK Unwrap", "Description": "Issue summary: An application trying to decrypt CMS messages encrypted using\npassword based encryption can trigger an out-of-bounds read and write.\n\nImpact summary: This out-of-bounds read may trigger a crash which leads to\nDenial of Service for an application. The out-of-bounds write can cause\na memory corruption which can have various consequences including\na Denial of Service or Execution of attacker-supplied code.\n\nAlthough the consequences of a successful exploit of this vulnerability\ncould be severe, the probability that the attacker would be able to\nperform it is low. Besides, password based (PWRI) encryption support in CMS\nmessages is very rarely used. For that reason the issue was assessed as\nModerate severity according to our Security Policy.\n\nThe FIPS modules in 3.5, 3.4, 3.3, 3.2, 3.1 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125", "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "cbl-mariner": 3, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 5.6 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/09/30/5", "https://access.redhat.com/errata/RHSA-2026:2776", "https://access.redhat.com/security/cve/CVE-2025-9230", "https://bugzilla.redhat.com/2396054", "https://bugzilla.redhat.com/show_bug.cgi?id=2396054", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-089022.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cert-portal.siemens.com/productcert/html/ssa-485750.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-9230", "https://errata.almalinux.org/9/ALSA-2026-2776.html", "https://errata.rockylinux.org/RLSA-2025:21255", "https://github.com/openssl/openssl/commit/5965ea5dd6960f36d8b7f74f8eac67a8eb8f2b45", "https://github.com/openssl/openssl/commit/9e91358f365dee6c446dcdcdb01c04d2743fd280", "https://github.com/openssl/openssl/commit/a79c4ce559c6a3a8fd4109e9f33c1185d5bf2def", "https://github.com/openssl/openssl/commit/b5282d677551afda7d20e9c00e09561b547b2dfd", "https://github.com/openssl/openssl/commit/bae259a211ada6315dc50900686daaaaaa55f482", "https://github.openssl.org/openssl/extended-releases/commit/c2b96348bfa662f25f4fabf81958ae822063dae3", "https://github.openssl.org/openssl/extended-releases/commit/dfbaf161d8dafc1132dd88cd48ad990ed9b4c8ba", "https://linux.oracle.com/cve/CVE-2025-9230.html", "https://linux.oracle.com/errata/ELSA-2026-50114.html", "https://lists.debian.org/debian-lts-announce/2025/10/msg00001.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-9230", "https://openssl-library.org/news/secadv/20250930.txt", "https://ubuntu.com/security/notices/USN-7786-1", "https://www.cve.org/CVERecord?id=CVE-2025-9230" ], "PublishedDate": "2025-09-30T14:15:41.05Z", "LastModifiedDate": "2026-05-12T13:17:29.767Z" }, { "VulnerabilityID": "CVE-2025-26519", "PkgID": "musl@1.2.3-r4", "PkgName": "musl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl@1.2.3-r4?arch=x86_64\u0026distro=3.17.0", "UID": "af5f98cf83a00dc2" }, "InstalledVersion": "1.2.3-r4", "FixedVersion": "1.2.3-r6", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-26519", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:c3db28160797c13f6c86972e6208dcd15f750c966dc5922502b2874ce8b817e3", "Title": "musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write ...", "Description": "musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "nvd": 3 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/02/13/2", "http://www.openwall.com/lists/oss-security/2025/02/13/3", "http://www.openwall.com/lists/oss-security/2025/02/13/4", "http://www.openwall.com/lists/oss-security/2025/02/13/5", "http://www.openwall.com/lists/oss-security/2025/02/14/5", "http://www.openwall.com/lists/oss-security/2025/02/14/6", "https://git.musl-libc.org/cgit/musl/commit/?id=c47ad25ea3b484e10326f933e927c0bc8cded3da", "https://git.musl-libc.org/cgit/musl/commit/?id=e5adcd97b5196e29991b524237381a0202a60659", "https://www.openwall.com/lists/oss-security/2025/02/13/2" ], "PublishedDate": "2025-02-14T04:15:09.05Z", "LastModifiedDate": "2025-12-10T20:03:59.273Z" }, { "VulnerabilityID": "CVE-2025-26519", "PkgID": "musl-utils@1.2.3-r4", "PkgName": "musl-utils", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl-utils@1.2.3-r4?arch=x86_64\u0026distro=3.17.0", "UID": "69e5c84e7222babe" }, "InstalledVersion": "1.2.3-r4", "FixedVersion": "1.2.3-r6", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-26519", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:8ab4cf830760b396c98023ad8599965608375435c48f99d6da4ba24f66fb8df6", "Title": "musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write ...", "Description": "musl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "nvd": 3 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/02/13/2", "http://www.openwall.com/lists/oss-security/2025/02/13/3", "http://www.openwall.com/lists/oss-security/2025/02/13/4", "http://www.openwall.com/lists/oss-security/2025/02/13/5", "http://www.openwall.com/lists/oss-security/2025/02/14/5", "http://www.openwall.com/lists/oss-security/2025/02/14/6", "https://git.musl-libc.org/cgit/musl/commit/?id=c47ad25ea3b484e10326f933e927c0bc8cded3da", "https://git.musl-libc.org/cgit/musl/commit/?id=e5adcd97b5196e29991b524237381a0202a60659", "https://www.openwall.com/lists/oss-security/2025/02/13/2" ], "PublishedDate": "2025-02-14T04:15:09.05Z", "LastModifiedDate": "2025-12-10T20:03:59.273Z" }, { "VulnerabilityID": "CVE-2023-42363", "PkgID": "ssl_client@1.35.0-r29", "PkgName": "ssl_client", "PkgIdentifier": { "PURL": "pkg:apk/alpine/ssl_client@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", "UID": "4d574a05a4da5141" }, "InstalledVersion": "1.35.0-r29", "FixedVersion": "1.35.0-r31", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-42363", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:a04960cdd2abbd5f6f409edc1c188372293c862a8dd58f08547f66aa824f675a", "Title": "busybox: use-after-free in awk", "Description": "A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://lists.busybox.net/pipermail/busybox/2024-May/090760.html", "https://access.redhat.com/security/cve/CVE-2023-42363", "https://bugs.busybox.net/show_bug.cgi?id=15865", "https://nvd.nist.gov/vuln/detail/CVE-2023-42363", "https://ubuntu.com/security/notices/USN-6961-1", "https://www.cve.org/CVERecord?id=CVE-2023-42363" ], "PublishedDate": "2023-11-27T22:15:07.94Z", "LastModifiedDate": "2024-11-21T08:22:28.403Z" }, { "VulnerabilityID": "CVE-2023-42364", "PkgID": "ssl_client@1.35.0-r29", "PkgName": "ssl_client", "PkgIdentifier": { "PURL": "pkg:apk/alpine/ssl_client@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", "UID": "4d574a05a4da5141" }, "InstalledVersion": "1.35.0-r29", "FixedVersion": "1.35.0-r31", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-42364", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:3a2b5e125722f465bd528378cb522881325f83a46afe8e6199234fdbdfd5a223", "Title": "busybox: use-after-free", "Description": "A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://lists.busybox.net/pipermail/busybox/2024-May/090762.html", "https://access.redhat.com/security/cve/CVE-2023-42364", "https://bugs.busybox.net/show_bug.cgi?id=15868", "https://gitlab.alpinelinux.org/alpine/aports/-/blob/master/main/busybox/CVE-2023-42364-CVE-2023-42365.patch", "https://lists.debian.org/debian-lts-announce/2025/01/msg00012.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-42364", "https://ubuntu.com/security/notices/USN-6961-1", "https://www.cve.org/CVERecord?id=CVE-2023-42364" ], "PublishedDate": "2023-11-27T23:15:07.313Z", "LastModifiedDate": "2025-11-03T21:16:01.17Z" }, { "VulnerabilityID": "CVE-2023-42365", "PkgID": "ssl_client@1.35.0-r29", "PkgName": "ssl_client", "PkgIdentifier": { "PURL": "pkg:apk/alpine/ssl_client@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", "UID": "4d574a05a4da5141" }, "InstalledVersion": "1.35.0-r29", "FixedVersion": "1.35.0-r31", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-42365", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:980a5d2525cf2154b839f7ae93bf5b6ee255a3c8459d293123b8691139fa3d91", "Title": "busybox: use-after-free", "Description": "A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://lists.busybox.net/pipermail/busybox/2024-May/090762.html", "https://access.redhat.com/security/cve/CVE-2023-42365", "https://bugs.busybox.net/show_bug.cgi?id=15871", "https://gitlab.alpinelinux.org/alpine/aports/-/blob/master/main/busybox/CVE-2023-42364-CVE-2023-42365.patch", "https://lists.debian.org/debian-lts-announce/2025/01/msg00012.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-42365", "https://ubuntu.com/security/notices/USN-6961-1", "https://www.cve.org/CVERecord?id=CVE-2023-42365" ], "PublishedDate": "2023-11-27T23:15:07.373Z", "LastModifiedDate": "2025-11-03T21:16:01.393Z" }, { "VulnerabilityID": "CVE-2023-42366", "PkgID": "ssl_client@1.35.0-r29", "PkgName": "ssl_client", "PkgIdentifier": { "PURL": "pkg:apk/alpine/ssl_client@1.35.0-r29?arch=x86_64\u0026distro=3.17.0", "UID": "4d574a05a4da5141" }, "InstalledVersion": "1.35.0-r29", "FixedVersion": "1.35.0-r30", "Status": "fixed", "Layer": { "Digest": "sha256:c158987b05517b6f2c5913f3acef1f2182a32345a304fe357e3ace5fadcad715", "DiffID": "sha256:ded7a220bb058e28ee3254fbba04ca90b679070424424761a53a043b93b612bf" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-42366", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:66ead9d5e38cbeda8bd521e1695b3aa49f833fda8fef553eb312da917af688af", "Title": "busybox: A heap-buffer-overflow", "Description": "A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "azure": 2, "cbl-mariner": 2, "nvd": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "V3Score": 7.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-42366", "https://bugs.busybox.net/show_bug.cgi?id=15874", "https://nvd.nist.gov/vuln/detail/CVE-2023-42366", "https://security.netapp.com/advisory/ntap-20241206-0007/", "https://www.cve.org/CVERecord?id=CVE-2023-42366" ], "PublishedDate": "2023-11-27T23:15:07.42Z", "LastModifiedDate": "2024-12-06T14:15:19.53Z" } ] }, { "Target": "usr/local/bin/rclone", "Class": "lang-pkgs", "Type": "gobinary", "Packages": [ { "ID": "github.com/rclone/rclone@v1.61.1", "Name": "github.com/rclone/rclone", "Identifier": { "PURL": "pkg:golang/github.com/rclone/rclone@v1.61.1", "UID": "ae64505d118b4275" }, "Version": "v1.61.1", "Relationship": "root", "DependsOn": [ "bazil.org/fuse@v0.0.0-20200524192727-fb710f7dfd05", "cloud.google.com/go/compute/metadata@v0.2.1", "github.com/Azure/azure-sdk-for-go/sdk/azcore@v1.1.4", "github.com/Azure/azure-sdk-for-go/sdk/azidentity@v1.2.0", "github.com/Azure/azure-sdk-for-go/sdk/internal@v1.0.1", "github.com/Azure/azure-sdk-for-go/sdk/storage/azblob@v0.5.1", "github.com/Azure/go-ntlmssp@v0.0.0-20220621081337-cb9428e4ac1e", "github.com/AzureAD/microsoft-authentication-library-for-go@v0.7.0", "github.com/Max-Sum/base32768@v0.0.0-20191205131208-7937843c71d5", "github.com/ProtonMail/go-crypto@v0.0.0-20221026131551-cf6655e29de4", "github.com/Unknwon/goconfig@v1.0.0", "github.com/a8m/tree@v0.0.0-20210414114729-ce3525c5c2ef", "github.com/aalpar/deheap@v0.0.0-20210914013432-0cc84d79dec3", "github.com/abbot/go-http-auth@v0.4.0", "github.com/anacrolix/dms@v1.5.0", "github.com/anacrolix/log@v0.13.1", "github.com/artyom/mtab@v1.0.0", "github.com/atotto/clipboard@v0.1.4", "github.com/aws/aws-sdk-go@v1.44.145", "github.com/beorn7/perks@v1.0.1", "github.com/buengese/sgzip@v0.1.1", "github.com/calebcase/tmpfile@v1.0.3", "github.com/cespare/xxhash/v2@v2.1.2", "github.com/cloudflare/circl@v1.1.0", "github.com/colinmarc/hdfs/v2@v2.3.0", "github.com/coreos/go-semver@v0.3.0", "github.com/coreos/go-systemd@v0.0.0-20191104093116-d3cd4ed1dbcf", "github.com/cpuguy83/go-md2man/v2@v2.0.2", "github.com/dropbox/dropbox-sdk-go-unofficial/v6@v6.0.5", "github.com/gabriel-vasile/mimetype@v1.4.1", "github.com/gdamore/encoding@v1.0.0", "github.com/gdamore/tcell/v2@v2.5.3", "github.com/geoffgarside/ber@v1.1.0", "github.com/go-chi/chi/v5@v5.0.7", "github.com/gofrs/flock@v0.8.1", "github.com/gogo/protobuf@v1.3.2", "github.com/golang-jwt/jwt/v4@v4.4.2", "github.com/golang/groupcache@v0.0.0-20210331224755-41bb18bfe9da", "github.com/golang/protobuf@v1.5.2", "github.com/google/go-querystring@v1.1.0", "github.com/google/uuid@v1.3.0", "github.com/googleapis/enterprise-certificate-proxy@v0.2.0", "github.com/googleapis/gax-go/v2@v2.7.0", "github.com/hanwen/go-fuse/v2@v2.1.0", "github.com/hashicorp/errwrap@v1.0.0", "github.com/hashicorp/go-multierror@v1.1.1", "github.com/hashicorp/go-uuid@v1.0.3", "github.com/hirochachacha/go-smb2@v1.1.0", "github.com/iguanesolutions/go-systemd/v5@v5.1.0", "github.com/jcmturner/aescts/v2@v2.0.0", "github.com/jcmturner/dnsutils/v2@v2.0.0", "github.com/jcmturner/gofork@v1.7.6", "github.com/jcmturner/goidentity/v6@v6.0.1", "github.com/jcmturner/gokrb5/v8@v8.4.3", "github.com/jcmturner/rpc/v2@v2.0.3", "github.com/jmespath/go-jmespath@v0.4.0", "github.com/jzelinskie/whirlpool@v0.0.0-20201016144138-0675e54bb004", "github.com/klauspost/compress@v1.15.12", "github.com/koofr/go-httpclient@v0.0.0-20200420163713-93aa7c75b348", "github.com/koofr/go-koofrclient@v0.0.0-20190724113126-8e5366da203a", "github.com/kr/fs@v0.1.0", "github.com/kylelemons/godebug@v1.1.0", "github.com/lucasb-eyer/go-colorful@v1.2.0", "github.com/mattn/go-colorable@v0.1.13", "github.com/mattn/go-isatty@v0.0.16", "github.com/mattn/go-runewidth@v0.0.14", "github.com/matttproud/golang_protobuf_extensions@v1.0.1", "github.com/mitchellh/go-homedir@v1.1.0", "github.com/ncw/go-acd@v0.0.0-20201019170801-fe55f33415b1", "github.com/ncw/swift/v2@v2.0.1", "github.com/oracle/oci-go-sdk/v65@v65.26.1", "github.com/patrickmn/go-cache@v2.1.0+incompatible", "github.com/pengsrc/go-shared@v0.2.1-0.20190131101655-1999055a4a14", "github.com/pkg/browser@v0.0.0-20210115035449-ce105d075bb4", "github.com/pkg/sftp@v1.13.5", "github.com/pkg/xattr@v0.4.9", "github.com/prometheus/client_golang@v1.14.0", "github.com/prometheus/client_model@v0.3.0", "github.com/prometheus/common@v0.37.0", "github.com/prometheus/procfs@v0.8.0", "github.com/putdotio/go-putio/putio@v0.0.0-20200123120452-16d982cac2b8", "github.com/rclone/ftp@v0.0.0-20221014110213-e44dedbc76c6", "github.com/rfjakob/eme@v1.1.2", "github.com/rivo/uniseg@v0.2.0", "github.com/russross/blackfriday/v2@v2.1.0", "github.com/shirou/gopsutil/v3@v3.22.10", "github.com/sirupsen/logrus@v1.9.0", "github.com/skratchdot/open-golang@v0.0.0-20200116055534-eef842397966", "github.com/sony/gobreaker@v0.5.0", "github.com/spacemonkeygo/monkit/v3@v3.0.17", "github.com/spf13/cobra@v1.6.1", "github.com/spf13/pflag@v1.0.5", "github.com/t3rm1n4l/go-mega@v0.0.0-20220725095014-c4e0c2b5debf", "github.com/vivint/infectious@v0.0.0-20200605153912-25a574ae18a3", "github.com/xanzy/ssh-agent@v0.3.3", "github.com/youmark/pkcs8@v0.0.0-20201027041543-1326539a0a0a", "github.com/yunify/qingstor-sdk-go/v3@v3.2.0", "github.com/zeebo/errs@v1.3.0", "go.etcd.io/bbolt@v1.3.6", "go.opencensus.io@v0.24.0", "goftp.io/server@v0.4.1", "golang.org/x/crypto@v0.3.0", "golang.org/x/net@v0.4.0", "golang.org/x/oauth2@v0.2.0", "golang.org/x/sync@v0.1.0", "golang.org/x/sys@v0.3.0", "golang.org/x/term@v0.3.0", "golang.org/x/text@v0.5.0", "golang.org/x/time@v0.2.0", "google.golang.org/api@v0.103.0", "google.golang.org/genproto@v0.0.0-20221027153422-115e99e71e1c", "google.golang.org/grpc@v1.50.1", "google.golang.org/protobuf@v1.28.1", "gopkg.in/yaml.v2@v2.4.0", "gopkg.in/yaml.v3@v3.0.1", "stdlib@v1.19.4", "storj.io/common@v0.0.0-20220414110316-a5cb7172d6bf", "storj.io/drpc@v0.0.30", "storj.io/uplink@v1.9.0" ], "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "stdlib@v1.19.4", "Name": "stdlib", "Identifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "Version": "v1.19.4", "Relationship": "direct", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "bazil.org/fuse@v0.0.0-20200524192727-fb710f7dfd05", "Name": "bazil.org/fuse", "Identifier": { "PURL": "pkg:golang/bazil.org/fuse@v0.0.0-20200524192727-fb710f7dfd05", "UID": "e326377e7594e90d" }, "Version": "v0.0.0-20200524192727-fb710f7dfd05", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "cloud.google.com/go/compute/metadata@v0.2.1", "Name": "cloud.google.com/go/compute/metadata", "Identifier": { "PURL": "pkg:golang/cloud.google.com/go/compute/metadata@v0.2.1", "UID": "c49fe0c9fb0922d3" }, "Version": "v0.2.1", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Azure/azure-sdk-for-go/sdk/azcore@v1.1.4", "Name": "github.com/Azure/azure-sdk-for-go/sdk/azcore", "Identifier": { "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/azcore@v1.1.4", "UID": "588de0eb9d873f03" }, "Version": "v1.1.4", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Azure/azure-sdk-for-go/sdk/azidentity@v1.2.0", "Name": "github.com/Azure/azure-sdk-for-go/sdk/azidentity", "Identifier": { "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/azidentity@v1.2.0", "UID": "9e2e4303a4195ef3" }, "Version": "v1.2.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Azure/azure-sdk-for-go/sdk/internal@v1.0.1", "Name": "github.com/Azure/azure-sdk-for-go/sdk/internal", "Identifier": { "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/internal@v1.0.1", "UID": "3af85f292175432e" }, "Version": "v1.0.1", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Azure/azure-sdk-for-go/sdk/storage/azblob@v0.5.1", "Name": "github.com/Azure/azure-sdk-for-go/sdk/storage/azblob", "Identifier": { "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/storage/azblob@v0.5.1", "UID": "fd812700db42447b" }, "Version": "v0.5.1", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Azure/go-ntlmssp@v0.0.0-20220621081337-cb9428e4ac1e", "Name": "github.com/Azure/go-ntlmssp", "Identifier": { "PURL": "pkg:golang/github.com/azure/go-ntlmssp@v0.0.0-20220621081337-cb9428e4ac1e", "UID": "94423296cb8be0a" }, "Version": "v0.0.0-20220621081337-cb9428e4ac1e", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/AzureAD/microsoft-authentication-library-for-go@v0.7.0", "Name": "github.com/AzureAD/microsoft-authentication-library-for-go", "Identifier": { "PURL": "pkg:golang/github.com/azuread/microsoft-authentication-library-for-go@v0.7.0", "UID": "a5d005e8ef29fde0" }, "Version": "v0.7.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Max-Sum/base32768@v0.0.0-20191205131208-7937843c71d5", "Name": "github.com/Max-Sum/base32768", "Identifier": { "PURL": "pkg:golang/github.com/max-sum/base32768@v0.0.0-20191205131208-7937843c71d5", "UID": "dc1ed91e88817ecd" }, "Version": "v0.0.0-20191205131208-7937843c71d5", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/ProtonMail/go-crypto@v0.0.0-20221026131551-cf6655e29de4", "Name": "github.com/ProtonMail/go-crypto", "Identifier": { "PURL": "pkg:golang/github.com/protonmail/go-crypto@v0.0.0-20221026131551-cf6655e29de4", "UID": "47bd36c43c7a11ed" }, "Version": "v0.0.0-20221026131551-cf6655e29de4", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Unknwon/goconfig@v1.0.0", "Name": "github.com/Unknwon/goconfig", "Identifier": { "PURL": "pkg:golang/github.com/unknwon/goconfig@v1.0.0", "UID": "b9fcd5d99373376d" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/a8m/tree@v0.0.0-20210414114729-ce3525c5c2ef", "Name": "github.com/a8m/tree", "Identifier": { "PURL": "pkg:golang/github.com/a8m/tree@v0.0.0-20210414114729-ce3525c5c2ef", "UID": "dfe87a11b16fd373" }, "Version": "v0.0.0-20210414114729-ce3525c5c2ef", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aalpar/deheap@v0.0.0-20210914013432-0cc84d79dec3", "Name": "github.com/aalpar/deheap", "Identifier": { "PURL": "pkg:golang/github.com/aalpar/deheap@v0.0.0-20210914013432-0cc84d79dec3", "UID": "de2ea7084056b52e" }, "Version": "v0.0.0-20210914013432-0cc84d79dec3", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/abbot/go-http-auth@v0.4.0", "Name": "github.com/abbot/go-http-auth", "Identifier": { "PURL": "pkg:golang/github.com/abbot/go-http-auth@v0.4.0", "UID": "5ab0773158a33925" }, "Version": "v0.4.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/anacrolix/dms@v1.5.0", "Name": "github.com/anacrolix/dms", "Identifier": { "PURL": "pkg:golang/github.com/anacrolix/dms@v1.5.0", "UID": "8b414c8d1bd80ab5" }, "Version": "v1.5.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/anacrolix/log@v0.13.1", "Name": "github.com/anacrolix/log", "Identifier": { "PURL": "pkg:golang/github.com/anacrolix/log@v0.13.1", "UID": "35d0179d7bf6f042" }, "Version": "v0.13.1", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/artyom/mtab@v1.0.0", "Name": "github.com/artyom/mtab", "Identifier": { "PURL": "pkg:golang/github.com/artyom/mtab@v1.0.0", "UID": "34ec9fb92a539633" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/atotto/clipboard@v0.1.4", "Name": "github.com/atotto/clipboard", "Identifier": { "PURL": "pkg:golang/github.com/atotto/clipboard@v0.1.4", "UID": "9b148df82c4aaf1" }, "Version": "v0.1.4", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go@v1.44.145", "Name": "github.com/aws/aws-sdk-go", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go@v1.44.145", "UID": "64d3196ec3dc43c9" }, "Version": "v1.44.145", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/beorn7/perks@v1.0.1", "Name": "github.com/beorn7/perks", "Identifier": { "PURL": "pkg:golang/github.com/beorn7/perks@v1.0.1", "UID": "9db812384db82867" }, "Version": "v1.0.1", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/buengese/sgzip@v0.1.1", "Name": "github.com/buengese/sgzip", "Identifier": { "PURL": "pkg:golang/github.com/buengese/sgzip@v0.1.1", "UID": "90a6fb3367798697" }, "Version": "v0.1.1", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/calebcase/tmpfile@v1.0.3", "Name": "github.com/calebcase/tmpfile", "Identifier": { "PURL": "pkg:golang/github.com/calebcase/tmpfile@v1.0.3", "UID": "c92ea277cada4584" }, "Version": "v1.0.3", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cespare/xxhash/v2@v2.1.2", "Name": "github.com/cespare/xxhash/v2", "Identifier": { "PURL": "pkg:golang/github.com/cespare/xxhash/v2@v2.1.2", "UID": "594caa752e9c787b" }, "Version": "v2.1.2", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cloudflare/circl@v1.1.0", "Name": "github.com/cloudflare/circl", "Identifier": { "PURL": "pkg:golang/github.com/cloudflare/circl@v1.1.0", "UID": "6ad71c4815031930" }, "Version": "v1.1.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/colinmarc/hdfs/v2@v2.3.0", "Name": "github.com/colinmarc/hdfs/v2", "Identifier": { "PURL": "pkg:golang/github.com/colinmarc/hdfs/v2@v2.3.0", "UID": "3935051519b0ce30" }, "Version": "v2.3.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/coreos/go-semver@v0.3.0", "Name": "github.com/coreos/go-semver", "Identifier": { "PURL": "pkg:golang/github.com/coreos/go-semver@v0.3.0", "UID": "2f634c91c54af7ae" }, "Version": "v0.3.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/coreos/go-systemd@v0.0.0-20191104093116-d3cd4ed1dbcf", "Name": "github.com/coreos/go-systemd", "Identifier": { "PURL": "pkg:golang/github.com/coreos/go-systemd@v0.0.0-20191104093116-d3cd4ed1dbcf", "UID": "6346de3a92a6be0a" }, "Version": "v0.0.0-20191104093116-d3cd4ed1dbcf", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cpuguy83/go-md2man/v2@v2.0.2", "Name": "github.com/cpuguy83/go-md2man/v2", "Identifier": { "PURL": "pkg:golang/github.com/cpuguy83/go-md2man/v2@v2.0.2", "UID": "601256f06f150e1f" }, "Version": "v2.0.2", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/dropbox/dropbox-sdk-go-unofficial/v6@v6.0.5", "Name": "github.com/dropbox/dropbox-sdk-go-unofficial/v6", "Identifier": { "PURL": "pkg:golang/github.com/dropbox/dropbox-sdk-go-unofficial/v6@v6.0.5", "UID": "ab721ef79da4c7b9" }, "Version": "v6.0.5", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/gabriel-vasile/mimetype@v1.4.1", "Name": "github.com/gabriel-vasile/mimetype", "Identifier": { "PURL": "pkg:golang/github.com/gabriel-vasile/mimetype@v1.4.1", "UID": "3e6e996ab1ed72ee" }, "Version": "v1.4.1", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/gdamore/encoding@v1.0.0", "Name": "github.com/gdamore/encoding", "Identifier": { "PURL": "pkg:golang/github.com/gdamore/encoding@v1.0.0", "UID": "d8de5b1778213249" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/gdamore/tcell/v2@v2.5.3", "Name": "github.com/gdamore/tcell/v2", "Identifier": { "PURL": "pkg:golang/github.com/gdamore/tcell/v2@v2.5.3", "UID": "f000ef08ec14b3ae" }, "Version": "v2.5.3", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/geoffgarside/ber@v1.1.0", "Name": "github.com/geoffgarside/ber", "Identifier": { "PURL": "pkg:golang/github.com/geoffgarside/ber@v1.1.0", "UID": "9684e2b37bb6c350" }, "Version": "v1.1.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-chi/chi/v5@v5.0.7", "Name": "github.com/go-chi/chi/v5", "Identifier": { "PURL": "pkg:golang/github.com/go-chi/chi/v5@v5.0.7", "UID": "174827b0972b6f93" }, "Version": "v5.0.7", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/gofrs/flock@v0.8.1", "Name": "github.com/gofrs/flock", "Identifier": { "PURL": "pkg:golang/github.com/gofrs/flock@v0.8.1", "UID": "9a13242c499925ec" }, "Version": "v0.8.1", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/gogo/protobuf@v1.3.2", "Name": "github.com/gogo/protobuf", "Identifier": { "PURL": "pkg:golang/github.com/gogo/protobuf@v1.3.2", "UID": "d87d9eff3e69d867" }, "Version": "v1.3.2", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/golang-jwt/jwt/v4@v4.4.2", "Name": "github.com/golang-jwt/jwt/v4", "Identifier": { "PURL": "pkg:golang/github.com/golang-jwt/jwt/v4@v4.4.2", "UID": "a02ec5d34a9debc5" }, "Version": "v4.4.2", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/golang/groupcache@v0.0.0-20210331224755-41bb18bfe9da", "Name": "github.com/golang/groupcache", "Identifier": { "PURL": "pkg:golang/github.com/golang/groupcache@v0.0.0-20210331224755-41bb18bfe9da", "UID": "afd14c25f4ee5d4b" }, "Version": "v0.0.0-20210331224755-41bb18bfe9da", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/golang/protobuf@v1.5.2", "Name": "github.com/golang/protobuf", "Identifier": { "PURL": "pkg:golang/github.com/golang/protobuf@v1.5.2", "UID": "33bde5d5d825dd96" }, "Version": "v1.5.2", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/go-querystring@v1.1.0", "Name": "github.com/google/go-querystring", "Identifier": { "PURL": "pkg:golang/github.com/google/go-querystring@v1.1.0", "UID": "3dd1c5f700d031dd" }, "Version": "v1.1.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/uuid@v1.3.0", "Name": "github.com/google/uuid", "Identifier": { "PURL": "pkg:golang/github.com/google/uuid@v1.3.0", "UID": "4c55dd47bd0c005c" }, "Version": "v1.3.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/googleapis/enterprise-certificate-proxy@v0.2.0", "Name": "github.com/googleapis/enterprise-certificate-proxy", "Identifier": { "PURL": "pkg:golang/github.com/googleapis/enterprise-certificate-proxy@v0.2.0", "UID": "e26fa96544cf98a1" }, "Version": "v0.2.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/googleapis/gax-go/v2@v2.7.0", "Name": "github.com/googleapis/gax-go/v2", "Identifier": { "PURL": "pkg:golang/github.com/googleapis/gax-go/v2@v2.7.0", "UID": "c5e85822c4cfb999" }, "Version": "v2.7.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hanwen/go-fuse/v2@v2.1.0", "Name": "github.com/hanwen/go-fuse/v2", "Identifier": { "PURL": "pkg:golang/github.com/hanwen/go-fuse/v2@v2.1.0", "UID": "d89ade7dbb7dc768" }, "Version": "v2.1.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/errwrap@v1.0.0", "Name": "github.com/hashicorp/errwrap", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/errwrap@v1.0.0", "UID": "3af0290f673165be" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/go-multierror@v1.1.1", "Name": "github.com/hashicorp/go-multierror", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/go-multierror@v1.1.1", "UID": "63bc31e1a7f3db3f" }, "Version": "v1.1.1", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/go-uuid@v1.0.3", "Name": "github.com/hashicorp/go-uuid", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/go-uuid@v1.0.3", "UID": "e2650d386c0e7227" }, "Version": "v1.0.3", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hirochachacha/go-smb2@v1.1.0", "Name": "github.com/hirochachacha/go-smb2", "Identifier": { "PURL": "pkg:golang/github.com/hirochachacha/go-smb2@v1.1.0", "UID": "f665b457a9d6481b" }, "Version": "v1.1.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/iguanesolutions/go-systemd/v5@v5.1.0", "Name": "github.com/iguanesolutions/go-systemd/v5", "Identifier": { "PURL": "pkg:golang/github.com/iguanesolutions/go-systemd/v5@v5.1.0", "UID": "fc6b6d77c91423bb" }, "Version": "v5.1.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/jcmturner/aescts/v2@v2.0.0", "Name": "github.com/jcmturner/aescts/v2", "Identifier": { "PURL": "pkg:golang/github.com/jcmturner/aescts/v2@v2.0.0", "UID": "c78cb1254b6a8e5b" }, "Version": "v2.0.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/jcmturner/dnsutils/v2@v2.0.0", "Name": "github.com/jcmturner/dnsutils/v2", "Identifier": { "PURL": "pkg:golang/github.com/jcmturner/dnsutils/v2@v2.0.0", "UID": "a7ad42b7cad868aa" }, "Version": "v2.0.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/jcmturner/gofork@v1.7.6", "Name": "github.com/jcmturner/gofork", "Identifier": { "PURL": "pkg:golang/github.com/jcmturner/gofork@v1.7.6", "UID": "49af178ed17b2905" }, "Version": "v1.7.6", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/jcmturner/goidentity/v6@v6.0.1", "Name": "github.com/jcmturner/goidentity/v6", "Identifier": { "PURL": "pkg:golang/github.com/jcmturner/goidentity/v6@v6.0.1", "UID": "7ef3be726cac9ac" }, "Version": "v6.0.1", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/jcmturner/gokrb5/v8@v8.4.3", "Name": "github.com/jcmturner/gokrb5/v8", "Identifier": { "PURL": "pkg:golang/github.com/jcmturner/gokrb5/v8@v8.4.3", "UID": "7db6c4a4e6014e0c" }, "Version": "v8.4.3", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/jcmturner/rpc/v2@v2.0.3", "Name": "github.com/jcmturner/rpc/v2", "Identifier": { "PURL": "pkg:golang/github.com/jcmturner/rpc/v2@v2.0.3", "UID": "c2fadbabdb422851" }, "Version": "v2.0.3", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/jmespath/go-jmespath@v0.4.0", "Name": "github.com/jmespath/go-jmespath", "Identifier": { "PURL": "pkg:golang/github.com/jmespath/go-jmespath@v0.4.0", "UID": "18998ac4dc32a50a" }, "Version": "v0.4.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/jzelinskie/whirlpool@v0.0.0-20201016144138-0675e54bb004", "Name": "github.com/jzelinskie/whirlpool", "Identifier": { "PURL": "pkg:golang/github.com/jzelinskie/whirlpool@v0.0.0-20201016144138-0675e54bb004", "UID": "36634c97ac70a026" }, "Version": "v0.0.0-20201016144138-0675e54bb004", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/klauspost/compress@v1.15.12", "Name": "github.com/klauspost/compress", "Identifier": { "PURL": "pkg:golang/github.com/klauspost/compress@v1.15.12", "UID": "11829bcf817fab6f" }, "Version": "v1.15.12", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/koofr/go-httpclient@v0.0.0-20200420163713-93aa7c75b348", "Name": "github.com/koofr/go-httpclient", "Identifier": { "PURL": "pkg:golang/github.com/koofr/go-httpclient@v0.0.0-20200420163713-93aa7c75b348", "UID": "5c1ae4b9a87e2d29" }, "Version": "v0.0.0-20200420163713-93aa7c75b348", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/koofr/go-koofrclient@v0.0.0-20190724113126-8e5366da203a", "Name": "github.com/koofr/go-koofrclient", "Identifier": { "PURL": "pkg:golang/github.com/koofr/go-koofrclient@v0.0.0-20190724113126-8e5366da203a", "UID": "4eeaabca6565cb54" }, "Version": "v0.0.0-20190724113126-8e5366da203a", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/kr/fs@v0.1.0", "Name": "github.com/kr/fs", "Identifier": { "PURL": "pkg:golang/github.com/kr/fs@v0.1.0", "UID": "5afdf97ff7f34072" }, "Version": "v0.1.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/kylelemons/godebug@v1.1.0", "Name": "github.com/kylelemons/godebug", "Identifier": { "PURL": "pkg:golang/github.com/kylelemons/godebug@v1.1.0", "UID": "52283410ea03b5a8" }, "Version": "v1.1.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/lucasb-eyer/go-colorful@v1.2.0", "Name": "github.com/lucasb-eyer/go-colorful", "Identifier": { "PURL": "pkg:golang/github.com/lucasb-eyer/go-colorful@v1.2.0", "UID": "2da086943997a1b5" }, "Version": "v1.2.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mattn/go-colorable@v0.1.13", "Name": "github.com/mattn/go-colorable", "Identifier": { "PURL": "pkg:golang/github.com/mattn/go-colorable@v0.1.13", "UID": "cb2af01d187a561" }, "Version": "v0.1.13", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mattn/go-isatty@v0.0.16", "Name": "github.com/mattn/go-isatty", "Identifier": { "PURL": "pkg:golang/github.com/mattn/go-isatty@v0.0.16", "UID": "b95725f615939ad4" }, "Version": "v0.0.16", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mattn/go-runewidth@v0.0.14", "Name": "github.com/mattn/go-runewidth", "Identifier": { "PURL": "pkg:golang/github.com/mattn/go-runewidth@v0.0.14", "UID": "c08692dec378934b" }, "Version": "v0.0.14", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/matttproud/golang_protobuf_extensions@v1.0.1", "Name": "github.com/matttproud/golang_protobuf_extensions", "Identifier": { "PURL": "pkg:golang/github.com/matttproud/golang_protobuf_extensions@v1.0.1", "UID": "22bcf68bfde6516d" }, "Version": "v1.0.1", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mitchellh/go-homedir@v1.1.0", "Name": "github.com/mitchellh/go-homedir", "Identifier": { "PURL": "pkg:golang/github.com/mitchellh/go-homedir@v1.1.0", "UID": "b20939d7367e68a4" }, "Version": "v1.1.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/ncw/go-acd@v0.0.0-20201019170801-fe55f33415b1", "Name": "github.com/ncw/go-acd", "Identifier": { "PURL": "pkg:golang/github.com/ncw/go-acd@v0.0.0-20201019170801-fe55f33415b1", "UID": "1ce220826a0c2f83" }, "Version": "v0.0.0-20201019170801-fe55f33415b1", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/ncw/swift/v2@v2.0.1", "Name": "github.com/ncw/swift/v2", "Identifier": { "PURL": "pkg:golang/github.com/ncw/swift/v2@v2.0.1", "UID": "209168f39bc7757e" }, "Version": "v2.0.1", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/oracle/oci-go-sdk/v65@v65.26.1", "Name": "github.com/oracle/oci-go-sdk/v65", "Identifier": { "PURL": "pkg:golang/github.com/oracle/oci-go-sdk/v65@v65.26.1", "UID": "2a8c17704b1629a4" }, "Version": "v65.26.1", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/patrickmn/go-cache@v2.1.0+incompatible", "Name": "github.com/patrickmn/go-cache", "Identifier": { "PURL": "pkg:golang/github.com/patrickmn/go-cache@v2.1.0%2Bincompatible", "UID": "62374a16aa2bb819" }, "Version": "v2.1.0+incompatible", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/pengsrc/go-shared@v0.2.1-0.20190131101655-1999055a4a14", "Name": "github.com/pengsrc/go-shared", "Identifier": { "PURL": "pkg:golang/github.com/pengsrc/go-shared@v0.2.1-0.20190131101655-1999055a4a14", "UID": "cb8aece86917d49e" }, "Version": "v0.2.1-0.20190131101655-1999055a4a14", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/pkg/browser@v0.0.0-20210115035449-ce105d075bb4", "Name": "github.com/pkg/browser", "Identifier": { "PURL": "pkg:golang/github.com/pkg/browser@v0.0.0-20210115035449-ce105d075bb4", "UID": "47f3b57c556ac34b" }, "Version": "v0.0.0-20210115035449-ce105d075bb4", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/pkg/sftp@v1.13.5", "Name": "github.com/pkg/sftp", "Identifier": { "PURL": "pkg:golang/github.com/pkg/sftp@v1.13.5", "UID": "bf37bef6f1d969d0" }, "Version": "v1.13.5", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/pkg/xattr@v0.4.9", "Name": "github.com/pkg/xattr", "Identifier": { "PURL": "pkg:golang/github.com/pkg/xattr@v0.4.9", "UID": "2d970b6cad9ee09e" }, "Version": "v0.4.9", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/client_golang@v1.14.0", "Name": "github.com/prometheus/client_golang", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/client_golang@v1.14.0", "UID": "115000457136cc6f" }, "Version": "v1.14.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/client_model@v0.3.0", "Name": "github.com/prometheus/client_model", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/client_model@v0.3.0", "UID": "844dd84e5c6d6a74" }, "Version": "v0.3.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/common@v0.37.0", "Name": "github.com/prometheus/common", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/common@v0.37.0", "UID": "467a5b50e5eb9bd1" }, "Version": "v0.37.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/prometheus/procfs@v0.8.0", "Name": "github.com/prometheus/procfs", "Identifier": { "PURL": "pkg:golang/github.com/prometheus/procfs@v0.8.0", "UID": "e043b2ebc83e40f7" }, "Version": "v0.8.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/putdotio/go-putio/putio@v0.0.0-20200123120452-16d982cac2b8", "Name": "github.com/putdotio/go-putio/putio", "Identifier": { "PURL": "pkg:golang/github.com/putdotio/go-putio/putio@v0.0.0-20200123120452-16d982cac2b8", "UID": "52f596004ac71629" }, "Version": "v0.0.0-20200123120452-16d982cac2b8", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/rclone/ftp@v0.0.0-20221014110213-e44dedbc76c6", "Name": "github.com/rclone/ftp", "Identifier": { "PURL": "pkg:golang/github.com/rclone/ftp@v0.0.0-20221014110213-e44dedbc76c6", "UID": "24808aef510d50da" }, "Version": "v0.0.0-20221014110213-e44dedbc76c6", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/rfjakob/eme@v1.1.2", "Name": "github.com/rfjakob/eme", "Identifier": { "PURL": "pkg:golang/github.com/rfjakob/eme@v1.1.2", "UID": "13f83c9ba1855e00" }, "Version": "v1.1.2", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/rivo/uniseg@v0.2.0", "Name": "github.com/rivo/uniseg", "Identifier": { "PURL": "pkg:golang/github.com/rivo/uniseg@v0.2.0", "UID": "1fa9d8777d37cd57" }, "Version": "v0.2.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/russross/blackfriday/v2@v2.1.0", "Name": "github.com/russross/blackfriday/v2", "Identifier": { "PURL": "pkg:golang/github.com/russross/blackfriday/v2@v2.1.0", "UID": "e1681825ad1c209b" }, "Version": "v2.1.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/shirou/gopsutil/v3@v3.22.10", "Name": "github.com/shirou/gopsutil/v3", "Identifier": { "PURL": "pkg:golang/github.com/shirou/gopsutil/v3@v3.22.10", "UID": "d10e401e488fe27b" }, "Version": "v3.22.10", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/sirupsen/logrus@v1.9.0", "Name": "github.com/sirupsen/logrus", "Identifier": { "PURL": "pkg:golang/github.com/sirupsen/logrus@v1.9.0", "UID": "46b956ac4d3f77c5" }, "Version": "v1.9.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/skratchdot/open-golang@v0.0.0-20200116055534-eef842397966", "Name": "github.com/skratchdot/open-golang", "Identifier": { "PURL": "pkg:golang/github.com/skratchdot/open-golang@v0.0.0-20200116055534-eef842397966", "UID": "f5602cfe94cfcc8" }, "Version": "v0.0.0-20200116055534-eef842397966", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/sony/gobreaker@v0.5.0", "Name": "github.com/sony/gobreaker", "Identifier": { "PURL": "pkg:golang/github.com/sony/gobreaker@v0.5.0", "UID": "dac01ec8c4f4ee11" }, "Version": "v0.5.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/spacemonkeygo/monkit/v3@v3.0.17", "Name": "github.com/spacemonkeygo/monkit/v3", "Identifier": { "PURL": "pkg:golang/github.com/spacemonkeygo/monkit/v3@v3.0.17", "UID": "2bfd9f0c62daae32" }, "Version": "v3.0.17", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/spf13/cobra@v1.6.1", "Name": "github.com/spf13/cobra", "Identifier": { "PURL": "pkg:golang/github.com/spf13/cobra@v1.6.1", "UID": "efe1f0c40742c59f" }, "Version": "v1.6.1", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/spf13/pflag@v1.0.5", "Name": "github.com/spf13/pflag", "Identifier": { "PURL": "pkg:golang/github.com/spf13/pflag@v1.0.5", "UID": "24ad49a893d9b4b3" }, "Version": "v1.0.5", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/t3rm1n4l/go-mega@v0.0.0-20220725095014-c4e0c2b5debf", "Name": "github.com/t3rm1n4l/go-mega", "Identifier": { "PURL": "pkg:golang/github.com/t3rm1n4l/go-mega@v0.0.0-20220725095014-c4e0c2b5debf", "UID": "bc3cce22ed41d26e" }, "Version": "v0.0.0-20220725095014-c4e0c2b5debf", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/vivint/infectious@v0.0.0-20200605153912-25a574ae18a3", "Name": "github.com/vivint/infectious", "Identifier": { "PURL": "pkg:golang/github.com/vivint/infectious@v0.0.0-20200605153912-25a574ae18a3", "UID": "c0a9f0339f01b2b8" }, "Version": "v0.0.0-20200605153912-25a574ae18a3", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/xanzy/ssh-agent@v0.3.3", "Name": "github.com/xanzy/ssh-agent", "Identifier": { "PURL": "pkg:golang/github.com/xanzy/ssh-agent@v0.3.3", "UID": "9f0f8fa279374e90" }, "Version": "v0.3.3", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/youmark/pkcs8@v0.0.0-20201027041543-1326539a0a0a", "Name": "github.com/youmark/pkcs8", "Identifier": { "PURL": "pkg:golang/github.com/youmark/pkcs8@v0.0.0-20201027041543-1326539a0a0a", "UID": "76c01c2387b0ff5a" }, "Version": "v0.0.0-20201027041543-1326539a0a0a", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/yunify/qingstor-sdk-go/v3@v3.2.0", "Name": "github.com/yunify/qingstor-sdk-go/v3", "Identifier": { "PURL": "pkg:golang/github.com/yunify/qingstor-sdk-go/v3@v3.2.0", "UID": "486856d66f8bbad" }, "Version": "v3.2.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/zeebo/errs@v1.3.0", "Name": "github.com/zeebo/errs", "Identifier": { "PURL": "pkg:golang/github.com/zeebo/errs@v1.3.0", "UID": "1d3e33ea493fb64d" }, "Version": "v1.3.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "go.etcd.io/bbolt@v1.3.6", "Name": "go.etcd.io/bbolt", "Identifier": { "PURL": "pkg:golang/go.etcd.io/bbolt@v1.3.6", "UID": "cc3b8641d2eec17a" }, "Version": "v1.3.6", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opencensus.io@v0.24.0", "Name": "go.opencensus.io", "Identifier": { "PURL": "pkg:golang/go.opencensus.io@v0.24.0", "UID": "f4fa8432d922fc4d" }, "Version": "v0.24.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "goftp.io/server@v0.4.1", "Name": "goftp.io/server", "Identifier": { "PURL": "pkg:golang/goftp.io/server@v0.4.1", "UID": "a4291f5e4219beb2" }, "Version": "v0.4.1", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/crypto@v0.3.0", "Name": "golang.org/x/crypto", "Identifier": { "PURL": "pkg:golang/golang.org/x/crypto@v0.3.0", "UID": "31a497eb63876334" }, "Version": "v0.3.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/net@v0.4.0", "Name": "golang.org/x/net", "Identifier": { "PURL": "pkg:golang/golang.org/x/net@v0.4.0", "UID": "80db47ca242657ea" }, "Version": "v0.4.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/oauth2@v0.2.0", "Name": "golang.org/x/oauth2", "Identifier": { "PURL": "pkg:golang/golang.org/x/oauth2@v0.2.0", "UID": "31dfa10cd8116308" }, "Version": "v0.2.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/sync@v0.1.0", "Name": "golang.org/x/sync", "Identifier": { "PURL": "pkg:golang/golang.org/x/sync@v0.1.0", "UID": "60a1b9b8c78daac4" }, "Version": "v0.1.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/sys@v0.3.0", "Name": "golang.org/x/sys", "Identifier": { "PURL": "pkg:golang/golang.org/x/sys@v0.3.0", "UID": "5c94e87c92f3707f" }, "Version": "v0.3.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/term@v0.3.0", "Name": "golang.org/x/term", "Identifier": { "PURL": "pkg:golang/golang.org/x/term@v0.3.0", "UID": "2dc4b367dc027924" }, "Version": "v0.3.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/text@v0.5.0", "Name": "golang.org/x/text", "Identifier": { "PURL": "pkg:golang/golang.org/x/text@v0.5.0", "UID": "5935d9bdb1a25c6" }, "Version": "v0.5.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/time@v0.2.0", "Name": "golang.org/x/time", "Identifier": { "PURL": "pkg:golang/golang.org/x/time@v0.2.0", "UID": "dbcaba973097174b" }, "Version": "v0.2.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/api@v0.103.0", "Name": "google.golang.org/api", "Identifier": { "PURL": "pkg:golang/google.golang.org/api@v0.103.0", "UID": "dfab0203996e51b7" }, "Version": "v0.103.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/genproto@v0.0.0-20221027153422-115e99e71e1c", "Name": "google.golang.org/genproto", "Identifier": { "PURL": "pkg:golang/google.golang.org/genproto@v0.0.0-20221027153422-115e99e71e1c", "UID": "8311452352132e6d" }, "Version": "v0.0.0-20221027153422-115e99e71e1c", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/grpc@v1.50.1", "Name": "google.golang.org/grpc", "Identifier": { "PURL": "pkg:golang/google.golang.org/grpc@v1.50.1", "UID": "295cade235701834" }, "Version": "v1.50.1", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/protobuf@v1.28.1", "Name": "google.golang.org/protobuf", "Identifier": { "PURL": "pkg:golang/google.golang.org/protobuf@v1.28.1", "UID": "92d88af829581f08" }, "Version": "v1.28.1", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/yaml.v2@v2.4.0", "Name": "gopkg.in/yaml.v2", "Identifier": { "PURL": "pkg:golang/gopkg.in/yaml.v2@v2.4.0", "UID": "8f604011369f2d83" }, "Version": "v2.4.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/yaml.v3@v3.0.1", "Name": "gopkg.in/yaml.v3", "Identifier": { "PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1", "UID": "e7eb1f43223c25c7" }, "Version": "v3.0.1", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "storj.io/common@v0.0.0-20220414110316-a5cb7172d6bf", "Name": "storj.io/common", "Identifier": { "PURL": "pkg:golang/storj.io/common@v0.0.0-20220414110316-a5cb7172d6bf", "UID": "11d5433de310f275" }, "Version": "v0.0.0-20220414110316-a5cb7172d6bf", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "storj.io/drpc@v0.0.30", "Name": "storj.io/drpc", "Identifier": { "PURL": "pkg:golang/storj.io/drpc@v0.0.30", "UID": "68c10d13a5960cc8" }, "Version": "v0.0.30", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" }, { "ID": "storj.io/uplink@v1.9.0", "Name": "storj.io/uplink", "Identifier": { "PURL": "pkg:golang/storj.io/uplink@v1.9.0", "UID": "127009b06e999ae" }, "Version": "v1.9.0", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "AnalyzedBy": "gobinary" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2024-35255", "VendorIDs": [ "GHSA-m5vv-6r4h-3vj9" ], "PkgID": "github.com/Azure/azure-sdk-for-go/sdk/azidentity@v1.2.0", "PkgName": "github.com/Azure/azure-sdk-for-go/sdk/azidentity", "PkgIdentifier": { "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/azidentity@v1.2.0", "UID": "9e2e4303a4195ef3" }, "InstalledVersion": "v1.2.0", "FixedVersion": "1.6.0-beta.4.0.20240610221955-50774cd97099", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-35255", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:236e960be66ee3006fa47e021696bcd2ea517532797861744a6df27accc1c8c2", "Title": "azure-identity: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/Azure/azure-sdk-for-go/sdk/azidentity", "Description": "Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "amazon": 3, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N", "V3Score": 5.5, "V40Score": 6.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-35255", "https://github.com/Azure/azure-sdk-for-go/commit/50774cd9709905523136fb05e8c85a50e8984499", "https://github.com/Azure/azure-sdk-for-java/commit/5bf020d6ea056de40e2738e3647a4e06f902c18d", "https://github.com/Azure/azure-sdk-for-js/commit/c6aa75d312ae463e744163cedfd8fc480cc8d492", "https://github.com/Azure/azure-sdk-for-net/commit/9279a4f38bf69b457cfb9b354f210e0a540a5c53", "https://github.com/Azure/azure-sdk-for-python/commit/cb065acd7d0f957327dc4f02d1646d4e51a94178", "https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/issues/4806#issuecomment-2178960340", "https://github.com/advisories/GHSA-m5vv-6r4h-3vj9", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35255", "https://nvd.nist.gov/vuln/detail/CVE-2024-35255", "https://www.cve.org/CVERecord?id=CVE-2024-35255" ], "PublishedDate": "2024-06-11T17:16:03.55Z", "LastModifiedDate": "2024-11-21T09:20:01.923Z" }, { "VulnerabilityID": "CVE-2026-32952", "VendorIDs": [ "GHSA-pjcq-xvwq-hhpj" ], "PkgID": "github.com/Azure/go-ntlmssp@v0.0.0-20220621081337-cb9428e4ac1e", "PkgName": "github.com/Azure/go-ntlmssp", "PkgIdentifier": { "PURL": "pkg:golang/github.com/azure/go-ntlmssp@v0.0.0-20220621081337-cb9428e4ac1e", "UID": "94423296cb8be0a" }, "InstalledVersion": "v0.0.0-20220621081337-cb9428e4ac1e", "FixedVersion": "0.1.1", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32952", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:88c2b915391c6b89f809f457edf17cce689d488f0935877a2308cb038cd0c8ac", "Title": "go-ntlmssp: go-ntlmssp: Denial of Service via malicious NTLM challenge", "Description": "go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash any Go process using `ntlmssp.Negotiator` as an HTTP transport. Version 0.1.1 patches the issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "ghsa": 2, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32952", "https://github.com/Azure/go-ntlmssp", "https://github.com/Azure/go-ntlmssp/releases/tag/v0.1.1", "https://github.com/Azure/go-ntlmssp/security/advisories/GHSA-pjcq-xvwq-hhpj", "https://nvd.nist.gov/vuln/detail/CVE-2026-32952", "https://www.cve.org/CVERecord?id=CVE-2026-32952" ], "PublishedDate": "2026-04-24T03:16:07.833Z", "LastModifiedDate": "2026-05-21T18:22:06.247Z" }, { "VulnerabilityID": "GHSA-9763-4f94-gfch", "PkgID": "github.com/cloudflare/circl@v1.1.0", "PkgName": "github.com/cloudflare/circl", "PkgIdentifier": { "PURL": "pkg:golang/github.com/cloudflare/circl@v1.1.0", "UID": "6ad71c4815031930" }, "InstalledVersion": "v1.1.0", "FixedVersion": "1.3.7", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://github.com/advisories/GHSA-9763-4f94-gfch", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:78120b5b1441853998c1ae8a5421ed5c7b60ff2d06fc50faba065fe4c588ca4f", "Title": "CIRCL's Kyber: timing side-channel (kyberslash2)", "Description": "### Impact\nOn some platforms, when an attacker can time decapsulation of Kyber on forged cipher texts, they could possibly learn (parts of) the secret key.\n\nDoes not apply to ephemeral usage, such as when used in the regular way in TLS.\n\n### Patches\nPatched in 1.3.7.\n\n### References\n- [kyberslash.cr.yp.to](https://kyberslash.cr.yp.to/)", "Severity": "HIGH", "VendorSeverity": { "ghsa": 3 }, "References": [ "https://github.com/cloudflare/circl", "https://github.com/cloudflare/circl/commit/75ef91e8a2f438e6ce2b6e620d236add8be1887d", "https://github.com/cloudflare/circl/security/advisories/GHSA-9763-4f94-gfch", "https://kyberslash.cr.yp.to" ], "PublishedDate": "2024-01-08T16:45:05Z", "LastModifiedDate": "2024-05-20T22:00:44Z" }, { "VulnerabilityID": "CVE-2023-1732", "VendorIDs": [ "GHSA-2q89-485c-9j2x" ], "PkgID": "github.com/cloudflare/circl@v1.1.0", "PkgName": "github.com/cloudflare/circl", "PkgIdentifier": { "PURL": "pkg:golang/github.com/cloudflare/circl@v1.1.0", "UID": "6ad71c4815031930" }, "InstalledVersion": "v1.1.0", "FixedVersion": "1.3.3", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-1732", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:aa573fc370c353010b43190ff83fb6a9144608eb269ad13de86a3bb115cfb6e5", "Title": "Improper random reading in CIRCL", "Description": "When sampling randomness for a shared secret, the implementation of Kyber and FrodoKEM, did not check whether crypto/rand.Read() returns an error. In rare deployment cases (error thrown by the Read() function), this could lead to a predictable shared secret.\n\nThe tkn20 and blindrsa components did not check whether enough randomness was returned from the user provided randomness source. Typically the user provides crypto/rand.Reader, which in the vast majority of cases will always return the right number random bytes. In the cases where it does not, or the user provides a source that does not, the blinding for blindrsa is weak and integrity of the plaintext is not ensured in tkn20.\n\n", "Severity": "MEDIUM", "CweIDs": [ "CWE-20", "CWE-755" ], "VendorSeverity": { "ghsa": 2, "nvd": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:H/A:N", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N", "V3Score": 8.2 } }, "References": [ "https://github.com/cloudflare/circl", "https://github.com/cloudflare/circl/commit/ff8d91225f8954b4970b6d6382d2e4c78f4a4cf8", "https://github.com/cloudflare/circl/releases/tag/v1.3.3", "https://github.com/cloudflare/circl/security/advisories/GHSA-2q89-485c-9j2x", "https://nvd.nist.gov/vuln/detail/CVE-2023-1732" ], "PublishedDate": "2023-05-10T12:15:10.523Z", "LastModifiedDate": "2024-11-21T07:39:47.283Z" }, { "VulnerabilityID": "GHSA-vrw8-fxc6-2r93", "PkgID": "github.com/go-chi/chi/v5@v5.0.7", "PkgName": "github.com/go-chi/chi/v5", "PkgIdentifier": { "PURL": "pkg:golang/github.com/go-chi/chi/v5@v5.0.7", "UID": "174827b0972b6f93" }, "InstalledVersion": "v5.0.7", "FixedVersion": "5.2.2", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://github.com/advisories/GHSA-vrw8-fxc6-2r93", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:016e1306448b6bfd8ea1c2a0203cde51d109c6335b91a860de368bfcc5e2f02b", "Title": "chi Allows Host Header Injection which Leads to Open Redirect in RedirectSlashes", "Description": "### Summary\nThe RedirectSlashes function in middleware/strip.go is vulnerable to host header injection which leads to open redirect.\n\nWe consider this a **lower-severity** open redirect, as it can't be exploited from browsers or email clients (requires manipulation of a Host header).\n\n### Details\nThe RedirectSlashes method uses the Host header to construct the redirectURL at this line https://github.com/go-chi/chi/blob/master/middleware/strip.go#L55\n\nThe Host header can be manipulated by a user to be any arbitrary host. This leads to open redirect when using the RedirectSlashes middleware\n\n### PoC\nCreate a simple server which uses the RedirectSlashes middleware\n```\npackage main\n\nimport (\n\t\"fmt\"\n\t\"net/http\"\n\n\t\"github.com/go-chi/chi/v5\"\n\t\"github.com/go-chi/chi/v5/middleware\" // Import the middleware package\n)\n\nfunc main() {\n\t// Create a new Chi router\n\tr := chi.NewRouter()\n\n\t// Use the built-in RedirectSlashes middleware\n\tr.Use(middleware.RedirectSlashes) // Use middleware.RedirectSlashes\n\n\t// Define a route handler\n\tr.Get(\"/\", func(w http.ResponseWriter, r *http.Request) {\n\t\t// A simple response\n\t\tw.Write([]byte(\"Hello, World!\"))\n\t})\n\n\t// Start the server\n\tfmt.Println(\"Starting server on :8080\")\n\thttp.ListenAndServe(\":8080\", r)\n}\n```\nRun the server `go run main.go`\n\nOnce the server is running, send a request that will trigger the RedirectSlashes function with an arbitrary Host header\n`curl -iL -H \"Host: example.com\" http://localhost:8080/test/`\n\nObserve that the request will be redirected to example.com\n\n```\ncurl -L -H \"Host: example.com\" http://localhost:8080/test/\n\n\u003c!doctype html\u003e\n\u003chtml\u003e\n\u003chead\u003e\n \u003ctitle\u003eExample Domain\u003c/title\u003e\n\n \u003cmeta charset=\"utf-8\" /\u003e\n \u003cmeta http-equiv=\"Content-type\" content=\"text/html; charset=utf-8\" /\u003e\n \u003cmeta name=\"viewport\" content=\"width=device-width, initial-scale=1\" /\u003e\n \u003cstyle type=\"text/css\"\u003e\n body {\n background-color: #f0f0f2;\n margin: 0;\n padding: 0;\n font-family: -apple-system, system-ui, BlinkMacSystemFont, \"Segoe UI\", \"Open Sans\", \"Helvetica Neue\", Helvetica, Arial, sans-serif;\n... snipped ...\n```\nWithout the host header, the response is returned from the test server\n```\ncurl -L http://localhost:8080/test/\n\n404 page not found\n```\n\n### Impact\nAn open redirect vulnerability allows attackers to trick users into visiting malicious sites. This can lead to phishing attacks, credential theft, and malware distribution, as users trust the application’s domain while being redirected to harmful sites.\n\n### Potential mitigation\nIt seems that the purpose of the RedirectSlashes function is to redirect within the same application. In that case r.RequestURI can be used instead of r.Host by default. If there is a use case to redirect to a different host, a flag can be added to use the Host header instead. As this flag will be controlled by the developer they will make the decision of allowing redirects to arbitrary hosts based on their judgement.", "Severity": "MEDIUM", "VendorSeverity": { "ghsa": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N", "V40Score": 5.1 } }, "References": [ "https://github.com/go-chi/chi", "https://github.com/go-chi/chi/commit/1be7ad938cc9c5b39a9dea01a5c518848928ab65", "https://github.com/go-chi/chi/security/advisories/GHSA-vrw8-fxc6-2r93" ], "PublishedDate": "2025-06-20T16:37:47Z", "LastModifiedDate": "2025-10-13T15:41:17Z" }, { "VulnerabilityID": "CVE-2025-30204", "VendorIDs": [ "GHSA-mh63-6h87-95cp" ], "PkgID": "github.com/golang-jwt/jwt/v4@v4.4.2", "PkgName": "github.com/golang-jwt/jwt/v4", "PkgIdentifier": { "PURL": "pkg:golang/github.com/golang-jwt/jwt/v4@v4.4.2", "UID": "a02ec5d34a9debc5" }, "InstalledVersion": "v4.4.2", "FixedVersion": "4.5.2", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-30204", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:57fc0ace77216019aaba8c33854d887fd8b9817865f89ef3987be09779123962", "Title": "golang-jwt/jwt: jwt-go allows excessive memory allocation during header parsing", "Description": "golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.", "Severity": "HIGH", "CweIDs": [ "CWE-405" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "cbl-mariner": 2, "ghsa": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "V3Score": 7.5, "V40Score": 8.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:7425", "https://access.redhat.com/security/cve/CVE-2025-30204", "https://bugzilla.redhat.com/2354195", "https://bugzilla.redhat.com/show_bug.cgi?id=2354195", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30204", "https://errata.almalinux.org/9/ALSA-2025-7425.html", "https://errata.rockylinux.org/RLSA-2025:3411", "https://github.com/golang-jwt/jwt", "https://github.com/golang-jwt/jwt/commit/0951d184286dece21f73c85673fd308786ffe9c3", "https://github.com/golang-jwt/jwt/commit/bf316c48137a1212f8d0af9288cc9ce8e59f1afb", "https://github.com/golang-jwt/jwt/security/advisories/GHSA-mh63-6h87-95cp", "https://linux.oracle.com/cve/CVE-2025-30204.html", "https://linux.oracle.com/errata/ELSA-2025-7967.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-30204", "https://pkg.go.dev/vuln/GO-2025-3553", "https://security.netapp.com/advisory/ntap-20250404-0002", "https://security.netapp.com/advisory/ntap-20250404-0002/", "https://www.cve.org/CVERecord?id=CVE-2025-30204" ], "PublishedDate": "2025-03-21T22:15:26.42Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2026-41176", "VendorIDs": [ "GHSA-25qr-6mpr-f7qx" ], "PkgID": "github.com/rclone/rclone@v1.61.1", "PkgName": "github.com/rclone/rclone", "PkgIdentifier": { "PURL": "pkg:golang/github.com/rclone/rclone@v1.61.1", "UID": "ae64505d118b4275" }, "InstalledVersion": "v1.61.1", "FixedVersion": "1.73.5", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-41176", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:bcf52b90588616e7bbeb0969945fcbc644ea5c64ff42147e5f32ad7924afeaee", "Title": "github.com/rclone/rclone: Rclone: Unauthorized access to administrative functions through unauthenticated Remote Control endpoint.", "Description": "Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint `options/set` is exposed without `AuthRequired: true`, but it can mutate global runtime configuration, including the RC option block itself. Starting in version 1.45.0 and prior to version 1.73.5, an unauthenticated attacker can set `rc.NoAuth=true`, which disables the authorization gate for many RC methods registered with `AuthRequired: true` on reachable RC servers that are started without global HTTP authentication. This can lead to unauthorized access to sensitive administrative functionality, including configuration and operational RC methods. Version 1.73.5 patches the issue.", "Severity": "CRITICAL", "CweIDs": [ "CWE-306" ], "VendorSeverity": { "amazon": 3, "bitnami": 4, "ghsa": 4, "julia": 4, "nvd": 4, "redhat": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "V40Score": 9.2 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "V3Score": 9.8, "V40Score": 9.2 }, "julia": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "V40Score": 9.2 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-41176", "https://github.com/advisories/GHSA-25qr-6mpr-f7qx", "https://github.com/rclone/rclone", "https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/fs/rc/config.go", "https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/fs/rc/rcserver/rcserver.go", "https://github.com/rclone/rclone/security/advisories/GHSA-25qr-6mpr-f7qx", "https://nvd.nist.gov/vuln/detail/CVE-2026-41176", "https://www.cve.org/CVERecord?id=CVE-2026-41176" ], "PublishedDate": "2026-04-23T00:16:45.8Z", "LastModifiedDate": "2026-04-27T18:19:45.303Z" }, { "VulnerabilityID": "CVE-2026-41179", "VendorIDs": [ "GHSA-jfwf-28xr-xw6q" ], "PkgID": "github.com/rclone/rclone@v1.61.1", "PkgName": "github.com/rclone/rclone", "PkgIdentifier": { "PURL": "pkg:golang/github.com/rclone/rclone@v1.61.1", "UID": "ae64505d118b4275" }, "InstalledVersion": "v1.61.1", "FixedVersion": "1.73.5", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-41179", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:cd5af0614e2eca73ccf268d222ea886db8465e055c84f67f6194cdaba58bb3d9", "Title": "github.com/rclone/rclone: Rclone: Unauthenticated local command execution via exposed RC endpoint", "Description": "Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint `operations/fsinfo` is exposed without `AuthRequired: true` and accepts attacker-controlled `fs` input. Because `rc.GetFs(...)` supports inline backend definitions, an unauthenticated attacker can instantiate an attacker-controlled backend on demand. For the WebDAV backend, `bearer_token_command` is executed during backend initialization, making single-request unauthenticated local command execution possible on reachable RC deployments without global HTTP authentication. Version 1.73.5 patches the issue.", "Severity": "CRITICAL", "CweIDs": [ "CWE-78", "CWE-306" ], "VendorSeverity": { "amazon": 3, "bitnami": 4, "ghsa": 4, "julia": 4, "nvd": 4, "redhat": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "V40Score": 9.2 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "V3Score": 9.8, "V40Score": 9.2 }, "julia": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "V40Score": 9.2 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-41179", "https://github.com/advisories/GHSA-jfwf-28xr-xw6q", "https://github.com/rclone/rclone", "https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/backend/webdav/webdav.go", "https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/fs/operations/rc.go", "https://github.com/rclone/rclone/blob/bf55d5e6d37fd86164a87782191f9e1ffcaafa82/fs/rc/cache.go", "https://github.com/rclone/rclone/commit/2a9e952b38e03a96bf40c9eb6e8e22199865ee3b", "https://github.com/rclone/rclone/releases/tag/v1.73.5", "https://github.com/rclone/rclone/security/advisories/GHSA-jfwf-28xr-xw6q", "https://nvd.nist.gov/vuln/detail/CVE-2026-41179", "https://rclone.org/changelog/#v1-73-5-2026-04-19", "https://www.cve.org/CVERecord?id=CVE-2026-41179" ], "PublishedDate": "2026-04-23T00:16:45.947Z", "LastModifiedDate": "2026-05-20T02:16:35.92Z" }, { "VulnerabilityID": "CVE-2024-52522", "VendorIDs": [ "GHSA-hrxh-9w67-g4cv" ], "PkgID": "github.com/rclone/rclone@v1.61.1", "PkgName": "github.com/rclone/rclone", "PkgIdentifier": { "PURL": "pkg:golang/github.com/rclone/rclone@v1.61.1", "UID": "ae64505d118b4275" }, "InstalledVersion": "v1.61.1", "FixedVersion": "1.68.2", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-52522", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:0f080ae295e471601d22a1a1b951743804f3fe915e2b3143e7aae75c42c3fd9d", "Title": "rclone: librclone: improper permission and ownership handling on symlink targets with --links and --metadata", "Description": "Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Insecure handling of symlinks with --links and --metadata in rclone while copying to local disk allows unprivileged users to indirectly modify ownership and permissions on symlink target files when a superuser or privileged process performs a copy. This vulnerability could enable privilege escalation and unauthorized access to critical system files, compromising system integrity, confidentiality, and availability. This vulnerability is fixed in 1.68.2.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59", "CWE-61", "CWE-281" ], "VendorSeverity": { "bitnami": 2, "ghsa": 2, "julia": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L", "V40Score": 5.4 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L", "V3Score": 5.5, "V40Score": 5.4 }, "julia": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L", "V40Score": 5.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L", "V3Score": 6.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-52522", "https://github.com/advisories/GHSA-hrxh-9w67-g4cv", "https://github.com/rclone/rclone", "https://github.com/rclone/rclone/commit/01ccf204f42b4f68541b16843292439090a2dcf0", "https://github.com/rclone/rclone/commit/01ccf204f42b4f68541b16843292439090a2dcf0 (master)", "https://github.com/rclone/rclone/commit/669b2f2669cacd634faa2bcecb589b76e1402533 (v1.68.2)", "https://github.com/rclone/rclone/security/advisories/GHSA-hrxh-9w67-g4cv", "https://nvd.nist.gov/vuln/detail/CVE-2024-52522", "https://www.cve.org/CVERecord?id=CVE-2024-52522" ], "PublishedDate": "2024-11-15T18:15:30.643Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-65637", "VendorIDs": [ "GHSA-4f99-4q7p-p3gh" ], "PkgID": "github.com/sirupsen/logrus@v1.9.0", "PkgName": "github.com/sirupsen/logrus", "PkgIdentifier": { "PURL": "pkg:golang/github.com/sirupsen/logrus@v1.9.0", "UID": "46b956ac4d3f77c5" }, "InstalledVersion": "v1.9.0", "FixedVersion": "1.8.3, 1.9.1, 1.9.3", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-65637", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:754c7fc53cb7352f8025b37d2af657d82c86c5f309553b10cdc4b0329e5b91ed", "Title": "github.com/sirupsen/logrus: github.com/sirupsen/logrus: Denial-of-Service due to large single-line payload", "Description": "A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with \"token too long\" and the writer pipe is closed, leaving Writer() unusable and causing application unavailability (DoS). This affects versions \u003c 1.8.3, 1.9.0, and 1.9.2. The issue is fixed in 1.8.3, 1.9.1, and 1.9.3+, where the input is chunked and the writer continues to function even if an error is logged.", "Severity": "HIGH", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "cbl-mariner": 2, "ghsa": 3, "oracle-oval": 3, "redhat": 2, "rocky": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "V40Score": 8.7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:3428", "https://access.redhat.com/security/cve/CVE-2025-65637", "https://bugzilla.redhat.com/2268022", "https://bugzilla.redhat.com/2418462", "https://bugzilla.redhat.com/2418900", "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", "https://bugzilla.redhat.com/show_bug.cgi?id=2418900", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24785", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-65637", "https://errata.almalinux.org/8/ALSA-2026-3428.html", "https://errata.rockylinux.org/RLSA-2026:3428", "https://github.com/mjuanxd/logrus-dos-poc", "https://github.com/mjuanxd/logrus-dos-poc/blob/main/README.md", "https://github.com/sirupsen/logrus", "https://github.com/sirupsen/logrus/commit/6acd903758687c4a3db3c11701e6c414fcf1c1f7", "https://github.com/sirupsen/logrus/issues/1370", "https://github.com/sirupsen/logrus/pull/1376", "https://github.com/sirupsen/logrus/releases/tag/v1.8.3", "https://github.com/sirupsen/logrus/releases/tag/v1.9.1", "https://github.com/sirupsen/logrus/releases/tag/v1.9.3", "https://linux.oracle.com/cve/CVE-2025-65637.html", "https://linux.oracle.com/errata/ELSA-2026-3428.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-65637", "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSIRUPSENLOGRUS-5564391", "https://www.cve.org/CVERecord?id=CVE-2025-65637" ], "PublishedDate": "2025-12-04T19:16:05.223Z", "LastModifiedDate": "2025-12-23T00:26:00.703Z" }, { "VulnerabilityID": "CVE-2024-45337", "VendorIDs": [ "GHSA-v778-237x-gjrc" ], "PkgID": "golang.org/x/crypto@v0.3.0", "PkgName": "golang.org/x/crypto", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/crypto@v0.3.0", "UID": "31a497eb63876334" }, "InstalledVersion": "v0.3.0", "FixedVersion": "0.31.0", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-45337", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:ffb42832210e292eb14d8f5794b0d1fb19589dabde60cf7d2c1c184deb3d3b20", "Title": "golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto", "Description": "Applications and libraries which misuse connection.serverAuthenticate (via callback field ServerConfig.PublicKeyCallback) may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that \"A call to this function does not guarantee that the key offered is in fact used to authenticate.\" Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/cry...@v0.31.0 enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance.", "Severity": "CRITICAL", "VendorSeverity": { "amazon": 3, "azure": 4, "cbl-mariner": 4, "ghsa": 4, "redhat": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N", "V3Score": 8.2 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/12/11/2", "https://access.redhat.com/security/cve/CVE-2024-45337", "https://github.com/golang/crypto", "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909", "https://go-review.googlesource.com/c/crypto/+/635315/", "https://go.dev/cl/635315", "https://go.dev/issue/70779", "https://groups.google.com/g/golang-announce/c/-nPEi39gI4Q/m/cGVPJCqdAQAJ", "https://nvd.nist.gov/vuln/detail/CVE-2024-45337", "https://pkg.go.dev/vuln/GO-2024-3321", "https://security.netapp.com/advisory/ntap-20250131-0007", "https://security.netapp.com/advisory/ntap-20250131-0007/", "https://ubuntu.com/security/notices/USN-7839-1", "https://ubuntu.com/security/notices/USN-7839-2", "https://www.cve.org/CVERecord?id=CVE-2024-45337" ], "PublishedDate": "2024-12-12T02:02:07.97Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-22869", "VendorIDs": [ "GHSA-hcg3-q754-cr77" ], "PkgID": "golang.org/x/crypto@v0.3.0", "PkgName": "golang.org/x/crypto", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/crypto@v0.3.0", "UID": "31a497eb63876334" }, "InstalledVersion": "v0.3.0", "FixedVersion": "0.35.0", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22869", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:07a4bad0898b8c30a4bbd97a8173952df4cbb7f186d776d0936c8531b2b17412", "Title": "golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh", "Description": "SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "ghsa": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:3833", "https://access.redhat.com/security/cve/CVE-2025-22869", "https://bugzilla.redhat.com/2348367", "https://bugzilla.redhat.com/show_bug.cgi?id=2348367", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22869", "https://errata.almalinux.org/9/ALSA-2025-3833.html", "https://errata.rockylinux.org/RLSA-2025:7416", "https://github.com/golang/crypto", "https://github.com/golang/crypto/commit/7292932d45d55c7199324ab0027cc86e8198aa22", "https://go-review.googlesource.com/c/crypto/+/652135", "https://go.dev/cl/652135", "https://go.dev/issue/71931", "https://linux.oracle.com/cve/CVE-2025-22869.html", "https://linux.oracle.com/errata/ELSA-2025-7484.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-22869", "https://pkg.go.dev/vuln/GO-2025-3487", "https://security.netapp.com/advisory/ntap-20250411-0010", "https://security.netapp.com/advisory/ntap-20250411-0010/", "https://www.cve.org/CVERecord?id=CVE-2025-22869" ], "PublishedDate": "2025-02-26T08:14:24.997Z", "LastModifiedDate": "2025-05-01T19:28:20.74Z" }, { "VulnerabilityID": "CVE-2023-48795", "VendorIDs": [ "GHSA-45x7-px36-x8w8" ], "PkgID": "golang.org/x/crypto@v0.3.0", "PkgName": "golang.org/x/crypto", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/crypto@v0.3.0", "UID": "31a497eb63876334" }, "InstalledVersion": "v0.3.0", "FixedVersion": "0.17.0, 0.0.0-20231218163308-9d2ee975ef9f", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-48795", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:f9288b1830f5a977111e89cf1128900ab775351cf4adb38607aca75ac356529c", "Title": "ssh: Prefix truncation attack on Binary Packet Protocol (BPP)", "Description": "The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0.10.6, libssh2 through 1.11.0, Thorn Tech SFTP Gateway before 3.4.6, Tera Term before 5.1, Paramiko before 3.4.0, jsch before 0.2.15, SFTPGo before 2.5.6, Netgate pfSense Plus through 23.09.1, Netgate pfSense CE through 2.7.2, HPN-SSH through 18.2.0, ProFTPD before 1.3.8b (and before 1.3.9rc2), ORYX CycloneSSH before 2.3.4, NetSarang XShell 7 before Build 0144, CrushFTP before 10.6.0, ConnectBot SSH library before 2.2.22, Apache MINA sshd through 2.11.0, sshj through 0.37.0, TinySSH through 20230101, trilead-ssh2 6401, LANCOM LCOS and LANconfig, FileZilla before 3.66.4, Nova before 11.8, PKIX-SSH before 14.4, SecureCRT before 9.4.3, Transmit5 before 5.10.4, Win32-OpenSSH before 9.5.0.0p1-Beta, WinSCP before 6.2.2, Bitvise SSH Server before 9.32, Bitvise SSH Client before 9.33, KiTTY through 0.76.1.13, the net-ssh gem 7.2.0 for Ruby, the mscdex ssh2 module before 1.15.0 for Node.js, the thrussh library before 0.35.1 for Rust, and the Russh crate before 0.40.2 for Rust.", "Severity": "MEDIUM", "CweIDs": [ "CWE-354" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.9 } }, "References": [ "http://packetstormsecurity.com/files/176280/Terrapin-SSH-Connection-Weakening.html", "http://seclists.org/fulldisclosure/2024/Mar/21", "http://www.openwall.com/lists/oss-security/2023/12/18/3", "http://www.openwall.com/lists/oss-security/2023/12/19/5", "http://www.openwall.com/lists/oss-security/2023/12/20/3", "http://www.openwall.com/lists/oss-security/2024/03/06/3", "http://www.openwall.com/lists/oss-security/2024/04/17/8", "https://access.redhat.com/errata/RHSA-2024:1150", "https://access.redhat.com/security/cve/CVE-2023-48795", "https://access.redhat.com/security/cve/cve-2023-48795", "https://access.redhat.com/solutions/7071748", "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack", "https://arstechnica.com/security/2023/12/hackers-can-break-ssh-channel-integrity-using-novel-data-corruption-attack/", "https://bugs.gentoo.org/920280", "https://bugzilla.redhat.com/2254210", "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", "https://bugzilla.suse.com/show_bug.cgi?id=1217950", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-364175.html", "https://cert-portal.siemens.com/productcert/html/ssa-769027.html", "https://cert-portal.siemens.com/productcert/html/ssa-794697.html", "https://cert-portal.siemens.com/productcert/html/ssa-915275.html", "https://crates.io/crates/thrussh/versions", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", "https://errata.almalinux.org/9/ALSA-2024-1150.html", "https://errata.rockylinux.org/RLSA-2024:0628", "https://filezilla-project.org/versions.php", "https://forum.netgate.com/topic/184941/terrapin-ssh-attack", "https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.10\u0026id=10e09e273f69e149389b3e0e5d44b8c221c2e7f6", "https://github.com/NixOS/nixpkgs/pull/275249", "https://github.com/PowerShell/Win32-OpenSSH/issues/2189", "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v9.5.0.0p1-Beta", "https://github.com/TeraTermProject/teraterm/commit/7279fbd6ef4d0c8bdd6a90af4ada2899d786eec0", "https://github.com/TeraTermProject/teraterm/releases/tag/v5.1", "https://github.com/advisories/GHSA-45x7-px36-x8w8", "https://github.com/apache/mina-sshd/issues/445", "https://github.com/connectbot/sshlib/commit/5c8b534f6e97db7ac0e0e579331213aa25c173ab", "https://github.com/connectbot/sshlib/compare/2.2.21...2.2.22", "https://github.com/cyd01/KiTTY/issues/520", "https://github.com/drakkan/sftpgo/releases/tag/v2.5.6", "https://github.com/erlang/otp/blob/d1b43dc0f1361d2ad67601169e90a7fc50bb0369/lib/ssh/doc/src/notes.xml#L39-L42", "https://github.com/erlang/otp/releases/tag/OTP-26.2.1", "https://github.com/golang/crypto/commit/9d2ee975ef9fe627bf0a6f01c1f69e8ef1d4f05d", "https://github.com/hierynomus/sshj/issues/916", "https://github.com/janmojzis/tinyssh/issues/81", "https://github.com/jtesta/ssh-audit/commit/8e972c5e94b460379fe0c7d20209c16df81538a5", "https://github.com/libssh2/libssh2/pull/1291", "https://github.com/mkj/dropbear/blob/17657c36cce6df7716d5ff151ec09a665382d5dd/CHANGES#L25", "https://github.com/mscdex/ssh2/commit/97b223f8891b96d6fc054df5ab1d5a1a545da2a3", "https://github.com/mwiede/jsch/compare/jsch-0.2.14...jsch-0.2.15", "https://github.com/mwiede/jsch/issues/457", "https://github.com/mwiede/jsch/pull/461", "https://github.com/net-ssh/net-ssh/blob/2e65064a52d73396bfc3806c9196fc8108f33cd8/CHANGES.txt#L14-L16", "https://github.com/openssh/openssh-portable/commits/master", "https://github.com/paramiko/paramiko/issues/2337", "https://github.com/paramiko/paramiko/issues/2337#issuecomment-1887642773", "https://github.com/proftpd/proftpd/blob/0a7ea9b0ba9fcdf368374a226370d08f10397d99/RELEASE_NOTES", "https://github.com/proftpd/proftpd/blob/d21e7a2e47e9b38f709bec58e3fa711f759ad0e1/RELEASE_NOTES", "https://github.com/proftpd/proftpd/blob/master/RELEASE_NOTES", "https://github.com/proftpd/proftpd/issues/456", "https://github.com/rapier1/hpn-ssh/releases", "https://github.com/ronf/asyncssh/blob/develop/docs/changes.rst", "https://github.com/ronf/asyncssh/security/advisories/GHSA-hfmc-7525-mj55", "https://github.com/ronf/asyncssh/tags", "https://github.com/ssh-mitm/ssh-mitm/issues/165", "https://github.com/warp-tech/russh", "https://github.com/warp-tech/russh/commit/1aa340a7df1d5be1c0f4a9e247aade76dfdd2951", "https://github.com/warp-tech/russh/releases/tag/v0.40.2", "https://github.com/warp-tech/russh/security/advisories/GHSA-45x7-px36-x8w8", "https://gitlab.com/libssh/libssh-mirror/-/tags", "https://go.dev/cl/550715", "https://go.dev/issue/64784", "https://groups.google.com/g/golang-announce/c/-n5WqVC18LQ", "https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg", "https://help.panic.com/releasenotes/transmit5", "https://help.panic.com/releasenotes/transmit5/", "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795", "https://jadaptive.com/important-java-ssh-security-update-new-ssh-vulnerability-discovered-cve-2023-48795/", "https://linux.oracle.com/cve/CVE-2023-48795.html", "https://linux.oracle.com/errata/ELSA-2024-2988.html", "https://lists.debian.org/debian-lts-announce/2023/12/msg00017.html", "https://lists.debian.org/debian-lts-announce/2024/01/msg00013.html", "https://lists.debian.org/debian-lts-announce/2024/01/msg00014.html", "https://lists.debian.org/debian-lts-announce/2024/04/msg00016.html", "https://lists.debian.org/debian-lts-announce/2024/09/msg00042.html", "https://lists.debian.org/debian-lts-announce/2024/11/msg00032.html", "https://lists.debian.org/debian-lts-announce/2025/04/msg00028.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3CAYYW35MUTNO65RVAELICTNZZFMT2XS/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BL5KTLOSLH2KHRN4HCXJPK3JUVLDGEL6/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F7EYCFQCTSGJXWO3ZZ44MGKFC5HA7G3Y/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KMZCVGUGJZZVDPCVDA7TEB22VUCNEXDD/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QI3EHAHABFQK7OABNCSF5GMYP6TONTI7/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33XHJUB6ROFUOH2OQNENFROTVH6MHSHA/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3JIMLVBDWOP4FUPXPTB4PGHHIOMGFLQE/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3YQLUQWLIHDB5QCXQEX7HXHAWMOKPP5O/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6Y74KVCPEPT4MVU3LHDWCNNOXOE5ZLUR/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APYIXIQOVDCRWLHTGB4VYMAUIAQLKYJ3/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C3AFMZ6MH2UHHOPIWT5YLSFV3D2VB3AC/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HYEDEXIKFKTUJIN43RG4B7T5ZS6MHUSP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I724O3LSRCPO4WNVIXTZCT4VVRMXMMSG/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5Y6MNNVAPIJSXJERQ6PKZVCIUXSNJK7/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MKQRBF3DWMWPH36LBCOBUTSIZRTPEZXB/", "https://matt.ucc.asn.au/dropbear/CHANGES", "https://nest.pijul.com/pijul/thrussh/changes/D6H7OWTTMHHX6BTB3B6MNBOBX2L66CBL4LGSEUSAI2MCRCJDQFRQC", "https://news.ycombinator.com/item?id=38684904", "https://news.ycombinator.com/item?id=38685286", "https://news.ycombinator.com/item?id=38732005", "https://nova.app/releases/#v11.8", "https://nvd.nist.gov/vuln/detail/CVE-2023-48795", "https://oryx-embedded.com/download/#changelog", "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0002", "https://roumenpetrov.info/secsh/#news20231220", "https://security-tracker.debian.org/tracker/CVE-2023-48795", "https://security-tracker.debian.org/tracker/source-package/libssh2", "https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg", "https://security-tracker.debian.org/tracker/source-package/trilead-ssh2", "https://security.gentoo.org/glsa/202312-16", "https://security.gentoo.org/glsa/202312-17", "https://security.netapp.com/advisory/ntap-20240105-0004", "https://security.netapp.com/advisory/ntap-20240105-0004/", "https://support.apple.com/kb/HT214084", "https://terrapin-attack.com/", "https://thorntech.com/cve-2023-48795-and-sftp-gateway", "https://thorntech.com/cve-2023-48795-and-sftp-gateway/", "https://twitter.com/TrueSkrillor/status/1736774389725565005", "https://ubuntu.com/security/CVE-2023-48795", "https://ubuntu.com/security/notices/USN-6560-1", "https://ubuntu.com/security/notices/USN-6560-2", "https://ubuntu.com/security/notices/USN-6561-1", "https://ubuntu.com/security/notices/USN-6585-1", "https://ubuntu.com/security/notices/USN-6589-1", "https://ubuntu.com/security/notices/USN-6598-1", "https://ubuntu.com/security/notices/USN-6738-1", "https://ubuntu.com/security/notices/USN-7051-1", "https://ubuntu.com/security/notices/USN-7292-1", "https://ubuntu.com/security/notices/USN-7297-1", "https://winscp.net/eng/docs/history#6.2.2", "https://www.bitvise.com/ssh-client-version-history#933", "https://www.bitvise.com/ssh-server-version-history", "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html", "https://www.crushftp.com/crush10wiki/Wiki.jsp?page=Update", "https://www.cve.org/CVERecord?id=CVE-2023-48795", "https://www.debian.org/security/2023/dsa-5586", "https://www.debian.org/security/2023/dsa-5588", "https://www.freebsd.org/security/advisories/FreeBSD-SA-23:19.openssh.asc", "https://www.lancom-systems.de/service-support/allgemeine-sicherheitshinweise#c243508", "https://www.netsarang.com/en/xshell-update-history", "https://www.netsarang.com/en/xshell-update-history/", "https://www.openssh.com/openbsd.html", "https://www.openssh.com/txt/release-9.6", "https://www.openwall.com/lists/oss-security/2023/12/18/2", "https://www.openwall.com/lists/oss-security/2023/12/18/3", "https://www.openwall.com/lists/oss-security/2023/12/20/3", "https://www.paramiko.org/changelog.html", "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed", "https://www.reddit.com/r/sysadmin/comments/18idv52/cve202348795_why_is_this_cve_still_undisclosed/", "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795", "https://www.suse.com/c/suse-addresses-the-ssh-v2-protocol-terrapin-attack-aka-cve-2023-48795/", "https://www.terrapin-attack.com", "https://www.theregister.com/2023/12/20/terrapin_attack_ssh", "https://www.vandyke.com/products/securecrt/history.txt", "https://www.vicarius.io/vsociety/posts/cve-2023-48795-detect-openssh-vulnerabilit", "https://www.vicarius.io/vsociety/posts/cve-2023-48795-mitigate-openssh-vulnerability" ], "PublishedDate": "2023-12-18T16:15:10.897Z", "LastModifiedDate": "2026-05-12T11:16:15.01Z" }, { "VulnerabilityID": "CVE-2025-47914", "VendorIDs": [ "GHSA-f6x5-jh6r-wrfv" ], "PkgID": "golang.org/x/crypto@v0.3.0", "PkgName": "golang.org/x/crypto", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/crypto@v0.3.0", "UID": "31a497eb63876334" }, "InstalledVersion": "v0.3.0", "FixedVersion": "0.45.0", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47914", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:2690db819220b94406ce696cdea2be233e20da33a34652ae913fef9ee946bb05", "Title": "golang.org/x/crypto/ssh/agent: SSH Agent servers: Denial of Service due to malformed messages", "Description": "SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.", "Severity": "MEDIUM", "CweIDs": [ "CWE-125" ], "VendorSeverity": { "amazon": 2, "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-47914", "https://go.dev/cl/721960", "https://go.dev/issue/76364", "https://go.googlesource.com/crypto", "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA", "https://nvd.nist.gov/vuln/detail/CVE-2025-47914", "https://pkg.go.dev/vuln/GO-2025-4135", "https://www.cve.org/CVERecord?id=CVE-2025-47914" ], "PublishedDate": "2025-11-19T21:15:50.517Z", "LastModifiedDate": "2025-12-11T19:36:41.373Z" }, { "VulnerabilityID": "CVE-2025-58181", "VendorIDs": [ "GHSA-j5w8-q4qc-rx2x" ], "PkgID": "golang.org/x/crypto@v0.3.0", "PkgName": "golang.org/x/crypto", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/crypto@v0.3.0", "UID": "31a497eb63876334" }, "InstalledVersion": "v0.3.0", "FixedVersion": "0.45.0", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58181", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:60d584c4834f246dbb5f52a714d4375b4b3974ae99423ef93d42bdaf382fcfd1", "Title": "golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via unbounded memory consumption in GSSAPI authentication", "Description": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 2, "ghsa": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-58181", "https://github.com/golang/crypto/commit/e79546e28b85ea53dd37afe1c4102746ef553b9c", "https://github.com/golang/go/issues/76363", "https://go.dev/cl/721961", "https://go.dev/issue/76363", "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA", "https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA?pli=1", "https://nvd.nist.gov/vuln/detail/CVE-2025-58181", "https://pkg.go.dev/vuln/GO-2025-4134", "https://ubuntu.com/security/notices/USN-7956-1", "https://www.cve.org/CVERecord?id=CVE-2025-58181" ], "PublishedDate": "2025-11-19T21:15:50.85Z", "LastModifiedDate": "2025-12-11T19:29:24.9Z" }, { "VulnerabilityID": "CVE-2022-41723", "VendorIDs": [ "GHSA-vvpx-j8f3-3w6h" ], "PkgID": "golang.org/x/net@v0.4.0", "PkgName": "golang.org/x/net", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/net@v0.4.0", "UID": "80db47ca242657ea" }, "InstalledVersion": "v0.4.0", "FixedVersion": "0.7.0", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:0ef5d936a03196cd892e3f6b6427829606633f58f8f5681e6a8b32406038e086", "Title": "golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding", "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", "Severity": "HIGH", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2022-41723", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", "https://go.dev/cl/468135", "https://go.dev/cl/468295", "https://go.dev/issue/57855", "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "https://linux.oracle.com/cve/CVE-2022-41723.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", "https://pkg.go.dev/vuln/GO-2023-1571", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20230331-0010/", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://ubuntu.com/security/notices/USN-8089-1", "https://ubuntu.com/security/notices/USN-8089-2", "https://ubuntu.com/security/notices/USN-8089-3", "https://vuln.go.dev/ID/GO-2023-1571.json", "https://www.couchbase.com/alerts", "https://www.couchbase.com/alerts/", "https://www.cve.org/CVERecord?id=CVE-2022-41723" ], "PublishedDate": "2023-02-28T18:15:09.98Z", "LastModifiedDate": "2025-05-05T16:15:20.433Z" }, { "VulnerabilityID": "CVE-2023-39325", "VendorIDs": [ "GHSA-4374-p667-p6c8" ], "PkgID": "golang.org/x/net@v0.4.0", "PkgName": "golang.org/x/net", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/net@v0.4.0", "UID": "80db47ca242657ea" }, "InstalledVersion": "v0.4.0", "FixedVersion": "0.17.0", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39325", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:bfadcf552603313016822f7f1c8601aaa62cdea79df76256144fefce9adcc665", "Title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)", "Description": "A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 2, "redhat": 3, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "golang.org/x/net", "https://access.redhat.com/errata/RHSA-2023:6077", "https://access.redhat.com/security/cve/CVE-2023-39325", "https://access.redhat.com/security/cve/CVE-2023-44487", "https://bugzilla.redhat.com/2242803", "https://bugzilla.redhat.com/2243296", "https://bugzilla.redhat.com/show_bug.cgi?id=2242803", "https://bugzilla.redhat.com/show_bug.cgi?id=2243296", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39325", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487", "https://errata.almalinux.org/9/ALSA-2023-6077.html", "https://errata.rockylinux.org/RLSA-2023:6077", "https://github.com/golang/go/commit/24ae2d927285c697440fdde3ad7f26028354bcf3 [golang- 1.21]", "https://github.com/golang/go/commit/e175f27f58aa7b9cd4d79607ae65d2cd5baaee68 [golang-1.20]", "https://github.com/golang/go/issues/63417", "https://go.dev/cl/534215", "https://go.dev/cl/534235", "https://go.dev/issue/63417", "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ", "https://linux.oracle.com/cve/CVE-2023-39325.html", "https://linux.oracle.com/errata/ELSA-2023-5867.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/", "https://nvd.nist.gov/vuln/detail/CVE-2023-39325", "https://pkg.go.dev/vuln/GO-2023-2102", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20231110-0008", "https://security.netapp.com/advisory/ntap-20231110-0008/", "https://ubuntu.com/security/notices/USN-6574-1", "https://ubuntu.com/security/notices/USN-7061-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", "https://www.cve.org/CVERecord?id=CVE-2023-39325" ], "PublishedDate": "2023-10-11T22:15:09.88Z", "LastModifiedDate": "2024-11-21T08:15:09.627Z" }, { "VulnerabilityID": "CVE-2023-3978", "VendorIDs": [ "GHSA-2wrh-6pvc-2jm9" ], "PkgID": "golang.org/x/net@v0.4.0", "PkgName": "golang.org/x/net", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/net@v0.4.0", "UID": "80db47ca242657ea" }, "InstalledVersion": "v0.4.0", "FixedVersion": "0.13.0", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-3978", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:35f3bba783524453933832a39f7bf146106028dd265bfa2fae3bbc63fd7d79e1", "Title": "golang.org/x/net/html: Cross site scripting", "Description": "Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "nvd": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2023-3978", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://go.dev/cl/514896", "https://go.dev/issue/61615", "https://linux.oracle.com/cve/CVE-2023-3978.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-3978", "https://pkg.go.dev/vuln/GO-2023-1988", "https://ubuntu.com/security/notices/USN-8089-1", "https://ubuntu.com/security/notices/USN-8089-2", "https://ubuntu.com/security/notices/USN-8089-3", "https://www.cve.org/CVERecord?id=CVE-2023-3978" ], "PublishedDate": "2023-08-02T20:15:12.097Z", "LastModifiedDate": "2024-11-21T08:18:27.68Z" }, { "VulnerabilityID": "CVE-2023-44487", "VendorIDs": [ "GHSA-qppj-fm5r-hxr3" ], "PkgID": "golang.org/x/net@v0.4.0", "PkgName": "golang.org/x/net", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/net@v0.4.0", "UID": "80db47ca242657ea" }, "InstalledVersion": "v0.4.0", "FixedVersion": "0.17.0", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-44487", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:191a4066133e521d814ef03388f6f19d698cca0b3ecbde513d5dcb2053a32ad9", "Title": "HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)", "Description": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.", "Severity": "MEDIUM", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "ghsa": 2, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:H", "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:A", "V3Score": 5.3, "V40Score": 6.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/10/10/6", "http://www.openwall.com/lists/oss-security/2023/10/10/7", "http://www.openwall.com/lists/oss-security/2023/10/13/4", "http://www.openwall.com/lists/oss-security/2023/10/13/9", "http://www.openwall.com/lists/oss-security/2023/10/18/4", "http://www.openwall.com/lists/oss-security/2023/10/18/8", "http://www.openwall.com/lists/oss-security/2023/10/19/6", "http://www.openwall.com/lists/oss-security/2023/10/20/8", "http://www.openwall.com/lists/oss-security/2025/08/13/6", "https://access.redhat.com/errata/RHSA-2023:6746", "https://access.redhat.com/security/cve/CVE-2023-44487", "https://access.redhat.com/security/cve/cve-2023-44487", "https://akka.io/security/akka-http-cve-2023-44487.html", "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size", "https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/", "https://aws.amazon.com/security/security-bulletins/AWS-2023-011", "https://aws.amazon.com/security/security-bulletins/AWS-2023-011/", "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack", "https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/", "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack", "https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/", "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty", "https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/", "https://blog.powerdns.com/2024/02/16/powerdns-dnsdist-1.9.0-released", "https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack", "https://blog.vespa.ai/cve-2023-44487", "https://blog.vespa.ai/cve-2023-44487/", "https://bugzilla.proxmox.com/show_bug.cgi?id=4988", "https://bugzilla.redhat.com/2242803", "https://bugzilla.redhat.com/show_bug.cgi?id=2242803", "https://bugzilla.suse.com/show_bug.cgi?id=1216123", "https://cert-portal.siemens.com/productcert/html/ssa-082556.html", "https://cert-portal.siemens.com/productcert/html/ssa-341067.html", "https://cert-portal.siemens.com/productcert/html/ssa-784301.html", "https://cert-portal.siemens.com/productcert/html/ssa-832273.html", "https://cert-portal.siemens.com/productcert/html/ssa-915275.html", "https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9", "https://chaos.social/@icing/111210915918780532", "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps", "https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/", "https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack", "https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487", "https://devblogs.microsoft.com/dotnet/october-2023-updates/", "https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715", "https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve", "https://errata.almalinux.org/9/ALSA-2023-6746.html", "https://errata.rockylinux.org/RLSA-2023:5838", "https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764", "https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088", "https://github.com/Azure/AKS/issues/3947", "https://github.com/Kong/kong/discussions/11741", "https://github.com/advisories/GHSA-qppj-fm5r-hxr3", "https://github.com/advisories/GHSA-vx74-f528-fxqg", "https://github.com/advisories/GHSA-xpw8-rcwv-8f8p", "https://github.com/akka/akka-http/issues/4323", "https://github.com/akka/akka-http/pull/4324", "https://github.com/akka/akka-http/pull/4325", "https://github.com/alibaba/tengine/issues/1872", "https://github.com/apache/apisix/issues/10320", "https://github.com/apache/httpd-site/pull/10", "https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113", "https://github.com/apache/tomcat/commit/944332bb15bd2f3bf76ec2caeb1ff0a58a3bc628", "https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2", "https://github.com/apache/trafficserver/pull/10564", "https://github.com/apple/swift-nio-http2", "https://github.com/apple/swift-nio-http2/security/advisories/GHSA-qppj-fm5r-hxr3", "https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487", "https://github.com/bcdannyboy/CVE-2023-44487", "https://github.com/caddyserver/caddy/issues/5877", "https://github.com/caddyserver/caddy/releases/tag/v2.7.5", "https://github.com/dotnet/announcements/issues/277", "https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73", "https://github.com/eclipse/jetty.project/issues/10679", "https://github.com/envoyproxy/envoy/pull/30055", "https://github.com/envoyproxy/envoy/security/advisories/GHSA-jhv4-f7mr-xx76", "https://github.com/etcd-io/etcd/issues/16740", "https://github.com/facebook/proxygen/pull/466", "https://github.com/golang/go/issues/63417", "https://github.com/grpc/grpc-go/pull/6703", "https://github.com/grpc/grpc-go/releases", "https://github.com/grpc/grpc/releases/tag/v1.59.2", "https://github.com/h2o/h2o/pull/3291", "https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf", "https://github.com/haproxy/haproxy/issues/2312", "https://github.com/hyperium/hyper/issues/3337", "https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244", "https://github.com/junkurihara/rust-rpxy/issues/97", "https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1", "https://github.com/kazu-yamamoto/http2/issues/93", "https://github.com/kubernetes/ingress-nginx/blob/4b5c5efe2508dc915a48c54de7f23912ff2ec695/changelog/controller-1.9.3.md?plain=1#L15", "https://github.com/kubernetes/kubernetes/pull/121120", "https://github.com/line/armeria/pull/5232", "https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632", "https://github.com/micrictor/http2-rst-stream", "https://github.com/microsoft/CBL-Mariner/pull/6381", "https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61", "https://github.com/nghttp2/nghttp2/pull/1961", "https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0", "https://github.com/ninenines/cowboy/issues/1615", "https://github.com/nodejs/node/pull/50121", "https://github.com/openresty/openresty/issues/930", "https://github.com/opensearch-project/data-prepper/issues/3474", "https://github.com/oqtane/oqtane.framework/discussions/3367", "https://github.com/projectcontour/contour/pull/5826", "https://github.com/tempesta-tech/tempesta/issues/1986", "https://github.com/varnishcache/varnish-cache/issues/3996", "https://go.dev/cl/534215", "https://go.dev/cl/534235", "https://go.dev/issue/63417", "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo", "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ", "https://istio.io/latest/news/security/istio-security-2023-004", "https://istio.io/latest/news/security/istio-security-2023-004/", "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487", "https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/", "https://linux.oracle.com/cve/CVE-2023-44487.html", "https://linux.oracle.com/errata/ELSA-2024-1444.html", "https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q", "https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html", "https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html", "https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html", "https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html", "https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html", "https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html", "https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4", "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/", "https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html", "https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html", "https://mailman.powerdns.com/pipermail/dnsdist/2023-October/001409.html", "https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html", "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2", "https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/", "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487", "https://my.f5.com/manage/s/article/K000137106", "https://netty.io/news/2023/10/10/4-1-100-Final.html", "https://news.ycombinator.com/item?id=37830987", "https://news.ycombinator.com/item?id=37830998", "https://news.ycombinator.com/item?id=37831062", "https://news.ycombinator.com/item?id=37837043", "https://nodejs.org/en/blog/vulnerability/october-2023-security-releases", "https://nvd.nist.gov/vuln/detail/CVE-2023-44487", "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response", "https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/", "https://pkg.go.dev/vuln/GO-2023-2102", "https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected", "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20231016-0001", "https://security.netapp.com/advisory/ntap-20231016-0001/", "https://security.netapp.com/advisory/ntap-20240426-0007", "https://security.netapp.com/advisory/ntap-20240426-0007/", "https://security.netapp.com/advisory/ntap-20240621-0006", "https://security.netapp.com/advisory/ntap-20240621-0006/", "https://security.netapp.com/advisory/ntap-20240621-0007", "https://security.netapp.com/advisory/ntap-20240621-0007/", "https://security.paloaltonetworks.com/CVE-2023-44487", "https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14", "https://tomcat.apache.org/security-11.html#Fixed_in_Apache_Tomcat_11.0.0-M12", "https://tomcat.apache.org/security-8.html", "https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.94", "https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.81", "https://ubuntu.com/security/CVE-2023-44487", "https://ubuntu.com/security/notices/USN-6427-1", "https://ubuntu.com/security/notices/USN-6427-2", "https://ubuntu.com/security/notices/USN-6438-1", "https://ubuntu.com/security/notices/USN-6505-1", "https://ubuntu.com/security/notices/USN-6574-1", "https://ubuntu.com/security/notices/USN-6754-1", "https://ubuntu.com/security/notices/USN-6994-1", "https://ubuntu.com/security/notices/USN-7067-1", "https://ubuntu.com/security/notices/USN-7410-1", "https://ubuntu.com/security/notices/USN-7469-1", "https://ubuntu.com/security/notices/USN-7469-2", "https://ubuntu.com/security/notices/USN-7469-3", "https://ubuntu.com/security/notices/USN-7469-4", "https://ubuntu.com/security/notices/USN-7892-1", "https://varnish-cache.org/releases/rel6.0.12.html#rel6-0-12", "https://varnish-cache.org/releases/rel7.3.1.html#rel7-3-1", "https://varnish-cache.org/releases/rel7.4.2.html#rel7-4-2", "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records", "https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/", "https://www.cisa.gov/known-exploited-vulnerabilities-catalog", "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-44487", "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", "https://www.cve.org/CVERecord?id=CVE-2023-44487", "https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event", "https://www.debian.org/security/2023/dsa-5521", "https://www.debian.org/security/2023/dsa-5522", "https://www.debian.org/security/2023/dsa-5540", "https://www.debian.org/security/2023/dsa-5549", "https://www.debian.org/security/2023/dsa-5558", "https://www.debian.org/security/2023/dsa-5570", "https://www.eclipse.org/lists/jetty-announce/msg00181.html", "https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487", "https://www.mail-archive.com/haproxy@formilux.org/msg44134.html", "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487", "https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/", "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products", "https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/", "https://www.openwall.com/lists/oss-security/2023/10/10/6", "https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack", "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday", "https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/", "https://www.vicarius.io/vsociety/posts/rapid-reset-cve-2023-44487-dos-in-http2-understanding-the-root-cause" ], "PublishedDate": "2023-10-10T14:15:10.883Z", "LastModifiedDate": "2026-05-12T15:10:32.26Z" }, { "VulnerabilityID": "CVE-2023-45288", "VendorIDs": [ "GHSA-4v7x-pqxf-cx7m" ], "PkgID": "golang.org/x/net@v0.4.0", "PkgName": "golang.org/x/net", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/net@v0.4.0", "UID": "80db47ca242657ea" }, "InstalledVersion": "v0.4.0", "FixedVersion": "0.23.0", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45288", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:07a8b6a3e3be3b01d17fd9b632323f9e5ae742675d5b03a985dc5aa585f394a3", "Title": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS", "Description": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "ghsa": 2, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/04/03/16", "http://www.openwall.com/lists/oss-security/2024/04/05/4", "https://access.redhat.com/errata/RHSA-2024:2724", "https://access.redhat.com/security/cve/CVE-2023-45288", "https://bugzilla.redhat.com/2268017", "https://bugzilla.redhat.com/2268018", "https://bugzilla.redhat.com/2268019", "https://bugzilla.redhat.com/2268273", "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", "https://errata.almalinux.org/9/ALSA-2024-2724.html", "https://errata.rockylinux.org/RLSA-2024:2724", "https://go.dev/cl/576155", "https://go.dev/issue/65051", "https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M", "https://kb.cert.org/vuls/id/421644", "https://linux.oracle.com/cve/CVE-2023-45288.html", "https://linux.oracle.com/errata/ELSA-2024-3346.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/", "https://nowotarski.info/http2-continuation-flood-technical-details", "https://nowotarski.info/http2-continuation-flood/", "https://nvd.nist.gov/vuln/detail/CVE-2023-45288", "https://pkg.go.dev/vuln/GO-2024-2687", "https://security.netapp.com/advisory/ntap-20240419-0009", "https://security.netapp.com/advisory/ntap-20240419-0009/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2023-45288", "https://www.kb.cert.org/vuls/id/421644" ], "PublishedDate": "2024-04-04T21:15:16.113Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-22870", "VendorIDs": [ "GHSA-qxp5-gwg8-xv66" ], "PkgID": "golang.org/x/net@v0.4.0", "PkgName": "golang.org/x/net", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/net@v0.4.0", "UID": "80db47ca242657ea" }, "InstalledVersion": "v0.4.0", "FixedVersion": "0.36.0", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:d03ba5ebc75ffa2958093fe403616c5fdd5b3e539c29cca792f26392479bc545", "Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", "Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.", "Severity": "MEDIUM", "CweIDs": [ "CWE-115" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/03/07/2", "https://access.redhat.com/security/cve/CVE-2025-22870", "https://github.com/golang/go/issues/71984", "https://go-review.googlesource.com/q/project:net", "https://go.dev/cl/654697", "https://go.dev/issue/71984", "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", "https://nvd.nist.gov/vuln/detail/CVE-2025-22870", "https://pkg.go.dev/vuln/GO-2025-3503", "https://security.netapp.com/advisory/ntap-20250509-0007", "https://security.netapp.com/advisory/ntap-20250509-0007/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-22870" ], "PublishedDate": "2025-03-12T19:15:38.31Z", "LastModifiedDate": "2026-04-16T23:16:32.86Z" }, { "VulnerabilityID": "CVE-2025-22872", "VendorIDs": [ "GHSA-vvgc-356p-c3xw" ], "PkgID": "golang.org/x/net@v0.4.0", "PkgName": "golang.org/x/net", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/net@v0.4.0", "UID": "80db47ca242657ea" }, "InstalledVersion": "v0.4.0", "FixedVersion": "0.38.0", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22872", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:ac56483ae9c2dff44002a2b83d335b712847d0946f48490c7250cde32b0cd96a", "Title": "golang.org/x/net/html: Incorrect Neutralization of Input During Web Page Generation in x/net in golang.org/x/net", "Description": "The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. \u003cmath\u003e, \u003csvg\u003e, etc contexts).", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N", "V40Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22872", "https://github.com/TheDegenerateDev5150/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9", "https://github.com/advisories/GHSA-vvgc-356p-c3xw", "https://go.dev/cl/662715", "https://go.dev/issue/73070", "https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA", "https://nvd.nist.gov/vuln/detail/CVE-2025-22872", "https://pkg.go.dev/vuln/GO-2025-3595", "https://security.netapp.com/advisory/ntap-20250516-0007", "https://security.netapp.com/advisory/ntap-20250516-0007/", "https://ubuntu.com/security/notices/USN-8089-1", "https://ubuntu.com/security/notices/USN-8089-2", "https://ubuntu.com/security/notices/USN-8089-3", "https://www.cve.org/CVERecord?id=CVE-2025-22872" ], "PublishedDate": "2025-04-16T18:16:04.183Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-22868", "VendorIDs": [ "GHSA-6v2p-p543-phr9" ], "PkgID": "golang.org/x/oauth2@v0.2.0", "PkgName": "golang.org/x/oauth2", "PkgIdentifier": { "PURL": "pkg:golang/golang.org/x/oauth2@v0.2.0", "UID": "31dfa10cd8116308" }, "InstalledVersion": "v0.2.0", "FixedVersion": "0.27.0", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22868", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:89ee97870da51ebbcdfc3fc4a81aa094ec76330d0f64bf4a74106bf25778faa5", "Title": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws", "Description": "An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.", "Severity": "HIGH", "CweIDs": [ "CWE-1286" ], "VendorSeverity": { "amazon": 3, "azure": 3, "cbl-mariner": 3, "ghsa": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22868", "https://bugzilla.redhat.com/show_bug.cgi?id=2347423", "https://bugzilla.redhat.com/show_bug.cgi?id=2348366", "https://bugzilla.redhat.com/show_bug.cgi?id=2352914", "https://bugzilla.redhat.com/show_bug.cgi?id=2354195", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22868", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27144", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-29786", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-30204", "https://errata.rockylinux.org/RLSA-2025:7479", "https://go.dev/cl/652155", "https://go.dev/issue/71490", "https://nvd.nist.gov/vuln/detail/CVE-2025-22868", "https://pkg.go.dev/vuln/GO-2025-3488", "https://www.cve.org/CVERecord?id=CVE-2025-22868" ], "PublishedDate": "2025-02-26T08:14:24.897Z", "LastModifiedDate": "2025-05-01T19:27:10.43Z" }, { "VulnerabilityID": "CVE-2026-33186", "VendorIDs": [ "GHSA-p77j-4mvh-x3m3" ], "PkgID": "google.golang.org/grpc@v1.50.1", "PkgName": "google.golang.org/grpc", "PkgIdentifier": { "PURL": "pkg:golang/google.golang.org/grpc@v1.50.1", "UID": "295cade235701834" }, "InstalledVersion": "v1.50.1", "FixedVersion": "1.79.3", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33186", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:f8650128a970a747ecbae3514f6e8fb3c38d7ca531c312e6ea6493ef96a2bbb0", "Title": "google.golang.org/grpc/grpc-go: google.golang.org/grpc/authz: gRPC-Go: Authorization bypass due to improper HTTP/2 path validation", "Description": "gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input validation of the HTTP/2 `:path` pseudo-header. The gRPC-Go server was too lenient in its routing logic, accepting requests where the `:path` omitted the mandatory leading slash (e.g., `Service/Method` instead of `/Service/Method`). While the server successfully routed these requests to the correct handler, authorization interceptors (including the official `grpc/authz` package) evaluated the raw, non-canonical path string. Consequently, \"deny\" rules defined using canonical paths (starting with `/`) failed to match the incoming request, allowing it to bypass the policy if a fallback \"allow\" rule was present. This affects gRPC-Go servers that use path-based authorization interceptors, such as the official RBAC implementation in `google.golang.org/grpc/authz` or custom interceptors relying on `info.FullMethod` or `grpc.Method(ctx)`; AND that have a security policy contains specific \"deny\" rules for canonical paths but allows other requests by default (a fallback \"allow\" rule). The vulnerability is exploitable by an attacker who can send raw HTTP/2 frames with malformed `:path` headers directly to the gRPC server. The fix in version 1.79.3 ensures that any request with a `:path` that does not start with a leading slash is immediately rejected with a `codes.Unimplemented` error, preventing it from reaching authorization interceptors or handlers with a non-canonical path string. While upgrading is the most secure and recommended path, users can mitigate the vulnerability using one of the following methods: Use a validating interceptor (recommended mitigation); infrastructure-level normalization; and/or policy hardening.", "Severity": "CRITICAL", "CweIDs": [ "CWE-285" ], "VendorSeverity": { "amazon": 3, "ghsa": 4, "photon": 4, "redhat": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-33186", "https://github.com/grpc/grpc-go", "https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3", "https://nvd.nist.gov/vuln/detail/CVE-2026-33186", "https://www.cve.org/CVERecord?id=CVE-2026-33186" ], "PublishedDate": "2026-03-20T23:16:45.18Z", "LastModifiedDate": "2026-04-10T20:49:17.737Z" }, { "VulnerabilityID": "GHSA-m425-mq94-257g", "PkgID": "google.golang.org/grpc@v1.50.1", "PkgName": "google.golang.org/grpc", "PkgIdentifier": { "PURL": "pkg:golang/google.golang.org/grpc@v1.50.1", "UID": "295cade235701834" }, "InstalledVersion": "v1.50.1", "FixedVersion": "1.56.3, 1.57.1, 1.58.3", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://github.com/advisories/GHSA-m425-mq94-257g", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:42bf88f80cb34c9c3bb9e9def493bfe2e849a4f963398348ff333222ab3573c5", "Title": "gRPC-Go HTTP/2 Rapid Reset vulnerability", "Description": "### Impact\nIn affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit.\n\n### Patches\nThis vulnerability was addressed by #6703 and has been included in patch releases: 1.56.3, 1.57.1, 1.58.3. It is also included in the latest release, 1.59.0.\n\nAlong with applying the patch, users should also ensure they are using the `grpc.MaxConcurrentStreams` server option to apply a limit to the server's resources used for any single connection.\n\n### Workarounds\nNone.\n\n### References\n#6703\n", "Severity": "HIGH", "VendorSeverity": { "ghsa": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://github.com/grpc/grpc-go", "https://github.com/grpc/grpc-go/commit/f2180b4d5403d2210b30b93098eb7da31c05c721", "https://github.com/grpc/grpc-go/pull/6703", "https://github.com/grpc/grpc-go/security/advisories/GHSA-m425-mq94-257g", "https://nvd.nist.gov/vuln/detail/CVE-2023-44487" ], "PublishedDate": "2023-10-25T21:17:37Z", "LastModifiedDate": "2024-07-19T16:32:30Z" }, { "VulnerabilityID": "CVE-2024-24786", "VendorIDs": [ "GHSA-8r3f-844c-mc37" ], "PkgID": "google.golang.org/protobuf@v1.28.1", "PkgName": "google.golang.org/protobuf", "PkgIdentifier": { "PURL": "pkg:golang/google.golang.org/protobuf@v1.28.1", "UID": "92d88af829581f08" }, "InstalledVersion": "v1.28.1", "FixedVersion": "1.33.0", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24786", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:07adec91e1637dff377dfec82466e574fc5ad6f052a37396e270301f59bbd147", "Title": "golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON", "Description": "The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "cbl-mariner": 3, "ghsa": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U", "V3Score": 7.5, "V40Score": 6.6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/08/4", "https://access.redhat.com/errata/RHSA-2024:2550", "https://access.redhat.com/security/cve/CVE-2024-24786", "https://bugzilla.redhat.com/2268046", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24786", "https://errata.almalinux.org/9/ALSA-2024-2550.html", "https://errata.rockylinux.org/RLSA-2024:2550", "https://github.com/protocolbuffers/protobuf-go", "https://github.com/protocolbuffers/protobuf-go/commit/f01a588e5810b90996452eec4a28f22a0afae023", "https://github.com/protocolbuffers/protobuf-go/releases/tag/v1.33.0", "https://go-review.googlesource.com/c/protobuf/+/569356", "https://go.dev/cl/569356", "https://groups.google.com/g/golang-announce/c/ArQ6CDgtEjY/", "https://linux.oracle.com/cve/CVE-2024-24786.html", "https://linux.oracle.com/errata/ELSA-2024-4246.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU/", "https://nvd.nist.gov/vuln/detail/CVE-2024-24786", "https://pkg.go.dev/vuln/GO-2024-2611", "https://security.netapp.com/advisory/ntap-20240517-0002", "https://security.netapp.com/advisory/ntap-20240517-0002/", "https://ubuntu.com/security/notices/USN-6746-1", "https://ubuntu.com/security/notices/USN-6746-2", "https://www.cve.org/CVERecord?id=CVE-2024-24786" ], "PublishedDate": "2024-03-05T23:15:07.82Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2023-24538", "VendorIDs": [ "GO-2023-1703" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.19.8, 1.20.3", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24538", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:fe43916ec2bf6fafb2cc29ed43f06670dc11a24635c2e467c1c07491fb399769", "Title": "golang: html/template: backticks not treated as string delimiters", "Description": "Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g. \"var a = {{.}}\"), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template.Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported, but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmpllitinterp=1, with the caveat that backticks will now be escaped. This should be used with caution.", "Severity": "CRITICAL", "CweIDs": [ "CWE-94" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 4, "bitnami": 4, "cbl-mariner": 4, "nvd": 4, "oracle-oval": 2, "photon": 4, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2023-24538", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://github.com/golang/go/commit/20374d1d759bc4e17486bde1cb9dca5be37d9e52 (go1.20.3)", "https://github.com/golang/go/commit/b1e3ecfa06b67014429a197ec5e134ce4303ad9b (go1.19.8)", "https://github.com/golang/go/issues/59234", "https://go.dev/cl/482079", "https://go.dev/issue/59234", "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", "https://linux.oracle.com/cve/CVE-2023-24538.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-24538", "https://pkg.go.dev/vuln/GO-2023-1703", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20241115-0007/", "https://ubuntu.com/security/notices/USN-6038-1", "https://ubuntu.com/security/notices/USN-6038-2", "https://ubuntu.com/security/notices/USN-6140-1", "https://ubuntu.com/security/notices/USN-7061-1", "https://www.cve.org/CVERecord?id=CVE-2023-24538" ], "PublishedDate": "2023-04-06T16:15:07.8Z", "LastModifiedDate": "2025-02-12T17:15:14.19Z" }, { "VulnerabilityID": "CVE-2023-24540", "VendorIDs": [ "GO-2023-1752" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.19.9, 1.20.4", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24540", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:d0a08621f1760feeabcd99aba1b2996fec587eb1657090e63a89ab56c772dcac", "Title": "golang: html/template: improper handling of JavaScript whitespace", "Description": "Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing whitespace characters outside of the character set \"\\t\\n\\f\\r\\u0020\\u2028\\u2029\" in JavaScript contexts that also contain actions may not be properly sanitized during execution.", "Severity": "CRITICAL", "CweIDs": [ "CWE-77" ], "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 4, "cbl-mariner": 4, "nvd": 4, "oracle-oval": 2, "photon": 4, "redhat": 3, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2023-24540", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://github.com/golang/go/commit/4a28cad66655ee01c6e944271e23c33cab021765 (go1.20.4)", "https://github.com/golang/go/commit/ce7bd33345416e6d8cac901792060591cafc2797 (go1.19.9)", "https://github.com/golang/go/issues/59721", "https://go.dev/cl/491616", "https://go.dev/issue/59721", "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU", "https://linux.oracle.com/cve/CVE-2023-24540.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-24540", "https://pkg.go.dev/vuln/GO-2023-1752", "https://security.netapp.com/advisory/ntap-20241115-0008/", "https://ubuntu.com/security/notices/USN-6140-1", "https://www.cve.org/CVERecord?id=CVE-2023-24540" ], "PublishedDate": "2023-05-11T16:15:09.687Z", "LastModifiedDate": "2025-01-24T17:15:10.893Z" }, { "VulnerabilityID": "CVE-2024-24790", "VendorIDs": [ "GO-2024-2887" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.21.11, 1.22.4", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24790", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:8803796c078fe993f501b97ea170ccd8766431cbf7fd63c9e89b967ac3262fc2", "Title": "golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses", "Description": "The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.", "Severity": "CRITICAL", "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 4, "cbl-mariner": 4, "nvd": 4, "oracle-oval": 2, "photon": 4, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 6.7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/06/04/1", "https://access.redhat.com/errata/RHSA-2025:7256", "https://access.redhat.com/security/cve/CVE-2024-24790", "https://bugzilla.redhat.com/2237777", "https://bugzilla.redhat.com/2237778", "https://bugzilla.redhat.com/2279814", "https://bugzilla.redhat.com/2292787", "https://bugzilla.redhat.com/2295310", "https://bugzilla.redhat.com/2315719", "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", "https://bugzilla.redhat.com/show_bug.cgi?id=2292787", "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", "https://bugzilla.redhat.com/show_bug.cgi?id=2315719", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9355", "https://errata.almalinux.org/9/ALSA-2025-7256.html", "https://errata.rockylinux.org/RLSA-2025:7256", "https://github.com/golang/go/commit/051bdf3fd12a40307606ff9381138039c5f452f0 (1.21)", "https://github.com/golang/go/commit/12d5810cdb1f73cf23d7a86462143e9463317fca (1.22)", "https://github.com/golang/go/issues/67680", "https://go.dev/cl/590316", "https://go.dev/issue/67680", "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k", "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ", "https://linux.oracle.com/cve/CVE-2024-24790.html", "https://linux.oracle.com/errata/ELSA-2025-7256.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-24790", "https://pkg.go.dev/vuln/GO-2024-2887", "https://security.netapp.com/advisory/ntap-20240905-0002/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://www.cve.org/CVERecord?id=CVE-2024-24790" ], "PublishedDate": "2024-06-05T16:15:10.56Z", "LastModifiedDate": "2024-11-21T08:59:42.813Z" }, { "VulnerabilityID": "CVE-2025-68121", "VendorIDs": [ "GO-2026-4337" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.24.13, 1.25.7, 1.26.0-rc.3", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-68121", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:7740a96800e3667ab632ff3053b2b964df01a9283bc049863773799c4f04c18d", "Title": "crypto/tls: crypto/tls: Incorrect certificate validation during TLS session resumption", "Description": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.", "Severity": "CRITICAL", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 4, "cbl-mariner": 2, "nvd": 4, "oracle-oval": 3, "photon": 4, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "V3Score": 10 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "V3Score": 10 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4177", "https://access.redhat.com/security/cve/CVE-2025-68121", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-4177.html", "https://errata.rockylinux.org/RLSA-2026:4177", "https://github.com/golang/go/issues/77113", "https://go.dev/cl/737700", "https://go.dev/issue/77217", "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-68121.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-68121", "https://pkg.go.dev/vuln/GO-2026-4337", "https://www.cve.org/CVERecord?id=CVE-2025-68121" ], "PublishedDate": "2026-02-05T18:16:10.857Z", "LastModifiedDate": "2026-04-29T14:16:16.17Z" }, { "VulnerabilityID": "CVE-2022-41722", "VendorIDs": [ "GO-2023-1568" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.19.6, 1.20.1", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41722", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f8063f23d310aa8edccad2e55fd9eefc5e16a99a1f15b3f172bce8e538b0a092", "Title": "golang: path/filepath: path-filepath filepath.Clean path traversal", "Description": "A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as \"a/../c:/b\" into the valid path \"c:\\b\". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path \".\\c:\\b\".", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2022-41722", "https://go.dev/cl/468123", "https://go.dev/issue/57274", "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "https://nvd.nist.gov/vuln/detail/CVE-2022-41722", "https://pkg.go.dev/vuln/GO-2023-1568", "https://www.cve.org/CVERecord?id=CVE-2022-41722" ], "PublishedDate": "2023-02-28T18:15:09.887Z", "LastModifiedDate": "2024-11-21T07:23:44.303Z" }, { "VulnerabilityID": "CVE-2022-41723", "VendorIDs": [ "GHSA-vvpx-j8f3-3w6h", "GO-2023-1571" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.19.6, 1.20.1", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:bce00a1800d2238cfad4839b3e63b58184750e2d2394f75bd9a51cd32dba24b0", "Title": "golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding", "Description": "A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.", "Severity": "HIGH", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2022-41723", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://github.com/advisories/GHSA-vvpx-j8f3-3w6h", "https://go.dev/cl/468135", "https://go.dev/cl/468295", "https://go.dev/issue/57855", "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "https://linux.oracle.com/cve/CVE-2022-41723.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4MA5XS5DAOJ5PKKNG5TUXKPQOFHT5VBC/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGW7GE2Z32ZT47UFAQFDRQE33B7Q7LMT/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RLBQ3A7ROLEQXQLXFDLNJ7MYPKG5GULE/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XX3IMUTZKRQ73PBZM4E2JP4BKYH4C6XE/", "https://nvd.nist.gov/vuln/detail/CVE-2022-41723", "https://pkg.go.dev/vuln/GO-2023-1571", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20230331-0010/", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://ubuntu.com/security/notices/USN-8089-1", "https://ubuntu.com/security/notices/USN-8089-2", "https://ubuntu.com/security/notices/USN-8089-3", "https://vuln.go.dev/ID/GO-2023-1571.json", "https://www.couchbase.com/alerts", "https://www.couchbase.com/alerts/", "https://www.cve.org/CVERecord?id=CVE-2022-41723" ], "PublishedDate": "2023-02-28T18:15:09.98Z", "LastModifiedDate": "2025-05-05T16:15:20.433Z" }, { "VulnerabilityID": "CVE-2022-41724", "VendorIDs": [ "GO-2023-1570" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.19.6, 1.20.1", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41724", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:a63f44b7335b31397b3139fec01e8f48cbc10dd1b30cec4d10eacf88d0f3ee25", "Title": "golang: crypto/tls: large handshake records may cause panics", "Description": "Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS handshake records which cause servers and clients, respectively, to panic when attempting to construct responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client certificates (by setting Config.ClientAuth \u003e= RequestClientCert).", "Severity": "HIGH", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2022-41724", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://go.dev/cl/468125", "https://go.dev/issue/58001", "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "https://linux.oracle.com/cve/CVE-2022-41724.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-41724", "https://pkg.go.dev/vuln/GO-2023-1570", "https://security.gentoo.org/glsa/202311-09", "https://ubuntu.com/security/notices/USN-6140-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2022-41724" ], "PublishedDate": "2023-02-28T18:15:10.043Z", "LastModifiedDate": "2024-11-21T07:23:44.603Z" }, { "VulnerabilityID": "CVE-2022-41725", "VendorIDs": [ "GO-2023-1569" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.19.6, 1.20.1", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2022-41725", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:269e20a23c370b9ad9672165a75784a8191b2fc1ab0804c78aae0a0c69275f54", "Title": "golang: net/http, mime/multipart: denial of service from excessive resource consumption", "Description": "A denial of service is possible from excessive resource consumption in net/http and mime/multipart. Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory and disk files. This also affects form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. ReadForm takes a maxMemory parameter, and is documented as storing \"up to maxMemory bytes +10MB (reserved for non-file parts) in memory\". File parts which cannot be stored in memory are stored on disk in temporary files. The unconfigurable 10MB reserved for non-file parts is excessively large and can potentially open a denial of service vector on its own. However, ReadForm did not properly account for all memory consumed by a parsed form, such as map entry overhead, part names, and MIME headers, permitting a maliciously crafted form to consume well over 10MB. In addition, ReadForm contained no limit on the number of disk files created, permitting a relatively small request body to create a large number of disk temporary files. With fix, ReadForm now properly accounts for various forms of memory overhead, and should now stay within its documented limit of 10MB + maxMemory bytes of memory consumption. Users should still be aware that this limit is high and may still be hazardous. In addition, ReadForm now creates at most one on-disk temporary file, combining multiple form parts into a single temporary file. The mime/multipart.File interface type's documentation states, \"If stored on disk, the File's underlying concrete type will be an *os.File.\". This is no longer the case when a form contains more than one file part, due to this coalescing of parts into a single file. The previous behavior of using distinct files for each form part may be reenabled with the environment variable GODEBUG=multipartfiles=distinct. Users should be aware that multipart.ReadForm and the http.Request methods that call it do not limit the amount of disk consumed by temporary files. Callers can limit the size of form data with http.MaxBytesReader.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2022-41725", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://github.com/golang/go/commit/5c55ac9bf1e5f779220294c843526536605f42ab [1.19]", "https://go.dev/cl/468124", "https://go.dev/issue/58006", "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "https://linux.oracle.com/cve/CVE-2022-41725.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://nvd.nist.gov/vuln/detail/CVE-2022-41725", "https://pkg.go.dev/vuln/GO-2023-1569", "https://security.gentoo.org/glsa/202311-09", "https://ubuntu.com/security/notices/USN-6140-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2022-41725" ], "PublishedDate": "2023-02-28T18:15:10.12Z", "LastModifiedDate": "2024-11-21T07:23:44.733Z" }, { "VulnerabilityID": "CVE-2023-24534", "VendorIDs": [ "GO-2023-1704" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.19.8, 1.20.3", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24534", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:972e8f83c2e05947b1ac835779d76edf0e1888a8132802cb1fb85d1333cbb446", "Title": "golang: net/http, net/textproto: denial of service from excessive memory allocation", "Description": "HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially more memory than required to hold the parsed headers. An attacker can exploit this behavior to cause an HTTP server to allocate large amounts of memory from a small request, potentially leading to memory exhaustion and a denial of service. With fix, header parsing now correctly allocates only the memory required to hold parsed headers.", "Severity": "HIGH", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2023-24534", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://github.com/golang/go/commit/3991f6c41c7dfd167e889234c0cf1d840475e93c (go1.20.3)", "https://github.com/golang/go/commit/d6759e7a059f4208f07aa781402841d7ddaaef96 (go1.19.8)", "https://go.dev/cl/481994", "https://go.dev/issue/58975", "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", "https://linux.oracle.com/cve/CVE-2023-24534.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-24534", "https://pkg.go.dev/vuln/GO-2023-1704", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20230526-0007/", "https://ubuntu.com/security/notices/USN-6038-1", "https://ubuntu.com/security/notices/USN-6038-2", "https://ubuntu.com/security/notices/USN-6140-1", "https://www.cve.org/CVERecord?id=CVE-2023-24534" ], "PublishedDate": "2023-04-06T16:15:07.657Z", "LastModifiedDate": "2025-02-12T18:15:19.837Z" }, { "VulnerabilityID": "CVE-2023-24536", "VendorIDs": [ "GO-2023-1705" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.19.8, 1.20.3", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24536", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:81885dda742ccaa999d19161793546c14fabd5067cd676ac9836ab3356812310", "Title": "golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption", "Description": "Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing very large numbers of parts. This stems from several causes: 1. mime/multipart.Reader.ReadForm limits the total memory a parsed multipart form can consume. ReadForm can undercount the amount of memory consumed, leading it to accept larger inputs than intended. 2. Limiting total memory does not account for increased pressure on the garbage collector from large numbers of small allocations in forms with many parts. 3. ReadForm can allocate a large number of short-lived buffers, further increasing pressure on the garbage collector. The combination of these factors can permit an attacker to cause an program that parses multipart forms to consume large amounts of CPU and memory, potentially resulting in a denial of service. This affects programs that use mime/multipart.Reader.ReadForm, as well as form parsing in the net/http package with the Request methods FormFile, FormValue, ParseMultipartForm, and PostFormValue. With fix, ReadForm now does a better job of estimating the memory consumption of parsed forms, and performs many fewer short-lived allocations. In addition, the fixed mime/multipart.Reader imposes the following limits on the size of parsed forms: 1. Forms parsed with ReadForm may contain no more than 1000 parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxparts=. 2. Form parts parsed with NextPart and NextRawPart may contain no more than 10,000 header fields. In addition, forms parsed with ReadForm may contain no more than 10,000 header fields across all parts. This limit may be adjusted with the environment variable GODEBUG=multipartmaxheaders=.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2023-24536", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://github.com/golang/go/commit/7917b5f31204528ea72e0629f0b7d52b35b27538 (go.1.19.8)", "https://github.com/golang/go/commit/bf8c7c575c8a552d9d79deb29e80854dc88528d0 (go1.20.3)", "https://go.dev/cl/482075", "https://go.dev/cl/482076", "https://go.dev/cl/482077", "https://go.dev/issue/59153", "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", "https://linux.oracle.com/cve/CVE-2023-24536.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-24536", "https://pkg.go.dev/vuln/GO-2023-1705", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20230526-0007/", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2023-24536" ], "PublishedDate": "2023-04-06T16:15:07.71Z", "LastModifiedDate": "2025-02-12T18:15:20.083Z" }, { "VulnerabilityID": "CVE-2023-24537", "VendorIDs": [ "GO-2023-1702" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.19.8, 1.20.3", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24537", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:d3e9ace5a6688a352012c8d8cc8f39da8a3d3936a4ff893990dd4184c891c6be", "Title": "golang: go/parser: Infinite loop in parsing", "Description": "Calling any of the Parse functions on Go source code which contains //line directives with very large line numbers can cause an infinite loop due to integer overflow.", "Severity": "HIGH", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2023-24537", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://github.com/golang/go/commit/126a1d02da82f93ede7ce0bd8d3c51ef627f2104 (go1.19.8)", "https://github.com/golang/go/commit/e7c4b07ecf6b367f1afc9cc48cde963829dd0aab (go1.20.3)", "https://github.com/golang/go/issues/59180", "https://go.dev/cl/482078", "https://go.dev/issue/59180", "https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8", "https://linux.oracle.com/cve/CVE-2023-24537.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-24537", "https://pkg.go.dev/vuln/GO-2023-1702", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20241129-0004/", "https://ubuntu.com/security/notices/USN-6038-1", "https://ubuntu.com/security/notices/USN-6038-2", "https://ubuntu.com/security/notices/USN-6140-1", "https://www.cve.org/CVERecord?id=CVE-2023-24537" ], "PublishedDate": "2023-04-06T16:15:07.753Z", "LastModifiedDate": "2025-02-12T17:15:13.973Z" }, { "VulnerabilityID": "CVE-2023-24539", "VendorIDs": [ "GO-2023-1751" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.19.9, 1.20.4", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24539", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:bdfedff25c419e1a29cedfaf8b2ded39e7a02de5fe8c289b30164937f01a5436", "Title": "golang: html/template: improper sanitization of CSS values", "Description": "Angle brackets (\u003c\u003e) are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character can result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input.", "Severity": "HIGH", "CweIDs": [ "CWE-74", "CWE-94" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 7.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 7.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 7.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2023-24539", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://github.com/golang/go/commit/090590fdccc8442728aa31601927da1bf2ef1288 (go1.20.4)", "https://github.com/golang/go/commit/e49282327b05192e46086bf25fd3ac691205fe80 (go1.19.9)", "https://github.com/golang/go/issues/59720", "https://go.dev/cl/491615", "https://go.dev/issue/59720", "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU", "https://linux.oracle.com/cve/CVE-2023-24539.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-24539", "https://pkg.go.dev/vuln/GO-2023-1751", "https://security.netapp.com/advisory/ntap-20241129-0005/", "https://ubuntu.com/security/notices/USN-6140-1", "https://www.cve.org/CVERecord?id=CVE-2023-24539" ], "PublishedDate": "2023-05-11T16:15:09.6Z", "LastModifiedDate": "2025-01-24T17:15:10.67Z" }, { "VulnerabilityID": "CVE-2023-29400", "VendorIDs": [ "GO-2023-1753" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.19.9, 1.20.4", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29400", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:9a2e83e8c6c052945dd72db18389ad1cfebc272cd598538d894f0c0847838298", "Title": "golang: html/template: improper handling of empty HTML attributes", "Description": "Templates containing actions in unquoted HTML attributes (e.g. \"attr={{.}}\") executed with empty input can result in output with unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags.", "Severity": "HIGH", "CweIDs": [ "CWE-74", "CWE-94" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 7.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 7.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "V3Score": 7.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2023-29400", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2163037", "https://bugzilla.redhat.com/show_bug.cgi?id=2174485", "https://bugzilla.redhat.com/show_bug.cgi?id=2175721", "https://bugzilla.redhat.com/show_bug.cgi?id=2178358", "https://bugzilla.redhat.com/show_bug.cgi?id=2178488", "https://bugzilla.redhat.com/show_bug.cgi?id=2178492", "https://bugzilla.redhat.com/show_bug.cgi?id=2182883", "https://bugzilla.redhat.com/show_bug.cgi?id=2182884", "https://bugzilla.redhat.com/show_bug.cgi?id=2184481", "https://bugzilla.redhat.com/show_bug.cgi?id=2184482", "https://bugzilla.redhat.com/show_bug.cgi?id=2184483", "https://bugzilla.redhat.com/show_bug.cgi?id=2184484", "https://bugzilla.redhat.com/show_bug.cgi?id=2196026", "https://bugzilla.redhat.com/show_bug.cgi?id=2196027", "https://bugzilla.redhat.com/show_bug.cgi?id=2196029", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2228689", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3064", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41724", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41725", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24534", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24536", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24537", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24538", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24539", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24540", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25173", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25809", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27561", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28642", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29400", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3978", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:6939", "https://github.com/golang/go/commit/337dd75343145b74ed2073d793322eb4103b56ad (go1.20.4)", "https://github.com/golang/go/commit/9db0e74f606b8afb28cc71d4b1c8b4ed24cabbf5 (go1.19.9)", "https://github.com/golang/go/issues/59722", "https://go.dev/cl/491617", "https://go.dev/issue/59722", "https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU", "https://linux.oracle.com/cve/CVE-2023-29400.html", "https://linux.oracle.com/errata/ELSA-2023-6939.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-29400", "https://pkg.go.dev/vuln/GO-2023-1753", "https://security.netapp.com/advisory/ntap-20241213-0005/", "https://ubuntu.com/security/notices/USN-6140-1", "https://www.cve.org/CVERecord?id=CVE-2023-29400" ], "PublishedDate": "2023-05-11T16:15:09.85Z", "LastModifiedDate": "2025-01-24T17:15:12.747Z" }, { "VulnerabilityID": "CVE-2023-29403", "VendorIDs": [ "GO-2023-1840" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.19.10, 1.20.5", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29403", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c318c40a0a611e885cda10e51a384fdc124fd9a8dece3cb2f6d55df9a57eda4d", "Title": "golang: runtime: unexpected behavior of setuid/setgid binaries", "Description": "On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.", "Severity": "HIGH", "CweIDs": [ "CWE-668" ], "VendorSeverity": { "alma": 4, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 4, "photon": 3, "redhat": 3, "rocky": 4, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:3923", "https://access.redhat.com/security/cve/CVE-2023-29403", "https://bugzilla.redhat.com/2216965", "https://bugzilla.redhat.com/2217562", "https://bugzilla.redhat.com/2217565", "https://bugzilla.redhat.com/2217569", "https://bugzilla.redhat.com/show_bug.cgi?id=2216965", "https://bugzilla.redhat.com/show_bug.cgi?id=2217562", "https://bugzilla.redhat.com/show_bug.cgi?id=2217565", "https://bugzilla.redhat.com/show_bug.cgi?id=2217569", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29402", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29403", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29404", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29405", "https://errata.almalinux.org/9/ALSA-2023-3923.html", "https://errata.rockylinux.org/RLSA-2023:3923", "https://github.com/golang/go/commit/36144ba429ef2650940c72e7a0b932af3612d420 (go1.20.5)", "https://github.com/golang/go/commit/a7b1cd452ddc69a6606c2f35ac5786dc892e62cb (go1.19.10)", "https://github.com/golang/go/issues/60272", "https://go.dev/cl/501223", "https://go.dev/issue/60272", "https://groups.google.com/g/golang-announce/c/q5135a9d924", "https://groups.google.com/g/golang-announce/c/q5135a9d924/m/j0ZoAJOHAwAJ", "https://linux.oracle.com/cve/CVE-2023-29403.html", "https://linux.oracle.com/errata/ELSA-2023-3923.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NZ2O6YCO2IZMZJELQGZYR2WAUNEDLYV6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XBS3IIK6ADV24C5ULQU55QLT2UE762ZX/", "https://nvd.nist.gov/vuln/detail/CVE-2023-29403", "https://pkg.go.dev/vuln/GO-2023-1840", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20241220-0009/", "https://ubuntu.com/security/notices/USN-7061-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://www.cve.org/CVERecord?id=CVE-2023-29403" ], "PublishedDate": "2023-06-08T21:15:16.927Z", "LastModifiedDate": "2025-01-06T20:15:25.82Z" }, { "VulnerabilityID": "CVE-2023-39325", "VendorIDs": [ "GHSA-4374-p667-p6c8", "GO-2023-2102" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.20.10, 1.21.3", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39325", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:32f3ae9d667c42356b100251444303b7961e32422f764a487b7a8bf9be1b112f", "Title": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)", "Description": "A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "ghsa": 3, "nvd": 3, "oracle-oval": 2, "redhat": 3, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "golang.org/x/net", "https://access.redhat.com/errata/RHSA-2023:6077", "https://access.redhat.com/security/cve/CVE-2023-39325", "https://access.redhat.com/security/cve/CVE-2023-44487", "https://bugzilla.redhat.com/2242803", "https://bugzilla.redhat.com/2243296", "https://bugzilla.redhat.com/show_bug.cgi?id=2242803", "https://bugzilla.redhat.com/show_bug.cgi?id=2243296", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39325", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-44487", "https://errata.almalinux.org/9/ALSA-2023-6077.html", "https://errata.rockylinux.org/RLSA-2023:6077", "https://github.com/golang/go/commit/24ae2d927285c697440fdde3ad7f26028354bcf3 [golang- 1.21]", "https://github.com/golang/go/commit/e175f27f58aa7b9cd4d79607ae65d2cd5baaee68 [golang-1.20]", "https://github.com/golang/go/issues/63417", "https://go.dev/cl/534215", "https://go.dev/cl/534235", "https://go.dev/issue/63417", "https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo/m/UDd7VKQuAAAJ", "https://linux.oracle.com/cve/CVE-2023-39325.html", "https://linux.oracle.com/errata/ELSA-2023-5867.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OVW5V2DM5K5IC3H7O42YDUGNJ74J35O/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3SZN67IL7HMGMNAVLOTIXLIHUDXZK4LH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3WJ4QVX2AMUJ2F2S27POOAHRC4K3CHU4/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BUK2ZIAGCULOOYDNH25JPU6JBES5NF2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RSKA2II6QTD4YUKUNDVJQSRYSFC4VFR/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AVZDNSMVDAQJ64LJC5I5U5LDM5753647/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CHHITS4PUOZAKFIUBQAQZC7JWXMOYE4B/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D2BBIDR2ZMB3X5BC7SR4SLQMHRMVPY6L/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ECRC75BQJP6FJN2L7KCKYZW4DSBD7QSD/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FTMJ3NJIDAZFWJQQSP3L22MUFJ3UP2PT/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GSY7SXFFTPZFWDM6XELSDSHZLVW3AHK7/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HZQIELEIRSZUYTFFH5KTH2YJ4IIQG2KE/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPWCNYB5PQ5PCVZ4NJT6G56ZYFZ5QBU6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KEOTKBUPZXHE3F352JBYNTSNRXYLWD6P/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L5E5JSJBZLYXOTZWXHJKRVCIXIHVWKJ6/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MZQYOOKHQDQ57LV2IAG6NRFOVXKHJJ3Z/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NG7IMPL55MVWU3LCI4JQJT3K2U5CHDV7/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ODBY7RVMGZCBSTWF2OZGIZS57FNFUL67/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OXGWPQOJ3JNDW2XIYKIVJ7N7QUIFNM2Q/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QXOU2JZUBEBP7GBKAYIJRPRBZSJCD7ST/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R3UETKPUB3V5JS5TLZOF3SMTGT5K5APS/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/REMHVVIBDNKSRKNOTV7EQSB7CYQWOUOU/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7N5GV4CHH6WAGX3GFMDD3COEOVCZ4RI/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ULQQONMSCQSH5Z5OWFFQHCGEZ3NL4DRJ/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UTT7DG3QOF5ZNJLUGHDNLRUIN6OWZARP/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XTNLSL44Y5FB6JWADSZH6DCV4JJAAEQY/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YJWHBLVZDM5KQSDFRBFRKU5KSSOLIRQ4/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YRKEXKANQ7BKJW2YTAMP625LJUJZLJ4P/", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZSVEMQV5ROY5YW5QE3I57HT3ITWG5GCV/", "https://nvd.nist.gov/vuln/detail/CVE-2023-39325", "https://pkg.go.dev/vuln/GO-2023-2102", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20231110-0008", "https://security.netapp.com/advisory/ntap-20231110-0008/", "https://ubuntu.com/security/notices/USN-6574-1", "https://ubuntu.com/security/notices/USN-7061-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487", "https://www.cve.org/CVERecord?id=CVE-2023-39325" ], "PublishedDate": "2023-10-11T22:15:09.88Z", "LastModifiedDate": "2024-11-21T08:15:09.627Z" }, { "VulnerabilityID": "CVE-2023-45283", "VendorIDs": [ "GO-2023-2185" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.20.11, 1.21.4, 1.20.12, 1.21.5", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45283", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f181b31a0b2199ef517f005c9ed002a9ae262fb48388e66615df82ba5399c79b", "Title": "The filepath package does not recognize paths with a \\??\\ prefix as sp ...", "Description": "The filepath package does not recognize paths with a \\??\\ prefix as special. On Windows, a path beginning with \\??\\ is a Root Local Device path equivalent to a path beginning with \\\\?\\. Paths with a \\??\\ prefix may be used to access arbitrary locations on the system. For example, the path \\??\\c:\\x is equivalent to the more common path c:\\x. Before fix, Clean could convert a rooted path such as \\a\\..\\??\\b into the root local device path \\??\\b. Clean will now convert this to .\\??\\b. Similarly, Join(\\, ??, b) could convert a seemingly innocent sequence of path elements into the root local device path \\??\\b. Join will now convert this to \\.\\??\\b. In addition, with fix, IsAbs now correctly reports paths beginning with \\??\\ as absolute, and VolumeName correctly reports the \\??\\ prefix as a volume name. UPDATE: Go 1.20.11 and Go 1.21.4 inadvertently changed the definition of the volume name in Windows paths starting with \\?, resulting in filepath.Clean(\\?\\c:) returning \\?\\c: rather than \\?\\c:\\ (among other effects). The previous behavior has been restored.", "Severity": "HIGH", "CweIDs": [ "CWE-22" ], "VendorSeverity": { "amazon": 2, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "photon": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2023/12/05/2", "https://go.dev/cl/540277", "https://go.dev/cl/541175", "https://go.dev/issue/63713", "https://go.dev/issue/64028", "https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY", "https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ", "https://nvd.nist.gov/vuln/detail/CVE-2023-45283", "https://pkg.go.dev/vuln/GO-2023-2185", "https://security.netapp.com/advisory/ntap-20231214-0008/" ], "PublishedDate": "2023-11-09T17:15:08.757Z", "LastModifiedDate": "2024-11-21T08:26:41.567Z" }, { "VulnerabilityID": "CVE-2023-45287", "VendorIDs": [ "GO-2023-2375" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.20.0", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45287", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:a281efe4814305f41f4e9a85bb2afed9ea1d5961a3c90f2dd01ea7ad6a756cba", "Title": "golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges.", "Description": "Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS#1 padding may leak timing information, which in turn could be used to recover session key bits. In Go 1.20, the crypto/tls library switched to a fully constant time RSA implementation, which we do not believe exhibits any timing side channels.", "Severity": "HIGH", "CweIDs": [ "CWE-203" ], "VendorSeverity": { "alma": 2, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "nvd": 3, "oracle-oval": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:2272", "https://access.redhat.com/security/cve/CVE-2023-45287", "https://bugzilla.redhat.com/2253193", "https://bugzilla.redhat.com/2253330", "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", "https://bugzilla.redhat.com/show_bug.cgi?id=2244340", "https://bugzilla.redhat.com/show_bug.cgi?id=2246840", "https://bugzilla.redhat.com/show_bug.cgi?id=2253193", "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", "https://bugzilla.redhat.com/show_bug.cgi?id=2262272", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39326", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650", "https://errata.almalinux.org/9/ALSA-2024-2272.html", "https://errata.rockylinux.org/RLSA-2024:2988", "https://go.dev/cl/326012/26", "https://go.dev/issue/20654", "https://groups.google.com/g/golang-announce/c/QMK8IQALDvA", "https://linux.oracle.com/cve/CVE-2023-45287.html", "https://linux.oracle.com/errata/ELSA-2024-2988.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-45287", "https://people.redhat.com/~hkario/marvin/", "https://pkg.go.dev/vuln/GO-2023-2375", "https://security.netapp.com/advisory/ntap-20240112-0005/", "https://www.cve.org/CVERecord?id=CVE-2023-45287" ], "PublishedDate": "2023-12-05T17:15:08.57Z", "LastModifiedDate": "2024-11-21T08:26:42.25Z" }, { "VulnerabilityID": "CVE-2023-45288", "VendorIDs": [ "GHSA-4v7x-pqxf-cx7m", "GO-2024-2687" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.21.9, 1.22.2", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45288", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f6be9f62129c24e80b5597380b940118bd36ed754f613d2fb0845717789a3f5e", "Title": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS", "Description": "An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.", "Severity": "HIGH", "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "ghsa": 2, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/04/03/16", "http://www.openwall.com/lists/oss-security/2024/04/05/4", "https://access.redhat.com/errata/RHSA-2024:2724", "https://access.redhat.com/security/cve/CVE-2023-45288", "https://bugzilla.redhat.com/2268017", "https://bugzilla.redhat.com/2268018", "https://bugzilla.redhat.com/2268019", "https://bugzilla.redhat.com/2268273", "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", "https://errata.almalinux.org/9/ALSA-2024-2724.html", "https://errata.rockylinux.org/RLSA-2024:2724", "https://go.dev/cl/576155", "https://go.dev/issue/65051", "https://groups.google.com/g/golang-announce/c/YgW0sx8mN3M", "https://kb.cert.org/vuls/id/421644", "https://linux.oracle.com/cve/CVE-2023-45288.html", "https://linux.oracle.com/errata/ELSA-2024-3346.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT/", "https://nowotarski.info/http2-continuation-flood-technical-details", "https://nowotarski.info/http2-continuation-flood/", "https://nvd.nist.gov/vuln/detail/CVE-2023-45288", "https://pkg.go.dev/vuln/GO-2024-2687", "https://security.netapp.com/advisory/ntap-20240419-0009", "https://security.netapp.com/advisory/ntap-20240419-0009/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2023-45288", "https://www.kb.cert.org/vuls/id/421644" ], "PublishedDate": "2024-04-04T21:15:16.113Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-34156", "VendorIDs": [ "GO-2024-3106" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.22.7, 1.23.1", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34156", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:37d8bcf0b840db0ef0ae42b284dbf936b2cca9cbd0f17d9b260c3a92eed4c881", "Title": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion", "Description": "Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.", "Severity": "HIGH", "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:3773", "https://access.redhat.com/security/cve/CVE-2024-34156", "https://bugzilla.redhat.com/2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", "https://errata.almalinux.org/9/ALSA-2025-3773.html", "https://errata.rockylinux.org/RLSA-2025:3773", "https://github.com/golang/go/commit/2092294f2b097c5828f4eace6c98a322c1510b01 (go1.22.7)", "https://github.com/golang/go/commit/fa8ff1a46deb6c816304441ec6740ec112e19012 (go1.23.1)", "https://go.dev/cl/611239", "https://go.dev/issue/69139", "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "https://linux.oracle.com/cve/CVE-2024-34156.html", "https://linux.oracle.com/errata/ELSA-2025-3773.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-34156", "https://pkg.go.dev/vuln/GO-2024-3106", "https://security.netapp.com/advisory/ntap-20240926-0004/", "https://ubuntu.com/security/notices/USN-7081-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-34156" ], "PublishedDate": "2024-09-06T21:15:12.02Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-61726", "VendorIDs": [ "GO-2026-4341" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61726", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:181c81d64a32e335780303fc7761d90274ebc76aff13fcf7cd9f49bed47ac1b4", "Title": "golang: net/url: Memory exhaustion in query parameter parsing in net/url", "Description": "The net/url package does not set a limit on the number of query parameters in a query. While the maximum size of query parameters in URLs is generally limited by the maximum request header size, the net/http.Request.ParseForm method can parse large URL-encoded forms. Parsing a large form containing many unique query parameters can cause excessive memory consumption.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 3, "cbl-mariner": 2, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4177", "https://access.redhat.com/security/cve/CVE-2025-61726", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-4177.html", "https://errata.rockylinux.org/RLSA-2026:4177", "https://go.dev/cl/736712", "https://go.dev/issue/77101", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-61726.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61726", "https://pkg.go.dev/vuln/GO-2026-4341", "https://www.cve.org/CVERecord?id=CVE-2025-61726" ], "PublishedDate": "2026-01-28T20:16:09.713Z", "LastModifiedDate": "2026-02-06T18:47:34.52Z" }, { "VulnerabilityID": "CVE-2025-61729", "VendorIDs": [ "GO-2025-4155" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.24.11, 1.25.5", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61729", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:abe15e6f740d63febc0702199fa3be24f1647f94e0d2aeece2decf0c7cdd60c4", "Title": "crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate", "Description": "Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 1, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:3928", "https://access.redhat.com/security/cve/CVE-2025-61729", "https://bugzilla.redhat.com/2418462", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-3928.html", "https://errata.rockylinux.org/RLSA-2026:3928", "https://go.dev/cl/725920", "https://go.dev/issue/76445", "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "https://linux.oracle.com/cve/CVE-2025-61729.html", "https://linux.oracle.com/errata/ELSA-2026-5146.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61729", "https://pkg.go.dev/vuln/GO-2025-4155", "https://www.cve.org/CVERecord?id=CVE-2025-61729" ], "PublishedDate": "2025-12-02T19:15:51.447Z", "LastModifiedDate": "2025-12-19T18:25:28.283Z" }, { "VulnerabilityID": "CVE-2026-25679", "VendorIDs": [ "GO-2026-4601" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.25.8, 1.26.1", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-25679", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:5d811edcb18298105199bbdf6697cba230737a059a3cd8cc23efcc76f080a1a9", "Title": "net/url: Incorrect parsing of IPv6 host literals in net/url", "Description": "url.Parse insufficiently validated the host/authority component and accepted some invalid URLs.", "Severity": "HIGH", "CweIDs": [ "CWE-425" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:9044", "https://access.redhat.com/security/cve/CVE-2026-25679", "https://bugzilla.redhat.com/2445356", "https://bugzilla.redhat.com/show_bug.cgi?id=2445356", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-25679", "https://errata.almalinux.org/9/ALSA-2026-9044.html", "https://errata.rockylinux.org/RLSA-2026:8841", "https://go.dev/cl/752180", "https://go.dev/issue/77578", "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "https://linux.oracle.com/cve/CVE-2026-25679.html", "https://linux.oracle.com/errata/ELSA-2026-9044.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-25679", "https://pkg.go.dev/vuln/GO-2026-4601", "https://www.cve.org/CVERecord?id=CVE-2026-25679" ], "PublishedDate": "2026-03-06T22:16:00.72Z", "LastModifiedDate": "2026-04-21T14:43:03.8Z" }, { "VulnerabilityID": "CVE-2026-32280", "VendorIDs": [ "GO-2026-4947" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32280", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:7ba4c6d596d13262ce37232d2662abbf7ecae4b02510be295052cab82b3bdb7f", "Title": "crypto/x509: crypto/tls: golang: Go: Denial of Service vulnerability in certificate chain building", "Description": "During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32280", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/758320", "https://go.dev/issue/78282", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32280.html", "https://linux.oracle.com/errata/ELSA-2026-16875.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32280", "https://pkg.go.dev/vuln/GO-2026-4947", "https://www.cve.org/CVERecord?id=CVE-2026-32280" ], "PublishedDate": "2026-04-08T02:16:03.247Z", "LastModifiedDate": "2026-04-16T19:16:42.18Z" }, { "VulnerabilityID": "CVE-2026-32281", "VendorIDs": [ "GO-2026-4946" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32281", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:e56849be0f1dce8c8b91afbb9346e451bb9970fa48251c32ce9015cafb71d70b", "Title": "crypto/x509: golang: Go crypto/x509: Denial of Service via inefficient certificate chain validation", "Description": "Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.", "Severity": "HIGH", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "nvd": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32281", "https://go.dev/cl/758061", "https://go.dev/issue/78281", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32281", "https://pkg.go.dev/vuln/GO-2026-4946", "https://www.cve.org/CVERecord?id=CVE-2026-32281" ], "PublishedDate": "2026-04-08T02:16:03.35Z", "LastModifiedDate": "2026-04-16T19:15:57.75Z" }, { "VulnerabilityID": "CVE-2026-32283", "VendorIDs": [ "GO-2026-4870" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32283", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:6f3c01031a807df8cbc956c45d9f624dfe330b46a6ce5a21b3029d5662a0dfc5", "Title": "crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages", "Description": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "nvd": 3, "oracle-oval": 3, "redhat": 3, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32283", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763767", "https://go.dev/issue/78334", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32283.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32283", "https://pkg.go.dev/vuln/GO-2026-4870", "https://www.cve.org/CVERecord?id=CVE-2026-32283" ], "PublishedDate": "2026-04-08T02:16:03.58Z", "LastModifiedDate": "2026-04-16T19:12:10.54Z" }, { "VulnerabilityID": "CVE-2026-33811", "VendorIDs": [ "GO-2026-4981" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:83120e85f61a7c54b012cbcdaafa3983ab5a5f45943d3f7e789dd43f232c5625", "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", "Severity": "HIGH", "CweIDs": [ "CWE-415" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/767860", "https://go.dev/issue/78803", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", "https://pkg.go.dev/vuln/GO-2026-4981" ], "PublishedDate": "2026-05-07T20:16:42.77Z", "LastModifiedDate": "2026-05-12T20:23:02.333Z" }, { "VulnerabilityID": "CVE-2026-33814", "VendorIDs": [ "GO-2026-4918" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:4f45024d3fd77f6e8ceb3121c8db4ceb6ceec9766749095125b24bc44ca97f85", "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", "Severity": "HIGH", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/761581", "https://go.dev/cl/761640", "https://go.dev/issue/78476", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", "https://pkg.go.dev/vuln/GO-2026-4918" ], "PublishedDate": "2026-05-07T20:16:42.88Z", "LastModifiedDate": "2026-05-13T14:41:59.52Z" }, { "VulnerabilityID": "CVE-2026-39820", "VendorIDs": [ "GO-2026-4986" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:248ea6931e7670cfdab2dab79cab4bed8ed1cd3c9f66c8c7535f0ae4fb47a67d", "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/759940", "https://go.dev/issue/78566", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", "https://pkg.go.dev/vuln/GO-2026-4986" ], "PublishedDate": "2026-05-07T20:16:43.187Z", "LastModifiedDate": "2026-05-13T15:10:58.65Z" }, { "VulnerabilityID": "CVE-2026-39836", "VendorIDs": [ "GO-2026-4971" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:76929011b788af6a3291a3b5100a0ceec6807048039ca552c55c6ddb11518ee8", "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/775320", "https://go.dev/issue/79006", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", "https://pkg.go.dev/vuln/GO-2026-4971" ], "PublishedDate": "2026-05-07T20:16:43.593Z", "LastModifiedDate": "2026-05-13T15:11:10.31Z" }, { "VulnerabilityID": "CVE-2026-42499", "VendorIDs": [ "GO-2026-4977" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:bc0c240af7bad79be8cc558195a2eacaaaf3e3e47179c7cca74bb686050b4c7d", "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", "Severity": "HIGH", "VendorSeverity": { "bitnami": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/771520", "https://go.dev/issue/78987", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", "https://pkg.go.dev/vuln/GO-2026-4977" ], "PublishedDate": "2026-05-07T20:16:44.54Z", "LastModifiedDate": "2026-05-13T16:59:17.563Z" }, { "VulnerabilityID": "CVE-2023-24532", "VendorIDs": [ "GO-2023-1621" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.19.7, 1.20.2", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-24532", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:29671bca4f9eb6693c2d8d3f38cc67c380adb1b80a302cb311917ab32ae42cec", "Title": "golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results", "Description": "The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages of crypto/ecdsa or crypto/ecdh.", "Severity": "MEDIUM", "CweIDs": [ "CWE-682" ], "VendorSeverity": { "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2023-24532", "https://go.dev/cl/471255", "https://go.dev/issue/58647", "https://groups.google.com/g/golang-announce/c/3-TpUx48iQY", "https://nvd.nist.gov/vuln/detail/CVE-2023-24532", "https://pkg.go.dev/vuln/GO-2023-1621", "https://security.netapp.com/advisory/ntap-20230331-0011/", "https://www.cve.org/CVERecord?id=CVE-2023-24532" ], "PublishedDate": "2023-03-08T20:15:09.413Z", "LastModifiedDate": "2024-11-21T07:48:04.383Z" }, { "VulnerabilityID": "CVE-2023-29406", "VendorIDs": [ "GO-2023-1878" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.19.11, 1.20.6", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29406", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:38e3f306d927d80632017510da112f9ce1b1bedbf99016453c9662b589b3cd32", "Title": "golang: net/http: insufficient sanitization of Host header", "Description": "The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.", "Severity": "MEDIUM", "CweIDs": [ "CWE-436" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "V3Score": 6.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:6474", "https://access.redhat.com/security/cve/CVE-2023-29406", "https://bugzilla.redhat.com/2174485", "https://bugzilla.redhat.com/2178358", "https://bugzilla.redhat.com/2178488", "https://bugzilla.redhat.com/2178492", "https://bugzilla.redhat.com/2184481", "https://bugzilla.redhat.com/2184482", "https://bugzilla.redhat.com/2184483", "https://bugzilla.redhat.com/2184484", "https://bugzilla.redhat.com/2196026", "https://bugzilla.redhat.com/2196027", "https://bugzilla.redhat.com/2196029", "https://bugzilla.redhat.com/2222167", "https://bugzilla.redhat.com/2228689", "https://bugzilla.redhat.com/show_bug.cgi?id=2222167", "https://bugzilla.redhat.com/show_bug.cgi?id=2242871", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29406", "https://errata.almalinux.org/9/ALSA-2023-6474.html", "https://errata.rockylinux.org/RLSA-2023:7202", "https://github.com/golang/go/commit/312920c00aac9897b2a0693e752390b5b0711a5a (go1.20.6)", "https://github.com/golang/go/commit/5fa6923b1ea891400153d04ddf1545e23b40041b (go1.19.11)", "https://github.com/golang/go/issues/60374", "https://go.dev/cl/506996", "https://go.dev/issue/60374", "https://groups.google.com/g/golang-announce/c/2q13H6LEEx0", "https://linux.oracle.com/cve/CVE-2023-29406.html", "https://linux.oracle.com/errata/ELSA-2023-7202.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-29406", "https://pkg.go.dev/vuln/GO-2023-1878", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20230814-0002/", "https://ubuntu.com/security/notices/USN-7061-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://www.cve.org/CVERecord?id=CVE-2023-29406" ], "PublishedDate": "2023-07-11T20:15:10.643Z", "LastModifiedDate": "2024-11-21T07:56:59.913Z" }, { "VulnerabilityID": "CVE-2023-29409", "VendorIDs": [ "GO-2023-1987" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.19.12, 1.20.7, 1.21.0-rc.4", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-29409", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:4d5f55332c355531dd1f13f52555279ea58f0e77a154b78d2831f65bdef27718", "Title": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys", "Description": "Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to \u003c= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable.", "Severity": "MEDIUM", "CweIDs": [ "CWE-400" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2023:7766", "https://access.redhat.com/security/cve/CVE-2023-29409", "https://bugzilla.redhat.com/2228743", "https://bugzilla.redhat.com/2237773", "https://bugzilla.redhat.com/2237776", "https://bugzilla.redhat.com/2237777", "https://bugzilla.redhat.com/2237778", "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", "https://bugzilla.redhat.com/show_bug.cgi?id=2244340", "https://bugzilla.redhat.com/show_bug.cgi?id=2246840", "https://bugzilla.redhat.com/show_bug.cgi?id=2253193", "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", "https://bugzilla.redhat.com/show_bug.cgi?id=2262272", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39326", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650", "https://errata.almalinux.org/9/ALSA-2023-7766.html", "https://errata.rockylinux.org/RLSA-2024:2988", "https://go.dev/cl/515257", "https://go.dev/issue/61460", "https://groups.google.com/g/golang-announce/c/X0b6CsSAaYI/m/Efv5DbZ9AwAJ", "https://linux.oracle.com/cve/CVE-2023-29409.html", "https://linux.oracle.com/errata/ELSA-2024-2988.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-29409", "https://pkg.go.dev/vuln/GO-2023-1987", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20230831-0010/", "https://www.cve.org/CVERecord?id=CVE-2023-29409" ], "PublishedDate": "2023-08-02T20:15:11.94Z", "LastModifiedDate": "2024-11-21T07:57:00.287Z" }, { "VulnerabilityID": "CVE-2023-39318", "VendorIDs": [ "GO-2023-2041" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.20.8, 1.21.1", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39318", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:5068dedd2bdbac42f4ffb3fa94bd0e312cc32031f1a05c5040539212088c5b2b", "Title": "golang: html/template: improper handling of HTML-like comments within script contexts", "Description": "The html/template package does not properly handle HTML-like \"\" comment tokens, nor hashbang \"#!\" comment tokens, in \u003cscript\u003e contexts. This may cause the template parser to improperly interpret the contents of \u003cscript\u003e contexts, causing actions to be improperly escaped. This may be leveraged to perform an XSS attack.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:2160", "https://access.redhat.com/security/cve/CVE-2023-39318", "https://bugzilla.redhat.com/2237773", "https://bugzilla.redhat.com/2237776", "https://bugzilla.redhat.com/2253330", "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", "https://bugzilla.redhat.com/show_bug.cgi?id=2244340", "https://bugzilla.redhat.com/show_bug.cgi?id=2246840", "https://bugzilla.redhat.com/show_bug.cgi?id=2253193", "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", "https://bugzilla.redhat.com/show_bug.cgi?id=2262272", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39326", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650", "https://errata.almalinux.org/9/ALSA-2024-2160.html", "https://errata.rockylinux.org/RLSA-2024:2988", "https://github.com/golang/go/commit/023b542edf38e2a1f87fcefb9f75ff2f99401b4c (go1.20.8)", "https://github.com/golang/go/commit/b0e1d3ea26e8e8fce7726690c9ef0597e60739fb (go1.21.1)", "https://go.dev/cl/526156", "https://go.dev/issue/62196", "https://groups.google.com/g/golang-announce/c/Fm51GRLNRvM", "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", "https://linux.oracle.com/cve/CVE-2023-39318.html", "https://linux.oracle.com/errata/ELSA-2024-2988.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-39318", "https://pkg.go.dev/vuln/GO-2023-2041", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20231020-0009/", "https://ubuntu.com/security/notices/USN-6574-1", "https://ubuntu.com/security/notices/USN-7061-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://vuln.go.dev/ID/GO-2023-2041.json", "https://www.cve.org/CVERecord?id=CVE-2023-39318" ], "PublishedDate": "2023-09-08T17:15:27.823Z", "LastModifiedDate": "2024-11-21T08:15:08.737Z" }, { "VulnerabilityID": "CVE-2023-39319", "VendorIDs": [ "GO-2023-2043" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.20.8, 1.21.1", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39319", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:e4d6e843468339cde7a767bb38d37de85cfc1d9e662b67545087b4d46fead81f", "Title": "golang: html/template: improper handling of special tags within script contexts", "Description": "The html/template package does not apply the proper rules for handling occurrences of \"\u003cscript\", \"\u003c!--\", and \"\u003c/script\" within JS literals in \u003cscript\u003e contexts. This may cause the template parser to improperly consider script contexts to be terminated early, causing actions to be improperly escaped. This could be leveraged to perform an XSS attack.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:2160", "https://access.redhat.com/security/cve/CVE-2023-39319", "https://bugzilla.redhat.com/2237773", "https://bugzilla.redhat.com/2237776", "https://bugzilla.redhat.com/2253330", "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", "https://bugzilla.redhat.com/show_bug.cgi?id=2244340", "https://bugzilla.redhat.com/show_bug.cgi?id=2246840", "https://bugzilla.redhat.com/show_bug.cgi?id=2253193", "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", "https://bugzilla.redhat.com/show_bug.cgi?id=2262272", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39326", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650", "https://errata.almalinux.org/9/ALSA-2024-2160.html", "https://errata.rockylinux.org/RLSA-2024:2988", "https://github.com/golang/go/commit/2070531d2f53df88e312edace6c8dfc9686ab2f5 (go1.20.8)", "https://github.com/golang/go/commit/bbd043ff0d6d59f1a9232d31ecd5eacf6507bf6a (go1.21.1)", "https://go.dev/cl/526157", "https://go.dev/issue/62197", "https://groups.google.com/g/golang-announce/c/Fm51GRLNRvM", "https://groups.google.com/g/golang-dev/c/2C5vbR-UNkI/m/L1hdrPhfBAAJ", "https://linux.oracle.com/cve/CVE-2023-39319.html", "https://linux.oracle.com/errata/ELSA-2024-2988.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-39319", "https://pkg.go.dev/vuln/GO-2023-2043", "https://security.gentoo.org/glsa/202311-09", "https://security.netapp.com/advisory/ntap-20231020-0009/", "https://ubuntu.com/security/notices/USN-6574-1", "https://ubuntu.com/security/notices/USN-7061-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://vuln.go.dev/ID/GO-2023-2043.json", "https://www.cve.org/CVERecord?id=CVE-2023-39319" ], "PublishedDate": "2023-09-08T17:15:27.91Z", "LastModifiedDate": "2024-11-21T08:15:08.89Z" }, { "VulnerabilityID": "CVE-2023-39326", "VendorIDs": [ "GO-2023-2382" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.20.12, 1.21.5", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-39326", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:41179a56d694ad09d1ddc67c1fc96f31b62f79bce42b1744f42d4ffde2c0866e", "Title": "golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests", "Description": "A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response body to read many more bytes from the network than are in the body. A malicious HTTP client can further exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which permit including additional metadata in a request or response body sent using the chunked encoding. The net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real body to encoded bytes grows too small.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:2272", "https://access.redhat.com/security/cve/CVE-2023-39326", "https://bugzilla.redhat.com/2253193", "https://bugzilla.redhat.com/2253330", "https://bugzilla.redhat.com/show_bug.cgi?id=1983596", "https://bugzilla.redhat.com/show_bug.cgi?id=1989575", "https://bugzilla.redhat.com/show_bug.cgi?id=2132867", "https://bugzilla.redhat.com/show_bug.cgi?id=2132868", "https://bugzilla.redhat.com/show_bug.cgi?id=2132872", "https://bugzilla.redhat.com/show_bug.cgi?id=2228743", "https://bugzilla.redhat.com/show_bug.cgi?id=2237773", "https://bugzilla.redhat.com/show_bug.cgi?id=2237776", "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", "https://bugzilla.redhat.com/show_bug.cgi?id=2244340", "https://bugzilla.redhat.com/show_bug.cgi?id=2246840", "https://bugzilla.redhat.com/show_bug.cgi?id=2253193", "https://bugzilla.redhat.com/show_bug.cgi?id=2253330", "https://bugzilla.redhat.com/show_bug.cgi?id=2254210", "https://bugzilla.redhat.com/show_bug.cgi?id=2262272", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25091", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2879", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2880", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41715", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39318", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39319", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39326", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45287", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45803", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23650", "https://errata.almalinux.org/9/ALSA-2024-2272.html", "https://errata.rockylinux.org/RLSA-2024:2988", "https://github.com/golang/go/commit/6446af942e2e2b161c4ec1b60d9703a2b55dc4dd (go1.20.12)", "https://github.com/golang/go/commit/ec8c526e4be720e94b98ca509e6364f0efaf28f7 (go1.21.5)", "https://go.dev/cl/547335", "https://go.dev/issue/64433", "https://groups.google.com/g/golang-dev/c/6ypN5EjibjM/m/KmLVYH_uAgAJ", "https://linux.oracle.com/cve/CVE-2023-39326.html", "https://linux.oracle.com/errata/ELSA-2024-2988.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UIU6HOGV6RRIKWM57LOXQA75BGZSIH6G/", "https://nvd.nist.gov/vuln/detail/CVE-2023-39326", "https://pkg.go.dev/vuln/GO-2023-2382", "https://ubuntu.com/security/notices/USN-6574-1", "https://www.cve.org/CVERecord?id=CVE-2023-39326" ], "PublishedDate": "2023-12-06T17:15:07.147Z", "LastModifiedDate": "2024-11-21T08:15:09.89Z" }, { "VulnerabilityID": "CVE-2023-45284", "VendorIDs": [ "GO-2023-2186" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.20.11, 1.21.4", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45284", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:224aa7cafc846f9e8320ccee4b9e4ff4b77f2a7d0c1ea5ced378ea0ee75a61f3", "Title": "On Windows, The IsLocal function does not correctly detect reserved de ...", "Description": "On Windows, The IsLocal function does not correctly detect reserved device names in some cases. Reserved names followed by spaces, such as \"COM1 \", and reserved names \"COM\" and \"LPT\" followed by superscript 1, 2, or 3, are incorrectly reported as local. With fix, IsLocal now correctly reports these names as non-local.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "photon": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "https://go.dev/cl/540277", "https://go.dev/issue/63713", "https://groups.google.com/g/golang-announce/c/4tU8LZfBFkY", "https://nvd.nist.gov/vuln/detail/CVE-2023-45284", "https://pkg.go.dev/vuln/GO-2023-2186" ], "PublishedDate": "2023-11-09T17:15:08.813Z", "LastModifiedDate": "2024-11-21T08:26:41.737Z" }, { "VulnerabilityID": "CVE-2023-45289", "VendorIDs": [ "GO-2024-2600" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.21.8, 1.22.1", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45289", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:70cd8eea89882d751fcc2faeb412709535d7586c7afac25c554cf7eb435dc09a", "Title": "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect", "Description": "When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 3, "amazon": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "V3Score": 4.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/08/4", "https://access.redhat.com/errata/RHSA-2024:2724", "https://access.redhat.com/security/cve/CVE-2023-45289", "https://bugzilla.redhat.com/2268017", "https://bugzilla.redhat.com/2268018", "https://bugzilla.redhat.com/2268019", "https://bugzilla.redhat.com/2268273", "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", "https://errata.almalinux.org/9/ALSA-2024-2724.html", "https://errata.rockylinux.org/RLSA-2024:2724", "https://github.com/golang/go/commit/20586c0dbe03d144f914155f879fa5ee287591a1 (go1.21.8)", "https://github.com/golang/go/commit/3a855208e3efed2e9d7c20ad023f1fa78afcc0be (go1.22.1)", "https://github.com/golang/go/issues/65065", "https://go.dev/cl/569340", "https://go.dev/issue/65065", "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "https://linux.oracle.com/cve/CVE-2023-45289.html", "https://linux.oracle.com/errata/ELSA-2024-3346.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-45289", "https://pkg.go.dev/vuln/GO-2024-2600", "https://security.netapp.com/advisory/ntap-20240329-0006/", "https://ubuntu.com/security/notices/USN-6886-1", "https://www.cve.org/CVERecord?id=CVE-2023-45289" ], "PublishedDate": "2024-03-05T23:15:07.137Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2023-45290", "VendorIDs": [ "GO-2024-2599" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.21.8, 1.22.1", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2023-45290", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:e31c5afe6927f3943c4a81abe6a9624cfa8561345ed7c0a8276192d95a2a31d5", "Title": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm", "Description": "When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 2, "amazon": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/08/4", "https://access.redhat.com/errata/RHSA-2024:9135", "https://access.redhat.com/security/cve/CVE-2023-45290", "https://bugzilla.redhat.com/2268017", "https://bugzilla.redhat.com/2268022", "https://bugzilla.redhat.com/2279814", "https://bugzilla.redhat.com/2295310", "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24785", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", "https://errata.almalinux.org/9/ALSA-2024-9135.html", "https://errata.rockylinux.org/RLSA-2024:9135", "https://github.com/golang/go/commit/041a47712e765e94f86d841c3110c840e76d8f82 (go1.22.1)", "https://github.com/golang/go/commit/bf80213b121074f4ad9b449410a4d13bae5e9be0 (go1.21.8)", "https://github.com/golang/go/issues/65383", "https://go.dev/cl/569341", "https://go.dev/issue/65383", "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "https://linux.oracle.com/cve/CVE-2023-45290.html", "https://linux.oracle.com/errata/ELSA-2024-8038.html", "https://nvd.nist.gov/vuln/detail/CVE-2023-45290", "https://pkg.go.dev/vuln/GO-2024-2599", "https://security.netapp.com/advisory/ntap-20240329-0004", "https://security.netapp.com/advisory/ntap-20240329-0004/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2023-45290" ], "PublishedDate": "2024-03-05T23:15:07.21Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-24783", "VendorIDs": [ "GO-2024-2598" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.21.8, 1.22.1", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24783", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c94893d8d04872a7a9ed7cfb56b0171957f4bdd080870a84754b9ff979de3592", "Title": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm", "Description": "Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates.", "Severity": "MEDIUM", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 2, "amazon": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.9 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/08/4", "https://access.redhat.com/errata/RHSA-2024:6195", "https://access.redhat.com/security/cve/CVE-2024-24783", "https://bugzilla.redhat.com/2268019", "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", "https://errata.almalinux.org/9/ALSA-2024-6195.html", "https://errata.rockylinux.org/RLSA-2024:2724", "https://github.com/advisories/GHSA-3q2c-pvp5-3cqp", "https://github.com/golang/go/commit/337b8e9cbfa749d9d5c899e0dc358e2208d5e54f (go1.22.1)", "https://github.com/golang/go/commit/be5b52bea674190ef7de272664be6c7ae93ec5a0 (go1.21.8)", "https://github.com/golang/go/issues/65390", "https://go.dev/cl/569339", "https://go.dev/issue/65390", "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "https://linux.oracle.com/cve/CVE-2024-24783.html", "https://linux.oracle.com/errata/ELSA-2024-6969.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-24783", "https://pkg.go.dev/vuln/GO-2024-2598", "https://security.netapp.com/advisory/ntap-20240329-0005", "https://security.netapp.com/advisory/ntap-20240329-0005/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-24783" ], "PublishedDate": "2024-03-05T23:15:07.683Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-24784", "VendorIDs": [ "GO-2024-2609" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.21.8, 1.22.1", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24784", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:49b7957f7b2c18863c9e96dc47db5f04708fd4aeb38d35e5ea62473fa761aa4c", "Title": "golang: net/mail: comments in display names are incorrectly handled", "Description": "The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 3, "amazon": 2, "bitnami": 3, "cbl-mariner": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/08/4", "https://access.redhat.com/errata/RHSA-2024:2562", "https://access.redhat.com/security/cve/CVE-2024-24784", "https://bugzilla.redhat.com/2262921", "https://bugzilla.redhat.com/2268017", "https://bugzilla.redhat.com/2268018", "https://bugzilla.redhat.com/2268019", "https://bugzilla.redhat.com/2268021", "https://bugzilla.redhat.com/2268022", "https://bugzilla.redhat.com/2268273", "https://bugzilla.redhat.com/show_bug.cgi?id=2262921", "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", "https://bugzilla.redhat.com/show_bug.cgi?id=2268018", "https://bugzilla.redhat.com/show_bug.cgi?id=2268019", "https://bugzilla.redhat.com/show_bug.cgi?id=2268021", "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", "https://bugzilla.redhat.com/show_bug.cgi?id=2268273", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45288", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45289", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1394", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24783", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24784", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24785", "https://errata.almalinux.org/9/ALSA-2024-2562.html", "https://errata.rockylinux.org/RLSA-2024:2562", "https://github.com/golang/go/commit/263c059b09fdd40d9dd945f2ecb20c89ea28efe5 (go1.21.8)", "https://github.com/golang/go/commit/5330cd225ba54c7dc78c1b46dcdf61a4671a632c (go1.22.1)", "https://github.com/golang/go/issues/65083", "https://go.dev/cl/555596", "https://go.dev/issue/65083", "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "https://linux.oracle.com/cve/CVE-2024-24784.html", "https://linux.oracle.com/errata/ELSA-2024-6969.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-24784", "https://pkg.go.dev/vuln/GO-2024-2609", "https://security.netapp.com/advisory/ntap-20240329-0007/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-24784" ], "PublishedDate": "2024-03-05T23:15:07.733Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-24785", "VendorIDs": [ "GO-2024-2610" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.21.8, 1.22.1", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24785", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:cee21c20d0d01583b7478be478d26da0beed4077249a0a9e4523d28727a5c8db", "Title": "golang: html/template: errors returned from MarshalJSON methods may break template escaping", "Description": "If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "V3Score": 5.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/03/08/4", "https://access.redhat.com/errata/RHSA-2024:9135", "https://access.redhat.com/security/cve/CVE-2024-24785", "https://bugzilla.redhat.com/2268017", "https://bugzilla.redhat.com/2268022", "https://bugzilla.redhat.com/2279814", "https://bugzilla.redhat.com/2295310", "https://bugzilla.redhat.com/show_bug.cgi?id=2268017", "https://bugzilla.redhat.com/show_bug.cgi?id=2268022", "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-45290", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24785", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", "https://errata.almalinux.org/9/ALSA-2024-9135.html", "https://errata.rockylinux.org/RLSA-2024:9135", "https://github.com/golang/go/commit/056b0edcb8c152152021eebf4cf42adbfbe77992 (go1.22.1)", "https://github.com/golang/go/commit/3643147a29352ca2894fd5d0d2069bc4b4335a7e (go1.21.8)", "https://github.com/golang/go/issues/65697", "https://go.dev/cl/564196", "https://go.dev/issue/65697", "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", "https://linux.oracle.com/cve/CVE-2024-24785.html", "https://linux.oracle.com/errata/ELSA-2026-3428.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-24785", "https://pkg.go.dev/vuln/GO-2024-2610", "https://security.netapp.com/advisory/ntap-20240329-0008/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7061-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://vuln.go.dev/ID/GO-2024-2610.json", "https://www.cve.org/CVERecord?id=CVE-2024-24785" ], "PublishedDate": "2024-03-05T23:15:07.777Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-24789", "VendorIDs": [ "GO-2024-2888" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.21.11, 1.22.4", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24789", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:fba2082adce1e9d10e95bb8cf345b7f44868fa938996d5a40297d9b6b728705e", "Title": "golang: archive/zip: Incorrect handling of certain ZIP files", "Description": "The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "nvd": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2024/06/04/1", "https://access.redhat.com/errata/RHSA-2024:9115", "https://access.redhat.com/security/cve/CVE-2024-24789", "https://bugzilla.redhat.com/2279814", "https://bugzilla.redhat.com/2292668", "https://bugzilla.redhat.com/2292787", "https://bugzilla.redhat.com/2294000", "https://bugzilla.redhat.com/2295310", "https://bugzilla.redhat.com/show_bug.cgi?id=2144983", "https://bugzilla.redhat.com/show_bug.cgi?id=2274767", "https://bugzilla.redhat.com/show_bug.cgi?id=2292668", "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4122", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24789", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-3727", "https://errata.almalinux.org/9/ALSA-2024-9115.html", "https://errata.rockylinux.org/RLSA-2024:9102", "https://github.com/golang/go/commit/c8e40338cf00f3c1d86c8fb23863ad67a4c72bcc (1.21)", "https://github.com/golang/go/commit/cf501ac0c5fe351a8582d20b43562027927906e7 (1.22)", "https://github.com/golang/go/issues/66869", "https://go.dev/cl/585397", "https://go.dev/issue/66869", "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k", "https://groups.google.com/g/golang-announce/c/XbxouI9gY7k/m/TuoGEhxIEwAJ", "https://linux.oracle.com/cve/CVE-2024-24789.html", "https://linux.oracle.com/errata/ELSA-2024-9115.html", "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U5YAEIA6IUHUNGJ7AIXXPQT6D2GYENX7/", "https://nvd.nist.gov/vuln/detail/CVE-2024-24789", "https://pkg.go.dev/vuln/GO-2024-2888", "https://security.netapp.com/advisory/ntap-20250131-0008/", "https://ubuntu.com/security/notices/USN-6886-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-24789" ], "PublishedDate": "2024-06-05T16:15:10.47Z", "LastModifiedDate": "2025-01-31T15:15:12.74Z" }, { "VulnerabilityID": "CVE-2024-24791", "VendorIDs": [ "GO-2024-2963" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.21.12, 1.22.5", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-24791", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:a338a1059fbb3495f90b1e1a875395f2887aef6aa80aa35ff9024cb41d7b3c36", "Title": "net/http: Denial of service due to improper 100-continue handling in net/http", "Description": "The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an \"Expect: 100-continue\" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending \"Expect: 100-continue\" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "bitnami": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:7256", "https://access.redhat.com/security/cve/CVE-2024-24791", "https://bugzilla.redhat.com/2237777", "https://bugzilla.redhat.com/2237778", "https://bugzilla.redhat.com/2279814", "https://bugzilla.redhat.com/2292787", "https://bugzilla.redhat.com/2295310", "https://bugzilla.redhat.com/2315719", "https://bugzilla.redhat.com/show_bug.cgi?id=2237777", "https://bugzilla.redhat.com/show_bug.cgi?id=2237778", "https://bugzilla.redhat.com/show_bug.cgi?id=2279814", "https://bugzilla.redhat.com/show_bug.cgi?id=2292787", "https://bugzilla.redhat.com/show_bug.cgi?id=2295310", "https://bugzilla.redhat.com/show_bug.cgi?id=2315719", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39321", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-39322", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24788", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24790", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9355", "https://errata.almalinux.org/9/ALSA-2025-7256.html", "https://errata.rockylinux.org/RLSA-2025:7256", "https://go.dev/cl/591255", "https://go.dev/issue/67555", "https://groups.google.com/g/golang-dev/c/t0rK-qHBqzY/m/6MMoAZkMAgAJ", "https://linux.oracle.com/cve/CVE-2024-24791.html", "https://linux.oracle.com/errata/ELSA-2025-7256.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-24791", "https://pkg.go.dev/vuln/GO-2024-2963", "https://security.netapp.com/advisory/ntap-20241004-0004/", "https://ubuntu.com/security/notices/USN-7081-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-24791" ], "PublishedDate": "2024-07-02T22:15:04.833Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-34155", "VendorIDs": [ "GO-2024-3105" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.22.7, 1.23.1", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34155", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f62137d5251fcb141fc8399085898bcc5fb8643b0f533ab1408f0bc14be49687", "Title": "go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion", "Description": "Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 4.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2024:9459", "https://access.redhat.com/security/cve/CVE-2024-34155", "https://bugzilla.redhat.com/2310527", "https://bugzilla.redhat.com/2310528", "https://bugzilla.redhat.com/2310529", "https://bugzilla.redhat.com/2315691", "https://bugzilla.redhat.com/2315887", "https://bugzilla.redhat.com/2317458", "https://bugzilla.redhat.com/2317467", "https://bugzilla.redhat.com/show_bug.cgi?id=2310527", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2310529", "https://bugzilla.redhat.com/show_bug.cgi?id=2315691", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341", "https://errata.almalinux.org/9/ALSA-2024-9459.html", "https://errata.rockylinux.org/RLSA-2024:8039", "https://github.com/golang/go/commit/53487e5477151ed75da50e50a0ba8f1ca64c00a3 (go1.23.1)", "https://github.com/golang/go/commit/b232596139dbe96a62edbe3a2a203e856bf556eb (go1.22.7)", "https://go.dev/cl/611238", "https://go.dev/issue/69138", "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "https://linux.oracle.com/cve/CVE-2024-34155.html", "https://linux.oracle.com/errata/ELSA-2024-9459.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-34155", "https://pkg.go.dev/vuln/GO-2024-3105", "https://security.netapp.com/advisory/ntap-20240926-0005/", "https://ubuntu.com/security/notices/USN-7081-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-34155" ], "PublishedDate": "2024-09-06T21:15:11.947Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-34158", "VendorIDs": [ "GO-2024-3107" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.22.7, 1.23.1", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-34158", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:ae51e5d43fb278b56e41b3c170cdaf2711319f66578e4bfedc28c8d427174617", "Title": "go/build/constraint: golang: Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion", "Description": "Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.", "Severity": "MEDIUM", "CweIDs": [ "CWE-674" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:7118", "https://access.redhat.com/security/cve/CVE-2024-34158", "https://bugzilla.redhat.com/2262921", "https://bugzilla.redhat.com/2310529", "https://bugzilla.redhat.com/2315719", "https://bugzilla.redhat.com/show_bug.cgi?id=2310527", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2310529", "https://bugzilla.redhat.com/show_bug.cgi?id=2315691", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34155", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34158", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9341", "https://errata.almalinux.org/9/ALSA-2025-7118.html", "https://errata.rockylinux.org/RLSA-2024:8039", "https://github.com/golang/go/commit/032ac075c20c01c6c35a672d1542d3e98eab84ea (go1.23.1)", "https://github.com/golang/go/commit/d4c53812e6ce2ac368173d7fcd31d0ecfcffb002 (go1.22.7)", "https://go.dev/cl/611240", "https://go.dev/issue/69141", "https://groups.google.com/g/golang-announce/c/K-cEzDeCtpc", "https://groups.google.com/g/golang-dev/c/S9POB9NCTdk", "https://linux.oracle.com/cve/CVE-2024-34158.html", "https://linux.oracle.com/errata/ELSA-2025-7118.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-34158", "https://pkg.go.dev/vuln/GO-2024-3107", "https://security.netapp.com/advisory/ntap-20241004-0003/", "https://ubuntu.com/security/notices/USN-7081-1", "https://ubuntu.com/security/notices/USN-7109-1", "https://ubuntu.com/security/notices/USN-7111-1", "https://www.cve.org/CVERecord?id=CVE-2024-34158" ], "PublishedDate": "2024-09-06T21:15:12.083Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-45336", "VendorIDs": [ "GO-2025-3420" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.22.11, 1.23.5, 1.24.0-rc.2", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-45336", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:c14ef97ec56baf2619235292569636b8f123c7f0cc112f0b4c01a95499c2295d", "Title": "golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect", "Description": "The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will not send that header to b.com. In the event that the client received a subsequent same-domain redirect, however, the sensitive headers would be restored. For example, a chain of redirects from a.com/, to b.com/1, and finally to b.com/2 would incorrectly send the Authorization header to b.com/2.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 2, "azure": 3, "bitnami": 2, "cbl-mariner": 3, "oracle-oval": 3, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:3772", "https://access.redhat.com/security/cve/CVE-2024-45336", "https://bugzilla.redhat.com/2341750", "https://bugzilla.redhat.com/2341751", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", "https://errata.almalinux.org/8/ALSA-2025-3772.html", "https://errata.rockylinux.org/RLSA-2025:3773", "https://github.com/golang/go/issues/70530", "https://go.dev/cl/643100", "https://go.dev/issue/70530", "https://groups.google.com/g/golang-announce/c/sSaUhLA-2SI", "https://groups.google.com/g/golang-dev/c/CAWXhan3Jww/m/bk9LAa-lCgAJ", "https://groups.google.com/g/golang-dev/c/bG8cv1muIBM/m/G461hA6lCgAJ", "https://linux.oracle.com/cve/CVE-2024-45336.html", "https://linux.oracle.com/errata/ELSA-2025-7592.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-45336", "https://pkg.go.dev/vuln/GO-2025-3420", "https://security.netapp.com/advisory/ntap-20250221-0003/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2024-45336" ], "PublishedDate": "2025-01-28T02:15:28.807Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-0913", "VendorIDs": [ "GO-2025-3750" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.23.10, 1.24.4", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:14ddebbee470370c02c409a533d7ea4a592dad4b8c1c98a240858f92d196810b", "Title": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", "Description": "os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 5.5 } }, "References": [ "https://go.dev/cl/672396", "https://go.dev/issue/73702", "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "https://nvd.nist.gov/vuln/detail/CVE-2025-0913", "https://pkg.go.dev/vuln/GO-2025-3750" ], "PublishedDate": "2025-06-11T18:15:24.627Z", "LastModifiedDate": "2025-08-08T14:53:03.55Z" }, { "VulnerabilityID": "CVE-2025-22866", "VendorIDs": [ "GO-2025-3447" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.22.12, 1.23.6, 1.24.0-rc.3", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22866", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:fdab53a51469005bfd93892d21e0dc7586862838f05b58c7a4102b9104683122", "Title": "crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec", "Description": "Due to the usage of a variable time instruction in the assembly implementation of an internal function, a small number of bits of secret scalars are leaked on the ppc64le architecture. Due to the way this function is used, we do not believe this leakage is enough to allow recovery of the private key when P-256 is used in any well known protocols.", "Severity": "MEDIUM", "VendorSeverity": { "bitnami": 2, "oracle-oval": 2, "redhat": 2, "rocky": 3, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-22866", "https://bugzilla.redhat.com/show_bug.cgi?id=2310528", "https://bugzilla.redhat.com/show_bug.cgi?id=2341750", "https://bugzilla.redhat.com/show_bug.cgi?id=2341751", "https://bugzilla.redhat.com/show_bug.cgi?id=2344219", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-34156", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45336", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45341", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22866", "https://errata.rockylinux.org/RLSA-2025:3773", "https://github.com/golang/go/commit/0cc45e7ca668b103c1055ae84402ad3f3425dd56 (go1.22.12)", "https://github.com/golang/go/commit/6644ed63b1e6ccc129647ef6b0d4647fdbe14056 (go1.23.6)", "https://github.com/golang/go/commit/6fc23a3cff5e38ff72923fee50f51254dcdc6e93 (go1.24rc3)", "https://github.com/golang/go/issues/71383", "https://go.dev/cl/643735", "https://go.dev/issue/71383", "https://groups.google.com/g/golang-announce/c/xU1ZCHUZw3k", "https://linux.oracle.com/cve/CVE-2025-22866.html", "https://linux.oracle.com/errata/ELSA-2025-7466.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-22866", "https://pkg.go.dev/vuln/GO-2025-3447", "https://security.netapp.com/advisory/ntap-20250221-0002/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-22866" ], "PublishedDate": "2025-02-06T17:15:21.41Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-22870", "VendorIDs": [ "GHSA-qxp5-gwg8-xv66", "GO-2025-3503" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.23.7, 1.24.1", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22870", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:2907e9ab9b01a306610b07f7cea441309f05d427c9abfcc859c3e6d8605e772a", "Title": "golang.org/x/net/proxy: golang.org/x/net/http/httpproxy: HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net", "Description": "Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to \"*.example.com\", a request to \"[::1%25.example.com]:80` will incorrectly match and not be proxied.", "Severity": "MEDIUM", "CweIDs": [ "CWE-115" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", "V3Score": 4.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/03/07/2", "https://access.redhat.com/security/cve/CVE-2025-22870", "https://github.com/golang/go/issues/71984", "https://go-review.googlesource.com/q/project:net", "https://go.dev/cl/654697", "https://go.dev/issue/71984", "https://groups.google.com/g/golang-announce/c/4t3lzH3I0eI/m/b42ImqrBAQAJ", "https://nvd.nist.gov/vuln/detail/CVE-2025-22870", "https://pkg.go.dev/vuln/GO-2025-3503", "https://security.netapp.com/advisory/ntap-20250509-0007", "https://security.netapp.com/advisory/ntap-20250509-0007/", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-22870" ], "PublishedDate": "2025-03-12T19:15:38.31Z", "LastModifiedDate": "2026-04-16T23:16:32.86Z" }, { "VulnerabilityID": "CVE-2025-22871", "VendorIDs": [ "GO-2025-3563" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.23.8, 1.24.2", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22871", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:28fbf2d6b32cb8c3fd90e4177de755d5fbb8509f117c5561d95b1fc490b889ed", "Title": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http", "Description": "The net/http package improperly accepts a bare LF as a line terminator in chunked data chunk-size lines. This can permit request smuggling if a net/http server is used in conjunction with a server that incorrectly accepts a bare LF as part of a chunk-ext.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "bitnami": 4, "cbl-mariner": 3, "ghsa": 4, "oracle-oval": 2, "photon": 4, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 }, "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 9.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/04/4", "https://access.redhat.com/errata/RHSA-2025:9635", "https://access.redhat.com/security/cve/CVE-2025-22871", "https://bugzilla.redhat.com/2358493", "https://bugzilla.redhat.com/show_bug.cgi?id=2358493", "https://cert-portal.siemens.com/productcert/html/ssa-783943.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-22871", "https://errata.almalinux.org/9/ALSA-2025-9635.html", "https://errata.rockylinux.org/RLSA-2025:9635", "https://github.com/roadrunner-server/roadrunner", "https://github.com/roadrunner-server/roadrunner/commit/f269279ee87d0b88127741cad1042389af7605fa", "https://github.com/roadrunner-server/roadrunner/issues/2166", "https://github.com/roadrunner-server/roadrunner/releases/tag/v2025.1.0", "https://go.dev/cl/652998", "https://go.dev/issue/71988", "https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk", "https://linux.oracle.com/cve/CVE-2025-22871.html", "https://linux.oracle.com/errata/ELSA-2025-9845.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-22871", "https://pkg.go.dev/vuln/GO-2025-3563", "https://www.cve.org/CVERecord?id=CVE-2025-22871" ], "PublishedDate": "2025-04-08T20:15:20.183Z", "LastModifiedDate": "2026-05-12T13:16:39.897Z" }, { "VulnerabilityID": "CVE-2025-22873", "VendorIDs": [ "GO-2026-4403" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.23.9, 1.24.3", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-22873", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:00d7abccbe5efbc0f96ae5f671a7af06d8ccdee974d39f5944c3cce4748da71e", "Title": "os: os: Information disclosure via path traversal using specially crafted filenames", "Description": "It was possible to improperly access the parent directory of an os.Root by opening a filename ending in \"../\". For example, Root.Open(\"../\") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.", "Severity": "MEDIUM", "CweIDs": [ "CWE-23" ], "VendorSeverity": { "amazon": 2, "bitnami": 1, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", "V3Score": 3.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/05/06/2", "https://access.redhat.com/security/cve/CVE-2025-22873", "https://go.dev/cl/670036", "https://go.dev/issue/73555", "https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ", "https://nvd.nist.gov/vuln/detail/CVE-2025-22873", "https://pkg.go.dev/vuln/GO-2026-4403", "https://www.cve.org/CVERecord?id=CVE-2025-22873" ], "PublishedDate": "2026-02-04T23:15:54.22Z", "LastModifiedDate": "2026-02-10T15:16:40.057Z" }, { "VulnerabilityID": "CVE-2025-4673", "VendorIDs": [ "GO-2025-3751" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.23.10, 1.24.4", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:5c91e4fd9a76acfe823b6e3fec59ef1a1cc667a1960f73203cce377535c3b1fd", "Title": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", "Description": "Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "redhat": 2, "rocky": 2, "ubuntu": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "V3Score": 6.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N", "V3Score": 6.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2025:15887", "https://access.redhat.com/security/cve/CVE-2025-4673", "https://bugzilla.redhat.com/2373305", "https://bugzilla.redhat.com/show_bug.cgi?id=2373305", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-4673", "https://errata.almalinux.org/9/ALSA-2025-15887.html", "https://errata.rockylinux.org/RLSA-2025:15887", "https://go.dev/cl/679257", "https://go.dev/issue/73816", "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A", "https://linux.oracle.com/cve/CVE-2025-4673.html", "https://linux.oracle.com/errata/ELSA-2025-10677.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-4673", "https://pkg.go.dev/vuln/GO-2025-3751", "https://ubuntu.com/security/notices/USN-7574-1", "https://www.cve.org/CVERecord?id=CVE-2025-4673" ], "PublishedDate": "2025-06-11T17:15:42.993Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-47906", "VendorIDs": [ "GO-2025-3956" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.23.12, 1.24.6", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b6b9cffca5ca6b70aa069b499d70ec5dc0016af850fafa9c251f5e30aa821cde", "Title": "os/exec: Unexpected paths returned from LookPath in os/exec", "Description": "If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (\"\", \".\", and \"..\"), can result in the binaries listed in the PATH being unexpectedly returned.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/08/06/1", "https://access.redhat.com/errata/RHSA-2025:22005", "https://access.redhat.com/security/cve/CVE-2025-47906", "https://bugzilla.redhat.com/2396546", "https://bugzilla.redhat.com/show_bug.cgi?id=2396546", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-47906", "https://errata.almalinux.org/9/ALSA-2025-22005.html", "https://errata.rockylinux.org/RLSA-2025:22005", "https://go.dev/cl/691775", "https://go.dev/issue/74466", "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", "https://linux.oracle.com/cve/CVE-2025-47906.html", "https://linux.oracle.com/errata/ELSA-2025-22668.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-47906", "https://pkg.go.dev/vuln/GO-2025-3956", "https://www.cve.org/CVERecord?id=CVE-2025-47906" ], "PublishedDate": "2025-09-18T19:15:37.66Z", "LastModifiedDate": "2026-01-27T19:56:17.707Z" }, { "VulnerabilityID": "CVE-2025-47907", "VendorIDs": [ "GO-2025-3849" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.23.12, 1.24.6", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:957b47b92caea30c5a20bdae1971ba3422ff6ac65690704d2028bbb4e6d93226", "Title": "database/sql: Postgres Scan Race Condition", "Description": "Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.", "Severity": "MEDIUM", "CweIDs": [ "CWE-362" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "bitnami": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "V3Score": 7 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", "V3Score": 7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/08/06/1", "https://access.redhat.com/errata/RHSA-2025:20909", "https://access.redhat.com/security/cve/CVE-2025-47907", "https://bugzilla.redhat.com/2387083", "https://bugzilla.redhat.com/2393152", "https://errata.almalinux.org/9/ALSA-2025-20909.html", "https://go.dev/cl/693735", "https://go.dev/issue/74831", "https://groups.google.com/g/golang-announce/c/x5MKroML2yM", "https://linux.oracle.com/cve/CVE-2025-47907.html", "https://linux.oracle.com/errata/ELSA-2025-20983.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-47907", "https://pkg.go.dev/vuln/GO-2025-3849", "https://www.cve.org/CVERecord?id=CVE-2025-47907" ], "PublishedDate": "2025-08-07T16:15:30.357Z", "LastModifiedDate": "2026-01-29T19:11:50.67Z" }, { "VulnerabilityID": "CVE-2025-47912", "VendorIDs": [ "GO-2025-4010" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-47912", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:5b7e31ce6654356bf991da6242ee5224ce9c8a1a25d0d398073b697d0d4553e1", "Title": "net/url: Insufficient validation of bracketed IPv6 hostnames in net/url", "Description": "The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: \"http://[::1]/\". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-47912", "https://go.dev/cl/709857", "https://go.dev/issue/75678", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-47912", "https://pkg.go.dev/vuln/GO-2025-4010", "https://www.cve.org/CVERecord?id=CVE-2025-47912" ], "PublishedDate": "2025-10-29T23:16:18.187Z", "LastModifiedDate": "2026-01-29T13:57:18.69Z" }, { "VulnerabilityID": "CVE-2025-58183", "VendorIDs": [ "GO-2025-4014" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58183", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:26f3683659b6d23b903513bc38fd9dc0ab5a97b9dd3939b562adbf8710a7d6db", "Title": "golang: archive/tar: Unbounded allocation when parsing GNU sparse map", "Description": "tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.", "Severity": "MEDIUM", "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 2, "bitnami": 2, "cbl-mariner": 2, "oracle-oval": 2, "photon": 2, "redhat": 2, "rocky": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/errata/RHSA-2026:1381", "https://access.redhat.com/security/cve/CVE-2025-58183", "https://bugzilla.redhat.com/2407258", "https://bugzilla.redhat.com/show_bug.cgi?id=2407258", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58183", "https://errata.almalinux.org/9/ALSA-2026-1381.html", "https://errata.rockylinux.org/RLSA-2025:23326", "https://go.dev/cl/709861", "https://go.dev/issue/75677", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://linux.oracle.com/cve/CVE-2025-58183.html", "https://linux.oracle.com/errata/ELSA-2026-50076.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-58183", "https://pkg.go.dev/vuln/GO-2025-4014", "https://www.cve.org/CVERecord?id=CVE-2025-58183" ], "PublishedDate": "2025-10-29T23:16:19.357Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-58185", "VendorIDs": [ "GO-2025-4011" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58185", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3add98952fa224b80d4c1ffd250f0cfb77aeae99616bae59493f069cbdd020ce", "Title": "encoding/asn1: Parsing DER payload can cause memory exhaustion in encoding/asn1", "Description": "Parsing a maliciously crafted DER payload could allocate large amounts of memory, causing memory exhaustion.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58185", "https://github.com/golang/go/commit/8709a41d5ef7321f486a1857f189c3fee20e8edd", "https://go.dev/cl/709856", "https://go.dev/issue/75671", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58185", "https://pkg.go.dev/vuln/GO-2025-4011", "https://www.cve.org/CVERecord?id=CVE-2025-58185" ], "PublishedDate": "2025-10-29T23:16:19.45Z", "LastModifiedDate": "2026-02-06T20:26:41.997Z" }, { "VulnerabilityID": "CVE-2025-58187", "VendorIDs": [ "GO-2025-4007" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.24.9, 1.25.3", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58187", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:6221e937d05c2864bd6bb2dc3c53115f97d81ebf8fd9f342d00438ab8f27f258", "Title": "crypto/x509: Quadratic complexity when checking name constraints in crypto/x509", "Description": "Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.", "Severity": "MEDIUM", "CweIDs": [ "CWE-407" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58187", "https://github.com/golang/go/commit/3fc4c79fdbb17b9b29ea9f8c29dd780df075d4c4", "https://go.dev/cl/709854", "https://go.dev/issue/75681", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58187", "https://pkg.go.dev/vuln/GO-2025-4007", "https://www.cve.org/CVERecord?id=CVE-2025-58187" ], "PublishedDate": "2025-10-29T23:16:19.643Z", "LastModifiedDate": "2026-01-29T16:02:27.08Z" }, { "VulnerabilityID": "CVE-2025-58188", "VendorIDs": [ "GO-2025-4013" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58188", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:cfa57f3e05f6437ce97204f89f35befd9420b14d939a7e7a33aa08f2f38c7843", "Title": "crypto/x509: golang: Panic when validating certificates with DSA public keys in crypto/x509", "Description": "Validating certificate chains which contain DSA public keys can cause programs to panic, due to a interface cast that assumes they implement the Equal method. This affects programs which validate arbitrary certificate chains.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58188", "https://github.com/golang/go/commit/6e4007e8cffbb870e6b606307ab7308236ecefb9", "https://go.dev/cl/709853", "https://go.dev/issue/75675", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58188", "https://pkg.go.dev/vuln/GO-2025-4013", "https://www.cve.org/CVERecord?id=CVE-2025-58188" ], "PublishedDate": "2025-10-29T23:16:19.74Z", "LastModifiedDate": "2026-01-29T15:55:11.97Z" }, { "VulnerabilityID": "CVE-2025-58189", "VendorIDs": [ "GO-2025-4008" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-58189", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:a6aafc1960afa4f843f8b57d755727989eeb2ba3aada897b6e63108626261904", "Title": "crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information", "Description": "When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.", "Severity": "MEDIUM", "CweIDs": [ "CWE-532" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-58189", "https://go.dev/cl/707776", "https://go.dev/issue/75652", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-58189", "https://pkg.go.dev/vuln/GO-2025-4008", "https://www.cve.org/CVERecord?id=CVE-2025-58189" ], "PublishedDate": "2025-10-29T23:16:19.833Z", "LastModifiedDate": "2026-01-29T15:49:24.543Z" }, { "VulnerabilityID": "CVE-2025-61723", "VendorIDs": [ "GO-2025-4009" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61723", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:98e262117166ca75d1f59d8c39642fd9a1fcc8ad8681dcd47afcd9f2533cee80", "Title": "encoding/pem: Quadratic complexity when parsing some invalid inputs in encoding/pem", "Description": "The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61723", "https://github.com/golang/go/commit/5ce8cd16f3859ec5ac4106ad8ec15d6236f4501b", "https://go.dev/cl/709858", "https://go.dev/issue/75676", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61723", "https://pkg.go.dev/vuln/GO-2025-4009", "https://www.cve.org/CVERecord?id=CVE-2025-61723" ], "PublishedDate": "2025-10-29T23:16:19.927Z", "LastModifiedDate": "2026-01-29T15:49:05.343Z" }, { "VulnerabilityID": "CVE-2025-61724", "VendorIDs": [ "GO-2025-4015" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61724", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:453b8fc13857014f95220c866590f031d6cda2b9a180d004b8a938566058c6ea", "Title": "net/textproto: Excessive CPU consumption in Reader.ReadResponse in net/textproto", "Description": "The Reader.ReadResponse function constructs a response string through repeated string concatenation of lines. When the number of lines in a response is large, this can cause excessive CPU consumption.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61724", "https://go.dev/cl/709859", "https://go.dev/issue/75716", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61724", "https://pkg.go.dev/vuln/GO-2025-4015", "https://www.cve.org/CVERecord?id=CVE-2025-61724" ], "PublishedDate": "2025-10-29T23:16:20.02Z", "LastModifiedDate": "2026-01-29T15:30:53.69Z" }, { "VulnerabilityID": "CVE-2025-61725", "VendorIDs": [ "GO-2025-4006" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.24.8, 1.25.2", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61725", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:782057f0693bdb1f7f58d4e421b320da28c5088dae9a0840a6d7fa17ccc99614", "Title": "net/mail: Excessive CPU consumption in ParseAddress in net/mail", "Description": "The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 3, "bitnami": 3, "photon": 3, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/10/08/1", "https://access.redhat.com/security/cve/CVE-2025-61725", "https://go.dev/cl/709860", "https://go.dev/issue/75680", "https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI", "https://nvd.nist.gov/vuln/detail/CVE-2025-61725", "https://pkg.go.dev/vuln/GO-2025-4006", "https://www.cve.org/CVERecord?id=CVE-2025-61725" ], "PublishedDate": "2025-10-29T23:16:20.113Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2025-61727", "VendorIDs": [ "GO-2025-4175" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.24.11, 1.25.5", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61727", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:6206511f6f1d73f83577debfce16ccdced127090afff50954041e3f5616bff26", "Title": "golang: crypto/x509: excluded subdomain constraint does not restrict wildcard SANs", "Description": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.", "Severity": "MEDIUM", "CweIDs": [ "CWE-295" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-61727", "https://go.dev/cl/723900", "https://go.dev/issue/76442", "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "https://nvd.nist.gov/vuln/detail/CVE-2025-61727", "https://pkg.go.dev/vuln/GO-2025-4175", "https://www.cve.org/CVERecord?id=CVE-2025-61727" ], "PublishedDate": "2025-12-03T20:16:25.607Z", "LastModifiedDate": "2025-12-18T20:15:10.957Z" }, { "VulnerabilityID": "CVE-2025-61728", "VendorIDs": [ "GO-2026-4342" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61728", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:f569d53f380a167acff9df4a5d1d5c587802f29bd5c998987e6585930beb9821", "Title": "golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip", "Description": "archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "alma": 3, "amazon": 2, "azure": 2, "bitnami": 2, "oracle-oval": 3, "photon": 2, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/15/4", "https://access.redhat.com/errata/RHSA-2026:3753", "https://access.redhat.com/security/cve/CVE-2025-61728", "https://bugzilla.redhat.com/2418462", "https://bugzilla.redhat.com/2434431", "https://bugzilla.redhat.com/2434432", "https://bugzilla.redhat.com/2437111", "https://bugzilla.redhat.com/show_bug.cgi?id=2418462", "https://bugzilla.redhat.com/show_bug.cgi?id=2434431", "https://bugzilla.redhat.com/show_bug.cgi?id=2434432", "https://bugzilla.redhat.com/show_bug.cgi?id=2437111", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61726", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61728", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-61729", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68121", "https://errata.almalinux.org/9/ALSA-2026-3753.html", "https://errata.rockylinux.org/RLSA-2026:3337", "https://go.dev/cl/736713", "https://go.dev/issue/77102", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://linux.oracle.com/cve/CVE-2025-61728.html", "https://linux.oracle.com/errata/ELSA-2026-4672.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-61728", "https://pkg.go.dev/vuln/GO-2026-4342", "https://www.cve.org/CVERecord?id=CVE-2025-61728" ], "PublishedDate": "2026-01-28T20:16:09.83Z", "LastModifiedDate": "2026-02-06T18:45:10.42Z" }, { "VulnerabilityID": "CVE-2025-61730", "VendorIDs": [ "GO-2026-4340" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.24.12, 1.25.6", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-61730", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:df66b0e3389c82664171428c2ce2831fcd713c21fc1810965397bcd924335c57", "Title": "crypto/tls: Handshake messages may be processed at the incorrect encryption level in crypto/tls", "Description": "During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 2, "azure": 1, "bitnami": 2, "cbl-mariner": 1, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-61730", "https://go.dev/cl/724120", "https://go.dev/issue/76443", "https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc", "https://nvd.nist.gov/vuln/detail/CVE-2025-61730", "https://pkg.go.dev/vuln/GO-2026-4340", "https://www.cve.org/CVERecord?id=CVE-2025-61730" ], "PublishedDate": "2026-01-28T20:16:09.94Z", "LastModifiedDate": "2026-02-03T20:36:41.3Z" }, { "VulnerabilityID": "CVE-2026-27142", "VendorIDs": [ "GO-2026-4603" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.25.8, 1.26.1", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27142", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:eb28418183119f561a5fae648c1de99f9d6d598420efb1ec2c63b40c76a227d3", "Title": "html/template: URLs in meta content attribute actions are not escaped in html/template", "Description": "Actions which insert URLs into the content attribute of HTML meta tags are not escaped. This can allow XSS if the meta tag also has an http-equiv attribute with the value \"refresh\". A new GODEBUG setting has been added, htmlmetacontenturlescape, which can be used to disable escaping URLs in actions in the meta content attribute which follow \"url=\" by setting htmlmetacontenturlescape=0.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-27142", "https://go.dev/cl/752081", "https://go.dev/issue/77954", "https://groups.google.com/g/golang-announce/c/EdhZqrQ98hk", "https://nvd.nist.gov/vuln/detail/CVE-2026-27142", "https://pkg.go.dev/vuln/GO-2026-4603", "https://www.cve.org/CVERecord?id=CVE-2026-27142" ], "PublishedDate": "2026-03-06T22:16:01.177Z", "LastModifiedDate": "2026-04-21T14:30:01.38Z" }, { "VulnerabilityID": "CVE-2026-32282", "VendorIDs": [ "GO-2026-4864" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32282", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:55201a898329dd656fd5d526225d23defc384bc9307d6cfd068c633580e0b268", "Title": "golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root", "Description": "On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.", "Severity": "MEDIUM", "CweIDs": [ "CWE-59" ], "VendorSeverity": { "alma": 3, "amazon": 3, "bitnami": 2, "nvd": 2, "oracle-oval": 3, "redhat": 2, "rocky": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "V3Score": 6.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:14200", "https://access.redhat.com/security/cve/CVE-2026-32282", "https://bugzilla.redhat.com/2456336", "https://bugzilla.redhat.com/2456338", "https://bugzilla.redhat.com/2456339", "https://bugzilla.redhat.com/show_bug.cgi?id=2456336", "https://bugzilla.redhat.com/show_bug.cgi?id=2456338", "https://bugzilla.redhat.com/show_bug.cgi?id=2456339", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32280", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32282", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-32283", "https://errata.almalinux.org/9/ALSA-2026-14200.html", "https://errata.rockylinux.org/RLSA-2026:14200", "https://go.dev/cl/763761", "https://go.dev/issue/78293", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://linux.oracle.com/cve/CVE-2026-32282.html", "https://linux.oracle.com/errata/ELSA-2026-17075.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-32282", "https://pkg.go.dev/vuln/GO-2026-4864", "https://www.cve.org/CVERecord?id=CVE-2026-32282" ], "PublishedDate": "2026-04-08T02:16:03.467Z", "LastModifiedDate": "2026-04-16T19:15:39.4Z" }, { "VulnerabilityID": "CVE-2026-32288", "VendorIDs": [ "GO-2026-4869" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32288", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:4fa1d5931d64ffaddeed4f274e3f068e14995dacc9b068fcad5fad9111027105", "Title": "archive/tar: golang: Go's archive/tar package: Denial of Service via maliciously-crafted archive", "Description": "tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the \"old GNU sparse map\" format.", "Severity": "MEDIUM", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "amazon": 3, "azure": 2, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "V3Score": 4.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32288", "https://go.dev/cl/763766", "https://go.dev/issue/78301", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32288", "https://pkg.go.dev/vuln/GO-2026-4869", "https://www.cve.org/CVERecord?id=CVE-2026-32288" ], "PublishedDate": "2026-04-08T02:16:03.707Z", "LastModifiedDate": "2026-04-16T19:08:52.24Z" }, { "VulnerabilityID": "CVE-2026-32289", "VendorIDs": [ "GO-2026-4865" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.25.9, 1.26.2", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-32289", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:efb28f6d50e07a11dd5317d05b1cd20e89dae69c2c3cf92f0224fdb98f31376f", "Title": "html/template: golang: html/template: Cross-Site Scripting (XSS) via improper context and brace depth tracking in JS template literals", "Description": "Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "amazon": 3, "bitnami": 2, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "V3Score": 5.4 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-32289", "https://go.dev/cl/763762", "https://go.dev/issue/78331", "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU", "https://nvd.nist.gov/vuln/detail/CVE-2026-32289", "https://pkg.go.dev/vuln/GO-2026-4865", "https://www.cve.org/CVERecord?id=CVE-2026-32289" ], "PublishedDate": "2026-04-08T02:16:03.82Z", "LastModifiedDate": "2026-04-16T19:06:57.367Z" }, { "VulnerabilityID": "CVE-2026-39823", "VendorIDs": [ "GO-2026-4982" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:8e00e230f2f471bb84731e0ea4b1556a339e803e368a38083a1971836cc98139", "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/769920", "https://go.dev/issue/78913", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", "https://pkg.go.dev/vuln/GO-2026-4982" ], "PublishedDate": "2026-05-07T20:16:43.29Z", "LastModifiedDate": "2026-05-13T16:58:45.697Z" }, { "VulnerabilityID": "CVE-2026-39825", "VendorIDs": [ "GO-2026-4976" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b13b028b908425e894c7173419e77012837f72a2b5e068ed0682d6cdafeffef4", "Title": "ReverseProxy can forward queries containing parameters not visible to ...", "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", "Severity": "MEDIUM", "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://go.dev/cl/770541", "https://go.dev/issue/78948", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", "https://pkg.go.dev/vuln/GO-2026-4976" ], "PublishedDate": "2026-05-07T20:16:43.39Z", "LastModifiedDate": "2026-05-13T16:58:56.39Z" }, { "VulnerabilityID": "CVE-2026-39826", "VendorIDs": [ "GO-2026-4980" ], "PkgID": "stdlib@v1.19.4", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.19.4", "UID": "7f0176a350289a2f" }, "InstalledVersion": "v1.19.4", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:7169412d11ac8bf6038f7749eff4df052e9a0b14a4456a412f3830404fb08c30", "DiffID": "sha256:498d4e5ec94a6e6b36fc472ae2ad46987bdb78fb063e46a1a6b5d54487995779" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:15640cacc7629040cea94faba3388e2db9327f78d2ed2b9b76a31b4907003594", "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", "Severity": "MEDIUM", "CweIDs": [ "CWE-116" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/771180", "https://go.dev/issue/78981", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", "https://pkg.go.dev/vuln/GO-2026-4980" ], "PublishedDate": "2026-05-07T20:16:43.49Z", "LastModifiedDate": "2026-05-13T16:59:07.48Z" } ] } ] }, { "Namespace": "trivy", "Kind": "CronJob", "Name": "trivy-scan", "Metadata": [ { "Size": 182796800, "OS": { "Family": "alpine", "Name": "3.23.3" }, "ImageID": "sha256:c0a2b004a57047aff2bc7a8b87d693d368ba40cd10ef9bb1213345f043f416dd", "DiffIDs": [ "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e", "sha256:66331502f5f6a99cd657f4ef104273d82c78207f11e9d8f5ca16e2b53d08c361", "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463", "sha256:8e24578a3bf2345b8b54eacb75014598922c3f50f6dbc12b5081bec827dcc945" ], "RepoTags": [ "aquasec/trivy:latest" ], "RepoDigests": [ "aquasec/trivy@sha256:be1190afcb28352bfddc4ddeb71470835d16462af68d310f9f4bca710961a41e" ], "Reference": "aquasec/trivy:latest", "ImageConfig": { "architecture": "amd64", "created": "2026-04-17T06:46:17.848848818Z", "history": [ { "created": "2026-01-28T01:18:04.977843834Z", "created_by": "ADD alpine-minirootfs-3.23.3-x86_64.tar.gz / # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-01-28T01:18:04.977843834Z", "created_by": "CMD [\"/bin/sh\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2026-04-17T06:46:17.378600453Z", "created_by": "RUN /bin/sh -c apk --no-cache add ca-certificates git # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-04-17T06:46:17.826497912Z", "created_by": "COPY trivy /usr/local/bin/trivy # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-04-17T06:46:17.848848818Z", "created_by": "COPY contrib/*.tpl contrib/ # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2026-04-17T06:46:17.848848818Z", "created_by": "ENTRYPOINT [\"trivy\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true } ], "os": "linux", "rootfs": { "type": "layers", "diff_ids": [ "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e", "sha256:66331502f5f6a99cd657f4ef104273d82c78207f11e9d8f5ca16e2b53d08c361", "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463", "sha256:8e24578a3bf2345b8b54eacb75014598922c3f50f6dbc12b5081bec827dcc945" ] }, "config": { "Entrypoint": [ "trivy" ], "Env": [ "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" ], "Labels": { "org.opencontainers.image.created": "2026-04-17T06:10:29Z", "org.opencontainers.image.description": "A Fast Vulnerability Scanner for Containers", "org.opencontainers.image.documentation": "https://trivy.dev/v0.70.0/", "org.opencontainers.image.revision": "8a3177aedf7ee0864920eb1852eef031cd3742b8", "org.opencontainers.image.source": "https://github.com/aquasecurity/trivy", "org.opencontainers.image.title": "trivy", "org.opencontainers.image.url": "https://www.aquasec.com/products/trivy/", "org.opencontainers.image.vendor": "Aqua Security", "org.opencontainers.image.version": "0.70.0" }, "WorkingDir": "/" } }, "Layers": [ { "Size": 8724480, "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" }, { "Size": 13867520, "Digest": "sha256:bd497c3c7308c842e0f22a21ca9b68d68ca44053263d05c58613a495d11cc276", "DiffID": "sha256:66331502f5f6a99cd657f4ef104273d82c78207f11e9d8f5ca16e2b53d08c361" }, { "Size": 160177664, "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, { "Size": 27136, "Digest": "sha256:fcdcff3e8f067b4d09db51a0b1046ef56e923461ba34c19eae8650f8ebeafa09", "DiffID": "sha256:8e24578a3bf2345b8b54eacb75014598922c3f50f6dbc12b5081bec827dcc945" } ] } ], "Results": [ { "Target": "aquasec/trivy:latest (alpine 3.23.3)", "Class": "os-pkgs", "Type": "alpine", "Packages": [ { "ID": "alpine-baselayout@3.7.1-r8", "Name": "alpine-baselayout", "Identifier": { "PURL": "pkg:apk/alpine/alpine-baselayout@3.7.1-r8?arch=x86_64\u0026distro=3.23.3", "UID": "dc092fc47b5d9e05" }, "Version": "3.7.1-r8", "Arch": "x86_64", "SrcName": "alpine-baselayout", "SrcVersion": "3.7.1-r8", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "alpine-baselayout-data@3.7.1-r8", "busybox-binsh@1.37.0-r30" ], "Layer": { "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" }, "Digest": "sha1:9a137c3c8e738bcabac13326c9fc5472fa58aaf4", "InstalledFiles": [ "etc/motd", "etc/crontabs/root", "etc/modprobe.d/aliases.conf", "etc/modprobe.d/blacklist.conf", "etc/modprobe.d/i386.conf", "etc/profile.d/20locale.sh", "etc/profile.d/README", "etc/profile.d/color_prompt.sh.disabled", "usr/lib/sysctl.d/00-alpine.conf", "var/lock", "var/run", "var/spool/mail", "var/spool/cron/crontabs" ], "AnalyzedBy": "apk" }, { "ID": "alpine-baselayout-data@3.7.1-r8", "Name": "alpine-baselayout-data", "Identifier": { "PURL": "pkg:apk/alpine/alpine-baselayout-data@3.7.1-r8?arch=x86_64\u0026distro=3.23.3", "UID": "6542463feabe92df" }, "Version": "3.7.1-r8", "Arch": "x86_64", "SrcName": "alpine-baselayout", "SrcVersion": "3.7.1-r8", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" }, "Digest": "sha1:9a60b0edb4559ab279cf004b7e685cfd78dd0c15", "InstalledFiles": [ "etc/fstab", "etc/group", "etc/hostname", "etc/hosts", "etc/inittab", "etc/modules", "etc/mtab", "etc/nsswitch.conf", "etc/passwd", "etc/profile", "etc/protocols", "etc/services", "etc/shadow", "etc/shells", "etc/sysctl.conf" ], "AnalyzedBy": "apk" }, { "ID": "alpine-keys@2.6-r0", "Name": "alpine-keys", "Identifier": { "PURL": "pkg:apk/alpine/alpine-keys@2.6-r0?arch=x86_64\u0026distro=3.23.3", "UID": "2c7cb90de388aa7d" }, "Version": "2.6-r0", "Arch": "x86_64", "SrcName": "alpine-keys", "SrcVersion": "2.6-r0", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" }, "Digest": "sha1:5c45a821cd6b84d543bbd7ff12a7de1855c5cd13", "InstalledFiles": [ "etc/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-66ba20fe.rsa.pub", "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", "usr/share/apk/keys/loongarch64/alpine-devel@lists.alpinelinux.org-66ba20fe.rsa.pub", "usr/share/apk/keys/mips64/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub" ], "AnalyzedBy": "apk" }, { "ID": "alpine-release@3.23.3-r0", "Name": "alpine-release", "Identifier": { "PURL": "pkg:apk/alpine/alpine-release@3.23.3-r0?arch=x86_64\u0026distro=3.23.3", "UID": "4820d6f0afb6a834" }, "Version": "3.23.3-r0", "Arch": "x86_64", "SrcName": "alpine-base", "SrcVersion": "3.23.3-r0", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "alpine-keys@2.6-r0" ], "Layer": { "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" }, "Digest": "sha1:e71144a1a35c4844507cd1a3281a7189049f3522", "InstalledFiles": [ "etc/alpine-release", "etc/issue", "etc/os-release", "etc/secfixes.d/alpine", "usr/lib/os-release" ], "AnalyzedBy": "apk" }, { "ID": "apk-tools@3.0.3-r1", "Name": "apk-tools", "Identifier": { "PURL": "pkg:apk/alpine/apk-tools@3.0.3-r1?arch=x86_64\u0026distro=3.23.3", "UID": "135e6dc8dcafde4f" }, "Version": "3.0.3-r1", "Arch": "x86_64", "SrcName": "apk-tools", "SrcVersion": "3.0.3-r1", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "ca-certificates-bundle@20251003-r0", "libapk@3.0.3-r1", "libcrypto3@3.5.5-r0", "musl@1.2.5-r21", "zlib@1.3.1-r2" ], "Layer": { "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" }, "Digest": "sha1:b2f877e6c9fb945c185cf36ed546064b8b374245", "InstalledFiles": [ "sbin/apk" ], "AnalyzedBy": "apk" }, { "ID": "brotli-libs@1.2.0-r0", "Name": "brotli-libs", "Identifier": { "PURL": "pkg:apk/alpine/brotli-libs@1.2.0-r0?arch=x86_64\u0026distro=3.23.3", "UID": "18708ffc8b6c1544" }, "Version": "1.2.0-r0", "Arch": "x86_64", "SrcName": "brotli", "SrcVersion": "1.2.0-r0", "Licenses": [ "MIT" ], "Maintainer": "prspkt \u003cprspkt@protonmail.com\u003e", "DependsOn": [ "musl@1.2.5-r21" ], "Layer": { "Digest": "sha256:bd497c3c7308c842e0f22a21ca9b68d68ca44053263d05c58613a495d11cc276", "DiffID": "sha256:66331502f5f6a99cd657f4ef104273d82c78207f11e9d8f5ca16e2b53d08c361" }, "Digest": "sha1:0814694602f35d2741e916fdcb4c9a1e0ec50b42", "InstalledFiles": [ "usr/lib/libbrotlicommon.so.1", "usr/lib/libbrotlicommon.so.1.2.0", "usr/lib/libbrotlidec.so.1", "usr/lib/libbrotlidec.so.1.2.0", "usr/lib/libbrotlienc.so.1", "usr/lib/libbrotlienc.so.1.2.0" ], "AnalyzedBy": "apk" }, { "ID": "busybox@1.37.0-r30", "Name": "busybox", "Identifier": { "PURL": "pkg:apk/alpine/busybox@1.37.0-r30?arch=x86_64\u0026distro=3.23.3", "UID": "1701a73d4be0e35a" }, "Version": "1.37.0-r30", "Arch": "x86_64", "SrcName": "busybox", "SrcVersion": "1.37.0-r30", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", "DependsOn": [ "musl@1.2.5-r21" ], "Layer": { "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" }, "Digest": "sha1:f1347801bb96b1aa40d17f82237c3f4ff02a4725", "InstalledFiles": [ "bin/busybox", "etc/securetty", "etc/busybox-paths.d/busybox", "etc/logrotate.d/acpid", "etc/network/if-up.d/dad", "etc/udhcpc/udhcpc.conf", "usr/share/udhcpc/default.script" ], "AnalyzedBy": "apk" }, { "ID": "busybox-binsh@1.37.0-r30", "Name": "busybox-binsh", "Identifier": { "PURL": "pkg:apk/alpine/busybox-binsh@1.37.0-r30?arch=x86_64\u0026distro=3.23.3", "UID": "3e18d05d46a6f46f" }, "Version": "1.37.0-r30", "Arch": "x86_64", "SrcName": "busybox", "SrcVersion": "1.37.0-r30", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", "DependsOn": [ "busybox@1.37.0-r30" ], "Layer": { "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" }, "Digest": "sha1:188d2d0110afa58e8a3e3e5fd424b2d996df7a09", "InstalledFiles": [ "bin/sh" ], "AnalyzedBy": "apk" }, { "ID": "c-ares@1.34.6-r0", "Name": "c-ares", "Identifier": { "PURL": "pkg:apk/alpine/c-ares@1.34.6-r0?arch=x86_64\u0026distro=3.23.3", "UID": "2fc69dd6afab16ae" }, "Version": "1.34.6-r0", "Arch": "x86_64", "SrcName": "c-ares", "SrcVersion": "1.34.6-r0", "Licenses": [ "MIT" ], "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r21" ], "Layer": { "Digest": "sha256:bd497c3c7308c842e0f22a21ca9b68d68ca44053263d05c58613a495d11cc276", "DiffID": "sha256:66331502f5f6a99cd657f4ef104273d82c78207f11e9d8f5ca16e2b53d08c361" }, "Digest": "sha1:e3bb3ff47a277ff9409b8c4bb825099cfe2bcbe2", "InstalledFiles": [ "usr/lib/libcares.so.2", "usr/lib/libcares.so.2.19.5" ], "AnalyzedBy": "apk" }, { "ID": "ca-certificates@20260413-r0", "Name": "ca-certificates", "Identifier": { "PURL": "pkg:apk/alpine/ca-certificates@20260413-r0?arch=x86_64\u0026distro=3.23.3", "UID": "48d5a874bbec291a" }, "Version": "20260413-r0", "Arch": "x86_64", "SrcName": "ca-certificates", "SrcVersion": "20260413-r0", "Licenses": [ "MPL-2.0", "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "busybox-binsh@1.37.0-r30", "libcrypto3@3.5.5-r0", "musl@1.2.5-r21" ], "Layer": { "Digest": "sha256:bd497c3c7308c842e0f22a21ca9b68d68ca44053263d05c58613a495d11cc276", "DiffID": "sha256:66331502f5f6a99cd657f4ef104273d82c78207f11e9d8f5ca16e2b53d08c361" }, "Digest": "sha1:af25e0f0a0412b141942909ed199144cc46f5bbc", "InstalledFiles": [ "etc/ca-certificates.conf", "etc/apk/protected_paths.d/ca-certificates.list", "etc/ca-certificates/update.d/certhash", "usr/bin/c_rehash", "usr/sbin/update-ca-certificates", "usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt", "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt", "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt", "usr/share/ca-certificates/mozilla/ANF_Secure_Server_Root_CA.crt", "usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt", "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt", "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.crt", "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.crt", "usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt", "usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA1.crt", "usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA2.crt", "usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt", "usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt", "usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt", "usr/share/ca-certificates/mozilla/CFCA_EV_ROOT.crt", "usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Certainly_Root_E1.crt", "usr/share/ca-certificates/mozilla/Certainly_Root_R1.crt", "usr/share/ca-certificates/mozilla/Certigna.crt", "usr/share/ca-certificates/mozilla/Certigna_Root_CA.crt", "usr/share/ca-certificates/mozilla/Certum_EC-384_CA.crt", "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt", "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt", "usr/share/ca-certificates/mozilla/Certum_Trusted_Root_CA.crt", "usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_1_2020.crt", "usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_2_2023.crt", "usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_1_2020.crt", "usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_2_2023.crt", "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt", "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt", "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt", "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt", "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt", "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt", "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt", "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt", "usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt", "usr/share/ca-certificates/mozilla/DigiCert_TLS_ECC_P384_Root_G5.crt", "usr/share/ca-certificates/mozilla/DigiCert_TLS_RSA4096_Root_G5.crt", "usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt", "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt", "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/FIRMAPROFESIONAL_CA_ROOT-A_WEB.crt", "usr/share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt", "usr/share/ca-certificates/mozilla/GLOBALTRUST_2020.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R1.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R2.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R3.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R4.crt", "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt", "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_E46.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_R46.crt", "usr/share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/HARICA_TLS_ECC_Root_CA_2021.crt", "usr/share/ca-certificates/mozilla/HARICA_TLS_RSA_Root_CA_2021.crt", "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt", "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt", "usr/share/ca-certificates/mozilla/HiPKI_Root_CA_-_G1.crt", "usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt", "usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt", "usr/share/ca-certificates/mozilla/ISRG_Root_X2.crt", "usr/share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt", "usr/share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt", "usr/share/ca-certificates/mozilla/Izenpe.com.crt", "usr/share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt", "usr/share/ca-certificates/mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt", "usr/share/ca-certificates/mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt", "usr/share/ca-certificates/mozilla/NAVER_Global_Root_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt", "usr/share/ca-certificates/mozilla/OISTE_Server_Root_ECC_G1.crt", "usr/share/ca-certificates/mozilla/OISTE_Server_Root_RSA_G1.crt", "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt", "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt", "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt", "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt", "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt", "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt", "usr/share/ca-certificates/mozilla/SSL.com_TLS_ECC_Root_CA_2022.crt", "usr/share/ca-certificates/mozilla/SSL.com_TLS_RSA_Root_CA_2022.crt", "usr/share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt", "usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_E46.crt", "usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_R46.crt", "usr/share/ca-certificates/mozilla/SecureSign_Root_CA12.crt", "usr/share/ca-certificates/mozilla/SecureSign_Root_CA14.crt", "usr/share/ca-certificates/mozilla/SecureSign_Root_CA15.crt", "usr/share/ca-certificates/mozilla/SecureTrust_CA.crt", "usr/share/ca-certificates/mozilla/Secure_Global_CA.crt", "usr/share/ca-certificates/mozilla/Security_Communication_ECC_RootCA1.crt", "usr/share/ca-certificates/mozilla/Security_Communication_RootCA2.crt", "usr/share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt", "usr/share/ca-certificates/mozilla/SwissSign_RSA_TLS_Root_CA_2022_-_1.crt", "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt", "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt", "usr/share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt", "usr/share/ca-certificates/mozilla/TWCA_CYBER_Root_CA.crt", "usr/share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt", "usr/share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Telekom_Security_TLS_ECC_Root_2020.crt", "usr/share/ca-certificates/mozilla/Telekom_Security_TLS_RSA_Root_2023.crt", "usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt", "usr/share/ca-certificates/mozilla/Telia_Root_CA_v2.crt", "usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G3.crt", "usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G4.crt", "usr/share/ca-certificates/mozilla/TrustAsia_TLS_ECC_Root_CA.crt", "usr/share/ca-certificates/mozilla/TrustAsia_TLS_RSA_Root_CA.crt", "usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/TunTrust_Root_CA.crt", "usr/share/ca-certificates/mozilla/UCA_Extended_Validation_Root.crt", "usr/share/ca-certificates/mozilla/UCA_Global_G2_Root.crt", "usr/share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt", "usr/share/ca-certificates/mozilla/certSIGN_Root_CA_G2.crt", "usr/share/ca-certificates/mozilla/e-Szigno_Root_CA_2017.crt", "usr/share/ca-certificates/mozilla/e-Szigno_TLS_Root_CA_2023.crt", "usr/share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_C3.crt", "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_G3.crt", "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_C1.crt", "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_G1.crt", "usr/share/ca-certificates/mozilla/vTrus_ECC_Root_CA.crt", "usr/share/ca-certificates/mozilla/vTrus_Root_CA.crt" ], "AnalyzedBy": "apk" }, { "ID": "ca-certificates-bundle@20251003-r0", "Name": "ca-certificates-bundle", "Identifier": { "PURL": "pkg:apk/alpine/ca-certificates-bundle@20251003-r0?arch=x86_64\u0026distro=3.23.3", "UID": "f667a2210d1d97c1" }, "Version": "20251003-r0", "Arch": "x86_64", "SrcName": "ca-certificates", "SrcVersion": "20251003-r0", "Licenses": [ "MPL-2.0", "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" }, "Digest": "sha1:63ebe72ba79f548b6cdc8a9894e16a90d80f42b0", "InstalledFiles": [ "etc/ssl/cert.pem", "etc/ssl/certs/ca-certificates.crt", "etc/ssl1.1/cert.pem", "etc/ssl1.1/certs" ], "AnalyzedBy": "apk" }, { "ID": "git@2.52.0-r0", "Name": "git", "Identifier": { "PURL": "pkg:apk/alpine/git@2.52.0-r0?arch=x86_64\u0026distro=3.23.3", "UID": "10d9be57a3f499b0" }, "Version": "2.52.0-r0", "Arch": "x86_64", "SrcName": "git", "SrcVersion": "2.52.0-r0", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libcurl@8.17.0-r1", "libexpat@2.7.5-r0", "musl@1.2.5-r21", "pcre2@10.47-r0", "zlib@1.3.1-r2" ], "Layer": { "Digest": "sha256:bd497c3c7308c842e0f22a21ca9b68d68ca44053263d05c58613a495d11cc276", "DiffID": "sha256:66331502f5f6a99cd657f4ef104273d82c78207f11e9d8f5ca16e2b53d08c361" }, "Digest": "sha1:bd0b28f91894dc75880a22468445a2d084beb009", "InstalledFiles": [ "usr/bin/git", "usr/bin/git-receive-pack", "usr/bin/git-shell", "usr/bin/git-upload-archive", "usr/bin/git-upload-pack", "usr/libexec/git-core/git", "usr/libexec/git-core/git-add", "usr/libexec/git-core/git-am", "usr/libexec/git-core/git-annotate", "usr/libexec/git-core/git-apply", "usr/libexec/git-core/git-archive", "usr/libexec/git-core/git-backfill", "usr/libexec/git-core/git-bisect", "usr/libexec/git-core/git-blame", "usr/libexec/git-core/git-branch", "usr/libexec/git-core/git-bugreport", "usr/libexec/git-core/git-bundle", "usr/libexec/git-core/git-cat-file", "usr/libexec/git-core/git-check-attr", "usr/libexec/git-core/git-check-ignore", "usr/libexec/git-core/git-check-mailmap", "usr/libexec/git-core/git-check-ref-format", "usr/libexec/git-core/git-checkout", "usr/libexec/git-core/git-checkout--worker", "usr/libexec/git-core/git-checkout-index", "usr/libexec/git-core/git-cherry", "usr/libexec/git-core/git-cherry-pick", "usr/libexec/git-core/git-clean", "usr/libexec/git-core/git-clone", "usr/libexec/git-core/git-column", "usr/libexec/git-core/git-commit", "usr/libexec/git-core/git-commit-graph", "usr/libexec/git-core/git-commit-tree", "usr/libexec/git-core/git-config", "usr/libexec/git-core/git-count-objects", "usr/libexec/git-core/git-credential", "usr/libexec/git-core/git-credential-cache", "usr/libexec/git-core/git-credential-cache--daemon", "usr/libexec/git-core/git-credential-store", "usr/libexec/git-core/git-describe", "usr/libexec/git-core/git-diagnose", "usr/libexec/git-core/git-diff", "usr/libexec/git-core/git-diff-files", "usr/libexec/git-core/git-diff-index", "usr/libexec/git-core/git-diff-pairs", "usr/libexec/git-core/git-diff-tree", "usr/libexec/git-core/git-difftool", "usr/libexec/git-core/git-difftool--helper", "usr/libexec/git-core/git-fast-export", "usr/libexec/git-core/git-fetch", "usr/libexec/git-core/git-fetch-pack", "usr/libexec/git-core/git-filter-branch", "usr/libexec/git-core/git-fmt-merge-msg", "usr/libexec/git-core/git-for-each-ref", "usr/libexec/git-core/git-for-each-repo", "usr/libexec/git-core/git-format-patch", "usr/libexec/git-core/git-fsck", "usr/libexec/git-core/git-fsck-objects", "usr/libexec/git-core/git-fsmonitor--daemon", "usr/libexec/git-core/git-gc", "usr/libexec/git-core/git-get-tar-commit-id", "usr/libexec/git-core/git-grep", "usr/libexec/git-core/git-gui--askyesno", "usr/libexec/git-core/git-hash-object", "usr/libexec/git-core/git-help", "usr/libexec/git-core/git-hook", "usr/libexec/git-core/git-http-fetch", "usr/libexec/git-core/git-http-push", "usr/libexec/git-core/git-index-pack", "usr/libexec/git-core/git-init", "usr/libexec/git-core/git-init-db", "usr/libexec/git-core/git-interpret-trailers", "usr/libexec/git-core/git-last-modified", "usr/libexec/git-core/git-log", "usr/libexec/git-core/git-ls-files", "usr/libexec/git-core/git-ls-remote", "usr/libexec/git-core/git-ls-tree", "usr/libexec/git-core/git-mailinfo", "usr/libexec/git-core/git-mailsplit", "usr/libexec/git-core/git-maintenance", "usr/libexec/git-core/git-merge", "usr/libexec/git-core/git-merge-base", "usr/libexec/git-core/git-merge-file", "usr/libexec/git-core/git-merge-index", "usr/libexec/git-core/git-merge-octopus", "usr/libexec/git-core/git-merge-one-file", "usr/libexec/git-core/git-merge-ours", "usr/libexec/git-core/git-merge-recursive", "usr/libexec/git-core/git-merge-resolve", "usr/libexec/git-core/git-merge-subtree", "usr/libexec/git-core/git-merge-tree", "usr/libexec/git-core/git-mergetool", "usr/libexec/git-core/git-mergetool--lib", "usr/libexec/git-core/git-mktag", "usr/libexec/git-core/git-mktree", "usr/libexec/git-core/git-multi-pack-index", "usr/libexec/git-core/git-mv", "usr/libexec/git-core/git-name-rev", "usr/libexec/git-core/git-notes", "usr/libexec/git-core/git-pack-objects", "usr/libexec/git-core/git-pack-redundant", "usr/libexec/git-core/git-pack-refs", "usr/libexec/git-core/git-patch-id", "usr/libexec/git-core/git-prune", "usr/libexec/git-core/git-prune-packed", "usr/libexec/git-core/git-pull", "usr/libexec/git-core/git-push", "usr/libexec/git-core/git-quiltimport", "usr/libexec/git-core/git-range-diff", "usr/libexec/git-core/git-read-tree", "usr/libexec/git-core/git-rebase", "usr/libexec/git-core/git-receive-pack", "usr/libexec/git-core/git-reflog", "usr/libexec/git-core/git-refs", "usr/libexec/git-core/git-remote", "usr/libexec/git-core/git-remote-ext", "usr/libexec/git-core/git-remote-fd", "usr/libexec/git-core/git-remote-ftp", "usr/libexec/git-core/git-remote-ftps", "usr/libexec/git-core/git-remote-http", "usr/libexec/git-core/git-remote-https", "usr/libexec/git-core/git-repack", "usr/libexec/git-core/git-replace", "usr/libexec/git-core/git-replay", "usr/libexec/git-core/git-repo", "usr/libexec/git-core/git-request-pull", "usr/libexec/git-core/git-rerere", "usr/libexec/git-core/git-reset", "usr/libexec/git-core/git-restore", "usr/libexec/git-core/git-rev-list", "usr/libexec/git-core/git-rev-parse", "usr/libexec/git-core/git-revert", "usr/libexec/git-core/git-rm", "usr/libexec/git-core/git-send-pack", "usr/libexec/git-core/git-sh-i18n", "usr/libexec/git-core/git-sh-i18n--envsubst", "usr/libexec/git-core/git-sh-setup", "usr/libexec/git-core/git-shortlog", "usr/libexec/git-core/git-show", "usr/libexec/git-core/git-show-branch", "usr/libexec/git-core/git-show-index", "usr/libexec/git-core/git-show-ref", "usr/libexec/git-core/git-sparse-checkout", "usr/libexec/git-core/git-stage", "usr/libexec/git-core/git-stash", "usr/libexec/git-core/git-status", "usr/libexec/git-core/git-stripspace", "usr/libexec/git-core/git-submodule", "usr/libexec/git-core/git-submodule--helper", "usr/libexec/git-core/git-switch", "usr/libexec/git-core/git-symbolic-ref", "usr/libexec/git-core/git-tag", "usr/libexec/git-core/git-unpack-file", "usr/libexec/git-core/git-unpack-objects", "usr/libexec/git-core/git-update-index", "usr/libexec/git-core/git-update-ref", "usr/libexec/git-core/git-update-server-info", "usr/libexec/git-core/git-upload-archive", "usr/libexec/git-core/git-upload-pack", "usr/libexec/git-core/git-var", "usr/libexec/git-core/git-verify-commit", "usr/libexec/git-core/git-verify-pack", "usr/libexec/git-core/git-verify-tag", "usr/libexec/git-core/git-version", "usr/libexec/git-core/git-web--browse", "usr/libexec/git-core/git-whatchanged", "usr/libexec/git-core/git-worktree", "usr/libexec/git-core/git-write-tree", "usr/libexec/git-core/mergetools/araxis", "usr/libexec/git-core/mergetools/bc", "usr/libexec/git-core/mergetools/codecompare", "usr/libexec/git-core/mergetools/deltawalker", "usr/libexec/git-core/mergetools/diffmerge", "usr/libexec/git-core/mergetools/diffuse", "usr/libexec/git-core/mergetools/ecmerge", "usr/libexec/git-core/mergetools/emerge", "usr/libexec/git-core/mergetools/examdiff", "usr/libexec/git-core/mergetools/guiffy", "usr/libexec/git-core/mergetools/gvimdiff", "usr/libexec/git-core/mergetools/kdiff3", "usr/libexec/git-core/mergetools/kompare", "usr/libexec/git-core/mergetools/meld", "usr/libexec/git-core/mergetools/nvimdiff", "usr/libexec/git-core/mergetools/opendiff", "usr/libexec/git-core/mergetools/smerge", "usr/libexec/git-core/mergetools/tkdiff", "usr/libexec/git-core/mergetools/tortoisemerge", "usr/libexec/git-core/mergetools/vimdiff", "usr/libexec/git-core/mergetools/vscode", "usr/libexec/git-core/mergetools/winmerge", "usr/libexec/git-core/mergetools/xxdiff" ], "AnalyzedBy": "apk" }, { "ID": "git-init-template@2.52.0-r0", "Name": "git-init-template", "Identifier": { "PURL": "pkg:apk/alpine/git-init-template@2.52.0-r0?arch=x86_64\u0026distro=3.23.3", "UID": "3266ef12238e4e14" }, "Version": "2.52.0-r0", "Arch": "x86_64", "SrcName": "git", "SrcVersion": "2.52.0-r0", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:bd497c3c7308c842e0f22a21ca9b68d68ca44053263d05c58613a495d11cc276", "DiffID": "sha256:66331502f5f6a99cd657f4ef104273d82c78207f11e9d8f5ca16e2b53d08c361" }, "Digest": "sha1:ff15a67d1f4948618a1022091ae7a1bf399f3665", "InstalledFiles": [ "usr/share/git-core/templates/description", "usr/share/git-core/templates/hooks/applypatch-msg.sample", "usr/share/git-core/templates/hooks/commit-msg.sample", "usr/share/git-core/templates/hooks/post-update.sample", "usr/share/git-core/templates/hooks/pre-applypatch.sample", "usr/share/git-core/templates/hooks/pre-commit.sample", "usr/share/git-core/templates/hooks/pre-merge-commit.sample", "usr/share/git-core/templates/hooks/pre-push.sample", "usr/share/git-core/templates/hooks/pre-rebase.sample", "usr/share/git-core/templates/hooks/pre-receive.sample", "usr/share/git-core/templates/hooks/prepare-commit-msg.sample", "usr/share/git-core/templates/hooks/push-to-checkout.sample", "usr/share/git-core/templates/hooks/sendemail-validate.sample", "usr/share/git-core/templates/hooks/update.sample", "usr/share/git-core/templates/info/exclude" ], "AnalyzedBy": "apk" }, { "ID": "libapk@3.0.3-r1", "Name": "libapk", "Identifier": { "PURL": "pkg:apk/alpine/libapk@3.0.3-r1?arch=x86_64\u0026distro=3.23.3", "UID": "d8a4dac06126e84f" }, "Version": "3.0.3-r1", "Arch": "x86_64", "SrcName": "apk-tools", "SrcVersion": "3.0.3-r1", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libcrypto3@3.5.5-r0", "libssl3@3.5.5-r0", "musl@1.2.5-r21", "zlib@1.3.1-r2" ], "Layer": { "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" }, "Digest": "sha1:17d0c18e379eb411aaa3e07392343a2dd6e098cc", "InstalledFiles": [ "usr/lib/libapk.so.3.0.0" ], "AnalyzedBy": "apk" }, { "ID": "libcrypto3@3.5.5-r0", "Name": "libcrypto3", "Identifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.5-r0?arch=x86_64\u0026distro=3.23.3", "UID": "6778a588f2cebd48" }, "Version": "3.5.5-r0", "Arch": "x86_64", "SrcName": "openssl", "SrcVersion": "3.5.5-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r21" ], "Layer": { "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" }, "Digest": "sha1:9ebf6995e814bacff0c04a868b0b27c3e82090f4", "InstalledFiles": [ "etc/ssl/ct_log_list.cnf", "etc/ssl/ct_log_list.cnf.dist", "etc/ssl/openssl.cnf", "etc/ssl/openssl.cnf.dist", "usr/lib/libcrypto.so.3", "usr/lib/engines-3/afalg.so", "usr/lib/engines-3/capi.so", "usr/lib/engines-3/loader_attic.so", "usr/lib/engines-3/padlock.so", "usr/lib/ossl-modules/legacy.so" ], "AnalyzedBy": "apk" }, { "ID": "libcurl@8.17.0-r1", "Name": "libcurl", "Identifier": { "PURL": "pkg:apk/alpine/libcurl@8.17.0-r1?arch=x86_64\u0026distro=3.23.3", "UID": "85c7760f5617ed48" }, "Version": "8.17.0-r1", "Arch": "x86_64", "SrcName": "curl", "SrcVersion": "8.17.0-r1", "Licenses": [ "curl" ], "Maintainer": "Achill Gilgenast \u003cachill@achill.org\u003e", "DependsOn": [ "brotli-libs@1.2.0-r0", "c-ares@1.34.6-r0", "ca-certificates-bundle@20251003-r0", "libcrypto3@3.5.5-r0", "libidn2@2.3.8-r0", "libpsl@0.21.5-r3", "libssl3@3.5.5-r0", "musl@1.2.5-r21", "nghttp2-libs@1.68.0-r0", "nghttp3@1.13.1-r0", "zlib@1.3.1-r2", "zstd-libs@1.5.7-r2" ], "Layer": { "Digest": "sha256:bd497c3c7308c842e0f22a21ca9b68d68ca44053263d05c58613a495d11cc276", "DiffID": "sha256:66331502f5f6a99cd657f4ef104273d82c78207f11e9d8f5ca16e2b53d08c361" }, "Digest": "sha1:4018e686de80aa87659e95c1e62a3539c1d2542f", "InstalledFiles": [ "usr/lib/libcurl.so.4", "usr/lib/libcurl.so.4.8.0" ], "AnalyzedBy": "apk" }, { "ID": "libexpat@2.7.5-r0", "Name": "libexpat", "Identifier": { "PURL": "pkg:apk/alpine/libexpat@2.7.5-r0?arch=x86_64\u0026distro=3.23.3", "UID": "60ae354914fcce6c" }, "Version": "2.7.5-r0", "Arch": "x86_64", "SrcName": "expat", "SrcVersion": "2.7.5-r0", "Licenses": [ "MIT" ], "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r21" ], "Layer": { "Digest": "sha256:bd497c3c7308c842e0f22a21ca9b68d68ca44053263d05c58613a495d11cc276", "DiffID": "sha256:66331502f5f6a99cd657f4ef104273d82c78207f11e9d8f5ca16e2b53d08c361" }, "Digest": "sha1:5760d53ddd7cca8a742c672e4e00a475718eacaa", "InstalledFiles": [ "usr/lib/libexpat.so.1", "usr/lib/libexpat.so.1.11.3" ], "AnalyzedBy": "apk" }, { "ID": "libidn2@2.3.8-r0", "Name": "libidn2", "Identifier": { "PURL": "pkg:apk/alpine/libidn2@2.3.8-r0?arch=x86_64\u0026distro=3.23.3", "UID": "e2fcbba2f74d78bf" }, "Version": "2.3.8-r0", "Arch": "x86_64", "SrcName": "libidn2", "SrcVersion": "2.3.8-r0", "Licenses": [ "GPL-2.0-or-later", "LGPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libunistring@1.4.1-r0", "musl@1.2.5-r21" ], "Layer": { "Digest": "sha256:bd497c3c7308c842e0f22a21ca9b68d68ca44053263d05c58613a495d11cc276", "DiffID": "sha256:66331502f5f6a99cd657f4ef104273d82c78207f11e9d8f5ca16e2b53d08c361" }, "Digest": "sha1:b8c5bfa365da5c360a01230db4d71e65af94af3d", "InstalledFiles": [ "usr/lib/libidn2.so.0", "usr/lib/libidn2.so.0.4.0" ], "AnalyzedBy": "apk" }, { "ID": "libpsl@0.21.5-r3", "Name": "libpsl", "Identifier": { "PURL": "pkg:apk/alpine/libpsl@0.21.5-r3?arch=x86_64\u0026distro=3.23.3", "UID": "9fb5bd2254e54a0" }, "Version": "0.21.5-r3", "Arch": "x86_64", "SrcName": "libpsl", "SrcVersion": "0.21.5-r3", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libidn2@2.3.8-r0", "libunistring@1.4.1-r0", "musl@1.2.5-r21" ], "Layer": { "Digest": "sha256:bd497c3c7308c842e0f22a21ca9b68d68ca44053263d05c58613a495d11cc276", "DiffID": "sha256:66331502f5f6a99cd657f4ef104273d82c78207f11e9d8f5ca16e2b53d08c361" }, "Digest": "sha1:b663c00f920a93be49c825555aa1a212e4287393", "InstalledFiles": [ "usr/lib/libpsl.so.5", "usr/lib/libpsl.so.5.3.5" ], "AnalyzedBy": "apk" }, { "ID": "libssl3@3.5.5-r0", "Name": "libssl3", "Identifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.5-r0?arch=x86_64\u0026distro=3.23.3", "UID": "bca2260902e2ef48" }, "Version": "3.5.5-r0", "Arch": "x86_64", "SrcName": "openssl", "SrcVersion": "3.5.5-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libcrypto3@3.5.5-r0", "musl@1.2.5-r21" ], "Layer": { "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" }, "Digest": "sha1:12234895b6577cddcbe3450406f357600e8a6951", "InstalledFiles": [ "usr/lib/libssl.so.3" ], "AnalyzedBy": "apk" }, { "ID": "libunistring@1.4.1-r0", "Name": "libunistring", "Identifier": { "PURL": "pkg:apk/alpine/libunistring@1.4.1-r0?arch=x86_64\u0026distro=3.23.3", "UID": "4e0ee8fa7d9a5823" }, "Version": "1.4.1-r0", "Arch": "x86_64", "SrcName": "libunistring", "SrcVersion": "1.4.1-r0", "Licenses": [ "GPL-2.0-or-later", "LGPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r21" ], "Layer": { "Digest": "sha256:bd497c3c7308c842e0f22a21ca9b68d68ca44053263d05c58613a495d11cc276", "DiffID": "sha256:66331502f5f6a99cd657f4ef104273d82c78207f11e9d8f5ca16e2b53d08c361" }, "Digest": "sha1:6e56562bde456bee5971787d3d95c34e84ced797", "InstalledFiles": [ "usr/lib/libunistring.so.5", "usr/lib/libunistring.so.5.2.1" ], "AnalyzedBy": "apk" }, { "ID": "musl@1.2.5-r21", "Name": "musl", "Identifier": { "PURL": "pkg:apk/alpine/musl@1.2.5-r21?arch=x86_64\u0026distro=3.23.3", "UID": "750ab06f52f2bfe9" }, "Version": "1.2.5-r21", "Arch": "x86_64", "SrcName": "musl", "SrcVersion": "1.2.5-r21", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" }, "Digest": "sha1:d05a75ec13e1a7a8bab56ce7cd3dc79bd727e698", "InstalledFiles": [ "lib/ld-musl-x86_64.so.1", "lib/libc.musl-x86_64.so.1" ], "AnalyzedBy": "apk" }, { "ID": "musl-utils@1.2.5-r21", "Name": "musl-utils", "Identifier": { "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r21?arch=x86_64\u0026distro=3.23.3", "UID": "9dadd6d4093981ad" }, "Version": "1.2.5-r21", "Arch": "x86_64", "SrcName": "musl", "SrcVersion": "1.2.5-r21", "Licenses": [ "MIT", "BSD-2-Clause", "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r21", "scanelf@1.3.8-r2" ], "Layer": { "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" }, "Digest": "sha1:daa79528d2cf877f6d656207a818d43c8dea9a30", "InstalledFiles": [ "sbin/ldconfig", "usr/bin/getconf", "usr/bin/getent", "usr/bin/iconv", "usr/bin/ldd" ], "AnalyzedBy": "apk" }, { "ID": "nghttp2-libs@1.68.0-r0", "Name": "nghttp2-libs", "Identifier": { "PURL": "pkg:apk/alpine/nghttp2-libs@1.68.0-r0?arch=x86_64\u0026distro=3.23.3", "UID": "802c936f9e7891b2" }, "Version": "1.68.0-r0", "Arch": "x86_64", "SrcName": "nghttp2", "SrcVersion": "1.68.0-r0", "Licenses": [ "MIT" ], "Maintainer": "Francesco Colista \u003cfcolista@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r21" ], "Layer": { "Digest": "sha256:bd497c3c7308c842e0f22a21ca9b68d68ca44053263d05c58613a495d11cc276", "DiffID": "sha256:66331502f5f6a99cd657f4ef104273d82c78207f11e9d8f5ca16e2b53d08c361" }, "Digest": "sha1:584b6a1b0aed58a3f543bfd77729b0d8a8b1745b", "InstalledFiles": [ "usr/lib/libnghttp2.so.14", "usr/lib/libnghttp2.so.14.29.2" ], "AnalyzedBy": "apk" }, { "ID": "nghttp3@1.13.1-r0", "Name": "nghttp3", "Identifier": { "PURL": "pkg:apk/alpine/nghttp3@1.13.1-r0?arch=x86_64\u0026distro=3.23.3", "UID": "7999d360d1276f40" }, "Version": "1.13.1-r0", "Arch": "x86_64", "SrcName": "nghttp3", "SrcVersion": "1.13.1-r0", "Licenses": [ "MIT" ], "Maintainer": "Jakub Jirutka \u003cjakub@jirutka.cz\u003e", "DependsOn": [ "musl@1.2.5-r21" ], "Layer": { "Digest": "sha256:bd497c3c7308c842e0f22a21ca9b68d68ca44053263d05c58613a495d11cc276", "DiffID": "sha256:66331502f5f6a99cd657f4ef104273d82c78207f11e9d8f5ca16e2b53d08c361" }, "Digest": "sha1:e48fcb3e81f7e46a42e3926d8513c83b7798774b", "InstalledFiles": [ "usr/lib/libnghttp3.so.9", "usr/lib/libnghttp3.so.9.5.1" ], "AnalyzedBy": "apk" }, { "ID": "pcre2@10.47-r0", "Name": "pcre2", "Identifier": { "PURL": "pkg:apk/alpine/pcre2@10.47-r0?arch=x86_64\u0026distro=3.23.3", "UID": "84da847bec967f4e" }, "Version": "10.47-r0", "Arch": "x86_64", "SrcName": "pcre2", "SrcVersion": "10.47-r0", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Jakub Jirutka \u003cjakub@jirutka.cz\u003e", "DependsOn": [ "musl@1.2.5-r21" ], "Layer": { "Digest": "sha256:bd497c3c7308c842e0f22a21ca9b68d68ca44053263d05c58613a495d11cc276", "DiffID": "sha256:66331502f5f6a99cd657f4ef104273d82c78207f11e9d8f5ca16e2b53d08c361" }, "Digest": "sha1:549059958151627bb0f5469bded945988b1bc24b", "InstalledFiles": [ "usr/lib/libpcre2-8.so.0", "usr/lib/libpcre2-8.so.0.15.0", "usr/lib/libpcre2-posix.so.3", "usr/lib/libpcre2-posix.so.3.0.7" ], "AnalyzedBy": "apk" }, { "ID": "scanelf@1.3.8-r2", "Name": "scanelf", "Identifier": { "PURL": "pkg:apk/alpine/scanelf@1.3.8-r2?arch=x86_64\u0026distro=3.23.3", "UID": "948b35f6525ae462" }, "Version": "1.3.8-r2", "Arch": "x86_64", "SrcName": "pax-utils", "SrcVersion": "1.3.8-r2", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r21" ], "Layer": { "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" }, "Digest": "sha1:6ea36dd44ef9f6364f0cdfabe09ea15d2fdbe229", "InstalledFiles": [ "usr/bin/scanelf" ], "AnalyzedBy": "apk" }, { "ID": "ssl_client@1.37.0-r30", "Name": "ssl_client", "Identifier": { "PURL": "pkg:apk/alpine/ssl_client@1.37.0-r30?arch=x86_64\u0026distro=3.23.3", "UID": "260f15056a81cadb" }, "Version": "1.37.0-r30", "Arch": "x86_64", "SrcName": "busybox", "SrcVersion": "1.37.0-r30", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", "DependsOn": [ "libcrypto3@3.5.5-r0", "libssl3@3.5.5-r0", "musl@1.2.5-r21" ], "Layer": { "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" }, "Digest": "sha1:5b6ec0939cfc9be47d9677a3152c547cc18b5edd", "InstalledFiles": [ "usr/bin/ssl_client" ], "AnalyzedBy": "apk" }, { "ID": "zlib@1.3.1-r2", "Name": "zlib", "Identifier": { "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.23.3", "UID": "792cdc69bc59d880" }, "Version": "1.3.1-r2", "Arch": "x86_64", "SrcName": "zlib", "SrcVersion": "1.3.1-r2", "Licenses": [ "Zlib" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r21" ], "Layer": { "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" }, "Digest": "sha1:3e8e8e76dfefb4efd27658ada6d792e66ba2775e", "InstalledFiles": [ "usr/lib/libz.so.1", "usr/lib/libz.so.1.3.1" ], "AnalyzedBy": "apk" }, { "ID": "zstd-libs@1.5.7-r2", "Name": "zstd-libs", "Identifier": { "PURL": "pkg:apk/alpine/zstd-libs@1.5.7-r2?arch=x86_64\u0026distro=3.23.3", "UID": "8146f1dd71a6e601" }, "Version": "1.5.7-r2", "Arch": "x86_64", "SrcName": "zstd", "SrcVersion": "1.5.7-r2", "Licenses": [ "BSD-3-Clause", "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r21" ], "Layer": { "Digest": "sha256:bd497c3c7308c842e0f22a21ca9b68d68ca44053263d05c58613a495d11cc276", "DiffID": "sha256:66331502f5f6a99cd657f4ef104273d82c78207f11e9d8f5ca16e2b53d08c361" }, "Digest": "sha1:d507b8ac3c4335a40405ac20e49bac9d43642be6", "InstalledFiles": [ "usr/lib/libzstd.so.1", "usr/lib/libzstd.so.1.5.7" ], "AnalyzedBy": "apk" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2026-31789", "PkgID": "libcrypto3@3.5.5-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.5-r0?arch=x86_64\u0026distro=3.23.3", "UID": "6778a588f2cebd48" }, "InstalledVersion": "3.5.5-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31789", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:efa3ef64336fffb0fcb789c0f6d347b122302023cf686d68f62f775a5f9dda83", "Title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing", "Description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "CRITICAL", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "azure": 2, "nvd": 4, "photon": 4, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", "V3Score": 5.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31789", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-j79m-9jxq-788r", "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-31789", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.617Z", "LastModifiedDate": "2026-05-12T13:17:34.57Z" }, { "VulnerabilityID": "CVE-2026-28387", "PkgID": "libcrypto3@3.5.5-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.5-r0?arch=x86_64\u0026distro=3.23.3", "UID": "6778a588f2cebd48" }, "InstalledVersion": "3.5.5-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28387", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:808873f705a62e9e892cb67453c7adf6abd85475d65a56bee74d01cdea665f38", "Title": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication", "Description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as 'unusable' any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28387", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b", "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe", "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3", "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7", "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177", "https://nvd.nist.gov/vuln/detail/CVE-2026-28387", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28387", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:20.7Z", "LastModifiedDate": "2026-05-12T13:17:33.27Z" }, { "VulnerabilityID": "CVE-2026-28388", "PkgID": "libcrypto3@3.5.5-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.5-r0?arch=x86_64\u0026distro=3.23.3", "UID": "6778a588f2cebd48" }, "InstalledVersion": "3.5.5-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28388", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:55d5ee4148b21f462fa3d76250089f2207c1e01c638e5a3d0bbd846e51f23100", "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing", "Description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28388", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28388", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:20.863Z", "LastModifiedDate": "2026-05-12T13:17:33.453Z" }, { "VulnerabilityID": "CVE-2026-28389", "PkgID": "libcrypto3@3.5.5-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.5-r0?arch=x86_64\u0026distro=3.23.3", "UID": "6778a588f2cebd48" }, "InstalledVersion": "3.5.5-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28389", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:a6c5131c65f1f8d4c30af1e141abf1a7fdc7a868b849228fa5979f5cb3137e27", "Title": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing", "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28389", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/advisories/GHSA-7x88-9hgc-69gf", "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28389", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.03Z", "LastModifiedDate": "2026-05-12T13:17:33.637Z" }, { "VulnerabilityID": "CVE-2026-28390", "PkgID": "libcrypto3@3.5.5-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.5-r0?arch=x86_64\u0026distro=3.23.3", "UID": "6778a588f2cebd48" }, "InstalledVersion": "3.5.5-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28390", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:12800cb78f6499baee4d6edf1076df5790b07bad532b526c0badc415fd8f7311", "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing", "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28390", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", "https://nvd.nist.gov/vuln/detail/CVE-2026-28390", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28390", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.19Z", "LastModifiedDate": "2026-05-12T13:17:33.81Z" }, { "VulnerabilityID": "CVE-2026-2673", "PkgID": "libcrypto3@3.5.5-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.5-r0?arch=x86_64\u0026distro=3.23.3", "UID": "6778a588f2cebd48" }, "InstalledVersion": "3.5.5-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-2673", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:2b5e63401b26bbba233754bac4181283679ad576d70f4432016343d409de6901", "Title": "openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group", "Description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-757" ], "VendorSeverity": { "amazon": 1, "julia": 3, "redhat": 2, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/13/3", "https://access.redhat.com/security/cve/CVE-2026-2673", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-wj64-gh9j-xm82", "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "https://openssl-library.org/news/secadv/20260313.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-2673" ], "PublishedDate": "2026-03-13T19:54:34.033Z", "LastModifiedDate": "2026-05-18T20:16:37.763Z" }, { "VulnerabilityID": "CVE-2026-31790", "PkgID": "libcrypto3@3.5.5-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.5.5-r0?arch=x86_64\u0026distro=3.23.3", "UID": "6778a588f2cebd48" }, "InstalledVersion": "3.5.5-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31790", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:ba281cca75bb4ae35020b82eadc016988de3edbdacfd4af21375e931e1c78fcd", "Title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key", "Description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-754" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31790", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-vgxx-5xj5-q97x", "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-31790", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.77Z", "LastModifiedDate": "2026-05-12T13:17:34.75Z" }, { "VulnerabilityID": "CVE-2025-14017", "PkgID": "libcurl@8.17.0-r1", "PkgName": "libcurl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcurl@8.17.0-r1?arch=x86_64\u0026distro=3.23.3", "UID": "85c7760f5617ed48" }, "InstalledVersion": "8.17.0-r1", "FixedVersion": "8.19.0-r0", "Status": "fixed", "Layer": { "Digest": "sha256:bd497c3c7308c842e0f22a21ca9b68d68ca44053263d05c58613a495d11cc276", "DiffID": "sha256:66331502f5f6a99cd657f4ef104273d82c78207f11e9d8f5ca16e2b53d08c361" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-14017", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:90ac65d633603b375d33a7464e7ac0c0253a920725fc01636b36a80abff5911a", "Title": "curl: curl: Security bypass due to global TLS option changes in multi-threaded LDAPS transfers", "Description": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\n\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "julia": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "V3Score": 6.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 4.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/07/3", "https://access.redhat.com/security/cve/CVE-2025-14017", "https://curl.se/docs/CVE-2025-14017.html", "https://curl.se/docs/CVE-2025-14017.json", "https://github.com/advisories/GHSA-jh4h-2cg6-889h", "https://nvd.nist.gov/vuln/detail/CVE-2025-14017", "https://ubuntu.com/security/notices/USN-8062-1", "https://ubuntu.com/security/notices/USN-8062-2", "https://www.cve.org/CVERecord?id=CVE-2025-14017" ], "PublishedDate": "2026-01-08T10:15:45.667Z", "LastModifiedDate": "2026-01-27T21:29:39.953Z" }, { "VulnerabilityID": "CVE-2026-1965", "PkgID": "libcurl@8.17.0-r1", "PkgName": "libcurl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcurl@8.17.0-r1?arch=x86_64\u0026distro=3.23.3", "UID": "85c7760f5617ed48" }, "InstalledVersion": "8.17.0-r1", "FixedVersion": "8.19.0-r0", "Status": "fixed", "Layer": { "Digest": "sha256:bd497c3c7308c842e0f22a21ca9b68d68ca44053263d05c58613a495d11cc276", "DiffID": "sha256:66331502f5f6a99cd657f4ef104273d82c78207f11e9d8f5ca16e2b53d08c361" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-1965", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:2b6a7f862474fdd6c3b8407f8c67a43cd2e9b3eea80326f00fc137c5494d7710", "Title": "curl: curl: Authentication bypass due to incorrect connection reuse with Negotiate authentication", "Description": "libcurl can in some circumstances reuse the wrong connection when asked to do\nan Negotiate-authenticated HTTP or HTTPS request.\n\nlibcurl features a pool of recent connections so that subsequent requests can\nreuse an existing connection to avoid overhead.\n\nWhen reusing a connection a range of criterion must first be met. Due to a\nlogical error in the code, a request that was issued by an application could\nwrongfully reuse an existing connection to the same server that was\nauthenticated using different credentials. One underlying reason being that\nNegotiate sometimes authenticates *connections* and not *requests*, contrary\nto how HTTP is designed to work.\n\nAn application that allows Negotiate authentication to a server (that responds\nwanting Negotiate) with `user1:password1` and then does another operation to\nthe same server also using Negotiate but with `user2:password2` (while the\nprevious connection is still alive) - the second request wrongly reused the\nsame connection and since it then sees that the Negotiate negotiation is\nalready made, it just sends the request over that connection thinking it uses\nthe user2 credentials when it is in fact still using the connection\nauthenticated for user1...\n\nThe set of authentication methods to use is set with `CURLOPT_HTTPAUTH`.\n\nApplications can disable libcurl's reuse of connections and thus mitigate this\nproblem, by using one of the following libcurl options to alter how\nconnections are or are not reused: `CURLOPT_FRESH_CONNECT`,\n`CURLOPT_MAXCONNECTS` and `CURLMOPT_MAX_HOST_CONNECTIONS` (if using the\ncurl_multi API).", "Severity": "MEDIUM", "CweIDs": [ "CWE-305" ], "VendorSeverity": { "azure": 2, "julia": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "V3Score": 6.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-1965", "https://curl.se/docs/CVE-2026-1965.html", "https://curl.se/docs/CVE-2026-1965.json", "https://nvd.nist.gov/vuln/detail/CVE-2026-1965", "https://ubuntu.com/security/notices/USN-8084-1", "https://ubuntu.com/security/notices/USN-8099-1", "https://www.cve.org/CVERecord?id=CVE-2026-1965" ], "PublishedDate": "2026-03-11T11:15:59.177Z", "LastModifiedDate": "2026-03-12T14:11:19.07Z" }, { "VulnerabilityID": "CVE-2026-3783", "PkgID": "libcurl@8.17.0-r1", "PkgName": "libcurl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcurl@8.17.0-r1?arch=x86_64\u0026distro=3.23.3", "UID": "85c7760f5617ed48" }, "InstalledVersion": "8.17.0-r1", "FixedVersion": "8.19.0-r0", "Status": "fixed", "Layer": { "Digest": "sha256:bd497c3c7308c842e0f22a21ca9b68d68ca44053263d05c58613a495d11cc276", "DiffID": "sha256:66331502f5f6a99cd657f4ef104273d82c78207f11e9d8f5ca16e2b53d08c361" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3783", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:f2fd33fb7e29cf16af77e18c81bb33d9f7d462fb157cdebd6ae7784c926f6caf", "Title": "curl: curl: Information disclosure via OAuth2 bearer token leakage during HTTP(S) redirect", "Description": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\n\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "Severity": "MEDIUM", "CweIDs": [ "CWE-522" ], "VendorSeverity": { "azure": 2, "julia": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "V3Score": 5.7 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/11/2", "https://access.redhat.com/security/cve/CVE-2026-3783", "https://curl.se/docs/CVE-2026-3783.html", "https://curl.se/docs/CVE-2026-3783.json", "https://github.com/advisories/GHSA-8whr-249c-vfjp", "https://hackerone.com/reports/3583983", "https://nvd.nist.gov/vuln/detail/CVE-2026-3783", "https://ubuntu.com/security/notices/USN-8084-1", "https://ubuntu.com/security/notices/USN-8099-1", "https://www.cve.org/CVERecord?id=CVE-2026-3783" ], "PublishedDate": "2026-03-11T11:16:00.08Z", "LastModifiedDate": "2026-03-12T14:10:37.3Z" }, { "VulnerabilityID": "CVE-2026-3784", "PkgID": "libcurl@8.17.0-r1", "PkgName": "libcurl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcurl@8.17.0-r1?arch=x86_64\u0026distro=3.23.3", "UID": "85c7760f5617ed48" }, "InstalledVersion": "8.17.0-r1", "FixedVersion": "8.19.0-r0", "Status": "fixed", "Layer": { "Digest": "sha256:bd497c3c7308c842e0f22a21ca9b68d68ca44053263d05c58613a495d11cc276", "DiffID": "sha256:66331502f5f6a99cd657f4ef104273d82c78207f11e9d8f5ca16e2b53d08c361" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3784", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:c080017a1ac95299310222d88329fdabb6c31d0e496e383e0198e1ff7f2421a7", "Title": "curl: curl: Unauthorized access due to improper HTTP proxy connection reuse", "Description": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "Severity": "MEDIUM", "CweIDs": [ "CWE-305" ], "VendorSeverity": { "azure": 2, "julia": 2, "photon": 2, "redhat": 2, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/11/3", "https://access.redhat.com/security/cve/CVE-2026-3784", "https://curl.se/docs/CVE-2026-3784.html", "https://curl.se/docs/CVE-2026-3784.json", "https://github.com/advisories/GHSA-5q3w-6p3j-mw6p", "https://hackerone.com/reports/3584903", "https://nvd.nist.gov/vuln/detail/CVE-2026-3784", "https://ubuntu.com/security/notices/USN-8084-1", "https://ubuntu.com/security/notices/USN-8099-1", "https://www.cve.org/CVERecord?id=CVE-2026-3784" ], "PublishedDate": "2026-03-11T11:16:00.437Z", "LastModifiedDate": "2026-03-12T14:09:50.47Z" }, { "VulnerabilityID": "CVE-2026-3805", "PkgID": "libcurl@8.17.0-r1", "PkgName": "libcurl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcurl@8.17.0-r1?arch=x86_64\u0026distro=3.23.3", "UID": "85c7760f5617ed48" }, "InstalledVersion": "8.17.0-r1", "FixedVersion": "8.19.0-r0", "Status": "fixed", "Layer": { "Digest": "sha256:bd497c3c7308c842e0f22a21ca9b68d68ca44053263d05c58613a495d11cc276", "DiffID": "sha256:66331502f5f6a99cd657f4ef104273d82c78207f11e9d8f5ca16e2b53d08c361" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3805", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:23c7f777ba95adc58824dcb9a982e61a1dc5dd59d150177ff10868b2c82b16d8", "Title": "curl: curl: Arbitrary code execution or Denial of Service via use-after-free in SMB request handling", "Description": "When doing a second SMB request to the same host again, curl would wrongly use\na data pointer pointing into already freed memory.", "Severity": "MEDIUM", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 2, "julia": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "V3Score": 6.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/11/4", "https://access.redhat.com/security/cve/CVE-2026-3805", "https://curl.se/docs/CVE-2026-3805.html", "https://curl.se/docs/CVE-2026-3805.json", "https://github.com/advisories/GHSA-2289-hhfc-p684", "https://hackerone.com/reports/3591944", "https://nvd.nist.gov/vuln/detail/CVE-2026-3805", "https://ubuntu.com/security/notices/USN-8084-1", "https://www.cve.org/CVERecord?id=CVE-2026-3805" ], "PublishedDate": "2026-03-11T11:16:00.967Z", "LastModifiedDate": "2026-03-12T14:08:56.79Z" }, { "VulnerabilityID": "CVE-2026-31789", "PkgID": "libssl3@3.5.5-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.5-r0?arch=x86_64\u0026distro=3.23.3", "UID": "bca2260902e2ef48" }, "InstalledVersion": "3.5.5-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31789", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:520ece7ddbe640a6bd03db266b91bf156337bd7efba857cbe08ba36bba8af278", "Title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing", "Description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "CRITICAL", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "azure": 2, "nvd": 4, "photon": 4, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", "V3Score": 5.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31789", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-j79m-9jxq-788r", "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-31789", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.617Z", "LastModifiedDate": "2026-05-12T13:17:34.57Z" }, { "VulnerabilityID": "CVE-2026-28387", "PkgID": "libssl3@3.5.5-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.5-r0?arch=x86_64\u0026distro=3.23.3", "UID": "bca2260902e2ef48" }, "InstalledVersion": "3.5.5-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28387", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:79d777037b571dce22acaad3a86f94a4e8847796312ec0d61102fc7a36d3cb71", "Title": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication", "Description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as 'unusable' any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28387", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b", "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe", "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3", "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7", "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177", "https://nvd.nist.gov/vuln/detail/CVE-2026-28387", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28387", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:20.7Z", "LastModifiedDate": "2026-05-12T13:17:33.27Z" }, { "VulnerabilityID": "CVE-2026-28388", "PkgID": "libssl3@3.5.5-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.5-r0?arch=x86_64\u0026distro=3.23.3", "UID": "bca2260902e2ef48" }, "InstalledVersion": "3.5.5-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28388", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:75e0f1ea5b288bb693f870ca4e5922461b12656b70a9e0e3efc48968bbec3d4c", "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing", "Description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28388", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28388", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:20.863Z", "LastModifiedDate": "2026-05-12T13:17:33.453Z" }, { "VulnerabilityID": "CVE-2026-28389", "PkgID": "libssl3@3.5.5-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.5-r0?arch=x86_64\u0026distro=3.23.3", "UID": "bca2260902e2ef48" }, "InstalledVersion": "3.5.5-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28389", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:f04763aa82196f5d25fffdfd61747aed9be06cda31b5f15b2ea4ce70e13c9fb4", "Title": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing", "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28389", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/advisories/GHSA-7x88-9hgc-69gf", "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28389", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.03Z", "LastModifiedDate": "2026-05-12T13:17:33.637Z" }, { "VulnerabilityID": "CVE-2026-28390", "PkgID": "libssl3@3.5.5-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.5-r0?arch=x86_64\u0026distro=3.23.3", "UID": "bca2260902e2ef48" }, "InstalledVersion": "3.5.5-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28390", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:3f3399011da49e464fc723132fba081923571904ffccf9b07ac51d19671bddd2", "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing", "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28390", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", "https://nvd.nist.gov/vuln/detail/CVE-2026-28390", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28390", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.19Z", "LastModifiedDate": "2026-05-12T13:17:33.81Z" }, { "VulnerabilityID": "CVE-2026-2673", "PkgID": "libssl3@3.5.5-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.5-r0?arch=x86_64\u0026distro=3.23.3", "UID": "bca2260902e2ef48" }, "InstalledVersion": "3.5.5-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-2673", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:46a2167cf1001230ba7640f1a0e3a476c4e51b54f2c2d70fcd3a4e057db8a12c", "Title": "openssl: OpenSSL TLS 1.3 server may choose unexpected key agreement group", "Description": "Issue summary: An OpenSSL TLS 1.3 server may fail to negotiate the expected\npreferred key exchange group when its key exchange group configuration includes\nthe default by using the 'DEFAULT' keyword.\n\nImpact summary: A less preferred key exchange may be used even when a more\npreferred group is supported by both client and server, if the group\nwas not included among the client's initial predicated keyshares.\nThis will sometimes be the case with the new hybrid post-quantum groups,\nif the client chooses to defer their use until specifically requested by\nthe server.\n\nIf an OpenSSL TLS 1.3 server's configuration uses the 'DEFAULT' keyword to\ninterpolate the built-in default group list into its own configuration, perhaps\nadding or removing specific elements, then an implementation defect causes the\n'DEFAULT' list to lose its 'tuple' structure, and all server-supported groups\nwere treated as a single sufficiently secure 'tuple', with the server not\nsending a Hello Retry Request (HRR) even when a group in a more preferred tuple\nwas mutually supported.\n\nAs a result, the client and server might fail to negotiate a mutually supported\npost-quantum key agreement group, such as 'X25519MLKEM768', if the client's\nconfiguration results in only 'classical' groups (such as 'X25519' being the\nonly ones in the client's initial keyshare prediction).\n\nOpenSSL 3.5 and later support a new syntax for selecting the most preferred TLS\n1.3 key agreement group on TLS servers. The old syntax had a single 'flat'\nlist of groups, and treated all the supported groups as sufficiently secure.\nIf any of the keyshares predicted by the client were supported by the server\nthe most preferred among these was selected, even if other groups supported by\nthe client, but not included in the list of predicted keyshares would have been\nmore preferred, if included.\n\nThe new syntax partitions the groups into distinct 'tuples' of roughly\nequivalent security. Within each tuple the most preferred group included among\nthe client's predicted keyshares is chosen, but if the client supports a group\nfrom a more preferred tuple, but did not predict any corresponding keyshares,\nthe server will ask the client to retry the ClientHello (by issuing a Hello\nRetry Request or HRR) with the most preferred mutually supported group.\n\nThe above works as expected when the server's configuration uses the built-in\ndefault group list, or explicitly defines its own list by directly defining the\nvarious desired groups and group 'tuples'.\n\nNo OpenSSL FIPS modules are affected by this issue, the code in question lies\noutside the FIPS boundary.\n\nOpenSSL 3.6 and 3.5 are vulnerable to this issue.\n\nOpenSSL 3.6 users should upgrade to OpenSSL 3.6.2 once it is released.\nOpenSSL 3.5 users should upgrade to OpenSSL 3.5.6 once it is released.\n\nOpenSSL 3.4, 3.3, 3.0, 1.0.2 and 1.1.1 are not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-757" ], "VendorSeverity": { "amazon": 1, "julia": 3, "redhat": 2, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/13/3", "https://access.redhat.com/security/cve/CVE-2026-2673", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-wj64-gh9j-xm82", "https://github.com/openssl/openssl/commit/2157c9d81f7b0bd7dfa25b960e928ec28e8dd63f", "https://github.com/openssl/openssl/commit/85977e013f32ceb96aa034c0e741adddc1a05e34", "https://nvd.nist.gov/vuln/detail/CVE-2026-2673", "https://openssl-library.org/news/secadv/20260313.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-2673" ], "PublishedDate": "2026-03-13T19:54:34.033Z", "LastModifiedDate": "2026-05-18T20:16:37.763Z" }, { "VulnerabilityID": "CVE-2026-31790", "PkgID": "libssl3@3.5.5-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.5.5-r0?arch=x86_64\u0026distro=3.23.3", "UID": "bca2260902e2ef48" }, "InstalledVersion": "3.5.5-r0", "FixedVersion": "3.5.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31790", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:18dc66e795824fa11e34349e3d5818a217635cd19da4c8375a630dd916663dbc", "Title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key", "Description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-754" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31790", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-vgxx-5xj5-q97x", "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-31790", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.77Z", "LastModifiedDate": "2026-05-12T13:17:34.75Z" }, { "VulnerabilityID": "CVE-2026-40200", "PkgID": "musl@1.2.5-r21", "PkgName": "musl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl@1.2.5-r21?arch=x86_64\u0026distro=3.23.3", "UID": "750ab06f52f2bfe9" }, "InstalledVersion": "1.2.5-r21", "FixedVersion": "1.2.5-r23", "Status": "fixed", "Layer": { "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40200", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:1af05b521a89d3104045dc0928e138a9e3fda66e1a0fb9b68f697759c38e5725", "Title": "musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort", "Description": "An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).", "Severity": "HIGH", "CweIDs": [ "CWE-670" ], "VendorSeverity": { "redhat": 3 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/10/13", "https://access.redhat.com/security/cve/CVE-2026-40200", "https://musl.libc.org/releases.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-40200", "https://www.cve.org/CVERecord?id=CVE-2026-40200", "https://www.openwall.com/lists/oss-security/2026/04/10/13" ], "PublishedDate": "2026-04-10T17:17:14.107Z", "LastModifiedDate": "2026-04-27T19:18:46.69Z" }, { "VulnerabilityID": "CVE-2026-6042", "PkgID": "musl@1.2.5-r21", "PkgName": "musl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl@1.2.5-r21?arch=x86_64\u0026distro=3.23.3", "UID": "750ab06f52f2bfe9" }, "InstalledVersion": "1.2.5-r21", "FixedVersion": "1.2.5-r22", "Status": "fixed", "Layer": { "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6042", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:2288b5c03030ef0b3ba2bcd80e031ba38e2cf10d08ed346d2f5600e7014a8815", "Title": "musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv", "Description": "A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.", "Severity": "MEDIUM", "CweIDs": [ "CWE-404", "CWE-407" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/09/19", "https://access.redhat.com/security/cve/CVE-2026-6042", "https://nvd.nist.gov/vuln/detail/CVE-2026-6042", "https://vuldb.com/submit/796352", "https://vuldb.com/vuln/356620", "https://vuldb.com/vuln/356620/cti", "https://www.cve.org/CVERecord?id=CVE-2026-6042", "https://www.openwall.com/lists/oss-security/2026/04/02/10", "https://www.openwall.com/lists/oss-security/2026/04/03/2" ], "PublishedDate": "2026-04-10T09:16:25.45Z", "LastModifiedDate": "2026-04-24T18:01:13.913Z" }, { "VulnerabilityID": "CVE-2026-40200", "PkgID": "musl-utils@1.2.5-r21", "PkgName": "musl-utils", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r21?arch=x86_64\u0026distro=3.23.3", "UID": "9dadd6d4093981ad" }, "InstalledVersion": "1.2.5-r21", "FixedVersion": "1.2.5-r23", "Status": "fixed", "Layer": { "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40200", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:bd4c836188a3de802b4c2cc7d3797bdde6d097170d1bd491a4ca67cf5dd1fc17", "Title": "musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort", "Description": "An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).", "Severity": "HIGH", "CweIDs": [ "CWE-670" ], "VendorSeverity": { "redhat": 3 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/10/13", "https://access.redhat.com/security/cve/CVE-2026-40200", "https://musl.libc.org/releases.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-40200", "https://www.cve.org/CVERecord?id=CVE-2026-40200", "https://www.openwall.com/lists/oss-security/2026/04/10/13" ], "PublishedDate": "2026-04-10T17:17:14.107Z", "LastModifiedDate": "2026-04-27T19:18:46.69Z" }, { "VulnerabilityID": "CVE-2026-6042", "PkgID": "musl-utils@1.2.5-r21", "PkgName": "musl-utils", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r21?arch=x86_64\u0026distro=3.23.3", "UID": "9dadd6d4093981ad" }, "InstalledVersion": "1.2.5-r21", "FixedVersion": "1.2.5-r22", "Status": "fixed", "Layer": { "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6042", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:521b01fe45309eba6b9d38c429dab2fc72c19bce470e35d27df35cb9e860098f", "Title": "musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv", "Description": "A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.", "Severity": "MEDIUM", "CweIDs": [ "CWE-404", "CWE-407" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/09/19", "https://access.redhat.com/security/cve/CVE-2026-6042", "https://nvd.nist.gov/vuln/detail/CVE-2026-6042", "https://vuldb.com/submit/796352", "https://vuldb.com/vuln/356620", "https://vuldb.com/vuln/356620/cti", "https://www.cve.org/CVERecord?id=CVE-2026-6042", "https://www.openwall.com/lists/oss-security/2026/04/02/10", "https://www.openwall.com/lists/oss-security/2026/04/03/2" ], "PublishedDate": "2026-04-10T09:16:25.45Z", "LastModifiedDate": "2026-04-24T18:01:13.913Z" }, { "VulnerabilityID": "CVE-2026-27135", "PkgID": "nghttp2-libs@1.68.0-r0", "PkgName": "nghttp2-libs", "PkgIdentifier": { "PURL": "pkg:apk/alpine/nghttp2-libs@1.68.0-r0?arch=x86_64\u0026distro=3.23.3", "UID": "802c936f9e7891b2" }, "InstalledVersion": "1.68.0-r0", "FixedVersion": "1.68.1", "Status": "fixed", "Layer": { "Digest": "sha256:bd497c3c7308c842e0f22a21ca9b68d68ca44053263d05c58613a495d11cc276", "DiffID": "sha256:66331502f5f6a99cd657f4ef104273d82c78207f11e9d8f5ca16e2b53d08c361" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27135", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:c9e94a7acd488cbaee93b05343345abaee769540529e58ed562c58f4189579db", "Title": "nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination", "Description": "nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_terminate_session2` is called by the application. They might be called internally by the library when it detects the situation that is subject to connection error. Due to the missing internal state validation, the library keeps reading the rest of the data after one of those APIs is called. Then receiving a malformed frame that causes FRAME_SIZE_ERROR causes assertion failure. nghttp2 v1.68.1 adds missing state validation to avoid assertion failure. No known workarounds are available.", "Severity": "HIGH", "CweIDs": [ "CWE-617" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 3, "cbl-mariner": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/20/3", "https://access.redhat.com/errata/RHSA-2026:7896", "https://access.redhat.com/security/cve/CVE-2026-27135", "https://bugzilla.redhat.com/2441268", "https://bugzilla.redhat.com/2442922", "https://bugzilla.redhat.com/2448754", "https://bugzilla.redhat.com/2453151", "https://bugzilla.redhat.com/show_bug.cgi?id=2448754", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27135", "https://errata.almalinux.org/9/ALSA-2026-7896.html", "https://errata.rockylinux.org/RLSA-2026:7668", "https://github.com/nghttp2/nghttp2/commit/5c7df8fa815ac1004d9ecb9d1f7595c4d37f46e1", "https://github.com/nghttp2/nghttp2/security/advisories/GHSA-6933-cjhr-5qg6", "https://linux.oracle.com/cve/CVE-2026-27135.html", "https://linux.oracle.com/errata/ELSA-2026-8339.html", "https://lists.debian.org/debian-lts-announce/2026/05/msg00025.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-27135", "https://ubuntu.com/security/notices/USN-8233-1", "https://ubuntu.com/security/notices/USN-8233-2", "https://www.cve.org/CVERecord?id=CVE-2026-27135" ], "PublishedDate": "2026-03-18T18:16:26.723Z", "LastModifiedDate": "2026-05-13T22:16:42.337Z" }, { "VulnerabilityID": "CVE-2026-22184", "PkgID": "zlib@1.3.1-r2", "PkgName": "zlib", "PkgIdentifier": { "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.23.3", "UID": "792cdc69bc59d880" }, "InstalledVersion": "1.3.1-r2", "FixedVersion": "1.3.2-r0", "Status": "fixed", "Layer": { "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22184", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:8190a34a5d84b8416e0d151cc902ec5ec5840abea353691120372b8052c7a2c3", "Title": "zlib: zlib: Arbitrary code execution via buffer overflow in untgz utility", "Description": "zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "nvd": 3, "redhat": 3 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "V3Score": 8.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-22184", "https://github.com/madler/zlib", "https://github.com/madler/zlib/issues/1142", "https://nvd.nist.gov/vuln/detail/CVE-2026-22184", "https://seclists.org/fulldisclosure/2026/Jan/3", "https://www.cve.org/CVERecord?id=CVE-2026-22184", "https://www.vulncheck.com/advisories/zlib-untgz-global-buffer-overflow-in-tgzfname", "https://zlib.net/" ], "PublishedDate": "2026-01-07T21:16:01.563Z", "LastModifiedDate": "2026-03-18T16:26:31.14Z" }, { "VulnerabilityID": "CVE-2026-27171", "PkgID": "zlib@1.3.1-r2", "PkgName": "zlib", "PkgIdentifier": { "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.23.3", "UID": "792cdc69bc59d880" }, "InstalledVersion": "1.3.1-r2", "FixedVersion": "1.3.2-r0", "Status": "fixed", "Layer": { "Digest": "sha256:589002ba0eaed121a1dbf42f6648f29e5be55d5c8a6ee0f8eaa0285cc21ac153", "DiffID": "sha256:989e799e634906e94dc9a5ee2ee26fc92ad260522990f26e707861a5f52bf64e" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27171", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:884aea9aa695ea50acf4ada39f0cbeefdd8215bb3b182bd268387a168419ef8a", "Title": "zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions", "Description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", "Severity": "MEDIUM", "CweIDs": [ "CWE-1284" ], "VendorSeverity": { "amazon": 1, "azure": 1, "cbl-mariner": 1, "julia": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 2.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit", "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", "https://access.redhat.com/security/cve/CVE-2026-27171", "https://github.com/advisories/GHSA-h858-mf2m-8jf4", "https://github.com/madler/zlib/issues/904", "https://github.com/madler/zlib/releases/tag/v1.3.2", "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", "https://ostif.org/zlib-audit-complete", "https://ostif.org/zlib-audit-complete/", "https://www.cve.org/CVERecord?id=CVE-2026-27171" ], "PublishedDate": "2026-02-18T04:16:01.263Z", "LastModifiedDate": "2026-03-25T21:27:04.603Z" } ] }, { "Target": "usr/local/bin/trivy", "Class": "lang-pkgs", "Type": "gobinary", "Packages": [ { "ID": "github.com/aquasecurity/trivy@v0.70.0", "Name": "github.com/aquasecurity/trivy", "Identifier": { "PURL": "pkg:golang/github.com/aquasecurity/trivy@v0.70.0", "UID": "3b38ce3f34d371cf" }, "Version": "v0.70.0", "Relationship": "root", "DependsOn": [ "cel.dev/expr@v0.25.1", "cloud.google.com/go/auth/oauth2adapt@v0.2.8", "cloud.google.com/go/auth@v0.18.2", "cloud.google.com/go/compute/metadata@v0.9.0", "cloud.google.com/go/iam@v1.5.3", "cloud.google.com/go/monitoring@v1.24.3", "cloud.google.com/go/storage@v1.61.3", "cloud.google.com/go@v0.123.0", "dario.cat/mergo@v1.0.2", "github.com/Azure/azure-sdk-for-go/sdk/azcore@v1.21.0", "github.com/Azure/azure-sdk-for-go/sdk/azidentity@v1.13.1", "github.com/Azure/azure-sdk-for-go/sdk/containers/azcontainerregistry@v0.2.3", "github.com/Azure/azure-sdk-for-go/sdk/internal@v1.11.2", "github.com/AzureAD/microsoft-authentication-library-for-go@v1.6.0", "github.com/BurntSushi/toml@v1.6.0", "github.com/CycloneDX/cyclonedx-go@v0.10.0", "github.com/GoogleCloudPlatform/docker-credential-gcr/v2@v2.1.32", "github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp@v1.30.0", "github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric@v0.55.0", "github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping@v0.55.0", "github.com/Intevation/gval@v1.3.0", "github.com/Intevation/jsonpath@v0.2.1", "github.com/MakeNowJust/heredoc@v1.0.0", "github.com/Masterminds/goutils@v1.1.1", "github.com/Masterminds/semver/v3@v3.4.0", "github.com/Masterminds/sprig/v3@v3.3.0", "github.com/Masterminds/squirrel@v1.5.4", "github.com/NYTimes/gziphandler@v1.1.1", "github.com/ProtonMail/go-crypto@v1.3.0", "github.com/VividCortex/ewma@v1.2.0", "github.com/agext/levenshtein@v1.2.3", "github.com/agnivade/levenshtein@v1.2.1", "github.com/alecthomas/chroma@v0.10.0", "github.com/anchore/go-struct-converter@v0.1.0", "github.com/apparentlymart/go-cidr@v1.1.0", "github.com/apparentlymart/go-textseg/v15@v15.0.0", "github.com/aquasecurity/go-gem-version@v0.0.0-20201115065557-8eed6fe000ce", "github.com/aquasecurity/go-npm-version@v0.0.2", "github.com/aquasecurity/go-pep440-version@v0.0.1", "github.com/aquasecurity/go-version@v0.0.1", "github.com/aquasecurity/iamgo@v0.0.10", "github.com/aquasecurity/jfather@v0.0.8", "github.com/aquasecurity/table@v1.11.0", "github.com/aquasecurity/tml@v0.6.1", "github.com/aquasecurity/trivy-checks@v1.12.2-0.20251219190323-79d27547baf5", "github.com/aquasecurity/trivy-db@v0.0.0-20251222105351-a833f47f8f0d", "github.com/aquasecurity/trivy-java-db@v0.0.0-20240109071736-184bd7481d48", "github.com/aquasecurity/trivy-kubernetes@v0.9.1", "github.com/asaskevich/govalidator@v0.0.0-20230301143203-a9d515a09cc2", "github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream@v1.7.8", "github.com/aws/aws-sdk-go-v2/config@v1.32.12", "github.com/aws/aws-sdk-go-v2/credentials@v1.19.12", "github.com/aws/aws-sdk-go-v2/feature/ec2/imds@v1.18.20", "github.com/aws/aws-sdk-go-v2/internal/configsources@v1.4.21", "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.7.21", "github.com/aws/aws-sdk-go-v2/internal/ini@v1.8.6", "github.com/aws/aws-sdk-go-v2/internal/v4a@v1.4.22", "github.com/aws/aws-sdk-go-v2/service/ebs@v1.22.1", "github.com/aws/aws-sdk-go-v2/service/ec2@v1.290.0", "github.com/aws/aws-sdk-go-v2/service/ecr@v1.55.2", "github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding@v1.13.7", "github.com/aws/aws-sdk-go-v2/service/internal/checksum@v1.9.13", "github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.13.21", "github.com/aws/aws-sdk-go-v2/service/internal/s3shared@v1.19.21", "github.com/aws/aws-sdk-go-v2/service/s3@v1.97.3", "github.com/aws/aws-sdk-go-v2/service/signin@v1.0.8", "github.com/aws/aws-sdk-go-v2/service/sso@v1.30.13", "github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.35.17", "github.com/aws/aws-sdk-go-v2/service/sts@v1.41.9", "github.com/aws/aws-sdk-go-v2@v1.41.5", "github.com/aws/smithy-go@v1.24.2", "github.com/bgentry/go-netrc@v0.0.0-20140422174119-9fd32a8b3d3d", "github.com/bitnami/go-version@v0.0.0-20231130084017-bb00604d650c", "github.com/blang/semver/v4@v4.0.0", "github.com/blang/semver@v3.5.1+incompatible", "github.com/bmatcuk/doublestar/v4@v4.10.0", "github.com/briandowns/spinner@v1.23.0", "github.com/cenkalti/backoff/v4@v4.3.0", "github.com/cenkalti/backoff/v5@v5.0.3", "github.com/cespare/xxhash/v2@v2.3.0", "github.com/chai2010/gettext-go@v1.0.2", "github.com/cheggaaa/pb/v3@v3.1.7", "github.com/cloudflare/circl@v1.6.3", "github.com/cncf/xds/go@v0.0.0-20251210132809-ee656c7534f5", "github.com/containerd/containerd/api@v1.10.0", "github.com/containerd/containerd/v2@v2.2.2", "github.com/containerd/containerd@v1.7.30", "github.com/containerd/continuity@v0.4.5", "github.com/containerd/errdefs/pkg@v0.3.0", "github.com/containerd/errdefs@v1.0.0", "github.com/containerd/fifo@v1.1.0", "github.com/containerd/log@v0.1.0", "github.com/containerd/platforms@v1.0.0-rc.4", "github.com/containerd/plugin@v1.0.0", "github.com/containerd/stargz-snapshotter/estargz@v0.18.2", "github.com/containerd/ttrpc@v1.2.8", "github.com/containerd/typeurl/v2@v2.2.3", "github.com/coreos/go-oidc/v3@v3.17.0", "github.com/cyberphone/json-canonicalization@v0.0.0-20241213102144-19d51d7fe467", "github.com/cyphar/filepath-securejoin@v0.6.1", "github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", "github.com/dgryski/go-rendezvous@v0.0.0-20200823014737-9f7001d12a5f", "github.com/digitorus/pkcs7@v0.0.0-20230818184609-3a137a874352", "github.com/digitorus/timestamp@v0.0.0-20231217203849-220c5c2851b7", "github.com/distribution/reference@v0.6.0", "github.com/dlclark/regexp2@v1.11.0", "github.com/docker/cli@v29.4.0+incompatible", "github.com/docker/distribution@v2.8.3+incompatible", "github.com/docker/docker-credential-helpers@v0.9.5", "github.com/docker/go-connections@v0.6.0", "github.com/docker/go-units@v0.5.0", "github.com/dsnet/compress@v0.0.2-0.20230904184137-39efe44ab707", "github.com/dustin/go-humanize@v1.0.1", "github.com/emicklei/go-restful/v3@v3.13.0", "github.com/emirpasic/gods@v1.18.1", "github.com/envoyproxy/go-control-plane/envoy@v1.36.0", "github.com/envoyproxy/protoc-gen-validate@v1.3.0", "github.com/evanphx/json-patch@v5.9.11+incompatible", "github.com/exponent-io/jsonpath@v0.0.0-20210407135951-1de76d718b3f", "github.com/fatih/color@v1.19.0", "github.com/felixge/httpsnoop@v1.0.4", "github.com/fsnotify/fsnotify@v1.9.0", "github.com/fvbommel/sortorder@v1.1.0", "github.com/fxamacker/cbor/v2@v2.9.0", "github.com/go-chi/chi/v5@v5.2.5", "github.com/go-errors/errors@v1.4.2", "github.com/go-git/gcfg@v1.5.1-0.20230307220236-3a3c6141e376", "github.com/go-git/go-billy/v5@v5.8.0", "github.com/go-git/go-git/v5@v5.17.2", "github.com/go-gorp/gorp/v3@v3.1.0", "github.com/go-ini/ini@v1.67.0", "github.com/go-jose/go-jose/v4@v4.1.4", "github.com/go-logr/logr@v1.4.3", "github.com/go-logr/stdr@v1.2.2", "github.com/go-openapi/analysis@v0.24.3", "github.com/go-openapi/errors@v0.22.7", "github.com/go-openapi/jsonpointer@v0.22.5", "github.com/go-openapi/jsonreference@v0.21.5", "github.com/go-openapi/loads@v0.23.3", "github.com/go-openapi/runtime@v0.29.3", "github.com/go-openapi/spec@v0.22.4", "github.com/go-openapi/strfmt@v0.26.1", "github.com/go-openapi/swag/cmdutils@v0.25.5", "github.com/go-openapi/swag/conv@v0.25.5", "github.com/go-openapi/swag/fileutils@v0.25.5", "github.com/go-openapi/swag/jsonname@v0.25.5", "github.com/go-openapi/swag/jsonutils@v0.25.5", "github.com/go-openapi/swag/loading@v0.25.5", "github.com/go-openapi/swag/mangling@v0.25.5", "github.com/go-openapi/swag/netutils@v0.25.5", "github.com/go-openapi/swag/stringutils@v0.25.5", "github.com/go-openapi/swag/typeutils@v0.25.5", "github.com/go-openapi/swag/yamlutils@v0.25.5", "github.com/go-openapi/swag@v0.25.5", "github.com/go-openapi/validate@v0.25.2", "github.com/go-redis/redis/v8@v8.11.5", "github.com/go-viper/mapstructure/v2@v2.5.0", "github.com/gobwas/glob@v0.2.3", "github.com/gocsaf/csaf/v3@v3.5.1", "github.com/gogo/protobuf@v1.3.2", "github.com/golang-jwt/jwt/v5@v5.3.1", "github.com/golang/groupcache@v0.0.0-20241129210726-2c02b8208cf8", "github.com/golang/snappy@v0.0.4", "github.com/google/btree@v1.1.3", "github.com/google/certificate-transparency-go@v1.3.2", "github.com/google/gnostic-models@v0.7.0", "github.com/google/go-cmp@v0.7.0", "github.com/google/go-containerregistry@v0.21.2", "github.com/google/go-github/v62@v62.0.0", "github.com/google/go-querystring@v1.1.0", "github.com/google/licenseclassifier/v2@v2.0.0", "github.com/google/s2a-go@v0.1.9", "github.com/google/uuid@v1.6.0", "github.com/googleapis/enterprise-certificate-proxy@v0.3.14", "github.com/googleapis/gax-go/v2@v2.19.0", "github.com/gosuri/uitable@v0.0.4", "github.com/gregjones/httpcache@v0.0.0-20190611155906-901d90724c79", "github.com/grpc-ecosystem/grpc-gateway/v2@v2.27.7", "github.com/hashicorp/aws-sdk-go-base/v2@v2.0.0-beta.72", "github.com/hashicorp/errwrap@v1.1.0", "github.com/hashicorp/go-cleanhttp@v0.5.2", "github.com/hashicorp/go-getter@v1.8.6", "github.com/hashicorp/go-multierror@v1.1.1", "github.com/hashicorp/go-retryablehttp@v0.7.8", "github.com/hashicorp/go-uuid@v1.0.3", "github.com/hashicorp/go-version@v1.9.0", "github.com/hashicorp/golang-lru/v2@v2.0.7", "github.com/hashicorp/hcl/v2@v2.24.0", "github.com/huandu/xstrings@v1.5.0", "github.com/in-toto/attestation@v1.1.2", "github.com/in-toto/in-toto-golang@v0.10.0", "github.com/jbenet/go-context@v0.0.0-20150711004518-d14ea06fba99", "github.com/jedisct1/go-minisign@v0.0.0-20230811132847-661be99b8267", "github.com/jmoiron/sqlx@v1.4.0", "github.com/josephburnett/jd/v2@v2.3.0", "github.com/json-iterator/go@v1.1.12", "github.com/kevinburke/ssh_config@v1.2.0", "github.com/klauspost/compress@v1.18.5", "github.com/knqyf263/go-apk-version@v0.0.0-20200609155635-041fdbb8563f", "github.com/knqyf263/go-deb-version@v0.0.0-20241115132648-6f4aee6ccd23", "github.com/knqyf263/go-rpm-version@v0.0.0-20220614171824-631e686d1075", "github.com/knqyf263/go-rpmdb@v0.1.1", "github.com/knqyf263/nested@v0.0.1", "github.com/kylelemons/godebug@v1.1.0", "github.com/lann/builder@v0.0.0-20180802200727-47ae307949d0", "github.com/lann/ps@v0.0.0-20150810152359-62de8c46ede0", "github.com/lestrrat-go/blackmagic@v1.0.4", "github.com/lestrrat-go/dsig@v1.0.0", "github.com/lestrrat-go/httpcc@v1.0.1", "github.com/lestrrat-go/httprc/v3@v3.0.2", "github.com/lestrrat-go/jwx/v3@v3.0.13", "github.com/lestrrat-go/option/v2@v2.0.0", "github.com/letsencrypt/boulder@v0.20260223.0", "github.com/lib/pq@v1.10.9", "github.com/liggitt/tabwriter@v0.0.0-20181228230101-89fcab3d43de", "github.com/lunixbochs/struc@v0.0.0-20200707160740-784aaebc1d40", "github.com/masahiro331/go-disk@v0.0.0-20240625071113-56c933208fee", "github.com/masahiro331/go-ebs-file@v0.0.0-20240917043618-e6d2bea5c32e", "github.com/masahiro331/go-ext4-filesystem@v0.0.0-20240620024024-ca14e6327bbd", "github.com/masahiro331/go-mvn-version@v0.0.0-20250131095131-f4974fa13b8a", "github.com/masahiro331/go-vmdk-parser@v0.0.0-20221225061455-612096e4bbbd", "github.com/masahiro331/go-xfs-filesystem@v0.0.0-20231205045356-1b22259a6c44", "github.com/mattn/go-colorable@v0.1.14", "github.com/mattn/go-isatty@v0.0.20", "github.com/mattn/go-runewidth@v0.0.16", "github.com/mattn/go-shellwords@v1.0.12", "github.com/mitchellh/copystructure@v1.2.0", "github.com/mitchellh/go-homedir@v1.1.0", "github.com/mitchellh/go-wordwrap@v1.0.1", "github.com/mitchellh/hashstructure/v2@v2.0.2", "github.com/mitchellh/mapstructure@v1.5.1-0.20231216201459-8508981c8b6c", "github.com/mitchellh/reflectwalk@v1.0.2", "github.com/moby/buildkit@v0.29.0", "github.com/moby/docker-image-spec@v1.3.1", "github.com/moby/locker@v1.0.1", "github.com/moby/moby/api@v1.54.1", "github.com/moby/moby/client@v0.4.0", "github.com/moby/sys/atomicwriter@v0.1.0", "github.com/moby/sys/mountinfo@v0.7.2", "github.com/moby/sys/sequential@v0.6.0", "github.com/moby/sys/signal@v0.7.1", "github.com/moby/sys/user@v0.4.0", "github.com/moby/sys/userns@v0.1.0", "github.com/moby/term@v0.5.2", "github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", "github.com/modern-go/reflect2@v1.0.3-0.20250322232337-35a7c28c31ee", "github.com/monochromegane/go-gitignore@v0.0.0-20200626010858-205db1a8cc00", "github.com/morikuni/aec@v1.1.0", "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", "github.com/nikolalohinski/gonja/v2@v2.7.0", "github.com/nozzle/throttler@v0.0.0-20180817012639-2ea982251481", "github.com/oklog/ulid/v2@v2.1.1", "github.com/open-policy-agent/opa@v1.15.2", "github.com/opencontainers/go-digest@v1.0.0", "github.com/opencontainers/image-spec@v1.1.1", "github.com/opencontainers/runtime-spec@v1.3.0", "github.com/opencontainers/selinux@v1.13.1", "github.com/openvex/discovery@v0.1.1-0.20240802171711-7c54efc57553", "github.com/openvex/go-vex@v0.2.7", "github.com/owenrumney/go-sarif/v2@v2.3.3", "github.com/owenrumney/squealer@v1.2.12", "github.com/package-url/packageurl-go@v0.1.5", "github.com/pandatix/go-cvss@v0.6.2", "github.com/pelletier/go-toml/v2@v2.2.4", "github.com/peterbourgon/diskv@v2.0.1+incompatible", "github.com/pjbgf/sha1cd@v0.3.2", "github.com/pkg/browser@v0.0.0-20240102092130-5ac0b6a4141c", "github.com/pkg/errors@v0.9.1", "github.com/planetscale/vtprotobuf@v0.6.1-0.20240319094008-0393e58bdf10", "github.com/pmezard/go-difflib@v1.0.1-0.20181226105442-5d4384ee4fb2", "github.com/rcrowley/go-metrics@v0.0.0-20250401214520-65e299d6c5c9", "github.com/remyoudompheng/bigfft@v0.0.0-20230129092748-24d4a6f8daec", "github.com/rivo/uniseg@v0.4.7", "github.com/rubenv/sql-migrate@v1.8.1", "github.com/russross/blackfriday/v2@v2.1.0", "github.com/rust-secure-code/go-rustaudit@v0.0.0-20250226111315-e20ec32e963c", "github.com/sagikazarmark/locafero@v0.11.0", "github.com/samber/lo@v1.53.0", "github.com/samber/oops@v1.18.1", "github.com/santhosh-tekuri/jsonschema/v6@v6.0.2", "github.com/sassoftware/go-rpmutils@v0.4.0", "github.com/sassoftware/relic@v7.2.1+incompatible", "github.com/secure-systems-lab/go-securesystemslib@v0.10.0", "github.com/sergi/go-diff@v1.4.0", "github.com/shibumi/go-pathspec@v1.3.0", "github.com/shopspring/decimal@v1.4.0", "github.com/sigstore/cosign/v2@v2.6.2", "github.com/sigstore/protobuf-specs@v0.5.0", "github.com/sigstore/rekor-tiles/v2@v2.0.1", "github.com/sigstore/rekor@v1.5.1", "github.com/sigstore/sigstore-go@v1.1.4", "github.com/sigstore/sigstore@v1.10.5", "github.com/sigstore/timestamp-authority/v2@v2.0.6", "github.com/sirupsen/logrus@v1.9.4", "github.com/skeema/knownhosts@v1.3.1", "github.com/sourcegraph/conc@v0.3.1-0.20240121214520-5f936abd7ae8", "github.com/spdx/tools-golang@v0.5.7", "github.com/spf13/afero@v1.15.0", "github.com/spf13/cast@v1.10.0", "github.com/spf13/cobra@v1.10.2", "github.com/spf13/pflag@v1.0.10", "github.com/spf13/viper@v1.21.0", "github.com/spiffe/go-spiffe/v2@v2.6.0", "github.com/stretchr/objx@v0.5.3", "github.com/stretchr/testify@v1.11.1", "github.com/subosito/gotenv@v1.6.0", "github.com/syndtr/goleveldb@v1.0.1-0.20220721030215-126854af5e6d", "github.com/tchap/go-patricia/v2@v2.3.3", "github.com/tetratelabs/wazero@v1.11.0", "github.com/theupdateframework/go-tuf/v2@v2.4.1", "github.com/theupdateframework/go-tuf@v0.7.0", "github.com/titanous/rocacheck@v0.0.0-20171023193734-afe73141d399", "github.com/tonistiigi/go-csvvalue@v0.0.0-20240814133006-030d3b2625d0", "github.com/toqueteos/webbrowser@v1.2.0", "github.com/transparency-dev/formats@v0.0.0-20251017110053-404c0d5b696c", "github.com/transparency-dev/merkle@v0.0.2", "github.com/twitchtv/twirp@v8.1.3+incompatible", "github.com/ulikunitz/xz@v0.5.15", "github.com/valyala/fastjson@v1.6.7", "github.com/vbatts/tar-split@v0.12.2", "github.com/vektah/gqlparser/v2@v2.5.32", "github.com/vmihailenco/msgpack/v5@v5.4.1", "github.com/vmihailenco/tagparser/v2@v2.0.0", "github.com/x448/float16@v0.8.4", "github.com/xanzy/ssh-agent@v0.3.3", "github.com/xeipuuv/gojsonpointer@v0.0.0-20190905194746-02993c407bfb", "github.com/xeipuuv/gojsonreference@v0.0.0-20180127040603-bd5ef7bd5415", "github.com/xeipuuv/gojsonschema@v1.2.0", "github.com/xi2/xz@v0.0.0-20171230120015-48954b6210f8", "github.com/xlab/treeprint@v1.2.0", "github.com/yashtewari/glob-intersection@v0.2.0", "github.com/zclconf/go-cty-yaml@v1.2.0", "github.com/zclconf/go-cty@v1.18.0", "go.etcd.io/bbolt@v1.4.3", "go.opentelemetry.io/auto/sdk@v1.2.1", "go.opentelemetry.io/contrib/detectors/gcp@v1.39.0", "go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@v0.63.0", "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.65.0", "go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc@v1.40.0", "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@v1.40.0", "go.opentelemetry.io/otel/exporters/otlp/otlptrace@v1.40.0", "go.opentelemetry.io/otel/metric@v1.43.0", "go.opentelemetry.io/otel/sdk/metric@v1.43.0", "go.opentelemetry.io/otel/sdk@v1.43.0", "go.opentelemetry.io/otel/trace@v1.43.0", "go.opentelemetry.io/otel@v1.43.0", "go.opentelemetry.io/proto/otlp@v1.9.0", "go.uber.org/multierr@v1.11.0", "go.uber.org/zap@v1.27.1", "go.yaml.in/yaml/v2@v2.4.3", "go.yaml.in/yaml/v3@v3.0.4", "go.yaml.in/yaml/v4@v4.0.0-rc.3", "golang.org/x/crypto@v0.50.0", "golang.org/x/exp@v0.0.0-20251023183803-a4bb9ffd2546", "golang.org/x/mod@v0.34.0", "golang.org/x/net@v0.53.0", "golang.org/x/oauth2@v0.36.0", "golang.org/x/sync@v0.20.0", "golang.org/x/sys@v0.43.0", "golang.org/x/term@v0.42.0", "golang.org/x/text@v0.36.0", "golang.org/x/time@v0.15.0", "golang.org/x/xerrors@v0.0.0-20240903120638-7835f813f4da", "google.golang.org/api@v0.272.0", "google.golang.org/genproto/googleapis/api@v0.0.0-20260316180232-0b37fe3546d5", "google.golang.org/genproto/googleapis/rpc@v0.0.0-20260316180232-0b37fe3546d5", "google.golang.org/genproto@v0.0.0-20260316180232-0b37fe3546d5", "google.golang.org/grpc@v1.79.3", "google.golang.org/protobuf@v1.36.11", "gopkg.in/evanphx/json-patch.v4@v4.13.0", "gopkg.in/inf.v0@v0.9.1", "gopkg.in/warnings.v0@v0.1.2", "gopkg.in/yaml.v3@v3.0.1", "helm.sh/helm/v3@v3.20.2", "k8s.io/api@v0.35.3", "k8s.io/apiextensions-apiserver@v0.35.1", "k8s.io/apimachinery@v0.35.3", "k8s.io/apiserver@v0.35.1", "k8s.io/cli-runtime@v0.35.1", "k8s.io/client-go@v0.35.1", "k8s.io/component-base@v0.35.1", "k8s.io/klog/v2@v2.130.1", "k8s.io/kube-openapi@v0.0.0-20250910181357-589584f1c912", "k8s.io/kubectl@v0.35.1", "k8s.io/utils@v0.0.0-20251002143259-bc988d571ff4", "modernc.org/libc@v1.70.0", "modernc.org/mathutil@v1.7.1", "modernc.org/memory@v1.11.0", "modernc.org/sqlite@v1.48.2", "mvdan.cc/sh/v3@v3.12.0", "oras.land/oras-go/v2@v2.6.0", "sigs.k8s.io/json@v0.0.0-20250730193827-2d320260d730", "sigs.k8s.io/kustomize/api@v0.20.1", "sigs.k8s.io/kustomize/kyaml@v0.20.1", "sigs.k8s.io/randfill@v1.0.0", "sigs.k8s.io/structured-merge-diff/v6@v6.3.0", "sigs.k8s.io/yaml@v1.6.0", "stdlib@v1.25.9" ], "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "stdlib@v1.25.9", "Name": "stdlib", "Identifier": { "PURL": "pkg:golang/stdlib@v1.25.9", "UID": "2185fb41a98d095a" }, "Version": "v1.25.9", "Relationship": "direct", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "cel.dev/expr@v0.25.1", "Name": "cel.dev/expr", "Identifier": { "PURL": "pkg:golang/cel.dev/expr@v0.25.1", "UID": "3a3f81106e986320" }, "Version": "v0.25.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "cloud.google.com/go@v0.123.0", "Name": "cloud.google.com/go", "Identifier": { "PURL": "pkg:golang/cloud.google.com/go@v0.123.0", "UID": "b8e3ea83df2ce9f" }, "Version": "v0.123.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "cloud.google.com/go/auth@v0.18.2", "Name": "cloud.google.com/go/auth", "Identifier": { "PURL": "pkg:golang/cloud.google.com/go/auth@v0.18.2", "UID": "4585a7e6f2769abf" }, "Version": "v0.18.2", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "cloud.google.com/go/auth/oauth2adapt@v0.2.8", "Name": "cloud.google.com/go/auth/oauth2adapt", "Identifier": { "PURL": "pkg:golang/cloud.google.com/go/auth/oauth2adapt@v0.2.8", "UID": "89722113ab90a828" }, "Version": "v0.2.8", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "cloud.google.com/go/compute/metadata@v0.9.0", "Name": "cloud.google.com/go/compute/metadata", "Identifier": { "PURL": "pkg:golang/cloud.google.com/go/compute/metadata@v0.9.0", "UID": "fc19f40bf2534128" }, "Version": "v0.9.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "cloud.google.com/go/iam@v1.5.3", "Name": "cloud.google.com/go/iam", "Identifier": { "PURL": "pkg:golang/cloud.google.com/go/iam@v1.5.3", "UID": "f4b3ea708216af4f" }, "Version": "v1.5.3", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "cloud.google.com/go/monitoring@v1.24.3", "Name": "cloud.google.com/go/monitoring", "Identifier": { "PURL": "pkg:golang/cloud.google.com/go/monitoring@v1.24.3", "UID": "748f52b62b891361" }, "Version": "v1.24.3", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "cloud.google.com/go/storage@v1.61.3", "Name": "cloud.google.com/go/storage", "Identifier": { "PURL": "pkg:golang/cloud.google.com/go/storage@v1.61.3", "UID": "1c5a375112375afd" }, "Version": "v1.61.3", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "dario.cat/mergo@v1.0.2", "Name": "dario.cat/mergo", "Identifier": { "PURL": "pkg:golang/dario.cat/mergo@v1.0.2", "UID": "845249a35e27a89c" }, "Version": "v1.0.2", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Azure/azure-sdk-for-go/sdk/azcore@v1.21.0", "Name": "github.com/Azure/azure-sdk-for-go/sdk/azcore", "Identifier": { "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/azcore@v1.21.0", "UID": "831d39c1af1cf2b9" }, "Version": "v1.21.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Azure/azure-sdk-for-go/sdk/azidentity@v1.13.1", "Name": "github.com/Azure/azure-sdk-for-go/sdk/azidentity", "Identifier": { "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/azidentity@v1.13.1", "UID": "bfc00f17f19945a6" }, "Version": "v1.13.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Azure/azure-sdk-for-go/sdk/containers/azcontainerregistry@v0.2.3", "Name": "github.com/Azure/azure-sdk-for-go/sdk/containers/azcontainerregistry", "Identifier": { "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/containers/azcontainerregistry@v0.2.3", "UID": "c4797b4a61dc7864" }, "Version": "v0.2.3", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Azure/azure-sdk-for-go/sdk/internal@v1.11.2", "Name": "github.com/Azure/azure-sdk-for-go/sdk/internal", "Identifier": { "PURL": "pkg:golang/github.com/azure/azure-sdk-for-go/sdk/internal@v1.11.2", "UID": "59875928d7d3bcc3" }, "Version": "v1.11.2", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/AzureAD/microsoft-authentication-library-for-go@v1.6.0", "Name": "github.com/AzureAD/microsoft-authentication-library-for-go", "Identifier": { "PURL": "pkg:golang/github.com/azuread/microsoft-authentication-library-for-go@v1.6.0", "UID": "ad99691021c61587" }, "Version": "v1.6.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/BurntSushi/toml@v1.6.0", "Name": "github.com/BurntSushi/toml", "Identifier": { "PURL": "pkg:golang/github.com/burntsushi/toml@v1.6.0", "UID": "320cfbc135c8727" }, "Version": "v1.6.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/CycloneDX/cyclonedx-go@v0.10.0", "Name": "github.com/CycloneDX/cyclonedx-go", "Identifier": { "PURL": "pkg:golang/github.com/cyclonedx/cyclonedx-go@v0.10.0", "UID": "bbd2f34327d37edd" }, "Version": "v0.10.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/GoogleCloudPlatform/docker-credential-gcr/v2@v2.1.32", "Name": "github.com/GoogleCloudPlatform/docker-credential-gcr/v2", "Identifier": { "PURL": "pkg:golang/github.com/googlecloudplatform/docker-credential-gcr/v2@v2.1.32", "UID": "c69f2c152939e7fa" }, "Version": "v2.1.32", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp@v1.30.0", "Name": "github.com/GoogleCloudPlatform/opentelemetry-operations-go/detectors/gcp", "Identifier": { "PURL": "pkg:golang/github.com/googlecloudplatform/opentelemetry-operations-go/detectors/gcp@v1.30.0", "UID": "bd076868acc12bb8" }, "Version": "v1.30.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric@v0.55.0", "Name": "github.com/GoogleCloudPlatform/opentelemetry-operations-go/exporter/metric", "Identifier": { "PURL": "pkg:golang/github.com/googlecloudplatform/opentelemetry-operations-go/exporter/metric@v0.55.0", "UID": "50288f5cba67d6e7" }, "Version": "v0.55.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping@v0.55.0", "Name": "github.com/GoogleCloudPlatform/opentelemetry-operations-go/internal/resourcemapping", "Identifier": { "PURL": "pkg:golang/github.com/googlecloudplatform/opentelemetry-operations-go/internal/resourcemapping@v0.55.0", "UID": "a9a9981d7f0bff4e" }, "Version": "v0.55.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Intevation/gval@v1.3.0", "Name": "github.com/Intevation/gval", "Identifier": { "PURL": "pkg:golang/github.com/intevation/gval@v1.3.0", "UID": "fa3c462812e871fb" }, "Version": "v1.3.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Intevation/jsonpath@v0.2.1", "Name": "github.com/Intevation/jsonpath", "Identifier": { "PURL": "pkg:golang/github.com/intevation/jsonpath@v0.2.1", "UID": "a9a60cabd7f99c0c" }, "Version": "v0.2.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/MakeNowJust/heredoc@v1.0.0", "Name": "github.com/MakeNowJust/heredoc", "Identifier": { "PURL": "pkg:golang/github.com/makenowjust/heredoc@v1.0.0", "UID": "b068af423e564eea" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Masterminds/goutils@v1.1.1", "Name": "github.com/Masterminds/goutils", "Identifier": { "PURL": "pkg:golang/github.com/masterminds/goutils@v1.1.1", "UID": "37d89d1f385187b5" }, "Version": "v1.1.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Masterminds/semver/v3@v3.4.0", "Name": "github.com/Masterminds/semver/v3", "Identifier": { "PURL": "pkg:golang/github.com/masterminds/semver/v3@v3.4.0", "UID": "c049fe793ba31e7e" }, "Version": "v3.4.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Masterminds/sprig/v3@v3.3.0", "Name": "github.com/Masterminds/sprig/v3", "Identifier": { "PURL": "pkg:golang/github.com/masterminds/sprig/v3@v3.3.0", "UID": "166233e18a533d23" }, "Version": "v3.3.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/Masterminds/squirrel@v1.5.4", "Name": "github.com/Masterminds/squirrel", "Identifier": { "PURL": "pkg:golang/github.com/masterminds/squirrel@v1.5.4", "UID": "e315e6d3604bd0ec" }, "Version": "v1.5.4", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/NYTimes/gziphandler@v1.1.1", "Name": "github.com/NYTimes/gziphandler", "Identifier": { "PURL": "pkg:golang/github.com/nytimes/gziphandler@v1.1.1", "UID": "52a6f5a72031c19d" }, "Version": "v1.1.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/ProtonMail/go-crypto@v1.3.0", "Name": "github.com/ProtonMail/go-crypto", "Identifier": { "PURL": "pkg:golang/github.com/protonmail/go-crypto@v1.3.0", "UID": "8c7dc483cbcf244" }, "Version": "v1.3.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/VividCortex/ewma@v1.2.0", "Name": "github.com/VividCortex/ewma", "Identifier": { "PURL": "pkg:golang/github.com/vividcortex/ewma@v1.2.0", "UID": "7360e300aa1d5c1c" }, "Version": "v1.2.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/agext/levenshtein@v1.2.3", "Name": "github.com/agext/levenshtein", "Identifier": { "PURL": "pkg:golang/github.com/agext/levenshtein@v1.2.3", "UID": "ba61c4617bd20321" }, "Version": "v1.2.3", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/agnivade/levenshtein@v1.2.1", "Name": "github.com/agnivade/levenshtein", "Identifier": { "PURL": "pkg:golang/github.com/agnivade/levenshtein@v1.2.1", "UID": "6ee11ca5cc59261f" }, "Version": "v1.2.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/alecthomas/chroma@v0.10.0", "Name": "github.com/alecthomas/chroma", "Identifier": { "PURL": "pkg:golang/github.com/alecthomas/chroma@v0.10.0", "UID": "b8841d03c63fae79" }, "Version": "v0.10.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/anchore/go-struct-converter@v0.1.0", "Name": "github.com/anchore/go-struct-converter", "Identifier": { "PURL": "pkg:golang/github.com/anchore/go-struct-converter@v0.1.0", "UID": "8c9a62b90209b70b" }, "Version": "v0.1.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/apparentlymart/go-cidr@v1.1.0", "Name": "github.com/apparentlymart/go-cidr", "Identifier": { "PURL": "pkg:golang/github.com/apparentlymart/go-cidr@v1.1.0", "UID": "67e2533915fe7827" }, "Version": "v1.1.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/apparentlymart/go-textseg/v15@v15.0.0", "Name": "github.com/apparentlymart/go-textseg/v15", "Identifier": { "PURL": "pkg:golang/github.com/apparentlymart/go-textseg/v15@v15.0.0", "UID": "7302b909c1a14cd3" }, "Version": "v15.0.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aquasecurity/go-gem-version@v0.0.0-20201115065557-8eed6fe000ce", "Name": "github.com/aquasecurity/go-gem-version", "Identifier": { "PURL": "pkg:golang/github.com/aquasecurity/go-gem-version@v0.0.0-20201115065557-8eed6fe000ce", "UID": "da90d30f7b6732ee" }, "Version": "v0.0.0-20201115065557-8eed6fe000ce", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aquasecurity/go-npm-version@v0.0.2", "Name": "github.com/aquasecurity/go-npm-version", "Identifier": { "PURL": "pkg:golang/github.com/aquasecurity/go-npm-version@v0.0.2", "UID": "aa93be567b62bbfe" }, "Version": "v0.0.2", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aquasecurity/go-pep440-version@v0.0.1", "Name": "github.com/aquasecurity/go-pep440-version", "Identifier": { "PURL": "pkg:golang/github.com/aquasecurity/go-pep440-version@v0.0.1", "UID": "cedc73fe91c54bda" }, "Version": "v0.0.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aquasecurity/go-version@v0.0.1", "Name": "github.com/aquasecurity/go-version", "Identifier": { "PURL": "pkg:golang/github.com/aquasecurity/go-version@v0.0.1", "UID": "5cf24bc2cd5d0fdb" }, "Version": "v0.0.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aquasecurity/iamgo@v0.0.10", "Name": "github.com/aquasecurity/iamgo", "Identifier": { "PURL": "pkg:golang/github.com/aquasecurity/iamgo@v0.0.10", "UID": "93152bd8e471e265" }, "Version": "v0.0.10", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aquasecurity/jfather@v0.0.8", "Name": "github.com/aquasecurity/jfather", "Identifier": { "PURL": "pkg:golang/github.com/aquasecurity/jfather@v0.0.8", "UID": "bf15b08043cea001" }, "Version": "v0.0.8", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aquasecurity/table@v1.11.0", "Name": "github.com/aquasecurity/table", "Identifier": { "PURL": "pkg:golang/github.com/aquasecurity/table@v1.11.0", "UID": "14a3aabc245ea1dc" }, "Version": "v1.11.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aquasecurity/tml@v0.6.1", "Name": "github.com/aquasecurity/tml", "Identifier": { "PURL": "pkg:golang/github.com/aquasecurity/tml@v0.6.1", "UID": "7661a770247124b5" }, "Version": "v0.6.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aquasecurity/trivy-checks@v1.12.2-0.20251219190323-79d27547baf5", "Name": "github.com/aquasecurity/trivy-checks", "Identifier": { "PURL": "pkg:golang/github.com/aquasecurity/trivy-checks@v1.12.2-0.20251219190323-79d27547baf5", "UID": "9faa6481b79673ca" }, "Version": "v1.12.2-0.20251219190323-79d27547baf5", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aquasecurity/trivy-db@v0.0.0-20251222105351-a833f47f8f0d", "Name": "github.com/aquasecurity/trivy-db", "Identifier": { "PURL": "pkg:golang/github.com/aquasecurity/trivy-db@v0.0.0-20251222105351-a833f47f8f0d", "UID": "3bfa832052a25e02" }, "Version": "v0.0.0-20251222105351-a833f47f8f0d", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aquasecurity/trivy-java-db@v0.0.0-20240109071736-184bd7481d48", "Name": "github.com/aquasecurity/trivy-java-db", "Identifier": { "PURL": "pkg:golang/github.com/aquasecurity/trivy-java-db@v0.0.0-20240109071736-184bd7481d48", "UID": "333174c279cee4b4" }, "Version": "v0.0.0-20240109071736-184bd7481d48", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aquasecurity/trivy-kubernetes@v0.9.1", "Name": "github.com/aquasecurity/trivy-kubernetes", "Identifier": { "PURL": "pkg:golang/github.com/aquasecurity/trivy-kubernetes@v0.9.1", "UID": "57e7108b9dbce948" }, "Version": "v0.9.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/asaskevich/govalidator@v0.0.0-20230301143203-a9d515a09cc2", "Name": "github.com/asaskevich/govalidator", "Identifier": { "PURL": "pkg:golang/github.com/asaskevich/govalidator@v0.0.0-20230301143203-a9d515a09cc2", "UID": "748caa937e831829" }, "Version": "v0.0.0-20230301143203-a9d515a09cc2", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2@v1.41.5", "Name": "github.com/aws/aws-sdk-go-v2", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2@v1.41.5", "UID": "d0f15a16c6e2ebd9" }, "Version": "v1.41.5", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream@v1.7.8", "Name": "github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/aws/protocol/eventstream@v1.7.8", "UID": "7139731b3c2d4f0b" }, "Version": "v1.7.8", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/config@v1.32.12", "Name": "github.com/aws/aws-sdk-go-v2/config", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/config@v1.32.12", "UID": "98ddbead56697e85" }, "Version": "v1.32.12", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/credentials@v1.19.12", "Name": "github.com/aws/aws-sdk-go-v2/credentials", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/credentials@v1.19.12", "UID": "743d75746fff57b8" }, "Version": "v1.19.12", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/feature/ec2/imds@v1.18.20", "Name": "github.com/aws/aws-sdk-go-v2/feature/ec2/imds", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/feature/ec2/imds@v1.18.20", "UID": "86e8cf7982efa9f7" }, "Version": "v1.18.20", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/internal/configsources@v1.4.21", "Name": "github.com/aws/aws-sdk-go-v2/internal/configsources", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/internal/configsources@v1.4.21", "UID": "b1e5c4852b425059" }, "Version": "v1.4.21", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.7.21", "Name": "github.com/aws/aws-sdk-go-v2/internal/endpoints/v2", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/internal/endpoints/v2@v2.7.21", "UID": "6109162ea01bb525" }, "Version": "v2.7.21", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/internal/ini@v1.8.6", "Name": "github.com/aws/aws-sdk-go-v2/internal/ini", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/internal/ini@v1.8.6", "UID": "352227855b3f8171" }, "Version": "v1.8.6", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/internal/v4a@v1.4.22", "Name": "github.com/aws/aws-sdk-go-v2/internal/v4a", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/internal/v4a@v1.4.22", "UID": "e042f682bd481bae" }, "Version": "v1.4.22", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/service/ebs@v1.22.1", "Name": "github.com/aws/aws-sdk-go-v2/service/ebs", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/ebs@v1.22.1", "UID": "d376858ebfa4efc5" }, "Version": "v1.22.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/service/ec2@v1.290.0", "Name": "github.com/aws/aws-sdk-go-v2/service/ec2", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/ec2@v1.290.0", "UID": "4c6d110a4b1a2b9" }, "Version": "v1.290.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/service/ecr@v1.55.2", "Name": "github.com/aws/aws-sdk-go-v2/service/ecr", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/ecr@v1.55.2", "UID": "d313cd21e64bd3b5" }, "Version": "v1.55.2", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding@v1.13.7", "Name": "github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding@v1.13.7", "UID": "264e4852134677d" }, "Version": "v1.13.7", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/service/internal/checksum@v1.9.13", "Name": "github.com/aws/aws-sdk-go-v2/service/internal/checksum", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/internal/checksum@v1.9.13", "UID": "bc993c0e51723c61" }, "Version": "v1.9.13", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.13.21", "Name": "github.com/aws/aws-sdk-go-v2/service/internal/presigned-url", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/internal/presigned-url@v1.13.21", "UID": "b7d5cb751e275ce7" }, "Version": "v1.13.21", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/service/internal/s3shared@v1.19.21", "Name": "github.com/aws/aws-sdk-go-v2/service/internal/s3shared", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/internal/s3shared@v1.19.21", "UID": "a8fd92a1eb41ecd6" }, "Version": "v1.19.21", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/service/s3@v1.97.3", "Name": "github.com/aws/aws-sdk-go-v2/service/s3", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/s3@v1.97.3", "UID": "52116e8eca12d5af" }, "Version": "v1.97.3", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/service/signin@v1.0.8", "Name": "github.com/aws/aws-sdk-go-v2/service/signin", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/signin@v1.0.8", "UID": "7d647df9ee9b6e87" }, "Version": "v1.0.8", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/service/sso@v1.30.13", "Name": "github.com/aws/aws-sdk-go-v2/service/sso", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/sso@v1.30.13", "UID": "6df2547c61b3a33d" }, "Version": "v1.30.13", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.35.17", "Name": "github.com/aws/aws-sdk-go-v2/service/ssooidc", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/ssooidc@v1.35.17", "UID": "41a36a54098d454c" }, "Version": "v1.35.17", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/aws-sdk-go-v2/service/sts@v1.41.9", "Name": "github.com/aws/aws-sdk-go-v2/service/sts", "Identifier": { "PURL": "pkg:golang/github.com/aws/aws-sdk-go-v2/service/sts@v1.41.9", "UID": "38fa3cce8bd090bb" }, "Version": "v1.41.9", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/aws/smithy-go@v1.24.2", "Name": "github.com/aws/smithy-go", "Identifier": { "PURL": "pkg:golang/github.com/aws/smithy-go@v1.24.2", "UID": "6dce721f3a9fe03" }, "Version": "v1.24.2", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/bgentry/go-netrc@v0.0.0-20140422174119-9fd32a8b3d3d", "Name": "github.com/bgentry/go-netrc", "Identifier": { "PURL": "pkg:golang/github.com/bgentry/go-netrc@v0.0.0-20140422174119-9fd32a8b3d3d", "UID": "7155361c56c63d88" }, "Version": "v0.0.0-20140422174119-9fd32a8b3d3d", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/bitnami/go-version@v0.0.0-20231130084017-bb00604d650c", "Name": "github.com/bitnami/go-version", "Identifier": { "PURL": "pkg:golang/github.com/bitnami/go-version@v0.0.0-20231130084017-bb00604d650c", "UID": "c60f8b011537a993" }, "Version": "v0.0.0-20231130084017-bb00604d650c", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/blang/semver@v3.5.1+incompatible", "Name": "github.com/blang/semver", "Identifier": { "PURL": "pkg:golang/github.com/blang/semver@v3.5.1%2Bincompatible", "UID": "6aea81035a2e6920" }, "Version": "v3.5.1+incompatible", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/blang/semver/v4@v4.0.0", "Name": "github.com/blang/semver/v4", "Identifier": { "PURL": "pkg:golang/github.com/blang/semver/v4@v4.0.0", "UID": "3459292fd94134d7" }, "Version": "v4.0.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/bmatcuk/doublestar/v4@v4.10.0", "Name": "github.com/bmatcuk/doublestar/v4", "Identifier": { "PURL": "pkg:golang/github.com/bmatcuk/doublestar/v4@v4.10.0", "UID": "f7f88ed60346878f" }, "Version": "v4.10.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/briandowns/spinner@v1.23.0", "Name": "github.com/briandowns/spinner", "Identifier": { "PURL": "pkg:golang/github.com/briandowns/spinner@v1.23.0", "UID": "f9e42def9281dc64" }, "Version": "v1.23.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cenkalti/backoff/v4@v4.3.0", "Name": "github.com/cenkalti/backoff/v4", "Identifier": { "PURL": "pkg:golang/github.com/cenkalti/backoff/v4@v4.3.0", "UID": "d60a15ccb83435c3" }, "Version": "v4.3.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cenkalti/backoff/v5@v5.0.3", "Name": "github.com/cenkalti/backoff/v5", "Identifier": { "PURL": "pkg:golang/github.com/cenkalti/backoff/v5@v5.0.3", "UID": "b413c9d5ede90ef1" }, "Version": "v5.0.3", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cespare/xxhash/v2@v2.3.0", "Name": "github.com/cespare/xxhash/v2", "Identifier": { "PURL": "pkg:golang/github.com/cespare/xxhash/v2@v2.3.0", "UID": "7420e8489ac3e3df" }, "Version": "v2.3.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/chai2010/gettext-go@v1.0.2", "Name": "github.com/chai2010/gettext-go", "Identifier": { "PURL": "pkg:golang/github.com/chai2010/gettext-go@v1.0.2", "UID": "31122e61f0e8c561" }, "Version": "v1.0.2", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cheggaaa/pb/v3@v3.1.7", "Name": "github.com/cheggaaa/pb/v3", "Identifier": { "PURL": "pkg:golang/github.com/cheggaaa/pb/v3@v3.1.7", "UID": "c49347f7daeef85f" }, "Version": "v3.1.7", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cloudflare/circl@v1.6.3", "Name": "github.com/cloudflare/circl", "Identifier": { "PURL": "pkg:golang/github.com/cloudflare/circl@v1.6.3", "UID": "7dd212f6b7e4add7" }, "Version": "v1.6.3", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cncf/xds/go@v0.0.0-20251210132809-ee656c7534f5", "Name": "github.com/cncf/xds/go", "Identifier": { "PURL": "pkg:golang/github.com/cncf/xds/go@v0.0.0-20251210132809-ee656c7534f5", "UID": "12e0fd4ab66a4933" }, "Version": "v0.0.0-20251210132809-ee656c7534f5", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/containerd/containerd@v1.7.30", "Name": "github.com/containerd/containerd", "Identifier": { "PURL": "pkg:golang/github.com/containerd/containerd@v1.7.30", "UID": "8a3aa4155939eb09" }, "Version": "v1.7.30", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/containerd/containerd/api@v1.10.0", "Name": "github.com/containerd/containerd/api", "Identifier": { "PURL": "pkg:golang/github.com/containerd/containerd/api@v1.10.0", "UID": "b54dc237d643f400" }, "Version": "v1.10.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/containerd/containerd/v2@v2.2.2", "Name": "github.com/containerd/containerd/v2", "Identifier": { "PURL": "pkg:golang/github.com/containerd/containerd/v2@v2.2.2", "UID": "e463cbb6b7f5a5c1" }, "Version": "v2.2.2", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/containerd/continuity@v0.4.5", "Name": "github.com/containerd/continuity", "Identifier": { "PURL": "pkg:golang/github.com/containerd/continuity@v0.4.5", "UID": "24fc0316059e88fc" }, "Version": "v0.4.5", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/containerd/errdefs@v1.0.0", "Name": "github.com/containerd/errdefs", "Identifier": { "PURL": "pkg:golang/github.com/containerd/errdefs@v1.0.0", "UID": "2f6a100f51f96d0b" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/containerd/errdefs/pkg@v0.3.0", "Name": "github.com/containerd/errdefs/pkg", "Identifier": { "PURL": "pkg:golang/github.com/containerd/errdefs/pkg@v0.3.0", "UID": "a2e103ed59fc1a8b" }, "Version": "v0.3.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/containerd/fifo@v1.1.0", "Name": "github.com/containerd/fifo", "Identifier": { "PURL": "pkg:golang/github.com/containerd/fifo@v1.1.0", "UID": "74f97782f798c55a" }, "Version": "v1.1.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/containerd/log@v0.1.0", "Name": "github.com/containerd/log", "Identifier": { "PURL": "pkg:golang/github.com/containerd/log@v0.1.0", "UID": "521059ac4c61a913" }, "Version": "v0.1.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/containerd/platforms@v1.0.0-rc.4", "Name": "github.com/containerd/platforms", "Identifier": { "PURL": "pkg:golang/github.com/containerd/platforms@v1.0.0-rc.4", "UID": "fe4a42a0d011600c" }, "Version": "v1.0.0-rc.4", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/containerd/plugin@v1.0.0", "Name": "github.com/containerd/plugin", "Identifier": { "PURL": "pkg:golang/github.com/containerd/plugin@v1.0.0", "UID": "90d7a4cd62ba315" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/containerd/stargz-snapshotter/estargz@v0.18.2", "Name": "github.com/containerd/stargz-snapshotter/estargz", "Identifier": { "PURL": "pkg:golang/github.com/containerd/stargz-snapshotter/estargz@v0.18.2", "UID": "14b6d6355aae7692" }, "Version": "v0.18.2", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/containerd/ttrpc@v1.2.8", "Name": "github.com/containerd/ttrpc", "Identifier": { "PURL": "pkg:golang/github.com/containerd/ttrpc@v1.2.8", "UID": "7002e885ca0711a" }, "Version": "v1.2.8", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/containerd/typeurl/v2@v2.2.3", "Name": "github.com/containerd/typeurl/v2", "Identifier": { "PURL": "pkg:golang/github.com/containerd/typeurl/v2@v2.2.3", "UID": "545d3a854aa31468" }, "Version": "v2.2.3", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/coreos/go-oidc/v3@v3.17.0", "Name": "github.com/coreos/go-oidc/v3", "Identifier": { "PURL": "pkg:golang/github.com/coreos/go-oidc/v3@v3.17.0", "UID": "228c0c54f092b6fc" }, "Version": "v3.17.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cyberphone/json-canonicalization@v0.0.0-20241213102144-19d51d7fe467", "Name": "github.com/cyberphone/json-canonicalization", "Identifier": { "PURL": "pkg:golang/github.com/cyberphone/json-canonicalization@v0.0.0-20241213102144-19d51d7fe467", "UID": "de38c87c6788664b" }, "Version": "v0.0.0-20241213102144-19d51d7fe467", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/cyphar/filepath-securejoin@v0.6.1", "Name": "github.com/cyphar/filepath-securejoin", "Identifier": { "PURL": "pkg:golang/github.com/cyphar/filepath-securejoin@v0.6.1", "UID": "ae3fbe4ef77ee834" }, "Version": "v0.6.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", "Name": "github.com/davecgh/go-spew", "Identifier": { "PURL": "pkg:golang/github.com/davecgh/go-spew@v1.1.2-0.20180830191138-d8f796af33cc", "UID": "177deb7bf0e6e1da" }, "Version": "v1.1.2-0.20180830191138-d8f796af33cc", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/dgryski/go-rendezvous@v0.0.0-20200823014737-9f7001d12a5f", "Name": "github.com/dgryski/go-rendezvous", "Identifier": { "PURL": "pkg:golang/github.com/dgryski/go-rendezvous@v0.0.0-20200823014737-9f7001d12a5f", "UID": "8e6aeda998d11e9" }, "Version": "v0.0.0-20200823014737-9f7001d12a5f", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/digitorus/pkcs7@v0.0.0-20230818184609-3a137a874352", "Name": "github.com/digitorus/pkcs7", "Identifier": { "PURL": "pkg:golang/github.com/digitorus/pkcs7@v0.0.0-20230818184609-3a137a874352", "UID": "c0e08d90f6138dd3" }, "Version": "v0.0.0-20230818184609-3a137a874352", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/digitorus/timestamp@v0.0.0-20231217203849-220c5c2851b7", "Name": "github.com/digitorus/timestamp", "Identifier": { "PURL": "pkg:golang/github.com/digitorus/timestamp@v0.0.0-20231217203849-220c5c2851b7", "UID": "ff13c2f135349018" }, "Version": "v0.0.0-20231217203849-220c5c2851b7", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/distribution/reference@v0.6.0", "Name": "github.com/distribution/reference", "Identifier": { "PURL": "pkg:golang/github.com/distribution/reference@v0.6.0", "UID": "e0231b6ce8eedfdc" }, "Version": "v0.6.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/dlclark/regexp2@v1.11.0", "Name": "github.com/dlclark/regexp2", "Identifier": { "PURL": "pkg:golang/github.com/dlclark/regexp2@v1.11.0", "UID": "8463b6fd36d46358" }, "Version": "v1.11.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/docker/cli@v29.4.0+incompatible", "Name": "github.com/docker/cli", "Identifier": { "PURL": "pkg:golang/github.com/docker/cli@v29.4.0%2Bincompatible", "UID": "bae265f20ee2749" }, "Version": "v29.4.0+incompatible", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/docker/distribution@v2.8.3+incompatible", "Name": "github.com/docker/distribution", "Identifier": { "PURL": "pkg:golang/github.com/docker/distribution@v2.8.3%2Bincompatible", "UID": "f609c2b0edbf528c" }, "Version": "v2.8.3+incompatible", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/docker/docker-credential-helpers@v0.9.5", "Name": "github.com/docker/docker-credential-helpers", "Identifier": { "PURL": "pkg:golang/github.com/docker/docker-credential-helpers@v0.9.5", "UID": "664cef0f793703cb" }, "Version": "v0.9.5", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/docker/go-connections@v0.6.0", "Name": "github.com/docker/go-connections", "Identifier": { "PURL": "pkg:golang/github.com/docker/go-connections@v0.6.0", "UID": "c390a1201a106d4d" }, "Version": "v0.6.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/docker/go-units@v0.5.0", "Name": "github.com/docker/go-units", "Identifier": { "PURL": "pkg:golang/github.com/docker/go-units@v0.5.0", "UID": "7699d652ae140b3d" }, "Version": "v0.5.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/dsnet/compress@v0.0.2-0.20230904184137-39efe44ab707", "Name": "github.com/dsnet/compress", "Identifier": { "PURL": "pkg:golang/github.com/dsnet/compress@v0.0.2-0.20230904184137-39efe44ab707", "UID": "341d202e7fbf0123" }, "Version": "v0.0.2-0.20230904184137-39efe44ab707", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/dustin/go-humanize@v1.0.1", "Name": "github.com/dustin/go-humanize", "Identifier": { "PURL": "pkg:golang/github.com/dustin/go-humanize@v1.0.1", "UID": "25825162961c806c" }, "Version": "v1.0.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/emicklei/go-restful/v3@v3.13.0", "Name": "github.com/emicklei/go-restful/v3", "Identifier": { "PURL": "pkg:golang/github.com/emicklei/go-restful/v3@v3.13.0", "UID": "457fed7f74a7bb23" }, "Version": "v3.13.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/emirpasic/gods@v1.18.1", "Name": "github.com/emirpasic/gods", "Identifier": { "PURL": "pkg:golang/github.com/emirpasic/gods@v1.18.1", "UID": "df2f169083665ebb" }, "Version": "v1.18.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/envoyproxy/go-control-plane/envoy@v1.36.0", "Name": "github.com/envoyproxy/go-control-plane/envoy", "Identifier": { "PURL": "pkg:golang/github.com/envoyproxy/go-control-plane/envoy@v1.36.0", "UID": "f376c48de84dc16a" }, "Version": "v1.36.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/envoyproxy/protoc-gen-validate@v1.3.0", "Name": "github.com/envoyproxy/protoc-gen-validate", "Identifier": { "PURL": "pkg:golang/github.com/envoyproxy/protoc-gen-validate@v1.3.0", "UID": "d963ad27de6540ba" }, "Version": "v1.3.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/evanphx/json-patch@v5.9.11+incompatible", "Name": "github.com/evanphx/json-patch", "Identifier": { "PURL": "pkg:golang/github.com/evanphx/json-patch@v5.9.11%2Bincompatible", "UID": "ada729514d5237d8" }, "Version": "v5.9.11+incompatible", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/exponent-io/jsonpath@v0.0.0-20210407135951-1de76d718b3f", "Name": "github.com/exponent-io/jsonpath", "Identifier": { "PURL": "pkg:golang/github.com/exponent-io/jsonpath@v0.0.0-20210407135951-1de76d718b3f", "UID": "932561f5279c2e0" }, "Version": "v0.0.0-20210407135951-1de76d718b3f", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/fatih/color@v1.19.0", "Name": "github.com/fatih/color", "Identifier": { "PURL": "pkg:golang/github.com/fatih/color@v1.19.0", "UID": "75527f86957cee76" }, "Version": "v1.19.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/felixge/httpsnoop@v1.0.4", "Name": "github.com/felixge/httpsnoop", "Identifier": { "PURL": "pkg:golang/github.com/felixge/httpsnoop@v1.0.4", "UID": "8cd8c4aa1f9cbb59" }, "Version": "v1.0.4", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/fsnotify/fsnotify@v1.9.0", "Name": "github.com/fsnotify/fsnotify", "Identifier": { "PURL": "pkg:golang/github.com/fsnotify/fsnotify@v1.9.0", "UID": "442635c0cd3c2f64" }, "Version": "v1.9.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/fvbommel/sortorder@v1.1.0", "Name": "github.com/fvbommel/sortorder", "Identifier": { "PURL": "pkg:golang/github.com/fvbommel/sortorder@v1.1.0", "UID": "c9d2cd52a9cbcb3d" }, "Version": "v1.1.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/fxamacker/cbor/v2@v2.9.0", "Name": "github.com/fxamacker/cbor/v2", "Identifier": { "PURL": "pkg:golang/github.com/fxamacker/cbor/v2@v2.9.0", "UID": "f1e66889e749c6f8" }, "Version": "v2.9.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-chi/chi/v5@v5.2.5", "Name": "github.com/go-chi/chi/v5", "Identifier": { "PURL": "pkg:golang/github.com/go-chi/chi/v5@v5.2.5", "UID": "a4efc862bac87022" }, "Version": "v5.2.5", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-errors/errors@v1.4.2", "Name": "github.com/go-errors/errors", "Identifier": { "PURL": "pkg:golang/github.com/go-errors/errors@v1.4.2", "UID": "a8ccf9e9b2b48be" }, "Version": "v1.4.2", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-git/gcfg@v1.5.1-0.20230307220236-3a3c6141e376", "Name": "github.com/go-git/gcfg", "Identifier": { "PURL": "pkg:golang/github.com/go-git/gcfg@v1.5.1-0.20230307220236-3a3c6141e376", "UID": "68d2db0be8cd7b36" }, "Version": "v1.5.1-0.20230307220236-3a3c6141e376", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-git/go-billy/v5@v5.8.0", "Name": "github.com/go-git/go-billy/v5", "Identifier": { "PURL": "pkg:golang/github.com/go-git/go-billy/v5@v5.8.0", "UID": "a9d04c20d96dbd1f" }, "Version": "v5.8.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-git/go-git/v5@v5.17.2", "Name": "github.com/go-git/go-git/v5", "Identifier": { "PURL": "pkg:golang/github.com/go-git/go-git/v5@v5.17.2", "UID": "d4aabe835d9af77e" }, "Version": "v5.17.2", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-gorp/gorp/v3@v3.1.0", "Name": "github.com/go-gorp/gorp/v3", "Identifier": { "PURL": "pkg:golang/github.com/go-gorp/gorp/v3@v3.1.0", "UID": "6da688dfefb3f370" }, "Version": "v3.1.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-ini/ini@v1.67.0", "Name": "github.com/go-ini/ini", "Identifier": { "PURL": "pkg:golang/github.com/go-ini/ini@v1.67.0", "UID": "4ae900b73cd81f6e" }, "Version": "v1.67.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-jose/go-jose/v4@v4.1.4", "Name": "github.com/go-jose/go-jose/v4", "Identifier": { "PURL": "pkg:golang/github.com/go-jose/go-jose/v4@v4.1.4", "UID": "75bc8b9f782c4e3b" }, "Version": "v4.1.4", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-logr/logr@v1.4.3", "Name": "github.com/go-logr/logr", "Identifier": { "PURL": "pkg:golang/github.com/go-logr/logr@v1.4.3", "UID": "9b65828b74992e71" }, "Version": "v1.4.3", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-logr/stdr@v1.2.2", "Name": "github.com/go-logr/stdr", "Identifier": { "PURL": "pkg:golang/github.com/go-logr/stdr@v1.2.2", "UID": "b63365cd332e6c8a" }, "Version": "v1.2.2", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/analysis@v0.24.3", "Name": "github.com/go-openapi/analysis", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/analysis@v0.24.3", "UID": "c37ba67596b9ac1e" }, "Version": "v0.24.3", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/errors@v0.22.7", "Name": "github.com/go-openapi/errors", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/errors@v0.22.7", "UID": "a868f9fe9c399df9" }, "Version": "v0.22.7", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/jsonpointer@v0.22.5", "Name": "github.com/go-openapi/jsonpointer", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/jsonpointer@v0.22.5", "UID": "ab316ef725e2dcca" }, "Version": "v0.22.5", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/jsonreference@v0.21.5", "Name": "github.com/go-openapi/jsonreference", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/jsonreference@v0.21.5", "UID": "383fdd803290f543" }, "Version": "v0.21.5", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/loads@v0.23.3", "Name": "github.com/go-openapi/loads", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/loads@v0.23.3", "UID": "da38871085d1e5e2" }, "Version": "v0.23.3", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/runtime@v0.29.3", "Name": "github.com/go-openapi/runtime", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/runtime@v0.29.3", "UID": "1287c4a9b21ecc1" }, "Version": "v0.29.3", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/spec@v0.22.4", "Name": "github.com/go-openapi/spec", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/spec@v0.22.4", "UID": "cb4af003201cfff0" }, "Version": "v0.22.4", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/strfmt@v0.26.1", "Name": "github.com/go-openapi/strfmt", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/strfmt@v0.26.1", "UID": "90dca1913340f7d" }, "Version": "v0.26.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag@v0.25.5", "Name": "github.com/go-openapi/swag", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag@v0.25.5", "UID": "cd98a5968759c59a" }, "Version": "v0.25.5", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/cmdutils@v0.25.5", "Name": "github.com/go-openapi/swag/cmdutils", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/cmdutils@v0.25.5", "UID": "2251e3e073452027" }, "Version": "v0.25.5", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/conv@v0.25.5", "Name": "github.com/go-openapi/swag/conv", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/conv@v0.25.5", "UID": "af277c8e160446c2" }, "Version": "v0.25.5", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/fileutils@v0.25.5", "Name": "github.com/go-openapi/swag/fileutils", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/fileutils@v0.25.5", "UID": "c98e912a19b1153" }, "Version": "v0.25.5", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/jsonname@v0.25.5", "Name": "github.com/go-openapi/swag/jsonname", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/jsonname@v0.25.5", "UID": "c3fe991888a31cf9" }, "Version": "v0.25.5", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/jsonutils@v0.25.5", "Name": "github.com/go-openapi/swag/jsonutils", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/jsonutils@v0.25.5", "UID": "abb77528d461238e" }, "Version": "v0.25.5", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/loading@v0.25.5", "Name": "github.com/go-openapi/swag/loading", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/loading@v0.25.5", "UID": "685b41496b381af5" }, "Version": "v0.25.5", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/mangling@v0.25.5", "Name": "github.com/go-openapi/swag/mangling", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/mangling@v0.25.5", "UID": "c3dc10871d1fe56a" }, "Version": "v0.25.5", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/netutils@v0.25.5", "Name": "github.com/go-openapi/swag/netutils", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/netutils@v0.25.5", "UID": "fc64e297d4730486" }, "Version": "v0.25.5", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/stringutils@v0.25.5", "Name": "github.com/go-openapi/swag/stringutils", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/stringutils@v0.25.5", "UID": "96b887c052452258" }, "Version": "v0.25.5", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/typeutils@v0.25.5", "Name": "github.com/go-openapi/swag/typeutils", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/typeutils@v0.25.5", "UID": "f9ffcec6f9f7d4e9" }, "Version": "v0.25.5", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/swag/yamlutils@v0.25.5", "Name": "github.com/go-openapi/swag/yamlutils", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/swag/yamlutils@v0.25.5", "UID": "19a94317bd31eb24" }, "Version": "v0.25.5", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-openapi/validate@v0.25.2", "Name": "github.com/go-openapi/validate", "Identifier": { "PURL": "pkg:golang/github.com/go-openapi/validate@v0.25.2", "UID": "31f101a2dc168a5" }, "Version": "v0.25.2", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-redis/redis/v8@v8.11.5", "Name": "github.com/go-redis/redis/v8", "Identifier": { "PURL": "pkg:golang/github.com/go-redis/redis/v8@v8.11.5", "UID": "a6b25aa71308a0be" }, "Version": "v8.11.5", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/go-viper/mapstructure/v2@v2.5.0", "Name": "github.com/go-viper/mapstructure/v2", "Identifier": { "PURL": "pkg:golang/github.com/go-viper/mapstructure/v2@v2.5.0", "UID": "670ec7107ce43c3" }, "Version": "v2.5.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/gobwas/glob@v0.2.3", "Name": "github.com/gobwas/glob", "Identifier": { "PURL": "pkg:golang/github.com/gobwas/glob@v0.2.3", "UID": "4bfc27b14d8230cd" }, "Version": "v0.2.3", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/gocsaf/csaf/v3@v3.5.1", "Name": "github.com/gocsaf/csaf/v3", "Identifier": { "PURL": "pkg:golang/github.com/gocsaf/csaf/v3@v3.5.1", "UID": "6da99e8e9e275b0e" }, "Version": "v3.5.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/gogo/protobuf@v1.3.2", "Name": "github.com/gogo/protobuf", "Identifier": { "PURL": "pkg:golang/github.com/gogo/protobuf@v1.3.2", "UID": "bd605447eccb6b6" }, "Version": "v1.3.2", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/golang-jwt/jwt/v5@v5.3.1", "Name": "github.com/golang-jwt/jwt/v5", "Identifier": { "PURL": "pkg:golang/github.com/golang-jwt/jwt/v5@v5.3.1", "UID": "28944257493e3b0b" }, "Version": "v5.3.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/golang/groupcache@v0.0.0-20241129210726-2c02b8208cf8", "Name": "github.com/golang/groupcache", "Identifier": { "PURL": "pkg:golang/github.com/golang/groupcache@v0.0.0-20241129210726-2c02b8208cf8", "UID": "f7634b74afb299e5" }, "Version": "v0.0.0-20241129210726-2c02b8208cf8", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/golang/snappy@v0.0.4", "Name": "github.com/golang/snappy", "Identifier": { "PURL": "pkg:golang/github.com/golang/snappy@v0.0.4", "UID": "b3ace0027834640d" }, "Version": "v0.0.4", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/btree@v1.1.3", "Name": "github.com/google/btree", "Identifier": { "PURL": "pkg:golang/github.com/google/btree@v1.1.3", "UID": "ce96f8e1fe72622a" }, "Version": "v1.1.3", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/certificate-transparency-go@v1.3.2", "Name": "github.com/google/certificate-transparency-go", "Identifier": { "PURL": "pkg:golang/github.com/google/certificate-transparency-go@v1.3.2", "UID": "cfce12744a264325" }, "Version": "v1.3.2", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/gnostic-models@v0.7.0", "Name": "github.com/google/gnostic-models", "Identifier": { "PURL": "pkg:golang/github.com/google/gnostic-models@v0.7.0", "UID": "fd1a49f61e834953" }, "Version": "v0.7.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/go-cmp@v0.7.0", "Name": "github.com/google/go-cmp", "Identifier": { "PURL": "pkg:golang/github.com/google/go-cmp@v0.7.0", "UID": "e3c84b5fba3830a0" }, "Version": "v0.7.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/go-containerregistry@v0.21.2", "Name": "github.com/google/go-containerregistry", "Identifier": { "PURL": "pkg:golang/github.com/google/go-containerregistry@v0.21.2", "UID": "ed3919294eb028ee" }, "Version": "v0.21.2", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/go-github/v62@v62.0.0", "Name": "github.com/google/go-github/v62", "Identifier": { "PURL": "pkg:golang/github.com/google/go-github/v62@v62.0.0", "UID": "19b5e2550861be92" }, "Version": "v62.0.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/go-querystring@v1.1.0", "Name": "github.com/google/go-querystring", "Identifier": { "PURL": "pkg:golang/github.com/google/go-querystring@v1.1.0", "UID": "5f3daded25b8c1d4" }, "Version": "v1.1.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/licenseclassifier/v2@v2.0.0", "Name": "github.com/google/licenseclassifier/v2", "Identifier": { "PURL": "pkg:golang/github.com/google/licenseclassifier/v2@v2.0.0", "UID": "2aec5b25a72ccee9" }, "Version": "v2.0.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/s2a-go@v0.1.9", "Name": "github.com/google/s2a-go", "Identifier": { "PURL": "pkg:golang/github.com/google/s2a-go@v0.1.9", "UID": "94f441342607d6a2" }, "Version": "v0.1.9", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/google/uuid@v1.6.0", "Name": "github.com/google/uuid", "Identifier": { "PURL": "pkg:golang/github.com/google/uuid@v1.6.0", "UID": "4adfd753a865f35c" }, "Version": "v1.6.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/googleapis/enterprise-certificate-proxy@v0.3.14", "Name": "github.com/googleapis/enterprise-certificate-proxy", "Identifier": { "PURL": "pkg:golang/github.com/googleapis/enterprise-certificate-proxy@v0.3.14", "UID": "6b3e9f2b79ed48f2" }, "Version": "v0.3.14", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/googleapis/gax-go/v2@v2.19.0", "Name": "github.com/googleapis/gax-go/v2", "Identifier": { "PURL": "pkg:golang/github.com/googleapis/gax-go/v2@v2.19.0", "UID": "ab6bdbe52288f04c" }, "Version": "v2.19.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/gosuri/uitable@v0.0.4", "Name": "github.com/gosuri/uitable", "Identifier": { "PURL": "pkg:golang/github.com/gosuri/uitable@v0.0.4", "UID": "635e731e4f2c4de1" }, "Version": "v0.0.4", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/gregjones/httpcache@v0.0.0-20190611155906-901d90724c79", "Name": "github.com/gregjones/httpcache", "Identifier": { "PURL": "pkg:golang/github.com/gregjones/httpcache@v0.0.0-20190611155906-901d90724c79", "UID": "c4b2ee53fc8b5507" }, "Version": "v0.0.0-20190611155906-901d90724c79", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/grpc-ecosystem/grpc-gateway/v2@v2.27.7", "Name": "github.com/grpc-ecosystem/grpc-gateway/v2", "Identifier": { "PURL": "pkg:golang/github.com/grpc-ecosystem/grpc-gateway/v2@v2.27.7", "UID": "ae8690ef198e0f" }, "Version": "v2.27.7", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/aws-sdk-go-base/v2@v2.0.0-beta.72", "Name": "github.com/hashicorp/aws-sdk-go-base/v2", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/aws-sdk-go-base/v2@v2.0.0-beta.72", "UID": "5d4401a17b34519e" }, "Version": "v2.0.0-beta.72", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/errwrap@v1.1.0", "Name": "github.com/hashicorp/errwrap", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/errwrap@v1.1.0", "UID": "f9f174fc60d72c60" }, "Version": "v1.1.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/go-cleanhttp@v0.5.2", "Name": "github.com/hashicorp/go-cleanhttp", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/go-cleanhttp@v0.5.2", "UID": "319168650022a808" }, "Version": "v0.5.2", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/go-getter@v1.8.6", "Name": "github.com/hashicorp/go-getter", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/go-getter@v1.8.6", "UID": "5f2672a787440ada" }, "Version": "v1.8.6", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/go-multierror@v1.1.1", "Name": "github.com/hashicorp/go-multierror", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/go-multierror@v1.1.1", "UID": "f8a807dbd0ac6b8e" }, "Version": "v1.1.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/go-retryablehttp@v0.7.8", "Name": "github.com/hashicorp/go-retryablehttp", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/go-retryablehttp@v0.7.8", "UID": "850c3b8b1967c5cb" }, "Version": "v0.7.8", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/go-uuid@v1.0.3", "Name": "github.com/hashicorp/go-uuid", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/go-uuid@v1.0.3", "UID": "a6cc044877c2ba56" }, "Version": "v1.0.3", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/go-version@v1.9.0", "Name": "github.com/hashicorp/go-version", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/go-version@v1.9.0", "UID": "a9df302b362a91b0" }, "Version": "v1.9.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/golang-lru/v2@v2.0.7", "Name": "github.com/hashicorp/golang-lru/v2", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/golang-lru/v2@v2.0.7", "UID": "892de27466788eb3" }, "Version": "v2.0.7", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/hashicorp/hcl/v2@v2.24.0", "Name": "github.com/hashicorp/hcl/v2", "Identifier": { "PURL": "pkg:golang/github.com/hashicorp/hcl/v2@v2.24.0", "UID": "63418544b8efe68" }, "Version": "v2.24.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/huandu/xstrings@v1.5.0", "Name": "github.com/huandu/xstrings", "Identifier": { "PURL": "pkg:golang/github.com/huandu/xstrings@v1.5.0", "UID": "eff1932730483db9" }, "Version": "v1.5.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/in-toto/attestation@v1.1.2", "Name": "github.com/in-toto/attestation", "Identifier": { "PURL": "pkg:golang/github.com/in-toto/attestation@v1.1.2", "UID": "79bfbbf807da507b" }, "Version": "v1.1.2", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/in-toto/in-toto-golang@v0.10.0", "Name": "github.com/in-toto/in-toto-golang", "Identifier": { "PURL": "pkg:golang/github.com/in-toto/in-toto-golang@v0.10.0", "UID": "74c4305e96ee4efa" }, "Version": "v0.10.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/jbenet/go-context@v0.0.0-20150711004518-d14ea06fba99", "Name": "github.com/jbenet/go-context", "Identifier": { "PURL": "pkg:golang/github.com/jbenet/go-context@v0.0.0-20150711004518-d14ea06fba99", "UID": "b187397dc575a5b8" }, "Version": "v0.0.0-20150711004518-d14ea06fba99", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/jedisct1/go-minisign@v0.0.0-20230811132847-661be99b8267", "Name": "github.com/jedisct1/go-minisign", "Identifier": { "PURL": "pkg:golang/github.com/jedisct1/go-minisign@v0.0.0-20230811132847-661be99b8267", "UID": "ba594e09b3ea77d1" }, "Version": "v0.0.0-20230811132847-661be99b8267", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/jmoiron/sqlx@v1.4.0", "Name": "github.com/jmoiron/sqlx", "Identifier": { "PURL": "pkg:golang/github.com/jmoiron/sqlx@v1.4.0", "UID": "c2bbf8c046c155bf" }, "Version": "v1.4.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/josephburnett/jd/v2@v2.3.0", "Name": "github.com/josephburnett/jd/v2", "Identifier": { "PURL": "pkg:golang/github.com/josephburnett/jd/v2@v2.3.0", "UID": "4dc86ae1c3ce3a53" }, "Version": "v2.3.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/json-iterator/go@v1.1.12", "Name": "github.com/json-iterator/go", "Identifier": { "PURL": "pkg:golang/github.com/json-iterator/go@v1.1.12", "UID": "ccf474b777dd1d0a" }, "Version": "v1.1.12", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/kevinburke/ssh_config@v1.2.0", "Name": "github.com/kevinburke/ssh_config", "Identifier": { "PURL": "pkg:golang/github.com/kevinburke/ssh_config@v1.2.0", "UID": "984f626e5be33db1" }, "Version": "v1.2.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/klauspost/compress@v1.18.5", "Name": "github.com/klauspost/compress", "Identifier": { "PURL": "pkg:golang/github.com/klauspost/compress@v1.18.5", "UID": "bdf42e01995337d9" }, "Version": "v1.18.5", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/knqyf263/go-apk-version@v0.0.0-20200609155635-041fdbb8563f", "Name": "github.com/knqyf263/go-apk-version", "Identifier": { "PURL": "pkg:golang/github.com/knqyf263/go-apk-version@v0.0.0-20200609155635-041fdbb8563f", "UID": "5a439fea08385dc1" }, "Version": "v0.0.0-20200609155635-041fdbb8563f", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/knqyf263/go-deb-version@v0.0.0-20241115132648-6f4aee6ccd23", "Name": "github.com/knqyf263/go-deb-version", "Identifier": { "PURL": "pkg:golang/github.com/knqyf263/go-deb-version@v0.0.0-20241115132648-6f4aee6ccd23", "UID": "59a0ea1156563560" }, "Version": "v0.0.0-20241115132648-6f4aee6ccd23", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/knqyf263/go-rpm-version@v0.0.0-20220614171824-631e686d1075", "Name": "github.com/knqyf263/go-rpm-version", "Identifier": { "PURL": "pkg:golang/github.com/knqyf263/go-rpm-version@v0.0.0-20220614171824-631e686d1075", "UID": "2889647244f1e914" }, "Version": "v0.0.0-20220614171824-631e686d1075", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/knqyf263/go-rpmdb@v0.1.1", "Name": "github.com/knqyf263/go-rpmdb", "Identifier": { "PURL": "pkg:golang/github.com/knqyf263/go-rpmdb@v0.1.1", "UID": "6baa1f6fea56525f" }, "Version": "v0.1.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/knqyf263/nested@v0.0.1", "Name": "github.com/knqyf263/nested", "Identifier": { "PURL": "pkg:golang/github.com/knqyf263/nested@v0.0.1", "UID": "548f1f2ebc2981ff" }, "Version": "v0.0.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/kylelemons/godebug@v1.1.0", "Name": "github.com/kylelemons/godebug", "Identifier": { "PURL": "pkg:golang/github.com/kylelemons/godebug@v1.1.0", "UID": "ff906bab37369ddd" }, "Version": "v1.1.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/lann/builder@v0.0.0-20180802200727-47ae307949d0", "Name": "github.com/lann/builder", "Identifier": { "PURL": "pkg:golang/github.com/lann/builder@v0.0.0-20180802200727-47ae307949d0", "UID": "7681856814d3464c" }, "Version": "v0.0.0-20180802200727-47ae307949d0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/lann/ps@v0.0.0-20150810152359-62de8c46ede0", "Name": "github.com/lann/ps", "Identifier": { "PURL": "pkg:golang/github.com/lann/ps@v0.0.0-20150810152359-62de8c46ede0", "UID": "11f18e42e534d361" }, "Version": "v0.0.0-20150810152359-62de8c46ede0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/lestrrat-go/blackmagic@v1.0.4", "Name": "github.com/lestrrat-go/blackmagic", "Identifier": { "PURL": "pkg:golang/github.com/lestrrat-go/blackmagic@v1.0.4", "UID": "2f116dd30f37c68e" }, "Version": "v1.0.4", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/lestrrat-go/dsig@v1.0.0", "Name": "github.com/lestrrat-go/dsig", "Identifier": { "PURL": "pkg:golang/github.com/lestrrat-go/dsig@v1.0.0", "UID": "b4561b8403a5cbb7" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/lestrrat-go/httpcc@v1.0.1", "Name": "github.com/lestrrat-go/httpcc", "Identifier": { "PURL": "pkg:golang/github.com/lestrrat-go/httpcc@v1.0.1", "UID": "92f5816769ba0dce" }, "Version": "v1.0.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/lestrrat-go/httprc/v3@v3.0.2", "Name": "github.com/lestrrat-go/httprc/v3", "Identifier": { "PURL": "pkg:golang/github.com/lestrrat-go/httprc/v3@v3.0.2", "UID": "f2f414be14728a9b" }, "Version": "v3.0.2", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/lestrrat-go/jwx/v3@v3.0.13", "Name": "github.com/lestrrat-go/jwx/v3", "Identifier": { "PURL": "pkg:golang/github.com/lestrrat-go/jwx/v3@v3.0.13", "UID": "540841d527ca89e4" }, "Version": "v3.0.13", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/lestrrat-go/option/v2@v2.0.0", "Name": "github.com/lestrrat-go/option/v2", "Identifier": { "PURL": "pkg:golang/github.com/lestrrat-go/option/v2@v2.0.0", "UID": "c9370e1dcc031bd" }, "Version": "v2.0.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/letsencrypt/boulder@v0.20260223.0", "Name": "github.com/letsencrypt/boulder", "Identifier": { "PURL": "pkg:golang/github.com/letsencrypt/boulder@v0.20260223.0", "UID": "5e08636e166d3ed5" }, "Version": "v0.20260223.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/lib/pq@v1.10.9", "Name": "github.com/lib/pq", "Identifier": { "PURL": "pkg:golang/github.com/lib/pq@v1.10.9", "UID": "cfa2eb3385a0302e" }, "Version": "v1.10.9", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/liggitt/tabwriter@v0.0.0-20181228230101-89fcab3d43de", "Name": "github.com/liggitt/tabwriter", "Identifier": { "PURL": "pkg:golang/github.com/liggitt/tabwriter@v0.0.0-20181228230101-89fcab3d43de", "UID": "55b742e7cde03956" }, "Version": "v0.0.0-20181228230101-89fcab3d43de", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/lunixbochs/struc@v0.0.0-20200707160740-784aaebc1d40", "Name": "github.com/lunixbochs/struc", "Identifier": { "PURL": "pkg:golang/github.com/lunixbochs/struc@v0.0.0-20200707160740-784aaebc1d40", "UID": "6bd0cb0f40593335" }, "Version": "v0.0.0-20200707160740-784aaebc1d40", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/masahiro331/go-disk@v0.0.0-20240625071113-56c933208fee", "Name": "github.com/masahiro331/go-disk", "Identifier": { "PURL": "pkg:golang/github.com/masahiro331/go-disk@v0.0.0-20240625071113-56c933208fee", "UID": "cbe1fc9b3028b1f1" }, "Version": "v0.0.0-20240625071113-56c933208fee", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/masahiro331/go-ebs-file@v0.0.0-20240917043618-e6d2bea5c32e", "Name": "github.com/masahiro331/go-ebs-file", "Identifier": { "PURL": "pkg:golang/github.com/masahiro331/go-ebs-file@v0.0.0-20240917043618-e6d2bea5c32e", "UID": "d73fafbc7b8e192e" }, "Version": "v0.0.0-20240917043618-e6d2bea5c32e", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/masahiro331/go-ext4-filesystem@v0.0.0-20240620024024-ca14e6327bbd", "Name": "github.com/masahiro331/go-ext4-filesystem", "Identifier": { "PURL": "pkg:golang/github.com/masahiro331/go-ext4-filesystem@v0.0.0-20240620024024-ca14e6327bbd", "UID": "98b8046f540c5afe" }, "Version": "v0.0.0-20240620024024-ca14e6327bbd", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/masahiro331/go-mvn-version@v0.0.0-20250131095131-f4974fa13b8a", "Name": "github.com/masahiro331/go-mvn-version", "Identifier": { "PURL": "pkg:golang/github.com/masahiro331/go-mvn-version@v0.0.0-20250131095131-f4974fa13b8a", "UID": "4fe113cc4ecb2529" }, "Version": "v0.0.0-20250131095131-f4974fa13b8a", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/masahiro331/go-vmdk-parser@v0.0.0-20221225061455-612096e4bbbd", "Name": "github.com/masahiro331/go-vmdk-parser", "Identifier": { "PURL": "pkg:golang/github.com/masahiro331/go-vmdk-parser@v0.0.0-20221225061455-612096e4bbbd", "UID": "3f3e6b539a89f83f" }, "Version": "v0.0.0-20221225061455-612096e4bbbd", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/masahiro331/go-xfs-filesystem@v0.0.0-20231205045356-1b22259a6c44", "Name": "github.com/masahiro331/go-xfs-filesystem", "Identifier": { "PURL": "pkg:golang/github.com/masahiro331/go-xfs-filesystem@v0.0.0-20231205045356-1b22259a6c44", "UID": "ac3ec924bcd08a18" }, "Version": "v0.0.0-20231205045356-1b22259a6c44", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mattn/go-colorable@v0.1.14", "Name": "github.com/mattn/go-colorable", "Identifier": { "PURL": "pkg:golang/github.com/mattn/go-colorable@v0.1.14", "UID": "78a083a3b6b6f949" }, "Version": "v0.1.14", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mattn/go-isatty@v0.0.20", "Name": "github.com/mattn/go-isatty", "Identifier": { "PURL": "pkg:golang/github.com/mattn/go-isatty@v0.0.20", "UID": "a634dfff900e18d9" }, "Version": "v0.0.20", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mattn/go-runewidth@v0.0.16", "Name": "github.com/mattn/go-runewidth", "Identifier": { "PURL": "pkg:golang/github.com/mattn/go-runewidth@v0.0.16", "UID": "3e8619b76f70a00a" }, "Version": "v0.0.16", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mattn/go-shellwords@v1.0.12", "Name": "github.com/mattn/go-shellwords", "Identifier": { "PURL": "pkg:golang/github.com/mattn/go-shellwords@v1.0.12", "UID": "d8b7a20ae7a3f459" }, "Version": "v1.0.12", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mitchellh/copystructure@v1.2.0", "Name": "github.com/mitchellh/copystructure", "Identifier": { "PURL": "pkg:golang/github.com/mitchellh/copystructure@v1.2.0", "UID": "e30f0cbc5f8bfc95" }, "Version": "v1.2.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mitchellh/go-homedir@v1.1.0", "Name": "github.com/mitchellh/go-homedir", "Identifier": { "PURL": "pkg:golang/github.com/mitchellh/go-homedir@v1.1.0", "UID": "fa8f0e1153843461" }, "Version": "v1.1.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mitchellh/go-wordwrap@v1.0.1", "Name": "github.com/mitchellh/go-wordwrap", "Identifier": { "PURL": "pkg:golang/github.com/mitchellh/go-wordwrap@v1.0.1", "UID": "dc4c0112b3745677" }, "Version": "v1.0.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mitchellh/hashstructure/v2@v2.0.2", "Name": "github.com/mitchellh/hashstructure/v2", "Identifier": { "PURL": "pkg:golang/github.com/mitchellh/hashstructure/v2@v2.0.2", "UID": "2b15407a4f16411e" }, "Version": "v2.0.2", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mitchellh/mapstructure@v1.5.1-0.20231216201459-8508981c8b6c", "Name": "github.com/mitchellh/mapstructure", "Identifier": { "PURL": "pkg:golang/github.com/mitchellh/mapstructure@v1.5.1-0.20231216201459-8508981c8b6c", "UID": "9a667c12cebf833c" }, "Version": "v1.5.1-0.20231216201459-8508981c8b6c", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/mitchellh/reflectwalk@v1.0.2", "Name": "github.com/mitchellh/reflectwalk", "Identifier": { "PURL": "pkg:golang/github.com/mitchellh/reflectwalk@v1.0.2", "UID": "9d3e22e67a4104dc" }, "Version": "v1.0.2", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/moby/buildkit@v0.29.0", "Name": "github.com/moby/buildkit", "Identifier": { "PURL": "pkg:golang/github.com/moby/buildkit@v0.29.0", "UID": "5c4e512424da2407" }, "Version": "v0.29.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/moby/docker-image-spec@v1.3.1", "Name": "github.com/moby/docker-image-spec", "Identifier": { "PURL": "pkg:golang/github.com/moby/docker-image-spec@v1.3.1", "UID": "207218627447f3da" }, "Version": "v1.3.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/moby/locker@v1.0.1", "Name": "github.com/moby/locker", "Identifier": { "PURL": "pkg:golang/github.com/moby/locker@v1.0.1", "UID": "1b784e9739956710" }, "Version": "v1.0.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/moby/moby/api@v1.54.1", "Name": "github.com/moby/moby/api", "Identifier": { "PURL": "pkg:golang/github.com/moby/moby/api@v1.54.1", "UID": "b03fa3128f1368ab" }, "Version": "v1.54.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/moby/moby/client@v0.4.0", "Name": "github.com/moby/moby/client", "Identifier": { "PURL": "pkg:golang/github.com/moby/moby/client@v0.4.0", "UID": "fa4d5d3160880ce9" }, "Version": "v0.4.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/moby/sys/atomicwriter@v0.1.0", "Name": "github.com/moby/sys/atomicwriter", "Identifier": { "PURL": "pkg:golang/github.com/moby/sys/atomicwriter@v0.1.0", "UID": "3cedde4e0e228c02" }, "Version": "v0.1.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/moby/sys/mountinfo@v0.7.2", "Name": "github.com/moby/sys/mountinfo", "Identifier": { "PURL": "pkg:golang/github.com/moby/sys/mountinfo@v0.7.2", "UID": "dbcdeefba4897daa" }, "Version": "v0.7.2", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/moby/sys/sequential@v0.6.0", "Name": "github.com/moby/sys/sequential", "Identifier": { "PURL": "pkg:golang/github.com/moby/sys/sequential@v0.6.0", "UID": "4406f1662e8257e8" }, "Version": "v0.6.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/moby/sys/signal@v0.7.1", "Name": "github.com/moby/sys/signal", "Identifier": { "PURL": "pkg:golang/github.com/moby/sys/signal@v0.7.1", "UID": "89a80bacb9ff4c65" }, "Version": "v0.7.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/moby/sys/user@v0.4.0", "Name": "github.com/moby/sys/user", "Identifier": { "PURL": "pkg:golang/github.com/moby/sys/user@v0.4.0", "UID": "ad18d7ea40e71960" }, "Version": "v0.4.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/moby/sys/userns@v0.1.0", "Name": "github.com/moby/sys/userns", "Identifier": { "PURL": "pkg:golang/github.com/moby/sys/userns@v0.1.0", "UID": "7c9cc0e22521e813" }, "Version": "v0.1.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/moby/term@v0.5.2", "Name": "github.com/moby/term", "Identifier": { "PURL": "pkg:golang/github.com/moby/term@v0.5.2", "UID": "5aa86afd32dc7e17" }, "Version": "v0.5.2", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", "Name": "github.com/modern-go/concurrent", "Identifier": { "PURL": "pkg:golang/github.com/modern-go/concurrent@v0.0.0-20180306012644-bacd9c7ef1dd", "UID": "fd92eda2da191208" }, "Version": "v0.0.0-20180306012644-bacd9c7ef1dd", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/modern-go/reflect2@v1.0.3-0.20250322232337-35a7c28c31ee", "Name": "github.com/modern-go/reflect2", "Identifier": { "PURL": "pkg:golang/github.com/modern-go/reflect2@v1.0.3-0.20250322232337-35a7c28c31ee", "UID": "4281e5fee818b0c0" }, "Version": "v1.0.3-0.20250322232337-35a7c28c31ee", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/monochromegane/go-gitignore@v0.0.0-20200626010858-205db1a8cc00", "Name": "github.com/monochromegane/go-gitignore", "Identifier": { "PURL": "pkg:golang/github.com/monochromegane/go-gitignore@v0.0.0-20200626010858-205db1a8cc00", "UID": "ad17ce6a104ac8a6" }, "Version": "v0.0.0-20200626010858-205db1a8cc00", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/morikuni/aec@v1.1.0", "Name": "github.com/morikuni/aec", "Identifier": { "PURL": "pkg:golang/github.com/morikuni/aec@v1.1.0", "UID": "205366929dd7a8a1" }, "Version": "v1.1.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", "Name": "github.com/munnerz/goautoneg", "Identifier": { "PURL": "pkg:golang/github.com/munnerz/goautoneg@v0.0.0-20191010083416-a7dc8b61c822", "UID": "abe45a24072fe29e" }, "Version": "v0.0.0-20191010083416-a7dc8b61c822", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/nikolalohinski/gonja/v2@v2.7.0", "Name": "github.com/nikolalohinski/gonja/v2", "Identifier": { "PURL": "pkg:golang/github.com/nikolalohinski/gonja/v2@v2.7.0", "UID": "919cbe7c6edf6b4b" }, "Version": "v2.7.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/nozzle/throttler@v0.0.0-20180817012639-2ea982251481", "Name": "github.com/nozzle/throttler", "Identifier": { "PURL": "pkg:golang/github.com/nozzle/throttler@v0.0.0-20180817012639-2ea982251481", "UID": "d13be155ec41c2f3" }, "Version": "v0.0.0-20180817012639-2ea982251481", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/oklog/ulid/v2@v2.1.1", "Name": "github.com/oklog/ulid/v2", "Identifier": { "PURL": "pkg:golang/github.com/oklog/ulid/v2@v2.1.1", "UID": "701be4c8e01768c0" }, "Version": "v2.1.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/open-policy-agent/opa@v1.15.2", "Name": "github.com/open-policy-agent/opa", "Identifier": { "PURL": "pkg:golang/github.com/open-policy-agent/opa@v1.15.2", "UID": "c641ebd8a2967d03" }, "Version": "v1.15.2", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/opencontainers/go-digest@v1.0.0", "Name": "github.com/opencontainers/go-digest", "Identifier": { "PURL": "pkg:golang/github.com/opencontainers/go-digest@v1.0.0", "UID": "d509e6b9eec734c6" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/opencontainers/image-spec@v1.1.1", "Name": "github.com/opencontainers/image-spec", "Identifier": { "PURL": "pkg:golang/github.com/opencontainers/image-spec@v1.1.1", "UID": "f2d1b95b6086ab3c" }, "Version": "v1.1.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/opencontainers/runtime-spec@v1.3.0", "Name": "github.com/opencontainers/runtime-spec", "Identifier": { "PURL": "pkg:golang/github.com/opencontainers/runtime-spec@v1.3.0", "UID": "865523aa6ebaea64" }, "Version": "v1.3.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/opencontainers/selinux@v1.13.1", "Name": "github.com/opencontainers/selinux", "Identifier": { "PURL": "pkg:golang/github.com/opencontainers/selinux@v1.13.1", "UID": "7efa7b4ec13bfa51" }, "Version": "v1.13.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/openvex/discovery@v0.1.1-0.20240802171711-7c54efc57553", "Name": "github.com/openvex/discovery", "Identifier": { "PURL": "pkg:golang/github.com/openvex/discovery@v0.1.1-0.20240802171711-7c54efc57553", "UID": "caa63d2783605865" }, "Version": "v0.1.1-0.20240802171711-7c54efc57553", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/openvex/go-vex@v0.2.7", "Name": "github.com/openvex/go-vex", "Identifier": { "PURL": "pkg:golang/github.com/openvex/go-vex@v0.2.7", "UID": "1af917eb213b6f76" }, "Version": "v0.2.7", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/owenrumney/go-sarif/v2@v2.3.3", "Name": "github.com/owenrumney/go-sarif/v2", "Identifier": { "PURL": "pkg:golang/github.com/owenrumney/go-sarif/v2@v2.3.3", "UID": "22b7c5a0a79c718d" }, "Version": "v2.3.3", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/owenrumney/squealer@v1.2.12", "Name": "github.com/owenrumney/squealer", "Identifier": { "PURL": "pkg:golang/github.com/owenrumney/squealer@v1.2.12", "UID": "107576fbf5aab4f2" }, "Version": "v1.2.12", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/package-url/packageurl-go@v0.1.5", "Name": "github.com/package-url/packageurl-go", "Identifier": { "PURL": "pkg:golang/github.com/package-url/packageurl-go@v0.1.5", "UID": "b39f919f48358a8" }, "Version": "v0.1.5", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/pandatix/go-cvss@v0.6.2", "Name": "github.com/pandatix/go-cvss", "Identifier": { "PURL": "pkg:golang/github.com/pandatix/go-cvss@v0.6.2", "UID": "2887439a7735853" }, "Version": "v0.6.2", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/pelletier/go-toml/v2@v2.2.4", "Name": "github.com/pelletier/go-toml/v2", "Identifier": { "PURL": "pkg:golang/github.com/pelletier/go-toml/v2@v2.2.4", "UID": "f09256c52422d9de" }, "Version": "v2.2.4", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/peterbourgon/diskv@v2.0.1+incompatible", "Name": "github.com/peterbourgon/diskv", "Identifier": { "PURL": "pkg:golang/github.com/peterbourgon/diskv@v2.0.1%2Bincompatible", "UID": "c467f44ba766a609" }, "Version": "v2.0.1+incompatible", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/pjbgf/sha1cd@v0.3.2", "Name": "github.com/pjbgf/sha1cd", "Identifier": { "PURL": "pkg:golang/github.com/pjbgf/sha1cd@v0.3.2", "UID": "ce7daffeb334bed8" }, "Version": "v0.3.2", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/pkg/browser@v0.0.0-20240102092130-5ac0b6a4141c", "Name": "github.com/pkg/browser", "Identifier": { "PURL": "pkg:golang/github.com/pkg/browser@v0.0.0-20240102092130-5ac0b6a4141c", "UID": "bf4fddf3420621bc" }, "Version": "v0.0.0-20240102092130-5ac0b6a4141c", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/pkg/errors@v0.9.1", "Name": "github.com/pkg/errors", "Identifier": { "PURL": "pkg:golang/github.com/pkg/errors@v0.9.1", "UID": "af2c635457b37790" }, "Version": "v0.9.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/planetscale/vtprotobuf@v0.6.1-0.20240319094008-0393e58bdf10", "Name": "github.com/planetscale/vtprotobuf", "Identifier": { "PURL": "pkg:golang/github.com/planetscale/vtprotobuf@v0.6.1-0.20240319094008-0393e58bdf10", "UID": "1cf140e58a1f3afe" }, "Version": "v0.6.1-0.20240319094008-0393e58bdf10", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/pmezard/go-difflib@v1.0.1-0.20181226105442-5d4384ee4fb2", "Name": "github.com/pmezard/go-difflib", "Identifier": { "PURL": "pkg:golang/github.com/pmezard/go-difflib@v1.0.1-0.20181226105442-5d4384ee4fb2", "UID": "8d5735bc78902712" }, "Version": "v1.0.1-0.20181226105442-5d4384ee4fb2", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/rcrowley/go-metrics@v0.0.0-20250401214520-65e299d6c5c9", "Name": "github.com/rcrowley/go-metrics", "Identifier": { "PURL": "pkg:golang/github.com/rcrowley/go-metrics@v0.0.0-20250401214520-65e299d6c5c9", "UID": "4bbc26a320477f67" }, "Version": "v0.0.0-20250401214520-65e299d6c5c9", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/remyoudompheng/bigfft@v0.0.0-20230129092748-24d4a6f8daec", "Name": "github.com/remyoudompheng/bigfft", "Identifier": { "PURL": "pkg:golang/github.com/remyoudompheng/bigfft@v0.0.0-20230129092748-24d4a6f8daec", "UID": "9f4ca67645d87fd5" }, "Version": "v0.0.0-20230129092748-24d4a6f8daec", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/rivo/uniseg@v0.4.7", "Name": "github.com/rivo/uniseg", "Identifier": { "PURL": "pkg:golang/github.com/rivo/uniseg@v0.4.7", "UID": "6e101f5213f5b3cc" }, "Version": "v0.4.7", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/rubenv/sql-migrate@v1.8.1", "Name": "github.com/rubenv/sql-migrate", "Identifier": { "PURL": "pkg:golang/github.com/rubenv/sql-migrate@v1.8.1", "UID": "e0ff8f4c1226e806" }, "Version": "v1.8.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/russross/blackfriday/v2@v2.1.0", "Name": "github.com/russross/blackfriday/v2", "Identifier": { "PURL": "pkg:golang/github.com/russross/blackfriday/v2@v2.1.0", "UID": "1a251e8605ee5576" }, "Version": "v2.1.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/rust-secure-code/go-rustaudit@v0.0.0-20250226111315-e20ec32e963c", "Name": "github.com/rust-secure-code/go-rustaudit", "Identifier": { "PURL": "pkg:golang/github.com/rust-secure-code/go-rustaudit@v0.0.0-20250226111315-e20ec32e963c", "UID": "7783937f4d7bc0bc" }, "Version": "v0.0.0-20250226111315-e20ec32e963c", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/sagikazarmark/locafero@v0.11.0", "Name": "github.com/sagikazarmark/locafero", "Identifier": { "PURL": "pkg:golang/github.com/sagikazarmark/locafero@v0.11.0", "UID": "c38c5e2cc1d8392e" }, "Version": "v0.11.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/samber/lo@v1.53.0", "Name": "github.com/samber/lo", "Identifier": { "PURL": "pkg:golang/github.com/samber/lo@v1.53.0", "UID": "9c4f4fb4c35a9b89" }, "Version": "v1.53.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/samber/oops@v1.18.1", "Name": "github.com/samber/oops", "Identifier": { "PURL": "pkg:golang/github.com/samber/oops@v1.18.1", "UID": "c38900b323ca8518" }, "Version": "v1.18.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/santhosh-tekuri/jsonschema/v6@v6.0.2", "Name": "github.com/santhosh-tekuri/jsonschema/v6", "Identifier": { "PURL": "pkg:golang/github.com/santhosh-tekuri/jsonschema/v6@v6.0.2", "UID": "ebe07f57a3fe66d9" }, "Version": "v6.0.2", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/sassoftware/go-rpmutils@v0.4.0", "Name": "github.com/sassoftware/go-rpmutils", "Identifier": { "PURL": "pkg:golang/github.com/sassoftware/go-rpmutils@v0.4.0", "UID": "ec4d5355ead87635" }, "Version": "v0.4.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/sassoftware/relic@v7.2.1+incompatible", "Name": "github.com/sassoftware/relic", "Identifier": { "PURL": "pkg:golang/github.com/sassoftware/relic@v7.2.1%2Bincompatible", "UID": "b0b63eb8cb43d2c0" }, "Version": "v7.2.1+incompatible", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/secure-systems-lab/go-securesystemslib@v0.10.0", "Name": "github.com/secure-systems-lab/go-securesystemslib", "Identifier": { "PURL": "pkg:golang/github.com/secure-systems-lab/go-securesystemslib@v0.10.0", "UID": "25e12c8331ef3135" }, "Version": "v0.10.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/sergi/go-diff@v1.4.0", "Name": "github.com/sergi/go-diff", "Identifier": { "PURL": "pkg:golang/github.com/sergi/go-diff@v1.4.0", "UID": "10646aa622a6ef3a" }, "Version": "v1.4.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/shibumi/go-pathspec@v1.3.0", "Name": "github.com/shibumi/go-pathspec", "Identifier": { "PURL": "pkg:golang/github.com/shibumi/go-pathspec@v1.3.0", "UID": "2b89a4645080d727" }, "Version": "v1.3.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/shopspring/decimal@v1.4.0", "Name": "github.com/shopspring/decimal", "Identifier": { "PURL": "pkg:golang/github.com/shopspring/decimal@v1.4.0", "UID": "5b96e4c5a98ecd4d" }, "Version": "v1.4.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/sigstore/cosign/v2@v2.6.2", "Name": "github.com/sigstore/cosign/v2", "Identifier": { "PURL": "pkg:golang/github.com/sigstore/cosign/v2@v2.6.2", "UID": "9446708cfde2a8d8" }, "Version": "v2.6.2", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/sigstore/protobuf-specs@v0.5.0", "Name": "github.com/sigstore/protobuf-specs", "Identifier": { "PURL": "pkg:golang/github.com/sigstore/protobuf-specs@v0.5.0", "UID": "779ba31bea7440e3" }, "Version": "v0.5.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/sigstore/rekor@v1.5.1", "Name": "github.com/sigstore/rekor", "Identifier": { "PURL": "pkg:golang/github.com/sigstore/rekor@v1.5.1", "UID": "c8bb1a796b199c71" }, "Version": "v1.5.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/sigstore/rekor-tiles/v2@v2.0.1", "Name": "github.com/sigstore/rekor-tiles/v2", "Identifier": { "PURL": "pkg:golang/github.com/sigstore/rekor-tiles/v2@v2.0.1", "UID": "318e94ab6159e848" }, "Version": "v2.0.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/sigstore/sigstore@v1.10.5", "Name": "github.com/sigstore/sigstore", "Identifier": { "PURL": "pkg:golang/github.com/sigstore/sigstore@v1.10.5", "UID": "ed3218a83663b288" }, "Version": "v1.10.5", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/sigstore/sigstore-go@v1.1.4", "Name": "github.com/sigstore/sigstore-go", "Identifier": { "PURL": "pkg:golang/github.com/sigstore/sigstore-go@v1.1.4", "UID": "9d7bb6c3e0e0c79e" }, "Version": "v1.1.4", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/sigstore/timestamp-authority/v2@v2.0.6", "Name": "github.com/sigstore/timestamp-authority/v2", "Identifier": { "PURL": "pkg:golang/github.com/sigstore/timestamp-authority/v2@v2.0.6", "UID": "ff386c449d83eeff" }, "Version": "v2.0.6", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/sirupsen/logrus@v1.9.4", "Name": "github.com/sirupsen/logrus", "Identifier": { "PURL": "pkg:golang/github.com/sirupsen/logrus@v1.9.4", "UID": "9190fb84187cf0b0" }, "Version": "v1.9.4", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/skeema/knownhosts@v1.3.1", "Name": "github.com/skeema/knownhosts", "Identifier": { "PURL": "pkg:golang/github.com/skeema/knownhosts@v1.3.1", "UID": "c2eac9faf6f8437" }, "Version": "v1.3.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/sourcegraph/conc@v0.3.1-0.20240121214520-5f936abd7ae8", "Name": "github.com/sourcegraph/conc", "Identifier": { "PURL": "pkg:golang/github.com/sourcegraph/conc@v0.3.1-0.20240121214520-5f936abd7ae8", "UID": "43058d7611ee50f8" }, "Version": "v0.3.1-0.20240121214520-5f936abd7ae8", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/spdx/tools-golang@v0.5.7", "Name": "github.com/spdx/tools-golang", "Identifier": { "PURL": "pkg:golang/github.com/spdx/tools-golang@v0.5.7", "UID": "d697b7adfed34095" }, "Version": "v0.5.7", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/spf13/afero@v1.15.0", "Name": "github.com/spf13/afero", "Identifier": { "PURL": "pkg:golang/github.com/spf13/afero@v1.15.0", "UID": "752bc372f98b210e" }, "Version": "v1.15.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/spf13/cast@v1.10.0", "Name": "github.com/spf13/cast", "Identifier": { "PURL": "pkg:golang/github.com/spf13/cast@v1.10.0", "UID": "92b00a99adb32b82" }, "Version": "v1.10.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/spf13/cobra@v1.10.2", "Name": "github.com/spf13/cobra", "Identifier": { "PURL": "pkg:golang/github.com/spf13/cobra@v1.10.2", "UID": "c733cc590073febc" }, "Version": "v1.10.2", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/spf13/pflag@v1.0.10", "Name": "github.com/spf13/pflag", "Identifier": { "PURL": "pkg:golang/github.com/spf13/pflag@v1.0.10", "UID": "f1451eafa1f92c90" }, "Version": "v1.0.10", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/spf13/viper@v1.21.0", "Name": "github.com/spf13/viper", "Identifier": { "PURL": "pkg:golang/github.com/spf13/viper@v1.21.0", "UID": "56d107254faa550a" }, "Version": "v1.21.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/spiffe/go-spiffe/v2@v2.6.0", "Name": "github.com/spiffe/go-spiffe/v2", "Identifier": { "PURL": "pkg:golang/github.com/spiffe/go-spiffe/v2@v2.6.0", "UID": "f7f01d013898a5d9" }, "Version": "v2.6.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/stretchr/objx@v0.5.3", "Name": "github.com/stretchr/objx", "Identifier": { "PURL": "pkg:golang/github.com/stretchr/objx@v0.5.3", "UID": "8a29c26a63a441f1" }, "Version": "v0.5.3", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/stretchr/testify@v1.11.1", "Name": "github.com/stretchr/testify", "Identifier": { "PURL": "pkg:golang/github.com/stretchr/testify@v1.11.1", "UID": "e8a6d9abf20c7eb8" }, "Version": "v1.11.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/subosito/gotenv@v1.6.0", "Name": "github.com/subosito/gotenv", "Identifier": { "PURL": "pkg:golang/github.com/subosito/gotenv@v1.6.0", "UID": "a5b03d3a9c2090c" }, "Version": "v1.6.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/syndtr/goleveldb@v1.0.1-0.20220721030215-126854af5e6d", "Name": "github.com/syndtr/goleveldb", "Identifier": { "PURL": "pkg:golang/github.com/syndtr/goleveldb@v1.0.1-0.20220721030215-126854af5e6d", "UID": "f56d59e7e12a0c95" }, "Version": "v1.0.1-0.20220721030215-126854af5e6d", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/tchap/go-patricia/v2@v2.3.3", "Name": "github.com/tchap/go-patricia/v2", "Identifier": { "PURL": "pkg:golang/github.com/tchap/go-patricia/v2@v2.3.3", "UID": "44d9f889c096e5d3" }, "Version": "v2.3.3", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/tetratelabs/wazero@v1.11.0", "Name": "github.com/tetratelabs/wazero", "Identifier": { "PURL": "pkg:golang/github.com/tetratelabs/wazero@v1.11.0", "UID": "68b5f7de1fc27d8b" }, "Version": "v1.11.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/theupdateframework/go-tuf@v0.7.0", "Name": "github.com/theupdateframework/go-tuf", "Identifier": { "PURL": "pkg:golang/github.com/theupdateframework/go-tuf@v0.7.0", "UID": "e0e9ac03cae71a01" }, "Version": "v0.7.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/theupdateframework/go-tuf/v2@v2.4.1", "Name": "github.com/theupdateframework/go-tuf/v2", "Identifier": { "PURL": "pkg:golang/github.com/theupdateframework/go-tuf/v2@v2.4.1", "UID": "64398ae254426b4a" }, "Version": "v2.4.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/titanous/rocacheck@v0.0.0-20171023193734-afe73141d399", "Name": "github.com/titanous/rocacheck", "Identifier": { "PURL": "pkg:golang/github.com/titanous/rocacheck@v0.0.0-20171023193734-afe73141d399", "UID": "51673eb00726726" }, "Version": "v0.0.0-20171023193734-afe73141d399", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/tonistiigi/go-csvvalue@v0.0.0-20240814133006-030d3b2625d0", "Name": "github.com/tonistiigi/go-csvvalue", "Identifier": { "PURL": "pkg:golang/github.com/tonistiigi/go-csvvalue@v0.0.0-20240814133006-030d3b2625d0", "UID": "ba96d9fdca130e4c" }, "Version": "v0.0.0-20240814133006-030d3b2625d0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/toqueteos/webbrowser@v1.2.0", "Name": "github.com/toqueteos/webbrowser", "Identifier": { "PURL": "pkg:golang/github.com/toqueteos/webbrowser@v1.2.0", "UID": "edce0f4ca4a76d84" }, "Version": "v1.2.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/transparency-dev/formats@v0.0.0-20251017110053-404c0d5b696c", "Name": "github.com/transparency-dev/formats", "Identifier": { "PURL": "pkg:golang/github.com/transparency-dev/formats@v0.0.0-20251017110053-404c0d5b696c", "UID": "3841a3b958f5539f" }, "Version": "v0.0.0-20251017110053-404c0d5b696c", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/transparency-dev/merkle@v0.0.2", "Name": "github.com/transparency-dev/merkle", "Identifier": { "PURL": "pkg:golang/github.com/transparency-dev/merkle@v0.0.2", "UID": "91d4619d2f5e0a2b" }, "Version": "v0.0.2", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/twitchtv/twirp@v8.1.3+incompatible", "Name": "github.com/twitchtv/twirp", "Identifier": { "PURL": "pkg:golang/github.com/twitchtv/twirp@v8.1.3%2Bincompatible", "UID": "7ceaa58dec508301" }, "Version": "v8.1.3+incompatible", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/ulikunitz/xz@v0.5.15", "Name": "github.com/ulikunitz/xz", "Identifier": { "PURL": "pkg:golang/github.com/ulikunitz/xz@v0.5.15", "UID": "57867d58e7ed3139" }, "Version": "v0.5.15", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/valyala/fastjson@v1.6.7", "Name": "github.com/valyala/fastjson", "Identifier": { "PURL": "pkg:golang/github.com/valyala/fastjson@v1.6.7", "UID": "46c290945432c4ba" }, "Version": "v1.6.7", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/vbatts/tar-split@v0.12.2", "Name": "github.com/vbatts/tar-split", "Identifier": { "PURL": "pkg:golang/github.com/vbatts/tar-split@v0.12.2", "UID": "1fdefc95e0bde68f" }, "Version": "v0.12.2", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/vektah/gqlparser/v2@v2.5.32", "Name": "github.com/vektah/gqlparser/v2", "Identifier": { "PURL": "pkg:golang/github.com/vektah/gqlparser/v2@v2.5.32", "UID": "aeb7124d7829827" }, "Version": "v2.5.32", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/vmihailenco/msgpack/v5@v5.4.1", "Name": "github.com/vmihailenco/msgpack/v5", "Identifier": { "PURL": "pkg:golang/github.com/vmihailenco/msgpack/v5@v5.4.1", "UID": "98be7c75c8890879" }, "Version": "v5.4.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/vmihailenco/tagparser/v2@v2.0.0", "Name": "github.com/vmihailenco/tagparser/v2", "Identifier": { "PURL": "pkg:golang/github.com/vmihailenco/tagparser/v2@v2.0.0", "UID": "4084a10b585e7ec" }, "Version": "v2.0.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/x448/float16@v0.8.4", "Name": "github.com/x448/float16", "Identifier": { "PURL": "pkg:golang/github.com/x448/float16@v0.8.4", "UID": "92e4d1656274958c" }, "Version": "v0.8.4", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/xanzy/ssh-agent@v0.3.3", "Name": "github.com/xanzy/ssh-agent", "Identifier": { "PURL": "pkg:golang/github.com/xanzy/ssh-agent@v0.3.3", "UID": "206689b5d59442fd" }, "Version": "v0.3.3", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/xeipuuv/gojsonpointer@v0.0.0-20190905194746-02993c407bfb", "Name": "github.com/xeipuuv/gojsonpointer", "Identifier": { "PURL": "pkg:golang/github.com/xeipuuv/gojsonpointer@v0.0.0-20190905194746-02993c407bfb", "UID": "9288aec111001403" }, "Version": "v0.0.0-20190905194746-02993c407bfb", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/xeipuuv/gojsonreference@v0.0.0-20180127040603-bd5ef7bd5415", "Name": "github.com/xeipuuv/gojsonreference", "Identifier": { "PURL": "pkg:golang/github.com/xeipuuv/gojsonreference@v0.0.0-20180127040603-bd5ef7bd5415", "UID": "d0b0b1bfb36b2e19" }, "Version": "v0.0.0-20180127040603-bd5ef7bd5415", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/xeipuuv/gojsonschema@v1.2.0", "Name": "github.com/xeipuuv/gojsonschema", "Identifier": { "PURL": "pkg:golang/github.com/xeipuuv/gojsonschema@v1.2.0", "UID": "44d170518914b732" }, "Version": "v1.2.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/xi2/xz@v0.0.0-20171230120015-48954b6210f8", "Name": "github.com/xi2/xz", "Identifier": { "PURL": "pkg:golang/github.com/xi2/xz@v0.0.0-20171230120015-48954b6210f8", "UID": "7b7c196f8c1e6fff" }, "Version": "v0.0.0-20171230120015-48954b6210f8", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/xlab/treeprint@v1.2.0", "Name": "github.com/xlab/treeprint", "Identifier": { "PURL": "pkg:golang/github.com/xlab/treeprint@v1.2.0", "UID": "e2a2781874aba2cd" }, "Version": "v1.2.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/yashtewari/glob-intersection@v0.2.0", "Name": "github.com/yashtewari/glob-intersection", "Identifier": { "PURL": "pkg:golang/github.com/yashtewari/glob-intersection@v0.2.0", "UID": "c9bac6d9131501d1" }, "Version": "v0.2.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/zclconf/go-cty@v1.18.0", "Name": "github.com/zclconf/go-cty", "Identifier": { "PURL": "pkg:golang/github.com/zclconf/go-cty@v1.18.0", "UID": "5b7fa8ee0cadfb74" }, "Version": "v1.18.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "github.com/zclconf/go-cty-yaml@v1.2.0", "Name": "github.com/zclconf/go-cty-yaml", "Identifier": { "PURL": "pkg:golang/github.com/zclconf/go-cty-yaml@v1.2.0", "UID": "ad085d1cb6f3825f" }, "Version": "v1.2.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "go.etcd.io/bbolt@v1.4.3", "Name": "go.etcd.io/bbolt", "Identifier": { "PURL": "pkg:golang/go.etcd.io/bbolt@v1.4.3", "UID": "ce28fe3e008ea977" }, "Version": "v1.4.3", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/auto/sdk@v1.2.1", "Name": "go.opentelemetry.io/auto/sdk", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/auto/sdk@v1.2.1", "UID": "d6b64dd7665d89ca" }, "Version": "v1.2.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/contrib/detectors/gcp@v1.39.0", "Name": "go.opentelemetry.io/contrib/detectors/gcp", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/contrib/detectors/gcp@v1.39.0", "UID": "dbc3ac183d924f55" }, "Version": "v1.39.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@v0.63.0", "Name": "go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@v0.63.0", "UID": "119a3a02abd64f86" }, "Version": "v0.63.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.65.0", "Name": "go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp@v0.65.0", "UID": "cd264fff9e77fe50" }, "Version": "v0.65.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/otel@v1.43.0", "Name": "go.opentelemetry.io/otel", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel@v1.43.0", "UID": "5840357d5c7e6a0e" }, "Version": "v1.43.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc@v1.40.0", "Name": "go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc@v1.40.0", "UID": "ea147c69c10fd292" }, "Version": "v1.40.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/otel/exporters/otlp/otlptrace@v1.40.0", "Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlptrace@v1.40.0", "UID": "1a10031b56e9de01" }, "Version": "v1.40.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@v1.40.0", "Name": "go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc@v1.40.0", "UID": "dbc6c48d47458ba1" }, "Version": "v1.40.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/otel/metric@v1.43.0", "Name": "go.opentelemetry.io/otel/metric", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel/metric@v1.43.0", "UID": "621ee72e35bf16b4" }, "Version": "v1.43.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/otel/sdk@v1.43.0", "Name": "go.opentelemetry.io/otel/sdk", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel/sdk@v1.43.0", "UID": "83e3015693054a4b" }, "Version": "v1.43.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/otel/sdk/metric@v1.43.0", "Name": "go.opentelemetry.io/otel/sdk/metric", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel/sdk/metric@v1.43.0", "UID": "420a18a964055ae3" }, "Version": "v1.43.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/otel/trace@v1.43.0", "Name": "go.opentelemetry.io/otel/trace", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/otel/trace@v1.43.0", "UID": "75355cb2493ca108" }, "Version": "v1.43.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "go.opentelemetry.io/proto/otlp@v1.9.0", "Name": "go.opentelemetry.io/proto/otlp", "Identifier": { "PURL": "pkg:golang/go.opentelemetry.io/proto/otlp@v1.9.0", "UID": "2aba49ffae12a4c6" }, "Version": "v1.9.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "go.uber.org/multierr@v1.11.0", "Name": "go.uber.org/multierr", "Identifier": { "PURL": "pkg:golang/go.uber.org/multierr@v1.11.0", "UID": "8eaf98cbf1107a3a" }, "Version": "v1.11.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "go.uber.org/zap@v1.27.1", "Name": "go.uber.org/zap", "Identifier": { "PURL": "pkg:golang/go.uber.org/zap@v1.27.1", "UID": "b214d3640bfaa20f" }, "Version": "v1.27.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "go.yaml.in/yaml/v2@v2.4.3", "Name": "go.yaml.in/yaml/v2", "Identifier": { "PURL": "pkg:golang/go.yaml.in/yaml/v2@v2.4.3", "UID": "e79d0af40d5c4ac8" }, "Version": "v2.4.3", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "go.yaml.in/yaml/v3@v3.0.4", "Name": "go.yaml.in/yaml/v3", "Identifier": { "PURL": "pkg:golang/go.yaml.in/yaml/v3@v3.0.4", "UID": "92c2e4faa7706d93" }, "Version": "v3.0.4", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "go.yaml.in/yaml/v4@v4.0.0-rc.3", "Name": "go.yaml.in/yaml/v4", "Identifier": { "PURL": "pkg:golang/go.yaml.in/yaml/v4@v4.0.0-rc.3", "UID": "f64e5ca26f59181b" }, "Version": "v4.0.0-rc.3", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/crypto@v0.50.0", "Name": "golang.org/x/crypto", "Identifier": { "PURL": "pkg:golang/golang.org/x/crypto@v0.50.0", "UID": "86b9f77577ddb8d2" }, "Version": "v0.50.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/exp@v0.0.0-20251023183803-a4bb9ffd2546", "Name": "golang.org/x/exp", "Identifier": { "PURL": "pkg:golang/golang.org/x/exp@v0.0.0-20251023183803-a4bb9ffd2546", "UID": "e672dbdb4c81c90" }, "Version": "v0.0.0-20251023183803-a4bb9ffd2546", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/mod@v0.34.0", "Name": "golang.org/x/mod", "Identifier": { "PURL": "pkg:golang/golang.org/x/mod@v0.34.0", "UID": "f7b41f716f7b0fe4" }, "Version": "v0.34.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/net@v0.53.0", "Name": "golang.org/x/net", "Identifier": { "PURL": "pkg:golang/golang.org/x/net@v0.53.0", "UID": "a5e3f765714179cd" }, "Version": "v0.53.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/oauth2@v0.36.0", "Name": "golang.org/x/oauth2", "Identifier": { "PURL": "pkg:golang/golang.org/x/oauth2@v0.36.0", "UID": "d129272d4fc9917e" }, "Version": "v0.36.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/sync@v0.20.0", "Name": "golang.org/x/sync", "Identifier": { "PURL": "pkg:golang/golang.org/x/sync@v0.20.0", "UID": "1ebf53664e9778b2" }, "Version": "v0.20.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/sys@v0.43.0", "Name": "golang.org/x/sys", "Identifier": { "PURL": "pkg:golang/golang.org/x/sys@v0.43.0", "UID": "5bfd09e654941e78" }, "Version": "v0.43.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/term@v0.42.0", "Name": "golang.org/x/term", "Identifier": { "PURL": "pkg:golang/golang.org/x/term@v0.42.0", "UID": "6689b29d8b98d344" }, "Version": "v0.42.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/text@v0.36.0", "Name": "golang.org/x/text", "Identifier": { "PURL": "pkg:golang/golang.org/x/text@v0.36.0", "UID": "bef56439b881a874" }, "Version": "v0.36.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/time@v0.15.0", "Name": "golang.org/x/time", "Identifier": { "PURL": "pkg:golang/golang.org/x/time@v0.15.0", "UID": "edfc8c1e95c89dfd" }, "Version": "v0.15.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "golang.org/x/xerrors@v0.0.0-20240903120638-7835f813f4da", "Name": "golang.org/x/xerrors", "Identifier": { "PURL": "pkg:golang/golang.org/x/xerrors@v0.0.0-20240903120638-7835f813f4da", "UID": "4139b93d2beead57" }, "Version": "v0.0.0-20240903120638-7835f813f4da", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/api@v0.272.0", "Name": "google.golang.org/api", "Identifier": { "PURL": "pkg:golang/google.golang.org/api@v0.272.0", "UID": "df88e5c29e892c05" }, "Version": "v0.272.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/genproto@v0.0.0-20260316180232-0b37fe3546d5", "Name": "google.golang.org/genproto", "Identifier": { "PURL": "pkg:golang/google.golang.org/genproto@v0.0.0-20260316180232-0b37fe3546d5", "UID": "fa1ed387c196a4b4" }, "Version": "v0.0.0-20260316180232-0b37fe3546d5", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/genproto/googleapis/api@v0.0.0-20260316180232-0b37fe3546d5", "Name": "google.golang.org/genproto/googleapis/api", "Identifier": { "PURL": "pkg:golang/google.golang.org/genproto/googleapis/api@v0.0.0-20260316180232-0b37fe3546d5", "UID": "2a6945d432f07fcf" }, "Version": "v0.0.0-20260316180232-0b37fe3546d5", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/genproto/googleapis/rpc@v0.0.0-20260316180232-0b37fe3546d5", "Name": "google.golang.org/genproto/googleapis/rpc", "Identifier": { "PURL": "pkg:golang/google.golang.org/genproto/googleapis/rpc@v0.0.0-20260316180232-0b37fe3546d5", "UID": "29befa9e37336165" }, "Version": "v0.0.0-20260316180232-0b37fe3546d5", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/grpc@v1.79.3", "Name": "google.golang.org/grpc", "Identifier": { "PURL": "pkg:golang/google.golang.org/grpc@v1.79.3", "UID": "3220fe69c7d38e52" }, "Version": "v1.79.3", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "google.golang.org/protobuf@v1.36.11", "Name": "google.golang.org/protobuf", "Identifier": { "PURL": "pkg:golang/google.golang.org/protobuf@v1.36.11", "UID": "144bffa6b3faea2e" }, "Version": "v1.36.11", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/evanphx/json-patch.v4@v4.13.0", "Name": "gopkg.in/evanphx/json-patch.v4", "Identifier": { "PURL": "pkg:golang/gopkg.in/evanphx/json-patch.v4@v4.13.0", "UID": "1120979d6aee3bbd" }, "Version": "v4.13.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/inf.v0@v0.9.1", "Name": "gopkg.in/inf.v0", "Identifier": { "PURL": "pkg:golang/gopkg.in/inf.v0@v0.9.1", "UID": "c9e4c68e9826a838" }, "Version": "v0.9.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/warnings.v0@v0.1.2", "Name": "gopkg.in/warnings.v0", "Identifier": { "PURL": "pkg:golang/gopkg.in/warnings.v0@v0.1.2", "UID": "486bb224ab4934ad" }, "Version": "v0.1.2", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "gopkg.in/yaml.v3@v3.0.1", "Name": "gopkg.in/yaml.v3", "Identifier": { "PURL": "pkg:golang/gopkg.in/yaml.v3@v3.0.1", "UID": "176d36fc44a1e402" }, "Version": "v3.0.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "helm.sh/helm/v3@v3.20.2", "Name": "helm.sh/helm/v3", "Identifier": { "PURL": "pkg:golang/helm.sh/helm/v3@v3.20.2", "UID": "76d80ac4706fda3a" }, "Version": "v3.20.2", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/api@v0.35.3", "Name": "k8s.io/api", "Identifier": { "PURL": "pkg:golang/k8s.io/api@v0.35.3", "UID": "d8ad17bda34daba8" }, "Version": "v0.35.3", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/apiextensions-apiserver@v0.35.1", "Name": "k8s.io/apiextensions-apiserver", "Identifier": { "PURL": "pkg:golang/k8s.io/apiextensions-apiserver@v0.35.1", "UID": "2d39273b1635eee4" }, "Version": "v0.35.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/apimachinery@v0.35.3", "Name": "k8s.io/apimachinery", "Identifier": { "PURL": "pkg:golang/k8s.io/apimachinery@v0.35.3", "UID": "e4888e0d00944efa" }, "Version": "v0.35.3", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/apiserver@v0.35.1", "Name": "k8s.io/apiserver", "Identifier": { "PURL": "pkg:golang/k8s.io/apiserver@v0.35.1", "UID": "9d1d8296131305eb" }, "Version": "v0.35.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/cli-runtime@v0.35.1", "Name": "k8s.io/cli-runtime", "Identifier": { "PURL": "pkg:golang/k8s.io/cli-runtime@v0.35.1", "UID": "6650816b26cb93a2" }, "Version": "v0.35.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/client-go@v0.35.1", "Name": "k8s.io/client-go", "Identifier": { "PURL": "pkg:golang/k8s.io/client-go@v0.35.1", "UID": "7924b0ead58c24a3" }, "Version": "v0.35.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/component-base@v0.35.1", "Name": "k8s.io/component-base", "Identifier": { "PURL": "pkg:golang/k8s.io/component-base@v0.35.1", "UID": "79d051d2fea4bea0" }, "Version": "v0.35.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/klog/v2@v2.130.1", "Name": "k8s.io/klog/v2", "Identifier": { "PURL": "pkg:golang/k8s.io/klog/v2@v2.130.1", "UID": "7c2d5dab024da7b6" }, "Version": "v2.130.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/kube-openapi@v0.0.0-20250910181357-589584f1c912", "Name": "k8s.io/kube-openapi", "Identifier": { "PURL": "pkg:golang/k8s.io/kube-openapi@v0.0.0-20250910181357-589584f1c912", "UID": "5f691970e5bc8bd2" }, "Version": "v0.0.0-20250910181357-589584f1c912", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/kubectl@v0.35.1", "Name": "k8s.io/kubectl", "Identifier": { "PURL": "pkg:golang/k8s.io/kubectl@v0.35.1", "UID": "d606c5afd5d2e829" }, "Version": "v0.35.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "k8s.io/utils@v0.0.0-20251002143259-bc988d571ff4", "Name": "k8s.io/utils", "Identifier": { "PURL": "pkg:golang/k8s.io/utils@v0.0.0-20251002143259-bc988d571ff4", "UID": "407f39c02212e306" }, "Version": "v0.0.0-20251002143259-bc988d571ff4", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "modernc.org/libc@v1.70.0", "Name": "modernc.org/libc", "Identifier": { "PURL": "pkg:golang/modernc.org/libc@v1.70.0", "UID": "2a9c262bfe453b23" }, "Version": "v1.70.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "modernc.org/mathutil@v1.7.1", "Name": "modernc.org/mathutil", "Identifier": { "PURL": "pkg:golang/modernc.org/mathutil@v1.7.1", "UID": "119a717fa5a87496" }, "Version": "v1.7.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "modernc.org/memory@v1.11.0", "Name": "modernc.org/memory", "Identifier": { "PURL": "pkg:golang/modernc.org/memory@v1.11.0", "UID": "a55e6c1ef6a462e" }, "Version": "v1.11.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "modernc.org/sqlite@v1.48.2", "Name": "modernc.org/sqlite", "Identifier": { "PURL": "pkg:golang/modernc.org/sqlite@v1.48.2", "UID": "a990af1daedfce00" }, "Version": "v1.48.2", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "mvdan.cc/sh/v3@v3.12.0", "Name": "mvdan.cc/sh/v3", "Identifier": { "PURL": "pkg:golang/mvdan.cc/sh/v3@v3.12.0", "UID": "d108624b106a9349" }, "Version": "v3.12.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "oras.land/oras-go/v2@v2.6.0", "Name": "oras.land/oras-go/v2", "Identifier": { "PURL": "pkg:golang/oras.land/oras-go/v2@v2.6.0", "UID": "7e5aa3baf9c41f95" }, "Version": "v2.6.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/json@v0.0.0-20250730193827-2d320260d730", "Name": "sigs.k8s.io/json", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/json@v0.0.0-20250730193827-2d320260d730", "UID": "2f32cc9fa9f2d728" }, "Version": "v0.0.0-20250730193827-2d320260d730", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/kustomize/api@v0.20.1", "Name": "sigs.k8s.io/kustomize/api", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/kustomize/api@v0.20.1", "UID": "7460457c9d4cf9d8" }, "Version": "v0.20.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/kustomize/kyaml@v0.20.1", "Name": "sigs.k8s.io/kustomize/kyaml", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/kustomize/kyaml@v0.20.1", "UID": "7815e09b4bda8a59" }, "Version": "v0.20.1", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/randfill@v1.0.0", "Name": "sigs.k8s.io/randfill", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/randfill@v1.0.0", "UID": "9fae49ed5b8729bf" }, "Version": "v1.0.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/structured-merge-diff/v6@v6.3.0", "Name": "sigs.k8s.io/structured-merge-diff/v6", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/structured-merge-diff/v6@v6.3.0", "UID": "73f8b875003da698" }, "Version": "v6.3.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" }, { "ID": "sigs.k8s.io/yaml@v1.6.0", "Name": "sigs.k8s.io/yaml", "Identifier": { "PURL": "pkg:golang/sigs.k8s.io/yaml@v1.6.0", "UID": "96380c28bea11814" }, "Version": "v1.6.0", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "AnalyzedBy": "gobinary" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2026-44973", "VendorIDs": [ "GHSA-qw64-3x98-g7q2" ], "PkgID": "github.com/go-git/go-billy/v5@v5.8.0", "PkgName": "github.com/go-git/go-billy/v5", "PkgIdentifier": { "PURL": "pkg:golang/github.com/go-git/go-billy/v5@v5.8.0", "UID": "a9d04c20d96dbd1f" }, "InstalledVersion": "v5.8.0", "FixedVersion": "5.9.0", "Status": "fixed", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-44973", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:c5153d0342527f76a60ed912cfd09412ce064f17d7c74f2abb874c7c0583c62b", "Title": "go-billy has path traversal vulnerabilities", "Description": "### Impact\nMultiple path traversal issues exist across different components of `go-billy`. Insufficient path sanitization and boundary enforcement may allow crafted paths (e.g., using `..`) to escape intended base directories.\n\nWhile go-billy was not originally designed to provide a strong security boundary, some of these issues were inconsistent across some of the built-in implementations. This results in scenarios where applications relying on `go-billy` for some level of isolation may inadvertently expose access to unintended filesystem locations.\n\nThe `osfs.ChrootOS` implementation is notably affected by this vulnerability and is now deprecated in `v5`, removed at `v6`. Users are recommended to move on to `osfs.BoundOS` instead: `osfs.New(path, WithBoundOS())`.\n\nUsers requiring stronger security boundary enforcement are recommended to upgrade to `v6`, where the `osfs` implementation are backed by the [traversal-resistant](https://go.dev/blog/osroot) primitive [os.Root](https://pkg.go.dev/os#Root).\n\n### Patches\nUsers should upgrade to a patched version in order to mitigate this vulnerability. Versions prior to `v5` are likely to be affected, users are recommended to upgrade to a supported `go-billy` version.\n\n### Credits\nThanks to @faran66 and @vnykmshr for finding and separately reporting this issue privately to the go-git project. 🙇", "Severity": "HIGH", "VendorSeverity": { "ghsa": 3 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "V3Score": 8.1 } }, "References": [ "https://github.com/go-git/go-billy", "https://github.com/go-git/go-billy/releases/tag/v5.9.0", "https://github.com/go-git/go-billy/releases/tag/v6.0.0-alpha.1", "https://github.com/go-git/go-billy/security/advisories/GHSA-qw64-3x98-g7q2" ] }, { "VulnerabilityID": "CVE-2026-44740", "VendorIDs": [ "GHSA-m3xc-h892-ggx6" ], "PkgID": "github.com/go-git/go-billy/v5@v5.8.0", "PkgName": "github.com/go-git/go-billy/v5", "PkgIdentifier": { "PURL": "pkg:golang/github.com/go-git/go-billy/v5@v5.8.0", "UID": "a9d04c20d96dbd1f" }, "InstalledVersion": "v5.8.0", "FixedVersion": "5.9.0", "Status": "fixed", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-44740", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:79128f723988bbb936235edf5904a751b111f2746567ecd5a246d681df5bcf54", "Title": "go-billy: Lack of depth and cycle detection in symlink resolution may lead to infinite loops and resource exhaustion", "Description": "### Impact\nMultiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption.\n\nThese issues arise from insufficient validation and missing safety mechanisms such as cycle detection, recursion limits, or defensive handling of unexpected states when processing untrusted repository data and filesystem structures.\n\n### Patches\nUsers should upgrade to a patched version in order to mitigate this vulnerability. Versions prior to `v5` are likely to be affected, users are recommended to upgrade to a supported `go-billy` version.\n\n### Credits\nThanks to @faran66 for finding and reporting this issue privately to the go-git project. 🙇", "Severity": "MEDIUM", "VendorSeverity": { "ghsa": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://github.com/go-git/go-billy", "https://github.com/go-git/go-billy/releases/tag/v5.9.0", "https://github.com/go-git/go-billy/releases/tag/v6.0.0-alpha.1", "https://github.com/go-git/go-billy/security/advisories/GHSA-m3xc-h892-ggx6" ] }, { "VulnerabilityID": "CVE-2026-45022", "VendorIDs": [ "GHSA-389r-gv7p-r3rp" ], "PkgID": "github.com/go-git/go-git/v5@v5.17.2", "PkgName": "github.com/go-git/go-git/v5", "PkgIdentifier": { "PURL": "pkg:golang/github.com/go-git/go-git/v5@v5.17.2", "UID": "d4aabe835d9af77e" }, "InstalledVersion": "v5.17.2", "FixedVersion": "5.19.0", "Status": "fixed", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-45022", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:2e1156f702ecddb041c1e07cb011d8ba29023bee4a5eb685ee009497df20c964", "Title": "go-git's improper parsing of specially crafted objects may lead to inconsistent interpretation compared to upstream Git", "Description": "### Impact\n`go-git` may parse malformed Git objects in a way that differs from upstream Git. When `commit` or `tag` objects contain ambiguous or malformed headers, `go-git`’s decoded representation may expose values differently from how Git itself would interpret or reject the same object.\n\nAdditionally, `go-git`’s commit signing and verification logic operates over commit data reconstructed from `go-git`’s parsed representation rather than the original raw object bytes. As a result, `go-git` may sign or verify a commit payload that is not byte-for-byte equivalent to the object stored in the repository.\n\nThis can cause a signature to appear valid for a commit whose displayed or effective metadata differs from the object that was intended to be signed.\n\n### Patches\nUsers should upgrade to a patched version in order to mitigate this vulnerability. Versions prior to v5 are likely to be affected, users are recommended to upgrade to a supported `go-git` version.\n\n### Credit\n\nThanks to @bugbunny-research (https://bugbunny.ai/) for reporting this to `sigstore/gitsign`, and to @wlynch, @patzielinski and @adityasaky for coordinating the disclosure with the `go-git` project. :bow: :1st_place_medal: \n\nThanks to @wayphinder for reporting this to the `go-git` project. :bow:", "Severity": "HIGH", "VendorSeverity": { "ghsa": 3 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N", "V40Score": 7 } }, "References": [ "https://github.com/go-git/go-git", "https://github.com/go-git/go-git/security/advisories/GHSA-389r-gv7p-r3rp" ] }, { "VulnerabilityID": "CVE-2026-41506", "VendorIDs": [ "GHSA-3xc5-wrhm-f963" ], "PkgID": "github.com/go-git/go-git/v5@v5.17.2", "PkgName": "github.com/go-git/go-git/v5", "PkgIdentifier": { "PURL": "pkg:golang/github.com/go-git/go-git/v5@v5.17.2", "UID": "d4aabe835d9af77e" }, "InstalledVersion": "v5.17.2", "FixedVersion": "5.18.0", "Status": "fixed", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-41506", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:e21a36a77830e36aa3fc2dd2dc153b38253765187f14ba563b6d9532844739f4", "Title": "golang: github.com/go-git/go-git: go-git: Information disclosure of HTTP authentication credentials via redirects", "Description": "go-git is an extensible git implementation library written in pure Go. Prior to versions 5.18.0 and 6.0.0-alpha.2, go-git may leak HTTP authentication credentials when following redirects during smart-HTTP clone and fetch operations. This issue has been patched in versions 5.18.0 and 6.0.0-alpha.2.", "Severity": "MEDIUM", "CweIDs": [ "CWE-522" ], "VendorSeverity": { "ghsa": 2, "nvd": 3, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N", "V3Score": 4.7 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "V3Score": 7.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-41506", "https://github.com/go-git/go-git", "https://github.com/go-git/go-git/releases/tag/v5.18.0", "https://github.com/go-git/go-git/releases/tag/v6.0.0-alpha.2", "https://github.com/go-git/go-git/security/advisories/GHSA-3xc5-wrhm-f963", "https://nvd.nist.gov/vuln/detail/CVE-2026-41506", "https://www.cve.org/CVERecord?id=CVE-2026-41506" ], "PublishedDate": "2026-05-08T14:16:33.983Z", "LastModifiedDate": "2026-05-12T14:33:02.04Z" }, { "VulnerabilityID": "CVE-2026-45571", "VendorIDs": [ "GHSA-crhj-59gh-8x96" ], "PkgID": "github.com/go-git/go-git/v5@v5.17.2", "PkgName": "github.com/go-git/go-git/v5", "PkgIdentifier": { "PURL": "pkg:golang/github.com/go-git/go-git/v5@v5.17.2", "UID": "d4aabe835d9af77e" }, "InstalledVersion": "v5.17.2", "FixedVersion": "5.19.1", "Status": "fixed", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-45571", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:f8d74b7f3e86e9bf92371f0ac1f02b7c9807352a8c6522181dbbdfac712aba70", "Title": "go-git: Crafted repositories may modify main and submodule .git directories", "Description": "### Impact\nA path validation issue in `go-git` could allow crafted repository data to affect files outside the intended checkout target, including the repository's `.git` directory.\n\nThese validations were introduced in upstream Git years ago, so the vulnerability arose from go-git drifting from those checks. Some attack vectors were platform-specific: certain payloads affected only Windows users, others affected only macOS users, and some applied across all supported platforms.\n\nUsing non-descendant `go-billy` filesystem instances, or different filesystem types, for the `Storer` and `Worktree` may provide some isolation against `.git` directory manipulation. For example, users that store the `.git` directory through `memfs` while using `osfs` for the worktree are not affected by this vulnerability in the main repository, because repository metadata is not materialized inside the worktree filesystem.\n\nHowever, this isolation does not necessarily apply when the repository contains submodules, since submodule dotgit directories may still be represented or materialized within the worktree context.\n\nIt is important to note that exploitation requires a maliciously crafted repository payload. Users should always exercise caution when interacting with repositories or Git servers they do not trust.\n\n### Patches\nUsers should upgrade to a patched version in order to mitigate this vulnerability. Versions prior to `v5` are likely to be affected, users are recommended to upgrade to a supported go-git version.\n\n### Credits\nThanks to @kodareef5, @AyushParkara and @N0zoM1z0 for reporting this to the go-git project in three separate reports. 🙇", "Severity": "MEDIUM", "VendorSeverity": { "ghsa": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L", "V3Score": 5.4 } }, "References": [ "https://github.com/go-git/go-git", "https://github.com/go-git/go-git/security/advisories/GHSA-crhj-59gh-8x96" ] }, { "VulnerabilityID": "GHSA-pmwq-pjrm-6p5r", "PkgID": "github.com/in-toto/in-toto-golang@v0.10.0", "PkgName": "github.com/in-toto/in-toto-golang", "PkgIdentifier": { "PURL": "pkg:golang/github.com/in-toto/in-toto-golang@v0.10.0", "UID": "74c4305e96ee4efa" }, "InstalledVersion": "v0.10.0", "FixedVersion": "0.11.0", "Status": "fixed", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "SeveritySource": "ghsa", "PrimaryURL": "https://github.com/advisories/GHSA-pmwq-pjrm-6p5r", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Fingerprint": "sha256:300782395e82b1648aaac97d4f9932af8725e9dde9dd3ae8f7438c078c930abb", "Title": "in-toto-golang and in-toto-python have inconsistent negation behavior", "Description": "### Impact\n_What kind of vulnerability is it? Who is impacted?_\n\nin-toto-golang and in-toto-python both support glob patterns in artifact rules to indicate the artifacts that a rule applies to. Both support negations in character classes to indicate what should *not* be matched, but they used different operators to indicate the negation. in-toto-python uses `!` while in-toto-golang used `^`. A layout authored with the expectations of one implementation can therefore exhibit different behavior in the other implementation.\n\nThis impacts users in a specific set of circumstances where two different implementations are used to verify the same layout + attestation bundle at different stages of the same pipeline. As a rule of thumb, we advise using a single implementation across all aspects of a pipeline, from layout creation to pipeline execution and verification to prevent this class of bugs.\n\n### Patches\n_Has the problem been patched? What versions should users upgrade to?_\n\nin-toto-golang has been updated to use `!` instead of `^` to indicate negation. See https://github.com/in-toto/in-toto-golang/pull/462. This is part of v0.11.0.", "Severity": "MEDIUM", "VendorSeverity": { "ghsa": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N", "V3Score": 4.1 } }, "References": [ "https://github.com/in-toto/in-toto-golang", "https://github.com/in-toto/in-toto-golang/commit/36d782ffb2ca3adbffcdce1fd971c23319dd4469", "https://github.com/in-toto/in-toto-golang/pull/462", "https://github.com/in-toto/in-toto-golang/security/advisories/GHSA-pmwq-pjrm-6p5r" ], "PublishedDate": "2026-05-08T22:24:19Z", "LastModifiedDate": "2026-05-08T22:24:19Z" }, { "VulnerabilityID": "CVE-2026-33811", "VendorIDs": [ "GO-2026-4981" ], "PkgID": "stdlib@v1.25.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.9", "UID": "2185fb41a98d095a" }, "InstalledVersion": "v1.25.9", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33811", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:8d5f60b665b4a4e797ae7260293cdffb084f11d2449ae9a068c83cbf719a0674", "Title": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME re ...", "Description": "When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash.", "Severity": "HIGH", "CweIDs": [ "CWE-415" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/767860", "https://go.dev/issue/78803", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33811", "https://pkg.go.dev/vuln/GO-2026-4981" ], "PublishedDate": "2026-05-07T20:16:42.77Z", "LastModifiedDate": "2026-05-12T20:23:02.333Z" }, { "VulnerabilityID": "CVE-2026-33814", "VendorIDs": [ "GO-2026-4918" ], "PkgID": "stdlib@v1.25.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.9", "UID": "2185fb41a98d095a" }, "InstalledVersion": "v1.25.9", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-33814", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:d1a5bda7c8fb647e11995cbfe0d7ebc67b9d91d2205270d54d4d51495c7195bf", "Title": "When processing HTTP/2 SETTINGS frames, transport will enter an infini ...", "Description": "When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0.", "Severity": "HIGH", "CweIDs": [ "CWE-835" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/761581", "https://go.dev/cl/761640", "https://go.dev/issue/78476", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-33814", "https://pkg.go.dev/vuln/GO-2026-4918" ], "PublishedDate": "2026-05-07T20:16:42.88Z", "LastModifiedDate": "2026-05-13T14:41:59.52Z" }, { "VulnerabilityID": "CVE-2026-39820", "VendorIDs": [ "GO-2026-4986" ], "PkgID": "stdlib@v1.25.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.9", "UID": "2185fb41a98d095a" }, "InstalledVersion": "v1.25.9", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39820", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:3a18b77a0f02a0839ca8dbbf52b3e12cb124b258c89755eefeb4de535300d265", "Title": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and Parse ...", "Description": "Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations.", "Severity": "HIGH", "CweIDs": [ "CWE-770" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/759940", "https://go.dev/issue/78566", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39820", "https://pkg.go.dev/vuln/GO-2026-4986" ], "PublishedDate": "2026-05-07T20:16:43.187Z", "LastModifiedDate": "2026-05-13T15:10:58.65Z" }, { "VulnerabilityID": "CVE-2026-39836", "VendorIDs": [ "GO-2026-4971" ], "PkgID": "stdlib@v1.25.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.9", "UID": "2185fb41a98d095a" }, "InstalledVersion": "v1.25.9", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39836", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:a641094dfe43212e9905fbfae6e8a333d7f50b6d419a47c577196e7949a46a41", "Title": "Panic in Dial and LookupPort when handling NUL byte on Windows in net", "Description": "The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0).", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "bitnami": 3, "nvd": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/775320", "https://go.dev/issue/79006", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39836", "https://pkg.go.dev/vuln/GO-2026-4971" ], "PublishedDate": "2026-05-07T20:16:43.593Z", "LastModifiedDate": "2026-05-13T15:11:10.31Z" }, { "VulnerabilityID": "CVE-2026-42499", "VendorIDs": [ "GO-2026-4977" ], "PkgID": "stdlib@v1.25.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.9", "UID": "2185fb41a98d095a" }, "InstalledVersion": "v1.25.9", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-42499", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:9dc6d05a7cc3763b85c687c3ca79b67a758379dcdc550cb0291e1ad6014547d4", "Title": "Pathological inputs could cause DoS through consumePhrase when parsing ...", "Description": "Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322.", "Severity": "HIGH", "VendorSeverity": { "bitnami": 3 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://go.dev/cl/771520", "https://go.dev/issue/78987", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-42499", "https://pkg.go.dev/vuln/GO-2026-4977" ], "PublishedDate": "2026-05-07T20:16:44.54Z", "LastModifiedDate": "2026-05-13T16:59:17.563Z" }, { "VulnerabilityID": "CVE-2026-39823", "VendorIDs": [ "GO-2026-4982" ], "PkgID": "stdlib@v1.25.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.9", "UID": "2185fb41a98d095a" }, "InstalledVersion": "v1.25.9", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39823", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:b0e0719cb0ecab391f08778fb48a2e3c16161a3a91fd3fd522b6a38dc1e9896b", "Title": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly ...", "Description": "CVE-2026-27142 fixed a vulnerability in which URLs were not correctly escaped inside of a \u003cmeta\u003e tag's \u003ccontent\u003e attribute. If the URL content were to insert ASCII whitespaces around the '=' rune inside of the \u003ccontent\u003e attribute, the escaper would fail to similarly escape it, leading to XSS.", "Severity": "MEDIUM", "CweIDs": [ "CWE-79" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/769920", "https://go.dev/issue/78913", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39823", "https://pkg.go.dev/vuln/GO-2026-4982" ], "PublishedDate": "2026-05-07T20:16:43.29Z", "LastModifiedDate": "2026-05-13T16:58:45.697Z" }, { "VulnerabilityID": "CVE-2026-39825", "VendorIDs": [ "GO-2026-4976" ], "PkgID": "stdlib@v1.25.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.9", "UID": "2185fb41a98d095a" }, "InstalledVersion": "v1.25.9", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39825", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:63c091901fbd4cc0cd5ae879356120748acdca2cc65c2ecbe8c3d6db21aaeb75", "Title": "ReverseProxy can forward queries containing parameters not visible to ...", "Description": "ReverseProxy can forward queries containing parameters not visible to Rewrite functions. When used with a Rewrite function, or a Director function which parses query parameters, ReverseProxy sanitizes the forwarded request to remove query parameters which are not parsed by url.ParseQuery. ReverseProxy does not take ParseQuery's limit on the total number of query parameters (controlled by GODEBUG=urlmaxqueryparams=N) into account. This can permit ReverseProxy to forward a request containing a query parameter that is not visible to the Rewrite function. For example, the query \"a1=x\u0026a2=x\u0026...\u0026a10000=x\u0026hidden=y\" can forward the parameter \"hidden=y\" while hiding it from the proxy's Rewrite function.", "Severity": "MEDIUM", "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "V3Score": 5.3 } }, "References": [ "https://go.dev/cl/770541", "https://go.dev/issue/78948", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39825", "https://pkg.go.dev/vuln/GO-2026-4976" ], "PublishedDate": "2026-05-07T20:16:43.39Z", "LastModifiedDate": "2026-05-13T16:58:56.39Z" }, { "VulnerabilityID": "CVE-2026-39826", "VendorIDs": [ "GO-2026-4980" ], "PkgID": "stdlib@v1.25.9", "PkgName": "stdlib", "PkgIdentifier": { "PURL": "pkg:golang/stdlib@v1.25.9", "UID": "2185fb41a98d095a" }, "InstalledVersion": "v1.25.9", "FixedVersion": "1.25.10, 1.26.3", "Status": "fixed", "Layer": { "Digest": "sha256:77ddeac46eeb3d87ab0054355549f983a62062944040cd4bb40bdeb502065042", "DiffID": "sha256:3c26c97d06c4df5564a77240106ca161e851be9dc66df663c9ea2a1664a8b463" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-39826", "DataSource": { "ID": "govulndb", "Name": "The Go Vulnerability Database", "URL": "https://pkg.go.dev/vuln/" }, "Fingerprint": "sha256:62270cd333928b960b17b3197d04c569edc40d9cca9827898c52dd4900615c34", "Title": "If a trusted template author were to write a \u003cscript\u003e tag containing a ...", "Description": "If a trusted template author were to write a \u003cscript\u003e tag containing an empty 'type' attribute or a 'type' attribute with an ASCII whitespace, the execution of the template would incorrectly escape any data passed into the \u003cscript\u003e block.", "Severity": "MEDIUM", "CweIDs": [ "CWE-116" ], "VendorSeverity": { "bitnami": 2 }, "CVSS": { "bitnami": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "V3Score": 6.1 } }, "References": [ "https://go.dev/cl/771180", "https://go.dev/issue/78981", "https://groups.google.com/g/golang-announce/c/qcCIEXso47M", "https://nvd.nist.gov/vuln/detail/CVE-2026-39826", "https://pkg.go.dev/vuln/GO-2026-4980" ], "PublishedDate": "2026-05-07T20:16:43.49Z", "LastModifiedDate": "2026-05-13T16:59:07.48Z" } ] } ] }, { "Namespace": "trivy", "Kind": "CronJob", "Name": "trivy-scan", "Metadata": [ { "Size": 50504704, "OS": { "Family": "alpine", "Name": "3.21.5" }, "ImageID": "sha256:1b6a05fecb7dedc83f13456cc8d9ddd6ab53be5303e386d819167c8986e36915", "DiffIDs": [ "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b", "sha256:6d4435bda110341f7737aecca319b193f2c984077bb0f202f1011f66f74129e7", "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9", "sha256:97dfed8fdc320612c2f64f4f25a3dea01c498bc5dc332ca05844dc5c55590fbd" ], "RepoTags": [ "python:3.12-alpine3.21" ], "RepoDigests": [ "python@sha256:d4f9227f21409479c7fe92288f2e40b1a56ae591c8ad3b5446dfeaef90f67857" ], "Reference": "python:3.12-alpine3.21", "ImageConfig": { "architecture": "amd64", "created": "2025-10-09T15:49:21Z", "history": [ { "created": "2025-10-08T11:06:42Z", "created_by": "ADD alpine-minirootfs-3.21.5-x86_64.tar.gz / # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-10-08T11:06:42Z", "created_by": "CMD [\"/bin/sh\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-10-09T15:49:21Z", "created_by": "ENV PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-10-09T15:49:21Z", "created_by": "ENV LANG=C.UTF-8", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-10-09T15:49:21Z", "created_by": "RUN /bin/sh -c set -eux; \tapk add --no-cache \t\tca-certificates \t\ttzdata \t; # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-10-09T15:49:21Z", "created_by": "ENV GPG_KEY=7169605F62C751356D054A26A821E680E5FA6305", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-10-09T15:49:21Z", "created_by": "ENV PYTHON_VERSION=3.12.12", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-10-09T15:49:21Z", "created_by": "ENV PYTHON_SHA256=fb85a13414b028c49ba18bbd523c2d055a30b56b18b92ce454ea2c51edc656c4", "comment": "buildkit.dockerfile.v0", "empty_layer": true }, { "created": "2025-10-09T15:49:21Z", "created_by": "RUN /bin/sh -c set -eux; \t\tapk add --no-cache --virtual .build-deps \t\tbluez-dev \t\tbzip2-dev \t\tdpkg-dev dpkg \t\tfindutils \t\tgcc \t\tgdbm-dev \t\tgnupg \t\tlibc-dev \t\tlibffi-dev \t\tlibnsl-dev \t\tlibtirpc-dev \t\tlinux-headers \t\tmake \t\tncurses-dev \t\topenssl-dev \t\tpax-utils \t\treadline-dev \t\tsqlite-dev \t\ttar \t\ttcl-dev \t\ttk \t\ttk-dev \t\tutil-linux-dev \t\txz \t\txz-dev \t\tzlib-dev \t; \t\twget -O python.tar.xz \"https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz\"; \techo \"$PYTHON_SHA256 *python.tar.xz\" | sha256sum -c -; \twget -O python.tar.xz.asc \"https://www.python.org/ftp/python/${PYTHON_VERSION%%[a-z]*}/Python-$PYTHON_VERSION.tar.xz.asc\"; \tGNUPGHOME=\"$(mktemp -d)\"; export GNUPGHOME; \tgpg --batch --keyserver hkps://keys.openpgp.org --recv-keys \"$GPG_KEY\"; \tgpg --batch --verify python.tar.xz.asc python.tar.xz; \tgpgconf --kill all; \trm -rf \"$GNUPGHOME\" python.tar.xz.asc; \tmkdir -p /usr/src/python; \ttar --extract --directory /usr/src/python --strip-components=1 --file python.tar.xz; \trm python.tar.xz; \t\tcd /usr/src/python; \tgnuArch=\"$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)\"; \t./configure \t\t--build=\"$gnuArch\" \t\t--enable-loadable-sqlite-extensions \t\t--enable-option-checking=fatal \t\t--enable-shared \t\t$(test \"${gnuArch%%-*}\" != 'riscv64' \u0026\u0026 echo '--with-lto') \t\t--with-ensurepip \t; \tnproc=\"$(nproc)\"; \tEXTRA_CFLAGS=\"-DTHREAD_STACK_SIZE=0x100000\"; \tLDFLAGS=\"${LDFLAGS:--Wl},--strip-all\"; \t\tarch=\"$(apk --print-arch)\"; \t\tcase \"$arch\" in \t\t\tx86_64|aarch64) \t\t\t\tEXTRA_CFLAGS=\"${EXTRA_CFLAGS:-} -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer\"; \t\t\t\t;; \t\t\tx86) \t\t\t\t;; \t\t\t*) \t\t\t\tEXTRA_CFLAGS=\"${EXTRA_CFLAGS:-} -fno-omit-frame-pointer\"; \t\t\t\t;; \t\tesac; \tmake -j \"$nproc\" \t\t\"EXTRA_CFLAGS=${EXTRA_CFLAGS:-}\" \t\t\"LDFLAGS=${LDFLAGS:-}\" \t; \trm python; \tmake -j \"$nproc\" \t\t\"EXTRA_CFLAGS=${EXTRA_CFLAGS:-}\" \t\t\"LDFLAGS=${LDFLAGS:--Wl},-rpath='\\$\\$ORIGIN/../lib'\" \t\tpython \t; \tmake install; \t\tcd /; \trm -rf /usr/src/python; \t\tfind /usr/local -depth \t\t\\( \t\t\t\\( -type d -a \\( -name test -o -name tests -o -name idle_test \\) \\) \t\t\t-o \\( -type f -a \\( -name '*.pyc' -o -name '*.pyo' -o -name 'libpython*.a' \\) \\) \t\t\\) -exec rm -rf '{}' + \t; \t\tfind /usr/local -type f -executable -not \\( -name '*tkinter*' \\) -exec scanelf --needed --nobanner --format '%n#p' '{}' ';' \t\t| tr ',' '\\n' \t\t| sort -u \t\t| awk 'system(\"[ -e /usr/local/lib/\" $1 \" ]\") == 0 { next } { print \"so:\" $1 }' \t\t| xargs -rt apk add --no-network --virtual .python-rundeps \t; \tapk del --no-network .build-deps; \t\texport PYTHONDONTWRITEBYTECODE=1; \tpython3 --version; \tpip3 --version # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-10-09T15:49:21Z", "created_by": "RUN /bin/sh -c set -eux; \tfor src in idle3 pip3 pydoc3 python3 python3-config; do \t\tdst=\"$(echo \"$src\" | tr -d 3)\"; \t\t[ -s \"/usr/local/bin/$src\" ]; \t\t[ ! -e \"/usr/local/bin/$dst\" ]; \t\tln -svT \"$src\" \"/usr/local/bin/$dst\"; \tdone # buildkit", "comment": "buildkit.dockerfile.v0" }, { "created": "2025-10-09T15:49:21Z", "created_by": "CMD [\"python3\"]", "comment": "buildkit.dockerfile.v0", "empty_layer": true } ], "os": "linux", "rootfs": { "type": "layers", "diff_ids": [ "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b", "sha256:6d4435bda110341f7737aecca319b193f2c984077bb0f202f1011f66f74129e7", "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9", "sha256:97dfed8fdc320612c2f64f4f25a3dea01c498bc5dc332ca05844dc5c55590fbd" ] }, "config": { "Cmd": [ "python3" ], "Env": [ "PATH=/usr/local/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", "LANG=C.UTF-8", "GPG_KEY=7169605F62C751356D054A26A821E680E5FA6305", "PYTHON_VERSION=3.12.12", "PYTHON_SHA256=fb85a13414b028c49ba18bbd523c2d055a30b56b18b92ce454ea2c51edc656c4" ], "WorkingDir": "/" } }, "Layers": [ { "Size": 8117760, "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" }, { "Size": 1676288, "Digest": "sha256:2e4c45faf316c45eb1b02cc0c7e3b4c25a3584c52c3fc6e1c540fda517bfddd5", "DiffID": "sha256:6d4435bda110341f7737aecca319b193f2c984077bb0f202f1011f66f74129e7" }, { "Size": 40705536, "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" }, { "Size": 5120, "Digest": "sha256:5bb875b37f265fbc80ba641245a01eceb6b761e9fbf2ecc408ac218339139bd5", "DiffID": "sha256:97dfed8fdc320612c2f64f4f25a3dea01c498bc5dc332ca05844dc5c55590fbd" } ] } ], "Results": [ { "Target": "python:3.12-alpine3.21 (alpine 3.21.5)", "Class": "os-pkgs", "Type": "alpine", "Packages": [ { "ID": ".python-rundeps@20251009.223744", "Name": ".python-rundeps", "Identifier": { "PURL": "pkg:apk/alpine/.python-rundeps@20251009.223744?arch=noarch\u0026distro=3.21.5", "UID": "89249f3f0dfa2450" }, "Version": "20251009.223744", "Arch": "noarch", "DependsOn": [ "gdbm@1.24-r0", "libbz2@1.0.8-r6", "libcrypto3@3.3.5-r0", "libffi@3.4.7-r0", "libncursesw@6.5_p20241006-r3", "libnsl@2.0.1-r0", "libpanelw@6.5_p20241006-r3", "libssl3@3.3.5-r0", "libtirpc@1.3.5-r0", "libuuid@2.40.4-r1", "musl@1.2.5-r9", "readline@8.2.13-r0", "sqlite-libs@3.48.0-r4", "xz-libs@5.6.3-r1", "zlib@1.3.1-r2" ], "Layer": { "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" }, "Digest": "sha1:9048b25a36292f5a93d8af024af7422615f4abad", "AnalyzedBy": "apk" }, { "ID": "alpine-baselayout@3.6.8-r1", "Name": "alpine-baselayout", "Identifier": { "PURL": "pkg:apk/alpine/alpine-baselayout@3.6.8-r1?arch=x86_64\u0026distro=3.21.5", "UID": "488bbcabff990e76" }, "Version": "3.6.8-r1", "Arch": "x86_64", "SrcName": "alpine-baselayout", "SrcVersion": "3.6.8-r1", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "alpine-baselayout-data@3.6.8-r1", "busybox-binsh@1.37.0-r13" ], "Layer": { "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" }, "Digest": "sha1:eceb5e3555e7f7f8925dc248d557fcc744d573d6", "InstalledFiles": [ "etc/motd", "etc/crontabs/root", "etc/modprobe.d/aliases.conf", "etc/modprobe.d/blacklist.conf", "etc/modprobe.d/i386.conf", "etc/modprobe.d/kms.conf", "etc/profile.d/20locale.sh", "etc/profile.d/README", "etc/profile.d/color_prompt.sh.disabled", "usr/lib/sysctl.d/00-alpine.conf", "var/lock", "var/run", "var/spool/mail", "var/spool/cron/crontabs" ], "AnalyzedBy": "apk" }, { "ID": "alpine-baselayout-data@3.6.8-r1", "Name": "alpine-baselayout-data", "Identifier": { "PURL": "pkg:apk/alpine/alpine-baselayout-data@3.6.8-r1?arch=x86_64\u0026distro=3.21.5", "UID": "a35ff814457b106b" }, "Version": "3.6.8-r1", "Arch": "x86_64", "SrcName": "alpine-baselayout", "SrcVersion": "3.6.8-r1", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" }, "Digest": "sha1:7979a835bc317cedb997d3a42f3b10be86a8d18a", "InstalledFiles": [ "etc/fstab", "etc/group", "etc/hostname", "etc/hosts", "etc/inittab", "etc/modules", "etc/mtab", "etc/nsswitch.conf", "etc/passwd", "etc/profile", "etc/protocols", "etc/services", "etc/shadow", "etc/shells", "etc/sysctl.conf" ], "AnalyzedBy": "apk" }, { "ID": "alpine-keys@2.5-r0", "Name": "alpine-keys", "Identifier": { "PURL": "pkg:apk/alpine/alpine-keys@2.5-r0?arch=x86_64\u0026distro=3.21.5", "UID": "e87ecc7343d144e0" }, "Version": "2.5-r0", "Arch": "x86_64", "SrcName": "alpine-keys", "SrcVersion": "2.5-r0", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" }, "Digest": "sha1:91014bfdba0e7f7b4505159466e9f19871606a59", "InstalledFiles": [ "etc/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", "etc/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", "usr/share/apk/keys/alpine-devel@lists.alpinelinux.org-66ba20fe.rsa.pub", "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-58199dcc.rsa.pub", "usr/share/apk/keys/aarch64/alpine-devel@lists.alpinelinux.org-616ae350.rsa.pub", "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", "usr/share/apk/keys/armhf/alpine-devel@lists.alpinelinux.org-616a9724.rsa.pub", "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub", "usr/share/apk/keys/armv7/alpine-devel@lists.alpinelinux.org-616adfeb.rsa.pub", "usr/share/apk/keys/loongarch64/alpine-devel@lists.alpinelinux.org-66ba20fe.rsa.pub", "usr/share/apk/keys/mips64/alpine-devel@lists.alpinelinux.org-5e69ca50.rsa.pub", "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-58cbb476.rsa.pub", "usr/share/apk/keys/ppc64le/alpine-devel@lists.alpinelinux.org-616abc23.rsa.pub", "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-60ac2099.rsa.pub", "usr/share/apk/keys/riscv64/alpine-devel@lists.alpinelinux.org-616db30d.rsa.pub", "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-58e4f17d.rsa.pub", "usr/share/apk/keys/s390x/alpine-devel@lists.alpinelinux.org-616ac3bc.rsa.pub", "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub", "usr/share/apk/keys/x86/alpine-devel@lists.alpinelinux.org-61666e3f.rsa.pub", "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub", "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub", "usr/share/apk/keys/x86_64/alpine-devel@lists.alpinelinux.org-6165ee59.rsa.pub" ], "AnalyzedBy": "apk" }, { "ID": "alpine-release@3.21.5-r0", "Name": "alpine-release", "Identifier": { "PURL": "pkg:apk/alpine/alpine-release@3.21.5-r0?arch=x86_64\u0026distro=3.21.5", "UID": "5f453612d66d3774" }, "Version": "3.21.5-r0", "Arch": "x86_64", "SrcName": "alpine-base", "SrcVersion": "3.21.5-r0", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "alpine-keys@2.5-r0" ], "Layer": { "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" }, "Digest": "sha1:17fc4cd975359564a4cedfc75de2bbc1c121d0fa", "InstalledFiles": [ "etc/alpine-release", "etc/issue", "etc/os-release", "etc/secfixes.d/alpine", "usr/lib/os-release" ], "AnalyzedBy": "apk" }, { "ID": "apk-tools@2.14.6-r3", "Name": "apk-tools", "Identifier": { "PURL": "pkg:apk/alpine/apk-tools@2.14.6-r3?arch=x86_64\u0026distro=3.21.5", "UID": "c5364b2cfe848b91" }, "Version": "2.14.6-r3", "Arch": "x86_64", "SrcName": "apk-tools", "SrcVersion": "2.14.6-r3", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "ca-certificates-bundle@20250911-r0", "libcrypto3@3.3.5-r0", "libssl3@3.3.5-r0", "musl@1.2.5-r9", "zlib@1.3.1-r2" ], "Layer": { "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" }, "Digest": "sha1:9704358d1b44fa771e0a0a3a527d8a26830e3eba", "InstalledFiles": [ "sbin/apk", "usr/lib/libapk.so.2.14.0" ], "AnalyzedBy": "apk" }, { "ID": "busybox@1.37.0-r13", "Name": "busybox", "Identifier": { "PURL": "pkg:apk/alpine/busybox@1.37.0-r13?arch=x86_64\u0026distro=3.21.5", "UID": "8fda363a8f5a07b1" }, "Version": "1.37.0-r13", "Arch": "x86_64", "SrcName": "busybox", "SrcVersion": "1.37.0-r13", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" }, "Digest": "sha1:8540c848721426856761fe719d4af87212c0809e", "InstalledFiles": [ "bin/busybox", "etc/securetty", "etc/busybox-paths.d/busybox", "etc/logrotate.d/acpid", "etc/network/if-up.d/dad", "etc/udhcpc/udhcpc.conf", "usr/share/udhcpc/default.script" ], "AnalyzedBy": "apk" }, { "ID": "busybox-binsh@1.37.0-r13", "Name": "busybox-binsh", "Identifier": { "PURL": "pkg:apk/alpine/busybox-binsh@1.37.0-r13?arch=x86_64\u0026distro=3.21.5", "UID": "cb91567fa5d7f91d" }, "Version": "1.37.0-r13", "Arch": "x86_64", "SrcName": "busybox", "SrcVersion": "1.37.0-r13", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", "DependsOn": [ "busybox@1.37.0-r13" ], "Layer": { "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" }, "Digest": "sha1:c6fb712fe218a91441c3c93af8320da9d41725d9", "InstalledFiles": [ "bin/sh" ], "AnalyzedBy": "apk" }, { "ID": "ca-certificates@20250911-r0", "Name": "ca-certificates", "Identifier": { "PURL": "pkg:apk/alpine/ca-certificates@20250911-r0?arch=x86_64\u0026distro=3.21.5", "UID": "4430103926921dfa" }, "Version": "20250911-r0", "Arch": "x86_64", "SrcName": "ca-certificates", "SrcVersion": "20250911-r0", "Licenses": [ "MPL-2.0", "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "busybox-binsh@1.37.0-r13", "libcrypto3@3.3.5-r0", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:2e4c45faf316c45eb1b02cc0c7e3b4c25a3584c52c3fc6e1c540fda517bfddd5", "DiffID": "sha256:6d4435bda110341f7737aecca319b193f2c984077bb0f202f1011f66f74129e7" }, "Digest": "sha1:cfc09a91ee9238553277ed988779162b9e45a457", "InstalledFiles": [ "etc/ca-certificates.conf", "etc/apk/protected_paths.d/ca-certificates.list", "etc/ca-certificates/update.d/certhash", "usr/bin/c_rehash", "usr/sbin/update-ca-certificates", "usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt", "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM.crt", "usr/share/ca-certificates/mozilla/AC_RAIZ_FNMT-RCM_SERVIDORES_SEGUROS.crt", "usr/share/ca-certificates/mozilla/ANF_Secure_Server_Root_CA.crt", "usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt", "usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_1.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_2.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_3.crt", "usr/share/ca-certificates/mozilla/Amazon_Root_CA_4.crt", "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt", "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_ECC_TLS_2021.crt", "usr/share/ca-certificates/mozilla/Atos_TrustedRoot_Root_CA_RSA_TLS_2021.crt", "usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt", "usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA1.crt", "usr/share/ca-certificates/mozilla/BJCA_Global_Root_CA2.crt", "usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt", "usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt", "usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt", "usr/share/ca-certificates/mozilla/CFCA_EV_ROOT.crt", "usr/share/ca-certificates/mozilla/COMODO_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/COMODO_ECC_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/COMODO_RSA_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Certainly_Root_E1.crt", "usr/share/ca-certificates/mozilla/Certainly_Root_R1.crt", "usr/share/ca-certificates/mozilla/Certigna.crt", "usr/share/ca-certificates/mozilla/Certigna_Root_CA.crt", "usr/share/ca-certificates/mozilla/Certum_EC-384_CA.crt", "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA.crt", "usr/share/ca-certificates/mozilla/Certum_Trusted_Network_CA_2.crt", "usr/share/ca-certificates/mozilla/Certum_Trusted_Root_CA.crt", "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-01.crt", "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_ECC_Root-02.crt", "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-01.crt", "usr/share/ca-certificates/mozilla/CommScope_Public_Trust_RSA_Root-02.crt", "usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_1_2020.crt", "usr/share/ca-certificates/mozilla/D-TRUST_BR_Root_CA_2_2023.crt", "usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_1_2020.crt", "usr/share/ca-certificates/mozilla/D-TRUST_EV_Root_CA_2_2023.crt", "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_2009.crt", "usr/share/ca-certificates/mozilla/D-TRUST_Root_Class_3_CA_2_EV_2009.crt", "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_CA.crt", "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G2.crt", "usr/share/ca-certificates/mozilla/DigiCert_Assured_ID_Root_G3.crt", "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_CA.crt", "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G2.crt", "usr/share/ca-certificates/mozilla/DigiCert_Global_Root_G3.crt", "usr/share/ca-certificates/mozilla/DigiCert_High_Assurance_EV_Root_CA.crt", "usr/share/ca-certificates/mozilla/DigiCert_TLS_ECC_P384_Root_G5.crt", "usr/share/ca-certificates/mozilla/DigiCert_TLS_RSA4096_Root_G5.crt", "usr/share/ca-certificates/mozilla/DigiCert_Trusted_Root_G4.crt", "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_EC1.crt", "usr/share/ca-certificates/mozilla/Entrust_Root_Certification_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/FIRMAPROFESIONAL_CA_ROOT-A_WEB.crt", "usr/share/ca-certificates/mozilla/GDCA_TrustAUTH_R5_ROOT.crt", "usr/share/ca-certificates/mozilla/GLOBALTRUST_2020.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R1.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R2.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R3.crt", "usr/share/ca-certificates/mozilla/GTS_Root_R4.crt", "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R4.crt", "usr/share/ca-certificates/mozilla/GlobalSign_ECC_Root_CA_-_R5.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R3.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_CA_-_R6.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_E46.crt", "usr/share/ca-certificates/mozilla/GlobalSign_Root_R46.crt", "usr/share/ca-certificates/mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/HARICA_TLS_ECC_Root_CA_2021.crt", "usr/share/ca-certificates/mozilla/HARICA_TLS_RSA_Root_CA_2021.crt", "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_ECC_RootCA_2015.crt", "usr/share/ca-certificates/mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2015.crt", "usr/share/ca-certificates/mozilla/HiPKI_Root_CA_-_G1.crt", "usr/share/ca-certificates/mozilla/Hongkong_Post_Root_CA_3.crt", "usr/share/ca-certificates/mozilla/ISRG_Root_X1.crt", "usr/share/ca-certificates/mozilla/ISRG_Root_X2.crt", "usr/share/ca-certificates/mozilla/IdenTrust_Commercial_Root_CA_1.crt", "usr/share/ca-certificates/mozilla/IdenTrust_Public_Sector_Root_CA_1.crt", "usr/share/ca-certificates/mozilla/Izenpe.com.crt", "usr/share/ca-certificates/mozilla/Microsec_e-Szigno_Root_CA_2009.crt", "usr/share/ca-certificates/mozilla/Microsoft_ECC_Root_Certificate_Authority_2017.crt", "usr/share/ca-certificates/mozilla/Microsoft_RSA_Root_Certificate_Authority_2017.crt", "usr/share/ca-certificates/mozilla/NAVER_Global_Root_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt", "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GB_CA.crt", "usr/share/ca-certificates/mozilla/OISTE_WISeKey_Global_Root_GC_CA.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_1_G3.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_2_G3.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3.crt", "usr/share/ca-certificates/mozilla/QuoVadis_Root_CA_3_G3.crt", "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_ECC.crt", "usr/share/ca-certificates/mozilla/SSL.com_EV_Root_Certification_Authority_RSA_R2.crt", "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_ECC.crt", "usr/share/ca-certificates/mozilla/SSL.com_Root_Certification_Authority_RSA.crt", "usr/share/ca-certificates/mozilla/SSL.com_TLS_ECC_Root_CA_2022.crt", "usr/share/ca-certificates/mozilla/SSL.com_TLS_RSA_Root_CA_2022.crt", "usr/share/ca-certificates/mozilla/SZAFIR_ROOT_CA2.crt", "usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_E46.crt", "usr/share/ca-certificates/mozilla/Sectigo_Public_Server_Authentication_Root_R46.crt", "usr/share/ca-certificates/mozilla/SecureSign_Root_CA12.crt", "usr/share/ca-certificates/mozilla/SecureSign_Root_CA14.crt", "usr/share/ca-certificates/mozilla/SecureSign_Root_CA15.crt", "usr/share/ca-certificates/mozilla/SecureTrust_CA.crt", "usr/share/ca-certificates/mozilla/Secure_Global_CA.crt", "usr/share/ca-certificates/mozilla/Security_Communication_ECC_RootCA1.crt", "usr/share/ca-certificates/mozilla/Security_Communication_RootCA2.crt", "usr/share/ca-certificates/mozilla/Starfield_Root_Certificate_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt", "usr/share/ca-certificates/mozilla/SwissSign_Gold_CA_-_G2.crt", "usr/share/ca-certificates/mozilla/SwissSign_RSA_TLS_Root_CA_2022_-_1.crt", "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_2.crt", "usr/share/ca-certificates/mozilla/T-TeleSec_GlobalRoot_Class_3.crt", "usr/share/ca-certificates/mozilla/TUBITAK_Kamu_SM_SSL_Kok_Sertifikasi_-_Surum_1.crt", "usr/share/ca-certificates/mozilla/TWCA_CYBER_Root_CA.crt", "usr/share/ca-certificates/mozilla/TWCA_Global_Root_CA.crt", "usr/share/ca-certificates/mozilla/TWCA_Root_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Telekom_Security_TLS_ECC_Root_2020.crt", "usr/share/ca-certificates/mozilla/Telekom_Security_TLS_RSA_Root_2023.crt", "usr/share/ca-certificates/mozilla/TeliaSonera_Root_CA_v1.crt", "usr/share/ca-certificates/mozilla/Telia_Root_CA_v2.crt", "usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G3.crt", "usr/share/ca-certificates/mozilla/TrustAsia_Global_Root_CA_G4.crt", "usr/share/ca-certificates/mozilla/TrustAsia_TLS_ECC_Root_CA.crt", "usr/share/ca-certificates/mozilla/TrustAsia_TLS_RSA_Root_CA.crt", "usr/share/ca-certificates/mozilla/Trustwave_Global_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P256_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/Trustwave_Global_ECC_P384_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/TunTrust_Root_CA.crt", "usr/share/ca-certificates/mozilla/UCA_Extended_Validation_Root.crt", "usr/share/ca-certificates/mozilla/UCA_Global_G2_Root.crt", "usr/share/ca-certificates/mozilla/USERTrust_ECC_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/USERTrust_RSA_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/certSIGN_ROOT_CA.crt", "usr/share/ca-certificates/mozilla/certSIGN_Root_CA_G2.crt", "usr/share/ca-certificates/mozilla/e-Szigno_Root_CA_2017.crt", "usr/share/ca-certificates/mozilla/ePKI_Root_Certification_Authority.crt", "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_C3.crt", "usr/share/ca-certificates/mozilla/emSign_ECC_Root_CA_-_G3.crt", "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_C1.crt", "usr/share/ca-certificates/mozilla/emSign_Root_CA_-_G1.crt", "usr/share/ca-certificates/mozilla/vTrus_ECC_Root_CA.crt", "usr/share/ca-certificates/mozilla/vTrus_Root_CA.crt" ], "AnalyzedBy": "apk" }, { "ID": "ca-certificates-bundle@20250911-r0", "Name": "ca-certificates-bundle", "Identifier": { "PURL": "pkg:apk/alpine/ca-certificates-bundle@20250911-r0?arch=x86_64\u0026distro=3.21.5", "UID": "bd747ea9500caca2" }, "Version": "20250911-r0", "Arch": "x86_64", "SrcName": "ca-certificates", "SrcVersion": "20250911-r0", "Licenses": [ "MPL-2.0", "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" }, "Digest": "sha1:2c8ae30112c2bcd07e1a9d44f0ff64a7286cdabc", "InstalledFiles": [ "etc/ssl/cert.pem", "etc/ssl/certs/ca-certificates.crt", "etc/ssl1.1/cert.pem", "etc/ssl1.1/certs" ], "AnalyzedBy": "apk" }, { "ID": "gdbm@1.24-r0", "Name": "gdbm", "Identifier": { "PURL": "pkg:apk/alpine/gdbm@1.24-r0?arch=x86_64\u0026distro=3.21.5", "UID": "16187e1189640a5f" }, "Version": "1.24-r0", "Arch": "x86_64", "SrcName": "gdbm", "SrcVersion": "1.24-r0", "Licenses": [ "GPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" }, "Digest": "sha1:06876a4fe8da5ca1e5930daa08aaf90629c35074", "InstalledFiles": [ "usr/lib/libgdbm.so.6", "usr/lib/libgdbm.so.6.0.0", "usr/lib/libgdbm_compat.so.4", "usr/lib/libgdbm_compat.so.4.0.0" ], "AnalyzedBy": "apk" }, { "ID": "keyutils-libs@1.6.3-r4", "Name": "keyutils-libs", "Identifier": { "PURL": "pkg:apk/alpine/keyutils-libs@1.6.3-r4?arch=x86_64\u0026distro=3.21.5", "UID": "5818e21637d6b797" }, "Version": "1.6.3-r4", "Arch": "x86_64", "SrcName": "keyutils", "SrcVersion": "1.6.3-r4", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" }, "Digest": "sha1:128ea507e8ce17fd70c5ec18f8581633dac01a66", "InstalledFiles": [ "usr/lib/libkeyutils.so.1", "usr/lib/libkeyutils.so.1.10" ], "AnalyzedBy": "apk" }, { "ID": "krb5-conf@1.0-r2", "Name": "krb5-conf", "Identifier": { "PURL": "pkg:apk/alpine/krb5-conf@1.0-r2?arch=x86_64\u0026distro=3.21.5", "UID": "9273a2b8d3ad3c52" }, "Version": "1.0-r2", "Arch": "x86_64", "SrcName": "krb5-conf", "SrcVersion": "1.0-r2", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" }, "Digest": "sha1:bd3748a2e1d04eaea8668277f2540249decf38b0", "InstalledFiles": [ "etc/krb5.conf" ], "AnalyzedBy": "apk" }, { "ID": "krb5-libs@1.21.3-r0", "Name": "krb5-libs", "Identifier": { "PURL": "pkg:apk/alpine/krb5-libs@1.21.3-r0?arch=x86_64\u0026distro=3.21.5", "UID": "4453bf7797342d0d" }, "Version": "1.21.3-r0", "Arch": "x86_64", "SrcName": "krb5", "SrcVersion": "1.21.3-r0", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "keyutils-libs@1.6.3-r4", "krb5-conf@1.0-r2", "libcom_err@1.47.1-r1", "libcrypto3@3.3.5-r0", "libssl3@3.3.5-r0", "libverto@0.3.2-r2", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" }, "Digest": "sha1:8da452f1ff426ddb0c8d6f62ad3f0201980d20fe", "InstalledFiles": [ "usr/lib/libgssapi_krb5.so.2", "usr/lib/libgssapi_krb5.so.2.2", "usr/lib/libgssrpc.so.4", "usr/lib/libgssrpc.so.4.2", "usr/lib/libk5crypto.so.3", "usr/lib/libk5crypto.so.3.1", "usr/lib/libkadm5clnt_mit.so.12", "usr/lib/libkadm5clnt_mit.so.12.0", "usr/lib/libkadm5srv_mit.so.12", "usr/lib/libkadm5srv_mit.so.12.0", "usr/lib/libkdb5.so.10", "usr/lib/libkdb5.so.10.0", "usr/lib/libkrad.so.0", "usr/lib/libkrad.so.0.0", "usr/lib/libkrb5.so.3", "usr/lib/libkrb5.so.3.3", "usr/lib/libkrb5support.so.0", "usr/lib/libkrb5support.so.0.1", "usr/lib/krb5/plugins/kdb/db2.so", "usr/lib/krb5/plugins/preauth/otp.so", "usr/lib/krb5/plugins/preauth/spake.so", "usr/lib/krb5/plugins/preauth/test.so", "usr/lib/krb5/plugins/tls/k5tls.so" ], "AnalyzedBy": "apk" }, { "ID": "libbz2@1.0.8-r6", "Name": "libbz2", "Identifier": { "PURL": "pkg:apk/alpine/libbz2@1.0.8-r6?arch=x86_64\u0026distro=3.21.5", "UID": "68ca16760186f1f7" }, "Version": "1.0.8-r6", "Arch": "x86_64", "SrcName": "bzip2", "SrcVersion": "1.0.8-r6", "Licenses": [ "bzip-2-1.0.6" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" }, "Digest": "sha1:54f88b518e92e39616f55bff21e0c3c1eec44446", "InstalledFiles": [ "usr/lib/libbz2.so.1", "usr/lib/libbz2.so.1.0.8" ], "AnalyzedBy": "apk" }, { "ID": "libcom_err@1.47.1-r1", "Name": "libcom_err", "Identifier": { "PURL": "pkg:apk/alpine/libcom_err@1.47.1-r1?arch=x86_64\u0026distro=3.21.5", "UID": "9ea7f0ab0731d03d" }, "Version": "1.47.1-r1", "Arch": "x86_64", "SrcName": "e2fsprogs", "SrcVersion": "1.47.1-r1", "Licenses": [ "GPL-2.0-or-later", "LGPL-2.0-or-later", "BSD-3-Clause", "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" }, "Digest": "sha1:fadca43c547e85389b2b11af9197aa8562e9ea45", "InstalledFiles": [ "usr/lib/libcom_err.so.2", "usr/lib/libcom_err.so.2.1" ], "AnalyzedBy": "apk" }, { "ID": "libcrypto3@3.3.5-r0", "Name": "libcrypto3", "Identifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.5-r0?arch=x86_64\u0026distro=3.21.5", "UID": "15bbec8716141e63" }, "Version": "3.3.5-r0", "Arch": "x86_64", "SrcName": "openssl", "SrcVersion": "3.3.5-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" }, "Digest": "sha1:58660d06cbe9b18680a8d6856f20d788b1732347", "InstalledFiles": [ "etc/ssl/ct_log_list.cnf", "etc/ssl/ct_log_list.cnf.dist", "etc/ssl/openssl.cnf", "etc/ssl/openssl.cnf.dist", "usr/lib/libcrypto.so.3", "usr/lib/engines-3/afalg.so", "usr/lib/engines-3/capi.so", "usr/lib/engines-3/loader_attic.so", "usr/lib/engines-3/padlock.so", "usr/lib/ossl-modules/legacy.so" ], "AnalyzedBy": "apk" }, { "ID": "libffi@3.4.7-r0", "Name": "libffi", "Identifier": { "PURL": "pkg:apk/alpine/libffi@3.4.7-r0?arch=x86_64\u0026distro=3.21.5", "UID": "f8faa7473f2fb614" }, "Version": "3.4.7-r0", "Arch": "x86_64", "SrcName": "libffi", "SrcVersion": "3.4.7-r0", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" }, "Digest": "sha1:1e1f0d2d6f18a06f48d3b34d0bbddbfe7c77e23a", "InstalledFiles": [ "usr/lib/libffi.so.8", "usr/lib/libffi.so.8.1.4" ], "AnalyzedBy": "apk" }, { "ID": "libintl@0.22.5-r0", "Name": "libintl", "Identifier": { "PURL": "pkg:apk/alpine/libintl@0.22.5-r0?arch=x86_64\u0026distro=3.21.5", "UID": "8042f9b62820ffd5" }, "Version": "0.22.5-r0", "Arch": "x86_64", "SrcName": "gettext", "SrcVersion": "0.22.5-r0", "Licenses": [ "LGPL-2.1-or-later" ], "Maintainer": "Carlo Landmeter \u003cclandmeter@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" }, "Digest": "sha1:c3f183a55f73801890303634540cf1c84530cc17", "InstalledFiles": [ "usr/lib/libintl.so.8", "usr/lib/libintl.so.8.4.0" ], "AnalyzedBy": "apk" }, { "ID": "libncursesw@6.5_p20241006-r3", "Name": "libncursesw", "Identifier": { "PURL": "pkg:apk/alpine/libncursesw@6.5_p20241006-r3?arch=x86_64\u0026distro=3.21.5", "UID": "75cdd41a72db6f1" }, "Version": "6.5_p20241006-r3", "Arch": "x86_64", "SrcName": "ncurses", "SrcVersion": "6.5_p20241006-r3", "Licenses": [ "X-11" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9", "ncurses-terminfo-base@6.5_p20241006-r3" ], "Layer": { "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" }, "Digest": "sha1:1f4a0b567990a75699de992aa91da75bad914a57", "InstalledFiles": [ "usr/lib/libncursesw.so.6", "usr/lib/libncursesw.so.6.5" ], "AnalyzedBy": "apk" }, { "ID": "libnsl@2.0.1-r0", "Name": "libnsl", "Identifier": { "PURL": "pkg:apk/alpine/libnsl@2.0.1-r0?arch=x86_64\u0026distro=3.21.5", "UID": "9057250f5191ae3a" }, "Version": "2.0.1-r0", "Arch": "x86_64", "SrcName": "libnsl", "SrcVersion": "2.0.1-r0", "Licenses": [ "LGPL-2.0-or-later" ], "Maintainer": "Valery Kartel \u003cvalery.kartel@gmail.com\u003e", "DependsOn": [ "libintl@0.22.5-r0", "libtirpc@1.3.5-r0", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" }, "Digest": "sha1:3a613a31b8318cd70b67c824c0ba76b236401bbd", "InstalledFiles": [ "usr/lib/libnsl.so.3", "usr/lib/libnsl.so.3.0.0" ], "AnalyzedBy": "apk" }, { "ID": "libpanelw@6.5_p20241006-r3", "Name": "libpanelw", "Identifier": { "PURL": "pkg:apk/alpine/libpanelw@6.5_p20241006-r3?arch=x86_64\u0026distro=3.21.5", "UID": "bc19a00a809b43ea" }, "Version": "6.5_p20241006-r3", "Arch": "x86_64", "SrcName": "ncurses", "SrcVersion": "6.5_p20241006-r3", "Licenses": [ "X-11" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libncursesw@6.5_p20241006-r3", "musl@1.2.5-r9", "ncurses-terminfo-base@6.5_p20241006-r3" ], "Layer": { "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" }, "Digest": "sha1:b7928b751d482d3ee192ef1cb0f4b8de1baa0b20", "InstalledFiles": [ "usr/lib/libpanelw.so.6", "usr/lib/libpanelw.so.6.5" ], "AnalyzedBy": "apk" }, { "ID": "libssl3@3.3.5-r0", "Name": "libssl3", "Identifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.5-r0?arch=x86_64\u0026distro=3.21.5", "UID": "4587120bb4626f4e" }, "Version": "3.3.5-r0", "Arch": "x86_64", "SrcName": "openssl", "SrcVersion": "3.3.5-r0", "Licenses": [ "Apache-2.0" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libcrypto3@3.3.5-r0", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" }, "Digest": "sha1:6d1b46956b699923dfc7b5217178bc44c090d14d", "InstalledFiles": [ "usr/lib/libssl.so.3" ], "AnalyzedBy": "apk" }, { "ID": "libtirpc@1.3.5-r0", "Name": "libtirpc", "Identifier": { "PURL": "pkg:apk/alpine/libtirpc@1.3.5-r0?arch=x86_64\u0026distro=3.21.5", "UID": "9f843b39cfcaf60e" }, "Version": "1.3.5-r0", "Arch": "x86_64", "SrcName": "libtirpc", "SrcVersion": "1.3.5-r0", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "krb5-libs@1.21.3-r0", "libtirpc-conf@1.3.5-r0", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" }, "Digest": "sha1:f110fc99b234f7808622abb3ff4a65d9d2cf4be3", "InstalledFiles": [ "usr/lib/libtirpc.so.3", "usr/lib/libtirpc.so.3.0.0" ], "AnalyzedBy": "apk" }, { "ID": "libtirpc-conf@1.3.5-r0", "Name": "libtirpc-conf", "Identifier": { "PURL": "pkg:apk/alpine/libtirpc-conf@1.3.5-r0?arch=x86_64\u0026distro=3.21.5", "UID": "4b1fd5c09318a135" }, "Version": "1.3.5-r0", "Arch": "x86_64", "SrcName": "libtirpc", "SrcVersion": "1.3.5-r0", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" }, "Digest": "sha1:e10eac0d013b135befa2311a7ef3791424895595", "InstalledFiles": [ "etc/bindresvport.blacklist", "etc/netconfig" ], "AnalyzedBy": "apk" }, { "ID": "libuuid@2.40.4-r1", "Name": "libuuid", "Identifier": { "PURL": "pkg:apk/alpine/libuuid@2.40.4-r1?arch=x86_64\u0026distro=3.21.5", "UID": "1955cd330a5ab9e8" }, "Version": "2.40.4-r1", "Arch": "x86_64", "SrcName": "util-linux", "SrcVersion": "2.40.4-r1", "Licenses": [ "BSD-3-Clause" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" }, "Digest": "sha1:8d5e7fbe81f31a882f22c00eba732dcf45a7e90c", "InstalledFiles": [ "usr/lib/libuuid.so.1", "usr/lib/libuuid.so.1.3.0" ], "AnalyzedBy": "apk" }, { "ID": "libverto@0.3.2-r2", "Name": "libverto", "Identifier": { "PURL": "pkg:apk/alpine/libverto@0.3.2-r2?arch=x86_64\u0026distro=3.21.5", "UID": "67e5fa5840c0d028" }, "Version": "0.3.2-r2", "Arch": "x86_64", "SrcName": "libverto", "SrcVersion": "0.3.2-r2", "Licenses": [ "MIT" ], "Maintainer": "Francesco Colista \u003cfcolista@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" }, "Digest": "sha1:154644a18e6de4d3b6d9d6c2c35d28826b9167a1", "InstalledFiles": [ "usr/lib/libverto.so.1", "usr/lib/libverto.so.1.0.0" ], "AnalyzedBy": "apk" }, { "ID": "musl@1.2.5-r9", "Name": "musl", "Identifier": { "PURL": "pkg:apk/alpine/musl@1.2.5-r9?arch=x86_64\u0026distro=3.21.5", "UID": "d0316c4ab0862e6b" }, "Version": "1.2.5-r9", "Arch": "x86_64", "SrcName": "musl", "SrcVersion": "1.2.5-r9", "Licenses": [ "MIT" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" }, "Digest": "sha1:fcbef23891ec04f81a28b98dbbb521e58218d2d8", "InstalledFiles": [ "lib/ld-musl-x86_64.so.1", "lib/libc.musl-x86_64.so.1" ], "AnalyzedBy": "apk" }, { "ID": "musl-utils@1.2.5-r9", "Name": "musl-utils", "Identifier": { "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r9?arch=x86_64\u0026distro=3.21.5", "UID": "8991799c5350cf95" }, "Version": "1.2.5-r9", "Arch": "x86_64", "SrcName": "musl", "SrcVersion": "1.2.5-r9", "Licenses": [ "MIT", "BSD-2-Clause", "GPL-2.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9", "scanelf@1.3.8-r1" ], "Layer": { "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" }, "Digest": "sha1:dd00323d3c0b14f2607f7a14ef503ebb4f737d22", "InstalledFiles": [ "sbin/ldconfig", "usr/bin/getconf", "usr/bin/getent", "usr/bin/iconv", "usr/bin/ldd" ], "AnalyzedBy": "apk" }, { "ID": "ncurses-terminfo-base@6.5_p20241006-r3", "Name": "ncurses-terminfo-base", "Identifier": { "PURL": "pkg:apk/alpine/ncurses-terminfo-base@6.5_p20241006-r3?arch=x86_64\u0026distro=3.21.5", "UID": "ba7a41d37c387447" }, "Version": "6.5_p20241006-r3", "Arch": "x86_64", "SrcName": "ncurses", "SrcVersion": "6.5_p20241006-r3", "Licenses": [ "X-11" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" }, "Digest": "sha1:a2bc82a235e7172605f069a36c371f955bc9d8fc", "InstalledFiles": [ "etc/terminfo/a/alacritty", "etc/terminfo/a/ansi", "etc/terminfo/d/dumb", "etc/terminfo/g/gnome", "etc/terminfo/g/gnome-256color", "etc/terminfo/k/konsole", "etc/terminfo/k/konsole-256color", "etc/terminfo/k/konsole-linux", "etc/terminfo/l/linux", "etc/terminfo/p/putty", "etc/terminfo/p/putty-256color", "etc/terminfo/r/rxvt", "etc/terminfo/r/rxvt-256color", "etc/terminfo/s/screen", "etc/terminfo/s/screen-256color", "etc/terminfo/s/st-0.6", "etc/terminfo/s/st-0.7", "etc/terminfo/s/st-0.8", "etc/terminfo/s/st-16color", "etc/terminfo/s/st-256color", "etc/terminfo/s/st-direct", "etc/terminfo/s/sun", "etc/terminfo/t/terminator", "etc/terminfo/t/terminology", "etc/terminfo/t/terminology-0.6.1", "etc/terminfo/t/terminology-1.0.0", "etc/terminfo/t/terminology-1.8.1", "etc/terminfo/t/tmux", "etc/terminfo/t/tmux-256color", "etc/terminfo/v/vt100", "etc/terminfo/v/vt102", "etc/terminfo/v/vt200", "etc/terminfo/v/vt220", "etc/terminfo/v/vt52", "etc/terminfo/v/vte", "etc/terminfo/v/vte-256color", "etc/terminfo/x/xterm", "etc/terminfo/x/xterm-256color", "etc/terminfo/x/xterm-color", "etc/terminfo/x/xterm-xfree86" ], "AnalyzedBy": "apk" }, { "ID": "readline@8.2.13-r0", "Name": "readline", "Identifier": { "PURL": "pkg:apk/alpine/readline@8.2.13-r0?arch=x86_64\u0026distro=3.21.5", "UID": "8e448129748c2000" }, "Version": "8.2.13-r0", "Arch": "x86_64", "SrcName": "readline", "SrcVersion": "8.2.13-r0", "Licenses": [ "GPL-3.0-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "libncursesw@6.5_p20241006-r3", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" }, "Digest": "sha1:b99e42766d2d37aa8b69820daa080ab50c28a150", "InstalledFiles": [ "etc/inputrc", "usr/lib/libreadline.so.8", "usr/lib/libreadline.so.8.2" ], "AnalyzedBy": "apk" }, { "ID": "scanelf@1.3.8-r1", "Name": "scanelf", "Identifier": { "PURL": "pkg:apk/alpine/scanelf@1.3.8-r1?arch=x86_64\u0026distro=3.21.5", "UID": "99c1bc01da347386" }, "Version": "1.3.8-r1", "Arch": "x86_64", "SrcName": "pax-utils", "SrcVersion": "1.3.8-r1", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" }, "Digest": "sha1:77729f7622baeaafb6feaf7486f4f5452c1c7b62", "InstalledFiles": [ "usr/bin/scanelf" ], "AnalyzedBy": "apk" }, { "ID": "sqlite-libs@3.48.0-r4", "Name": "sqlite-libs", "Identifier": { "PURL": "pkg:apk/alpine/sqlite-libs@3.48.0-r4?arch=x86_64\u0026distro=3.21.5", "UID": "4ecf52bb751970f8" }, "Version": "3.48.0-r4", "Arch": "x86_64", "SrcName": "sqlite", "SrcVersion": "3.48.0-r4", "Licenses": [ "blessing" ], "Maintainer": "Celeste \u003ccielesti@protonmail.com\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" }, "Digest": "sha1:21356bb7c412444a10317870f10d60ad6eb9dcba", "InstalledFiles": [ "usr/lib/libsqlite3.so.0", "usr/lib/libsqlite3.so.0.8.6" ], "AnalyzedBy": "apk" }, { "ID": "ssl_client@1.37.0-r13", "Name": "ssl_client", "Identifier": { "PURL": "pkg:apk/alpine/ssl_client@1.37.0-r13?arch=x86_64\u0026distro=3.21.5", "UID": "a2f8df60e844b202" }, "Version": "1.37.0-r13", "Arch": "x86_64", "SrcName": "busybox", "SrcVersion": "1.37.0-r13", "Licenses": [ "GPL-2.0-only" ], "Maintainer": "Sören Tempel \u003csoeren+alpine@soeren-tempel.net\u003e", "DependsOn": [ "libcrypto3@3.3.5-r0", "libssl3@3.3.5-r0", "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" }, "Digest": "sha1:ba7b8b5914ab3e8f1a86aaf46bfa1a8f3bc26fa7", "InstalledFiles": [ "usr/bin/ssl_client" ], "AnalyzedBy": "apk" }, { "ID": "tzdata@2025b-r0", "Name": "tzdata", "Identifier": { "PURL": "pkg:apk/alpine/tzdata@2025b-r0?arch=x86_64\u0026distro=3.21.5", "UID": "f39c8382d2f13a32" }, "Version": "2025b-r0", "Arch": "x86_64", "SrcName": "tzdata", "SrcVersion": "2025b-r0", "Licenses": [ "Public-Domain" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "Layer": { "Digest": "sha256:2e4c45faf316c45eb1b02cc0c7e3b4c25a3584c52c3fc6e1c540fda517bfddd5", "DiffID": "sha256:6d4435bda110341f7737aecca319b193f2c984077bb0f202f1011f66f74129e7" }, "Digest": "sha1:c4fd9128726d6147b326fdaf47a64e72749b3488", "InstalledFiles": [ "usr/share/zoneinfo/CET", "usr/share/zoneinfo/CST6CDT", "usr/share/zoneinfo/Cuba", "usr/share/zoneinfo/EET", "usr/share/zoneinfo/EST", "usr/share/zoneinfo/EST5EDT", "usr/share/zoneinfo/Egypt", "usr/share/zoneinfo/Eire", "usr/share/zoneinfo/Factory", "usr/share/zoneinfo/GB", "usr/share/zoneinfo/GB-Eire", "usr/share/zoneinfo/GMT", "usr/share/zoneinfo/GMT+0", "usr/share/zoneinfo/GMT-0", "usr/share/zoneinfo/GMT0", "usr/share/zoneinfo/Greenwich", "usr/share/zoneinfo/HST", "usr/share/zoneinfo/Hongkong", "usr/share/zoneinfo/Iceland", "usr/share/zoneinfo/Iran", "usr/share/zoneinfo/Israel", "usr/share/zoneinfo/Jamaica", "usr/share/zoneinfo/Japan", "usr/share/zoneinfo/Kwajalein", "usr/share/zoneinfo/Libya", "usr/share/zoneinfo/MET", "usr/share/zoneinfo/MST", "usr/share/zoneinfo/MST7MDT", "usr/share/zoneinfo/NZ", "usr/share/zoneinfo/NZ-CHAT", "usr/share/zoneinfo/Navajo", "usr/share/zoneinfo/PRC", "usr/share/zoneinfo/PST8PDT", "usr/share/zoneinfo/Poland", "usr/share/zoneinfo/Portugal", "usr/share/zoneinfo/ROC", "usr/share/zoneinfo/ROK", "usr/share/zoneinfo/Singapore", "usr/share/zoneinfo/Turkey", "usr/share/zoneinfo/UCT", "usr/share/zoneinfo/UTC", "usr/share/zoneinfo/Universal", "usr/share/zoneinfo/W-SU", "usr/share/zoneinfo/WET", "usr/share/zoneinfo/Zulu", "usr/share/zoneinfo/iso3166.tab", "usr/share/zoneinfo/leap-seconds.list", "usr/share/zoneinfo/posixrules", "usr/share/zoneinfo/zone.tab", "usr/share/zoneinfo/zone1970.tab", "usr/share/zoneinfo/Africa/Abidjan", "usr/share/zoneinfo/Africa/Accra", "usr/share/zoneinfo/Africa/Addis_Ababa", "usr/share/zoneinfo/Africa/Algiers", "usr/share/zoneinfo/Africa/Asmara", "usr/share/zoneinfo/Africa/Asmera", "usr/share/zoneinfo/Africa/Bamako", "usr/share/zoneinfo/Africa/Bangui", "usr/share/zoneinfo/Africa/Banjul", "usr/share/zoneinfo/Africa/Bissau", "usr/share/zoneinfo/Africa/Blantyre", "usr/share/zoneinfo/Africa/Brazzaville", "usr/share/zoneinfo/Africa/Bujumbura", "usr/share/zoneinfo/Africa/Cairo", "usr/share/zoneinfo/Africa/Casablanca", "usr/share/zoneinfo/Africa/Ceuta", "usr/share/zoneinfo/Africa/Conakry", "usr/share/zoneinfo/Africa/Dakar", "usr/share/zoneinfo/Africa/Dar_es_Salaam", "usr/share/zoneinfo/Africa/Djibouti", "usr/share/zoneinfo/Africa/Douala", "usr/share/zoneinfo/Africa/El_Aaiun", "usr/share/zoneinfo/Africa/Freetown", "usr/share/zoneinfo/Africa/Gaborone", "usr/share/zoneinfo/Africa/Harare", "usr/share/zoneinfo/Africa/Johannesburg", "usr/share/zoneinfo/Africa/Juba", "usr/share/zoneinfo/Africa/Kampala", "usr/share/zoneinfo/Africa/Khartoum", "usr/share/zoneinfo/Africa/Kigali", "usr/share/zoneinfo/Africa/Kinshasa", "usr/share/zoneinfo/Africa/Lagos", "usr/share/zoneinfo/Africa/Libreville", "usr/share/zoneinfo/Africa/Lome", "usr/share/zoneinfo/Africa/Luanda", "usr/share/zoneinfo/Africa/Lubumbashi", "usr/share/zoneinfo/Africa/Lusaka", "usr/share/zoneinfo/Africa/Malabo", "usr/share/zoneinfo/Africa/Maputo", "usr/share/zoneinfo/Africa/Maseru", "usr/share/zoneinfo/Africa/Mbabane", "usr/share/zoneinfo/Africa/Mogadishu", "usr/share/zoneinfo/Africa/Monrovia", "usr/share/zoneinfo/Africa/Nairobi", "usr/share/zoneinfo/Africa/Ndjamena", "usr/share/zoneinfo/Africa/Niamey", "usr/share/zoneinfo/Africa/Nouakchott", "usr/share/zoneinfo/Africa/Ouagadougou", "usr/share/zoneinfo/Africa/Porto-Novo", "usr/share/zoneinfo/Africa/Sao_Tome", "usr/share/zoneinfo/Africa/Timbuktu", "usr/share/zoneinfo/Africa/Tripoli", "usr/share/zoneinfo/Africa/Tunis", "usr/share/zoneinfo/Africa/Windhoek", "usr/share/zoneinfo/America/Adak", "usr/share/zoneinfo/America/Anchorage", "usr/share/zoneinfo/America/Anguilla", "usr/share/zoneinfo/America/Antigua", "usr/share/zoneinfo/America/Araguaina", "usr/share/zoneinfo/America/Aruba", "usr/share/zoneinfo/America/Asuncion", "usr/share/zoneinfo/America/Atikokan", "usr/share/zoneinfo/America/Atka", "usr/share/zoneinfo/America/Bahia", "usr/share/zoneinfo/America/Bahia_Banderas", "usr/share/zoneinfo/America/Barbados", "usr/share/zoneinfo/America/Belem", "usr/share/zoneinfo/America/Belize", "usr/share/zoneinfo/America/Blanc-Sablon", "usr/share/zoneinfo/America/Boa_Vista", "usr/share/zoneinfo/America/Bogota", "usr/share/zoneinfo/America/Boise", "usr/share/zoneinfo/America/Buenos_Aires", "usr/share/zoneinfo/America/Cambridge_Bay", "usr/share/zoneinfo/America/Campo_Grande", "usr/share/zoneinfo/America/Cancun", "usr/share/zoneinfo/America/Caracas", "usr/share/zoneinfo/America/Catamarca", "usr/share/zoneinfo/America/Cayenne", "usr/share/zoneinfo/America/Cayman", "usr/share/zoneinfo/America/Chicago", "usr/share/zoneinfo/America/Chihuahua", "usr/share/zoneinfo/America/Ciudad_Juarez", "usr/share/zoneinfo/America/Coral_Harbour", "usr/share/zoneinfo/America/Cordoba", "usr/share/zoneinfo/America/Costa_Rica", "usr/share/zoneinfo/America/Coyhaique", "usr/share/zoneinfo/America/Creston", "usr/share/zoneinfo/America/Cuiaba", "usr/share/zoneinfo/America/Curacao", "usr/share/zoneinfo/America/Danmarkshavn", "usr/share/zoneinfo/America/Dawson", "usr/share/zoneinfo/America/Dawson_Creek", "usr/share/zoneinfo/America/Denver", "usr/share/zoneinfo/America/Detroit", "usr/share/zoneinfo/America/Dominica", "usr/share/zoneinfo/America/Edmonton", "usr/share/zoneinfo/America/Eirunepe", "usr/share/zoneinfo/America/El_Salvador", "usr/share/zoneinfo/America/Ensenada", "usr/share/zoneinfo/America/Fort_Nelson", "usr/share/zoneinfo/America/Fort_Wayne", "usr/share/zoneinfo/America/Fortaleza", "usr/share/zoneinfo/America/Glace_Bay", "usr/share/zoneinfo/America/Godthab", "usr/share/zoneinfo/America/Goose_Bay", "usr/share/zoneinfo/America/Grand_Turk", "usr/share/zoneinfo/America/Grenada", "usr/share/zoneinfo/America/Guadeloupe", "usr/share/zoneinfo/America/Guatemala", "usr/share/zoneinfo/America/Guayaquil", "usr/share/zoneinfo/America/Guyana", "usr/share/zoneinfo/America/Halifax", "usr/share/zoneinfo/America/Havana", "usr/share/zoneinfo/America/Hermosillo", "usr/share/zoneinfo/America/Indianapolis", "usr/share/zoneinfo/America/Inuvik", "usr/share/zoneinfo/America/Iqaluit", "usr/share/zoneinfo/America/Jamaica", "usr/share/zoneinfo/America/Jujuy", "usr/share/zoneinfo/America/Juneau", "usr/share/zoneinfo/America/Knox_IN", "usr/share/zoneinfo/America/Kralendijk", "usr/share/zoneinfo/America/La_Paz", "usr/share/zoneinfo/America/Lima", "usr/share/zoneinfo/America/Los_Angeles", "usr/share/zoneinfo/America/Louisville", "usr/share/zoneinfo/America/Lower_Princes", "usr/share/zoneinfo/America/Maceio", "usr/share/zoneinfo/America/Managua", "usr/share/zoneinfo/America/Manaus", "usr/share/zoneinfo/America/Marigot", "usr/share/zoneinfo/America/Martinique", "usr/share/zoneinfo/America/Matamoros", "usr/share/zoneinfo/America/Mazatlan", "usr/share/zoneinfo/America/Mendoza", "usr/share/zoneinfo/America/Menominee", "usr/share/zoneinfo/America/Merida", "usr/share/zoneinfo/America/Metlakatla", "usr/share/zoneinfo/America/Mexico_City", "usr/share/zoneinfo/America/Miquelon", "usr/share/zoneinfo/America/Moncton", "usr/share/zoneinfo/America/Monterrey", "usr/share/zoneinfo/America/Montevideo", "usr/share/zoneinfo/America/Montreal", "usr/share/zoneinfo/America/Montserrat", "usr/share/zoneinfo/America/Nassau", "usr/share/zoneinfo/America/New_York", "usr/share/zoneinfo/America/Nipigon", "usr/share/zoneinfo/America/Nome", "usr/share/zoneinfo/America/Noronha", "usr/share/zoneinfo/America/Nuuk", "usr/share/zoneinfo/America/Ojinaga", "usr/share/zoneinfo/America/Panama", "usr/share/zoneinfo/America/Pangnirtung", "usr/share/zoneinfo/America/Paramaribo", "usr/share/zoneinfo/America/Phoenix", "usr/share/zoneinfo/America/Port-au-Prince", "usr/share/zoneinfo/America/Port_of_Spain", "usr/share/zoneinfo/America/Porto_Acre", "usr/share/zoneinfo/America/Porto_Velho", "usr/share/zoneinfo/America/Puerto_Rico", "usr/share/zoneinfo/America/Punta_Arenas", "usr/share/zoneinfo/America/Rainy_River", "usr/share/zoneinfo/America/Rankin_Inlet", "usr/share/zoneinfo/America/Recife", "usr/share/zoneinfo/America/Regina", "usr/share/zoneinfo/America/Resolute", "usr/share/zoneinfo/America/Rio_Branco", "usr/share/zoneinfo/America/Rosario", "usr/share/zoneinfo/America/Santa_Isabel", "usr/share/zoneinfo/America/Santarem", "usr/share/zoneinfo/America/Santiago", "usr/share/zoneinfo/America/Santo_Domingo", "usr/share/zoneinfo/America/Sao_Paulo", "usr/share/zoneinfo/America/Scoresbysund", "usr/share/zoneinfo/America/Shiprock", "usr/share/zoneinfo/America/Sitka", "usr/share/zoneinfo/America/St_Barthelemy", "usr/share/zoneinfo/America/St_Johns", "usr/share/zoneinfo/America/St_Kitts", "usr/share/zoneinfo/America/St_Lucia", "usr/share/zoneinfo/America/St_Thomas", "usr/share/zoneinfo/America/St_Vincent", "usr/share/zoneinfo/America/Swift_Current", "usr/share/zoneinfo/America/Tegucigalpa", "usr/share/zoneinfo/America/Thule", "usr/share/zoneinfo/America/Thunder_Bay", "usr/share/zoneinfo/America/Tijuana", "usr/share/zoneinfo/America/Toronto", "usr/share/zoneinfo/America/Tortola", "usr/share/zoneinfo/America/Vancouver", "usr/share/zoneinfo/America/Virgin", "usr/share/zoneinfo/America/Whitehorse", "usr/share/zoneinfo/America/Winnipeg", "usr/share/zoneinfo/America/Yakutat", "usr/share/zoneinfo/America/Yellowknife", "usr/share/zoneinfo/America/Argentina/Buenos_Aires", "usr/share/zoneinfo/America/Argentina/Catamarca", "usr/share/zoneinfo/America/Argentina/ComodRivadavia", "usr/share/zoneinfo/America/Argentina/Cordoba", "usr/share/zoneinfo/America/Argentina/Jujuy", "usr/share/zoneinfo/America/Argentina/La_Rioja", "usr/share/zoneinfo/America/Argentina/Mendoza", "usr/share/zoneinfo/America/Argentina/Rio_Gallegos", "usr/share/zoneinfo/America/Argentina/Salta", "usr/share/zoneinfo/America/Argentina/San_Juan", "usr/share/zoneinfo/America/Argentina/San_Luis", "usr/share/zoneinfo/America/Argentina/Tucuman", "usr/share/zoneinfo/America/Argentina/Ushuaia", "usr/share/zoneinfo/America/Indiana/Indianapolis", "usr/share/zoneinfo/America/Indiana/Knox", "usr/share/zoneinfo/America/Indiana/Marengo", "usr/share/zoneinfo/America/Indiana/Petersburg", "usr/share/zoneinfo/America/Indiana/Tell_City", "usr/share/zoneinfo/America/Indiana/Vevay", "usr/share/zoneinfo/America/Indiana/Vincennes", "usr/share/zoneinfo/America/Indiana/Winamac", "usr/share/zoneinfo/America/Kentucky/Louisville", "usr/share/zoneinfo/America/Kentucky/Monticello", "usr/share/zoneinfo/America/North_Dakota/Beulah", "usr/share/zoneinfo/America/North_Dakota/Center", "usr/share/zoneinfo/America/North_Dakota/New_Salem", "usr/share/zoneinfo/Antarctica/Casey", "usr/share/zoneinfo/Antarctica/Davis", "usr/share/zoneinfo/Antarctica/DumontDUrville", "usr/share/zoneinfo/Antarctica/Macquarie", "usr/share/zoneinfo/Antarctica/Mawson", "usr/share/zoneinfo/Antarctica/McMurdo", "usr/share/zoneinfo/Antarctica/Palmer", "usr/share/zoneinfo/Antarctica/Rothera", "usr/share/zoneinfo/Antarctica/South_Pole", "usr/share/zoneinfo/Antarctica/Syowa", "usr/share/zoneinfo/Antarctica/Troll", "usr/share/zoneinfo/Antarctica/Vostok", "usr/share/zoneinfo/Arctic/Longyearbyen", "usr/share/zoneinfo/Asia/Aden", "usr/share/zoneinfo/Asia/Almaty", "usr/share/zoneinfo/Asia/Amman", "usr/share/zoneinfo/Asia/Anadyr", "usr/share/zoneinfo/Asia/Aqtau", "usr/share/zoneinfo/Asia/Aqtobe", "usr/share/zoneinfo/Asia/Ashgabat", "usr/share/zoneinfo/Asia/Ashkhabad", "usr/share/zoneinfo/Asia/Atyrau", "usr/share/zoneinfo/Asia/Baghdad", "usr/share/zoneinfo/Asia/Bahrain", "usr/share/zoneinfo/Asia/Baku", "usr/share/zoneinfo/Asia/Bangkok", "usr/share/zoneinfo/Asia/Barnaul", "usr/share/zoneinfo/Asia/Beirut", "usr/share/zoneinfo/Asia/Bishkek", "usr/share/zoneinfo/Asia/Brunei", "usr/share/zoneinfo/Asia/Calcutta", "usr/share/zoneinfo/Asia/Chita", "usr/share/zoneinfo/Asia/Choibalsan", "usr/share/zoneinfo/Asia/Chongqing", "usr/share/zoneinfo/Asia/Chungking", "usr/share/zoneinfo/Asia/Colombo", "usr/share/zoneinfo/Asia/Dacca", "usr/share/zoneinfo/Asia/Damascus", "usr/share/zoneinfo/Asia/Dhaka", "usr/share/zoneinfo/Asia/Dili", "usr/share/zoneinfo/Asia/Dubai", "usr/share/zoneinfo/Asia/Dushanbe", "usr/share/zoneinfo/Asia/Famagusta", "usr/share/zoneinfo/Asia/Gaza", "usr/share/zoneinfo/Asia/Harbin", "usr/share/zoneinfo/Asia/Hebron", "usr/share/zoneinfo/Asia/Ho_Chi_Minh", "usr/share/zoneinfo/Asia/Hong_Kong", "usr/share/zoneinfo/Asia/Hovd", "usr/share/zoneinfo/Asia/Irkutsk", "usr/share/zoneinfo/Asia/Istanbul", "usr/share/zoneinfo/Asia/Jakarta", "usr/share/zoneinfo/Asia/Jayapura", "usr/share/zoneinfo/Asia/Jerusalem", "usr/share/zoneinfo/Asia/Kabul", "usr/share/zoneinfo/Asia/Kamchatka", "usr/share/zoneinfo/Asia/Karachi", "usr/share/zoneinfo/Asia/Kashgar", "usr/share/zoneinfo/Asia/Kathmandu", "usr/share/zoneinfo/Asia/Katmandu", "usr/share/zoneinfo/Asia/Khandyga", "usr/share/zoneinfo/Asia/Kolkata", "usr/share/zoneinfo/Asia/Krasnoyarsk", "usr/share/zoneinfo/Asia/Kuala_Lumpur", "usr/share/zoneinfo/Asia/Kuching", "usr/share/zoneinfo/Asia/Kuwait", "usr/share/zoneinfo/Asia/Macao", "usr/share/zoneinfo/Asia/Macau", "usr/share/zoneinfo/Asia/Magadan", "usr/share/zoneinfo/Asia/Makassar", "usr/share/zoneinfo/Asia/Manila", "usr/share/zoneinfo/Asia/Muscat", "usr/share/zoneinfo/Asia/Nicosia", "usr/share/zoneinfo/Asia/Novokuznetsk", "usr/share/zoneinfo/Asia/Novosibirsk", "usr/share/zoneinfo/Asia/Omsk", "usr/share/zoneinfo/Asia/Oral", "usr/share/zoneinfo/Asia/Phnom_Penh", "usr/share/zoneinfo/Asia/Pontianak", "usr/share/zoneinfo/Asia/Pyongyang", "usr/share/zoneinfo/Asia/Qatar", "usr/share/zoneinfo/Asia/Qostanay", "usr/share/zoneinfo/Asia/Qyzylorda", "usr/share/zoneinfo/Asia/Rangoon", "usr/share/zoneinfo/Asia/Riyadh", "usr/share/zoneinfo/Asia/Saigon", "usr/share/zoneinfo/Asia/Sakhalin", "usr/share/zoneinfo/Asia/Samarkand", "usr/share/zoneinfo/Asia/Seoul", "usr/share/zoneinfo/Asia/Shanghai", "usr/share/zoneinfo/Asia/Singapore", "usr/share/zoneinfo/Asia/Srednekolymsk", "usr/share/zoneinfo/Asia/Taipei", "usr/share/zoneinfo/Asia/Tashkent", "usr/share/zoneinfo/Asia/Tbilisi", "usr/share/zoneinfo/Asia/Tehran", "usr/share/zoneinfo/Asia/Tel_Aviv", "usr/share/zoneinfo/Asia/Thimbu", "usr/share/zoneinfo/Asia/Thimphu", "usr/share/zoneinfo/Asia/Tokyo", "usr/share/zoneinfo/Asia/Tomsk", "usr/share/zoneinfo/Asia/Ujung_Pandang", "usr/share/zoneinfo/Asia/Ulaanbaatar", "usr/share/zoneinfo/Asia/Ulan_Bator", "usr/share/zoneinfo/Asia/Urumqi", "usr/share/zoneinfo/Asia/Ust-Nera", "usr/share/zoneinfo/Asia/Vientiane", "usr/share/zoneinfo/Asia/Vladivostok", "usr/share/zoneinfo/Asia/Yakutsk", "usr/share/zoneinfo/Asia/Yangon", "usr/share/zoneinfo/Asia/Yekaterinburg", "usr/share/zoneinfo/Asia/Yerevan", "usr/share/zoneinfo/Atlantic/Azores", "usr/share/zoneinfo/Atlantic/Bermuda", "usr/share/zoneinfo/Atlantic/Canary", "usr/share/zoneinfo/Atlantic/Cape_Verde", "usr/share/zoneinfo/Atlantic/Faeroe", "usr/share/zoneinfo/Atlantic/Faroe", "usr/share/zoneinfo/Atlantic/Jan_Mayen", "usr/share/zoneinfo/Atlantic/Madeira", "usr/share/zoneinfo/Atlantic/Reykjavik", "usr/share/zoneinfo/Atlantic/South_Georgia", "usr/share/zoneinfo/Atlantic/St_Helena", "usr/share/zoneinfo/Atlantic/Stanley", "usr/share/zoneinfo/Australia/ACT", "usr/share/zoneinfo/Australia/Adelaide", "usr/share/zoneinfo/Australia/Brisbane", "usr/share/zoneinfo/Australia/Broken_Hill", "usr/share/zoneinfo/Australia/Canberra", "usr/share/zoneinfo/Australia/Currie", "usr/share/zoneinfo/Australia/Darwin", "usr/share/zoneinfo/Australia/Eucla", "usr/share/zoneinfo/Australia/Hobart", "usr/share/zoneinfo/Australia/LHI", "usr/share/zoneinfo/Australia/Lindeman", "usr/share/zoneinfo/Australia/Lord_Howe", "usr/share/zoneinfo/Australia/Melbourne", "usr/share/zoneinfo/Australia/NSW", "usr/share/zoneinfo/Australia/North", "usr/share/zoneinfo/Australia/Perth", "usr/share/zoneinfo/Australia/Queensland", "usr/share/zoneinfo/Australia/South", "usr/share/zoneinfo/Australia/Sydney", "usr/share/zoneinfo/Australia/Tasmania", "usr/share/zoneinfo/Australia/Victoria", "usr/share/zoneinfo/Australia/West", "usr/share/zoneinfo/Australia/Yancowinna", "usr/share/zoneinfo/Brazil/Acre", "usr/share/zoneinfo/Brazil/DeNoronha", "usr/share/zoneinfo/Brazil/East", "usr/share/zoneinfo/Brazil/West", "usr/share/zoneinfo/Canada/Atlantic", "usr/share/zoneinfo/Canada/Central", "usr/share/zoneinfo/Canada/Eastern", "usr/share/zoneinfo/Canada/Mountain", "usr/share/zoneinfo/Canada/Newfoundland", "usr/share/zoneinfo/Canada/Pacific", "usr/share/zoneinfo/Canada/Saskatchewan", "usr/share/zoneinfo/Canada/Yukon", "usr/share/zoneinfo/Chile/Continental", "usr/share/zoneinfo/Chile/EasterIsland", "usr/share/zoneinfo/Etc/GMT", "usr/share/zoneinfo/Etc/GMT+0", "usr/share/zoneinfo/Etc/GMT+1", "usr/share/zoneinfo/Etc/GMT+10", "usr/share/zoneinfo/Etc/GMT+11", "usr/share/zoneinfo/Etc/GMT+12", "usr/share/zoneinfo/Etc/GMT+2", "usr/share/zoneinfo/Etc/GMT+3", "usr/share/zoneinfo/Etc/GMT+4", "usr/share/zoneinfo/Etc/GMT+5", "usr/share/zoneinfo/Etc/GMT+6", "usr/share/zoneinfo/Etc/GMT+7", "usr/share/zoneinfo/Etc/GMT+8", "usr/share/zoneinfo/Etc/GMT+9", "usr/share/zoneinfo/Etc/GMT-0", "usr/share/zoneinfo/Etc/GMT-1", "usr/share/zoneinfo/Etc/GMT-10", "usr/share/zoneinfo/Etc/GMT-11", "usr/share/zoneinfo/Etc/GMT-12", "usr/share/zoneinfo/Etc/GMT-13", "usr/share/zoneinfo/Etc/GMT-14", "usr/share/zoneinfo/Etc/GMT-2", "usr/share/zoneinfo/Etc/GMT-3", "usr/share/zoneinfo/Etc/GMT-4", "usr/share/zoneinfo/Etc/GMT-5", "usr/share/zoneinfo/Etc/GMT-6", "usr/share/zoneinfo/Etc/GMT-7", "usr/share/zoneinfo/Etc/GMT-8", "usr/share/zoneinfo/Etc/GMT-9", "usr/share/zoneinfo/Etc/GMT0", "usr/share/zoneinfo/Etc/Greenwich", "usr/share/zoneinfo/Etc/UCT", "usr/share/zoneinfo/Etc/UTC", "usr/share/zoneinfo/Etc/Universal", "usr/share/zoneinfo/Etc/Zulu", "usr/share/zoneinfo/Europe/Amsterdam", "usr/share/zoneinfo/Europe/Andorra", "usr/share/zoneinfo/Europe/Astrakhan", "usr/share/zoneinfo/Europe/Athens", "usr/share/zoneinfo/Europe/Belfast", "usr/share/zoneinfo/Europe/Belgrade", "usr/share/zoneinfo/Europe/Berlin", "usr/share/zoneinfo/Europe/Bratislava", "usr/share/zoneinfo/Europe/Brussels", "usr/share/zoneinfo/Europe/Bucharest", "usr/share/zoneinfo/Europe/Budapest", "usr/share/zoneinfo/Europe/Busingen", "usr/share/zoneinfo/Europe/Chisinau", "usr/share/zoneinfo/Europe/Copenhagen", "usr/share/zoneinfo/Europe/Dublin", "usr/share/zoneinfo/Europe/Gibraltar", "usr/share/zoneinfo/Europe/Guernsey", "usr/share/zoneinfo/Europe/Helsinki", "usr/share/zoneinfo/Europe/Isle_of_Man", "usr/share/zoneinfo/Europe/Istanbul", "usr/share/zoneinfo/Europe/Jersey", "usr/share/zoneinfo/Europe/Kaliningrad", "usr/share/zoneinfo/Europe/Kiev", "usr/share/zoneinfo/Europe/Kirov", "usr/share/zoneinfo/Europe/Kyiv", "usr/share/zoneinfo/Europe/Lisbon", "usr/share/zoneinfo/Europe/Ljubljana", "usr/share/zoneinfo/Europe/London", "usr/share/zoneinfo/Europe/Luxembourg", "usr/share/zoneinfo/Europe/Madrid", "usr/share/zoneinfo/Europe/Malta", "usr/share/zoneinfo/Europe/Mariehamn", "usr/share/zoneinfo/Europe/Minsk", "usr/share/zoneinfo/Europe/Monaco", "usr/share/zoneinfo/Europe/Moscow", "usr/share/zoneinfo/Europe/Nicosia", "usr/share/zoneinfo/Europe/Oslo", "usr/share/zoneinfo/Europe/Paris", "usr/share/zoneinfo/Europe/Podgorica", "usr/share/zoneinfo/Europe/Prague", "usr/share/zoneinfo/Europe/Riga", "usr/share/zoneinfo/Europe/Rome", "usr/share/zoneinfo/Europe/Samara", "usr/share/zoneinfo/Europe/San_Marino", "usr/share/zoneinfo/Europe/Sarajevo", "usr/share/zoneinfo/Europe/Saratov", "usr/share/zoneinfo/Europe/Simferopol", "usr/share/zoneinfo/Europe/Skopje", "usr/share/zoneinfo/Europe/Sofia", "usr/share/zoneinfo/Europe/Stockholm", "usr/share/zoneinfo/Europe/Tallinn", "usr/share/zoneinfo/Europe/Tirane", "usr/share/zoneinfo/Europe/Tiraspol", "usr/share/zoneinfo/Europe/Ulyanovsk", "usr/share/zoneinfo/Europe/Uzhgorod", "usr/share/zoneinfo/Europe/Vaduz", "usr/share/zoneinfo/Europe/Vatican", "usr/share/zoneinfo/Europe/Vienna", "usr/share/zoneinfo/Europe/Vilnius", "usr/share/zoneinfo/Europe/Volgograd", "usr/share/zoneinfo/Europe/Warsaw", "usr/share/zoneinfo/Europe/Zagreb", "usr/share/zoneinfo/Europe/Zaporozhye", "usr/share/zoneinfo/Europe/Zurich", "usr/share/zoneinfo/Indian/Antananarivo", "usr/share/zoneinfo/Indian/Chagos", "usr/share/zoneinfo/Indian/Christmas", "usr/share/zoneinfo/Indian/Cocos", "usr/share/zoneinfo/Indian/Comoro", "usr/share/zoneinfo/Indian/Kerguelen", "usr/share/zoneinfo/Indian/Mahe", "usr/share/zoneinfo/Indian/Maldives", "usr/share/zoneinfo/Indian/Mauritius", "usr/share/zoneinfo/Indian/Mayotte", "usr/share/zoneinfo/Indian/Reunion", "usr/share/zoneinfo/Mexico/BajaNorte", "usr/share/zoneinfo/Mexico/BajaSur", "usr/share/zoneinfo/Mexico/General", "usr/share/zoneinfo/Pacific/Apia", "usr/share/zoneinfo/Pacific/Auckland", "usr/share/zoneinfo/Pacific/Bougainville", "usr/share/zoneinfo/Pacific/Chatham", "usr/share/zoneinfo/Pacific/Chuuk", "usr/share/zoneinfo/Pacific/Easter", "usr/share/zoneinfo/Pacific/Efate", "usr/share/zoneinfo/Pacific/Enderbury", "usr/share/zoneinfo/Pacific/Fakaofo", "usr/share/zoneinfo/Pacific/Fiji", "usr/share/zoneinfo/Pacific/Funafuti", "usr/share/zoneinfo/Pacific/Galapagos", "usr/share/zoneinfo/Pacific/Gambier", "usr/share/zoneinfo/Pacific/Guadalcanal", "usr/share/zoneinfo/Pacific/Guam", "usr/share/zoneinfo/Pacific/Honolulu", "usr/share/zoneinfo/Pacific/Johnston", "usr/share/zoneinfo/Pacific/Kanton", "usr/share/zoneinfo/Pacific/Kiritimati", "usr/share/zoneinfo/Pacific/Kosrae", "usr/share/zoneinfo/Pacific/Kwajalein", "usr/share/zoneinfo/Pacific/Majuro", "usr/share/zoneinfo/Pacific/Marquesas", "usr/share/zoneinfo/Pacific/Midway", "usr/share/zoneinfo/Pacific/Nauru", "usr/share/zoneinfo/Pacific/Niue", "usr/share/zoneinfo/Pacific/Norfolk", "usr/share/zoneinfo/Pacific/Noumea", "usr/share/zoneinfo/Pacific/Pago_Pago", "usr/share/zoneinfo/Pacific/Palau", "usr/share/zoneinfo/Pacific/Pitcairn", "usr/share/zoneinfo/Pacific/Pohnpei", "usr/share/zoneinfo/Pacific/Ponape", "usr/share/zoneinfo/Pacific/Port_Moresby", "usr/share/zoneinfo/Pacific/Rarotonga", "usr/share/zoneinfo/Pacific/Saipan", "usr/share/zoneinfo/Pacific/Samoa", "usr/share/zoneinfo/Pacific/Tahiti", "usr/share/zoneinfo/Pacific/Tarawa", "usr/share/zoneinfo/Pacific/Tongatapu", "usr/share/zoneinfo/Pacific/Truk", "usr/share/zoneinfo/Pacific/Wake", "usr/share/zoneinfo/Pacific/Wallis", "usr/share/zoneinfo/Pacific/Yap", "usr/share/zoneinfo/US/Alaska", "usr/share/zoneinfo/US/Aleutian", "usr/share/zoneinfo/US/Arizona", "usr/share/zoneinfo/US/Central", "usr/share/zoneinfo/US/East-Indiana", "usr/share/zoneinfo/US/Eastern", "usr/share/zoneinfo/US/Hawaii", "usr/share/zoneinfo/US/Indiana-Starke", "usr/share/zoneinfo/US/Michigan", "usr/share/zoneinfo/US/Mountain", "usr/share/zoneinfo/US/Pacific", "usr/share/zoneinfo/US/Samoa" ], "AnalyzedBy": "apk" }, { "ID": "xz-libs@5.6.3-r1", "Name": "xz-libs", "Identifier": { "PURL": "pkg:apk/alpine/xz-libs@5.6.3-r1?arch=x86_64\u0026distro=3.21.5", "UID": "219720ff66151d62" }, "Version": "5.6.3-r1", "Arch": "x86_64", "SrcName": "xz", "SrcVersion": "5.6.3-r1", "Licenses": [ "GPL-2.0-or-later", "0BSD", "Public-Domain", "LGPL-2.1-or-later" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" }, "Digest": "sha1:b7d7b85e5f9f845bf7a7dcc383d09f327a7eebc8", "InstalledFiles": [ "usr/lib/liblzma.so.5", "usr/lib/liblzma.so.5.6.3" ], "AnalyzedBy": "apk" }, { "ID": "zlib@1.3.1-r2", "Name": "zlib", "Identifier": { "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.21.5", "UID": "3b545badcbeb3bc0" }, "Version": "1.3.1-r2", "Arch": "x86_64", "SrcName": "zlib", "SrcVersion": "1.3.1-r2", "Licenses": [ "Zlib" ], "Maintainer": "Natanael Copa \u003cncopa@alpinelinux.org\u003e", "DependsOn": [ "musl@1.2.5-r9" ], "Layer": { "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" }, "Digest": "sha1:f0b90f76367ac51b4a3e70432ed00e6dca6a7432", "InstalledFiles": [ "usr/lib/libz.so.1", "usr/lib/libz.so.1.3.1" ], "AnalyzedBy": "apk" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2024-58251", "PkgID": "busybox@1.37.0-r13", "PkgName": "busybox", "PkgIdentifier": { "PURL": "pkg:apk/alpine/busybox@1.37.0-r13?arch=x86_64\u0026distro=3.21.5", "UID": "8fda363a8f5a07b1" }, "InstalledVersion": "1.37.0-r13", "FixedVersion": "1.37.0-r14", "Status": "fixed", "Layer": { "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:4769ef7cc8954f84fe3adb2840035f2a0b85bdac180646d478f43473d7aec50a", "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", "Severity": "MEDIUM", "CweIDs": [ "CWE-150" ], "VendorSeverity": { "ubuntu": 2 }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/23/6", "https://bugs.busybox.net/show_bug.cgi?id=15922", "https://www.busybox.net", "https://www.busybox.net/downloads/", "https://www.cve.org/CVERecord?id=CVE-2024-58251" ], "PublishedDate": "2025-04-23T18:16:03.057Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2024-58251", "PkgID": "busybox-binsh@1.37.0-r13", "PkgName": "busybox-binsh", "PkgIdentifier": { "PURL": "pkg:apk/alpine/busybox-binsh@1.37.0-r13?arch=x86_64\u0026distro=3.21.5", "UID": "cb91567fa5d7f91d" }, "InstalledVersion": "1.37.0-r13", "FixedVersion": "1.37.0-r14", "Status": "fixed", "Layer": { "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:c9c03970f5574a95c1b782d0a873e5722415efe2c9f69ebc5e8ed8f302bd9f3d", "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", "Severity": "MEDIUM", "CweIDs": [ "CWE-150" ], "VendorSeverity": { "ubuntu": 2 }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/23/6", "https://bugs.busybox.net/show_bug.cgi?id=15922", "https://www.busybox.net", "https://www.busybox.net/downloads/", "https://www.cve.org/CVERecord?id=CVE-2024-58251" ], "PublishedDate": "2025-04-23T18:16:03.057Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2026-31789", "PkgID": "libcrypto3@3.3.5-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.5-r0?arch=x86_64\u0026distro=3.21.5", "UID": "15bbec8716141e63" }, "InstalledVersion": "3.3.5-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31789", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:3db07b6ba7cda805170174d8cb576c43dd8fe14aead3b1ef6893e07fa0306b47", "Title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing", "Description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "CRITICAL", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "azure": 2, "nvd": 4, "photon": 4, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", "V3Score": 5.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31789", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-j79m-9jxq-788r", "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-31789", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.617Z", "LastModifiedDate": "2026-05-12T13:17:34.57Z" }, { "VulnerabilityID": "CVE-2025-15467", "PkgID": "libcrypto3@3.3.5-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.5-r0?arch=x86_64\u0026distro=3.21.5", "UID": "15bbec8716141e63" }, "InstalledVersion": "3.3.5-r0", "FixedVersion": "3.3.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15467", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:4d1866f146424f020347149979b3d69b47ec566c816225af062eab9df9a60b81", "Title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing", "Description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 4, "julia": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 8.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/27/10", "http://www.openwall.com/lists/oss-security/2026/02/25/6", "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-15467", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-wvhq-3h88-rf6g", "https://github.com/guiimoraes/CVE-2025-15467", "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://linux.oracle.com/cve/CVE-2025-15467.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://www.cve.org/CVERecord?id=CVE-2025-15467" ], "PublishedDate": "2026-01-27T16:16:14.257Z", "LastModifiedDate": "2026-05-07T18:12:43.253Z" }, { "VulnerabilityID": "CVE-2025-69421", "PkgID": "libcrypto3@3.3.5-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.5-r0?arch=x86_64\u0026distro=3.21.5", "UID": "15bbec8716141e63" }, "InstalledVersion": "3.3.5-r0", "FixedVersion": "3.3.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69421", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:cdfba9503c1edc4b8ebde99df384caeba17d8e1548bcf7ddcae0175357427d69", "Title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing", "Description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "cbl-mariner": 2, "julia": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 1, "rocky": 3, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-69421", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-w9rv-xc8m-cmqp", "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://linux.oracle.com/cve/CVE-2025-69421.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69421" ], "PublishedDate": "2026-01-27T16:16:34.437Z", "LastModifiedDate": "2026-05-12T13:17:26.71Z" }, { "VulnerabilityID": "CVE-2026-28387", "PkgID": "libcrypto3@3.3.5-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.5-r0?arch=x86_64\u0026distro=3.21.5", "UID": "15bbec8716141e63" }, "InstalledVersion": "3.3.5-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28387", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:c73dfa75ecdc28b7b59481c625664dca5f1567d3433a011796f60630616a2c84", "Title": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication", "Description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as 'unusable' any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28387", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b", "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe", "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3", "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7", "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177", "https://nvd.nist.gov/vuln/detail/CVE-2026-28387", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28387", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:20.7Z", "LastModifiedDate": "2026-05-12T13:17:33.27Z" }, { "VulnerabilityID": "CVE-2026-28388", "PkgID": "libcrypto3@3.3.5-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.5-r0?arch=x86_64\u0026distro=3.21.5", "UID": "15bbec8716141e63" }, "InstalledVersion": "3.3.5-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28388", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:2e412aa05e81b858d11a0dbfa9ff0e93d1bc48df9d6e7056139311f29978e4c2", "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing", "Description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28388", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28388", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:20.863Z", "LastModifiedDate": "2026-05-12T13:17:33.453Z" }, { "VulnerabilityID": "CVE-2026-28389", "PkgID": "libcrypto3@3.3.5-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.5-r0?arch=x86_64\u0026distro=3.21.5", "UID": "15bbec8716141e63" }, "InstalledVersion": "3.3.5-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28389", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:e007bd13b9efe4509564993a9619dffefdf9c27ad378bcb8189b387973ac6173", "Title": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing", "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28389", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/advisories/GHSA-7x88-9hgc-69gf", "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28389", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.03Z", "LastModifiedDate": "2026-05-12T13:17:33.637Z" }, { "VulnerabilityID": "CVE-2026-28390", "PkgID": "libcrypto3@3.3.5-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.5-r0?arch=x86_64\u0026distro=3.21.5", "UID": "15bbec8716141e63" }, "InstalledVersion": "3.3.5-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28390", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:e8b2b38c85318afd8eebb5e2a53d0b74045ee04b6f69482008851f6a3d36a274", "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing", "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28390", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", "https://nvd.nist.gov/vuln/detail/CVE-2026-28390", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28390", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.19Z", "LastModifiedDate": "2026-05-12T13:17:33.81Z" }, { "VulnerabilityID": "CVE-2025-69419", "PkgID": "libcrypto3@3.3.5-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.5-r0?arch=x86_64\u0026distro=3.21.5", "UID": "15bbec8716141e63" }, "InstalledVersion": "3.3.5-r0", "FixedVersion": "3.3.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69419", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:52e7c37e891b0efa79c7a284d28a83454d2a970bc07f65fab2700d119d30a631", "Title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing", "Description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "cbl-mariner": 3, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4472", "https://access.redhat.com/security/cve/CVE-2025-69419", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-4472.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-x77r-97gw-wh89", "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", "https://linux.oracle.com/cve/CVE-2025-69419.html", "https://linux.oracle.com/errata/ELSA-2026-50131.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69419" ], "PublishedDate": "2026-01-27T16:16:34.113Z", "LastModifiedDate": "2026-05-12T13:17:26.19Z" }, { "VulnerabilityID": "CVE-2026-31790", "PkgID": "libcrypto3@3.3.5-r0", "PkgName": "libcrypto3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libcrypto3@3.3.5-r0?arch=x86_64\u0026distro=3.21.5", "UID": "15bbec8716141e63" }, "InstalledVersion": "3.3.5-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31790", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:92f3162a090499f265b8e8be426810f6495e343b1c37587f8bd4b3a30e6443e9", "Title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key", "Description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-754" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31790", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-vgxx-5xj5-q97x", "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-31790", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.77Z", "LastModifiedDate": "2026-05-12T13:17:34.75Z" }, { "VulnerabilityID": "CVE-2026-31789", "PkgID": "libssl3@3.3.5-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.5-r0?arch=x86_64\u0026distro=3.21.5", "UID": "4587120bb4626f4e" }, "InstalledVersion": "3.3.5-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31789", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:1d6717851fa4e703591b43d980160aecf6933cc24b2f49c2a93685e2b39bd072", "Title": "openssl: OpenSSL: Heap buffer overflow on 32-bit systems from large X.509 certificate processing", "Description": "Issue summary: Converting an excessively large OCTET STRING value to\na hexadecimal string leads to a heap buffer overflow on 32 bit platforms.\n\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nan attacker controlled code execution or other undefined behavior.\n\nIf an attacker can supply a crafted X.509 certificate with an excessively\nlarge OCTET STRING value in extensions such as the Subject Key Identifier\n(SKID) or Authority Key Identifier (AKID) which are being converted to hex,\nthe size of the buffer needed for the result is calculated as multiplication\nof the input length by 3. On 32 bit platforms, this multiplication may overflow\nresulting in the allocation of a smaller buffer and a heap buffer overflow.\n\nApplications and services that print or log contents of untrusted X.509\ncertificates are vulnerable to this issue. As the certificates would have\nto have sizes of over 1 Gigabyte, printing or logging such certificates\nis a fairly unlikely operation and only 32 bit platforms are affected,\nthis issue was assigned Low severity.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "CRITICAL", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "azure": 2, "nvd": 4, "photon": 4, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H", "V3Score": 5.8 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31789", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-j79m-9jxq-788r", "https://github.com/openssl/openssl/commit/364f095b80601db632b0def6a33316967f863bde", "https://github.com/openssl/openssl/commit/7a9087efd769f362ad9c0e30c7baaa6bbfa65ecf", "https://github.com/openssl/openssl/commit/945b935ac66cc7f1a41f1b849c7c25adb5351f49", "https://github.com/openssl/openssl/commit/a24216018e1ede8ff01a4ff5afff7dfbd443e2f9", "https://github.com/openssl/openssl/commit/a91e537d16d74050dbde50bb0dfb1fe9930f0521", "https://nvd.nist.gov/vuln/detail/CVE-2026-31789", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-31789", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.617Z", "LastModifiedDate": "2026-05-12T13:17:34.57Z" }, { "VulnerabilityID": "CVE-2025-15467", "PkgID": "libssl3@3.3.5-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.5-r0?arch=x86_64\u0026distro=3.21.5", "UID": "4587120bb4626f4e" }, "InstalledVersion": "3.3.5-r0", "FixedVersion": "3.3.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-15467", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:1437a19caff4ee2bcf6730b7499c41abf227e8212f28e1a0d5bedd847a7b3dea", "Title": "openssl: OpenSSL: Remote code execution or Denial of Service via oversized Initialization Vector in CMS parsing", "Description": "Issue summary: Parsing CMS AuthEnvelopedData or EnvelopedData message with\nmaliciously crafted AEAD parameters can trigger a stack buffer overflow.\n\nImpact summary: A stack buffer overflow may lead to a crash, causing Denial\nof Service, or potentially remote code execution.\n\nWhen parsing CMS (Auth)EnvelopedData structures that use AEAD ciphers such as\nAES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is\ncopied into a fixed-size stack buffer without verifying that its length fits\nthe destination. An attacker can supply a crafted CMS message with an\noversized IV, causing a stack-based out-of-bounds write before any\nauthentication or tag verification occurs.\n\nApplications and services that parse untrusted CMS or PKCS#7 content using\nAEAD ciphers (e.g., S/MIME (Auth)EnvelopedData with AES-GCM) are vulnerable.\nBecause the overflow occurs prior to authentication, no valid key material\nis required to trigger it. While exploitability to remote code execution\ndepends on platform and toolchain mitigations, the stack-based write\nprimitive represents a severe risk.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the CMS implementation is outside the OpenSSL FIPS module\nboundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3 and 3.0 are vulnerable to this issue.\n\nOpenSSL 1.1.1 and 1.0.2 are not affected by this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 4, "julia": 3, "oracle-oval": 3, "photon": 3, "redhat": 3, "rocky": 3, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "V3Score": 8.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 9.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/01/27/10", "http://www.openwall.com/lists/oss-security/2026/02/25/6", "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-15467", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-wvhq-3h88-rf6g", "https://github.com/guiimoraes/CVE-2025-15467", "https://github.com/openssl/openssl/commit/2c8f0e5fa9b6ee5508a0349e4572ddb74db5a703", "https://github.com/openssl/openssl/commit/5f26d4202f5b89664c5c3f3c62086276026ba9a9", "https://github.com/openssl/openssl/commit/6ced0fe6b10faa560e410e3ee8d6c82f06c65ea3", "https://github.com/openssl/openssl/commit/ce39170276daec87f55c39dad1f629b56344429e", "https://github.com/openssl/openssl/commit/d0071a0799f20cc8101730145349ed4487c268dc", "https://linux.oracle.com/cve/CVE-2025-15467.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-15467", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://www.cve.org/CVERecord?id=CVE-2025-15467" ], "PublishedDate": "2026-01-27T16:16:14.257Z", "LastModifiedDate": "2026-05-07T18:12:43.253Z" }, { "VulnerabilityID": "CVE-2025-69421", "PkgID": "libssl3@3.3.5-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.5-r0?arch=x86_64\u0026distro=3.21.5", "UID": "4587120bb4626f4e" }, "InstalledVersion": "3.3.5-r0", "FixedVersion": "3.3.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69421", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:096219af776daf754743f716da7449b62f325ed5bbd354a60ba845bbf9822954", "Title": "openssl: OpenSSL: Denial of Service via malformed PKCS#12 file processing", "Description": "Issue summary: Processing a malformed PKCS#12 file can trigger a NULL pointer\ndereference in the PKCS12_item_decrypt_d2i_ex() function.\n\nImpact summary: A NULL pointer dereference can trigger a crash which leads to\nDenial of Service for an application processing PKCS#12 files.\n\nThe PKCS12_item_decrypt_d2i_ex() function does not check whether the oct\nparameter is NULL before dereferencing it. When called from\nPKCS12_unpack_p7encdata() with a malformed PKCS#12 file, this parameter can\nbe NULL, causing a crash. The vulnerability is limited to Denial of Service\nand cannot be escalated to achieve code execution or memory disclosure.\n\nExploiting this issue requires an attacker to provide a malformed PKCS#12 file\nto an application that processes it. For that reason the issue was assessed as\nLow severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0, 1.1.1 and 1.0.2 are vulnerable to this issue.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "alma": 3, "amazon": 3, "azure": 2, "cbl-mariner": 2, "julia": 3, "nvd": 3, "oracle-oval": 3, "photon": 3, "redhat": 1, "rocky": 3, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:1473", "https://access.redhat.com/security/cve/CVE-2025-69421", "https://bugzilla.redhat.com/2430375", "https://bugzilla.redhat.com/2430376", "https://bugzilla.redhat.com/2430377", "https://bugzilla.redhat.com/2430378", "https://bugzilla.redhat.com/2430379", "https://bugzilla.redhat.com/2430380", "https://bugzilla.redhat.com/2430381", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/2430387", "https://bugzilla.redhat.com/2430388", "https://bugzilla.redhat.com/2430389", "https://bugzilla.redhat.com/2430390", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-1473.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-w9rv-xc8m-cmqp", "https://github.com/openssl/openssl/commit/3524a29271f8191b8fd8a5257eb05173982a097b", "https://github.com/openssl/openssl/commit/36ecb4960872a4ce04bf6f1e1f4e78d75ec0c0c7", "https://github.com/openssl/openssl/commit/4bbc8d41a72c842ce4077a8a3eccd1109aaf74bd", "https://github.com/openssl/openssl/commit/643986985cd1c21221f941129d76fe0c2785aeb3", "https://github.com/openssl/openssl/commit/a2dbc539f0f9cc63832709fa5aa33ad9495eb19c", "https://linux.oracle.com/cve/CVE-2025-69421.html", "https://linux.oracle.com/errata/ELSA-2026-50081.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69421", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69421" ], "PublishedDate": "2026-01-27T16:16:34.437Z", "LastModifiedDate": "2026-05-12T13:17:26.71Z" }, { "VulnerabilityID": "CVE-2026-28387", "PkgID": "libssl3@3.3.5-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.5-r0?arch=x86_64\u0026distro=3.21.5", "UID": "4587120bb4626f4e" }, "InstalledVersion": "3.3.5-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28387", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:1a04911cc9d7692bb14718be2a60b4170c1ed9e3efdd1da31fdc41bd9d9f6d8f", "Title": "openssl: OpenSSL: Arbitrary code execution due to use-after-free in DANE TLSA authentication", "Description": "Issue summary: An uncommon configuration of clients performing DANE TLSA-based\nserver authentication, when paired with uncommon server DANE TLSA records, may\nresult in a use-after-free and/or double-free on the client side.\n\nImpact summary: A use after free can have a range of potential consequences\nsuch as the corruption of valid data, crashes or execution of arbitrary code.\n\nHowever, the issue only affects clients that make use of TLSA records with both\nthe PKIX-TA(0/PKIX-EE(1) certificate usages and the DANE-TA(2) certificate\nusage.\n\nBy far the most common deployment of DANE is in SMTP MTAs for which RFC7672\nrecommends that clients treat as 'unusable' any TLSA records that have the PKIX\ncertificate usages. These SMTP (or other similar) clients are not vulnerable\nto this issue. Conversely, any clients that support only the PKIX usages, and\nignore the DANE-TA(2) usage are also not vulnerable.\n\nThe client would also need to be communicating with a server that publishes a\nTLSA RRset with both types of TLSA records.\n\nNo FIPS modules are affected by this issue, the problem code is outside the\nFIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-416" ], "VendorSeverity": { "amazon": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "V3Score": 8.1 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28387", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/07e727d304746edb49a98ee8f6ab00256e1f012b", "https://github.com/openssl/openssl/commit/258a8f63b26995ba357f4326da00e19e29c6acbe", "https://github.com/openssl/openssl/commit/444958deaf450aea819171f97ae69eaedede42c3", "https://github.com/openssl/openssl/commit/7a4e08cee62a728d32e60b0de89e6764339df0a7", "https://github.com/openssl/openssl/commit/ec03fa050b3346997ed9c5fef3d0e16ad7db8177", "https://nvd.nist.gov/vuln/detail/CVE-2026-28387", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28387", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:20.7Z", "LastModifiedDate": "2026-05-12T13:17:33.27Z" }, { "VulnerabilityID": "CVE-2026-28388", "PkgID": "libssl3@3.3.5-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.5-r0?arch=x86_64\u0026distro=3.21.5", "UID": "4587120bb4626f4e" }, "InstalledVersion": "3.3.5-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28388", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:249ad61b8786371b8cdde03ace6afd11781880dc4428ab221dcec784d67f408c", "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in delta CRL processing", "Description": "Issue summary: When a delta CRL that contains a Delta CRL Indicator extension\nis processed a NULL pointer dereference might happen if the required CRL\nNumber extension is missing.\n\nImpact summary: A NULL pointer dereference can trigger a crash which\nleads to a Denial of Service for an application.\n\nWhen CRL processing and delta CRL processing is enabled during X.509\ncertificate verification, the delta CRL processing does not check\nwhether the CRL Number extension is NULL before dereferencing it.\nWhen a malformed delta CRL file is being processed, this parameter\ncan be NULL, causing a NULL pointer dereference.\n\nExploiting this issue requires the X509_V_FLAG_USE_DELTAS flag to be enabled in\nthe verification context, the certificate being verified to contain a\nfreshestCRL extension or the base CRL to have the EXFLAG_FRESHEST flag set, and\nan attacker to provide a malformed CRL to an application that processes it.\n\nThe vulnerability is limited to Denial of Service and cannot be escalated to\nachieve code execution or memory disclosure. For that reason the issue was\nassessed as Low severity according to our Security Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28388", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/59c3b3158553ab53275bbbccca5cb305d591cf2e", "https://github.com/openssl/openssl/commit/5a0b4930779cd2408880979db765db919da55139", "https://github.com/openssl/openssl/commit/602542f2c0c2d5edb47128f93eac10b62aeeefb3", "https://github.com/openssl/openssl/commit/a9d187dd1000130100fa7ab915f8513532cb3bb8", "https://github.com/openssl/openssl/commit/d3a901e8d9f021f3e67d6cfbc12e768129862726", "https://nvd.nist.gov/vuln/detail/CVE-2026-28388", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28388", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:20.863Z", "LastModifiedDate": "2026-05-12T13:17:33.453Z" }, { "VulnerabilityID": "CVE-2026-28389", "PkgID": "libssl3@3.3.5-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.5-r0?arch=x86_64\u0026distro=3.21.5", "UID": "4587120bb4626f4e" }, "InstalledVersion": "3.3.5-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28389", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:8b571e6c9fee18912718ba81be4a4b96623ee191f765490b6549f352b07ba598", "Title": "openssl: OpenSSL: Denial of Service vulnerability in CMS processing", "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyAgreeRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyAgreeRecipientInfo is\nprocessed, the optional parameters field of KeyEncryptionAlgorithmIdentifier\nis examined without checking for its presence. This results in a NULL\npointer dereference if the field is missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28389", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/advisories/GHSA-7x88-9hgc-69gf", "https://github.com/openssl/openssl/commit/16cea4188e0ea567deb4f93f85902247e67384f5", "https://github.com/openssl/openssl/commit/785cbf7ea3b5a6f5adf0c1ccb92b79d89c35c616", "https://github.com/openssl/openssl/commit/7b5274e812400cacb6f3be4c2df5340923fa807f", "https://github.com/openssl/openssl/commit/c6725634e089eb2b634b10ede33944be7248172a", "https://github.com/openssl/openssl/commit/f80f83bc5fd036bc47d773e8b15a001e2b4ce686", "https://nvd.nist.gov/vuln/detail/CVE-2026-28389", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28389", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.03Z", "LastModifiedDate": "2026-05-12T13:17:33.637Z" }, { "VulnerabilityID": "CVE-2026-28390", "PkgID": "libssl3@3.3.5-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.5-r0?arch=x86_64\u0026distro=3.21.5", "UID": "4587120bb4626f4e" }, "InstalledVersion": "3.3.5-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-28390", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:5582751d26ddbe3ada4a3a6dba7b010f38b4f15af3ef55c3751a1b48a3658746", "Title": "openssl: OpenSSL: Denial of Service due to NULL pointer dereference in CMS EnvelopedData processing", "Description": "Issue summary: During processing of a crafted CMS EnvelopedData message\nwith KeyTransportRecipientInfo a NULL pointer dereference can happen.\n\nImpact summary: Applications that process attacker-controlled CMS data may\ncrash before authentication or cryptographic operations occur resulting in\nDenial of Service.\n\nWhen a CMS EnvelopedData message that uses KeyTransportRecipientInfo with\nRSA-OAEP encryption is processed, the optional parameters field of\nRSA-OAEP SourceFunc algorithm identifier is examined without checking\nfor its presence. This results in a NULL pointer dereference if the field\nis missing.\n\nApplications and services that call CMS_decrypt() on untrusted input\n(e.g., S/MIME processing or CMS-based protocols) are vulnerable.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "Severity": "HIGH", "CweIDs": [ "CWE-476" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "V3Score": 7.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-28390", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://github.com/openssl/openssl/commit/01194a8f1941115cd0383bfa91c736dd3993c8bc", "https://github.com/openssl/openssl/commit/2e39b7a6993be445fddb9fbce316fa756e0397b6", "https://github.com/openssl/openssl/commit/af2a5fecd3e71a29e7568f9c1453dec5cebbaff4", "https://github.com/openssl/openssl/commit/ea7b4ea4f9f853521ba34830cbcadc970d2e0788", "https://github.com/openssl/openssl/commit/fd2f1a6cf53b9ceeca723a001aa4b825d7c7ee75", "https://nvd.nist.gov/vuln/detail/CVE-2026-28390", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://ubuntu.com/security/notices/USN-8155-2", "https://www.cve.org/CVERecord?id=CVE-2026-28390", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.19Z", "LastModifiedDate": "2026-05-12T13:17:33.81Z" }, { "VulnerabilityID": "CVE-2025-69419", "PkgID": "libssl3@3.3.5-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.5-r0?arch=x86_64\u0026distro=3.21.5", "UID": "4587120bb4626f4e" }, "InstalledVersion": "3.3.5-r0", "FixedVersion": "3.3.6-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-69419", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:493f8c12cd66607c3cdf4468f84ce16479260e5ebf41324b67f5823d75f1dd35", "Title": "openssl: OpenSSL: Arbitrary code execution due to out-of-bounds write in PKCS#12 processing", "Description": "Issue summary: Calling PKCS12_get_friendlyname() function on a maliciously\ncrafted PKCS#12 file with a BMPString (UTF-16BE) friendly name containing\nnon-ASCII BMP code point can trigger a one byte write before the allocated\nbuffer.\n\nImpact summary: The out-of-bounds write can cause a memory corruption\nwhich can have various consequences including a Denial of Service.\n\nThe OPENSSL_uni2utf8() function performs a two-pass conversion of a PKCS#12\nBMPString (UTF-16BE) to UTF-8. In the second pass, when emitting UTF-8 bytes,\nthe helper function bmp_to_utf8() incorrectly forwards the remaining UTF-16\nsource byte count as the destination buffer capacity to UTF8_putc(). For BMP\ncode points above U+07FF, UTF-8 requires three bytes, but the forwarded\ncapacity can be just two bytes. UTF8_putc() then returns -1, and this negative\nvalue is added to the output length without validation, causing the\nlength to become negative. The subsequent trailing NUL byte is then written\nat a negative offset, causing write outside of heap allocated buffer.\n\nThe vulnerability is reachable via the public PKCS12_get_friendlyname() API\nwhen parsing attacker-controlled PKCS#12 files. While PKCS12_parse() uses a\ndifferent code path that avoids this issue, PKCS12_get_friendlyname() directly\ninvokes the vulnerable function. Exploitation requires an attacker to provide\na malicious PKCS#12 file to be parsed by the application and the attacker\ncan just trigger a one zero byte write before the allocated buffer.\nFor that reason the issue was assessed as Low severity according to our\nSecurity Policy.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue,\nas the PKCS#12 implementation is outside the OpenSSL FIPS module boundary.\n\nOpenSSL 3.6, 3.5, 3.4, 3.3, 3.0 and 1.1.1 are vulnerable to this issue.\n\nOpenSSL 1.0.2 is not affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "alma": 2, "amazon": 3, "azure": 3, "cbl-mariner": 3, "julia": 3, "oracle-oval": 2, "photon": 3, "redhat": 2, "rocky": 3, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "V3Score": 7.4 } }, "References": [ "https://access.redhat.com/errata/RHSA-2026:4472", "https://access.redhat.com/security/cve/CVE-2025-69419", "https://bugzilla.redhat.com/2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430375", "https://bugzilla.redhat.com/show_bug.cgi?id=2430376", "https://bugzilla.redhat.com/show_bug.cgi?id=2430377", "https://bugzilla.redhat.com/show_bug.cgi?id=2430378", "https://bugzilla.redhat.com/show_bug.cgi?id=2430379", "https://bugzilla.redhat.com/show_bug.cgi?id=2430380", "https://bugzilla.redhat.com/show_bug.cgi?id=2430381", "https://bugzilla.redhat.com/show_bug.cgi?id=2430386", "https://bugzilla.redhat.com/show_bug.cgi?id=2430387", "https://bugzilla.redhat.com/show_bug.cgi?id=2430388", "https://bugzilla.redhat.com/show_bug.cgi?id=2430389", "https://bugzilla.redhat.com/show_bug.cgi?id=2430390", "https://cert-portal.siemens.com/productcert/html/ssa-265688.html", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-11187", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15467", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15468", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15469", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-66199", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-68160", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69418", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69419", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69420", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-69421", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22795", "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22796", "https://errata.almalinux.org/9/ALSA-2026-4472.html", "https://errata.rockylinux.org/RLSA-2026:1473", "https://github.com/advisories/GHSA-x77r-97gw-wh89", "https://github.com/openssl/openssl/commit/41be0f216404f14457bbf3b9cc488dba60b49296", "https://github.com/openssl/openssl/commit/7e9cac9832e4705b91987c2474ed06a37a93cecb", "https://github.com/openssl/openssl/commit/a26a90d38edec3748566129d824e664b54bee2e2", "https://github.com/openssl/openssl/commit/cda12de3bc0e333ea8d2c6fd15001dbdaf280015", "https://github.com/openssl/openssl/commit/ff628933755075446bca8307e8417c14d164b535", "https://linux.oracle.com/cve/CVE-2025-69419.html", "https://linux.oracle.com/errata/ELSA-2026-50131.html", "https://nvd.nist.gov/vuln/detail/CVE-2025-69419", "https://openssl-library.org/news/secadv/20260127.txt", "https://ubuntu.com/security/notices/USN-7980-1", "https://ubuntu.com/security/notices/USN-7980-2", "https://www.cve.org/CVERecord?id=CVE-2025-69419" ], "PublishedDate": "2026-01-27T16:16:34.113Z", "LastModifiedDate": "2026-05-12T13:17:26.19Z" }, { "VulnerabilityID": "CVE-2026-31790", "PkgID": "libssl3@3.3.5-r0", "PkgName": "libssl3", "PkgIdentifier": { "PURL": "pkg:apk/alpine/libssl3@3.3.5-r0?arch=x86_64\u0026distro=3.21.5", "UID": "4587120bb4626f4e" }, "InstalledVersion": "3.3.5-r0", "FixedVersion": "3.3.7-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-31790", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:0b6b3b7f9bdfdd22262237d2b6a50912046a720bed7292b54e08761b37d72993", "Title": "openssl: openssl: Information Disclosure from Uninitialized Memory via Invalid RSA Public Key", "Description": "Issue summary: Applications using RSASVE key encapsulation to establish\na secret encryption key can send contents of an uninitialized memory buffer to\na malicious peer.\n\nImpact summary: The uninitialized buffer might contain sensitive data from the\nprevious execution of the application process which leads to sensitive data\nleakage to an attacker.\n\nRSA_public_encrypt() returns the number of bytes written on success and -1\non error. The affected code tests only whether the return value is non-zero.\nAs a result, if RSA encryption fails, encapsulation can still return success to\nthe caller, set the output lengths, and leave the caller to use the contents of\nthe ciphertext buffer as if a valid KEM ciphertext had been produced.\n\nIf applications use EVP_PKEY_encapsulate() with RSA/RSASVE on an\nattacker-supplied invalid RSA public key without first validating that key,\nthen this may cause stale or uninitialized contents of the caller-provided\nciphertext buffer to be disclosed to the attacker in place of the KEM\nciphertext.\n\nAs a workaround calling EVP_PKEY_public_check() or\nEVP_PKEY_public_check_quick() before EVP_PKEY_encapsulate() will mitigate\nthe issue.\n\nThe FIPS modules in 3.6, 3.5, 3.4, 3.3, 3.1 and 3.0 are affected by this issue.", "Severity": "MEDIUM", "CweIDs": [ "CWE-754" ], "VendorSeverity": { "amazon": 3, "azure": 2, "julia": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 7.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "V3Score": 5.9 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-31790", "https://cert-portal.siemens.com/productcert/html/ssa-032379.html", "https://github.com/advisories/GHSA-vgxx-5xj5-q97x", "https://github.com/openssl/openssl/commit/001e01db3e996e13ffc72386fe79d03a6683b5ac", "https://github.com/openssl/openssl/commit/abd8b2eec7e3f3fda60ecfb68498b246b52af482", "https://github.com/openssl/openssl/commit/b922e24e5b23ffb9cb9e14cadff23d91e9f7e406", "https://github.com/openssl/openssl/commit/d5f8e71cd0a54e961d0c3b174348f8308486f790", "https://github.com/openssl/openssl/commit/eed200f58cd8645ed77e46b7e9f764e284df379e", "https://nvd.nist.gov/vuln/detail/CVE-2026-31790", "https://openssl-library.org/news/secadv/20260407.txt", "https://ubuntu.com/security/notices/USN-8155-1", "https://www.cve.org/CVERecord?id=CVE-2026-31790", "https://www.openwall.com/lists/oss-security/2026/04/07/11" ], "PublishedDate": "2026-04-07T22:16:21.77Z", "LastModifiedDate": "2026-05-12T13:17:34.75Z" }, { "VulnerabilityID": "CVE-2026-40200", "PkgID": "musl@1.2.5-r9", "PkgName": "musl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl@1.2.5-r9?arch=x86_64\u0026distro=3.21.5", "UID": "d0316c4ab0862e6b" }, "InstalledVersion": "1.2.5-r9", "FixedVersion": "1.2.5-r11", "Status": "fixed", "Layer": { "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40200", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:3b70696114eb8af6ac1c25a7df8202a3e19c8258f9edffb8f902b1be55d26cf9", "Title": "musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort", "Description": "An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).", "Severity": "HIGH", "CweIDs": [ "CWE-670" ], "VendorSeverity": { "redhat": 3 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/10/13", "https://access.redhat.com/security/cve/CVE-2026-40200", "https://musl.libc.org/releases.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-40200", "https://www.cve.org/CVERecord?id=CVE-2026-40200", "https://www.openwall.com/lists/oss-security/2026/04/10/13" ], "PublishedDate": "2026-04-10T17:17:14.107Z", "LastModifiedDate": "2026-04-27T19:18:46.69Z" }, { "VulnerabilityID": "CVE-2026-6042", "PkgID": "musl@1.2.5-r9", "PkgName": "musl", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl@1.2.5-r9?arch=x86_64\u0026distro=3.21.5", "UID": "d0316c4ab0862e6b" }, "InstalledVersion": "1.2.5-r9", "FixedVersion": "1.2.5-r10", "Status": "fixed", "Layer": { "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6042", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:6c518e0aad464ce69885e78590ea8671cf7a1fa3bd4851badd57004b83531808", "Title": "musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv", "Description": "A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.", "Severity": "MEDIUM", "CweIDs": [ "CWE-404", "CWE-407" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/09/19", "https://access.redhat.com/security/cve/CVE-2026-6042", "https://nvd.nist.gov/vuln/detail/CVE-2026-6042", "https://vuldb.com/submit/796352", "https://vuldb.com/vuln/356620", "https://vuldb.com/vuln/356620/cti", "https://www.cve.org/CVERecord?id=CVE-2026-6042", "https://www.openwall.com/lists/oss-security/2026/04/02/10", "https://www.openwall.com/lists/oss-security/2026/04/03/2" ], "PublishedDate": "2026-04-10T09:16:25.45Z", "LastModifiedDate": "2026-04-24T18:01:13.913Z" }, { "VulnerabilityID": "CVE-2026-40200", "PkgID": "musl-utils@1.2.5-r9", "PkgName": "musl-utils", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r9?arch=x86_64\u0026distro=3.21.5", "UID": "8991799c5350cf95" }, "InstalledVersion": "1.2.5-r9", "FixedVersion": "1.2.5-r11", "Status": "fixed", "Layer": { "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-40200", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:7f84aa240989d79e16a3f952f585220d989a3876b46f87394aaad471d435533a", "Title": "musl: musl libc: Arbitrary code execution and denial of service via stack-based memory corruption in qsort", "Description": "An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical).", "Severity": "HIGH", "CweIDs": [ "CWE-670" ], "VendorSeverity": { "redhat": 3 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "V3Score": 7.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/10/13", "https://access.redhat.com/security/cve/CVE-2026-40200", "https://musl.libc.org/releases.html", "https://nvd.nist.gov/vuln/detail/CVE-2026-40200", "https://www.cve.org/CVERecord?id=CVE-2026-40200", "https://www.openwall.com/lists/oss-security/2026/04/10/13" ], "PublishedDate": "2026-04-10T17:17:14.107Z", "LastModifiedDate": "2026-04-27T19:18:46.69Z" }, { "VulnerabilityID": "CVE-2026-6042", "PkgID": "musl-utils@1.2.5-r9", "PkgName": "musl-utils", "PkgIdentifier": { "PURL": "pkg:apk/alpine/musl-utils@1.2.5-r9?arch=x86_64\u0026distro=3.21.5", "UID": "8991799c5350cf95" }, "InstalledVersion": "1.2.5-r9", "FixedVersion": "1.2.5-r10", "Status": "fixed", "Layer": { "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6042", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:f4c49b384be7f1f152a1909ce0a6a7fa66bf4d9f8ae22659543b7a0b39e8072c", "Title": "musl libc: GB18030 4-byte Decoder: musl libc: Denial of Service via inefficient algorithmic complexity in iconv", "Description": "A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix this issue, it is recommended to deploy a patch.", "Severity": "MEDIUM", "CweIDs": [ "CWE-404", "CWE-407" ], "VendorSeverity": { "redhat": 2 }, "CVSS": { "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/09/19", "https://access.redhat.com/security/cve/CVE-2026-6042", "https://nvd.nist.gov/vuln/detail/CVE-2026-6042", "https://vuldb.com/submit/796352", "https://vuldb.com/vuln/356620", "https://vuldb.com/vuln/356620/cti", "https://www.cve.org/CVERecord?id=CVE-2026-6042", "https://www.openwall.com/lists/oss-security/2026/04/02/10", "https://www.openwall.com/lists/oss-security/2026/04/03/2" ], "PublishedDate": "2026-04-10T09:16:25.45Z", "LastModifiedDate": "2026-04-24T18:01:13.913Z" }, { "VulnerabilityID": "CVE-2024-58251", "PkgID": "ssl_client@1.37.0-r13", "PkgName": "ssl_client", "PkgIdentifier": { "PURL": "pkg:apk/alpine/ssl_client@1.37.0-r13?arch=x86_64\u0026distro=3.21.5", "UID": "a2f8df60e844b202" }, "InstalledVersion": "1.37.0-r13", "FixedVersion": "1.37.0-r14", "Status": "fixed", "Layer": { "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" }, "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-58251", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:e98fa594d7d019c081dc79e6619cb4cc216db1c0183ff0b8f3661edffd20b880", "Title": "In netstat in BusyBox through 1.37.0, local users can launch of networ ...", "Description": "In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.", "Severity": "MEDIUM", "CweIDs": [ "CWE-150" ], "VendorSeverity": { "ubuntu": 2 }, "References": [ "http://www.openwall.com/lists/oss-security/2025/04/23/6", "https://bugs.busybox.net/show_bug.cgi?id=15922", "https://www.busybox.net", "https://www.busybox.net/downloads/", "https://www.cve.org/CVERecord?id=CVE-2024-58251" ], "PublishedDate": "2025-04-23T18:16:03.057Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2026-34743", "PkgID": "xz-libs@5.6.3-r1", "PkgName": "xz-libs", "PkgIdentifier": { "PURL": "pkg:apk/alpine/xz-libs@5.6.3-r1?arch=x86_64\u0026distro=3.21.5", "UID": "219720ff66151d62" }, "InstalledVersion": "5.6.3-r1", "FixedVersion": "5.8.3-r0", "Status": "fixed", "Layer": { "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-34743", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:093c4389bbefa87edd302c3db8bc6bfcf6be67b38e2330936cb2c88219ea83da", "Title": "xz: XZ Utils: Denial of Service via buffer overflow in index decoding", "Description": "XZ Utils provide a general-purpose data-compression library plus command-line tools. Prior to version 5.8.3, if lzma_index_decoder() was used to decode an Index that contained no Records, the resulting lzma_index was left in a state where where a subsequent lzma_index_append() would allocate too little memory, and a buffer overflow would occur. This issue has been patched in version 5.8.3.", "Severity": "MEDIUM", "CweIDs": [ "CWE-122" ], "VendorSeverity": { "azure": 1, "nvd": 2, "photon": 2, "redhat": 2 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 5.3 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/03/31/13", "https://access.redhat.com/security/cve/CVE-2026-34743", "https://github.com/tukaani-project/xz/commit/c8c22869e780ff57c96b46939c3d79ff99395f87", "https://github.com/tukaani-project/xz/releases/tag/v5.8.3", "https://github.com/tukaani-project/xz/security/advisories/GHSA-x872-m794-cxhv", "https://nvd.nist.gov/vuln/detail/CVE-2026-34743", "https://www.cve.org/CVERecord?id=CVE-2026-34743" ], "PublishedDate": "2026-04-02T19:21:33.187Z", "LastModifiedDate": "2026-04-15T17:33:17.68Z" }, { "VulnerabilityID": "CVE-2026-22184", "PkgID": "zlib@1.3.1-r2", "PkgName": "zlib", "PkgIdentifier": { "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.21.5", "UID": "3b545badcbeb3bc0" }, "InstalledVersion": "1.3.1-r2", "FixedVersion": "1.3.2-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-22184", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:08dab42c48f656d2a6523d1da0090f06db9f143f40f4e0f8d6dca55d4b8ebe7e", "Title": "zlib: zlib: Arbitrary code execution via buffer overflow in untgz utility", "Description": "zlib versions up to and including 1.3.1.2 include a global buffer overflow in the untgz utility located under contrib/untgz. The vulnerability is limited to the standalone demonstration utility and does not affect the core zlib compression library. The flaw occurs when a user executes the untgz command with an excessively long archive name supplied via the command line, leading to an out-of-bounds write in a fixed-size global buffer.", "Severity": "HIGH", "CweIDs": [ "CWE-787" ], "VendorSeverity": { "nvd": 3, "redhat": 3 }, "CVSS": { "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "V3Score": 8.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2026-22184", "https://github.com/madler/zlib", "https://github.com/madler/zlib/issues/1142", "https://nvd.nist.gov/vuln/detail/CVE-2026-22184", "https://seclists.org/fulldisclosure/2026/Jan/3", "https://www.cve.org/CVERecord?id=CVE-2026-22184", "https://www.vulncheck.com/advisories/zlib-untgz-global-buffer-overflow-in-tgzfname", "https://zlib.net/" ], "PublishedDate": "2026-01-07T21:16:01.563Z", "LastModifiedDate": "2026-03-18T16:26:31.14Z" }, { "VulnerabilityID": "CVE-2026-27171", "PkgID": "zlib@1.3.1-r2", "PkgName": "zlib", "PkgIdentifier": { "PURL": "pkg:apk/alpine/zlib@1.3.1-r2?arch=x86_64\u0026distro=3.21.5", "UID": "3b545badcbeb3bc0" }, "InstalledVersion": "1.3.1-r2", "FixedVersion": "1.3.2-r0", "Status": "fixed", "Layer": { "Digest": "sha256:f637881d1138581d892d9eb942c56e0ccc7758fe3bdc0f1e6cd66059fdfd8185", "DiffID": "sha256:922ec217407c0fd31cb18b46090bf62e439fb53ecd01f09406d62e25a906e09b" }, "SeveritySource": "nvd", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-27171", "DataSource": { "ID": "alpine", "Name": "Alpine Secdb", "URL": "https://secdb.alpinelinux.org/" }, "Fingerprint": "sha256:fd9a815cad7c05334f6594127b9383218dae695bd2a9fdb26e51bef18efb9bf4", "Title": "zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions", "Description": "zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.", "Severity": "MEDIUM", "CweIDs": [ "CWE-1284" ], "VendorSeverity": { "amazon": 1, "azure": 1, "cbl-mariner": 1, "julia": 1, "nvd": 2, "redhat": 1, "ubuntu": 1 }, "CVSS": { "julia": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", "V3Score": 2.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "V3Score": 3.3 } }, "References": [ "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit", "https://7asecurity.com/blog/2026/02/zlib-7asecurity-audit/", "https://7asecurity.com/reports/pentest-report-zlib-RC1.1.pdf", "https://access.redhat.com/security/cve/CVE-2026-27171", "https://github.com/advisories/GHSA-h858-mf2m-8jf4", "https://github.com/madler/zlib/issues/904", "https://github.com/madler/zlib/releases/tag/v1.3.2", "https://nvd.nist.gov/vuln/detail/CVE-2026-27171", "https://ostif.org/zlib-audit-complete", "https://ostif.org/zlib-audit-complete/", "https://www.cve.org/CVERecord?id=CVE-2026-27171" ], "PublishedDate": "2026-02-18T04:16:01.263Z", "LastModifiedDate": "2026-03-25T21:27:04.603Z" } ] }, { "Target": "Python", "Class": "lang-pkgs", "Type": "python-pkg", "Packages": [ { "Name": "pip", "Identifier": { "PURL": "pkg:pypi/pip@25.0.1", "UID": "7d864d9a4bf3bfe8" }, "Version": "25.0.1", "Licenses": [ "MIT" ], "Layer": { "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" }, "FilePath": "usr/local/lib/python3.12/site-packages/pip-25.0.1.dist-info/METADATA", "AnalyzedBy": "python-pkg" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2025-8869", "VendorIDs": [ "GHSA-4xh5-x5gv-qwph" ], "PkgName": "pip", "PkgPath": "usr/local/lib/python3.12/site-packages/pip-25.0.1.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/pip@25.0.1", "UID": "7d864d9a4bf3bfe8" }, "InstalledVersion": "25.0.1", "FixedVersion": "25.3", "Status": "fixed", "Layer": { "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-8869", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:ffc428a4a653908d36bb9197b506bf2d5fda91eb1caaddc6eb1e4f9ce4a2d0dc", "Title": "pip: pip missing checks on symbolic link extraction", "Description": "When extracting a tar archive pip may not check symbolic links point into the extraction directory if the tarfile module doesn't implement PEP 706.\nNote that upgrading pip to a \"fixed\" version for this vulnerability doesn't fix all known vulnerabilities that are remediated by using a Python version that implements PEP 706.\n\nNote that this is a vulnerability in pip's fallback implementation of tar extraction for Python versions that don't implement PEP 706\nand therefore are not secure to all vulnerabilities in the Python 'tarfile' module. If you're using a Python version that implements PEP 706\nthen pip doesn't use the \"vulnerable\" fallback code.\n\nMitigations include upgrading to a version of pip that includes the fix, upgrading to a Python version that implements PEP 706 (Python \u003e=3.9.17, \u003e=3.10.12, \u003e=3.11.4, or \u003e=3.12),\napplying the linked patch, or inspecting source distributions (sdists) before installation as is already a best-practice.", "Severity": "MEDIUM", "VendorSeverity": { "amazon": 2, "azure": 2, "ghsa": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N", "V40Score": 5.9 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "V3Score": 5.3 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-8869", "https://github.com/pypa/pip", "https://github.com/pypa/pip/commit/f2b92314da012b9fffa36b3f3e67748a37ef464a", "https://github.com/pypa/pip/pull/13550", "https://lists.debian.org/debian-lts-announce/2025/10/msg00028.html", "https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN", "https://mail.python.org/archives/list/security-announce@python.org/thread/IF5A3GCJY3VH7BVHJKOWOJFKTW7VFQEN/", "https://nvd.nist.gov/vuln/detail/CVE-2025-8869", "https://pip.pypa.io/en/stable/news/#v25-2", "https://www.cve.org/CVERecord?id=CVE-2025-8869" ], "PublishedDate": "2025-09-24T15:15:41.293Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" }, { "VulnerabilityID": "CVE-2026-3219", "VendorIDs": [ "GHSA-58qw-9mgm-455v" ], "PkgName": "pip", "PkgPath": "usr/local/lib/python3.12/site-packages/pip-25.0.1.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/pip@25.0.1", "UID": "7d864d9a4bf3bfe8" }, "InstalledVersion": "25.0.1", "FixedVersion": "26.1", "Status": "fixed", "Layer": { "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-3219", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:ab0b138ac5e6cdf5cbd178746207c1790297a62af85b1cebb3d9d44563d79514", "Title": "pip: pip: Incorrect file installation due to improper archive handling", "Description": "pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as installing \"incorrect\" files according to the filename of the archive. New behavior only proceeds with installation if the file identifies uniquely as a ZIP or tar archive, not as both.", "Severity": "MEDIUM", "CweIDs": [ "CWE-434" ], "VendorSeverity": { "amazon": 3, "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", "V40Score": 4.6 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", "V3Score": 5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/20/8", "https://access.redhat.com/security/cve/CVE-2026-3219", "https://github.com/pypa/pip", "https://github.com/pypa/pip/issues/13867", "https://github.com/pypa/pip/pull/13870", "https://mail.python.org/archives/list/security-announce@python.org/thread/QAJ5JIVWWCAJ4EZL2FP5MOOW35JS7LRJ", "https://mail.python.org/archives/list/security-announce@python.org/thread/QAJ5JIVWWCAJ4EZL2FP5MOOW35JS7LRJ/", "https://nvd.nist.gov/vuln/detail/CVE-2026-3219", "https://www.cve.org/CVERecord?id=CVE-2026-3219" ], "PublishedDate": "2026-04-20T16:16:45.43Z", "LastModifiedDate": "2026-04-20T21:16:36.42Z" }, { "VulnerabilityID": "CVE-2026-6357", "VendorIDs": [ "GHSA-jp4c-xjxw-mgf9" ], "PkgName": "pip", "PkgPath": "usr/local/lib/python3.12/site-packages/pip-25.0.1.dist-info/METADATA", "PkgIdentifier": { "PURL": "pkg:pypi/pip@25.0.1", "UID": "7d864d9a4bf3bfe8" }, "InstalledVersion": "25.0.1", "FixedVersion": "26.1", "Status": "fixed", "Layer": { "Digest": "sha256:cc0999be1599583c24ba0185c267541860b9a059876fb8646f0e6bee61219dd6", "DiffID": "sha256:42bbad08e32829ca3d1fb00847d6a2af7f961ff522a0db7f7d9fedb61c0b76f9" }, "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2026-6357", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory pip", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Apip" }, "Fingerprint": "sha256:4e64f64654e43fc7ec07c64eec788565784adeb2a04cb3a186280de4a4bf7379", "Title": "pip: pip: Arbitrary code execution or information disclosure via malicious wheel package installation", "Description": "pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run before wheels are installed to prevent newly-installed modules from being imported shortly after the installation of a wheel package. Users should still review package contents prior to installation.", "Severity": "MEDIUM", "CweIDs": [ "CWE-829" ], "VendorSeverity": { "amazon": 3, "ghsa": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N", "V40Score": 5.3 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N", "V3Score": 5.8 } }, "References": [ "http://www.openwall.com/lists/oss-security/2026/04/27/7", "https://access.redhat.com/security/cve/CVE-2026-6357", "https://github.com/pypa/pip", "https://github.com/pypa/pip/commit/b369bfc96cc524e00c267e1693290e6599c36bad", "https://github.com/pypa/pip/pull/13923", "https://ichard26.github.io/blog/2026/04/whats-new-in-pip-26.1/#security-fixes", "https://nvd.nist.gov/vuln/detail/CVE-2026-6357", "https://www.cve.org/CVERecord?id=CVE-2026-6357" ], "PublishedDate": "2026-04-27T15:16:20.857Z", "LastModifiedDate": "2026-04-27T23:16:03.533Z" } ] } ] }, { "Namespace": "metallb-system", "Kind": "ControlPlaneComponents", "Name": "controller", "Metadata": [ {} ], "Results": [ { "Target": "ControlPlaneComponents/controller", "Class": "lang-pkgs", "Type": "kubernetes", "Packages": [ { "Name": "controller", "Version": "v0.14.9" } ] } ] }, { "Namespace": "metallb-system", "Kind": "ControlPlaneComponents", "Name": "speaker", "Metadata": [ {} ], "Results": [ { "Target": "ControlPlaneComponents/speaker", "Class": "lang-pkgs", "Type": "kubernetes", "Packages": [ { "Name": "speaker", "Version": "v0.14.9" } ] } ] }, { "Namespace": "cert-manager", "Kind": "ControlPlaneComponents", "Name": "cert-manager", "Metadata": [ {} ], "Results": [ { "Target": "ControlPlaneComponents/cert-manager", "Class": "lang-pkgs", "Type": "kubernetes", "Packages": [ { "Name": "cert-manager", "Version": "v1.14.5" } ] } ] }, { "Namespace": "kube-system", "Kind": "ControlPlaneComponents", "Name": "kube-dns", "Metadata": [ {} ], "Results": [ { "Target": "ControlPlaneComponents/kube-dns", "Class": "lang-pkgs", "Type": "kubernetes", "Packages": [ { "Name": "kube-dns" } ] } ] }, { "Namespace": "kube-system", "Kind": "ControlPlaneComponents", "Name": "hostpath-provisioner", "Metadata": [ {} ], "Results": [ { "Target": "ControlPlaneComponents/hostpath-provisioner", "Class": "lang-pkgs", "Type": "kubernetes", "Packages": [ { "Name": "hostpath-provisioner", "Version": "v1.5.0" } ] } ] }, { "Kind": "NodeComponents", "Name": "prod-01.alexpires.me", "Metadata": [ {} ], "Results": [ { "Target": "NodeComponents/prod-01.alexpires.me", "Class": "lang-pkgs", "Type": "kubernetes", "Packages": [ { "Name": "k8s.io/kubelet", "Version": "v1.29.15" } ] }, { "Target": "prod-01.alexpires.me", "Class": "lang-pkgs", "Type": "gobinary", "Packages": [ { "Name": "github.com/containerd/containerd", "Version": "v1.6.28" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2024-25621", "VendorIDs": [ "GHSA-pwhc-rpq9-4c8w" ], "PkgName": "github.com/containerd/containerd", "InstalledVersion": "v1.6.28", "FixedVersion": "1.7.29", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-25621", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Title": "github.com/containerd/containerd: containerd local privilege escalation", "Description": "containerd is an open-source container runtime. Versions 0.1.0 through 1.7.28, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4 and 2.2.0-beta.0 through 2.2.0-rc.1 have an overly broad default permission vulnerability. Directory paths `/var/lib/containerd`, `/run/containerd/io.containerd.grpc.v1.cri` and `/run/containerd/io.containerd.sandbox.controller.v1.shim` were all created with incorrect permissions. This issue is fixed in versions 1.7.29, 2.0.7, 2.1.5 and 2.2.0. Workarounds include updating system administrator permissions so the host can manually chmod the directories to not have group or world accessible permissions, or to run containerd in rootless mode.", "Severity": "HIGH", "CweIDs": [ "CWE-279" ], "VendorSeverity": { "amazon": 2, "azure": 3, "cbl-mariner": 3, "ghsa": 3, "nvd": 3, "photon": 3, "redhat": 3, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "V3Score": 7.3 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L", "V3Score": 7.7 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-25621", "https://github.com/containerd/containerd", "https://github.com/containerd/containerd/blob/main/docs/rootless.md", "https://github.com/containerd/containerd/commit/7c59e8e9e970d38061a77b586b23655c352bfec5", "https://github.com/containerd/containerd/security/advisories/GHSA-pwhc-rpq9-4c8w", "https://nvd.nist.gov/vuln/detail/CVE-2024-25621", "https://ubuntu.com/security/notices/USN-7983-1", "https://www.cve.org/CVERecord?id=CVE-2024-25621" ], "PublishedDate": "2025-11-06T19:15:40.09Z", "LastModifiedDate": "2025-12-31T02:29:30.48Z" }, { "VulnerabilityID": "CVE-2024-40635", "VendorIDs": [ "GHSA-265r-hfxg-fhmg" ], "PkgName": "github.com/containerd/containerd", "InstalledVersion": "v1.6.28", "FixedVersion": "1.7.27, 1.6.38", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2024-40635", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Title": "containerd: containerd has an integer overflow in User ID handling", "Description": "containerd is an open-source container runtime. A bug was found in containerd prior to versions 1.6.38, 1.7.27, and 2.0.4 where containers launched with a User set as a `UID:GID` larger than the maximum 32-bit signed integer can cause an overflow condition where the container ultimately runs as root (UID 0). This could cause unexpected behavior for environments that require containers to run as a non-root user. This bug has been fixed in containerd 1.6.38, 1.7.27, and 2.04. As a workaround, ensure that only trusted images are used and that only trusted users have permissions to import images.", "Severity": "MEDIUM", "CweIDs": [ "CWE-190" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "nvd": 3, "photon": 3, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", "V3Score": 4.6 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "V3Score": 7.8 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", "V3Score": 4.6 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2024-40635", "https://github.com/containerd/containerd", "https://github.com/containerd/containerd/commit/05044ec0a9a75232cad458027ca83437aae3f4da", "https://github.com/containerd/containerd/commit/11504c3fc5f45634f2d93d57743a998194430b82 (v1.7.27)", "https://github.com/containerd/containerd/commit/1a43cb6a1035441f9aca8f5666a9b3ef9e70ab20", "https://github.com/containerd/containerd/commit/9639b9625554183d0c4d8d072dccb84fedd2320f (v1.6.38)", "https://github.com/containerd/containerd/commit/cf158e884cfe4812a6c371b59e4ea9bc4c46e51a", "https://github.com/containerd/containerd/security/advisories/GHSA-265r-hfxg-fhmg", "https://lists.debian.org/debian-lts-announce/2025/05/msg00005.html", "https://nvd.nist.gov/vuln/detail/CVE-2024-40635", "https://ubuntu.com/security/notices/USN-7374-1", "https://www.cve.org/CVERecord?id=CVE-2024-40635" ], "PublishedDate": "2025-03-17T22:15:13.15Z", "LastModifiedDate": "2025-10-02T01:51:43.21Z" }, { "VulnerabilityID": "CVE-2025-64329", "VendorIDs": [ "GHSA-m6hq-p25p-ffr2" ], "PkgName": "github.com/containerd/containerd", "InstalledVersion": "v1.6.28", "FixedVersion": "1.7.29", "Status": "fixed", "SeveritySource": "ghsa", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-64329", "DataSource": { "ID": "ghsa", "Name": "GitHub Security Advisory Go", "URL": "https://github.com/advisories?query=type%3Areviewed+ecosystem%3Ago" }, "Title": "github.com/containerd/containerd: containerd: Memory exhaustion via CRI Attach implementation goroutine leaks", "Description": "containerd is an open-source container runtime. Versions 1.7.28 and below, 2.0.0-beta.0 through 2.0.6, 2.1.0-beta.0 through 2.1.4, and 2.2.0-beta.0 through 2.2.0-rc.1 contain a bug in the CRI Attach implementation where a user can exhaust memory on the host due to goroutine leaks. This issue is fixed in versions 1.7.29, 2.0.7, 2.1.5 and 2.2.0. To workaround this vulnerability, users can set up an admission controller to control accesses to pods/attach resources.", "Severity": "MEDIUM", "CweIDs": [ "CWE-401" ], "VendorSeverity": { "amazon": 2, "azure": 2, "cbl-mariner": 2, "ghsa": 2, "nvd": 2, "photon": 2, "redhat": 2, "ubuntu": 2 }, "CVSS": { "ghsa": { "V40Vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", "V40Score": 6.9 }, "nvd": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "V3Score": 5.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "V3Score": 6.5 } }, "References": [ "https://access.redhat.com/security/cve/CVE-2025-64329", "https://github.com/containerd/containerd", "https://github.com/containerd/containerd/commit/083b53cd6f19b5de7717b0ce92c11bdf95e612df", "https://github.com/containerd/containerd/security/advisories/GHSA-m6hq-p25p-ffr2", "https://nvd.nist.gov/vuln/detail/CVE-2025-64329", "https://ubuntu.com/security/notices/USN-7983-1", "https://www.cve.org/CVERecord?id=CVE-2025-64329" ], "PublishedDate": "2025-11-07T05:16:08.017Z", "LastModifiedDate": "2025-12-31T18:34:48.06Z" } ] } ] }, { "Kind": "Cluster", "Name": "k8s.io/kubernetes", "Metadata": [ {} ], "Results": [ { "Target": "Cluster/k8s.io/kubernetes", "Class": "lang-pkgs", "Type": "kubernetes", "Packages": [ { "Name": "k8s.io/kubernetes", "Version": "1.29.15" } ], "Vulnerabilities": [ { "VulnerabilityID": "CVE-2025-1767", "PkgName": "k8s.io/kubernetes", "InstalledVersion": "1.29.15", "Status": "affected", "SeveritySource": "k8s", "PrimaryURL": "https://avd.aquasec.com/nvd/cve-2025-1767", "DataSource": { "ID": "k8s", "Name": "Official Kubernetes CVE Feed", "URL": "https://kubernetes.io/docs/reference/issues-security/official-cve-feed/index.json" }, "Title": "kubelet: GitRepo Volume Inadvertent Local Repository Access", "Description": "This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using this feature remains vulnerable.", "Severity": "MEDIUM", "CweIDs": [ "CWE-20" ], "VendorSeverity": { "ghsa": 2, "k8s": 2, "photon": 2, "redhat": 2 }, "CVSS": { "ghsa": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "V3Score": 6.5 }, "k8s": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "V3Score": 6.5 }, "redhat": { "V3Vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", "V3Score": 6.5 } }, "References": [ "http://www.openwall.com/lists/oss-security/2025/03/13/9", "https://access.redhat.com/security/cve/CVE-2025-1767", "https://github.com/kubernetes/kubernetes", "https://github.com/kubernetes/kubernetes/issues/130786", "https://github.com/kubernetes/kubernetes/pull/130786", "https://groups.google.com/g/kubernetes-security-announce/c/19irihsKg7s", "https://nvd.nist.gov/vuln/detail/CVE-2025-1767", "https://www.cve.org/CVERecord?id=CVE-2025-1767", "https://www.cve.org/cverecord?id=CVE-2025-1767" ], "PublishedDate": "2025-03-13T17:15:36.437Z", "LastModifiedDate": "2026-04-15T00:35:42.02Z" } ] } ] } ] }